From trac+websec@trac.tools.ietf.org Mon Jul 2 13:42:57 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B7AB11E80FA for ; Mon, 2 Jul 2012 13:42:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.999 X-Spam-Level: X-Spam-Status: No, score=-101.999 tagged_above=-999 required=5 tests=[AWL=0.600, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D1Z+lwDBa9JA for ; Mon, 2 Jul 2012 13:42:56 -0700 (PDT) Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [77.72.230.30]) by ietfa.amsl.com (Postfix) with ESMTP id 9A48711E809C for ; Mon, 2 Jul 2012 13:42:56 -0700 (PDT) Received: from localhost ([127.0.0.1]:58654 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.77) (envelope-from ) id 1SlnS1-0000JI-AL; Mon, 02 Jul 2012 22:42:29 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: "websec issue tracker" X-Trac-Version: 0.12.2 Precedence: bulk Auto-Submitted: auto-generated X-Mailer: Trac 0.12.2, by Edgewall Software To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com X-Trac-Project: websec Date: Mon, 02 Jul 2012 20:42:29 -0000 X-URL: http://tools.ietf.org/websec/ X-Trac-Ticket-URL: http://wiki.tools.ietf.org/wg/websec/trac/ticket/47 Message-ID: <070.b22239f1d2f37ffa75cfd01d0a07c6b7@trac.tools.ietf.org> X-Trac-Ticket-ID: 47 X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Rcpt-To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com, websec@ietf.org X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false Resent-To: Resent-Message-Id: <20120702204256.9A48711E809C@ietfa.amsl.com> Resent-Date: Mon, 2 Jul 2012 13:42:56 -0700 (PDT) Resent-From: trac+websec@trac.tools.ietf.org Cc: websec@ietf.org Subject: [websec] #47: HSTS: explicitly note that HSTS applies when following redirects X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2012 20:42:57 -0000 #47: HSTS: explicitly note that HSTS applies when following redirects explicitly note that HSTS applies when following redirects -- section 8.3 URI Loading and Port Mapping doesn't call this out explicitly. It should perhaps say something like.. Whenever the UA prepares to "load", also known as "dereference", any "http" URI [RFC3986] (including when following HTTP redirects [RFC2616]), -- -------------------------------------+------------------------------------- Reporter: jeff.hodges@… | Owner: draft-ietf-websec- Type: enhancement | strict-transport-sec@… Priority: minor | Status: new Component: strict-transport-sec | Milestone: Severity: Waiting for Shepherd | Version: Writeup | Keywords: -------------------------------------+------------------------------------- Ticket URL: websec From trac+websec@trac.tools.ietf.org Mon Jul 2 13:46:16 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A6E911E811F for ; Mon, 2 Jul 2012 13:46:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.066 X-Spam-Level: X-Spam-Status: No, score=-102.066 tagged_above=-999 required=5 tests=[AWL=0.533, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZdfV-o8B7Jah for ; Mon, 2 Jul 2012 13:46:15 -0700 (PDT) Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [77.72.230.30]) by ietfa.amsl.com (Postfix) with ESMTP id A5FB211E80FA for ; Mon, 2 Jul 2012 13:46:15 -0700 (PDT) Received: from localhost ([127.0.0.1]:58803 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.77) (envelope-from ) id 1SlnVd-0000gP-VB; Mon, 02 Jul 2012 22:46:13 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: "websec issue tracker" X-Trac-Version: 0.12.2 Precedence: bulk Auto-Submitted: auto-generated X-Mailer: Trac 0.12.2, by Edgewall Software To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com X-Trac-Project: websec Date: Mon, 02 Jul 2012 20:46:13 -0000 X-URL: http://tools.ietf.org/websec/ X-Trac-Ticket-URL: http://wiki.tools.ietf.org/wg/websec/trac/ticket/48 Message-ID: <070.c516c03e0df3e433a3a17e558633262b@trac.tools.ietf.org> X-Trac-Ticket-ID: 48 X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Rcpt-To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com, websec@ietf.org X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false Resent-To: Resent-Message-Id: <20120702204615.A5FB211E80FA@ietfa.amsl.com> Resent-Date: Mon, 2 Jul 2012 13:46:15 -0700 (PDT) Resent-From: trac+websec@trac.tools.ietf.org Cc: websec@ietf.org Subject: [websec] #48: HSTS: max-age value in section 10.1 is incorrect X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2012 20:46:16 -0000 #48: HSTS: max-age value in section 10.1 is incorrect A statement in Section 10.1.' HSTS Policy expiration time considerations' reads: 'For example, a max-age value of 778000 is 90 days: Strict-Transport-Security: max-age=778000' This is miscalculated, 778000 is about 9 days. 90 days is actually 7776000 seconds. -- -------------------------------------+------------------------------------- Reporter: jeff.hodges@… | Owner: draft-ietf-websec- Type: defect | strict-transport-sec@… Priority: minor | Status: new Component: strict-transport-sec | Milestone: Severity: Waiting for Shepherd | Version: Writeup | Keywords: -------------------------------------+------------------------------------- Ticket URL: websec From trac+websec@trac.tools.ietf.org Mon Jul 2 13:49:43 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5196B11E8119 for ; Mon, 2 Jul 2012 13:49:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.119 X-Spam-Level: X-Spam-Status: No, score=-102.119 tagged_above=-999 required=5 tests=[AWL=0.480, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SMyquzCjGOZA for ; Mon, 2 Jul 2012 13:49:42 -0700 (PDT) Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [77.72.230.30]) by ietfa.amsl.com (Postfix) with ESMTP id B9EB011E8105 for ; Mon, 2 Jul 2012 13:49:42 -0700 (PDT) Received: from localhost ([127.0.0.1]:59034 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.77) (envelope-from ) id 1SlnYx-0006Gz-Pi; Mon, 02 Jul 2012 22:49:39 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: "websec issue tracker" X-Trac-Version: 0.12.2 Precedence: bulk Auto-Submitted: auto-generated X-Mailer: Trac 0.12.2, by Edgewall Software To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com X-Trac-Project: websec Date: Mon, 02 Jul 2012 20:49:39 -0000 X-URL: http://tools.ietf.org/websec/ X-Trac-Ticket-URL: http://wiki.tools.ietf.org/wg/websec/trac/ticket/49 Message-ID: <070.62cb1c67b084dfe8f66d131aee36d6bd@trac.tools.ietf.org> X-Trac-Ticket-ID: 49 X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Rcpt-To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com, websec@ietf.org X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false Resent-To: Resent-Message-Id: <20120702204942.B9EB011E8105@ietfa.amsl.com> Resent-Date: Mon, 2 Jul 2012 13:49:42 -0700 (PDT) Resent-From: trac+websec@trac.tools.ietf.org Cc: websec@ietf.org Subject: [websec] #49: HSTS: mention OCSP stapling aka "Certificate Status Request" TLS extension X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2012 20:49:43 -0000 #49: HSTS: mention OCSP stapling aka "Certificate Status Request" TLS extension OCSP stapling aka "Certificate Status Request" TLS extension is yet another means for a CA to address the issues illustrated in the example in section "10.3. Implications of includeSubDomains". Should at least mention that and informatively reference RFC6066. -- -------------------------------------+------------------------------------- Reporter: jeff.hodges@… | Owner: draft-ietf-websec- Type: enhancement | strict-transport-sec@… Priority: minor | Status: new Component: strict-transport-sec | Milestone: Severity: Waiting for Shepherd | Version: Writeup | Keywords: -------------------------------------+------------------------------------- Ticket URL: websec From internet-drafts@ietf.org Mon Jul 2 14:21:36 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A511311E814D; Mon, 2 Jul 2012 14:21:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.52 X-Spam-Level: X-Spam-Status: No, score=-102.52 tagged_above=-999 required=5 tests=[AWL=0.079, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CFQu0lStCXzV; Mon, 2 Jul 2012 14:21:26 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 191D321F875B; Mon, 2 Jul 2012 14:21:20 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.21p1 Message-ID: <20120702212120.2873.21985.idtracker@ietfa.amsl.com> Date: Mon, 02 Jul 2012 14:21:20 -0700 Cc: websec@ietf.org Subject: [websec] I-D Action: draft-ietf-websec-strict-transport-sec-10.txt X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2012 21:21:37 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Web Security Working Group of the IETF. Title : HTTP Strict Transport Security (HSTS) Author(s) : Jeff Hodges Collin Jackson Adam Barth Filename : draft-ietf-websec-strict-transport-sec-10.txt Pages : 48 Date : 2012-07-02 Abstract: This specification defines a mechanism enabling web sites to declare themselves accessible only via secure connections, and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections. This overall policy is referred to as HTTP Strict Transport Security (HSTS). The policy is declared by web sites via the Strict-Transport-Security HTTP response header field, and/or by other means, such as user agent configuration, for example. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-10 A diff from previous version is available at: http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-websec-strict-transport-sec= -10 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From Jeff.Hodges@KingsMountain.com Mon Jul 2 14:28:50 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD47F11E80E1 for ; Mon, 2 Jul 2012 14:28:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.828 X-Spam-Level: X-Spam-Status: No, score=-100.828 tagged_above=-999 required=5 tests=[AWL=-0.333, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hAMi3GNEBVR8 for ; Mon, 2 Jul 2012 14:28:50 -0700 (PDT) Received: from oproxy1-pub.bluehost.com (oproxy1.bluehost.com [IPv6:2605:dc00:100:2::a1]) by ietfa.amsl.com (Postfix) with SMTP id D554711E80D3 for ; Mon, 2 Jul 2012 14:28:49 -0700 (PDT) Received: (qmail 23339 invoked by uid 0); 2 Jul 2012 21:28:55 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy1.bluehost.com with SMTP; 2 Jul 2012 21:28:55 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=2qJKbwmVHcCBKYTXoVkmz2lAp8pv54rTqbbIaCGe2Xs=; b=Ql10+0LQCRfSwzK52LkRZNbzciVoGGI9HpR0j0k0GELVDrf1sh43MnU1qYjjmxQdiQAKGhW9zJZvP6s7pdgprovApCcPhV8hFoD9lby4kgIi4gpnf7pUCY06mZ+mBw19; Received: from [216.113.168.128] (port=48392 helo=[10.244.136.119]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SloAx-0006yS-Ge for websec@ietf.org; Mon, 02 Jul 2012 15:28:55 -0600 Message-ID: <4FF21296.8050001@KingsMountain.com> Date: Mon, 02 Jul 2012 14:28:54 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: IETF WebSec WG Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com} Subject: [websec] new rev: draft-ietf-websec-strict-transport-sec-10 X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2012 21:28:50 -0000 New rev: https://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-10 full issue ticket list for strict-transport-sec: Redline spec diff from previous rev: https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-websec-strict-transport-sec-10.txt side-by-side diff from previous rev: https://tools.ietf.org/rfcdiff?url2=draft-ietf-websec-strict-transport-sec-10.txt Change Log is below. =JeffH ============================================================== Appendix D. Change Log [RFCEditor: please remove this section upon publication as an RFC.] Changes are grouped by spec revision listed in reverse issuance order. D.1. For draft-ietf-websec-strict-transport-sec Changes from -09 to -10: 1. Added "(including when following HTTP redirects [RFC2616])" to section 8.3. This addresses issue ticket #47. 2. Fixed max-age value in section 10.1. Substituted 7776000 (actually 90 days) for 778000 (only 9 days). This addresses issue ticket #48. 3. Added mention of "Certificate Status Request" TLS extension [RFC6066] aka "OCSP stapling" to example in section 10.3. This addresses issue ticket #49. Changes from -08 to -09: --- end From Jeff.Hodges@KingsMountain.com Tue Jul 3 12:48:22 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6F3811E80F2 for ; Tue, 3 Jul 2012 12:48:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.001 X-Spam-Level: X-Spam-Status: No, score=-100.001 tagged_above=-999 required=5 tests=[AWL=-0.994, BAYES_05=-1.11, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eSFNiPUQebec for ; Tue, 3 Jul 2012 12:48:22 -0700 (PDT) Received: from oproxy8-pub.bluehost.com (oproxy8.bluehost.com [IPv6:2605:dc00:100:2::a8]) by ietfa.amsl.com (Postfix) with SMTP id EF84C11E80D1 for ; Tue, 3 Jul 2012 12:48:21 -0700 (PDT) Received: (qmail 16525 invoked by uid 0); 3 Jul 2012 19:48:30 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy8.bluehost.com with SMTP; 3 Jul 2012 19:48:30 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=lYig/y/I/XJ8WhLJs2KZACRPbhAaolEnc2jkjeceN+A=; b=T9x4cMrrwdS6WBTHa7a1OAx9gTxKheN3JRRDLDxDl5r7m3xqxsdzxcW+rHFrIuvdpBNtBgkjMaLdCpTIWABO3QFMkpvQ1PFvEVWMB9g9H3hatf3hJz/N1xfl/waU2rDj; Received: from [216.113.168.128] (port=29180 helo=[10.244.137.253]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1Sm95I-0003lV-8T; Tue, 03 Jul 2012 13:48:28 -0600 Message-ID: <4FF34C89.50004@KingsMountain.com> Date: Tue, 03 Jul 2012 12:48:25 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: Tobias Gondrom , Alexey Melnkov Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com} Cc: IETF WebSec WG Subject: [websec] closing open issue tickets ? X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 19:48:23 -0000 I believe draft-ietf-websec-strict-transport-sec-10 cumulatively addresses the remaining open issue tickets: 41, 42, 47, 48, 49. #41 and #42 have been discussed on-list. #47, 48, 49 were privately-conveyed minor issues that -10 cleanly addresses. shall I close these open tickets? thanks, =JeffH From stpeter@stpeter.im Tue Jul 3 12:50:18 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8911321F8762 for ; Tue, 3 Jul 2012 12:50:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.506 X-Spam-Level: X-Spam-Status: No, score=-102.506 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0h3YQwYbVrC8 for ; Tue, 3 Jul 2012 12:50:17 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id B230821F8759 for ; Tue, 3 Jul 2012 12:50:17 -0700 (PDT) Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id D37E34005A; Tue, 3 Jul 2012 14:08:42 -0600 (MDT) Message-ID: <4FF34D01.7030708@stpeter.im> Date: Tue, 03 Jul 2012 13:50:25 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: =JeffH References: <4FF34C89.50004@KingsMountain.com> In-Reply-To: <4FF34C89.50004@KingsMountain.com> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: IETF WebSec WG Subject: Re: [websec] closing open issue tickets ? X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 19:50:18 -0000 On 7/3/12 1:48 PM, =JeffH wrote: > I believe draft-ietf-websec-strict-transport-sec-10 cumulatively > addresses the remaining open issue tickets: 41, 42, 47, 48, 49. > > #41 and #42 have been discussed on-list. > > #47, 48, 49 were privately-conveyed minor issues that -10 cleanly > addresses. > > > shall I close these open tickets? Having reviewed -10 (including checking it against the tickets), I would say yes. Peter -- Peter Saint-Andre https://stpeter.im/ From tobias.gondrom@gondrom.org Tue Jul 3 13:02:09 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70D7B21F86DA for ; Tue, 3 Jul 2012 13:02:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -99.24 X-Spam-Level: X-Spam-Status: No, score=-99.24 tagged_above=-999 required=5 tests=[AWL=-2.463, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bdIG3JBoABMm for ; Tue, 3 Jul 2012 13:02:08 -0700 (PDT) Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id 590DB21F854E for ; Tue, 3 Jul 2012 13:02:06 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=AttmC1AwEuTKybk1qnNwNayhz2Ar9LdowLCQt3ak+WbrjUPSKUThE+1WC/WIMH+8GXFnWtQ+u/H/Hjl0Lb1xhv58/2Sq2RPkZipAXKax2S0SprRJNhH2KF7kgaRlojz6; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type; Received: (qmail 5755 invoked from network); 3 Jul 2012 22:02:12 +0200 Received: from 94-194-102-93.zone8.bethere.co.uk (HELO ?192.168.1.71?) (94.194.102.93) by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 3 Jul 2012 22:02:12 +0200 Message-ID: <4FF34FC3.70301@gondrom.org> Date: Tue, 03 Jul 2012 21:02:11 +0100 From: Tobias Gondrom User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: Jeff.Hodges@KingsMountain.com References: <4FF34C89.50004@KingsMountain.com> <4FF34D01.7030708@stpeter.im> In-Reply-To: <4FF34D01.7030708@stpeter.im> Content-Type: multipart/alternative; boundary="------------060500050900070507080807" Cc: websec@ietf.org Subject: Re: [websec] closing open issue tickets ? X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 20:02:09 -0000 This is a multi-part message in MIME format. --------------060500050900070507080807 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 03/07/12 20:50, Peter Saint-Andre wrote: > On 7/3/12 1:48 PM, =JeffH wrote: >> I believe draft-ietf-websec-strict-transport-sec-10 cumulatively >> addresses the remaining open issue tickets: 41, 42, 47, 48, 49. >> >> #41 and #42 have been discussed on-list. >> >> #47, 48, 49 were privately-conveyed minor issues that -10 cleanly >> addresses. >> >> >> shall I close these open tickets? > Having reviewed -10 (including checking it against the tickets), I would > say yes. > > Peter > I would agree, provided there are no objections from the WG. Aka: if anyone does have objections, please do speak up now,. ;-) Tobias --------------060500050900070507080807 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit
On 03/07/12 20:50, Peter Saint-Andre wrote:
On 7/3/12 1:48 PM, =JeffH wrote:

I believe draft-ietf-websec-strict-transport-sec-10 cumulatively
addresses the remaining open issue tickets:  41, 42, 47, 48, 49.

#41 and #42 have been discussed on-list.

#47, 48, 49  were privately-conveyed minor issues that -10 cleanly
addresses.


shall I close these open tickets?

Having reviewed -10 (including checking it against the tickets), I would
say yes.

Peter

<hat="chair">
I would agree, provided there are no objections from the WG.
Aka: if anyone does have objections, please do speak up now,. ;-)
Tobias


--------------060500050900070507080807-- From tobias.gondrom@gondrom.org Tue Jul 3 13:35:45 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D29821F864A for ; Tue, 3 Jul 2012 13:35:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -99.016 X-Spam-Level: X-Spam-Status: No, score=-99.016 tagged_above=-999 required=5 tests=[AWL=-2.238, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sDP8rgZX71Cg for ; Tue, 3 Jul 2012 13:35:44 -0700 (PDT) Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id 5605521F86C3 for ; Tue, 3 Jul 2012 13:35:44 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=GbROXsS2bEMP7qbWXQFWcYsKSslPOblP0XUWxvIB90zEtF6I9/p3ZECwvCJ44Z/1D2a9IFTnoE3HxjC0h9FCEL7XSmvFbMvgGUOHRYK1IiwdqU1pTHlf+5wH1gti70V7; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; Received: (qmail 5959 invoked from network); 3 Jul 2012 22:35:50 +0200 Received: from 94-194-102-93.zone8.bethere.co.uk (HELO ?192.168.1.71?) (94.194.102.93) by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 3 Jul 2012 22:35:50 +0200 Message-ID: <4FF357A5.2020806@gondrom.org> Date: Tue, 03 Jul 2012 21:35:49 +0100 From: Tobias Gondrom User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: websec@ietf.org References: <20120702212120.2873.21985.idtracker@ietfa.amsl.com> In-Reply-To: <20120702212120.2873.21985.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [websec] draft-ietf-websec-strict-transport-sec - closing of WGLC X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 20:35:45 -0000 Hello Jeff and all HSTS authors and contributors! Thank you for putting out the new revised version. I think this should conclude the WG Last call on the draft and I will recommend the draft for IETF Last Call, as far as there are no objections raised from the WG. The shepherd write-up for HSTS is currently with my co-chair for review prior submission to the AD. There remain two things left to do: 1. @all authors: Could every author please confirm that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed? A simple reply to the mailing-list or me with "Yes. All is conform with BCP 78 and BCP 79." by each author would be sufficient. To my knowledge no IPR discosures have been made for this draft. Please inform me if there are any? 2. a check of idnits revealed that there are a few reference problems (including 3 Downref and 1 Obsolete normative reference). This will come up with the RFC-Editor by the latest, so please revisit the references and check the idnits tool on the draft ASAP. Plus two warnings: == Missing Reference: 'I-D.draft-ietf-httpbis-p1-messaging-17' is mentioned on line 1839, but not defined == Outdated reference: A later version (-23) exists of draft-ietf-dane-protocol-19 Best regards, Tobias On 02/07/12 22:21, internet-drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Web Security Working Group of the IETF. > > Title : HTTP Strict Transport Security (HSTS) > Author(s) : Jeff Hodges > Collin Jackson > Adam Barth > Filename : draft-ietf-websec-strict-transport-sec-10.txt > Pages : 48 > Date : 2012-07-02 > > Abstract: > This specification defines a mechanism enabling web sites to declare > themselves accessible only via secure connections, and/or for users > to be able to direct their user agent(s) to interact with given sites > only over secure connections. This overall policy is referred to as > HTTP Strict Transport Security (HSTS). The policy is declared by web > sites via the Strict-Transport-Security HTTP response header field, > and/or by other means, such as user agent configuration, for example. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-10 > > A diff from previous version is available at: > http://tools.ietf.org/rfcdiff?url2=draft-ietf-websec-strict-transport-sec-10 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec From Jeff.Hodges@KingsMountain.com Tue Jul 3 14:07:03 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5C2D11E80C4 for ; Tue, 3 Jul 2012 14:07:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.546 X-Spam-Level: X-Spam-Status: No, score=-100.546 tagged_above=-999 required=5 tests=[AWL=-0.051, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xn1ZYB4zjIqY for ; Tue, 3 Jul 2012 14:07:02 -0700 (PDT) Received: from oproxy6-pub.bluehost.com (oproxy6.bluehost.com [IPv6:2605:dc00:100:2::a6]) by ietfa.amsl.com (Postfix) with SMTP id 3CFED11E80A3 for ; Tue, 3 Jul 2012 14:07:02 -0700 (PDT) Received: (qmail 32190 invoked by uid 0); 3 Jul 2012 21:07:10 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy3.bluehost.com with SMTP; 3 Jul 2012 21:07:10 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=/Y8DELS6V/GHPvx+Ie831tl5FMYn03bDR5Qls2mvltI=; b=29bYVqUBkFV0tstqwd/JDijreQxaEeo/W+C9lklgZa6EUCiR8gMxxw1EOD1oUl5GAjCwUTqHtkiEdeRyzbwgq8xjHP1+7gONnN2hmiFFjiqXBXkEdvGCPp76K0tQhDaN; Received: from [216.113.168.128] (port=52863 helo=[10.244.137.253]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SmAJS-0001xD-BA for websec@ietf.org; Tue, 03 Jul 2012 15:07:10 -0600 Message-ID: <4FF35EFD.3090902@KingsMountain.com> Date: Tue, 03 Jul 2012 14:07:09 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: IETF WebSec WG Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com} Subject: Re: [websec] draft-ietf-websec-strict-transport-sec - closing of WGLC X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 21:07:03 -0000 Yes. To the best of my knowledge, everything conforms with BCP 78 and BCP 79. =JeffH From internet-drafts@ietf.org Tue Jul 3 14:16:11 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9AE411E819E; Tue, 3 Jul 2012 14:16:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.476 X-Spam-Level: X-Spam-Status: No, score=-102.476 tagged_above=-999 required=5 tests=[AWL=0.123, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cUAs90KM645B; Tue, 3 Jul 2012 14:16:11 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FA7211E818F; Tue, 3 Jul 2012 14:16:09 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.30 Message-ID: <20120703211609.32663.986.idtracker@ietfa.amsl.com> Date: Tue, 03 Jul 2012 14:16:09 -0700 Cc: websec@ietf.org Subject: [websec] I-D Action: draft-ietf-websec-x-frame-options-00.txt X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 21:16:12 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Web Security Working Group of the IETF. Title : HTTP Header X-Frame-Options Author(s) : David Ross Tobias Gondrom Filename : draft-ietf-websec-x-frame-options-00.txt Pages : 9 Date : 2012-07-03 Abstract: To improve the protection of web applications against Clickjacking this standards defines a http response header that declares a policy communicated from a host to the client browser whether the transmitted content MUST NOT be displayed in frames of other pages from different origins which are allowed to frame the content. This drafts serves to document the existing use and specification of X-Frame-Options. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-websec-x-frame-options There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-00 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From tobias.gondrom@gondrom.org Tue Jul 3 14:19:59 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D684D11E814B for ; Tue, 3 Jul 2012 14:19:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -98.83 X-Spam-Level: X-Spam-Status: No, score=-98.83 tagged_above=-999 required=5 tests=[AWL=-2.052, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ka3kUaT1imvn for ; Tue, 3 Jul 2012 14:19:58 -0700 (PDT) Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id 37C5E11E811B for ; Tue, 3 Jul 2012 14:19:57 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=MSPnZRy5LNLiQ3gqu7R116+zHsReHH/EcH5ngwVsRnpmgaJCqv7yb0RO4xR49O00aTZG5ZMYos2DbpMNxFxw9MKPCfvTGwp7QdP7h4RrSZ8d1iZht6SXvta6mt2M1fr8; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; Received: (qmail 7209 invoked from network); 3 Jul 2012 23:20:02 +0200 Received: from 94-194-102-93.zone8.bethere.co.uk (HELO ?192.168.1.71?) (94.194.102.93) by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 3 Jul 2012 23:20:02 +0200 Message-ID: <4FF36202.1050309@gondrom.org> Date: Tue, 03 Jul 2012 22:20:02 +0100 From: Tobias Gondrom User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: websec@ietf.org References: <4F8B39B9.3060304@isode.com> <4F96E2E9.5050008@isode.com> <4F96E368.4000701@isode.com> In-Reply-To: <4F96E368.4000701@isode.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [websec] Acceptance of draft-gondrom-frame-options-02.txt and draft-gondrom-x-frame-options-00.txt as WebSec WG documents X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 21:20:00 -0000 Hello dear websec fellows, please note that following the consensus of the WG for adotion of the drafts, David and I revised the x-frame-options draft and uploaded it as websec WG document: draft-ietf-websec-x-frame-options-00 http://www.ietf.org/id/draft-ietf-websec-x-frame-options-00.txt And my apologies that this revision took so long, as I was a bit occupied with other drafts. Best regards and looking forward to reviews and discussions, Tobias Ps.: the frame-options draft will follow shortly and looking forward to the discussions. From ietf@adambarth.com Tue Jul 3 14:35:37 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61E9A11E80CA for ; Tue, 3 Jul 2012 14:35:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.977 X-Spam-Level: X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3V3KbWmBOFvh for ; Tue, 3 Jul 2012 14:35:36 -0700 (PDT) Received: from mail-gh0-f172.google.com (mail-gh0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id C67AE11E809C for ; Tue, 3 Jul 2012 14:35:36 -0700 (PDT) Received: by ghbg16 with SMTP id g16so6437280ghb.31 for ; Tue, 03 Jul 2012 14:35:38 -0700 (PDT) Received: by 10.236.180.40 with SMTP id i28mr22829878yhm.22.1341351338644; Tue, 03 Jul 2012 14:35:38 -0700 (PDT) Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id y63sm33876399yha.9.2012.07.03.14.35.37 (version=SSLv3 cipher=OTHER); Tue, 03 Jul 2012 14:35:37 -0700 (PDT) Received: by obbwc20 with SMTP id wc20so11969362obb.31 for ; Tue, 03 Jul 2012 14:35:36 -0700 (PDT) Received: by 10.182.76.168 with SMTP id l8mr14894655obw.49.1341351336279; Tue, 03 Jul 2012 14:35:36 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.198.65 with HTTP; Tue, 3 Jul 2012 14:35:05 -0700 (PDT) In-Reply-To: <4FF35EFD.3090902@KingsMountain.com> References: <4FF35EFD.3090902@KingsMountain.com> From: Adam Barth Date: Tue, 3 Jul 2012 14:35:05 -0700 Message-ID: To: "=JeffH" Content-Type: text/plain; charset=ISO-8859-1 Cc: IETF WebSec WG Subject: Re: [websec] draft-ietf-websec-strict-transport-sec - closing of WGLC X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 21:35:37 -0000 To my knowledge as well. Adam On Tue, Jul 3, 2012 at 2:07 PM, =JeffH wrote: > Yes. To the best of my knowledge, everything conforms with BCP 78 and BCP > 79. > > =JeffH > > > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec From stpeter@stpeter.im Tue Jul 3 15:18:37 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C6A621F864C for ; Tue, 3 Jul 2012 15:18:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.511 X-Spam-Level: X-Spam-Status: No, score=-102.511 tagged_above=-999 required=5 tests=[AWL=0.088, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 87DQIH4qoP1j for ; Tue, 3 Jul 2012 15:18:35 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 14D3B21F860B for ; Tue, 3 Jul 2012 15:18:35 -0700 (PDT) Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id C35A14005A; Tue, 3 Jul 2012 16:37:00 -0600 (MDT) Message-ID: <4FF36FBE.1030009@stpeter.im> Date: Tue, 03 Jul 2012 16:18:38 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: Tobias Gondrom References: <4FEE166B.3070007@KingsMountain.com> <4FEF19BF.9050203@gondrom.org> In-Reply-To: <4FEF19BF.9050203@gondrom.org> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: websec@ietf.org Subject: Re: [websec] "This site is testing HSTS" directive (was Issue #41 add parameter indicating whether to hardfail or not) X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 22:18:37 -0000 On 6/30/12 9:22 AM, Tobias Gondrom wrote: > > I tend to agree with Jeff and Andy's comments. > > The real use case / need for "report-only" is not fully clear to me. > Yes, it could always be nice to have one more test-case to run before > going life with a system, but IMHO I am having a hard time seeing where > this flag would really add value. > And we should not add features (and complexity) as for "report-only" to > an I-D just for the sake of it and because they might one day be > possibly help for an unclear or theoretical use-case. Here is my reading of the thread. The examples that Alexey and Eric mentioned don't seem far-fetched (OCSP down, load-balancing between multiple certs). However, it's not clear to me that they are of significant concern, either. In both cases (and perhaps others), the response seems to be something like "use a better OCSP service" or "do more testing before you deploy interesting architectures". Eric is right that the negative consequences of getting it wrong here are more significant than with DNS because the TTL of a pinned cert is much longer than the TTL of a DNS record. Thus if you want to use HSTS, you need to be more careful. Certainly it seems that an implementation note would be warranted. I tend to agree with Jeff that if people feel a strong need for this, they can do so in a separate I-D (I don't particularly see a need for it to go into the core spec, but I might be missing something). Peter -- Peter Saint-Andre https://stpeter.im/ From Jeff.Hodges@KingsMountain.com Tue Jul 3 16:07:52 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EE6811E80D9 for ; Tue, 3 Jul 2012 16:07:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.538 X-Spam-Level: X-Spam-Status: No, score=-100.538 tagged_above=-999 required=5 tests=[AWL=-0.043, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iGEUKRjft2Ex for ; Tue, 3 Jul 2012 16:07:51 -0700 (PDT) Received: from oproxy1-pub.bluehost.com (oproxy1.bluehost.com [IPv6:2605:dc00:100:2::a1]) by ietfa.amsl.com (Postfix) with SMTP id C59AA11E8087 for ; Tue, 3 Jul 2012 16:07:51 -0700 (PDT) Received: (qmail 10100 invoked by uid 0); 3 Jul 2012 23:07:58 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy1.bluehost.com with SMTP; 3 Jul 2012 23:07:58 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=lV5PnG4FQZMd/H9nHlKJfd/0W9TVhNTmWb/r7NPkBSI=; b=5asU/tdBUlDo6algolyD3nmEyBuA9OVi8tmeHZdOmgMWNot7l1U/Ke6xpCe1JmFULQy2+UwB2Wddy6owPYRBaeGeytIEX8bm34+ZFxDa9c9uSTaB6uZsY5LH6XxAPMHA; Received: from [216.113.168.128] (port=7001 helo=[10.244.137.253]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SmCCM-0002tH-Fs; Tue, 03 Jul 2012 17:07:58 -0600 Message-ID: <4FF37B4D.2040502@KingsMountain.com> Date: Tue, 03 Jul 2012 16:07:57 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: Tobias Gondrom Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com} Cc: IETF WebSec WG Subject: Re: [websec] draft-ietf-websec-strict-transport-sec - closing of WGLC X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 23:07:52 -0000 > There remain two things left to do: > > > 2. a check of idnits revealed that there are a few reference problems > (including 3 Downref and 1 Obsolete normative reference). (here's the actual idnits output..) > ** Downref: Normative reference to an Informational RFC: RFC 2818 this ref was discussed on-list and deemed appropriate in that it's normative for the definition of HTTPS. > > ** Obsolete normative reference: RFC 3490 (Obsoleted by RFC 5890, RFC 5891) RFC 3490 & RFC 3492 are normatively ref'd out of necessity as discussed on the list. These two refs are annotated thusly.. This specification is referenced due to its ongoing relevance to actual deployments for the foreseeable future. > > ** Downref: Normative reference to an Informational RFC: RFC 5894 > > ** Downref: Normative reference to an Informational RFC: RFC 5895 I believe we decided in the extensive list discussion of the IDNA stuff and these references that we would keep these as normative refs because they really are necessary to getting IDNA stuff right. > > -- Possible downref: Non-RFC (?) normative reference: ref. 'UTS46' this is a legit & proper reference. The only alteration I'd do is remove the date on the reference since this spec is intermittently updated. (done in my -11 working copy) > > -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode' this is a legit & proper reference. > This will come > up with the RFC-Editor by the latest, so please revisit the references > and check the idnits tool on the draft ASAP. > Plus two warnings: > > == Missing Reference: 'I-D.draft-ietf-httpbis-p1-messaging-17' is mentioned > on line 1839, but not defined This is from the last paragraph in the acks appendix. I've altered it a bit to see if idnits won't barf on it. (done in my -11 working copy) > > == Outdated reference: A later version (-23) exists of > draft-ietf-dane-protocol-19 Ok, I updated the ref to -dane-protocol-23 ... but the RFC Editor will ultimately fix this up because the latter is in the rfc-editor-queue and not yet published. (done in my -11 working copy) I've only made changes in my -11 working copy that I note above (and added another person to acks) Do you suggest any other changes or should I publish -11 ? thanks, =JeffH From alexey.melnikov@isode.com Wed Jul 4 03:25:56 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E48521F87AA for ; Wed, 4 Jul 2012 03:25:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.181 X-Spam-Level: X-Spam-Status: No, score=-102.181 tagged_above=-999 required=5 tests=[AWL=-0.978, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S9qVGJ52zx-U for ; Wed, 4 Jul 2012 03:25:55 -0700 (PDT) Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 9B87A21F8717 for ; Wed, 4 Jul 2012 03:25:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1341397563; d=isode.com; s=selector; i=@isode.com; bh=ApCjM218j4dP5qTlSxL6wutCfzuIpR/OqEFpGqXA04U=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=nd46T7ETW+B0T5v6/j+gVmEprAGmlLYPZgPwBXOzXU3yn9M+XXW+kVfXMsywXfeTcvOgpF K7g3+fdKItqnTX9wqe3UFG7DMmAlskgkFBHHtufvCJR2UfycSm9MZGCwcVPqbjsvPj5ry9 giaxia4XXZCqnCsL+L/i4tRro/ZVjOU=; Received: from [188.28.228.72] (188.28.228.72.threembb.co.uk [188.28.228.72]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id ; Wed, 4 Jul 2012 11:26:03 +0100 References: <4FF37B4D.2040502@KingsMountain.com> In-Reply-To: <4FF37B4D.2040502@KingsMountain.com> Message-Id: X-Mailer: iPad Mail (9B206) From: Alexey Melnikov Date: Wed, 4 Jul 2012 11:26:00 +0100 To: =JeffH MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Cc: IETF WebSec WG Subject: Re: [websec] draft-ietf-websec-strict-transport-sec - closing of WGLC X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jul 2012 10:25:56 -0000 Hi, On 4 Jul 2012, at 00:07, =3DJeffH wrote: > > There remain two things left to do: > > > > > > > 2. a check of idnits revealed that there are a few reference problems > > (including 3 Downref and 1 Obsolete normative reference). >=20 > (here's the actual idnits output..) >=20 > > ** Downref: Normative reference to an Informational RFC: RFC 2818 >=20 > this ref was discussed on-list and deemed appropriate in that it's normati= ve for the definition of HTTPS. >=20 This one is fine, it is in the Downref registry, which means you don't even n= eed to call it out explicitly in the write-up (but it doesn't hurt to do any= way) >=20 > > > > ** Obsolete normative reference: RFC 3490 (Obsoleted by RFC 5890, RFC 5= 891) >=20 > RFC 3490 & RFC 3492 are normatively ref'd out of necessity as discussed on= the list. These two refs are annotated thusly.. >=20 > This specification is referenced due to its ongoing > relevance to actual deployments for the foreseeable > future. >=20 > > > > ** Downref: Normative reference to an Informational RFC: RFC 5894 > > > > ** Downref: Normative reference to an Informational RFC: RFC 5895 >=20 > I believe we decided in the extensive list discussion of the IDNA stuff an= d these references that we would keep these as normative refs because they r= eally are necessary to getting IDNA stuff right. >=20 >=20 These are fine, just call them out explicitly in the write-up > > > > -- Possible downref: Non-RFC (?) normative reference: ref. 'UTS46' >=20 > this is a legit & proper reference. The only alteration I'd do is remove t= he date on the reference since this spec is intermittently updated. >=20 > (done in my -11 working copy) >=20 > > > > -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode' >=20 > this is a legit & proper reference. >=20 >=20 These seem fine. >=20 >=20 > > This will come > > up with the RFC-Editor by the latest, so please revisit the references > > and check the idnits tool on the draft ASAP. > > Plus two warnings: > > > > =3D=3D Missing Reference: 'I-D.draft-ietf-httpbis-p1-messaging-17' is m= entioned > > on line 1839, but not defined >=20 > This is from the last paragraph in the acks appendix. I've altered it a bi= t to see if idnits won't barf on it. >=20 > (done in my -11 working copy) >=20 >=20 > > > > =3D=3D Outdated reference: A later version (-23) exists of > > draft-ietf-dane-protocol-19 >=20 > Ok, I updated the ref to -dane-protocol-23 ... but the RFC Editor will ult= imately fix this up because the latter is in the rfc-editor-queue and not ye= t published. >=20 Right. > (done in my -11 working copy) >=20 >=20 > I've only made changes in my -11 working copy that I note above (and added= another person to acks) >=20 > Do you suggest any other changes or should I publish -11 ? I suggest you wait for the AD review (or other issues that might come up on t= he mailing list).= From Jeff.Hodges@KingsMountain.com Thu Jul 5 08:00:30 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DACC021F872A for ; Thu, 5 Jul 2012 08:00:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -99.288 X-Spam-Level: X-Spam-Status: No, score=-99.288 tagged_above=-999 required=5 tests=[AWL=1.207, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m1kW0k001hR1 for ; Thu, 5 Jul 2012 08:00:30 -0700 (PDT) Received: from oproxy1-pub.bluehost.com (oproxy1.bluehost.com [IPv6:2605:dc00:100:2::a1]) by ietfa.amsl.com (Postfix) with SMTP id 250F821F8723 for ; Thu, 5 Jul 2012 08:00:29 -0700 (PDT) Received: (qmail 1251 invoked by uid 0); 5 Jul 2012 15:00:38 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy1.bluehost.com with SMTP; 5 Jul 2012 15:00:38 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=NPh8lqp+9KQ7mq/PZdzv/V9a3nCgcuCf8SrtxlYrjm4=; b=QHKOTsFxF6tiNh2RiDBLTN4RamhW2q0OjodeRBMHNfHw3jXe+PJqVij6PmbEeG3Sw+WzymSXWoaljX9//lkK1gilzPbbYxRgJhQ6zJR0K8AH1iicE93yPfqbkFXwD0F7; Received: from [24.4.122.173] (port=58219 helo=[192.168.11.13]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SmnXq-0004qN-3P; Thu, 05 Jul 2012 09:00:38 -0600 Message-ID: <4FF5AC14.80604@KingsMountain.com> Date: Thu, 05 Jul 2012 08:00:36 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: Tobias Gondrom Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 24.4.122.173 authed with jeff.hodges+kingsmountain.com} Cc: IETF WebSec WG Subject: Re: [websec] draft-ietf-websec-strict-transport-sec - closing of WGLC X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jul 2012 15:00:31 -0000 alexey responds: > stuff I wrote: >> I've only made changes in my -11 working copy that I note above (and added >> another person to acks) >> >> Do you suggest any other changes or should I publish -11 ? > > I suggest you wait for the AD review (or other issues that might come up on > the mailing list). ok. Who's the responsible AD at this point (Barry or Pete?) ? thanks, =JeffH From stpeter@stpeter.im Thu Jul 5 08:14:04 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26A8F21F871C for ; Thu, 5 Jul 2012 08:14:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.512 X-Spam-Level: X-Spam-Status: No, score=-102.512 tagged_above=-999 required=5 tests=[AWL=0.087, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dfVc+PM3VZY4 for ; Thu, 5 Jul 2012 08:14:03 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id CBF6821F8732 for ; Thu, 5 Jul 2012 08:14:02 -0700 (PDT) Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 327414005A; Thu, 5 Jul 2012 09:32:38 -0600 (MDT) Message-ID: <4FF5AF46.5030305@stpeter.im> Date: Thu, 05 Jul 2012 09:14:14 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: =JeffH References: <4FF5AC14.80604@KingsMountain.com> In-Reply-To: <4FF5AC14.80604@KingsMountain.com> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: IETF WebSec WG Subject: Re: [websec] draft-ietf-websec-strict-transport-sec - closing of WGLC X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jul 2012 15:14:04 -0000 On 7/5/12 9:00 AM, =JeffH wrote: > Who's the responsible AD at this point (Barry or Pete?) ? https://datatracker.ietf.org/wg/websec/charter/ /psa From alexey.melnikov@isode.com Thu Jul 5 08:17:27 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D357721F8759 for ; Thu, 5 Jul 2012 08:17:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.886 X-Spam-Level: X-Spam-Status: No, score=-102.886 tagged_above=-999 required=5 tests=[AWL=-0.287, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yFJMOkR0JhQV for ; Thu, 5 Jul 2012 08:17:27 -0700 (PDT) Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id E88AF21F8751 for ; Thu, 5 Jul 2012 08:17:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1341501461; d=isode.com; s=selector; i=@isode.com; bh=TAHwg1tSeEIaadNlsQK9jsqiG4U5eNesEeRfw5rAXT8=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=W/iNpfV2pe4DsfVMom5ZK1szftexad8jUG6YfN9pbZQR5eKrzRyhWh8dduUA+IekaOh018 JErZIqBOeRn+zy/V87tLDXfZThKuKMh9zYzbbhV3k8aJU/tCjxMw+DCWCouLLHNJRWMzS4 t29tn2Edt011hcGep6mK5LgBLZbzEv4=; Received: from [172.16.11.4] (shiny.isode.com [62.3.217.250]) by waldorf.isode.com (submission channel) via TCP with ESMTPA id ; Thu, 5 Jul 2012 16:17:41 +0100 Message-ID: <4FF5B10D.70707@isode.com> Date: Thu, 05 Jul 2012 16:21:49 +0100 From: Alexey Melnikov User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 To: =JeffH References: <4FF5AC14.80604@KingsMountain.com> In-Reply-To: <4FF5AC14.80604@KingsMountain.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: IETF WebSec WG Subject: Re: [websec] draft-ietf-websec-strict-transport-sec - closing of WGLC X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jul 2012 15:17:28 -0000 On 05/07/2012 16:00, =JeffH wrote: > alexey responds: > > stuff I wrote: > >> I've only made changes in my -11 working copy that I note above > (and added > >> another person to acks) > >> > >> Do you suggest any other changes or should I publish -11 ? > > > > I suggest you wait for the AD review (or other issues that might > come up on > > the mailing list). > > ok. > > Who's the responsible AD at this point (Barry or Pete?) ? Barry. From internet-drafts@ietf.org Fri Jul 6 03:47:08 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC42E21F8790; Fri, 6 Jul 2012 03:47:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UK5YW2Gf2QKk; Fri, 6 Jul 2012 03:47:08 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 204B121F877B; Fri, 6 Jul 2012 03:47:08 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.30p2 Message-ID: <20120706104708.18629.48263.idtracker@ietfa.amsl.com> Date: Fri, 06 Jul 2012 03:47:08 -0700 Cc: websec@ietf.org Subject: [websec] I-D Action: draft-ietf-websec-frame-options-00.txt X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 10:47:09 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Web Security Working Group of the IETF. Title : HTTP Header Frame Options Author(s) : David Ross Tobias Gondrom Filename : draft-ietf-websec-frame-options-00.txt Pages : 9 Date : 2012-07-06 Abstract: To improve the protection of web applications against Clickjacking this standards defines a http response header that declares a policy communicated from a host to the client browser whether the transmitted content MUST NOT be displayed in frames of other pages from different origins which are allowed to frame the content. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-websec-frame-options There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-websec-frame-options-00 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From tobias.gondrom@gondrom.org Fri Jul 6 04:09:43 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB78B21F87A8 for ; Fri, 6 Jul 2012 04:09:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -96.778 X-Spam-Level: X-Spam-Status: No, score=-96.778 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GuNj-9e2OQe3 for ; Fri, 6 Jul 2012 04:09:42 -0700 (PDT) Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id E45A121F879E for ; Fri, 6 Jul 2012 04:09:41 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=lYrEW2SOH5tGRokuRDr9skhEMV7bNBrWpGbsZDcP19rVJ0Ux+YCE1UHiiztURgroL9eNR7KBCQyFvVGdy4vTo5hDp6bKW7a6bAgD52MKEoy6VSjpJ0sD2nq5D7ir2KvS; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; Received: (qmail 7717 invoked from network); 6 Jul 2012 13:09:43 +0200 Received: from static-15-149-235-87.ipcom.comunitel.net (HELO ?172.26.0.209?) (87.235.149.15) by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 6 Jul 2012 13:09:43 +0200 Message-ID: <4FF6C776.1080705@gondrom.org> Date: Fri, 06 Jul 2012 12:09:42 +0100 From: Tobias Gondrom User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: websec@ietf.org References: <20120706104708.18629.48263.idtracker@ietfa.amsl.com> In-Reply-To: <20120706104708.18629.48263.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [websec] I-D Action: draft-ietf-websec-frame-options-00.txt X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 11:09:43 -0000 Hello dear websec fellows, please note that following the consensus of the WG for adotion of the drafts, David and I revised the draft-gondrom-frame-options-02 draft and uploaded it as websec WG document: draft-ietf-websec-frame-options-00 http://www.ietf.org/id/draft-ietf-websec-frame-options-00.txt And my apologies that this revision took so long, as I was a bit occupied with other drafts. Please take a read and am looking forward to your feedback. To my knowledge there are a number of topics to be discussed about this draft, two of them being: 1. we (the editors) removed the list of origins from the ALLOW-FROM field, due to performance concerns with processing the origin-list. Now it is only one URI. I am personally not entirely sure this to be the right way, so would like to encourage discussion about this. 2. There has been some discussion whether FO (Frame-Options) should be done in CSP instead. In 2010/2011 there was an informal discussion about this with people from WebAppSec with the recommendation to put in websec and it was removed from the initial CSP version back then. I still think that this was the right step and that FO is better done as the successor of XFO in websec and the logical evolution step than putting it in CSP. My main thoughts here are: - clear migration path from XFO to FO - IMHO the FO function does not fit naturally with the other functions and semantic of CSP if you look closely at CSP. And although I can sense that it may look tempting to think about "saving http headers" and put everything into one, I don't think this to be the right approach for FO (nor in general). However, I wanted to revive this discussion on the mailing-list whether we should give up on FO and ask W3C WebAppSec to put it into CSP. One thing I would really like to see in this discussion is to learn about the perceived benefits from discontinuing our current approach on Frame-Options in websec and trying to integrate it into CSP. Btw. I will be out-of-office the next 5 days, so my apologies if I can not answer to questions and arguments on FO immediately. I will be back very shortly. Best regards and looking forward to reviews and discussions. Tobias On 06/07/12 11:47, internet-drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Web Security Working Group of the IETF. > > Title : HTTP Header Frame Options > Author(s) : David Ross > Tobias Gondrom > Filename : draft-ietf-websec-frame-options-00.txt > Pages : 9 > Date : 2012-07-06 > > Abstract: > To improve the protection of web applications against Clickjacking > this standards defines a http response header that declares a policy > communicated from a host to the client browser whether the > transmitted content MUST NOT be displayed in frames of other pages > from different origins which are allowed to frame the content. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-websec-frame-options > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-websec-frame-options-00 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec From collin.jackson@west.cmu.edu Fri Jul 6 09:35:00 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E79421F86D9 for ; Fri, 6 Jul 2012 09:35:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.976 X-Spam-Level: X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X-dqab7qol2f for ; Fri, 6 Jul 2012 09:34:59 -0700 (PDT) Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by ietfa.amsl.com (Postfix) with ESMTP id A5C4A21F86D8 for ; Fri, 6 Jul 2012 09:34:59 -0700 (PDT) Received: by qcsg15 with SMTP id g15so7289698qcs.27 for ; Fri, 06 Jul 2012 09:35:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=WkphrqFGolA8jQ7XA711jPC6REwpjT/WlghKUKjiTFY=; b=PUN6sww1PRGgqxQBFab9K2t26lLUMOxiROhw1348mUxNgisD7iwcV2oDgHTylkDyID yl86ak2g4tBGk87fDXDd1NbJDcn1Jk1ZtgA3EpuBvPy0CCyBwbb5gIgaqnOTz5K4Kdv3 EKrE8Vm9LToD4SuKtWa+66MRV4AbCz7nIcABrMURBtisi0e9NmeAokO5UpfXe5s8fmku sh40d8Cxp9VZNPMJIj+YalHzG6Nj2Pn5fNPWM6SC6aN15gSB1RZMnw/jOUazl8YUtmoj qAXDAUDp1fsJst/bVtRmWwFzyS6RTidt7mNLxQ0AyeQs4jy5UTRCJGPSwXpd7DUNmp+H KJ1w== Received: by 10.224.27.129 with SMTP id i1mr54263233qac.19.1341592515857; Fri, 06 Jul 2012 09:35:15 -0700 (PDT) Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by mx.google.com with ESMTPS id bh13sm50812701qab.21.2012.07.06.09.35.14 (version=SSLv3 cipher=OTHER); Fri, 06 Jul 2012 09:35:14 -0700 (PDT) Received: by qcsg15 with SMTP id g15so7289664qcs.27 for ; Fri, 06 Jul 2012 09:35:13 -0700 (PDT) Received: by 10.224.117.13 with SMTP id o13mr54666480qaq.73.1341592513730; Fri, 06 Jul 2012 09:35:13 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.226.3 with HTTP; Fri, 6 Jul 2012 09:34:33 -0700 (PDT) In-Reply-To: References: <4FF35EFD.3090902@KingsMountain.com> From: Collin Jackson Date: Fri, 6 Jul 2012 09:34:33 -0700 Message-ID: To: Adam Barth Content-Type: multipart/alternative; boundary=20cf3074afee36d96804c42bd996 X-Gm-Message-State: ALoCoQmKXOW+ttntHZUVBwaYazPkRZKD3ddHrURd/evVRbxpeEpRK9Z4ntBsFwIXHltSatEf5NaF Cc: IETF WebSec WG Subject: Re: [websec] draft-ietf-websec-strict-transport-sec - closing of WGLC X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 19:17:52 -0000 --20cf3074afee36d96804c42bd996 Content-Type: text/plain; charset=UTF-8 To my knowledge as well. On Tue, Jul 3, 2012 at 2:35 PM, Adam Barth wrote: > To my knowledge as well. > > Adam > > > On Tue, Jul 3, 2012 at 2:07 PM, =JeffH > wrote: > > Yes. To the best of my knowledge, everything conforms with BCP 78 and BCP > > 79. > > > > =JeffH > > > > > > _______________________________________________ > > websec mailing list > > websec@ietf.org > > https://www.ietf.org/mailman/listinfo/websec > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec > --20cf3074afee36d96804c42bd996 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable To my knowledge as w= ell.

On Tue, Jul 3, 2012 at 2:35 P= M, Adam Barth <ietf@adambarth.com> wrote:
To my knowledge as well.

Adam


On Tue, Jul 3, 2012 at 2:07 PM, =3DJeffH <Jeff.Hodges@kingsmountain.com> wrote:
> Yes. To the best of my knowledge, everything conforms with BCP 78 and = BCP
> 79.
>
> =3DJeffH
>
>
> _______________________________________________
> websec mailing list
> websec@ietf.org
> https://www.ietf.org/mailman/listinfo/websec
_______________________________________________
websec mailing list
websec@ietf.org
= https://www.ietf.org/mailman/listinfo/websec

--20cf3074afee36d96804c42bd996-- From Jeff.Hodges@KingsMountain.com Fri Jul 6 13:19:11 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7595021F85F8 for ; Fri, 6 Jul 2012 13:19:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.532 X-Spam-Level: X-Spam-Status: No, score=-100.532 tagged_above=-999 required=5 tests=[AWL=-0.036, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SCT0Z3M7eVMk for ; Fri, 6 Jul 2012 13:19:10 -0700 (PDT) Received: from oproxy5-pub.bluehost.com (oproxy5.bluehost.com [IPv6:2605:dc00:100:2::a5]) by ietfa.amsl.com (Postfix) with SMTP id 81BFF21F85EF for ; Fri, 6 Jul 2012 13:19:10 -0700 (PDT) Received: (qmail 14180 invoked by uid 0); 6 Jul 2012 20:19:27 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy2.bluehost.com with SMTP; 6 Jul 2012 20:19:27 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=D2qhwucV2RCPufydIqS2iu9idqrgKKBct9nfxKnx3BQ=; b=0kAj/TVNNIguNHgTyIIK55DvkwGxLsgs+wNPXWTPTmWvpJp/BanarjNd6WOZC4alU6K8/58ei+WLl3E8uEp2azraxzpOhuozPXWGrYjCZhHUol5fkdDMR/0C1mMPrLQJ; Received: from [216.113.168.128] (port=24575 helo=[10.244.137.22]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SnEzv-0004Qk-BO for websec@ietf.org; Fri, 06 Jul 2012 14:19:27 -0600 Message-ID: <4FF7484F.20903@KingsMountain.com> Date: Fri, 06 Jul 2012 13:19:27 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: IETF WebSec WG Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com} Subject: Re: [websec] draft-ietf-websec-strict-transport-sec - closing of WGLC X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 20:19:11 -0000 forwarding on behalf of Collin Jackson : Return-Path: collin.jackson@west.cmu.edu Delivery-Date: Fri Jul 6 10:06:48 2012 Return-Path: X-Original-To: hodges@localhost Delivered-To: hodges@localhost Received: from Breakaway (localhost [127.0.0.1]) by Breakaway (Postfix) with ESMTP id 8CF0B1E1D14 for ; Fri, 6 Jul 2012 10:06:48 -0700 (PDT) Envelope-to: Jeff.Hodges@kingsmountain.com Delivery-date: Fri, 06 Jul 2012 10:35:20 -0600 Received: from box514.bluehost.com [74.220.219.114] by Breakaway with IMAP (fetchmail-6.3.9-rc2) for (single-drop); Fri, 06 Jul 2012 10:06:48 -0700 (PDT) Received: from kingsmou by box514.bluehost.com with local-bsmtp (Exim 4.76) (envelope-from ) id 1SnBV0-0004ZP-Kh for Jeff.Hodges@kingsmountain.com; Fri, 06 Jul 2012 10:35:19 -0600 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on box514.bluehost.com X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_20,HTML_MESSAGE, RDNS_NONE shortcircuit=no autolearn=no version=3.3.1 Received: from [209.85.216.47] (port=39568 helo=mail-qa0-f47.google.com) by box514.bluehost.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) (envelope-from ) id 1SnBUz-0004YI-Ck for Jeff.Hodges@kingsmountain.com; Fri, 06 Jul 2012 10:35:17 -0600 Received: by qabg1 with SMTP id g1so543142qab.13 for ; Fri, 06 Jul 2012 09:35:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=WkphrqFGolA8jQ7XA711jPC6REwpjT/WlghKUKjiTFY=; b=a2Bof0pI179VMfgymr1bipUs242DBtf/JQ5Sw0zlx6JmZFV33TF0cfnQtQI7SnwvUg trlSkIG1NcXTPkUYr2RHwPnMM1g8/Jz1r80s2ATcQGkGz7AzxRCDsFAXZJPpDQue3m9Y GRNGk+WBAPWNwcpGrLg2XcQ1MCdDdh+dHBt9x86BFtJMI0Z9Jcql0gCuzD/s0ZsG3BfO C/kW+GKvmo8ssO0J72618j++CZRelnjISmr+GTRstpGNFQzRVvRZI/lkPHARm/9fm4T3 MUrieCE9XKpc+JK0wUi9pqq2nClWD22K303myJsy0ORWzqwnInM+YeswlTsCtdmJbr07 mLTg== Received: by 10.224.111.139 with SMTP id s11mr54438807qap.78.1341592515834; Fri, 06 Jul 2012 09:35:15 -0700 (PDT) Received: from mail-qa0-f47.google.com (mail-qa0-f47.google.com [209.85.216.47]) by mx.google.com with ESMTPS id bk12sm50785491qab.6.2012.07.06.09.35.14 (version=SSLv3 cipher=OTHER); Fri, 06 Jul 2012 09:35:14 -0700 (PDT) Received: by qabg1 with SMTP id g1so543104qab.13 for ; Fri, 06 Jul 2012 09:35:13 -0700 (PDT) Received: by 10.224.117.13 with SMTP id o13mr54666480qaq.73.1341592513730; Fri, 06 Jul 2012 09:35:13 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.226.3 with HTTP; Fri, 6 Jul 2012 09:34:33 -0700 (PDT) In-Reply-To: References: <4FF35EFD.3090902@KingsMountain.com> From: Collin Jackson Date: Fri, 6 Jul 2012 09:34:33 -0700 Message-ID: Subject: Re: [websec] draft-ietf-websec-strict-transport-sec - closing of WGLC To: Adam Barth Cc: "=JeffH" , IETF WebSec WG Content-Type: multipart/alternative; boundary=20cf3074afee36d96804c42bd996 X-Gm-Message-State: ALoCoQmPUufINpcdBH4qFNwL/vUaXv40n17N3XIQWB8zNe3Ym/p4mFH0RceNDMOC8T0o9TSq0BpF X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:spamassassin for local delivery to identified user} --20cf3074afee36d96804c42bd996 Content-Type: text/plain; charset=UTF-8 To my knowledge as well. On Tue, Jul 3, 2012 at 2:35 PM, Adam Barth wrote: > To my knowledge as well. > > Adam > > > On Tue, Jul 3, 2012 at 2:07 PM, =JeffH > wrote: > > Yes. To the best of my knowledge, everything conforms with BCP 78 and BCP > > 79. > > > > =JeffH > > > > > > _______________________________________________ > > websec mailing list > > websec@ietf.org > > https://www.ietf.org/mailman/listinfo/websec > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec > --20cf3074afee36d96804c42bd996 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable To my knowledge as w= ell.

On Tue, Jul 3, 2012 at 2:35 P= M, Adam Barth <ietf@adambarth.com> wrote:
To my knowledge as well.

Adam


On Tue, Jul 3, 2012 at 2:07 PM, =3DJeffH <Jeff.Hodges@kingsmountain.com> wrote:
> Yes. To the best of my knowledge, everything conforms with BCP 78 and = BCP
> 79.
>
> =3DJeffH
>
>
> _______________________________________________
> websec mailing list
> websec@ietf.org
> https://www.ietf.org/mailman/listinfo/websec
_______________________________________________
websec mailing list
websec@ietf.org
= https://www.ietf.org/mailman/listinfo/websec

--20cf3074afee36d96804c42bd996-- From tobias.gondrom@gondrom.org Sun Jul 8 02:37:15 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29AAC21F86B6 for ; Sun, 8 Jul 2012 02:37:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -96.778 X-Spam-Level: X-Spam-Status: No, score=-96.778 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zAMBBTZccFTP for ; Sun, 8 Jul 2012 02:37:14 -0700 (PDT) Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id E903321F86B9 for ; Sun, 8 Jul 2012 02:37:13 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=gfInkxuBNvrDocEUXdEyKgg261rRoH0NeNQCOr7RDp44VDpse/uSlgXFAzgW1I3DMXZRzmVxsZ/UTOfNXprcziVsYV6GUs0Fc5jiV4StemJZnOq4jYmYLzQGMvhNuyDL; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:X-Forwarded-Message-Id:Content-Type:Content-Transfer-Encoding; Received: (qmail 28628 invoked from network); 8 Jul 2012 11:37:33 +0200 Received: from static-15-149-235-87.ipcom.comunitel.net (HELO ?172.26.0.209?) (87.235.149.15) by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Jul 2012 11:37:33 +0200 Message-ID: <4FF954DC.90303@gondrom.org> Date: Sun, 08 Jul 2012 10:37:32 +0100 From: Tobias Gondrom User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: websec@ietf.org References: In-Reply-To: X-Forwarded-Message-Id: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [websec] Fwd: NomCom 2012-13 Call for Volunteers X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jul 2012 09:37:15 -0000 Hello websec fellows, the NomCom process is very important for the function and governance of the IETF. Please volunteer if you are eligible. Best regards, Tobias (co-chair of websec) ---------- Forwarded message ---------- From: *NomCom Chair* Date: Friday, July 6, 2012 Subject: NomCom 2012-13 Call for Volunteers To: IETF Announcement List > The IETF nominating committee process for 2012-13 has begun. The IETF nominating committee appoints folks to fill the open slots on the IAOC, the IAB, and the IESG. The 10 nominating committee members are selected randomly from a pool of volunteers. The more volunteers, the better chance we have of choosing a random yet representative cross section of the IETF population. The details of the operation of the nomcom can be found in RFC 3777. To be eligible, volunteers for the nomcom need to have attended 3 of the past 5 IETF meetings as of the time this announcement goes out. That is, 3 meetings from IETF 79 (Beijing) - IETF 83 (Paris). If you qualify, and if you will not be seeking appointment to any of the open positions that this nomcom will be filling, please consider volunteering. The list of people whose terms end with the March 2013 IETF meeting, and thus the positions for which the nominating committee is responsible for filling, are as follows: IAOC: -------- Dave Crocker IAB: -------- Alissa Cooper Joel Halpern David Kessens Danny McPherson Jon Peterson Dave Thaler IESG: -------- Russ Housley (General Area) Pete Resnick (Applications Area) Ralph Droms (Internet Area) Ronald Bonica (Operations and Management Area) Robert Sparks (Real-Time Applications and Infrastructure Area) Adrian Farrel (Routing Area) Stephen Farrell (Security Area) Wesley Eddy (Transport Area) The primary activity for this nomcom will begin in August 2012 and should be completed in January 2013. The nomcom will be collecting requirements from the community, as well as talking to candidates and obtaining feedback from community members about candidates. There will be regularly scheduled conference calls to ensure progress. Thus, being a nomcom member does require some time commitment. Please volunteer by sending an email before 11:59 pm EDT (UTC - 4 hours) August 5, 2012 as follows: To: mlepinski.ietf@gmail.com Subject: Nomcom 2012-13 Volunteer Please include the following information in the body: // As you enter in the IETF Registration Form, // First/Given name followed by Last/Family Name // typically what goes in the Company field // in the IETF Registration Form [] // // For confirmation if selected Please expect an email response from me within 3 business days stating whether or not you are qualified. If you don't receive a response, please re-send your email with the tag "RESEND:" added to the subject line. If you are not yet sure you would like to volunteer, please consider that nomcom members play a very important role in shaping the leadership of the IETF. Ensuring the leadership of the IETF is fair and balanced and comprised of those who can lead the IETF in the right direction is an important responsibility that rests on the IETF participants at large. Volunteering for the nomcom is a good way of contributing toward that goal. I will be publishing a more detailed timetable for nomcom activities, as well as details of the randomness seeds to be used for the RFC 3797 selection process, within the next couple weeks. Thank you, Matthew Lepinski mlepinski.ietf@gmail.com nomcom-chair@ietf.org From bhill@paypal-inc.com Mon Jul 9 11:31:24 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFAFB11E8102 for ; Mon, 9 Jul 2012 11:31:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.117 X-Spam-Level: X-Spam-Status: No, score=-9.117 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tagpngCvhuPv for ; Mon, 9 Jul 2012 11:31:22 -0700 (PDT) Received: from den-mipot-001.corp.ebay.com (den-mipot-001.corp.ebay.com [216.113.175.152]) by ietfa.amsl.com (Postfix) with ESMTP id DF57611E80D0 for ; Mon, 9 Jul 2012 11:31:21 -0700 (PDT) DomainKey-Signature: s=ppinc; d=paypal-inc.com; c=nofws; q=dns; h=X-EBay-Corp:X-IronPort-AV:Received:Received:From:To: Subject:Thread-Topic:Thread-Index:Date:Message-ID: Accept-Language:Content-Language:X-MS-Has-Attach: X-MS-TNEF-Correlator:x-originating-ip:x-ems-proccessed: x-ems-stamp:Content-Type:Content-Transfer-Encoding: MIME-Version; b=KfG98yQuqdi0OYPEUlcJaG4V4PMM063umW/EyuO52cQxGP/qydm0OM8j 8igDBLP9xWabFJUYGijZsxdVEvBqN7wwlJ9a7ItAN6R0wIDHYcKJjD/RP mojy2xKiaV77vFF; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paypal-inc.com; i=bhill@paypal-inc.com; q=dns/txt; s=ppinc; t=1341858707; x=1373394707; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=Z/n+mwRd1Crj5gMvpEzmflV57LLy58HzdV1B+c2fWuY=; b=Byrre7KQbcG3eI74UfUbUHR6lqW1mNpccToDec3YoFnRBREbO2jT1IN2 MN8XBfE7nwccrFJcTLnxPWjl5V+cfGL2YuQBmGSYMD/rkw08j46GmgQLA bi6ouYJ1bRCO3tH; X-EBay-Corp: Yes X-IronPort-AV: E=Sophos;i="4.77,553,1336374000"; d="scan'208";a="8566207" Received: from den-exmht-002.corp.ebay.com ([10.241.17.149]) by den-mipot-001.corp.ebay.com with ESMTP/TLS/AES128-SHA; 09 Jul 2012 11:31:46 -0700 Received: from DEN-EXDDA-S12.corp.ebay.com ([fe80::40c1:9cf7:d21e:46c]) by DEN-EXMHT-002.corp.ebay.com ([fe80::cbe:ffa5:17f0:a24a%14]) with mapi id 14.02.0298.004; Mon, 9 Jul 2012 12:31:43 -0600 From: "Hill, Brad" To: "public-webappsec@w3.org" , "websec@ietf.org" Thread-Topic: Coordinating Frame-Options and CSP UI Safety directives Thread-Index: Ac1eARMykz8Gk35PQYOw0F4CVEc1fg== Date: Mon, 9 Jul 2012 18:31:42 +0000 Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E1799AD@DEN-EXDDA-S12.corp.ebay.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.241.19.242] x-ems-proccessed: 10SqDH0iR7ekR7SRpKqm5A== x-ems-stamp: ILKGZFO3M7NqUlNocZS6Bw== Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [websec] Coordinating Frame-Options and CSP UI Safety directives X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 18:31:24 -0000 Tobias, David and other WebSec participants, Over at the W3C WebAppSec WG we are beginning to draft a set of new direct= ives for Content Security Policy focused specifically on User Interface Saf= ety - protection against clickjacking and other UI Redressing attacks. As Adam Barth suggested on this list a few weeks ago, WebSec and WebAppSec= should discuss and coordinate on whether new functionality related to UI e= mbedding, such as ALLOW-FROM or embed-ancestors, would be best developed as= CSP directives or in a new Frame-Options header. =20 It made sense for the IETF WebSec group to be the lightest and fastest pro= cess to specify the existing behavior of X-Frame-Options, but further refin= ements are more in the realm of web user agent behavior. If sites are goin= g to specify UI safety directives using CSP, using that mechanism rather th= an a new Frame-Options header can save on some header bloat, as well as mak= ing it easier to interpret scenarios where a resource wants to obsolete the= X-Frame-Options when new behaviors are available. (e.g., allow embedding i= f CSP UI Safety directives are understood, but deny it for user agents that= only understand X-Frame-Options) The current editor's draft doesn't include these options, but please take a= look. =20 http://dvcs.w3.org/hg/user-interface-safety/raw-file/tip/user-interface-saf= ety.html=20 A proposed additional directive for this specification is: embed-ancestors The embed-options directive indicates whether the user-agent should embed t= he resource using a frame, iframe, object or embed tag, or equivalent funct= ionality in non-HTML resources. Resources can use this to avoid many UI Red= ressing attacks by ensuring they are not embedded into other sites. This di= rective replicates some of the functionality of the X-Frame-Options header.= The syntax for the name and value of the directive are described by the fo= llowing ABNF grammar: directive-name =3D "embed-ancestors" directive-value =3D source-list Unlike policies defined in Content Security Policy 1.0, the embed-ancestors= directives is not subject to the default-src directive. If this directive = is not explicitly stated in the policy its value is assumed to be "*".=20 If 'deny' is present in the source-list, the resource cannot be displayed i= n an embedded context, regardless of the origin attempting to do so, and al= l other members of the source-list are ignored. This provides functionality= equivalent to the DENY value of the X-Frame-Options header. If 'deny' is not present the source-list indicates which origins are valid = ancestors for the resource. An ancestor is any resource between the protect= ed resource and the top of the window frame tree; for example, if A embeds = B which embeds C, both A and B are ancestors of C. If A embeds both B and C= , B is not an ancestor of C, but A still is. The 'self' source indicates that content of the same-origin as the protecte= d resource may embed it. This provides functionality equivalent to the SAME= ORIGIN value of the X-Frame-Options header. Thank you - we welcome your thoughts and feedback, Brad Hill Co-chair, W3C WebAppSec WG From barryleiba@gmail.com Mon Jul 9 13:29:42 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7039611E81C2 for ; Mon, 9 Jul 2012 13:29:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.113 X-Spam-Level: X-Spam-Status: No, score=-103.113 tagged_above=-999 required=5 tests=[AWL=-0.136, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8SPeoC6Dbofa for ; Mon, 9 Jul 2012 13:29:42 -0700 (PDT) Received: from mail-qa0-f44.google.com (mail-qa0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id E178411E8171 for ; Mon, 9 Jul 2012 13:29:41 -0700 (PDT) Received: by qadz3 with SMTP id z3so1830999qad.10 for ; Mon, 09 Jul 2012 13:30:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=fWLSwv3MTEfF8YQrbcklL86LFAlCpZTNhmZSrsHwh8k=; b=AK7jE7eO6UxMpUZ5US87TWcslSIjNihbpEXb25i+L8GA349OVlk9wz/4hI9SvK3Oog DtUNPTuK9PHc6P3rXN5NBb7khVqSMCUg3EUKVGJdBTUTPPa6lL2rmx9HzZTvoDxPwupP TwyNme8cjbIJrEK6V81OAKmwcPINJFmJ3cpptCyOVncJbKMydrDz9kvDAYb0mchxdkbP 8ZVjfHi/zxKwMyQFk5WqmuQZcgzcZ3hcUAVudUIG+n3wGu/Kk5IPcSIoPcAZziUS66uq rorEcnFzasUqD34BN6fjQ6H4uLMaqyxstJLrHU0WaOWl1gj1rHpmBaxTu5s1+/YlGd4c oLlw== MIME-Version: 1.0 Received: by 10.229.136.142 with SMTP id r14mr22252612qct.70.1341865807276; Mon, 09 Jul 2012 13:30:07 -0700 (PDT) Sender: barryleiba@gmail.com Received: by 10.229.245.85 with HTTP; Mon, 9 Jul 2012 13:30:07 -0700 (PDT) Date: Mon, 9 Jul 2012 16:30:07 -0400 X-Google-Sender-Auth: TgopOT1uCB8zbhxJC5rT1iq2IV0 Message-ID: From: Barry Leiba To: websec@ietf.org Content-Type: text/plain; charset=ISO-8859-1 Subject: [websec] draft-ietf-websec-strict-transport-sec issue: "directive name" and "directive value" X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 20:29:42 -0000 The following came up in my AD review of draft-ietf-websec-strict-transport-sec, and Jeff suggested that I needed to take it to the list. So here it is. The ABNF in Section 6.1 has this: directive = token [ "=" ( token | quoted-string ) ] Below that, bullet 3 says this: 3. Directive names are case-insensitive. And in Section 6.1.1: The syntax of the max-age directive's value (after quoted-string unescaping, if necessary) is defined as: Nothing defines what a directive name or a directive's value is. You and I know they're what's on the left side of the equals sign and the right side, respectively. We can't assume, though, that people will figure out that the ABNF definition above turns into "name=value", and will thus know what those terms mean, completely unambiguously, for essentially all readers. Making the grammar like this will fix it: directive = directive-name [ "=" directive-value ] directive-name = token directive-value = token | quoted-string If there's a good reason not to make the ABNF change above, I'm happy to accept some other way of defining the terms, but I think they must be defined. I think doing it with the ABNF is the easiest and smoothest way. Barry From ietf@adambarth.com Mon Jul 9 13:50:25 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F8F311E8210 for ; Mon, 9 Jul 2012 13:50:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.977 X-Spam-Level: X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cwc5TCi-8X7l for ; Mon, 9 Jul 2012 13:50:24 -0700 (PDT) Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 2C9CE11E8200 for ; Mon, 9 Jul 2012 13:50:24 -0700 (PDT) Received: by ggnc4 with SMTP id c4so11574671ggn.31 for ; Mon, 09 Jul 2012 13:50:49 -0700 (PDT) Received: by 10.236.78.36 with SMTP id f24mr49631292yhe.20.1341867049669; Mon, 09 Jul 2012 13:50:49 -0700 (PDT) Received: from mail-gh0-f172.google.com (mail-gh0-f172.google.com [209.85.160.172]) by mx.google.com with ESMTPS id e19sm31100145ann.10.2012.07.09.13.50.47 (version=SSLv3 cipher=OTHER); Mon, 09 Jul 2012 13:50:48 -0700 (PDT) Received: by ghbg16 with SMTP id g16so11591760ghb.31 for ; Mon, 09 Jul 2012 13:50:46 -0700 (PDT) Received: by 10.60.2.3 with SMTP id 3mr23915738oeq.0.1341867046354; Mon, 09 Jul 2012 13:50:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.226.5 with HTTP; Mon, 9 Jul 2012 13:50:16 -0700 (PDT) In-Reply-To: References: From: Adam Barth Date: Mon, 9 Jul 2012 13:50:16 -0700 Message-ID: To: Barry Leiba Content-Type: text/plain; charset=ISO-8859-1 Cc: websec@ietf.org Subject: Re: [websec] draft-ietf-websec-strict-transport-sec issue: "directive name" and "directive value" X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 20:50:25 -0000 That seems fine to me. Adam On Mon, Jul 9, 2012 at 1:30 PM, Barry Leiba wrote: > The following came up in my AD review of > draft-ietf-websec-strict-transport-sec, and Jeff suggested that I > needed to take it to the list. So here it is. > > The ABNF in Section 6.1 has this: > > directive = token [ "=" ( token | quoted-string ) ] > > Below that, bullet 3 says this: > > 3. Directive names are case-insensitive. > > And in Section 6.1.1: > > The syntax of the max-age directive's value (after quoted-string > unescaping, if necessary) is defined as: > > Nothing defines what a directive name or a directive's value is. You > and I know they're what's on the left side of the equals sign and the > right side, respectively. We can't assume, though, that people will > figure out that the ABNF definition above turns into "name=value", and > will thus know what those terms mean, completely unambiguously, for > essentially all readers. > > Making the grammar like this will fix it: > > directive = directive-name [ "=" directive-value ] > directive-name = token > directive-value = token | quoted-string > > If there's a good reason not to make the ABNF change above, I'm happy > to accept some other way of defining the terms, but I think they must > be defined. I think doing it with the ABNF is the easiest and > smoothest way. > > Barry > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec From rbarnes@bbn.com Mon Jul 9 13:55:11 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3259121F86C9 for ; Mon, 9 Jul 2012 13:55:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.561 X-Spam-Level: X-Spam-Status: No, score=-106.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xqFHYOifFUrR for ; Mon, 9 Jul 2012 13:55:10 -0700 (PDT) Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 8BE8521F86C1 for ; Mon, 9 Jul 2012 13:55:10 -0700 (PDT) Received: from dhcp-192-1-255-151.col.bbn.com ([192.1.255.151]:50741) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from ) id 1SoKzX-0005je-M5 for websec@ietf.org; Mon, 09 Jul 2012 16:55:35 -0400 From: "Richard L. Barnes" Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Mon, 9 Jul 2012 16:55:35 -0400 Message-Id: To: websec@ietf.org Mime-Version: 1.0 (Apple Message framework v1278) X-Mailer: Apple Mail (2.1278) Subject: [websec] Content sniffing X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 20:55:11 -0000 Related to draft-ietf-websec-mime-sniff, an example of sniffing gone = awry: It's a valid JPEG image that contains and HTML snippet in a comment = segment. As a result, when a browser loads the URL expecting an image, = it renders the image content, and when it expects HTML, it skips the = binary junk at the top and renders the HTML [*]. (In both cases, the = server reports Content-Type text/html.) What's even more startling is = that Chrome helpfully adds the binary junk at the top as the first child = of the element in the parsed DOM! --Richard [*] At least in Chrome 20.0.1132.47= From alexey.melnikov@isode.com Mon Jul 9 14:03:49 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9449C11E81CA for ; Mon, 9 Jul 2012 14:03:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.781 X-Spam-Level: X-Spam-Status: No, score=-101.781 tagged_above=-999 required=5 tests=[AWL=0.819, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uD+dZa2koyzT for ; Mon, 9 Jul 2012 14:03:49 -0700 (PDT) Received: from statler.isode.com (statler.isode.com [62.3.217.254]) by ietfa.amsl.com (Postfix) with ESMTP id D07B911E8171 for ; Mon, 9 Jul 2012 14:03:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1341867853; d=isode.com; s=selector; i=@isode.com; bh=qSj9QbpaRYEORSJTKr7QSQDrNHIzs6LmEvT7SqA354k=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=LHYDliUf4jTgMRc1K/qd171uy3kUaitwBmbLI0PQ3nbWBxIk8dNPhqgkhhM7v+gtdj8chh Ojtar46qeRYu7iaR+dJPTyqmie3DZwat1pv+R5ffXfPL4WSmqzClarhzwiAeW9uagCGqAy 823stDh72BMkvpg8PXjPc6xW+4SQpXk=; Received: from [188.29.184.237] (188.29.184.237.threembb.co.uk [188.29.184.237]) by statler.isode.com (submission channel) via TCP with ESMTPSA id ; Mon, 9 Jul 2012 22:04:13 +0100 References: In-Reply-To: Message-Id: <6000324A-6083-4010-B8F2-E9DF23125F49@isode.com> X-Mailer: iPad Mail (9B206) From: Alexey Melnikov Date: Mon, 9 Jul 2012 22:04:07 +0100 To: Barry Leiba MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Cc: "websec@ietf.org" Subject: Re: [websec] draft-ietf-websec-strict-transport-sec issue: "directive name" and "directive value" X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 21:03:49 -0000 Hi Barry, On 9 Jul 2012, at 21:30, Barry Leiba wrote: > The following came up in my AD review of > draft-ietf-websec-strict-transport-sec, and Jeff suggested that I > needed to take it to the list. So here it is. > > The ABNF in Section 6.1 has this: > > directive = token [ "=" ( token | quoted-string ) ] > > Below that, bullet 3 says this: > > 3. Directive names are case-insensitive. > > And in Section 6.1.1: > > The syntax of the max-age directive's value (after quoted-string > unescaping, if necessary) is defined as: > > Nothing defines what a directive name or a directive's value is. You > and I know they're what's on the left side of the equals sign and the > right side, respectively. We can't assume, though, that people will > figure out that the ABNF definition above turns into "name=value", and > will thus know what those terms mean, completely unambiguously, for > essentially all readers. > > Making the grammar like this will fix it: > > directive = directive-name [ "=" directive-value ] > directive-name = token > directive-value = token | quoted-string This looks reasonable to me. > > If there's a good reason not to make the ABNF change above, I'm happy > to accept some other way of defining the terms, but I think they must > be defined. I think doing it with the ABNF is the easiest and > smoothest way. From ietf@adambarth.com Mon Jul 9 14:05:34 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 864FF11E81CA for ; Mon, 9 Jul 2012 14:05:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.977 X-Spam-Level: X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZLkM4Pr0LrM for ; Mon, 9 Jul 2012 14:05:34 -0700 (PDT) Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id E3FA411E8171 for ; Mon, 9 Jul 2012 14:05:33 -0700 (PDT) Received: by ggnc4 with SMTP id c4so11591036ggn.31 for ; Mon, 09 Jul 2012 14:05:59 -0700 (PDT) Received: by 10.236.165.102 with SMTP id d66mr46873404yhl.54.1341867959548; Mon, 09 Jul 2012 14:05:59 -0700 (PDT) Received: from mail-gh0-f172.google.com (mail-gh0-f172.google.com [209.85.160.172]) by mx.google.com with ESMTPS id v61sm65085593yhi.17.2012.07.09.14.05.58 (version=SSLv3 cipher=OTHER); Mon, 09 Jul 2012 14:05:58 -0700 (PDT) Received: by ghbg16 with SMTP id g16so11607598ghb.31 for ; Mon, 09 Jul 2012 14:05:57 -0700 (PDT) Received: by 10.60.2.34 with SMTP id 2mr43768871oer.71.1341867957027; Mon, 09 Jul 2012 14:05:57 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.226.5 with HTTP; Mon, 9 Jul 2012 14:05:26 -0700 (PDT) In-Reply-To: References: From: Adam Barth Date: Mon, 9 Jul 2012 14:05:26 -0700 Message-ID: To: "Richard L. Barnes" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: websec@ietf.org Subject: Re: [websec] Content sniffing X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 21:05:34 -0000 Why is this sniffing gone awry? Nothing bad seems to have happened in this example. Adam On Mon, Jul 9, 2012 at 1:55 PM, Richard L. Barnes wrote: > Related to draft-ietf-websec-mime-sniff, an example of sniffing gone awry= : > > > It's a valid JPEG image that contains and HTML snippet in a comment segme= nt. As a result, when a browser loads the URL expecting an image, it rende= rs the image content, and when it expects HTML, it skips the binary junk at= the top and renders the HTML [*]. (In both cases, the server reports Conte= nt-Type text/html.) What's even more startling is that Chrome helpfully a= dds the binary junk at the top as the first child of the element in = the parsed DOM! > > --Richard > > > [*] At least in Chrome 20.0.1132.47 > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec From Jeff.Hodges@KingsMountain.com Mon Jul 9 15:41:48 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F13A21F85C2 for ; Mon, 9 Jul 2012 15:41:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.527 X-Spam-Level: X-Spam-Status: No, score=-100.527 tagged_above=-999 required=5 tests=[AWL=-0.032, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Czrn5O7qwILZ for ; Mon, 9 Jul 2012 15:41:46 -0700 (PDT) Received: from oproxy1-pub.bluehost.com (oproxy1.bluehost.com [IPv6:2605:dc00:100:2::a1]) by ietfa.amsl.com (Postfix) with SMTP id 7EC1D21F85C0 for ; Mon, 9 Jul 2012 15:41:46 -0700 (PDT) Received: (qmail 5589 invoked by uid 0); 9 Jul 2012 22:42:12 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy1.bluehost.com with SMTP; 9 Jul 2012 22:42:12 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=Mrmt6LQ0QOwn4sE2qBShLCY9CaZEAcF7X9r3TEEtnRk=; b=xEsPOMXwzSGDvaP0WdPXAF67yAFC2AsuUzo8Q0zU2FWYoFuTAZ8lcdnd3sKq0nFZjFRNCdMweBY7tiyjaN2pxReQhuBNDscIGhwoy7UVECZsMvZkAf60JfLJsRRZRkV3; Received: from [216.113.168.128] (port=1249 helo=[10.244.137.220]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SoMeh-0005K2-VY; Mon, 09 Jul 2012 16:42:12 -0600 Message-ID: <4FFB5E45.70801@KingsMountain.com> Date: Mon, 09 Jul 2012 15:42:13 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: Barry Leiba , Julian Reschke Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com} Cc: IETF WebSec WG Subject: Re: [websec] draft-ietf-websec-strict-transport-sec issue: "directive, name" and "directive value" X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 22:41:48 -0000 > The following came up in my AD review of > draft-ietf-websec-strict-transport-sec, and Jeff suggested that I > needed to take it to the list. So here it is. > > The ABNF in Section 6.1 has this: > > directive = token [ "=" ( token | quoted-string ) ] > > Below that, bullet 3 says this: > > 3. Directive names are case-insensitive. > > And in Section 6.1.1: > > The syntax of the max-age directive's value (after quoted-string > unescaping, if necessary) is defined as: > > Nothing defines what a directive name or a directive's value is. You > and I know they're what's on the left side of the equals sign and the > right side, respectively. We can't assume, though, that people will > figure out that the ABNF definition above turns into "name=value", and > will thus know what those terms mean, completely unambiguously, for > essentially all readers. fyi/fwiw, the manner in which the ABNF is crafted was finalized in the thread, with Julian Reschke, rooted here.. Re: [websec] STS ABNF, was: new rev: draft-ietf-websec-strict-transport-sec-04 https://www.ietf.org/mail-archive/web/websec/current/msg01114.html > Nothing defines what a directive name or a directive's value is. You > and I know they're what's on the left side of the equals sign and the > right side, respectively. We can't assume, though, that people will > figure out that the ABNF definition above turns into "name=value", and > will thus know what those terms mean, completely unambiguously, for > essentially all readers. > > Making the grammar like this will fix it: > > directive = directive-name [ "=" directive-value ] > directive-name = token > directive-value = token | quoted-string > > If there's a good reason not to make the ABNF change above, I'm happy > to accept some other way of defining the terms, but I think they must > be defined. I think doing it with the ABNF is the easiest and > smoothest way. I can see doing it as above, or even as a comment.. directive = token [ "=" ( token | quoted-string ) ] ; directive-name = directive-value Julian apparently has some reasoning for trying not to put everything into the ABNF (see the thread pointed to above). So I think it'd good if he weighed in on this. I do note that the ABNF in draft-ietf-httpbis-p2-semantics-19 for the "expect" header field which Julian points at does explicitly define ABNF for expect-name and expect-value, similarly to Barry's suggestion above. thanks, =JeffH From rbarnes@bbn.com Mon Jul 9 16:19:27 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4F1921F8636 for ; Mon, 9 Jul 2012 16:19:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.596 X-Spam-Level: X-Spam-Status: No, score=-106.596 tagged_above=-999 required=5 tests=[AWL=0.003, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oRm9McF1nZz1 for ; Mon, 9 Jul 2012 16:19:26 -0700 (PDT) Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 842F821F8631 for ; Mon, 9 Jul 2012 16:19:26 -0700 (PDT) Received: from [128.89.253.161] (port=50951) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from ) id 1SoNFA-000FXw-0x; Mon, 09 Jul 2012 19:19:52 -0400 Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=iso-8859-1 From: "Richard L. Barnes" In-Reply-To: Date: Mon, 9 Jul 2012 19:19:50 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <71595112-9084-47B8-BD2E-44381509536E@bbn.com> References: To: Adam Barth X-Mailer: Apple Mail (2.1278) Cc: websec@ietf.org Subject: Re: [websec] Content sniffing X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 23:19:27 -0000 I haven't thought much about this, but a couple of thoughts: The binary prologue means that the document is not valid HTML, so in = principle, it shouldn't be accepted as HTML. It makes you wonder what = other stuff you could put in there that the browser would stuff into the = DOM without it being obvious on the wire, say, to a proxy. I'm = imagining things like encrypted / compressed Javascript code that could = be unpacked by the more obviously HTML part of the page. =20 In a related vein, the "Text or Binary" section of = draft-ietf-websec-mime-sniff says that nothing scriptable must come out = of sniffing a binary blob. Yet in this case, it produced "text/html", = which is obviously scriptable. =20 --Richard On Jul 9, 2012, at 5:05 PM, Adam Barth wrote: > Why is this sniffing gone awry? Nothing bad seems to have happened in > this example. >=20 > Adam >=20 >=20 > On Mon, Jul 9, 2012 at 1:55 PM, Richard L. Barnes = wrote: >> Related to draft-ietf-websec-mime-sniff, an example of sniffing gone = awry: >> >>=20 >> It's a valid JPEG image that contains and HTML snippet in a comment = segment. As a result, when a browser loads the URL expecting an image, = it renders the image content, and when it expects HTML, it skips the = binary junk at the top and renders the HTML [*]. (In both cases, the = server reports Content-Type text/html.) What's even more startling is = that Chrome helpfully adds the binary junk at the top as the first child = of the element in the parsed DOM! >>=20 >> --Richard >>=20 >>=20 >> [*] At least in Chrome 20.0.1132.47 >> _______________________________________________ >> websec mailing list >> websec@ietf.org >> https://www.ietf.org/mailman/listinfo/websec From tobias.gondrom@gondrom.org Mon Jul 9 16:23:06 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46D0121F8534 for ; Mon, 9 Jul 2012 16:23:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -96.778 X-Spam-Level: X-Spam-Status: No, score=-96.778 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y7uQs1jDcHaA for ; Mon, 9 Jul 2012 16:23:05 -0700 (PDT) Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id 4C4DD21F84CF for ; Mon, 9 Jul 2012 16:23:04 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=QmJUebj7dG7FzJn+gxkuNPiKoiSQiwTP/JPaJ85yxLJ3PsBzXCP0fKZ+RaAqMz3SaUIaFdZwYUmdxlopDtJGU0dFlzQFJqYLm1gxpT3ciharHgU5I9uH4ya9hON0s55f; h=Received:Received:Message-ID:Disposition-Notification-To:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; Received: (qmail 15400 invoked from network); 10 Jul 2012 01:23:27 +0200 Received: from static-15-149-235-87.ipcom.comunitel.net (HELO ?172.26.0.209?) (87.235.149.15) by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 10 Jul 2012 01:23:27 +0200 Message-ID: <4FFB67EE.406@gondrom.org> Date: Tue, 10 Jul 2012 00:23:26 +0100 From: Tobias Gondrom User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: bhill@paypal-inc.com, websec@ietf.org References: <370C9BEB4DD6154FA963E2F79ADC6F2E1799AD@DEN-EXDDA-S12.corp.ebay.com> In-Reply-To: <370C9BEB4DD6154FA963E2F79ADC6F2E1799AD@DEN-EXDDA-S12.corp.ebay.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: public-webappsec@w3.org Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directives X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 23:23:06 -0000 Brad, thank you for your email. I agree that, now that WebAppSec is finally also operational, we maybe should revive the discussion between WebAppSec and Websec about what topics should be done where. Either on WG level, or initially on WG chair level to develop a proposal to present to the WGs to decide on. Please note, this coordination goes both ways: discussing which features should be done in WebAppSec and which should better be done in Websec. This may also mean we revive the discussion we had on where to do Frame-Options. But just to be clear about the facts of the current status, it seems I need to correct one of your statements in your email, which may otherwise be a little bit misleading: (Fortunately, I keep all my communication emails and minutes well preserved in an archive to be later able to refresh my memory. ;-) ) In fact, initially, between the founded Websec WG and the still nascent WebAppSec WG the communication was already clearly about how to go forward with Frame-Options (removing the "X-" and improvements) and doing that in Websec and the conclusion at that time then was to do it as a draft in websec and not in CSP, which evidently happened as it was removed from the initial CSP draft and the frame-options draft was created. This was not about documenting the current behaviour as you might suggest in your email, if I read your statement correctly. In fact, it was only recently, a couple of months ago, that actually Thomas Roessler and Jeff Hodges proposed to also document the existing (old/current) behaviour of X-Frame-Options in addition to the worked on Frame-Options draft in one of our IETF WebSec WG meetings - see here: http://www.ietf.org/proceedings/81/minutes/websec.txt Only as a consequence of that we started the X-Frame-Options draft to document the current behaviour, too. However, of course any past decision to do FO in websec does not necessarily mean it would be the only option forward to keep FO (Frame-Options) in WebSec. FYI: After the Frame-Options (and X-Frame-Options) drafts were initially handled as individual submissions, the WebSec WG adopted the documents as WG drafts: tools.ietf.org/html/draft-ietf-websec-frame-options-00 (previously: http://tools.ietf.org/html/draft-gondrom-frame-options-02) tools.ietf.org/html/draft-ietf-websec-x-frame-options-00 (previously: http://tools.ietf.org/html/draft-gondrom-x-frame-options-02) If you feel Websec is not the right place for FO and that this should instead be integrated into CSP (and possibly moved to WebAppSec), it is ok to have that discussion, again. However, based on the past decisions and the current status, I like to invite you to lead this discussion about possibly moving FO from Websec to WebAppSec primarily on the Websec WG mailing-list, as running one discussion on two separate mailing-lists can be confusing at best. Thank you, Tobias (co-chair of websec) On 09/07/12 19:31, Hill, Brad wrote: > Tobias, David and other WebSec participants, > > Over at the W3C WebAppSec WG we are beginning to draft a set of new directives for Content Security Policy focused specifically on User Interface Safety - protection against clickjacking and other UI Redressing attacks. > > As Adam Barth suggested on this list a few weeks ago, WebSec and WebAppSec should discuss and coordinate on whether new functionality related to UI embedding, such as ALLOW-FROM or embed-ancestors, would be best developed as CSP directives or in a new Frame-Options header. > > It made sense for the IETF WebSec group to be the lightest and fastest process to specify the existing behavior of X-Frame-Options, but further refinements are more in the realm of web user agent behavior. If sites are going to specify UI safety directives using CSP, using that mechanism rather than a new Frame-Options header can save on some header bloat, as well as making it easier to interpret scenarios where a resource wants to obsolete the X-Frame-Options when new behaviors are available. (e.g., allow embedding if CSP UI Safety directives are understood, but deny it for user agents that only understand X-Frame-Options) > > The current editor's draft doesn't include these options, but please take a look. > > http://dvcs.w3.org/hg/user-interface-safety/raw-file/tip/user-interface-safety.html > > A proposed additional directive for this specification is: > > embed-ancestors > > The embed-options directive indicates whether the user-agent should embed the resource using a frame, iframe, object or embed tag, or equivalent functionality in non-HTML resources. Resources can use this to avoid many UI Redressing attacks by ensuring they are not embedded into other sites. This directive replicates some of the functionality of the X-Frame-Options header. The syntax for the name and value of the directive are described by the following ABNF grammar: > > directive-name = "embed-ancestors" > directive-value = source-list > > Unlike policies defined in Content Security Policy 1.0, the embed-ancestors directives is not subject to the default-src directive. If this directive is not explicitly stated in the policy its value is assumed to be "*". > > If 'deny' is present in the source-list, the resource cannot be displayed in an embedded context, regardless of the origin attempting to do so, and all other members of the source-list are ignored. This provides functionality equivalent to the DENY value of the X-Frame-Options header. > > If 'deny' is not present the source-list indicates which origins are valid ancestors for the resource. An ancestor is any resource between the protected resource and the top of the window frame tree; for example, if A embeds B which embeds C, both A and B are ancestors of C. If A embeds both B and C, B is not an ancestor of C, but A still is. > > The 'self' source indicates that content of the same-origin as the protected resource may embed it. This provides functionality equivalent to the SAMEORIGIN value of the X-Frame-Options header. > > > Thank you - we welcome your thoughts and feedback, > > Brad Hill > Co-chair, W3C WebAppSec WG > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec From ietf@adambarth.com Mon Jul 9 16:24:14 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B45B11E80A4 for ; Mon, 9 Jul 2012 16:24:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.977 X-Spam-Level: X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w02HjEU+9JOL for ; Mon, 9 Jul 2012 16:24:13 -0700 (PDT) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id B5AA011E80D1 for ; Mon, 9 Jul 2012 16:24:13 -0700 (PDT) Received: by yenq13 with SMTP id q13so11681645yen.31 for ; Mon, 09 Jul 2012 16:24:39 -0700 (PDT) Received: by 10.236.183.227 with SMTP id q63mr48357631yhm.114.1341876279637; Mon, 09 Jul 2012 16:24:39 -0700 (PDT) Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id y66sm65654472yhi.10.2012.07.09.16.24.38 (version=SSLv3 cipher=OTHER); Mon, 09 Jul 2012 16:24:38 -0700 (PDT) Received: by obbwc20 with SMTP id wc20so1281151obb.31 for ; Mon, 09 Jul 2012 16:24:37 -0700 (PDT) Received: by 10.60.13.201 with SMTP id j9mr42523018oec.51.1341876277348; Mon, 09 Jul 2012 16:24:37 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.226.5 with HTTP; Mon, 9 Jul 2012 16:24:07 -0700 (PDT) In-Reply-To: <71595112-9084-47B8-BD2E-44381509536E@bbn.com> References: <71595112-9084-47B8-BD2E-44381509536E@bbn.com> From: Adam Barth Date: Mon, 9 Jul 2012 16:24:07 -0700 Message-ID: To: "Richard L. Barnes" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: websec@ietf.org Subject: Re: [websec] Content sniffing X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 23:24:14 -0000 On Mon, Jul 9, 2012 at 4:19 PM, Richard L. Barnes wrote: > I haven't thought much about this, but a couple of thoughts: > > The binary prologue means that the document is not valid HTML, so in prin= ciple, it shouldn't be accepted as HTML. It makes you wonder what other st= uff you could put in there that the browser would stuff into the DOM withou= t it being obvious on the wire, say, to a proxy. I'm imagining things like= encrypted / compressed Javascript code that could be unpacked by the more = obviously HTML part of the page. You don't have to imagine. It's specified in HTML5. > In a related vein, the "Text or Binary" section of draft-ietf-websec-mime= -sniff says that nothing scriptable must come out of sniffing a binary blob= . Yet in this case, it produced "text/html", which is obviously scriptable= . The browser isn't sniffing HTML in this case. The server sent a Content-Type header with text/html. Adam > On Jul 9, 2012, at 5:05 PM, Adam Barth wrote: > >> Why is this sniffing gone awry? Nothing bad seems to have happened in >> this example. >> >> Adam >> >> >> On Mon, Jul 9, 2012 at 1:55 PM, Richard L. Barnes wrot= e: >>> Related to draft-ietf-websec-mime-sniff, an example of sniffing gone aw= ry: >>> >>> >>> It's a valid JPEG image that contains and HTML snippet in a comment seg= ment. As a result, when a browser loads the URL expecting an image, it ren= ders the image content, and when it expects HTML, it skips the binary junk = at the top and renders the HTML [*]. (In both cases, the server reports Con= tent-Type text/html.) What's even more startling is that Chrome helpfully= adds the binary junk at the top as the first child of the element i= n the parsed DOM! >>> >>> --Richard >>> >>> >>> [*] At least in Chrome 20.0.1132.47 >>> _______________________________________________ >>> websec mailing list >>> websec@ietf.org >>> https://www.ietf.org/mailman/listinfo/websec > From tobias.gondrom@gondrom.org Mon Jul 9 16:33:24 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFDED11E811E for ; Mon, 9 Jul 2012 16:33:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -96.778 X-Spam-Level: X-Spam-Status: No, score=-96.778 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 69j28Y04Ln8p for ; Mon, 9 Jul 2012 16:33:24 -0700 (PDT) Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id ECD7A11E8101 for ; Mon, 9 Jul 2012 16:33:19 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=hqDHKxe8mRg1UTWxyl2nPj0x9/C/4wcIPMZg07mrmW+5XVazGD2naWy4WeaJxei1IpETVKluQDeZJOTBUaxaoc4cWHelT30gJNWJXkFuC3OhNC5n9LBdnzrKNciAW/NU; h=Received:Received:Message-ID:Disposition-Notification-To:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; Received: (qmail 15464 invoked from network); 10 Jul 2012 01:33:43 +0200 Received: from static-15-149-235-87.ipcom.comunitel.net (HELO ?172.26.0.209?) (87.235.149.15) by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 10 Jul 2012 01:33:42 +0200 Message-ID: <4FFB6A54.104@gondrom.org> Date: Tue, 10 Jul 2012 00:33:40 +0100 From: Tobias Gondrom User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: bhill@paypal-inc.com, websec@ietf.org References: <370C9BEB4DD6154FA963E2F79ADC6F2E1799AD@DEN-EXDDA-S12.corp.ebay.com> In-Reply-To: <370C9BEB4DD6154FA963E2F79ADC6F2E1799AD@DEN-EXDDA-S12.corp.ebay.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: public-webappsec@w3.org Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directives X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 23:33:25 -0000 Brad, thank you for your email. Reading your argument, I think it would be very helpful to hear in more detail from you the concrete reasons for why you think the current solution is weak and why it would be better in CSP. Answering to your mentioned arguments: 1. IMHO "save on some header bloat" is a very weak argument, that on the one hand is not a big problem looking at the current header landscape and could be used to basically wrap everything from HSTS headers to whatever into CSP, which then leads to a huge meta-header (or some might call it "CSP bloat" ;-) ). 2. I think the migration from XFO to FO is straight forward, in fact I rather see a complication (disadvantage) by moving it to the CSP model instead of a direct evolution path from XFO to FO. And actually as I also already described in a previous argument on websec, the FO functionality is not fully symmetric to all other CSP directives, and therefore should not be handled in CSP. In summary, I do think FO would be better to continue as a draft in Websec and can not see any significant benefit in moving it into CSP. Could you please provide some more specific reasons or examples about why exactly FO might be better as part of CSP? Best regards, Tobias Ps.: please note, that I am currently on holiday and will only be able to answer emails in about a weeks time. On 09/07/12 19:31, Hill, Brad wrote: > Tobias, David and other WebSec participants, > > Over at the W3C WebAppSec WG we are beginning to draft a set of new directives for Content Security Policy focused specifically on User Interface Safety - protection against clickjacking and other UI Redressing attacks. > > As Adam Barth suggested on this list a few weeks ago, WebSec and WebAppSec should discuss and coordinate on whether new functionality related to UI embedding, such as ALLOW-FROM or embed-ancestors, would be best developed as CSP directives or in a new Frame-Options header. > > It made sense for the IETF WebSec group to be the lightest and fastest process to specify the existing behavior of X-Frame-Options, but further refinements are more in the realm of web user agent behavior. If sites are going to specify UI safety directives using CSP, using that mechanism rather than a new Frame-Options header can save on some header bloat, as well as making it easier to interpret scenarios where a resource wants to obsolete the X-Frame-Options when new behaviors are available. (e.g., allow embedding if CSP UI Safety directives are understood, but deny it for user agents that only understand X-Frame-Options) > > The current editor's draft doesn't include these options, but please take a look. > > http://dvcs.w3.org/hg/user-interface-safety/raw-file/tip/user-interface-safety.html > > A proposed additional directive for this specification is: > > embed-ancestors > > The embed-options directive indicates whether the user-agent should embed the resource using a frame, iframe, object or embed tag, or equivalent functionality in non-HTML resources. Resources can use this to avoid many UI Redressing attacks by ensuring they are not embedded into other sites. This directive replicates some of the functionality of the X-Frame-Options header. The syntax for the name and value of the directive are described by the following ABNF grammar: > > directive-name = "embed-ancestors" > directive-value = source-list > > Unlike policies defined in Content Security Policy 1.0, the embed-ancestors directives is not subject to the default-src directive. If this directive is not explicitly stated in the policy its value is assumed to be "*". > > If 'deny' is present in the source-list, the resource cannot be displayed in an embedded context, regardless of the origin attempting to do so, and all other members of the source-list are ignored. This provides functionality equivalent to the DENY value of the X-Frame-Options header. > > If 'deny' is not present the source-list indicates which origins are valid ancestors for the resource. An ancestor is any resource between the protected resource and the top of the window frame tree; for example, if A embeds B which embeds C, both A and B are ancestors of C. If A embeds both B and C, B is not an ancestor of C, but A still is. > > The 'self' source indicates that content of the same-origin as the protected resource may embed it. This provides functionality equivalent to the SAMEORIGIN value of the X-Frame-Options header. > > > Thank you - we welcome your thoughts and feedback, > > Brad Hill > Co-chair, W3C WebAppSec WG > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec From bhill@paypal-inc.com Mon Jul 9 17:02:09 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D38A221F8668 for ; Mon, 9 Jul 2012 17:02:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.117 X-Spam-Level: X-Spam-Status: No, score=-9.117 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FySOpD8MKnLH for ; Mon, 9 Jul 2012 17:02:09 -0700 (PDT) Received: from den-mipot-001.corp.ebay.com (den-mipot-001.corp.ebay.com [216.113.175.152]) by ietfa.amsl.com (Postfix) with ESMTP id ED47C21F8663 for ; Mon, 9 Jul 2012 17:02:08 -0700 (PDT) DomainKey-Signature: s=ppinc; d=paypal-inc.com; c=nofws; q=dns; h=X-EBay-Corp:X-IronPort-AV:Received:Received:From:To:CC: Subject:Thread-Topic:Thread-Index:Date:Message-ID: References:In-Reply-To:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:x-originating-ip: x-ems-proccessed:x-ems-stamp:Content-Type: Content-Transfer-Encoding:MIME-Version; b=c4TwqGMrZzKo7yAgelqsfpdHfda/Ju5bFC47ZUrjB3vIT9xwZMRL7Ti/ G/hN9kYBkfXL9A6TAJcx4mAHzHS5Qd7INeuuldnbA+ZEQPWzsW2LsEkDj o6cFJ9gjnUfv52u; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paypal-inc.com; i=bhill@paypal-inc.com; q=dns/txt; s=ppinc; t=1341878555; x=1373414555; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=xGGdDyJmqgGdye3x7OqUbHqpjBPkpjbs6LIfBZWLOD4=; b=LCE8RmU0qsv478XrsWDkDbf9IMiGhu7j8VllMFUDdQOL0V5ZA7NkK3tw SoRWjS4dqT6ghI71bVkQTLC+zgtYop7LOxsmACv0xw5yODqGiV0xJtRHp j8BgM2XXZjUcaq4; X-EBay-Corp: Yes X-IronPort-AV: E=Sophos;i="4.77,555,1336374000"; d="scan'208";a="8573236" Received: from unknown (HELO DEN-EXMHT-005.corp.ebay.com) ([10.241.17.171]) by den-mipot-001.corp.ebay.com with ESMTP/TLS/AES128-SHA; 09 Jul 2012 17:02:35 -0700 Received: from DEN-EXDDA-S12.corp.ebay.com ([fe80::40c1:9cf7:d21e:46c]) by DEN-EXMHT-005.corp.ebay.com ([fe80::8109:2a37:17ad:e57e%18]) with mapi id 14.02.0298.004; Mon, 9 Jul 2012 18:02:31 -0600 From: "Hill, Brad" To: Tobias Gondrom , "websec@ietf.org" Thread-Topic: [websec] Coordinating Frame-Options and CSP UI Safety directives Thread-Index: Ac1eARMykz8Gk35PQYOw0F4CVEc1fgAWw6QAAAxPUgA= Date: Tue, 10 Jul 2012 00:02:31 +0000 Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E17AE18@DEN-EXDDA-S12.corp.ebay.com> References: <370C9BEB4DD6154FA963E2F79ADC6F2E1799AD@DEN-EXDDA-S12.corp.ebay.com> <4FFB67EE.406@gondrom.org> In-Reply-To: <4FFB67EE.406@gondrom.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.241.19.242] x-ems-proccessed: 10SqDH0iR7ekR7SRpKqm5A== x-ems-stamp: RUhmLvUG+V+CYtcAGpFVxg== Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "public-webappsec@w3.org" Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directives X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 00:02:09 -0000 Tobias, I'm happy to move the discussion primarily to websec, and I'll drop the cc= : to webappsec after this email. Thanks for the historical clarification, = as well. I'm not terribly concerned about which group does the work, as much as arri= ving at the engineering solution that works best for user agent and resourc= e authors, some of whom have expressed preference for moving this functiona= lity into CSP. As both a chair and an individual, I don't have a strong pr= eference, but I think there are reasons in favor of each option and it is w= orth re-opening the discussion now that the WebAppSec WG has a concrete del= iverable under development to address the same general class of attacks. I'll send out a summary shortly of the similarities and differences between= the various options currently proposed for some additional context. -Brad Hill From rbarnes@bbn.com Mon Jul 9 18:41:55 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28F5A11E810C for ; Mon, 9 Jul 2012 18:41:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.596 X-Spam-Level: X-Spam-Status: No, score=-106.596 tagged_above=-999 required=5 tests=[AWL=0.003, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f3ysw6wQcNVc for ; Mon, 9 Jul 2012 18:41:54 -0700 (PDT) Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 1638D11E80F4 for ; Mon, 9 Jul 2012 18:41:54 -0700 (PDT) Received: from [128.89.253.207] (port=52063) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from ) id 1SoPT0-0007J0-SG; Mon, 09 Jul 2012 21:42:18 -0400 Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=iso-8859-1 From: "Richard L. Barnes" In-Reply-To: Date: Mon, 9 Jul 2012 21:42:17 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <18D2BFE7-6F14-4B7E-BDDE-FA9F7E134E88@bbn.com> References: <71595112-9084-47B8-BD2E-44381509536E@bbn.com> To: Adam Barth X-Mailer: Apple Mail (2.1278) Cc: websec@ietf.org Subject: Re: [websec] Content sniffing X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 01:41:55 -0000 On Jul 9, 2012, at 7:24 PM, Adam Barth wrote: > On Mon, Jul 9, 2012 at 4:19 PM, Richard L. Barnes = wrote: >> I haven't thought much about this, but a couple of thoughts: >>=20 >> The binary prologue means that the document is not valid HTML, so in = principle, it shouldn't be accepted as HTML. It makes you wonder what = other stuff you could put in there that the browser would stuff into the = DOM without it being obvious on the wire, say, to a proxy. I'm = imagining things like encrypted / compressed Javascript code that could = be unpacked by the more obviously HTML part of the page. >=20 > You don't have to imagine. It's specified in HTML5. Could you clarify? What is "it"? Reference would be helpful. Is there really a use case for inserting into the DOM arbitrary octets = that are not syntactically part of the HTML page? --Richard >> In a related vein, the "Text or Binary" section of = draft-ietf-websec-mime-sniff says that nothing scriptable must come out = of sniffing a binary blob. Yet in this case, it produced "text/html", = which is obviously scriptable. >=20 > The browser isn't sniffing HTML in this case. The server sent a > Content-Type header with text/html. >=20 > Adam >=20 >=20 >> On Jul 9, 2012, at 5:05 PM, Adam Barth wrote: >>=20 >>> Why is this sniffing gone awry? Nothing bad seems to have happened = in >>> this example. >>>=20 >>> Adam >>>=20 >>>=20 >>> On Mon, Jul 9, 2012 at 1:55 PM, Richard L. Barnes = wrote: >>>> Related to draft-ietf-websec-mime-sniff, an example of sniffing = gone awry: >>>> >>>>=20 >>>> It's a valid JPEG image that contains and HTML snippet in a comment = segment. As a result, when a browser loads the URL expecting an image, = it renders the image content, and when it expects HTML, it skips the = binary junk at the top and renders the HTML [*]. (In both cases, the = server reports Content-Type text/html.) What's even more startling is = that Chrome helpfully adds the binary junk at the top as the first child = of the element in the parsed DOM! >>>>=20 >>>> --Richard >>>>=20 >>>>=20 >>>> [*] At least in Chrome 20.0.1132.47 >>>> _______________________________________________ >>>> websec mailing list >>>> websec@ietf.org >>>> https://www.ietf.org/mailman/listinfo/websec >>=20 From ietf@adambarth.com Mon Jul 9 18:53:46 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14CB411E8100 for ; Mon, 9 Jul 2012 18:53:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.977 X-Spam-Level: X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KlpMRiEI6KL6 for ; Mon, 9 Jul 2012 18:53:42 -0700 (PDT) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id EB2EF11E8106 for ; Mon, 9 Jul 2012 18:53:41 -0700 (PDT) Received: by yenq13 with SMTP id q13so11768195yen.31 for ; Mon, 09 Jul 2012 18:54:08 -0700 (PDT) Received: by 10.236.75.232 with SMTP id z68mr50416617yhd.90.1341885247967; Mon, 09 Jul 2012 18:54:07 -0700 (PDT) Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id l49sm66211682yhj.8.2012.07.09.18.54.06 (version=SSLv3 cipher=OTHER); Mon, 09 Jul 2012 18:54:06 -0700 (PDT) Received: by obbwc20 with SMTP id wc20so1448707obb.31 for ; Mon, 09 Jul 2012 18:54:05 -0700 (PDT) Received: by 10.182.37.41 with SMTP id v9mr14457207obj.23.1341885245548; Mon, 09 Jul 2012 18:54:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.226.5 with HTTP; Mon, 9 Jul 2012 18:53:34 -0700 (PDT) In-Reply-To: <18D2BFE7-6F14-4B7E-BDDE-FA9F7E134E88@bbn.com> References: <71595112-9084-47B8-BD2E-44381509536E@bbn.com> <18D2BFE7-6F14-4B7E-BDDE-FA9F7E134E88@bbn.com> From: Adam Barth Date: Mon, 9 Jul 2012 18:53:34 -0700 Message-ID: To: "Richard L. Barnes" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: websec@ietf.org Subject: Re: [websec] Content sniffing X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 01:53:47 -0000 On Mon, Jul 9, 2012 at 6:42 PM, Richard L. Barnes wrote: > On Jul 9, 2012, at 7:24 PM, Adam Barth wrote: >> On Mon, Jul 9, 2012 at 4:19 PM, Richard L. Barnes wrot= e: >>> I haven't thought much about this, but a couple of thoughts: >>> >>> The binary prologue means that the document is not valid HTML, so in pr= inciple, it shouldn't be accepted as HTML. It makes you wonder what other = stuff you could put in there that the browser would stuff into the DOM with= out it being obvious on the wire, say, to a proxy. I'm imagining things li= ke encrypted / compressed Javascript code that could be unpacked by the mor= e obviously HTML part of the page. >> >> You don't have to imagine. It's specified in HTML5. > > Could you clarify? What is "it"? Reference would be helpful. You mentioned that you were wondering what "other stuff" you could put there that the browser would stuff into the DOM. The HTML specification [1] defines precisely what DOM you'll get for every possible input, so you don't need to wonder. > Is there really a use case for inserting into the DOM arbitrary octets th= at are not syntactically part of the HTML page? This topic has been discussed at length in the HTML working group. It's probably not worth re-hashing it on this list. The short answer is that it's what web sites expect browsers to do. Adam [1] http://whatwg.org/specs/web-apps/current-work/ (or http://www.w3.org/TR/html5/ if you want to see the more official but less up-to-day version). >>> In a related vein, the "Text or Binary" section of draft-ietf-websec-mi= me-sniff says that nothing scriptable must come out of sniffing a binary bl= ob. Yet in this case, it produced "text/html", which is obviously scriptab= le. >> >> The browser isn't sniffing HTML in this case. The server sent a >> Content-Type header with text/html. >> >> Adam >> >> >>> On Jul 9, 2012, at 5:05 PM, Adam Barth wrote: >>> >>>> Why is this sniffing gone awry? Nothing bad seems to have happened in >>>> this example. >>>> >>>> Adam >>>> >>>> >>>> On Mon, Jul 9, 2012 at 1:55 PM, Richard L. Barnes wr= ote: >>>>> Related to draft-ietf-websec-mime-sniff, an example of sniffing gone = awry: >>>>> >>>>> >>>>> It's a valid JPEG image that contains and HTML snippet in a comment s= egment. As a result, when a browser loads the URL expecting an image, it r= enders the image content, and when it expects HTML, it skips the binary jun= k at the top and renders the HTML [*]. (In both cases, the server reports C= ontent-Type text/html.) What's even more startling is that Chrome helpful= ly adds the binary junk at the top as the first child of the element= in the parsed DOM! >>>>> >>>>> --Richard >>>>> >>>>> >>>>> [*] At least in Chrome 20.0.1132.47 >>>>> _______________________________________________ >>>>> websec mailing list >>>>> websec@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/websec >>> > From julian.reschke@gmx.de Mon Jul 9 23:52:45 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94B2F11E8160 for ; Mon, 9 Jul 2012 23:52:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.901 X-Spam-Level: X-Spam-Status: No, score=-104.901 tagged_above=-999 required=5 tests=[AWL=-2.302, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N1chZm8F-Nwb for ; Mon, 9 Jul 2012 23:52:44 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 3FDE821F8565 for ; Mon, 9 Jul 2012 23:52:43 -0700 (PDT) Received: (qmail invoked by alias); 10 Jul 2012 06:53:09 -0000 Received: from p54BB3690.dip.t-dialin.net (EHLO [192.168.178.36]) [84.187.54.144] by mail.gmx.net (mp039) with SMTP; 10 Jul 2012 08:53:09 +0200 X-Authenticated: #1915285 X-Provags-ID: V01U2FsdGVkX19KcO9L+JRK2K1s6NUAocEe0GoS22VdgH7oD+/rJt orXHdCoo9AU4Pi Message-ID: <4FFBD151.2070109@gmx.de> Date: Tue, 10 Jul 2012 08:53:05 +0200 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: =JeffH References: <4FFB5E45.70801@KingsMountain.com> In-Reply-To: <4FFB5E45.70801@KingsMountain.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Cc: Barry Leiba , IETF WebSec WG Subject: Re: [websec] draft-ietf-websec-strict-transport-sec issue: "directive, name" and "directive value" X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 06:52:45 -0000 On 2012-07-10 00:42, =JeffH wrote: > > The following came up in my AD review of > > draft-ietf-websec-strict-transport-sec, and Jeff suggested that I > > needed to take it to the list. So here it is. > > > > The ABNF in Section 6.1 has this: > > > > directive = token [ "=" ( token | quoted-string ) ] > > > > Below that, bullet 3 says this: > > > > 3. Directive names are case-insensitive. > > > > And in Section 6.1.1: > > > > The syntax of the max-age directive's value (after quoted-string > > unescaping, if necessary) is defined as: > > > > Nothing defines what a directive name or a directive's value is. You > > and I know they're what's on the left side of the equals sign and the > > right side, respectively. We can't assume, though, that people will > > figure out that the ABNF definition above turns into "name=value", and > > will thus know what those terms mean, completely unambiguously, for > > essentially all readers. > > fyi/fwiw, the manner in which the ABNF is crafted was finalized in the > thread, with Julian Reschke, rooted here.. > > Re: [websec] STS ABNF, was: new rev: > draft-ietf-websec-strict-transport-sec-04 > https://www.ietf.org/mail-archive/web/websec/current/msg01114.html > > > > Nothing defines what a directive name or a directive's value is. You > > and I know they're what's on the left side of the equals sign and the > > right side, respectively. We can't assume, though, that people will > > figure out that the ABNF definition above turns into "name=value", and > > will thus know what those terms mean, completely unambiguously, for > > essentially all readers. > > > > Making the grammar like this will fix it: > > > > directive = directive-name [ "=" directive-value ] > > directive-name = token > > directive-value = token | quoted-string > > > > If there's a good reason not to make the ABNF change above, I'm happy > > to accept some other way of defining the terms, but I think they must > > be defined. I think doing it with the ABNF is the easiest and > > smoothest way. > > I can see doing it as above, or even as a comment.. > > directive = token [ "=" ( token | quoted-string ) ] > ; directive-name = directive-value > > Julian apparently has some reasoning for trying not to put everything > into the ABNF (see the thread pointed to above). So I think it'd good > if he weighed in on this. > > I do note that the ABNF in draft-ietf-httpbis-p2-semantics-19 for the > "expect" header field which Julian points at does explicitly define ABNF > for expect-name and expect-value, similarly to Barry's suggestion above. Adding ABNF productions for clarity seems fine to me. Best regards, Julian From bhill@paypal-inc.com Tue Jul 10 09:27:31 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1577F11E80ED for ; Tue, 10 Jul 2012 09:27:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.117 X-Spam-Level: X-Spam-Status: No, score=-9.117 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iuiNEK3SnoVr for ; Tue, 10 Jul 2012 09:27:30 -0700 (PDT) Received: from den-mipot-001.corp.ebay.com (den-mipot-001.corp.ebay.com [216.113.175.152]) by ietfa.amsl.com (Postfix) with ESMTP id E4A5511E809A for ; Tue, 10 Jul 2012 09:27:29 -0700 (PDT) DomainKey-Signature: s=ppinc; d=paypal-inc.com; c=nofws; q=dns; h=X-EBay-Corp:X-IronPort-AV:Received:Received:From:To: Subject:Thread-Topic:Thread-Index:Date:Message-ID: Accept-Language:Content-Language:X-MS-Has-Attach: X-MS-TNEF-Correlator:x-originating-ip:x-ems-proccessed: x-ems-stamp:Content-Type:MIME-Version; b=f4VfnlJ3JqBno8SgieHRi1PwgNXXFbjnEaoWQ9/mZw25StKJ0xVIDt9r 4AvLhwyUK28jnOEzaI70EYFlbb8SOeZt7WVtll3o0QFdKQ8QVLLXE1JN9 RoZLuLCo2Oz0bOQ; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paypal-inc.com; i=bhill@paypal-inc.com; q=dns/txt; s=ppinc; t=1341937678; x=1373473678; h=from:to:subject:date:message-id:mime-version; bh=W3zTeIW13bjzqrIQpq3TIgIPCB0H+W4WR3n46KDc1uc=; b=Ji/MR4sd/KOB8hQacSsFAYioxRXpULqlovACnHXTG18aTpdq+r0VBYZC w5ariSaIZg2p9q+QTHFRraBqAMFP6HDwsjShTxcRDCrvkyqHBx2yeN1rK xYqjXQTge4+EkbM; X-EBay-Corp: Yes X-IronPort-AV: E=Sophos;i="4.77,560,1336374000"; d="scan'208,217";a="8581691" Received: from den-exmht-003.corp.ebay.com ([10.241.17.150]) by den-mipot-001.corp.ebay.com with ESMTP/TLS/AES128-SHA; 10 Jul 2012 09:27:55 -0700 Received: from DEN-EXDDA-S12.corp.ebay.com ([fe80::40c1:9cf7:d21e:46c]) by DEN-EXMHT-003.corp.ebay.com ([fe80::55d3:9d86:3fc8:dbf4%14]) with mapi id 14.02.0298.004; Tue, 10 Jul 2012 10:27:52 -0600 From: "Hill, Brad" To: "websec@ietf.org" Thread-Topic: Last Call for Comments at W3C: Content Security Policy 1.0 Thread-Index: Ac1euPO6C1e+RV+MS1qj1TTjn6HNoQ== Date: Tue, 10 Jul 2012 16:27:52 +0000 Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E17C46D@DEN-EXDDA-S12.corp.ebay.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.241.19.242] x-ems-proccessed: 10SqDH0iR7ekR7SRpKqm5A== x-ems-stamp: IH9pw5DUDgq4uegweV3dZw== Content-Type: multipart/alternative; boundary="_000_370C9BEB4DD6154FA963E2F79ADC6F2E17C46DDENEXDDAS12corpeb_" MIME-Version: 1.0 Subject: [websec] Last Call for Comments at W3C: Content Security Policy 1.0 X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 16:27:31 -0000 --_000_370C9BEB4DD6154FA963E2F79ADC6F2E17C46DDENEXDDAS12corpeb_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The WebAppSec WG at the W3C would like to inform WebSec that Content Securi= ty Policy (CSP) 1.0 has been published as a Last Call Working Draft, and th= e WG welcomes review, feedback and comments to public-webappsec@w3.org CSP is a mechanism web applications can use to mitigate a broad class of co= ntent injection vulnerabilities, such as cross-site scripting (XSS). Conten= t Security Policy is a declarative policy that lets the authors (or server = administrators) of a web application restrict from where the application ca= n load resources. To mitigate XSS, for example, a web application can restrict itself to load= ing scripts only from known, trusted URIs, making it difficult for an attac= ker who can inject content into the web application to inject malicious scr= ipt. Content Security Policy (CSP) is not intended as a first line of defense ag= ainst content injection vulnerabilities. Instead, CSP is best used as defen= se-in-depth, to reduce the harm caused by content injection attacks. http://www.w3.org/TR/CSP/ Thank you, Brad Hill Co-chair, W3C WebAppSec WG --_000_370C9BEB4DD6154FA963E2F79ADC6F2E17C46DDENEXDDAS12corpeb_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

The WebAppSec WG at the W3C would like to inform Web= Sec that Content Security Policy (CSP) 1.0 has been published as a Last Cal= l Working Draft, and the WG welcomes review, feedback and comments to public-webappsec@w3.org

 

 

CSP is a mechanism web applications can use to mitig= ate a broad class of content injection vulnerabilities, such as cross-site = scripting (XSS). Content Security Policy is a declarative policy that lets = the authors (or server administrators) of a web application restrict from where the application can load resource= s.

 

To mitigate XSS, for example, a web application can = restrict itself to loading scripts only from known, trusted URIs, making it= difficult for an attacker who can inject content into the web application = to inject malicious script.

 

Content Security Policy (CSP) is not intended as a f= irst line of defense against content injection vulnerabilities. Instead, CS= P is best used as defense-in-depth, to reduce the harm caused by content in= jection attacks.

