From nobody Tue May 1 09:51:49 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30B521273B1; Tue, 1 May 2018 09:51:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7fYq_2ydNOX0; Tue, 1 May 2018 09:51:38 -0700 (PDT) Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 862BC12DB6B; Tue, 1 May 2018 09:51:36 -0700 (PDT) Received: from ashurbanipal.fw5540.net (fw5540.nrl.navy.mil [132.250.196.100]) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id w41GpYGu026400 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Tue, 1 May 2018 12:51:35 -0400 From: Catherine Meadows Content-Type: multipart/alternative; boundary="Apple-Mail=_AF1DCCAE-3956-4F8B-84AC-4FE6DA232327" Date: Tue, 1 May 2018 12:51:34 -0400 Message-Id: <8B342EAB-8678-4FC4-B793-3BEA944AC523@nrl.navy.mil> To: secdir@ietf.org, iesg@ietf.org, draft-ietf-teas-actn-framework.all@ietf.org Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) X-CCS-MailScanner: No viruses found. X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email Archived-At: Subject: [secdir] SECDIR Review of draft-ietf-teas-actn-framework-13 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 May 2018 16:51:42 -0000 --Apple-Mail=_AF1DCCAE-3956-4F8B-84AC-4FE6DA232327 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I have reviewed this document as part of the security directorate's=20 ongoing effort to review all IETF documents being processed by the=20 IESG. These comments were written primarily for the benefit of the=20 security area directors. Document editors and WG chairs should treat=20 these comments just like any other last call comments. The summary of the review is Ready with Nits. This draft describes a framework for abstraction and control of traffic = engineered networks (ACTN). According to the abstract, a traffic engineered network is a network = that =20 uses any connection-oriented technology under the control of a = distributed or centralized control plane to support dynamic provisioning of end-to-end = connectivity. Abstraction in this context is a technique can be applied across a = single or multiply domains to create a single virtualized network under the control of a network = operator or owner. This is thus a very broad topic, and the ID is informational only. The = most important part is probably the description of the ACTN base architecture. It describes = three components: the Customer Network Controller (CNC) responsible for communicating the customer=E2=80=99s requirements to the network = provider , the=20 Multi-Domain Servicing Coordinator (MDSC), responsible for implementing = ACTN functions, and the Provisioning Network Controller (PNC), responsible for configuration and topology management. It also describes = as the interfaces between them. The document also gives a description of some more advanced ACTN architectures, a description of several topology abstraction methods, and an example = of an advanced ACTN application: a multi-destination servers. =20 The security considerations section, while it lists some general = considerations that would hold for any kind of network, mainly concentrates on the two interfaces = between the components: the CNC-MDSC (CMI) and the MDSC-PNC (MPI) = interfaces. It gives a good overview of the types of security risks that might arise = with respect to the two interfaces, and the means for mitigating them. For the rest, it defers security = considerations to the specific applications, which I assume would be handled by other working groups. I believe that this = is reasonable for an informational document that is providing a general framework.=20 A nit: I couldn=E2=80=99t parse the last sentence of Section 9.3: =20 Which MDSC the PNC exports topology information to, and the level of detail (full or abstracted) should also be authenticated and specific access restrictions and topology views, should be configurable and/or policy-based. I think it may be the commas are misplaced, and what you really want to = say is this: =20 Which MDSC the PNC exports topology information to, and the level of detail (full or abstracted), should also be authenticated, and specific access restrictions and topology views should be configurable and/or policy-based. Cathy Meadows =20 Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil = --Apple-Mail=_AF1DCCAE-3956-4F8B-84AC-4FE6DA232327 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
I have reviewed this document = as part of the security directorate's 
ongoing = effort to review all IETF documents being processed by = the 
IESG.  These comments were written = primarily for the benefit of the 
security = area directors.  Document editors and WG chairs should = treat 
these comments just like any other last = call comments.

The summary of the review is Ready with Nits.

This draft describes a framework for = abstraction and control of traffic engineered networks (ACTN).
According to the abstract, a traffic engineered network is a = network that  
uses any connection-oriented = technology under the control of a distributed or
centralized control plane to support dynamic provisioning of = end-to-end connectivity.
Abstraction in this = context is a technique can be applied across a single or multiply = domains
to create a single virtualized network = under the control of a network operator or owner.
This is thus a very broad topic, and the ID is informational = only. The most important part
is probably the = description of the ACTN base architecture.  It describes three = components: the Customer Network Controller (CNC) responsible
for communicating the customer=E2=80=99s requirements to the = network provider , the 
Multi-Domain Servicing = Coordinator (MDSC), responsible for implementing ACTN functions, and the = Provisioning Network Controller (PNC),
responsible = for configuration and topology management. It also describes as the = interfaces between them.  The document also gives
a description of some more advanced ACTN = architectures,
a description of  several = topology abstraction methods, and an example of an advanced ACTN = application: a multi-destination servers.
  

The security considerations section, while it lists some = general considerations that would
hold for any kind = of network, mainly concentrates on the two interfaces between the = components: the CNC-MDSC (CMI) and the MDSC-PNC (MPI) = interfaces.
It gives a good overview of the types = of security risks that might arise with respect to the two = interfaces,
and the means for mitigating them. =  For the rest, it defers security considerations to the specific = applications, which
I assume would be handled by = other working groups.  I believe that this is reasonable for an = informational document
that is providing a general = framework. 

A nit:

I couldn=E2=80=99t parse the last sentence of Section = 9.3:

 
   Which MDSC the PNC exports topology information = to, and the level of
   detail (full or = abstracted) should also be authenticated and
  =  specific access restrictions and topology views, should = be
   configurable and/or = policy-based.

I think it may be the commas are misplaced, and what you = really want to say is this:

 
   Which MDSC the PNC = exports topology information to, and the level of
   detail (full or abstracted), should also be = authenticated, and
   specific access = restrictions and topology views should be
  =  configurable and/or policy-based.



Cathy Meadows
 
Catherine Meadows
Naval Research = Laboratory
Code 5543
4555 Overlook Ave., = S.W.
Washington DC, 20375
phone: = 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil

= --Apple-Mail=_AF1DCCAE-3956-4F8B-84AC-4FE6DA232327-- From nobody Tue May 1 11:37:52 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE27E12E9D9; Tue, 1 May 2018 11:37:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.198 X-Spam-Level: X-Spam-Status: No, score=-3.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BacXraMRfzze; Tue, 1 May 2018 11:37:42 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DF92126B6D; Tue, 1 May 2018 11:37:42 -0700 (PDT) Received: from lhreml701-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 2906ABE956D16; Tue, 1 May 2018 19:37:38 +0100 (IST) Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml701-cah.china.huawei.com (10.201.108.42) with Microsoft SMTP Server (TLS) id 14.3.382.0; Tue, 1 May 2018 19:37:39 +0100 Received: from SJCEML521-MBX.china.huawei.com ([169.254.1.34]) by SJCEML703-CHM.china.huawei.com ([169.254.5.239]) with mapi id 14.03.0382.000; Tue, 1 May 2018 11:37:35 -0700 From: Leeyoung To: Catherine Meadows , "secdir@ietf.org" , "iesg@ietf.org" , "draft-ietf-teas-actn-framework.all@ietf.org" Thread-Topic: SECDIR Review of draft-ietf-teas-actn-framework-13 Thread-Index: AQHT4Wy2Hsu3pCw+EEKp0Sy+v2VlCqQbMv9w Date: Tue, 1 May 2018 18:37:34 +0000 Message-ID: <7AEB3D6833318045B4AE71C2C87E8E173CFE4EA5@sjceml521-mbx.china.huawei.com> References: <8B342EAB-8678-4FC4-B793-3BEA944AC523@nrl.navy.mil> In-Reply-To: <8B342EAB-8678-4FC4-B793-3BEA944AC523@nrl.navy.mil> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.192.11.77] Content-Type: multipart/alternative; boundary="_000_7AEB3D6833318045B4AE71C2C87E8E173CFE4EA5sjceml521mbxchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [secdir] SECDIR Review of draft-ietf-teas-actn-framework-13 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 May 2018 18:37:46 -0000 --_000_7AEB3D6833318045B4AE71C2C87E8E173CFE4EA5sjceml521mbxchi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgQ2F0aHksDQoNClRoYW5rcyBmb3IgcHJvdmlkaW5nIHlvdXIgcmV2aWV3IG9mIHRoaXMgZHJh ZnQuDQoNCldlIGFncmVlIHdpdGggYWxsIHlvdXIgY29tbWVudHMuIFRoZSBOaXRzIHdpbGwgYmUg Zml4ZWQgaW4gdGhlIHJldmlzaW9uLg0KDQpCZXN0IHJlZ2FyZHMsDQpZb3VuZyAmIERhbmllbGUN Cg0KRnJvbTogQ2F0aGVyaW5lIE1lYWRvd3MgW21haWx0bzpjYXRoZXJpbmUubWVhZG93c0Bucmwu bmF2eS5taWxdDQpTZW50OiBUdWVzZGF5LCBNYXkgMDEsIDIwMTggMTE6NTIgQU0NClRvOiBzZWNk aXJAaWV0Zi5vcmc7IGllc2dAaWV0Zi5vcmc7IGRyYWZ0LWlldGYtdGVhcy1hY3RuLWZyYW1ld29y ay5hbGxAaWV0Zi5vcmcNCkNjOiBDYXRoZXJpbmUgTWVhZG93cyA8Y2F0aGVyaW5lLm1lYWRvd3NA bnJsLm5hdnkubWlsPg0KU3ViamVjdDogU0VDRElSIFJldmlldyBvZiBkcmFmdC1pZXRmLXRlYXMt YWN0bi1mcmFtZXdvcmstMTMNCg0KSSBoYXZlIHJldmlld2VkIHRoaXMgZG9jdW1lbnQgYXMgcGFy dCBvZiB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUncw0Kb25nb2luZyBlZmZvcnQgdG8gcmV2aWV3 IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlDQpJRVNHLiAgVGhlc2Ug Y29tbWVudHMgd2VyZSB3cml0dGVuIHByaW1hcmlseSBmb3IgdGhlIGJlbmVmaXQgb2YgdGhlDQpz ZWN1cml0eSBhcmVhIGRpcmVjdG9ycy4gIERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNoYWlycyBz aG91bGQgdHJlYXQNCnRoZXNlIGNvbW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxs IGNvbW1lbnRzLg0KDQpUaGUgc3VtbWFyeSBvZiB0aGUgcmV2aWV3IGlzIFJlYWR5IHdpdGggTml0 cy4NCg0KVGhpcyBkcmFmdCBkZXNjcmliZXMgYSBmcmFtZXdvcmsgZm9yIGFic3RyYWN0aW9uIGFu ZCBjb250cm9sIG9mIHRyYWZmaWMgZW5naW5lZXJlZCBuZXR3b3JrcyAoQUNUTikuDQpBY2NvcmRp bmcgdG8gdGhlIGFic3RyYWN0LCBhIHRyYWZmaWMgZW5naW5lZXJlZCBuZXR3b3JrIGlzIGEgbmV0 d29yayB0aGF0DQp1c2VzIGFueSBjb25uZWN0aW9uLW9yaWVudGVkIHRlY2hub2xvZ3kgdW5kZXIg dGhlIGNvbnRyb2wgb2YgYSBkaXN0cmlidXRlZCBvcg0KY2VudHJhbGl6ZWQgY29udHJvbCBwbGFu ZSB0byBzdXBwb3J0IGR5bmFtaWMgcHJvdmlzaW9uaW5nIG9mIGVuZC10by1lbmQgY29ubmVjdGl2 aXR5Lg0KQWJzdHJhY3Rpb24gaW4gdGhpcyBjb250ZXh0IGlzIGEgdGVjaG5pcXVlIGNhbiBiZSBh cHBsaWVkIGFjcm9zcyBhIHNpbmdsZSBvciBtdWx0aXBseSBkb21haW5zDQp0byBjcmVhdGUgYSBz aW5nbGUgdmlydHVhbGl6ZWQgbmV0d29yayB1bmRlciB0aGUgY29udHJvbCBvZiBhIG5ldHdvcmsg b3BlcmF0b3Igb3Igb3duZXIuDQpUaGlzIGlzIHRodXMgYSB2ZXJ5IGJyb2FkIHRvcGljLCBhbmQg dGhlIElEIGlzIGluZm9ybWF0aW9uYWwgb25seS4gVGhlIG1vc3QgaW1wb3J0YW50IHBhcnQNCmlz IHByb2JhYmx5IHRoZSBkZXNjcmlwdGlvbiBvZiB0aGUgQUNUTiBiYXNlIGFyY2hpdGVjdHVyZS4g IEl0IGRlc2NyaWJlcyB0aHJlZSBjb21wb25lbnRzOiB0aGUgQ3VzdG9tZXIgTmV0d29yayBDb250 cm9sbGVyIChDTkMpIHJlc3BvbnNpYmxlDQpmb3IgY29tbXVuaWNhdGluZyB0aGUgY3VzdG9tZXLi gJlzIHJlcXVpcmVtZW50cyB0byB0aGUgbmV0d29yayBwcm92aWRlciAsIHRoZQ0KTXVsdGktRG9t YWluIFNlcnZpY2luZyBDb29yZGluYXRvciAoTURTQyksIHJlc3BvbnNpYmxlIGZvciBpbXBsZW1l bnRpbmcgQUNUTiBmdW5jdGlvbnMsIGFuZCB0aGUgUHJvdmlzaW9uaW5nIE5ldHdvcmsgQ29udHJv bGxlciAoUE5DKSwNCnJlc3BvbnNpYmxlIGZvciBjb25maWd1cmF0aW9uIGFuZCB0b3BvbG9neSBt YW5hZ2VtZW50LiBJdCBhbHNvIGRlc2NyaWJlcyBhcyB0aGUgaW50ZXJmYWNlcyBiZXR3ZWVuIHRo ZW0uICBUaGUgZG9jdW1lbnQgYWxzbyBnaXZlcw0KYSBkZXNjcmlwdGlvbiBvZiBzb21lIG1vcmUg YWR2YW5jZWQgQUNUTiBhcmNoaXRlY3R1cmVzLA0KYSBkZXNjcmlwdGlvbiBvZiAgc2V2ZXJhbCB0 b3BvbG9neSBhYnN0cmFjdGlvbiBtZXRob2RzLCBhbmQgYW4gZXhhbXBsZSBvZiBhbiBhZHZhbmNl ZCBBQ1ROIGFwcGxpY2F0aW9uOiBhIG11bHRpLWRlc3RpbmF0aW9uIHNlcnZlcnMuDQoNCg0KVGhl IHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHNlY3Rpb24sIHdoaWxlIGl0IGxpc3RzIHNvbWUgZ2Vu ZXJhbCBjb25zaWRlcmF0aW9ucyB0aGF0IHdvdWxkDQpob2xkIGZvciBhbnkga2luZCBvZiBuZXR3 b3JrLCBtYWlubHkgY29uY2VudHJhdGVzIG9uIHRoZSB0d28gaW50ZXJmYWNlcyBiZXR3ZWVuIHRo ZSBjb21wb25lbnRzOiB0aGUgQ05DLU1EU0MgKENNSSkgYW5kIHRoZSBNRFNDLVBOQyAoTVBJKSBp bnRlcmZhY2VzLg0KSXQgZ2l2ZXMgYSBnb29kIG92ZXJ2aWV3IG9mIHRoZSB0eXBlcyBvZiBzZWN1 cml0eSByaXNrcyB0aGF0IG1pZ2h0IGFyaXNlIHdpdGggcmVzcGVjdCB0byB0aGUgdHdvIGludGVy ZmFjZXMsDQphbmQgdGhlIG1lYW5zIGZvciBtaXRpZ2F0aW5nIHRoZW0uICBGb3IgdGhlIHJlc3Qs IGl0IGRlZmVycyBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyB0byB0aGUgc3BlY2lmaWMgYXBwbGlj YXRpb25zLCB3aGljaA0KSSBhc3N1bWUgd291bGQgYmUgaGFuZGxlZCBieSBvdGhlciB3b3JraW5n IGdyb3Vwcy4gIEkgYmVsaWV2ZSB0aGF0IHRoaXMgaXMgcmVhc29uYWJsZSBmb3IgYW4gaW5mb3Jt YXRpb25hbCBkb2N1bWVudA0KdGhhdCBpcyBwcm92aWRpbmcgYSBnZW5lcmFsIGZyYW1ld29yay4N Cg0KQSBuaXQ6DQoNCkkgY291bGRu4oCZdCBwYXJzZSB0aGUgbGFzdCBzZW50ZW5jZSBvZiBTZWN0 aW9uIDkuMzoNCg0KDQogICBXaGljaCBNRFNDIHRoZSBQTkMgZXhwb3J0cyB0b3BvbG9neSBpbmZv cm1hdGlvbiB0bywgYW5kIHRoZSBsZXZlbCBvZg0KICAgZGV0YWlsIChmdWxsIG9yIGFic3RyYWN0 ZWQpIHNob3VsZCBhbHNvIGJlIGF1dGhlbnRpY2F0ZWQgYW5kDQogICBzcGVjaWZpYyBhY2Nlc3Mg cmVzdHJpY3Rpb25zIGFuZCB0b3BvbG9neSB2aWV3cywgc2hvdWxkIGJlDQogICBjb25maWd1cmFi bGUgYW5kL29yIHBvbGljeS1iYXNlZC4NCg0KSSB0aGluayBpdCBtYXkgYmUgdGhlIGNvbW1hcyBh cmUgbWlzcGxhY2VkLCBhbmQgd2hhdCB5b3UgcmVhbGx5IHdhbnQgdG8gc2F5IGlzIHRoaXM6DQoN Cg0KICAgV2hpY2ggTURTQyB0aGUgUE5DIGV4cG9ydHMgdG9wb2xvZ3kgaW5mb3JtYXRpb24gdG8s IGFuZCB0aGUgbGV2ZWwgb2YNCiAgIGRldGFpbCAoZnVsbCBvciBhYnN0cmFjdGVkKSwgc2hvdWxk IGFsc28gYmUgYXV0aGVudGljYXRlZCwgYW5kDQogICBzcGVjaWZpYyBhY2Nlc3MgcmVzdHJpY3Rp b25zIGFuZCB0b3BvbG9neSB2aWV3cyBzaG91bGQgYmUNCiAgIGNvbmZpZ3VyYWJsZSBhbmQvb3Ig cG9saWN5LWJhc2VkLg0KDQoNCg0KQ2F0aHkgTWVhZG93cw0KDQpDYXRoZXJpbmUgTWVhZG93cw0K TmF2YWwgUmVzZWFyY2ggTGFib3JhdG9yeQ0KQ29kZSA1NTQzDQo0NTU1IE92ZXJsb29rIEF2ZS4s IFMuVy4NCldhc2hpbmd0b24gREMsIDIwMzc1DQpwaG9uZTogMjAyLTc2Ny0zNDkwDQpmYXg6IDIw Mi00MDQtNzk0Mg0KZW1haWw6IGNhdGhlcmluZS5tZWFkb3dzQG5ybC5uYXZ5Lm1pbDxtYWlsdG86 Y2F0aGVyaW5lLm1lYWRvd3NAbnJsLm5hdnkubWlsPg0KDQo= --_000_7AEB3D6833318045B4AE71C2C87E8E173CFE4EA5sjceml521mbxchi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjt9 DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglj b2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpw dXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFuLmFwcGxlLXN0eWxlLXNw YW4NCgl7bXNvLXN0eWxlLW5hbWU6YXBwbGUtc3R5bGUtc3Bhbjt9DQpzcGFuLkVtYWlsU3R5bGUx OA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJy aSIsc2Fucy1zZXJpZjsNCgljb2xvcjojMUY0OTdEO30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1z dHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNl Y3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAx LjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5 bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0 IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDld Pjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRp dCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVh ZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYg Y2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy aWY7Y29sb3I6IzFGNDk3RCI+SGkgQ2F0aHksPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtj b2xvcjojMUY0OTdEIj5UaGFua3MgZm9yIHByb3ZpZGluZyB5b3VyIHJldmlldyBvZiB0aGlzIGRy YWZ0Lg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oyxz YW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5XZSBhZ3Jl ZSB3aXRoIGFsbCB5b3VyIGNvbW1lbnRzLiBUaGUgTml0cyB3aWxsIGJlIGZpeGVkIGluIHRoZSBy ZXZpc2lvbi4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+QmVz dCByZWdhcmRzLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5Zb3VuZyAmYW1wOyBEYW5pZWxlPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9y OiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxl PSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBw dCAwaW4gMGluIDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYi PkZyb206PC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPiBDYXRoZXJpbmUgTWVhZG93cyBbbWFp bHRvOmNhdGhlcmluZS5tZWFkb3dzQG5ybC5uYXZ5Lm1pbF0NCjxicj4NCjxiPlNlbnQ6PC9iPiBU dWVzZGF5LCBNYXkgMDEsIDIwMTggMTE6NTIgQU08YnI+DQo8Yj5Ubzo8L2I+IHNlY2RpckBpZXRm Lm9yZzsgaWVzZ0BpZXRmLm9yZzsgZHJhZnQtaWV0Zi10ZWFzLWFjdG4tZnJhbWV3b3JrLmFsbEBp ZXRmLm9yZzxicj4NCjxiPkNjOjwvYj4gQ2F0aGVyaW5lIE1lYWRvd3MgJmx0O2NhdGhlcmluZS5t ZWFkb3dzQG5ybC5uYXZ5Lm1pbCZndDs8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gU0VDRElSIFJldmll dyBvZiBkcmFmdC1pZXRmLXRlYXMtYWN0bi1mcmFtZXdvcmstMTM8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgaGF2ZSByZXZpZXdl ZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3MmbmJz cDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPm9u Z29pbmcgZWZmb3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2Vk IGJ5IHRoZSZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+SUVTRy4gJm5ic3A7VGhlc2UgY29tbWVudHMgd2VyZSB3cml0dGVuIHByaW1hcmls eSBmb3IgdGhlIGJlbmVmaXQgb2YgdGhlJm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5zZWN1cml0eSBhcmVhIGRpcmVjdG9ycy4gJm5ic3A7 RG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+dGhlc2UgY29tbWVu dHMganVzdCBsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwgY29tbWVudHMuPG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoZSBzdW1tYXJ5IG9mIHRo ZSByZXZpZXcgaXMgUmVhZHkgd2l0aCBOaXRzLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwv ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhpcyBkcmFmdCBkZXNjcmliZXMgYSBmcmFtZXdv cmsgZm9yIGFic3RyYWN0aW9uIGFuZCBjb250cm9sIG9mIHRyYWZmaWMgZW5naW5lZXJlZCBuZXR3 b3JrcyAoQUNUTikuPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ QWNjb3JkaW5nIHRvIHRoZSBhYnN0cmFjdCwgYSB0cmFmZmljIGVuZ2luZWVyZWQgbmV0d29yayBp cyBhIG5ldHdvcmsgdGhhdCAmbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPnVzZXMgYW55IGNvbm5lY3Rpb24tb3JpZW50ZWQgdGVjaG5vbG9n eSB1bmRlciB0aGUgY29udHJvbCBvZiBhIGRpc3RyaWJ1dGVkIG9yPG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5jZW50cmFsaXplZCBjb250cm9sIHBs YW5lIHRvIHN1cHBvcnQgZHluYW1pYyBwcm92aXNpb25pbmcgb2YgZW5kLXRvLWVuZCBjb25uZWN0 aXZpdHkuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5BYnN0cmFjdGlvbiBpbiB0aGlzIGNvbnRleHQgaXMgYSB0ZWNobmlxdWUgY2FuIGJlIGFwcGxp ZWQgYWNyb3NzIGEgc2luZ2xlIG9yIG11bHRpcGx5IGRvbWFpbnM8bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPnRvIGNyZWF0ZSBhIHNpbmdsZSB2aXJ0 dWFsaXplZCBuZXR3b3JrIHVuZGVyIHRoZSBjb250cm9sIG9mIGEgbmV0d29yayBvcGVyYXRvciBv ciBvd25lci48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPlRoaXMgaXMgdGh1cyBhIHZlcnkgYnJvYWQgdG9waWMsIGFuZCB0aGUgSUQgaXMgaW5mb3Jt YXRpb25hbCBvbmx5LiBUaGUgbW9zdCBpbXBvcnRhbnQgcGFydDxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+aXMgcHJvYmFibHkgdGhlIGRlc2NyaXB0 aW9uIG9mIHRoZSBBQ1ROIGJhc2UgYXJjaGl0ZWN0dXJlLiAmbmJzcDtJdCBkZXNjcmliZXMgdGhy ZWUgY29tcG9uZW50czogdGhlIEN1c3RvbWVyIE5ldHdvcmsgQ29udHJvbGxlciAoQ05DKSByZXNw