From nobody Tue May  1 09:51:49 2018
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30B521273B1; Tue,  1 May 2018 09:51:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7fYq_2ydNOX0; Tue,  1 May 2018 09:51:38 -0700 (PDT)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 862BC12DB6B; Tue,  1 May 2018 09:51:36 -0700 (PDT)
Received: from ashurbanipal.fw5540.net (fw5540.nrl.navy.mil [132.250.196.100]) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id w41GpYGu026400 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Tue, 1 May 2018 12:51:35 -0400
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_AF1DCCAE-3956-4F8B-84AC-4FE6DA232327"
Date: Tue, 1 May 2018 12:51:34 -0400
Message-Id: <8B342EAB-8678-4FC4-B793-3BEA944AC523@nrl.navy.mil>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-teas-actn-framework.all@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/QNNckzI-Bkd-9HNEigpQ5g7nWMQ>
Subject: [secdir] SECDIR Review of draft-ietf-teas-actn-framework-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2018 16:51:42 -0000

--Apple-Mail=_AF1DCCAE-3956-4F8B-84AC-4FE6DA232327
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

I have reviewed this document as part of the security directorate's=20
ongoing effort to review all IETF documents being processed by the=20
IESG.  These comments were written primarily for the benefit of the=20
security area directors.  Document editors and WG chairs should treat=20
these comments just like any other last call comments.

The summary of the review is Ready with Nits.

This draft describes a framework for abstraction and control of traffic =
engineered networks (ACTN).
According to the abstract, a traffic engineered network is a network =
that =20
uses any connection-oriented technology under the control of a =
distributed or
centralized control plane to support dynamic provisioning of end-to-end =
connectivity.
Abstraction in this context is a technique can be applied across a =
single or multiply domains
to create a single virtualized network under the control of a network =
operator or owner.
This is thus a very broad topic, and the ID is informational only. The =
most important part
is probably the description of the ACTN base architecture.  It describes =
three components: the Customer Network Controller (CNC) responsible
for communicating the customer=E2=80=99s requirements to the network =
provider , the=20
Multi-Domain Servicing Coordinator (MDSC), responsible for implementing =
ACTN functions, and the Provisioning Network Controller (PNC),
responsible for configuration and topology management. It also describes =
as the interfaces between them.  The document also gives
a description of some more advanced ACTN architectures,
a description of  several topology abstraction methods, and an example =
of an advanced ACTN application: a multi-destination servers.
 =20

The security considerations section, while it lists some general =
considerations that would
hold for any kind of network, mainly concentrates on the two interfaces =
between the components: the CNC-MDSC (CMI) and the MDSC-PNC (MPI) =
interfaces.
It gives a good overview of the types of security risks that might arise =
with respect to the two interfaces,
and the means for mitigating them.  For the rest, it defers security =
considerations to the specific applications, which
I assume would be handled by other working groups.  I believe that this =
is reasonable for an informational document
that is providing a general framework.=20

A nit:

I couldn=E2=80=99t parse the last sentence of Section 9.3:

=20
   Which MDSC the PNC exports topology information to, and the level of
   detail (full or abstracted) should also be authenticated and
   specific access restrictions and topology views, should be
   configurable and/or policy-based.

I think it may be the commas are misplaced, and what you really want to =
say is this:

=20
   Which MDSC the PNC exports topology information to, and the level of
   detail (full or abstracted), should also be authenticated, and
   specific access restrictions and topology views should be
   configurable and/or policy-based.



Cathy Meadows
=20
Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil =
<mailto:catherine.meadows@nrl.navy.mil>

--Apple-Mail=_AF1DCCAE-3956-4F8B-84AC-4FE6DA232327
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><div class=3D""><div class=3D"">I have reviewed this document =
as part of the security directorate's&nbsp;</div><div class=3D"">ongoing =
effort to review all IETF documents being processed by =
the&nbsp;</div><div class=3D"">IESG. &nbsp;These comments were written =
primarily for the benefit of the&nbsp;</div><div class=3D"">security =
area directors. &nbsp;Document editors and WG chairs should =
treat&nbsp;</div><div class=3D"">these comments just like any other last =
call comments.</div><div class=3D""><br class=3D""></div><div =
class=3D"">The summary of the review is Ready with Nits.</div></div><div =
class=3D""><br class=3D""></div>This draft describes a framework for =
abstraction and control of traffic engineered networks (ACTN).<div =
class=3D"">According to the abstract, a traffic engineered network is a =
network that &nbsp;</div><div class=3D"">uses any connection-oriented =
technology under the control of a distributed or</div><div =
class=3D"">centralized control plane to support dynamic provisioning of =
end-to-end connectivity.</div><div class=3D"">Abstraction in this =
context is a technique can be applied across a single or multiply =
domains</div><div class=3D"">to create a single virtualized network =
under the control of a network operator or owner.</div><div =
class=3D"">This is thus a very broad topic, and the ID is informational =
only. The most important part</div><div class=3D"">is probably the =
description of the ACTN base architecture. &nbsp;It describes three =
components: the Customer Network Controller (CNC) responsible</div><div =
class=3D"">for communicating the customer=E2=80=99s requirements to the =
network provider , the&nbsp;</div><div class=3D"">Multi-Domain Servicing =
Coordinator (MDSC), responsible for implementing ACTN functions, and the =
Provisioning Network Controller (PNC),</div><div class=3D"">responsible =
for configuration and topology management. It also describes as the =
interfaces between them. &nbsp;The document also gives</div><div =
class=3D"">a description of some more advanced ACTN =
architectures,</div><div class=3D"">a description of &nbsp;several =
topology abstraction methods, and an example of an advanced ACTN =
application: a multi-destination servers.</div><div =
class=3D"">&nbsp;&nbsp;</div><div class=3D""><br class=3D""></div><div =
class=3D"">The security considerations section, while it lists some =
general considerations that would</div><div class=3D"">hold for any kind =
of network, mainly concentrates on the two interfaces between the =
components: the CNC-MDSC (CMI) and the MDSC-PNC (MPI) =
interfaces.</div><div class=3D"">It gives a good overview of the types =
of security risks that might arise with respect to the two =
interfaces,</div><div class=3D"">and the means for mitigating them. =
&nbsp;For the rest, it defers security considerations to the specific =
applications, which</div><div class=3D"">I assume would be handled by =
other working groups. &nbsp;I believe that this is reasonable for an =
informational document</div><div class=3D"">that is providing a general =
framework.&nbsp;</div><div class=3D""><br class=3D""></div><div =
class=3D"">A nit:</div><div class=3D""><br class=3D""></div><div =
class=3D"">I couldn=E2=80=99t parse the last sentence of Section =
9.3:</div><div class=3D""><br class=3D""></div><div class=3D"">&nbsp;<div =
class=3D"">&nbsp; &nbsp;Which MDSC the PNC exports topology information =
to, and the level of</div><div class=3D"">&nbsp; &nbsp;detail (full or =
abstracted) should also be authenticated and</div><div class=3D"">&nbsp; =
&nbsp;specific access restrictions and topology views, should =
be</div><div class=3D"">&nbsp; &nbsp;configurable and/or =
policy-based.</div></div><div class=3D""><br class=3D""></div><div =
class=3D"">I think it may be the commas are misplaced, and what you =
really want to say is this:</div><div class=3D""><br class=3D""></div><div=
 class=3D"">&nbsp;<div class=3D"">&nbsp; &nbsp;Which MDSC the PNC =
exports topology information to, and the level of</div><div =
class=3D"">&nbsp; &nbsp;detail (full or abstracted), should also be =
authenticated, and</div><div class=3D"">&nbsp; &nbsp;specific access =
restrictions and topology views should be</div><div class=3D"">&nbsp; =
&nbsp;configurable and/or policy-based.</div></div><div class=3D""><br =
class=3D""></div><div class=3D""><br class=3D""></div><div class=3D""><br =
class=3D""></div><div class=3D"">Cathy Meadows</div><div =
class=3D"">&nbsp;<br class=3D""><div class=3D"">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; =
font-size: 12px; font-variant-ligatures: normal; font-variant-position: =
normal; font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; border-spacing: =
0px;"><div class=3D"">Catherine Meadows<br class=3D"">Naval Research =
Laboratory<br class=3D"">Code 5543<br class=3D"">4555 Overlook Ave., =
S.W.<br class=3D"">Washington DC, 20375<br class=3D"">phone: =
202-767-3490<br class=3D"">fax: 202-404-7942<br class=3D"">email:&nbsp;<a =
href=3D"mailto:catherine.meadows@nrl.navy.mil" =
class=3D"">catherine.meadows@nrl.navy.mil</a></div></span>

</div>
<br class=3D""></div></body></html>=

--Apple-Mail=_AF1DCCAE-3956-4F8B-84AC-4FE6DA232327--


From nobody Tue May  1 11:37:52 2018
Return-Path: <leeyoung@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE27E12E9D9; Tue,  1 May 2018 11:37:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.198
X-Spam-Level: 
X-Spam-Status: No, score=-3.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BacXraMRfzze; Tue,  1 May 2018 11:37:42 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DF92126B6D; Tue,  1 May 2018 11:37:42 -0700 (PDT)
Received: from lhreml701-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 2906ABE956D16; Tue,  1 May 2018 19:37:38 +0100 (IST)
Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml701-cah.china.huawei.com (10.201.108.42) with Microsoft SMTP Server (TLS) id 14.3.382.0; Tue, 1 May 2018 19:37:39 +0100
Received: from SJCEML521-MBX.china.huawei.com ([169.254.1.34]) by SJCEML703-CHM.china.huawei.com ([169.254.5.239]) with mapi id 14.03.0382.000;  Tue, 1 May 2018 11:37:35 -0700
From: Leeyoung <leeyoung@huawei.com>
To: Catherine Meadows <catherine.meadows@nrl.navy.mil>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-teas-actn-framework.all@ietf.org" <draft-ietf-teas-actn-framework.all@ietf.org>
Thread-Topic: SECDIR Review of draft-ietf-teas-actn-framework-13
Thread-Index: AQHT4Wy2Hsu3pCw+EEKp0Sy+v2VlCqQbMv9w
Date: Tue, 1 May 2018 18:37:34 +0000
Message-ID: <7AEB3D6833318045B4AE71C2C87E8E173CFE4EA5@sjceml521-mbx.china.huawei.com>
References: <8B342EAB-8678-4FC4-B793-3BEA944AC523@nrl.navy.mil>
In-Reply-To: <8B342EAB-8678-4FC4-B793-3BEA944AC523@nrl.navy.mil>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.192.11.77]
Content-Type: multipart/alternative; boundary="_000_7AEB3D6833318045B4AE71C2C87E8E173CFE4EA5sjceml521mbxchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/aElrzFZabaQxW-uU7fZLUe7qSMM>
Subject: Re: [secdir] SECDIR Review of draft-ietf-teas-actn-framework-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2018 18:37:46 -0000

--_000_7AEB3D6833318045B4AE71C2C87E8E173CFE4EA5sjceml521mbxchi_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgQ2F0aHksDQoNClRoYW5rcyBmb3IgcHJvdmlkaW5nIHlvdXIgcmV2aWV3IG9mIHRoaXMgZHJh
ZnQuDQoNCldlIGFncmVlIHdpdGggYWxsIHlvdXIgY29tbWVudHMuIFRoZSBOaXRzIHdpbGwgYmUg
Zml4ZWQgaW4gdGhlIHJldmlzaW9uLg0KDQpCZXN0IHJlZ2FyZHMsDQpZb3VuZyAmIERhbmllbGUN
Cg0KRnJvbTogQ2F0aGVyaW5lIE1lYWRvd3MgW21haWx0bzpjYXRoZXJpbmUubWVhZG93c0Bucmwu
bmF2eS5taWxdDQpTZW50OiBUdWVzZGF5LCBNYXkgMDEsIDIwMTggMTE6NTIgQU0NClRvOiBzZWNk
aXJAaWV0Zi5vcmc7IGllc2dAaWV0Zi5vcmc7IGRyYWZ0LWlldGYtdGVhcy1hY3RuLWZyYW1ld29y
ay5hbGxAaWV0Zi5vcmcNCkNjOiBDYXRoZXJpbmUgTWVhZG93cyA8Y2F0aGVyaW5lLm1lYWRvd3NA
bnJsLm5hdnkubWlsPg0KU3ViamVjdDogU0VDRElSIFJldmlldyBvZiBkcmFmdC1pZXRmLXRlYXMt
YWN0bi1mcmFtZXdvcmstMTMNCg0KSSBoYXZlIHJldmlld2VkIHRoaXMgZG9jdW1lbnQgYXMgcGFy
dCBvZiB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUncw0Kb25nb2luZyBlZmZvcnQgdG8gcmV2aWV3
IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlDQpJRVNHLiAgVGhlc2Ug
Y29tbWVudHMgd2VyZSB3cml0dGVuIHByaW1hcmlseSBmb3IgdGhlIGJlbmVmaXQgb2YgdGhlDQpz
ZWN1cml0eSBhcmVhIGRpcmVjdG9ycy4gIERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNoYWlycyBz
aG91bGQgdHJlYXQNCnRoZXNlIGNvbW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxs
IGNvbW1lbnRzLg0KDQpUaGUgc3VtbWFyeSBvZiB0aGUgcmV2aWV3IGlzIFJlYWR5IHdpdGggTml0
cy4NCg0KVGhpcyBkcmFmdCBkZXNjcmliZXMgYSBmcmFtZXdvcmsgZm9yIGFic3RyYWN0aW9uIGFu
ZCBjb250cm9sIG9mIHRyYWZmaWMgZW5naW5lZXJlZCBuZXR3b3JrcyAoQUNUTikuDQpBY2NvcmRp
bmcgdG8gdGhlIGFic3RyYWN0LCBhIHRyYWZmaWMgZW5naW5lZXJlZCBuZXR3b3JrIGlzIGEgbmV0
d29yayB0aGF0DQp1c2VzIGFueSBjb25uZWN0aW9uLW9yaWVudGVkIHRlY2hub2xvZ3kgdW5kZXIg
dGhlIGNvbnRyb2wgb2YgYSBkaXN0cmlidXRlZCBvcg0KY2VudHJhbGl6ZWQgY29udHJvbCBwbGFu
ZSB0byBzdXBwb3J0IGR5bmFtaWMgcHJvdmlzaW9uaW5nIG9mIGVuZC10by1lbmQgY29ubmVjdGl2
aXR5Lg0KQWJzdHJhY3Rpb24gaW4gdGhpcyBjb250ZXh0IGlzIGEgdGVjaG5pcXVlIGNhbiBiZSBh
cHBsaWVkIGFjcm9zcyBhIHNpbmdsZSBvciBtdWx0aXBseSBkb21haW5zDQp0byBjcmVhdGUgYSBz
aW5nbGUgdmlydHVhbGl6ZWQgbmV0d29yayB1bmRlciB0aGUgY29udHJvbCBvZiBhIG5ldHdvcmsg
b3BlcmF0b3Igb3Igb3duZXIuDQpUaGlzIGlzIHRodXMgYSB2ZXJ5IGJyb2FkIHRvcGljLCBhbmQg
dGhlIElEIGlzIGluZm9ybWF0aW9uYWwgb25seS4gVGhlIG1vc3QgaW1wb3J0YW50IHBhcnQNCmlz
IHByb2JhYmx5IHRoZSBkZXNjcmlwdGlvbiBvZiB0aGUgQUNUTiBiYXNlIGFyY2hpdGVjdHVyZS4g
IEl0IGRlc2NyaWJlcyB0aHJlZSBjb21wb25lbnRzOiB0aGUgQ3VzdG9tZXIgTmV0d29yayBDb250
cm9sbGVyIChDTkMpIHJlc3BvbnNpYmxlDQpmb3IgY29tbXVuaWNhdGluZyB0aGUgY3VzdG9tZXLi
gJlzIHJlcXVpcmVtZW50cyB0byB0aGUgbmV0d29yayBwcm92aWRlciAsIHRoZQ0KTXVsdGktRG9t
YWluIFNlcnZpY2luZyBDb29yZGluYXRvciAoTURTQyksIHJlc3BvbnNpYmxlIGZvciBpbXBsZW1l
bnRpbmcgQUNUTiBmdW5jdGlvbnMsIGFuZCB0aGUgUHJvdmlzaW9uaW5nIE5ldHdvcmsgQ29udHJv
bGxlciAoUE5DKSwNCnJlc3BvbnNpYmxlIGZvciBjb25maWd1cmF0aW9uIGFuZCB0b3BvbG9neSBt
YW5hZ2VtZW50LiBJdCBhbHNvIGRlc2NyaWJlcyBhcyB0aGUgaW50ZXJmYWNlcyBiZXR3ZWVuIHRo
ZW0uICBUaGUgZG9jdW1lbnQgYWxzbyBnaXZlcw0KYSBkZXNjcmlwdGlvbiBvZiBzb21lIG1vcmUg
YWR2YW5jZWQgQUNUTiBhcmNoaXRlY3R1cmVzLA0KYSBkZXNjcmlwdGlvbiBvZiAgc2V2ZXJhbCB0
b3BvbG9neSBhYnN0cmFjdGlvbiBtZXRob2RzLCBhbmQgYW4gZXhhbXBsZSBvZiBhbiBhZHZhbmNl
ZCBBQ1ROIGFwcGxpY2F0aW9uOiBhIG11bHRpLWRlc3RpbmF0aW9uIHNlcnZlcnMuDQoNCg0KVGhl
IHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHNlY3Rpb24sIHdoaWxlIGl0IGxpc3RzIHNvbWUgZ2Vu
ZXJhbCBjb25zaWRlcmF0aW9ucyB0aGF0IHdvdWxkDQpob2xkIGZvciBhbnkga2luZCBvZiBuZXR3
b3JrLCBtYWlubHkgY29uY2VudHJhdGVzIG9uIHRoZSB0d28gaW50ZXJmYWNlcyBiZXR3ZWVuIHRo
ZSBjb21wb25lbnRzOiB0aGUgQ05DLU1EU0MgKENNSSkgYW5kIHRoZSBNRFNDLVBOQyAoTVBJKSBp
bnRlcmZhY2VzLg0KSXQgZ2l2ZXMgYSBnb29kIG92ZXJ2aWV3IG9mIHRoZSB0eXBlcyBvZiBzZWN1
cml0eSByaXNrcyB0aGF0IG1pZ2h0IGFyaXNlIHdpdGggcmVzcGVjdCB0byB0aGUgdHdvIGludGVy
ZmFjZXMsDQphbmQgdGhlIG1lYW5zIGZvciBtaXRpZ2F0aW5nIHRoZW0uICBGb3IgdGhlIHJlc3Qs
IGl0IGRlZmVycyBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyB0byB0aGUgc3BlY2lmaWMgYXBwbGlj
YXRpb25zLCB3aGljaA0KSSBhc3N1bWUgd291bGQgYmUgaGFuZGxlZCBieSBvdGhlciB3b3JraW5n
IGdyb3Vwcy4gIEkgYmVsaWV2ZSB0aGF0IHRoaXMgaXMgcmVhc29uYWJsZSBmb3IgYW4gaW5mb3Jt
YXRpb25hbCBkb2N1bWVudA0KdGhhdCBpcyBwcm92aWRpbmcgYSBnZW5lcmFsIGZyYW1ld29yay4N
Cg0KQSBuaXQ6DQoNCkkgY291bGRu4oCZdCBwYXJzZSB0aGUgbGFzdCBzZW50ZW5jZSBvZiBTZWN0
aW9uIDkuMzoNCg0KDQogICBXaGljaCBNRFNDIHRoZSBQTkMgZXhwb3J0cyB0b3BvbG9neSBpbmZv
cm1hdGlvbiB0bywgYW5kIHRoZSBsZXZlbCBvZg0KICAgZGV0YWlsIChmdWxsIG9yIGFic3RyYWN0
ZWQpIHNob3VsZCBhbHNvIGJlIGF1dGhlbnRpY2F0ZWQgYW5kDQogICBzcGVjaWZpYyBhY2Nlc3Mg
cmVzdHJpY3Rpb25zIGFuZCB0b3BvbG9neSB2aWV3cywgc2hvdWxkIGJlDQogICBjb25maWd1cmFi
bGUgYW5kL29yIHBvbGljeS1iYXNlZC4NCg0KSSB0aGluayBpdCBtYXkgYmUgdGhlIGNvbW1hcyBh
cmUgbWlzcGxhY2VkLCBhbmQgd2hhdCB5b3UgcmVhbGx5IHdhbnQgdG8gc2F5IGlzIHRoaXM6DQoN
Cg0KICAgV2hpY2ggTURTQyB0aGUgUE5DIGV4cG9ydHMgdG9wb2xvZ3kgaW5mb3JtYXRpb24gdG8s
IGFuZCB0aGUgbGV2ZWwgb2YNCiAgIGRldGFpbCAoZnVsbCBvciBhYnN0cmFjdGVkKSwgc2hvdWxk
IGFsc28gYmUgYXV0aGVudGljYXRlZCwgYW5kDQogICBzcGVjaWZpYyBhY2Nlc3MgcmVzdHJpY3Rp
b25zIGFuZCB0b3BvbG9neSB2aWV3cyBzaG91bGQgYmUNCiAgIGNvbmZpZ3VyYWJsZSBhbmQvb3Ig
cG9saWN5LWJhc2VkLg0KDQoNCg0KQ2F0aHkgTWVhZG93cw0KDQpDYXRoZXJpbmUgTWVhZG93cw0K
TmF2YWwgUmVzZWFyY2ggTGFib3JhdG9yeQ0KQ29kZSA1NTQzDQo0NTU1IE92ZXJsb29rIEF2ZS4s
IFMuVy4NCldhc2hpbmd0b24gREMsIDIwMzc1DQpwaG9uZTogMjAyLTc2Ny0zNDkwDQpmYXg6IDIw
Mi00MDQtNzk0Mg0KZW1haWw6IGNhdGhlcmluZS5tZWFkb3dzQG5ybC5uYXZ5Lm1pbDxtYWlsdG86
Y2F0aGVyaW5lLm1lYWRvd3NAbnJsLm5hdnkubWlsPg0KDQo=

--_000_7AEB3D6833318045B4AE71C2C87E8E173CFE4EA5sjceml521mbxchi_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m
YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy
IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws
IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ
Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjt9
DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglj
b2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu
Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpw
dXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFuLmFwcGxlLXN0eWxlLXNw
YW4NCgl7bXNvLXN0eWxlLW5hbWU6YXBwbGUtc3R5bGUtc3Bhbjt9DQpzcGFuLkVtYWlsU3R5bGUx
OA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJy
aSIsc2Fucy1zZXJpZjsNCgljb2xvcjojMUY0OTdEO30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1z
dHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNl
Y3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAx
LjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5
bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0
IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDld
Pjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRp
dCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVh
ZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYg
Y2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i
Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy
aWY7Y29sb3I6IzFGNDk3RCI+SGkgQ2F0aHksPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6
JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7
PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250
LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtj
b2xvcjojMUY0OTdEIj5UaGFua3MgZm9yIHByb3ZpZGluZyB5b3VyIHJldmlldyBvZiB0aGlzIGRy
YWZ0Lg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g
c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oyxz
YW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt
aWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5XZSBhZ3Jl
ZSB3aXRoIGFsbCB5b3VyIGNvbW1lbnRzLiBUaGUgTml0cyB3aWxsIGJlIGZpeGVkIGluIHRoZSBy
ZXZpc2lvbi4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz
cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv
dDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250
LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+QmVz
dCByZWdhcmRzLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz
cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv
dDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5Zb3VuZyAmYW1wOyBEYW5pZWxlPG86cD48L286
cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9y
OiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxl
PSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBw
dCAwaW4gMGluIDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYi
PkZyb206PC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls
eTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPiBDYXRoZXJpbmUgTWVhZG93cyBbbWFp
bHRvOmNhdGhlcmluZS5tZWFkb3dzQG5ybC5uYXZ5Lm1pbF0NCjxicj4NCjxiPlNlbnQ6PC9iPiBU
dWVzZGF5LCBNYXkgMDEsIDIwMTggMTE6NTIgQU08YnI+DQo8Yj5Ubzo8L2I+IHNlY2RpckBpZXRm
Lm9yZzsgaWVzZ0BpZXRmLm9yZzsgZHJhZnQtaWV0Zi10ZWFzLWFjdG4tZnJhbWV3b3JrLmFsbEBp
ZXRmLm9yZzxicj4NCjxiPkNjOjwvYj4gQ2F0aGVyaW5lIE1lYWRvd3MgJmx0O2NhdGhlcmluZS5t
ZWFkb3dzQG5ybC5uYXZ5Lm1pbCZndDs8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gU0VDRElSIFJldmll
dyBvZiBkcmFmdC1pZXRmLXRlYXMtYWN0bi1mcmFtZXdvcmstMTM8bzpwPjwvbzpwPjwvc3Bhbj48
L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286
cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgaGF2ZSByZXZpZXdl
ZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3MmbmJz
cDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPm9u
Z29pbmcgZWZmb3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2Vk
IGJ5IHRoZSZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+SUVTRy4gJm5ic3A7VGhlc2UgY29tbWVudHMgd2VyZSB3cml0dGVuIHByaW1hcmls
eSBmb3IgdGhlIGJlbmVmaXQgb2YgdGhlJm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk
aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5zZWN1cml0eSBhcmVhIGRpcmVjdG9ycy4gJm5ic3A7
RG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCZuYnNwOzxvOnA+PC9v
OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+dGhlc2UgY29tbWVu
dHMganVzdCBsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwgY29tbWVudHMuPG86cD48L286cD48L3A+
DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv
cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoZSBzdW1tYXJ5IG9mIHRo
ZSByZXZpZXcgaXMgUmVhZHkgd2l0aCBOaXRzLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rp
dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwv
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhpcyBkcmFmdCBkZXNjcmliZXMgYSBmcmFtZXdv
cmsgZm9yIGFic3RyYWN0aW9uIGFuZCBjb250cm9sIG9mIHRyYWZmaWMgZW5naW5lZXJlZCBuZXR3
b3JrcyAoQUNUTikuPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
QWNjb3JkaW5nIHRvIHRoZSBhYnN0cmFjdCwgYSB0cmFmZmljIGVuZ2luZWVyZWQgbmV0d29yayBp
cyBhIG5ldHdvcmsgdGhhdCAmbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPnVzZXMgYW55IGNvbm5lY3Rpb24tb3JpZW50ZWQgdGVjaG5vbG9n
eSB1bmRlciB0aGUgY29udHJvbCBvZiBhIGRpc3RyaWJ1dGVkIG9yPG86cD48L286cD48L3A+DQo8
L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5jZW50cmFsaXplZCBjb250cm9sIHBs
YW5lIHRvIHN1cHBvcnQgZHluYW1pYyBwcm92aXNpb25pbmcgb2YgZW5kLXRvLWVuZCBjb25uZWN0
aXZpdHkuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij5BYnN0cmFjdGlvbiBpbiB0aGlzIGNvbnRleHQgaXMgYSB0ZWNobmlxdWUgY2FuIGJlIGFwcGxp
ZWQgYWNyb3NzIGEgc2luZ2xlIG9yIG11bHRpcGx5IGRvbWFpbnM8bzpwPjwvbzpwPjwvcD4NCjwv
ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPnRvIGNyZWF0ZSBhIHNpbmdsZSB2aXJ0
dWFsaXplZCBuZXR3b3JrIHVuZGVyIHRoZSBjb250cm9sIG9mIGEgbmV0d29yayBvcGVyYXRvciBv
ciBvd25lci48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPlRoaXMgaXMgdGh1cyBhIHZlcnkgYnJvYWQgdG9waWMsIGFuZCB0aGUgSUQgaXMgaW5mb3Jt
YXRpb25hbCBvbmx5LiBUaGUgbW9zdCBpbXBvcnRhbnQgcGFydDxvOnA+PC9vOnA+PC9wPg0KPC9k
aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+aXMgcHJvYmFibHkgdGhlIGRlc2NyaXB0
aW9uIG9mIHRoZSBBQ1ROIGJhc2UgYXJjaGl0ZWN0dXJlLiAmbmJzcDtJdCBkZXNjcmliZXMgdGhy
ZWUgY29tcG9uZW50czogdGhlIEN1c3RvbWVyIE5ldHdvcmsgQ29udHJvbGxlciAoQ05DKSByZXNw
b25zaWJsZTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+Zm9yIGNvbW11bmljYXRpbmcgdGhlIGN1c3RvbWVy4oCZcyByZXF1aXJlbWVudHMgdG8gdGhl
IG5ldHdvcmsgcHJvdmlkZXIgLCB0aGUmbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp
dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk11bHRpLURvbWFpbiBTZXJ2aWNpbmcgQ29vcmRpbmF0
b3IgKE1EU0MpLCByZXNwb25zaWJsZSBmb3IgaW1wbGVtZW50aW5nIEFDVE4gZnVuY3Rpb25zLCBh
bmQgdGhlIFByb3Zpc2lvbmluZyBOZXR3b3JrIENvbnRyb2xsZXIgKFBOQyksPG86cD48L286cD48
L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5yZXNwb25zaWJsZSBmb3Ig
Y29uZmlndXJhdGlvbiBhbmQgdG9wb2xvZ3kgbWFuYWdlbWVudC4gSXQgYWxzbyBkZXNjcmliZXMg
YXMgdGhlIGludGVyZmFjZXMgYmV0d2VlbiB0aGVtLiAmbmJzcDtUaGUgZG9jdW1lbnQgYWxzbyBn
aXZlczxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
YSBkZXNjcmlwdGlvbiBvZiBzb21lIG1vcmUgYWR2YW5jZWQgQUNUTiBhcmNoaXRlY3R1cmVzLDxv
OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+YSBkZXNj
cmlwdGlvbiBvZiAmbmJzcDtzZXZlcmFsIHRvcG9sb2d5IGFic3RyYWN0aW9uIG1ldGhvZHMsIGFu
ZCBhbiBleGFtcGxlIG9mIGFuIGFkdmFuY2VkIEFDVE4gYXBwbGljYXRpb246IGEgbXVsdGktZGVz
dGluYXRpb24gc2VydmVycy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2VjdGlv
biwgd2hpbGUgaXQgbGlzdHMgc29tZSBnZW5lcmFsIGNvbnNpZGVyYXRpb25zIHRoYXQgd291bGQ8
bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPmhvbGQg
Zm9yIGFueSBraW5kIG9mIG5ldHdvcmssIG1haW5seSBjb25jZW50cmF0ZXMgb24gdGhlIHR3byBp
bnRlcmZhY2VzIGJldHdlZW4gdGhlIGNvbXBvbmVudHM6IHRoZSBDTkMtTURTQyAoQ01JKSBhbmQg
dGhlIE1EU0MtUE5DIChNUEkpIGludGVyZmFjZXMuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk
aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JdCBnaXZlcyBhIGdvb2Qgb3ZlcnZpZXcgb2YgdGhl
IHR5cGVzIG9mIHNlY3VyaXR5IHJpc2tzIHRoYXQgbWlnaHQgYXJpc2Ugd2l0aCByZXNwZWN0IHRv
IHRoZSB0d28gaW50ZXJmYWNlcyw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPmFuZCB0aGUgbWVhbnMgZm9yIG1pdGlnYXRpbmcgdGhlbS4gJm5ic3A7
Rm9yIHRoZSByZXN0LCBpdCBkZWZlcnMgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgdG8gdGhlIHNw
ZWNpZmljIGFwcGxpY2F0aW9ucywgd2hpY2g8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgYXNzdW1lIHdvdWxkIGJlIGhhbmRsZWQgYnkgb3RoZXIg
d29ya2luZyBncm91cHMuICZuYnNwO0kgYmVsaWV2ZSB0aGF0IHRoaXMgaXMgcmVhc29uYWJsZSBm
b3IgYW4gaW5mb3JtYXRpb25hbCBkb2N1bWVudDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+dGhhdCBpcyBwcm92aWRpbmcgYSBnZW5lcmFsIGZyYW1l
d29yay4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+QSBuaXQ6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPkkgY291bGRu4oCZdCBwYXJzZSB0aGUgbGFzdCBzZW50ZW5jZSBvZiBTZWN0
aW9uIDkuMzo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
Jm5ic3A7ICZuYnNwO1doaWNoIE1EU0MgdGhlIFBOQyBleHBvcnRzIHRvcG9sb2d5IGluZm9ybWF0
aW9uIHRvLCBhbmQgdGhlIGxldmVsIG9mPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsgJm5ic3A7ZGV0YWlsIChmdWxsIG9yIGFic3RyYWN0
ZWQpIHNob3VsZCBhbHNvIGJlIGF1dGhlbnRpY2F0ZWQgYW5kPG86cD48L286cD48L3A+DQo8L2Rp
dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsgJm5ic3A7c3BlY2lmaWMgYWNj
ZXNzIHJlc3RyaWN0aW9ucyBhbmQgdG9wb2xvZ3kgdmlld3MsIHNob3VsZCBiZTxvOnA+PC9vOnA+
PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO2Nv
bmZpZ3VyYWJsZSBhbmQvb3IgcG9saWN5LWJhc2VkLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8
L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N
CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgdGhpbmsgaXQgbWF5IGJlIHRo
ZSBjb21tYXMgYXJlIG1pc3BsYWNlZCwgYW5kIHdoYXQgeW91IHJlYWxseSB3YW50IHRvIHNheSBp
cyB0aGlzOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4m
bmJzcDsgJm5ic3A7V2hpY2ggTURTQyB0aGUgUE5DIGV4cG9ydHMgdG9wb2xvZ3kgaW5mb3JtYXRp
b24gdG8sIGFuZCB0aGUgbGV2ZWwgb2Y8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyAmbmJzcDtkZXRhaWwgKGZ1bGwgb3IgYWJzdHJhY3Rl
ZCksIHNob3VsZCBhbHNvIGJlIGF1dGhlbnRpY2F0ZWQsIGFuZDxvOnA+PC9vOnA+PC9wPg0KPC9k
aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO3NwZWNpZmljIGFj
Y2VzcyByZXN0cmljdGlvbnMgYW5kIHRvcG9sb2d5IHZpZXdzIHNob3VsZCBiZTxvOnA+PC9vOnA+
PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO2Nv
bmZpZ3VyYWJsZSBhbmQvb3IgcG9saWN5LWJhc2VkLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8
L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N
CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9w
Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48
L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5DYXRoeSBNZWFkb3dzPG86
cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8
bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g
c3R5bGU9ImZvbnQtc2l6ZTo5LjBwdCI+Q2F0aGVyaW5lIE1lYWRvd3M8YnI+DQpOYXZhbCBSZXNl
YXJjaCBMYWJvcmF0b3J5PGJyPg0KQ29kZSA1NTQzPGJyPg0KNDU1NSBPdmVybG9vayBBdmUuLCBT
LlcuPGJyPg0KV2FzaGluZ3RvbiBEQywgMjAzNzU8YnI+DQpwaG9uZTogMjAyLTc2Ny0zNDkwPGJy
Pg0KZmF4OiAyMDItNDA0LTc5NDI8YnI+DQplbWFpbDombmJzcDs8YSBocmVmPSJtYWlsdG86Y2F0
aGVyaW5lLm1lYWRvd3NAbnJsLm5hdnkubWlsIj5jYXRoZXJpbmUubWVhZG93c0BucmwubmF2eS5t
aWw8L2E+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4N
CjwvaHRtbD4NCg==

--_000_7AEB3D6833318045B4AE71C2C87E8E173CFE4EA5sjceml521mbxchi_--


From nobody Tue May  1 16:00:39 2018
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 133EF127137; Tue,  1 May 2018 16:00:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.008
X-Spam-Level: 
X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FOM3lV3bMMXU; Tue,  1 May 2018 16:00:20 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on070b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe48::70b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2383127201; Tue,  1 May 2018 16:00:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=z+MFboR+3m5hZcgSbc4r56Q87bkZmXZMo1e0bCvuQmQ=; b=iLBZ4uYU9N+BEgQ2vfndusFTh8Ejb1uL48wO7qxv+vctJ2GMwULJRTiT00zXN9Yhrv2mtX3EtMcx5Km+3kxC/a7bjvXDHf0H6Abf4Rd465Ngs/zega0vfx6H+IC1VQH3Y281YbovfxNu7KRyJguC/uNFiAStob557B05oynlKVM=
Received: from DM5PR00MB0293.namprd00.prod.outlook.com (2603:10b6:4:9e::34) by DM5PR00MB0326.namprd00.prod.outlook.com (2603:10b6:4:9f::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.766.0; Tue, 1 May 2018 23:00:16 +0000
Received: from DM5PR00MB0293.namprd00.prod.outlook.com ([fe80::143d:17c6:2a98:bbf2]) by DM5PR00MB0293.namprd00.prod.outlook.com ([fe80::143d:17c6:2a98:bbf2%3]) with mapi id 15.20.0771.000; Tue, 1 May 2018 23:00:16 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Russ Housley <housley@vigilsec.com>
CC: Phil Hunt <phil.hunt@oracle.com>, "draft-ietf-secevent-token.all@ietf.org" <draft-ietf-secevent-token.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>,  ID Events Mailing List <id-event@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: [Id-event] Secdir last call review of draft-ietf-secevent-token-09
Thread-Index: AQHT2NHtvc95Fiwi1UCrOyZVUllp6qQQeq+AgAfjstCAAy+xgA==
Date: Tue, 1 May 2018 23:00:16 +0000
Message-ID: <DM5PR00MB029324695FEA6EF07878D6E4F5810@DM5PR00MB0293.namprd00.prod.outlook.com>
References: <152424742315.3484.7625515486296411114@ietfa.amsl.com> <2F2D2F99-8116-40EE-8245-D7C5F8793BC0@oracle.com> <MW2PR00MB03008E6BC62F553A785D9D5DF5830@MW2PR00MB0300.namprd00.prod.outlook.com>
In-Reply-To: <MW2PR00MB03008E6BC62F553A785D9D5DF5830@MW2PR00MB0300.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-05-01T23:00:11.9121632Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:e::36]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR00MB0326; 7:YsKObRodgxwN04FZDCXtsd1MwYeNTSXSBPbtTQ+VlVr7Fl6LjjEBTevyLMlkJXKqAZCHTh4b+CtMdmL8IBZ/QAiTaNMVXyenH1EMZIpg2FFxDMzkz0DKNdvBCM2DajRRJq9G8FS9cRim1HZq/lexR0aEsbJiyY6Z25SUiZGjSNcZwwQGbMpcvFTwBc/eQ1iMkP5/xMJhyJaaglO6q6Cac4+83AeZzSJwRA/L/syEtcB0E2uoJN+1NR8KOPwxpACB; 20:LrOky16nnxuoh2kFXXAHbjEA7RfkYMClJiMZPyZhzQLg8sifDX9AeadNlZ8ZP+V0Vy97kRUYS+gAG+icGJpvSGRbdYYk+hWlZZwMGhmfUdvCjne51WXbYXPPs8KU3YtZQqD0sMdrggMTtsUCmipmJkLqSEdR4cP7q1zqCt3Gi0Q=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:DM5PR00MB0326; 
x-ms-traffictypediagnostic: DM5PR00MB0326:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com; 
x-microsoft-antispam-prvs: <DM5PR00MB0326F03776B7A1ED4257E627F5810@DM5PR00MB0326.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(10436049006162)(89211679590171)(192374486261705)(21748063052155)(146099531331640);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(10201501046)(3002001)(93006095)(93001095)(3231254)(2018427008)(944501410)(52105095)(6055026)(6041310)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM5PR00MB0326; BCL:0; PCL:0; RULEID:; SRVR:DM5PR00MB0326; 
x-forefront-prvs: 06592CCE58
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(39380400002)(376002)(346002)(396003)(366004)(377424004)(189003)(199004)(8990500004)(46003)(53546011)(22452003)(106356001)(25786009)(9326002)(105586002)(52396003)(236005)(10090500001)(8676002)(53936002)(76176011)(10290500003)(316002)(14454004)(8936002)(7696005)(81156014)(59450400001)(81166006)(6116002)(4326008)(54906003)(5660300001)(790700001)(6506007)(606006)(33656002)(6436002)(186003)(486006)(74316002)(3660700001)(229853002)(5890100001)(1680700002)(575784001)(19609705001)(5250100002)(97736004)(6306002)(53386004)(86362001)(476003)(68736007)(11346002)(478600001)(2900100001)(446003)(72206003)(54896002)(6916009)(6246003)(7736002)(86612001)(3280700002)(102836004)(9686003)(99286004)(55016002)(2906002)(966005); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR00MB0326; H:DM5PR00MB0293.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; 
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: u6wf2xq5W0veQQVDrL+wHdeUrDisego5yRsd3EozdviDzRnRjHFTe5nDiZ7qOGgO/auE9rdA01njLHma4yEDnrsg9jkKGdo7M33w86uP4F9H9i2bnW0XzAfleG2dP58oNTkXSn0/z81mLpKBV7fShwVd2rgBkLMlVZzW6JZi1Kggr14faRxaPFQ0/OyyLlrb
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR00MB029324695FEA6EF07878D6E4F5810DM5PR00MB0293namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 4bc72181-29f1-48fa-defd-08d5afb74e3a
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4bc72181-29f1-48fa-defd-08d5afb74e3a
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 May 2018 23:00:16.7348 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR00MB0326
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/bp-DESwf3tlISxFwAbSPbuc1P0g>
Subject: Re: [secdir] [Id-event] Secdir last call review of draft-ietf-secevent-token-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2018 23:00:25 -0000

--_000_DM5PR00MB029324695FEA6EF07878D6E4F5810DM5PR00MB0293namp_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgUnVzcywNCg0KTm90IGhhdmluZyBoZWFyZCBiYWNrIGZyb20geW91IGZvciBhIHdlZWssIHRo
ZSBlZGl0b3JzIGRlY2lkZWQgdG8gcHVibGlzaCBhbiB1cGRhdGVkIGRyYWZ0IGh0dHBzOi8vdG9v
bHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLXNlY2V2ZW50LXRva2VuLTEwIHRoYXQgYWRkcmVz
c2VzIHlvdXIgYWRkaXRpb25hbCBTZWNEaXIgcmV2aWV3IGNvbW1lbnRzIGluIHRoZSBtYW5uZXIg
cHJvcG9zZWQgbGFzdCB3ZWVrLiAgSW4gcGFydGljdWxhciwgdGhlIHJldmlzZWQgdGV4dCBtYWtl
cyBpdCBjbGVhcmVyIHdoYXQgcmVxdWlyZW1lbnRzIHRoaXMgc3BlY2lmaWNhdGlvbiBpcyBpbXBv
c2luZyBvbiBwcm9maWxpbmcgc3BlY2lmaWNhdGlvbnMuICBJIGhvcGUgdGhlIG5ldyB0ZXh0IHdv
cmtzIGZvciB5b3UuDQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICBCZXN0IHdpc2hlcywNCiAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtLSBNaWtlDQoNCkZy
b206IE1pa2UgSm9uZXMNClNlbnQ6IFN1bmRheSwgQXByaWwgMjksIDIwMTggMzoyMCBQTQ0KVG86
IFJ1c3MgSG91c2xleSA8aG91c2xleUB2aWdpbHNlYy5jb20+DQpDYzogUGhpbCBIdW50IDxwaGls
Lmh1bnRAb3JhY2xlLmNvbT47IGRyYWZ0LWlldGYtc2VjZXZlbnQtdG9rZW4uYWxsQGlldGYub3Jn
OyBpZXRmQGlldGYub3JnOyBJRCBFdmVudHMgTWFpbGluZyBMaXN0IDxpZC1ldmVudEBpZXRmLm9y
Zz47IHNlY2RpckBpZXRmLm9yZw0KU3ViamVjdDogUkU6IFtJZC1ldmVudF0gU2VjZGlyIGxhc3Qg
Y2FsbCByZXZpZXcgb2YgZHJhZnQtaWV0Zi1zZWNldmVudC10b2tlbi0wOQ0KDQpIaSBSdXNzLA0K
DQpJIHdhbnRlZCB0byBjaGVjayBiYWNrIGluLiAgQXJlIHlvdSBnb29kIHdpdGggdGhlc2UgY2hh
bmdlcyB0byBhZGRyZXNzIHlvdXIgY29tbWVudCBvciBkbyB3YW50IHRvIHN1Z2dlc3QgdGhhdCB3
ZSB0YWtlIGEgZGlmZmVyZW50IGRpcmVjdGlvbj8NCg0KICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFRoYW5rcywNCiAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtLSBNaWtlDQoNCkZyb206IElk
LWV2ZW50IDxpZC1ldmVudC1ib3VuY2VzQGlldGYub3JnPG1haWx0bzppZC1ldmVudC1ib3VuY2Vz
QGlldGYub3JnPj4gT24gQmVoYWxmIE9mIFBoaWwgSHVudA0KU2VudDogVHVlc2RheSwgQXByaWwg
MjQsIDIwMTggMjo1MCBQTQ0KVG86IFJ1c3MgSG91c2xleSA8aG91c2xleUB2aWdpbHNlYy5jb208
bWFpbHRvOmhvdXNsZXlAdmlnaWxzZWMuY29tPj4NCkNjOiBkcmFmdC1pZXRmLXNlY2V2ZW50LXRv
a2VuLmFsbEBpZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1zZWNldmVudC10b2tlbi5hbGxAaWV0
Zi5vcmc+OyBNaWtlIEpvbmVzIDxNaWNoYWVsLkpvbmVzQG1pY3Jvc29mdC5jb208bWFpbHRvOk1p
Y2hhZWwuSm9uZXNAbWljcm9zb2Z0LmNvbT4+OyBpZXRmQGlldGYub3JnPG1haWx0bzppZXRmQGll
dGYub3JnPjsgSUQgRXZlbnRzIE1haWxpbmcgTGlzdCA8aWQtZXZlbnRAaWV0Zi5vcmc8bWFpbHRv
OmlkLWV2ZW50QGlldGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYu
b3JnPg0KU3ViamVjdDogUmU6IFtJZC1ldmVudF0gU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2Yg
ZHJhZnQtaWV0Zi1zZWNldmVudC10b2tlbi0wOQ0KDQpSdXNzLA0KDQpIZXJlIGFyZSBwcm9wb3Nl
ZCBjaGFuZ2VzIHRvIGFkZHJlc3MgeW91ciBxdWVzdGlvbnMgYWJvdXQgU2VjdGlvbiAzLiAgWW91
4oCZcmUgcmlnaHQgdGhhdCB0aGlzIHNlY3Rpb24gaXMgcGxhY2luZyByZXF1aXJlbWVudHMgb24g
cHJvZmlsaW5nIHNwZWNpZmljYXRpb25zLiAgVGhlIGNoYW5nZXMgbWFkZSBhcmUgaW50ZW5kZWQg
dG8gbWFrZSB0aGlzIG1vcmUgZXhwbGljaXQuICBQbGVhc2UgbGV0IHVzIGtub3cgaWYgdGhlIHVw
ZGF0ZWQgdGV4dCB3b3JrcyBmb3IgeW91LCBhbmQgaWYgc28sIHdl4oCZbGwgcHVibGlzaCBhbiB1
cGRhdGVkIGRyYWZ0IHVzaW5nIGl0Lg0KDQpQbGVhc2Ugc2VlIHRoZSB3ZGlmZiB0ZXh0IGZvciBz
ZWN0aW9uIDMgYmVsb3cgKGFsc28gYXR0YWNoZWQpLg0KDQpUaGFua3MsDQoNClBoaWwgJiBNaWtl
DQoNCuKAlHdkaWZmIGZvciBzZWMgMy0tDQoNCjMuICBSZXF1aXJlbWVudHMgZm9yIFNFVCBQcm9m
aWxlcw0KDQoNCg0KICAgUHJvZmlsaW5nIHNwZWNpZmljYXRpb25zIG9mIHRoaXMgc3BlY2lmaWNh
dGlvbiBkZWZpbmUgYWN0dWFsIFNFVHMgdG8NCg0KICAgYmUgdXNlZCBpbiBwYXJ0aWN1bGFyIHVz
ZSBjYXNlcy4gIFRoZXNlIHByb2ZpbGluZyBzcGVjaWZpY2F0aW9ucw0KDQogICBkZWZpbmUgdGhl
IHN5bnRheCBhbmQgc2VtYW50aWNzIG9mIFNFVHMgY29uZm9ybWluZyB0byB0aGF0IFNFVA0KDQog
ICBwcm9maWxlIGFuZCBydWxlcyBmb3IgdmFsaWRhdGluZyB0aG9zZSBTRVRzLiAgUHJvZmlsaW5n
DQoNCiAgIHNwZWNpZmljYXRpb25zIFNIT1VMRCBkZWZpbmUgc3ludGF4LCBzZW1hbnRpY3MsIHN1
YmplY3QNCg0KICAgaWRlbnRpZmljYXRpb24sIGFuZCB2YWxpZGF0aW9uLg0KDQoNCg0KICAgU3lu
dGF4DQoNCiAgICAgIFRoZSBzeW50YXggZGVmaW5lZCBieQ0KDQogICBwcm9maWxpbmcgc3BlY2lm
aWNhdGlvbnMgaW5jbHVkZXMgd2hhdCBjbGFpbXMgb2YgdGhlIFNFVHMgZGVmaW5lZCwgaW5jbHVk
aW5nOg0KDQoNCg0KICAgICAgVG9wLUxldmVsIENsYWltcw0KDQogICAgICAgICBDbGFpbXMgYW5k
IGV2ZW50IHBheWxvYWQgdmFsdWVzIHBsYWNlZCBhdCB0aGUgSldUIENsYWltcyBTZXQuIEV4YW1w
bGVzIGFyZSB1c2VkDQoNCiAgICAgICAgIGNsYWltcyBkZWZpbmVkIGJ5IFNFVHMgdXRpbGl6aW5n
IHRoZSBwcm9maWxlLiBKV1Qgc3BlY2lmaWNhdGlvbiAoc2VlIFtSRkM3NTE5XSksIHRoZQ0KDQog
ICAgICAgICBTRVQgc3BlY2lmaWNhdGlvbiwgYW5kIGJ5IHRoZSBwcm9maWxpbmcgc3BlY2lmaWNh
dGlvbi4NCg0KDQoNCiAgICAgIEV2ZW50IFBheWxvYWQNCg0KICAgICAgICAgVGhlIEpTT04gZGF0
YSBzdHJ1Y3R1cmUgY29udGVudHMgYW5kIGZvcm1hdCwgY29udGFpbmluZyBldmVudC0NCg0KICAg
ICAgICAgc3BlY2lmaWMgaW5mb3JtYXRpb24sIGlmIGFueSAoc2VlIFNlY3Rpb24gMS4yKS4NCg0K
DQoNCiAgIFNlbWFudGljcw0KDQogICAgICBEZWZpbmluZyB0aGUgc2VtYW50aWNzIG9mIHRoZSBT
RVQgY29udGVudHMgZm9yIFNFVHMgdXRpbGl6aW5nIHRoZQ0KDQogICAgICBwcm9maWxlIGlzIGVx
dWFsbHkgaW1wb3J0YW50LiAgUG9zc2libHkgbW9zdCBpbXBvcnRhbnQgaXMgZGVmaW5pbmcNCg0K
ICAgICAgdGhlIHByb2NlZHVyZXMgdXNlZCB0byB2YWxpZGF0ZSB0aGUgU0VUIGlzc3VlciBhbmQg
dG8gb2J0YWluIHRoZQ0KDQogICAgICBrZXlzIGNvbnRyb2xsZWQgYnkgdGhlIGlzc3VlciB0aGF0
IHdlcmUgdXNlZCBmb3IgY3J5cHRvZ3JhcGhpYw0KDQogICAgICBvcGVyYXRpb25zIHVzZWQgaW4g
dGhlIEpXVCByZXByZXNlbnRpbmcgdGhlIFNFVC4gIEZvciBpbnN0YW5jZSwNCg0KICAgICAgc29t
ZSBwcm9maWxlcyBtYXkgZGVmaW5lIGFuIGFsZ29yaXRobSBmb3IgcmV0cmlldmluZyB0aGUgU0VU
DQoNCiAgICAgIGlzc3VlcidzIGtleXMgdGhhdCB1c2VzIHRoZSAiaXNzIiBjbGFpbSB2YWx1ZSBh
cyBpdHMgaW5wdXQuDQoNCiAgICAgIExpa2V3aXNlLCBpZiB0aGUgcHJvZmlsZSBhbGxvd3MgKG9y
IHJlcXVpcmVzKSB0aGF0IHRoZSBKV1QgYmUNCg0KICAgICAgdW5zZWN1cmVkLCB0aGUgbWVhbnMg
Ynkgd2hpY2ggdGhlIGludGVncml0eSBvZiB0aGUgSldUIGlzIGVuc3VyZWQNCg0KICAgICAgTVVT
VCBiZSBzcGVjaWZpZWQuDQoNCg0KDQogICBTdWJqZWN0IElkZW50aWZpY2F0aW9uDQoNCiAgICAg
IFByb2ZpbGluZyBzcGVjaWZpY2F0aW9ucyBNVVNUIGRlZmluZSBob3cgdGhlIGV2ZW50IHN1Ympl
Y3QgaXMNCg0KICAgICAgaWRlbnRpZmllZCBpbiB0aGUgU0VULCBhcyB3ZWxsIGFzIGhvdyB0byBk
aWZmZXJlbnRpYXRlIGJldHdlZW4gdGhlDQoNCiAgICAgIGV2ZW50IHN1YmplY3QncyBpc3N1ZXIg
YW5kIHRoZSBTRVQgaXNzdWVyLCBpZiBhcHBsaWNhYmxlLiAgSXQgaXMNCg0KICAgICAgTk9UIFJF
Q09NTUVOREVEIGZvciBwcm9maWxpbmcgc3BlY2lmaWNhdGlvbnMgdG8gdXNlIHRoZSAic3ViIg0K
DQogICAgICBjbGFpbSBpbiBjYXNlcyBpbiB3aGljaCB0aGUgc3ViamVjdCBpcyBub3QgZ2xvYmFs
bHkgdW5pcXVlIGFuZCBoYXMNCg0KICAgICAgYSBkaWZmZXJlbnQgaXNzdWVyIGZyb20gdGhlIFNF
VCBpdHNlbGYuDQoNCg0KDQogICBWYWxpZGF0aW9uDQoNCiAgICAgIFByb2ZpbGluZyBzcGVjaWZp
Y2F0aW9ucyBNVVNUIGNsZWFybHkgc3BlY2lmeSB0aGUgc3RlcHMgdGhhdCBhDQoNCiAgICAgIHJl
Y2lwaWVudCBvZiBhIFNFVCB1dGlsaXppbmcgdGhhdCBwcm9maWxlIE1VU1QgcGVyZm9ybSB0byB2
YWxpZGF0ZQ0KDQogICAgICB0aGF0IHRoZSBTRVQgaXMgYm90aCBzeW50YWN0aWNhbGx5IGFuZCBz
ZW1hbnRpY2FsbHkgdmFsaWQuDQoNCg0KDQogICAgICBBbW9uZyB0aGUgc3ludGF4IGFuZCBzZW1h
bnRpY3Mgb2YgU0VUcyB0aGF0IGEgcHJvZmlsaW5nDQoNCiAgICAgIHNwZWNpZmljYXRpb24gbWF5
IGRlZmluZSBpcyB3aGV0aGVyIHRoZSB2YWx1ZSBvZiB0aGUgImV2ZW50cyINCg0KICAgICAgY2xh
aW0gbWF5IGNvbnRhaW4gbXVsdGlwbGUgbWVtYmVycywgYW5kIHdoYXQgcHJvY2Vzc2luZw0KDQog
ICAgICBpbnN0cnVjdGlvbnMgYXJlIGVtcGxveWVkIGluIHRoZSBzaW5nbGUtIGFuZCBtdWx0aXBs
ZS12YWx1ZWQgY2FzZXMNCg0KICAgICAgZm9yIFNFVHMgY29uZm9ybWluZyB0byB0aGF0IHByb2Zp
bGUuICBNYW55IHZhbGlkIGNob2ljZXMgYXJlDQoNCiAgICAgIHBvc3NpYmxlLiAgRm9yIGluc3Rh
bmNlLCBzb21lIHByb2ZpbGVzIG1pZ2h0IGFsbG93IG11bHRpcGxlIGV2ZW50DQoNCiAgICAgIGlk
ZW50aWZpZXJzIHRvIGJlIHByZXNlbnQgYW5kIHNwZWNpZnkgdGhhdCBhbnkgdGhhdCBhcmUgbm90
DQoNCiAgICAgIHVuZGVyc3Rvb2QgYnkgcmVjaXBpZW50cyBiZSBpZ25vcmVkLCB0aHVzIGVuYWJs
aW5nIGV4dGVuc2liaWxpdHkuDQoNCiAgICAgIE90aGVyIHByb2ZpbGVzIG1pZ2h0IGFsbG93IG11
bHRpcGxlIGV2ZW50IGlkZW50aWZpZXJzIHRvIGJlDQoNCiAgICAgIHByZXNlbnQgYnV0IHJlcXVp
cmUgdGhhdCBhbGwgYmUgdW5kZXJzdG9vZCBpZiB0aGUgU0VUIGlzIHRvIGJlDQoNCiAgICAgIGFj
Y2VwdGVkLiAgU29tZSBwcm9maWxlcyBtaWdodCByZXF1aXJlIHRoYXQgb25seSBhIHNpbmdsZSB2
YWx1ZSBiZQ0KDQogICAgICBwcmVzZW50LiAgQWxsIHN1Y2ggY2hvaWNlcyBhcmUgd2l0aGluIHRo
ZSBzY29wZSBvZiBwcm9maWxpbmcNCg0KICAgICAgc3BlY2lmaWNhdGlvbnMgdG8gZGVmaW5lLg0K
DQoNCg0KICAgUHJvZmlsaW5nIHNwZWNpZmljYXRpb25zIE1VU1QgY2xlYXJseSBzcGVjaWZ5IHRo
ZSBzdGVwcyB0aGF0IGENCg0KICAgcmVjaXBpZW50IG9mIGEgU0VUIHV0aWxpemluZyB0aGF0IHBy
b2ZpbGUgTVVTVCBwZXJmb3JtIHRvIHZhbGlkYXRlDQoNCiAgIHRoYXQgdGhlIFNFVCBpcyBib3Ro
IHN5bnRhY3RpY2FsbHkgYW5kIHNlbWFudGljYWxseSB2YWxpZC4NCg0KUGhpbA0KDQpPcmFjbGUg
Q29ycG9yYXRpb24sIElkZW50aXR5IENsb3VkIFNlcnZpY2VzIEFyY2hpdGVjdA0KQGluZGVwZW5k
ZW50aWQNCnd3dy5pbmRlcGVuZGVudGlkLmNvbTxodHRwOi8vd3d3LmluZGVwZW5kZW50aWQuY29t
Pg0KcGhpbC5odW50QG9yYWNsZS5jb208bWFpbHRvOnBoaWwuaHVudEBvcmFjbGUuY29tPg0KDQpP
biBBcHIgMjAsIDIwMTgsIGF0IDExOjAzIEFNLCBSdXNzIEhvdXNsZXkgPGhvdXNsZXlAdmlnaWxz
ZWMuY29tPG1haWx0bzpob3VzbGV5QHZpZ2lsc2VjLmNvbT4+IHdyb3RlOg0KDQpSZXZpZXdlcjog
UnVzcyBIb3VzbGV5DQpSZXZpZXcgcmVzdWx0OiBIYXMgSXNzdWVzDQoNCkkgcmV2aWV3ZWQgdGhp
cyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBTZWN1cml0eSBEaXJlY3RvcmF0ZSdzIG9uZ29pbmcN
CmVmZm9ydCB0byByZXZpZXcgYWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHByb2Nlc3NlZCBieSB0
aGUgSUVTRy4gIFRoZXNlDQpjb21tZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUg
YmVuZWZpdCBvZiB0aGUgU2VjdXJpdHkgQXJlYQ0KRGlyZWN0b3JzLiAgRG9jdW1lbnQgYXV0aG9y
cywgZG9jdW1lbnQgZWRpdG9ycywgYW5kIFdHIGNoYWlycyBzaG91bGQNCnRyZWF0IHRoZXNlIGNv
bW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgSUVURiBMYXN0IENhbGwgY29tbWVudHMuDQoNCkRv
Y3VtZW50OiBkcmFmdC1pZXRmLXNlY2V2ZW50LXRva2VuLTA5DQpSZXZpZXdlcjogUnVzcyBIb3Vz
bGV5DQpSZXZpZXcgRGF0ZTogMjAxOC0wNC0yMA0KSUVURiBMQyBFbmQgRGF0ZTogdW5rbm93bg0K
SUVTRyBUZWxlY2hhdCBkYXRlOiAyMDE4LTA1LTEwDQoNClN1bW1hcnk6IEhhcyBJc3N1ZXMNCg0K
TWFqb3IgQ29uY2VybnMNCg0KSSBkbyBub3QgdW5kZXJzdGFuZCB0aGUgZmlyc3QgcGFyYWdyYXBo
IG9mIFNlY3Rpb24gMy4gIEkgbWFkZSB0aGlzDQpjb21tZW50IG9uIHZlcnNpb24gLTA3LCBhbmQg
c29tZSB3b3JkcyB3ZXJlIGFkZGVkLCBidXQgSSBzdGlsbCBkbw0Kbm90IHVuZGVyc3RhbmQgdGhp
cyBwYXJhZ3JhcGguICBJIHRoaW5rIHlvdSBhcmUgdHJ5aW5nIHRvIGltcG9zZSBzb21lDQpydWxl
cyBvbiBmdXR1cmUgc3BlY2lmaWNhdGlvbnMgdGhhdCB1c2UgU0VUIHRvIGRlZmluZSBldmVudHMu
ICBMZXQgbWUNCmFzayBhIGNvdXBsZSBvZiBxdWVzdGlvbnMgdGhhdCBtYXkgaGVscC4gIEkgdW5k
ZXJzdGFuZCB0aGF0IGENCnByb2ZpbGluZyBzcGVjaWZpY2F0aW9uIE1VU1Qgc3BlY2lmeSB0aGUg
c3ludGF4IGFuZCBzZW1hbnRpY3MgZm9yIGENCmNvbGxlY3Rpb24gb2Ygc2VjdXJpdHkgZXZlbnQg
dG9rZW5zLCBpbmNsdWRpbmcgdGhlIGNsYWltcyBhbmQgcGF5bG9hZHMNCnRoYXQgYXJlIGV4cGVj
dGVkLiAgV2hhdCBNVVNUIGEgcHJvZmlsaW5nIHNwZWNpZmljYXRpb24gaW5jbHVkZT8gIFdoYXQN
Ck1VU1QgYSBwcm9maWxpbmcgc3BlY2lmaWNhdGlvbiBOT1QgaW5jbHVkZT8NCg0KDQpfX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KSWQtZXZlbnQgbWFpbGlu
ZyBsaXN0DQpJZC1ldmVudEBpZXRmLm9yZzxtYWlsdG86SWQtZXZlbnRAaWV0Zi5vcmc+DQpodHRw
czovL3VybGRlZmVuc2UucHJvb2Zwb2ludC5jb20vdjIvdXJsP3U9aHR0cHMtM0FfX3d3dy5pZXRm
Li5vcmdfbWFpbG1hbl9saXN0aW5mb19pZC0yRGV2ZW50JmQ9RHdJQ0FnJmM9Um9QMVl1bUNYQ2dh
V0h2bFpZUjhQWmg4QnY3cUlyTVVCNjVlYXBJX0puRSZyPW5hNUZWekJUV21hbnFXTnk0RHBjdHlY
UHB1WXFQa0FJMWFMY0xONEtaTkEmbT1oSkZ4LVoyaWgxOHVVTkNYb3NBanZ5Z0hxbjJfSzJtdE56
cUllajNBaC1jJnM9MjhPV2U0MlMwYmc4WTJlbzNWVnpBQ2VTWW56Z2l5eWVYTGw3dFR1OWkxWSZl
PQ0KDQo=

--_000_DM5PR00MB029324695FEA6EF07878D6E4F5810DM5PR00MB0293namp_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m
YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy
IDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDb25zb2xhczsNCglwYW5vc2UtMToyIDEx
IDYgOSAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWws
IGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0
b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixz
YW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9y
aXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZp
c2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5
Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnByZQ0KCXtt
c28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0dGVk
IENoYXIiOw0KCW1hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6
ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpzcGFuLkhUTUxQcmVmb3Jt
YXR0ZWRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsNCglt
c28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0dGVk
IjsNCglmb250LWZhbWlseTpDb25zb2xhczt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25vcm1hbDAs
IGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28tbWFyZ2lu
LXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4tYm90dG9tLWFs
dDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFt
aWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4ueGFwcGxlLXN0eWxlLXNwYW4NCgl7bXNv
LXN0eWxlLW5hbWU6eF9hcHBsZS1zdHlsZS1zcGFuO30NCnNwYW4uRW1haWxTdHlsZTIxDQoJe21z
by1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlm
Ow0KCWNvbG9yOiMwMDIwNjA7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjQNCgl7bXNvLXN0eWxlLXR5cGU6
cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29s
b3I6IzAwMjA2MDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25s
eTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWlu
IDExLjBpbjsNCgltYXJnaW46MS4waW4gMS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0
aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5
XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4N
CjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVsYXlv
dXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286
c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1V
UyIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEi
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPkhpIFJ1
c3MsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5
bGU9ImNvbG9yOiMwMDIwNjAiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDAyMDYwIj5Ob3QgaGF2aW5nIGhlYXJk
IGJhY2sgZnJvbSB5b3UgZm9yIGEgd2VlaywgdGhlIGVkaXRvcnMgZGVjaWRlZCB0byBwdWJsaXNo
IGFuIHVwZGF0ZWQgZHJhZnQNCjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9k
cmFmdC1pZXRmLXNlY2V2ZW50LXRva2VuLTEwIj5odHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwv
ZHJhZnQtaWV0Zi1zZWNldmVudC10b2tlbi0xMDwvYT4gdGhhdCBhZGRyZXNzZXMgeW91ciBhZGRp
dGlvbmFsIFNlY0RpciByZXZpZXcgY29tbWVudHMgaW4gdGhlIG1hbm5lciBwcm9wb3NlZCBsYXN0
IHdlZWsuJm5ic3A7IEluIHBhcnRpY3VsYXIsIHRoZSByZXZpc2VkIHRleHQgbWFrZXMgaXQNCiBj
bGVhcmVyIHdoYXQgcmVxdWlyZW1lbnRzIHRoaXMgc3BlY2lmaWNhdGlvbiBpcyBpbXBvc2luZyBv
biBwcm9maWxpbmcgc3BlY2lmaWNhdGlvbnMuJm5ic3A7IEkgaG9wZSB0aGUgbmV3IHRleHQgd29y
a3MgZm9yIHlvdS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48
c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2MCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPiZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBCZXN0IHdpc2hlcyw8bzpwPjwvbzpwPjwvc3Bh
bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2MCI+
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IC0tIE1pa2U8bzpwPjwvbzpwPjwv
c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2
MCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRl
cjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAw
aW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPkZyb206PC9iPiBNaWtlIEpvbmVzIDxi
cj4NCjxiPlNlbnQ6PC9iPiBTdW5kYXksIEFwcmlsIDI5LCAyMDE4IDM6MjAgUE08YnI+DQo8Yj5U
bzo8L2I+IFJ1c3MgSG91c2xleSAmbHQ7aG91c2xleUB2aWdpbHNlYy5jb20mZ3Q7PGJyPg0KPGI+
Q2M6PC9iPiBQaGlsIEh1bnQgJmx0O3BoaWwuaHVudEBvcmFjbGUuY29tJmd0OzsgZHJhZnQtaWV0
Zi1zZWNldmVudC10b2tlbi5hbGxAaWV0Zi5vcmc7IGlldGZAaWV0Zi5vcmc7IElEIEV2ZW50cyBN
YWlsaW5nIExpc3QgJmx0O2lkLWV2ZW50QGlldGYub3JnJmd0Ozsgc2VjZGlyQGlldGYub3JnPGJy
Pg0KPGI+U3ViamVjdDo8L2I+IFJFOiBbSWQtZXZlbnRdIFNlY2RpciBsYXN0IGNhbGwgcmV2aWV3
IG9mIGRyYWZ0LWlldGYtc2VjZXZlbnQtdG9rZW4tMDk8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K
PC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDAyMDYwIj5IaSBSdXNzLDxvOnA+
PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xv
cjojMDAyMDYwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2MCI+SSB3YW50ZWQgdG8gY2hlY2sgYmFjayBp
bi4mbmJzcDsgQXJlIHlvdSBnb29kIHdpdGggdGhlc2UgY2hhbmdlcyB0byBhZGRyZXNzIHlvdXIg
Y29tbWVudCBvciBkbyB3YW50IHRvIHN1Z2dlc3QgdGhhdCB3ZSB0YWtlIGEgZGlmZmVyZW50IGRp
cmVjdGlvbj88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh
biBzdHlsZT0iY29sb3I6IzAwMjA2MCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPiZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBUaGFua3MsPG86cD48L286cD48L3NwYW4+PC9w
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPiZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAtLSBNaWtlPG86cD48L286cD48L3Nw
YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAi
PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6
bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGlu
IDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Gcm9tOjwvYj4gSWQtZXZlbnQgJmx0Ozxh
IGhyZWY9Im1haWx0bzppZC1ldmVudC1ib3VuY2VzQGlldGYub3JnIj5pZC1ldmVudC1ib3VuY2Vz
QGlldGYub3JnPC9hPiZndDsNCjxiPk9uIEJlaGFsZiBPZiA8L2I+UGhpbCBIdW50PGJyPg0KPGI+
U2VudDo8L2I+IFR1ZXNkYXksIEFwcmlsIDI0LCAyMDE4IDI6NTAgUE08YnI+DQo8Yj5Ubzo8L2I+
IFJ1c3MgSG91c2xleSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmhvdXNsZXlAdmlnaWxzZWMuY29tIj5o
b3VzbGV5QHZpZ2lsc2VjLmNvbTwvYT4mZ3Q7PGJyPg0KPGI+Q2M6PC9iPiA8YSBocmVmPSJtYWls
dG86ZHJhZnQtaWV0Zi1zZWNldmVudC10b2tlbi5hbGxAaWV0Zi5vcmciPmRyYWZ0LWlldGYtc2Vj
ZXZlbnQtdG9rZW4uYWxsQGlldGYub3JnPC9hPjsgTWlrZSBKb25lcyAmbHQ7PGEgaHJlZj0ibWFp
bHRvOk1pY2hhZWwuSm9uZXNAbWljcm9zb2Z0LmNvbSI+TWljaGFlbC5Kb25lc0BtaWNyb3NvZnQu
Y29tPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86aWV0ZkBpZXRmLm9yZyI+aWV0ZkBpZXRmLm9y
ZzwvYT47IElEIEV2ZW50cyBNYWlsaW5nIExpc3QgJmx0OzxhIGhyZWY9Im1haWx0bzppZC1ldmVu
dEBpZXRmLm9yZyI+aWQtZXZlbnRAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpz
ZWNkaXJAaWV0Zi5vcmciPnNlY2RpckBpZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4g
UmU6IFtJZC1ldmVudF0gU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJhZnQtaWV0Zi1zZWNl
dmVudC10b2tlbi0wOTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj5SdXNzLDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2MCI+SGVyZSBhcmUgcHJvcG9z
ZWQgY2hhbmdlcyB0byBhZGRyZXNzIHlvdXIgcXVlc3Rpb25zIGFib3V0IFNlY3Rpb24gMy4mbmJz
cDsgWW914oCZcmUgcmlnaHQgdGhhdCB0aGlzIHNlY3Rpb24gaXMgcGxhY2luZyByZXF1aXJlbWVu
dHMgb24gcHJvZmlsaW5nIHNwZWNpZmljYXRpb25zLiZuYnNwOyBUaGUgY2hhbmdlcyBtYWRlIGFy
ZSBpbnRlbmRlZCB0byBtYWtlIHRoaXMgbW9yZSBleHBsaWNpdC4mbmJzcDsNCiBQbGVhc2UgbGV0
IHVzIGtub3cgaWYgdGhlIHVwZGF0ZWQgdGV4dCB3b3JrcyBmb3IgeW91LCBhbmQgaWYgc28sIHdl
4oCZbGwgcHVibGlzaCBhbiB1cGRhdGVkIGRyYWZ0IHVzaW5nIGl0Ljwvc3Bhbj48bzpwPjwvbzpw
PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v
OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9
ImNvbG9yOiMwMDIwNjAiPlBsZWFzZSBzZWUgdGhlIHdkaWZmIHRleHQgZm9yIHNlY3Rpb24gMyBi
ZWxvdyAoYWxzbyBhdHRhY2hlZCkuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxk
aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2MCI+VGhh
bmtzLDwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPlBoaWwgJmFtcDsgTWlrZTwvc3Bh
bj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv
OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPuKAlHdkaWZmIGZvciBzZWMgMy0tPC9zcGFuPjxv
OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8cHJlPjMuJm5ic3A7IFJlcXVpcmVtZW50cyBmb3IgU0VU
IFByb2ZpbGVzPG86cD48L286cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4N
CjxwcmU+Jm5ic3A7Jm5ic3A7IFByb2ZpbGluZyBzcGVjaWZpY2F0aW9ucyBvZiB0aGlzIHNwZWNp
ZmljYXRpb24gZGVmaW5lIGFjdHVhbCBTRVRzIHRvPG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5i
c3A7Jm5ic3A7IGJlIHVzZWQgaW4gcGFydGljdWxhciB1c2UgY2FzZXMuJm5ic3A7IFRoZXNlIHBy
b2ZpbGluZyBzcGVjaWZpY2F0aW9uczxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNw
OyBkZWZpbmUgdGhlIHN5bnRheCBhbmQgc2VtYW50aWNzIG9mIFNFVHMgY29uZm9ybWluZyB0byB0
aGF0IFNFVDxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyBwcm9maWxlIGFuZCBy
dWxlcyBmb3IgdmFsaWRhdGluZyB0aG9zZSBTRVRzLiZuYnNwOyA8c3Ryb25nPjxzcGFuIHN0eWxl
PSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpncmVlbiI+UHJvZmls
aW5nPG86cD48L286cD48L3NwYW4+PC9zdHJvbmc+PC9wcmU+DQo8cHJlPjxzdHJvbmc+PHNwYW4g
c3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmdyZWVuIj4m
bmJzcDsmbmJzcDsgc3BlY2lmaWNhdGlvbnMgU0hPVUxEIGRlZmluZSBzeW50YXgsIHNlbWFudGlj
cywgc3ViamVjdDxvOnA+PC9vOnA+PC9zcGFuPjwvc3Ryb25nPjwvcHJlPg0KPHByZT48c3Ryb25n
PjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpn
cmVlbiI+Jm5ic3A7Jm5ic3A7IGlkZW50aWZpY2F0aW9uLCBhbmQgdmFsaWRhdGlvbi48bzpwPjwv
bzpwPjwvc3Bhbj48L3N0cm9uZz48L3ByZT4NCjxwcmU+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9u
dC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPjxvOnA+Jm5ic3A7
PC9vOnA+PC9zcGFuPjwvc3Ryb25nPjwvcHJlPg0KPHByZT48c3Ryb25nPjxzcGFuIHN0eWxlPSJm
b250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpncmVlbiI+Jm5ic3A7Jm5i
c3A7IFN5bnRheDwvc3Bhbj48L3N0cm9uZz48bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgVGhlIHN5bnRheCA8cz48c3BhbiBzdHlsZT0iY29sb3I6
cmVkIj5kZWZpbmVkIGJ5PG86cD48L286cD48L3NwYW4+PC9zPjwvcHJlPg0KPHByZT48cz48c3Bh
biBzdHlsZT0iY29sb3I6cmVkIj4mbmJzcDsmbmJzcDsgcHJvZmlsaW5nIHNwZWNpZmljYXRpb25z
IGluY2x1ZGVzIHdoYXQgY2xhaW1zPC9zcGFuPjwvcz4gPHN0cm9uZz48c3BhbiBzdHlsZT0iZm9u
dC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPm9mIHRoZSBTRVRz
IGRlZmluZWQsIGluY2x1ZGluZzo8bzpwPjwvbzpwPjwvc3Bhbj48L3N0cm9uZz48L3ByZT4NCjxw
cmU+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVv
dDs7Y29sb3I6Z3JlZW4iPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvc3Ryb25nPjwvcHJlPg0K
PHByZT48c3Ryb25nPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZx
dW90Oztjb2xvcjpncmVlbiI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IFRvcC1MZXZl
bCBDbGFpbXM8bzpwPjwvbzpwPjwvc3Bhbj48L3N0cm9uZz48L3ByZT4NCjxwcmU+PHN0cm9uZz48
c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3Jl
ZW4iPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBDbGFp
bXM8L3NwYW4+PC9zdHJvbmc+IGFuZCA8cz48c3BhbiBzdHlsZT0iY29sb3I6cmVkIj5ldmVudCBw
YXlsb2FkPC9zcGFuPjwvcz4gdmFsdWVzIDxzdHJvbmc+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5
OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmdyZWVuIj5wbGFjZWQgYXQgdGhlIEpXVCBD
bGFpbXMgU2V0LiBFeGFtcGxlczwvc3Bhbj48L3N0cm9uZz4gYXJlIDxzPjxzcGFuIHN0eWxlPSJj
b2xvcjpyZWQiPnVzZWQ8L3NwYW4+PC9zPjxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyA8c3Ryb25nPjxzcGFuIHN0
eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpncmVlbiI+Y2xh
aW1zIGRlZmluZWQ8L3NwYW4+PC9zdHJvbmc+IGJ5IDxzPjxzcGFuIHN0eWxlPSJjb2xvcjpyZWQi
PlNFVHMgdXRpbGl6aW5nPC9zcGFuPjwvcz4gdGhlIDxzPjxzcGFuIHN0eWxlPSJjb2xvcjpyZWQi
PnByb2ZpbGUuPC9zcGFuPjwvcz4gPHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1
b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPkpXVCBzcGVjaWZpY2F0aW9uIChzZWUg
W1JGQzc1MTldKSwgdGhlPG86cD48L286cD48L3NwYW4+PC9zdHJvbmc+PC9wcmU+DQo8cHJlPjxz
dHJvbmc+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2Nv
bG9yOmdyZWVuIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsgU0VUIHNwZWNpZmljYXRpb24sIGFuZCBieSB0aGUgcHJvZmlsaW5nIHNwZWNpZmljYXRpb24u
PG86cD48L286cD48L3NwYW4+PC9zdHJvbmc+PC9wcmU+DQo8cHJlPjxzdHJvbmc+PHNwYW4gc3R5
bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmdyZWVuIj48bzpw
PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3N0cm9uZz48L3ByZT4NCjxwcmU+PHN0cm9uZz48c3BhbiBz
dHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPiZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBFdmVudCBQYXlsb2FkPG86cD48L286cD48L3Nw
YW4+PC9zdHJvbmc+PC9wcmU+DQo8cHJlPjxzdHJvbmc+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5
OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmdyZWVuIj4mbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgVGhlIEpTT04gZGF0YSBzdHJ1Y3R1cmUgY29u
dGVudHMgYW5kIGZvcm1hdCwgY29udGFpbmluZyBldmVudC08bzpwPjwvbzpwPjwvc3Bhbj48L3N0
cm9uZz48L3ByZT4NCjxwcmU+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7
Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBzcGVjaWZpYyBpbmZvcm1hdGlvbiwgaWYgYW55IChzZWUg
U2VjdGlvbiAxLjIpLjxvOnA+PC9vOnA+PC9zcGFuPjwvc3Ryb25nPjwvcHJlPg0KPHByZT48c3Ry
b25nPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xv
cjpncmVlbiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9zdHJvbmc+PC9wcmU+DQo8cHJlPjxz
dHJvbmc+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2Nv
bG9yOmdyZWVuIj4mbmJzcDsmbmJzcDsgU2VtYW50aWNzPC9zcGFuPjwvc3Ryb25nPjxvOnA+PC9v
OnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBEZWZpbmluZyB0
aGUgc2VtYW50aWNzIG9mIHRoZSBTRVQgY29udGVudHMgZm9yIFNFVHMgdXRpbGl6aW5nIHRoZTxv
OnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBwcm9m
aWxlIGlzIGVxdWFsbHkgaW1wb3J0YW50LiZuYnNwOyBQb3NzaWJseSBtb3N0IGltcG9ydGFudCBp
cyBkZWZpbmluZzxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyB0aGUgcHJvY2VkdXJlcyB1c2VkIHRvIHZhbGlkYXRlIHRoZSBTRVQgaXNzdWVyIGFu
ZCB0byBvYnRhaW4gdGhlPG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7Jm5ic3A7IGtleXMgY29udHJvbGxlZCBieSB0aGUgaXNzdWVyIHRoYXQgd2VyZSB1c2Vk
IGZvciBjcnlwdG9ncmFwaGljPG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7IG9wZXJhdGlvbnMgdXNlZCBpbiB0aGUgSldUIHJlcHJlc2VudGluZyB0
aGUgU0VULiZuYnNwOyBGb3IgaW5zdGFuY2UsPG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHNvbWUgcHJvZmlsZXMgbWF5IGRlZmluZSBhbiBhbGdv
cml0aG0gZm9yIHJldHJpZXZpbmcgdGhlIFNFVDxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBpc3N1ZXIncyBrZXlzIHRoYXQgdXNlcyB0aGUgJnF1
b3Q7aXNzJnF1b3Q7IGNsYWltIHZhbHVlIGFzIGl0cyBpbnB1dC48bzpwPjwvbzpwPjwvcHJlPg0K
PHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgTGlrZXdpc2UsIGlmIHRoZSBwcm9m
aWxlIGFsbG93cyAob3IgcmVxdWlyZXMpIHRoYXQgdGhlIEpXVCBiZTxvOnA+PC9vOnA+PC9wcmU+
DQo8cHJlPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB1bnNlY3VyZWQsIHRoZSBtZWFu
cyBieSB3aGljaCB0aGUgaW50ZWdyaXR5IG9mIHRoZSBKV1QgaXMgZW5zdXJlZDxvOnA+PC9vOnA+
PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBNVVNUIGJlIHNwZWNp
ZmllZC48bzpwPjwvbzpwPjwvcHJlPg0KPHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0KPHBy
ZT4mbmJzcDsmbmJzcDsgPHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291
cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPlN1YmplY3QgSWRlbnRpZmljYXRpb248L3NwYW4+
PC9zdHJvbmc+PG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
Jm5ic3A7IFByb2ZpbGluZyBzcGVjaWZpY2F0aW9ucyBNVVNUIGRlZmluZSBob3cgdGhlIGV2ZW50
IHN1YmplY3QgaXM8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsgaWRlbnRpZmllZCBpbiB0aGUgU0VULCBhcyB3ZWxsIGFzIGhvdyB0byBkaWZmZXJl
bnRpYXRlIGJldHdlZW4gdGhlPG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7IGV2ZW50IHN1YmplY3QncyBpc3N1ZXIgYW5kIHRoZSBTRVQgaXNzdWVy
LCBpZiBhcHBsaWNhYmxlLiZuYnNwOyBJdCBpczxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBOT1QgUkVDT01NRU5ERUQgZm9yIHByb2ZpbGluZyBz
cGVjaWZpY2F0aW9ucyB0byB1c2UgdGhlICZxdW90O3N1YiZxdW90OzxvOnA+PC9vOnA+PC9wcmU+
DQo8cHJlPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBjbGFpbSBpbiBjYXNlcyBpbiB3
aGljaCB0aGUgc3ViamVjdCBpcyBub3QgZ2xvYmFsbHkgdW5pcXVlIGFuZCBoYXM8bzpwPjwvbzpw
PjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgYSBkaWZmZXJlbnQg
aXNzdWVyIGZyb20gdGhlIFNFVCBpdHNlbGYuPG86cD48L286cD48L3ByZT4NCjxwcmU+PG86cD4m
bmJzcDs8L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7IDxzdHJvbmc+PHNwYW4gc3R5bGU9
ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmdyZWVuIj5WYWxpZGF0
aW9uPG86cD48L286cD48L3NwYW4+PC9zdHJvbmc+PC9wcmU+DQo8cHJlPjxzdHJvbmc+PHNwYW4g
c3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmdyZWVuIj4m
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgUHJvZmlsaW5nIHNwZWNpZmljYXRpb25zIE1V
U1QgY2xlYXJseSBzcGVjaWZ5IHRoZSBzdGVwcyB0aGF0IGE8bzpwPjwvbzpwPjwvc3Bhbj48L3N0
cm9uZz48L3ByZT4NCjxwcmU+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7
Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyByZWNpcGllbnQgb2YgYSBTRVQgdXRpbGl6aW5nIHRoYXQgcHJvZmlsZSBNVVNUIHBlcmZv
cm0gdG8gdmFsaWRhdGU8bzpwPjwvbzpwPjwvc3Bhbj48L3N0cm9uZz48L3ByZT4NCjxwcmU+PHN0
cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29s
b3I6Z3JlZW4iPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB0aGF0IHRoZSBTRVQgaXMg
Ym90aCBzeW50YWN0aWNhbGx5IGFuZCBzZW1hbnRpY2FsbHkgdmFsaWQuPC9zcGFuPjwvc3Ryb25n
PjxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8cHJlPiZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBBbW9uZyB0aGUgc3ludGF4IGFuZCBzZW1hbnRp
Y3Mgb2YgU0VUcyB0aGF0IGEgcHJvZmlsaW5nPG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHNwZWNpZmljYXRpb24gbWF5IGRlZmluZSBpcyB3aGV0
aGVyIHRoZSB2YWx1ZSBvZiB0aGUgJnF1b3Q7ZXZlbnRzJnF1b3Q7PG86cD48L286cD48L3ByZT4N
CjxwcmU+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IGNsYWltIG1heSBjb250YWluIG11
bHRpcGxlIG1lbWJlcnMsIGFuZCB3aGF0IHByb2Nlc3Npbmc8bzpwPjwvbzpwPjwvcHJlPg0KPHBy
ZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgaW5zdHJ1Y3Rpb25zIGFyZSBlbXBsb3ll
ZCBpbiB0aGUgc2luZ2xlLSBhbmQgbXVsdGlwbGUtdmFsdWVkIGNhc2VzPG86cD48L286cD48L3By
ZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IGZvciBTRVRzIGNvbmZvcm1p
bmcgdG8gdGhhdCBwcm9maWxlLiZuYnNwOyBNYW55IHZhbGlkIGNob2ljZXMgYXJlPG86cD48L286
cD48L3ByZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHBvc3NpYmxlLiZu
YnNwOyBGb3IgaW5zdGFuY2UsIHNvbWUgcHJvZmlsZXMgbWlnaHQgYWxsb3cgbXVsdGlwbGUgZXZl
bnQ8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg
aWRlbnRpZmllcnMgdG8gYmUgcHJlc2VudCBhbmQgc3BlY2lmeSB0aGF0IGFueSB0aGF0IGFyZSBu
b3Q8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg
dW5kZXJzdG9vZCBieSByZWNpcGllbnRzIGJlIGlnbm9yZWQsIHRodXMgZW5hYmxpbmcgZXh0ZW5z
aWJpbGl0eS48bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsgT3RoZXIgcHJvZmlsZXMgbWlnaHQgYWxsb3cgbXVsdGlwbGUgZXZlbnQgaWRlbnRpZmll
cnMgdG8gYmU8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsgcHJlc2VudCBidXQgcmVxdWlyZSB0aGF0IGFsbCBiZSB1bmRlcnN0b29kIGlmIHRoZSBT
RVQgaXMgdG8gYmU8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsgYWNjZXB0ZWQuJm5ic3A7IFNvbWUgcHJvZmlsZXMgbWlnaHQgcmVxdWlyZSB0aGF0
IG9ubHkgYSBzaW5nbGUgdmFsdWUgYmU8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsgcHJlc2VudC4mbmJzcDsgQWxsIHN1Y2ggY2hvaWNlcyBhcmUg
d2l0aGluIHRoZSBzY29wZSBvZiBwcm9maWxpbmc8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgc3BlY2lmaWNhdGlvbnMgdG8gZGVmaW5lLjxvOnA+
PC9vOnA+PC9wcmU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZu
YnNwOyA8cz48c3BhbiBzdHlsZT0iY29sb3I6cmVkIj5Qcm9maWxpbmcgc3BlY2lmaWNhdGlvbnMg
TVVTVCBjbGVhcmx5IHNwZWNpZnkgdGhlIHN0ZXBzIHRoYXQgYTxvOnA+PC9vOnA+PC9zcGFuPjwv
cz48L3ByZT4NCjxwcmU+PHM+PHNwYW4gc3R5bGU9ImNvbG9yOnJlZCI+Jm5ic3A7Jm5ic3A7IHJl
Y2lwaWVudCBvZiBhIFNFVCB1dGlsaXppbmcgdGhhdCBwcm9maWxlIE1VU1QgcGVyZm9ybSB0byB2
YWxpZGF0ZTxvOnA+PC9vOnA+PC9zcGFuPjwvcz48L3ByZT4NCjxwcmU+PHM+PHNwYW4gc3R5bGU9
ImNvbG9yOnJlZCI+Jm5ic3A7Jm5ic3A7IHRoYXQgdGhlIFNFVCBpcyBib3RoIHN5bnRhY3RpY2Fs
bHkgYW5kIHNlbWFudGljYWxseSB2YWxpZC48L3NwYW4+PC9zPjxvOnA+PC9vOnA+PC9wcmU+DQo8
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4N
CjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0K
PGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8
ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFj
ayI+UGhpbDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3Nw
YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9
ImNvbG9yOmJsYWNrIj5PcmFjbGUgQ29ycG9yYXRpb24sIElkZW50aXR5IENsb3VkIFNlcnZpY2Vz
IEFyY2hpdGVjdDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+QGluZGVwZW5kZW50aWQ8bzpw
PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48
c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPjxhIGhyZWY9Imh0dHA6Ly93d3cuaW5kZXBlbmRlbnRp
ZC5jb20iPnd3dy5pbmRlcGVuZGVudGlkLmNvbTwvYT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IHN0eWxlPSJjb2xvcjpibGFjayI+PGEgaHJlZj0ibWFpbHRvOnBoaWwuaHVudEBvcmFjbGUuY29t
Ij5waGlsLmh1bnRAb3JhY2xlLmNvbTwvYT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N
CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K
PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8
ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEy
LjBwdCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRv
cDo1LjBwdDttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij5PbiBBcHIgMjAsIDIwMTgsIGF0IDExOjAzIEFNLCBSdXNzIEhvdXNsZXkgJmx0OzxhIGhyZWY9
Im1haWx0bzpob3VzbGV5QHZpZ2lsc2VjLmNvbSI+aG91c2xleUB2aWdpbHNlYy5jb208L2E+Jmd0
OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86
cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlJl
dmlld2VyOiBSdXNzIEhvdXNsZXk8YnI+DQpSZXZpZXcgcmVzdWx0OiBIYXMgSXNzdWVzPGJyPg0K
PGJyPg0KSSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIFNlY3VyaXR5IERp
cmVjdG9yYXRlJ3Mgb25nb2luZzxicj4NCmVmZm9ydCB0byByZXZpZXcgYWxsIElFVEYgZG9jdW1l
bnRzIGJlaW5nIHByb2Nlc3NlZCBieSB0aGUgSUVTRy4gJm5ic3A7VGhlc2U8YnI+DQpjb21tZW50
cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgU2VjdXJpdHkg
QXJlYTxicj4NCkRpcmVjdG9ycy4gJm5ic3A7RG9jdW1lbnQgYXV0aG9ycywgZG9jdW1lbnQgZWRp
dG9ycywgYW5kIFdHIGNoYWlycyBzaG91bGQ8YnI+DQp0cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0
IGxpa2UgYW55IG90aGVyIElFVEYgTGFzdCBDYWxsIGNvbW1lbnRzLjxicj4NCjxicj4NCkRvY3Vt
ZW50OiBkcmFmdC1pZXRmLXNlY2V2ZW50LXRva2VuLTA5PGJyPg0KUmV2aWV3ZXI6IFJ1c3MgSG91
c2xleTxicj4NClJldmlldyBEYXRlOiAyMDE4LTA0LTIwPGJyPg0KSUVURiBMQyBFbmQgRGF0ZTog
dW5rbm93bjxicj4NCklFU0cgVGVsZWNoYXQgZGF0ZTogMjAxOC0wNS0xMDxicj4NCjxicj4NClN1
bW1hcnk6IEhhcyBJc3N1ZXM8YnI+DQo8YnI+DQpNYWpvciBDb25jZXJuczxicj4NCjxicj4NCkkg
ZG8gbm90IHVuZGVyc3RhbmQgdGhlIGZpcnN0IHBhcmFncmFwaCBvZiBTZWN0aW9uIDMuICZuYnNw
O0kgbWFkZSB0aGlzPGJyPg0KY29tbWVudCBvbiB2ZXJzaW9uIC0wNywgYW5kIHNvbWUgd29yZHMg
d2VyZSBhZGRlZCwgYnV0IEkgc3RpbGwgZG88YnI+DQpub3QgdW5kZXJzdGFuZCB0aGlzIHBhcmFn
cmFwaC4gJm5ic3A7SSB0aGluayB5b3UgYXJlIHRyeWluZyB0byBpbXBvc2Ugc29tZTxicj4NCnJ1
bGVzIG9uIGZ1dHVyZSBzcGVjaWZpY2F0aW9ucyB0aGF0IHVzZSBTRVQgdG8gZGVmaW5lIGV2ZW50
cy4gJm5ic3A7TGV0IG1lPGJyPg0KYXNrIGEgY291cGxlIG9mIHF1ZXN0aW9ucyB0aGF0IG1heSBo
ZWxwLiAmbmJzcDtJIHVuZGVyc3RhbmQgdGhhdCBhPGJyPg0KcHJvZmlsaW5nIHNwZWNpZmljYXRp
b24gTVVTVCBzcGVjaWZ5IHRoZSBzeW50YXggYW5kIHNlbWFudGljcyBmb3IgYTxicj4NCmNvbGxl
Y3Rpb24gb2Ygc2VjdXJpdHkgZXZlbnQgdG9rZW5zLCBpbmNsdWRpbmcgdGhlIGNsYWltcyBhbmQg
cGF5bG9hZHM8YnI+DQp0aGF0IGFyZSBleHBlY3RlZC4gJm5ic3A7V2hhdCBNVVNUIGEgcHJvZmls
aW5nIHNwZWNpZmljYXRpb24gaW5jbHVkZT8gJm5ic3A7V2hhdDxicj4NCk1VU1QgYSBwcm9maWxp
bmcgc3BlY2lmaWNhdGlvbiBOT1QgaW5jbHVkZT88YnI+DQo8YnI+DQo8YnI+DQpfX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NCklkLWV2ZW50IG1haWxp
bmcgbGlzdDxicj4NCjxhIGhyZWY9Im1haWx0bzpJZC1ldmVudEBpZXRmLm9yZyI+SWQtZXZlbnRA
aWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQu
Y29tL3YyL3VybD91PWh0dHBzLTNBX193d3cuaWV0Zi4ub3JnX21haWxtYW5fbGlzdGluZm9faWQt
MkRldmVudCZhbXA7ZD1Ed0lDQWcmYW1wO2M9Um9QMVl1bUNYQ2dhV0h2bFpZUjhQWmg4QnY3cUly
TVVCNjVlYXBJX0puRSZhbXA7cj1uYTVGVnpCVFdtYW5xV055NERwY3R5WFBwdVlxUGtBSTFhTGNM
TjRLWk5BJmFtcDttPWhKRngtWjJpaDE4dVVOQ1hvc0FqdnlnSHFuMl9LMm10TnpxSWVqM0FoLWMm
YW1wO3M9MjhPV2U0MlMwYmc4WTJlbzNWVnpBQ2VTWW56Z2l5eWVYTGw3dFR1OWkxWSZhbXA7ZSI+
aHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX193d3cu
aWV0Zi4ub3JnX21haWxtYW5fbGlzdGluZm9faWQtMkRldmVudCZhbXA7ZD1Ed0lDQWcmYW1wO2M9
Um9QMVl1bUNYQ2dhV0h2bFpZUjhQWmg4QnY3cUlyTVVCNjVlYXBJX0puRSZhbXA7cj1uYTVGVnpC
VFdtYW5xV055NERwY3R5WFBwdVlxUGtBSTFhTGNMTjRLWk5BJmFtcDttPWhKRngtWjJpaDE4dVVO
Q1hvc0FqdnlnSHFuMl9LMm10TnpxSWVqM0FoLWMmYW1wO3M9MjhPV2U0MlMwYmc4WTJlbzNWVnpB
Q2VTWW56Z2l5eWVYTGw3dFR1OWkxWSZhbXA7ZTwvYT49PG86cD48L286cD48L3A+DQo8L2Rpdj4N
CjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpw
PiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_DM5PR00MB029324695FEA6EF07878D6E4F5810DM5PR00MB0293namp_--


From nobody Tue May  1 22:46:47 2018
Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FD3212D77C; Tue,  1 May 2018 22:46:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id urpS0vfw7xPJ; Tue,  1 May 2018 22:46:44 -0700 (PDT)
Received: from mail-pf0-x236.google.com (mail-pf0-x236.google.com [IPv6:2607:f8b0:400e:c00::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27FCA12D86A; Tue,  1 May 2018 22:46:44 -0700 (PDT)
Received: by mail-pf0-x236.google.com with SMTP id w129so5400699pfd.3; Tue, 01 May 2018 22:46:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=4ieRGvRZfMgeQU3Ds/YxPGuf2mQzYF+LRkBONT+2d5I=; b=BqYwCs7OjvvGWhnMJArELZ6NxuswOURO7bsETAN9vd4yddgoeM5mII/Gt/gejP4UKQ Q7YHj/c9MDnIngweZuD4j+GogRfkmoLWTnjwa8v/5K6PxHodEB6Y3X7VO3DbZXGcUEjw 7cTfeNW7XWB4FjDgMkM4PN0AjGTuKqvgDw3Vbk/qz2p+inWRyjjukFppu67dtHtBhv+N /7ZiZMgSRHe3yM2nh4n0ZB542uvb+E++un/bkoaWT8pvxJzOXMWuy8xEUNjBQ93ESUuz cTC7wOMVfPEgNL7/0q0OpEWH60HpnU4mOpIrFsvBXOFm9XTLfdquS1rkZrd6tM1DtPbB BqRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=4ieRGvRZfMgeQU3Ds/YxPGuf2mQzYF+LRkBONT+2d5I=; b=CTFahmZJMC3/IilAPLsXNI/ZSDegbcyshTeSPsejhdQEgBk0OjsjqypIdR5xmKKdMc lg6GZ9zsvTYwnkK0znyd42vKPlbGMJOyY+Aqr2tqTSMM5csoOhJaxrxjsm7vX8geBh2r IJ7N6UUXmlmsF0ygzKvkdNvV8XAcqJW1a070AxxhlyHR2aovK7NRHV5z9Q/Zo9SZPkNB 3ZBM8JzMEAOvndTDp7JF9bnXPpCRSss4VAJ3K5HySsw5ieBv3cpC2tkYcVCbDvx4PBxX PDEo2u0B9L1hhb//1n+1EpRgu2/Ne4t4zeFAHnBeVTCctcjcXcC/178MKl3FJ1NqSrCo ldIg==
X-Gm-Message-State: ALQs6tDRSvHWnrKvXJjAmktEavnvZPi1J7l+KkGDiIfMUoLj6gZ+MOZz Iw2ArLHf6FAh8J+owKBsS401YxiUZM58Yr48xk8ruQ==
X-Google-Smtp-Source: AB8JxZrMqi3lRm84C3gWQTPVxYJF1XpI/ixQZ0hGc55u77txBA+tUAc8/eIptZg9efhuOy6FB8aegTTAqXSGnsUhu5A=
X-Received: by 2002:a17:902:8345:: with SMTP id z5-v6mr18325304pln.311.1525240003187;  Tue, 01 May 2018 22:46:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.164.165 with HTTP; Tue, 1 May 2018 22:46:42 -0700 (PDT)
From: =?UTF-8?Q?Magnus_Nystr=C3=B6m?= <magnusn@gmail.com>
Date: Wed, 2 May 2018 01:46:42 -0400
Message-ID: <CADajj4a1TCqksCoUSWraM+H9Nft0nD5Mu9u38-u-c4jugUKTPQ@mail.gmail.com>
To: secdir@ietf.org, draft-ietf-httpbis-replay@ietf.org
Content-Type: multipart/alternative; boundary="00000000000096594f056b329c56"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/F6wstLoBb0ImY5LLjkQZvOQw_Ao>
Subject: [secdir] Secdir review of draft-ietf-httpbis-replay
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2018 05:46:46 -0000

--00000000000096594f056b329c56
Content-Type: text/plain; charset="UTF-8"

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document describes risk of using "early" (from a TLS 1.3 perspective)
data for HTTP and defines a mechanism for clients to communicate with
servers about such "early" data usage.

a) For the Early-data field processing, the memo states: "The "Early-Data"
header field is not intended for use by user agents (that is, the original
initiator of a request). ... A user agent that sends a request in early
data does not need to include the "Early-Data" header field " - would it
make sense to either forbid ("MUST NOT send the "Early-Data" header field)
or at least recommend against it ("SHOULD NOT send the Early-Data field")?

b) I am probably missing something here: "A server cannot make a request
that contains the Early-Data header field safe for processing by waiting
for the handshake to complete" - if the origin server always wait for
successful TLS handshake completion, why would it not be safe to process
the early data at that point?

Nits:
- Section 2, first sentence: Insert "data" after "application"
- In Section 3, step 3, it is stated that: "If the server receives multiple
requests in early data, it can determine whether to defer HTTP processing
on a per-request basis," however, in Section 4, it is stated that: "Note
that a server cannot choose to selectively reject early data at the TLS
layer. TLS only permits a server to accept all early data, or none of it" -
I guess this may be consistent (it will accept all data, but can
selectively defer processing), but it is a bit confusing.
- The attack in Section 4 is outlined as follows: "An attacker sends early
data to one server instance that accepts and processes the early data, but
allows that connection to proceed no further. The attacker then forwards
the same messages from the client to another server instance that will
reject early data. The client then retries the request, resulting in the
request being processed twice."
This seems a little convoluted - how would the attacker know, before the
client has sent the first message, that it is what the client will send? Is
the attacker's first message to a server instance intercepted from the
client? If so, suggest making that clear.

Thanks,
-- Magnus

--00000000000096594f056b329c56
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_quote"><div dir=3D"ltr">I have reviewe=
d this document as part of the security directorate&#39;s ongoing effort to=
 review all IETF documents being processed by the IESG. These comments were=
 written primarily for the benefit of the security area directors.=C2=A0 Do=
cument editors and WG chairs should treat these comments just like any othe=
r last call comments.<div dir=3D"ltr"><div class=3D"gmail_quote"><br>This d=
ocument describes risk of using &quot;early&quot; (from a TLS 1.3 perspecti=
ve) data for HTTP and defines a mechanism for clients to communicate with s=
ervers about such &quot;early&quot; data usage.
<pre></pre></div>a) For the Early-data field processing, the memo states: &=
quot;The &quot;Early-Data&quot; header field is not intended for use by use=
r agents   (that is, the original initiator of a request). ...  A user agen=
t that sends a request in early data does not need   to include the &quot;E=
arly-Data&quot; header field

&quot; - would it make sense to either forbid (&quot;MUST NOT send the &quo=
t;Early-Data&quot; header field) or at least recommend against it (&quot;SH=
OULD NOT send the Early-Data field&quot;)?<br><br></div><div>b) I am probab=
ly missing something here: &quot;A server cannot make a request that contai=
ns the Early-Data header   field safe for processing by waiting for the han=
dshake to complete&quot; - if the origin server always wait for successful =
TLS handshake completion, why would it not be safe to process the early dat=
a at that point?<br></div><div dir=3D"ltr"><div class=3D"gmail_quote"><br><=
/div><div class=3D"gmail_quote">Nits:<br></div><div class=3D"gmail_quote">-=
 Section 2, first sentence: Insert &quot;data&quot; after &quot;application=
&quot;<br></div><div class=3D"gmail_quote">- In Section 3, step 3, it is st=
ated that: &quot;If the server receives multiple requests in early data, it=
 can       determine whether to defer HTTP processing on a per-request     =
  basis,&quot; however, in Section 4, it is stated that: &quot;Note that a =
server cannot choose to selectively reject early data at   the TLS layer.  =
TLS only permits a server to accept all early data,   or none of it&quot; -=
 I guess this may be consistent (it will accept all data, but can selective=
ly defer processing), but it is a bit confusing.<br>- The attack in Section=
 4 is outlined as follows:
 &quot;An attacker sends early data to one server instance that   accepts a=
nd
 processes the early data, but allows that connection to   proceed no=20
further.  The attacker then forwards the same messages   from the client
 to another server instance that will reject early   data.  The client=20
then retries the request, resulting in the request   being processed twice.=
&quot;<br><div class=3D"gmail_quote"></div><div class=3D"gmail_quote">This
 seems a little convoluted - how would the attacker know, before the=20
client has sent the first message, that it is what the client will send?
 Is the attacker&#39;s first message to a server instance intercepted from=
=20
the client? If so, suggest making that clear. </div>

<br></div><div>Thanks, <br></div></div><div class=3D"gmail_extra"><div clas=
s=3D"m_5803520005825339968gmail_signature" data-smartmail=3D"gmail_signatur=
e">-- Magnus</div>
</div></div>
</div><br></div>

--00000000000096594f056b329c56--


From nobody Tue May  1 23:40:43 2018
Return-Path: <w@1wt.eu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 309C412D870; Tue,  1 May 2018 23:40:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZfnHnYZsZNpL; Tue,  1 May 2018 23:40:39 -0700 (PDT)
Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by ietfa.amsl.com (Postfix) with ESMTP id 80AE112D86D; Tue,  1 May 2018 23:40:38 -0700 (PDT)
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id w426eZ49012025; Wed, 2 May 2018 08:40:35 +0200
Date: Wed, 2 May 2018 08:40:35 +0200
From: Willy Tarreau <w@1wt.eu>
To: Magnus =?iso-8859-1?Q?Nystr=F6m?= <magnusn@gmail.com>
Cc: secdir@ietf.org, draft-ietf-httpbis-replay@ietf.org
Message-ID: <20180502064035.GA12016@1wt.eu>
References: <CADajj4a1TCqksCoUSWraM+H9Nft0nD5Mu9u38-u-c4jugUKTPQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CADajj4a1TCqksCoUSWraM+H9Nft0nD5Mu9u38-u-c4jugUKTPQ@mail.gmail.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/UTx7BmhPhf2BJ3s7ddASUCMDjjg>
Subject: Re: [secdir] Secdir review of draft-ietf-httpbis-replay
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2018 06:40:41 -0000

Hello Magnus,

first, thanks for your review.

I'm having a few responses to some of your questions below :

On Wed, May 02, 2018 at 01:46:42AM -0400, Magnus Nystr�m wrote:
> a) For the Early-data field processing, the memo states: "The "Early-Data"
> header field is not intended for use by user agents (that is, the original
> initiator of a request). ... A user agent that sends a request in early
> data does not need to include the "Early-Data" header field " - would it
> make sense to either forbid ("MUST NOT send the "Early-Data" header field)
> or at least recommend against it ("SHOULD NOT send the Early-Data field")?

Not necessarily, as we could expect that some clients could find some
benefit in doing so (for example, proxies implemented by chaining a
server and a client, using a standard client library, and indicating
their ability to replay a request by setting this field when they
received the initial request using early data). I'm not saying there
is a valid case in sight, however there doesn't appear to be any
downside in doing so, so we'd rather not prevent interesting use cases
from emerging.

> b) I am probably missing something here: "A server cannot make a request
> that contains the Early-Data header field safe for processing by waiting
> for the handshake to complete" - if the origin server always wait for
> successful TLS handshake completion, why would it not be safe to process
> the early data at that point?

No, because the request might have been received over early data by a
previous reverse proxy which itself uses TLS and early data to reach
the server. A typical use case will be a CDN frontend using early data
with the client and with the origin server. If the CDN presents an
Early-Data header field, the server knows that the request is unsafe
regardless of its own connection's state.

> Nits:
> - Section 2, first sentence: Insert "data" after "application"
> - In Section 3, step 3, it is stated that: "If the server receives multiple
> requests in early data, it can determine whether to defer HTTP processing
> on a per-request basis," however, in Section 4, it is stated that: "Note
> that a server cannot choose to selectively reject early data at the TLS
> layer. TLS only permits a server to accept all early data, or none of it" -
> I guess this may be consistent (it will accept all data, but can
> selectively defer processing), but it is a bit confusing.

Probably that we need to refine the wording. The point in section 3 was
to make it clear that early data may affect multiple requests (pipelining,
HTTP/2 multiplexing), and point 4 tries to clarify the fact that the TLS
layer provides you a data stream, part of which was received as early
data, and that the server has no choice but to consume them all or reject
them all.

> - The attack in Section 4 is outlined as follows: "An attacker sends early
> data to one server instance that accepts and processes the early data, but
> allows that connection to proceed no further. The attacker then forwards
> the same messages from the client to another server instance that will
> reject early data. The client then retries the request, resulting in the
> request being processed twice."
> This seems a little convoluted - how would the attacker know, before the
> client has sent the first message, that it is what the client will send? Is
> the attacker's first message to a server instance intercepted from the
> client? If so, suggest making that clear.

Indeed, that was based on intercepted and replayed traffic. With an
individual hat, I agree that the example is a bit conflated. But the
point here was mostly to expose the risks that could happen by lazy
implementations that would take some shortcuts (like automatically
retrying on timeout for a client or a server accepting to process
unsafe early-data requests).

Thanks,
Willy


From nobody Wed May  2 11:56:35 2018
Return-Path: <ietf@augustcellars.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60DC412DA11; Wed,  2 May 2018 11:56:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GeYRK19MCF0w; Wed,  2 May 2018 11:56:24 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7AC512DA1A; Wed,  2 May 2018 11:56:14 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Wed, 2 May 2018 11:52:38 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Daniel Migault' <daniel.migault@ericsson.com>, <secdir@ietf.org>
CC: <spasm@ietf.org>, <ietf@ietf.org>, <draft-ietf-lamps-rfc5751-bis.all@ietf.org>
References: <152485706488.6011.12980717250490137013@ietfa.amsl.com>
In-Reply-To: <152485706488.6011.12980717250490137013@ietfa.amsl.com>
Date: Wed, 2 May 2018 11:55:08 -0700
Message-ID: <052201d3e247$19431b20$4bc95160$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGKQIh8Fnl9XoAAnVF7fk1Lowwoi6SoQLLQ
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/duFSHZ61yX7LKkCzAvSu1xdRxYs>
Subject: Re: [secdir] Secdir last call review of draft-ietf-lamps-rfc5751-bis-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2018 18:56:27 -0000

I have published a -08 with these changes.

> -----Original Message-----
> From: Daniel Migault <daniel.migault@ericsson.com>
> Sent: Friday, April 27, 2018 12:24 PM
> To: secdir@ietf.org
> Cc: spasm@ietf.org; ietf@ietf.org; =
draft-ietf-lamps-rfc5751-bis.all@ietf.org
> Subject: Secdir last call review of draft-ietf-lamps-rfc5751-bis-07
>=20
> Reviewer: Daniel Migault
> Review result: Has Nits
>=20
> Hi,
>=20
>=20
> I have reviewed this document as part of the security directorate's =
ongoing
> effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security =
area
> directors.  Document editors and WG chairs should treat these comments
> just like any other last call comments.
>=20
> The summary of the review is Has Minor Nits
>=20
>=20
> Please find my comments while reading the draft.
>=20
> Yours,
>=20
> Daniel
>=20
>=20
> 1.  Introduction
>=20
> As a supplementary service, S/MIME provides for message
>    compression.
>=20
> maybe :
> As a supplementary service, S/MIME provides message
>    compression.
>=20

Done

>=20
> 1.3.  Conventions Used in This Document
>=20
> The term RSA in this document almost always refers to the PKCS#1 v1.5
>    RSA signature or encryption algorithms even when not qualified as
>    such.
>=20
> I am not sure format would not be more appropriated than algorithm, so
> maybe:
>=20
> The term RSA in this document almost always refers to the PKCS#1 v1.5
>    RSA signature or encryption *format* even when not qualified as
>    such.

Interesting observation.  In all of the work that I have ever done I =
have always referred to the difference between PKCS #v1.5 signature, =
PKCS #v1.5 encryption, OAEP, PSS and KEM and different encryption =
algorithms rather than just saying that the formats are different.  =
Saying format would make a degree of sense between the two different 1.5 =
algorithms, however if you compare v1.5 signature and PSS then more than =
just the format of the data can be thought of as being involved.

I don't think that this makes sense.
>=20
>=20
> 2.3.  KeyEncryptionAlgorithmIdentifier
>=20
> When ECDH ephemeral-static is used, a key wrap algorithm is also
>    specified in the KeyEncryptionAlgorithmIdentifier [RFC5652].  The
>    underlying encryption functions for the key wrap and content
>    encryption algorithm ([RFC3370] and [RFC3565]) and the key sizes =
for
>    the two algorithms MUST be the same (e.g., AES-128 key wrap =
algorithm
>    with AES-128 content encryption algorithm).
>=20
> I understand the recommendation for a sending agent, but it seems that
> additional text should be provided in order to describe the behavior =
of the
> receiver. I am wondering if the receiver is expected to reject the =
message or
> whether it should assume the associated protection is the least of the =
two.
> Maybe specifying this is only for sending agent may also clarify this.

This probably falls under the category of "I don't care", the object is =
to make sending agents do the right thing.  However, I have added test =
about security strengths for reciepents.