 

http://www.w3.= org/TR/CSP/

 

 

Thank you,

 

Brad Hill

Co-chair, W3C WebAppSec WG

--_000_370C9BEB4DD6154FA963E2F79ADC6F2E17C46DDENEXDDAS12corpeb_-- From internet-drafts@ietf.org Tue Jul 10 15:31:59 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDFA821F8608; Tue, 10 Jul 2012 15:31:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.467 X-Spam-Level: X-Spam-Status: No, score=-102.467 tagged_above=-999 required=5 tests=[AWL=0.132, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jU97N5Y2380e; Tue, 10 Jul 2012 15:31:58 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C05921F860D; Tue, 10 Jul 2012 15:31:58 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.30p3 Message-ID: <20120710223158.23227.46556.idtracker@ietfa.amsl.com> Date: Tue, 10 Jul 2012 15:31:58 -0700 Cc: websec@ietf.org Subject: [websec] I-D Action: draft-ietf-websec-strict-transport-sec-11.txt X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 22:31:59 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Web Security Working Group of the IETF. Title : HTTP Strict Transport Security (HSTS) Author(s) : Jeff Hodges Collin Jackson Adam Barth Filename : draft-ietf-websec-strict-transport-sec-11.txt Pages : 48 Date : 2012-07-10 Abstract: This specification defines a mechanism enabling web sites to declare themselves accessible only via secure connections, and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections. This overall policy is referred to as HTTP Strict Transport Security (HSTS). The policy is declared by web sites via the Strict-Transport-Security HTTP response header field, and/or by other means, such as user agent configuration, for example. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-11 A diff from previous version is available at: http://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-websec-strict-transport-sec= -11 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From trac+websec@trac.tools.ietf.org Tue Jul 10 15:45:37 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAC5611E80FF for ; Tue, 10 Jul 2012 15:45:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.163 X-Spam-Level: X-Spam-Status: No, score=-102.163 tagged_above=-999 required=5 tests=[AWL=0.436, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iGM-WDZ4RKOS for ; Tue, 10 Jul 2012 15:45:37 -0700 (PDT) Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [77.72.230.30]) by ietfa.amsl.com (Postfix) with ESMTP id F049011E809F for ; Tue, 10 Jul 2012 15:45:36 -0700 (PDT) Received: from localhost ([127.0.0.1]:39887 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.77) (envelope-from ) id 1SojBb-0005f4-En; Wed, 11 Jul 2012 00:45:39 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: "websec issue tracker" X-Trac-Version: 0.12.2 Precedence: bulk Auto-Submitted: auto-generated X-Mailer: Trac 0.12.2, by Edgewall Software To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com X-Trac-Project: websec Date: Tue, 10 Jul 2012 22:45:39 -0000 X-URL: http://tools.ietf.org/websec/ X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/41#comment:1 Message-ID: <085.25548a69a068c5b72551b78abaaf427c@trac.tools.ietf.org> References: <070.d03fad09be18f8768e0c0b6b191f9c78@trac.tools.ietf.org> X-Trac-Ticket-ID: 41 In-Reply-To: <070.d03fad09be18f8768e0c0b6b191f9c78@trac.tools.ietf.org> X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Rcpt-To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com, websec@ietf.org X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false Resent-To: Resent-Message-Id: <20120710224536.F049011E809F@ietfa.amsl.com> Resent-Date: Tue, 10 Jul 2012 15:45:36 -0700 (PDT) Resent-From: trac+websec@trac.tools.ietf.org Cc: websec@ietf.org Subject: Re: [websec] #41: add parameter indicating whether to hardfail or not X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 22:45:37 -0000 #41: add parameter indicating whether to hardfail or not Changes (by jeff.hodges@…): * status: new => closed * resolution: => wontfix -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-websec-strict- jeff.hodges@… | transport-sec@… Type: enhancement | Status: closed Priority: major | Milestone: Component: strict- | Version: transport-sec | Resolution: wontfix Severity: In WG Last | Call | Keywords: | -------------------------+------------------------------------------------- Ticket URL: websec From trac+websec@trac.tools.ietf.org Tue Jul 10 15:47:15 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D6F611E810E for ; Tue, 10 Jul 2012 15:47:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.199 X-Spam-Level: X-Spam-Status: No, score=-102.199 tagged_above=-999 required=5 tests=[AWL=0.400, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JDrNmwbW0xx9 for ; Tue, 10 Jul 2012 15:47:15 -0700 (PDT) Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [77.72.230.30]) by ietfa.amsl.com (Postfix) with ESMTP id 0442F11E809F for ; Tue, 10 Jul 2012 15:47:15 -0700 (PDT) Received: from localhost ([127.0.0.1]:40035 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.77) (envelope-from ) id 1SojDR-0000SY-Af; Wed, 11 Jul 2012 00:47:33 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: "websec issue tracker" X-Trac-Version: 0.12.2 Precedence: bulk Auto-Submitted: auto-generated X-Mailer: Trac 0.12.2, by Edgewall Software To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, tobias.gondrom@gondrom.org, jeff.hodges@kingsmountain.com X-Trac-Project: websec Date: Tue, 10 Jul 2012 22:47:33 -0000 X-URL: http://tools.ietf.org/websec/ X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/42#comment:2 Message-ID: <085.e882f9e5e000506fa697021de6529163@trac.tools.ietf.org> References: <070.4815d0321df1c7e00f76c8e99a03ba9d@trac.tools.ietf.org> X-Trac-Ticket-ID: 42 In-Reply-To: <070.4815d0321df1c7e00f76c8e99a03ba9d@trac.tools.ietf.org> X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Rcpt-To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, tobias.gondrom@gondrom.org, jeff.hodges@kingsmountain.com, websec@ietf.org X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false Resent-To: Resent-Message-Id: <20120710224715.0442F11E809F@ietfa.amsl.com> Resent-Date: Tue, 10 Jul 2012 15:47:15 -0700 (PDT) Resent-From: trac+websec@trac.tools.ietf.org Cc: websec@ietf.org Subject: Re: [websec] #42: STS exception for CRL fetching X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 22:47:15 -0000 #42: STS exception for CRL fetching Changes (by jeff.hodges@…): * status: new => closed * resolution: => wontfix -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-websec-strict- jeff.hodges@… | transport-sec@… Type: enhancement | Status: closed Priority: major | Milestone: Component: strict- | Version: transport-sec | Resolution: wontfix Severity: In WG Last | Call | Keywords: | -------------------------+------------------------------------------------- Ticket URL: websec From trac+websec@trac.tools.ietf.org Tue Jul 10 15:47:44 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F393C11E811F for ; Tue, 10 Jul 2012 15:47:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.23 X-Spam-Level: X-Spam-Status: No, score=-102.23 tagged_above=-999 required=5 tests=[AWL=0.369, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QVXmviZWjOpj for ; Tue, 10 Jul 2012 15:47:43 -0700 (PDT) Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [77.72.230.30]) by ietfa.amsl.com (Postfix) with ESMTP id 5E81C11E809F for ; Tue, 10 Jul 2012 15:47:43 -0700 (PDT) Received: from localhost ([127.0.0.1]:40088 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.77) (envelope-from ) id 1SojDx-0003Xb-FQ; Wed, 11 Jul 2012 00:48:05 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: "websec issue tracker" X-Trac-Version: 0.12.2 Precedence: bulk Auto-Submitted: auto-generated X-Mailer: Trac 0.12.2, by Edgewall Software To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com X-Trac-Project: websec Date: Tue, 10 Jul 2012 22:48:05 -0000 X-URL: http://tools.ietf.org/websec/ X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/47#comment:1 Message-ID: <085.919cd41fe861378cef08aa4e8cdfef20@trac.tools.ietf.org> References: <070.b22239f1d2f37ffa75cfd01d0a07c6b7@trac.tools.ietf.org> X-Trac-Ticket-ID: 47 In-Reply-To: <070.b22239f1d2f37ffa75cfd01d0a07c6b7@trac.tools.ietf.org> X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Rcpt-To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com, websec@ietf.org X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false Resent-To: Resent-Message-Id: <20120710224743.5E81C11E809F@ietfa.amsl.com> Resent-Date: Tue, 10 Jul 2012 15:47:43 -0700 (PDT) Resent-From: trac+websec@trac.tools.ietf.org Cc: websec@ietf.org Subject: Re: [websec] #47: HSTS: explicitly note that HSTS applies when following redirects X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 22:47:44 -0000 #47: HSTS: explicitly note that HSTS applies when following redirects Changes (by jeff.hodges@…): * status: new => closed * resolution: => fixed -- -------------------------------------+------------------------------------- Reporter: jeff.hodges@… | Owner: draft-ietf-websec- Type: enhancement | strict-transport-sec@… Priority: minor | Status: closed Component: strict-transport-sec | Milestone: Severity: Waiting for Shepherd | Version: Writeup | Resolution: fixed Keywords: | -------------------------------------+------------------------------------- Ticket URL: websec From trac+websec@trac.tools.ietf.org Tue Jul 10 15:49:11 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE95E11E810E for ; Tue, 10 Jul 2012 15:49:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.256 X-Spam-Level: X-Spam-Status: No, score=-102.256 tagged_above=-999 required=5 tests=[AWL=0.343, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w4hUpKjXBLk8 for ; Tue, 10 Jul 2012 15:49:11 -0700 (PDT) Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [77.72.230.30]) by ietfa.amsl.com (Postfix) with ESMTP id 15C6A11E809F for ; Tue, 10 Jul 2012 15:49:11 -0700 (PDT) Received: from localhost ([127.0.0.1]:40147 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.77) (envelope-from ) id 1SojFN-0007l3-1s; Wed, 11 Jul 2012 00:49:33 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: "websec issue tracker" X-Trac-Version: 0.12.2 Precedence: bulk Auto-Submitted: auto-generated X-Mailer: Trac 0.12.2, by Edgewall Software To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com X-Trac-Project: websec Date: Tue, 10 Jul 2012 22:49:33 -0000 X-URL: http://tools.ietf.org/websec/ X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/48#comment:1 Message-ID: <085.23dd803088c4b990e7e4b6f82a2eb716@trac.tools.ietf.org> References: <070.c516c03e0df3e433a3a17e558633262b@trac.tools.ietf.org> X-Trac-Ticket-ID: 48 In-Reply-To: <070.c516c03e0df3e433a3a17e558633262b@trac.tools.ietf.org> X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Rcpt-To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com, websec@ietf.org X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false Resent-To: Resent-Message-Id: <20120710224911.15C6A11E809F@ietfa.amsl.com> Resent-Date: Tue, 10 Jul 2012 15:49:11 -0700 (PDT) Resent-From: trac+websec@trac.tools.ietf.org Cc: websec@ietf.org Subject: Re: [websec] #48: HSTS: max-age value in section 10.1 is incorrect X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 22:49:11 -0000 #48: HSTS: max-age value in section 10.1 is incorrect Changes (by jeff.hodges@…): * status: new => closed * resolution: => fixed -- -------------------------------------+------------------------------------- Reporter: jeff.hodges@… | Owner: draft-ietf-websec- Type: defect | strict-transport-sec@… Priority: minor | Status: closed Component: strict-transport-sec | Milestone: Severity: Waiting for Shepherd | Version: Writeup | Resolution: fixed Keywords: | -------------------------------------+------------------------------------- Ticket URL: websec From trac+websec@trac.tools.ietf.org Tue Jul 10 15:49:58 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FE0911E810E for ; Tue, 10 Jul 2012 15:49:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.279 X-Spam-Level: X-Spam-Status: No, score=-102.279 tagged_above=-999 required=5 tests=[AWL=0.320, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OS5ujNfrx7uD for ; Tue, 10 Jul 2012 15:49:58 -0700 (PDT) Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [77.72.230.30]) by ietfa.amsl.com (Postfix) with ESMTP id E8C4111E809F for ; Tue, 10 Jul 2012 15:49:57 -0700 (PDT) Received: from localhost ([127.0.0.1]:40228 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.77) (envelope-from ) id 1SojG6-0001eJ-TM; Wed, 11 Jul 2012 00:50:18 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: "websec issue tracker" X-Trac-Version: 0.12.2 Precedence: bulk Auto-Submitted: auto-generated X-Mailer: Trac 0.12.2, by Edgewall Software To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com X-Trac-Project: websec Date: Tue, 10 Jul 2012 22:50:18 -0000 X-URL: http://tools.ietf.org/websec/ X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/49#comment:1 Message-ID: <085.61150372a78903dc674bb7ab7a0165b8@trac.tools.ietf.org> References: <070.62cb1c67b084dfe8f66d131aee36d6bd@trac.tools.ietf.org> X-Trac-Ticket-ID: 49 In-Reply-To: <070.62cb1c67b084dfe8f66d131aee36d6bd@trac.tools.ietf.org> X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Rcpt-To: draft-ietf-websec-strict-transport-sec@tools.ietf.org, jeff.hodges@kingsmountain.com, websec@ietf.org X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false Resent-To: Resent-Message-Id: <20120710224957.E8C4111E809F@ietfa.amsl.com> Resent-Date: Tue, 10 Jul 2012 15:49:57 -0700 (PDT) Resent-From: trac+websec@trac.tools.ietf.org Cc: websec@ietf.org Subject: Re: [websec] #49: HSTS: mention OCSP stapling aka "Certificate Status Request" TLS extension X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 22:49:58 -0000 #49: HSTS: mention OCSP stapling aka "Certificate Status Request" TLS extension Changes (by jeff.hodges@…): * status: new => closed * resolution: => fixed -- -------------------------------------+------------------------------------- Reporter: jeff.hodges@… | Owner: draft-ietf-websec- Type: enhancement | strict-transport-sec@… Priority: minor | Status: closed Component: strict-transport-sec | Milestone: Severity: Waiting for Shepherd | Version: Writeup | Resolution: fixed Keywords: | -------------------------------------+------------------------------------- Ticket URL: websec From Jeff.Hodges@KingsMountain.com Tue Jul 10 16:24:05 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D32711E80E0 for ; Tue, 10 Jul 2012 16:24:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.521 X-Spam-Level: X-Spam-Status: No, score=-100.521 tagged_above=-999 required=5 tests=[AWL=-0.026, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x+YxZp9EMtoC for ; Tue, 10 Jul 2012 16:24:05 -0700 (PDT) Received: from oproxy7-pub.bluehost.com (oproxy7.bluehost.com [IPv6:2605:dc00:100:2::a7]) by ietfa.amsl.com (Postfix) with SMTP id B4A1811E80A3 for ; Tue, 10 Jul 2012 16:24:04 -0700 (PDT) Received: (qmail 30357 invoked by uid 0); 10 Jul 2012 23:24:33 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy7.bluehost.com with SMTP; 10 Jul 2012 23:24:33 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=n4tROl85lFIh2oPhKbmxKhAJX0SxYnsmdPI2ShsiwTY=; b=ccI49S5U7YkIiqVNrJRU5sfs0viOI+gPgiOUO8LZXVfPYSCwzDRtzkAP6i0TjLX7hKPRjLn3q0tjGGsRIoa+x/GIbBkN+Z9uKMBpved9BPqj2wqtNWAMh3hHtQCNQBtd; Received: from [216.113.168.128] (port=44862 helo=[10.244.137.22]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SojnF-00051c-1X for websec@ietf.org; Tue, 10 Jul 2012 17:24:33 -0600 Message-ID: <4FFCB9B0.1030906@KingsMountain.com> Date: Tue, 10 Jul 2012 16:24:32 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: IETF WebSec WG Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com} Subject: [websec] new rev: draft-ietf-websec-strict-transport-sec-11 X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 23:24:05 -0000 New rev: https://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-11 full issue ticket list for strict-transport-sec: Redline spec diff from previous rev: https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-websec-strict-transport-sec-11.txt side-by-side diff from previous rev: https://tools.ietf.org/rfcdiff?url2=draft-ietf-websec-strict-transport-sec-11.txt All issue tickets are now closed. Change Log for this rev is below. =JeffH ============================================================== Appendix D. Change Log [RFCEditor: please remove this section upon publication as an RFC.] Changes are grouped by spec revision listed in reverse issuance order. D.1. For draft-ietf-websec-strict-transport-sec Changes from -10 to -11: 1. Various minor editorial fixes based on Barry Leiba's AD review, as well as ID-Nits warnings. 2. Clarification addition of directive-name and directive-value to Strict-Transport-Security ABNF in Section 6.1, from Barry's AD review. 3. Moved ref to RFC5894 to Informational since it is a truly informational reference. Changes from -09 to -10: --- end From palmer@google.com Tue Jul 10 16:55:41 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40C3E21F85FC for ; Tue, 10 Jul 2012 16:55:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.977 X-Spam-Level: X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L8bmwLJEjds5 for ; Tue, 10 Jul 2012 16:55:40 -0700 (PDT) Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) by ietfa.amsl.com (Postfix) with ESMTP id 6342211E8087 for ; Tue, 10 Jul 2012 16:55:40 -0700 (PDT) Received: by lbbgo11 with SMTP id go11so1004114lbb.31 for ; Tue, 10 Jul 2012 16:56:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record; bh=hTxJHOyCuBz1ZsNv4h4AdAltSKmUAwee9vdzKkBv+dE=; b=SVzGuOck70iKtRtZGywQl0bU0auGtd9XJ/fqzhqhsRuwg3uhboeu6q3LxZ8b2fykLv VZBa99wTllOFGFuvj7J5B2I3rpHp/XBBZ86wsnZzY7fY053OJlFDyDR6d2q++B0u12lN vf3ctYoCDrjyS7h3SRk/NlExvk1BxyY7JVjyzhjiie9gB2s6LIAt4B6w1u2RspUb/Qp5 uADalyx93zd6Uf7ZftNrkFMqgxveRfyEv4KZzqjvoNl9hnheaElda27Ac7q2xx7BimVY +69iphX8J/xrsYz6i2vU7jXYsdm2K16ARpkY7jEXRg6aPhN3wgpIh3wIFKKfw3bThAY+ /0mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=hTxJHOyCuBz1ZsNv4h4AdAltSKmUAwee9vdzKkBv+dE=; b=eahmmchwZB42J53I8Ur7ibDcWCgLcbB2ak9kr6YYrXotlYDj3YCvWOG4WEsB3omeGy f3Um0xCssbM3huYNsl2HP743GUTV7wO29ARE/lmGV/HE77lPcCX6uvg8+mr5LqP4srT/ aGBKN5uf6MrX/TBs5PYOAWN6Lwgzh5/bCGrOeVw6Z8MrI4ykjVhlwt3Ldhr5zLxuPZLV eqa3xX3QnfdCQEX6EPLL85EQvEhau8VRL3aj8dKqd94eYACwxE8eqVPw8satE0tkGBRO jhw6NixxZ3TtbzWArPHPbEwwKA4WmrL99F8UqQHqkFfGmjziif6I9FzLxUmt8DeNIsUQ ZpVw== Received: by 10.152.114.3 with SMTP id jc3mr47049696lab.11.1341964566944; Tue, 10 Jul 2012 16:56:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.152.114.3 with SMTP id jc3mr47049686lab.11.1341964566829; Tue, 10 Jul 2012 16:56:06 -0700 (PDT) Received: by 10.112.81.230 with HTTP; Tue, 10 Jul 2012 16:56:06 -0700 (PDT) In-Reply-To: <4FF36FBE.1030009@stpeter.im> References: <4FEE166B.3070007@KingsMountain.com> <4FEF19BF.9050203@gondrom.org> <4FF36FBE.1030009@stpeter.im> Date: Tue, 10 Jul 2012 16:56:06 -0700 Message-ID: From: Chris Palmer To: Peter Saint-Andre Content-Type: text/plain; charset=UTF-8 X-System-Of-Record: true X-Gm-Message-State: ALoCoQmDgR4ppSv4l/O61kwsyKvNrQIVZRX9vqWJpo31mVKbZ2S60MMwo3GseVYLYDsNQPXwNGNb1MShud/YhDDJYXBN8JwwnkMQO24jp+a+W15vYYqR+TtDBBpU7Kkist1e1mNlHuce5gX8EdFzW5cj2N9HPQVKKuNNzOJRxD2/s9N1FgaGb/0= Cc: websec@ietf.org Subject: Re: [websec] "This site is testing HSTS" directive (was Issue #41 add parameter indicating whether to hardfail or not) X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 23:55:41 -0000 On Tue, Jul 3, 2012 at 3:18 PM, Peter Saint-Andre wrote: > more testing before you deploy interesting architectures". Eric is right > that the negative consequences of getting it wrong here are more > significant than with DNS because the TTL of a pinned cert is much > longer than the TTL of a DNS record. Thus if you want to use HSTS, you > need to be more careful. Certainly it seems that an implementation note > would be warranted. I tend to agree with Jeff that if people feel a > strong need for this, they can do so in a separate I-D (I don't > particularly see a need for it to go into the core spec, but I might be > missing something). (HSTS is not the same as pinning, fwiw.) In my pinning draft (as it currently stands), you can set any TTL (max-age) you want; in TACK, you can revoke a pin any time you want. From iesg-secretary@ietf.org Wed Jul 11 08:09:09 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72AC321F8714; Wed, 11 Jul 2012 08:09:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.525 X-Spam-Level: X-Spam-Status: No, score=-102.525 tagged_above=-999 required=5 tests=[AWL=0.074, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xKoK8kETwbRi; Wed, 11 Jul 2012 08:09:08 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE25521F870E; Wed, 11 Jul 2012 08:09:08 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IETF-Announce X-Test-IDTracker: no X-IETF-IDTracker: 4.30p3 Message-ID: <20120711150908.6635.16188.idtracker@ietfa.amsl.com> Date: Wed, 11 Jul 2012 08:09:08 -0700 Cc: websec@ietf.org Subject: [websec] Last Call: (HTTP Strict Transport Security (HSTS)) to Proposed Standard X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ietf@ietf.org List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jul 2012 15:09:09 -0000 The IESG has received a request from the Web Security WG (websec) to consider the following document: - 'HTTP Strict Transport Security (HSTS)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2012-07-25. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This specification defines a mechanism enabling web sites to declare themselves accessible only via secure connections, and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections. This overall policy is referred to as HTTP Strict Transport Security (HSTS). The policy is declared by web sites via the Strict-Transport-Security HTTP response header field, and/or by other means, such as user agent configuration, for example. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport-sec/ballot/ This Proposed Standard has downrefs to the following Informational RFCs: RFC 2818, HTTP Over TLS RFC 5895, Mapping Characters for IDNA ...and a normative reference to the following obsolete RFC, which is cited alongside its replacement: RFC 3490, Internationalizing Domain Names in Applications No IPR declarations have been submitted directly on this I-D. From bhill@paypal-inc.com Wed Jul 11 14:35:02 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCECC11E814B for ; Wed, 11 Jul 2012 14:35:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.117 X-Spam-Level: X-Spam-Status: No, score=-9.117 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yh+IWkRXKNvj for ; Wed, 11 Jul 2012 14:35:01 -0700 (PDT) Received: from den-mipot-001.corp.ebay.com (den-mipot-001.corp.ebay.com [216.113.175.152]) by ietfa.amsl.com (Postfix) with ESMTP id A17DB11E811E for ; Wed, 11 Jul 2012 14:35:01 -0700 (PDT) DomainKey-Signature: s=ppinc; d=paypal-inc.com; c=nofws; q=dns; h=X-EBay-Corp:X-IronPort-AV:Received:Received:From:To: Subject:Thread-Topic:Thread-Index:Date:Message-ID: Accept-Language:Content-Language:X-MS-Has-Attach: X-MS-TNEF-Correlator:x-originating-ip:x-ems-proccessed: x-ems-stamp:Content-Type:Content-Transfer-Encoding: MIME-Version:X-CFilter; b=FXOl7J3PlVGLtnxCDPLWJAwVdXJaRTYS/2noWi9beBWksdOzX+8qOiXo UPu2cJ+bQPZfzmMs/yRNND/zrmU64dNUbVr8CbigDcRriienMmdIFEAk4 xHL4W5LLMWtMRdb; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paypal-inc.com; i=bhill@paypal-inc.com; q=dns/txt; s=ppinc; t=1342042533; x=1373578533; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=7EdTQAeSlILWqFaY2x6V7GJ4y9zfpt2ydsoY0Js7Tow=; b=bJBwzrfW6Xy2fxgt6Xfdns/tKDvf29JM+JzN8xUgve6Ypz958klKh12x g3mbBq1rpTalyvIGvdDkDj3d2QDoluImAwY5+cyvFdJgX99EcnojySV3B a6GCYB7/DSB0yFd; X-EBay-Corp: Yes X-IronPort-AV: E=Sophos;i="4.77,569,1336374000"; d="scan'208";a="8614056" Received: from den-vtenf-002.corp.ebay.com (HELO DEN-EXMHT-002.corp.ebay.com) ([10.101.112.213]) by den-mipot-001.corp.ebay.com with ESMTP; 11 Jul 2012 14:35:32 -0700 Received: from DEN-EXDDA-S12.corp.ebay.com ([fe80::40c1:9cf7:d21e:46c]) by DEN-EXMHT-002.corp.ebay.com ([fe80::cbe:ffa5:17f0:a24a%14]) with mapi id 14.02.0298.004; Wed, 11 Jul 2012 15:35:28 -0600 From: "Hill, Brad" To: "websec@ietf.org" Thread-Topic: Frame-Options Rosetta Stone (also: frame-ancestors, embed-ancestors) Thread-Index: Ac1frRWl1G+EwSrATzCVqvzD0wpC/g== Date: Wed, 11 Jul 2012 21:35:28 +0000 Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E17FA96@DEN-EXDDA-S12.corp.ebay.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.245.27.243] x-ems-proccessed: 10SqDH0iR7ekR7SRpKqm5A== x-ems-stamp: AbhjyBw2iBeIf+l3Obq0ZA== Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter: Scanned Subject: [websec] Frame-Options Rosetta Stone (also: frame-ancestors, embed-ancestors) X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jul 2012 21:35:03 -0000 To add some context to the Frame-Options and CSP UI Safety directives discu= ssion, here's my summary of the current and historical proposals: HTML-based web applications can embed or "frame" other web applications. Un= fortunately, if done in an unrestricted fashion, this can lead to various a= ttacks, both on the embedded/framed application, or on the framing applicat= ion (the "ancestor").=20 There are various extant, similar approaches to mitigating this, both deplo= yed and proposed, and their names vary somewhat.=20 This message is an attempt to list all the various names of, and briefly su= mmarize, each approach.=20 The approaches are: "X-Frame-Options" HTTP response header field "frame-ancestors" Content Security Policy directive=20 "Frame-Options" HTTP response header field "embed-ancestors" of Content Security Policy UI Safety directives Details: X-Frame-Options: This was the first widely adopted solution to clickjacking, a header to ins= truct user agents to disallow embedding a resource in an iframe, or only al= low it in top-level resources of the same origin. Developed independently = by Microsoft in Internet Explorer, support for the header has been widely i= mplemented in other browsers. https://datatracker.ietf.org/doc/draft-ietf-websec-x-frame-options/ tracks = the status of an effort at the WebSec WG to document the existing behavior = of applications setting and user agents supporting X-Frame-Options in an in= formational-track I-D. (note: this specification is distinct from the "Fra= me-options" spec discussed below) In this draft, the supported parameters are: "DENY", "SAMEORIGIN" and "ALLO= W-FROM". It's behaviors are specified to apply to content embedded through the ifram= e, frame, and object tags, as well as plugins that "appear essentially as f= rames". There is some risk of confusion induced by the fact that the draft includes= the "ALLOW-FROM" parameter, which was added after the original X-Frame-Opt= ions "specification" (in a couple of posts on blogs.msdn.com) and is not un= iformly implemented in the user agent population. =20 Current implementations also do not consider "port" as a component of the o= rigin, conflicting with [RFC6454]. Although the draft primarily specifies behavior implemented by web user age= nts regarding HTML rendering, it was accepted by the WebSec WG of the IETF = rather than be developed in the W3C as the goal is primarily to document ex= isting deployed behavior. Content Security Policy "frame-ancestors" directive: Early drafts of the W3C Content Security Policy specification proposed a "f= rame-ancestors" directive with functionality substantially similar to the "= ALLOW-FROM" feature of X-Frame-Options, but required that the check be appl= ied to all embedding ancestor resources, not just the origin of the top-lev= el window. This directive was dropped from the CSP 1.0 as it was felt to b= e substantially different in character from the other directives in that sp= ecification. Frame-Options: https://datatracker.ietf.org/doc/draft-ietf-websec-frame-options/ tracks = a standards-track effort in the IETF WebSec WG to update and remove the "X-= " prefix from X-Frame-Options. The behavior specified is substantially sim= ilar with the addition of an optional "AllAncestors" flag which requires th= e same behavior as the "frame-ancestors" directive of CSP. Content Security Policy UI Safety directives: http://dvcs.w3.org/hg/user-interface-safety/raw-file/tip/user-interface-saf= ety.html is the latest editors' draft for a new set of directives for the = Content Security Policy header that specify heuristic protections for click= jacking and some other classes of UI redressing. =20 It has been proposed that the "frame-ancestors" directive, which was droppe= d from CSP 1.0, should be revived as "embed-ancestors" as part of the set o= f UI Safety directives, and that it should obsolete X-Frame-Options, that i= s, user agents which understand UI Safety directives should ignore X-Frame-= Options if any such directives are found. For example, some web applicatio= n authors may wish to allow embedding of resources if and only if the heuri= stic protections of the other UI Safety Directives are understood, and fall= back to an X-Frame-Options "DENY" or "SAMEORIGIN" policy otherwise. -Brad Hill From dross@microsoft.com Wed Jul 11 17:21:47 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9933911E8176 for ; Wed, 11 Jul 2012 17:21:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kMA5+T68AeYo for ; Wed, 11 Jul 2012 17:21:47 -0700 (PDT) Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe005.messaging.microsoft.com [216.32.181.185]) by ietfa.amsl.com (Postfix) with ESMTP id D10C611E816F for ; Wed, 11 Jul 2012 17:21:46 -0700 (PDT) Received: from mail46-ch1-R.bigfish.com (10.43.68.240) by CH1EHSOBE014.bigfish.com (10.43.70.64) with Microsoft SMTP Server id 14.1.225.23; Thu, 12 Jul 2012 00:19:54 +0000 Received: from mail46-ch1 (localhost [127.0.0.1]) by mail46-ch1-R.bigfish.com (Postfix) with ESMTP id CEB82160204; Thu, 12 Jul 2012 00:19:54 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -28 X-BigFish: VS-28(zz9371I542M1418I1447Izz1202hzz1033IL8275bh8275dhz2fh2a8h668h839h944hd25hf0ah107ah) Received-SPF: pass (mail46-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=dross@microsoft.com; helo=TK5EX14MLTC101.redmond.corp.microsoft.com ; icrosoft.com ; Received: from mail46-ch1 (localhost.localdomain [127.0.0.1]) by mail46-ch1 (MessageSwitch) id 1342052392646677_25351; Thu, 12 Jul 2012 00:19:52 +0000 (UTC) Received: from CH1EHSMHS010.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.240]) by mail46-ch1.bigfish.com (Postfix) with ESMTP id 922303A0047; Thu, 12 Jul 2012 00:19:52 +0000 (UTC) Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS010.bigfish.com (10.43.70.10) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 12 Jul 2012 00:19:52 +0000 Received: from TK5EX14MBXC216.redmond.corp.microsoft.com ([169.254.6.48]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([157.54.79.178]) with mapi id 14.02.0298.005; Thu, 12 Jul 2012 00:22:13 +0000 From: David Ross To: "Hill, Brad" , Tobias Gondrom , "websec@ietf.org" Thread-Topic: [websec] Coordinating Frame-Options and CSP UI Safety directives Thread-Index: Ac1eARMykz8Gk35PQYOw0F4CVEc1fgAKMP0AAAFdb4AAZMpUwA== Date: Thu, 12 Jul 2012 00:22:12 +0000 Message-ID: <68291699F5EA8848B0EAC2E78480571F053A3186@TK5EX14MBXC216.redmond.corp.microsoft.com> References: <370C9BEB4DD6154FA963E2F79ADC6F2E1799AD@DEN-EXDDA-S12.corp.ebay.com> <4FFB67EE.406@gondrom.org> <370C9BEB4DD6154FA963E2F79ADC6F2E17AE18@DEN-EXDDA-S12.corp.ebay.com> In-Reply-To: <370C9BEB4DD6154FA963E2F79ADC6F2E17AE18@DEN-EXDDA-S12.corp.ebay.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.23] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directives X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2012 00:21:47 -0000 Responding to a few of the points in Brad's original mail on this thread... My concern is mostly around the degree to which a move to CSP might complic= ate or stall the process. I'd also prefer not to see additional use cases = pop up (eg: click fraud prevention) that just were never in scope before. I think that w.r.t. header bloat, the most sensible approach is to only all= ow one origin to be specified. CSP by-design facilitates the use of multip= le origins. As we've discussed w/Frame-Options, there is a design pattern = to make the more basic single-origin approach functional. I would hate to = see hosts serving up source lists of hundreds of origins, just because they= can. I think that is exactly what will happen if we support multiple orig= ins. With regard to obsolescence of X-FRAME-OPTIONS, it's easy to specify exactl= y what happens in the FRAME-OPTIONS spec. I don't see that CSP inherently = improves on that but I may be missing something there. The advantage I see of bringing FRAME-OPTIONS into CSP is that it makes CSP= more comprehensive. But I suspect there are plenty of other header-relate= d security features that aren't defined by CSP (eg: the origin header, cook= ie security). Finally, as Brad pointed out in the rosetta stone thread, Frame-Options pro= vides the flexibility to perform only a top level origin check as opposed t= o a full ancestor check. (Specified via the "AllAncestors" flag.) David Ross dross@microsoft.com -----Original Message----- From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On Behalf Of= Hill, Brad Sent: Monday, July 09, 2012 5:03 PM To: Tobias Gondrom; websec@ietf.org Cc: public-webappsec@w3.org Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directiv= es Tobias, I'm happy to move the discussion primarily to websec, and I'll drop the cc= : to webappsec after this email. Thanks for the historical clarification, = as well. I'm not terribly concerned about which group does the work, as much as arri= ving at the engineering solution that works best for user agent and resourc= e authors, some of whom have expressed preference for moving this functiona= lity into CSP. As both a chair and an individual, I don't have a strong pr= eference, but I think there are reasons in favor of each option and it is w= orth re-opening the discussion now that the WebAppSec WG has a concrete del= iverable under development to address the same general class of attacks. I'll send out a summary shortly of the similarities and differences between= the various options currently proposed for some additional context. -Brad Hill _______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec From Jeff.Hodges@KingsMountain.com Thu Jul 12 17:29:34 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77E1D11E80BC for ; Thu, 12 Jul 2012 17:29:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.457 X-Spam-Level: X-Spam-Status: No, score=-100.457 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fb6hBjfvBKIO for ; Thu, 12 Jul 2012 17:29:33 -0700 (PDT) Received: from oproxy5-pub.bluehost.com (oproxy5.bluehost.com [IPv6:2605:dc00:100:2::a5]) by ietfa.amsl.com (Postfix) with SMTP id 9DE1F11E8098 for ; Thu, 12 Jul 2012 17:29:33 -0700 (PDT) Received: (qmail 27540 invoked by uid 0); 13 Jul 2012 00:30:08 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy2.bluehost.com with SMTP; 13 Jul 2012 00:30:08 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=jv1uFmwIL9ERb36vrsOEMNfCvdQsfm7z130yvqLrVBo=; b=BWf6Cpq9NSvjLbAyhhc+hlwy0swMloK+jvmXgBkv1sho8JTYmqV2Got68+6irc/bTEaj8+LlLSSXlR2h6K5WGfS5HovJr3mASt7zsEK5InMoMBlAWZsvmqaDv3+F25of; Received: from [216.113.168.128] (port=17898 helo=[10.244.137.22]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SpTlm-0001P7-7K; Thu, 12 Jul 2012 18:30:06 -0600 Message-ID: <4FFF6C0C.7010404@KingsMountain.com> Date: Thu, 12 Jul 2012 17:30:04 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: David Ross , IETF WebSec WG Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com} Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directives X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2012 00:29:34 -0000 thanks for your thoughts Dave, > My concern is mostly around the degree to which a move to CSP might > complicate or stall the process. by this I presume you mean the process of producing a spec for a standardized "frame-options" (i.e., the successor to "x-frame-options"). I don't think leveraging CSP as a framework, per se, would necessarily slow this down. > I'd also prefer not to see additional use > cases pop up (eg: click fraud prevention) that just were never in scope > before. I think it's reasonable to discuss whether the "frame-options" policy directive (aka "frame-ancestors", "embed-ancestors") should be specified as a part of the nascent "UI Safety directives" spec (in W3C WebAppSec), or the CSP 1.1 spec (in W3C WebAppSec), or as a stand-alone spec. > I think that w.r.t. header bloat, Ah, so there's two aspects to "header bloat" in this discussion.. 1. "header bloat" in relation to possibly defining yet another HTTP header field to convey a security policy, i.e. a stand-alone "frame-options" header field. 2. "header value bloat" in terms of having a header field into which server operators may feel obliged to cram a huge list of items (i.e., origins). From a high-level perspective, casting "frame-options" as a CSP directive works towards addressing (1). > the most sensible approach is to only allow one origin to be specified. And this statement is addressing (2). > CSP by-design facilitates the use of multiple origins. However, the ABNF of any particular CSP directive can be crafted in order to allow only one origin to be specified as a value, e.g. like so.. directive-name = "frame-options" directive-value = host-source [ where host-source is defined as.. host-source = [ scheme "://" ] host [ port ] ] > As we've discussed w/Frame-Options, there is a design pattern to > make the more basic single-origin approach functional. understood. (fwiw, I'd term what you're calling a "design pattern" as a "implementation and deployment technique") > With regard to obsolescence of X-FRAME-OPTIONS, it's easy to specify exactly > what happens in the FRAME-OPTIONS spec. I don't see that CSP inherently > improves on that but I may be missing something there. regardless of which specification vehicle we use for the "frame-options" policy directive, we'll be able to denote (in some fashion) that it supersedes the old "x-frame-options" header. (this is going to be somewhat messy in any case) > The advantage I see of bringing FRAME-OPTIONS into CSP is that it makes CSP > more comprehensive. But I suspect there are plenty of other header-related > security features that aren't defined by CSP (eg: the origin header, cookie > security). well, of course CSP doesn't encompass "everything" and isn't intended to. But we certainly should be carefully considering consolidating policy directive conveyance as appropriate, and the "frame-options" (aka "frame-ancestors", "embed-ancestors") notion seems to fall reasonably within the "content security policy" space -- a key aspect being that it is regarding a particular resource representation (as I presently understand it). > Finally, as Brad pointed out in the rosetta stone thread, Frame-Options > provides the flexibility to perform only a top level origin check as opposed > to a full ancestor check. (Specified via the "AllAncestors" flag.) Well, the "AllAncestors" flag can certainly be added to a CSP-based "frame-options" policy directive. e.g. by defining a new "keyword-source" of 'all-ancestors'. =JeffH From dross@microsoft.com Mon Jul 16 10:54:47 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6787411E825C for ; Mon, 16 Jul 2012 10:54:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.467 X-Spam-Level: X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KNRh73KLkB7z for ; Mon, 16 Jul 2012 10:54:46 -0700 (PDT) Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe002.messaging.microsoft.com [213.199.154.205]) by ietfa.amsl.com (Postfix) with ESMTP id E861B11E827B for ; Mon, 16 Jul 2012 10:54:45 -0700 (PDT) Received: from mail47-am1-R.bigfish.com (10.3.201.234) by AM1EHSOBE008.bigfish.com (10.3.204.28) with Microsoft SMTP Server id 14.1.225.23; Mon, 16 Jul 2012 17:55:29 +0000 Received: from mail47-am1 (localhost [127.0.0.1]) by mail47-am1-R.bigfish.com (Postfix) with ESMTP id E1529203AA for ; Mon, 16 Jul 2012 17:55:29 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC106.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -19 X-BigFish: VS-19(zz9371I542M1418I604Tzz1202hzzz2fh2a8h683h839h944hd25hf0ah107ah) Received-SPF: pass (mail47-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=dross@microsoft.com; helo=TK5EX14HUBC106.redmond.corp.microsoft.com ; icrosoft.com ; X-Forefront-Antispam-Report-Untrusted: CIP:157.56.234.5; KIP:(null); UIP:(null); (null); H:SN2PRD0310HT004.namprd03.prod.outlook.com; R:internal; EFV:INT Received: from mail47-am1 (localhost.localdomain [127.0.0.1]) by mail47-am1 (MessageSwitch) id 1342461327804909_26176; Mon, 16 Jul 2012 17:55:27 +0000 (UTC) Received: from AM1EHSMHS005.bigfish.com (unknown [10.3.201.229]) by mail47-am1.bigfish.com (Postfix) with ESMTP id C2EF524008C for ; Mon, 16 Jul 2012 17:55:27 +0000 (UTC) Received: from TK5EX14HUBC106.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS005.bigfish.com (10.3.207.105) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 16 Jul 2012 17:55:27 +0000 Received: from co1outboundpool.messaging.microsoft.com (157.54.51.114) by mail.microsoft.com (157.54.80.61) with Microsoft SMTP Server (TLS) id 14.2.309.3; Mon, 16 Jul 2012 17:55:24 +0000 Received: from mail59-co1-R.bigfish.com (10.243.78.249) by CO1EHSOBE008.bigfish.com (10.243.66.71) with Microsoft SMTP Server id 14.1.225.23; Mon, 16 Jul 2012 17:55:24 +0000 Received: from mail59-co1 (localhost [127.0.0.1]) by mail59-co1-R.bigfish.com (Postfix) with ESMTP id 5C57688024C for ; Mon, 16 Jul 2012 17:55:24 +0000 (UTC) Received: from mail59-co1 (localhost.localdomain [127.0.0.1]) by mail59-co1 (MessageSwitch) id 1342461322167199_22508; Mon, 16 Jul 2012 17:55:22 +0000 (UTC) Received: from CO1EHSMHS016.bigfish.com (unknown [10.243.78.247]) by mail59-co1.bigfish.com (Postfix) with ESMTP id 1D5C7400044; Mon, 16 Jul 2012 17:55:22 +0000 (UTC) Received: from SN2PRD0310HT004.namprd03.prod.outlook.com (157.56.234.5) by CO1EHSMHS016.bigfish.com (10.243.66.26) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 16 Jul 2012 17:55:21 +0000 Received: from SN2PRD0310MB395.namprd03.prod.outlook.com ([169.254.3.253]) by SN2PRD0310HT004.namprd03.prod.outlook.com ([10.255.112.39]) with mapi id 14.16.0175.005; Mon, 16 Jul 2012 17:55:20 +0000 From: David Ross To: =JeffH , IETF WebSec WG Thread-Topic: [websec] Coordinating Frame-Options and CSP UI Safety directives Thread-Index: AQHNYI6lkz8Gk35PQYOw0F4CVEc1fpcsMs4A Date: Mon, 16 Jul 2012 17:55:20 +0000 Message-ID: <9B5348748B708948989B17CC0AEA3DD004936E@SN2PRD0310MB395.namprd03.prod.outlook.com> References: <4FFF6C0C.7010404@KingsMountain.com> In-Reply-To: <4FFF6C0C.7010404@KingsMountain.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [131.107.174.87] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OrganizationHeadersPreserved: SN2PRD0310HT004.namprd03.prod.outlook.com X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%KINGSMOUNTAIN.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-CrossPremisesHeadersPromoted: TK5EX14HUBC106.redmond.corp.microsoft.com X-CrossPremisesHeadersFiltered: TK5EX14HUBC106.redmond.corp.microsoft.com X-OriginatorOrg: microsoft.com Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directives X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jul 2012 17:54:47 -0000 In the interest of bloat as measured in bits, in this case it makes sense t= o optimize for (2), reducing header value bloat, even if this is at the exp= ense of (1), reducing header name bloat. I was worried that with CSP we ca= n't achieve on (2). But if we can specify the ABNF as you suggest below, t= hat solves the problem. I also would like to see the inclusion of the AllAncestors flag as you sugg= est below. Or if it makes more sense here, a "NoAncestors" flag. Dave -----Original Message----- From: =3DJeffH [mailto:Jeff.Hodges@KingsMountain.com]=20 Sent: Thursday, July 12, 2012 5:30 PM To: David Ross; IETF WebSec WG Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directiv= es thanks for your thoughts Dave, > My concern is mostly around the degree to which a move to CSP might > c= omplicate or stall the process. by this I presume you mean the process of producing a spec for a standardiz= ed "frame-options" (i.e., the successor to "x-frame-options"). I don't think leveraging CSP as a framework, per se, would necessarily slow= this down. > I'd also prefer not to see additional use > cases pop up (eg: click fr= aud prevention) that just were never in scope > before. I think it's reasonable to discuss whether the "frame-options" policy direc= tive (aka "frame-ancestors", "embed-ancestors") should be specified as a pa= rt of the nascent "UI Safety directives" spec (in W3C WebAppSec), or the CS= P 1.1 spec (in W3C WebAppSec), or as a stand-alone spec. > I think that w.r.t. header bloat, Ah, so there's two aspects to "header bloat" in this discussion.. 1. "header bloat" in relation to possibly defining yet another HTTP header = field to convey a security policy, i.e. a stand-alone "frame-options" heade= r field. 2. "header value bloat" in terms of having a header field into which server= operators may feel obliged to cram a huge list of items (i.e., origins). From a high-level perspective, casting "frame-options" as a CSP directive = works towards addressing (1). > the most sensible approach is to only allow one origin to be specified. And this statement is addressing (2). > CSP by-design facilitates the use of multiple origins. However, the ABNF of any particular CSP directive can be crafted in order t= o=20 allow only one origin to be specified as a value, e.g. like so.. directive-name =3D "frame-options" directive-value =3D host-source [ where host-source is defined as.. host-source =3D [ scheme "://" ] host [ port ] ] > As we've discussed w/Frame-Options, there is a design pattern to > make the more basic single-origin approach functional. understood. (fwiw, I'd term what you're calling a "design pattern" as a "implementation= and=20 deployment technique") > With regard to obsolescence of X-FRAME-OPTIONS, it's easy to specify exa= ctly > what happens in the FRAME-OPTIONS spec. I don't see that CSP inherently > improves on that but I may be missing something there. regardless of which specification vehicle we use for the "frame-options" po= licy=20 directive, we'll be able to denote (in some fashion) that it supersedes the= old=20 "x-frame-options" header. (this is going to be somewhat messy in any case) > The advantage I see of bringing FRAME-OPTIONS into CSP is that it makes = CSP > more comprehensive. But I suspect there are plenty of other header-rela= ted > security features that aren't defined by CSP (eg: the origin header, coo= kie > security). well, of course CSP doesn't encompass "everything" and isn't intended to. B= ut we=20 certainly should be carefully considering consolidating policy directive=20 conveyance as appropriate, and the "frame-options" (aka "frame-ancestors",= =20 "embed-ancestors") notion seems to fall reasonably within the "content secu= rity=20 policy" space -- a key aspect being that it is regarding a particular resou= rce=20 representation (as I presently understand it). > Finally, as Brad pointed out in the rosetta stone thread, Frame-Options > provides the flexibility to perform only a top level origin check as opp= osed > to a full ancestor check. (Specified via the "AllAncestors" flag.) Well, the "AllAncestors" flag can certainly be added to a CSP-based=20 "frame-options" policy directive. e.g. by defining a new "keyword-source" o= f=20 'all-ancestors'. =3DJeffH From Jeff.Hodges@KingsMountain.com Mon Jul 16 17:05:11 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9AF611E811A for ; Mon, 16 Jul 2012 17:05:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -98.37 X-Spam-Level: X-Spam-Status: No, score=-98.37 tagged_above=-999 required=5 tests=[AWL=-0.516, BAYES_40=-0.185, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, SARE_SUB_OBFU_Q1=0.227, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PoCch-hnWlDq for ; Mon, 16 Jul 2012 17:05:11 -0700 (PDT) Received: from oproxy9.bluehost.com (oproxy9.bluehost.com [IPv6:2605:dc00:100:2::a2]) by ietfa.amsl.com (Postfix) with SMTP id 1E36311E80A3 for ; Mon, 16 Jul 2012 17:05:11 -0700 (PDT) Received: (qmail 13510 invoked by uid 0); 17 Jul 2012 00:05:57 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy9.bluehost.com with SMTP; 17 Jul 2012 00:05:57 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=kEzMcr55DBlpLgHKueaXNhfnP0FX9FSXg7TBS51HHC0=; b=nkYGpyqrIKWd8f+3OTeY3vh1uEQTGIg9+PtS43Ivn3C+xmUsfjiRqiTXX3nQd6aoedTr8LVaFTSlx0J0R4uJlJmbonlxI7ubTnJvRJQg55KCc1dudh3xe7PpZt8nTfWe; Received: from [24.4.122.173] (port=55036 helo=[192.168.11.13]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SqvIa-0004uJ-Nm for websec@ietf.org; Mon, 16 Jul 2012 18:05:56 -0600 Message-ID: <5004AC63.3070909@KingsMountain.com> Date: Mon, 16 Jul 2012 17:05:55 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: IETF WebSec WG Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 24.4.122.173 authed with jeff.hodges+kingsmountain.com} Subject: [websec] new rev: draft-hodges-websec-framework-reqs-02 X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jul 2012 00:05:11 -0000 Hi, There's a new revision, draft-hodges-websec-framework-reqs-02, in the I-D repository. Unfortunately, it's not very different from -01, and is mostly there to keep the draft alive. I'll be trying to circle back to work on this draft once HSTS is firmly ensconced on the RFC-edtitor's queue. thanks, =JeffH From tobias.gondrom@gondrom.org Tue Jul 17 09:17:27 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFE4121F8638 for ; Tue, 17 Jul 2012 09:17:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -98.672 X-Spam-Level: X-Spam-Status: No, score=-98.672 tagged_above=-999 required=5 tests=[AWL=-1.894, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kzNJTHwCM1uM for ; Tue, 17 Jul 2012 09:17:27 -0700 (PDT) Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id B6DBA21F8615 for ; Tue, 17 Jul 2012 09:17:26 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=HOjjHnMaynXRSIgI1plqFyIsjcbPucbekDNRAcTlxjyl8vMMvD5yGrcvuvP74RbIsK7xCQJFc66S+cuOo1z8/wrzCCbJ65yX3XXr8JLZ30mXjCCF1c1bAzeDmcr66K7b; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:X-Priority:References:In-Reply-To:X-Forwarded-Message-Id:Content-Type:Content-Transfer-Encoding; Received: (qmail 7989 invoked from network); 17 Jul 2012 18:18:11 +0200 Received: from 94-194-102-93.zone8.bethere.co.uk (HELO ?192.168.1.64?) (94.194.102.93) by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 17 Jul 2012 18:18:11 +0200 Message-ID: <50059043.8090909@gondrom.org> Date: Tue, 17 Jul 2012 17:18:11 +0100 From: Tobias Gondrom User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: websec@ietf.org X-Priority: 2 (High) References: <4F668329.2050001@gondrom.org> In-Reply-To: <4F668329.2050001@gondrom.org> X-Forwarded-Message-Id: <4F668329.2050001@gondrom.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [websec] Websec WG meeting in Vancouver July-31 - submit agenda topics until July-21? X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jul 2012 16:17:28 -0000 Hi websec fellows, our websec meeting in Vancouver has been scheduled for Tuesday July-31 morning 9:00-10:20 in Room "Georgia B". Very much looking forward to meeting you all there! As fortunately HSTS has passed WGLC and is now in IETF LC, we will have to opportunity to focus on new topics for websec and progress our other work items, e.g. the frameworks requirements, cert pinning, etc. If you have a presentation topic or new topic for websec, please let us know ASAP, so we can work on the agenda. Please, document authors and interested presenters contact Alexey and me ASAP about your topics and how much time you need to present. This time we will also have a remote presentation capability (Webex) in addition to the audio stream and jabber, so in case you can not make it to Vancouver, you can have a better meeting experience and could even present remotely! As we are currently preparing the agenda for the websec meeting, please submit proposals for presentations and discussions to Alexey, Yoav and myself as soon as possible as we will have to prepare and close the agenda for websec very soon. Kind regards and looking forward to our meeting in Vancouver! Tobias (websec co-chair) From bhill@paypal-inc.com Tue Jul 17 16:29:03 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BBFD11E80E3 for ; Tue, 17 Jul 2012 16:29:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.117 X-Spam-Level: X-Spam-Status: No, score=-9.117 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7tXG0pSJRhFn for ; Tue, 17 Jul 2012 16:29:02 -0700 (PDT) Received: from den-mipot-001.corp.ebay.com (den-mipot-001.corp.ebay.com [216.113.175.152]) by ietfa.amsl.com (Postfix) with ESMTP id 94E7A11E80B6 for ; Tue, 17 Jul 2012 16:29:02 -0700 (PDT) DomainKey-Signature: s=ppinc; d=paypal-inc.com; c=nofws; q=dns; h=X-EBay-Corp:X-IronPort-AV:Received:Received:From:To: Subject:Thread-Topic:Thread-Index:Date:Message-ID: References:In-Reply-To:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:x-originating-ip: x-ems-proccessed:x-ems-stamp:Content-Type: Content-Transfer-Encoding:MIME-Version:X-CFilter; b=dn9+Cte4G6jnTHGcTr+4wNCz5zeq/IxWfCHyp1QeoXKQMFT8tOBD2IHN WbgLtTbriTsXK37PAzkBfvqRNTg9HKfPJn/RJtV33h2yH7zdNFtmmVPyf DIw7ZB5w5wIg9b8; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paypal-inc.com; i=bhill@paypal-inc.com; q=dns/txt; s=ppinc; t=1342567792; x=1374103792; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=tsR5xXo3FYzMq6/SIl/h3pJQXRYh9k5k4bqiwMwr2Ks=; b=nUTaHJGZSNWvMn7qpHSqXSwgmMP25xWoKLwackptChYX0DnjXGhq6FPo +4iGRbaA0HmHr6KHcSQPq1vFWtZKS2GFhJsb3RBUtwSGjBTZ8TxvC6Kb9 PywyNRxwEAt3FU1; X-EBay-Corp: Yes X-IronPort-AV: E=Sophos;i="4.77,606,1336374000"; d="scan'208";a="8698802" Received: from den-vtenf-002.corp.ebay.com (HELO DEN-EXMHT-002.corp.ebay.com) ([10.101.112.213]) by den-mipot-001.corp.ebay.com with ESMTP; 17 Jul 2012 16:29:51 -0700 Received: from DEN-EXDDA-S12.corp.ebay.com ([fe80::40c1:9cf7:d21e:46c]) by DEN-EXMHT-002.corp.ebay.com ([fe80::cbe:ffa5:17f0:a24a%14]) with mapi id 14.02.0298.004; Tue, 17 Jul 2012 17:29:49 -0600 From: "Hill, Brad" To: Tobias Gondrom , "websec@ietf.org" Thread-Topic: [websec] Websec WG meeting in Vancouver July-31 - submit agenda topics until July-21? Thread-Index: AQHNZDffuKpIgtozrUaRjlVq7y2hL5cuHyqw Date: Tue, 17 Jul 2012 23:29:48 +0000 Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E187B94@DEN-EXDDA-S12.corp.ebay.com> References: <4F668329.2050001@gondrom.org> <50059043.8090909@gondrom.org> In-Reply-To: <50059043.8090909@gondrom.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.245.27.243] x-ems-proccessed: 10SqDH0iR7ekR7SRpKqm5A== x-ems-stamp: b3xJQCn6uYZlyGry1y9FbA== Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter: Scanned Subject: Re: [websec] Websec WG meeting in Vancouver July-31 - submit agenda topics until July-21? X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jul 2012 23:29:03 -0000 Tobias, I'd like to ask for some time on the agenda to discuss the future policy c= onveyance for framing/embedding options for HTTP resources. EKR and JeffH = will be in Vancouver from the WebAppSec WG and I will be participating remo= tely. Thanks, Brad Hill W3C WebAppSec WG co-chair > -----Original Message----- > From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On > Behalf Of Tobias Gondrom > Sent: Tuesday, July 17, 2012 9:18 AM > To: websec@ietf.org > Subject: [websec] Websec WG meeting in Vancouver July-31 - submit agenda > topics until July-21? > Importance: High >=20 > Hi websec fellows, >=20 > our websec meeting in Vancouver has been scheduled for Tuesday July-31 > morning 9:00-10:20 in Room "Georgia B". Very much looking forward to > meeting you all there! >=20 > As fortunately HSTS has passed WGLC and is now in IETF LC, we will have t= o > opportunity to focus on new topics for websec and progress our other work > items, e.g. the frameworks requirements, cert pinning, etc. >=20 > If you have a presentation topic or new topic for websec, please let us k= now > ASAP, so we can work on the agenda. Please, document authors and > interested presenters contact Alexey and me ASAP about your topics and > how much time you need to present. >=20 > This time we will also have a remote presentation capability (Webex) in > addition to the audio stream and jabber, so in case you can not make it t= o > Vancouver, you can have a better meeting experience and could even > present remotely! >=20 > As we are currently preparing the agenda for the websec meeting, please > submit proposals for presentations and discussions to Alexey, Yoav and > myself as soon as possible as we will have to prepare and close the agend= a > for websec very soon. >=20 > Kind regards and looking forward to our meeting in Vancouver! >=20 > Tobias > (websec co-chair) >=20 >=20 >=20 >=20 >=20 > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec From bhill@paypal-inc.com Tue Jul 17 16:32:37 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 557CA11E80EC for ; Tue, 17 Jul 2012 16:32:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.117 X-Spam-Level: X-Spam-Status: No, score=-9.117 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lm9rvSLaFDuU for ; Tue, 17 Jul 2012 16:32:36 -0700 (PDT) Received: from den-mipot-001.corp.ebay.com (den-mipot-001.corp.ebay.com [216.113.175.152]) by ietfa.amsl.com (Postfix) with ESMTP id 5E27511E80EA for ; Tue, 17 Jul 2012 16:32:36 -0700 (PDT) DomainKey-Signature: s=ppinc; d=paypal-inc.com; c=nofws; q=dns; h=X-EBay-Corp:X-IronPort-AV:Received:Received:From:To: Subject:Thread-Topic:Thread-Index:Date:Message-ID: References:In-Reply-To:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:x-originating-ip: x-ems-proccessed:x-ems-stamp:Content-Type: Content-Transfer-Encoding:MIME-Version:X-CFilter; b=akgKX9rcW41UqX/7DG+tCtG8X8ymlUUyJqgCgIh0wovMcl7js+eI2d8O rWeqYzc4kgtaYcZ4kvTI33d45uWEZg7nziZtNsspBwwQADtGaWUL5ml9u ouGIZdhBjupVshP; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paypal-inc.com; i=bhill@paypal-inc.com; q=dns/txt; s=ppinc; t=1342568005; x=1374104005; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=l708h4AJQZb5P89i271SsHjD6TRyje/JRw7J42AKu5Q=; b=w4rfYFTwHiMvjMDAsAWUsEYVMEIePtl8j2P4vqEjBglELUFqVhj+FjWa MuzbMLoZw337M1gHcBxJSkkdesBszR+h/A71GEe/VQZ7Yfk+VP5BVyJ3U p317rqBBhc34BxY; X-EBay-Corp: Yes X-IronPort-AV: E=Sophos;i="4.77,606,1336374000"; d="scan'208";a="8698855" Received: from den-vtenf-002.corp.ebay.com (HELO DEN-EXMHT-004.corp.ebay.com) ([10.101.112.213]) by den-mipot-001.corp.ebay.com with ESMTP; 17 Jul 2012 16:33:25 -0700 Received: from DEN-EXDDA-S12.corp.ebay.com ([fe80::40c1:9cf7:d21e:46c]) by DEN-EXMHT-004.corp.ebay.com ([fe80::a487:c570:9abc:bb59%14]) with mapi id 14.02.0298.004; Tue, 17 Jul 2012 17:33:16 -0600 From: "Hill, Brad" To: David Ross , =JeffH , IETF WebSec WG Thread-Topic: [websec] Coordinating Frame-Options and CSP UI Safety directives Thread-Index: AQHNYI6lkz8Gk35PQYOw0F4CVEc1fpcsMs4AgAH0c3A= Date: Tue, 17 Jul 2012 23:33:16 +0000 Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E187BA8@DEN-EXDDA-S12.corp.ebay.com> References: <4FFF6C0C.7010404@KingsMountain.com> <9B5348748B708948989B17CC0AEA3DD004936E@SN2PRD0310MB395.namprd03.prod.outlook.com> In-Reply-To: <9B5348748B708948989B17CC0AEA3DD004936E@SN2PRD0310MB395.namprd03.prod.outlook.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.245.27.243] x-ems-proccessed: 10SqDH0iR7ekR7SRpKqm5A== x-ems-stamp: +fybItlSPMqEarikoOoI7A== Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter: Scanned Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directives X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jul 2012 23:32:37 -0000 Dave, What's the case for the "NoAncestors" behavior? Is it just a performance= optimization? I'm a little bit concerned that walking the full ancestors = stack is going to become quite important as more sites start using construc= ts like seamless, sandboxed iframes to display untrusted content. Thanks, Brad > -----Original Message----- > From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On > Behalf Of David Ross > Sent: Monday, July 16, 2012 10:55 AM > To: =3DJeffH; IETF WebSec WG > Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety > directives >=20 > In the interest of bloat as measured in bits, in this case it makes sense= to > optimize for (2), reducing header value bloat, even if this is at the exp= ense of > (1), reducing header name bloat. I was worried that with CSP we can't > achieve on (2). But if we can specify the ABNF as you suggest below, tha= t > solves the problem. >=20 > I also would like to see the inclusion of the AllAncestors flag as you su= ggest > below. Or if it makes more sense here, a "NoAncestors" flag. >=20 > Dave >=20 > -----Original Message----- > From: =3DJeffH [mailto:Jeff.Hodges@KingsMountain.com] > Sent: Thursday, July 12, 2012 5:30 PM > To: David Ross; IETF WebSec WG > Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety > directives >=20 > thanks for your thoughts Dave, >=20 > > My concern is mostly around the degree to which a move to CSP might > > complicate or stall the process. >=20 > by this I presume you mean the process of producing a spec for a > standardized "frame-options" (i.e., the successor to "x-frame-options"). >=20 > I don't think leveraging CSP as a framework, per se, would necessarily sl= ow > this down. >=20 > > I'd also prefer not to see additional use > cases pop up (eg: click = fraud > prevention) that just were never in scope > before. >=20 > I think it's reasonable to discuss whether the "frame-options" policy dir= ective > (aka "frame-ancestors", "embed-ancestors") should be specified as a part = of > the nascent "UI Safety directives" spec (in W3C WebAppSec), or the CSP 1.= 1 > spec (in W3C WebAppSec), or as a stand-alone spec. >=20 >=20 > > I think that w.r.t. header bloat, >=20 > Ah, so there's two aspects to "header bloat" in this discussion.. >=20 > 1. "header bloat" in relation to possibly defining yet another HTTP heade= r > field to convey a security policy, i.e. a stand-alone "frame-options" hea= der > field. >=20 > 2. "header value bloat" in terms of having a header field into which serv= er > operators may feel obliged to cram a huge list of items (i.e., origins). >=20 > From a high-level perspective, casting "frame-options" as a CSP directiv= e > works towards addressing (1). >=20 >=20 > > the most sensible approach is to only allow one origin to be specified= . >=20 > And this statement is addressing (2). >=20 >=20 > > CSP by-design facilitates the use of multiple origins. >=20 > However, the ABNF of any particular CSP directive can be crafted in order= to > allow only one origin to be specified as a value, e.g. like so.. >=20 > directive-name =3D "frame-options" > directive-value =3D host-source >=20 > [ where host-source is defined as.. >=20 > host-source =3D [ scheme "://" ] host [ port ] > ] >=20 > > As we've discussed w/Frame-Options, there is a design pattern to > ma= ke > the more basic single-origin approach functional. >=20 > understood. >=20 > (fwiw, I'd term what you're calling a "design pattern" as a "implementati= on > and deployment technique") >=20 >=20 > > With regard to obsolescence of X-FRAME-OPTIONS, it's easy to specify > exactly > > what happens in the FRAME-OPTIONS spec. I don't see that CSP inherent= ly > > improves on that but I may be missing something there. >=20 > regardless of which specification vehicle we use for the "frame-options" > policy > directive, we'll be able to denote (in some fashion) that it supersedes t= he old > "x-frame-options" header. (this is going to be somewhat messy in any case= ) >=20 >=20 > > The advantage I see of bringing FRAME-OPTIONS into CSP is that it make= s > CSP > > more comprehensive. But I suspect there are plenty of other header- > related > > security features that aren't defined by CSP (eg: the origin header, c= ookie > > security). >=20 > well, of course CSP doesn't encompass "everything" and isn't intended to. > But we > certainly should be carefully considering consolidating policy directive > conveyance as appropriate, and the "frame-options" (aka "frame-ancestors"= , > "embed-ancestors") notion seems to fall reasonably within the "content > security > policy" space -- a key aspect being that it is regarding a particular res= ource > representation (as I presently understand it). >=20 >=20 > > Finally, as Brad pointed out in the rosetta stone thread, Frame-Option= s > > provides the flexibility to perform only a top level origin check as o= pposed > > to a full ancestor check. (Specified via the "AllAncestors" flag.) >=20 > Well, the "AllAncestors" flag can certainly be added to a CSP-based > "frame-options" policy directive. e.g. by defining a new "keyword-source"= of > 'all-ancestors'. >=20 > =3DJeffH >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec From alexey.melnikov@isode.com Wed Jul 18 03:30:19 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B51121F8658 for ; Wed, 18 Jul 2012 03:30:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.012 X-Spam-Level: X-Spam-Status: No, score=-103.012 tagged_above=-999 required=5 tests=[AWL=-0.413, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vq36EfP4HXli for ; Wed, 18 Jul 2012 03:30:19 -0700 (PDT) Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id DF3CA21F8616 for ; Wed, 18 Jul 2012 03:30:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1342607505; d=isode.com; s=selector; i=@isode.com; bh=+x8zqFJZv9gu7ffI0j/0waxCItSwyq4xQo4DloWGepg=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=YuPpwYtU6DSGKXRQvzGrsbzzBp8giJbXHY663YRZHVArMyxIo0NKIvt8sIYNMCwFPTRL7z 9KVMiuL88SE6vHn2zYQu2PS0G+tzKu9zW6c0axXdHV7Nb5dbN9VjpCCABhndnABR0rktnS 7FvuMoZqEvYNQyY1s8n3AhIYhdts/IA=; Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id ; Wed, 18 Jul 2012 11:31:45 +0100 X-SMTP-Protocol-Errors: PIPELINING Message-ID: <5006906F.7010903@isode.com> Date: Wed, 18 Jul 2012 11:31:11 +0100 From: Alexey Melnikov User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 To: IETF WebSec WG MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [websec] Draft WebSec agenda for Vancouver X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2012 10:30:19 -0000 Here is a draft agenda for the WG meeting in Vancouver. Please send your comments and corrections. (Disclaimer: I didn't have a chance to get responses from all editors, so this is very much my own invention). WebSec WG meeting agenda TUESDAY, July 31, 2012, 09:00am - 10:20am Agenda bashing HSTS (draft-ietf-websec-strict-transport-sec-11) IETF LC comments (if any) - 10 mins [Will skip this item if nothing comes up.] draft-ietf-websec-key-pinning-02 - 20 mins Document Status / Issue discussion draft-ietf-websec-x-frame-options-00 - 5 mins Document Status update draft-ietf-websec-frame-options-00 - 25 mins Document Status / Issue discussion In particular discussion of future policy conveyance for framing/embedding options for HTTP resources draft-hodges-websec-framework-reqs-02 - 15 mins AOB - 5 mins From alexey.melnikov@isode.com Wed Jul 18 03:31:49 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6DB921F8663 for ; Wed, 18 Jul 2012 03:31:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.007 X-Spam-Level: X-Spam-Status: No, score=-103.007 tagged_above=-999 required=5 tests=[AWL=-0.408, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gdhyFQwAEBBZ for ; Wed, 18 Jul 2012 03:31:49 -0700 (PDT) Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 2B34721F8658 for ; Wed, 18 Jul 2012 03:31:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1342607595; d=isode.com; s=selector; i=@isode.com; bh=aUk1bCAXt6u5m6htorjoTvXBmFQGKuk0+Q9wO1HCfmo=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=QWl0lz60oawWscxbUtYHlXClJpFjUcYq1UWk6KD4tPrky5tBEIHZG7hlK3vDv2tWIdUiPt MYEYRF2P3SI6vqJluz3t7J355w+lNBLUSL4p0tBohNeTMEQUHsrRI6pQEp+j4GurShv/k9 2pCaw04Am8gQnw/Eh6oDFz7rQzgWpkA=; Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id ; Wed, 18 Jul 2012 11:33:15 +0100 X-SMTP-Protocol-Errors: PIPELINING Message-ID: <500690C9.9040806@isode.com> Date: Wed, 18 Jul 2012 11:32:41 +0100 From: Alexey Melnikov User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 To: "Hill, Brad" References: <4F668329.2050001@gondrom.org> <50059043.8090909@gondrom.org> <370C9BEB4DD6154FA963E2F79ADC6F2E187B94@DEN-EXDDA-S12.corp.ebay.com> In-Reply-To: <370C9BEB4DD6154FA963E2F79ADC6F2E187B94@DEN-EXDDA-S12.corp.ebay.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "websec@ietf.org" Subject: Re: [websec] Websec WG meeting in Vancouver July-31 - submit agenda topics until July-21? X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2012 10:31:50 -0000 On 18/07/2012 00:29, Hill, Brad wrote: > Tobias, Hi Brad, > I'd like to ask for some time on the agenda to discuss the future policy conveyance for framing/embedding options for HTTP resources. Is this related to draft-ietf-websec-frame-options-00 relationship to CSP discussion, or is it a new topic? > EKR and JeffH will be in Vancouver from the WebAppSec WG and I will be participating remotely. > > Thanks, > > Brad Hill > W3C WebAppSec WG co-chair > >> -----Original Message----- >> From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On >> Behalf Of Tobias Gondrom >> Sent: Tuesday, July 17, 2012 9:18 AM >> To: websec@ietf.org >> Subject: [websec] Websec WG meeting in Vancouver July-31 - submit agenda >> topics until July-21? >> Importance: High >> >> Hi websec fellows, >> >> our websec meeting in Vancouver has been scheduled for Tuesday July-31 >> morning 9:00-10:20 in Room "Georgia B". Very much looking forward to >> meeting you all there! >> >> As fortunately HSTS has passed WGLC and is now in IETF LC, we will have to >> opportunity to focus on new topics for websec and progress our other work >> items, e.g. the frameworks requirements, cert pinning, etc. >> >> If you have a presentation topic or new topic for websec, please let us know >> ASAP, so we can work on the agenda. Please, document authors and >> interested presenters contact Alexey and me ASAP about your topics and >> how much time you need to present. >> >> This time we will also have a remote presentation capability (Webex) in >> addition to the audio stream and jabber, so in case you can not make it to >> Vancouver, you can have a better meeting experience and could even >> present remotely! >> >> As we are currently preparing the agenda for the websec meeting, please >> submit proposals for presentations and discussions to Alexey, Yoav and >> myself as soon as possible as we will have to prepare and close the agenda >> for websec very soon. >> >> Kind regards and looking forward to our meeting in Vancouver! >> >> Tobias >> (websec co-chair) >> >> >> >> >> >> _______________________________________________ >> websec mailing list >> websec@ietf.org >> https://www.ietf.org/mailman/listinfo/websec > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec From bhill@paypal-inc.com Wed Jul 18 08:18:58 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F5FF21F8763 for ; Wed, 18 Jul 2012 08:18:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.117 X-Spam-Level: X-Spam-Status: No, score=-9.117 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oxY91X1YyyYF for ; Wed, 18 Jul 2012 08:18:57 -0700 (PDT) Received: from den-mipot-002.corp.ebay.com (den-mipot-002.corp.ebay.com [216.113.175.153]) by ietfa.amsl.com (Postfix) with ESMTP id 739E721F8762 for ; Wed, 18 Jul 2012 08:18:57 -0700 (PDT) DomainKey-Signature: s=ppinc; d=paypal-inc.com; c=nofws; q=dns; h=X-EBay-Corp:X-IronPort-AV:Received:Received:From:To:CC: Subject:Thread-Topic:Thread-Index:Date:Message-ID: References:In-Reply-To:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:x-originating-ip: x-ems-proccessed:x-ems-stamp:Content-Type: Content-Transfer-Encoding:MIME-Version:X-CFilter; b=rdSy4pI56ibuCI+IKU2P7SgHaXJVucuctGjaEYOCn9/n5ZkunfQmxPNb K1wuFV7aLl658vnpsxqfcdZ6N3ju9Inlq78VAJrDz8XMIKJFa3/4fahwP uFXNKUIJ5qKq9rv; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paypal-inc.com; i=bhill@paypal-inc.com; q=dns/txt; s=ppinc; t=1342624788; x=1374160788; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ALrIJVaHf4KH75ax++u1FlZVCS63WAveNdFRa8w3/tE=; b=n6DTqKsNPNQ5HEyu6A73yhlP5T4KbeKRcAGWCtJGzUABi5i8mFVrtRkC BCYbz+Jt1NKDSZ9JVSbtYMxS87LJK9KlCOFEPsBDL69KigG94doAv78qN yKqcPTYncYIy/kJ; X-EBay-Corp: Yes X-IronPort-AV: E=Sophos;i="4.77,610,1336374000"; d="scan'208";a="9191353" Received: from den-vtenf-002.corp.ebay.com (HELO DEN-EXMHT-005.corp.ebay.com) ([10.101.112.213]) by den-mipot-002.corp.ebay.com with ESMTP; 18 Jul 2012 08:19:48 -0700 Received: from DEN-EXDDA-S12.corp.ebay.com ([fe80::40c1:9cf7:d21e:46c]) by DEN-EXMHT-005.corp.ebay.com ([fe80::8109:2a37:17ad:e57e%18]) with mapi id 14.02.0298.004; Wed, 18 Jul 2012 09:19:42 -0600 From: "Hill, Brad" To: Alexey Melnikov Thread-Topic: [websec] Websec WG meeting in Vancouver July-31 - submit agenda topics until July-21? Thread-Index: AQHNZNFsbtVaSQcP80uJsBfjwHkD+5cvJ8jg Date: Wed, 18 Jul 2012 15:19:41 +0000 Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E189021@DEN-EXDDA-S12.corp.ebay.com> References: <4F668329.2050001@gondrom.org> <50059043.8090909@gondrom.org> <370C9BEB4DD6154FA963E2F79ADC6F2E187B94@DEN-EXDDA-S12.corp.ebay.com> <500690C9.9040806@isode.com> In-Reply-To: <500690C9.9040806@isode.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.245.27.242] x-ems-proccessed: 10SqDH0iR7ekR7SRpKqm5A== x-ems-stamp: vks/GPbk6hrAs3d9btcIAA== Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter: Scanned Cc: "websec@ietf.org" Subject: Re: [websec] Websec WG meeting in Vancouver July-31 - submit agenda topics until July-21? X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2012 15:18:58 -0000 Yes, this is the CSP vs. frame-options discussion - sorry to be oblique. > -----Original Message----- > From: Alexey Melnikov [mailto:alexey.melnikov@isode.com] > Sent: Wednesday, July 18, 2012 3:33 AM > To: Hill, Brad > Cc: Tobias Gondrom; websec@ietf.org > Subject: Re: [websec] Websec WG meeting in Vancouver July-31 - submit > agenda topics until July-21? >=20 > On 18/07/2012 00:29, Hill, Brad wrote: > > Tobias, > Hi Brad, > > I'd like to ask for some time on the agenda to discuss the future pol= icy > conveyance for framing/embedding options for HTTP resources. > Is this related to draft-ietf-websec-frame-options-00 relationship to CSP > discussion, or is it a new topic? > > EKR and JeffH will be in Vancouver from the WebAppSec WG and I will be > participating remotely. > > > > Thanks, > > > > Brad Hill > > W3C WebAppSec WG co-chair > > > >> -----Original Message----- > >> From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On > >> Behalf Of Tobias Gondrom > >> Sent: Tuesday, July 17, 2012 9:18 AM > >> To: websec@ietf.org > >> Subject: [websec] Websec WG meeting in Vancouver July-31 - submit > >> agenda topics until July-21? > >> Importance: High > >> > >> Hi websec fellows, > >> > >> our websec meeting in Vancouver has been scheduled for Tuesday > >> July-31 morning 9:00-10:20 in Room "Georgia B". Very much looking > >> forward to meeting you all there! > >> > >> As fortunately HSTS has passed WGLC and is now in IETF LC, we will > >> have to opportunity to focus on new topics for websec and progress > >> our other work items, e.g. the frameworks requirements, cert pinning, > etc. > >> > >> If you have a presentation topic or new topic for websec, please let > >> us know ASAP, so we can work on the agenda. Please, document authors > >> and interested presenters contact Alexey and me ASAP about your > >> topics and how much time you need to present. > >> > >> This time we will also have a remote presentation capability (Webex) > >> in addition to the audio stream and jabber, so in case you can not > >> make it to Vancouver, you can have a better meeting experience and > >> could even present remotely! > >> > >> As we are currently preparing the agenda for the websec meeting, > >> please submit proposals for presentations and discussions to Alexey, > >> Yoav and myself as soon as possible as we will have to prepare and > >> close the agenda for websec very soon. > >> > >> Kind regards and looking forward to our meeting in Vancouver! > >> > >> Tobias > >> (websec co-chair) > >> > >> > >> > >> > >> > >> _______________________________________________ > >> websec mailing list > >> websec@ietf.org > >> https://www.ietf.org/mailman/listinfo/websec > > _______________________________________________ > > websec mailing list > > websec@ietf.org > > https://www.ietf.org/mailman/listinfo/websec >=20 From tobias.gondrom@gondrom.org Wed Jul 18 09:22:23 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0C0421F877B for ; Wed, 18 Jul 2012 09:22:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -98.537 X-Spam-Level: X-Spam-Status: No, score=-98.537 tagged_above=-999 required=5 tests=[AWL=-1.759, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sKyYXQy34rQR for ; Wed, 18 Jul 2012 09:22:23 -0700 (PDT) Received: from lvps83-169-7-107.dedicated.hosteurope.de (www.gondrom.org [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id A60BE21F8714 for ; Wed, 18 Jul 2012 09:22:22 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=T5mMuSl0smlHYd25ES0U4GlTy1YzeL4o5WwHiZLBhESFtVxmh6LcrkMTPc9cogvjW76W+2EIbZ7f9FGj9lunjPTybAJ/zxK2VoEtBxJLBvTiZbkg5WFaOA2nYp8o4enE; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; Received: (qmail 22197 invoked from network); 18 Jul 2012 18:23:08 +0200 Received: from 94-194-102-93.zone8.bethere.co.uk (HELO ?192.168.1.64?) (94.194.102.93) by www.gondrom.org with (DHE-RSA-AES256-SHA encrypted) SMTP; 18 Jul 2012 18:23:08 +0200 Message-ID: <5006E2EB.2070201@gondrom.org> Date: Wed, 18 Jul 2012 17:23:07 +0100 From: Tobias Gondrom User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0 MIME-Version: 1.0 To: bhill@paypal-inc.com References: <4F668329.2050001@gondrom.org> <50059043.8090909@gondrom.org> <370C9BEB4DD6154FA963E2F79ADC6F2E187B94@DEN-EXDDA-S12.corp.ebay.com> <500690C9.9040806@isode.com> <370C9BEB4DD6154FA963E2F79ADC6F2E189021@DEN-EXDDA-S12.corp.ebay.com> In-Reply-To: <370C9BEB4DD6154FA963E2F79ADC6F2E189021@DEN-EXDDA-S12.corp.ebay.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: websec@ietf.org Subject: Re: [websec] Websec WG meeting in Vancouver July-31 - submit agenda topics until July-21? X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2012 16:22:24 -0000 Hi Brad, ah ok. Thanks for explaining. It seems I also first misunderstood your request. ;-) In that light maybe two additional proposals/requests we should discuss before that in our websec meeting: 1. how about a quick update on WebAppSec by EKR, Jeff and/or you? 2. And then as I mentioned before, if we discuss where to put FO, maybe we should try to actually look at the overarching question first, regarding the bucket of things for CSP, asking the question which ones of them should be in CSP and which ones should be done individually. And somewhat related, which ones should be done in WebAppSec and which ones should be done in Websec? How about? Best regards, Tobias On 18/07/12 16:19, Hill, Brad wrote: > Yes, this is the CSP vs. frame-options discussion - sorry to be oblique. > >> -----Original Message----- >> From: Alexey Melnikov [mailto:alexey.melnikov@isode.com] >> Sent: Wednesday, July 18, 2012 3:33 AM >> To: Hill, Brad >> Cc: Tobias Gondrom; websec@ietf.org >> Subject: Re: [websec] Websec WG meeting in Vancouver July-31 - submit >> agenda topics until July-21? >> >> On 18/07/2012 00:29, Hill, Brad wrote: >>> Tobias, >> Hi Brad, >>> I'd like to ask for some time on the agenda to discuss the future policy >> conveyance for framing/embedding options for HTTP resources. >> Is this related to draft-ietf-websec-frame-options-00 relationship to CSP >> discussion, or is it a new topic? >>> EKR and JeffH will be in Vancouver from the WebAppSec WG and I will be >> participating remotely. >>> Thanks, >>> >>> Brad Hill >>> W3C WebAppSec WG co-chair >>> >>>> -----Original Message----- >>>> From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On >>>> Behalf Of Tobias Gondrom >>>> Sent: Tuesday, July 17, 2012 9:18 AM >>>> To: websec@ietf.org >>>> Subject: [websec] Websec WG meeting in Vancouver July-31 - submit >>>> agenda topics until July-21? >>>> Importance: High >>>> >>>> Hi websec fellows, >>>> >>>> our websec meeting in Vancouver has been scheduled for Tuesday >>>> July-31 morning 9:00-10:20 in Room "Georgia B". Very much looking >>>> forward to meeting you all there! >>>> >>>> As fortunately HSTS has passed WGLC and is now in IETF LC, we will >>>> have to opportunity to focus on new topics for websec and progress >>>> our other work items, e.g. the frameworks requirements, cert pinning, >> etc. >>>> If you have a presentation topic or new topic for websec, please let >>>> us know ASAP, so we can work on the agenda. Please, document authors >>>> and interested presenters contact Alexey and me ASAP about your >>>> topics and how much time you need to present. >>>> >>>> This time we will also have a remote presentation capability (Webex) >>>> in addition to the audio stream and jabber, so in case you can not >>>> make it to Vancouver, you can have a better meeting experience and >>>> could even present remotely! >>>> >>>> As we are currently preparing the agenda for the websec meeting, >>>> please submit proposals for presentations and discussions to Alexey, >>>> Yoav and myself as soon as possible as we will have to prepare and >>>> close the agenda for websec very soon. >>>> >>>> Kind regards and looking forward to our meeting in Vancouver! >>>> >>>> Tobias >>>> (websec co-chair) >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> websec mailing list >>>> websec@ietf.org >>>> https://www.ietf.org/mailman/listinfo/websec >>> _______________________________________________ >>> websec mailing list >>> websec@ietf.org >>> https://www.ietf.org/mailman/listinfo/websec From bhill@paypal-inc.com Wed Jul 18 09:28:00 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26F3D11E809B for ; Wed, 18 Jul 2012 09:28:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.117 X-Spam-Level: X-Spam-Status: No, score=-9.117 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Q0cmQBq1aYL for ; Wed, 18 Jul 2012 09:27:59 -0700 (PDT) Received: from den-mipot-001.corp.ebay.com (den-mipot-001.corp.ebay.com [216.113.175.152]) by ietfa.amsl.com (Postfix) with ESMTP id 3050621F87C6 for ; Wed, 18 Jul 2012 09:27:58 -0700 (PDT) DomainKey-Signature: s=ppinc; d=paypal-inc.com; c=nofws; q=dns; h=X-EBay-Corp:X-IronPort-AV:Received:Received:From:To:CC: Subject:Thread-Topic:Thread-Index:Date:Message-ID: References:In-Reply-To:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:x-originating-ip: x-ems-proccessed:x-ems-stamp:Content-Type: Content-Transfer-Encoding:MIME-Version:X-CFilter; b=ko+fx/JSS4PRUVDIIUxadgWoUWNEPg5v9KcD9xbir2RVUpqh0lusfkO1 LmudEovLNKSlVArOJ6+TmRHudeQRiV8fZxSeC+nItklqu3xXsCPTqkyrb 9H5yYFw7jgC3Jkg; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paypal-inc.com; i=bhill@paypal-inc.com; q=dns/txt; s=ppinc; t=1342628929; x=1374164929; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=4zgYw0Ulcz4YyUh6toESHtgJ6uhL67TKicR8GL/IdYw=; b=pDDdk56JxPl/KT26IPkqO5VhYUE4RQqFhyQPzG5JCx1gL1XVcM6+S0Wk olPuE/KfIJrTKVySLloe/ujzMftWK9FZ+us4fPTN+kPOvZrB1FekbXR+5 lzFYkz4tcO83CrC; X-EBay-Corp: Yes X-IronPort-AV: E=Sophos;i="4.77,610,1336374000"; d="scan'208";a="8707459" Received: from den-vtenf-002.corp.ebay.com (HELO DEN-EXMHT-005.corp.ebay.com) ([10.101.112.213]) by den-mipot-001.corp.ebay.com with ESMTP; 18 Jul 2012 09:28:49 -0700 Received: from DEN-EXDDA-S12.corp.ebay.com ([fe80::40c1:9cf7:d21e:46c]) by DEN-EXMHT-005.corp.ebay.com ([fe80::8109:2a37:17ad:e57e%18]) with mapi id 14.02.0298.004; Wed, 18 Jul 2012 10:28:43 -0600 From: "Hill, Brad" To: Tobias Gondrom Thread-Topic: [websec] Websec WG meeting in Vancouver July-31 - submit agenda topics until July-21? Thread-Index: AQHNZQHwBZxYwmfthU+wxC7SmAmAuJcvOrfg Date: Wed, 18 Jul 2012 16:28:43 +0000 Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E18915C@DEN-EXDDA-S12.corp.ebay.com> References: <4F668329.2050001@gondrom.org> <50059043.8090909@gondrom.org> <370C9BEB4DD6154FA963E2F79ADC6F2E187B94@DEN-EXDDA-S12.corp.ebay.com> <500690C9.9040806@isode.com> <370C9BEB4DD6154FA963E2F79ADC6F2E189021@DEN-EXDDA-S12.corp.ebay.com> <5006E2EB.2070201@gondrom.org> In-Reply-To: <5006E2EB.2070201@gondrom.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.245.27.242] x-ems-proccessed: 10SqDH0iR7ekR7SRpKqm5A== x-ems-stamp: 4CinlT38Jttr1Bfml/43sA== Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter: Scanned Cc: "websec@ietf.org" Subject: Re: [websec] Websec WG meeting in Vancouver July-31 - submit agenda topics until July-21? X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2012 16:28:00 -0000 Sounds excellent. Thanks for the time. > -----Original Message----- > From: Tobias Gondrom [mailto:tobias.gondrom@gondrom.org] > Sent: Wednesday, July 18, 2012 9:23 AM > To: Hill, Brad > Cc: alexey.melnikov@isode.com; websec@ietf.org > Subject: Re: [websec] Websec WG meeting in Vancouver July-31 - submit > agenda topics until July-21? >=20 > Hi Brad, >=20 > ah ok. Thanks for explaining. It seems I also first misunderstood your > request. ;-) >=20 > In that light maybe two additional proposals/requests we should discuss > before that in our websec meeting: > 1. how about a quick update on WebAppSec by EKR, Jeff and/or you? >=20 > 2. And then as I mentioned before, if we discuss where to put FO, maybe w= e > should try to actually look at the overarching question first, regarding = the > bucket of things for CSP, asking the question which ones of them should b= e in > CSP and which ones should be done individually. > And somewhat related, which ones should be done in WebAppSec and which > ones should be done in Websec? >=20 > How about? >=20 > Best regards, Tobias >=20 >=20 > On 18/07/12 16:19, Hill, Brad wrote: > > Yes, this is the CSP vs. frame-options discussion - sorry to be oblique= . > > > >> -----Original Message----- > >> From: Alexey Melnikov [mailto:alexey.melnikov@isode.com] > >> Sent: Wednesday, July 18, 2012 3:33 AM > >> To: Hill, Brad > >> Cc: Tobias Gondrom; websec@ietf.org > >> Subject: Re: [websec] Websec WG meeting in Vancouver July-31 - submit > >> agenda topics until July-21? > >> > >> On 18/07/2012 00:29, Hill, Brad wrote: > >>> Tobias, > >> Hi Brad, > >>> I'd like to ask for some time on the agenda to discuss the future > >>> policy > >> conveyance for framing/embedding options for HTTP resources. > >> Is this related to draft-ietf-websec-frame-options-00 relationship to > >> CSP discussion, or is it a new topic? > >>> EKR and JeffH will be in Vancouver from the WebAppSec WG and I will > >>> be > >> participating remotely. > >>> Thanks, > >>> > >>> Brad Hill > >>> W3C WebAppSec WG co-chair > >>> > >>>> -----Original Message----- > >>>> From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On > >>>> Behalf Of Tobias Gondrom > >>>> Sent: Tuesday, July 17, 2012 9:18 AM > >>>> To: websec@ietf.org > >>>> Subject: [websec] Websec WG meeting in Vancouver July-31 - submit > >>>> agenda topics until July-21? > >>>> Importance: High > >>>> > >>>> Hi websec fellows, > >>>> > >>>> our websec meeting in Vancouver has been scheduled for Tuesday > >>>> July-31 morning 9:00-10:20 in Room "Georgia B". Very much looking > >>>> forward to meeting you all there! > >>>> > >>>> As fortunately HSTS has passed WGLC and is now in IETF LC, we will > >>>> have to opportunity to focus on new topics for websec and progress > >>>> our other work items, e.g. the frameworks requirements, cert > >>>> pinning, > >> etc. > >>>> If you have a presentation topic or new topic for websec, please > >>>> let us know ASAP, so we can work on the agenda. Please, document > >>>> authors and interested presenters contact Alexey and me ASAP about > >>>> your topics and how much time you need to present. > >>>> > >>>> This time we will also have a remote presentation capability > >>>> (Webex) in addition to the audio stream and jabber, so in case you > >>>> can not make it to Vancouver, you can have a better meeting > >>>> experience and could even present remotely! > >>>> > >>>> As we are currently preparing the agenda for the websec meeting, > >>>> please submit proposals for presentations and discussions to > >>>> Alexey, Yoav and myself as soon as possible as we will have to > >>>> prepare and close the agenda for websec very soon. > >>>> > >>>> Kind regards and looking forward to our meeting in Vancouver! > >>>> > >>>> Tobias > >>>> (websec co-chair) > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> _______________________________________________ > >>>> websec mailing list > >>>> websec@ietf.org > >>>> https://www.ietf.org/mailman/listinfo/websec > >>> _______________________________________________ > >>> websec mailing list > >>> websec@ietf.org > >>> https://www.ietf.org/mailman/listinfo/websec From ietf@adambarth.com Wed Jul 18 16:16:45 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A82ED11E81C3 for ; Wed, 18 Jul 2012 16:16:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.977 X-Spam-Level: X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A6efut3l3ZPY for ; Wed, 18 Jul 2012 16:16:44 -0700 (PDT) Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5891911E81C2 for ; Wed, 18 Jul 2012 16:16:44 -0700 (PDT) Received: by yhq56 with SMTP id 56so2405893yhq.31 for ; Wed, 18 Jul 2012 16:17:35 -0700 (PDT) Received: by 10.236.138.230 with SMTP id a66mr2621848yhj.91.1342653455613; Wed, 18 Jul 2012 16:17:35 -0700 (PDT) Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id r25sm709226yhi.13.2012.07.18.16.17.33 (version=SSLv3 cipher=OTHER); Wed, 18 Jul 2012 16:17:34 -0700 (PDT) Received: by obbwc20 with SMTP id wc20so3251796obb.31 for ; Wed, 18 Jul 2012 16:17:32 -0700 (PDT) Received: by 10.182.110.102 with SMTP id hz6mr3787913obb.79.1342653452958; Wed, 18 Jul 2012 16:17:32 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.226.5 with HTTP; Wed, 18 Jul 2012 16:17:02 -0700 (PDT) In-Reply-To: <68291699F5EA8848B0EAC2E78480571F053A3186@TK5EX14MBXC216.redmond.corp.microsoft.com> References: <370C9BEB4DD6154FA963E2F79ADC6F2E1799AD@DEN-EXDDA-S12.corp.ebay.com> <4FFB67EE.406@gondrom.org> <370C9BEB4DD6154FA963E2F79ADC6F2E17AE18@DEN-EXDDA-S12.corp.ebay.com> <68291699F5EA8848B0EAC2E78480571F053A3186@TK5EX14MBXC216.redmond.corp.microsoft.com> From: Adam Barth Date: Wed, 18 Jul 2012 16:17:02 -0700 Message-ID: To: David Ross Content-Type: multipart/alternative; boundary=f46d04447f4b1ebb4804c522dec3 Cc: "websec@ietf.org" Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directives X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2012 23:16:45 -0000 --f46d04447f4b1ebb4804c522dec3 Content-Type: text/plain; charset=ISO-8859-1 Here are two reasons we should make Frame-Options into a Content-Security-Policy directive rather than yet-another-one-off-HTTP-header: 1) By centralizing all the policy bits in one string, we gain network benefits. For example, in the Chrome extension system, we have a field in the manifest for specifying a Content Security Policy: http://code.google.com/chrome/extensions/contentSecurityPolicy.html While we could add a new attribute for every different bit of policy, it's better for developers if there's just one place that contains the security policy. 2) By moving Frame-Options into CSP, we can use the same origin-specifying machinery that already exists in CSP rather than inventing yet-another-way-of-specifying origins (e.g., in allow-from in the current Frame-Options draft). By doing that, we make all these things work the same way rather than siloing each off depending on which browser vendor first decided this bit of policy was interesting. As far as I can tell, the main reason for not making Frame-Options a CSP directive is that CSP was Not Invented Here. Adam On Wed, Jul 11, 2012 at 5:22 PM, David Ross wrote: > Responding to a few of the points in Brad's original mail on this thread... > > My concern is mostly around the degree to which a move to CSP might > complicate or stall the process. I'd also prefer not to see additional use > cases pop up (eg: click fraud prevention) that just were never in scope > before. > > I think that w.r.t. header bloat, the most sensible approach is to only > allow one origin to be specified. CSP by-design facilitates the use of > multiple origins. As we've discussed w/Frame-Options, there is a design > pattern to make the more basic single-origin approach functional. I would > hate to see hosts serving up source lists of hundreds of origins, just > because they can. I think that is exactly what will happen if we support > multiple origins. > > With regard to obsolescence of X-FRAME-OPTIONS, it's easy to specify > exactly what happens in the FRAME-OPTIONS spec. I don't see that CSP > inherently improves on that but I may be missing something there. > > The advantage I see of bringing FRAME-OPTIONS into CSP is that it makes > CSP more comprehensive. But I suspect there are plenty of other > header-related security features that aren't defined by CSP (eg: the origin > header, cookie security). > > Finally, as Brad pointed out in the rosetta stone thread, Frame-Options > provides the flexibility to perform only a top level origin check as > opposed to a full ancestor check. (Specified via the "AllAncestors" flag.) > > David Ross > dross@microsoft.com > > > -----Original Message----- > From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On Behalf > Of Hill, Brad > Sent: Monday, July 09, 2012 5:03 PM > To: Tobias Gondrom; websec@ietf.org > Cc: public-webappsec@w3.org > Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety > directives > > Tobias, > > I'm happy to move the discussion primarily to websec, and I'll drop the > cc: to webappsec after this email. Thanks for the historical > clarification, as well. > > I'm not terribly concerned about which group does the work, as much as > arriving at the engineering solution that works best for user agent and > resource authors, some of whom have expressed preference for moving this > functionality into CSP. As both a chair and an individual, I don't have a > strong preference, but I think there are reasons in favor of each option > and it is worth re-opening the discussion now that the WebAppSec WG has a > concrete deliverable under development to address the same general class of > attacks. > > I'll send out a summary shortly of the similarities and differences > between the various options currently proposed for some additional context. > > -Brad Hill > > > > > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec > > > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec > --f46d04447f4b1ebb4804c522dec3 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Here are two reasons we should make Frame-Options into a Content-Security-P= olicy directive rather than yet-another-one-off-HTTP-header:

=
1) By centralizing all the policy bits in one string, we gain network = benefits. =A0For example, in the Chrome extension system, we have a field i= n the manifest for specifying a Content Security Policy:

http://code.google.com/chrome/extensions/contentSe= curityPolicy.html

While we could add a new attribute for every d= ifferent bit of policy, it's better for developers if there's just = one place that contains the security policy.

2) By moving Frame-Options into CSP, we can use the sam= e origin-specifying machinery that already exists in CSP rather than invent= ing yet-another-way-of-specifying origins (e.g., in allow-from in the curre= nt Frame-Options draft). =A0By doing that, we make all these things work th= e same way rather than siloing each off depending on which browser vendor f= irst decided this bit of policy was interesting.

As far as I can tell, the main reason for not making Fr= ame-Options a CSP directive is that CSP was Not Invented Here.
Adam


On Wed, Jul = 11, 2012 at 5:22 PM, David Ross <dross@microsoft.com> wrot= e:
Responding to a few of the points in Brad= 9;s original mail on this thread...

My concern is mostly around the degree to which a move to CSP might complic= ate or stall the process. =A0I'd also prefer not to see additional use = cases pop up (eg: click fraud prevention) that just were never in scope bef= ore.

I think that w.r.t. header bloat, the most sensible approach is to only all= ow one origin to be specified. =A0CSP by-design facilitates the use of mult= iple origins. =A0As we've discussed w/Frame-Options, there is a design = pattern to make the more basic single-origin approach functional. =A0I woul= d hate to see hosts serving up source lists of hundreds of origins, just be= cause they can. =A0I think that is exactly what will happen if we support m= ultiple origins.

With regard to obsolescence of X-FRAME-OPTIONS, it's easy to specify ex= actly what happens in the FRAME-OPTIONS spec. =A0I don't see that CSP i= nherently improves on that but I may be missing something there.

The advantage I see of bringing FRAME-OPTIONS into CSP is that it makes CSP= more comprehensive. =A0But I suspect there are plenty of other header-rela= ted security features that aren't defined by CSP (eg: the origin header= , cookie security).

Finally, as Brad pointed out in the rosetta stone thread, Frame-Options pro= vides the flexibility to perform only a top level origin check as opposed t= o a full ancestor check. =A0(Specified via the "AllAncestors" fla= g.)

David Ross
dross@microsoft.com


-----Original Message-----
From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.or= g] On Behalf Of Hill, Brad
Sent: Monday, July 09, 2012 5:03 PM
To: Tobias Gondrom; websec@ietf.org<= br> Cc: public-webappsec@w3.org<= br> Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directiv= es

Tobias,

=A0I'm happy to move the discussion primarily to websec, and I'll d= rop the cc: to webappsec after this email. =A0Thanks for the historical cla= rification, as well.

I'm not terribly concerned about which group does the work, as much as = arriving at the engineering solution that works best for user agent and res= ource authors, some of whom have expressed preference for moving this funct= ionality into CSP. =A0As both a chair and an individual, I don't have a= strong preference, but I think there are reasons in favor of each option a= nd it is worth re-opening the discussion now that the WebAppSec WG has a co= ncrete deliverable under development to address the same general class of a= ttacks.

I'll send out a summary shortly of the similarities and differences bet= ween the various options currently proposed for some additional context.
-Brad Hill




_______________________________________________
websec mailing list
websec@ietf.org
= https://www.ietf.org/mailman/listinfo/websec


_______________________________________________
websec mailing list
websec@ietf.org
= https://www.ietf.org/mailman/listinfo/websec

--f46d04447f4b1ebb4804c522dec3-- From dross@microsoft.com Thu Jul 19 12:50:38 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4299C11E8096 for ; Thu, 19 Jul 2012 12:50:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.467 X-Spam-Level: X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qIAFskIT47Gt for ; Thu, 19 Jul 2012 12:50:37 -0700 (PDT) Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe003.messaging.microsoft.com [216.32.180.13]) by ietfa.amsl.com (Postfix) with ESMTP id E444211E808F for ; Thu, 19 Jul 2012 12:50:36 -0700 (PDT) Received: from mail54-va3-R.bigfish.com (10.7.14.241) by VA3EHSOBE007.bigfish.com (10.7.40.11) with Microsoft SMTP Server id 14.1.225.23; Thu, 19 Jul 2012 19:51:30 +0000 Received: from mail54-va3 (localhost [127.0.0.1]) by mail54-va3-R.bigfish.com (Postfix) with ESMTP id B277AC02F1 for ; Thu, 19 Jul 2012 19:51:29 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -41 X-BigFish: VS-41(zz9371I542M1432I1418I604T4015Izz1202hzz1033IL8275dhz2fh2a8h683h839h944hd25hf0ah107ah) Received-SPF: pass (mail54-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=dross@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ; X-Forefront-Antispam-Report-Untrusted: CIP:157.56.234.5; KIP:(null); UIP:(null); (null); H:SN2PRD0310HT003.namprd03.prod.outlook.com; R:internal; EFV:INT Received: from mail54-va3 (localhost.localdomain [127.0.0.1]) by mail54-va3 (MessageSwitch) id 1342727488281410_15089; Thu, 19 Jul 2012 19:51:28 +0000 (UTC) Received: from VA3EHSMHS013.bigfish.com (unknown [10.7.14.252]) by mail54-va3.bigfish.com (Postfix) with ESMTP id 37B2F60141 for ; Thu, 19 Jul 2012 19:51:28 +0000 (UTC) Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS013.bigfish.com (10.7.99.23) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 19 Jul 2012 19:51:27 +0000 Received: from va3outboundpool.messaging.microsoft.com (157.54.51.80) by mail.microsoft.com (157.54.79.174) with Microsoft SMTP Server (TLS) id 14.2.298.5; Thu, 19 Jul 2012 19:51:24 +0000 Received: from mail156-va3-R.bigfish.com (10.7.14.251) by VA3EHSOBE003.bigfish.com (10.7.40.23) with Microsoft SMTP Server id 14.1.225.23; Thu, 19 Jul 2012 19:50:36 +0000 Received: from mail156-va3 (localhost [127.0.0.1]) by mail156-va3-R.bigfish.com (Postfix) with ESMTP id E4BFD2E01C4 for ; Thu, 19 Jul 2012 19:50:35 +0000 (UTC) Received: from mail156-va3 (localhost.localdomain [127.0.0.1]) by mail156-va3 (MessageSwitch) id 1342727433161366_2650; Thu, 19 Jul 2012 19:50:33 +0000 (UTC) Received: from VA3EHSMHS018.bigfish.com (unknown [10.7.14.237]) by mail156-va3.bigfish.com (Postfix) with ESMTP id 23FBD1800AC; Thu, 19 Jul 2012 19:50:33 +0000 (UTC) Received: from SN2PRD0310HT003.namprd03.prod.outlook.com (157.56.234.5) by VA3EHSMHS018.bigfish.com (10.7.99.28) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 19 Jul 2012 19:50:30 +0000 Received: from SN2PRD0310MB395.namprd03.prod.outlook.com ([169.254.3.25]) by SN2PRD0310HT003.namprd03.prod.outlook.com ([10.255.112.38]) with mapi id 14.16.0175.005; Thu, 19 Jul 2012 19:50:22 +0000 From: David Ross To: "Hill, Brad" , =JeffH , IETF WebSec WG Thread-Topic: [websec] Coordinating Frame-Options and CSP UI Safety directives Thread-Index: AQHNYI6lkz8Gk35PQYOw0F4CVEc1fpcsMs4AgAH0c3CAAt5dAA== Date: Thu, 19 Jul 2012 19:50:22 +0000 Message-ID: <9B5348748B708948989B17CC0AEA3DD0027A8479@SN2PRD0310MB395.namprd03.prod.outlook.com> References: <4FFF6C0C.7010404@KingsMountain.com> <9B5348748B708948989B17CC0AEA3DD004936E@SN2PRD0310MB395.namprd03.prod.outlook.com> <370C9BEB4DD6154FA963E2F79ADC6F2E187BA8@DEN-EXDDA-S12.corp.ebay.com> In-Reply-To: <370C9BEB4DD6154FA963E2F79ADC6F2E187BA8@DEN-EXDDA-S12.corp.ebay.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [131.107.174.87] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OrganizationHeadersPreserved: SN2PRD0310HT003.namprd03.prod.outlook.com X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%PAYPAL-INC.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%KINGSMOUNTAIN.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-CrossPremisesHeadersPromoted: TK5EX14MLTC103.redmond.corp.microsoft.com X-CrossPremisesHeadersFiltered: TK5EX14MLTC103.redmond.corp.microsoft.com X-OriginatorOrg: microsoft.com Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directives X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jul 2012 19:50:38 -0000 The full ancestor stack walk may be considered an artificial / unnecessary = limitation given that users can only make trust decisions based on the UI a= t the top level. (This is in a world where the top level is conservative, = avoiding framing untrusted content.) "I'm a little bit concerned that walking the full ancestors stack is going = to become quite important as more sites start using constructs like seamles= s, sandboxed iframes to display untrusted content." That's a great argument to go with AllAncestors by default and NoAncestors = as opt-in. Dave -----Original Message----- From: Hill, Brad [mailto:bhill@paypal-inc.com]=20 Sent: Tuesday, July 17, 2012 4:33 PM To: David Ross; =3DJeffH; IETF WebSec WG Subject: RE: [websec] Coordinating Frame-Options and CSP UI Safety directiv= es Dave, What's the case for the "NoAncestors" behavior? Is it just a performance= optimization? I'm a little bit concerned that walking the full ancestors = stack is going to become quite important as more sites start using construc= ts like seamless, sandboxed iframes to display untrusted content. Thanks, Brad > -----Original Message----- > From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On=20 > Behalf Of David Ross > Sent: Monday, July 16, 2012 10:55 AM > To: =3DJeffH; IETF WebSec WG > Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety=20 > directives >=20 > In the interest of bloat as measured in bits, in this case it makes=20 > sense to optimize for (2), reducing header value bloat, even if this=20 > is at the expense of (1), reducing header name bloat. I was worried=20 > that with CSP we can't achieve on (2). But if we can specify the ABNF=20 > as you suggest below, that solves the problem. >=20 > I also would like to see the inclusion of the AllAncestors flag as you=20 > suggest below. Or if it makes more sense here, a "NoAncestors" flag. >=20 > Dave >=20 > -----Original Message----- > From: =3DJeffH [mailto:Jeff.Hodges@KingsMountain.com] > Sent: Thursday, July 12, 2012 5:30 PM > To: David Ross; IETF WebSec WG > Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety=20 > directives >=20 > thanks for your thoughts Dave, >=20 > > My concern is mostly around the degree to which a move to CSP might =20 > > complicate or stall the process. >=20 > by this I presume you mean the process of producing a spec for a=20 > standardized "frame-options" (i.e., the successor to "x-frame-options"). >=20 > I don't think leveraging CSP as a framework, per se, would necessarily=20 > slow this down. >=20 > > I'd also prefer not to see additional use > cases pop up (eg:=20 > click fraud > prevention) that just were never in scope > before. >=20 > I think it's reasonable to discuss whether the "frame-options" policy=20 > directive (aka "frame-ancestors", "embed-ancestors") should be=20 > specified as a part of the nascent "UI Safety directives" spec (in W3C=20 > WebAppSec), or the CSP 1.1 spec (in W3C WebAppSec), or as a stand-alone s= pec. >=20 >=20 > > I think that w.r.t. header bloat, >=20 > Ah, so there's two aspects to "header bloat" in this discussion.. >=20 > 1. "header bloat" in relation to possibly defining yet another HTTP=20 > header field to convey a security policy, i.e. a stand-alone=20 > "frame-options" header field. >=20 > 2. "header value bloat" in terms of having a header field into which=20 > server operators may feel obliged to cram a huge list of items (i.e., ori= gins). >=20 > From a high-level perspective, casting "frame-options" as a CSP=20 > directive works towards addressing (1). >=20 >=20 > > the most sensible approach is to only allow one origin to be specified= . >=20 > And this statement is addressing (2). >=20 >=20 > > CSP by-design facilitates the use of multiple origins. >=20 > However, the ABNF of any particular CSP directive can be crafted in=20 > order to allow only one origin to be specified as a value, e.g. like so.. >=20 > directive-name =3D "frame-options" > directive-value =3D host-source >=20 > [ where host-source is defined as.. >=20 > host-source =3D [ scheme "://" ] host [ port ] > ] >=20 > > As we've discussed w/Frame-Options, there is a design pattern to >=20 > make the more basic single-origin approach functional. >=20 > understood. >=20 > (fwiw, I'd term what you're calling a "design pattern" as a=20 > "implementation and deployment technique") >=20 >=20 > > With regard to obsolescence of X-FRAME-OPTIONS, it's easy to=20 > specify exactly > what happens in the FRAME-OPTIONS spec. I don't=20 > see that CSP inherently > improves on that but I may be missing=20 > something there. >=20 > regardless of which specification vehicle we use for the "frame-options" > policy > directive, we'll be able to denote (in some fashion) that it=20 > supersedes the old "x-frame-options" header. (this is going to be=20 > somewhat messy in any case) >=20 >=20 > > The advantage I see of bringing FRAME-OPTIONS into CSP is that it=20 > makes CSP > more comprehensive. But I suspect there are plenty of=20 > other header- related > security features that aren't defined by CSP=20 > (eg: the origin header, cookie > security). >=20 > well, of course CSP doesn't encompass "everything" and isn't intended to. > But we > certainly should be carefully considering consolidating policy=20 > directive conveyance as appropriate, and the "frame-options" (aka=20 > "frame-ancestors", > "embed-ancestors") notion seems to fall reasonably within the "content=20 > security policy" space -- a key aspect being that it is regarding a=20 > particular resource representation (as I presently understand it). >=20 >=20 > > Finally, as Brad pointed out in the rosetta stone thread,=20 > Frame-Options > provides the flexibility to perform only a top level=20 > origin check as opposed > to a full ancestor check. (Specified via=20 > the "AllAncestors" flag.) >=20 > Well, the "AllAncestors" flag can certainly be added to a CSP-based=20 > "frame-options" policy directive. e.g. by defining a new=20 > "keyword-source" of 'all-ancestors'. >=20 > =3DJeffH >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec From dross@microsoft.com Thu Jul 19 12:50:47 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C58A21F86EB for ; Thu, 19 Jul 2012 12:50:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.467 X-Spam-Level: X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BpWVZYgU3P9Y for ; Thu, 19 Jul 2012 12:50:43 -0700 (PDT) Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe004.messaging.microsoft.com [216.32.180.14]) by ietfa.amsl.com (Postfix) with ESMTP id C9F7911E8098 for ; Thu, 19 Jul 2012 12:50:42 -0700 (PDT) Received: from mail252-va3-R.bigfish.com (10.7.14.249) by VA3EHSOBE010.bigfish.com (10.7.40.12) with Microsoft SMTP Server id 14.1.225.23; Thu, 19 Jul 2012 19:51:36 +0000 Received: from mail252-va3 (localhost [127.0.0.1]) by mail252-va3-R.bigfish.com (Postfix) with ESMTP id 397924800FC for ; Thu, 19 Jul 2012 19:51:36 +0000 (UTC) X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI X-SpamScore: -41 X-BigFish: VS-41(zz98dI9371Ic85fh542M1418I604T1447Izz1202hzz1033IL8275bh8275dhz2fh2a8h683h839hd25hf0ah107ah) Received-SPF: pass (mail252-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=dross@microsoft.com; helo=TK5EX14MLTC102.redmond.corp.microsoft.com ; icrosoft.com ; X-Forefront-Antispam-Report-Untrusted: CIP:157.56.234.5; KIP:(null); UIP:(null); (null); H:SN2PRD0310HT004.namprd03.prod.outlook.com; R:internal; EFV:INT Received: from mail252-va3 (localhost.localdomain [127.0.0.1]) by mail252-va3 (MessageSwitch) id 1342727494723546_9654; Thu, 19 Jul 2012 19:51:34 +0000 (UTC) Received: from VA3EHSMHS023.bigfish.com (unknown [10.7.14.243]) by mail252-va3.bigfish.com (Postfix) with ESMTP id AEDC31CC0045 for ; Thu, 19 Jul 2012 19:51:34 +0000 (UTC) Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS023.bigfish.com (10.7.99.33) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 19 Jul 2012 19:51:33 +0000 Received: from va3outboundpool.messaging.microsoft.com (157.54.51.80) by mail.microsoft.com (157.54.79.180) with Microsoft SMTP Server (TLS) id 14.2.298.5; Thu, 19 Jul 2012 19:51:29 +0000 Received: from mail66-va3-R.bigfish.com (10.7.14.238) by VA3EHSOBE010.bigfish.com (10.7.40.12) with Microsoft SMTP Server id 14.1.225.23; Thu, 19 Jul 2012 19:51:20 +0000 Received: from mail66-va3 (localhost [127.0.0.1]) by mail66-va3-R.bigfish.com (Postfix) with ESMTP id 878F8220365 for ; Thu, 19 Jul 2012 19:51:19 +0000 (UTC) Received: from mail66-va3 (localhost.localdomain [127.0.0.1]) by mail66-va3 (MessageSwitch) id 1342727477491658_27105; Thu, 19 Jul 2012 19:51:17 +0000 (UTC) Received: from VA3EHSMHS013.bigfish.com (unknown [10.7.14.247]) by mail66-va3.bigfish.com (Postfix) with ESMTP id 6725032004B; Thu, 19 Jul 2012 19:51:17 +0000 (UTC) Received: from SN2PRD0310HT004.namprd03.prod.outlook.com (157.56.234.5) by VA3EHSMHS013.bigfish.com (10.7.99.23) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 19 Jul 2012 19:51:16 +0000 Received: from SN2PRD0310MB395.namprd03.prod.outlook.com ([169.254.3.25]) by SN2PRD0310HT004.namprd03.prod.outlook.com ([10.255.112.39]) with mapi id 14.16.0175.005; Thu, 19 Jul 2012 19:51:14 +0000 From: David Ross To: Adam Barth , Tobias Gondrom Thread-Topic: [websec] Coordinating Frame-Options and CSP UI Safety directives Thread-Index: Ac1eARMykz8Gk35PQYOw0F4CVEc1fgAKMP0AAAFdb4AAZMpUwAFePnIAACpPKLA= Date: Thu, 19 Jul 2012 19:51:14 +0000 Message-ID: <9B5348748B708948989B17CC0AEA3DD0027A848A@SN2PRD0310MB395.namprd03.prod.outlook.com> References: <370C9BEB4DD6154FA963E2F79ADC6F2E1799AD@DEN-EXDDA-S12.corp.ebay.com> <4FFB67EE.406@gondrom.org> <370C9BEB4DD6154FA963E2F79ADC6F2E17AE18@DEN-EXDDA-S12.corp.ebay.com> <68291699F5EA8848B0EAC2E78480571F053A3186@TK5EX14MBXC216.redmond.corp.microsoft.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [131.107.174.87] Content-Type: multipart/alternative; boundary="_000_9B5348748B708948989B17CC0AEA3DD0027A848ASN2PRD0310MB395_" MIME-Version: 1.0 X-OrganizationHeadersPreserved: SN2PRD0310HT004.namprd03.prod.outlook.com X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%ADAMBARTH.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%GONDROM.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%PAYPAL-INC.COM$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn% X-CrossPremisesHeadersPromoted: TK5EX14MLTC102.redmond.corp.microsoft.com X-CrossPremisesHeadersFiltered: TK5EX14MLTC102.redmond.corp.microsoft.com X-OriginatorOrg: microsoft.com Cc: "websec@ietf.org" Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directives X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jul 2012 19:50:48 -0000 --_000_9B5348748B708948989B17CC0AEA3DD0027A848ASN2PRD0310MB395_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable #1 - fair point #2 - I was worried that the current mechanism was multi-origin only, but it= sounds like that's not the case. If so, this is good. NIH doesn't sound like a great reason at all. Question for Tobias -- with a move to push this from the IETF to the W3C/CS= P, given your IETF affiliation would you still be able to contribute time t= o this project? (Sorry if that's an exceedingly blunt question, I'm not tr= ying to step on toes here.) Your work here thus far has been absolutely in= valuable and has allowed XFO/FO to make forward progress with very little o= verhead. I really don't want to lose the momentum. Dave From: Adam Barth [mailto:ietf@adambarth.com] Sent: Wednesday, July 18, 2012 4:17 PM To: David Ross Cc: Hill, Brad; Tobias Gondrom; websec@ietf.org Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directiv= es Here are two reasons we should make Frame-Options into a Content-Security-P= olicy directive rather than yet-another-one-off-HTTP-header: 1) By centralizing all the policy bits in one string, we gain network benef= its. For example, in the Chrome extension system, we have a field in the m= anifest for specifying a Content Security Policy: http://code.google.com/chrome/extensions/contentSecurityPolicy.html While we could add a new attribute for every different bit of policy, it's = better for developers if there's just one place that contains the security = policy. 2) By moving Frame-Options into CSP, we can use the same origin-specifying = machinery that already exists in CSP rather than inventing yet-another-way-= of-specifying origins (e.g., in allow-from in the current Frame-Options dra= ft). By doing that, we make all these things work the same way rather than= siloing each off depending on which browser vendor first decided this bit = of policy was interesting. As far as I can tell, the main reason for not making Frame-Options a CSP di= rective is that CSP was Not Invented Here. Adam On Wed, Jul 11, 2012 at 5:22 PM, David Ross > wrote: Responding to a few of the points in Brad's original mail on this thread... My concern is mostly around the degree to which a move to CSP might complic= ate or stall the process. I'd also prefer not to see additional use cases = pop up (eg: click fraud prevention) that just were never in scope before. I think that w.r.t. header bloat, the most sensible approach is to only all= ow one origin to be specified. CSP by-design facilitates the use of multip= le origins. As we've discussed w/Frame-Options, there is a design pattern = to make the more basic single-origin approach functional. I would hate to = see hosts serving up source lists of hundreds of origins, just because they= can. I think that is exactly what will happen if we support multiple orig= ins. With regard to obsolescence of X-FRAME-OPTIONS, it's easy to specify exactl= y what happens in the FRAME-OPTIONS spec. I don't see that CSP inherently = improves on that but I may be missing something there. The advantage I see of bringing FRAME-OPTIONS into CSP is that it makes CSP= more comprehensive. But I suspect there are plenty of other header-relate= d security features that aren't defined by CSP (eg: the origin header, cook= ie security). Finally, as Brad pointed out in the rosetta stone thread, Frame-Options pro= vides the flexibility to perform only a top level origin check as opposed t= o a full ancestor check. (Specified via the "AllAncestors" flag.) David Ross dross@microsoft.com -----Original Message----- From: websec-bounces@ietf.org [mailto:webse= c-bounces@ietf.org] On Behalf Of Hill, Brad Sent: Monday, July 09, 2012 5:03 PM To: Tobias Gondrom; websec@ietf.org Cc: public-webappsec@w3.org Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directiv= es Tobias, I'm happy to move the discussion primarily to websec, and I'll drop the cc= : to webappsec after this email. Thanks for the historical clarification, = as well. I'm not terribly concerned about which group does the work, as much as arri= ving at the engineering solution that works best for user agent and resourc= e authors, some of whom have expressed preference for moving this functiona= lity into CSP. As both a chair and an individual, I don't have a strong pr= eference, but I think there are reasons in favor of each option and it is w= orth re-opening the discussion now that the WebAppSec WG has a concrete del= iverable under development to address the same general class of attacks. I'll send out a summary shortly of the similarities and differences between= the various options currently proposed for some additional context. -Brad Hill _______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec _______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec --_000_9B5348748B708948989B17CC0AEA3DD0027A848ASN2PRD0310MB395_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

#1 – fair point

#2 – I was worried = that the current mechanism was multi-origin only, but it sounds like that&#= 8217;s not the case.  If so, this is good.

 <= /p>

NIH doesn’t sound l= ike a great reason at all.

 <= /p>

Question for Tobias -- wi= th a move to push this from the IETF to the W3C/CSP, given your IETF affili= ation would you still be able to contribute time to this project?  (Sorry if that’s an exceedingly blunt question, IR= 17;m not trying to step on toes here.)  Your work here thus far has be= en absolutely invaluable and has allowed XFO/FO to make forward progress wi= th very little overhead.  I really don’t want to lose the momentum.

 <= /p>

Dave

 <= /p>

 <= /p>

From: Adam Bar= th [mailto:ietf@adambarth.com]
Sent: Wednesday, July 18, 2012 4:17 PM
To: David Ross
Cc: Hill, Brad; Tobias Gondrom; websec@ietf.org
Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety d= irectives

 

Here are two reasons we should make Frame-Options in= to a Content-Security-Policy directive rather than yet-another-one-off-HTTP= -header:

 

1) By centralizing all the policy bits in one string= , we gain network benefits.  For example, in the Chrome extension syst= em, we have a field in the manifest for specifying a Content Security Polic= y:

 

http://code.google.com/chrome/extensions/conten= tSecurityPolicy.html

While we could add a new attribute for every different bit of policy, it's = better for developers if there's just one place that contains the security = policy.

 

2) By moving Frame-Options into CSP, we can use the = same origin-specifying machinery that already exists in CSP rather than inv= enting yet-another-way-of-specifying origins (e.g., in allow-from in the cu= rrent Frame-Options draft).  By doing that, we make all these things work the same way rather than siloing each = off depending on which browser vendor first decided this bit of policy was = interesting.

 

As far as I can tell, the main reason for not making= Frame-Options a CSP directive is that CSP was Not Invented Here.

 

Adam

 

On Wed, Jul 11, 2012 at 5:22 PM, David Ross <dross@microsoft.com> wrote:

Responding to a few of the points in Brad's original= mail on this thread...

My concern is mostly around the degree to which a move to CSP might complic= ate or stall the process.  I'd also prefer not to see additional use c= ases pop up (eg: click fraud prevention) that just were never in scope befo= re.

I think that w.r.t. header bloat, the most sensible approach is to only all= ow one origin to be specified.  CSP by-design facilitates the use of m= ultiple origins.  As we've discussed w/Frame-Options, there is a desig= n pattern to make the more basic single-origin approach functional.  I would hate to see hosts serving up source lis= ts of hundreds of origins, just because they can.  I think that is exa= ctly what will happen if we support multiple origins.

With regard to obsolescence of X-FRAME-OPTIONS, it's easy to specify exactl= y what happens in the FRAME-OPTIONS spec.  I don't see that CSP inhere= ntly improves on that but I may be missing something there.

The advantage I see of bringing FRAME-OPTIONS into CSP is that it makes CSP= more comprehensive.  But I suspect there are plenty of other header-r= elated security features that aren't defined by CSP (eg: the origin header,= cookie security).

Finally, as Brad pointed out in the rosetta stone thread, Frame-Options pro= vides the flexibility to perform only a top level origin check as opposed t= o a full ancestor check.  (Specified via the "AllAncestors" = flag.)

David Ross
dross@microso= ft.com



-----Original Message-----
From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.or= g] On Behalf Of Hill, Brad
Sent: Monday, July 09, 2012 5:03 PM
To: Tobias Gondrom; websec@ietf.org<= br> Cc: public-webappsec@w3.org<= br> Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directiv= es

Tobias,

 I'm happy to move the discussion primarily to websec, and I'll drop t= he cc: to webappsec after this email.  Thanks for the historical clari= fication, as well.

I'm not terribly concerned about which group does the work, as much as arri= ving at the engineering solution that works best for user agent and resourc= e authors, some of whom have expressed preference for moving this functiona= lity into CSP.  As both a chair and an individual, I don't have a strong preference, but I think there are= reasons in favor of each option and it is worth re-opening the discussion = now that the WebAppSec WG has a concrete deliverable under development to a= ddress the same general class of attacks.

I'll send out a summary shortly of the similarities and differences between= the various options currently proposed for some additional context.

-Brad Hill




_______________________________________________
websec mailing list
websec@ietf.org
= https://www.ietf.org/mailman/listinfo/websec


_______________________________________________
websec mailing list
websec@ietf.org
= https://www.ietf.org/mailman/listinfo/websec

 

--_000_9B5348748B708948989B17CC0AEA3DD0027A848ASN2PRD0310MB395_-- From tlr@w3.org Fri Jul 20 04:54:14 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16E7D21F8570 for ; Fri, 20 Jul 2012 04:54:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.223 X-Spam-Level: X-Spam-Status: No, score=-10.223 tagged_above=-999 required=5 tests=[AWL=0.375, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qBXK4TNS+u3z for ; Fri, 20 Jul 2012 04:54:12 -0700 (PDT) Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) by ietfa.amsl.com (Postfix) with ESMTP id 954AE21F8569 for ; Fri, 20 Jul 2012 04:54:12 -0700 (PDT) Received: from [88.207.137.67] (helo=[192.168.2.106]) by jay.w3.org with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.69) (envelope-from ) id 1SsBnP-00049B-GK; Fri, 20 Jul 2012 07:55:01 -0400 Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: multipart/alternative; boundary="Apple-Mail=_2EB8AB60-D628-4EE4-A6B5-BFD556B5F2E0" From: Thomas Roessler In-Reply-To: <9B5348748B708948989B17CC0AEA3DD0027A848A@SN2PRD0310MB395.namprd03.prod.outlook.com> Date: Fri, 20 Jul 2012 13:54:54 +0200 Message-Id: <043AA6DA-9D3F-4EC2-B5D4-E1FF2FD0F470@w3.org> References: <370C9BEB4DD6154FA963E2F79ADC6F2E1799AD@DEN-EXDDA-S12.corp.ebay.com> <4FFB67EE.406@gondrom.org> <370C9BEB4DD6154FA963E2F79ADC6F2E17AE18@DEN-EXDDA-S12.corp.ebay.com> <68291699F5EA8848B0EAC2E78480571F053A3186@TK5EX14MBXC216.redmond.corp.microsoft.com> <9B5348748B708948989B17CC0AEA3DD0027A848A@SN2PRD0310MB395.namprd03.prod.outlook.com> To: David Ross X-Mailer: Apple Mail (2.1278) Cc: "websec@ietf.org" Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety directives X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jul 2012 11:54:14 -0000 --Apple-Mail=_2EB8AB60-D628-4EE4-A6B5-BFD556B5F2E0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 I wouldn't expect major obstacles from the W3C side to having Tobias = participate there. -- Thomas Roessler, W3C (@roessler) On 2012-07-19, at 21:51 +0200, David Ross wrote: > #1 =96 fair point > #2 =96 I was worried that the current mechanism was multi-origin only, = but it sounds like that=92s not the case. If so, this is good. > =20 > NIH doesn=92t sound like a great reason at all. > =20 > Question for Tobias -- with a move to push this from the IETF to the = W3C/CSP, given your IETF affiliation would you still be able to = contribute time to this project? (Sorry if that=92s an exceedingly = blunt question, I=92m not trying to step on toes here.) Your work here = thus far has been absolutely invaluable and has allowed XFO/FO to make = forward progress with very little overhead. I really don=92t want to = lose the momentum. > =20 > Dave > =20 > =20 > From: Adam Barth [mailto:ietf@adambarth.com]=20 > Sent: Wednesday, July 18, 2012 4:17 PM > To: David Ross > Cc: Hill, Brad; Tobias Gondrom; websec@ietf.org > Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety = directives > =20 > Here are two reasons we should make Frame-Options into a = Content-Security-Policy directive rather than = yet-another-one-off-HTTP-header: > =20 > 1) By centralizing all the policy bits in one string, we gain network = benefits. For example, in the Chrome extension system, we have a field = in the manifest for specifying a Content Security Policy: > =20 > http://code.google.com/chrome/extensions/contentSecurityPolicy.html >=20 > While we could add a new attribute for every different bit of policy, = it's better for developers if there's just one place that contains the = security policy. > =20 > 2) By moving Frame-Options into CSP, we can use the same = origin-specifying machinery that already exists in CSP rather than = inventing yet-another-way-of-specifying origins (e.g., in allow-from in = the current Frame-Options draft). By doing that, we make all these = things work the same way rather than siloing each off depending on which = browser vendor first decided this bit of policy was interesting. > =20 > As far as I can tell, the main reason for not making Frame-Options a = CSP directive is that CSP was Not Invented Here. > =20 > Adam > =20 >=20 > On Wed, Jul 11, 2012 at 5:22 PM, David Ross = wrote: > Responding to a few of the points in Brad's original mail on this = thread... >=20 > My concern is mostly around the degree to which a move to CSP might = complicate or stall the process. I'd also prefer not to see additional = use cases pop up (eg: click fraud prevention) that just were never in = scope before. >=20 > I think that w.r.t. header bloat, the most sensible approach is to = only allow one origin to be specified. CSP by-design facilitates the = use of multiple origins. As we've discussed w/Frame-Options, there is a = design pattern to make the more basic single-origin approach functional. = I would hate to see hosts serving up source lists of hundreds of = origins, just because they can. I think that is exactly what will = happen if we support multiple origins. >=20 > With regard to obsolescence of X-FRAME-OPTIONS, it's easy to specify = exactly what happens in the FRAME-OPTIONS spec. I don't see that CSP = inherently improves on that but I may be missing something there. >=20 > The advantage I see of bringing FRAME-OPTIONS into CSP is that it = makes CSP more comprehensive. But I suspect there are plenty of other = header-related security features that aren't defined by CSP (eg: the = origin header, cookie security). >=20 > Finally, as Brad pointed out in the rosetta stone thread, = Frame-Options provides the flexibility to perform only a top level = origin check as opposed to a full ancestor check. (Specified via the = "AllAncestors" flag.) >=20 > David Ross > dross@microsoft.com >=20 >=20 > -----Original Message----- > From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On = Behalf Of Hill, Brad > Sent: Monday, July 09, 2012 5:03 PM > To: Tobias Gondrom; websec@ietf.org > Cc: public-webappsec@w3.org > Subject: Re: [websec] Coordinating Frame-Options and CSP UI Safety = directives >=20 > Tobias, >=20 > I'm happy to move the discussion primarily to websec, and I'll drop = the cc: to webappsec after this email. Thanks for the historical = clarification, as well. >=20 > I'm not terribly concerned about which group does the work, as much as = arriving at the engineering solution that works best for user agent and = resource authors, some of whom have expressed preference for moving this = functionality into CSP. As both a chair and an individual, I don't have = a strong preference, but I think there are reasons in favor of each = option and it is worth re-opening the discussion now that the WebAppSec = WG has a concrete deliverable under development to address the same = general class of attacks. >=20 > I'll send out a summary shortly of the similarities and differences = between the various options currently proposed for some additional = context. >=20 > -Brad Hill >=20 >=20 >=20 >=20 > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec >=20 >=20 > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec > =20 > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec --Apple-Mail=_2EB8AB60-D628-4EE4-A6B5-BFD556B5F2E0 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252 I = wouldn't expect major obstacles from the W3C side to having Tobias = participate there.
--
Thomas = Roessler, W3C  <tlr@w3.org> =  (@roessler)

On 2012-07-19, at 21:51 +0200, David Ross wrote:

#1 =96 = fair point
#2 =96 = I was worried that the current mechanism was multi-origin only, but it = sounds like that=92s not the case.  If so, this is = good.
NIH = doesn=92t sound like a great reason at all.
 Adam = Barth [mailto:ietf@adambarth.com] 
Sent: Wednesday, July 18, 2012 = 4:17 PM
To: David = Ross
Cc: Hill,= Brad; Tobias Gondrom; websec@ietf.org
Subject: Re: [websec] Coordinating = Frame-Options and CSP UI Safety directives
 
Here are two reasons we = should make Frame-Options into a Content-Security-Policy directive = rather than yet-another-one-off-HTTP-header:
 
1) By centralizing all the policy bits in one string, = we gain network benefits.  For example, in the Chrome extension = system, we have a field in the manifest for specifying a Content = Security Policy:
 

On Wed, Jul 11, 2012 at = 5:22 PM, David Ross <Responding to a few of the points in Brad's original = mail on this thread...

My concern is mostly around the degree to = which a move to CSP might complicate or stall the process.  I'd = also prefer not to see additional use cases pop up (eg: click fraud = prevention) that just were never in scope before.

I think that = w.r.t. header bloat, the most sensible approach is to only allow one = origin to be specified.  CSP by-design facilitates the use of = multiple origins.  As we've discussed w/Frame-Options, there is a = design pattern to make the more basic single-origin approach functional. =  I would hate to see hosts serving up source lists of hundreds of = origins, just because they can.  I think that is exactly what will = happen if we support multiple origins.

With regard to = obsolescence of X-FRAME-OPTIONS, it's easy to specify exactly what = happens in the FRAME-OPTIONS spec.  I don't see that CSP inherently = improves on that but I may be missing something there.

The = advantage I see of bringing FRAME-OPTIONS into CSP is that it makes CSP = more comprehensive.  But I suspect there are plenty of other = header-related security features that aren't defined by CSP (eg: the = origin header, cookie security).

Finally, as Brad pointed out in = the rosetta stone thread, Frame-Options provides the flexibility to = perform only a top level origin check as opposed to a full ancestor = check.  (Specified via the "AllAncestors" flag.)

David = Ross


-----Original Message-----
From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On Behalf Of = Hill, Brad
Sent: Monday, July 09, 2012 5:03 PM
To: Tobias = Gondrom; websec@ietf.org
Cc: public-webappsec@w3.org
Subject: = Re: [websec] Coordinating Frame-Options and CSP UI Safety = directives

Tobias,

 I'm happy to move the discussion = primarily to websec, and I'll drop the cc: to webappsec after this = email.  Thanks for the historical clarification, as = well.

I'm not terribly concerned about which group does the work, = as much as arriving at the engineering solution that works best for user = agent and resource authors, some of whom have expressed preference for = moving this functionality into CSP.  As both a chair and an = individual, I don't have a strong preference, but I think there are = reasons in favor of each option and it is worth re-opening the = discussion now that the WebAppSec WG has a concrete deliverable under = development to address the same general class of attacks.

I'll = send out a summary shortly of the similarities and differences between = the various options currently proposed for some additional = context.