b25zaWJsZTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+Zm9yIGNvbW11bmljYXRpbmcgdGhlIGN1c3RvbWVy4oCZcyByZXF1aXJlbWVudHMgdG8gdGhl IG5ldHdvcmsgcHJvdmlkZXIgLCB0aGUmbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk11bHRpLURvbWFpbiBTZXJ2aWNpbmcgQ29vcmRpbmF0 b3IgKE1EU0MpLCByZXNwb25zaWJsZSBmb3IgaW1wbGVtZW50aW5nIEFDVE4gZnVuY3Rpb25zLCBh bmQgdGhlIFByb3Zpc2lvbmluZyBOZXR3b3JrIENvbnRyb2xsZXIgKFBOQyksPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5yZXNwb25zaWJsZSBmb3Ig Y29uZmlndXJhdGlvbiBhbmQgdG9wb2xvZ3kgbWFuYWdlbWVudC4gSXQgYWxzbyBkZXNjcmliZXMg YXMgdGhlIGludGVyZmFjZXMgYmV0d2VlbiB0aGVtLiAmbmJzcDtUaGUgZG9jdW1lbnQgYWxzbyBn aXZlczxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ YSBkZXNjcmlwdGlvbiBvZiBzb21lIG1vcmUgYWR2YW5jZWQgQUNUTiBhcmNoaXRlY3R1cmVzLDxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+YSBkZXNj cmlwdGlvbiBvZiAmbmJzcDtzZXZlcmFsIHRvcG9sb2d5IGFic3RyYWN0aW9uIG1ldGhvZHMsIGFu ZCBhbiBleGFtcGxlIG9mIGFuIGFkdmFuY2VkIEFDVE4gYXBwbGljYXRpb246IGEgbXVsdGktZGVz dGluYXRpb24gc2VydmVycy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2VjdGlv biwgd2hpbGUgaXQgbGlzdHMgc29tZSBnZW5lcmFsIGNvbnNpZGVyYXRpb25zIHRoYXQgd291bGQ8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPmhvbGQg Zm9yIGFueSBraW5kIG9mIG5ldHdvcmssIG1haW5seSBjb25jZW50cmF0ZXMgb24gdGhlIHR3byBp bnRlcmZhY2VzIGJldHdlZW4gdGhlIGNvbXBvbmVudHM6IHRoZSBDTkMtTURTQyAoQ01JKSBhbmQg dGhlIE1EU0MtUE5DIChNUEkpIGludGVyZmFjZXMuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JdCBnaXZlcyBhIGdvb2Qgb3ZlcnZpZXcgb2YgdGhl IHR5cGVzIG9mIHNlY3VyaXR5IHJpc2tzIHRoYXQgbWlnaHQgYXJpc2Ugd2l0aCByZXNwZWN0IHRv IHRoZSB0d28gaW50ZXJmYWNlcyw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPmFuZCB0aGUgbWVhbnMgZm9yIG1pdGlnYXRpbmcgdGhlbS4gJm5ic3A7 Rm9yIHRoZSByZXN0LCBpdCBkZWZlcnMgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgdG8gdGhlIHNw ZWNpZmljIGFwcGxpY2F0aW9ucywgd2hpY2g8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgYXNzdW1lIHdvdWxkIGJlIGhhbmRsZWQgYnkgb3RoZXIg d29ya2luZyBncm91cHMuICZuYnNwO0kgYmVsaWV2ZSB0aGF0IHRoaXMgaXMgcmVhc29uYWJsZSBm b3IgYW4gaW5mb3JtYXRpb25hbCBkb2N1bWVudDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+dGhhdCBpcyBwcm92aWRpbmcgYSBnZW5lcmFsIGZyYW1l d29yay4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+QSBuaXQ6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPkkgY291bGRu4oCZdCBwYXJzZSB0aGUgbGFzdCBzZW50ZW5jZSBvZiBTZWN0 aW9uIDkuMzo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ Jm5ic3A7ICZuYnNwO1doaWNoIE1EU0MgdGhlIFBOQyBleHBvcnRzIHRvcG9sb2d5IGluZm9ybWF0 aW9uIHRvLCBhbmQgdGhlIGxldmVsIG9mPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsgJm5ic3A7ZGV0YWlsIChmdWxsIG9yIGFic3RyYWN0 ZWQpIHNob3VsZCBhbHNvIGJlIGF1dGhlbnRpY2F0ZWQgYW5kPG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsgJm5ic3A7c3BlY2lmaWMgYWNj ZXNzIHJlc3RyaWN0aW9ucyBhbmQgdG9wb2xvZ3kgdmlld3MsIHNob3VsZCBiZTxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO2Nv bmZpZ3VyYWJsZSBhbmQvb3IgcG9saWN5LWJhc2VkLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgdGhpbmsgaXQgbWF5IGJlIHRo ZSBjb21tYXMgYXJlIG1pc3BsYWNlZCwgYW5kIHdoYXQgeW91IHJlYWxseSB3YW50IHRvIHNheSBp cyB0aGlzOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4m bmJzcDsgJm5ic3A7V2hpY2ggTURTQyB0aGUgUE5DIGV4cG9ydHMgdG9wb2xvZ3kgaW5mb3JtYXRp b24gdG8sIGFuZCB0aGUgbGV2ZWwgb2Y8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyAmbmJzcDtkZXRhaWwgKGZ1bGwgb3IgYWJzdHJhY3Rl ZCksIHNob3VsZCBhbHNvIGJlIGF1dGhlbnRpY2F0ZWQsIGFuZDxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO3NwZWNpZmljIGFj Y2VzcyByZXN0cmljdGlvbnMgYW5kIHRvcG9sb2d5IHZpZXdzIHNob3VsZCBiZTxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO2Nv bmZpZ3VyYWJsZSBhbmQvb3IgcG9saWN5LWJhc2VkLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5DYXRoeSBNZWFkb3dzPG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8 bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZTo5LjBwdCI+Q2F0aGVyaW5lIE1lYWRvd3M8YnI+DQpOYXZhbCBSZXNl YXJjaCBMYWJvcmF0b3J5PGJyPg0KQ29kZSA1NTQzPGJyPg0KNDU1NSBPdmVybG9vayBBdmUuLCBT LlcuPGJyPg0KV2FzaGluZ3RvbiBEQywgMjAzNzU8YnI+DQpwaG9uZTogMjAyLTc2Ny0zNDkwPGJy Pg0KZmF4OiAyMDItNDA0LTc5NDI8YnI+DQplbWFpbDombmJzcDs8YSBocmVmPSJtYWlsdG86Y2F0 aGVyaW5lLm1lYWRvd3NAbnJsLm5hdnkubWlsIj5jYXRoZXJpbmUubWVhZG93c0BucmwubmF2eS5t aWw8L2E+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4N CjwvaHRtbD4NCg== --_000_7AEB3D6833318045B4AE71C2C87E8E173CFE4EA5sjceml521mbxchi_-- From nobody Tue May 1 16:00:39 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 133EF127137; Tue, 1 May 2018 16:00:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.008 X-Spam-Level: X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FOM3lV3bMMXU; Tue, 1 May 2018 16:00:20 -0700 (PDT) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on070b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe48::70b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2383127201; Tue, 1 May 2018 16:00:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=z+MFboR+3m5hZcgSbc4r56Q87bkZmXZMo1e0bCvuQmQ=; b=iLBZ4uYU9N+BEgQ2vfndusFTh8Ejb1uL48wO7qxv+vctJ2GMwULJRTiT00zXN9Yhrv2mtX3EtMcx5Km+3kxC/a7bjvXDHf0H6Abf4Rd465Ngs/zega0vfx6H+IC1VQH3Y281YbovfxNu7KRyJguC/uNFiAStob557B05oynlKVM= Received: from DM5PR00MB0293.namprd00.prod.outlook.com (2603:10b6:4:9e::34) by DM5PR00MB0326.namprd00.prod.outlook.com (2603:10b6:4:9f::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.766.0; Tue, 1 May 2018 23:00:16 +0000 Received: from DM5PR00MB0293.namprd00.prod.outlook.com ([fe80::143d:17c6:2a98:bbf2]) by DM5PR00MB0293.namprd00.prod.outlook.com ([fe80::143d:17c6:2a98:bbf2%3]) with mapi id 15.20.0771.000; Tue, 1 May 2018 23:00:16 +0000 From: Mike Jones To: Russ Housley CC: Phil Hunt , "draft-ietf-secevent-token.all@ietf.org" , "ietf@ietf.org" , ID Events Mailing List , "secdir@ietf.org" Thread-Topic: [Id-event] Secdir last call review of draft-ietf-secevent-token-09 Thread-Index: AQHT2NHtvc95Fiwi1UCrOyZVUllp6qQQeq+AgAfjstCAAy+xgA== Date: Tue, 1 May 2018 23:00:16 +0000 Message-ID: References: <152424742315.3484.7625515486296411114@ietfa.amsl.com> <2F2D2F99-8116-40EE-8245-D7C5F8793BC0@oracle.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-05-01T23:00:11.9121632Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General x-originating-ip: [2001:4898:80e8:e::36] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM5PR00MB0326; 7:YsKObRodgxwN04FZDCXtsd1MwYeNTSXSBPbtTQ+VlVr7Fl6LjjEBTevyLMlkJXKqAZCHTh4b+CtMdmL8IBZ/QAiTaNMVXyenH1EMZIpg2FFxDMzkz0DKNdvBCM2DajRRJq9G8FS9cRim1HZq/lexR0aEsbJiyY6Z25SUiZGjSNcZwwQGbMpcvFTwBc/eQ1iMkP5/xMJhyJaaglO6q6Cac4+83AeZzSJwRA/L/syEtcB0E2uoJN+1NR8KOPwxpACB; 20:LrOky16nnxuoh2kFXXAHbjEA7RfkYMClJiMZPyZhzQLg8sifDX9AeadNlZ8ZP+V0Vy97kRUYS+gAG+icGJpvSGRbdYYk+hWlZZwMGhmfUdvCjne51WXbYXPPs8KU3YtZQqD0sMdrggMTtsUCmipmJkLqSEdR4cP7q1zqCt3Gi0Q= x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:DM5PR00MB0326; x-ms-traffictypediagnostic: DM5PR00MB0326: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(10436049006162)(89211679590171)(192374486261705)(21748063052155)(146099531331640); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(10201501046)(3002001)(93006095)(93001095)(3231254)(2018427008)(944501410)(52105095)(6055026)(6041310)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM5PR00MB0326; BCL:0; PCL:0; RULEID:; SRVR:DM5PR00MB0326; x-forefront-prvs: 06592CCE58 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(39380400002)(376002)(346002)(396003)(366004)(377424004)(189003)(199004)(8990500004)(46003)(53546011)(22452003)(106356001)(25786009)(9326002)(105586002)(52396003)(236005)(10090500001)(8676002)(53936002)(76176011)(10290500003)(316002)(14454004)(8936002)(7696005)(81156014)(59450400001)(81166006)(6116002)(4326008)(54906003)(5660300001)(790700001)(6506007)(606006)(33656002)(6436002)(186003)(486006)(74316002)(3660700001)(229853002)(5890100001)(1680700002)(575784001)(19609705001)(5250100002)(97736004)(6306002)(53386004)(86362001)(476003)(68736007)(11346002)(478600001)(2900100001)(446003)(72206003)(54896002)(6916009)(6246003)(7736002)(86612001)(3280700002)(102836004)(9686003)(99286004)(55016002)(2906002)(966005); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR00MB0326; H:DM5PR00MB0293.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: u6wf2xq5W0veQQVDrL+wHdeUrDisego5yRsd3EozdviDzRnRjHFTe5nDiZ7qOGgO/auE9rdA01njLHma4yEDnrsg9jkKGdo7M33w86uP4F9H9i2bnW0XzAfleG2dP58oNTkXSn0/z81mLpKBV7fShwVd2rgBkLMlVZzW6JZi1Kggr14faRxaPFQ0/OyyLlrb spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_DM5PR00MB029324695FEA6EF07878D6E4F5810DM5PR00MB0293namp_" MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 4bc72181-29f1-48fa-defd-08d5afb74e3a X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4bc72181-29f1-48fa-defd-08d5afb74e3a X-MS-Exchange-CrossTenant-originalarrivaltime: 01 May 2018 23:00:16.7348 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR00MB0326 Archived-At: Subject: Re: [secdir] [Id-event] Secdir last call review of draft-ietf-secevent-token-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 May 2018 23:00:25 -0000 --_000_DM5PR00MB029324695FEA6EF07878D6E4F5810DM5PR00MB0293namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgUnVzcywNCg0KTm90IGhhdmluZyBoZWFyZCBiYWNrIGZyb20geW91IGZvciBhIHdlZWssIHRo ZSBlZGl0b3JzIGRlY2lkZWQgdG8gcHVibGlzaCBhbiB1cGRhdGVkIGRyYWZ0IGh0dHBzOi8vdG9v bHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLXNlY2V2ZW50LXRva2VuLTEwIHRoYXQgYWRkcmVz c2VzIHlvdXIgYWRkaXRpb25hbCBTZWNEaXIgcmV2aWV3IGNvbW1lbnRzIGluIHRoZSBtYW5uZXIg cHJvcG9zZWQgbGFzdCB3ZWVrLiAgSW4gcGFydGljdWxhciwgdGhlIHJldmlzZWQgdGV4dCBtYWtl cyBpdCBjbGVhcmVyIHdoYXQgcmVxdWlyZW1lbnRzIHRoaXMgc3BlY2lmaWNhdGlvbiBpcyBpbXBv c2luZyBvbiBwcm9maWxpbmcgc3BlY2lmaWNhdGlvbnMuICBJIGhvcGUgdGhlIG5ldyB0ZXh0IHdv cmtzIGZvciB5b3UuDQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBCZXN0IHdpc2hlcywNCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtLSBNaWtlDQoNCkZy b206IE1pa2UgSm9uZXMNClNlbnQ6IFN1bmRheSwgQXByaWwgMjksIDIwMTggMzoyMCBQTQ0KVG86 IFJ1c3MgSG91c2xleSA8aG91c2xleUB2aWdpbHNlYy5jb20+DQpDYzogUGhpbCBIdW50IDxwaGls Lmh1bnRAb3JhY2xlLmNvbT47IGRyYWZ0LWlldGYtc2VjZXZlbnQtdG9rZW4uYWxsQGlldGYub3Jn OyBpZXRmQGlldGYub3JnOyBJRCBFdmVudHMgTWFpbGluZyBMaXN0IDxpZC1ldmVudEBpZXRmLm9y Zz47IHNlY2RpckBpZXRmLm9yZw0KU3ViamVjdDogUkU6IFtJZC1ldmVudF0gU2VjZGlyIGxhc3Qg Y2FsbCByZXZpZXcgb2YgZHJhZnQtaWV0Zi1zZWNldmVudC10b2tlbi0wOQ0KDQpIaSBSdXNzLA0K DQpJIHdhbnRlZCB0byBjaGVjayBiYWNrIGluLiAgQXJlIHlvdSBnb29kIHdpdGggdGhlc2UgY2hh bmdlcyB0byBhZGRyZXNzIHlvdXIgY29tbWVudCBvciBkbyB3YW50IHRvIHN1Z2dlc3QgdGhhdCB3 ZSB0YWtlIGEgZGlmZmVyZW50IGRpcmVjdGlvbj8NCg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFRoYW5rcywNCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtLSBNaWtlDQoNCkZyb206IElk LWV2ZW50IDxpZC1ldmVudC1ib3VuY2VzQGlldGYub3JnPG1haWx0bzppZC1ldmVudC1ib3VuY2Vz QGlldGYub3JnPj4gT24gQmVoYWxmIE9mIFBoaWwgSHVudA0KU2VudDogVHVlc2RheSwgQXByaWwg MjQsIDIwMTggMjo1MCBQTQ0KVG86IFJ1c3MgSG91c2xleSA8aG91c2xleUB2aWdpbHNlYy5jb208 bWFpbHRvOmhvdXNsZXlAdmlnaWxzZWMuY29tPj4NCkNjOiBkcmFmdC1pZXRmLXNlY2V2ZW50LXRv a2VuLmFsbEBpZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1zZWNldmVudC10b2tlbi5hbGxAaWV0 Zi5vcmc+OyBNaWtlIEpvbmVzIDxNaWNoYWVsLkpvbmVzQG1pY3Jvc29mdC5jb208bWFpbHRvOk1p Y2hhZWwuSm9uZXNAbWljcm9zb2Z0LmNvbT4+OyBpZXRmQGlldGYub3JnPG1haWx0bzppZXRmQGll dGYub3JnPjsgSUQgRXZlbnRzIE1haWxpbmcgTGlzdCA8aWQtZXZlbnRAaWV0Zi5vcmc8bWFpbHRv OmlkLWV2ZW50QGlldGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYu b3JnPg0KU3ViamVjdDogUmU6IFtJZC1ldmVudF0gU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2Yg ZHJhZnQtaWV0Zi1zZWNldmVudC10b2tlbi0wOQ0KDQpSdXNzLA0KDQpIZXJlIGFyZSBwcm9wb3Nl ZCBjaGFuZ2VzIHRvIGFkZHJlc3MgeW91ciBxdWVzdGlvbnMgYWJvdXQgU2VjdGlvbiAzLiAgWW91 4oCZcmUgcmlnaHQgdGhhdCB0aGlzIHNlY3Rpb24gaXMgcGxhY2luZyByZXF1aXJlbWVudHMgb24g cHJvZmlsaW5nIHNwZWNpZmljYXRpb25zLiAgVGhlIGNoYW5nZXMgbWFkZSBhcmUgaW50ZW5kZWQg