From ietf@jesusalberto.me Mon Apr 9 01:36:56 2018 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2235127419 for ; Mon, 9 Apr 2018 01:36:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nrU2vNb3Pe0n for ; Mon, 9 Apr 2018 01:36:54 -0700 (PDT) Received: from fnsib-smtp01.srv.cat (fnsib-smtp01.srv.cat [46.16.60.190]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C047127601 for ; Mon, 9 Apr 2018 01:36:39 -0700 (PDT) Received: from [172.20.10.2] (unknown [31.4.118.94]) by fnsib-smtp01.srv.cat (Postfix) with ESMTPSA id 533A98098 for ; Mon, 9 Apr 2018 10:36:36 +0200 (CEST) Date: Mon, 9 Apr 2018 10:32:54 +0200 From: =?utf-8?Q?Jes=C3=BAs_Alberto_Polo?= To: lurk@ietf.org Message-ID: <4af646b5-bcb5-4f71-ae2d-88552e66b270@Spark> X-Readdle-Message-ID: 4af646b5-bcb5-4f71-ae2d-88552e66b270@Spark MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="5acb2611_507ed7ab_264" Archived-At: Subject: [Lurk] Questions about LURK TLS draft X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2018 08:41:33 -0000 --5acb2611_507ed7ab_264 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi, I=E2=80=99m currently working on an implementation of LURK to be integrat= ed with OpenSSL and NGINX. After having identified all main parts and sta= rted the development, I have some questions regarding the LURK extension = for (D)TLS 1.1 and 1.2 draft, more specifically for RSA as key exchange m= ethod (rsa=5Fmaster, section 5). As I understand, the Edge Server (LURK client) only needs the Private Key= to decrypt the premaster secret sent by the TLS client. I would like to = understand why LURK server computes the master secret instead of only dec= rypting the premaster secret and letting the Edge Server compute the mast= er secret (since it is terminating the TLS connection). In this way: 1. the LURK server would still protect the private key. 2. it=E2=80=99d be less intrusive for the TLS protocol (the only change i= s the remote decryption instead of local decryption), it=E2=80=99d have l= ess impact on the OpenSSL code as well. 3. less error handling (however, LURK server would have less control over= the cyphers, TLS versions, PR=46 functions=E2=80=A6). 4. the master secret would be locally computed by the TLS server and neve= r sent through the network (that is, even if an attacker compromises the = secure connection between LURK client and server and steals the decrypted= premaster key, they still need for other values of the TLS connection in= the LURK client). Thank you in advance. Best regards, Jes=C3=BAs Alberto --5acb2611_507ed7ab_264 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline

Hi,


I=E2=80=99= m currently working on an implementation of LURK to be integrated with Op= enSSL and NGINX. After having identified all main parts and started the d= evelopment, I have some questions regarding the LURK extension for (D)TLS= 1.1 and 1.2 draft, more specifically for RSA as key exchange method (rsa= =5Fmaster, section 5).


As I und= erstand, the Edge Server (LURK client) only needs the Private Key to decr= ypt the premaster secret sent by the TLS client. I would like to understa= nd why LURK server computes the master secret instead of only decrypting = the premaster secret and letting the Edge Server compute the master secre= t (since it is terminating the TLS connection). In this way:

  1. the LURK server would still protect the private key.
  2. it=E2=80=99d be less intrusive for the TLS protocol (the only change = is the remote decryption instead of local decryption), it=E2=80=99d have = less impact on the OpenSSL code as well.
  3. less error handling (however, LURK server would have less control ove= r the cyphers, TLS versions, PR=46 functions=E2=80=A6).
  4. the master secret would be locally computed by the TLS server and nev= er sent through the network (that is, even if an attacker compromises the= secure connection between LURK client and server and steals the decrypte= d premaster key, they still need for other values of the TLS connection i= n the LURK client).

Thank yo= u in advance.


Best reg= ards,


Jes=C3=BAs Alberto
--5acb2611_507ed7ab_264-- From nobody Wed Apr 11 07:22:19 2018 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 985E1126DC2 for ; Wed, 11 Apr 2018 07:22:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jko67EdnRWvt for ; Wed, 11 Apr 2018 07:22:14 -0700 (PDT) Received: from mail-lf0-x233.google.com (mail-lf0-x233.google.com [IPv6:2a00:1450:4010:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C42761201FA for ; Wed, 11 Apr 2018 07:22:13 -0700 (PDT) Received: by mail-lf0-x233.google.com with SMTP id m200-v6so2913239lfm.4 for ; Wed, 11 Apr 2018 07:22:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=AkbO2nmIbxqWQczA3Zpi7cen7E+KRw31bvAmMazrEAs=; b=VyFFP3zXEheSMXaSByQ8EXNipg+paQ1I5mpqM4DD6AJ/UYitmuoVGXFtUcxyYrIwBZ GJG0P6HxMBZg2P1oRCapDdxoXXxMIhK3ByoUvJpKmRGJn+n0LKku6Ru8tlXkFofo8D9T AqoYyV11sSO3ok1LfKA5rIhHIH0mnQuLd+hoZfmu1HRHlBAA3/DDJwGVYhnxwi1QdzY2 olqNUjtmqCjGRS+02BQcxCKPmodMTy/IZRhtwkG/8ZtoYJqzyJgvwtf+nXzGHkc8rrvj c0T0y90XdulfmeP9QhBXRSPhIZTufSW2L2xFoY9DbS9LwQQjzcPQWTUk3M52tLiSeIqK eI9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=AkbO2nmIbxqWQczA3Zpi7cen7E+KRw31bvAmMazrEAs=; b=WE0mVwGoqYdXzQS6xRDf3O7U5blW62qABbBFJ6a6hMf3bvClrKzPztbgzRykFgOrna RKZJnA/wmGOotEqGGv8YWFRI9iXf/m+MjoZSjuNBiva9P840D1CLbetgtzjWXcUqtaoS sd5jLaBEcQd2ZWAT0taOCfxPXvCDn8l5QTGqmlnJu97BCjdeSbX2ezSV47x9VtqjHGcB 0WjPevR5W5KZlVLI7Q+UQz/gRgy2ZQAixg4aLWSUW0CUwFDl4LMX1xoJxYq+x7vYXPCy lvKs4LBnUuLJJmjTbujzFSjzl0F/r01E65wv4oB9+MAiQmo2FS44bopYCnCnqIh6X+qh NVoA== X-Gm-Message-State: ALQs6tDch+cGMMvcP+ZIjnvT0W+4Y3z2SZ66gMPnj1+iNNze4FzPAvTa CRWrCbZEWBXked8SWx3fgY76bOmEOhYHBDzdsGk= X-Google-Smtp-Source: AIpwx4/6xDj9RnUmWxGvMOmtMfp48/6AVWgwDxG/SZ8/WWqU5/9n9aNaktL+fbzHtQHE2kiN8DS5e3Fhp6tScwXEblw= X-Received: by 10.46.146.13 with SMTP id k13mr3067293ljg.70.1523456531869; Wed, 11 Apr 2018 07:22:11 -0700 (PDT) MIME-Version: 1.0 Sender: mglt.ietf@gmail.com Received: by 10.46.110.7 with HTTP; Wed, 11 Apr 2018 07:22:11 -0700 (PDT) In-Reply-To: <4af646b5-bcb5-4f71-ae2d-88552e66b270@Spark> References: <4af646b5-bcb5-4f71-ae2d-88552e66b270@Spark> From: Daniel Migault Date: Wed, 11 Apr 2018 10:22:11 -0400 X-Google-Sender-Auth: mKmIUqAnChrg1UClzo80POYCUNg Message-ID: To: =?UTF-8?Q?Jes=C3=BAs_Alberto_Polo?= Cc: LURK BoF Content-Type: multipart/alternative; boundary="089e0827fb4469b38d0569935d59" Archived-At: Subject: Re: [Lurk] Questions about LURK TLS draft X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Apr 2018 14:22:18 -0000 --089e0827fb4469b38d0569935d59 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Jesus Albertot, You are more than welcome to intergate LURK with OpenSSL and NGINX. We discussed this during the hachathon in London, so feel free to share your thoughts or questions on the mailing list. I am sure you will get some interesting feed backs. If I understand correctly your question is whether the Key Server should only "decrypt" the premaster versus computing the master secret. One reason is to limit the scope of usage of the private key. Returning the premaster can be used by any attacker to decrypt any random bytes ( of the size of the premaster ) which could be used outside the scope of a TLS session. Returning the master, instead limits the usage outside the scope of TLS. A typical attack could consist in asserting you are the company " www.example.com" and ask users to rely on the RSA public key to encrypt some data. An attacker corrupting a edge server to gain access to the key server could decrypt this data and as such impersonate "www.example.com". In this example data is outside the scope of a TLS session. Returning the master requires the attacker to reverse the master to the premaster to access data which is harder to do. Another reason is that within the scope of TLS providing the master enables to provide perfect forward secrecy, and in our case the inability to regenerate a master secret from an observed TLS key exchange. If the key server returns the premaster, an attacker corrupting a edge server to gain access to the key server and observing a TLS key exchange is able to access the master and decrypt the TLS session. If the attacker does not have physically access to the private key, he will have the opportunity to perform the operation it needs. The purpose of PFS is to prevent that a TLS key exchange can be replayed even if you have access to the Key Server. The mechanism currently described is the one from [1] which uses a one one-way function. The key server and the edge server uses hash( R ) for the server random. A passive observer will see H( R ) on the wire, and needs to send R to the Key Server for the generation of the master. This is assumed to be a difficult operation. This mechanism prevents requesting the Key Server from an observed TLS key exchange. However, we do not prevent "illegitimate" exchange to happen, that is request outside a TLS exchange. Note also that by providing the master, the edge server is able to do session resumption.... The following document provides a security analysis of KeylessSSL [2]. Thank you for raising this question and please feel free to raise your concern. Yours, Daniel [1] https://tools.ietf.org/html/draft-erb-lurk-rsalg-01 [2] https://epubs.surrey.ac.uk/813643/1/mainKeyless.pdf On Mon, Apr 9, 2018 at 4:32 AM, Jes=C3=BAs Alberto Polo wrote: > Hi, > > > I=E2=80=99m currently working on an implementation of LURK to be integrat= ed with > OpenSSL and NGINX. After having identified all main parts and started the > development, I have some questions regarding the LURK extension for (D)TL= S > 1.1 and 1.2 draft, more specifically for RSA as key exchange method > (rsa_master, section 5). > > > As I understand, the Edge Server (LURK client) only needs the Private Key > to decrypt the premaster secret sent by the TLS client. I would like to > understand why LURK server computes the master secret instead of only > decrypting the premaster secret and letting the Edge Server compute the > master secret (since it is terminating the TLS connection). In this way: > > > 1. the LURK server would still protect the private key. > 2. it=E2=80=99d be less intrusive for the TLS protocol (the only chang= e is the > remote decryption instead of local decryption), it=E2=80=99d have less= impact on > the OpenSSL code as well. > 3. less error handling (however, LURK server would have less control > over the cyphers, TLS versions, PRF functions=E2=80=A6). > 4. the master secret would be locally computed by the TLS server and > never sent through the network (that is, even if an attacker compromis= es > the secure connection between LURK client and server and steals the > decrypted premaster key, they still need for other values of the TLS > connection in the LURK client). > > Thank you in advance. > > > Best regards, > > Jes=C3=BAs Alberto > > _______________________________________________ > Lurk mailing list > Lurk@ietf.org > https://www.ietf.org/mailman/listinfo/lurk > > --089e0827fb4469b38d0569935d59 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Jesus Albertot,

You are more than welcome = to intergate LURK with OpenSSL and NGINX. We discussed this during the hach= athon in London, so feel free to share your thoughts or questions on the ma= iling list. I am sure you will get some interesting feed backs.