>=20
> 2.4.4.  AuthEnvelopedData Content Type
>=20
> This content type does not provide
>    authentication or non-repudiation.
>=20
> is a really helpful clarification ;-) Maybe it could be helpful to use =
the same
> formulation for section 2.4.2.  SignedData Content Type by
> replacing:
>=20
> Applying a
>    signature to a message provides authentication, message integrity,
>    and non-repudiation of origin.
>=20
>=20
> This content type provides provides authentication, message integrity, =
and
> non-repudiation of origin. A sender signs the message with its own =
private
> key and shares public part of it with the recipient to validate the =
signature.

I don't think this necessary for the other content types.  The problem =
is that many people think that AED algorithms automatically provide =
authentication.  There are some situations where this is true, but they =
are not met when doing S/MIME.

>=20
> 2.5.  Attributes and the SignerInfo Type
>=20
> It would probably ease the reading and clarifying the purpose of the
> SignerInfo's attribute. Typically, some of them might necessary to =
validate
> the received message, while others are informational in prevision of a
> response. This is clarified later in the document but could be =
introduced
> here. I also believe that would be good to also include that there is =
a
> bootstrapping issue that is solved by the compliance of the =
implementations
> in supporting the recommended algorithms.
>=20
> A reference to section 2.7 may be useful as this section clarifies how =
the
> sending agent uses these information - at least for the encryption.

I have added the following sentence to the first paragraph

These attributes can be required for processing of message (i.e. Message =
Digest), information the signer supplied (i.e. SMIME Capabilities) that =
should be processed, or attributes which are not relevant in the current =
situation (i.e. mlExpansionList <xref target=3D"RFC2634"/> for mail =
viewers).

I don't think a forward reference to 2.7 would be useful at this point.

>=20
> 2.5.1.  Signing Time Attribute
>=20
> The message originator has not been specified before, it may be good =
to
> clarify how it differs from the sender. It may also be good to specify =
how this
> value is being used - against replay attacks.  section 2.7.1 provides =
some
> indications of the expected usage of the signing time attribute but it =
seems
> more associated to the capabilities.

Replaced message originator with signer.

>=20
> 2.5.2.  SMIME Capabilities Attribute
>=20
> A client does not have to list every capability it
>    supports, and need not list all its capabilities so that the
>    capabilities list doesn't get too long.
>=20
> It might be worth providing a recommendation on what too long means,
> especially as a resulting list of capabilities is (expected) to be =
relatively short
> compared to the message itself - but I might be wrong.
> My reading of this attribute - and again I might be wrong - is that it =
would be
> useless if implementations would follow the cryptographic
> recommendations.  It is mostly useful to have non updated senders to
> received responses from up-to-date responders. In addition, this
> information is likely cached and as such may not be unnecessarily be
> repeated. Wouldn't a MAY be more appropriated ?

I don't really want to try and quantify what long means because for =
different clients it can mean different things.  In some considerations =
one could consider listing 3 encryption algorithms to be long while in =
other situations it might be 30 encryption algorithms that is too long.  =
If I want to send you a message and need to be sure that there is a =
common enabled language then 30 encryption algorrithms is better.  On =
the other hand trying to figure out a common algorithm for a message =
going to 100 recipients where each has a different set of algorithms and =
in a different ranking order and come up with the best one means even 3 =
can feel really long.

The problem is not byte count as even 30 items at 10 bytes apiece is =
only 300 bytes which relative to the rest of a signed MIME message is =
pretty small.  The problem is the question of how to make a decision and =
the parameters are different based on how that algorithm is implemented.

While the information can be cached, I don't know that it can be assured =
to be cached.  Additionally this might put a greater burden on the =
sender as it would need to know if the current configuration has been =
sent to a recipient.  It is easier to just always send the list.  =
However I cannot see that there is any requirements on the document on =
having sending the attribute just on receiving it.


>=20
> Note also that while we have some cryptographic recommendations for =
RSA,
> I would have expected a table summarizing the cryptographic
> recommendations with other algorithms than RSA.

I don't know that adding a table is going to be useful.  Much of this =
information is not really designed to be put into a table unless you are =
going to footnote the heck out of it which kind of defeats the process.  =
This information is scattered through out the document, but it tries to =
be in the right place for a specific field.

>=20
> 2.5.3.  Encryption Key Preference Attribute
>=20
>  This attribute is designed to
>    enhance behavior for interoperating with those clients that use
>    separate keys for encryption and signing.
>=20
> Maybe that would be good to position this attribute versus the =
keyusage
> when certificate are used to split the usage of each keys. I am =
wondering if a
> recommendation could be state on whether one or both means should be
> used and if one overwrite the other.  A preference may still be useful =
to
> indicate a preference when multiple keys for a given role are =
available. Is key
> management a relevant usage for preference ?
>=20
> I understand that Signing Time is being used to update the preferred
> keys as one way to performed key roll over.

While there is some similarity between key usage and this attribute, the =
attribute is more general and allows for things which are not =
necessarily mentioned here.  As an example, one could send different =
certificates with different algorithms or key sizes and express a =
preference on which certificate to use.  It may be that the names =
between the signing certificate and encryption key certificate are not =
the same, in that case which should be used.    I think that this is =
covered in the introduction and a reference to key usage is not really =
helpful.

>=20
>=20
> 3.1.  Preparing the MIME Entity for Signing, Enveloping, or =
Compressing
>=20
>  A MIME entity can be a sub-
>    part, sub-parts of a message, or the whole message with all its =
sub-
>    parts.
>=20
> I am wondering if "a subpart, many subparts or ..." would not be =
clearer.

I don't see this as being clearer.

>=20
> I understand that "message" in the first paragraph is used as the MIME
> message and in other words, the message is not designating the mail. I =
am
> reading message as MIME multi-part message and the MIME entities as a
> subset of MIME headers and parts of MIME multi-part message. Similarly
> MIME body would be the MIME multi-part message.  Is that correct ? I
> believe the terminology paragraph could be clarified.

There is no requirement that message be multi-part, it could be a =
single-part message such as text/plain.  However that is generally =
correct.  How do you believe that the text can be clarified.  Specific =
text would be helpful.

>=20
>=20
>  It is
>    RECOMMENDED that a distinction be made between the location of the
>    header.
>=20
> I believe the purpose is to make a distinction between "protected" and
> 'unprotected' to the end user. I would thus keep this distinction even =
though
> this translates into 'inner' / 'outer'.

The problem of how to do this has been a topic of many discussions =
without ever getting to a conclusion.  One of the problems is that =
protected can mean some different things depending on how you protect =
the headers.  For example, one could have a multipart/mixed message with =
two sections each of which consists of an encrypted message.  If each of =
those has different protected headers in them then, while the difference =
between inner and outer makes sense as that is part of the tree =
structure, which set of protected headers now needs to be dealt with.

>=20
>=20
> 3.3.  Creating an Enveloped-Only Message
>=20
>=20
> A sample message would be:
>=20
>    Content-Type: application/pkcs7-mime; name=3Dsmime.p7m;
>            smime-type=3Denveloped-data
>=20
> Shouldn't we use an OID instead of data for the example ?

I don't know what you are trying to ask here. =20

>=20
>=20
>=20
> 3.4.  Creating an Authenticated Enveloped-Only Message
>=20
> I believe the word "proof" is missing.
>=20
>  It is important to note that
>    sending authenticated enveloped messages does not provide for
>    origination when using S/MIME.
>=20
> Maybe we should specify that this is especially true when multiple =
recipients
> are involved.

done

>=20
> 3.5.3.  Signing Using the multipart/signed Format
>=20
>  The first part contains
>    the MIME entity that is signed; the second part contains the
>    "detached signature" CMS SignedData object in which the
>    encapContentInfo eContent field is absent.
>=20
> I believe it would be good to specify parts are ordered as this is not =
always
> the case of parts. What is unclear to me is why the second part is =
separated
> by a boundary usually used to separate parts. It seems boundary can =
also be
> used as boundary inside a part which seems to make part parsing =
harder.

The order is part of the definition of multipart/signed.

In the definition of multipart/*, the rules require that the boundary =
string not exist within any of the different child body parts.  This =
means that it can be used to uniquely distinguish the boundaries.

>=20
>=20
>=20
> 3.5.3.2.  Creating a multipart/signed Message
>=20
>     Algorithm Value Used
>     MD5       md5
>     SHA-1     sha-1
>     SHA-224   sha-224
>     SHA-256   sha-256
>     SHA-384   sha-384
>     SHA-512   sha-512
>     Any other (defined separately in algorithm profile or "unknown" if
>               not defined)
>=20
>=20
> Should we have any recommendations on the hash algorithm to be used by
> sender / receivers ? Is that possible to deprecate MD5, SHA-1 and
> SHA-224 for senders ?

The recommendations on which algorithms to use is part of the signature =
algorithm recommendations.  This is a different table and removing items =
would be potentially harmful.=20

>=20
>=20
> 3.7.  Multiple Operations
>=20
> Would it be recommended to have signed clear text than encrypted and
> then signed encrypted  ? This seems to address all security concerns.

There are a large number of security concerns that have been uncovered =
with each of the different orders of operations.  Part of the question =
is going to be what concern are you trying to address and what are the =
informal rules about this.  I don't think at this point we can really =
give an order, however RFC 2634 does have some guidance.

>=20
> 3.9.  Registration Requests
>=20
> Should we mention DANE rfc8162 as a way to register you public key ?

I don't think so, we don=E2=80=99t ever talk about how to find keys in =
the document.

>=20
> 4.  Certificate Processing
>=20
> EdDSA Signatures recommendations for curve25519 and curve448 seems to
> be missing in the key pair generating , signature section. Are there =
any
> reasons not to consider these curves ?
>=20
> May be useful to have the following references:
> [1] =
https://datatracker.ietf.org/doc/draft-ietf-curdle-cms-eddsa-signatures/
> [2] https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix/

Should have had [1] as a reference, the reference was there but not the =
pointer to it.
The second would be referenced in rfc5750-bis not here.

>=20
> 6.  Security Considerations
>=20
> I am wondering if any considerations should be provided for data at =
rest.
> Does the email needs to be archived encrypted or not and whether =
S/MIME
> can be used to store encrypted content. I believe that email should =
not be
> stored encrypted and as such S/MIME is only intended to
> protect mails in transit....  but I might be wrong.

I believe you to be wrong.  There are no problems w/ using S/MIME as a =
data at rest protection scheme.  The question of storing messages as =
encrypted or not is something that different clients have dealt with in =
different ways.  The client I use leaves things encrypted which I =
consider to be the correct answer.

>=20
> As a general comment I would have like a table that summarizes or =
explicitly
> mention what crypto is recommended for encrypting / signing.
> RSA is being discussed, but ECDSA EdDSA, ECDH, hash... are not. I =
believe
> such tables should be updated regularly to deprecate  and introduce =
new
> algorithms while leaving S/MIME unchanged.

To do this would require that the algorithms be maintained in a separate =
document.  As above, I don't think a separate table adds to clarity as =
it duplicates information and would be hard to write.

>=20
> There are a lot of double space in the text.
>=20


Jim



From nobody Wed May  2 17:01:27 2018
Return-Path: <ietf@augustcellars.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4441126DED; Wed,  2 May 2018 17:01:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7hQ7tR_OfoNr; Wed,  2 May 2018 17:01:23 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94E46126BF6; Wed,  2 May 2018 17:01:23 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Wed, 2 May 2018 16:58:44 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Matthew Miller' <linuxwolf+ietf@outer-planes.net>, <secdir@ietf.org>
CC: <spasm@ietf.org>, <draft-ietf-lamps-rfc5750-bis.all@ietf.org>, <ietf@ietf.org>
References: <152432458128.20660.6956595430755199355@ietfa.amsl.com>
In-Reply-To: <152432458128.20660.6956595430755199355@ietfa.amsl.com>
Date: Wed, 2 May 2018 17:01:14 -0700
Message-ID: <054301d3e271$dc22db10$94689130$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIiXucpxcMduUMNivilcG+pvhU0KKOAJOiA
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/2z7lMyZYSM0gBrOecaFLXbLSeJ4>
Subject: Re: [secdir] Secdir last call review of draft-ietf-lamps-rfc5750-bis-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2018 00:01:26 -0000

> -----Original Message-----
> From: Matthew Miller <linuxwolf+ietf@outer-planes.net>
> Sent: Saturday, April 21, 2018 8:30 AM
> To: secdir@ietf.org
> Cc: spasm@ietf.org; draft-ietf-lamps-rfc5750-bis.all@ietf.org; =
ietf@ietf.org
> Subject: Secdir last call review of draft-ietf-lamps-rfc5750-bis-05
>=20
> Reviewer: Matthew Miller
> Review result: Has Nits
>=20
> I have reviewed this document as part of the security directorate's =
ongoing
> effort to review all IETF documents being processed by the IESG.  =
These
> comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments
> just like any other last call comments.
>=20
> Document: draft-ietf-lamps-rfc5750-bis-05
> Reviewer: Matthew A. Miller
> Review Date: 2018-04-21
> IETF LC End Date: 2018-04-27
> IESG Telechat date: N/A
>=20
> Summary:
>=20
> This document is ready, but there is one nit around PKCS #6 handling =
that
> might benefit from explanation.
>=20
> This document describes the certificate handling expectations for =
senders
> and receivers of S/MIME 4.0.  It obsoletes RFC 5750, adding =
requirements to
> support internationalized email addresses, increase RSA minimum key =
sizes,
> and support ECDSA using P-256 and Ed25519; older algorithms such as =
DSA,
> MD5, and SHA-1 are relegated to historical.
>=20
> Major Issues: N/A
>=20
> Minor Issues: N/A
>=20
> Nits:
>=20
> Section 2.2.1. "Historical Note about CMS Certificates" is almost =
entired
> unchanged, but added a requirement that receivers MUST be able to =
process
> PCKS #6 extended certificates.  This almost seems at odds with the =
rest of
> the paragraph that precedes this MUST, noting PKCS #6 has little use =
and
> PKIX is functionally equivalent.
> A short explanation of why this additional handling requirement would =
seem
> helpful.

How about the following which is just a description of what we are =
looking for in terms of behavior.

   Receiving agents MUST be able to parser and process a message =
containing PKCS #6 extended certificates although ignoring those =
certificates is expected behavior.




From nobody Wed May  2 18:51:50 2018
Return-Path: <martin.thomson@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9F9812D77B; Wed,  2 May 2018 18:51:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level: 
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g0bObDjrCawP; Wed,  2 May 2018 18:51:44 -0700 (PDT)
Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17507127599; Wed,  2 May 2018 18:51:44 -0700 (PDT)
Received: by mail-oi0-x231.google.com with SMTP id a6-v6so14755676oia.2; Wed, 02 May 2018 18:51:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hpdUd5PIphGcuTbHTBxkFuVaAjWcT2y0Yt4r2Vy1/0k=; b=k6ozn14GRJxmASVztdX7nydw5EYmDep30IuGjvQn3+CT3OCWTYbGPAtTLwVEn0DUSU y67WtdArltaFhFkcQHBPX0JPaHsgMArHmTrSakWkR/5PzseipJ+GP/QFeon2MK7LcJ3X xXCgbKsDwjFenTR+IIRJwgYMvKUiKkm/L5D84i3ElyVfjKSs+e2ZSJWoi9jCHJhNWYXq HBrsXZs2DTSnu84s+IHDKB2KkCtDUN+aI40ytPxaUIW2pmf959cz3uOiVqclLCyJ65T1 solwuj0SLbppvvutKvg8je0jKzkHo8QX2hLW4VpQIFsoochDm7j87SFMhc7Npdx/wk7Q IZ9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hpdUd5PIphGcuTbHTBxkFuVaAjWcT2y0Yt4r2Vy1/0k=; b=JfHwUKc4M6ltePfYZacji0PYsZsBK2uR2Vnjr/I7VA+X6cLN+x6En6a/MfKkHEV13t tBb35pp2gSdHIwqE+AVnoFM0nbloVeDyGNGIeUJa1eMJXpOcsHU+HA/yZ49+PsuEuLbp /9Ph4OLaKYLk3o5yLipf+VEkquQIUxiJQjdiLAH0YFrz8ORmpecWWy4RQlFLyPMoip6X tNckfSR7sHccKqpj5sPQtIZjR8vYjx49/po6v+fuXn3aKgB7PhSh5y5UgEzGb1WYa61T hB+zKrIhxpeXDT50O9X/W6JX9FQdpD07ORARZCJDqdd5fymwEtQmWsWkWfPmphhz8kw/ hF+Q==
X-Gm-Message-State: ALQs6tC7NKAwkeH1LkuCcDrLV+gIwxtQcQ+3unOgIsbqffVn59aXwwLK UPrgRlKUnvM9Ndfnv/0WgbyY0M8NFPyBCQnZBfc=
X-Google-Smtp-Source: AB8JxZpalFxY4EoBCmVA8gU57rODAGGa7iAwvUFt2TleteGTK6lbMArw1bjQlnTfoHDEudYYeNdtUi6AlvBZ6Ps4Xj4=
X-Received: by 2002:aca:ebd4:: with SMTP id j203-v6mr14518268oih.110.1525312303267;  Wed, 02 May 2018 18:51:43 -0700 (PDT)
MIME-Version: 1.0
References: <CADajj4a1TCqksCoUSWraM+H9Nft0nD5Mu9u38-u-c4jugUKTPQ@mail.gmail.com> <20180502064035.GA12016@1wt.eu>
In-Reply-To: <20180502064035.GA12016@1wt.eu>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 03 May 2018 01:51:32 +0000
Message-ID: <CABkgnnVRX3ZkSE=fxsRUvCOyV8VT3cG2kAMVtf6X85DGGkB3fw@mail.gmail.com>
To: Willy Tarreau <w@1wt.eu>
Cc: =?UTF-8?Q?Magnus_Nystr=C3=B6m?= <magnusn@gmail.com>, secdir@ietf.org,  draft-ietf-httpbis-replay@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/cvVqvJvYHvjEuXM7L-D5e3f1Or8>
Subject: Re: [secdir] Secdir review of draft-ietf-httpbis-replay
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2018 01:51:49 -0000

Yes, thanks Magnus,

I think that Willy answered the primary concerns.  I'm not sure that there
is anything actionable in those, but if you have a suggestion for
improvement, that would be appreciated.

> > - Section 2, first sentence: Insert "data" after "application"

This is fixed in the editor's copy (long story there, but the draft you
reviewed was *slightly* out of date).

> > - In Section 3, step 3, it is stated that: "If the server receives
multiple
> > requests in early data, it can determine whether to defer HTTP
processing
> > on a per-request basis," however, in Section 4, it is stated that: "Note
> > that a server cannot choose to selectively reject early data at the TLS
> > layer. TLS only permits a server to accept all early data, or none of
it" -
> > I guess this may be consistent (it will accept all data, but can
> > selectively defer processing), but it is a bit confusing.

> Probably that we need to refine the wording. The point in section 3 was
> to make it clear that early data may affect multiple requests (pipelining,
> HTTP/2 multiplexing), and point 4 tries to clarify the fact that the TLS
> layer provides you a data stream, part of which was received as early
> data, and that the server has no choice but to consume them all or reject
> them all.

When I went to look at this, I noticed that we don't really explain that
rejecting 0-RTT is possible.  That's an important option, even if it is
pretty severely limited.

So I added that:
    2.  The server can reject early data.  A server cannot selectively
        reject early data, so this results in all requests sent in early
        data being discarded.

Full change at: https://github.com/httpwg/http-extensions/pull/602

In doing so, I think that the context needed to interpret step 3 (now step
4) is available.

> > - The attack in Section 4 is outlined as follows: "An attacker sends
early
> > data to one server instance that accepts and processes the early data,
but
> > allows that connection to proceed no further. The attacker then forwards
> > the same messages from the client to another server instance that will
> > reject early data. The client then retries the request, resulting in the
> > request being processed twice."
> > This seems a little convoluted - how would the attacker know, before the
> > client has sent the first message, that it is what the client will
send? Is
> > the attacker's first message to a server instance intercepted from the
> > client? If so, suggest making that clear.

> Indeed, that was based on intercepted and replayed traffic. With an
> individual hat, I agree that the example is a bit conflated. But the
> point here was mostly to expose the risks that could happen by lazy
> implementations that would take some shortcuts (like automatically
> retrying on timeout for a client or a server accepting to process
> unsafe early-data requests).

Yeah, maybe this alternative is better:
    Automatic retry creates the potential for a replay attack.  An
    attacker intercepts a connection that uses early data and copies the
    early data to another server instance.  The second server instance
    accepts and processes the early data.  The attacker then allows the
    original connection to complete.  Even if the early data is detected
    as a duplicate and rejected, the first server instance might allow
    the connection to complete.  If the client then retries requests that
    were sent in early data, the request will be processed twice.

Details at: https://github.com/httpwg/http-extensions/pull/603


From nobody Wed May  2 21:10:54 2018
Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65E5212D7F2; Wed,  2 May 2018 21:10:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level: 
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 875TgVLhAbk9; Wed,  2 May 2018 21:10:51 -0700 (PDT)
Received: from mail-pf0-x22c.google.com (mail-pf0-x22c.google.com [IPv6:2607:f8b0:400e:c00::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17DE5120727; Wed,  2 May 2018 21:10:51 -0700 (PDT)
Received: by mail-pf0-x22c.google.com with SMTP id j5so13611565pfh.2; Wed, 02 May 2018 21:10:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CfeEerq54o+Ghl/QoAckUmQSa+89mRBWTza3+oQMz6I=; b=VzmSGmlae86xJFbYczXKIDctp90TY+clznEydle7RGanNE9KbliuVVihc8XiPhiJqk UVvWolahysSwxZPJ01t4gWtzZ8BtPJGb0BRmnFjpSiEU76ruet+vRJhsYtdCaDZVcHep p+jBHqJPJDuYGrlEfI988F5v3kPBhRBoeDi+P4QQ0UAIBfgDK7pYg8f4PVz6YQc34v61 PwRcw1o3EfVJ1GYL48wDxRdJh7JFR6GDyMa+m7xe8LMrv3XlkF7MedLgK2mjhOTmEpfY b2ahHVt6wQTig+RH5dpGh2W8eWmzSPqF6/HjYAI6TwwQMkwpol9ZYo6xzBfbdGzxuSQP OsIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CfeEerq54o+Ghl/QoAckUmQSa+89mRBWTza3+oQMz6I=; b=IyEOO2rI7WMcsx9pmEYVbZsr14i0Rz8KYdzVA+Mu1VENV44Crex0B5gKXec6YOfHj4 m2AMmAdkp6+eZEO99kKz7BJF+ZdV74Gzy8+v/zEQt52Qt3nS30PXd2PMc8WzZyIynaFm k57fvdllalgOuMhO/QM4wPNCc7TzZW9z5PNnAqFBRqc6MZE5IgTNrFXlDrZUSSGi9usD Bd7F5LI3/ow4Q+HbU4XPIySTY6gqhII40CVRI/8HCBYmHaBkY/dPNj7kcfPlzMxpO8yd /Eq38jnXnQh9JhTdxEYgeLOXkO9r1VQ3xstsY3Fkbe3/Tz1P60m2ZjoQ0Z9eXxMvncqc VKDg==
X-Gm-Message-State: ALQs6tAjH7zBAulkzVwb4ow/n9nQoJj9EEWMJHzZu46yNGlCElLy15ji 1wYKSeAPzZ6WM9xh0UoaHN6xA7hi7iwIsOWSFNw=
X-Google-Smtp-Source: AB8JxZopwVn1JHGn0FdlpQf1AM9om+jzDzIRiOi25A81hLJeKmHzLRhgEd1nRuxbQMPU/suHoV8x1hmTPxry2S/F3ng=
X-Received: by 2002:a17:902:1e3:: with SMTP id b90-v6mr21942092plb.273.1525320650611;  Wed, 02 May 2018 21:10:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.164.165 with HTTP; Wed, 2 May 2018 21:10:50 -0700 (PDT)
In-Reply-To: <CABkgnnVRX3ZkSE=fxsRUvCOyV8VT3cG2kAMVtf6X85DGGkB3fw@mail.gmail.com>
References: <CADajj4a1TCqksCoUSWraM+H9Nft0nD5Mu9u38-u-c4jugUKTPQ@mail.gmail.com> <20180502064035.GA12016@1wt.eu> <CABkgnnVRX3ZkSE=fxsRUvCOyV8VT3cG2kAMVtf6X85DGGkB3fw@mail.gmail.com>
From: =?UTF-8?Q?Magnus_Nystr=C3=B6m?= <magnusn@gmail.com>
Date: Wed, 2 May 2018 21:10:50 -0700
Message-ID: <CADajj4Z6+ZYf1XAHADq_tcykv2gkpTWC0VwN6xRju176WgVJ2Q@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Willy Tarreau <w@1wt.eu>, secdir@ietf.org, draft-ietf-httpbis-replay@ietf.org
Content-Type: multipart/alternative; boundary="0000000000008c61a3056b456304"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/-TL10oNeuzfW_d5DhV6VGwzkiRw>
Subject: Re: [secdir] Secdir review of draft-ietf-httpbis-replay
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2018 04:10:53 -0000

--0000000000008c61a3056b456304
Content-Type: text/plain; charset="UTF-8"

Yes Martin, I think all of those changes are improvements - thanks for
considering!

/M

On Wed, May 2, 2018 at 6:51 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> Yes, thanks Magnus,
>
> I think that Willy answered the primary concerns.  I'm not sure that there
> is anything actionable in those, but if you have a suggestion for
> improvement, that would be appreciated.
>
> > > - Section 2, first sentence: Insert "data" after "application"
>
> This is fixed in the editor's copy (long story there, but the draft you
> reviewed was *slightly* out of date).
>
> > > - In Section 3, step 3, it is stated that: "If the server receives
> multiple
> > > requests in early data, it can determine whether to defer HTTP
> processing
> > > on a per-request basis," however, in Section 4, it is stated that:
> "Note
> > > that a server cannot choose to selectively reject early data at the TLS
> > > layer. TLS only permits a server to accept all early data, or none of
> it" -
> > > I guess this may be consistent (it will accept all data, but can
> > > selectively defer processing), but it is a bit confusing.
>
> > Probably that we need to refine the wording. The point in section 3 was
> > to make it clear that early data may affect multiple requests
> (pipelining,
> > HTTP/2 multiplexing), and point 4 tries to clarify the fact that the TLS
> > layer provides you a data stream, part of which was received as early
> > data, and that the server has no choice but to consume them all or reject
> > them all.
>
> When I went to look at this, I noticed that we don't really explain that
> rejecting 0-RTT is possible.  That's an important option, even if it is
> pretty severely limited.
>
> So I added that:
>     2.  The server can reject early data.  A server cannot selectively
>         reject early data, so this results in all requests sent in early
>         data being discarded.
>
> Full change at: https://github.com/httpwg/http-extensions/pull/602
>
> In doing so, I think that the context needed to interpret step 3 (now step
> 4) is available.
>
> > > - The attack in Section 4 is outlined as follows: "An attacker sends
> early
> > > data to one server instance that accepts and processes the early data,
> but
> > > allows that connection to proceed no further. The attacker then
> forwards
> > > the same messages from the client to another server instance that will
> > > reject early data. The client then retries the request, resulting in
> the
> > > request being processed twice."
> > > This seems a little convoluted - how would the attacker know, before
> the
> > > client has sent the first message, that it is what the client will
> send? Is
> > > the attacker's first message to a server instance intercepted from the
> > > client? If so, suggest making that clear.
>
> > Indeed, that was based on intercepted and replayed traffic. With an
> > individual hat, I agree that the example is a bit conflated. But the
> > point here was mostly to expose the risks that could happen by lazy
> > implementations that would take some shortcuts (like automatically
> > retrying on timeout for a client or a server accepting to process
> > unsafe early-data requests).
>
> Yeah, maybe this alternative is better:
>     Automatic retry creates the potential for a replay attack.  An
>     attacker intercepts a connection that uses early data and copies the
>     early data to another server instance.  The second server instance
>     accepts and processes the early data.  The attacker then allows the
>     original connection to complete.  Even if the early data is detected
>     as a duplicate and rejected, the first server instance might allow
>     the connection to complete.  If the client then retries requests that
>     were sent in early data, the request will be processed twice.
>
> Details at: https://github.com/httpwg/http-extensions/pull/603
>



-- 
-- Magnus

--0000000000008c61a3056b456304
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Yes Martin, I think all of those changes are improvem=
ents - thanks for considering!<br><br></div>/M<br></div><div class=3D"gmail=
_extra"><br><div class=3D"gmail_quote">On Wed, May 2, 2018 at 6:51 PM, Mart=
in Thomson <span dir=3D"ltr">&lt;<a href=3D"mailto:martin.thomson@gmail.com=
" target=3D"_blank">martin.thomson@gmail.com</a>&gt;</span> wrote:<br><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #cc=
c solid;padding-left:1ex">Yes, thanks Magnus,<br>
<br>
I think that Willy answered the primary concerns.=C2=A0 I&#39;m not sure th=
at there<br>
is anything actionable in those, but if you have a suggestion for<br>
improvement, that would be appreciated.<br>
<span class=3D""><br>
&gt; &gt; - Section 2, first sentence: Insert &quot;data&quot; after &quot;=
application&quot;<br>
<br>
</span>This is fixed in the editor&#39;s copy (long story there, but the dr=
aft you<br>
reviewed was *slightly* out of date).<br>
<span class=3D""><br>
&gt; &gt; - In Section 3, step 3, it is stated that: &quot;If the server re=
ceives<br>
multiple<br>
&gt; &gt; requests in early data, it can determine whether to defer HTTP<br=
>
processing<br>
&gt; &gt; on a per-request basis,&quot; however, in Section 4, it is stated=
 that: &quot;Note<br>
&gt; &gt; that a server cannot choose to selectively reject early data at t=
he TLS<br>
&gt; &gt; layer. TLS only permits a server to accept all early data, or non=
e of<br>
it&quot; -<br>
&gt; &gt; I guess this may be consistent (it will accept all data, but can<=
br>
&gt; &gt; selectively defer processing), but it is a bit confusing.<br>
<br>
&gt; Probably that we need to refine the wording. The point in section 3 wa=
s<br>
&gt; to make it clear that early data may affect multiple requests (pipelin=
ing,<br>
&gt; HTTP/2 multiplexing), and point 4 tries to clarify the fact that the T=
LS<br>
&gt; layer provides you a data stream, part of which was received as early<=
br>
&gt; data, and that the server has no choice but to consume them all or rej=
ect<br>
&gt; them all.<br>
<br>
</span>When I went to look at this, I noticed that we don&#39;t really expl=
ain that<br>
rejecting 0-RTT is possible.=C2=A0 That&#39;s an important option, even if =
it is<br>
pretty severely limited.<br>
<br>
So I added that:<br>
=C2=A0 =C2=A0 2.=C2=A0 The server can reject early data.=C2=A0 A server can=
not selectively<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 reject early data, so this results in all reque=
sts sent in early<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 data being discarded.<br>
<br>
Full change at: <a href=3D"https://github.com/httpwg/http-extensions/pull/6=
02" rel=3D"noreferrer" target=3D"_blank">https://github.com/httpwg/<wbr>htt=
p-extensions/pull/602</a><br>
<br>
In doing so, I think that the context needed to interpret step 3 (now step<=
br>
4) is available.<br>
<span class=3D""><br>
&gt; &gt; - The attack in Section 4 is outlined as follows: &quot;An attack=
er sends<br>
early<br>
&gt; &gt; data to one server instance that accepts and processes the early =
data,<br>
but<br>
&gt; &gt; allows that connection to proceed no further. The attacker then f=
orwards<br>
&gt; &gt; the same messages from the client to another server instance that=
 will<br>
&gt; &gt; reject early data. The client then retries the request, resulting=
 in the<br>
&gt; &gt; request being processed twice.&quot;<br>
&gt; &gt; This seems a little convoluted - how would the attacker know, bef=
ore the<br>
&gt; &gt; client has sent the first message, that it is what the client wil=
l<br>
send? Is<br>
&gt; &gt; the attacker&#39;s first message to a server instance intercepted=
 from the<br>
&gt; &gt; client? If so, suggest making that clear.<br>
<br>
&gt; Indeed, that was based on intercepted and replayed traffic. With an<br=
>
&gt; individual hat, I agree that the example is a bit conflated. But the<b=
r>
&gt; point here was mostly to expose the risks that could happen by lazy<br=
>
&gt; implementations that would take some shortcuts (like automatically<br>
&gt; retrying on timeout for a client or a server accepting to process<br>
&gt; unsafe early-data requests).<br>
<br>
</span>Yeah, maybe this alternative is better:<br>
=C2=A0 =C2=A0 Automatic retry creates the potential for a replay attack.=C2=
=A0 An<br>
=C2=A0 =C2=A0 attacker intercepts a connection that uses early data and cop=
ies the<br>
=C2=A0 =C2=A0 early data to another server instance.=C2=A0 The second serve=
r instance<br>
=C2=A0 =C2=A0 accepts and processes the early data.=C2=A0 The attacker then=
 allows the<br>
=C2=A0 =C2=A0 original connection to complete.=C2=A0 Even if the early data=
 is detected<br>
=C2=A0 =C2=A0 as a duplicate and rejected, the first server instance might =
allow<br>
=C2=A0 =C2=A0 the connection to complete.=C2=A0 If the client then retries =
requests that<br>
=C2=A0 =C2=A0 were sent in early data, the request will be processed twice.=
<br>
<br>
Details at: <a href=3D"https://github.com/httpwg/http-extensions/pull/603" =
rel=3D"noreferrer" target=3D"_blank">https://github.com/httpwg/<wbr>http-ex=
tensions/pull/603</a><br>
</blockquote></div><br><br clear=3D"all"><br>-- <br><div class=3D"gmail_sig=
nature" data-smartmail=3D"gmail_signature">-- Magnus</div>
</div>

--0000000000008c61a3056b456304--


From nobody Thu May  3 13:10:45 2018
Return-Path: <ekr@rtfm.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2C4312EACF for <secdir@ietfa.amsl.com>; Thu,  3 May 2018 13:10:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level: 
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EI83JvpRZcLd for <secdir@ietfa.amsl.com>; Thu,  3 May 2018 13:10:28 -0700 (PDT)
Received: from mail-ot0-x22e.google.com (mail-ot0-x22e.google.com [IPv6:2607:f8b0:4003:c0f::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3937B12EAC0 for <secdir@ietf.org>; Thu,  3 May 2018 13:10:25 -0700 (PDT)
Received: by mail-ot0-x22e.google.com with SMTP id y10-v6so22061766otg.10 for <secdir@ietf.org>; Thu, 03 May 2018 13:10:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ifwy6LmQHSiPe6ZARXCskgT/4cOQH+5uPxlycgYbG1A=; b=TvIfYLvkkNx1iZXuus/isyicn+g4n3c3XCwBD5S+5INeB9nHW5ucbgkomhHl78g5MR xzG1du7vLt4y/PS5y/J+H8BzQ4Jgu/p2RKSrJvy22G6AJbR9+wL8s3/gjEF/9a7yBUHI xDgt6dTZbbpb7N+9szbHj4mthG0tII4maIFq7Sb87De1PGQuWOqzkQEoCRiAv8vEliYc pEO8JNy6YtsyyDzdvYOdxusoNGz4YXLzdoE1gqxolEOatk4Ha27H5ocBsICtv4YpK7Rw 1OEFdn2YbCOvBVGofiEDGLfyiC2SfRYO+gQ75RxNjSSrJJA5ZnNhy+WWsaA81/RdNRYg RZxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ifwy6LmQHSiPe6ZARXCskgT/4cOQH+5uPxlycgYbG1A=; b=VLG7eWHEVcH9ROkUyiO9Iz0Wet1XzIu+ZuVfofElSlmgO4klK48MWZ79QpRXHxent9 bB0+BbAieqT9LmGRzr4o7AX/gKHRhGO0MoUCnwItHsarkrfPhelZN5OH8htyEH7yp465 W+GdbU7wFGN/pxDftdhTuqPZhKFB0GaMZFp0eFNZI2MkxQnqbQuksDE33NycS7Ze1u5B 16AuPSSUl0YkiXR4N7DULRLmHb6CY7Vu5jhoCTxNrRMM9brHiIf99SOfsDaXoq2YAvj+ jhZ4CZlycx0WMHCayNjsVfXCZC+ozzKqKjykpTKAQTaDljVRrhysdBL+g8OpMV4xvv9Z kmXQ==
X-Gm-Message-State: ALQs6tAA7zBepdp32TYKwrL9Uw2x87xDg26gTk2tKIgSgihUx8VM2jMA EhP641eAs0tPFHZQi4IiOcXZutgLTHXUTf5y9zk3yQ==
X-Google-Smtp-Source: AB8JxZrJBqPpgNK0wOv4Zy6HNYPfdlz9AAK9xXn0e4k7fp3c6R5GHgMdMHj/Qo4OthspUdKppR2EF1f3tTKqv0F1Bnk=
X-Received: by 2002:a9d:72c6:: with SMTP id d6-v6mr4674037otk.392.1525378224556;  Thu, 03 May 2018 13:10:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.201.118.130 with HTTP; Thu, 3 May 2018 13:09:43 -0700 (PDT)
In-Reply-To: <054301d3e271$dc22db10$94689130$@augustcellars.com>
References: <152432458128.20660.6956595430755199355@ietfa.amsl.com> <054301d3e271$dc22db10$94689130$@augustcellars.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 3 May 2018 13:09:43 -0700
Message-ID: <CABcZeBPFmDfOH3bhZXeo+1rytZVm47COa8n-x=oSTuzjjHH-ag@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: Matthew Miller <linuxwolf+ietf@outer-planes.net>, secdir@ietf.org,  SPASM <spasm@ietf.org>, draft-ietf-lamps-rfc5750-bis.all@ietf.org,  IETF discussion list <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000391e5f056b52cb77"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/YXWP7Cumu1FPOPHExrgiWtMmacY>
Subject: Re: [secdir] Secdir last call review of draft-ietf-lamps-rfc5750-bis-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2018 20:10:30 -0000

--000000000000391e5f056b52cb77
Content-Type: text/plain; charset="UTF-8"

probably "parse" not "parser"


On Wed, May 2, 2018 at 5:01 PM, Jim Schaad <ietf@augustcellars.com> wrote:

>
>
> > -----Original Message-----
> > From: Matthew Miller <linuxwolf+ietf@outer-planes.net>
> > Sent: Saturday, April 21, 2018 8:30 AM
> > To: secdir@ietf.org
> > Cc: spasm@ietf.org; draft-ietf-lamps-rfc5750-bis.all@ietf.org;
> ietf@ietf.org
> > Subject: Secdir last call review of draft-ietf-lamps-rfc5750-bis-05
> >
> > Reviewer: Matthew Miller
> > Review result: Has Nits
> >
> > I have reviewed this document as part of the security directorate's
> ongoing
> > effort to review all IETF documents being processed by the IESG.  These
> > comments were written primarily for the benefit of the security area
> > directors.  Document editors and WG chairs should treat these comments
> > just like any other last call comments.
> >
> > Document: draft-ietf-lamps-rfc5750-bis-05
> > Reviewer: Matthew A. Miller
> > Review Date: 2018-04-21
> > IETF LC End Date: 2018-04-27
> > IESG Telechat date: N/A
> >
> > Summary:
> >
> > This document is ready, but there is one nit around PKCS #6 handling that
> > might benefit from explanation.
> >
> > This document describes the certificate handling expectations for senders
> > and receivers of S/MIME 4.0.  It obsoletes RFC 5750, adding requirements
> to
> > support internationalized email addresses, increase RSA minimum key
> sizes,
> > and support ECDSA using P-256 and Ed25519; older algorithms such as DSA,
> > MD5, and SHA-1 are relegated to historical.
> >
> > Major Issues: N/A
> >
> > Minor Issues: N/A
> >
> > Nits:
> >
> > Section 2.2.1. "Historical Note about CMS Certificates" is almost entired
> > unchanged, but added a requirement that receivers MUST be able to process
> > PCKS #6 extended certificates.  This almost seems at odds with the rest
> of
> > the paragraph that precedes this MUST, noting PKCS #6 has little use and
> > PKIX is functionally equivalent.
> > A short explanation of why this additional handling requirement would
> seem
> > helpful.
>
> How about the following which is just a description of what we are looking
> for in terms of behavior.
>
>    Receiving agents MUST be able to parser and process a message
> containing PKCS #6 extended certificates although ignoring those
> certificates is expected behavior.
>
>
>
>

--000000000000391e5f056b52cb77
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>probably &quot;parse&quot; not &quot;parser&quot;</di=
v><div><br></div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_q=
uote">On Wed, May 2, 2018 at 5:01 PM, Jim Schaad <span dir=3D"ltr">&lt;<a h=
ref=3D"mailto:ietf@augustcellars.com" target=3D"_blank">ietf@augustcellars.=
com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"mar=
gin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=3D"=
"><br>
<br>
&gt; -----Original Message-----<br>
&gt; From: Matthew Miller &lt;<a href=3D"mailto:linuxwolf%2Bietf@outer-plan=
es.net">linuxwolf+ietf@outer-planes.<wbr>net</a>&gt;<br>
&gt; Sent: Saturday, April 21, 2018 8:30 AM<br>
&gt; To: <a href=3D"mailto:secdir@ietf.org">secdir@ietf.org</a><br>
&gt; Cc: <a href=3D"mailto:spasm@ietf.org">spasm@ietf.org</a>; <a href=3D"m=
ailto:draft-ietf-lamps-rfc5750-bis.all@ietf.org">draft-ietf-lamps-rfc5750-b=
is.<wbr>all@ietf.org</a>; <a href=3D"mailto:ietf@ietf.org">ietf@ietf.org</a=
><br>
&gt; Subject: Secdir last call review of draft-ietf-lamps-rfc5750-bis-<wbr>=
05<br>
&gt; <br>
</span><div><div class=3D"h5">&gt; Reviewer: Matthew Miller<br>
&gt; Review result: Has Nits<br>
&gt; <br>
&gt; I have reviewed this document as part of the security directorate&#39;=
s ongoing<br>
&gt; effort to review all IETF documents being processed by the IESG.=C2=A0=
 These<br>
&gt; comments were written primarily for the benefit of the security area<b=
r>
&gt; directors.=C2=A0 Document editors and WG chairs should treat these com=
ments<br>
&gt; just like any other last call comments.<br>
&gt; <br>
&gt; Document: draft-ietf-lamps-rfc5750-bis-<wbr>05<br>
&gt; Reviewer: Matthew A. Miller<br>
&gt; Review Date: 2018-04-21<br>
&gt; IETF LC End Date: 2018-04-27<br>
&gt; IESG Telechat date: N/A<br>
&gt; <br>
&gt; Summary:<br>
&gt; <br>
&gt; This document is ready, but there is one nit around PKCS #6 handling t=
hat<br>
&gt; might benefit from explanation.<br>
&gt; <br>
&gt; This document describes the certificate handling expectations for send=
ers<br>
&gt; and receivers of S/MIME 4.0.=C2=A0 It obsoletes RFC 5750, adding requi=
rements to<br>
&gt; support internationalized email addresses, increase RSA minimum key si=
zes,<br>
&gt; and support ECDSA using P-256 and Ed25519; older algorithms such as DS=
A,<br>
&gt; MD5, and SHA-1 are relegated to historical.<br>
&gt; <br>
&gt; Major Issues: N/A<br>
&gt; <br>
&gt; Minor Issues: N/A<br>
&gt; <br>
&gt; Nits:<br>
&gt; <br>
&gt; Section 2.2.1. &quot;Historical Note about CMS Certificates&quot; is a=
lmost entired<br>
&gt; unchanged, but added a requirement that receivers MUST be able to proc=
ess<br>
&gt; PCKS #6 extended certificates.=C2=A0 This almost seems at odds with th=
e rest of<br>
&gt; the paragraph that precedes this MUST, noting PKCS #6 has little use a=
nd<br>
&gt; PKIX is functionally equivalent.<br>
&gt; A short explanation of why this additional handling requirement would =
seem<br>
&gt; helpful.<br>
<br>
</div></div>How about the following which is just a description of what we =
are looking for in terms of behavior.<br>
<br>
=C2=A0 =C2=A0Receiving agents MUST be able to parser and process a message =
containing PKCS #6 extended certificates although ignoring those certificat=
es is expected behavior.<br>
<br>
<br>
<br>
</blockquote></div><br></div>

--000000000000391e5f056b52cb77--


From nobody Thu May  3 13:55:33 2018
Return-Path: <ietf@augustcellars.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5985126CC7; Thu,  3 May 2018 13:55:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level: 
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rff_k7FD2UMI; Thu,  3 May 2018 13:55:26 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A1A51201F2; Thu,  3 May 2018 13:55:26 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Thu, 3 May 2018 13:52:49 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Eric Rescorla' <ekr@rtfm.com>
CC: 'Matthew Miller' <linuxwolf+ietf@outer-planes.net>, <secdir@ietf.org>, 'SPASM' <spasm@ietf.org>, <draft-ietf-lamps-rfc5750-bis.all@ietf.org>, 'IETF discussion list' <ietf@ietf.org>
References: <152432458128.20660.6956595430755199355@ietfa.amsl.com> <054301d3e271$dc22db10$94689130$@augustcellars.com> <CABcZeBPFmDfOH3bhZXeo+1rytZVm47COa8n-x=oSTuzjjHH-ag@mail.gmail.com>
In-Reply-To: <CABcZeBPFmDfOH3bhZXeo+1rytZVm47COa8n-x=oSTuzjjHH-ag@mail.gmail.com>
Date: Thu, 3 May 2018 13:55:20 -0700
Message-ID: <05b801d3e321$0e2a8590$2a7f90b0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_05B9_01D3E2E6.61CE6CB0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIiXucpxcMduUMNivilcG+pvhU0KAJBwpJPAYBUCgejY3OCgA==
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Bz9r-b8-a-VKUb24KK17UDge5fo>
Subject: Re: [secdir] Secdir last call review of draft-ietf-lamps-rfc5750-bis-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2018 20:55:32 -0000

------=_NextPart_000_05B9_01D3E2E6.61CE6CB0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

It was spelled correctly =E2=80=93 yes done locally.

=20

From: Eric Rescorla <ekr@rtfm.com>=20
Sent: Thursday, May 3, 2018 1:10 PM
To: Jim Schaad <ietf@augustcellars.com>
Cc: Matthew Miller <linuxwolf+ietf@outer-planes.net>; secdir@ietf.org; =
SPASM <spasm@ietf.org>; draft-ietf-lamps-rfc5750-bis.all@ietf.org; IETF =
discussion list <ietf@ietf.org>
Subject: Re: Secdir last call review of draft-ietf-lamps-rfc5750-bis-05

=20

probably "parse" not "parser"

=20

=20

On Wed, May 2, 2018 at 5:01 PM, Jim Schaad <ietf@augustcellars.com =
<mailto:ietf@augustcellars.com> > wrote:



> -----Original Message-----
> From: Matthew Miller <linuxwolf+ietf@outer-planes.net =
<mailto:linuxwolf%2Bietf@outer-planes.net> >
> Sent: Saturday, April 21, 2018 8:30 AM
> To: secdir@ietf.org <mailto:secdir@ietf.org>=20
> Cc: spasm@ietf.org <mailto:spasm@ietf.org> ; =
draft-ietf-lamps-rfc5750-bis.all@ietf.org =
<mailto:draft-ietf-lamps-rfc5750-bis.all@ietf.org> ; ietf@ietf.org =
<mailto:ietf@ietf.org>=20
> Subject: Secdir last call review of draft-ietf-lamps-rfc5750-bis-05
>=20

> Reviewer: Matthew Miller
> Review result: Has Nits
>=20
> I have reviewed this document as part of the security directorate's =
ongoing
> effort to review all IETF documents being processed by the IESG.  =
These
> comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments
> just like any other last call comments.
>=20
> Document: draft-ietf-lamps-rfc5750-bis-05
> Reviewer: Matthew A. Miller
> Review Date: 2018-04-21
> IETF LC End Date: 2018-04-27
> IESG Telechat date: N/A
>=20
> Summary:
>=20
> This document is ready, but there is one nit around PKCS #6 handling =
that
> might benefit from explanation.
>=20
> This document describes the certificate handling expectations for =
senders
> and receivers of S/MIME 4.0.  It obsoletes RFC 5750, adding =
requirements to
> support internationalized email addresses, increase RSA minimum key =
sizes,
> and support ECDSA using P-256 and Ed25519; older algorithms such as =
DSA,
> MD5, and SHA-1 are relegated to historical.
>=20
> Major Issues: N/A
>=20
> Minor Issues: N/A
>=20
> Nits:
>=20
> Section 2.2.1. "Historical Note about CMS Certificates" is almost =
entired
> unchanged, but added a requirement that receivers MUST be able to =
process
> PCKS #6 extended certificates.  This almost seems at odds with the =
rest of
> the paragraph that precedes this MUST, noting PKCS #6 has little use =
and
> PKIX is functionally equivalent.
> A short explanation of why this additional handling requirement would =
seem
> helpful.

How about the following which is just a description of what we are =
looking for in terms of behavior.

   Receiving agents MUST be able to parser and process a message =
containing PKCS #6 extended certificates although ignoring those =
certificates is expected behavior.




=20


------=_NextPart_000_05B9_01D3E2E6.61CE6CB0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta =
http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8"><meta =
name=3DGenerator content=3D"Microsoft Word 15 (filtered =
medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
	{mso-style-name:msonormal;
	mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue =
vlink=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal>It was =
spelled correctly =E2=80=93 yes done locally.<o:p></o:p></p><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><div =
style=3D'border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in =
4.0pt'><div><div style=3D'border:none;border-top:solid #E1E1E1 =
1.0pt;padding:3.0pt 0in 0in 0in'><p class=3DMsoNormal><b>From:</b> Eric =
Rescorla &lt;ekr@rtfm.com&gt; <br><b>Sent:</b> Thursday, May 3, 2018 =
1:10 PM<br><b>To:</b> Jim Schaad =
&lt;ietf@augustcellars.com&gt;<br><b>Cc:</b> Matthew Miller =
&lt;linuxwolf+ietf@outer-planes.net&gt;; secdir@ietf.org; SPASM =
&lt;spasm@ietf.org&gt;; draft-ietf-lamps-rfc5750-bis.all@ietf.org; IETF =
discussion list &lt;ietf@ietf.org&gt;<br><b>Subject:</b> Re: Secdir last =
call review of =
draft-ietf-lamps-rfc5750-bis-05<o:p></o:p></p></div></div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><div><div><p =
class=3DMsoNormal>probably &quot;parse&quot; not =
&quot;parser&quot;<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><div><p class=3DMsoNormal>On Wed, =
May 2, 2018 at 5:01 PM, Jim Schaad &lt;<a =
href=3D"mailto:ietf@augustcellars.com" =
target=3D"_blank">ietf@augustcellars.com</a>&gt; =
wrote:<o:p></o:p></p><blockquote style=3D'border:none;border-left:solid =
#CCCCCC 1.0pt;padding:0in 0in 0in =
6.0pt;margin-left:4.8pt;margin-right:0in'><p =
class=3DMsoNormal><br><br>&gt; -----Original Message-----<br>&gt; From: =
Matthew Miller &lt;<a =
href=3D"mailto:linuxwolf%2Bietf@outer-planes.net">linuxwolf+ietf@outer-pl=
anes.net</a>&gt;<br>&gt; Sent: Saturday, April 21, 2018 8:30 AM<br>&gt; =
To: <a href=3D"mailto:secdir@ietf.org">secdir@ietf.org</a><br>&gt; Cc: =
<a href=3D"mailto:spasm@ietf.org">spasm@ietf.org</a>; <a =
href=3D"mailto:draft-ietf-lamps-rfc5750-bis.all@ietf.org">draft-ietf-lamp=
s-rfc5750-bis.all@ietf.org</a>; <a =
href=3D"mailto:ietf@ietf.org">ietf@ietf.org</a><br>&gt; Subject: Secdir =
last call review of draft-ietf-lamps-rfc5750-bis-05<br>&gt; =
<o:p></o:p></p><div><div><p class=3DMsoNormal =
style=3D'margin-bottom:12.0pt'>&gt; Reviewer: Matthew Miller<br>&gt; =
Review result: Has Nits<br>&gt; <br>&gt; I have reviewed this document =
as part of the security directorate's ongoing<br>&gt; effort to review =
all IETF documents being processed by the IESG.&nbsp; These<br>&gt; =
comments were written primarily for the benefit of the security =
area<br>&gt; directors.&nbsp; Document editors and WG chairs should =
treat these comments<br>&gt; just like any other last call =
comments.<br>&gt; <br>&gt; Document: =
draft-ietf-lamps-rfc5750-bis-05<br>&gt; Reviewer: Matthew A. =
Miller<br>&gt; Review Date: 2018-04-21<br>&gt; IETF LC End Date: =
2018-04-27<br>&gt; IESG Telechat date: N/A<br>&gt; <br>&gt; =
Summary:<br>&gt; <br>&gt; This document is ready, but there is one nit =
around PKCS #6 handling that<br>&gt; might benefit from =
explanation.<br>&gt; <br>&gt; This document describes the certificate =
handling expectations for senders<br>&gt; and receivers of S/MIME =
4.0.&nbsp; It obsoletes RFC 5750, adding requirements to<br>&gt; support =
internationalized email addresses, increase RSA minimum key =
sizes,<br>&gt; and support ECDSA using P-256 and Ed25519; older =
algorithms such as DSA,<br>&gt; MD5, and SHA-1 are relegated to =
historical.<br>&gt; <br>&gt; Major Issues: N/A<br>&gt; <br>&gt; Minor =
Issues: N/A<br>&gt; <br>&gt; Nits:<br>&gt; <br>&gt; Section 2.2.1. =
&quot;Historical Note about CMS Certificates&quot; is almost =
entired<br>&gt; unchanged, but added a requirement that receivers MUST =
be able to process<br>&gt; PCKS #6 extended certificates.&nbsp; This =
almost seems at odds with the rest of<br>&gt; the paragraph that =
precedes this MUST, noting PKCS #6 has little use and<br>&gt; PKIX is =
functionally equivalent.<br>&gt; A short explanation of why this =
additional handling requirement would seem<br>&gt; =
helpful.<o:p></o:p></p></div></div><p class=3DMsoNormal =
style=3D'margin-bottom:12.0pt'>How about the following which is just a =
description of what we are looking for in terms of =
behavior.<br><br>&nbsp; &nbsp;Receiving agents MUST be able to parser =
and process a message containing PKCS #6 extended certificates although =
ignoring those certificates is expected =
behavior.<br><br><br><o:p></o:p></p></blockquote></div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div></div></div></body></html>
------=_NextPart_000_05B9_01D3E2E6.61CE6CB0--


From nobody Thu May  3 16:21:12 2018
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 228C212DA05 for <secdir@ietf.org>; Thu,  3 May 2018 16:21:10 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Tero Kivinen <kivinen@iki.fi>
To: <secdir@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.79.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-to: secdir-secretary@mit.edu
Message-ID: <152538967009.11628.6604643164030690036.idtracker@ietfa.amsl.com>
Date: Thu, 03 May 2018 16:21:10 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/WcagPOBee1YiR31OQMWwIdH3slU>
Subject: [secdir] Assignments
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2018 23:21:10 -0000

Review instructions and related resources are at:
http://tools.ietf.org/area/sec/trac/wiki/SecDirReview

For telechat 2018-05-10

Reviewer               LC end     Draft
Tobias Gondrom         2018-03-12 draft-ietf-tokbind-https-14
Leif Johansson        R2018-02-26 draft-ietf-homenet-babel-profile-06
Barry Leiba            2018-04-10 draft-ietf-bess-evpn-prefix-advertisement-10

For telechat 2018-05-24

Reviewer               LC end     Draft
Radia Perlman          2018-04-20 draft-ietf-ccamp-microwave-framework-05
Tina Tsou              2018-02-26 draft-ietf-softwire-dslite-yang-15

Last calls:

Reviewer               LC end     Draft
John Bradley           2018-04-18 draft-ietf-acme-acme-12
Daniel Gillmor         2018-03-19 draft-gutmann-scep-10
Russ Mundy             2017-09-14 draft-spinosa-urn-lex-12
Sandra Murphy          2018-04-24 draft-ietf-mmusic-sdp-simulcast-12
Vincent Roca           2018-05-21 draft-hakala-urn-nbn-rfc3188bis-00
Kyle Rose              2018-05-10 draft-ietf-extra-imap-status-size-01
Joseph Salowey         2018-05-16 draft-ietf-payload-rtp-vc2hq-05
Stefan Santesson       2018-05-14 draft-ietf-extra-specialuse-important-03
Yaron Sheffer          2018-05-14 draft-ietf-extra-imap-list-myrights-05

Early review requests:

Reviewer               Due        Draft
Daniel Franke          2018-01-31 draft-ietf-intarea-provisioning-domains-00
Ólafur Guðmundsson     2018-01-09 draft-ietf-opsawg-nat-yang-09
Dan Harkins            2018-05-31 draft-ietf-dtn-bpsec-06

Next in the reviewer rotation:

  Melinda Shore
  Robert Sparks
  Takeshi Takahashi
  Tina Tsou
  Sean Turner
  Carl Wallace
  David Waltermire
  Samuel Weiler
  Brian Weis
  Klaas Wierenga


From nobody Thu May  3 23:32:59 2018
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 68773127078; Thu,  3 May 2018 23:32:46 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: <secdir@ietf.org>
Cc: extra@ietf.org, ietf@ietf.org, draft-ietf-extra-imap-list-myrights.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.79.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152541556631.11734.11664621461529219097@ietfa.amsl.com>
Date: Thu, 03 May 2018 23:32:46 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/FqHHl7_x01YsA2paOpvNk2XJq3w>
Subject: [secdir] Secdir last call review of draft-ietf-extra-imap-list-myrights-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 06:32:46 -0000

Reviewer: Yaron Sheffer
Review result: Has Nits

The document defines a simple extension to the IMAP LIST command.

- LSUB is mentioned in the Introduction, but then never mentioned again. Is the
extension applicable to it?

- The document does not formally define the syntax of the MYRIGHTS response.
Presumably it is exactly as in RFC 4314.

- The document should refer to the security considerations of RFC 4314.
Specifically, does the first paragraph of those security considerations also
apply here?


From nobody Fri May  4 06:52:02 2018
Return-Path: <barryleiba@computer.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2366D12D7F0; Fri,  4 May 2018 06:51:48 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Barry Leiba <barryleiba@computer.org>
To: <secdir@ietf.org>
Cc: draft-ietf-bess-evpn-prefix-advertisement.all@ietf.org, ietf@ietf.org, bess@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.79.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152544190809.11693.11790094151278701234@ietfa.amsl.com>
Date: Fri, 04 May 2018 06:51:48 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/f0b2kDDR21zQa5LlawDzQLmQE2o>
Subject: [secdir] Secdir last call review of draft-ietf-bess-evpn-prefix-advertisement-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 13:51:48 -0000

Reviewer: Barry Leiba
Review result: Has Issues

The "issues" I call out below are minor, and if the working group thinks they
aren't worth dealing with, I'll not be offended nor lose any sleep.

— Section 1 —
I’m sure that all these terms are defined in the normative references, and ’tis
a small thing, but it would sure help a non-expert reader if this list of terms
included, for each term, a citation to the RFC that defines it.  I hope you’ll
consider adding that; thanks.

[Follow-up; I finally found “Tenant System” defined in RFC 7365, which is not
in your references at all.  Please don’t make your readers work that hard, and
please consider beefing up the references and citations to definitions.]

— Section 2.1 —

   If the term Tenant System (TS) is used to designate a physical or
   virtual system identified by MAC and maybe IP addresses, and
   connected to a BD by an Attachment Circuit, the following
   considerations apply:

I find the wording “if the term Tenant System is used” to be odd.  Are you
really saying (maybe you are) that the application of the considerations
depends on whether or not we *call* it a Tenant System?  Or whether or not it
*is* a Tenant System?  From the definition I found for “Tenant System” I can
see that maybe this can go either way.  But if we’re talking about the latter,
I’d use wording more like, “The following considerations apply to Tenant
Systems (TS) that are physical or virtual systems identified by MAC and maybe
IP addresses and connected to BDs by Attachment Circuits:” (cast as plural,
because the considerations use plurals).


— Section 3.1 —

I initially couldn’t figure out, as I was reading this, how you’d know whether
you’re dealing with v4 or v6 addresses, and, therefore, how to interpret the
lengths of the IP Prefix and GW IP Address fields.  I finally got to it seven
bullets down, where you say, “The total route length will indicate the type of
prefix”.    Maybe someone already expert in this would find this OK, but to me
it was too much work to sort it out, when I think it could be made clearer like
this:

NEW
   An IP Prefix Route Type for IPv4 has the Length field set to 34
   and consists of the following fields:

    +---------------------------------------+
    |      RD   (8 octets)                  |
    +---------------------------------------+
    |Ethernet Segment Identifier (10 octets)|
    +---------------------------------------+
    |  Ethernet Tag ID (4 octets)           |
    +---------------------------------------+
    |  IP Prefix Length (1 octet, 0 to 32)  |
    +---------------------------------------+
    |  IP Prefix (4 octets)                 |
    +---------------------------------------+
    |  GW IP Address (4 octets)             |
    +---------------------------------------+
    |  MPLS Label (3 octets)                |
    +---------------------------------------+

   An IP Prefix Route Type for IPv6 has the Length field set to 58
   and consists of the following fields:

    +---------------------------------------+
    |      RD   (8 octets)                  |
    +---------------------------------------+
    |Ethernet Segment Identifier (10 octets)|
    +---------------------------------------+
    |  Ethernet Tag ID (4 octets)           |
    +---------------------------------------+
    |  IP Prefix Length (1 octet, 0 to 128) |
    +---------------------------------------+
    |  IP Prefix (16 octets)                |
    +---------------------------------------+
    |  GW IP Address (16 octets)            |
    +---------------------------------------+
    |  MPLS Label (3 octets)                |
    +---------------------------------------+

   The total route length will indicate the type of IP Prefix (34 for
   IPv4 or 58 for IPv6) and the type of GW IP Address. The IP Prefix
   and GW IP Address are always both IPv4 or both IPv6; mixing the
   two is not allowed.

   […and then follow with the explanations of the fields…]
END

Do you agree that that makes things clearer?

— Section 3.2 —

   o If either the ESI or GW IP are non-zero, then one of them is the
     Overlay Index, regardless of whether the Router's MAC Extended
     Community is present or the value of the Label.

Should that say “then the non-zero one is the Overlay Index”?



From nobody Fri May  4 08:49:46 2018
Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33F5712D7EC; Fri,  4 May 2018 08:49:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=SI0chm2A; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=nRa4iGtA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jPcteMsO2CN; Fri,  4 May 2018 08:49:29 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90ECF127136; Fri,  4 May 2018 08:49:26 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id E3063217B2; Fri,  4 May 2018 11:49:25 -0400 (EDT)
Received: from web5 ([10.202.2.215]) by compute7.internal (MEProxy); Fri, 04 May 2018 11:49:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=q/72lhqG6r8khFZs5WiVuNsJG8+zC cMKVFe/CqG+X/c=; b=SI0chm2AUM/H3bbFJaYmAJTf/gARKsulk3ssNHGsVJgCX c/CUFopC7ew+VuvZ9UT/7wY+bsqzy8b3GLDa6oB0GTUlyd4PwFk2gmwrwxCtzORs vpWGlCH4cj0XqTd5+GGu0nqD1ewS87K7p31VzqFPncL67AKVVqHhmzcFsU6906jx eVtgwlLxavYdInW7mtEEg9MJqXua6bl7o5S3a30D1YraXfsHSfI6HgQ78Shr+vHE 9xSk5MCHP4hjH7JNXSC0yz4z7cr1c6cwHgx45Ygczkg9/KxngOHs9XPyvIHrOuCu aEO94unzd2BZm22kWqfy5jMb5V9Pp45SBQ6DkbQ2w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=q/72lh qG6r8khFZs5WiVuNsJG8+zCcMKVFe/CqG+X/c=; b=nRa4iGtA63/vEaOUHRY08l pWcFgS6roBq2mER04/Hnfljsbl9kDDX1Bo4yu6K3G9W7/XH22Y+YQy0oSenyKXeD vAHjQFwYG2x/XYxg8EWPNTfNmLBotlSFtR6EQFmbAZ4clOtwDZweCQ0sDmw5Rwmb JmXzVsL70FqeGxC6sEMw/mhmiUD8C29gVgvHAYxpoJmYBigo82VUJSAfBg9mLe4M AGlVF9I462QsJBZdssekMSt0GxrmIPpMMuvQVrh5CRrlsRC3TPanezFcEREiddXi I3dLbeC+coaL9lapHU9UuOsqycHcCFc4GSByuhgm87izwQc3xEHi4mwwMmpio65A ==
X-ME-Sender: <xms:BYHsWseN3i3gUfCqdEEA09vj7kQ228XNB3IpfaJvf51XJVkERv9nOw>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id BB68D9E0F7; Fri,  4 May 2018 11:49:25 -0400 (EDT)
Message-Id: <1525448965.3201091.1361023856.2CDEF98E@webmail.messagingengine.com>
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, secdir@ietf.org
Cc: extra@ietf.org, ietf@ietf.org, draft-ietf-extra-imap-list-myrights.all@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-62b61488
References: <152541556631.11734.11664621461529219097@ietfa.amsl.com>
In-Reply-To: <152541556631.11734.11664621461529219097@ietfa.amsl.com>
Date: Fri, 04 May 2018 16:49:25 +0100
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/MjLdSomGd32lTSVi2XhSnQlmrgc>
Subject: Re: [secdir] Secdir last call review of draft-ietf-extra-imap-list-myrights-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 15:49:31 -0000

Hi Yaron,

On Fri, May 4, 2018, at 7:32 AM, Yaron Sheffer wrote:
> Reviewer: Yaron Sheffer
> Review result: Has Nits
> 
> The document defines a simple extension to the IMAP LIST command.
> 
> - LSUB is mentioned in the Introduction, but then never mentioned again. Is the
> extension applicable to it?

No, LSUB is a non extensible version, which was replaced by extended LIST.

> - The document does not formally define the syntax of the MYRIGHTS response.
> Presumably it is exactly as in RFC 4314.

Correct.

> - The document should refer to the security considerations of RFC 4314.
> Specifically, does the first paragraph of those security considerations also
> apply here?

Good point, it does.

Best Regards,
Alexey


From nobody Sat May  5 19:52:37 2018
Return-Path: <krose@krose.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A3AC127337; Sat,  5 May 2018 19:52:23 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Kyle Rose <krose@krose.org>
To: <secdir@ietf.org>
Cc: extra@ietf.org, draft-ietf-extra-imap-status-size.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.79.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152557514304.26644.17260351667976658025@ietfa.amsl.com>
Date: Sat, 05 May 2018 19:52:23 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/AtfMoKtNElNZpRhj98bEb6ePyDo>
Subject: [secdir] Secdir last call review of draft-ietf-extra-imap-status-size-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 May 2018 02:52:23 -0000

Reviewer: Kyle Rose
Review result: Ready

There are no non-trivial security implications of this protocol change.


From nobody Sun May  6 21:14:18 2018
Return-Path: <housley@vigilsec.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4621912704A for <secdir@ietfa.amsl.com>; Sun,  6 May 2018 21:14:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0bcEllTJteQn for <secdir@ietfa.amsl.com>; Sun,  6 May 2018 21:14:09 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC4D31270A7 for <secdir@ietf.org>; Sun,  6 May 2018 21:14:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 7AE70300A26 for <secdir@ietf.org>; Mon,  7 May 2018 00:14:07 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id eCl_0dkVdlaA for <secdir@ietf.org>; Mon,  7 May 2018 00:14:06 -0400 (EDT)
Received: from [172.20.1.136] (h39.7.140.40.ip.windstream.net [40.140.7.39]) by mail.smeinc.net (Postfix) with ESMTPSA id 47A27300435; Mon,  7 May 2018 00:14:05 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <152424742315.3484.7625515486296411114@ietfa.amsl.com>
Date: Mon, 7 May 2018 00:14:10 -0400
Cc: draft-ietf-secevent-token.all@ietf.org, IETF <ietf@ietf.org>, id-event@ietf.org
Content-Transfer-Encoding: 7bit
Message-Id: <607C4253-4F88-4BD2-9AAC-37D52BEB7DC0@vigilsec.com>
References: <152424742315.3484.7625515486296411114@ietfa.amsl.com>
To: IETF SecDir <secdir@ietf.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/VhWY-5L3SAVoBUPbE8jQAUUc5SY>
Subject: Re: [secdir] Secdir last call review of draft-ietf-secevent-token-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2018 04:14:12 -0000

The updated draft (-10) resolves my concern.

Thanks,
  Russ

> On Apr 20, 2018, at 2:03 PM, Russ Housley <housley@vigilsec.com> wrote:
> 
> Reviewer: Russ Housley
> Review result: Has Issues
> 
> I reviewed this document as part of the Security Directorate's ongoing
> effort to review all IETF documents being processed by the IESG.  These
> comments were written primarily for the benefit of the Security Area
> Directors.  Document authors, document editors, and WG chairs should
> treat these comments just like any other IETF Last Call comments.
> 
> Document: draft-ietf-secevent-token-09
> Reviewer: Russ Housley
> Review Date: 2018-04-20
> IETF LC End Date: unknown
> IESG Telechat date: 2018-05-10
> 
> Summary: Has Issues
> 
> Major Concerns
> 
> I do not understand the first paragraph of Section 3.  I made this
> comment on version -07, and some words were added, but I still do
> not understand this paragraph.  I think you are trying to impose some
> rules on future specifications that use SET to define events.  Let me
> ask a couple of questions that may help.  I understand that a
> profiling specification MUST specify the syntax and semantics for a
> collection of security event tokens, including the claims and payloads
> that are expected.  What MUST a profiling specification include?  What
> MUST a profiling specification NOT include?


From nobody Sun May  6 23:48:19 2018
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19A061270B4; Sun,  6 May 2018 23:48:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjWiZxTc2gZy; Sun,  6 May 2018 23:48:16 -0700 (PDT)
Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E30F126D0C; Sun,  6 May 2018 23:48:16 -0700 (PDT)
Received: by mail-it0-x22b.google.com with SMTP id c5-v6so10219849itj.1; Sun, 06 May 2018 23:48:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=QEJiHxzQ4vsnIgkYFKk94b0Z1AfoxAbm70aiQ06Jxuw=; b=DCtBmV2iRbLPaEMSKpFETgppn6FSG8aReMsD2+GED/HtdJAhnYkbaNK6/3MFbKdMIB PgMhucQyR+2kUqkCotqiDbZ5RVwd8ipF+P1WJNabjTV+75x1FybVhQ7ViaeK/Afd/1Q8 C1IBzOVk07WS5FBWVqqt5o2K257Am40UemT2jFwHka6IGhBxNLvL9AM/ioX8nT4mV9xC vAkNt6eRALbTBcJWcFMDhXqh6zKY4gSegz01HttIs1M7+DR7y46ToD+8KhoWwgUO6cdj 1FvJfBi/XqWcHtK6KEXhafv2vnlULeshynCXcDzC2j5PXez8C+f0SwyojDgGUez1WhUr 8vBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=QEJiHxzQ4vsnIgkYFKk94b0Z1AfoxAbm70aiQ06Jxuw=; b=gBrmbRSvBJRHMypnBAse8TCRBqXD06u0DOkVzLm9gH3K1KPL1rwcZbxV24BbfaVW/4 z+EdZkgP6BJQnVN7Z1i2767pJDJnRcLuRIyOT5a7/c96o9lMq7opVVoVuNA5b4gpcs45 jHgiL36NQxE4LLasZ3rwqSI3SYL9KTHMCkVkxkLIJykfFXKzqXsn+od/M82Vc1dziOtD lkRiI8zJQHb6eCltuaNgR2lZUObCcbEhRkQS89JtmofG3VZvek0GcQ/RtqF2Qan4paqZ 20lSCG9EQclKt04fr/4e3KbE4UOROr5PLfZn2kZL7lHExthNoR6gypLu9fuJPEiT4fbB 5taQ==
X-Gm-Message-State: ALQs6tDlhO1kqWZ3gDvqCzMK56XkCV06mbeVip1JK/Lj/MFRJuu2ldTs lqxIaHKTYlZ+y0YMoHJ97SNl/FJAlhCEfnG4QWYFgA==
X-Google-Smtp-Source: AB8JxZo2Sz7k/On+R7WDjxT8Xn3FqgNxUCxvGOkduQdbcEBUPDIO4X5BXDMNVzQpQ8e5mxSQ2blA9sTx1Me4TtunRwk=
X-Received: by 2002:a24:ed0f:: with SMTP id r15-v6mr22001907ith.86.1525675695788;  Sun, 06 May 2018 23:48:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:2a02:0:0:0:0:0 with HTTP; Sun, 6 May 2018 23:48:15 -0700 (PDT)
From: Radia Perlman <radiaperlman@gmail.com>
Date: Sun, 6 May 2018 23:48:15 -0700
Message-ID: <CAFOuuo6d2wpjWXM928kxRi+NusWH+uJb0+72kgZYmgDAyd7dWg@mail.gmail.com>
To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org,  The IESG <iesg@ietf.org>, secdir@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e3d7e5056b980d67"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/cdlwJJU6XdZl6fSg155cruPNeyc>
Subject: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2018 06:48:18 -0000

--000000000000e3d7e5056b980d67
Content-Type: text/plain; charset="UTF-8"

 Summary:  No security issues found, but I do have questions, and there are
editing glitches

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document describes the management interface for microwave radio links.
It advocates (correctly, I believe) that such an interface should be
extensible to provide for vendor-specific features.

I don't understand the difference between a "a traditional network
management system" and SDN.  Perhaps it is not the job of this document to
clearly make the distinction, and I suspect there is no real
distinction...setting parameters (traditional network management) is a way
of "programming" an interface ("SDN").

This document could use an editing pass for glitches, but these glitches do
not impact its readability.

The glitches consist  mostly of leaving out little words like "of" in the
following sentence.
"The adoption of an SDN framework for management and
   control the microwave interface is one of the key applications for
   this work."

The security considerations say that they assume a secure transport layer
(authenticated, probably encryption isn't necessary) for communication.
Other than that, perhaps, there might be security considerations for
inadvertently setting parameters incorrectly, or maliciously by a trusted
administrator.  But this document does not specify the specific parameters
to be managed, just a general framework.

Radia

--000000000000e3d7e5056b980d67
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">

<span style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font-size:1=
2.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:nor=
mal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;=
text-transform:none;white-space:normal;word-spacing:0px;text-decoration-sty=
le:initial;text-decoration-color:initial">Summary:=C2=A0 No security issues=
 found, but I do have questions, and there are editing glitches</span><div>=
<span style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font-size:1=
2.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:nor=
mal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;=
text-transform:none;white-space:normal;word-spacing:0px;text-decoration-sty=
le:initial;text-decoration-color:initial"><br></span></div><div><span style=
=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-=
style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-we=
ight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transf=
orm:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;=
text-decoration-color:initial">I have reviewed this document as part of the=
 security directorate&#39;s ongoing</span><br style=3D"color:rgb(34,34,34);=
font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-varian=
t-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:=
normal;text-align:start;text-indent:0px;text-transform:none;white-space:nor=
mal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:in=
itial"><span style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font=
-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-c=
aps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-inde=
nt:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decorat=
ion-style:initial;text-decoration-color:initial">effort to=C2=A0</span><spa=
n class=3D"gmail-m_9026368803713863349gmail-m_-5057010912157782534gmail-il"=
 style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px=
;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;f=
ont-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-=
transform:none;white-space:normal;word-spacing:0px;text-decoration-style:in=
itial;text-decoration-color:initial">review</span><span style=3D"color:rgb(=
34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;f=
ont-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;lette=
r-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white=
-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoratio=
n-color:initial">=C2=A0all IETF documents being processed by the IESG.=C2=
=A0 These</span><br style=3D"color:rgb(34,34,34);font-family:arial,sans-ser=
if;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-va=
riant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;te=
xt-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-=
decoration-style:initial;text-decoration-color:initial"><span style=3D"colo=
r:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:no=
rmal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400=
;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none=
;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-dec=
oration-color:initial">comments were written primarily for the benefit of t=
he security area</span><br style=3D"color:rgb(34,34,34);font-family:arial,s=
ans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;=
font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:s=
tart;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0p=
x;text-decoration-style:initial;text-decoration-color:initial"><span style=
=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-=
style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-we=
ight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transf=
orm:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;=
text-decoration-color:initial">directors.=C2=A0 Document editors and WG cha=
irs should treat these comments just</span><br style=3D"color:rgb(34,34,34)=
;font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-varia=
nt-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing=
:normal;text-align:start;text-indent:0px;text-transform:none;white-space:no=
rmal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:i=
nitial"><span style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;fon=
t-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-=
caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-ind=
ent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decora=
tion-style:initial;text-decoration-color:initial">like any other last call =
comments.</span>=C2=A0</div><div><br></div><div>This document describes the=
 management interface for microwave radio links.</div><div>It advocates (co=
rrectly, I believe) that such an interface should be extensible to provide =
for vendor-specific features.</div><div><br></div><div>I don&#39;t understa=
nd the difference between a &quot;a traditional network management system&q=
uot; and SDN.=C2=A0 Perhaps it is not the job of this document to clearly m=
ake the distinction, and I suspect there is no real distinction...setting p=
arameters (traditional network management) is a way of &quot;programming&qu=
ot; an interface (&quot;SDN&quot;).=C2=A0<br></div><div><br></div><div>This=
 document could use an editing pass for glitches, but these glitches do not=
 impact its readability.</div><div><br></div><div>The glitches consist=C2=
=A0 mostly of leaving out little words like &quot;of&quot; in the following=
 sentence.</div><div>&quot;The adoption of an SDN framework for management =
and</div><div>=C2=A0 =C2=A0control the microwave interface is one of the ke=
y applications for</div><div>=C2=A0 =C2=A0this work.&quot;</div><div><br></=
div><div>The security considerations say that they assume a secure transpor=
t layer (authenticated, probably encryption isn&#39;t necessary) for commun=
ication.=C2=A0 Other than that, perhaps, there might be security considerat=
ions for inadvertently setting parameters incorrectly, or maliciously by a =
trusted administrator.=C2=A0 But this document does not specify the specifi=
c parameters to be managed, just a general framework.</div><div><br></div><=
div>Radia</div><div><div><br></div></div></div>

--000000000000e3d7e5056b980d67--


From nobody Sun May  6 23:54:43 2018
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FECD1270B4; Sun,  6 May 2018 23:54:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level: 
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z7TIf-p9OtMU; Sun,  6 May 2018 23:54:39 -0700 (PDT)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28871126D0C; Sun,  6 May 2018 23:54:39 -0700 (PDT)
Received: by mail-io0-x22b.google.com with SMTP id p124-v6so32424893iod.1; Sun, 06 May 2018 23:54:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=1f/76lrkPpKVR9zok7lFoIuD0hETb4j55Mzg+gQOmyU=; b=KNjSQKD1dXmj6Fxz+Gc48QJSBnNzq7F4PWEEHZqK338SaPd31BsUDvGTk+Kk2XrAJB CR0kwOQnO9913QDhrcLrJS7oEcVmDZlDJ8hopAoXQFJ5moDX7H4cR5UV4KkF+63C53sn UTaph31U60nND0H8BbR/+6+tn6e0Q4znE9I7HWTRxGVxfP7syg0oP7kbmYDuzR/wJNWG BCwtekfoefayspMSUBMKYXuDMocfHx1TjoJzq3B6QH72vtJDH+49w7YB+Z2CbWxiz3qg Gy4vjx73AszpXOvlQ2fKP81otxmNPe7uBePOdIf+K78H6FHY0aYbZ/VcK212M02vaGs4 9N4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=1f/76lrkPpKVR9zok7lFoIuD0hETb4j55Mzg+gQOmyU=; b=eNh1xgOwKV9q6MWMyhyZ8cMFEsO/mRa9Nu0Z0YD1nPqN2srV7Mt6KagkvXr+QrF1AL CKVzZPWRGuGz7hFXyiXnkWlmguneJPTO0zPk9iQoimj4TfkC4U5vWLgtiyC0iikf/slT 0I+O/ZCm4gqJZD2OyIvr3U8dW0NyqdhKtxKEWBCOEwkYJdP89yzFpIgR4/Q7zMrgyV9z m+Hobacr6ClLwgSFegFDhuHnBEaFvArkjnONLP1vfNOqkz2OOr1VqwXMISVlFlOl2XTP NhMiZoGWRzFKaiQrd3VltW9aeJbHWhflm0hf+3Wxsu9snUXhUVjhvJHchkgvxOzD43Ke OuEw==
X-Gm-Message-State: ALQs6tD3fYjgFovqkgeNavdtMzOAHtKEhR4tZUbv8aMwDyjUUqSG3ljz SHhQnbhKkkF6Rhc3Hhp4BK30rVsrgw5OP/tJSWY=
X-Google-Smtp-Source: AB8JxZq4ZJ7duSdQvpy+g9/kmpZsNlB89KxkgZ2jIuMO4RM+cBq+7SWsByKa1P9uukE65iFH5qMpswaQybcp70N4xmk=
X-Received: by 2002:a6b:6113:: with SMTP id v19-v6mr37870114iob.11.1525676078524;  Sun, 06 May 2018 23:54:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:2a02:0:0:0:0:0 with HTTP; Sun, 6 May 2018 23:54:38 -0700 (PDT)
From: Radia Perlman <radiaperlman@gmail.com>
Date: Sun, 6 May 2018 23:54:38 -0700
Message-ID: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com>
To: draft-ietf-ccamp-microwave-framework.all@tools.ietf.org,  The IESG <iesg@ietf.org>, secdir@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b3ecc6056b98242e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/RB44zAfBoW1_Cxwl8tWI2Na4cFw>
Subject: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2018 06:54:41 -0000

--000000000000b3ecc6056b98242e
Content-Type: text/plain; charset="UTF-8"

Sorry...resending because I mistyped the author address.


---------- Forwarded message ----------
From: Radia Perlman <radiaperlman@gmail.com>
Date: Sun, May 6, 2018 at 11:48 PM
Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05
To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org, The IESG <
iesg@ietf.org>, secdir@ietf.org


Summary:  No security issues found, but I do have questions, and there are
editing glitches

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document describes the management interface for microwave radio links.
It advocates (correctly, I believe) that such an interface should be
extensible to provide for vendor-specific features.

I don't understand the difference between a "a traditional network
management system" and SDN.  Perhaps it is not the job of this document to
clearly make the distinction, and I suspect there is no real
distinction...setting parameters (traditional network management) is a way
of "programming" an interface ("SDN").

This document could use an editing pass for glitches, but these glitches do
not impact its readability.

The glitches consist  mostly of leaving out little words like "of" in the
following sentence.
"The adoption of an SDN framework for management and
   control the microwave interface is one of the key applications for
   this work."

The security considerations say that they assume a secure transport layer
(authenticated, probably encryption isn't necessary) for communication.
Other than that, perhaps, there might be security considerations for
inadvertently setting parameters incorrectly, or maliciously by a trusted
administrator.  But this document does not specify the specific parameters
to be managed, just a general framework.

Radia

--000000000000b3ecc6056b98242e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Sorry...resending because I mistyped the author address.<d=
iv><br></div><div><br><div class=3D"gmail_quote">---------- Forwarded messa=
ge ----------<br>From: <b class=3D"gmail_sendername">Radia Perlman</b> <spa=
n dir=3D"ltr">&lt;<a href=3D"mailto:radiaperlman@gmail.com">radiaperlman@gm=
ail.com</a>&gt;</span><br>Date: Sun, May 6, 2018 at 11:48 PM<br>Subject: Se=
cdir review of draft-ietf-ccamp-microwave-framework-05<br>To: <a href=3D"ma=
ilto:draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org">draft-ietf=
-ccamp-microwave-framework-05.all@tools.ietf.org</a>, The IESG &lt;<a href=
=3D"mailto:iesg@ietf.org">iesg@ietf.org</a>&gt;, <a href=3D"mailto:secdir@i=
etf.org">secdir@ietf.org</a><br><br><br><div dir=3D"ltr">

<span style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font-size:1=
2.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:nor=
mal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;=
text-transform:none;white-space:normal;word-spacing:0px;text-decoration-sty=
le:initial;text-decoration-color:initial">Summary:=C2=A0 No security issues=
 found, but I do have questions, and there are editing glitches</span><div>=
<span style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font-size:1=
2.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:nor=
mal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;=
text-transform:none;white-space:normal;word-spacing:0px;text-decoration-sty=
le:initial;text-decoration-color:initial"><br></span></div><div><span style=
=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-=
style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-we=
ight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transf=
orm:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;=
text-decoration-color:initial">I have reviewed this document as part of the=
 security directorate&#39;s ongoing</span><br style=3D"color:rgb(34,34,34);=
font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-varian=
t-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:=
normal;text-align:start;text-indent:0px;text-transform:none;white-space:nor=
mal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:in=
itial"><span style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font=
-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-c=
aps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-inde=
nt:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decorat=
ion-style:initial;text-decoration-color:initial">effort to=C2=A0</span><spa=
n class=3D"m_4131376728031167306gmail-m_9026368803713863349gmail-m_-5057010=
912157782534gmail-il" style=3D"color:rgb(34,34,34);font-family:arial,sans-s=
erif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-=
variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;=
text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;tex=
t-decoration-style:initial;text-decoration-color:initial">review</span><spa=
n style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8p=
x;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;=
font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text=
-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:i=
nitial;text-decoration-color:initial">=C2=A0all IETF documents being proces=
sed by the IESG.=C2=A0 These</span><br style=3D"color:rgb(34,34,34);font-fa=
mily:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligat=
ures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;=
text-align:start;text-indent:0px;text-transform:none;white-space:normal;wor=
d-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">=
<span style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font-size:1=
2.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:nor=
mal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;=
text-transform:none;white-space:normal;word-spacing:0px;text-decoration-sty=
le:initial;text-decoration-color:initial">comments were written primarily f=
or the benefit of the security area</span><br style=3D"color:rgb(34,34,34);=
font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-varian=
t-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:=
normal;text-align:start;text-indent:0px;text-transform:none;white-space:nor=
mal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:in=
itial"><span style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font=
-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-c=
aps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-inde=
nt:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decorat=
ion-style:initial;text-decoration-color:initial">directors.=C2=A0 Document =
editors and WG chairs should treat these comments just</span><br style=3D"c=
olor:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style=
:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:=
400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:n=
one;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-=
decoration-color:initial"><span style=3D"color:rgb(34,34,34);font-family:ar=
ial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:no=
rmal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-al=
ign:start;text-indent:0px;text-transform:none;white-space:normal;word-spaci=
ng:0px;text-decoration-style:initial;text-decoration-color:initial">like an=
y other last call comments.</span>=C2=A0</div><div><br></div><div>This docu=
ment describes the management interface for microwave radio links.</div><di=
v>It advocates (correctly, I believe) that such an interface should be exte=
nsible to provide for vendor-specific features.</div><div><br></div><div>I =
don&#39;t understand the difference between a &quot;a traditional network m=
anagement system&quot; and SDN.=C2=A0 Perhaps it is not the job of this doc=
ument to clearly make the distinction, and I suspect there is no real disti=
nction...setting parameters (traditional network management) is a way of &q=
uot;programming&quot; an interface (&quot;SDN&quot;).=C2=A0<br></div><div><=
br></div><div>This document could use an editing pass for glitches, but the=
se glitches do not impact its readability.</div><div><br></div><div>The gli=
tches consist=C2=A0 mostly of leaving out little words like &quot;of&quot; =
in the following sentence.</div><div>&quot;The adoption of an SDN framework=
 for management and</div><div>=C2=A0 =C2=A0control the microwave interface =
is one of the key applications for</div><div>=C2=A0 =C2=A0this work.&quot;<=
/div><div><br></div><div>The security considerations say that they assume a=
 secure transport layer (authenticated, probably encryption isn&#39;t neces=
sary) for communication.=C2=A0 Other than that, perhaps, there might be sec=
urity considerations for inadvertently setting parameters incorrectly, or m=
aliciously by a trusted administrator.=C2=A0 But this document does not spe=
cify the specific parameters to be managed, just a general framework.</div>=
<span class=3D"HOEnZb"><font color=3D"#888888"><div><br></div><div>Radia</d=
iv><div><div><br></div></div></font></span></div>
</div><br></div></div>

--000000000000b3ecc6056b98242e--


From nobody Mon May  7 02:46:13 2018
Return-Path: <daniele.ceccarelli@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FBD2124205 for <secdir@ietfa.amsl.com>; Mon,  7 May 2018 02:46:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level: 
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=Ea0kptlr; dkim=pass (1024-bit key) header.d=ericsson.com header.b=CefXo+UK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v6dreBrKYGon for <secdir@ietfa.amsl.com>; Mon,  7 May 2018 02:46:03 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1593F12D880 for <secdir@ietf.org>; Mon,  7 May 2018 02:46:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1525686360; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=UYTxMdh6Pv2Jt8wv0ssVXZCvfUNgYEyKZSj/G5jWMgA=; b=Ea0kptlr4rFgckVYeWeyKG6GddnlqEy3XtyvpUQqTMuvWt4Erp0OsCDZvRF0dW5r FFzD+G/tUD5BQNBNgKtjqy51+0zz1/SAk6MV1bXKTr7r6vYYnRgpUPze0HpZub6/ bALRypInNAkBlXXsns04xCeWU0eBPUNaiqcObCuVDuE=;
X-AuditID: c1b4fb3a-d35ff7000000729c-9d-5af020583ccc
Received: from ESESSHC003.ericsson.se (Unknown_Domain [153.88.183.27]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 0B.E9.29340.85020FA5; Mon,  7 May 2018 11:46:00 +0200 (CEST)
Received: from ESESSMR505.ericsson.se (153.88.183.127) by ESESSHC003.ericsson.se (153.88.183.27) with Microsoft SMTP Server (TLS) id 14.3.382.0; Mon, 7 May 2018 11:46:00 +0200
Received: from ESESBMB503.ericsson.se (153.88.183.170) by ESESSMR505.ericsson.se (153.88.183.127) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 7 May 2018 11:45:59 +0200
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB503.ericsson.se (153.88.183.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Mon, 7 May 2018 11:45:59 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UYTxMdh6Pv2Jt8wv0ssVXZCvfUNgYEyKZSj/G5jWMgA=; b=CefXo+UK4s5qvCUQXXwY7IFvEQwpFfcN0gzlm+qrGR3lz72uve6eOE0D2GUgjS9uHVnTlB40YI84qV1ZuCkNOwymYP+trssnSJsyZMcBcBV6tDruz1lKDvl/feuF28foC45gH5x0/ViF9pWY+sL0hYpnkcp4zwQiokynv6r2UG8=
Received: from VI1PR07MB3167.eurprd07.prod.outlook.com (10.175.243.17) by VI1PR07MB1325.eurprd07.prod.outlook.com (10.164.92.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.755.15; Mon, 7 May 2018 09:45:58 +0000
Received: from VI1PR07MB3167.eurprd07.prod.outlook.com ([fe80::bd7a:2162:cf36:4392]) by VI1PR07MB3167.eurprd07.prod.outlook.com ([fe80::bd7a:2162:cf36:4392%2]) with mapi id 15.20.0755.012; Mon, 7 May 2018 09:45:58 +0000
From: Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>
To: Radia Perlman <radiaperlman@gmail.com>, "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" <draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir review of draft-ietf-ccamp-microwave-framework-05
Thread-Index: AQHT5dBaSTmpqFmYGkCuUotKdlSMFqQkArvw
Date: Mon, 7 May 2018 09:45:58 +0000
Message-ID: <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com>
References: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com>
In-Reply-To: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com>
Accept-Language: it-IT, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [93.38.67.165]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR07MB1325; 7:CEhdfY+e1vS6vr4XSWt6mkYr4OMpBe1Yrsjt99SU5IEuIdzJClvzOB92gep8UndXzAyjNJoDc8qQOhyvh2lrD1eXX/+AN+YJhyBYZN5ItVwJnEILAk+DoeIVWrofcknSdtvKe+nVhhqSu+Q6pUTMJS3Dn41QaeDw8ZrbjMb41AvsC0DzZ/9VG7UmiuZbeilezgGWz6cE0+S8E6qbGxq2/rjiVFdtJt4cJa5JrzBQr7HKcEY8uJFmRiCGTfPRS7GE
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:VI1PR07MB1325; 
x-ms-traffictypediagnostic: VI1PR07MB1325:
x-microsoft-antispam-prvs: <VI1PR07MB132529185896DFD77DED0007F09B0@VI1PR07MB1325.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(278428928389397)(192374486261705)(85827821059158)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(3231254)(944501410)(52105095)(10201501046)(149027)(150027)(6041310)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(6072148)(201708071742011); SRVR:VI1PR07MB1325; BCL:0; PCL:0; RULEID:; SRVR:VI1PR07MB1325; 
x-forefront-prvs: 066517B35B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(396003)(346002)(366004)(39380400002)(376002)(22974007)(189003)(199004)(3846002)(790700001)(6116002)(5250100002)(26005)(33656002)(229853002)(6346003)(5660300001)(3280700002)(2906002)(54896002)(44832011)(110136005)(316002)(66066001)(3660700001)(53936002)(25786009)(186003)(55016002)(97736004)(2501003)(6506007)(102836004)(53546011)(6246003)(6436002)(478600001)(2900100001)(8936002)(86362001)(99286004)(59450400001)(7736002)(106356001)(68736007)(81166006)(8676002)(5070765005)(81156014)(39060400002)(476003)(236005)(9686003)(486006)(6306002)(105586002)(14454004)(76176011)(446003)(74316002)(11346002)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB1325; H:VI1PR07MB3167.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; 
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=daniele.ceccarelli@ericsson.com; 
x-microsoft-antispam-message-info: pN08iaOT5TKVVbX+5PEeuCcmSMktQ5n19VSVA9VQ6VxWgqyX0JDaOfwkl0gBy+7K5xMHlyaLnw4orzqEYPYJ6jf2I09OcfTSRv3u6fA/r0mYAcnX5R70G7fTHAFsCTeHy1PT99animYid9Lx6VB8dwigAQCoc16hggSbToXyk5tM1uH24juWzd4l27ls6/rl
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR07MB3167FAE7BD03E6751047B60DF09B0VI1PR07MB3167eurp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 52a91ecd-6ad6-48a0-463d-08d5b3ff5639
X-MS-Exchange-CrossTenant-Network-Message-Id: 52a91ecd-6ad6-48a0-463d-08d5b3ff5639
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 May 2018 09:45:58.5738 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB1325
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02SfUhTURjGOffebdfR6rgmvmqKrQ9LmpoYDQnJorIo0iiQUdjI6wfOabtm aZEmSPmVLjV0Wn6LTSlMrUwjXJO0QsGwUrC0zUpSmx9hYmhud4H//Z73PO/znvdwaFLcznOl Y9VJjEatVEn5Qqo0/KmbLNzTovBrzvWQf5zaLi/5qyXlreVTPLmlaozaT4W060YEIbW1i0TI /Ps5fiipEO6LZFSxyYzGN+i8MObPZBZKnM5AVybKKsl01JSWjRxowAFQd6dAkI2EtBgbEXSa h0lOtCDQVY3zOfEbweeXIzxO1BCQV9NOWAWFZwl4981oD9ASMFRYY+8ZQ9A007SaRtN8HAhm w3FrXYLNCEZuDyHr+I34ELwZbBBYWYIPw882E+LYH4yGfr6VKbwVGvSNpJVF+CxMZ/bZ/GIc Cm9bcgkrO+AwKGvttnkQdoeCjmpbDomdYdhcQXCrYqjt7Cc5doIJ0zKPY09oG3hNcewOAxU5 iONWAvJn7H4ZWIqLbS8D+AmCkslee6g3ZNytswfFwYvMecK6MOBrkPXKnuMB+rwxiuttI6HP qLf3boKyolFUgPx0a+7KcQL0LE/zdbadHaG31EzpVmNJvBMePfflLJuhKGdMwPEOyCy/J1hb r0QCPXJiGZaNj/b392E0sRdYNkHto2aSHqPVD9XVuhT4DHV9DzYgTCPpOlGPh0Uh5imT2ZR4 AwKalEpEG7p/KcSiSGVKKqNJiNBcUjGsAbnRlNRZdCBKrhDjaGUSE8cwiYzm/ylBO7imI7nX rW2mYys+2nppauN8aQ58CIqIEkq+NJ0LXuicW7zvK5s4HeCimFRdpKevCtRtzc1njmQUeu1K 01afqs9vvuEkCwkzlqhM12U3oXRp1CU0O/PEg6MLW/Ra3kPvg6a99OWGWd2gS0eFt+XrStbJ H44dktH1MyPBzOA4I4n8tEdKsTHK3d6khlX+A9uPJ5pMAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/H8n_ADBkBffhb_DSn7MKXvWE38Y>
Subject: Re: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2018 09:46:07 -0000

--_000_VI1PR07MB3167FAE7BD03E6751047B60DF09B0VI1PR07MB3167eurp_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgUmFkaWEsDQoNCmxldCBtZSByZXBseSBvbiBiZWhhbGYgb2YgdGhlIGF1dGhvcnMuIEZpcnN0
IG9mIGFsbCBtYW55IHRoYW5rcyBmb3IgeW91ciByZXZpZXcuDQoNClJlZ2FyZGluZyB5b3VyIHF1
ZXN0aW9uIGFib3V0IHRyYWRpdGlvbmFsIE5NUyB2cyBTRE4gSSBhZ3JlZSB3aXRoIHlvdSBvbiB0
aGUgZmFjdCB0aGF0IHRoZXkgYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBjb21tb24gY29tcG9uZW50
IGFuZCB0aGUgZGlzdGluY3Rpb24gaXMgcXVpdGUgYmx1cnJ5LCBidXQgdGhlcmUgaXMgc3RpbGwg
cGxlbnR5IG9mIG5ldHdvcmtzIHdoZXJlIE5NUyBpcyBzdGlsbCBjb25zaWRlcmVkIGFzIHRoZSBp
bXBsZW1lbnRhdGlvbiBvZiB0aGUgbWFuYWdlbWVudCBwbGFuZSB3aGlsZSBTRE4gdGhlIGNlbnRy
YWxpemF0aW9uIG9mIHRoZSBjb250cm9sIHBsYW5lIGFuZCB0aGV5IGFyZSBzdGlsbCBrZXB0IGFz
IHNlcGFyYXRlIHRoaW5ncy4NCg0KSGVuY2UsIHNpbmNlIHRoZSBhdXRob3JzIHNwZWFrIGFib3V0
IOKAnHRyYWRpdGlvbmFs4oCdIE5NUyBhbmQgU0ROIEkgd291bGQgdGVuZCB0byBhbGxvdyBmb3Ig
dGhlIGRpc3RpbmN0aW9uIHRvIGJlIGtlcHQuIElmIHlvdSBwcmVmZXIgYSBub3RlIHNwZWFraW5n
IGFib3V0IHRoZSBjb252ZXJnZW5jZSBvZiB0aGUgdHdvIHRoaW5ncyBjYW4gYmUgYWRkZWQuDQoN
ClRoYW5rcyBhIGxvdA0KRGFuaWVsZSAgKGNjYW1wIGNvLWNoYWlyKQ0KDQpGcm9tOiBSYWRpYSBQ
ZXJsbWFuIFttYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbV0NClNlbnQ6IGx1bmVkw6wgNyBt
YWdnaW8gMjAxOCAwODo1NQ0KVG86IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29y
ay5hbGxAdG9vbHMuaWV0Zi5vcmc7IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPjsgc2VjZGlyQGll
dGYub3JnDQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93
YXZlLWZyYW1ld29yay0wNQ0KDQpTb3JyeS4uLnJlc2VuZGluZyBiZWNhdXNlIEkgbWlzdHlwZWQg
dGhlIGF1dGhvciBhZGRyZXNzLg0KDQoNCi0tLS0tLS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0t
LS0tLS0tLQ0KRnJvbTogUmFkaWEgUGVybG1hbiA8cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTxtYWls
dG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbT4+DQpEYXRlOiBTdW4sIE1heSA2LCAyMDE4IGF0IDEx
OjQ4IFBNDQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93
YXZlLWZyYW1ld29yay0wNQ0KVG86IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29y
ay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZl
LWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc+LCBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9y
ZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+LCBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBp
ZXRmLm9yZz4NCg0KU3VtbWFyeTogIE5vIHNlY3VyaXR5IGlzc3VlcyBmb3VuZCwgYnV0IEkgZG8g
aGF2ZSBxdWVzdGlvbnMsIGFuZCB0aGVyZSBhcmUgZWRpdGluZyBnbGl0Y2hlcw0KDQpJIGhhdmUg
cmV2aWV3ZWQgdGhpcyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0
ZSdzIG9uZ29pbmcNCmVmZm9ydCB0byByZXZpZXcgYWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHBy
b2Nlc3NlZCBieSB0aGUgSUVTRy4gIFRoZXNlDQpjb21tZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFy
aWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJlYQ0KZGlyZWN0b3JzLiAgRG9j
dW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCB0aGVzZSBjb21tZW50cyBq
dXN0DQpsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwgY29tbWVudHMuDQoNClRoaXMgZG9jdW1lbnQg
ZGVzY3JpYmVzIHRoZSBtYW5hZ2VtZW50IGludGVyZmFjZSBmb3IgbWljcm93YXZlIHJhZGlvIGxp
bmtzLg0KSXQgYWR2b2NhdGVzIChjb3JyZWN0bHksIEkgYmVsaWV2ZSkgdGhhdCBzdWNoIGFuIGlu
dGVyZmFjZSBzaG91bGQgYmUgZXh0ZW5zaWJsZSB0byBwcm92aWRlIGZvciB2ZW5kb3Itc3BlY2lm
aWMgZmVhdHVyZXMuDQoNCkkgZG9uJ3QgdW5kZXJzdGFuZCB0aGUgZGlmZmVyZW5jZSBiZXR3ZWVu
IGEgImEgdHJhZGl0aW9uYWwgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSIgYW5kIFNETi4gIFBl
cmhhcHMgaXQgaXMgbm90IHRoZSBqb2Igb2YgdGhpcyBkb2N1bWVudCB0byBjbGVhcmx5IG1ha2Ug
dGhlIGRpc3RpbmN0aW9uLCBhbmQgSSBzdXNwZWN0IHRoZXJlIGlzIG5vIHJlYWwgZGlzdGluY3Rp
b24uLi5zZXR0aW5nIHBhcmFtZXRlcnMgKHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCkg
aXMgYSB3YXkgb2YgInByb2dyYW1taW5nIiBhbiBpbnRlcmZhY2UgKCJTRE4iKS4NCg0KVGhpcyBk
b2N1bWVudCBjb3VsZCB1c2UgYW4gZWRpdGluZyBwYXNzIGZvciBnbGl0Y2hlcywgYnV0IHRoZXNl
IGdsaXRjaGVzIGRvIG5vdCBpbXBhY3QgaXRzIHJlYWRhYmlsaXR5Lg0KDQpUaGUgZ2xpdGNoZXMg
Y29uc2lzdCAgbW9zdGx5IG9mIGxlYXZpbmcgb3V0IGxpdHRsZSB3b3JkcyBsaWtlICJvZiIgaW4g
dGhlIGZvbGxvd2luZyBzZW50ZW5jZS4NCiJUaGUgYWRvcHRpb24gb2YgYW4gU0ROIGZyYW1ld29y
ayBmb3IgbWFuYWdlbWVudCBhbmQNCiAgIGNvbnRyb2wgdGhlIG1pY3Jvd2F2ZSBpbnRlcmZhY2Ug
aXMgb25lIG9mIHRoZSBrZXkgYXBwbGljYXRpb25zIGZvcg0KICAgdGhpcyB3b3JrLiINCg0KVGhl
IHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHNheSB0aGF0IHRoZXkgYXNzdW1lIGEgc2VjdXJlIHRy
YW5zcG9ydCBsYXllciAoYXV0aGVudGljYXRlZCwgcHJvYmFibHkgZW5jcnlwdGlvbiBpc24ndCBu
ZWNlc3NhcnkpIGZvciBjb21tdW5pY2F0aW9uLiAgT3RoZXIgdGhhbiB0aGF0LCBwZXJoYXBzLCB0
aGVyZSBtaWdodCBiZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBmb3IgaW5hZHZlcnRlbnRseSBz
ZXR0aW5nIHBhcmFtZXRlcnMgaW5jb3JyZWN0bHksIG9yIG1hbGljaW91c2x5IGJ5IGEgdHJ1c3Rl
ZCBhZG1pbmlzdHJhdG9yLiAgQnV0IHRoaXMgZG9jdW1lbnQgZG9lcyBub3Qgc3BlY2lmeSB0aGUg
c3BlY2lmaWMgcGFyYW1ldGVycyB0byBiZSBtYW5hZ2VkLCBqdXN0IGEgZ2VuZXJhbCBmcmFtZXdv
cmsuDQoNClJhZGlhDQoNCg0K

--_000_VI1PR07MB3167FAE7BD03E6751047B60DF09B0VI1PR07MB3167eurp_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m
YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy
IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws
IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ
Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph
OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv
cjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1z
b0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJw
bGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25v
cm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28t
bWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGNtOw0KCW1zby1tYXJnaW4tYm90
dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBjbTsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZv
bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4ubTQxMzEzNzY3MjgwMzExNjcz
MDZnbWFpbC1tOTAyNjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1Nzc4MjUzNGdt
YWlsLWlsDQoJe21zby1zdHlsZS1uYW1lOm1fNDEzMTM3NjcyODAzMTE2NzMwNmdtYWlsLW1fOTAy
NjM2ODgwMzcxMzg2MzM0OWdtYWlsLW1fLTUwNTcwMTA5MTIxNTc3ODI1MzRnbWFpbC1pbDt9DQpz
cGFuLmhvZW56Yg0KCXttc28tc3R5bGUtbmFtZTpob2VuemI7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjAN
Cgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmki
LHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28t
c3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJp
ZjsNCgltc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUzt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7
c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcwLjg1cHQgMi4wY20gMi4wY20gMi4wY207
fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0eWxlPjwh
LS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3Bp
ZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1s
Pg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRh
dGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8
Ym9keSBsYW5nPSJJVCIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJX
b3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJl
YXN0LWxhbmd1YWdlOkVOLVVTIj5IaSBSYWRpYSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMi
PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IGxhbmc9IkVOLVVTIiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPmxldCBtZSBy
ZXBseSBvbiBiZWhhbGYgb2YgdGhlIGF1dGhvcnMuIEZpcnN0IG9mIGFsbCBtYW55IHRoYW5rcyBm
b3IgeW91ciByZXZpZXcuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+
PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g
bGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+UmVnYXJkaW5n
IHlvdXIgcXVlc3Rpb24gYWJvdXQgdHJhZGl0aW9uYWwgTk1TIHZzIFNETiBJIGFncmVlIHdpdGgg
eW91IG9uIHRoZSBmYWN0IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbW1vbiBj
b21wb25lbnQgYW5kIHRoZSBkaXN0aW5jdGlvbiBpcyBxdWl0ZSBibHVycnksIGJ1dCB0aGVyZSBp
cw0KIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJl
ZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUgd2hpbGUgU0RO
IHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZSBhbmQgdGhleSBhcmUgc3Rp
bGwga2VwdCBhcyBzZXBhcmF0ZSB0aGluZ3MuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5n
dWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1V
UyI+SGVuY2UsIHNpbmNlIHRoZSBhdXRob3JzIHNwZWFrIGFib3V0IOKAnHRyYWRpdGlvbmFs4oCd
IE5NUyBhbmQgU0ROIEkgd291bGQgdGVuZCB0byBhbGxvdyBmb3IgdGhlIGRpc3RpbmN0aW9uIHRv
IGJlIGtlcHQuIElmIHlvdSBwcmVmZXIgYSBub3RlIHNwZWFraW5nIGFib3V0IHRoZSBjb252ZXJn
ZW5jZSBvZiB0aGUgdHdvIHRoaW5ncw0KIGNhbiBiZSBhZGRlZC48bzpwPjwvbzpwPjwvc3Bhbj48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1m
YXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxh
bmd1YWdlOkVOLVVTIj5UaGFua3MgYSBsb3Q8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1
YWdlOkVOLVVTIj5EYW5pZWxlJm5ic3A7IChjY2FtcCBjby1jaGFpcik8bzpwPjwvbzpwPjwvc3Bh
bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1z
by1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8
ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCBibHVlIDEuNXB0O3BhZGRp
bmc6MGNtIDBjbSAwY20gNC4wcHQiPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2Jv
cmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIj5Gcm9tOjwvc3Bhbj48
L2I+PHNwYW4gbGFuZz0iRU4tVVMiPiBSYWRpYSBQZXJsbWFuIFttYWlsdG86cmFkaWFwZXJsbWFu
QGdtYWlsLmNvbV0NCjxicj4NCjxiPlNlbnQ6PC9iPiBsdW5lZMOsIDcgbWFnZ2lvIDIwMTggMDg6
NTU8YnI+DQo8Yj5Ubzo8L2I+IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5h
bGxAdG9vbHMuaWV0Zi5vcmc7IFRoZSBJRVNHICZsdDtpZXNnQGlldGYub3JnJmd0Ozsgc2VjZGly
QGlldGYub3JnPGJyPg0KPGI+U3ViamVjdDo8L2I+IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0
Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k
aXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K
PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlNvcnJ5Li4ucmVzZW5kaW5nIGJlY2F1c2UgSSBt
aXN0eXBlZCB0aGUgYXV0aG9yIGFkZHJlc3MuPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPi0tLS0tLS0tLS0gRm9yd2Fy
ZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLTxicj4NCkZyb206IDxiPlJhZGlhIFBlcmxtYW48L2I+ICZs
dDs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbSI+cmFkaWFwZXJsbWFuQGdt
YWlsLmNvbTwvYT4mZ3Q7PGJyPg0KRGF0ZTogU3VuLCBNYXkgNiwgMjAxOCBhdCAxMTo0OCBQTTxi
cj4NClN1YmplY3Q6IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUt
ZnJhbWV3b3JrLTA1PGJyPg0KVG86IDxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1p
Y3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xzLmlldGYub3JnIj5kcmFmdC1pZXRmLWNjYW1w
LW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xzLmlldGYub3JnPC9hPiwgVGhlIElFU0cg
Jmx0OzxhIGhyZWY9Im1haWx0bzppZXNnQGlldGYub3JnIj5pZXNnQGlldGYub3JnPC9hPiZndDss
DQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJy
Pg0KPGJyPg0KPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw
YW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90Oyxz
YW5zLXNlcmlmO2NvbG9yOiMyMjIyMjIiPlN1bW1hcnk6Jm5ic3A7IE5vIHNlY3VyaXR5IGlzc3Vl
cyBmb3VuZCwgYnV0IEkgZG8gaGF2ZSBxdWVzdGlvbnMsIGFuZCB0aGVyZSBhcmUgZWRpdGluZyBn
bGl0Y2hlczwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwm
cXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj5JIGhhdmUgcmV2aWV3ZWQgdGhpcyBkb2N1
bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0ZSdzIG9uZ29pbmc8YnI+DQpl
ZmZvcnQgdG8mbmJzcDs8c3BhbiBjbGFzcz0ibTQxMzEzNzY3MjgwMzExNjczMDZnbWFpbC1tOTAy
NjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1Nzc4MjUzNGdtYWlsLWlsIj5yZXZp
ZXc8L3NwYW4+Jm5ic3A7YWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHByb2Nlc3NlZCBieSB0aGUg
SUVTRy4mbmJzcDsgVGhlc2U8YnI+DQpjb21tZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZv
ciB0aGUgYmVuZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJlYTxicj4NCmRpcmVjdG9ycy4mbmJzcDsg
RG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCB0aGVzZSBjb21tZW50
cyBqdXN0PGJyPg0KbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1lbnRzLjwvc3Bhbj4mbmJz
cDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv
OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
VGhpcyBkb2N1bWVudCBkZXNjcmliZXMgdGhlIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGZvciBtaWNy
b3dhdmUgcmFkaW8gbGlua3MuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj5JdCBhZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1
Y2ggYW4gaW50ZXJmYWNlIHNob3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRv
ci1zcGVjaWZpYyBmZWF0dXJlcy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+SSBkb24ndCB1bmRlcnN0YW5kIHRoZSBkaWZmZXJlbmNlIGJldHdl
ZW4gYSAmcXVvdDthIHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCBzeXN0ZW0mcXVvdDsg
YW5kIFNETi4mbmJzcDsgUGVyaGFwcyBpdCBpcyBub3QgdGhlIGpvYiBvZiB0aGlzIGRvY3VtZW50
IHRvIGNsZWFybHkgbWFrZSB0aGUgZGlzdGluY3Rpb24sIGFuZCBJIHN1c3BlY3QgdGhlcmUgaXMg
bm8gcmVhbCBkaXN0aW5jdGlvbi4uLnNldHRpbmcgcGFyYW1ldGVycw0KICh0cmFkaXRpb25hbCBu
ZXR3b3JrIG1hbmFnZW1lbnQpIGlzIGEgd2F5IG9mICZxdW90O3Byb2dyYW1taW5nJnF1b3Q7IGFu
IGludGVyZmFjZSAoJnF1b3Q7U0ROJnF1b3Q7KS4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2
Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9k
aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhpcyBkb2N1bWVudCBjb3VsZCB1c2Ug
YW4gZWRpdGluZyBwYXNzIGZvciBnbGl0Y2hlcywgYnV0IHRoZXNlIGdsaXRjaGVzIGRvIG5vdCBp
bXBhY3QgaXRzIHJlYWRhYmlsaXR5LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUgZ2xpdGNoZXMgY29uc2lzdCZuYnNwOyBtb3N0bHkgb2Yg
bGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxpa2UgJnF1b3Q7b2YmcXVvdDsgaW4gdGhlIGZvbGxv
d2luZyBzZW50ZW5jZS48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPiZxdW90O1RoZSBhZG9wdGlvbiBvZiBhbiBTRE4gZnJhbWV3b3JrIGZvciBtYW5h
Z2VtZW50IGFuZDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+Jm5ic3A7ICZuYnNwO2NvbnRyb2wgdGhlIG1pY3Jvd2F2ZSBpbnRlcmZhY2UgaXMgb25l
IG9mIHRoZSBrZXkgYXBwbGljYXRpb25zIGZvcjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO3RoaXMgd29yay4mcXVvdDs8bzpw
PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5i
c3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhlIHNl
Y3VyaXR5IGNvbnNpZGVyYXRpb25zIHNheSB0aGF0IHRoZXkgYXNzdW1lIGEgc2VjdXJlIHRyYW5z
cG9ydCBsYXllciAoYXV0aGVudGljYXRlZCwgcHJvYmFibHkgZW5jcnlwdGlvbiBpc24ndCBuZWNl
c3NhcnkpIGZvciBjb21tdW5pY2F0aW9uLiZuYnNwOyBPdGhlciB0aGFuIHRoYXQsIHBlcmhhcHMs
IHRoZXJlIG1pZ2h0IGJlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGZvciBpbmFkdmVydGVudGx5
IHNldHRpbmcNCiBwYXJhbWV0ZXJzIGluY29ycmVjdGx5LCBvciBtYWxpY2lvdXNseSBieSBhIHRy
dXN0ZWQgYWRtaW5pc3RyYXRvci4mbmJzcDsgQnV0IHRoaXMgZG9jdW1lbnQgZG9lcyBub3Qgc3Bl
Y2lmeSB0aGUgc3BlY2lmaWMgcGFyYW1ldGVycyB0byBiZSBtYW5hZ2VkLCBqdXN0IGEgZ2VuZXJh
bCBmcmFtZXdvcmsuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6Izg4ODg4OCI+PG86cD4mbmJzcDs8L286cD48L3Nw
YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9
ImNvbG9yOiM4ODg4ODgiPlJhZGlhPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2
Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojODg4ODg4
Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8
L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+
DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_VI1PR07MB3167FAE7BD03E6751047B60DF09B0VI1PR07MB3167eurp_--