-Brad = Hill




_______________________________________________websec mailing list
websec@ietf.org
websec@ietf.org
websec@ietf.org
https://www.ietf.or= g/mailman/listinfo/websec

= --Apple-Mail=_2EB8AB60-D628-4EE4-A6B5-BFD556B5F2E0-- From Jeff.Hodges@KingsMountain.com Sun Jul 29 22:30:15 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 877F721F85C7 for ; Sun, 29 Jul 2012 22:30:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.495 X-Spam-Level: X-Spam-Status: No, score=-100.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wffKJ8mR7I-O for ; Sun, 29 Jul 2012 22:30:14 -0700 (PDT) Received: from oproxy9.bluehost.com (oproxy9.bluehost.com [IPv6:2605:dc00:100:2::a2]) by ietfa.amsl.com (Postfix) with SMTP id D7EB621F85D1 for ; Sun, 29 Jul 2012 22:30:13 -0700 (PDT) Received: (qmail 1076 invoked by uid 0); 30 Jul 2012 05:30:13 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy9.bluehost.com with SMTP; 30 Jul 2012 05:30:13 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=xmKcfdIvb5LkKTijMpc7nGaIFTk7mCbkrfXaMyxYse4=; b=nTdfKFh6mPLnoARRSpWzkjRa/18p9woCnGMt0xfpW/YhNEF0zfRCF4KS0pel+fMikZvz0A5sEeLj4sXTRSTtgff3VOXdpnFMSg51Ok4xH/3Rs7iH1uTdTbYXcJ6l0rPC; Received: from [130.129.65.226] (port=37158) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SviYO-0007ck-Gm; Sun, 29 Jul 2012 23:30:05 -0600 Message-ID: <50161BD5.7040901@KingsMountain.com> Date: Sun, 29 Jul 2012 22:29:57 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0 MIME-Version: 1.0 To: Ben Campbell Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 130.129.65.226 authed with jeff.hodges+kingsmountain.com} Cc: General Area Review Team , IETF WebSec WG , draft-ietf-websec-strict-transport-sec.all@tools.ietf.org, IETF Discussion List Subject: Re: [websec] Gen-ART LC Review of draft-ietf-websec-strict-transport-sec-11 X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2012 05:30:15 -0000 thanks for the review Ben. > I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, > please see the FAQ at > > . > > Please resolve these comments along with any other Last Call comments you may > receive. > > Document: draft-ietf-websec-strict-transport-sec-11 Reviewer: Ben Campbell > Review Date: 2012-07-24 IETF LC End Date: 2012-07-25 > > Summary: This draft is almost ready for publication as a proposed standard, > but there are a few issues that should be considered first. > > *** Major issues: > > None > > *** Minor issues: > > -- Does this draft update any other RFCs (e.g. 2616 or 2818)? If so, that > should be explicitly flagged and mentioned in the abstract. Good question, I don't believe we've discussed this possibility directly in the websec wg. In looking at the RFCs that do update RFC2616, it doesn't look like draft-ietf-websec-strict-transport-sec (HSTS) is of that ilk. However, it nominally appears that an argument could be made that it'd be appropriate to update RFC2818 via draft-ietf-websec-strict-transport-sec, specifically with regards to Section 2.1. Connection Initiation. Though, RFC2818 is Informational, which may be an issue (?). Also, perhaps this is something to more appropriately do via a standards-track rfc2818bis, i.e., have the latter reference the HSTS spec. this is something to discuss this coming week @IETF-84 Vancouver it seems. > -- I did not find any guidance on how to handle UAs that do not understand > this extension. I don't know if this needs to be normative, but the draft > should at least mention the possibility and implications. Agreed. My -12 working copy now contains these new subsections.. ### 10. Server Implementation and Deployment Advice This section is non-normative. 10.1. Non-Conformant User Agent Considerations Non-conformant UAs ignore the Strict-Transport-Security header field, thus non-conformant user agents do not address the threats described in Section 2.3.1 "Threats Addressed". Please refer to Section 14.1 "Non-Conformant User Agent Implications" for further discussion. . . 14. Security Considerations . . 14.1. Non-Conformant User Agent Implications Non-conformant UAs ignore the Strict-Transport-Security header field, thus non-conformant user agents do not address the threats described in Section 2.3.1 "Threats Addressed". This means that the web application and its users wielding non- conformant user agents will be vulnerable to both: Passive network attacks due to web site development and deployment bugs: For example, if the web application contains any insecure, non-"https", references to the web application server, and if not all of its cookies are flagged as "Secure", then its cookies will be vulnerable to passive network sniffing, and potentially subsequent misuse of user credentials. Active network attacks: If an attacker is able to place a man-in- the-middle, secure transport connection attempts will likely yield warnings to the user, but without HSTS Policy being enforced, the present common practice is to allow the user to "click-through" and proceed. This renders the user and possibly the web application open to abuse by such an attacker. This is essentially the status-quo for all web applications and their users in the absence of HSTS Policy. ### > > -- How should a UA handle potential conflicts between a the policy record > that includes the includeSubdomain, and any records for subdomains that might > have different parameters? this is in the draft. the short answer is that at policy enforcement time, "superdomain matches win". At "noting an HSTS Host" time, the HSTS host's policy (if expressed) is noted regardless of whether there are superdomain HSTS hosts asserting "includeSubDomains". perhaps this needs to be made more clear? > > -- section 6.1: > > The draft mentions that directives may be extended, but defers creation of an > IANA registry to the time of first extension. IANA registries are not > expensive; I suggest it be created now. If there's a good reason not to, then > the draft should still address the specification policy for extensions. > > Also, do you expect that some future directive might need to have a > "required-to-understand" status? Given that this is a security-affecting > extension, it seems likely. If so, then the mechanism for expressing that > needs to be defined in this draft. These are good questions, and they beg the overall question of how complex this simple solution really needs to be and whether we really think we'll need any extensions. Something for us to discuss in the working group meeting on Tue morning I think. > > -- section 7.2: > > Am I correct to assume that the server must never just serve the content over > a non-secure connection? If so, it would be helpful to mention that, maybe > even normatively. It's a SHOULD, see the Note in that section, so it's already effectively stated normatively, though one needs to understand HTTP workings to realize it in the way you stated it above. Perhaps could add a simple statement as you suggest to the intro para for section 7 Server Processing Model, to address this concern? > > -- section 8.4: > > Does this imply a duty for compliant UAs to check for revocation one way or > another? yes. though, per other relevant specifications, as duly cited. AFAIK the HSTS spec doesn't need to get into the details because the underlying security transport specs, namely TLS, already do this. > > > *** Nits/editorial comments: > > -- idnits reports an uncited reference: > > == Unused Reference: 'RFC6376' is defined on line 1709, but no explicit > reference was found in the text fixed in my -12 working copy. > -- section 1.2: > > The description of indented notes is almost precisely the opposite of how > they are described in the RFC editor's style guide. It describes them as > "parenthetical" notes, which is how experienced RFC readers are likely to > perceive them. While it doesn't say so explicitly, I think putting normative > text in parenthetical notes should be avoided. If these are intended to be > taken more strongly than that (and by the description, I take it they should > be taken more strongly than the surrounding text), then I suggest choosing a > stronger prefix than "NOTE:" As it turns out, almost all the Notes are parenthetical. I'll render the one(s) that are normative as a regular paragraph(s) and leave the others as-is. Will that address your concern? > > -- section 7: > > Does the reference to I-D.ietf-tls-ssl-version3 indicate a requirement for > SSL3? no, it's just that SSLv3 remains a fact of life and is referenced for completeness' sake. > > -- section 8.2, paragraph 5 (first non-numbered paragraph after numbered > list) > > To be pedantic, this could be taken to mean a congruent match only applies if > the includeSubdomains flag is not present. I assume it's intended to apply > whether or not the flag is present. [ I am assuming you actually are referring to section 8.3, as section 8.2 doesn't mention the includeSubdomains flag and does not contain a numbered list. ] yes, a congruent match is intended to apply whether or not the flag is present. > -- section 12 and subsections: > > I was surprised to see more apparently normative material after the > non-normative guidance sections. I think it would improve the organization to > put this closer to the normative rules for UAs. We can move section 12 up ahead of the non-normative guidance sections. > > -- section 14.1, 4th paragraph (first non-bulleted paragraph following bullet > list) > > This issue is only true for proxies that act as a TLS MiTM, right? yes. > Would > proxies that tunnel TLS via the CONNECT method have this issue? I don't think so in the general case. I'm not sure what terminology to use to differentiate such proxies if this is a detail worth addressing. thanks again, =JeffH From alexey.melnikov@isode.com Mon Jul 30 08:32:57 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 501B821F869E for ; Mon, 30 Jul 2012 08:32:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.203 X-Spam-Level: X-Spam-Status: No, score=-101.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UQ2z7BRZ2V7d for ; Mon, 30 Jul 2012 08:32:52 -0700 (PDT) Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id EFA2721F8697 for ; Mon, 30 Jul 2012 08:32:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1343662437; d=isode.com; s=selector; i=@isode.com; bh=fT7i18NcwGVUSnePDfrrsOH3KrDky9GiS/WekLFjdpo=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=r+rwbPFLP1VdE6sO4kvOkBZcWlPI6aEnG9x1cPVDtdEFLk+p9rUePfJN7LBGWT+Bsihk99 YRpzgyx6U5NvdBhw/vQ+6jCn2OreYwTxQ2SV/13qKty2CaeLvbqxqauj454/LDPWNYyuUE mzxVUG+HAOX09zZxlKW/EBU9BqT7qRk=; Received: from [10.71.15.137] (199-192-189-245.ip.van.radiant.net [199.192.189.245]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id ; Mon, 30 Jul 2012 16:33:57 +0100 From: Alexey Melnikov X-Mailer: iPad Mail (9B206) Message-Id: <91BFE570-E130-4FBF-B346-3F1E10C77368@isode.com> Date: Mon, 30 Jul 2012 08:32:49 -0700 To: WebSec WG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: [websec] Slides for WebSec meeting in Vancouver X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2012 15:32:57 -0000 Can I please have all slides by the end of today (ideally before the IETF Pl= enary, PST timezone). If you are planning to present and bring slides tomorrow without sending the= m to me today, I reserve the right to cancel your talk. Alexey, As a WebSec co-chair. From barryleiba@gmail.com Mon Jul 30 16:41:18 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A55BC21F855F for ; Mon, 30 Jul 2012 16:41:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.952 X-Spam-Level: X-Spam-Status: No, score=-102.952 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GFYzVcnPe3oH for ; Mon, 30 Jul 2012 16:41:18 -0700 (PDT) Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 3A24A21F855B for ; Mon, 30 Jul 2012 16:41:18 -0700 (PDT) Received: by pbcwy7 with SMTP id wy7so10556514pbc.31 for ; Mon, 30 Jul 2012 16:41:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=FdqWMJ9G8WxM/FeTYiDEQWppVddY3txMSwSD7X6Y/NI=; b=cO2gjj0IPGrSTJ0GTdc5mjKr0nyTnQ0oZd8+Y1vvUL39AjwG7YwMUQRPJHDACJ5fuS 5BQgx5LOoRyX7xp0KN0xaqs3fHGmxersSLYLIX9dggpPV2fyhXKjyeEUeWHqlN5609oQ 8aWrw9rCb6SlX4cfcr8gsuq/PQpHrpMmKlxn22KCV76cPIv9UquS9MAjlKQB/7a780a1 VXwQYHqZqQbaidKeoPUCb2xrWKv57pOeuXl/8KXeLHOUYyVcsVBP+UmMC5NHTrxJHp0i 5bn6ZdEDgsx7pfJD0nX4Zv/ttgA39ZTvt20ZA1icxqAWDuCqzh2oR34KQSViI/D2TO/5 yXIw== MIME-Version: 1.0 Received: by 10.68.238.68 with SMTP id vi4mr38250169pbc.123.1343691678004; Mon, 30 Jul 2012 16:41:18 -0700 (PDT) Sender: barryleiba@gmail.com Received: by 10.68.64.103 with HTTP; Mon, 30 Jul 2012 16:41:17 -0700 (PDT) Date: Mon, 30 Jul 2012 19:41:17 -0400 X-Google-Sender-Auth: emUWhY8QbPTu8Qp-M5cDg8mEXj0 Message-ID: From: Barry Leiba To: websec@ietf.org Content-Type: text/plain; charset=ISO-8859-1 Subject: [websec] Yoav is now a third websec chair X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2012 23:41:18 -0000 Some while ago, Yoav Nir was appointed websec working group secretary, to help the chairs with their jobs. Today, after discussion with Alexey and Tobias, I'm appointing Yoav as third websec working group chair. Thanks, Yoav, for agreeing to take on the role... and thanks to all the chairs for their continued work. As always, you can contact the websec chairs using the email alias . Using the alias will ensure that you don't miss anyone, and that later replies to your message will go to all the current chairs. Barry, Responsible AD From Jeff.Hodges@KingsMountain.com Tue Jul 31 10:00:38 2012 Return-Path: X-Original-To: websec@ietfa.amsl.com Delivered-To: websec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C901821F86D9 for ; Tue, 31 Jul 2012 10:00:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ql8nFC5D1c-g for ; Tue, 31 Jul 2012 10:00:38 -0700 (PDT) Received: from oproxy8-pub.bluehost.com (oproxy8.bluehost.com [IPv6:2605:dc00:100:2::a8]) by ietfa.amsl.com (Postfix) with SMTP id 39C7521F86D1 for ; Tue, 31 Jul 2012 10:00:38 -0700 (PDT) Received: (qmail 28698 invoked by uid 0); 31 Jul 2012 17:00:37 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy8.bluehost.com with SMTP; 31 Jul 2012 17:00:37 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=E05UC2EFX6OzmasYdoWeSo8ChcZnVJbTEnDWVxHkrNg=; b=nA741Dzz0KK4UiTKNXqvXy2A3H6cbfHh7kTg1sUzmNrazqr9T5yq2m+txhUjGIOp2JndTF8Nl/PyEW16pNLUmvrjaxxmKrmI7ms5GpFHntdH9Na+OPMTatksuMDMs5ME; Received: from [130.129.86.152] (port=41882) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SwFoB-0001CZ-8c for websec@ietf.org; Tue, 31 Jul 2012 11:00:37 -0600 Message-ID: <50180F30.80404@KingsMountain.com> Date: Tue, 31 Jul 2012 10:00:32 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0 MIME-Version: 1.0 To: IETF WebSec WG Content-Type: multipart/mixed; boundary="------------020105080107090607040906" X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 130.129.86.152 authed with jeff.hodges+kingsmountain.com} Subject: [websec] slides: HillHodges--IETF84-XFO-UISafety-02 (IETF-84 Vancouver) X-BeenThere: websec@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Web Application Security Minus Authentication and Transport List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2012 17:00:38 -0000 This is a multi-part message in MIME format. --------------020105080107090607040906 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit please see attached for our slides during frame-options discussion @ ietf-84 --------------020105080107090607040906 Content-Type: application/pdf; name="HillHodges--IETF84-XFO-UISafety-02.pdf" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="HillHodges--IETF84-XFO-UISafety-02.pdf" JVBERi0xLjUNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFIv TGFuZyhlbi1VUykgL1N0cnVjdFRyZWVSb290IDU3IDAgUi9NYXJrSW5mbzw8L01hcmtlZCB0 cnVlPj4+Pg0KZW5kb2JqDQoyIDAgb2JqDQo8PC9UeXBlL1BhZ2VzL0NvdW50IDExL0tpZHNb IDMgMCBSIDEwIDAgUiAxNyAwIFIgMjggMCBSIDMwIDAgUiAzMiAwIFIgNDUgMCBSIDQ3IDAg UiA0OSAwIFIgNTEgMCBSIDUzIDAgUl0gPj4NCmVuZG9iag0KMyAwIG9iag0KPDwvVHlwZS9Q YWdlL1BhcmVudCAyIDAgUi9SZXNvdXJjZXM8PC9Gb250PDwvRjEgNSAwIFIvRjIgOCAwIFI+ Pi9FeHRHU3RhdGU8PC9HUzcgNyAwIFI+Pi9Qcm9jU2V0Wy9QREYvVGV4dC9JbWFnZUIvSW1h Z2VDL0ltYWdlSV0gPj4vTWVkaWFCb3hbIDAgMCA3MjAgNTQwXSAvQ29udGVudHMgNCAwIFIv R3JvdXA8PC9UeXBlL0dyb3VwL1MvVHJhbnNwYXJlbmN5L0NTL0RldmljZVJHQj4+L1RhYnMv Uy9TdHJ1Y3RQYXJlbnRzIDA+Pg0KZW5kb2JqDQo0IDAgb2JqDQo8PC9GaWx0ZXIvRmxhdGVE ZWNvZGUvTGVuZ3RoIDQ5OD4+DQpzdHJlYW0NCnicfVNNb9pAEL1b8n+Y42wkltn1ftgSQiok JYkUqW2IekA9uGCIw1eK6SGq+t87SyDCgHux1ruz7715bxbaX6DTaT/0766Bul3oXffhVxwR kCQipTV58JrAGoJNEUffr2AVRwpmHzVETpGpFU2v4uhrHMHNQx/giEDtCXrDOGp/VmCM5JvD aQBkNFCgEye9giRLJBMPl4GFqdqDRw+zKvwN4miEj7lIcCq0wUJY3L6BcJjPhEoxL1eVyHAL 4gcM7+PohqkC3YHAMHKijwlGeFp7kObq2pRy0mWQGJLa7q/2F+V4/pKP56UwuJpBG57uQLQS /CaUx2KyESrBoqpKPmtQ5FQiVR21SdCJV5mV2oNOvaRsf/OT0A63gZQ/ClmYSLE6g9MX4Iw2 0qd1uGMhZ2nqkzQTfW4Zd5VZ0EQHTJLW2N307Ba7NHsboVnrBG7ZxHLB0S7YQ4+dn8/B1kXY 4Y0M/+TC4/YvvOZCZfj2mi+aUvZWuvSYd4StptrUSqvrteVqLJl5zOatl90L9l3o1RGPVA2H 3l/JoCnSAHKSQSoNpaCcks41+nVfsK5pCHkKt+vJjE0pKui8FDz479vCZSifw1EajkTLBO9c 8G7Oo1ixocv171V4KKGeH40cC0X/afakVx49a2o6G3rdTc0/AHPpMg0KZW5kc3RyZWFtDQpl bmRvYmoNCjUgMCBvYmoNCjw8L1R5cGUvRm9udC9TdWJ0eXBlL1RydWVUeXBlL05hbWUvRjEv QmFzZUZvbnQvQUJDREVFK0NhbGlicmkvRW5jb2RpbmcvV2luQW5zaUVuY29kaW5nL0ZvbnRE ZXNjcmlwdG9yIDYgMCBSL0ZpcnN0Q2hhciAzMi9MYXN0Q2hhciAxMjUvV2lkdGhzIDIwOSAw IFI+Pg0KZW5kb2JqDQo2IDAgb2JqDQo8PC9UeXBlL0ZvbnREZXNjcmlwdG9yL0ZvbnROYW1l L0FCQ0RFRStDYWxpYnJpL0ZsYWdzIDMyL0l0YWxpY0FuZ2xlIDAvQXNjZW50IDc1MC9EZXNj ZW50IC0yNTAvQ2FwSGVpZ2h0IDc1MC9BdmdXaWR0aCA1MjEvTWF4V2lkdGggMTc0My9Gb250 V2VpZ2h0IDQwMC9YSGVpZ2h0IDI1MC9TdGVtViA1Mi9Gb250QkJveFsgLTUwMyAtMjUwIDEy NDAgNzUwXSAvRm9udEZpbGUyIDIwNyAwIFI+Pg0KZW5kb2JqDQo3IDAgb2JqDQo8PC9UeXBl L0V4dEdTdGF0ZS9CTS9Ob3JtYWwvQ0EgMT4+DQplbmRvYmoNCjggMCBvYmoNCjw8L1R5cGUv Rm9udC9TdWJ0eXBlL1RydWVUeXBlL05hbWUvRjIvQmFzZUZvbnQvQXJpYWwvRW5jb2Rpbmcv V2luQW5zaUVuY29kaW5nL0ZvbnREZXNjcmlwdG9yIDkgMCBSL0ZpcnN0Q2hhciAzMi9MYXN0 Q2hhciAxMjEvV2lkdGhzIDIxMyAwIFI+Pg0KZW5kb2JqDQo5IDAgb2JqDQo8PC9UeXBlL0Zv bnREZXNjcmlwdG9yL0ZvbnROYW1lL0FyaWFsL0ZsYWdzIDMyL0l0YWxpY0FuZ2xlIDAvQXNj ZW50IDkwNS9EZXNjZW50IC0yMTAvQ2FwSGVpZ2h0IDcyOC9BdmdXaWR0aCA0NDEvTWF4V2lk dGggMjY2NS9Gb250V2VpZ2h0IDQwMC9YSGVpZ2h0IDI1MC9MZWFkaW5nIDMzL1N0ZW1WIDQ0 L0ZvbnRCQm94WyAtNjY1IC0yMTAgMjAwMCA3MjhdID4+DQplbmRvYmoNCjEwIDAgb2JqDQo8 PC9UeXBlL1BhZ2UvUGFyZW50IDIgMCBSL1Jlc291cmNlczw8L0ZvbnQ8PC9GMSA1IDAgUi9G MiA4IDAgUi9GMyAxMiAwIFI+Pi9FeHRHU3RhdGU8PC9HUzcgNyAwIFI+Pi9Qcm9jU2V0Wy9Q REYvVGV4dC9JbWFnZUIvSW1hZ2VDL0ltYWdlSV0gPj4vTWVkaWFCb3hbIDAgMCA3MjAgNTQw XSAvQ29udGVudHMgMTEgMCBSL0dyb3VwPDwvVHlwZS9Hcm91cC9TL1RyYW5zcGFyZW5jeS9D Uy9EZXZpY2VSR0I+Pi9UYWJzL1MvU3RydWN0UGFyZW50cyAxPj4NCmVuZG9iag0KMTEgMCBv YmoNCjw8L0ZpbHRlci9GbGF0ZURlY29kZS9MZW5ndGggNzY2Pj4NCnN0cmVhbQ0KeJyNVdtu 2kAQfUfiH+ZxNwrL3m1LkaUEkiiVIvVC1YeoD8YYQgN2CqYpf98ZG1Icx1UffJvb2Tlzdg3D j3BxMbwf3Y1BxjFcjUfws9+TIIWUUmktAwi0BGclbLJ+79sZ5P2egsVrjJReSdsImp/1e5/6 Pbi+HwGcAKgDwNWk3xveKLBWYOZkTgWxGihQygsfgXWh0B4ma0JBqOHtlwAWW/q67fce2Gi1 TJ9+JOnTMl/AEL7ewWeuLMtmG640y7ZbPtAMffw7TD70e9eIV2PqdzC9NML4U8wHBieZrTb0 mzaMFtI3a1ojNJhQCuPeqUiJx0gnhT2NhAGyGjoFk/SBXXZlBV5o3cyTVcYLD1k2heSZW/a8 WuI9RUvCA1bSR5EDH4S1LQey5LMdNyzN0O5Y+ZjhB7xwR0W4Z7stGTZvl3Hs+r2mrRLRselk gTWyHNFKKLnyrEAYg5NJVwi9m2XnFex8w7ViyTqDYgPZGl3TbAZJXuB6WthNNJyde0V7PnYc HDs2dccRQaiAFWtIYLack1jmXCNVtWDqFW6zdLehnHIPs2KdLPMOaK+ccGETXHTFaiP8m4W2 6dSgwiaXkbAWdBAIrzqzOoeg8e7M/yivEXmXd8WGWgTyTfS2QJaQI8MWfKAUo1l6tixJQeuE 6N7DlHRlWTJdZSQAfRAATajIuXLsF2ohI6XhqAHV9u9xa+mEOuJjPfMqKK5kbaCJRixJS3hZ lo9AZfNsS57ajboimaQ8ammk2JVdVEVamCb6oGveUgtlT2PpmDQ2qrZnMe+USSiCsJlWZXTh VHwo70VwWNCB0+DQJ5H7m7gvz4neKe6LPRREFr1uK6Xj7l/Utg2siQfcGns6UomNd5hrCdB0 CVBhO/JwmF5IJbVUYVRf/kYqN44tmpWMg8pbPaLLymHwNRjjheeyu4pdRC76zZh4QGFVnVGs KE5dV77qGfi4Cr2sXZ1FsVAdZWtbVdgcQy+rYlXMlftbnAAlJhgXxu292ybBocn7Bg3tf8of Iv2eMQ0KZW5kc3RyZWFtDQplbmRvYmoNCjEyIDAgb2JqDQo8PC9UeXBlL0ZvbnQvU3VidHlw ZS9UeXBlMC9CYXNlRm9udC9BQkNERUUrQ2FsaWJyaS9FbmNvZGluZy9JZGVudGl0eS1IL0Rl c2NlbmRhbnRGb250cyAxMyAwIFIvVG9Vbmljb2RlIDIwNiAwIFI+Pg0KZW5kb2JqDQoxMyAw IG9iag0KWyAxNCAwIFJdIA0KZW5kb2JqDQoxNCAwIG9iag0KPDwvQmFzZUZvbnQvQUJDREVF K0NhbGlicmkvU3VidHlwZS9DSURGb250VHlwZTIvVHlwZS9Gb250L0NJRFRvR0lETWFwL0lk ZW50aXR5L0RXIDEwMDAvQ0lEU3lzdGVtSW5mbyAxNSAwIFIvRm9udERlc2NyaXB0b3IgMTYg MCBSL1cgMjA4IDAgUj4+DQplbmRvYmoNCjE1IDAgb2JqDQo8PC9PcmRlcmluZyhJZGVudGl0 eSkgL1JlZ2lzdHJ5KEFkb2JlKSAvU3VwcGxlbWVudCAwPj4NCmVuZG9iag0KMTYgMCBvYmoN Cjw8L1R5cGUvRm9udERlc2NyaXB0b3IvRm9udE5hbWUvQUJDREVFK0NhbGlicmkvRmxhZ3Mg MzIvSXRhbGljQW5nbGUgMC9Bc2NlbnQgNzUwL0Rlc2NlbnQgLTI1MC9DYXBIZWlnaHQgNzUw L0F2Z1dpZHRoIDUyMS9NYXhXaWR0aCAxNzQzL0ZvbnRXZWlnaHQgNDAwL1hIZWlnaHQgMjUw L1N0ZW1WIDUyL0ZvbnRCQm94WyAtNTAzIC0yNTAgMTI0MCA3NTBdIC9Gb250RmlsZTIgMjA3 IDAgUj4+DQplbmRvYmoNCjE3IDAgb2JqDQo8PC9UeXBlL1BhZ2UvUGFyZW50IDIgMCBSL1Jl c291cmNlczw8L0ZvbnQ8PC9GMSA1IDAgUi9GMiA4IDAgUi9GNCAxOSAwIFIvRjUgMjQgMCBS L0Y2IDI2IDAgUj4+L0V4dEdTdGF0ZTw8L0dTNyA3IDAgUj4+L1Byb2NTZXRbL1BERi9UZXh0 L0ltYWdlQi9JbWFnZUMvSW1hZ2VJXSA+Pi9NZWRpYUJveFsgMCAwIDcyMCA1NDBdIC9Db250 ZW50cyAxOCAwIFIvR3JvdXA8PC9UeXBlL0dyb3VwL1MvVHJhbnNwYXJlbmN5L0NTL0Rldmlj ZVJHQj4+L1RhYnMvUy9TdHJ1Y3RQYXJlbnRzIDI+Pg0KZW5kb2JqDQoxOCAwIG9iag0KPDwv RmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCA5NTc+Pg0Kc3RyZWFtDQp4nJ1WUW/aSBB+R+I/ zONuVZbd9dprV1GkS5pUrdRLq1LdQ7gHYwxZHdgcBqX59zezNikGW0H3EMXgmW9mv5nvW2D8 Da6uxl9vP38EeX0NNx9v4d/hQIIUUkqltbRgtYTQSNjmw8Ff76AYDhQsX2OkjJQ0raDFu+Hg +3AAd19vAY4KqKbAzWQ4GN8rMEZg5mRBgIgGCqJExHEMJlIijmCypipYavzph4VlRZ8+DQeP bMKNZM88YSXsXjZ5xUcBg3IBPGDZlivLyqrif8Pky3Bwh7Wo3qFCkMQi1McVHtmoJ9YoJZKo HVtu3dIVwEeard0vVyw/nCSP73XXwUJDGC0oOMo840q3uNKg4haeCYTGs+gL0YIWmoFAnzZo E6E1vgiRHlVDXkl5o65PT6c6kpNIJHE7GWcUGYbDSFhaVNkKR7OvHDesLHrY1iGi2GMQGOGG RZGFSfbIPsAZ0WFHK9oGQrVRpM9/+DmBh3v4ccste/h2dwYWdYCZyIgwaZ/rvA0s2s2ltiI5 pLli5Yp83nN2ZUIRxu2M00KvsaFEttuxGY+JWKXZjivJ8gI/74BH7PnJZU8wy2lffdA6r+j7 TbrF9ziNBeyecq8f/LZK1z4SnrlSLJ/1tdAcUCeJUIcWqjzbbwnI7V4ApbnZuiIjMLdJV8BD NmW9g0d6gzaaWy/7ohMjrG1Hv6fmF1zLAwnvIcfDeS4yMeV9+paS5tqC6hpv78LrSAsbXCJA c6kA8U8Ewf8U4HEyu0fxxSxduwK1t+wbpZaJsPFxpledtMZ42Yx7E3UiTNJKrIV2t55hwXw+ rwtfqFvyMmPbJ/j8Z59cD1mh0iTQVla3QIXsFqlKAmEOHjp3lV8f3FxUB0pghhyGrETheEVU 6Pe4V5DRYtGqBY3e6OkXH0VsV+EuYrTbPdH/uVtQHq5myPItRaE0E5ImCsMrxqslrtVCSqku 9xeF7hQdWp82N1M15UAtpcUc8gILB/iCq4hlXuVzaHSqa50aNiv3xTzdOvSFKXMLf316GwhI Vtj8ZrWvcXtmQFdbctLNG8ahgrD74uqKlRYvgSb2D669rMOa99QbzD/0iLxR41tX5TDf1462 o/ZLIB+ih/Vm9eoKOVmUq0rc0FVKE3FlAakfPnkJemLX2p7MITRKGN3u8GeVe3bfOBVKrtnx gnqre/L2uWgOhgvz9iaoKBT2CK33zrAKBfA7booLR4fNK+/3BdWsGW24oC2KiBq8v19wP7G3 8585J80E6IaxeruZhgITC9MV6r3zPysOQGENCmVuZHN0cmVhbQ0KZW5kb2JqDQoxOSAwIG9i ag0KPDwvVHlwZS9Gb250L1N1YnR5cGUvVHlwZTAvQmFzZUZvbnQvQXJpYWwvRW5jb2Rpbmcv SWRlbnRpdHktSC9EZXNjZW5kYW50Rm9udHMgMjAgMCBSL1RvVW5pY29kZSAyMTAgMCBSPj4N CmVuZG9iag0KMjAgMCBvYmoNClsgMjEgMCBSXSANCmVuZG9iag0KMjEgMCBvYmoNCjw8L0Jh c2VGb250L0FyaWFsL1N1YnR5cGUvQ0lERm9udFR5cGUyL1R5cGUvRm9udC9DSURUb0dJRE1h cC9JZGVudGl0eS9EVyAxMDAwL0NJRFN5c3RlbUluZm8gMjIgMCBSL0ZvbnREZXNjcmlwdG9y IDIzIDAgUi9XIDIxMiAwIFI+Pg0KZW5kb2JqDQoyMiAwIG9iag0KPDwvT3JkZXJpbmcoSWRl bnRpdHkpIC9SZWdpc3RyeShBZG9iZSkgL1N1cHBsZW1lbnQgMD4+DQplbmRvYmoNCjIzIDAg b2JqDQo8PC9UeXBlL0ZvbnREZXNjcmlwdG9yL0ZvbnROYW1lL0FyaWFsL0ZsYWdzIDMyL0l0 YWxpY0FuZ2xlIDAvQXNjZW50IDkwNS9EZXNjZW50IC0yMTAvQ2FwSGVpZ2h0IDcyOC9BdmdX aWR0aCA0NDEvTWF4V2lkdGggMjY2NS9Gb250V2VpZ2h0IDQwMC9YSGVpZ2h0IDI1MC9MZWFk aW5nIDMzL1N0ZW1WIDQ0L0ZvbnRCQm94WyAtNjY1IC0yMTAgMjAwMCA3MjhdIC9Gb250Rmls ZTIgMjExIDAgUj4+DQplbmRvYmoNCjI0IDAgb2JqDQo8PC9UeXBlL0ZvbnQvU3VidHlwZS9U cnVlVHlwZS9OYW1lL0Y1L0Jhc2VGb250L0FCQ0RFRStDYWxpYnJpLEl0YWxpYy9FbmNvZGlu Zy9XaW5BbnNpRW5jb2RpbmcvRm9udERlc2NyaXB0b3IgMjUgMCBSL0ZpcnN0Q2hhciAzMi9M YXN0Q2hhciAxMjEvV2lkdGhzIDIxNCAwIFI+Pg0KZW5kb2JqDQoyNSAwIG9iag0KPDwvVHlw ZS9Gb250RGVzY3JpcHRvci9Gb250TmFtZS9BQkNERUUrQ2FsaWJyaSxJdGFsaWMvRmxhZ3Mg MzIvSXRhbGljQW5nbGUgLTExL0FzY2VudCA3NTAvRGVzY2VudCAtMjUwL0NhcEhlaWdodCA3 NTAvQXZnV2lkdGggNTIxL01heFdpZHRoIDE5ODQvRm9udFdlaWdodCA0MDAvWEhlaWdodCAy NTAvU3RlbVYgNTIvRm9udEJCb3hbIC03MjUgLTI1MCAxMjYwIDc1MF0gL0ZvbnRGaWxlMiAy MTUgMCBSPj4NCmVuZG9iag0KMjYgMCBvYmoNCjw8L1R5cGUvRm9udC9TdWJ0eXBlL1RydWVU eXBlL05hbWUvRjYvQmFzZUZvbnQvQXJpYWwsSXRhbGljL0VuY29kaW5nL1dpbkFuc2lFbmNv ZGluZy9Gb250RGVzY3JpcHRvciAyNyAwIFIvRmlyc3RDaGFyIDMyL0xhc3RDaGFyIDMyL1dp ZHRocyAyMTYgMCBSPj4NCmVuZG9iag0KMjcgMCBvYmoNCjw8L1R5cGUvRm9udERlc2NyaXB0 b3IvRm9udE5hbWUvQXJpYWwsSXRhbGljL0ZsYWdzIDMyL0l0YWxpY0FuZ2xlIC0xMi9Bc2Nl bnQgOTA1L0Rlc2NlbnQgLTIwOC9DYXBIZWlnaHQgNzI4L0F2Z1dpZHRoIDQ0MS9NYXhXaWR0 aCAxODc2L0ZvbnRXZWlnaHQgNDAwL1hIZWlnaHQgMjUwL0xlYWRpbmcgMzMvU3RlbVYgNDQv Rm9udEJCb3hbIC01MTcgLTIwOCAxMzU5IDcyOF0gPj4NCmVuZG9iag0KMjggMCBvYmoNCjw8 L1R5cGUvUGFnZS9QYXJlbnQgMiAwIFIvUmVzb3VyY2VzPDwvRm9udDw8L0YxIDUgMCBSL0Yy IDggMCBSL0Y0IDE5IDAgUi9GNSAyNCAwIFIvRjMgMTIgMCBSPj4vRXh0R1N0YXRlPDwvR1M3 IDcgMCBSPj4vUHJvY1NldFsvUERGL1RleHQvSW1hZ2VCL0ltYWdlQy9JbWFnZUldID4+L01l ZGlhQm94WyAwIDAgNzIwIDU0MF0gL0NvbnRlbnRzIDI5IDAgUi9Hcm91cDw8L1R5cGUvR3Jv dXAvUy9UcmFuc3BhcmVuY3kvQ1MvRGV2aWNlUkdCPj4vVGFicy9TL1N0cnVjdFBhcmVudHMg Mz4+DQplbmRvYmoNCjI5IDAgb2JqDQo8PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDg3 OT4+DQpzdHJlYW0NCnicnVbLbts4FN0b8D/cJVk0NC8fegyCAJNHixbIYIqmmEUxC1mmHQG2 mLGkOPn7XspJatl0x+jKEs37OufwUDD5G87PJ7dXn65BXlzA5fUV/DceSZBCSolKyRRSJcEa CWs3Hv3zDurxCGHxtkfKBKUZbJq/G4++jEdwc3sFsFMAXwpc3o1Hkw8IxgiKvJuHhJQNEFAb oTUYmwmVwN0qVKFSk49fU1g04e3jePSdXVdzjsjmVdktW3hYczTMT5duBS1HxTw0/Ix+lo8c JXP8X7j7PB7dUNVtZRWpbDMrkt3C3xnsBB7MogazGNBKyGSY0mihQGdSaLvNeC5lll7sd4Ox WGuEyQbB7FvDDXNr4An7VIfBaFZNC3OuFCtKByXPma959vIHR8ue+JlhLXDNVhVFP1X1AsJS 1dASHABjo2OkUiAOe5lyy55h5ppqUR9kiQ+UK2HNMMt+Az/35iLfm76oZ9S5ZsWxrmPYGxQp viQIza4LEslhAowkwCQTqRmmCEJLmH9w6/YZ/DxA2N4HUmBDeLgpdC8UFQtiwfVUHFZTkWo2 QyH3Gv6l/PSe/FQq8mSQMs2FUjSATIXO3/R3iRH9HQbnRmR7wezmiSvJSvfAg6Q2964mQiyr IiPqSEpFgErc6wfttcScjCZNLsy51PaSXv88qUWNiVB22GIMbKSyaoh2lgvMCLNMCXMS2iZy 2CN6UyYL7vW/Zz121Hdj2V8euprkVaymFf0sOt81BDZZ2zy8ExEktwYefNNUU6KDRF2QLbQk R9fboWV+64QlLfvlsYO27VrSaXut7NcwpfiU+U2wmCaUI88oScpkLemhtfSKL7t11dLD89FC xEKih6VWfuaWxxxAosB8uD9O7pCFXBhDizrYxwm82tN4RcqbJL/H624s3VuPgRVHCOdbbMlI Ao5+vusd5tU7JsFiuoZWex7erD14PvaeTw/kNEVgpuuvQdf8cZLjJCmBNOzul1AlpxoOohXa /Kbh7AazWz8rSLpnKXskFTeCHhO26pbktW11RDiKLiurh3nOju7NhbTDvZuqnhH+nuDe8Myw 9+HYpaRVYmG/lTbct115H/ZkrP/W8BVxQmcocsWEmTMTQ4y837zKtWh6WTSByjY8bT9h+gqh nivvax8Q8IvKNRGmI2W0MgGT3TIHVP8ArowhOA0KZW5kc3RyZWFtDQplbmRvYmoNCjMwIDAg b2JqDQo8PC9UeXBlL1BhZ2UvUGFyZW50IDIgMCBSL1Jlc291cmNlczw8L0ZvbnQ8PC9GMSA1 IDAgUi9GMiA4IDAgUi9GNCAxOSAwIFIvRjUgMjQgMCBSL0YzIDEyIDAgUj4+L0V4dEdTdGF0 ZTw8L0dTNyA3IDAgUj4+L1Byb2NTZXRbL1BERi9UZXh0L0ltYWdlQi9JbWFnZUMvSW1hZ2VJ XSA+Pi9NZWRpYUJveFsgMCAwIDcyMCA1NDBdIC9Db250ZW50cyAzMSAwIFIvR3JvdXA8PC9U eXBlL0dyb3VwL1MvVHJhbnNwYXJlbmN5L0NTL0RldmljZVJHQj4+L1RhYnMvUy9TdHJ1Y3RQ YXJlbnRzIDQ+Pg0KZW5kb2JqDQozMSAwIG9iag0KPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0xl bmd0aCAxMDgzPj4NCnN0cmVhbQ0KeJydV9tuGzcQfRegf+AjmUYUh9fdQhCgq+MijtrERVrI eVDktSxUXim6IPDfd7grO+JeFCEP9i65c87MHA6HFGn/STqd9s3gekhEt0v6wwH51mwIIrgQ AqQUjjgpiNGCbJNm4/MbkjYbQBavNkJYEDowenjTbPzVbJDRzYCQEwdwdNC/bTbaYyBac0Te PnhCZCNArOJWR0SbiEtLbp+8F3TVvvrkyGLnR1fNxpTe0VWyYFLQ2fz5jpF/2Bdy+0ezMUJe z/3CJpXmLj5lm9JWna1GIxXajrcMIjp7SmowygJXl9Erh6Ho0HayYZrul+t0R1hL0nfJ7N4/ k22Boz2WVVIZy7UMGckJsqS+DNTXREkubMipFZdERYID5IwdISLXLYYDVVijOa7cKZgORx+Y of8ykJq+zXL8xCzt3WDaIwaWTj5eXzFFrz+w/Lul0957fH/PpKITBkA/18ippeORC73VSa+V 4w5C2/FHBoJObr5USF2VG7qLTUhxVmtV0NrjbUDpYi4lLoI23JhXsftQIXYZHGseFcC0t1rV CABS+doLrOvEAswey+nE1u9yaTDr+ZSui6X5CsNiDF3gtEfU+rGm4GdK0/X+cZkuSMWalCWQ JuaRCQnOLokuLgkEfAAYEC4+SA7x+eIvBwMGimD69y4pZvIauxB+6wbmc+bobJf4VmDo98fl /LGsg6lwrTTwWIVc2+TbYblNcGtlbA/b2RPqWqKrysRA7HkCuro0jMy0L6eR4kqiZ00PZQ1e 3Ea6SkHpIq7UkQurAdvHrs49xBhqiNisV9g+lvNn/J+lfkcTzloxXfA6FiUj7lRIs/J+/2NK 0OQt+Q3q+oqIuHUh8o7VFG8hXQ3OaxZgq+oeonJ/lgYPyYu6kKno+BUNX+Kay5/UfBma9/tT LO0f9lhznNc0VV3acNqGBGezsT8/v45NFbBPR/Z8U61AxzZbp1M07fkzeoMFobG08S6A5b33 g3WK9YXjw/7Rj/CiEPtKbSmaJsk9efIzmmL1G7rIPs7Sg6/N2Xa5x7nn3y87eKxxflsEIZ0V yV3U5UBbrn6xyZ1gszPH0DUu+ncW5Wc4ppje58/Nxmf8jANHN1t/XVvvUcNk/nLncXT5QDbr 3c7vt6/euHjTqu79JlZcRUEkZ0WJLhMF+5j7VVF+YOkk9aLkac9QIJULRHzZHNP9iq8rLI4W XnH2LKZrMvOl4wUztYJdJI3FnmxtEM9ZaeKSNHjalzcqpoh7S0Tn5FFn+noINr0u2I4AGAmI YgFuiM9BV+NU3BPKGPxRobot5U16+WdnuzhUpp+ZZJ8B8LsYC7DjrunkZoC/WezgB4WfNzgv Iw/HqQwOxv8NM4fO4iuiYnHCasdHr8OMLsehUd/kQYo8bqTwDrxTc7TuG/+5pE3lIWBNtqtP tLn4DMDmq6r6QXjv5VlPcbWN43/069eJDQplbmRzdHJlYW0NCmVuZG9iag0KMzIgMCBvYmoN Cjw8L1R5cGUvUGFnZS9QYXJlbnQgMiAwIFIvUmVzb3VyY2VzPDwvRm9udDw8L0YzIDEyIDAg Ui9GMSA1IDAgUi9GMiA4IDAgUi9GNCAxOSAwIFIvRjUgMjQgMCBSPj4vRXh0R1N0YXRlPDwv R1M3IDcgMCBSPj4vUHJvY1NldFsvUERGL1RleHQvSW1hZ2VCL0ltYWdlQy9JbWFnZUldID4+ L0Fubm90c1sgMzQgMCBSIDM1IDAgUiAzNiAwIFIgMzcgMCBSIDM4IDAgUiAzOSAwIFIgNDAg MCBSIDQxIDAgUiA0MiAwIFIgNDMgMCBSIDQ0IDAgUl0gL01lZGlhQm94WyAwIDAgNzIwIDU0 MF0gL0NvbnRlbnRzIDMzIDAgUi9Hcm91cDw8L1R5cGUvR3JvdXAvUy9UcmFuc3BhcmVuY3kv Q1MvRGV2aWNlUkdCPj4vVGFicy9TL1N0cnVjdFBhcmVudHMgNT4+DQplbmRvYmoNCjMzIDAg b2JqDQo8PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDEyNjA+Pg0Kc3RyZWFtDQp4nJ1W W2/bNhR+N+D/wEeymGneSQ2BgSZNiw7o0C0Z8hDsQZMV25hteZbSwP9+h7rYkky5bh8Cmcy5 n+98PGj6Fd3cTL/cff6A2GyGbj/cof/GI4YYZYxxIZhFVjCkFUP7dDx6eoe24xFHi6MMY4Yz 1RF6eTce/TEeofsvdwi1HPDawe3jeDT9KJGMaGTQ44s3CNYQR8ZRKRxSRlHp0OPGewFX008P Fi1yf/o0Hj3fMKnvwa9jTHyEACRjcOZMzPQNxOxmQsKX388MfKL3jN/Z2URyr1aJ8whyc5GX gT+fg5z9jR5/G4/uIbQqPB4IT0pHnWmH94xXW/REZITTf97vdg9kInCaIES65hoDOuJUdgyg CaNaKPSYPOOnT6QfhQgVSXNqRMcIK/XbXuviP+zi7bH+olN/joTtm1aKCgmmmaBC1PX39/tF 8+tP3wC8JJzhgnCJi92vROHpdP6NcI2TnEw0pkRK/CbJRGGa7QkXeEEmEqT8zdL/ltXv1zzd D1RKakNVO5BnPBkShUJEoiu72pbBEejL/oUIieME3OJ0wIQyuizpNe6UhSKZrmweE4nBjwEP CheH6Z4IjWNi8dsgEjQVetjjqe6+JwAQGUUUPiDInaLMNRfr8UgKSSPVulBG0raAYZIaE7qw VLQV6uPRYH0+emzEm5Dq87Ka+U6VKiRJP9G6h6Rn/LJaE43TabHaefRcwAF3MB+ubWe4MzDS lHdFfxAHAixc6UxEjirVle3DgBiL6RKcF5v1+WyeiFG2BvNYQN8D0y3gomFA3CcYzxSBcZas 7GM7RnQRZDAHFcYso9bVZ+iwgFZLdTqX0Z0fpWe3tnhzcbTXXBwdNhctDPlkuAsRk1SAW3mq RpDzTnVVHcIDb4LCUxWyyyKq6wrdMOZs6Dk4U9aaat5VPmvMkbQFtX3Zv3KASzqkwTk8Nrar cZdtiauINy1/IU+jD2nyul8VBwSg+0p4hLP1KjmgJRzTeJ7uUeG5OUMe+QlwEhiB8zfP4Skc D+dg0mW2JlgrAa10UZPCZ0hhKAMYXc57CrtsDRoQ3plPHvLJocZAth0TgwXzNe6Kxtv5lckJ 7rmjo1y8QqRbYBCFF1A7zvFyVVauyK8LXlpJ9ZXBS8dpv1ZlnzNULFPkGXJwqYApZz038QIa CxAB6gntFOex+hdBy8uxhqeggQX8x8rvZAmbi7okezbBOjDBYVjyCNah70+wCY5wSxn/DuMx ADAYRZjItvDgUwRwsrwjus32GwCUXwqKFWCqmr+hSgkDhKk6BspNKk1g7LPNJvXYnMflHuat ZdsclR+0zN78rxo8P9JCP2ywFdQI2u3Wh5Iy8tdkiRrntnR+8ixLzzExwEVHoAL6opqgBtDX A59W1Nqu/4uwMD1YnD99wD1lSoL7h6iBxS0PwOJcGXYz11PGD0lVgnSbe2LNPPVCCaqK7OK9 L0VedmHCTblxZGjuu1QuH0mBMtJw7n4NBmLPJAcCrJL/EuqSj8qpUE7OUuVOmIA9apflK7Be tyOdg3kfxontWRXF1rsLtSTgTMLzAw9029nFlthrW6Jh1XQ/2ZGWLr6rHpJ/yyewWPnZOnK1 wZs0zl+r6mzqvM9ZO7gzwUZuu54u5u2uzVvA52fzbuniew/DcroTelVGXFrKVcdGaH2EfjMR 5IWJosqooWL8D3FVUrINCmVuZHN0cmVhbQ0KZW5kb2JqDQozNCAwIG9iag0KPDwvU3VidHlw ZS9MaW5rL1JlY3RbIDQ0LjIzMiAzOTQuNjMgMzU2LjQgNDI4Ljg2XSAvQlM8PC9XIDA+Pi9G IDQvQTw8L1R5cGUvQWN0aW9uL1MvVVJJL1VSSShodHRwOi8vZHZjcy53My5vcmcvaGcvdXNl ci1pbnRlcmZhY2Utc2FmZXR5L3Jhdy1maWxlL3RpcC91c2VyLWludGVyZmFjZS1zYWZldHku aHRtbCkgPj4vU3RydWN0UGFyZW50IDY+Pg0KZW5kb2JqDQozNSAwIG9iag0KPDwvU3VidHlw ZS9MaW5rL1JlY3RbIDM1Ni40IDM5NC42MyAzNjQuOTIgNDI4Ljg2XSAvQlM8PC9XIDA+Pi9G IDQvQTw8L1R5cGUvQWN0aW9uL1MvVVJJL1VSSShodHRwOi8vZHZjcy53My5vcmcvaGcvdXNl ci1pbnRlcmZhY2Utc2FmZXR5L3Jhdy1maWxlL3RpcC91c2VyLWludGVyZmFjZS1zYWZldHku aHRtbCkgPj4vU3RydWN0UGFyZW50IDc+Pg0KZW5kb2JqDQozNiAwIG9iag0KPDwvU3VidHlw ZS9MaW5rL1JlY3RbIDM2NC45MiAzOTQuNjMgNDY1LjYyIDQyOC44Nl0gL0JTPDwvVyAwPj4v RiA0L0E8PC9UeXBlL0FjdGlvbi9TL1VSSS9VUkkoaHR0cDovL2R2Y3MudzMub3JnL2hnL3Vz ZXItaW50ZXJmYWNlLXNhZmV0eS9yYXctZmlsZS90aXAvdXNlci1pbnRlcmZhY2Utc2FmZXR5 Lmh0bWwpID4+L1N0cnVjdFBhcmVudCA4Pj4NCmVuZG9iag0KMzcgMCBvYmoNCjw8L1N1YnR5 cGUvTGluay9SZWN0WyA0NjUuNjIgMzk0LjYzIDQ3NC4yNiA0MjguODZdIC9CUzw8L1cgMD4+ L0YgNC9BPDwvVHlwZS9BY3Rpb24vUy9VUkkvVVJJKGh0dHA6Ly9kdmNzLnczLm9yZy9oZy91 c2VyLWludGVyZmFjZS1zYWZldHkvcmF3LWZpbGUvdGlwL3VzZXItaW50ZXJmYWNlLXNhZmV0 eS5odG1sKSA+Pi9TdHJ1Y3RQYXJlbnQgOT4+DQplbmRvYmoNCjM4IDAgb2JqDQo8PC9TdWJ0 eXBlL0xpbmsvUmVjdFsgNDc0LjI2IDM5NC42MyA1OTUuMjUgNDI4Ljg2XSAvQlM8PC9XIDA+ Pi9GIDQvQTw8L1R5cGUvQWN0aW9uL1MvVVJJL1VSSShodHRwOi8vZHZjcy53My5vcmcvaGcv dXNlci1pbnRlcmZhY2Utc2FmZXR5L3Jhdy1maWxlL3RpcC91c2VyLWludGVyZmFjZS1zYWZl dHkuaHRtbCkgPj4vU3RydWN0UGFyZW50IDEwPj4NCmVuZG9iag0KMzkgMCBvYmoNCjw8L1N1 YnR5cGUvTGluay9SZWN0WyA1OTUuMjUgMzk0LjYzIDYwMy43NyA0MjguODZdIC9CUzw8L1cg MD4+L0YgNC9BPDwvVHlwZS9BY3Rpb24vUy9VUkkvVVJJKGh0dHA6Ly9kdmNzLnczLm9yZy9o Zy91c2VyLWludGVyZmFjZS1zYWZldHkvcmF3LWZpbGUvdGlwL3VzZXItaW50ZXJmYWNlLXNh ZmV0eS5odG1sKSA+Pi9TdHJ1Y3RQYXJlbnQgMTE+Pg0KZW5kb2JqDQo0MCAwIG9iag0KPDwv U3VidHlwZS9MaW5rL1JlY3RbIDQ0LjIzMiAzNjAuNzkgMTgwLjU4IDM5NC45OV0gL0JTPDwv VyAwPj4vRiA0L0E8PC9UeXBlL0FjdGlvbi9TL1VSSS9VUkkoaHR0cDovL2R2Y3MudzMub3Jn L2hnL3VzZXItaW50ZXJmYWNlLXNhZmV0eS9yYXctZmlsZS90aXAvdXNlci1pbnRlcmZhY2Ut c2FmZXR5Lmh0bWwpID4+L1N0cnVjdFBhcmVudCAxMj4+DQplbmRvYmoNCjQxIDAgb2JqDQo8 PC9TdWJ0eXBlL0xpbmsvUmVjdFsgMTgwLjU4IDM2MC43OSAxODkuMSAzOTQuOTldIC9CUzw8 L1cgMD4+L0YgNC9BPDwvVHlwZS9BY3Rpb24vUy9VUkkvVVJJKGh0dHA6Ly9kdmNzLnczLm9y Zy9oZy91c2VyLWludGVyZmFjZS1zYWZldHkvcmF3LWZpbGUvdGlwL3VzZXItaW50ZXJmYWNl LXNhZmV0eS5odG1sKSA+Pi9TdHJ1Y3RQYXJlbnQgMTM+Pg0KZW5kb2JqDQo0MiAwIG9iag0K PDwvU3VidHlwZS9MaW5rL1JlY3RbIDE4OS4xIDM2MC43OSAyODkuOCAzOTQuOTldIC9CUzw8 L1cgMD4+L0YgNC9BPDwvVHlwZS9BY3Rpb24vUy9VUkkvVVJJKGh0dHA6Ly9kdmNzLnczLm9y Zy9oZy91c2VyLWludGVyZmFjZS1zYWZldHkvcmF3LWZpbGUvdGlwL3VzZXItaW50ZXJmYWNl LXNhZmV0eS5odG1sKSA+Pi9TdHJ1Y3RQYXJlbnQgMTQ+Pg0KZW5kb2JqDQo0MyAwIG9iag0K PDwvU3VidHlwZS9MaW5rL1JlY3RbIDI4OS44IDM2MC43OSAyOTguNDQgMzk0Ljk5XSAvQlM8 PC9XIDA+Pi9GIDQvQTw8L1R5cGUvQWN0aW9uL1MvVVJJL1VSSShodHRwOi8vZHZjcy53My5v cmcvaGcvdXNlci1pbnRlcmZhY2Utc2FmZXR5L3Jhdy1maWxlL3RpcC91c2VyLWludGVyZmFj ZS1zYWZldHkuaHRtbCkgPj4vU3RydWN0UGFyZW50IDE1Pj4NCmVuZG9iag0KNDQgMCBvYmoN Cjw8L1N1YnR5cGUvTGluay9SZWN0WyAyOTguNDQgMzYwLjc5IDQyMy45OCAzOTQuOTldIC9C Uzw8L1cgMD4+L0YgNC9BPDwvVHlwZS9BY3Rpb24vUy9VUkkvVVJJKGh0dHA6Ly9kdmNzLncz Lm9yZy9oZy91c2VyLWludGVyZmFjZS1zYWZldHkvcmF3LWZpbGUvdGlwL3VzZXItaW50ZXJm YWNlLXNhZmV0eS5odG1sKSA+Pi9TdHJ1Y3RQYXJlbnQgMTY+Pg0KZW5kb2JqDQo0NSAwIG9i ag0KPDwvVHlwZS9QYWdlL1BhcmVudCAyIDAgUi9SZXNvdXJjZXM8PC9Gb250PDwvRjEgNSAw IFIvRjMgMTIgMCBSL0YyIDggMCBSPj4vRXh0R1N0YXRlPDwvR1M3IDcgMCBSPj4vUHJvY1Nl dFsvUERGL1RleHQvSW1hZ2VCL0ltYWdlQy9JbWFnZUldID4+L01lZGlhQm94WyAwIDAgNzIw IDU0MF0gL0NvbnRlbnRzIDQ2IDAgUi9Hcm91cDw8L1R5cGUvR3JvdXAvUy9UcmFuc3BhcmVu Y3kvQ1MvRGV2aWNlUkdCPj4vVGFicy9TL1N0cnVjdFBhcmVudHMgMTc+Pg0KZW5kb2JqDQo0 NiAwIG9iag0KPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCA4MDY+Pg0Kc3RyZWFtDQp4 nJVVXWvbMBR9D+Q/3LdJY1F19WHLYAxNmpQNChsr9GHswUuV1KyxvThb2b/flZyEpnHH9hAU Xd0v3XN0DBcfIc8vbmbvr0AWBUyvZvBjPJIghZQSlZIppEqCNRK2fjy6ewv1eISwPvpImaA0 J06rt+PRp/EI5jczgGcFcF9gejseXSwQtBIyMXC7ChkpHSAYFDZToG0mkE42oQzVurj+nMK6 C7vr8egLW2w5WtZsYMcte/DwxFPmvwFPWNm2j9ywaskzVpJ1V9GuqYFPHGspKmUN1+xXde+3 tL7pgH+F2w/j0Zx6et7XcFtKihRjW19YSxmUZF3rlztKVf3iqJh/d55QDySkuQo8yZdLbefF aezRm/yseeGOykl0s0Ih/ZdKYmol4pwA0fT/is6ywtJRdinRXhU6761pQibysYveU6piovLe jpfBVkxMTqg6KVXvI+08+iWxaKFcHgoVZp98lh4yxX4Q80MfxX/MVjkl9HG25XYHzQpK6Kp6 /Ujj9YSgZduqIzi/Axk2ZV2uuWN+42vCekfnhrXNY7X8DWVPj5/1/WvwDtNOGS1ctu/hoaFS T8Qw84xhP2nX+S3QQtXJtK996Acl88SpiWa7B0/Wf2PDoby0QtkjvnGeWf9LFhHEMHKURRpP 43KOrrbTwmZ5RDmiGdymNu4DLoRRtIdcNoYUKGOmAnV+dIlIH6iFfai27gxSNXAfnTlhT+8z MAkF6IbGgGkmbPpq2N8ARGOFSfah101FCNTryJwVV6QDWz5R7IkjskCRhN2/g2oHmzI85N+0 fuc6IaoRdrBpOo4EI3S+DqQjayTVfwkGykQ4te/n3hNdV7EnD9+a3UNsbE9ZqtBWfum7QJqq jtSh09BJV258YFhQGjEwxfPqluaf4Gn1f5+/Q9Je89cwIdXgfUm27VDBs0+BOvkUaDDm5R2Q 3mJqwDhLxZ5J5JAy9WRNelmyR1kiYXP5QemieoUnEJ5T4DjG5yF1Nu1TpSYKoZ4vwofvFfkK fSYvpTwTKgGjUTi9v/sd15bk4rJtP/slkE7AXZCG64FhDmS0KIV7kfFsmn8Aii6jMA0KZW5k c3RyZWFtDQplbmRvYmoNCjQ3IDAgb2JqDQo8PC9UeXBlL1BhZ2UvUGFyZW50IDIgMCBSL1Jl c291cmNlczw8L0ZvbnQ8PC9GMyAxMiAwIFIvRjEgNSAwIFIvRjIgOCAwIFI+Pi9FeHRHU3Rh dGU8PC9HUzcgNyAwIFI+Pi9Qcm9jU2V0Wy9QREYvVGV4dC9JbWFnZUIvSW1hZ2VDL0ltYWdl SV0gPj4vTWVkaWFCb3hbIDAgMCA3MjAgNTQwXSAvQ29udGVudHMgNDggMCBSL0dyb3VwPDwv VHlwZS9Hcm91cC9TL1RyYW5zcGFyZW5jeS9DUy9EZXZpY2VSR0I+Pi9UYWJzL1MvU3RydWN0 UGFyZW50cyAxOD4+DQplbmRvYmoNCjQ4IDAgb2JqDQo8PC9GaWx0ZXIvRmxhdGVEZWNvZGUv TGVuZ3RoIDM2MT4+DQpzdHJlYW0NCnicbZJNa8MwDIbvBv8HHdvCHEm2Y2cEQ5u0ZYPCxgI7 lB1GaUsP6z66/8/sJNuaracosvw+ekIgu4OyzFbVTQ0YAszqCt6lQECFiMSMDhwjWIPwsZXi cQJHKQj2PzOIOaEZDO0mUtxLAfNVBXAGoB4wa6TIFhqMUZgbaHYpMcYBQWGU8R60J8UMzUvC RFa2fHCwP6W3pRTrMlINEk2RKgxkSyRkJJcHF8tiGoj6lsXgY0nz2E676mDOJlydWvFpU90e VdHa1ikrXW6PtY232SP5KpD/Ztk2NSU+QXMrxTxKnYsNvaxXOo9e7JXpvNYdn3yR9knQlu96 doHhSpeRvehWZB/Y9ibIvSfSzHZr6aFk/k+yTYsxiNEGrQtXXLbJmPsERl78jtkOkkIT17Th wfbMyl3UpgvabEjlGthZxbrTHp3etpvD7rAZF6PnsR99Hl6P1+O/YXwhzLj4EXkYBmc32//t C2c8khENCmVuZHN0cmVhbQ0KZW5kb2JqDQo0OSAwIG9iag0KPDwvVHlwZS9QYWdlL1BhcmVu dCAyIDAgUi9SZXNvdXJjZXM8PC9Gb250PDwvRjQgMTkgMCBSL0YyIDggMCBSL0YxIDUgMCBS Pj4vRXh0R1N0YXRlPDwvR1M3IDcgMCBSPj4vUHJvY1NldFsvUERGL1RleHQvSW1hZ2VCL0lt YWdlQy9JbWFnZUldID4+L01lZGlhQm94WyAwIDAgNzIwIDU0MF0gL0NvbnRlbnRzIDUwIDAg Ui9Hcm91cDw8L1R5cGUvR3JvdXAvUy9UcmFuc3BhcmVuY3kvQ1MvRGV2aWNlUkdCPj4vVGFi cy9TL1N0cnVjdFBhcmVudHMgMTk+Pg0KZW5kb2JqDQo1MCAwIG9iag0KPDwvRmlsdGVyL0Zs YXRlRGVjb2RlL0xlbmd0aCA4NTg+Pg0Kc3RyZWFtDQp4nI1V227bMAx9D5B/4KM8LIpuvgGF gSW9YAOKbWiBDRj24CZKaiyxXdtBl78fKTlt3SbbHpyIMslzSPHIMP0CZ2fT6/nHcxBZBrPz OTyMRwIEF0JIpUQMsRIQGgGNHY++vYNyPJKwfvIRIpLCDJxW78ajr+MRXFzPAV4AyB5gdjse TS8NKAO3K8qGqUCC0VyBjhRPQ7jdEgCiTK9uYli3ZF2NRz/OhFBzIUyaTTSuhc4S/Jvp560w xLXBf5FNFNomcW4pvVL4oGsY4/ac7MxFSHwizGKc5ySmqA/e3cwz07vQFr2mTCbtsyFY+KEH JOCYfJ7DIm8SF30gkHpOJs76CibRmedEr8ldRS5aY7TWmTIv3HTiG4C27l2McUvT5w1jX3c4 z+KQIi+d90+4/TQeXWDnfffV8e5rw6Xv/g+W13WgGQSTiOW77r5qWljkJTw2RWdxV7GqtORQ V5siMGyxx00pWVcBbf8OQlY3tm19gs0GbQiGNIbYIuT6gL1qgolm+bYo11O7vbPLJSIUJeZd E0rIGvuwK9Bs7Jao2LJr34OLKZcH1lXdFRUaZb7B6I3jZ1i7c3U506D7a1K+N1wc64+KIx7q nuP3S8z6GWr8rQigWOwPyKuqAdqya9zJXWc027UWtxrXupxeWKqna/mprkjBpRxiHid7hKiJ eXw66Lj2lEx42gcdFxqO+Ksh7gf8MHRugt30GvO0JHkqjNAYrowLECr590iqRHAdD2ixyb9r UUnCjXxdjVakJnxiX5mzpZeQVz5ynnkpJZ5+L1GnqjALzbOaXE+c6Kl4PVCy2076W2b24p6I Tgrx+LDJFM+/L3u7azvIaYofUUf5vnUTZX8HMav97BW437mhVoJ196gVw35BfkcC2HUkUlw8 jSjqdFFt7yiozGkKi4oC/JtNhcu10/T/zpuMJD8cUb5oKpR9RwwfCR6ceFcBElvZBqXqlNfW dkEYq2KRO3jNnIQTtrQrJ3W7RDP1sod2U5Bm7l2Nf7lGpFb8cIssCVQeQDvbkPS2JwWnBH57 zCDDS6g33zM1+J4hPh7ksDdSah6lYMKEq6hPeVNs6w0Sw+7s8fI4QSVJuYqHgXjN4k2yCPCE 6Ojw3CJ/bm+P6C2TSERcR8OEb4r7A0BcwWANCmVuZHN0cmVhbQ0KZW5kb2JqDQo1MSAwIG9i ag0KPDwvVHlwZS9QYWdlL1BhcmVudCAyIDAgUi9SZXNvdXJjZXM8PC9Gb250PDwvRjEgNSAw IFIvRjIgOCAwIFIvRjQgMTkgMCBSL0YzIDEyIDAgUi9GNSAyNCAwIFI+Pi9FeHRHU3RhdGU8 PC9HUzcgNyAwIFI+Pi9Qcm9jU2V0Wy9QREYvVGV4dC9JbWFnZUIvSW1hZ2VDL0ltYWdlSV0g Pj4vTWVkaWFCb3hbIDAgMCA3MjAgNTQwXSAvQ29udGVudHMgNTIgMCBSL0dyb3VwPDwvVHlw ZS9Hcm91cC9TL1RyYW5zcGFyZW5jeS9DUy9EZXZpY2VSR0I+Pi9UYWJzL1MvU3RydWN0UGFy ZW50cyAyMD4+DQplbmRvYmoNCjUyIDAgb2JqDQo8PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVu Z3RoIDEyNTc+Pg0Kc3RyZWFtDQp4nJWXTW+jSBCG75b8H/rYjOJOfwOSheSQZLQrjTSrRJpD tAeCiePdBDw23ij/fqq6ARtMMt6DI7u764Pifao65PI7mc8vv6V/XBOeJOTqOiU/pxNOOOOc Cyl5SELJidGcbIvp5McXUk4ngqy6M5xbwXXv0NOX6eSv6YTcfEsJOQogmgBX99PJ5a0gWjOw vH9Ch+CNwIplsY2Ijgzjkty/YhQIdfn1LiSrHf76Op080Lt1uXopSB5EtCoDoel/gRC0CAx9 D0RIszIvSKDpa5E/Z+V690pes0By+k6Cv8n9n9PJDSRwnITtZyGsYCHsKMEi5bJ4oKs1xJC0 II/bQFhaZctiS7JltQkUrdeQxdCzHPNsTMSk7ns+TuqkZLJXMk1kyOJoUDPFJFGRZiL2Huec R2EyzEeN2RrJ4qGxMjfw4iMuojSRYs4Fl1yEhgtxAy9bwfdr2IsTA1vxggtznai5Xw0tLMEZ c4snk1k8x5N+z94meo6nwRF3VvgTfKKFOx3OXUxhmnWMa2+dJS6loQ+Py0fH0FQ3WYIn9wm7 ILieRC7TJG78ioWPJ9Gp8KfcgyzQkdvqnm3RxRjW07h62pFXYTgzTTXpW/FIsmCm6Gbzsgap 5CDLDPVC9jsQ0LoMYlrDp9g+oY6zvBiR6GkgfGPG9ENdkLKqSTDTtH4G+UPMfbmEcMX2Bf6+ r4GOcjUkoJ+5sCw0jbuyCCyt34KQVtt/yQZUH9OqRuJy2KheRgR/mqdUMbNx3/EphJIIMy5r GSsWnwWKGgFl5OVIC1IPf8+JHcFkYCuk10eLiQOgw8RrSNwkAmWd2mSm+ypsWEEQTB8fZy2k IzGRqtE2coSfHkfOGyg87FhsPSGTHYOYlqPY+iMySmTc0ZcI5VObKTU/wIsZdAwOuQSGOiCx CA19Y6CM6de/C8WZal9uBoqV9A37eBYIg73aODIqsitqkpEUemzkWYGWzylK3dC7It9vEaz6 3Tn4HkgF4lyD4vP3sySqLWhP9JP5VGn69y05jJmENi9iGGe6E8yV+KA2A+tYs2hgTRebDTwS PGJMX2GkQW2eAmlpscOugaWIqEN1j6wv4XdIt1jG4uceFtZbHIuFaw5F+Yw9CEbkKxZSOmuh mlovq1M8x4hon9AqprondHoeTgvUGm8EHqVeWk2/dvtog6qCidJJvRs8jbA7aFCKaYjAOFvE yzq8Gj6OVNrOguOOL8RgvPHR8eZHAyRkR7E6HnHniL2tlYxZ11yrGkU7em04dSCMYmHfwUdN dAQzwaH5niNsc14LDS2DK9onHXSsBr6DHpnSH8jocoU8w5d6d+FGVrbZODHnIOYsx5Xn4oK4 URSASHN2VsEUVEqKXrhPn9wOn3wUZx266+rHNKuhYSyZ0UNDrttrjVOQ0yt3dxSU2JXxu41k UW6+vyYCqUmhW8v5QawtRV7A0MHnzc3H2zght13f3YyMc4sgIFeiIbPx5X3jujnad/2ee19m cbA/EO3pcxSnPs+YtzFbn87O9vlzs/HAn0v/lKohR5342pvo6fT7lFEzfE3CgoJav/hfDe7n MJPg/jQi7r6x5Bo6+MHaWX50zZICpkx3+IGmd35oCRnC/Q1U/rivSZHt1gWub/0MhGFXkX/2 OwSgxkPQpKvy9KIoh6lp0J+ID9H+z81rhi1HfwTPLzen9U4NCmVuZHN0cmVhbQ0KZW5kb2Jq DQo1MyAwIG9iag0KPDwvVHlwZS9QYWdlL1BhcmVudCAyIDAgUi9SZXNvdXJjZXM8PC9FeHRH U3RhdGU8PC9HUzU1IDU1IDAgUi9HUzcgNyAwIFI+Pi9Gb250PDwvRjMgMTIgMCBSL0YxIDUg MCBSL0YyIDggMCBSL0Y0IDE5IDAgUj4+L1Byb2NTZXRbL1BERi9UZXh0L0ltYWdlQi9JbWFn ZUMvSW1hZ2VJXSA+Pi9NZWRpYUJveFsgMCAwIDcyMCA1NDBdIC9Db250ZW50cyA1NCAwIFIv R3JvdXA8PC9UeXBlL0dyb3VwL1MvVHJhbnNwYXJlbmN5L0NTL0RldmljZVJHQj4+L1RhYnMv Uy9TdHJ1Y3RQYXJlbnRzIDIxPj4NCmVuZG9iag0KNTQgMCBvYmoNCjw8L0ZpbHRlci9GbGF0 ZURlY29kZS9MZW5ndGggMTAyMj4+DQpzdHJlYW0NCnicjZVba9tIFIDfDf4P562jsp7MfSQw gsROSpcNzTaBXQj7IBzFEU0lV3I2zb/fc0aWsSx50xdfZs798g2c3cB8fna9+LwEkaZwsVzA j+lEgOBCCKmU8OCVAGsE1Pl08tdHKKeTs0+31sK6mU4krPfSQjgpTE/88eN08ud0ApfXC4AD V3Ln6uIOjV1pMIaj5t0jGURrIMFarkwMJrZcKLj7Tl7WwbMPjgV8mk7u50LbSyGUS2dqLmS8 SGWC30IJ6a2QEu+ETi0e+SVeJ0Im50LaZWp2R97hkUhnmixdkTQmHaeKVFAbLaV+3mpd2NaB 3l0lIhh39Feke7euNZKc74/cItVqvo/mH7j7fTq5xMzb7GXI3vXTl8pzk4DRksc6pH/Psod/ I6lZVkaebSMpWbaOYpYDflSPsLiNZordwGOkPMszPNy+1CSfN9GxSzXm0iaKW9d3CQeqgyaq XhMNaDWwaTRXoGPBtW0tzoWI/UgJRnSt4TgAh8q9cEizE3WSuyPRxe3NKWkpPddH4s0mjzRb FY+RYQVWzDDIoKYi55uq3uJdUa5h9ZSVJf7OnyErHyCa4XGD/489dRmNFcNI7uXO60OOjrCp Ai1Wm4JMr4HamMHyC31fw/nN55H2DY1rbXji++b/t3v6qHs4cInrmfQJVwrbKrBcyb59F3Kk fUPlxPD4SJmdbzbPkWXFKkpYRkNcVGWo3ozG+mX7VGHFE9bgQcK+Z5F07A1ei+aJ2kFnW1Ss 4KXBmZ9Ztn3Kwy/FcOYVq2qoQze+DduhQ4SxGctPec297/IL3Ngtcvi27W7Txu+QglctBZAK YdcXkpiyY8t5ile05zM774663SdapTNij4oDTJQZ0KpDVbpXX5LFA1p1pDrRh6MsrXI89r0s qV7ugBF+yIj9ZilB/O1pD8urQMbDUUd+8/iXZtGMkGRkd5Q0BMV3QTLGkUPddzhyIAozwW2C ua3u2df8hBaOukF2HaqJoDE7BSBhuO5HFGb6hLR13Ju+ONEtp/34uWkh1TQFLklVAr4EVU2/ 14iTXwGHcY4nyen6DJplR8AxvlkSCSvN++Q40t6h41Cb/VF8izSBF/f7DZrqBTPEzC1bEQEc PYB5XUdKEAZaTLSP3w+SLNohR8m444ySgTPxjikjAD8JRGkct11gK+QYUgzZhPU27IWcSNWR CqNtWrfP+ZrYlq3o0XgDvP77CvfvC15i3+piTT0rw5PSRDJmb2UUzBAZ0cXPQLz20THU/g8I 0ua3UzPTRSoV77Y2a+AVXeTPhGDICJsNbF8jrB085dlDXpPbJthvo8+pvmHALA1Ym1hV5lDs YktYXtLjFTg+nLVhAZ10OPiHUQ0m7T/89jwnDQplbmRzdHJlYW0NCmVuZG9iag0KNTUgMCBv YmoNCjw8L1R5cGUvRXh0R1N0YXRlL0JNL05vcm1hbC9jYSAxPj4NCmVuZG9iag0KNTYgMCBv YmoNCjw8L1RpdGxlKFBvd2VyUG9pbnQgUHJlc2VudGF0aW9uKSAvQXV0aG9yKEhpbGwsIEJy YWQpIC9DcmVhdGlvbkRhdGUoRDoyMDEyMDczMDEzNDgzNS0wNycwMCcpIC9Nb2REYXRlKEQ6 MjAxMjA3MzAxMzQ4MzUtMDcnMDAnKSAvUHJvZHVjZXIo/v8ATQBpAGMAcgBvAHMAbwBmAHQA rgAgAFAAbwB3AGUAcgBQAG8AaQBuAHQArgAgADIAMAAxADApIC9DcmVhdG9yKP7/AE0AaQBj AHIAbwBzAG8AZgB0AK4AIABQAG8AdwBlAHIAUABvAGkAbgB0AK4AIAAyADAAMQAwKSA+Pg0K ZW5kb2JqDQo2MyAwIG9iag0KPDwvVHlwZS9PYmpTdG0vTiAxNDgvRmlyc3QgMTI2OS9GaWx0 ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDIxMjM+Pg0Kc3RyZWFtDQp4nJ1a2Y7bRhZ9H2D+of5A tS9AEGCS2EjGiWN0G8iDMQ+yrdgdtyVDkYH47+fc4qXIFlmLBDSal6w6d7+1yishhbfCKeGd UDIKL4UC6YPQJgmfhE5KBCmMxZsXVgYRtLBRiwCYsSJ44ZIWkfjgLaGzFNTsoogKf/gICqAQ RDIeDSIlI4KCPG9EtEIpgx4ezyQF/pS2eE9CGWkBwdNrARnKqiigjrIQmqCvM0Yk4B06pwDF LUSAT5AAQQ0VvIIwoaJCQ8QTwIhnAjDCRAmG0eAZSRsttHKAQ6rWMmV/aO3RX5I7NCQqBSIS IYW2FjrBPu0kEeDjHFAKfLwiOLznYbxSXuhgCeWEjrkzmqInIpKH0VkDlQIRShgJP8ELIMgc bYSBrSC8MFoR4UAE8hQiYwwIGGispBiij4W3FV6Mc/QFDL2mzhEEuQEAExBzBTeYCFMUAmki vKcMUIlcBw1MMvQFnBOCTUGyUhEqgUCIlJUgyBtWCUsWKHjEKnKCNSBIeSSF1YaCiKasMxwB zxEBhjYYiqewjqxwYOgoA5BtlqJJZtsgiQA8eAq2o/QjApwjBc4BniwRSNBEBsI2Jx1piOxU WTq+IMxwQgBByQUtnfGUNWjK+iAezlIIgHQO5ioqDY/oKaS+86gGhYx1QVMT+gSSBZNcJGci o10iZ4KpS9QZtnlJViDn/ZCQqKLsH6SF18QZBngdiEAFGVIVFeENpT0y01u4RKGcvCPOKBLv iDOc7r0mFJUl1Q7S2gdLqCB8pAIIRFCOgbtPlD9UhJTyKtc0RScXIpytEtU1+Qdfg8YIoKFu yDmPAgoGKihYGyjntaTyRlqhfkDAWxrJhlojgkaEQHBwDobgaApUpYlGAihFVY4PcHbAsKHJ fRgmYAj8Ei0kQufoPWmPJ2lIxYoagdExkPPAO9LAojQ+RipwDFsxkRehOdIXYuGlJMlDSN0k qQ4wgiQqxe++27yicU6Ku8395v7Ldr95/e3LbnN/On59d3r2uPu8efVBmNz+Qsjvv//3v55C Xu/+Ob09/LNAvXgj1P/EGXwVUK8B4SBW8vHh/W4N5mkAv6MhPD8cPVZV8A1zlVza67vtHdBX IfUqssPiMJia8iPIyeILVkG1TA4Lk8+YDpPDU2muV5qeMIkxv/5weP9tTZZZlxVH3C9roDj3 yVNkVC2J9iaJuigxjAH9dQ04eIDVqvt1HR/LwI5QBj8kUShyaedj0AOPoQKDK/veNDJEx0U+ njHtfBzQE7KZW3odV490muXWBTLpzmy+xKm6RFOUOOm6CtRlVW1nGVzpHFeW6FsS3U0SQ1li MwH8Oq4ukVYxN8YjlYHVQWJIZc4Tjh07lLVdZ9pRO7EMb1d+HDSJgyaxHApagTcWG8vZdwJ1 LDfkhbzQir0uAH0j+DN/XWKVbAk1BaGpLlSpilDTEmoLQN0QastCJ4XXoaYC9XVo7j5qV9Dc tUx2twVX+YrQ2BLqC8DQEJrKQnVztRIKQFkXqivu1c2MijcKrWSUbsY03Si0FtPqqMveHx0y 6nhbWkdmISssqgs9HtLG2hurYDSiwLJnBJVlD7WnADozGtSy/Kw4SZ/ZlWYBvZwFzqCOWUDP 5OVuv//w37vN72//EmZY8Fx2epVPZTqV0uuc3Srni06+p1Po6RR7OqWOTlb2dFI9nXRPJ9PT qRym81D4sP+0mgOGy9RwJhoukMH3+RhveHItGi4ky1OO5XK3nNGW+dn5sFXSqpk8ZgLZ5uLE rkuzjfnLxrKmtrkadrcJdbIs1DV3RL4ArG+J6FC0LLS5twk3CnUVoc3tTbxRaKjEtD7pOE5k xwXhfEcir7OyXDuWa8apMquuAduMRcZFasu6dUxCeixpLmVTUc+NC7lSyQ4qPZ2EzqD2JDTA r4PqVWiH4Y7jwaegdIB/NvxSEd86frHL48AJ1GH4tQdHig9tlZ8F/4KL8q01Aw9sT7XuXzMM 8OugehXaYzDnaeA8DbM8vVQktNYlPHI8MfwMahs+wGfQ5gZHF4CNDU6YbXAusbF3y3yt0PmB 6kJo75Z5AWxsmaMtC60fA7NOBbG9+92rneQrQnv3uwtgS2glHVpOihVofS4MXHmRKy/y/BN5 /pkfXi1Y9xRVKDPoGBgCrzUDqxMqkUmtizu3vLmbQB0Dg7mQ11za6ALQ1TNhfna7wPbeDC2A 9dNbutQtC63vwOfntxdQfd5pN8eU65ykpa4Iba50XQFoGkLdrU5inQpQW/cvb9SGEI4+HbUt sOzJ61Q2p6M2+dhdJa7RVLJwBn593O3uDofT5u7wuPtt+0XwKvDV9rjb51bheN3yhm/H+c6Y r+348H48whlX1eNyclyYjeuVcZAaHULanUW9hGte7L4JPR5gPIdm+8Npt3lJ/57t308voxvv d+9Om5932/e740ATZqR/2T8+7Hf3H7dkL334zx4ctqeHw57fj6eHP7cg8tsfh+Ont4fDp81P h3dfP0Op/OXvj7vdibQ8bX7bvjseZu8/fsT/2ftPD9vHw4fZhyFYU99BDrp9OG4/b54/fPh6 3LGtL79+/vsNXOLZP4LXYFrwmGsEzwE2/6yCKJd/V5Fjct6phDMVz1Sa9jFyItVE6ok0sz3P RLqJnESpkH/OMcxL+QcdQ2TzTzqGisg/6sikyj/ryCEni0s/iMgtqz8coJaLK1y+zxlUGK+2 qd/TC58h1fh+ku/++EJuuiUj2PKQkJNYcXIr/q54BFC8rdGjH7l9PMzNTBebPu503lJyu+N2 xxXjuH3cWWdmpY1UbrzcpwwfC2v53LiYz5l9ZPbsSF6BTYuiDF4MOIGjLvmp+XmO7f8BjHsd BA0KZW5kc3RyZWFtDQplbmRvYmoNCjIwNiAwIG9iag0KPDwvRmlsdGVyL0ZsYXRlRGVjb2Rl L0xlbmd0aCA0NjQ+Pg0Kc3RyZWFtDQp4nH2UT2+jMBDF73wKH7uHCmwHO0iRpYYkUg77R5vu abUHAk6K1BjkkEO+/drzaJtQqUiAfnjG783AkJbb1da1A0t/+a7e2YEdWtd4e+4uvrZsb4+t S3jBmrYeRqJrfar6JA3Ju+t5sKetO3TJYsHS32HxPPgre3hqur39lqQ/fWN9647s4U+5C7y7 9P2rPVk3sCwxhjX2EDb6XvU/qpNlKaU9bpuw3g7Xx5DzEfF87S0TxBxm6q6x576qra/c0SaL LByGLTbhMIl1zWR9zNofPsJlCA+3mWF/w11khDNu/sX0t8DiLa9+qXxM4wJx0kQSCqRAG1BB lGuiPAM9gQRoDcIuag7KifQMpCPxDHqKG9giH5+q4RlJc44qlDC3RcwnRXAOM2pGEhxmFMlz ATOKSuL5uCHMjEUEv0QrEJXLVQlagtCK8PBL2zon2xptVKs722pqW4+CG5KYF0Q6A0FeU395 AdtagmBbo9xlDspvrYlP1kragpcc0WhHqfAQr1bP7/zKiV+ZQ0mUhgiNFWvQMpAI3r5skMSH IvMNoss7QTEVLJb4AKklco13IOWtRByNOMHvc1dfvA8jR2NOsxanrHX2/U/Qd33Miud/JeAk qg0KZW5kc3RyZWFtDQplbmRvYmoNCjIwNyAwIG9iag0KPDwvRmlsdGVyL0ZsYXRlRGVjb2Rl L0xlbmd0aCA5MzYxNi9MZW5ndGgxIDE5NzY3Nj4+DQpzdHJlYW0NCnic7HsHXFRX3vY5905j CjMDMzAwwAyMgAqKigVLZJRiL5QxgKIg2BKNvcQW0w3GJJuYYqrpRaPDqBFjiklM71lTNtm0 TTbr7sZssim7qwLvc+5/DqIpn/m+9/fut7+XMzz3ec7/lHv+/3vOuWcEGWeMuXHRscnFFWNG HV/5XTemHLmHMe/GkpHFld33PZPG2JEHGPNsKxk5vqj4scAixj6pY8w0elRxSemfnvn2BFM+ 38OY+tWoyZMq5jUOvYhxPprxW62jKkIjn/3os3am3FbJ2Kjpkyry+v3r8/e+Z4y/h7vWNSyo X5SxZfAUxnpYMYB7GlYs84dvOfQWYzW/Z0yfMnvRnAU//DABZb3CjMUkz6lfuoilsADuPxnt HXPmnz87JnPnJMZm/JOxkulzZ9U3fpHZdhb6n4bygXNhsD1s3Ij8FuS7zV2wbJXp49Q+jCkF jGW9de6sJefVzpjxMGPPbGMsdsX8hQ31+Y8FrmDs3irG0koX1K9alN6r23No34L2/vPqF8zK WlH2HWNveVA/YdHCpcvavewyjKePKF+0ZNaic3cpbbj1K7idg4nY6m9vee/uNYEZ9mHfsyQT E+nAX9e+IvjZjJtWHz/WuinmS+MjyMYwhVFCOwNrY/yQedvxY8e2xXyp9dQp6UYJiz2DXcr0 mkFhDpbHZjHmvAb3FUnV5fBrUGrSb9Xno8s0YvUNdpnCTEyx6xVF0amK7lOmtAfZjnZtBEgT Kvx+FoQ7qTQG4+1Klp/xO7RO9+ljhafoPfbkaPjrGNGd4rn8uqSrYTt0xaz+J8u+ZDs659Uj p+Z/LqkPsx16K5v6o/5OnGyv6M6sL63uZmY8pf/an25reBf37fnTZfrxrOFM7yeSLuNkP7qq 0+LwMBv1U23UL5j9lHtmsId+zT2NaeysH40jm/VBv2m/pp+u9L8rqW+zab+2ja4/26rOZDVn WLfulPsdZ7Vn0k5ZzDJ/7bj+J5N6iA04k3oiVlLzd7Df/4rE/9L+dsf97j6ln60/Vd/QyLZ2 vt+PxlJwZs+so360L/EMlZdO7VdNZ2Vn0oeyk6X/mnv+vySMc8uZ1lVvYxn6lh8/Q3Ul66He wTL+e0fWlbpSV+pKXek/LSm3cPOZ1uXtrKfWphs7oOjZjafbRVKr2UYg59eOQ008/TtkdHxL Wcmv6UdZwC4FVivL2JNAjXIJmwIs/7Xj+bnED7FN6gC2qbPNmP3f1fv/7oTv7DujPOffPZb/ xKSeYKW/UFYCzPqfHE9X6kpdqSt1pa7UlbpSV+pKXakrdaWu1JW6UlfqSl2pK3WlM05qFCn0 2xJ+DnJQ6hSm4xNh6Mf8TMfioGwsg/Vgeawvy2dD2DA2nI1lk1mIVbOprJadz9awdWwbe9jv 8Cf5U9vbtd5taJ3Ncjq1CbLxrJydrbWpP6VNCtrw9u+jw3oMn1SdSdfxt2hqptoNV6NqaG9Q nv1s5mcjPxsZ/Q1Pb4xyYCef+rPRGNkUTU/5scfqWPVG9QZ1vXqB7iw1pC5Rq9T56i3w0gk/ PYhEFsacC0+HYLzFrISNw3hr2HTWyOayZfB0NVe4nTt4Mk/j3flkXsNr+Tw+ny/ky/kKvo5f wTfxK/k1/Ga+lx/kT/Hn+PPMwL/U7v7Nj34rxZkS/TtIhf1y4ifH3+GM5gdjJz2B7Sjwt1Nc Phs1ioES6J/2lHXylXV4y8hftNoAXBgdxq/3nqkXARf/H/z79yX1tOx0dQauP/qbyjNMXSvn v3HlBEc1zpheO21qTXVVqLKivGzypIkTxo8bO2b0qNKS4qKRI4KFw88aNnTI4IJBAwfk9e6V 2z0rs1sgw+dxOR12m8UcYzIa9DpV4Sy3JFBa5w9n1YV1WYHRo3uJfKAehvpOhrqwH6bSU+uE /XVaNf+pNYOoOfu0mkGqGeyoyR3+YWxYr1x/ScAffrU44G/hNWVV0JuLA9X+8FFNT9C0LkvL 2JBJT0cLf4lnbrE/zOv8JeHSFXObSuqK0V+zxVwUKJpl7pXLms0WSAtUuHtgUTPvPpxrQule MqRZYSabuG1YzSypbwxPLqsqKfamp1drNlak9RU2FIWNWl/+eWLMbJO/Ofdg05UtDjazLsfa GGisn1YVVuvRqEktaWq6POzMCfcIFId7rP7cA5dnhXMDxSXhnAA6G1fecQMe1mc6Av6m7xkG Hzj65amW+qjFkOn4ngkpXOwIE8qlZhgbRgj/0tPFWDa1BNlMZMIbyqoo72czvREWzMupDit1 ouSgLHGHRMkGWdLRvC6QLh5VSV30Z8VcT3jDTH+vXERf+8nED8r9YTWrbmbDXMH1s5oCxcUU t8qqcLAYIlgf9bWkuU8e6tfXwYl5IgxlVeG8wKKwKzCSKsDgF89gXkWV1iTaLOwqCrO6hmir cF5JsRiXv6SprpgGKPoKlFXtZ/ntnzT393t352N1VotxhBOK8FCySpqqGmeHfXXeRszP2f4q b3o4WI3wVQeqZlWLpxRwhHt8gtula3fUWsG302rLysJzY6bJX6V41WrxtGDwl+ISGDkMBQ48 Li0rnujIYf4q7mWyGu4SrSHUKf0go2YWjRZFqmhaNNqbXp1O6ReG5I2OSZ8ZNnXqywFDx5jo Pj87NKotBtTDXzKruNMAT+lUHx1gtLefHqciYhG9MVqYxOMcLYvUTKxc2BR0o5nEU/T4w2yy vyowK1AdwBwKTq4SvolYa893XEVgXFlNlfa0o7Ok8pQclRdQLszSUSwzShHmYGmOVz5WLT9K y3dkR59WPEYW+5tMgXEVTaLzQLRD5scKgtOGrDH1mwri+mNplmJ3C5TWB/ByKW2qb2nfMLOp ORhsWlRSN3eI6CMwprEpUFE1zKuNtbxqnXe1uFUcG8fHVY7slYu9Z2RzgG8saw7yjRU1Vfsd jPk3VlZFFK4U1Y2sbu6Gsqr9fsaCmlURVmEUGb/IiJ7KkTFp9b37g4xt0Ep1mkHLN7RwptlM 0sZZQ4tCNoe0KbDpyBbUbCLhIXnmIsTYbkv8jeLxrK2e21RXLRYXS8CjxA8P88BwFlYCw5u5 YrCGzYFZI8OWwEhhLxT2QrIbhN2IicETOIIj9qSmugD2KUyoKublNBVV0aW/pb29sir9Ve/R 6nRMtWlATVU4Jgd7vz5zLOqNEqiDeVR4Q0O9GAcLVYm2xswxDdWYtrJDVBkTjkEPMdEeUKNU ayOmIxo14NngAWrtNyAT3lAdrs4RN62aV61NZ0eYjQ4MwWOnPvVZ4kZ51U1xgX7a2sRSMGde LigGY2MVVWTxIoubVVOQjFaMvCGAooY6P6KtYw0VmOq0l5q9ZJmFLVGXNUuD2RstZMItNdNi M4djeqND/Aht6S2WpD7TWF1Ng9dyl0cr4N6OsAUjyuoUymgDRAdFY8RY8HM5hiqqPiW6KWth 5YFV2FnEoLWejCgO2zLH1GPzp/YWWAIFsrFJ7BGWaB+HyGoUnlsRdzWzsqX9/sD56Z1Sr9yA eDmIicm8+zGxWXXT6Ybw1JxeuabTrTbN3NRksv10A4qXydbBwugvwVuDsUiM6m9RLtkT4+Fj IS6W4iIpLpRigxQXSLFeinVSrJVijRSrpThfilVSrJRihRTLpVgmxVIpFkuxSIqFUpwnxQIp 5ktxrhTnSDFPirlSzJFithSzpGiUokGKmVLUS1EnxQwppktRK8U0KaZKUSNFtRRVUpwtxRQp QlJUSlEhRbkUZVJMlmKSFBOlmCDFeCnGSTFWijFSjJZilBSlUpRIUSxFkRQjpRghRVCKQimG S3GWFMOkGCrFECkGS1EgxSApBkoxQIr+UuRL0U+KvlL0kSJPit5S9JIiV4ocKXpK0UOK7lJk S5ElRaYU3aQISJEhRboUfil8UqRJkSpFihReKZKlSJLCI0WiFAlSuKVwSREvRZwUTikcUtil iJXCJoVVCosUZilipDBJYZTCIIVeCp0UqhSKFFwKFhW8XYo2KVqlOCHFcSmOSfEvKf4pxT+k +EGK76X4Topvpfi7FN9I8bUUf5PiKymOSvGlFH+V4i9S/FmKI1L8SYovpPijFJ9L8ZkUf5Di Uyk+keJjKT6S4kMpfi/FB1K8L8XvpHhPineleEeKt6U4LMVvpXhLijeleEOK16V4TYpXpXhF ipeleEmKF6V4QYrnpXhOimelOCTFM1I8LcVTUhyU4kkpnpDicSkek+KAFI9KsV+KFin2SfGI FHul2CPFbikiUjRLEZZilxQ7pXhYih1SbJfiISkelOIBKe6X4j4p7pXiHinuluIuKe6UYpsU d0hxuxS3SXGrFLdIcbMUW6W4SYobpbhBiuul2CLFdVJcK8VvpLhGiquluEqKzVJcKcUmKZqk uEKKjVJcLsVlUlwqhTz2cHns4fLYw+Wxh8tjD5fHHi6PPVwee7g89nB57OHy2MPlsYfLYw+X xx4ujz1cHnu4PPZweezhS6SQ5x8uzz9cnn+4PP9wef7h8vzD5fmHy/MPl+cfLs8/XJ5/uDz/ cHn+4fL8w+X5h8vzD5fnHy7PP1yef7g8/3B5/uHy/MPl+YfL8w+X5x8uzz9cnn+4PP9wef7h 8vzD5fmHy/MPl8ceLo89XB57uDztcHna4fK0w+Vph8vTDpenHS5PO1yedrg87fCi3ULg1BxJ G+7DmTmS5gZdRLkLI2lDQBsodwHR+kiaFbSOcmuJ1hCtJjo/kjoCtCqSWgRaSbSCaDmVLaPc UqIlZFwcSR0JWkS0kOg8qrKAaD7RuZGUEtA5RPOI5hLNIZodSSkGzaJcI1ED0UyieqI6ohlE 06ldLeWmEU0lqiGqJqoiOptoClGIqJKogqicqIxoMtEkoolEE4jGE40jGhvxjgGNIRod8Y4F jSIqjXjHgUoi3vGgYqIiopFUNoLaBYkKqd1worOIhlHNoURDqPlgogKiQUQDiQZQZ/2J8qmX fkR9ifpQZ3lEvaldL6JcohyinkQ9iLoTZVPXWUSZ1Gc3ogBRBnWdTuSndj6iNKJUohQiL1Fy JHkiKInIE0meBEokSiCjm8hFxniiOCInlTmI7GSMJbIRWanMQmQmiqEyE5GRyBBJmgzSR5LK QDoilYwK5TgR04i3E7VpVXgr5U4QHSc6RmX/otw/if5B9APR9xFPJei7iKcC9C3l/k70DdHX VPY3yn1FdJToSyr7K9FfyPhnoiNEfyL6gqr8kXKfU+4zyv2B6FOiT6jsY6KPyPgh0e+JPiB6 n6r8jnLvEb0bSTwb9E4kcQrobaLDZPwt0VtEbxK9QVVeJ3qNjK8SvUL0MtFLVOVFohfI+DzR c0TPEh0ieoZqPk25p4gOEj1JZU8QPU7Gx4gOED1KtJ+ohWruo9wjRHuJ9hDtjiQUgiKRhKmg ZqIw0S6inUQPE+0g2k70UCQB+zV/kHp5gOh+KruP6F6ie4juJrqL6E6ibUR3UGe3Uy+3Ed1K ZbcQ3Uy0legmanAj5W4gup5oC5VdR71cS/QbKruG6Gqiq4g2E11JNTdRronoCqKNRJcTXRZx 14Mujbhngi4hujjing26iOjCiDsE2hBxYzPmF0TcA0HridZR87XUbg3R6oi7EXQ+NV9FtJJo BdFyomVES6nrJdR8MdGiiLsBtJA6O49qLiCaT3Qu0TlE86jdXKI5NLLZ1HwWUSPVbCCaSVRP VEc0g2g6OV1LI5tGNJWcrqGuq+lGVURn03Cn0I1C1EslUQVROVFZxBUETY64xB0mRVxiek+M uC4GTYi4eoHGU5VxRGMjLpwL+BjKjSYaRcbSiGs9qCTiuhxUHHFdACqKuDaARkbiSkEjiIJE hUTDI3F4v/OzKDcs4qwGDSUaEnGKqTGYqCDiHAUaFHFWgQZGnDWgAVTWnyg/4swF9aOafSNO 4VifiFOszTyi3tS8F90hlyiHOutJ1IM6606UTZRFlBlxiih1IwpQnxnUZzp15qdefERp1C6V KIXIS5RMlBRx1II8Ecd0UGLEMQOUQOQmchHFE8VRAyc1cJDRThRLZCOyUk0L1TSTMYbIRGQk MlBNPdXUkVElUog4EQu222f6BNrsDb5We6PvBPRx4BjwL9j+Cds/gB+A74HvYP8W+DvKvkH+ a+BvwFfAUdi/BP6Ksr8g/2fgCPAn4IvYOb4/xs71fQ58BvwB+BS2T8AfAx8BHyL/e/AHwPvA 74D3bOf63rX19b0Dfts233fYluX7LfAW9Ju2HN8bwOvAayh/FbZXbAt8L0O/BP0i9Au2c3zP 2+b5nrPN9T1rm+M7hLbPoL+ngaeAYPtBXJ8EngAety72PWZd4jtgXep71LrMtx9oAfbB/giw F2V7ULYbtgjQDISBXZbzfTstq30PW9b6dljW+bZb1vseAh4EHgDuB+4D7rX08t0Dvhu4C23u BG+znOu7A/p26NuAW6FvQV83o6+t6Osm2G4EbgCuB7YA1wHXot1v0N815om+q82TfFeZ5/g2 m+/1XWm+33epmum7RC3wXcwLfBeFNoQu3L4hdEFoXWj99nUhyzpuWeddN27dmnXb132wLhhn MK8NrQ6t2b46dH5oZWjV9pWhR5XL2Gzl0uCw0Irty0O65a7ly5ar3y3n25fz4uW8z3KusOWO 5f7lqnVZaElo6fYlIbZk8pINS8JLdEPDSz5ZorAl3NzSfnD3Em9aKTi4donNUbo4tDC0aPvC 0HmzF4TOwQDnFcwJzd0+JzS7oDE0a3tjqKFgZqi+oC40o6A2NH17bWhaQU1o6vaaUHVBVehs 1J9SUBkKba8MVRSUhcq3l4UmFUwMTYR9QsG40Pjt40JjC0aHxmwfHRpVUBoqgfMsxZHiT1Ed YgATUzAS5uUj+3iD3k+8X3t1zBv2HvSqcfZkX7LSw57EiyYl8YVJFyRdnaTaPa97lKCnR26p PfH1xI8T/5aoiw8m9uhdyhIcCf4E1S18S5hQWapxYTFx3wGarxMSAlmldje3u31upcTn5sz5 ifNrp+p+0vG6Q7Hbud3ebleCdlS3x/piFXFpj1WDsX0HldptPpsiLu02NSFog0X0mG2dXFlq t/gsSqjQMsmiBC2FRaVBS68+pUzlfs4Zd4BUkxgFd/tKsa53J3A9x/u8ubIiJ2dci4mVjwub Jk8N843hzApxDZbVhA0bwyxUM7WqmfOrqpu5UlQZdonf2Gr5SzdvZiNTx4VTK6rC21Krx4U3 QASFaIdgqc0JbGR1zvSly5fm5Cybjsv0pctytB/k+HKRyxFG8bN0GfLis1zLs5xfTFQNNGMp 0jJpXPbLrf5/T/zfPYD//NTMxB8ZjGhXLmGNysXARcCFwAbgAmA9sA5YC6wBVgPnA6uAlcAK YDmwDFgKLAYWAQuB84AFwHzgXOAcYB4wF5gDzAZmAY1AAzATqAfqgBnAdKAWmAZMBWqAaqAK OBuYAoSASqACKAfKgMnAJGAiMAEYD4wDxgJjgNHAKKAUKAGKgSJgJDACCAKFwHDgLGAYMBQY AgwGCoBBwEBgANAfyAf6AX2BPkAe0BvoBeQCOUBPoAfQHcgGsoBMoBsQADKAdMAP+IA0IBVI AbxAMpAEeIBEIAFwAy4gHogDnIADsAOxgA2wAhbADMQAJsAIGAA9oBvRjqsKKAAHGGvksPE2 oBU4ARwHjgH/Av4J/AP4Afge+A74Fvg78A3wNfA34CvgKPAl8FfgL8CfgSPAn4AvgD8CnwOf AX8APgU+AT4GPgI+BH4PfAC8D/wOeA94F3gHeBs4DPwWeAt4E3gDeB14DXgVeAV4GXgJeBF4 AXgeeA54FjgEPAM8DTwFHASeBJ4AHgceAw4AjwL7gRZgH/AIsBfYA+wGIkAzEAZ2ATuBh4Ed wHbgIeBB4AHgfuA+4F7gHuBu4C7gTmAbcAdwO3AbcCtwC3AzsBW4CbgRuAG4HtgCXAdcC/wG uAa4GrgK2AxcCWwCmoArgI3A5cBlwKWsccQGjvXPsf451j/H+udY/xzrn2P9c6x/jvXPsf45 1j/H+udY/xzrn2P9c6x/jvXPsf75EgB7AMcewLEHcOwBHHsAxx7AsQdw7AEcewDHHsCxB3Ds ARx7AMcewLEHcOwBHHsAxx7AsQdw7AEcewDHHsCxB3DsARx7AMcewLEHcOwBHHsAxx7AsQdw 7AEc659j/XOsf461z7H2OdY+x9rnWPsca59j7XOsfY61z7H2/9378H94qv53D+A/PHlmTGfM eDtjbded8lfbk9k5bCnbgM9lbDO7jj3JPmAz2cVQW9k2dh97kIXZU+xF9u7/xV+6/2xqO1+/ gFnVfczA4hlrP9Z+tO0+oEUf28lyHXLxOv9JS7uj/avTbF+1XdfuaGsxxDGz1tamvAXrt7y1 /Rjer8i3DxR55XJou9biG+Ptbbva7j8tBmWshk1l01gtq2P18F/8Rfo8ROZcNp8tYOdpufNQ NgfX2cjNQC3sJZo+WWshWwQsYcvYcrYCn0XQS6M5UbZYyy9nK/FZpf3PiTVsLVsXva7ULGtR slrLrwLWswvwZC5kF2lKMlkuZpewS/HULmcb2RW/mLuiQzWxTexKPOer2NU/qzefkrsGn9+w azEftrDr2Q3sJsyLW9itp1lv1Ow3s9vZHZgzoux6WO7QlCh9jD3H9rKdbBd7RItlA6JGEZFx ma3FcBFisBYeXtxpxBS/lR3RWg/fhW9NUU9XwX5RpxYronEUNS9GTeqFnoPoZd1pkbgGPpA+ 6RHlrtf8P2ntHJVfssp43NopMrdoOaFOt/6cvoHdhhV4J64iqkLdBU3qDk13tt/eUXeblr+b 3cPuxbO4X1OSyXIf9P3sAazth9h2tgOfk7qzIt7JHtaeXJg1swjbzfbgST7C9rEWzf5LZT9l 3x21Rzos+9mj7ABmyBPsIHaap/GRlsdhezJqPaTZKP80ewZ5UYtyz7HnsUO9xF5mr7DX2bPI vaZdX0DuDfYW+y17l9ug3mR/xrWVvaH/nMWyEYzpH0Wcb2XT8dFjV1qqvoVdRGVGNphNYBPZ 1MeYDa/7BDaE793rLi429TI+gVe5wvw4DJgY50VBu06x7UtOLgzsG2DYrDrHtPBeewqNm3HM LWz9qPW1vNaPjsYNzjvK8z789KNPHd+85hycl//p4U/79uHOdKcGV6xiNLoMgYzeyoDsrIH5 +f2GKwP6ZwUyYhXN1n/goOFqfr80RXVJy3BF5Ln61okadVKrQVkfKJySr09LtrtsBr2S4onr NSzTUTE1c1jvVKNqNKh6k7H7oJEZ4+aXZLxvdKa6E1LjTKa41AR3qtPY+oE+9tjf9bHHi3Tz j29RDUOnFXZTbzKbFJ3B0JLmSeo5NH3MFHu8Q2eJdzgTTMY4p7V78bTWy9wpoo8Ut5v6ap2A sATaj+nW610sg2Wx2/azbu1H9lgdfHygJSqyWtq/3mOBsEhhhggmC5XpEFebdrVq12B3nimK cy18QrdAVuZ3VovVk5EaMNt4gs7KrA6rsivwZOD1gBqwBqxxqeVxIX2IFRYWxg0enJdXW+tM HOyEdOY7jvZz5iPiObX0KmQ5OZkJCQYt5NlquhqrBjKysgYO4hTnRGNATdctN3FHps+XGR+j W9j6xTmqOT6Qkppp5yYe0dmSstP8PZNjdWv4x/zpsxK8sTrVaI3hQ9tejLHF6PSx3gRdxBJr UlWT3bK5dY34H2Q7xH/8wuxKYzmsgL0QTPZ5HHyCz2EXFxsuHisufvgqfkcc7J7sDqLcHUS5 223JFZVzReVcUTlXVM4VlXMfxXdC1n5wLzTLykekd6Mm+Ovd9ijbNP5ht1XjI7stghVH0LbN ctCiWJKzv+vb19hN+1fpsv4t3NJsrGSFRwu1eTuY59V+qgWt3+EcEjDn5AwmjaC6YnWB9Iys Ac7+A/PTET23mM9pKu/fWwkEnGIyx5+UOu4rmNSweEzbzsQePRJ51rItDf0Sckb0HDCtpHtb a3JBzdjIoaLygUkTM0edW/basaFVRVl86Vlzyof3dPuydRdl+3IrV0/oXTmqIM48oPw8heeN H5DSVhsYOqn1wyFVw3xtBSmDyhln9e1f66z6NKzimbtT2NCcaFRyolEBfymiAv5KRCUnGpWc J/AdO5Z5eB5LZ1k8NxJfoTvAe7IBrA/v3RwzBUv68FEBnkfuO9451LdPpivW0GlZGtzRZSoW sNuVpgi/xbTSWRW9yRWcsWbM+pevnlBxw5sXFJxTU+o16VWdyWKK7Tdp8aQpmxsHDWi4ZuqE pWX97UazQd3n8MTFunpkeyvv+ea2O0/smub29/TGxifHuVLiY7Lzsksue2rtmscvGJGVl2Vw pmEFill2NWZZHPOxlcHUwnQeL2ZOvJg58S74HB8Hh+M98Db+gJg5LJlikxyNTXJ0xiRHZ0xy NDbJB/C9PwaxsUZiy7wtPKtZT7NExuKwnBG1Ykc7ZUoYO02Aq6fc+/V9bV9pjz/zgSO3le3t v/Chy3Y1r31oyWDl5geO31tOD/rsu49snbf3krEnnMM3PCX+bys8U9fCs1y2ojk5O/pEs6Oj zo6OOjs66uzoqLNbFGcwJibeH+/H4JNbuClo25DFD2bxN7J4VpYhSfyCxlaWDWo2dMz62sVL 4Faeto04orNfe87Kj2Z6IN15mlTX6sw2U+t1wkNltslm0utxaTPwiAlbgy4GeqLCTTazblSc N85E3privK44r9PUdk6MIyU+LtlhbOtrcno1v9uPqZXwO5tNazbGR/2Oj/odH/U7Pup3fNTv ePi915bK0lKNcG13fHySoYV3351RliQ2yOgbKe+Qc3CHd/xHzsi3jXRXrYRjxjZEz4jBazpo cvmTPRkuE1wt1ayH4lPgxWijw+uO9zpjWv9otBn1elx0O4WXqcKjqe1f6Vbp/ayQ3RVMTUmx e8QM9YgZ6hF7m8dsFQpeeMTTs7Ens7k/O5hdl61m26P+26P+26Mr2R5dyfao/3bx1+F5/Xl/ Tws378nIGJw3/AA34x1v5j0igytcLTy3OW+KeN5YzU4KR3SfO1xbe6hjo4vG5ZTVPHCQU8wC sdq1aDnFDnhy/et0q3Qmq9FaMP3imnMfWlFYsvrBWcPWDGg77HTqYvCOuMWSEGeOGzJtZmPf G768e0rtg0evGXvRrJJks256fGq8Kat31sSmJxauPXhJcWoqPz+jG8JoMjlS4trik7NSMzzW 2h1fb7n5WLg+OdAjOYPmh24y3rl5rGVPYV8esEZDZI2GyBqdItboFLFGQ2QVwU1J7GYR0beI 6FtE9C0i+haxP1jEOyKRBd14sQTjxcXh5ONZEOUsUfzSAgWCH0FZYs9yvEByg/aDVv6GlVtP fRtjQR0t5HhrHBZhjU65kwurNrNjqnWedbRrumGTUjfZ5Er3JPtdptbdUEli5plcGZ6kdJdJ maDNRahkRB9TzmpShrc+LbXufalajykGqaPri1chfm42eV9h4qTEXYkqi4aQRUPIoiFk0RCy aAjZo9gTze0H9yESZke55i7c7NgIM3/kDK+S445xpycmdR7tyRGKURnbv+KfY1TdWdV+vN7P fDipGI6TT0iNDZTHHOD98DXZg3eXPvruwqLP6fTmFqMzyOOkdu48OdLPU4oXlqcM6p1hMeoV FW8oU1Kgty+jj99BLsTH8NIJG2r6xtidVqszKS4BZ0l7nN3Zu2yEervwR6yC6L49Dp4ks9H7 mZs8cUc9cUc9cUc9cUc9cYv/s8Bi7OXuFp4T3Zh53qty5J124o5JIjaocdhdY1oPJfaQk4K/ IY5j41ze+BjssztlgI/fGeNMiT57Qw721mFsR9BRN3zRcMXWp09iXp65t8eT3HKGL0axjtK6 9bVazWIlmcVKMouVZBYrySxWklk8GJzRgkniKXUbWGbxJNryPH17G3zdy3whuVAK43BgzYej 8qSFU6ujQzkHn5WXny/OsZ3mVYCLsytOsTxwyn6tHWN5vjjQavEx5JhcvqTE9HiT0pavWtyp Lneay6K0jeJYNUkef7wx1zvX36ebJ4av1PPLLMm+rKQFdm+89eT0nHN8i9FsVHU4luCLwtYO +309u1mTu3tPnK3el9YzyRITn+qO7krr9U52Frt0d7bd7ooGU2N7lG0afy2C6YoG06UFM83c u3c/Ecx+Hru4oGI/h1UoVOknqjhYWkG5ubc9W5ck3mlihmjhE8H7Uezy8qNThiKVlZUdSEhw /0S80tTE/KxOs0q33uZOtg1Kzg4E3G1z/SNSFEUxxfs8Hl+cKTe5PDXbl+rkQ1IH9uvr4Xil x/uSEvxxplEufDOypPbLVj4ZvG7o6BvGnvi24yX4UPcMc2IPX+sL/RvqavMmbZ+kPIHvDTgV YKmI/4vaflR3RJ+ORZvN1gaTXSIGLjGhXOLo5hJHN5eHwpQfjPGzPmwDvlmkRYObFp2padGX Ylr0pZgWDW7aARxvzSwJr0B7RUCsLP2UU49wtaftDR1fNbUTXKfzrO7I2Os+2nLt25uKx275 aMvVhzeX7M2eetOiRTfN6JFVc+OSxTdP767ccNuJ5hln3/fDtq3Hds2Ycu+3D573+KaJlVce mLPk4KYJlVc/Jk6rONs8j/WXwnqwVc3dDFFHDFFHDNElZ4guOUPUEYOYAonOVBGeVBGeVIfV xseniu9DqeKPb5kzE+/93QaDFW5adrvL/ou9Lw2Po7oWrFtrd1cvVdX73q1udavVaq2t3ZZa tqxdXrEl20gGW2YL4E22kW0wwYaEAIkh5GUgzGSBgUwyCYsXZEiCmXFwyBsTyGMJYXnkJQRw 4vAgeezqmnNvVbdkW35J5psfb76RjnXq9m111T3nnnPuWe51m2e4PZqASGd6PrGz3R12htPK nMjt/ME1XzXao15sVcp9yFk+ePlVA6nDrUMjFd/8xuJLu+LMVy++5+p5+cqiXsBUC+72CyeG llyRtU59XNa9gdIoZkWguIHqpG7PhaRKudEAo27EVDQSKhoxVY14lhthlh9N4Sgw1S5jVkBL 1lkj66yRddbIOmtkvCk3UCmBp3tkcw7lcu75wIHD0WVu3cgQ/xaHdedEdc26lpCguJI5hyUu d4jRgzu33eVC2UQykSi49SLviId8UYfI7nRm2i5o3VZgFrj59poOX/+2xcnYggubI9lMmWPc ashPdS71ttfd/t3ODQvCYGRguTCCitdkh9pjUy8XmQhOI8dYmlZtWthx6ZIWhzU9b3FN/rfx IHPjwOVugc8PRFuXgrXpVk8zG0Bveqm3jlId6tuHbBIa6NBZ1KGzrkO3NR06qzom6YpcujZn d6CB2hysmfHaeK3Z78Gf9WMD7pckjOAjfjwd/sfoGmzFD/rJknvsoFe/OrTrERt2j8yVj6Mk 1QiOZiInypFG1JgTzWhAxjtCTLjVKDfKrnnglR/u8HOpFa5JlNL1EKbgtIxjjnR6RDotYVGd 9pcU7Y2zFJQ9Y/HOFhfzs4NQntmwcOe3Rzo2DbW6RViYDda6pVv6mkYWxmuXX371ZcvrWi+/ /YL00OA8O8/SDC8KYlXnSEvD0qyvdsUVV1+xog59bu2XIVSPlHhKw66gIpSUxUKNS+saF7fW 1LVdsGXJsr2rMjZv2C7KHrsCsWkgFgxWLyhtWDyvtm7+ii0wRzbQ9ZdA8kuojY96ctjPlzHX DmFH5m9WfLyQyuqxw1jyeQWHNEFdt2vB8XqPMOenael4uhjQTLuWBXNGXIWXSCB2Z8Ebg5Ye qDH7SZhG4phP/0tRENcb5IDdrqW6sOfwPbDUE+DVpKm7csGLMiiCtTaCtTiCRSeC1/4Ilhp8 6jInz/SiQdIol06wSyfYpRPs0gl26QS7HqMl7GFiXxtvzcoZ4RamxHJpuX9abohrrVvw9LSI jKBzfWnH2W4eO7Ho+sntn3vouk4tlLMbKlZs7+3fvixNWBMFL+/1HUevX9A2cWQnEyuw47P3 19y0OlMxfMMQ457ptc4Hf+oN4Mo86tKDiXmodlL9KLcQC30pTI8BN8qqUKlEekpRiQc3UiXI E8GNTA3KVKNMHGViqHF5+fJYtcjMDCNgdW8HquAHJ/J0KC36P0yhlUg0NMzwf2a0XC5e4Pax UiAVCqcDVjb/Hv0JY/WlItGKgI3Jf49HciISjtsFGsUQcjBGR2koEHUYGZSiUZDh7bFgKCYh LmGV8ZotW5nnPqsqtNnvu31WljFYxU+Psy2iDTvANvHTp9hWE7Q5q8+NOVQNWvABidaqc8FU FUpVooQHJdwo6UJlFEotj4lycLk8ncgEktEI+ZlOWSJUzFjOoLZIImJ+Z+GUVEkk7hTZ/Bv5 1zizMx6KJmycBV2cf9AsSKC8CZeJRy7k4Ez2kmA4KbPm/ENtLp+NA1ffSDNTU+CSMJzN56JX 0O0uv41lBFCYAPqdwQL9Vr9r6qeYnhBZwR1UObX674tTzCDUbhKNHsuZcXhautzPK8t5TLfS PEOkcaa8KMjT5MIK5K5raGi0F6imezWv32nI3yFytmQ0VOoSuYPeWh/trvEeYkR7iS+ekjgR fZgvCjJ6jf41njZWsJjyt9aPtzZvaUQ7TFYBT5gL1usLYWVpZ35O1VE56qFcxLYgvKBqASMa 3VkzUJTFup7Fap6V8LKRnUQf5qxUMmmjkJnC1oBq0VedFt3jbdGZgK9kmWqZpA05h+z+KZWV snTrsSyisiibrewon0T+nO3ZElRSwgZPVfbNf9U8yFJVhRwVSVuMbBkdKbhvx9OjI816vqoW FvNRiBOwwIBHW89PZyjr6nVfTu9hiR0QtIXChdMbTLsU8PvC1tbbl3VvW5ZpG//u5XtcNYub 51/cW2M2gLsq+BesuiR78RcvSNx3W+fYgvDqpR2b5nvMZvC3zGvau0q7LukY2NxX2pVdWu8P xoIGyWvzBn2xoL1i5XUXHHdn2lNdKxZ0AnfvAu6+wG0B6YE44TAYMlO0QReWBl14GnR+4deE Xw2T6KOc35nGznA6grO4mP9pbH/TEknu0qackXKaGuqjLFc9ibgjiT5/lzTQDM2HuUFiMYGF 7uZirDDNs6LNTDrPNZ6aMSm4woLschHn8IW6DQdG0r1dXUmD4neC888L9ojHC5FAWX9PT9n6 