If I understand correctly your question is whether the Key Server sh= ould only "decrypt" the premaster versus computing the master sec= ret.

One reason is to limit the scope of usage of the pri= vate key. Returning the premaster can be used by any attacker to decrypt an= y random bytes ( of the size of the premaster ) which could be used outside= the scope of a TLS session. Returning the master, instead limits the usage= outside the scope of TLS. A typical attack could consist in asserting you = are the company "www.example.com" and ask users to rely on the RSA public key to encrypt some data. A= n attacker corrupting a edge server to gain access to the key server could = decrypt this data and as such impersonate "www.example.com". In this example data is outside the scop= e of a TLS session. Returning the master requires the attacker to reverse t= he master to the premaster to access data which is harder to do.

Another reason is that within the scope of TLS providing the maste= r enables to provide perfect forward secrecy, and in our case the inability= to regenerate a master secret from an observed TLS key exchange. If the ke= y server returns the premaster, an attacker corrupting a edge server to gai= n access to the key server and observing a TLS key exchange is able to acce= ss the master and decrypt the TLS session. If the attacker does not have ph= ysically access to the private key, he will have the opportunity to perform= the operation it needs. The purpose of PFS is to prevent that a TLS key ex= change can be replayed even if you have access to the Key Server. The mecha= nism currently described is the one from [1] which uses a one one-way funct= ion. The key server and the edge server uses hash( R ) for the server rando= m. A passive observer will see H( R ) on the wire, and needs to send R to t= he Key Server for the generation of the master. This is assumed to be a dif= ficult operation.

This mechanism prevents requesting the= Key Server from an observed TLS key exchange. However,=C2=A0 we do not pre= vent "illegitimate" exchange to happen, that is request outside a= TLS exchange. Note also that by providing the master, the edge server is a= ble to do session resumption.... The following document provides a security= analysis of KeylessSSL [2].

Thank you for raising this question an= d please feel free to raise your concern.


On Mon, Apr 9, 2018 at 4:32 AM, Jes=C3=BAs Alberto Polo = <ietf@jesusalberto.me> wrote:

Hi,


I=E2=80=99m currently workin= g on an implementation of LURK to be integrated with OpenSSL and NGINX. Aft= er having identified all main parts and started the development, I have som= e questions regarding the LURK extension for (D)TLS 1.1 and 1.2 draft, more= specifically for RSA as key exchange method (rsa_master, section 5).


As I understand, the Edge Se= rver (LURK client) only needs the Private Key to decrypt the premaster secr= et sent by the TLS client. I would like to understand why LURK server compu= tes the master secret instead of only decrypting the premaster secret and l= etting the Edge Server compute the master secret (since it is terminating t= he TLS connection). In this way:

  1. the LURK server would still protect the private key.
  2. it=E2=80=99d be less intrusive for the TLS protocol (the only change is= the remote decryption instead of local decryption), it=E2=80=99d have less= impact on the OpenSSL code as well.
  3. less error handling (however, LURK server would have less control over = the cyphers, TLS versions, PRF functions=E2=80=A6).
  4. the master secret would be locally computed by the TLS server and never= sent through the network (that is, even if an attacker compromises the sec= ure connection between LURK client and server and steals the decrypted prem= aster key, they still need for other values of the TLS connection in the LU= RK client).

Thank you in advance.


Best regards,


Jes=C3=BAs Alberto

_______________________________________________
Lurk mailing list
Lurk@ietf.org
https://www.ietf.org/mailman/listinfo/lurk


--089e0827fb4469b38d0569935d59-- From nobody Fri Apr 20 11:26:38 2018 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78E56126B72 for ; Fri, 20 Apr 2018 11:26:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0TTLxY2uhSQs for ; Fri, 20 Apr 2018 11:26:30 -0700 (PDT) Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52EFA127863 for ; Fri, 20 Apr 2018 11:26:30 -0700 (PDT) Received: by mail-lf0-x22d.google.com with SMTP id o123-v6so3826828lfe.8 for ; Fri, 20 Apr 2018 11:26:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to:cc; bh=sqoX+oYjG9IUnzn/kRzq//Ix3KUNtJJZbSPIQC3H2RE=; b=rHvrWcxOHq9yvWZajHgJACPSbAEOSN1/WQ9Lu7Q8gOOm4r2y38/vADxr4MXUXYJeWA zVZG7rDJot+xOvlykXseDpVv3d8L1RxYOAcGJEC7SstF6kXYja2jaHfzKp3/7GLZokyG T4R/64YAXkc/vX25XMsdSvhC7Ip0aVits1ufFGN0QuVMgNGDNIXNOzhz5vsmwnd4NXI3 lisTzsuztcvor5iLZnWbs3LtagBXP6tWEN9SIc5IRtFb9gH2U6IfYh7gAaFvIm4aw9LI 91ovzs+XIXn54ZMe66NnszFOZEAdCyAfjHP9swRML140qENOMfzo+nQsow2HG8hOVK1p ZgMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to:cc; bh=sqoX+oYjG9IUnzn/kRzq//Ix3KUNtJJZbSPIQC3H2RE=; b=pJYr9+yytd75sTx9ICKT450wGxGZcyMH9VxTZhWnOE1Be8JgDNTyufgByCI6awKcF6 lltYoF/crifqiRkAUHMeIpeiwOPigMJnpUg8hkfDXprrScXjLUp+b+IlPbj+HVkEJlpI oY1UrY6+PAzGD7c+RTD7+LVdfgbCpqaj7tWMR5Ax/SIE6S0iiT5OupchPrRRH1VlcI8N /7mKLoHJC8HcAUaPDRB6gy0a1qdAWLDJXy3h+DKC8QOJE7xShpRr4Dlto3BCs/wmHL65 r2zg6rNvpNNdMLukBQQ42g8SLyMY5KUj8GJXE4nybX1kspHiOEhRchfM/ODLgK/Ira69 /i0g== X-Gm-Message-State: ALQs6tAuEj6j/vPcLGkTfj9gUP6gAt+kZSBng8/PVVqBDZ3bjXf+Lj4P yUjtDNAwkOPJUPQUeLMZ1ilD7cV6jk4YMkZ9ZVr7ZQ== X-Google-Smtp-Source: AB8JxZoyncSMHJQcZoA5FeGzDboZIblT3o4UtrITkAZExl/6HkXtJO/qCw8dAng2s6b81rdBJc90l9ULRZzijr2hdO8= X-Received: by 10.46.153.73 with SMTP id r9mr3307281ljj.7.1524248788595; Fri, 20 Apr 2018 11:26:28 -0700 (PDT) MIME-Version: 1.0 Sender: mglt.ietf@gmail.com Received: by 10.46.78.10 with HTTP; Fri, 20 Apr 2018 11:26:27 -0700 (PDT) From: Daniel Migault Date: Fri, 20 Apr 2018 14:26:27 -0400 X-Google-Sender-Auth: b-xrt63eLqJZggvIg2_m_9yf850 Message-ID: To: =?UTF-8?Q?Jes=C3=BAs_Alberto_Polo?= Cc: LURK BoF Content-Type: multipart/alternative; boundary="883d24f1a9ac97fa9d056a4bd3ca" Archived-At: Subject: [Lurk] lurk integration with openssl X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Apr 2018 18:26:33 -0000 --883d24f1a9ac97fa9d056a4bd3ca Content-Type: text/plain; charset="UTF-8" Hi Jesus Alberto, There have been some discussions regarding the integration of lurk with openssl during the hackathon, so feel free to share your concerns on the mailing list. Here are some links you might find of interest: https://www.agwa.name/blog/post/protecting_the_openssl_private_key_in_a_separate_process https://www.agwa.name/blog/post/titus_isolation_techniques_continued Yours, Daniel --883d24f1a9ac97fa9d056a4bd3ca Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Jesus Alberto,

There h= ave been some discussions regarding the integration of lurk with openssl du= ring the hackathon, so feel free to share your concerns on the mailing list= .

Here are some links you might find of interest:

https://www.agwa.name/blog/post/protecting_the_openss= l_private_key_in_a_separate_process
https://www.agwa.name/blog= /post/titus_isolation_techniques_continued

Yours,
Daniel
=C2=A0


--883d24f1a9ac97fa9d056a4bd3ca-- From nobody Sun Apr 22 03:08:59 2018 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28E49124D6C for ; Sun, 22 Apr 2018 03:08:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.61 X-Spam-Level: X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=qwilt-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YvrfjMwydrJf for ; Sun, 22 Apr 2018 03:08:54 -0700 (PDT) Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F236C12422F for ; Sun, 22 Apr 2018 03:08:53 -0700 (PDT) Received: by mail-qk0-x22f.google.com with SMTP id b131so8897768qkg.2 for ; Sun, 22 Apr 2018 03:08:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qwilt-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=D+Xg8l0pIkqs+l4/HVttedCr3X+mB38LdM7mTemYIIw=; b=yL2J/D6VKzNQQ05QCle0yu6UUSiXUhx3DyX9CJyyVMmbnrABG1pZhDbwX/QyANP2Yh GcC+RuVk3PpCBuMdkXz1/EuenC9xdwf0qSkyYi7+tTEyI+Kyt2gZMK9qr5FlkTmswTiz Ku7zzqPyoeA+B49W+AhW75GXw2pIgxb0fBV7SJLrWTWDWF/euJQMGGeTWl3p+XMzYnMw k52qSYZpK0zrKblZLFmOWlnAbvLAq3w+A5tGj1iG7SsSRpHEXAL6gPRPZsAbWY3sv6l9 3fniMBm44we0mzUiCFWAa2EdhnJh0S0gWrRNF9GdAYElDshflP8vMOM23VmYVovi1nm6 umUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=D+Xg8l0pIkqs+l4/HVttedCr3X+mB38LdM7mTemYIIw=; b=GNX9AyFyt9seDYQUNyQABWFw8bbfwTRrt+Tl29VIkAzJY4Un9aPyNbnuBO024XWA1x IKaAUARWlsDKmljdaEpTTDmB/k1PX2qykrm+/nLOBy8HYS/AVNSahzIWz27+QGKRkNmP FNtqXsVJ0SNMjNBjhnV974+eSyjuvKN9O0GiCvjnlFIrDEg9BNfv97JgS1pJ3iTvOXfS VD6KCI3i1tWZFARu8kfd1nhswQIuk6Ac9OJoPx96AigSME2G/Qw1iI55iFUZAQUYHySz bR1kWG6o48BfJPEorajBjZYH169k0vq3q/J1VLbKdEshR06qEUgBi1jkqKmb6VFLriNM Le2Q== X-Gm-Message-State: ALQs6tDLgFhlOc7uQzsa9bKg/2WWqBHCC3Gjd9+K2GGcEK9iT9ZpsgmW wUDnRUvAa0ZMpJ9JlU4MlOo3L+8e7BmfbYMkZFBTag== X-Google-Smtp-Source: AB8JxZqbk3YehFPITC7doacga7L4/urz991Ys6CBQ8BciurRvOluVrlZWYaJGDOrbOjNRrFBR49hb1008ZttnbSbV6g= X-Received: by 10.55.200.155 with SMTP id t27mr18176613qkl.214.1524391732743; Sun, 22 Apr 2018 03:08:52 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Dmitry Kravkov Date: Sun, 22 Apr 2018 10:08:42 +0000 Message-ID: To: =?UTF-8?Q?Jes=C3=BAs_Alberto_Polo?= Cc: LURK BoF , Daniel Migault Content-Type: multipart/mixed; boundary="001a1146dc7ebac9b1056a6d1b5f" Archived-At: Subject: Re: [Lurk] lurk integration with openssl X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Apr 2018 10:08:57 -0000 --001a1146dc7ebac9b1056a6d1b5f Content-Type: multipart/alternative; boundary="001a1146dc7ebac9ad056a6d1b5d" --001a1146dc7ebac9ad056a6d1b5d Content-Type: text/plain; charset="UTF-8" Hi Jesus Alberto, this is a patch for openssl used during 101 hackathon It looks that direct calling for lurk library from statemachine will be hard to push upstream, but adding more callbacks for master secret calculation that nginx (or other client) registers for, will be easier to submit. On Fri, Apr 20, 2018 at 9:26 PM Daniel Migault wrote: > Hi Jesus Alberto, > > There have been some discussions regarding the integration of lurk with > openssl during the hackathon, so feel free to share your concerns on the > mailing list.. > > Here are some links you might find of interest: > > > https://www.agwa.name/blog/post/protecting_the_openssl_private_key_in_a_separate_process > https://www.agwa.name/blog/post/titus_isolation_techniques_continued > > Yours, > Daniel > > > > _______________________________________________ > Lurk mailing list > Lurk@ietf.org > https://www.ietf.org/mailman/listinfo/lurk > -- *Dmitry Kravkov* Qwilt | Work: +972-72-2221630 | Mobile: +972-54-4839923 dmitrykATqwilt.com --001a1146dc7ebac9ad056a6d1b5d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Jesus Alberto,