dG8gbWFrZSB0aGlzIG1vcmUgZXhwbGljaXQuICBQbGVhc2UgbGV0IHVzIGtub3cgaWYgdGhlIHVw ZGF0ZWQgdGV4dCB3b3JrcyBmb3IgeW91LCBhbmQgaWYgc28sIHdl4oCZbGwgcHVibGlzaCBhbiB1 cGRhdGVkIGRyYWZ0IHVzaW5nIGl0Lg0KDQpQbGVhc2Ugc2VlIHRoZSB3ZGlmZiB0ZXh0IGZvciBz ZWN0aW9uIDMgYmVsb3cgKGFsc28gYXR0YWNoZWQpLg0KDQpUaGFua3MsDQoNClBoaWwgJiBNaWtl DQoNCuKAlHdkaWZmIGZvciBzZWMgMy0tDQoNCjMuICBSZXF1aXJlbWVudHMgZm9yIFNFVCBQcm9m aWxlcw0KDQoNCg0KICAgUHJvZmlsaW5nIHNwZWNpZmljYXRpb25zIG9mIHRoaXMgc3BlY2lmaWNh dGlvbiBkZWZpbmUgYWN0dWFsIFNFVHMgdG8NCg0KICAgYmUgdXNlZCBpbiBwYXJ0aWN1bGFyIHVz ZSBjYXNlcy4gIFRoZXNlIHByb2ZpbGluZyBzcGVjaWZpY2F0aW9ucw0KDQogICBkZWZpbmUgdGhl IHN5bnRheCBhbmQgc2VtYW50aWNzIG9mIFNFVHMgY29uZm9ybWluZyB0byB0aGF0IFNFVA0KDQog ICBwcm9maWxlIGFuZCBydWxlcyBmb3IgdmFsaWRhdGluZyB0aG9zZSBTRVRzLiAgUHJvZmlsaW5n DQoNCiAgIHNwZWNpZmljYXRpb25zIFNIT1VMRCBkZWZpbmUgc3ludGF4LCBzZW1hbnRpY3MsIHN1 YmplY3QNCg0KICAgaWRlbnRpZmljYXRpb24sIGFuZCB2YWxpZGF0aW9uLg0KDQoNCg0KICAgU3lu dGF4DQoNCiAgICAgIFRoZSBzeW50YXggZGVmaW5lZCBieQ0KDQogICBwcm9maWxpbmcgc3BlY2lm aWNhdGlvbnMgaW5jbHVkZXMgd2hhdCBjbGFpbXMgb2YgdGhlIFNFVHMgZGVmaW5lZCwgaW5jbHVk aW5nOg0KDQoNCg0KICAgICAgVG9wLUxldmVsIENsYWltcw0KDQogICAgICAgICBDbGFpbXMgYW5k IGV2ZW50IHBheWxvYWQgdmFsdWVzIHBsYWNlZCBhdCB0aGUgSldUIENsYWltcyBTZXQuIEV4YW1w bGVzIGFyZSB1c2VkDQoNCiAgICAgICAgIGNsYWltcyBkZWZpbmVkIGJ5IFNFVHMgdXRpbGl6aW5n IHRoZSBwcm9maWxlLiBKV1Qgc3BlY2lmaWNhdGlvbiAoc2VlIFtSRkM3NTE5XSksIHRoZQ0KDQog ICAgICAgICBTRVQgc3BlY2lmaWNhdGlvbiwgYW5kIGJ5IHRoZSBwcm9maWxpbmcgc3BlY2lmaWNh dGlvbi4NCg0KDQoNCiAgICAgIEV2ZW50IFBheWxvYWQNCg0KICAgICAgICAgVGhlIEpTT04gZGF0 YSBzdHJ1Y3R1cmUgY29udGVudHMgYW5kIGZvcm1hdCwgY29udGFpbmluZyBldmVudC0NCg0KICAg ICAgICAgc3BlY2lmaWMgaW5mb3JtYXRpb24sIGlmIGFueSAoc2VlIFNlY3Rpb24gMS4yKS4NCg0K DQoNCiAgIFNlbWFudGljcw0KDQogICAgICBEZWZpbmluZyB0aGUgc2VtYW50aWNzIG9mIHRoZSBT RVQgY29udGVudHMgZm9yIFNFVHMgdXRpbGl6aW5nIHRoZQ0KDQogICAgICBwcm9maWxlIGlzIGVx dWFsbHkgaW1wb3J0YW50LiAgUG9zc2libHkgbW9zdCBpbXBvcnRhbnQgaXMgZGVmaW5pbmcNCg0K ICAgICAgdGhlIHByb2NlZHVyZXMgdXNlZCB0byB2YWxpZGF0ZSB0aGUgU0VUIGlzc3VlciBhbmQg dG8gb2J0YWluIHRoZQ0KDQogICAgICBrZXlzIGNvbnRyb2xsZWQgYnkgdGhlIGlzc3VlciB0aGF0 IHdlcmUgdXNlZCBmb3IgY3J5cHRvZ3JhcGhpYw0KDQogICAgICBvcGVyYXRpb25zIHVzZWQgaW4g dGhlIEpXVCByZXByZXNlbnRpbmcgdGhlIFNFVC4gIEZvciBpbnN0YW5jZSwNCg0KICAgICAgc29t ZSBwcm9maWxlcyBtYXkgZGVmaW5lIGFuIGFsZ29yaXRobSBmb3IgcmV0cmlldmluZyB0aGUgU0VU DQoNCiAgICAgIGlzc3VlcidzIGtleXMgdGhhdCB1c2VzIHRoZSAiaXNzIiBjbGFpbSB2YWx1ZSBh cyBpdHMgaW5wdXQuDQoNCiAgICAgIExpa2V3aXNlLCBpZiB0aGUgcHJvZmlsZSBhbGxvd3MgKG9y IHJlcXVpcmVzKSB0aGF0IHRoZSBKV1QgYmUNCg0KICAgICAgdW5zZWN1cmVkLCB0aGUgbWVhbnMg Ynkgd2hpY2ggdGhlIGludGVncml0eSBvZiB0aGUgSldUIGlzIGVuc3VyZWQNCg0KICAgICAgTVVT VCBiZSBzcGVjaWZpZWQuDQoNCg0KDQogICBTdWJqZWN0IElkZW50aWZpY2F0aW9uDQoNCiAgICAg IFByb2ZpbGluZyBzcGVjaWZpY2F0aW9ucyBNVVNUIGRlZmluZSBob3cgdGhlIGV2ZW50IHN1Ympl Y3QgaXMNCg0KICAgICAgaWRlbnRpZmllZCBpbiB0aGUgU0VULCBhcyB3ZWxsIGFzIGhvdyB0byBk aWZmZXJlbnRpYXRlIGJldHdlZW4gdGhlDQoNCiAgICAgIGV2ZW50IHN1YmplY3QncyBpc3N1ZXIg YW5kIHRoZSBTRVQgaXNzdWVyLCBpZiBhcHBsaWNhYmxlLiAgSXQgaXMNCg0KICAgICAgTk9UIFJF Q09NTUVOREVEIGZvciBwcm9maWxpbmcgc3BlY2lmaWNhdGlvbnMgdG8gdXNlIHRoZSAic3ViIg0K DQogICAgICBjbGFpbSBpbiBjYXNlcyBpbiB3aGljaCB0aGUgc3ViamVjdCBpcyBub3QgZ2xvYmFs bHkgdW5pcXVlIGFuZCBoYXMNCg0KICAgICAgYSBkaWZmZXJlbnQgaXNzdWVyIGZyb20gdGhlIFNF VCBpdHNlbGYuDQoNCg0KDQogICBWYWxpZGF0aW9uDQoNCiAgICAgIFByb2ZpbGluZyBzcGVjaWZp Y2F0aW9ucyBNVVNUIGNsZWFybHkgc3BlY2lmeSB0aGUgc3RlcHMgdGhhdCBhDQoNCiAgICAgIHJl Y2lwaWVudCBvZiBhIFNFVCB1dGlsaXppbmcgdGhhdCBwcm9maWxlIE1VU1QgcGVyZm9ybSB0byB2 YWxpZGF0ZQ0KDQogICAgICB0aGF0IHRoZSBTRVQgaXMgYm90aCBzeW50YWN0aWNhbGx5IGFuZCBz ZW1hbnRpY2FsbHkgdmFsaWQuDQoNCg0KDQogICAgICBBbW9uZyB0aGUgc3ludGF4IGFuZCBzZW1h bnRpY3Mgb2YgU0VUcyB0aGF0IGEgcHJvZmlsaW5nDQoNCiAgICAgIHNwZWNpZmljYXRpb24gbWF5 IGRlZmluZSBpcyB3aGV0aGVyIHRoZSB2YWx1ZSBvZiB0aGUgImV2ZW50cyINCg0KICAgICAgY2xh aW0gbWF5IGNvbnRhaW4gbXVsdGlwbGUgbWVtYmVycywgYW5kIHdoYXQgcHJvY2Vzc2luZw0KDQog ICAgICBpbnN0cnVjdGlvbnMgYXJlIGVtcGxveWVkIGluIHRoZSBzaW5nbGUtIGFuZCBtdWx0aXBs ZS12YWx1ZWQgY2FzZXMNCg0KICAgICAgZm9yIFNFVHMgY29uZm9ybWluZyB0byB0aGF0IHByb2Zp bGUuICBNYW55IHZhbGlkIGNob2ljZXMgYXJlDQoNCiAgICAgIHBvc3NpYmxlLiAgRm9yIGluc3Rh bmNlLCBzb21lIHByb2ZpbGVzIG1pZ2h0IGFsbG93IG11bHRpcGxlIGV2ZW50DQoNCiAgICAgIGlk ZW50aWZpZXJzIHRvIGJlIHByZXNlbnQgYW5kIHNwZWNpZnkgdGhhdCBhbnkgdGhhdCBhcmUgbm90 DQoNCiAgICAgIHVuZGVyc3Rvb2QgYnkgcmVjaXBpZW50cyBiZSBpZ25vcmVkLCB0aHVzIGVuYWJs aW5nIGV4dGVuc2liaWxpdHkuDQoNCiAgICAgIE90aGVyIHByb2ZpbGVzIG1pZ2h0IGFsbG93IG11 bHRpcGxlIGV2ZW50IGlkZW50aWZpZXJzIHRvIGJlDQoNCiAgICAgIHByZXNlbnQgYnV0IHJlcXVp cmUgdGhhdCBhbGwgYmUgdW5kZXJzdG9vZCBpZiB0aGUgU0VUIGlzIHRvIGJlDQoNCiAgICAgIGFj Y2VwdGVkLiAgU29tZSBwcm9maWxlcyBtaWdodCByZXF1aXJlIHRoYXQgb25seSBhIHNpbmdsZSB2 YWx1ZSBiZQ0KDQogICAgICBwcmVzZW50LiAgQWxsIHN1Y2ggY2hvaWNlcyBhcmUgd2l0aGluIHRo ZSBzY29wZSBvZiBwcm9maWxpbmcNCg0KICAgICAgc3BlY2lmaWNhdGlvbnMgdG8gZGVmaW5lLg0K DQoNCg0KICAgUHJvZmlsaW5nIHNwZWNpZmljYXRpb25zIE1VU1QgY2xlYXJseSBzcGVjaWZ5IHRo ZSBzdGVwcyB0aGF0IGENCg0KICAgcmVjaXBpZW50IG9mIGEgU0VUIHV0aWxpemluZyB0aGF0IHBy b2ZpbGUgTVVTVCBwZXJmb3JtIHRvIHZhbGlkYXRlDQoNCiAgIHRoYXQgdGhlIFNFVCBpcyBib3Ro IHN5bnRhY3RpY2FsbHkgYW5kIHNlbWFudGljYWxseSB2YWxpZC4NCg0KUGhpbA0KDQpPcmFjbGUg Q29ycG9yYXRpb24sIElkZW50aXR5IENsb3VkIFNlcnZpY2VzIEFyY2hpdGVjdA0KQGluZGVwZW5k ZW50aWQNCnd3dy5pbmRlcGVuZGVudGlkLmNvbTxodHRwOi8vd3d3LmluZGVwZW5kZW50aWQuY29t Pg0KcGhpbC5odW50QG9yYWNsZS5jb208bWFpbHRvOnBoaWwuaHVudEBvcmFjbGUuY29tPg0KDQpP biBBcHIgMjAsIDIwMTgsIGF0IDExOjAzIEFNLCBSdXNzIEhvdXNsZXkgPGhvdXNsZXlAdmlnaWxz ZWMuY29tPG1haWx0bzpob3VzbGV5QHZpZ2lsc2VjLmNvbT4+IHdyb3RlOg0KDQpSZXZpZXdlcjog UnVzcyBIb3VzbGV5DQpSZXZpZXcgcmVzdWx0OiBIYXMgSXNzdWVzDQoNCkkgcmV2aWV3ZWQgdGhp cyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBTZWN1cml0eSBEaXJlY3RvcmF0ZSdzIG9uZ29pbmcN CmVmZm9ydCB0byByZXZpZXcgYWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHByb2Nlc3NlZCBieSB0 aGUgSUVTRy4gIFRoZXNlDQpjb21tZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUg YmVuZWZpdCBvZiB0aGUgU2VjdXJpdHkgQXJlYQ0KRGlyZWN0b3JzLiAgRG9jdW1lbnQgYXV0aG9y cywgZG9jdW1lbnQgZWRpdG9ycywgYW5kIFdHIGNoYWlycyBzaG91bGQNCnRyZWF0IHRoZXNlIGNv bW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgSUVURiBMYXN0IENhbGwgY29tbWVudHMuDQoNCkRv Y3VtZW50OiBkcmFmdC1pZXRmLXNlY2V2ZW50LXRva2VuLTA5DQpSZXZpZXdlcjogUnVzcyBIb3Vz bGV5DQpSZXZpZXcgRGF0ZTogMjAxOC0wNC0yMA0KSUVURiBMQyBFbmQgRGF0ZTogdW5rbm93bg0K SUVTRyBUZWxlY2hhdCBkYXRlOiAyMDE4LTA1LTEwDQoNClN1bW1hcnk6IEhhcyBJc3N1ZXMNCg0K TWFqb3IgQ29uY2VybnMNCg0KSSBkbyBub3QgdW5kZXJzdGFuZCB0aGUgZmlyc3QgcGFyYWdyYXBo IG9mIFNlY3Rpb24gMy4gIEkgbWFkZSB0aGlzDQpjb21tZW50IG9uIHZlcnNpb24gLTA3LCBhbmQg c29tZSB3b3JkcyB3ZXJlIGFkZGVkLCBidXQgSSBzdGlsbCBkbw0Kbm90IHVuZGVyc3RhbmQgdGhp cyBwYXJhZ3JhcGguICBJIHRoaW5rIHlvdSBhcmUgdHJ5aW5nIHRvIGltcG9zZSBzb21lDQpydWxl cyBvbiBmdXR1cmUgc3BlY2lmaWNhdGlvbnMgdGhhdCB1c2UgU0VUIHRvIGRlZmluZSBldmVudHMu ICBMZXQgbWUNCmFzayBhIGNvdXBsZSBvZiBxdWVzdGlvbnMgdGhhdCBtYXkgaGVscC4gIEkgdW5k ZXJzdGFuZCB0aGF0IGENCnByb2ZpbGluZyBzcGVjaWZpY2F0aW9uIE1VU1Qgc3BlY2lmeSB0aGUg c3ludGF4IGFuZCBzZW1hbnRpY3MgZm9yIGENCmNvbGxlY3Rpb24gb2Ygc2VjdXJpdHkgZXZlbnQg dG9rZW5zLCBpbmNsdWRpbmcgdGhlIGNsYWltcyBhbmQgcGF5bG9hZHMNCnRoYXQgYXJlIGV4cGVj dGVkLiAgV2hhdCBNVVNUIGEgcHJvZmlsaW5nIHNwZWNpZmljYXRpb24gaW5jbHVkZT8gIFdoYXQN Ck1VU1QgYSBwcm9maWxpbmcgc3BlY2lmaWNhdGlvbiBOT1QgaW5jbHVkZT8NCg0KDQpfX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KSWQtZXZlbnQgbWFpbGlu ZyBsaXN0DQpJZC1ldmVudEBpZXRmLm9yZzxtYWlsdG86SWQtZXZlbnRAaWV0Zi5vcmc+DQpodHRw czovL3VybGRlZmVuc2UucHJvb2Zwb2ludC5jb20vdjIvdXJsP3U9aHR0cHMtM0FfX3d3dy5pZXRm Li5vcmdfbWFpbG1hbl9saXN0aW5mb19pZC0yRGV2ZW50JmQ9RHdJQ0FnJmM9Um9QMVl1bUNYQ2dh V0h2bFpZUjhQWmg4QnY3cUlyTVVCNjVlYXBJX0puRSZyPW5hNUZWekJUV21hbnFXTnk0RHBjdHlY UHB1WXFQa0FJMWFMY0xONEtaTkEmbT1oSkZ4LVoyaWgxOHVVTkNYb3NBanZ5Z0hxbjJfSzJtdE56 cUllajNBaC1jJnM9MjhPV2U0MlMwYmc4WTJlbzNWVnpBQ2VTWW56Z2l5eWVYTGw3dFR1OWkxWSZl PQ0KDQo= --_000_DM5PR00MB029324695FEA6EF07878D6E4F5810DM5PR00MB0293namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDb25zb2xhczsNCglwYW5vc2UtMToyIDEx IDYgOSAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWws IGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0 b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixz YW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZp c2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5 Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnByZQ0KCXtt c28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0dGVk IENoYXIiOw0KCW1hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6 ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpzcGFuLkhUTUxQcmVmb3Jt YXR0ZWRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsNCglt c28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0dGVk IjsNCglmb250LWZhbWlseTpDb25zb2xhczt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25vcm1hbDAs IGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFt aWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4ueGFwcGxlLXN0eWxlLXNwYW4NCgl7bXNv LXN0eWxlLW5hbWU6eF9hcHBsZS1zdHlsZS1zcGFuO30NCnNwYW4uRW1haWxTdHlsZTIxDQoJe21z by1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlm Ow0KCWNvbG9yOiMwMDIwNjA7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjQNCgl7bXNvLXN0eWxlLXR5cGU6 cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29s b3I6IzAwMjA2MDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25s eTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWlu IDExLjBpbjsNCgltYXJnaW46MS4waW4gMS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0 aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5 XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4N CjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVsYXlv dXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286 c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1V UyIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEi Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPkhpIFJ1 c3MsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImNvbG9yOiMwMDIwNjAiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDAyMDYwIj5Ob3QgaGF2aW5nIGhlYXJk IGJhY2sgZnJvbSB5b3UgZm9yIGEgd2VlaywgdGhlIGVkaXRvcnMgZGVjaWRlZCB0byBwdWJsaXNo IGFuIHVwZGF0ZWQgZHJhZnQNCjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9k cmFmdC1pZXRmLXNlY2V2ZW50LXRva2VuLTEwIj5odHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwv ZHJhZnQtaWV0Zi1zZWNldmVudC10b2tlbi0xMDwvYT4gdGhhdCBhZGRyZXNzZXMgeW91ciBhZGRp dGlvbmFsIFNlY0RpciByZXZpZXcgY29tbWVudHMgaW4gdGhlIG1hbm5lciBwcm9wb3NlZCBsYXN0 IHdlZWsuJm5ic3A7IEluIHBhcnRpY3VsYXIsIHRoZSByZXZpc2VkIHRleHQgbWFrZXMgaXQNCiBj bGVhcmVyIHdoYXQgcmVxdWlyZW1lbnRzIHRoaXMgc3BlY2lmaWNhdGlvbiBpcyBpbXBvc2luZyBv biBwcm9maWxpbmcgc3BlY2lmaWNhdGlvbnMuJm5ic3A7IEkgaG9wZSB0aGUgbmV3IHRleHQgd29y a3MgZm9yIHlvdS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2MCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBCZXN0IHdpc2hlcyw8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2MCI+ Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IC0tIE1pa2U8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2 MCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRl cjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAw aW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPkZyb206PC9iPiBNaWtlIEpvbmVzIDxi cj4NCjxiPlNlbnQ6PC9iPiBTdW5kYXksIEFwcmlsIDI5LCAyMDE4IDM6MjAgUE08YnI+DQo8Yj5U bzo8L2I+IFJ1c3MgSG91c2xleSAmbHQ7aG91c2xleUB2aWdpbHNlYy5jb20mZ3Q7PGJyPg0KPGI+ Q2M6PC9iPiBQaGlsIEh1bnQgJmx0O3BoaWwuaHVudEBvcmFjbGUuY29tJmd0OzsgZHJhZnQtaWV0 Zi1zZWNldmVudC10b2tlbi5hbGxAaWV0Zi5vcmc7IGlldGZAaWV0Zi5vcmc7IElEIEV2ZW50cyBN YWlsaW5nIExpc3QgJmx0O2lkLWV2ZW50QGlldGYub3JnJmd0Ozsgc2VjZGlyQGlldGYub3JnPGJy Pg0KPGI+U3ViamVjdDo8L2I+IFJFOiBbSWQtZXZlbnRdIFNlY2RpciBsYXN0IGNhbGwgcmV2aWV3 IG9mIGRyYWZ0LWlldGYtc2VjZXZlbnQtdG9rZW4tMDk8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDAyMDYwIj5IaSBSdXNzLDxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xv cjojMDAyMDYwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2MCI+SSB3YW50ZWQgdG8gY2hlY2sgYmFjayBp bi4mbmJzcDsgQXJlIHlvdSBnb29kIHdpdGggdGhlc2UgY2hhbmdlcyB0byBhZGRyZXNzIHlvdXIg Y29tbWVudCBvciBkbyB3YW50IHRvIHN1Z2dlc3QgdGhhdCB3ZSB0YWtlIGEgZGlmZmVyZW50IGRp cmVjdGlvbj88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iY29sb3I6IzAwMjA2MCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPiZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBUaGFua3MsPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAtLSBNaWtlPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAi PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6 bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGlu IDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Gcm9tOjwvYj4gSWQtZXZlbnQgJmx0Ozxh IGhyZWY9Im1haWx0bzppZC1ldmVudC1ib3VuY2VzQGlldGYub3JnIj5pZC1ldmVudC1ib3VuY2Vz QGlldGYub3JnPC9hPiZndDsNCjxiPk9uIEJlaGFsZiBPZiA8L2I+UGhpbCBIdW50PGJyPg0KPGI+ U2VudDo8L2I+IFR1ZXNkYXksIEFwcmlsIDI0LCAyMDE4IDI6NTAgUE08YnI+DQo8Yj5Ubzo8L2I+ IFJ1c3MgSG91c2xleSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmhvdXNsZXlAdmlnaWxzZWMuY29tIj5o b3VzbGV5QHZpZ2lsc2VjLmNvbTwvYT4mZ3Q7PGJyPg0KPGI+Q2M6PC9iPiA8YSBocmVmPSJtYWls dG86ZHJhZnQtaWV0Zi1zZWNldmVudC10b2tlbi5hbGxAaWV0Zi5vcmciPmRyYWZ0LWlldGYtc2Vj ZXZlbnQtdG9rZW4uYWxsQGlldGYub3JnPC9hPjsgTWlrZSBKb25lcyAmbHQ7PGEgaHJlZj0ibWFp bHRvOk1pY2hhZWwuSm9uZXNAbWljcm9zb2Z0LmNvbSI+TWljaGFlbC5Kb25lc0BtaWNyb3NvZnQu Y29tPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86aWV0ZkBpZXRmLm9yZyI+aWV0ZkBpZXRmLm9y ZzwvYT47IElEIEV2ZW50cyBNYWlsaW5nIExpc3QgJmx0OzxhIGhyZWY9Im1haWx0bzppZC1ldmVu dEBpZXRmLm9yZyI+aWQtZXZlbnRAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpz ZWNkaXJAaWV0Zi5vcmciPnNlY2RpckBpZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4g UmU6IFtJZC1ldmVudF0gU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJhZnQtaWV0Zi1zZWNl dmVudC10b2tlbi0wOTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5SdXNzLDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2MCI+SGVyZSBhcmUgcHJvcG9z ZWQgY2hhbmdlcyB0byBhZGRyZXNzIHlvdXIgcXVlc3Rpb25zIGFib3V0IFNlY3Rpb24gMy4mbmJz cDsgWW914oCZcmUgcmlnaHQgdGhhdCB0aGlzIHNlY3Rpb24gaXMgcGxhY2luZyByZXF1aXJlbWVu dHMgb24gcHJvZmlsaW5nIHNwZWNpZmljYXRpb25zLiZuYnNwOyBUaGUgY2hhbmdlcyBtYWRlIGFy ZSBpbnRlbmRlZCB0byBtYWtlIHRoaXMgbW9yZSBleHBsaWNpdC4mbmJzcDsNCiBQbGVhc2UgbGV0 IHVzIGtub3cgaWYgdGhlIHVwZGF0ZWQgdGV4dCB3b3JrcyBmb3IgeW91LCBhbmQgaWYgc28sIHdl 4oCZbGwgcHVibGlzaCBhbiB1cGRhdGVkIGRyYWZ0IHVzaW5nIGl0Ljwvc3Bhbj48bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImNvbG9yOiMwMDIwNjAiPlBsZWFzZSBzZWUgdGhlIHdkaWZmIHRleHQgZm9yIHNlY3Rpb24gMyBi ZWxvdyAoYWxzbyBhdHRhY2hlZCkuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2MCI+VGhh bmtzLDwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPlBoaWwgJmFtcDsgTWlrZTwvc3Bh bj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPuKAlHdkaWZmIGZvciBzZWMgMy0tPC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8cHJlPjMuJm5ic3A7IFJlcXVpcmVtZW50cyBmb3IgU0VU IFByb2ZpbGVzPG86cD48L286cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4N CjxwcmU+Jm5ic3A7Jm5ic3A7IFByb2ZpbGluZyBzcGVjaWZpY2F0aW9ucyBvZiB0aGlzIHNwZWNp ZmljYXRpb24gZGVmaW5lIGFjdHVhbCBTRVRzIHRvPG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5i c3A7Jm5ic3A7IGJlIHVzZWQgaW4gcGFydGljdWxhciB1c2UgY2FzZXMuJm5ic3A7IFRoZXNlIHBy b2ZpbGluZyBzcGVjaWZpY2F0aW9uczxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNw OyBkZWZpbmUgdGhlIHN5bnRheCBhbmQgc2VtYW50aWNzIG9mIFNFVHMgY29uZm9ybWluZyB0byB0 aGF0IFNFVDxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyBwcm9maWxlIGFuZCBy dWxlcyBmb3IgdmFsaWRhdGluZyB0aG9zZSBTRVRzLiZuYnNwOyA8c3Ryb25nPjxzcGFuIHN0eWxl PSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpncmVlbiI+UHJvZmls aW5nPG86cD48L286cD48L3NwYW4+PC9zdHJvbmc+PC9wcmU+DQo8cHJlPjxzdHJvbmc+PHNwYW4g c3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmdyZWVuIj4m bmJzcDsmbmJzcDsgc3BlY2lmaWNhdGlvbnMgU0hPVUxEIGRlZmluZSBzeW50YXgsIHNlbWFudGlj cywgc3ViamVjdDxvOnA+PC9vOnA+PC9zcGFuPjwvc3Ryb25nPjwvcHJlPg0KPHByZT48c3Ryb25n PjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpn cmVlbiI+Jm5ic3A7Jm5ic3A7IGlkZW50aWZpY2F0aW9uLCBhbmQgdmFsaWRhdGlvbi48bzpwPjwv bzpwPjwvc3Bhbj48L3N0cm9uZz48L3ByZT4NCjxwcmU+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9u dC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvc3Ryb25nPjwvcHJlPg0KPHByZT48c3Ryb25nPjxzcGFuIHN0eWxlPSJm b250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpncmVlbiI+Jm5ic3A7Jm5i c3A7IFN5bnRheDwvc3Bhbj48L3N0cm9uZz48bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgVGhlIHN5bnRheCA8cz48c3BhbiBzdHlsZT0iY29sb3I6 cmVkIj5kZWZpbmVkIGJ5PG86cD48L286cD48L3NwYW4+PC9zPjwvcHJlPg0KPHByZT48cz48c3Bh biBzdHlsZT0iY29sb3I6cmVkIj4mbmJzcDsmbmJzcDsgcHJvZmlsaW5nIHNwZWNpZmljYXRpb25z IGluY2x1ZGVzIHdoYXQgY2xhaW1zPC9zcGFuPjwvcz4gPHN0cm9uZz48c3BhbiBzdHlsZT0iZm9u dC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPm9mIHRoZSBTRVRz IGRlZmluZWQsIGluY2x1ZGluZzo8bzpwPjwvbzpwPjwvc3Bhbj48L3N0cm9uZz48L3ByZT4NCjxw cmU+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVv dDs7Y29sb3I6Z3JlZW4iPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvc3Ryb25nPjwvcHJlPg0K PHByZT48c3Ryb25nPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZx dW90Oztjb2xvcjpncmVlbiI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IFRvcC1MZXZl bCBDbGFpbXM8bzpwPjwvbzpwPjwvc3Bhbj48L3N0cm9uZz48L3ByZT4NCjxwcmU+PHN0cm9uZz48 c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3Jl ZW4iPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBDbGFp bXM8L3NwYW4+PC9zdHJvbmc+IGFuZCA8cz48c3BhbiBzdHlsZT0iY29sb3I6cmVkIj5ldmVudCBw YXlsb2FkPC9zcGFuPjwvcz4gdmFsdWVzIDxzdHJvbmc+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5 OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmdyZWVuIj5wbGFjZWQgYXQgdGhlIEpXVCBD bGFpbXMgU2V0LiBFeGFtcGxlczwvc3Bhbj48L3N0cm9uZz4gYXJlIDxzPjxzcGFuIHN0eWxlPSJj b2xvcjpyZWQiPnVzZWQ8L3NwYW4+PC9zPjxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyA8c3Ryb25nPjxzcGFuIHN0 eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpncmVlbiI+Y2xh aW1zIGRlZmluZWQ8L3NwYW4+PC9zdHJvbmc+IGJ5IDxzPjxzcGFuIHN0eWxlPSJjb2xvcjpyZWQi PlNFVHMgdXRpbGl6aW5nPC9zcGFuPjwvcz4gdGhlIDxzPjxzcGFuIHN0eWxlPSJjb2xvcjpyZWQi PnByb2ZpbGUuPC9zcGFuPjwvcz4gPHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1 b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPkpXVCBzcGVjaWZpY2F0aW9uIChzZWUg W1JGQzc1MTldKSwgdGhlPG86cD48L286cD48L3NwYW4+PC9zdHJvbmc+PC9wcmU+DQo8cHJlPjxz dHJvbmc+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2Nv bG9yOmdyZWVuIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsgU0VUIHNwZWNpZmljYXRpb24sIGFuZCBieSB0aGUgcHJvZmlsaW5nIHNwZWNpZmljYXRpb24u PG86cD48L286cD48L3NwYW4+PC9zdHJvbmc+PC9wcmU+DQo8cHJlPjxzdHJvbmc+PHNwYW4gc3R5 bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmdyZWVuIj48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3N0cm9uZz48L3ByZT4NCjxwcmU+PHN0cm9uZz48c3BhbiBz dHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPiZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBFdmVudCBQYXlsb2FkPG86cD48L286cD48L3Nw YW4+PC9zdHJvbmc+PC9wcmU+DQo8cHJlPjxzdHJvbmc+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5 OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmdyZWVuIj4mbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgVGhlIEpTT04gZGF0YSBzdHJ1Y3R1cmUgY29u dGVudHMgYW5kIGZvcm1hdCwgY29udGFpbmluZyBldmVudC08bzpwPjwvbzpwPjwvc3Bhbj48L3N0 cm9uZz48L3ByZT4NCjxwcmU+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7 Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBzcGVjaWZpYyBpbmZvcm1hdGlvbiwgaWYgYW55IChzZWUg U2VjdGlvbiAxLjIpLjxvOnA+PC9vOnA+PC9zcGFuPjwvc3Ryb25nPjwvcHJlPg0KPHByZT48c3Ry b25nPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xv cjpncmVlbiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9zdHJvbmc+PC9wcmU+DQo8cHJlPjxz dHJvbmc+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2Nv bG9yOmdyZWVuIj4mbmJzcDsmbmJzcDsgU2VtYW50aWNzPC9zcGFuPjwvc3Ryb25nPjxvOnA+PC9v OnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBEZWZpbmluZyB0 aGUgc2VtYW50aWNzIG9mIHRoZSBTRVQgY29udGVudHMgZm9yIFNFVHMgdXRpbGl6aW5nIHRoZTxv OnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBwcm9m aWxlIGlzIGVxdWFsbHkgaW1wb3J0YW50LiZuYnNwOyBQb3NzaWJseSBtb3N0IGltcG9ydGFudCBp cyBkZWZpbmluZzxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyB0aGUgcHJvY2VkdXJlcyB1c2VkIHRvIHZhbGlkYXRlIHRoZSBTRVQgaXNzdWVyIGFu ZCB0byBvYnRhaW4gdGhlPG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7IGtleXMgY29udHJvbGxlZCBieSB0aGUgaXNzdWVyIHRoYXQgd2VyZSB1c2Vk IGZvciBjcnlwdG9ncmFwaGljPG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7IG9wZXJhdGlvbnMgdXNlZCBpbiB0aGUgSldUIHJlcHJlc2VudGluZyB0 aGUgU0VULiZuYnNwOyBGb3IgaW5zdGFuY2UsPG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHNvbWUgcHJvZmlsZXMgbWF5IGRlZmluZSBhbiBhbGdv cml0aG0gZm9yIHJldHJpZXZpbmcgdGhlIFNFVDxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBpc3N1ZXIncyBrZXlzIHRoYXQgdXNlcyB0aGUgJnF1 b3Q7aXNzJnF1b3Q7IGNsYWltIHZhbHVlIGFzIGl0cyBpbnB1dC48bzpwPjwvbzpwPjwvcHJlPg0K PHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgTGlrZXdpc2UsIGlmIHRoZSBwcm9m aWxlIGFsbG93cyAob3IgcmVxdWlyZXMpIHRoYXQgdGhlIEpXVCBiZTxvOnA+PC9vOnA+PC9wcmU+ DQo8cHJlPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB1bnNlY3VyZWQsIHRoZSBtZWFu cyBieSB3aGljaCB0aGUgaW50ZWdyaXR5IG9mIHRoZSBKV1QgaXMgZW5zdXJlZDxvOnA+PC9vOnA+ PC9wcmU+DQo8cHJlPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBNVVNUIGJlIHNwZWNp ZmllZC48bzpwPjwvbzpwPjwvcHJlPg0KPHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0KPHBy ZT4mbmJzcDsmbmJzcDsgPHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291 cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPlN1YmplY3QgSWRlbnRpZmljYXRpb248L3NwYW4+ PC9zdHJvbmc+PG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7IFByb2ZpbGluZyBzcGVjaWZpY2F0aW9ucyBNVVNUIGRlZmluZSBob3cgdGhlIGV2ZW50 IHN1YmplY3QgaXM8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsgaWRlbnRpZmllZCBpbiB0aGUgU0VULCBhcyB3ZWxsIGFzIGhvdyB0byBkaWZmZXJl bnRpYXRlIGJldHdlZW4gdGhlPG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7IGV2ZW50IHN1YmplY3QncyBpc3N1ZXIgYW5kIHRoZSBTRVQgaXNzdWVy LCBpZiBhcHBsaWNhYmxlLiZuYnNwOyBJdCBpczxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBOT1QgUkVDT01NRU5ERUQgZm9yIHByb2ZpbGluZyBz cGVjaWZpY2F0aW9ucyB0byB1c2UgdGhlICZxdW90O3N1YiZxdW90OzxvOnA+PC9vOnA+PC9wcmU+ DQo8cHJlPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBjbGFpbSBpbiBjYXNlcyBpbiB3 aGljaCB0aGUgc3ViamVjdCBpcyBub3QgZ2xvYmFsbHkgdW5pcXVlIGFuZCBoYXM8bzpwPjwvbzpw PjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgYSBkaWZmZXJlbnQg aXNzdWVyIGZyb20gdGhlIFNFVCBpdHNlbGYuPG86cD48L286cD48L3ByZT4NCjxwcmU+PG86cD4m bmJzcDs8L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7IDxzdHJvbmc+PHNwYW4gc3R5bGU9 ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmdyZWVuIj5WYWxpZGF0 aW9uPG86cD48L286cD48L3NwYW4+PC9zdHJvbmc+PC9wcmU+DQo8cHJlPjxzdHJvbmc+PHNwYW4g c3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmdyZWVuIj4m bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgUHJvZmlsaW5nIHNwZWNpZmljYXRpb25zIE1V U1QgY2xlYXJseSBzcGVjaWZ5IHRoZSBzdGVwcyB0aGF0IGE8bzpwPjwvbzpwPjwvc3Bhbj48L3N0 cm9uZz48L3ByZT4NCjxwcmU+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7 Q291cmllciBOZXcmcXVvdDs7Y29sb3I6Z3JlZW4iPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyByZWNpcGllbnQgb2YgYSBTRVQgdXRpbGl6aW5nIHRoYXQgcHJvZmlsZSBNVVNUIHBlcmZv cm0gdG8gdmFsaWRhdGU8bzpwPjwvbzpwPjwvc3Bhbj48L3N0cm9uZz48L3ByZT4NCjxwcmU+PHN0 cm9uZz48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29s b3I6Z3JlZW4iPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB0aGF0IHRoZSBTRVQgaXMg Ym90aCBzeW50YWN0aWNhbGx5IGFuZCBzZW1hbnRpY2FsbHkgdmFsaWQuPC9zcGFuPjwvc3Ryb25n PjxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8cHJlPiZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBBbW9uZyB0aGUgc3ludGF4IGFuZCBzZW1hbnRp