From nobody Thu May 10 01:07:48 2018
Return-Path: <amy.yemin@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CAC6126DFB; Thu, 10 May 2018 01:07:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gWbh2Ql0aN8l; Thu, 10 May 2018 01:07:40 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22E33124BFA; Thu, 10 May 2018 01:07:40 -0700 (PDT)
Received: from lhreml705-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 7A563EA8D3533; Thu, 10 May 2018 09:07:34 +0100 (IST)
Received: from DGGEMA406-HUB.china.huawei.com (10.3.20.47) by lhreml705-cah.china.huawei.com (10.201.108.46) with Microsoft SMTP Server (TLS) id 14.3.382.0; Thu, 10 May 2018 09:07:35 +0100
Received: from DGGEMA521-MBS.china.huawei.com ([169.254.5.75]) by DGGEMA406-HUB.china.huawei.com ([10.3.20.47]) with mapi id 14.03.0382.000; Thu, 10 May 2018 16:07:30 +0800
From: "Yemin (Amy)" <amy.yemin@huawei.com>
To: Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>, Radia Perlman <radiaperlman@gmail.com>, "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" <draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir review of draft-ietf-ccamp-microwave-framework-05
Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQA=
Date: Thu, 10 May 2018 08:07:29 +0000
Message-ID: <9C5FD3EFA72E1740A3D41BADDE0B461FCF003252@dggema521-mbs.china.huawei.com>
References: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com> <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com>
In-Reply-To: <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.169.30.234]
Content-Type: multipart/alternative; boundary="_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF003252dggema521mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/7V5jvEhspwngFFOafziFe0exO6Q>
Subject: Re: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2018 08:07:42 -0000

--_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF003252dggema521mbschi_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgUmFkaWEsDQoNClRoYW5rcyBmb3IgeW91ciByZXZpZXcuDQoNClJlZ2FyZGluZyB0aGUgTk1T
IGFuZCBTRE4sIGFzIERhbmllbGUgc3VnZ2VzdGVkLCB3ZSB3aWxsIGFkZCB0aGUgZm9sbG93aW5n
IHRleHQgaW4gc2VjdGlvbiAzOg0K4oCcSXQncyBub3RlZCB0aGF0IHRoZXJlJ3MgaWRlYSB0aGF0
IHRoZSBOTVMgYW5kIFNETiBhcmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbXBvbmVudCwgYW5kIHRo
ZSBkaXN0aW5jdGlvbiBiZXR3ZWVuIHRoZW0gaXMgcXVpdGUgdmFndWUuIEFub3RoZXIgZmFjdCBp
cyB0aGF0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3Rp
bGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxh
bmUsIHdoaWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUg
Y29udHJvbCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25lbnQu
4oCdDQoNClJlZ2FyZGluZyB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBk
cmFmdCBkb2VzbuKAmXQgc3BlY2lmeSB0aGUgcGFyYW1ldGVycy4NClRoZXJl4oCZcyBhbm90aGVy
IGRyYWZ0IGRyYWZ0LWlldGYtY2NhbXAtbXcteWFuZywgd2hlcmUgdGhlIHNlY3VyaXR5IGNvbnNp
ZGVyYXRpb24gaXMgYWRkcmVzc2VkIGFzIHlvdSBzdWdnZXN0ZWQuDQoNCkJSLA0KQW15DQpGcm9t
OiBEYW5pZWxlIENlY2NhcmVsbGkgW21haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24u
Y29tXQ0KU2VudDogTW9uZGF5LCBNYXkgMDcsIDIwMTggNTo0NiBQTQ0KVG86IFJhZGlhIFBlcmxt
YW4gPHJhZGlhcGVybG1hbkBnbWFpbC5jb20+OyBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m
cmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnOyBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZz47IHNl
Y2RpckBpZXRmLm9yZw0KU3ViamVjdDogUkU6IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1j
Y2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1DQoNCkhpIFJhZGlhLA0KDQpsZXQgbWUgcmVwbHkg
b24gYmVoYWxmIG9mIHRoZSBhdXRob3JzLiBGaXJzdCBvZiBhbGwgbWFueSB0aGFua3MgZm9yIHlv
dXIgcmV2aWV3Lg0KDQpSZWdhcmRpbmcgeW91ciBxdWVzdGlvbiBhYm91dCB0cmFkaXRpb25hbCBO
TVMgdnMgU0ROIEkgYWdyZWUgd2l0aCB5b3Ugb24gdGhlIGZhY3QgdGhhdCB0aGV5IGFyZSBldm9s
dmluZyB0b3dhcmRzIGEgY29tbW9uIGNvbXBvbmVudCBhbmQgdGhlIGRpc3RpbmN0aW9uIGlzIHF1
aXRlIGJsdXJyeSwgYnV0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBO
TVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFn
ZW1lbnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBw
bGFuZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSB0aGluZ3MuDQoNCkhlbmNl
LCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVhayBhYm91dCDigJx0cmFkaXRpb25hbOKAnSBOTVMgYW5k
IFNETiBJIHdvdWxkIHRlbmQgdG8gYWxsb3cgZm9yIHRoZSBkaXN0aW5jdGlvbiB0byBiZSBrZXB0
LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBzcGVha2luZyBhYm91dCB0aGUgY29udmVyZ2VuY2Ugb2Yg
dGhlIHR3byB0aGluZ3MgY2FuIGJlIGFkZGVkLg0KDQpUaGFua3MgYSBsb3QNCkRhbmllbGUgIChj
Y2FtcCBjby1jaGFpcikNCg0KRnJvbTogUmFkaWEgUGVybG1hbiBbbWFpbHRvOnJhZGlhcGVybG1h
bkBnbWFpbC5jb21dDQpTZW50OiBsdW5lZMOsIDcgbWFnZ2lvIDIwMTggMDg6NTUNClRvOiBkcmFm
dC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPG1haWx0
bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3Jn
PjsgVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+Pjsgc2VjZGly
QGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3
IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpTb3JyeS4uLnJl
c2VuZGluZyBiZWNhdXNlIEkgbWlzdHlwZWQgdGhlIGF1dGhvciBhZGRyZXNzLg0KDQoNCi0tLS0t
LS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLQ0KRnJvbTogUmFkaWEgUGVybG1hbiA8
cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTxtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbT4+DQpE
YXRlOiBTdW4sIE1heSA2LCAyMDE4IGF0IDExOjQ4IFBNDQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3
IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KVG86IGRyYWZ0LWll
dGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc8bWFpbHRv
OmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5v
cmc+LCBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+LCBzZWNk
aXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4NClN1bW1hcnk6ICBObyBzZWN1cml0
eSBpc3N1ZXMgZm91bmQsIGJ1dCBJIGRvIGhhdmUgcXVlc3Rpb25zLCBhbmQgdGhlcmUgYXJlIGVk
aXRpbmcgZ2xpdGNoZXMNCg0KSSBoYXZlIHJldmlld2VkIHRoaXMgZG9jdW1lbnQgYXMgcGFydCBv
ZiB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUncyBvbmdvaW5nDQplZmZvcnQgdG8gcmV2aWV3IGFs
bCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cuICBUaGVzZQ0KY29t
bWVudHMgd2VyZSB3cml0dGVuIHByaW1hcmlseSBmb3IgdGhlIGJlbmVmaXQgb2YgdGhlIHNlY3Vy
aXR5IGFyZWENCmRpcmVjdG9ycy4gIERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNoYWlycyBzaG91
bGQgdHJlYXQgdGhlc2UgY29tbWVudHMganVzdA0KbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNv
bW1lbnRzLg0KDQpUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0aGUgbWFuYWdlbWVudCBpbnRlcmZh
Y2UgZm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy4NCkl0IGFkdm9jYXRlcyAoY29ycmVjdGx5LCBJ
IGJlbGlldmUpIHRoYXQgc3VjaCBhbiBpbnRlcmZhY2Ugc2hvdWxkIGJlIGV4dGVuc2libGUgdG8g
cHJvdmlkZSBmb3IgdmVuZG9yLXNwZWNpZmljIGZlYXR1cmVzLg0KDQpJIGRvbid0IHVuZGVyc3Rh
bmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICJhIHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdl
bWVudCBzeXN0ZW0iIGFuZCBTRE4uICBQZXJoYXBzIGl0IGlzIG5vdCB0aGUgam9iIG9mIHRoaXMg
ZG9jdW1lbnQgdG8gY2xlYXJseSBtYWtlIHRoZSBkaXN0aW5jdGlvbiwgYW5kIEkgc3VzcGVjdCB0
aGVyZSBpcyBubyByZWFsIGRpc3RpbmN0aW9uLi4uc2V0dGluZyBwYXJhbWV0ZXJzICh0cmFkaXRp
b25hbCBuZXR3b3JrIG1hbmFnZW1lbnQpIGlzIGEgd2F5IG9mICJwcm9ncmFtbWluZyIgYW4gaW50
ZXJmYWNlICgiU0ROIikuDQoNClRoaXMgZG9jdW1lbnQgY291bGQgdXNlIGFuIGVkaXRpbmcgcGFz
cyBmb3IgZ2xpdGNoZXMsIGJ1dCB0aGVzZSBnbGl0Y2hlcyBkbyBub3QgaW1wYWN0IGl0cyByZWFk
YWJpbGl0eS4NCg0KVGhlIGdsaXRjaGVzIGNvbnNpc3QgIG1vc3RseSBvZiBsZWF2aW5nIG91dCBs
aXR0bGUgd29yZHMgbGlrZSAib2YiIGluIHRoZSBmb2xsb3dpbmcgc2VudGVuY2UuDQoiVGhlIGFk
b3B0aW9uIG9mIGFuIFNETiBmcmFtZXdvcmsgZm9yIG1hbmFnZW1lbnQgYW5kDQogICBjb250cm9s
IHRoZSBtaWNyb3dhdmUgaW50ZXJmYWNlIGlzIG9uZSBvZiB0aGUga2V5IGFwcGxpY2F0aW9ucyBm
b3INCiAgIHRoaXMgd29yay4iDQoNClRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBzYXkgdGhh
dCB0aGV5IGFzc3VtZSBhIHNlY3VyZSB0cmFuc3BvcnQgbGF5ZXIgKGF1dGhlbnRpY2F0ZWQsIHBy
b2JhYmx5IGVuY3J5cHRpb24gaXNuJ3QgbmVjZXNzYXJ5KSBmb3IgY29tbXVuaWNhdGlvbi4gIE90
aGVyIHRoYW4gdGhhdCwgcGVyaGFwcywgdGhlcmUgbWlnaHQgYmUgc2VjdXJpdHkgY29uc2lkZXJh
dGlvbnMgZm9yIGluYWR2ZXJ0ZW50bHkgc2V0dGluZyBwYXJhbWV0ZXJzIGluY29ycmVjdGx5LCBv
ciBtYWxpY2lvdXNseSBieSBhIHRydXN0ZWQgYWRtaW5pc3RyYXRvci4gIEJ1dCB0aGlzIGRvY3Vt
ZW50IGRvZXMgbm90IHNwZWNpZnkgdGhlIHNwZWNpZmljIHBhcmFtZXRlcnMgdG8gYmUgbWFuYWdl
ZCwganVzdCBhIGdlbmVyYWwgZnJhbWV3b3JrLg0KDQpSYWRpYQ0KDQoNCg==

--_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF003252dggema521mbschi_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
5a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtm
b250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0
O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUg
MiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOWui+S9kyI7DQoJ
cGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0K
cC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0K
CW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5
OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNv
LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVy
bGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxl
LXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5l
O30NCnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0
eWxlLW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1y
aWdodDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNt
Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7
fQ0Kc3Bhbi5tNDEzMTM3NjcyODAzMTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21h
aWwtbS01MDU3MDEwOTEyMTU3NzgyNTM0Z21haWwtaWwNCgl7bXNvLXN0eWxlLW5hbWU6bV80MTMx
Mzc2NzI4MDMxMTY3MzA2Z21haWwtbV85MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbV8tNTA1NzAx
MDkxMjE1Nzc4MjUzNGdtYWlsLWlsO30NCnNwYW4uaG9lbnpiDQoJe21zby1zdHlsZS1uYW1lOmhv
ZW56Yjt9DQpzcGFuLkVtYWlsU3R5bGUyMA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglm
b250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnNw
YW4uRW1haWxTdHlsZTIxDQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQt
ZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0KLk1zb0NocERl
ZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9
DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcw
Ljg1cHQgMi4wY20gMi4wY20gMi4wY207fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRT
ZWN0aW9uMTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVk
ZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0t
PjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0K
PG86aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+
PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iYmx1ZSIgdmxp
bms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkhpIFJhZGlhLCA8bzpwPjwvbzpwPjwv
c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3
RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw
YW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlRoYW5rcyBmb3IgeW91ciByZXZpZXcuIDxvOnA+PC9v
OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjoj
MUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+UmVnYXJkaW5nIHRoZSBOTVMgYW5kIFNETiwg
YXMgRGFuaWVsZSBzdWdnZXN0ZWQsIHdlIHdpbGwgYWRkIHRoZSBmb2xsb3dpbmcgdGV4dCBpbiBz
ZWN0aW9uIDM6DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48
c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+4oCcSXQncyBub3RlZCB0aGF0IHRoZXJlJ3MgaWRl
YSB0aGF0IHRoZSBOTVMgYW5kIFNETiBhcmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbXBvbmVudCwg
YW5kIHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVuIHRoZW0gaXMgcXVpdGUgdmFndWUuIEFub3RoZXIg
ZmFjdCBpcyB0aGF0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMg
aXMgc3RpbGwNCiBjb25zaWRlcmVkIGFzIHRoZSBpbXBsZW1lbnRhdGlvbiBvZiB0aGUgbWFuYWdl
bWVudCBwbGFuZSwgd2hpbGUgU0ROIGlzIGNvbnNpZGVyZWQgYXMgdGhlIGNlbnRyYWxpemF0aW9u
IG9mIHRoZSBjb250cm9sIHBsYW5lLiBUaGV5IGFyZSBzdGlsbCBrZXB0IGFzIHNlcGFyYXRlIGNv
bXBvbmVudC7igJ08bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48
c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlJlZ2FyZGlu
ZyB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBkcmFmdCBkb2VzbuKAmXQg
c3BlY2lmeSB0aGUgcGFyYW1ldGVycy4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5UaGVyZeKAmXMgYW5vdGhl
ciBkcmFmdCBkcmFmdC1pZXRmLWNjYW1wLW13LXlhbmcsIHdoZXJlIHRoZSBzZWN1cml0eSBjb25z
aWRlcmF0aW9uIGlzIGFkZHJlc3NlZCBhcyB5b3Ugc3VnZ2VzdGVkLg0KPG86cD48L286cD48L3Nw
YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0Qi
PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IHN0eWxlPSJjb2xvcjojMUY0OTdEIj5CUiw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+QW15PG86cD48L286cD48
L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29s
aWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxiPkZyb206PC9iPiBEYW5pZWxlIENlY2NhcmVsbGkgW21haWx0bzpkYW5pZWxl
LmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tXQ0KPGJyPg0KPGI+U2VudDo8L2I+IE1vbmRheSwgTWF5
IDA3LCAyMDE4IDU6NDYgUE08YnI+DQo8Yj5Ubzo8L2I+IFJhZGlhIFBlcmxtYW4gJmx0O3JhZGlh
cGVybG1hbkBnbWFpbC5jb20mZ3Q7OyBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdv
cmsuYWxsQHRvb2xzLmlldGYub3JnOyBUaGUgSUVTRyAmbHQ7aWVzZ0BpZXRmLm9yZyZndDs7IHNl
Y2RpckBpZXRmLm9yZzxicj4NCjxiPlN1YmplY3Q6PC9iPiBSRTogU2VjZGlyIHJldmlldyBvZiBk
cmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwv
ZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0ibXNvLWZhcmVhc3Qt
bGFuZ3VhZ2U6RU4tVVMiPkhpIFJhZGlhLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6
RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
PjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+bGV0IG1lIHJlcGx5IG9u
IGJlaGFsZiBvZiB0aGUgYXV0aG9ycy4gRmlyc3Qgb2YgYWxsIG1hbnkgdGhhbmtzIGZvciB5b3Vy
IHJldmlldy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh
biBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z
cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1s
YW5ndWFnZTpFTi1VUyI+UmVnYXJkaW5nIHlvdXIgcXVlc3Rpb24gYWJvdXQgdHJhZGl0aW9uYWwg
Tk1TIHZzIFNETiBJIGFncmVlIHdpdGggeW91IG9uIHRoZSBmYWN0IHRoYXQgdGhleSBhcmUgZXZv
bHZpbmcgdG93YXJkcyBhIGNvbW1vbiBjb21wb25lbnQgYW5kIHRoZSBkaXN0aW5jdGlvbiBpcyBx
dWl0ZSBibHVycnksIGJ1dCB0aGVyZSBpcyBzdGlsbCBwbGVudHkNCiBvZiBuZXR3b3JrcyB3aGVy
ZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1h
bmFnZW1lbnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJv
bCBwbGFuZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSB0aGluZ3MuPG86cD48
L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1m
YXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMi
PkhlbmNlLCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVhayBhYm91dCDigJx0cmFkaXRpb25hbOKAnSBO
TVMgYW5kIFNETiBJIHdvdWxkIHRlbmQgdG8gYWxsb3cgZm9yIHRoZSBkaXN0aW5jdGlvbiB0byBi
ZSBrZXB0LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBzcGVha2luZyBhYm91dCB0aGUgY29udmVyZ2Vu
Y2Ugb2YgdGhlIHR3byB0aGluZ3MgY2FuIGJlIGFkZGVkLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpF
Ti1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5UaGFua3MgYSBsb3Q8bzpw
PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNv
LWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPkRhbmllbGUmbmJzcDsgKGNjYW1wIGNvLWNoYWlyKTxv
OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJt
c28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K
PGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1ZSAxLjVwdDtwYWRk
aW5nOjBjbSAwY20gMGNtIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTti
b3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Gcm9tOjwvYj4gUmFkaWEgUGVybG1hbiBbPGEgaHJl
Zj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iPm1haWx0bzpyYWRpYXBlcmxtYW5AZ21h
aWwuY29tPC9hPl0NCjxicj4NCjxiPlNlbnQ6PC9iPiBsdW5lZMOsIDcgbWFnZ2lvIDIwMTggMDg6
NTU8YnI+DQo8Yj5Ubzo8L2I+IDxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jv
d2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnIj4NCmRyYWZ0LWlldGYtY2NhbXAtbWlj
cm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+OyBUaGUgSUVTRyAmbHQ7PGEg
aHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhy
ZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciPnNlY2RpckBpZXRmLm9yZzwvYT48YnI+DQo8Yj5T
dWJqZWN0OjwvYj4gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m
cmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRp
dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIj5Tb3JyeS4uLnJlc2VuZGlu
ZyBiZWNhdXNlIEkgbWlzdHlwZWQgdGhlIGF1dGhvciBhZGRyZXNzLjxvOnA+PC9vOnA+PC9zcGFu
PjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+PG86cD4m
bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxzcGFuIGxh
bmc9IklUIj4tLS0tLS0tLS0tIEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS08YnI+DQpGcm9t
OiA8Yj5SYWRpYSBQZXJsbWFuPC9iPiAmbHQ7PGEgaHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBn
bWFpbC5jb20iPnJhZGlhcGVybG1hbkBnbWFpbC5jb208L2E+Jmd0Ozxicj4NCkRhdGU6IFN1biwg
TWF5IDYsIDIwMTggYXQgMTE6NDggUE08YnI+DQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRy
YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNTxicj4NClRvOiA8YSBocmVmPSJt
YWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1LmFsbEB0b29scy5p
ZXRmLm9yZyI+ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1LmFsbEB0b29s
cy5pZXRmLm9yZzwvYT4sIFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9y
ZyI+aWVzZ0BpZXRmLm9yZzwvYT4mZ3Q7LA0KPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9y
ZyI+c2VjZGlyQGlldGYub3JnPC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImZvbnQtc2l6ZTo5LjVwdDtm
b250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyMjIyMjIiPlN1
bW1hcnk6Jm5ic3A7IE5vIHNlY3VyaXR5IGlzc3VlcyBmb3VuZCwgYnV0IEkgZG8gaGF2ZSBxdWVz
dGlvbnMsIGFuZCB0aGVyZSBhcmUgZWRpdGluZyBnbGl0Y2hlczwvc3Bhbj48c3BhbiBsYW5nPSJJ
VCI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz
cGFuIGxhbmc9IklUIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImZvbnQtc2l6ZTo5
LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyMjIy
MjIiPkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5
IGRpcmVjdG9yYXRlJ3Mgb25nb2luZzxicj4NCmVmZm9ydCB0byZuYnNwOzxzcGFuIGNsYXNzPSJt
NDEzMTM3NjcyODAzMTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3
MDEwOTEyMTU3NzgyNTM0Z21haWwtaWwiPnJldmlldzwvc3Bhbj4mbmJzcDthbGwgSUVURiBkb2N1
bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiZuYnNwOyBUaGVzZTxicj4NCmNvbW1l
bnRzIHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0
eSBhcmVhPGJyPg0KZGlyZWN0b3JzLiZuYnNwOyBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFp
cnMgc2hvdWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3Q8YnI+DQpsaWtlIGFueSBvdGhlciBs
YXN0IGNhbGwgY29tbWVudHMuPC9zcGFuPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8bzpwPjwvbzpw
Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs
YW5nPSJJVCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPlRoaXMgZG9jdW1lbnQgZGVzY3JpYmVz
IHRoZSBtYW5hZ2VtZW50IGludGVyZmFjZSBmb3IgbWljcm93YXZlIHJhZGlvIGxpbmtzLjxvOnA+
PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz
cGFuIGxhbmc9IklUIj5JdCBhZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1
Y2ggYW4gaW50ZXJmYWNlIHNob3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRv
ci1zcGVjaWZpYyBmZWF0dXJlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+PG86cD4mbmJzcDs8L286cD48
L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu
Zz0iSVQiPkkgZG9uJ3QgdW5kZXJzdGFuZCB0aGUgZGlmZmVyZW5jZSBiZXR3ZWVuIGEgJnF1b3Q7
YSB0cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQgc3lzdGVtJnF1b3Q7IGFuZCBTRE4uJm5i
c3A7IFBlcmhhcHMgaXQgaXMgbm90IHRoZSBqb2Igb2YgdGhpcyBkb2N1bWVudCB0byBjbGVhcmx5
IG1ha2UgdGhlIGRpc3RpbmN0aW9uLCBhbmQgSSBzdXNwZWN0IHRoZXJlIGlzIG5vIHJlYWwgZGlz
dGluY3Rpb24uLi5zZXR0aW5nDQogcGFyYW1ldGVycyAodHJhZGl0aW9uYWwgbmV0d29yayBtYW5h
Z2VtZW50KSBpcyBhIHdheSBvZiAmcXVvdDtwcm9ncmFtbWluZyZxdW90OyBhbiBpbnRlcmZhY2Ug
KCZxdW90O1NETiZxdW90OykuJm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9v
OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IGxhbmc9IklUIj5UaGlzIGRvY3VtZW50IGNvdWxkIHVzZSBhbiBlZGl0aW5nIHBhc3MgZm9yIGds
aXRjaGVzLCBidXQgdGhlc2UgZ2xpdGNoZXMgZG8gbm90IGltcGFjdCBpdHMgcmVhZGFiaWxpdHku
PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K
PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIj5UaGUgZ2xpdGNoZXMg
Y29uc2lzdCZuYnNwOyBtb3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxpa2UgJnF1
b3Q7b2YmcXVvdDsgaW4gdGhlIGZvbGxvd2luZyBzZW50ZW5jZS48bzpwPjwvbzpwPjwvc3Bhbj48
L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+
JnF1b3Q7VGhlIGFkb3B0aW9uIG9mIGFuIFNETiBmcmFtZXdvcmsgZm9yIG1hbmFnZW1lbnQgYW5k
PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOyAmbmJzcDtjb250cm9sIHRoZSBtaWNyb3dhdmUgaW50
ZXJmYWNlIGlzIG9uZSBvZiB0aGUga2V5IGFwcGxpY2F0aW9ucyBmb3I8bzpwPjwvbzpwPjwvc3Bh
bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJ
VCI+Jm5ic3A7ICZuYnNwO3RoaXMgd29yay4mcXVvdDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+PG86cD4m
bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gbGFuZz0iSVQiPlRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBzYXkgdGhhdCB0
aGV5IGFzc3VtZSBhIHNlY3VyZSB0cmFuc3BvcnQgbGF5ZXIgKGF1dGhlbnRpY2F0ZWQsIHByb2Jh
Ymx5IGVuY3J5cHRpb24gaXNuJ3QgbmVjZXNzYXJ5KSBmb3IgY29tbXVuaWNhdGlvbi4mbmJzcDsg
T3RoZXIgdGhhbiB0aGF0LCBwZXJoYXBzLCB0aGVyZSBtaWdodCBiZSBzZWN1cml0eSBjb25zaWRl
cmF0aW9ucyBmb3IgaW5hZHZlcnRlbnRseQ0KIHNldHRpbmcgcGFyYW1ldGVycyBpbmNvcnJlY3Rs
eSwgb3IgbWFsaWNpb3VzbHkgYnkgYSB0cnVzdGVkIGFkbWluaXN0cmF0b3IuJm5ic3A7IEJ1dCB0
aGlzIGRvY3VtZW50IGRvZXMgbm90IHNwZWNpZnkgdGhlIHNwZWNpZmljIHBhcmFtZXRlcnMgdG8g
YmUgbWFuYWdlZCwganVzdCBhIGdlbmVyYWwgZnJhbWV3b3JrLjxvOnA+PC9vOnA+PC9zcGFuPjwv
cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIiBz
dHlsZT0iY29sb3I6Izg4ODg4OCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+
DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJjb2xv
cjojODg4ODg4Ij5SYWRpYTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxk
aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImNvbG9yOiM4
ODg4ODgiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rp
dj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5i
c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9i
b2R5Pg0KPC9odG1sPg0K

--_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF003252dggema521mbschi_--


From nobody Thu May 10 10:19:29 2018
Return-Path: <wassim.haddad@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79CF8126E01 for <secdir@ietfa.amsl.com>; Thu, 10 May 2018 10:19:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level: 
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=ZBXNKVLq; dkim=pass (1024-bit key) header.d=ericsson.com header.b=KzEd/H0r
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vV5wcmkorEya for <secdir@ietfa.amsl.com>; Thu, 10 May 2018 10:19:25 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 221F3124B17 for <secdir@ietf.org>; Thu, 10 May 2018 10:19:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1525972763; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=uZre1LO2m5QTjayy0Q5w85Kd1iuAP6MI7rO9qLMC4AY=; b=ZBXNKVLqgXM4o4nUyiqXc8eVbuGL/rwAFypttBGfpPe2IFVjq5JUz6/ZIQS7tXGR 9o/O32XkJ+w3syIbFhwtkzM7PtUSnb/l2gvaNaoPVVlg9lch80DAHc6OrGUfhRpj KYdrQFQkDSKJzFRQMRmGAHJyt1mDJm1h1IbpDVQ4ONU=;
X-AuditID: c1b4fb2d-689ff7000000050d-a0-5af47f1ae219
Received: from ESESSHC024.ericsson.se (Unknown_Domain [153.88.183.90]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 49.D5.01293.A1F74FA5; Thu, 10 May 2018 19:19:23 +0200 (CEST)
Received: from ESESSMB504.ericsson.se (153.88.183.165) by ESESSHC024.ericsson.se (153.88.183.90) with Microsoft SMTP Server (TLS) id 14.3.382.0; Thu, 10 May 2018 19:19:22 +0200
Received: from ESESSMB504.ericsson.se (153.88.183.165) by ESESSMB504.ericsson.se (153.88.183.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 10 May 2018 19:19:22 +0200
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB504.ericsson.se (153.88.183.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 10 May 2018 19:19:22 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=uZre1LO2m5QTjayy0Q5w85Kd1iuAP6MI7rO9qLMC4AY=; b=KzEd/H0rqWbFp9jK2JARp6qK00axPemVBUTfViMWWeKh+4fP9yY2+cPq4Sitm2Mce/WFmU1KTeLOnu6m/v5fQ4TwkjrbPNOwfsE87nHMU6XAx9yHH39XbG1Yz3fUnuGImcPmNWRwwARz7i82IXCYqEzAfJSjUFEn9BA0Ut1av9k=
Received: from BYAPR15MB2216.namprd15.prod.outlook.com (52.135.196.155) by BYAPR15MB2311.namprd15.prod.outlook.com (52.135.197.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.735.17; Thu, 10 May 2018 17:19:19 +0000
Received: from BYAPR15MB2216.namprd15.prod.outlook.com ([fe80::7448:aaef:4239:1b5f]) by BYAPR15MB2216.namprd15.prod.outlook.com ([fe80::7448:aaef:4239:1b5f%13]) with mapi id 15.20.0755.012; Thu, 10 May 2018 17:19:18 +0000
From: Wassim Haddad <wassim.haddad@ericsson.com>
To: Tero Kivinen <kivinen@iki.fi>
CC: Wassim Haddad <wassim.haddad@ericsson.com>, "secdir@ietf.org" <secdir@ietf.org>, Suresh Krishnan <suresh.krishnan@ericsson.com>, "Juan Carlos Zuniga" <juancarlos.zuniga@sigfox.com>
Thread-Topic: Request Review draft-ietf-intarea-provisioning-domains-01
Thread-Index: AQHT6IMHB/fjqLq8BUOvEkTce/Hing==
Date: Thu, 10 May 2018 17:19:18 +0000
Message-ID: <5D347C05-B251-489F-A520-5BE1FFF930D5@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
x-originating-ip: [129.192.183.10]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR15MB2311; 7:wMGIlRt9TZgrdeWQTG4Lc55q2byb9hrNIKlasWyLmLiifv18d1lSP7V2AFKoHabktzJytjq3IDTqV4LhIMkmHQlCVOdPSCUU2FSib43iF9qGzmJ6Y2NDZNCdQF1SUcKkC8A56kFWB8xA/W0kBpT1VTdR6QBTN58M14NHbuWsvYnwg0qd5Miw1SFKrONOYZUhPl2rB7kqEO0HwNT4GIZgbI0Tc5JXHi+PF0G3axRfYFuR/pw5PR8/BUoSZsiCR9oX
x-ms-exchange-antispam-srfa-diagnostics: SOS;SOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(39380400002)(366004)(396003)(189003)(199004)(316002)(5660300001)(54906003)(3846002)(3660700001)(4326008)(50226002)(5250100002)(97736004)(14454004)(57306001)(25786009)(8676002)(66066001)(105586002)(6116002)(6506007)(36756003)(33656002)(106356001)(7736002)(81156014)(8936002)(305945005)(81166006)(3280700002)(82746002)(44832011)(86362001)(2900100001)(6436002)(476003)(486006)(966005)(102836004)(6512007)(26005)(59450400001)(83716003)(6346003)(186003)(2616005)(68736007)(478600001)(6306002)(99286004)(6916009)(53936002)(2906002)(6486002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR15MB2311; H:BYAPR15MB2216.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; 
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BYAPR15MB2311; 
x-ms-traffictypediagnostic: BYAPR15MB2311:
x-microsoft-antispam-prvs: <BYAPR15MB2311EA56A6AE7620CE5E627599980@BYAPR15MB2311.namprd15.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231254)(944501410)(52105095)(149027)(150027)(6041310)(20161123564045)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:BYAPR15MB2311; BCL:0; PCL:0; RULEID:; SRVR:BYAPR15MB2311; 
x-forefront-prvs: 066898046A
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=wassim.haddad@ericsson.com; 
x-microsoft-antispam-message-info: sPJSyuD0IrrRq5JKlDNfYuSWANHFnd3eDio7UlX0RTEsQnzeli7AHdIm8tljn7+jbqnCHRIK34ut0zg2JYJwk9gjPgDugiGuO67H0Xp6LFj54dfYn38ThXDj9IHtjIv2WbDtB9msUzeZnEi9YNujt7uAlxufWQpiKiJmJDe0qXwWGEBGoZmOP/R+bw6+PsvC
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <3DF5C3A78A35084A98AFCE4BA721F8CE@namprd15.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: ef037c56-a434-4746-b844-08d5b69a29df
X-MS-Exchange-CrossTenant-Network-Message-Id: ef037c56-a434-4746-b844-08d5b69a29df
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 May 2018 17:19:18.5289 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2311
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02SbUhTURjHOffebXezwXFpPikFrjQSnW9JQpFmRoO++E27H9KhFx3OabtT si+KkKhjYlLa1FriepuSvcy0FNRphsom+EVxSZpvjPIl0/UiSc47oW+///95/uc8z+HQpKxF EEyrtXpWp1Vp5EIJZcroZqJCyraYmAYPlWh0NaHEDxMrwsSN1nkqmVRaLL8J5dB2K6Vc2lCn kYzkfA6rUZewuugLWZK8nk2XoGiNvFk+YKfK0RxZg8Q04DMwbTdSNUhCy/AwAstCLckLG4JZ 55SIFx4ELxtb9yMybCFgxHTCW6DwJgGVk7sE32UiwDw+inixgKBvrFnojQhxDGw/dQi8HIBD oXexaz9B4j4EzX++iLyFwzgFlu40ivimK9D16baQZwU0TH/bv5vCYTDsmNkbl6alOAnGDYzX RvgI/BzrILxM4iCYWTQT/HYYLH0Tvk0Dwb2wK+D5GPS7q309clj1WKkDf9JsQDzbCGhYj+Q5 Fj4+799/GMB/BdBpXEa8eIugwmn2nRoBmy86RDznw1z7iM8/B25nr4+Pg9U4T/HhLhKGDN2i OhTX9N/kTXvLkfg0dL6P5m0lmNYdJM+hcNcwL/KyFPvDqGmReoQEVhTIsRxXkBsXr2B16myO K9QqtKz+Ndr7M4O2nage1P71oh1hGskPScsytxiZQFXClRbYEdCkPED6y/mDkUlzVKW3WF1h pq5Yw3J2FEJT8iCpwtrHyHCuSs/ms2wRqzuoErQ4uBxRkDWrLsut99OHKXprXSupYH1s+e5g 3hldW8I2T6ooYWtEk/5sduBUiOvaatXlnCTb9fizzsnIweQp631DUPGSXdk+mPTwUlW1ukF8 I+jkmvlzhiwBllse1Pu3Xc0Sp796Ik9BdV3apqPhabZKvwpHszt7543FPLwYfm85T05xearY CFLHqf4BD2ukIy8DAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/4QkJJpxEyQ3dDrRMCatmuIdA-08>
Subject: [secdir] Request Review draft-ietf-intarea-provisioning-domains-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2018 17:19:27 -0000

SGkgVGVybywNCg0KSW50YXJlYSBXRyBjaGFpcnMgd291bGQgbGlrZSBwbGVhc2UgdG8gKHJlKS1y
ZXF1ZXN0IHNlY3VyaXR5IGRpcmVjdG9yYXRlIHRvIHJldmlldyBkcmFmdC1pZXRmLWludGFyZWEt
cHJvdmlzaW9uaW5nLWRvbWFpbnMtMDEgKOKAnERpc2NvdmVyaW5nIFByb3Zpc2lvbmluZyBEb21h
aW5zIE5hbWVzIGFuZCBEYXRh4oCdKToNCg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaWQvZHJhZnQt
aWV0Zi1pbnRhcmVhLXByb3Zpc2lvbmluZy1kb21haW5zLTAxLnR4dA0KDQpDb21tZW50cyBhbmQg
ZmVlZGJhY2sgd291bGQgYmUgaGlnaGx5IGFwcHJlY2lhdGVkLg0KDQoNClJlZ2FyZHMsDQoNCldh
c3NpbSAmIEp1YW4gQ2FybG9z


From nobody Thu May 10 10:23:11 2018
Return-Path: <wassim.haddad@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9823812D94C for <secdir@ietfa.amsl.com>; Thu, 10 May 2018 10:23:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.309
X-Spam-Level: 
X-Spam-Status: No, score=-4.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=bITAbffg; dkim=pass (1024-bit key) header.d=ericsson.com header.b=WFlLONGW
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EprX1UYXJv0w for <secdir@ietfa.amsl.com>; Thu, 10 May 2018 10:23:07 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 444B2124B17 for <secdir@ietf.org>; Thu, 10 May 2018 10:23:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1525972985; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ShGgzKRaEkmtqHxE+mcj3cCNuhYmIzFT027CMHqHth4=; b=bITAbffgk69wsXluKD4aKAj72rbowS0WGkjgOLVvqd+s+/W8ZJ2e2I8b1AtSRZwu VXHHsJApyv18t/Iaw/1XsIaUwzwn5Z4gqIeRG5gHGAQj/zpirvQm3QdlWGI+6Wdu Ny1TNhrFGWuI5PepcAnU1WP+wKmqcIlbsQDX36/r/J8=;
X-AuditID: c1b4fb2d-689ff7000000050d-f0-5af47ff9341c
Received: from ESESSHC015.ericsson.se (Unknown_Domain [153.88.183.63]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 50.46.01293.9FF74FA5; Thu, 10 May 2018 19:23:05 +0200 (CEST)
Received: from ESESBMB503.ericsson.se (153.88.183.170) by ESESSHC015.ericsson.se (153.88.183.63) with Microsoft SMTP Server (TLS) id 14.3.382.0; Thu, 10 May 2018 19:23:05 +0200
Received: from ESESBMB503.ericsson.se (153.88.183.170) by ESESBMB503.ericsson.se (153.88.183.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 10 May 2018 19:23:04 +0200
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB503.ericsson.se (153.88.183.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 10 May 2018 19:23:04 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ShGgzKRaEkmtqHxE+mcj3cCNuhYmIzFT027CMHqHth4=; b=WFlLONGWcAShU7my7YgKmURhwSfWrG2QUM/0JiXs9fBmBfC4L+7Zt6YACfbPUzLXOTnQtguS7kaetN9ZhyZKA+yqeXdCj7WvNlsMrUE9aAL/sojIbxs9rtCEAEguX2Wn5Uc3c3+vpOvNpSuQFmjS7SQYesIVh/AoO9pY7m3dxWM=
Received: from BYAPR15MB2216.namprd15.prod.outlook.com (52.135.196.155) by BYAPR15MB2200.namprd15.prod.outlook.com (52.135.196.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.735.20; Thu, 10 May 2018 17:23:02 +0000
Received: from BYAPR15MB2216.namprd15.prod.outlook.com ([fe80::7448:aaef:4239:1b5f]) by BYAPR15MB2216.namprd15.prod.outlook.com ([fe80::7448:aaef:4239:1b5f%13]) with mapi id 15.20.0755.012; Thu, 10 May 2018 17:23:02 +0000
From: Wassim Haddad <wassim.haddad@ericsson.com>
To: Tero Kivinen <kivinen@iki.fi>
CC: Wassim Haddad <wassim.haddad@ericsson.com>, Suresh Krishnan <Suresh@kaloom.com>, Juan Carlos Zuniga <juancarlos.zuniga@sigfox.com>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Request Review draft-ietf-intarea-provisioning-domains-01
Thread-Index: AQHT6IMHQpZDtTdqMEKZ/itlVZpOZQ==
Date: Thu, 10 May 2018 17:23:01 +0000
Message-ID: <6C889A7B-D1F0-421F-93C3-538CD947420D@ericsson.com>
References: <5D347C05-B251-489F-A520-5BE1FFF930D5@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
x-originating-ip: [129.192.183.10]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR15MB2200; 7:yDpdefxIq1YbE2S3rD6Pky/vGeKRew76Nqf97Y98DTSTHgqBMuENGDx6zKeqgAYhYIkILS4HHLiwdSNgzbtEbuO01w16V6gJZIKXToBGJYj0i3htoWeT+wnhdjA6rYTUfLJWWzUatI66YdvJWmoe/2zSlHOaZHOeYjDdBDOzodUvVtju5oY6O9LvbemkI0GuDoqIvg4whA2Yzy6TOLr8ArDLKuXjeUWPd5Ace2mj3S3+m+fP6dqdkEmrk+aODGCB
x-ms-exchange-antispam-srfa-diagnostics: SOS;SOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10009020)(979002)(366004)(39860400002)(346002)(396003)(376002)(39380400002)(199004)(189003)(36756003)(102836004)(33656002)(105586002)(26005)(2906002)(6346003)(86362001)(6436002)(229853002)(3280700002)(606006)(106356001)(3660700001)(5660300001)(14454004)(59450400001)(99286004)(76176011)(5250100002)(186003)(82746002)(6486002)(6506007)(2473003)(966005)(8676002)(476003)(2616005)(478600001)(66066001)(7736002)(53936002)(2900100001)(236005)(6306002)(8936002)(54906003)(6512007)(50226002)(6116002)(486006)(3846002)(54896002)(81166006)(25786009)(57306001)(446003)(6916009)(68736007)(4326008)(97736004)(81156014)(83716003)(44832011)(316002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR15MB2200; H:BYAPR15MB2216.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; 
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(2017052603328)(7153060)(7193020); SRVR:BYAPR15MB2200; 
x-ms-traffictypediagnostic: BYAPR15MB2200:
x-microsoft-antispam-prvs: <BYAPR15MB2200514419BB135BD7CAA5F699980@BYAPR15MB2200.namprd15.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(37575265505322)(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231254)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:BYAPR15MB2200; BCL:0; PCL:0; RULEID:; SRVR:BYAPR15MB2200; 
x-forefront-prvs: 066898046A
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=wassim.haddad@ericsson.com; 
x-microsoft-antispam-message-info: cVh5JbXQwC+865jjT4kzZ9uLWdc2hQ4MSjzAjuiUJLAmo5MF0AWczJVbu1jQfASI4R7U/w15c6z8uzMJC2NWohfgRQyP/25JuJfa2ZJCgl1/qBP5/8kIm+XH7mOs1gSdN0QTlIEnwOZJFJe5udFM1VQ88MkHPXW9K1G2TQvaRK3ENAo4XGos3AXC5XG0lgei
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_6C889A7BD1F0421F93C3538CD947420Dericssoncom_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 4278f83f-3a9b-49c0-b5b2-08d5b69aaf07
X-MS-Exchange-CrossTenant-Network-Message-Id: 4278f83f-3a9b-49c0-b5b2-08d5b69aaf07
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 May 2018 17:23:01.9592 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2200
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0iTURjHOe/7br5eRsel+eAVF0lKXmYWfpDsgriIqE8RE7WhLzq87zXL IhTK8sLCrDCXNc2JZoaVl7xMNEtFU1dpX9Qsc2W6hHktTTS3d4Lffv/z/J5znsM5NCns4znT 8uR0RpEsSxTxbaiS869DfVezlqQBpXdcg5VjKhTcrZvmBxvLJ6ngpvx+6igl0WhWCcnb5XJK oht5YCX5YZSfpaQ2IbFMojyDUfgfuWATP9e0iVJ/Hrp841sRmY3UQfmIpgEHwa+btvnIhhbi dwjmC9utuNCAYEBtCtZbYQVB5ZiUYw0B058PmyQKLxDwwjjJ5zpKCKgwKi3tUwjKZovN7Xwc AMtVgzwTO2BPaNM3EiaJxHUINjrqCVNhNw4H7UIeyUnh0Diew+fYDz4ODJsdCu+D32tasyPA ofD99jzJzRQKz9eyzYchvAf+9NeafRI7wahebWbAGDRaHcmxI8xMbfA4doOOmTyLI4K5lRpq e/2TugCZBgXcQEBB97ClWQy9TztIrqDnw0S1kceFJgQthq8WywdKR8YtWyVA82o74vgUFKj0 Vhy7Q41ykipEYtWOaTmOgY5BPV9lvqk99JXoKdXWc5HYG+pa/TnFE+4VTFpxvB9ySh9ZWAK6 7lvkTqcM0TXIkWVYNiku8KAfo5DHsGxKsl8yk/4KbX2wNw3/fJvRM8OxLoRpJLITZEUvSYU8 WQabmdSFgCZFDoK/Q4tSoSBWlnmFUaREKy4mMmwXcqEpkZPAr0YrFeI4WTqTwDCpjGK7StDW ztnoUlgvE32gM0Kyrhal9XhU+d/PHQ90tVMqJwYrOqPGPQzVo0+iI744ul+tq13vV7idczpu eDw0xHsZ4Xb9RNtEf0QlkRr1cHNWtgLViz13wT5u6X3uruLw+MimtDNnxC0fWk8bvKS6a+6R Didzhm29whjv2KLSenkIK9ZoDXtdRBQbLxP7kApW9h9c9vthXAMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/gStyxveCYqxgJQeU6SifwA5xDhY>
Subject: [secdir] Fwd: Request Review draft-ietf-intarea-provisioning-domains-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2018 17:23:09 -0000

--_000_6C889A7BD1F0421F93C3538CD947420Dericssoncom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

UmUtc2VuZGluZyB3aXRoIFN1cmVzaCBjb3JyZWN0IGVtYWlsIGFkZHJlc3MNCg0KDQpCZWdpbiBm
b3J3YXJkZWQgbWVzc2FnZToNCg0KRnJvbTogV2Fzc2ltIEhhZGRhZCA8d2Fzc2ltLmhhZGRhZEBl
cmljc3Nvbi5jb208bWFpbHRvOndhc3NpbS5oYWRkYWRAZXJpY3Nzb24uY29tPj4NClN1YmplY3Q6
IFJlcXVlc3QgUmV2aWV3IGRyYWZ0LWlldGYtaW50YXJlYS1wcm92aXNpb25pbmctZG9tYWlucy0w
MQ0KRGF0ZTogTWF5IDEwLCAyMDE4IGF0IDEwOjE5OjU4IFBEVA0KVG86IFRlcm8gS2l2aW5lbiA8
a2l2aW5lbkBpa2kuZmk8bWFpbHRvOmtpdmluZW5AaWtpLmZpPj4NCkNjOiBXYXNzaW0gSGFkZGFk
IDx3YXNzaW0uaGFkZGFkQGVyaWNzc29uLmNvbTxtYWlsdG86d2Fzc2ltLmhhZGRhZEBlcmljc3Nv
bi5jb20+Piwgc2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+LCBTdXJlc2gg
S3Jpc2huYW4gPHN1cmVzaC5rcmlzaG5hbkBlcmljc3Nvbi5jb208bWFpbHRvOnN1cmVzaC5rcmlz
aG5hbkBlcmljc3Nvbi5jb20+PiwgSnVhbiBDYXJsb3MgWnVuaWdhIDxqdWFuY2FybG9zLnp1bmln
YUBzaWdmb3guY29tPG1haWx0bzpqdWFuY2FybG9zLnp1bmlnYUBzaWdmb3guY29tPj4NCg0KSGkg
VGVybywNCg0KSW50YXJlYSBXRyBjaGFpcnMgd291bGQgbGlrZSBwbGVhc2UgdG8gKHJlKS1yZXF1
ZXN0IHNlY3VyaXR5IGRpcmVjdG9yYXRlIHRvIHJldmlldyBkcmFmdC1pZXRmLWludGFyZWEtcHJv
dmlzaW9uaW5nLWRvbWFpbnMtMDEgKOKAnERpc2NvdmVyaW5nIFByb3Zpc2lvbmluZyBEb21haW5z
IE5hbWVzIGFuZCBEYXRh4oCdKToNCg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaWQvZHJhZnQtaWV0
Zi1pbnRhcmVhLXByb3Zpc2lvbmluZy1kb21haW5zLTAxLnR4dA0KDQpDb21tZW50cyBhbmQgZmVl
ZGJhY2sgd291bGQgYmUgaGlnaGx5IGFwcHJlY2lhdGVkLg0KDQoNClJlZ2FyZHMsDQoNCldhc3Np
bSAmIEp1YW4gQ2FybG9zDQoNCg==

--_000_6C889A7BD1F0421F93C3538CD947420Dericssoncom_
Content-Type: text/html; charset="utf-8"
Content-ID: <988369F188BFC242BC6161DE9EEAA32E@namprd15.prod.outlook.com>
Content-Transfer-Encoding: base64

PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i
dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy
YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy
ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KUmUtc2VuZGluZyB3aXRoIFN1cmVz
aCBjb3JyZWN0IGVtYWlsIGFkZHJlc3M8YnIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRp
diBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8ZGl2PjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3Rl
IHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5CZWdpbiBmb3J3YXJkZWQgbWVz
c2FnZTo8L2Rpdj4NCjxiciBjbGFzcz0iQXBwbGUtaW50ZXJjaGFuZ2UtbmV3bGluZSI+DQo8ZGl2
IHN0eWxlPSJtYXJnaW4tdG9wOiAwcHg7IG1hcmdpbi1yaWdodDogMHB4OyBtYXJnaW4tYm90dG9t
OiAwcHg7IG1hcmdpbi1sZWZ0OiAwcHg7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJmb250LWZh
bWlseTogLXdlYmtpdC1zeXN0ZW0tZm9udCwgSGVsdmV0aWNhIE5ldWUsIEhlbHZldGljYSwgc2Fu
cy1zZXJpZjsgY29sb3I6cmdiYSgwLCAwLCAwLCAxLjApOyIgY2xhc3M9IiI+PGIgY2xhc3M9IiI+
RnJvbToNCjwvYj48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiAtd2Via2l0LXN5c3Rl
bS1mb250LCBIZWx2ZXRpY2EgTmV1ZSwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+
V2Fzc2ltIEhhZGRhZCAmbHQ7PGEgaHJlZj0ibWFpbHRvOndhc3NpbS5oYWRkYWRAZXJpY3Nzb24u
Y29tIiBjbGFzcz0iIj53YXNzaW0uaGFkZGFkQGVyaWNzc29uLmNvbTwvYT4mZ3Q7PGJyIGNsYXNz
PSIiPg0KPC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luLXRvcDogMHB4OyBtYXJnaW4t
cmlnaHQ6IDBweDsgbWFyZ2luLWJvdHRvbTogMHB4OyBtYXJnaW4tbGVmdDogMHB4OyIgY2xhc3M9
IiI+DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJraXQtc3lzdGVtLWZvbnQsIEhlbHZl
dGljYSBOZXVlLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IGNvbG9yOnJnYmEoMCwgMCwgMCwgMS4w
KTsiIGNsYXNzPSIiPjxiIGNsYXNzPSIiPlN1YmplY3Q6DQo8L2I+PC9zcGFuPjxzcGFuIHN0eWxl
PSJmb250LWZhbWlseTogLXdlYmtpdC1zeXN0ZW0tZm9udCwgSGVsdmV0aWNhIE5ldWUsIEhlbHZl
dGljYSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPjxiIGNsYXNzPSIiPlJlcXVlc3QgUmV2aWV3IGRy
YWZ0LWlldGYtaW50YXJlYS1wcm92aXNpb25pbmctZG9tYWlucy0wMTwvYj48YnIgY2xhc3M9IiI+
DQo8L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW4tdG9wOiAwcHg7IG1hcmdpbi1yaWdo
dDogMHB4OyBtYXJnaW4tYm90dG9tOiAwcHg7IG1hcmdpbi1sZWZ0OiAwcHg7IiBjbGFzcz0iIj4N
CjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zeXN0ZW0tZm9udCwgSGVsdmV0aWNh
IE5ldWUsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsgY29sb3I6cmdiYSgwLCAwLCAwLCAxLjApOyIg
Y2xhc3M9IiI+PGIgY2xhc3M9IiI+RGF0ZToNCjwvYj48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt
ZmFtaWx5OiAtd2Via2l0LXN5c3RlbS1mb250LCBIZWx2ZXRpY2EgTmV1ZSwgSGVsdmV0aWNhLCBz
YW5zLXNlcmlmOyIgY2xhc3M9IiI+TWF5IDEwLCAyMDE4IGF0IDEwOjE5OjU4IFBEVDxiciBjbGFz
cz0iIj4NCjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbi10b3A6IDBweDsgbWFyZ2lu
LXJpZ2h0OiAwcHg7IG1hcmdpbi1ib3R0b206IDBweDsgbWFyZ2luLWxlZnQ6IDBweDsiIGNsYXNz
PSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiAtd2Via2l0LXN5c3RlbS1mb250LCBIZWx2
ZXRpY2EgTmV1ZSwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBjb2xvcjpyZ2JhKDAsIDAsIDAsIDEu
MCk7IiBjbGFzcz0iIj48YiBjbGFzcz0iIj5UbzoNCjwvYj48L3NwYW4+PHNwYW4gc3R5bGU9ImZv
bnQtZmFtaWx5OiAtd2Via2l0LXN5c3RlbS1mb250LCBIZWx2ZXRpY2EgTmV1ZSwgSGVsdmV0aWNh
LCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+VGVybyBLaXZpbmVuICZsdDs8YSBocmVmPSJtYWlsdG86
a2l2aW5lbkBpa2kuZmkiIGNsYXNzPSIiPmtpdmluZW5AaWtpLmZpPC9hPiZndDs8YnIgY2xhc3M9
IiI+DQo8L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW4tdG9wOiAwcHg7IG1hcmdpbi1y
aWdodDogMHB4OyBtYXJnaW4tYm90dG9tOiAwcHg7IG1hcmdpbi1sZWZ0OiAwcHg7IiBjbGFzcz0i
Ij4NCjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zeXN0ZW0tZm9udCwgSGVsdmV0
aWNhIE5ldWUsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsgY29sb3I6cmdiYSgwLCAwLCAwLCAxLjAp
OyIgY2xhc3M9IiI+PGIgY2xhc3M9IiI+Q2M6DQo8L2I+PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250
LWZhbWlseTogLXdlYmtpdC1zeXN0ZW0tZm9udCwgSGVsdmV0aWNhIE5ldWUsIEhlbHZldGljYSwg
c2Fucy1zZXJpZjsiIGNsYXNzPSIiPldhc3NpbSBIYWRkYWQgJmx0OzxhIGhyZWY9Im1haWx0bzp3
YXNzaW0uaGFkZGFkQGVyaWNzc29uLmNvbSIgY2xhc3M9IiI+d2Fzc2ltLmhhZGRhZEBlcmljc3Nv
bi5jb208L2E+Jmd0OywNCjxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciIGNsYXNzPSIi
PnNlY2RpckBpZXRmLm9yZzwvYT4sIFN1cmVzaCBLcmlzaG5hbiAmbHQ7PGEgaHJlZj0ibWFpbHRv
OnN1cmVzaC5rcmlzaG5hbkBlcmljc3Nvbi5jb20iIGNsYXNzPSIiPnN1cmVzaC5rcmlzaG5hbkBl
cmljc3Nvbi5jb208L2E+Jmd0OywgSnVhbiBDYXJsb3MgWnVuaWdhICZsdDs8YSBocmVmPSJtYWls
dG86anVhbmNhcmxvcy56dW5pZ2FAc2lnZm94LmNvbSIgY2xhc3M9IiI+anVhbmNhcmxvcy56dW5p
Z2FAc2lnZm94LmNvbTwvYT4mZ3Q7PGJyIGNsYXNzPSIiPg0KPC9zcGFuPjwvZGl2Pg0KPGJyIGNs
YXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+SGkgVGVybyw8YnIgY2xhc3M9
IiI+DQo8YnIgY2xhc3M9IiI+DQpJbnRhcmVhIFdHIGNoYWlycyB3b3VsZCBsaWtlIHBsZWFzZSB0
byAocmUpLXJlcXVlc3Qgc2VjdXJpdHkgZGlyZWN0b3JhdGUgdG8gcmV2aWV3IGRyYWZ0LWlldGYt
aW50YXJlYS1wcm92aXNpb25pbmctZG9tYWlucy0wMSAo4oCcRGlzY292ZXJpbmcgUHJvdmlzaW9u
aW5nIERvbWFpbnMgTmFtZXMgYW5kIERhdGHigJ0pOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i
Ij4NCjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL2lkL2RyYWZ0LWlldGYtaW50YXJlYS1w
cm92aXNpb25pbmctZG9tYWlucy0wMS50eHQiIGNsYXNzPSIiPmh0dHBzOi8vd3d3LmlldGYub3Jn
L2lkL2RyYWZ0LWlldGYtaW50YXJlYS1wcm92aXNpb25pbmctZG9tYWlucy0wMS50eHQ8L2E+PGJy
IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KQ29tbWVudHMgYW5kIGZlZWRiYWNrIHdvdWxkIGJl
IGhpZ2hseSBhcHByZWNpYXRlZC48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xh
c3M9IiI+DQpSZWdhcmRzLDxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCldhc3NpbSAmYW1w
OyBKdWFuIENhcmxvczwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxiciBj
bGFzcz0iIj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_6C889A7BD1F0421F93C3538CD947420Dericssoncom_--


From nobody Fri May 11 08:51:16 2018
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9041312EAEE; Fri, 11 May 2018 08:51:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level: 
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NXyj-5cG3m-X; Fri, 11 May 2018 08:50:57 -0700 (PDT)
Received: from mail-lf0-x243.google.com (mail-lf0-x243.google.com [IPv6:2a00:1450:4010:c07::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0798312EAF7; Fri, 11 May 2018 08:50:57 -0700 (PDT)
Received: by mail-lf0-x243.google.com with SMTP id r2-v6so8599721lff.4; Fri, 11 May 2018 08:50:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=/Utcay9ANfxXBPlrLudnx4FgPG4MIGu/4E/JQ+zn+2I=; b=dRGuhKa4ooaab289fyIwMn+RUhLq0U/N3v18r6GHydg1EZe9s/ao2QIqynXSgx6Txp wVzwx+BKdpOHOli09C0DkbY6DDRC5I8RKslfniZU6OUV8c0PqAqshW6XTOo2zNoOfirA 7Wny5GGn5C2jZjJJGkQ3VbQAPvv70J7Ih22PCx4q0GDdCbfn7HC9siJskxqM+ajcHrjQ 57uqM1V64APYKbTythXwCe2SQRPfCqf4TSb1uVHp6ius9ZpOjBhphAxd5tmEijMaWEr5 HS798FVWAv4HOaQdIBY50tMbCJlrRO0OJk8b7QyEd41BfK9TQtAa/qZbye55tfW2Ql2D 7CWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=/Utcay9ANfxXBPlrLudnx4FgPG4MIGu/4E/JQ+zn+2I=; b=gs3o2jpI9KBClS0t5zcsh07pP4Kl82QGuf/9fed6VVore0HO5DqejropmglKVG9IIf k+8LljWNJE//At0On2W7qTZMzOXpXPuCIHWB7AvtoIW/pV6NY6mC/ogx8saYrJh+N9PP /UXYNpahgayV4EDc10B24+slbhAVRghPt9J/JPQNp98PHqZiWjN+oifShpPbAJ7EGOXp uXFQwavbUo4JnJnOjTixni11RWXhPlf1GYF+MkPgiSKGzBXZ/nULUE0WqKU1QygCa/UN V1E2mZUWqoaE0LULCO6zMLjUjXG3/T2wAIVRVgZM20KyHKZh/SUbuj5ngxb8qotJF0sJ r+xQ==
X-Gm-Message-State: ALKqPwdQ6zyclpV30ygnoED5q4NhVSSh9KbAvJ+JhAOnBb+8wqMvfNvu +/V7F36VS+qe1kz1i84ysC+EDmENpCTQLo2qcmSo5g==
X-Google-Smtp-Source: AB8JxZoJPAQCTahGmmQ0KI8rc5i+weFgxz9FL4sGE+h9UH1ANTvX4UBfOwL6j2Jdo+MA8CTdud9FCPHn1I8ovy1exTc=
X-Received: by 2002:a19:2143:: with SMTP id h64-v6mr1865250lfh.73.1526053855198;  Fri, 11 May 2018 08:50:55 -0700 (PDT)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 10.46.158.88 with HTTP; Fri, 11 May 2018 08:50:54 -0700 (PDT)
In-Reply-To: <052201d3e247$19431b20$4bc95160$@augustcellars.com>
References: <152485706488.6011.12980717250490137013@ietfa.amsl.com> <052201d3e247$19431b20$4bc95160$@augustcellars.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Fri, 11 May 2018 11:50:54 -0400
X-Google-Sender-Auth: G5Fi-cACOSEOFW2F-2PJliiK4C8
Message-ID: <CADZyTk=px0hX5q1sU2+GAbjG=C=4S1VknkoWszYaQ+fadzQ26g@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: secdir@ietf.org, spasm@ietf.org, ietf@ietf.org,  draft-ietf-lamps-rfc5751-bis.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f284ee056bf019b1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/4yqM_c5m9-ALysIaXbBH7WRI658>
Subject: Re: [secdir] [lamps] Secdir last call review of draft-ietf-lamps-rfc5751-bis-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 15:51:06 -0000

--000000000000f284ee056bf019b1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Jim,

Thanks you for the clarifications. Please see my comments inline.

Yours,
Daniel

On Wed, May 2, 2018 at 2:55 PM, Jim Schaad <ietf@augustcellars.com> wrote:

> I have published a -08 with these changes.
>
> > -----Original Message-----
> > From: Daniel Migault <daniel.migault@ericsson.com>
> > Sent: Friday, April 27, 2018 12:24 PM
> > To: secdir@ietf.org
> > Cc: spasm@ietf.org; ietf@ietf.org; draft-ietf-lamps-rfc5751-bis.a
> ll@ietf.org
> > Subject: Secdir last call review of draft-ietf-lamps-rfc5751-bis-07
> >
> > Reviewer: Daniel Migault
> > Review result: Has Nits
> >
> > Hi,
> >
> >
> > I have reviewed this document as part of the security directorate's
> ongoing
> > effort to review all IETF documents being processed by the IESG.
> > These comments were written primarily for the benefit of the security
> area
> > directors.  Document editors and WG chairs should treat these comments
> > just like any other last call comments.
> >
> > The summary of the review is Has Minor Nits
> >
> >
> > Please find my comments while reading the draft.
> >
> > Yours,
> >
> > Daniel
> >
> >
> > 1.  Introduction
> >
> > As a supplementary service, S/MIME provides for message
> >    compression.
> >
> > maybe :
> > As a supplementary service, S/MIME provides message
> >    compression.
> >
>
> Done
>
> >
> > 1.3.  Conventions Used in This Document
> >
> > The term RSA in this document almost always refers to the PKCS#1 v1.5
> >    RSA signature or encryption algorithms even when not qualified as
> >    such.
> >
> > I am not sure format would not be more appropriated than algorithm, so
> > maybe:
> >
> > The term RSA in this document almost always refers to the PKCS#1 v1.5
> >    RSA signature or encryption *format* even when not qualified as
> >    such.
>
> Interesting observation.  In all of the work that I have ever done I have
> always referred to the difference between PKCS #v1.5 signature, PKCS #v1.=
5
> encryption, OAEP, PSS and KEM and different encryption algorithms rather
> than just saying that the formats are different.  Saying format would mak=
e
> a degree of sense between the two different 1.5 algorithms, however if yo=
u
> compare v1.5 signature and PSS then more than just the format of the data
> can be thought of as being involved.
>
> I don't think that this makes sense.
>

This comment was just mentioned as  potential nits. I am fine with protocol
and understand the reasons. Thanks for the explanation. I cannot find where
I found the use of "format" and RFC8017 seems to use "scheme".


> >
> >
> > 2.3.  KeyEncryptionAlgorithmIdentifier
> >
> > When ECDH ephemeral-static is used, a key wrap algorithm is also
> >    specified in the KeyEncryptionAlgorithmIdentifier [RFC5652].  The
> >    underlying encryption functions for the key wrap and content
> >    encryption algorithm ([RFC3370] and [RFC3565]) and the key sizes for
> >    the two algorithms MUST be the same (e.g., AES-128 key wrap algorith=
m
> >    with AES-128 content encryption algorithm).
> >
> > I understand the recommendation for a sending agent, but it seems that
> > additional text should be provided in order to describe the behavior of
> the
> > receiver. I am wondering if the receiver is expected to reject the
> message or
> > whether it should assume the associated protection is the least of the
> two.
> > Maybe specifying this is only for sending agent may also clarify this.
>
> This probably falls under the category of "I don't care", the object is t=
o
> make sending agents do the right thing.  However, I have added test about
> security strengths for reciepents.
>

Thanks.


>
> >
> > 2.4.4.  AuthEnvelopedData Content Type
> >
> > This content type does not provide
> >    authentication or non-repudiation.
> >
> > is a really helpful clarification ;-) Maybe it could be helpful to use
> the same
> > formulation for section 2.4.2.  SignedData Content Type by
> > replacing:
> >
> > Applying a
> >    signature to a message provides authentication, message integrity,
> >    and non-repudiation of origin.
> >
> >
> > This content type provides provides authentication, message integrity,
> and
> > non-repudiation of origin. A sender signs the message with its own
> private
> > key and shares public part of it with the recipient to validate the
> signature.
>
> I don't think this necessary for the other content types.  The problem is
> that many people think that AED algorithms automatically provide
> authentication.  There are some situations where this is true, but they a=
re
> not met when doing S/MIME.
>
> I agree. My comment was only to mention that 2.4.2 and 2.4.4 could use
similar formulation.

>
> > 2.5.  Attributes and the SignerInfo Type
> >
> > It would probably ease the reading and clarifying the purpose of the
> > SignerInfo's attribute. Typically, some of them might necessary to
> validate
> > the received message, while others are informational in prevision of a
> > response. This is clarified later in the document but could be introduc=
ed
> > here. I also believe that would be good to also include that there is a
> > bootstrapping issue that is solved by the compliance of the
> implementations
> > in supporting the recommended algorithms.
> >
> > A reference to section 2.7 may be useful as this section clarifies how
> the
> > sending agent uses these information - at least for the encryption.
>
> I have added the following sentence to the first paragraph
>
> These attributes can be required for processing of message (i.e. Message
> Digest), information the signer supplied (i.e. SMIME Capabilities) that
> should be processed, or attributes which are not relevant in the current
> situation (i.e. mlExpansionList <xref target=3D"RFC2634"/> for mail viewe=
rs).
>
> I don't think a forward reference to 2.7 would be useful at this point.
>

I think that helps the reading. Thank you.

>
> >
> > 2.5.1.  Signing Time Attribute
> >
> > The message originator has not been specified before, it may be good to
> > clarify how it differs from the sender. It may also be good to specify
> how this
> > value is being used - against replay attacks.  section 2.7.1 provides
> some
> > indications of the expected usage of the signing time attribute but it
> seems
> > more associated to the capabilities.
>
> Replaced message originator with signer.
>
ok

>
> >
> > 2.5.2.  SMIME Capabilities Attribute
> >
> > A client does not have to list every capability it
> >    supports, and need not list all its capabilities so that the
> >    capabilities list doesn't get too long.
> >
> > It might be worth providing a recommendation on what too long means,
> > especially as a resulting list of capabilities is (expected) to be
> relatively short
> > compared to the message itself - but I might be wrong.
> > My reading of this attribute - and again I might be wrong - is that it
> would be
> > useless if implementations would follow the cryptographic
> > recommendations.  It is mostly useful to have non updated senders to
> > received responses from up-to-date responders. In addition, this
> > information is likely cached and as such may not be unnecessarily be
> > repeated. Wouldn't a MAY be more appropriated ?
>
> I don't really want to try and quantify what long means because for
> different clients it can mean different things.  In some considerations o=
ne
> could consider listing 3 encryption algorithms to be long while in other
> situations it might be 30 encryption algorithms that is too long.  If I
> want to send you a message and need to be sure that there is a common
> enabled language then 30 encryption algorrithms is better.  On the other
> hand trying to figure out a common algorithm for a message going to 100
> recipients where each has a different set of algorithms and in a differen=
t
> ranking order and come up with the best one means even 3 can feel really
> long.
>
> The problem is not byte count as even 30 items at 10 bytes apiece is only
> 300 bytes which relative to the rest of a signed MIME message is pretty
> small.  The problem is the question of how to make a decision and the
> parameters are different based on how that algorithm is implemented.
>
> While the information can be cached, I don't know that it can be assured
> to be cached.  Additionally this might put a greater burden on the sender
> as it would need to know if the current configuration has been sent to a
> recipient.  It is easier to just always send the list.  However I cannot
> see that there is any requirements on the document on having sending the
> attribute just on receiving it.
>
> I got it, but my point was that by having a mandatory to implement
cryptography document, would enable to have inter operable cryptographic
primitives that evolve over time. Such document will provide the necessary
overlaps. This is how we proceed with IKEv2 / IPsec... but S/MIME may have
different deployment considerations.   I see your last comment you do not
think that is useful. I am fine as long as I am sure you got my purpose..

>
> >
> > Note also that while we have some cryptographic recommendations for RSA=
,
> > I would have expected a table summarizing the cryptographic
> > recommendations with other algorithms than RSA.
>
> I don't know that adding a table is going to be useful.  Much of this
> information is not really designed to be put into a table unless you are
> going to footnote the heck out of it which kind of defeats the process.
> This information is scattered through out the document, but it tries to b=
e
> in the right place for a specific field.
>
>
I agree with you point. However, I believe that a mandatory to implement
guidance section or document would be helpful to specify which crypto is
mandatory and the status of the other algorithms. Evolution of the crypto
may address another scope than the protocol description and might be
another document.   Again this is addressed by your last comment.

> >
> > 2.5.3.  Encryption Key Preference Attribute
> >
> >  This attribute is designed to
> >    enhance behavior for interoperating with those clients that use
> >    separate keys for encryption and signing.
> >
> > Maybe that would be good to position this attribute versus the keyusage
> > when certificate are used to split the usage of each keys. I am
> wondering if a
> > recommendation could be state on whether one or both means should be
> > used and if one overwrite the other.  A preference may still be useful =
to
> > indicate a preference when multiple keys for a given role are available=
.
> Is key
> > management a relevant usage for preference ?
> >
> > I understand that Signing Time is being used to update the preferred
> > keys as one way to performed key roll over.
>
> While there is some similarity between key usage and this attribute, the
> attribute is more general and allows for things which are not necessarily
> mentioned here.  As an example, one could send different certificates wit=
h
> different algorithms or key sizes and express a preference on which
> certificate to use.  It may be that the names between the signing
> certificate and encryption key certificate are not the same, in that case
> which should be used.    I think that this is covered in the introduction
> and a reference to key usage is not really helpful.
>
> The response clarifies my question thanks.

> >
> >
> > 3.1.  Preparing the MIME Entity for Signing, Enveloping, or Compressing
> >
> >  A MIME entity can be a sub-
> >    part, sub-parts of a message, or the whole message with all its sub-
> >    parts.
> >
> > I am wondering if "a subpart, many subparts or ..." would not be cleare=
r.
>
> I don't see this as being clearer.
>
> >
> > I understand that "message" in the first paragraph is used as the MIME
> > message and in other words, the message is not designating the mail. I =
am
> > reading message as MIME multi-part message and the MIME entities as a
> > subset of MIME headers and parts of MIME multi-part message. Similarly
> > MIME body would be the MIME multi-part message.  Is that correct ? I
> > believe the terminology paragraph could be clarified.
>
> There is no requirement that message be multi-part, it could be a
> single-part message such as text/plain.  However that is generally
> correct.  How do you believe that the text can be clarified.  Specific te=
xt
> would be helpful.
>

I believe that replacing message by MIME message would clarify the
difference between the message of the email. Then clarifying that MIME
message is composed of MIME entities.

Here is what I would propose:

S/MIME is used to secure MIME entities. A MIME message is composed of a
MIME header and a MIME body, which both can be constituted of a single
part or of multiple parts. Any of these parts is designated as a MIME
message part.
A MIME entity can be a sub-
   part, sub-parts of a MIME message, or the whole Mime message with
all its sub-
   parts.  A MIME entity that is the whole MIME message includes only the
   MIME message headers and MIME body, and does not include the
RFC-822 <https://tools.ietf.org/html/rfc822>
   header.  Note that S/MIME can also be used to secure MIME entities
   used in applications other than Internet mail.  If protection of the
   RFC-822 <https://tools.ietf.org/html/rfc822> header is required,
the use of the message/rfc822 media type
   is explained later in this section.






>
> >
> >
> >  It is
> >    RECOMMENDED that a distinction be made between the location of the
> >    header.
> >
> > I believe the purpose is to make a distinction between "protected" and
> > 'unprotected' to the end user. I would thus keep this distinction even
> though
> > this translates into 'inner' / 'outer'.
>
> The problem of how to do this has been a topic of many discussions withou=
t
> ever getting to a conclusion.  One of the problems is that protected can
> mean some different things depending on how you protect the headers.  For
> example, one could have a multipart/mixed message with two sections each =
of
> which consists of an encrypted message.  If each of those has different
> protected headers in them then, while the difference between inner and
> outer makes sense as that is part of the tree structure, which set of
> protected headers now needs to be dealt with.
>
> Thanks for the explanation. I agree.


> >
> >
> > 3.3.  Creating an Enveloped-Only Message
> >
> >
> > A sample message would be:
> >
> >    Content-Type: application/pkcs7-mime; name=3Dsmime.p7m;
> >            smime-type=3Denveloped-data
> >
> > Shouldn't we use an OID instead of data for the example ?
>
> I don't know what you are trying to ask here.
>

I though of specifying an OID instead of using data, but I agree that data
is preferred.


>
> >
> >
> >
> > 3.4.  Creating an Authenticated Enveloped-Only Message
> >
> > I believe the word "proof" is missing.
> >
> >  It is important to note that
> >    sending authenticated enveloped messages does not provide for
> >    origination when using S/MIME.
> >
> > Maybe we should specify that this is especially true when multiple
> recipients
> > are involved.
>
> done
>
> >
> > 3.5.3.  Signing Using the multipart/signed Format
> >
> >  The first part contains
> >    the MIME entity that is signed; the second part contains the
> >    "detached signature" CMS SignedData object in which the
> >    encapContentInfo eContent field is absent.
> >
> > I believe it would be good to specify parts are ordered as this is not
> always
> > the case of parts. What is unclear to me is why the second part is
> separated
> > by a boundary usually used to separate parts. It seems boundary can als=
o
> be
> > used as boundary inside a part which seems to make part parsing harder.
>
> The order is part of the definition of multipart/signed.
>
> In the definition of multipart/*, the rules require that the boundary
> string not exist within any of the different child body parts.  This mean=
s
> that it can be used to uniquely distinguish the boundaries.
>

Agree. Thanks for the clarification.

>
> >
> >
> >
> > 3.5.3.2.  Creating a multipart/signed Message
> >
> >     Algorithm Value Used
> >     MD5       md5
> >     SHA-1     sha-1
> >     SHA-224   sha-224
> >     SHA-256   sha-256
> >     SHA-384   sha-384
> >     SHA-512   sha-512
> >     Any other (defined separately in algorithm profile or "unknown" if
> >               not defined)
> >
> >
> > Should we have any recommendations on the hash algorithm to be used by
> > sender / receivers ? Is that possible to deprecate MD5, SHA-1 and
> > SHA-224 for senders ?
>
> The recommendations on which algorithms to use is part of the signature
> algorithm recommendations.  This is a different table and removing items
> would be potentially harmful.
>
> I am reading this as new implementations should still implement MD5. If
so, I believe an explanation might be useful.


> >
> >
> > 3.7.  Multiple Operations
> >
> > Would it be recommended to have signed clear text than encrypted and
> > then signed encrypted  ? This seems to address all security concerns.
>
> There are a large number of security concerns that have been uncovered
> with each of the different orders of operations.  Part of the question is
> going to be what concern are you trying to address and what are the
> informal rules about this.  I don't think at this point we can really giv=
e
> an order, however RFC 2634 does have some guidance.
>

Correct. Maybe it would be useful the section references ESS for further
recommendations. But I agree the reference has been mentioned earlier.

>
> >
> > 3.9.  Registration Requests
> >
> > Should we mention DANE rfc8162 as a way to register you public key ?
>
> I don't think so, we don=E2=80=99t ever talk about how to find keys in th=
e
> document.
>

Agree ;-)

>
> >
> > 4.  Certificate Processing
> >
> > EdDSA Signatures recommendations for curve25519 and curve448 seems to
> > be missing in the key pair generating , signature section. Are there an=
y
> > reasons not to consider these curves ?
> >
> > May be useful to have the following references:
> > [1] https://datatracker.ietf.org/doc/draft-ietf-curdle-cms-eddsa
> -signatures/
> > [2] https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix/
>
> Should have had [1] as a reference, the reference was there but not the
> pointer to it.
> The second would be referenced in rfc5750-bis not here.
>
> >
> > 6.  Security Considerations
> >
> > I am wondering if any considerations should be provided for data at res=
t.
> > Does the email needs to be archived encrypted or not and whether S/MIME
> > can be used to store encrypted content. I believe that email should not
> be
> > stored encrypted and as such S/MIME is only intended to
> > protect mails in transit....  but I might be wrong.
>
> I believe you to be wrong.  There are no problems w/ using S/MIME as a
> data at rest protection scheme.  The question of storing messages as
> encrypted or not is something that different clients have dealt with in
> different ways.  The client I use leaves things encrypted which I conside=
r
> to be the correct answer.
>
> I see why... if there are no clear rules, it might be better to leave it
as it is. I agree.


> >
> > As a general comment I would have like a table that summarizes or
> explicitly
> > mention what crypto is recommended for encrypting / signing.
> > RSA is being discussed, but ECDSA EdDSA, ECDH, hash... are not. I belie=
ve
> > such tables should be updated regularly to deprecate  and introduce new
> > algorithms while leaving S/MIME unchanged.
>
> To do this would require that the algorithms be maintained in a separate
> document.  As above, I don't think a separate table adds to clarity as it
> duplicates information and would be hard to write.
>
> >
> > There are a lot of double space in the text.
> >
>
>
> Jim
>
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
>

--000000000000f284ee056bf019b1
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div><div>Hi Jim, <br><br></div>Thanks you for the cl=
arifications. Please see my comments inline. <br><br></div>Yours,=C2=A0 <br=
></div>Daniel<br><div><div><div><div><div class=3D"gmail_extra"><br><div cl=
ass=3D"gmail_quote">On Wed, May 2, 2018 at 2:55 PM, Jim Schaad <span dir=3D=
"ltr">&lt;<a href=3D"mailto:ietf@augustcellars.com" target=3D"_blank">ietf@=
augustcellars.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote=
" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I=
 have published a -08 with these changes.<br>
<span><br>
&gt; -----Original Message-----<br>
&gt; From: Daniel Migault &lt;<a href=3D"mailto:daniel.migault@ericsson.com=
" target=3D"_blank">daniel.migault@ericsson.com</a>&gt;<br>
&gt; Sent: Friday, April 27, 2018 12:24 PM<br>
&gt; To: <a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.o=
rg</a><br>
&gt; Cc: <a href=3D"mailto:spasm@ietf.org" target=3D"_blank">spasm@ietf.org=
</a>; <a href=3D"mailto:ietf@ietf.org" target=3D"_blank">ietf@ietf.org</a>;=
 <a href=3D"mailto:draft-ietf-lamps-rfc5751-bis.all@ietf.org" target=3D"_bl=
ank">draft-ietf-lamps-rfc5751-bis.a<wbr>ll@ietf.org</a><br>
&gt; Subject: Secdir last call review of draft-ietf-lamps-rfc5751-bis-0<wbr=
>7<br>
&gt; <br>
&gt; Reviewer: Daniel Migault<br>
&gt; Review result: Has Nits<br>
&gt; <br>
&gt; Hi,<br>
&gt; <br>
&gt; <br>
&gt; I have reviewed this document as part of the security directorate&#39;=
s ongoing<br>
&gt; effort to review all IETF documents being processed by the IESG.<br>
&gt; These comments were written primarily for the benefit of the security =
area<br>
&gt; directors.=C2=A0 Document editors and WG chairs should treat these com=
ments<br>
&gt; just like any other last call comments.<br>
&gt; <br>
&gt; The summary of the review is Has Minor Nits<br>
&gt; <br>
&gt; <br>
&gt; Please find my comments while reading the draft.<br>
&gt; <br>
&gt; Yours,<br>
&gt; <br>
&gt; Daniel<br>
&gt; <br>
&gt; <br>
&gt; 1.=C2=A0 Introduction<br>
&gt; <br>
&gt; As a supplementary service, S/MIME provides for message<br>
&gt;=C2=A0 =C2=A0 compression.<br>
&gt; <br>
&gt; maybe :<br>
&gt; As a supplementary service, S/MIME provides message<br>
&gt;=C2=A0 =C2=A0 compression.<br>
&gt; <br>
<br>
</span>Done<br>
<span><br>
&gt; <br>
&gt; 1.3.=C2=A0 Conventions Used in This Document<br>
&gt; <br>
&gt; The term RSA in this document almost always refers to the PKCS#1 v1.5<=
br>
&gt;=C2=A0 =C2=A0 RSA signature or encryption algorithms even when not qual=
ified as<br>
&gt;=C2=A0 =C2=A0 such.<br>
&gt; <br>
&gt; I am not sure format would not be more appropriated than algorithm, so=
<br>
&gt; maybe:<br>
&gt; <br>
&gt; The term RSA in this document almost always refers to the PKCS#1 v1.5<=
br>
&gt;=C2=A0 =C2=A0 RSA signature or encryption *format* even when not qualif=
ied as<br>
&gt;=C2=A0 =C2=A0 such.<br>
<br>
</span>Interesting observation.=C2=A0 In all of the work that I have ever d=
one I have always referred to the difference between PKCS #v1.5 signature, =
PKCS #v1.5 encryption, OAEP, PSS and KEM and different encryption algorithm=
s rather than just saying that the formats are different.=C2=A0 Saying form=
at would make a degree of sense between the two different 1.5 algorithms, h=
owever if you compare v1.5 signature and PSS then more than just the format=
 of the data can be thought of as being involved.<br>
<br>
I don&#39;t think that this makes sense.<br></blockquote><div><br></div><di=
v>This comment was just mentioned as=C2=A0 potential nits. I am fine with p=
rotocol and understand the reasons. Thanks for the explanation. I cannot fi=
nd where I found the use of &quot;format&quot; and RFC8017 seems to use &qu=
ot;scheme&quot;. <br>=C2=A0=C2=A0 <br></div><blockquote class=3D"gmail_quot=
e" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span>&gt; <br>
&gt; <br>
&gt; 2.3.=C2=A0 KeyEncryptionAlgorithmIdentifi<wbr>er<br>
&gt; <br>
&gt; When ECDH ephemeral-static is used, a key wrap algorithm is also<br>
&gt;=C2=A0 =C2=A0 specified in the KeyEncryptionAlgorithmIdentifi<wbr>er [R=
FC5652].=C2=A0 The<br>
&gt;=C2=A0 =C2=A0 underlying encryption functions for the key wrap and cont=
ent<br>
&gt;=C2=A0 =C2=A0 encryption algorithm ([RFC3370] and [RFC3565]) and the ke=
y sizes for<br>
&gt;=C2=A0 =C2=A0 the two algorithms MUST be the same (e.g., AES-128 key wr=
ap algorithm<br>
&gt;=C2=A0 =C2=A0 with AES-128 content encryption algorithm).<br>
&gt; <br>
&gt; I understand the recommendation for a sending agent, but it seems that=
<br>
&gt; additional text should be provided in order to describe the behavior o=
f the<br>
&gt; receiver. I am wondering if the receiver is expected to reject the mes=
sage or<br>
&gt; whether it should assume the associated protection is the least of the=
 two.<br>
&gt; Maybe specifying this is only for sending agent may also clarify this.=
<br>
<br>
</span>This probably falls under the category of &quot;I don&#39;t care&quo=
t;, the object is to make sending agents do the right thing.=C2=A0 However,=
 I have added test about security strengths for reciepents.<br></blockquote=
><div><br></div><div>Thanks.<br>=C2=A0<br></div><blockquote class=3D"gmail_=
quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1=
ex">
<span><br>
&gt; <br>
&gt; 2.4.4.=C2=A0 AuthEnvelopedData Content Type<br>
&gt; <br>
&gt; This content type does not provide<br>
&gt;=C2=A0 =C2=A0 authentication or non-repudiation.<br>
&gt; <br>
&gt; is a really helpful clarification ;-) Maybe it could be helpful to use=
 the same<br>
&gt; formulation for section 2.4.2.=C2=A0 SignedData Content Type by<br>
&gt; replacing:<br>
&gt; <br>
&gt; Applying a<br>
&gt;=C2=A0 =C2=A0 signature to a message provides authentication, message i=
ntegrity,<br>
&gt;=C2=A0 =C2=A0 and non-repudiation of origin.<br>
&gt; <br>
&gt; <br>
&gt; This content type provides provides authentication, message integrity,=
 and<br>
&gt; non-repudiation of origin. A sender signs the message with its own pri=
vate<br>
&gt; key and shares public part of it with the recipient to validate the si=
gnature.<br>
<br>
</span>I don&#39;t think this necessary for the other content types.=C2=A0 =
The problem is that many people think that AED algorithms automatically pro=
vide authentication.=C2=A0 There are some situations where this is true, bu=
t they are not met when doing S/MIME.<br>
<span><br></span></blockquote><div>I agree. My comment was only to mention =
that 2.4.2 and 2.4.4 could use similar formulation. <br><br></div><blockquo=
te class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc so=
lid;padding-left:1ex"><span>
&gt; <br>
&gt; 2.5.=C2=A0 Attributes and the SignerInfo Type<br>
&gt; <br>
&gt; It would probably ease the reading and clarifying the purpose of the<b=
r>
&gt; SignerInfo&#39;s attribute. Typically, some of them might necessary to=
 validate<br>
&gt; the received message, while others are informational in prevision of a=
<br>
&gt; response. This is clarified later in the document but could be introdu=
ced<br>
&gt; here. I also believe that would be good to also include that there is =
a<br>
&gt; bootstrapping issue that is solved by the compliance of the implementa=
tions<br>
&gt; in supporting the recommended algorithms.<br>
&gt; <br>
&gt; A reference to section 2.7 may be useful as this section clarifies how=
 the<br>
&gt; sending agent uses these information - at least for the encryption.<br=
>
<br>
</span>I have added the following sentence to the first paragraph<br>
<br>
These attributes can be required for processing of message (i.e. Message Di=
gest), information the signer supplied (i.e. SMIME Capabilities) that shoul=
d be processed, or attributes which are not relevant in the current situati=
on (i.e. mlExpansionList &lt;xref target=3D&quot;RFC2634&quot;/&gt; for mai=
l viewers).<br>
<br>
I don&#39;t think a forward reference to 2.7 would be useful at this point.=
<br></blockquote><div><br></div><div>I think that helps the reading. Thank =
you.=C2=A0 <br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 =
0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span><br>
&gt; <br>
&gt; 2.5.1.=C2=A0 Signing Time Attribute<br>
&gt; <br>
&gt; The message originator has not been specified before, it may be good t=
o<br>
&gt; clarify how it differs from the sender. It may also be good to specify=
 how this<br>
&gt; value is being used - against replay attacks.=C2=A0 section 2.7.1 prov=
ides some<br>
&gt; indications of the expected usage of the signing time attribute but it=
 seems<br>
&gt; more associated to the capabilities.<br>
<br>
</span>Replaced message originator with signer.<br></blockquote><div>ok <br=
></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-=
left:1px #ccc solid;padding-left:1ex">
<span><br>
&gt; <br>
&gt; 2.5.2.=C2=A0 SMIME Capabilities Attribute<br>
&gt; <br>
&gt; A client does not have to list every capability it<br>
&gt;=C2=A0 =C2=A0 supports, and need not list all its capabilities so that =
the<br>
&gt;=C2=A0 =C2=A0 capabilities list doesn&#39;t get too long.<br>
&gt; <br>
&gt; It might be worth providing a recommendation on what too long means,<b=
r>
&gt; especially as a resulting list of capabilities is (expected) to be rel=
atively short<br>
&gt; compared to the message itself - but I might be wrong.<br>
&gt; My reading of this attribute - and again I might be wrong - is that it=
 would be<br>
&gt; useless if implementations would follow the cryptographic<br>
&gt; recommendations.=C2=A0 It is mostly useful to have non updated senders=
 to<br>
&gt; received responses from up-to-date responders. In addition, this<br>
&gt; information is likely cached and as such may not be unnecessarily be<b=
r>
&gt; repeated. Wouldn&#39;t a MAY be more appropriated ?<br>
<br>
</span>I don&#39;t really want to try and quantify what long means because =
for different clients it can mean different things.=C2=A0 In some considera=
tions one could consider listing 3 encryption algorithms to be long while i=
n other situations it might be 30 encryption algorithms that is too long.=
=C2=A0 If I want to send you a message and need to be sure that there is a =
common enabled language then 30 encryption algorrithms is better.=C2=A0 On =
the other hand trying to figure out a common algorithm for a message going =
to 100 recipients where each has a different set of algorithms and in a dif=
ferent ranking order and come up with the best one means even 3 can feel re=
ally long.<br>
<br>
The problem is not byte count as even 30 items at 10 bytes apiece is only 3=
00 bytes which relative to the rest of a signed MIME message is pretty smal=
l.=C2=A0 The problem is the question of how to make a decision and the para=
meters are different based on how that algorithm is implemented.<br>
<br>
While the information can be cached, I don&#39;t know that it can be assure=
d to be cached.=C2=A0 Additionally this might put a greater burden on the s=
ender as it would need to know if the current configuration has been sent t=
o a recipient.=C2=A0 It is easier to just always send the list.=C2=A0 Howev=
er I cannot see that there is any requirements on the document on having se=
nding the attribute just on receiving it.<br>
<span><br></span></blockquote><div>I got it, but my point was that by havin=
g a mandatory to implement cryptography document, would enable to have inte=
r operable cryptographic primitives that evolve over time. Such document wi=
ll provide the necessary overlaps. This is how we proceed with IKEv2 / IPse=
c... but S/MIME may have different deployment considerations. =C2=A0 I see =
your last comment you do not think that is useful. I am fine as long as I a=
m sure you got my purpose.. <br></div><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
<br>
&gt; <br>
&gt; Note also that while we have some cryptographic recommendations for RS=
A,<br>
&gt; I would have expected a table summarizing the cryptographic<br>
&gt; recommendations with other algorithms than RSA.<br>
<br>
</span>I don&#39;t know that adding a table is going to be useful.=C2=A0 Mu=
ch of this information is not really designed to be put into a table unless=
 you are going to footnote the heck out of it which kind of defeats the pro=
cess.=C2=A0 This information is scattered through out the document, but it =
tries to be in the right place for a specific field.<br>
<span><br></span></blockquote><div><br></div><div>I agree with you point. H=
owever, I believe that a mandatory to implement guidance section or documen=
t would be helpful to specify which crypto is mandatory and the status of t=
he other algorithms. Evolution of the crypto may address another scope than=
 the protocol description and might be another document. =C2=A0 Again this =
is addressed by your last comment. <br></div><blockquote class=3D"gmail_quo=
te" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"=
><span>
&gt; <br>
&gt; 2.5.3.=C2=A0 Encryption Key Preference Attribute<br>
&gt; <br>
&gt;=C2=A0 This attribute is designed to<br>
&gt;=C2=A0 =C2=A0 enhance behavior for interoperating with those clients th=
at use<br>
&gt;=C2=A0 =C2=A0 separate keys for encryption and signing.<br>
&gt; <br>
&gt; Maybe that would be good to position this attribute versus the keyusag=
e<br>
&gt; when certificate are used to split the usage of each keys. I am wonder=
ing if a<br>
&gt; recommendation could be state on whether one or both means should be<b=
r>
&gt; used and if one overwrite the other.=C2=A0 A preference may still be u=
seful to<br>
&gt; indicate a preference when multiple keys for a given role are availabl=
e. Is key<br>
&gt; management a relevant usage for preference ?<br>
&gt; <br>
&gt; I understand that Signing Time is being used to update the preferred<b=
r>
&gt; keys as one way to performed key roll over.<br>
<br>
</span>While there is some similarity between key usage and this attribute,=
 the attribute is more general and allows for things which are not necessar=
ily mentioned here.=C2=A0 As an example, one could send different certifica=
tes with different algorithms or key sizes and express a preference on whic=
h certificate to use.=C2=A0 It may be that the names between the signing ce=
rtificate and encryption key certificate are not the same, in that case whi=
ch should be used.=C2=A0 =C2=A0 I think that this is covered in the introdu=
ction and a reference to key usage is not really helpful.<br>
<span><br></span></blockquote><div>The response clarifies my question thank=
s.=C2=A0 <br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 =
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
&gt; <br>
&gt; <br>
&gt; 3.1.=C2=A0 Preparing the MIME Entity for Signing, Enveloping, or Compr=
essing<br>
&gt; <br>
&gt;=C2=A0 A MIME entity can be a sub-<br>
&gt;=C2=A0 =C2=A0 part, sub-parts of a message, or the whole message with a=
ll its sub-<br>
&gt;=C2=A0 =C2=A0 parts.<br>
&gt; <br>
&gt; I am wondering if &quot;a subpart, many subparts or ...&quot; would no=
t be clearer.<br>
<br>
</span>I don&#39;t see this as being clearer.<br>
<span><br>
&gt; <br>
&gt; I understand that &quot;message&quot; in the first paragraph is used a=
s the MIME<br>
&gt; message and in other words, the message is not designating the mail. I=
 am<br>
&gt; reading message as MIME multi-part message and the MIME entities as a<=
br>
&gt; subset of MIME headers and parts of MIME multi-part message. Similarly=
<br>
&gt; MIME body would be the MIME multi-part message.=C2=A0 Is that correct =
? I<br>
&gt; believe the terminology paragraph could be clarified.<br>
<br>
</span>There is no requirement that message be multi-part, it could be a si=
ngle-part message such as text/plain.=C2=A0 However that is generally corre=
ct.=C2=A0 How do you believe that the text can be clarified.=C2=A0 Specific=
 text would be helpful.<br></blockquote><div><br></div><div>I believe that =
replacing message by MIME message would clarify the difference between the =
message of the email. Then clarifying that MIME message is composed of MIME=
 entities. <br><br></div><div>Here is what I would propose:<br><br><pre cla=
ss=3D"gmail-newpage">S/MIME is used to secure MIME entities. A MIME message=
 is composed of a <br>MIME header and a MIME body, which both can be consti=
tuted of a single <br>part or of multiple parts. Any of these parts is desi=
gnated as a MIME message part.<br>A MIME entity can be a sub-
   part, sub-parts of a MIME message, or the whole Mime message with all it=
s sub-
   parts.  A MIME entity that is the whole MIME message includes only the
   MIME message headers and MIME body, and does not include the <a href=3D"=
https://tools.ietf.org/html/rfc822">RFC-822</a>
   header.  Note that S/MIME can also be used to secure MIME entities
   used in applications other than Internet mail.  If protection of the
   <a href=3D"https://tools.ietf.org/html/rfc822">RFC-822</a> header is req=
uired, the use of the message/rfc822 media type
   is explained later in this section.</pre><br></div><div><br>=C2=A0<br></=
div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 =
0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span><br>
&gt; <br>
&gt; <br>
&gt;=C2=A0 It is<br>
&gt;=C2=A0 =C2=A0 RECOMMENDED that a distinction be made between the locati=
on of the<br>
&gt;=C2=A0 =C2=A0 header.<br>
&gt; <br>
&gt; I believe the purpose is to make a distinction between &quot;protected=
&quot; and<br>
&gt; &#39;unprotected&#39; to the end user. I would thus keep this distinct=
ion even though<br>
&gt; this translates into &#39;inner&#39; / &#39;outer&#39;.<br>
<br>
</span>The problem of how to do this has been a topic of many discussions w=
ithout ever getting to a conclusion.=C2=A0 One of the problems is that prot=
ected can mean some different things depending on how you protect the heade=
rs.=C2=A0 For example, one could have a multipart/mixed message with two se=
ctions each of which consists of an encrypted message.=C2=A0 If each of tho=
se has different protected headers in them then, while the difference betwe=
en inner and outer makes sense as that is part of the tree structure, which=
 set of protected headers now needs to be dealt with.<br>
<span><br></span></blockquote><div>Thanks for the explanation. I agree. <br=
>=C2=A0<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex"><span>
&gt; <br>
&gt; <br>
&gt; 3.3.=C2=A0 Creating an Enveloped-Only Message<br>
&gt; <br>
&gt; <br>
&gt; A sample message would be:<br>
&gt; <br>
&gt;=C2=A0 =C2=A0 Content-Type: application/pkcs7-mime; name=3Dsmime.p7m;<b=
r>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 smime-type=3Denveloped-data<b=
r>
&gt; <br>
&gt; Shouldn&#39;t we use an OID instead of data for the example ?<br>
<br>
</span>I don&#39;t know what you are trying to ask here.=C2=A0 <br></blockq=
uote><div><br></div><div>I though of specifying an OID instead of using dat=
a, but I agree that data is preferred. <br></div><div>=C2=A0</div><blockquo=
te class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc so=
lid;padding-left:1ex">
<span><br>
&gt; <br>
&gt; <br>
&gt; <br>
&gt; 3.4.=C2=A0 Creating an Authenticated Enveloped-Only Message<br>
&gt; <br>
&gt; I believe the word &quot;proof&quot; is missing.<br>
&gt; <br>
&gt;=C2=A0 It is important to note that<br>
&gt;=C2=A0 =C2=A0 sending authenticated enveloped messages does not provide=
 for<br>
&gt;=C2=A0 =C2=A0 origination when using S/MIME.<br>
&gt; <br>
&gt; Maybe we should specify that this is especially true when multiple rec=
ipients<br>
&gt; are involved.<br>
<br>
</span>done<br>
<span><br>
&gt; <br>
&gt; 3.5.3.=C2=A0 Signing Using the multipart/signed Format<br>
&gt; <br>
&gt;=C2=A0 The first part contains<br>
&gt;=C2=A0 =C2=A0 the MIME entity that is signed; the second part contains =
the<br>
&gt;=C2=A0 =C2=A0 &quot;detached signature&quot; CMS SignedData object in w=
hich the<br>
&gt;=C2=A0 =C2=A0 encapContentInfo eContent field is absent.<br>
&gt; <br>
&gt; I believe it would be good to specify parts are ordered as this is not=
 always<br>
&gt; the case of parts. What is unclear to me is why the second part is sep=
arated<br>
&gt; by a boundary usually used to separate parts. It seems boundary can al=
so be<br>
&gt; used as boundary inside a part which seems to make part parsing harder=
.<br>
<br>
</span>The order is part of the definition of multipart/signed.<br>
<br>
In the definition of multipart/*, the rules require that the boundary strin=
g not exist within any of the different child body parts.=C2=A0 This means =
that it can be used to uniquely distinguish the boundaries.<br></blockquote=
><div><br></div><div>Agree. Thanks for the clarification.=C2=A0 <br></div><=
blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px=
 #ccc solid;padding-left:1ex">
<span><br>
&gt; <br>
&gt; <br>
&gt; <br>
&gt; 3.5.3.2.=C2=A0 Creating a multipart/signed Message<br>
&gt; <br>
&gt;=C2=A0 =C2=A0 =C2=A0Algorithm Value Used<br>
&gt;=C2=A0 =C2=A0 =C2=A0MD5=C2=A0 =C2=A0 =C2=A0 =C2=A0md5<br>
&gt;=C2=A0 =C2=A0 =C2=A0SHA-1=C2=A0 =C2=A0 =C2=A0sha-1<br>
&gt;=C2=A0 =C2=A0 =C2=A0SHA-224=C2=A0 =C2=A0sha-224<br>
&gt;=C2=A0 =C2=A0 =C2=A0SHA-256=C2=A0 =C2=A0sha-256<br>
&gt;=C2=A0 =C2=A0 =C2=A0SHA-384=C2=A0 =C2=A0sha-384<br>
&gt;=C2=A0 =C2=A0 =C2=A0SHA-512=C2=A0 =C2=A0sha-512<br>
&gt;=C2=A0 =C2=A0 =C2=A0Any other (defined separately in algorithm profile =
or &quot;unknown&quot; if<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0not defined)<br>
&gt; <br>
&gt; <br>
&gt; Should we have any recommendations on the hash algorithm to be used by=
<br>
&gt; sender / receivers ? Is that possible to deprecate MD5, SHA-1 and<br>
&gt; SHA-224 for senders ?<br>
<br>
</span>The recommendations on which algorithms to use is part of the signat=
ure algorithm recommendations.=C2=A0 This is a different table and removing=
 items would be potentially harmful. <br>
<span><br></span></blockquote><div>I am reading this as new implementations=
 should still implement MD5. If so, I believe an explanation might be usefu=
l.=C2=A0 <br></div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
&gt; <br>
&gt; <br>
&gt; 3.7.=C2=A0 Multiple Operations<br>
&gt; <br>
&gt; Would it be recommended to have signed clear text than encrypted and<b=
r>
&gt; then signed encrypted=C2=A0 ? This seems to address all security conce=
rns.<br>
<br>
</span>There are a large number of security concerns that have been uncover=
ed with each of the different orders of operations.=C2=A0 Part of the quest=
ion is going to be what concern are you trying to address and what are the =
informal rules about this.=C2=A0 I don&#39;t think at this point we can rea=
lly give an order, however RFC 2634 does have some guidance.<br></blockquot=
e><div><br></div><div>Correct. Maybe it would be useful the section referen=
ces ESS for further recommendations. But I agree the reference has been men=
tioned earlier.<br></div><blockquote class=3D"gmail_quote" style=3D"margin:=
0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span><br>
&gt; <br>
&gt; 3.9.=C2=A0 Registration Requests<br>
&gt; <br>
&gt; Should we mention DANE rfc8162 as a way to register you public key ?<b=
r>
<br>
</span>I don&#39;t think so, we don=E2=80=99t ever talk about how to find k=
eys in the document.<br></blockquote><div><br></div><div>Agree ;-) <br></di=
v><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:=
1px #ccc solid;padding-left:1ex">
<span><br>
&gt; <br>
&gt; 4.=C2=A0 Certificate Processing<br>
&gt; <br>
&gt; EdDSA Signatures recommendations for curve25519 and curve448 seems to<=
br>
&gt; be missing in the key pair generating , signature section. Are there a=
ny<br>
&gt; reasons not to consider these curves ?<br>
&gt; <br>
&gt; May be useful to have the following references:<br>
&gt; [1] <a href=3D"https://datatracker.ietf.org/doc/draft-ietf-curdle-cms-=
eddsa-signatures/" rel=3D"noreferrer" target=3D"_blank">https://datatracker=
.ietf.org/d<wbr>oc/draft-ietf-curdle-cms-eddsa<wbr>-signatures/</a><br>
&gt; [2] <a href=3D"https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix=
/" rel=3D"noreferrer" target=3D"_blank">https://datatracker.ietf.org/d<wbr>=
oc/draft-ietf-curdle-pkix/</a><br>
<br>
</span>Should have had [1] as a reference, the reference was there but not =
the pointer to it.<br>
The second would be referenced in rfc5750-bis not here.<br>
<span><br>
&gt; <br>
&gt; 6.=C2=A0 Security Considerations<br>
&gt; <br>
&gt; I am wondering if any considerations should be provided for data at re=
st.<br>
&gt; Does the email needs to be archived encrypted or not and whether S/MIM=
E<br>
&gt; can be used to store encrypted content. I believe that email should no=
t be<br>
&gt; stored encrypted and as such S/MIME is only intended to<br>
&gt; protect mails in transit....=C2=A0 but I might be wrong.<br>
<br>
</span>I believe you to be wrong.=C2=A0 There are no problems w/ using S/MI=
ME as a data at rest protection scheme.=C2=A0 The question of storing messa=
ges as encrypted or not is something that different clients have dealt with=
 in different ways.=C2=A0 The client I use leaves things encrypted which I =
consider to be the correct answer.<br>
<span><br></span></blockquote><div>I see why... if there are no clear rules=
, it might be better to leave it as it is. I agree.<br>=C2=A0<br></div><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #c=
cc solid;padding-left:1ex"><span>
&gt; <br>
&gt; As a general comment I would have like a table that summarizes or expl=
icitly<br>
&gt; mention what crypto is recommended for encrypting / signing.<br>
&gt; RSA is being discussed, but ECDSA EdDSA, ECDH, hash... are not. I beli=
eve<br>
&gt; such tables should be updated regularly to deprecate=C2=A0 and introdu=
ce new<br>
&gt; algorithms while leaving S/MIME unchanged.<br>
<br>
</span>To do this would require that the algorithms be maintained in a sepa=
rate document.=C2=A0 As above, I don&#39;t think a separate table adds to c=
larity as it duplicates information and would be hard to write.<br>
<span class=3D"m_12175336170029791im m_12175336170029791HOEnZb"><br>
&gt; <br>
&gt; There are a lot of double space in the text.<br>
&gt; <br>
<br>
<br>
</span><span class=3D"m_12175336170029791HOEnZb"><font color=3D"#888888">Ji=
m<br>
</font></span><div class=3D"m_12175336170029791HOEnZb"><div class=3D"m_1217=
5336170029791h5"><br>
<br>
______________________________<wbr>_________________<br>
Spasm mailing list<br>
<a href=3D"mailto:Spasm@ietf.org" target=3D"_blank">Spasm@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/spasm" rel=3D"noreferrer" =
target=3D"_blank">https://www.ietf.org/mailman/l<wbr>istinfo/spasm</a><br>
</div></div></blockquote></div><br></div></div></div></div></div></div>

--000000000000f284ee056bf019b1--


From nobody Sun May 13 20:49:03 2018
Return-Path: <joe@salowey.net>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 98A8C12946D; Sun, 13 May 2018 20:48:51 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joseph Salowey <joe@salowey.net>
To: <secdir@ietf.org>
Cc: iesg@ietf.org, payload@ietf.org, draft-ietf-payload-rtp-vc2hq.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.80.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152626973155.10254.510935141360676360@ietfa.amsl.com>
Date: Sun, 13 May 2018 20:48:51 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/x4ElwNmoWdHq0y2tmVsc_Mynaio>
Subject: [secdir] Secdir last call review of draft-ietf-payload-rtp-vc2hq-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2018 03:48:52 -0000

Reviewer: Joseph Salowey
Review result: Ready

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is the document is ready.

The security considerations seem well thought out and are follow the guidelines
of RFC7202 for RTP payload definitions.  I like the fact that it includes some
information on possible implementation pitfalls.

Cheers,

Joe


From nobody Mon May 14 07:05:52 2018
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 863D912D80F; Mon, 14 May 2018 07:04:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1526306662; bh=RtZdwR2/Bd4Y3qNMzxvFWdBdSfqDZyvPJaQbRwyF45g=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=zC0GYe92HHT5+RjNlg3HGDbTQOhYrnLoBzOLngcSjqr/WfPhx/hrFlLZK8JjwhiIO 9FKNci6bQsz9A6IBbdJKrPTQTvMEcbbXVMsW0biKpNVKQWe5m4m5QyVgPiNVxRxll0 TPVXgglgRBWQS5LAQClbUjk0mbQrB+252eB2mMvY=
X-Mailbox-Line: From new-work-bounces@ietf.org  Mon May 14 07:04:21 2018
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1088512E889; Mon, 14 May 2018 07:04:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1526306661; bh=RtZdwR2/Bd4Y3qNMzxvFWdBdSfqDZyvPJaQbRwyF45g=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=aTla9V7CYVOu57DTGcucbl8lS0kSqOqmwvrtc8YTIZDr2xGiaa5fMmwRdcmmbPqqP 71rAl8nENKLqCZkgUFQxmKSZRWN1XQ5od57fD0kVyC/YQtZ1fE+W8NfD+/xsP1DlQ+ 8cjshTYxlVSFBrRkYPlDHFD/Rg4vA4rqE09BLDUI=
X-Original-To: new-work@ietf.org
Delivered-To: new-work@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 64D4B12D87B for <new-work@ietf.org>; Mon, 14 May 2018 07:04:18 -0700 (PDT)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: <new-work@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.80.0
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Reply_to: <iesg@ietf.org>
Message-ID: <152630665840.10130.3108627350220292581.idtracker@ietfa.amsl.com>
Date: Mon, 14 May 2018 07:04:18 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/new-work/UZqDsTpQb0qiVzmcXmLHLoXi-CI>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.22
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: new-work-bounces@ietf.org
Sender: "new-work" <new-work-bounces@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/YDUxSBD3RGNyIuUSikWk6mZ02To>
X-Mailman-Approved-At: Mon, 14 May 2018 07:05:51 -0700
Subject: [secdir] [new-work] WG Review: Messaging Layer Security (mls)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2018 14:04:25 -0000

A new IETF WG has been proposed in the Security Area. The IESG has not made
any determination yet. The following draft charter was submitted, and is
provided for informational purposes only. Please send your comments to the
IESG mailing list (iesg@ietf.org) by 2018-05-23.

Messaging Layer Security (mls)
-----------------------------------------------------------------------
Current status: Proposed WG

Chairs:
  Nick Sullivan <nick@cloudflare.com>
  Sean Turner <sean+ietf@sn3rd.com>

Assigned Area Director:
  Benjamin Kaduk <kaduk@mit.edu>

Security Area Directors:
  Eric Rescorla <ekr@rtfm.com>
  Benjamin Kaduk <kaduk@mit.edu>

Mailing list:
  Address: mls@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/mls
  Archive: https://mailarchive.ietf.org/arch/browse/mls/

Group page: https://datatracker.ietf.org/group/mls/

Charter: https://datatracker.ietf.org/doc/charter-ietf-mls/

Several Internet applications have a need for group key establishment
and message protection protocols with the following properties:

o Message Confidentiality - Messages can only be read
  by members of the group
o Message Integrity and Authentication - Each message
  has been sent by an authenticated sender, and has
  not been tampered with
o Membership Authentication - Each participant can verify
  the set of members in the group
o Asynchronicity - Keys can be established without any
  two participants being online at the same time
o Forward secrecy - Full compromise of a node at a point
  in time does not reveal past messages sent within the group
o Post-compromise security - Full compromise of a node at a
  point in time does not reveal future messages sent within the group
o Scalability - Resource requirements have good scaling in the
  size of the group (preferably sub-linear)

Several widely-deployed applications have developed their own
protocols to meet these needs. While these protocols are similar,
no two are close enough to interoperate. As a result, each application
vendor has had to maintain their own protocol stack and independently
build trust in the quality of the protocol. The primary goal of this
working group is to develop a standard messaging security protocol
so that applications can share code, and so that there can be shared
validation of the protocol (as there has been with TLS 1.3).

It is not a goal of this group to enable interoperability/federation
between messaging applications beyond the key establishment,
authentication, and confidentiality services.  Full interoperability
would require alignment at many different layers beyond security,
e.g., standard message transport and application semantics.  The
focus of this work is to develop a messaging security layer that
different applications can adapt to their own needs.

While authentication is a key goal of this working group, it is not
the objective of this working group to develop new authentication
technologies.  Rather, the security protocol developed by this
group will provide a way to leverage existing authentication
technologies to associate identities with keys used in the protocol,
just as TLS does with X.509.

In developing this protocol, we will draw on lessons learned from
several prior message-oriented security protocols, in addition to
the proprietary messaging security protocols deployed within
existing applications:

o S/MIME - https://tools.ietf.org/html/rfc5751
o OpenPGP - https://tools.ietf.org/html/rfc4880
o Off the Record - https://otr.cypherpunks.ca/Protocol-v3-4.1.1.html
o Signal - https://signal.org/docs/

The intent of this working group is to follow the pattern of
TLS 1.3, with specification, implementation, and verification
proceeding in parallel.  By the time we arrive at RFC, we
hope to have several interoperable implementations as well
as a thorough security analysis.

The specifications developed by this working group will be
based on pre-standardization implementation and deployment
experience, generalizing the design described in:

o draft-omara-mls-architecture
o draft-barnes-mls-protocol

Note that consensus is required both for changes to the current
protocol mechanisms and retention of current mechanisms. In
particular, because something is in the initial document set does
not imply that there is consensus around the feature or around
how it is specified.