this is a = patch for openssl used during 101 hackathon

It= looks that direct calling for lurk library from statemachine will be hard = to push upstream, but adding more callbacks for master secret calculation t= hat nginx (or other client) registers for,=C2=A0 will be easier to submit.<= /div>


On Fri, Apr 20, 2018 at 9:26 PM Daniel Migault <daniel.migault@ericsson.com> wrote:<= br>
Hi Jesus Alberto,

There have been some discussions regarding= the integration of lurk with openssl during the hackathon, so feel free to= share your concerns on the mailing list..

Here are some link= s you might find of interest:

https://www.agwa.name/blog/post/protecting_the_openssl_private_key_in= _a_separate_process
https://www.agwa.name/bl= og/post/titus_isolation_techniques_continued

Yours,
Daniel
=C2=A0


=
_______________________________________________
Lurk mailing list
Lurk@ietf.org
https://www.ietf.org/mailman/listinfo/lurk
--

Dmitry Kravkov
Qwilt | Work: +972-72-2221630 | Mobile: +972-54-4839923

dmitrykATqwil= t.com

--001a1146dc7ebac9ad056a6d1b5d-- --001a1146dc7ebac9b1056a6d1b5f Content-Type: text/x-patch; charset="US-ASCII"; name="lurk-direct.patch" Content-Disposition: attachment; filename="lurk-direct.patch" Content-Transfer-Encoding: base64 Content-ID: <162eccd7daa4be9206e1> X-Attachment-Id: 162eccd7daa4be9206e1 ZGlmZiAtTmF1ciBvcGVuc3NsLm9yaWcvQ29uZmlndXJhdGlvbnMvdW5peC1NYWtlZmlsZS50bXBs IG9wZW5zc2wvQ29uZmlndXJhdGlvbnMvdW5peC1NYWtlZmlsZS50bXBsCi0tLSBvcGVuc3NsLm9y aWcvQ29uZmlndXJhdGlvbnMvdW5peC1NYWtlZmlsZS50bXBsCTIwMTgtMDMtMTggMTE6MTA6MzYu MjQzMzAzNDM1ICswMjAwCisrKyBvcGVuc3NsL0NvbmZpZ3VyYXRpb25zL3VuaXgtTWFrZWZpbGUu dG1wbAkyMDE4LTAzLTE4IDExOjEwOjM2LjAwNjMwMzY1NCArMDIwMApAQCAtMTk1LDcgKzE5NSw4 IEBACiBDWFhGTEFHUz17LSBqb2luKCcgJywgQHskY29uZmlne2N4eGZsYWdzfX0pIC19CiBMREZM QUdTPSB7LSBqb2luKCcgJywgQHskY29uZmlne2xmbGFnc319KSAtfQogUExJQl9MREZMQUdTPSB7 LSBqb2luKCcgJywgQHskY29uZmlne3BsaWJfbGZsYWdzfX0pIC19Ci1FWF9MSUJTPSB7LSBqb2lu KCcgJywgQHskY29uZmlne2V4X2xpYnN9fSkgLX0KKyNFWF9MSUJTPSB7LSBqb2luKCcgJywgQHsk Y29uZmlne2V4X2xpYnN9fSkgLX0KK0VYX0xJQlM9LWxkbCAtcHRocmVhZCAtTC9yb290L3B5bHVy ay90ZXN0LyAtbGNsdXJrIC1scHl0aG9uMzZtCiBMSUJfQ1BQRkxBR1M9ey0gam9pbignICcsCiAg ICAgICAgICAgICAgICAgICAgICAobWFwIHsgJy1EJy4kXyB9CiAgICAgICAgICAgICAgICAgICAg ICAgICAgICgnT1BFTlNTTERJUj0iXCIkKE9QRU5TU0xESVIpXCIiJywKZGlmZiAtTmF1ciBvcGVu c3NsLm9yaWcvaW5jbHVkZS9vcGVuc3NsL3NzbC5oIG9wZW5zc2wvaW5jbHVkZS9vcGVuc3NsL3Nz bC5oCi0tLSBvcGVuc3NsLm9yaWcvaW5jbHVkZS9vcGVuc3NsL3NzbC5oCTIwMTgtMDMtMTggMTE6 MTA6MzguNzY1MzAxMTA2ICswMjAwCisrKyBvcGVuc3NsL2luY2x1ZGUvb3BlbnNzbC9zc2wuaAky MDE4LTAzLTE4IDExOjEwOjM2LjAzNDMwMzYyOCArMDIwMApAQCAtMzYxLDYgKzM2MSw5IEBACiAg Ki8KICMgZGVmaW5lIFNTTF9PUF9UTFNfUk9MTEJBQ0tfQlVHICAgICAgICAgICAgICAgICAgICAg ICAgIDB4MDA4MDAwMDBVCiAKKy8qIERpc2FibGUgRXh0ZW5kZWQgbWFzdGVyIHNlY3JldCAqLwor IyBkZWZpbmUgU1NMX09QX05PX0VYVEVOREVEX01BU1RFUl9TRUNSRVQgICAgICAgICAgICAgICAg MHgwMTAwMDAwMFUKKwogIyBkZWZpbmUgU1NMX09QX05PX1NTTHYzICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgMHgwMjAwMDAwMFUKICMgZGVmaW5lIFNTTF9PUF9OT19UTFN2MSAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDB4MDQwMDAwMDBVCiAjIGRlZmluZSBTU0xfT1Bf Tk9fVExTdjFfMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAweDA4MDAwMDAwVQpkaWZm IC1OYXVyIG9wZW5zc2wub3JpZy9zc2wvc3NsX2xpYi5jIG9wZW5zc2wvc3NsL3NzbF9saWIuYwot LS0gb3BlbnNzbC5vcmlnL3NzbC9zc2xfbGliLmMJMjAxOC0wMy0xOCAxMToxMDozOC43NzgzMDEw OTQgKzAyMDAKKysrIG9wZW5zc2wvc3NsL3NzbF9saWIuYwkyMDE4LTAzLTE4IDExOjEwOjM1Ljkz NDMwMzcyMSArMDIwMApAQCAtMjg2Nyw2ICsyODY3LDcgQEAKICAgICBpZiAocmV0ID09IE5VTEwp CiAgICAgICAgIGdvdG8gZXJyOwogCisgICAgcmV0LT5tb2RlIHw9IChTU0xfTU9ERV9TRU5EX1NF UlZFUkhFTExPX1RJTUUgfCBTU0xfTU9ERV9TRU5EX0NMSUVOVEhFTExPX1RJTUUpOwogICAgIHJl dC0+bWV0aG9kID0gbWV0aDsKICAgICByZXQtPm1pbl9wcm90b192ZXJzaW9uID0gMDsKICAgICBy ZXQtPm1heF9wcm90b192ZXJzaW9uID0gMDsKZGlmZiAtTmF1ciBvcGVuc3NsLm9yaWcvc3NsL3Nz bF9sb2NsLmggb3BlbnNzbC9zc2wvc3NsX2xvY2wuaAotLS0gb3BlbnNzbC5vcmlnL3NzbC9zc2xf bG9jbC5oCTIwMTgtMDMtMTggMTE6MTA6MzguNzc4MzAxMDk0ICswMjAwCisrKyBvcGVuc3NsL3Nz bC9zc2xfbG9jbC5oCTIwMTgtMDMtMTggMTQ6MDg6MTkuNDk1NDU1NzkyICswMjAwCkBAIC0xMDg3 LDYgKzEwODcsOCBAQAogICAgICAqIGJlICdjb3BpZWQnIGludG8gdGhlc2Ugb25lcwogICAgICAq LwogICAgIHVpbnQzMl90IG1hY19mbGFnczsKKyAgICB1bnNpZ25lZCBjaGFyICplbmNfcHJlbWFz dGVyX3NlY3JldDsKKyAgICBzaXplX3QgZW5jX3ByZW1hc3Rlcl9zZWNyZXRfbGVuOwogICAgIC8q CiAgICAgICogVGhlIFRMUzEuMyBzZWNyZXRzLiBUaGUgcmVzdW1wdGlvbiBtYXN0ZXIgc2VjcmV0 IGlzIHN0b3JlZCBpbiB0aGUKICAgICAgKiBzZXNzaW9uLgpkaWZmIC1OYXVyIG9wZW5zc2wub3Jp Zy9zc2wvc3RhdGVtL2V4dGVuc2lvbnMuYyBvcGVuc3NsL3NzbC9zdGF0ZW0vZXh0ZW5zaW9ucy5j Ci0tLSBvcGVuc3NsLm9yaWcvc3NsL3N0YXRlbS9leHRlbnNpb25zLmMJMjAxOC0wMy0xOCAxMTox MDozOC43ODAzMDEwOTIgKzAyMDAKKysrIG9wZW5zc2wvc3NsL3N0YXRlbS9leHRlbnNpb25zLmMJ MjAxOC0wMy0xOCAxMToxMDozNS45NjYzMDM2OTEgKzAyMDAKQEAgLTExMjcsOCArMTEyNyw3IEBA CiAKIHN0YXRpYyBpbnQgaW5pdF9lbXMoU1NMICpzLCB1bnNpZ25lZCBpbnQgY29udGV4dCkKIHsK LSAgICBpZiAoIXMtPnNlcnZlcikKLSAgICAgICAgcy0+czMtPmZsYWdzICY9IH5UTFMxX0ZMQUdT X1JFQ0VJVkVEX0VYVE1TOworICAgIHMtPnMzLT5mbGFncyAmPSB+VExTMV9GTEFHU19SRUNFSVZF RF9FWFRNUzsKIAogICAgIHJldHVybiAxOwogfQpkaWZmIC1OYXVyIG9wZW5zc2wub3JpZy9zc2wv c3RhdGVtL2V4dGVuc2lvbnNfY2xudC5jIG9wZW5zc2wvc3NsL3N0YXRlbS9leHRlbnNpb25zX2Ns bnQuYwotLS0gb3BlbnNzbC5vcmlnL3NzbC9zdGF0ZW0vZXh0ZW5zaW9uc19jbG50LmMJMjAxOC0w My0xOCAxMToxMDozOC43ODAzMDEwOTIgKzAyMDAKKysrIG9wZW5zc2wvc3NsL3N0YXRlbS9leHRl bnNpb25zX2NsbnQuYwkyMDE4LTAzLTE4IDExOjEwOjM1Ljk2NzMwMzY5MCArMDIwMApAQCAtNDkx LDYgKzQ5MSw5IEBACiBFWFRfUkVUVVJOIHRsc19jb25zdHJ1Y3RfY3Rvc19lbXMoU1NMICpzLCBX UEFDS0VUICpwa3QsIHVuc2lnbmVkIGludCBjb250ZXh0LAogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIFg1MDkgKngsIHNpemVfdCBjaGFpbmlkeCkKIHsKKyAgICAvL2lmIChzLT5v cHRpb25zICYgU1NMX09QX05PX0VYVEVOREVEX01BU1RFUl9TRUNSRVQpCisgICAgICAgIHJldHVy biBFWFRfUkVUVVJOX05PVF9TRU5UOworCiAgICAgaWYgKCFXUEFDS0VUX3B1dF9ieXRlc191MTYo cGt0LCBUTFNFWFRfVFlQRV9leHRlbmRlZF9tYXN0ZXJfc2VjcmV0KQogICAgICAgICAgICAgfHwg IVdQQUNLRVRfcHV0X2J5dGVzX3UxNihwa3QsIDApKSB7CiAgICAgICAgIFNTTGZhdGFsKHMsIFNT TF9BRF9JTlRFUk5BTF9FUlJPUiwgU1NMX0ZfVExTX0NPTlNUUlVDVF9DVE9TX0VNUywKQEAgLTE2 MzMsNiArMTYzNiw4IEBACiBpbnQgdGxzX3BhcnNlX3N0b2NfZW1zKFNTTCAqcywgUEFDS0VUICpw a3QsIHVuc2lnbmVkIGludCBjb250ZXh0LCBYNTA5ICp4LAogICAgICAgICAgICAgICAgICAgICAg ICBzaXplX3QgY2hhaW5pZHgpCiB7CisgICAgLy9pZiAocy0+b3B0aW9ucyAmIFNTTF9PUF9OT19F WFRFTkRFRF9NQVNURVJfU0VDUkVUKQorICAgICAgICByZXR1cm4gMTsKICAgICBzLT5zMy0+Zmxh Z3MgfD0gVExTMV9GTEFHU19SRUNFSVZFRF9FWFRNUzsKICAgICBpZiAoIXMtPmhpdCkKICAgICAg ICAgcy0+c2Vzc2lvbi0+ZmxhZ3MgfD0gU1NMX1NFU1NfRkxBR19FWFRNUzsKZGlmZiAtTmF1ciBv cGVuc3NsLm9yaWcvc3NsL3N0YXRlbS9leHRlbnNpb25zX3NydnIuYyBvcGVuc3NsL3NzbC9zdGF0 ZW0vZXh0ZW5zaW9uc19zcnZyLmMKLS0tIG9wZW5zc2wub3JpZy9zc2wvc3RhdGVtL2V4dGVuc2lv