W4bKfujMrspF2nKLkp17FrYNN3rRW9sf398lJ1pSV4MogviZDVyTQQuaDVNvpppi0uJ9D21f dMPYfKV8QW3+rhVD8zbsBn1bAxyLME9T9dTNDweI96Ep3Bu6or19CCvYLOnRP52ZFlVPaelS WsxZqqzI6n0rnDNZesLxSUQfsvcxf6jBa7PR0lNTMYn4h42DOH+QPk1QMVV2vJgYPSsBzmuu Bz8z/c1EaE7wzusfrrr4HzbWd2y5a3V6WWe9x8jTisWWnLeyZefeaG5kXvOq9rQZB5rfkb2y xVsaVHK7D26/8YldrZKvxGO1e5RkOFoWffSHQ/uG0/F0zGAPYr/6IuDLPdxVVIJqpm7Jhdtb kehvxtrZjFfiZuzJNWPpaMbC0vw4+piiqCqNa1U6s6p0ZlXpGlulM6sKC5TJHu0Sm5N+1lqO t+h7+kDV2YPWQW4AOx9EnNrPyoQTeSqG6jNVEFzpolQxicTMwKqRuUeQAw5cXOu+a+2GW4fK atffvm7JvpzgCGOZMt6/8NrOdpAgkKiO6PxcV9JbEKCdg6sG9z28fvzx/d2LFtJiIeacWgSy s35PrvOGjSBLC2swt0aAW3eBVUtTWeqHufKqhvaGTQ2MHWuTPYLTyvZoBfZ7KzC3tIITsW8g Cx8f7kzfl6ZxKeUw1rYsqwsfq8sYeS2Sq2bgWMy/aLTixPXsAZY+xqJnWcSygapXE32eUxdZ N1tpq/FUgAjYyMz8u6aUr6U1YSNVJ6KgfCw6Q6ycZwof7Uw2EIYKzF1J79Qjoa7Ny3JjvVVm QeQZmhHEhlVbcpse2Noyb8u3NlzxtYsy9zMTO+df2FYCoX0y2n/NqkqnzylYvYrFbjOLXo+9 bdfkrvGjn1/Uue0bw/Yb7qwc2NiI171S9RP6Ju4a8HTGHnFJWAGJ4vl1q+UvWCu/bs78ujD5 8WHE6vLSSfXZnILzqaWm0w3dvsTp6p7IgNRDIrRaHJGnj9e9p+lY3fGzstBOjW5+ZoQW0zPS dYUsNH0Tyxl4wRlK+UuzEevTsKpziu1pA5gmT8Ru2CtJ2NTsjfVc1RdbEDcbYK23u62cUTR6 6pa1rBdknz0e+ewPBhHbJNHAOCNxu08WRka/sCplsZntflzTrM9/lbmZ+RnVRi2m1lHP5pxK phtrWbcBSO6OSHY00F3XDl4gZkG7rl9wfeMIfqtdWALNnMWmoIElftZWzdQJApYeifDrWM4C jUyd4PcLdRkW8ziXxUwexo8YjkjwseHy0pwI11JbtcA09f3avOJtp/OiJuadeT3lkQUvN/Wt fTmyRC/rtGuJ/hc105+uO4mZ64aoCsdVMnRKJ9PwL11AmOvAY5dLWwoSSR7smcutR8EFmWuE 5TXbQLCm2RAoo2yiuJzi8mcimbQy+ivmZrvt87FA7cj1ixs3+BV3R8MfFm5eXpn93P1brrpr fYUUrYnUVNWWhuPZCz8/kOoOI0mW8/mNI9XdVe6Na2t6qtwr1i17J5LyGPfv6N/Y5mfGY+H4 UNXia1ZUBF1KZShWSZvo6PzVrW2bV9aU5lZno21NdV7vQMX8ixKlIwsGd12QMRqi+fcuvDTS 1Fu2+pJwY8/UaEs7bfBmUmXOjoXB6jYs33eBX/ctWJlrqYlD7VlUPl1Y0gV7RsVJr0DBsuwO aeUDUkggNQRiNkT8nkmrHITKvRKsKI9m+uJd3gFiPklSopiZ1hbj5jPT52Q1EWYpDmjeoJP5 lkHR1lxPZW91255OeEnSmoWluPtA75rdA1FvQZ5p2+BoZ3x45dQthZ6Z629/7/xLbr4YW8ob 1U/QMq6KclJR6tZH22NLYptijEv35c6I1uzk+sZZUZ0WxT1Ob6EClPN8yW6dpU5g0xFTGFf8 8bG8Q16pl/DnxdNp3RrqK8vstQU7XnaxMIIUorazGWCvaG1J498iC5j9hSw9qm4pTzXDL1Cs vpD/KhoDiuNUNXXTwSW1eA8GcRbg+j4ed2nBsOPNGZiAUvw/FKTNlP53M9x9ja6i3w+2L2fy eqnaSkxjJdB4sCzc64CV9GGOaClQKtfVFfxZjVqglTsj2eE6M4I9g+xlodxYdyTjMbKIEYwC H3NHq0LWgtHDPChPt7aW28Z2X5A2mCyyYsG1Vs6R6ellvn8uOzQ92AN6kKW+ljO3N6BUDarJ KWgQ3KNnCXE1+vJXg6k3kytZ/moep5NUCYQ5Gg/OX4UD1fC5MhkKs0RTEVeJyJX1BrrkgnpA GIiqwNkC756sCbVvFKSgKAZJNIty6OEvLBUCQi4Xs8cAMZA/5rHx+f1nywe6wKB4IX4qcRot tvxj6GqLSNJyEPYZ0ft5y7lq8tkvIVKyGBlYVI1mj5R/LF8qO3XbgdqAZ04qRypqm0hFbfZQ cFpG0EeHTFIXoVgXgNkraOdItvfcoemj4J4FH2cpdSrnV3A5mex6SJDsQ5KkHjYvR13nVs61 bOGMCvupon0LhVw4rx6q1Wo7pMpDCjzEzJlAvh9divM7S9vO3Yig3facDQuPo4/AyEqIf6S/ D5xvPmfp6GvryjT1Zga8M+Z/Zpq+Wc/Zys2FYh62luR41r9nMs9nQ516RK0LC/esZkrtBkdF Z2XztkVYe9xRu+CqWFjZPF60rLwScLuCkjDwld6m1Z3VUmZZf3d8aEdveNrGxprPsrHn9jD7 wTFhGKNo2Llyia+qo6yms9wOxnegsAbBDNZSd+Zs2gxipC9HZ8/SefZB4GAxJEpSYVUihe4Z NW700aP6woSXpZwp01fujfcWWI+9humaqXQGt/+G5cn515anIhO/PvhXlqczGAUMugivTjga fB04hOtF380F2lOoTEEpGSUsKGFGCQNKCKicZK9mqRG9MWuNCDvroSoTMs0oPkXOLD49Rptw HvxRGzW4GabJi88l2/piEDnq4TWOEHWWVRVLSiOFn79WW2Jeb9n2g62b/uvVDc3b/vs2uDb+ 0N92xZLeyzuj/vYrlvRc0RlBb1599Kb+Bdcd2grXPrju6b1hfXN23Q2DfTdc3JwdvQHnFvJ3 Mi8Ab3Bu4XqcW4g2mHQpMelSYipYH5NOvYk4MU4trUASDKQaoGUYZs0r9EpLzptXmC2tMIuM nD+tcMdoWWdHLj5DWBxOvyKkBgaXZdZ/CacV6khaoSvZuWth2+pGH3pnx4/2dUsl2Vi+rWAL 2XdAZhic1Zsob0s5B/Y/uH3R58fm2VMLa/J3rxieN7aHxM/ArXt0bt2U8wO7wmIaK0zaZC6k WIiRS+PYuZyq08Rmxj7DU/o+w8L+w8I+Q4idnaW94vx0mJUqcezs62vCsbM0iNf82WPnM3hW L2uZ3YK8uOvPHzsbsZqFHUKqr6c3iVlUu+H2dWVdi7rL8VZVR0AWzomf84cKnEInU80xWyGG lktbU1cVWJf/Ny2I1hIyEEQT60Q/QDKDGw5trkcJmy5U01uQdOGy6VJnw8KlzCgCYCmjfCBz pTljui9hc0Z6nQOUbu7Jgp8u+sIzA8DZDA0RIp5+gOaNBoM7GHd6q+tbYmebmdKOluagJRoP mlkGMetdIdloNBoclQONUw+da2j2NXQmbYzBZDJayU60Zepp+hmguJd6Jmeu6m/vX9K/t//B fm5Goe0DvcBGhKIDp6fsZxXgSOENvZoLa9U2UmfDIqYX23CIjG2O/zH0AdkyYcJukTkn6qni BNyv3fygmTZXvtZo+oO8VL5I3iwzWlHtFVxR63O9rSljsZymF9NGcHlkRjFt2pf+e4tp9DN1 ozcsrh5aVO0ysbhYlm5f1VTeWetP5pauXJZLppbvXh7vaUk5BQa8IxNvLGnorSrPpZxlueUr V+SSyLroSphvt9cRD9vB//RH/EqsoTSRLQuXpNtWzau/uLfCrDgls80lyV5JcHld9lh1IFlf Fikpn3cBnouo+i59FfsDqoW68FCKkmMZnecZfS4y+lxkdIXM6FKZwUJodlsyp2M9Qctpd08N 9r4FzWyfxGJXp2evTh7XUnvs7AmGM9MQrkI6hr7KIEVSle6usVzwOpuCK2rXFhy1t3DuWLG9 1djtjgccBs7IsWuDJZLVyJf2b1tMW7UMw4uFDREvajmIvGlkndFk5KweTPedOM/H/Ah8gjty YfAExCSWoCSWoCQupCeJkUpKxOVCHx/RNC2scyWscwWuHxHdxI2DZMu1rqxhXUbDOFYx2jO9 SZHz9oJjxk0n+7B+FuxVUaRmTfadVXhraJxO+90jKEGnOyjzg/9Aln7BocUo7qqe6rbdiwRH GDRXMRY9gp0rF8+79Ob1dElBO6f+smTdwtLhlfT2Qg/mTwn4TLuBPxXUb49SMRVWM+zohknt rTSMQlojhFw6nU796ph2f8lVKe4nUP8114g3I4BXIaOkhMo4VFIGHfNLULwERXGzPYriURQh vREUj6CkDe2IoihOchllZ080AloLr97OGUEUozjDiF/hmYji+5vhg9Gy3qjo6xUHpus/abxT f4R4DmntH6mEaXzH1b80OTtR3AI1Y4mwu7XCUIhmdiOaofMnWYuvLBQq81rZ/DMshzfruIMx u5HNs8yntMke9btDssB8kzWazMJn/w3v3WcNVhMzZFaMDMSENCDjlM9spn9vNBsY2iBibtdD jLEfuL2Iev0o1Q3maT6Q1oSTX6km1IivpZUoEUWJCEqEUSKEEkGUDKAyFqUY1NKKWltQawbN w98C4kSDkp4+wNecCcRVisAdJJveja+kVGbD3baOXvJ3mJnt0hJpk7RXYqWc4uqR6npLe1sO VKAK/F4FtpqS3dVzacXOCnoR9LoHjJjJL2BOjhxvbz8JnNT4XaXZQ4p4aUV/TWM0X+QzkxRm 1FpnYfmMJref5fIfMhZ3WShc7jUzP6bpBxmLLxUKJ+FV/mOOhejCHShRDMzLNH2CNiog9mHF QL9Eoxdpoz3q8wTxtAgO2/Sk0LcZjVPbpqfI5hCMIswQRKpTPqMRZsgChhdv9fQUXtEGE56v FGhHP8xXFXXTUaoGGCPj/D62G5XYYrRWIg/I4xFcz/Mgt24bXIUuFzJiaS3HcSv+zDwKNcVQ g4jECA4v8KyIYk11qhfXcHvlYgjR3C4rSEtfU5ixWHg1+U2XuhyFYyjMLDVdu326prvQYE+G QzGnyP7qJVZ0lgSCpTIyIk/+QwOyJyPBmMPEnnyWNclhf7BUoY35jyusdjMH0bmANua/AReG M9ut6FH0gNVuYRneJOQfRkt4vKdPdNjyo9h6gBe4B/gTp5YfpfxAaz3WfD9K+ZGHBM8elLA2 WOmkEfnwktziQ94mzDgvCvd6TfZeUz+7hOrXg1ZcrU9rSouVN8popDbaEwmQnGyxSm8nWR2X Q6DrruFran0Rmeb3GCUm/4RBiodCJQ4jhxDzES+XRAJxmc8flmTO7LCiZlYxMRc6PVaOMdgs U5X0i3aRg3VCoWhkUj9Ar3KjlJNKUdbDXKl/UOqCYb32zIy9bUyimEI662DVjwV8sCmgCDIy OGMBf8xpsBq9ZeFwCiTKkwqHy7xGtL3gNzKPmRUzx5tl86fN0bRfFP3paDTjFUVvBnhann8d baPeoPyU6RHRHaCk509qG60EQdOiRnvxudt4q1u+mbPYvXbZbULsjaIn7vPG3eJXwtnKjPcZ wWQggo3s1/sjEs9LEey7P65+iG5jvkaiQP/DlGOS3v2oKRSDGNbWQ7WfbD+JF/Xaczf1yWeT fRumMVKGaSyLYBrPfs1EIhWYvopISQZfM1NlUa0DCAbj6MtgLfs6jOdqoFik3A/jrT3HjuAt PEYG1AGGkn4Skz8jZ3d1Vdu8Svx7VXdV5SL4xfcoZ7ajbdw1wDUjcK0bPqmN/+9hGpcI11Vl PM8IZmIOjMi+1xdReF4hXPsis5OpJE9opCyH+BJXLTyl7iTm0xn5ff3wnTBLL5HZ+0V3zOMp cYm8xS19gTMrXkVymRCXd8/yBmgv232dPgpfqA4m9aTBJODTY4b86fO8gUebZnbSzxVHKybd dcXRFrmSSGSn2cLNyiz6OTyYL7IWxYMHw+w3uWNed8wl5u+e8QYMnyXv4NFzyTCMxnPSIMJo YBFEMnBR5nk54jvfGzB/KP8WY+J+AvpneFjiqKqqmmq3Phg9Kyl8l7U4gk5vVGF5eoS12ENO cBJZ7j2LzcAKFruF322xGYF+hwXutwgdoivp+ZSNsh6iBPE0S+GtnHqNJqrJEt7YRVcqcn5U gR/0HYMFDMfHyVA4kQjxsg/ucmP+AfRn7hYqRpXknAw2+QwONhiy8ZJxhsUbqfYq0BZt2wkP 3q3iLu66qWTIzGujR++uG1m3lkPWoFfx2c1Mw/KmQLh5eR0ySgGXOyDR3Pqn86tffCm/5h/N ssjRvIG75LlfvbZly6sv//JSlufB/EpYznfBiN6CEUWpuqOUovliiu7L4+thPDKFbC8USbSo jTBdW9wFKBTWjQalPksndZvmdinorUDTsgbGbPcpvqAFcReOjo6ytBRwOwOygb50O+3d8tqv nruEM/A0J8rmn6MHXnoRPfC0UTLB6Hj2ZH4JjO+J/DHaz+2kwmBFvT+z+U5gxledLvC94ONG i6EAkTK/zapSZpciiorLjCgefFib9d578TX/WdQvSH4Hn7b7ZYGX3HIk8Mk83kZ2R63JH0NH 9KdJP/PaTvD60zht+7YegkwHIyQjfERU3GbVCqGqKNx7r3ZVzW5F/MThh+AqKrttPHc8EJHd Ei/Ifjt+0qr8T+hO7npqCRXMWdrbgz+z2w3ZVxJ9rxjIE8nRx/mF4z+6N483zhSkoKGhvlDw K5yYEkhtVtsg6yQ5CfwW3QmxDK/47QtX1SpyrDEJkQ05LNrXa69bucDuVQT9WFjKU+IUpVRn NtuZkkzOqLvcaAX/VJXcFgOL0iuvv+KZzgvakyzMuNsmuWw8bdi759uXX78qjVjokjB5SK5Z tfqO3kuXt4qm1hWX9P1keFWNgnTubgeaNwLNyzDNqdTgUxwnZV9ZEHpFOpdmkCpnoe5ZWCIa cVhMqAcmkF1Exbf0PCemmhC9Edut8qaY1VG7qsPuc8ArngfK02BRTHLZorq6RWUyprFMtJlY zmgxQqy3YFWtHXMIL6l0o+SyCoitW7qhh9AIDrhFp1GpBhr7xsd6RFPFwuG+n6xeqdGoSG6r UODUokovZ7CResQtzCWomdsOtsj4CCdNryWaE1DIQqISweZRFK9VcOOBeaJOI2JuKuaGfkGK IUbNGsMd6bvJHYl34U9049u2n6yd9cZn9ric9D4Qe0Xx2Hi3yYGf5DCi/BfO6KtOnP1o3MrX nNknSfibKVULfw1XSW0m/+fDFQe37POUTqKrcjWVZk+midrtWelZSXVtGP9NuCxcc92f5DV/ Wrq0XzDvq9wS5+QwwOj8P125f1n/u6MgBe3Pnya5EcXdXCuDPJCT0zh58uRx3P2k9NyLcnPz b2S8WRzpuYEksetsYSuZu1ETBoHhcVaA1bebnbEXSNu0ESfRA09WK5LJY/UaeSPir5ETbWt2 Dqa6GkqFsv6eRdH0grq4x2SNNK3YOhBpbaj1yWwgAbPF0aul6oWpBbUgWFVbnziwY/LWsUXl LqHuuue/3btjqMHEGzkaFMTcfPENix/PT93bI4abVu/9wT/fdt+79wxM/SixtK68szbmMta3 e2qb2hOffsagzi/ftHNNnT3eXFrWHJfkaPW8nvL0ph1bVjfaItXRYauVFcB5zg6tSHWNXHpl 7dB/3tmdXT2+7+a9m5ObJm/qk+2yYHPLVsVmNjkc1uH7fv/l7Bfu+uZ/+sLGliUHfnEs15nq WL5qWbhvqRxrTjL4vPIPKYr5JuemKqk3c/F4CMWDKB5AMT+K+1Dcq+8QTZHUvoJjjWqyO8JG D15UjSh86oFK6XmelL52pPSMR0rPeKT0YCaFj05YQx78IY+IsSjj+FI7UvD8QbinrO8qm9F/ TD9i8K85I3ziWzKS7cokaj8YW56SJpGgndCqbZ86SbJs+Ock3rhS2I+N4wAqPR1RjugHuAob smEd4LVIsrFUr0KRdYT5Jm+yCFMXCmYRrIfFgKyf4D0qDC8aUTlrBlfFAw7TKfDNuU6cRxMk n13xyUbmV18zsZaQW/ZIZv4JhmVh/kX+06+AkcH24FL1NHMHF6WGEXeUWgOcDGBOrkE1BqC6 BjsENcQhqMHsqZmk63OmxSsSixd77Ggwh7MYCfiTBA6uc9CbyDFWv0Eq5C3JJ/0RstVHY7l/ ks4cJgEj2Z8Hz6KsOmut+mxZ8XzagcfWVlwGbsVh/kBVKyKs16cgZ8KdrXKr7GqYRGLO1Lui 4s+RCNeLjxCIxSMEYMOl4ikCCNyrtF3het6TbHfBpUOlWSrUWNPTBwEbZmQ/teNS+jKr90zv GuXrCkf9nSGGuaNt/Huf69gy3GIz8IzVYqxfsalzwVhnSXrFxOBug00UeNFq3LLg8t6kL7us vuXigVoTjkfBK7K3rNyUW/PFtZlI25rWhZuWZtDW1V+5pNEZDFut4B3GA5HSSEnbytrG4VwJ TK/T7rUJJbnVjWW9DeFYWYyz+V1Y1ezxmKfygu3d8y9f1izSQv3Sz8E8d1FXMkdYF0T7jkfK 4yF81BtWYqqq7uTUybp/74DAWccKj/AmqyE/aZADTkdQhpbRYuJBMg2o1yAHHdidgpYFvLyc 3a/gswQiPksgGtCVBlj48SlvaIEzymlnDhSSTV9EjTBfZxNUkDIfdNu84COf1CJD0IVCYqUR NZDdRwJCwOWvsyab+NkfTWZGMPKM7JYZwWKe2kNfDx4z8x1v2ELz6MtcIi4FFAuNbhU9VUHw KPj8T/M/F0RnDJ65kRplJtko+Ffmg0pA4vVnamm0og4ihJ2chgaXG28amGR5E//Zu6JkxJ6H SN84tReeR7NGSWQcJgvdJvsdIpMfx76wO1DiNHNoPqrnRVcsCG4nzee3cUntf1n6tgao6rzw Jr1+BvxCA6Z/FjjEri3Cpxi4rlnh+zp8PA38/ULHDDg6OxhqCbymgfHBaTC5dPj27CDWFuFu s2kOzoCj5wPLcsvr54J1uwY21yxw1/9dkG46F2QTgX2zg2IicB+Bt6bB/jPH6jPgrdnBeZ3z OpfbdUAD96pZ4Jf/J+BZPxt4vd73CuD7vO/3czAH/7+DPz0rXAhwn/8pAh9iCCwO3H9eeGYG vDc7BFuCXwo+GfwgtDn0x78Fws7wWg0i8/8fgL9E/hJ9+z8ulDSeAVtKHpyDOZiDOZiDOZiD OZiDOZiDOZiDOZiDOZiDOZiDOZiD/1hA6siIoqxbKURfYqYoIz1GsZSivgc4SXAL5Qbcr74D eEy9CPBl6huAx9WHAO9Sr6BYdLf6vwAfU38N+IT6EsUyKykb4GHKDHit+gjgUbUf8DrS3gp3 lilW/SPgMfVZwOPq24An1OcB71JPUDIqw+/CnTE+RvBT+FNwf2gzK9XfAR4FrMA4/wS4BZ6l wDhxe4wyUQr8zYeA11KrAY/id5l10PbAc/8FcIt6CvAY0OWBp78PeEL9DeBd6suUBz77NOBh GJsH7sAAHlXfBbwO2gG4wynACow5AE/HuB94EqBGYWwBRKuvA5ZgbAHkg2cFUEh9BXCZegzw taR9C+m/G38WqHsW8JPkUydwG/jzJpWAp9wGWAGKEoTGBIz5q4D7SXtU/S3gCRhJAp74NGD8 xAQ88Y+AQ3D/BDwL99xCeg6or1EJoCsLeFhtB4zpShCKEsyV6hNUErjxAeBx4FsS+PAvVBLG 9lvAT8JTksD/9wGfgP4Kwo0WGOFrgCfg/i1w5zcBD8PY2mDMpwAn1ecAt1BewP3qPwEeA2lp A/l5HvC4+iXAu9TVVBtw5h3Ad4P8tMETHwH8pDoJ+IT6MNUGsiQDXqteBXhUbQW8DtogTfCp fuDJm4DHgAP9cM9TgCeAz/1wZ+iBMf+F6oexPQt4GEbeD1SbAY/COPuBdjM1BPe5HHCLOg54 DGgfgju8BniX+m/UEPD2ecCS+gJgH8zREPD2JcBl+LPAYdy+hfQfABkYQneT/hMYw3NpwMP5 TwGvpaoBj1IWwOtI+0r1TsBb1f9JrSGzvAY4dhpwP/BzDczvm4DHSHucvItnZA08/VXA16ov Aj6m/h7wk+o/Az6BMWiciRoFit4D3AK0jMId3gc8Tnom1D8D3gX3HIXPvgP4SZjHUfjsW9Qo cBj+ksEyPAocxu2tcAewB6D1YzDCFwEn1Z8CbgFpGYNxPgV4FGRmDCBAjQGv8HcASir+Jj+f ir9DMKTib/FbquLvD9yu4m8p3EHwtaT/ZtK+hfzlraR9QMXfMHiYtI+p+DsWn1TxNzA+peLv XTyh3kuNAVcrAQ+puwAPq/WAMW/HgLcuwOtI+0r1a4C3wngug/H/E+AW9VfUZcRuXAafepUa h/57AWNZHQe6MG5Rvwu4n7QxXeOEY+NA11HAEkjmONA1CTikHga8VP054O3qccA7CL4WRjsO dOH2LeQvbyXtA+qjgA+T9jGQlnGg5R+pcRhPGeBhtRbwWsoKeB3BW2EkEzC2E4CTwO0JGBVu 49mZgDE8DzgElmoCxvAh4GtBdybgibj/brBjE/As3HMMtGACePgLwCdAhifILE+Q+Z2ApzxI 7QI+XAZYUX8MOElwi3oAcL/6E8BY03cBB3YBltSLAfvUawGHYNZ2geb+D8BL1a2AR0D+d6HL 4Vm7gCffAbyD4GthTncBT3D7FvLZW0n7ANi3XTDa5wEfJj3/m7ivgY+quvbde86Z70kYEDVQ Go6oGJCGiKg8vhwwKALCiEK5UEmGZBJG8jFMJiGJBA4RMUiuHa2lFG0L1HKt7bO2vlprvXQi /AJVrkVFRUCboqLSoKmlkHq5nPtf65yZzABaeu+7753lWmd/rr33f6+1zj4kniSN30B2sM5O 43nI3Vh7M1DCkwY7XgG5wLgIcpEYDFnCssq4FzJmbJA2zOcE5GbjOCRwhuwwPoPs5JLdxkFp g4Ufkv3Q8lPIhHEScrNxCjLJ6Q6WncZbkLspjfbHpB8IfArZApmPvp9Abjb+Ckm98rlXPnr9 EXK38ReZTxFGFqDXAUi/8TrkYONlyHzj3yDxdIMMGrsgW4w3IDdwbcL4ADIpciA7hANyt/DI AiDQCrnAaIRcJKohF4tBkCWcjhm/g1wt8mUQIx6E9AOHIEY8DpmPOQdlUFwE2QI0ghiLymEn MojoeinkInEHJKITZAmnq8StciHjuZDxXMh4LmQ8FzKeCxnPhYznXdBwCWQJZITTEU5XYT7v QPqNfZCDjT2Q+cYOyBbjN5AbuCQBbVUY5STkL42jsgorekbW8+j1PHo9j17Po9fz6PU8ej2P 3sAtG7hlA7ds4JYN3LKBWzZwyxbUnoLsMHohO7E7Laj9q2wBwofkeraK9WwV69kq1vP+ruf9 Xc9WsZ6tYj1bxQag6pHtWOObkH7jCORg433IfOxjO/aX0i3GHyA3cBpPYcgk9qId++uFpP1t x+hBSMQByEViEeRinAbagSGlY7CTBOZ2HHKz8TFkEnuX4FklMKtjkLsx/wRm9YHcjPl8COln ORjtN2M+xyBbYHWbMRMq2Wy8JzdjrFsgF2MmmzEWpWNGh0xCwxFI0pCkEwVkPssCtEzyupLQ dhxyA5cngFUSzz4PZFL4IDtY7iaJ1YUgFxgLIBeJiZCLBfwNI1I6ZrwqOzDix5B+aOvAiJ9A 5rMsgBd0YERK04gdGJHSCZabceLs4BE7MKILkkbsYDw7MCJ2mkfs4BE7eMQOjPiG7MSIhyD9 xmuQiKiQ+cZLkC3wpk6KpZAJ2FUnRnFA/hJz64S2ayFLWMaMF+Vu6PkjpB92uxt6PoLMB267 MXMPZJDLW7h8A0uy9t2M1W6e+W6e+W62hN2YeQ3kAgPxGmPhDMQz340RKR0zXofHqnQCxsnq Eshy4x7IuHE3ZJPwQDYb1co87O8byjxEezxj6OwNWYL0AvT1QQ4wDkJexXK8uAgSTz3IcqMS cqnxCWTciEI2G8XKAtjeAcggRlxAERsyaTwD2WG8ALmb0hjrbsjFxiTIEk7HjG9iDeqZXsgB aLkIIz4DOd5YBTmT0+WiH2SzyFEWAcllkH6jCnKwUQuZzzJo1EHeJVyQEeMkZD1wWITnC8kW br+e0xu4fTunE8a9kL/kdNL4ALKDZafxKiSehsoioD0ecgHmTKemOyGvMg4rdHbaDkmY4AQl FkHGgS3OTuJqZTHm+Qqk39gKOdj4IWS+8WPIoPEUZIvxPOQGLk9grMUYZSrkAmMKdpHQKGE0 ShiNEkajhNEoYTRKGI0SRqOE0ShhNEoYjRJGo4TRKGE0ShiNEkajhNEoYTRKGI0SRqOE0Shh NEoYjRJGo4TRKGE0ShiNEkajCmj8GnK8cUihGE7SzzKfZdB4R6EYTjJhvK3g+W88qsToyQiZ ZNkJ64rR+5qyiuIkZETcqE5S6f86pOtrtmGCvnpJVzlLhd9GczlHaZvIVVQrrYgiZYCVVjPa 2PFWNtVKOzLKneJzZaGVdomRyj4r7RaaeqeV9ti2pNt7xXw1bqV9YqT6kpXOsW1ST1jpXFHl bKf3Zb7GOHuttBRO10grbRNOd7OVxnuje42VVjPa2IXP/V0r7cgod4oW94+stEtc7O6y0m7h 9wyz0h4ZTLf3iqs9Y6y0T1zsuctK58hZnpiVzhXXe3dgJlJ1WzibaRNnM23ibKZNnM20mtHG xNlMOzLKTZzNtImzmTZxNtMmzmbaxNlMmzibaRNnM23i/GOhiTE4zReJcUjdxn/lNiZqRR24 Av6oiZv4rwObfyM4hJIIUjWiEDVTRBVIE3NRVonTfxy9KBfGPYzWDZDlaHkT+lWhzRKURdAi wu1C4GroKue2NcjVoayG68z+EcxAA4fQLgINTcitQCqOsTT+m8RLkK5CW43nXI/e5fw3jytZ S62lNY4W1daY1ELDGmt5zDD/bWNay6281gqUhPhv7sZ4FRrfQ7xKGtdcRxlqRrHmai6pYo0h YGSWp0aphp4qRixqzbIGJdU8qqmT1hnPmAGNGOW1pP4ms4m2OXcaqRYIaPzXiCsZhQj//WH6 u85xztGK4+n9MDEzR9F47jXWumoZ2yXcsm/GmSsi1Bq5n7nqZcgXsj1k7uZVrK2aNTQxDvXW zmfiTTtmrj/M86f1m/sSY2uguzki7bUGHdH0asw5Vlpt6pBrtrTHsQpzhxrSuxRiGwmhtDpr XSlrLsNMQjx+mTV+IVtsJe8V1ZzrA+PPWfX4tNdcJ+ZbVhSx7O06aLwetee3+rBlv+ZqQtb8 K7nWnE/YQozmWM6WS7NaxnuW6nP+2op/yIP7rMXcm3nIRXgONP4dbO3xrH0cbc2gNmMFZZbf xXmVYbblWSgpEwW8xyPQppz138KzMvvGQVGgOBq0gqmQfTx75oWsvRpt4rAtmn8lryAKDU0o pR2s4LWQ52RrTZVX8F9Gj7H9pvT9E8/ZtNomtrY6nmGc/aqO44DZW+M1kE+G2aIiPIaJ0BLu m0JvGvCbhYho9o1l1Jj+XM6Y9PnoCusvii/9gnHNPLUtgxXVM4blaZsv5/ooW2xThp1HeaU1 lqWbusIsyXPPXjfVmxGiAL1GsHVWY13htM+eO6uaczRfOEZ92lNRWrPirGk9ZVnx7ty199lr 9rwmZCBAKzHXYkb9lNXH0k+Qco6hNRxLQ1+4UhPnUBamYcv6z/YBQpUsr557lnM8otWE03qo ZRXHtC/bof9bftHnE6N5NuQD5pOokPcqKhp/rI0pKhqn3RYpi9XW1VbEtZtqY9HaWCgeqa0p 1KZUVWlzI5VL43Xa3HBdONYQLi+8KVQVWRKLaJE6LaRV15aHYzVaXaimTkN9pEKrCFVHqpq0 FZH4Uq2ufkm8KqzFautryiM1lXVaLZrGw9XoWVOuldXGasKxukLt1rhWEQ7F62PhOi0WDlVp kTjGKKsbpdVVhzCDslAUaepSXV8Vj0Shsqa+OhxDy7pwnBXUadFYLeZN04b2qqraFdpSTFyL VEdDZXEtUqPFaR2YGbpoVZEajFVboS2JVLJic6B4uDGOzpFl4ULNWuZVdVp1qKZJK6vH4s15 x5di/PAKLRbCWmIRLBsdQ9VafZSGgcZKlNRFmtE8XosFNdCSQtqKUKzaHItgLlsaimFi4Vjh 3HBlfVUolt6B8amhx9PWXDcfEGFR2nWF14/JgD4MfDFMCPorIzSPMCYWC5WHq0OxZVot1WRk K86/wQwLVjOvJhJH/zviobi5xtFQUMsDlGHv4rFIuK5wVn1ZQahuhFYe1m6J1aI2Ho+OHz16 xYoVhdUp5YVltdWj403R2spYKLq0aXRZvKK2Jl5nNaV0RQgLWEbt/qm2HtA2afV1YUwCS6Jq LYSdDMeqI3Ga0JImnt60ebOmoDbGGexzeb25oyuWRsqWZvTFPVJTVlVfTljUauWRumgVBiDM o7EIGpShVbgmXqilxq6tgUEUREZo4eol1KlPVU2q8XlnxM3JpAF/HeApM+0uPTrjaumawBMo iGAUmD5BHyMHKa9dUVNVG8ocFHMOmTMF8OkdqK2PR+vjgL0hUhamNkvDVdGzFnQhe8E7Mbo8 XBGCExWG6qKN6fdBYeSJdeJ8l0QLvFGIi4TTMPAmabPeooQsABeZP8/8kktVp/l8Em1sCy60 fU4OtVfaLrR9v37UXn3uQtv7/dTe/tGFtu/fn9o78y60/UUXoT3ugt4qVW5Pb9U3s+wvcsQA MVjk4bw8RIwVw3FSuErMxtvCIsTopYj49WKyaBXF4ps4STwmZuK97OviWbFQ7BSLxT5E8XfQ in5iQj+H8IlmOUja5HDZT14j/XKyHCxvlflyviyQIRmUNXKhvEfeJdtkRH5bVsnHZa38uayX O2SD/J1skfvlevkHuUF2y3b5N5mwqXKzrZ/8pe0rMmkbLjts18hO21S523abMsO2UJlnq1S+ bqtVFtialUU2XVlsa1NKbAmlyrZJidmeUFbZnlJW2/5V0W17lTW2Q0qr7Zhyr+1vykbFpXxH 8SuPKnnKcWW08qkyUZ2k3KoWK3eo05S7sNeV2Xgpy/6LeD0OvH4OvHYAr5eB1wHg9QFafQa8 DOA1EHhdBrwKgdf/Al63AK+5wKsUeC0DXk3Aax3wegR4bQVeTwOvHcBrL/B6C3gdAV7Hgdfn st3mBF4DgNdXgddI4HUd8AoAr9uB1zeAVwR4rQBeq4HXA8ArAbw2Aa8twOsJ4PUc8NoBvF4B Xu8Cr0+A1xnlXiUXeOUDr+HAqxB43QK87gReIeBVDbxWAJ812Xg5ujPwuhR4XQm8rgVeU4DX HOB1F/BaBryagNf9wOvbwOuHwOt54LUHeL0JvN4HXp+JcqhbKnNFXA4BXtcCrynAaw7wWgS8 7gZeDcDrPuD1EPDaArx+Brx2AK+9wOsd4NUNvP5dNthyZYttsFwPO9oAbNptxcArCLy+Abzu Bl4NwKsVeH0beG0FXk8Dr98Crz3Aaz/wOgS83gdex4HXSSUGG1oFbFYrmqIrY5Q1yk1Kq3In 8AoDrwbgtRp4tQGvHwKvnwOv3wKvl4HXG8DrD9l4eV7OwGsQ8CoAXjcAr5uB1zz6yTzwojNT K/B6CHhtAV4/A157gNdbwKsHeBliMXAql18FXqOA1wTgdSfwKgNeMeC1Cng9CLw2A68ngdez wKsTeL0BvD4AXn+RVfC3WttAWW+7AnjdALxuAl5zgNdi4FUNvJqA133A61vA6wfA6yfAawfw egl4vQ28PgZenwGvM8oixa4sBj4lyqVKFTCKAaNVyjigMhN4LQZey4HXWuD1HeD1JOQzwOsF 4PU28PoIeJ1Si1VFnab2Q7j6SjZeuUcz8PoK8LoaeE2g38MAXouA1zLgtQ54bQVePwdeHcDr VeDVLWZKp/i6HCYWyjHAayrwmgu8ltDPboHXJuD1DPDaCbz2Aa8/Ai/6WZ8hC2w+GYRvLbR9 Td5lmywjttuAVwnwigKvNcBrI/D6IfB6Gnglgdc+4PUO8DoGvP4mk4pDdigXyU6lQO5WrlNm KNOUecp85ev0L65AaJFSB1RWIncfcg8Cr63A61+A12+A1++B13vA65Ryr+pVNqpDle+oBcqj 6jXKcTWofKqWqpPUKPBaCbzwnFIfycbrouYMvL4KvAqB10zgtZR+hwR4PQC8/gV47QJebwCv o8DrlJiG+DRTXgO8ZgOvEuC1Enj9M/D6PvD6DfA6ALw+ljabQ/aD3fjhW4NtY2W+7WbgdSfw qgBeK4DXeuD1KPBC/LK9CLz2A68/Aa+/yfWKU25Q8mS7MkImlBvkZmWa/KUyD3iVAa9m4PUQ 8PoB8HoBeL0CvA4Ar6PA6zjwOqWUqFKpAiYx9TJllXqVslqdqOjq7coatUJpVe8BXgng9SPg 9TPg9WvgdRB4/Ql4nVaL7R51mh3PUftwOke4nPjP7y8oKF7Z2uqyS5ezK5HoaWtr66GMI9qm 42qLuhzS5eppW4sLNSpqenQd/+lZGZ2bjSvW9cfWFo/jDDqcpl4uKV2qbl0uRbhUzbySpMBu VfS4XNLl2bnzR7i++11WsGvX448/8kh7O2ca1/LVyHPjWZI2mjVnEm1tPJ3ShB7Q/IlSl124 HL3WQKnpmAq8wuVdq63VZgRmBG4HabqG2aP52unTi4qmT1/LfdvagkHq67BLh7PH1djWxkM7 MdM2GtChSoc9SjOPcrmLmqARt4+29ep6o0vFWosCPQG60MjhaEwkSvWoCTA0Pb2Hupj4CBMG j2K4FE1kIuTQ9cSW5JYtiSwgHS7p8Dz7u/W4eEhTlzU6LpqVw2nOlYFyOM0JulwORTrULlML VuGI6skif5dTFU7VnGwRq6HWm5Y67MJhN8FwuIXD3aa36fMQpIeBzDrUBNtcfc2w1r6JCl2x CakEArpDSoei0xlNl7gUqnBRhUJWENyyRQFc9mBwi9cu3HaXy+/XSJeuSwXe3eWxQSdl6QoE OEsJugAbZZMpbJJmNmBdSQ8bHTWkrOZRqC+luLOC2SropaDYvmXLFrdburz54jIxW39Y36Y/ rj8qAmKiYKso3cL70suZaJsr6nK1Re1YuwOFmsYpV1GyyMUpvTSvVP8SN4NZOslldN1ymf8X bkar69A7sLJt+iMg2tBsd3NKl3tccSsuDJH2sP+Gu/nOcTfCpLW4ALAUt36Ru7nt0u3UM/3N YfobV7jSDkcVpYkeqlCFGw53Po9LKfsCl1P7XM6tSjdczvI5t5TuNKr/LaejePF08iyn4xAR OL/XOb7E6xx9XudIeV3mVL/c7dyW27ktt3N/sdt5bVCacjv4DOdTfodizqcdT0+a+ZTnBZJe vL6qpp+x73kV6h/IdD635Xxucj6PR7p8Q4Wmzw48DNoY2IDFBPCIZtvrcz9kUu7ntAunQ2P/ O68Dut3C7XaJgSCCb4pYzRvvdki3i7aqF2ba63YiN3EqL2LqRMq5e9eSC7SijmynVzc9sC/X y1qoJfV7sLXV6kedzpDIth0yTrvfurpIiyNV1ev2SLcviWtrYCuv++FAO8jtkm5Px9atD61f f99993Ju4tQ1dGEomj5PPb0YzrUhhPAU6fnN+Lidwu08kxo5PUV2b7dXunPIOx+w/PManfwT cLlda6ZecUXeFVdMXcMKWouLCwpIgdMunYR9I8zU45AeF4Z/bheG3vUcVZnnhrYoV6mqGm9H VXvc6ZBOeoaf1vWVHlV47Gk3DaCl07mSvEdHg8YsnVgLg2i5qu5TDHefr8JbPXbpIb9uI3dN tHmk9PRBrjvd0ul7RuzlIGcST8TSnZrUWnNYq3zXcxQUKGvNHatwqtJpea9OaYpEpbSNtKmp lRSxPlaHBRNM5JrwTadHOL3FgeLASJ2oP06lZjUqg8E2T0ZTeIVH2jypcI11qzZhU8lVnFI6 sTbyZN0mpU2lOiyX6lTA4JieSCRUu0Bi+vREjkN4Haqa5dBStXflKNJj1zI8WuMSSpgXqnxU 0tUHY5dZkEZd6/KpkrfQcutAkY/2NEl1fnNjVOwEObauoqkDM0t4ydb66eil3aKt1x7WHg78 Mzv3jYIN1nJurdcyX5fl3ubz008WbCekLPdGit3b4xYe2Gufg6+Gi3Ncd0qPm32CHPm0x4Xs 5CnmiqZMpqzndCt70xrUktWdTnn1aTartJPr3Jj7fnPNGqsv9TO491lGx+btT3s6aXamK097 vNKTkyxNliLYbXlIewie94BGHshKydlNb/e4pcc72VpK6pqCQMgzpWWZnp9eJVx/7dpWnji5 YKmfwPM4hceV9n1/euJmDKG55K7VUk/nPv/3uNCN/Z8DAGtJBwC/5TbqSpi51yG95K2ZIcBp hQCuU88fA7yq8LIBpYKAE3WryBF1HJNWZqv9u1HAa5dextgKA14pvRk78j8UB2ipjRxke/4n 4oBX2rypOHABgcCbCgRepxkIKPElgSBXkd6MQEABgIv6IgFVclFGKEAwMIu0jKsrV5Xmbqbi QaAolzaYA4IVETgkmLuCkODlkODzwQD7JYu0gP/mxHoUPOT/ltaeDIhSMVT32G0el5aOCmz3 sDq1EfuwtpHCgssKC046cKqIBaV5KqcpgazXI7we+v9kiC4DBfTVOhaMSXqd0mu5DUcHrwv5 /JCJRiCUT3lP7zozPrSu62WDpPhgBYi+PAvd65Ze71BRqgcE9kp809Sjl+pDBVf14WdkYHm2 nbJX+PtiB43SFzswao709kvmJfO2FGwpSExPTKfT4n2u+1ytLh4lqW8BJUBt+lpQK2iNObch oiwrmExBfoiwYOBjDk8glTejSSsvs3EtllLkItS9TuHNiCf+s9bWp3yy4Lm2YmbT/CYV0KS3 +AP+gNcNUKgVheuBHLrNkxlNAAO0UqwxB7De/RFr4Es+p/S5Sf9zu+j4suu5rDcorrXhGn8z 1d483npXoniDWrvw2cf1BRyyAFdfxGldeZby1lYzrKchy1EMT2bQ0ZI+h/RxkLKizlqflL7M 7dRdXunK/XWyU1ubQfx+lRok62XL21fDwYfzqdVgYfzKZUUf3ToDU6BHnKfnfyDQay5tHGs1 BwAM5CmtVvjOeh1LBSFWxW8RiELezOZwXZ+0+dIn1aw45JI2eq8UZwUiXyoQ+VKByMeBKNcp fE6bLRWKrEhkt3f1U6TPzq/n5kUvB1zGqVQoCuhc1pVlaGbfrGCkdfVTUVYUyApH/VRsvxmO MuORLxWPfE6KRzlks85kXpHmv2X69D3wsLZE20OJB0vNiMTeURRMWMZ/hvONa7GmRtVmu7CY 5PMKnzdX5IqvMF2jX6OXJlfjQEBnAp9L+jynOzs7d53u3LlzZ+dpnxsFQ0VULxXJDCpFyVDh 80if74zYiZf5ZMbVoe/Uzwg25zOUP82lZ/oKzpjtuPtQPRowde+2upcmo8mhOlf26TQyB0j6 bDCJrAI4lyMvfW2K0mCujAZnfLnS5+8a0jWkZ+K+UQeqDlTtmbV376723e07fTt9PFhXsie5 L3kAtBfUCXoxuTPZkfR5pS9nqFhuQZSi0uTyJCAwAWOszJkQYKdFp9jJ1CkobeY6dIZgYkUy 2dU4JNfh2Nvocwmf2+ibeN5Zy+67QvqNwtdP+vp3ODocO9eVtZe1V+yt2Hv9gbELJjbmFeUV 8Ux27qyomJiXN7GiYudOn8fwuUN6SL9WEOWDfGnit7CVnQ7Hqs7OVxpyXDLHQ6McPrqTrqOH zdfRCh66YiLXK7gmVHJ95QR6F8RKOjuxl0sm5jhkjmNiaWlpb6l1+ah+NQypc2VyFXqsOnuI nTtzbDJHTSaFSK/Rrxo59qIiIYr6rq4cp8xxU23n3gM9PQf27u20OmZcbp909zvc9WFRZxbx C2t6PPP1tYLTFRN9GXVHD9PGUUF6fVgrvwUc6EoNQS+4jbto53ztjXTec/QtdxzrtsYBOPTC T//EVSaIrgcNAblz8R+ZW1le5abyTWOfntiThxcIftflfaNt852/bx6oSOTYbDkZdg/k7Iq0 2TGDpI4nj9tOcApClB5Ddq7OMavtgNE1rGLv3r12p8hxVVRU7G3r7xS5TofD5/PB8ghsapmU qrQ7evwqttQssNyytLSICzllXVTPhT3Z1mp27ynKunr8DpHjGGJ2TFo6hnBhF6fzfHnWptvT W2yHabn20pULD+7v7MobV5RXWVXVDR/ee2Dv2wdeiXI4CiBkkAeMazyQ8iWDC1Z2KopjogMb 2rnSTe8qfitA+jln8/kRIv0+G+c4RSX8U3uP2GZbIJSypliVGFgZCy8T46tC8RoxCzXyjrlT NWyKMAz+OQ9WgVOEmZMCwIqLudwsseGM0U9cAlJuDQaniyvmzrlNE0V3zp2p4aRitqHfs/CL SzmnYIT+ae04lOH8OMjKIdSJi8Rg8ZWyaF1UPM7ySZZPs3yW5QssX1wWjtWIPSxfYbmf5UGW XSyPsuym3xMSn5GUDpaDWRaynMpyPsu7q5dVL5OrWK5j+SDLjSy/z3I7y6fSvy3x96S8QOkC kgowcABhuA1w+f9XZsM+5PzD91yEYfo9Y/pN1FbxsNgmfiFeFK+JI+IzaRNuXqnLWm23oN/x V9BvIEKApJ+ZyfHmvW2def9eb0Yf2Nsn27Ly0nc6O587PDvff0B2/qLN2fkrz2TnC86qHzk4 Oz+2SLhtmfkTGfUOIW+ZmJ2f9QDuHth0gQjS/xeBPq2AqsgWFKttj9veEluU7ynfE/vVuLpV vGF/3dEmFc8dnpD8ted+vLzs8fl902w3+Rb5vm9ryinPudv2rzmrc9ptu3JtuS7ba7mnck/Z 3hZSP0nYON7Mefa8tA90MOf9DDpm0b7z0IncYWkqAI0HFYPuZtp0NuXsy92W+3/8Gy3akkFP EtH59zzk6R9M0wP9H0nTSZMGDDkPFYLGDtycQY+bxDVn0cBfDNyTplcu7gIdJbpEPR8NKLxk wCUFlz6QQY8wvXhe2nfp5ynKG5g3OE3FFs04LwWZ5lv3bNItSe06mfanyez9bl7PoJGDygd9 f9ATRGdrH/TU+cjUPui5QUcsOtFHNMqgz3ksnfirsy4fn6ZZl89NU7lFd4P0y++mPw19ReDK wiuLL78bsvDKF4fvuepNphMFC0HREcNBo0YcGdELPjLizMg9V3+faMSRq1+4+tjVx0apo3JH DRz1PGh/4WRQsHDh6Mcs2nGNfu3waz8a+/D1Y0GTb8i7YeENjeN+YdEL4zrH7R8/EjRu/LoJ hyc5mBKTXmQ6Pfn6yT+16NlJp5H/6eQezvXcaLvRNvmnN44KPBh4YUrhtAWgd29ZOilhtsa9 x2x162Rqd+usGcNmFM2YPOOJmcOZgjPvZmqcuW7mY5CNM18Cdc1qnqXPeve2KGjj7FK0Cs5+ ZfYrM1+CPEwp0JHZ3bM/n6MzbZ+zl+ndOd3gd+ecDKpzTqK+O7gweDh45PY46OG5Gtptn3PS rJnbPOfk3PfnfjIvOL9zwYK7Btw15K7hlWrlwsoDlZ+n7ktHgX5R468ZFm2MtkaT0SPR7ujJ 5eryMcuLl1csjy5vXt62fOPyny5/dvmu5a/ForGHY0/EPqsTdQPqptctqXuh7s342PiS+GP1 8+vb6nfUn2hwNIxquLnhpw1HVxSv+LxxSOPNjaWNscbHGp9qPNA0rOkbTc82HWj6vNnXfEnz uOapzeXN25sP3DPynuJ7Ft+z6Z4n7zl8z8mVgZXNK19ocbQEWmItT7d0tpxeNXjV0lXbV3Wv Hr+6cfVTevALYtWzZ8ej7GijN/QRxRH+9xiLzAjyBb4342yPy/YT09LPG3VSkSeDsmOH3tlH FB30/X1kxgWKof4n8zovfQRx+ODkHkRNjsF8R7ztH0R83ZS7zb8xZ186ZqJt/5OXl1PfnGdz N/XFThMlROdijr9mq2G521LoUSnFYm57kOq5vYUg9D6b8z4i+Tb0OMja9mF2G3E/yNT3dDh2 1lOhOOM50Pck2EbzPif6P3lO9PdYMf8Bjvcc5VkPeucWI70pFQmxH09Y+4XYZMYfM75Z+4iY iAhIu1aejo6pHUWMy5uhH6EefXt8+Vz9iH4E2qjVCdQFBx25fO65NoE4uD8jop4nzmbG1XNj qhW5O9mazCg6KxU/Ka6jBKPq3YOeQMncvOD1Y2e/colqPsf4jmfWpZ9f3AWrGpB6+qSeKgOG XKL2PYFMq6RnG7dWqQX6vnjJAKqhEmpF5QOG5OxLWWre4AFD8AQcQP0pbZb2PUczn6Q0F35q Ws/NjCfnAGg4+zn5SNbTcZ/1ZByYmj3qPzdHp/FnBi/uyivGfLLQJ9QIY+xUhsemMDY9kdA0 LeXycuA9g3aTkMgLDtzM+/0E7U2GV48f9BTWmnrC7je16t15ut5tEo1A98vn0q5QyrQ0uuvd VxZeMcZk8wl3xRh+KmUQPeHMpxs/H/+LxM/UDDq3BT9pM8h64qbp3B70pP3HiJ/FF0zpJ/YX 0NlIEaWf419A/GS/YOLTxgXS2ejwGSWDzsWPzy4ZRHZv7vQ/Rudq/vuzuzAycaazS+62SY4Z wyadzjlIpx6mBJc46KTDucSMYXQGsupAOEGNo1OTWUqxn1JEfDpawCcrOkP1TO7h8xFOR0i9 OCnBpxM9fYoh2j5Hn314jk4nGM5tt845Zno7TkFHqIRONNRvtkV84onz2QhtuXY7yUFPofV2 Ok0hWgyffZjPXY0WBblkOJ26OBecfZjiklUHwsmtCGc1OqFRv3WcAvE5LcrnObTlk1r6vDYz eKONETlNWNweN5GY5OD1YMbmTGe+xLpppHWsi/Vme+K5O5ppB1e9aeaEg75wp9xmvEBft6Nv 29F37JQd4gZB3xrax19to1Q3f2VK8vfnbPQlOf6OnFf8xDgtdhmnZam4SIbEXLlEDJJl4jJZ LvrLZfxNu7H0ZTb+FpvkL6+paOtD2/5o60NbD+v7gL+y5pb0hZhScTnq56H+q6i/HLquhK7L 0PtRzOdd+lqL8Qv6gpqyEvNoMX6F+Y5X3jO+o7wvipQPxBjlQ3G18rHxqnIMb7ukfR9/J02l b5fRl8voK2X8jbJG0U/MEH7weDFCTACXG6+KMLgCXGd8KOLGCVEPbgCvADeCm4RPNBuviXvA K8Et4FXge9F/Lfg+8Drw/eA28HrwA+AN4Hbwr8VU8Ty4F+kzYEOMkAIswUExQd4Ongu+A3wn OCLmyE4xFCuOKPPFRGURfSUDXCXa6PtIyhqhKfeKfPUHxmvqFvBW8GtihPo6eD/4DfCb4LfA B8Bvgw+CD4EPg98RI+x+41V7l/Ga/U/CZ+9G+ji4x3jNYRczHCNwv1aMcFyPe5XxqqMaXAOu BdcbHzoawMDGAWwcwMbRDAY2jp+JCY6nwb8CnxITnCPFUOfV4BIxwlkKXgJeDo6Bm8A6eA0Y GDkT4IfAPwBvFVOdP8H9OPgTcA/4z+DPwKfAwNBVBi4Hh8H1YqhbiAnugWIo2+5R/oIcpT7m r79dDKt9Blb7DKxtOKxtCqytFdZ2B6xtCaztVlhbgL7URl9lU+YbD9J32eirbPQFNvr+mrLD 2K68Bzv7QCjKUdjgx2IR29n7/BW2/mmvWCxGZ+ifDv0N0D8N+m9A64XQ/Qh0/wq9roXujdD9 KPS9AH3zRS60fAotn0KLH1qugpYaaBkNLaOh5WpooW8ZvkvfW4Mm+m7cGP7GGq30d/wdtDzo +C10/BY6CmSJ8Tz0jIaeEugZCz13QM+N9HUz6BotNxnP0dfK6Mtk0NdA3yajL5PRt8joS2TK EeMEZveS8hG89WPxNeWY5bH9oXUktEag9QZonQatV0BjAbS9Tl/3gefdhlXOE14rwvwHIglF lu+Ke41usRZ8H3gd+H5wG3g9+AEwfeexHfyS0SteBu8F/xv4FfDvwfvAr4JfA78O3g9+A3wA /I5hiHfBfwB3gf8IPgJ+z3hZvA/+APyZcUj8BX5+AvxX8EnwKXAvotvfUP85+N/Bp8H/AT6D uRhGtxRgyVHxPWUhLOwbxqfKYtxLjU/V14xu9XXwfvAb4DfBb4EPgN8GHwQfAh8GvwP+yOhV PwYfA/8J3A0+Dv4E/Cm4B/xn8Gfgv4BPgDEX9QzYMF62DzBedgaMXuc08AzwTPBs40PnnbjP Ay9E/SLwYnCJ0e0sBS8BL0Pdctxj4DjSK8CN4CbkV+Ku474GvA7p+8HYB+c3cU/g/hD4W0g/ Av42eCP4O9D/A5RvQ/pxpH+C9M+Q/g0Ye+TEHjmxR07skfOQYTgPg7FHTuyRE3vk7EKfP4KP gLFHzo+NQ85j4D9hLd3g48Y+5yfgT1HXA91/Bn8GPoE89s55EvdTyGOPXGXgcnAY+2UTD4qB /ORSxIOw3XmwYXp62ZH738jNQO5WWPku5ffiaiFRelIUwzIPwTIPwTIPwTIPwTIPwTIPwTIP wTIPwTIPwTIPofWHsLReWFovLK0XltYLS+uFpfXCirphMSdhMSdhMSdhMScxHn017JByl/hP 3u49Pq663Pf4ykyapsmEa6FAQQgUBOQidwWUm9aCUre6VcS93fECGgREsIC6Cy1B2AhYEcEi IrgpctEWJRZFbCjQ0pKSkrZJmialSZsOSaaTNEmzJtMW/O33zI4c9JzzOuefc/74MJmZtWY9 z/f7PM/vt0IYJiS/jK+ooK+GHlXTqWo6VU2nqulUNZ2qplPVdKqaTlXTqWo6VU2nqunkZI6T OU7muNjJxU7O5bjWybVObuU4leNUJ1c6udFJ9TzV81TPUz1P9TxVs1TNUjRH0RxFc1TspGKO ip1U7KRiZ7FjO6KJtDxPJ5dbe5dYexcnm621a6xCVpuivhkZrpHh5qK+/+5Z4TtnD6bvLT5h fXSJdbLaOlltnay2TlZbJ6utk9XWyWrrZLV1sto6We1Kp1srp1krp+nZFj3bomdb9OxmPRvr 2VjPxno21rOx9XQfPZvWs2k9m9azaT3L7+jj1s1T9elmfdqlTzfr067kV6Kjkl8tfE9sdKt1 9FDr6KHW0anWzmprZ7W1s9raWW3trLZ2Vls7q62d1dbOamtntbWz2tpZrRfTejGtF9N6sUXv xXquRc+16Lm0Na7aGldtfau2vlVb16r1StraVm1tm6ZX0ta3avXfov5b1H+L+m9R/5vV/2b1 H6v/2Pq3j/VvH/WfVvMtaj5W82lrYLX1r9r6V239qy7Uexih9Yj92Y/CDzgwwzzfbJ7P4sQM Tjzm3btU+0eTa+2kWsJfk63RV4rudTq6w1HtVswfhZs8+4pz1zp3nVfPde6PnLvCuRc5t8V5 X4jKxvvo845sdWSLIy8q7q8KNfN48ZMu8/453l/t/Tbvn+WT7vDu73zS+T6p0Se9v3j8huI+ cVPxn7moomTP6NCSS3ElrsK3cA2+jWvxHfzQSr934RsmC98pWfhGycK3Rxb3Ro9EU5LPR6cl X+T/lugIq/Zn7BL3sXIfZJd4RLLPZOgXQcZr26LTrOfXhhedsb895eGFNd35V0YXWsEuLXxT W3Rh8kvF3deF0R4imyqyqSKbKrKpIpsqsqkimyqyqSKbKrKpzpzszKudOdmZVxfPrHJmlTOr nFnlzCpnVjmzyplVzqxyZpUzC99ofJIzC99pfFLxzJQzU85MOTPlzJQzU85MOTPlzJQzU+Nn njp+5qky+WJ0rJ+OLWpcX9wjjBW+H7Lw3Vv4FD6Nz+Cfowp7twp7twp7twp7t4pJhX9PW1r4 jsfCtxCO7zSWFT3aHLWUHB22lByDY/E+HIfjcQJOxPtxEk7GKTgVp+F0nIEP4IM4E2fhbHwI H8Y5OBfn4XxcgI/go5iOj2EGLsRF+Dg+gYsxE5/Ez/EgfoFf4mE8gl/hP/EoFuAx/BqP4wk8 iafwG/wWC7EIT+N3+D2eQT3+gMV2a0s9vhg6Sl7Cy1iG5XjF6ytCa8lKvIpGrMJr4c2SJqzG 63YQl7pb+VJoLl1uJ/EKVmAlXkUjVuE1NIXW0tV4PbRO2DtsmTAZ+2F/TMEBODBsKZuHB0CD sl+GN8t+HbaXPY4n8CSewh+8/rJHu82y5X5uDq1l6xzf7udc2DLxELwHh+IwVIftEw/HEZiG I3FUaJ34XhwdOiYeA7UwUS1M5PvEkz0/xXtnhTcnnu3x02F7eSJsKU+iFBNQhokoxyRUoBIp VGEP7Im9IN/yfbAv5F0u73J5l8u7XN7l8i4/CFNxMMRfLv5y8ZeLv7wah+MITMOROEpMJ4c3 y0/BB0Nr+Zk4y2vnYjo+hn9z3Fc8Xu69rzvuG6jFFZjlvdm4CTdjDuZ5/VHHP+74J0JH+ZOe P4URr8Vhy6QSyHXSvqF1kjwm7RfenHSYGvp+8btKqVNCnRLqlFCnhDol1ClxRgl1SqhTQpni N5rujX2wLyZjP+yPKTgAB6LwnaeFbzw9FIehGofjCEzDkTgK7y18j6+77GNwLN6H43A8TsCJ eD9Owsk4BafiNJyOM/ABfBBn4iycjQ/hwzgH5+I8nI8L8BF8FNPxMczAhbgIH8cncDFm4pMo fFvrp/BpfAb/jM+K+3P4PC7BF1D4dtWbcDPmYC5uQR1uxQ9wG27Hf6Dwza+F7329Bz/Bvfgp 7sP9+BkK33L6IH6BX+JhPIJf4T/xKBbgMfwaVsCSJ/AknsJv8FssxCKYtSVmbcnv8Qzq8YfC t84WvvUVL+FlLMPywnerYiVeRSNW4R+nyGfDlwvfTWsdKHwT6dmF71stfE9s4XtpS028UhOv 1MQrNfFKTbxSE6/UxCs18UpNvFITr9TEKzXxShe5R3kav8Pv8Qzq8Qcsxp/CQOlz+DOex1+w BA14AUvxIl7Cy1iGpihVuhqvR6kJe0cVEyZHlRP2w/6YggNwYFRZdlcYKLs7ZMvm+fl+P88P vWUPWJN4UJxmj3hPLmWPeU/MZWIuE3OZKV32dNha9js84716FKbcs47/o9ee8/6f8bznf4E4 y8RZnH4rPG/03iqPr3mtCavxOpqjVNk613ZvV+berqzNa+vDWHFSdojN/VxZr3Pds5Rl/Wx3 XWZ3XbYd7lnK3LOUuWcp24FRxMjJbSxsnbhHGJi4J/bC3jggjE08EAdhKg7GIVHFxPfgUByG o6LUxPfiaByDk7x2ssdTYJWdaHX976kbpcoTUWV5EqWYgDIU/hC7HJNQgUqkUIU9sCf2wt7Y B/ticlRRvh/2xxQcgANxEKbiYIizXJzl4iwXZ3k1DscRmIYj8d4wUP4+92jH4Xic4LmdQvlJ fv7bJD7Vz6fjDHwAH5THmfiEny+G+9zyTzrvn8Ky8k/h0/hCGCv/N3Fe7rh/nNLud8vd75bf gNliuAk3Y47j73Bt/V+c2vd7nO9zH8DP8SAe93lP4G9T/Dde42F57NzdYWxSFLZOKin8Z0oh O6nwt+8VHvf2+r5RqjjZrVCTpnjtABwI83jSwYXfSxY6fXxfNbvwPc7FPdpL77x+deGbk4u/ RynstwajCYkZ4V+SF4eX7U4rCr/b8t5AdFzi/SGTOBVn4BzMCGsSF4ZViY/jYrvyz4ZNdhcb 7S42VlwSVlVcittDpuI/cAd+iDtxF+6Ge7mKefgx7sFPcC9+ivtwP36G+XgAP8eD+AUewi/x MB7Br/CfeBQLQib1vpCJkiLNJS5xT3yte+izxB+LP06cGdLijxMXeLwjbE780L3LF6Pjza/j Hbmq4jMhXfHP+Bz+BV8NmyuuwJW4GtfgO7g9xHKL5RbLLZZbLLdYbrHcYrnFcovlFsstllss t1husdxiucVyi+UWyy2WWyy3WG6x3GK5xXKL5RbLLZZbLLe48qKwufLj+AQuxkx8Ev+ET4XN co95eEZYz6HXEkUfw8ribw4PlfsT8n4i8cWwKPE1XIU7wlIaFL5TvEPuT8j9Cbk/Ifcn5L5U 7kvlvlTuS+W+VO5LK24Miyq+i+9jLn4QFolrqbiWimupuJaKa6m4loprqbiWRudxoJYDtWLr 4UCt+MZU0KgKGhVnl0jaRdKe/OxfR5OX/DW2ulRx5sTCd+xz58Txe/xlqmtUdY2Krl107aJr F1276NpF186ZWs7UcqaWM7WcqeVMLWdqOVPLmVrO1HKmljO1nKnlTC1najlTy5laztRyppYz tZyp5UwtZ2o5U8uZWs7UcqaWM7WcqeVMLQXaKdBOgXYKtFOgnQLtFGinQDtnaqMLqFBDhRpe vEqFGn68mpgRHSL7mbKfOf771jvH76ePpcL+hW9QL/y/OgrfoT7+W+Iv8OpVXr3Kq1d59So1 ZlJjJjVmUmMmNWZSYyY1aqhRQ40aatRQo4YaNdSooUYNNWqoUUONGmrUUKOGGjXUqKFGDTVq qFFDjRpq1FCjhho11KihRg01aqhRQ40aatRQo4YaNdSYSY2Z1JhJjZnUmEmNmdSYSY2Z1KiJ JqqFURmnZHyPjK+X8T4yvEmGN0QH0mgZfZbRpo02bYXvRC98E7h375X/Mvkvk/8y+S+Tf5v8 2+TfJv82+bfJv00cbeJoE0ebONrE0SaONnG0iaNNr9SGx/9h3o1Gxyc+ZcZdglpz7goz7pu4 Ej5bxN3vzLrZZsbNYVXl90Om8t8xGzfhZszBXNyCOtyKH+A2mI2VZmOl2VhpNlaajZVmY6XZ WGk2VpqNlWZjpblYaS5WmouV5mKluVhpLlaai5Xm4h6TUIFKM68w2TPF2GM9ntbjaT2eplvh Pv0o767Vu2m9m9a7ab2b1rtpscdij8Ueiz0Weyz2WOyx2GOxx2KPxR6LPRZ7LPZY7LHYY7HH Yo/FHos9Fnss9ljssdhjscdij8Ueiz0Weyz2WOyx2GOxF2bWJWEDtV+j8IvvzKxCRl3RyTKq 9/4W749x4y1uvMWNtxzb5dhyx1bqlAqZnqBTKmR7wvjvgF7h0FscekuW9bKsl2W9LOtlWS/L elnWy7JelvWyrJdlvSzrZVkvy3pZ1suyXpb1sqyXZb0s62VZL8t6WdbLsl6W9bKsl2W9LOtl WS/LelnWy7JelvXRaTKp481K3qxM1EYH82elDL6qA3bqgJxMbpXJlPHfzEwp/GZGJj8r/DaL dyt5t5J3K3m3kncrZVUnqzpZ1cmqTlZ1sqqTVZ2s6mRVJ6s6WdXJqk5WdbKqk1WdrOpkVSer OlnVyapOVnWyqpNVnazqZFUnqzpZ1cmqTlZ1sqqTVZ2s6mRVp48vKfbxB2Tx+vi/c5ou6ntF /UxUKd8m+TbJtUle+8lpP+/cJ58m+TTJp0k+TfJpisoSs/h6fdiZuCG8mbhVXdwdBhP3FX7T 7tVdiVtDLirxz53RMY7IJW5UEd/FraE1cVtUnrjd2XeFvsT9he9HD7sTD4Tdlfa3lfa3lYfg PTgUh6Eah+NrjrkMl+Pr+AZqcQW+iStxFa7Gt3ANvo1rcR2+g1m4HjfgRnwX3wu7i/nsEmlP YnbolcvWxE/D9oQ7vejSxLWq/TrM8uqNsvwubg7NiTmYi1twa7Rf4rbwdGKe434cuhP34Ce4 F/PDc/J7rjIRXqtMohQTUIaJKMckVKASKVRhD+yJvbA39sG+mIz9sD+m4AAciIMwNQzScJCG gzQcpOEgDQdpOEjDwcozQ3PlWTgbH8KHcQ7OxXk4HxfgI/gopuNjmIEL8TV5XIbL8XV8A7W4 At/ElbgKV+NbuAbfxrW4Dt/BLFyPG3AjvovvheeiUpWziYrrqLg5cX8YVku3hhF1Mhb9Exfy XMhzYBcHChW22YqTs+LkHJGjcp7KeStMzgqTs8LkrDA5K0zOCpOjfp76eernqZ+nfp76eern qZ+nfp76eernqZ+nfp76eernqZ+nfp76eernqZ+nfp76eernqZ+nfp76u6i/i/q7qL+L+ruo v4v6u6i/yyqXs8rlrHI5q1zOKpezyuWscjmrXI66eermqZunbp66eermqZunbp66eermqZun bp66eermqZunbp66eermqZunbp66eermqZvXc9er7kIvzqbpTar71mgPavdQewu1t0fX0LiB xg0qvc+RK2ndQ+uexPc8nx36nTWi8rMqP6vysyo/y4e3+dDAhwY+DCd+FFbogPU6YL0OWK8D 1uul18yGV3jUyqNWHjXwqIFHDTxq4FEDjxp41MCjBh418KiBRw08auBRA48aeNTAowYeNfCo gUcNPGrgUQOPGnjUwKMGHjXwqIFHDTxq4FEDjxp41MCjHh718KiHRz086uFRD496eNSjQ7I6 JKtDsjokq0OyOiSrQ7I6JKtDsjokq0OyOiSrQ7I6JKtDsjoky+MGHjfwuIHHDTxu4HEDjxt4 3MDjVh638riVx608buVxK49bedzK41Yet/K4lcetPG7lcSuPW3ncyuNWHrfyuJXHrTxu5XEr j1ujWg6mOZjm4A5+v8TF7Zzr4Nw2zg1ybpBzg5wb5H+K/89wL8u9bOJOr93N6XlhIQf7ONjH wT4O9nFwgIPD6mQJF7u42MXFLBezXMxyMcvFLBezXExzMc3FNBfTXExzMc3FNBfTXExzMc3F NBfTXExzMc3FNBfTXExzMc3FNBfTXExzMc3FNBfTXExzaZBLg1wa5NIglwa5NMilQS4NcmmQ S4NcGuTSIJcGuTTIpUEuDXIpy6Usl7JcynIpy6Usl7JcynKpi0tdXOriUheXurjUxaUuLnVx qYtLXVzq4lIXl7q41MWlLi51camLS11c6uJSF5e6uNTFpa7o/VzKcSlX7Mb/dmGUC8NcGOZA jgOF+6Zh6g5Td5i6w9Qdpu4wdXPUzVE3R90cdXPUzVE3R90cdXPUzVE3R90cdXPUzVE3R90c dXPUzVE3R90cdXPUzVE3R90cdXPUGabOMHWGqTNMnWHqDFNnmDrD0bEmw1smw1u6P2s9r0jc KYu7ZFGM3s/3Y771/gHr9lS7uoNxCN6DQ3EYqnE4vuaYy3A5vo5vwA6S1mO0HqP1GK3HaD1G 6zFaj9F6jNZjtB6j9Ritx2g9RusxWo/ReozWY9E3aN1H6z4RZ0Wc1QUZXZDRBRldkCnq/7cO oPv/VPl28InCbzb+99Xex48+fvTxo48fffzo40cfP/r40cePPn708aOPH3386ONHHz/6+NHH jz5+9PGjjx99/OjjRx8/+vjRR8EsBbMUzFIwS8EsBbMUzFIwqxsyuiGjGzK6IaMbMrohoxsy uiGjGzK6IaMbMrohoxsyuiGjGzK6IfN/0Q0ZDmU4lOFQhkMZDmU4lOFQhkMZDmU4lOFQhkMZ DmU4lOFQhkMZDmU4lOFQhkMZDmU4lCmu8UPFfwt5Oq+yvMqaNlnTJk37LO0LGmdpnKVxlsZZ GmdpnKVxlsZZGmdpnKVxlsZZGmdpnKVxlsZZGmdpnKVxlsZZGmdpnKVxlsZZGhdyzMoxK8es HLNyzMoxK8esHLNyzMoxK8esHLNyzMoxK8esHLOVhVqYhetxA9SbHLOVhf8r6V5mcfz3PaPS 7ix2es5Mzf2fesTe/Xp7VHemui2l28p022adtp9Oq4hmvjNRZlmNZ+Mm9+W3utYdYUhlDzk6 rzeHrM6jzjqBwjkKj75r1zSkuodU95DqHlLdQ6p76P/TtBlSfUOqb0j1Dam+IdU3pPqGVN/Q /9NdUeFuJU+pFe/ct4xGyfHX8lzaHX2Wto20beTfAP8GaFu4s+ngxAT69tK3tzj/5nn+U/cI 99kpzffaA6GXrr107aVrL1176dpL1166NtK1ka6NdG2kayNdG+naSNdGujbStZGujXRtpGsj XRvp2kjXRro20rWRro10baRrI10b6dpI10a6NqqpATU1oKYG1NSAmhpQUwNqakBNDdC9l+69 dO+ley/de+neS/deuvfSvZfuvXTvpXsv3Xvp3kv3Xrr30r2X7r1076V7L9176d5L916691YW 8pyF63EDbsR38b3QW9R453gn5KN9E4uj/RMv2nG+pC5fDnMSK8ITiR32GXGYl9gZmpMmZ/J4 d68nhqeTp4b0O3+t/Llor+Tni//nv8LfFPalOsNqji3wuYvwkg54ObQklqn05Vjhmis9rgqd idXudFtcrdVjG/qiSYl+nRrb4+bshMawKwwno9CdnIhyHOju/8TQkzwp7EiejFNwWsglzwpb UjUhm7osNKW+CTMi9S2P14TO1LdhJqS+73G2x5tgD52qgxUzdTd0ZWqe9+/1mtmX+pnn8/EL n7Eg7Ew96fOfxu/CjtTv8YzX6j1/zqOcUs1eW4O1WO95Ozr9vBHdjhsI3akdGAvdVZPDYNV+ 2B/uDqvcHVZN8/oVoanKnr5KXFW3h9Gqu8OOqvvwAB4Ng9FF46p28ClP1fVUHaDqAFXfoupW qrZTdT1Vd1B1PVXXUzNHzRFqjlByhJIjlByh4k4qxlSMqRhTcICCHRRcT8H1FOyg4HoKtlOw nYIdFGz/BwU7KDhAwQEKDlCwnYIdFOyg4AAFByi4nnoD1BugXky9mHIDFIspFlMsplRMqZhS A5QaodQIpUYoNUKpEUqNUGqEUiOUGqHU+nGlOig1QKmYUjGlYkqNRIcnngrfTywOv6NUgxrc TaFfU2VbYlP4ujqblegPD6vuzyVG7bR3hg+rs1eSybAsWRZ+lEyFq1V7a3JyqE4eGl2ePDJ8 R+UfnjwhnE+1R1X/dDX3YPLD4abkeeGL43+d1ZX8fHgkeUm4IlkblhT+fklWfzaTXrRKvIwV 4Q1XfJMfm1wx7Qr9PnXIJ27xidv10ll66UPuCJ/i2IthjbMK/fJasUf6ovc4e60zX3XmVrGl xVbpE1qK/XBqaHHmi+FVZ73prGedsa8zNrteV7F/3VUXe/hQfXq85yeGTc7qFuWy6BCVtaN4 5jKVtRwrVcwqZ69WVS12ka0e28JW1bFVdWxVGVtVxmaVsVlVbFYVO1TFDlWxQ0XkVUReReRV xGaVkFcJeZWwlXNbObeDa4XJ3xftIZ4ykS9wvadc909yfQ4rwy66bqRnOnVjyPn8EZ8/4vNH Ug94/suQ8zkjUamzRkV+rTO2FOreTvgps2SxXF4OzV7tTKwxRwoabgoZuq3xuet97vroEled 5+g5eqqnWC1/CrNdfbYzhymxixK7fEIPJQIlRsf7apQSo4n2sMgn1quk5kRW9VRgcrgsuT83 puAAHBGuS07DkWFb8mg+H4PjuUf35DneP6/4t8snieYkvddD3VHqjuq9HgqPUjhQOOi9HirM pnSgxDxKzKPEPP3XQ+1d1N5F7V3UDvqvR//1UH0X1XdRazblRyk2O7XQJFqE58N1qWUeX0MT VmMDOvCG97o8bvYZW8J1VVF4pWpCWFRVhomo9vwoXGFCzQ3z9GAPN3dV3R+2VP0M8/FzPBQW RZUqckQ1buH0KabP26bP26bP21w/Q6e/rdPf1ulv6+q3o4P5UfAyR/sh2g85q8yMGjajhs2o YbmPyn1U7qPyHpL3kLyH5Dok1yHzZdh8GTZbhs2WYbNlWH0Pmy3DYh0V55BZMWxWDJsVwyUV rjhXBdzP/aXc/wn3f5JYwtEGvBhWJJZZFZdjRXhUFexOrPV6i9pqD7MSG8JfEh3oxEa8gU3h 9kSXxy3o8ZlbPabRi75ormqpT2T8vA1ZlTfgcRDbw3WJIQz7eQQ7Qq3Z1Gxyt5vc7Tr4c2bU 6sRu772Ft8OSxF89BqtwCRIozK9S1TbBz2XmVEWYk6z0cypcVZxne3rcC3tjH0wOZ6nWGap1 hmqdYW29LXlQuCE51XsH49DoC8lqj4fjCDNvGo4M/5I8yvP34mjPj8Gxfj4Ox4cLzMgvmywL uTaXa3O5Nle1X2xe3p083TFn4APhluQHPZ6Js8LNybM9fggfDv+qK2Ykz/XzeeFanfG58b+Y XahDbkheGh2Q/BJqw+vm629TtaE5dQWuCbt1yW4d8hMdsluVzFUlc1XJ3NRc79+C/8Ad+CHu ivZP3Y0fYZ7j7/Pa/fiZ5/PxgM950PNfenw4XJX6FR7FgnBb6rFwg9Xs5tRTnv8Gv8XCMF1X TbfC3awC56rAufYHt1nlbk79IdySWoxnHfec15533F/8vAQNXl/m+Qqvr/S5jV5bhde81oTV aPZZa7AW6xy/3rHt2OC9Dpjeqnuurp2e2hT+onOnW0Vv1r0zdO/0VI/X1GBKDabehDpM9aE/ LE2pw5Q6TGWhBlPbMYRhE2AEOT/nw5LUTuzy89tQcyk1ZyrMqVJ3VequKhmWVJV6nBBmmRKz TIlZVeWeTzI9KqAGq1JhaVUV9vDzntjL63tjH+zr9cmh3UrfbqVvr5ri8w5wzIE4CFNxMA5x 7KHePwzVrn+410xY02hO1c2hWYfPrbo92r+K11W8ruJ11Z24C3d7795wg86fa1JNN6mmm1TT TYG5ptX0qgd9zkPifthnPurzF3j+GH6Nx8N1UbUpca0p8fviyvxScT1fbhL06vh5OvtfdfZi Xfu0rn3Vmhvr2Bd0bI+uXKMbG3XhEl24Ttd9VGd9SSc9rWPu1jHLdUyvLrlPl6zTBQ2q/zHV /0nVv1T1F/5LhdNV/OvRV8yrJ0XyWyvW2sTTVqnFZsKfvPYcXrLOvey9ZaHN9Gyzci01swas XIutgQOi7bd6LbZ6LTa/Foh8uTnVL/LVZtEyUbebN1vMmy0i7zWvW0S+3cxuMbNbzJNlol9o Fiw0CxaKcrcoP13Y81i91qa+bNJeFhZbwRZbwdZawRbrzQG9OWAFW6s/n9SfA/rzSf35pP58 0gq2NnWr836AO3FXaDPV20z1Nr05YDVbazVba8K3mfBtevNJq9livfmkXlqo7heq84Vqut96 0mI9aVG3/daUFrXar06XqcsF6nKBulygFvvV2ha1tkWtbVFb/WqrX11tUVdb1NUya1GLmlpm hVuspp60wq21crSpjwXqo199bLGDXKIOGvCiHdqK8CdKb7U6rFEL55vmG03zjephFVW7qdpM 1WY18UeTexNlV5rUGym7krIr1cY2tfGmabzONF5nGq9TI8epkTFTtsOU7VArG9RJ2mRtMlmb TNYmNdNqmm4wRdtNznUm4hoTcQ3Vt1J9K7W3moBrTMA1JuAaE3CNCbiGsltNvTWm3hqTbo2J 1m6KdZhiHaZYuynWZIo1mWDtJtgGE2yDabXBtOownTpMpw7TqcN0ajKdmkynJtNpg6nUYSp1 jE+lJtOowzRqN43WcWelybLRZNnIpZUcWmm6bDJdNpkgm0yLjabFRpNho8mw0WTYyKlmTjVz qtlU2GQCbORUM6eadf5GTq3U+Wt0/Bodv0bHr9Hxa3T8Gh3fpNubdHuHbu/Q7R26vUm3d+j2 jVxs1uUbdflGXb5Rl290T9xnd1zYV58a3opO02WF+6xv6qj5Omq+jnqJz3N0zU6+/pqv9Xyt 1y0ZvvbwdRFPF/F0kY7I64I8L+bwYo4OyPNjjorPq/L5qny+Kp/PizmqPK/K86p8viqfr5p3 0msRnRap5p20WkSrHlr1qOqd9OpRyTvpU0+fevrU06dHNe9UzTtpVE+jevosUr151Ttf5e6U c70cXw53q9gxGSzxbIfY4/CU2twUHSSzHZ6lZdYvs36ZDcmqyRzIyKxJZk2i2yG6JtE1iW6H 6JpEtUNEO0TUL6J+EfWLZododoimXzT9omkSReFetj861JViV9rgSmlXSrtSHw0L96jNrjbq as2u1uxqsas1u1qzq8Wu1kyLEVqMuGpMixFXjl057cppV07TYsTVY1ePXT3t6mlXb3b1wv1h 2j3CJvNyR3hd1q+78qgrbjTLnjNx15u4hfuDPxYnbpmjRsfvoTLj/w3TiclLopOLynV7Z6N3 uovPCvd2u4s6Thg/a8SzrM9v8/nDdsPt9rRZCu+SZwUlIkywJy3DRFR7fhQeCkM+Y1PRmTWO 7rSKFGIcjY7yGcu98yf6jfisPzvizb/d3xfXm8h8mYhyVIQ/y+pTsvkqHUfouImOm+hYuL/e RL8RMfxZDMvFsFwMy2n59/fdU3Hwu+6/qx0/TS8e5fEhxz/stcI9d4mcB6Mp4hsW07CYtolp 2/hvcLaLvl9c28W1XRzbxbFdDNtde9i1h1172HW3ue42193mettcb5trbXedYdfYFk3z6c/L /hWZr3zXlG2h80JXyhWnakXxL0V+MO7lBtnXFv6i52/TR8YrXfV5V33eVZ//X06ewqSpdlxh yhzlsTAxHnLsP06MScVVdId9wE731mV8/Wy4ZvyvO1535S8U/2L0ZHFvcuQfudbkvqBN/C9Q 6el3TZDCytBOqYd4XVh336TWQ9R6SD4v+NQ7fdoiLjbZu7VR8CEKPsTJJio+pCPadUQ7R5vk 94KuaJfjJjlukuMmrjbZg7XZg7XZb7X9w+Ro53ITl5vemRzVPmNaeEjuL8h7E5ebitNjKtU7 qd5Z/G1EbIrsDC+LeoDynSIeEHHhdzgD1O6kdqcoB0Q4QOVOKndSuZPKnVTupHInhTtdaYDC ndTtpG4ndTup26mrYlN3l9VP9aiwOLwQJayCu+yUdkZJu5EVng171htVezboHiZvfzJofzJo pRyzUo5ZKcfGf0eYsWcZso/PW/EyVrqMlW7MSjdmv5632mXs0fP2FYP25Hmr25jVbczqNmbf nbfvzlvZxqxsY/Ydg1a2jL3HoJVmzEozZnUZiyZZy3eK5BfW7kFrdmFf96arDnLwUQ4+Wpwq k6z2o8nJJsnxISuDfkdlk6dFe5ow7nmik1ynPSr1OVt9TuF3rvlCBjJOFX+DkCkcT4nJ+um0 kPd64beyjnDelmg/zwrZj8p+VPajxcwvtVf4Umh9V+ajMh8tZt3scQ3WohMbITuZjcpsVGaj 0WGutpq+MX3X03f9u+/MXTvrKmnaxq6QdoX0O3fjzxR/45embUzb9bSN/+4Ofb3n7cXfAhbv 1Gm73tXTtF3/7rv1qETmcTQtWeWnyeFhu6VBu6VBu6VBMT0rpmepFdsx9dsxFX67NkCnbXZG gxx4iwO/4cBv3Efu4z6y8NeRhV1Pv11Pv7ietbvpt7vpt7vpt7vpt5vpt5vpF8+zdjL9djGD YnrWjqLfjqLfjqLfbqI/miia37vyDlfMu+IOV9vpaqtcbVV0hHc3061XjBvEuMGRufHfYf8P h06zsztLXZ9HhwWhl4a7aLjrHZee8Vq95895fN5Oa4XHd7u23vN2/M29NxzT7fgtYcPfubg/ 1bqp1k21bkp1U6pb3F3jv5Pqpkg3Rbqp0U2Nbmp0U6ObGt3U6KZENyW6qdBNhW4qdFOhOzpI nm/I8Q05viHH7XJskeM6Oa6T4zo71ULVrZPPOrvKjF1lRi5v2FkWKnCdXNbJZZ2dZEYe6+Sx Th5vyOENOayTwzo5rCv+V5RHJP8tOiKaH30tPBBdhstxXXgk+l64J/o+/h2zcRN6wvxoK9IY cczO8ONoF3bjLbwdflxydGguOQbH4n04DsfjBJyI9+MknIxTcCpOw+k4Ax/AB3EmzsLZ+BA+ jHNwLs7D+bgAH8FHMR0fwwxciIvwcXwCF2MmPonaaErJ0vBCyYvhjyUv4WUsw3KsCEtKVuJV NGJVWFL6cLin9BH8Ck2er8brkGvpXxHCjyfsFR6YsE+YP8Eue4Jd9gS77AlTcAAORHe4Z0LW MQMYCveUHYPTcWV4oOwqXI1vYVZ4pOx60L1sXmguaw5LytzxTDwqLJn4Xhwd/jjxGJyMUzw/ G5eG+RO/iC+FH/8XcecBH0WZ9/Fn5pmdmZ2dDT1UAeniqeBxeqIYz+MsJ0VUFAEBDxTBBOkt BMSGAtI7CCgtggISG0UsnF2pCywLQTphEyaC9MR93u8s8V498fTuvc/nTT5fpz1tnnnm///9 cseuNR0Wwj6O98MB4JlZx9R8Kw6FXDvF8Rk1wdbVZluCAQEwAaVooxTtIDgQAhfCkAKloDSU gbJQDm5Q79lNoTP7j7J9ku0SttnqHfu02hykrWA59PFDoqzaKMoB0U9UgFSoCPWhAVwBDeFK uAtaQEtoBa3hbmgD98C9cD88CN3UHFbuHFbuHFbucNFfvSQGwEAYBINhqMpmNWezmrNZzdms 5mxjtNpojIGx8CKMg/EwASbCJJgMU2AqTIN51JsPL6tsnvqcwE61MbAHcuEb2Mf5I2yPQgHX j8O3nPtebTRNsCAIDlSCylAX6gHzYDIPrI5sswnb69jeyPZ2eAg6QWfoAulqDitnDitnDitn DitnOCtnuMn9mtwvKyjbfsKfGzFRbRaTYDJMgakwDRbDEsiGV2EpfAFfwlfwNWyETbAZtsBW 2AYR2A5ROKhWERNWERNWERM+F9/BKTgNZ+AsnFcriBMriBMriBMriBMrjDy12TgGcciHAsCd GB4UwrdwAk4CjsU4BX69BCi1gvdtlUUssHj3Ld51i3fd4j23WqnPrfvYtoX2lOkAndQK63GO +8MAGASDYRg8B6OA981ijizmyGKOLOaI92mF9QrbhWxXsF0LzIPFPFjMg8U88K6t4l1bxbu2 indtFe/a57xrn1v5UACF1D3FeeaD926FdrUwRBkRANP/Jh3/iywgCP6nd4fATX5/dRmRAk1F qrgRuqlM1ngmazyTNT6ANd6TNd6TNd6TNd6TNd5TDKGFoSqDdZ7BOs9gnWewzjPE06KUeAae hedgFDwPL8BoGANjYbWoLtbAQTWUJzqUJzqUJzqFJ5rNE83miWbzRLN5otnC/wTp8yqLp5rF U83iqWbxVLO0WWq7NhvmwFyYB/PhZXgFFsBCWASLYQlkw6uwFJbBa/A6LIcVsBLegFWQA2+q 7XojUUpvLFL1JmzT4A6Vqd+p+ul3QRuOe6iRek+Vrj8O6SodzXaX7KD6o9vukp3Z9ldfyAFq i9wsAnKLKC+3oXq348p3CEceVNnyEFrksGggj7A96n82ENt8UdboL8oYA2AgDILBMASGQiYM gywYDiNgnsogXmQQLzKMraKUsQ0isB12wE6Iwi6IwW7YA7nAfLLas1jtWcSazEAZtZ1VP5QY kxHIFw7xJZP4kkl8yQgUiTKmBNaWWRbKQW24QmWYDdk2ht+LVGJKhnk9++kqk/iRSfzIJH5k Ej8GED8GED96Ej96mqwlcyiwlsyZars5K/kv6Ldbl0F1qAE1oTG0Utm8aUN504bypmVZfUQp qy88CSNhIkzn/Dy2L4vqvE1Z1jL291F+PxwA1hxvzhTenCm8Odm8OdnWcRG0PCik/Cmus/54 g7Kss6KUXV5ttytAKlSESlAZqkBVqAaM1WasNmO1Gat9OdSC2lAH6kJX2uoGj0AWx8NhhNoe 1NR2p53q57SHLJXujADeG4f3xuG9cXhvHN4bh/fGeRHGwXiYANyvMwkmwxSYCtNgOsyAmTAL ZsMceAnmAvPjzIeX4RVYAAtFqVAmDIMsGA4jgLkNMbehp4D3O8T7HeL9DvF+hxhniHGGGGeI cYYYZ4hxhhhniHGGGGeIcYYYY4gxhhhjiDGGGGOIMYYYY4gxuleKUilBcCBEfNDlJt6Ug0Qj f8//7JGK+iCimZv8dgETLLD9LwoBB0IlXxwShhQoq2IogBgKIIYCiKEAYiiAGAoghgKIoQBi KIAYCiBG5CtH5CuHEoijBOIogThKII4SiKME4iiBOEogjhKIowTiKIE4UbI7UbI7UbK7eEx5 ogf0hMchHTKgFzwBvaEP9IV+qgcRtTcRtTcRtTcRtTcRtTfRtDnRtDnRtDnRtDnRtDnR1CGa OkRTh2jqEE0doqlDNHWIpg7R1CGaOuTdPeTdPeTdPeTdPeTdPeTdPeTdPcL/e0c2vApLYbWo TOStTP71yL8e+dcj/3rkX4/865F/PfKvR/71yL8e+dcj/3rkX49o3Ydo3Ydo3UccxcvmwTGI Qz4UwHHwoBC+hRNwUk0nsi8msi8msi8msi8msi8mqg8hqg8hqg8hqg8hqg9B00fR9FE0fRRN H0XTR9H0UTR9FE0fRdNH0fRRNH0UTR9F00fR9FE0fRRNH0XTR9H0UTR9FE0fRdNH0fRRNH0U TR9F00fR9FE0fRRNH0XTR9H0UTR9FE0fRdNH0fRRNH0UTR9F00fR9FE0fRRNH9XuFqlaG7gH 7oX7YJaKkIkiZKIImShCJoqQiSJkogiZKEImipCJImSiCJkoQiaKkIkiZKIImShCJoqQiSJk ogiZKEImipCJImSiCJkoQiaKkIkieIkcvMQ6vMQ6vMQ6vMQ6vMQ6vEQOXiIHL5GDl8jBS+Ro XwlH+xo2wibhkMVcsphLFnP1pv6/UWX7Z7Z3qBFks1Zks1bJbNZBFejdoAfZ7UdZTc9QBWS2 ZmS2nmS2ZmS2nnjx8bKfel2uVR/J9SJFfkj224Sf34JP3yYqkuXiZDkpd+LvL2a6AJmuTvIz JuOczyfz9BcuWc4ly7lkOZcs55LlXLKcS5ZzyXIuWc4ly7lkORclHUdJx1HScZR0HCUdR0nH UdJxlHQcJR1HScdR0nGUdBwlHTemK8+YATNhFsyGOfASzIV5qjmZszmZszm+KwfflYPvyiGL OmRRhyzqkEUdsqhDFnXIog5Z1CGLOmRRhyzqkEUddKaHzvTQmR4600NneuhMD53poTM9dKaH zvTQmR4600NnesZpVWCcgbNwDs7DBSiCYuCdIDMPITMPITN3JzNHyMx98H9R/F8U/xfF/0Xx f1H8XxSXEMMlxHAJcVxCjAzePHBIeTiFGE4hRibvTibvHmBMAcZERm9ORndxDbFAgmOlPFOA BjpI4ZLpXRxFDEcRw1HEcBQxMr9L5ndxFjGcRcysRtnLoDbn6nJcD4i1uIwYyqA5ysA1G3Gd NYg6KIfriKEQmqMQXJxHDOcRw3nEcB4xnEcM5xFDOXRHOXRHOXRHOXQ3iaMmcdQkjpr9oD8M UD1QEz1QE71RE71REc3xs1GURAQlETHnJj+RKdVcCW8mP5Up1fyY7WaVg8qImDxLfG/UPCtS URwRFEcExRFBcUTwwjl44Ry88Dq88DoUSAQ/vA4/nGPdKBw8cQ6+wMMXePgCD1/g4Qv2oFIW 4ws8fIGHWumDWuljdVQF1kPQSQ3BH3hWOvu8U1YveAJ6Qx/a7AvcF95hD97Bwzt4eAcPheOg cBw8hIeH8KzRlB+T/FRBD9Xj4Cc8/ISHn/DwEx4qaAgqyEEFVcZXeCihISghB2/h4S08vIWH t/DwFh7ewkMh9UEh9UEh9UEh9bEO0fZhOALEeotYj2qajmqajmpajGpajFoaglrqg1pajFoa glpy8PpRvH4Urx/F60fx+lG8fhSvH8XrR/H6Ubx+FK8fxetH8fpRvH4Urx/F60fx+lG8fhTV FUF1RVBdEVRXBNUVQXVFUF0RVFcE1RVBdUVQXRFUVwTVFUF1RVBdEVRXBNUVQXVF7GsZ0+/h BpVjN4XOtN2V427wCDzKue5sH4Me0BOeUHEUWgSFFkGhRewnqTOe80som63W2a+yvxROq2hQ iFQUXCTIvQXLqZxgBeE496qDzn1wP7RTrVB2rZyO7A9WBc4QyIQflN5I9p+FUcJF8bkoPhfF 56L4XBSfi+JzUXwuis9F8bkoPhfF56L4XBSfi+JzUXwuis9F8bkoPhfF56L4XBSfi+JzUXwu is9F8bkoPhfF56L4XBSf+/+o+NyfKL4KYpy6SeskWmpdxL3aw2Kw9jfxF62ruEnrJh7Q7xDt 9B7iftlW3SrbqT/JNWqxXK9aygPqc7RheUmEk0fURJmnPpXHRFUZx2/lqzOihhiX2CCWqa3i 72orrd9c8mmw19H6lbR+Ja3fovVQZ8ith+kFN4cra6ua0kszehkg16m18j1YnyiQH6i3yHE7 5UfqY7lBjaP3Z+j5nDysjtJ7U3ofT++S3ufS+wZhy41qodzMmHDycqvqKrep1TJCrR1qN1kx F526TH3C2D6h5IPkzo2Unk7pTLk1kaD0y5S+kzz6FjUGUWNW8rMdr2G0WWTzy8jed+otyeQ9 VA+9l5D6UnTyBvU3/VM1Q98r/qCfJiOXF6XkNWqRXCdcsvQ13MEb9PQpflTKrXjN7epNsnSA 1hPcUYRMnVmSqWWJJ5Xc2VF5jLuKcz5fHdceEIZaLQJgggU2BMGBELgQhhQopdaK0tBU7RY3 wtNqpXgGnoXnYBQ8Dy/AaBgDY2Ecc7habRFr1BZNV7s1CQYEwAQLbAiCAyEIQ2koA2WhHJSH CpAKFaESVIbqUANqwuVQC2pDHagL9aA+3K1ytTZwD9wL90EWDIcR8CSMhKfgaXgGnoXnYBQ8 DxPULm0iTILJMAWmwjSYrnbpjdRKvQmkQRv1rv6CiumjVYxV3panUsA6K2aNreRJFLDGWrPG iuWZRJ48yxtxTlnyfOKsvJDYLYuUKYsTR+X3Kk0mOK9UZSOQyDNMdathKcuwE2eNYGK34SjT CCWOGq5KM8KcT6Fcf7XaGAADYRAMhiEwFDJhGGTBcBgBr6jdxgJYCItgMSyBbHgVlsIyeA1e h+WwAlbCG7AKcuBNeAveVbnGalgDa2EdvAfr4X34AD6Ej2AD/B22qpXGNojAdtgBOyEKuyAG u2EP5KqVgSK12pTA+jUDaq1Zlm05qA0NoTH8Xu02r2c7VuWa02AGx9ynuYh97sfkfkzux+R+ zBWcWwmrIAfegdWcXwNrYR0wdpOxm1+w/yV8xf7XsBE2wQ7YqXaZMa4dhXw4ASfhOzgFp+Gs yrVSoBSUhjJQSe2yKkMVqArVoInabV0PfdRKqy88CSNhIsyDl9UWaxnbs2qlXV/l2leq3fbV bBuxbQWt2X9Q7bK7cr0bPAIvcH4G52fCLJgNy6BI7QoKlRssw5b3K8h7FawC1dRup6uKOT0h HXpBb+gPvO8O77vD++7wvju87w7vu/MijIPxMAEYrzMJJsMUmArTYDrMgJkwC2bDHHgJ5gL3 6MyHl+EVWAAL1crQX1UsdBe0gJbQClrD3dAGMtW7oWGQBcNhBDwJI+EpeBqegWfhORgFz8ML MBrGwFh4EcbBeJgAk2AyTIGpMA2mwwyYqd51r1QrU4Lq3RQHQupdYZArVhL543K7uJq4XCym iqFqtsiEYZAFw+G8iuGfY/jnGP45hn+O4Z89/LOHf/bwzx7+2cM/e/hnD//s4Z89/LOHf/bw zx7+2cM/e/hnD//s4Z89/LOHf/bwzx7+2cM/e/hnD//s4Z89/LOHf/bwzx7+2cM/e/hnD//s 4Z89/LOHf/bwzx7+2cM/e/hnD//s+Z/CpX3COD9VBXjWAjxrAZ61AM9agA+dgQ+dge/chu/c hu/cpi9Uecn/f+TF/9fRfv2s2k82i5LFZstNogb5ch8ZbCwebjYebjYebjYergAPV4CH8/1T DP8Uwz/F8EwensnDM3l4Jg/P5OGZPDzSbHzQbHzKbDzJbDzEbDyEh0cowBt4+IACfECB1VDF rCuTn8dZgPb3tXwMnR1DW8fQwjE0cAz966F/PfSvh/710L8e+tdD/3roXw/966F/PfSvh/71 0L8e+tdD/3roXw/966F/PfRqAXq1AL3qoVEL7AG0/ST7S/xPTVMeetNDbxYEy/M+tVMz0Jgz 0JTb0JTb3CyV5w6HESovXF7tD1eAVKgBNWEk5xeo/UInq7xGXkfHyTXiBrlWPCTfF03kB6IS 8/uO/AgltUHUlxtFK+a6Fb4+gGK4GW9fVkbEtcz7NyiH6uicA5w9KBqiF1qhF+rJPHEb7X5U 8rfsK+npQ7WM8pOTfa7kWk9UxVqRwrnPOdrkfy7lzz9LV+sh0i79ebqMpzFvx0302oJ8eCdj uHimMdnyLGdvJVuuJVvGk59RnO9/GyVnq3F0c/JvihUpW5cx+N9FcERcRYmrOdok0rjD8lyr zr36n/rWTn0t+4umjP8joxl6TefMZxx9SWlyE5qwkKNcjtJFmKMLHH0m6gtDpIkAmGCBDUFw IAQuhCGFHtuKCrI9Gq8TpHNPa9GBH6AzP1RbjP4izRgAA2EQDIYhMBQyYRhkwXAYIdLw8ml4 9jQ8exoePQ2PnoYnT8N/p+G90/Dbacnvvwijbk/RUy53cUS+z5P0v83kQ/U26jafe+/PnKxh XO9Rirvl3sOirLZZ1Na2iEbMTCfm4c+yPaU6iA6yU/Iz5jrIdPWh/6lEcqA6IKeJ6+R0cT39 eDzpuiiZ5cYN4lqjqWjEbHUQ1alRnX6a8DT7i5r0dNzvP9lTuOR7TT6VHan9EOW7sH2YbX9W 2Ga1C41cgD4+n1w/O4RNLSlM/5tQKJ1KyVRKBinpUaJQpIqDRFE0lDiMbupLT/4zHai2obsL eOqliLhbku1FeILbqUWbviIOlFXFePhiPHwxHrkYj1yMRy7GIxfjfYvps63K8//FEy025E2x kq1tV6dExZ/02ZGY1QUyuLf+KPFN6gSjK+Q+PFZcBfo+Ta2P6TdEv+d+td8Q/R7wv5uF1srS b4AWT9NiAS2eosUgrZ0ouYti3rO2nPU/L7AjSr4L9OVKf1GZmkFGbFLzDDWLqRlmLAl/1qhZ xFtxUNwuDsFhOM/KvgBFUAzfEx3a4lzaqUayI9HiIdFZdmH7MNsMvE9fxjNQLZDDWBfTxB9Z Dzcx45vpsWny2WxVLyV7i6gdvHPlcTkXStbItQZtGwlQon6grLjdag8doJOob02HhbCP4/1w ABinVci5U2zPMDb/8x8LGdl57vk8I2vIfZ9nZA257yrctx8xbO7X4V6Pyp2idHLVraPGR9Q4 RI0q1DhEjSrU+COlSzPmI8mVt1UVMe5z1DyUrBVJfi9Be/rrwEruxLYz2wFExQOiFhGvkBjj EBkrExnLEO/WJb9Rx39+MUpJzhTyHNqy1y75bvifhpcq+7GqBpHvjjDuPHo8przkettHvUPU c2jdpmWdKzFRWXRTJ8Qj8Cj04+m35Xm2Z1ydYAAr0y99kFVyhJk+ypiO4S/jtJJPnmwmKgZK qxOBAjiuTpjpkAG94AkYAANpN6XkO4GitByj5Zjsx10NIOYf4DkeZBUd4g1K3i1xOI85Oqa+ SnrxioyviPEVMb6ikrv3/6a8l1b20opOKw0ZY2laOUsrCVrxP2nepoX9/vcRMb4ixlfE+IoY XxHjK2J8RYyvSFwluokW4hF4FIaK5iIThkEWDBfN6bEUPf6OmBVghtsQswLMchti1hJmehUz /R7r9FPW6Z2s0xZyqZrIPX1Jhqh3cTTkLX80eaiJG0RT1mhTo5mKGvNEc2M+vCyaB0qLFoF9 bAvYHodvRXPzCrgO0kULMwN6wRPgj89mVGdK1o1esm705LPyZ/CYOpr8a8Ryxr24pFRqSalU xu1R8trkXyCOqW2sjPTEBrzgcbzfPrzecbzdPqNB4jBrLT3hcbaQM4VGA3UzraYn9sozzHMR tYuJDd+rjUZAncUXnjNC6hQlN1LytmTdD7m6hTNbOOMk63ryAv0VMSvfq+14zIQRFCZ1E5Ta jpdMUDKNuJSeOEIvCVzqKUZWIM+zLaLXYlbmxZrF9JrAnZ5ixAWGzdZhFCHOX2ypmDs4zapL x9eeFRqtFNJKglYULeQl+zaFRu1CaieoraiZVzKGK/x5SkxgDAeoXZvau6l9Rl7gjfVHX8w6 /p4Vl0AnKPU9YzlAa7VpbTetnTGCKpK8qxDP2RWlccpxWv6eMb3uZ1Gl0+I5xpErE0Kn1jn6 zjXC7DdQl/slEpsocZT+/JmKUeIobfqzFKONb5ndf3pePP2S50TtX3k+ybLJ50LZX3ke3OP/ 8TkQT//N+SfK/JfnnXv8hflOXrnkPIsUo7wIGhUYXyXhGFVorSp1qqEZLmO/OtdqcK0W1+pw XJdr9bhWn3xgGKn0UJWrNdnW5Zm4RnmO8BBGRfqvQg9V6clvqzrna3D+cs7X4XxdztMOT8Ev 7fdctaSE35PfVlnGpXP1sJHKmYpQSVRnfGUpeZg2qzM+nfHp1Dps1OT65VCL83UoU5dz9div 738rOa3kMlb/DnWjMmOtIgIlrfi1cxm/f4e6UZtrdbh2sbbO/ZaHCqy9VMZciXarcC9VefrV 6Osy/764XoPrNblei+t1OFeX6/W4Xp/74y54NhVoN5WzFaGS2sEYEszOAaMaz/Iy7rk6ZWpQ pibXL4dalKlNmTqUqUeZ+mQ2/zm5yXmtJMozDn/GzjGO8owjxDjc5NzW4rhOcgbPMYbyjCHk PxUhk/depWSeL47enz2ZvO+LNQpLRq2LUv/pmuCt9Zi/f1oXvO3XiPC/uzao1UhYv7Q+uFpX lPtvrRFa+x13/R+uE2o3EGX+r2uFVm7w7+i/s154El8kn+N/tGaSuSH8766bZFRvIM8kjhFJ uxBxqhHVWsoLiUKi2l9kcSJO9OlGVKtJVGtqBBLHiKhdiEbViGotjWCikKj2FyOUiBOZuhHV ahLVmhrlE2eYkauYkSuYkSuMShxXVr9jRlIYVWNmpR6zUteozvkalKtJmcuhFse1KVeHcnUp V49y9Vk1QZybi+dKk/73+mwQ5VC75VG6dVAVf0QrfIzaK5X8bqE1Widxo9ZF3KY9LMZof2Pb FefeVs2R9+NFHlBrUB5zkt9Ud8W/KPVxspT/HUg7k2d/OFr5jyMdJ79e+0CtTO753253gL1S uOSrhBBN8aQNxZ/4bSTuEveKxuJ+8QBnH0TL3SQeE2PFX8U4sVQ8IdaI9Rx9wO9E8YXYISaJ KL/zRC7uZL44SouvalW1qmKrVl27SmzTWmgtxUGttXafOKy11zqKfK2z1ll42sNaN1GopWu9 xHfaAG2GOKPN4reKNoffqtpcfqtpr2pLtcu0D7RNWg29kX6tdo3eRL9eu1ZvqjfVrtNv1tO0 6/U/6821G/Tb9Nu0G/U79Lu0m/SWekvtFr2Nfq/2J/1+vZ3WXO+gd9Bu1zvrnbU79G76I9qd ene9u3aX3kPvpbXQ++oDtXv0wfoo7QH9Bf1Frbs+Xp+mpesz9Jlaf32h/oY2UM/RP9ae0T/V d2jT9ah+UFuiH9PztRy9UP9We1s/qZ/V3tXP60Xael1JoX0odSm1DdKSYe1jWUqW1b6S5WV5 bbNMlVW0LfJyWUvbIevIulpU1pdXaDH5O3mVliuvkddo38jG8lptn2wir9MOyKbyRu2wbCZv 1o7KW+Qt2jF5q7xVi8vmsrmWL1vK1lqBvE+20wple9lVOyXTZYaWkH3lIF3IYXKYbsrhcrhu yWlyum7L5XK57sg35Zt6SL4j39FduVpu0MNyo9ypV5IHZL5eS56RSv+dETBS9OuM8kYD/Raj mdFMb2v0N0bp9xujjbf0nsa7xnp9mvG1sUl/ydhqHNbnG3mG0t8MOAFH/yrgBlz960DpQFl9 Y2BbYJe+JbAnsE+PBg4GDuq5gSOBI/reQF7gmP5NID/wrb4/cDJwUj8aOB04q+cFzgfO6/mB okCRXhD43gzox03LTNHPmKXN0nrCLGtW0JVZyawupXm5+XvpmH8w/yAvM683b5fVzdZmW3mN +ZD5lLzOfMZ8TnY0XzDHyM7meHO8/Js50Zwku5pTzanyEXO6OUc+as4358t0c4G5QGaYi8xF spe5zMyRT5hvm+vkYPN98yM5wvzE/FQ+bX5ubpfPmjvNqJxkxsyYnGLuNb+RU82jZlxON0+Y xXK2JSxdLrEsq6ZcatWzmsi/WzdYzeQ26xbrFhm1/mzdLndZf7Vayb1WG6uNPGjdZ90nD1n3 W/fLw1Z7q7M8YnW1uskCq4fVQ3rW49ZgWWgNtYbL760nrZGGbj1njTIMa7Q1xjCt8dYMw7Zm WbOMstYca45RzpprzTPKWwuthUaqtcxaa1S0NlifGw2sLdYO4xprt3XS+IN1yrpgtLSKLWXc Z9ez6xnt7AZ2Q+NB+2r7GqOj3cRuYnSyb7CbGp3tm+xmxsP2LfYtRlf7DvuvRje7hd3C6G63 slsbj9n32m2NnvaD9oNGht3V7m70sp+w+xj97KH2UGOgnWVnGYPsJ+2njMH2KPsFI9MeY481 htvj7fHGk/Yke5Ix0p5mzzaespfY2cbz9jJ7mTHaXm4vN8bYJ+3vjLH2afu0Mc4+Z58zxgcJ fMaEoBE0jElBK+gYk4NusKIxPVg5WNlYEKwarG4sDNYM1jSynXud9sarTheni/GG083pZqxy HnN6GDnO487jxltOhtPLeNvp7fQ23nUGOgON1c5QZ6ixxhnmjDDWOqOc14z3nQ+cz4zDznZn j+E5e53DxhnnfKiKkQjVDk0I1AxNCr0cGBd6O7Q+MDe0KXQysMS13EqBL90r3b8Ect127mOB c+7jbm8z6PZ1+5ul3IHuYLOsO9QdalZwh7nPmqnu8+44s6Y7wZ1g1ncnuVPMBu40d755pfuK +4p5nbvQfc283l3hvmne4r7jrjVvc99z3zPvct933zdbuB+6n5kt3a/crWZbN+JGzI7uDjdq PuTG3G/MLu5+91vzUfc795w50L3gFpvD3ERYmCPCelg3nwobYdN8OmyHw+Zz4dLhVHNsuFK4 kjk5XCVczZwSrh6uY04P1wvXM+eGR4RHmPPCI8PPmvPDz4dfNBeFJ4Ynm8vCU8PTzOXhmeGZ 5srw7PBs843wS+GXzVXhBeEl5jspekqKuS6lbEpF8/OUqimXmZtSzqZcMLcK3UG/C+HeWuZu 0UDUFP+lH7VGHVRHRCOVx/7uS5ZIqNlqBb+FajRHd6sO1PmYvbyS63kqzn/3lxyd+Vl9/2pc neL3f69Zl+jnO5jyq+PNhPd+cmYvPaT6vfziD86LcrtUEfsumbyjCHN88Kdj/OFuLtHnV2qf 8tTXtHCAuz36a2P8DT82rU4raf2QKlAfq8MlRyd/1ns+5Kpv1DZ1Tv1VBJm7huLyH11P/Fpn 6jTP7hQt/O/ImX8Uy8Wri9Qi4cI/nuE/1T4Oh1WMNvZyGEBn1RM3s1cjefXvaqPawfph7eDb L93/UvWKmsv2eUhTV6sBqj97P5rHH+6evYKf1U6oT9RRVtAn6kvGwXPwZ++ntf5R9qtfmQqB TxUiJbk3ruSMR9tf/7A2f7wqSs6c4s5PMve71Xfo/VKcasJT+EfvKj/5hPJ/KP2z+gXqGO+Y 98OM+38ZTW73/LjMr427pFzsJ0d9fnL02W9rg5/GyfIlK03t5PnZauev9Hz2R+92Y/HHXyn9 msr232j1yW8e00/rH/FXh79mf3Zl+2+ozZ2p55J7b//z+6z+9hvqs0bUm8m4tdd/bv/uj3o1 GU1fZV5//mP/phYK1Zpk1PyN6+ISLZz87avqErVLIqza+h/VXpn8704/cvzXf37/G/o/cjGX qSLW0Xf/dg/uv7xaH+5J9vJDxtt/8bfkeo1L1LmC3xr8XvGTUS4u2W66+Psv6je+ZP2S2WWV nCY6nf6lARM/j6sTRLB9yXfKX9XnkucnJy9XVx+o9SriZ/RfqF/8o/0xojLx/wHR2n9DSs7l khvW/jwW/6NO0Y/2J5B5Sok7RRf2l5ecO8jsbfnlrPpD/8kVPZP6QaJP35JI7p9fpVYIqd75 xfr/vAoDqKfunH+x5Ppn6lPm/4uSo5/H7ws/2h9N7cqipfCVUFrJuffUalp4/Rf7P3Tp8wme mB8fVRvVSnVTrUtKz/tZ/aeIYovU62qzivzotC4eEk+LseyNE+P9fzMjXmPlLhfvoA7XivXi 2uRfFa4TG8QOcb3YJQ6Lu8RRTRPttC5aF9EPR3+P6O97eTHQd/FikN5TzxBD8ONRkaXv1g+K 4XqenidG6XE9Xzzve3MxWj+jnxVj9SK9SIzzvbkY73tzMRFvHhKTZQ1ZQ8yQHeVDYqbsIh8W s423jbeF72qVmBsoGygrvjLfMt8SX5vvmevFRnO3uUdsNpWpxFbf04ltvqcTUetuq43I9T2d +AZP94DY53s6ccD3dCLP93Qi7ns6ke97OnHe93Qigacbownc3ETNtCZbM7Sg7+m0Ur6n00r7 nk4rYy2wFmrlfE+nVfA9nVYPT3dSuwo3p7TWtrQDWgfbth2tk+3aKdrDdhm7nNbNrmBX1Lrb VexqWk+7ul1Ty7Br23W13vbNdprWD9f2iDYAd/a8Nhh3NkYb6vsvLdP3RNow3xNpWaHM0ARt pO90tOluabeSttZ9zX1N+7t70P1W+9j3Gto232tou3yvoe3xvYb2je81tH2+19AO+l5DO+Z7 De1b32toJ3yvoZ3yvYZW5PsIrdj3Edr3vo/Q9ZRgSki3UiqkVNSdlHMpF3T/f1PYmVwxWnLF 6KyYaTiK6WIWa3q2WMiZRf9D3bfA2Vit/z/veq9777Xnjrm6jDuTxhhDzAihooukyxHGqKjJ XJIuszN7qEaSSjqhkvvpFB05JZX8ynF070hIkntCkiShwvv/rmfvmWaiGJw6/3c+69lrP++6 7b3X+13f5718B382PUNzsUrNw3yyeD5ZmE9LcNT9H2aVl2eVF7PqPfjfpzXko0/wJzDL1oJV f0YbwK420jYcY19gzjWgnfQdjvj9+Eul7+kQNaTD+GtEP9JRakzHMCOjeUam8IzUeUZKnpES M3IYRYkCzEvJ8zIG83Ij1RabxCaKFZvFVqojtoltFC++wHxN5vmaxPM1nudrLZ6viTxfY4Ur XIrVQf8pDrNWwGKjWpi7NvL48SlB92Aex/E8TsI87k9N9AGYzU0xmwchn4c53ZTndArm9EbS jE3GlySMHcZOsoxdxl7yGd8aB6iu8YNxkCKNQ8YRqmccxexvzLO/Ac/+FJ79KTz7U3j2p2D2 X0Bxdje7G/ns7nZ3MuweOB5MHA894ell94LnEvsSsu1L7UvJsS/DcdIQx0lv1L0CR4uHjxaf OgNCfvsaHDMROGauowZ2f3sARdoD7YHU2M7FURTNR1E0H0UajqJbUGuYXYwyt9rD4bnNvo2E PcK+Hb3cYd+Blu/EkebDkXY3ao20R8JfapeifBDHnp+PPU2dT0GZsfYD6Hec/SD2PmI/As8E ewJqPWo/ijKP2ZPgmWxPxkim2FPgwfFJXnV8op1p9jTUmm5Ph3+2PRvtzLHnoOQ8ex48z9vz UfcF+wV8DwvshfhmXrZfwzgX24vxnbxuv45R/dt+C6N9234PbX5sY2ban9iYk/an9nq09rm9 merbW+wv8J1st3ehr6/s3ZRqf23vwTf5jb2XGtnf2t+ix332foz5gH0AJX+wf8Deg/ZB+A/Z hzCSw/aPaP8n+ye0/LP9M1o+Yh+hWPuofRS9H7OPoa5ru+r/qzompSg0gQWawAJNYIEmsEAT WKAJLNAEFmgCCzQhDWhyP+xYZywJhSlkKEwhTWEKSWDKSNhSbxlFKWQhHciylqTvU9868vs+ 8+2nKIUypCuUoQSgzBcUK7fL7RQnv5Rfkl/ukDuottwpd2LvLrmL4uVX8itKlrvlN8jvlXtR /lv5Lcrsk/tQ5nv5PfIH5A+UKA/KgyhzSB5GmZ/kT9j7szxCPnlMuhTvV6F1rMIvWMNvwJp+ i2KAYg7V8Xv8Xqrl9/l9KCn9fkoGrsXCE+evTYkK3ag20C0RNsmfjDJ1/fUozl/fXx/tNPCn It/Q3xDlG/kbIQ/sgx/YB8/T/mnoZbp/BmrN9M9Ey7P9c9Dm3/x/p1oKDUlXaEhRCg0pCoj1 zzAaTsCfzmhoAg2nIP8UcFBnHLSAgs8jP59ehX2NMNuAhkuRXwYM1Okt4KAOHPwEiLkW+Krz +XuHcVBnHKzFOFibcdDLOFiHcTCecTCBcTCRcVBqkVok+bV+Wj/YYVoBbJE2HHaENgJ2nDaO /EDJK0gwSnqAkjfAKpT0MUp6GCUjGBPjxB6xh6IZB2MYB2PFUXGUIhkBo3RDNygG2Ocg79W9 FK330/tRsn4d38mmsC+Fsa+ePlAfCH8u392mcDCFcbCePli/npIqcXAn6UDAA+QA+46Ql1Ev kVGvtjpri+Ozi90FR29XuyvpjHGOfSEwzgDG9UJeoZvO6GYxusXbl9uXw6PQTbevtK+E7Wtf hZIK4wxGt9qMbl5Gt0Sg2yCS9mB7MOz19vUof6N9I+xQeyisQjqHkc4bRroR9gh4bgfSWYxx jl1il6BuwA6gfAXSlSEfwrh77HuRV0jnMNLpjHRee7w9HrUesh+GR6Gew6gnw6g30Z4Iv8I+ h7EvkVFPZ9Qz7KeBenoY9WbYM5Cfac8Eos2yZ6G8wkGdcTCxCg7qjIMOcHAx8iHsW2L/C/l/ 2ythFfY5wL71yCvUq8WoV5tRz8uoV4dRL55RL4FRL5FRT9rf29+jlsK+2ox98Yx9iWHsOwKM 0xnjpKM5GukhtPLe5S0hj/du792wpd5S8nnLgE0+72jvaHjKveXkYZwSvom+J0gw4sTJb4A1 UfI7uZ9iGF+iGFnigCyHkD8sf6RIYMoxHOcKU6L9ul+nSKCJTRGMIzGMI3FAkBjkFYLE+uv4 66CMwo44f4o/Bf56YexogBYUdsQwdkQxdkQzdsQAO55Gm9P901Frtn82ys8BasQwaggSGfvU mdd2Oy7Iop507W/x/P8/NneX+5VK4XdbThR3qfM8fK6vpm1vV2e4OPJeyu8/r+iT7cpw9LlH xZ8ci653t7k7q5/ROXm/FWfo3OKaj/Dsbm4vRJ7q9Tdj7+Nq7EKk/c7pn5epbGfPr9+537EN +xErHsA3u83di1R5Zq9KJBpXpfZ6lFpH6rxHHeTCZxgrous/aPNWjqZqv5L+wr6vT3R2wd19 /Lk5d7+71f0Me467CnG6W8VZ8urv1PETntVVzhdg7Hplfs9v/cru5uPPap6t7cRXcE5aa447 k1+P8Nnwd1VS54fc55B7L1ymYmapI/gH96MKf4362c5zdNsv79VZMHdjlRIP8fkgda58M+e2 YzRVESr8/Z7q78tnrbedvFzNN8y0Ku26B90jSD+pc13u0Wrlfu+61P/Y9gcf86ewuVPPoHLv E7S3jZphDtY9g1Z/f2tGjK0KTxlTT7gBG075GuKZrxW/aq/aqKoee6dY/0X3DXdB+PpAnDvd fYO9X6jVverqfVr8YR2wcQvzh53MTRjN1JrkbsHrvHCpvXy97X2kt/C3s/qZa0ayBKo4N7sc a8F77sdIU+Ht6a52P2D/mhCL4Cvaf6n5SI8b+VfV3vEa6v6ziiffne0WuA+os/zu8EpvR/he Vcfd8VcdSV1zPf5a6G53KT7L+rN3pFbMB7WOAcEqeOF7FL4+W3UMwOXKayPqGstJWv7P2Rrj 6W74lvz8+qi63nzc3hHu8mplQ68bsbp9oWbIafT3iZr1zLf4e1I5rG9bwt8arHuzu4J/70Ok n2AN81P6cW3uxXHwTfjqkg7kqLjqdCi098zXt1+uQ1e/XlnBUhT34nV7O/72Hsc9NzP3PMHR jqP5LGPXibZf4dnq4/Yf+bUn7L/1xH6qyXX0Gm/ukBpWCN1jMdYt59dvGQFeUgm5Z91FoRzv q+BnfL0Tv9RrpzG6F91XgZgvh98td+eSuj/oFZVHAnICxZYDJSpY8LdA3w/COBG6fhZxXJvv uC+7b4bbjFPvwv5q6OC6NR8t18NR6n5W+a4idtmqchVxZYiJM6K9p+ZH6B6R8PGznxF5gNub 371J6mpeMdKdyE1wp2CtuzPcSpV7W/ANvO4GTmO0eW6pO8stQG4ZjupZ7lDGh4ewGs3C9/ym O9W9CWvrt+oaIH+yxe58d0ao5/Cqkegu+1WbO921iCpDR27bylyYd7o/htKpM+ZqbR/g473y rqDqqxSv05WRLzPfLXzfQ9U7LlpVv2Plj9qqX8XlO5i+OflI+BMdd//VH7FVj2TVt4o5/P3J 8JN/nbMW6dZkq8o/cDSoKOtTvP7Gle7KkrvPfLzu0+5I9z53Muc/wnyfqe6UCa9DIb74g7sQ 6Y0z64dbSg/dyXJGbXzh7sBKyOsjftMdmIeVnDv0q7v7wDn2nYgB1riv0+DcVWp/EPpVMRaF g/8Jv9scPn7Co/5zjucTbe4Q90Z3ibuIBL8rde8AWg8KMQL3Ffcw3o13b3XPcxsCRzPdO92b z6CvEH+sf0bjDWNSKKatvN9wZvW9Z3Nz55yFNtTsXRtCdfDb43593r/NXfXLKvznbhjN5zjm +Jwn5rCKFCsjlRDTxd53kH7jXtU/esN4H6565IJfLf4zx/PbG462EYo7he50dW8DO1qDoy+0 7022n7uvude5DyD3iLsh5DvNvt458/HWsMcDVe/z+t/dKjnu/jO/u/JE97qfzS3EDsG/v8Sq dxbOWJzsHuXfrXuKM8p9gc/tf336PVXZEs5KK6e0gQudMXN1Hz0bIzlJH2GkA7s94/PyZ+lX OlkvX4DZ/pePlLO3gfUcOGvfTMwZjONsHO9/4PWI05mN4D3bQjXDT3ZUnBdZwdcZVvxu5cJw 2QU17/eP3k7nGYjj2vjNqyG/U4fP1qszRaFIOHRGp/JasPf34mM+t5tABWTVvF+ufxpPebk7 ee345VmyinNypxrb+ejCmvf6p261T7diza88kbqrQV2Xrozs3dfZfgN8PunViP+1Dbz/h99+ ZqJKucP//bGc2nZqCHm6q/oJn5U6aV98B8Evzw7yFYvKmeU9YaWKsupcVTJdh2PuT9iqc/cQ aiB6OgnO8pWYP+F8n/vdWWxrK4XPKJ/wiaPm/JSTuoL+0Qn2nqxt9RzV1oqaFTk+w7817Kno syP39atxVXl3/y9tVoxFPa913KjUU1mt1VWa04na3anuM+7iyufAwjnFCMLnND+qHEfr48b7 TM37q1b/NO4UclfxVYn3K9/zPUDgm9YpX+k7haf3fqPvEz6bfJI6O/islVrJGQv43XIceyFk 8P4ev+QVJZI6ndrzmieofzr3P6xWz1tyOhh6zzZ81vz30SH8WZKr32+E+fWd+zGnqVQHnPSr 8NWkLaFjmudafs1HepLPEbrCViVadwe5d7p/d6exbkDlPT1uL/fFGra8/I9hzGqMv92Pe+xE V5VDVxR/5fvu5FdxTnfje2TCyOzuB5/YD360zl3/CxK5e+BT14zbu1fz+5cwA9a6A9y31Hv3 Tfev7tvqjDnve6xa2xsr/DUa0eVugTva7Rl+xznMwKGcf8ad7Q7HPJgKtrYYK68qsch92V0Y XrXV2fnalM7XnO9yh7EvdD/iNPDqp9XvoVQSKu8CqnYuyP2x4mn+Go33Cfc5xGpPht+t4L6n Ms6v4O9AXX1d4B5w/8UFQk/th+8wCM/itjXv9c/a/itPYx/fy9YKxApdd/6zttO5ToVf+huq ctahUiHhVNaeWFL371zJ+WTKROxZn+t+CdbxJa8mSdTG/QRHqPrb6G5yz8PxMpSkG1rXw3Eq js5QTFUn/P7F8JUKQZVPTLP/+d/5HHxvhRvAOhc+A+l2cXORerlDKNYNrcEVGhqlSN3dju5V bvjJBvdddwPfLaGO2N1Yk7aG49eW1IxXzpZc6vfPbpx4XDPd2bDPVb5frGK5andW9A1nrqM+ 1J4yWCemMe+p+tm9x1a5vmOHeKVc4t7ivqTWMDfo3qtyaHVctW5D94DdchrjHeYW4fMX8RsH uWGMm/fySv0xfsudx0JP0r/CqiAVG3+z7m3hNk4hxjth31+dvMxxdfbwHQGKJ/Bs4tm8HO8N 3i1/l++oWpGUjdELWn0SHbt+YR27e+hiTWi16AZWp7uL1enGsjrdOK2fNoAmaDdrN9NfWZfu ce12bRxN0cZrk2m+UqejxUqdjl5X6nS0RKnT0f9p/9I+ojdFumhNK0SmyKKVSp2OVovzxfm0 RqnT0SfiYtGLPhXDxW20XtwlSmiDmCAeo01ijphD28TfxXz6QiwSr9DX4jXxGn0jlog3aK9Y Lt6i78R74j36XvxHrKADYqX4mA6K1WI1HRZrxVr6UZe6n37So/QYOqIU5shlhTlihTlTb6Q3 0mxWmHNYVc6nZ+lZmp9V5SJYVS6KVeViWE8uVu+nX6fF6QP1XK22elZOi1eqb1qiUn3TWhmv GG9o/ZTqmzZYKb1pNyqlN22IGWVGa0PNODNBu1npvWlF5gZzq3aH0nvTRiq9N61U6b1pQaX3 po1Sem/aGPMH82ftfqXxpj2sNN60yUrjTZuuNN60GUrjTZujNN60eUrjTXtDabxpbyqNN22l NcAao32q1N2EptTdhKHU3YSp1N2ErdTdhGPNsGaLCKXrJmKUrpuIVbpuIlnpuomGStdNNLXe s9aJ5krRTZynFN1EB2un9bXIVopuootSdBOXKkU30Vspuol8pegmStTzcSLoCEeIMsdybDHK 8Tk+cY8T6USJe504J06UO/FOghjjpDgpYqzTwEkVDyjFNfGgUlwT45XimnjEae20Fo8q3TUx UemuiceU7pp43OnsdBGTle6aeELprompSndNPK1018R0pbsmZjlDnKFittJdE39zRjgjxLNK fU08p9TXxFylvibmOQ84D4j5znhnvHjBecSZIBYo9TXxolJfEy8p9TXxmlJfE687LzlviCXO Ume1eNdZ63wqNjifOZ+LTc5GZ6fY6nzlfC/2KFU2cUipsonDjuvRxI9KlU0cUaps4qhSZdM1 T4Knru5Xemx6rCfV00yP87T0tNKTPBmeDL2ep62nrV7f087TUW/gyfF01Zt4unm66WmeHp6L 9HM8PT299HTPpZ7L9QzPNZ5r9baeQs9wvZ23vreRnq3U3fQuSt1Nv1iptek9lVqbXqzU2vQS pdamj1ZqbfoDvr6+6/V56qk9/XWl1qb/W9oyUv9Q6bTpn8jr5E36PqXTph9TOm2GoXTaDFvp tBlepdNm+JROm1FL6bQZyUqnzUhROm1GfaXTZrSUc+Q8I03ptBmZSqfN6KB02ozzlU6b0Vnp tBldlE6bcbHSaTN6K5024wql02b0lVvlNqOfUlkz+iuVNWOAUlkzBiuVNeMmpbJm3KJU1oyC CBHhGIURMiLCuD0iJiLOuEspqxl3RxyKOGQEIylSM8pIaNuAehGI+CIpijSKxp9OMViHDYrH 2m1iVW8MfxP82dQUq6BDaUBJD/CwI0ngofo/D534P2AoxIxgxIwEYl6NWtfgLxq4OQAtDqTr qTPdAAztAgwdDuZwG/660gi6i2pRCf5qU4CC6LkMCBsPhJWUoPm1CErkJ4STtChg7jnA3Kbw NNOaUbrWXGsBf0utJfJpwOIExuLWwOLLYXsDkbuzXmiCNgC4nMG4nMG43Aa4PBL+Uu1+ytTG amPR5gNA6iQg9SOUpU3QHqd22iSgdmtG7daM2q0ZtdOB2s8hPxfYnQ7sfgvrwdva29RRe0f7 gLK1D4HmOYzmAmieCdsWmG4xpkcxpgvG9CjG9DjG9AsY089lTG/PmJ4MTH+O6om5Yi6liHni H9RAzAfKpzLKpzLK1wfKL4H9P2B9Xcb6Roz1KcD6/8CuAOLXB+KvhP0YuF+Xcb8u435D4L6k xrof6N+E0b8Zo39ToH88tdAT9ARqqSfqidRNrQTIYyWg5lgJmsI205ujFtYDSlPrAWp10DvA dtQ7Ym+OngPbSe+EMlgbYLE2wKOetb6Qn7W+iJ+vvpCfr76In6nugXWijDoZo4z7ScNqMYEi jUeNSXSeMdmYQrHGE8Y06mBMN2ZSHWOW8Q9KMOYbL1MiVpRXKEOpiVKmWlcoW60rJNW6Ahtl RlEXM9qMptZqdaEMrC5rSDc/MT+h+uZacy1Fmp+an5JhrjM/IxOrzgZ4Npob4dlkbiLb3Gxu JsfcYm6hWuZWcyv51JpEfrUmoeQucxdFm1+ZX1EMVqavSTP3mN+gx73mtxRr7jP3UR21VqHH H8wfKN48aB6kHPOQeQhjO2wexnh+NH9E/ifzJ+R/Nn+mTuZR8yhaPmYJirV0y6BOlmmZpGGF swmLheWQ3/JYXoq0fJaPdEtakuItv+WnHCvCikAZrILqv7pbsagbZ9VC3XgrAeUTrSSKsZKt FLRc16pLSgG1AWyqlYoWGloNUb6R1QjlG1vNUL651ZzqWC2sFvC3tFqSYaVZaRRhnWO1Qvvn WueibrqVjtZaW61RJsPKQN02VhuSasVFX+2sdvC3tzqgZEerI1rItjqTaXWxuqNkD6sH2daF 1oUY8+XWFfhcfayr0P4AaxB6z7MGo5frrSFoZ6h1C3W2hllF1MUqtkagx9utO6irdacF9LBK rADVtu627sZoR1pBfJYyaxTaGW2NRgv3WPeghXute8ln3Wfdh17KrXKUGWONQS9gAJSkGACl gwE8SpnWRGsitVE8gBLAAyZj7xRrCiVaT1jAAesp6ynKtqZaU/Ftz7BmwM60ZlGG0oBFeXAF tDDPmgf7vIVZas235qPuC9YC6m790/onWn7Regl7F1mLUPcV6xX4X7UWo+Tr1hKUfNNair3/ spZRFhjG2/C/Y71DrcAz3kP596334fnA+gAlP7Q+QsmV1kqM52NrFcqstlZjhGusTzDmtdZa Osf61PqU2lnrrHWoC46CWpusTWh5s7UZtXZaO9HaLms3yn9tfY3y31k/oMxB6yC+jUPWIYzt sHWEEhSPoTbgMX7kI+xoyrRj7FhKsuPsOpRlx9vJ1M5OsetTa7CcppRtN7Ob08V2C7sldbTT 7DR4zrHPpRw73U5HC63t1iiZYWegTBu7DfZm2ogdwY3Oo7Z2B7sD+upod0T5bDsbe3PsHPSl NAU0xZkoQ3EmWHAmWHAmWHAmWHAmWHAmWHAmWHAmSlSciZIUZ4IFZ6JzFGdCHpyJshVnogSl VUutnC5OF9QCc4IHzAllwJxgwZwoSzEnagfmhEjAGeoMpRzwpyKKdIqdW1EGLAp1waLgB4tC yVHOKLQz2hmN/D3OPfCDUWE8YFQo/4jzCGU6E5wJqAVeRW3AqybBM9nBrHOmOE8h/3fn7+jr WedZulgxLXjAtMirmBYsmBYsmBYsmBbsV853dL6z39mPXr53vkc7YF2UrlgX8q7jqv+95SHq 7tE8GiUoBkZJYGA2rONxqK0HG6V7vB4v8tITARvpwfrrifJEUZYn2hMDT6wnlrI9cZ44auOp 5alFOZ7anjrwJ3gSKNOT6EmkczxJniTkkz3J6CXFk4K9dT114QG3Qx7cDiMBt4MFt4MFt4MF t4MFt4MFt4MFt4MFt4MFt4MFt4MFtyOv4nZ0PrjdlRTl7evtS5b3Ku9VyF/tvRr5a7zXIH+t tx/FKeYHz/3eOSS8f/M+jzz4H/LgfygD/ocyP/o0Ej7hS6QLFAuk9iHtBsUCSSgWCAsWCHud vI5SZH/Zn+rLAXIARcuBciDVk7kylxrKQXIQpco8mUe6HCxvRH6IHILyQ+VQlLlJ3oQyt8hb kB8mC6iRLJSFKFMki1FmuByOvbfJEVQXzPJO+O+Sd8EPfgk7Uo6ELZVBSpZlchQ1kKPlPSh5 r7wXJe+T5ehxrHwQnvHyYbQMDopeJsqJsI/Jv6LMJDkZY54ip6CdJ+STyD8ln0L5qXIq8k/L p9HmNDkNe6fL6dRUzpAzqLlirtQMzHUOtZR/k3+jbvIZ+Rzyc+VclJkn52HvC/IF2AXyn5Qm X5QvYu9LciH2viJfpRbyNbkYntfl6/CA78KC78L+Sy6jxvLfcjnKvCXfpibyHfkOSr4r30Uv H8qP4FkpV6FNsGG0v1auhf1UrkOZ9fJz7N0gN6CdjXIT8pvlZsoES96K1rbJbdRUcWWqC658 DyX77/XfR6n+cj++JfDmsZTmf8CP78o/3j+e6vkf8j8Ez6P+idTS/5j/Meqm+DQ84NOUpvg0 xSk+TULxaVjwaVjwaYpTfJoywOw6M5/uwXxaMJMO8eYKxqz4cQTz4wj6C/4imBlfxMy4JzPj GGbGlzAzrs3MuA4z43hmxglV9HtM1u9xWL/HZP0ek/V7vKzfY7J+j8n6PX7W7zFZv8dk/R6T 9XsiWb/HZP2eSNbvMVm/52LW7+nF+j2xrN9zKev3XMb6PZezfk9v1u9JBFP3gTf7NT9z9ARq qyVqieDQiqm3B1O/nDowF79Su0r7C/yKi3fUhmhDwLBv126HvUMLgDePBCNvB0Y+lnLAxR9A /kHtQZRXjLwdGPlk6gwuPpW6gIUvhH1Ze5m6aou0N7FXsfBrmIVfwCy8G7Pw7mDh6aQzC9er 8G8d/PsC5t8Xg3/3YhauFIYMVhiKZoWhaFYYqsUKQ9HM0a9gjn6eeECMo05K2Z/6hpm64uUt xQviBWouXgUvb8iMvDEz8qbiA/EB+Lfi4g3EKrEK/k/AvxuwalGK+ExsBCPfLDbDKgWjNFZ1 ayG2iy/h2Sl2wiptt7qsbNRIfCP2Iq/0jZqI78R+5JXKUTPxsziCvNI6qieOCZfqsuJRqq7p Anmle9REN3UTeaV+lMrqR410n+6DJxLsvxXz/gzm/ZnM+/voSXoy/Ir9t9Ibgv2fqzcB+2/F 7D9db6G3QD5NT4NtrbehNogE2iHfXm9P5+jnIR5oxfFAaz0b8UAr/Xz9fLSv4oFWHAlcxZHA 1RwJXMWRwNUcA/QA+59EEeD90yiGGX88M/4kZvztjUVg/B3B+JdTjvGW8SF1Zd7frYomk8ma TJGsyRTLmky9ORLoyZFAF9Zn6sXxQAfEA6vJ4hjANj9DDGBxDGBzDBDB7N9m9h9vbje3g+Xv MHfCo3i/xYy/DjP+nsz4Y5jxxzPjTzAPmAdgFafvwZzeZk4fw5y+B3N6YVng9DazeZvZfAKz 9h7M121m6jHM1BOYnfdgXm4zL49nXt4DXBxxr9UKjNxiLh7DXLxHmIVnWpkon2Vlobzi4j2Y hYc4t80822ZufRFz657MrWOYW1/C3Lo2c+s6zK3jmVsnMHtOsMZb48EpH7IeAptU7LkDM+Zs a5I1CX7FmNsyY+5iTbOmgUcqrpxlzQJXzmaunMRcOcd6xpoLHj8PLDmJWfKVzI9zrIXWQtRS