Milestones:

  May 2018 - Initial working group documents for architecture and key
  management

  Sep 2018 - Initial working group document adopted for message protection

  Jan 2019 - Submit architecture document to IESG as Informational

  Jun 2019 - Submit key management protocol to IESG as Proposed Standard

  Sep 2019 - Submit message protection protocol to IESG as Proposed Standard


_______________________________________________
new-work mailing list
new-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work


From nobody Mon May 14 10:29:57 2018
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C19D0127076; Mon, 14 May 2018 10:29:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=tobias.gondrom@gondrom.org header.d=gondrom.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iAIsdueL_BA7; Mon, 14 May 2018 10:29:47 -0700 (PDT)
Received: from gondrom.org (www.gondrom.org [5.35.241.16]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43395127010; Mon, 14 May 2018 10:29:47 -0700 (PDT)
Received: from seraph (x4dbe7024.dyn.telefonica.de [77.190.112.36]) by gondrom.org (Postfix) with ESMTPSA id 9DEA7649A9; Mon, 14 May 2018 19:29:44 +0200 (CEST)
DomainKey-Signature: a=rsa-sha1;  q=dns; c=nofws; s=default; d=gondrom.org; b=GOVXl2firbU3TIMLFOyeMivUHO4R5dgeh2SF+/b0jakpVhah0m7nxsenpHSPozGt2vTnIi/3Q2vs/6y3ukEBhkVlPPUMnyqbYq8O0LLP3c2JO5dNGJywF+WL1IuljyRd4oy1NB65pqzC5/L/FW3hHTVsQlIXtIkWbH3C1oRVdMk=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Mailer:Content-Language:Thread-Index;
From: "Tobias Gondrom" <tobias.gondrom@gondrom.org>
To: <secdir@ietf.org>, <draft-ietf-tokbind-https.all@ietf.org>
Cc: "'IETF Tokbind WG'" <unbearable@ietf.org>, "'Eric Rescorla'" <ekr@rtfm.com>, <ve7jtb@ve7jtb.com>, <leifj@sunet.se>
Date: Mon, 14 May 2018 19:29:44 +0200
Message-ID: <025501d3eba9$2649d690$72dd83b0$@gondrom.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0256_01D3EBB9.E9D40620"
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AdPrpfnLEwhpkOtGRqC2ZHR3OgjJ2w==
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/1BdgBUo0OrxpoM87vOaDfrLTsOY>
Subject: [secdir] Secdir last call review of draft-ietf-tokbind-https-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2018 17:29:50 -0000

This is a multipart message in MIME format.

------=_NextPart_000_0256_01D3EBB9.E9D40620
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit

Reviewer: Tobias Gondrom

Review result: Ready

 

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.

These comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

 

Overall the document looks good, ready to go. 

In my review, I did not find any material concerns with the document, and no
nits. 

It is good that the security considerations part is quite detailed and
reflects the main security risks. 

Additionally also appreciated that privacy considerations are also
reasonably addressed in section 8. In case of this particular protocol time
well spent to spell this out. 

 

Ready to release. 

 

Best regards, Tobias

 

 

Ps.: apologies for my delay in sending out the review. 

 


------=_NextPart_000_0256_01D3EBB9.E9D40620
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta =
http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 15 =
(filtered medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
	{mso-style-priority:99;
	mso-style-link:"Plain Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
span.PlainTextChar
	{mso-style-name:"Plain Text Char";
	mso-style-priority:99;
	mso-style-link:"Plain Text";
	font-family:"Calibri",sans-serif;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US =
link=3D"#0563C1" vlink=3D"#954F72"><div class=3DWordSection1><p =
class=3DMsoPlainText>Reviewer: Tobias Gondrom<o:p></o:p></p><p =
class=3DMsoPlainText>Review result: Ready<o:p></o:p></p><p =
class=3DMsoPlainText><o:p>&nbsp;</o:p></p><p class=3DMsoPlainText>I have =
reviewed this document as part of the security directorate's ongoing =
effort to review all IETF documents being processed by the =
IESG.<o:p></o:p></p><p class=3DMsoPlainText>These comments were written =
primarily for the benefit of the security area directors.&nbsp; Document =
editors and WG chairs should treat these comments just like any other =
last call comments.<o:p></o:p></p><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal>Overall the =
document looks good, ready to go. <o:p></o:p></p><p class=3DMsoNormal>In =
my review, I did not find any material concerns with the document, and =
no nits. <o:p></o:p></p><p class=3DMsoNormal>It is good that the =
security considerations part is quite detailed and reflects the main =
security risks. <o:p></o:p></p><p class=3DMsoNormal>Additionally also =
appreciated that privacy considerations are also reasonably addressed in =
section 8. In case of this particular protocol time well spent to spell =
this out. <o:p></o:p></p><p class=3DMsoNormal><o:p>&nbsp;</o:p></p><p =
class=3DMsoNormal>Ready to release. <o:p></o:p></p><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal>Best =
regards, Tobias<o:p></o:p></p><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal>Ps.: =
apologies for my delay in sending out the review. <o:p></o:p></p><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div></body></html>
------=_NextPart_000_0256_01D3EBB9.E9D40620--


From nobody Thu May 17 06:30:11 2018
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id ED9EF120713 for <secdir@ietf.org>; Thu, 17 May 2018 06:30:08 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Tero Kivinen <kivinen@iki.fi>
To: <secdir@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.80.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-to: secdir-secretary@mit.edu
Message-ID: <152656380896.7672.3886008173421206605.idtracker@ietfa.amsl.com>
Date: Thu, 17 May 2018 06:30:08 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/3JXdRsnWrjPISm7epq4aNWUn4kc>
Subject: [secdir] Assignments
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2018 13:30:09 -0000

Review instructions and related resources are at:
http://tools.ietf.org/area/sec/trac/wiki/SecDirReview

For telechat 2018-05-24

Reviewer               LC end     Draft
Radia Perlman          2018-04-20 draft-ietf-ccamp-microwave-framework-05
Tina Tsou              2018-02-26 draft-ietf-softwire-dslite-yang-15

For telechat 2018-06-07

Reviewer               LC end     Draft
Vincent Roca           2018-05-21 draft-hakala-urn-nbn-rfc3188bis-00
Stefan Santesson       2018-05-14 draft-ietf-extra-specialuse-important-03
Melinda Shore          2018-05-30 draft-ietf-teas-yang-te-topo-15
Carl Wallace           2018-05-21 draft-ietf-httpbis-h2-websockets-05
David Waltermire       2018-05-21 draft-ietf-extra-imap-unauth-00

Last calls:

Reviewer               LC end     Draft
John Bradley           2018-04-18 draft-ietf-acme-acme-12
Daniel Gillmor         2018-03-19 draft-gutmann-scep-10
Russ Mundy             2017-09-14 draft-spinosa-urn-lex-12
Sandra Murphy          2018-04-24 draft-ietf-mmusic-sdp-simulcast-12
Robert Sparks          2018-05-25 draft-ietf-tsvwg-iana-dscp-registry-05
Takeshi Takahashi      2018-05-24 draft-ietf-spring-segment-routing-ldp-interop-11
Tina Tsou              2018-05-21 draft-ietf-v6ops-conditional-ras-04
Sean Turner            2018-05-21 draft-ietf-sfc-hierarchical-08
Samuel Weiler          2018-05-21 draft-ietf-bfd-multipoint-16

Early review requests:

Reviewer               Due        Draft
Daniel Franke          2018-01-31 draft-ietf-intarea-provisioning-domains-00
Ólafur Guðmundsson     2018-01-09 draft-ietf-opsawg-nat-yang-09
Dan Harkins            2018-05-31 draft-ietf-dtn-bpsec-06

Next in the reviewer rotation:

  Brian Weis
  Klaas Wierenga
  Christopher Wood
  Paul Wouters
  Liang Xia
  Taylor Yu
  Dacheng Zhang
  Derek Atkins
  John Bradley
  Shaun Cooley


From nobody Thu May 17 07:50:07 2018
Return-Path: <rjsparks@nostrum.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B60FE127775; Thu, 17 May 2018 07:49:59 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Robert Sparks <rjsparks@nostrum.com>
To: <secdir@ietf.org>
Cc: draft-ietf-tsvwg-iana-dscp-registry.all@ietf.org, ietf@ietf.org, tsvwg@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.80.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152656859955.7651.10624051963160660895@ietfa.amsl.com>
Date: Thu, 17 May 2018 07:49:59 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/L8uJdIOU4sws9O4jbVQhvXcTs_U>
Subject: [secdir] Secdir last call review of draft-ietf-tsvwg-iana-dscp-registry-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2018 14:50:00 -0000

Reviewer: Robert Sparks
Review result: Ready

Reviewer: Robert Sparks
Review result: Ready

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

Summary: Ready for publication as Standards Track RFC

This document is entirely about changing the IANA registration policies
for part (pool 3) of the DSCP value registry. It is clearly written, and the
instructions to IANA are detailed. The security considerations section
appropriately notes that the document does not introduce new security
considerations for the Internet.


From nobody Thu May 17 19:03:41 2018
Return-Path: <amy.yemin@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B189C126BF7; Thu, 17 May 2018 19:03:27 -0700 (PDT)
X-Quarantine-ID: <YrX1OQ8uWtrI>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Improper folded header field made up entirely of whitespace (char 20 hex): References: ...9B0@VI1PR07MB3167.eurprd07.prod.outlook.com>\n 
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YrX1OQ8uWtrI; Thu, 17 May 2018 19:03:25 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80EB1126BF3; Thu, 17 May 2018 19:03:25 -0700 (PDT)
Received: from LHREML710-CAH.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 02FD99588A6DD; Fri, 18 May 2018 03:03:22 +0100 (IST)
Received: from DGGEMA404-HUB.china.huawei.com (10.3.20.45) by LHREML710-CAH.china.huawei.com (10.201.108.33) with Microsoft SMTP Server (TLS) id 14.3.382.0; Fri, 18 May 2018 03:03:22 +0100
Received: from DGGEMA521-MBS.china.huawei.com ([169.254.5.75]) by DGGEMA404-HUB.china.huawei.com ([10.3.20.45]) with mapi id 14.03.0382.000; Fri, 18 May 2018 10:03:17 +0800
From: "Yemin (Amy)" <amy.yemin@huawei.com>
To: Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>, Radia Perlman <radiaperlman@gmail.com>, "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" <draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
CC: "ccamp@ietf.org" <ccamp@ietf.org>
Thread-Topic: Secdir review of draft-ietf-ccamp-microwave-framework-05
Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQCADDFO8A==
Date: Fri, 18 May 2018 02:03:16 +0000
Message-ID: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com>
References: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com> <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.169.30.234]
Content-Type: multipart/alternative; boundary="_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74dggema521mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/BMAXxgS44Sn5guplMltM82g51IQ>
Subject: Re: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 02:03:28 -0000

--_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74dggema521mbschi_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgUmFkaWEsDQoNCldlIGp1c3QgdXBkYXRlZCB0aGUgZHJhZnQsIGh0dHBzOi8vZGF0YXRyYWNr
ZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay8uDQpZ
b3VyIGNvbW1lbnRzIGFyZSBhZGRyZXNzZWQgaW4gdGhlIGxhdGVzdCB2ZXJzaW9uLg0KDQpCUiwN
CkFteQ0KRnJvbTogWWVtaW4gKEFteSkNClNlbnQ6IFRodXJzZGF5LCBNYXkgMTAsIDIwMTggNDow
NyBQTQ0KVG86ICdEYW5pZWxlIENlY2NhcmVsbGknIDxkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nz
b24uY29tPjsgUmFkaWEgUGVybG1hbiA8cmFkaWFwZXJsbWFuQGdtYWlsLmNvbT47IGRyYWZ0LWll
dGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc7IFRoZSBJRVNH
IDxpZXNnQGlldGYub3JnPjsgc2VjZGlyQGlldGYub3JnDQpTdWJqZWN0OiBSRTogU2VjZGlyIHJl
dmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNCg0KSGkgUmFk
aWEsDQoNClRoYW5rcyBmb3IgeW91ciByZXZpZXcuDQoNClJlZ2FyZGluZyB0aGUgTk1TIGFuZCBT
RE4sIGFzIERhbmllbGUgc3VnZ2VzdGVkLCB3ZSB3aWxsIGFkZCB0aGUgZm9sbG93aW5nIHRleHQg
aW4gc2VjdGlvbiAzOg0K4oCcSXQncyBub3RlZCB0aGF0IHRoZXJlJ3MgaWRlYSB0aGF0IHRoZSBO
TVMgYW5kIFNETiBhcmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbXBvbmVudCwgYW5kIHRoZSBkaXN0
aW5jdGlvbiBiZXR3ZWVuIHRoZW0gaXMgcXVpdGUgdmFndWUuIEFub3RoZXIgZmFjdCBpcyB0aGF0
IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29u
c2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUsIHdo
aWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJv
bCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25lbnQu4oCdDQoN
ClJlZ2FyZGluZyB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBkcmFmdCBk
b2VzbuKAmXQgc3BlY2lmeSB0aGUgcGFyYW1ldGVycy4NClRoZXJl4oCZcyBhbm90aGVyIGRyYWZ0
IGRyYWZ0LWlldGYtY2NhbXAtbXcteWFuZywgd2hlcmUgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRp
b24gaXMgYWRkcmVzc2VkIGFzIHlvdSBzdWdnZXN0ZWQuDQoNCkJSLA0KQW15DQpGcm9tOiBEYW5p
ZWxlIENlY2NhcmVsbGkgW21haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tXQ0K
U2VudDogTW9uZGF5LCBNYXkgMDcsIDIwMTggNTo0NiBQTQ0KVG86IFJhZGlhIFBlcmxtYW4gPHJh
ZGlhcGVybG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20+PjsgZHJh
ZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWls
dG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9y
Zz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2Rp
ckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVjdDogUkU6IFNlY2RpciBy
ZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1DQoNCkhpIFJh
ZGlhLA0KDQpsZXQgbWUgcmVwbHkgb24gYmVoYWxmIG9mIHRoZSBhdXRob3JzLiBGaXJzdCBvZiBh
bGwgbWFueSB0aGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KDQpSZWdhcmRpbmcgeW91ciBxdWVzdGlv
biBhYm91dCB0cmFkaXRpb25hbCBOTVMgdnMgU0ROIEkgYWdyZWUgd2l0aCB5b3Ugb24gdGhlIGZh
Y3QgdGhhdCB0aGV5IGFyZSBldm9sdmluZyB0b3dhcmRzIGEgY29tbW9uIGNvbXBvbmVudCBhbmQg
dGhlIGRpc3RpbmN0aW9uIGlzIHF1aXRlIGJsdXJyeSwgYnV0IHRoZXJlIGlzIHN0aWxsIHBsZW50
eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVt
ZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXph
dGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBh
cmF0ZSB0aGluZ3MuDQoNCkhlbmNlLCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVhayBhYm91dCDigJx0
cmFkaXRpb25hbOKAnSBOTVMgYW5kIFNETiBJIHdvdWxkIHRlbmQgdG8gYWxsb3cgZm9yIHRoZSBk
aXN0aW5jdGlvbiB0byBiZSBrZXB0LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBzcGVha2luZyBhYm91
dCB0aGUgY29udmVyZ2VuY2Ugb2YgdGhlIHR3byB0aGluZ3MgY2FuIGJlIGFkZGVkLg0KDQpUaGFu
a3MgYSBsb3QNCkRhbmllbGUgIChjY2FtcCBjby1jaGFpcikNCg0KRnJvbTogUmFkaWEgUGVybG1h
biBbbWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb21dDQpTZW50OiBsdW5lZMOsIDcgbWFnZ2lv
IDIwMTggMDg6NTUNClRvOiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxs
QHRvb2xzLmlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdv
cmsuYWxsQHRvb2xzLmlldGYub3JnPjsgVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFpbHRvOmll
c2dAaWV0Zi5vcmc+Pjsgc2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQpT
dWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l
d29yay0wNQ0KDQpTb3JyeS4uLnJlc2VuZGluZyBiZWNhdXNlIEkgbWlzdHlwZWQgdGhlIGF1dGhv
ciBhZGRyZXNzLg0KDQoNCi0tLS0tLS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLQ0K
RnJvbTogUmFkaWEgUGVybG1hbiA8cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTxtYWlsdG86cmFkaWFw
ZXJsbWFuQGdtYWlsLmNvbT4+DQpEYXRlOiBTdW4sIE1heSA2LCAyMDE4IGF0IDExOjQ4IFBNDQpT
dWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l
d29yay0wNQ0KVG86IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxA
dG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29y
ay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc+LCBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86
aWVzZ0BpZXRmLm9yZz4+LCBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4N
ClN1bW1hcnk6ICBObyBzZWN1cml0eSBpc3N1ZXMgZm91bmQsIGJ1dCBJIGRvIGhhdmUgcXVlc3Rp
b25zLCBhbmQgdGhlcmUgYXJlIGVkaXRpbmcgZ2xpdGNoZXMNCg0KSSBoYXZlIHJldmlld2VkIHRo
aXMgZG9jdW1lbnQgYXMgcGFydCBvZiB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUncyBvbmdvaW5n
DQplZmZvcnQgdG8gcmV2aWV3IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkg
dGhlIElFU0cuICBUaGVzZQ0KY29tbWVudHMgd2VyZSB3cml0dGVuIHByaW1hcmlseSBmb3IgdGhl
IGJlbmVmaXQgb2YgdGhlIHNlY3VyaXR5IGFyZWENCmRpcmVjdG9ycy4gIERvY3VtZW50IGVkaXRv
cnMgYW5kIFdHIGNoYWlycyBzaG91bGQgdHJlYXQgdGhlc2UgY29tbWVudHMganVzdA0KbGlrZSBh
bnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1lbnRzLg0KDQpUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0
aGUgbWFuYWdlbWVudCBpbnRlcmZhY2UgZm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy4NCkl0IGFk
dm9jYXRlcyAoY29ycmVjdGx5LCBJIGJlbGlldmUpIHRoYXQgc3VjaCBhbiBpbnRlcmZhY2Ugc2hv
dWxkIGJlIGV4dGVuc2libGUgdG8gcHJvdmlkZSBmb3IgdmVuZG9yLXNwZWNpZmljIGZlYXR1cmVz
Lg0KDQpJIGRvbid0IHVuZGVyc3RhbmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICJhIHRyYWRp
dGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCBzeXN0ZW0iIGFuZCBTRE4uICBQZXJoYXBzIGl0IGlz
IG5vdCB0aGUgam9iIG9mIHRoaXMgZG9jdW1lbnQgdG8gY2xlYXJseSBtYWtlIHRoZSBkaXN0aW5j
dGlvbiwgYW5kIEkgc3VzcGVjdCB0aGVyZSBpcyBubyByZWFsIGRpc3RpbmN0aW9uLi4uc2V0dGlu
ZyBwYXJhbWV0ZXJzICh0cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQpIGlzIGEgd2F5IG9m
ICJwcm9ncmFtbWluZyIgYW4gaW50ZXJmYWNlICgiU0ROIikuDQoNClRoaXMgZG9jdW1lbnQgY291
bGQgdXNlIGFuIGVkaXRpbmcgcGFzcyBmb3IgZ2xpdGNoZXMsIGJ1dCB0aGVzZSBnbGl0Y2hlcyBk
byBub3QgaW1wYWN0IGl0cyByZWFkYWJpbGl0eS4NCg0KVGhlIGdsaXRjaGVzIGNvbnNpc3QgIG1v
c3RseSBvZiBsZWF2aW5nIG91dCBsaXR0bGUgd29yZHMgbGlrZSAib2YiIGluIHRoZSBmb2xsb3dp
bmcgc2VudGVuY2UuDQoiVGhlIGFkb3B0aW9uIG9mIGFuIFNETiBmcmFtZXdvcmsgZm9yIG1hbmFn
ZW1lbnQgYW5kDQogICBjb250cm9sIHRoZSBtaWNyb3dhdmUgaW50ZXJmYWNlIGlzIG9uZSBvZiB0
aGUga2V5IGFwcGxpY2F0aW9ucyBmb3INCiAgIHRoaXMgd29yay4iDQoNClRoZSBzZWN1cml0eSBj
b25zaWRlcmF0aW9ucyBzYXkgdGhhdCB0aGV5IGFzc3VtZSBhIHNlY3VyZSB0cmFuc3BvcnQgbGF5
ZXIgKGF1dGhlbnRpY2F0ZWQsIHByb2JhYmx5IGVuY3J5cHRpb24gaXNuJ3QgbmVjZXNzYXJ5KSBm
b3IgY29tbXVuaWNhdGlvbi4gIE90aGVyIHRoYW4gdGhhdCwgcGVyaGFwcywgdGhlcmUgbWlnaHQg
YmUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgZm9yIGluYWR2ZXJ0ZW50bHkgc2V0dGluZyBwYXJh
bWV0ZXJzIGluY29ycmVjdGx5LCBvciBtYWxpY2lvdXNseSBieSBhIHRydXN0ZWQgYWRtaW5pc3Ry
YXRvci4gIEJ1dCB0aGlzIGRvY3VtZW50IGRvZXMgbm90IHNwZWNpZnkgdGhlIHNwZWNpZmljIHBh
cmFtZXRlcnMgdG8gYmUgbWFuYWdlZCwganVzdCBhIGdlbmVyYWwgZnJhbWV3b3JrLg0KDQpSYWRp
YQ0KDQoNCg==

--_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74dggema521mbschi_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
5a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtm
b250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0
O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUg
MiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOWui+S9kyI7DQoJ
cGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0K
cC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0K
CW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5
OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNv
LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVy
bGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxl
LXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5l
O30NCnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0
eWxlLW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1y
aWdodDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNt
Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7
fQ0Kc3Bhbi5tNDEzMTM3NjcyODAzMTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21h
aWwtbS01MDU3MDEwOTEyMTU3NzgyNTM0Z21haWwtaWwNCgl7bXNvLXN0eWxlLW5hbWU6bV80MTMx
Mzc2NzI4MDMxMTY3MzA2Z21haWwtbV85MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbV8tNTA1NzAx
MDkxMjE1Nzc4MjUzNGdtYWlsLWlsO30NCnNwYW4uaG9lbnpiDQoJe21zby1zdHlsZS1uYW1lOmhv
ZW56Yjt9DQpzcGFuLkVtYWlsU3R5bGUyMA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglm
b250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnNw
YW4uRW1haWxTdHlsZTIxDQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5
OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0Kc3Bhbi5FbWFpbFN0eWxl
MjINCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGli
cmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28t
c3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRT
ZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzAuODVwdCAyLjBjbSAy
LjBjbSAyLjBjbTt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0t
Pjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0
PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUg
bXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4
dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4N
CjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4N
CjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz
dHlsZT0iY29sb3I6IzFGNDk3RCI+SGkgUmFkaWEsIDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNw
OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29s
b3I6IzFGNDk3RCI+V2UganVzdCB1cGRhdGVkIHRoZSBkcmFmdCwgPGEgaHJlZj0iaHR0cHM6Ly9k
YXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3
b3JrLyI+DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLWNjYW1w
LW1pY3Jvd2F2ZS1mcmFtZXdvcmsvPC9hPi4gPG86cD4NCjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+WW91ciBjb21tZW50
cyBhcmUgYWRkcmVzc2VkIGluIHRoZSBsYXRlc3QgdmVyc2lvbi4NCjxvOnA+PC9vOnA+PC9zcGFu
PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48
bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz
dHlsZT0iY29sb3I6IzFGNDk3RCI+QlIsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkFteTxvOnA+PC9vOnA+PC9z
cGFuPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlk
ICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48Yj5Gcm9tOjwvYj4gWWVtaW4gKEFteSkgPGJyPg0KPGI+U2VudDo8L2I+IFRodXJz
ZGF5LCBNYXkgMTAsIDIwMTggNDowNyBQTTxicj4NCjxiPlRvOjwvYj4gJ0RhbmllbGUgQ2VjY2Fy
ZWxsaScgJmx0O2RhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb20mZ3Q7OyBSYWRpYSBQZXJs
bWFuICZsdDtyYWRpYXBlcmxtYW5AZ21haWwuY29tJmd0OzsgZHJhZnQtaWV0Zi1jY2FtcC1taWNy
b3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzsgVGhlIElFU0cgJmx0O2llc2dAaWV0
Zi5vcmcmZ3Q7OyBzZWNkaXJAaWV0Zi5vcmc8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUkU6IFNlY2Rp
ciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48
L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz
cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFG
NDk3RCI+SGkgUmFkaWEsIDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+VGhh
bmtzIGZvciB5b3VyIHJldmlldy4gPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z
cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdE
Ij5SZWdhcmRpbmcgdGhlIE5NUyBhbmQgU0ROLCBhcyBEYW5pZWxlIHN1Z2dlc3RlZCwgd2Ugd2ls
bCBhZGQgdGhlIGZvbGxvd2luZyB0ZXh0IGluIHNlY3Rpb24gMzoNCjxvOnA+PC9vOnA+PC9zcGFu
PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj7i
gJxJdCdzIG5vdGVkIHRoYXQgdGhlcmUncyBpZGVhIHRoYXQgdGhlIE5NUyBhbmQgU0ROIGFyZSBl
dm9sdmluZyB0b3dhcmRzIGEgY29tcG9uZW50LCBhbmQgdGhlIGRpc3RpbmN0aW9uIGJldHdlZW4g
dGhlbSBpcyBxdWl0ZSB2YWd1ZS4gQW5vdGhlciBmYWN0IGlzIHRoYXQgdGhlcmUgaXMgc3RpbGwg
cGxlbnR5IG9mIG5ldHdvcmtzIHdoZXJlIE5NUyBpcyBzdGlsbA0KIGNvbnNpZGVyZWQgYXMgdGhl
IGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lLCB3aGlsZSBTRE4gaXMgY29u
c2lkZXJlZCBhcyB0aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUuIFRoZXkg
YXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgY29tcG9uZW50LuKAnTxvOnA+PC9vOnA+PC9zcGFu
PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48
bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz
dHlsZT0iY29sb3I6IzFGNDk3RCI+UmVnYXJkaW5nIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9u
cywgeWVzLCB0aGlzIGRyYWZ0IGRvZXNu4oCZdCBzcGVjaWZ5IHRoZSBwYXJhbWV0ZXJzLg0KPG86
cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNv
bG9yOiMxRjQ5N0QiPlRoZXJl4oCZcyBhbm90aGVyIGRyYWZ0IGRyYWZ0LWlldGYtY2NhbXAtbXct
eWFuZywgd2hlcmUgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb24gaXMgYWRkcmVzc2VkIGFzIHlv
dSBzdWdnZXN0ZWQuDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkJSLDxv
OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJj
b2xvcjojMUY0OTdEIj5BbXk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdiBzdHls
ZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4w
cHQgMGNtIDBjbSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+RnJvbTo8L2I+IERhbmll
bGUgQ2VjY2FyZWxsaSBbPGEgaHJlZj0ibWFpbHRvOmRhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nv
bi5jb20iPm1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPC9hPl0NCjxicj4N
CjxiPlNlbnQ6PC9iPiBNb25kYXksIE1heSAwNywgMjAxOCA1OjQ2IFBNPGJyPg0KPGI+VG86PC9i
PiBSYWRpYSBQZXJsbWFuICZsdDs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNv
bSI+cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOmRyYWZ0
LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmciPmRyYWZ0
LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+OyBU
aGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciPmllc2dAaWV0Zi5vcmc8
L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciPnNlY2RpckBpZXRmLm9y
ZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUkU6IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0
Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwv
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdl
OkVOLVVTIj5IaSBSYWRpYSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48
bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz
dHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPmxldCBtZSByZXBseSBvbiBiZWhhbGYg
b2YgdGhlIGF1dGhvcnMuIEZpcnN0IG9mIGFsbCBtYW55IHRoYW5rcyBmb3IgeW91ciByZXZpZXcu
PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9
Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6
RU4tVVMiPlJlZ2FyZGluZyB5b3VyIHF1ZXN0aW9uIGFib3V0IHRyYWRpdGlvbmFsIE5NUyB2cyBT
RE4gSSBhZ3JlZSB3aXRoIHlvdSBvbiB0aGUgZmFjdCB0aGF0IHRoZXkgYXJlIGV2b2x2aW5nIHRv
d2FyZHMgYSBjb21tb24gY29tcG9uZW50IGFuZCB0aGUgZGlzdGluY3Rpb24gaXMgcXVpdGUgYmx1
cnJ5LCBidXQgdGhlcmUgaXMgc3RpbGwgcGxlbnR5DQogb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlz
IHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50
IHBsYW5lIHdoaWxlIFNETiB0aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUg
YW5kIHRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgdGhpbmdzLjxvOnA+PC9vOnA+PC9z
cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1s
YW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5IZW5jZSwg
c2luY2UgdGhlIGF1dGhvcnMgc3BlYWsgYWJvdXQg4oCcdHJhZGl0aW9uYWzigJ0gTk1TIGFuZCBT
RE4gSSB3b3VsZCB0ZW5kIHRvIGFsbG93IGZvciB0aGUgZGlzdGluY3Rpb24gdG8gYmUga2VwdC4g
SWYgeW91IHByZWZlciBhIG5vdGUgc3BlYWtpbmcgYWJvdXQgdGhlIGNvbnZlcmdlbmNlIG9mIHRo
ZSB0d28gdGhpbmdzIGNhbiBiZSBhZGRlZC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxv
OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0
eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+VGhhbmtzIGEgbG90PG86cD48L286cD48
L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0
LWxhbmd1YWdlOkVOLVVTIj5EYW5pZWxlJm5ic3A7IChjY2FtcCBjby1jaGFpcik8bzpwPjwvbzpw
Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVh
c3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXYgc3R5
bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUgMS41cHQ7cGFkZGluZzowY20g
MGNtIDBjbSA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRv
cDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAwY20iPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PGI+RnJvbTo8L2I+IFJhZGlhIFBlcmxtYW4gWzxhIGhyZWY9Im1haWx0
bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tIj5tYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwv
YT5dDQo8YnI+DQo8Yj5TZW50OjwvYj4gbHVuZWTDrCA3IG1hZ2dpbyAyMDE4IDA4OjU1PGJyPg0K
PGI+VG86PC9iPiA8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJh
bWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZyI+DQpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m
cmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPC9hPjsgVGhlIElFU0cgJmx0OzxhIGhyZWY9Im1h
aWx0bzppZXNnQGlldGYub3JnIj5pZXNnQGlldGYub3JnPC9hPiZndDs7DQo8YSBocmVmPSJtYWls
dG86c2VjZGlyQGlldGYub3JnIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJyPg0KPGI+U3ViamVjdDo8
L2I+IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3Jr
LTA1PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+U29ycnkuLi5yZXNlbmRpbmcgYmVjYXVz
ZSBJIG1pc3R5cGVkIHRoZSBhdXRob3IgYWRkcmVzcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9v
OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IGxhbmc9IklUIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij48c3BhbiBsYW5nPSJJVCI+
LS0tLS0tLS0tLSBGb3J3YXJkZWQgbWVzc2FnZSAtLS0tLS0tLS0tPGJyPg0KRnJvbTogPGI+UmFk
aWEgUGVybG1hbjwvYj4gJmx0OzxhIGhyZWY9Im1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29t
Ij5yYWRpYXBlcmxtYW5AZ21haWwuY29tPC9hPiZndDs8YnI+DQpEYXRlOiBTdW4sIE1heSA2LCAy
MDE4IGF0IDExOjQ4IFBNPGJyPg0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRm
LWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8YnI+DQpUbzogPGEgaHJlZj0ibWFpbHRvOmRy
YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmci
PmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5v
cmc8L2E+LCBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciPmllc2dA
aWV0Zi5vcmc8L2E+Jmd0OywNCjxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciPnNlY2Rp
ckBpZXRmLm9yZzwvYT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1p
bHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj5TdW1tYXJ5OiZu
YnNwOyBObyBzZWN1cml0eSBpc3N1ZXMgZm91bmQsIGJ1dCBJIGRvIGhhdmUgcXVlc3Rpb25zLCBh
bmQgdGhlcmUgYXJlIGVkaXRpbmcgZ2xpdGNoZXM8L3NwYW4+PHNwYW4gbGFuZz0iSVQiPjxvOnA+
PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n
PSJJVCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9u
dC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj5JIGhh
dmUgcmV2aWV3ZWQgdGhpcyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3Rv
cmF0ZSdzIG9uZ29pbmc8YnI+DQplZmZvcnQgdG8mbmJzcDs8c3BhbiBjbGFzcz0ibTQxMzEzNzY3
MjgwMzExNjczMDZnbWFpbC1tOTAyNjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1
Nzc4MjUzNGdtYWlsLWlsIj5yZXZpZXc8L3NwYW4+Jm5ic3A7YWxsIElFVEYgZG9jdW1lbnRzIGJl
aW5nIHByb2Nlc3NlZCBieSB0aGUgSUVTRy4mbmJzcDsgVGhlc2U8YnI+DQpjb21tZW50cyB3ZXJl
IHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJlYTxi
cj4NCmRpcmVjdG9ycy4mbmJzcDsgRG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3Vs
ZCB0cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0PGJyPg0KbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxs
IGNvbW1lbnRzLjwvc3Bhbj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+
PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQi
PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIj5UaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0aGUgbWFu
YWdlbWVudCBpbnRlcmZhY2UgZm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy48bzpwPjwvbzpwPjwv
c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n
PSJJVCI+SXQgYWR2b2NhdGVzIChjb3JyZWN0bHksIEkgYmVsaWV2ZSkgdGhhdCBzdWNoIGFuIGlu
dGVyZmFjZSBzaG91bGQgYmUgZXh0ZW5zaWJsZSB0byBwcm92aWRlIGZvciB2ZW5kb3Itc3BlY2lm
aWMgZmVhdHVyZXMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv
cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIj5J
IGRvbid0IHVuZGVyc3RhbmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICZxdW90O2EgdHJhZGl0
aW9uYWwgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSZxdW90OyBhbmQgU0ROLiZuYnNwOyBQZXJo
YXBzIGl0IGlzIG5vdCB0aGUgam9iIG9mIHRoaXMgZG9jdW1lbnQgdG8gY2xlYXJseSBtYWtlIHRo
ZSBkaXN0aW5jdGlvbiwgYW5kIEkgc3VzcGVjdCB0aGVyZSBpcyBubyByZWFsIGRpc3RpbmN0aW9u
Li4uc2V0dGluZw0KIHBhcmFtZXRlcnMgKHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCkg
aXMgYSB3YXkgb2YgJnF1b3Q7cHJvZ3JhbW1pbmcmcXVvdDsgYW4gaW50ZXJmYWNlICgmcXVvdDtT
RE4mcXVvdDspLiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bh
bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJ
VCI+VGhpcyBkb2N1bWVudCBjb3VsZCB1c2UgYW4gZWRpdGluZyBwYXNzIGZvciBnbGl0Y2hlcywg
YnV0IHRoZXNlIGdsaXRjaGVzIGRvIG5vdCBpbXBhY3QgaXRzIHJlYWRhYmlsaXR5LjxvOnA+PC9v
OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IGxhbmc9IklUIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+VGhlIGdsaXRjaGVzIGNvbnNpc3Qm
bmJzcDsgbW9zdGx5IG9mIGxlYXZpbmcgb3V0IGxpdHRsZSB3b3JkcyBsaWtlICZxdW90O29mJnF1
b3Q7IGluIHRoZSBmb2xsb3dpbmcgc2VudGVuY2UuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k
aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPiZxdW90O1Ro
ZSBhZG9wdGlvbiBvZiBhbiBTRE4gZnJhbWV3b3JrIGZvciBtYW5hZ2VtZW50IGFuZDxvOnA+PC9v
OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IGxhbmc9IklUIj4mbmJzcDsgJm5ic3A7Y29udHJvbCB0aGUgbWljcm93YXZlIGludGVyZmFjZSBp
cyBvbmUgb2YgdGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yPG86cD48L286cD48L3NwYW4+PC9wPg0K
PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPiZuYnNw
OyAmbmJzcDt0aGlzIHdvcmsuJnF1b3Q7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9v
OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IGxhbmc9IklUIj5UaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2F5IHRoYXQgdGhleSBhc3N1
bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChhdXRoZW50aWNhdGVkLCBwcm9iYWJseSBlbmNy
eXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNvbW11bmljYXRpb24uJm5ic3A7IE90aGVyIHRo
YW4gdGhhdCwgcGVyaGFwcywgdGhlcmUgbWlnaHQgYmUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMg
Zm9yIGluYWR2ZXJ0ZW50bHkNCiBzZXR0aW5nIHBhcmFtZXRlcnMgaW5jb3JyZWN0bHksIG9yIG1h
bGljaW91c2x5IGJ5IGEgdHJ1c3RlZCBhZG1pbmlzdHJhdG9yLiZuYnNwOyBCdXQgdGhpcyBkb2N1
bWVudCBkb2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVjaWZpYyBwYXJhbWV0ZXJzIHRvIGJlIG1hbmFn
ZWQsIGp1c3QgYSBnZW5lcmFsIGZyYW1ld29yay48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp
dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImNv
bG9yOiM4ODg4ODgiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0iY29sb3I6Izg4ODg4
OCI+UmFkaWE8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJjb2xvcjojODg4ODg4Ij48
bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rp
dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIj48bzpwPiZuYnNwOzwvbzpw
Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwv
aHRtbD4NCg==

--_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74dggema521mbschi_--


From nobody Thu May 17 21:30:05 2018
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0B23126DEE; Thu, 17 May 2018 21:29:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level: 
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A3jkyTSUbXnN; Thu, 17 May 2018 21:29:54 -0700 (PDT)
Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DCAA126D05; Thu, 17 May 2018 21:29:54 -0700 (PDT)
Received: by mail-io0-x22c.google.com with SMTP id c9-v6so4673295iob.12; Thu, 17 May 2018 21:29:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Z6bvZ5h9cmf2cjLP34pLwFxhX17EHlRdiIvjnYYk8F4=; b=P8hWwBLY1X/PMpHLvQBNVzhJYdHepYPwyH0RbLnEDwLfnjjFZJzpv+HrUi4EMEvYDT 0Z5lRIAVHNDm9YHokmsJ7cQ9aZo8f/muCHJR+xhqfVwrkH7DhpUlomCo+ToufPK6Y7HP uk+jG+OsRc3D9B270hL11YTt1lJvZeiVuOK9ndifsT/DtKKnnT1UyUw8f7J7GaDp20PN 95Vas3oy4DCRD3PyOhzxLfuhSjqHrLIDWdx/Xnq2L6aNjRrCdU6huOpGJlGRTHJbCo6s eZY7P2WepFkhDU+S1Myx3pQvN5ACakNR9vuMoH5GNFYh8XHsRjk1CqLnIsfwbG+i6Sdo HauA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Z6bvZ5h9cmf2cjLP34pLwFxhX17EHlRdiIvjnYYk8F4=; b=YCFh8StS0i+oQnfOB/KZcC1sOeeR3ydfqWaKpeYhzMy8/6SPXlmLFMQz9uFY0UsWGu gAObPzKUMtLHK+mPLpscYgBgknuSrBxorl9zzehCYFUdu1tNuGb7wANIDwqH/EhpLcYf r41ikOnZKkA9QOtvXQYDI144U2orFx1nLM8/OjDFfTQzSc29Pre/iV5qCi8pV/WLXBgy inZ+YSLQeS+SzLZsRe4dX3IOiAJUDou+DzNfFKoC958NtozMVlewIXp2j4R4TlG8yiHL bN83DnlAyd6Y84xwTKOt5twQINn0LkiuwkvbaS7DOC4JvEgaZD1oWaYtzOYlv/G7zpPK PsBw==
X-Gm-Message-State: ALKqPwcr+3w7GFG7fGnykWySgqkvHyOphOciT7XWAtlE0bHj30OLKEgT rbUaG+Q2pi96qoXDqT/Gl3LsvrXsWTRVK/wQfoU=
X-Google-Smtp-Source: AB8JxZoQZoHGuxkP5t1XIz50tZcvXBasQWQqvBBN1mmwZcsxbzLJ6mv3pOTEG8l3d7KyirwNJ5yjCKmznluRdycjcao=
X-Received: by 2002:a6b:82a0:: with SMTP id m32-v6mr9114990ioi.56.1526617793861;  Thu, 17 May 2018 21:29:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:2a02:0:0:0:0:0 with HTTP; Thu, 17 May 2018 21:29:53 -0700 (PDT)
In-Reply-To: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com>
References: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com> <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com>
From: Radia Perlman <radiaperlman@gmail.com>
Date: Thu, 17 May 2018 21:29:53 -0700
Message-ID: <CAFOuuo6XWv8NnWN2SDXDFJ-6FZVmvC-T8i8k+M3wXb2aARfqBg@mail.gmail.com>
To: "Yemin (Amy)" <amy.yemin@huawei.com>
Cc: Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>,  "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" <draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>,  The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "ccamp@ietf.org" <ccamp@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004f9df5056c73674d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/TkBRZSyeAeb7JkTIV5pw08kQ7q4>
Subject: Re: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 04:29:58 -0000

--0000000000004f9df5056c73674d
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Thank you!  Though what you're suggesting is awkward English.

Perhaps "We note that the distinction between NMS and SDN is not all that
clear, and the two are evolving to be more and more similar." could replace
the first sentence.  I'm really not sure what you meant by "evolving toward
a component", so perhaps I'm not capturing what you are intending to say.


Radia

On Thu, May 17, 2018 at 7:03 PM, Yemin (Amy) <amy.yemin@huawei.com> wrote:

> Hi Radia,
>
>
>
> We just updated the draft, https://datatracker.ietf.org/
> doc/draft-ietf-ccamp-microwave-framework/.
>
> Your comments are addressed in the latest version.
>
>
>
> BR,
>
> Amy
>
> *From:* Yemin (Amy)
> *Sent:* Thursday, May 10, 2018 4:07 PM
> *To:* 'Daniele Ceccarelli' <daniele.ceccarelli@ericsson.com>; Radia
> Perlman <radiaperlman@gmail.com>; draft-ietf-ccamp-microwave-
> framework.all@tools.ietf.org; The IESG <iesg@ietf.org>; secdir@ietf.org
> *Subject:* RE: Secdir review of draft-ietf-ccamp-microwave-framework-05
>
>
>
> Hi Radia,
>
>
>
> Thanks for your review.
>
>
>
> Regarding the NMS and SDN, as Daniele suggested, we will add the followin=
g
> text in section 3:
>
> =E2=80=9CIt's noted that there's idea that the NMS and SDN are evolving t=
owards a
> component, and the distinction between them is quite vague. Another fact =
is
> that there is still plenty of networks where NMS is still considered as t=
he
> implementation of the management plane, while SDN is considered as the
> centralization of the control plane. They are still kept as separate
> component.=E2=80=9D
>
>
>
> Regarding the security considerations, yes, this draft doesn=E2=80=99t sp=
ecify the
> parameters.
>
> There=E2=80=99s another draft draft-ietf-ccamp-mw-yang, where the securit=
y
> consideration is addressed as you suggested.
>
>
>
> BR,
>
> Amy
>
> *From:* Daniele Ceccarelli [mailto:daniele.ceccarelli@ericsson.com
> <daniele.ceccarelli@ericsson.com>]
> *Sent:* Monday, May 07, 2018 5:46 PM
> *To:* Radia Perlman <radiaperlman@gmail.com>; draft-ietf-ccamp-microwave-
> framework.all@tools.ietf.org; The IESG <iesg@ietf.org>; secdir@ietf.org
> *Subject:* RE: Secdir review of draft-ietf-ccamp-microwave-framework-05
>
>
>
> Hi Radia,
>
>
>
> let me reply on behalf of the authors. First of all many thanks for your
> review.
>
>
>
> Regarding your question about traditional NMS vs SDN I agree with you on
> the fact that they are evolving towards a common component and the
> distinction is quite blurry, but there is still plenty of networks where
> NMS is still considered as the implementation of the management plane whi=
le
> SDN the centralization of the control plane and they are still kept as
> separate things.
>
>
>
> Hence, since the authors speak about =E2=80=9Ctraditional=E2=80=9D NMS an=
d SDN I would
> tend to allow for the distinction to be kept. If you prefer a note speaki=
ng
> about the convergence of the two things can be added.
>
>
>
> Thanks a lot
>
> Daniele  (ccamp co-chair)
>
>
>
> *From:* Radia Perlman [mailto:radiaperlman@gmail.com
> <radiaperlman@gmail.com>]
> *Sent:* luned=C3=AC 7 maggio 2018 08:55
> *To:* draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG <
> iesg@ietf.org>; secdir@ietf.org
> *Subject:* Secdir review of draft-ietf-ccamp-microwave-framework-05
>
>
>
> Sorry...resending because I mistyped the author address.
>
>
>
>
>
> ---------- Forwarded message ----------
> From: *Radia Perlman* <radiaperlman@gmail.com>
> Date: Sun, May 6, 2018 at 11:48 PM
> Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05
> To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org, The IESG =
<
> iesg@ietf.org>, secdir@ietf.org
>
> Summary:  No security issues found, but I do have questions, and there ar=
e
> editing glitches
>
>
>
> I have reviewed this document as part of the security directorate's ongoi=
ng
> effort to review all IETF documents being processed by the IESG.  These
> comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments ju=
st
> like any other last call comments.
>
>
>
> This document describes the management interface for microwave radio link=
s.
>
> It advocates (correctly, I believe) that such an interface should be
> extensible to provide for vendor-specific features.
>
>
>
> I don't understand the difference between a "a traditional network
> management system" and SDN.  Perhaps it is not the job of this document t=
o
> clearly make the distinction, and I suspect there is no real
> distinction...setting parameters (traditional network management) is a wa=
y
> of "programming" an interface ("SDN").
>
>
>
> This document could use an editing pass for glitches, but these glitches
> do not impact its readability.
>
>
>
> The glitches consist  mostly of leaving out little words like "of" in the
> following sentence.
>
> "The adoption of an SDN framework for management and
>
>    control the microwave interface is one of the key applications for
>
>    this work."
>
>
>
> The security considerations say that they assume a secure transport layer
> (authenticated, probably encryption isn't necessary) for communication.
> Other than that, perhaps, there might be security considerations for
> inadvertently setting parameters incorrectly, or maliciously by a trusted
> administrator.  But this document does not specify the specific parameter=
s
> to be managed, just a general framework.
>
>
>
> Radia
>
>
>
>
>

--0000000000004f9df5056c73674d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Thank you!=C2=A0 Though what you&#39;re suggesting is awkw=
ard English.<div><br></div><div>Perhaps &quot;We note that the distinction =
between NMS and SDN is not all that clear, and the two are evolving to be m=
ore and more similar.&quot; could replace the first sentence.=C2=A0 I&#39;m=
 really not sure what you meant by &quot;evolving toward a component&quot;,=
 so perhaps I&#39;m not capturing what you are intending to say.<br><div><b=
r></div><div><div><br></div><div>Radia</div></div></div></div><div class=3D=
"gmail_extra"><br><div class=3D"gmail_quote">On Thu, May 17, 2018 at 7:03 P=
M, Yemin (Amy) <span dir=3D"ltr">&lt;<a href=3D"mailto:amy.yemin@huawei.com=
" target=3D"_blank">amy.yemin@huawei.com</a>&gt;</span> wrote:<br><blockquo=
te class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc so=
lid;padding-left:1ex">





<div lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"m_-6166985804615279366WordSection1">
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Hi Radia, <u></u><u></=
u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d"><u></u>=C2=A0<u></u></=
span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">We just updated the dr=
aft, <a href=3D"https://datatracker.ietf.org/doc/draft-ietf-ccamp-microwave=
-framework/" target=3D"_blank">
https://datatracker.ietf.org/<wbr>doc/draft-ietf-ccamp-<wbr>microwave-frame=
work/</a>. <u></u>
<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Your comments are addr=
essed in the latest version.
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d"><u></u>=C2=A0<u></u></=
span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">BR,<u></u><u></u></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Amy<u></u><u></u></spa=
n></p>
<div>
<div style=3D"border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm =
0cm 0cm">
<p class=3D"MsoNormal"><b>From:</b> Yemin (Amy) <br>
<b>Sent:</b> Thursday, May 10, 2018 4:07 PM<br>
<b>To:</b> &#39;Daniele Ceccarelli&#39; &lt;<a href=3D"mailto:daniele.cecca=
relli@ericsson.com" target=3D"_blank">daniele.ceccarelli@ericsson.<wbr>com<=
/a>&gt;; Radia Perlman &lt;<a href=3D"mailto:radiaperlman@gmail.com" target=
=3D"_blank">radiaperlman@gmail.com</a>&gt;; <a href=3D"mailto:draft-ietf-cc=
amp-microwave-framework.all@tools.ietf.org" target=3D"_blank">draft-ietf-cc=
amp-microwave-<wbr>framework.all@tools.ietf.org</a>; The IESG &lt;<a href=
=3D"mailto:iesg@ietf.org" target=3D"_blank">iesg@ietf.org</a>&gt;; <a href=
=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.org</a><span clas=
s=3D""><br>
<b>Subject:</b> RE: Secdir review of draft-ietf-ccamp-microwave-<wbr>framew=
ork-05<u></u><u></u></span></p>
</div>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Hi Radia, <u></u><u></=
u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d"><u></u>=C2=A0<u></u></=
span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Thanks for your review=
. <u></u><u></u></span></p><span class=3D"">
<p class=3D"MsoNormal"><span style=3D"color:#1f497d"><u></u>=C2=A0<u></u></=
span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Regarding the NMS and =
SDN, as Daniele suggested, we will add the following text in section 3:
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=E2=80=9CIt&#39;s note=
d that there&#39;s idea that the NMS and SDN are evolving towards a compone=
nt, and the distinction between them is quite vague. Another fact is that t=
here is still plenty of networks where NMS is still
 considered as the implementation of the management plane, while SDN is con=
sidered as the centralization of the control plane. They are still kept as =
separate component.=E2=80=9D<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d"><u></u>=C2=A0<u></u></=
span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Regarding the security=
 considerations, yes, this draft doesn=E2=80=99t specify the parameters.
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">There=E2=80=99s anothe=
r draft draft-ietf-ccamp-mw-yang, where the security consideration is addre=
ssed as you suggested.
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d"><u></u>=C2=A0<u></u></=
span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">BR,<u></u><u></u></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Amy<u></u><u></u></spa=
n></p>
<div>
<div style=3D"border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm =
0cm 0cm">
<p class=3D"MsoNormal"><b>From:</b> Daniele Ceccarelli [<a href=3D"mailto:d=
aniele.ceccarelli@ericsson.com" target=3D"_blank">mailto:daniele.ceccarelli=
@<wbr>ericsson.com</a>]
<br>
<b>Sent:</b> Monday, May 07, 2018 5:46 PM<br>
<b>To:</b> Radia Perlman &lt;<a href=3D"mailto:radiaperlman@gmail.com" targ=
et=3D"_blank">radiaperlman@gmail.com</a>&gt;;
<a href=3D"mailto:draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" =
target=3D"_blank">draft-ietf-ccamp-microwave-<wbr>framework.all@tools.ietf.=
org</a>; The IESG &lt;<a href=3D"mailto:iesg@ietf.org" target=3D"_blank">ie=
sg@ietf.org</a>&gt;;
<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.org</a><br=
>
<b>Subject:</b> RE: Secdir review of draft-ietf-ccamp-microwave-<wbr>framew=
ork-05<u></u><u></u></p>
</div>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</span><p class=3D"MsoNormal"><span lang=3D"IT">Hi Radia,<u></u><u></u></sp=
an></p><div><div class=3D"h5">
<p class=3D"MsoNormal"><span lang=3D"IT"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span>let me reply on behalf of the authors. First o=
f all many thanks for your review.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span>Regarding your question about traditional NMS =
vs SDN I agree with you on the fact that they are evolving towards a common=
 component and the distinction is quite blurry, but there is still plenty
 of networks where NMS is still considered as the implementation of the man=
agement plane while SDN the centralization of the control plane and they ar=
e still kept as separate things.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span>Hence, since the authors speak about =E2=80=9C=
traditional=E2=80=9D NMS and SDN I would tend to allow for the distinction =
to be kept. If you prefer a note speaking about the convergence of the two =
things can be added.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span>Thanks a lot<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span>Daniele=C2=A0 (ccamp co-chair)<u></u><u></u></=
span></p>
<p class=3D"MsoNormal"><span><u></u>=C2=A0<u></u></span></p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm =
4.0pt">
<div>
<div style=3D"border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm =
0cm 0cm">
<p class=3D"MsoNormal"><b>From:</b> Radia Perlman [<a href=3D"mailto:radiap=
erlman@gmail.com" target=3D"_blank">mailto:radiaperlman@gmail.com</a><wbr>]
<br>
<b>Sent:</b> luned=C3=AC 7 maggio 2018 08:55<br>
<b>To:</b> <a href=3D"mailto:draft-ietf-ccamp-microwave-framework.all@tools=
.ietf.org" target=3D"_blank">
draft-ietf-ccamp-microwave-<wbr>framework.all@tools.ietf.org</a>; The IESG =
&lt;<a href=3D"mailto:iesg@ietf.org" target=3D"_blank">iesg@ietf.org</a>&gt=
;;
<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.org</a><br=
>
<b>Subject:</b> Secdir review of draft-ietf-ccamp-microwave-<wbr>framework-=
05<u></u><u></u></p>
</div>
</div>
<p class=3D"MsoNormal"><span lang=3D"IT"><u></u>=C2=A0<u></u></span></p>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">Sorry...resending because I mistyp=
ed the author address.<u></u><u></u></span></p>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT"><u></u>=C2=A0<u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT"><u></u>=C2=A0<u></u></span></p>
<div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt"><span lang=3D"IT">---=
------- Forwarded message ----------<br>
From: <b>Radia Perlman</b> &lt;<a href=3D"mailto:radiaperlman@gmail.com" ta=
rget=3D"_blank">radiaperlman@gmail.com</a>&gt;<br>
Date: Sun, May 6, 2018 at 11:48 PM<br>
Subject: Secdir review of draft-ietf-ccamp-microwave-<wbr>framework-05<br>
To: <a href=3D"mailto:draft-ietf-ccamp-microwave-framework-05.all@tools.iet=
f.org" target=3D"_blank">draft-ietf-ccamp-microwave-<wbr>framework-05.all@t=
ools.ietf.<wbr>org</a>, The IESG &lt;<a href=3D"mailto:iesg@ietf.org" targe=
t=3D"_blank">iesg@ietf.org</a>&gt;,
<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.org</a><u>=
</u><u></u></span></p>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"font-size:9.5pt;font-fami=
ly:&quot;Arial&quot;,sans-serif;color:#222222">Summary:=C2=A0 No security i=
ssues found, but I do have questions, and there are editing glitches</span>=
<span lang=3D"IT"><u></u><u></u></span></p>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT"><u></u>=C2=A0<u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"font-size:9.5pt;font-fami=
ly:&quot;Arial&quot;,sans-serif;color:#222222">I have reviewed this documen=
t as part of the security directorate&#39;s ongoing<br>
effort to=C2=A0<span class=3D"m_-6166985804615279366m4131376728031167306gma=
il-m9026368803713863349gmail-m-5057010912157782534gmail-il">review</span>=
=C2=A0all IETF documents being processed by the IESG.=C2=A0 These<br>
comments were written primarily for the benefit of the security area<br>
directors.=C2=A0 Document editors and WG chairs should treat these comments=
 just<br>
like any other last call comments.</span><span lang=3D"IT">=C2=A0<u></u><u>=
</u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT"><u></u>=C2=A0<u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">This document describes the manage=
ment interface for microwave radio links.<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">It advocates (correctly, I believe=
) that such an interface should be extensible to provide for vendor-specifi=
c features.<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT"><u></u>=C2=A0<u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">I don&#39;t understand the differe=
nce between a &quot;a traditional network management system&quot; and SDN.=
=C2=A0 Perhaps it is not the job of this document to clearly make the disti=
nction, and I suspect there is no real distinction...setting
 parameters (traditional network management) is a way of &quot;programming&=
quot; an interface (&quot;SDN&quot;).=C2=A0<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT"><u></u>=C2=A0<u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">This document could use an editing=
 pass for glitches, but these glitches do not impact its readability.<u></u=
><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT"><u></u>=C2=A0<u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">The glitches consist=C2=A0 mostly =
of leaving out little words like &quot;of&quot; in the following sentence.<=
u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">&quot;The adoption of an SDN frame=
work for management and<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0 =C2=A0control the microwave=
 interface is one of the key applications for<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0 =C2=A0this work.&quot;<u></=
u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT"><u></u>=C2=A0<u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">The security considerations say th=
at they assume a secure transport layer (authenticated, probably encryption=
 isn&#39;t necessary) for communication.=C2=A0 Other than that, perhaps, th=
ere might be security considerations for inadvertently
 setting parameters incorrectly, or maliciously by a trusted administrator.=
=C2=A0 But this document does not specify the specific parameters to be man=
aged, just a general framework.<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"color:#888888"><u></u>=C2=
=A0<u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"color:#888888">Radia<u></=
u><u></u></span></p>
</div>
<div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"color:#888888"><u></u>=C2=
=A0<u></u></span></p>
</div>
</div>
</div>
</div>
<p class=3D"MsoNormal"><span lang=3D"IT"><u></u>=C2=A0<u></u></span></p>
</div>
</div>
</div>
</div></div></div>
</div>

</blockquote></div><br></div>

--0000000000004f9df5056c73674d--


From nobody Thu May 17 23:12:55 2018
Return-Path: <amy.yemin@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A09312711E; Thu, 17 May 2018 23:12:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IrszpX5St0u4; Thu, 17 May 2018 23:12:29 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5534012711A; Thu, 17 May 2018 23:12:29 -0700 (PDT)
Received: from LHREML713-CAH.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id D8875FEE20363; Fri, 18 May 2018 07:12:25 +0100 (IST)
Received: from DGGEMA405-HUB.china.huawei.com (10.3.20.46) by LHREML713-CAH.china.huawei.com (10.201.108.36) with Microsoft SMTP Server (TLS) id 14.3.382.0; Fri, 18 May 2018 07:12:25 +0100
Received: from DGGEMA521-MBS.china.huawei.com ([169.254.5.75]) by DGGEMA405-HUB.china.huawei.com ([10.3.20.46]) with mapi id 14.03.0382.000; Fri, 18 May 2018 14:12:23 +0800
From: "Yemin (Amy)" <amy.yemin@huawei.com>
To: Radia Perlman <radiaperlman@gmail.com>
CC: Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>, "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" <draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "ccamp@ietf.org" <ccamp@ietf.org>
Thread-Topic: Secdir review of draft-ietf-ccamp-microwave-framework-05
Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQCADDFO8P//o5aAgAChMpA=
Date: Fri, 18 May 2018 06:12:22 +0000
Message-ID: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004FA1@dggema521-mbs.china.huawei.com>
References: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com> <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <CAFOuuo6XWv8NnWN2SDXDFJ-6FZVmvC-T8i8k+M3wXb2aARfqBg@mail.gmail.com>
In-Reply-To: <CAFOuuo6XWv8NnWN2SDXDFJ-6FZVmvC-T8i8k+M3wXb2aARfqBg@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.169.30.234]
Content-Type: multipart/alternative; boundary="_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004FA1dggema521mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/WqWJQsIwTPDVGpmY2VtAHYXpbh8>
Subject: Re: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 06:12:32 -0000

--_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004FA1dggema521mbschi_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

ImV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVudCIgaXMgdG8gc2F5IHRoYXQgb25lIHNpbmdsZSBz
b2Z0d2FyZSAodGhlIGNvbXBvbmVudCkgaGFzIHRoZSBmdW5jdGlvbmFsaXR5IG9mIGJvdGggTk1T
IGFuZCBTRE4uDQpJZiB5b3UgdGhpbmsgaXTigJlzIG5vdCBjbGVhciBlbm91Z2gsIHdlIGNvdWxk
IHJlcGxhY2Ugd2l0aCB3aGF0IHlvdSBzdWdnZXN0ZWQuDQoNCkFteQ0KRnJvbTogUmFkaWEgUGVy
bG1hbiBbbWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb21dDQpTZW50OiBGcmlkYXksIE1heSAx
OCwgMjAxOCAxMjozMCBQTQ0KVG86IFllbWluIChBbXkpIDxhbXkueWVtaW5AaHVhd2VpLmNvbT4N
CkNjOiBEYW5pZWxlIENlY2NhcmVsbGkgPGRhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb20+
OyBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3Jn
OyBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZz47IHNlY2RpckBpZXRmLm9yZzsgY2NhbXBAaWV0Zi5v
cmcNClN1YmplY3Q6IFJlOiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93
YXZlLWZyYW1ld29yay0wNQ0KDQpUaGFuayB5b3UhICBUaG91Z2ggd2hhdCB5b3UncmUgc3VnZ2Vz
dGluZyBpcyBhd2t3YXJkIEVuZ2xpc2guDQoNClBlcmhhcHMgIldlIG5vdGUgdGhhdCB0aGUgZGlz
dGluY3Rpb24gYmV0d2VlbiBOTVMgYW5kIFNETiBpcyBub3QgYWxsIHRoYXQgY2xlYXIsIGFuZCB0
aGUgdHdvIGFyZSBldm9sdmluZyB0byBiZSBtb3JlIGFuZCBtb3JlIHNpbWlsYXIuIiBjb3VsZCBy
ZXBsYWNlIHRoZSBmaXJzdCBzZW50ZW5jZS4gIEknbSByZWFsbHkgbm90IHN1cmUgd2hhdCB5b3Ug
bWVhbnQgYnkgImV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVudCIsIHNvIHBlcmhhcHMgSSdtIG5v
dCBjYXB0dXJpbmcgd2hhdCB5b3UgYXJlIGludGVuZGluZyB0byBzYXkuDQoNCg0KUmFkaWENCg0K
T24gVGh1LCBNYXkgMTcsIDIwMTggYXQgNzowMyBQTSwgWWVtaW4gKEFteSkgPGFteS55ZW1pbkBo
dWF3ZWkuY29tPG1haWx0bzphbXkueWVtaW5AaHVhd2VpLmNvbT4+IHdyb3RlOg0KSGkgUmFkaWEs
DQoNCldlIGp1c3QgdXBkYXRlZCB0aGUgZHJhZnQsIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5v
cmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay8uDQpZb3VyIGNvbW1l
bnRzIGFyZSBhZGRyZXNzZWQgaW4gdGhlIGxhdGVzdCB2ZXJzaW9uLg0KDQpCUiwNCkFteQ0KRnJv
bTogWWVtaW4gKEFteSkNClNlbnQ6IFRodXJzZGF5LCBNYXkgMTAsIDIwMTggNDowNyBQTQ0KVG86
ICdEYW5pZWxlIENlY2NhcmVsbGknIDxkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPG1h
aWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPj47IFJhZGlhIFBlcmxtYW4gPHJh
ZGlhcGVybG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20+PjsgZHJh
ZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWls
dG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9y
Zz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2Rp
ckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVjdDogUkU6IFNlY2RpciBy
ZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1DQoNCkhpIFJh
ZGlhLA0KDQpUaGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KDQpSZWdhcmRpbmcgdGhlIE5NUyBhbmQg
U0ROLCBhcyBEYW5pZWxlIHN1Z2dlc3RlZCwgd2Ugd2lsbCBhZGQgdGhlIGZvbGxvd2luZyB0ZXh0
IGluIHNlY3Rpb24gMzoNCuKAnEl0J3Mgbm90ZWQgdGhhdCB0aGVyZSdzIGlkZWEgdGhhdCB0aGUg
Tk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBjb21wb25lbnQsIGFuZCB0aGUgZGlz
dGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZhZ3VlLiBBbm90aGVyIGZhY3QgaXMgdGhh
dCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNv
bnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lLCB3
aGlsZSBTRE4gaXMgY29uc2lkZXJlZCBhcyB0aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNvbnRy
b2wgcGxhbmUuIFRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgY29tcG9uZW50LuKAnQ0K
DQpSZWdhcmRpbmcgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zLCB5ZXMsIHRoaXMgZHJhZnQg
ZG9lc27igJl0IHNwZWNpZnkgdGhlIHBhcmFtZXRlcnMuDQpUaGVyZeKAmXMgYW5vdGhlciBkcmFm
dCBkcmFmdC1pZXRmLWNjYW1wLW13LXlhbmcsIHdoZXJlIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0
aW9uIGlzIGFkZHJlc3NlZCBhcyB5b3Ugc3VnZ2VzdGVkLg0KDQpCUiwNCkFteQ0KRnJvbTogRGFu
aWVsZSBDZWNjYXJlbGxpIFttYWlsdG86ZGFuaWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbV0N
ClNlbnQ6IE1vbmRheSwgTWF5IDA3LCAyMDE4IDU6NDYgUE0NClRvOiBSYWRpYSBQZXJsbWFuIDxy
YWRpYXBlcmxtYW5AZ21haWwuY29tPG1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tPj47IGRy
YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8bWFp
bHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5v
cmc+OyBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+OyBzZWNk
aXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4NClN1YmplY3Q6IFJFOiBTZWNkaXIg
cmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpIaSBS
YWRpYSwNCg0KbGV0IG1lIHJlcGx5IG9uIGJlaGFsZiBvZiB0aGUgYXV0aG9ycy4gRmlyc3Qgb2Yg
YWxsIG1hbnkgdGhhbmtzIGZvciB5b3VyIHJldmlldy4NCg0KUmVnYXJkaW5nIHlvdXIgcXVlc3Rp
b24gYWJvdXQgdHJhZGl0aW9uYWwgTk1TIHZzIFNETiBJIGFncmVlIHdpdGggeW91IG9uIHRoZSBm
YWN0IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbW1vbiBjb21wb25lbnQgYW5k
IHRoZSBkaXN0aW5jdGlvbiBpcyBxdWl0ZSBibHVycnksIGJ1dCB0aGVyZSBpcyBzdGlsbCBwbGVu
dHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxl
bWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lIHdoaWxlIFNETiB0aGUgY2VudHJhbGl6
YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUgYW5kIHRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2Vw
YXJhdGUgdGhpbmdzLg0KDQpIZW5jZSwgc2luY2UgdGhlIGF1dGhvcnMgc3BlYWsgYWJvdXQg4oCc
dHJhZGl0aW9uYWzigJ0gTk1TIGFuZCBTRE4gSSB3b3VsZCB0ZW5kIHRvIGFsbG93IGZvciB0aGUg
ZGlzdGluY3Rpb24gdG8gYmUga2VwdC4gSWYgeW91IHByZWZlciBhIG5vdGUgc3BlYWtpbmcgYWJv
dXQgdGhlIGNvbnZlcmdlbmNlIG9mIHRoZSB0d28gdGhpbmdzIGNhbiBiZSBhZGRlZC4NCg0KVGhh
bmtzIGEgbG90DQpEYW5pZWxlICAoY2NhbXAgY28tY2hhaXIpDQoNCkZyb206IFJhZGlhIFBlcmxt
YW4gW21haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tXQ0KU2VudDogbHVuZWTDrCA3IG1hZ2dp
byAyMDE4IDA4OjU1DQpUbzogZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFs
bEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3
b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzpp
ZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0K
U3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt
ZXdvcmstMDUNCg0KU29ycnkuLi5yZXNlbmRpbmcgYmVjYXVzZSBJIG1pc3R5cGVkIHRoZSBhdXRo
b3IgYWRkcmVzcy4NCg0KDQotLS0tLS0tLS0tIEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS0N
CkZyb206IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVybG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlh
cGVybG1hbkBnbWFpbC5jb20+Pg0KRGF0ZTogU3VuLCBNYXkgNiwgMjAxOCBhdCAxMTo0OCBQTQ0K
U3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt
ZXdvcmstMDUNClRvOiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxs
QHRvb2xzLmlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdv
cmstMDUuYWxsQHRvb2xzLmlldGYub3JnPiwgVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFpbHRv
Omllc2dAaWV0Zi5vcmc+Piwgc2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+
DQpTdW1tYXJ5OiAgTm8gc2VjdXJpdHkgaXNzdWVzIGZvdW5kLCBidXQgSSBkbyBoYXZlIHF1ZXN0
aW9ucywgYW5kIHRoZXJlIGFyZSBlZGl0aW5nIGdsaXRjaGVzDQoNCkkgaGF2ZSByZXZpZXdlZCB0
aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2lu
Zw0KZWZmb3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5
IHRoZSBJRVNHLiAgVGhlc2UNCmNvbW1lbnRzIHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9yIHRo
ZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBhcmVhDQpkaXJlY3RvcnMuICBEb2N1bWVudCBlZGl0
b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3QNCmxpa2Ug
YW55IG90aGVyIGxhc3QgY2FsbCBjb21tZW50cy4NCg0KVGhpcyBkb2N1bWVudCBkZXNjcmliZXMg
dGhlIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGZvciBtaWNyb3dhdmUgcmFkaW8gbGlua3MuDQpJdCBh
ZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1Y2ggYW4gaW50ZXJmYWNlIHNo
b3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRvci1zcGVjaWZpYyBmZWF0dXJl
cy4NCg0KSSBkb24ndCB1bmRlcnN0YW5kIHRoZSBkaWZmZXJlbmNlIGJldHdlZW4gYSAiYSB0cmFk
aXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQgc3lzdGVtIiBhbmQgU0ROLiAgUGVyaGFwcyBpdCBp
cyBub3QgdGhlIGpvYiBvZiB0aGlzIGRvY3VtZW50IHRvIGNsZWFybHkgbWFrZSB0aGUgZGlzdGlu
Y3Rpb24sIGFuZCBJIHN1c3BlY3QgdGhlcmUgaXMgbm8gcmVhbCBkaXN0aW5jdGlvbi4uLnNldHRp
bmcgcGFyYW1ldGVycyAodHJhZGl0aW9uYWwgbmV0d29yayBtYW5hZ2VtZW50KSBpcyBhIHdheSBv
ZiAicHJvZ3JhbW1pbmciIGFuIGludGVyZmFjZSAoIlNETiIpLg0KDQpUaGlzIGRvY3VtZW50IGNv
dWxkIHVzZSBhbiBlZGl0aW5nIHBhc3MgZm9yIGdsaXRjaGVzLCBidXQgdGhlc2UgZ2xpdGNoZXMg
ZG8gbm90IGltcGFjdCBpdHMgcmVhZGFiaWxpdHkuDQoNClRoZSBnbGl0Y2hlcyBjb25zaXN0ICBt
b3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxpa2UgIm9mIiBpbiB0aGUgZm9sbG93
aW5nIHNlbnRlbmNlLg0KIlRoZSBhZG9wdGlvbiBvZiBhbiBTRE4gZnJhbWV3b3JrIGZvciBtYW5h
Z2VtZW50IGFuZA0KICAgY29udHJvbCB0aGUgbWljcm93YXZlIGludGVyZmFjZSBpcyBvbmUgb2Yg
dGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yDQogICB0aGlzIHdvcmsuIg0KDQpUaGUgc2VjdXJpdHkg
Y29uc2lkZXJhdGlvbnMgc2F5IHRoYXQgdGhleSBhc3N1bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxh
eWVyIChhdXRoZW50aWNhdGVkLCBwcm9iYWJseSBlbmNyeXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkg
Zm9yIGNvbW11bmljYXRpb24uICBPdGhlciB0aGFuIHRoYXQsIHBlcmhhcHMsIHRoZXJlIG1pZ2h0
IGJlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGZvciBpbmFkdmVydGVudGx5IHNldHRpbmcgcGFy
YW1ldGVycyBpbmNvcnJlY3RseSwgb3IgbWFsaWNpb3VzbHkgYnkgYSB0cnVzdGVkIGFkbWluaXN0
cmF0b3IuICBCdXQgdGhpcyBkb2N1bWVudCBkb2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVjaWZpYyBw
YXJhbWV0ZXJzIHRvIGJlIG1hbmFnZWQsIGp1c3QgYSBnZW5lcmFsIGZyYW1ld29yay4NCg0KUmFk
aWENCg0KDQoNCg==

--_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004FA1dggema521mbschi_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
5a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtm
b250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0
O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUg
MiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOWui+S9kyI7DQoJ
cGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0K
cC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0K
CW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5
OiJUaW1lcyBOZXcgUm9tYW4iLHNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7
bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVu
ZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0
eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJs
aW5lO30NCnNwYW4ubS02MTY2OTg1ODA0NjE1Mjc5MzY2bTQxMzEzNzY3MjgwMzExNjczMDZnbWFp
bC1tOTAyNjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1Nzc4MjUzNGdtYWlsLWls
DQoJe21zby1zdHlsZS1uYW1lOm1fLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3NjcyODAzMTE2
NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3NzgyNTM0
Z21haWwtaWw7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwt
cmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6IzFGNDk3
RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250
LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6
ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcyLjBwdCA5MC4wcHQgNzIuMHB0IDkwLjBwdDt9
DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEt
LVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlk
bWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+
DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0
YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxi
b2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9
IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z
aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29s
b3I6IzFGNDk3RCI+JnF1b3Q7ZXZvbHZpbmcgdG93YXJkIGEgY29tcG9uZW50JnF1b3Q7IGlzIHRv
IHNheSB0aGF0IG9uZSBzaW5nbGUgc29mdHdhcmUgKHRoZSBjb21wb25lbnQpIGhhcyB0aGUgZnVu
Y3Rpb25hbGl0eSBvZiBib3RoIE5NUyBhbmQgU0ROLg0KPG86cD48L286cD48L3NwYW4+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m
YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPklmIHlv
dSB0aGluayBpdOKAmXMgbm90IGNsZWFyIGVub3VnaCwgd2UgY291bGQgcmVwbGFjZSB3aXRoIHdo
YXQgeW91IHN1Z2dlc3RlZC4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh
bGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwv
c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx
LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFG
NDk3RCI+QW15PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+
PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx
dW90OyxzYW5zLXNlcmlmIj5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox
MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj4gUmFkaWEg
UGVybG1hbiBbbWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb21dDQo8YnI+DQo8Yj5TZW50Ojwv
Yj4gRnJpZGF5LCBNYXkgMTgsIDIwMTggMTI6MzAgUE08YnI+DQo8Yj5Ubzo8L2I+IFllbWluIChB
bXkpICZsdDthbXkueWVtaW5AaHVhd2VpLmNvbSZndDs8YnI+DQo8Yj5DYzo8L2I+IERhbmllbGUg
Q2VjY2FyZWxsaSAmbHQ7ZGFuaWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbSZndDs7IGRyYWZ0
LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc7IFRoZSBJ
RVNHICZsdDtpZXNnQGlldGYub3JnJmd0Ozsgc2VjZGlyQGlldGYub3JnOyBjY2FtcEBpZXRmLm9y
Zzxicj4NCjxiPlN1YmplY3Q6PC9iPiBSZTogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNj
YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj5UaGFuayB5b3UhJm5ic3A7IFRob3VnaCB3aGF0IHlvdSdyZSBzdWdnZXN0aW5nIGlz
IGF3a3dhcmQgRW5nbGlzaC48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPlBlcmhhcHMgJnF1b3Q7V2Ugbm90ZSB0aGF0IHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVu
IE5NUyBhbmQgU0ROIGlzIG5vdCBhbGwgdGhhdCBjbGVhciwgYW5kIHRoZSB0d28gYXJlIGV2b2x2
aW5nIHRvIGJlIG1vcmUgYW5kIG1vcmUgc2ltaWxhci4mcXVvdDsgY291bGQgcmVwbGFjZSB0aGUg
Zmlyc3Qgc2VudGVuY2UuJm5ic3A7IEknbSByZWFsbHkgbm90IHN1cmUgd2hhdCB5b3UgbWVhbnQg
YnkgJnF1b3Q7ZXZvbHZpbmcgdG93YXJkIGEgY29tcG9uZW50JnF1b3Q7LA0KIHNvIHBlcmhhcHMg
SSdtIG5vdCBjYXB0dXJpbmcgd2hhdCB5b3UgYXJlIGludGVuZGluZyB0byBzYXkuPG86cD48L286
cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+
DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8
L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5SYWRpYTxvOnA+
PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+T24gVGh1LCBNYXkgMTcsIDIwMTggYXQgNzowMyBQTSwgWWVtaW4gKEFteSkgJmx0
OzxhIGhyZWY9Im1haWx0bzphbXkueWVtaW5AaHVhd2VpLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmFt
eS55ZW1pbkBodWF3ZWkuY29tPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8YmxvY2tx
dW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtw
YWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDow
Y20iPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp
bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJj
b2xvcjojMUY0OTdEIj5IaSBSYWRpYSwNCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv
dHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48
bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv
cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9y
OiMxRjQ5N0QiPldlIGp1c3QgdXBkYXRlZCB0aGUgZHJhZnQsDQo8YSBocmVmPSJodHRwczovL2Rh
dGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdv
cmsvIiB0YXJnZXQ9Il9ibGFuayI+DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9k
cmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsvPC9hPi4gPC9zcGFuPg0KPG86cD48
L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0
OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0
OTdEIj5Zb3VyIGNvbW1lbnRzIGFyZSBhZGRyZXNzZWQgaW4gdGhlIGxhdGVzdCB2ZXJzaW9uLg0K
PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t
YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHls
ZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90
dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+QlIsPC9zcGFuPjxvOnA+
PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs
dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFG
NDk3RCI+QW15PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRl
cjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAw
Y20gMGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6
YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGI+RnJvbTo8L2I+IFllbWluIChBbXkp
DQo8YnI+DQo8Yj5TZW50OjwvYj4gVGh1cnNkYXksIE1heSAxMCwgMjAxOCA0OjA3IFBNPGJyPg0K
PGI+VG86PC9iPiAnRGFuaWVsZSBDZWNjYXJlbGxpJyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmRhbmll
bGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb20iIHRhcmdldD0iX2JsYW5rIj5kYW5pZWxlLmNlY2Nh
cmVsbGlAZXJpY3Nzb24uY29tPC9hPiZndDs7IFJhZGlhIFBlcmxtYW4gJmx0OzxhIGhyZWY9Im1h
aWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tIiB0YXJnZXQ9Il9ibGFuayI+cmFkaWFwZXJsbWFu
QGdtYWlsLmNvbTwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWlj
cm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRy
YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+
OyBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0iX2Js
YW5rIj5pZXNnQGlldGYub3JnPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYu
b3JnIiB0YXJnZXQ9Il9ibGFuayI+c2VjZGlyQGlldGYub3JnPC9hPjxicj4NCjxiPlN1YmplY3Q6
PC9iPiBSRTogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt
ZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0
OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9
Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3Bh
biBzdHlsZT0iY29sb3I6IzFGNDk3RCI+SGkgUmFkaWEsDQo8L3NwYW4+PG86cD48L286cD48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv
LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj4mbmJz
cDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv
LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0
eWxlPSJjb2xvcjojMUY0OTdEIj5UaGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KPC9zcGFuPjxvOnA+
PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs
dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFG
NDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg
c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv
Ij48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+UmVnYXJkaW5nIHRoZSBOTVMgYW5kIFNETiwg
YXMgRGFuaWVsZSBzdWdnZXN0ZWQsIHdlIHdpbGwgYWRkIHRoZSBmb2xsb3dpbmcgdGV4dCBpbiBz
ZWN0aW9uIDM6DQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz
dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i
PjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj7igJxJdCdzIG5vdGVkIHRoYXQgdGhlcmUncyBp
ZGVhIHRoYXQgdGhlIE5NUyBhbmQgU0ROIGFyZSBldm9sdmluZyB0b3dhcmRzIGEgY29tcG9uZW50
LCBhbmQgdGhlIGRpc3RpbmN0aW9uIGJldHdlZW4gdGhlbSBpcyBxdWl0ZSB2YWd1ZS4gQW5vdGhl
ciBmYWN0IGlzDQogdGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUg
Tk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5h
Z2VtZW50IHBsYW5lLCB3aGlsZSBTRE4gaXMgY29uc2lkZXJlZCBhcyB0aGUgY2VudHJhbGl6YXRp
b24gb2YgdGhlIGNvbnRyb2wgcGxhbmUuIFRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUg
Y29tcG9uZW50LuKAnTwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0
byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt
c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlJl
Z2FyZGluZyB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBkcmFmdCBkb2Vz
buKAmXQgc3BlY2lmeSB0aGUgcGFyYW1ldGVycy4NCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy
Z2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlRoZXJl4oCZ
cyBhbm90aGVyIGRyYWZ0IGRyYWZ0LWlldGYtY2NhbXAtbXcteWFuZywgd2hlcmUgdGhlIHNlY3Vy
aXR5IGNvbnNpZGVyYXRpb24gaXMgYWRkcmVzc2VkIGFzIHlvdSBzdWdnZXN0ZWQuDQo8L3NwYW4+
PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10
b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xv
cjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0
OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5CUiw8L3NwYW4+PG86cD48L286cD48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87
bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5B
bXk8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7
Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAwY20i
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z
by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4gRGFuaWVsZSBDZWNjYXJlbGxp
IFs8YSBocmVmPSJtYWlsdG86ZGFuaWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbSIgdGFyZ2V0
PSJfYmxhbmsiPm1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPC9hPl0NCjxi
cj4NCjxiPlNlbnQ6PC9iPiBNb25kYXksIE1heSAwNywgMjAxOCA1OjQ2IFBNPGJyPg0KPGI+VG86
PC9iPiBSYWRpYSBQZXJsbWFuICZsdDs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWls
LmNvbSIgdGFyZ2V0PSJfYmxhbmsiPnJhZGlhcGVybG1hbkBnbWFpbC5jb208L2E+Jmd0OzsNCjxh
IGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRv
b2xzLmlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+DQpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2
ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPC9hPjsgVGhlIElFU0cgJmx0OzxhIGhyZWY9
Im1haWx0bzppZXNnQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aWVzZ0BpZXRmLm9yZzwvYT4m
Z3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNl
Y2RpckBpZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUkU6IFNlY2RpciByZXZpZXcg
b2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48L3A+
DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t
dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpw
PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0
bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPkhpIFJhZGlhLDwv
c3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg
c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv
Ij48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90
dG9tLWFsdDphdXRvIj5sZXQgbWUgcmVwbHkgb24gYmVoYWxmIG9mIHRoZSBhdXRob3JzLiBGaXJz
dCBvZiBhbGwgbWFueSB0aGFua3MgZm9yIHlvdXIgcmV2aWV3LjxvOnA+PC9vOnA+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn
aW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h
bHQ6YXV0byI+UmVnYXJkaW5nIHlvdXIgcXVlc3Rpb24gYWJvdXQgdHJhZGl0aW9uYWwgTk1TIHZz
IFNETiBJIGFncmVlIHdpdGggeW91IG9uIHRoZSBmYWN0IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcg
dG93YXJkcyBhIGNvbW1vbiBjb21wb25lbnQgYW5kIHRoZSBkaXN0aW5jdGlvbiBpcyBxdWl0ZSBi
bHVycnksIGJ1dCB0aGVyZQ0KIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMg
aXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1l
bnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFu
ZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSB0aGluZ3MuPG86cD48L286cD48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87
bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t
Ym90dG9tLWFsdDphdXRvIj5IZW5jZSwgc2luY2UgdGhlIGF1dGhvcnMgc3BlYWsgYWJvdXQg4oCc
dHJhZGl0aW9uYWzigJ0gTk1TIGFuZCBTRE4gSSB3b3VsZCB0ZW5kIHRvIGFsbG93IGZvciB0aGUg
ZGlzdGluY3Rpb24gdG8gYmUga2VwdC4gSWYgeW91IHByZWZlciBhIG5vdGUgc3BlYWtpbmcgYWJv
dXQgdGhlIGNvbnZlcmdlbmNlIG9mIHRoZSB0d28NCiB0aGluZ3MgY2FuIGJlIGFkZGVkLjxvOnA+
PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs
dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t
bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhhbmtzIGEgbG90PG86cD48L286cD48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp
bi1ib3R0b20tYWx0OmF1dG8iPkRhbmllbGUmbmJzcDsgKGNjYW1wIGNvLWNoYWlyKTxvOnA+PC9v
OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph
dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxk
aXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUgMS41cHQ7cGFkZGlu
ZzowY20gMGNtIDBjbSA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9y
ZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAwY20iPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t
YXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4gUmFkaWEgUGVybG1hbiBbPGEgaHJl
Zj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdldD0iX2JsYW5rIj5tYWlsdG86
cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwvYT5dDQo8YnI+DQo8Yj5TZW50OjwvYj4gbHVuZWTDrCA3
IG1hZ2dpbyAyMDE4IDA4OjU1PGJyPg0KPGI+VG86PC9iPiA8YSBocmVmPSJtYWlsdG86ZHJhZnQt
aWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZyIgdGFyZ2V0
PSJfYmxhbmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29s
cy5pZXRmLm9yZzwvYT47IFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9y
ZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0
bzpzZWNkaXJAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJy
Pg0KPGI+U3ViamVjdDo8L2I+IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNy
b3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t
Ym90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+
PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h
bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPlNvcnJ5
Li4ucmVzZW5kaW5nIGJlY2F1c2UgSSBtaXN0eXBlZCB0aGUgYXV0aG9yIGFkZHJlc3MuPC9zcGFu
PjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t
bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFu
Zz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu
LWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpw
PjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At
YWx0OmF1dG87bWFyZ2luLWJvdHRvbToxMi4wcHQiPjxzcGFuIGxhbmc9IklUIj4tLS0tLS0tLS0t
IEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS08YnI+DQpGcm9tOiA8Yj5SYWRpYSBQZXJsbWFu
PC9iPiAmbHQ7PGEgaHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdldD0i
X2JsYW5rIj5yYWRpYXBlcmxtYW5AZ21haWwuY29tPC9hPiZndDs8YnI+DQpEYXRlOiBTdW4sIE1h
eSA2LCAyMDE4IGF0IDExOjQ4IFBNPGJyPg0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBkcmFm
dC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8YnI+DQpUbzogPGEgaHJlZj0ibWFp
bHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0
Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l
d29yay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+LCBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFp
bHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5pZXNnQGlldGYub3JnPC9hPiZndDss
DQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2VjZGly
QGlldGYub3JnPC9hPjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t
YWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0iZm9udC1zaXplOjkuNXB0O2ZvbnQtZmFt
aWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzIyMjIyMiI+U3VtbWFyeTom
bmJzcDsgTm8gc2VjdXJpdHkgaXNzdWVzIGZvdW5kLCBidXQgSSBkbyBoYXZlIHF1ZXN0aW9ucywg
YW5kIHRoZXJlIGFyZSBlZGl0aW5nIGdsaXRjaGVzPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRp
dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt
c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48
bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl
PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNw
YW4gbGFuZz0iSVQiIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJp
YWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj5JIGhhdmUgcmV2aWV3ZWQgdGhpcyBk
b2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0ZSdzIG9uZ29pbmc8YnI+
DQplZmZvcnQgdG8mbmJzcDs8c3BhbiBjbGFzcz0ibS02MTY2OTg1ODA0NjE1Mjc5MzY2bTQxMzEz
NzY3MjgwMzExNjczMDZnbWFpbC1tOTAyNjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkx
MjE1Nzc4MjUzNGdtYWlsLWlsIj5yZXZpZXc8L3NwYW4+Jm5ic3A7YWxsIElFVEYgZG9jdW1lbnRz
IGJlaW5nIHByb2Nlc3NlZCBieSB0aGUgSUVTRy4mbmJzcDsgVGhlc2U8YnI+DQpjb21tZW50cyB3
ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJl
YTxicj4NCmRpcmVjdG9ycy4mbmJzcDsgRG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNo
b3VsZCB0cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0PGJyPg0KbGlrZSBhbnkgb3RoZXIgbGFzdCBj
YWxsIGNvbW1lbnRzLjwvc3Bhbj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9v
OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t
YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5n
PSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t
Ym90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+VGhpcyBkb2N1bWVudCBkZXNjcmliZXMg
dGhlIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGZvciBtaWNyb3dhdmUgcmFkaW8gbGlua3MuPC9zcGFu
PjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5
bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48
c3BhbiBsYW5nPSJJVCI+SXQgYWR2b2NhdGVzIChjb3JyZWN0bHksIEkgYmVsaWV2ZSkgdGhhdCBz
dWNoIGFuIGludGVyZmFjZSBzaG91bGQgYmUgZXh0ZW5zaWJsZSB0byBwcm92aWRlIGZvciB2ZW5k
b3Itc3BlY2lmaWMgZmVhdHVyZXMuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z
by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxv
OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9
Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3Bh
biBsYW5nPSJJVCI+SSBkb24ndCB1bmRlcnN0YW5kIHRoZSBkaWZmZXJlbmNlIGJldHdlZW4gYSAm
cXVvdDthIHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCBzeXN0ZW0mcXVvdDsgYW5kIFNE
Ti4mbmJzcDsgUGVyaGFwcyBpdCBpcyBub3QgdGhlIGpvYiBvZiB0aGlzIGRvY3VtZW50IHRvIGNs
ZWFybHkgbWFrZSB0aGUgZGlzdGluY3Rpb24sDQogYW5kIEkgc3VzcGVjdCB0aGVyZSBpcyBubyBy
ZWFsIGRpc3RpbmN0aW9uLi4uc2V0dGluZyBwYXJhbWV0ZXJzICh0cmFkaXRpb25hbCBuZXR3b3Jr
IG1hbmFnZW1lbnQpIGlzIGEgd2F5IG9mICZxdW90O3Byb2dyYW1taW5nJnF1b3Q7IGFuIGludGVy
ZmFjZSAoJnF1b3Q7U0ROJnF1b3Q7KS4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rp
dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0
OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8
L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1
dG8iPjxzcGFuIGxhbmc9IklUIj5UaGlzIGRvY3VtZW50IGNvdWxkIHVzZSBhbiBlZGl0aW5nIHBh
c3MgZm9yIGdsaXRjaGVzLCBidXQgdGhlc2UgZ2xpdGNoZXMgZG8gbm90IGltcGFjdCBpdHMgcmVh
ZGFiaWxpdHkuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90
dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9w
Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t
dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+
VGhlIGdsaXRjaGVzIGNvbnNpc3QmbmJzcDsgbW9zdGx5IG9mIGxlYXZpbmcgb3V0IGxpdHRsZSB3
b3JkcyBsaWtlICZxdW90O29mJnF1b3Q7IGluIHRoZSBmb2xsb3dpbmcgc2VudGVuY2UuPC9zcGFu
PjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5
bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48
c3BhbiBsYW5nPSJJVCI+JnF1b3Q7VGhlIGFkb3B0aW9uIG9mIGFuIFNETiBmcmFtZXdvcmsgZm9y
IG1hbmFnZW1lbnQgYW5kPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn
aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7ICZuYnNwO2NvbnRyb2wg
dGhlIG1pY3Jvd2F2ZSBpbnRlcmZhY2UgaXMgb25lIG9mIHRoZSBrZXkgYXBwbGljYXRpb25zIGZv
cjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6
YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOyAmbmJzcDt0aGlzIHdvcmsuJnF1b3Q7PC9zcGFu
PjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5
bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48
c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z
by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+VGhlIHNlY3VyaXR5IGNv
bnNpZGVyYXRpb25zIHNheSB0aGF0IHRoZXkgYXNzdW1lIGEgc2VjdXJlIHRyYW5zcG9ydCBsYXll
ciAoYXV0aGVudGljYXRlZCwgcHJvYmFibHkgZW5jcnlwdGlvbiBpc24ndCBuZWNlc3NhcnkpIGZv
ciBjb21tdW5pY2F0aW9uLiZuYnNwOyBPdGhlciB0aGFuIHRoYXQsDQogcGVyaGFwcywgdGhlcmUg
bWlnaHQgYmUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgZm9yIGluYWR2ZXJ0ZW50bHkgc2V0dGlu
ZyBwYXJhbWV0ZXJzIGluY29ycmVjdGx5LCBvciBtYWxpY2lvdXNseSBieSBhIHRydXN0ZWQgYWRt
aW5pc3RyYXRvci4mbmJzcDsgQnV0IHRoaXMgZG9jdW1lbnQgZG9lcyBub3Qgc3BlY2lmeSB0aGUg
c3BlY2lmaWMgcGFyYW1ldGVycyB0byBiZSBtYW5hZ2VkLCBqdXN0IGEgZ2VuZXJhbCBmcmFtZXdv
cmsuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs
dDphdXRvIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImNvbG9yOiM4ODg4ODgiPiZuYnNwOzwvc3Bh
bj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0
eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+
PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJjb2xvcjojODg4ODg4Ij5SYWRpYTwvc3Bhbj48bzpwPjwv
bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls
ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxz
cGFuIGxhbmc9IklUIiBzdHlsZT0iY29sb3I6Izg4ODg4OCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9v
OnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0
OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rp
dj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxv
Y2txdW90ZT4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48
L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004FA1dggema521mbschi_--


From nobody Thu May 17 23:52:06 2018
Return-Path: <stefan@aaa-sec.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 636D8127599; Thu, 17 May 2018 23:51:51 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stefan Santesson <stefan@aaa-sec.com>
To: <secdir@ietf.org>
Cc: extra@ietf.org, draft-ietf-extra-specialuse-important.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.80.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152662631099.1578.5728747702102631057@ietfa.amsl.com>
Date: Thu, 17 May 2018 23:51:51 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Rvz2dREQBo--fpAznLqctDOhJ7Y>
Subject: [secdir] Secdir last call review of draft-ietf-extra-specialuse-important-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 06:51:52 -0000

Reviewer: Stefan Santesson
Review result: Ready

This document seems good to go from a security perspective.

The security considerations section seems appropriate for this document.


From nobody Fri May 18 00:17:52 2018
Return-Path: <barryleiba@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52F13127369; Fri, 18 May 2018 00:17:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level: 
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z2iZ3b4eb3Yj; Fri, 18 May 2018 00:17:34 -0700 (PDT)
Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2249127275; Fri, 18 May 2018 00:17:34 -0700 (PDT)
Received: by mail-it0-x236.google.com with SMTP id n202-v6so11999914ita.1; Fri, 18 May 2018 00:17:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=1YIznKFma79tdd/LMorh1p5c8gEIQRI7t3X6sNt1Nvk=; b=A9IjMXtVZreQXjP+EPgb3O30cx4r4x8mU7RfmFbqxsxtOIbc/B9sD16hUKAEUlz7EM ANmyATuNRqgMuOan7w1pfoCwVUkQkDQvKamk5AhOLFOHTLPFFgeqwbrscZ/6AZ730xsR v6A+DtwfBg96CsI0sacDFCPtrHi+34qKBetxpKBfTdSwHBFaVz+Adx8RPAhxz0mL14DK DoSGtSQiPxOtFQ1pi712X3TqmHOy+gyVKnsesdqCiUo8Kd3xQyczFSSJX6Tjbl/gCYGK Y2PTyH0IvpkfT5GqnHiJKhKxUWNxJqDQlLtvGBxq10IFwyZvGQa1T0kqHT7bC1hhP/zE gxbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=1YIznKFma79tdd/LMorh1p5c8gEIQRI7t3X6sNt1Nvk=; b=NPpKAC0jEdGsenKh+zmznMNQE4GrB2frcZqllGdsYKdkEHKyWpwsWJTaIr7pdlBxs9 5CdYj7FXNQfGrVhX3D2BK0kBIVPc+DxX+q4j+Pg91YSa1VjXa7bzki0aHaFWdrJqsmqr XRDelr3B1YvrDX75EkoqYg53oGLdDXnNZnF/WxOLL97MDRz+CBljyHvfP4y4ik46oUpj ILdo/2yo61C27RNulu6wPt8PxhLpfmMN719eDrq+0/N1xUmXBlaXp+prh7JyU4BDu5qN fJRJn0Seb5hIKRJl8ZeBsN7GOPTJVlrzyUWGagt8zA5clLIP9teaofrRVHdhist10acM D/ZA==
X-Gm-Message-State: ALKqPwe70gJsiqP+iHq+D8Q2/ObsKPpLR+20QvYqxx/N+6FX4z8UOhRG wOb3AGvG4CEOwGoMsDNwiiJvpXebp7xX7AMvAhuAWg==
X-Google-Smtp-Source: AB8JxZodEgGgWN0CTmpqjErbajHWPvzb3dAhGDyFUDxbl/y90CuED56LzkNs8Vl4L6mKIV2oE5zpnXAIi41nZqfFhac=
X-Received: by 2002:a24:4e8e:: with SMTP id r136-v6mr5779748ita.83.1526627853851;  Fri, 18 May 2018 00:17:33 -0700 (PDT)
MIME-Version: 1.0
Sender: barryleiba@gmail.com
Received: by 10.192.142.169 with HTTP; Fri, 18 May 2018 00:17:33 -0700 (PDT)
In-Reply-To: <152662631099.1578.5728747702102631057@ietfa.amsl.com>
References: <152662631099.1578.5728747702102631057@ietfa.amsl.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Fri, 18 May 2018 08:17:33 +0100
X-Google-Sender-Auth: jFJAegxlyBTVN6kg9L-dj-G5rTI
Message-ID: <CALaySJJ=32RSQtwTF4q8WOoZ-0egv8cL5AWXPiVg_1kF3uF=Tw@mail.gmail.com>
To: Stefan Santesson <stefan@aaa-sec.com>
Cc: secdir@ietf.org, extra@ietf.org,  draft-ietf-extra-specialuse-important.all@ietf.org,  IETF discussion list <ietf@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/hB48ejKoSHC7h89m7I_tCL1HPxY>
Subject: Re: [secdir] Secdir last call review of draft-ietf-extra-specialuse-important-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 07:17:38 -0000

Thanks for the review, Stefan.

Barry

On Fri, May 18, 2018 at 7:51 AM, Stefan Santesson <stefan@aaa-sec.com> wrote:
> Reviewer: Stefan Santesson
> Review result: Ready
>
> This document seems good to go from a security perspective.
>
> The security considerations section seems appropriate for this document.
>



-- 
Barry
--
Barry Leiba  (barryleiba@computer.org)
http://internetmessagingtechnology.org/


From nobody Fri May 18 12:31:51 2018
Return-Path: <jorge.rabadan@nokia.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45B1B12E056; Fri, 18 May 2018 12:30:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level: 
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j8mD9u5MBLEK; Fri, 18 May 2018 12:30:50 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0112.outbound.protection.outlook.com [104.47.1.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7B2E12DA25; Fri, 18 May 2018 12:30:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com;  s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IHod2xLk+xRs79+69H8dXuYKqYy3ZmBViYnDggA8+Oc=; b=hMDdPMGAe9CFS/Ims3y4zI5npweNoQjROnfJmN9cyFd0SGI86xfDulRNdiOLesHTMgLOoxz75uyVaWSOidRlRZ+i0Z9jRcExBVKtqpIyuESbrU6eBsXlG6DR3jAKKbAu5/xPdRj7muZJyaY8YY/dTjWIqMvg+spj4/vqtPK/LHY=
Received: from AM0PR07MB3844.eurprd07.prod.outlook.com (52.134.82.20) by AM0PR07MB3924.eurprd07.prod.outlook.com (52.134.82.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.797.5; Fri, 18 May 2018 19:30:41 +0000
Received: from AM0PR07MB3844.eurprd07.prod.outlook.com ([fe80::94aa:e7c1:4d51:f39c]) by AM0PR07MB3844.eurprd07.prod.outlook.com ([fe80::94aa:e7c1:4d51:f39c%2]) with mapi id 15.20.0797.005; Fri, 18 May 2018 19:30:41 +0000
From: "Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com>
To: Barry Leiba <barryleiba@computer.org>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-bess-evpn-prefix-advertisement.all@ietf.org" <draft-ietf-bess-evpn-prefix-advertisement.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "bess@ietf.org" <bess@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-bess-evpn-prefix-advertisement-10
Thread-Index: AQHT468OieSeFC4FkUqCsk23oE6256Q2FeCA
Date: Fri, 18 May 2018 19:24:37 +0000
Message-ID: <96403E6F-5B94-4BBE-8E22-0077765F646A@nokia.com>
References: <152544190809.11693.11790094151278701234@ietfa.amsl.com>
In-Reply-To: <152544190809.11693.11790094151278701234@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/10.d.0.180513
x-originating-ip: [135.245.20.28]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM0PR07MB3924; 7:crKvxN5wfZAeBFuOJm4Q/PK+SSAGFcAGXf3cVtxZkCOaN1wAN1K6kZ8tTDKi/kWP+08EmUke4qgfdZsFkA/0HoH1ctxV94mcGGjyUvdEYAm9dPo4Zt6txuRLCaA8AvPWDwL26ibh9TYMFPnycWo/Wls/DjoXUxJ0RjAKhOzLGmtD0cle9pmuG8RXRmeD5OLfS2Y+PJysuboIAaF2Qj5IKGAuBdJjHX/Dx5tF00y72b5SpxOMKF1JPw+MVd2MFOSu
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:(109105607167333); BCL:0; PCL:0; RULEID:(7020095)(4652020)(8989080)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(8990040)(2017052603328)(7193020); SRVR:AM0PR07MB3924; 
x-ms-traffictypediagnostic: AM0PR07MB3924:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jorge.rabadan@nokia.com; 
x-microsoft-antispam-prvs: <AM0PR07MB392442DE952AE9A30148C2A9F7900@AM0PR07MB3924.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(138986009662008)(82608151540597)(85827821059158)(109105607167333)(95692535739014)(18271650672692)(97927398514766);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231254)(11241501184)(806099)(944501410)(52105095)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:AM0PR07MB3924; BCL:0; PCL:0; RULEID:; SRVR:AM0PR07MB3924; 
x-forefront-prvs: 0676F530A9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(376002)(346002)(39860400002)(366004)(39380400002)(189003)(199004)(18374002)(13464003)(26005)(3280700002)(3660700001)(82746002)(186003)(68736007)(86362001)(66066001)(36756003)(446003)(6486002)(229853002)(97736004)(76176011)(478600001)(6506007)(53546011)(102836004)(3846002)(2906002)(6116002)(25786009)(6246003)(14454004)(4326008)(83716003)(54906003)(110136005)(58126008)(316002)(99286004)(106356001)(5890100001)(2501003)(5250100002)(105586002)(6436002)(305945005)(33656002)(8676002)(81156014)(81166006)(8936002)(6512007)(7736002)(53936002)(11346002)(486006)(5660300001)(6666003)(476003)(2616005)(2900100001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM0PR07MB3924; H:AM0PR07MB3844.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; 
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: ZLmHu2enz1tN+8DASYjTtQeVehBFlPq/rblgUGf0fmpUMZ26bUydTaQJ+KlipzO4EUqCuXDvQ+bGAZRGZ4e4maLnTAtaVpKKbY/u5SNj9lOCzzmsSeaG3BuIFUN+QrYVNbF0Cq2oNjkTZs9J1w83LUM4j6vENycKJuZDrUCzrOgvWx1Svv6nLrKmlVgUVsyxLAQ5JiaGIK2WQoX+1BWzmXHv03vn7P/9zLF9VLP1sGyOwEnAfUOUi0V5F+MU3W1F
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <9BAD6917DC8EDC488A6E81959F1AAB12@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: f578f84b-9a47-4a73-f28a-08d5bcf5d7d6
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f578f84b-9a47-4a73-f28a-08d5bcf5d7d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2018 19:30:41.6180 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB3924
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/zh_cVYz9XMS-SA9dCPjseQ1PUuY>
Subject: Re: [secdir] Secdir last call review of draft-ietf-bess-evpn-prefix-advertisement-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 19:30:59 -0000

SGkgQmFycnksDQoNClRoYW5rIHlvdSB2ZXJ5IG11Y2ggZm9yIHJldmlld2luZy4NCkkgYWRkcmVz
c2VkIGFsbCB5b3VyIGNvbW1lbnRzLCBzZWUgYmVsb3cuDQpUaGFua3MgYSBidW5jaCENCkpvcmdl
DQoNCg0K77u/LS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IEJhcnJ5IExlaWJhIDxi
YXJyeWxlaWJhQGNvbXB1dGVyLm9yZz4NCkRhdGU6IEZyaWRheSwgTWF5IDQsIDIwMTggYXQgMzo1
MSBQTQ0KVG86ICJzZWNkaXJAaWV0Zi5vcmciIDxzZWNkaXJAaWV0Zi5vcmc+DQpDYzogImRyYWZ0
LWlldGYtYmVzcy1ldnBuLXByZWZpeC1hZHZlcnRpc2VtZW50LmFsbEBpZXRmLm9yZyIgPGRyYWZ0
LWlldGYtYmVzcy1ldnBuLXByZWZpeC1hZHZlcnRpc2VtZW50LmFsbEBpZXRmLm9yZz4sICJpZXRm
QGlldGYub3JnIiA8aWV0ZkBpZXRmLm9yZz4sICJiZXNzQGlldGYub3JnIiA8YmVzc0BpZXRmLm9y
Zz4NClN1YmplY3Q6IFNlY2RpciBsYXN0IGNhbGwgcmV2aWV3IG9mIGRyYWZ0LWlldGYtYmVzcy1l
dnBuLXByZWZpeC1hZHZlcnRpc2VtZW50LTEwDQpSZXNlbnQtRnJvbTogPGFsaWFzLWJvdW5jZXNA
aWV0Zi5vcmc+DQpSZXNlbnQtVG86IDxqb3JnZS5yYWJhZGFuQG5va2lhLmNvbT4sIDx3aW0uaGVu
ZGVyaWNreEBub2tpYS5jb20+LCA8amRyYWtlQGp1bmlwZXIubmV0PiwgPHdsaW5AanVuaXBlci5u
ZXQ+LCA8c2FqYXNzaUBjaXNjby5jb20+LCA8bWF0dGhldy5ib2NjaUBub2tpYS5jb20+LCA8c3Rl
cGhhbmUubGl0a293c2tpQG9yYW5nZS5jb20+LCA8bWFydGluLnZpZ291cmV1eEBub2tpYS5jb20+
LCA8ZGIzNTQ2QGF0dC5jb20+LCA8YXJldGFuYS5pZXRmQGdtYWlsLmNvbT4sIFpoYW9odWkgWmhh
bmcgPHp6aGFuZ0BqdW5pcGVyLm5ldD4sIDx6emhhbmdAanVuaXBlci5uZXQ+DQpSZXNlbnQtRGF0
ZTogRnJpZGF5LCBNYXkgNCwgMjAxOCBhdCAzOjUxIFBNDQoNCiAgICBSZXZpZXdlcjogQmFycnkg
TGVpYmENCiAgICBSZXZpZXcgcmVzdWx0OiBIYXMgSXNzdWVzDQogICAgDQogICAgVGhlICJpc3N1
ZXMiIEkgY2FsbCBvdXQgYmVsb3cgYXJlIG1pbm9yLCBhbmQgaWYgdGhlIHdvcmtpbmcgZ3JvdXAg
dGhpbmtzIHRoZXkNCiAgICBhcmVuJ3Qgd29ydGggZGVhbGluZyB3aXRoLCBJJ2xsIG5vdCBiZSBv
ZmZlbmRlZCBub3IgbG9zZSBhbnkgc2xlZXAuDQogICAgDQogICAg4oCUIFNlY3Rpb24gMSDigJQN
CiAgICBJ4oCZbSBzdXJlIHRoYXQgYWxsIHRoZXNlIHRlcm1zIGFyZSBkZWZpbmVkIGluIHRoZSBu
b3JtYXRpdmUgcmVmZXJlbmNlcywgYW5kIOKAmXRpcw0KICAgIGEgc21hbGwgdGhpbmcsIGJ1dCBp
dCB3b3VsZCBzdXJlIGhlbHAgYSBub24tZXhwZXJ0IHJlYWRlciBpZiB0aGlzIGxpc3Qgb2YgdGVy
bXMNCiAgICBpbmNsdWRlZCwgZm9yIGVhY2ggdGVybSwgYSBjaXRhdGlvbiB0byB0aGUgUkZDIHRo
YXQgZGVmaW5lcyBpdC4gIEkgaG9wZSB5b3XigJlsbA0KICAgIGNvbnNpZGVyIGFkZGluZyB0aGF0
OyB0aGFua3MuDQpbSk9SR0VdIEkgYWRkZWQgYSBmZXcgcmVmZXJlbmNlcy4gSG9wZSBpdCdzIGJl
dHRlciBub3cuDQogICAgDQogICAgW0ZvbGxvdy11cDsgSSBmaW5hbGx5IGZvdW5kIOKAnFRlbmFu
dCBTeXN0ZW3igJ0gZGVmaW5lZCBpbiBSRkMgNzM2NSwgd2hpY2ggaXMgbm90DQogICAgaW4geW91
ciByZWZlcmVuY2VzIGF0IGFsbC4gIFBsZWFzZSBkb27igJl0IG1ha2UgeW91ciByZWFkZXJzIHdv
cmsgdGhhdCBoYXJkLCBhbmQNCiAgICBwbGVhc2UgY29uc2lkZXIgYmVlZmluZyB1cCB0aGUgcmVm
ZXJlbmNlcyBhbmQgY2l0YXRpb25zIHRvIGRlZmluaXRpb25zLl0NCltKT1JHRV0gYWRkZWQgbm93
Lg0KICAgIA0KICAgIOKAlCBTZWN0aW9uIDIuMSDigJQNCiAgICANCiAgICAgICBJZiB0aGUgdGVy
bSBUZW5hbnQgU3lzdGVtIChUUykgaXMgdXNlZCB0byBkZXNpZ25hdGUgYSBwaHlzaWNhbCBvcg0K
ICAgICAgIHZpcnR1YWwgc3lzdGVtIGlkZW50aWZpZWQgYnkgTUFDIGFuZCBtYXliZSBJUCBhZGRy
ZXNzZXMsIGFuZA0KICAgICAgIGNvbm5lY3RlZCB0byBhIEJEIGJ5IGFuIEF0dGFjaG1lbnQgQ2ly
Y3VpdCwgdGhlIGZvbGxvd2luZw0KICAgICAgIGNvbnNpZGVyYXRpb25zIGFwcGx5Og0KICAgIA0K
ICAgIEkgZmluZCB0aGUgd29yZGluZyDigJxpZiB0aGUgdGVybSBUZW5hbnQgU3lzdGVtIGlzIHVz
ZWTigJ0gdG8gYmUgb2RkLiAgQXJlIHlvdQ0KICAgIHJlYWxseSBzYXlpbmcgKG1heWJlIHlvdSBh
cmUpIHRoYXQgdGhlIGFwcGxpY2F0aW9uIG9mIHRoZSBjb25zaWRlcmF0aW9ucw0KICAgIGRlcGVu
ZHMgb24gd2hldGhlciBvciBub3Qgd2UgKmNhbGwqIGl0IGEgVGVuYW50IFN5c3RlbT8gIE9yIHdo
ZXRoZXIgb3Igbm90IGl0DQogICAgKmlzKiBhIFRlbmFudCBTeXN0ZW0/ICBGcm9tIHRoZSBkZWZp
bml0aW9uIEkgZm91bmQgZm9yIOKAnFRlbmFudCBTeXN0ZW3igJ0gSSBjYW4NCiAgICBzZWUgdGhh
dCBtYXliZSB0aGlzIGNhbiBnbyBlaXRoZXIgd2F5LiAgQnV0IGlmIHdl4oCZcmUgdGFsa2luZyBh
Ym91dCB0aGUgbGF0dGVyLA0KICAgIEnigJlkIHVzZSB3b3JkaW5nIG1vcmUgbGlrZSwg4oCcVGhl
IGZvbGxvd2luZyBjb25zaWRlcmF0aW9ucyBhcHBseSB0byBUZW5hbnQNCiAgICBTeXN0ZW1zIChU
UykgdGhhdCBhcmUgcGh5c2ljYWwgb3IgdmlydHVhbCBzeXN0ZW1zIGlkZW50aWZpZWQgYnkgTUFD
IGFuZCBtYXliZQ0KICAgIElQIGFkZHJlc3NlcyBhbmQgY29ubmVjdGVkIHRvIEJEcyBieSBBdHRh
Y2htZW50IENpcmN1aXRzOuKAnSAoY2FzdCBhcyBwbHVyYWwsDQogICAgYmVjYXVzZSB0aGUgY29u
c2lkZXJhdGlvbnMgdXNlIHBsdXJhbHMpLg0KW0pPUkdFXSBJIHRvb2sgeW91ciBzdWdnZXN0aW9u
LCB0aHgNCiAgICANCiAgICDigKjigJQgU2VjdGlvbiAzLjEg4oCUDQogICAgDQogICAgSSBpbml0
aWFsbHkgY291bGRu4oCZdCBmaWd1cmUgb3V0LCBhcyBJIHdhcyByZWFkaW5nIHRoaXMsIGhvdyB5
b3XigJlkIGtub3cgd2hldGhlcg0KICAgIHlvdeKAmXJlIGRlYWxpbmcgd2l0aCB2NCBvciB2NiBh
ZGRyZXNzZXMsIGFuZCwgdGhlcmVmb3JlLCBob3cgdG8gaW50ZXJwcmV0IHRoZQ0KICAgIGxlbmd0
aHMgb2YgdGhlIElQIFByZWZpeCBhbmQgR1cgSVAgQWRkcmVzcyBmaWVsZHMuICBJIGZpbmFsbHkg
Z290IHRvIGl0IHNldmVuDQogICAgYnVsbGV0cyBkb3duLCB3aGVyZSB5b3Ugc2F5LCDigJxUaGUg
dG90YWwgcm91dGUgbGVuZ3RoIHdpbGwgaW5kaWNhdGUgdGhlIHR5cGUgb2YNCiAgICBwcmVmaXji
gJ0uICAgIE1heWJlIHNvbWVvbmUgYWxyZWFkeSBleHBlcnQgaW4gdGhpcyB3b3VsZCBmaW5kIHRo
aXMgT0ssIGJ1dCB0byBtZQ0KICAgIGl0IHdhcyB0b28gbXVjaCB3b3JrIHRvIHNvcnQgaXQgb3V0
LCB3aGVuIEkgdGhpbmsgaXQgY291bGQgYmUgbWFkZSBjbGVhcmVyIGxpa2UNCiAgICB0aGlzOg0K
ICAgIA0KICAgIE5FVw0KICAgICAgIEFuIElQIFByZWZpeCBSb3V0ZSBUeXBlIGZvciBJUHY0IGhh
cyB0aGUgTGVuZ3RoIGZpZWxkIHNldCB0byAzNA0KICAgICAgIGFuZCBjb25zaXN0cyBvZiB0aGUg
Zm9sbG93aW5nIGZpZWxkczoNCiAgICANCiAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLSsNCiAgICAgICAgfCAgICAgIFJEICAgKDggb2N0ZXRzKSAgICAgICAg
ICAgICAgICAgIHwNCiAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLSsNCiAgICAgICAgfEV0aGVybmV0IFNlZ21lbnQgSWRlbnRpZmllciAoMTAgb2N0ZXRzKXwN
CiAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgICAg
ICAgfCAgRXRoZXJuZXQgVGFnIElEICg0IG9jdGV0cykgICAgICAgICAgIHwNCiAgICAgICAgKy0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgICAgICAgfCAgSVAgUHJl
Zml4IExlbmd0aCAoMSBvY3RldCwgMCB0byAzMikgIHwNCiAgICAgICAgKy0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgICAgICAgfCAgSVAgUHJlZml4ICg0IG9jdGV0
cykgICAgICAgICAgICAgICAgIHwNCiAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLSsNCiAgICAgICAgfCAgR1cgSVAgQWRkcmVzcyAoNCBvY3RldHMpICAgICAg
ICAgICAgIHwNCiAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LSsNCiAgICAgICAgfCAgTVBMUyBMYWJlbCAoMyBvY3RldHMpICAgICAgICAgICAgICAgIHwNCiAg
ICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgICANCiAg
ICAgICBBbiBJUCBQcmVmaXggUm91dGUgVHlwZSBmb3IgSVB2NiBoYXMgdGhlIExlbmd0aCBmaWVs
ZCBzZXQgdG8gNTgNCiAgICAgICBhbmQgY29uc2lzdHMgb2YgdGhlIGZvbGxvd2luZyBmaWVsZHM6
DQogICAgDQogICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0r
DQogICAgICAgIHwgICAgICBSRCAgICg4IG9jdGV0cykgICAgICAgICAgICAgICAgICB8DQogICAg
ICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgIHxF
dGhlcm5ldCBTZWdtZW50IElkZW50aWZpZXIgKDEwIG9jdGV0cyl8DQogICAgICAgICstLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgIHwgIEV0aGVybmV0IFRh
ZyBJRCAoNCBvY3RldHMpICAgICAgICAgICB8DQogICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgIHwgIElQIFByZWZpeCBMZW5ndGggKDEgb2N0
ZXQsIDAgdG8gMTI4KSB8DQogICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0rDQogICAgICAgIHwgIElQIFByZWZpeCAoMTYgb2N0ZXRzKSAgICAgICAgICAgICAg
ICB8DQogICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQog
ICAgICAgIHwgIEdXIElQIEFkZHJlc3MgKDE2IG9jdGV0cykgICAgICAgICAgICB8DQogICAgICAg
ICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgIHwgIE1Q
TFMgTGFiZWwgKDMgb2N0ZXRzKSAgICAgICAgICAgICAgICB8DQogICAgICAgICstLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgDQogICAgICAgVGhlIHRvdGFsIHJv
dXRlIGxlbmd0aCB3aWxsIGluZGljYXRlIHRoZSB0eXBlIG9mIElQIFByZWZpeCAoMzQgZm9yDQog
ICAgICAgSVB2NCBvciA1OCBmb3IgSVB2NikgYW5kIHRoZSB0eXBlIG9mIEdXIElQIEFkZHJlc3Mu
IFRoZSBJUCBQcmVmaXgNCiAgICAgICBhbmQgR1cgSVAgQWRkcmVzcyBhcmUgYWx3YXlzIGJvdGgg
SVB2NCBvciBib3RoIElQdjY7IG1peGluZyB0aGUNCiAgICAgICB0d28gaXMgbm90IGFsbG93ZWQu
DQogICAgDQogICAgICAgW+KApmFuZCB0aGVuIGZvbGxvdyB3aXRoIHRoZSBleHBsYW5hdGlvbnMg
b2YgdGhlIGZpZWxkc+KApl0NCiAgICBFTkQNCiAgICANCiAgICBEbyB5b3UgYWdyZWUgdGhhdCB0
aGF0IG1ha2VzIHRoaW5ncyBjbGVhcmVyPw0KDQpbSk9SR0VdIG9rLCBkb25lDQogICAgDQogICAg
4oCUIFNlY3Rpb24gMy4yIOKAlA0KICAgIA0KICAgICAgIG8gSWYgZWl0aGVyIHRoZSBFU0kgb3Ig
R1cgSVAgYXJlIG5vbi16ZXJvLCB0aGVuIG9uZSBvZiB0aGVtIGlzIHRoZQ0KICAgICAgICAgT3Zl
cmxheSBJbmRleCwgcmVnYXJkbGVzcyBvZiB3aGV0aGVyIHRoZSBSb3V0ZXIncyBNQUMgRXh0ZW5k
ZWQNCiAgICAgICAgIENvbW11bml0eSBpcyBwcmVzZW50IG9yIHRoZSB2YWx1ZSBvZiB0aGUgTGFi
ZWwuDQogICAgDQogICAgU2hvdWxkIHRoYXQgc2F5IOKAnHRoZW4gdGhlIG5vbi16ZXJvIG9uZSBp
cyB0aGUgT3ZlcmxheSBJbmRleOKAnT8NCltKT1JHRV0gb2ssIGdvb2QgcG9pbnQsIGRvbmUNCiAg
ICANCiAgICANCiAgICANCg0K


From nobody Fri May 18 12:34:22 2018
Return-Path: <barryleiba@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFFA012E6A3; Fri, 18 May 2018 12:33:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.403
X-Spam-Level: 
X-Spam-Status: No, score=-1.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Now3gGe9Uv67; Fri, 18 May 2018 12:33:52 -0700 (PDT)
Received: from mail-io0-f180.google.com (mail-io0-f180.google.com [209.85.223.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEB3B12E858; Fri, 18 May 2018 12:33:34 -0700 (PDT)
Received: by mail-io0-f180.google.com with SMTP id g1-v6so7498241iob.2; Fri, 18 May 2018 12:33:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=x5Gn5Dc7a1b+xlyxVM6sElhHYmLQv9nlFhKc/g/iyxA=; b=lyE74miJuUtSvEiGR4r0oERFsJ7SVOZFL22im4oZVoCVMGL/K7mR17xlZN+m+dhJ5o L2eIxMl54rp6ZqjOVumdVjWee58g9toUmoG2RWs0s5z7Idg1YvFhup7QgHi7YUW2voJJ a2RSmsFjwo4KotkScAft1U072ZtGVf1bizQ1dpKffRFbSWAD0nBCnmKBXHz0HpV9YuYE /J2VJjbZpHt/AmB3v3Tt9o6CQn4NiY7/qa0o0RUPoTst3dGPj7pHv19XCXp8hcHr7APb 0jzdDz0U3E7hvOE0SRnOb/RaZyuypqVKbJaGZOElgZbsk65rNxrPBJn3n4O5VrpYfjGZ 6rtw==
X-Gm-Message-State: ALKqPwdwHC1tUw9J/fbxkWp2pJvqLYa7PkA0+upXMC3OhHOIzqyzjCWB jt1Pf0EUeg78fAqE3ZSGmwoCgiNct40BHpUzArc=
X-Google-Smtp-Source: AB8JxZr33XEf6Hsvdadc71vUdUq9fe/wsUASUkMKmYUhXLDoT1nW9UcSWUHQEqchjfqZqG5s4pQLtd/iWkcbRuHU7aM=
X-Received: by 2002:a6b:39d4:: with SMTP id g203-v6mr12777705ioa.165.1526672013885;  Fri, 18 May 2018 12:33:33 -0700 (PDT)
MIME-Version: 1.0
References: <152544190809.11693.11790094151278701234@ietfa.amsl.com> <96403E6F-5B94-4BBE-8E22-0077765F646A@nokia.com>
In-Reply-To: <96403E6F-5B94-4BBE-8E22-0077765F646A@nokia.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Fri, 18 May 2018 20:33:22 +0100
Message-ID: <CALaySJKVi_ptP8gsN+UEey=wHStozz7v9v5Y0Vdid0sfvYLj4Q@mail.gmail.com>
To: "Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com>
Cc: "bess@ietf.org" <bess@ietf.org>,  "draft-ietf-bess-evpn-prefix-advertisement.all@ietf.org" <draft-ietf-bess-evpn-prefix-advertisement.all@ietf.org>,  "ietf@ietf.org" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001385fd056c80077c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/hb_ptPKkmB-3BmYVeNA1FkUt8qo>
Subject: Re: [secdir] Secdir last call review of draft-ietf-bess-evpn-prefix-advertisement-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 19:34:02 -0000

--0000000000001385fd056c80077c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

All good, and thanks, Jorge, for taking the time to make the changes.