bnNfc3J2ci5jCTIwMTgtMDMtMTggMTE6MTA6MzguNzgxMzAxMDkxICswMjAwCisrKyBvcGVuc3Ns L3NzbC9zdGF0ZW0vZXh0ZW5zaW9uc19zcnZyLmMJMjAxOC0wMy0xOCAxMToxMDozNS45NjczMDM2 OTAgKzAyMDAKQEAgLTk3OCw2ICs5NzgsOSBAQAogICAgICAgICByZXR1cm4gMDsKICAgICB9CiAK KyAgICAvL2lmIChzLT5vcHRpb25zICYgU1NMX09QX05PX0VYVEVOREVEX01BU1RFUl9TRUNSRVQp CisgICAgICAgIHJldHVybiAxOworCiAgICAgcy0+czMtPmZsYWdzIHw9IFRMUzFfRkxBR1NfUkVD RUlWRURfRVhUTVM7CiAKICAgICByZXR1cm4gMTsKZGlmZiAtTmF1ciBvcGVuc3NsLm9yaWcvc3Ns L3N0YXRlbS9zdGF0ZW1fc3J2ci5jIG9wZW5zc2wvc3NsL3N0YXRlbS9zdGF0ZW1fc3J2ci5jCi0t LSBvcGVuc3NsLm9yaWcvc3NsL3N0YXRlbS9zdGF0ZW1fc3J2ci5jCTIwMTgtMDMtMTggMTE6MTA6 MzguNzgzMzAxMDg5ICswMjAwCisrKyBvcGVuc3NsL3NzbC9zdGF0ZW0vc3RhdGVtX3NydnIuYwky MDE4LTAzLTE4IDExOjEwOjM1Ljk1NzMwMzY5OSArMDIwMApAQCAtMjg4NCw2ICsyODg0LDE0IEBA CiAgICAgICAgIGdvdG8gZXJyOwogICAgIH0KIAorICAgIHMtPmVuY19wcmVtYXN0ZXJfc2VjcmV0 ID0gT1BFTlNTTF9tYWxsb2MoUEFDS0VUX3JlbWFpbmluZygmZW5jX3ByZW1hc3RlcikpOworICAg IGlmIChzLT5lbmNfcHJlbWFzdGVyX3NlY3JldCA9PSBOVUxMKSB7CisgICAgICAgIFNTTGZhdGFs KHMsIFNTTF9BRF9JTlRFUk5BTF9FUlJPUiwgU1NMX0ZfVExTX1BST0NFU1NfQ0tFX1JTQSwKKyAg ICAgICAgICAgICAgICAgRVJSX1JfTUFMTE9DX0ZBSUxVUkUpOworICAgICAgICBnb3RvIGVycjsK KyAgICB9CisgICAgcy0+ZW5jX3ByZW1hc3Rlcl9zZWNyZXRfbGVuID0gUEFDS0VUX3JlbWFpbmlu ZygmZW5jX3ByZW1hc3Rlcik7CisgICAgbWVtY3B5KHMtPmVuY19wcmVtYXN0ZXJfc2VjcmV0LCBQ QUNLRVRfZGF0YSgmZW5jX3ByZW1hc3RlciksIHMtPmVuY19wcmVtYXN0ZXJfc2VjcmV0X2xlbik7 CiAgICAgLyoKICAgICAgKiBEZWNyeXB0IHdpdGggbm8gcGFkZGluZy4gUEtDUyMxIHBhZGRpbmcg d2lsbCBiZSByZW1vdmVkIGFzIHBhcnQgb2YKICAgICAgKiB0aGUgdGltaW5nLXNlbnNpdGl2ZSBj b2RlIGJlbG93LgpkaWZmIC1OYXVyIG9wZW5zc2wub3JpZy9zc2wvdDFfZW5jLmMgb3BlbnNzbC9z c2wvdDFfZW5jLmMKLS0tIG9wZW5zc2wub3JpZy9zc2wvdDFfZW5jLmMJMjAxOC0wMy0xOCAxMTox MDozOC43ODYzMDEwODYgKzAyMDAKKysrIG9wZW5zc2wvc3NsL3QxX2VuYy5jCTIwMTgtMDMtMTgg MTQ6MDQ6MDcuNDUxMjMxMTI1ICswMjAwCkBAIC00NjksNiArNDY5LDkgQEAKICAgICByZXR1cm4g VExTMV9GSU5JU0hfTUFDX0xFTkdUSDsKIH0KIAorZXh0ZXJuIGludCBsdXJrX2NsaWVudCh1bnNp Z25lZCBjaGFyKiBjLCBzaXplX3QgY0xlbiwgdW5zaWduZWQgY2hhciogcywgc2l6ZV90IHNMZW4s IHVuc2lnbmVkIGNoYXIqIHBtcywgc2l6ZV90IHBtc0xlbiwgdW5zaWduZWQgY2hhciogcmVzLCBz aXplX3Qgc3BhY2UsIHNpemVfdCAqIGxlbik7CisKKwogaW50IHRsczFfZ2VuZXJhdGVfbWFzdGVy X3NlY3JldChTU0wgKnMsIHVuc2lnbmVkIGNoYXIgKm91dCwgdW5zaWduZWQgY2hhciAqcCwKICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZV90IGxlbiwgc2l6ZV90ICpzZWNyZXRf c2l6ZSkKIHsKQEAgLTUwMiw2ICs1MDUsMjEgQEAKICAgICAgICAgfQogICAgICAgICBPUEVOU1NM X2NsZWFuc2UoaGFzaCwgaGFzaGxlbik7CiAgICAgfSBlbHNlIHsKKworI2lmbmRlZiBIQVNfTFVS S19TVVBQT1JUCisjZGVmaW5lIEhBU19MVVJLX1NVUFBPUlQgMQorI2VuZGlmCisjaWYgSEFTX0xV UktfU1VQUE9SVAorICAgICAgICBzaXplX3QgbHVya19tYXN0ZXJfc2l6ZTsKKworICAgICAgICBs dXJrX2NsaWVudChzLT5zMy0+Y2xpZW50X3JhbmRvbSwgU1NMM19SQU5ET01fU0laRSwgcy0+czMt PnNlcnZlcl9yYW5kb20sIFNTTDNfUkFORE9NX1NJWkUsIHMtPmVuY19wcmVtYXN0ZXJfc2VjcmV0 LCBzLT5lbmNfcHJlbWFzdGVyX3NlY3JldF9sZW4sIG91dCwgU1NMM19NQVNURVJfU0VDUkVUX1NJ WkUsICZsdXJrX21hc3Rlcl9zaXplKTsKKyAgICAgICAgLy8gVE9ETyBDaGVjayByZXQgdmFsdWUK KyAgICAgICAgCisJZnByaW50ZihzdGRlcnIsICJMdXJrIE1hc3RlciBTZWNyZXQgcHV0IGludG8g bWFzdGVyXG4iKTsKKyAgICAgICAgT1BFTlNTTF9mcmVlKHMtPmVuY19wcmVtYXN0ZXJfc2VjcmV0 KTsKKyAgICAgICAgcy0+ZW5jX3ByZW1hc3Rlcl9zZWNyZXQgPSBOVUxMOworICAgICAgICBzLT5l bmNfcHJlbWFzdGVyX3NlY3JldF9sZW4gPSAwOworI2Vsc2UKICAgICAgICAgaWYgKCF0bHMxX1BS RihzLAogICAgICAgICAgICAgICAgICAgICAgIFRMU19NRF9NQVNURVJfU0VDUkVUX0NPTlNULAog ICAgICAgICAgICAgICAgICAgICAgIFRMU19NRF9NQVNURVJfU0VDUkVUX0NPTlNUX1NJWkUsCkBA IC01MTMsNiArNTMxLDcgQEAKICAgICAgICAgICAgLyogU1NMZmF0YWwoKSBhbHJlYWR5IGNhbGxl ZCAqLwogICAgICAgICAgICAgcmV0dXJuIDA7CiAgICAgICAgIH0KKyNlbmRpZgogICAgIH0KICNp ZmRlZiBTU0xfREVCVUcKICAgICBmcHJpbnRmKHN0ZGVyciwgIlByZW1hc3RlciBTZWNyZXQ6XG4i KTsK --001a1146dc7ebac9b1056a6d1b5f-- From nobody Tue Apr 24 08:10:59 2018 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BF6212D880 for ; Tue, 24 Apr 2018 08:10:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pS9yf8FDLzUO for ; Tue, 24 Apr 2018 08:10:55 -0700 (PDT) Received: from fnsib-smtp02.srv.cat (fnsib-smtp02.srv.cat [46.16.60.193]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04730129C6B for ; Tue, 24 Apr 2018 08:10:54 -0700 (PDT) Received: from [172.20.10.2] (unknown [47.59.127.225]) by fnsib-smtp02.srv.cat (Postfix) with ESMTPSA id 24BEB1F3090; Tue, 24 Apr 2018 17:10:51 +0200 (CEST) Date: Tue, 24 Apr 2018 17:10:31 +0200 From: =?utf-8?Q?Jes=C3=BAs_Alberto_Polo?= To: Dmitry Kravkov , Daniel Migault Cc: LURK BoF Message-ID: In-Reply-To: References: X-Readdle-Message-ID: fc8cdf45-9d4b-4840-9943-082db7538eef@Spark MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="5adf48fa_721da317_3f5" Archived-At: Subject: Re: [Lurk] lurk integration with openssl X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2018 15:10:57 -0000 --5adf48fa_721da317_3f5 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi, Thanks for the resources and the patch, it=E2=80=99s definitely easier to= solve it the way you did in the hackathon. I managed to integrate the basic functionality of LURK for ECDHE and I=E2= =80=99m preparing some tests, I hope they=E2=80=99re done and the code cl= eaned up by the end of this week. Regarding the TLS12ECDHERequestPayload =5B1=5D, I think the Signature Alg= orithm=C2=A0field is missing (hash and signature), to indicate the chosen= algorithms for the TLS connection. Best regards, Jes=C3=BAs Alberto =5B1=5D https://tools.ietf.org/html/draft-mglt-lurk-tls12-00=23section-7.= 1 On 22 Apr 2018, 12:08 +0200, Dmitry Kravkov , wrote:= > Hi Jesus Alberto, > > this is a patch for openssl used during 101 hackathon > > It looks that direct calling for lurk library from statemachine will be= hard to push upstream, but adding more callbacks for master secret calcu= lation that nginx (or other client) registers for,=C2=A0 will be easier t= o submit. > > > > On =46ri, Apr 20, 2018 at 9:26 PM Daniel Migault wrote: > > > Hi Jesus Alberto, > > > > > > There have been some discussions regarding the integration of lurk = with openssl during the hackathon, so feel free to share your concerns on= the mailing list.. > > > > > > Here are some links you might find of interest: > > > > > > https://www.agwa.name/blog/post/protecting=5Fthe=5Fopenssl=5Fprivat= e=5Fkey=5Fin=5Fa=5Fseparate=5Fprocess > > > https://www.agwa.name/blog/post/titus=5Fisolation=5Ftechniques=5Fco= ntinued > > > > > > Yours, > > > Daniel > > > > > > > > > > > > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F > > > Lurk mailing list > > > Lurk=40ietf.org > > > https://www.ietf.org/mailman/listinfo/lurk > -- > Dmitry Kravkov > Qwilt =7C Work: +972-72-2221630 =7C Mobile: +972-54-4839923 > dmitrykATqwilt.com --5adf48fa_721da317_3f5 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline

Hi,

Thanks for the resources and the patch, it=E2=80=99s definitely easier to= solve it the way you did in the hackathon.

I managed to integrate the basic functionality of LURK for ECDHE and I=E2= =80=99m preparing some tests, I hope they=E2=80=99re done and the code cl= eaned up by the end of this week.

Regarding the TLS12ECDHERequestPayload =5B1=5D, I think the Signature = Algorithm&=23160;field is missing (hash and signature), to indicate t= he chosen algorithms for the TLS connection.


Best regards,

Jes=C3= =BAs Alberto

=5B1=5D https://tools.ietf.org/html/draft-mglt-lurk-tls12-00=23= section-7.1


On 22 Apr 2018, 12:08 +0200, Dmitry Kravkov <dmitryk=40qwilt.com>, = wrote:
Hi Jesus Alberto,

this is a patch for openssl used during 101 hackathon

It looks that direct calling for lurk library from statemachine will= be hard to push upstream, but adding more callbacks for master secret ca= lculation that nginx (or other client) registers for,&=23160; will be eas= ier to submit.


On =46ri, Apr 20, 2018 at 9:26 PM Daniel Migault <= ;daniel.migault=40er= icsson.com> wrote:
Hi Jesus Alberto,

There have been some discussions regarding the integration of lurk with o= penssl during the hackathon, so feel free to share your concerns on the m= ailing list..

Here are some links you might find of interest:

ht= tps://www.agwa.name/blog/post/protecting=5Fthe=5Fopenssl=5Fprivate=5Fkey=5F= in=5Fa=5Fseparate=5Fprocess
https://www.agwa.name/blog/post= /titus=5Fisolation=5Ftechniques=5Fcontinued

Yours,
Daniel
&=23160;


=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Lurk mailing list
Lurk=40iet= f.org
https://www.ietf.org/mailman/listinfo/lu= rk
--