Y3Mgb2YgU0VUcyB0aGF0IGEgcHJvZmlsaW5nPG86cD48L286cD48L3ByZT4NCjxwcmU+Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHNwZWNpZmljYXRpb24gbWF5IGRlZmluZSBpcyB3aGV0 aGVyIHRoZSB2YWx1ZSBvZiB0aGUgJnF1b3Q7ZXZlbnRzJnF1b3Q7PG86cD48L286cD48L3ByZT4N CjxwcmU+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IGNsYWltIG1heSBjb250YWluIG11 bHRpcGxlIG1lbWJlcnMsIGFuZCB3aGF0IHByb2Nlc3Npbmc8bzpwPjwvbzpwPjwvcHJlPg0KPHBy ZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgaW5zdHJ1Y3Rpb25zIGFyZSBlbXBsb3ll ZCBpbiB0aGUgc2luZ2xlLSBhbmQgbXVsdGlwbGUtdmFsdWVkIGNhc2VzPG86cD48L286cD48L3By ZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IGZvciBTRVRzIGNvbmZvcm1p bmcgdG8gdGhhdCBwcm9maWxlLiZuYnNwOyBNYW55IHZhbGlkIGNob2ljZXMgYXJlPG86cD48L286 cD48L3ByZT4NCjxwcmU+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHBvc3NpYmxlLiZu YnNwOyBGb3IgaW5zdGFuY2UsIHNvbWUgcHJvZmlsZXMgbWlnaHQgYWxsb3cgbXVsdGlwbGUgZXZl bnQ8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg aWRlbnRpZmllcnMgdG8gYmUgcHJlc2VudCBhbmQgc3BlY2lmeSB0aGF0IGFueSB0aGF0IGFyZSBu b3Q8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg dW5kZXJzdG9vZCBieSByZWNpcGllbnRzIGJlIGlnbm9yZWQsIHRodXMgZW5hYmxpbmcgZXh0ZW5z aWJpbGl0eS48bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsgT3RoZXIgcHJvZmlsZXMgbWlnaHQgYWxsb3cgbXVsdGlwbGUgZXZlbnQgaWRlbnRpZmll cnMgdG8gYmU8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsgcHJlc2VudCBidXQgcmVxdWlyZSB0aGF0IGFsbCBiZSB1bmRlcnN0b29kIGlmIHRoZSBT RVQgaXMgdG8gYmU8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsgYWNjZXB0ZWQuJm5ic3A7IFNvbWUgcHJvZmlsZXMgbWlnaHQgcmVxdWlyZSB0aGF0 IG9ubHkgYSBzaW5nbGUgdmFsdWUgYmU8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsgcHJlc2VudC4mbmJzcDsgQWxsIHN1Y2ggY2hvaWNlcyBhcmUg d2l0aGluIHRoZSBzY29wZSBvZiBwcm9maWxpbmc8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4mbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgc3BlY2lmaWNhdGlvbnMgdG8gZGVmaW5lLjxvOnA+ PC9vOnA+PC9wcmU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8cHJlPiZuYnNwOyZu YnNwOyA8cz48c3BhbiBzdHlsZT0iY29sb3I6cmVkIj5Qcm9maWxpbmcgc3BlY2lmaWNhdGlvbnMg TVVTVCBjbGVhcmx5IHNwZWNpZnkgdGhlIHN0ZXBzIHRoYXQgYTxvOnA+PC9vOnA+PC9zcGFuPjwv cz48L3ByZT4NCjxwcmU+PHM+PHNwYW4gc3R5bGU9ImNvbG9yOnJlZCI+Jm5ic3A7Jm5ic3A7IHJl Y2lwaWVudCBvZiBhIFNFVCB1dGlsaXppbmcgdGhhdCBwcm9maWxlIE1VU1QgcGVyZm9ybSB0byB2 YWxpZGF0ZTxvOnA+PC9vOnA+PC9zcGFuPjwvcz48L3ByZT4NCjxwcmU+PHM+PHNwYW4gc3R5bGU9 ImNvbG9yOnJlZCI+Jm5ic3A7Jm5ic3A7IHRoYXQgdGhlIFNFVCBpcyBib3RoIHN5bnRhY3RpY2Fs bHkgYW5kIHNlbWFudGljYWxseSB2YWxpZC48L3NwYW4+PC9zPjxvOnA+PC9vOnA+PC9wcmU+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0K PGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8 ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFj ayI+UGhpbDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImNvbG9yOmJsYWNrIj5PcmFjbGUgQ29ycG9yYXRpb24sIElkZW50aXR5IENsb3VkIFNlcnZpY2Vz IEFyY2hpdGVjdDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+QGluZGVwZW5kZW50aWQ8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPjxhIGhyZWY9Imh0dHA6Ly93d3cuaW5kZXBlbmRlbnRp ZC5jb20iPnd3dy5pbmRlcGVuZGVudGlkLmNvbTwvYT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJjb2xvcjpibGFjayI+PGEgaHJlZj0ibWFpbHRvOnBoaWwuaHVudEBvcmFjbGUuY29t Ij5waGlsLmh1bnRAb3JhY2xlLmNvbTwvYT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8 ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEy LjBwdCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRv cDo1LjBwdDttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5PbiBBcHIgMjAsIDIwMTgsIGF0IDExOjAzIEFNLCBSdXNzIEhvdXNsZXkgJmx0OzxhIGhyZWY9 Im1haWx0bzpob3VzbGV5QHZpZ2lsc2VjLmNvbSI+aG91c2xleUB2aWdpbHNlYy5jb208L2E+Jmd0 OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86 cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlJl dmlld2VyOiBSdXNzIEhvdXNsZXk8YnI+DQpSZXZpZXcgcmVzdWx0OiBIYXMgSXNzdWVzPGJyPg0K PGJyPg0KSSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIFNlY3VyaXR5IERp cmVjdG9yYXRlJ3Mgb25nb2luZzxicj4NCmVmZm9ydCB0byByZXZpZXcgYWxsIElFVEYgZG9jdW1l bnRzIGJlaW5nIHByb2Nlc3NlZCBieSB0aGUgSUVTRy4gJm5ic3A7VGhlc2U8YnI+DQpjb21tZW50 cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgU2VjdXJpdHkg QXJlYTxicj4NCkRpcmVjdG9ycy4gJm5ic3A7RG9jdW1lbnQgYXV0aG9ycywgZG9jdW1lbnQgZWRp dG9ycywgYW5kIFdHIGNoYWlycyBzaG91bGQ8YnI+DQp0cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0 IGxpa2UgYW55IG90aGVyIElFVEYgTGFzdCBDYWxsIGNvbW1lbnRzLjxicj4NCjxicj4NCkRvY3Vt ZW50OiBkcmFmdC1pZXRmLXNlY2V2ZW50LXRva2VuLTA5PGJyPg0KUmV2aWV3ZXI6IFJ1c3MgSG91 c2xleTxicj4NClJldmlldyBEYXRlOiAyMDE4LTA0LTIwPGJyPg0KSUVURiBMQyBFbmQgRGF0ZTog dW5rbm93bjxicj4NCklFU0cgVGVsZWNoYXQgZGF0ZTogMjAxOC0wNS0xMDxicj4NCjxicj4NClN1 bW1hcnk6IEhhcyBJc3N1ZXM8YnI+DQo8YnI+DQpNYWpvciBDb25jZXJuczxicj4NCjxicj4NCkkg ZG8gbm90IHVuZGVyc3RhbmQgdGhlIGZpcnN0IHBhcmFncmFwaCBvZiBTZWN0aW9uIDMuICZuYnNw O0kgbWFkZSB0aGlzPGJyPg0KY29tbWVudCBvbiB2ZXJzaW9uIC0wNywgYW5kIHNvbWUgd29yZHMg d2VyZSBhZGRlZCwgYnV0IEkgc3RpbGwgZG88YnI+DQpub3QgdW5kZXJzdGFuZCB0aGlzIHBhcmFn cmFwaC4gJm5ic3A7SSB0aGluayB5b3UgYXJlIHRyeWluZyB0byBpbXBvc2Ugc29tZTxicj4NCnJ1 bGVzIG9uIGZ1dHVyZSBzcGVjaWZpY2F0aW9ucyB0aGF0IHVzZSBTRVQgdG8gZGVmaW5lIGV2ZW50 cy4gJm5ic3A7TGV0IG1lPGJyPg0KYXNrIGEgY291cGxlIG9mIHF1ZXN0aW9ucyB0aGF0IG1heSBo ZWxwLiAmbmJzcDtJIHVuZGVyc3RhbmQgdGhhdCBhPGJyPg0KcHJvZmlsaW5nIHNwZWNpZmljYXRp b24gTVVTVCBzcGVjaWZ5IHRoZSBzeW50YXggYW5kIHNlbWFudGljcyBmb3IgYTxicj4NCmNvbGxl Y3Rpb24gb2Ygc2VjdXJpdHkgZXZlbnQgdG9rZW5zLCBpbmNsdWRpbmcgdGhlIGNsYWltcyBhbmQg cGF5bG9hZHM8YnI+DQp0aGF0IGFyZSBleHBlY3RlZC4gJm5ic3A7V2hhdCBNVVNUIGEgcHJvZmls aW5nIHNwZWNpZmljYXRpb24gaW5jbHVkZT8gJm5ic3A7V2hhdDxicj4NCk1VU1QgYSBwcm9maWxp bmcgc3BlY2lmaWNhdGlvbiBOT1QgaW5jbHVkZT88YnI+DQo8YnI+DQo8YnI+DQpfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NCklkLWV2ZW50IG1haWxp bmcgbGlzdDxicj4NCjxhIGhyZWY9Im1haWx0bzpJZC1ldmVudEBpZXRmLm9yZyI+SWQtZXZlbnRA aWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQu Y29tL3YyL3VybD91PWh0dHBzLTNBX193d3cuaWV0Zi4ub3JnX21haWxtYW5fbGlzdGluZm9faWQt MkRldmVudCZhbXA7ZD1Ed0lDQWcmYW1wO2M9Um9QMVl1bUNYQ2dhV0h2bFpZUjhQWmg4QnY3cUly TVVCNjVlYXBJX0puRSZhbXA7cj1uYTVGVnpCVFdtYW5xV055NERwY3R5WFBwdVlxUGtBSTFhTGNM TjRLWk5BJmFtcDttPWhKRngtWjJpaDE4dVVOQ1hvc0FqdnlnSHFuMl9LMm10TnpxSWVqM0FoLWMm YW1wO3M9MjhPV2U0MlMwYmc4WTJlbzNWVnpBQ2VTWW56Z2l5eWVYTGw3dFR1OWkxWSZhbXA7ZSI+ aHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX193d3cu aWV0Zi4ub3JnX21haWxtYW5fbGlzdGluZm9faWQtMkRldmVudCZhbXA7ZD1Ed0lDQWcmYW1wO2M9 Um9QMVl1bUNYQ2dhV0h2bFpZUjhQWmg4QnY3cUlyTVVCNjVlYXBJX0puRSZhbXA7cj1uYTVGVnpC VFdtYW5xV055NERwY3R5WFBwdVlxUGtBSTFhTGNMTjRLWk5BJmFtcDttPWhKRngtWjJpaDE4dVVO Q1hvc0FqdnlnSHFuMl9LMm10TnpxSWVqM0FoLWMmYW1wO3M9MjhPV2U0MlMwYmc4WTJlbzNWVnpB Q2VTWW56Z2l5eWVYTGw3dFR1OWkxWSZhbXA7ZTwvYT49PG86cD48L286cD48L3A+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_DM5PR00MB029324695FEA6EF07878D6E4F5810DM5PR00MB0293namp_-- From nobody Tue May 1 22:46:47 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FD3212D77C; Tue, 1 May 2018 22:46:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id urpS0vfw7xPJ; Tue, 1 May 2018 22:46:44 -0700 (PDT) Received: from mail-pf0-x236.google.com (mail-pf0-x236.google.com [IPv6:2607:f8b0:400e:c00::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27FCA12D86A; Tue, 1 May 2018 22:46:44 -0700 (PDT) Received: by mail-pf0-x236.google.com with SMTP id w129so5400699pfd.3; Tue, 01 May 2018 22:46:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=4ieRGvRZfMgeQU3Ds/YxPGuf2mQzYF+LRkBONT+2d5I=; b=BqYwCs7OjvvGWhnMJArELZ6NxuswOURO7bsETAN9vd4yddgoeM5mII/Gt/gejP4UKQ Q7YHj/c9MDnIngweZuD4j+GogRfkmoLWTnjwa8v/5K6PxHodEB6Y3X7VO3DbZXGcUEjw 7cTfeNW7XWB4FjDgMkM4PN0AjGTuKqvgDw3Vbk/qz2p+inWRyjjukFppu67dtHtBhv+N /7ZiZMgSRHe3yM2nh4n0ZB542uvb+E++un/bkoaWT8pvxJzOXMWuy8xEUNjBQ93ESUuz cTC7wOMVfPEgNL7/0q0OpEWH60HpnU4mOpIrFsvBXOFm9XTLfdquS1rkZrd6tM1DtPbB BqRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=4ieRGvRZfMgeQU3Ds/YxPGuf2mQzYF+LRkBONT+2d5I=; b=CTFahmZJMC3/IilAPLsXNI/ZSDegbcyshTeSPsejhdQEgBk0OjsjqypIdR5xmKKdMc lg6GZ9zsvTYwnkK0znyd42vKPlbGMJOyY+Aqr2tqTSMM5csoOhJaxrxjsm7vX8geBh2r IJ7N6UUXmlmsF0ygzKvkdNvV8XAcqJW1a070AxxhlyHR2aovK7NRHV5z9Q/Zo9SZPkNB 3ZBM8JzMEAOvndTDp7JF9bnXPpCRSss4VAJ3K5HySsw5ieBv3cpC2tkYcVCbDvx4PBxX PDEo2u0B9L1hhb//1n+1EpRgu2/Ne4t4zeFAHnBeVTCctcjcXcC/178MKl3FJ1NqSrCo ldIg== X-Gm-Message-State: ALQs6tDRSvHWnrKvXJjAmktEavnvZPi1J7l+KkGDiIfMUoLj6gZ+MOZz Iw2ArLHf6FAh8J+owKBsS401YxiUZM58Yr48xk8ruQ== X-Google-Smtp-Source: AB8JxZrMqi3lRm84C3gWQTPVxYJF1XpI/ixQZ0hGc55u77txBA+tUAc8/eIptZg9efhuOy6FB8aegTTAqXSGnsUhu5A= X-Received: by 2002:a17:902:8345:: with SMTP id z5-v6mr18325304pln.311.1525240003187; Tue, 01 May 2018 22:46:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.164.165 with HTTP; Tue, 1 May 2018 22:46:42 -0700 (PDT) From: =?UTF-8?Q?Magnus_Nystr=C3=B6m?= Date: Wed, 2 May 2018 01:46:42 -0400 Message-ID: To: secdir@ietf.org, draft-ietf-httpbis-replay@ietf.org Content-Type: multipart/alternative; boundary="00000000000096594f056b329c56" Archived-At: Subject: [secdir] Secdir review of draft-ietf-httpbis-replay X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 May 2018 05:46:46 -0000 --00000000000096594f056b329c56 Content-Type: text/plain; charset="UTF-8" I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes risk of using "early" (from a TLS 1.3 perspective) data for HTTP and defines a mechanism for clients to communicate with servers about such "early" data usage. a) For the Early-data field processing, the memo states: "The "Early-Data" header field is not intended for use by user agents (that is, the original initiator of a request). ... A user agent that sends a request in early data does not need to include the "Early-Data" header field " - would it make sense to either forbid ("MUST NOT send the "Early-Data" header field) or at least recommend against it ("SHOULD NOT send the Early-Data field")? b) I am probably missing something here: "A server cannot make a request that contains the Early-Data header field safe for processing by waiting for the handshake to complete" - if the origin server always wait for successful TLS handshake completion, why would it not be safe to process the early data at that point? Nits: - Section 2, first sentence: Insert "data" after "application" - In Section 3, step 3, it is stated that: "If the server receives multiple requests in early data, it can determine whether to defer HTTP processing on a per-request basis," however, in Section 4, it is stated that: "Note that a server cannot choose to selectively reject early data at the TLS layer. TLS only permits a server to accept all early data, or none of it" - I guess this may be consistent (it will accept all data, but can selectively defer processing), but it is a bit confusing. - The attack in Section 4 is outlined as follows: "An attacker sends early data to one server instance that accepts and processes the early data, but allows that connection to proceed no further. The attacker then forwards the same messages from the client to another server instance that will reject early data. The client then retries the request, resulting in the request being processed twice." This seems a little convoluted - how would the attacker know, before the client has sent the first message, that it is what the client will send? Is the attacker's first message to a server instance intercepted from the client? If so, suggest making that clear. Thanks, -- Magnus --00000000000096594f056b329c56 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I have reviewe= d this document as part of the security directorate's ongoing effort to= review all IETF documents being processed by the IESG. These comments were= written primarily for the benefit of the security area directors.=C2=A0 Do= cument editors and WG chairs should treat these comments just like any othe= r last call comments.