Barry

On Fri, May 18, 2018 at 8:30 PM Rabadan, Jorge (Nokia - US/Mountain View) <
jorge.rabadan@nokia.com> wrote:

> Hi Barry,
>
> Thank you very much for reviewing.
> I addressed all your comments, see below.
> Thanks a bunch!
> Jorge
>
>
> =EF=BB=BF-----Original Message-----
> From: Barry Leiba <barryleiba@computer.org>
> Date: Friday, May 4, 2018 at 3:51 PM
> To: "secdir@ietf.org" <secdir@ietf.org>
> Cc: "draft-ietf-bess-evpn-prefix-advertisement.all@ietf.org" <
> draft-ietf-bess-evpn-prefix-advertisement.all@ietf.org>, "ietf@ietf.org" =
<
> ietf@ietf.org>, "bess@ietf.org" <bess@ietf.org>
> Subject: Secdir last call review of
> draft-ietf-bess-evpn-prefix-advertisement-10
> Resent-From: <alias-bounces@ietf.org>
> Resent-To: <jorge.rabadan@nokia.com>, <wim.henderickx@nokia.com>, <
> jdrake@juniper.net>, <wlin@juniper.net>, <sajassi@cisco.com>, <
> matthew.bocci@nokia.com>, <stephane.litkowski@orange.com>, <
> martin.vigoureux@nokia.com>, <db3546@att.com>, <aretana.ietf@gmail.com>,
> Zhaohui Zhang <zzhang@juniper.net>, <zzhang@juniper.net>
> Resent-Date: Friday, May 4, 2018 at 3:51 PM
>
>     Reviewer: Barry Leiba
>     Review result: Has Issues
>
>     The "issues" I call out below are minor, and if the working group
> thinks they
>     aren't worth dealing with, I'll not be offended nor lose any sleep.
>
>     =E2=80=94 Section 1 =E2=80=94
>     I=E2=80=99m sure that all these terms are defined in the normative re=
ferences,
> and =E2=80=99tis
>     a small thing, but it would sure help a non-expert reader if this lis=
t
> of terms
>     included, for each term, a citation to the RFC that defines it.  I
> hope you=E2=80=99ll
>     consider adding that; thanks.
> [JORGE] I added a few references. Hope it's better now.
>
>     [Follow-up; I finally found =E2=80=9CTenant System=E2=80=9D defined i=
n RFC 7365, which
> is not
>     in your references at all.  Please don=E2=80=99t make your readers wo=
rk that
> hard, and
>     please consider beefing up the references and citations to
> definitions.]
> [JORGE] added now.
>
>     =E2=80=94 Section 2.1 =E2=80=94
>
>        If the term Tenant System (TS) is used to designate a physical or
>        virtual system identified by MAC and maybe IP addresses, and
>        connected to a BD by an Attachment Circuit, the following
>        considerations apply:
>
>     I find the wording =E2=80=9Cif the term Tenant System is used=E2=80=
=9D to be odd.  Are
> you
>     really saying (maybe you are) that the application of the
> considerations
>     depends on whether or not we *call* it a Tenant System?  Or whether o=
r
> not it
>     *is* a Tenant System?  From the definition I found for =E2=80=9CTenan=
t System=E2=80=9D
> I can
>     see that maybe this can go either way.  But if we=E2=80=99re talking =
about the
> latter,
>     I=E2=80=99d use wording more like, =E2=80=9CThe following considerati=
ons apply to
> Tenant
>     Systems (TS) that are physical or virtual systems identified by MAC
> and maybe
>     IP addresses and connected to BDs by Attachment Circuits:=E2=80=9D (c=
ast as
> plural,
>     because the considerations use plurals).
> [JORGE] I took your suggestion, thx
>
>     =E2=80=94 Section 3.1 =E2=80=94
>
>     I initially couldn=E2=80=99t figure out, as I was reading this, how y=
ou=E2=80=99d know
> whether
>     you=E2=80=99re dealing with v4 or v6 addresses, and, therefore, how t=
o
> interpret the
>     lengths of the IP Prefix and GW IP Address fields.  I finally got to
> it seven
>     bullets down, where you say, =E2=80=9CThe total route length will ind=
icate the
> type of
>     prefix=E2=80=9D.    Maybe someone already expert in this would find t=
his OK,
> but to me
>     it was too much work to sort it out, when I think it could be made
> clearer like
>     this:
>
>     NEW
>        An IP Prefix Route Type for IPv4 has the Length field set to 34
>        and consists of the following fields:
>
>         +---------------------------------------+
>         |      RD   (8 octets)                  |
>         +---------------------------------------+
>         |Ethernet Segment Identifier (10 octets)|
>         +---------------------------------------+
>         |  Ethernet Tag ID (4 octets)           |
>         +---------------------------------------+
>         |  IP Prefix Length (1 octet, 0 to 32)  |
>         +---------------------------------------+
>         |  IP Prefix (4 octets)                 |
>         +---------------------------------------+
>         |  GW IP Address (4 octets)             |
>         +---------------------------------------+
>         |  MPLS Label (3 octets)                |
>         +---------------------------------------+
>
>        An IP Prefix Route Type for IPv6 has the Length field set to 58
>        and consists of the following fields:
>
>         +---------------------------------------+
>         |      RD   (8 octets)                  |
>         +---------------------------------------+
>         |Ethernet Segment Identifier (10 octets)|
>         +---------------------------------------+
>         |  Ethernet Tag ID (4 octets)           |
>         +---------------------------------------+
>         |  IP Prefix Length (1 octet, 0 to 128) |
>         +---------------------------------------+
>         |  IP Prefix (16 octets)                |
>         +---------------------------------------+
>         |  GW IP Address (16 octets)            |
>         +---------------------------------------+
>         |  MPLS Label (3 octets)                |
>         +---------------------------------------+
>
>        The total route length will indicate the type of IP Prefix (34 for
>        IPv4 or 58 for IPv6) and the type of GW IP Address. The IP Prefix
>        and GW IP Address are always both IPv4 or both IPv6; mixing the
>        two is not allowed.
>
>        [=E2=80=A6and then follow with the explanations of the fields=E2=
=80=A6]
>     END
>
>     Do you agree that that makes things clearer?
>
> [JORGE] ok, done
>
>     =E2=80=94 Section 3.2 =E2=80=94
>
>        o If either the ESI or GW IP are non-zero, then one of them is the
>          Overlay Index, regardless of whether the Router's MAC Extended
>          Community is present or the value of the Label.
>
>     Should that say =E2=80=9Cthen the non-zero one is the Overlay Index=
=E2=80=9D?
> [JORGE] ok, good point, done
>
>
>
>
> --
Barry
--
Barry Leiba  (barryleiba@computer.org)
http://internetmessagingtechnology.org/

--0000000000001385fd056c80077c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">All good, and thanks, Jorge, for taking the time to make =
the changes.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Barry</div>=
<div><br><div class=3D"gmail_quote"><div>On Fri, May 18, 2018 at 8:30 PM Ra=
badan, Jorge (Nokia - US/Mountain View) &lt;<a href=3D"mailto:jorge.rabadan=
@nokia.com">jorge.rabadan@nokia.com</a>&gt; wrote:<br></div><blockquote cla=
ss=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pa=
dding-left:1ex">Hi Barry,<br>
<br>
Thank you very much for reviewing.<br>
I addressed all your comments, see below.<br>
Thanks a bunch!<br>
Jorge<br>
<br>
<br>
=EF=BB=BF-----Original Message-----<br>
From: Barry Leiba &lt;<a href=3D"mailto:barryleiba@computer.org" target=3D"=
_blank">barryleiba@computer.org</a>&gt;<br>
Date: Friday, May 4, 2018 at 3:51 PM<br>
To: &quot;<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.=
org</a>&quot; &lt;<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secd=
ir@ietf.org</a>&gt;<br>
Cc: &quot;<a href=3D"mailto:draft-ietf-bess-evpn-prefix-advertisement.all@i=
etf.org" target=3D"_blank">draft-ietf-bess-evpn-prefix-advertisement.all@ie=
tf.org</a>&quot; &lt;<a href=3D"mailto:draft-ietf-bess-evpn-prefix-advertis=
ement.all@ietf.org" target=3D"_blank">draft-ietf-bess-evpn-prefix-advertise=
ment.all@ietf.org</a>&gt;, &quot;<a href=3D"mailto:ietf@ietf.org" target=3D=
"_blank">ietf@ietf.org</a>&quot; &lt;<a href=3D"mailto:ietf@ietf.org" targe=
t=3D"_blank">ietf@ietf.org</a>&gt;, &quot;<a href=3D"mailto:bess@ietf.org" =
target=3D"_blank">bess@ietf.org</a>&quot; &lt;<a href=3D"mailto:bess@ietf.o=
rg" target=3D"_blank">bess@ietf.org</a>&gt;<br>
Subject: Secdir last call review of draft-ietf-bess-evpn-prefix-advertiseme=
nt-10<br>
Resent-From: &lt;<a href=3D"mailto:alias-bounces@ietf.org" target=3D"_blank=
">alias-bounces@ietf.org</a>&gt;<br>
Resent-To: &lt;<a href=3D"mailto:jorge.rabadan@nokia.com" target=3D"_blank"=
>jorge.rabadan@nokia.com</a>&gt;, &lt;<a href=3D"mailto:wim.henderickx@noki=
a.com" target=3D"_blank">wim.henderickx@nokia.com</a>&gt;, &lt;<a href=3D"m=
ailto:jdrake@juniper.net" target=3D"_blank">jdrake@juniper.net</a>&gt;, &lt=
;<a href=3D"mailto:wlin@juniper.net" target=3D"_blank">wlin@juniper.net</a>=
&gt;, &lt;<a href=3D"mailto:sajassi@cisco.com" target=3D"_blank">sajassi@ci=
sco.com</a>&gt;, &lt;<a href=3D"mailto:matthew.bocci@nokia.com" target=3D"_=
blank">matthew.bocci@nokia.com</a>&gt;, &lt;<a href=3D"mailto:stephane.litk=
owski@orange.com" target=3D"_blank">stephane.litkowski@orange.com</a>&gt;, =
&lt;<a href=3D"mailto:martin.vigoureux@nokia.com" target=3D"_blank">martin.=
vigoureux@nokia.com</a>&gt;, &lt;<a href=3D"mailto:db3546@att.com" target=
=3D"_blank">db3546@att.com</a>&gt;, &lt;<a href=3D"mailto:aretana.ietf@gmai=
l.com" target=3D"_blank">aretana.ietf@gmail.com</a>&gt;, Zhaohui Zhang &lt;=
<a href=3D"mailto:zzhang@juniper.net" target=3D"_blank">zzhang@juniper.net<=
/a>&gt;, &lt;<a href=3D"mailto:zzhang@juniper.net" target=3D"_blank">zzhang=
@juniper.net</a>&gt;<br>
Resent-Date: Friday, May 4, 2018 at 3:51 PM<br>
<br>
=C2=A0 =C2=A0 Reviewer: Barry Leiba<br>
=C2=A0 =C2=A0 Review result: Has Issues<br>
<br>
=C2=A0 =C2=A0 The &quot;issues&quot; I call out below are minor, and if the=
 working group thinks they<br>
=C2=A0 =C2=A0 aren&#39;t worth dealing with, I&#39;ll not be offended nor l=
ose any sleep.<br>
<br>
=C2=A0 =C2=A0 =E2=80=94 Section 1 =E2=80=94<br>
=C2=A0 =C2=A0 I=E2=80=99m sure that all these terms are defined in the norm=
ative references, and =E2=80=99tis<br>
=C2=A0 =C2=A0 a small thing, but it would sure help a non-expert reader if =
this list of terms<br>
=C2=A0 =C2=A0 included, for each term, a citation to the RFC that defines i=
t.=C2=A0 I hope you=E2=80=99ll<br>
=C2=A0 =C2=A0 consider adding that; thanks.<br>
[JORGE] I added a few references. Hope it&#39;s better now.<br>
<br>
=C2=A0 =C2=A0 [Follow-up; I finally found =E2=80=9CTenant System=E2=80=9D d=
efined in RFC 7365, which is not<br>
=C2=A0 =C2=A0 in your references at all.=C2=A0 Please don=E2=80=99t make yo=
ur readers work that hard, and<br>
=C2=A0 =C2=A0 please consider beefing up the references and citations to de=
finitions.]<br>
[JORGE] added now.<br>
<br>
=C2=A0 =C2=A0 =E2=80=94 Section 2.1 =E2=80=94<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0If the term Tenant System (TS) is used to design=
ate a physical or<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0virtual system identified by MAC and maybe IP ad=
dresses, and<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0connected to a BD by an Attachment Circuit, the =
following<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0considerations apply:<br>
<br>
=C2=A0 =C2=A0 I find the wording =E2=80=9Cif the term Tenant System is used=
=E2=80=9D to be odd.=C2=A0 Are you<br>
=C2=A0 =C2=A0 really saying (maybe you are) that the application of the con=
siderations<br>
=C2=A0 =C2=A0 depends on whether or not we *call* it a Tenant System?=C2=A0=
 Or whether or not it<br>
=C2=A0 =C2=A0 *is* a Tenant System?=C2=A0 From the definition I found for =
=E2=80=9CTenant System=E2=80=9D I can<br>
=C2=A0 =C2=A0 see that maybe this can go either way.=C2=A0 But if we=E2=80=
=99re talking about the latter,<br>
=C2=A0 =C2=A0 I=E2=80=99d use wording more like, =E2=80=9CThe following con=
siderations apply to Tenant<br>
=C2=A0 =C2=A0 Systems (TS) that are physical or virtual systems identified =
by MAC and maybe<br>
=C2=A0 =C2=A0 IP addresses and connected to BDs by Attachment Circuits:=E2=
=80=9D (cast as plural,<br>
=C2=A0 =C2=A0 because the considerations use plurals).<br>
[JORGE] I took your suggestion, thx<br>
<br>
=C2=A0 =C2=A0 =E2=80=94 Section 3.1 =E2=80=94<br>
<br>
=C2=A0 =C2=A0 I initially couldn=E2=80=99t figure out, as I was reading thi=
s, how you=E2=80=99d know whether<br>
=C2=A0 =C2=A0 you=E2=80=99re dealing with v4 or v6 addresses, and, therefor=
e, how to interpret the<br>
=C2=A0 =C2=A0 lengths of the IP Prefix and GW IP Address fields.=C2=A0 I fi=
nally got to it seven<br>
=C2=A0 =C2=A0 bullets down, where you say, =E2=80=9CThe total route length =
will indicate the type of<br>
=C2=A0 =C2=A0 prefix=E2=80=9D.=C2=A0 =C2=A0 Maybe someone already expert in=
 this would find this OK, but to me<br>
=C2=A0 =C2=A0 it was too much work to sort it out, when I think it could be=
 made clearer like<br>
=C2=A0 =C2=A0 this:<br>
<br>
=C2=A0 =C2=A0 NEW<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0An IP Prefix Route Type for IPv4 has the Length =
field set to 34<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0and consists of the following fields:<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0 =C2=A0 RD=C2=A0 =C2=A0(8 octets)=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |Ethernet Segment Identifier (10 octets)|<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 Ethernet Tag ID (4 octets)=C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0|<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 IP Prefix Length (1 octet, 0 to 32)=C2=
=A0 |<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 IP Prefix (4 octets)=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 GW IP Address (4 octets)=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 MPLS Label (3 octets)=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0An IP Prefix Route Type for IPv6 has the Length =
field set to 58<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0and consists of the following fields:<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0 =C2=A0 RD=C2=A0 =C2=A0(8 octets)=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |Ethernet Segment Identifier (10 octets)|<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 Ethernet Tag ID (4 octets)=C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0|<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 IP Prefix Length (1 octet, 0 to 128) |<=
br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 IP Prefix (16 octets)=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 GW IP Address (16 octets)=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 MPLS Label (3 octets)=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0The total route length will indicate the type of=
 IP Prefix (34 for<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0IPv4 or 58 for IPv6) and the type of GW IP Addre=
ss. The IP Prefix<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0and GW IP Address are always both IPv4 or both I=
Pv6; mixing the<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0two is not allowed.<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0[=E2=80=A6and then follow with the explanations =
of the fields=E2=80=A6]<br>
=C2=A0 =C2=A0 END<br>
<br>
=C2=A0 =C2=A0 Do you agree that that makes things clearer?<br>
<br>
[JORGE] ok, done<br>
<br>
=C2=A0 =C2=A0 =E2=80=94 Section 3.2 =E2=80=94<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0o If either the ESI or GW IP are non-zero, then =
one of them is the<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Overlay Index, regardless of whether the =
Router&#39;s MAC Extended<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Community is present or the value of the =
Label.<br>
<br>
=C2=A0 =C2=A0 Should that say =E2=80=9Cthen the non-zero one is the Overlay=
 Index=E2=80=9D?<br>
[JORGE] ok, good point, done<br>
<br>
<br>
<br>
<br>
</blockquote></div></div>-- <br><div dir=3D"ltr" class=3D"gmail_signature" =
data-smartmail=3D"gmail_signature">Barry<br>--<br>Barry Leiba =C2=A0(<a hre=
f=3D"mailto:barryleiba@computer.org" target=3D"_blank">barryleiba@computer.=
org</a>)<br><a href=3D"http://internetmessagingtechnology.org/" target=3D"_=
blank">http://internetmessagingtechnology.org/</a></div>

--0000000000001385fd056c80077c--


From nobody Fri May 18 13:28:04 2018
Return-Path: <eric.gray@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF00512E03C for <secdir@ietfa.amsl.com>; Fri, 18 May 2018 13:27:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level: 
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ssxZOypoK4Ss for <secdir@ietfa.amsl.com>; Fri, 18 May 2018 13:27:42 -0700 (PDT)
Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0B8112DFDB for <secdir@ietf.org>; Fri, 18 May 2018 13:27:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1526675256; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=nW6sBR6Hx1MOvSwOvMaH7Rx8FqhxbR/Aw0GDqwREhHQ=; b=L3Xz65IwdotHvJii0rRERX9rHF6ytot1pCpJFdSfPZfIglutSChkhvnIk8UD24Zg Ahsn0sXxuxoGDOzm0mdRSG/ZLiLCwoeu87Y+yMHDNJAbq6oEzxXtyXnN3WG9sJfc DAtyYIKKPYUwRNOUF2EBUjmKX88tjbWVejDwZTldJXw=;
X-AuditID: c6180641-a523a9c000002610-79-5aff37383707
Received: from EUSAAHC004.ericsson.se (Unknown_Domain [147.117.188.84]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id ED.C4.09744.8373FFA5; Fri, 18 May 2018 22:27:36 +0200 (CEST)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC004.ericsson.se ([147.117.188.84]) with mapi id 14.03.0382.000; Fri, 18 May 2018 16:27:35 -0400
From: Eric Gray <eric.gray@ericsson.com>
To: Radia Perlman <radiaperlman@gmail.com>, "Yemin (Amy)" <amy.yemin@huawei.com>
CC: The IESG <iesg@ietf.org>, "ccamp@ietf.org" <ccamp@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" <draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>
Thread-Topic: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQCADDFO8IAAbMGAgADFmvA=
Date: Fri, 18 May 2018 20:27:34 +0000
Message-ID: <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se>
References: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com> <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <CAFOuuo6XWv8NnWN2SDXDFJ-6FZVmvC-T8i8k+M3wXb2aARfqBg@mail.gmail.com>
In-Reply-To: <CAFOuuo6XWv8NnWN2SDXDFJ-6FZVmvC-T8i8k+M3wXb2aARfqBg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [147.117.188.9]
Content-Type: multipart/alternative; boundary="_000_48E1A67CB9CA044EADFEAB87D814BFF64BA92606eusaamb107erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGIsWRmVeSWpSXmKPExsUyuXRPiK6F+f8og1VbZC02d2xgs3gy5waL xfW3ahYz/kxkttgy5y2rxYeFD1kc2Dx2zrrL7tFy5C2rx5IlP5k8vlz+zBbAEsVlk5Kak1mW WqRvl8CVcWfVN7aClkVMFWfmHmZtYNwxi6mLkZNDQsBEYtW5CWxdjFwcQgJHGSVmTHnFApIQ EljOKNGw3A7EZhPQkDh2Zy0jiC0iECSxbEMvO0gDs8B9Rom5k+aCTRIW8JXYd/YLC0RRgMS7 /pdQtp/Ep4nbwWwWAVWJNc2PmUFsXqD6hddfQ23exiQxue8gkMPBwSkQKHF+qhpIDaOAmMT3 U2vA5jMLiEvcejIf6moBiSV7zjND2KISLx//Y4WwFSX29U9nh6jPl9i8+RMrxC5BiZMzn7BM YBSZhWTULCRls5CUzQK6gllAU2L9Ln2IEkWJKd0P2SFsDYnWOXPZkcUXMLKvYuQoLS7IyU03 MtzECIy9YxJsjjsY9/Z6HmIU4GBU4uFtNPwfJcSaWFZcmXuIUYKDWUmE12jGvygh3pTEyqrU ovz4otKc1OJDjNIcLErivOc8eaOEBNITS1KzU1MLUotgskwcnFINjDHtUnd6FU5Fzjr/ymrz q42PHu3ezWDBtTXBwyn+wCIW/oppX68YLQ5+YbTo/4Fvl886dobuYE9M/7tA041hQ+mRz6sr Pl1xkolcZO/SXfXH/5C24gbXp+n7ujftL/7lcHjaFOnOWL4kFt7tHjKK0olCSqlqFXYGIZrK p4pOWvlsWCf5+MuZdiWW4oxEQy3mouJEACn/n4q5AgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/2e3TFFXN98Yt1ZAU0S4Ol5H3e3w>
Subject: Re: [secdir] [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 20:27:45 -0000

--_000_48E1A67CB9CA044EADFEAB87D814BFF64BA92606eusaamb107erics_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgUmFkaWEuDQoNCkkgYWdyZWUgdGhhdCB0aGUgRW5nbGlzaCBpcyBhd2t3YXJkLCBidXQgSSB3
b3VsZCBoYXZlIGludGVycHJldGVkIOKAnGV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVudOKAnSB0
byBtZWFuIHNvbWV0aGluZyBtb3JlIGFsb25nIHRoZSBsaW5lcyBvZiBldm9sdmluZyB0b3dhcmQg
dGhlIHNhbWUgKHNpbmd1bGFyKSB0aGluZy4gIE9yIHBlcmhhcHMgYW5vdGhlciB3YXkgdG8gbG9v
ayBhdCBpdCBtaWdodCBiZSB0aGF0LCBiZWNhdXNlIFlBTkcgaXMgYmVjb21pbmcgYSBtb3JlIHBv
cHVsYXIgbWVjaGFuaXNtIGZvciBib3RoIE5NUyBhbmQgU0ROLCBpdCBpcyBsaWtlbHkgdGhhdCBv
bmUgb3IgYm90aCBvZiB0aGVzZSBtYXkgYmVjb21lIGNvbXBvbmVudHMgb2YgYSBjb21tb24gbWFu
YWdlbWVudCBmcmFtZXdvcmsuDQoNCkkgd291bGQgaW50ZXJwcmV0IGl0IHRoaXMgd2F5IHByZWNp
c2VseSBiZWNhdXNlIOKAkyBhcyB5b3Ugc2F5IOKAkyB0aGUgZGlzdGluY3Rpb24gaXMgbm90IGF0
IGFsbCBjbGVhciwgdGhvdWdoIEkgd291bGQgYWRkIHRoYXQgKHRvIHNvbWUgb2YgdXMpIHRoZSBk
aXN0aW5jdGlvbiBoYXMgbmV2ZXIgYmVlbiB2ZXJ5IGNsZWFyLiAg8J+Yig0KDQpGb3IgdGhpcyBy
ZWFzb24sIEkgd291bGQgaGF2ZSBzb21lIHNtYWxsIGRpZmZpY3VsdHkgaW4gc2VlaW5nIGhvdyBp
dCB3b3VsZCBtYWtlIG11Y2ggc2Vuc2UgdG8gc2F5IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcgdG93
YXJkIGluY3JlYXNpbmcgc2ltaWxhcml0eS4NCg0KLS0NCkVyaWMNCg0KRnJvbTogQ0NBTVAgW21h
aWx0bzpjY2FtcC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgUmFkaWEgUGVybG1hbg0K
U2VudDogRnJpZGF5LCBNYXkgMTgsIDIwMTggMTI6MzAgQU0NClRvOiBZZW1pbiAoQW15KSA8YW15
LnllbWluQGh1YXdlaS5jb20+DQpDYzogVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc+OyBjY2FtcEBp
ZXRmLm9yZzsgc2VjZGlyQGlldGYub3JnOyBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt
ZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnDQpTdWJqZWN0OiBSZTogW0NDQU1QXSBTZWNkaXIgcmV2
aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpUaGFuayB5
b3UhICBUaG91Z2ggd2hhdCB5b3UncmUgc3VnZ2VzdGluZyBpcyBhd2t3YXJkIEVuZ2xpc2guDQoN
ClBlcmhhcHMgIldlIG5vdGUgdGhhdCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiBOTVMgYW5kIFNE
TiBpcyBub3QgYWxsIHRoYXQgY2xlYXIsIGFuZCB0aGUgdHdvIGFyZSBldm9sdmluZyB0byBiZSBt
b3JlIGFuZCBtb3JlIHNpbWlsYXIuIiBjb3VsZCByZXBsYWNlIHRoZSBmaXJzdCBzZW50ZW5jZS4g
IEknbSByZWFsbHkgbm90IHN1cmUgd2hhdCB5b3UgbWVhbnQgYnkgImV2b2x2aW5nIHRvd2FyZCBh
IGNvbXBvbmVudCIsIHNvIHBlcmhhcHMgSSdtIG5vdCBjYXB0dXJpbmcgd2hhdCB5b3UgYXJlIGlu
dGVuZGluZyB0byBzYXkuDQoNCg0KUmFkaWENCg0KT24gVGh1LCBNYXkgMTcsIDIwMTggYXQgNzow
MyBQTSwgWWVtaW4gKEFteSkgPGFteS55ZW1pbkBodWF3ZWkuY29tPG1haWx0bzphbXkueWVtaW5A
aHVhd2VpLmNvbT4+IHdyb3RlOg0KSGkgUmFkaWEsDQoNCldlIGp1c3QgdXBkYXRlZCB0aGUgZHJh
ZnQsIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWlj
cm93YXZlLWZyYW1ld29yay8uDQpZb3VyIGNvbW1lbnRzIGFyZSBhZGRyZXNzZWQgaW4gdGhlIGxh
dGVzdCB2ZXJzaW9uLg0KDQpCUiwNCkFteQ0KRnJvbTogWWVtaW4gKEFteSkNClNlbnQ6IFRodXJz
ZGF5LCBNYXkgMTAsIDIwMTggNDowNyBQTQ0KVG86ICdEYW5pZWxlIENlY2NhcmVsbGknIDxkYW5p
ZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPG1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJp
Y3Nzb24uY29tPj47IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVybG1hbkBnbWFpbC5jb208bWFpbHRv
OnJhZGlhcGVybG1hbkBnbWFpbC5jb20+PjsgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJh
bWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dh
dmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3Jn
PG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGll
dGYub3JnPg0KU3ViamVjdDogUkU6IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1t
aWNyb3dhdmUtZnJhbWV3b3JrLTA1DQoNCkhpIFJhZGlhLA0KDQpUaGFua3MgZm9yIHlvdXIgcmV2
aWV3Lg0KDQpSZWdhcmRpbmcgdGhlIE5NUyBhbmQgU0ROLCBhcyBEYW5pZWxlIHN1Z2dlc3RlZCwg
d2Ugd2lsbCBhZGQgdGhlIGZvbGxvd2luZyB0ZXh0IGluIHNlY3Rpb24gMzoNCuKAnEl0J3Mgbm90
ZWQgdGhhdCB0aGVyZSdzIGlkZWEgdGhhdCB0aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRv
d2FyZHMgYSBjb21wb25lbnQsIGFuZCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1
aXRlIHZhZ3VlLiBBbm90aGVyIGZhY3QgaXMgdGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2Yg
bmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0
aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lLCB3aGlsZSBTRE4gaXMgY29uc2lkZXJlZCBhcyB0
aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUuIFRoZXkgYXJlIHN0aWxsIGtl
cHQgYXMgc2VwYXJhdGUgY29tcG9uZW50LuKAnQ0KDQpSZWdhcmRpbmcgdGhlIHNlY3VyaXR5IGNv
bnNpZGVyYXRpb25zLCB5ZXMsIHRoaXMgZHJhZnQgZG9lc27igJl0IHNwZWNpZnkgdGhlIHBhcmFt
ZXRlcnMuDQpUaGVyZeKAmXMgYW5vdGhlciBkcmFmdCBkcmFmdC1pZXRmLWNjYW1wLW13LXlhbmcs
IHdoZXJlIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9uIGlzIGFkZHJlc3NlZCBhcyB5b3Ugc3Vn
Z2VzdGVkLg0KDQpCUiwNCkFteQ0KRnJvbTogRGFuaWVsZSBDZWNjYXJlbGxpIFttYWlsdG86ZGFu
aWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbV0NClNlbnQ6IE1vbmRheSwgTWF5IDA3LCAyMDE4
IDU6NDYgUE0NClRvOiBSYWRpYSBQZXJsbWFuIDxyYWRpYXBlcmxtYW5AZ21haWwuY29tPG1haWx0
bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tPj47IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZy
YW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93
YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc+OyBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9y
ZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+OyBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBp
ZXRmLm9yZz4NClN1YmplY3Q6IFJFOiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAt
bWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpIaSBSYWRpYSwNCg0KbGV0IG1lIHJlcGx5IG9uIGJl
aGFsZiBvZiB0aGUgYXV0aG9ycy4gRmlyc3Qgb2YgYWxsIG1hbnkgdGhhbmtzIGZvciB5b3VyIHJl
dmlldy4NCg0KUmVnYXJkaW5nIHlvdXIgcXVlc3Rpb24gYWJvdXQgdHJhZGl0aW9uYWwgTk1TIHZz
IFNETiBJIGFncmVlIHdpdGggeW91IG9uIHRoZSBmYWN0IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcg
dG93YXJkcyBhIGNvbW1vbiBjb21wb25lbnQgYW5kIHRoZSBkaXN0aW5jdGlvbiBpcyBxdWl0ZSBi
bHVycnksIGJ1dCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlz
IHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50
IHBsYW5lIHdoaWxlIFNETiB0aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUg
YW5kIHRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgdGhpbmdzLg0KDQpIZW5jZSwgc2lu
Y2UgdGhlIGF1dGhvcnMgc3BlYWsgYWJvdXQg4oCcdHJhZGl0aW9uYWzigJ0gTk1TIGFuZCBTRE4g
SSB3b3VsZCB0ZW5kIHRvIGFsbG93IGZvciB0aGUgZGlzdGluY3Rpb24gdG8gYmUga2VwdC4gSWYg
eW91IHByZWZlciBhIG5vdGUgc3BlYWtpbmcgYWJvdXQgdGhlIGNvbnZlcmdlbmNlIG9mIHRoZSB0
d28gdGhpbmdzIGNhbiBiZSBhZGRlZC4NCg0KVGhhbmtzIGEgbG90DQpEYW5pZWxlICAoY2NhbXAg
Y28tY2hhaXIpDQoNCkZyb206IFJhZGlhIFBlcmxtYW4gW21haWx0bzpyYWRpYXBlcmxtYW5AZ21h
aWwuY29tXQ0KU2VudDogbHVuZWTDrCA3IG1hZ2dpbyAyMDE4IDA4OjU1DQpUbzogZHJhZnQtaWV0
Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJh
ZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRo
ZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRm
Lm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBk
cmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNCg0KU29ycnkuLi5yZXNlbmRp
bmcgYmVjYXVzZSBJIG1pc3R5cGVkIHRoZSBhdXRob3IgYWRkcmVzcy4NCg0KDQotLS0tLS0tLS0t
IEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS0NCkZyb206IFJhZGlhIFBlcmxtYW4gPHJhZGlh
cGVybG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20+Pg0KRGF0ZTog
U3VuLCBNYXkgNiwgMjAxOCBhdCAxMTo0OCBQTQ0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBk
cmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNClRvOiBkcmFmdC1pZXRmLWNj
YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xzLmlldGYub3JnPG1haWx0bzpkcmFm
dC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xzLmlldGYub3JnPiwg
VGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+Piwgc2VjZGlyQGll
dGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQpTdW1tYXJ5OiAgTm8gc2VjdXJpdHkgaXNz
dWVzIGZvdW5kLCBidXQgSSBkbyBoYXZlIHF1ZXN0aW9ucywgYW5kIHRoZXJlIGFyZSBlZGl0aW5n
IGdsaXRjaGVzDQoNCkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhl
IHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZw0KZWZmb3J0IHRvIHJldmlldyBhbGwgSUVU
RiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiAgVGhlc2UNCmNvbW1lbnRz
IHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBh
cmVhDQpkaXJlY3RvcnMuICBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRy
ZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3QNCmxpa2UgYW55IG90aGVyIGxhc3QgY2FsbCBjb21tZW50
cy4NCg0KVGhpcyBkb2N1bWVudCBkZXNjcmliZXMgdGhlIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGZv
ciBtaWNyb3dhdmUgcmFkaW8gbGlua3MuDQpJdCBhZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxp
ZXZlKSB0aGF0IHN1Y2ggYW4gaW50ZXJmYWNlIHNob3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3Zp
ZGUgZm9yIHZlbmRvci1zcGVjaWZpYyBmZWF0dXJlcy4NCg0KSSBkb24ndCB1bmRlcnN0YW5kIHRo
ZSBkaWZmZXJlbmNlIGJldHdlZW4gYSAiYSB0cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQg
c3lzdGVtIiBhbmQgU0ROLiAgUGVyaGFwcyBpdCBpcyBub3QgdGhlIGpvYiBvZiB0aGlzIGRvY3Vt
ZW50IHRvIGNsZWFybHkgbWFrZSB0aGUgZGlzdGluY3Rpb24sIGFuZCBJIHN1c3BlY3QgdGhlcmUg
aXMgbm8gcmVhbCBkaXN0aW5jdGlvbi4uLnNldHRpbmcgcGFyYW1ldGVycyAodHJhZGl0aW9uYWwg
bmV0d29yayBtYW5hZ2VtZW50KSBpcyBhIHdheSBvZiAicHJvZ3JhbW1pbmciIGFuIGludGVyZmFj
ZSAoIlNETiIpLg0KDQpUaGlzIGRvY3VtZW50IGNvdWxkIHVzZSBhbiBlZGl0aW5nIHBhc3MgZm9y
IGdsaXRjaGVzLCBidXQgdGhlc2UgZ2xpdGNoZXMgZG8gbm90IGltcGFjdCBpdHMgcmVhZGFiaWxp
dHkuDQoNClRoZSBnbGl0Y2hlcyBjb25zaXN0ICBtb3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxl
IHdvcmRzIGxpa2UgIm9mIiBpbiB0aGUgZm9sbG93aW5nIHNlbnRlbmNlLg0KIlRoZSBhZG9wdGlv
biBvZiBhbiBTRE4gZnJhbWV3b3JrIGZvciBtYW5hZ2VtZW50IGFuZA0KICAgY29udHJvbCB0aGUg
bWljcm93YXZlIGludGVyZmFjZSBpcyBvbmUgb2YgdGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yDQog
ICB0aGlzIHdvcmsuIg0KDQpUaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2F5IHRoYXQgdGhl
eSBhc3N1bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChhdXRoZW50aWNhdGVkLCBwcm9iYWJs
eSBlbmNyeXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNvbW11bmljYXRpb24uICBPdGhlciB0
aGFuIHRoYXQsIHBlcmhhcHMsIHRoZXJlIG1pZ2h0IGJlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25z
IGZvciBpbmFkdmVydGVudGx5IHNldHRpbmcgcGFyYW1ldGVycyBpbmNvcnJlY3RseSwgb3IgbWFs
aWNpb3VzbHkgYnkgYSB0cnVzdGVkIGFkbWluaXN0cmF0b3IuICBCdXQgdGhpcyBkb2N1bWVudCBk
b2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVjaWZpYyBwYXJhbWV0ZXJzIHRvIGJlIG1hbmFnZWQsIGp1
c3QgYSBnZW5lcmFsIGZyYW1ld29yay4NCg0KUmFkaWENCg0KDQoNCg==

--_000_48E1A67CB9CA044EADFEAB87D814BFF64BA92606eusaamb107erics_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m
YWNlDQoJe2ZvbnQtZmFtaWx5OkRlbmdYaWFuOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAx
IDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUg
NSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IlxARGVuZ1hpYW4i
Ow0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMg
Ki8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBp
bjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZh
bWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJ
e21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1
bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1z
dHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVy
bGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21z
by1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJn
aW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0
OjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNl
cmlmO30NCnNwYW4ubS02MTY2OTg1ODA0NjE1Mjc5MzY2bTQxMzEzNzY3MjgwMzExNjczMDZnbWFp
bC1tOTAyNjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1Nzc4MjUzNGdtYWlsLWls
DQoJe21zby1zdHlsZS1uYW1lOm1fLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3NjcyODAzMTE2
NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3NzgyNTM0
Z21haWwtaWw7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTkNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWw7
DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9
DQpzcGFuLkVtYWlsU3R5bGUyMA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0K
CWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0K
Lk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1p
bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41
aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNl
Y3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNv
IDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAv
Pg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxh
eW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwv
bzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVO
LVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9u
MSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSBSYWRpYS48bzpwPjwvbzpwPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+SSBhZ3JlZSB0aGF0IHRoZSBFbmdsaXNoIGlzIGF3a3dhcmQsIGJ1dCBJIHdvdWxkIGhhdmUg
aW50ZXJwcmV0ZWQg4oCcZXZvbHZpbmcgdG93YXJkIGEgY29tcG9uZW504oCdIHRvIG1lYW4gc29t
ZXRoaW5nIG1vcmUgYWxvbmcgdGhlIGxpbmVzIG9mIGV2b2x2aW5nIHRvd2FyZCB0aGUgc2FtZSAo
c2luZ3VsYXIpIHRoaW5nLiZuYnNwOyBPciBwZXJoYXBzIGFub3RoZXIgd2F5IHRvIGxvb2sgYXQg
aXQgbWlnaHQgYmUgdGhhdCwgYmVjYXVzZQ0KIFlBTkcgaXMgYmVjb21pbmcgYSBtb3JlIHBvcHVs
YXIgbWVjaGFuaXNtIGZvciBib3RoIE5NUyBhbmQgU0ROLCBpdCBpcyBsaWtlbHkgdGhhdCBvbmUg
b3IgYm90aCBvZiB0aGVzZSBtYXkgYmVjb21lIGNvbXBvbmVudHMgb2YgYSBjb21tb24gbWFuYWdl
bWVudCBmcmFtZXdvcmsuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpw
PiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgd291bGQgaW50ZXJwcmV0
IGl0IHRoaXMgd2F5IHByZWNpc2VseSBiZWNhdXNlIOKAkyBhcyB5b3Ugc2F5IOKAkyB0aGUgZGlz
dGluY3Rpb24gaXMgbm90IGF0IGFsbCBjbGVhciwgdGhvdWdoIEkgd291bGQgYWRkIHRoYXQgKHRv
IHNvbWUgb2YgdXMpIHRoZSBkaXN0aW5jdGlvbiBoYXMgbmV2ZXIgYmVlbiB2ZXJ5IGNsZWFyLiZu
YnNwOw0KPHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O1NlZ29lIFVJIEVtb2ppJnF1b3Q7
LHNhbnMtc2VyaWYiPvCfmIo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkZvciB0aGlz
IHJlYXNvbiwgSSB3b3VsZCBoYXZlIHNvbWUgc21hbGwgZGlmZmljdWx0eSBpbiBzZWVpbmcgaG93
IGl0IHdvdWxkIG1ha2UgbXVjaCBzZW5zZSB0byBzYXkgdGhhdCB0aGV5IGFyZSBldm9sdmluZyB0
b3dhcmQgaW5jcmVhc2luZyBzaW1pbGFyaXR5LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4tLTxv
OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+RXJpYzxvOnA+PC9vOnA+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48Yj5Gcm9tOjwvYj4gQ0NBTVAgW21haWx0bzpjY2FtcC1ib3VuY2VzQGlldGYub3Jn
XSA8Yj5PbiBCZWhhbGYgT2YNCjwvYj5SYWRpYSBQZXJsbWFuPGJyPg0KPGI+U2VudDo8L2I+IEZy
aWRheSwgTWF5IDE4LCAyMDE4IDEyOjMwIEFNPGJyPg0KPGI+VG86PC9iPiBZZW1pbiAoQW15KSAm
bHQ7YW15LnllbWluQGh1YXdlaS5jb20mZ3Q7PGJyPg0KPGI+Q2M6PC9iPiBUaGUgSUVTRyAmbHQ7
aWVzZ0BpZXRmLm9yZyZndDs7IGNjYW1wQGlldGYub3JnOyBzZWNkaXJAaWV0Zi5vcmc7IGRyYWZ0
LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8YnI+DQo8
Yj5TdWJqZWN0OjwvYj4gUmU6IFtDQ0FNUF0gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNj
YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
PlRoYW5rIHlvdSEmbmJzcDsgVGhvdWdoIHdoYXQgeW91J3JlIHN1Z2dlc3RpbmcgaXMgYXdrd2Fy
ZCBFbmdsaXNoLjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv
OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
UGVyaGFwcyAmcXVvdDtXZSBub3RlIHRoYXQgdGhlIGRpc3RpbmN0aW9uIGJldHdlZW4gTk1TIGFu
ZCBTRE4gaXMgbm90IGFsbCB0aGF0IGNsZWFyLCBhbmQgdGhlIHR3byBhcmUgZXZvbHZpbmcgdG8g
YmUgbW9yZSBhbmQgbW9yZSBzaW1pbGFyLiZxdW90OyBjb3VsZCByZXBsYWNlIHRoZSBmaXJzdCBz
ZW50ZW5jZS4mbmJzcDsgSSdtIHJlYWxseSBub3Qgc3VyZSB3aGF0IHlvdSBtZWFudCBieSAmcXVv
dDtldm9sdmluZyB0b3dhcmQgYSBjb21wb25lbnQmcXVvdDssDQogc28gcGVyaGFwcyBJJ20gbm90
IGNhcHR1cmluZyB3aGF0IHlvdSBhcmUgaW50ZW5kaW5nIHRvIHNheS48bzpwPjwvbzpwPjwvcD4N
CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2
Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv
cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlJhZGlhPG86cD48L286cD48
L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij5PbiBUaHUsIE1heSAxNywgMjAxOCBhdCA3OjAzIFBNLCBZZW1pbiAoQW15KSAmbHQ7PGEgaHJl
Zj0ibWFpbHRvOmFteS55ZW1pbkBodWF3ZWkuY29tIiB0YXJnZXQ9Il9ibGFuayI+YW15LnllbWlu
QGh1YXdlaS5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjxibG9ja3F1b3RlIHN0
eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6
MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbiI+DQo8
ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h
bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMx
RjQ5N0QiPkhpIFJhZGlhLA0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs
dDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9v
OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph
dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3
RCI+V2UganVzdCB1cGRhdGVkIHRoZSBkcmFmdCwNCjxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNr
ZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay8iIHRh
cmdldD0iX2JsYW5rIj4NCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWll
dGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay88L2E+LiA8L3NwYW4+DQo8bzpwPjwvbzpwPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt
c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPllv
dXIgY29tbWVudHMgYXJlIGFkZHJlc3NlZCBpbiB0aGUgbGF0ZXN0IHZlcnNpb24uDQo8L3NwYW4+
PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10
b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xv
cjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0
OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5CUiw8L3NwYW4+PG86cD48L286cD48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87
bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5B
bXk8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7
Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4i
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z
by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4gWWVtaW4gKEFteSkNCjxicj4N
CjxiPlNlbnQ6PC9iPiBUaHVyc2RheSwgTWF5IDEwLCAyMDE4IDQ6MDcgUE08YnI+DQo8Yj5Ubzo8
L2I+ICdEYW5pZWxlIENlY2NhcmVsbGknICZsdDs8YSBocmVmPSJtYWlsdG86ZGFuaWVsZS5jZWNj
YXJlbGxpQGVyaWNzc29uLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmRhbmllbGUuY2VjY2FyZWxsaUBl
cmljc3Nvbi5jb208L2E+Jmd0OzsgUmFkaWEgUGVybG1hbiAmbHQ7PGEgaHJlZj0ibWFpbHRvOnJh
ZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdldD0iX2JsYW5rIj5yYWRpYXBlcmxtYW5AZ21haWwu
Y29tPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUt
ZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0KZHJhZnQtaWV0
Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzwvYT47IFRoZSBJ
RVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmll
c2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciIHRh
cmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJyPg0KPGI+U3ViamVjdDo8L2I+IFJF
OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0w
NTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0
eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+
Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h
cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxl
PSJjb2xvcjojMUY0OTdEIj5IaSBSYWRpYSwNCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu
LWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bh
bj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu
LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNv
bG9yOiMxRjQ5N0QiPlRoYW5rcyBmb3IgeW91ciByZXZpZXcuDQo8L3NwYW4+PG86cD48L286cD48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87
bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj4m
bmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i
bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu
IHN0eWxlPSJjb2xvcjojMUY0OTdEIj5SZWdhcmRpbmcgdGhlIE5NUyBhbmQgU0ROLCBhcyBEYW5p
ZWxlIHN1Z2dlc3RlZCwgd2Ugd2lsbCBhZGQgdGhlIGZvbGxvd2luZyB0ZXh0IGluIHNlY3Rpb24g
MzoNCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt
c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4g
c3R5bGU9ImNvbG9yOiMxRjQ5N0QiPuKAnEl0J3Mgbm90ZWQgdGhhdCB0aGVyZSdzIGlkZWEgdGhh
dCB0aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBjb21wb25lbnQsIGFuZCB0
aGUgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZhZ3VlLiBBbm90aGVyIGZhY3Qg
aXMNCiB0aGF0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMg
c3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQg
cGxhbmUsIHdoaWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0
aGUgY29udHJvbCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25l
bnQu4oCdPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9
Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3Bh
biBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn
aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+UmVnYXJkaW5n
IHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucywgeWVzLCB0aGlzIGRyYWZ0IGRvZXNu4oCZdCBz
cGVjaWZ5IHRoZSBwYXJhbWV0ZXJzLg0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90
dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+VGhlcmXigJlzIGFub3Ro
ZXIgZHJhZnQgZHJhZnQtaWV0Zi1jY2FtcC1tdy15YW5nLCB3aGVyZSB0aGUgc2VjdXJpdHkgY29u
c2lkZXJhdGlvbiBpcyBhZGRyZXNzZWQgYXMgeW91IHN1Z2dlc3RlZC4NCjwvc3Bhbj48bzpwPjwv
bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6
YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5
N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0
eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+
PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkJSLDwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy
Z2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkFteTwvc3Bh
bj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXIt
dG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp
bi1ib3R0b20tYWx0OmF1dG8iPjxiPkZyb206PC9iPiBEYW5pZWxlIENlY2NhcmVsbGkgWzxhIGhy
ZWY9Im1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tIiB0YXJnZXQ9Il9ibGFu
ayI+bWFpbHRvOmRhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb208L2E+XQ0KPGJyPg0KPGI+
U2VudDo8L2I+IE1vbmRheSwgTWF5IDA3LCAyMDE4IDU6NDYgUE08YnI+DQo8Yj5Ubzo8L2I+IFJh
ZGlhIFBlcmxtYW4gJmx0OzxhIGhyZWY9Im1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tIiB0
YXJnZXQ9Il9ibGFuayI+cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwvYT4mZ3Q7Ow0KPGEgaHJlZj0i
bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0
Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l
d29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+OyBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFpbHRv
Omllc2dAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5pZXNnQGlldGYub3JnPC9hPiZndDs7DQo8
YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2VjZGlyQGll
dGYub3JnPC9hPjxicj4NCjxiPlN1YmplY3Q6PC9iPiBSRTogU2VjZGlyIHJldmlldyBvZiBkcmFm
dC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2
Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0
OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t
YXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+SGkgUmFkaWEsPC9zcGFuPjxv
OnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i
bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu
IGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0
OmF1dG8iPmxldCBtZSByZXBseSBvbiBiZWhhbGYgb2YgdGhlIGF1dGhvcnMuIEZpcnN0IG9mIGFs
bCBtYW55IHRoYW5rcyBmb3IgeW91ciByZXZpZXcuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0
b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg
c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv
Ij5SZWdhcmRpbmcgeW91ciBxdWVzdGlvbiBhYm91dCB0cmFkaXRpb25hbCBOTVMgdnMgU0ROIEkg
YWdyZWUgd2l0aCB5b3Ugb24gdGhlIGZhY3QgdGhhdCB0aGV5IGFyZSBldm9sdmluZyB0b3dhcmRz
IGEgY29tbW9uIGNvbXBvbmVudCBhbmQgdGhlIGRpc3RpbmN0aW9uIGlzIHF1aXRlIGJsdXJyeSwg
YnV0IHRoZXJlDQogaXMgc3RpbGwgcGxlbnR5IG9mIG5ldHdvcmtzIHdoZXJlIE5NUyBpcyBzdGls
bCBjb25zaWRlcmVkIGFzIHRoZSBpbXBsZW1lbnRhdGlvbiBvZiB0aGUgbWFuYWdlbWVudCBwbGFu
ZSB3aGlsZSBTRE4gdGhlIGNlbnRyYWxpemF0aW9uIG9mIHRoZSBjb250cm9sIHBsYW5lIGFuZCB0
aGV5IGFyZSBzdGlsbCBrZXB0IGFzIHNlcGFyYXRlIHRoaW5ncy48bzpwPjwvbzpwPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy
Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t
YWx0OmF1dG8iPkhlbmNlLCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVhayBhYm91dCDigJx0cmFkaXRp
b25hbOKAnSBOTVMgYW5kIFNETiBJIHdvdWxkIHRlbmQgdG8gYWxsb3cgZm9yIHRoZSBkaXN0aW5j
dGlvbiB0byBiZSBrZXB0LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBzcGVha2luZyBhYm91dCB0aGUg
Y29udmVyZ2VuY2Ugb2YgdGhlIHR3bw0KIHRoaW5ncyBjYW4gYmUgYWRkZWQuPG86cD48L286cD48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87
bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t
Ym90dG9tLWFsdDphdXRvIj5UaGFua3MgYSBsb3Q8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv
bS1hbHQ6YXV0byI+RGFuaWVsZSZuYnNwOyAoY2NhbXAgY28tY2hhaXIpPG86cD48L286cD48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv
LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPGRpdiBzdHls
ZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1ZSAxLjVwdDtwYWRkaW5nOjBpbiAw
aW4gMGluIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9w
OnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i
b3R0b20tYWx0OmF1dG8iPjxiPkZyb206PC9iPiBSYWRpYSBQZXJsbWFuIFs8YSBocmVmPSJtYWls
dG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPm1haWx0bzpyYWRpYXBl
cmxtYW5AZ21haWwuY29tPC9hPl0NCjxicj4NCjxiPlNlbnQ6PC9iPiBsdW5lZMOsIDcgbWFnZ2lv
IDIwMTggMDg6NTU8YnI+DQo8Yj5Ubzo8L2I+IDxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLWNj
YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnIiB0YXJnZXQ9Il9ibGFu
ayI+DQpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYu
b3JnPC9hPjsgVGhlIElFU0cgJmx0OzxhIGhyZWY9Im1haWx0bzppZXNnQGlldGYub3JnIiB0YXJn
ZXQ9Il9ibGFuayI+aWVzZ0BpZXRmLm9yZzwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOnNlY2Rp
ckBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNlY2RpckBpZXRmLm9yZzwvYT48YnI+DQo8Yj5T
dWJqZWN0OjwvYj4gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m
cmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t
YWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv
O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+U29ycnkuLi5yZXNl
bmRpbmcgYmVjYXVzZSBJIG1pc3R5cGVkIHRoZSBhdXRob3IgYWRkcmVzcy48L3NwYW4+PG86cD48
L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t
dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+
Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t
LWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K
PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0
bzttYXJnaW4tYm90dG9tOjEyLjBwdCI+PHNwYW4gbGFuZz0iSVQiPi0tLS0tLS0tLS0gRm9yd2Fy
ZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLTxicj4NCkZyb206IDxiPlJhZGlhIFBlcmxtYW48L2I+ICZs
dDs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsi
PnJhZGlhcGVybG1hbkBnbWFpbC5jb208L2E+Jmd0Ozxicj4NCkRhdGU6IFN1biwgTWF5IDYsIDIw
MTggYXQgMTE6NDggUE08YnI+DQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYt
Y2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNTxicj4NClRvOiA8YSBocmVmPSJtYWlsdG86ZHJh
ZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1LmFsbEB0b29scy5pZXRmLm9yZyIg
dGFyZ2V0PSJfYmxhbmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1
LmFsbEB0b29scy5pZXRmLm9yZzwvYT4sIFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVz
Z0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OywNCjxhIGhy
ZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5v
cmc8L2E+PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0
byI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1
b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj5TdW1tYXJ5OiZuYnNwOyBO
byBzZWN1cml0eSBpc3N1ZXMgZm91bmQsIGJ1dCBJIGRvIGhhdmUgcXVlc3Rpb25zLCBhbmQgdGhl
cmUgYXJlIGVkaXRpbmcgZ2xpdGNoZXM8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn
aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9v
OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t
YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5n
PSJJVCIgc3R5bGU9ImZvbnQtc2l6ZTo5LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90
OyxzYW5zLXNlcmlmO2NvbG9yOiMyMjIyMjIiPkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50
IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZzxicj4NCmVmZm9y
dCB0byZuYnNwOzxzcGFuIGNsYXNzPSJtLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3NjcyODAz
MTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3Nzgy
NTM0Z21haWwtaWwiPnJldmlldzwvc3Bhbj4mbmJzcDthbGwgSUVURiBkb2N1bWVudHMgYmVpbmcg
cHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiZuYnNwOyBUaGVzZTxicj4NCmNvbW1lbnRzIHdlcmUgd3Jp
dHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBhcmVhPGJyPg0K
ZGlyZWN0b3JzLiZuYnNwOyBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRy
ZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3Q8YnI+DQpsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwgY29t
bWVudHMuPC9zcGFuPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+
DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10
b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4m
bmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t
YWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0aGUgbWFu
YWdlbWVudCBpbnRlcmZhY2UgZm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy48L3NwYW4+PG86cD48
L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv
LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxh
bmc9IklUIj5JdCBhZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1Y2ggYW4g
aW50ZXJmYWNlIHNob3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRvci1zcGVj
aWZpYyBmZWF0dXJlcy48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp
bi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286
cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h
cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9
IklUIj5JIGRvbid0IHVuZGVyc3RhbmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICZxdW90O2Eg
dHJhZGl0aW9uYWwgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSZxdW90OyBhbmQgU0ROLiZuYnNw
OyBQZXJoYXBzIGl0IGlzIG5vdCB0aGUgam9iIG9mIHRoaXMgZG9jdW1lbnQgdG8gY2xlYXJseSBt
YWtlIHRoZSBkaXN0aW5jdGlvbiwNCiBhbmQgSSBzdXNwZWN0IHRoZXJlIGlzIG5vIHJlYWwgZGlz
dGluY3Rpb24uLi5zZXR0aW5nIHBhcmFtZXRlcnMgKHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdl
bWVudCkgaXMgYSB3YXkgb2YgJnF1b3Q7cHJvZ3JhbW1pbmcmcXVvdDsgYW4gaW50ZXJmYWNlICgm
cXVvdDtTRE4mcXVvdDspLiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp
dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt
c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48
bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl
PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNw
YW4gbGFuZz0iSVQiPlRoaXMgZG9jdW1lbnQgY291bGQgdXNlIGFuIGVkaXRpbmcgcGFzcyBmb3Ig
Z2xpdGNoZXMsIGJ1dCB0aGVzZSBnbGl0Y2hlcyBkbyBub3QgaW1wYWN0IGl0cyByZWFkYWJpbGl0
eS48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0
OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rp
dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0
OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGUgZ2xp
dGNoZXMgY29uc2lzdCZuYnNwOyBtb3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxp
a2UgJnF1b3Q7b2YmcXVvdDsgaW4gdGhlIGZvbGxvd2luZyBzZW50ZW5jZS48L3NwYW4+PG86cD48
L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv
LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxh
bmc9IklUIj4mcXVvdDtUaGUgYWRvcHRpb24gb2YgYW4gU0ROIGZyYW1ld29yayBmb3IgbWFuYWdl
bWVudCBhbmQ8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0
b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDsgJm5ic3A7Y29udHJvbCB0aGUgbWlj
cm93YXZlIGludGVyZmFjZSBpcyBvbmUgb2YgdGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yPC9zcGFu
PjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5
bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48
c3BhbiBsYW5nPSJJVCI+Jm5ic3A7ICZuYnNwO3RoaXMgd29yay4mcXVvdDs8L3NwYW4+PG86cD48
L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv
LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxh
bmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp
bi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGUgc2VjdXJpdHkgY29uc2lkZXJh
dGlvbnMgc2F5IHRoYXQgdGhleSBhc3N1bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChhdXRo
ZW50aWNhdGVkLCBwcm9iYWJseSBlbmNyeXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNvbW11
bmljYXRpb24uJm5ic3A7IE90aGVyIHRoYW4gdGhhdCwNCiBwZXJoYXBzLCB0aGVyZSBtaWdodCBi
ZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBmb3IgaW5hZHZlcnRlbnRseSBzZXR0aW5nIHBhcmFt
ZXRlcnMgaW5jb3JyZWN0bHksIG9yIG1hbGljaW91c2x5IGJ5IGEgdHJ1c3RlZCBhZG1pbmlzdHJh
dG9yLiZuYnNwOyBCdXQgdGhpcyBkb2N1bWVudCBkb2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVjaWZp
YyBwYXJhbWV0ZXJzIHRvIGJlIG1hbmFnZWQsIGp1c3QgYSBnZW5lcmFsIGZyYW1ld29yay48L3Nw
YW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz
dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i
PjxzcGFuIGxhbmc9IklUIiBzdHlsZT0iY29sb3I6Izg4ODg4OCI+Jm5ic3A7PC9zcGFuPjxvOnA+
PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z
by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBs
YW5nPSJJVCIgc3R5bGU9ImNvbG9yOiM4ODg4ODgiPlJhZGlhPC9zcGFuPjxvOnA+PC9vOnA+PC9w
Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t
bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFu
Zz0iSVQiIHN0eWxlPSJjb2xvcjojODg4ODg4Ij4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+
DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0
eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+
PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9k
aXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3Rl
Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwv
ZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_48E1A67CB9CA044EADFEAB87D814BFF64BA92606eusaamb107erics_--


From nobody Sat May 19 20:35:03 2018
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34FAD124B0A; Sat, 19 May 2018 20:34:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level: 
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zfSX7eQfa-eF; Sat, 19 May 2018 20:34:38 -0700 (PDT)
Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9740B1243F6; Sat, 19 May 2018 20:34:38 -0700 (PDT)
Received: by mail-io0-x22e.google.com with SMTP id e20-v6so10676876iof.4; Sat, 19 May 2018 20:34:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bbj0XWnoaJ79yTHDOEtgFCKGAWw5UGzBwxSmAE2W9ik=; b=OWlg1Pvrcf1S2k8/RMN2CITQC7HXsh595eY35lAspnlwrSx2JCY9KHRQeuVKCIYjQF 3jd9xRaoeSf4cdo0KhIvajzr5oboqx7kRc3wS+T1f8fgMFBOHSEuAvbY1F5t4Uw1gIS2 xOoMG0OTvcoW0pbdfxfxLdPfdBM659gerUKiMDDKcirvRG2YLXlI+oJoXG7ifAHwbV/v FzHyZHf7yyRhqZtN7UaKF3gkn4fOk7kiu9Xy1aW8k3e/uCfy+hfGWU00hQTlQ5qpI4uR YFUJD7gJkXZ4mWheX1TWWX1ryf1lx6kAy9yv5NNlCpwbSugM5v4GspT8NlEZP2ibzYJY nyWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bbj0XWnoaJ79yTHDOEtgFCKGAWw5UGzBwxSmAE2W9ik=; b=psbcVugzh+QCe9tXDLnj3yo1loUedaH9rIfQ6rSmqiAB/1QdU8Gzy17baBwzwDzn9A an8j8xWojUhh4xc3dGX/dRYQWdNnI/UWipUV523DLiB1gt6oOIQE2sDi31z9/xDs7X3L 7zmPlNRdMmYnsQZ5wy7uJt6AXXFXchBNJhhLJNy1ifOfPv632O3NhYcm5ZGpWFhXp4j2 eu5DYTeYvus4tYoaWFsmAA+YUWJRlaNfyf8WY4OkK5S3bTm9jBKi+Zkt+wZheyYMUHwV 4bQYVYzAyAelG+WfCfE7bvJ07q0T751oVRVDz0t1DDASBpONoa7COFm0S5AWsX081RSj 0ZDw==
X-Gm-Message-State: ALKqPwe9KJOcuzTDNOemjKuuWi7scdmdxdpDF5Ri4Se9ZAtCnXLuEylI FWG1FByfDgZAYeDvEi/RxetDtRL5l1p5de3i6ZGOKw==
X-Google-Smtp-Source: AB8JxZo4jBxH1AEAtNbUVChWJvTRWuLhR8wNN1G9l4VDkNp5dYnUiSAiw9dXZC1Rxr+yDklBGg5C0ebAiwrH+AJEIyY=
X-Received: by 2002:a6b:b513:: with SMTP id e19-v6mr16932685iof.267.1526787277786;  Sat, 19 May 2018 20:34:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:2a02:0:0:0:0:0 with HTTP; Sat, 19 May 2018 20:34:37 -0700 (PDT)
In-Reply-To: <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se>
References: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com> <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <CAFOuuo6XWv8NnWN2SDXDFJ-6FZVmvC-T8i8k+M3wXb2aARfqBg@mail.gmail.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se>
From: Radia Perlman <radiaperlman@gmail.com>
Date: Sat, 19 May 2018 20:34:37 -0700
Message-ID: <CAFOuuo5rZQpE7VrgRSxvMPJcC+3dRJco+a1S7BPEyqnCPmKBSA@mail.gmail.com>
To: Eric Gray <eric.gray@ericsson.com>
Cc: "Yemin (Amy)" <amy.yemin@huawei.com>, The IESG <iesg@ietf.org>,  "ccamp@ietf.org" <ccamp@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>,  "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" <draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005710d0056c9add87"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Z1UDhzR0TghPk1Zsul0od59w11A>
Subject: Re: [secdir] [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 May 2018 03:34:43 -0000

--0000000000005710d0056c9add87
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Eric,

I feel bad for the authors of this document to be burdened with clarifying
a distinction that has never been clear before (to lots of people,
including me),  but their proposed text doesn't make it clearer.

" =E2=80=9CIt's noted that there's idea that the NMS and SDN are evolving t=
owards a
component, and the distinction between them is quite vague. Another fact is
that there is still plenty of networks where NMS is still considered as the
implementation of the management plane, while SDN is considered as the
centralization of the control plane. They are still kept as separate
component"

 Do you (or anyone else) have a suggestion for text that acknowledges to
the reader that it's not the reader's fault for not understanding the
difference?

It would be OK with me for them to leave out  the extra entirely, since I'm
sure this isn't the first RFC whose verbiage claims SDN and NMS are two
different concepts. But if I were trying to get up to speed about this area
by reading the documents, I'd be somewhat comforted by an acknowledgement
(such as the text they propose, but with the English fixed) that these are
fuzzy distinctions, so I wouldn't think it was just me....that if I only
read more things, or thought harder, or had more background, the
distinction would be clear.

Radia




On Fri, May 18, 2018 at 1:27 PM, Eric Gray <eric.gray@ericsson.com> wrote:

> Hi Radia.
>
>
>
> I agree that the English is awkward, but I would have interpreted
> =E2=80=9Cevolving toward a component=E2=80=9D to mean something more alon=
g the lines of
> evolving toward the same (singular) thing.  Or perhaps another way to loo=
k
> at it might be that, because YANG is becoming a more popular mechanism fo=
r
> both NMS and SDN, it is likely that one or both of these may become
> components of a common management framework.
>
>
>
> I would interpret it this way precisely because =E2=80=93 as you say =E2=
=80=93 the
> distinction is not at all clear, though I would add that (to some of us)
> the distinction has never been very clear.  =F0=9F=98=8A
>
>
>
> For this reason, I would have some small difficulty in seeing how it woul=
d
> make much sense to say that they are evolving toward increasing similarit=
y.
>
>
>
> --
>
> Eric
>
>
>
> *From:* CCAMP [mailto:ccamp-bounces@ietf.org] *On Behalf Of *Radia Perlma=
n
> *Sent:* Friday, May 18, 2018 12:30 AM
> *To:* Yemin (Amy) <amy.yemin@huawei.com>
> *Cc:* The IESG <iesg@ietf.org>; ccamp@ietf.org; secdir@ietf.org;
> draft-ietf-ccamp-microwave-framework.all@tools.ietf.org
> *Subject:* Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-
> framework-05
>
>
>
> Thank you!  Though what you're suggesting is awkward English.
>
>
>
> Perhaps "We note that the distinction between NMS and SDN is not all that
> clear, and the two are evolving to be more and more similar." could repla=
ce
> the first sentence.  I'm really not sure what you meant by "evolving towa=
rd
> a component", so perhaps I'm not capturing what you are intending to say.
>
>
>
>
>
> Radia
>
>
>
> On Thu, May 17, 2018 at 7:03 PM, Yemin (Amy) <amy.yemin@huawei.com> wrote=
:
>
> Hi Radia,
>
>
>
> We just updated the draft, https://datatracker.ietf.org/
> doc/draft-ietf-ccamp-microwave-framework/.
>
> Your comments are addressed in the latest version.
>
>
>
> BR,
>
> Amy
>
> *From:* Yemin (Amy)
> *Sent:* Thursday, May 10, 2018 4:07 PM
> *To:* 'Daniele Ceccarelli' <daniele.ceccarelli@ericsson.com>; Radia
> Perlman <radiaperlman@gmail.com>; draft-ietf-ccamp-microwave-
> framework.all@tools.ietf.org; The IESG <iesg@ietf.org>; secdir@ietf.org
> *Subject:* RE: Secdir review of draft-ietf-ccamp-microwave-framework-05
>
>
>
> Hi Radia,
>
>
>
> Thanks for your review.
>
>
>
> Regarding the NMS and SDN, as Daniele suggested, we will add the followin=
g
> text in section 3:
>
> =E2=80=9CIt's noted that there's idea that the NMS and SDN are evolving t=
owards a
> component, and the distinction between them is quite vague. Another fact =
is
> that there is still plenty of networks where NMS is still considered as t=
he
> implementation of the management plane, while SDN is considered as the
> centralization of the control plane. They are still kept as separate
> component.=E2=80=9D
>
>
>
> Regarding the security considerations, yes, this draft doesn=E2=80=99t sp=
ecify the
> parameters.
>
> There=E2=80=99s another draft draft-ietf-ccamp-mw-yang, where the securit=
y
> consideration is addressed as you suggested.
>
>
>
> BR,
>
> Amy
>
> *From:* Daniele Ceccarelli [mailto:daniele.ceccarelli@ericsson.com
> <daniele.ceccarelli@ericsson.com>]
> *Sent:* Monday, May 07, 2018 5:46 PM
> *To:* Radia Perlman <radiaperlman@gmail.com>; draft-ietf-ccamp-microwave-
> framework.all@tools.ietf.org; The IESG <iesg@ietf.org>; secdir@ietf.org
> *Subject:* RE: Secdir review of draft-ietf-ccamp-microwave-framework-05
>
>
>
> Hi Radia,
>
>
>
> let me reply on behalf of the authors. First of all many thanks for your
> review.
>
>
>
> Regarding your question about traditional NMS vs SDN I agree with you on
> the fact that they are evolving towards a common component and the
> distinction is quite blurry, but there is still plenty of networks where
> NMS is still considered as the implementation of the management plane whi=
le
> SDN the centralization of the control plane and they are still kept as
> separate things.
>
>
>
> Hence, since the authors speak about =E2=80=9Ctraditional=E2=80=9D NMS an=
d SDN I would
> tend to allow for the distinction to be kept. If you prefer a note speaki=
ng
> about the convergence of the two things can be added.
>
>
>
> Thanks a lot
>
> Daniele  (ccamp co-chair)
>
>
>
> *From:* Radia Perlman [mailto:radiaperlman@gmail.com
> <radiaperlman@gmail.com>]
> *Sent:* luned=C3=AC 7 maggio 2018 08:55
> *To:* draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG <
> iesg@ietf.org>; secdir@ietf.org
> *Subject:* Secdir review of draft-ietf-ccamp-microwave-framework-05
>
>
>
> Sorry...resending because I mistyped the author address.
>
>
>
>
>
> ---------- Forwarded message ----------
> From: *Radia Perlman* <radiaperlman@gmail.com>
> Date: Sun, May 6, 2018 at 11:48 PM
> Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05
> To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org, The IESG =
<
> iesg@ietf.org>, secdir@ietf.org
>
> Summary:  No security issues found, but I do have questions, and there ar=
e
> editing glitches
>
>
>
> I have reviewed this document as part of the security directorate's ongoi=
ng
> effort to review all IETF documents being processed by the IESG.  These
> comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments ju=
st
> like any other last call comments.
>
>
>
> This document describes the management interface for microwave radio link=
s.
>
> It advocates (correctly, I believe) that such an interface should be
> extensible to provide for vendor-specific features.
>
>
>
> I don't understand the difference between a "a traditional network
> management system" and SDN.  Perhaps it is not the job of this document t=
o
> clearly make the distinction, and I suspect there is no real
> distinction...setting parameters (traditional network management) is a wa=
y
> of "programming" an interface ("SDN").
>
>
>
> This document could use an editing pass for glitches, but these glitches
> do not impact its readability.
>
>
>
> The glitches consist  mostly of leaving out little words like "of" in the
> following sentence.
>
> "The adoption of an SDN framework for management and
>
>    control the microwave interface is one of the key applications for
>
>    this work."
>
>
>
> The security considerations say that they assume a secure transport layer
> (authenticated, probably encryption isn't necessary) for communication.
> Other than that, perhaps, there might be security considerations for
> inadvertently setting parameters incorrectly, or maliciously by a trusted
> administrator.  But this document does not specify the specific parameter=
s
> to be managed, just a general framework.
>
>
>
> Radia
>
>
>
>
>
>
>

--0000000000005710d0056c9add87
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi Eric,<div><br></div><div>I feel bad for the authors of =
this document to be burdened with clarifying a distinction that has never b=
een clear before (to lots of people, including me),=C2=A0 but their propose=
d text doesn&#39;t make it clearer.</div><div><br></div><div>&quot;

<span style=3D"color:rgb(31,73,125);font-family:arial,sans-serif;font-size:=
12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:no=
rmal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px=
;text-transform:none;white-space:normal;word-spacing:0px;background-color:r=
gb(255,255,255);text-decoration-style:initial;text-decoration-color:initial=
;float:none;display:inline">=E2=80=9CIt&#39;s noted that there&#39;s idea t=
hat the NMS and SDN are evolving towards a component, and the distinction b=
etween them is quite vague. Another fact is that there is still plenty of n=
etworks where NMS is still considered as the implementation of the manageme=
nt plane, while SDN is considered as the centralization of the control plan=
e. They are still kept as separate component&quot;</span></div><div><span s=
tyle=3D"color:rgb(31,73,125);font-family:arial,sans-serif;font-size:12.8px;=
font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;fo=
nt-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-t=
ransform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,=
255,255);text-decoration-style:initial;text-decoration-color:initial;float:=
none;display:inline"><br></span></div><div><span style=3D"color:rgb(31,73,1=
25);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-va=
riant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spac=
ing:normal;text-align:start;text-indent:0px;text-transform:none;white-space=
:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-=
style:initial;text-decoration-color:initial;float:none;display:inline">=C2=
=A0Do you (or anyone else) have a suggestion for text that acknowledges to =
the reader that it&#39;s not the reader&#39;s fault for not understanding t=
he difference?</span></div><div><span style=3D"color:rgb(31,73,125);font-fa=
mily:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligat=
ures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;=
text-align:start;text-indent:0px;text-transform:none;white-space:normal;wor=
d-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initi=
al;text-decoration-color:initial;float:none;display:inline"><br></span></di=
v><div><font color=3D"#1f497d"><span style=3D"font-size:12.8px">It would be=
 OK with me for them to leave out=C2=A0 the extra entirely, since I&#39;m s=
ure this isn&#39;t the first RFC whose verbiage claims SDN and NMS are two =
different concepts. But if I were trying to get up to speed about this area=
 by reading the documents, I&#39;d be somewhat comforted by an acknowledgem=
ent (such as the text they propose, but with the English fixed) that these =
are fuzzy distinctions, so I wouldn&#39;t think it was just me....that if I=
 only read more things, or thought harder, or had more background, the dist=
inction would be clear.=C2=A0</span></font></div><div><font color=3D"#1f497=
d"><span style=3D"font-size:12.8px"><br></span></font></div><div><font colo=
r=3D"#1f497d"><span style=3D"font-size:12.8px">Radia</span></font></div><di=
v><font color=3D"#1f497d"><span style=3D"font-size:12.8px"><br></span></fon=
t></div><div><font color=3D"#1f497d"><span style=3D"font-size:12.8px"><br><=
/span></font></div><div><font color=3D"#1f497d"><span style=3D"font-size:12=
.8px"><br></span></font></div></div><div class=3D"gmail_extra"><br><div cla=
ss=3D"gmail_quote">On Fri, May 18, 2018 at 1:27 PM, Eric Gray <span dir=3D"=
ltr">&lt;<a href=3D"mailto:eric.gray@ericsson.com" target=3D"_blank">eric.g=
ray@ericsson.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote"=
 style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"m_-2058795482297373681WordSection1">
<p class=3D"MsoNormal">Hi Radia.<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">I agree that the English is awkward, but I would hav=
e interpreted =E2=80=9Cevolving toward a component=E2=80=9D to mean somethi=
ng more along the lines of evolving toward the same (singular) thing.=C2=A0=
 Or perhaps another way to look at it might be that, because
 YANG is becoming a more popular mechanism for both NMS and SDN, it is like=
ly that one or both of these may become components of a common management f=
ramework.<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">I would interpret it this way precisely because =E2=
=80=93 as you say =E2=80=93 the distinction is not at all clear, though I w=
ould add that (to some of us) the distinction has never been very clear.=C2=
=A0
<span style=3D"font-family:&quot;Segoe UI Emoji&quot;,sans-serif">=F0=9F=98=
=8A</span><u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">For this reason, I would have some small difficulty =
in seeing how it would make much sense to say that they are evolving toward=
 increasing similarity.<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">--<u></u><u></u></p>
<p class=3D"MsoNormal">Eric<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal"><span class=3D""><b>From:</b> CCAMP [mailto:<a href=
=3D"mailto:ccamp-bounces@ietf.org" target=3D"_blank">ccamp-bounces@ietf.org=
</a><wbr>] <b>On Behalf Of
</b>Radia Perlman<br>
</span><b>Sent:</b> Friday, May 18, 2018 12:30 AM<br>
<b>To:</b> Yemin (Amy) &lt;<a href=3D"mailto:amy.yemin@huawei.com" target=
=3D"_blank">amy.yemin@huawei.com</a>&gt;<span class=3D""><br>
<b>Cc:</b> The IESG &lt;<a href=3D"mailto:iesg@ietf.org" target=3D"_blank">=
iesg@ietf.org</a>&gt;; <a href=3D"mailto:ccamp@ietf.org" target=3D"_blank">=
ccamp@ietf.org</a>; <a href=3D"mailto:secdir@ietf.org" target=3D"_blank">se=
cdir@ietf.org</a>; <a href=3D"mailto:draft-ietf-ccamp-microwave-framework.a=
ll@tools.ietf.org" target=3D"_blank">draft-ietf-ccamp-microwave-<wbr>framew=
ork.all@tools.ietf.org</a><br>
<b>Subject:</b> Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-<wb=
r>framework-05<u></u><u></u></span></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">Thank you!=C2=A0 Though what you&#39;re suggesting i=
s awkward English.<u></u><u></u></p><div><div class=3D"h5">
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">Perhaps &quot;We note that the distinction between N=
MS and SDN is not all that clear, and the two are evolving to be more and m=
ore similar.&quot; could replace the first sentence.=C2=A0 I&#39;m really n=
ot sure what you meant by &quot;evolving toward a component&quot;,
 so perhaps I&#39;m not capturing what you are intending to say.<u></u><u><=
/u></p>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">Radia<u></u><u></u></p>
</div>
</div>
</div>
</div></div></div><div><div class=3D"h5">
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">On Thu, May 17, 2018 at 7:03 PM, Yemin (Amy) &lt;<a =
href=3D"mailto:amy.yemin@huawei.com" target=3D"_blank">amy.yemin@huawei.com=
</a>&gt; wrote:<u></u><u></u></p>
<blockquote style=3D"border:none;border-left:solid #cccccc 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Hi Radia,
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span><u></u><u=
></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">We just updated the dr=
aft,
<a href=3D"https://datatracker.ietf.org/doc/draft-ietf-ccamp-microwave-fram=
ework/" target=3D"_blank">
https://datatracker.ietf.org/<wbr>doc/draft-ietf-ccamp-<wbr>microwave-frame=
work/</a>. </span>
<u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Your comments are addr=
essed in the latest version.
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span><u></u><u=
></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">BR,</span><u></u><u></=
u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Amy</span><u></u><u></=
u></p>
<div>
<div style=3D"border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b>From:</b> Yemin (Amy)
<br>
<b>Sent:</b> Thursday, May 10, 2018 4:07 PM<br>
<b>To:</b> &#39;Daniele Ceccarelli&#39; &lt;<a href=3D"mailto:daniele.cecca=
relli@ericsson.com" target=3D"_blank">daniele.ceccarelli@ericsson.<wbr>com<=
/a>&gt;; Radia Perlman &lt;<a href=3D"mailto:radiaperlman@gmail.com" target=
=3D"_blank">radiaperlman@gmail.com</a>&gt;;
<a href=3D"mailto:draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" =
target=3D"_blank">
draft-ietf-ccamp-microwave-<wbr>framework.all@tools.ietf.org</a>; The IESG =
&lt;<a href=3D"mailto:iesg@ietf.org" target=3D"_blank">iesg@ietf.org</a>&gt=
;;
<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.org</a><br=
>
<b>Subject:</b> RE: Secdir review of draft-ietf-ccamp-microwave-<wbr>framew=
ork-05<u></u><u></u></p>
</div>
</div>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Hi Radia,
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span><u></u><u=
></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Thanks for your review=
.
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span><u></u><u=
></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Regarding the NMS and =
SDN, as Daniele suggested, we will add the following text in section 3:
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=E2=80=9CIt&#39;s note=
d that there&#39;s idea that the NMS and SDN are evolving towards a compone=
nt, and the distinction between them is quite vague. Another fact is
 that there is still plenty of networks where NMS is still considered as th=
e implementation of the management plane, while SDN is considered as the ce=
ntralization of the control plane. They are still kept as separate componen=
t.=E2=80=9D</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span><u></u><u=
></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Regarding the security=
 considerations, yes, this draft doesn=E2=80=99t specify the parameters.
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">There=E2=80=99s anothe=
r draft draft-ietf-ccamp-mw-yang, where the security consideration is addre=
ssed as you suggested.
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span><u></u><u=
></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">BR,</span><u></u><u></=
u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Amy</span><u></u><u></=
u></p>
<div>
<div style=3D"border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b>From:</b> Daniele Ceccarelli [<a href=3D"mailto:d=
aniele.ceccarelli@ericsson.com" target=3D"_blank">mailto:daniele.ceccarelli=
@<wbr>ericsson.com</a>]
<br>
<b>Sent:</b> Monday, May 07, 2018 5:46 PM<br>
<b>To:</b> Radia Perlman &lt;<a href=3D"mailto:radiaperlman@gmail.com" targ=
et=3D"_blank">radiaperlman@gmail.com</a>&gt;;
<a href=3D"mailto:draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" =
target=3D"_blank">
draft-ietf-ccamp-microwave-<wbr>framework.all@tools.ietf.org</a>; The IESG =
&lt;<a href=3D"mailto:iesg@ietf.org" target=3D"_blank">iesg@ietf.org</a>&gt=
;;
<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.org</a><br=
>
<b>Subject:</b> RE: Secdir review of draft-ietf-ccamp-microwave-<wbr>framew=
ork-05<u></u><u></u></p>
</div>
</div>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal"><span lang=3D"IT">Hi Radia,</span><u></u><u></u></p>
<div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
<p class=3D"MsoNormal">let me reply on behalf of the authors. First of all =
many thanks for your review.<u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal">Regarding your question about traditional NMS vs SDN=
 I agree with you on the fact that they are evolving towards a common compo=
nent and the distinction is quite blurry, but there
 is still plenty of networks where NMS is still considered as the implement=
ation of the management plane while SDN the centralization of the control p=
lane and they are still kept as separate things.<u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal">Hence, since the authors speak about =E2=80=9Ctradit=
ional=E2=80=9D NMS and SDN I would tend to allow for the distinction to be =
kept. If you prefer a note speaking about the convergence of the two
 things can be added.<u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal">Thanks a lot<u></u><u></u></p>
<p class=3D"MsoNormal">Daniele=C2=A0 (ccamp co-chair)<u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in =
4.0pt">
<div>
<div style=3D"border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b>From:</b> Radia Perlman [<a href=3D"mailto:radiap=
erlman@gmail.com" target=3D"_blank">mailto:radiaperlman@gmail.com</a><wbr>]
<br>
<b>Sent:</b> luned=C3=AC 7 maggio 2018 08:55<br>
<b>To:</b> <a href=3D"mailto:draft-ietf-ccamp-microwave-framework.all@tools=
.ietf.org" target=3D"_blank">
draft-ietf-ccamp-microwave-<wbr>framework.all@tools.ietf.org</a>; The IESG =
&lt;<a href=3D"mailto:iesg@ietf.org" target=3D"_blank">iesg@ietf.org</a>&gt=
;;
<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.org</a><br=
>
<b>Subject:</b> Secdir review of draft-ietf-ccamp-microwave-<wbr>framework-=
05<u></u><u></u></p>
</div>
</div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">Sorry...resending because I mistyp=
ed the author address.</span><u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
<div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt"><span lang=3D"IT">---=
------- Forwarded message ----------<br>
From: <b>Radia Perlman</b> &lt;<a href=3D"mailto:radiaperlman@gmail.com" ta=
rget=3D"_blank">radiaperlman@gmail.com</a>&gt;<br>
Date: Sun, May 6, 2018 at 11:48 PM<br>
Subject: Secdir review of draft-ietf-ccamp-microwave-<wbr>framework-05<br>
To: <a href=3D"mailto:draft-ietf-ccamp-microwave-framework-05.all@tools.iet=
f.org" target=3D"_blank">
draft-ietf-ccamp-microwave-<wbr>framework-05.all@tools.ietf.<wbr>org</a>, T=
he IESG &lt;<a href=3D"mailto:iesg@ietf.org" target=3D"_blank">iesg@ietf.or=
g</a>&gt;,
<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.org</a></s=
pan><u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"font-size:9.5pt;font-fami=
ly:&quot;Arial&quot;,sans-serif;color:#222222">Summary:=C2=A0 No security i=
ssues found, but I do have questions, and there are editing glitches</span>=
<u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"font-size:9.5pt;font-fami=
ly:&quot;Arial&quot;,sans-serif;color:#222222">I have reviewed this documen=
t as part of the security directorate&#39;s ongoing<br>
effort to=C2=A0<span class=3D"m_-2058795482297373681m-6166985804615279366m4=
131376728031167306gmail-m9026368803713863349gmail-m-5057010912157782534gmai=
l-il">review</span>=C2=A0all IETF documents being processed by the IESG.=C2=
=A0 These<br>
comments were written primarily for the benefit of the security area<br>
directors.=C2=A0 Document editors and WG chairs should treat these comments=
 just<br>
like any other last call comments.</span><span lang=3D"IT">=C2=A0</span><u>=
</u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">This document describes the manage=
ment interface for microwave radio links.</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">It advocates (correctly, I believe=
) that such an interface should be extensible to provide for vendor-specifi=
c features.</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">I don&#39;t understand the differe=
nce between a &quot;a traditional network management system&quot; and SDN.=
=C2=A0 Perhaps it is not the job of this document to clearly make the disti=
nction,
 and I suspect there is no real distinction...setting parameters (tradition=
al network management) is a way of &quot;programming&quot; an interface (&q=
uot;SDN&quot;).=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">This document could use an editing=
 pass for glitches, but these glitches do not impact its readability.</span=
><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">The glitches consist=C2=A0 mostly =
of leaving out little words like &quot;of&quot; in the following sentence.<=
/span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">&quot;The adoption of an SDN frame=
work for management and</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0 =C2=A0control the microwave=
 interface is one of the key applications for</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0 =C2=A0this work.&quot;</spa=
n><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">The security considerations say th=
at they assume a secure transport layer (authenticated, probably encryption=
 isn&#39;t necessary) for communication.=C2=A0 Other than that,
 perhaps, there might be security considerations for inadvertently setting =
parameters incorrectly, or maliciously by a trusted administrator.=C2=A0 Bu=
t this document does not specify the specific parameters to be managed, jus=
t a general framework.</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"color:#888888">=C2=A0</sp=
an><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"color:#888888">Radia</spa=
n><u></u><u></u></p>
</div>
<div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"color:#888888">=C2=A0</sp=
an><u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div></div></div>
</div>

</blockquote></div><br></div>

--0000000000005710d0056c9add87--


From nobody Sun May 20 13:26:06 2018
Return-Path: <db3546@att.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8429C12D94A; Sun, 20 May 2018 13:25:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.611
X-Spam-Level: 
X-Spam-Status: No, score=-0.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t8cOBmtmixZE; Sun, 20 May 2018 13:25:51 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBE9E12D864; Sun, 20 May 2018 13:25:50 -0700 (PDT)
Received: from pps.filterd (m0049462.ppops.net [127.0.0.1]) by m0049462.ppops.net-00191d01. (8.16.0.22/8.16.0.22) with SMTP id w4KKP2dl038948; Sun, 20 May 2018 16:25:45 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049462.ppops.net-00191d01. with ESMTP id 2j3euagt3v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 20 May 2018 16:25:45 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id w4KKPiva031292; Sun, 20 May 2018 16:25:44 -0400
Received: from zlp27128.vci.att.com (zlp27128.vci.att.com [135.66.87.50]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id w4KKPdwo031272; Sun, 20 May 2018 16:25:39 -0400
Received: from zlp27128.vci.att.com (zlp27128.vci.att.com [127.0.0.1]) by zlp27128.vci.att.com (Service) with ESMTP id 3E4D540006B6; Sun, 20 May 2018 20:25:39 +0000 (GMT)
Received: from MISOUT7MSGHUBAE.ITServices.sbc.com (unknown [130.9.129.149]) by zlp27128.vci.att.com (Service) with ESMTPS id 1B53E4000694; Sun, 20 May 2018 20:25:39 +0000 (GMT)
Received: from MISOUT7MSGUSRDE.ITServices.sbc.com ([169.254.5.208]) by MISOUT7MSGHUBAE.ITServices.sbc.com ([130.9.129.149]) with mapi id 14.03.0389.001; Sun, 20 May 2018 16:25:38 -0400
From: "BRUNGARD, DEBORAH A" <db3546@att.com>
To: Radia Perlman <radiaperlman@gmail.com>, Eric Gray <eric.gray@ericsson.com>
CC: "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" <draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>, "ccamp@ietf.org" <ccamp@ietf.org>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
Thread-Index: AQHT5dBPet2Bgtmt1EKn9EjHvpwz36QjfqkAgAUccQCADDFO8IAAbMGAgAELkwCAAgmlgIAAtarQ
Date: Sun, 20 May 2018 20:25:37 +0000
Message-ID: <F64C10EAA68C8044B33656FA214632C888316F24@MISOUT7MSGUSRDE.ITServices.sbc.com>
References: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com> <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <CAFOuuo6XWv8NnWN2SDXDFJ-6FZVmvC-T8i8k+M3wXb2aARfqBg@mail.gmail.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se> <CAFOuuo5rZQpE7VrgRSxvMPJcC+3dRJco+a1S7BPEyqnCPmKBSA@mail.gmail.com>
In-Reply-To: <CAFOuuo5rZQpE7VrgRSxvMPJcC+3dRJco+a1S7BPEyqnCPmKBSA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [130.10.206.117]
Content-Type: multipart/alternative; boundary="_000_F64C10EAA68C8044B33656FA214632C888316F24MISOUT7MSGUSRDE_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-05-20_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805200249
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/txiUPxDVfSHfZSB4IP1l6-4AdPc>
Subject: Re: [secdir] [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 May 2018 20:25:55 -0000

--_000_F64C10EAA68C8044B33656FA214632C888316F24MISOUT7MSGUSRDE_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGksDQoNCkEgYml0IGxhdGUganVtcGluZyBpbiwgYnV0IEkgd2FzIGludm9sdmVkIGluIGEgbWVl
dGluZyBhbmQgdHJhdmVsbGluZyB0by9mcm9tIEV1cm9wZS4NCg0KVGhlcmXigJlzIHNldmVyYWwg
UkZDcyBwcm92aWRpbmcgYSBkaXN0aW5jdGlvbiBvbiBTRE4gYW5kIHRyYWRpdGlvbmFsIE5NUyAo
RXJpYywgd2XigJlsbCBoYXZlIGEgYmFyIGNoYXQgb24gdGhhdPCfmIopLiBIZXJlLCBJ4oCZZCBz
dWdnZXN0IGFuIGluZm9ybWF0aXZlIHJlZmVyZW5jZSB0byBSRkMgNzQyNiDigJxTRE46IExheWVy
cyBhbmQgQXJjaGl0ZWN0dXJlIFRlcm1pbm9sb2d54oCdLiBGb3IgdGhvc2Ugd2FudGluZyBjbGFy
aWZpY2F0aW9uIG9uIOKAnG9uZeKAnSBjb21wb25lbnQsIGNoZWNrIG91dCBTZWN0aW9uIDTigJlz
IGFkdm9jYXRlZCBldm9sdXRpb24gZGlyZWN0aW9uLg0KDQpIZXJlIGluIHRoaXMgbWljcm93YXZl
IGRyYWZ0LCB0aGUgcXVlc3Rpb24gaXMgbm90IGhvdyBtYW55IGludGVyZmFjZXMgb3IgaWYgY29t
cG9uZW50cyBhcmUgb25lIG9yIHR3byBwaHlzaWNhbGx5L2Z1bmN0aW9uYWxseSwgYnV0IHRvIGFk
ZHJlc3Mgd2h5IHRoZXJlIGlzIGludGVyZXN0IGluIGRvaW5nIHRoaXMgd29yayAodG8gc3VwcG9y
dCBtdWx0aS12ZW5kb3IgKFNETiBOQkkpIGVudmlyb25tZW50cyB2cy4gdHJhZGl0aW9uYWwgb25l
IHZlbmRvciB1c2luZyBpbnRlcm1lZGlhdGUgKHByb3ByaWV0YXJ5KSBzeXN0ZW1zKSBhbmQgd2hh
dCBpcyBuZWVkZWQgZm9yIG1hbmFnZW1lbnQgYW5kIGNvbnRyb2wgc28gYXMgdG8gaWRlbnRpZnkg
YSBzdGFuZGFyZCBZQU5HIG1vZGVsLiBUaGVzZSBjb3VwbGUgb2Ygc2VudGVuY2VzIHdhbnQgdG8g
c2F5IHRoaXMgZHJhZnQgZG9lcyBub3Qgd2FudCB0byBwcmVjbHVkZSBpbXBsZW1lbnRhdGlvbnMg
d2hpY2ggc3RpbGwgdXNlIHRoZSBtb3JlIHRyYWRpdGlvbmFsIHR3byBpbnRlcmZhY2UgYXBwcm9h
Y2ggKGNvbnRyb2wsIG1hbmFnZW1lbnQpIG9yIGEgc2luZ2xlIGVudGl0eSBkb2luZyB0aGUgZnVu
Y3Rpb25hbGl0eSBvdmVyIOKAnG9uZeKAnSBpbnRlcmZhY2UuDQoNCknigJlkIHN1Z2dlc3Qgb24g
djA2Og0KU29mdHdhcmUgRGVmaW5lZCBOZXR3b3JraW5nIChTRE4pDQpTZWN0aW9uIDIgKERlZmlu
aXRpb25zKToNClNETuKApiBTRE4gY2FuIGJlIHVzZWQgYXMgYSB0ZXJtIGZvciBhdXRvbWF0aW9u
IG9mIHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCwgd2hpY2ggY2FuIGJlIGltcGxlbWVu
dGVkIHVzaW5nIGEgc2ltaWxhciBhcHByb2FjaC4NCi9zLw0KU0ROIGNhbiBiZSB1c2VkIGZvciBh
dXRvbWF0aW9uIG9mIHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCBmdW5jdGlvbmFsaXR5
IHVzaW5nIGFuIFNETiBhcHByb2FjaCBvZiBzdGFuZGFyZGl6ZWQgcHJvZ3JhbW1hYmxlIGludGVy
ZmFjZXMgZm9yIGNvbnRyb2wgYW5kIG1hbmFnZW1lbnQgW1JGQzc0MjZdLg0KDQpTZWN0aW9uIDM6
DQpTRE4gc29sdXRpb25zIGNhbiBiZSB1c2VkIGFzIHBhcnQgb2YgdGhlIG5ldHdvcmsgbWFuYWdl
bWVudCBzeXN0ZW0sIGFsbG93aW5nIGZvciBkaXJlY3QgbmV0d29yayBwcm9ncmFtbWFiaWxpdHkg
YW5kIGF1dG9tYXRlZCBjb25maWd1cmFiaWxpdHkgYnkgbWVhbnMgb2YgYSBjZW50cmFsaXplZCBT
RE4gY29udHJvbCBhbmQgc3RhbmRhcmRpemVkIGludGVyZmFjZXMgdG8gcHJvZ3JhbSB0aGUgbm9k
ZXMuICBJdCdzIG5vdGVkIHRoYXQgdGhlcmUncyBpZGVhIHRoYXQgdGhlIE5NUyBhbmQgU0ROIGFy
ZSBldm9sdmluZyB0b3dhcmRzIGEgY29tcG9uZW50LCBhbmQgdGhlIGRpc3RpbmN0aW9uIGJldHdl
ZW4gdGhlbSBpcyBxdWl0ZSB2YWd1ZS4gIEFub3RoZXIgZmFjdCBpcyB0aGF0IHRoZXJlIGlzIHN0
aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0
aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUsIHdoaWxlIFNETiBpcyBj
b25zaWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZS4gIFRo
ZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgY29tcG9uZW50cy4NCi9zLw0KU0ROIHNvbHV0
aW9ucyB3aXRoIHN0YW5kYXJkaXplZCBpbnRlcmZhY2VzIGNhbiBiZSB1c2VkIGFzIHBhcnQgb2Yg
dGhlIG5ldHdvcmsgbWFuYWdlbWVudCBzeXN0ZW0uICBBcyBub3RlZCBpbiBbUkZDNzQyNl0sIHdp
dGggdGhlIGFkb3B0aW9uIG9mIG9wZW4gYW5kIHN0YW5kYXJkaXplZCBpbnRlcmZhY2VzLCB0aGUg
cGFydGl0aW9uIG9mIGZ1bmN0aW9uYWxpdHkgYW5kIGRpc3RpbmN0aW9ucyBiZXR3ZWVuIGFuIE5N
UyBjb250cm9sbGVyIGFuZCBTRE4gY29udHJvbGxlciBhcmUgYmVjb21pbmcgbGVzcyBjbGVhciwg
YW5kIGZvciBzb21lIGFwcGxpY2F0aW9ucywgaGF2ZSBldm9sdmVkIHRvIG9uZSBjb250cm9sbGVy
L29uZSBpbnRlcmZhY2UuICBBcyB0aGVyZSBhcmUgc3RpbGwgbWFueSBuZXR3b3JrcyB3aGVyZSB0
aGUgTk1TIGlzIGltcGxlbWVudGVkIGFzIG9uZSBjb21wb25lbnQvaW50ZXJmYWNlIGFuZCB0aGUg
U0ROIGNvbnRyb2xsZXIgaXMgc2NvcGVkIHRvIGNvbnRyb2wgcGxhbmUgZnVuY3Rpb25hbGl0eSBh
cyBhIHNlcGFyYXRlIGNvbXBvbmVudC9pbnRlcmZhY2UsIHRoaXMgZG9jdW1lbnQgZG9lcyBub3Qg
cHJlY2x1ZGUgZWl0aGVyIG1vZGVsLiBUaGUgYWltIG9mIHRoaXMgZG9jdW1lbnQgaXMgdG8gcHJv
dmlkZSBhIGZyYW1ld29yayBkZXNjcmliaW5nIGJvdGggbWFuYWdlbWVudCBhbmQgY29udHJvbCBv
ZiBtaWNyb3dhdmUgaW50ZXJmYWNlcyB0byBzdXBwb3J0IGRldmVsb3BtZW50IG9mIGEgY29tbW9u
IFlBTkcgRGF0YSBNb2RlbC4NCg0KSG9wZWZ1bGx5IHRoaXMgaW1wcm92ZXMtDQpUaGFua3MgZXZl
cnlvbmUgZm9yIHRoZSBjb21tZW50cy9jYXJlZnVsIHJlYWRpbmctDQpEZWJvcmFoDQoNCg0KRnJv
bTogQ0NBTVAgPGNjYW1wLWJvdW5jZXNAaWV0Zi5vcmc+IE9uIEJlaGFsZiBPZiBSYWRpYSBQZXJs
bWFuDQpTZW50OiBTYXR1cmRheSwgTWF5IDE5LCAyMDE4IDExOjM1IFBNDQpUbzogRXJpYyBHcmF5
IDxlcmljLmdyYXlAZXJpY3Nzb24uY29tPg0KQ2M6IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZl
LWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc7IGNjYW1wQGlldGYub3JnOyBUaGUgSUVTRyA8
aWVzZ0BpZXRmLm9yZz47IHNlY2RpckBpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtDQ0FNUF0gU2Vj
ZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNCg0K
SGkgRXJpYywNCg0KSSBmZWVsIGJhZCBmb3IgdGhlIGF1dGhvcnMgb2YgdGhpcyBkb2N1bWVudCB0
byBiZSBidXJkZW5lZCB3aXRoIGNsYXJpZnlpbmcgYSBkaXN0aW5jdGlvbiB0aGF0IGhhcyBuZXZl
ciBiZWVuIGNsZWFyIGJlZm9yZSAodG8gbG90cyBvZiBwZW9wbGUsIGluY2x1ZGluZyBtZSksICBi
dXQgdGhlaXIgcHJvcG9zZWQgdGV4dCBkb2Vzbid0IG1ha2UgaXQgY2xlYXJlci4NCg0KIiDigJxJ
dCdzIG5vdGVkIHRoYXQgdGhlcmUncyBpZGVhIHRoYXQgdGhlIE5NUyBhbmQgU0ROIGFyZSBldm9s
dmluZyB0b3dhcmRzIGEgY29tcG9uZW50LCBhbmQgdGhlIGRpc3RpbmN0aW9uIGJldHdlZW4gdGhl
bSBpcyBxdWl0ZSB2YWd1ZS4gQW5vdGhlciBmYWN0IGlzIHRoYXQgdGhlcmUgaXMgc3RpbGwgcGxl
bnR5IG9mIG5ldHdvcmtzIHdoZXJlIE5NUyBpcyBzdGlsbCBjb25zaWRlcmVkIGFzIHRoZSBpbXBs
ZW1lbnRhdGlvbiBvZiB0aGUgbWFuYWdlbWVudCBwbGFuZSwgd2hpbGUgU0ROIGlzIGNvbnNpZGVy
ZWQgYXMgdGhlIGNlbnRyYWxpemF0aW9uIG9mIHRoZSBjb250cm9sIHBsYW5lLiBUaGV5IGFyZSBz
dGlsbCBrZXB0IGFzIHNlcGFyYXRlIGNvbXBvbmVudCINCg0KIERvIHlvdSAob3IgYW55b25lIGVs
c2UpIGhhdmUgYSBzdWdnZXN0aW9uIGZvciB0ZXh0IHRoYXQgYWNrbm93bGVkZ2VzIHRvIHRoZSBy
ZWFkZXIgdGhhdCBpdCdzIG5vdCB0aGUgcmVhZGVyJ3MgZmF1bHQgZm9yIG5vdCB1bmRlcnN0YW5k
aW5nIHRoZSBkaWZmZXJlbmNlPw0KDQpJdCB3b3VsZCBiZSBPSyB3aXRoIG1lIGZvciB0aGVtIHRv
IGxlYXZlIG91dCAgdGhlIGV4dHJhIGVudGlyZWx5LCBzaW5jZSBJJ20gc3VyZSB0aGlzIGlzbid0
IHRoZSBmaXJzdCBSRkMgd2hvc2UgdmVyYmlhZ2UgY2xhaW1zIFNETiBhbmQgTk1TIGFyZSB0d28g
ZGlmZmVyZW50IGNvbmNlcHRzLiBCdXQgaWYgSSB3ZXJlIHRyeWluZyB0byBnZXQgdXAgdG8gc3Bl
ZWQgYWJvdXQgdGhpcyBhcmVhIGJ5IHJlYWRpbmcgdGhlIGRvY3VtZW50cywgSSdkIGJlIHNvbWV3
aGF0IGNvbWZvcnRlZCBieSBhbiBhY2tub3dsZWRnZW1lbnQgKHN1Y2ggYXMgdGhlIHRleHQgdGhl
eSBwcm9wb3NlLCBidXQgd2l0aCB0aGUgRW5nbGlzaCBmaXhlZCkgdGhhdCB0aGVzZSBhcmUgZnV6
enkgZGlzdGluY3Rpb25zLCBzbyBJIHdvdWxkbid0IHRoaW5rIGl0IHdhcyBqdXN0IG1lLi4uLnRo
YXQgaWYgSSBvbmx5IHJlYWQgbW9yZSB0aGluZ3MsIG9yIHRob3VnaHQgaGFyZGVyLCBvciBoYWQg
bW9yZSBiYWNrZ3JvdW5kLCB0aGUgZGlzdGluY3Rpb24gd291bGQgYmUgY2xlYXIuDQoNClJhZGlh
DQoNCg0KDQoNCk9uIEZyaSwgTWF5IDE4LCAyMDE4IGF0IDE6MjcgUE0sIEVyaWMgR3JheSA8ZXJp
Yy5ncmF5QGVyaWNzc29uLmNvbTxtYWlsdG86ZXJpYy5ncmF5QGVyaWNzc29uLmNvbT4+IHdyb3Rl
Og0KSGkgUmFkaWEuDQoNCkkgYWdyZWUgdGhhdCB0aGUgRW5nbGlzaCBpcyBhd2t3YXJkLCBidXQg
SSB3b3VsZCBoYXZlIGludGVycHJldGVkIOKAnGV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVudOKA
nSB0byBtZWFuIHNvbWV0aGluZyBtb3JlIGFsb25nIHRoZSBsaW5lcyBvZiBldm9sdmluZyB0b3dh
cmQgdGhlIHNhbWUgKHNpbmd1bGFyKSB0aGluZy4gIE9yIHBlcmhhcHMgYW5vdGhlciB3YXkgdG8g
bG9vayBhdCBpdCBtaWdodCBiZSB0aGF0LCBiZWNhdXNlIFlBTkcgaXMgYmVjb21pbmcgYSBtb3Jl
IHBvcHVsYXIgbWVjaGFuaXNtIGZvciBib3RoIE5NUyBhbmQgU0ROLCBpdCBpcyBsaWtlbHkgdGhh
dCBvbmUgb3IgYm90aCBvZiB0aGVzZSBtYXkgYmVjb21lIGNvbXBvbmVudHMgb2YgYSBjb21tb24g
bWFuYWdlbWVudCBmcmFtZXdvcmsuDQoNCkkgd291bGQgaW50ZXJwcmV0IGl0IHRoaXMgd2F5IHBy
ZWNpc2VseSBiZWNhdXNlIOKAkyBhcyB5b3Ugc2F5IOKAkyB0aGUgZGlzdGluY3Rpb24gaXMgbm90
IGF0IGFsbCBjbGVhciwgdGhvdWdoIEkgd291bGQgYWRkIHRoYXQgKHRvIHNvbWUgb2YgdXMpIHRo
ZSBkaXN0aW5jdGlvbiBoYXMgbmV2ZXIgYmVlbiB2ZXJ5IGNsZWFyLiAg8J+Yig0KDQpGb3IgdGhp
cyByZWFzb24sIEkgd291bGQgaGF2ZSBzb21lIHNtYWxsIGRpZmZpY3VsdHkgaW4gc2VlaW5nIGhv
dyBpdCB3b3VsZCBtYWtlIG11Y2ggc2Vuc2UgdG8gc2F5IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcg
dG93YXJkIGluY3JlYXNpbmcgc2ltaWxhcml0eS4NCg0KLS0NCkVyaWMNCg0KRnJvbTogQ0NBTVAg
W21haWx0bzpjY2FtcC1ib3VuY2VzQGlldGYub3JnPG1haWx0bzpjY2FtcC1ib3VuY2VzQGlldGYu
b3JnPl0gT24gQmVoYWxmIE9mIFJhZGlhIFBlcmxtYW4NClNlbnQ6IEZyaWRheSwgTWF5IDE4LCAy
MDE4IDEyOjMwIEFNDQpUbzogWWVtaW4gKEFteSkgPGFteS55ZW1pbkBodWF3ZWkuY29tPG1haWx0
bzphbXkueWVtaW5AaHVhd2VpLmNvbT4+DQpDYzogVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFp
bHRvOmllc2dAaWV0Zi5vcmc+PjsgY2NhbXBAaWV0Zi5vcmc8bWFpbHRvOmNjYW1wQGlldGYub3Jn
Pjsgc2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+OyBkcmFmdC1pZXRmLWNj
YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPG1haWx0bzpkcmFmdC1p
ZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPg0KU3ViamVj
dDogUmU6IFtDQ0FNUF0gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2
ZS1mcmFtZXdvcmstMDUNCg0KVGhhbmsgeW91ISAgVGhvdWdoIHdoYXQgeW91J3JlIHN1Z2dlc3Rp
bmcgaXMgYXdrd2FyZCBFbmdsaXNoLg0KDQpQZXJoYXBzICJXZSBub3RlIHRoYXQgdGhlIGRpc3Rp
bmN0aW9uIGJldHdlZW4gTk1TIGFuZCBTRE4gaXMgbm90IGFsbCB0aGF0IGNsZWFyLCBhbmQgdGhl
IHR3byBhcmUgZXZvbHZpbmcgdG8gYmUgbW9yZSBhbmQgbW9yZSBzaW1pbGFyLiIgY291bGQgcmVw
bGFjZSB0aGUgZmlyc3Qgc2VudGVuY2UuICBJJ20gcmVhbGx5IG5vdCBzdXJlIHdoYXQgeW91IG1l
YW50IGJ5ICJldm9sdmluZyB0b3dhcmQgYSBjb21wb25lbnQiLCBzbyBwZXJoYXBzIEknbSBub3Qg
Y2FwdHVyaW5nIHdoYXQgeW91IGFyZSBpbnRlbmRpbmcgdG8gc2F5Lg0KDQoNClJhZGlhDQoNCk9u
IFRodSwgTWF5IDE3LCAyMDE4IGF0IDc6MDMgUE0sIFllbWluIChBbXkpIDxhbXkueWVtaW5AaHVh
d2VpLmNvbTxtYWlsdG86YW15LnllbWluQGh1YXdlaS5jb20+PiB3cm90ZToNCkhpIFJhZGlhLA0K
DQpXZSBqdXN0IHVwZGF0ZWQgdGhlIGRyYWZ0LCBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3Jn
L2RvYy9kcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsvPGh0dHBzOi8vdXJsZGVm
ZW5zZS5wcm9vZnBvaW50LmNvbS92Mi91cmw/dT1odHRwcy0zQV9fZGF0YXRyYWNrZXIuaWV0Zi5v
cmdfZG9jX2RyYWZ0LTJEaWV0Zi0yRGNjYW1wLTJEbWljcm93YXZlLTJEZnJhbWV3b3JrXyZkPUR3
TUZhUSZjPUxGWVotbzlfSFVNZU1UU1FpY3ZqSWcmcj02VWhHcFc5bHdpOWRNN2pZbHhYRDh3Jm09
WmlVbFdjSko3SnF3Mnh4V3lMSHR5R2FVMlZJY094OXU2ZHlDb0Y0eGRDbyZzPUd5SGFxUlVRazFE
UEZmdHRYYTZGWFVwTkRCNHJPblJYdGsycDhtbXZ0b2cmZT0+Lg0KWW91ciBjb21tZW50cyBhcmUg
YWRkcmVzc2VkIGluIHRoZSBsYXRlc3QgdmVyc2lvbi4NCg0KQlIsDQpBbXkNCkZyb206IFllbWlu
IChBbXkpDQpTZW50OiBUaHVyc2RheSwgTWF5IDEwLCAyMDE4IDQ6MDcgUE0NClRvOiAnRGFuaWVs
ZSBDZWNjYXJlbGxpJyA8ZGFuaWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbTxtYWlsdG86ZGFu
aWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbT4+OyBSYWRpYSBQZXJsbWFuIDxyYWRpYXBlcmxt
YW5AZ21haWwuY29tPG1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tPj47IGRyYWZ0LWlldGYt
Y2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0
LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc+OyBUaGUg
SUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+OyBzZWNkaXJAaWV0Zi5v
cmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4NClN1YmplY3Q6IFJFOiBTZWNkaXIgcmV2aWV3IG9m
IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpIaSBSYWRpYSwNCg0K
VGhhbmtzIGZvciB5b3VyIHJldmlldy4uDQoNClJlZ2FyZGluZyB0aGUgTk1TIGFuZCBTRE4sIGFz
IERhbmllbGUgc3VnZ2VzdGVkLCB3ZSB3aWxsIGFkZCB0aGUgZm9sbG93aW5nIHRleHQgaW4gc2Vj
dGlvbiAzOg0K4oCcSXQncyBub3RlZCB0aGF0IHRoZXJlJ3MgaWRlYSB0aGF0IHRoZSBOTVMgYW5k
IFNETiBhcmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbXBvbmVudCwgYW5kIHRoZSBkaXN0aW5jdGlv
biBiZXR3ZWVuIHRoZW0gaXMgcXVpdGUgdmFndWUuIEFub3RoZXIgZmFjdCBpcyB0aGF0IHRoZXJl
IGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJl
ZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUsIHdoaWxlIFNE
TiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFu
ZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25lbnQu4oCdDQoNClJlZ2Fy
ZGluZyB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBkcmFmdCBkb2VzbuKA
mXQgc3BlY2lmeSB0aGUgcGFyYW1ldGVycy4NClRoZXJl4oCZcyBhbm90aGVyIGRyYWZ0IGRyYWZ0
LWlldGYtY2NhbXAtbXcteWFuZywgd2hlcmUgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb24gaXMg
YWRkcmVzc2VkIGFzIHlvdSBzdWdnZXN0ZWQuDQoNCkJSLA0KQW15DQpGcm9tOiBEYW5pZWxlIENl
Y2NhcmVsbGkgW21haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tXQ0KU2VudDog
TW9uZGF5LCBNYXkgMDcsIDIwMTggNTo0NiBQTQ0KVG86IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVy
bG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20+PjsgZHJhZnQtaWV0
Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJh
ZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRo
ZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRm
Lm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVjdDogUkU6IFNlY2RpciByZXZpZXcg
b2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1DQoNCkhpIFJhZGlhLA0K
DQpsZXQgbWUgcmVwbHkgb24gYmVoYWxmIG9mIHRoZSBhdXRob3JzLiBGaXJzdCBvZiBhbGwgbWFu
eSB0aGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KDQpSZWdhcmRpbmcgeW91ciBxdWVzdGlvbiBhYm91
dCB0cmFkaXRpb25hbCBOTVMgdnMgU0ROIEkgYWdyZWUgd2l0aCB5b3Ugb24gdGhlIGZhY3QgdGhh
dCB0aGV5IGFyZSBldm9sdmluZyB0b3dhcmRzIGEgY29tbW9uIGNvbXBvbmVudCBhbmQgdGhlIGRp
c3RpbmN0aW9uIGlzIHF1aXRlIGJsdXJyeSwgYnV0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBu
ZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRp
b24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXphdGlvbiBv
ZiB0aGUgY29udHJvbCBwbGFuZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSB0
aGluZ3MuDQoNCkhlbmNlLCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVhayBhYm91dCDigJx0cmFkaXRp
b25hbOKAnSBOTVMgYW5kIFNETiBJIHdvdWxkIHRlbmQgdG8gYWxsb3cgZm9yIHRoZSBkaXN0aW5j
dGlvbiB0byBiZSBrZXB0LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBzcGVha2luZyBhYm91dCB0aGUg
Y29udmVyZ2VuY2Ugb2YgdGhlIHR3byB0aGluZ3MgY2FuIGJlIGFkZGVkLg0KDQpUaGFua3MgYSBs
b3QNCkRhbmllbGUgIChjY2FtcCBjby1jaGFpcikNCg0KRnJvbTogUmFkaWEgUGVybG1hbiBbbWFp
bHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb21dDQpTZW50OiBsdW5lZMOsIDcgbWFnZ2lvIDIwMTgg
MDg6NTUNClRvOiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xz
LmlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxs
QHRvb2xzLi5pZXRmLm9yZz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGll
dGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVj
dDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmst
MDUNCg0KU29ycnkuLi5yZXNlbmRpbmcgYmVjYXVzZSBJIG1pc3R5cGVkIHRoZSBhdXRob3IgYWRk
cmVzcy4NCg0KDQotLS0tLS0tLS0tIEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS0NCkZyb206
IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVybG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlhcGVybG1h
bkBnbWFpbC5jb20+Pg0KRGF0ZTogU3VuLCBNYXkgNiwgMjAxOCBhdCAxMTo0OCBQTQ0KU3ViamVj
dDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmst
MDUNClRvOiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xz
LmlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUu
YWxsQHRvb2xzLmlldGYub3JnPiwgVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dA
aWV0Zi5vcmc+Piwgc2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQpTdW1t
YXJ5OiAgTm8gc2VjdXJpdHkgaXNzdWVzIGZvdW5kLCBidXQgSSBkbyBoYXZlIHF1ZXN0aW9ucywg
YW5kIHRoZXJlIGFyZSBlZGl0aW5nIGdsaXRjaGVzDQoNCkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRv
Y3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZw0KZWZm
b3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJ
RVNHLiAgVGhlc2UNCmNvbW1lbnRzIHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5l
Zml0IG9mIHRoZSBzZWN1cml0eSBhcmVhDQpkaXJlY3RvcnMuICBEb2N1bWVudCBlZGl0b3JzIGFu
ZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3QNCmxpa2UgYW55IG90
aGVyIGxhc3QgY2FsbCBjb21tZW50cy4NCg0KVGhpcyBkb2N1bWVudCBkZXNjcmliZXMgdGhlIG1h
bmFnZW1lbnQgaW50ZXJmYWNlIGZvciBtaWNyb3dhdmUgcmFkaW8gbGlua3MuDQpJdCBhZHZvY2F0
ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1Y2ggYW4gaW50ZXJmYWNlIHNob3VsZCBi
ZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRvci1zcGVjaWZpYyBmZWF0dXJlcy4NCg0K
SSBkb24ndCB1bmRlcnN0YW5kIHRoZSBkaWZmZXJlbmNlIGJldHdlZW4gYSAiYSB0cmFkaXRpb25h
bCBuZXR3b3JrIG1hbmFnZW1lbnQgc3lzdGVtIiBhbmQgU0ROLiAgUGVyaGFwcyBpdCBpcyBub3Qg
dGhlIGpvYiBvZiB0aGlzIGRvY3VtZW50IHRvIGNsZWFybHkgbWFrZSB0aGUgZGlzdGluY3Rpb24s
IGFuZCBJIHN1c3BlY3QgdGhlcmUgaXMgbm8gcmVhbCBkaXN0aW5jdGlvbi4uLnNldHRpbmcgcGFy
YW1ldGVycyAodHJhZGl0aW9uYWwgbmV0d29yayBtYW5hZ2VtZW50KSBpcyBhIHdheSBvZiAicHJv
Z3JhbW1pbmciIGFuIGludGVyZmFjZSAoIlNETiIpLg0KDQpUaGlzIGRvY3VtZW50IGNvdWxkIHVz
ZSBhbiBlZGl0aW5nIHBhc3MgZm9yIGdsaXRjaGVzLCBidXQgdGhlc2UgZ2xpdGNoZXMgZG8gbm90
IGltcGFjdCBpdHMgcmVhZGFiaWxpdHkuDQoNClRoZSBnbGl0Y2hlcyBjb25zaXN0ICBtb3N0bHkg
b2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxpa2UgIm9mIiBpbiB0aGUgZm9sbG93aW5nIHNl
bnRlbmNlLg0KIlRoZSBhZG9wdGlvbiBvZiBhbiBTRE4gZnJhbWV3b3JrIGZvciBtYW5hZ2VtZW50
IGFuZA0KICAgY29udHJvbCB0aGUgbWljcm93YXZlIGludGVyZmFjZSBpcyBvbmUgb2YgdGhlIGtl
eSBhcHBsaWNhdGlvbnMgZm9yDQogICB0aGlzIHdvcmsuIg0KDQpUaGUgc2VjdXJpdHkgY29uc2lk
ZXJhdGlvbnMgc2F5IHRoYXQgdGhleSBhc3N1bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChh
dXRoZW50aWNhdGVkLCBwcm9iYWJseSBlbmNyeXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNv
bW11bmljYXRpb24uICBPdGhlciB0aGFuIHRoYXQsIHBlcmhhcHMsIHRoZXJlIG1pZ2h0IGJlIHNl
Y3VyaXR5IGNvbnNpZGVyYXRpb25zIGZvciBpbmFkdmVydGVudGx5IHNldHRpbmcgcGFyYW1ldGVy
cyBpbmNvcnJlY3RseSwgb3IgbWFsaWNpb3VzbHkgYnkgYSB0cnVzdGVkIGFkbWluaXN0cmF0b3Iu
ICBCdXQgdGhpcyBkb2N1bWVudCBkb2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVjaWZpYyBwYXJhbWV0
ZXJzIHRvIGJlIG1hbmFnZWQsIGp1c3QgYSBnZW5lcmFsIGZyYW1ld29yay4NCg0KUmFkaWENCg0K
DQoNCg0K