LDmLWfKVYMmvou5r4MpJzJXbM1fOsf5tLUcLb1lvobziylnMkpOYJbdnlpzDLLmbtQosOZtZ chdmyVnMknOYJXdmltydWXJba6O1EXsVPw4x47bWHmsfPIoft2d+3IH58ZXWMesYGKpixtnM jHPAjOsgrzhxZ+bEXewGdmPqysy4GzPja5gZX8A8uAvz4GuYB3djHpxkt7PbwSoG3J0ZcDf7 fPt8tKkUxSJZS8xkLbFIVhGLZBUxk1XEvKwidhmriJmsImbafew+6F1piZmsJRbJKmK9WEUs llXEerOKWCKriCWyipjJKmImq4iZrCIWySpisVVUxCJZRczLKmKRrCKWyCpiJquIRbKKmFlF RcxkFbFIVhEzWUUsllXEEllFzGQVsUhWEUusoiJmsopYJKuI9WYVMZP1w8wq+mEm64f5WT8s kvXDTNYP611FP8xk/bBI1g8zWT8skvXDTNYPM1k/LJL1w0zWD7uY9cN6sX5YLOuHXcr6YZex ftjlrB/Wm/XDElk/zGT9sF6sH3YZ64f1rqIfZrJ+WCLrh5mIYWKpAyKWxtSF45OuTlOnKWKD Zk4zcP2WTktq76Q55yDeaOW0gj/dSQ/HLVlOhtOGunP0kuVkOe1hVQzTzenodEQ7Kobp6vRw LoS9yOmF1i5xLkWZy5zLqK1zOSKZHKe30wcRwjXONdir4pnOTq6Ti/EMdgajVkiJUUU43RDh 5KMvFeFEOLc6w9HObc5tqHW7cztd4Nzp3AlPqVOGT6HinA4c2ySxcmMWRzjZzsPOw7AqzunO cU6287gDlOA4J4sjnBxnujMdntnObPSuop1uHO1c4zznzEUtFfPkOP9w/oEyLzgLYF9C5ONz NjlfwH6JmMfHMc+FHPN0dQ44B9Cyink6OD87P+PTqZjHxzHPlRzzdOGYJ5ujnSyOdjpwtJPl 8SPCyUaEE02dOcLpxhHOBRzhdEeEUxtRUB1PPEomIMJpz7FNEsczXRHPNEUvLRDP+BDPZMJm eTrA5iCG8XEM40MMczmsil58HL34OHq5ENFL33DEomKVaxGH9OOIpb+3PzzXe6+nTt58bz7s MO8w2EJvIWyxtxh2hHcErNKii2YtumjWoqvFWnS1WIsumrXoojny0Tm2ucKX5Eul83w9fVdQ J98NvgD1ZaU6g6MdAxFOS0QRKoZpyTFMc3kjYpgG8maZD6au4pYGHLG0RMRShHyxvBWRwx3y DnhUrNJQ3i3vhqdUliFKUfFJY45PWnJ80hzxyTh4HkSU0pyjlKbyEfkIyqv4pKV8XE7C3smI T5oiPnkCran4pDHHJ6HIpCFHJq3kTDkTdracDasik0yOTPrI5xCZtEZk8jz8/5DzKZ0jk9Yc mbThyCQTkclL8CyUL9M5cpFchJKvydfgV/HJuXIJ4pNW8g35BvYuR2SSzjFJJsckfeT78gPs /VCugF9FJm3karkaJVVMkik/k+vh/xwxSRvEJBvR2iZEJnU5MkmXW+QW9KvikwyOT86VX0hw PFYHTGM90hZyt9wDj1IKTJV75T7klV5gE9YLTGW9wDTWC0xlvcB6rEdaVx6VR2GVdmCadCUY ICsINgIxBwNkHcF6rE1al9UEU1ibtC5rCjZhTcE01iZt4Y/wR8Kv9AWb+GP9sfAolcFmrDJY zx/vT8RepTWYxlqDTVhrsBlrDTbyp/pTsVcpDjZhxcFUVhxs5M/351MDjsQaIxIbzZEY5oP/ fv/9iNDGIvpqzNFXG467+iDuehz5Sf4plM7RVxv/k/4nkVfKhU1YuTCFlQvTWLmwGSsXNmHl QoO0pP3Jo0B+pT6ONhMN6oc0CGkI0jCk4Uh3Vb5qxXPxGkS6D2kc0gSkSUhTkWYhPYs0H2kh 0mKkpUhvI32ItAppHdImEqPe50SDtnMSo1YirUV+N9I+pINIR4jyBJKDFIEUh5SIVD80hrwm v/GaFmorLyOcVJ32SJ14H+V1Q+oZGi/XmRX6jHm9ka5G6h/yh1/FqA2ctOIFSIuQ31bpC6Vd SHvD+bVIB8L5n0JpNIWThSSRYpDikeqGyo5uxOUpbzDSTaHvKa+w8jsPlW3B5ShvBFIAaRTS mPBnGB/qb3R6+LNORJqCNC28f054f1Y4ZcOH3zFPfZ4lSMsqP0voMy9CWoK0DOldpBVIa5DW I21B2hF+3VPltaL8fqTD4df14XqHq+w/RjTYQPIiRSHVRkr+5VX9foNTkZqd8qsY3fWX30p9 tsGtwr91TVNi9cTze1yoH55XiaFy3G/VlInU4ZfXyjZC7YrRF8HfGalHeP5h3+BLfnkd3Afp WiN64JaCnqUrB91XRGwtthJ2XFEM7ISieNhJRXVhpxY1gp1V1KJ0papV1n/Qs0XpZYMH7ijo Xbp24J6Cq0s3DJpflMU2uzK/sKhr6Qa1t+ymgfsL+pduG7S46KLSbaF82B4uGFy6a9DSosvY 9oV9m/Nvc/7Don6wq4oGwa4rGgK7qWhY6S5Vq6wQ9ibkjxUUlu4dtL1oOOzuortg9xUFS/cq f9mIXKNgROmBQQeL7oM9UjSuLJDrLQiU/pQniiawncR2KqyT1w02omgWbFzRs7CJRfNh6xct LP1J1SobldekaHFwam5UwaggvtmipUHKrV0wJmgpWzYmN7lgfFDmZRS9Ddu+6MOgVJ6y8SF/ 2KYWTAzG5DYrmBKMz+tUtKrSditaF4xX/rKJYduqYFqwbl7Pok1st8P25vzVRbth+xftgx1c dBD2pqIjlbawWJRNyRtR7JRNy80smBNslBcojgg24tZahD2jiuMqrPKUzcntUDA3mJ43pjiR bf2KvPKXzc3tXLAgmJU3vrhJMEvlyxbkdi5OQ75HwaJgdt7E4gy27SvzU4o7wU4r7gY7p7gn 7Nzi3rALiq/mfP9gtqpbtij3koIlwa65fQqWBS/KW1Q8uNIuKR5ctiRvWfFNwYtyry14N3hZ 7sCCFTyGQrYjKvPvFgcwkhsK1gT75q0oHlVp1xSPCfbNzS9YH+x389KSUWzHsB0P+3bJRNgP S6bAriqZBruuZA7sppK5wX6qVnng5u0lC8pH5RYXbAkOyr2jYEdwyM27SxbB7itZwlblD5Ys Cw5Re8vH5I4s2BO0bj5S8m7QyhcFe8rHh2zuPQX7g8PynZIVbNfARnA+gvNxJethE0u2wNYv 2QHbpGRPcJiqVT4R9jDyYwuOBYfnp5Xsh80oOQzbvgQe5S+fkvtwoRG8K79TQNluAW/5tNy/ FnqDwfyegShl88dwvjZs70Ay7NWBVNj+gWawgwOtYG8KZAaDqlb5nPzCQIfyublP5m4L3pc/ ItA5eF/ujMKo4DhlRzfKfaawdnBCfiDQA3ZU4JLgBOUpXxDyh+3zhcnBSbkvFqYGp+aPCfSp tOMD1+LYgb98Udi+WtgsOCt/YmAg2xsq81MC+bDTAsWwcwJ3wM4NjIRdELgHdlFgbPmS/CWB h8sG575R2Cr4bP6ywF/Ll3Fr88OedwNPwq5QVnnK381dXpgZXJi/JjCD7TMVeeUvX5H7fmGH 4OL89YHng4tVvnxN/pbAi+Xrc1cWdg4uzd+Bbx428Gplfk/gDdj9geWwhwPvwx4LrAwuvcUI rIX1BjYEl6q65Vty1/4/9r4/qI3szvO1kIXGw2gYhmFYhhCGIQwhhBDiEI4lhBCGEMIQlhDW SwjWqH+o1d0SUqvVkkFIQhIyIT6K8XoJ63Mcn9fnoxyHclyc43COQ3w+1stShCJeH+viKOKl COFchHMI6yOUc9/3JDHYTjLzx/53V9/6fvT8+vXr9+Pzvt/ve+62bbW+qSOLtgbfjJjcdf8p TOta880cuW9r9s0fWbMd9i2ImV0bBLf20jldO76FIxu2Dt+SmN+N9rCoW+dbOrJlY3wr79yz Hyd4AnCZpFftI4AP7GcAH9rPAz6yXwR8bL/sW8F3+W+atPar/ttHdmyCb92IbHbfpumg/Tpg MsE0gpn2m75NfNU/a9TZVN+2UWe/jRGnTTn2Wb/BmGTz+nZN+fY7BO89lS6yLwMesq8Cltsf AFbZH/p28V3+O8YUW9CvMabb+v16U639EWCD/TFgs0MLeNhx0K83ZtkG/QZTB0HGkey/Z8y1 nfSnmgRHGsFMgjn+VGOuIx/SdkcRoOo4BOh1lON8KL9sCjqqIKffUetfNRbYTvkzTIOOBsCT jmZ/hrHYdtY3j9H/wHTKcdj/0FhquwDlzzo6oIZSB4MRcpaj+TGssF3yZxurbVegbRccAuAl glccdhgZnP/IdM2hgvckaWOd7Zo/z3TD4SUY3MNbjn7Aaccg4JzjJOBdxynARcdZwPuOC/7H pjXHpYAW6rnhLzRmOa4AVttuATbapqGdG45rgFsYSc6yscU25y8x7ThuPIk4PwDbVsctfx6t c0wHko1ttrv+MjrJMecvw+lAmrHNATlGo22R9CuK9+NpOsWxBpju2ADMcmwB5jp2AAtkBFgs 66Dv+N5HRs52319plGxr/hq6VE56CivkFH+NUbZt+OuNHtuWv4mutp/AKKfvYZ2c5W8y+mw7 /la6Uc4FbCHYJhcAGuXiQCaOSQI5NCeXQnwCsUEgn5bkip41WparAT1yXdSDB4qwHwwcon1y oy+LDsstvizsiQLl9IDchr2SbAQEXxOooodkzldKD8sS+BdYL4Fa+rQs+1YwbwMN9DnZ49ul R2Uf4JgcjnIs0IznN3CYHpcH/HnGOnkIEMYh0EFPyMN4TOTTgNGeTsrnAKfkUX8T8Tir4qHu JPA+2PI/EMu7U3ySWNWdDljbnRWzzw+xlet7JDZ05/rOHbnWXQCI7cxjsbm7GNuc7lJAsCQR rXi4uwKsR0d3tW+BMH+ZnpHHAgw9L48HBHpBngjY6SV5MqDSK/JUzyK9Ls/03Kc35fmAF8os QJlteSkQpHfllUA/o5HXA4OMXt4MnGQM8nbPxpEGeddXzaQ6NYFTTIZTHzh75LDT4Gtksp2p gQtH8p0ZgUtHipzZviwmz5nnv80UOgsDV5gSZ0ngWjTeYMqcZYEbTKWzsmcORxSBW0yNsyYw zdQ76/EsOJvinp1pcrYSbAdshbbNMe1OU+AuY3LygUWGd9oC9xmbUwmsMYqzK7DBdDkDga1o TPuOxhmBKC4aR5EohQk4j0PsSuJGJuI8AXjcOQJRHObGzjsmJyBzwnm+FzEjzou9OuaM83Jv EnMelzyidV7t2WIuOq/3pkQjN+Np582eOeay8zascRKjMledsz1r72Q47/TsMNed9+DpvHMZ xuGmcxXwtvOBL5eZdT6EGOyi8xG0547zMeA9RRsYNG4rB6H+ZSW5N51ZVdICc3gEerOYB0pm lNu9ucxDJQfqeaTk+0qZx0pRbwGrVQ71FkcjTPagUt5byiYrVb0VeF30VrNpSi1E6RCr99ZF kc1UGqIReG/jPmwh2EaeYiTIsTlKc88am68c7tlgi5SOni0cUfdK7CGFiaVlgh68vnp9sZGE eLg3THAAt6p3iC1XhN6haJrgMFul2H0pbK2iQjwMUXHvabZB8UZj4N5z+3AUIlXFl8s2K0HA wxhx1No7FkW2Q+mPRqq94yyjDPqKWUE5CQj5kGNXTkWj1kDVe9g7gVd97yTBqSiyqnIWYlGI SHtnWK9yASJPiEt759mgcsnXyPYrVwDtyjWIOWeVGxBb4nlZiCI7qNzqXTLlKNOwurFlNrAn lTnwnjnKXUifUhZ7V4xZyn3sEZS13nX2rLLhf8heULZ6N9lLyk7vNnvFhXp32WsuXVATs+3E ehvbXElBPXvDlQLW2ONKDxqilpC95coKprLTrtxgBjvnqA1ms3ddBcG8aAxgElzF4AuIl2EX sd2O+mj2vqs0WMiuuSqCJewG9rbslqsavB5YrWCZac5VFyxjd+x3gpWmk65GfwaHXC3BjJhf vuBq8xs4ncuIYwkX51vhklwS9uku2bfLpbg8/lQu3eWD5y66wth/ucAGclmuIcjPdQ37U+li 1+m4p+AKXOeCNVyxaxTaBrFEbwpX6hoLzOHeBeu5Ctd41NL673DVrgmop841CV4AfG6wiWu0 XQm2Yj8VbOdaXFNBE9fmmgnynNE1H7ThcQsqpJ4ujnMtBAOc5FqCPQ7Y8GAkGu1gDHREMR7V 2NTgcYzRnOAJgiO4DcEzBM9zsmvFr+E8rnW/nvPhaARHJoEOLuzajKbB3wHCXeALghex1Q1e 5AZc29G4Ing5htCLQDM35NoFf0HSpF8XuWFV48/mTqt6iCggrghe5c6phmgUAa3aw+CI6YKa 6i/kRtUMwDE1O+rxoR7A4HVuXM2LevngTW5CLfSXcJNqCSDkQ86UWhb18sHb+3AW+6ngHYIj BO9xM2ol+G7w4MFlbl6tAU8Nfjy4yi2o9f56bkltAlxRW8GLNart/lYy5g8IPoyNzLpq8pdx myrvr+G2VZu/idtVFd+KWaN2BR+JTHdd5KAodDeGG0V7dwug2t3mGxK93UYfJwa7OZ9O7O+W IslQRoarg92eSJp4stsHV091hyOZ4tnugUiOeKF7CHZDZ7uHfQPipe7TkfwjJ7vP+Xzile7R SJF4rXsscki80T0eKQePOeE7J97qngz1i9PdU5Eqca57JlIb3R0cme6e902Id7sXIg3iYteV SLN4v3spclhc616Bfdxa9/peHL7RvRnpELe6tyG9070buiIhrybCSDqvPiJISV5DxC6leFMj qpTuzYh4pSxvdiQY3YEK9d482HNFdzpkTyHlegsj/dFdnlQAObJU7C2BPRf4+sigcN5bFhkU 872VkZNSqbcmckqq8NZHBKEQlzwy6G3yeaRqb2vkbHSfZZn0tsf3s9E9plRH9pX1wire8XlN e0+/6OUByV5JavTaYMcU3eM8hj3mpNTSvdlbIVR6Fai/zdsVuSAZvQHYZ8EIRC5JnDcSi1VO SJL3uO+cJHtP+BYkj3ckckXyec9ErkX3g1LYez5yQxrwXozcwnFOZFoa8l6GPTXsrCNzBO9K w96r4DVgBw3+AjCyiNFP9tSR+/gpkbUoSqe916FH52DPJUuj3ps+D97/RjakMe/tWHqL4A6O l46h2EjC7vWYLobQqmNJ0rh39lhSNE0wRZrw3vENS5Pee7B7hT3ssXRpyrsc3bEey9qHucJt 7yqM2Iz3AeA8RrzHDByOorTgfRjdVx4rkJa8j3zj0or3MSDkQ856jza6xzxWvA9LcRR3rIJg dRSlzZ6DsHOE/eOxOmm7Jxn2ibCLPNYo7fak+eatmp5MQH1Pjm/BaujJj3TgeTnWQrDtyGBP UWTDmtpzyDdhzegp981Ys3uqoGReT62vzaxXA8HHZO9A/BGxXbBnMRvUSEhrTlWPhw4adeqJ 3hRzhjqCfYd6JpRszsYI6fOhNHOeejGUCXh5DwvVq6Ecc4l6PZRvLoO79NE9nblSvRkqMteo t0OHzPXqbKjc3KTeCVWZM7D9JPjI3Kre693E1jJUS7DBFFSX/anmdnU11Gw2qQ9Ch42l6kP/ splXH4U6zDb1cYghKGA7GbLH9laAIdWsuLUhb3SfZe5yHwwFzQF3cqjfHHGnhQbNx92ZoZPm E+4cwBF3fugUtpmhswQvmM+4i0KXAA/5Nebz7vLQFfNFd1XoStSnmC+7a0PXzFfdDaEb5uvu 5tAt80334dC0+ba7o7eCWFG9edbN+DjzHbcQmjPfc9tDd83LbjW0aJTcXn+NedUd9FeaH7j7 feNRD4UxdN/oA28IafdgsCsaubHJ7pOhNfND96nQhhG5z4a2zI/cF0I75sfuS8HH5kL3lVAO r3VfCxXxB903wohPdt8K6/g093Q4ic90z/mG+Bx1JJyyvzY+3303nM4XuRfDWfwh9/1wLl/u XgsX8FXujXAxX+veCpfyDe6dcAXf7EHhav6wRxeu4zs8SeFGnvGkAAqe9HBKDO2eLN8Kr3py wy2811MQCvJBT3G4je/3lIaN/KCnIszxJz3VYYk/5akLy/xZT2PYg+c37OMvGD3hMH/J0xIe 4DM9YPP5Kx5jeCg6d/w1Dxce5m94pMAgf8sjh0/z0x4P4JzHFz7H34VbR/lFz0Aw1VjngR0W f98zDLjmOR0e4zc858Lj/JZnFHDHXR6esCDPWO+SRecZ9+ksSZ6J8KQlxTMZnrKke6Z8kiXL MxOeseR65sPzlgLPQnjBUmyb662wlHqWQuWWCs9KeAlKrkPJas9meCX6FEudZzu8bmn07Abm LC1HNeFNo47P921b2o7qw9vGiqMGf7bFeDQ1vGvhjmb0aSzS0ew+vUXmvX16Y8tR8M4Wz9HC Pojljpb4Wy2+o2V9qZbw0cq+DMvA0Zq+bMvQ0fq+PHPJ0abeTYx9hdFdv2X4aGtfieX00fa+ Mhy99FXiKKWvBp+i9NVHVxw5wTgeO6l4cnXciJ0VkJOBvibLuaOmUD72732teA/e147Z2GeK ng4R+/DIMqqOQP0kErOMHeX9d8x5R23+O7HTG3KuYhm32ft488OjSp8tuuu3TBzt6lPwXAea kQa9Sm1S/xsh6rfUNtJQO9TvkJb6vYZCOs0BjQ49p3lek4Se1yRrXkIvaF7RpKEXNRma19BL mhzNG+hlTb7mo+gVzXc030GvJtQlfAmlH6g98EWUcUA+4ESZB3564KcoywCCPmzINryNsg1N hnbUaDhi6ENfN7xr+AkKGm4bHqAfGDYM2+gutOYvkJb87wcG9CJ6Dr2EWtDzqBWZ0FcQg76F 2tG/R4MojIbQz1EE/RP6BZpG/0IdRP+DSqJeQL+nXqReoSgKf+Okx+9NUq9SbZSZyqQsVIQq oPqpk1QdNUJ9h/oa9V+on1FfT/h+wvcpVatoXZRbG9AGqaPafu23KK/2Xe27VED7be3fUr3a 72r/jgprx7SXqW9qr2p/RB3X/kT7E2pI+9+1f0+9S77HPKmd1/6c+rZ2SbtM/a12Vfsr6rT2 19pfU2e1v9X+K/Uf8Vt01PkDLx94mfrPB35+4DE1qjugy6Xu6N7UvUlt6T6qK6J+q/uMrpz6 Hf7Cg/q97gu6Go1WV6t7W6PTfUXXrjHo3tExmkwdp5M12TqXzqf5uO6bukHNZ3RDutOaz+q+ q7ugqcdfTmiadWO6f9R8VTerm9U4dHO6BY2sW9Qtarp1y7pljVf3S926pge/j6Xp1f1Gt6WJ 6LZ1jzX9iSjxBc27iSmJr2i+m/hq4huav0vMS/y05nLi5xMlzWSiM/GE5kHi3yT+TUJS4rcT Tye8kPi9xLGEl/H/q5rwauIPE68lZCZOJP40IQu/D5SQl/hPiQsJhxLvJa4mlCX+KvFfE97S 5+mvJLTof/Pc6wm/MPzO8Dst/l5OQv2ASSgLf21cfTmmetBClCeZ6h5JfE3dl+7WFEs2SZG6 6palgBSpkZqGpKvSdelmzYR0W5qV7kj3pGVpteFgQ450vEGVTrxV/xYvjUhnpPPSRelyQ85b NcAqLXB8k3D8t4iifk/9HmmA0ckoAa59iLyJijTf03wPUZrva74P1y5rfoASND/W/BgdIG+i 6jQ/0/wM6cmXYM9pfq65gw6Sd1CTyNunL2h+ofkFMpD3Tl/U/Frza1gd+M3SlAQqgdr7X4MP JOhQGvlyLD0hLSEN/VlCekI6yiBvir6WkJ+Qjz5EvgrLSqhIqEDZ5Buw1xOqEj6PcshXMbnk nY2PQPuTqBQychiReAt5xVvitDgn3hUXxfvimrghbok7EhK3JJ2UJKVI6USzpFypQNyQiqVS qUKqluqkRqlFapOMEidJkix5JJ8UlgakIWlYOi2dIzoqjUnj0oQ0KU1JM9K8tLBfrK3SkrQi rUube7It7Vo1Vv0+MVhTrRnWbMjNe0LarXlQttBaYi2TduNirbTWWOsBsTRZTdKmlYeyNqvJ qli7rAFrxHoc6syznrCOWM9Yz0P/qeekmNXA36y/RMYkHSQBZYJoUR56Ex1AhSCJ6BMgelQO 8hyqADmIKkGeRzXoLfJ2+ZfB6uDvLl9Ef4XaUDLqAEkBu8OglxEPkoqcSCFfXHaRby395I3y EMoAe/Queg19G+RD6D+AZKH/hC6gD6PvgbyOxkBy0I9A3kD/FSQX/RjkI+i/oVvQvmmQfPK/ YX8ULaB/RgXof4IUon8B+Tj6JUgReoh+A21/hP4P+iR6DPIpSkMlokPUQbB95eT98T8H25eM Ksj745VUFvU6+hz1BvUG+gL53rMGrGET+aKzDdVS36CM6IuUiTKhL5N3yRvI151vUxIloUaq k+pEX6FclIqaqB4qiJrBdkbQYbCe30R/RX2LOo6+Tg1RQ+gb5OvODrCk19ARaoKaQDQ1Sf0U MdQU9feIo/6B+gfEU/9IzSAL4a8IViAfSfoCfQHqJG/n2fWf1JcgB3kjz6kv15cjRV+pr0Qu 8iWRSt6/c+uN+nfQUT2tp1E3zO0q2ibcL8X/soQwDjoBOgk6BToT0/mYLoAuob8UJoRJYUqY EeaFBWFJWBHWhU1hG3BX1Ih6EIOYKmaI2WKeWCiWiGVipVgj1otNYqvYLppEXrSJitglBsSI eFw8IY6IZ8TzIBfFy+JV8bp4U7wtzop3xHvisrgqPhAfio/Ex1K/pJUOSslSmpQp5Uj5UpF0 SCqXqkBqpQapWToM0iExkiDZJVXySkGQQemkdAr/D6IHTAcs4AS/Yegg/77CW/9m/H4b5EXC 8mTC8pcIy18mLE8lLH+FsDyNsDydsDyDsPw1wvJMwvIswvIPE5ZnE5bnEJa/QVieS1j+EcLy PMLyNwnLP4pmQAoI1z9GuF5IuF5EuP4JwvViwvVPEq5/inD908B1DSol/P4M4fe/oz5EZQHv MbMrCLM/S5hdSb6P+BxhcxVh8+cJm6sJm78AbO6BNeCn/LAG8FcSXyRsriNsrqf+mvprWA+Y 0w3k+4i3CZsbCZubqBngcTM1S82ir+q/pv8aatG36dvQ1/QWvQV/r50cSB6AeUqCsX8eUY4O 4F0JaBloJWhNLK8etAm0FbQd52lfEg45SsX5P62kzIJ8Ryh3VAhVjmpx6UnFeUKto05cAV2X 72EVGhyN4uafVlxGaHa0CIcdbeL2e4r/LHQ4jOKuwyhp5GWBcXCS/k8rKWOQVwXBIUmpDkmw O2SiqsMjZYBmyzaSzpMfSIXyQ8Hr8AlBR1gqeU/Jn8vkR0K/Y0CqfB+tkR9L9U6tMOgYInrS MSyccpyWmqKK07hvUut7Svp61nFOanecw79ELzhGJdP7Ky4nXHKMCVcc4xL/pArXHBPxever cMMxKdneU+GWY+qDqL1DPSVMO2aEOcf8H9S7jgWsdkY9i1VYdCx9IL3vWBHWHOvP6IZjE6td cA4KW47tD6J2u3pB2HHsYhWRrCGqk/VY7ap6Cf922lwXRaNsEpNkg5gipz6tdq96RUyXM95P 7UH1GqkjS84mmivniQVy4RNaLJc8o6Vy2RNaIVd+YK2Wa8Q6uf4ZbZSbxBa59Rltk9ufUNzv D6CS4jwocjIvSrLtDypck7qcyVLAmUbKybLygdQjd4k+OfCM4voioMedmWJYjnwQlU44c8QB +fieDskn9hRfHwE948wn6fPOIumi85A4LI+Q9j6l0mVnOUmfls+8n0pXnVXSdWftE3Wck88/ oaPyxWcU33vT2SCOyZel285m8jvrPPyH2vNHdVy+Kk7I15/RSfmmOCXffkZn5Nn9Kt1xdsRt +35bHLeVezbunpPZs0HLTmG/Hdnjyf55jc9LfIxWnfa9sX3gVPe3idiSfrApsPbtg1EbYD8Z Xb9kXZ2SM4jfAL7bz4JeUG/E+Wy/BL/wHHxdeuj0So+cQemxs9+qdQ5i/2I96DyJ83HfrMnO U9Y051lsX62ZzgvYTlpznJes+c4r2AdYi5zXsG0nfQa+Ww85b8Tts7Xcecta5ZzG/bbWOufw WFgbnHex7cR1Em12LloPO+9bO5xrVsa5YRWcW1a7c8eqKgiPL/FBeCxhDK1e8JMxf2YNgv+J jbO1H+oZVHS4DnLtpJJkPaWkYL+z52v3zdFenVhjPiXuC3CbsG+0nlXSSdsuKFnxeSblse2H uSd+GXwe6dslJRfnWa+ADy+PKvbXeHyf0IaoX8b+ivhjeE7cF+NfosAf0renfCx5Fqj1msOH FfvYuF+Nq/WGYwjrno/EPjPmG/f7yid8ZMxPxtV6C/wgzDHxfeAPrdOOCayEt9jP3Yjqns0C tc4pBeT3rlJsXVRKST7YD+t9pcK6plRbN5Q665bSSPLxGsa+BK9bWEd4PVl3lBYbUtqwLbLp FCNZF/F1ELOLhFtQD7ZztiSwTbE1QuYL7Ba+P24Dn1lbT62rPfsSbz/Uge2mLUXh8Jzb0hVp 735cHtabLUuRbbmKB7fbVqD4bMVKmNhw3B/og61UGbBVKEPkvvezP7F22apjdjy+xiP7ysTa TPr6lD3e6w+2w3H9Y8/6I/bUVhf7bZQv4z7t6dN2cr+txPYxbiP320QoS+rBZfA1GANbi7PB fkW9Zb+mTmPFsQ2ebxLX3FDnSB7YLNu8y2C/pd6Nxy/2aXXRFlYmiR2DuMM+p94nMQXYNNuY sm7zKRPxmMB+V10jNg37fxw3YFu3qG5gH22/r27Z19Qd26Sya99wI/uWW2ffcSc5kDvFoXOn O5LcWSQmi9lLci+OzWJxE4l54jEKritWB77mSHHnYnuJ27UX28XjsK33bDDReAwTiz1wXTge c6S7C3C848hyF8fvJ+WhP+TPMF5knUDfHLnuUpKH48a4xuLEJ/TpWDAW+z2hsXF9Oq7bUxyL xfXpuC4eo/2B2MxRENX3jc1w7LU//sIxVzzu2hdj4baSe3GZ2Jg8s7Zg/dnalOFn1pVROR2P sWyccs4mKaPYFsXL2WRlDPPa5lHGCZ/idgCXwWsO+Ed+B5Qp25AyQ9LDyrzttLKAdf96s51T lrCNsI0qK4Sf48rmM3EMqG1C2SYKfMRK1iG2W1MuDfmdcenjaxCvCduCK9W25MrYW3/YBq24 somtWXfl2TZdhbZtVwn2PXHF/cV7LLL+oM+2XVdZp8ZVSeoG+9Gpd9WQfsbKdxpc9Z2prqbO DFdrZ7arHduizjyXqbPQxXeWuGydZS4F+z/iA7F9gpigs9LV1VnjCmB73FnvipA9C/jCzibX 8c5W14nOdtcIHq9Ok+tMJ+86j/cJnYrrMh6nzi7XVVy+M+C63hlx3ew87rqNY0Bs/+O2ufOE a7ZzxHWHKNSH/QzmducZ1z087p3nXcudF12rmGedl10PiA2Deey86npIrl13PSJ13HQ9xra8 87aq7ZxVD3beUZM776lpnctqZueqmtP5QM3vfKgW4fHtfKQeInYM9/+xWo5/7Vq1CvPBflCt tSerDfY0tdmeqR7e4w/E4Dj+sOeoHfZ8lbEXqQLJj9lc+yHVbi9XVTJ/sE7sVarXXqsG7Q1q /x5X4/uAuI+CtL1ZHcRl7IfVkzgPaRBliBiGEPr/f4Py/9DfoDxAD9/7ewBmG0lsBpvN5rGF bAlbxla2aNkatp5tAmxl25ntqLDZWFkTyzO7UWFtrMJ2sQE2wh5nT7Aj7Bn2PHuRvdwyyF5l r7fcYG+yt9lZ1hCTE0TvsPfY1Jgss6vsA/Yh+4h9zGm5g1wyl8ZlcjlcPlfEHeLKuSqultXE BUo0cM3cYa6D1UeFYziBs0M5lbQQtwiXxNfw8+AJ+Jz/hYvA7S/9m5yDvg1r4ysgL5Fz0BRy DvoyOQd9hZyDpiEeCehVJIFkkNPQ18hp6IfIaeiHyWloNjkNfZ2chr5BTkNzyWnoR8hp6Jvk NDSfnIZ+lJyGFpDT0I+R09BCWHMzqAjNgnySnIaWkNPQT5HT0E+T09BS9Ev0K/QZ9L9AysmZ 6J+TM9HPkjPRz5Ez0SpyJvp5cib6BSqLykI15Ez0LXImWkvORL9IzkTryJnol8iZaD05E/0y ORNtoHooP2qkeqle9BfkTLSZnIl+lZyJfo2chrbCSv8h+kvqR9SPUBs5E/06ORP9BjkTPaId 0H4LGcm/NGjSXtP+CDGwrqcQp13T/grxsH63YSwp5EG+97hKQ4/pu/QifZ9eozdAtugdGHgd k8SkMOlMFhGOkRiZ8TA+kDAzwAwxw8xp5hwzyowRyWUKmGKmlKkgUk2wjmkEbGHaGCMWzBvN x4A3H4/xJoU8HzNGA3P0JrAHc0UL418C7MFc0RGuJAJT3gIO4TPz54AdbcAhzI/nCT+SyDn5 C9AvEZiE2ZAMXHgX+IR5kAIsuAB8wgxIRT8AeYUwII0w4FWY/1vAW3we/mcw5/8MDMOz/hqZ 9UxyBv4hmPl1lEXmOJtKhjl+ncxuDpnXN8iM5lJHKCP6CJnRN2FG7SifUmFGC8gp98eo4zCL hWQWP05msYicaX+C+iF1DRUjSl+qr9g3HwXal+iCp4XpYgJ0MV0aFyaProhJ9dPCROg6ujEq zHG6hW5hTkDOU8KMMGfoNhAjCIeFOU9+JVqOC3OR9jwrzGVSg4f2xSQcFeYqPUAPMNcBh54V 5iY9TJ/ek3O4bExGYzL2tFjGLOP0OD0RF26TnozJ1NNimaBn4s+yTNLzIOcg5ylhD9Hb9AII ft4SFj6fMcDvCrmDCLvxbO30FF9LapiKjyy9HhXLFL1Jb1pGAbefFcsM9G93TxoZzZ7oo/IH Ruo2M8sYmNQ9ucNkELn33kjEhVlmspm8uJAZX2UKn5IHoA+ZEiJlII9i+Y9ZLWDlXo8aaR97 kKl5Vthkpp5NY5qYVixsJtMeFTaHsUGOiTGx+YxpXz17whbR6wy/JzZGiUt09OklmBHgN1tO uFvHVrG1mGNsAx4Jthnzgz0MqQ7S20KWYQXSIoH0NVoTZso8maUZy4JlibBhhYz+OhnpB6wd 1k4xjF8pXcGq9CjrhVE2sEFoXz87CFw2sieB7x72FKNhzwKXh0z97AWmDJ47CDwJQ9lL7BX2 Gr3L3mBvsdPQYsz/IXaO9NIIM3abDrN3oUQju8jeh7rwqiU9IiWjawXPbphuYdeg/RvQ5y3I H4BypbDqBtgdSBWzHRyiKzgdl8SlcOlcFpdL1nJLVLgCrhivV66UqwCp5upgtUrRFcs1ci3k afAkro0Oc0a8JjmoGUpKnMx5OB8Xpoe5gdj6wytwlBviJOCagfAtA64OM/VMGXeayeDOcaPc GNPOjcP8wmyxg9wEN8lNwcgVMjXQpmFmlpvh5qH0AsgSU8JNEAbiXpK5wuVAgDF4lLgV0HWm BtbwELcN+Qq3a9ZwS2a9GZ5tTjVnmLPNeeZCGGvBXIL5bi4zV5przPXmJsxxGFky5+ZWNh/Y VmZu5ySzCYQ325hKLHBNMZeYu6AH9UwrXAkw7eYI5imgyXzcfMI8Yj7D5ZrP0+vmiwxvvgx8 tOG+ma+ar8MzTcBQBffPskmPW7Z5BizDpGUX5mcJ+lMDfBkSNIIerMCoYABLMcUNmx8IqXQ6 PWGaNjcJGUI2XtfAGRgtIU8oFEq4UaFMqASGYsuxDdYMj86oZcIyES1BD/FzQg3Uhe0dYTAp GbUywGCoa16op4eFJnpMaKWnGA2Um4D2bArtkBo3twsmepItN5fw5QIv2ASFWMGYJRO6LMSy msss85Z5ISBEwM6tRG2dcFw4QZ4GTxJG6HXhDLZmgJvCGeG8cFG4zKcJYNHN7VHLRWyX3rIu XBeOM+3CTdwS802YJ8yddvNt8yzmT1TYQWj3lPkOtknmezDHy0wTzM4q8KoQ7EGh+QGM9Xnz Q6bS/Mj8mG7ktTzYHXqFT+bTTNOmaT4TZvA88GaT9vA5fD5fxB/iy/kqxsQt4XGnx5kyvpZv oDf5Zv4wt8J3wOoZAAMjMDZ4/hL4x1W+ClawAWyWCa7YeZX3Mhl8kO/nB/mTtI/R86f4s/wF ep6/xF/hrzEG/gbUauBv8dP0AtS8xM9BmwzQlrv8In+fX+M3+C1o4wzUrac3oeSOBVl09IAl CaxNCqylRuBNOtxTCFwps2T9X/bOBbrK4trj3/leiQhHxBQhBhpTRARBDEgBuaAUgeQ8eBQq RSoREQmiTZEiIhcR0UaqSChYRF6lFGMMqAjIIzykvKTIqwiISFOgSAGDQopIIbl7/+YLRJqu 2nXXXeuude86a//Pzp49e2b27Nkz853DQeL3ZHaDBxcObvTwyYdPPjTx4eIHDw7ald04u3l2 A/GDnd0qu112x0Fbs7tmx7N7ZffNzsoelN11YKa8Dx10NntY9kjRHjN44sPbssdnTxg4PHtS 9ivZM7LnDp6Ynf/QQE5TTf//hvl/6IY52MrhWw219X+Tycq3Qg/YVlLWPHkVyOtteS2VV1FW UV95Za3LWtd/X/99WZvltS1rG7Ld8tovL5UVy+uovKRen5I+JVkn5XU6S++wdjge7iZt1ORG Y3GjsbnLOJx5Xe4yHrcYnzNvAreYRG4xV3FzuZqbS3XOvGHOvNdw5q3JneVabivXWaGaA2s+ xpj43mFWSyuUFZX3tvLe07226/yszt+GMjPlvVBo0T+hZYYy+xnquvpb0nqhLVXQDkOZw+V9 z7ejzLHyfiCgQwEdM5Rx0LxnThOaJXyJUOk/UmaBvJ//15S5VKhI7FoB+ULVv0mM7QrKqHUF 1fk3qL5QgyqocRV2lZpfQa2+HcXF7xnthDr+E+pqKL7HUEb8W1Ivob5VUJahuMxbxqBvR3GZ 24yhAQ0LaKSh+DHzHiuW911CY4TG/yPFJQYyJvxripcGNiYF9IrQjCtobhWUfwUt/DdosdCK Kmit0MYqaOsVtOvbUeZRed+XxfqokqQs86TQ6UDvyLek40JfVEH7Aptl8n7221HElfcLlynT vkyXdGoG77WFUqQs8XJblSmSFrQf/tcUaSTU7Jv1M5OuoOQqSOu2lPdUeW8bvN9VdX/+GWU2 FLq1CkoXal0Ftf8mRTpXyt+V821FvgzyWCSadSm/RHpmfTN/VMRJ5XkN/H3JR30q+fb+b/bp Uk6pnAMq1nCwtnTPqIj5bnWuiOmzpjwyUGiIUI7JEbq/REYbuY4pMk4o1+TXLJ0vyZORKULT zR4QmRPk9/Mm3iPik4r8HJE9LbLIjDeyLPCD2NR8qTYhtSvzGZG8GBHfRaQPEbV7LPBv4E+t yz5ZsYcdquRnsRO1jA0ti8p+Ea0e9OvKebpiji7tKRXzlGv2xmgt07donUr1z5ux8PeiYO+T v6P1A1lhJVpWBV25L++ogvZU2l8r7bGXqKQSXbG/Xtov/zv7ZP2sb+6FjbMu74GV9rtLOUso 2jF4l30rGg/WmOSPqOxJUdmDorL/RAcFclnDun+wbjub9RSVfSY6zOSi6MhgXQTroCIvamyp Hc1z5KeKNZJr8pbWv5QDr1xbV6yrivxyaW3lBv0fH8z5hMv10Zf1FpW9KfqK6XdU9qSo7kEH g5ykY5A9KLowqPevctCVebwqnYo+V5GPL5UlXqZ/muv+VT5N/Sb9Q56snCvTK+XISvkQ3dRA p7XxgebobhI/3Rob0rONzreeabo1D2QSK7FOwmseC84v3eRsFD0b5DGZ024aW+NNPoup79Vf wZmgW9cgl+n+/0qQ5zT+ZI/uJva6ib2Y9LebxE03sddN4qyb2pQY6zYmyJ8V+XJhcDarODcN u5xHsRXYoI/jTb6kX1fm4Sty8KUzTEUe1nGqLS2TmOo2qVL9CcF4Whl/ceaSsXV7JZC1q0Rd q6Arz4JZVVDg1yvPdZdoTCW68lxXcUb775zNFmd98/y1NuvyuavyGSsrqLuikk+uXFuy/qJb s/5hXUV3ZV06Y0V1XR80uehSvjpi4jp6PIinCrnqnA3iT98lr8SCdReTNRYLG6q83mJJJkfE kk18xhpWcY4Rit0aULoh8qDabx28t7+8BnVNxGSvi3WvtP5EL/Yjs95iskfHBggNNntPBZGP CoyfdMyxx4SGB7ZlHLFRwTgD/Zjc6WLPC70oNDmLXBSbJiR3uNg8oQKz/ymRJ+VMEHtbaKnJ x7EiE6e6F8bWCW0W2hb4a7fQfnNPiB01foqdNPox2Tti54TKzBlQ839Fbo7LHhCvZkjtsc9I bMdrGr/H5QwaTzFxFk8zftR5jDcKypoFNlqaXB6XM2JczodxzT1yHovLOSwu56q4nKfiA41/ 40OCPCbjj+cE7yNMPMTlLBSXM1Bc9oj4xMvxo7lbzwNxOQvF5SwUnxPIg5wbl/NAvNDY13US Fx/F5QwQX10pVivuARV7lPDx9UYnvsXI9NsYNdbV2PD/38b4v/SszG3srtdPVO0t1luWlZAq 1FDoVqF0odZC7Su9dxLKFOou9COhfkIDhAYLPSY0XGiU0Fih54VeFJosNE1oltA8oYKA3hZa KlQktE5os9A2od1C+4WKhY4GbZ78J++nhc4FpPpllpXoGnliNaGaQd9OBu8yhsTaQilCaUZ+ 6b2RUDPT18SWl8ec2FboLqHOQlFjJ7GnaS+xj9D9QgMD+RChHKERxm7iaKFxQrlCE4WmCE0X miM0X6gweF9U6b1Cf5nQ6uB9TlBvdaXy9UJbhHYI7RE6IHTo8rv6J/GYUMm/8V7hi1Ljx3+X mIPK1N2Q2me+igPdY1fQefPfzle8V9SvsHuVL1Q9mG+RX1Xr8vtVdYTqW29FukbikV6RvpGs yCBoaGRYZGRkTGR8ZEJkUuSVyIzI3Eh+ZGFkcWRFZG1kY2RrZJe89kUORo5Ejke+iJyNXIja 0cRoOJoUTYZSow35+1Z5pUdbC7WPdopmRrtHfxSZFO0XyY8OiA6OPgYNj46Kjo0+H30xOjk6 LTorOi9aEH1b/l4aLYqui26Obovuju6PFkePRk9GT0fPRctibqxarGasdiwllhZrFGsWaxlr G7sr1jkW1XKR94z1id0fGxgbEsuJjYiNjo2DcmMTY1OqpOmxObH5kaGxwuC1SF5V8cvktTq2 PrZF+B3Ba0/sAHRIXsfkVRIrjZ2PW3Efqh6vJXtC3Sp/ccEKfnEhkV9cqMYvLlTnFxfC/OJC TX5xoRa/uJDELy7U5hcXrue3FuqGU8O3WzeEW4Q7WU3DD4YHWx3CQ8M/s+4JDw8/aUXCY8JP Wz3C48PPWT8M54VXWr3Dq8KrrbHhzeET1jh+fWH+/+KehUK1Qjl8X2WF/m/yaekBSWZJax9Q p4AyK/FKsmrSfhTwqtcv4AcENDggybppknXTJOumSdZNez7QfTHQV9nkSn9PC95nBTSvUpsF wd9vW00yt8hrR+aezAOZh+R1DDyUWSKv0szzESviR6qbV+aWSK1InUj9SAORNhZ5/UjzSKvM Q5F2kY6yJlmVmaWyLuORLJmra/ilDYvf2LD5jQ0nnB5Ot9zwPeHOlhfOCMesBH5vo3q4f3iA zEN2+BGrXnhY+HErNTwq/J9WWnhc+FmrYbgoXGQ1Cq8Jr7FuCZ8Mn7Qa/w9bD5Xd5/5AsK9E R6jsavhq8LfD3w7fwu0q2NIbjnwA8l/DvyiY7r0D3xXe1L0dvjt1bxNshryl+xh2tG469vu5 LRS9+/S7T94o4ZPcjorezwUXoTNb270If3EVfRiH/BH4FvAt4Fua3gY4CvwZOmLz4p/dJoLF wYiaUHofvWKkbhvGlU3PByvv7INPpNSi1htIHqVuBMk18B2o+wTWrqEnHUAPnVboDBJsDt8c Pt1ti3wIfCssIAdbUJpO6ffdOxW9R+hJWzSVb+GcRsf44UWsFWFN5+I2Nx+5wdZgT3QGYnMp NsUbdg9t0W7qZQk+58nqtkfAdwD3ecMEx6hOyAanok8/bUvRGYTmVO9BwfnYvFYlob3Kh85Q mof+Pei/DJ+EtTNgMfrn3T+I3HY3CPZ0d2sryodOIRnk7hVspzrWWcVQJvg1uErRcdDMwE5v 1Q8dxkI+/AJKu6Bfjn5j+KPgOnAJ+ifcn4pm1Pu98Oc0bm3fWyN8mcpDA7wtgodciQQ7WXWs E94zgn9TDB0NJIJOOnaSwRTqPgTmgde75ZQ+IPx2RfsAfBG4A5zq9tM58k+AS8ECMBcsUUyo I221NDOI5nO+/obKAPgOYI0AC8BcUOtej+Z6St9Gsg/JGCRzzLwrL7gULABzwRJQ9TPQHE0t y6D3qkYF/FR6Ph9+BTg/kBSAuWAJ2EnGstbLJYoGK9L6XvAMdfMCXAoWgLmgWsjDGy+rjjMN fJk+nwGLsVOsfQ6d8LYKloInvJlgDtgfJBK8k2LheubrHJrF4PEAnyEG1mlsICnDQhkWyrBQ RlQcovQQkkOBZIWgw1hu9NYTM1vBHLA/uFORSCg2Maa8RJpa2wl/Qs702geR2G0DlLHYmzRK 7RQkKUhSWN0pallwA7iCyCyUMY4y8YnlSWBeUFfXxePE/PX6P3FLWzPBHLA/uAE8CarNA9Q9 gDd2YG0H/FT42QGq97bQzx4Jaq2GQRNp8PMNeiuZ2RzmUUvPwJ/w/0M9bFB7ZSGRO61iMvId zOwOJItYIw3BVLLQ7eS35/xGgk8j/4xcVAo/WXeQ0F/IaTVMPlTNUDXvYcHryGbjwevxxkJ0 bmUtfATfA8wPcqDsLyHs2wmK/k6dff+X6g2PXOpmqU/8Zcr7tyrvHCO284mTdKJ3K7WWeYu0 rruQXmnpEJPPfc2cTRRlbe5mTe1mHenquAk+j9K/BGN8nP4Mou6b6L+Jn8kw3jH1j6LkakUz X0192R/tEejXgF+P/pggexSQB3J1d2ANDkI+FbwWvIlW9oLlCV11NhMKaVdL79FZlpWrfFKA avOOICfPEr4OMbkTSSq4379B55d8O5t4vpe8vVizqLeLmNyhml4jYi9RJTJ3GsNJms9DW80q lruy7AjMyy71sOSBFcTYClalwQ2slxXgBnYQzdXJWlf8uYZaz7CCniEOtZWfa6+cDC11MkxW ceWsEqrHGu9IrWX+V+QH1W+tvZVIVslRXekS4R/pzkLP04P88wya2so8MA9c59+svP8SK7eb 7jKs3AOUFgVoVqjyvfwmlJ5EcpL+q4db+Ts119Hbmbobhj5kT0ymtxeRv4PP68GnMpZDelKy u7tqf5sbFjymp0e7rqLM1zNkFZ216Yxxlq4153b2wVsUnVRXJPYHWH4NzTNY/hP8n+C7YH+r el5QLWfS58cUrbfhj4P3etUsPVeo/TuZqcZY2Gb2Xz1HyTnhAbKfRvgETi/H3SGMQuPte5RO p+c7aWsV1pJ1pO4f1RsePnG/Yn5H6P7u1FZrzkfKu3fCd2a8JYziK3LFV6zEZPpJtreLtIdO S8Z+VdBb7Uka/K2unF1Dmxj1e66cBkN30bfN1CXa7bbuUF3j1OqlZ2C7l/O54BT3HrHcnnlc 7A7U+LRfE3431j4LUK3Nxs4d2Ex3XcHDihJ19Sw9lYkHnAT88Dq1hoGTiIFjrnpvIRYagb/G Thz+54x9Jn7uyBiHUOsz8ACYrR6TU5aOYpyeWoW/SqOCPehRrA2gn72w43uvaAYIolFHt5L+ nPcbKHpnwI/AVcjTwEzNCebMqZp2c7Ctt5d9RPnO5hSKnZ3gJuxsws4m7HyC/iD0B6nEzkHS DkncnFqVt85qTwQ/AlchT4NX/RrmZEsrqwxyjsrATobWtXvD9za82hFchTwNrIckhfjhvIHN w1grBfPBBWChqztgF2x2wWYXbHbBZhdsdsFLXdSy01g1ncZ4YB0W1sEvgV+ioxCvzqL/iu+a 8SovfZuFnVnUOoMFlbSmn18FuIWVpX3o6d3GatXZecbV0+ba4HagrWxw97BmuR2opmVO8kc4 29flFtAV/ABrdbF/FtwDFlK3D9iZusuQfwZudSVK/TQdl1+g6A5RHXebt1xWOm35wzzdp/rh qxw88DX6YfWqX8C6vp3e7iRODoOTgnvKXmZnIzG5l1nbi2eIT11l4oGGOlPe9YIzuBPZaNZH cyf8eFpvZ+KNuXhDJY7DTDnIM9A/DH4F5oMbOcnn+0dpRSXlOi8yv8ofDZC5hl9mIkclEgmZ zGAmMy73aGu880e5V8a9qxV9ubde3K4r8eJ2T2bZeY2T0hb1idtG9x33IeWdd8BfIc/X85g7 m6yIvpyN9Vz0XepGOBc9gub7et90N2mWdrg/Or31vuzWpPRdav1OMeEG5LWxcAEsRD+LOBmj c+EsUd86B+G7gC0U3VSdIzeN2MhFfw0R9bGiNw+dFkRFsmo6LzCzn8MPofQWSusQLZ2wYO6q hWBX2urAqWA2O2Bn9ZhzmB0kl9y4nl1jo55PnDmcSCeyB83lfDgayXOcakqwsxrcDX4Efoyd I+A28An2po/ZZ5cpeu/DjwGXk13Psgf9Qs9vbhNOcR8H/FKwAMwFS7RUb17ecfyfgWZ1sI3/ Y0FzI+OG6CwPsADMBdXCO2iOpNYSlQiqpLtKvPuJin6cdZ8AI2AOJ8NhnD87cyflBOs2JH5W 0haaTq7mUheJoI7iGJZvCnApWADmgmLNu0XvpP4aYmaTV1tqXY21OeCDIPdTN4mxPwm/NMCl YAGYS6mO60n1lbtK+YR6/qtgH7VPLTdA9Q93BKdQ/eB04NQ3OsCZYA7YHySW9OTmV2Pef4Jm Z82N3k3eJuFPee8Lvop8T4A5YH9wA3ibxhulG5FsRPKCnnWdt3SFhv6Ts3R98D/AJzhbpnIP asPZ9VZOxROJqCeI2Il6DrQ7Y/ld+Ce5vS6mb58i/1TtuBH6f1Al7g0BzgRzwP6grq+btVfu d/UO679uYl5XhH0Ea1eDczghjGUdJXF++BnxP4PSjwOcCeaA/cEN6Ig/3Ru1Fe99fa4oqDrL qbUcPgkPnMVL+70C1kJ9LTXIjfWo3ljdYyrxVmlP3KXwp+Bd4sRFf7R3glkwqLfX7Xp7FW9o VGxzx9I3jVgLfjk9X06pyaLtwau9JEFL58ur6/cQfq7KvRuJ5E/BJ4NcqpmniFyah84E9N9g xX3OOrqajNqaDDwdfqVmYIkrqeWtZV42YpPbqzMZy49irQn8Ur3/yg1XS3PQLFJMXKURnmhx 2/o1lnlmkmCy/R+43eSyQo+zgpawOu4AuR07C7DwOtYs9zmpVYSd97RvLs+pXG7EMhe6hz7E Xfhx5cVCCbibdV0C7ma1loC76e27wr9Ei8vw0gU9AzivkZ02gS59W6l3ZPe34HBFhycnzhb/ ed3vWMV58EvQn03dl1jpuSrxB2s28B9B/j76xWBvcI5/VjGhr+506PxOIyfhBvjaYAusXUB/ Cn2upruDW0ufU7m3ecnEj/K29s07qbPv1mLtjDb3TeKh0NuscaJy93Bwp9YnlgXccdqwrrvo HpHQlbn7iJm6U3m/mldDSs+xZy3XG7FEr+aETlqa0JWdZY6uJslXK8AN5KUVoO6hmTxHaoL8 IPKDyE8hP4L8Y+T9sPYprZib12h2xt3gcm3XK9YR+TyPdRZx457LHjdN9e3f6/1aslx/PPwV fda81Ebv2n4NVn0Jq3u1onhyK3nmNnqiuI3SqzkXXa0nH8mHF1kLM8kYWjoGzA2yh9baS95Y o/du0ZmOfDr9J1/5Twu/lD7f494g+BtFNxX/v81IP2F2RqBzb6Cpkvrcgz7QMbrX6h3Z4amy Y25t+7i1bSYnP4UfUpj3ptzLXiVa6niSi/xEan3FCeEtvY97Q1y5WbgTybGPUfcx6r4In69t 2d+nxQHMy2xu/QMZ0S+44e5mRbhIXtJbuduEft6H/he0SK+88fCj9W7u/BTe6DyKhVbgT/S8 JOdGXZXL3et1X6CHnxHn5jZ9N5HQhbHf5hTJuPqqHX84OErRneMuIHPqiviB8t5IbyS9Un/2 Qsd83rGKbOZpqfO47mJeCDs18f9yevg7vXc7++FP6W3duR2+i97WnTcZyzXaE48V5N7r1hXJ LPo/1jkl+LQjkeAe1095/N9yJnxAb+syOu3PDXpndyZg8/EA1Yc1wHv1nu4tB3+s9wjn7zp2 vzYeyOQOfohaWXpPd74Dv5rSUvrzV3q4CPmXfJaRqp7xG9F6e7A/4x0KtgrOlrqr1qXWVr25 23/Um7vzC/xTl+eHxfTwATCT2XmBeYzorEn0CtoLkKTQz+ncYvLADobnhpLHWsvjppOntyop lZuIdzMn6rVoPgsu8Z4jHyofBiMGsRDBQgQLXdAs4a7XRCVuEyR7kUx3ZcZD1LUbgM9zX/4h 9+Ufcgtrw/3uVb0rSSSIvj0YzY9psTbnz6ZYa6p13U7wzxhE8oxaE1yFPA2sx84unvF2Mroh rtwKnRnYbIN9M7r24FN695T+MwpsNsFmE0ZawkhL1FfuvWrZ7+TtAp/VKMLC2wbxzwD4rvih gx/FV4rduL/v1/u7jCKqz77cnbQbZQV9goUzWIvqbqW9ksyj+Jp7k+D97jiRjySjcl+W+7WW vgCmIGnvjhc+x9W+NUVCvnXrMRefg18qOlsUvW2KblPwGa3rNaOV72AzA2wLzsNarvEVFk6B jfDwk+CjmvESNqkHEuP48xz3vkd4Sv+o8gk+u94DWurdjIe3oNkJ/iHlEzaptcS4nky8Mu6D bRiXiY3WzHIn5mUGfBIW2qHzpj4fcLLU/24ys/A2sXGj7mLOUR2dswC+JvwYdA6CTamVBiYx m7W1rjdXZ9ybh7wFmq8zyy8ob3+OpI3fCpyi8YZmXZ1NiZPnyIGKO7BZCH8TfU7Ch0+pXDTP 0dtzrFA+qS9/wwpZTvkH8Av0s2wwvfx1+FvAXP2UPCh9A5yL/ih4g3XAPOSm7kL4hVgrBD9F 8in8PnREbvco1yeiTcHnwBFgB3AfOEYxZCtapUjSQUvRGQQ/FZwPXhvw+qnBXuqeQZIH3kOt l+GTKC0GzyOhFbsnklPwxn47Wj8Lfkzp1+AqrDnoZIC9kR8OeO1DPpIFSLrAl1OrMfxRcB24 BDyBZhT+HLwPXwbWAQ+VNdaTIf1B3/qbShzjmRQwWSUhRh26F9yO/AB8EbgDHeO9HmV3i4WW Zi6UtzuAs8A5Zhbg00ELnArOL9PT6Vrjf5WE3gLPUPohlqeZ0cFfbzyPThk6N5qxICmmV0fh dwZjuZtxJUrdUdQdrRIL/4SeRjO9LM4optPz6fR2On1TzENyBjyB5EZFy/ApYDJ4hBYbgqng 7eBntGUicDL8X8Dkso6CveCvY2bHm5hUub0Q/tYyvX1/BN8WOVFhJyj6RJr/hKK7HAsX1QP+ o8p7W5jr+cYz5a/pp43o/9LEBtYm04ev0PkaX/XQVSlrqg7xrzjJzPLF07riGOmIAG0wVfB6 sAM4htIxWBujEvGnyjsjTwetAFN1X4CfGqBqxvH23sDzqczCLFD5e1TuvExpKbXuoIcmwksZ Ef4P7Tczwkhnm3iGH4jOYry0y2QP9ZW7G4+Z9ZsEn4Jn1qG/ruwufSoFPwI7P4efqeiwip0M IvAcfsujlNkM1UN+Qn0YukCffbyXzIgS8VKZosSV4XWM+Cr0S9DE4QMBplJ3FnZUfzs2d1H6 Bog/rS8Y9XFwJvhh+XWCFxljNSTvwNeDT2XWusNvo+fHKK2rvGSMfJHcRenj4HRKZ+EBot25 Hd6s9GT1mH0LcrMiPgBfw/JDWHgIy3sCLylvMttW1vV6VutnzAJZJeTi+TuxYzLhNvCv5S3U k/BbTA5EcwKa3zM5kFZ2Imf1uWNZO5vgvyrvIv00+8hcss1H6iv3TvjOyEuw8xU8mdC+CmwC ppk1i84m8L0gO90hyE4R2ozOYrOiQTKAPQUvtUdnN2jyBnFrsy+IV+VO4bD2Q6+Dw0CTKxqB vwZ/jnw4fEdwCBH4JPI3gr1A43lcwKsHzN7RD31yiD3A7CnMpo//64B54HawCCSfh95hvsrh V4LnqbvDzBc8ngydgh8ExvHSWfgalK6CzwB7l53VHiI/jM1J4AKwMFi/pi2N/E1E/llWRG+w C/J18K3RfwZr7DuhDbReRmywM4bI5E5dNFcRLfChs2TjPfCFyPvAm7zK7PsFRFRN8FkyDOcT vz7WTEbqTW+XlM/Qz5iwUF72S8YrGNoInicP9ySTLADvR/M8ebg6YzH7VFKQV1OJbc0M7ZC0 w3vtyCpnkdfAD6sC1NzroJkRoFrIp3RBgKnsO0PxYSr91LyUSulWcAl1u/OMsZRn+Ck8aUzx 3xXN6sG3a/TbKa35Ts5Fni3fot9yDG1XtAv4/HcDd0+eUIX+4uo3c9ZyI+PTFruTf7WudD7B 2aa8/T78aXcfd1U+89LzudXXbqjzok8knMZutrbu/lbPGMrbJe6XGo2Kzml3vqXPl0TTOqAY GkytropeAc80fLCZO1rXJhbyXTn3Ov2wcEFL/V7U6gm25PsJ58BEN1ln3HlKPeasVx3l7bH6 L1zsoYpOjnMQa6JpbVYMpZlaSHYpuicVZRSKc52XdBTY6aRPFeyNxg6lfRS9cVg4Bx4EJ4CL HH2e01jRLnL0dp+q93r7HJJaXl/6qd8iq64Sa5fy1gFF0Vd+s+p77bCTSq3mjn5/r6EzTWff mUvfCvWZNrUWgW2RNFJ9bzW1jgQ90dI+SGY5ozTbIG8foH6PyA2szVUv0belyoeK6Y9jhxS9 Uv3VG3jbtlUSWk2pfgO5RegQ35jVb7V1tycINtWnLnaR/bJmXfsX2nP7d7qulbeft58XHGPr p9u26ofywJ6KziPoTLX5rqM9SfA25wXBd+BvdV7HjvChM2hS176Hui/DX4e1MxqloT/R+nn7 Ol3LtkZFH7sO/ayp8W/zKb/ti+Ru+xpdy/bNupZVPxQHeyhaf1N0HCx0xVpvu67mTHs7NpU/ ax/WXQO+EM0oFsqo+134o+D7IfXwYvpwPPQ90WwW0ieckhdFciGknzJfDJXqXmA317xqj+VT e/1l2ROhYu2PYuhuu7ZK7GW6c4X+onsumAI2UxRrgtZh+ElgrdBBNA/qSoc/EBqluwk2t4fm CU4JfaL7kfbE+gwLf9Oe2BcsS7+F7n6h6CfB/xm+Bt9Ovxr++8jfQiJ23N/4YtPtC3YCTyo6 x8AFil515BcUbRd8CUkjdH6i6O9FszEYpTQNfgB8HzSPIkHuTlBMqA9/M6VrwFIktOL8Af4h +LFgdyTjwJGKIXprt6f0A/hi+uOjkwcWULoB/h34z8Fu4I+RMyLnInWNta3gs2A2+BGaLeEZ l/N3WvwZ/Hr6swc8juS3WBtIrdZobkF+I/xC+Jn4ZBn8E+Bs8BZq/SZBdh//BjM7yrsnwXIz R8p71ZFcgL/LzBGSyWamlHd+Ag4Ac7B2v5kvaiWYWYPHJ/4pM2voLwCPUpqmmFAfyRr6dhua L4JDjH9o/Qf0cK3xiUpkT1TeeAw/u3PBdrSIt0NfUoon7SIsEHXeFHAj+nPAXWAMZNSuibSZ 9HMM+jdhAZ97YfpA/NgNib2r0D+CzpvwHdA0MdYRDCsmvql1E79DPx10umDhPTAJ+Q2MuhGe 2YL+VEpZI+5uajWgLXzrTDHrDh/upS6+dSeAN2PnXXSaYx9/2ndTdzFyVplnYnUwbZmVWN/E HnY+hEfTfoFaJ9D5FWgiBO85w0wk0+6N+GqhYuhLJK/RlonDO8A7wR7U3QHfAgvp4Gfg18if p60H4X+IHcbl0brXCs2J2JkGj+dt8oM7DxwB9kbHtPhH0ETISkofAZkXpy4t/hTE8wlI3DO0 OAq5yWmsQdesblaudw2SWiCZwSEqHKzZJlORVewv0KeuOxx8A8xHbnIjvLMdySb4g7ROXDms Hfs0tYg6z6wmM6JV6FRDfwYSM++rkfcEk0H67JAz/Vxsml4RFe4nIGvKJTZC9Nx/mlpPoX8e npXojgb3IWdOHfzv9UNOjnLJWi7xYJPV3UHgCvRLiZmxxI/JVwUguchjHTnPIjGZs4S6Zk6Z d4eZ8okl5z6QteZMAonehG2KiUSFx/7lEe0+3k5g7D6lLvoOOcppA3bT1i1L7yDub8r006K+ YCfwpKJzDFyg6FVHfkHRdsGXkDRC5yeK/l40G4NRStPgB8D3QfMoEuTuBMWE+vA3U7oGLEVC K84f4B+CHwt2RzIOHKkYord2e0o/gC+mPz46eWABpRvg34H/HOwG/hg5I3IuUtdY2wo+C2aD H6HZEp5xOX+nxZ/Br6c/e8DjSH6LtYHUao3mFuQ3wi+En4lPlsE/Ac4Gb6HuDdQtR+cu+MmU 5sDfjzwBZCz+KfA2Sl8Eh4A/oNZa2k2hh6bnjNedC7ajLqMOfUkpI7KLqMvse1PAjejPAXeB MdD00My4GdcY8CYsMHYvjE3m0W5IDFyF/hF03oTvgKaZ644gtRIpTfwO/XTQ6YKF98AkSqfC E5nubnQaYBnPOPTfeZfS5tjBM/bdyBcjJ3o9EwODsWYi3MTqh8jRsV9AcoLSX4HMjo0fnGHg a1gz83gHeCfYg9Id8C2olQ5+Bn6N/HlsPgj/Q+zQc49WvFZoTsTONHh8ZbOy3HngCLA3OqbF P4JmTldS+giIJ526tPhTEO8lIHHP0OIo5CYbEL2uWRfEvHcNkloga8phHh2s2WaNsx7tL9Cn rjscfAPMR26yCryzHckm+IO0TiQ4RLh9mlrEiWdi3oxoFTrV0J+BxMzsauQ9wWSQPjtkGz8X m6ZXzLv7CcgqcJn9ED33n6bWU+ifh2ftuKPBfciZUwf/e/2Qs7pdIsEmE7qDwBXoENWuySQl 8GammE0H//tEiHMfSMw7k0BiL2Eb8c9ce+Rzj1j18WECI/IpddF3yA9OG0XrE/tjS5+KbJPS BuY5hjNRJF25dw/Spw3OXJ4kZFA6S/9trJOq309zpvEsxVaJ/VfkE1WuX7Cw9F9bqKSfordL 0W2GvJS6OZQeU/SHwQ8Cu2KtxGjSbp/gaUYDS59R6N1wFpLngicezfi3dfoUJZPnJ+d5HpLE s5FC5PO0rr0DySBKX4G3sVACjgDzGXt1RXssHuilT0jsjTy1aAnf0nlP66qOVc7ziuuC5yeC 1p9Vx0vHTk9qdeIJSVuVhK5zZ4i8dvBspJBnIIU8DxEsm1yuz6m6l2/T3AvfR++29g7lQ/fA 96W0E/wq+H1ojoZPhG9L6e+pdRxJLWMNyaEyvenfik4tajUHB1C6xyClyfDnKX0VCw2Q/w55 K/jGlPrwD8P/wvRB+dDHpg+UjlS+rGf5WYmEhkgWWXUF98PPUt65hrt8uaLTHjyN5Dz8NDT/ pOjtUnRDyG2wkNJExVApfAnYHH0LnYlgY3A8pSPowxT4AfD5tHgCnVHwmykdip1q2F8Hzgt6 rj0ZgmQZkiJwAshIna6UhpGMLVvJ/8KulleX6ZPAVCw/FvRB5Qd0jpz2itYB6i4EJ2GNJx72 ESS9VMdtWKbfVetA6d1lrwuWWVGR10TndpXYX5g+Y3mu9sGvh2SV8qFJyHuWvaPxqfruekr3 aKmMXWenOpZ7Iq+DzZfp/w3l56Wf4+jt3+jbfq3l5TCWo8jnEHVjtFaoFW2Ngk/DTvOyC3yC cEH9CU5QlNOUYjGSFHSOwtdSdH5Ar1oyaxtpaySWB9HDYkXfxbeNTISU99aoUx27lkr093ck Q7LK3Jo6Fr8O+keV9zqjUx1JXxOHeDuFVqrjmVrqsdDzjLpPmT6bHUoP8+Grld2rMVamTzuv A+O0vhFv3AM/QDVDpdRqDn8WzY1YmAT/IvI9eGMr8oZIzlCah2Q/1vKQdEDzlKJkHObLxCH9 jzKWP9OHYiLBRPIUHbXcAg7iJeYdHMtMlaJfhoVmtNWW0ubETzHy1oqS33VeMgIdxSPEwC4s 7zD+D7yhPe/EWIrxVW3kNcA+aA4N2r3AurhA7J0mEoym+q2+8hLbp4lk1bkfnITkXjSTaSsZ zW3U2ojOdHAZpfFg/abLWHz6vJgxfog8BVxDfwYbTcb7mBm1akoU8dSaiPIDr84lqvGGeiY0 GMuvkAdW4711QVtqJ52Zqm0yFbVKqLUOzTKivTmai4nMJOX9NOsaIm0lM679n2FWdLBG1Fo/ 5qgBmEUPTwYZry57jbayNViz06T0bbOW1Zpky1foVTq1TF5Vy+N5SlxiDSSuBuqeXt5D+B8R dcfRIQ84Zh29SN24/QcifyWzqWNca3Ijmk8j74XnpyhKXlpJrtCsYmYkH0ykNJVRd2S8B8GJ 4AUsd2K+7gLTwMxAR7PcmGAeNbP9SnOmxMNKVtPrRMUFPsm9QKxeIJ4vMBfKn8NvY4NdrC4S HfV0RtrO7GLknBJmp0gxgShKYJdxjqE5EGSPs77QOJQz8KfkwNPkQM0wvehnW6K0OTG8g6gm F4nmXDRV/y3kQ9HsCh9BPo+e74H/L/a+A8qKYlt7V1X3qTPdffYMwwwMQ5Cc0xBGkiQBSSIg koMwZIcgDKBIEAQJoiJJcpIkIgIiIAKSkySRnCXnnGGGf/eelsuMvide733rX+/d1Wt9u1LX qfqqau9dnc48Tq+UsIexM6++m65P7v5KwtgnJ3m8arurlcf0Ve5X5kS7lrCO79eHu63llvfn vmTkkrUT2Ofhc9NBBqoz0htZCsd/7dYMwN95A8N9T8e70ugiWJxuuekAbkpCI/cp64SG7pPw Cfw+SILF4SgOR3G4sPucdkIR91l6Su/M6XM53Mx9fsx9Mp/CGzh8lcOX3bD7Fg+du9z9yg2n F3GfBqR6vuJvs9zh79uscNF9jwDAfc89Icx9myMhzH0fJGGRL9b9yo3u537lxg3Hr3TDCf19 n7pfudHX3fp9p13U1zh82K1fn+fwIw4nlqnFWJhLNmds6X73xm1b/InENvs+5/LTOZx41kVu 821Oz8rpIS7qsty7/IzXuL8DOHcxo+b0F7lkef6ty5y+lessxCklmJnElIec24jLD+Vf3Mos PWTsy79ejkvm4XPdkgU5XJDDhXybOf0+h/NwPYnp2bkldTmci8MNuJ79Lvo1h/lLPn4/5zbi lCFc2/fuN3C4hhe5higOR3G4sPu+PJX/mcOpGMP5rIrc5kLc5hY8ypO4p3c4l9vmm8UpzRg3 MN7m3NSEBfQ3HF7Ada7i8DAu8y3jSE5fzOHdHL7lttD9Cge11p2Hhfm+vIp/wmHmzb2TnhAV f8FtTzyPhXvnnVJuurnxK10mE1MS+jJmZOSzuIao+PVcks+N517HT+Lwaa5zHYf3cfgq5/KM ij/IKee4HvcJHABLDPZfBBXzbpdYCGvTpdVb0Ce2eVxHWAS083u9dvmMQDuLJ08gHBzwQTrI AqGQH4pCcSgLVaEeNKE6asF70A9ioB10gm4wyCsfAA3pISukhAIQTbWUg2pQH5rSr9aGXtCf NEd76AzdYTD/x2DiOQh+0hnZIAwKwotQEsqTdm4AzUDC69AbPoBW8Ba8DT1gCKQCVaVmzcpQ tfZrr2aEFnVqV8sIY7mW1PzN0BdIN2enGqOgFLwMr8Cr0BDeBAW5oQ70gQHQGmKhC7wDQ/mc IMgIOcC1dC9BBagBeeAjTo+AEOIhE0RCTqq3MBSD0lARKsNr0AiaU7vzwhvQFwZCG+gAXeFd GOa1IAXYkBnSQi6qoQiUgUpQBWpCY2gBJuSDuvA+fAhtoSPEQU/3W6YxhbrGqLqMTRlbM3Zk 7M7YJ6Z5bJz6kHE443jGGYzzGZfFNO/aSq1l3My4g3EP4yHGEzExHTqrs4y3XTQkYwhjBsa8 jCVaxrZrY1RirM5Yu2XHTh2M+oxNGVsytmfszNidsVfrLs1jjP6MwxjHME5lnMu4mHEVVdzc 2My4g3EP46HYjt06GCcYzzJeZrzJeJ8xwUXTiO0UE2tajCGMEYwZKLOLmZUxN2NBxmjGUozl GSt3cuupwViHsSHjm4ytGWMZu3Tq0rKj+Q5jH8YBnd30oYzDGccwTmSczjiHcX5XGiNzMeNy xrWMmxl3MO7r2q5ja/MI40nG84xXGW8zPuzaIaazDxgtxjDGDIw5GQt17VowyleKsQJjdcY6 jI0ZWxIW8sUyxjH2YhzAOIxxFGFh30TGGYzzGBczrmBcT1jEt41xN+MBxmOMpxkvdu3Woqvv OuNdxscuasnoZ8Su3Tp31WGMkYwZGbMz5mUsFEdM6mKMpRkrMFZlrMlYl9H1xiXpnrC/IBWt 87SQ7p8KCf5w6H+PJmkMk7SoBv+/LGZwLDEsSOslx8BzoiI9Z/M3l/9OSJD2/mMMfW6UPCKS anVjfLXHtQ+ul/jcmOK5Mf3vMOS5MSO3VLEUz6Dbg2fT8E9RkaVKBRF/MZSaQ5LsU+a/JLNA 1r8ks0H2vyAFWdI/xz/nRJAF/3MMfi6MIm8jjqz+KJgBi2E97IHTcFsYIkxkFUVEBVFHtBRx YoAYJWaIxWK92CNOi9vSkBlkddlTDpXj5Vy5XG6Vh+RF+VBZKlLlViVUVdVQtVc91VA1Xs2l Nej+lj9xzqoayeItksWHJYt/8kzcSJbvo2V+ALR4Jm4VSRp3pic9H+8mrT+sYdJ4OCStPzws WTx7svKVk8UbJ4sn60/4oaTxVDmTxWsmi7+TtP3ppibNT78iaTxb3mTx/M/Eaf1lK5gsvz/H JemH0MQe5qiZKHMm9tygOZeKdFV2L3WXJw958rQnr/9R6dyLPLnCkxs9uTtpK/Jg0l7mWZ40 XqB/0vIFjiSNR21LGi+0JFl8WdJ44TrJ4nWTxTsni3dJFh/zzCyjQPTYZPHlSctHJxul3+Xv SBbflSy+O+koFt9BiMRMjBgNrcVE1rYt6ABaqaNAmCFmCrYVoeBzquBGpzKux9W4llJ84oq4 QuWui+sgxE1xE6S4I+6AwnJYDgx8GV8mu+nOB6kqqsru78lQGU4p7htE6LZHBejM/BRPRbuR LjARNsIJeCjCqA1+alWYUwukU9mpTVjFeZ2wKrU+hHRyRtotFKQ9Tyk8D0qGUJsusNyItNOS 4RS/xHIj7gNJsQOEG/EQ4WbqqztDIyEznqC2rqbcX1luxJMk11L8FMuNz5Q87ZU845U865U8 55X8rb3VuL3Vub2vcnt/y6nBOa9xTs1nc3Art3Abt3AHt/C3nF2cs5tz9nCOBC3poGVmS/fJ 7RAZQqyGE6vKqeS8QqyvxtXgozatJaYUlXDvRiZafVpadH5zHi/gkRLioXhIo/ZEPCG2TEl+ D9drcr0+rlfLSBkJfplZZoYgmVPmBEtVptG0zRZmC3DMlmZLCJitzdaAZluzLQSbXcwuEGLG mXGQwuxudodQzIgZISVmxszUp6yYFcIxO2aHVJgTac+HuTE3RGBezAtpMD/mh0gsiAX5u9yF IR0WxaKQHl/EFyEDFsfi8AKWxJKQEV/ClyATlsEyNDrufMvC8y0rvoKvQDZsgk0gO8ZgDOTA VtgKcmIbbAO5MBZjITd2xI6kKDpjZ8iLcRgH+bA7dof8+A6+AwWwD/aBgvg+vg9ROAAHQCEc hIOgMA7BIVAEh+EwKIqf4CcQjZ/hZ/AijsSRUAxH42gojp/j51ACx+E4KIkTcALNz0k4CV7C KTgFSuM0nAZl8Av8AsriTJwJ5XA2zoby+CV+CS/jV/gVVMCv8WuoiAtwAVTCRbgIXsHFuBgq 4xJcAlVwGS6Dqrgcl0M1XIkroTqP96s83jVorqyH12iubISauJlmSy3cSrOrNm6j2fU67qDZ VQd30ax6A3fTrKqLe2hW1cN9tEbq4wFaIw3wEK2RhngMj0Ej/iZ2Y7yG16AJ3sAb0BRv4S1o hnfwDrjf+e5P66M/zaRgEQx9RaRID+/zP6MOEA1FYxgoYkUHGMz/hjpUvC3i4CMxVAyFT8VY MQ6GixviBowQd8VdGCkeiUcwylUyMFr6pA/GSEc68LlMIVPAWJlKpoJxMq1MC+NlFpkFJshc MhdMlAVlTZgk42Q3WCV7yB6wmvyInrBG9pZ9YK0cIAfAejlIDoINcpQcBRvl5/Jz2CRnyP2w WQVI/zxWRVQRSFDlVQV4oqqoKkKqSWqSUEacMU0YZowZIwqZrcxWorDZxmwjipjtzHaiqNnV 7CqizW5mN/Gi2cPsIYqZv/gGi+LW61Zzcc0aZAuR4IQ4FeW7TiNnsvwm0DLQXt4K9A0Mkw9R ol/5MRNmUsGYBbOoEMyG2VQKzIE5VCjmwlwqJebBPCoM82E+FY4FsIBKhVEYpVJjESyiIjAa o1UaLIbFVCSWwBIqLZbCUiodlsbSKj2WxbIqA5bH8uoFrIAVVEasjJVVJmyKTVVm98+pVRZs ja1VVmyLbVU27IAdVHbshJ1UDnwb31Y5sRt2U7mwB/ZQufFdfFflwb7YV+XFfthP5cOBOFDl x8E4WBXAoThUFcSP8WMVhZ/ip6oQjsARqjCOwlGqCI7BMaoojsWxKhrH43j1Ik7EiaoYTsbJ qjhOxamqBE7H6aokzsAZqhTOwlnqJZyDc1RpnItzVRmch/NUWZyP81U5XIgLVXn8Fr9VL+N3 +J2qgEtxqaqI3+P3qhL+gD+oV3AVrlKVcQ2uUVVwHa5TVXEDblDVcBNuUtVxC25Rr+JP+JOq gdtxu3oNd+JOVRN/xp9VLfwFf1G1cS/uVa/jftyv6uBBPKjewMN4WNXF43hc1cMreEXVx+t4 XTXAm3hTNcTbeFs1wrt4TzX29lKu51OEdW0ums6maCKaUHIr0QqEsdRYCtIX74sH5S/tL02r 51+jjWnm/kcb/x/Xxv+YfZE8+3K73pZo5zv8nzn2nzn2L5pjwmxP/nyIyCyLqEpGfUgHJaA8 VIXa0JD2C+3Jf+9J/sBQGAHjYTrMhUWwHNbCVtgNh+AkXISb5NmD8Akn6B1QQV2D4oLeZdkt qCfL7kHvsewR1JtkHIX6sIwL6suyW9D7LLsH9WPZI+gDkt2o3ACWcUEDWXYL+pBl96BBLHsE DSHZncoNZRkX9BHLbkHDWHYP+phlj6BPSfagcsNZxgV9xrJb0AiW3YNGsuwR1Ask5fYn7BY0 mLB70CeEPf4GI6O5512DxnjMfO4xM9ZjZpzHzHiPmQkeIxM9RiZ5jEzxGJnqMTLNY2S6x8gX HiMzPUZmeYzM9hiZ4zHypcfIVx4j8zxGvvYYme8x8o3HyCjqf9egyczIDGZk7t9kZKHHyCKP kW89RhZ7jHznMbLUY2SZN1e+95hZ7jHzg8fMCo+ZlR4zqzxGfvQYWeMxstZjZJ3HyHqPkQ0e I5s8RjZ7jGzxGNnqMfKTx8gCZmQJz5TVzMjGv8nIdo+RHR4jOz1GdnmM/Owx8ovHyB6Pkb0e I/s8RvZ7jBz0GDnkMXLYmytHPGaOeswc85g57jFzwmPmV4+RUx4jpz1GzniMnPUYOecxso0Z 2c2MHOCZcvJvMnLBY+Six8glj5HLHiNXPEaueYxc9xi54TFy02PklsfIHY+Rux4j9zxG7nuM PPAYeeQx8thjJN5jJMGbK08SmbEgkRlLJDJjyURmLOUxc54ZucqM3GZGHrozxf2fRrfdfDWt PuQSu+UUVV29plqrNqq9ekt1Vd1UD/Wu6q0GqyFqqPpIDVMf097lpDqlTqsz6qw6p86rC+qi uqQuqyvqqrqmrqsb6qa6pW6rO4Fo93+UxC6xi35gsvt2rqqmqoFUNVQNUKqlagWGaqvagU91 UV3Ar+JUHASp7qo7eQLvqHfAVr1UL3BUH/UBBNQENQFSquVqO4QFigaK8lWGSLCMDMYLRkYj k5HZyGJkNbIZ2Y0cbs+oRXf46rqAiGeuTeTh60Gxbgk6M4dXIt0zJfI+k0dMqlgqDUaY4X4L LKeRE2zvd8OMcCOVkdqIMNIYke6376jEP35XQlYINkKNlIZp+Axt+I0gwzJswzECBhrBRojh Xu8yqG99qQnuOdJ4ySgNjlHOKAdIedEQoWapOWqe+katVxvURrVJbVZb1Fb1k9qmtv8R4+7V MjVTzaQaZ7vvNauv1FfE93xFepSYW0e/d1Jdelr7TCr1FeUuVz+oFWqlWqV+VKvVGrVWrfuj MebaZ6lZVPscNcd9IlPNo9q/UaSdqYXbqXa3H27t+SHsD2v9g34wZyc9ztzznnN28XnubKDz zI5yMXwAA2AgfAiDYDAMoXX9EQzjfxf9FIbDZ7TKR8IoGA1j4HMYC+NozU+AiTAJJsMUmArT SAN8ATNgJsyC2TAHviR98BXMg69hPnwDC2AhaYdvYTF8B0tgKSyD70lX/AArYCWsgh9hNawh zbEO1sMG2AibYDNsIT3yE2yD7bADdsIu+Jm0yi+wB/bCPtgPB+Ag6ZjDcASOwjE4DifgV9I4 p+A0nIGzcA7OwwXSP5fgMlyBq3ANrsMN0ka34DbcgbtwD+7DA3gIj+AxxEMCPKEJLWQtWVu+ LuvIN2RdWU/Wlw1kQ9lINpZNZFPZTL4pm8sWMka2lK1ka9lGtpXtZHv5loyVHWRH2Ul2lm/L qfKAPCgPycPyiDwqj8nj8oT8VZ6Up+RpeUaelefkeXlBXpSX5GVlySvyqrLlNXld3pA35S15 W96Rd+U9eV8+kA/lI/lYxssE+YRUkPu0vVKGMpVPaeVXQaqWqq1eV3VUY9VEvamaqw7qbTVA DVQfqkFqpBqnJqoFaqH6Vi1Wy9T3aofaqXapn9Vu9Yvao/aqfWq/OqAOqkPqsDqijqpj6rg6 oX41Shql3P9tNfYYe419xn7jgHHQOGQcNo4YR41jxnHjhPGrcdI4ZZw2zhhnjXPGeeOCcdG4 ZFw2rhhXjWvGdeOGcdO4Zdw27hh3jXvGfeOB8dB4ZDw24o0E44kZMEN1OV1ev6wr6Iq6kn5F V9ZVdFVdTVfXr+oa+jVdU9fStfXruo5+Q9fV9XR93UA31I10Y91EN9XN9Ju6uW6hY+hoRUcb Otrp9votHas76I66k+6s39ZddFcdp7vp7rqHfke/q3vS0Uv31n10X/2+7qf76w/0AD1Qf6gH 6cF6iB6qP9LD9Mf6E/2pHq4/0yP0SD1Kj9Zj9Od6rB6nx+sJeqKepCfrKXqqnqan6y/0DP2V nqe/1vP1N3qBXqgX6W/1Yv2dXuL+96v+Xi/XP+gVeqVepX/Uq/UavVav0+v1Br1Rb9Kb9Ra9 Vf+kt+nteofeqXfpn/Vu/Yveo/fqfXq/PqAP6kP6sD6ij+pj+rg+oX/VJ/UpfVqf0Wf1OX1e X9AX9SV9WV/RV/U1fV3f0Df1ff1AP9SP9GMdrxP0Ez/4hZ6pZ+nZeo7+Us/Vt/RtfUff1fes d6x3rZ7We1Yvq7fVx+prvW/1s/pbH1gDrIHWh/Z7di+7t93H7mu/b/ez+9sf2APsD+1B9mB7 iD3U/sgeZn9sf2J/ag+3x9sT7In2JHuyPcWeak+zp9tf2DPsmfYse7Y9x/7Snmt/ZX9tz7e/ sRfYC+1F9rf2Yvs7+0d7tb3GXmuvs9fbG+yN9lb7J3u7vcPeae+yf7Z327/Ye+y99j77gP2r fco+Y5+zL9iX7Gv2DfuWfdu+Y9+179n37Qf2Q/uR/dhOsJ844AhHOsoxHNPxOaec084Z56xz zjnvXHAuOpecy84V56pzzbnu3HBuOrec284d565zz7nvPHAeOo+cx068k+A8CUBABGRABYyA GfAFdMAfCApYATvgBAIBDAQHQgIpAqGBlIGwQHggVSB1ICKQJhAZSBtIF0gfyBB4IZAxkCmQ OZAlkDWQLZA9MCEwMTApMDkwJTA1MC0wPfBFYEZgZmBWYHZgDt995iuyfGW0r5wiSYPy9c5p qirZ973qVbLv+1VD1QgOqqaqGRxmG3pUdVad4RhZvH5wXI1QI+CUGqvGwmm27GfYbp1lu3WO 7dZ5tlsX1BK1FC6yhbhsFDdKCODrptK0TEsUNEPMEBHFV0YL+X71nRXndUFdRFzlq6S3rEHW BCmtmdaPMrW1xbovC/G10hZ8lXQWWfubEETeQWay+TXIAxpPFmAVaWf6CXsgSNzCoXkccu/R hEAqSGdvovh+ezPhQXsL4WF729Oy+ym0BvzkS0RABvIAcifePbIPuun2YcKf7KOE2+3jhDvt K+6ZGO7WiKncGjG1WyPXFc+1/naPJohiG9Ai3IR2kpxgzgnhnBRJciI4Jw3nRHKOhCAatYI0 dsWk+29JJWVJkLKSrARKVpFVwJCvydfAtEZaI8FnLbWWgrauW9epPmnOkT//m2xsUgv7v9u+ /s9YWNeGPq/d/HfazFDdUrfWbfV7ZIFcy1mRbGZ1tma1yDJ9wnayPtlI1zom2sZWz2kVe/2J Pfy9NRxHdvAfFvBZ6/L/mzV8au3ILo4l+/2sVSxH3ofreyR6Hq7fUZM8jwee3/GIvI4G5HFM Zp9jCnkcD2nW1qWZ2sydl7/ZTtkhqd10QpwUTqiT0glzwp1UTmonwknjRDppnXROeieD84KT 0cnkZHayOFmdbE52J4eT08nl5P5Dazvwj+0tBqGF9nNZ3Xm/t7sYjCGY4nfWd5O92d7CNnjb H1rh/WSHD9qH7aP28d/sMabC1GyTr/yXVjn+93YZIzANRv5T1jmJbXbi/wescw0hRThtZSNF TggTNUUdyMJ3SnOKpqIV5BFtRBsoLNqJdlBEvCU6QFHRSfSEYqKXGA0VxHgxCZqK78ROaCG7 yDjoLbvL3vC+7Cv7wWD5gRwEH8kh8mMYLj+VI2A03/McJ8dI0va8x5+sHBUKU1SYCoNZKpXK DbNVXlUAVqgoVQFWs8XfwxZ/L+/e9hnTjZ1w0UxhphAR5l3zrkhj3jfvi0jzoflQpPURXSKd b4jvY5He96lvpMjsG+0bK3L4xvsmiTy+Kb65ooBvnm+xKOlb4tsoKvg2+3aJN3z7fPtEU99B 32HRzHfUd1y0IN8gXrTyPSHfoL+O1iXFMv2SLiNW+XP5c4s1/rz+AmKdP8ofJTb5o/3RYrO/ uL+42OLePxNb/WX9ZcVP/vL+8mKbv5K/ktjur+KvInb4q/uri53+Ov46Ype/nr+e+Nnf0N9Q 7PY388eIX/zt/O3EgSDa9ouDVgsrRhyyWlltxRGrvRUnTljdre7iEtnZCeIy2dkfxR2ys/dF gi3tRlLbTeyesrkzxTkp+wY+DoyX6xKfb6Hd6Hy+49JEtPZSljyTIqAE+DzfIzv5NEUofyYd Ls4nr2AmSze20outpNhROtynbPKIPDRr8ov8ZO6KiWJU5yviFTIu1UQ1MMRYMZafstkMzc1I M62ZzkxvZjBfMDOamczMZhYzq5nNzG7mMHOauczcZh4zr5nPzG8WMAuaUWYhs7D4RewRe8U+ sV8cEAfFIXFYHBFHxTFxXJwQv4qT4pQ4Lc6Is+KcOC8uiIvikrhsKMNQd9U9dV89UA/VI/VY xasE9eTvpBnUFUPylQaD31ZIwXezIuhQkI4Og5jLQT3NC+5zaQXo8BOrJchPLEWHBaXpsKEC VAQHqtGBUI+OYGgADck/bEpHKLSkIyW0pSMMukIchMO70BNSQ1860tDqlBApgkUIpKU1Ggnp RQaRATLwMw0v0HqtCRlpvTaETHxXNzOv1CwiVsRCVn7KIZvoJrpDdtFb9KY1PUQMgVziIzEM covhYjjkpRU8HvLRCv4O8ovVYg0UEBvFJogS28Q2KMzXm4rwyotmn7oqX3Vqyled3uRrYZHP XAvLx09TlZSNibH0MkpGkecYLaPdd8RkBcqpKquS51hb1ibPsZ6sByb5P63AR57PW+Q5DraG gt8aZg0H25plzYYQ60trHoRa+6z9kMo6aB2BCOu4dYp86l52H8hEVmQAZHUtBOQiCzEN8rj6 HAqQPt8HUaTFj0JR0uTHIZp0+Sl4kfT5GShGe6xzUJx0+gUoQXr9EpQk3X6Fxip5X/JzX6rI 9tSXDEn6UlwWpxy3R0rWpD2NwT0yuUc+8vMaguZ++cmLexuCuF8W9yvA/QrlfoVZ860F1KNF 1hJIy33MyH3MbJ2zLkB265J1jfrl9jQ/9zSKexrNPS1GdnAm7RNm026jDPe6Ivf6FbJPd6Ea Wad42qEk3n1133JsyT0q4PbR/dIelPD6WMArk5NW73Ax5mmaFHPFAoqFPS1HK+APOCgliTdm wuCxNZkPH/OhmQ8/8xFEfm8TsJgVm0fbYW4CVgOrASDtzPtAMO2+RtCYj7ImQDragy2BrNYy 60eIpp3YNSht3bDuQyvyIQZBB/IWhkNP8g7mQX+y/d/BaLL1B2ESj/kyHvPvyYL/Cst55H/g kV/BI7+SR34Vj/yPPPKrybJfgzVk3W/AWrLw8bCO7LkPdpCPEwH7yK/JBMfIl8kNZ8krseEq eRcp4AbZ+EjaAZAmpB3S2wDuDhLKu1cZoJb7tA28br/nVIQddE56Me65y/HXLv9NpZ/OB2jB o1qQ53zNZ+ZDwX/MB6gDpZ+mSajE9+7DnpaToKyJ1gz6zdXWZprjD2x35VAq7/ITW5KJ21DQ a+VvbS1B2uyf0O50ZjjrQmBdKFgXKtaFButCk3Whj3WhZl3oZ10YxLrQYl1osy50WBci68Jg 1oUhrAtDWRemZF0YxrownHVhataF7rvNa6kHjqyslkPZP70XJIUlQqmVmUVuUUiUEOVFVVGb WtdCtBedRXfyn/qLweITMYp+daqYJeaJRWKZWCXWi61iF3FzhHg4L66K2+IhGSCfdGSojJAZ ZFaZmziOFrmp9zmJi3wsG5IFdmUTUZxlU1GCZTNRkuWbohTL5uIlli1EaZYxogzLlqIsy1ai HMvWogLLdqISy1iy6q7sJF5jOd5M7UpjiRnBcqmZxpX4yG+70kzpd1zpm+EPsFzpR5ar/MEs 4/0hLBP8KVg+8Ye6kjyolCzLBAv+nfYiF2mjYPI1JMXyEjYkj8P1X0gnUS9pJlIfowjfFIUI m4vChC0E+TLUt6KELUU0YSvxImFrUd59/kS8TPiWqEgYSz6LpF5VJuwsqhC+LaoSdhHVCceL VwknihqEE8wwkNTfcMKlpnv15ZGfBoZ6SrOa+mkQrvSTz0N99LlPVPk1YYLfT/jEHwSS+kYe mL8M5KK11ZhsfizZ+l4wAIbBKJgIM2AeLIYVsB62wR44AqfhMukX754izaQImutZaS4VFNGi FM2myqKGqENsvEm9ihVzia3xxNBXLJuIeSybiq9ZNhPzWb4pvmHZgrS7K2PEQpbNxSKWLcW3 LFuJxSxb+9O7kvqYwZXUyxdYrvRnZLnKn4llvD8zywR/FpZP/FldST3OxrKMmMzjN4VHbiqP 3DQeuek8cl/wmM3gMZvJoziLR242j9wcHrkv3fHwhzHj4cx4KmY8NTMewYynYcYjmfG0zHg6 ZlyAEQz8ZLliXQG80kWw+5qI+zXhGvxcf04oxH4AXw0TqXiupeY5EuH+tluLSPM01NadSa7u JX0yhucKo3uXToSQhgIRTvsqwZpIsn5x7WoEDBFviHqigagv6oq2Vn2ygA0Tr03LbrKPHCxH q/HqS7UIH2M8JuAT0rKTrMnWFGuqNc2abn1hzSCNu8Zaa62z1lsbrI3WJmsz3kOJCg000Yca /dYD66H1yHpsxVsJ1hOb1J79mT3CHmmPskfbY+zP7bH2OHuJvdReZn9vL7d/sFfYK+1V9iH7 iH3MPmGftE/bZ+3z9kX7sn3Vvm7fdLTjd4Icy7Edxwk46AQ7eZy8Tj4nv1PAKehEOYWcwk4R p6gT7bzoFHOKOyWckk4p5yWntFPGKeuUc8o7LzsVnIroYAARQzElhuF9fIAPMS2mQ/c+aHbe eQLvNk3yuqqRTWsvY8lziKNdpSN7064ywM/NIu8hg3lnGMLXf1OohWohhPq+8S2AlL6lvqUQ 7rvnu0c+I+2XILW7XyLf6ph1BnK5uybypAaT/1DC/po8h5dpx38QqtOu/zC8yv5DDfYfXmP/ oSb7D7XYf6jN/sPr7D/UYf/hDfYf6rL/UI/9h/p2AnkODZwQ8hZasLfQm72F9zGcvIUPqJ/L oeHzjOg/N4L/lnH6bYQsZhOYzSDmMZR5TMs8ZuWe5+OeR3PPa3HP67CfVC9x92nyvw1SuCq4 15bLQ4Zn53/yWfxfz8fEuUM1pOCZAjxTFI+wj8cTeTyDeTxDeDxT8HiG8nim5PEM4/EM5/FM xeOZmsczgsczDY9nJI1bakjrtd428ZnWI/m83op11zzPU+B5KnieSp6nyjvXMYOfOTeCvJKn WuC3lc6ag1cBz2STZ7LmmexP3EmLG+KueOR5AylkKplWZpG5VBUzxmxltjHbmV3NbmYPzIRZ MBvmwFyYB/NhAYzCIhiNxbAElsLSWBbLYwWsjE2xJbbGttgBO+Hb2A174LvYF/vhQByMQ/Fj /BRH4Cgcg2NxPE7EyTgVp+MMnIVzcC7Ow/m4EL/F73Apfo8/4Cpcg+twA27CLfgTbsed+DP+ gntxPx7Ew3gcr+B1vIm38e5/3vT4z3Of/7I3PULI529tpsRHZPPLPNdz7bQSRXvfkWeeQva7 T+k8fcbnv3lO5+kTPlSHfEk2feZKh5tSjTTQ0+sF4jbcIx+96P9r7zygmlj+Pb6zSehBmtKR LlI3FCE0RYpKFxAsoHQIUiJEiiIlNBUBQURFlHatSFEQUETAgqAoohcLXgFFr4gCAopigbcZ 9QpePfe8/3v/v+ed8/I7JL+ZTTazuzPf+fx2yAyqh7/DFM+zQ5ejzugq1BX1xrWKjqveFta4 2o+MNZY23fC9zDS9vxtr5G26scbpfmim35kFaxRvhtn93VgjetMNP5afGN4fzDD8mGfaqh8Z 3n/MMPwszbS10L6lvb8zP9wCfmL0Hxn35EzDe62ZJvqdyc60L8f3ubxwD/9/f+Qn90cA0o33 n4Z4X78Up2wnOBfL1xlYWLOxbEd2Ijl49FOEHEXK8PjnLNKINOMR0C3kHn7+MDje/N991vuX nu3+lecf3gX5fI+EB3/JYcU9iAkrFsD7ujkwemCNswAwH4+jUby33437OWAP7u8FrBXED+KR FwpOg2HWLLRgBI9XRuE6HG/AOO6/BROwz/yA+x/BJO5PoaxVUFCUiNc5EsqG++woa+ZWbhSP v1EyXFOED8VjbFQAFcL92egc3BdmrRGC96viuC+ByuC+LIpHbqg8a/URvI+dj/vKqDLuq6Aq uK+KqiKsVVXUcF8dZa0GtB/dj/t5aB7uH0AP4P5BwhI4k+wyhECwJAmy5qoj4cdLEiOZs2ZX JC1BCKSlJA/WXOEkGu4HsFYmxvvqCNyPZM1aRUoiJeF+MqkRYa2y3IT7FzhwZeZA8SgS5VDk XI8AzkBOnPQ4g8jHEEA+TsajXnIJuQn3L5Av434zTqqAVwrnDAJOk1MwwsNVeRY6S+bz76zh lUERzy+/Dv7GIAAyCIAMAqb9ihVABgGQQQBkEAAZBMDfngDIIAAyCIAMAiCDAMggADIIgAzy uYQoJBEASQRAEgGQRAAkEQBJBEASAZBEACQRAEkEQBIBkEQAJBEASQRAEgGQRAAkEQBJBEAS AZBEACQRAEkEQBIBkEQAJBEASQRAEgGQRAAkEQBJBEASAZBEACQRAEkEQBIBkEQAJBEASQRA EgGQRAAkEQBJBEASAZBEACQRAEkEQBIBkEQAJBEASQRAEgGQRAAkEQBJBEASAZBEACQRAEkE QBIBkEQAJBEASQRAEgGQRAAkEQBJBEASAZBEACQRAEkEQBIBkEQAJBEASQRAEgGQRAAkEQBJ 5OscJX/NWCIehr8KwVxEfD3GFPdj41ROXpr8lgzY0QKm+Eo8ywkFgMKNcbKRVHgJqBgJwTzY uFTYABEwdVFALHDElmOq03IkiqTiJOCQkiFih3giYUgILqI+CAP/Yw0xGWMy03ZGFJrHXmyn N6a27fliILLhxfau56Z1NwuYc5QxJlEAY6LvCwgoQHFxaEJSDQ238ncYj3u97FmEkf8qKSDi ZaJTVLD5bIQVRG5BWdMQelQozc+fIa3kNV+aQqXqStvQvEJDwkJ8GdKmIaF0dYoUJvH5zbNn bgkJ9WDQQoIpMthc1naCoMi37Q4hIQxpk40M/5BQGiMKkxImU3UxCgXDdDH8sVqYrIlRNLUo X5K/oERMIDv9tLBWqmLisoLnc6FMAJBjaH0T/U+DUVtxpfw9kWuxgaJjaQrr3k3uti6umTxQ JG0cvbxof1GGu+b6jsXeUUMnwludukZf5CVLZOQn+lZeXr/JU+6OpGH3LJDVn3OpQc03N9df cd9NfdUGntMrFZssnnEZ6+WoHlOiHn25LGFxX+KsutzAFR4nmNGF7moR1s/3VXkb5NpLUDjk hfKPPctUEfnTaK+XkPtKkk++pK5Dytsjw9los/jthhXmldviGvRfOmXbln06simIYVsu0pbD qSSDuOx0p+nWWQmwGzpPrfnwmy8Xx+Fb8c4uw9UGa+fERxC7xs+Xxe2erLgee+eIWKir4dVz rziKZbFKtqTWSukIwaQelIBX/OL4o1j8ISy+CD+bkoAYn4vF74njW3OTPkwLPSi3PEbolE36 1LXC0P/89WP+Qx0nsK7h7n7uxrSxPSI6g7VA/l4E/5iru2b+Qe5rxqTMrRmt+n/KjL5y2aV6 umBJi+fwx7ttBgarjy1wok3KBy1sbTveTYp+SEkzyuejB9RNCtiJ0Bo/3jTt418tbTfgubn8 uGiLiq6C2nmfQoHtCrO8it86SUzItN6ZPeZwIthUk/0TU/jdU79A8vLx+hGHK/XPLmEfpSmc WyV3zxez6ZRED43E9RKq1rw++bDFZchn2RUHp+oqgpLA1M47rzgyYmr3XC7RVX2y6cnRiL7w AuRmwMKmWwu295oIHNUJEA94oPPodwnik6PmxJbVWnrBNhJkzxquoh23O50WWlyXWHGY/kBA P2XXxvwjtwpwVXDHmATrz6rApV7C/4f9lOuBa41fNUXyV4kB3u71NPEHrgCauBhQNPGkzlcx iIIKiu+ETRBd4UgRxPhZCQ5BLhePMH9asB8D/xo+jJeVyS7I7uDjHRQS7P21YFw/K5gcJvO5 YGLTt3v7SDvS/ILxvUrbm5r8oyrURG2541ZpTj2qfYLSNaGgsyyi8cPcg1fMNwx3WPT/vuPi emsHz9f70Is295YFasgb+zTckKvhXloTu/Ghef3xDF77ywoqowXPyHJzO0zk33vuaxc1P7TL cu6+65Uashct1aJD7s+WMthB5aM+rJ//2tdADWhOTc5bevh0IEjJ+3D2lFcsc8K1ID4xKb1i tDa7uF3vsH2S8LwU24fYOGL0unnCKP588mAg9Yi69niVejnXFs/MSN+8vWHk5PLRS2PSZ+wE 0ryuqd7XNBcdqrPMMbB3FLnhuzzqeGlKi7NxPtN+azDppE7TZvl6B1+jfbZtKjFawYlL2DoO 3rRMRoOTkd8aU3ocv6jCeyz+LSbIEgUFIg/GxcaBd2gkEjuB8H9DKmaxyijIWnaShBHwF0yS lcFLnEMUapO8EY7Q15SPdF2yzV1upl5s5vUK42ZtnkUk4s0oeVrTgRqzuaQsxlJx9MY5W0bR ynkM5Y2VyZ9KrLMjEZvnV1+I/EG7zFsUPYaaNl9NaXvn2HYhv9455JWX2TEzZCinJbdTopY7 X5ScfbdLqnT+luHBw2EnMrqp6UZ7A87pBd3aWi73qef5HRpn5tb6yUdInfbY2+gJPgF10ov5 ObsWr1faUKOX0ctObnXzv14fZ7Le92hdTV269tVRAl/0pje3ehf3bJ589OjE5HhPJ7mSfier z65aryha7XejB9rcnrpofnyA3LZxV6+MitV11LvuO1Ykimm9MdhbwOQpWpdaqVpTeOhaSZd0 dQMmmiQtRFY+5/DapHct1pelREtpoj8eO1JyI25xaDgvrjEBuMY4fNEYj1mRNpCQCNPbEQnX mV/Yqr8KjhaG4YqjhQsORsU0WUktVhJj/FuK9mU74Sfb/1Frih5wpbVfaFq2//pxfe1SuVXr HwSel5GtyW4ZKGto7lS8oMmfeq7LTfXDAmep2SplGeSHQsXBStaxcxaanEhbdNJiK/l+fHbp HrabLmbhrgMjH3kfxzKKta4xng73eRTGEGrMpzqNBTorrq4l39w8WiNI/ugeoJS0cUdN6bmk fuGqneffzKn2dBvk79EfklmTWh4XdtG8b/e2CPf9z0ojmnTTtIQ0BB94tpaJHbPb61f6uzQV 29Cb5mfxuFniNdmeYaLRT5IPkFm/rCLr0inqlcWHglxFLEsy7qYnGEdyLbn326lEuYuPRzf7 nrRk1CuaWOV5CLnbYi3MsZvc9OihFTYRtzhWhMd/0Zp3WPwbeO4lZ7FaLN4I2RqnNdgxmUXp 0cvfOVntfSp8NyBBm6Su2P9jaWLphKQcUQSbE/fjZm7GesNcohFmgFELdAt0krX8GQy6voaG V2igetDXa6juFRKkQV9PY+Vq0ENDvDd6McI0TB3xiqaOZ2FLv34lziGGmD6m9zWNocmqX3YY ERHxox36hE7bE+O7BgTVZpFLiKPfQekEbcD7p7CVYemLe/GxQ+QoRoTdniUiY8hsWswDz51F n/wK854ozX+/4u6+SfuGtZyVZw4PMsf2SoWsev9m5BHP7VQO4znC0h2Np82XcCi6u3BaZb/i aDtrE/zq8VIBJZ1UmdCeddXlNAH57KHn2pwPYoJDsrgcripbLzuuqZrcX9jmpnjunGHvmlMJ 3Gd1JOwSzZdM1WUXrmI/lvMwst4l9tAR27bR0rxck8fXXOWN/4jVXmI73t6y+cCL6tY8LyHH 8tLc4bsN7QWFJbuvblJJUW28cv9jIKGrQa90pMNVVHhW49urcYf5OMQe7pR7VlFobTxQwa8Y ydukeua39VcyDHG1OYCrTdJXtVkWPQjVhvTr1MaJFuQTxvAIok9XmwUYlbIAo+joaEK8ocCk JsZKYvGH/y1lm4cpfO4opYJNaXR/n1BpM0dzaXNHW30KZqanpqOnratmuthC7+sbCYJSPzkI R5/QcJqXzz8K1MBZklfL/aiyRDPjQ5WXBq0PyvdQw6U472haroy8pXL/EPvO4WdGH+oVo4s/ PN0So9l+3yiVqjv67p6B9pzfs5gftF/6J4WKZfTWWvfWJo1pcaFNReFhOtZuIzWPLLdI1mZH PpiSSpq92GLDjdh5LgIdCXYG7e+7x1MHFyJ9nd0eE8JpVr/FG76hLRp4tK2B3e4sY/NznqdL BkoCRzr94jnezbm6RbAu7DGn9XvPD4MF1Fz9yRf8LR5SnivvcTkldBpYWT1eUa/hLpaeRTLt cnvB5JLbw1lAovik7rKVMpEpytr5ydzMPETnpLluKe2Yz4S26UnhCwbUR3w7RsVS+pzs5xoc oJROF6hvghQT+kp9ofP8XoW3/rXgo9WjmPY+4xnaE9Jvu3DPGe0Sq+SMc3kDJwxMTJtv/o+0 hxFG9/L4X9Ger3ti/EhBOf6mwj8QKNomJifPnI7udott6g0d2pviY+cpmSiP3ZbJ4t1Tus5x 7fyJwSYny6Nb3gre5BaasBlNno0E9yVIKpkfUaVqPgzJ1V09JOeQ4URIW3gkz1tvfEGLkGm1 vvHeVvLFDfFKY75HKI9d3TImHBweub7YtfMAjdN6W0dHuLU2OeBRtNkRlTUJTrHm8qIKl7Zb XFboE42jzRcaF25+Jasab7FW5fXE4eYIY7mQicPeSelFnuRjalJHn+40jp2qSP+45+XIJ2L5 9WU3VjNOvB8TnCtOvVFcdefc66qhltJRZ6kPhiMtd5TNzjXkLdziK3L9lLQX19VFRj6aotGn ao2aFJfayoruC96BNY1kzhQovgDufXaNiEIJ/wPzuSs3+RV9L1O/Jvj6ok6YtrYuS52oePIX BF9/E85/0ps/dIM/lLcsttwg0nJjqbFj4/sSobOqmnUCdg4tCYPGWveXUbKUqjO9e+faJ569 YNURS3o3vPF86pWjnWU0um/kPN/+6prhpDPXh45/EviNe5XsfI32RfedieLhp4O8gyydHjwc 6W7IT7gS1xNrjepmv2k8yOEs5b/k+v3GcFeNLdUKxCrnNQESXlNx0YZDnUQFG2oEg93tguu9 ZF3Vja28A1JUzujwyQOBwZt6Xxpn7Dm4gXedsp2Ip7vmwVsJtiqyrv7mqd0aiXz2pyZOi6UF DinsF3x3je9uEu9rZnjYgubdm4ra3NlekiqStWreZa9JNElcmZQdXDFXdWlbSJ5pb0B/rGL6 +s96wwRK+BmR/3EL/T8RfvGxcX65ATobsGIqZJp6/lAcRf/6gBBK5JHiQhyRjYgnYoqYzAzN /hbX/UCgsm34KRei7ev40ws92AHvDrp52nCYU/1CTpLaVO1yxySJQWpmTbEzd/eOagPxjg8n jrTWnFwuIx7CQYtZTyiStRgMrAqKlq21uJ04ljbrPPv2BU0vYp7T3czzs2613XiY3vioQfl6 9MvWMs3OlDPXvC4t6BCRaQjvNsitFA87KLP1XlWVgNOO13kXfCxzlRTz3LfPMrgi6BO5tK69 NEHfrsJzZTf2/DlVsm/baBc1fkJQZod3nBcbMWc0FzXV2Gyx9ewUet9nwrK7i8DYVUkK5mk7 8IeSR/TSEeE8fhk9VCLlBNvlHM3ap4uaHY3qj23r7vfVTXstm5PXVhHhtFz/TqjZKblxCpNY jotUCQoAFp/yC6OyGbHit3vcBfFdmNBf11sJUNgJJPjfy6xa8OVichIoPNNvq+Ol+ZbipvBi 07fOxuS+fZBIwevY2wxL9nirzO7THLn2FdsaPinZZZ7GvKd9hIfijDkVKMcpITYIDfFCQpEQ eGfeF2Eg0ogTEoXQ8ZQfnu+Be/5IVKFinPxPu1dGFD3EL9SD7h8l/Z28EZkAkW74s3aVKKIv lCu21ebG2O6KvF2LigZ4tVyIQ3phFh8/nizbN9yL9cVsf/PiNWHzm07XiTeMA3HcwZVdZRqE YCJ9gHBnXHibWmPibt1D7caJbi68Ua33RO81fNJKPfhHpXRRjcWLMzH5g+WNxs0DDWY9HSbn 3j0XEt1uNbILmLev0+JJjS3bUWya1vLRdsqrNOvidcq8FWFV7jWZxLet5PCypZFlaG7c1bJM 7QWKzX968xSko61Bc7eUxTjrXLotGH1qsezufe2bbOnhxWUql2WfbQq761aQUTjsYkdBVfjC zd5nW0h4Zgtuzoh+kijXW7zfVpfYbO17vP9Q16GVclu2YR1zhQqZ6FyMiYp/u0ZsFCbKg2dx /Mer6Pc90owAg/1LFS1ww0Sm10Tub6NAAP/Ov7aQKLPwrlaPgmniHa0mVUtn9d8qIjolz9tT 7ZHmpr4O22ou9qa89+W77zSLVUV69ly05FDrqW0VP3xfhnSF56VvsvzUYrTd9FV9S6F0eM7j c492pQsseqyoXHQ4M9Vjh8hEm/JJe7GUd5szBxwvL+qvU3PLuGGW5R3s7K6wmPtKMhpnMiS7 b/NlzU32Q4Fbn7xfIPymOTXLU9Ip9/enggKFdw6UvZ1y0Scsed45tHLM19jEz2ptzfn6+0lq T1xqWzJLPDcELDwiyHGhXaVtY/e+7VGR9IRSi9wLlQnbbJfoqyQ4ymgenRy4spARjjaWHQ91 dKv1vxLzgmLknzsvbqyKreLZ7Vp+VeatwIbyng2n+hM8j1aDcKyLd5HjqTWksbdVC7xJjjKz U/0sgvkCglYJOgRXkZH/Avp0HJcNCmVuZHN0cmVhbQ0KZW5kb2JqDQoyMDggMCBvYmoNClsg MFsgNTA3XSAgM1sgMjI2IDU3OV0gIDE3WyA1NDQgNTMzXSAgMjRbIDYxNV0gIDI4WyA0ODhd ICAzOFsgNDU5IDYzMV0gIDQ0WyA2MjNdICA0N1sgMjUyXSAgNThbIDMxOV0gIDYyWyA0MjBd ICA2OFsgODU1IDY0Nl0gIDc1WyA2NjJdICA4N1sgNTE3XSAgOTBbIDU0M10gIDk0WyA0NTld ICAxMDBbIDQ4N10gIDEwNFsgNjQyXSAgMTE2WyA4OTBdICAxMjFbIDUxOSA0ODddICAyNThb IDQ3OV0gIDI3MVsgNTI1IDQyM10gIDI4MlsgNTI1XSAgMjg2WyA0OThdICAyOTZbIDMwNV0g IDMzNlsgNDcxXSAgMzQ2WyA1MjVdICAzNDlbIDIzMF0gIDM2MVsgMjM5XSAgMzY0WyA0NTVd ICAzNjdbIDIzMF0gIDM3M1sgNzk5IDUyNV0gIDM4MVsgNTI3XSAgMzkzWyA1MjVdICAzOTVb IDUyNSAzNDldICA0MDBbIDM5MV0gIDQxMFsgMzM1XSAgNDM3WyA1MjVdICA0NDhbIDQ1MiA3 MTVdICA0NTRbIDQzMyA0NTNdICA4NTNbIDI1MF0gIDg1NVsgMjY4IDI1Ml0gIDg1OVsgMjUw XSAgODYyWyA0MTggNDE4XSAgODc2WyAzODZdICA4ODJbIDMwNl0gIDg5NFsgMzAzIDMwMyAz MDcgMzA3IDMxNCAzMTRdICA5MThbIDIyMV0gIDkyM1sgODk0XSAgMTAwNVsgNTA3XSAgMTAw N1sgNTA3XSAgMTA4NVsgNDk4XSAgMTA5MlsgNDk4IDQ5OF0gXSANCmVuZG9iag0KMjA5IDAg b2JqDQpbIDIyNiAwIDAgMCAwIDAgMCAyMjEgMzAzIDMwMyAwIDQ5OCAyNTAgMzA2IDI1MiAz ODYgMCA1MDcgMCA1MDcgMCAwIDAgMCAwIDAgMjY4IDAgNDk4IDAgNDk4IDAgMCA1NzkgNTQ0 IDUzMyA2MTUgNDg4IDQ1OSA2MzEgNjIzIDI1MiAzMTkgMCA0MjAgODU1IDY0NiA2NjIgNTE3 IDAgNTQzIDQ1OSA0ODcgNjQyIDAgODkwIDUxOSA0ODcgMCAzMDcgMCAzMDcgMCAwIDAgNDc5 IDUyNSA0MjMgNTI1IDQ5OCAzMDUgNDcxIDUyNSAyMzAgMjM5IDQ1NSAyMzAgNzk5IDUyNSA1 MjcgNTI1IDUyNSAzNDkgMzkxIDMzNSA1MjUgNDUyIDcxNSA0MzMgNDUzIDAgMzE0IDAgMzE0 XSANCmVuZG9iag0KMjEwIDAgb2JqDQo8PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDM1 ND4+DQpzdHJlYW0NCnichZLdaoNAEIXvfYq9bC+C7rpqAiIkhoAX/aG2D2B2x1Soq6zmwrfv OpOm+YFWUDnOmfONOn5ebAvTjMx/tZ0qYWR1Y7SFoTtaBWwPh8Z4PGG6UeNJ4VW1Ve/5rrmc hhHawtSdl6bMf3PFYbQTe1jrbg+Pnv9iNdjGHNjDR146XR77/gtaMCMLvCxjGmoX9FT1z1UL zMe2RaFdvRmnhev5dbxPPTCBmtMwqtMw9JUCW5kDeGngjoylO3dkHhh9U5fUta/VZ2XRHTp3 EIggQ7UjlaMSEpXkpGJSIeaeEvhP3hkvlhSxInd0clOd3+IdCW2ry1BxFxoGaAtpWLnFgcKI HhIwEn+TJL1MzC9J4R1JJoSguWKJpIjwEeFjwkeEj9Z4S67x4S0+osBkhb3LmSICIVBtOCr+ z5fdEH4jyZ1fAedfPW/keY/U0Vq3Qri2uDvz1jQGzpvdd/3cNZ/fNdXgMw0KZW5kc3RyZWFt DQplbmRvYmoNCjIxMSAwIG9iag0KPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCA1NTA2 MC9MZW5ndGgxIDE5NzQyOD4+DQpzdHJlYW0NCnic7J0JfBTl+cd/7zuzdza7m2tzbLK7bLJI QggkQAJEsrkAjciRgAmCJEAUUAQMeB+ximA8sNaiUit4VPFkE5AGtIWq9UAR6q1VQKAerQi2 9ZbM/5nZTQIl/LNpm38+/nm/k/f3Xs/MPPPu7LvzZHdnwQAkkshoLKs8bayUbEoA/1sr4Lxy bFn5mBu/u+U0cK8H4M+OnTih8oqpj60B9x0AHk8eWzmlZHdJ7STwXbSRlLtOr6wasyBznp7W v4sa0s6oqhwX//mBZ4GMw4B1xoTKnFz7kKvupm0Zqb92YukZVUeuGF0K7vmU6sOnlo2vnnj7 /K+AvImA447ZC+oWzSrZkQO27GZa56LZFy/x3Od6529gqwcD+qpzF5234NXLalaDraDV9Ree V9ewCIkw0fbepQb7eRdcdq7zquvSwdZeD0yrnjtnwaX/2Nq4HSg7ABZYN7e+bs7uxVXkG7tZ 3f9caojJsw6l+vNUT5+7YMmlf/fH3E77ngv4Vpxff9GFR36p1IPH30Y2/IKFs+viLh+0C+z7 D4DkjQvqLl0Uc2FUf+pTj8dzYd2C+orLfZeCJ9wBmNMXLWxYomRiFfnXqvYvuqh+Ucbb47eC 3boIsPwe6mOhS1p9/y0FH860FX5lTFGHCbh/f/9MNX/58Zef/n79kfPsMEZR1aTZq1BuGN12 Jkrt+H7995fb0dETRj5fbbHWoABca+CwIwdTqedx2q+KJK1gt0EHo261Lo82kBLKpT/hXB5j 1HGLXuYq8l5kKttwaanmAVE1vtSDADyefro32iaxPMNo1hIAUxSFtu7XPa0eKWR92CU+oiMF +Ts4BxFAto/yR1FM+RZ13f8GuqnKES1/EeeG6rhf3o91R+1z69H2+kdxF9neox+B2WR7b3jd +6g8ndYbrJY7tx0amf8NuQGnU7pBBiZSPoZSBe0zlvISSsvZi1ih2QErqHwd7X+52k6pLJyP ozFZRv1FtF461a+jcjL5oafcRsn73xmp3ofvwIK+9iES5AblRzWnca+kNLav/aHH/YW+9kEg EAgEAsH/X9g6ZUtf+xApupSfjq8CgUDQlzAoW4yU7BDzpkAgEAgEAoFAIBAIBALBTx9rjYEx 9pi+o8GgNxiOs8pAFKKigNFUXuqKcSFGt9oF7G3v9w/T+/rXV+aPwIwRi/PTh1Xqs2LyX3jw recjd0TfvUmHZVxcdzZK5DsWnFyw7k3+DVNBN9As09cuCAQCgUAgEPyfIEFiKjpJYpyugRJ1 n1u24VujAiOMShtMMClHYIaZ1AILKYVapFZYSaM1tSGa1A4bqYP0R8TAQRqLGNI4xJLGk/6A BMSROhFPmkj6PZLgpHIykqicgmRSl6apSCFNg0v5Dm5NPUgl9cJN2g8eUh/pt0iHlzQD/Uj9 pN+gP3ykpyCddAD8pJmaZqG/8jUG4hTSbE0HIZM0B1mkg5FNOoT0K+RiEGkeckiHYrDyTwzT dDiGkOYjj7QAQ5V/YISmIzGMdJSmhRhOeirySUejgLQII5S/I4CRpMUYRVqCQtJS0i9RhlNJ yzGadAyKlMMYiwDpOBSTnoYS0tM1rUAp6RkoIx2PMcohnKnpBIwlnYhxpJNwmvIFJmtaidNJ q1ChHMQUjCedqulZOJO0GhOUz1GDiaTTSA/ibEyi8nRUks5AFek5ms7EFOVvqMVU0jqcRTqL 9K+YjRrSOZhGWo+zSc/FdOUznKfpXMwgnYdzlE8xH7VUPl/TC1BHugCzqP1CzCZdqOkizFE+ wWLUk16E80gbNF2CucrHWIp5pBdjPuklpH/BpTif9DIsIL0cF5JeoemVWEh6FRaRXo3FygFc o2kjGkivxRLSn2Gpsh/X4WLS6zVdhkuUfbgBl5Iux2WkK3A56Y24QvkITbiS9CZcRS03k36E W3A16a24hnQlriW9jXQvfo6fkd6O60h/geuVPbhD019iGekqLCe9Eyuo9y7SPbgbN5KuRpOy G7/CTaT34GbSX2t6L24lXYOVpGtxG+l9pB/ifvyc9AHcTvogfkH6G9yhfICH8Evlz3gYq0jX 4U7SRzR9FHeRPoa7SR/Hr0if0PRJ3EO6Hr8mDeJe0mbS99GCNaQbsJZ0I+5X3sNTeEB5F5s0 /S0eJG3Fb0g34yHSLZo+jXWkz+AR5R38Do+S/l7TrXiMdBseJ/0DniB9Fk+SPof1ytt4HkHS P6JZeQsvaPoiWkhfwgblTbyMjaTb8RTpK9hE+ip+S7oDraSvYTPpTk13YQvpn/AM6ev4nfIG 3iB9HW/i96RvYSvp29im/AnvaPouniV9D8+Rvo/nSf+s6Qf4I+mHeIF0N15UdmGPpnvxsrIT H2E76T68Qrpf0wN4lfQv2EH6MV4j/QS7lNfwqaaf4U+kf8Xryg78DW+Qfq7pQbxJ+gXeVl7F IbxDeljTL/Eu6d/xHuk/8D7pPzX9Ch8or+BrfEj6DXaTfku6Hd9hD+n32Ev6Az4i/VHTI9iv vIw2HCBV8BdSMaf3/pz+5U98Tv9bxHP6ZyeY0z87bk7/9ARz+ifHzekfRzCnH+iY0y86Zk7f f4I5fb82p+8/bk7fp83p+46a0/dpc/o+bU7fd9Sc/tFxc/pebU7fq83pe3+Cc/p7fTSnvynm dDGn/+Tm9J/6dfpPd04/0XW6mNPFnN71nP7S/4M5HTTjwjrdkmCEJHG58z81siQd9+8bIwzQ 66HdKMNoMOphMOgNQMdb5HoVWa/n0HFjqCzp9WZ95G9nQ+7epH1nkLs15pHvWHBy0YNT4/iP gAj+XZgloa9dEAgEAoFAIOhtohJNFFtJ3cRWBpgoplLfIgdMJpMRJqPBdNS1pxpqGST6g16y GAiZajqTThe5I5HHVoYIYqvjD0Eg0OhBbGXsPS9OOnhUYl+7IBAIBAKBQNDbWJPNFKpInUGQ LHcRuZjUxRgKWSwmM1VM/xJbGcKxlaE9tpIpturiu58nJPIwTMRWgv+AHpwaIrb678GtyX3t gkAgEAgEAkFvY0uzUKhy1BtMsq7L2MoCiqhCsZU5ykxiMqPzV56MKrLRqMZWVrWso5rB0jux lRHdvx8mYivBCejBqWHuPS9OOrgtra9dEAgEAoFAIOht7J4oNbbq/GJUl7GVBVEUToWuS62W KAssFpNFbQ5jMhlNJtlklGGk2MpkMvU8tor8q1kmEVsJ/n1EbNUncLunr10QCAQCgUAg6G0c /awUqhwVW+n0XUQu7bGV2tN1bKXGUxReqbGVWtYbZRPFVqbjtnRCehJbdX+PjB580UtwchH5 F/s6z2/Bfwx39OtrFwQCgUAgEAh6m1h/NMVW+s43mLqMrazqLWCjQgGQzWqjqjXKqjaHMVvM FoveYpZhku1UtOjNOrOJoqzIHYn8LS4Lun8/rAc3KBScXPQgtorqPS9OOnisv69dEAgEAoFA IOht4jPt6h3UO4MVvaGLd4Ws6g9rWEMhiyPaHg1bdFQ0KOAKE0XhVJTeYtHBLNstVDNQpGWx mXvwj//IY6soEVsJ/n16EFtZuzcRRIgUn9nXLggEAoFAIBD0NomDYyhUMXa+wWQwdhG52OCA 3RYKWWIdsXY47NEOtTmMlUItqyE6WocofVy0NTraGGWItjgsPfjHf+T3ZLPC2K2xiK0EJ6AH Hxe1dW8iiBApcXBfuyAQCAQCgUDQ26QMj1Pv8tf5rX2jqYvIJQZxiHGEAiBnbLwDcTH2WFDA FcZmi7bZDDabHtH6BBthijbarLFR0cdt6YRE/vFBG7r/rKGIrQQnoAenhqN7E0GESCnD+9oF gUAgEAgEgt4mdWQCxVamo2IrcxexVSziERsT+uCeM95J1djYeLU5jN1us9uNdrsB0YYkO2G2 Ge3WeGsPPlQV+T3Z7DB3a9yDL3oJTi56EFvFdm8iiBA5dWRfuyAQCAQCgUDQ23gCiTCZLJ1f jDJZunhXKB5OxMeFQpYUZxJV42OdanMYh8PucJgdMQbYDSkxDofDYjfF2JzRPfhQVeRfzYqB pVtjEVsJTkAPfhcgrve8OOmQPYG+dkEgEAgEAoGgt/GWJKmxVecXo7qMrRKQiIT22CoxmaoJ 8YlHx1YxtJhj2mOrmBiLQ42tbD2IrSL/apaIrQT/AT2IreK7NxFEiOwt6WsXBAKBQCAQCHqb jNNdMJstnR/eM0d18Ym7JKQgyRkKWdwpqVRNcqaozWHi4mPj48zx8QbEGtzxRFSMOd6R4ujB F1Yi//hgPKK6DcREbCU4AZHfNAWJvefFSYcu4/S+dkEgEAgEAoGgt8ms8lCoctSH96Kiu4hc XEiDKzn05pIvzUtVV3IaKOAK43TGO51Wp9OMeHO6k4iOi3I6UxN68I//yN/iciK623tkiF8m EpyAHoTdKd2bCCJEl1nV1y4IBAKBQCAQ9DaDpvtgtUbbOxqsti7uQOGGF25XKGTJ8KZT1e3y qs1hkpOdycnRyclmOM3+ZMLmtCY7vU5n5I7Yu7Xo2Bm6/6yhiK0EJyDym6Ygtfe8OOnQD5re 1y4IBAKBQCAQ9Da5c/yIjrbHdDREO7p4V8iLdAqnQj8WPCC9P1W97nS1OYzLleRyRbtcUUiK OsVFOJKiXUm+xKTjtnRCYro3ad8Zuv+sYQ9u/i44uehBbOXpNSdOPvS5c/raBYFAIBAIBILe ZvgFA2CzOTrvNm2L6eJdoXT0p3Aq9MG97P6ZVE339gd87f1paSlpaba0VCtSrNmpaWlpMSm2 1JT+yT34UFXk97tOQ0y3gZj41VfBCYj8hpTo13tenHQYhl/Q1y4IBAKBQCAQ9DYjlwyE3R7b +cUoe6zdfpxVf2Sivy8UsuRkZlO1f3omkNHe7/Gkejx2j8eKNOsQDxGbavekDnD1ILaK/H7X HsR2G4iJ2EpwAnrwcdGM7k0EEWIYuaSvXRAIBAKBQCDobUpvyKVQJaHzjmixCV1ELtkYjOwB oTeX8gcPpWr2gMFAVnt/Rka/jIzYjAwb+tlGZBAJ/WIzvDke73FbOiGRfzUrAwkJ3dlE/glD wUlGDz4umtW9iSBCjKU39LULAoFAIBAIBL1NxaoCxMc7O99gik+KP/7ufrkYjtxBoR/8OXX4 SKrmZg8HhrT3Z2b6MzPjMzMd8DuKMokkf3xmxrD0HvzjPzliy0wkdfs9LvHLRIITYI/cdHBv +XASYqpY1dcuCAQCgUAgEPQ2lQ+NhtOZ1HlHNKeri7v75aMQ+XmhN5fKC4upmj+0ECho7x80 KHPQoMRBg2KQFTN2EOHKdA4aMCqzf+SORH5PtkFwubqz6cENCgUnFz34zbVhvefFSYe58qG+ dkEgEAgEAoGgt5neWo7k5OTOD+8lu5OPfwvpVJTg1ILQm0sVJeOoeuqIEmB0e39e3qC8vJSh eXHIiRufl5c31D0oOS+7ODs7ckc8EVvmwe3uzkb86qvgBER+0xSM6j0vTjqiprf2tQsCgUAg EAgEvc2clyrgcrnSOxpc3i7eFSrFOJSeqt7+HKgcdyZVS0ePAwVcYQoKcgsKUvMLEpCbUFVQ UJDvzXUVDBk7ZMhxWzohvu5N2ncGb7ff4xK/+io4AT34uGig15w4+bDOeamvXRAIBAKBQCD4 P0AKJxeYVn+ealRi2yFjHdX98FBJj37IQTGFWWNwGiZiCqoxD5dhLZ5gQ/QBT6wn1dNPUaC+ AzVQsysnu/GYTHZ1OP8oO5dqp+zvcplNy4M/Bvfeu/fOvfVhfyKA6dFhzDgH+L8a0CHKuo6q ze44/m4X6XSkpwwAeQ8MHpKbh2HD8wuOevOirHzM2HGnnV5xBs6cMHHS5MqqKVPPqq6ZdnZP fhN1eSRGkqbN2LCxW9O3jir/ZB6tQOmUquJA0ehTC0eNHFGQP2xoXu6QwTmDsgdmZQ44pb8/ I93Xz+txp6W6UpKTEp0J8XGxMQ67LdoaZTGbjAa9TpY4w8By35haT9BfG5T9vnHjstW6r44a 6o5qqA16qGnMsTZBT61m5jnWMkCW5/6LZSBkGeiwZHZPIQqzB3rKfZ7gjjKfp5VNm1RN5VvK fDWe4EGtPF4r36aVrVT2emkFT3ni3DJPkNV6yoNjLp7bVF5bRptrtphLfaX15uyBaDZbqGih UtDpW9TMnKOZVuDO8pHNHEYrORVM9pWVB5N8ZaoHQSmjvG5OcOKk6vKyFK+3JntgkJXO9s0K wlcStGVpJijVdhPUlwYN2m4889SjwU2e5oHbmm5utWNWbVbUHN+cuunVQamuRt2HI4v2WxZ0 Xn4gsbNKG48prV5+dG+K1FSeOM+jVpualnuCaydVH93rVbWmhrZB6/KMMbVNY2jXN9MgVlR6 aG98WU11kC2jXXrUI1GPKnR89b5ytaV2vido8pX45jbNr6WHJrkpiMmXeVuSkwOblb1ILvc0 VVX7vMGiFF9NXZmrOQ5Nky/bkBTwJB3bkz2w2e4IDWxztC1ciLIeXajv6NNKmrlaqpjcMbJM 9ch3Gp0QQc9sD3lS7aNjKlClvgBNswvIjKhhtFZwDj0i84Km0tom+0i1XV0/qMuw+zxNX4HO AN/Bz49tqQu36DPsX0EtqudJx6lG/e3lYFZWMDNTPUUMpfSYko+jtfqw7IEXt3Kfb5HdQxkN HybS2NbVjMyh4fd61Qf4ptYAZlEl2DipOlT3YFZKCwI5WTVBXqv2bGvviZ+i9jS293SsXuuj M3mj9kSPDxr9HX82e0Js+dyRQZbwv3TXh/orKn0Vk6ZVe8qbasNjW1F1TC3UX9DRFy4FY0ur pRQeLvEUSeulk3J6h7FaqY4Kyhn0p9dO6jmtBiOdlVoL84wJ2mvHhbTG7PVGuFKrclhdS8s6 Vwu7GRyZdWx91DH1Y9yLapLIYdnPK6qmNTWZj+mjUy20w9PCGZ3xqKr2ekqDmELPzAz6a1W2 FaipJiUYoCErVQ3o/As1havHGKaEyzWEenZmDxxDE11T0xifZ0xTbVNdq9I4y+ex+5o282f5 s02LymvbT5xWZctNKcExN9fQWM1lI+lJwVHS7GMrJjUH2IrKadWb7fTKsaKquoUzXlpbUtOc Tn3Vmz00uWutXG1VG9WKR62ggtFBtnCjZp+yOQA0ar2y1qDVZ7cyaG3G9jaG2a081GZvb+PU JofaAlqbijrHlFZVH332aE/JmmxgM6qkUzb4E927npEGYC8lLg1oyUp1b5b6S6kto9yBVsm3 ISY+11acLXlonzmaekgXUlpPaaukvqrOlNKo3U56DaVGSuspbaW0ixJdg5CqvR5KCymtobRX 7ZFSJVeLx20v7i8l0bpJdAw2yYlDlBRKEtykOZQmUJpJaSWlNZT0mp3aspDSNZS2Ujqs9QQk Z8vteeS7s+UmLdsw/4JcrVoXqk6foVU3nFUTysdPCuVlp4XMRobMhgwNNQ8qCeX9B4bymIzc RjU3W3O3FSdICXSQCeT4IlLGn4eNMbixVopHkBKX9OGWgBSzId2fu2arJINJXGKYA7eyTWIt VkdusZkr/BBi4OZf8IOhHn5wQ7Qjd03x6Xwf1lPaSkni+2j5iH+Ea/hedcxJiyitobSV0k5K hyjp+V5a9tCym++GjX+IHEpFlGZSWkNpK6VDlAz8Q1I7/0CdnzRVy0WUOP+A1M7/TIf1Z1Ib f59K7/P3ybU3WvJH5G7WClk54YI7I1xwpoQLMQm5rfz1lu8G0Bnlp0eazqinpX4YjTypX0vG EHerlNhSOM/dyvdv8GS51xYP5m8iSEm9UH2T9vwmPJQmUqqltIiSnkpvU+ltNFK6jdJaSkFK dJaR2il5+HZKr1J6G4MpBShNpGTku1poN618Z4u/xF2cwF/jL8JJI76Dv6Tlr/IXtPwV/kct f5nyNMq38xda0twotlA/aB075XbKc6hfx/+wIT3GrRQ7+FYaOzdpDqUiShMozaS0kpKeb+X9 Wua4Y2gjT2O7EWTZgs+0/CHcb0RgvjvgL6UT0KOKf+SpVCJZ41nj5wH/qrupqor/1tuppIr/ +puppIr/8muppIr/gouppIp/znwqqeKfNpNKqvgnVFGJpJXf+9v0/u78CeczT7GNX0KjdAmN 0iU0SpdA5peoC76TVd9+1ZKZSSO2OpA1INPduIU1PsMaJ7PG+1ljPWu8mjVeyxoLWeM5rDGL NbpYYxprDLDGp1kBDUUjC2w8pjoikMgat7PGJ1hjA2v0s8YM1pjOGj0sP9DKvS2n5WlZuZZt KFafdJSfOppmHxv30oh66Zz30pywlXQnJUWrBcjI0y9knJSm5v02ZBaF6oNG5i4sHsefoxWf o4fhOeyhJNMD9BydRs/RRp6jDdhIiyjNpLSN0iFKCiU9Wfcjx1dqaiPNoVREaSalaygdoqTX 3DlEiWNh2MX1mmM5YacnqDX+HC39aPFybyDV7rJn2cdJK13MlsYmpClpPD90H8IYh9HRyqyb vrF++40VpmITv5WvRCo9ELeF85Ut36W6W9ldLf6n3cXx7E6kyXTWsRHwswzKC9Cg1YfBZVTz oXDxxyjPbXFNpdVsLf6B7i0sWl1rk/s71wH3Z65WTsVPXU+73/G0yqzF/Ra1PLbJ/abrRvfL Oa1GannG38oo2+LRTDe7CtxPbNdMr6WO1S3uq9Vsk/sq11j3+S6toz7UcU4D1QI292T/NPc4 2l6Za5Y70EDb3OQucp3jLgxZDVPX2eQeTC5khYqZ5OwAl7ZTX5q2wSn5rWxuYKBhlaHaMMEw 3JBrGGjwGtyGVEOKIc4YY7Qbo41RRrPRaNQbZSM3whjXquwNZKkRbpzermZ6WVVZK9u5qmow rE56zMhxOoKxUgWvqCxhFcFts1ExyxP8utLXysx0taLzlbBgTAUqqkqCBVkVrQZlcjA/qyJo mHh2dTNjt9ZQa5CvoFfpqupWpqhNy1LUuGAzGHMsuyVFzU9ZdktNDRITLi5KLIoZ7RgxpqwL qQ1rVieJx5RTg6sqKquDj6bWBHPVgpJaUxH8hRo4bGZ/Z4fLyzazL9WspnqzNJr9vXyy2i6N LqupqWhlUzU7eNiXZEdnzJeanZFemFU7eIxpIbvVIbsMWp/s0tWM7EwmZGh2GSaTZicz1a65 Ib28rDk9XbNxetCg2TQ4PUfbbM8gm4wMzSahEds1m+0JjapNcLRm4nKRSZpLM2HJcGkmLpas mUztNMkJm9zYYXKjtieJddq4QjbWve021r1kkxUp9SVZWWzDqJrZ09Wgq9ZXXk+pNnjTxXMT g42zPJ7m2TXhaMxfO2v2XDWvqw/W+OrLgrN9ZZ7mUdO76J6udo/ylTVjenlVdfP0QH1Zy6jA qHJfXVnNhrETh+Yfs68bO/Y1dGIXG5uobmyouq+x+V1056vdY9V95av7ylf3NTYwVtsXtHN8 