This d= ocument describes risk of using "early" (from a TLS 1.3 perspecti= ve) data for HTTP and defines a mechanism for clients to communicate with s= ervers about such "early" data usage.
a) For the Early-data field processing, the memo states: &= quot;The "Early-Data" header field is not intended for use by use= r agents (that is, the original initiator of a request). ... A user agen= t that sends a request in early data does not need to include the "E= arly-Data" header field " - would it make sense to either forbid ("MUST NOT send the &quo= t;Early-Data" header field) or at least recommend against it ("SH= OULD NOT send the Early-Data field")?

b) I am probab= ly missing something here: "A server cannot make a request that contai= ns the Early-Data header field safe for processing by waiting for the han= dshake to complete" - if the origin server always wait for successful = TLS handshake completion, why would it not be safe to process the early dat= a at that point?

<= /div>
Nits:
-= Section 2, first sentence: Insert "data" after "application= "
- In Section 3, step 3, it is st= ated that: "If the server receives multiple requests in early data, it= can determine whether to defer HTTP processing on a per-request = basis," however, in Section 4, it is stated that: "Note that a = server cannot choose to selectively reject early data at the TLS layer. = TLS only permits a server to accept all early data, or none of it" -= I guess this may be consistent (it will accept all data, but can selective= ly defer processing), but it is a bit confusing.
- The attack in Section= 4 is outlined as follows: "An attacker sends early data to one server instance that accepts a= nd processes the early data, but allows that connection to proceed no=20 further. The attacker then forwards the same messages from the client to another server instance that will reject early data. The client=20 then retries the request, resulting in the request being processed twice.= "
This seems a little convoluted - how would the attacker know, before the=20 client has sent the first message, that it is what the client will send? Is the attacker's first message to a server instance intercepted from= =20 the client? If so, suggest making that clear.