--_000_F64C10EAA68C8044B33656FA214632C888316F24MISOUT7MSGUSRDE_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m
YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy
IDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiU2Vnb2UgVUkgRW1vamkiO30NCi8qIFN0
eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9y
bWFsDQoJe21hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZTox
MS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFu
Lk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0
ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtG
b2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQt
ZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5tc29ub3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYu
bXNvbm9ybWFsMA0KCXttc28tc3R5bGUtbmFtZTptc29ub3JtYWw7DQoJbXNvLW1hcmdpbi10b3At
YWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0
bzsNCgltYXJnaW4tbGVmdDowaW47DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToi
Q2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLm0tMjA1ODc5NTQ4MjI5NzM3MzY4MW0tNjE2Njk4
NTgwNDYxNTI3OTM2Nm00MTMxMzc2NzI4MDMxMTY3MzA2Z21haWwtbTkwMjYzNjg4MDM3MTM4NjMz
NDlnbWFpbC1tLTUwNTcwMTA5MTIxNTc3ODI1MzRnbWFpbC1pbA0KCXttc28tc3R5bGUtbmFtZTpt
Xy0yMDU4Nzk1NDgyMjk3MzczNjgxbS02MTY2OTg1ODA0NjE1Mjc5MzY2bTQxMzEzNzY3MjgwMzEx
NjczMDZnbWFpbC1tOTAyNjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1Nzc4MjUz
NGdtYWlsLWlsO30NCnNwYW4uRW1haWxTdHlsZTE5DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFs
LXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRv
d3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJ
Zm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJ
e3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpk
aXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtp
ZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4
PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8
bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0i
MSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5
IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9Ildv
cmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSw8bzpwPjwvbzpwPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+QSBiaXQgbGF0ZSBqdW1waW5nIGluLCBidXQgSSB3YXMgaW52b2x2ZWQgaW4gYSBtZWV0
aW5nIGFuZCB0cmF2ZWxsaW5nIHRvL2Zyb20gRXVyb3BlLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij5UaGVyZeKAmXMgc2V2ZXJhbCBSRkNzIHByb3ZpZGluZyBhIGRpc3RpbmN0aW9uIG9uIFNETiBh
bmQgdHJhZGl0aW9uYWwgTk1TIChFcmljLCB3ZeKAmWxsIGhhdmUgYSBiYXIgY2hhdCBvbiB0aGF0
PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O1NlZ29lIFVJIEVtb2ppJnF1b3Q7LHNhbnMt
c2VyaWYiPvCfmIo8L3NwYW4+KS4gSGVyZSwgSeKAmWQgc3VnZ2VzdCBhbiBpbmZvcm1hdGl2ZSBy
ZWZlcmVuY2UgdG8gUkZDIDc0MjYg4oCcU0ROOiBMYXllcnMNCiBhbmQgQXJjaGl0ZWN0dXJlIFRl
cm1pbm9sb2d54oCdLiBGb3IgdGhvc2Ugd2FudGluZyBjbGFyaWZpY2F0aW9uIG9uIOKAnG9uZeKA
nSBjb21wb25lbnQsIGNoZWNrIG91dCBTZWN0aW9uIDTigJlzIGFkdm9jYXRlZCBldm9sdXRpb24g
ZGlyZWN0aW9uLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz
cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IZXJlIGluIHRoaXMgbWljcm93YXZl
IGRyYWZ0LCB0aGUgcXVlc3Rpb24gaXMgbm90IGhvdyBtYW55IGludGVyZmFjZXMgb3IgaWYgY29t
cG9uZW50cyBhcmUgb25lIG9yIHR3byBwaHlzaWNhbGx5L2Z1bmN0aW9uYWxseSwgYnV0IHRvIGFk
ZHJlc3Mgd2h5IHRoZXJlIGlzIGludGVyZXN0IGluIGRvaW5nIHRoaXMgd29yayAodG8gc3VwcG9y
dCBtdWx0aS12ZW5kb3IgKFNETiBOQkkpIGVudmlyb25tZW50cyB2cy4gdHJhZGl0aW9uYWwNCiBv
bmUgdmVuZG9yIHVzaW5nIGludGVybWVkaWF0ZSAocHJvcHJpZXRhcnkpIHN5c3RlbXMpIGFuZCB3
aGF0IGlzIG5lZWRlZCBmb3IgbWFuYWdlbWVudCBhbmQgY29udHJvbCBzbyBhcyB0byBpZGVudGlm
eSBhIHN0YW5kYXJkIFlBTkcgbW9kZWwuIFRoZXNlIGNvdXBsZSBvZiBzZW50ZW5jZXMgd2FudCB0
byBzYXkgdGhpcyBkcmFmdCBkb2VzIG5vdCB3YW50IHRvIHByZWNsdWRlIGltcGxlbWVudGF0aW9u
cyB3aGljaCBzdGlsbCB1c2UgdGhlIG1vcmUNCiB0cmFkaXRpb25hbCB0d28gaW50ZXJmYWNlIGFw
cHJvYWNoIChjb250cm9sLCBtYW5hZ2VtZW50KSBvciBhIHNpbmdsZSBlbnRpdHkgZG9pbmcgdGhl
IGZ1bmN0aW9uYWxpdHkgb3ZlciDigJxvbmXigJ0gaW50ZXJmYWNlLjxvOnA+PC9vOnA+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj5J4oCZZCBzdWdnZXN0IG9uIHYwNjo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPlNvZnR3YXJlIERlZmluZWQgTmV0d29ya2luZyAoU0ROKTxvOnA+PC9vOnA+PC9w
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+U2VjdGlvbiAyIChEZWZpbml0aW9ucyk6PG86cD48L286
cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5TRE7igKYgU0ROIGNhbiBiZSB1c2VkIGFzIGEg
dGVybSBmb3IgYXV0b21hdGlvbiBvZiB0cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQsIHdo
aWNoIGNhbiBiZSBpbXBsZW1lbnRlZCB1c2luZyBhIHNpbWlsYXIgYXBwcm9hY2guPG86cD48L286
cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4vcy88bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPlNETiBjYW4gYmUgdXNlZCBmb3IgYXV0b21hdGlvbiBvZiB0cmFkaXRpb25h
bCBuZXR3b3JrIG1hbmFnZW1lbnQgZnVuY3Rpb25hbGl0eSB1c2luZyBhbiBTRE4gYXBwcm9hY2gg
b2Ygc3RhbmRhcmRpemVkIHByb2dyYW1tYWJsZSBpbnRlcmZhY2VzIGZvciBjb250cm9sIGFuZCBt
YW5hZ2VtZW50IFtSRkM3NDI2XS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+U2VjdGlvbiAzOjxv
OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+U0ROIHNvbHV0aW9ucyBjYW4gYmUg
dXNlZCBhcyBwYXJ0IG9mIHRoZSBuZXR3b3JrIG1hbmFnZW1lbnQgc3lzdGVtLCBhbGxvd2luZyBm
b3IgZGlyZWN0IG5ldHdvcmsgcHJvZ3JhbW1hYmlsaXR5IGFuZCBhdXRvbWF0ZWQgY29uZmlndXJh
YmlsaXR5IGJ5IG1lYW5zIG9mIGEgY2VudHJhbGl6ZWQgU0ROIGNvbnRyb2wgYW5kIHN0YW5kYXJk
aXplZCBpbnRlcmZhY2VzIHRvIHByb2dyYW0gdGhlIG5vZGVzLiZuYnNwOyBJdCdzDQogbm90ZWQg
dGhhdCB0aGVyZSdzIGlkZWEgdGhhdCB0aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2Fy
ZHMgYSBjb21wb25lbnQsIGFuZCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRl
IHZhZ3VlLiZuYnNwOyBBbm90aGVyIGZhY3QgaXMgdGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkg
b2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVu
dGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lLA0KIHdoaWxlIFNETiBpcyBjb25zaWRlcmVk
IGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZS4mbmJzcDsgVGhleSBh
cmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25lbnRzLjxvOnA+PC9vOnA+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+L3MvPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij5TRE4gc29sdXRpb25zIHdpdGggc3RhbmRhcmRpemVkIGludGVyZmFjZXMgY2FuIGJlIHVzZWQg
YXMgcGFydCBvZiB0aGUgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbS4mbmJzcDsgQXMgbm90ZWQg
aW4gW1JGQzc0MjZdLCB3aXRoIHRoZSBhZG9wdGlvbiBvZiBvcGVuIGFuZCBzdGFuZGFyZGl6ZWQg
aW50ZXJmYWNlcywgdGhlIHBhcnRpdGlvbiBvZiBmdW5jdGlvbmFsaXR5IGFuZCBkaXN0aW5jdGlv
bnMgYmV0d2VlbiBhbiBOTVMNCiBjb250cm9sbGVyIGFuZCBTRE4gY29udHJvbGxlciBhcmUgYmVj
b21pbmcgbGVzcyBjbGVhciwgYW5kIGZvciBzb21lIGFwcGxpY2F0aW9ucywgaGF2ZSBldm9sdmVk
IHRvIG9uZSBjb250cm9sbGVyL29uZSBpbnRlcmZhY2UuJm5ic3A7IEFzIHRoZXJlIGFyZSBzdGls
bCBtYW55IG5ldHdvcmtzIHdoZXJlIHRoZSBOTVMgaXMgaW1wbGVtZW50ZWQgYXMgb25lIGNvbXBv
bmVudC9pbnRlcmZhY2UgYW5kIHRoZSBTRE4gY29udHJvbGxlciBpcyBzY29wZWQgdG8gY29udHJv
bA0KIHBsYW5lIGZ1bmN0aW9uYWxpdHkgYXMgYSBzZXBhcmF0ZSBjb21wb25lbnQvaW50ZXJmYWNl
LCB0aGlzIGRvY3VtZW50IGRvZXMgbm90IHByZWNsdWRlIGVpdGhlciBtb2RlbC4gVGhlIGFpbSBv
ZiB0aGlzIGRvY3VtZW50IGlzIHRvIHByb3ZpZGUgYSBmcmFtZXdvcmsgZGVzY3JpYmluZyBib3Ro
IG1hbmFnZW1lbnQgYW5kIGNvbnRyb2wgb2YgbWljcm93YXZlIGludGVyZmFjZXMgdG8gc3VwcG9y
dCBkZXZlbG9wbWVudCBvZiBhIGNvbW1vbiBZQU5HIERhdGENCiBNb2RlbC48bzpwPjwvbzpwPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+SG9wZWZ1bGx5IHRoaXMgaW1wcm92ZXMtPG86cD48L286cD48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj5UaGFua3MgZXZlcnlvbmUgZm9yIHRoZSBjb21tZW50cy9jYXJlZnVs
IHJlYWRpbmctPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5EZWJvcmFoPG86
cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PGI+RnJvbTo8L2I+IENDQU1QICZsdDtjY2FtcC1ib3VuY2VzQGlldGYub3JnJmd0
OyA8Yj5PbiBCZWhhbGYgT2YgPC9iPg0KUmFkaWEgUGVybG1hbjxicj4NCjxiPlNlbnQ6PC9iPiBT
YXR1cmRheSwgTWF5IDE5LCAyMDE4IDExOjM1IFBNPGJyPg0KPGI+VG86PC9iPiBFcmljIEdyYXkg
Jmx0O2VyaWMuZ3JheUBlcmljc3Nvbi5jb20mZ3Q7PGJyPg0KPGI+Q2M6PC9iPiBkcmFmdC1pZXRm
LWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnOyBjY2FtcEBpZXRm
Lm9yZzsgVGhlIElFU0cgJmx0O2llc2dAaWV0Zi5vcmcmZ3Q7OyBzZWNkaXJAaWV0Zi5vcmc8YnI+
DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtDQ0FNUF0gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRm
LWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPkhpIEVyaWMsPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij5JIGZlZWwgYmFkIGZvciB0aGUgYXV0aG9ycyBvZiB0aGlzIGRvY3VtZW50IHRvIGJlIGJ1cmRl
bmVkIHdpdGggY2xhcmlmeWluZyBhIGRpc3RpbmN0aW9uIHRoYXQgaGFzIG5ldmVyIGJlZW4gY2xl
YXIgYmVmb3JlICh0byBsb3RzIG9mIHBlb3BsZSwgaW5jbHVkaW5nIG1lKSwmbmJzcDsgYnV0IHRo
ZWlyIHByb3Bvc2VkIHRleHQgZG9lc24ndCBtYWtlIGl0IGNsZWFyZXIuPG86cD48L286cD48L3A+
DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv
cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZxdW90OyA8c3BhbiBzdHls
ZT0iZm9udC1zaXplOjkuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2Vy
aWY7Y29sb3I6IzFGNDk3RDtiYWNrZ3JvdW5kOndoaXRlIj4NCuKAnEl0J3Mgbm90ZWQgdGhhdCB0
aGVyZSdzIGlkZWEgdGhhdCB0aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBj
b21wb25lbnQsIGFuZCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZhZ3Vl
LiBBbm90aGVyIGZhY3QgaXMgdGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mg
d2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRo
ZSBtYW5hZ2VtZW50DQogcGxhbmUsIHdoaWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50
cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBz
ZXBhcmF0ZSBjb21wb25lbnQmcXVvdDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk
aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0K
PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS41cHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEO2Jh
Y2tncm91bmQ6d2hpdGUiPiZuYnNwO0RvIHlvdSAob3IgYW55b25lIGVsc2UpIGhhdmUgYSBzdWdn
ZXN0aW9uIGZvciB0ZXh0IHRoYXQgYWNrbm93bGVkZ2VzIHRvIHRoZSByZWFkZXIgdGhhdCBpdCdz
IG5vdCB0aGUgcmVhZGVyJ3MgZmF1bHQgZm9yIG5vdCB1bmRlcnN0YW5kaW5nIHRoZSBkaWZmZXJl
bmNlPzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjVwdDtjb2xvcjojMUY0OTdEIj5JdCB3
b3VsZCBiZSBPSyB3aXRoIG1lIGZvciB0aGVtIHRvIGxlYXZlIG91dCZuYnNwOyB0aGUgZXh0cmEg
ZW50aXJlbHksIHNpbmNlIEknbSBzdXJlIHRoaXMgaXNuJ3QgdGhlIGZpcnN0IFJGQyB3aG9zZSB2
ZXJiaWFnZSBjbGFpbXMgU0ROIGFuZCBOTVMgYXJlIHR3byBkaWZmZXJlbnQgY29uY2VwdHMuIEJ1
dCBpZiBJIHdlcmUgdHJ5aW5nIHRvDQogZ2V0IHVwIHRvIHNwZWVkIGFib3V0IHRoaXMgYXJlYSBi
eSByZWFkaW5nIHRoZSBkb2N1bWVudHMsIEknZCBiZSBzb21ld2hhdCBjb21mb3J0ZWQgYnkgYW4g
YWNrbm93bGVkZ2VtZW50IChzdWNoIGFzIHRoZSB0ZXh0IHRoZXkgcHJvcG9zZSwgYnV0IHdpdGgg
dGhlIEVuZ2xpc2ggZml4ZWQpIHRoYXQgdGhlc2UgYXJlIGZ1enp5IGRpc3RpbmN0aW9ucywgc28g
SSB3b3VsZG4ndCB0aGluayBpdCB3YXMganVzdCBtZS4uLi50aGF0IGlmIEkgb25seSByZWFkDQog
bW9yZSB0aGluZ3MsIG9yIHRob3VnaHQgaGFyZGVyLCBvciBoYWQgbW9yZSBiYWNrZ3JvdW5kLCB0
aGUgZGlzdGluY3Rpb24gd291bGQgYmUgY2xlYXIuJm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9w
Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48
L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjkuNXB0O2NvbG9yOiMxRjQ5N0QiPlJhZGlhPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K
PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+
DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv
cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+
PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZu
YnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBGcmksIE1heSAx
OCwgMjAxOCBhdCAxOjI3IFBNLCBFcmljIEdyYXkgJmx0OzxhIGhyZWY9Im1haWx0bzplcmljLmdy
YXlAZXJpY3Nzb24uY29tIiB0YXJnZXQ9Il9ibGFuayI+ZXJpYy5ncmF5QGVyaWNzc29uLmNvbTwv
YT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpu
b25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2
LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluIj4NCjxkaXY+DQo8ZGl2Pg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t
YXJnaW4tYm90dG9tLWFsdDphdXRvIj5IaSBSYWRpYS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv
dHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1
dG8iPkkgYWdyZWUgdGhhdCB0aGUgRW5nbGlzaCBpcyBhd2t3YXJkLCBidXQgSSB3b3VsZCBoYXZl
IGludGVycHJldGVkIOKAnGV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVudOKAnSB0byBtZWFuIHNv
bWV0aGluZyBtb3JlIGFsb25nIHRoZSBsaW5lcyBvZiBldm9sdmluZyB0b3dhcmQgdGhlIHNhbWUg
KHNpbmd1bGFyKSB0aGluZy4mbmJzcDsNCiBPciBwZXJoYXBzIGFub3RoZXIgd2F5IHRvIGxvb2sg
YXQgaXQgbWlnaHQgYmUgdGhhdCwgYmVjYXVzZSBZQU5HIGlzIGJlY29taW5nIGEgbW9yZSBwb3B1
bGFyIG1lY2hhbmlzbSBmb3IgYm90aCBOTVMgYW5kIFNETiwgaXQgaXMgbGlrZWx5IHRoYXQgb25l
IG9yIGJvdGggb2YgdGhlc2UgbWF5IGJlY29tZSBjb21wb25lbnRzIG9mIGEgY29tbW9uIG1hbmFn
ZW1lbnQgZnJhbWV3b3JrLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5
bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4m
bmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy
Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SSB3b3VsZCBpbnRl
cnByZXQgaXQgdGhpcyB3YXkgcHJlY2lzZWx5IGJlY2F1c2Ug4oCTIGFzIHlvdSBzYXkg4oCTIHRo
ZSBkaXN0aW5jdGlvbiBpcyBub3QgYXQgYWxsIGNsZWFyLCB0aG91Z2ggSSB3b3VsZCBhZGQgdGhh
dCAodG8gc29tZSBvZiB1cykgdGhlIGRpc3RpbmN0aW9uIGhhcyBuZXZlciBiZWVuIHZlcnkgY2xl
YXIuJm5ic3A7DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkgRW1vamkm
cXVvdDssc2Fucy1zZXJpZiI+8J+Yijwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv
bS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz
dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i
PkZvciB0aGlzIHJlYXNvbiwgSSB3b3VsZCBoYXZlIHNvbWUgc21hbGwgZGlmZmljdWx0eSBpbiBz
ZWVpbmcgaG93IGl0IHdvdWxkIG1ha2UgbXVjaCBzZW5zZSB0byBzYXkgdGhhdCB0aGV5IGFyZSBl
dm9sdmluZyB0b3dhcmQgaW5jcmVhc2luZyBzaW1pbGFyaXR5LjxvOnA+PC9vOnA+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn
aW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h
bHQ6YXV0byI+LS08bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt
c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+RXJpYzxv
OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w
LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt
c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGI+RnJvbTo8L2I+IENDQU1QIFttYWlsdG86PGEg
aHJlZj0ibWFpbHRvOmNjYW1wLWJvdW5jZXNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5jY2Ft
cC1ib3VuY2VzQGlldGYub3JnPC9hPl0NCjxiPk9uIEJlaGFsZiBPZiA8L2I+UmFkaWEgUGVybG1h
bjxicj4NCjxiPlNlbnQ6PC9iPiBGcmlkYXksIE1heSAxOCwgMjAxOCAxMjozMCBBTTxicj4NCjxi
PlRvOjwvYj4gWWVtaW4gKEFteSkgJmx0OzxhIGhyZWY9Im1haWx0bzphbXkueWVtaW5AaHVhd2Vp
LmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmFteS55ZW1pbkBodWF3ZWkuY29tPC9hPiZndDs8YnI+DQo8
Yj5DYzo8L2I+IFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFy
Z2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpjY2Ft
cEBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmNjYW1wQGlldGYub3JnPC9hPjsgPGEgaHJlZj0i
bWFpbHRvOnNlY2RpckBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0Kc2VjZGlyQGlldGYub3Jn
PC9hPjsgPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29y
ay5hbGxAdG9vbHMuaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2NhbXAt
bWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+PGJyPg0KPGI+U3ViamVj
dDo8L2I+IFJlOiBbQ0NBTVBdIFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNy
b3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz
dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i
PiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl
PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhh
bmsgeW91ISZuYnNwOyBUaG91Z2ggd2hhdCB5b3UncmUgc3VnZ2VzdGluZyBpcyBhd2t3YXJkIEVu
Z2xpc2guPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t
YWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90
dG9tLWFsdDphdXRvIj5QZXJoYXBzICZxdW90O1dlIG5vdGUgdGhhdCB0aGUgZGlzdGluY3Rpb24g
YmV0d2VlbiBOTVMgYW5kIFNETiBpcyBub3QgYWxsIHRoYXQgY2xlYXIsIGFuZCB0aGUgdHdvIGFy
ZSBldm9sdmluZyB0byBiZSBtb3JlIGFuZCBtb3JlIHNpbWlsYXIuJnF1b3Q7IGNvdWxkIHJlcGxh
Y2UgdGhlIGZpcnN0IHNlbnRlbmNlLiZuYnNwOyBJJ20gcmVhbGx5DQogbm90IHN1cmUgd2hhdCB5
b3UgbWVhbnQgYnkgJnF1b3Q7ZXZvbHZpbmcgdG93YXJkIGEgY29tcG9uZW50JnF1b3Q7LCBzbyBw
ZXJoYXBzIEknbSBub3QgY2FwdHVyaW5nIHdoYXQgeW91IGFyZSBpbnRlbmRpbmcgdG8gc2F5Ljxv
OnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy
Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48
L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5
bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4m
bmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0
byI+UmFkaWE8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K
PC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0
byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5
bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5P
biBUaHUsIE1heSAxNywgMjAxOCBhdCA3OjAzIFBNLCBZZW1pbiAoQW15KSAmbHQ7PGEgaHJlZj0i
bWFpbHRvOmFteS55ZW1pbkBodWF3ZWkuY29tIiB0YXJnZXQ9Il9ibGFuayI+YW15LnllbWluQGh1
YXdlaS5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxl
PSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGlu
IDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4t
cmlnaHQ6MGluO21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0
b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5IaSBSYWRpYSwNCjwvc3Bh
bj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu
LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNv
bG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h
bHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPldlIGp1c3QgdXBkYXRlZCB0aGUg
ZHJhZnQsDQo8YSBocmVmPSJodHRwczovL3VybGRlZmVuc2UucHJvb2Zwb2ludC5jb20vdjIvdXJs
P3U9aHR0cHMtM0FfX2RhdGF0cmFja2VyLmlldGYub3JnX2RvY19kcmFmdC0yRGlldGYtMkRjY2Ft
cC0yRG1pY3Jvd2F2ZS0yRGZyYW1ld29ya18mYW1wO2Q9RHdNRmFRJmFtcDtjPUxGWVotbzlfSFVN
ZU1UU1FpY3ZqSWcmYW1wO3I9NlVoR3BXOWx3aTlkTTdqWWx4WEQ4dyZhbXA7bT1aaVVsV2NKSjdK
cXcyeHhXeUxIdHlHYVUyVkljT3g5dTZkeUNvRjR4ZENvJmFtcDtzPUd5SGFxUlVRazFEUEZmdHRY
YTZGWFVwTkRCNHJPblJYdGsycDhtbXZ0b2cmYW1wO2U9IiB0YXJnZXQ9Il9ibGFuayI+DQpodHRw
czovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m
cmFtZXdvcmsvPC9hPi4gPC9zcGFuPg0KPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0
OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5Zb3VyIGNvbW1lbnRzIGFyZSBhZGRy
ZXNzZWQgaW4gdGhlIGxhdGVzdCB2ZXJzaW9uLg0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn
aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9z
cGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn
aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0i
Y29sb3I6IzFGNDk3RCI+QlIsPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs
dDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+QW15PC9zcGFuPjxvOnA+PC9vOnA+
PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0Ux
RTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6
YXV0byI+PGI+RnJvbTo8L2I+IFllbWluIChBbXkpDQo8YnI+DQo8Yj5TZW50OjwvYj4gVGh1cnNk
YXksIE1heSAxMCwgMjAxOCA0OjA3IFBNPGJyPg0KPGI+VG86PC9iPiAnRGFuaWVsZSBDZWNjYXJl
bGxpJyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmRhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb20i
IHRhcmdldD0iX2JsYW5rIj5kYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPC9hPiZndDs7
IFJhZGlhIFBlcmxtYW4gJmx0OzxhIGhyZWY9Im1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29t
IiB0YXJnZXQ9Il9ibGFuayI+cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwvYT4mZ3Q7Ow0KPGEgaHJl
Zj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMu
aWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZy
YW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+OyBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFp
bHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5pZXNnQGlldGYub3JnPC9hPiZndDs7
DQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2VjZGly
QGlldGYub3JnPC9hPjxicj4NCjxiPlN1YmplY3Q6PC9iPiBSRTogU2VjZGlyIHJldmlldyBvZiBk
cmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwv
ZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At
YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9w
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z
by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+SGkg
UmFkaWEsDQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls
ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxz
cGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h
cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5UaGFua3Mg
Zm9yIHlvdXIgcmV2aWV3Li4NCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h
bHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwv
bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6
YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5
N0QiPlJlZ2FyZGluZyB0aGUgTk1TIGFuZCBTRE4sIGFzIERhbmllbGUgc3VnZ2VzdGVkLCB3ZSB3
aWxsIGFkZCB0aGUgZm9sbG93aW5nIHRleHQgaW4gc2VjdGlvbiAzOg0KPC9zcGFuPjxvOnA+PC9v
OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph
dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3
RCI+4oCcSXQncyBub3RlZCB0aGF0IHRoZXJlJ3MgaWRlYSB0aGF0IHRoZSBOTVMgYW5kIFNETiBh
cmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbXBvbmVudCwgYW5kIHRoZSBkaXN0aW5jdGlvbiBiZXR3
ZWVuIHRoZW0gaXMgcXVpdGUgdmFndWUuIEFub3RoZXIgZmFjdCBpcw0KIHRoYXQgdGhlcmUgaXMg
c3RpbGwgcGxlbnR5IG9mIG5ldHdvcmtzIHdoZXJlIE5NUyBpcyBzdGlsbCBjb25zaWRlcmVkIGFz
IHRoZSBpbXBsZW1lbnRhdGlvbiBvZiB0aGUgbWFuYWdlbWVudCBwbGFuZSwgd2hpbGUgU0ROIGlz
IGNvbnNpZGVyZWQgYXMgdGhlIGNlbnRyYWxpemF0aW9uIG9mIHRoZSBjb250cm9sIHBsYW5lLiBU
aGV5IGFyZSBzdGlsbCBrZXB0IGFzIHNlcGFyYXRlIGNvbXBvbmVudC7igJ08L3NwYW4+PG86cD48
L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0
OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0
OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz
dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i
PjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5SZWdhcmRpbmcgdGhlIHNlY3VyaXR5IGNvbnNp
ZGVyYXRpb25zLCB5ZXMsIHRoaXMgZHJhZnQgZG9lc27igJl0IHNwZWNpZnkgdGhlIHBhcmFtZXRl
cnMuDQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i
bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu
IHN0eWxlPSJjb2xvcjojMUY0OTdEIj5UaGVyZeKAmXMgYW5vdGhlciBkcmFmdCBkcmFmdC1pZXRm
LWNjYW1wLW13LXlhbmcsIHdoZXJlIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9uIGlzIGFkZHJl
c3NlZCBhcyB5b3Ugc3VnZ2VzdGVkLg0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90
dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxv
OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w
LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6
IzFGNDk3RCI+QlIsPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg
c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv
Ij48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+QW15PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K
PGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAx
LjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0
eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+
PGI+RnJvbTo8L2I+IERhbmllbGUgQ2VjY2FyZWxsaSBbPGEgaHJlZj0ibWFpbHRvOmRhbmllbGUu
Y2VjY2FyZWxsaUBlcmljc3Nvbi5jb20iIHRhcmdldD0iX2JsYW5rIj5tYWlsdG86ZGFuaWVsZS5j
ZWNjYXJlbGxpQGVyaWNzc29uLmNvbTwvYT5dDQo8YnI+DQo8Yj5TZW50OjwvYj4gTW9uZGF5LCBN
YXkgMDcsIDIwMTggNTo0NiBQTTxicj4NCjxiPlRvOjwvYj4gUmFkaWEgUGVybG1hbiAmbHQ7PGEg
aHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdldD0iX2JsYW5rIj5yYWRp
YXBlcmxtYW5AZ21haWwuY29tPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1j
Y2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJfYmxh
bmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRm
Lm9yZzwvYT47IFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFy
Z2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpzZWNk
aXJAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJyPg0KPGI+
U3ViamVjdDo8L2I+IFJFOiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93
YXZlLWZyYW1ld29yay0wNTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv
dHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1
dG8iPjxzcGFuIGxhbmc9IklUIj5IaSBSYWRpYSw8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2
Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6
YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwv
c3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy
Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+bGV0IG1lIHJlcGx5
IG9uIGJlaGFsZiBvZiB0aGUgYXV0aG9ycy4gRmlyc3Qgb2YgYWxsIG1hbnkgdGhhbmtzIGZvciB5
b3VyIHJldmlldy48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt
c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7
PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10
b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlJlZ2FyZGluZyB5b3VyIHF1
ZXN0aW9uIGFib3V0IHRyYWRpdGlvbmFsIE5NUyB2cyBTRE4gSSBhZ3JlZSB3aXRoIHlvdSBvbiB0
aGUgZmFjdCB0aGF0IHRoZXkgYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBjb21tb24gY29tcG9uZW50
IGFuZCB0aGUgZGlzdGluY3Rpb24gaXMgcXVpdGUgYmx1cnJ5LCBidXQgdGhlcmUNCiBpcyBzdGls
bCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhl
IGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lIHdoaWxlIFNETiB0aGUgY2Vu
dHJhbGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUgYW5kIHRoZXkgYXJlIHN0aWxsIGtlcHQg
YXMgc2VwYXJhdGUgdGhpbmdzLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg
c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv
Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t
bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SGVuY2UsIHNp
bmNlIHRoZSBhdXRob3JzIHNwZWFrIGFib3V0IOKAnHRyYWRpdGlvbmFs4oCdIE5NUyBhbmQgU0RO
IEkgd291bGQgdGVuZCB0byBhbGxvdyBmb3IgdGhlIGRpc3RpbmN0aW9uIHRvIGJlIGtlcHQuIElm
IHlvdSBwcmVmZXIgYSBub3RlIHNwZWFraW5nIGFib3V0IHRoZSBjb252ZXJnZW5jZSBvZiB0aGUg
dHdvDQogdGhpbmdzIGNhbiBiZSBhZGRlZC48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h
bHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls
ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlRo
YW5rcyBhIGxvdDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z
by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5EYW5pZWxl
Jm5ic3A7IChjY2FtcCBjby1jaGFpcik8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6
YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3Jk
ZXItbGVmdDpzb2xpZCBibHVlIDEuNXB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNC4wcHQiPg0KPGRp
dj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBw
dDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl
PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGI+
RnJvbTo8L2I+IFJhZGlhIFBlcmxtYW4gWzxhIGhyZWY9Im1haWx0bzpyYWRpYXBlcmxtYW5AZ21h
aWwuY29tIiB0YXJnZXQ9Il9ibGFuayI+bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb208L2E+
XQ0KPGJyPg0KPGI+U2VudDo8L2I+IGx1bmVkw6wgNyBtYWdnaW8gMjAxOCAwODo1NTxicj4NCjxi
PlRvOjwvYj4gPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l
d29yay5hbGxAdG9vbHMuLmlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+DQpkcmFmdC1pZXRmLWNj
YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPC9hPjsgVGhlIElFU0cg
Jmx0OzxhIGhyZWY9Im1haWx0bzppZXNnQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aWVzZ0Bp
ZXRmLm9yZzwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyIgdGFyZ2V0
PSJfYmxhbmsiPnNlY2RpckBpZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gU2VjZGly
IHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwv
bzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv
LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxh
bmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t
LWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+U29ycnkuLi5yZXNlbmRpbmcgYmVjYXVzZSBJIG1p
c3R5cGVkIHRoZSBhdXRob3IgYWRkcmVzcy48L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t
YXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+
PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z
by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBs
YW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttYXJnaW4tYm90dG9tOjEy
LjBwdCI+PHNwYW4gbGFuZz0iSVQiPi0tLS0tLS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0t
LS0tLTxicj4NCkZyb206IDxiPlJhZGlhIFBlcmxtYW48L2I+ICZsdDs8YSBocmVmPSJtYWlsdG86
cmFkaWFwZXJsbWFuQGdtYWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPnJhZGlhcGVybG1hbkBnbWFp
bC5jb208L2E+Jmd0Ozxicj4NCkRhdGU6IFN1biwgTWF5IDYsIDIwMTggYXQgMTE6NDggUE08YnI+
DQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZy
YW1ld29yay0wNTxicj4NClRvOiA8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNy
b3dhdmUtZnJhbWV3b3JrLTA1LmFsbEB0b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0K
ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1LmFsbEB0b29scy5pZXRmLm9y
ZzwvYT4sIFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFyZ2V0
PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OywNCjxhIGhyZWY9Im1haWx0bzpzZWNkaXJA
aWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PC9zcGFuPjxvOnA+
PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu
LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQi
IHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fu
cy1zZXJpZjtjb2xvcjojMjIyMjIyIj5TdW1tYXJ5OiZuYnNwOyBObyBzZWN1cml0eSBpc3N1ZXMg
Zm91bmQsIGJ1dCBJIGRvIGhhdmUgcXVlc3Rpb25zLCBhbmQgdGhlcmUgYXJlIGVkaXRpbmcgZ2xp
dGNoZXM8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg
c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv
Ij48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv
O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImZvbnQt
c2l6ZTo5LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9y
OiMyMjIyMjIiPkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNl
Y3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZzxicj4NCmVmZm9ydCB0byZuYnNwOzxzcGFuIGNs
YXNzPSJtLTIwNTg3OTU0ODIyOTczNzM2ODFtLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3Njcy
ODAzMTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3
NzgyNTM0Z21haWwtaWwiPnJldmlldzwvc3Bhbj4mbmJzcDthbGwgSUVURiBkb2N1bWVudHMgYmVp
bmcgcHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiZuYnNwOyBUaGVzZTxicj4NCmNvbW1lbnRzIHdlcmUg
d3JpdHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBhcmVhPGJy
Pg0KZGlyZWN0b3JzLiZuYnNwOyBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxk
IHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3Q8YnI+DQpsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwg
Y29tbWVudHMuPC9zcGFuPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48
L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp
bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklU
Ij4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0
b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0aGUg
bWFuYWdlbWVudCBpbnRlcmZhY2UgZm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy48L3NwYW4+PG86
cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i
bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu
IGxhbmc9IklUIj5JdCBhZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1Y2gg
YW4gaW50ZXJmYWNlIHNob3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRvci1z
cGVjaWZpYyBmZWF0dXJlcy48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h
cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48
L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv
LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxh
bmc9IklUIj5JIGRvbid0IHVuZGVyc3RhbmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICZxdW90
O2EgdHJhZGl0aW9uYWwgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSZxdW90OyBhbmQgU0ROLiZu
YnNwOyBQZXJoYXBzIGl0IGlzIG5vdCB0aGUgam9iIG9mIHRoaXMgZG9jdW1lbnQgdG8gY2xlYXJs
eSBtYWtlIHRoZSBkaXN0aW5jdGlvbiwNCiBhbmQgSSBzdXNwZWN0IHRoZXJlIGlzIG5vIHJlYWwg
ZGlzdGluY3Rpb24uLi5zZXR0aW5nIHBhcmFtZXRlcnMgKHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFu
YWdlbWVudCkgaXMgYSB3YXkgb2YgJnF1b3Q7cHJvZ3JhbW1pbmcmcXVvdDsgYW4gaW50ZXJmYWNl
ICgmcXVvdDtTRE4mcXVvdDspLiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K
PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0
bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bh
bj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0
eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+
PHNwYW4gbGFuZz0iSVQiPlRoaXMgZG9jdW1lbnQgY291bGQgdXNlIGFuIGVkaXRpbmcgcGFzcyBm
b3IgZ2xpdGNoZXMsIGJ1dCB0aGVzZSBnbGl0Y2hlcyBkbyBub3QgaW1wYWN0IGl0cyByZWFkYWJp
bGl0eS48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t
YWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8
L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At
YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGUg
Z2xpdGNoZXMgY29uc2lzdCZuYnNwOyBtb3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRz
IGxpa2UgJnF1b3Q7b2YmcXVvdDsgaW4gdGhlIGZvbGxvd2luZyBzZW50ZW5jZS48L3NwYW4+PG86
cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i
bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu
IGxhbmc9IklUIj4mcXVvdDtUaGUgYWRvcHRpb24gb2YgYW4gU0ROIGZyYW1ld29yayBmb3IgbWFu
YWdlbWVudCBhbmQ8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i
b3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDsgJm5ic3A7Y29udHJvbCB0aGUg
bWljcm93YXZlIGludGVyZmFjZSBpcyBvbmUgb2YgdGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yPC9z
cGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg
c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv
Ij48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7ICZuYnNwO3RoaXMgd29yay4mcXVvdDs8L3NwYW4+PG86
cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i
bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu
IGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h
cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGUgc2VjdXJpdHkgY29uc2lk
ZXJhdGlvbnMgc2F5IHRoYXQgdGhleSBhc3N1bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChh
dXRoZW50aWNhdGVkLCBwcm9iYWJseSBlbmNyeXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNv
bW11bmljYXRpb24uJm5ic3A7IE90aGVyIHRoYW4gdGhhdCwNCiBwZXJoYXBzLCB0aGVyZSBtaWdo
dCBiZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBmb3IgaW5hZHZlcnRlbnRseSBzZXR0aW5nIHBh
cmFtZXRlcnMgaW5jb3JyZWN0bHksIG9yIG1hbGljaW91c2x5IGJ5IGEgdHJ1c3RlZCBhZG1pbmlz
dHJhdG9yLiZuYnNwOyBCdXQgdGhpcyBkb2N1bWVudCBkb2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVj
aWZpYyBwYXJhbWV0ZXJzIHRvIGJlIG1hbmFnZWQsIGp1c3QgYSBnZW5lcmFsIGZyYW1ld29yay48
L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1
dG8iPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0iY29sb3I6Izg4ODg4OCI+Jm5ic3A7PC9zcGFuPjxv
OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9
Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3Bh
biBsYW5nPSJJVCIgc3R5bGU9ImNvbG9yOiM4ODg4ODgiPlJhZGlhPC9zcGFuPjxvOnA+PC9vOnA+
PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt
c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4g
bGFuZz0iSVQiIHN0eWxlPSJjb2xvcjojODg4ODg4Ij4mbmJzcDs8L3NwYW4+PG86cD48L286cD48
L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0
byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K
PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1
b3RlPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At
YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9w
Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4N
CjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rp
dj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_F64C10EAA68C8044B33656FA214632C888316F24MISOUT7MSGUSRDE_--


From nobody Mon May 21 11:57:25 2018
Return-Path: <eric.gray@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F05E12D80E for <secdir@ietfa.amsl.com>; Mon, 21 May 2018 11:57:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level: 
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58sbIk1B29bM for <secdir@ietfa.amsl.com>; Mon, 21 May 2018 11:57:12 -0700 (PDT)
Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B577812D82F for <secdir@ietf.org>; Mon, 21 May 2018 11:57:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1526929030; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=7M2EmHITAcLFDs/NeyoVzZplzdhm4L2da62/0+J10Xg=; b=UtWWZRYTpob8aU8sWiP3G6r/RUlVe0rnqVoIb5qzw8aK/ejOJo/raqzvkjJ23RZo UGPbNhphNz/z9KPYeT32vuu1dLfNCvmH2oKFaowCE+7jvpnkcHs6LvNb5TMO3ixD yLLxcg9SGbb+ciky0wDLzNm3Yv4kBp/l6YlzjGLlFCA=;
X-AuditID: c6180641-691ff70000002610-8f-5b031686307b
Received: from EUSAAHC006.ericsson.se (Unknown_Domain [147.117.188.90]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id DD.ED.09744.686130B5; Mon, 21 May 2018 20:57:10 +0200 (CEST)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC006.ericsson.se ([147.117.188.90]) with mapi id 14.03.0382.000; Mon, 21 May 2018 14:57:09 -0400
From: Eric Gray <eric.gray@ericsson.com>
To: Radia Perlman <radiaperlman@gmail.com>
CC: "Yemin (Amy)" <amy.yemin@huawei.com>, The IESG <iesg@ietf.org>, "ccamp@ietf.org" <ccamp@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" <draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>
Thread-Topic: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQCADDFO8IAAbMGAgADFmvCAAk+egIACQesQ
Date: Mon, 21 May 2018 18:57:09 +0000
Message-ID: <48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2@eusaamb107.ericsson.se>
References: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com> <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <CAFOuuo6XWv8NnWN2SDXDFJ-6FZVmvC-T8i8k+M3wXb2aARfqBg@mail.gmail.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se> <CAFOuuo5rZQpE7VrgRSxvMPJcC+3dRJco+a1S7BPEyqnCPmKBSA@mail.gmail.com>
In-Reply-To: <CAFOuuo5rZQpE7VrgRSxvMPJcC+3dRJco+a1S7BPEyqnCPmKBSA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [147.117.188.221]
Content-Type: multipart/alternative; boundary="_000_48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2eusaamb107erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBIsWRmVeSWpSXmKPExsUyuXRPlG6bGHO0wetvShabOzawWTyZc4PF 4vpbNYsZfyYyW2yZ85bV4sPChywObB47Z91l92g58pbVY8mSn0weXy5/ZgtgieKySUnNySxL LdK3S+DK2NKzmL2g5RRzxd1HvSwNjBP2MXcxcnJICJhINHybAWRzcQgJHGWUuHT/PTuEs5xR YsKcd0wgVWwCGhLH7qxlBLFFBLQkWjs/MIIUMQu0Mkls7poHlhAW8JXYd/YLC0RRgMS7/pdQ dpRE8+s/YOtYBFQlbnaAbODk4AWqn3X8KBPEtoPMEnP/HAJLcAoESmw+94INxGYUEJP4fmoN 2BXMAuISt57MZ4K4W0BiyZ7zUD+ISrx8/I8VwlaWuL7qCgtEfb7Evr5fzBDLBCVOznzCMoFR ZBaSUbOQlM1CUjaLkQMorimxfpc+RImixJTuh+wQtoZE65y57MjiCxjZVzFylBYX5OSmGxlu YgTG3zEJNscdjHt7PQ8xCnAwKvHwrmVkjhZiTSwrrsw9xCjBwawkwvvpElO0EG9KYmVValF+ fFFpTmrxIUZpDhYlcd5znrxRQgLpiSWp2ampBalFMFkmDk6pBsYZaZzrK+OKD0ttey/+NGXp DfOIcCmxlM+dHom6kZPbtLg/mrzgfh821VhG4ezkKrW/byc/a09k1fO9ryS7+dEKFa+F7t1l 59V+XY6z1unIepV053ym1qtnf//9+y6xer193gdl6TKluoTHYhu6N89qnxyw0iKzvSb6/41S /5q820GxN99lRimxFGckGmoxFxUnAgDy4iKWuwIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/WDWalMD6CmGkKVYK62YbhbOf8As>
Subject: Re: [secdir] [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2018 18:57:17 -0000

--_000_48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2eusaamb107erics_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

U28sIG9uZSBjb3VsZCByZWFkIHRoaXMgYXMgc2F5aW5nIHRoYXQgc29tZSBwZW9wbGUgdmlldyBu
ZXR3b3JrIG1hbmFnZW1lbnQgKGUuZy4g4oCTIHVzZSBvZiBhbiBOTVMpIGFuZCBjZW50cmFsaXpl
ZCBuZXR3b3JrIGNvbnRyb2wgKGUuZy4g4oCTIFNETikgYXMgYmVpbmcgc29tZWhvdyBhdCBsZWFz
dCBtYXJnaW5hbGx5IGRpc3RpbmN0LCB5ZXQgYmVjb21pbmcgaW5jcmVhc2luZ2x5IGxlc3Mgc28u
ICBPdGhlciBwZW9wbGUgdmlldyB0aGVtIGFzIGNvbXBsZXRlbHkgZGlzam9pbnQsIHBlcmhhcHMg
aGF2aW5nIGEgcHJlZmVyZW5jZSwgYW5kIHdvdWxkIGxpa2UgdGhlbSB0byBjb250aW51ZSBiZWlu
ZyBjb25zaWRlcmVkIGNvbXBsZXRlbHkgc2VwYXJhdGUgYW5kIGRpc3RpbmN0IGNvbmNlcHRzLg0K
DQpXaGlsZSBJIHRoaW5rIGl0IGlzIHByb2JhYmx5IGZhaXIgdG8gc2F5IHRoYXQgdGhpcyBpcyB2
ZXJ5IGxpa2VseSB0cnVlLCB0aGlzIGhhcyBhbGwgdGhlIGVhciBtYXJrcyBvZiBiZWluZyBhIHJh
dCBob2xlLCBhbmQgSSBjYW5ub3QgaW1hZ2luZSB3aGF0IHZhbHVlIHRoZSBwcm9wb3NlZCB0ZXh0
IGFkZHMgdG8gdGhlIGRyYWZ0Lg0KDQpBcyBJIHVuZGVyc3RhbmQgaXQsIHRoZSBpbnRlbnQgd2Fz
IHRvIGNsYXJpZnkgc29tZXRoaW5nIHRvIGRvIHdpdGggdGhlIGZvbGxvd2luZyB0ZXh0Og0KDQoN
CiAgIFRoaXMgZnJhbWV3b3JrIGFkZHJlc3NlcyB0aGUgZGVmaW5pdGlvbiBvZiBhbiBvcGVuIGFu
ZCBzdGFuZGFyZGl6ZWQNCiAgIGludGVyZmFjZSBmb3IgdGhlIHJhZGlvIGxpbmsgZnVuY3Rpb25h
bGl0eSBpbiBhIG1pY3Jvd2F2ZSBub2RlLiAgVGhlDQogICBhcHBsaWNhdGlvbiBvZiBzdWNoIGFu
IGludGVyZmFjZSB1c2VkIGZvciBtYW5hZ2VtZW50IGFuZCBjb250cm9sIG9mDQogICBub2RlcyBh
bmQgbmV0d29ya3MgdHlwaWNhbGx5IHZhcnkgZnJvbSBvbmUgb3BlcmF0b3IgdG8gYW5vdGhlciwg
aW4NCiAgIHRlcm1zIG9mIHRoZSBzeXN0ZW1zIHVzZWQgYW5kIGhvdyB0aGV5IGludGVyYWN0LiAg
QSB0cmFkaXRpb25hbA0KICAgc29sdXRpb24gaXMgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSwg
d2hpbGUgYW4gZW1lcmdpbmcgb25lIGlzIFNETi4NCiAgIFNETiBzb2x1dGlvbnMgY2FuIGJlIHVz
ZWQgYXMgcGFydCBvZiB0aGUgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSwNCiAgIGFsbG93aW5n
IGZvciBkaXJlY3QgbmV0d29yayBwcm9ncmFtbWFiaWxpdHkgYW5kIGF1dG9tYXRlZA0KICAgY29u
ZmlndXJhYmlsaXR5IGJ5IG1lYW5zIG9mIGEgY2VudHJhbGl6ZWQgU0ROIGNvbnRyb2wgYW5kDQog
ICBzdGFuZGFyZGl6ZWQgaW50ZXJmYWNlcyB0byBwcm9ncmFtIHRoZSBub2Rlcy4NCg0KWW91ciBj
b21tZW50IHdhcyB0aGF0IHRoZSBkaXN0aW5jdGlvbiBpcyBub3QgY2xlYXIuICBUaGF0IGlzIGEg
ZmFpciBwb2ludC4gIEFuZCBpdCBpcyBwcm9iYWJseSBub3QgYWRkcmVzc2VkIGJ5IHRoZSBwcm9w
b3NhbC4NCg0KSSB3b3VsZCBmdXJ0aGVyIGFkZCB0aGF0IHVzaW5nIGVtb3Rpb25hbGx5IGZyZWln
aHRlZCBleHByZXNzaW9ucyAo4oCcY2xhc3NpY+KAnS/igJ1sZWdhY3nigJ0v4oCddHJhZGl0aW9u
YWzigJ0gdmVyc2VzIOKAnGlubm92YXRpdmXigJ0v4oCdbm92ZWzigJ0v4oCdZW1lcmdpbmfigJ0p
IGRvZXNu4oCZdCBoZWxwIGFuZCByZWFsbHkgaXNu4oCZdCBhcHByb3ByaWF0ZSBpbiBzcGVjaWZp
Y2F0aW9uLg0KDQpJIHN1c3BlY3QgdGhhdCB0aGUgcmVhc29uIGZvciBjbGFpbWluZyBhIGRpc3Rp
bmN0aW9uIGV4aXN0cyAoaG93ZXZlciBkaWZmaWN1bHQgaXQgbWF5IGJlIHRvIGNoYXJhY3Rlcml6
ZSB0aGF0IGRpc3RpbmN0aW9uKSBpcyBpbiB0aGUgcGFydCBvZiB0aGUgYWJvdmUgdGV4dCBoYXZp
bmcgdG8gZG8gd2l0aCBvcGVyYXRvciBwcmVmZXJlbmNlcy4gIFRoZXNlIGRlZmluaXRlbHkgZG8g
ZXhpc3QuICDwn5iKDQoNClBlcmhhcHMgYSBnb29kIHdheSB0byBhZGRyZXNzIHRoZSBpc3N1ZSBp
cyB0byByZXBsYWNlIHRoZSBsYXN0IHR3byBzZW50ZW5jZXMgaW4gdGhlIHRleHQgYWJvdmUgd2l0
aCBzb21ldGhpbmcgYWxvbmcgdGhlIGxpbmVzIG9mOg0KDQogICAg4oCcUG9zc2libGUgYXBwcm9h
Y2hlcyBpbmNsdWRlIHZpYSB0aGUgdXNlIG9mIGEgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSAo
Tk1TKSwgdmlhIHNvZnR3YXJlIGRlZmluZWQgbmV0d29ya2luZyAoU0ROKSBhbmQgdmlhIHNvbWUg
Y29tYmluYXRpb24gb2YgTk1TIGFuZCBTRE4u4oCdDQoNCk5vdGUgdGhhdCDigJxhdXRvbWF0ZWQg
Y29uZmlndXJhYmlsaXR54oCdIGlzIG5vdCBhIG5ldyBjb25jZXB0IGluIGNvbmZpZ3VyYXRpb24g
b2YgbmV0d29yayBkZXZpY2VzLCB1bmlxdWUgdG8gU0ROLCBoZW5jZSB0aGUgbGFzdCBwYXJ0IG9m
IHRoZSBmaW5hbCBzZW50ZW5jZSAoc3RhcnRpbmcgd2l0aCDigJxhbGxvd2luZyBmb3Ig4oCm4oCd
KSBhZGRzIG5vIHZhbHVlIGFuZCBzaG91bGQgYmUgbGVmdCBvdXQuDQoNCi0tDQpFcmljDQoNCkZy
b206IFJhZGlhIFBlcmxtYW4gW21haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tXQ0KU2VudDog
U2F0dXJkYXksIE1heSAxOSwgMjAxOCAxMTozNSBQTQ0KVG86IEVyaWMgR3JheSA8ZXJpYy5ncmF5
QGVyaWNzc29uLmNvbT4NCkNjOiBZZW1pbiAoQW15KSA8YW15LnllbWluQGh1YXdlaS5jb20+OyBU
aGUgSUVTRyA8aWVzZ0BpZXRmLm9yZz47IGNjYW1wQGlldGYub3JnOyBzZWNkaXJAaWV0Zi5vcmc7
IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmcN
ClN1YmplY3Q6IFJlOiBbQ0NBTVBdIFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1t
aWNyb3dhdmUtZnJhbWV3b3JrLTA1DQpJbXBvcnRhbmNlOiBIaWdoDQoNCkhpIEVyaWMsDQoNCkkg
ZmVlbCBiYWQgZm9yIHRoZSBhdXRob3JzIG9mIHRoaXMgZG9jdW1lbnQgdG8gYmUgYnVyZGVuZWQg
d2l0aCBjbGFyaWZ5aW5nIGEgZGlzdGluY3Rpb24gdGhhdCBoYXMgbmV2ZXIgYmVlbiBjbGVhciBi
ZWZvcmUgKHRvIGxvdHMgb2YgcGVvcGxlLCBpbmNsdWRpbmcgbWUpLCAgYnV0IHRoZWlyIHByb3Bv
c2VkIHRleHQgZG9lc24ndCBtYWtlIGl0IGNsZWFyZXIuDQoNCiIg4oCcSXQncyBub3RlZCB0aGF0
IHRoZXJlJ3MgaWRlYSB0aGF0IHRoZSBOTVMgYW5kIFNETiBhcmUgZXZvbHZpbmcgdG93YXJkcyBh
IGNvbXBvbmVudCwgYW5kIHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVuIHRoZW0gaXMgcXVpdGUgdmFn
dWUuIEFub3RoZXIgZmFjdCBpcyB0aGF0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3Jr
cyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2Yg
dGhlIG1hbmFnZW1lbnQgcGxhbmUsIHdoaWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50
cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBz
ZXBhcmF0ZSBjb21wb25lbnQiDQoNCiBEbyB5b3UgKG9yIGFueW9uZSBlbHNlKSBoYXZlIGEgc3Vn
Z2VzdGlvbiBmb3IgdGV4dCB0aGF0IGFja25vd2xlZGdlcyB0byB0aGUgcmVhZGVyIHRoYXQgaXQn
cyBub3QgdGhlIHJlYWRlcidzIGZhdWx0IGZvciBub3QgdW5kZXJzdGFuZGluZyB0aGUgZGlmZmVy
ZW5jZT8NCg0KSXQgd291bGQgYmUgT0sgd2l0aCBtZSBmb3IgdGhlbSB0byBsZWF2ZSBvdXQgIHRo
ZSBleHRyYSBlbnRpcmVseSwgc2luY2UgSSdtIHN1cmUgdGhpcyBpc24ndCB0aGUgZmlyc3QgUkZD
IHdob3NlIHZlcmJpYWdlIGNsYWltcyBTRE4gYW5kIE5NUyBhcmUgdHdvIGRpZmZlcmVudCBjb25j
ZXB0cy4gQnV0IGlmIEkgd2VyZSB0cnlpbmcgdG8gZ2V0IHVwIHRvIHNwZWVkIGFib3V0IHRoaXMg
YXJlYSBieSByZWFkaW5nIHRoZSBkb2N1bWVudHMsIEknZCBiZSBzb21ld2hhdCBjb21mb3J0ZWQg
YnkgYW4gYWNrbm93bGVkZ2VtZW50IChzdWNoIGFzIHRoZSB0ZXh0IHRoZXkgcHJvcG9zZSwgYnV0
IHdpdGggdGhlIEVuZ2xpc2ggZml4ZWQpIHRoYXQgdGhlc2UgYXJlIGZ1enp5IGRpc3RpbmN0aW9u
cywgc28gSSB3b3VsZG4ndCB0aGluayBpdCB3YXMganVzdCBtZS4uLi50aGF0IGlmIEkgb25seSBy
ZWFkIG1vcmUgdGhpbmdzLCBvciB0aG91Z2h0IGhhcmRlciwgb3IgaGFkIG1vcmUgYmFja2dyb3Vu
ZCwgdGhlIGRpc3RpbmN0aW9uIHdvdWxkIGJlIGNsZWFyLg0KDQpSYWRpYQ0KDQoNCg0KDQpPbiBG
cmksIE1heSAxOCwgMjAxOCBhdCAxOjI3IFBNLCBFcmljIEdyYXkgPGVyaWMuZ3JheUBlcmljc3Nv
bi5jb208bWFpbHRvOmVyaWMuZ3JheUBlcmljc3Nvbi5jb20+PiB3cm90ZToNCkhpIFJhZGlhLg0K
DQpJIGFncmVlIHRoYXQgdGhlIEVuZ2xpc2ggaXMgYXdrd2FyZCwgYnV0IEkgd291bGQgaGF2ZSBp
bnRlcnByZXRlZCDigJxldm9sdmluZyB0b3dhcmQgYSBjb21wb25lbnTigJ0gdG8gbWVhbiBzb21l
dGhpbmcgbW9yZSBhbG9uZyB0aGUgbGluZXMgb2YgZXZvbHZpbmcgdG93YXJkIHRoZSBzYW1lIChz
aW5ndWxhcikgdGhpbmcuICBPciBwZXJoYXBzIGFub3RoZXIgd2F5IHRvIGxvb2sgYXQgaXQgbWln
aHQgYmUgdGhhdCwgYmVjYXVzZSBZQU5HIGlzIGJlY29taW5nIGEgbW9yZSBwb3B1bGFyIG1lY2hh
bmlzbSBmb3IgYm90aCBOTVMgYW5kIFNETiwgaXQgaXMgbGlrZWx5IHRoYXQgb25lIG9yIGJvdGgg
b2YgdGhlc2UgbWF5IGJlY29tZSBjb21wb25lbnRzIG9mIGEgY29tbW9uIG1hbmFnZW1lbnQgZnJh
bWV3b3JrLg0KDQpJIHdvdWxkIGludGVycHJldCBpdCB0aGlzIHdheSBwcmVjaXNlbHkgYmVjYXVz
ZSDigJMgYXMgeW91IHNheSDigJMgdGhlIGRpc3RpbmN0aW9uIGlzIG5vdCBhdCBhbGwgY2xlYXIs
IHRob3VnaCBJIHdvdWxkIGFkZCB0aGF0ICh0byBzb21lIG9mIHVzKSB0aGUgZGlzdGluY3Rpb24g
aGFzIG5ldmVyIGJlZW4gdmVyeSBjbGVhci4gIPCfmIoNCg0KRm9yIHRoaXMgcmVhc29uLCBJIHdv
dWxkIGhhdmUgc29tZSBzbWFsbCBkaWZmaWN1bHR5IGluIHNlZWluZyBob3cgaXQgd291bGQgbWFr
ZSBtdWNoIHNlbnNlIHRvIHNheSB0aGF0IHRoZXkgYXJlIGV2b2x2aW5nIHRvd2FyZCBpbmNyZWFz
aW5nIHNpbWlsYXJpdHkuDQoNCi0tDQpFcmljDQoNCkZyb206IENDQU1QIFttYWlsdG86Y2NhbXAt
Ym91bmNlc0BpZXRmLm9yZzxtYWlsdG86Y2NhbXAtYm91bmNlc0BpZXRmLm9yZz5dIE9uIEJlaGFs
ZiBPZiBSYWRpYSBQZXJsbWFuDQpTZW50OiBGcmlkYXksIE1heSAxOCwgMjAxOCAxMjozMCBBTQ0K
VG86IFllbWluIChBbXkpIDxhbXkueWVtaW5AaHVhd2VpLmNvbTxtYWlsdG86YW15LnllbWluQGh1
YXdlaS5jb20+Pg0KQ2M6IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYu
b3JnPj47IGNjYW1wQGlldGYub3JnPG1haWx0bzpjY2FtcEBpZXRmLm9yZz47IHNlY2RpckBpZXRm
Lm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPjsgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUt
ZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNy
b3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbQ0NBTVBd
IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1
DQoNClRoYW5rIHlvdSEgIFRob3VnaCB3aGF0IHlvdSdyZSBzdWdnZXN0aW5nIGlzIGF3a3dhcmQg
RW5nbGlzaC4NCg0KUGVyaGFwcyAiV2Ugbm90ZSB0aGF0IHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVu
IE5NUyBhbmQgU0ROIGlzIG5vdCBhbGwgdGhhdCBjbGVhciwgYW5kIHRoZSB0d28gYXJlIGV2b2x2
aW5nIHRvIGJlIG1vcmUgYW5kIG1vcmUgc2ltaWxhci4iIGNvdWxkIHJlcGxhY2UgdGhlIGZpcnN0
IHNlbnRlbmNlLiAgSSdtIHJlYWxseSBub3Qgc3VyZSB3aGF0IHlvdSBtZWFudCBieSAiZXZvbHZp
bmcgdG93YXJkIGEgY29tcG9uZW50Iiwgc28gcGVyaGFwcyBJJ20gbm90IGNhcHR1cmluZyB3aGF0
IHlvdSBhcmUgaW50ZW5kaW5nIHRvIHNheS4NCg0KDQpSYWRpYQ0KDQpPbiBUaHUsIE1heSAxNywg
MjAxOCBhdCA3OjAzIFBNLCBZZW1pbiAoQW15KSA8YW15LnllbWluQGh1YXdlaS5jb208bWFpbHRv
OmFteS55ZW1pbkBodWF3ZWkuY29tPj4gd3JvdGU6DQpIaSBSYWRpYSwNCg0KV2UganVzdCB1cGRh
dGVkIHRoZSBkcmFmdCwgaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0
Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLy4NCllvdXIgY29tbWVudHMgYXJlIGFkZHJlc3Nl
ZCBpbiB0aGUgbGF0ZXN0IHZlcnNpb24uDQoNCkJSLA0KQW15DQpGcm9tOiBZZW1pbiAoQW15KQ0K
U2VudDogVGh1cnNkYXksIE1heSAxMCwgMjAxOCA0OjA3IFBNDQpUbzogJ0RhbmllbGUgQ2VjY2Fy
ZWxsaScgPGRhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb208bWFpbHRvOmRhbmllbGUuY2Vj
Y2FyZWxsaUBlcmljc3Nvbi5jb20+PjsgUmFkaWEgUGVybG1hbiA8cmFkaWFwZXJsbWFuQGdtYWls
LmNvbTxtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbT4+OyBkcmFmdC1pZXRmLWNjYW1wLW1p
Y3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWNj
YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPjsgVGhlIElFU0cgPGll
c2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+Pjsgc2VjZGlyQGlldGYub3JnPG1haWx0
bzpzZWNkaXJAaWV0Zi5vcmc+DQpTdWJqZWN0OiBSRTogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1p
ZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNCg0KSGkgUmFkaWEsDQoNClRoYW5rcyBm
b3IgeW91ciByZXZpZXcuDQoNClJlZ2FyZGluZyB0aGUgTk1TIGFuZCBTRE4sIGFzIERhbmllbGUg
c3VnZ2VzdGVkLCB3ZSB3aWxsIGFkZCB0aGUgZm9sbG93aW5nIHRleHQgaW4gc2VjdGlvbiAzOg0K
4oCcSXQncyBub3RlZCB0aGF0IHRoZXJlJ3MgaWRlYSB0aGF0IHRoZSBOTVMgYW5kIFNETiBhcmUg
ZXZvbHZpbmcgdG93YXJkcyBhIGNvbXBvbmVudCwgYW5kIHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVu
IHRoZW0gaXMgcXVpdGUgdmFndWUuIEFub3RoZXIgZmFjdCBpcyB0aGF0IHRoZXJlIGlzIHN0aWxs
IHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUg
aW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUsIHdoaWxlIFNETiBpcyBjb25z
aWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZS4gVGhleSBh
cmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25lbnQu4oCdDQoNClJlZ2FyZGluZyB0aGUg
c2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBkcmFmdCBkb2VzbuKAmXQgc3BlY2lm
eSB0aGUgcGFyYW1ldGVycy4NClRoZXJl4oCZcyBhbm90aGVyIGRyYWZ0IGRyYWZ0LWlldGYtY2Nh
bXAtbXcteWFuZywgd2hlcmUgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb24gaXMgYWRkcmVzc2Vk
IGFzIHlvdSBzdWdnZXN0ZWQuDQoNCkJSLA0KQW15DQpGcm9tOiBEYW5pZWxlIENlY2NhcmVsbGkg
W21haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tXQ0KU2VudDogTW9uZGF5LCBN
YXkgMDcsIDIwMTggNTo0NiBQTQ0KVG86IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVybG1hbkBnbWFp
bC5jb208bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20+PjsgZHJhZnQtaWV0Zi1jY2FtcC1t
aWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1j
Y2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRoZSBJRVNHIDxp
ZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWls
dG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVjdDogUkU6IFNlY2RpciByZXZpZXcgb2YgZHJhZnQt
aWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1DQoNCkhpIFJhZGlhLA0KDQpsZXQgbWUg
cmVwbHkgb24gYmVoYWxmIG9mIHRoZSBhdXRob3JzLiBGaXJzdCBvZiBhbGwgbWFueSB0aGFua3Mg
Zm9yIHlvdXIgcmV2aWV3Lg0KDQpSZWdhcmRpbmcgeW91ciBxdWVzdGlvbiBhYm91dCB0cmFkaXRp
b25hbCBOTVMgdnMgU0ROIEkgYWdyZWUgd2l0aCB5b3Ugb24gdGhlIGZhY3QgdGhhdCB0aGV5IGFy
ZSBldm9sdmluZyB0b3dhcmRzIGEgY29tbW9uIGNvbXBvbmVudCBhbmQgdGhlIGRpc3RpbmN0aW9u
IGlzIHF1aXRlIGJsdXJyeSwgYnV0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3
aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhl
IG1hbmFnZW1lbnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29u
dHJvbCBwbGFuZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSB0aGluZ3MuDQoN
CkhlbmNlLCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVhayBhYm91dCDigJx0cmFkaXRpb25hbOKAnSBO
TVMgYW5kIFNETiBJIHdvdWxkIHRlbmQgdG8gYWxsb3cgZm9yIHRoZSBkaXN0aW5jdGlvbiB0byBi
ZSBrZXB0LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBzcGVha2luZyBhYm91dCB0aGUgY29udmVyZ2Vu
Y2Ugb2YgdGhlIHR3byB0aGluZ3MgY2FuIGJlIGFkZGVkLg0KDQpUaGFua3MgYSBsb3QNCkRhbmll
bGUgIChjY2FtcCBjby1jaGFpcikNCg0KRnJvbTogUmFkaWEgUGVybG1hbiBbbWFpbHRvOnJhZGlh
cGVybG1hbkBnbWFpbC5jb21dDQpTZW50OiBsdW5lZMOsIDcgbWFnZ2lvIDIwMTggMDg6NTUNClRv
OiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3Jn
PG1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmll
dGYub3JnPjsgVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+Pjsg
c2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQpTdWJqZWN0OiBTZWNkaXIg
cmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpTb3Jy
eS4uLnJlc2VuZGluZyBiZWNhdXNlIEkgbWlzdHlwZWQgdGhlIGF1dGhvciBhZGRyZXNzLg0KDQoN
Ci0tLS0tLS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLQ0KRnJvbTogUmFkaWEgUGVy
bG1hbiA8cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTxtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNv
bT4+DQpEYXRlOiBTdW4sIE1heSA2LCAyMDE4IGF0IDExOjQ4IFBNDQpTdWJqZWN0OiBTZWNkaXIg
cmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KVG86IGRy
YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc8
bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMu
aWV0Zi5vcmc+LCBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+
LCBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4NClN1bW1hcnk6ICBObyBz
ZWN1cml0eSBpc3N1ZXMgZm91bmQsIGJ1dCBJIGRvIGhhdmUgcXVlc3Rpb25zLCBhbmQgdGhlcmUg
YXJlIGVkaXRpbmcgZ2xpdGNoZXMNCg0KSSBoYXZlIHJldmlld2VkIHRoaXMgZG9jdW1lbnQgYXMg
cGFydCBvZiB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUncyBvbmdvaW5nDQplZmZvcnQgdG8gcmV2
aWV3IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cuICBUaGVz
ZQ0KY29tbWVudHMgd2VyZSB3cml0dGVuIHByaW1hcmlseSBmb3IgdGhlIGJlbmVmaXQgb2YgdGhl
IHNlY3VyaXR5IGFyZWENCmRpcmVjdG9ycy4gIERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNoYWly
cyBzaG91bGQgdHJlYXQgdGhlc2UgY29tbWVudHMganVzdA0KbGlrZSBhbnkgb3RoZXIgbGFzdCBj
YWxsIGNvbW1lbnRzLg0KDQpUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0aGUgbWFuYWdlbWVudCBp
bnRlcmZhY2UgZm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy4NCkl0IGFkdm9jYXRlcyAoY29ycmVj
dGx5LCBJIGJlbGlldmUpIHRoYXQgc3VjaCBhbiBpbnRlcmZhY2Ugc2hvdWxkIGJlIGV4dGVuc2li
bGUgdG8gcHJvdmlkZSBmb3IgdmVuZG9yLXNwZWNpZmljIGZlYXR1cmVzLg0KDQpJIGRvbid0IHVu
ZGVyc3RhbmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICJhIHRyYWRpdGlvbmFsIG5ldHdvcmsg
bWFuYWdlbWVudCBzeXN0ZW0iIGFuZCBTRE4uICBQZXJoYXBzIGl0IGlzIG5vdCB0aGUgam9iIG9m
IHRoaXMgZG9jdW1lbnQgdG8gY2xlYXJseSBtYWtlIHRoZSBkaXN0aW5jdGlvbiwgYW5kIEkgc3Vz
cGVjdCB0aGVyZSBpcyBubyByZWFsIGRpc3RpbmN0aW9uLi4uc2V0dGluZyBwYXJhbWV0ZXJzICh0
cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQpIGlzIGEgd2F5IG9mICJwcm9ncmFtbWluZyIg
YW4gaW50ZXJmYWNlICgiU0ROIikuDQoNClRoaXMgZG9jdW1lbnQgY291bGQgdXNlIGFuIGVkaXRp
bmcgcGFzcyBmb3IgZ2xpdGNoZXMsIGJ1dCB0aGVzZSBnbGl0Y2hlcyBkbyBub3QgaW1wYWN0IGl0
cyByZWFkYWJpbGl0eS4NCg0KVGhlIGdsaXRjaGVzIGNvbnNpc3QgIG1vc3RseSBvZiBsZWF2aW5n
IG91dCBsaXR0bGUgd29yZHMgbGlrZSAib2YiIGluIHRoZSBmb2xsb3dpbmcgc2VudGVuY2UuDQoi
VGhlIGFkb3B0aW9uIG9mIGFuIFNETiBmcmFtZXdvcmsgZm9yIG1hbmFnZW1lbnQgYW5kDQogICBj
b250cm9sIHRoZSBtaWNyb3dhdmUgaW50ZXJmYWNlIGlzIG9uZSBvZiB0aGUga2V5IGFwcGxpY2F0
aW9ucyBmb3INCiAgIHRoaXMgd29yay4iDQoNClRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBz
YXkgdGhhdCB0aGV5IGFzc3VtZSBhIHNlY3VyZSB0cmFuc3BvcnQgbGF5ZXIgKGF1dGhlbnRpY2F0
ZWQsIHByb2JhYmx5IGVuY3J5cHRpb24gaXNuJ3QgbmVjZXNzYXJ5KSBmb3IgY29tbXVuaWNhdGlv
bi4gIE90aGVyIHRoYW4gdGhhdCwgcGVyaGFwcywgdGhlcmUgbWlnaHQgYmUgc2VjdXJpdHkgY29u
c2lkZXJhdGlvbnMgZm9yIGluYWR2ZXJ0ZW50bHkgc2V0dGluZyBwYXJhbWV0ZXJzIGluY29ycmVj
dGx5LCBvciBtYWxpY2lvdXNseSBieSBhIHRydXN0ZWQgYWRtaW5pc3RyYXRvci4gIEJ1dCB0aGlz
IGRvY3VtZW50IGRvZXMgbm90IHNwZWNpZnkgdGhlIHNwZWNpZmljIHBhcmFtZXRlcnMgdG8gYmUg
bWFuYWdlZCwganVzdCBhIGdlbmVyYWwgZnJhbWV3b3JrLg0KDQpSYWRpYQ0KDQoNCg0KDQo=

--_000_48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2eusaamb107erics_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
Q291cmllcjsNCglwYW5vc2UtMToyIDcgNCA5IDIgMiA1IDIgNCA0O30NCkBmb250LWZhY2UNCgl7
Zm9udC1mYW1pbHk6IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIg
NDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkRlbmdYaWFuOw0KCXBhbm9zZS0xOjIgMSA2
IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBh
bm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IlNlZ29lIFVJIEVtb2ppIjt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQERlbmdYaWFu
IjsNCglwYW5vc2UtMToyIDEgNiAwIDMgMSAxIDEgMSAxO30NCi8qIFN0eWxlIERlZmluaXRpb25z
ICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjow
aW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1m
YW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0K
CXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246
dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28t
c3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRl
cmxpbmU7fQ0KcHJlDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoi
SFRNTCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJbWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4w
MDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30N
CnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxl
LW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdo
dDowaW47DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0K
CWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0K
c3Bhbi5tLTIwNTg3OTU0ODIyOTczNzM2ODFtLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3Njcy
ODAzMTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3
NzgyNTM0Z21haWwtaWwNCgl7bXNvLXN0eWxlLW5hbWU6bV8tMjA1ODc5NTQ4MjI5NzM3MzY4MW0t
NjE2Njk4NTgwNDYxNTI3OTM2Nm00MTMxMzc2NzI4MDMxMTY3MzA2Z21haWwtbTkwMjYzNjg4MDM3
MTM4NjMzNDlnbWFpbC1tLTUwNTcwMTA5MTIxNTc3ODI1MzRnbWFpbC1pbDt9DQpzcGFuLkVtYWls
U3R5bGUxOQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToi
Q2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnNwYW4uSFRNTFByZWZv
cm1hdHRlZENoYXINCgl7bXNvLXN0eWxlLW5hbWU6IkhUTUwgUHJlZm9ybWF0dGVkIENoYXIiOw0K
CW1zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0
ZWQiOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0Kc3Bhbi5ncmV5DQoJe21zby1zdHls
ZS1uYW1lOmdyZXk7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9u
bHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rp
b24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBp
bjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+
PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBz
cGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4
bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIg
ZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4N
Cjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xh
c3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5Tbywgb25lIGNvdWxkIHJl
YWQgdGhpcyBhcyBzYXlpbmcgdGhhdCBzb21lIHBlb3BsZSB2aWV3IG5ldHdvcmsgbWFuYWdlbWVu
dCAoZS5nLiDigJMgdXNlIG9mIGFuIE5NUykgYW5kIGNlbnRyYWxpemVkIG5ldHdvcmsgY29udHJv
bCAoZS5nLiDigJMgU0ROKSBhcyBiZWluZyBzb21laG93IGF0IGxlYXN0IG1hcmdpbmFsbHkgZGlz
dGluY3QsIHlldCBiZWNvbWluZyBpbmNyZWFzaW5nbHkgbGVzcyBzby4mbmJzcDsgT3RoZXIgcGVv
cGxlDQogdmlldyB0aGVtIGFzIGNvbXBsZXRlbHkgZGlzam9pbnQsIHBlcmhhcHMgaGF2aW5nIGEg
cHJlZmVyZW5jZSwgYW5kIHdvdWxkIGxpa2UgdGhlbSB0byBjb250aW51ZSBiZWluZyBjb25zaWRl
cmVkIGNvbXBsZXRlbHkgc2VwYXJhdGUgYW5kIGRpc3RpbmN0IGNvbmNlcHRzLjxvOnA+PC9vOnA+
PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj5XaGlsZSBJIHRoaW5rIGl0IGlzIHByb2JhYmx5IGZhaXIgdG8gc2F5IHRo
YXQgdGhpcyBpcyB2ZXJ5IGxpa2VseSB0cnVlLCB0aGlzIGhhcyBhbGwgdGhlIGVhciBtYXJrcyBv
ZiBiZWluZyBhIHJhdCBob2xlLCBhbmQgSSBjYW5ub3QgaW1hZ2luZSB3aGF0IHZhbHVlIHRoZSBw
cm9wb3NlZCB0ZXh0IGFkZHMgdG8gdGhlIGRyYWZ0LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5B
cyBJIHVuZGVyc3RhbmQgaXQsIHRoZSBpbnRlbnQgd2FzIHRvIGNsYXJpZnkgc29tZXRoaW5nIHRv
IGRvIHdpdGggdGhlIGZvbGxvd2luZyB0ZXh0OjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls
ZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlzIj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQt
ZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlz
Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1
b3Q7Ij4mbmJzcDsmbmJzcDsgVGhpcyBmcmFtZXdvcmsgYWRkcmVzc2VzIHRoZSBkZWZpbml0aW9u
IG9mIGFuIG9wZW4gYW5kIHN0YW5kYXJkaXplZDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJwYWdlLWJyZWFrLWJlZm9yZTphbHdheXMiPjxzcGFuIGxh
bmc9IkVOIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPiZuYnNw
OyZuYnNwOyBpbnRlcmZhY2UgZm9yIHRoZSByYWRpbyBsaW5rIGZ1bmN0aW9uYWxpdHkgaW4gYSBt
aWNyb3dhdmUgbm9kZS4mbmJzcDsgVGhlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9InBhZ2UtYnJlYWstYmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0i
RU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5i
c3A7IGFwcGxpY2F0aW9uIG9mIHN1Y2ggYW4gaW50ZXJmYWNlIHVzZWQgZm9yIG1hbmFnZW1lbnQg
YW5kIGNvbnRyb2wgb2Y8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
IiBzdHlsZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlzIj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9
ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij4mbmJzcDsmbmJzcDsgbm9kZXMg
YW5kIG5ldHdvcmtzIHR5cGljYWxseSB2YXJ5IGZyb20gb25lIG9wZXJhdG9yIHRvIGFub3RoZXIs
IGluPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InBh
Z2UtYnJlYWstYmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWls
eTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5ic3A7IHRlcm1zIG9mIHRoZSBzeXN0
ZW1zIHVzZWQgYW5kIGhvdyB0aGV5IGludGVyYWN0LiZuYnNwOyBBIHRyYWRpdGlvbmFsPG86cD48
L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InBhZ2UtYnJlYWst
YmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtD
b3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5ic3A7IHNvbHV0aW9uIGlzIG5ldHdvcmsgbWFuYWdl
bWVudCBzeXN0ZW0sIHdoaWxlIGFuIGVtZXJnaW5nIG9uZSBpcyBTRE4uPG86cD48L286cD48L3Nw
YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InBhZ2UtYnJlYWstYmVmb3JlOmFs
d2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5l
dyZxdW90OyI+Jm5ic3A7Jm5ic3A7IFNETiBzb2x1dGlvbnMgY2FuIGJlIHVzZWQgYXMgcGFydCBv
ZiB0aGUgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlzIj48c3Bh
biBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij4m
bmJzcDsmbmJzcDsgYWxsb3dpbmcgZm9yIGRpcmVjdCBuZXR3b3JrIHByb2dyYW1tYWJpbGl0eSBh
bmQgYXV0b21hdGVkPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg
c3R5bGU9InBhZ2UtYnJlYWstYmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJm
b250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5ic3A7IGNvbmZpZ3Vy
YWJpbGl0eSBieSBtZWFucyBvZiBhIGNlbnRyYWxpemVkIFNETiBjb250cm9sIGFuZDxvOnA+PC9v
OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJwYWdlLWJyZWFrLWJl
Zm9yZTphbHdheXMiPjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291
cmllciBOZXcmcXVvdDsiPiZuYnNwOyZuYnNwOyBzdGFuZGFyZGl6ZWQgaW50ZXJmYWNlcyB0byBw
cm9ncmFtIHRoZSBub2Rlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBsYW5nPSJFTiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4iPllvdXIgY29tbWVudCB3YXMgdGhhdCB0aGUg
ZGlzdGluY3Rpb24gaXMgbm90IGNsZWFyLiZuYnNwOyBUaGF0IGlzIGEgZmFpciBwb2ludC4mbmJz
cDsgQW5kIGl0IGlzIHByb2JhYmx5IG5vdCBhZGRyZXNzZWQgYnkgdGhlIHByb3Bvc2FsLjxvOnA+
PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj48
bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs
YW5nPSJFTiI+SSB3b3VsZCBmdXJ0aGVyIGFkZCB0aGF0IHVzaW5nIGVtb3Rpb25hbGx5IGZyZWln
aHRlZCBleHByZXNzaW9ucyAo4oCcY2xhc3NpY+KAnS/igJ1sZWdhY3nigJ0v4oCddHJhZGl0aW9u
YWzigJ0gdmVyc2VzIOKAnGlubm92YXRpdmXigJ0v4oCdbm92ZWzigJ0v4oCdZW1lcmdpbmfigJ0p
IGRvZXNu4oCZdCBoZWxwIGFuZCByZWFsbHkgaXNu4oCZdCBhcHByb3ByaWF0ZSBpbiBzcGVjaWZp
Y2F0aW9uLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IGxhbmc9IkVOIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBsYW5nPSJFTiI+SSBzdXNwZWN0IHRoYXQgdGhlIHJlYXNvbiBmb3IgY2xhaW1p
bmcgYSBkaXN0aW5jdGlvbiBleGlzdHMgKGhvd2V2ZXIgZGlmZmljdWx0IGl0IG1heSBiZSB0byBj
aGFyYWN0ZXJpemUgdGhhdCBkaXN0aW5jdGlvbikgaXMgaW4gdGhlIHBhcnQgb2YgdGhlIGFib3Zl
IHRleHQgaGF2aW5nIHRvIGRvIHdpdGggb3BlcmF0b3IgcHJlZmVyZW5jZXMuJm5ic3A7IFRoZXNl
IGRlZmluaXRlbHkgZG8gZXhpc3QuJm5ic3A7DQo8L3NwYW4+PHNwYW4gbGFuZz0iRU4iIHN0eWxl
PSJmb250LWZhbWlseTomcXVvdDtTZWdvZSBVSSBFbW9qaSZxdW90OyxzYW5zLXNlcmlmIj7wn5iK
PC9zcGFuPjxzcGFuIGxhbmc9IkVOIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4iPlBlcmhhcHMgYSBnb29kIHdheSB0
byBhZGRyZXNzIHRoZSBpc3N1ZSBpcyB0byByZXBsYWNlIHRoZSBsYXN0IHR3byBzZW50ZW5jZXMg
aW4gdGhlIHRleHQgYWJvdmUgd2l0aCBzb21ldGhpbmcgYWxvbmcgdGhlIGxpbmVzIG9mOjxvOnA+
PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj48
bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs
YW5nPSJFTiI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IDwvc3Bhbj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9
ImZvbnQtZmFtaWx5OkNvdXJpZXIiPuKAnFBvc3NpYmxlIGFwcHJvYWNoZXMgaW5jbHVkZSB2aWEg
dGhlIHVzZSBvZiBhIG5ldHdvcmsgbWFuYWdlbWVudCBzeXN0ZW0gKE5NUyksIHZpYSBzb2Z0d2Fy
ZSBkZWZpbmVkIG5ldHdvcmtpbmcgKFNETikgYW5kIHZpYSBzb21lIGNvbWJpbmF0aW9uIG9mIE5N
UyBhbmQgU0ROLuKAnTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
PjxzcGFuIGxhbmc9IkVOIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTiI+Tm90ZSB0aGF0IOKAnGF1dG9tYXRlZCBjb25maWd1
cmFiaWxpdHnigJ0gaXMgPGI+DQo8aT48dT5ub3Q8L3U+PC9pPjwvYj4gYSBuZXcgY29uY2VwdCBp
biBjb25maWd1cmF0aW9uIG9mIG5ldHdvcmsgZGV2aWNlcywgdW5pcXVlIHRvIFNETiwgaGVuY2Ug
dGhlIGxhc3QgcGFydCBvZiB0aGUgZmluYWwgc2VudGVuY2UgKHN0YXJ0aW5nIHdpdGgg4oCcYWxs
b3dpbmcgZm9yIOKApuKAnSkgYWRkcyBubyB2YWx1ZSBhbmQgc2hvdWxkIGJlIGxlZnQgb3V0Ljxv
OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVO
Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh
biBsYW5nPSJFTiI+LS08bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48c3BhbiBsYW5nPSJFTiI+RXJpYzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+
RnJvbTo8L2I+IFJhZGlhIFBlcmxtYW4gW21haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tXSA8
YnI+DQo8Yj5TZW50OjwvYj4gU2F0dXJkYXksIE1heSAxOSwgMjAxOCAxMTozNSBQTTxicj4NCjxi
PlRvOjwvYj4gRXJpYyBHcmF5ICZsdDtlcmljLmdyYXlAZXJpY3Nzb24uY29tJmd0Ozxicj4NCjxi
PkNjOjwvYj4gWWVtaW4gKEFteSkgJmx0O2FteS55ZW1pbkBodWF3ZWkuY29tJmd0OzsgVGhlIElF
U0cgJmx0O2llc2dAaWV0Zi5vcmcmZ3Q7OyBjY2FtcEBpZXRmLm9yZzsgc2VjZGlyQGlldGYub3Jn
OyBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3Jn
PGJyPg0KPGI+U3ViamVjdDo8L2I+IFJlOiBbQ0NBTVBdIFNlY2RpciByZXZpZXcgb2YgZHJhZnQt
aWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PGJyPg0KPGI+SW1wb3J0YW5jZTo8L2I+
IEhpZ2g8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v
OnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkhpIEVyaWMsPG86cD48L286cD48
L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8
L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JIGZlZWwgYmFkIGZvciB0aGUgYXV0
aG9ycyBvZiB0aGlzIGRvY3VtZW50IHRvIGJlIGJ1cmRlbmVkIHdpdGggY2xhcmlmeWluZyBhIGRp
c3RpbmN0aW9uIHRoYXQgaGFzIG5ldmVyIGJlZW4gY2xlYXIgYmVmb3JlICh0byBsb3RzIG9mIHBl
b3BsZSwgaW5jbHVkaW5nIG1lKSwmbmJzcDsgYnV0IHRoZWlyIHByb3Bvc2VkIHRleHQgZG9lc24n
dCBtYWtlIGl0IGNsZWFyZXIuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPiZxdW90OyA8c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuNXB0O2ZvbnQt
ZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RDtiYWNrZ3Jv
dW5kOndoaXRlIj4NCuKAnEl0J3Mgbm90ZWQgdGhhdCB0aGVyZSdzIGlkZWEgdGhhdCB0aGUgTk1T
IGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBjb21wb25lbnQsIGFuZCB0aGUgZGlzdGlu
Y3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZhZ3VlLiBBbm90aGVyIGZhY3QgaXMgdGhhdCB0
aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNp
ZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50DQogcGxhbmUsIHdo
aWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJv
bCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25lbnQmcXVvdDs8
L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwm
cXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEO2JhY2tncm91bmQ6d2hpdGUiPiZuYnNwO0Rv
IHlvdSAob3IgYW55b25lIGVsc2UpIGhhdmUgYSBzdWdnZXN0aW9uIGZvciB0ZXh0IHRoYXQgYWNr
bm93bGVkZ2VzIHRvIHRoZSByZWFkZXIgdGhhdCBpdCdzIG5vdCB0aGUgcmVhZGVyJ3MgZmF1bHQg
Zm9yIG5vdCB1bmRlcnN0YW5kaW5nIHRoZSBkaWZmZXJlbmNlPzwvc3Bhbj48bzpwPjwvbzpwPjwv
cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+
PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv
bnQtc2l6ZTo5LjVwdDtjb2xvcjojMUY0OTdEIj5JdCB3b3VsZCBiZSBPSyB3aXRoIG1lIGZvciB0
aGVtIHRvIGxlYXZlIG91dCZuYnNwOyB0aGUgZXh0cmEgZW50aXJlbHksIHNpbmNlIEknbSBzdXJl
IHRoaXMgaXNuJ3QgdGhlIGZpcnN0IFJGQyB3aG9zZSB2ZXJiaWFnZSBjbGFpbXMgU0ROIGFuZCBO
TVMgYXJlIHR3byBkaWZmZXJlbnQgY29uY2VwdHMuIEJ1dCBpZiBJIHdlcmUgdHJ5aW5nIHRvDQog
Z2V0IHVwIHRvIHNwZWVkIGFib3V0IHRoaXMgYXJlYSBieSByZWFkaW5nIHRoZSBkb2N1bWVudHMs
IEknZCBiZSBzb21ld2hhdCBjb21mb3J0ZWQgYnkgYW4gYWNrbm93bGVkZ2VtZW50IChzdWNoIGFz
IHRoZSB0ZXh0IHRoZXkgcHJvcG9zZSwgYnV0IHdpdGggdGhlIEVuZ2xpc2ggZml4ZWQpIHRoYXQg
dGhlc2UgYXJlIGZ1enp5IGRpc3RpbmN0aW9ucywgc28gSSB3b3VsZG4ndCB0aGluayBpdCB3YXMg
anVzdCBtZS4uLi50aGF0IGlmIEkgb25seSByZWFkDQogbW9yZSB0aGluZ3MsIG9yIHRob3VnaHQg
aGFyZGVyLCBvciBoYWQgbW9yZSBiYWNrZ3JvdW5kLCB0aGUgZGlzdGluY3Rpb24gd291bGQgYmUg
Y2xlYXIuJm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuNXB0O2NvbG9yOiMxRjQ5
N0QiPlJhZGlhPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxk
aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBGcmksIE1heSAxOCwgMjAxOCBhdCAxOjI3IFBNLCBFcmlj
IEdyYXkgJmx0OzxhIGhyZWY9Im1haWx0bzplcmljLmdyYXlAZXJpY3Nzb24uY29tIiB0YXJnZXQ9
Il9ibGFuayI+ZXJpYy5ncmF5QGVyaWNzc29uLmNvbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+
PC9wPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICND
Q0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDtt
YXJnaW4tcmlnaHQ6MGluIj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5
bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5I
aSBSYWRpYS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t
bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86
cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At
YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkkgYWdyZWUgdGhhdCB0aGUgRW5n
bGlzaCBpcyBhd2t3YXJkLCBidXQgSSB3b3VsZCBoYXZlIGludGVycHJldGVkIOKAnGV2b2x2aW5n
IHRvd2FyZCBhIGNvbXBvbmVudOKAnSB0byBtZWFuIHNvbWV0aGluZyBtb3JlIGFsb25nIHRoZSBs
aW5lcyBvZiBldm9sdmluZyB0b3dhcmQgdGhlIHNhbWUgKHNpbmd1bGFyKSB0aGluZy4mbmJzcDsN
CiBPciBwZXJoYXBzIGFub3RoZXIgd2F5IHRvIGxvb2sgYXQgaXQgbWlnaHQgYmUgdGhhdCwgYmVj
YXVzZSBZQU5HIGlzIGJlY29taW5nIGEgbW9yZSBwb3B1bGFyIG1lY2hhbmlzbSBmb3IgYm90aCBO
TVMgYW5kIFNETiwgaXQgaXMgbGlrZWx5IHRoYXQgb25lIG9yIGJvdGggb2YgdGhlc2UgbWF5IGJl
Y29tZSBjb21wb25lbnRzIG9mIGEgY29tbW9uIG1hbmFnZW1lbnQgZnJhbWV3b3JrLjxvOnA+PC9v
OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph
dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy
Z2luLWJvdHRvbS1hbHQ6YXV0byI+SSB3b3VsZCBpbnRlcnByZXQgaXQgdGhpcyB3YXkgcHJlY2lz
ZWx5IGJlY2F1c2Ug4oCTIGFzIHlvdSBzYXkg4oCTIHRoZSBkaXN0aW5jdGlvbiBpcyBub3QgYXQg
YWxsIGNsZWFyLCB0aG91Z2ggSSB3b3VsZCBhZGQgdGhhdCAodG8gc29tZSBvZiB1cykgdGhlIGRp
c3RpbmN0aW9uIGhhcyBuZXZlciBiZWVuIHZlcnkgY2xlYXIuJm5ic3A7DQo8c3BhbiBzdHlsZT0i
Zm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkgRW1vamkmcXVvdDssc2Fucy1zZXJpZiI+8J+Yijwv
c3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy
Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48
L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0
OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkZvciB0aGlzIHJlYXNvbiwgSSB3b3Vs
ZCBoYXZlIHNvbWUgc21hbGwgZGlmZmljdWx0eSBpbiBzZWVpbmcgaG93IGl0IHdvdWxkIG1ha2Ug
bXVjaCBzZW5zZSB0byBzYXkgdGhhdCB0aGV5IGFyZSBldm9sdmluZyB0b3dhcmQgaW5jcmVhc2lu
ZyBzaW1pbGFyaXR5LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9
Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJz
cDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu
LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+LS08bzpwPjwvbzpwPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt
c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+RXJpYzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90
dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0
byI+PGI+RnJvbTo8L2I+IENDQU1QIFttYWlsdG86PGEgaHJlZj0ibWFpbHRvOmNjYW1wLWJvdW5j
ZXNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5jY2FtcC1ib3VuY2VzQGlldGYub3JnPC9hPl0N
CjxiPk9uIEJlaGFsZiBPZiA8L2I+UmFkaWEgUGVybG1hbjxicj4NCjxiPlNlbnQ6PC9iPiBGcmlk
YXksIE1heSAxOCwgMjAxOCAxMjozMCBBTTxicj4NCjxiPlRvOjwvYj4gWWVtaW4gKEFteSkgJmx0
OzxhIGhyZWY9Im1haWx0bzphbXkueWVtaW5AaHVhd2VpLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmFt
eS55ZW1pbkBodWF3ZWkuY29tPC9hPiZndDs8YnI+DQo8Yj5DYzo8L2I+IFRoZSBJRVNHICZsdDs8
YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5v
cmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpjY2FtcEBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxh
bmsiPmNjYW1wQGlldGYub3JnPC9hPjsgPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyIg
dGFyZ2V0PSJfYmxhbmsiPg0Kc2VjZGlyQGlldGYub3JnPC9hPjsgPGEgaHJlZj0ibWFpbHRvOmRy
YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmciIHRh
cmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxA
dG9vbHMuaWV0Zi5vcmc8L2E+PGJyPg0KPGI+U3ViamVjdDo8L2I+IFJlOiBbQ0NBTVBdIFNlY2Rp
ciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48
L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0
OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0K
PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0
bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhhbmsgeW91ISZuYnNwOyBUaG91Z2ggd2hh
dCB5b3UncmUgc3VnZ2VzdGluZyBpcyBhd2t3YXJkIEVuZ2xpc2guPG86cD48L286cD48L3A+DQo8
ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp
bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9v
OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t
YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5QZXJoYXBzICZx
dW90O1dlIG5vdGUgdGhhdCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiBOTVMgYW5kIFNETiBpcyBu
b3QgYWxsIHRoYXQgY2xlYXIsIGFuZCB0aGUgdHdvIGFyZSBldm9sdmluZyB0byBiZSBtb3JlIGFu
ZCBtb3JlIHNpbWlsYXIuJnF1b3Q7IGNvdWxkIHJlcGxhY2UgdGhlIGZpcnN0IHNlbnRlbmNlLiZu
YnNwOyBJJ20gcmVhbGx5DQogbm90IHN1cmUgd2hhdCB5b3UgbWVhbnQgYnkgJnF1b3Q7ZXZvbHZp
bmcgdG93YXJkIGEgY29tcG9uZW50JnF1b3Q7LCBzbyBwZXJoYXBzIEknbSBub3QgY2FwdHVyaW5n
IHdoYXQgeW91IGFyZSBpbnRlbmRpbmcgdG8gc2F5LjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy
Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+
DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph
dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwv
ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h
bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+UmFkaWE8bzpwPjwvbzpwPjwvcD4N
CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8
ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h
bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+
DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph
dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5PbiBUaHUsIE1heSAxNywgMjAxOCBhdCA3
OjAzIFBNLCBZZW1pbiAoQW15KSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmFteS55ZW1pbkBodWF3ZWku
Y29tIiB0YXJnZXQ9Il9ibGFuayI+YW15LnllbWluQGh1YXdlaS5jb208L2E+Jmd0OyB3cm90ZTo8
bzpwPjwvbzpwPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVm
dDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxl
ZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206
NS4wcHQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h
cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxl
PSJjb2xvcjojMUY0OTdEIj5IaSBSYWRpYSwNCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu
LWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bh
bj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu
LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNv
bG9yOiMxRjQ5N0QiPldlIGp1c3QgdXBkYXRlZCB0aGUgZHJhZnQsDQo8YSBocmVmPSJodHRwczov
L2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt
ZXdvcmsvIiB0YXJnZXQ9Il9ibGFuayI+DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2Rv
Yy9kcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsvPC9hPi4gPC9zcGFuPg0KPG86
cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At
YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjoj
MUY0OTdEIj5Zb3VyIGNvbW1lbnRzIGFyZSBhZGRyZXNzZWQgaW4gdGhlIGxhdGVzdCB2ZXJzaW9u
Lg0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z
by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBz
dHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t
Ym90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+QlIsPC9zcGFuPjxv
OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w
LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6
IzFGNDk3RCI+QW15PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJv
cmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBp
biAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h
bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGI+RnJvbTo8L2I+IFllbWluIChB
bXkpDQo8YnI+DQo8Yj5TZW50OjwvYj4gVGh1cnNkYXksIE1heSAxMCwgMjAxOCA0OjA3IFBNPGJy
Pg0KPGI+VG86PC9iPiAnRGFuaWVsZSBDZWNjYXJlbGxpJyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmRh
bmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb20iIHRhcmdldD0iX2JsYW5rIj5kYW5pZWxlLmNl
Y2NhcmVsbGlAZXJpY3Nzb24uY29tPC9hPiZndDs7IFJhZGlhIFBlcmxtYW4gJmx0OzxhIGhyZWY9
Im1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tIiB0YXJnZXQ9Il9ibGFuayI+cmFkaWFwZXJs
bWFuQGdtYWlsLmNvbTwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAt
bWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4N
CmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8
L2E+OyBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0i
X2JsYW5rIj5pZXNnQGlldGYub3JnPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGll
dGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2VjZGlyQGlldGYub3JnPC9hPjxicj4NCjxiPlN1Ympl
Y3Q6PC9iPiBSRTogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m
cmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t
YWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5
bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48
c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+SGkgUmFkaWEsDQo8L3NwYW4+PG86cD48L286cD48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87
bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj4m
bmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i
bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu
IHN0eWxlPSJjb2xvcjojMUY0OTdEIj5UaGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KPC9zcGFuPjxv
OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w
LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6
IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph
dXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+UmVnYXJkaW5nIHRoZSBOTVMgYW5kIFNE
TiwgYXMgRGFuaWVsZSBzdWdnZXN0ZWQsIHdlIHdpbGwgYWRkIHRoZSBmb2xsb3dpbmcgdGV4dCBp
biBzZWN0aW9uIDM6DQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1
dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj7igJxJdCdzIG5vdGVkIHRoYXQgdGhlcmUn
cyBpZGVhIHRoYXQgdGhlIE5NUyBhbmQgU0ROIGFyZSBldm9sdmluZyB0b3dhcmRzIGEgY29tcG9u
ZW50LCBhbmQgdGhlIGRpc3RpbmN0aW9uIGJldHdlZW4gdGhlbSBpcyBxdWl0ZSB2YWd1ZS4gQW5v
dGhlciBmYWN0IGlzDQogdGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hl
cmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBt
YW5hZ2VtZW50IHBsYW5lLCB3aGlsZSBTRE4gaXMgY29uc2lkZXJlZCBhcyB0aGUgY2VudHJhbGl6
YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUuIFRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJh
dGUgY29tcG9uZW50LuKAnTwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6
YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpw
PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0
bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0Qi
PlJlZ2FyZGluZyB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBkcmFmdCBk
b2VzbuKAmXQgc3BlY2lmeSB0aGUgcGFyYW1ldGVycy4NCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t
bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlRoZXJl
4oCZcyBhbm90aGVyIGRyYWZ0IGRyYWZ0LWlldGYtY2NhbXAtbXcteWFuZywgd2hlcmUgdGhlIHNl
Y3VyaXR5IGNvbnNpZGVyYXRpb24gaXMgYWRkcmVzc2VkIGFzIHlvdSBzdWdnZXN0ZWQuDQo8L3Nw
YW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp
bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJj
b2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t
YWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5CUiw8L3NwYW4+PG86cD48L286
cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1
dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdE
Ij5BbXk8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5v
bmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAw
aW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv
O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4gRGFuaWVsZSBDZWNjYXJl
bGxpIFs8YSBocmVmPSJtYWlsdG86ZGFuaWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbSIgdGFy
Z2V0PSJfYmxhbmsiPm1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPC9hPl0N
Cjxicj4NCjxiPlNlbnQ6PC9iPiBNb25kYXksIE1heSAwNywgMjAxOCA1OjQ2IFBNPGJyPg0KPGI+
VG86PC9iPiBSYWRpYSBQZXJsbWFuICZsdDs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdt
YWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPnJhZGlhcGVybG1hbkBnbWFpbC5jb208L2E+Jmd0OzsN
CjxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxs
QHRvb2xzLmlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+DQpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jv
d2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPC9hPjsgVGhlIElFU0cgJmx0OzxhIGhy
ZWY9Im1haWx0bzppZXNnQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aWVzZ0BpZXRmLm9yZzwv
YT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsi
PnNlY2RpckBpZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUkU6IFNlY2RpciByZXZp
ZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48
L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn
aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwv
bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6
YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPkhpIFJhZGlh
LDwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph
dXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t
Ym90dG9tLWFsdDphdXRvIj5sZXQgbWUgcmVwbHkgb24gYmVoYWxmIG9mIHRoZSBhdXRob3JzLiBG
aXJzdCBvZiBhbGwgbWFueSB0aGFua3MgZm9yIHlvdXIgcmV2aWV3LjxvOnA+PC9vOnA+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t
YXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv
bS1hbHQ6YXV0byI+UmVnYXJkaW5nIHlvdXIgcXVlc3Rpb24gYWJvdXQgdHJhZGl0aW9uYWwgTk1T
IHZzIFNETiBJIGFncmVlIHdpdGggeW91IG9uIHRoZSBmYWN0IHRoYXQgdGhleSBhcmUgZXZvbHZp
bmcgdG93YXJkcyBhIGNvbW1vbiBjb21wb25lbnQgYW5kIHRoZSBkaXN0aW5jdGlvbiBpcyBxdWl0
ZSBibHVycnksIGJ1dCB0aGVyZQ0KIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBO
TVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFn
ZW1lbnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBw
bGFuZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSB0aGluZ3MuPG86cD48L286
cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1
dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn
aW4tYm90dG9tLWFsdDphdXRvIj5IZW5jZSwgc2luY2UgdGhlIGF1dGhvcnMgc3BlYWsgYWJvdXQg
4oCcdHJhZGl0aW9uYWzigJ0gTk1TIGFuZCBTRE4gSSB3b3VsZCB0ZW5kIHRvIGFsbG93IGZvciB0
aGUgZGlzdGluY3Rpb24gdG8gYmUga2VwdC4gSWYgeW91IHByZWZlciBhIG5vdGUgc3BlYWtpbmcg
YWJvdXQgdGhlIGNvbnZlcmdlbmNlIG9mIHRoZSB0d28NCiB0aGluZ3MgY2FuIGJlIGFkZGVkLjxv
OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w
LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt
c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhhbmtzIGEgbG90PG86cD48L286cD48L3A+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h
cmdpbi1ib3R0b20tYWx0OmF1dG8iPkRhbmllbGUmbmJzcDsgKGNjYW1wIGNvLWNoYWlyKTxvOnA+
PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs
dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4N
CjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUgMS41cHQ7cGFk
ZGluZzowaW4gMGluIDBpbiA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7
Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4i
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z
by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4gUmFkaWEgUGVybG1hbiBbPGEg
aHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdldD0iX2JsYW5rIj5tYWls
dG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwvYT5dDQo8YnI+DQo8Yj5TZW50OjwvYj4gbHVuZWTD
rCA3IG1hZ2dpbyAyMDE4IDA4OjU1PGJyPg0KPGI+VG86PC9iPiA8YSBocmVmPSJtYWlsdG86ZHJh
ZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZyIgdGFy
Z2V0PSJfYmxhbmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0
b29scy5pZXRmLm9yZzwvYT47IFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRm
Lm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1h
aWx0bzpzZWNkaXJAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+
PGJyPg0KPGI+U3ViamVjdDo8L2I+IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1t
aWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn
aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9v
OnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv
cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPlNv
cnJ5Li4ucmVzZW5kaW5nIGJlY2F1c2UgSSBtaXN0eXBlZCB0aGUgYXV0aG9yIGFkZHJlc3MuPC9z
cGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt
c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4g
bGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy
Z2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwv
bzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10
b3AtYWx0OmF1dG87bWFyZ2luLWJvdHRvbToxMi4wcHQiPjxzcGFuIGxhbmc9IklUIj4tLS0tLS0t
LS0tIEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS08YnI+DQpGcm9tOiA8Yj5SYWRpYSBQZXJs
bWFuPC9iPiAmbHQ7PGEgaHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdl
dD0iX2JsYW5rIj5yYWRpYXBlcmxtYW5AZ21haWwuY29tPC9hPiZndDs8YnI+DQpEYXRlOiBTdW4s
IE1heSA2LCAyMDE4IGF0IDExOjQ4IFBNPGJyPg0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBk
cmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8YnI+DQpUbzogPGEgaHJlZj0i
bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMu
aWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZy
YW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+LCBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0i
bWFpbHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5pZXNnQGlldGYub3JnPC9hPiZn
dDssDQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2Vj
ZGlyQGlldGYub3JnPC9hPjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0
b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0iZm9udC1zaXplOjkuNXB0O2ZvbnQt
ZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzIyMjIyMiI+U3VtbWFy
eTombmJzcDsgTm8gc2VjdXJpdHkgaXNzdWVzIGZvdW5kLCBidXQgSSBkbyBoYXZlIHF1ZXN0aW9u
cywgYW5kIHRoZXJlIGFyZSBlZGl0aW5nIGdsaXRjaGVzPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K
PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0
bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bh
bj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0
eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+
PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7
QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj5JIGhhdmUgcmV2aWV3ZWQgdGhp
cyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0ZSdzIG9uZ29pbmc8
YnI+DQplZmZvcnQgdG8mbmJzcDs8c3BhbiBjbGFzcz0ibS0yMDU4Nzk1NDgyMjk3MzczNjgxbS02
MTY2OTg1ODA0NjE1Mjc5MzY2bTQxMzEzNzY3MjgwMzExNjczMDZnbWFpbC1tOTAyNjM2ODgwMzcx
Mzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1Nzc4MjUzNGdtYWlsLWlsIj5yZXZpZXc8L3NwYW4+
Jm5ic3A7YWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHByb2Nlc3NlZCBieSB0aGUgSUVTRy4mbmJz
cDsgVGhlc2U8YnI+DQpjb21tZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVu
ZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJlYTxicj4NCmRpcmVjdG9ycy4mbmJzcDsgRG9jdW1lbnQg
ZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0PGJy
Pg0KbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1lbnRzLjwvc3Bhbj48c3BhbiBsYW5nPSJJ
VCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90
dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9w
Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t
dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+
VGhpcyBkb2N1bWVudCBkZXNjcmliZXMgdGhlIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGZvciBtaWNy
b3dhdmUgcmFkaW8gbGlua3MuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t
YXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+SXQgYWR2b2NhdGVzIChjb3Jy
ZWN0bHksIEkgYmVsaWV2ZSkgdGhhdCBzdWNoIGFuIGludGVyZmFjZSBzaG91bGQgYmUgZXh0ZW5z
aWJsZSB0byBwcm92aWRlIGZvciB2ZW5kb3Itc3BlY2lmaWMgZmVhdHVyZXMuPC9zcGFuPjxvOnA+
PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z
by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBs
YW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn
aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+SSBkb24ndCB1bmRlcnN0YW5kIHRo
ZSBkaWZmZXJlbmNlIGJldHdlZW4gYSAmcXVvdDthIHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdl
bWVudCBzeXN0ZW0mcXVvdDsgYW5kIFNETi4mbmJzcDsgUGVyaGFwcyBpdCBpcyBub3QgdGhlIGpv
YiBvZiB0aGlzIGRvY3VtZW50IHRvIGNsZWFybHkgbWFrZSB0aGUgZGlzdGluY3Rpb24sDQogYW5k
IEkgc3VzcGVjdCB0aGVyZSBpcyBubyByZWFsIGRpc3RpbmN0aW9uLi4uc2V0dGluZyBwYXJhbWV0
ZXJzICh0cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQpIGlzIGEgd2F5IG9mICZxdW90O3By
b2dyYW1taW5nJnF1b3Q7IGFuIGludGVyZmFjZSAoJnF1b3Q7U0ROJnF1b3Q7KS4mbmJzcDs8L3Nw
YW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz
dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i
PjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk
aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87
bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGlzIGRvY3VtZW50
IGNvdWxkIHVzZSBhbiBlZGl0aW5nIHBhc3MgZm9yIGdsaXRjaGVzLCBidXQgdGhlc2UgZ2xpdGNo
ZXMgZG8gbm90IGltcGFjdCBpdHMgcmVhZGFiaWxpdHkuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K
PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w
LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5i
c3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs
dDphdXRvIj48c3BhbiBsYW5nPSJJVCI+VGhlIGdsaXRjaGVzIGNvbnNpc3QmbmJzcDsgbW9zdGx5
IG9mIGxlYXZpbmcgb3V0IGxpdHRsZSB3b3JkcyBsaWtlICZxdW90O29mJnF1b3Q7IGluIHRoZSBm
b2xsb3dpbmcgc2VudGVuY2UuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t
YXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+JnF1b3Q7VGhlIGFkb3B0aW9u
IG9mIGFuIFNETiBmcmFtZXdvcmsgZm9yIG1hbmFnZW1lbnQgYW5kPC9zcGFuPjxvOnA+PC9vOnA+
PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn
aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJ
VCI+Jm5ic3A7ICZuYnNwO2NvbnRyb2wgdGhlIG1pY3Jvd2F2ZSBpbnRlcmZhY2UgaXMgb25lIG9m
IHRoZSBrZXkgYXBwbGljYXRpb25zIGZvcjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K
PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0
bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOyAmbmJz
cDt0aGlzIHdvcmsuJnF1b3Q7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t
YXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+
PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z
by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBs
YW5nPSJJVCI+VGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHNheSB0aGF0IHRoZXkgYXNzdW1l
IGEgc2VjdXJlIHRyYW5zcG9ydCBsYXllciAoYXV0aGVudGljYXRlZCwgcHJvYmFibHkgZW5jcnlw
dGlvbiBpc24ndCBuZWNlc3NhcnkpIGZvciBjb21tdW5pY2F0aW9uLiZuYnNwOyBPdGhlciB0aGFu
IHRoYXQsDQogcGVyaGFwcywgdGhlcmUgbWlnaHQgYmUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMg
Zm9yIGluYWR2ZXJ0ZW50bHkgc2V0dGluZyBwYXJhbWV0ZXJzIGluY29ycmVjdGx5LCBvciBtYWxp
Y2lvdXNseSBieSBhIHRydXN0ZWQgYWRtaW5pc3RyYXRvci4mbmJzcDsgQnV0IHRoaXMgZG9jdW1l
bnQgZG9lcyBub3Qgc3BlY2lmeSB0aGUgc3BlY2lmaWMgcGFyYW1ldGVycyB0byBiZSBtYW5hZ2Vk
LCBqdXN0IGEgZ2VuZXJhbCBmcmFtZXdvcmsuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+
DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph
dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImNv
bG9yOiM4ODg4ODgiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t
bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJjb2xvcjojODg4
ODg4Ij5SYWRpYTwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h
cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0iY29sb3I6Izg4ODg4
OCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K
PC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1
dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3Nw
YW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2
Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs
dDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwv
ZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4N
Cg==