YnWzESU1dI2v5Ru4xUzna22Kt6Ykwb5otHbyjvImXp2yha5W1sFCIU8Uhc9WSmpXdnF2sdpF zym1K1qNrMNdiVeP8qZsYevCXXZqdvhKkLVkacNSJJbPKwv9NRDUtGSpOuAhzWo4EdRXTkFy WcMSoCKYWVkRLKKr2WaDgVpr1UMKjmxvs1jK6do+1DiIGkeqjZLUYai2FaptJlPY8PjHf2k4 L1WfBY386Q0skMaWoKFGCqZVVHGaCqrCIcwWupZSXx4aaugAG1gWa2jfRtjtrCyE6lCPuT0t WRouhcdiSTgPrUmrNLQPSQfqYGV1jNgS2iB0W5BEKVn3MJJkv/qZdOUTSp+qeds85VO1X835 X2miaw0nYB2eYPPwBLbiWXaY1lpPgcBGqJdAZbgHV+IOLKeXtWnUciMm06Kj9jtYkrIRObiP Xtjuww6yPQtXYwsSWKLyGa7BMukNWmsZrOiHYkzEQtzCzlCWYjr2yNchH2fgQixijUq1cqty u/IgfoPN0kvKEViQjNm07FC+0L2rfIBsWuOXuBt72O2mpxCgvTSS5a9xEVZLM2SmnKd8Tx54 cQn5IGM8drBtPIu2Xo9PWCK7UiqlrTygBBX1f7UuzMBcrMYWNoyN5V7ddGW8sgMJtI9Laat3 owWbaGnF7/A+i9IdVh5UDiMJA3EaHc9GvMa2SW1Hrm0rohHT0SgNwAjqWYjf40XsYj72B75Q F6XL1QV0lytvIg5DMIW8fZjW/Jh9w6+m5RrpBXmMUoJoGpefq6ONP+Ijlsxy2AQ2lQ/gC/m9 0kUw0h6H0DIH82i876Kt76bTaBOP4julB+TH5B/0qW17lWh6RPz4FX6NPzArHamHNbCfsbfZ fl7KZ/Jf8X3SHfIj8uuGOjrqc7AAt+AxfMNiWAGbxM5mc9mVbDn7Obub7WC72Ke8mFfx8/kh aa60WPqdXEJLpdwgX6e7QXeT/tO26rbn2/7U9o2Sq9yASXQ+XEve/xL30pFtxk68R8se7GM6 ZmHRtHiYl01hV9ByNbuF3c/WsUfYRtrLLraPfUYvSV+xHzi90nI9T6GLH/USyMcvoivMO/g9 fCctu/jn/DvJKfWTsqRhUqFUIy0kr5ZLt9HylPSRnCzvlBUa51zdKt0a3TrdY7pndYf1UYaf 0Wv8qz8+cCTzyO42tK1oW9XW0rZR+Qjx9BjSqwcFXIXkfR0t8+nxXkVn3Hq8waJo7JJZJhvN zqCRmcnms8XsUhrJ69lq9hvN9yfZMzRK77BD5LOVuzSfB/FhvIRPoOUcXs8X08XY7Xwjf5t/ Lxkki2ST4qVMaaw0Q6qXlkiXSaukoPSq9KG0T/pa+pEWRTbLbrmf7Jez5LHyTHmpfK/8ifyJ brruFd1f9Gb9Av0N+lb9l3RVM9ow0TDJMMOw0rDJ8Kaxls7O5/AUfnv0/4jZXulaqVx6Crfy PDmJQpjX6HyeiTnSeE5nKl/HVvCr2EaerrtUP4qPYmfisOynsX6Br+Ff81HSeFbBKjGfhz/c pY+TH6WsUH4OB+Vn6Nheoy1fqo9iV/ND+ii00DXSCNrnH6XBcpb0Ct6X9jCDfB/+LJuZkx3k D0sT6Sz4nTxaVw2vdA+elBazq/AULwfMPxhvpvP4TPYozQtVLJd9Kyl0GXwmnUX50n5ch/P5 uzhIz+MVuJPNkc/DrchjV+ITPETPigG6C/WZ+nj2Mp8nN/FYthFcfoSObgRLZ5IuDtezGdJq /SH+HpZip2zGbulx8n4nf1IaLx/WTWZz6RlwFW7AYuVaXKarll9n50FiU5Eh76XZ7UopV/ZS fg3NKtNpTttEz+4tNA8US+OpJZHOnDPovJhCM8RqWu6ieUKmM2gePcfPolnsNWzUV/FWnKeL ZjTrAPIrbZMxTXkIdyvn4ULldmTTfLBcuZK2uA5/wUqsY8varsAiCiXfo+f2GboxfKdujJLN m/h7vJKvOvbxpdHOYIn4Ky1PUmW07mk0ye+gEkXKzcpbdHafQjPs3ZhFF6wH6Ci/oD2Mk7Yh r+1M3qyMkRbR8e7BJOVhxc3MmKtcgAl4Br8x6FBnyKLHOMhep+O9AvV8srJEqm+bR+OwkkYh QKO1lOafG+lqWJvwdOrbLQbA6/A6Mkjoyhk/eqRtPwZ0+AEeeZv6XlKQvF1JrzI6mHBVs179 R1MLh66Vrw9YjIV6s2mkXKgfyVjOgSMHUHTk46KUZpfW66deDr3Z8opkGqkrkAtRQHZSIece xtgrZrPlWu99d9GV75n2f84oHG8/aD9Amzhg/wJFRePtRz6mK98NOrowYfZCe2FNzZDBsZIj zyFJw/LiP8nfM/SBnewCycTK257+8Zu2O3bsUH09R9rAL9F8tWDpZnqJ/HZDv4yhulbl20A/ /4ChFr2ZBoliJ51Ob/nCZDRKEofBWGi2mRpN3ERXCoF4q22oaTeT5ELOAlbHUJYUtfjhRNXF rMLxRwrtR7JmFB4pRFGh6tSRQhLmiBkxQk1DBrOsrFjVPSlP09tyd2R/OGTHYGkDcx4+3PZZ SNVw5NG23ew6enUz48ynzPQQPKZvZRMDfm1wmJkVwswlqkBfYBg5gZ75C+k8XktHtdaiDhgN 1z8P2A/SvlGkKo3ckYOqG0MG59F+4/SG/sOH52/aMfGs3BHDpR07Ft/kH59Udzbtt5i18vl8 AT3qAwNJi/giiY9n42mXPvBk3SIySJIX3aIe7YEZ9o+RM/7gkMFYzGbEDvPGF/MBrPWpp1Tv t5AsJ+8lZAQSuepsYcjF9ZDXUv9aWfPy6xkzDpKDIae27FAfIaZetfARujdo3crNkJTdLXEj eKuyO+CJG3GnxLi0RlovcelisDj1zUxGdmbpU/BPWSt7hHYub7ictlxo/+dBO227sKhwuW5Q 1oyr7M/T4M/IyopneYw9cltbdZLu8+9pC5yuPqCroTPCgGieShGa8u3GqKiSKeZW5UetQA96 qOV/OPcSOCmqa++6te9d1fvePUv3zDCDLNMDNI6ZCrIoyKIIgtLPUUQFRBkURH3G4amASyIx T+MWBTUGt8c2IqAJE0NMXPIgcYtGIklAUYPOp4QoMD3vnlNdw2CS7/e+b2Buna6u6ap7zzn/ 8z/nnhY8gQdriYAkyzCKPIySXLnoqKNpGn1PhJFee9h9zeowEnj9bZCo2dNRCsPI4HuaiDdW 8XNwVEz8fJQllInps9gZdEG+6KoIX3UZhgjCYWe2roszFB1GAcch1lDrMvlypd1aza2xXhFe FrutHkuThdmUekyzLtc2Wl/qXxpfmgqv8wZvcpqqCDyvG6YsSpJOZZnGWKoTmLFP19kZTFbS g/QtluPgXAjOcVleD9K/UtKCIKdFTtzGLnYURtY/dljCsjuIRl1Uc/x6lpkncedMo6H8A55b wxOe5vaONk3vlj7QuTU60eG15ZN2S+xNUqfESj/wvf0OWnNHjP7S/1Gq1XjMOnSIiba1xg+1 7W8FKz8EOm6kOl51ShSPrscVi6usXbvMXbtWCe6RmsCkjRpl/mnK/Lt4HydLOyjboyAwiv7M Jks6Sv+3fLCG2k4NV8UFqrh8nShxbPNv2Vl7n+59cN275P/cP7462SzsODqevFgey55P7t1+ 7XfvAHu+tO8jYRm15xTz+XNz2QUplprAwS5NE2fQVT3oXAhSlhluzKWx4ZpUJ3NLag3zgPA0 92NjO9dl/MrYw+xPfZmyTX/KTqW4QWK9PSiZzUwwZgbPC82MXS4sTN3gv8P/AHe/+UByPXmc XW+/ZQZolIpbQSvOg+tsri8SQK5x9UXLxxA+EUjrXCLNK1beN5HJA9bGMxEWzCtigiFGVN2g Yz4rE2rUVJR1eEo5lp47x0W6xtLkQ42Ay0eocBicuO2QHXEBrlTqYOg6kiUkIvI11bVsS8Ff 2zycj0j5fE21yIaC/nDz8BF810unlX9x4FD5nQc3kNNfep80nbqz+aUfPPmXOYs+XPnYn1l2 2OfHfk6u/N0BMmPTvtcGr7370fLn33+h/PHtL8KqPko9HTIbjelyQqKQlmVJYjg+TQ1OVdIa I0sw4yGWvyCdy03MqlmDVeMGr7CuW8EsFZylkiW4m2FRb6IKOdLl81UEw0DhaBfaPQiK0n8G tdfjqOB7TEk/9YLKuuAPjVW99NCKy3N4fyPFod5W+PUXh9AA0UoBz64KVVV+H+Vrjz/MNR5/ i7tF2PFsue2ZsvEsfaL1dIa30hkqzKPOaTjDuyTSP0k6wYeybFZj2bj2/zUrR8Np6RVDLP/D nNRT5/zLOdEwXplO6ZvzWc/tPX6A3dg7DeYy+tneS0FbO+mwgs6FI9VOjMWn5XBkJXhmTqpA 49ddiIZUcGzETAEmw+FI3z7WBQJ9+5iDs4RlYCnidm8ZdVoBj80F9zh4qHusb3CPNTn3mEq7 x2gcj84gwypkhTXCBoHjshTn7qJBdCPDD6FMaBrNb3oYwZ+lJ9cwHF6u4epFK6v6V29VP/NW 9YhjuSCJq/oo//ZsiHKVBTx9zqzNnRQJS7M7lrT29iMNDdFt6DfeTzPlMDtfAiihK3cfZec+ unIWF3F0eZBGZ83iuIkFnrWdkelNUZWyadgYEOjTUIE+72dOPUi6H94WfDqn0IApK5rJyAqr aiJMQ7Pg0TVqEFvhKs2is/iwqzLBr7wJHncnOIQ+3W9woM/c3W3t2dNt+yPFxkb3+ZmES/6c jIQLIOLI4cjjKOAo0+jl1IDEovlxItgea56IXiqOkhfcZAg1GZDyAtGzqr/gw0HQOYaY1Nll 6vUwcfg0FPBDXmBnMn7GYmc6RsXOxYqRux/LEJjL4SHUxJEptLqTKQ3Qhlu1STg3MaxPDrIJ mV+mr9R/TZdSP1M/08c18DmjyZzFXcAvM5abqwxZYwW5aIwwp7KTuLGSI082xpjqfez93L3S vfJ67ieS6Gd9pjlUYIOCwMq6YQwVZCrK+jm+c4hDw6UsK5QZGIZpWqCndn+nn/XvYNczBhm2 WcjK28gwJ6wrKtIHlyyoWUe/SSPaDjphk2j0KnYbPfgIenzFpdBMqJT1LbaItY2d+XxWaBc6 BWrZ7Pot9qnUVGPAG0utUerorW6cpa/iA17uL9G429aK1Nb7F6fRGOLvqhsx/NIDpYQnwuxP Gb3vGLXStynVehuj7KSNOn2vnr63nTH6vtpkqnAWi2xG35tbq4pmU1XR2EbFkUVz+EgUnxtM zw4uukqZTeM001GijjSbAXepIuHIiJGkyq6xSQ2x76Pp4QVDw7EWmtgLL5RnbijPEnYc++L7 Z0x7kDt+dDz/2rEWft+xLODSQ5T7ZQBjyYtbuSgyOhqTnwPBr4HDq4FQQY7qYUpyIFinQJIp 98lKMmVBMitxnKzwLKtIMs8hQAG0ATtDXAOkUvBUVhQFDzEEsH+EEsF1zW19f3fy6B+lrEay 2jStXVusdWqCJveDuo6gzsBDGfSh/nfozlfQ/e8eun91At0HQFNjqbEVlUw5FkKS1esCE3UK SqQIMCkeNew6OPDyfc/rdkHO0oHqgKZeNOBDobRLdsYX6by7t44vys5wVxxelKpjyOK3xqg4 3BXhbI3L7bWaomQG6W8AXh/eGqBiyhVTVAyB+NWmUEX/jWSAc7om0EwoaFLdP/Qrjt3xq+Nl qvAV/E1U2Z3HOqEjgnKwvcKbjMkkSNiZFPeRoBUMJiKJBM9bfFCLaAn+ychW82WTi0SiCTab cuypgakRJz5LmKWcZ82wLwycH7kwOjN+XuKOyP2sFUtznD+tKSE3co6ZEfJ0HgJPw+gUymdp wKZzwPMSsD5QmOTFCyr0ILegwicIXXgx6EcCFbYhBsY7UyTlw2DpQ1vw4Yf78mABsps8YFQU ByBcLDn3RPD2qFqpX9t4AjkbJEWUrVHKFrCYquG8PxRkkbONtJjm4YxdYCllY+aS1WTEa2T8 013lrTt3l3es/zVJvfMHkrju4+//d/kd9lWyiPzopfKP3/+gvPa5X5Pzf1b+e3k3KZDEFqL9 oHyArv/DlMv0Uj8zmCjT46Tn2QuD7CRrUvAC64Igr+lpiohMJOryGr+3pH5vSanw1VaDztGf l2F1bZBlFdZQtioB5bAzGGYux7NxQv/HowYumYFLZuCSGf+vnOgfeV4MONEJr2mtMKIOd2kr y+oRPeBFpMSUKEANj6Qp7WWrqmwqj2gp5OvyNVUPsw13T77i7tmflV8pryY3vPhw6axht5Rv E3aY/nlbF71Q7u19hiN33jTn5pABlYt1FKuepWsYZarZ0U6VXzOJf0Ty/Myl8qIMpfIYJ3GU cKyljofWZYBRgaB7guYJdGH/vMUfL9Bjz5bquoINr1N1Baty9FWO9P3fb0nl3ffp9VblCO87 Z1IhZ05MTsxO1+YkFyWXKMvN63y3qqt9PzSe9G3zHTQ/8lk0tmdtX9C2fbZPV/wJtioeVkW/ bRm6EFWUcCQeS0fgiTH9wDILKCESYaqq0SyiUZ/PlNOebaQ920iDQSig3nTefEgEJwO1ip5a Rdj/LcBkRRGWRSxlaxfXdtZytdVRtJAoWkgULST6v7UQ8V/ias2p6/8Za644X2x/1LURjJwV Q2ls7KUvikMo+SA0h1plntIo9NcrBvwwFRLpqLLjK/qs0bZ/NAAg6cDYaVIcjceKNkVaP/01 nWTRqg7S3wz97YfO2WCN4TCUgMKRcCRQw53CUmOsQcMEy6ypWsfevuv16199Y3L9jLP6Dr80 48rzBldN+hNZd+u9U374WHmosGPqr6976O1UrnbK0nIHGXbLnaM0qXcp1zzyugmXr4SoOqfv I/5TmvEOZX+5nalDsjVmRn5bRchh9QSkqAUKiOEYx9FwU+MxYKuuoHlC0hMSEIhPw/AaxRwB R4LjXG4ufzV3Dc/n6lq4YvJ07kzprNS4zNja8XXTudnSnNR59bcFzBowHtBxrSfkPCHvCXWe UIPqdy92hZwn5D2hDoxwPEj1Rr6WreXqciN8hZqxuXFDzs/OrJmRu0JbYCw0Lw3Oi16nXW9c 77vRWlp7dW4ld7t2m3G777vWrbU35+427vXdG0pXKPTgqrw/kY8r+QaSZ5iGuJ8fPizPzKM4 YAy+LnFbgk3kwsbgdF2O5ISwAPjnln3Sg5V0OswhuDfa/mKJ/lYOJQL8dsgh91/CGZyrNQ1N qEqm0glZEnmOFUmutpqeo9lmYnDcAVO/i2LpoTAzGAsIyFYskiXTSDtZTNYQkWwjGx1zMNwS bk2feKLiogsWzlwfVSr+QaU800AaINyZJjujAR47A5/ZEB9epcPfVKE3VslwMV0BkvcDaYKL /Z4b+vtrUf5zwVtjw+a6yTdNS6mBH7IqhQkvzlWqExbNuPbDcBhWgfoZlIgIFSl3YUodJ9yM DHyBThcYmWabXe+oy9fW5fMthREjmqkXVSoaoWAkzEfQqUQaO/Nznjcu/PWNVz01fdqcU8tX nD3/su988Z+Pfb1S2OF79smN64qjyLuzOq9feexHvyp/eT95x7ryu+eNuXrsuMtqIhc1jnxs 3lU/v2T+6yvMO7634oKpzc0L6099btnS3Vdfg1XhoTSO7sBa5R+dmIj4JeEoYgYt/as8WsQM WvonebQNksCmqfYZ/PKAso29ekvWrc09L2YJO4QjHJWfI4iN4Hwa4qNcAccvvPrInz2UPO6h YtlNs+AT5a33D0iFW6Geb/XuL31oYY26zQ2WJ5a9yq5qgWoCGyin+NvLCcF49tmjX9L7r6NM rpquQJDojpr3zeJnya/IfBisM0xpcYE/VR7PT5SX+Z4QDvoknWHtbewLm0Ul6EWOoGeVVDiy FWYfzLMeM2f7mTmLiTwL0eMUzFRL2TDJhqeF2fbw4nBnmAv/E4KRz6pE9dIGFcOI6oUR1bNf tT+MqHwlX3XDiNofRtRSCOj5iTDSWAJLnmxRnjaQaRxqQ4rRyJRIs10hbi2UCAfDUGCz+faX Likfe/O/y0cXvzTh2Rvf3irsOL5pb/n4Y98jxsfc1OObdz538UskSFdVodziTLqqAS67nbEq OaMPc0aQbCxPm/2lbD++lmEiaF6CW+rGswZaCEiBaMX5DzrNJ+CaOnWMhDW2wd8QGEVGcqPk UcooY7TZ4h8ZUP2BrL+q4IeB3m3fFno0KkelcpRBJVdQgYerOBiuJddqbJ5vkOq1QWbeP4If LY/W4BPPkM/lS/Ic7XzzXP9lZB6/QF6ozTfn+Zfy18sAxNf6rw2s5G+Xblfv4bfJz/tf5l+R 3+F/L79rvu3/iD8oHzQ/9DdRBvEJdRObIl8YRk2GkXrRV1tAqOC1pjOhoBVVbREox0HHBMkS GdZgZJVlMZUCxKH4AoeEUxIlWVEIfF2How4V8JmGQSzLsP2BgEY1whoapwdUjYgWG1DUQCDL KEGGUTjWMLI6F9R1TlUUjmPZgGHoOiMPCZFQJBLP6o7O6tvIhc9n1TVqt8qp28i25y5kH2FZ lkqOKnY51jRrt8VZ9CJHzTKxYOilqvb1sM12OB6b3FuKHogdKh0qUWHKuHljPyz10xUYVwmT B+b6DMymWPT5VplWa6u8a+ABxl27ds1GFHW5cL+LI2XRIPWLFQnQlWii6IdadaIYcA88Xcat iaJcnSjCvtvmJBQCup1Mshig1Iajv4YZjrQG/OHIaTJlkK0cTyUN0slT/PQz/UVNT1WdRphU VaumgsSCpAci9FwgQs+BxFLpJJbVOACFgFt9Mxw0E9Ls1huoVENgI4Ao7Miy/hFRp9cMO53U vdHbyzb2lO/KVA0Lldewx9mflVcvbZt2Hrm1d/Lxr1ltcMu0dBnaDif2HeST/LeYemYku95p UgxlUMyID2owBg0qGiNCIxOjB505qGSUBi0w5g9qH3q7sbLhgfCD8SeNUL23hVAHthYD6YnY U/VbYy/U74rtrv9daG+9PDZM0uCxNmCL339iU6gFPGgqSJlIJtrYNKhQ5ItNZ/JnNM2UZzde Ks9vXKav0l/Rvza+brRHFkzCW0NqC5HhVcHohQ1XNbANySFmm3mX+YjZZwqPmBvMz03O7N/2 MnVAOxNiPOAfgkaVZYn0DYA2U/T56JiHAG9ixcU0k1xkG/uUY0SbkIrfE0wmJab/0Zlxderw JKc1XGRdNLCe5e7FQbhxTAMTYAw/uapaQPMKvfuri+a1POAtfb2f/jUKh3H5qPA+hDMq4XPV esGrdht7gWPWOUzeymfzQ/Mb8kIR0hNgIpT2ve0JhzEvzQ8rYl0mXVMYWuwusmuLpBiBCSyE j47gxmAkF60egrxmCDKdIRg4htTuFHeLbEZsE1kxiKE6CNeI7saiibmMjolMFJMYHZ5fxAxV NDGhseB5xWGj+tNSCBcdLvNpbLSo+R7BANIfSzBrbTxwAOLH/sa2Q72N+21MQ/r/tsMljUUk jECP0C9gc4zpyAHHQQY0Ev+1FOqAA0l132KREoVDoWA4UpPnRMmkOS8EInoR13rJ9gUbXpxw 9RktC9+7jDSPW33TdamN0Sv33Lb6qWmWEql+MRm5eNdVc4Yvmn/5o/nUzTPGP33rlBVTgqYR r82pVw4+bXZHtOOOSc5FE09Z3nPs1tNGkb31Sat+8pAz2i+Yetq1kB+vpN4EtTyLSZFXnBuI oPtqhRZhnCC0ZTZm2EymOtmcHJNcnFmTEUcHWsOt8bPCZ8VLcsmY5SuF/y2+QL7CuNx3ZfjK eHfmXf29yHuxPwf+Gvlr7C+pfZm+TCwrDPENCQ4V2nyOcJZvmnCp8F7qb/xRS7dCJi+yTCJJ gUANJU0t6mU6UY8JR4FW5NC4a/doxNIcrV3r1PiMg8V39BgtWinEH/Fy9B40UUzWwTapsA9t E84400H32jXEZuFONpqL3cz40Tl49AfeLQEiBWvm0Og4NEAux7LdhNL3tWQj6SF8hrSRqYQj QJHAbwj4VAosnKDpEeRCxA+mR9D0IPp1gW3jpWF4PBKFZyNBuB2JpSeMPIm/gFktaZ0MdUU8 R5k61hgHWCuYI/1vF7FNgYYK+hdMR1UN5TOUbKfZkMXUVNdxlGs3YwmFGh0Z/JOuJZsu3tDh lL/46YsL2cKM7y975sdLlz0j7Oj9211T73r16vLn5bd/RO7dOeOO37y252XsL5jWd5A7RFE3 Tr7czkT6epxqLKHjCio4+nC03DXF0d1scQrmTT7i0whsDi1mOIb3JzUpmuQ1YoYkGRZMwgWT dCzrWbBgEjrWb9582c1CdpWGw++woQlngqKTTPL0wOmR6YHpkfZAe+RB9kHuAeNx6/G4Lhsx dQE7n1sgLNUXG53GE/pzylb1OV0P6yv1v7CcWX2h7yrfTT7ORwA780Nxx6qdPtYaZi2zj+mh nM7n05gTz5ikj+4ZpA8MEm3FV2vKiMvVCWT3hz1U/cxZgbZUqzVmCGEIIY7ZSLMHByyIONiL MALTDQctwkFzOAONII5GcGYyhOYWQtMLId6FandLJCO1SaxkYsVThT+TMDrB2o3BtaPjsERh V3/C4BrICYArLal8kQ3aNbpHzabvLjncCCMuMgUzuzjEKu2n/zG5o6Y0uxLWSQTwi7ELfsjg +hM4sCmudVPq8/96r/z3JR/f9uz7mQ2xm85f/dTjtyz4Hrk18vxukiLqM4RdsWFdYuEVv3jj 7Zf+g2LOeGpLH1DMsSnm7HT+XWV5I2cUjLGG0BJsSZ7HnqueE5yevIy9RJinzA22J7szbwpv BfbGDgQOBD+PfBo7gNgSzmQa4wBIk+KATtIpbK1xSng022JMYscZ44NnJs9TZxqXGQfEj8JH yWHTIiHO1CwfxRxNshkKOtxJoPPV8wg6zaDPL55HLeZsn3fByUZQh0aQs6w9NrFsx263O22K S2C5LjrZfoAEG8Mx4JQtgp3biFY2pkugR9sEPdre1pvtbbGB4LSjI13jR2vwo379aA3+WgnL PlCxHDNjp7Rb+kDqk3iwj6kSJ6XRfzDuSWnXr9BmkEhIcbSZWLowbQDSAFnD5KgfXPBkKxYF KOK07q/kTfB7AmpgP6mqBQIbjWyuZVDYIcETUMONmrfrpreWLnjz5vZ7h2zpzT6zdNmP19+w fN3Kh+889tgjhLv97G+z5tHxrP/1V3/+8nuv74KINIlGpDRFmhC1joedSIZJhtgZXEkoKTO0 edxC4SplniaHgJRUlmq/cw5IqSSMdf53haPBI3F+mH90bFjy2/7J8W8nz/bPiZ2TvMi/KH5R crm4PHSEPRK1mDDxGZHItDCkplw46VtjrbVYy+ITSVVidrBPgZd4yN7toKos6tD3BCgsRNxd CKy6fuGVX91ye8ShjPt9TFoNd9NCBOETVDGScaVuUGGjQYx4BjbVc/kCHJ8HGpQhmTDEhjnw QeFmF0wt1LqFdmDVSk7toIKna9frXQTIDtB7EvXuYkUSNR5G7VO9nxxhSo1Yad1Pz1EbONIx ME2Gzfb9iAul1t4Otx8PNA8ZCTKbJR4suLseQakKM2hSlUdyw/3bjqbPtn9c/pwE33+LmOT4 QXXzrXPv7H2PPVsfNfO2f3+SzIw81kUyNIbqpL78x/LXVnbDjsvJPStPv/wJiDkBag6dwhtM hDQ46aBCfLEhsaExJ7Y49qD+kPGkIceNemNjrDvGx2BZnXimkJINTvclVRJiG4MBnhMZ9ZEg CfYFcA0DDl9p1cHFjOguxeQZjr2b4C7hlmGjCrhb2JjMFNYwJOaA98Ycg3ovE8QKTj1WcKrB n5mmSu3mi0qFO1ipcH+CYR6bAiDKQw38eWTlj0VjL5IdTBVzhKgMzR2PDHQ4qHgfpskiet2h xkMlKPG0QhPMoaJNF/7065ygZYuKJMqU91qKP8HYoi9BaPI1aMUK0kj9cUmzXdPS3FIYCaU2 itMA06HmUI29+ZFHAvGbl501JzFq+Dljd+/mHrizY2Fh/Hn+H6nj2y++8/il1PPGlM/mPqGe l2YGkV867ZomBJu0XPAsbVxQVFKxVJOWDzbVFLURwYna+OBMaZZ2uXZU/VvIPKWmqe5bNd+q O6tuTdPaJmlE1YiGtqbx2viqcQ3nVp3bMF+aWzW3ob2ps+m9uoNVn9V8XmdHwmJoG7upqz4Z kDAUW1lmKAbiTqab2cPQTIa90bGEZNKnjqtO6mo41JxrVj1nU90C2hi3+lMHylRz0eieCLEi TqQ90hnhm6hK2BlNiMYRRONIPxpHEI0jYXwPChWIxnCVCK9dNI64DRwoHPV8/ahzOVrONT6S Y6ozaEwZNKYMGlOmdqdvt+8DX5+Pz/jafFMp08DzPsRqH/qoLw624quGu/uScGcfYrMPsdkX a2y6pgrguXHKCTftqBRlrYEIjRCN7nsEOlb3g8vuh2NrZYOyIxIJR9xcoo46KuuidKSl2caa az4wAKov3aANP/2aG1dHTbJs4x96rvztd1+8/ol5f1j7s0/uf+LGf1//7PXL18+Kn50bfsn5 IzfeQVr33kfInfd1Hl/w1e7lT3ODftu98/VfvPwL8NpVDMMdxFrjPduZMHWpUKTAQfKMiVeO b+HGcTsMHk+FIrFCRLZ1O8gJhPElBSmoqboXc3VP3bAH5wyCddRzitM8otCnkG6FhDHghh1Q rlKPYxAUq0AGa8PyKsjmlThcp1QKcyK9ChSN9XUNnklRwUkVrGxCM80ULIw2FEYUNoZ7wuzi 8NrwxnBfmA+zQVR1EFUaROUHc253gUWfqgf6cLPUevcxPG6EVnbEjjoRRAs3tZDhYfp7DI66 eQDDIjywmHZMCU2YFh1I3Drc7BM6DRoPn2wAjZWdMTcHKBK/ixOmaEo5U9QTxJApQjBQn1nB UIgh2CiFdfiQXWOj6sWQvarrO93L/mtS19KF077bSvOAL+4uPf5Q74XsulU3TP/ejb0vUHRY TZXbCt1ojER+4sRY7KTh1AFNuWqljn7cKza4guAJPGZIuPuETTUcjiKOEo70j3s9Kt3rtQ/3 eu3DvU4Ku98wUeNwFHGUcCSuw47xWq8qdwYB7zwa91JGwPJPVdYoa5WNSrfygdKjSIySURYr ncojlVP7lD5FzSiUv0s8yykitGM4g/Gu3yGMKIi8Kko5geEf4dfyG/lufh8vdvM9PMvwWX4P fcXzbqrHwp0r6udR/bwK9+cxUPBeoOC9oj8+pwqmwE+Rv2kES7BBHlTdOLA3vrRkYKnt5J8A tMtTfa/u6uriP929+1iIzx97D7yUapP7CjpB2Ze3cmal5Ox6m+wJPAS2YahatHgRR6EiI6EQ Z4rnK5zP+FI4InKKDjMWvX1y1RMUT8BuINxnn8Fdq7J+MRvA0nTPFn8dlKp7uujRL+AJrF33 OLfQMyLPC7w4UpnACzlxsDpLvZZbqr7H/UWUnhBJjZiXcnJRHKW0GVON2fxscZY0W7mRv064 X3lZ/B3/trhf/Fj6u/i1HPKrqsBxPCuKkqLI9IUiyzlJDEqSyPF8TlCDgqCqVN28TKgqBVGS qbMyKr+N+BxF4LEYWC3Dq3FZzMYst9lkDSVzGi6ihgCh4RJpOYbFkyyeZPEkmyOE8oo2Zip1 Kap2ZxhCA/YTMm4bJFoI1CQoFGCKx2CuycR0409VEy4dGBhoAJhsVegCbN91HIHtO5rU9Ref KV+PFKHRjIdGb+GUaKNJBcmSW+VWDsdKKd6YpJCMcgvHKlEDupNo8keNCzfOlaZUUZFTqVYR asypIj28uTmLh01V7hb5bGwt62AqJWqxr3tzFXYxbQ7D4Y+braLoHvCVjodNmteaBmkm3Mq/ lydyMEzvFgy24gAtCZuj8Md/3ZRwLyel2W5t7cSmo9vNZLvFZYmaO3nq4/ICsvOP5XU3CTuO v0g2lpf1XsJmri/DtzVupg4wEvtqJzvGQBw7CbsqvbQDkOokdIIy68lYdBL+QGShvoJog72z I0e5PbSFFvc4dJh7dL9H0+3kaJj0CRnhEeEDgZ9Khx6BywiLhU6hT+BpXFFZzg018EkYckKU 5z3CkG6mB76MfyLufHUi7qQGxB3XrFyGKlfoqbfV2NfnbT5W4IeZwp8MP4A/UASt9N3iq2/+ gApu7sIWXJcHiHnKJmvYP29nAhVIsQZ0J7mC7Qkpb/mSnpDwhLgnpLyvlyQ9IeEJcU/QvT1L wxNMT/B5QsDjj5Yn+D3B9oSAR0MsT/B7gu0Jhtd6JnsCBa3fO5M1o5Dj9/P7lT9FDmSFt4Qj WTYiZ2uUaCKrcFxNOimGgPhJRKyJxyx1T46sya3NsblIJG7m1tjE5rF8EMXSAdbjsXwQBEXa AKIRUKbNYhFBxyICVuJtr/1qQCmBlJx0VB7QtIPGGs2tSZAE3iDRf4ME3iABZSwbbpBAlpLA alMCwArpUkKHWyW8on8C7lDPsM01+PE1CHY1CHY1ObKHIVBaYzMMQB6HkJf6B8jD+jwTrnCi 4172dNgJIjlyTdJ0UbA2t40s31I14WSG7FZKkQwPqJ/iBvDAcmov7s11LGEgsaKxFL4dB1/B gIDqUSc9GMgHdTtB/EbIo05ezvuvAi01/RB2N0RgcJkVJl8DOda64U8sWPbDzHdeffipLTVz vrX4P7tmXXLWitF8/p4pF148a8eGrb117I+uuHD0PY/3/pDdvHz5tAe+3/tuhVF/SD0pTDY5 AYETA+x6a5v1F+6jQA93JCDyECerqcldZ5H7rD3RfdG+KJ+Vg2Yw7KeMmohhQzVM3fSM1vQ8 zqx0klCpNoosOoqMWkMurSGX1vq5tIYwolXjFZVNbZFeBbrSoGcCjUNTK1X3Iw7GLg3pukbo f21KFGCrCXh1tCfKLo6ujW6Mdkf5KMc2h8JoN2G0oTBaTzjndmLbduX7I/+UTqvfoNP2ADrN V9Ct2/F/k55PiVhHBu5RugT7MFLsk96gP2BE2HBBLebQCY4dFm1FlVVJ5UQrb4tmgvhUf8Vg Bq2ABIwaJRpGZYtngFWsenTp3vZ10yy1a9DCM67+CZ//4YZxiycPv7H3anbllYu+fffrvS9C LWxs30G+jmreYGJk59ZQFOYTgF1MzBcBCOaBFMM3/JIa0yeIZ8gzxdnyZeJ8WS5Yo/2jwy3R cdYk/6TwuOgcYY5yjlXyl8LnRBcJi5RLrEX+ReFLoteSkCIKxgXcucK56gX6Fdw8YZ56ha5G krxkU6Aa2P1x2OsH+coJYDJUm8AcO4GmI+G2P6CKhLXOSjXf25ZBodKq24OlkUo7Lwrdjlmb KwyVCCNZUlbioLHX7YCShn1A0QquWARlMiqbaC6m7u6FojXXMroJpRk/AgtuJjBJtA4shFXw A9GSCaN9OPR2AEwsgyU0Bj/N/VYhMywOpTIMgKWTLMHqaCxRmlU62T68vmCoiQKTUaYL05WL hYsVHugKXBWwRlJDYNx2J2Zg6j328dt++QcSvuHTOz4oH9q+edXKzVtuXbWZDZC67y0r/6n3 N5/+B0kT4/XXXv/tL197lT7sqvJ8vopahZ9Jk3uda3RrsHWaNcni27Ibs2wm26DXpIaHhqfG pBZn12Tl0ZHRiYmRiYnZ8gX6nMicxAJ5oT7fWhRZmOjOvhHcG90bfyO9P7g/vS/blw3X8I1W Y6iFH22N5yda51sHtE9TZUuzTS6chK06MZw0NcaMeQYR8wwiVvmyCZVq96jEUh21Xe1U+Sya Rdap9PB86GjY1hP1enq8TKH/Wyjutp0Ktt2C/T3XkEAz21wpg7sFcLcYnmOYf74f523DWQO2 4ayTtuGOfHMbDrf4KeDjNlxmwsgoOWkfrn8brvHw/n/cgcMtOLs4cAMu4MWDcCjIQqmlzuYG aHzV46Pvvnz1ngVLP7jh/LtOsZ9Ytvzpn1xz9abyfOGnt5999p199z1WPnbHWaN7j3GP/2bX a2+99uo7gAZnlOdz+6jeLSZJljtXaGwjOyh6KjuJvU4X20JtsUmxNem1aaEQKCTa0mMDYxPT A9MTcwNzE+3pzvSb4lv+D8WP9U+iVgNbrf8Pe98CX0Vx9j0ze87unj2XPTeSnFzIEnIjARIg EIKpHDUCylVA5BKQQBJyQsjlJCFi8VrvL0i1aNVatUhRqV9FDIg0KrVKxYqiUV8rSkVpFV5R apEqSM77n9k9yQGx7fe9X3+/7/v9yOSZeXZ25plnnueZ2bns7CnsV8ZGui5i41xzWYT90bU3 5eOkg6G/pH3LdGpzB1PTnYpHDqbboOxkzwgS13fiXpe18Eb4NohOvXpYX6hfq9v6i4W3/kLj ulh403sX3nSx8KaLhTddDCjEUlgS1wbvzkRPIJLPFz1cm0+o3ScU7hPK92V/Z8cjcQcsW/Q3 YoVNEStsSpI5RzPXvzP6n762Zi2tJayrxVfVjpZ/V7WkhfqsrbBR1lLaKfsdgwt+eumzPV80 dV/9Usu6kwMev6J1wxPL2x/uiTD1nCl0KFUe6vnRhtuPXyD9r927f/f7t975PR8p3wjl7oRe fWRfeHJRgHptdKCtxHaBbYat1tZmkx0+1aE63AGfw00klTpFQySaI//HKlWzjAANsCxLOIni +v6Vqd4ZwtdhX8KjVBad5SnjL3NxSk6YhU7xj3/xTItTB7zzj0b5CUcuL36KWKxREO+umz3i bNP8KJ0fHyWZC9MKnoM3rjs3MnbegnPPP/+cBcH+ttxftEwY80je+LELoyffAs9jY59KT0Iy xRJGPubSvTmIDQk/P26NeXEkN47kxJHsODIwjmTFkQFxxOBVvUasMmUFs8Y4LnZUZM/Kqsla 6bjdcUP2hsCvBr8guR3JqSnJxRMHv5NsT2OXMuYdTrWUSrXSUalVOitdle56td5Rr9U76131 7s7czjydv/aaPWhU9lxtjrM6tzq/bWBb9rXZP9Hud92Z/9PBdxWv1x5zPZy3Pv+p3Jdyk/Lj M4isODIwjmTHEau+crwKcrxScryaMp8i7Qv7+5fNVfNyXJot1cjtZ3MOzUjli+xZocFiizI0 NjQ1dHnoidDrIVkPZYaaQn8K2TJDa0Is9CwsoB/sUex+hYM8uZcfsPPSPZQR6qX8IPaOp4JJ JWJXzOvxlVA6tDKjIYNlpPdTbOY7QmLd6y/xta2/hAPcjGzpQ52ZqTQ1OxQOpJQM59lHit2V FNPnrTWUxC0xZPCcIYPnCok1lpDYv+J3ofvtbB5RYl9uFStT2QUgtCW9bE8BLeBl8vwF8QMN BfE+pYAvtXESBfztI06lIFVwMCCvoGTh8B3D2djh1w5nw/kGXzZJMacmwt4NU/hMGImokbCW TM6bIazQyNbF00UXvOuG1bkdD+eKLk8c0LRW+MWnCvSsP8UXgELDrP049ELxDon3RngIFx6O Tom/hlRY2MJ35RImMof5nj3CsYdbxEtIfD7O39PmgfkakvUWEsap4bwh/Qfag4NzfV6/N+CV 5Cy3kUYc+UoatQ+B1z+IywGegWkka6DbpQ7S0mh+nkOTC21pJNObwUe0/NMQ5aYnpkAFhddd dx1J6DH5KuT8vgieKFCaZHaMebl5Q9nIklGl33n9G46f8BF7EWM367f+cOUVI3N+svPeqeeN LrhjxlXPzvVtcrVGVtYnJRWl3fD8T2dFdl71+h/pD9KXRmsqfjAwJWf4RddNGb8iP7Nwwg+X pEyvnF46MD0joGWPOG9l5dwHL3uc963ZsS9Zgf1ekkwznyEua/rvjK8DqHFEiSNyHNHEAejc EvH1khlArg1RQl1ujUokyeso1DWMhSSn7s0iWdR9yvBEM4cnLhpT1AsdFy5UmpVrlR8rNoJB 7UPKJmWHskeRxYE262TbUWGsCn/IitdhzJmahVhn3Y4L2+PDZT6E4kuv1qjZnAwo21k9SaGj nqw9bdVGfNHE3D04wJ9oh/lb4/yJ5hsxwrsr4bhMTrK5k883EH2lPr5pKN6IZt7USeWLGgbf cMNTW7YECvP7/+JB77k169jiVVRp6Fm96uRPJg9O5atq6Ks/5F9Soz96hqTybe5+ySXMCCTx A09HwiF/sKQwQLPVQJKLBpKceID5ID8yIik+L02KDzKSeuelSTkpyXwCmSpmp8liXprsF5t3 vW8pJouHV3LvjDQ5aG3jWbs7yWK5IpnPSN1cZLFkuiOZJk9J5YrN45PR1COprDn1odRNqbFU G3+JiO89CVW6XNamU++D1EGJw3DscXzosDniD1JH74PU2m/SxC4TL1E8Px1iNuoQmzuOKaFT FtasHZzvTjvNh6p4vavcfJiKxpxq83rcupvJiiqrdhVTT5srjbhVXxrhE8+CguvM14Wt9zLy csWb7cmiKY7iuDR25dsLHp7qdXY6fY2XXHL7OZ33d05YNnVkK7vz5FOrh42/ZMaaW1jZifeg 0VS+kweNamwUPzH/pfVFFo81EDwktKaK/VOxwJ1kLX4ejbetI2HRFJg34W2wZLtKNFWmskbs DtVOmT1bnO4tKvxgt/eD3bBKPobgtU17eqSdkixfmcYfaW5fmSPJn16ico+h0KcQUivU+Kqb o/+AEpIPT0weHFk5JSQJHq7eC1+dP7SEGPB01yCS78jVyshIbQIZr82is9gcdbajltayiBpx XEE6aAdboV7h6NBupjezm6RblVvU2xw/J/c47tAeJ+u0Z8nTypPaLvKS9h55W/uMfKydIEe1 waiOlkKStHySq5VqU0lYc9jD/qQSO4RTYq2xO1AfXnXC5zlhXRxaIOLJwGXB48QMhEtFxDK7 3eXkb5l+UAjZAHYX7i4kRWPHCmtIC5dqiqrmOLSgw6ERiTGM+IKUghENo0NVZYzKiuaQCLUX uagrSw2Hw+YHmWjalrD9WjuzAws7DBamWc5Db3KzPJwaOjn/5PzUlMMH5psvfJT17iX4yk49 sc7PAFlvuPb9kflzelfJBtARAf7Sd2AEpb/uaXjuQE5mSuFnz/Q02nJP3rCkaeZydou5GyUT Yn8alua3X86/LmVZmjmvF5u/GS5zB4Uvx4r1S7u5/Sfe45QSFt4PmedcveJJK8vWiarj8XXg 4+ZxfvNB7I/fUHtvKLK1hPwlX2KNG7tXnNSQbdY22bd9q2eCT91lrWgfje+fWTcUl/WywtH4 LuRRs6n4sqwbn8Y32j41txt8hnnbegLti2997nuqrwk9Q/x8PiUeEObb27I1m36r0+VmJjUn x3yGy7yxo9Nj7kXuCBdxzBcW15pPosSFgTiVdZiM2yWLE68+ymyazadZq83ms8iHUcbu3d53 dnvfEh+yGMutULzn3PfIT0N/F6QFtkEau9g3z3e7T+L1EbP5D+P7mx/GX9s6EnZkDijxpmeY W3/hpzOzS2yyyxGQ0xwhv91GbLLT4fSofi8JSEElXU1zZniySY5SoBZ6SshIZYx6jqdCGi+H lcnqROcF+njfxf55+nT/UqVaXeJfIV+ptKnPyNv1rf6v5BOOfKcvn+S78zz5ep6/KDialPo7 1JvUe6Sfuh6hj7JHnRtcW8hWebvnZds78h8dn9o+1T/xH5WPO9Kd4gisS/he2Xwd3xzNiVU3 q22naR7d5ic+VVFzFD3Hw5cnPIrkpq4c97bYO+FS/kxwo4kWiDUINw0GZM3py9UKfTNt07VK X4Nvpe82n+bTbGiwXB2mYvpEPV/MqIoKjxaZp/G8B7gzR3v4TwsHJbsdDwbF7tA0FeaseX38 BcaJT9mJH4PWi8K1mu4xfudTVEPx+f2FdiVotyse6DnH7Qm63R4Vk/RCTQ0iO7H3dieEUcVv U3Wfy+MW7PnxHOVfDuL9i1/np9C14DGvmy5083duJfc2+khYM6ZqtEm7RmPaNnZp2DHVR5t8 1/j4wbJLw06vnS4Ue1sSeqBHttBjgWO1Yhwcmnx0/vwUjGPxz3ui+Sl/OeUcDXd+c7m+zPxY FfybTzlbc2oAq+TnaRSPt5wDxzlM3JQ5Y3an23AZrCv2IeY6HxJPbE8nKdYNtOMP6Wjrb87E TSUzxPdi9jypFFMRMWDGxE0jxGu0auzDJxXDjPVbX+7gR4r3bMUsALTRE+zZrBRzipvJaLbd LKmXeG++ZJHPF/vwKc2wGYTfsDZfObW3tvrLyGAA328N8D3QOfFFqULzqKX4qsepo+/v++Nd suiRA8m8Wx4o5Ul0Ys9vtj821jbisWceHPmDrU/0dP7msUH/iS76Zwd8r7DGk/f8YTerPfEe W7nl29f5x9wxKvgr+movo/zTI1Zf7e19hyBsbqiKa+uZ30+nTtnGHDKT3TBsXUz49KJCYdvi A1hpT+t+qmeFxC5xeFqobK5+t+1u9V7PffoO+w55h/IH3aGHk8pSpYCjnzvVO5KOcV5Hb3eq Rf7LbHOUOc7Znp/Se7R7nE+zba6Xna94XvW+J73teMO91/tnze/vO27m9+kpbm/8uBnHdHHc TNOY/N3jZrWyLJkHzmSHOHKm615+4kzX3d7e42ZeTdaZrnl3kp0O5s3pPXC2003dOYlnzmSv OHOmTfVT/0Xuq11Zml4lO64Oa3gKPx2Wp8nXiq/AXRD2GNLVLGsqhH2Rb6VYbZl/1Hww47ns /bP36OHvHC8bWjjfMnr+1T5xvkzXbxZHyl40fQSKOGZWbtlWpyclo0yc/HJmlLmyksskAL/e PKDMK85j9iujWQPKHOH0+Dn4wjliV0PswfNLfqwrmT/hS/nOu5RHdXpDz737Hx6aPjjnqf/s uYP+xwfvjek5yPJpzzfji88fcaLHdfI1evGcnvn8qT+g5xLpc1hSKluK+XSK+WqV+e67mA8I X7dZW69Hw0Xmkr/YeBW+y0xhbgII320O2F3xLV3TGF2JxpihBXXJKaWHdL/slANhv244wy7D MspQUWHqB6kpu1NDXh6I9SzxmEt7Sk/nRwH2hZell+UHZ+lPaFLYHYbmjfziEi/3FJfDn+RO 8ec581x57lGuUe6Rnnt9znx/fmBC0hz/nMCcfhF/JBDpt0Je7l7huzJ4Zb8b3bf5VvlXBW4N 3qM96uzy/sa3PXhI+yT4lfuk95tgLL1/3HSTAs70NJteod+gS3qol31zvc1vPRswItR1lxd9 O4aDoWAgkOPXgrjQXei8c5xa0OnUAvxQm1PmBEi6N50VpT+fztK3sbFbdMgiHNzGZoadY/1h P7vc/7yf+bfR87fqNItcmKbxW0JaYcNV7Jrqkqa5YuLU5PlPFfFjEmxsZ5qxEh05hHeSf3cQ 1sq/f5TiPXog5D0wv+Vwaor3sMBICp+Ixk1XTXw3hduudR5y4iYPescU9I6/wdz9U+KMfUoT +8ZgbN/W0jItq7TMwz9A1K/MZ32yYQ6fShEMTC07TRieFgbyzDciS/lhxPjwFI9azJeuCZ4z uHxCsi/X7uxZ9sIHhVmZhR939jScl128clZJz5LHvPnZaUv1DFv+yXvbr1u5nC098fIT58+Z wW15Gd3D6qQ/ECfJfIZIdEbY45Bf5e+0MtLuuuwR0YYPk6LDw4oDJWKLOMjnZ8vuqovcdVek 7i72WmTt2ghw0Ip9S1+xNbF5RCL9wzodyb8hKo7si490Jn5DVBo5oJ/N1kpfueMOvj8wQ/ob m2vvBg/J5N1w5YOhJ0LsC+WLAPuT8qcAe115PcCeV54PsCeUJwLsQeXBAFujrAmwq5WrA+yE eiLIGtSGIJurzg0yl+oKsmBAVTB7dhJJ/8YjfcM8bkZd5W5S7qb8s6pFgSblGmWNIik0MDpY 7nG7yjEYCCenlnjaqTJaLWeUlEvSGkZZKMX62Cv/Hi3/2usBTIDLTYyM5V9+Pew97DU/uSq+ uIp/4t3F1ydItKWlhbZYf3Q+7TeQv95cmizLyoAEnAZ/axTMG1xaItG1ccz24hu/vKl82qBx yfMu68MgqfHSQTbFvktIam94ipDUEfVIkFGVBtmHyocBtkfZE2A7lB0BtknZFGDrlHUBdqdy Z4Bdr1wfYM1Kc4DVqDVBNkOdYUkK0wCJBH8V4LJxuSEyD4RF1V8pPKKYQoCMlFPq0ctdkFee O/lc9F9cXO52xqRyApHlEf5ZyXohLRhMOd9tKheiOuAVuPgwLf8sbTw8VVi9cmppgdz4B2ZH 9Asq5ndrRyTgl/02s3De4FEjpXfjiO1rCOicSwaNT7p8Rh/GLXsnvCvRS0ukfgvjc1c7P3Lh FZP2h8VLScQQ77IdiO8qfNbpNj9ycKTvI5DxrYWwWM4lGWJH9mGbOem0lkJgBn8RXwLiX0Yc 4dvZKV5WpLHtNIc+Svm3bVOeJYx9QSj7L9j7kSfttMh7QHwKlw4YOYA+2uOnn9OcXxMzjz3t n+expx1/0F7Vl4eS78vz575ySM92Oq4vj/ov5FHJ37erCXm8/0IeL/liu9fMQ0g/yy0lz5/B naD9aTlt++eOrWfrpalwO2y5wv3OdHJUqVVz1ZfVl7UM5yuuia5j3HmePN15Z/sa/HcGfhHc 0G9B0nXJy1JmpswMvZl6Y3pBRl7/4ZlDjVTjkayXB16VXZvzs/yWQXcXfPvvcIVZ/wZ3Llz3 4Mj/2G086866s+6s+99yL/5b3L6z7qz7f9B9PcTPf8H5rDvrzrqz7qw76866s+6sO+vOurPu rDvrzrqz7qz7/9cR8auUpAd+PtlB7KSYSCQ7tgZ+aWwvySYS8GzgdfDniJi5wq+EP4josQz4 PuHzXCOQfi98vedr+D7hZyPvSEGtVNwtFblKiRfpS0XeUpGmlAwXdytEzDjhTxD+pFgn/OkC v1TgswQ+W+BzBZ1K+BeRi0DhUtBfA98Hfw7wOvg++HNF/FwRXyniK0U8/xvDniP812D5X73w JSEZTVxxnBEPOWThEllAXrVwW0Ia/hvaxy1cJh5aYOEKWdSbRoWEPRbuILfR0RbuZhvpC0IX /G+krcHCKbHbfmHhjCi2/RYukSLbmxZuS0hjJy7bQQuXiWKnFq6QYb1pVJJia7VwB7nQrlq4 m15qnwzK1Cbxw7byOoHbgXvlzQKXRfwLAldE/GsCVwW+T+AOS4YmbsrQxE0ZmrgpQxO3JaQx ZWjipgxN3JShiZsyNHFThiZuypDjWgL/TsHb5wJ3JcR7BN4jcC/nTTFpBoD7lXSBBxPS9xN0 TDwpIT4k8g4VeJpIY9LMSEiTmYBni/TlAi8Q+MUCHyLw2RxXE/hXE8pyJcS74nV5jBhkOCTC f2HdIDNJHalBOJk0kUZAG1lBmkXMBbiKAud+FeIjIsVQ3DmPNMAZZDriliB/G2kVVzUIa5B6 OfxqpDwPeAR5edqISFMFaBP0qpFmGcIoWYq4JlL7f8TL6SnHnFIm52gJaQfOyxlDZgnuWq3c BnqZoZBBMbB8UIqQxbjbhPucmzb0UH20JoO373I1sxerEHx1IHUjSjTIVFCoFRT53SGClyZY ZESUO0XcqUMM56yVDEbcNFGvqLgTEXKaAb8d6astrg3wWkZGQ3dzkLMd11x+KxC2C7lzydZZ cq4VvLaJuCb41SK+WZS3QuiB0zUQExU88ZSLrTw11nWVoNQsSl+GVG3iHs+1SNBos7TVYNWz sZcLM0ecj2hC2mYh4WpwvFiUYcqjQ/DNJXLmOpjXPO1ilNYuJFItLPF0SfAcDQLLR/pBCLmV LbL4PjPtxv9B3fuoV/fqPiraQVyXcVs9Uw3ipX+Xr3MSdMRrYtalTZQXbwWcvlnXasR0iJo3 iZb1jyyh6hSt1wjtNFm+WSsTb8dVs/ANwe3yXms26fCUDUjxj2xo6GPG8OJhw4yZdTXG5KbG prYVzTXGBU3R5qZoVVukqXGocV5DgzE9sqSurdWYXtNaE11eUz30vGikqsGItBpVRlu0qrpm WVV0qdFU+/1U4pFjzJzTa5a0N1RFx8yqibbitjFy6LBiI39yZHG0qbWptm2QSDV5Zi+pmdyr iFZ1RBqXGFNrayOLa4whxvSmRZFGY0pkcV1TQ1XrYGNaVVs0sjhSZcyoam+sBmljWNno4XOa 2o1lVSuM9tYao60OPNc2NbYZbU1GdaS1uQE3qhqrjeZoBJGLcacGYVWr0VwTXRZpa6upNhat QLYaowFlNnISuMFpREVsc7Spun1xmwE+OurASEIJCCONixvaqyEvI85EU2PDCiM/MsioWbYI tBNSN/7D0kXyal77aE0rryWXal8BPHsvrXNEjfIjKKWtZhlXQTSCUqubOhobmqqqTxVClVn1 mqiBGjWhKPjtbc3tbUZ1zXIuZqSpq2loPlVCQ9E/Nol2x3veRlg47zlXUDesqh7XB0UvHL8/ A3ZmthTeIqql+6QnpWel5wHPSNulxxNoVYmeKn69X9CuOaWsmlOoCXq2/rZhtom28bYfwC9D 6iq0BN7GzCdBHd1Ef4HhGG/5/GkRFT02p2GODUksj9xNzvwnET4K8hEai/HnMyGT2fNZrMyW S0j4Pft2XBumQcf/YvgjY2M9502fNL24GKmINRp3IThCvwa1aRj0rSKUrWb3Eondx+4D/jP2 M+D3s/uB/5w9APxBdgT4X9nXwL+RwIHkl/xEkgLSOODjpYnAJ0lXA79GuoYw6VrpKPCvpG+B n5Qw9pdiEni2ET4qtLXZ2oC321YAv9J2JfAf2u4AfqftJ8DX2tYCv8t2F/C77cMJtY+wlxDJ PtJeCny0/Rzg5XIFofKFMsqVJ8mTgU+RZwCfyX+WVp4lXwZ8tjwb+Bx5HvBKuQ14u9wOfLnc AfwK+UbC5Jvkm4HfIt8K/DZlPaHKL5VfEknZoGwBvlU9jzD1fHUlkdSrVNROvUa9H/jP1c+B f6EeBf6VA6U45jg6iOS4wonRqFNzuonk9DjzgQ9yYr7iLHE+AvxR5xPANzl/C/wF54vAX3L+ Afirzt2EOV9zYkztPOQ8jPjPnX8DftR5DPjfnX8H/rUTknd+4zwO/ASUJ7mo63cYob3o+j3w l11fAv+b6yhhrq/cXkLdPneISO5UN3jD2NfUOSMDhORNmZvStuSMOk5HjWaqkJs6W0Uuda66 AHiVuhh+rdoMf7m6Av6VkAaXw3Xwr1evR8yP1B8Bv0G9CfjN6q3Ab1P/A/iPISsupS8tmTBI oxD4YGcR6lLsLBb1/S/gnzk/E3V5Cf5O107U6PeoF69FEvxkdzLqkuJOAR7i9bLqo5G7aRex V0WrFhFj8YpoAzl3SbRmKZlSV7MoShY0VLU1ovVrhF46vcIgQbSsGGRgI04LwzxGyIaI1sTn Mu6Ea4r5gKf3mqLlgdKkmRMMkmSlYPw3Aixcwl0v8S2tiTaSOuE3Cr9N+FfyBxK5Vvi3CP/H wr9b+BuF/5rwP1q2dNlSckz4PdynsvA9wk8Sfn+r/mfyGeG/jNMXihOV4N3OZ2rgV0PtXWJ2 CG6Jn/Bfuu+HGiVjThQiqSSNpJMM0p9k4sl85nxnimP8xxxOCXXQ/75wEEbBlegPG9DrrSQ3 kFVkLbmfrCePk07SRV7EnO0t8j45QD4jR8m31EZdNJXm01G0gk6iM2kljdI76X10Hd1IN9Pt 9AX6Cn0TlDHDpDehdMxG/cXgEWFGHThFaBAzHHDAbAtZN5jhqB4zLN1jhmVDzXCMaRd0/DEz nLDPDC96wQwvMYiN8XAjkSF2evlKIsOAaNUBs/zFD3BuCK2O4lpB+IAZX73NDGuGmuGSJJHO FhkaOT8yK1JvXb0b+aye1AfNq/p36g/V9yz1m1dLr126dumjS7vM/A1Xm+GyejNsrBCp1Kb+ TcObJjQtaGpruq3poaatItbdfH/zpuYXm99t/qyFtARb8lvKW6a1VLdc0bLK5DY6mvsIF5jU orVm2Bo2w7ZOM2w/ZKbrWGCFtcLaaMfthOrNQkIR8j6VobfhNEwX0GZ6PX2VMVbComwlu42t BTzA1rPN7GV2CE3HIxmAi6Vmabn0svQmnhGpttm2qO0W2zrb4/bh9oekl+2vyIZcLzfLG+T3 JY8iK0HkgFPOV2YrC5RqZaNyQB2jPq7uVPeoxx3pjuGOsKPWsdZxTCvRNjsnORudq5x3Ox9y bnQecPldFa5ZrrWud9zErbmL3ee7m933ude7N7vfch/zqJ7hnjbPnZ5tnlc873o+0m16lj5Y vxjWzlef+BpTeWwv/WtsDf0GcCK2hlGAI7aXaQAd9ykJxurQPiSRvo6UAcbEOpGvTqxv8dUt vra1FdeSWKniK1ScuoI8nQl56kSeSsRtxV2bWNvi61581YuvZ9kEP2WAMSZfaNEiDejxtS9O NwPQX9CvE6tffO2Lr3zxdS++6sXXvPiKF1/v4qtdfK2Lr3S5QaXColIBKp2g0imoVAAmIH4S qE3n62CI5zk5ny6xAubFHb4GloGwP1/Lw50KwASRYy9y7EUOLoXP0SPEa+VFObxmGcjZP/bD hLIqLE4ryAxcz0Q4m6+8AZhYj9tKcoQk14hSt5JJvKdBSr72xnrjKdmCtJKQ8Swh/73EzobE FrJRgEmAS2JdbGasC+1Bj2UiTyZGSOuh5wrouQJ6rmCpsUdZHplN7Ijdi9i9iOWafw6af45I iH2p98pGh8c+ZumxP7Ls2C62KvYx0ejQ2Me0CDAMMAJ3vYBkgAHIAuQCCpHSQQfH3qZDQM0e exvWVQeqdaBax5JQHmQKmrA0XhYJIu1qpF0N6uNAeRwojwPnG8FNHXisA491oLOauWMPMD/w QKyTpSBMRZiGMANgxMahZovYoNg4wkD3DZT2Bnp4bsWw1H+JH5mn5imtVLfGUxEdsb9F/jXg 8RNI4BPw+Qn4/AQpfwspfAIpfMJCgEyAAcgFDAIUxj75Dt3e0nv18PYpepAtmzoOezqeKAXC oJMHoIsHyACrpQg9w+YyYXOZKGMvuNwLLjNpMWAYYISwg67TpLkX0twLzjMZ8rNgbAokMQVS rRdSzUDYH/2CgXsDY9MgnTUsB3F5pIvlI90gxBfEpuB5G+fUC7mDW8v613yPTk/n4lSdJgE/ s15XCL1y+9sM6W8Gxc2guBn8b4bU/4hUmyHxzUi1GRLfjDEB+Pq/bld+UOpA+Z2g1gFNbATF DvDQgdx7wf1G5N4Lfh4Ahb2gwC1rIyh0gLcOUOgAbx3Q3kZYPtoVcX/Hms5kSVmnWRPPtR+5 9iPXfuTiWtyP1PuRej9SvwGNvY4c+5FjP7T0OnLtF7LbhVy7kGsXcu1Crl0oaxdy7kLOXci5 Czl2oReIt3ve5p3fmy+eJ9fMh1J2Ydyix2RYpEwei3WQjYDNsW70XFtjC4XfgVHbVkj8XFLB zosdZBeSIWxCrJtdBHwiQt6LTY5tYFPQk10C/DLEzSXJrAHhMqRpBN5BhhAPG4MYTmGCyHkQ Odcj5xvIeZBNxb1LcI2+EBQOsjmAGsAy8NIPObvYuUgRFhS62IWCSheodIFKB6h0ifKngg+T ympQ6GILkK4W0ACc89IEaAG+InYQo84z1BsldaCkDpTSjVJWs3HgbwLCiaDKKc4FXglYgDSX AxYBrwHUApYA6hBXj3AZwnaEywFXAFaAvswmQxZTRE23syrIsw7XyyAbJspbCq40S0LdpoRw fzLkPRPAZXo57KlOSOUgUS0pxGXZDSkcFLK8BDjkhydNorTNsrdjNs3TzBMlJxOHleOgSR/A eVpq3oWsDkJ3ycQpdBfXAC93MsKpkIlZVjfk0S30BQljXK/3XIWe5Sr0LN3oWboh3dW9kg0j VZ90E+oqrKHbsob1gupcocOFqPcG1HsD60DcCjwt9V5+hEUiVZzSJOCThSWstp6t24U98dot hBRRI8w04iOgx2IbwNsGS/PcxrpYGClNqt2guF7YlcnLemh+A3hZDa1vYNWAGsTVCt4WsghC rvmlQvurIYkNrBXQDlgOuAKwIraa5EI6RyCdI73SMblYDy4OWlJab0moS1j5FNEmTDnPA3D7 m480pmQ62ELcrxJcrWeLgVcjrEF8LcIlAG6TEYT1gKXAmxA2A6KAVsAVAG6fqiXVLlHyJFCc 3Kvh7aDYRRTBV7zlmXxttyyyG1Y8QbR9bs9z45bNexDecjBrQ4+SYEddlpS3Q3fdlhVw/Y2w 7Gqh1Q+sh/UJvcD249qeilym1XVBq8mcN9HOebt2WZrcYNnq+oQ2stqiza1qvaW9g5hZVYk+ wuyvWlATHdp+Q6S5HDELAVXCvnl60U55fVmjsPcu0aO0AToEB93Ei9xoYQDe//RR4D3aG4JP LrGlvWWalFpAvc3qm7R43wRK3RYf3RaFbuTmPHSLlAx5ukUbdVgldifw25XQ83VzPlHXeQlt uw0acvbmu7yXyz4ORQ9u9ZooCf0T9AsaQ0RfUcVln9BnNFi0OT9MxHJpSqIETpn3OGoCj2Z9 4pJvsqTPU7xh3d1++l1Ra5vQel1CD6XF27SQPbcLIXf0sabErNogpRcpRyDlCLIR+edafWFf jmSRw9TSJ2gzZk4ugw7LwpReiSVyH+fN0av9uDz7tB2XZTdqcNpdSOly62qZkF4DWkCLaJVC N1zacf1bT9emXn7iEo1zHr/LS2K99VV6n3h9Pc9C9DwLxRPfIWYK/2yWwMhIsfZESJDw3yHP JnzndxCcRIrgbGQEnB2pRmJMXAqnkDIyBvObcjiNv82AEf6lcC4yh8zFnK+Sv7dAtmAO5SUv wvlpIR1CArSIFpEkzOdHkGT6V/pXEqJf0b+TVPoN/YZk0BP0BOnPMLgmmczO7GQAU5hGspiL uUku05lO8lkySyaDWIiFSAFLY+mkkGWyAbDcbJZNilkuyyXD2CA2iAxnhayQjGBD2VBSwkoY eGdj2HmklFWwcWQsm8AmkPPZxWwauYDNwLP4YjaLzSaT2FzY/1RWzWrJZawOWpnL6lkzmcda WStGn8vZFWQxu4ndRGrZLewWsoStYqtIHaFytbyR73KTfaSEkOb7AesIjb6P8FHAr4F/hLAT sB2ww4KdgFcteJOQljqE7wL2AQ4gz6cIDwGOAI4BvkUaBlABHkAQkAowALmAwcjzOcLhgNHi Ho0eFfdp9DjCcwEVgIsB0wCzCG2F2lsqAYsIad8AeBywmdD2bQifA7xIq5rXRcdEba1XN++I Tq9dEK1uPhRtFvBtdHmLGn0I+OMtla0uES5qdbV8Fl0JuKX50Wi4+deAzmh4SXE03PJa68xm OTqueXt0XG+ad6OzERdGXNikv+THLeujC1o2Rhc074xOF/dfRbgPYV+5KxPwBc1HEAJaGPJ5 kPYY4NvoQ7h+qMWIbhB88fDd6OMo4zlc7+kNj0XfEfBt9H0Bh6IfAT5tyY2+3zIYMDr6EeBT 5P+oZVqrLKAiejyOx+teu6C1P4eWK1sLBNzUOgpym96yKnofr0PLJvC5DvxtbSUtXa3lXBZx GbR81joXsJDX3ZIx0oM+ByN6PC6/OEBek7gM43ITtN7qo9f8Jup/IEFuO6Kzhd52god3l9zd G3/6/QQ5QibNHKDfBQmyvj5R99+TZnlLEPX2RG8HrAW+lusD+H0iPg6ppn64nhJB6Ew19Qae NlvhNkt/28Dri6frr2U49MT1dS50dK6lKw6bWm8QYEDm0xByQHzrba0yByvNf5P3/WFxXWX+ 753LvUC4QUoxjZTSFCkipZQijJEi5WGuCHdmECPMj9tICaUEaYyU3vk9zNwZhmxkY4xsxBgx i2xENhsxRjZijEjTyEY2G1OaRkzTSNMUMWKMNMYsxvh9z5kZQrBdv7vP99l/vs953nPeOffc c94fn/Oec+7MhV2UltcT/0pIuYiXgQiu0cfYdxjfpnCJ9RewPjmKe1q20HIRP6/FcieWydH6 57ciPlTEBqHlvHKHRwxlIn7yKe1Ae063tz7fg7bbg0Q/b+59fh9i6o6vttP5spH44IXyKFFM RIlg43yEn0GaXY696DzEeUeuzb/QjJ/tWG5Ban9+of3q8zdfcD5/O1KG/XAY7T9J9bozT64i XSe4R3tWot2qyXVKfe2FdE4SHGgiPj6JPjmO8yBSto2/4KP4p5ik8yCKWQuOR8oMImO4Hsto bFiO2QgGCR7RR20EcxRTkbmv3CR9IF3DOX6tfU65jfN9GulG+LMtBvWoufM5jA9bBqVlWInq RbEQF/Y7/RxHPmP/0c+aF5IJoU+1tmzUncaEF3zP77DlEV1shSgfzlNbMZYXiV4kfrRnUNIs i18oO64uCfSbU6DfmcbRb0vj6XeaifTbzCT6PWYK/Qbzfvrd5UP0W8v3028Ms+j3fXnYy0ua 32lwPWEfZB8EDfsQ+xCw7AfYD0IM+wj7CMSyj7KPYu+PsY9BPPs4+zisYj/EfggS2CJWCwIb YLsgkf079u/hXvYL7BdhLfsl9ktwP/sP7Jchjf0K+xV4kP0q+1VYx36N/Ro8xH6d/UfIYL/B /hM8zH6T/RZks//M/jM8wv4L+y+Qy36b/TY8yn6H/Q7ksd9lvwuPsd9jvwf57L+y/wqPs99n vw8F7A/YH8CH2B+yP4RC9kfsj6CI/TH7Y9CyL7IvwofZn7A/gfXsT9mX4SPsK+yrUM7+nP0F fIx9jX0NKtnX2Tegin2TfROq2bfYt+AT7K/YX0EN+2v2t/BJ9nfs22DisrlceIor4URo4Cq4 CvgMV8lJ0MoZOAN8lqvmqmErV8PVwOe4DdwGaONquVp4njNxJmjnLJwFXuBkTgaF28htBBtX z9WDnWvgGsDBNXKN4OSauCZwcc1cC7i5Vm4LdHBbuTZQuXZOgU7OzjlhG+fmvPB5zsf5YAen cip8gQtyQdjJhbgQfJHbxm2DXdx2bjt8ievmuqGH28HtgH/gdnI7YTe3i9sFX+Z6uB7o5XZz u+ErXC/XC3s4TPBVbi+3F/ZyfVwffI3bx+2DPq6f64evcwPcAOzj9nP74R+5QW4Q+rkhbgi+ wR3gDsAAd5A7CP/EDXPDsJ87xB2Cb3KHucMwyI1wI/At7gj3QxjifsT9GIa5F7mX4LvcT7h/ gxHup9y/w/e5/+B+Bke5l7mX4UfcK9wrMMa9yr0KP+Z+zv0cxrlfcL+AF7nXuNfgOPc69zq8 xP2S+yWc4N7g3oCfcG9yb8IE9xb3Fvwb9yvuV3CS+zX3a/gp9xvuNzDJ/Zb7Lfw79zvud3CK +z33e/gP7m3ubTjN/YH7A/yM+yP3RzjD/Sf3n/Ay9yfuTzDF/Zn7C7zCMzwL53iOj4Vf8PF8 AlzgV/Or4Zf8e/j3wAx/D38PvMHfy98Ll/j38u+FN/n7+PvgMv8+/n54i3+Az4A5PpPPhKt8 Fp8Fv+Oz+Wy4xufwOfB7PpfPhQU+j8+Dt/l8Ph+u8wW8Fv7Ar+fXwyJfzD8Bf+JLeR38md/I b2RYvp6vZ2L4Br6B4fhGvpHhcde4mYnlP8N/hkngn+O3MALfzr/AJCbEJ8QzSQnfTRhl7hFw +8u8T4gRYphUgRd45n4hTohj0oRVwirmAfKX6Zh0IVFIZB4UkoQkZp2QLCQzDwkpQgqTIawR 1jDvF9YKa5lMIVVIZR4W0oQ0JktIF9YxHxAyhEwmR8gSsphHhWwhm8kTcoQc5jEhV8hl8oU8 IY95XMgXSpgCoVQoY54UyoUaplzYIGxgPinUCrXMBsEkmJhPCRbBwtQKsiAzdcJGYSNjEuqF esYsNAgNjEVoFBoZq9AkNDGy0Cy0ME8JrUIrUy9sEbYwTwtbha1MAzCa9Rrfnf3zs7gffbYR mM24j34W98TPbkV+AEsFyY2kRmgb0o4I9QA0Z2O5B2kf0n68B/fezx5AOoR0BOkY0nGkk0in kc4inUeaQZpFmsd7hrFcQLpJrzGbR+h1ZjPu25+9jWPEIK1CSkJag/W4j29OQ8oAaG1G2oLU DkyrE0sfUgjuh/VQATV4MiK/3nFCEHZAL/TjWXUExuAkTMEFmIVrsMjEMInMWiaDKWQqmBpg 5SNPZcjHnsqWjz+FkVvuli/KffJl5FR5Ru6RZ5Gzy5NyUD6D3Bb5lOyUp5BrlI/ILfJp5Czy qFwvTyJXLQ/ItfIQcqK8X5ZkPK3IxfJOuULejVy+vEsukXuRy5L3yblyD3JpslfOkHcilyw3 y2vlLUD+lFuLnChvRW6NvEGOkS3ICXKtdVGWkdPIpdZrsgga6025zDorVyB3Vc6xXpDzkbss 51qn5ALkjuPVk3IacqNyiXVMTocY60VZwhY12MJkncY+YjCXsLYGa03WK/JGbN1tvWjdZUX9 Ww5ZZ6zbWo78P1sTOfp7I6C/NAr/piee/p7mPvprmPcBg14J4slYQH/lAjQijhoRR42Io0bE USPiqBFx1DgTIcRS43yEEEvPbMcSpWxE/DyD+HkG8fMM4ueZNUiInWcQO88gdp/JQ0L8P1OM VIZUgWRA2oBkWVZfj9SE1IrUhmRH8iIFATbjmXIznic343lyM54jN1+GXGu2NQ+pEKl4c6K1 wmqwrrGmWTOsk9Yma5m11brBarG2We3WeqsX86B1O6ad1t3WvdZ+rBm0HsR02DqK/Jj1xGZp c81mE+HIr8jQ/qih5rrmD6DR/BF9EUN9wVNfxFJfCOiLj6BHnljyyD3okU/CWv5T6Jc06pcH eJmX4UH0y0FYlzCM3nk44U8Jf4YPJPwFfZTzvzgSA2WgUF/nQdx/7SeMF3EWxeK2qJZtlh2W HsueZvLrlDjN25q3kbmhuQEMV8wVg4bfwG8AFrFnhRj+KUQgl/DthG8Dn3A74TbE/o/uYZKv 3ovXQWDGAGNOC8rakoiUgpQKGhWx1rIOKQsJMdtSEPm8HqkUSYx8liJUE2ljQtq4REyLAppA DGgwLmoCq2gJLY3IJyE/sYyOYt0apLQwkTqEqCaQEb6fUnaE8iLtC5FQ00AZUsVS+zsyYexv 2YqEcb/FTfsgMtN7IuNCC64DLdtoO03AEKnb8T8gXD9a9iwjXENa9lN7aBpV0Dy9bYmg5UC4 rpGMfYjKRuWjn4+8K4WvHyOl5nVTt2Pc369U2tz+QVOva9R/UKm2JfoPK7WuMf+oUu06gVdl rBlTGjA/oTS7Jv2TyhbF6T9Da0aVdtcZ/znF6Trnv6A0uC5gG9L+Et475p9TfMhfpb1dV2px lDmlEvlFbHkJW9a65lQwDTn3qbwSsiWqAq1JVrpdV/2Dyi7XdXWt0us6g3mfrQXzAZtbTTdN uBbVTGXIflXNUfrcoOYrw9gmXRlxNKta5SjmJco4rZlwzqvlyik3r1YqU24Ba6YxX2uacCfj XX3utWq1ctGdrmpNl92Zaq1y2Z2jylifjC2vuPPVBuUa3tuMfDLyV9xadYtp2l2itis33OUq YF6J8qPdVKdyy13tH7Vp3LX+E7Y4t+y/hHwD6tjrHiZaLMuH3SOUx9xWQ2uIdn1YfxT1+qvc ZnKPq7Jto3sC9W12n1IHMJ/yT5puuKfVdFuj+yL28y65Mu6+rA7RnLTEXBmg+TDem2lLdDer PkV2b0FpW9xX1GHbVqwfUZzeVZvGbCnudhVsqW4n5nFuH7Zxu2+op2yq+5Y6ZVOw5VFTyKPx zz3X4A5hm3XUAuG7stzVaihSk+vuVrttBZjvsq1378K81N2r9tpE2ufyXHL3ofUk9wDNCb/N uYB4G3aMq9PKUWVIvWjb4YlTBVuPJ1FtsO3BUUZQo6PqZYq3w1SvcfTFkJocllCpdl9D1JH6 Cds+T4r/gumGJ1W9YivwrEMbdrvG1GumabT/Ddt+T5Z6yzTlyUXrHSC87RDhTVOusYBGueUp QHwS303bjnjWB+Jsx9zaQKLtOEp+2HYScT5I586o7bSnNJBiO+YR8epZj+QfRU9dDmhs5z01 eO+Mx6SW22Y9G1GjEVM34RGr08qErQd5Ce15AtsfVdc+10t427ynEeVZ8LTgnBr2bEWf3vJo UDaTRwmk2lIof9N9KrAOLV8dyDLd8rjVy7bbrtFArj3GowYK7KvQC4PIbwustyeRPu1rPDvU zDCvjHt6EAnk3lJ7mmcP3hvmMwhv6vXs8x+2Z3v2bzpjz/Mc8M8RPASy7IVEI3sx9nAQpWpE vsxzaImv8BzByEBslYkaIY/YQ95uILx9A+UtqNEFez32I9qbsB/ql4CoyJ5jAcne6tmB9W1U WrvnuJpu93qOobTDnpPIB11pard9u+e0f9K23nPWP2nf7j5F+fOUx9lh32nr2TSGMSEUqLHv 9swETPa9ntnARns/9t+oDJtGAi32QYwk6SSCBRJpy61klICiTHnmAyLO6zmMWlPu/IBoi0NJ LtkLqS/ECL+grrUftCUGGu2HHc5NGTgLEO2mW+7hgFtpJ3hAm99UZftoxM4LKPlYmCdzMGx/ Ok/T7SfIuKZxdzJqPem5rU7Zz3hjUPdz2KYffbqwabvN5ExRy+2THVtU3n6ho11tRt5JeR/l 79Sf83rRU4o7f9N2RfYmIXKmvWsQOQ3eg6jRtOeAmumYcowHBx3TruvBg881kFXAcbEjFDxs v+odDI6SGBscs63zDvpHHZc7utGPlDfdILHXcaVjV/CE41pHr1ruuOEIBSfRer7gGRL5g+cw ugrBCzYR+Ut4b5867rjluhScw3pt8Kp9FCP/dawfQAwc9BwLXndqOobUPvs5tHa/Mw7rIzzK r1X7nmvwaRDVU+6RwKzjii8Ox+3zJSLyRV8KRoxGEsfsSb5U1Guc8KZebxrOYhyLxE9vBqLx AiJnzH4J16bDth5vtv+c/ZI3D1E95y1Ey1/1Fqsh+3Vvmf+gfdFbgVaq9hYHstBuBsTksHcD RpVKbJlJVo2Aaur2WmhNfaAUWzYFtjnA24pIvuRtC+xw8F57oIdEqsAeh+Bs9E86kr1eVbDX e4NkhbJno+Q9Dj6wz7HWux1bNniOqbcc6W4I7McRd6KnnN7d/kuOTO9eXOl6vf04pyq9QUTF Qe9g4IASIqsqrkGZaoMjB2OX4Mi3zSKSY5S+wCFE8gWMQkNKQ+AI4QPHcHQDWmOXay5w3KH1 Hg6ctDV6DwZOozVGA2exH23gPEbO0cAMRgyMhMo4kdPh860LpaK+EFrn3OHLCmU5e3y5oVzn Hl9BqMC5z7c+tN6531caKnUeUJzBYuchnxgSnUd8UkhyHvPVhGpME96raqbzuM8UMjlPuq+E NuK83oc7BFyvUReLbyPyA2S+OxPRd6PO077GTlmRHcMBieAncBP92xKQiH+RP+7bGmpUxn0K xocJnzvU4jzrU1Gq8yjVVucMSqU4Z30p0RhiGvZtU2+RFSHkxntT1RBGVFxtcawdiKse5McR V8gTXKnj2KZHDYXxYz9Hebo+Oq7gajVg3+5LVLujvHs8eMI+SrBnr/ftIdGA8Mow8pnYzz7/ dee8b39Ita0jvDLk269q7QbfgSg+8d4lXmn39YS22WPsi6EdyoBjPNDiXOhID/U4szyHQnuc N32HEAPDGGFSnLdx5zPiGMJ1MJP4LrSP+C60n8yOsBaBWftV12jnLjJzqfXCs+OimumK8R1B zNxCTfsc6Z4DgVmlzzsamHeUoC/mlUrcQWU6yhEJCxh/tAGNA3eDgZs4d7wE894xmp/ANtXe ycBtR7l3MhhD2mNei/kq2zbvmU1J2L4YvTPtPUdynH1rHbIbgkmma94L/kWCJaynY5E8uEYZ Ua5g9Ghw+JbyZqUymBbOlaO2nmAGIv9SYL9ji3cumE3zPJoX0vnSQuVvCSMNRwQcsd173X/B 4fQukvhMkOnwdUCwzBFSqjH3OTI3pSkXO/hgBc0zSK5qHd3muIAJkaklmqJ93MqVDiFoQElq gxscu5SGxhJHL85onFMdyZsWHX2OXUGLctmxa9MiWvKcmm6O61iL9kRrBNyO2o507OFaR6ba 7KjEme62D6KcbuIv9QbJg/VKn+dAsInE4WCTYxe2MdnriWdRThklmcLRW8O7MuwtJyJPm2Og Ix81xd1p0O4YMvXi6Fi/abujukMb9JpueL0B0REyDQVMtkZcJTMdwx0lwaAtsaM8uN0x0lEZ 3OngO/IDPY6jHdVovfGO2uBuzOXgXkXuaMAo0dvR7L+OETKoXnZMeIPBfrpGLJpOua53gjMR d++LGCXO4LxOsbmDg85U15lOHlc6d6dAduCdyc+RE0G/vR6v9pP9fOdawnemUz7T1kh4smJ2 5phuYJtWUh9IUcaRbyKRrTNfmXYtdgLhsZ7ytuPkDOJcR3b7NtHr7dTi3IFgkz0Jx7puO0/k IXOks8QxhDKUO7NIvTN3qb6S1ldTvpbwwVb7TtfkpgxyXghW2NZh+zlnAbaR7VdxzbpOdMF1 CvnOBspjBCY9KCPO+eAZ53rkm52lpu7OLbS+mdR3tlPeSdtUOEXv9k6fU+oYVoedYscI5Y8i L3WMd4acNR0TmGfhGn2drqfjuMp4O7uVKVxzL1C+hPJjlN9F+VZbSscpXNNnMTbuX87bz6EN s5wmgmR7P8rc69zYwXf2Ub6S8gPYfgpjbKOtpXPI1N0x1ZnpbEF+mNR3jji3OvjOob/ij9L2 487Ejmn0e4FpqnMC8T/deUppNp3qnFrGT1P+IuGDGShzcedlRGl+cA3lawlPYnKU77xC9ie4 h8zoEALncV3z4h5A6RA6r9knyUkQ9zAX1WbTiHNf5w2cRxc7b+F+4AJpb1PRR3fzdJ9gU9U+ xMkY2fPYVLqijYU0To1NDcURvvMU5RNNNxw87moKOi6HUpzujitqs1PtuIZR8WLHjcCsc1vH LVXbZe/ydgVdXn+SWu6y+5O6ynBmBRGNGJEQM+QUeY1EbFV2nMLZJIVz1yrfsdABV5LveOiQ a427PXTEleY7GTrmyvCdDh0Pn5Fd2e7q0Ely0gydJqfI0FlXnu8s7grCJ1x6to2capedWCNn VXpKdRX6zt99Vg2fRl3FvpnQeVeZbzY046rwzYdmXQbfQmjetcF3M7Tgsvhu4l20H1e977a6 1tXkjwndJOOGbtNx88m4XTGR0zQ5O+eTs3PXKiJJVxKVJP+OJF1rwlqEIyQ5KXelkTNyV1pY L3Jyx57p+ZrEJXIv4nyCrCBdGWQF6comNV15ZA52rXG12lq6CiO99VE52/yruopdQf+aoDf8 dCL8xMC13THeVaHU4j5n1LXTn9ZliDyLoKd+125/RtcG115/dpcl8syB2i3yVIGe312H/RVd rZGnFuHnA2E+/LwC7+qsdPX784JjrkF/YeeAq9Vf3FXvOugv62oif62CvnUIy9461NC3DmPi yuMswNE3DdPom4YP0TcNM+PscV54LM4f9/egpW8R6uhbhDUJH0zIh9qEKwnzsJG++fg0fc/x GRyjADLhowAgwqchFRohAIXweUy1sAu+BHXQD98AMwxissJBOAQy/ACOwtMwAa/CJpiBt+B5 +BXMgwNuwF+gg9EwOfB3TDezAw4xvcyr8D3mdeYyvB3TGvNZ+FPM/phvwV9ijsW8yLAxp2Je YeJj5mJ+w9wTc4NjmfdymdzDzPv5bv4Y8zA/zr/IWPiX+JcYmT/Jv8w8xf88lmeejY2PvY/5 cuwDsenM/tiHYv3MYLw/fpuGi/98fI9mdfxX4vdq7ov/evxBzf3x34mf1DwS/0r8ec3H41+P v6H5RPyfVqVoPkO+adJ0JiQmvEcTSkhOuE+zLeGXCXOaHUKbsE/TK/xhtUbzk9X3r75f88rq B1a/X3N2dc7qHM1rqx9d/ajmAjBol1b6pDSdvK+l60XqQxpAGoJUXZ9uQDekG9aN6I7qxpGb 0J3STemmdRd1l3VXdNewvKG7JWrEODFRTBFTxXViFnn3j/oW4nRxOtDESXESfUcyWZOryQXQ rNesB0ZTrCkGjeZJzZPAaso1Ooihv+fiNUaNEWI1dZo6iNOYNTLEa57WPA2rNY2aZyCR/p4r SfNZzWfhHo1NY8M+HRo33Et/z3Uf2jsT1vIv8y+T5/0wDRepZsnkjUhdEzTqmnStujadXefV BXXbdTt1u3V7df26Qd1B3WHdqG5Md0I3qTujO6e7oLukm8Pyqu66blEEkRcFMVlcK6aLmWKO mC9qxRKxXKzEumSxWqwVZbFBbBa3iO2iU8TNvG7xTqJtSLom3qApeSndiqRucZfY+zGN2IcE 4oA4hNeGkRsRj4rj4hVxQjyFn6bEafGieJm8Xxf7TbTmmrtwTv6GQiG0IWqLwYWYL6c41yO+ D4EREf4DqEZ8vwqfgCuYaqiNPhn7/tiHYUPsB2I/AHWxj8Q+AqbYR2PzwBybH5sP1lhtrBbk 2OLYYngqtiS2BDbGfjy2Ej4d+1TsRng6tj62HucLA304k4iVM4CjmAHdMNII0lGkcSjRzehm dfO6Bd1N3W0xRndTXCUmiWvENDFDtyBmi3lioVgslokVogHzDUgWsV5sElvFNkx20SsGxe3i TnE35nvFfnEQ6w5i3WFxVPTqzutOi2O605hOIn8W89O6Q7ojumO64+RdxLjn42z0bdNVd1nL hakQfoapCN7EpMVZ/xZ8GOYwrY+tia2Bj8TWxdZBcWxTbBM8AYxwfTX9aziQA7EAtYlIKcCY rmGZirQO+RtIt9iC2jjTZUqJpiuUCJ9iulabarpBP68z3arNMmtofa45rrbAnEjryXVSF20X vS/KrzenLPVN6sm9hEhfUZ70HeVLzamUyHVSknGi16IkmtfR69H7CE/GI2WUJBxPiuhDxq7B 0oQyknJlf+8k03LZltO73buSiK4bzVnULi3m3CXdo3IRWch1Yp+oXaV3oEYcczmR+6JEdIlS VDZiM3If6XMrjhm1TXTs5T4kfUR0LFtlLrjLjjWRklyPto+W5JpiXr9k22jfpHRHZCC8ai6l 5TazuGT3aBkdm3wm/oyWURmJvYhORIcdZumv7o/qFi17zDW1e8ym2n3mjXfJuVyXlbJKK+wQ LVOXyUb0idpvJRYal/HLMRsX0SFqP1IX7WO/ufGuMaJl4rvoH9U3cYX+0c8EP4SP3odjmfhw 3cpyqc0Bc0vtIfPW2pvmQ7W3zUfe1S7vVLr/L6//rXb/nXEaI/aN2jl1hb/+q9J957NJCOv9 buWSXVbY2pQcttPfKpf8Lr1DuVyP5dgn5RGzshQ3jpndtcfNKuWjZTQmR+fnSfO2pWunzTvo uAT30Xh91txTe968Z8lmcXewQcsZ874lHUn7WfP+2nlss2A+sDTPI/fUxZiP1a0yH6f9RDGJ ZV2S+STpo26N+fQSXqNlJNbVZZtn6tLMZ6kNcyyjpnzLmElrOWEqsUySuG4qt5yhdZWWc6Zq ywXarhZjIomXK32MNjStxf5X1uP8r+u3bKC4l++MseTzBsslosOSrf8W9hpXzO2VmFoZr1bG pYiNiEymZstcNIaYtliumtot101Oy+KSraJjrozHUdy80/q0or4uw3ye2plQnnm2rtA8v3yd qis2L9SVmW/WVZhv39VXdJ1FqjNYYuo2WFZR3mJJomtulKL91FvW0LLJklbXasmoa7NkU/3f hersljxCUdzVeS2FtAxaipevpXXbLWV1Oy0Vy9eeut0WAy33Yh9oR+rf5Wt7VhgHdYMWC9GX 6njQUl932NJE7xu1tC63V92Ypa3uhMVeN2nx1p2xBOvOWbbXXbDsrLtk2V03Z9lbd9XSX3fd Mli3aDn4V7Hwnda+6JqyPA6/W7kSXyv7i9aTdaxxGd7eKe6736H/aEyM7g+i8yQ65+OWYYm0 I1hMj6zPpXdKU2bY39Fyif6Wnu8Sa+/C8vIyOm8SV8yjlevfslhK9VlWLq37K2LSXeW7yVuz wp4rxltaK1euqyvLrcvi3fIy6pNovM4N2/tzyufc0flm8lmBzANTyMqbuq2CCSyHKe2yJhNa 2odH+4v2TeTrta5dmsNknOX74+j8i+6NI/fT+I3rhKnPmr4070k9zjsy/5b3ZxqwZr7j3jvS r2nImnPXPFwRo6KxyDRszb9rT0SukZg4YtXWxllLahOt5aaj1krK51qra7OstbWlVtk0bm2g n/F6rWhtptfxmumU1UnrsQ0tI31Qfp11C20zYW0np/i4L8R9ESDhcfqXq36b8Fsgf5E163/3 +QrHwl/oc5Sn6XOUTfw4/xKzmz5B2UOfoAzQJyhT9AnKG/QJypvx/lUpmnL6XGSaPhf5BX0u 8hp9LvIGfS7yG/JchE0lz0XYbPJchP0geS7C5pPnIuzjeKLdDwfuPD3QaqBSW6oVtZK2RmvS btTmahu1LdqtWgVzN/Iarardpt2h7dHu0cZpC7T78Mp+7QFtIk2HkI5o12F+DNNx7Untae1Z bWJhUHteO6Od1c5rUzAtaG9qb384RptK0zptFo5CUgHtkXxKpbQe2xZoyb//ZeKs5PeTK862 bvRIB/jxVDuM6SP0nFsML8MUnmTPYvoo81NmEkpjzsS8AmXkeRXeyYAF6pfpuw4yIhIU4Hhh zQsiukc1dy/TeQdqTPQ9hHoewHQEWzVqj1EZyZO/++gbiYDoyaJ//Tkb63KA/L3dXEwxkAeP AQePQwGer4tgPcSjTCKshgpMiVCJ6T0gYUoCA6Z7oBo+gZJ+EjZACmLOAmvoX9lMBTum+8GH KQ1UTA/AKUzpqPsr8CCTyCTCQ/TXob47uladZguqTpdcqzpbdb5qpnRn1WzVfNHkk+NV81UL VTerbledlWKqFqRVUlKRRUoquSytkdJKW6UMrMsuNWgzS66U3JLypMKifqmY5FpeC6UGqUyq KOovbS2Z0IJkqJot9T7WJG2oOl11WrJUzdBek7D/pSS1YT80PVlbcqtoUrKTXqJJC+FUNCfV 453eUoN+LekL+e3SzseaSluRn6E0IzVJrXh/DOpzloxC0+6qBZQviciNUpx/sre0Fe/aKQWr ZqU8bL1X6q86W2ogVDSH/SxIg9LBqvPazKrz0mFptGqm5ArpYYlua4EStpdWYc+rpDHa+wlp sshSMiElodaEcLQInZHOkX6jo9Aeo4QyEJIuYDmPvSJJuyU7ScQS0iVp7slxqfgJlFEqxHZX peso4aIeor1Jq/Q8Gf+usZH0gj5ZWoPWR21RSuSiRGrondiKyvXfoRl9313y30X6vqLJon79 gH5IP6wfWdJ3Gb1TPanTH70j+V1aYL1+nHg5TEQGMsaS/GdLrkjZ+vRSL+aZiEov7fV81Vl9 TtGcPl+vLW3Tl1TN6sv1lfrqosmqeYpT0NdW3dbL2KpB31y6Wwrqt1AfLurb9U5iSb1PH0Ls FCJy0Yf6bv0uRIdF3yuVGduMdqPXGDRuN+407jbuNfYXlRnLJG/VrHGQehNHMB40Hiak7zYO SsXhO8g14+hj9RQ7S9YMW07aXTJFPH7Hp1IMYms3zrs5pOsEW8Yx4wna96TxTGlbybWiNorV vVIbuYPYpuSKNrOoDJPFcMBwKMrTVGY4gtjJw/IY0nHUH4p2k/Tk8JPDhpOG04azhvOGGW2m YRbtU2aYNywYbj458eSE4bYUlC4V9X90q0FTajDGPJFtXGVMMrQY1xjT6Aht2kxjBs7OMWM2 Yh3HMOZ9VFNapm+n8wlHNhYai/W70HbyR7eWnDKWGSuMBmnRuKHqttFCvGSslwqJJiXX0IMT +lP6Kf20ZEGtcAbqLyJd1k/rUTNp7xPBJXvt1V/T39DfItqX7iy5FbV71bxBEy6lQkOcIdGQ Ykglsyha90Q/9r1oWEfIkJXvM+QaCqpuavklonNbHzKsxzHL78SFJb/EYGwjROe9oRRJNEj5 PoIdQ43BRDEU4SmKpjGAbTQ06tsNLfpyw1aDYnAbVMO2KLoxohqw7Y7wzDT0YHT1EiLeDMcO g8awx7DPsL9komoW0b9QtPvpMyTaGs+hH84ZLxibjK3GS1IFiYco4wL6PldfXrpXysbofAt1 AqmsqD8cjYl/jHPSXmMG8bxUhqNnG68arxsXpbxqqOarhepkqeyxen139drq9OpMyVKdU51f ra0uqS6vriwqq66urq2Wq3OqFkp3o7eSSMzFmI3RqbqhupnYhMhd7QxHSoJg9OpE9ZbqdroW Pvv/0Q6qBdroM3PyN+Uhzw4MUkpeOyYnJh+mBkwhTN15p/J2YerFlIOpD1M3pgFMQ5hI3TCm EUxHMdViGsc0kTdB/rpl3NNxDfSveH4MPo52rcKJzYIRdwc8fAqtl4B2/jTcC4wwJyxQieh3 XR8ZAaakBMujWP4f8s4Huqrqyv/n3nffv/yB8BIhBoghYMCAlKHUJoEBfjalmCJlKNLUMowi ImKKiIgMPxdSi9ZF0YlAKbVIGbAMVURKESmDisggpYxSCtRiRP6VQcSImFKbQvLb+3POe7yk oLYzv67fWr911/6efffZd5999tn33HPvu8m9NtS3fE35OWi9I+U3CW1x+9uFdjn5HqE3nHyL k21pdVySP+jKpHyPo11p/PY0/pijXa58I60uSSdd/fY0W+tdmaT0/iTLpI+t7V3Mp3Tf0ulS x7Ym7etp1+bZtL4n/dri6g+28rc1tW5/SxqtT6Okb8fccbtcm8nY7EmTJ8dwS1ofz7WKY7Lc k6afLKWuwk+LbXpd0gcpK2KubJPmw/pWba9345ks033fbsuKvIscv6m8RR8rCoSKhEpa+tmi L619bR2H1mXrNluPRTql52yyD8n4Hbtgo6LXx7R1sf639qF1eTBtHJLtJ2WtS6dT0VeoTGi2 0EMfE5f/V8pkfJPlpcbrE8pUvz+hbB3jZJw+qWxxfrUu91zE/6T9geWpc6eiUqjK8VVpemm5 XDEiTWe0tU/eu/m6YozQuLSYpeeGjv/E8hbnYcVkoWlCM9PinsyVeULzy1PnYuqcXOx8WVre cq7ZVJ6a6yrWCj1p+f6PCi0UelxoWTnzev+VTrZaaJ1rW+fEsxcZw2QfWsulrf49bN/S20jW 999o+9BiDvykXGs9337cfHWxeWm79an/ixfk/bcJ7RTanRarS81Dyb5e7PrUSl7xlIuz0gah zeUtrlMVW4V2CL3WytaxC1SxV+iA4w/ZsUlR0s5xV54SOiP0kev/JaiiyVIy7/oHrswob3Et 7Z8j1L68xTzdv5Mri10ce6T1PUkSq/69bX+1j/37CVW44wa3jFf/IULDhEYKVQuNFRovNElo itB0ofuEHvgU+ZF+Tfm4efnT5luyTJ5bl7r2XKpMnxvTz/XWZXLML1W+cQn6pPY/ae69WPxa nz8Xu/5/Upk2F120/EvGJ93uJa6ZF23/YuWetPbT4v615DjpObDfngf964SOCD3s6ISl1Ho1 eXzStuZyffmFc3h7ecv1cfL8S66N3fE6f+t1on/DBR8499rb8y/dXv/G8ouvvZ3dAaa85XnY ao5KzkUDIuUt10R77Hk8IOtC/wYk0vLC6Q3Ib5UnLt4Dul2IZWrc0s8B1SksP6fvPfGVBfP/ z72mV6v/hd9keW30wyalW4S2C+0S2iP0htBBoWNCJ93+aaGzQufsfk/fUczq9GwjlJdGBWk6 RUIlQr2E+rrjy4QGOnnlX0FVQiPSaLTQGOfHOKGJti1o8sfQNDO4dEbprNI5pXNLay+fWbro 8mm6ldambUuS3OXzS5eXrrp8nqtfLrTm8hGl60vXd++mqKXjNtk90VyOnh67pXRV6fbS7aKx K23TbzAk/vxNX74sEvBNkcv4dkh7vh1yOV8N6cT3Qjrzjm8R7/hezTdC/o6vg/TjuyCf47sg 1/BFkDK+CFLOt0AG/c3b87yEZ9+a3WR6GtNdcqn72VZ0ztG1tuwhedNDcqtHmzSSvOohedWj yJHvqMSVvS7YQlfGvkeZJeTXXiCtK97xidSze233Ra22JX8m+Xj5RTb9miBvchu+HGO/GRPm Te4M3uTO5psx+XwnphNfiOnMt2GK+AZMMV9/KeGLLz34ystVfN+l9P+aXc+sMesv/AbUeaG5 /soDnTfqduWhztVXHr/y1JVnrjzF/kdaQk2dN5YEJRlOa2NJjsp1K2mvspJi2XLsduUB3ZIW SzqJxZQ9sMlaStrpXI2FDNFZqcep3LbceaM+OfQ1xhF/mf+CTOsv+/9hCv1X/eOma+TeyL3m Czp7msrMn2duMV/kizX5Qgn3LZguqeMDOf5JOX6lv8mE/c1iq4BjOolGe9DFo2Nv4ynpV58U 9WtGpswMTNPIN4n8Pfl7OhYWTy6e1rGwY7eOpR2Hy5bfsU/+wY7XCA3oeG3HodhYrG/g+v/m /5u0/Yz/jEie9Z81vr/OX2dC/nP+c+LZv4s3YenTDhOjNxni2QsmM/Ml8S9HzriHvR08uxtp 2kkmzzbmitGWih+6wKdT8byLy4W84jPm+uJhxRuLjhW/WNSneJuWl48vXtclVrzzih7Fu5VP 7heUFu9XneKRxXUqK64uPqLyooPFJ9BpU1xXPLa4XkvVVSoeX9zAMaJbPKm4sXhKV5Mkju3T 9VoltQlVd40IjUqR+JYk8U3a79rN+dhQ/GjXUst3vaa4ousAaW8bbS3ETpbza6PzqT7Nn/3Y ntT1xuLHu/YpKO1aWLys69DilV2HJ/t/+TDxY3rXrOL7uibo1wPS3yT/cNd8xlG/CWb4gpYX vzH+j8aP/1P8JhOJj4+PN7H4hPhtJh6/PX67yYzfGb/TZMWnxu822fHp8XtN20+dw563mm+S ZZnpsm4xXWQ27LLB0WahrY5kVuvymtBeoQOWOk+Q8rgt06nLqQt84YELJPtecXv464vKisoK d+e3L+zUZV0H4TqM6DCisEG2FzvnCdfYYUQR+12G5be/YkJhpw4bZBvRZWNRZdG4Lg9Lzc7C naojWo357TtskCM25HfKb5/fvsuLXR4V6Yn89kWVhUeKRneYWLi7aEyKsFk0T6lwXWGjUlFl h7Kiyi67U1R2YbM+FtZbH4tGyHEzuyxTvsvGLiuLSroMk9pO1j/1zflVJq1XieUq9UisO3/E tvrTUPSQ+LlNvNipfhfutv0XvYldFhaNK5oorcmxhSfEkvBdHpe9aUX6XZUs/xFf5mj/+/73 Tdz/gf8DkxH/evzrkgFj42MlA26J3yIZMCk+2bSJ3xW/y+Ty1bO8zIbMBtMh82zmWZPPd80u /4vmOP2i2QihycxyxfyNyY28yzDAzXzF6M3kjQPPDEnT62sm6Nd5UnqezEY/lIz2ZT6ifVor pDX9nm6MTDdkekCmR8j0KJkeJ9MzyPRMyfTpJhtL2gdDH8L04Ur8WeT8Xk3bXZE9gNee2ZIm e835na63Ca89M8XJ9L9n/Xdir1HPv2SvI1gyWPKw5GMphKUYNvRLy+E/94FWMrHf5pKx8Pnm l0bDjkM3+jjDxWJKSuabMW4U0/UmuFgMdbK/ZpQ+adwv5fciszHNbyvbZJ5Myz0rm+xGMV02 341iUvY/NYafZhT+O6N8sVh4ZoPZxaqgQP/7eN7IFF2fVyVbQd6IvNF5YwTHyd4YZBNBy1dJ bVXeZNnG5U1jX/kqt82WrSrvIUdVaRZjslVBSXtJS+l2JlNqzUzan2j3tS/xm+M3S5+nxCXL 4vfENQM+9bXJrGME3S+buWOFVprrc5fLdi24KlUuT22rctek+PWyCSbWJR5NTNEtTXNLYh2U 3LeW1lBesLAmZcnamZ6bZSWJaqFtifGJbbmbcjcpJrZplsdvjU/8a3uYqBdqMNcnTifOJs7l +rmx3Da5eYJaFuQW5ZbA98rtK+jnluUOFFlRbmVulfAjckezjRPNgtyJspW5TY+JpSxOzp0G FuTOFB21FnOWZjs74xJnpU4lMY5WqqRmDD0cF5/2F1w/fFn/72d2tedhif7/fK+vV2a2yv7i FtIeXm9m4QdaSAu9bszlNS2keV6BmS37o1tIM7wc/s5ycAup8SJmlOyXpkl9c5Z1dl5KdqFv n3yGJ/zl/grR+LG/Uma2n/g/kZX1an+1HLnWXyux2ehvNFGJzcsm5m+TCMX91/3dMv/s8X9t sv19/j7T1n/Df8Pk+Af8A6adf8g/JDaP+kdlztmUuUnmnBdkVX6ZrMpfktzQtf1j4CPgD/6M fyyNn5/GL0zjv+d46btX5El/veR3Srsjy/cKZe90C1mOp63XtZDFvDayt6OFTCPsyUinycxH pkn2lrWQnZaoe3ItSpedMPVcjdJlh8xx2RvfQmb/znREC9lucmtAC9mOFtcCK9titqeNdXfu 0XRcDXOyx5yss3ENV7wWUY1P+rOozk+TL4Afl8aPTYv8I2mRf+wC73S+l3bs99JsWv6OFqNm ee1LMW916n2k7U2PC9riv70HVVwnmGHCstrLSElbzDdZTcZkB+b6bJMdyc4SSmTnZxcKatlN 9kuz+8iWn32N4IDsa0U+VLaEyIdnjxIN3Wpc2Y3j0rdC0UvIsZHsqWJjhpSqk+VqBwjNyr6R Onu00o1sfbJvErwpe0LauuHT3s+08UbRw6nSb5PIEMpJI7n/SEjcEsVCkiGJ3k6uesta0UpX rnb8OqF+QhVCg+1+ziJzfcacdofajRA83u5UuzPtPpLtVLumRJAxR7dERrsmLXOGtjuUyGl3 PJGTaJ/IEe0zuiUyEsWJYvRy7GaPSlpM9FCLgthL9FZbaumCnUQ/sRu0O5RZJXynzF4ZNRlL Ep0E52TU/I+teD7t1ewIs0UW7xKbzD5C1wgNcKXStUJDXTnc1aneKEc3SjxnZZZIP+Zm9s0s yxyYWSlbVeaIjLkZs3QTvoqyUrT6ylaSOTpzDPuySTlCdLV+jN3cURcsTk63p7acpaSdsswS 0SxRWxkzMmozajPHZU6UclZG7V95f/JXZW5bOTdzZH7OkczMkQzNkczNkczNkczNkczNkczN 6ef0hgnJajCnWkhWSTkyb+ZMEpri6qYLSdbmDHYk+31nmeujO9uWtFkk2KttmWwDZStre6ht VXSnbm1HtK2kHNi2pO1o0Rnddkzb0ezrNrntxLYTqR9tN3dUS4tlooU9tYWlC3bKZK9KaKDw 42JTo+uiR9qOE9wZXfc3z1z9Hm9j2gpA73ciTVPOH0tun3DFUH2P0dM5eEdzWXJODs2J1Ap/ PKJjezw6F6xWeXSz8YJZ4TqZmesjehVrDO01XrguInfJQYHK471DJ4wX7RQME8mRyEOSI2PD Ro9t1ivccUXRkPnfq+IqcLxpivKKoTkqCc05f0B1FINZKvE3o9moKG0IBrcir1eM1jQtF/mM Zrmah0Yqer2aJ+lKIXJSMboK7IJkFFgLqv91EX338nTk64rR3Wg+qFeoyCHBRRG9k+sbjSGv QUdxGWjCen9qtFb0v46E5wjh9Uj0WBMcgW+DvA79pSAWXFv7QY12I0c1ao9Mo/ZC+L1a2zQQ 7Ady99sk49acq5ab3sJ+PHiJFjdIZJ6JVgquABdGZKT9l8F68IDKQx2VD21Bshv+dbAUSc/g FcFK8DqLKvea4HcreifhXwangxVWBztZ2Bmk8uYP/A9EUhSW3gWPBrJeDvcK5KoevKd88BLy exXD3wieEr5JeW+mYmg4tT9Ecn3432XZlkDTA7+Jha3YrAazkczEzr+ikwHmKkarsHYUtPaX h5Zr38EfhSTbQ/vC6zQyKvFHhncKfyzoKvi8Srxega5DP6MYuga+RPUjCWfhacFXVO7fH3QW /h9D4o/3++Bzwr/AUQsUw3fDTwCXgD9VjIzFzjnFyCFanKzyIIL8JJoj4fNpqwh+Dpr9gx54 qGfKB4qhPYoBEv8u+NmhN/Qr6GiORWcnuFrRdPRGaxaBcTDmyZnYXO8/x39m6aPnrKf3QXWh juq53ud4h3yNQ5NiqKOcl57fR3l/KfyDoaGaD/D14Nsq8VeAu1XidUb+kaLMKvoXTI3KhyaA pdTuDgq0v9aO8v4q+NvAA2juhF8BVoM9PZkt/eH40xOswNsAXr8pJj0K1irCH7YS9UFaV51B YDXy0xzbgORtxebTQV+J6rDwZMG1eu6H7mBE7sHbCfAL4Jcris5kcl40g9cU/RUcVYqkQGtD J9CZ5iTryeT1GiU0s5B8WzF8N3wZ+vPB0VjYAj9Ja6Md0JkPXoWFBVhrYqZqxrcsRXMYm6/g 80ybV8T5tuCzwkfJsdzwP4nO5zmq3PYRHKrYfERX+P5S5vn2zR8we+v8X6S815naFVrrV8Pv g18HzkW/xslVvwFJH7ASTDSNSd7dSa1eU/agX4KFEo46Cd6LThP4RdDeO74C6tca5DzSJ4oy 0rcLPoqd+qYN2nd06rimTFE+TCuir5pzdH6We2kZdzkTuLopBlfA3wPORHNi8EPR/IZeBbzR frny/kiJ0nP+bPA58BjROCx4jLzK9mUW8j3OppHgYrLuy8G7er0PjorkCbUcKsJ+NfwJRa8B yWYkc8CRikEB8hIkG8DXwTsUwz3Q+T58Hvxa+BnY3IpkGPqLwSmKpjHQp5o7wO8oevnwyxTF K+UPgy8i6YS1WjyJOQsqwbLfB74XuAvciHwhWAPORj6WY41rXXn8NHXgU+Bpp6O4CJwHTlZs vgl+PDhA7YT6YZnx8p6krd30dC9xGGKtNXMFlxzX9czPNRrNa7VfYL2iyHUmWa8o6xCVbKB2 M1iJvBY8pBgMQ2ckWARmgSfQX4HOEWzu4KgGMB+8D5256E9B51wgc7XXN/iV8B+GJ8E3CRaF czTzNX+8sPJeXrhQMDOcpXyg68jDEX2W8kZY1yQnI1lEr0rwar3imI7BZwS53plB8HG9ujX/ Dp1EMBv9ElDlf1AUfhiYB5axzukDXsaK6GawGNwmR23U3BZev8nRgWtodTikEdM1pDnMWmsZ eNiuxNRnvyTMDBDeoairO79E16ve2EgvsEERyVbV9LYi34q8AUkDkgYkW8PjFXWt6zUoig9W pxb9HcittR3YqUVHW69Gp5e1j04tfC2Wa1ViGunLDrCRlXaj9Vbj4w+iL4OCPyjqUYJqoRdt 1Vr7+PMkOMrxWjtKNeVqwhyLPyvwbYX2SPhezPn0RduSNcMU+CXqj8xhkj/mH3T0+eXlpNG/ hDXmGlC9jZunwXt0Hmt+Vo79CfNqrsymYqGJqwNYi6RR0etleV3Py2p2g9Yq7/WyaFfsHNWL e4FaVu+1uu4V1Jm2ROV+NToN2ByLzli9ZwnzhCycp3YEJzGX3qhHodlAK1vhHwe30uLjYAM2 x+LhaWrvtchR91L7Jm29if+H0TxsbeoK3Btr/SQ+jVbianUNv4OjdqhcagfCD6SnWXq+n1+l Ets6dnrpiJvTHGV4BjYENM2/EMxr3iNYiCQPSWHzn2T9v0UlcrziBkWf52x+DK946il9VEkf +F726kktzyv9heBue6Wm9j7bI3tthX9WUSIu53LzFxSlLeULFMWatjsdvAucrCjz1S90RNRz GZcMeK7+6rk/Hp2NYK3jrc86Y8wDj4N7wGXgYVqcCF9nuMvQK6b5jsd9a3Qcsw0xZCY0dlbh rZ6rVdJcrxKZGfRsyo/qWyt7iLzRs0ZmJ2akSD6RL2B0yGpmhlodO3+QnrNybtbqXG3vl91d rT1TNFZLiF6li+EiXa/CZ4ODwGNE+yT8XLsCAatVX9YbWvsVN5qLjHvW7T2JhLd4vBusvtiQ thS9BrBW0TTC/wTcik4JuApJL/hscBB4DPlJ+M3gXLBeMTSS2lfB+8Cv0MppdCqQVIFPgj8C m6jdB9YgGYXnoxjxUZoh3jD4r8B/RXNDem0zX69rVxPVji4Dtb/ryNVzrLuuxdrPwMHuCfMi znfVrEC+C3wV/JFdYaJ5GVf2a8FM8EtgGeuEb8NHQFZQ5gowx61e9CpcheZziue/3Myc2fww uAScBPYGnwN11Rp28mmgzrqm6T34beAstcZa15z/iFrhm34Tlqv5+Tf16tz0fiRT8D1FyfCn wF+St4Xw9mnAWfB+PLQ6+k7E7Y7Hn9CH8JvI/1PwryB/B/418F9BnakMd38mwH+NQPMptW/y aOUDeBPcBNKXQPrYdCQqI3L+WLRCPddrt0h4BhIZDL4PvgBOBXV1Z1RfvGL9EG5E/k3wPvAL 4Le4/i4DX5arwOhYP8FXFYOjipFyRR8MDHg38qcUo48oeuj7SGLoRDvHeN6C/rvU3gCuVgwh Dx+Gx0KwD8kvsFwHPwg+DLZDMhh+JvrTwCbaygKLqD2D5tfg46C1/A30qQ1lIvkTtb2R/A7J O/BPw2ej3xacAfrg+/RiKTgZyQKwBmtfBfE8mADaXueBv0QyD7wJ7AGOAseA9DG4A0+sb/3p 3fMgtTHr/8+ovRN+C+12gq8C8Tx0BGtlSO5XzGCM4oxXbDyIPLQE+49ipyfyIchncexK7OwH H0JC/MOMhX+aY/Op/TEWrqN2PRaQh/vBL4OvBo+DfZCTIc3f0DwUlDz07wfvIzNv1mdE3r9F 2mp+auaHX1UMjipGyhV9MODZYHA38qcUo48oeuj7SCTDF5Phi8ntxZqx1oLy0c7WsvLBu9aa 8v4N6KxWDKEfZhUdwn6wD8kvaLcOfhB8GGyHZDD8TPSngU14mAUWUXsGza/Bx0Fr+RvoUxvK RPInansj+R2Sd+Cfhs9Gvy04A/RBZg9/KTgZyQKwBmtfBfE8mADaXueBv0QyD7wJ7AGOAseA 9DG4A0+sb/3p3fMgtTHr/8+ovRN+C+12gq8C8TzELBeUIbnfjiajVgfuY4yMomdH8ynFDDDO iMfGgxwbWoKFR2mrJ3Jj9eGHoDOLtlbS7n7wISSMV5ix83mOHc2n9sdYu47a9VhAHu4Hz7Pu cDV4HOyDnLxq/obeCzff0Cx53jyMq+rTTdcLHgXvUgx1UvRA34DlyG8Atysa9D0kATqhR5Fb /XuoLQVHg7ORn4bHgj8JPMaxk+F/BO+DMSTL4P8evgK8H8lDYC34z2AAWpvPgMi9B+HPU9sB yRkkDfD74LHmR8EBoAfei85XwM8juQ68BmtXgVcg+Sxo+5sB3opkCNgHzAN7g0Xg59D8PvgE 1t4E6XUQRue31D4Pf4jaNvA/Br9D7QfwdrxeUgzbcWGMgr7gIDRfw8Kr4GXIuyLnKP/X4B3g F8BN4AvozOCoeUhGwneDP0CtlT8Ov1tXPpJXY8grxdVgOci6yFj5h4qSRWPIN5Ushv89Oj2a z+pzV9aNG8jVj1g98jZOEAFZsYd47yf8FJKHWSUeR8JdcGgM/GRqV4IFWNsObuaXrAkc9eOm mXpngWQK97aHsDAQ7KeSKPdoXjFo7wuq0WxDK/YNkz3qf5R7urBd/+fb+zXuiysVwwMUgwi4 FvlH/E603j6PbRqqK3ZF/0H1KvS6fW5JWxPBwbZdLLxB7Ql7P0gMRymGVtOXvWiu0XuikL1n 7EccmAHkjNPao3i+nlGox8MbkSCP4L/ERGrDOxSDYeASvQv259Lik9jvR7vL0c+i9SxsTrcW 9CmuXIS2cGe9hV4rJsDN4GxwOtjHyfcSZ8WFSFbBzyZuNWA9Tx74bTHEG1+Be7LdNIe7/uW0 u5zR0WO3O8+ncLdoLezVuwNwlKJE0raikl1Ofy+z2V5s2qyeguZy+OX0SOUxYnJINYO/t/cv WBgPPgHusNno8n85uTGGUbYjOIW+E3NyaT3jMoMRz4H/Lha22btL9CvsMxks5NPrqWTgRCI/ laOG2GyxWeHOkbjwD+lREZ4zhOdpbWQ/lsepneAU9g/Q4iN4NU8xTu7FzihGeS4R2egszGRE BKPcNUfGKh82yFcRt53WJm0ttXfNPOc5qRjMsfmDh1voy2B98ztsn4Hc6dWJvDM6i+lLPvwY xrSRntYhWY5kEW0dQzKSGM4CJ4EF4DBqN6C5it8L9mM5wAIxCf8nmT/bzmb4xpke6opXd/Er 6lxwBb+rFsHv45fWYvg/gdOpHQlGkawC74p0FuzC77NdkJTAJ7BQi6RS0bwLHrY68HVYm2B/ 2wX78Mvvk2AuFhqQvw0udL876xpjH78yFymG87C50K3cVGezW49V6lMI1rfFDis12qwxipwd xev47X4iLQZY64Nvc2i3BoypJBiGfAMe9kK+CssNNhpYHgiWgqzT/A7UPg5+nqPmIh8cfl+v OMhf1CdLPmshw/rHr0b+OVq8ilamIqkhes3ws9E8AGZrL3z7y3iIvvzKji/vVPTEDqvc0GfQ 30ystsMPp3YofCd41qsyUmrzQ/j/baOK5e74k295+4s8nu+hxWNggp6uQ+c++Hos1NPuAftW AJJ30F8H/7btl/19P9ysfrqs+676o3froXLlQ3Ow3AvNj9BZAF9NWytsnCP6JtFgamdSO5yx 20VtNhYOWR75H3k68S78WJvzyofuAKPIt1pkFE7Dvwm/CDxucz78gPqvfPgp8DGbz/rcL3QC nU7EdjOtL0WS596FuI+zRtDjbktswru3LG7RbHQ5qZrTiduD1H6VVtYg2Q1yt+JXgneR/+9y 7nAPFRpjx5pefItjvwX/Pvz7lufYEC2+gycNYC33BWR7FP8jVYpR8jO8A3+eUYz9lNrvIR8A cscUmmJjgh08iRKNyESizT2Cd5+dSWi9BE/GWctYmIf/8+z8EJlBfGaQJ99ldlJ+ZKRMLPwA nfKwztgP6i9TMufU632c6pijysu483YBOATkaZXfm9o6cuMwMdmodvwfuflNfyf6MHKv2ncz YSEzmMoXh/UNn9/T1hHmkLXgLPp1L/7vJD5tkDPfhg14NZLvo7OcmLyuGBQohhuRHESSCZYh 6QjeY7M0/KHw7yE5AX6A5jB9MiZ5OBh/ZtDuYObSwbQuGOXqEJ5B6yfQGaYoOsoXENu54GbV l7liBscqjgevVgwt55w9Ab4e5loTtmc3+QxuVgy6oXMQPlMx8mSYbFGMPk+GdKDvN+DDa9i/ J2z9xKuwPcu09SHUbsDmH+H/SDyZFQOfODyDfCe96GT16e+5sD1nZ/BWg3q4GzsL4KuJakfF oAxvR1O7l6OW2euavV44bwcz+jPgVf4l2jpnZ0tr30VSW/w2fAU2zzFq76HTU1uM/gt26mh3 GpmzH5vfpq0Xaf0gyHkXLAGvYjQ/j/4u+B42iyyPzlvWDjgfTSIWfgCebJeo5jH6KrkGCedg ZA383dgcD58BvkLt1zlqNDH/LHiEfj3B+dIJyVXgW+CXmAcGw3vwbbDMOejfBp7HwhZrx55Z 8EUcdRZ+MUcNsdcCxeiDWGOej9ZYf+wsjeZjSE7BMxtLtLWWK0KUq1L4RSwvD3cnn7tztfoq 49Wd7O1OtnfnvJuvz6lokatkZBT8F+Hzaes1PH8JPIX9ZXi73fLWDriFtm5Ds4wzbi5Y4/J/ MKOj5/X9aiHjRuXj85WP9QN92mUVEe/N2cQ7dWFWYtEVWBhBrhbAP+XmB0XPZb5gxt3o815f cKvLbcVI2ObYYM4O5b+M/Eu00lf5CLN3ZBwRvoVs36G/OITeCu8VnEpM7g4GCp8ZrNIMD+aK JqtN71Xl5YyYq8/ZwDGK3lhGZIAeFdytUZKMLdPne4HeC0xVibdPWwmYzwN7fWG2Pz/c/Z7y LcG28G3dLyn8Nt3MLx3N3wZrwBE8O3oXfp7+KqH6zWeb9yKZr1dztePfpRhqDz8X3IykHH6f olcM7kJSTe1IsAjJQvgs+HpwOrgK+evwK8AfgH3AErASy3ErOf9bvbrRuxnwh7EwgdpBKpG7 GNUfCzYhfxv+kNb61od9ygefhd9NbS8wH8uNyGP8Qt0dvgetjIGvQbMBaxXWQ6wNQ2cDEvpu 6qwmkmz052LzEO/uRq3Ptu8q8UeCm/ld+zgWXqF2nR0F/R3cGwvWIrnNxUStFWH5i/ZXdY79 MtbqwUHYfBZ+H5ht44x+MZLZ2JnDsb+xEbCjSe067shy0b8P+UfIX6bXU2y0rR1qQ+BwJNdZ 3o6Ci5jaeVOz0fuVooy48n9EvxO1X0d/FF4NpZWh8DZKPdGpwtt3bY/o4yLkf0crieZuitRW uBZV3hPLGxXDjykGf9Ja4bvp/ICkwHpic17fRvBLwM/Z/Ifvw1sKnbHWmfcWDiuG2lPbE76o +TGNOfe2IeRLwVU2MhaRzAYrbC3YCVwIrkPzl0RgoM1b6w9YD44D30YzYTMHSQ2+/QZ81z69 wc7XbFajsx3czbEH6FcVOBZ8nz7+Dp3nsfwvyA+BE+0ZDX8LeXINmtOtNTBE/P9ITF63foK3 cVQTfAx+Km3tZ2SP61GxfspHOU8jo8DBjN0NWhtljop05034U4xjIf2aiVdfJSvGo8msFbH2 A+Snrefnp3NmKW61PtsznedFIZ5KzcPmPM7ipZonMh92I2+7MZt105nHzjBgOXPRg9ipYH5g jjJHkQxxZ5/qxO08phiaYOc35E3gm+CvsFnZVCpo4HujOQNvf2TPKWL4IU8vy0F+YfcX09/f 217zbslNwTHxZ3owXHmy/WXuR27i6fTL/LrX0xj3jkCGWeo9ZcI3T715nCm65Z+n1phRt029 9Q4zduKt46aaSTU3T5tsZqjdG0ZWFplCuXI06zf+TNxkmnYm12TrnshiRv9qLcu0NQmTZ9rI vr5pqjUmxXn61xiO903EhNTusFFDi/R/sVAfuLqwyTGX3XLLN6eY2eBD4DxwEbgUXDW+5vbb zLoJt0++2WwEX7x98u3TzDZw5+1331ljdoP7RfFmUwceqbnzlhpzAqz/5q3jbzcNYONUqfYM yLNwE6QwBKcPp9S7SAvJBc4zPLO27744zEzDWBpmp2EUtHYy0jDLYTvTzfQy/cwAU2mGmVFm jBlvasw0cx//IWChWWKeNBF9LcE8bH32EraM2PfXvJj+T2f9D9vdXLnQ6F9+ehnDDX8Bk7Ee f72M11xZZ8ucQlvmrpPjpOwwxJb5E62d/C3SltjP3+32j7le6PtEvEHEfzXxxevr9U2GaAV7 f+P/RxWepBnlFfv9QkOCatPJVJhrTZUZaW4048wkM9XMNA9I5GrNYrPMrDJrzQbzotluXjP7 zUFzzJwyDeacXDqyohtMKLo6+kz0eco10Y2Uz0Z/Trk2uknKZ4T7d8pnopsp10RfoHw2+iLl 2uhLxpdyi+ytEe2XKZ+JbqVcE32F8tnoNsq10f8Q7TXR7bL3rGi/SvlMdAflmugvKJ+N7qRc G/2laD8b3SV7a0X7Pymfib5GuSb6OuWz0d2Ua6O/Eu21rSKi/5l8hpn9qSKyh56vjv7aRWav i8w+F5n9LjK/kXZWR99w8fmti8sBF5c3XVzqXETechE56CLytovIIReRw0TkiIvIUReRYy4i v3MROe4i8l9E5ISLyDsuIiddRN51ETnlIvLeJ0RkkVlqVpo1l4xIvYvI+y4ip11EPnAROeMi 8iERaXAR+b3LmLMuMn9wkfnIReaPZEyji8+fXHzOubicd3FpchFpthGRiYaIxDwbkZhvIxIL aURigY1ILGwjEovYiMSiNiKxmI1ILP4XRGSb2WX2mjqJyElzxjR6vpcRy7ARiWXaiMSybERi 2TYisTY2IrG2GpFYjo1IrJ2NSCxhIxLLtRGJ5dmIxC7TiMTa24jEOtiIxPJtxsQut5GJFdjI xDpqxsQ62fjEOrv4FLr4XOHicqX2NFbk4tLFxaXYxaWri0s3G5e/OCKnUhEpcRHp7iLSw0Xk KheRUheRnkSkl4vI1S4ivV1EPuMi0sdF5O+ISF8Xkc+6iPRzEfmci8g1LiKfJyJlLiLlLiIV LiL9XcYMcJH5ezJmoIvMIBeZwS4y/8tGRv+3pvrNFWi+XAmyzGR9eUyuBp1Miekj8ao0w011 1q9lpv9C7B+C+Vl7Hbcgax/cSJHtd9yCrN8I90X03nDcgqzfwqneAcct4P+rdDO9TZmMxzAz 2twks/o0M8s8nPVmqqW6VEtvpVo6mGrp7VRLh1ItHU61dCTZUta7wn0p9gWRnXLcgqz34L4o snrHfZxHR1MeHUt59LuUR8dTHv1XyqMTKY/eSXl0MuXR+ymPTqc8+iDl0ZmUR3Lue7293rKA KfALZD3Y1e/KtVhWbtn9WAVMM/rfoiItRktWP6EvGd//A9zQFHddiqtKcV+GC/M/8PJlrdiN I89w1Icc0YD279E8q9nin5EjNFsWmsv/PFbmcVnXrDEbzR45fz6SMyfLa+8VeaVeP2+gN9TT 952DzK1i6wdwr6S4bUnO/0/hFsO9luJeT3G7U9yv4HRVmuXvUd4/KriIul+ntPamuH1wIYle G5Pn7+cI9eQRX734Hjq/SdNp76tPi/z/MCHRXOS/kbL02xR3IMW9meLqUtxbKe5gins7xR2C i8q6Od8Uyej1NteYAb6sDfwnpL1f0OoT/qui9YQvKwV/qezvRLrU3yHSpf7hlK0jLhZR/1G/ VvJlmb9SNFf5q02Gv8ZfY9r6a/2fmhz/Z/56k/A3+JtkxR9iZZwnWaP/xUXXfTnuPyr+q1Q8 7T8tNteLfsh/wX9B1oqSef5C/lJc/1+e5qFcdfQb6bLylXnWf9x/3HT2l/hLTKHYeMlcwV9+ D+Ivvwfzn+9Cke9EHvL1biEUovlQRihDn0OFsrAnGqF3Ip1Dmvne/2nvPKCiSBY1XDM11SDT ZBAEJIogEnrIOUgQERABWURUclCEERBRUWGISlDRVVFUwLSKKIqCCcEcQFxEVHQNXK8BE4iK IKu8mjKsu9cbznnv3T33nAvHnurqnqKn6/++qeo+M1JqlIbwCFnBoBI+hWpQF46FhtAYmkMB zILZMA8uh0VwBVwDf4QlcDOsgDvgLlgJq+A+uB8egkdgPTwJz8JLsAW2wnbYAe/ATvgQt/Uc voA9sBfpIn1khxyQE3JGLsgNTUAeyBv5ogAUhGagMBSNZqMElITmo0VoCUpHApSFclAeWo4K UBFaiYrRGrQWrUcbUCnajMrQNvQT2oOq0UFUh46iY6gBnUbnURO6glrRNXQT3Ub30AP0BD1H PegN6keDaIiClAjFpSQpaUqWUqCUKFX8utUpDUqTGkWNpnQpPUqfMqQYyoQyoywpG8qBcqKc qWAqhIqkkrgHuAe5tTSbpmgxWoKWoYfTSrQarUWPpnVpPVqf5tFmtBVtSzvSrvQE2ov2of3p QDqYDqEjaOG3VuyEolA45FCDargfdKAOYOOzPBb3gwE0wH7gQR5A0AyaAQpmwAwgAjNhJhDF Zz8bDIO5MBeIwWVwGeDCQlgIaNwbK4A4XI17UAL3yo9AEvdMCZCCm+AmIA3LYTmQgdvhdiCL e2oXkMO9VQnkcY9VgeG41/YBBdxz+4Ei7r1DYATuwSNACfdiPVDGPXkSqODePAtGwovwIlCF l+FloIZ7thWo495tBxq4hzuAJu7lO0AL93QnttlD+BBowy7YBUbDZ/AZ0ME9/wLowm7YDcbA V/AV0MMp0AVjcRL0gT6yRbbAANkje2CIHJEjMELj0DjA4HS4AB5OiBswRu7IHZjgpHgAU5wW b2CGE+MLzHFqAoAFTk4QsMTpmQGscILCgDWKQlHABs3CMxpbFI/igR1KRInAHqWgFOCAFqKF wBGnawlwwglLB+NwygTAGSctC7jgtOUAV5y4POCGU7ccjMfJKwDuOH1FYAJO4ErggVNYDCbi JK4BnjiNa4EXTuR64I1TuQFMwsksBT44nZvBZJzQMuCLU7oN+OGk/gT8cVr3gCk4sdUgAKf2 IPgB1aJaEChML5iK89sApuEMnwbBOMfnwXSc5SYwA+f5CpiJM90KQlAbagOh6Aa6AcJwvm+D cJzxeyAC5/wBiESP0WMQhZ6hZyAadaNuEINeo9cgFr1D78AsnP9BMBsNoSEQhzmAYA5mQQTE Yx64IAEzIQn4mAtpMBezIQsSMR8KIIkaQY0AydRIaiSYh1nRBCmYlFFgIaZlNFiEidEFaZga PbCYEn6ibQmmxxAsxQQxIJ0ypoxBBmVKmQIBpskSZFLWlDXIouwpe5BNOVKOIIcaR40DuZiw YJCHKQsBy6gIKgIspxKpRJDP3c/dDwq4NdwaUMg9xD0EijB9bLACE0iBlZhCMbAKkygBijGN MmA1JnI4WIOpVAI/0qq0KlhLa9KaYB0mdDRYjynVBSWYVD2wAdOqDzbSDM2AUtqUNgWbaEva EmzG9NqCLZhgR1BGu9AuoJx2p91BBe1Je4KtmGgfsA1T7Q+2Y7IDwQ5MdzDYiQkPAT9hyiPA LjoOs74b0/4cJEENOAYy0BS+hvlwFVwHN8ItcCvcCWtgHTwGG4gxm+HP8Bq8CW/D+/ABfIx9 +RyNga/RGDQW5iNP5IP8USAKRiEoAsWgOMRHySgVpaEKtAPtRnvRAZylI2gsOoFOoXPoEmqB 1/DjdXQL3UGd6CF6il6iXtSH3qOPFJuiKDFKHD5GnpQ81KSUqTjKHPnj0gwqjIpGndzDNIcW pWlaipajFWkVWp0eRRvSJrQFbUM70M70eHoiPYn2pQPoIHoGHUZH0fH4tSYSpwHiNBaxGZvY DBKbcYi1EPEVRUwlQkwlSkw1jJhKjJiKS4xEEyOJEyNJECNJEiNJESNJEyPJECPJEiPJESPJ EyMNJ0ZSIEZSJEYaQYykRIykTFykQlw0krhIlbhIjXhGnXhGg3hGk3hGi3hmFPGMNvHMaOIZ HeIZXeKZMcQzesQzY4ln9IlnDIgBDIkBjIgBGGIAHjGAMTGACTGAKTGAGTGABTGAJTGAFTGA NTGADTGALTGAHTGAPTGAAzGAIzGAEzHAOGIAZ2IAF2IAV2IAN2KA8cQA7sQAE4gBPIgBJhID eBIDeBEDeBMDTCIG8MHsq4HJhGVfQrEfodifkDuFkBtAyP2BkBtIaJ1KaA0itE4jtAYTWqcT WmcQWmcSWkMIraGE1jDCZjhhM4KwGUnYjCJsRhM2YwibsYTNWYTN2YTNOMLmHMJmPGEzgbDJ J2zOJWwmfsOmETT5h2w2wSuwDd7AbN4jbOIMfWZT719m8zDSQ/XoJDqLLqLLsA0/tqOOz2x2 oRfoFXqLBtAHikUhathXNjUwm7MJmxqEzSjMZt132TSmzWlr2p4eR7vRHrT3f9n8L5v/wWyy WML/kVoFzABl+F30IDgBLpDZ7SPQQ66TkHkz0MPzKDx/g29xlgXwHV5mwQG8zIODeFlE5QE2 sqNS8dKBWoiXTlQaXjp/p4U+0kI/aeE9aeFX0sIy0sIC0sIi0sJi0gKe/1FLhHuQ0tKvpfSv pYyvJcHXUubXUtbXUjYpkRk1/VpYpt98qcG2uQ8A+oA+Ajb2Ap4nYjdQgMJ+EAOimOso8rlX D3IFaTQwJa1IcZsxzfiZ8OmXEs6FcLZ/Ga+9xrO3O2Q/CbgUs4+3fXqET8kMUTijAGRuwMLP vCecE5J7FKJkxvsYz0b3CK+BsMs+zRxBO1eSK/E3dy6ExyS8N6UJ9PHZdfx8vaCJzGWbv877 /yr89kNSevi19OhLiZov3Psfzo3JHRtyR44md5rwqWL3QGVONCeGE/v5zh3r014AKAg/ZyFH aoHCDEagEEQN08txz3knzhJhlwkUJuKq8WwWi8dlhlForARkKyHAhFJiYykWhyWwYLM4ZX7M ZEb/mxqVCtV0FWBLfieBMJAEEkAciATJ+J+98JfR+KYxjpxhNlXwS2XLmbXMwmd7R9qpGMov KyoTyPAYASeEEUDPMshmsdlihpXSv/gMBW9qavzy7JH4UPi8scwYCk7hcGU1nRP4CxJjo2OS 1XXDx6jzrKws1L1iwxMTkhKiktWdExL5hjxVRuXTzvK/35KQGJocmxDP02DUhNuhrOJv230T EpLVneYlxyQkxiYvYFQVxBkLxtIY/5jwGOMgBXGeMV41w5X4J4hZQM4VboSSZU/x48ky0sIV UVmxH0KTYmLjo5Pxn5FiJISVIrIivpERcxLiI74cmNjfOzAtRuPTgSl9uz0iUt0vNjoet6ru 4+zECFiajPjXDmSxEIACliTA9WJsAYsF6hYsvj69xtXqJ9M9vFsD2mYT5jcOqm0+7zq3u9Xt ybWC07M9fcPelLBPe92cEGc0yj6yoUWrjutet3TeHdf63SskfM5qj+0teyyupdbqNOp9WMmV Ea7bV3uolVyuMdI87WGQltAhr2pTYCVldad+zJsoGwOW8dBHHfcdh+JYuaWDRw+ELxUMBJdl ZGUXVfceXrP1iuUOn2wFnVzvO0wfsHtzbsAu40TOizirnYamfQcN94ktDluVGlW6Pkk8Z1/v mdfqRybJFIY36XcYu454ecxjrY2Pn2JL1OQFu6tyLwTYbxH45MWj/WYnF42q942yK/FuHrvE JD5rPNW6+WePHHZ8DtjWmHvPjy38VuCtGe+ZjHeMLD6dI7U5NCNGieLoIiQCIZNRIaxlcTI2 MBnr0qWm/czvjk3crDV5idwBr6KhpvLEf3/eBJLgJMi3tc2TbrXvC39+z5GRFB6jLIs1xEEM xA/MSGGFBGc4R655ZEsK4E/b9+rWGe8Nk10Mt7qE9zBc4WZJDgdjlPMNOlCYiEWVe5d4jO5t Oe6dXBGok6w3rybnQ6XnmlTg1XXpmeIvsWclKtJes53PXcpt7vdrPrWlPiChJ9xllwt4ufbC hnaVw9wtI8TX3LilWjVmcfeLHUl7Vty1KrJbP+u45Zyrefu0Ptzruh47bFVe/cdOcMz09bu0 ASkZQ/RszNrV42brzq2zXHFfRPzi9JjL9elOs6N+OlZ3rMj0Ui+USlv49ur9cfcWfezs3POx 7167eA3/evGDSbWWFWkG1+xum3LDLNhbMmZpLesLDl9RHXTM6kZIwZQsJZO3NuvLBHTFzPwa /bry7U2Vt9RrG5gR2epy4nrHfd843Z/BPCjWjc09yf/L652VLenjElMksGMWYseEfXZMKOvA RuJC+W85QtgzfyLVWDg8LBpjrBkzE95n4Zh9XWUyMv9fjk2cBAdHl+M1ycf3y+7w7+z+T92z fW6yYtPtUqP3r8JHpG8tGrrAz6TLx+u9fx9U3eIlWW9zS+Myal+c5nCoJEXb+peySeoPE9uc 5z4aipMb2JJ1QDu3Xu7Q9BMWywzPVmaHzM3O0DliAgeqrq9mv6ydIs1uyszuO5kdHjqiTK50 05ZSt3CLm9K2P5x3V/cb/q458GNfo9KlWrc48SfWqGWHyoO8nju7T/Ezp7X29joc7ti2aSuI 