Dmitry Kravkov
Qwilt =7C Work: +972-72-2221630 =7C Mobile: +972-54-4839923

dmitrykATqwilt.com

--5adf48fa_721da317_3f5-- From nobody Tue Apr 24 08:35:05 2018 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB2F812E89A for ; Tue, 24 Apr 2018 08:35:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.309 X-Spam-Level: X-Spam-Status: No, score=-4.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CMQ_7DnRMFgw for ; Tue, 24 Apr 2018 08:35:00 -0700 (PDT) Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 499CA12FB15 for ; Tue, 24 Apr 2018 08:34:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1524584059; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=NPIkfTDJh5t2McnTAzYjdnV4NL7Y4GgDZBAUMXb4K6E=; b=eoMiVC3A6wPPIVS+XDWt2d4rV0qnfp3VzooSW3IhPVeRkpXu4igWL9RevLO8bnai 7cs3/NljRZqT6ZGLJw1K8hAzQK5Hv/+NDbW646ZuiLJXvJTNQOaMgmv+Gvqq8hRR 8UiZ3JGgCprh/IxqGAp1hmAUFlONPhEEIqf53up8Z9w=; X-AuditID: c6180641-5a9879c000003b41-c8-5adf4e7b51a0 Received: from EUSAAHC005.ericsson.se (Unknown_Domain [147.117.188.87]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id EA.B5.15169.B7E4FDA5; Tue, 24 Apr 2018 17:34:19 +0200 (CEST) Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC005.ericsson.se ([147.117.188.87]) with mapi id 14.03.0382.000; Tue, 24 Apr 2018 11:34:18 -0400 From: Daniel Migault To: =?utf-8?B?SmVzw7pzIEFsYmVydG8gUG9sbw==?= , "Dmitry Kravkov" CC: LURK BoF Thread-Topic: [Lurk] lurk integration with openssl Thread-Index: AQHT295z6Zmqt6EvUEihILg94E6wlqQQCDvw Date: Tue, 24 Apr 2018 15:34:15 +0000 Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C118E4240A@eusaamb107.ericsson.se> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [147.117.188.218] Content-Type: multipart/alternative; boundary="_000_2DD56D786E600F45AC6BDE7DA4E8A8C118E4240Aeusaamb107erics_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprAIsWRmVeSWpSXmKPExsUyuXRPuG613/0og7W3pS1+Tf7DanHp+hM2 i7dr/ByYPZYs+cnkcWnOChaPBTf/MgUwR3HZpKTmZJalFunbJXBlfFp0nq2g5QxjxaGJK1kb GC8cY+xi5OSQEDCRWD/lPnsXIxeHkMBRRonbz75BOcsZJRbsvc8EUsUmYCTRdqifHcQWEciW eLVuIwuIzSwgI9F9qwXMFhYwlGjtusIKUWMkMeXlAaBeDjC7cyMPSJhFQFXibOM9ZhCbV8BX YlPbQiaIXccYJX6/mAx2EaeApUTnlHdsIDajgJjE91NrmCB2iUvcejKfCeJqAYkle84zQ9ii Ei8f/2OFsJUl1hy5wwiyl1kgX2Lxj2SIXYISJ2c+YZnAKDILyaRZCFWzkFRBhDUl1u/Sh6hW lJjS/ZAdwtaQaJ0zlx1ZfAEj+ypGjtLigpzcdCPDTYzAeDomwea4g3Fvr+chRgEORiUe3vk2 96OEWBPLiitzDzFKcDArifDulbsXJcSbklhZlVqUH19UmpNafIhRmoNFSZz3nCdvlJBAemJJ anZqakFqEUyWiYNTqoGxu3rvFHdFvWnMibeyeWqFFNNmnT+WxrXkX8POuwsbD91sf8P9/md7 Miv7CT/mzCdCMtP+Mx7J+KTHekqdl/mDwwIt/51NWsErKtmrZaybnFrtQ+5P7NI5LKU8RWFZ /Oq9v84fXcl1+rVOQJ2aW4TFpn8m4uWnbZrdWy9f1djv/mmB+Gd73+tKLMUZiYZazEXFiQBy GaqXowIAAA== Archived-At: Subject: Re: [Lurk] lurk integration with openssl X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2018 15:35:04 -0000 --_000_2DD56D786E600F45AC6BDE7DA4E8A8C118E4240Aeusaamb107erics_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhhbmtzIGZvciB0aGUgZmVlZCBiYWNrISBZZXMgYWJzb2x1dGVseSBmb3IgZWNkaGUsIHRoZSBz aWdfYW5kX2hhc2ggaXMgbWlzc2luZyBmcm9tIHRoZSBzcGVjLiBJIGhhdmUgYWxzbyBzbGlnaHRs eSBjaGFuZ2VkIHRoZSBleHRlbmRlZCBtYXN0ZXIgc3RydWN0dXJlIGJ5IGV4Y2hhbmdpbmcgdGhl IHNlc3Npb25faGFzaCBhbmQgZW5jcnlwdGVkIHByZW1hc3Rlci4gSSBleHBlY3QgdG8gYmUgYWJs ZSB0byB1cGRhdGUgdGhlIGRyYWZ0IGJ5IG5leHQgd2VlayBhcyB3ZWxsLiBPbiBteSBweXRob24g aW1wbGVtZW50YXRpb24gSSBhbSB1c2luZyB0aGUgZm9sbG93aW5nIHN0cnVjdHVyZXMgZm9yIGVj ZGhlLg0KDQpZb3VycywNCkRhbmllbA0KDQpUTFMxMkVDREhFUmVxdWVzdFBheWxvYWQgPSBTdHJ1 Y3QoDQogICAgRW1iZWRkZWQoVExTMTJCYXNlKSwNCiAgICAic2lnX2FuZF9oYXNoIiAvIFNpZ25h dHVyZUFuZEhhc2hBbGdvcml0aG0sDQogICAgImVjZGhlX3BhcmFtcyIgLyBTZXJ2ZXJFQ0RIUGFy YW1zLA0KICAgICJwb29fcGFyYW1zIiAvIFN0cnVjdCgNCiAgICAgICAgInBvb19wcmYiIC8gRGVm YXVsdCggUE9PUFJGLCAibnVsbCIgKSwNCiAgICAgICAgInJHIiAvIElmVGhlbkVsc2UoIHRoaXMu cG9vX3ByZiA9PSAnbnVsbCcsDQogICAgICAgICAgICAgUGFzcywNCiAgICAgICAgICAgICBTd2l0 Y2goIHRoaXMuZWNkaGVfcGFyYW1zLmN1cnZlX3BhcmFtLmN1cnZlLA0KICAgICAgICAgICAgICAg IHsNCiAgICAgICAgICAgICAgICAic2VjcDI1NnIxIiA6IFVuY29tcHJlc3NlZFBvaW50UmVwcmVz ZW50YXRpb25fMjU2LA0KICAgICAgICAgICAgICAgICJzZWNwMzg0cjEiIDogVW5jb21wcmVzc2Vk UG9pbnRSZXByZXNlbnRhdGlvbl8zODQsDQogICAgICAgICAgICAgICAgInNlY3A1MTJyMSIgOiBV bmNvbXByZXNzZWRQb2ludFJlcHJlc2VudGF0aW9uXzUxMg0KDQogICAgICAgICAgICAgICB9KSAp LA0KICAgICAgICAidEciIC8gSWZUaGVuRWxzZSggdGhpcy5wb29fcHJmID09ICdudWxsJywNCiAg ICAgICAgICAgICAgUGFzcywNCiAgICAgICAgICAgICAgU3dpdGNoKCB0aGlzLmVjZGhlX3BhcmFt cy5jdXJ2ZV9wYXJhbS5jdXJ2ZSwNCiAgICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAg ICAgICJzZWNwMjU2cjEiIDogVW5jb21wcmVzc2VkUG9pbnRSZXByZXNlbnRhdGlvbl8yNTYsDQog ICAgICAgICAgICAgICAgICAic2VjcDM4NHIxIiA6IFVuY29tcHJlc3NlZFBvaW50UmVwcmVzZW50 YXRpb25fMzg0LA0KICAgICAgICAgICAgICAgICAgInNlY3A1MTJyMSIgOiBVbmNvbXByZXNzZWRQ b2ludFJlcHJlc2VudGF0aW9uXzUxMg0KDQogICAgICAgICAgICAgICB9KSApLA0KICAgICkNCikN Cg0KV2l0aA0KDQpUTFMxMkJhc2UgPSBTdHJ1Y3QoDQogICAgImtleV9pZCIgLyBLZXlQYWlySUQg LA0KICAgICJjbGllbnRfcmFuZG9tIiAvIFJhbmRvbSwNCiAgICAic2VydmVyX3JhbmRvbSIgLyBS YW5kb20sDQogICAgInRsc192ZXJzaW9uIiAvICBQcm90b2NvbFZlcnNpb24sDQogICAgInByZiIg LyBQUkZBbGdvcml0aG0NCikNCg0KDQpJIGhhdmUgYWxzbyBjaGFuZ2VkIHRoZSBzdHJ1Y3R1cmUg b2YgdGhlIGV4dGVuZGVkIG1hc3RlciBieSBpbnRlcnZlcnRpbmcgdGhlIHNlc3Npb24gaGFzaCBh bmQgdGhlIGVuY3J5cHRlZCBtYXN0ZXIgdG8gZWFzZSB0aGUgcGFyc2luZy4NCg0Kc3RydWN0ew0K ICAgIEtleVBhaXJJRCBrZXlfaWQNCiAgICBQcm90b2NvbFZlcnNpb24gdGxzX3ZlcnNpb24gICAv LyBzZWUgUkZDNTI0NiBzZWN0aW9uIDYuMi4xDQogICAgUFJGQWxnb3JpdGhtIHByZiAgICAgICAg ICAgICAgLy8gc2VlIFJGQzUyNDYgc2VjdGlvbiA2LjENCiAgICBvcGFxdWUgc2Vzc2lvbl9oYXNo PDIuLi4yXjE2LTI+DQogICAgRW5jcnlwdGVkUHJlTWFzdGVyU2VjcmV0ICBwcmVfbWFzdGVyDQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLy8gc2VlIFJGQzUyNDYgc2VjdGlvbiA3 LjQuNy4xDQp9VExTMTJFeHRlbmRlZE1hc3RlclJTQVJlcXVlc3RQYXlsb2FkOw0KICAgICAgICBd XT48L2FydHdvcms+DQoNCkZyb206IEplc8O6cyBBbGJlcnRvIFBvbG8gW21haWx0bzppZXRmQGpl c3VzYWxiZXJ0by5tZV0NClNlbnQ6IFR1ZXNkYXksIEFwcmlsIDI0LCAyMDE4IDExOjExIEFNDQpU bzogRG1pdHJ5IEtyYXZrb3YgPGRtaXRyeWtAcXdpbHQuY29tPjsgRGFuaWVsIE1pZ2F1bHQgPGRh bmllbC5taWdhdWx0QGVyaWNzc29uLmNvbT4NCkNjOiBMVVJLIEJvRiA8bHVya0BpZXRmLm9yZz4N ClN1YmplY3Q6IFJlOiBbTHVya10gbHVyayBpbnRlZ3JhdGlvbiB3aXRoIG9wZW5zc2wNCg0KDQpI aSwNCg0KVGhhbmtzIGZvciB0aGUgcmVzb3VyY2VzIGFuZCB0aGUgcGF0Y2gsIGl04oCZcyBkZWZp bml0ZWx5IGVhc2llciB0byBzb2x2ZSBpdCB0aGUgd2F5IHlvdSBkaWQgaW4gdGhlIGhhY2thdGhv bi4NCg0KSSBtYW5hZ2VkIHRvIGludGVncmF0ZSB0aGUgYmFzaWMgZnVuY3Rpb25hbGl0eSBvZiBM VVJLIGZvciBFQ0RIRSBhbmQgSeKAmW0gcHJlcGFyaW5nIHNvbWUgdGVzdHMsIEkgaG9wZSB0aGV5 4oCZcmUgZG9uZSBhbmQgdGhlIGNvZGUgY2xlYW5lZCB1cCBieSB0aGUgZW5kIG9mIHRoaXMgd2Vl ay4NCg0KUmVnYXJkaW5nIHRoZSBUTFMxMkVDREhFUmVxdWVzdFBheWxvYWQgWzFdLCBJIHRoaW5r IHRoZSBTaWduYXR1cmUgQWxnb3JpdGhtIGZpZWxkIGlzIG1pc3NpbmcgKGhhc2ggYW5kIHNpZ25h dHVyZSksIHRvIGluZGljYXRlIHRoZSBjaG9zZW4gYWxnb3JpdGhtcyBmb3IgdGhlIFRMUyBjb25u ZWN0aW9uLg0KDQpCZXN0IHJlZ2FyZHMsDQoNCkplc8O6cyBBbGJlcnRvDQoNClsxXSBodHRwczov L3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtbWdsdC1sdXJrLXRsczEyLTAwI3NlY3Rpb24tNy4x PGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1tZ2x0LWx1cmstdGxzMTItMDAlMjNz ZWN0aW9uLTcuMT4NCg0KT24gMjIgQXByIDIwMTgsIDEyOjA4ICswMjAwLCBEbWl0cnkgS3Jhdmtv diA8ZG1pdHJ5a0Bxd2lsdC5jb208bWFpbHRvOmRtaXRyeWtAcXdpbHQuY29tPj4sIHdyb3RlOg0K DQpIaSBKZXN1cyBBbGJlcnRvLA0KDQp0aGlzIGlzIGEgcGF0Y2ggZm9yIG9wZW5zc2wgdXNlZCBk dXJpbmcgMTAxIGhhY2thdGhvbg0KDQpJdCBsb29rcyB0aGF0IGRpcmVjdCBjYWxsaW5nIGZvciBs dXJrIGxpYnJhcnkgZnJvbSBzdGF0ZW1hY2hpbmUgd2lsbCBiZSBoYXJkIHRvIHB1c2ggdXBzdHJl YW0sIGJ1dCBhZGRpbmcgbW9yZSBjYWxsYmFja3MgZm9yIG1hc3RlciBzZWNyZXQgY2FsY3VsYXRp b24gdGhhdCBuZ2lueCAob3Igb3RoZXIgY2xpZW50KSByZWdpc3RlcnMgZm9yLCAgd2lsbCBiZSBl YXNpZXIgdG8gc3VibWl0Lg0KDQoNCk9uIEZyaSwgQXByIDIwLCAyMDE4IGF0IDk6MjYgUE0gRGFu aWVsIE1pZ2F1bHQgPGRhbmllbC5taWdhdWx0QGVyaWNzc29uLmNvbTxtYWlsdG86ZGFuaWVsLm1p Z2F1bHRAZXJpY3Nzb24uY29tPj4gd3JvdGU6DQpIaSBKZXN1cyBBbGJlcnRvLA0KVGhlcmUgaGF2 ZSBiZWVuIHNvbWUgZGlzY3Vzc2lvbnMgcmVnYXJkaW5nIHRoZSBpbnRlZ3JhdGlvbiBvZiBsdXJr IHdpdGggb3BlbnNzbCBkdXJpbmcgdGhlIGhhY2thdGhvbiwgc28gZmVlbCBmcmVlIHRvIHNoYXJl IHlvdXIgY29uY2VybnMgb24gdGhlIG1haWxpbmcgbGlzdC4uDQpIZXJlIGFyZSBzb21lIGxpbmtz IHlvdSBtaWdodCBmaW5kIG9mIGludGVyZXN0Og0KDQpodHRwczovL3d3dy5hZ3dhLm5hbWUvYmxv Zy9wb3N0L3Byb3RlY3RpbmdfdGhlX29wZW5zc2xfcHJpdmF0ZV9rZXlfaW5fYV9zZXBhcmF0ZV9w cm9jZXNzDQpodHRwczovL3d3dy5hZ3dhLm5hbWUvYmxvZy9wb3N0L3RpdHVzX2lzb2xhdGlvbl90 ZWNobmlxdWVzX2NvbnRpbnVlZA0KWW91cnMsDQpEYW5pZWwNCg0KDQpfX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KTHVyayBtYWlsaW5nIGxpc3QNCkx1cmtA aWV0Zi5vcmc8bWFpbHRvOkx1cmtAaWV0Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWls bWFuL2xpc3RpbmZvL2x1cmsNCi0tDQoNCkRtaXRyeSBLcmF2a292DQpRd2lsdCB8IFdvcms6ICs5 