--_000_48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2eusaamb107erics_--


From nobody Mon May 21 19:52:16 2018
Return-Path: <amy.yemin@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2451120724; Mon, 21 May 2018 19:52:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZNi2JGQBLnSG; Mon, 21 May 2018 19:51:51 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFB36120047; Mon, 21 May 2018 19:51:50 -0700 (PDT)
Received: from lhreml708-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 05EB5C34DBE6B; Tue, 22 May 2018 03:51:44 +0100 (IST)
Received: from DGGEMA405-HUB.china.huawei.com (10.3.20.46) by lhreml708-cah.china.huawei.com (10.201.108.49) with Microsoft SMTP Server (TLS) id 14.3.382.0; Tue, 22 May 2018 03:51:44 +0100
Received: from DGGEMA501-MBX.china.huawei.com ([169.254.1.56]) by DGGEMA405-HUB.china.huawei.com ([10.3.20.46]) with mapi id 14.03.0382.000; Tue, 22 May 2018 10:51:41 +0800
From: "Yemin (Amy)" <amy.yemin@huawei.com>
To: Eric Gray <eric.gray@ericsson.com>, Radia Perlman <radiaperlman@gmail.com>, "BRUNGARD, DEBORAH A" <db3546@att.com>
CC: The IESG <iesg@ietf.org>, "ccamp@ietf.org" <ccamp@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" <draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>
Thread-Topic: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQCADDFO8P//o5aAgAELkwCAAgmmgIAClBaAgAEGIWA=
Date: Tue, 22 May 2018 02:51:40 +0000
Message-ID: <9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0A@DGGEMA501-MBX.china.huawei.com>
References: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com> <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <CAFOuuo6XWv8NnWN2SDXDFJ-6FZVmvC-T8i8k+M3wXb2aARfqBg@mail.gmail.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se> <CAFOuuo5rZQpE7VrgRSxvMPJcC+3dRJco+a1S7BPEyqnCPmKBSA@mail.gmail.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2@eusaamb107.ericsson.se>
In-Reply-To: <48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2@eusaamb107.ericsson.se>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.169.30.234]
Content-Type: multipart/alternative; boundary="_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0ADGGEMA501MBXchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/wZeUFQwGfmbDyPGNAo89HPFA31c>
Subject: Re: [secdir] [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 May 2018 02:52:02 -0000

--_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0ADGGEMA501MBXchi_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgRXJpYywgUmFkaWEsIGFuZCBEZWJvcmFoLA0KDQpUaGFua3MgZm9yIHRoZSBkaXNjdXNzaW9u
LiBDb25zaWRlcmluZyBhbGwgdGhlIGNvbW1lbnRzIHJlY2VpdmVkLCBiZWxvdyBpcyB0aGUgbmV3
IHByb3Bvc2VkIHRleHQgZm9yIHRoaXMgcGFyYWdyYXBoOg0KDQogICBUaGlzIGZyYW1ld29yayBh
ZGRyZXNzZXMgdGhlIGRlZmluaXRpb24gb2YgYW4gb3BlbiBhbmQgc3RhbmRhcmRpemVkIGludGVy
ZmFjZSBmb3IgdGhlDQogICByYWRpbyBsaW5rIGZ1bmN0aW9uYWxpdHkgaW4gYSBtaWNyb3dhdmUg
bm9kZS4gIFRoZSBhcHBsaWNhdGlvbiBvZiBzdWNoIGFuIGludGVyZmFjZSB1c2VkDQogICBmb3Ig
bWFuYWdlbWVudCBhbmQgY29udHJvbCBvZiBub2RlcyBhbmQgbmV0d29ya3MgdHlwaWNhbGx5IHZh
cnkgZnJvbSBvbmUgb3BlcmF0b3INCiAgIHRvIGFub3RoZXIsIGluIHRlcm1zIG9mIHRoZSBzeXN0
ZW1zIHVzZWQgYW5kIGhvdyB0aGV5IGludGVyYWN0LiBQb3NzaWJsZSBhcHByb2FjaGVzDQogICBp
bmNsdWRlIHZpYSB0aGUgdXNlIG9mIGEgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSAoTk1TKSwg
dmlhIHNvZnR3YXJlIGRlZmluZWQNCiAgIG5ldHdvcmtpbmcgKFNETikgYW5kIHZpYSBzb21lIGNv
bWJpbmF0aW9uIG9mIE5NUyBhbmQgU0ROLiBBcyB0aGVyZSBhcmUgc3RpbGwgbWFueQ0KICAgbmV0
d29ya3Mgd2hlcmUgdGhlIE5NUyBpcyBpbXBsZW1lbnRlZCBhcyBvbmUgY29tcG9uZW50L2ludGVy
ZmFjZSBhbmQgdGhlIFNETg0KICAgY29udHJvbGxlciBpcyBzY29wZWQgdG8gY29udHJvbCBwbGFu
ZSBmdW5jdGlvbmFsaXR5IGFzIGEgc2VwYXJhdGUgY29tcG9uZW50L2ludGVyZmFjZSwNCiAgIHRo
aXMgZG9jdW1lbnQgZG9lcyBub3QgcHJlY2x1ZGUgZWl0aGVyIG1vZGVsLiBUaGUgYWltIG9mIHRo
aXMgZG9jdW1lbnQgaXMgdG8gcHJvdmlkZSBhDQogICBmcmFtZXdvcmsgZGVzY3JpYmluZyBib3Ro
IG1hbmFnZW1lbnQgYW5kIGNvbnRyb2wgb2YgbWljcm93YXZlIGludGVyZmFjZXMgdG8gc3VwcG9y
dA0KICAgZGV2ZWxvcG1lbnQgb2YgYSBjb21tb24gWUFORyBEYXRhIE1vZGVsLg0KDQpQbGVhc2Ug
Y2hlY2sgaWYgdGhlIHRleHQgaXMgb2suDQpUaGFua3MuDQoNCkJSLA0KQW15DQpGcm9tOiBFcmlj
IEdyYXkgW21haWx0bzplcmljLmdyYXlAZXJpY3Nzb24uY29tXQ0KU2VudDogVHVlc2RheSwgTWF5
IDIyLCAyMDE4IDI6NTcgQU0NClRvOiBSYWRpYSBQZXJsbWFuIDxyYWRpYXBlcmxtYW5AZ21haWwu
Y29tPg0KQ2M6IFllbWluIChBbXkpIDxhbXkueWVtaW5AaHVhd2VpLmNvbT47IFRoZSBJRVNHIDxp
ZXNnQGlldGYub3JnPjsgY2NhbXBAaWV0Zi5vcmc7IHNlY2RpckBpZXRmLm9yZzsgZHJhZnQtaWV0
Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZw0KU3ViamVjdDog
UkU6IFtDQ0FNUF0gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m
cmFtZXdvcmstMDUNCg0KU28sIG9uZSBjb3VsZCByZWFkIHRoaXMgYXMgc2F5aW5nIHRoYXQgc29t
ZSBwZW9wbGUgdmlldyBuZXR3b3JrIG1hbmFnZW1lbnQgKGUuZy4g4oCTIHVzZSBvZiBhbiBOTVMp
IGFuZCBjZW50cmFsaXplZCBuZXR3b3JrIGNvbnRyb2wgKGUuZy4g4oCTIFNETikgYXMgYmVpbmcg
c29tZWhvdyBhdCBsZWFzdCBtYXJnaW5hbGx5IGRpc3RpbmN0LCB5ZXQgYmVjb21pbmcgaW5jcmVh
c2luZ2x5IGxlc3Mgc28uICBPdGhlciBwZW9wbGUgdmlldyB0aGVtIGFzIGNvbXBsZXRlbHkgZGlz
am9pbnQsIHBlcmhhcHMgaGF2aW5nIGEgcHJlZmVyZW5jZSwgYW5kIHdvdWxkIGxpa2UgdGhlbSB0
byBjb250aW51ZSBiZWluZyBjb25zaWRlcmVkIGNvbXBsZXRlbHkgc2VwYXJhdGUgYW5kIGRpc3Rp
bmN0IGNvbmNlcHRzLg0KDQpXaGlsZSBJIHRoaW5rIGl0IGlzIHByb2JhYmx5IGZhaXIgdG8gc2F5
IHRoYXQgdGhpcyBpcyB2ZXJ5IGxpa2VseSB0cnVlLCB0aGlzIGhhcyBhbGwgdGhlIGVhciBtYXJr
cyBvZiBiZWluZyBhIHJhdCBob2xlLCBhbmQgSSBjYW5ub3QgaW1hZ2luZSB3aGF0IHZhbHVlIHRo
ZSBwcm9wb3NlZCB0ZXh0IGFkZHMgdG8gdGhlIGRyYWZ0Lg0KDQpBcyBJIHVuZGVyc3RhbmQgaXQs
IHRoZSBpbnRlbnQgd2FzIHRvIGNsYXJpZnkgc29tZXRoaW5nIHRvIGRvIHdpdGggdGhlIGZvbGxv
d2luZyB0ZXh0Og0KDQoNCiAgIFRoaXMgZnJhbWV3b3JrIGFkZHJlc3NlcyB0aGUgZGVmaW5pdGlv
biBvZiBhbiBvcGVuIGFuZCBzdGFuZGFyZGl6ZWQNCiAgIGludGVyZmFjZSBmb3IgdGhlIHJhZGlv
IGxpbmsgZnVuY3Rpb25hbGl0eSBpbiBhIG1pY3Jvd2F2ZSBub2RlLiAgVGhlDQogICBhcHBsaWNh
dGlvbiBvZiBzdWNoIGFuIGludGVyZmFjZSB1c2VkIGZvciBtYW5hZ2VtZW50IGFuZCBjb250cm9s
IG9mDQogICBub2RlcyBhbmQgbmV0d29ya3MgdHlwaWNhbGx5IHZhcnkgZnJvbSBvbmUgb3BlcmF0
b3IgdG8gYW5vdGhlciwgaW4NCiAgIHRlcm1zIG9mIHRoZSBzeXN0ZW1zIHVzZWQgYW5kIGhvdyB0
aGV5IGludGVyYWN0LiAgQSB0cmFkaXRpb25hbA0KICAgc29sdXRpb24gaXMgbmV0d29yayBtYW5h
Z2VtZW50IHN5c3RlbSwgd2hpbGUgYW4gZW1lcmdpbmcgb25lIGlzIFNETi4NCiAgIFNETiBzb2x1
dGlvbnMgY2FuIGJlIHVzZWQgYXMgcGFydCBvZiB0aGUgbmV0d29yayBtYW5hZ2VtZW50IHN5c3Rl
bSwNCiAgIGFsbG93aW5nIGZvciBkaXJlY3QgbmV0d29yayBwcm9ncmFtbWFiaWxpdHkgYW5kIGF1
dG9tYXRlZA0KICAgY29uZmlndXJhYmlsaXR5IGJ5IG1lYW5zIG9mIGEgY2VudHJhbGl6ZWQgU0RO
IGNvbnRyb2wgYW5kDQogICBzdGFuZGFyZGl6ZWQgaW50ZXJmYWNlcyB0byBwcm9ncmFtIHRoZSBu
b2Rlcy4NCg0KWW91ciBjb21tZW50IHdhcyB0aGF0IHRoZSBkaXN0aW5jdGlvbiBpcyBub3QgY2xl
YXIuICBUaGF0IGlzIGEgZmFpciBwb2ludC4gIEFuZCBpdCBpcyBwcm9iYWJseSBub3QgYWRkcmVz
c2VkIGJ5IHRoZSBwcm9wb3NhbC4NCg0KSSB3b3VsZCBmdXJ0aGVyIGFkZCB0aGF0IHVzaW5nIGVt
b3Rpb25hbGx5IGZyZWlnaHRlZCBleHByZXNzaW9ucyAo4oCcY2xhc3NpY+KAnS/igJ1sZWdhY3ni
gJ0v4oCddHJhZGl0aW9uYWzigJ0gdmVyc2VzIOKAnGlubm92YXRpdmXigJ0v4oCdbm92ZWzigJ0v
4oCdZW1lcmdpbmfigJ0pIGRvZXNu4oCZdCBoZWxwIGFuZCByZWFsbHkgaXNu4oCZdCBhcHByb3By
aWF0ZSBpbiBzcGVjaWZpY2F0aW9uLg0KDQpJIHN1c3BlY3QgdGhhdCB0aGUgcmVhc29uIGZvciBj
bGFpbWluZyBhIGRpc3RpbmN0aW9uIGV4aXN0cyAoaG93ZXZlciBkaWZmaWN1bHQgaXQgbWF5IGJl
IHRvIGNoYXJhY3Rlcml6ZSB0aGF0IGRpc3RpbmN0aW9uKSBpcyBpbiB0aGUgcGFydCBvZiB0aGUg
YWJvdmUgdGV4dCBoYXZpbmcgdG8gZG8gd2l0aCBvcGVyYXRvciBwcmVmZXJlbmNlcy4gIFRoZXNl
IGRlZmluaXRlbHkgZG8gZXhpc3QuICDwn5iKDQoNClBlcmhhcHMgYSBnb29kIHdheSB0byBhZGRy
ZXNzIHRoZSBpc3N1ZSBpcyB0byByZXBsYWNlIHRoZSBsYXN0IHR3byBzZW50ZW5jZXMgaW4gdGhl
IHRleHQgYWJvdmUgd2l0aCBzb21ldGhpbmcgYWxvbmcgdGhlIGxpbmVzIG9mOg0KDQogICAg4oCc
UG9zc2libGUgYXBwcm9hY2hlcyBpbmNsdWRlIHZpYSB0aGUgdXNlIG9mIGEgbmV0d29yayBtYW5h
Z2VtZW50IHN5c3RlbSAoTk1TKSwgdmlhIHNvZnR3YXJlIGRlZmluZWQgbmV0d29ya2luZyAoU0RO
KSBhbmQgdmlhIHNvbWUgY29tYmluYXRpb24gb2YgTk1TIGFuZCBTRE4u4oCdDQoNCk5vdGUgdGhh
dCDigJxhdXRvbWF0ZWQgY29uZmlndXJhYmlsaXR54oCdIGlzIG5vdCBhIG5ldyBjb25jZXB0IGlu
IGNvbmZpZ3VyYXRpb24gb2YgbmV0d29yayBkZXZpY2VzLCB1bmlxdWUgdG8gU0ROLCBoZW5jZSB0
aGUgbGFzdCBwYXJ0IG9mIHRoZSBmaW5hbCBzZW50ZW5jZSAoc3RhcnRpbmcgd2l0aCDigJxhbGxv
d2luZyBmb3Ig4oCm4oCdKSBhZGRzIG5vIHZhbHVlIGFuZCBzaG91bGQgYmUgbGVmdCBvdXQuDQoN
Ci0tDQpFcmljDQoNCkZyb206IFJhZGlhIFBlcmxtYW4gW21haWx0bzpyYWRpYXBlcmxtYW5AZ21h
aWwuY29tXQ0KU2VudDogU2F0dXJkYXksIE1heSAxOSwgMjAxOCAxMTozNSBQTQ0KVG86IEVyaWMg
R3JheSA8ZXJpYy5ncmF5QGVyaWNzc29uLmNvbTxtYWlsdG86ZXJpYy5ncmF5QGVyaWNzc29uLmNv
bT4+DQpDYzogWWVtaW4gKEFteSkgPGFteS55ZW1pbkBodWF3ZWkuY29tPG1haWx0bzphbXkueWVt
aW5AaHVhd2VpLmNvbT4+OyBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRm
Lm9yZz4+OyBjY2FtcEBpZXRmLm9yZzxtYWlsdG86Y2NhbXBAaWV0Zi5vcmc+OyBzZWNkaXJAaWV0
Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz47IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZl
LWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWlj
cm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc+DQpTdWJqZWN0OiBSZTogW0NDQU1Q
XSBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0w
NQ0KSW1wb3J0YW5jZTogSGlnaA0KDQpIaSBFcmljLA0KDQpJIGZlZWwgYmFkIGZvciB0aGUgYXV0
aG9ycyBvZiB0aGlzIGRvY3VtZW50IHRvIGJlIGJ1cmRlbmVkIHdpdGggY2xhcmlmeWluZyBhIGRp
c3RpbmN0aW9uIHRoYXQgaGFzIG5ldmVyIGJlZW4gY2xlYXIgYmVmb3JlICh0byBsb3RzIG9mIHBl
b3BsZSwgaW5jbHVkaW5nIG1lKSwgIGJ1dCB0aGVpciBwcm9wb3NlZCB0ZXh0IGRvZXNuJ3QgbWFr
ZSBpdCBjbGVhcmVyLg0KDQoiIOKAnEl0J3Mgbm90ZWQgdGhhdCB0aGVyZSdzIGlkZWEgdGhhdCB0
aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBjb21wb25lbnQsIGFuZCB0aGUg
ZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZhZ3VlLiBBbm90aGVyIGZhY3QgaXMg
dGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxs
IGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5l
LCB3aGlsZSBTRE4gaXMgY29uc2lkZXJlZCBhcyB0aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNv
bnRyb2wgcGxhbmUuIFRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgY29tcG9uZW50Ig0K
DQogRG8geW91IChvciBhbnlvbmUgZWxzZSkgaGF2ZSBhIHN1Z2dlc3Rpb24gZm9yIHRleHQgdGhh
dCBhY2tub3dsZWRnZXMgdG8gdGhlIHJlYWRlciB0aGF0IGl0J3Mgbm90IHRoZSByZWFkZXIncyBm
YXVsdCBmb3Igbm90IHVuZGVyc3RhbmRpbmcgdGhlIGRpZmZlcmVuY2U/DQoNCkl0IHdvdWxkIGJl
IE9LIHdpdGggbWUgZm9yIHRoZW0gdG8gbGVhdmUgb3V0ICB0aGUgZXh0cmEgZW50aXJlbHksIHNp
bmNlIEknbSBzdXJlIHRoaXMgaXNuJ3QgdGhlIGZpcnN0IFJGQyB3aG9zZSB2ZXJiaWFnZSBjbGFp
bXMgU0ROIGFuZCBOTVMgYXJlIHR3byBkaWZmZXJlbnQgY29uY2VwdHMuIEJ1dCBpZiBJIHdlcmUg
dHJ5aW5nIHRvIGdldCB1cCB0byBzcGVlZCBhYm91dCB0aGlzIGFyZWEgYnkgcmVhZGluZyB0aGUg
ZG9jdW1lbnRzLCBJJ2QgYmUgc29tZXdoYXQgY29tZm9ydGVkIGJ5IGFuIGFja25vd2xlZGdlbWVu
dCAoc3VjaCBhcyB0aGUgdGV4dCB0aGV5IHByb3Bvc2UsIGJ1dCB3aXRoIHRoZSBFbmdsaXNoIGZp
eGVkKSB0aGF0IHRoZXNlIGFyZSBmdXp6eSBkaXN0aW5jdGlvbnMsIHNvIEkgd291bGRuJ3QgdGhp
bmsgaXQgd2FzIGp1c3QgbWUuLi4udGhhdCBpZiBJIG9ubHkgcmVhZCBtb3JlIHRoaW5ncywgb3Ig
dGhvdWdodCBoYXJkZXIsIG9yIGhhZCBtb3JlIGJhY2tncm91bmQsIHRoZSBkaXN0aW5jdGlvbiB3
b3VsZCBiZSBjbGVhci4NCg0KUmFkaWENCg0KDQoNCg0KT24gRnJpLCBNYXkgMTgsIDIwMTggYXQg
MToyNyBQTSwgRXJpYyBHcmF5IDxlcmljLmdyYXlAZXJpY3Nzb24uY29tPG1haWx0bzplcmljLmdy
YXlAZXJpY3Nzb24uY29tPj4gd3JvdGU6DQpIaSBSYWRpYS4NCg0KSSBhZ3JlZSB0aGF0IHRoZSBF
bmdsaXNoIGlzIGF3a3dhcmQsIGJ1dCBJIHdvdWxkIGhhdmUgaW50ZXJwcmV0ZWQg4oCcZXZvbHZp
bmcgdG93YXJkIGEgY29tcG9uZW504oCdIHRvIG1lYW4gc29tZXRoaW5nIG1vcmUgYWxvbmcgdGhl
IGxpbmVzIG9mIGV2b2x2aW5nIHRvd2FyZCB0aGUgc2FtZSAoc2luZ3VsYXIpIHRoaW5nLiAgT3Ig
cGVyaGFwcyBhbm90aGVyIHdheSB0byBsb29rIGF0IGl0IG1pZ2h0IGJlIHRoYXQsIGJlY2F1c2Ug
WUFORyBpcyBiZWNvbWluZyBhIG1vcmUgcG9wdWxhciBtZWNoYW5pc20gZm9yIGJvdGggTk1TIGFu
ZCBTRE4sIGl0IGlzIGxpa2VseSB0aGF0IG9uZSBvciBib3RoIG9mIHRoZXNlIG1heSBiZWNvbWUg
Y29tcG9uZW50cyBvZiBhIGNvbW1vbiBtYW5hZ2VtZW50IGZyYW1ld29yay4NCg0KSSB3b3VsZCBp
bnRlcnByZXQgaXQgdGhpcyB3YXkgcHJlY2lzZWx5IGJlY2F1c2Ug4oCTIGFzIHlvdSBzYXkg4oCT
IHRoZSBkaXN0aW5jdGlvbiBpcyBub3QgYXQgYWxsIGNsZWFyLCB0aG91Z2ggSSB3b3VsZCBhZGQg
dGhhdCAodG8gc29tZSBvZiB1cykgdGhlIGRpc3RpbmN0aW9uIGhhcyBuZXZlciBiZWVuIHZlcnkg
Y2xlYXIuICDwn5iKDQoNCkZvciB0aGlzIHJlYXNvbiwgSSB3b3VsZCBoYXZlIHNvbWUgc21hbGwg
ZGlmZmljdWx0eSBpbiBzZWVpbmcgaG93IGl0IHdvdWxkIG1ha2UgbXVjaCBzZW5zZSB0byBzYXkg
dGhhdCB0aGV5IGFyZSBldm9sdmluZyB0b3dhcmQgaW5jcmVhc2luZyBzaW1pbGFyaXR5Lg0KDQot
LQ0KRXJpYw0KDQpGcm9tOiBDQ0FNUCBbbWFpbHRvOmNjYW1wLWJvdW5jZXNAaWV0Zi5vcmc8bWFp
bHRvOmNjYW1wLWJvdW5jZXNAaWV0Zi5vcmc+XSBPbiBCZWhhbGYgT2YgUmFkaWEgUGVybG1hbg0K
U2VudDogRnJpZGF5LCBNYXkgMTgsIDIwMTggMTI6MzAgQU0NClRvOiBZZW1pbiAoQW15KSA8YW15
LnllbWluQGh1YXdlaS5jb208bWFpbHRvOmFteS55ZW1pbkBodWF3ZWkuY29tPj4NCkNjOiBUaGUg
SUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+OyBjY2FtcEBpZXRmLm9y
ZzxtYWlsdG86Y2NhbXBAaWV0Zi5vcmc+OyBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBp
ZXRmLm9yZz47IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMu
aWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxA
dG9vbHMuaWV0Zi5vcmc+DQpTdWJqZWN0OiBSZTogW0NDQU1QXSBTZWNkaXIgcmV2aWV3IG9mIGRy
YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpUaGFuayB5b3UhICBUaG91
Z2ggd2hhdCB5b3UncmUgc3VnZ2VzdGluZyBpcyBhd2t3YXJkIEVuZ2xpc2guDQoNClBlcmhhcHMg
IldlIG5vdGUgdGhhdCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiBOTVMgYW5kIFNETiBpcyBub3Qg
YWxsIHRoYXQgY2xlYXIsIGFuZCB0aGUgdHdvIGFyZSBldm9sdmluZyB0byBiZSBtb3JlIGFuZCBt
b3JlIHNpbWlsYXIuIiBjb3VsZCByZXBsYWNlIHRoZSBmaXJzdCBzZW50ZW5jZS4gIEknbSByZWFs
bHkgbm90IHN1cmUgd2hhdCB5b3UgbWVhbnQgYnkgImV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVu
dCIsIHNvIHBlcmhhcHMgSSdtIG5vdCBjYXB0dXJpbmcgd2hhdCB5b3UgYXJlIGludGVuZGluZyB0
byBzYXkuDQoNCg0KUmFkaWENCg0KT24gVGh1LCBNYXkgMTcsIDIwMTggYXQgNzowMyBQTSwgWWVt
aW4gKEFteSkgPGFteS55ZW1pbkBodWF3ZWkuY29tPG1haWx0bzphbXkueWVtaW5AaHVhd2VpLmNv
bT4+IHdyb3RlOg0KSGkgUmFkaWEsDQoNCldlIGp1c3QgdXBkYXRlZCB0aGUgZHJhZnQsIGh0dHBz
Oi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZy
YW1ld29yay8uDQpZb3VyIGNvbW1lbnRzIGFyZSBhZGRyZXNzZWQgaW4gdGhlIGxhdGVzdCB2ZXJz
aW9uLg0KDQpCUiwNCkFteQ0KRnJvbTogWWVtaW4gKEFteSkNClNlbnQ6IFRodXJzZGF5LCBNYXkg
MTAsIDIwMTggNDowNyBQTQ0KVG86ICdEYW5pZWxlIENlY2NhcmVsbGknIDxkYW5pZWxlLmNlY2Nh
cmVsbGlAZXJpY3Nzb24uY29tPG1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29t
Pj47IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVybG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlhcGVy
bG1hbkBnbWFpbC5jb20+PjsgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFs
bEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3
b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzpp
ZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0K
U3ViamVjdDogUkU6IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUt
ZnJhbWV3b3JrLTA1DQoNCkhpIFJhZGlhLA0KDQpUaGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KDQpS
ZWdhcmRpbmcgdGhlIE5NUyBhbmQgU0ROLCBhcyBEYW5pZWxlIHN1Z2dlc3RlZCwgd2Ugd2lsbCBh
ZGQgdGhlIGZvbGxvd2luZyB0ZXh0IGluIHNlY3Rpb24gMzoNCuKAnEl0J3Mgbm90ZWQgdGhhdCB0
aGVyZSdzIGlkZWEgdGhhdCB0aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBj
b21wb25lbnQsIGFuZCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZhZ3Vl
LiBBbm90aGVyIGZhY3QgaXMgdGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mg
d2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRo
ZSBtYW5hZ2VtZW50IHBsYW5lLCB3aGlsZSBTRE4gaXMgY29uc2lkZXJlZCBhcyB0aGUgY2VudHJh
bGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUuIFRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2Vw
YXJhdGUgY29tcG9uZW50LuKAnQ0KDQpSZWdhcmRpbmcgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRp
b25zLCB5ZXMsIHRoaXMgZHJhZnQgZG9lc27igJl0IHNwZWNpZnkgdGhlIHBhcmFtZXRlcnMuDQpU
aGVyZeKAmXMgYW5vdGhlciBkcmFmdCBkcmFmdC1pZXRmLWNjYW1wLW13LXlhbmcsIHdoZXJlIHRo
ZSBzZWN1cml0eSBjb25zaWRlcmF0aW9uIGlzIGFkZHJlc3NlZCBhcyB5b3Ugc3VnZ2VzdGVkLg0K
DQpCUiwNCkFteQ0KRnJvbTogRGFuaWVsZSBDZWNjYXJlbGxpIFttYWlsdG86ZGFuaWVsZS5jZWNj
YXJlbGxpQGVyaWNzc29uLmNvbV0NClNlbnQ6IE1vbmRheSwgTWF5IDA3LCAyMDE4IDU6NDYgUE0N
ClRvOiBSYWRpYSBQZXJsbWFuIDxyYWRpYXBlcmxtYW5AZ21haWwuY29tPG1haWx0bzpyYWRpYXBl
cmxtYW5AZ21haWwuY29tPj47IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5h
bGxAdG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l
d29yay5hbGxAdG9vbHMuaWV0Zi5vcmc+OyBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86
aWVzZ0BpZXRmLm9yZz4+OyBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4N
ClN1YmplY3Q6IFJFOiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZl
LWZyYW1ld29yay0wNQ0KDQpIaSBSYWRpYSwNCg0KbGV0IG1lIHJlcGx5IG9uIGJlaGFsZiBvZiB0
aGUgYXV0aG9ycy4gRmlyc3Qgb2YgYWxsIG1hbnkgdGhhbmtzIGZvciB5b3VyIHJldmlldy4NCg0K
UmVnYXJkaW5nIHlvdXIgcXVlc3Rpb24gYWJvdXQgdHJhZGl0aW9uYWwgTk1TIHZzIFNETiBJIGFn
cmVlIHdpdGggeW91IG9uIHRoZSBmYWN0IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcgdG93YXJkcyBh
IGNvbW1vbiBjb21wb25lbnQgYW5kIHRoZSBkaXN0aW5jdGlvbiBpcyBxdWl0ZSBibHVycnksIGJ1
dCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNv
bnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lIHdo
aWxlIFNETiB0aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUgYW5kIHRoZXkg
YXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgdGhpbmdzLg0KDQpIZW5jZSwgc2luY2UgdGhlIGF1
dGhvcnMgc3BlYWsgYWJvdXQg4oCcdHJhZGl0aW9uYWzigJ0gTk1TIGFuZCBTRE4gSSB3b3VsZCB0
ZW5kIHRvIGFsbG93IGZvciB0aGUgZGlzdGluY3Rpb24gdG8gYmUga2VwdC4gSWYgeW91IHByZWZl
ciBhIG5vdGUgc3BlYWtpbmcgYWJvdXQgdGhlIGNvbnZlcmdlbmNlIG9mIHRoZSB0d28gdGhpbmdz
IGNhbiBiZSBhZGRlZC4NCg0KVGhhbmtzIGEgbG90DQpEYW5pZWxlICAoY2NhbXAgY28tY2hhaXIp
DQoNCkZyb206IFJhZGlhIFBlcmxtYW4gW21haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tXQ0K
U2VudDogbHVuZWTDrCA3IG1hZ2dpbyAyMDE4IDA4OjU1DQpUbzogZHJhZnQtaWV0Zi1jY2FtcC1t
aWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1j
Y2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRoZSBJRVNHIDxp
ZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWls
dG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRm
LWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNCg0KU29ycnkuLi5yZXNlbmRpbmcgYmVjYXVz
ZSBJIG1pc3R5cGVkIHRoZSBhdXRob3IgYWRkcmVzcy4NCg0KDQotLS0tLS0tLS0tIEZvcndhcmRl
ZCBtZXNzYWdlIC0tLS0tLS0tLS0NCkZyb206IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVybG1hbkBn
bWFpbC5jb208bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20+Pg0KRGF0ZTogU3VuLCBNYXkg
NiwgMjAxOCBhdCAxMTo0OCBQTQ0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRm
LWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNClRvOiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jv
d2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xzLmlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWNj
YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xzLmlldGYub3JnPiwgVGhlIElFU0cg
PGllc2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+Piwgc2VjZGlyQGlldGYub3JnPG1h
aWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQpTdW1tYXJ5OiAgTm8gc2VjdXJpdHkgaXNzdWVzIGZvdW5k
LCBidXQgSSBkbyBoYXZlIHF1ZXN0aW9ucywgYW5kIHRoZXJlIGFyZSBlZGl0aW5nIGdsaXRjaGVz
DQoNCkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5
IGRpcmVjdG9yYXRlJ3Mgb25nb2luZw0KZWZmb3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVu
dHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiAgVGhlc2UNCmNvbW1lbnRzIHdlcmUgd3Jp
dHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBhcmVhDQpkaXJl
Y3RvcnMuICBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0IHRoZXNl
IGNvbW1lbnRzIGp1c3QNCmxpa2UgYW55IG90aGVyIGxhc3QgY2FsbCBjb21tZW50cy4NCg0KVGhp
cyBkb2N1bWVudCBkZXNjcmliZXMgdGhlIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGZvciBtaWNyb3dh
dmUgcmFkaW8gbGlua3MuDQpJdCBhZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0
IHN1Y2ggYW4gaW50ZXJmYWNlIHNob3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZl
bmRvci1zcGVjaWZpYyBmZWF0dXJlcy4NCg0KSSBkb24ndCB1bmRlcnN0YW5kIHRoZSBkaWZmZXJl
bmNlIGJldHdlZW4gYSAiYSB0cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQgc3lzdGVtIiBh
bmQgU0ROLiAgUGVyaGFwcyBpdCBpcyBub3QgdGhlIGpvYiBvZiB0aGlzIGRvY3VtZW50IHRvIGNs
ZWFybHkgbWFrZSB0aGUgZGlzdGluY3Rpb24sIGFuZCBJIHN1c3BlY3QgdGhlcmUgaXMgbm8gcmVh
bCBkaXN0aW5jdGlvbi4uLnNldHRpbmcgcGFyYW1ldGVycyAodHJhZGl0aW9uYWwgbmV0d29yayBt
YW5hZ2VtZW50KSBpcyBhIHdheSBvZiAicHJvZ3JhbW1pbmciIGFuIGludGVyZmFjZSAoIlNETiIp
Lg0KDQpUaGlzIGRvY3VtZW50IGNvdWxkIHVzZSBhbiBlZGl0aW5nIHBhc3MgZm9yIGdsaXRjaGVz
LCBidXQgdGhlc2UgZ2xpdGNoZXMgZG8gbm90IGltcGFjdCBpdHMgcmVhZGFiaWxpdHkuDQoNClRo
ZSBnbGl0Y2hlcyBjb25zaXN0ICBtb3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxp
a2UgIm9mIiBpbiB0aGUgZm9sbG93aW5nIHNlbnRlbmNlLg0KIlRoZSBhZG9wdGlvbiBvZiBhbiBT
RE4gZnJhbWV3b3JrIGZvciBtYW5hZ2VtZW50IGFuZA0KICAgY29udHJvbCB0aGUgbWljcm93YXZl
IGludGVyZmFjZSBpcyBvbmUgb2YgdGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yDQogICB0aGlzIHdv
cmsuIg0KDQpUaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2F5IHRoYXQgdGhleSBhc3N1bWUg
YSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChhdXRoZW50aWNhdGVkLCBwcm9iYWJseSBlbmNyeXB0
aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNvbW11bmljYXRpb24uICBPdGhlciB0aGFuIHRoYXQs
IHBlcmhhcHMsIHRoZXJlIG1pZ2h0IGJlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGZvciBpbmFk
dmVydGVudGx5IHNldHRpbmcgcGFyYW1ldGVycyBpbmNvcnJlY3RseSwgb3IgbWFsaWNpb3VzbHkg
YnkgYSB0cnVzdGVkIGFkbWluaXN0cmF0b3IuICBCdXQgdGhpcyBkb2N1bWVudCBkb2VzIG5vdCBz
cGVjaWZ5IHRoZSBzcGVjaWZpYyBwYXJhbWV0ZXJzIHRvIGJlIG1hbmFnZWQsIGp1c3QgYSBnZW5l
cmFsIGZyYW1ld29yay4NCg0KUmFkaWENCg0KDQoNCg0K

--_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0ADGGEMA501MBXchi_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
Q291cmllcjsNCglwYW5vc2UtMToyIDcgNCA5IDIgMiA1IDIgNCA0O30NCkBmb250LWZhY2UNCgl7
Zm9udC1mYW1pbHk65a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZv
bnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAz
IDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5v
c2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJc
QOWui+S9kyI7DQoJcGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQpAZm9udC1mYWNlDQoJ
e2ZvbnQtZmFtaWx5OkNvbnNvbGFzOw0KCXBhbm9zZS0xOjIgMTEgNiA5IDIgMiA0IDMgMiA0O30N
Ci8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYu
TXNvTm9ybWFsDQoJe21hcmdpbjowY207DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQt
c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5r
LCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1
ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBl
cmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0K
CXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcHJlDQoJe21zby1zdHlsZS1wcmlvcml0eTo5
OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCDpooTorr7moLzlvI8gQ2hhciI7DQoJbWFyZ2luOjBj
bTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZh
bWlseToiQ291cmllciBOZXciO30NCnNwYW4uSFRNTENoYXINCgl7bXNvLXN0eWxlLW5hbWU6IkhU
TUwg6aKE6K6+5qC85byPIENoYXIiOw0KCW1zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5
bGUtbGluazoiSFRNTCDpooTorr7moLzlvI8iOw0KCWZvbnQtZmFtaWx5OkNvbnNvbGFzO30NCnAu
bXNvbm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5h
bWU6bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDow
Y207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZv
bnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bh
bi5tLTIwNTg3OTU0ODIyOTczNzM2ODFtLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3NjcyODAz
MTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3Nzgy
NTM0Z21haWwtaWwNCgl7bXNvLXN0eWxlLW5hbWU6bV8tMjA1ODc5NTQ4MjI5NzM3MzY4MW0tNjE2
Njk4NTgwNDYxNTI3OTM2Nm00MTMxMzc2NzI4MDMxMTY3MzA2Z21haWwtbTkwMjYzNjg4MDM3MTM4
NjMzNDlnbWFpbC1tLTUwNTcwMTA5MTIxNTc3ODI1MzRnbWFpbC1pbDt9DQpzcGFuLkVtYWlsU3R5
bGUyMQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIs
c2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnAuSFRNTFByZWZvcm1hdHRlZCwgbGku
SFRNTFByZWZvcm1hdHRlZCwgZGl2LkhUTUxQcmVmb3JtYXR0ZWQNCgl7bXNvLXN0eWxlLW5hbWU6
IkhUTUwgUHJlZm9ybWF0dGVkIjsNCgltc28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQg
Q2hhciI7DQoJbWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXpl
OjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLkhUTUxQ
cmVmb3JtYXR0ZWRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFy
IjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9y
bWF0dGVkIjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCnNwYW4uZ3JleQ0KCXttc28t
c3R5bGUtbmFtZTpncmV5O30NCnNwYW4uRW1haWxTdHlsZTI1DQoJe21zby1zdHlsZS10eXBlOnBl
cnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9y
OiMxRjQ5N0Q7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7
DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0
IDc5Mi4wcHQ7DQoJbWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIuMHB0IDcyLjBwdDt9DQpkaXYuV29y
ZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUg
bXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2
IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFw
ZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4N
CjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9
IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0
aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+
SGkgRXJpYywgUmFkaWEsIGFuZCBEZWJvcmFoLCA8bzpwPg0KPC9vOnA+PC9zcGFuPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNw
OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29s
b3I6IzFGNDk3RCI+VGhhbmtzIGZvciB0aGUgZGlzY3Vzc2lvbi4gQ29uc2lkZXJpbmcgYWxsIHRo
ZSBjb21tZW50cyByZWNlaXZlZCwgYmVsb3cgaXMgdGhlIG5ldyBwcm9wb3NlZCB0ZXh0IGZvciB0
aGlzIHBhcmFncmFwaDoNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTiI+Jm5ic3A7Jm5ic3A7IFRo
aXMgZnJhbWV3b3JrIGFkZHJlc3NlcyB0aGUgZGVmaW5pdGlvbiBvZiBhbiBvcGVuIGFuZCBzdGFu
ZGFyZGl6ZWQgaW50ZXJmYWNlIGZvciB0aGUNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj4mbmJzcDsmbmJzcDsmbmJzcDtyYWRpbyBs
aW5rIGZ1bmN0aW9uYWxpdHkgaW4gYSBtaWNyb3dhdmUgbm9kZS4mbmJzcDsgVGhlIGFwcGxpY2F0
aW9uIG9mIHN1Y2ggYW4gaW50ZXJmYWNlIHVzZWQNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj4mbmJzcDsmbmJzcDsmbmJzcDtmb3Ig
bWFuYWdlbWVudCBhbmQgY29udHJvbCBvZiBub2RlcyBhbmQgbmV0d29ya3MgdHlwaWNhbGx5IHZh
cnkgZnJvbSBvbmUgb3BlcmF0b3INCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj4mbmJzcDsmbmJzcDsmbmJzcDt0byBhbm90aGVyLCBp
biB0ZXJtcyBvZiB0aGUgc3lzdGVtcyB1c2VkIGFuZCBob3cgdGhleSBpbnRlcmFjdC4gUG9zc2li
bGUgYXBwcm9hY2hlcw0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gbGFuZz0iRU4iPiZuYnNwOyZuYnNwOyZuYnNwO2luY2x1ZGUgdmlhIHRoZSB1c2Ug
b2YgYSBuZXR3b3JrIG1hbmFnZW1lbnQgc3lzdGVtIChOTVMpLCB2aWEgc29mdHdhcmUgZGVmaW5l
ZA0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu
Zz0iRU4iPiZuYnNwOyZuYnNwOyZuYnNwO25ldHdvcmtpbmcgKFNETikgYW5kIHZpYSBzb21lIGNv
bWJpbmF0aW9uIG9mIE5NUyBhbmQgU0ROLiBBcyB0aGVyZSBhcmUgc3RpbGwgbWFueTxvOnA+PC9v
OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj4mbmJz
cDsmbmJzcDsgbmV0d29ya3Mgd2hlcmUgdGhlIE5NUyBpcyBpbXBsZW1lbnRlZCBhcyBvbmUgY29t
cG9uZW50L2ludGVyZmFjZSBhbmQgdGhlIFNETg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4iPiZuYnNwOyZuYnNwOyZuYnNwO2NvbnRy
b2xsZXIgaXMgc2NvcGVkIHRvIGNvbnRyb2wgcGxhbmUgZnVuY3Rpb25hbGl0eSBhcyBhIHNlcGFy
YXRlIGNvbXBvbmVudC9pbnRlcmZhY2UsDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTiI+Jm5ic3A7Jm5ic3A7Jm5ic3A7dGhpcyBkb2N1
bWVudCBkb2VzIG5vdCBwcmVjbHVkZSBlaXRoZXIgbW9kZWwuIFRoZSBhaW0gb2YgdGhpcyBkb2N1
bWVudCBpcyB0byBwcm92aWRlIGENCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj4mbmJzcDsmbmJzcDsmbmJzcDtmcmFtZXdvcmsgZGVz
Y3JpYmluZyBib3RoIG1hbmFnZW1lbnQgYW5kIGNvbnRyb2wgb2YgbWljcm93YXZlIGludGVyZmFj
ZXMgdG8gc3VwcG9ydDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
PjxzcGFuIGxhbmc9IkVOIj4mbmJzcDsmbmJzcDsgZGV2ZWxvcG1lbnQgb2YgYSBjb21tb24gWUFO
RyBEYXRhIE1vZGVsLiA8bzpwPg0KPC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+UGxl
YXNlIGNoZWNrIGlmIHRoZSB0ZXh0IGlzIG9rLiA8bzpwPg0KPC9vOnA+PC9zcGFuPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5UaGFua3MuIDxv
OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJj
b2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+QlIsPG86cD48L286cD48L3NwYW4+
PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkFt
eTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTti
b3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Gcm9tOjwvYj4gRXJpYyBHcmF5IFttYWlsdG86ZXJp
Yy5ncmF5QGVyaWNzc29uLmNvbV0gPGJyPg0KPGI+U2VudDo8L2I+IFR1ZXNkYXksIE1heSAyMiwg
MjAxOCAyOjU3IEFNPGJyPg0KPGI+VG86PC9iPiBSYWRpYSBQZXJsbWFuICZsdDtyYWRpYXBlcmxt
YW5AZ21haWwuY29tJmd0Ozxicj4NCjxiPkNjOjwvYj4gWWVtaW4gKEFteSkgJmx0O2FteS55ZW1p
bkBodWF3ZWkuY29tJmd0OzsgVGhlIElFU0cgJmx0O2llc2dAaWV0Zi5vcmcmZ3Q7OyBjY2FtcEBp
ZXRmLm9yZzsgc2VjZGlyQGlldGYub3JnOyBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt
ZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPGJyPg0KPGI+U3ViamVjdDo8L2I+IFJFOiBbQ0NBTVBd
IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1
PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86
cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5Tbywgb25lIGNvdWxkIHJl
YWQgdGhpcyBhcyBzYXlpbmcgdGhhdCBzb21lIHBlb3BsZSB2aWV3IG5ldHdvcmsgbWFuYWdlbWVu
dCAoZS5nLiDigJMgdXNlIG9mIGFuIE5NUykgYW5kIGNlbnRyYWxpemVkIG5ldHdvcmsgY29udHJv
bCAoZS5nLiDigJMgU0ROKSBhcyBiZWluZyBzb21laG93IGF0IGxlYXN0IG1hcmdpbmFsbHkgZGlz
dGluY3QsIHlldCBiZWNvbWluZyBpbmNyZWFzaW5nbHkgbGVzcyBzby4mbmJzcDsgT3RoZXIgcGVv
cGxlDQogdmlldyB0aGVtIGFzIGNvbXBsZXRlbHkgZGlzam9pbnQsIHBlcmhhcHMgaGF2aW5nIGEg
cHJlZmVyZW5jZSwgYW5kIHdvdWxkIGxpa2UgdGhlbSB0byBjb250aW51ZSBiZWluZyBjb25zaWRl
cmVkIGNvbXBsZXRlbHkgc2VwYXJhdGUgYW5kIGRpc3RpbmN0IGNvbmNlcHRzLjxvOnA+PC9vOnA+
PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj5XaGlsZSBJIHRoaW5rIGl0IGlzIHByb2JhYmx5IGZhaXIgdG8gc2F5IHRo
YXQgdGhpcyBpcyB2ZXJ5IGxpa2VseSB0cnVlLCB0aGlzIGhhcyBhbGwgdGhlIGVhciBtYXJrcyBv
ZiBiZWluZyBhIHJhdCBob2xlLCBhbmQgSSBjYW5ub3QgaW1hZ2luZSB3aGF0IHZhbHVlIHRoZSBw
cm9wb3NlZCB0ZXh0IGFkZHMgdG8gdGhlIGRyYWZ0LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5B
cyBJIHVuZGVyc3RhbmQgaXQsIHRoZSBpbnRlbnQgd2FzIHRvIGNsYXJpZnkgc29tZXRoaW5nIHRv
IGRvIHdpdGggdGhlIGZvbGxvd2luZyB0ZXh0OjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls
ZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlzIj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQt
ZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlz
Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1
b3Q7Ij4mbmJzcDsmbmJzcDsgVGhpcyBmcmFtZXdvcmsgYWRkcmVzc2VzIHRoZSBkZWZpbml0aW9u
IG9mIGFuIG9wZW4gYW5kIHN0YW5kYXJkaXplZDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJwYWdlLWJyZWFrLWJlZm9yZTphbHdheXMiPjxzcGFuIGxh
bmc9IkVOIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPiZuYnNw
OyZuYnNwOyBpbnRlcmZhY2UgZm9yIHRoZSByYWRpbyBsaW5rIGZ1bmN0aW9uYWxpdHkgaW4gYSBt
aWNyb3dhdmUgbm9kZS4mbmJzcDsgVGhlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9InBhZ2UtYnJlYWstYmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0i
RU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5i
c3A7IGFwcGxpY2F0aW9uIG9mIHN1Y2ggYW4gaW50ZXJmYWNlIHVzZWQgZm9yIG1hbmFnZW1lbnQg
YW5kIGNvbnRyb2wgb2Y8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
IiBzdHlsZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlzIj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9
ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij4mbmJzcDsmbmJzcDsgbm9kZXMg
YW5kIG5ldHdvcmtzIHR5cGljYWxseSB2YXJ5IGZyb20gb25lIG9wZXJhdG9yIHRvIGFub3RoZXIs
IGluPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InBh
Z2UtYnJlYWstYmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWls
eTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5ic3A7IHRlcm1zIG9mIHRoZSBzeXN0
ZW1zIHVzZWQgYW5kIGhvdyB0aGV5IGludGVyYWN0LiZuYnNwOyBBIHRyYWRpdGlvbmFsPG86cD48
L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InBhZ2UtYnJlYWst
YmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtD
b3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5ic3A7IHNvbHV0aW9uIGlzIG5ldHdvcmsgbWFuYWdl
bWVudCBzeXN0ZW0sIHdoaWxlIGFuIGVtZXJnaW5nIG9uZSBpcyBTRE4uPG86cD48L286cD48L3Nw
YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InBhZ2UtYnJlYWstYmVmb3JlOmFs
d2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5l
dyZxdW90OyI+Jm5ic3A7Jm5ic3A7IFNETiBzb2x1dGlvbnMgY2FuIGJlIHVzZWQgYXMgcGFydCBv
ZiB0aGUgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlzIj48c3Bh
biBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij4m
bmJzcDsmbmJzcDsgYWxsb3dpbmcgZm9yIGRpcmVjdCBuZXR3b3JrIHByb2dyYW1tYWJpbGl0eSBh
bmQgYXV0b21hdGVkPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg
c3R5bGU9InBhZ2UtYnJlYWstYmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJm
b250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5ic3A7IGNvbmZpZ3Vy
YWJpbGl0eSBieSBtZWFucyBvZiBhIGNlbnRyYWxpemVkIFNETiBjb250cm9sIGFuZDxvOnA+PC9v
OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJwYWdlLWJyZWFrLWJl
Zm9yZTphbHdheXMiPjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291
cmllciBOZXcmcXVvdDsiPiZuYnNwOyZuYnNwOyBzdGFuZGFyZGl6ZWQgaW50ZXJmYWNlcyB0byBw
cm9ncmFtIHRoZSBub2Rlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBsYW5nPSJFTiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4iPllvdXIgY29tbWVudCB3YXMgdGhhdCB0aGUg
ZGlzdGluY3Rpb24gaXMgbm90IGNsZWFyLiZuYnNwOyBUaGF0IGlzIGEgZmFpciBwb2ludC4mbmJz
cDsgQW5kIGl0IGlzIHByb2JhYmx5IG5vdCBhZGRyZXNzZWQgYnkgdGhlIHByb3Bvc2FsLjxvOnA+
PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj48
bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs
YW5nPSJFTiI+SSB3b3VsZCBmdXJ0aGVyIGFkZCB0aGF0IHVzaW5nIGVtb3Rpb25hbGx5IGZyZWln
aHRlZCBleHByZXNzaW9ucyAo4oCcY2xhc3NpY+KAnS/igJ1sZWdhY3nigJ0v4oCddHJhZGl0aW9u
YWzigJ0gdmVyc2VzIOKAnGlubm92YXRpdmXigJ0v4oCdbm92ZWzigJ0v4oCdZW1lcmdpbmfigJ0p
IGRvZXNu4oCZdCBoZWxwIGFuZCByZWFsbHkgaXNu4oCZdCBhcHByb3ByaWF0ZSBpbiBzcGVjaWZp
Y2F0aW9uLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IGxhbmc9IkVOIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBsYW5nPSJFTiI+SSBzdXNwZWN0IHRoYXQgdGhlIHJlYXNvbiBmb3IgY2xhaW1p
bmcgYSBkaXN0aW5jdGlvbiBleGlzdHMgKGhvd2V2ZXIgZGlmZmljdWx0IGl0IG1heSBiZSB0byBj
aGFyYWN0ZXJpemUgdGhhdCBkaXN0aW5jdGlvbikgaXMgaW4gdGhlIHBhcnQgb2YgdGhlIGFib3Zl
IHRleHQgaGF2aW5nIHRvIGRvIHdpdGggb3BlcmF0b3IgcHJlZmVyZW5jZXMuJm5ic3A7IFRoZXNl
IGRlZmluaXRlbHkgZG8gZXhpc3QuJm5ic3A7DQo8L3NwYW4+PHNwYW4gbGFuZz0iRU4iIHN0eWxl
PSJmb250LWZhbWlseTomcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDssc2VyaWYiPvCfmIo8L3Nw
YW4+PHNwYW4gbGFuZz0iRU4iPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxzcGFuIGxhbmc9IkVOIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTiI+UGVyaGFwcyBhIGdvb2Qgd2F5IHRvIGFk
ZHJlc3MgdGhlIGlzc3VlIGlzIHRvIHJlcGxhY2UgdGhlIGxhc3QgdHdvIHNlbnRlbmNlcyBpbiB0
aGUgdGV4dCBhYm92ZSB3aXRoIHNvbWV0aGluZyBhbG9uZyB0aGUgbGluZXMgb2Y6PG86cD48L286
cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4iPjxvOnA+
Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9
IkVOIj4mbmJzcDsmbmJzcDsmbmJzcDsgPC9zcGFuPjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9u
dC1mYW1pbHk6Q291cmllciI+4oCcUG9zc2libGUgYXBwcm9hY2hlcyBpbmNsdWRlIHZpYSB0aGUg
dXNlIG9mIGEgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSAoTk1TKSwgdmlhIHNvZnR3YXJlIGRl
ZmluZWQgbmV0d29ya2luZyAoU0ROKSBhbmQgdmlhIHNvbWUgY29tYmluYXRpb24gb2YgTk1TIGFu
ZCBTRE4u4oCdPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw
YW4gbGFuZz0iRU4iPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxzcGFuIGxhbmc9IkVOIj5Ob3RlIHRoYXQg4oCcYXV0b21hdGVkIGNvbmZpZ3VyYWJp
bGl0eeKAnSBpcyA8Yj4NCjxpPjx1Pm5vdDwvdT48L2k+PC9iPiBhIG5ldyBjb25jZXB0IGluIGNv
bmZpZ3VyYXRpb24gb2YgbmV0d29yayBkZXZpY2VzLCB1bmlxdWUgdG8gU0ROLCBoZW5jZSB0aGUg
bGFzdCBwYXJ0IG9mIHRoZSBmaW5hbCBzZW50ZW5jZSAoc3RhcnRpbmcgd2l0aCDigJxhbGxvd2lu
ZyBmb3Ig4oCm4oCdKSBhZGRzIG5vIHZhbHVlIGFuZCBzaG91bGQgYmUgbGVmdCBvdXQuPG86cD48
L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4iPjxv
OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxh
bmc9IkVOIj4tLTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz
cGFuIGxhbmc9IkVOIj5FcmljPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Gcm9t
OjwvYj4gUmFkaWEgUGVybG1hbiBbPGEgaHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5j
b20iPm1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tPC9hPl0NCjxicj4NCjxiPlNlbnQ6PC9i
PiBTYXR1cmRheSwgTWF5IDE5LCAyMDE4IDExOjM1IFBNPGJyPg0KPGI+VG86PC9iPiBFcmljIEdy
YXkgJmx0OzxhIGhyZWY9Im1haWx0bzplcmljLmdyYXlAZXJpY3Nzb24uY29tIj5lcmljLmdyYXlA
ZXJpY3Nzb24uY29tPC9hPiZndDs8YnI+DQo8Yj5DYzo8L2I+IFllbWluIChBbXkpICZsdDs8YSBo
cmVmPSJtYWlsdG86YW15LnllbWluQGh1YXdlaS5jb20iPmFteS55ZW1pbkBodWF3ZWkuY29tPC9h
PiZndDs7IFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyI+aWVzZ0Bp
ZXRmLm9yZzwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOmNjYW1wQGlldGYub3JnIj5jY2FtcEBp
ZXRmLm9yZzwvYT47IDxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciPg0Kc2VjZGlyQGll
dGYub3JnPC9hPjsgPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZy
YW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmciPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUt
ZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6
IFtDQ0FNUF0gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt
ZXdvcmstMDU8YnI+DQo8Yj5JbXBvcnRhbmNlOjwvYj4gSGlnaDxvOnA+PC9vOnA+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+SGkgRXJpYyw8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPkkgZmVlbCBiYWQgZm9yIHRoZSBhdXRob3JzIG9mIHRoaXMgZG9jdW1lbnQgdG8g
YmUgYnVyZGVuZWQgd2l0aCBjbGFyaWZ5aW5nIGEgZGlzdGluY3Rpb24gdGhhdCBoYXMgbmV2ZXIg
YmVlbiBjbGVhciBiZWZvcmUgKHRvIGxvdHMgb2YgcGVvcGxlLCBpbmNsdWRpbmcgbWUpLCZuYnNw
OyBidXQgdGhlaXIgcHJvcG9zZWQgdGV4dCBkb2Vzbid0IG1ha2UgaXQgY2xlYXJlci48bzpwPjwv
bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7
PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+JnF1b3Q7IDxz
cGFuIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDss
c2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEO2JhY2tncm91bmQ6d2hpdGUiPg0K4oCcSXQncyBub3Rl
ZCB0aGF0IHRoZXJlJ3MgaWRlYSB0aGF0IHRoZSBOTVMgYW5kIFNETiBhcmUgZXZvbHZpbmcgdG93
YXJkcyBhIGNvbXBvbmVudCwgYW5kIHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVuIHRoZW0gaXMgcXVp
dGUgdmFndWUuIEFub3RoZXIgZmFjdCBpcyB0aGF0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBu
ZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRp
b24gb2YgdGhlIG1hbmFnZW1lbnQNCiBwbGFuZSwgd2hpbGUgU0ROIGlzIGNvbnNpZGVyZWQgYXMg
dGhlIGNlbnRyYWxpemF0aW9uIG9mIHRoZSBjb250cm9sIHBsYW5lLiBUaGV5IGFyZSBzdGlsbCBr
ZXB0IGFzIHNlcGFyYXRlIGNvbXBvbmVudCZxdW90Ozwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwv
ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K
PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZTo5LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMx
RjQ5N0Q7YmFja2dyb3VuZDp3aGl0ZSI+Jm5ic3A7RG8geW91IChvciBhbnlvbmUgZWxzZSkgaGF2
ZSBhIHN1Z2dlc3Rpb24gZm9yIHRleHQgdGhhdCBhY2tub3dsZWRnZXMgdG8gdGhlIHJlYWRlciB0
aGF0IGl0J3Mgbm90IHRoZSByZWFkZXIncyBmYXVsdCBmb3Igbm90IHVuZGVyc3RhbmRpbmcgdGhl
IGRpZmZlcmVuY2U/PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuNXB0O2NvbG9yOiMxRjQ5
N0QiPkl0IHdvdWxkIGJlIE9LIHdpdGggbWUgZm9yIHRoZW0gdG8gbGVhdmUgb3V0Jm5ic3A7IHRo
ZSBleHRyYSBlbnRpcmVseSwgc2luY2UgSSdtIHN1cmUgdGhpcyBpc24ndCB0aGUgZmlyc3QgUkZD
IHdob3NlIHZlcmJpYWdlIGNsYWltcyBTRE4gYW5kIE5NUyBhcmUgdHdvIGRpZmZlcmVudCBjb25j
ZXB0cy4gQnV0IGlmIEkgd2VyZSB0cnlpbmcgdG8NCiBnZXQgdXAgdG8gc3BlZWQgYWJvdXQgdGhp
cyBhcmVhIGJ5IHJlYWRpbmcgdGhlIGRvY3VtZW50cywgSSdkIGJlIHNvbWV3aGF0IGNvbWZvcnRl
ZCBieSBhbiBhY2tub3dsZWRnZW1lbnQgKHN1Y2ggYXMgdGhlIHRleHQgdGhleSBwcm9wb3NlLCBi
dXQgd2l0aCB0aGUgRW5nbGlzaCBmaXhlZCkgdGhhdCB0aGVzZSBhcmUgZnV6enkgZGlzdGluY3Rp
b25zLCBzbyBJIHdvdWxkbid0IHRoaW5rIGl0IHdhcyBqdXN0IG1lLi4uLnRoYXQgaWYgSSBvbmx5
IHJlYWQNCiBtb3JlIHRoaW5ncywgb3IgdGhvdWdodCBoYXJkZXIsIG9yIGhhZCBtb3JlIGJhY2tn
cm91bmQsIHRoZSBkaXN0aW5jdGlvbiB3b3VsZCBiZSBjbGVhci4mbmJzcDs8L3NwYW4+PG86cD48
L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNw
OzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0
eWxlPSJmb250LXNpemU6OS41cHQ7Y29sb3I6IzFGNDk3RCI+UmFkaWE8L3NwYW4+PG86cD48L286
cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv
bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7
PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz
cDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk9uIEZy
aSwgTWF5IDE4LCAyMDE4IGF0IDE6MjcgUE0sIEVyaWMgR3JheSAmbHQ7PGEgaHJlZj0ibWFpbHRv
OmVyaWMuZ3JheUBlcmljc3Nvbi5jb20iIHRhcmdldD0iX2JsYW5rIj5lcmljLmdyYXlAZXJpY3Nz
b24uY29tPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8YmxvY2txdW90ZSBzdHlsZT0i
Ym9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAw
Y20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJp
Z2h0OjBjbTttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t
LWFsdDphdXRvIj5IaSBSYWRpYS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0
byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv
LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkkgYWdyZWUg
dGhhdCB0aGUgRW5nbGlzaCBpcyBhd2t3YXJkLCBidXQgSSB3b3VsZCBoYXZlIGludGVycHJldGVk
IOKAnGV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVudOKAnSB0byBtZWFuIHNvbWV0aGluZyBtb3Jl
IGFsb25nIHRoZSBsaW5lcyBvZiBldm9sdmluZyB0b3dhcmQgdGhlIHNhbWUgKHNpbmd1bGFyKSB0
aGluZy4mbmJzcDsNCiBPciBwZXJoYXBzIGFub3RoZXIgd2F5IHRvIGxvb2sgYXQgaXQgbWlnaHQg
YmUgdGhhdCwgYmVjYXVzZSBZQU5HIGlzIGJlY29taW5nIGEgbW9yZSBwb3B1bGFyIG1lY2hhbmlz
bSBmb3IgYm90aCBOTVMgYW5kIFNETiwgaXQgaXMgbGlrZWx5IHRoYXQgb25lIG9yIGJvdGggb2Yg
dGhlc2UgbWF5IGJlY29tZSBjb21wb25lbnRzIG9mIGEgY29tbW9uIG1hbmFnZW1lbnQgZnJhbWV3
b3JrLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn
aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwv
bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6
YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SSB3b3VsZCBpbnRlcnByZXQgaXQgdGhp
cyB3YXkgcHJlY2lzZWx5IGJlY2F1c2Ug4oCTIGFzIHlvdSBzYXkg4oCTIHRoZSBkaXN0aW5jdGlv
biBpcyBub3QgYXQgYWxsIGNsZWFyLCB0aG91Z2ggSSB3b3VsZCBhZGQgdGhhdCAodG8gc29tZSBv
ZiB1cykgdGhlIGRpc3RpbmN0aW9uIGhhcyBuZXZlciBiZWVuIHZlcnkgY2xlYXIuJm5ic3A7DQo8
c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7LHNlcmlm
Ij7wn5iKPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9
Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJz
cDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu
LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Rm9yIHRoaXMgcmVhc29u
LCBJIHdvdWxkIGhhdmUgc29tZSBzbWFsbCBkaWZmaWN1bHR5IGluIHNlZWluZyBob3cgaXQgd291
bGQgbWFrZSBtdWNoIHNlbnNlIHRvIHNheSB0aGF0IHRoZXkgYXJlIGV2b2x2aW5nIHRvd2FyZCBp
bmNyZWFzaW5nIHNpbWlsYXJpdHkuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1
dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z
by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4tLTxvOnA+
PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs
dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5FcmljPG86cD48L286cD48L3A+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h
cmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t
LWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4gQ0NBTVAgW21haWx0bzo8YSBocmVmPSJtYWlsdG86Y2Nh
bXAtYm91bmNlc0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmNjYW1wLWJvdW5jZXNAaWV0Zi5v
cmc8L2E+XQ0KPGI+T24gQmVoYWxmIE9mIDwvYj5SYWRpYSBQZXJsbWFuPGJyPg0KPGI+U2VudDo8
L2I+IEZyaWRheSwgTWF5IDE4LCAyMDE4IDEyOjMwIEFNPGJyPg0KPGI+VG86PC9iPiBZZW1pbiAo
QW15KSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmFteS55ZW1pbkBodWF3ZWkuY29tIiB0YXJnZXQ9Il9i
bGFuayI+YW15LnllbWluQGh1YXdlaS5jb208L2E+Jmd0Ozxicj4NCjxiPkNjOjwvYj4gVGhlIElF
U0cgJmx0OzxhIGhyZWY9Im1haWx0bzppZXNnQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aWVz
Z0BpZXRmLm9yZzwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOmNjYW1wQGlldGYub3JnIiB0YXJn
ZXQ9Il9ibGFuayI+Y2NhbXBAaWV0Zi5vcmc8L2E+OyA8YSBocmVmPSJtYWlsdG86c2VjZGlyQGll
dGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+DQpzZWNkaXJAaWV0Zi5vcmc8L2E+OyA8YSBocmVmPSJt
YWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRm
Lm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3
b3JrLmFsbEB0b29scy5pZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtDQ0FN
UF0gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmst
MDU8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu
LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286
cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w
LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5UaGFuayB5b3UhJm5ic3A7IFRo
b3VnaCB3aGF0IHlvdSdyZSBzdWdnZXN0aW5nIGlzIGF3a3dhcmQgRW5nbGlzaC48bzpwPjwvbzpw
PjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt
c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7
PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls
ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlBl
cmhhcHMgJnF1b3Q7V2Ugbm90ZSB0aGF0IHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVuIE5NUyBhbmQg
U0ROIGlzIG5vdCBhbGwgdGhhdCBjbGVhciwgYW5kIHRoZSB0d28gYXJlIGV2b2x2aW5nIHRvIGJl
IG1vcmUgYW5kIG1vcmUgc2ltaWxhci4mcXVvdDsgY291bGQgcmVwbGFjZSB0aGUgZmlyc3Qgc2Vu
dGVuY2UuJm5ic3A7IEknbSByZWFsbHkNCiBub3Qgc3VyZSB3aGF0IHlvdSBtZWFudCBieSAmcXVv
dDtldm9sdmluZyB0b3dhcmQgYSBjb21wb25lbnQmcXVvdDssIHNvIHBlcmhhcHMgSSdtIG5vdCBj
YXB0dXJpbmcgd2hhdCB5b3UgYXJlIGludGVuZGluZyB0byBzYXkuPG86cD48L286cD48L3A+DQo8
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv
O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2
Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10
b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+
PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn
aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5SYWRpYTxvOnA+PC9v
OnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K
PGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn
aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwv
bzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10
b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPk9uIFRodSwgTWF5IDE3LCAy
MDE4IGF0IDc6MDMgUE0sIFllbWluIChBbXkpICZsdDs8YSBocmVmPSJtYWlsdG86YW15LnllbWlu
QGh1YXdlaS5jb20iIHRhcmdldD0iX2JsYW5rIj5hbXkueWVtaW5AaHVhd2VpLmNvbTwvYT4mZ3Q7
IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2Jv
cmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowY20gMGNtIDBjbSA2LjBwdDtt
YXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1yaWdodDowY207bWFyZ2lu
LWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl
PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNw
YW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkhpIFJhZGlhLA0KPC9zcGFuPjxvOnA+PC9vOnA+PC9w
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z
by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5i
c3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z
by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBz
dHlsZT0iY29sb3I6IzFGNDk3RCI+V2UganVzdCB1cGRhdGVkIHRoZSBkcmFmdCwNCjxhIGhyZWY9
Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWljcm93
YXZlLWZyYW1ld29yay8iIHRhcmdldD0iX2JsYW5rIj4NCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0
Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay88L2E+LiA8L3Nw
YW4+DQo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy
Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9
ImNvbG9yOiMxRjQ5N0QiPllvdXIgY29tbWVudHMgYXJlIGFkZHJlc3NlZCBpbiB0aGUgbGF0ZXN0
IHZlcnNpb24uDQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz
dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i
PjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv
LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5CUiw8
L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h
cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxl
PSJjb2xvcjojMUY0OTdEIj5BbXk8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdiBz
dHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6
My4wcHQgMGNtIDBjbSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn
aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4g
WWVtaW4gKEFteSkNCjxicj4NCjxiPlNlbnQ6PC9iPiBUaHVyc2RheSwgTWF5IDEwLCAyMDE4IDQ6
MDcgUE08YnI+DQo8Yj5Ubzo8L2I+ICdEYW5pZWxlIENlY2NhcmVsbGknICZsdDs8YSBocmVmPSJt
YWlsdG86ZGFuaWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmRh
bmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb208L2E+Jmd0OzsgUmFkaWEgUGVybG1hbiAmbHQ7
PGEgaHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdldD0iX2JsYW5rIj5y
YWRpYXBlcmxtYW5AZ21haWwuY29tPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0
Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJf
YmxhbmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5p
ZXRmLm9yZzwvYT47IFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIg
dGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpz
ZWNkaXJAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJyPg0K
PGI+U3ViamVjdDo8L2I+IFJFOiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWlj
cm93YXZlLWZyYW1ld29yay0wNTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu
LWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0
OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5IaSBSYWRpYSwNCjwvc3Bhbj48bzpw
PjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h
bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMx
RjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0
byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlRoYW5rcyBmb3IgeW91ciByZXZpZXcuDQo8
L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h
cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxl
PSJjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0
b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5SZWdhcmRpbmcgdGhlIE5N
UyBhbmQgU0ROLCBhcyBEYW5pZWxlIHN1Z2dlc3RlZCwgd2Ugd2lsbCBhZGQgdGhlIGZvbGxvd2lu
ZyB0ZXh0IGluIHNlY3Rpb24gMzoNCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv
bS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPuKAnEl0J3Mgbm90ZWQgdGhh
dCB0aGVyZSdzIGlkZWEgdGhhdCB0aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMg
YSBjb21wb25lbnQsIGFuZCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZh
Z3VlLiBBbm90aGVyIGZhY3QgaXMNCiB0aGF0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3
b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24g
b2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUsIHdoaWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBj
ZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBh
cyBzZXBhcmF0ZSBjb21wb25lbnQu4oCdPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90
dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxv
OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w
LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6
IzFGNDk3RCI+UmVnYXJkaW5nIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucywgeWVzLCB0aGlz
IGRyYWZ0IGRvZXNu4oCZdCBzcGVjaWZ5IHRoZSBwYXJhbWV0ZXJzLg0KPC9zcGFuPjxvOnA+PC9v
OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph
dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3
RCI+VGhlcmXigJlzIGFub3RoZXIgZHJhZnQgZHJhZnQtaWV0Zi1jY2FtcC1tdy15YW5nLCB3aGVy
ZSB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbiBpcyBhZGRyZXNzZWQgYXMgeW91IHN1Z2dlc3Rl
ZC4NCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt
c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4g
c3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu
LWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkJSLDwvc3Bhbj48
bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv
cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9y
OiMxRjQ5N0QiPkFteTwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJi
b3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAw
Y20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At
YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxiPkZyb206PC9iPiBEYW5pZWxl
IENlY2NhcmVsbGkgWzxhIGhyZWY9Im1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24u
Y29tIiB0YXJnZXQ9Il9ibGFuayI+bWFpbHRvOmRhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5j
b208L2E+XQ0KPGJyPg0KPGI+U2VudDo8L2I+IE1vbmRheSwgTWF5IDA3LCAyMDE4IDU6NDYgUE08
YnI+DQo8Yj5Ubzo8L2I+IFJhZGlhIFBlcmxtYW4gJmx0OzxhIGhyZWY9Im1haWx0bzpyYWRpYXBl
cmxtYW5AZ21haWwuY29tIiB0YXJnZXQ9Il9ibGFuayI+cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwv
YT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l
d29yay5hbGxAdG9vbHMuaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2Nh
bXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+OyBUaGUgSUVTRyAm
bHQ7PGEgaHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5pZXNnQGll
dGYub3JnPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIiB0YXJnZXQ9
Il9ibGFuayI+c2VjZGlyQGlldGYub3JnPC9hPjxicj4NCjxiPlN1YmplY3Q6PC9iPiBSRTogU2Vj
ZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpw
PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i
bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNw
OzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t
dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+
SGkgUmFkaWEsPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0
b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv
LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPmxldCBtZSByZXBseSBvbiBiZWhhbGYgb2YgdGhlIGF1
dGhvcnMuIEZpcnN0IG9mIGFsbCBtYW55IHRoYW5rcyBmb3IgeW91ciByZXZpZXcuPG86cD48L286
cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1
dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn
aW4tYm90dG9tLWFsdDphdXRvIj5SZWdhcmRpbmcgeW91ciBxdWVzdGlvbiBhYm91dCB0cmFkaXRp
b25hbCBOTVMgdnMgU0ROIEkgYWdyZWUgd2l0aCB5b3Ugb24gdGhlIGZhY3QgdGhhdCB0aGV5IGFy
ZSBldm9sdmluZyB0b3dhcmRzIGEgY29tbW9uIGNvbXBvbmVudCBhbmQgdGhlIGRpc3RpbmN0aW9u
IGlzIHF1aXRlIGJsdXJyeSwgYnV0IHRoZXJlDQogaXMgc3RpbGwgcGxlbnR5IG9mIG5ldHdvcmtz
IHdoZXJlIE5NUyBpcyBzdGlsbCBjb25zaWRlcmVkIGFzIHRoZSBpbXBsZW1lbnRhdGlvbiBvZiB0
aGUgbWFuYWdlbWVudCBwbGFuZSB3aGlsZSBTRE4gdGhlIGNlbnRyYWxpemF0aW9uIG9mIHRoZSBj
b250cm9sIHBsYW5lIGFuZCB0aGV5IGFyZSBzdGlsbCBrZXB0IGFzIHNlcGFyYXRlIHRoaW5ncy48
bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv
cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87
bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkhlbmNlLCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVh
ayBhYm91dCDigJx0cmFkaXRpb25hbOKAnSBOTVMgYW5kIFNETiBJIHdvdWxkIHRlbmQgdG8gYWxs
b3cgZm9yIHRoZSBkaXN0aW5jdGlvbiB0byBiZSBrZXB0LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBz
cGVha2luZyBhYm91dCB0aGUgY29udmVyZ2VuY2Ugb2YgdGhlIHR3bw0KIHRoaW5ncyBjYW4gYmUg
YWRkZWQuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h
cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+
PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs
dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5UaGFua3MgYSBsb3Q8bzpwPjwvbzpw
PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0
bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+RGFuaWVsZSZuYnNwOyAoY2NhbXAgY28tY2hh
aXIpPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp
bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9v
OnA+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1ZSAx
LjVwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3Jk
ZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20g
MGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0
OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxiPkZyb206PC9iPiBSYWRpYSBQZXJs
bWFuIFs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbSIgdGFyZ2V0PSJfYmxh
bmsiPm1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tPC9hPl0NCjxicj4NCjxiPlNlbnQ6PC9i
PiBsdW5lZMOsIDcgbWFnZ2lvIDIwMTggMDg6NTU8YnI+DQo8Yj5Ubzo8L2I+IDxhIGhyZWY9Im1h
aWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYu
b3JnIiB0YXJnZXQ9Il9ibGFuayI+DQpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdv
cmsuYWxsQHRvb2xzLmlldGYub3JnPC9hPjsgVGhlIElFU0cgJmx0OzxhIGhyZWY9Im1haWx0bzpp
ZXNnQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aWVzZ0BpZXRmLm9yZzwvYT4mZ3Q7Ow0KPGEg
aHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNlY2RpckBpZXRm
Lm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRm
LWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9k
aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87
bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+
PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t
YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5n
PSJJVCI+U29ycnkuLi5yZXNlbmRpbmcgYmVjYXVzZSBJIG1pc3R5cGVkIHRoZSBhdXRob3IgYWRk
cmVzcy48L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg
c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv
Ij48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv
O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFu
PjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t
bWFyZ2luLXRvcC1hbHQ6YXV0bzttYXJnaW4tYm90dG9tOjEyLjBwdCI+PHNwYW4gbGFuZz0iSVQi
Pi0tLS0tLS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLTxicj4NCkZyb206IDxiPlJh
ZGlhIFBlcmxtYW48L2I+ICZsdDs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNv
bSIgdGFyZ2V0PSJfYmxhbmsiPnJhZGlhcGVybG1hbkBnbWFpbC5jb208L2E+Jmd0Ozxicj4NCkRh
dGU6IFN1biwgTWF5IDYsIDIwMTggYXQgMTE6NDggUE08YnI+DQpTdWJqZWN0OiBTZWNkaXIgcmV2
aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNTxicj4NClRvOiA8
YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1LmFs
bEB0b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNy
b3dhdmUtZnJhbWV3b3JrLTA1LmFsbEB0b29scy5pZXRmLm9yZzwvYT4sIFRoZSBJRVNHICZsdDs8
YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5v
cmc8L2E+Jmd0OywNCjxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciIHRhcmdldD0iX2Js
YW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy
Z2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJmb250LXNpemU6OS41
cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIy
Ij5TdW1tYXJ5OiZuYnNwOyBObyBzZWN1cml0eSBpc3N1ZXMgZm91bmQsIGJ1dCBJIGRvIGhhdmUg
cXVlc3Rpb25zLCBhbmQgdGhlcmUgYXJlIGVkaXRpbmcgZ2xpdGNoZXM8L3NwYW4+PG86cD48L286
cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w
LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5i
c3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs
dDphdXRvIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImZvbnQtc2l6ZTo5LjVwdDtmb250LWZhbWls
eTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyMjIyMjIiPkkgaGF2ZSByZXZp
ZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mg
b25nb2luZzxicj4NCmVmZm9ydCB0byZuYnNwOzxzcGFuIGNsYXNzPSJtLTIwNTg3OTU0ODIyOTcz
NzM2ODFtLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3NjcyODAzMTE2NzMwNmdtYWlsLW05MDI2
MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3NzgyNTM0Z21haWwtaWwiPnJldmll
dzwvc3Bhbj4mbmJzcDthbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJ
RVNHLiZuYnNwOyBUaGVzZTxicj4NCmNvbW1lbnRzIHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9y
IHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBhcmVhPGJyPg0KZGlyZWN0b3JzLiZuYnNwOyBE
b2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRz
IGp1c3Q8YnI+DQpsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwgY29tbWVudHMuPC9zcGFuPjxzcGFu
IGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h
cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48
L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv
LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxh
bmc9IklUIj5UaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0aGUgbWFuYWdlbWVudCBpbnRlcmZhY2Ug
Zm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4N
CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1
dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5JdCBhZHZvY2F0
ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1Y2ggYW4gaW50ZXJmYWNlIHNob3VsZCBi
ZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRvci1zcGVjaWZpYyBmZWF0dXJlcy48L3Nw
YW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz
dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i
PjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk
aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87
bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5JIGRvbid0IHVuZGVy
c3RhbmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICZxdW90O2EgdHJhZGl0aW9uYWwgbmV0d29y
ayBtYW5hZ2VtZW50IHN5c3RlbSZxdW90OyBhbmQgU0ROLiZuYnNwOyBQZXJoYXBzIGl0IGlzIG5v
dCB0aGUgam9iIG9mIHRoaXMgZG9jdW1lbnQgdG8gY2xlYXJseSBtYWtlIHRoZSBkaXN0aW5jdGlv
biwNCiBhbmQgSSBzdXNwZWN0IHRoZXJlIGlzIG5vIHJlYWwgZGlzdGluY3Rpb24uLi5zZXR0aW5n
IHBhcmFtZXRlcnMgKHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCkgaXMgYSB3YXkgb2Yg
JnF1b3Q7cHJvZ3JhbW1pbmcmcXVvdDsgYW4gaW50ZXJmYWNlICgmcXVvdDtTRE4mcXVvdDspLiZu
YnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h
bHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwv
ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h
bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPlRoaXMg
ZG9jdW1lbnQgY291bGQgdXNlIGFuIGVkaXRpbmcgcGFzcyBmb3IgZ2xpdGNoZXMsIGJ1dCB0aGVz
ZSBnbGl0Y2hlcyBkbyBub3QgaW1wYWN0IGl0cyByZWFkYWJpbGl0eS48L3NwYW4+PG86cD48L286
cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h
cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9
IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i
b3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGUgZ2xpdGNoZXMgY29uc2lzdCZuYnNw
OyBtb3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxpa2UgJnF1b3Q7b2YmcXVvdDsg
aW4gdGhlIGZvbGxvd2luZyBzZW50ZW5jZS48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4N
CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1
dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mcXVvdDtUaGUg
YWRvcHRpb24gb2YgYW4gU0ROIGZyYW1ld29yayBmb3IgbWFuYWdlbWVudCBhbmQ8L3NwYW4+PG86
cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i
bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu
IGxhbmc9IklUIj4mbmJzcDsgJm5ic3A7Y29udHJvbCB0aGUgbWljcm93YXZlIGludGVyZmFjZSBp
cyBvbmUgb2YgdGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K
PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w
LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5i
c3A7ICZuYnNwO3RoaXMgd29yay4mcXVvdDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4N
CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1
dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3Nw
YW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz
dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i
PjxzcGFuIGxhbmc9IklUIj5UaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2F5IHRoYXQgdGhl
eSBhc3N1bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChhdXRoZW50aWNhdGVkLCBwcm9iYWJs
eSBlbmNyeXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNvbW11bmljYXRpb24uJm5ic3A7IE90
aGVyIHRoYW4gdGhhdCwNCiBwZXJoYXBzLCB0aGVyZSBtaWdodCBiZSBzZWN1cml0eSBjb25zaWRl
cmF0aW9ucyBmb3IgaW5hZHZlcnRlbnRseSBzZXR0aW5nIHBhcmFtZXRlcnMgaW5jb3JyZWN0bHks
IG9yIG1hbGljaW91c2x5IGJ5IGEgdHJ1c3RlZCBhZG1pbmlzdHJhdG9yLiZuYnNwOyBCdXQgdGhp
cyBkb2N1bWVudCBkb2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVjaWZpYyBwYXJhbWV0ZXJzIHRvIGJl
IG1hbmFnZWQsIGp1c3QgYSBnZW5lcmFsIGZyYW1ld29yay48L3NwYW4+PG86cD48L286cD48L3A+
DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10
b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIiBz
dHlsZT0iY29sb3I6Izg4ODg4OCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+
DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph
dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImNv
bG9yOiM4ODg4ODgiPlJhZGlhPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K
PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0
bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJjb2xv
cjojODg4ODg4Ij4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0K
PC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv
cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZu
YnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2
Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i
b3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwv
ZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0K
PC9odG1sPg0K

--_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0ADGGEMA501MBXchi_--


From nobody Mon May 21 21:07:31 2018
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE44912E055; Mon, 21 May 2018 21:07:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level: 
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X3CvRfSGfxSL; Mon, 21 May 2018 21:07:17 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93F2F12DA43; Mon, 21 May 2018 21:07:16 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id r9-v6so16878068iod.6; Mon, 21 May 2018 21:07:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/oeh4wX37prBMBB8q42nJ8OcxYmO9HtX767YPw0/5T0=; b=kTvyhKYwWxAQctfk16o/2bguOB3u+FMO8qm/iQ/AhfyQ6zJqxv482xkcTe6A8ASLDj GgkmvSI3DGowS7lvDqQuOEvMAKuj+3DuQf9nrXJV9HeHdvvvHEBn3xEF9oZLoo7c0R1y lG6u1eldFWjWD7c295WVc3wf687N0FfP4yC+syrBU8YXYu1+rLAN09tEchasUaV/+mpG Ft78HSSDTu1gzAXt+EqhLfRaa1OByiZvUGzmF+7XXsB5u3lg4ohW8s24Tileu1JyE9iH 9WGxa0REi/VU6qrHbfoWbnVp7MKymYI1zPTLu/z0TGQKVDPeMXdu6lgHU2NVnK+7rjZk B4dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/oeh4wX37prBMBB8q42nJ8OcxYmO9HtX767YPw0/5T0=; b=dQ103oxS8P9f6bjlVWILNheWrgKoZNt0Es9Q/K4us8p1olfwmk+gDHmE8hWUm34Jv6 oO70Kg3rLSfZmN18KvijeqhUNMylj24xYJVwNTA8jRL9CWV69ZbEOnQi99dDaogp166d qabfCSgXo/S5SpRH+ueiaBN2NNYqSk+UTR+yzSo+G7M428a2BDpJeM7cr0BJM0omG59w 11S3L10uEe22+6yidiqX2ErJHpCAysTVUVXnGMgbs2fYg09w8bo+xaWdXusN7fdy66sD KX7g/AbSIZbSp8+SNOmQRESot5qR4EX3fYg35h+Irs3Ex+ABsm18dGGHAh5KJQV/cKw2 0p4A==
X-Gm-Message-State: ALKqPwduTmFUbRgkLQ0Zk2himyfy3hpGHpN+LDlicVL85RRVhRZJJlZD XhCFdCwsCBXvEpO8wlwBtZTfZ3fueVNGvBOf9Cc=
X-Google-Smtp-Source: AB8JxZoSNPaNOGj8fdcW3eh/2jztSrOknSAFh8MPfHgWZrHluvnlyCUVZmIMcIzEfbu1K3C49BEgYl9aJhAEzQioazg=
X-Received: by 2002:a6b:82a0:: with SMTP id m32-v6mr15531134ioi.56.1526962035927;  Mon, 21 May 2018 21:07:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:2a02:0:0:0:0:0 with HTTP; Mon, 21 May 2018 21:07:15 -0700 (PDT)
In-Reply-To: <9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0A@DGGEMA501-MBX.china.huawei.com>
References: <CAFOuuo7PmeTWMYnetwi_8d-11UZmkPXx7WSje-coH_=ROfr9bA@mail.gmail.com> <VI1PR07MB3167FAE7BD03E6751047B60DF09B0@VI1PR07MB3167.eurprd07.prod.outlook.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <CAFOuuo6XWv8NnWN2SDXDFJ-6FZVmvC-T8i8k+M3wXb2aARfqBg@mail.gmail.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se> <CAFOuuo5rZQpE7VrgRSxvMPJcC+3dRJco+a1S7BPEyqnCPmKBSA@mail.gmail.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2@eusaamb107.ericsson.se> <9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0A@DGGEMA501-MBX.china.huawei.com>
From: Radia Perlman <radiaperlman@gmail.com>
Date: Tue, 22 May 2018 00:07:15 -0400
Message-ID: <CAFOuuo66radNv6F1TM2-jxkAt0LNJcSwNwVQ0zLuNaFV6Av0ag@mail.gmail.com>
To: "Yemin (Amy)" <amy.yemin@huawei.com>
Cc: Eric Gray <eric.gray@ericsson.com>, "BRUNGARD, DEBORAH A" <db3546@att.com>, The IESG <iesg@ietf.org>,  "ccamp@ietf.org" <ccamp@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>,  "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" <draft-ietf-ccamp-microwave-framework.all@tools.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bcaf2b056cc38d24"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/sQskRnis83VIZCqdo5cGNTIl80I>
Subject: Re: [secdir] [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 May 2018 04:07:21 -0000

--000000000000bcaf2b056cc38d24
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Amy...I think your proposed text is excellent.