351x+aU1p6rRo1hf9n6XU8qwdFZctPpBXrX97KuOopntfKaQeXyi4Gejl9dyHJSCtjfGZD9Z lrYKesRPdVZ3L837eNG17oknh8UNa6l4rrJa+8PP+yXO9deOUlo0mHY92Ls1uuuze/qZjLff d89vFHckXmuiw2be2Zq8ZabEeqefpsk6jybdN1JSSD0GWSSdeGOkFkeRGZ7+fexdhDuocewY G8aqzKLMLMckJjmZb21kFJ4YZzjnSx8ahifMMeLPjhXWGvETEyLmhScnGTn74eAZ4irG/csR slgcW8aasfyyzrBz9D83OH/+/O81GJn4TUvJfwCK2CckROdmGjNBZryThe2MeQf/WgHMpd2r 9QM3rk97sVWmfP1LxZp1fXOKbjJKKlUa4U5uq2/sU9KduM58saN/SHPY8a5fY3fOXHo2d0cO nbbrL1MX385rn5+Kdoy6FNHvPbnORbdISd9fVDfxrJqinf4VoJMg27o9tPd6mHU98EZGJdGL H4Y7O9jQJ/JFFnamOjbcS23JVa8YUX48pGfLHt/gFLkPyqnoRvi82Rkfct2qqqb6Nixq2Ddi W/GBXq7+EkbqNm/iiaygpe82yqR23V0SUil+jqfal7jBPvqK5UvLFivlpNs2Hab3Mq+WXu7M v6v0MUJ05r4+w8PG2imx2q/bC820Tt/WdsH22YTtk/3JPlKzuCWTGoF2pfRtV7XAhdEVf3TQ nzPWMWeseOYMjzE1tRCqxwqv/gljHf/YOZFJyaFz+P/qWOcXi/jBfRfGecxVvNDibu/X+L5S 7qi+8TGZSb4XMl/Ym3RM4BXr1q6KuK/mk3X01MTWpai/e96J/PM/te+N5Uel6kQ9qa3rzj5y +eXuDzLbuFM1xxhdcewI4CinHJoTMcfD//adV3cbtmSeT7+31JNtseZt42bRANWY8Zc7GlOC jRbXanMOBkybpRI+lJ5m+7Kdo+1lNT9ZZPqp4Js5FvrzLko8VbUalpbycVNc/ML7z+1XrNs8 V2Km3iTFsBDjzVczvcdqBse45t81ypLyOTBwSKkw7qX2Rtn+Jqkb2RJvBClJ5ud+XFjRHEI9 R9U5JnX9a6ZlOWUFZq+Jr1bTd29OKHW+P+vJ0tFFsz/5RsDSxWdk1PeMI/qfMdqRooZ9nlnI s4RDGPCNKBOeeDusO2JaOTFnxfHSp3tsnJzP/cyM+PoEOTaHVhUDfmAenoU4A6ffj4T+Zhj1 HUGt8ZLmnUrzOSZdVB4qwpIo4LsWdif51zsMQwZDhyf7Zau8sFpVtzWAe7eg1ka5dXDPzot1 +ydrKCeIxi6ZDSs03V7EHZyTpnnYrS3rdaHkCZHl5iefLeniT3fdUny1ueVOUWNng97ltOcX 9xq35x5pCj9j3qqo0ZBy12ZDjXLSZo28mwcPyvgXvCk9FemxQXd0achySZvzspGp7seuVGVa T6oOC7zLdHVZjXywrPeWVcaArEZBRHo4xVnbu4HtbLTILe/oELsjcsDj7i2YvLoGxdPNm37R DU1zf6VQKq1hyVbJ3UOdXWt8+KHjOT+7+l3L7j6Jsih8o7m2tLl6vv9k6+uJLge0+rCgdmNB FX8ZHqEKhgyPRP+84dHfiEDoKEvGwtgMq4nHMxM6yuTTKk+4ymTU/DuGRzqM9qdV1XjnWH5M ZKK6i5+ruquft7WlmYuJgQlj5mxgNs7ZjafNaH16TSq/f00GfsIXpe4XmZgSGx75T/XWwzE4 sLZRKSNae//osBrZiS3M0UYZy18zIk1FzpgfGBXTJ8JpFFn3pu7VItUwfbeOidsmm9a1xb0I sjmYWT7eTlrU0Gy266NTtgXsKPYuxdhnHi909F/azp+27Rq/ZOIPWVI/7zPoXzby0dMxBx9f 2UyF7Uz0P2Vz7orD4c7qQKm4h9tvnD41z6L+TXZnxhPdm8qveve+Emy9fgNWbJHPGrR7X9lZ a3yhjB3x+tGQ0ui5on7L5dm9mTopEwRzd3ZXGaeeuxE3fJJm5LowLzejIa192c938Oth062b xujs2JWOtZvb9XPi6ppkjRcXnluyV8HI+NeoYyOrXaf0V703iM6MHrM662pQuda3w6nfhPBk Xd+77oJXj2IfTI3xfrd++cI7Gw1/N1L6rjH+NyOl5CR+eOj/yUjpS0vJ35f178Z/VOP3bCXu MH/mKtsT28223UYoSy2gt7tkx3nRQqOayw5z23PS5qvdeaZwoD7twUBJr5ire5XcsVj9Xvvo MP/el0t1pIutnrd05HrnvQsZr7VIR95RdEuDOI8juGlWS5eCtvzdqaFnD+U5bbI3/yVwm85G 61v11HS5HQckPU8W2eb3hpX0R71of62iW218+xJv2PFBzRg3z/dtSZqPxxRpgsGABmpvRpn8 UdMB3SI1jzBUvuxtxvgu8VWiNwJtVqjOHha7q9E9bYrAYSawdC6lmh1uGjVMShpm9+HojDfn n1uciggt87pmx2+eVi2bcfLaVp5SfcT1tVcXOuhNc/MbZnsZDjhMBc3L/EJ5As5GbKx1bBaL ycj9E6dsv5tI/napqyzjnPDd6XO3DYM8+tvraPjv/rbG5Ukw326Vx9b4+kQOD0f9Qludc6dZ 7fIr53oOL+85U35/6X4PJuqbp9C8QCagTD9dD3iBWBAOEkECuRQXBZKBOn47TMA1fLIMxTWx uBRfPjp91N9NavICfkJ0Yig/ZoH6H8zEEbBAoVfE+xVOV7KlFqU8ahJfWzZh8LHTjw0M92lv sGvJ02nj8+MX9LSulL8mOCxhvtYq+mSu+HsXx51xpVV8lcipq+5c3Z/2uPSI6R7W+5NVnq+s ZD6WHbl1U7HYV0NPb2ZoQmTMi/DYda9+qGe9bevQenJc0H6mf+zQxxi/W0V2fefMapddL91Z eapHQ27xXbH6M3tPP1m8ZwK/bPWOLp7yUflt5wPW51zzuF64Jr0wTp2O7BBrSFMWW7DY2XeD VmBbgnJs2T3In2zDGji1U29gjeftvRKaRWGDAcufyi0wbhzUXLm4v1h0ptzmNjRqd7Cu94W9 VVGiRq2RP1ZGHck/v7/tVsyit9XL86eUC9hqjICt/FsvUTwBm8ZVov/2OP7xLfJ3b9win+NY Np1R/DaL3N8u/LLw3/y6BfEkyfUHE2Mez8LYnDEJ+psoys9addFg+8q0Zz3zUk8PPzGnuenx wB/8JIxIs/TsC7I6J+Y6mQeqzth3IbqtVPI4Gg9DH/eX+dSzvH415IlzWWYlnVfnPQt8ElhT KvCvTAmyLJ58vLu9hb/19sb5c291PkytGSxJLi9QnXlg1a2u7dQJ1ySn42Yp40xtlaWtun54 3KN93J61UYJdrKVlfrZVq3u795kpKx6l2U54Xbb8bWuZPLy8obfAUc+gY8qN/MaV80TnNJ+t 1tr2lxSFVw+viOxINohLmwZafzx/KuDFw+3RBrk7r8r46Rf9ahc4P9zPTqVujPySQdmU6+jh np6Z1tc7LVaqt15gt+XcP2ScGX6h6+M9XUf5zDcSD6YfCy53b754vdKSZ8O3DHA23tO6Tf+9 DQD/A1QHyUUNCmVuZHN0cmVhbQ0KZW5kb2JqDQoyMTIgMCBvYmoNClsgMFsgNzUwXSAgM1sg Mjc4XSAgMTVbIDI3OCAzMzMgMjc4IDI3OF0gIDM2WyA2NjddICAzOFsgNzIyXSAgNDBbIDY2 NyA2MTFdICA0NFsgMjc4XSAgNDhbIDgzMyA3MjIgNzc4IDY2N10gIDUzWyA3MjIgNjY3IDYx MSA3MjJdICA1OVsgNjY3XSAgNjhbIDU1NiA1NTYgNTAwIDU1NiA1NTYgMjc4IDU1NiA1NTYg MjIyXSAgNzhbIDUwMCAyMjIgODMzIDU1NiA1NTYgNTU2IDU1NiAzMzMgNTAwIDI3OCA1NTYg NTAwIDcyMiA1MDAgNTAwXSAgMTM1WyAzNTBdICAxNzdbIDU1Nl0gIDE3OVsgMzMzIDMzM10g XSANCmVuZG9iag0KMjEzIDAgb2JqDQpbIDI3OCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMjc4 IDMzMyAyNzggMjc4IDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAw IDAgNjExIDAgMCAwIDAgMCAwIDAgMCA3NzggMCAwIDAgMCAwIDAgMCAwIDY2NyAwIDAgMCAw IDAgMCAwIDAgNTU2IDU1NiA1MDAgNTU2IDU1NiAyNzggNTU2IDU1NiAyMjIgMCA1MDAgMjIy IDgzMyA1NTYgNTU2IDU1NiA1NTYgMzMzIDUwMCAyNzggNTU2IDAgNzIyIDUwMCA1MDBdIA0K ZW5kb2JqDQoyMTQgMCBvYmoNClsgMjI2IDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAw IDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgNTIyIDAgNDg4IDQ1OSAw IDAgMjUyIDAgMCAwIDAgNjQ1IDY1NCA1MTcgMCAwIDQ1MiA0ODcgNjQyIDAgMCAwIDAgMCAw IDAgMCAwIDAgMCA1MTQgNTE0IDQxNiA1MTQgNDc4IDMwNSA1MTQgNTE0IDIzMCAwIDAgMjMw IDc5MSA1MTQgNTEzIDUxNCA1MTQgMzQzIDM4OSAzMzUgNTE0IDAgNzE1IDAgNDQ3XSANCmVu ZG9iag0KMjE1IDAgb2JqDQo8PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDgxNzY3L0xl bmd0aDEgMTczNDIwPj4NCnN0cmVhbQ0KeJzsnAd8XMW18M8t23tv0hattFp5VaxiNauserfV 1l65SpZsy92WbLANBodmEB3TewslImS9pshAgBAFHiEOJTxISCDwAoEkiEASEjBY+s7c2VXD gCH5vrz8Po337H/mzJm5M2fqXftnYADAhF88tFZ3NNSVTYhfB/aCtwEc59dUVne+dvzeawDu uQ9AeXVNZXNVvaxxH8Ado1jgvbrqmlpdQuJNwJ77HgB3rK51ccfzp3/0GsCD1cCcq6/rCFVq X+r7DNjiMEDTJYs7snI+ffdILQDzS3xqd++Wnu0VP22IAPhLsPw5vafsdD9yxs+fAajBfJFx 3fb1W277YyU+O/AkgMywvmdwOySAF5//AJbXrt+8Z93uwew2gMb3sY4V/Wt7+t6+YPxXWP8K zM/vR4XqXnU1pq/EdHL/lp27h0TyLgC2EMDHblo7sPXA9qFcgCsS8Pn5m7f19hz0DzUADNYD OF/a0rN7u+053aVYfgTLu7f2bFn7VHXp8wBXdQKog9u3De6c0MJ52B5Sv3v7wNrtq3888SZA 3ssAOhaIb0U3jxz4fNNrqzUlH4NNCiQ8+qfTf0b4k6Rrtx/LO/6c3ChNABZkKDRgOTGMAzMq v/VY3jEF5gNzPUwL3HXERtMPK0AkKFjQQhZ0o5fGdLQWjg8wl2GuVHSdCHvIOCm5F+A8FqTA akQsy/Jyln8L2Ikg3DeBZWSkYEuH2y20/FbaBsnNrA8VtwiV/lCkIz3F2tVTrWGeh28d+EwY PBk77j0In5Td96H962xY/uttvmkQvwrtIv+J6xWVwMA3qYtP+vL2cTfjSj2R/vdwx4xnJsHB b/LMuTAXvk3gE6HtW5Qp5Tqh+dvUz70ELSdTjt0xUfpN2/X/MmC/Kk/SrjweZ16Ziv8z4cvq EXdC+fTnfaEtDlj0TZ7DJ058Qglt7OMz6+US6WnzdYG9H3Z8k2f+MwHbuf2b2ItG4NIT6bkr wfQvadBcmAtzYS7Mhf/YwN4Aj/672/CfFrgF8I9/dxvmwlyYC3NhLsyFuTAX5sJcmAtzYS7M hbkwF+bCXJgLc2EuzIX/jwMXkwThX4wBvIYpjLFPAw+PC3otapQYU0ESVEEtNEArhGAD7IJT YQ/cOjEhlFOBG3NrMLcFOqAHNk/mMhMfA0w8j/L7+EOZRmbRRG/siVYUuyBuSIa8qZZxjdw1 +HwfVGO9TbAUVkEf9DMso2G0jJ1xMn6mlVnGrGS2MbuYU5h9zAXMhcxFzGXM9cyDIGbeF2r5 KPaUqcAAG/t3eix8dWCmteOfDXoAoS8kZMV08X6RIPTtS5rxhR4L2hP1GpgfoTzzT7f2/3bg /qW1/UfP1GDt6lUrVyxf1hUOdXa0t7UuXtTS3NTYUF9XW1NdVVkRLC8rLVlYXFRYkL8gKzMj 3e9LSfYmuaxGnVajUshlUolYxHMsA+k13tpud8TXHeF93vr6DJL29qCiZ5qiO+JGVe1Mm4i7 WzBzz7QMouW6WZZBahmctGS07hIoyUh313jdkaPVXvcIs6wtjPGLq71d7siYEG8R4rxPSKgw 4fFgCXeNtb/aHWG63TWR2lP6h2q6q7G+Qwp5lbdqrTwjHQ7JFRhVYCzi924/xPjLGCHC+muK D7EgVZHHRriUmp6+SGtbuKba4fF0CTqoEuqKiKsiEqEu9wbSZrjQfSj9yaGLRrSwpjug7PP2 9awIR7geLDTE1QwNHYjoApE0b3Ukbe/bVuzy2ki6t7omEvBiZU3tkw9gIqIUrdc99DFg471j 78/U9MQ04hTtx0CipIuTbsL8eBywbdhC7J/HQ9py4UgQ1mAisr8tTNNuWOOIQjAr0BVhu0nO k/EcU4jk7I/nTBbv9nrIUNV0xz6n9Fsj+9e4M9LR+8InBT+Y745wvu41vf2EPWuHvNXV1G+d 4UiwGiPBnlhfaw7Nz0L7nm7sxAbihrZwJMu7PWL0VlIDVLjJGGzoCAtFYsUixqoIdPfGSkWy aqpJu9w1Q93VtIGkLm9b+AjkTrx5KM/tOJyLC6qLtCNirsJB8dUMhfvWRVzdjj6cn+vcYYcn EuxC93V5w2u7yCh5tZG0N/FxHuGJQins2yzruDHpuSRF6g6zDq6LjBYq3LX45a0swQwtDpeQ JCNaWeIOMw6Im+FTYhYkNqMeTHApVfUkiyNFq+odni4PDV/RJEesTaKUiHRaXVpUTLaJPudL m0atSYPS3DVrq6c1cEalolgDY7WduJ0s8UXswVhCSoazPp7FpeDKRR2L1QgqMopWdwRa3WHv Wm+XF+dQsDVM+kZ8LYxvU4e3qW1ZWBjt2CzpnJGi+YU0FQEPZscTbBXOwdqAIz6sQrpOSE8m 62dlN8Sz3UNSb1PHEKncG6sQ3LiCsNNiX0PPhYX6PFyatbi7eWt7vG6tu3aoZ2Ri/5qhQ8Hg 0Paa7v5iUoe3oW/I2xEucQhtbQ/vc+wlj9JDE9PUWZmRjntP5SEvc37boSBzfsey8BEtgPv8 znCUZdiq7squQ8mYFz7iBggKWpZoiZIk3CRBamrHhFSwdxwJAuwXcnlBIaR7RxgQdNK4joHe EZbqtHEdizqe6oKCjgQcJGs/uhi32xp3Hxme07v6h7q7yOICMw4lfpgI4y2DCOstO8SwYmVE 7l1bGVF4K4m+nOjLqV5M9BKcGIyZQeeQPWmo24v7FE6oMDgYOhU5UqV7ZGKiM+w56hjr8uBU W4GyLByRBXDvF6U0ol0dkW5U10X29/aQdkAoTMpKUhp6u3DaxitEk4aIDGuQxWpAi1qhDJmO WKgXxwYHUCi/HxOR/V2RrgB5aHhDlzCdtRGo9xbjsNM6RT7yoKyuIb03R1ibuBTkKQcIZNg2 6AhTjQOT+LAu6iSJElve68Ws3m43epuH3g6c6nQvlTuoZi1uibxvrSByRywTSLe4FIVKHpFl YoX4IXFFJlmSohRJVxdtvJA6EDPAZ2sjCmyRb5orYwXQO5jVQNqCnwPYVGL6I1JN2wi0e3fj zkIaLdQkweyIKqWhBzd/Wl6BGm9hvLCU7BGKWB2jVCshPVei37mUzpGJu717PNNCRrqXHA5k YoLjCE5s6BqarYgsD2SkS2drVYJ6aEiqOnEB6i+papKohEMyboTdG3WWuUbYPRS7o04F4lSK U6LOYsQuip3UZDDqXIgYiDpLEDsotlNsizpLEVspttACmyk2RRMrEBspNkQTKxH90cQqxHqK dRRrKfooemmBNbRAD0U3zVtNsSqaUINYSbGCYjnFMoouijDFUoolFCGKTop2ijaKVorFFIui CdWIFppqpmiiaKRooKinqKOopaihqI46GhBVUUcjopKigiIYdTQhyinKoo5mRClFCcVCimKK DooiWmchRQGtLJ9iAUUerTOXIoeWy6aYT5FFkUmRQStLp8UDtNw8mpdG4adIpZY+ihRaIJnC S8slUUsPhZvCReGkSIzaFyESKBxR+2KEncJGYaV5FgozVZoojBQGmqen0FGllqY0FGqqVFEo KRQUcgpZ1NaKkEZtbQgJhZhCRMFTE46mWAqGAgQwExTjFMeFAsznNPUZxTGKTyk+ofgHxd+j 1g7ExxR/i1o7EX+l+AvFRxQfUpM/U3xAlWMU71P8ieKP1OQPFO9RvEvzfk/xDsXbFL+jJv9D 8RZVvknxW4o3KF6PWpYgfkPx66hlKeI1il9R5S8pXqXKVyj+m+Jlil9Qk5do6kWaeoHiear8 OcVRip9RPEfxU2r5LMV/UeUzFE9T/IRiNGrGfYn5cdRcjniK4kdR83LEkxRPUDxO8UOKxyge pXiEljtCMUKVD1M8RPEgxQMUhymiFIdouQhtyw9o6n6K71OT+yiGKb5HcS/FPbTc3bTAXVT5 XYo7Ke6guJ3iNopbKW6huDlqWoO4ieLGqKkXcUPU1Ie4Pmpai7gualqHuJbiGoqrKa6iuJLi IMUVUVMP4nJa52W0zktpnZdQXEyrvogWuJBiiFpeQE3Oj5pCiAO0svNoZedSnEMtz6a1nEWL f4diP8WZFGdQ7KM4neI0ir1RE+7JzB76hN206lMpTqFP2EXbspNikD5vgBbfQbGdYhvFVoot FJspNtGubKTP20DRHzXlI9ZTrIsaz0KsjRrJ3O2LGs9E9EaNpNwaquyJGoOIbqpcTZWrosYz ECujxrMRK6LGcxHLowY8hJllUYMT0UURjhrkiKUUS6IGPOaZUNSA5zvTSdFB0R414DHPtEUN eLAzrRSLo3rS6kVRfS2ihaKZKpsoGqmygaKeoi6qx3OTqaUmNVRZTVEV1dUhKqM6sigrorow IhjVdSHKo7pliDKK0qiOzNYSioUUxRRFUV0AURjVpSMKoroiRD7FgqiOPCiPPiiXIieqIx7M ppgf1RFHZlFk0rZkUKTTJgVok+ZRpNEm+SlSaSN8FCkUyRReWiCJWnpok9y0ES76PCdFIrVM oHDQ4nYKG4WVWloozLSBJgojbaeBPkhPoaPltBQaCjWFipooaUoR1a5EyKPaVQhZVLsaIaWQ UIgpRNSSp5YcVbIUDAUEJ5ATaDeOPI7yOcpnKMdQ9ykW/ATj/0D5O8rHKH/TrHH9FeUvml7X R5o+14cof0b5AGUM9e+j/Anz/ojpP6C8h/Iuyu9R/w7K2xj/HfJ/UN5Cuzcx/VuUN1BeR/kN yq9RXlOvd/1K3e/6JcqrKK+g/DfqXkb+AuUllBcx/QLyeZSfoxxF+RnKcyg/RXkW5b9Um1zP qDa7nlbNc/0EOapKd/0YdU9h/EeqLa7gxJOqja4nVBtcj6v6XT/EnMdU2a5HUR5BOaLc4RpR DrgeVg66HlLudD2I8gDKYUxHkYfQJoLyA5T7Ub6Pch/KMMr3UO5VnOG6R7HXdbdij+su5HcV p7vuVOxz3YH621FuQ7kV5RaUm1FuQrkR5QaU6xUZrutQrpXf7bpG/l3X1cirUK5EOYhyhbzf dbn8LNdl8htcl8pvcl0iv8V1MeovQjmXS3GdwxW6zmYKXWeF9oe+M7w/dGZoX+iM4X0hxT5G sc+xr2nfafuG9/16X1Avlp8e2hs6bXhvaE/o1NDu4VNDj7AXwDr2/GBJ6JThXSF+l3HXzl3c 33Yxw7uY6l3M/F0MC7u0u9y7OOXO0EBocHggBAOtA/sHIgP8wsjAmwMsDDDykYknDw84nLXI 4OkDKm3tjtC20PbhbaGt67aENmIDNxSuD/UPrw+tK+wLrR3uC/UWrgn1FHaHVheuDK0aXhla UbgstHx4WairMBxaivZLCjtDoeHOUEdhW6h9uC20uHBRaBHqWwqbQs3DTaHGwvpQw3B9qK6w NlSDnYcEbYI7gdOSBixKwJbgu2/lfEfQ8abjQwcPjojjSQen19hddjZNY2OqFtuYbbYzbZfa OI31eSsbtKal12osz1t+a/mzhTcELWmZtWDWmt1mzkT6Zm7prBVYXk2ZvUDoa4vZ66vVmBiN yWVia1wmBnRv6j7UcaYntM9rWY2G0WgmNGxQg+YatUvNkq8JNRdUZxfUalQuFUu+JlScOahC DakxVdnaWatRuBRsqFyxWMEGFeVVtUFFxvxa4Bg3wwCjRXBS0grG5KrFdX3YzIgYPM8PdXYE Ak0jkon2poi0dXmEOT+S0kG+g23LIuLz8a172fLwIYa5pOsQw1Z1Rozk1yIhfe7FF0NlYlMk sSMcuTWxqymyHyNBEpnACCQeMkNlV2DV4K7BQGDnKvxaNbgzIHwwxewiqQBRks/gTkyTP7uE NAS+MlAzxOpBDDvjyp1fXeo/NjD/7gb8Lw/W1avIXytJbgYYn/l/QLTCRhiE/fjnPLgYDsIT 8GtYA2dj7Dq4Fe6CeyECP4Jn4dV/1V+tkTC+R7QFlNzDIAYDwMSxibHxu1BGROppmoOYMvDu Kc2EduKDWboPxg9OaMdHxHqQC2VV7Euo/StzfOIYW07SE/kkzR7AuEYo8ZHk5vEfjN89ozmN 0AydEIIlsBS6YDEsQmmFNmiBlbAaeqAX+mAtrIP10A8b0F+bYDNsga0o62AbbIcdMIA+3Am7 4BSM74xpaHo37IG9sC/G0+B0jO/B771C7Aw4Ez3/nUmeNckpzdlwLso5+H0eHIDz4QIk+Z6p m5kaggvhIhzPS+DSyfilJ9SS+GVwFcrlcAWO+pUYvxbH/nq4AW4UtAfharhGSN0Ct2P+1TNs Sd6U/U1wM1rdCreh5R04e+6eZUssb4HH4Ic4p56Gx3G2PYGxp+AIxp+C38Kb8Da8C+/BH5gA k8/UwV/gb/A8en8dep34fLvwvQG/1096/FT0bdyzZ6DHZvrhlFge9edZgp/ieaei5QEcjbOm lRkSxileF7GO1zXdX6RPpEdTOtrDg5OaqX7PLEXtpvtspgevFzQzc2d7dnr8ti/NuQO+i3In fpNxmJ2Kx+7BFU7kezAM92GMfk+l47Hvw/3wA9wLDsFheBAegodhZDL9AKam8qOCJm5zYv0j 8KgwC56AJ4Xx/zGMCronMHYklvtELOcRIf4UPIO70HPwMzgKP8G584wgz8HPcX68CC/hrvUb eCM2g14RZpCXCcAL8CLvg1+K1IyIexKeYhfBbky/yl6HIwGit0FN/q+k8UHuNdw9OJDAQmEX WPxghjnDLC2pkDNj0AASpg9YcDMXgRQYpi+o59mUAjHX5lDptrcxbdUSthPKX3/j9ZVvvH4U eZTJen3slTHt8VfG9EVFWVnZ8xmdRyeIUc1KJGKxNymTLSjIz8/NzSljF+Rlst4kNYpvQV4Z W1DG5eY4WcGUWgpaNCZa7rXPl3OLj4vZ01w1Wxclsy6H2qgUMW6RyyItXZxp0HgW+P3BLJdE LmZFUrE0rbg6qXpVsX38QU6ikMjdZrNdLeIlSqnMbTPY1Px4rUh97C8i9WdV/ObPruSy89a3 54uulUtZXix+zGFJWVjrsQXcBo1Bq1SLDGa9WGLQK3yljccvlFrsFolcLlFq5TKr1SyVycVK 7fFCYGBw4kN+j8gJhbDhEXYfewaEA+ReFAofTkwE7QgbeiiDt/N2k4y8YOZ1mPCt83DQv8Qf sJbbW8bKx3TEaUzW2GgRus7x4NfbZs/vYozUV+hI3mR0ssSxuTlmk1EtjbmQJ/7j96gtKrUv uLa5c2hbZ0GCv3lr7aIdbfk6hZzjRVKZqapnT/W6OwfL/Yt23fDUzoYzl/n5IVNZckogpXzT RdfdWNu6b0m6N+DVatEZdovBmOq1lZ56aHD1s4/fc2aDJyeV/AufMACvxvmUAffN7H9QKzOZ pWaz1J9qV9lVkIq9YoJ6fyDVH8EbrulDE4vXYpNHSl47A21mxOGgp1PoLPZVX5QFq1et3BEo 0heNMVmjpOvap3NytfsOjI6ip46A7FtXJ7hQzXs9nEfw2owYma0GnICeHB7XkUSpk49L2pnD SiXHSxVa+fiiVSwnV7FCzvErFCaNWPSuZL6FXWvhx0Qmq92kGt+IHjPZrAbVeLZWJzZbbSal ROcw8GelutBj7RPHOHKyp8LNszymFjwmNXvcKhW40V+ioN6TbHb7waQ1PWniUrCDDuyg78Fg cpsjRPpGJkasb4GiuKvQUbk50x31Leo5kY/UnHfKO2buA0YkxQUxnhpmnlQqWJqo2MwoTEk2 m0cvZj8kfqlRy/j3xUab3awar9dppCaL3ag6/o5UKRGhD6X8/akuA/UKc0xkBBPUzPKKxgQK uUkBcl6kbRfR1uotRUwWdhL7F1R8MQ8bnxJvLN1hJPjKozAnWe1ubNcnjMrssVrdBjFrk9B2 SPjfxGNAWyMexTEqhsOzWlOZ7jGqMjMNGSA3Gd0ZcrnWfWkGMz+D0WQwCi4jozhLiS98eW2Z GSoDyM3uDKXJmJ7lKVY7fOhqbSjWSKGZutxyJis3MMrk5BTZstD1K1fqAkXWLB3upDomV5eL H/winUw86Rqn993LkI3Cl8p5uWnuIP6wGHKZWFQi+gUrN3psVrdexL7FHl8snedPS2JexThV 60TsGK+3OtR97kCiln9UxFZqnCkZCQMaq07ET3lw/WdXqVUaJe6t107q7jY6DTKV3Z/weRd3 tyPVoZYZEk0xD4sSRTpYyCya5WGnIiODyU5cyLCYqecW+rVaV9DozG/XaDP86f6RiQ8PO5Pr CYNWualeq8WUVosxNYmpSSwQMxKI6fRYmjCYhAoFMVUQU6OTUaQH1Fq/a2G20pbUZguJO6k/ 0Z0zXjt1gVw6YPajObrcl3G4Vq/MeRqjOD4P/y9pXWzwyVCncj5fqlcslkxftnTozWZLbn7+ 5NLg0zm9xa6qsCc7TMq/2rItrMqpvZpVmDwWi0srYj+Q5toXW5PtRuXHlgwzq/ZoL8aZ4bJa XDoxU2dM0EuViVleNtp4sLH99rbj6sml/T1/ktye5j5eU3FWZXuknf2hVCHlcReV4gVjYGJM pBd5wAJZsHTmDHgCgC0CKySzHaCERCY1auhIG2HSDgclU2chHpkvjwnb25cYxDewaQeiJG/G mcmL9AmVW279zSUD9w0WO2u23fbLi3YMDxaPuGt3tvffNNiUYXDVD3asv3GgOdPArWh5fPTI peGiHXdtWfL0Tx66uGPh4L17a3d1ZrWcftOtVxfUDbZnNO294Zaryb+KxbnN+3H3cGHfzprZ tyOYXxBUug1+qSwV/xgN/hGGe9hoMcikUnXqCMM/GLS0qafvybFt/WhsS2es2ljH/SdTMO4G 78xpYLY4OUmeL9XnwxziC95vy+845br+6EpWbvHYLG6DBAc+xzOR05Kcv7TE/VBp0FrsuX3d HXVrGnPdGu6NBTu39TYHxjPIUid3LH7YnySRKnMaupvLuvQS/vin7rzaphay1vmJMe46HOtG GJ3pjcdAx+ZCOeSzRUGVvRz/QIou31/taniUIRfUZAaC6nSQaCWskpOkS9KzleTX9+qO7BHG fzjomnU1IqeXdkw7ptPjGRa/M2CaXKz+VdVOm1bkHotTSYynI8Yzufg0i91zxeQqi2meuw5v C3KVVJFa2llQuqLMlVre1tlenlr7nYe2l27oLLZzYolCJdPOr1tTWbu1ye8ra+toLUstG7i9 b/7S2hy9lL8PT02bQWlPtKeUtwbSK/Pn5xQ19QRDV22rMLk8dpvYbLeZVO4Ud2rVstyMqvxM kl2xeKi/RGtx6A1kDO7AOTmIczIJZu+3MpBKrUaZQWoUbgSuqUl0fBR3u1eO5mqPogcPnSh/ 6pYQn10e4WLPkwsCP0guCHh/uvItVrgTkLP3zfGr1XIO9Ro5d45Kzv9JbLI6jKrPbp7cNdbo tRKT3WpSCe0+iPuEHe8FAdgyq92WAHjcJrNC7msHt9xsUngCUrwFOEaY1MNB0eQY4kZZLtwV Xo7dFzRfb0+6Nev+wInpwE7tmnus/Vc/tnXn8Hq37Wa8W3iwfwYRe5NOU7aluenM3hodak3k /DSIGebVvSN7y8r3PXIaZ4539PP3w+eE0zO7zu6c0pHdow1Xy1vcT8GH72cXP8Keye6feqeQ JUqdI8wPHsCFuxAvcPc/DBofY+B82SOsM2gxgGxhaqJPzHka5n1qb8z/JKhu4ZrjO0L5GL02 jZGj6/UxPC60ZH4Tl5hPoiA5WuIvc9Q3dL6bLbHXNYkEN5NpbyQFXDqfPM9o12K1quqVAwtb N5RZTFlNGy/q6jozx8D7/EaHlmd+kbWlOn9pVbZLo3DlBwq2dTfqbTo1L1HIvuduDs4rXLGz tPCSKy/aVlVfvlyr5tBT79fU5HZuGtia7q0p8pZuviJMvFaKXntBtAPfQyrhxpleC+oVukSn y+0tKCxKKErQF+n0QPyVkKmTFxUm8ZLcT1MbE/Q6Ba+21KqbSz4JSlris0GYDmOC314eyyLX MdyE1aM06BnBe/aTr2Vy9/ClCu+7vgImPr/UnESI8rFTCv1pNpOdmXvBnN246cKly/bn6NlU /7wEnpGzMjKznHqeaRWpNRqxtmbl1sKSJSUpRun35YkFmfnbu5t0nqzN1Xmd1TkeHXtOyeUH L9xUUR0M69RajahQqiQHsVI6vtVeWJCt9zaVz3MvqK6vS3fUlqSVbTm49K6ayvmt63cM4Aps Rs8u4Z6FBXBg1mxMSAAdcWSiP+8ffpeIEcn/ntXo/rsfbFobK+dsxmPBlJgPjr8svFqMlWME MfnCG0z4pkWpC9mp91/z1Ouv2Bvbfciuu0SiNijVzuym4mBvw3ynallXxcqKeVqpjJeprCWL V2TfdospZ9HA1T3+xooFiRJukd7nMScmOxeENm9d71u/0Z3m1qiVHq/TlpxouPP20ssPDm0K 4ouDXR9bpXyRaAuk4/E1yy9BuSejPAkzZEkFxD12U1I6l1qLSpkUxOr5nyY0Fs9eYWSC6Mmh RfySmyPMMeIe20kX/cL65OPnkWXyHSi+QM10fWZwyfNMdrzhuYX1uXDpwhSTxDy/aeOF4UBz WZ5pHSM3um1WF74XjL+Cy3RBqDrbra1smL5I7/E0lae58moaGl3Fl11+4aZKgyfTxoxLVGRD U0mOr6mpz27fuGNrZs/6ko1XLEXPteB8ugn3t0wome25h+blFIh5kI2w6qDMq1M6OaPRmzXC qoIm8IofLyiY59TplDkvzmtU/jbobJl2TJN3pqwxskiRliLc2SzC2jScRKn4jMLL8ozZxEqm 73Pk+ugT1iWx4G4Knv/ylRslot5twXVN82UyGS9VSZWlnX05Xed1pdvyl5x645rOXU1J97Y2 VvS1FOjWbbg45GXfqdm6aJ6nzNG30WA2qJTyhES7TGkxKP0dp3dWXHXFeevK5lW2FeSWZzSv LbRnlAAzUTp+kMsW7YYQXDJr9emdOtejzDt4SuiYd4LehpL6YMPCYIPZ3BBcyMM85e8W1TlL frfQlayvr8//XTB5cbzjozhbjo+SK/SoBa83WcL7pnDBoaeB4euLzroFSSS5sR8J6DWT3Cun 34bwTTS2MHNjv/hZzGYum+XEUrlYYkrwWQKl6U6F7lmFihfLFGrJT4d1xZ1bazKKJDzP8Wgl kag0Ju280kCi8s79cuHHBpX8DJu2JLStyjw/zSUWi0UFvM5kMSqlMqm9oLNomUansFpMWvnn 93We1paqFouUct5ADDiOQ4OFXI5KL7VYzXrFvvbTWlNFMqVYpMf5WYkeJ+dvCbTBA7NWtio3 r6SktK01MaE0obSOLG6fIg0S8koggRcVNLjaSnP55OCn8xv9so/1ekvzJ8ktlreCokn/Cb+x jAVii5acKrlZo2OjsTMF3/n1dAiSvnWNODKiEw4BvvCd5LGdqK3bek13xwVpGgUjkii0MmVy SVdF/tKKNLkuSaGtXbG1qKm/PIFuFF84ypdU5bg0Gs8Cn7BLZLbuXuz3WOQGjdhsthoUJrvZ nF6dtXy3J6WpPDVn6ak1xXgybamcfrjndGzesS0jUJ/rLN18cCmeQOUTx7gInu0VsG/WeHgz bckVCpB7FVZFRR4vMnwaLGr02uSQnCl2ptU6m0XNk6/LwlsRcXnWKL60H6WXQftJl5v+u0p+ fvx37Mm36y+c4/hqgO/e2azcRLZQnYjZhhc8R8C1YNvqJl0r+WnFakM1Gz/MXbrJw7x6xbaF wWVFdqnEFn9jZtPtFdbE+V5j2ZYrQ+M74uppJ/kGe/6C+cJJnlKxLC+52ktOKfQc82dRFhgg DTbO9N0DaS6jE+9Ba4IKucvpNLrS+GSbZoSpe0gUTG6wxQ6YN1rwtYc47ZWXx8jth/zW8TW2 0y7PsV/3Z/8U9weRLmGeM9GnZ0VivQNjKQZ2/B9TLjnMCD88EafxP8PNQS63+BISUmwymS3l s+x437lzJLTvwi92pKcf4RwxQd2sOaI1gSIoB7lJwYu0tbGBFfpkj00CxRczsRMFs0b29yce M9sXxyLWHtG7uIssh7tntaeoOiMjs8hiTvIsSloOy/HheIOXFyYpOhp1/k+DDY2FmbhgwJyh SFq+qLpInVvWkNucMDkjY1MSd2GcyVmjeDXS5ebgDj6KwDccYYiCnm9a1+zZ7ZsxuU+kinkl NtktU3NetJ6RmzxWdI6YxTmfXZqzqbuRzHhBqRUz2ySinJLcjVQZd+mDjMyQaDQ5NDyTpKlZ saWoZEmBnTPWrthcWLWs0DpjKSTm2YPNpZsOLhnfOqV0FttKG2YquXNxhnBkV7kvCV8lPEWL s7zN5fN8leE8b3UyxHcWHKViOG3WKPmy7XaHj1dzoGGMnEadYvo0mN+Y4lDzdk22T+oONLib ZTM3CTxPyXDgEEyOg/nrS9G/z/kGruYiUskOnH/xbUUiyiudvanM8Gb1qh2lxIfsK9jr4z+f cpmr2Fza9JUuS6sK4y6yCG9sL6KXyG914Zl+Ir9nuYIysGqtrIGzJpMj8f+w9y3gUVXX/vuc M48zr2TyDgnEkwyEkIQQHoEEIgwxQAivGOXpo5lMJmTCvJxMwqOCESPyuphS64NLW7StVduq n1Wur/aGSkGpRURUqsGgIvWByFWMQSHn/9v7nJlMQryl997v/7/f90+Wa89+rv3ba6291z4n mDGZR3ydUDnmw6gHoM/Vx076KsZuvLz5Cl7WCa8PL1m2+r6barYsy02fupTlluc+njR+UXFp 7YKSUfHJ4xcWX+2gOb6pctfdG26eUrCs9drKXTtuu3nKuGWtKyZUTcnIm1vrby6eUFWckVdZ GwgRXu7pvUc4grXl4h6/c2C0zyyabLYUWYpSLSmpyiNjXop5clGmRl94IbsyxZIqaeLT58Yv KrmSR0ZEdxZxrlxAlFZGR7++i3KGQR4WWVgeWzl9UvJi3oBzNAX3d+4Sz676cIeYa3DVn7/S Pvx3CNKjIw+KRXgEz4zl26b+6J5tnpnxUl5ab1X4PNN8itgMv/hN5ryZuZOWrl6UVzFpeCli 869mz5pwfWMwQJ+HoEd6axpL7Jc9fyePLBhrn2E2GQvGEqORFFgL4CsFxezZKG2skQjanLlW e8FITdL4C5mV03rsSQuUC07UAw57c0G3V+TxCBpVH8CHXbGM/i92/tGFSHlM4j9ivwdhb7vL EKBj9OwKNGflzKuSxlU2bl8x8ApUvPwaPG7OKWcXoN6nw1rkZrEInTVvek7BktVzp9z94x2+ cnrvidUo956iZb5g42ino+/Ww38JjU4knoHPlzlxcSPih5MRw83Pcql2q31sZfzwuJwRo3Up WXNTIjFMOZPG7Y+bqEbu54j5H3QfeK//vtM+GciA2iKKCSkZiVnLl8yJW9Q/fqunT2bKjMpr R8fZMlJ0OmG3JiVDSo/XG/XTGnZc1+u//ND55Zj5JVlavUGno6ezQf6c/wwamE1+118DL+JQ voQHn0l4TsxLngYitthJ9vRZr+VI2kKtXStoja/ZK6ULOSTXmsubhdxx79nTB3+fEBc/8F2x feR/R1b/9xP0BbFGfUHMD7iS4w6pUd8RU41+pjPFGsyZhdcU5JcXpBZV3bSoaMrKnSvGXXdN oUXU8zr27w+yplRfPWXRpGGTFt24qGjSD+68NntOab7JJHiMmVJyQmrisLwpGTlFuWOmXTdj 9tql42OS081inFlMpo856Velp48tzcwtysstuc5edst1Beb4ZJORavoW+Qv+z5rfkVlk6wBf GzM5P29KXplomGmYOcWQl1c4JWVKCiksq5gys1TM/9CQlzm5IrbHnhk5vaCCzyf8tYS+dP0r VWp8iXoE7t9vVX4jbU+4gtF9v7f4/qfyyHMlH3muZE+i/J95ndEUYzjt0ujyCtNzRiSLogFP jHpRyh2XUlxdnM5rtYJrvcmsMydYNuRxpkR2X9FyeadjjcKPDUnJyXHGXmPSpLiJ4wxGgynW clVGql4fY9KlTlww2TxCkmK4by0JMaOk5Lf0ZoNGYzDr30qGHgOIlB8IL+LZsXmAHrNMqWR8 6YTxtpHDUokpdeT4YbbSCQY84WXMze+xWxdo+97oKIcd7qb76YNKHDviUq5gTNQdLnKyTY56 ga2LPOJF6vI5Y/yIpMT0WC2faZ11k7+k/KaSYQa9X72sQSM+nc7Enlpq5sUvoi+0leph0KaG /trn0ax59pxRM5cXZc6y8ZPC+/jS0bTiERnjRyZe7fnJMm5HuBoauhv34j9BQ/NI28CbxFju saczshLiC1/gLuJGNo278+n4qfFZZS/wsYSQfO6SPd6eNWdu0dyC0gRh2Gg8d1iirlLwNyiC vv9R32VYT7DNbP3+EerVC7FNVZfAhTPZ2ZGdmZAUfgSgWUQNpaD9k1bIvsG7oUKflJ6VlGZL MlzT+7rWmjZ6+PCcYeYfcJyYkJmWRoPGbA23WGOMz0hBJBa5Sm3BjUsWSLw5KSsN12Gt8CtT iujtOvGm02TW8xoxxsjfc8mPo0BD88JSQ5zOHGsQBL3FcCnVYOA/Fi1QJjR6KV0UK57Yd8hh sOgFQWug+zgJUfgX0G4haRjwtsiWmDDmBd4KRWZxl36fmkpfstnsMfaEgrk2MXHE3MR5MYtU 1bC9C13uLxnX91LIPGi/Pg0yzWVnw9/66W6iqq9k4RcabebChm01vZd08WmjhqXb4nnT+Z/w vB57L/2qOD3XzE+vu37OVbwpaWT62Azhl6YU4w1/fvvT23t/LmKLac2JMVyJ4Dcn6k1MHTHG S1lLn37uDw4aQMy4gbwgd/O3am/GE+A4Ms2emGRKtpnSbck5mrwMUxIxaqzavGe56qczFlhn 54SVkzdjxqXDcSklyjPuOBYmL/vNz+D/OO1RGuSSktNiNfxvBXPqyLT0rASN0IVD3BSTb0uz Jei1RqvRmps5YmQCFhe+BQjPW+JNWq053vydN2b0aJsxNkaMTY21ZOeMMllNBmsqVvKNUC9U a5vx1D6alM40kURuA8kgV2Eb0H9ytYEYSQIfazeYRmuHjZxjnRO9mhP78aj++YnPrZeo9/db SrJ+QJH/G2eIS42PT7FouArOlJKVUmjT9OZwBmsaKs1RlcKmyCXmNZqzWnvHD6yBZz3yj4nL GYT2XU78/Mvox1dKQrkmmp4anLRT+9HFPtItU+n1IfpnSe/5PhKHib+8nOi1gtHxy8n4o/9Z Mq0YhL6hZPZcAT3dR5a7YtL60ebBKTYf9KZ1iUJxpkHoif8Kxdu/h77oowTvEA3R//d09H8r JRYM0RAN0RAN0RAN0RAN0RAN0RAN0RAN0RAN0RAN0RAN0RAN0f99Yn8tiyNEmIB0k0Do/zlM 4sk8+QzSOmIkw0m8fBLpPLkL6c2oH87x8rtIrfL7SNNYPkN+B2mO/BLSKlbTLH+BtIWl61nr Fpbfxlq3s/wu+SOkz7D8PvkNpAfl10k2ZjyLdB5Lb5ZPkWzMSFOr/CHSNJbPwOzZmIvmmyEn G3PRdD2r38Ly21jrdpZvlzuRPoP8PFInHyJLkV4gS9lalkLy20jTWD6D5XOIBWkVq1nParax /C5WfxDpzZDwJbkZyM8hPSj/HfqKR586IH8VaR0ZQeogvxqpVV6ONI3lM+TrkFaxfLP8M6Qt LF3P6rew/DbWup3l2+VGpM+w/D75V0gPyg9zsdC2jLRd7ka6S/4G6T6WP4jUinm/QmqVz9Jv F2L5DJZWsXS9/AXSbchnQE4v0l3y10j3yeeRHkR9DiT8HalV7kKaxvIZ8kn6bxmIln5XEatZ z9JtLG2Xe+i/cyB6pAeJmVsBmWeQ7mPpQfldrpnVNLOaZlbTwmpaWE0Lq1nPVrEe+fPcFrbG LWyNW9gat7DWLWyN2zGXEelBYqLfkiR/gpTib2dydlGfQWpF/S7qM0gz5E+RVrE8Rb6LegjS XdDGPqyLR7qLpfuIgPQg0oOoNyPdhbkOsvqDqFe+FWwsn0XC31NVx1KB7aYYVqJ5npiFXBL+ BrXpgkbNa8hwIU3Na0mqUKbmdahfoeb15FuhRc2LJFc4o+YNRNIE1LyR3xOZy0SWaNrVvJnk ak6reQt/v9aq5mOIR/9I5NvOJoiJap4jenG2mueJzvBo+HvNyFWGe9W8hsQYHlTzWmI2PKPm dajfp+b1ZL3hNTUvkiSjUc0biNU4X80buarIXCaSZ7xRzZvR/y41b+HmG3er+Rgy2fQx/cY5 jUHVs5JX9KzkFT0reUXPSl7Rs5JX9KzkFT0reUXPSl7Rs5JX9KzkFT0reUXPSl7Rs5JX9Kzk FT0/SiQygRSCipFbQNzESYLET5rA9STEvmPMj5oASx2ocSPnIwVomUk8IIlUo47+lcIQRtGS C58u9G5BWoee17BvJ3OTWtS50cPN+jnAXsiqY319KDWhzsfalPFuIJDADvWv761FaTVyIcxF +zRDYgj1LpQo5maMrkO7j/2dPonhlNhf7HNBgjIn7SFhjX42p4v9DUW6lrlsrfWocbC/8Bdk q5DYp4Otks6rrMOJlnwm2ctqPEyiAzpS6sOzeCHHwzQWUFH6UONlsyoy6TpDUQjojAG2FkXf YW0r2OlMfmhAYn8RciXTgpv9fUL61yJDrERXHIrYQ9GZMovEsPvUdfmZbmtZzz7E0SuiWlvD ximrXoVyAfOHaGuOZtK8TMJapodm1fLR+qYWU9bvYvjp+hW7BJk30E9lRmprCTICkdUoGFeq fZpQWqdKD2EVioVaIlZyMB9xoNbbb11hb3YCiYPN71TnLxjE66detk7FPmH7T43smiKyRPUi t+pvRZA4Ga39x4/tN37wHeFSfVtZqUNd20rWqmB1qdqk+OuYV9O1rGL2DI8ZvLX+n9rdfZ6k 2G0xSm6Ggc5/HVtJqJ+Nx6kI/FErcKp7MsRW6WJ+Ph81TpLD7D8GfeqY/DkMlTI2xP6W6VRI HAdLUipg+78/8gIm3Ys+Ifgdxb+SrSAACWtRS61bz9ZCd1V/qeF6erIoFlgVkbecYVY8ei3z xCaGMMT2XBM7I5TRElsD3a8u5m1uNoeioVo2Nqy9WdDffJyWythgVIuy1+uYTvr272o2l5Pt 78HmVcq0rxNe1Mx0WBfZD3WsnZ44ygrCeyDAVupTd4Eiy8VSuqsHrpu2K6dHDkaNYd7pxbpc kf18OSrfZZKvXEd90sMnuKSewYr3OPudhZevvc9f++OaFqUBuhJlLUpECHt9MBJd6tj56mPn rON7V6ro2dFPpy7V+wfuAapV6nnNbGQdO6voalwRObSnh513/5mF/qf2Rd+eGKf+fWGHGqUK mK0CZM2j0oTCwmJpgdsZ9Df560PSNf5gwB90hNx+X4E00+ORqt0rG0JNUrWryRVscdUVXOPw uGuDbsndJDkkr7/OFfRJTQ5fk4R2d71U7/C6PWul1e5Qg9TUXBvyuKSgv9lX5/atbJL86Bpy eTHSVyc5/UGfK9hUIM0NSfUuR6g56GqSgi6HR3KHMIezKV9q8jqAwOkIIE+HeJs9IXcAIn3N XlcQPZtcISagSQoE/cBNYUO6x+NfLTUAuOT2BhzOkOT2SSG6DiDDEMnj9mEuf71U617JBCsT hVxrQhjsXuUqkNRljm6SvA7fWsnZjMUruEMNmN+1Wgo6sJagG8vGQIdXag7QaSBxJWqa3OvQ PeTHglrokhzSakfQq8xF1exscAQBzBUsiKh+anhOrIeufyo1TdESqAiLkooKJk9Q28cq7VGG cEHbmNSB2Va6KSoXYAYddS6vI7hK8tOWqGL94OZmSsLaFvvcIYy/LuQIKSseBwF+NoETlgwF 3a6mgvnNzhxH0xipziXNCfrRGgoFpo4bt3r16gJvWHiB0+8dF1ob8K8MOgINa8c5Q/V+X6hJ 7Urz9Q4sYBXtt9zfDEWvlZqbXACBJdFmyQG7uoJed4gCql3L4M1aPH8mWoOsAKvXNSv2Xd3g djZEjcWn2+f0NNdRXfilOndTwIMJqAUCQTc6ONHL5QsVSOG5/T64R457jOTy1tJBfaJ84c6D ImLdqYND/U1Qj1PxwsjsTK+qrGkMQI4bs2AjUNUH6Xap86/2efyO6EmB2aEgheIjFvA3hwLN Iai9xe100T4NLk9gwIKuxBbMEuPqXPUObKkCR1NgDX0eY98lnEo2Dfon1Tn0MND/D4LoZZnE qs+c9H8azMHnHkIiz3GD/8QL95nNHPpwL19pf4uF9ucbrrR/bCztL4hX2t9qZf0fudL+cXG0 v6biSvsnJKB/PPsmbhHPfrQ/feLOUr9Z20KySRrO5tGknExi3+48j/2FeCe5GWdzHVmPc3wr x5P7uFjyEGclT3Bp5Hkug9B3AEe5KvI+t4Kc5W4i33F+TuSauSSuhcvm1nPjuS1cKbeNm8tt 55Zw7ZyD28V5uGe4Ndw+7g7uIHePUMk9KNzHPY4l7O2Pj3v+v4HvSeB7AfheAb5jwHcK+P4D +GTgMwNfGvDlAd9k4JsJfAuB7wbgqwe+W4BvA/Btoe82gO/XwEe/G/wP/fEJq6PwxQDfcODL Bb5i4FsEfPXAtx74tgHfA8D3a+B7Bvj2Ad8R4OsEvs+A7xuuijNwK7hU7iZuNPAVAV858C0F PidQ+IFvA/D9C/A9AHy/Ar7fA9+/A99R4Hsf+M4B34X++LSBKHyxwJcBfGOBr5TdDOchHi8l dwHfvcD3K+B7GvheAr7XgK8L+D4Dvu+4HE4PfGnANwb4SoCmAviWAd8q4FsNfHcA307gexD4 fgd8zwHfQeB7A+lp4PtauI/XYu/E9Men3xCFLx348uj/uQV884CvHuntwLcb+H4LfC8C36vA 1wl8nwDft0Ck5zKgsxxuFPCVAN9c4FsBfI3A90Pgawe+nwLfY8D3PPAdQs3bwHcK+L7i9vGE O8gnCZX8KOCbDHwz+uMz/CEK3wjgo3egpcDXAHx3At9DKP078HUC3wXSwCVzPDeRi4U/Wbnr gM8BfK3AtwP4fg9k+4HvLeD7GPi+5Vr4OG49fxW3hR/LbeOnc9v5RVw7fxO3i1/FPcP/EPjg f/we4PsD8L0GfH+j55yo40Rdcbm9tbV1c4AVbrXb16DUE11oFXlOFOz4YQUDJxodrY7WatBP yE/IFpCo50SxrLa2+p7t29tYobSsbOPGtrY1ohaCAhUVFefoWB0RtZhPsoqYj7b0SJJEJSsC 8NOGMTotp9MVV2xub1c62e0QsLn9JK3XFla0trbXsHpRVDqx/oV0hoBRL4sanVhqtVohuUPs k2Q92Servb1dWRNRFhVZIC3oDJzOeAOpay1v3cIWx8Qro9SZNm9mCFgtcEFA1DxWnYbTaQKK LC1GF2O91pN6DafX2M/R6hompoJKDNDZDJtbH2BfF/Aq2QybYEh5RUVVlWQHMF7UKLhIq6Dh RW1V1R6qK/3wWiof+r1Cqxk50VTT4bBfa6+272y9p3UzqL/VRE40ZDhm3n77xk1Mqn5NeXl5 j2o13RVYTcfp9KXlbZvvbzDoOIMe7cvqUDwXZTbWoNFolG5RdjPpZQPs1me4PmHiuShxmzdv 7mc5A88ZFMsNbjoqRhnGssXlbW3M01ktsNHV9c0kDm46UcNRK6i2o/2hGYpfsd1mbIPFOGTK me101HaFsJ2B5w2q7RTjGajxDCJnEDMyWW1ZqUGPlU2HLmG01p5+pVaDwBk0ip5pycwZLFJh YVVVTdWeudJcqVJqs7fZDQbOYJRaC1uvRRSjNAu3nI2EVWeQTGJvpRPdjuOvDEc1nUAszSor K19DRepRMTwLZtVo2tawyXup8umcBpE3GGfO3LiRbWK9jtOLpVR39zcYdZxRRBfojypQr+X0 OmpcWNeoRxPPa9SedBTVOHxojUUvG7WqfdkcHegckQm/ihYLayl2Jar6jAJnFCKqaNUbOb15 eWu9vRy0mbkyQ6iOZXlqaZjaqCd6MX9CVpayZGPUQkSrlYLXLqtRhOqInnp5IcAYNJxBK0nn 2HQ1TF65YnI6tanNvt2+HXtIMTqdQg+VlucUAiLDqlX3B2lt1Wh4ow5232MUsUDV8LA801XE 1j20yEyPsrrgPtu3Gi2cMUZKLcypyqmqqmqvaJ9r3WrdJLVJRgNnVM0fdoBNzAFYQ58D9LkA mzfiAq0Ab9Sb4yXmBFRdvFGMOIEd1jSqXjDQDUw6ziRKUX6gGJtFEpMebXx/RxBVR4gRZZNW L4ri9ChPgI0yKKT5k4Chn2SYU9VF2BdMAmfSSFHOYOL0lhs7nFIZiG6JNvv/HmegYMPOoHqD iXmDycCZDFcRqRU+zr5DSiFqIZOI9c+Qwq5xsa+8YVAFmCycKZY6RyF1jirqHHAPOEebRGcx Uffofz5QB2FN0Q7S5yJ0QsP0zMyZM8uYM5pEVMXEMR/h+bY1Jj1vgpNEvAS2Nplm9rkJjQqG 6Sz+bw+Z9ZzZQPvdWEvjxP5nWWgJ3znMIlo5juPD3cN3h4s0tsWKsrnPVxRnMYlRwuEtA+S3 tanqIWH1mAXOHFEXC/YmTow4TNhlGOawCFYIX2BMfS37n6XaiF4dQhkLiNRtmGw9rkKlZfAb nKhGLWfUSVKPMm+ASS1j0RLrBAgzNRGcx349blJOqB6KFkVoPWtkTg6NIGaBN+si0Kn7aHmz nl4bzEbObIxtTbUXkhpQR4QcZDqBRs2GGa30zT5t3MBSpVPvwMYacluUBLOGM2sLCwtr2E9H R4c5ljNbizOKM0one0o99OdVz6ve7X++/2DqwVSziTObi2soeToo1TN6qZUSawTCDkVYByX8 7MNCFYTGGWR86/hWepN0qhhVEAb8F0tSW5Vf6NHHIT0e0QW47a2ELtwgd5iJmaRGUSEjNmdh DSVlwho2ozInDbzGGU7nSy+9dOBwi0XkLEa6Ul+TEz8HTney2Di8lqHcv8ZiQDsu3CCBzMCT oZO8xOgAOUxaWCA1DK+vP3CRdrYaey06rkMgCP/kqlYKTqE+eCeJud/8uu1rBkI4cMCi4Sya wkJCIvpXa1SD0BqDhTPE+gJN9ztTFTpQSImtLiKIlTKUuQ6sMUe1ne6kVu0PRadjFyxPIDwF vReU1tYEioebt6+hx7GusPCiCiDAZDuViQ63UDgxB1IPpB4uPFz4bs0NNU0dt3Q4WmFDg0Ex rRMPO9k4VYpBhczIFi1n0aWmphYqCyMdHVo9bxHr6199dbP69sFIHuKXEcG5NughiSuDrlVk qscR8pH5aOGuqy6ToFQiy+ytgw7P84lqiYOrxJAkVq/U8HgCiyXJIGEuDkcysnrRAokUXl89 T4JTKH3o+x8rSWElATPERaRriAnPbMPUkhYmTSBpJN0ZaAqQX7L0MZY+ydK9LH2RpX9a5Qr6 yMssPczSYyx9h6UnWXqapWfo20vyJU05HUvTWFrA0jKWLmFpo3eVdxW3gaWbWLqDpfey9Gcs fZilj0fe4vyjlLvClH7PhgAdIDAiT387//+ujocdLP/0ZwzJIAWkmv22bCPZiSfup8ifyFHy AfmS44mBrVRUV3uG0H+jIGBcIg4gjj4rc1OVz3XlyufdC6PGwN+OPdS//BXfv3w+v3/5m9T+ 5Qt7+pVxQPYvxzzcv2zN7l9OKyMGPqqcrotq1xFu7PX9yxMewqcRPp1DqrCeGIzZCFUV8lXk Nv6X/Ntkj/BT4afkmCakeZC8qT2h28kJxgeMv+aeM/7VNId72bzEvI2/xvyg+RS/1vKY5Un+ D5Y/W47y+2MqYhbyR2Ovjr2a/xvhgo/QtemC5rODkUUEZVnyo2iCSuIgVGpZF6FW0E7QbtBR SjFkIFnEGGNMfuxplc5FUTcl642DUr31xTDF6eJSI7RVpY5B6CjoeOL0KKpQiLUMoMQliZ4I BZPaQFsZPTIYxR1N2pv0ckouo2WDUn1Ke4QeS3kyQu+odBJ0OuVMFHWzugGUKqHX6VQptSW1 ZdjHlGgutSVNl5aaVp22Pe1A2hFKSm0fpZ0ejNicp9POKZRu7CMqOd3K5EuUR1Rm5keoLHNZ hHwqtYLuzWzNqgBVZz2bdRj5Z7Oetc0fWT2qhtG6USdB3dm/BT01umH0BnDD6LacyjESpdEN Y6aP8YA2jtk+ZmeuFZSdtx30s7xH8h5X6cjYneOKx31bmDh+L6hjwq4JnRO+nXirSpsmtk/8 2aRzoN6iqskPTdlPqXhJ8T2MjpaYS7aqhBLKW0sOs9LhkuOgrSW90zZP21uaY7/Xfu/M/LKn ipcovfF5WOlV/iztV35g1u5Zj816dnbW7D2MDs0+xejLOWRO8hxp9pfILQTVzemtMFc0ztWA cueeR79DlbWVtXMWIg3QHKilsnWebt5IRrnzE+engYrnTwffA9o1/+KC5AXSAmn+rgW5C9oX tKMeLQvrwbcuSJ5fvLB7Ebm2tvr49Y3LpeW5yyc5DtdOqn2+tjP86YwB3d8wvaHK/bD7SffZ RmtjWuPIxgmNxY2VjZ7GlsbWxh2Nuxufanyx8VDj8VUtq+5f9fiqHo/Ok+op8BR7VngaPFs9 v/Uc9pzz6rySd6rX7l3ovdG7zrvb+7z3mPc978feb30aX7av0Fftu8d3wG/15w5W5y/3b/C3 +//k7wxkB2oCDwXO3JI9WN0ty275dvBzSD2Joqj/SRKU+oieEcElfaScDgP3Uv+9oPjzoCdH +PSIov77P7i9j+huD+7qI2Wf03MwtnvYxym5OEuzSg7j5GPnKPvEmWl90bIbqzDGnraI4XMv LtWSFbc100fHms/GkL7zT9XGOjaGqL3WxRjDWqK19Dylfel8cVtpfVhTcako5eM0NsYYLVlU GsbsjD2NzyxGfSf8hAEn++6+szzqNDdS3Jed4N2XneD1yrmNE1sXPquZHLrq3XFbYwg9jejp BnscQe4kPX+UM0Y5rXCyUUv5ItbDqUVLfTaEhqmMM+lGVn8uc5kiE+dp1BmqnJGRU3DQM1A5 Xdn8y9RTryx83qE2P3NZ2hHkIX/83srapEeUeMI+ETtS2hExHknaG4kI6kkf15H0SF9UUDyL xhjW+xHaA2OXJe2lLawGvWh9XIdFDHtbypNo2wrZGM/yrLYvnkVHNIqFRa9w/OqLYHtVdP1j Vr0aqR5jUUqJTbkoK3Ni1tmHktpS3gGKk6pmFe2y/ZMSpct0o7JzqM4Uy2b6qF4zfXTNKScT p6dQ7R+h+o/ag/lpp7Gqk9QLwt5AJSraRt8ztB8iS4XCSmzJqmDxIIpobFHiCotM/0Vi0SyK BunxbH9SY12ELh/BYtw/RSwKXjk9/p/TQE1RikTQ7yEWU6+YWJy/QhqoHXY7iKLL9cduDVFE /Vix9D9Hl0v+x+iujBQ901tDjHHK/lm7i49asuh9g9ESWjNlP71j0FLxklm76e1DaaM0qXdS L72vKLUsWhxXiI6x38vuNPT2crjkMLuZ0NvLYYxYgptBmnqDAFUG2L0hjd4saJl90jsF7XOP QrQH7QNSa9JOzxtJbynY53sqA/RGQ28zjA6xmj30NsNKhyoD9BxR20C4Ez02+xS9+bCbEGF3 IBC7/2jYTQl96a2n7x40+1DJcbbio3StCyRlpVP2q6gSFYRzFjLZ9F5FqCxF7oC9dpnFou08 qkYpER3XIT8nLJC3CYtJrLCMmIWgfFD4I5mMFot8gosBp8vvcsPBHfLraP2E8Mh9KiyWPyQc 0m8Ij3SfsEx+mcSS38gXyX75Isb+BWP/grGnMPYUV0MSOAeZy9WSEZyTZHF1xMKtIvEYORUj ywWPvJdwkPsR0aCvGX0T0NeMvmYm/yP0OosxFrkTcjsh9w3IfYO7mWSi/0j0X4z+WeifDdkj ITsL0nYD73vEhNyjWF+ccKvcLqyXb8L6SoQP5XuFU6RQ+IjkC38nucIn8nHhUzxV0tmOYrb3 iYjZ3sZsb4c1gJZhaNEB7TZIfpv4sOLZxAqeyn53P47UyUeJC1wPbpK7SEg+Q5rBLeDV4DXg tXiWXSe/Qn4IvhW8HrwBfAcpIW3gO8GbwHeBN4O3gLeCt4G3g58js8jz4B48B/cSichE4giY A7vJtdwBko7VuoUlZJpwA9ELPwB7yGbhNnKVcDv4DjJC83P5Fc0e8IPgo6RE8wb4GPhN8Fvg t8HHwX8DvwN+F9wJPkFKtInyUe2n8ivar4lO2438N+Bv5Vd00IVuIj6vJuN0dny2yEd1q8Fr wGvBt8ldulbw7fIZ3UbwHUSnawPfKb+iLyLp+sngRiLpV4G94FtJiX49uA15rF2PtevvQ/5f wbuRfwz8WzJLvxef0IX+Avg7tF0EXyKSyJMS0YDPR/GJvuJvwC+QdMMKks58+DT83ci87jQZ Bs/9PTz397D5Sth8JWxeDZtXw8MK4GHXw8M2wcMWw8Pq4GFz4WGVil/JRcISeYewVF4H35gM 3/gJfKNG+KP8sPAhGQ//EoTT8pfCJ+QG5lvvotcJkhS1U+7GfHdjvt2YbzfmK8R8MzBfAPOV Yz4n5puG+SZj9ArMdQ/m+reouXZC/ouQv5jEQ+oXkPoFpD4JqU9C6hOQ+gSkpkPqGEj1QOpE SJ0AqfmQmoNVvAfJLkj+C6ROhMRHsAvT5Tcx8k20voKaH5PhkN0B2R2QvQ6y16FHM3o0Mw39 ADukBsgdpAnyiyC/GvKv5txyF+Yo5O7HuA75ecwzHfNswgo2Ya4irGAjpG8TPpAvYhXnhY/l bqykQPhU7mW7/TxmOo+ZPsdMn2OmBMySj1kaMct4zDITs4zCDGMg/RgkHSManGYPw/8tsK4F NedxSgVxdjxA7kDaBr4TvAl8F3gzeAt4K3gbeDv4kNxD/gJ+FfxX8GHwa+Aj4NfBR8FvgI+B 3wQfB5+QL5D3wF3gk+D3wR+AP5RfJ6fAH4G/lN8iX8knyXnw1+Bu8DfgHvmv5IL8AvkW/B34 IvgSuFc+RWScnQTMyafYKbhC7hRuRP5mfNbIpzRH5bOaN8DHwG+C3wK/DT4O/hv4HfC74E7w CfDHco/mE/Cn4M/AZ8Cfg8+CvwCfA/8H+EvwV+DzYGDR9IJl+QVtsvy6fp7co68CLwYvAS+X T+p/gM8asAvt9WC3/IK+UT6lXwX2glvQdqt8Vr8efBvyG8F3gNvQdhc+oXs9dK//EfI7wfeh fhc+/xWfu1H/M+R/Dt4DfhD8EOQ/hvrfIf8E8nuRfx75A+BO8Anwe+Au8Gn5gv7v4I/Bn4A/ BX8GjGfAn4PPgs/Lb+m/BsMmethED5voL4BhE/13wHARfAksy6+LRD4pcvILIi+fFQ3yKfFR fAKL+Bv4Dk92kEQWFQWyQ/4EuUPw8yNEixI9K9agtBJe/5LwGsklHGq7STk8swue2QXP7IJn dsEzu+CZXfDMLnhmFzyzC57Zhd6fwtN64Gk98LQeeFoPPK0HntYDLzoDj+mGx3TDY7rhMd3h uCncRLSCA1wrfyA45Q/gNV3wmi54TRe8pgte0wWv6YLXdMFruuA1XfCaLnhNF7ymC5bshiW7 YcluWLELVuyC5bphtS5YrQvW6oalumGpLlilC9bogtZ7oPUeaL0HWu+B1nug1TPQ6hlotBsa 7YZGu6HFLmixG1rsgha7oMUutmM7iR66nMnuJbfKP0TcXiwcIaOF1xHB3kDko/qlt5BjWOGH RIPSFpQWojQJ+t1NliGe2hBPbYinNsRTG+KpDfHUhnhqQzy1IZ7aEE9tmGU6YuooxNRR2K9H sF+PYL8ewX79EPv1BPbrCezXE9ivJ7BfT0DTMvZrJ/ZrJ/ZrJ/ZrJ/ZrJ5DWI+YWY48exx59 D3v0OPboe0ItyRZwL0EMbkMMHokYnIkYLCHu2hB3bYi7NsRdG+KuDXHXhrhrQ9y1Ie7aEHdt iLs2xF0b9mEn9mEn9mEn9uER7LsT2G9HsN+OYL91Il7aEC9tiJU2xEobYqQN+6QTcdKGODkK +6QTsdIG3z8C3z8C3z8C3z8C3/8Qvv8hfP8EfP8ErCTDSjJ8vxP+fgT+fgL+3ol4akMstSGW 2hBLbcQEnbdD57/Aif4yTvTXofvboftnYL0/wr9nCUdxoh+Te4U3iZPZ6330PoVepxB3d9BT Wm7E2Fcx9hnUbsTYHfTGhrGVGNuNcStwV9ohP4WeO9HzOHq+gZ5e9HqNecmjTNKP0b6Fxa+l zB8eYDssKB+GpDKG4k3czWj/oyzef/V/eLv3+KrKO9/jKzuQBEjwjlVatd614t3W1mrrdFq1 akvr2Hqr1kxrteNMp9MZtXMORXdtLRWreNcy4q2m4gUUNRSEiIBAMBBjyMVskpCYkKwkK2zI 3kTBPue9U+yrc17nj3P+OX98uvZee6/1PL/v9/f7Pc/aAh3737xdwNSww8qyI5pYtFd0SNEV uBH/jJ/gX/FT/Bv+Hb+NDokOsCo1WJUaXLvVtVuL3rBrvjTMM+7DRugd22c9Hh1bvDQ6vXgF uuxzu6NL7Db3txs42G7zqOI+r/vNLY72Lh6ITo+uGvvbzr/HXDyGeXgcT+BJPIWn8Qc8gyr8 Ec9iPp7D83gBL2IBFuIlvIxFeAVv2D0X/k71m1iJVViNt0RS+NvRa7EOtVhvt3KFVfvqsGRc XWgbtwEbQ9v4A+zezKfEfEreC20lm9X0sTgOx+MzOCW0lZ6K07w+HWeEraWfxRe9Phvn+Oy8 0FZ2WBgs+zQOxxE4EkfhaBwD9y1z3zL3LXPfshMwDSfiJJyMUzDTvW7F81gatpaJrUxsZWIr G3IuCYMTzsPloW3CFWFrVMrHVj62fvyMwrsVPJvi6eBwu4grogl2zxcUX+14TXRBNFmGTJUh U2XIVBkyVYZMlSFTZchUGTJVhkyVIVNdeZgr/8mVh7nyn8aunOzKya6c7MrJrpzsysmunOzK ya6c7MrJrjzalce58mhXHvf/fOUZe648w07zSs8110QnROPF2SbONnEuF+dycb4ytv/dWdiN jj3nve3zt+Xxfs5cJ48vG3u6KdRIHP1OZsYyM5aZscyMZWYsM2OZGcvMWGbGMjOWmbHMjGVm LDNjmRnLzFhmxjIzlpmxzIxlZiwzY5kZy8xYZsYyMy78aw9G3CI7W2Vnq+xslZ2tsrNVdnbL zmbZ2Sw7m2Vns+xsLno7ZIvqsAEbQ1a21svW+nGrw/C4t7AGa7EOtViPt1EXmmVzs2xuls2x bI5lc1zyx5AtWRiGS17Cy1iEV7Dc+TrHDTCOrG+W9XFJV8jK/FjmxzI/lvlx6QlhuHQaTsRJ OBmnhGbV0KwaWlVDq2roVg3dqiFWDa2qobn0a+51nuP3wrCqiFVFrCpiVRGrilhVxKoiVhWx qohVRawqYlURq4pYVcSqIlYVsaqIVUVcdqN73RKyZT/HzNCsQprLbnPu15iNu/BHPO/8C77z IhZgIZaGblUUq6JYFcVlm5zr990h301Ca9mw99tCdsKZYVhlxSqrWWV1T7jSues8h4zKrC0y a8vYv5NwHI7HZ3ACpuFEnISTcQpOxWk4HWfgs/gczsTn8QWchS/ibJyDL+HLOBd/h6/g7/FV fA3n4XxcgK/jQlyEi/ENfBMzws6iX2AmbsVtSOOXuB2/wq9xB36DezAH9+I+3I8H8CAeQuFf hPg95uIxzMPjeAJP4ik8jT/gGVThj7CaFc3Hc3geL+BFLMBCvISXsQivwMpTtAJvYiVWYXXh 36TAWqxDLdbj7dCrUnpVSq9K6VXpaZU+Q+co1SvO0jkKvxScNW5x2DnuT1iCpXgdy7AcNdA3 xq3Am1iJVaiLysdtwMaofPwB0cTxn3A8CAdjKj6JT0XlJfQpecTxcUcalNBAxfWWLPDeOCXG UWm9Jesca2GeJU2OzWhBK95z/WbXdXq9BV2htzSKyksPCjtLD8ZUfBJH4EgchaNxDI6NJpYe h+PxGci5UjlXKudK5Vxp4c+ayqtSeaUae0vlTlkFJmMv7I19sC/2w/44AAdCzGViLhNzmZjL xFwm5rJDcCgOiyaWfRqH4wgciaNwNI6BuZWZW5m5lZlb2QmYhhNxEk7GKfjnsLPs33FL6FXV vWUz3ftWyL+yefiD18/jBZ+9iAVYiJWuXYXVeMvnm5xr9/0O0LKMlmVDzicY9tk2ZMPOCept wrmO50UTJ6iVCd/1+nLHK0Pv2NoSq/BYJhbLqN/IqCfHzg45O2TFeceKU/jVsG7sbLez3Xu+ O8t3/ysa5+z7zr7/8W9s0fjU+eF6z/CL7Kf33/OL5I7ohJSOljodnwuDqS85nh/eSV0Q1qcu xMVhkztu0f17dP+eiY+F9RMfR12IJ27ARtTjHTTgXTRiE5rQjBa04j20IQMdfmI7OtCJLehC N95HD3qxFX3oRxzi8p9aN1Opy+xg/81T2UGpL4S+1FcwK3Snfhu61ds0tTbNp+9MfCT0TXwU c/Ekng3dExfiZbyC17AkdE+6B3NwL+7D/XgAD+IhTyrjKTNAlYIa66lR2I13Rocae56x56Wu xA/wz5gVWsyjpfCUZfx5xp9n/HnGn2f8FuO3GL/F+C3GbzF+y8TlPqvBCqzB+jDPnFrMqcWc WsypxZxazKnFnFrMqSU6l2tprqXNrY1rafPLcW2EayPmucFM2syk8MvqNPM9QDcaT52TdaPx FDrZPn5WYS/C0RGOjphdm9m1mV2b2bWZXZvZtXE6zek0p9OcTnM6zek0p9OcTnM6zek0p9Oc TnM6zek0p9OcTnM6zek0p9OcTnM6zek0p9OcTnM6zek0p9OcTnM6zek0Bdoo0EaBNgq0UaCN Am0UaKNAm0xIR1+hQiUVKnlRS4VKftSmzufNrDBd9NNF/1VPL3d6evkdFb5OhSlUOI0KU6hw GhWqqPBLXtXyqpZXtbyqpcZ0akynxnRqTKfGdGpMp0YlNSqpUUmNSmpUUqOSGpXUqKRGJTUq qVFJjUpqVFKjkhqV1KikRiU1KqlRSY1KalRSo5IaldSopEYlNSqpUUmNSmpUUqOSGtOpMZ0a 06kxnRrTqTGdGtOpMZ0alVHJnqe+R0T7qGi/I7rfiu6RsTpZTZvVdGmiSxMN9hX/vj69X+yr xb5a7KvFvlrsTWJvEnuT2JvE3iT2JnNoMocmc2gyhyZzaDKHJnNoMocmdXKDp9SLC79FjvWX /d09G01LfSv0q9j3ffpG6sdhWeqfcCP+JTTv+eVtld6yauLKsGzi6rBs0orQP+lNrMQqrMZb WIO1WIdarMfbqMMGbEQ93kED3kUjNqEJLWjFe2hDBpvRjo7QP/mbmA7zHXuijcfmnlPfPeq7 R3330O0Uup0y1l+W64c1WIE1WB96zD1n7jlzz5l7ztxz5p4z95y558w9Z+45c8+Ze87cc+ae M/ecuefMPWfuOXPPmXvO3HPmnjP3nLnnzD1n7jlzz5l7ztxz5p4z95y558w9x4fLQiu1aym8 9q+/4xQiWhCdIqJqn7f5fJgb27mxnRvbfbfJd8/fUyWFXjF+T68YL48e5c527mwXYbUIq0VY LcJqEVaLsFqE1SKsFmG1CKtFWC3CahFWi7BahNUirBZhtQirRVgtwmoRVouwWoTVIqwWYbUI q0VYLcJqEVaLsFqE1SKsFmF1dIYoqvhSy5fa1A3RJ3lTa/azZf87sr9fFFWiOHBPrR+4p9Zf psEzfKvlWy3favlWy7daUVWJqkpUVaKqElWVqKpEVSWqKlFViapKVFWiqhJVlaiqRFUlqipR VYmqSlRVoqoSVZWoqkRVJaoqUVWJqkpUVaKqElWVqKpEVSWqKlFVRaV82S2KO0WxURRNorjT rN8y6y3RJPEuF+9ysS4XVyGmA31SJZ7l4lkunuXiWS6e5XLgpvDn1M243eu7HB8o/CrjbJK6 XWYX+d9RffLmMOpVY+rX0bjUHb7lySX1YLRX6uGwK/VI2DVpPp7D83gBL2IBFuIlvIxFeAWv 4jVUYzH+hCVYitexDMtRgzfCLvO6OXSmZoRe89uSuj8MpR4KI9HlqX8Lb6Z+hltk6c8xM9Sn bsVtSOP2aErq1453h/bUPaE5NQf34j48rMfpZ5POD29OugBfx4W4CBfjG/gmpuNb+DYuwT/g UnwH38VluBxX4Epche/halyD7+NaK1El/hE/wA9xHX6E62HOk8x5kjlP+iVux69g7pPuwG8w C7/FnZiNu/A73I354ngOz+MFvIgFWIiX8DIW4RW8itdQjcX4E5ZgKV7HMixHDd4Iq7l9E/V+ Hd6lYmvqQc+UKXmwnf/5sdwYjMp8o4tDeQ5tT/2ikDfRYa7odkXn2BX/yqkaTtWk/sPO8WbK 3+L4c/ynHVnB11+4cqa90624DWncHoJVqMYqVGO0kdTvuHZP6OBiBxc7uNghFxrkaxM3M9zM WJFqrEg1VqQaK1KNFanGilTD5Rou13C5hss1XK7hcg2Xa7hcw+UaLtdwuYbLNVyu4XINl2u4 XMPlGi7XcLmGyzVcruFyDZdruFzD5RouD3J5kMuDXB7k8iCXB7k8yOVBLg9weYDLA1we4PIA lwe4PMDlAS4PcHmAywNcHuDyAJcHuDzA5QGrao1VtcaqWmNVrbGq1lhVa6yqNVbVGlmQkQUZ WZCRBRlZkJEFGVmQkQUZWZCRBRlZkJEFGVmQkQUZWZCRBRlZkJEFGVmQkQUZWZCRBRlZkIlu 4GAPB3s4OMLvpVwsONfAuWbOJZxLOJdwruD/BP6/xL0O7nWk7tQrCpV7d3iKg50c7ORgJwc7 ObiZg33y5E0uNnGxiYsdXOzgYgcXO7jYwcUOLvZwsYeLPVzs4WIPF3u42MPFHi72cLGHiz1c 7OFiDxd7uNjDxR4u9nCxh4s9XOzhYg8Xe7jYw8UeLvZwKeFSwqWESwmXEi4lXEq4lHAp4VLC pYRLCZcSLiVcSriUcKmDSx1c6uBSB5c6uNTBpQ4udXCpiUtNXGriUhOXmrjUxKUmLjVxqYlL TVxq4lITl5q41MSlJi41TSrsr5bidSzDctTgDfuqk7mU51J+rBpvj/bhwggXRrkwyoE8Bwr7 91HqjlJ3lLqj1B2l7ih189TNUzdP3Tx189TNUzdP3Tx189TNUzdP3Tx189TNUzdP3Tx189TN UzdP3Tx189TNUzdP3Tx189QZpc4odUapM0qdUeqMUmeUOqNRiaofssZUpO60tswuzNjROhNd L7Y+sfX9tXfM9AR6K25DGrf7pvoR60AhTpnWJ9P6ZFqfTOuTXbHsisU/IP4B8Q+If0D8A+If EH+f+PvE3yf+PvH3ib9P/H3i7xN/n/j7xN8n/j7x94m/T/x94u8Tf5/4+8TfJ/4+8feJv0/8 feLvE3/f/0WPiGVfLPti2RfLvlj2xbIvln2x7ItlXyz7YtkXy75Y9sWyL5Z9MX0H6DtA3wH6 DtB3gL4D9B2g74Dsi2VfLPti2RfLvlj2xbIvln2x7ItlXyz7YtkXy75Y9sWyL5Z9seyLZV8s +2LZF8u+WPbFk94Ye9q+PWTHfs/+LK8SXiWqe1B199A+oX1C44TGCY0TGic0Tmic0DihcULj hMYJjRMaJzROaJzQOKFxQuOExgmNExonNE5onNA4oXFC40SMiRgTMSZiTMSYiDERYyLGRIyJ GBMxJmJMxJiIMRFjIsZEjIkYEzEmYkzEmIgxEWMS7a335WTgRzLwo8LqN1Zhdzp3t1x90Leu DR9x+CMOf8Thjzj8EYc/4vBHHP7I3u0m+xm9X5bvtSfLe2T5FFm+j3Xz4wqeER2b+kV0sFVv 1KcnUjH3/6NCx3Z+hZ3emrFXhRhHomKvPvDqA9Hujv7BHDPmmKFDng75wj5RNONVX6L6ElFV mPM+3O8274T7We5nVV6i8hKVl6i8ROUlE5eMZUVGXBlxZcSVEVdGXBlxZcSVEVdGXBlxZcSV EVdGXBlxZcSVEVdGXBlxZcSVEVdGXBlxZcSVEVeGL3m+5PmS50ueL3m+5PmS50uhMyUqJ1E5 icpJVE6icpJJBU8fGsuqrKzKyqqsrMrKqqysysqqrKzKyqqsrMrKqqysysqqrKzKyqqsrMrK qqysysqqrKzKyqqsrMrKquyYvh9SMaHvaLR/6lXPKSvCW6k37a1XhptTa8IfUzuslblwb+qD UF9cHuLiipAp3isMFO+PaTjduYvD82P/rf470d7F343K9/xyN8ixp937RZn6pp37Svu4VWFn ajXW6LZrZfF6u+cNdsqeJFObHJvQJ1f7o32N2pzKYyc+NErkabwUZTgo5ItPCb3Fp+I0nBG2 F58VNpQ/E0bKnwv15S/hFa9fdXwttJVX43XvVziuDEn5KqzGOucaws7yd9GITT5vde49bPa+ HV3uEYd8+bD755APveU7MercB96HkK+owJTQW3EgPoFPeX8IPu314Tg6bKg4LTRXfB5n4wpc iavwQ1yHH2NhqK9YE5IK86qoCzsr3nVtGzrQH5qj8ym6naKD1NxEzSFqDlFz5x41G6m5YY+a G6i5gYpDVIypWFBwGwW3UXAb9XZQbwf1dlCum3KDlNtAuQ2UG6TcBso1Uq6RcoOUa6Tcdspt p9x2yg1SbohyQ5Qbolwj5QYpN0i5IcoNUW4D1bqp1k21HVTbQbFuSu2g1A5K7aDQDgrtoFA3 hbZRaBuFtlEoplBMoZhCMYViCm2j0AYKbafQIIWGKLSDQjsotINCcXRkan74l9Sr4XWZvIIy f6DMnykynGqX0X3RjFR/eFxWfz81Ep6R1V+VW28VF4fVxSXhARl+kQxvkuHHFe8dFhTvg/29 PjT6SfFR4UoZf1zxieHrxSeFGTL/VHl3f/E5YWbxueEaK9B9nou7PRcX/pzf08U3hDfG/pTC XmZS8KvPbLqNPMyTrUbuMdqw0RKjJUZJig/1dD3N8XRcGp2lns529XydboW6WKmO1oSNYsmL 43B3anCXde6yyV22uEuzuzSb6yR3aXaXxmiyK9e6steVr7lqP1dtNP5mV77hylZXdriy1ZWt rtzblZtc2eLJ+2njrLRGrNKXV2OtzFtvN70BakWGbZFhW9x1vCuLZc8W2bNF5myROVtkzhZZ s0XW5GVNXtbkZcyojBmVMaMyZotMGZUpozJlC2e3cDZfUfhzdyl3neyuE0VQyPj5Yl9sPn/C Whl7qfguU6vL3fNvs7LD+/fdQ4a4x8pwY6EuPBXMp/yrKmFlqHWmLvUOFxrds50Dl4aN7rUx qjTSo745U311+vYiI8424mxXDVFhFxV2uXoTFfJU+MsdNjk2oSUsdLfFsqs+NRhqiyeiPGyl 7Vbabi2eggPxCRxKsSPCsuIjcVToKz7WueMwLXTRvqf4rKi0+EvenxuGxn5tKfzpkiv+8muX Ou2k9DClh9VpJ7WHqZ2ndl6ddlJkNtULqjxKlUep8qha7aT8LsrvovwuyufVaqda7eTALg7s otxsLgxTb3b5cFRaviNsLR9BzusPotKKorCsYmLYWrEv9oOYKg7FYRBLxVGOR/veMY7Hev+1 UFtxYVhYcREuxo+8vxELwzB3HlW/nZzeVZHx/c1oRye6w8JokqzdLGNbUuvHMuE0in1u7L9W Xm02r0Wp8mqswKYoZc36S6Zu5dEgjwZdUaK/9etv/fpb//+WgYN0GKRDoU8Nin1Qb+rXm/r1 pX59qV9f6teX+vWl/j0ZOajP9Osz/fpMf9HUonvC3KI5uBf34X48gAfxUJhrRrNk0gOy6G1Z NEsWzUotk3vLsUL+rbLDWo01YYFs2pFqcL4xtMuiW1Otetd7aEMGm9Ee7kh1OHahG++jB1vR F10p615JxV4PYDDcnRpyTDAcfpbahqzX27Ej3KDv1VsRWqwILbrAZfrf6tQun+3GR2FZ6s+O IbxeXIQUijEu/Kx4vGNJeEpm3108yevycInusUmGX6JX3qFX3lG8b7hLtl8i26+S7VfJ9qus 1XOKDw6PFE/12SdxaHRZ8acdD8cR4UZVcKMquKn4aO+PwbGuPw7He30CpoVv67k36bl3cTXN 1TRX0yrlAv33seLPOv85nBluL/684xdwVphd/EXHs3FOuEU1XVX8Za/P9Z1Lw4N7/tTaYpV1 t7w6WF4drF+/pl8/XbIlzC09AkfiKByNY8Lcsnlh7oRz8d0wt3xBqC1fiNesaNVYHmapuh0y bZZMmyXTZpWv8flabMBG1KMhOrj8XTRik++3OZfBZu/b0eG6Ld6/79gT7irfin7EYU75QHjE ajq7fJv3WWzHjnCJKr3ECjtbFqdlcdq+ZI5Vdnb5h+H28l3Y7XshzFHBN1akwl0VxRgXblfN l9i3zKmYHB6p2Nu5fbCvc/uBh6ohrRrSqiFdcZDvf8p3D8GhPjsMn3b+cPCw4sjwug5wiVV8 tg5wlQ5wY8Vxzh2Pz+AETMOJOAkn4xScitNxBj6Lz4WfVZyJL3p9ji7yJXzZ66/g7/FVfC3c XXGe4/m4wOdfd7ww3KrT3KrT3FrxDe+/6R7T8S2vv41L8A+4FN9x/ru4DJd7f0VosdNosdNo qfie+13t3DX4Pq5FJf7Rd3/o8+vwI+Nf79wNzt3o9WpdbU2YVVEXHVzB6wpeV/C64h2oa50j XdFK4zbHDI02ox0d3nc6bnGfbvNWz3YwLRWx9wMYxFD4WXSUTvJznWSxzrF1bCe9xhq0Nuze s6v5lQ7wQx1gmequVt0t1vecyl6osrtUb62qbVOtz6nWDap1jmqtU611KnWOarxG9b2qyu5R ZbWqbJnK+r3KalQ561TMqyrmHhWzcs/fPZg19icwr9XjlpjZa1bLjSnP8ma4Qa9bodetMMuc jvyCjtysIzeb7VJ9rteq+ZS1d+vYHmaT101oCWtEUae37RRFq/7VJoKBj3etonjPzrVHFHm7 1x671x49qE3vyOgdGTP8yAwLf4p0hdVxY3lViK2QT1khn7JCbrRCPqVOe9VprxVyo1pdoVZ7 1eoStbpErS6xQm4sr3XderyDhtBslWi2SjSr016r5Uar5UYrRrMVo1mdrrBaPqVOV6irjBrI yPmM/N5pF9tjF9sjh3fayfbI251ytk2OrpGja+ToGnm587/tcK/1vhIf73R/5Ps/du2NjgvD U/JriRVzo5WoWa6skSs7x3a7t1lV6q0q9XLjbYrvlhvLKN1C6d1WlXoq76bybjlyqtWgwWrQ IE/Wj+0B8z7fiQ+sQh/ZUUX8HhcaqLyOyoWd5Xo50ypnGuVMXs7k5Uyj7t6ouzfq7o3y50T5 E+vajbp2ozyq06XrdOk6XbpOLtXpzBkduUUXbuTMbt2zXvcsPKXt5s5u7rRwp4UrLbpmva5Z r2vW65r1umY9B1p0ynqdsl53rKf8bp2wRfdr1P0adb8W3a9O96vT+Vp0vozOl9HlMrpco67W qKs16mqNulqdrlanq9XpahndrFE3a9TN6nSzOl2sURdr0cUaOblOR2rQkRo4uo6b63SlZl2p Wedp1mUadJkGHaVBR2nQURq4Ws/Veq7W6ybNOkcDV+u5Wq9jNHB1HUd36xr1ukW9blGvW9Tr FvW6Rb1uUadT1OkUjTpFo07RqFPU6RSNOkUD1+t1iAYdokGHaNAhGjzH90X7cKKC2iPRGSoy kQu3qL65qm+u6uuSEzNUWJ7vz/B9Md8Xq6xBvrfyfT7P5/N8vgpKVE3Ckxk8maFiEr7MUCGJ qpirKuaqirk8maEqElWRqIq5qmKu7M/TbD6t5sv+PL3m06uVXq2qIE+zVpmfp9FiGi2m0WIa tcr+vOzP02kxnRbTaL5sT2T7XJmeF/NiMa4Mv5HdPSKo9m6HbpIL8+SutVNkI971iKxPZH17 fi+o0zNikdWJrM7sRsyuzuzqzG7E7OrMasSMRsyoz4z6zKjPbEbMZsRs+symz2zqzGLELPo8 FXXpbLmxHVS7kdoLPZaGidHqjTZitHqj1RstZ7R6o9UbLWe0eloktEiMmqNFYuSckduN3G7k dlokRs8ZPWf0dqO3G73e6Dmjt0cT9cknRN4o6iYjjxhxq973uu7crDu36oGvj3Xnkj3PmR2+ 2e9Z8iLPkicXXxadOqZch08yPun867sPC3eMxntXiK7LuyH33+D+Q1HKDqnw36hPsy9vkVmD tP4wZPXgEX1tRF9L9LVEX0v0rRE9a0SPStytXRfPWR0+VPvFegd9oqPdo8Mnhb3sNvda4hu9 1NxOze2+uZmSGSpmqJgxRuHvjS0Q1wsU3UbRDEUzFC38SpCh5DZzWGIOHebQYQ4dVC38erCd qtupup2i2yi6jaLbKbrdHJdQNWOeS8yzg7rbqLt9TIsusabEmooONM+d5pY1t8Tckj05lRXF gPllzS9rPlnzyZpL1hx2msNOcyj09sT4ifET4ybGTYyZNV6hbydjKqyiwloKrNWXu/TlLuM3 U36TkUb14S7RF/50xLt/4+675jfO/MYV/j6D3tSlN3VRYK3RVxl9ldFX6Utd+lKXvtSlL3Xp S136UJfI1+pBXSJfq5d0mc0qvaRLL+nSS7r0ki7PytY3Mxkykz6xbjeDOXv+e3/hObnwtw7f tZa0eEZut9J3OXZbbwbDSmotoNYiai0Swwp10UKxx3jf5E69VHuMao+Ja+WeP6XWwNVOO8IW Sj5Gycc420nNx9RKi1pp4XCn+FaqlxYxdoqxU4ydXO60s2uxs2uxi2uh+CKKL6L4InXUwvVO rndSfxH1F4l9JQceE/tKcXdyvZMTi6Kp1G+lfuueX0Y+GPtlJAqDHGg140EzHjS7QWq3UrvV LAfNcJDKrVRupXIrlVup3ErlVgq3GmmQwq3UbaVuK3Vbqdsqx3L68YehvZBFUZF3/yXfCr8H nBF6ok97Vhq2r+m1r+m1io5aRUetoqOFT62gzcVX8OBq+5DYk/qwfUgO+TBq5Ru17x+2+jXb 6w/bk/Ta2w9b7UatdqNWu1H792H792Er3aiVbtSepfC7ZLN9S69VZ9SqM1pR+JtlpWaw1AyW 7qm8J9xtqW8v9c2lUZG5DEVfGPt/35uDe3Ef7scDeBAPqfVyPbFCBu2l/+wtqn2wv9dTKHog PoGDwm77hn77hn77hn6rV58oO+0TBmXZe57E8p7E8p7E8p7E8p7E8p7E8p7E8p7E8p7E8pQo 7AU67QX67QX6KdJJid2U6KTEbut/PyV22wP02wP02wP0U2I3JXZb+/ut/f3W/H5KdFrzB627 /dbdfutuvzW3fyzeLE3KQ7dYesUyKpZRsfTu+f17aOw7W6MD7J3/zLU81/Jcy+9x7F2Ovfs3 buW5VfjluJk7ee7kuVP4pTjPlfyYI+86tqGj8GcdxjLjEzzp5Emn+2fdP+v+WZ90GiPj3hn3 zrh31r2z7p3hWaf7Z90/6/5Z98+6f5aPncYo7FY7jZM1TtY42ahENMPFZ0bjyz/Ermh8xTgc FI0v9H+rzNUiLPwd5pUyYkl0ED066dFFhy6evs/T93n6Pj+7+Nnlbh206ebl+7zp4k0XL7r4 0MWHLj500b+L/l3076L9+7Tvon0X7bto3xWdYZQRWbTdSCNGGjHSiJFGjDRipBEjjRgp/99U Od37M8fU7zH6iNXv76x+J4riPVG8R60eMxoxoxGq9fyNaj12jnk7x7ydY76isL7ti/1g7P+m 5kE+P9S5w/Cxskd5fbQ9+zGOHyub8Xoz2kFlUY2o9f+TyoeohhEut3O5XTwd4ukQT4dYhmX5 iHl2mGeH7B4xz2HzHJbhI5xuN99hWV6YY4c5dphjhzkOy/QRmV6YY4c5dnC/nfPt5tdhfh3m 1DH294WOKb4mOiZ6OPpBeDj6Ia7Dz8LM6D/DT6L/gf+JGfgFun32PnqwPTwefRDuiT7ELuzG R+GeomOjKUXH4Xh8BidgGk7ESTgZp+BUnIbTcQY+i8/hTHweX8BZ+CLOxjn4Er6Mc/F3+Ar+ Hl/F13AezscF+DouxEW4GN/AN3FDdGDRG2FZ0YpQXfQmVmIVVmNNWF60FutQi/Vh+bh54Sfj HscTqPN+AzZCrOP+jBDuGb9/eHj8FHwimjL+IByMqfgkPoU4/GR83uc78WH4Sclp+DJuCg+X 3Ixb8HPMDDNLbsWvfPZINKXkvbC8NIqmlJ7ieCpOC9Wlp+NsnOP9eeBZKc9Kbwj3lD6JBRjw fhBDSDASHi/NgVelITxcVhTuKauIppRNxl7YG/tgX+yH/XEADoSYysRUJqYyMZWJqUxMZYfg UMwMy8tuxR+8ft7xLcchxyRUT+DfBJpPuDwsj74X7Wt3uh/2xwGYggNxDI7FcTgen8GFuAgX 4xv4JqbjW/g2LoGdSXQ5fhDmyty5MnfuWOb+u5X1P3ATbsYt+M/wrGx+VjY/K5uflc3Pjvtt 2DjuTszGXfgd7sY9mIN7cR/uxwN4EPNc9zieCM9yfe74LWHj+F5sRT9i57c5ZpH3+U58GJ4t KQ0bS/bGPqBBCQ1KDscROAkn4xScitN8/xzHLzt+1VHMJT/C9bgBP8ZNYa7MmStz5sqcuX/N nNvCf5Wk8avwbNmrBW2iOaE+uhf34X48gAfxDKrwRzyL+ajFeryNOnhKjTylRp5SI0+pkafU 6F00YhNa0B1e1hNe1hNe1hNqox0YQQ557MQHYYE+sUCfWKBPLNAnFozrC/XjPNGOizGAQQwh wTC2IYvt2IERFK77M0JYoN5eLr0w1JdOx6X4Di4b+/vRtaXXOH4fP/Sd63BDWFB6k/czcSvS +CXuAH1K6VP6KB7DPDyOJ/Ck615wXOC4xPEtZLAZ7ejAgPsPYggJxK7WakvFXip2NbdAzb1c FoVadbdALxwX7a3r7x2VoBRlKPy7vhMxCeWowGTogpEqkuM/leM/leM/leP/IsevlePXyvFr 5fi1crzw/yQ4QZ5fL8+vl+fXy/Pr5fn10S+jvaLb8Sv8GnfgN5iF3+JOzMafjLME3eEhjj7E 0Yc4egdH0xxNczTN0TRH05G9IldncHUGV2dwdQZXZxRRsej3mAtqFlGziJpF1Cx6Ek/hafwB MrBIBhbJwCIZWCQDi57D86B60YtYgIV4CS9jEV7xDH5ytFfKKpI63fFL/4u5MwGPokrf/ak6 1XWqu6sSdsIuu6iIuAtCXFFBREaNCMomjoCIRlBcQGYcGSXj31FHQSPqjOM4Iyq4gQqRLQKK kLA0S7MHCEslJC4sAULO/VUloAiizuP/3tv9vLWcvU595/3er5JUwNU607xGP2R2Az1FTXOI fs4cqrPMu0Dwlwa9dVfZR49EBXSV/diP1IvkUvzxMlFLrhDN5Er02yoRk1v1IbkNzVco2sjt 7HeIM6TPvkjUsEaKatb94AEwCjwIHgIPg0fAaDAGPArGgtf0YLhiMFwx2FouUq0VIAFWglVg NVgDkmAtWAfWgw2AucTSx2DpY+CZzEhtvRSLnwi/DI7sFVG4JRNuyYRbBtvYko292NiL3RA0 Am3BOeSdy74jwIPCJ4PtSzl+QGfCHZlwRybckQl3DIc7hsMdA+COAfafRNR+HIyjPPfL5n7Z gcWfCtqA08Dp4OJwtT3GKpvIKpvIKhujRotUNQZgUwqbUpPA66RPZv8Onmwqx9M5LqJ8MdgN SsAe/QSr5glWzWOsmscU9qUOAOyL1TOR1fMYq2eMY4pU5xS91GkKmoHmoAVoCVqB1oBxOozT YZwO43TOAG3BmaAdOAu0B2/RFuNy3ga5nH8O5uul0av00tir+qHY30GuzorNB0tEaiwP5IOl YBngnsa4pzHuaYx7GuOexrinMe5pjHsa457GuKcx7mmMexrbCDaBzaAAbAFbwTZQCLaDHWAn 2AV8kRqfK2rG54Fc8DmYDxaAheAL8CVYBL4Ci8ESkAfwtPGlYBlYDlaABFgJVoE1IAnWgnVg PdgANoJNoqabKVJTeoiaKdcD1hNKMV9IuTWMCfJFC46U2Qomc8N3jdtAAQcE/wM7BuJVr5b3 QAqoQQxcE9QCtUEdUBe0BqeCNuA0cDroQI8dQTftowJ8VICPCvBRAT4qwEcF+KgAHxXgowJ8 VIAPQ46AIUfAkCPEYF0ihoCh4C4wDNwNhoN7wL0gEwRvCBqhH4JNx8Om42HT8bDpeNh0PEya AZNmwKQZMGkGTJoBk7owqQuTujCpC5O6MKkLk7owqQuTujCpi89N4nOT+NwkPjeJz03ic5P4 3CQ+N4nPTeJzk/jcJKzrwboevtfH9/r4Xh/f6+N7fXyvj+/18b0+vtfH9/r4Xh/f6+N7fZg6 C6bOgqmzxA7Od4LgZwM+KALFYDcoAaXga/AN+Jby3+lxsPo4WH0crD4OVh8Ho2fC6JkweiaM ngmjZ8LoCRg9AaMnYPQEjJ6A0RMwegJGT8DoCRg9AaMnYPQEjJ6A0RMwegJGT8DoCRg9AaMn YPQEjJ6A0RMwegJGT8DoCRg9gSb/CE2egybPQZPnoMlz0OQ5aPIcNHkOmjwHTZ6DJs8xFouY sQTkgXwRwxt4eAMXb+CZHfQOPIJnXs7+av0oXmEgXmEgXsE1+2jfHASG6CfwDqPwDqPwDqPM u7WPhzgPDzEUD3EeHmKovE//Vc4k5p0lPDlXD5P5+mu8RQ28RX28hY+3kHI1seZWYtRteJJC vEjwRjmf9CLYf6Rw8RYu3sLFW7h4Cxdv4eItXLyFi7dw8RYu3sLFW7ioUR816qNGfdSojxr1 UaM+atRHjfqoUR816qNGfdSojxr1rYm6xHoRvASywctgEngFvApe0xl4oAw8UAaxSw6xSw6x Sw7eyMUbuXgjF2/k4o1cvJGLN3LxRi7eyMUbuXgjF2/kotV8tJqPVvPRaj5azUer+Wg1H63m o9V8tJqPVvPRaj5azbf2gn1gPygDB8BBcAiUA2wLD5eJh8vEw43AwyXwcFko6iSKOomi9lHU STxeRqREl6Cqk6jqJJ5vBJ5vRKSMtAPgoM7AA7oo7KTt6BI7CmIgDlwA/+AZXdR3EvWdRH0n Ud9JPKVrB3+d3ozj5qAVZVuDtqS14/ws0B6cDc6hj3NJ70B+R/adRE0UehKPmoFHdVHpSVR6 EpWeRKUnUelJVHoSTzsCTzsCTzsCTzvCfpj6j4DRYAx4FIzVD+F9H8L7jsf7jsfrZuB1E3jd hP0fEbNnAWycWDAHL5ywt4gYnjiBJ07giRN44gTxYQ7xYQ7xYQ7xYQ6eOUGMmEOMmKO6UP4q 9nApWtlHK/toZR+tnMR7j0Mr+2hlHy+ehRfPUndyPBgM0ZloZl+NAg+Ch8DD4BGA7eLlXfS0 j55Ooqd99LSPnvbx/C6e30VX++hqX2GrCltFX/uoAReN7aOxfTS2j8b2UQeZqAMXdeChtX0U QiYKwUVv++htH73to7d99LaP3vZRDlkohyyUQxbKIUthfwr7U9ifwv4U9oeayEJNZKEmxqEm xqEiMlERWaiIcaiITFSEi4pIoCISqIgEKiKBikigIhKoiAQqIoGKSKAiEqiIBCoigYpIoCIS qIgEKiKBikigIhLOgyLmPATG6hzi4BxUhYuqcFEVLvFwjvMueVPAVPAemKZ91EYCtZFAbSSc laTtplwJKOX4axFDgSSImXOifUQs9pLeEcsGk8CreiCqZGDsdY5naT82G8wFuXoUKmVUbCHH +BDUioda8VArHmrFQ614qBUPteKhVjzUioda8VArHmrFQ614qBUPteKhVjzUioda8VArHmrF Q614qBUPteKhVjzUioda8VArHmrFQ614qBUPteKiVlzUiotacVErLmrFRa24qBUXteKiVlzU iotacVErLmrFRa24qBUXteKiVlzUiotacVErLmrFRa24qBUXteKiVlzUiotacVErLmrFRa14 qBUXteKiVlxRTzytr/jBG5vmGg1BX5Fh9Bc3GQPEaGOguMy4XVxpDBI3mVeLPuaQ8P1tV8he +jI5Q78pZ+lr5RZihK2kb9Mlcrt+Ru7UX8hdooH09XJZpPeJpvQSFW/r1eJzvZrehtHbMHp7 gN4eoLdr6K0tvV1Ib23prR29XUFv1ekthd4uorfO9Ha/zNEz5GdgVkWRnKOn429Wy3n6c5mr n2YU4xhBmSzU2xnFRYziaUYhGcUrjCJXODJPvyGXMjYidLlc3y5X6E9lglqr9Do8FHPFGKcz xumUvAU/lk/pCZQeLZdXVFD6H5S+Bp82jRoPUiNbNBNPi/MMTygjBczRY/GujfCml5jdibVg BnM4HnayaGHm6kvNhfpac6M4z9yrB8nOxE85wsVrnslVvE9vXxBnSbmcGGql/givGaGHCq5q JZ5zdJXnlFWxluTqtstdXJlPepHebbQRlp4hIsAGCjggCmIgDlzggRSQqnNENdBBrxUdwZ/0 AvE4GAf+DJ4AT4LxIAv8BTwFnmYeP9UbxAy9gfu4lvu41qgGqoMaoCaoBWqDOqAuSAP1QGPQ BJwCmoJmoDloAVqCVqA1GKPXG4+CseAP4I/gMfAn8DgYB/4MngBPgmd0gfEseA78DTwPXgAT wERdYJ6lPzbPBemgp55tjtdbzCy9Bcu9MXyv5rbw3ZrvMaPF2Mv12Eu53FexU+7Xl8sy7cgD FfvlwYp18pC2ZXnFDnlYp8sK0rVOsyIVOy1bX24F/6PUqdhvRSvWWTFtW/GKHZar0y2P9BTK jdQzrPvBA2AUeBA8BB4Gj4DRYAx4FIwFU/Raayp4D7wPPgAfgo/ANPCJXm99CmaAmSAHfAZm gdlgDpgL5oFc8DlYrhdYK0ACrASrwGqwBiTBWrAOrAcb9AIbW7KxFxt7sbEXuyH7RqAtOBd0 BJ30WvtS9hP0evvv4HXOp7JnPDbjsedzvgB8yfEisJLjVexZbfYakASbQYEusLeRtxccAuXg MKgAWq9V9fR6VR80AA1Bc12gWoCWoBVoDUbrBWoMwFYVtqomgcngHb1BTdcLHBPcrdc7mXqt M5L98+xfYP+aLnDeIo+yzttgI2mbAONyCsA3en30Ul0QvRn002uj/fXa2Ft6S+w98AH4CEwH M8AS/XEsD+SDpWAZWA5WgARYCVaB1WANSIK1YB1YDzaAjWAT2AwKwBawFWwDhWA72AF2gl3A 1x/Hn9Fb4s+C58DfwPPgBTABTARz9ez4PJALPgfzwQKwEHwBvgSLwFdgMVgC8kA+WAqWgeVg BUiAlWAVWAOSYC1YB9aDDWAj2KRnu5nh3/zPTrkesPaEBe++B4v6ciW8t1qXi5uIH7OJH7OJ H7OJH7OJH7OJrxYRXy0ivlpEfLWI+GoR7FpiLNBJ4pxi4pxi4pxi4pxi4pxiYpcXiV1eJFZZ TKyymFhlsfmGPgDrJmDbgiO/OyHrEZvM1dlE5o3h9k0w7XNo/2y0fzbaPxvtX4z2L0b7F6O7 F6G7F6G7F6Gts9HP2ejbbLRsNtozG50ZvMWvGD0ZvL0vqc4P31NWjIYsRhMuQq8tQqMFzzWD 55mL0D3F6J5itE6xM1Mn0TLB2/aKo711Er3yInrlRfTJYvTJYjdXH3A/B/OBr792y4DWX3se aAQa/+j3N4783sZCfSD8PQ0TVnsH/zBepMoZ4iI5U9wmZ4tz5RyRxvVPl/PwzrmitcwT1zEX 1xGvRfA8LjFbNZkQ7ZmXjXigpvjMLaITvj2K37kOv9Na7hRdaDe36lnfGfQ0l55W6glhn9+S NxTvFLwncCWqYJfOE4YxRKRz5/ODdkVHWrsWnr2GtitT2sPC+0m9DBbeDQt/G775sUgfoMWt 9LJLXBg+S0mjbKvw2Up7RnMqvZ/JWb64gJHXIy/CNdzEuHvpJXIk1zxXz7U6he9H74VvnasX UxpOQjeUcraes2Goizn44bn6S9FaWIwyAmyggAOiIAbiwAUeSBHp8iZRmzh4GjHwNFrpRPyb T0uraWk58Ww68Ww68Ww68Ww68Ww68Ww68Ww68Ww68Ww68Ww68Ww68Ww6MVk6sVc6sVc6sVY6 sVY6sVU6cVQ6MVQ6cRNjCcc6Q++hp/VcxXY5G+udo5P0OA0FVMS1jxRncK9rk7snuFquPUXU MJaKFsYy0Y6ZuS3UbL0p1Uf0kX3D9x/2kcP0fCL4L+UDukBOEOfLiWAG92GmaIWHfNe6SLS3 gre3S2q1pEZL+jmHuzlSNKWn3YE1hT1FWE9JtFIxOulAeO9XBf/pjdQSzkpD9VXM3UqFAZZT phwWKCenJCgXKB16yONu52OBK+EFrEN/Q+1S2tzNHa5JnX3kzK8qXxa0SK/5pC6l5WVc9XLS VtJ7ZYnysERgZTYl9lGivNLGgzeu0u5qfSgc1VJKdAjHuRw9FeQm9CrsqRYq7xA9VLbhVLW+ Xa4OfiIRjnMpZ8t0EfUOVV31VnK2iGashFJsNMaKqc+KqcY6yBEG29LwbedlWHmFDH7HSVLa oaTJWZKrD862Mtbt5OygjV1oTp/couBdDqyTCnIP0HpFZeusm520tguLD3R2UL8aJfZXlQje peqQuzl8cz8j04tZPa0rc+HhIHcn/Zpha7v09nANB+0F7wkvY94P601om91omeBn4Id1KUfB vdxHqUOgnFk/rPOtiC5D95RZcb2HEvlh2eUcBXN2kLND9HiYWdW6wooKk7IV5K5CG1Uw4n3k 7ufulHEfD9BiZctBjZXUKKf1ClRWOSMpthx6qOwpaGElLZRzT/czu2XM1wFqHdKamjvDvmxh UKuUWhXU0tTYGfZZgz4LZPC/GcrQ/geY8YM6EY6ynFVcoXeFtSO6gBZMWlhHC/usqE6EI4/r 1Si7XWFLNi2U0d9GWRGWLKOPjZYXzncZ9nEwvI4kOdupH4w5KVKsWiJq1WZcadSpL6pZ6Bqr oXCsRhw3Jq8Jec3Ia8F5S/Jakdcau7OsOvTQgNxT2LfkXrhWLc5q6xKrbtAWPTSgp6CtxqQ3 Ib1p0A7pLUmnHWGHpdNELGwnKNGM46CtGozLJLfQqkNKXZAmmjC+GpQspM0mjM9kfCa1Cq1T yG8KmpHegjItSWvFcevgfw/SynrGWnmF9RhrfRGpaiWovZ7xV15hc/JakFdZ2+R6a4Ha2Fwd xpxGu/W5lgb6O2rG6J/rIr8J+aeQ34z8FqS1JL8V+a25Pq5C+7RQRgt7rLogDUurR+n63M+G 3MdGXHNjyjShzCnkNwXNKNOcMqhKqxVlWrM6g/vkhvOaJmoxjmDGyhhHLcYRZxxuOLfNOG8R zmAZY6jFGOLBXRGy6u5WznPl6IPZk1V3NpzzqlGb+LN9FbtYBf2wmoZYZHdijlIs8kpiDh8L GoRVNsEqOxJz7GI19MOiGmKV3Yk5SrHKK4k5fKxrEJbZBMvsaNWqOMgstGUWTmcW2lppFWXM QltmIbifZzMTrZmJNlZjyjUh/RTKNWXfjHLN2bfQwT09m9lozWy0QQMQQ+IX0lERKaiHmjBj EK+2hD0uhDMW4AdShUdMmE9sn09sn09s35HYvgux/V+I7bsQ23chtu+CN5okM+Dym4nle+lJ Ya0Z1JpBrRnUavMzteaHtYJ3Zq8OU4+cvXf0zDSq49HbCiE64D9PE5fyPUt0EzeI9iJD3Ezq LeL34mIxWDwluhLFTxb3iBliFmfBfyx+ViwSq8RzYg3f18RWUSj+LnYYhvin4Rm1xSyjgdFA LDQaG23FF8a1Rnexxuhh9BBrjd7GrWKd0c/oJzYaAxjzJmOYMVxsNe43ssR24ynjRVFuZPON GpP4xoxX+caNt4zJhmvMMfKNFPMs82yjsXmueYHR1OxgdjBamp3NdKOVebl5hXGq2cXsYpxm Xm12M043u5vdjXZmT/MG4ywzw+xlnGP2MfsY55v9zH7GBeYg8w7jQvNO806jgznEHG50NO8z HzAuNR80nzC6mOPN/zEyzL+aE4w+5ovmS8bt5hvm+8Yd5ofmfGOEudBcZfzZXGNuNSaYO80i 43Wz1PzaeNNEQxv/MQ+Yh4wpppbCeF+aUhofSiXjxjTpSc+YIVNlqjFT1pA1jBxZR9Y3PpNN ZTNjnmwhWxqfy9ayjbFAniHbGl/KdrKd8ZVsL882Fstz5flGnuwgOxrLZCd5ibFCXiavMFbL 7rKHsVbeKHsZG2RvebuxRQ6TdxvF8j45yiiRo+VoY498VD5q7JUT5ERjn5wipxhl8iP5kXFA fiw/Ng7KT2WucUjmydUm/k8WmXgbqc36VsRKMVtYtaxTzTOtTlYn83JrpPWEeYWVZf3D7GVN saaZ91qfWLPMB60lVr451lpuFZqPWTstbU6IpERSzCmRapFq5tRIrUgd873IhshW88PI9ohv zojsjuw2Z0e+jnxtzol8G/nOnBvZGzlo5kbKI+XmlxFtG+YiW9rSXGJH7IiZZys71cy3q9tp 5hq7vl3f3Gw3tJuYBXYz+1Sz0D7d7mQW2+l2uqntS+2eUti32P1kdftO+ymZZj9tPyM723+z X5CX2i/ZL8kr7JftSfJK+x/2m/Iqe7I9WXa3p9pT5XX2NHua7GF/Yn8ir7dn2p/JnvYce468 0Z5vL5A32V/ai+XN9gp7hexjr7TXylvtDfYWOdDeZm+Tg+2d9i45xP7W3ivvsg8pIe9RceXJ +1U9dbp8ULVXHeRf1MWqs3xBXamuli+qbqqbnKSuU7+Tr6ib1C3ydXWrulX+W/VT/eR/1AA1 QL6l7lBD5WQ1XN0j31Mj1Uj5gXpA/Ul+qMap8XKu+ot6Si5Qz6rn5BfqBTVBLlLZ6p9ysfqX +pdcpf6t/i1Xq7fUZLlGTVVT5Vo1XS2Q61SeSshitV4VyO9UkTosDyjtRCzXUU7MqukMc4ZZ dZ3hzr1WmjPSud9q4IxyRlmNnIedh63GzljnD1YT5znnOaup87zzgtXMecl52WrhvOa8ZrV2 3nLetU51pjkfW22dOc4c6ywn18m12jsLnS+ss50lTr51rrPMWW5d4Kx0VloXOWucNVYHZ71T YHV0djsl1qXON8431uXOHmePdUX0wuhF1pXRjtGO1lXRztHO1tXRrtGu1jXR7tHuVtdoj2gP q1v0pmiGdW30lmgf67pov+gAq2d0UHSQdWPspdjfrZtib8betG6LTY5NtvrGpsSmWv1i78fe twbEPox9ZA2MTY9NtwbFcmI51h2xObE51u9j82LzrTtjS2LfWnfF7XiK9Wy8QbyZlR1vET/d ej2eHu9vTY4Pia+yFsfXxHdEOsTLXSvS1a3tXhi5we3u9o2McjPdv0TGu6+6UyJvuO+70yPT 3E/cGZGZbo47KzLLnePOicx157lfRea5eW4isthd5a6KrHDXuGsjCXe9uy2y2t3ubo9sdn23 NFLgfut+G9nh7nPLIjvdw56IFHlRLyVS6tXw0iJ7vUZe40i5d4rXNFLhNfda2sJr7bW2pdfG O9+2vIu8znYN7xLvMjvNu8LrYjfwrvautht7Xb1r7Sbedd4NdjMvw7vVPtXr6/W123n9vYH2 Wd4gb6h9jjfMG2Z38OZ78+2O3kLvK/tiL89bYV/qrfaS9lXeOm+93dXb5G2yr/UKvAK7u7fV 22Ff5+3ydts3pFydcqPdK6VXym32HSkDUm6370rtlHqJPVyY0TnBf0SOf1tdiFNFE/GbfPQO vUOcAgQa+kT5FfoB/ZZ+h6PR4GbdTc/S/+LID3O36LVsN1eV3XtcbT+ALuZbcjQx9fgxgAd/ dqTdwHs/ON+oNwo08Enr7ANJ/R2HLn77FuJ6oQuP5pYePdp5groL9WZdpD/Ta9jn6a9+bnw/ +3FoM7eyN77vH+nz+1Ec7Xk32KA3MWtlOkNERQRd0fRobsXPdaRL9R79HfNTcDRJkRqe6bf1 28xacAfXnbBu0HchvZfqDZxGRIw568RRm6qRLxMXARHghPXH6uB3NYTuCzrrdvp+fc8xM739 6NFx/WNri7DHnXqx/ooxlOg8YVfl7PpRySU/Owcbw9EHRx9VzUmR/phovjJ3/XHl9/Et04d0 PiWvDP5LO/rNqrTNcEYKv7ecSts/pnah3qqDv7MSxK/BeV74H9OxvaMlSn5c5yfGfcys6H// 6Ip+2afyXu0Lt9v0NuGAk/d6CByoOmknLjhp2Yn6P2yL9Re/eDw/rL1df8B2T+U8HZNzQv45 psR+/WlgWxzNCez0mLxeP1v7G/BByEjJH9f++Y9+LrAmPfmEq8b5BfVL9YzwbhT/2p6P1P+e Z3913f+p2i/4L+rmhNvVJ5wx+78bT9Wnxc/2HfiFwL8cYn0V/crW3ZPmngp+F/ZRyYoFld+q 3BP51jZ8m/Btc8wI3wy3+ZXfk9Ruf8La34VbPLAuP55Tjpaq0LvgxF2suCPzEXoA/Ua4TcKZ G+GbX/DRE0RdeOlccT3Hn4Qp3+Kdd/5038fUfgYvkiquEv05Dtc+dX39zYl8549qBl54ErWj oo4YcTQ1V88UkZ/2q8etlAjXPZj0d8PcwEccOsLjuvy42od+cPwUa7eeaCayOL48TJmNivlC T/3JvgtPnF5BP3q6vlpfqQfpq6rKvnZc7ceq9sf6SFPcJv5E3C/E0+Kv+NVnxTtY6RTxMdY4 U8wSZ4dPBM4XuWIVDJwUhaJb+Cygl9Hf6C9GEIH/TowMYm/xQBB1i1HmUPNu8RDx8xoxxlxn bhWPEkXvFE+YvlkkngxiaZFl7jP3i6fMQ+Yh8XQQS4u/BrG0eDaIpcXfZBPZRLwob5W3iZdk fzlAvGxNt6aLV4hCtXg1UidSRyy2Z9uzxRJ7of2FyLML7e1iqYqpmFgexF1iRRB3iTWqj7pV bAjiLrGJuGug2BzEXWJLEHeJnUHcJfwg7hJFQdwlDgRxl6gg7ppgCCKuSYatXlX/NKJB3GWk BnGXUS2Iu4zqaoqaatQM4i6jdhB3Ga2Iuw4bbYm4YkYPJ8WpZvRxajq1jb5OmlPfGOA0cpoY g5ymTnPjTqeVc6ox1DnNOcO422nntDfudR53xhkjiLLeNu4nmsozHiSaWmY8HMRLxiNBDGOM DmIYY0x8bnyV8ccgMjEmuhluX2NmEEsYnwexgTE/iA2MFUFsYCSD2MBYH8QGxqYgNjA2B7GB sTWIDYxdQWxgfB3EBsY3QWxg7AliA+NQoPuN8kD3G4cD3W+aKT1SepoqpU/KbWYstXPqJWbw bHd1aDFGaDEmFjMBTTJRZGPPL4s3SPkXXyXeFJPxQW9jT3ZoTzb2lMNq+wyrioVWFcOqviR9 kUiIuFgpgnc1reLrYWfrRYrYILaIU8LnT03FDvEN6/xbvs3Ed2K/aC7K+LYQB8Rh0VJUYJHV Q4tsFFqkDC3SDS3SxSKHiWrm3dilG9plDexyg6hjbjQ3iprmJrNA1DW3mFtEmrkVe20Y2muD 0F7TQnutHdpr/dBea5ra1KKmRLiLWlityZaPqI3tKo4d6Yh6Mood1wrtuAF2fKtoJW/Dmltj zf05HoBNtw5tuhE2vUEY1karUJjWdmuHsK2dVomIW6XWHtHY2mvtE6nWfqtcNLEOY/0tQ+tv Glp/o9D6G4XW3yi0/kZY/3Wiluqheoi4ul5dLyzVk/UQYT3cREqGyiDlZnWzUKqX6iUcdQvr pDnrpA91b2W1RMPVEg+eUghPDWTNpLBmfi+aqjvVYJGqhqghoqUayiqqHq6i6uEqMlhFD1Br lHqEMqPVGFIeVY8KU41Vf6CXP6o/0vJjrLQ4K+3P1HpCPUH6k+pJyo9n7Xnh2jOCZx6U+Zt6 nn5fUBPIzVbZpLysXqbWJDWJMq+qf5DyunqdkfxT/ZMU1qeIBeuTdt5Sb1FrsppM+hQ1hXam qqmUnK6mk/Kx+pS6M9QM5mGmms3MzFGfM875aj5zskAtYFR5aimjXaYStLlebaL8ZlVAy1tU Ia1tV744RRWpEuakVH1HX3vUXtFM7VPYpCpTB0QLdVAdpMdD6jBj1kqLpk4gxpo7hmOIlo7p mMLATCwRcyJORHiO7dgixVGOEjUdPiLq8BXVnZgTE/GATUSjgE3YwiZsYRO2sAlb2IQtbMIW NmELm7CFTehlibOEbZ6TJ8yAU4QVcIowAk4RLpwyj21ubL6oFjCLkDBLQ+G6jdzGwnObuBeK agHLkA7LiHqwTBtR0zvNO03U8k73Theed4Z3hqjjtfXaknumd6ZI89p57URD7yzvHI7P9c6l /HneeZQ53zufMhd5F3Hcweso6nsXexdTppPXmTKXeJeQe6l3mYjDXFeS3sXrQjr8xbar15Vt N+9aUQMWu07U9Xp414vaXk+vJyV/591AjxneLaT09m6lZdiNXvp7/dkO8AZSZpB3B2P+vfd7 2rnTG8zxEG8I5Yd6QzmG+0iH+0jZ6m2jl0JvO7V2eDtoeZfn02aRt1vUDthQyIANRbWADUU1 GOvdKjZ8hq88yoYvcvwyPChDHozAgu9wPEV8wvZTMSNkwzkcz4MDpZgPD0p4cCW8uQp+leGz dxXyoAx5sFbIg7VDHoyGPFgn5MG6IQ+mhTxYL+TBuJFqpArX6G30ZjvMgPWMe4z72I40RrLN MrLgwZ5mT2GGLOnAkoPYBiwZC1nSCVnSCzmxpllsFsOeAQ9WD3mwhnnYPCxSQgZMlZa0RHW4 z+E4JmOimuwte8N6fSScEnJfw5D7Gsu+si/p/WQ/0gMebBjyYGM5UN4u6h/lwR1CwoB7hIL7 ykU0ZL16IevVDp6sskq7q+5Chuym4LUMtgGjyZDRIiGj1VW9VW9SAkaTqq/CguG1/pQMuKx2 yGXRkMvqwWV3scLvVnezHa6GU/JedS/b+9R9bANeUyGvRat4bawaS8of4LVIyGhKPa4eD3lt HOUDXlPwWhbHlYz2P+ppjgNeUyGvyZDXomqimkitF9VLpAQcp0KOi1dx3CvqFdIDplMh09UL OU6q/8Busord3lZvc/yOwr+qd9W7lAz4ToZ8V+8HfCdDvlPw3XyOA45TaqFazHGeWsc24DgF xxVyHLBbrZDdaofsFg3ZrU7IbnVDdksL2a1eyG5xVaEqqBVwXO2Q4+qGHFeviuMUXCZDLos7 ruNyHLJSbFZstnBic2Nz2ebGckUsNh8OisUWxhaS8lXsK+GEfGTG18Q3CTNklpreOXBKqneB d6GoHvJIasggNWGQThx39tJFCtxxBSkBd1TzrvGuIaWb1x2eCviiesgXNWGKXhwHTFHDu827 jTIBR9T0bvduJ/0OOKIGHHEnLQQcUT3kiNSQI6qFHFEdjthKm4VeIbV2ebso78MO1UN2MIV5 WrXgGc2ZH1z4O3GJuPGn1Pz/zx+9mbhze+VzIr3p+KciVdHTCZ/V/UzLBXqdLg3jxdzw+cPa MLUwfJKwrOq5bND21jCKLNAJnQhLVPWlV5y09arneHrIrx/Zb/fR3fSH4f64J88nLL2ZKP3z XxbtnrSdbcceM6fbjjwV1EuY1TXM5ga9TK8+Wur7+1fraNoyXaLzUeBp1KiKFCufNv5f+cSO juOHz59dcUtl2nHP17ZXPq04Jq1Er+BaS488Vf1tP5VPu/SaI7b2w/5/OGZGcdwT9J9aS7/R yH71atRv6H+E+3JG+2WIifot9ouq8quedYRPJ/fqpT/3vPaEfWzV27DEqmdYlUfB85GjT62f J7+o8gm13kLpL6vm9Zi+9P5f0NP+I8/NftuP3vP9WPQ+5mqvPhg+mT7m6c6vfhL4/+BzxCJZ 2btOXvJIuf/FsRz3s46Tlv5AT9PvBc/oRR39mp4Wpm3Wi8P9hqOlTuobfqLl1bBFqV5ZeQc5 WhOu3bWhP5ocligJc/KCJ9V8d1Q9ZazqK1xBDcTlVWez9SL9GSXqia7s54Vp/67yYH8AfX79 CE86+koP/d7R8wH6dT1cPxn+JO2Ro6kdSaOM/ubHTM56PO4e44Fz9VeBl/6Nx7ovXD+h5QUM c/w61yXfPx8/uYX+Ouv5X/iEPy3Wz/3458N61Il+mqE3whlb/0u9tDqoFfpsr/I8TPaObPWj YeoBISt/sna0XtBXijjrR62V0F5J2EaE/eYjqeE2+Fniql8/wmPaP3pfftjS/yHueuBjONP/ O7PZySRmIlIiiEgjIiKUiDQi4m/RnFOn6lRVNpFscprI7mZ3k5ONnd0scs4555w6p+py6jSn Luc01Zw6VFNVVXXqVNOUVFWdqqo6dX7m932fXaF/Ffdn8nm++3jm/TM7u/O833dn3q/A3cf3 A1fR/sA9yS988yj/f/zlu4n8Hv2dHdGtbl++3/fV3/AD8UVfG72NT/i7bvrCWygcQzV+olfR K7/LvAXncgvyaCN/DbR4bXz335N975vvPHzLUT2j/xFj9qbAv17R/xC4ul+B7SOO8U/+3Q8c x0l9X+C69/f1pacu9F04wp2U5/shC20ORHd/oYzOs/VtHOmb7MY73/7MeZy+d9Se/7tGx/0a lT1wrRbjd6QOUHYton/t0F/WrfoevUL/nb4KuTKQaf01Av5FnGnHbRylXXfoT+gWeK/qp+BZ 4f0Ms6An9OdwZmr1x5DFn0TsEJ2tLfpa/zc20Fc3/5jT1top/TDyOb8WUzFyBa7JwJyAc5jL 5N3yfWc6Wx/dmKWvfcbk89ldYO5DvbzL78b578gF+up3/ZP4b203PqHCjw5n5tObjDL8W3Dh P31cX+lVb/MuEqf9O17f+9YaO69dw7fZ4xP6dN2tP07+a/i+1OrbyT/pv5Y5N9J9sD/dfh/U ynjdc0f139M/gtEYge8fz2ptsyk/W8GY9jbsO7Hbb+nn0G3XfCNw9/w4PZvW4n96hXIMH/GO BUr917/7X9702XqB/tK1J4/0SvCWvfw3E2K/z+qXsO9nepXeT++j1+nD8Nn/+Gtb+fVN+/E/ 4xF3x8f7my/8a/OdtvcNvSy/w/rvI08f9o+ruGqPfmX/SURP629e/wXmf7Ppr+Mqec9/FGBj b33NuPgWvgHHb/86+PdsOIafshueD8J4t+1/eTxf3TCvWuL/dYT+NRfXzgf+3NnGH1oxD/yZ /gv9czCht7/+qZSbn+dveq7x37tRvse3Atf/Hc392p45+g9seuuN/dzZ6Kyn3OnR3KT9d/28 COfzjkakO/9t+KY9nMTIetMnpv7X27ezoFvYvvKs93fs/yu/NX+HOmd5res1v+uVdTt9/be3 O/3N83buK2Au8UGASRmvtdH2S7/yzWeX+urCLPyZ81vu83Z+9/7w+t2Xtv79z8v+3037Etm4 W+/xf7JF3k6layPkLdXZyWtdH//pueWPMDO6yW++t9PXf2bDfPPCNz3BeUOpO5jH/du2djfZ H8keuX6n7n+x8fEUV9jb375+ge4z/Zfn7991RcU31G4MvB4P2EtfU6gPPbHd8fZ4Fj0Tfvxa Tb9Hdu2Jc3+PQxn70lPhX+jr2m+RbbXXf83R8CfLB/Lnzq+9q1s6ztV6I/7WB/5FHt3DaAy8 C/8RDPzKcd5GX211b4NlY8bPn1po+7Wb+PNnTLrZ79aBvv7DDPRrtxvXIPivYvEmNYLZMP6w 161ut3W/o5Xud7QxPboK/nHz6yrQV/cvRQ/g8zmg72WdWR+9KfBL6UuBX5DwDdIn3foRfutR vEz4bNu/p+kVmCP+iq8O0Oe0RUfrP/+GBoxf0+ZH32XcuJ2NuJN/5npe/zuu/QPA5hvG2DOI n2P8d7sS+vefkXEf1ffhXb2M97RPLwiUW/WFVpv1ybdxLA/rk/U1+oOBf5GnzyZvo75et9Ov U43+z1d/Dn9bAp8i7yuS3UN3POfqxRTjzzOswUx8jV6PT/19fk+C4l/43UX/l776No7zcWSm F6+9Y3hPA/nKM/400/v6H/UN+LR20k5af3Vtbh/oK/XWe/xvbzdfyXnHPZz2X6/4BD6/eenv sHVBfurCuvGzjW8oDP+KwXW+D397Yc36YFxzM1h7vdcXjuP7V/1ZI7CKVd+mH6A8x1dY8vv6 gXni9ev5K+/kBcK5yKndyEvTp6Ovibhe7tKHfKGkG/aI/hCuHXoGAHmpRT+qP6Ovw3f1tP5x YKbQl/Wm/JxMZXbe+qnQ/wqmfO0byJ9d2Ym/lus8SJ9OL9PZVDaEpVNffb/cl95BZ3p3PRjZ 4EXdp/8F5tar6bXx2r3DwBZG5Z23cZwO3akvCdw/V+CV4e9niC+hvX/SMbPQG/AJXJ+rq7fb 179pE7/i32xMDAaPMqDsSzfRYpke0GLxsvtJYSVfiBH6shLSVqkkbZUq4VHhUTZP+JHwI+Ym VRVNqBIWsWphsfA4+wVXVWFPcFUVxjVV1rAnuaoKWyvsFF5nteIAcSD7k5gqprE/c1UV1iAO F4ez57iqCtsq3i9+jzWKNrGMvSBWiD9mfxWXir9kO8V14jr2kvh7cRNrEhvE59h+8XnxeXZA 3CZuZ2+Iu8WX2CHxFfEVdlh8TdzP/i4eEN9gb4l/E//G3hYPi4dZM9dEYe8Ywg0RrIWrobDj XA2FnTTEG+LZKa6Gwj7kCijsjGGoYSg7axhmyGIfG0YYRrBPDGMMY9h5w3TDI+xTw0xDDvuM nhP/J9cpYZ9znRJB5TolQq+g54K2C/24TokwmGuTCOlcm0QYYuxo7CRkGKOM3YVMrlAijOIK JcL9XKFEmMgVSoQHuEKJMIkrlAiTuUKJMM2oS0bhYa5KIpi4KonwI65KIli5Kolg46okgpOr kghVXJVEWMpVSYRfcFUSoZarkghPc1US4XWuSiIc5KokwptclUQ4zFVJhCNSnbRRaOGqJMJx rkoitHJVEuE9rkoinOCqJMIHXJVEOMVVSYTTXJVEOMtVSYSPuSqJ8BlXJRH+xVVJhCtclUS4 ylVJRJGrkogyVyUR23FVEjGGq5KIiVyVROzLnygX75FVWRUHyB3kCHGg3FnuLA6Su8nRYqoc K8eKaXK83Eu8V+4j9xGHyP3k/mIGVw0RM7lqiDiMq4aII7hqiDiKq4aIo7lqiDhGXigvFMdy 7RBxHNcOEcdz7RAxm2uHiN+XN8rPiBO5dog4SW6UG8UHuYKIOIUriIgPcQURcar8uvy6OE0+ KB8UH5bflA+L07mCiDiDK4iIj3IFEXEWVxARC7h2iGjm2iFiEdcOEX/EtUPE2Vw7RHyMa4eI xVw7RCzh2iFiKdcOEW1cO0R0cO0Q0cm1Q8R5XAtEdHMtEPEprgUibuJaIGID1wIRt7db1e5p 8Rh/9lw8x7VAxEvK95WHDAJXATGEKr9VNhl6cRUQwyCuAmIYwlVADJlcBcQwnKuAGEZwFRBD NlcBMfyAq4AYJnMVEMNDXAXEMFM5pZwy5HAtEINJ+UT5xGBWPlMuGQq5FojhMa4FYijlWiAG h9pV7WpwqdFqjKGKK4IYNK4IYvByRRDDfK7kYVjAlTwMC7mSh2ExV/IwLONKHoZfcSUPw+Nh 48MmGlaGTQ6bYngybFrYdEMtV+8wPNV+WPthhg3tx7YfZ3iaicgeQcjlaci24UxgHfBnYBFg zUEsCiObkUWzXogn4C8YI1RfcJtkZLQQ5K6hmENkYvxtx7JIJZJnN4Wym4rsNhW1foi/9shx j6LtmWwWu5flI9+lI9/Z0E8Z/oYwO6tgd7Ef468jm8vmsU7MjWwYiWwYxjrTepYoIRyZsTcy Y29EEoVE1kfoIyQh3he5sg/lyiTKlUmUK/tSruxLuTIZuXIh6yfUCDWo+xPkzSjkzZ+z/sJS 4VfsHmEFcmgS5dAkyqFJlEP7IIc+Db8OmbQPMulLbLjQJDSxQcLLwqssVdiH3DqYcquI3JoK HIwMK1GGDaMMK1KGDaMMG0EZNoMybCJl2AGUYbsgwz7NosU6sY51Ff8gPsNixE3IuT0o5/ag nNsdOXcb8AVk3m6Uee+mzNsVmfc14H7k3+7IvweAbyALd6Ms3I2ycCxl4TjKwiHIwlEs3tDF 0IX1MnRFRh5KGbkXZeSeyMi9gYnIy3GUlxMoL/dEXh4GzEJ2jqPsHEfZuSet9BlGK32yaHXP MFrdk0WZOhOZ2s3SgjTkawH5eilTg34RtIINDHo8aCXrEPTroDUsJejJoN+yTjyPs87I48+x vlx1ilE2Z6k8m7NQns2BHY0dWbqxk7ETS+I5nfVFTm9hBuO7xndZd+Mx4zGmGo8bj7MgY6vx PWZErj+JyAfGDxA5ZTzFgo0fGj9ksvG08TS7i48BrB0fA1DmvPE8a2/81PgpC8dI8BkTjBeN /0Rfl4yfsw7Gy8bLrBMfG9CXbtRZpMQFBgZLgiSwUEmURNaX61nBD5KC4BslI0vD+BHMVEmW FNZBUiVcWVJ7qT0TMKJ0YLIUIUWwdtJdUkeU6SR1YgYpUopEy52lzmg5SopCGYw6rD1Gne6o