NzItNzItMjIyMTYzMCB8IE1vYmlsZTogKzk3Mi01NC00ODM5OTIzDQoNCmRtaXRyeWtBVHF3aWx0 LmNvbQ0K --_000_2DD56D786E600F45AC6BDE7DA4E8A8C118E4240Aeusaamb107erics_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiSGVsdmV0aWNhIE5ldWUiOw0KCXBhbm9z ZS0xOjAgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNv Tm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJn aW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2Fs aWJyaSIsc2Fucy1zZXJpZjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHls ZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7 fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlv cml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpw Lm1zb25vcm1hbDAsIGxpLm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1u YW1lOm1zb25vcm1hbDsNCgltc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6 MGluOw0KCW1zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglm b250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNw YW4uRW1haWxTdHlsZTIwDQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQt ZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0No cERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBw dDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEu MGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2Vj dGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVm YXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48 IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxv OmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwh W2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZsaW5r PSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPlRoYW5rcyBmb3IgdGhlIGZlZWQgYmFjayEgWWVzIGFic29sdXRlbHkgZm9yIGVjZGhlLCB0 aGUgc2lnX2FuZF9oYXNoIGlzIG1pc3NpbmcgZnJvbSB0aGUgc3BlYy4gSSBoYXZlIGFsc28gc2xp Z2h0bHkgY2hhbmdlZCB0aGUgZXh0ZW5kZWQgbWFzdGVyIHN0cnVjdHVyZSBieSBleGNoYW5naW5n IHRoZSBzZXNzaW9uX2hhc2ggYW5kIGVuY3J5cHRlZCBwcmVtYXN0ZXIuIEkgZXhwZWN0IHRvIGJl IGFibGUgdG8gdXBkYXRlDQogdGhlIGRyYWZ0IGJ5IG5leHQgd2VlayBhcyB3ZWxsLiBPbiBteSBw eXRob24gaW1wbGVtZW50YXRpb24gSSBhbSB1c2luZyB0aGUgZm9sbG93aW5nIHN0cnVjdHVyZXMg Zm9yIGVjZGhlLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5Zb3VycywgPG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5EYW5pZWw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VExT MTJFQ0RIRVJlcXVlc3RQYXlsb2FkID0gU3RydWN0KDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IEVtYmVkZGVkKFRMUzEyQmFzZSksPG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7 c2lnX2FuZF9oYXNoJnF1b3Q7IC8gU2lnbmF0dXJlQW5kSGFzaEFsZ29yaXRobSw8bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOyZuYnNwOyAmcXVvdDtlY2Ro ZV9wYXJhbXMmcXVvdDsgLyBTZXJ2ZXJFQ0RIUGFyYW1zLDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3Bvb19wYXJhbXMmcXVvdDsg LyBTdHJ1Y3QoPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7cG9vX3ByZiZxdW90OyAvIERl ZmF1bHQoIFBPT1BSRiwgJnF1b3Q7bnVsbCZxdW90OyApLDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 ICZxdW90O3JHJnF1b3Q7IC8gSWZUaGVuRWxzZSggdGhpcy5wb29fcHJmID09ICdudWxsJyw8bzpw PjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBQYXNzLDxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IFN3aXRj aCggdGhpcy5lY2RoZV9wYXJhbXMuY3VydmVfcGFyYW0uY3VydmUsPG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgezxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7ICZxdW90O3NlY3AyNTZyMSZxdW90OyA6IFVuY29tcHJlc3NlZFBvaW50UmVw cmVzZW50YXRpb25fMjU2LDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3NlY3AzODRyMSZxdW90OyA6IFVu Y29tcHJlc3NlZFBvaW50UmVwcmVzZW50YXRpb25fMzg0LDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3Nl Y3A1MTJyMSZxdW90OyA6IFVuY29tcHJlc3NlZFBvaW50UmVwcmVzZW50YXRpb25fNTEyPG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB9KSApLDxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3RHJnF1b3Q7IC8gSWZUaGVuRWxzZSggdGhpcy5wb29f cHJmID09ICdudWxsJyw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyBQYXNzLDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IFN3aXRjaCggdGhpcy5lY2RoZV9wYXJhbXMuY3VydmVf cGFyYW0uY3VydmUsPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgezxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7ICZxdW90O3NlY3AyNTZyMSZxdW90OyA6IFVuY29tcHJlc3NlZFBvaW50UmVwcmVz ZW50YXRpb25fMjU2LDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3NlY3AzODRyMSZx dW90OyA6IFVuY29tcHJlc3NlZFBvaW50UmVwcmVzZW50YXRpb25fMzg0LDxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7ICZxdW90O3NlY3A1MTJyMSZxdW90OyA6IFVuY29tcHJlc3NlZFBvaW50UmVw cmVzZW50YXRpb25fNTEyPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyB9KSApLDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5i c3A7Jm5ic3A7Jm5ic3A7ICk8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPik8 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+V2l0aCA8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VExT MTJCYXNlID0gU3RydWN0KDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5i c3A7Jm5ic3A7Jm5ic3A7ICZxdW90O2tleV9pZCZxdW90OyAvIEtleVBhaXJJRCAsPG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7Y2xp ZW50X3JhbmRvbSZxdW90OyAvIFJhbmRvbSw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPiZuYnNwOyZuYnNwOyZuYnNwOyAmcXVvdDtzZXJ2ZXJfcmFuZG9tJnF1b3Q7IC8gUmFu ZG9tLDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5i c3A7IDxzcGFuIGxhbmc9IkZSIj4mcXVvdDt0bHNfdmVyc2lvbiZxdW90OyAvJm5ic3A7IFByb3Rv Y29sVmVyc2lvbiw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBsYW5nPSJGUiI+Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3ByZiZxdW90OyAvIFBSRkFs Z29yaXRobTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IkZSIj4pPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gbGFuZz0iRlIiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkZSIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj5JIGhhdmUgYWxzbyBjaGFuZ2VkIHRoZSBzdHJ1Y3R1cmUgb2Yg dGhlIGV4dGVuZGVkIG1hc3RlciBieSBpbnRlcnZlcnRpbmcgdGhlIHNlc3Npb24gaGFzaCBhbmQg dGhlIGVuY3J5cHRlZCBtYXN0ZXIgdG8gZWFzZSB0aGUgcGFyc2luZy4NCjxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5zdHJ1Y3R7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4m bmJzcDsmbmJzcDsmbmJzcDsgS2V5UGFpcklEIGtleV9pZDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IFByb3RvY29sVmVyc2lvbiB0bHNfdmVy c2lvbiZuYnNwOyZuYnNwOyAvLyBzZWUgUkZDNTI0NiBzZWN0aW9uIDYuMi4xDQo8bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO1BSRkFs Z29yaXRobSBwcmYmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgLy8gc2VlIFJGQzUyNDYgc2VjdGlvbiA2 LjE8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOyZuYnNw OyBvcGFxdWUgc2Vzc2lvbl9oYXNoJmx0OzIuLi4yXjE2LTImZ3Q7Jm5ic3A7Jm5ic3A7IDxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 RW5jcnlwdGVkUHJlTWFzdGVyU2VjcmV0Jm5ic3A7IHByZV9tYXN0ZXIgPG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsv LyBzZWUgUkZDNTI0NiBzZWN0aW9uIDcuNC43LjE8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPn1UTFMxMkV4dGVuZGVkTWFzdGVyUlNBUmVxdWVzdFBheWxvYWQ7PG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsgXV0mZ3Q7Jmx0Oy9hcnR3b3JrJmd0OzxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdiBzdHls ZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4w cHQgMGluIDBpbiAwaW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+RnJvbTo8L2I+IEplc8O6 cyBBbGJlcnRvIFBvbG8gW21haWx0bzppZXRmQGplc3VzYWxiZXJ0by5tZV0NCjxicj4NCjxiPlNl bnQ6PC9iPiBUdWVzZGF5LCBBcHJpbCAyNCwgMjAxOCAxMToxMSBBTTxicj4NCjxiPlRvOjwvYj4g RG1pdHJ5IEtyYXZrb3YgJmx0O2RtaXRyeWtAcXdpbHQuY29tJmd0OzsgRGFuaWVsIE1pZ2F1bHQg Jmx0O2RhbmllbC5taWdhdWx0QGVyaWNzc29uLmNvbSZndDs8YnI+DQo8Yj5DYzo8L2I+IExVUksg Qm9GICZsdDtsdXJrQGlldGYub3JnJmd0Ozxicj4NCjxiPlN1YmplY3Q6PC9iPiBSZTogW0x1cmtd IGx1cmsgaW50ZWdyYXRpb24gd2l0aCBvcGVuc3NsPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwv ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2IG5h bWU9Im1lc3NhZ2VCb2R5U2VjdGlvbiI+DQo8cCBzdHlsZT0ibWFyZ2luOjBpbjttYXJnaW4tYm90 dG9tOi4wMDAxcHQiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZx dW90O0hlbHZldGljYSBOZXVlJnF1b3Q7LHNlcmlmO2NvbG9yOiMzMzMzMzMiPkhpLDxicj4NCjxi cj4NClRoYW5rcyBmb3IgdGhlIHJlc291cmNlcyBhbmQgdGhlIHBhdGNoLCBpdOKAmXMgZGVmaW5p dGVseSBlYXNpZXIgdG8gc29sdmUgaXQgdGhlIHdheSB5b3UgZGlkIGluIHRoZSBoYWNrYXRob24u PGJyPg0KPGJyPg0KSSBtYW5hZ2VkIHRvIGludGVncmF0ZSB0aGUgYmFzaWMgZnVuY3Rpb25hbGl0 eSBvZiBMVVJLIGZvciBFQ0RIRSBhbmQgSeKAmW0gcHJlcGFyaW5nIHNvbWUgdGVzdHMsIEkgaG9w ZSB0aGV54oCZcmUgZG9uZSBhbmQgdGhlIGNvZGUgY2xlYW5lZCB1cCBieSB0aGUgZW5kIG9mIHRo aXMgd2Vlay48YnI+DQo8YnI+DQpSZWdhcmRpbmcgdGhlIFRMUzEyRUNESEVSZXF1ZXN0UGF5bG9h ZCBbMV0sIEkgdGhpbmsgdGhlIDxpPlNpZ25hdHVyZSBBbGdvcml0aG08L2k+Jm5ic3A7ZmllbGQg aXMgbWlzc2luZyAoaGFzaCBhbmQgc2lnbmF0dXJlKSwgdG8gaW5kaWNhdGUgdGhlIGNob3NlbiBh