Radia

On Mon, May 21, 2018 at 10:51 PM, Yemin (Amy) <amy.yemin@huawei.com> wrote:

> Hi Eric, Radia, and Deborah,
>
>
>
> Thanks for the discussion. Considering all the comments received, below i=
s
> the new proposed text for this paragraph:
>
>
>
>    This framework addresses the definition of an open and standardized
> interface for the
>
>    radio link functionality in a microwave node.  The application of such
> an interface used
>
>    for management and control of nodes and networks typically vary from
> one operator
>
>    to another, in terms of the systems used and how they interact.
> Possible approaches
>
>    include via the use of a network management system (NMS), via software
> defined
>
>    networking (SDN) and via some combination of NMS and SDN. As there are
> still many
>
>    networks where the NMS is implemented as one component/interface and
> the SDN
>
>    controller is scoped to control plane functionality as a separate
> component/interface,
>
>    this document does not preclude either model. The aim of this document
> is to provide a
>
>    framework describing both management and control of microwave
> interfaces to support
>
>    development of a common YANG Data Model.
>
>
>
> Please check if the text is ok.
>
> Thanks.
>
>
>
> BR,
>
> Amy
>
> *From:* Eric Gray [mailto:eric.gray@ericsson.com]
> *Sent:* Tuesday, May 22, 2018 2:57 AM
> *To:* Radia Perlman <radiaperlman@gmail.com>
> *Cc:* Yemin (Amy) <amy.yemin@huawei.com>; The IESG <iesg@ietf.org>;
> ccamp@ietf.org; secdir@ietf.org; draft-ietf-ccamp-microwave-
> framework.all@tools.ietf.org
> *Subject:* RE: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-
> framework-05
>
>
>
> So, one could read this as saying that some people view network managemen=
t
> (e.g. =E2=80=93 use of an NMS) and centralized network control (e.g. =E2=
=80=93 SDN) as
> being somehow at least marginally distinct, yet becoming increasingly les=
s
> so.  Other people view them as completely disjoint, perhaps having a
> preference, and would like them to continue being considered completely
> separate and distinct concepts.
>
>
>
> While I think it is probably fair to say that this is very likely true,
> this has all the ear marks of being a rat hole, and I cannot imagine what
> value the proposed text adds to the draft.
>
>
>
> As I understand it, the intent was to clarify something to do with the
> following text:
>
>
>
>
>
>    This framework addresses the definition of an open and standardized
>
>    interface for the radio link functionality in a microwave node.  The
>
>    application of such an interface used for management and control of
>
>    nodes and networks typically vary from one operator to another, in
>
>    terms of the systems used and how they interact.  A traditional
>
>    solution is network management system, while an emerging one is SDN.
>
>    SDN solutions can be used as part of the network management system,
>
>    allowing for direct network programmability and automated
>
>    configurability by means of a centralized SDN control and
>
>    standardized interfaces to program the nodes.
>
>
>
> Your comment was that the distinction is not clear.  That is a fair
> point.  And it is probably not addressed by the proposal.
>
>
>
> I would further add that using emotionally freighted expressions
> (=E2=80=9Cclassic=E2=80=9D/=E2=80=9Dlegacy=E2=80=9D/=E2=80=9Dtraditional=
=E2=80=9D verses =E2=80=9Cinnovative=E2=80=9D/=E2=80=9Dnovel=E2=80=9D/=E2=
=80=9Demerging=E2=80=9D)
> doesn=E2=80=99t help and really isn=E2=80=99t appropriate in specificatio=
n.
>
>
>
> I suspect that the reason for claiming a distinction exists (however
> difficult it may be to characterize that distinction) is in the part of t=
he
> above text having to do with operator preferences.  These definitely do
> exist.  =F0=9F=98=8A
>
>
>
> Perhaps a good way to address the issue is to replace the last two
> sentences in the text above with something along the lines of:
>
>
>
>     =E2=80=9CPossible approaches include via the use of a network managem=
ent
> system (NMS), via software defined networking (SDN) and via some
> combination of NMS and SDN.=E2=80=9D
>
>
>
> Note that =E2=80=9Cautomated configurability=E2=80=9D is * not* a new con=
cept in
> configuration of network devices, unique to SDN, hence the last part of t=
he
> final sentence (starting with =E2=80=9Callowing for =E2=80=A6=E2=80=9D) a=
dds no value and should be
> left out.
>
>
>
> --
>
> Eric
>
>
>
> *From:* Radia Perlman [mailto:radiaperlman@gmail.com
> <radiaperlman@gmail.com>]
> *Sent:* Saturday, May 19, 2018 11:35 PM
> *To:* Eric Gray <eric.gray@ericsson.com>
> *Cc:* Yemin (Amy) <amy.yemin@huawei.com>; The IESG <iesg@ietf.org>;
> ccamp@ietf.org; secdir@ietf.org; draft-ietf-ccamp-microwave-
> framework.all@tools.ietf.org
> *Subject:* Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-
> framework-05
> *Importance:* High
>
>
>
> Hi Eric,
>
>
>
> I feel bad for the authors of this document to be burdened with clarifyin=
g
> a distinction that has never been clear before (to lots of people,
> including me),  but their proposed text doesn't make it clearer.
>
>
>
> " =E2=80=9CIt's noted that there's idea that the NMS and SDN are evolving=
 towards
> a component, and the distinction between them is quite vague. Another fac=
t
> is that there is still plenty of networks where NMS is still considered a=
s
> the implementation of the management plane, while SDN is considered as th=
e
> centralization of the control plane. They are still kept as separate
> component"
>
>
>
>  Do you (or anyone else) have a suggestion for text that acknowledges to
> the reader that it's not the reader's fault for not understanding the
> difference?
>
>
>
> It would be OK with me for them to leave out  the extra entirely, since
> I'm sure this isn't the first RFC whose verbiage claims SDN and NMS are t=
wo
> different concepts. But if I were trying to get up to speed about this ar=
ea
> by reading the documents, I'd be somewhat comforted by an acknowledgement
> (such as the text they propose, but with the English fixed) that these ar=
e
> fuzzy distinctions, so I wouldn't think it was just me....that if I only
> read more things, or thought harder, or had more background, the
> distinction would be clear.
>
>
>
> Radia
>
>
>
>
>
>
>
>
>
> On Fri, May 18, 2018 at 1:27 PM, Eric Gray <eric.gray@ericsson.com> wrote=
:
>
> Hi Radia.
>
>
>
> I agree that the English is awkward, but I would have interpreted
> =E2=80=9Cevolving toward a component=E2=80=9D to mean something more alon=
g the lines of
> evolving toward the same (singular) thing.  Or perhaps another way to loo=
k
> at it might be that, because YANG is becoming a more popular mechanism fo=
r
> both NMS and SDN, it is likely that one or both of these may become
> components of a common management framework.
>
>
>
> I would interpret it this way precisely because =E2=80=93 as you say =E2=
=80=93 the
> distinction is not at all clear, though I would add that (to some of us)
> the distinction has never been very clear.  =F0=9F=98=8A
>
>
>
> For this reason, I would have some small difficulty in seeing how it woul=
d
> make much sense to say that they are evolving toward increasing similarit=
y.
>
>
>
> --
>
> Eric
>
>
>
> *From:* CCAMP [mailto:ccamp-bounces@ietf.org] *On Behalf Of *Radia Perlma=
n
> *Sent:* Friday, May 18, 2018 12:30 AM
> *To:* Yemin (Amy) <amy.yemin@huawei.com>
> *Cc:* The IESG <iesg@ietf.org>; ccamp@ietf.org; secdir@ietf.org;
> draft-ietf-ccamp-microwave-framework.all@tools.ietf.org
> *Subject:* Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-
> framework-05
>
>
>
> Thank you!  Though what you're suggesting is awkward English.
>
>
>
> Perhaps "We note that the distinction between NMS and SDN is not all that
> clear, and the two are evolving to be more and more similar." could repla=
ce
> the first sentence.  I'm really not sure what you meant by "evolving towa=
rd
> a component", so perhaps I'm not capturing what you are intending to say.
>
>
>
>
>
> Radia
>
>
>
> On Thu, May 17, 2018 at 7:03 PM, Yemin (Amy) <amy.yemin@huawei.com> wrote=
:
>
> Hi Radia,
>
>
>
> We just updated the draft, https://datatracker.ietf.org/
> doc/draft-ietf-ccamp-microwave-framework/.
>
> Your comments are addressed in the latest version.
>
>
>
> BR,
>
> Amy
>
> *From:* Yemin (Amy)
> *Sent:* Thursday, May 10, 2018 4:07 PM
> *To:* 'Daniele Ceccarelli' <daniele.ceccarelli@ericsson.com>; Radia
> Perlman <radiaperlman@gmail.com>; draft-ietf-ccamp-microwave-
> framework.all@tools.ietf.org; The IESG <iesg@ietf.org>; secdir@ietf.org
> *Subject:* RE: Secdir review of draft-ietf-ccamp-microwave-framework-05
>
>
>
> Hi Radia,
>
>
>
> Thanks for your review.
>
>
>
> Regarding the NMS and SDN, as Daniele suggested, we will add the followin=
g
> text in section 3:
>
> =E2=80=9CIt's noted that there's idea that the NMS and SDN are evolving t=
owards a
> component, and the distinction between them is quite vague. Another fact =
is
> that there is still plenty of networks where NMS is still considered as t=
he
> implementation of the management plane, while SDN is considered as the
> centralization of the control plane. They are still kept as separate
> component.=E2=80=9D
>
>
>
> Regarding the security considerations, yes, this draft doesn=E2=80=99t sp=
ecify the
> parameters.
>
> There=E2=80=99s another draft draft-ietf-ccamp-mw-yang, where the securit=
y
> consideration is addressed as you suggested.
>
>
>
> BR,
>
> Amy
>
> *From:* Daniele Ceccarelli [mailto:daniele.ceccarelli@ericsson.com
> <daniele.ceccarelli@ericsson.com>]
> *Sent:* Monday, May 07, 2018 5:46 PM
> *To:* Radia Perlman <radiaperlman@gmail.com>; draft-ietf-ccamp-microwave-
> framework.all@tools.ietf.org; The IESG <iesg@ietf.org>; secdir@ietf.org
> *Subject:* RE: Secdir review of draft-ietf-ccamp-microwave-framework-05
>
>
>
> Hi Radia,
>
>
>
> let me reply on behalf of the authors. First of all many thanks for your
> review.
>
>
>
> Regarding your question about traditional NMS vs SDN I agree with you on
> the fact that they are evolving towards a common component and the
> distinction is quite blurry, but there is still plenty of networks where
> NMS is still considered as the implementation of the management plane whi=
le
> SDN the centralization of the control plane and they are still kept as
> separate things.
>
>
>
> Hence, since the authors speak about =E2=80=9Ctraditional=E2=80=9D NMS an=
d SDN I would
> tend to allow for the distinction to be kept. If you prefer a note speaki=
ng
> about the convergence of the two things can be added.
>
>
>
> Thanks a lot
>
> Daniele  (ccamp co-chair)
>
>
>
> *From:* Radia Perlman [mailto:radiaperlman@gmail.com
> <radiaperlman@gmail.com>]
> *Sent:* luned=C3=AC 7 maggio 2018 08:55
> *To:* draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG <
> iesg@ietf.org>; secdir@ietf.org
> *Subject:* Secdir review of draft-ietf-ccamp-microwave-framework-05
>
>
>
> Sorry...resending because I mistyped the author address.
>
>
>
>
>
> ---------- Forwarded message ----------
> From: *Radia Perlman* <radiaperlman@gmail.com>
> Date: Sun, May 6, 2018 at 11:48 PM
> Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05
> To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org, The IESG =
<
> iesg@ietf.org>, secdir@ietf.org
>
> Summary:  No security issues found, but I do have questions, and there ar=
e
> editing glitches
>
>
>
> I have reviewed this document as part of the security directorate's ongoi=
ng
> effort to review all IETF documents being processed by the IESG.  These
> comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments ju=
st
> like any other last call comments.
>
>
>
> This document describes the management interface for microwave radio link=
s.
>
> It advocates (correctly, I believe) that such an interface should be
> extensible to provide for vendor-specific features.
>
>
>
> I don't understand the difference between a "a traditional network
> management system" and SDN.  Perhaps it is not the job of this document t=
o
> clearly make the distinction, and I suspect there is no real
> distinction...setting parameters (traditional network management) is a wa=
y
> of "programming" an interface ("SDN").
>
>
>
> This document could use an editing pass for glitches, but these glitches
> do not impact its readability.
>
>
>
> The glitches consist  mostly of leaving out little words like "of" in the
> following sentence.
>
> "The adoption of an SDN framework for management and
>
>    control the microwave interface is one of the key applications for
>
>    this work."
>
>
>
> The security considerations say that they assume a secure transport layer
> (authenticated, probably encryption isn't necessary) for communication.
> Other than that, perhaps, there might be security considerations for
> inadvertently setting parameters incorrectly, or maliciously by a trusted
> administrator.  But this document does not specify the specific parameter=
s
> to be managed, just a general framework.
>
>
>
> Radia
>
>
>
>
>
>
>
>
>

--000000000000bcaf2b056cc38d24
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Amy...I think your proposed text is excellent.<div><br></d=
iv><div>Radia</div></div><div class=3D"gmail_extra"><br><div class=3D"gmail=
_quote">On Mon, May 21, 2018 at 10:51 PM, Yemin (Amy) <span dir=3D"ltr">&lt=
;<a href=3D"mailto:amy.yemin@huawei.com" target=3D"_blank">amy.yemin@huawei=
.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"ma=
rgin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"m_-6038203141541218987WordSection1">
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Hi Eric, Radia, and De=
borah, <u></u>
<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d"><u></u>=C2=A0<u></u></=
span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Thanks for the discuss=
ion. Considering all the comments received, below is the new proposed text =
for this paragraph:
<u></u><u></u></span></p><span class=3D"">
<p class=3D"MsoNormal"><span style=3D"color:#1f497d"><u></u>=C2=A0<u></u></=
span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">=C2=A0=C2=A0 This framework addres=
ses the definition of an open and standardized interface for the
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">=C2=A0=C2=A0=C2=A0radio link funct=
ionality in a microwave node.=C2=A0 The application of such an interface us=
ed
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">=C2=A0=C2=A0=C2=A0for management a=
nd control of nodes and networks typically vary from one operator
<u></u><u></u></span></p>
</span><p class=3D"MsoNormal"><span lang=3D"EN">=C2=A0=C2=A0=C2=A0to anothe=
r, in terms of the systems used and how they interact. Possible approaches
<u></u><u></u></span></p><span class=3D"">
<p class=3D"MsoNormal"><span lang=3D"EN">=C2=A0=C2=A0=C2=A0include via the =
use of a network management system (NMS), via software defined
<u></u><u></u></span></p>
</span><p class=3D"MsoNormal"><span lang=3D"EN">=C2=A0=C2=A0=C2=A0networkin=
g (SDN) and via some combination of NMS and SDN. As there are still many<u>=
</u><u></u></span></p><span class=3D"">
<p class=3D"MsoNormal"><span lang=3D"EN">=C2=A0=C2=A0 networks where the NM=
S is implemented as one component/interface and the SDN
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">=C2=A0=C2=A0=C2=A0controller is sc=
oped to control plane functionality as a separate component/interface,
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">=C2=A0=C2=A0=C2=A0this document do=
es not preclude either model. The aim of this document is to provide a
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">=C2=A0=C2=A0=C2=A0framework descri=
bing both management and control of microwave interfaces to support<u></u><=
u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">=C2=A0=C2=A0 development of a comm=
on YANG Data Model. <u></u>
<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d"><u></u>=C2=A0<u></u></=
span></p>
</span><p class=3D"MsoNormal"><span style=3D"color:#1f497d">Please check if=
 the text is ok. <u></u>
<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Thanks. <u></u><u></u>=
</span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d"><u></u>=C2=A0<u></u></=
span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">BR,<u></u><u></u></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Amy<u></u><u></u></spa=
n></p>
<div>
<div style=3D"border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm =
0cm 0cm">
<p class=3D"MsoNormal"><b>From:</b> Eric Gray [mailto:<a href=3D"mailto:eri=
c.gray@ericsson.com" target=3D"_blank">eric.gray@ericsson.com</a><wbr>] <br=
>
<b>Sent:</b> Tuesday, May 22, 2018 2:57 AM<br>
<b>To:</b> Radia Perlman &lt;<a href=3D"mailto:radiaperlman@gmail.com" targ=
et=3D"_blank">radiaperlman@gmail.com</a>&gt;<span class=3D""><br>
<b>Cc:</b> Yemin (Amy) &lt;<a href=3D"mailto:amy.yemin@huawei.com" target=
=3D"_blank">amy.yemin@huawei.com</a>&gt;; The IESG &lt;<a href=3D"mailto:ie=
sg@ietf.org" target=3D"_blank">iesg@ietf.org</a>&gt;; <a href=3D"mailto:cca=
mp@ietf.org" target=3D"_blank">ccamp@ietf.org</a>; <a href=3D"mailto:secdir=
@ietf.org" target=3D"_blank">secdir@ietf.org</a>; <a href=3D"mailto:draft-i=
etf-ccamp-microwave-framework.all@tools.ietf.org" target=3D"_blank">draft-i=
etf-ccamp-microwave-<wbr>framework.all@tools.ietf.org</a><br>
</span><b>Subject:</b> RE: [CCAMP] Secdir review of draft-ietf-ccamp-microw=
ave-<wbr>framework-05<u></u><u></u></p>
</div>
</div><div><div class=3D"h5">
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">So, one could read this as saying that some people v=
iew network management (e.g. =E2=80=93 use of an NMS) and centralized netwo=
rk control (e.g. =E2=80=93 SDN) as being somehow at least marginally distin=
ct, yet becoming increasingly less so.=C2=A0 Other people
 view them as completely disjoint, perhaps having a preference, and would l=
ike them to continue being considered completely separate and distinct conc=
epts.<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">While I think it is probably fair to say that this i=
s very likely true, this has all the ear marks of being a rat hole, and I c=
annot imagine what value the proposed text adds to the draft.<u></u><u></u>=
</p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">As I understand it, the intent was to clarify someth=
ing to do with the following text:<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal" style=3D"page-break-before:always"><span lang=3D"EN"=
 style=3D"font-family:&quot;Courier New&quot;"><u></u>=C2=A0<u></u></span><=
/p>
<p class=3D"MsoNormal" style=3D"page-break-before:always"><span lang=3D"EN"=
 style=3D"font-family:&quot;Courier New&quot;">=C2=A0=C2=A0 This framework =
addresses the definition of an open and standardized<u></u><u></u></span></=
p>
<p class=3D"MsoNormal" style=3D"page-break-before:always"><span lang=3D"EN"=
 style=3D"font-family:&quot;Courier New&quot;">=C2=A0=C2=A0 interface for t=
he radio link functionality in a microwave node.=C2=A0 The<u></u><u></u></s=
pan></p>
<p class=3D"MsoNormal" style=3D"page-break-before:always"><span lang=3D"EN"=
 style=3D"font-family:&quot;Courier New&quot;">=C2=A0=C2=A0 application of =
such an interface used for management and control of<u></u><u></u></span></=
p>
<p class=3D"MsoNormal" style=3D"page-break-before:always"><span lang=3D"EN"=
 style=3D"font-family:&quot;Courier New&quot;">=C2=A0=C2=A0 nodes and netwo=
rks typically vary from one operator to another, in<u></u><u></u></span></p=
>
<p class=3D"MsoNormal" style=3D"page-break-before:always"><span lang=3D"EN"=
 style=3D"font-family:&quot;Courier New&quot;">=C2=A0=C2=A0 terms of the sy=
stems used and how they interact.=C2=A0 A traditional<u></u><u></u></span><=
/p>
<p class=3D"MsoNormal" style=3D"page-break-before:always"><span lang=3D"EN"=
 style=3D"font-family:&quot;Courier New&quot;">=C2=A0=C2=A0 solution is net=
work management system, while an emerging one is SDN.<u></u><u></u></span><=
/p>
<p class=3D"MsoNormal" style=3D"page-break-before:always"><span lang=3D"EN"=
 style=3D"font-family:&quot;Courier New&quot;">=C2=A0=C2=A0 SDN solutions c=
an be used as part of the network management system,<u></u><u></u></span></=
p>
<p class=3D"MsoNormal" style=3D"page-break-before:always"><span lang=3D"EN"=
 style=3D"font-family:&quot;Courier New&quot;">=C2=A0=C2=A0 allowing for di=
rect network programmability and automated<u></u><u></u></span></p>
<p class=3D"MsoNormal" style=3D"page-break-before:always"><span lang=3D"EN"=
 style=3D"font-family:&quot;Courier New&quot;">=C2=A0=C2=A0 configurability=
 by means of a centralized SDN control and<u></u><u></u></span></p>
<p class=3D"MsoNormal" style=3D"page-break-before:always"><span lang=3D"EN"=
 style=3D"font-family:&quot;Courier New&quot;">=C2=A0=C2=A0 standardized in=
terfaces to program the nodes.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">Your comment was that the distinct=
ion is not clear.=C2=A0 That is a fair point.=C2=A0 And it is probably not =
addressed by the proposal.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">I would further add that using emo=
tionally freighted expressions (=E2=80=9Cclassic=E2=80=9D/=E2=80=9Dlegacy=
=E2=80=9D/=E2=80=9D<wbr>traditional=E2=80=9D verses =E2=80=9Cinnovative=E2=
=80=9D/=E2=80=9Dnovel=E2=80=9D/=E2=80=9D<wbr>emerging=E2=80=9D) doesn=E2=80=
=99t help and really isn=E2=80=99t appropriate in specification.<u></u><u><=
/u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">I suspect that the reason for clai=
ming a distinction exists (however difficult it may be to characterize that=
 distinction) is in the part of the above text having to do with operator p=
references.=C2=A0 These definitely do exist.=C2=A0
</span><span lang=3D"EN" style=3D"font-family:&quot;Times New Roman&quot;,s=
erif">=F0=9F=98=8A</span><span lang=3D"EN"><u></u><u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">Perhaps a good way to address the =
issue is to replace the last two sentences in the text above with something=
 along the lines of:<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">=C2=A0=C2=A0=C2=A0 </span><span la=
ng=3D"EN" style=3D"font-family:Courier">=E2=80=9CPossible approaches includ=
e via the use of a network management system (NMS), via software defined ne=
tworking (SDN) and via some combination of NMS and SDN.=E2=80=9D<u></u><u><=
/u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">Note that =E2=80=9Cautomated confi=
gurability=E2=80=9D is <b>
<i><u>not</u></i></b> a new concept in configuration of network devices, un=
ique to SDN, hence the last part of the final sentence (starting with =E2=
=80=9Callowing for =E2=80=A6=E2=80=9D) adds no value and should be left out=
.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">--<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN">Eric<u></u><u></u></span></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal"><b>From:</b> Radia Perlman [<a href=3D"mailto:radiap=
erlman@gmail.com" target=3D"_blank">mailto:radiaperlman@gmail.com</a><wbr>]
<br>
<b>Sent:</b> Saturday, May 19, 2018 11:35 PM<br>
<b>To:</b> Eric Gray &lt;<a href=3D"mailto:eric.gray@ericsson.com" target=
=3D"_blank">eric.gray@ericsson.com</a>&gt;<br>
<b>Cc:</b> Yemin (Amy) &lt;<a href=3D"mailto:amy.yemin@huawei.com" target=
=3D"_blank">amy.yemin@huawei.com</a>&gt;; The IESG &lt;<a href=3D"mailto:ie=
sg@ietf.org" target=3D"_blank">iesg@ietf.org</a>&gt;;
<a href=3D"mailto:ccamp@ietf.org" target=3D"_blank">ccamp@ietf.org</a>; <a =
href=3D"mailto:secdir@ietf.org" target=3D"_blank">
secdir@ietf.org</a>; <a href=3D"mailto:draft-ietf-ccamp-microwave-framework=
.all@tools.ietf.org" target=3D"_blank">
draft-ietf-ccamp-microwave-<wbr>framework.all@tools.ietf.org</a><br>
<b>Subject:</b> Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-<wb=
r>framework-05<br>
<b>Importance:</b> High<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">Hi Eric,<u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">I feel bad for the authors of this document to be bu=
rdened with clarifying a distinction that has never been clear before (to l=
ots of people, including me),=C2=A0 but their proposed text doesn&#39;t mak=
e it clearer.<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">&quot; <span style=3D"font-size:9.5pt;font-family:&q=
uot;Arial&quot;,sans-serif;color:#1f497d;background:white">
=E2=80=9CIt&#39;s noted that there&#39;s idea that the NMS and SDN are evol=
ving towards a component, and the distinction between them is quite vague. =
Another fact is that there is still plenty of networks where NMS is still c=
onsidered as the implementation of the management
 plane, while SDN is considered as the centralization of the control plane.=
 They are still kept as separate component&quot;</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt;font-family:&quot;Ari=
al&quot;,sans-serif;color:#1f497d;background:white">=C2=A0Do you (or anyone=
 else) have a suggestion for text that acknowledges to the reader that it&#=
39;s not the reader&#39;s fault for not understanding the difference?</span=
><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt;color:#1f497d">It wou=
ld be OK with me for them to leave out=C2=A0 the extra entirely, since I&#3=
9;m sure this isn&#39;t the first RFC whose verbiage claims SDN and NMS are=
 two different concepts. But if I were trying to
 get up to speed about this area by reading the documents, I&#39;d be somew=
hat comforted by an acknowledgement (such as the text they propose, but wit=
h the English fixed) that these are fuzzy distinctions, so I wouldn&#39;t t=
hink it was just me....that if I only read
 more things, or thought harder, or had more background, the distinction wo=
uld be clear.=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.5pt;color:#1f497d">Radia<=
/span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">On Fri, May 18, 2018 at 1:27 PM, Eric Gray &lt;<a hr=
ef=3D"mailto:eric.gray@ericsson.com" target=3D"_blank">eric.gray@ericsson.c=
om</a>&gt; wrote:<u></u><u></u></p>
<blockquote style=3D"border:none;border-left:solid #cccccc 1.0pt;padding:0c=
m 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-=
bottom:5.0pt">
<div>
<div>
<p class=3D"MsoNormal">Hi Radia.<u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal">I agree that the English is awkward, but I would hav=
e interpreted =E2=80=9Cevolving toward a component=E2=80=9D to mean somethi=
ng more along the lines of evolving toward the same (singular) thing.=C2=A0
 Or perhaps another way to look at it might be that, because YANG is becomi=
ng a more popular mechanism for both NMS and SDN, it is likely that one or =
both of these may become components of a common management framework.<u></u=
><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal">I would interpret it this way precisely because =E2=
=80=93 as you say =E2=80=93 the distinction is not at all clear, though I w=
ould add that (to some of us) the distinction has never been very clear.=C2=
=A0
<span style=3D"font-family:&quot;Times New Roman&quot;,serif">=F0=9F=98=8A<=
/span><u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal">For this reason, I would have some small difficulty =
in seeing how it would make much sense to say that they are evolving toward=
 increasing similarity.<u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal">--<u></u><u></u></p>
<p class=3D"MsoNormal">Eric<u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal"><b>From:</b> CCAMP [mailto:<a href=3D"mailto:ccamp-b=
ounces@ietf.org" target=3D"_blank">ccamp-bounces@ietf.org</a><wbr>]
<b>On Behalf Of </b>Radia Perlman<br>
<b>Sent:</b> Friday, May 18, 2018 12:30 AM<br>
<b>To:</b> Yemin (Amy) &lt;<a href=3D"mailto:amy.yemin@huawei.com" target=
=3D"_blank">amy.yemin@huawei.com</a>&gt;<br>
<b>Cc:</b> The IESG &lt;<a href=3D"mailto:iesg@ietf.org" target=3D"_blank">=
iesg@ietf.org</a>&gt;;
<a href=3D"mailto:ccamp@ietf.org" target=3D"_blank">ccamp@ietf.org</a>; <a =
href=3D"mailto:secdir@ietf.org" target=3D"_blank">
secdir@ietf.org</a>; <a href=3D"mailto:draft-ietf-ccamp-microwave-framework=
.all@tools.ietf.org" target=3D"_blank">
draft-ietf-ccamp-microwave-<wbr>framework.all@tools.ietf.org</a><br>
<b>Subject:</b> Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-<wb=
r>framework-05<u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<div>
<p class=3D"MsoNormal">Thank you!=C2=A0 Though what you&#39;re suggesting i=
s awkward English.<u></u><u></u></p>
<div>
<div>
<div>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">Perhaps &quot;We note that the distinction between N=
MS and SDN is not all that clear, and the two are evolving to be more and m=
ore similar.&quot; could replace the first sentence.=C2=A0 I&#39;m really
 not sure what you meant by &quot;evolving toward a component&quot;, so per=
haps I&#39;m not capturing what you are intending to say.<u></u><u></u></p>
<div>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
</div>
<div>
<div>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">Radia<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<div>
<p class=3D"MsoNormal">On Thu, May 17, 2018 at 7:03 PM, Yemin (Amy) &lt;<a =
href=3D"mailto:amy.yemin@huawei.com" target=3D"_blank">amy.yemin@huawei.com=
</a>&gt; wrote:<u></u><u></u></p>
<blockquote style=3D"border:none;border-left:solid #cccccc 1.0pt;padding:0c=
m 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-=
bottom:5.0pt">
<div>
<div>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Hi Radia,
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span><u></u><u=
></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">We just updated the dr=
aft,
<a href=3D"https://datatracker.ietf.org/doc/draft-ietf-ccamp-microwave-fram=
ework/" target=3D"_blank">
https://datatracker.ietf.org/<wbr>doc/draft-ietf-ccamp-<wbr>microwave-frame=
work/</a>. </span>
<u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Your comments are addr=
essed in the latest version.
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span><u></u><u=
></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">BR,</span><u></u><u></=
u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Amy</span><u></u><u></=
u></p>
<div>
<div style=3D"border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm =
0cm 0cm">
<p class=3D"MsoNormal"><b>From:</b> Yemin (Amy)
<br>
<b>Sent:</b> Thursday, May 10, 2018 4:07 PM<br>
<b>To:</b> &#39;Daniele Ceccarelli&#39; &lt;<a href=3D"mailto:daniele.cecca=
relli@ericsson.com" target=3D"_blank">daniele.ceccarelli@ericsson.<wbr>com<=
/a>&gt;; Radia Perlman &lt;<a href=3D"mailto:radiaperlman@gmail.com" target=
=3D"_blank">radiaperlman@gmail.com</a>&gt;;
<a href=3D"mailto:draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" =
target=3D"_blank">
draft-ietf-ccamp-microwave-<wbr>framework.all@tools.ietf.org</a>; The IESG =
&lt;<a href=3D"mailto:iesg@ietf.org" target=3D"_blank">iesg@ietf.org</a>&gt=
;;
<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.org</a><br=
>
<b>Subject:</b> RE: Secdir review of draft-ietf-ccamp-microwave-<wbr>framew=
ork-05<u></u><u></u></p>
</div>
</div>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Hi Radia,
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span><u></u><u=
></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Thanks for your review=
.
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span><u></u><u=
></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Regarding the NMS and =
SDN, as Daniele suggested, we will add the following text in section 3:
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=E2=80=9CIt&#39;s note=
d that there&#39;s idea that the NMS and SDN are evolving towards a compone=
nt, and the distinction between them is quite vague. Another fact is
 that there is still plenty of networks where NMS is still considered as th=
e implementation of the management plane, while SDN is considered as the ce=
ntralization of the control plane. They are still kept as separate componen=
t.=E2=80=9D</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span><u></u><u=
></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Regarding the security=
 considerations, yes, this draft doesn=E2=80=99t specify the parameters.
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">There=E2=80=99s anothe=
r draft draft-ietf-ccamp-mw-yang, where the security consideration is addre=
ssed as you suggested.
</span><u></u><u></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span><u></u><u=
></u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">BR,</span><u></u><u></=
u></p>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Amy</span><u></u><u></=
u></p>
<div>
<div style=3D"border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm =
0cm 0cm">
<p class=3D"MsoNormal"><b>From:</b> Daniele Ceccarelli [<a href=3D"mailto:d=
aniele.ceccarelli@ericsson.com" target=3D"_blank">mailto:daniele.ceccarelli=
@<wbr>ericsson.com</a>]
<br>
<b>Sent:</b> Monday, May 07, 2018 5:46 PM<br>
<b>To:</b> Radia Perlman &lt;<a href=3D"mailto:radiaperlman@gmail.com" targ=
et=3D"_blank">radiaperlman@gmail.com</a>&gt;;
<a href=3D"mailto:draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" =
target=3D"_blank">
draft-ietf-ccamp-microwave-<wbr>framework.all@tools.ietf.org</a>; The IESG =
&lt;<a href=3D"mailto:iesg@ietf.org" target=3D"_blank">iesg@ietf.org</a>&gt=
;;
<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.org</a><br=
>
<b>Subject:</b> RE: Secdir review of draft-ietf-ccamp-microwave-<wbr>framew=
ork-05<u></u><u></u></p>
</div>
</div>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal"><span lang=3D"IT">Hi Radia,</span><u></u><u></u></p>
<div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
<p class=3D"MsoNormal">let me reply on behalf of the authors. First of all =
many thanks for your review.<u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal">Regarding your question about traditional NMS vs SDN=
 I agree with you on the fact that they are evolving towards a common compo=
nent and the distinction is quite blurry, but there
 is still plenty of networks where NMS is still considered as the implement=
ation of the management plane while SDN the centralization of the control p=
lane and they are still kept as separate things.<u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal">Hence, since the authors speak about =E2=80=9Ctradit=
ional=E2=80=9D NMS and SDN I would tend to allow for the distinction to be =
kept. If you prefer a note speaking about the convergence of the two
 things can be added.<u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<p class=3D"MsoNormal">Thanks a lot<u></u><u></u></p>
<p class=3D"MsoNormal">Daniele=C2=A0 (ccamp co-chair)<u></u><u></u></p>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm =
4.0pt">
<div>
<div style=3D"border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm =
0cm 0cm">
<p class=3D"MsoNormal"><b>From:</b> Radia Perlman [<a href=3D"mailto:radiap=
erlman@gmail.com" target=3D"_blank">mailto:radiaperlman@gmail.com</a><wbr>]
<br>
<b>Sent:</b> luned=C3=AC 7 maggio 2018 08:55<br>
<b>To:</b> <a href=3D"mailto:draft-ietf-ccamp-microwave-framework.all@tools=
.ietf.org" target=3D"_blank">
draft-ietf-ccamp-microwave-<wbr>framework.all@tools.ietf.org</a>; The IESG =
&lt;<a href=3D"mailto:iesg@ietf.org" target=3D"_blank">iesg@ietf.org</a>&gt=
;;
<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.org</a><br=
>
<b>Subject:</b> Secdir review of draft-ietf-ccamp-microwave-<wbr>framework-=
05<u></u><u></u></p>
</div>
</div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">Sorry...resending because I mistyp=
ed the author address.</span><u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
<div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt"><span lang=3D"IT">---=
------- Forwarded message ----------<br>
From: <b>Radia Perlman</b> &lt;<a href=3D"mailto:radiaperlman@gmail.com" ta=
rget=3D"_blank">radiaperlman@gmail.com</a>&gt;<br>
Date: Sun, May 6, 2018 at 11:48 PM<br>
Subject: Secdir review of draft-ietf-ccamp-microwave-<wbr>framework-05<br>
To: <a href=3D"mailto:draft-ietf-ccamp-microwave-framework-05.all@tools.iet=
f.org" target=3D"_blank">
draft-ietf-ccamp-microwave-<wbr>framework-05.all@tools.ietf.<wbr>org</a>, T=
he IESG &lt;<a href=3D"mailto:iesg@ietf.org" target=3D"_blank">iesg@ietf.or=
g</a>&gt;,
<a href=3D"mailto:secdir@ietf.org" target=3D"_blank">secdir@ietf.org</a></s=
pan><u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"font-size:9.5pt;font-fami=
ly:&quot;Arial&quot;,sans-serif;color:#222222">Summary:=C2=A0 No security i=
ssues found, but I do have questions, and there are editing glitches</span>=
<u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"font-size:9.5pt;font-fami=
ly:&quot;Arial&quot;,sans-serif;color:#222222">I have reviewed this documen=
t as part of the security directorate&#39;s ongoing<br>
effort to=C2=A0<span class=3D"m_-6038203141541218987m-2058795482297373681m-=
6166985804615279366m4131376728031167306gmail-m9026368803713863349gmail-m-50=
57010912157782534gmail-il">review</span>=C2=A0all IETF documents being proc=
essed by the IESG.=C2=A0 These<br>
comments were written primarily for the benefit of the security area<br>
directors.=C2=A0 Document editors and WG chairs should treat these comments=
 just<br>
like any other last call comments.</span><span lang=3D"IT">=C2=A0</span><u>=
</u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">This document describes the manage=
ment interface for microwave radio links.</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">It advocates (correctly, I believe=
) that such an interface should be extensible to provide for vendor-specifi=
c features.</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">I don&#39;t understand the differe=
nce between a &quot;a traditional network management system&quot; and SDN.=
=C2=A0 Perhaps it is not the job of this document to clearly make the disti=
nction,
 and I suspect there is no real distinction...setting parameters (tradition=
al network management) is a way of &quot;programming&quot; an interface (&q=
uot;SDN&quot;).=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">This document could use an editing=
 pass for glitches, but these glitches do not impact its readability.</span=
><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">The glitches consist=C2=A0 mostly =
of leaving out little words like &quot;of&quot; in the following sentence.<=
/span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">&quot;The adoption of an SDN frame=
work for management and</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0 =C2=A0control the microwave=
 interface is one of the key applications for</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0 =C2=A0this work.&quot;</spa=
n><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT">The security considerations say th=
at they assume a secure transport layer (authenticated, probably encryption=
 isn&#39;t necessary) for communication.=C2=A0 Other than that,
 perhaps, there might be security considerations for inadvertently setting =
parameters incorrectly, or maliciously by a trusted administrator.=C2=A0 Bu=
t this document does not specify the specific parameters to be managed, jus=
t a general framework.</span><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"color:#888888">=C2=A0</sp=
an><u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"color:#888888">Radia</spa=
n><u></u><u></u></p>
</div>
<div>
<div>
<p class=3D"MsoNormal"><span lang=3D"IT" style=3D"color:#888888">=C2=A0</sp=
an><u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class=3D"MsoNormal"><span lang=3D"IT">=C2=A0</span><u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div></div></div>
</div>

</blockquote></div><br></div>

--000000000000bcaf2b056cc38d24--


From nobody Thu May 24 08:45:20 2018
Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C5FD312EAB7; Thu, 24 May 2018 08:45:11 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
To: <secdir@ietf.org>
Cc: draft-ietf-spring-segment-routing-ldp-interop.all@ietf.org, spring@ietf.org, iesg@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.80.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152717671174.29916.15871063863957499908@ietfa.amsl.com>
Date: Thu, 24 May 2018 08:45:11 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/iYGUowp1p8MuxkN_LtHEE5ebNHU>
Subject: [secdir] Secdir last call review of draft-ietf-spring-segment-routing-ldp-interop-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2018 15:45:12 -0000

Reviewer: Takeshi Takahashi
Review result: Ready

I have only minor comments.

The section said that security issues in this document are mostly inherited
from the underlying techniques/specs. Some pointers to RFC documents describing
the security issues of MPLS dataplane, routing protocols, and so on (if any)
could help readers. Having these pointers in this section will not harm readers.

Some typo:
In Section 1: "co- exist" (unnecessary space)-> "co-exist"
In Section 2.1: "switches it our" -> "switches it out"

Spelling out is appreciated: LDP and FEC

Clarification question:
Regarding the paragraph "P6 does not have an LDP binding from its next-hop P5
for the FEC "PE1". However P6 has an SR node segment to the IGP route "PE1".
Hence, P6 forwards the packet to P5 and swaps its local LDP-label for FEC "PE1"
by the equivalent node segment (i.e. 101)."(in Section 4.1), I have got the
impression that the behavior of P6 is not defined by any other specs (incl,
LDP) and is a behavior this document newly defines, correct?  If it is correct,
must P6 support this behavior? or is it just optional? I am not familiar with
these routing protocols, thus clarification is appreciated.


From nobody Fri May 25 02:32:53 2018
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E8ED2124B0A for <secdir@ietf.org>; Fri, 25 May 2018 02:32:51 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Tero Kivinen <kivinen@iki.fi>
To: <secdir@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.80.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-to: secdir-secretary@mit.edu
Message-ID: <152724077194.12695.5647116226470357624.idtracker@ietfa.amsl.com>
Date: Fri, 25 May 2018 02:32:51 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/1gvn24QmSY_YmbwjM2_hwHvlquo>
Subject: [secdir] Assignments
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2018 09:32:52 -0000

Review instructions and related resources are at:
http://tools.ietf.org/area/sec/trac/wiki/SecDirReview

For telechat 2018-06-07

Reviewer               LC end     Draft
Vincent Roca           2018-05-21 draft-hakala-urn-nbn-rfc3188bis-00
Melinda Shore          2018-05-30 draft-ietf-teas-yang-te-topo-15
Carl Wallace           2018-05-21 draft-ietf-httpbis-h2-websockets-05
David Waltermire       2018-05-21 draft-ietf-extra-imap-unauth-00

For telechat 2018-06-21

Reviewer               LC end     Draft
Sandra Murphy          2018-04-24 draft-ietf-mmusic-sdp-simulcast-12

Last calls:

Reviewer               LC end     Draft
John Bradley           2018-04-18 draft-ietf-acme-acme-12
Daniel Gillmor         2018-03-19 draft-gutmann-scep-10
Russ Mundy             2017-09-14 draft-spinosa-urn-lex-12
Tina Tsou              2018-05-21 draft-ietf-v6ops-conditional-ras-04
Sean Turner            2018-05-21 draft-ietf-sfc-hierarchical-08
Samuel Weiler          2018-05-21 draft-ietf-bfd-multipoint-16
Brian Weis             2018-06-04 draft-ietf-tsvwg-rfc4960-errata-06

Early review requests:

Reviewer               Due        Draft
Daniel Franke          2018-01-31 draft-ietf-intarea-provisioning-domains-00
Ólafur Guðmundsson     2018-01-09 draft-ietf-opsawg-nat-yang-09
Dan Harkins            2018-05-31 draft-ietf-dtn-bpsec-06

Next in the reviewer rotation:

  Klaas Wierenga
  Christopher Wood
  Paul Wouters
  Liang Xia
  Taylor Yu
  Dacheng Zhang
  Derek Atkins
  John Bradley
  Shaun Cooley
  Roman Danyliw


From nobody Fri May 25 07:24:07 2018
Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7472012D960; Fri, 25 May 2018 07:23:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level: 
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CKxXpKcgI72R; Fri, 25 May 2018 07:23:57 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15FDA126CB6; Fri, 25 May 2018 07:23:55 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.49,440,1520895600";  d="scan'208,217";a="266467312"
Received: from dom38-1-82-236-155-50.fbx.proxad.net (HELO [192.168.1.100]) ([82.236.155.50]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 May 2018 16:23:53 +0200
From: Vincent Roca <vincent.roca@inria.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F15D2211-D8D5-4749-BA4E-93B5F8547E07"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Message-Id: <623421A0-B3BE-43CA-87AD-9B0AA6EF14F4@inria.fr>
Date: Fri, 25 May 2018 16:23:52 +0200
To: The IESG <iesg@ietf.org>, secdir@ietf.org, draft-hakala-urn-nbn-rfc3188bis.all@ietf.org
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ZFW1BoC_rw-yzWvLDHHS1cA8Y7g>
Subject: [secdir] Secdir review of draft-hakala-urn-nbn-rfc3188bis-00
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2018 14:24:00 -0000

--Apple-Mail=_F15D2211-D8D5-4749-BA4E-93B5F8547E07
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Hello,

I have reviewed this document as part of the security directorate=E2=80=99=
s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments =
just
like any other last call comments.

Summary: Ready with nits


This document specifies the use of National Bibliography Numbers (NBN)s =
as a particular URN namespace.
The authors explain that "no specific security threats have been =
identified for NBN-based URNs".
The authors also explain that, since this document specifies high level =
concepts, several security aspects are out of scope.
I tend to agree with the authors, although I don't know the domain.


Otherwise a few general comments:

ABNF compliance:

* Section 5: please check the ABNF compliance, for instance using Bill's =
ABNF Parser, https://tools.ietf.org/tools/bap/abnf.cgi
I guess you mean:
        nbn_string  =3D <specific per prefix>
rather than:
        nbn_string  =3D &lt;specific per prefix&gt;
The checker also complains with rule names (Illegal character '_').


Typos:

* Introduction: remove "to" in "must to have a namespace of its own" (or =
do you mean "too"?).

* Introduction: rather than "ISSN (International Serial Standard =
Number)", it seems (wikipedia) that the acronym stands for =
"International Standard Serial Number".


Regards,

   Vincent=

--Apple-Mail=_F15D2211-D8D5-4749-BA4E-93B5F8547E07
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space;" class=3D"">Hello,<br =
class=3D""><br class=3D"">I have reviewed this document as part of the =
security directorate=E2=80=99s ongoing<br class=3D"">effort to review =
all IETF documents being processed by the IESG. These<br =
class=3D"">comments were written primarily for the benefit of the =
security area<br class=3D"">directors. &nbsp;Document editors and WG =
chairs should treat these comments just<br class=3D"">like any other =
last call comments.<br class=3D""><br class=3D"">Summary:&nbsp;<b =
class=3D"">Ready with nits</b><br class=3D""><div class=3D""><br =
class=3D""></div><div class=3D""><br class=3D""></div><div class=3D""><div=
 class=3D"">This document specifies the use of National Bibliography =
Numbers (NBN)s as a particular URN namespace.</div><div class=3D"">The =
authors explain that "no specific security threats have been identified =
for NBN-based URNs".</div><div class=3D"">The authors also explain that, =
since this document specifies high level concepts, several security =
aspects are out of scope.</div><div class=3D"">I tend to agree with the =
authors, although I don't know the domain.</div><div class=3D""><br =
class=3D""></div><div class=3D""><br class=3D""></div><div =
class=3D"">Otherwise a few general comments:</div><div class=3D""><br =
class=3D""></div><div class=3D"">ABNF compliance:</div><div class=3D""><br=
 class=3D""></div><div class=3D"">* Section 5: please check the ABNF =
compliance, for instance using Bill's ABNF Parser, <a =
href=3D"https://tools.ietf.org/tools/bap/abnf.cgi" =
class=3D"">https://tools.ietf.org/tools/bap/abnf.cgi</a></div><div =
class=3D"">I guess you mean:</div><div class=3D"">&nbsp; &nbsp; &nbsp; =
&nbsp; nbn_string &nbsp;=3D &lt;specific per prefix&gt;</div><div =
class=3D"">rather than:</div><div class=3D"">&nbsp; &nbsp; &nbsp; &nbsp; =
nbn_string &nbsp;=3D &amp;lt;specific per prefix&amp;gt;</div><div =
class=3D"">The checker also complains with rule names (Illegal character =
'_').</div><div class=3D""><br class=3D""></div><div class=3D""><br =
class=3D""></div><div class=3D"">Typos:</div><div class=3D""><br =
class=3D""></div><div class=3D"">* Introduction: remove "to" in "must to =
have a namespace of its own" (or do you mean "too"?).</div><div =
class=3D""><br class=3D""></div><div class=3D"">* Introduction: rather =
than "ISSN (International Serial Standard Number)", it seems (wikipedia) =
that the acronym stands for "International Standard Serial =
Number".</div></div><div class=3D""><br class=3D""></div><div =
class=3D""><br class=3D""></div><div class=3D"">Regards,</div><div =
class=3D""><br class=3D""></div><div class=3D"">&nbsp; =
&nbsp;Vincent</div></body></html>=

--Apple-Mail=_F15D2211-D8D5-4749-BA4E-93B5F8547E07--


From nobody Tue May 29 07:19:13 2018
Return-Path: <sean@sn3rd.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6231512E050; Tue, 29 May 2018 07:19:11 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Sean Turner <sean@sn3rd.com>
To: <secdir@ietf.org>
Cc: draft-ietf-sfc-hierarchical.all@ietf.org, ietf@ietf.org, sfc@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.81.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152760355124.12572.4328281075629737814@ietfa.amsl.com>
Date: Tue, 29 May 2018 07:19:11 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/s9mtOhfuW1bfB3Jxt-pmJ7zfqCE>
Subject: [secdir] Secdir last call review of draft-ietf-sfc-hierarchical-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2018 14:19:12 -0000

Reviewer: Sean Turner
Review result: Ready

Hi! I’m no expert on SFC so I spent some time reviewing RFC7665 and Simon
Josefsson’s secdir review [0] as well as RFC 8300 and 8393.  It looks like all
the things I was going to pick on are addressed by the references.

I’ll let somebody else on the IESG debate whether Figure 4 is trying to be a
little different than the rest of this architectural document by specify some
protocols bits; informational still?

[0]
https://datatracker.ietf.org/doc/review-ietf-sfc-architecture-08-secdir-lc-josefsson-2015-05-28/


From nobody Tue May 29 09:09:43 2018
Return-Path: <stpeter@mozilla.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F09412EAF8 for <secdir@ietfa.amsl.com>; Tue, 29 May 2018 09:09:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mozilla.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbAa_ungmHwg for <secdir@ietfa.amsl.com>; Tue, 29 May 2018 09:09:28 -0700 (PDT)
Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFB3612EB21 for <secdir@ietf.org>; Tue, 29 May 2018 09:09:28 -0700 (PDT)
Received: by mail-it0-x22d.google.com with SMTP id 76-v6so3884122itx.4 for <secdir@ietf.org>; Tue, 29 May 2018 09:09:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google;  h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=5TZfb7B+ZOgUhCv5ukJZrvWgXvbsFDYkq1kWyGTKrk8=; b=FDz/YthaRTXjCdf5w65cMXh+uOVRT/RN4G7tQySqIoKCZwGuNHuEC6z48yVUHyBYu6 m9JvN3NXFbOrJDSdjDD2LoTNnfoxC+lvazAunT8dY7Mm7w6yxhm/HNWswjf4Vf6hoGRq HcYR5eXlEJYoOT/40WXWnyZM3LghZFGxOJsW8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=5TZfb7B+ZOgUhCv5ukJZrvWgXvbsFDYkq1kWyGTKrk8=; b=UOrh/BmD3yvB6oRrXm/jqqp8hRO1wvCF7m86n0rtQ5lMgh9O4SDWD7KgbSZBTopPrg 9eXZ2zxopK6Y0v3wCX+WOSSE4ohM0oP9/gOXjOtEGM0MqjCXldcWt2qEFo5c1nV6Zyw3 g3Qio4DAAYxlD4oUTawoztAphVhjtPa4xEHSeiWKvRB/WLDR0dvMXyckKsFGsiPw03/p 7tK1eP2VESaGEIH2alxHLsUOnUL4GReZfXadpLjLVp3wYIFxIIHd0sE6X1it6csvlgCA yvL7jtzqCd/Azd/j5GskLHBqj5FZo22m8im/hGvHJD4beWAFquqy24PCN7fttRnA0YMa vaCw==
X-Gm-Message-State: ALKqPwehODg0rrO9q6rT9zULts+py6DKfwRCEzllF5qLwpvnonzPJN4T NfAV64IjLpDAtAy+MQID3a3LtA==
X-Google-Smtp-Source: ADUXVKKUpMFyI8YwOBKfyhwGOdvqm57lP+Oi4n7CF+JqWVa2mOfaNuSbf7+tdIdKpOQo5LTWSzhF3g==
X-Received: by 2002:a24:5947:: with SMTP id p68-v6mr15074442itb.37.1527610168102;  Tue, 29 May 2018 09:09:28 -0700 (PDT)
Received: from dragon.local ([76.25.3.152]) by smtp.gmail.com with ESMTPSA id y14-v6sm16415249ioc.52.2018.05.29.09.09.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 29 May 2018 09:09:27 -0700 (PDT)
To: Vincent Roca <vincent.roca@inria.fr>, The IESG <iesg@ietf.org>, secdir@ietf.org, draft-hakala-urn-nbn-rfc3188bis.all@ietf.org
References: <623421A0-B3BE-43CA-87AD-9B0AA6EF14F4@inria.fr>
From: Peter Saint-Andre <stpeter@mozilla.com>
Openpgp: preference=signencrypt
Autocrypt: addr=stpeter@mozilla.com; prefer-encrypt=mutual; keydata= xsFNBFonEf4BEADvZ+RGsJoOyZaw2rKedB9pBb2nNXVGgymNS9+FAL/9SsfcrKaGYSiWEz7P Lvc97hWH3LACFAHvnzoktv+4IWHjItvhdi9kUQ3Gcbahe55OcdZuSXXH3w5cHF0rKz9aYRpN jENqXM5dA8x4zIymJraqYvHlFsuuPB8rcRIV9SKsvcy14w9iRqu770NjXfE/aIsyRwwmTPiU FQ0fOSDPA/x2DLjed/GYHem90C5vF4Er9InMqH5KAMLnjIYZ9DbPx5c5EME4zW/d648HOvPB bm+roZs4JTHBhjlrTtzDDpMcxHq1e8YPvSdDLPvgFXDcTD4+ztkdO5rvDkbc61QFcLlidU8H 3KBiOVMA/5Rgl4lcWZzGfJBnwvSrKVPsxzpuCYDg01Y/7TH4AuVkv5Na6jKymJegjxEuJUNw CBzAhxOb0H9dXROkvxnRdYS9f0slcNDBrq/9h9dIBOqLhoIvhu+Bhz6L/NP5VunQWsEleGaO 3gxGh9PP/LMyjweDjPz74+7pbyOW0b5VnIDFcvCTJKP0sBJjRU/uqmQ25ckozuYrml0kqVGp EfxhSKVqCFoAS4Q7ux99yT4re2X1kmlHh3xntzmOaRpcZsS8mJEnVyhJZBMOhqE280m80ZbS CYghd2K0EIuRbexd+lfdjZ+t8ROMMdW5L51CJVigF0anyYTcAwARAQABzSdQZXRlciBTYWlu dC1BbmRyZSA8c3RwZXRlckBtb3ppbGxhLmNvbT7CwZQEEwEIAD4WIQQ1VSPTuPTvyWCdvvRl YYwYf2gUqQUCWicR/gIbIwUJCWYBgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBlYYwY f2gUqdaREAChG8qU1853mP0sv2Mersns8TLG1ztgoKHvMXFlMUpNz6Oi6CjjaMNFhP7eUY4T D43+yQs7f4qCkOAPWuuqO8FbNWQ+yUoVkqF8NUrrVkZUlZ1VZBMQHNlaEwwu1CGoHsLoRohP SiZ0hpmGTWB3V6cDDK4KN6nl610WJbzE9LeKY1AxtePdJi2KM281U0Fz8ntij1jWu0gF2xU4 Sez46JDogHLWKgd0srauhcCVzZjAhiWrXp1+ryzSWYaZO8Kh8SnF1f4o6jtYikMqkxUaI5nX wvD3kNX4AMSkCAZfG7Jcfj/SLDojTcREgO87g7B9bcOOsHN4lj3lHoFV0aXpgPmjfIvAjJHu fHkXZAQAH8w0u9bgJqRn703+A4NPfLopnjegyhlNi7fQ3cMQV1H7Oj7WrB/pCcprx+1u/6Uq oTtDwWh1U5uVthVAI0QojpNWR08zABDX19TlGtVoeygaQV3CAEolxTiYQtCfVavUzUplCZ/t 3v4YiRov+NylflJd+1akyOs1IAgARf444BnoH1fotkpfXNOpp9wUXXwsQcFRdP7vpMkSCkc0 sxPNTVX3ei0QImp4NsrFdaep7LV3zEb3wkAp6KE5Qno4hVVEypULbvB0G6twNZbeRfcs2Rjp jnPb2fofvg2WhAKB20dnRfIfK8OKTD/P+JDcauJANjmekM7BTQRaJxH+ARAApPwkbOTChAQu jMvteb/xcwuL5JZElmLxIqvJhqybV7JknM+3ATyN0CTYQFvPTgIrhpk4zSn0A6pEePdK8mKK 5/aHyd7pr7rLEi1sI/X3UE8ld/E83MExksKrYbs0UX1wSQwYXU6g64KicnuP2Abqg+8wrQ18 1nPcZci9jJI75XVPnTdUpZD5aaQWGp7IJ06NTbiOk30I50ORfulgKoe4m3UfsMALFxIx3pJk oy76xC2tjxYGf+4Uq1M0iK3Wy655GrcwXq/5ieODNUcAZzvK5hsUVRodBq0Lq3g1ivQF4ba7 RQayDzlW6XgoeU49xnCr9XdZYnTnj4iaPmr2NtY6AacBwRz+bJsyugeSyGgHsnVGyUSMk8YN wZHvUykMjH21LLzIUX5NFlcumLUXDOECELCJwewui4W81sI5Sq/WDJet+iJwwylUX22TSulG VwDS+j66TLZpk1hEwPanGLwFBSosafqSNBMDVWegKWvZZVyoNHIaaQbrTIoAwuAGvdVncSQz ttC6KkaFlAtlZt3+eUFWlMUOQ9jxQKTWymyliWKrx+S6O1cr4hwVRbg7RQkpfA8E2Loa13oO vRSQy/M2YBRZzRecTKY6nslJo6FWTftpGO7cNcvbmQ6I++5cBG1B1eNy2RFGJUzGh1vlYo51 pdfSg0U1oPHBPCHNvPYCJ7UAEQEAAcLBfAQYAQgAJhYhBDVVI9O49O/JYJ2+9GVhjBh/aBSp BQJaJxH+AhsMBQkJZgGAAAoJEGVhjBh/aBSpAw0P/1tEcEaZUO1uLenNtqysi3mQ6qAHYALR Df3p2z/RBKRVx0DJlzDfDvJ2R/GRwoo+vyCviecuG2RNKmJbf1vSm/QTtbQMUjwut9mx6KCY CyKwniqdhaMBmjCfV2DB2MxxZLYMtDfx/2mY7vzAci7AkjC+RkSUByMEOkyscUydKC/ETdf9 tvI8GhTY/8Q7JSylS3lQA5pMUHiIf+KpSmqKZeBPkGc7nSKM1w1UKUvFAsyyVsiG6A/hWrTr 7tTQAl7YfjtOGE8n4IKGktvrT99bbh9wdWKZ5FdHUN9hx2Q8VP8+0lR1CH2laVFbEwCOv1vM W4cgQDLxwwpo1iOTdHBVtQDxlQ9hPMKVlB1KP9KjchxuiLc24wLmCjP3pDMml4LQxOYB34Eq cgPZ3uHvJZG309sb2wTMTWaXobWNI++ZrsRD5GTmuzF3kkx3krtrq6HI5NSaemxK6MTDTjDN Rj/OwTl0yU35eJXuuryB20GFOSUsxiw00I2hMGQ1Cy9L/+IW6Dvotd8O3LmKh2tFArzXaKLx /rZyGNurS/Go5YjHp8wdJOs7Ka2p1U31js24PMWO6hf6hIiY2WRUsnE6xZNhvBTgKOY6u0KT V6hTevFqEw7OAZDCWUoE2Ob2/oHGZCCMW5SLAMgp7eihF0kGf2S2CmpIFYXGb61hAD8SqSY7 Fn7V
X-Enigmail-Draft-Status: N11100
Message-ID: <19fae0b2-55b8-17cd-bb40-33581a936f08@mozilla.com>
Date: Tue, 29 May 2018 10:09:26 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <623421A0-B3BE-43CA-87AD-9B0AA6EF14F4@inria.fr>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/-CTU_0CCIFmR-IUtSwH4nrf74VA>
Subject: Re: [secdir] Secdir review of draft-hakala-urn-nbn-rfc3188bis-00
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2018 16:09:41 -0000

Hi Vincent, thanks for your review. I'm the document shepherd and the
author is on holiday right now, so I'll reply on a few points.

On 5/25/18 8:23 AM, Vincent Roca wrote:
> Hello,
> 
> I have reviewed this document as part of the security directorate’s ongoing
> effort to review all IETF documents being processed by the IESG. These
> comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments just
> like any other last call comments.
> 
> Summary: *Ready with nits*
> 
> 
> This document specifies the use of National Bibliography Numbers (NBN)s
> as a particular URN namespace.
> The authors explain that "no specific security threats have been
> identified for NBN-based URNs".
> The authors also explain that, since this document specifies high level
> concepts, several security aspects are out of scope.
> I tend to agree with the authors, although I don't know the domain.

Would you like to see a bit more explanatory text on these matters?

> Otherwise a few general comments:
> 
> ABNF compliance:
> 
> * Section 5: please check the ABNF compliance, for instance using Bill's
> ABNF Parser, https://tools.ietf.org/tools/bap/abnf.cgi
> I guess you mean:
>         nbn_string  = <specific per prefix>
> rather than:
>         nbn_string  = &lt;specific per prefix&gt;
> The checker also complains with rule names (Illegal character '_').

This has been noted and will be fixed in -01, see here:

https://www.ietf.org/mail-archive/web/urn/current/msg03891.html

> Typos:
> 
> * Introduction: remove "to" in "must to have a namespace of its own" (or
> do you mean "too"?).
> 
> * Introduction: rather than "ISSN (International Serial Standard
> Number)", it seems (wikipedia) that the acronym stands for
> "International Standard Serial Number".

Thanks for the review!

Peter


From nobody Tue May 29 10:32:37 2018
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6000712D885 for <secdir@ietfa.amsl.com>; Tue, 29 May 2018 10:32:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level: 
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zKrFN-MW9rhr for <secdir@ietfa.amsl.com>; Tue, 29 May 2018 10:32:34 -0700 (PDT)
Received: from mail-qt0-x22c.google.com (mail-qt0-x22c.google.com [IPv6:2607:f8b0:400d:c0d::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E52E126D73 for <secdir@ietf.org>; Tue, 29 May 2018 10:32:34 -0700 (PDT)
Received: by mail-qt0-x22c.google.com with SMTP id m5-v6so19691762qti.1 for <secdir@ietf.org>; Tue, 29 May 2018 10:32:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :mime-version:content-transfer-encoding; bh=v4weYQW0y/4foBhwGD2pC68ugrokNhTGderbwVFDq10=; b=cwziYF+ZgO6kCGcXp0AgHXA/xKlQM8XV7ONdDJOCG2mh+JsuP0NYyEuRLYMY5bIGO8 xjwQ6s0iqR9Jyo3i9rPmxKhW1YGSdtizcLhlQRv1hkDb7qe40yBJv3QF5A7U3lbKJ4aX 6uUcnf5zHnC/YgjrF7mRiWOTwNeUXxdVqVtSQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:mime-version:content-transfer-encoding; bh=v4weYQW0y/4foBhwGD2pC68ugrokNhTGderbwVFDq10=; b=gowCNzbC31rf8J4q2ZyhFdaA6HL8knYhWOjSy2fv6RRoK+xiYKdCy4XWIqTKQfV9N/ 9ALS9C2N0u812rROqoc8/J+ZHqtbW5BkdxhpxBTHw8EfUjvcWZfA49h1iR7+iIp0lsoI B9z1yP1zc4X1dbk5sgfXJUDZTQW9nz8Kx+j2edq+HxdBHvz94BPs3Q9rkeJk8TS1+Scn tJgIm7kUGYmnCSMwpPVX64hAi5Y28tvLa7P374oW6MSQo/DTKwBOUtKPo9uRsJNCE38C SzjAdp4c7o7tvvvTAXMPugODScHbnmp437hu8vBvrfUJ5h/yBhrNKU4asmbDndzwCAPJ nvhA==
X-Gm-Message-State: ALKqPwemGrSB4bnM99qtBkemy0Y7s390Yq/NH41evU7Fl6Mjj5S0wHs5 tWvQzCae3c9ESAeygY/piI95kQ==
X-Google-Smtp-Source: ADUXVKKIKwK/MKitz+lsIqkIMgQzxJ8yW7U3VyhXRVsnJeJ/uEEBF6nByIhQKV0HxNno5Rw9PhF1rQ==
X-Received: by 2002:ac8:2e1c:: with SMTP id r28-v6mr8814736qta.156.1527615153430;  Tue, 29 May 2018 10:32:33 -0700 (PDT)
Received: from [192.168.2.27] (pool-74-96-253-73.washdc.fios.verizon.net. [74.96.253.73]) by smtp.googlemail.com with ESMTPSA id s19-v6sm25057498qki.62.2018.05.29.10.32.30 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 29 May 2018 10:32:32 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Tue, 29 May 2018 13:32:25 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: <draft-ietf-httpbis-h2-websockets.all@ietf.org>
CC: <secdir@ietf.org>, <iesg@ietf.org>
Message-ID: <D73306E9.B8C32%carl@redhoundsoftware.com>
Thread-Topic: secdir review of draft-ietf-httpbis-h2-websockets
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/-Nn0a6CYWizwOryi9ZWm2Oor2BE>
Subject: [secdir] secdir review of draft-ietf-httpbis-h2-websockets
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2018 17:32:37 -0000

I have reviewed this document as part of the security directorate=E2=80=99s
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments
just like any other last call comments.

This document defines a mechanism for running the WebSocket Protocol (RFC
6455 ) over a single stream of an HTTP/2 connection. The mechanism takes
the form of a new SETTINGS parameter and a new pseudo-header. The document
is well-written and I see no issues with it other than some friction with
this statement in section 8.1.2.1 of RFC7540:

	"Endpoints MUST NOT generate pseudo-header fields other than those
defined in this document."

The draft-ietf-httpbis-h2-websockets defines a new pseudo-header field in
section 4. Section 3 addresses extending HTTP/2 via a reference to section
5.5 of RFC7540, but there was nothing in that section to relax the
prohibition on using pseudo-header fields not defined by 7540. Is a mod to
7540 necessary to enable support for the mechanism in
draft-ietf-httpbis-h2-websockets?


One minor nit, section 3 states "a sender MUST NOT send a
SETTINGS_ENABLE_CONNECT_PROTOCOL parameter with the value of 0 after
previously sending a value of 1". This reads as though one could never
turn off web socket support once enabled.=20



From nobody Tue May 29 10:49:46 2018
Return-Path: <pmcmanus@mozilla.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6095712D87B; Tue, 29 May 2018 10:49:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level: 
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YkW5vabRX0Bd; Tue, 29 May 2018 10:49:41 -0700 (PDT)
Received: from linode64.ducksong.com (www.ducksong.com [192.155.95.102]) by ietfa.amsl.com (Postfix) with ESMTP id CC28512E9DC; Tue, 29 May 2018 10:49:40 -0700 (PDT)
Received: from mail-oi0-f48.google.com (mail-oi0-f48.google.com [209.85.218.48]) by linode64.ducksong.com (Postfix) with ESMTPSA id 2AC6E3A03C; Tue, 29 May 2018 13:49:40 -0400 (EDT)
Received: by mail-oi0-f48.google.com with SMTP id l1-v6so13851985oii.1; Tue, 29 May 2018 10:49:40 -0700 (PDT)
X-Gm-Message-State: ALKqPwcQTR8NoaVGyPRcnC7m3RE6TK2M6+nm4SWoddWkk0R0vDmSTKib KL3rfHG6cYl5RdlVpffqMXy8g6M2E1dDwbujV9k=
X-Google-Smtp-Source: ADUXVKLWeuQqHI3TiGPVBv6LyHIIM6uNMQcjwtA0JRJGQoVKShDoePPgYNwB401wVZLw6uP69CH29fjIPwTA3CBDAqs=
X-Received: by 2002:aca:1a06:: with SMTP id a6-v6mr97531oia.213.1527616179783;  Tue, 29 May 2018 10:49:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4a:8a24:0:0:0:0:0 with HTTP; Tue, 29 May 2018 10:49:39 -0700 (PDT)
In-Reply-To: <D73306E9.B8C32%carl@redhoundsoftware.com>
References: <D73306E9.B8C32%carl@redhoundsoftware.com>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Tue, 29 May 2018 13:49:39 -0400
X-Gmail-Original-Message-ID: <CAOdDvNpiYqG4zpMQgiB2MXjHbL0CTuP9NgXh3AVTkFxeFTCK6Q@mail.gmail.com>
Message-ID: <CAOdDvNpiYqG4zpMQgiB2MXjHbL0CTuP9NgXh3AVTkFxeFTCK6Q@mail.gmail.com>
To: Carl Wallace <carl@redhoundsoftware.com>
Cc: draft-ietf-httpbis-h2-websockets.all@ietf.org, secdir@ietf.org,  The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bfdb41056d5bdbd5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/FqtOAt2FaZ1vNUns8ji5iFfxtcQ>
Subject: Re: [secdir] secdir review of draft-ietf-httpbis-h2-websockets
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2018 17:49:45 -0000

--000000000000bfdb41056d5bdbd5
Content-Type: text/plain; charset="UTF-8"

Hey Carl, thanks for doing this

On Tue, May 29, 2018 at 1:32 PM, Carl Wallace <carl@redhoundsoftware.com>
wrote:

>
> The draft-ietf-httpbis-h2-websockets defines a new pseudo-header field in
> section 4. Section 3 addresses extending HTTP/2 via a reference to section
> 5.5 of RFC7540, but there was nothing in that section to relax the
> prohibition on using pseudo-header fields not defined by 7540. Is a mod to
> 7540 necessary to enable support for the mechanism in
> draft-ietf-httpbis-h2-websockets?
>
>
imo no update to 7540 is needed. the wg also considered the question and
had the same conclusion. I will highlight the reasoning:

5.5 <https://tools.ietf.org/html/rfc7540#section-5.5>.  Extending HTTP/2

   HTTP/2 permits extension of the protocol.  Within the limitations
   described in this section, protocol extensions can be used to provide
   additional services or alter any aspect of the protocol.  Extensions
   are effective only within the scope of a single HTTP/2 connection.

note "alter any aspect of this protocol"

[..]

   Extensions that could change the semantics of existing protocol
   components MUST be negotiated before being used.

This is one of the limitations mentioned above.. so the websockets
extension needs to be negotiated (and it is).

[..] For example, an extension that changes the layout of the HEADERS frame
cannot be used until the peer has given a positive signal that this is
acceptable.
 In this case, it could also be necessary to coordinate when the revised
layout comes into effect. Note that treating any frames other than DATA
frames as flow controlled is such a change in semantics and can only be
done through negotiation.

These two examples are also powerful citations that negotiated extensions
can change the interpretation of basic pieces of 7540 such as existing
frame layouts and even flow control rules (both of which have MUSTs
associated with them).

The whole section is a little bit confusing because it also enumerates a
few extension points that the websockets draft is not using. But those are
specifically enumerated because they can be used without negotiated opt-in
and implementations not aware of the extensions need to take care to keep
them clean and available for extending (so there are requirements even if
you're not implementing the extension). As the example paragraph shows,
extensions are not solely limited to that model.

Cheers
-Patrick

--000000000000bfdb41056d5bdbd5
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hey Carl, thanks for doing this<br><div><div class=3D"gmai=
l_extra"><br><div class=3D"gmail_quote">On Tue, May 29, 2018 at 1:32 PM, Ca=
rl Wallace <span dir=3D"ltr">&lt;<a href=3D"mailto:carl@redhoundsoftware.co=
m" target=3D"_blank">carl@redhoundsoftware.com</a>&gt;</span> wrote:<br><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #=
ccc solid;padding-left:1ex">
<br>
The draft-ietf-httpbis-h2-<wbr>websockets defines a new pseudo-header field=
 in<br>
section 4. Section 3 addresses extending HTTP/2 via a reference to section<=
br>
5.5 of RFC7540, but there was nothing in that section to relax the<br>
prohibition on using pseudo-header fields not defined by 7540. Is a mod to<=
br>
7540 necessary to enable support for the mechanism in<br>
draft-ietf-httpbis-h2-<wbr>websockets?<br>
<br></blockquote><div><br></div><div>imo no update to 7540 is needed. the w=
g also considered the question and had the same conclusion. I will highligh=
t the reasoning:<br></div><div><br></div><div><pre class=3D"gmail-newpage">=
<span class=3D"gmail-h3"><h3><a class=3D"gmail-selflink" name=3D"section-5.=
5" href=3D"https://tools.ietf.org/html/rfc7540#section-5.5">5.5</a>.  Exten=
ding HTTP/2</h3></span>

   HTTP/2 permits extension of the protocol.  Within the limitations
   described in this section, protocol extensions can be used to provide
   additional services or alter any aspect of the protocol.  Extensions
   are effective only within the scope of a single HTTP/2 connection.<br><b=
r></pre><pre class=3D"gmail-newpage"><span style=3D"font-family:arial,helve=
tica,sans-serif">note &quot;alter any aspect of this protocol&quot;</span><=
br></pre><pre class=3D"gmail-newpage">[..]

   Extensions that could change the semantics of existing protocol
   components MUST be negotiated before being used. <br><pre class=3D"gmail=
-newpage"><span style=3D"font-family:arial,helvetica,sans-serif">This is on=
e of the limitations mentioned above.. so the websockets extension needs to=
 be negotiated (and it is).</span></pre>[..] For example, an
   extension that changes the layout of the HEADERS frame cannot be used
   until the peer has given a positive signal that this is acceptable.<br>=
=C2=A0In this case, it could also be necessary to coordinate when the
   revised layout comes into effect.  Note that treating any frames
   other than DATA frames as flow controlled is such a change in
   semantics and can only be done through negotiation.</pre>These two examp=
les are also powerful citations that negotiated extensions can change the i=
nterpretation of basic pieces of 7540 such as existing frame layouts and ev=
en flow control rules (both of which have MUSTs associated with them).</div=
><div><br></div><div>The whole section is a little bit confusing because it=
 also enumerates a few extension points that the websockets draft is not us=
ing. But those are specifically enumerated because they can be used without=
 negotiated opt-in and implementations not aware of the extensions need to =
take care to keep them clean and available for extending (so there are requ=
irements even if you&#39;re not implementing the extension). As the example=
 paragraph shows, extensions are not solely limited to that model.</div><di=
v><br></div><div>Cheers</div><div>-Patrick</div><div><br></div><div><br></d=
iv></div><br></div></div></div>

--000000000000bfdb41056d5bdbd5--


From nobody Tue May 29 10:50:14 2018
Return-Path: <david.waltermire@nist.gov>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4280A12EAEC; Tue, 29 May 2018 10:50:12 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: David Waltermire <david.waltermire@nist.gov>
To: <secdir@ietf.org>
Cc: extra@ietf.org, ietf@ietf.org, draft-ietf-extra-imap-unauth.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.81.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152761621220.30011.11575332790456344157@ietfa.amsl.com>
Date: Tue, 29 May 2018 10:50:12 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/t5w7I_P-Gxoux9jzV9Tv2c1SXTU>
Subject: [secdir] Secdir last call review of draft-ietf-extra-imap-unauth-00
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2018 17:50:12 -0000

Reviewer: David Waltermire
Review result: Has Nits

This standards track draft adds a new state transition to IMAP allowing the
current authentication context to be reset to an non-authenticated state using
the UNAUTHENTICATE command. This allows a client to issue the IMAP AUTHENTICATE
command with administrative credentials to act on behalf of other users,
without having to create a new connection for each user, providing for greater
efficiency.

This draft appears to be ready for publication, with some relatively minor nits
to improve readability.

Section 4.1: The requirements in this list go beyond the stated requirement to
reset connection state. Some text should be added to make it clear that the
list defines additional behavior to be followed.

Something like the following could be used to address this:

s/This lists some IMAP extensions that have connection state that/The
connection state for the following list of IMAP extensions/

Append to the end of the paragraph "Additional requirements apply to specific
extensions as follows:".


From nobody Tue May 29 12:37:20 2018
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E9BD12E8A9 for <secdir@ietfa.amsl.com>; Tue, 29 May 2018 12:37:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level: 
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RscGyubtkqXF for <secdir@ietfa.amsl.com>; Tue, 29 May 2018 12:37:09 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DDDD12E8C3 for <secdir@ietf.org>; Tue, 29 May 2018 12:37:08 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id g14-v6so191201qkm.6 for <secdir@ietf.org>; Tue, 29 May 2018 12:37:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version; bh=NZLNgfgkgaEM5GgYUpMc1SS9UHiMt8bS6qEh4RyjUA8=; b=KBwFvDHrtytjnCpz2GEhoC1jua2n85Z+ORX33RPLs22PXqBOaq1BWp7SJqVK7w6oq2 ncuB/hwVrq9WG/Q80pTxnJFc7GSPG2Te+na+f3PDP3jTZDppxioAWcEPdf0gI9T8zHyg 0p8k6cjRDH/f8LgfPmsv4A0/oTBdGLSxJtnPA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version; bh=NZLNgfgkgaEM5GgYUpMc1SS9UHiMt8bS6qEh4RyjUA8=; b=GNi0LjyLV+dqRyYMxdYkH6c5svKZZndACozicEgQqcpu+IPjFe60iJ8+eOmf7yl2EW 3t41SP4oqrNAnwRZ0+PxEpOXAyJh/BjxYZYrSoxyKeD7vSDVVnGi9Hk1sxC2uL2xYbnq Fc2BcKNbroq0CNLqxmPGxDE8hNmTyr98+4c6+Cu1ADMT7msSSag1leXeYMWQ3eNMkegU 8tiuyZEXgsDIWnAmNfaaZbdbX9M4UqTZ5+YqfL+D3ttP/0hEh91ZCYzG0zt53wbSh4p9 i38DO7E4RC2JMsDkJk64TiTCX7IxW8zGXcIXi4TTuWMZteKPn+W6SGStAocCFcPuLJAN iOoA==
X-Gm-Message-State: ALKqPwfEhNRnTUFOkzb2/rfAn7MIzrf3jILhQSGMw2QJ4awcd7nEBcIM ZcjiZ9OIFj9Ir0D/yFiEkJUaNw==
X-Google-Smtp-Source: ADUXVKLtPnPDIScSiqzhBUn2z3+YIEbfb899Jm4lTqw6JZJFpsjL6HBhKK9MTZwYLu7oGnlogmdMyg==
X-Received: by 2002:a37:d7c1:: with SMTP id t62-v6mr15680453qkt.123.1527622627745;  Tue, 29 May 2018 12:37:07 -0700 (PDT)
Received: from [192.168.2.27] (pool-74-96-253-73.washdc.fios.verizon.net. [74.96.253.73]) by smtp.googlemail.com with ESMTPSA id l5-v6sm23681821qtp.25.2018.05.29.12.37.04 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 29 May 2018 12:37:07 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Tue, 29 May 2018 15:37:02 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Patrick McManus <pmcmanus@mozilla.com>
CC: <draft-ietf-httpbis-h2-websockets.all@ietf.org>, <secdir@ietf.org>, The IESG <iesg@ietf.org>
Message-ID: <D7332279.B8CA6%carl@redhoundsoftware.com>
Thread-Topic: secdir review of draft-ietf-httpbis-h2-websockets
References: <D73306E9.B8C32%carl@redhoundsoftware.com> <CAOdDvNpiYqG4zpMQgiB2MXjHbL0CTuP9NgXh3AVTkFxeFTCK6Q@mail.gmail.com>
In-Reply-To: <CAOdDvNpiYqG4zpMQgiB2MXjHbL0CTuP9NgXh3AVTkFxeFTCK6Q@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3610453025_11300491"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/8nnbllfuoK0MwXCuCX47UFzZWLA>
Subject: Re: [secdir] secdir review of draft-ietf-httpbis-h2-websockets
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2018 19:37:13 -0000

> This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--B_3610453025_11300491
Content-type: text/plain;
	charset="UTF-8"
Content-transfer-encoding: 7bit

Your reasoning makes sense but it requires an awfully careful reading to
counter the clarity of the prohibition on new pseudo-headers. Maybe an
errata could be filed against 7540 to clarify the "alter any aspect of this
protocol" where the prohibition  is asserted for the benefit of future
readers. For example, something like "Endpoints MUST NOT generate
pseudo-header fields other than those defined in this document, except where
support for additional pseudo-headers is negotiated as permitted in section
5.5" would help.

From:  Patrick McManus <pmcmanus@mozilla.com>
Date:  Tuesday, May 29, 2018 at 1:49 PM
To:  Carl Wallace <carl@redhoundsoftware.com>
Cc:  <draft-ietf-httpbis-h2-websockets.all@ietf.org>, <secdir@ietf.org>, The
IESG <iesg@ietf.org>
Subject:  Re: secdir review of draft-ietf-httpbis-h2-websockets

> Hey Carl, thanks for doing this
> 
> On Tue, May 29, 2018 at 1:32 PM, Carl Wallace <carl@redhoundsoftware.com>
> wrote:
>> 
>> The draft-ietf-httpbis-h2-websockets defines a new pseudo-header field in
>> section 4. Section 3 addresses extending HTTP/2 via a reference to section
>> 5.5 of RFC7540, but there was nothing in that section to relax the
>> prohibition on using pseudo-header fields not defined by 7540. Is a mod to
>> 7540 necessary to enable support for the mechanism in
>> draft-ietf-httpbis-h2-websockets?
>> 
> 
> imo no update to 7540 is needed. the wg also considered the question and had
> the same conclusion. I will highlight the reasoning:
> 
> 5.5 <https://tools.ietf.org/html/rfc7540#section-5.5> .  Extending HTTP/2
> 
> 
>    HTTP/2 permits extension of the protocol.  Within the limitations
>    described in this section, protocol extensions can be used to provide
>    additional services or alter any aspect of the protocol.  Extensions
>    are effective only within the scope of a single HTTP/2 connection.
> 
> note "alter any aspect of this protocol"
> [..]
> 
>    Extensions that could change the semantics of existing protocol
>    components MUST be negotiated before being used.
> This is one of the limitations mentioned above.. so the websockets extension
> needs to be negotiated (and it is).
> [..] For example, an
>    extension that changes the layout of the HEADERS frame cannot be used
>    until the peer has given a positive signal that this is acceptable.
>  In this case, it could also be necessary to coordinate when the
>    revised layout comes into effect.  Note that treating any frames
>    other than DATA frames as flow controlled is such a change in
>    semantics and can only be done through negotiation.
> These two examples are also powerful citations that negotiated extensions can
> change the interpretation of basic pieces of 7540 such as existing frame
> layouts and even flow control rules (both of which have MUSTs associated with
> them).
> 
> The whole section is a little bit confusing because it also enumerates a few
> extension points that the websockets draft is not using. But those are
> specifically enumerated because they can be used without negotiated opt-in and
> implementations not aware of the extensions need to take care to keep them
> clean and available for extending (so there are requirements even if you're
> not implementing the extension). As the example paragraph shows, extensions
> are not solely limited to that model.
> 
> Cheers
> -Patrick
> 
> 
> 



--B_3610453025_11300491
Content-type: text/html;
	charset="UTF-8"
Content-transfer-encoding: quoted-printable

<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: s=
pace; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size:=
 14px; font-family: Calibri, sans-serif;"><div>Your reasoning makes sense bu=
t it requires an awfully careful reading to counter the clarity of the prohi=
bition on new pseudo-headers. Maybe an errata could be filed against 7540 to=
 clarify the "alter any aspect of this protocol" where the prohibition &nbsp=
;is asserted for the benefit of future readers. For example, something like =
"Endpoints MUST NOT generate pseudo-header fields other than those defined i=
n this document, except where support for additional pseudo-headers is negot=
iated as permitted in section 5.5" would help.</div><div><br></div><span id=3D=
"OLK_SRC_BODY_SECTION"><div style=3D"font-family:Calibri; font-size:11pt; text=
-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium no=
ne; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: =
#b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style=3D=
"font-weight:bold">From: </span> Patrick McManus &lt;<a href=3D"mailto:pmcmanu=
s@mozilla.com">pmcmanus@mozilla.com</a>&gt;<br><span style=3D"font-weight:bold=
">Date: </span> Tuesday, May 29, 2018 at 1:49 PM<br><span style=3D"font-weight=
:bold">To: </span> Carl Wallace &lt;<a href=3D"mailto:carl@redhoundsoftware.co=
m">carl@redhoundsoftware.com</a>&gt;<br><span style=3D"font-weight:bold">Cc: <=
/span> &lt;<a href=3D"mailto:draft-ietf-httpbis-h2-websockets.all@ietf.org">dr=
aft-ietf-httpbis-h2-websockets.all@ietf.org</a>&gt;, &lt;<a href=3D"mailto:sec=
dir@ietf.org">secdir@ietf.org</a>&gt;, The IESG &lt;<a href=3D"mailto:iesg@iet=
f.org">iesg@ietf.org</a>&gt;<br><span style=3D"font-weight:bold">Subject: </sp=
an> Re: secdir review of draft-ietf-httpbis-h2-websockets<br></div><div><br>=
</div><blockquote id=3D"MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style=3D"BORDER-LEFT=
: #b5c4df 5 solid; PADDING:0 0 0 5; MARGIN:0 0 0 5;"><div dir=3D"ltr">Hey Carl=
, thanks for doing this<br><div><div class=3D"gmail_extra"><br><div class=3D"gma=
il_quote">On Tue, May 29, 2018 at 1:32 PM, Carl Wallace <span dir=3D"ltr">&lt;=
<a href=3D"mailto:carl@redhoundsoftware.com" target=3D"_blank">carl@redhoundsoft=
ware.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"mar=
gin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
The draft-ietf-httpbis-h2-<wbr>websockets defines a new pseudo-header field=
 in<br>
section 4. Section 3 addresses extending HTTP/2 via a reference to section<=
br>
5.5 of RFC7540, but there was nothing in that section to relax the<br>
prohibition on using pseudo-header fields not defined by 7540. Is a mod to<=
br>
7540 necessary to enable support for the mechanism in<br>
draft-ietf-httpbis-h2-<wbr>websockets?<br><br></blockquote><div><br></div><=
div>imo no update to 7540 is needed. the wg also considered the question and=
 had the same conclusion. I will highlight the reasoning:<br></div><div><br>=
</div><div><pre class=3D"gmail-newpage"><span class=3D"gmail-h3"><h3><a class=3D"g=
mail-selflink" name=3D"section-5.5" href=3D"https://tools.ietf.org/html/rfc7540#=
section-5.5">5.5</a>.  Extending HTTP/2</h3></span>

   HTTP/2 permits extension of the protocol.  Within the limitations
   described in this section, protocol extensions can be used to provide
   additional services or alter any aspect of the protocol.  Extensions
   are effective only within the scope of a single HTTP/2 connection.<br><b=
r></pre><pre class=3D"gmail-newpage"><span style=3D"font-family:arial,helvetica,=
sans-serif">note "alter any aspect of this protocol"</span><br></pre><pre cl=
ass=3D"gmail-newpage">[..]

   Extensions that could change the semantics of existing protocol
   components MUST be negotiated before being used. <br><pre class=3D"gmail-n=
ewpage"><span style=3D"font-family:arial,helvetica,sans-serif">This is one of =
the limitations mentioned above.. so the websockets extension needs to be ne=
gotiated (and it is).</span></pre>[..] For example, an
   extension that changes the layout of the HEADERS frame cannot be used
   until the peer has given a positive signal that this is acceptable.<br>&=
nbsp;In this case, it could also be necessary to coordinate when the
   revised layout comes into effect.  Note that treating any frames
   other than DATA frames as flow controlled is such a change in
   semantics and can only be done through negotiation.</pre>These two examp=
les are also powerful citations that negotiated extensions can change the in=
terpretation of basic pieces of 7540 such as existing frame layouts and even=
 flow control rules (both of which have MUSTs associated with them).</div><d=
iv><br></div><div>The whole section is a little bit confusing because it als=
o enumerates a few extension points that the websockets draft is not using. =
But those are specifically enumerated because they can be used without negot=
iated opt-in and implementations not aware of the extensions need to take ca=
re to keep them clean and available for extending (so there are requirements=
 even if you're not implementing the extension). As the example paragraph sh=
ows, extensions are not solely limited to that model.</div><div><br></div><d=
iv>Cheers</div><div>-Patrick</div><div><br></div><div><br></div></div><br></=
div></div></div></blockquote></span></body></html>

--B_3610453025_11300491--



From nobody Wed May 30 08:56:31 2018
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 228FC1250B8; Wed, 30 May 2018 08:53:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1527695626; bh=iPzikdozaEfgoqn34Xwf+u4iaGPZPQnPVbyT/5lS/xs=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=CAZmVuL2X1w1obXLtFnKUfw16Dl6HF4C0AGD7WFp0eXP15gClTR3wOyyLAjeKi7d0 mBwEqZus6St1n1IugCWJwBYRM4KTQ7KuIIwD4f4yETvZTBKf2OPcDx6ARpt6AupY+V vl5BKELi08gWeseIaR0NFv0OJT2B/HHzwe4usMjI=
X-Mailbox-Line: From new-work-bounces@ietf.org  Wed May 30 08:53:41 2018
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D0D612E9D9; Wed, 30 May 2018 08:53:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1527695593; bh=iPzikdozaEfgoqn34Xwf+u4iaGPZPQnPVbyT/5lS/xs=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=a1f4yeKr13bW0OzqzQA1r5kM1ZG2pC+QBAJSr/oyG0nCgy8Vub9z58ox7HFZRaEX+ uVfaHM5EtE3eNtsrcw9kD6lBydfPaOXYFekdRBHOBDRwvNB0KQKNjWsSP9JQczs3xL PVKJzx8Qj7YHijPgxH+BYXRggrbQgnn2qFqkq81I=
X-Original-To: new-work@ietf.org
Delivered-To: new-work@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1026212D775 for <new-work@ietf.org>; Wed, 30 May 2018 08:53:05 -0700 (PDT)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: <new-work@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.81.1
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Reply_to: <iesg@ietf.org>
Message-ID: <152769558505.27675.6470390159766637784.idtracker@ietfa.amsl.com>
Date: Wed, 30 May 2018 08:53:05 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/new-work/Bhu-_bujwW4EL8ddDvGzx-rfsWU>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.22
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: new-work-bounces@ietf.org
Sender: "new-work" <new-work-bounces@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/qiu5RMjahpELVR4YOAjd83WrwXA>
X-Mailman-Approved-At: Wed, 30 May 2018 08:56:29 -0700
Subject: [secdir] [new-work] WG Review: Limited Additional Mechanisms for PKIX and SMIME (lamps)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2018 15:53:57 -0000

The Limited Additional Mechanisms for PKIX and SMIME (lamps) WG in the
Security Area of the IETF is undergoing rechartering. The IESG has not made
any determination yet. The following draft charter was submitted, and is
provided for informational purposes only. Please send your comments to the
IESG mailing list (iesg@ietf.org) by 2018-06-06.

Limited Additional Mechanisms for PKIX and SMIME (lamps)
-----------------------------------------------------------------------
Current status: Active WG

Chairs:
  Russ Housley <housley@vigilsec.com>
  Timothy Hollebeek <tim.hollebeek@digicert.com>

Assigned Area Director:
  Eric Rescorla <ekr@rtfm.com>

Security Area Directors:
  Eric Rescorla <ekr@rtfm.com>
  Benjamin Kaduk <kaduk@mit.edu>

Mailing list:
  Address: spasm@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/spasm
  Archive: https://mailarchive.ietf.org/arch/browse/spasm/

Group page: https://datatracker.ietf.org/group/lamps/

Charter: https://datatracker.ietf.org/doc/charter-ietf-lamps/

The PKIX and S/MIME Working Groups have been closed for some time. Some
updates have been proposed to the X.509 certificate documents produced
by the PKIX Working Group and the electronic mail security documents
produced by the S/MIME Working Group.

The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working
Group is chartered to make updates where there is a known constituency
interested in real deployment and there is at least one sufficiently
well specified approach to the update so that the working group can
sensibly evaluate whether to adopt a proposal.

The LAMPS WG is now tackling these topics:

1. Specify a discovery mechanism for CAA records to replace the one
described in RFC 6844.  Implementation experience has demonstrated an
ambiguity in the handling of CNAME and DNAME records during discovery
in RFC 6844, and subsequent discussion has suggested that a different
discovery approach would resolve limitations inherent in that approach.

2. Specify the use of SHAKE128/256 and SHAKE256/512 for PKIX and S/MIME.
Unlike the previous hashing standards, the SHA-3 family of functions are
the outcome of an open competition.  They have a clear design rationale
and have received a lot of public analysis, giving great confidence that
the SHA-3 family of functions are secure.  Also, since SHA-3 uses a very
different construction from SHA-2, the SHA-3 family of functions offers
an excellent alternative.  In particular, SHAKE128/256 and SHAKE256/512
offer security and performance benefits.

3. Specify the use of short-lived X.509 certificates for which no
revocation information is made available by the Certification Authority.
Short-lived certificates have a lifespan that is shorter than the time
needed to detect, report, and distribute revocation information, as a
result revoking them pointless.

4. Specify the use of a pre-shared key (PSK) along with other key
management techniques with supported by the Cryptographic Message
Syntax (CMS) as a near-term mechanism to protect present day
communication from the future invention of a large-scale quantum
computer.  The invention of a such a quantum computer would pose a
serious challenge for the key management algorithms that are widely
deployed, especially the key transport and key agreement algorithms
used today with the CMS to protect S/MIME messages.

5. Specify the use of hash-based signatures with the Cryptographic
Message Syntax (CMS).  A hash-based signature uses small private and
public keys, and it has low computational cost; however, the signature
values are quite large.  For this reason they might not be used for
signing X.509 certificates or S/MIME messages, but they are secure
even if a large-scale quantum computer is invented.  These properties
make hash-based signatures useful in some environments, such a the
distribution of software updates.

6. Specifies a certificate extension that is carried in a self-signed
certificate for a trust anchor, which is often called a Root
Certification Authority (CA) certificate, to identify the next
public key that will be used by the trust anchor.

In addition, the LAMPS WG may investigate other updates to documents
produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not adopt
any of these potential work items without rechartering.

Milestones:

  Jun 2018 - Adopt a draft for short-lived certificate conventions

  Jun 2018 - Adopt a draft for the CMS with PSK

  Jun 2018 - Adopt a draft for hash-based signatures with the CMS

  Jun 2018 - Adopt a draft for root key rollover certificate extension

  Jul 2018 - rfc6844bis sent to IESG for standards track publication

  Aug 2018 - Root key rollover certificate extension sent to IESG for
  informational publication

  Sep 2018 - SHAKE128/256 and SHAKE256/512 for PKIX sent to IESG for 
  standards track publication

  Sep 2018 - SHAKE128/256 and SHAKE256/512 for S/MIME sent to IESG for 
  standards track publication

  Oct 2018 - Short-lived certificate conventions sent to IESG for BCP
  publication

  Oct 2018 - The CMS with PSK sent to IESG for standards track publication

  Dec 2018 - Hash-based signatures with the CMS sent to IESG for standards
  track publication


_______________________________________________
new-work mailing list
new-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work


From nobody Wed May 30 11:45:18 2018
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FE0F12EA52; Wed, 30 May 2018 11:45:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level: 
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_FAIL=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m0K5rBrijT0m; Wed, 30 May 2018 11:45:13 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 4FDA012E8D6; Wed, 30 May 2018 11:45:13 -0700 (PDT)
Received: from thinny.local (69-12-173-8.static.dsltransport.net [69.12.173.8]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by colo.trepanning.net (Postfix) with ESMTPSA id 75E8FA888020; Wed, 30 May 2018 11:45:12 -0700 (PDT)
To: secdir@ietf.org, "iesg@ietf.org" <iesg@ietf.org>
Cc: draft-ietf-dtn-bpsec.all@ietf.org
From: Dan Harkins <dharkins@lounge.org>
Message-ID: <3e8f4b68-f4af-00e8-293b-e2adbc3f1798@lounge.org>
Date: Wed, 30 May 2018 11:45:10 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------0AEA476AFDA53DBF7C4335C2"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/HVdtxXzoZdIPQfukRyIs0-rBzeQ>
Subject: [secdir] secdir review of draft-ietf-dtn-bpsec-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2018 18:45:16 -0000

This is a multi-part message in MIME format.
--------------0AEA476AFDA53DBF7C4335C2
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

   Hello,

   I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

   The summary of my review is: Almost-Ready.

   This draft describes a protocol called BPSec which "provides
end-to-end integrity and confidentiality services for BP bundles."
But it doesn't really define a security protocol because it leaves
key establishment and the actual ciphers used to afford end-to-end
protection to bundles to different documents. So it's sort of like
EAP in that respect.

  1. Issues with encryption and integrity protection

   There are 2 different blocks defined, a Block Integrity Block (BIB)
that provides integrity protection and a Block Confidentiality Block
(BCB) that encrypts the block. Apparently, the BCB does not also
provide integrity protection of its ciphertext since the draft says
that, while multiple security operations on the same block are invalid,
doing integrity protection and confidentiality on the same block is
valid. This opens up some insecure options that don't need to be allowed,
like integrity protect then encrypt, or integrity protect and encrypt.
I think it would be a good idea to mandate that whatever ciphersuite
is used for a BCB (again, the draft does not specify ciphersuites) that
it provides authenticated encryption. Then update the uniqueness
requirement in section 3.2.

   The example in figure 3 does authenticate-then-encrypt which is
not robust. This needs to change.

   The processing order in 5.1 states "BCBs MUST be evaluated first
and BIBs second." This is wrong, it's mandating a fragile construct
whose security depends on the cipher mode and that is dangerous.
Strongly suggest changing this and using and AEAD cipher.

   Also in 5.1: "If an encrypted payload block cannot be decrypted...."
How would you know? As long as it's the right size it will decrypt
into something. That something might be garbage but decryption was
successful. This is another reason to mandate AEAD. If it fails, it
fails hard, no two step required.

   My suggestion to use an AEAD cipher seems to conflict somewhat with the
fragmentation/reassembly text which says that application of a
confidentiality cipher suite MUST NOT alter the size of the payload.
That is going to have to be reconciled somehow. This document should
not allow anything other than encrypt-then-authenticate (and it should
do so by mandating AEAD ciphers) and if that requires some rewrite of
the fragmentation/reassembly text then so be it.

  II. Issues with RFC 2119 words

   I hate to be a stickler on stuff like this but...

   Section 2.2 which begins, "A bundle MAY have multiple security blocks
and these blocks MAY have different security sources." Now, to me, MAY
means it's optional and that if I don't implement it I can still stay
compliant. But that's not how I'm reading this. What I'm reading
is an admonition to not assume uniformity in bundles, which seems
like an important statement that is the opposite of the literal MAY
text. It's really you MUST NOT assume that a bundle has uniform
security.

   Section 3.3: "A set of security operations may be represented by a
single security block if and only if the following conditions are true...."
That sounds kind of normative.  Do the authors mean "A set of security
operations SHALL be represented by a single security block...."?

   Regarding the optional "Security Source" in the Abstract Security Block
in section 3.6: "If the security source field is not present then the
ource MAY be inferred from other information...." And that means I can
choose to not implement this optional inference. In which case, what do
I do? I think some instruction to implementers is needed but I'm
not sure what it is.

   Basically, I think the whole document should be searched for "may" (case
insensitively) and each instance looked at closely.

   III. Security Considerations

   The security considerations are thorough and well done although the
first three paragraphs in section 8 seem to boil down to the fact that
the DTN is assumed to be completely under the control of an attacker. I
think that's all that needs to be said there.

   regards,

   Dan.









--------------0AEA476AFDA53DBF7C4335C2
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <pre class="wiki">
  Hello,

  I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

  The summary of my review is: Almost-Ready.

  This draft describes a protocol called BPSec which "provides
end-to-end integrity and confidentiality services for BP bundles."
But it doesn't really define a security protocol because it leaves
key establishment and the actual ciphers used to afford end-to-end
protection to bundles to different documents. So it's sort of like
EAP in that respect.

 1. Issues with encryption and integrity protection

  There are 2 different blocks defined, a Block Integrity Block (BIB)
that provides integrity protection and a Block Confidentiality Block
(BCB) that encrypts the block. Apparently, the BCB does not also
provide integrity protection of its ciphertext since the draft says
that, while multiple security operations on the same block are invalid,
doing integrity protection and confidentiality on the same block is
valid. This opens up some insecure options that don't need to be allowed, 
like integrity protect then encrypt, or integrity protect and encrypt.
I think it would be a good idea to mandate that whatever ciphersuite
is used for a BCB (again, the draft does not specify ciphersuites) that
it provides authenticated encryption. Then update the uniqueness
requirement in section 3.2. 

  The example in figure 3 does authenticate-then-encrypt which is
not robust. This needs to change.

  The processing order in 5.1 states "BCBs MUST be evaluated first
and BIBs second." This is wrong, it's mandating a fragile construct
whose security depends on the cipher mode and that is dangerous.
Strongly suggest changing this and using and AEAD cipher.

  Also in 5.1: "If an encrypted payload block cannot be decrypted...."
How would you know? As long as it's the right size it will decrypt 
into something. That something might be garbage but decryption was
successful. This is another reason to mandate AEAD. If it fails, it
fails hard, no two step required. 

  My suggestion to use an AEAD cipher seems to conflict somewhat with the
fragmentation/reassembly text which says that application of a
confidentiality cipher suite MUST NOT alter the size of the payload.
That is going to have to be reconciled somehow. This document should
not allow anything other than encrypt-then-authenticate (and it should
do so by mandating AEAD ciphers) and if that requires some rewrite of
the fragmentation/reassembly text then so be it. 

 II. Issues with RFC 2119 words

  I hate to be a stickler on stuff like this but...

  Section 2.2 which begins, "A bundle MAY have multiple security blocks
and these blocks MAY have different security sources." Now, to me, MAY
means it's optional and that if I don't implement it I can still stay
compliant. But that's not how I'm reading this. What I'm reading
is an admonition to not assume uniformity in bundles, which seems
like an important statement that is the opposite of the literal MAY
text. It's really you MUST NOT assume that a bundle has uniform
security. 

  Section 3.3: "A set of security operations may be represented by a
single security block if and only if the following conditions are true...."
That sounds kind of normative.  Do the authors mean "A set of security
operations SHALL be represented by a single security block...."?

  Regarding the optional "Security Source" in the Abstract Security Block
in section 3.6: "If the security source field is not present then the 
ource MAY be inferred from other information...." And that means I can
choose to not implement this optional inference. In which case, what do
I do? I think some instruction to implementers is needed but I'm
not sure what it is.

  Basically, I think the whole document should be searched for "may" (case
insensitively) and each instance looked at closely.

  III. Security Considerations

  The security considerations are thorough and well done although the
first three paragraphs in section 8 seem to boil down to the fact that
the DTN is assumed to be completely under the control of an attacker. I
think that's all that needs to be said there. 

  regards,

  Dan.




</pre>
    <tt><br>
      <br>
      <br>
      <br>
    </tt>
  </body>
</html>

--------------0AEA476AFDA53DBF7C4335C2--


From nobody Wed May 30 20:23:32 2018
Return-Path: <mnot@mnot.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D9231318CA; Wed, 30 May 2018 20:23:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=Hdu9wcsY; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=JCNuZaoO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRM_3fT7IliL; Wed, 30 May 2018 20:23:22 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18CE31314DD; Wed, 30 May 2018 20:23:22 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 8027121BAF; Wed, 30 May 2018 23:23:21 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Wed, 30 May 2018 23:23:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=szCb2KWFZ7KX1Oj+jODZFgzd2Fkx3 09JXPHpSILByxs=; b=Hdu9wcsYzUK5jBcq/ZZFhCoY2W6WvbuefPsmsvvtxJDm4 s72TubjMzXFPWVYPVL/BpQkFV2NgSE+fpFHGYGiuKGKIvxaVi8EaksFCzIxSpt8p KGqSxhWXcc/YIVGb6LuC6fH+8lEr9cxTyUaW6Cr1tZh9oiVfE7uF7tSqcmwr8NEv wPB0Nmns6ySyG70+raNoVPUjYLk3Bt3keO3zN+yNLxjU+b59F8lE+JNexZdLHU++ uQF/wIjnzMBKAIZ1vZSN2BeSDkECb6/rHcIRsgxIyoNL0iG9SmcVRNfNgseKjJzD 3GKYOVy3DsW7GjjI4mYNI/YW6xCjbGTxiwAtPh9XA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=szCb2K WFZ7KX1Oj+jODZFgzd2Fkx309JXPHpSILByxs=; b=JCNuZaoOqvF79A+sEN1iNM VuR6Nv5jZEpGCm875LT0A6CVD+QABXiKsNBNnDQ5shWVs4Wd+2cl4lXm2q7sLqpV j+QEdXkTNjJblY9fPc+c3zE/+WB3w1fyzRa1m44X97ioV/FBBCD9ZjYBHYw37qLu HvIC5sHS1JgXBcFHfSTdJebBkKG1MpZyk7PAPxkeENgsmI6uT3yjy7Ei1B5wqo+G TccdRidz5YJKwGa+WkVdqGzs1GtaeCFC64ylz9VAwnVKdpAVjn6aTxfhHoH3oiyb bd7a0EfsBpby6dbhQcjFiyUrtXmtBvpfznLywdQunm5k5fE6ZGfhQAhTspt89+UA ==
X-ME-Proxy: <xmx:qWoPW5KST-H5Wtg8b_E1I9-9hK7I-3q0XekbliBErJoMzSNyyDPwSg>
X-ME-Proxy: <xmx:qWoPW1fCBWJR9gZnq0lF_9TVS_C9bWSmJpy946NTSoG2yRIzQdw1fg>
X-ME-Proxy: <xmx:qWoPW5XMzIBMR_ihnb6YT8gEr_uLcuC1cJO4y7QUb_qIT_WP4WD2GQ>
X-ME-Proxy: <xmx:qWoPW1CrjnBJLnWn3L2o0n6cuKYhjRQ95cm09JD0qg7QoK_Qf29T8A>
X-ME-Proxy: <xmx:qWoPW49mATl3Nzj-9r1sFtXIPv_wM8wUykuQ4Y6MBVPcMAMrf1q6Pw>
X-ME-Proxy: <xmx:qWoPWxbRbd3bWygYMxV5pDqCGN-PJb7zRUEDvX8a9z-oKXvyrmXoxQ>
X-ME-Sender: <xms:qWoPW1eWZYPigUpQJwFxvd3QAUD-mmXMrclkvickcAmgIF6ester2g>
Received: from attitudadjuster.localdomain (unknown [144.136.175.28]) by mail.messagingengine.com (Postfix) with ESMTPA id A34A310262; Wed, 30 May 2018 23:23:19 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <D7332279.B8CA6%carl@redhoundsoftware.com>
Date: Thu, 31 May 2018 13:23:16 +1000
Cc: Patrick McManus <pmcmanus@mozilla.com>, draft-ietf-httpbis-h2-websockets.all@ietf.org, secdir@ietf.org, The IESG <iesg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <E5BEBC29-97A2-41A2-BC27-043BE57BDF0A@mnot.net>
References: <D73306E9.B8C32%carl@redhoundsoftware.com> <CAOdDvNpiYqG4zpMQgiB2MXjHbL0CTuP9NgXh3AVTkFxeFTCK6Q@mail.gmail.com> <D7332279.B8CA6%carl@redhoundsoftware.com>
To: Carl Wallace <carl@redhoundsoftware.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/pXOhHDZk3owJIcc33_L3a9S50Ok>
Subject: Re: [secdir] secdir review of draft-ietf-httpbis-h2-websockets
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2018 03:23:25 -0000

The problem is that we'd have to put such a caveat on pretty much every =
MUST in the document.=20

Cheers,


> On 30 May 2018, at 5:37 am, Carl Wallace <carl@redhoundsoftware.com> =
wrote:
>=20
> Your reasoning makes sense but it requires an awfully careful reading =
to counter the clarity of the prohibition on new pseudo-headers. Maybe =
an errata could be filed against 7540 to clarify the "alter any aspect =
of this protocol" where the prohibition  is asserted for the benefit of =
future readers. For example, something like "Endpoints MUST NOT generate =
pseudo-header fields other than those defined in this document, except =
where support for additional pseudo-headers is negotiated as permitted =
in section 5.5" would help.
>=20
> From: Patrick McManus <pmcmanus@mozilla.com>
> Date: Tuesday, May 29, 2018 at 1:49 PM
> To: Carl Wallace <carl@redhoundsoftware.com>
> Cc: <draft-ietf-httpbis-h2-websockets.all@ietf.org>, =
<secdir@ietf.org>, The IESG <iesg@ietf.org>
> Subject: Re: secdir review of draft-ietf-httpbis-h2-websockets
>=20
>> Hey Carl, thanks for doing this
>>=20
>> On Tue, May 29, 2018 at 1:32 PM, Carl Wallace =
<carl@redhoundsoftware.com> wrote:
>>>=20
>>> The draft-ietf-httpbis-h2-websockets defines a new pseudo-header =
field in
>>> section 4. Section 3 addresses extending HTTP/2 via a reference to =
section
>>> 5.5 of RFC7540, but there was nothing in that section to relax the
>>> prohibition on using pseudo-header fields not defined by 7540. Is a =
mod to
>>> 7540 necessary to enable support for the mechanism in
>>> draft-ietf-httpbis-h2-websockets?
>>>=20
>>=20
>> imo no update to 7540 is needed. the wg also considered the question =
and had the same conclusion. I will highlight the reasoning:
>>=20
>> 5.5.  Extending HTTP/2
>>=20
>>=20
>>=20
>>    HTTP/2 permits extension of the protocol.  Within the limitations
>>    described in this section, protocol extensions can be used to =
provide
>>    additional services or alter any aspect of the protocol.  =
Extensions
>>    are effective only within the scope of a single HTTP/2 connection.
>>=20
>>=20
>> note "alter any aspect of this protocol"
>> [..]
>>=20
>>    Extensions that could change the semantics of existing protocol
>>    components MUST be negotiated before being used.=20
>>=20
>> This is one of the limitations mentioned above.. so the websockets =
extension needs to be negotiated (and it is).
>> [..] For example, an
>>    extension that changes the layout of the HEADERS frame cannot be =
used
>>    until the peer has given a positive signal that this is =
acceptable.
>>=20
>>  In this case, it could also be necessary to coordinate when the
>>    revised layout comes into effect.  Note that treating any frames
>>    other than DATA frames as flow controlled is such a change in
>>    semantics and can only be done through negotiation.
>>=20
>> These two examples are also powerful citations that negotiated =
extensions can change the interpretation of basic pieces of 7540 such as =
existing frame layouts and even flow control rules (both of which have =
MUSTs associated with them).
>>=20
>> The whole section is a little bit confusing because it also =
enumerates a few extension points that the websockets draft is not =
using. But those are specifically enumerated because they can be used =
without negotiated opt-in and implementations not aware of the =
extensions need to take care to keep them clean and available for =
extending (so there are requirements even if you're not implementing the =
extension). As the example paragraph shows, extensions are not solely =
limited to that model.
>>=20
>> Cheers
>> -Patrick
>>=20
>>=20
>>=20

--
Mark Nottingham   https://www.mnot.net/


From nobody Thu May 31 01:02:58 2018
Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CF4F12EBE8; Thu, 31 May 2018 01:02:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level: 
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AeEQdce_PUns; Thu, 31 May 2018 01:02:53 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1AE412E8EE; Thu, 31 May 2018 01:02:51 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.49,463,1520895600";  d="scan'208,217";a="267086073"
Received: from unknown (HELO [192.168.16.115]) ([193.55.47.16]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 May 2018 10:02:47 +0200
From: Vincent Roca <vincent.roca@inria.fr>
Message-Id: <6875C56D-A978-415B-A98F-BEAF886DE846@inria.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5ABA35CC-B81B-4E84-B6AD-563D826BCA13"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Thu, 31 May 2018 10:02:47 +0200
In-Reply-To: <19fae0b2-55b8-17cd-bb40-33581a936f08@mozilla.com>
Cc: Vincent Roca <vincent.roca@inria.fr>, The IESG <iesg@ietf.org>, secdir@ietf.org, draft-hakala-urn-nbn-rfc3188bis.all@ietf.org
To: Peter Saint-Andre <stpeter@mozilla.com>
References: <623421A0-B3BE-43CA-87AD-9B0AA6EF14F4@inria.fr> <19fae0b2-55b8-17cd-bb40-33581a936f08@mozilla.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/vs9aVtuK2S3k8d-lHyBHmWB62dg>
Subject: Re: [secdir] Secdir review of draft-hakala-urn-nbn-rfc3188bis-00
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2018 08:02:56 -0000

--Apple-Mail=_5ABA35CC-B81B-4E84-B6AD-563D826BCA13
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Hello Peter,

> Hi Vincent, thanks for your review. I'm the document shepherd and the
> author is on holiday right now, so I'll reply on a few points.

[..]

>> This document specifies the use of National Bibliography Numbers =
(NBN)s
>> as a particular URN namespace.
>> The authors explain that "no specific security threats have been
>> identified for NBN-based URNs".
>> The authors also explain that, since this document specifies high =
level
>> concepts, several security aspects are out of scope.
>> I tend to agree with the authors, although I don't know the domain.
>=20
> Would you like to see a bit more explanatory text on these matters?

More explanatory text is always welcome, but as I said, I wouldn=E2=80=99t=

object if the doc stays as is.

> Thanks for the review!

You=E2=80=99re welcome.

  Vincent


--Apple-Mail=_5ABA35CC-B81B-4E84-B6AD-563D826BCA13
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D"">Hello=
 Peter,<div class=3D""><br class=3D""></div><div =
class=3D""><div><blockquote type=3D"cite" class=3D""><div class=3D""><span=
 style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
12px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; text-decoration: none; float: none; =
display: inline !important;" class=3D"">Hi Vincent, thanks for your =
review. I'm the document shepherd and the</span><br style=3D"caret-color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: =
normal; font-variant-caps: normal; font-weight: normal; letter-spacing: =
normal; text-align: start; text-indent: 0px; text-transform: none; =
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;" class=3D""><span style=3D"caret-color: rgb(0, 0, =
0); font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none; float: none; display: inline !important;" =
class=3D"">author is on holiday right now, so I'll reply on a few =
points.</span><br style=3D"caret-color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: =
none;" class=3D""></div></blockquote><div><br class=3D""></div>[..]<br =
class=3D""><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><blockquote type=3D"cite" style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; =
-webkit-text-stroke-width: 0px; text-decoration: none;" class=3D"">This =
document specifies the use of National Bibliography Numbers (NBN)s<br =
class=3D"">as a particular URN namespace.<br class=3D"">The authors =
explain that "no specific security threats have been<br =
class=3D"">identified for NBN-based URNs".<br class=3D"">The authors =
also explain that, since this document specifies high level<br =
class=3D"">concepts, several security aspects are out of scope.<br =
class=3D"">I tend to agree with the authors, although I don't know the =
domain.<br class=3D""></blockquote><br style=3D"caret-color: rgb(0, 0, =
0); font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;" class=3D""><span style=3D"caret-color: rgb(0, 0, =
0); font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none; float: none; display: inline !important;" =
class=3D"">Would you like to see a bit more explanatory text on these =
matters?</span><br style=3D"caret-color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: =
none;" class=3D""></div></blockquote><div><br class=3D""></div><div>More =
explanatory text is always welcome, but as I said, I =
wouldn=E2=80=99t</div><div>object if the doc stays as is.</div><div><br =
class=3D""></div><blockquote type=3D"cite" class=3D""><div =
class=3D""><span style=3D"caret-color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: =
none; float: none; display: inline !important;" class=3D"">Thanks for =
the review!</span><br style=3D"caret-color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: =
none;" class=3D""></div></blockquote><div><br =
class=3D""></div><div>You=E2=80=99re welcome.</div><div><br =
class=3D""></div><div>&nbsp; Vincent</div><div><br =
class=3D""></div></div></div></body></html>=

--Apple-Mail=_5ABA35CC-B81B-4E84-B6AD-563D826BCA13--


From nobody Thu May 31 03:18:37 2018
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3012312EA54 for <secdir@ietfa.amsl.com>; Thu, 31 May 2018 03:18:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r0wULnSoqhNh for <secdir@ietfa.amsl.com>; Thu, 31 May 2018 03:18:33 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E544112EC1D for <secdir@ietf.org>; Thu, 31 May 2018 03:18:32 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id j12-v6so13428395qkk.4 for <secdir@ietf.org>; Thu, 31 May 2018 03:18:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=jueXlFv401kdBDjsnUMkJM6TN6QSzXdnSDuLXQdbVQU=; b=fs1tsrPS4D3o4cP4XnME3hN247Qs3CjqU646rdZZdYfgOzGYtjYU64lRoJig08JVP2 SuOeVwJtQ5k3BFhEpp6JpAh8lpEvvaYYiHUYE4A52SQgTlOIZn6hTPpwVrcOYEnF5+jr rWkqx7fGkVccw2y6xoeVRQgX7SDdcNbePC5bM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=jueXlFv401kdBDjsnUMkJM6TN6QSzXdnSDuLXQdbVQU=; b=Fm7YFk9aLNfDHKYO4R19fszJjeXgWYKt5ZgsYiKtc6H+JRspWtWSpMt3SKhux4BUPe zho4pcPDQ6curhjD4wPgBg5KJBALsZTiLwf0NSUgpIRHE9YF/YTnWYJ9qkdzOKsrRSSw HDVffdTMYaFMV3ACcfTPMs433k+fRfNw5bkzReQUnS3z6y0bi4n8gpgNoAZmeCbifGMe Yzb5Y+KARFWv1+dXFkCUEe/hjXRGWdmoyqeeev3NkpbY9OZb24pIXfK5YjLLkfXIcGK0 A4UGzUxs449/3OASxF9bxEStZ8piOh8d480DzMYHEtC34dTbifga+9Xd14dhQyhip/tw DwuA==
X-Gm-Message-State: APt69E2A0RWTwCg5onT/C8eJ0fxUh0eWsXawoJ1eovOA08prQjPDS2O1 BG04oimFdtI+3icpC1det73YSQ==
X-Google-Smtp-Source: ADUXVKKrmh9Pj4nb3qyYYTPCeT9G5VzAqzFATxZ4z+rqQeQBV+iLWiZrqcNA7qg90t010YoFLcdF9w==
X-Received: by 2002:a37:f59:: with SMTP id z86-v6mr5494993qkg.234.1527761911900;  Thu, 31 May 2018 03:18:31 -0700 (PDT)
Received: from [192.168.2.158] (pool-74-96-253-73.washdc.fios.verizon.net. [74.96.253.73]) by smtp.gmail.com with ESMTPSA id 31-v6sm2316477qtq.80.2018.05.31.03.18.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 May 2018 03:18:31 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Carl Wallace <carl@redhoundsoftware.com>
X-Mailer: iPhone Mail (14G60)
In-Reply-To: <E5BEBC29-97A2-41A2-BC27-043BE57BDF0A@mnot.net>
Date: Thu, 31 May 2018 06:18:29 -0400
Cc: Patrick McManus <pmcmanus@mozilla.com>, draft-ietf-httpbis-h2-websockets.all@ietf.org, secdir@ietf.org, The IESG <iesg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CEB6602B-80AC-44F7-907B-1E4E9257DCDB@redhoundsoftware.com>
References: <D73306E9.B8C32%carl@redhoundsoftware.com> <CAOdDvNpiYqG4zpMQgiB2MXjHbL0CTuP9NgXh3AVTkFxeFTCK6Q@mail.gmail.com> <D7332279.B8CA6%carl@redhoundsoftware.com> <E5BEBC29-97A2-41A2-BC27-043BE57BDF0A@mnot.net>
To: Mark Nottingham <mnot@mnot.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/BBgKtAz3Hy5g2ShdawcM5GDZlMY>
Subject: Re: [secdir] secdir review of draft-ietf-httpbis-h2-websockets
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2018 10:18:36 -0000

Good enough.=20

> On May 30, 2018, at 11:23 PM, Mark Nottingham <mnot@mnot.net> wrote:
>=20
> The problem is that we'd have to put such a caveat on pretty much every MU=
ST in the document.=20
>=20
> Cheers,
>=20
>=20
>> On 30 May 2018, at 5:37 am, Carl Wallace <carl@redhoundsoftware.com> wrot=
e:
>>=20
>> Your reasoning makes sense but it requires an awfully careful reading to c=
ounter the clarity of the prohibition on new pseudo-headers. Maybe an errata=
 could be filed against 7540 to clarify the "alter any aspect of this protoc=
ol" where the prohibition  is asserted for the benefit of future readers. Fo=
r example, something like "Endpoints MUST NOT generate pseudo-header fields o=
ther than those defined in this document, except where support for additiona=
l pseudo-headers is negotiated as permitted in section 5.5" would help.
>>=20
>> From: Patrick McManus <pmcmanus@mozilla.com>
>> Date: Tuesday, May 29, 2018 at 1:49 PM
>> To: Carl Wallace <carl@redhoundsoftware.com>
>> Cc: <draft-ietf-httpbis-h2-websockets.all@ietf.org>, <secdir@ietf.org>, T=
he IESG <iesg@ietf.org>
>> Subject: Re: secdir review of draft-ietf-httpbis-h2-websockets
>>=20
>>> Hey Carl, thanks for doing this
>>>=20
>>>> On Tue, May 29, 2018 at 1:32 PM, Carl Wallace <carl@redhoundsoftware.co=
m> wrote:
>>>>=20
>>>> The draft-ietf-httpbis-h2-websockets defines a new pseudo-header field i=
n
>>>> section 4. Section 3 addresses extending HTTP/2 via a reference to sect=
ion
>>>> 5.5 of RFC7540, but there was nothing in that section to relax the
>>>> prohibition on using pseudo-header fields not defined by 7540. Is a mod=
 to
>>>> 7540 necessary to enable support for the mechanism in
>>>> draft-ietf-httpbis-h2-websockets?
>>>>=20
>>>=20
>>> imo no update to 7540 is needed. the wg also considered the question and=
 had the same conclusion. I will highlight the reasoning:
>>>=20
>>> 5.5.  Extending HTTP/2
>>>=20
>>>=20
>>>=20
>>>   HTTP/2 permits extension of the protocol.  Within the limitations
>>>   described in this section, protocol extensions can be used to provide
>>>   additional services or alter any aspect of the protocol.  Extensions
>>>   are effective only within the scope of a single HTTP/2 connection.
>>>=20
>>>=20
>>> note "alter any aspect of this protocol"
>>> [..]
>>>=20
>>>   Extensions that could change the semantics of existing protocol
>>>   components MUST be negotiated before being used.=20
>>>=20
>>> This is one of the limitations mentioned above.. so the websockets exten=
sion needs to be negotiated (and it is).
>>> [..] For example, an
>>>   extension that changes the layout of the HEADERS frame cannot be used
>>>   until the peer has given a positive signal that this is acceptable.
>>>=20
>>> In this case, it could also be necessary to coordinate when the
>>>   revised layout comes into effect.  Note that treating any frames
>>>   other than DATA frames as flow controlled is such a change in
>>>   semantics and can only be done through negotiation.
>>>=20
>>> These two examples are also powerful citations that negotiated extension=
s can change the interpretation of basic pieces of 7540 such as existing fra=
me layouts and even flow control rules (both of which have MUSTs associated w=
ith them).
>>>=20
>>> The whole section is a little bit confusing because it also enumerates a=
 few extension points that the websockets draft is not using. But those are s=
pecifically enumerated because they can be used without negotiated opt-in an=
d implementations not aware of the extensions need to take care to keep them=
 clean and available for extending (so there are requirements even if you're=
 not implementing the extension). As the example paragraph shows, extensions=
 are not solely limited to that model.
>>>=20
>>> Cheers
>>> -Patrick
>>>=20
>>>=20
>>>=20
>=20
> --
> Mark Nottingham   https://www.mnot.net/
>=20


From nobody Thu May 31 05:48:27 2018
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 635BC12EC02 for <secdir@ietf.org>; Thu, 31 May 2018 05:48:25 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Tero Kivinen <kivinen@iki.fi>
To: <secdir@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.81.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-to: secdir-secretary@mit.edu
Message-ID: <152777090539.22664.932728959769738863.idtracker@ietfa.amsl.com>
Date: Thu, 31 May 2018 05:48:25 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/45BQO0IQSn7Wf7IlOUDVKE-mR24>
Subject: [secdir] Assignments
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2018 12:48:26 -0000

Review instructions and related resources are at:
http://tools.ietf.org/area/sec/trac/wiki/SecDirReview

For telechat 2018-06-07

Reviewer               LC end     Draft
Melinda Shore          2018-05-30 draft-ietf-teas-yang-te-topo-15

For telechat 2018-06-21

Reviewer               LC end     Draft
Sandra Murphy          2018-04-24 draft-ietf-mmusic-sdp-simulcast-12

Last calls:

Reviewer               LC end     Draft
John Bradley           2018-04-18 draft-ietf-acme-acme-12
Daniel Gillmor         2018-03-19 draft-gutmann-scep-10
Russ Mundy             2017-09-14 draft-spinosa-urn-lex-12
Tina Tsou              2018-05-21 draft-ietf-v6ops-conditional-ras-04
Samuel Weiler          2018-05-21 draft-ietf-bfd-multipoint-16
Brian Weis             2018-06-04 draft-ietf-tsvwg-rfc4960-errata-06
Klaas Wierenga         2018-06-26 draft-richer-vectors-of-trust-11
Christopher Wood       2018-06-12 draft-ietf-oauth-device-flow-09
Paul Wouters           2018-06-12 draft-ietf-dcrup-dkim-crypto-10

Early review requests:

Reviewer               Due        Draft
Daniel Franke          2018-01-31 draft-ietf-intarea-provisioning-domains-00
Ólafur Guðmundsson     2018-01-09 draft-ietf-opsawg-nat-yang-09
Liang Xia              2018-06-30 draft-ietf-cellar-ffv1-02

Next in the reviewer rotation:

  Taylor Yu
  Dacheng Zhang
  Derek Atkins
  John Bradley
  Shaun Cooley
  Roman Danyliw
  Alan DeKok
  Donald Eastlake
  Shawn Emery
  Stephen Farrell


From nobody Thu May 31 20:19:52 2018
Return-Path: <melinda.shore@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44BC61250B8; Thu, 31 May 2018 20:19:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id geMW7DYk9wtq; Thu, 31 May 2018 20:19:49 -0700 (PDT)
Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD843124D6C; Thu, 31 May 2018 20:19:46 -0700 (PDT)
Received: by mail-pg0-x233.google.com with SMTP id 15-v6so10280891pge.2; Thu, 31 May 2018 20:19:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=from:subject:to:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=D7/OXtx0B4phrfgZYYWq+/JS6RkoQMaaFfkbrVlAHRo=; b=UMcDaU8Sn5e5Ypa7zoe90RtLiDc7M7pmm7fBUNognO+vQJeCm0a+HKVr7JZsW/06gu TcdjRmo0kHgWqnM8vMTJuqOiP7OQfsgtuAbt6Lmj3EoghMYTIpxx8kcncp7Agb39H2ZG mUsnrdJdqUmeN0WA8A7CKZP8Y7MOYlruHYfSexjtI3kcP+HBsWTgO/hJAjpNqCQxvwz5 Lm7CX/ULI0mveH6bhHKRYwuCWAZ1amj+5bNhWrLBdMucKZqGpeGu1d7uSOo20y1Fy1uA YYXJHnM2SiAKrxkaeDf7Zgv5q9/T/YeeOVsBLIyqj+YSug4RKV9DUVmsiISXKrOTWMmy hKLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=D7/OXtx0B4phrfgZYYWq+/JS6RkoQMaaFfkbrVlAHRo=; b=J3jg41vTVQoiD5s26qhIYc7R3MaMNQAX3xq6VY6amQvXWCgHBQ40f3arZY/Pslnw9q T5jxDCAuZ/atI5j1WJYarTEbUz1RP59j1BQ7NWfU25XrAfzyRrpHcH/S0tBFGLJTn0Mx puc5dnpsuzcvVcBAclOy/k3+pAEvAXd0qiDgEjTvr0cF97qnmmXTkL46JedGhKbXlJyE PBn5YtQS5xz7zvH8Nnd2DfVoqdjNkRSoQA3rTLr3F55gVVqkGoSXu0db68dLKKcv5jq8 pDdHNG4g4/vmgJKrgQaGZeFcjP4AEU1YEC7+ULTUW4QsZ6dC8ZjohH/CxU5SejNJgJbz VyGg==
X-Gm-Message-State: ALKqPwcVmGjZaL2WrvFW8iSvFcjGgJ01cBVMnYK7DljFniCndWT5xOC8 1NGd8O0zU0tJfUsAWLDbDMFrGEy7
X-Google-Smtp-Source: ADUXVKLxUuFp6TpXJEakrVs77wNKh90ZF8yY2c284cIIbv3mLD4InRGPObBFUJ6iRpFF+nhDmtiUPQ==
X-Received: by 2002:a65:4b49:: with SMTP id k9-v6mr7365382pgt.369.1527823185763;  Thu, 31 May 2018 20:19:45 -0700 (PDT)
Received: from aspen.local (216-67-39-96-radius.dynamic.acsalaska.net. [216.67.39.96]) by smtp.gmail.com with ESMTPSA id x124-v6sm67959480pfx.72.2018.05.31.20.19.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 May 2018 20:19:44 -0700 (PDT)
From: Melinda Shore <melinda.shore@gmail.com>
To: secdir@ietf.org, IESG <iesg@ietf.org>, draft-ietf-teas-yang-te-topo.all@ietf.org
Message-ID: <1b9239b4-ff6a-4f85-4c6e-8b714cf6b6a3@gmail.com>
Date: Thu, 31 May 2018 19:19:42 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/kF39-zSCO0QGcUy6MwHfl65u1wk>
Subject: [secdir] Secdir review of draft-ietf-teas-yang-te-topo-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2018 03:19:51 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready with issues

This document defines a technology-agnostic YANG data model for
representation of traffic engineering topologies, and is intended to
serve as a base model for other technology-specific traffic engineering
topology models.

The document is clearly written and appears comprehensive with respect
to its subject matter.  I suspect that sections 1-4 would be a useful
reference for people wanting to learn about TE topologies in general,
and I enjoyed reading it.

The security considerations section is scanty and, unfortunately,
insufficient.  The statement "The data-model by itself does not create
any security implications" seems questionable at best, since it contains
information about network topology and the treatment of traffic,
which may be of value to an attacker.  The lack of discussion of
the threat environment is particularly problematic given that the
model is intended to be used for manipulating TE topologies.  The
authors may want to look to draft-ietf-i2rs-yang-network-topo as
a model (no pun intended) of a good security considerations
section for a topology model.  I don't see how this document can
be published with the security considerations section in its current
condition.

This is really a trivial nit, but a nit nevertheless - the second
paragraph of the terminology section probably belongs in the
introduction instead, as it lays out expectations for the reader
and contains a pointer to introductory material for readers
unfamiliar with the IETF's traffic engineering work.

Melinda