GyP1QN04qSfKx0u9WLiUIPVGy4lSIur2lfoCk6VktNBP6ofy/aX+KH+PlILyg6RBrJOUKqUi PlgazIKkNCmNKdK9UjraHyINQd0MKQOtDZWGokymlIm6w6RheEcY4dDXSGkk4qOkMSh5n3Qf WhgrZTOj9D3pAZScJE1iwdIPpB/gmB+WHsH7miHloP1CaTZ6f0wqRi8lkgXtWCUHu1dySj9m 6dJcaR56dEsaGyJ5JC+7S6qWfKyjNF+aj6NdINXgvfxEWoR2fir9FC0slhajhSXSErT/c+nn 2LtUwjeKj7Isio+yrA9G2d+wftJqaTVLxlj7W8RrpVrWWfqdtI4lSU9JT7FUab20Hme4TqoD /kHaiM8LIzFqYSQGYiRG+b9If0EL26QXEMF4jJIYjxF/RdqLyKvSPtafj8qIvym9ifhh6S3E j0pH0f470jvoq0V6F70fk46x3tJx6Ti7R2qVWlEeIzfKn5JOoYUPpQ9R/rx0ASU/kz5DyX9J OusczG9Q9OFjOUvGWB7N+gV3D45hUcE9guNY/+Cewb3ZPcGJwX1ZEsb4FJYaPCg4lQ0PHhyc xgYF3xt8LyLpwRlsMMb+TJQZFjwMe7OCsxC/L/g+tDk2eCz2jgseh8j44PFoma81EzgzYH05 MwCCGQDBDIBgBkAwAyCYARDMAAhmwEhPjJGeGBDMgPXmzAA+mAFL5cwAJcEMEAEzAIIZsP6c GbB7wAw2oswz8jNsMPjBs0yVG+TnUAYsAbXAEhAHS0DJl+WXgXvkPYiAK6BfcAWUfFN+k/WT D8uHUR6MgSWDMTQj8o78Dva2yMfhfyR/hF7OymfZcM4hWD9wiHTWOWRIyBAWxZkE68OZBHww CSCYBBBMAvGHQh6CPzVkKusPPvEwSw2ZHjKdJYc8EvIIGwxukYPWTCEm1jskNyQXPngG6wee 8WsWFroqdBWTQn8T+hv4q0NXw38i9An4a0LXsgjOQhB5LfQ0E0P/EXqeSZyLMJFzERbGuQiL ABcZh8j4diaWwRkJG+BfDccZCRM5IwGCkQB/q/yWdVVqlVrWXfmd8jvWXlmnrGPRylPKUyxW Wa+sZz2U3yu/ZwZlg/IH+BuVjSj/jPIMymxSNqHMn5Q/wd+s/JndrWxRtqDMs0oDymxVtmLv 80oj6waW8wLi25XtiIPrAHcpu4AvKrtZF+UlpYnFKC8re1DyFeUVlNyrvIoe9ysYj5SDyiG0 DD6EXo4oR4BvKUdRpll5B8fcorSgnXeVY/CPK8dRvlVphf+e8h7aPKGcwF4wJ9aTMycWAuZ0 mvVS/qH8gw1VzigfwweLQvwz5TPgReWfLEG5pFxC/P+Uqyxe0TF17AVeFcri1XaqwuJUbIiE qWFsKJhWJ0Qi1SiWwPkWCwHfigZ2V2NQBqwLe3uq8cBeai/Wj3MvtAPuxbqBe+1hXdRX1L2s h/qqivcLHrYf7byu4l2rB9WDLFr9m/o3RP6uHkFrb6lvoUfwM0TAz1gC52csgvMzJnJ+BgQ/ YyLnZyyC8zOwLVHsR/xsNPEzkZiZFOBhfgbG+ZZCfIuvlXoYyJnWGGJaY4lphRPTGk9MqyMx rU7EtCKJaXW+YQ2zkdYwB9MaZiOtYTbSGuYQWsNspDXMRlrD3I7WMBtpDbOR1jAbaQ2zSmuY jbSG2a/lYKQ1zPfRGuZxtIa5A61hvp/WMGfTGubv0RrmCbSGOUoQhXasC/ifCgwXuoB1dRW6 gnVx/pcG/vcASxcmCVPYA8JDAq5M4nxDBLNgZoMFh+AAOoW5LENwCS74VWB+Q8H8fgL/p8JP UZ7zv8Hgf4+zYWB+q1kWON8W4LPCs+B5DcJfsZdzvgeJ840gzjeSON8ocL4BzECcz3AD2zOA 7Y0mtnc/2N73iPPxVdZBtMq6Pa2ybk+rrO+iVdbtiRF+nxjhveJPxEUsk6uRsknEC7sSC+wj /lH8I+stbgULvJv4X0/if73EV8VXwRQ58+shHhQPIv4m2F4PWrndTXxLfAec8l3xXSBfxZ1E yhaJ4gnxfUQ+ED8Acn2LaFrdHSd+JJ6Fz9d4x4ufiOfh85XeCeK/xCvw+Xrv7uJVUWfRtOo7 1iAYRPh87Xe8wWjA/IBWgMfSCvA4QztDO0Tag3EmE+McQIwzhRjnREM3QzTinHcmG3qCd/Yz JIB3JhPv7G9IMiTBxx9woGEQG2hIM9wLP92Qzvoahhgy4HNWeo8hE6w02TDcMBztc1aaTHz0 B8RHJxMf/QHx0cnEREeDg65gCtjnGv5/boJ3RgbVBj3DuhD7TAtqAPscAva5mw0NeiloHxtO HHTkDevSjbQuXaV16R1oXfoEYqVjiZVm0Rr1ccRN04mJSsRBJeKgCrFPidhnpPGs8Sy45jnj J4hwxtmJGOdYYpzhxDgjiXF2Nl41XgVj4JxyNHFKiThlOHHK0cQpRSkcnFIiNikRm+xMrHE0 8UWJmGI4McXOxA5HEy+UiBdGEi8cDS54L/ZyFhhOLHB0gP9lSVkoOUIagZKcBY4m/icR25OI 4UnE6sYQqxtLrC6cWN14YnUdidV1IlYXSayuM7G3ztIKaQUbKj0uPQ4OxNlbuvSk9CTLkNZK axHnvG0Q8bYsaYO0gY0ixpYqbQRjy5CekfCpEW8bKtVLW9hwsLetiDwvNbIHiLcNlbZL21GL s7dUaae0E/Fd0i7UfVHCWEV8Lo343FDpNWk/WnhdwnUtvSG9gfKHpEMow7ldGnG7ocTtRkrN UjNa4AwvixheKjG8ocTwhhHDG0UMb5D0gfQB9n4ifYJ2OLcbJF2ULiPCGV4aMbz0YDFYZA8E hwRjDh0cERwF5GxvKNheHHzO84YRz8sKTg4eAA7H2d5IYnsPEtsbQQwvixjeg8TwRgYPDx7O ugSPCh4F5DxvFPG8kcHZwdlok6snqKSeYCT1BJXUE1RSTzCSekIIqSdkk3qCkdQTjMGPBj+K 3rmGgpE0FFTSUBhHGgodSENhAmkoRJGGQhRpKBhJQ8FIGgpG0lBQSUOhww0aCippKPhVYVTS UIgiDQUjaSiopKFgvEFDwUgaCippKBhJQ6EDaShEkYaCkTQUVNJQiLpBQ8FIGgoqaShMIA0F I2koGG/QUDCShkI70lBQSUPBSBoKE27QUDCShoJKGgpG0lBQSUPBSBoKRtJQUElDwUgaCveR hsI40lDoQBoK95OGQjZpKHyPNBQmkIZCFGkoGElDYRxpKGSThsKEGzQUjKShEEUaCkYw9U4s HRy9BzBWHsiyiIsPl0vkEjYUjHwOy5CtspWlyTa5DNzXLtsRd8pO1oU4eqpcIf+Y0W948F3y PCDn6yNlj+xBOwvkBcDF8s+AS+RfoLVl8i9RZrm8nA2SfwUeP1R+Qn4Ccc7jh8lPyU/hSDbI G1DerzrDmf1IMPt69MKZvSI/J29FC8/Lz6PWX+S/sBHyC/ILiLwov4Tjb5Kb0AJn9l1IpSaV +H2GfEg+BOQsfxSx/Az5bfltlkEsP5X4/VD5ffl9RD6UP0TvnOuPJK7/oPyxfA61OOMfKn8q f4oyn8kXWQax/+EhGSEZYPOc/aeHjAwZyYaFjA0Zyx4IGRcyjmXRTCAjZGLIRJThM4H0kEkh k+A/iJlARsgPQ36I8nw+MJLmAyNoPjAqZEbIDNYl5NGQmSiZg1lBWkheSB4i5hAzG45ZwarA TIDPAdZgDrCWZgK1obWIPB36NMsMrQ+tB24O3QzcEroF2BDaAGwMbQRy1Yz2pJrRnlQz7iLV jLtINaM9qWa0pxmFgeYM32+X266I3dtuabvHWWa7unY72CTS1AiiWUQQZg5WsHM+N+hDc4Pe yh9obvBHpR48m88HetBMoA9mAs/Cb1CeAxffpmxDhM8B7lZ2KjsReVF5Ceyc8/6exPv7EO/v Dd5/AJE3wP57E/vvpbypvInynPf3Ud5WmrH3HfD+XuD976I1zvt7Eu/vQYz/buV95X2WrHyg fAD8UPkQyHl/CvH+icrH4P33KOeU84h/qlxg/Yn930PsfyCx/xTlc+VzRC4r/2J9lSvKFZTU FZ2lgFQK4PGiamDJapAaxPqqoZgb9KdZQQrNCiaq4WoH7I1QOyLO5wYD1S5qF5Tks4IUtYca i/jdahziPdWeaC0eM4RomiH0VxPUBHYPzRMGqIlqIvb2UfthL9cxSSKFpER1gJqCCNc0iVVT 1TT4XNkknpRNYknZJImUTWJJ2aQ7KSRFq6PV0UCucpKk3qfeB59rncSp49Tx8LniSXdSS4om 3ZNupJYUTeon8aR+kkRqSYnqFPUh0kyahvjD6sOIcD2UBNJD6a7OVE3Yy1VRkkgVJZ5UURJI FSVOLVKLsJdro8STNkosaaPEqfVqPWZBfF7UE/Oil1lXzIvwfVBfU1/DzGc/5kI9aS40kGZB EzELeht+s9qCM8bnQgPVY+ox+FxjJZ40VrqRxkoSaawkkMZKPGmsBDGh2/loDVRUMSxi7zJm ssEqYPNgPtgi2NK2V8FmwusK2GpYLWwDbBNsC6wRtgPWBNsHOwg7AmuBnYCdhp2DXWSiVyNj pitkoncBbDFjuSIMqTs3DNYR1hUWC0uAJfuPKzfFfwy56d/wmoW2luF1jN+oTjZsEmwqbAYs z3+8uUWB1zkwO2wuTPO3FXgVvStha/DezbBi+OvaYn6rg9UHYg2wbYH4roDtCdh+2CHYUdgx 2MlA2TNUnuUu8B8HP0+5/Fwso3PuL3sedgmxlTBedh2sDlYPawj0fTXwXrfBdsH2BN7bfv/x VAcFLBSxQ7CjeD82WEWgPm/7GOwk7AzsPIz3iXbzgmColxcOi4RFw+ICr4nXy+f1h6UGXkMD 9VJv2J8BGwEbC5sAmwybdv2Vf355M2H5sNkwy9f8+4uvYjU/JifM5X9veV5YTeDzvgWj7/wN lrckYMthq2BrYethG2GbA3H+uhW2HbYbtveG+gfIxGp+vg7Dmv32lX5auQV1yJldytxrcmVL AzDMso1wF7CjZQ+wq2U/MNZyCJhgOQpMthxzr+G1PEm5KZaTngE5llLJvS7HWaq463LTLWcI z7f5WZZL7jq+15OW4yqNcNfnjrFcddf7/QB6S6PcDbnZ1iDgJGtom59N/lRrOHCGNRKYZ40G Flnj3A28licTGAO/pjTevS13jjURaLf2B861prq38bhnVM6S0iT3rlzNmgFcYB3hGZ+zvHSA e0/uYutY4DLrBMLJwJXWacA11pnAddZ8YJ11NrDeanHv4bU8E3MbrE5tds6q0jT3/txtVpd7 f87a0kz3IY6eKcBR7qO5u6xe4B5rjfsoj3im5+7ncf/enPWl493HcjaWTnSfzD1kXQI8SnjM utx9ksc9JkJzzubSKe4zuSetq4BnrGuB58m/ZF0PvGrd6D6TF2TdDAy1bm3DcOt2T3FepHW3 x5aztXS6+3xetHWv+zy1dikQibMeACZy5BFPRc72UpP7al5/62FgqrWZED6Pe+bl7C41a0F5 GdZWLYj7Hl/Obusp+HtLi7XQvBHWs8Cx1gvACeRPtl4GTrMx4EybBMy3KcDZtgjyo7RQXtez KOdAqU0LzzlcWqFF5llsMUAnocsW41ma57XFa5E5zaXztOic1lIfjqHGlgRcYhtAyP3ltjQc yanSRVpc3ipbZhuutY3S4nLOli7VEh9zVqYRZhKOAroqxwO9lROBNZVTgEsqpwOXV5q0RF5r YctjqyrNC0/kXChdofXPuVy6Wkt9bG1lMXB9pY2Q+xsrK7RUvnfhaRMrrXUfemxz5Tzg1tLa hef8aJJKN2gZj22v9BEuAu4mfzf5eyuXAg9UrgAerlwNbK6s1TJ4rYUXgZvgK6VbtBGPtVZu AJ6q3AQ8W4kIjy+8YooobdTGPnahkuPlyh01oimqdIc2oZhVNnEsziR/H1CqPAhUKo8AIypb gFGVJ4Axlae1CbxWjVwcX3muJswUYzJrk4uTKi9qk03xpU3aNI7V4aak0n3azOIBlVeAaS5R m8kjC5v88QAOKD2o5ZvSSo9os4szXXIbjnKFabN5vKYjYVdTZmmLZike7+pI2LXNn+iKBU5x JQCnu5KBJlcK0OxKBxa7smpii22uMZ4BplGlJzRncYUruyaBWnMFIvNck4A+jjyysNE0vvS0 5i1e5JpKOOOaz+M1yaaJpee0muKlrjythvs1KcUrXEU16aYppRe1JcWrceaBrjltfq3LDtzg mgvc5NKAW1wLgI2uxcAdrmXaEl63Jss0vfSKttxksojaquIm18ov4T7XGm2VyWyRtbWmYkuY tr74oGsdYV2bf8RVr6032SwdtY3FLa6GNjzh2qZtNFVYumqb89bbxgM32iYCN5O/1TYFuN02 HbjbZgLutZmBB2zF2mZey7Mi77DN5lltmmeJ1baafJYEbXtes60C2Ep4ivCsbZ62ne/11JoW WZK13aZFNh9H7uddsC3Smk1LLSna3rzLtqWEK4Ct5LdyfxazrQZKtlqgYtsAjLBt0vbyWp4N phWWdO2AabUlSzs8K8q2BRhjawTG23YAk2xN2mFTrWWM1jxrAGGabZ9nk2mDJVtrnZVpO0h4 BDjK1qK1mjbYTsAfbzsNnGg7B5xiu8jjlmzPllnTbVcQMZWJnkbTJssk7dQsc5kMLC4L006Z tlim4lMAenbMspV19DSZGi0zUL6irCtwXlksR8sMtDOP4oSmHZY87aypyVKEY/OVJWjNeZs5 zlpUlowzg7hn36ylZSmeg+QfMe2zzNEuzFpRlk6YpV1AeeCs1WVjgLVl2cANZZOAm8qmAreU zQA2luV5WmbtKCvynEA7du2yqbZsDrDJMhd40KLheJrK7MB9HHnEc9p0xLLAw2YdLJsLPHId KX5uVkuZ5rk460TZAs8VU4tlsUeadboMyH2vaGopWwb/hGUZva+VhGuA58i/WLYOeKWsTmvO F8vqgXJZAzCsbBuwY9kuvHfUxfs9bVnpUUznLGs8Efldy/YAYwkTCJPL9nsiTBct6zxRpiuW Ok9MfoptIjC97BAwi3BM2VFPTK5oqffE52eXHQNOIpxadhI4o+yMV+acxBuWn1d2HvwE3MDb Mb+o7JK7IX9O2VWg3R7kH8G9Xfk46I3Nn2sPdZ/J1+zh7jN8JPIm5C+wR/JRyR4NxFjjTc5f bI/TgvKX2RO1IH69eFPyV9r749rB99abnr/GnqrtzV9nzwDW2Udorfn1lmxvFv98vWPyG+xj tQumffYJQJwHb3b+Nvtkfk7s04D+d7rLPhO4x57vieEjTs2Y4tOuXVoiz/w12cXnXHu0jOKL rv3AK65Dgfw8iWe5mqklouuoZjFluo4BeZ6ZUSK7TvKc4zoDRCapySsJc53X1pd0dF3S1ufv t13xbMk/ZJ/tnZR/1G7xTs0/Znd6Z+SftLu8efln7F53Xf55e427Pv+SfYm3CGWWo8xV+yrv nIIg+1qvvSDUvt47tyDcvtGrFUTaN4NfHbBv1cILou3bvQsK4uy7vYtzmu17teiCRPsB77Kc jfbD3pU5m+3N7jMF/e2tntUFqfZT3jUFGfaz3nV+vlEwwn7BW1cw1n5ZW8IZhbe+YIKDeRsK Jjsk/ik4lGsje8E0RwRwpiMKmI9j21Yw2xHj3VVgccR79xQ4HUne/QUuxwDvoQKvI817tKDG kek9VrCEc9qC5Y5R7j0Fqzh3KljLWUrBesd4cFfijQUbHROBmx1TwOL4d+NkwVbHdOB2h8l7 pmC3w+w9X7DXUey9lHueSh5w2Ny7Cg47KrxXC5o5cytodcxDL6ccPuBZzlELLjgWAS87lrr3 mJljBVByrHafMSuOWmCEY4P7vDnKsQkY49iihZrjHY3AJMcO71zzAEeTe5c5zbGvOsic6Tjo 3cbPQHWoeZTjiP+7XR1uHu9oQTsTHSe0IPMUx+nqSPN0x7nqaD/DNJscF6vjzGbHlepEfl1U 9zcXO0WwdHD16lTCDLPNKfsZePUIwrGEEwgnUy/TCGeaK5xh7gbzPGdH9zazz9nVvYsz6up8 8yJnbMCfTWjh11e107yUziT4cLWL0MuPqrrGvMKZUF1D/hLC5ebVzmT3MXOtMwV8GKy4epV5 gzPdz4Gr1xKuJ9yYl2gbgHO1yZkF3MKRs9bqzYRbzY3OMX6mWr3dvMOZ7b5qbnJOAiKOyD7n VD9rrd5NuJfwAL/qqw8TNvvRfNA5A1wUjLS61XzEmQfmCV5afcrc4izSos0nnHOAp512cM5V zrnglvxzOUt4wXzOqVVfzrvgXICrm2fmZvNF52KMnhecyJ/mK86VPmaqda7hI4JznU8qFJ11 nqZC2VnvUwrDnA2+iMKOzm2+qMKuzl2+mEBup+xdGOvc44svTHDuRza+4jzkSypM5pmwMMV5 1DegMN15zJdWmFUm+jILxzhP+kb5OUBhtvOM1lo4iY8yhVN53i6cwcfowjzned/4wiLnJd9E jM4YbQvnOK9i1EPW8k2ZtaE8yDel0G5b6ps+a1R5qHaqcG55ONrXaFz2lUeinQXl0Wh/cXkc cFl5IkbzTeX90fLK8lT0uKY8A7iufAT6rStHDiysL5+ASEP5ZOC2cmS/wl18pCjcUz7TZyrc X56PcwIu4b1aeKh8tncbf3c+c+HRcos/0/qKC4+VO9HOyXKXJ4aPyD5b4RlLka+i8LxlsW9e 4aVyr89XeLW8xreoKKh8iW8pP2++FdTO6vz95ct9tUWh5at8G3gO920qCie2A87j20LYeI3V WJJ9OwibCPcRHqRjOOLHosjytdqBoujy9drhojjORjgz8bUUJZZv9PsY73jkBOcbvtOzzLYr vtNF/cs3+3mF7xzhRXoXV4pSy7fOF7k/X6bI6aKM8u3a2aIR5bvBKMAr5ocVjS3f62cRvhbC JsKD+CwOaJeLJpQfBk4ub/aP+L4rHOd3LJpW3uof5ed3LZpZfsrDivLLzwIRR2R2+QWPxM/e /FjCBMJkPk7NT+GId01YZCm/jLEbI/j89CJnBcNIjXF8flaRq0LyRBV5KxRgTUUERrHsiihP PB+j548hzKbz0FS0pCLGIxUtr4j3RBStqkjyxBStrRigbS5aX5E2f1JJV9fVmqKS2KqgBWtL EqpCgclV4drMkpSqSC21JL0q2n2oJKsqrmYOyiRi75iq/jX2kuyqVOydVJWByNSqETVzS2ZU jcVsKL5qgjatJK9qco1miqqapk0oKaqaWbOgZE5Vfs3iEnvV7Jplpswqi2YpmVvlnH+0RKty 1awsWVDlrVnjnx2YJlbVaDUli6uW1KwrWQb+X1eysmp5TX3JmqpVmMcVV629xsNL1lWtr2ko qavaCL/+/9n7Gqg4snrPW0XTdBimYZgMgwyDDEFEhkGGQYx5GBkkiBmobhAzkcGIBKqrqrur mqY/qjukhzDQfJjNMpHFPMTIYkSMiJGTRYaNyCLyInJiTuRhXpaXEzGbh2wOxixms3kxs/97 q5p0gHHieW/P2XM0//O7t7r61q378ft/3Juq5vCIP9w6enis7Zz13OGJtinr1OHptvPW84dn 2y5YLxy+2DZvnT+80HZFWYFa0OFFWHMpKx2yprBeObzUdk1Z5VmvwZk8643Dy7Dmwr7+hqXi 8CqkVw+vtd203jx8r+229bYPtU2Zl3DJqmiftrHQetcX0XZXWWeZXb7o9fUsWWNaH+B1JawE e/GKzxe7fvcqXwKkZK0kanzJsGJS1jhnYY15TAw/PPBWqnnNl9ZYKEb5MtseiDG+HFhnwQi0 a8R4X64Sq7SHi0m+/EabmOorahwQM3xMe5SY7Stvj1HWg+IuX0V7vJjnq2on6/H2VLHQx8Ka GlbW7UqaLRb7LG/O4xV0+y6S5uH0SDk5LiR3KVZSscxnb9wl7oc1V554wCc3FuL1b3uZWOPz qcf7SXoAx0vtNepIwuq1XcBp03bcqpbtouBrbrfh43YXSRtEm6+jsUZ0+Tph9Qpr2PYmscHX raxY29tIeoykXRafrxdGrMnXD2kbTvEa8601nLb3iMd8g8q6sr1P7PINNzaJPb6zkMJ5ONPn G1fWmO0DJB0i6QiO4trHSDpB0mlxwDcJK0dYP7bPikO+GVgnwiqy/aI44ptr7BPHfJcgnfBd hjGf9l1tGyXzskDSRWDF9bcaxFnfSmObeNF3q7FHXPDdgZKLvvuNqdyQnNuyj6wdiD8itiux cZEbkfNbKrkxuailuqpDZpoecBNyOV7fyRUtHDeNUziuahG5WZltcUBqWU8vyvYWL7cgyy2N 3CJctaCs6bgl2dfi55bl5paj3Krc0XKcW5M7W05wE9h+4vTIZe6e3N0cgVdnLSdJeupghdzb uMQjub/lNK+VB1tOV43Lw0dW+Aj5bMsZPloebxkl6TliJ6fUtRWkLef5WHmy5YKyzuIT5JmW eT5Znmu5wqfJl1qu8Zny5ZYbfI58FdJM+XrLTWIzb5P0Lp8rr7Q8gPSWX8Pny3f84XyRfN8f rvgUnvHQ/ig1Lffo/DF8hUfvj+erPNvfSuVZ8EfJvMUT15jN2z2J/iRe9qT4U3mfJ92fUXXL k3Ukmm/27DwSwXd4djc2YTvZ3ItTf/aXafCGcOwpaO5VIjeW9ez17+I7PUZ/XlWzZ5+/kO/2 VPqL+V5Pdcs+7qKHa/Hy/R6xxc8Pehz+Mn7Y4/Xv5896Gv0H+HGPv/EAPymX+2seqW3Gc9Qv 8HOe434bf8lzwu/iL3tO+hv4q55T/ib+uue0v41f8ZzxH+NveUb9Xfwdzzl/D3/fM+XvE2jP eUh1ngv+GjXVe+YbR4Ttniv+ASHOc61lXkj03PAPCSmem/4RId1z2z8mZHnu+ieEnZ4H/mlh t1fjn8Xz678oFFTd9y8Ie73h/kV+3As2XzB6Y/xLytwJ+7zx/mWh0pvU5BWqvan+VYHzZkAq erP9a4LDu8t/T/B685ozq+a8EGMIjV5YZwl+b1krEo5697dqhePeA5CekO+0RggnvTVv3RNO eYU354XTXltrtHDG62qNFUa9DY27hHPeptYEYcrb1posnPcea00TLtj8b6UK896uluPCFW9P a6ZwzdsHJW94B1pz1Lvc9A615gq3vSNN54S73rHW/KoOfqZxWnjgnWgtqpr0TrcyZo13trXc HO692FphjvIutFaZY4S41qqqy97FVtYc711qtXyZ9i4fSTYneVdb7eZU71qrbM7w3mv1mbMP odZm865D2uYIc94hbWuHsuo3Fx6KaO00Fx+Kbu3G0UtrL45SWvvxLkrroKJxZAejHEcUR1Y2 aIdD2StQdgZah81lh2Jbz2L/3jqO1+Ctk5iNrTPK7hC2D0cum/fL5VA/2asxHziUcGSQmz2U fGRQ3b3B+yor5hpbSusc33korfWSsuo3C4cyWy+bbaDLNKLRs9Qt6g8IUX+k7iCaukf9K9JQ 79IU0tKhtBZto5+gI9ATdBT9FHqSfoaOQZF0HP0ceopOonegp+lU+iPoGfob9DfQsyFFIZ9F saHG0FIUF9oQehjFh/4i9BcoQV+jr0Ef1LP6r6JEfbe+HzH6b+t/gd7Q/zoyFDVF6iOz0A8j syNz0QK0pgxpyNuTehSJtqGnUDl6Au1D1ciAatBXUCX6D+gYakad6FfIj/4R/QbNot9S4ejX VAT1JHqXiqSeoSgqjkqldPgpRupZqoIyUfEUT/mpNKqN6qKKqBPUN6jPU/+F+iX1Rsj3Q75P uTQOjZNyaxo1TZRH06b5CtWgeVvzNtWo+Zrm76kjmm9qvkU1a4Y1Z6h2zajmHeqo5iean1Cd mp9p/oF6m7wf16W5pPkV9TXNVc016u81NzS/o3o1v9f8nurT/FHzv6n/jJ9po06FPhv6LPWd 0H/W6qhBbaQ2g5rXvqx9mVrTvqLdSf1R+6q2gPpX/AYA9a62RMvQGq1R+zqt1X5By9J6rVkr 0vFam7aBTtS+qW2jX9J+VXuC/ri2RztAf1L7Xe0Zei9+1p4u045p/5H+nPay9jJdp72iXaLt 2hvaG/Qh7Yp2hW7Q/kG7Rh/GT03RR7R/0j6g/fipKbotjA7bRreHPREWS78d9nxYIv3NsKSw DPpbYS+H5dFnworD3PRkmC/sG/TNsL6wvpCIsP6w74Q8GTYa9k7I0/jvPYU8GzYV9tOQ+LCf hc2FJOBnd0JSwq6F/TYkO+x/hP0hZGfYmo4O2aOz6O6GlG/7xDZTyG8iX418VYPfibKgNkgj UAJ+OzifBugBcYDdKEW8WuArLCuYEa8XDIsr4i3xzmeXxPsSXbBSlidlSTul3Xt2SgXSXsko 7ZMqpeqSwZJJSbfnmqTfc37PDWm7FCclSilSesnkninglgaYfosw/Y+Iot6l3kU08DqKvEv6 PHk6FNHfo7+HKPr79PfhuzP0D1EI/WP6xyiUPB2qpX9J/xLpyLtA2+hf0fMonDwXGkGeCH2S /g39G6Qnz4JG0r+nfx/4uz4hVAi1/tfMQkO0KCYkIiQCxYbEhMSgD4TEhsSiOPL05nMhqSGp 6HnyjlBCSG5ILkokbwe9EJIX8ipKIm9TJJMnNz4E7Y+gosnI4RSJeahBzBMLRYjBxP3iAbFG FESb6BIhchKbxDbxmNgF6BH7xAH4JIhD4og4Jk6I0+KseFFcEBfFJXFZXBXXxHsSEtckrbgq RYizUoQULcVKCVKylCZlSjlSrpQvFT0iMxIjlUsVUtW6sJJFsktykPikZqlD6oSz3UEyJ12C 1CL1Sv3SIOQBGZbOSuOQYpmULsNVRXCPq9J1aUW6BVfdgRrvS902WrLYdDY99J/aNgJziJ9g ABaB1cBjEgsSguJBNCgFfRiFonSQMPRREPx89y6wL7kg4Wg3yBOoAO0hb9i9BrZHebfuC6iC vFt3AOqrAXkacSDbUT1yoGeQB3nRs+hNkA+gt0DiwCq9jZ5DXwN5Hn0dJAF9Gw2gD6LvgbyA hkGS0DsgO9B/BUlGPwb5EPopmob2zYKkkr/S9xF0Gf0TSkP/DJKOfgvyEvoXkAx0G/0vaPtd 9H/Qy+gByCsUTYWhbCocLOAu8kz334EFjEK55Jnu3VQC9QL6FLWD2oE+Td7sKwCbaER7yF+w KqS+SFWhz1DVVDV6jTzfXUze7CuhLJQFMZRESchAOSkXMlKHqSZUBhbUj/aDDW1HX6C+Qh1F b1CdVCf6Inm/7wDY0zH0JWqcGkcHqUnqv6Eaaob6B8RSP6d+jjjqF9Qc4gl/zWAFRGTRwcQh iTxDZ9O5dTKqI8/N1esadY3IoWvWNSMnec/FRZ6Sc+sGdN9BHt13dd9Fh2Bub6A7hPs5+JdW rAmAZEAaIBOQoyJXRT6gCL1uTbamWTOtOdZca761yMpYy60V1ipIWavFahdvW2Wrz9ps7bB2 WrutvdZ+66B12HrWOm6dtM5Y56yXrJetV63XrSvWW9Y71vsiLepEPch2MU5MFFPEdDFL3Cnu FgvEvaJR3CdWitUiJ94VRdEhesVG0S8eFY+LJ8ST4inxtPhAPCOOiufEKZDz4gVxXrwiXhNv iDfFm5JGCpfw+wh0qCW0Hlzht/SngLE08PPfi98lIJGE5VGE5U8Rlj9NWL6dsPwZwvIYwvJY wvI4wvLnCMvjCcsTCMs/SFieSFieRFi+g7A8mbD8Q4TlKYTlHyYs/wiaA0kjXH+RcD2dcD2D cP2jhOuZhOsvE66/Qrj+MeA6jXIIvz9O+P0J6nkqAXiPmZ1LmP1Jwuzd5J2FTxE25xE2v0rY nE/Y/Glg82HQgTepN0EH8JsLnyFsLiJs3kt9lfoq6APmdDF5Z6GEsJkhbDZSc8DjMuoCdQF9 Tvd13ddRua5P14c+r/uB7gf4ndyoxqgOmKcIGPsnEFU/j5BlEDAMOAsYV89NAmYAc4BL+Jzm Kcvp+iGx6M+DlGGcey1n6kcso/VjYvmjwOcs5+onxApAldOIYZmqnxbZPw9cxnK+ftZyof6i aHkI/NkyX78g2gGyc5/lSv2i6PvzIGWanZWWa/VLYkf9kuVG/TLBzfpVsRPQ7bhOjnud1WK/ k7Pcrl+z3K2/Jw4+BPk87BQtDxxIPPs+GHc6xEmn16pxaAnCHRHWKEe0OKMAH+O+iXMPgT9b Yxyx4iVHLM4J4h0J4uX3By5nTXIkW1MdaeLVR2HNcGQG6g2GNduRI15/COsuR+7jwD7vibLm OfKthY6iLVHsYDDsVzwxGNYyR/ljYb+jwnrAUbUJNQ4Ww37NpbEKDsvjwH7DE2+1OewELodM 0ODwYdhvepJwXnddTrQuOC5bmxzN1jZHx0bYb3tSrcccne8H+11PBqmjy9FN0OPotfY5+h/B gGNwE4Ycw49gxHH2sTHmGLdOOCY3YdoxY511zG3CRcelR4D7/RgQV5yN1kXHVeuS4/qWgO/E W06/eMd5lJRbdqw8FlYdt6xrjjubgOu777gq0c7j1nuO+48DSec8ISInvQ6tUxcA+V4P2O48 SY7jnKekROdpMcKpJ+3dACnFeYa0Idq5/f0gpTtHpSznueDrxVhn3CNIcCZuAr52p3NKTHam SLud50le4LywVXveC2KaM13MdGZtQo5zp5jr3L0J+c6CYEh7nfMB2/6ILVZtZcDGSUbnlYAN kvY5rwXbkXWeBM+rOifrY1TpvLE+ttXOm8FtIrbkAdgU0P16jWID6sNVHQa9qo9ydGK/gfle HwOI92QH+FyfBDncB38vcc7bkui8KzmcDySvS4P9i9ToCsfncd8kvytKOuqKwfZVOu6Kx3ZS OuFKkk66UrEPkE65MrBtJ30GvkunXdkB+yydce2SRl15uN/SOVchHgtpylWMbSeuk+C8q0y6 4NovzbsOSFdcNdI1lyDdcNmkmy4X8ZHYB2GfgMfwNvhJ1Z9Jd8H/BMb5gSvGpnE14Drwd7Zw V5MtytVGfE/A1wbN0XqdGKpPCfgC3CbsG20xrmO4bbZ4V9f6POPyMHd47olfBp+H+2ZLcvXg c7ZU8OFnFGB/jcf3EUwpfpn4LOyP4T4BX4xzAuAP6dsGH4tzDFtG/RoG9rEBvxqALduhxQj4 SOIzVd8Y7Csf8ZGqnwzAtgv8IMwx8X3gD215jkwMwlvs57IVrNssgK3Q1UfyYteArcw1RHQM 7Idtv2vEdsA1ZqtxTdgE1zQ5DzqM/QfRW9AjrE82m2vW5nJdxLbI1uBaIHqh6kHALmJu4Xqw nbM1gX0K6AieL7Bb+PqADdykWxv0KmBf1nUL1wF209bmWiRzfsy1FLielAd9s3W5lm09rlXc blufa8024LqHbTixSbgPQ25kG3FryXXvZ4PUdtnGVDsesEv3g8qobSZ93WCP1/sDdjiA97R1 72FPbRNqPu1MwX0KYJOdDLaV2D4GbGSQPSRzj+vBZbBtgjGwzTqn6lM9u+ozPHkYOLbB841j mvpsTyE5BzarrsjdXL/LUxyIX+rzPGW2e+4cYscg7qgv9OwnMQXYtLpkd5VtzZ0ZiAnqiz0H iE3D/h/HDdjWlXlqsI+u3+8R6g94bHU5bnt9jcdVL3ga6m2epnqXp62+wXOsvsnTRWIy1V7i a0lsFoibcMyjxiikLrUO0sY2Tw+2l6RdgdguEIcJD20wQSCGUWMPXBeOx+qPefpwvFPf5RlY vx6Xx/3Bn3EsiGMu6Ft9j2eInMNxYwBqnPgINsaCauz3CNRx3RjXrQPHYgFsjOsCMdoWsVl9 n4L3jc1w7BUcf+GYKxB3BcdYuK34WlwmMCYbdQv0z3bRHbFJrxbc0YEYy7bojrUtuROwLVq3 V8vuZMxr26o7jfApcB6XwTqH+Qd5HXLn1mnd+eQ4wl1UF+1mMIL1rS7WXY5tRF2CuwLzsy7N zW6KYwB1mW4LAfARg+gh2K26XLdM8ny3L6CDWCfqGHdHXbm7c13/QK/qKtzdWN/qqty9day7 v87iHsS+JwBij2CNRfQP+lxndw/Xye6zpG6wH3U+9zjpp1q+rtk9WdfhnqnrdM/VdbsvYVtU 1+u+XNfvvlo36L5eN+xewf4Pg9hJiAnqzrpv1Y2772B7XDfpvo95in1h3YxM183JurpLsp6M 12V5e91VOQ6vE+pW5BQ8TnW35HRcvu6OnFV3X95pp+XdOAbE9j9gm+06ucCul/di4PqIn8Hr oe2yEY+7PU7eZ0+UKzHP7ClyNbFhMI/2dJkj32XJIqljp+zAtty+W/baC+RG+17ZbzfKR+37 5OP2SvmEvVo+aefkU3h87aJ8mtgx6L/dIZ8huVcexXywN8rn7H55yn5UPm8/Ll8I8AfH4Dj+ sJ+Q5+0n5Sv2U/I1cl61ufbT8g37Gfkmrh/riX1Uvm0/J9+1T8kP1rkaWAcEfBQc2897NLiM /YInHJ9DNKL0c/oF8juKf/t/lL+u/0e5iW4//N8AE4sspg5Tp6nb1GvqNw2ahk1nTeOmSdMM pHOmSyZWlU6Cy6arJosq100rplumO6b7HM3pOD23/fVsLo5L5FK4dC6L28nt5gpMzSafIpwO g9vLGeEckX3XuH1c5eupXLVJ5jhO5ByvD3FerpHzc0e549wJ7iR3iuNMdkWgxGnuDDfKnTPJ ikCJKe48d4GbJ+3DLcIl8Xf4jnAHvNv/5C1g+Gf/XXZDS0BDDCBPkd3QaLIb+jTZDX2G7IbG IA4J6FlkAYkje6LPkT3R58me6AfJnmgi2RN9geyJ7iB7oslkT/RDZE/0w2RPNJXsiX6E7Imm kT3RF8meaDpo3hzKQBdAXiZ7ollkT/QVsif6MbInmoP+Bf0OfRz9T5BdZGf078jO6CfJzuin yM5oHtkZfZXsjH6aSqASUAHZGd1DdkYLyc7oZ8jOaBHZGf0s2RndS3ZGXyM7o8XUYepNxFBH qCOolOyMlpGd0c+RndHPkz3RfaDvP0KvU+9Q76AKsjP6BtkZ/SLZGf2SpkPzFVRFfomuWjOm eQfVgHbPIFazrPkd4kCL78BYUkhGvodcZbNRFpvN7mLz2EK2GKSM3c8eYGtYgbWxLraByDQ7 y15kF9hFkCV2mV1l19h7JmTSmiKwsE1sG3uM7WJ7iPSRdIAdgnSEHWMnsGDe0C8Cb15SeRNN 7o8ZQ8McfRjYg7migfHPAvZgrmgJV8KAKXuAQ3jnfBuwowI4hPnxBOFHBNktfxL6ZQYmYTZE ARfeBj5hHkQDCwaAT5gB29EPQZ4hDIghDHgW5n8aeIt3xT8Ac/5PwDA868+RWY8nO+HPw8yv oAQyx4lUFMzxC2R2k8i87iAzmkx9iapCHyIz+mGYURtKpVwwo2lkr/tF6ijMYjqZxZfILGaQ ne2PUj+ixlAmonQ5utyH81Hbpnmqtm2jsJfZq7XHarsCwl6v7VGlb6OwK7UDtUOKsLdqR2pH 2DtwZoOw90107RjIBMg0FpPOpId8tvZiQEzbaxc2iymO1LBQu6jKkiKmxNrl2mWTDtLVzWJK qV2rvRcQFuGyirBaVSI2iiXWksBGs7EBsSSzCaokbxRLGpsWuJclk8WC2LSNYskxJ7E5IPh+ uVgsuawd8ny2KCBczebaof58UkPy+sgyiliK2HK23MJAWrFZLOXQv6qAwFUP/1lU0W4UU7op C9okB8S0Uz2/++FIBMRUwPrY5nWBUnCPjkfFtBdgZDuJdLPdpn3q+UpTNeS9gR6BLJo4tn+z mER2EGSYPYvF5GDHFTF5TY0mPzsJs36UndzcE2jzcRijmXWZYy+tS64iphOY36aThLsDplOm 04RjZwhnRgmjzkE9U6S/HabzcIRbNEXqV2oCpphGySylWSosVWS2qvDocwt4oE17TRdAd46Z 5kFzekxXTNdMN0w3WbvpNoxVkekucHnC9AD4vsBpuPC9McDlVS6Ki+HiIU+CEV1i7fA5lctg q7hsbheXBy3G/F/lCsmoTXDFXHHtEi5RO8SVcfuhLqy1pEekpKIrmJtLtSPcAbafq6lt4wQ4 vwzlukDrljkbHB3jXFxDbQ/XxLVxx7gurofrI7o8ogg3wA1hfeVGTKOmUW6MmwBtnVU0lpvm Zsnd4E7cRWjNAtZJbhFqXuKWuVVujbvHo9o1XqvoH9ZAVstH8NHANTvhmxa+jYV57uYT+GR2 mE/jM2GOd7KTfA6byyXxuXw+XwSj3gEzoOUZYCnmXDdfDlLBdvK5CgNByFyRcv2EM3COrwKw bD8PjOftcP4SL/M+vpnv4DtZme/me9lOLobvZ+38ID8MZc7y4/wkP8PP8d2E41r+EqnnMn+V vwosHuWv8yv8Lf4Of5/txVI7JND8sKAjXD3Lrwh6dlzYjnkK6aQQxy0KiUKKkC5ksYywk50R dgN7GzEThQJhr2AEBs/AJ63Jb2HZaItFAI6wCRY7WNtci8z2W3y1q8BgFqyA1jwGliLZ0lxb bOmodUFvx/luS6elG+s1cAZGy9Jr6bcMWoYtZy3jwFCwHGANEjAHWK1l0jIJJWYs/bWr5jzT eagL2zvCYFKSWBnC4CQ20zJXu8a1gTW8BN+wUC4W9KbcchmOovEosAmcy3LVcp3vt6xYbmEr yCr2LxOPFRmzccsdbsFy30qDnctXbJ1VZ9Xju+E7WbezjDUOWzNIy61x1kRrijWdi7Fm1S5b dyqWi9guC7dg3c01sOPmVNwSYR/UjrkzLlQK1axW4LBAa5Og3cmCiPkhOAQvzwiN8K2fcIJh O4SjIMdhxnuFE8JJmLdTwmm2XzjDpwmj+FphlB0UzgFvymsXhCk+RxBBzgnnOZtwAe6YDP2+ xmlM19hyYV64IlwTboD2LAk3hdumxto1Nre2i0/m9nMx0LJh8s1d4YFZwyebw81R5hhzfO0i eIFudlg4xWaaU80Z5uya86Z58DR2013zLjYHas4150H5QpYxF5vLzPvNB8w1ZgFYmwZssICt t5ttZpe5odZlbmKTzW2gx2B3zcf4s9DDWLabiweOdJl72CJzn3nAPADaw0CdQ+YR9jpwpwNG b/DzN8wTbLN52jwL6UXzgnnRPM0OmpfMy7zFvGpeg9Ix5ntCNYS+Wj7HgkBXciwRlmg+h79F oqmX/rbO/KtbZ3LIRp5wiMF/q+FgAqIOVqHtB+NAEkFSDqZUMpXMwfSD6W8svLFwMOtgFs4r Kyorvtz25TZybifI7oO7K5srmw8WgOwFwdflgHRXdh80HjTCfWh9l/4/wT2iyLoGkXUNTVY0 ISTy1ZAVTShZy2hJ5BtG1jI6spbZRtYvT5D1SwSJfPUk8o0kkW8UWbk8RdYsTyMqqiZKJH0i zyBWH0dU9WnIT0B+RvPUa1HVpx4HxWchjwHEvweSFBTPKHgt9TGRAcjeArsUFF+FPO/xULwC eaGKYhVlCoqLlLyEBujgeD/gwGaUbIe85v1RkghIgWNBhQ3g2oCMLdCwAU1/AdoAx7ZA1xb1 YvRsQN/joRSP/QBg6D0woqA0T8FrY4+JCcD0FphVUIrn7eLjoRTP7YKKRRVLCkrLlNy4F+Y9 F46XAaubUYo5sPb+KD2g1nFPQTECaDcgYgtEb0DsX4AEQPIWSANkboGcDch9PJQYIc9X9GNL wHcl+wCVajnmMVEOqNgC+WqdHORVj4cSEXI2CJYgBMp41bwR4Idj+8N7BaPkqHosvz9KjgNO bKjDtwHNWwBfexLyDshPqfnprdvznugEdG+BXkD/Fhh8FCVnqh/a72B7G7CXATs2+tC+lJx7 1H6s8yR4XgPzEhijqaCxPf9om9ZtSrANCOhwQL+wz1A5XwpteITTVcr3JRcA84Ario3A/qXk hnIe96nkJuB2NbGv1UcVO1nyoPoUo6kmPoAJr1bse43CdwaPiWqfGfBpTLzSXyZJGQcmVbGX uE4MBtcLXGDALjIwdgy0gcH1lqnjGxhP3H7sJwM+rDhonHE9glIH/o4Bf8G41HZtnKcNc7Tu TwLzhPuK29KgtI1pCrq+Rp0//Bn3q0ztW5t6LiYISVtgo1/etQXyqh/61yAfu479QdjoYwP+ 8t/iJ9uqH/WFXdUPfWCQv1u3WQBmSM3BbzFj6nmwHwz4JAZ8EAP+h7mongcdxv6D6O0ZRZ8Y 8DPMomKLmCVVLwJ6oNpFwq1Z1c5ZgnTktmK38PXrNnCjbm3Qq3X7EtCt22r7V9U5Xwu6Xlb0 jQHfZEBKuw3gkwzYBxWpNgn6YAAfZIhVr3s/+7PRjm9VJtDmLezxOuxBeK97vZ897diAjXYy 2Fb2Vj+0kcE2MV+9tlv9Llex0aXAn9IuBTi2wfNN4poe9RxwxTAMx9iOqfFLKcRGhirVjsGc luKYaFWxZwY89ni81JigdES1Zdj/I9XOYf6Bjy6F+kqhPgO0txTHPziuAZ6V4jpxHLOs2k/V XpJrd1U/jJsWH9pRUpdaB2njqmIvSbs22uENNng9hgnYYdxPXBf+HjhVei/o+jWlP+TzkKon 0LcypJ4bCMLIFtgYC85uAXVcN8Z161gOwsa4LhCj/Vtis4TqR+OvtOqHcVdQjIXbSq5Nfjgm m3QL9M+Qs1mvDLnV6zGWAc4bihRbFChnYBReG8pVPgXs2ISiVwZVvwxgVwyq3hlAxwyygmB9 M2C9wuebVX52Vm+OYwCGbhW9Coju4fr71XzwoQ5inTCArzOMB+kflDNMKvpmAB9tmANcUnxP ALi/eI2Fxwn32XAZcFWtG/phuK72Uy1vgDWd4RbgDuB+NbFFRhoAazijHrBd8X8YxE5CTGCM AyQq9tiYovIUfKExHZAF2KmMl3E3oEBZJxiNyjgZ9ynljeA7jNUATokBsf0P2GYj+ACjQ0WW 4mcwt41eZdyNEIMa/QrPjEeVccTzaDyufndCreOkYsuNECMaIT40gu0xQjxmhDjMCHGVEeIp 4wVlfI3zqh3D/b+i5tcUPhghFjJCDGQEH2G8G8QfuCeOB4wQC5VCLFQarp5XbW4pxAOlMer8 gZ6UwhiVQgxQmhrE1cA6IOCj4Lg0QylTmq2cI09m6PRP/O3JjL++HTNNmmYa/+8qPYt+gFBY IiAFkA7IAuwE7A7KCwB7AUbAPkAloBrAAUSAA+AFNAL8gKOA44ATgJOAU4DTKs4ARgHnAFOA 84ALgHnAFbUN19R73niP/Cbgtgpc/i7gAUI6DSAcEKW0TRej5vGAJEAqIEOpZz3PVr7HbdXt AuQpfdYVAooBZYD9gAOAGuV+OgFgA7jU+hsATYA2wDFAF6AH0AcYAAwBRgBjgAnANGAWcFHN F4LKLwKW1HxMvW4p6PtlwCpgDXAPgbICtA9zPD7bQJO3RQNiAQlbfN6YJwPSAJmAHGUs/yKk P4ptuSryAUUABlAOqABUqedxzgIsADtADrrep6IZ0KFg0z06CX5Q0lcyUDJUMlIyVjJBMF0y q9WWXCxZKFksWSpZLlktWSu5xyBGy0Qw0Uwsk8Akg6QxmUwOk8vkM0UMw5QzFUwV/m9rAjsj k88+kGamA9DJdDO9TD8zWLLEDDNnmXFmkpkhmGMuMZeZq8x1ZoW5xdxh7htog86gN2w3xBkS DSmGdEOWYadht6HAsNdgNOwzVBqqDZxBNDgMXkOjwW84ajhuOGE4aThlOE2+P2MYNZwzTBnO Gy4Y5g1XDNcMNww3DbcNdw0PjBpAuDHKGGOMNybhY/I51ZhhzDbuMuaBFIIUg+Acf8bHZSD4 836QA8YaowBiA3EZG4xNxjbjMWOXscfYZxwwDhlHjGPGCeO0cdZ40bhgXDQugWf4wJa/xIDU X2LQkV9iCCe/xBBBfolBT36JIYr8EkM0+SWG7eSXGGLILzE8S36D4QN6Vu9Gz+k9+g70kv67 +mH0Kf2I/kdoj35c/xP0mn5a/zNUqp/V/wJ9Tv/rSAp9PjIkUoMaI/WRL6Mm8qsMA/8ft4yi oikbeXZlHP+97R0XVYCW7wCt3gHavAO0eAdo8Y61oGMM0GhQRnIuGbQ5OUI5nxytIlYFaG0y FEwGrU0GrU3OUcom56rl8TnQsuQitS5GPV+uokK9L/6uSvmczKIXS3pAgjUKp2NYp4I0SpF1 vSpZZCJALxDWrpIRol/B2pXDMDBXkeQXOBD57Q2a/PZGiF7Wy0ij/4r+KArV/0f9V1EY+R2O CP239YMwDz/Q/xA9rx/Tv4MS9ZP6n6Ik/Xn9z1FKJB1Jo9TI0MhQ9JHIrMgslPb/uHbqwRua T0PaFFoP6RPk2EiOt5Hjl9XzRZBmhzrI+Wpy/mvk+CikWaE/JMdF5Fi59mVybCTXfhTSDHz+ T3c1IqkHXxtO6k/UvAJpZegb+DmoUC85nw9pYagT0i5S5pv4vn8awcd/+u+kDd3k/DfI8Ssk zSb3fUVNcT2fCa0jd88nx/ju72pehOMCUmY3SfeovXuRlJFICz9N2v8J0n47uQofbwu5Q1oV j/sOjhjGLRRf9TzpdUWoFdJPqrVFkuOP/V/Wzj3Op2p9/Gvvtfb+TOMa4zaGJif33CW3g0rG 7QgRSeR6JJcJITlyq4YkRMn9SNKEyi0KIZdyJDrkUsdxEI7LKCTJfOa3nvfaf2S+39frdH6/ 36tX73n2s5717HV51rP22p/PDPyLPi+a5kFj5AeQnWUd7mtXUzwBuSlyoqmPXvql0D8Y6UVu iNwM5sGyGePzo2lg5SrBU7S/PrVEzqMvY1NVRob5ahcMoO4UxkrkvPrftKqEZRI9KiLjZvve E1ksPdFnX2QWLjKqHvo0GDPLpNfwdpgGa2GZx9SF7S3vlb777YK+8ml28ITlC9IXfzhyY3hY Rt4fIzaeD2dhX1Oo+2IzK+hluRRvt4vGOySyd4XS6dg/iP2ryEn4uQKPY3/D/M3qfbPDsr05 IP5F9i6h6WsOWTYUG3VN6LWEv8BNQq2xbIGfjmLvncTDMuQVlKZhn4N9JeTTcBtci/15Y2PP bx18ZmXWiB8Gn1o5LnqvZ7Db8oSxseQni406H4yz/EnonY40lromfpJhCnX7wOmwmMmhtIeV vxL63yFvhPvgLNNVZic8b/lKxHUwE2bALGGsuL3jTUb7Iyw/CuXvuMxEbgyfjuRMmAGlbgss r1F6QjQ6Ec0HaBa5eRfZqx1xHcyEGTALSq0W2K+kroI1gzctmzHvv6DZFVH6shT5MLwQyetg JsyAWVg2taeJu4IMYqyfZQ/sH4A14G2wLJwOf4KfRVwHM2EGFM//YvReFRu9Fe6OZOnjFep2 iih1CyGnSH+988EeK5eC9SN5PkyH3eEOeMH6LMbsX8eykNA7F3EcEbVNIg1NHA+FxIOVdyCP Y+3sgTug03xsbe6hVXcG24lA8XCb0MrpsDua/VZ+m+g6Tty+L7KN3j2sI9EPtGcSz3tIYti2 x/VLerRLIt9PQZOCJoUWptDHFNrTRlpio3257ekoejoBzyvhdLgh8iArbiirqVhYxGrqok/G czKek/GcjOdkGT27KsV/JpbfwR8i2dp7C/C/D2ZFcjr5it7B1YzYbvqyNiZ3eRo2Jqr7iqwT 0SwNPpH4QS5L5JRFLhX+0bK60M6Lba2HRuXguQ2lrSndSOk+SjewxlexQsvBVFZEDbLrC2EF y+fRnyEfXkWeIfum9z15NZ/LxmKprgV/tvrCZNSJ8DlGbDQ2d7MGDyLfAZdFefhJq8e/XwLG hDEiJ1wo4xOQ1c0Y6Uu4R+SwCf16g7Xfl3WRSKR9KTStWUfX0YyMVnEGq0N8rg9WWQ40KyWf 0N+99GUWlu1YfRNCyfb5kB8X2WYbySft0S+NMpLIt2PTCXm6W7nYf09ftuNzBv5j3OsVMtIJ WI1WtQvOymgL7e4jdJHQPTxsuQDLxsjXsP8gyoSy6nu7bCZ6PZtxmE3pLvgA7ARvg6VizeFy 7i6aERJFNquI3Aw2xHNZ5HuiHWeBlYuzLvajSYVHw5ISOewmC1lZ+WQH8TqxN42QncIbLwxu sCKuS62gIWs8B00bWI5VcFU86GKsryT2suqxukSdxMAa5ktheZ4V10DWoI32j8kkjjtYxVLa lNI+ZKH3otUq+qrot7GLtRb/dl4+JRNKRFVnx1xFG26nR1p6pFtg8z2afcY+PXr3o3mEcTgX /mx5jVpPkKMeQXOarFU+PCg7r7Tc0mXUceQWudcSOB1uC8tbfha+YtlY/sV57ysyz3eUboyY TgtF7hBWpvQCWUVy0UPMUb9wv7SK1s6XpwXvS54ZkpmXbPQfMmulhMrt7yfkWdRva8T/XpPf 8qw83fklhCqLOw6lv0Po4wLJA7oGOaSiUKcaq/G/wPNcLN/E8z+R0/C8h6jYIz69ltJa9QFt Pgc7BYlW8wvPIe3x3ICZqoSfve7JRJ5m7ROUyNNYKZN5rjtn+tN+idU/UDqHNu/nXvvxlix9 NH+XcQgYDfOzUA9nlouKN31QZNMAuRk9zaL9P5PBfmZdJ9Pa8/jcKC3Uten1bVFrpSVlkO82 9uTi7aLXHxn7vK1+oG2fU3cNNvXNAMkY1Oogz8N+B33RcqZ50HpuxAyuMb0ltv25Vj6AtzMR xdtC/NwTjZKx8kmhjbdSSp5X7QjoGOPwDrWGwGlEwlkjo7cSzbvMeAW8PUYL2yA/wwjMZ7Tv p6f9qXsGfgdbsfZP0JfxQW/k2yQqZCdVzJdagM+BsCet7YDPMHhd8kkUmdLfZ+S+ai42N8K7 hMEVeBBuQl8GtrQe9rmndLG0+6CwfnCInC9yM/fcjp/9cBd+duFnF36+xb4v9n1F46ejaYim jXvOF9nudFfgQbgJfRlksc/nzgLcZZMjT5st8NNC6vodkTs6WfxYbkJfBpZCk0Jc7WAkxedJ vF2Fy+AKuNzIfp2GzzR8puEzDZ9p+ExjlNLEs64klroSI7AND9uQ1yKvlV7YUV1A+4WrXX9F tm1bgJ8F1LqCB9HUpZ0/R5TVsclIG9oH1VjFMjvjjOyhW6LzlNxlh/mGtcx5SiyVO/uc4jRU gnNTc/gF3krg/xr8Bi6nbmfYjLrr0Z+Be4yN27CM9CvMFJr+YmP2BhtsBuBe4ZBAdsCujFU6 I/AL9vllVMNM1nsNWrufODkJp0Unu0PMzk5i8hCzdoiRIT5l9dkRKCczFRSznMcp0seyNJb7 kSdy94Yu3piLd0WjNTOl0bfA/iT8GS6DOznvLAtPcxfR5Mi82PkV+XRE5hp5vYsc0dhIaMkM tmTG7cld9dV/t2fw6kEey+Hhy/Ysz3rMPhnMtPZzea7bLWNi6slOZPqIrD+Er6FfJk+PZiHZ Env7/C/Pb3dQtxXPb09huVVO6GaXZG/NiVt3DGwONAUpXU2tt4WxkuiL4uEmXI79E8TJGJkL vVbGVh9DToO1hCZV5siUITYysP+UiDoiDJZgU4uoSBZLPYmZvYjcn9KKlBYnWpriwZ3ul8Pm 3KsxTy8L2RObyYjpk+wsGWTL7ewmO+WpRi/i+Xkqe9NioR6N5gWejrLwsxkegAfhEfycgnvh CPasI+y864XBVuQx0D3bX2Nveomn4so8Hx6J5HUwE2ZAeaY9IqfO4Bzj3wLLvLBe+KilO42O hhsiZsIMKB4+xJKnbrNWNJaiaSuaoBtR0ZWn1hGwFZzFWSadJ88hPOU243l7qTyFmnJE0Sfc EXudIRnVoLGUvpzFf9mI62AmzIDWW1BRTuvhp0TOrqCorZUHb4tgL3gIn0mMwLPI6yKug5kw g1Lp3bMyYmaTyLFS4Zuws/inlokoo7Qf/8tlNHRjngZHR5wP02F3SETJE12YyOw/jmUzyZBB 2WCXlS8FWy3fRP9NxHTYHe6A1STqKN2JZieaSfIkrN+Xder9hSfw0vCPcATPnKmc3erxTHs3 z8xTiasRxO1UeT70m+F5NfKz8qzrr6Ft/0D/D/FjWtH+Y6IxJSPOh+mwO5RVVl5aZe6Qc3r4 jot8WRf+KbzlgYt4WhjLakrihP40q2AepUcizofpsDvcgY0dT3On3CXYKm+ALcWGs7+lyO49 xjVG6WiQyYooLaWOnMdPy4nbnBVNsElaYtYhX0I2xInBfnRwnllwlHP3V3LutqMhUbHXjKVt ErEKeQMt30Cpy6WNYJ4gyVLJfAUlwnZWXiz64E4i+R/w2SijSv7ZSEadjs1k7N9l3V1kHeUh r9YlD89B/kTysI0rWyvYwrzsxOd6Mu0MPA/EW2XkdXJmN09Qmo7lRmHCJonwBM5owRt4jku0 xFzO/xunngxW6DlW0FpWByd9u34lh6zAwzt4U+YFW2sjfj6SthnO4DZTHWAuZCftw4l7qMjW QxY8wLrOggdYrVnwAK1dbWXeW5r1jNJNeRLQc8lRu6ChbZ/ISdy8BYcJNe+F9O7wRdn1WMXT kddiv5C6vAXVGaIJ+0k2CJ9CvxX747AjXBReE8a6yH6HzdsSObGSyEVhLbzdxJ63piZR9ghT SN7ImWpBMvEjsi9tCy7I7JtCrJ3R0buyp9krP5c4Eb05GZ3W5YSVyQmoHus6TXaKWHPm7iAz 1UDkMDHIZ0uvs3NtkPOyjV7JCU2lNNac/WWRrCabrz6GO8hLH0PZSVty7q6M/hj6Y+gvoT+F /gj6rnj7B3dx57LR7I8H4Aa5b3BcehTyHluv4iS+mJ1uNufxz+TcbbNcd0b4Z9oseamenMHD fKz6LFb3ZqHhbafNM9VoiXAvpXl4OsoTNiAfZrMW5pMxpHQMzIiyh9Q6RN74VM7j1mYO+jm0 n3wVPm/ldbT5QVPS8q9Ck8r4f0BPv2V2hmPTKbIUTWnORF9IH83tcoLWnNa1O9Md5kz3OTn5 OcYhhXmv4k7fREvxwOaiMIFaP/Oc8L6c04P+xp4vzFRy7CDqDqLuFORlci//Xu7Yk3lZyNnw JU6+B1gLht69Imd2U5kWPoYlJ1xNe4KJyKPlzK4HIzubgXioAx+X5yX73CjrcYMpJjsCbTtD hLtT9n3EQBq9rqY32h51ET/hMDhKaBaZFeRMWQsPiByMDEbSKhnJDtgostYm8lggpXqo7F+B h5+CjPwGWvi2nMf1UeRLcorXNZDT5BSv36MvBaQlAWvHdDIlrGYB7R+rL1k+r20MmHPy+Vr4 Fs+EPeQUb3sn7SkpZ3k9GZ9DI8oY5oOd5PwebICPyjlC/yp9D4syAi05lZ+g1hNyftdFkDdT epX2/JsWrkL/I5/+pMrIhBW4eyPYnf4OgHWiZ0vZT0tQa4+c5f2/y1lev8T4lOD95HFa2AO2 ZHYmMY+tZNZs3Fr6K9Ck0M45nGKmw8ZO5oQynVU2nZPOdDlV2VJ7EgnK80S9BcsJcG3wAplQ 5PywlSMeWuGhFR7SsMzirFdZNKYymkNo5piR8qaCk/Jd8EXOyw9zXn6YU1g9zndvylnJRoK1 9/theYQ7FuXJswreqkhd0xR5nCOaceLNchP6MrAUe7odmWA/vetv7KlQz8NnPfy73jWCz8nZ 07afXuCzMj4r09MsepolY2U6ieewafA1nCBRhIcPHBmfnsjNGYfGYWvGSvgQ5/ejcn63vWgt 78TMfu7bmhX0LR6u4K217FPSKptzhHNNWctuZrzVjySXcl6252spnQRT0DQyE62cbqRtVdCQ aU0p5uIi/FGodwuDvUJTBY6TukFV7lIEny1gfbgEbxlurPBwCVZghJ+FAyXXxXbJCCS0YTyv c+57ik8TBoocC9nvekhpUJ4R3o1lU+Q+Isd2ibeENvJMEsQ5D9ajXy426jLLTZmXechJeGiI zXvyfkA/IeNvkpmFD4iNO2X/0qeld3oFckHkMdgcg1WoVQYmMZtFpW6wWGY8WIK+FpbvMMuT RPYvoqkX1oFycu+PZQmZTRsnL5ADhfvwuRy5LG1OYgyfE721vE5rr7NC5ZsJg3PeVZ6qkPOF fMMhZ4V8jg8Hwkdhw5x3LHvlVESfId8oQN8zsnwXLsbDKGqNQlMcTrf8a+RhJXdcif6cfI8i Zzn8B3WFg3IOWz4ker9djrxBrQJfgMNhY3gYjhF6vlBdRVMTKqHuizwLLoW3R7J8EnGIulfQ TIcPUutV5CRKj8MbaLiL3x7NJWTnvyF3vwaPUPoL3IQ3jU0L2BH9yUiWNixDswJNGnIOtSoh n4bb4Fp4HsvWyNeRQ+Q4LB6XTyhOxCvJsyLtwV5NF412I5MCk0Xj0WuvE/wK/XfIG+E+bNzo tYvfZz3URn5YZL8xHAAXcZd9yEpo2yByLzgLLo3LU+sWPP8bm7/ArZTOxf9s10fkYsjTsIlj cyd32YCcQtvWULofy7PoJ0S9wyYnwfoZ5cYBy5ZRXTtK6jpj9Tz6mvE29NHu734+oTqFnAGf FHoH4U/wF2w+Q47Dm1iu4u7lYCqsAc/QQhefM5C/h8nx+y07IBdm3ie6iBW9vxL57ric1g8i 10dPzPgxYUgchiOEZgMesmVkwoEiB7uJhAz6eDxnrnxaiv3LLnLwNoM2/IzNLsannaxcu+KK szqE07C/I9s++Xi/0tN7YRs4ADaN+zBVeie0IylsTekYPLcWjY0T0VdAX5PROwyvwRNSqitR 2gvOgiOoVS66l1i+DbfCK5EsNt3j8gZ7KHJh0eunKd0Dr+LhHnpU3M0LI8B8eUfdDDIyC93q QO6NzRpG9WuXi2RszQFG2GWDJOQERnIb9tviTeStF/I36Ifj7Rk084XaZYZfiOfrjPZ0SokB G+3i83bqnmf8j9H+kL7sRk5GPivjb+NQxv84PBvpU/GTShvm0EKJ3vfhBngevRv/l2FH2AM+ H8nOp3xS8Br2a9APhMyR+oE1dY5xmw+/zClsmU0fE9F8iFyKVbmRqGiLfi+9PktpCfp+PmeZ 1TShdCj6BYwYa0rXQK6Jh2QZZ78ierfuvoDd8dkHD33wuR5NKWSXXV0M7KE9ZxhnMptnmKkG +HHZeK/LXTm1ZAyRd7s8jOVkLP8Q5WG5y370rHEzlhW6C/nnnDTbTreXLSbXHZRRMg2Qm6HP ws/PyGRj/zZIVvTLuMyAzS74Ee1/P36PJbuV9zk2a1zegOQZfyaj1AibA9BlJ6LdZ2+yo2rP O5oM470Dh0CXkSrAN+Az6IfJvOsuaB6B/YnnZyn9DL4LT7AixkeyjIbby7pSi6zl93R7HDMb MhfF4XSYCr+CxI/H/uJ9KFQ5yJ/AG3jYF82RyIytdwm5NmzDuG1HzudGGLkF7Bi/Ju2kVjd8 PgeXY9kU+Tvifz/xv5d1UQVWRL8EuS724/DDDqjiRAh7tHeKMS+BzSZiBtnmQz4XQ16OvjOy y+HEQJhJXBWE7H0BT0phaby5bPYH2rk2Z558CoaHnPjL9NHS20npJjdiZP72ZKEVsJuLJTLP Ufriw0TYO8rhkhlWk2+T0DTE2zUyz3ZKv2U0FsJNUcYQe8bNjvkc2uPkVPZosRkLn4NvRrIr HcAIi1wE/19S9zo2c+BaNG15R/oTbxdTkNuEq+1o540+dZJv8ozh21DZvCGvGGyU6BL6mXxa vYNzNO/ZvO+NfCdqC6dLPjnym4Z5JDPwadRekf2tyJfNYc7dfH4nZ42ca351Je+6E2V3M0/K Xm/ekici5KLmR2m/0IRmqdVc5rsTN4Tei9TqKwy+5v1MMixoRstaxkNtob/AfMHp7Ec+CZVa 6bA9LIq3uEm2lqv0c5Y79QnJmcjD5Xep/M5C3V4fkzOmWKrNQi8/tXYKzWGh7qpfsZpl1E2R tyL+Kup2pbScMGhLraNwN5wMT2n5hOioljHvqUdJ++W9hPUmmvpBF2zkFLBRNGqRyGoNmpnI N8TeXMN+n9C7qrdI7/RsyedYLhCaj5HHwhQ0J6iVJQy6IE+GhWDnSGNb5VcXWReV1qrXqdtf qEcJvSW0RPueMLgqf1MJ2fd90XibKZVvttfy7DjHf+VbPW39yZIl5H2Rv9F/VXrkvyTt99+W 9S6y/6L/okSmL7ttqth778OpQj0Jm00+3x/zp1m+pidZfog8Tb+DH5Fvx3IDd+xF3beQa8CY L59lZ3P3G35hWd0+MeAXp50FJdp9vp/gh1Zzn19AVrdfXs47Yu+1ge2E6ieh1nhojreOfgnJ Ff5X+HTySdlTRPaWY9kaD3Hq3oF8Gm717InSW0MbznnyqWJVT97K2nxpNTc9+Xw827squ4Os LO8qckuTJE8O3nFpj9C7zy9qWdhfL/ua9731kAwLwapC681SnUSeBgt5x7A8Jusa+TtvlOws +PzKtycLb6b3rdUvZZxDaY+fgp8z8CfW+2yl7LynG1saXx4mIf8LOZ/IfC6/OLwX/fuiD+RN 41/DJZZdYFN4QajPwhXCIC/6m0LfwFfQVMDmcWF4CMtKsDWlZZB7InfG8jQa9GayMFYauTyl n8KraLiL/htyH+SxsC2a8XCk0KO1fiNKv0A+TntCbKbDTEp3IH+IfBE+BB9FT490NnWdtz1w AnwSHsSyNjL90r9yx6eRt9Oeb+A5NG/hrTe16mK5G/2dyCuR5zMm65FHwIWwIrX+GrO7T1jS zY7I5gLMcXMkcpAXzU3kJm6O0MxwMyWyfhz2hOl46+bmi1oxN2vIjEl4yc0a9ivgaUrLCGOl 0XxK26phOQX2d+PD3R+ghVvcmIjGT0F2I8Y4m8WwIXdktL0fKWUk/Y14IOqCmXAn9ovg1/BP kF4bF2nzaecY7MvigTEP8tMG4scvR+zdhv0pbN5Dboyli7H7YX5hwntSN6EI7dTYpOHhI5iE viS9rsDI7MZ+FqWsEXOAWndxL8ZWz3TrjjE8RF3G1kyG5fGzGpvq+Gc8/fuouwY9qyxwsdqP e7mVWNrFHn6+RMbSn0St89i8Bl2EMHp6iItk7nsnY7VS6P2IZi73cnF4D2wA21F3H3ItPNSE Z+Av6F/kXr2QH8YP/Qq4e1AHy6n4mY3MyPvkB7MEDocdsXF3/Dt0EfIJpU9B5kWX4I6DISMf Q2OucMdR6F1OYw0at7pZuUEBNIUgmUETFRpvvstUZBX/B+ypa4bBd+Ey9C43Iuuv0OxCPsbd iSvN2vEvU4uoC9xqcj3ahE0i9vPQuHnfjL49TIa0WZMzwwx8ulYRFeZbyJoyxIZHy8PnqfUc 9jeQWYlmNDyMnjnVjH/QFT05ypC1DPHgk9VNX/gx9leJmbHEj8tXmZBcFLCO9AQ0LnNmUdfN KfOumamQWNKPQdaangaJ3theYQJREbB/BUR7yGjH6HtIqcFek6N0PfiQ3F0pOaeYv8blM68u sCm8INRn4QphkBf9TaFv4CtoKmDzuDA8hGUl2JrSMsg9kTtjeRoNejNZGCuNXJ7ST+FVNNxF /w25D/JY2BbNeDhS6NFavxGlXyAfpz0hNtNhJqU7kD9Evggfgo+ip0c6m7rO2x44AT4JD2JZ G5l+6V+549PI22nPN/Acmrfw1ptadbHcjf5O5JXI8xmT9cgj4EJYkbolqZuDTRPkGZSmI3dD H4P0JbwEq1E6BfaHD1BrC/dNoYWu5fTXLIYNqUuvvR8ppUf+Ruoy+8FMuBP7RfBr+CfoWuhm 3PVrDCyLB/oe5Mcn8+iXIwZuw/4UNu8hN8bSzfX9kFoJlCYUoZ0amzQ8fASTKJ2FTGSaA9jc hWdGRtN+vZrS6vhhZPz70K9BT/QGLgb64c1FuIvVL9Fj409Cc57S1yCz4zMOegicizc3j/fA BrAdpfuQa1GrJjwDf0H/Ij57IT+MH1oecJegDpZT8TMbmbHyWVlmCRwOO2Lj7vh36Ob0E0qf goykLsEdB0NGL4bGXOGOo9C7bED0GrcuiPmgAJpCkDWlmUeNN9+tcdaj/wP21DXD4LtwGXqX VZD1V2h2IR/j7kSCJsL9y9QiTgIX865Hm7BJxH4eGjezm9G3h8mQNmuyTZiBT9cq5t18C1kF htn3aHn4PLWew/4GMmvHjIaH0TOnmvEPuqJndRsiwScTmr7wY2yIauMySRaymylmUzP+IRGi H4PEvJ4Gib3YXuKfuQ7I5wGxGjKGMXoUUmqw1+QHXU+oRvgXrXzZ7FXyW5mJvA2YajV55Tyu G8k7Bz2R9wktKF0QBEq+F5EkscdbFF80/r/RT+V7dyHvQIxovDnouwqDr4WmKvYpeEin9Kww HILcFzbHJgsPV7l75+jNxl2W1+XNif80muumqvjhLcq/eItSx739QHOadykn0O+h7kbemYzE JgsOd+9PpNf+AN48dAjkd39qC3VB3qLsk1KVI7JXGM1GJ4tNkMSIpaJPiCgn68JmntwdzTK4 E5YTxmfkyPuotjl7xRtyZznJ+vtE9h5E7kJpU+RNyIexHI2cgFyf0s+odQ5NIecNzYm4tORu bApRqzrsSek3jpQmI9+g9E083IX+bfR1kCtRGiL/Gfkl1waRvSOuDZSOFDnePueaHYFyaFYp eTtxFHmByLqAyCpHqBvBy2huIHOu9/8pDL4WGg+9D5dTmiD0riJnwerYK2ymwkpwIqXDacNM 5J7Iy7jjeWxGIX9O6QD8JKLvy122wSVR+6U9/dGsR7MRTob0V42PH5BZiH8icYhmZFze+KXi eVDUBtEvkjnyTwnVd/hcCadx95tYXndtExt9PC7frGuMvqn493+Mv2P1cdXatqoglv8Sjf8D fjrg/9946yr2YSn0L4us/fiHlkXF3mx398XnAMZngejtfcXbw7S/ZM4Nq2lIa39yvRb7oD33 nUK8VcX+FJpBMg7qB1qeV/RefhiP37T6L4X+cNhZ6G2Dx+E5bNYI9QO0pzORUxsW5e47o9m3 GtUlLqtyDyO8CFagR0Nc/LuZdS1Bf1yYgJ8Yq88+/do+hsWpmyly0MzNr7Q56EKP1kSzsBj9 Jzz7fSjvkF00Rn25zOzcZHwusxLT0ch71H8hV8fDTEasMHJPahXCfjs2G9F0Qx6EfhojMw15 Jf5TkLdiMxT7VXjrjkZjvxrLBCk1GbSTPurmRDIrWs2lJUYYjqbXbWQEzDyhn+LWF3P3TXw5 s7Nc8jm14ozD8YiLZTdBf1Voc73M3fe0qhxcBqszGntoW3Vpm51ZF9WX+ZRBSk/BXfAbLOvj OX/k7TIrSOIkk54aNGuw/xbNBeQl+GyCpiXshP5mNFOLkUUzhrsswKYbXI9NfdgmWu81bWsX u15EsSer5kuXK9AfhYPx3M/FoRsNxucDVt9yYqkrs7AUz52dPXXr43kkmvVormNfVBVgNBYT AzLmcUY4Af+v4+0C89hNLG3LP5F5lDbb52rx0B77VVg+4eyjfCh3fD0+W1oY5UxF3qa/6nXu Ln72ughhJa7jvXGW6i1P0UJ9NqedlR+h1+ewSSfGvpNsEExBX4b2t4ziSkZvlS/fNOuNZizx WQ19CjzqcinZZiS9zo9+OEyAy+hpBn1Md2NLpspkzOuiaU6uG+PaFnmQ/Pma5E/bQonw4oxk TWz6cd8b0Wp9h8/03bq7SWYuQWvd7ub2FxnDtpKLzMf0IjVnDKUFiBzLkD0rtszlHMa/NTmn IbwRrQJ7rxjrTneO5lryTBM3PlE2EP0+VnoK8ugoc0rpXPQDiNuiyK3Q98NmD3I6+grsVknE //ooA1+WvyaUc4Js2d6W7mNmq7mdKy5/I2VNThF2tN4y+5IN7LNKe3JFacbEMl5WPCjF3w9U Rn63KHq7KFSJ6BNFr5Ro4m/IN8Pjm+Xb+/E05CnIDyIPjPTz5X2+fP/fajIp7S7fbZPfI7Dy DuQs5Asiy+8cxQfLd+bjM9DXlm8wWg/v8Zd8vlTyF5M2Ws6WzzFVW/mt/3gz+d2T+Hj57ZX4 xnCA5bcxWys7C7mYyLadr1oeif0grQpPyV1il5C/Ff+xs8i/IovNYPntkvhjofyNpjdiPWBv +btAtK2pa3Mof81pVMzOZnxciGdKJ4TnaPlxvBXEUjgu1kS+4xeTv0c0PkE+9WgQTGRk1jAC /6QXBUSDzRsJXeQ7hOFuy9ej1toVHX82Vp97if7Z8Ab+H8P/ZP6Wkegnom8u38+PT4y9Td3K 0rbYY7Rf5LHI48PPLT+NXbdsi34W+mZhOcuRsUeQK9K2R+ndIbFPiDFK8h3FzIQE5lHqLqJu WjiJe22wrIKfJ/HzKPIs5DT5OwDW5wj8iJzJTKWFRdHYiI2/Ev4k4xBRNGuR05AHIzcP9tLf q9J+4q0dTAuk9DGYFqtMXIncIFyKjcThH4nAivJ5pZ3fYoxtMVoufCr2PvoPLJ9BnoA8ONxM GzYTRVPQT+GOq+FrcAZ3/xruR/M1FHko4zOUVVCL7wao7Bwr3yHfFojnkc/r4zWy5S9TlYIq W1ZHefmsP17DMduu/XiR7E2W5dCUij9PaSp+UtHgB581su36jfdxfrKlDRWz56OXtVA6+zPu 9Y1lUnYWGuEdsEb2ESh5pmb2GcvC8fvZJZRK9F6/rbXSvZ4dMkAl/XlIn6fU+AE9hg1S65U9 Wz7c/v5UZTNlTo4qqvKqUKWoP6hCqqq6R9VX96lWqrPqZn20t3mpv0pXw9VoNV5lqKlRjXwq pkqpu1RhVU3VUQ3U/TbvP6rsvKmHVR/1lHpajVB/URPUJPUq/8amq5VfJdh8VlYlqerqXnv3 B9SfVBf1hPJVB9VXDVBD+BdBJ6rJapq11i3atm2uWrd/6E+pqm+H9q1S1QL8FOfv5d5hd4hy qoiqof6omqrmqo16TPVQWlVSHdWf1UA1VD2rnlcvqJfVdGolqlRVXsm+W1c1Ug+qh1RlNYOS EqqgLb1TJasKqpiqpeqpxqqZaqHaqq6qp2393eoR1U8NUsPUKDVWvaimqNeidtyu8qgyqqSq aOXaqolKUy1VO/W46qUCVUV1Uk+qweoZ9Zwap15Sr6iZalavmkN76bEwA06Ds+EiuKxXjwHD 9AfwY7gd7oWH4YlePYb20RfgZXgdxoXGwMRevQamm4KwNLwb1ofN4SOwd+8BT/7ZpMPhcHTv QYMHmvEwA06FM+EcuAgu7TukRy+zHK6DW+BueAAeg2et4x7mMrwO48LADBj0zMAgERaERWEK LAMrwKoDBvcaENSG9eH9sDlsY02GBB1gF/gE7AsHwCFw5GDxNgZOhJPhNPg6nAcXDx7Se1Cw DK6Ea9JF/zHcAnfCPfBreBgeG2pnKjgFz8HL8DqMC8Nw6JOD+oZ5YSFYHJaGd8FKQwf2Sg+r w/qwKWwDO8OeQ4dWrxEOgMPgaDgRToEzLWuG8+ASuByugRvhdsta4R54AH4HT8EL8Kpl7fCm MObDBJgfJsFky3tiqbAcvBvWhHVho6HP9BwaawpbwrbwEdgV9hz6TPrQWD84CA6Do+BY+OIw O9qxKXAGnA0XwCUwE8qzuG9zT5H/4qe2qztFlfq/kuwz2X9kYP8LbS5N4I8J//+5Mlw52VOp /4P5fye1zW55bab/f5M8m6n/dxb+3dTMiGYn8RRvr9jh5H9hnt/NQr+bpf8Hb//dvJP2Gn56 v6G0/Le6Av+R2u5YxewO9d9JxZF8uzf94b/6eZfdm/+bn/Lvq//+n56q8DtY8XfwP4+bZ3fz /8yCv4u17O4/0j77zFbL7LPT5+qwOquuewleca+CV9dr7nX2+nkjvQxvtrfMW+997h32znrX /QS/uF/Tf8Kf6i/wV/qb/b3+MT/Lj+v8urSuqhvpNrqbHqTH6Kl6gV6pN+u9dv3K/RJcbOtB ua7H57qemet6c67rLb+5tutGn/jNdWhTRlUV835znTj51uu812+tX6D1rf6TPrj1usgjt/ov 0j/X9ehc9gtyXa/KdX3i1uui1XNdj8l1vTTX9d5b259y7dby0oVuvS6bket68m+u7botOyVX +TGufZvFC7kell/uflZIp8TYHFrUZo5yTlvx7uhnnehnk+hn6//NunL+6Gfx6GeZ6GfVW1tR uf+tvby76K3X8g8L/Na+Zpdbr2sfv/X6nt25rvfcel2nX67r/rmuJ+a6fjHXdeat1/c2+U3U WaH+/bmue99qX79vruvc5SNzXY/KdT361ln940jL/HakenmzVF9vHrtMT/uf8mZ6M+U9Y1DE 6uTfBNVBYpA3yCcWnu/ZuvwbpB7/BqlYFFJh3lcL5M07tUBigbBAgtWE3kXvorX7wfvB2l32 Livf+8n7Sen8L+V/SZn8k/JPsju1RJCvH9TNpUV+IV/uV1AFNk8U1kV0ZV3dXgc6n7Z7qS6o CypPJ+kkW6OSrqS0/j/sfQeYFcXSdlX3zOk+E3oIS85RlrhLWGBZcg6Sc1hyBokmBFEERAx4 UVFQBDGiXEyYyChJEUSSgOScJAtI/GtqjwjK/T//G77/e75H+qGrz5mwU29VV73d02emlCxF V49YkjTKTKOqofAKrIQ9cBnjSBNNusV5L4LwnvFeonqSN5XqZwmDdJQj8lLETaDRW0pQEqRI R9ddiqUXJJDMRJ8TWXpBThD0KTfVXpCX6hCx0O+zQ/6gMEjS1wnuYukFRUhq+hzP0rtlz6Kx PYvF9iwe27NEbM9fr/dvfL2T+Xqf4+v9dcvzvOUF3jLl1i1BOr7CDHyFcXyFv27JzFuy8pbs vEWAElSo87oiXAufTtDRIhMhL72nvKfBoquLANmQrKjoPCjCu7xprAD42edd2abA1kS8jJfJ sjfwBqFlCxssPq/N543weZXILrKDFvlFfoiKIqIIOLK+rA+uPcAeAJ59j30P+PZgezAYm0Yp ENgj7ZGQzn7YfhjS24/Yj0AG08v0goymj+kDcaaf6QeZzAAzADKbe8w9kMUMNoMhqxlqhkI2 M9wMh+zmPnMfP1P/QchpHjIPQS4zyoyC3Ga0GQ15zKPmUchrHjOPQT4zzoyD/OyTBdgnC5qn zdNQyLxuXofCZraZDXeZ98x7UMT83fwd4s1H5iMoauaZeRSmPjWfQnEz38yHEmahWQglzWKz GEqZ5WY5JJiVZiUkmm/MN1DarDVroYz5znwHZc0GswHKmU1mEySZH8wPUN5sM9uggvnR/AgV zU6zE5LNbrMbKpm9Zi+kmP1mP1Q2B81BqGIOm8NQ1Rw1R6GaOW6OQ3Xzk/kJaphT5hTUNGfM GahlzplzUNtcMBegjrlkLkFdc9lchnrmqrkK9c11cx0aBCFNaBjIQEIjtvfdbO/G5CsONCFf 8aBpYMhbmgXpyLuaBxnIu1oEceRdLYPM5FWtgqzkVa2D7ORVbYKc1EfaBrmpj7QL8lIfaR8U DApCB36efcegXFAOOgXlg/KQGlQMKkLnoFJQiec9xlD/GEOeFGAAozE75oJHOK6MxfbYEcbh ABwIE/h9xhNxCA6HJ3EiToRJxDWmwrN4Bs/AZLyAF+A5vIJX4PkwEMELIiIiMEV4woMXRXqR Hl4SmUVmmCpyiBwwTRQQBeBlES/i4RWRIJrCdDFc3AuLxf3iflgqRogRsEyMEg/Dl2KsGAvL xePicVghnhfPw0rxongRVok3xA+wmmKSgauyrCwL12UNWQtuhD6NQk6X01Faw63X0LIH2gOx tD3IHoRl7CH2ECxrD7OHYTl7lD0Kk+zR9mgsbz9qP4oV7J2RyVjRmeq8jaectW5dvO619p4U D3qveQfE+/67/gfinL/C3yAum3qmsdSmt+ktA9PX9JXpTH/TX6Y3A81AmcEMMoNkRjPEDJFx ZpgZJjOZe829MrO539wvs5gRZoTMakaakTKbedg8LLObR8wjMocZY8bInGasGStzmfFmvMxt JpgJMo+ZaCbKvOYZ84zMZ94wb8j85l3zrixg5pg5sqCZa+bKQuZj87EsbD4xn8i7zGfmM1nE LDALZLxZZBbJomaJWSKLmRVmhSxuVplVsoRZY9bIkmadWSdLmfVmvUwwG81GmWg2m82ytNlq tsoyZrvZLsuaHWaHLGd2mV0yyewxe2R5s8/skxXMAXNAVjSHzCGZbI6YI7KSOWaOyRRzwpyQ lc1Jc1JWMafNaVnVnDVnZTVz3pyX1c1Fc1HWML+YX2RNc8VckbXMNXNN1jY3zA1ZhxwQZd3A CixZL1CBkvWDaBCVDQI3cGXDwA982Sigf/LuIH2QXjYOMgYZZZMgU5BJNg2yBFlksyBbkE02 D3IEOWSLIFeQS7YM8gR5ZKsgX5BPtg4KBYVkm6BMUEa2DZKCJNkuqBBUkO2D5CBZdghSgsqy I4/zkPlUWY61xcLch52wE33dE3sCWp9Zn4FQWmmQeqweS73nr2j8VzT+90Tj37wvO3tfyNgF 9o0c/MvH/vKxf5OPod2POH86zC/KyjpWW8gJyVADGkBzaE+jjn7E30cQH5gIk2EazIJ34SOY D1/CN7ABtsM+OAZnidkDRtCLLgYZ/SI6P7qE5YLoUpYLo8tYLop+RXI+tZaznB9dwXJBdCXL hdFVLBdFvya5gPb7huX86BqWC6LfslwYXctyUfQ7kgtpv/Us50e/Z7kguoHlwuhGlouim0ku ov22sJwf/YHlguhWlguj21guin4JgraupnpBdB3VC6ObqF70LyDyI2v+RXRHDJmdMWR2xZDZ HUNmTwyZvTFE9sUQ2R9D5GAMkUMxRA7HEDkSQ+RoDJHjMUROxBD5KYbIyRgip2KInIkhcjaG yLkYIudjiPwcQ2Q76f9F9AAjcowROf0vInIxhsilGCK/xBC5HEPkSgyRazFErsd85UYaMg6k IeNgGjKOSEPGkWnIOFYaIo6dhoij0hBxdBoiTjQNEcdJQ8Rx0xBx/DREHJOGiBOkIeKkS0PE SR9D5AIjcjX0FCcSIuJ4/xoiTsY0RJy4NEScTGmIOJnTEHGypCHiZEtDxMmehoiTI4ZIzhgi uWKI5IkhkjeGSL40X3Hyx5ApEEOmYAyZQjFkCseQuSuGSHwMkaIxRIrFECkeQ6REGiJOhhAR Jysjkjv0FKfIv4hIqRgiCTFEEmOIlI4hUiaGSLkYIkkxRMrHEKkQQ6RiDJFKMURSYohUjiFS JYZI1Rgi1WOI1IghUjOGSK2Yr9SOIVMnhkzdGDL1YsjUjyFTkhEpy4gkMyLVQk8J37QaXjfP 0bWFeNwgZshGsonsJXvLfrK/HCbvlffLB+UoOUE+ISfKJ+VT8mkau+yT++UBeVAekoflEXlU HpPH5Qn5kzwpT8nT8ow8K8/J8/Jnf2T4DjRcj+vpD7wa/gJaNpQNQcjGsjFI2UP2BEv2kX0h IofKoaDlcDkcovI+eR8xgQfkA+DKkXIkePJh+Rj48mX5MmSU8+VaiPMf8h8CsiqxEMfKbeWx 8lr5rPxWAaugVcgqbN0VakZX9DPP9SNkvWVuokQ4yyUHhHvQkXfF9sh5yx4lb9lGvVkOoL3B irPCJ8UVsYqAG/u7cVYmK7OVxcpqZbOyh09GpD1++7vhHYDAymBltGwrYilLW1HLsVzLs3zL 0BAinZU+vP9Buo2mSwiPEVZlqwp4VnWrOoQzMEmQVb4l35Fz5PtyuVwhV8pVcrX8Wn4j18hv 5do7IR7OqMk35Zt0xrfD347L9+R7hPdcOZf0mC+/or+3Tx6/efY3aa/3aOt8uUAulIvkYrlE LpXL5JfyqzvZmM/+lnyLzv6OfCdcVSjn0Nnfl+/T2ZeTXSzWIzx7SYi741nvoAdjti+GWXjc n/QuPi70BjrOvkfMg8dgLIyD8fA4TIAnqF8/CU/x+4EnwbPwN+rlz4WrC2AKvAgvwVTq8y/D KzAdXoUZMBNeowjwOrwBb8Jb8Da8A7MpHrwHc+DvMBfehw/gQ4oOH8M8+AQ+hc/gc/iCYsUC WAiLYDEsgaWwjCLHV7AcVsBKWAWr4WuKI2vgW1gL6+A7WA/fU1TZCJtgM2yBH2ArbKMY8yPs gJ2wC3bDHthLEWc/HICDcAgOwxE4SvHnOJyAn+AknILTcIai0Tk4Dz/DBbgIl+AXuAxX4Cpc g+twgxwaRTPRXLQQLUUr0Vq0EW1FO9FedBAdRSeRKjqLLqKr6Ca6ix6ip+gleos+oq/oJ/qL AWKguEcMEoPFEDFTbBXbxHbxo9ghdopdYrfYI/aKfWK/OCAOikPisDgijopj4rg4IR3xkzgp XXFKnBZnxFlxTpwXP4sL4qK4JH4Rl8UVcVVcE9fFDUqDKIWU0pK2jEgltYzKZrK5bCFbyo6y k+wiu8qBcogcK8fJ8fJx+ZycKl+RH8gP5cdynvxcfiHXye/kevm93CA3yk1ys9wif5Bb5Ta5 Xf4od8idcpfcLffIvVYlKyV887K1ydpsbbF+sLZa26zt1o/WDmuntcvabe2x9lr7rP3WAeug dcg6bB2xjlrHrOPWCesn66R1yjptnbHOWues89bP1gXronXJ+sW6bF2xrlrXrOvWDTu9nVk1 UnerxqqJaqqaqeaqhWqpWqnWqo1qq9qp9qqD6qg6qVTVWXVRXVU31V31UD1VL9Vb9VF9VT/V Xw1QA9U9VAZTGUpluLpX3afuVw+oB9UI9ZAaqUaph9Vo9Yh6VI1Rj6mxahyVx9UE9YSaqJ5U T6mn1TNqknpW/U1NVs+p59ULaop6Ub2kpqpp6mX1ipquXlUz1Ez1mpqlXldvqDfVW+pt9Y6a rd5V76k56u9qrnpffao+U5+rL9R8tUAtVIvUYrVELVXLwvc2q+VqhVqpVqnV6mv1jVqjvlVr 1Tr1nVqvvlcb1Ea1SW1WW9QPaqvaprarH9UOtVPtUrvVHrVX7VP71QF1UB1Sh9URdVQdU8fV CfWTOqlOqdPqjDqrzqnz6md1QV1Ul9Qv6rK6oq6qa1pqS9s6opXWOqod7WpPfaA+VB+pj9U8 9Ym6rm5o0KiFs9hZ4ix1ljlfOl85y50VzkpnlbPa+dr5xlnjfOsuc790v3KXuyvcle4qd7X7 tfuN+6271l3nfueud793N7gb3U3uZneLu8fd6+5z97sH3IPuIfewe8Q96h5zj7sn3J/ck+4p 97R7xj3nnnd/di+4F91L7i/uZfeKZ3sRT3nai3qO53qel85L72X04rxMXmYvi5fVy+Zl93J4 Ob3c3l1evFfMK+GV8hK9cl55r6KX7FXyUrzKXhWvqlfNq+7V8Gp5tb06Xl2vnlffa+A19Br5 8X5Rv5hf3C/hl/RL+Ql+ol/aL+OX9cv5SX55v4Jf0U/2K/kpfmW/il/Vr+ZX92v4Nf1afm2/ jl/Xr+fX9xv4Df1G/t1+Y7+J39Rv5jf3W/gt/VZ+a7+N39Zv57f3O/gd/U5+qt/Z7+J39bv5 3f0efk+/l9/b7+P39fv5/f0B/l5/n7/fP+Af9A/5h/0j/lH/mH/cP+H/5J+kuJsvbUaWZ0ZH ixmCIijPd74mG1B+3yzvpvz+g2wvO8A2mSo7w4+cQ3fKwXIw7KKM9yjslpPlZNgvX5IvwQHO 7Ac5bx3ivHWY89YRzltH5afyMzjGGeKEVdFKRuB5U2Eb22CCHWfHYSLPjJaOHI+cxiOqkqqK J3mW9Jyz1tkrhHPctUUWN3CriNI8V9qNZ0nfomx/FqLEDvJDcWhMDGgaZYDFFJ3pT7hrQAQB t85yK7xHkw4yQ07Pp8+5PMpyQR4voDqfl+HXfT1iAEG4xiQDnTU3MYCiaXePvDzh914+qtN7 BajO6BWiOpNXJjzSdAjPaDqGZzSdwjPyuWryWWP3aEwT+uSaplT7ptltW1rxlta8pc1tW1J5 S2fe0oW3CIiS1RLIdhVE+I6tSqISCFFHEIMU9UV9sEQT0QRsZ5uzDSLONecaKDfJTaLzCfsd 8f1/KMfenmH/d+fX/54MG+bQP5s3/5M5M7MapIaoYWo8ZaAwczalnNmGs1lHykxTOU92pxwZ Zse03Dj4T2bFx/+LfPjHbPgG5cHfMuCt2eV/WDb8LdtpSTn8rduyYiNiHyH3SGMeIe/ooNpr K4136Aixjh7EOGYz53hX9dc2eW1r8tTOoV/+mjvFwNvzptfaa+O19dp57b0OXkevk5fqdfa6 eF29bl53r4fX0+vl9fb6eH29fl5/b4A30LvHG+QNvmO2XXPnfGuamKam2Z/Kumf/mHdNK9Pa tPlD9vU94wWcgzPcMQvnojycx8vnFfAK/ZqPTUfTiXNymX+YlWv+MS+bVNPZdPmnsvPtubnm f0N2boICM9FQNjsWgThsii2hAN8pLYKp2BOKYW/sDWWwL/aFstgfB0I5HIQjoAKOxBegFk7D 6ZCKn+B30E0MFcNhlLhPjIJHxGjxKEwQj4nH4UnxhHganhWTxGR4ge95ThVTBEV7HuO/Kj2Z AWbwCoy3ZGZZFN6WxWUpWCgTZS1Yyhl/E2f8zTx622LNsr6DY3YmOxNmjUAEMFtERARmj9Cw GXNEskSyYM7Ic5EXMVdkamQ65o/MiMzCuyJvRN7GYpHZkXlYKvJpZDFWiiyNrMdakQ2R7dgq sieyB1Mj+yMHsXPkcOQodoscV4A9lVAaH1IOMYQxqrqqg5+reqoBLtaD9GBcpofqe/Erfb++ H1fpkXokrtaj9Wj8OryLht/o8Xo8rtET9AT8Vj+ln8K1epKehOv0ZD0Zv9PT9DRcr6fr6fi9 nqln4gb9pp6NG/X7+n3cGm0QbYDbnHec2bjdec+ZizucD5z5uMdZ6CzE45Rt9+IJ55pr48+U bavgdbee+5pQ7uvuUtHVO+gXEaP9jf4e8VXaShgak87l+y6dsFfsm09v+QYhmWBMYyCFidmU pe1vUgnrucQN3mQZfloU+7SIPu2kEq7HKYbFyHdKYklKehWwAp2zLtalFNMQG4KFL+FLvB5n NXS1C9qF7ML2XXYRO94uahezi9sl7JJ2KTvBTrRL22XssnY5O8kub1ewK9rJdiU7xa6MG3ET bsYt+ANuxW24HX/EHbgTd+Fu3IN7cR/uxwN4EA/hYTyCR8OnxeEJS1qWvCAvykvyF3lZXpFX 5TV5Xd74V76zSBVL8HyDxStm0/M9raxUJOSkYvF6TJvQKw4KSlHRhGoyscUUKg5UoeJCLagN HjSkYqANlQDaQXtiialUMkAPKhmhD5U4GAbDIRM8CCMgC4ymko3XR2XHANNBDuqp2SEX5sbc kJtXNuThFVN5qde2h3x8bzc/99cCOAAHQEFe61AI78X7oDCOwlHUs5/AJyAen8SnoCg+i89C cerH06AE9eNPoCQuxWVQClfiKkjEb/FbKMOzTmW5/yUxs27Ac0+pPPfUhWfEst8yI1aK111V EsRQIZdIFInEH5NEUvg7PFGLtjQQDYg/NhfNiT+2EW3AJhbUEyLEf/qDctY560E7G5wt4Don nJ8gnXPKOQsZ3JxuLsjs5nHzQ1a3kBsPOSmbLId8lEu+gYJhnoB4yhOHoVgY1aEURfWckEix vACUo3heCJIoosdDeYrqxaACjbRKQEWK7KUgmaJ7IlSiCF+GbPV7XRJYl/qiH+mS+zZdKoqK tCXUSIqmNLKxWCObNYoQ22sPivXSxOWGQJT1clgvn/XKwHrFOeedC5DVueRchRysY17WMb9b wi0Fhd1EtxzpFWpakjVNZE2TWNMKlA2PQwrlwrNQlbWuzVrXpSyVAg0pR9WkcUraPdhG1D97 sEaJoY7hMw0hOaZjYmyfItR7n8UpN78T+C5+QJ/ibu5HPeAOGKQIwo2RsNi2NuMRYTwU46EZ jyix307gMCouW9tjbHxnhjMDDI3Pl0NAY7CtZPPtzl7I6RwnVAo6112bNA4IiSpuebcK9CQm sRYGEmfYAiOII5yFMcQArsALlPHzwHS2+eds8y8oj98F89nyC9jyC9nyi9jyi9nyS9jySym/ l4NllOPLw5eU52vCV5TVG8E6YjqpsIXYTW/YRYxmMBwibtIMThLHaANnKNN3oXEARUIaJw0B CMeRUCOca4Bm4ZobaOEu856EdXRMd5z6p/fj54r+h/a+6Q/Qja1amn2+6S3+UPo3f4CWUOXm dwLq0Aj1N38oHc53O/ucYwBuxDUQdavSX8sQfstj/bQrycfXkBC7yl+vNZmi2T8R3enITLG1 omEsRI6FkmOhxbHQ5lgY4VioOBZqjoVRjoUOx0KXY6HHsdBwLAw4FqbjWJiBY2FGjoVxHAsz cSzMwrEwG6C9NcyXorFcai+0V9rrodp/eV9IoIMZ6FrzY1EsjclYAxtgc7rGbtgPB+N9xKXG 4AR8Bp+nvz0T38I5+BF+jotxOX6D6wmhHYTGETyJ5/EypaGI8EQGkVXkFgVFUUI6CYsSBkUI kRIs21MeDmUnrMgyFZNZdsZKLLtgCsuuWJllN6zCsjtWZdkDq7HsidVZ9sJaLPtiHZYDKLeH chA2YTnNzhFK61M7J8vP7FyhDKrrLKG0s+isoYzM1dlYrtLZWa7WfBwNV/g4FdV8nHJ07lAS j8rDclxQl/9OP4ynmBQQ4xD0qTjV7Yl3hCymFNWpmEB1Z6QoRRqSb5J+ZajuhsRoSLdyVPfA JKp7Ynmqe2GNcC0K1qS6P9amegAxF0Fa1aN6MNanegg2oHooNqJ6Gt5N9SvYmOqX7awgSN9s VH9mh2tgq2sfBGlqyDxzdUD1Kp2O6tU6fbi6SlOvIP0yUu3oOBCkWyaqx0E89bCOlPkHUMYf CWPhKXgeXoE3YA7Mg4WwHL6FTbADDsAJijKx+4vkSVnJ4wuSLyVgEqaQN9XDxtiS0OhCWg3A dwmtaYTQeyw74RyWqfh3lp1xLssu+D7LbhTjQ9kdP2TZFT9i2QM/ZtkT57HspeNDSTqG3jaN tCzGcpUuznK1Dr1vGulakmVUl2Lp6IRQksaJLMfhq2y/GWy5mWy519hys9hyr7PN3mCbvclW fIst9zZb7h223OzQHjovI56PEc/PiBdgxAsy4oUY8cKM+F2MeBFGvOKfQPoqWoRzHOYklItj 2TtgPBQfwIdxLE4MMyZ5xSx8B+fiPJxPEWMlRYoNFNN2Ufw6hqfxgi4D0nYx0Eks2+saLDvp mixTdS2WnXVtll10HZZddV2W3XQ9lt11/VCKDLoBf+6pG7LspRuz7KubshygW7EcpNuxnKa7 h5Kw6hFKQqsny1W6F8vVuncoCbM+LKO6L0tH9wslIdef5Tgd9qpAU3+iT2F/aq/DntRJh7w/ VVcMraiTQyvqSqHldEpoS105tKWuElpRVw2tqKuFVtRhr+qrw17VXzcJ+59uFvY/3Tzsf7pF 2P90y7D/6dZs7zZh/9Ntw/6n27PtO7DtO7LtO7HtU9n2ndn2Xdj2Xdn23dj2CJbOHF4xt6r/ 2grq8G8XbM4gwPEfCS+Xjg9/PCGDOrSHTfs05l+VFKHMl/LrrClm5jiUheNH1vA6wzNitput PqGWYXamjDOF4wjX4d1cTEc5DDATjb+Rc5XgDBQyr1dgDWFcWpfRZXU5naTL6wq6ok7WlXSK rqyr6Kq6mq6ha+paurauo+vqerq+bqAb6kb6bt1YN9FNdTPdXLfQLXUr3Vq30W11O2yFbbAd tsXW2Md5lTjXzLR7IuJe8bCYIF6Q0+Rs+ZGd285j57Xz2fntAkGNoGZQS2FQW7fXHXRH3Umn 6s66i+6qu+nqurvuoXvqXrq37qP76n66P3GB/c4B56BzyDnsHHGOOseIFyhXu1HXcV3Xc33X BJVNPVPfNDANTSNzt2lMnKGaW92t4dZ0a7m13TpuXfcHd6u7zd3u/ujucHe6u9zd7lX3mnvd veERhJ7wpGd5eb38XkGvsFfEK+oV90p6CV5pr6yX5FXw7vYae028pl4zr7nXwmvptfKGeEO9 Yd5w717vPu9+7wHvQW+E95A30hvlPeyN9h7xHvXGeI95Y71x3njvcW+C94Q30XvSNDctTEvT 1rQz7YMqQdWgmulqupnuZLd48pOWZLdwZqQEjQ0aEivuJwZAohguhkNZMUqMgnK8xjuJ5zvK 8yxGBb5XUVF+KD+EZDsr5chKkS8i86F6ZFlkGdRU4c9oaoU/o4Da2qfMVycc50O7cJwP3dyC bjHoH472YZi7jnjvSPccMd5xXh5ivM94+bx8MIl577PMe//GvHcy897nmPc+z7z3Bea9U5j3 vsi89yXmvVOZ907zahHjfdlrTSz3DWa5S5jlfmk6EMtdQZrPh/Z/xsb/pE3/A5a7aTOH0QRG M8o4ZmAcczCOBVnzEqx5EmvejDVvyfy+TdqsiW3s9BwnGsDXVNeA3Lf2ot/79T/20DRvojOk Z98B9h3JFo6wPQ3bM2B7pmN7pmd7ZmB7ZmR7xrE9M7E9M7M9s7A9s7I9s7E9s5PdOkGO2NUH doZbrt7QWC3W78NIxJ4L7LnInivYc2Xs2HR2xluOzUps+mYsSYsRQW2OZ+HsIbBX2+zViv05 /OXWRKjx745nt0YqhX8uQvFVFiHeCtwDi3CvK8n9rVTaPBWewQt4Jcay04vMIocoIOJlfXug PcgeYg+zR9mj7UdNb9PX9DcDzSAzxAwz95r7zQgz0jxsHjFjzFgz3kwwE80z5g3zrplj5pqP zSfmM7PALDJLzAqzyqwx68x6s9FsNlvNdrPD7DJ7zD5zwBwyR8wxc8KcNKfNWXPeXDS/mCvm mrkRYGAFKogGbuAHQZA+yBhkCrIE2YIcQa4gT5AvKBSUCZKCCkFykPLX2uq/1lb/235NlY5Y US87S1Cd+NS4P/XbEYoX2C9y6JaV/jpcCXdzHd3/ZS3czVV0dA5RWaTeMo8YftOQ4uTN2Tg8 Dxdp7FtOVKA9atJ3TUQz0Vq0Ex1FD4qogyk2fxXeu75TCe9X31roLLeXCn8s4d3tW0t4L/yO pebvSp3wTvltpckfS3jX/NZCuvyDQlnrtkI6317a3alQlrutEEq3l1Quv33u8bvSm0q/f1AG 36lQRr29tP5d6fy70uf2EtOPrzbtDH/NPv6D2UeEXZTlU4iRhM9sasnPf/r9s5+m0Fh3FrwD c2m0Ox+Wwkoa726ArYRfAq/p+H+tK/xTdZN/pr7jHGPaDKRHYha+S/vUDMdRlOsy88grO/+O PB7DUWVTfIHaU/BFar+E06n9Ks6j9id4KnyCNp4BiWf5HUI/4wVqX8RfOGdeofZVvE7tGyJ8 m5MQFvmcLSLUViJ86rQrPGr7/G6kdCI9tTOIOGpnEpmpnYXfe5Rd5KB2TpGP2vlFAWoXDN+i RDk2ntpFRVFqFxPFqF1cFIfw7VAlqF1ShO8we1m8TO1XxCvUni6mU/tVGb5BsB5lZikb2Flo lBqyGEFMqEn4hHq7GY3Tm9v9qT3AHkbt4fZD1B5pP0rtMfYz1J5kT6L2s/xu9TX2Gmp/qz1A YkDhfFRmGh2jzqITqV06+iFg9KPoRyCjH/uElX/aPw3SP2MUoNHGBWk84tZoehDnkEFl4oBI I+W6IIJ6QW/A2LNlwnjeLfaL/d/4CDIfQeYjeMuvxpH5CDIfQeYjyHwEmY8g8xFkPoLMR5D5 CDIfQeYjyHwk7QoFsxJkVoLMSpBZCTIrQWYlyKwEmZUgsxJkVoLMSpBZCTIrQWYlyKwEmZUg sxJkVoLMSpBZCTIrQWYlyKwEmZUgsxJkVoLMSpBZCTIrQWYlyKwEmZUgsxJkVoLMSpBZCTIr QWYlyKwEmZUgsxJkVoLMSpBZCTIrQWYlyKwEmZUgsxJkVoLMSpBZCTIrQWYlyKwEmZUgsxJk VoLMSpBZCTIrQWYlyKwEmZUgsxJkVoLMSpBZCTIrQWYlyKwEmZUgsxJkVoLMSpBZCTIrQWYl vz6h6ObzinIMIxnH30KO/gljcvSORIuOrzf+oo9KzByToy191VIgJroJ0YhdzEiR3YaErhGn WAQtHFNeoDWzRUKzhOK3fJNzVu5HcvLN2xRoAt1gGAyigNoThtP/8GZulYR8t5zMitv5hPPB pbgvxpfPtumJAfs6yJ531zkyc0zmogljrAwJY8TlmVKgoECxDJ5MSZmQ/vsqF7qf2F0twb95 pWjRNQ1OLJYQH5GtLDdj/pqDBj84tG/vPsPzFukenzexYsXyee/u233ooGGDeg3PW3PQ0MEl E3Mn5EzbOdPtWwYN7Tq876B7EvMl5Am3y4xZf9vefNCg4Xmr3zu8z6ChfYc/mJA7i1+xfEJi YkJC+QT61z6LXzohsXSZxNjH/w9XNAbz3woL2iDHkNvR944YgwizxaJlgw9VOts4R5EZLz6Q mnBs1uynC3W+dP2FRq9/dn36rLxVRjab9fKsSV1K9/++Ro8HT8657+uW288ef2V8zkkzxvb6 eEX/Ed0KbMmVsivAyUemLF9Sote0aX0KT12fXHyJ90nbwsvqHHaqVJhSfHaRiu+cqP9Yjf1j gwXTBrTqOmfMyNe6lLi/0dGp83pUmtY0Z6IuGDdj9uG/Fct6qPJL3eO6tLV7zshVvvnjF98+ 9bxYmWPjkla1P37ikSXJJ1o+33jutbf/T3VnHg9l9wXwYca+L2XJvu+eGWMZuxj7TqgojG3s MZZkm7ElW0nIK2shEtkLoc0SWYpCZGlRQozUUPyGt97U2/vpj9/S5zf/zJx7n3vumeee8z33 3OcznwnzwZhWsfdmUonxg2xPO6IVm42YKVRttg5vXHSjpiwZwtrYLjWoHNmLDYGMrd28Gn1u s7ovaqSUM8BetaflHWWxAFBLHtddyxfCEveMFEx0/GJsGYC9BGCLiHeTmwSCzQGwWdGMhwf8 l9ABeYIWkaw1Jqlb9wsD/vfrh/uFj4O31/DcHE17Cj6LXX6hiUToSQgT3t4Rlp9Hc1+d7MzJ tG7ll/wr72zPStUX6HU5L3163KuicuiygjV6U8hHo7u3fJIsfAKaopbP6O/ZvMlsxo5u/zSg Pct0iM/sjfOJqnKOLklFYembroXMp4QZUMUfrLkI/N0je/CWV3y1YRSfcWwfX7h701mstS5b dra+ugN84oNSneQ+J85pMsxNemk5egpcd3j12kSX7aKrQaeldUMdWIx56/TIO8q0yKasuxWK Us/DnpeFzAYXgAY8NTqGFE5NaTGXyXvu8xyXn37EBXlehoR0HZJT8jXhonNupC5KfjhsraHb x3WgxH+cWTnhbFB+6VABkQqOAA5s/CcVqGUqmJ6ab9lfuN/+lSncvwsGxLhXghFfRALAiDCA woii/FcYHN8hKFEJOQvpASsoC8C0LVCyUNs6BXqgfd0xxGkYAfrtRgoWCktXFx8/X5evhlH/ k2GCAP+fhnHu7ndx5bNCu/sStfKZa2v9kgqNxyNGHGqRiDL4FegYQVjeIKR9gzevE3lsaVB3 7lHybS9jS+fV86S3TZ4YeMsKqbu2PRBspNFvjAqaQLaWp9Gb3xWWXCl4RSfIO6gltO58vp8D eemsIe/5vlpZgduG0uF+o3t4VJIRjIiJVvFVNxVpEtjWpqh+Sb03SULuxo0aVBSOYF+AjY1L rV5pyijuVyoxj2MTTTCdANZAaqv3CGrYm/EL3ohSGfhanUwVdYTzmVC33OxAuviqlTt4vutm zCmo+1KjMCTHYrNhpoq5FfsDN4vj5ZUJXTbq+Tjzk75k1+Q7Tgi1WrqpnTftlYyU843VIx/M GzCMJ/WNB11sT3hm9YUK6wD2A8CyDQVhCC1ATU5JTGhkZBRg8P8HKhi2bWTZ/uNcMgBMfAO4 txvoIXshrL3cD4JB/oerlsfumOZY6MgU66DeATTb3QwQCDGM4neFzg5jTlRcjTQUWXnQYoop shPFSATVxn+uMM4IBZm87plnf4q+S18UjifVvteT0PvRqvdWfquN3zuUzmUd0GJmV84wVxNN PgddxuMxnkrxiKWFksAraZOIVLVszxYln6GTVYKfn70eQVOdOdm6OQ1qhuM/hBMYmWXI5sUz z+73EjvWqJQ2RUHX7eDR1xqt5eVW1tzYnArvWQEzhoe9H5ra/+zE5vT0lc21Z8N0tf4j6bNm DUpF4dKP1MbhNM6KpPlYT8HENXtUWvWhZsRjx+QDsZxy71WyC3C0RUeTaqUaCy/drxjja2gD OOL4WOkkWixXtaaOALPpYuiEDv8ZfGnFg+j9AcH0RMZ4Ehlj+YUxTgyhJjs7JPDuOCIjcuY3 RvVX4MgBAJE4ckTgAAgAti3KbYsA5r9i2pd+8D/0/5I1RePUKf23Ogz+6CtXhlcKHvQa977J L9CY0fXmatu9YZFbMKakljEHqQ0FG549klfT6CZYi33FjKP2amhdSdG8pnuSbhSbUZlFPmCr E2z/ZvkT/UwUpljuPubF0qxTYSS4Ebk1rM48XN1zhG7gxEojC90nR0+xuKDkxsqWuDm2utM3 3+9tcHZYYHqmvMh/OKkqOvA2cvZcYojjH68qQzoUU+RYZVnGnbuvcl42y3avfMSHAI5Npbjr ztzjWqUzx2jJzpEJefJ7GVSn36lBdO6/5GPPbliR9jg1Rj2UWu/JxZpYwdszKyfcrhliWkW0 jHKdWB1NgS4cfoDGP3zxgEnIEOWBYOwX1nwEsO937j03w3bEEoOQvH1XwOL5NVPDLT5aG2W/ YHvsGQMnkxGZ+zmatjnBLQhhB/ZG/zzMdbYv4IWoASoAokCxQD5ezgOD8VeWlUUFeMv4fF1D GZSfj6y/F3q7VdY/wM8lCIUJlNW2IjqaDLEJ0P86JXEfogooA0pfZYA0XuqLwpCQkJ8pdA3Y pQnzQwDt0EbT1s/KPY8vBk5C/5LNSLVy/gk2apHuOCbELEuPHQ/ag44cdz5d9Nm9MPe5mPj6 gcfnN83bjlDVXi9ZwOGzefwOrr9fnqZ9mESpvpeNb7C9HqlHKeJoS2WU8Y6y94aJ77sZfWYx +ST+gGdHG6rQzEIZi6/hVOORvn7p1JY9EsYG5TCp+LnCXgeRlhbVqcM1MTQ35LnMYpF6W80Z hQcpLmdOhLbaRl0qNe1dqczN0Zq5by+k/jQKrme61t914sJ8Q3cuitWqqjJn6XFbf0Fhxbme MMkEqfbO0U/e4LE2pcrlQXsONob2Dz3RJYyUnBOnBV9VFxqrv6lmEgml75C6ftGrM02VSJsL RNrEfaWNQfjCDm3Ifh9trNE+roEYJx//3bRRABBQBQAqLw/b2d5Ad0QYsC0C2JL/im2igPCf iZLHVxvt7+EawKdjheRDWpkqQwEdJWl5JbiitPZ+XaWvF4JZeP7hS1i5BgSjUa6/BNSbG2So rtHjV2N11C/V3lkwzhN6hgjmoRqBGdqFDkmOXqI4vfRKbaNVJLx440VEJKx/VC0Jobjy8YkK fO+jdNwG/K1HXABn2lST8VRTHF6OmrSjKDhQ3thhuXHaMIK7KSN0fIsnbs9+3WMPokRtmQdj zFT61yfXkhY0QLPDk04EthSji1jV92jNN9OJbRRmNzAnXtO+0HtT4b087I6l/Li3J4KlOXCG ynjdeWOhAJGjvDnP1OXE42z3hNo6ZljFyGjmQKusI2dqOpn2mMM8jlowi6qADOqadNaUR4u/ KP30Z6QO0k/+GlKxEn3ZlQDXvsZ2SwUxzZi8wpkwa23Oq3IBWrkbUN+AFBnwTkbDRnxK+INH E8kno+nI/ln179jjN2eqkXUdXmEUn9aS++aKipb2vYF/iz2YQH+U03+EPV81YX5GUMq/Ufgn gEKH4aho9w5O9usmyrQNwsOwUaJiWhL4h/zp9FmVR62OiBMWOqwNyyI+sAzQsBJMVuL3gHxn Y7jFkKVSCNiEX47ioUVByzRrcIpGaa6L0ppCF6t2g7J6djfd7WNYMbxbKXTG3iGNYGk5bT9/ 9vQFNJVx4uBgsDGcznM6XKdU8nCMdRRSiEP4zindu8KzHNFocdY1tnvvBKSwukckVwkl90LU Bf0IJS5xqUXOdJelecpenFaP2qpO/ZT1dvkzpKrP4MEhzJV1PAvvPsSD4rqRltW6xa7KFRue DdXlrhEJnZa2XI0IN/a+Gj4UdY+mmiuMI7ymSa1DRN9UgOO8bzLQsXzme0AxetKcN2sHCVcw jSN57cLci37E1O8pvr7QCYDDFbfphCCKv6H4+hs4f8Wbp4q+G1Vd+w2PsXc90Fe3al+vYL0h BWtmNrPsillQlxs1gKaLNZxxmeI1j71xy2gwiuzjUtDNpM6y4atof7dQUbe5hsaluOt9i+Wf mS/SHBQQl+3XHLWB7Auu93HxMbQen1iebMuP6Yx+FmVMqpjxvj2P0obHQ69vtD3YXjaiQRhS Z3PYkwu1FR2uujgMETZBhGAoHG7ZP4lXlArqpn/Dg6AKD9684O0bNvVWPS0r7xj9UQkzdmdH WN5QjKmkgL0HMmlSNpbRvIZQz5nivSj8B8vH+4yP4+hXccGBCvfOhRX1OpK/JauOl2v8mHE4 VivWLi7Dt5pXSr/XL1d7ynMuSiTV60/e4EjEiHdE6OcR+n9RfjGSU305AN1Dsl1TgXbR86dw 5PhrACsphJaHGmQFCgI5g7RBWt+XZn+r634CqAwTJuitcPNmptRCJwoS+mR/ZMpSoHWrBhWZ 9FaThVUc1wLiTGOxDc1kcoPKvsGNK6Xdjdcs+Pf5UaIjvcBFAroL3nU+4QJNug9j8SkMNylO KXTMR772d0Dmpw/1PphIbZ9uk+gLf9t9FTaccP0+6o7CIDt/W/CkSk7tvsA8/pNP6uqYrZNX c2+5GuaIieQ6nmJQ6WRxDdVv7q+MUTardrabBF6/RnDPJq6MIbAEFv5kl2gUOSRzJYdUW/aE 7skbW6SjrgTDyTEw5mwtmS9t74WnYk7h+stsuUz8SqRcCVfI72bCml5o3rNSa72cODnnppiy KpCZ21sdYm2hPBKgUyO4BsVBqoiQqiAlIQGwCb+xKvuuVvx2xl2AHQNY/1pvMRIoBZhs53cC 217wZTGpwFDa3cfqRGu+STRQemB37x5A8NtACJToYzNViUElzxBnS9Layw4teTLhTxlwAy67 htBCbQDrAoloMZAJCA1CgQJAfjsn824gDIgPZA06DvInSu7EdifiJw/Q8UKRaKF/TK+Y4/5+ 7gFO/h7H+X7AGwRHAopRsYi7L9Wa35E0X7C/yPip5NvHAg3RcIu2K3b1JRmVSsh84zCuqVfl LuuKe5zcNr3SPMzLTAOu0WXMBb1PM8hbfVVl5/B8iLGeVbpG49HcOujMfPCUpo/KwTpXuwOJ OQhK1ngp/W6cwsZMM2u7TxQJjZZIDcFc86KqisW+0IKjEfaLyOPlA++YIukdF/5I0I+NlzIl P3zHXGHe9kOZLl/tSl1QFMULMc2P0r7xtzVLLttEYx3G8i+SiC1zPHqYaZtXG+wITNtE2e07 qQMaqJUWqg+wusgVG07wkXgOBjOeyhYomWDpbOvJNk16nMm6zLTwmc4MRd8k8XRolhWcPx9i /ba0EEfKC+BI931bI3IojpSW2ET5P3fRHzPSdwUGxRcXLXAA2Hd7Is23p0AkxDn/6iGDMhBT rRIUgBETLQwBJ+bWHx0xFX9dK53L4WHU8kTPS9mcl/LCufgfmLXtIgOeaAaPoblOUbtA6xcw XbOJu5nXRcRg53ED9ZibGDMbqSfFLxXXZwkJ80eC2oeGUdc99QS0epMvUqwWpVjpdYRwZQr5 yJDw0/e8HfPSO0BYOjc2eSdCaaXJkoZ6BUYBi8KLohxjQic+ETIbJR9pkYaJi9f38gazCSVm cyZdPnloqkTmkaam7qboAKMtY1xxDRUm0TJZYYZnmhQ/14/W3NsnYFNdzl7excD5xu0Ye7xO 0p0Z+UZ3iISWbZ5eQZk1jjz/aXb3pRMhb135Nw07VtnU4JWmqi21Tc8PWq65Suw5CNJ5VSFo HsQpeLCeVnVxDkOYLdkfGlckNf+0xfLU85FqOtC/AAi50UoNCmVuZHN0cmVhbQ0KZW5kb2Jq DQoyMTYgMCBvYmoNClsgMjc4XSANCmVuZG9iag0KMjE3IDAgb2JqDQo8PC9UeXBlL1hSZWYv U2l6ZSAyMTcvV1sgMSA0IDJdIC9Sb290IDEgMCBSL0luZm8gNTYgMCBSL0lEWzwyREE4M0E3 ODBDMUIyNTRCODgwNTRGOTQ0OTM3QjIxND48MkRBODNBNzgwQzFCMjU0Qjg4MDU0Rjk0NDkz N0IyMTQ+XSAvRmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCA1MDk+Pg0Kc3RyZWFtDQp4nDXU TVDMcRzH8f/u1hbbltoeNwq1Hra2dtuoVdoihQpFIoXylCIqSkhRHqLk4eDIGNxcjINxb6bG 0YxxcTLG08mMo5n89/Pmd/i95veb7+/ymfl9DMNcCwsWc080jAgj8EdYbSIqDN9E9Edhd8JL ETMtYp8Ix3cR1wtTwumDIRHfJRJmhOuRSHZBAOZFCpepdngj0l6J9FaRUS3cPSLLI7LrRc57 4WkU3kmR1yHyQ8KXBD9FwawofCz8wyLQJIq8IkguwU+i+Jco7RShQVHGZHmFCH8WVQ5RUylq u0Xda/hh5m0mHzZuwE24BTb4NzJpPmiw/z9ZwAoxEAW3IRrskASxcAcWQSIshiWQAHHggHhw Qg64YAqSYSWsgFRIgQxIhzTIBDcsg6WwHLIhC8ohF6bBA2WwAVbDKvDBWlgD+ZAHXiiEAghB APxQCkEognVQDCWwHlphI9yFCtgPdRCGSqiCTbAZqmEL1EAtbIVtsB3qYR/sgAbYBTuhBZqg EfbAbtgLzXAQDsAMtEE7dMAhuAeH4Rh0wn04AkdhEI7DAzgB5+EcnIQu6IFu6IXTcArOwhkY gH7og+swBA/hAkzAOFyEYRiBy3AJRuEKXIOrMGZ+9Oa3KoiWDxEss6oSy1y/mJ8T71Q61qdf xTO3eJ4rXvgj2L78Noy/2bOAxw0KZW5kc3RyZWFtDQplbmRvYmoNCnhyZWYNCjAgMjE4DQow MDAwMDAwMDU3IDY1NTM1IGYNCjAwMDAwMDAwMTcgMDAwMDAgbg0KMDAwMDAwMDEyNSAwMDAw MCBuDQowMDAwMDAwMjUyIDAwMDAwIG4NCjAwMDAwMDA1MTUgMDAwMDAgbg0KMDAwMDAwMTA4 NyAwMDAwMCBuDQowMDAwMDAxMjU2IDAwMDAwIG4NCjAwMDAwMDE0OTYgMDAwMDAgbg0KMDAw MDAwMTU0OSAwMDAwMCBuDQowMDAwMDAxNzA5IDAwMDAwIG4NCjAwMDAwMDE5MzMgMDAwMDAg bg0KMDAwMDAwMjIwOCAwMDAwMCBuDQowMDAwMDAzMDQ5IDAwMDAwIG4NCjAwMDAwMDMxODIg MDAwMDAgbg0KMDAwMDAwMzIxMiAwMDAwMCBuDQowMDAwMDAzMzczIDAwMDAwIG4NCjAwMDAw MDM0NDcgMDAwMDAgbg0KMDAwMDAwMzY4OCAwMDAwMCBuDQowMDAwMDAzOTgzIDAwMDAwIG4N CjAwMDAwMDUwMTUgMDAwMDAgbg0KMDAwMDAwNTEzOSAwMDAwMCBuDQowMDAwMDA1MTY5IDAw MDAwIG4NCjAwMDAwMDUzMjEgMDAwMDAgbg0KMDAwMDAwNTM5NSAwMDAwMCBuDQowMDAwMDA1 NjM4IDAwMDAwIG4NCjAwMDAwMDU4MTYgMDAwMDAgbg0KMDAwMDAwNjA2NiAwMDAwMCBuDQow MDAwMDA2MjM0IDAwMDAwIG4NCjAwMDAwMDY0NjggMDAwMDAgbg0KMDAwMDAwNjc2MyAwMDAw MCBuDQowMDAwMDA3NzE3IDAwMDAwIG4NCjAwMDAwMDgwMTIgMDAwMDAgbg0KMDAwMDAwOTE3 MSAwMDAwMCBuDQowMDAwMDA5NTUzIDAwMDAwIG4NCjAwMDAwMTA4ODkgMDAwMDAgbg0KMDAw MDAxMTEwNSAwMDAwMCBuDQowMDAwMDExMzIxIDAwMDAwIG4NCjAwMDAwMTE1MzggMDAwMDAg bg0KMDAwMDAxMTc1NSAwMDAwMCBuDQowMDAwMDExOTczIDAwMDAwIG4NCjAwMDAwMTIxOTEg MDAwMDAgbg0KMDAwMDAxMjQwOSAwMDAwMCBuDQowMDAwMDEyNjI2IDAwMDAwIG4NCjAwMDAw MTI4NDIgMDAwMDAgbg0KMDAwMDAxMzA1OSAwMDAwMCBuDQowMDAwMDEzMjc3IDAwMDAwIG4N CjAwMDAwMTM1NTMgMDAwMDAgbg0KMDAwMDAxNDQzNCAwMDAwMCBuDQowMDAwMDE0NzEwIDAw MDAwIG4NCjAwMDAwMTUxNDYgMDAwMDAgbg0KMDAwMDAxNTQyMiAwMDAwMCBuDQowMDAwMDE2 MzU1IDAwMDAwIG4NCjAwMDAwMTY2NTEgMDAwMDAgbg0KMDAwMDAxNzk4NCAwMDAwMCBuDQow MDAwMDE4MjgyIDAwMDAwIG4NCjAwMDAwMTkzODAgMDAwMDAgbg0KMDAwMDAxOTQzNCAwMDAw MCBuDQowMDAwMDAwMDU4IDY1NTM1IGYNCjAwMDAwMDAwNTkgNjU1MzUgZg0KMDAwMDAwMDA2 MCA2NTUzNSBmDQowMDAwMDAwMDYxIDY1NTM1IGYNCjAwMDAwMDAwNjIgNjU1MzUgZg0KMDAw MDAwMDA2MyA2NTUzNSBmDQowMDAwMDAwMDY0IDY1NTM1IGYNCjAwMDAwMDAwNjUgNjU1MzUg Zg0KMDAwMDAwMDA2NiA2NTUzNSBmDQowMDAwMDAwMDY3IDY1NTM1IGYNCjAwMDAwMDAwNjgg NjU1MzUgZg0KMDAwMDAwMDA2OSA2NTUzNSBmDQowMDAwMDAwMDcwIDY1NTM1IGYNCjAwMDAw MDAwNzEgNjU1MzUgZg0KMDAwMDAwMDA3MiA2NTUzNSBmDQowMDAwMDAwMDczIDY1NTM1IGYN CjAwMDAwMDAwNzQgNjU1MzUgZg0KMDAwMDAwMDA3NSA2NTUzNSBmDQowMDAwMDAwMDc2IDY1 NTM1IGYNCjAwMDAwMDAwNzcgNjU1MzUgZg0KMDAwMDAwMDA3OCA2NTUzNSBmDQowMDAwMDAw MDc5IDY1NTM1IGYNCjAwMDAwMDAwODAgNjU1MzUgZg0KMDAwMDAwMDA4MSA2NTUzNSBmDQow MDAwMDAwMDgyIDY1NTM1IGYNCjAwMDAwMDAwODMgNjU1MzUgZg0KMDAwMDAwMDA4NCA2NTUz NSBmDQowMDAwMDAwMDg1IDY1NTM1IGYNCjAwMDAwMDAwODYgNjU1MzUgZg0KMDAwMDAwMDA4 NyA2NTUzNSBmDQowMDAwMDAwMDg4IDY1NTM1IGYNCjAwMDAwMDAwODkgNjU1MzUgZg0KMDAw MDAwMDA5MCA2NTUzNSBmDQowMDAwMDAwMDkxIDY1NTM1IGYNCjAwMDAwMDAwOTIgNjU1MzUg Zg0KMDAwMDAwMDA5MyA2NTUzNSBmDQowMDAwMDAwMDk0IDY1NTM1IGYNCjAwMDAwMDAwOTUg NjU1MzUgZg0KMDAwMDAwMDA5NiA2NTUzNSBmDQowMDAwMDAwMDk3IDY1NTM1IGYNCjAwMDAw MDAwOTggNjU1MzUgZg0KMDAwMDAwMDA5OSA2NTUzNSBmDQowMDAwMDAwMTAwIDY1NTM1IGYN CjAwMDAwMDAxMDEgNjU1MzUgZg0KMDAwMDAwMDEwMiA2NTUzNSBmDQowMDAwMDAwMTAzIDY1 NTM1IGYNCjAwMDAwMDAxMDQgNjU1MzUgZg0KMDAwMDAwMDEwNSA2NTUzNSBmDQowMDAwMDAw MTA2IDY1NTM1IGYNCjAwMDAwMDAxMDcgNjU1MzUgZg0KMDAwMDAwMDEwOCA2NTUzNSBmDQow MDAwMDAwMTA5IDY1NTM1IGYNCjAwMDAwMDAxMTAgNjU1MzUgZg0KMDAwMDAwMDExMSA2NTUz NSBmDQowMDAwMDAwMTEyIDY1NTM1IGYNCjAwMDAwMDAxMTMgNjU1MzUgZg0KMDAwMDAwMDEx NCA2NTUzNSBmDQowMDAwMDAwMTE1IDY1NTM1IGYNCjAwMDAwMDAxMTYgNjU1MzUgZg0KMDAw MDAwMDExNyA2NTUzNSBmDQowMDAwMDAwMTE4IDY1NTM1IGYNCjAwMDAwMDAxMTkgNjU1MzUg Zg0KMDAwMDAwMDEyMCA2NTUzNSBmDQowMDAwMDAwMTIxIDY1NTM1IGYNCjAwMDAwMDAxMjIg NjU1MzUgZg0KMDAwMDAwMDEyMyA2NTUzNSBmDQowMDAwMDAwMTI0IDY1NTM1IGYNCjAwMDAw MDAxMjUgNjU1MzUgZg0KMDAwMDAwMDEyNiA2NTUzNSBmDQowMDAwMDAwMTI3IDY1NTM1IGYN CjAwMDAwMDAxMjggNjU1MzUgZg0KMDAwMDAwMDEyOSA2NTUzNSBmDQowMDAwMDAwMTMwIDY1 NTM1IGYNCjAwMDAwMDAxMzEgNjU1MzUgZg0KMDAwMDAwMDEzMiA2NTUzNSBmDQowMDAwMDAw MTMzIDY1NTM1IGYNCjAwMDAwMDAxMzQgNjU1MzUgZg0KMDAwMDAwMDEzNSA2NTUzNSBmDQow MDAwMDAwMTM2IDY1NTM1IGYNCjAwMDAwMDAxMzcgNjU1MzUgZg0KMDAwMDAwMDEzOCA2NTUz NSBmDQowMDAwMDAwMTM5IDY1NTM1IGYNCjAwMDAwMDAxNDAgNjU1MzUgZg0KMDAwMDAwMDE0 MSA2NTUzNSBmDQowMDAwMDAwMTQyIDY1NTM1IGYNCjAwMDAwMDAxNDMgNjU1MzUgZg0KMDAw MDAwMDE0NCA2NTUzNSBmDQowMDAwMDAwMTQ1IDY1NTM1IGYNCjAwMDAwMDAxNDYgNjU1MzUg Zg0KMDAwMDAwMDE0NyA2NTUzNSBmDQowMDAwMDAwMTQ4IDY1NTM1IGYNCjAwMDAwMDAxNDkg NjU1MzUgZg0KMDAwMDAwMDE1MCA2NTUzNSBmDQowMDAwMDAwMTUxIDY1NTM1IGYNCjAwMDAw MDAxNTIgNjU1MzUgZg0KMDAwMDAwMDE1MyA2NTUzNSBmDQowMDAwMDAwMTU0IDY1NTM1IGYN CjAwMDAwMDAxNTUgNjU1MzUgZg0KMDAwMDAwMDE1NiA2NTUzNSBmDQowMDAwMDAwMTU3IDY1 NTM1IGYNCjAwMDAwMDAxNTggNjU1MzUgZg0KMDAwMDAwMDE1OSA2NTUzNSBmDQowMDAwMDAw MTYwIDY1NTM1IGYNCjAwMDAwMDAxNjEgNjU1MzUgZg0KMDAwMDAwMDE2MiA2NTUzNSBmDQow MDAwMDAwMTYzIDY1NTM1IGYNCjAwMDAwMDAxNjQgNjU1MzUgZg0KMDAwMDAwMDE2NSA2NTUz NSBmDQowMDAwMDAwMTY2IDY1NTM1IGYNCjAwMDAwMDAxNjcgNjU1MzUgZg0KMDAwMDAwMDE2 OCA2NTUzNSBmDQowMDAwMDAwMTY5IDY1NTM1IGYNCjAwMDAwMDAxNzAgNjU1MzUgZg0KMDAw MDAwMDE3MSA2NTUzNSBmDQowMDAwMDAwMTcyIDY1NTM1IGYNCjAwMDAwMDAxNzMgNjU1MzUg Zg0KMDAwMDAwMDE3NCA2NTUzNSBmDQowMDAwMDAwMTc1IDY1NTM1IGYNCjAwMDAwMDAxNzYg NjU1MzUgZg0KMDAwMDAwMDE3NyA2NTUzNSBmDQowMDAwMDAwMTc4IDY1NTM1IGYNCjAwMDAw MDAxNzkgNjU1MzUgZg0KMDAwMDAwMDE4MCA2NTUzNSBmDQowMDAwMDAwMTgxIDY1NTM1IGYN CjAwMDAwMDAxODIgNjU1MzUgZg0KMDAwMDAwMDE4MyA2NTUzNSBmDQowMDAwMDAwMTg0IDY1 NTM1IGYNCjAwMDAwMDAxODUgNjU1MzUgZg0KMDAwMDAwMDE4NiA2NTUzNSBmDQowMDAwMDAw MTg3IDY1NTM1IGYNCjAwMDAwMDAxODggNjU1MzUgZg0KMDAwMDAwMDE4OSA2NTUzNSBmDQow MDAwMDAwMTkwIDY1NTM1IGYNCjAwMDAwMDAxOTEgNjU1MzUgZg0KMDAwMDAwMDE5MiA2NTUz NSBmDQowMDAwMDAwMTkzIDY1NTM1IGYNCjAwMDAwMDAxOTQgNjU1MzUgZg0KMDAwMDAwMDE5 NSA2NTUzNSBmDQowMDAwMDAwMTk2IDY1NTM1IGYNCjAwMDAwMDAxOTcgNjU1MzUgZg0KMDAw MDAwMDE5OCA2NTUzNSBmDQowMDAwMDAwMTk5IDY1NTM1IGYNCjAwMDAwMDAyMDAgNjU1MzUg Zg0KMDAwMDAwMDIwMSA2NTUzNSBmDQowMDAwMDAwMjAyIDY1NTM1IGYNCjAwMDAwMDAyMDMg NjU1MzUgZg0KMDAwMDAwMDIwNCA2NTUzNSBmDQowMDAwMDAwMjA1IDY1NTM1IGYNCjAwMDAw MDAwMDAgNjU1MzUgZg0KMDAwMDAyMTk0NiAwMDAwMCBuDQowMDAwMDIyNDg2IDAwMDAwIG4N CjAwMDAxMTYxOTUgMDAwMDAgbg0KMDAwMDExNjg1MCAwMDAwMCBuDQowMDAwMTE3MTkyIDAw MDAwIG4NCjAwMDAxMTc2MjIgMDAwMDAgbg0KMDAwMDE3Mjc3NSAwMDAwMCBuDQowMDAwMTcz MDgyIDAwMDAwIG4NCjAwMDAxNzMzNDggMDAwMDAgbg0KMDAwMDE3MzYxNiAwMDAwMCBuDQow MDAwMjU1NDc2IDAwMDAwIG4NCjAwMDAyNTU1MDQgMDAwMDAgbg0KdHJhaWxlcg0KPDwvU2l6 ZSAyMTgvUm9vdCAxIDAgUi9JbmZvIDU2IDAgUi9JRFs8MkRBODNBNzgwQzFCMjU0Qjg4MDU0 Rjk0NDkzN0IyMTQ+PDJEQTgzQTc4MEMxQjI1NEI4ODA1NEY5NDQ5MzdCMjE0Pl0gPj4NCnN0 YXJ0eHJlZg0KMjU2MjE2DQolJUVPRg0KeHJlZg0KMCAwDQp0cmFpbGVyDQo8PC9TaXplIDIx OC9Sb290IDEgMCBSL0luZm8gNTYgMCBSL0lEWzwyREE4M0E3ODBDMUIyNTRCODgwNTRGOTQ0 OTM3QjIxND48MkRBODNBNzgwQzFCMjU0Qjg4MDU0Rjk0NDkzN0IyMTQ+XSAvUHJldiAyNTYy MTYvWFJlZlN0bSAyNTU1MDQ+Pg0Kc3RhcnR4cmVmDQoyNjA3MzYNCiUlRU9G --------------020105080107090607040906--