bGdvcml0aG1zIGZvciB0aGUgVExTIGNvbm5lY3Rpb24uPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgc3R5bGU9Im1hcmdpbjowaW47bWFyZ2luLWJvdHRvbTouMDAwMXB0O2ZvbnQtc3RyZXRjaDog bm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtI ZWx2ZXRpY2EgTmV1ZSZxdW90OyxzZXJpZjtjb2xvcjojMzMzMzMzIj48YnI+DQpCZXN0IHJlZ2Fy ZHMsPGJyPg0KPGJyPg0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC41cHQ7Zm9udC1m YW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+SmVzw7pzIEFs YmVydG88L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7SGVsdmV0aWNhIE5ldWUmcXVvdDssc2VyaWY7Y29sb3I6IzMzMzMzMyI+PGJyPg0KPGJyPg0K WzFdIDxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1tZ2x0LWx1cmst dGxzMTItMDAlMjNzZWN0aW9uLTcuMSI+DQpodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh ZnQtbWdsdC1sdXJrLXRsczEyLTAwI3NlY3Rpb24tNy4xPC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdiBuYW1lPSJtZXNzYWdlUmVwbHlTZWN0aW9uIj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90 O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWYiPjxicj4NCk9uIDIyIEFwciAyMDE4LCAxMjowOCAmIzQz OzAyMDAsIERtaXRyeSBLcmF2a292ICZsdDs8YSBocmVmPSJtYWlsdG86ZG1pdHJ5a0Bxd2lsdC5j b20iPmRtaXRyeWtAcXdpbHQuY29tPC9hPiZndDssIHdyb3RlOjxicj4NCjxicj4NCjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVm dDpzb2xpZCAjMUFCQzlDIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gOC4wcHQ7bWFyZ2luLWxl ZnQ6My43NXB0O21hcmdpbi10b3A6My43NXB0O21hcmdpbi1yaWdodDozLjc1cHQ7bWFyZ2luLWJv dHRvbTozLjc1cHQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5z LXNlcmlmIj5IaSBKZXN1cyBBbGJlcnRvLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0 O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWYiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNh bnMtc2VyaWYiPnRoaXMgaXMgYSBwYXRjaCBmb3Igb3BlbnNzbCB1c2VkIGR1cmluZyAxMDEgaGFj a2F0aG9uPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 QXJpYWwmcXVvdDssc2Fucy1zZXJpZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZiI+SXQgbG9va3Mg dGhhdCBkaXJlY3QgY2FsbGluZyBmb3IgbHVyayBsaWJyYXJ5IGZyb20gc3RhdGVtYWNoaW5lIHdp bGwgYmUgaGFyZCB0byBwdXNoIHVwc3RyZWFtLCBidXQgYWRkaW5nIG1vcmUgY2FsbGJhY2tzIGZv ciBtYXN0ZXIgc2VjcmV0IGNhbGN1bGF0aW9uIHRoYXQgbmdpbnggKG9yIG90aGVyIGNsaWVudCkN CiByZWdpc3RlcnMgZm9yLCZuYnNwOyB3aWxsIGJlIGVhc2llciB0byBzdWJtaXQuPG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fu cy1zZXJpZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1p bHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90 OyxzYW5zLXNlcmlmIj5PbiBGcmksIEFwciAyMCwgMjAxOCBhdCA5OjI2IFBNIERhbmllbCBNaWdh dWx0ICZsdDs8YSBocmVmPSJtYWlsdG86ZGFuaWVsLm1pZ2F1bHRAZXJpY3Nzb24uY29tIj5kYW5p ZWwubWlnYXVsdEBlcmljc3Nvbi5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpz b2xpZCAjRTY3RTIyIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gOC4wcHQ7bWFyZ2luLWxlZnQ6 My43NXB0O21hcmdpbi10b3A6My43NXB0O21hcmdpbi1yaWdodDozLjc1cHQ7bWFyZ2luLWJvdHRv bTozLjc1cHQiPg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWYiPkhp IEplc3VzIEFsYmVydG8sPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWYiPlRo ZXJlIGhhdmUgYmVlbiBzb21lIGRpc2N1c3Npb25zIHJlZ2FyZGluZyB0aGUgaW50ZWdyYXRpb24g b2YgbHVyayB3aXRoIG9wZW5zc2wgZHVyaW5nIHRoZSBoYWNrYXRob24sIHNvIGZlZWwgZnJlZSB0 byBzaGFyZSB5b3VyIGNvbmNlcm5zIG9uIHRoZQ0KIG1haWxpbmcgbGlzdC4uPG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJv dHRvbToxMi4wcHQiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZx dW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWYiPkhlcmUgYXJlIHNvbWUgbGlua3MgeW91IG1pZ2h0 IGZpbmQgb2YgaW50ZXJlc3Q6PGJyPg0KPGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuYWd3YS5u YW1lL2Jsb2cvcG9zdC9wcm90ZWN0aW5nX3RoZV9vcGVuc3NsX3ByaXZhdGVfa2V5X2luX2Ffc2Vw YXJhdGVfcHJvY2VzcyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vd3d3LmFnd2EubmFtZS9ibG9n L3Bvc3QvcHJvdGVjdGluZ190aGVfb3BlbnNzbF9wcml2YXRlX2tleV9pbl9hX3NlcGFyYXRlX3By b2Nlc3M8L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuYWd3YS5uYW1lL2Jsb2cvcG9zdC90 aXR1c19pc29sYXRpb25fdGVjaG5pcXVlc19jb250aW51ZWQiIHRhcmdldD0iX2JsYW5rIj5odHRw czovL3d3dy5hZ3dhLm5hbWUvYmxvZy9wb3N0L3RpdHVzX2lzb2xhdGlvbl90ZWNobmlxdWVzX2Nv bnRpbnVlZDwvYT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0Fy aWFsJnF1b3Q7LHNhbnMtc2VyaWYiPllvdXJzLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZiI+RGFuaWVsPG86cD48L286cD48 L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNl cmlmIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMt c2VyaWYiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rp dj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMt c2VyaWYiPl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJy Pg0KTHVyayBtYWlsaW5nIGxpc3Q8YnI+DQo8YSBocmVmPSJtYWlsdG86THVya0BpZXRmLm9yZyIg dGFyZ2V0PSJfYmxhbmsiPkx1cmtAaWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93 d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9sdXJrIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6 Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9sdXJrPC9hPjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90 O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWYiPi0tPG86cD48L286cD48L3NwYW4+PC9wPg0KPGRpdj4N CjxkaXY+DQo8cD48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTom cXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmIj5EbWl0cnkgS3Jhdmtvdjwvc3Bhbj48L2I+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDss c2Fucy1zZXJpZiI+PGJyPg0KUXdpbHQgfCBXb3JrOiAmIzQzOzk3Mi03Mi0yMjIxNjMwIHwgTW9i aWxlOiAmIzQzOzk3Mi01NC00ODM5OTIzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHA+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fu cy1zZXJpZiI+ZG1pdHJ5a0FUcXdpbHQuY29tPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+ DQo= --_000_2DD56D786E600F45AC6BDE7DA4E8A8C118E4240Aeusaamb107erics_-- From nobody Thu Apr 26 14:46:17 2018 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 414F912D7EA for ; Thu, 26 Apr 2018 14:46:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BooGEr86AxRo for ; Thu, 26 Apr 2018 14:46:14 -0700 (PDT) Received: from mail-lf0-x232.google.com (mail-lf0-x232.google.com [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D12412AF83 for ; Thu, 26 Apr 2018 14:46:13 -0700 (PDT) Received: by mail-lf0-x232.google.com with SMTP id q5-v6so32856380lff.12 for ; Thu, 26 Apr 2018 14:46:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=NhFPLfEVZSkZRWomrjXRaP080ZtIgkWb1pBXISDLA18=; b=WqCvkn5aVQBgtwpmpH4Fg3ceACoR3FED6/Ertj7xvCjoGqMgjjGma+1jMXfcuUjQ3P Iiy4cWUCSs/osVX4IT7bviSD8Sx6hdPjpozVOZ+cqo5nfCwWRdTXiL08BfBq7IBz9H4k A0B0HLZmTBw6L9v/v2GxXRq197nQrCMMgW0BHKntZq6XyvrH3knxlQ1TWTSJSAuvUcNx x+fchSLQjlgMKpZwMuGJIg4JMKJJnVLZm2+WY91lZUs2RWZz8QLNg2UrNM9L/h9COaR3 s/CH5P3zZq3mmYPOyZI9dGo6ggrtS+JXwl2IHdhCmCtApgREEBzCYHekztVXwXNzHbXi gJSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=NhFPLfEVZSkZRWomrjXRaP080ZtIgkWb1pBXISDLA18=; b=EcVIxtljkhSZez/g1jIC2McW87AF3NRry2JYZZXnu+NQQSdivxxcYG1Kv3T5lG6sFe d0POW4naY6lWLqHktBpy8F0kKicog2gVQW070eZwA52VdtIp4XR6qNH7dFN3BvvoFENG SNH3xmAAr0JxjXNcu6ldrAh44LCI69ahbWf7Wu21mgrrY6z4ViT77NU9hXbo6FYwDVPj PF59p7RboQ4An/aRsV2vhGWPS7zDA6ulBjySNOy43CVUS8ge86b7TMAlvLTmzc8hk13I lNxCNaZi0tQcMiMdYfD6krjsl94pljzGDFPgq6lwBJousCrE7WD4RxBCc/mD98NR9tzN EPYQ== X-Gm-Message-State: ALQs6tAs4LgsBSlY6nLlrI0e0UCCbEP/8kojseDXN3lRkvUF8MN/A7XA ymr7gNtaO3x0+cubei4tQgN8fdNFC/aOo4qESPUaXQ== X-Google-Smtp-Source: AB8JxZrfKF9+dDxq4vtg+fUGChEkaDbvosMSdYw27tanrMyoFkiiFLMPm59P6O2RTT7wIn3+UReJhpIPJLqZAQD21YQ= X-Received: by 2002:a19:2bc6:: with SMTP id r189-v6mr17128282lfr.24.1524779171660; Thu, 26 Apr 2018 14:46:11 -0700 (PDT) MIME-Version: 1.0 Sender: mglt.ietf@gmail.com Received: by 10.46.78.10 with HTTP; Thu, 26 Apr 2018 14:46:11 -0700 (PDT) From: Daniel Migault Date: Thu, 26 Apr 2018 17:46:11 -0400 X-Google-Sender-Auth: UEJwLs4noloxCUEonffO8bYAsMY Message-ID: To: LURK BoF Content-Type: multipart/alternative; boundary="000000000000e349f8056ac75086" Archived-At: Subject: [Lurk] draft-mglt-lurk-tls12 on github X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 21:46:16 -0000 --000000000000e349f8056ac75086 Content-Type: text/plain; charset="UTF-8" Hi, In order to ease comments and feed backs from implementations, draft-mglt-lurk-tls12 is available on github[1]. Feel free to comment or propose text via github. Yours, Daniel [1] https://github.com/mglt/draft-mglt-lurk-tls12/blob/master/draft-mglt-lurk-tls12.mkd --000000000000e349f8056ac75086 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

In order to ease comments= and feed backs from implementations, draft-mglt-lurk-tls12 is available on= github[1]. Feel free to comment or propose text via github.=C2=A0

=
Yours,
Daniel
--000000000000e349f8056ac75086--