Thanks,
-- Magnus

--00000000000096594f056b329c56-- From nobody Tue May 1 23:40:43 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 309C412D870; Tue, 1 May 2018 23:40:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZfnHnYZsZNpL; Tue, 1 May 2018 23:40:39 -0700 (PDT) Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by ietfa.amsl.com (Postfix) with ESMTP id 80AE112D86D; Tue, 1 May 2018 23:40:38 -0700 (PDT) Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id w426eZ49012025; Wed, 2 May 2018 08:40:35 +0200 Date: Wed, 2 May 2018 08:40:35 +0200 From: Willy Tarreau To: Magnus =?iso-8859-1?Q?Nystr=F6m?= Cc: secdir@ietf.org, draft-ietf-httpbis-replay@ietf.org Message-ID: <20180502064035.GA12016@1wt.eu> References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.6.1 (2016-04-27) Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-httpbis-replay X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 May 2018 06:40:41 -0000 Hello Magnus, first, thanks for your review. I'm having a few responses to some of your questions below : On Wed, May 02, 2018 at 01:46:42AM -0400, Magnus Nyström wrote: > a) For the Early-data field processing, the memo states: "The "Early-Data" > header field is not intended for use by user agents (that is, the original > initiator of a request). ... A user agent that sends a request in early > data does not need to include the "Early-Data" header field " - would it > make sense to either forbid ("MUST NOT send the "Early-Data" header field) > or at least recommend against it ("SHOULD NOT send the Early-Data field")? Not necessarily, as we could expect that some clients could find some benefit in doing so (for example, proxies implemented by chaining a server and a client, using a standard client library, and indicating their ability to replay a request by setting this field when they received the initial request using early data). I'm not saying there is a valid case in sight, however there doesn't appear to be any downside in doing so, so we'd rather not prevent interesting use cases from emerging. > b) I am probably missing something here: "A server cannot make a request > that contains the Early-Data header field safe for processing by waiting > for the handshake to complete" - if the origin server always wait for > successful TLS handshake completion, why would it not be safe to process > the early data at that point? No, because the request might have been received over early data by a previous reverse proxy which itself uses TLS and early data to reach the server. A typical use case will be a CDN frontend using early data with the client and with the origin server. If the CDN presents an Early-Data header field, the server knows that the request is unsafe regardless of its own connection's state. > Nits: > - Section 2, first sentence: Insert "data" after "application" > - In Section 3, step 3, it is stated that: "If the server receives multiple > requests in early data, it can determine whether to defer HTTP processing > on a per-request basis," however, in Section 4, it is stated that: "Note > that a server cannot choose to selectively reject early data at the TLS > layer. TLS only permits a server to accept all early data, or none of it" - > I guess this may be consistent (it will accept all data, but can > selectively defer processing), but it is a bit confusing. Probably that we need to refine the wording. The point in section 3 was to make it clear that early data may affect multiple requests (pipelining, HTTP/2 multiplexing), and point 4 tries to clarify the fact that the TLS layer provides you a data stream, part of which was received as early data, and that the server has no choice but to consume them all or reject them all. > - The attack in Section 4 is outlined as follows: "An attacker sends early > data to one server instance that accepts and processes the early data, but > allows that connection to proceed no further. The attacker then forwards > the same messages from the client to another server instance that will > reject early data. The client then retries the request, resulting in the > request being processed twice." > This seems a little convoluted - how would the attacker know, before the > client has sent the first message, that it is what the client will send? Is > the attacker's first message to a server instance intercepted from the > client? If so, suggest making that clear. Indeed, that was based on intercepted and replayed traffic. With an individual hat, I agree that the example is a bit conflated. But the point here was mostly to expose the risks that could happen by lazy implementations that would take some shortcuts (like automatically retrying on timeout for a client or a server accepting to process unsafe early-data requests). Thanks, Willy From nobody Wed May 2 11:56:35 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60DC412DA11; Wed, 2 May 2018 11:56:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GeYRK19MCF0w; Wed, 2 May 2018 11:56:24 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7AC512DA1A; Wed, 2 May 2018 11:56:14 -0700 (PDT) Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Wed, 2 May 2018 11:52:38 -0700 From: Jim Schaad To: 'Daniel Migault' , CC: , , References: <152485706488.6011.12980717250490137013@ietfa.amsl.com> In-Reply-To: <152485706488.6011.12980717250490137013@ietfa.amsl.com> Date: Wed, 2 May 2018 11:55:08 -0700 Message-ID: <052201d3e247$19431b20$4bc95160$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGKQIh8Fnl9XoAAnVF7fk1Lowwoi6SoQLLQ Content-Language: en-us X-Originating-IP: [73.180.8.170] Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-lamps-rfc5751-bis-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 May 2018 18:56:27 -0000 I have published a -08 with these changes. > -----Original Message----- > From: Daniel Migault > Sent: Friday, April 27, 2018 12:24 PM > To: secdir@ietf.org > Cc: spasm@ietf.org; ietf@ietf.org; = draft-ietf-lamps-rfc5751-bis.all@ietf.org > Subject: Secdir last call review of draft-ietf-lamps-rfc5751-bis-07 >=20 > Reviewer: Daniel Migault > Review result: Has Nits >=20 > Hi, >=20 >=20 > I have reviewed this document as part of the security directorate's = ongoing > effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security = area > directors. Document editors and WG chairs should treat these comments > just like any other last call comments. >=20 > The summary of the review is Has Minor Nits >=20 >=20 > Please find my comments while reading the draft. >=20 > Yours, >=20 > Daniel >=20 >=20 > 1. Introduction >=20 > As a supplementary service, S/MIME provides for message > compression. >=20 > maybe : > As a supplementary service, S/MIME provides message > compression. >=20 Done >=20 > 1.3. Conventions Used in This Document >=20 > The term RSA in this document almost always refers to the PKCS#1 v1.5 > RSA signature or encryption algorithms even when not qualified as > such. >=20 > I am not sure format would not be more appropriated than algorithm, so > maybe: >=20 > The term RSA in this document almost always refers to the PKCS#1 v1.5 > RSA signature or encryption *format* even when not qualified as > such. Interesting observation. In all of the work that I have ever done I = have always referred to the difference between PKCS #v1.5 signature, = PKCS #v1.5 encryption, OAEP, PSS and KEM and different encryption = algorithms rather than just saying that the formats are different. = Saying format would make a degree of sense between the two different 1.5 = algorithms, however if you compare v1.5 signature and PSS then more than = just the format of the data can be thought of as being involved. I don't think that this makes sense. >=20 >=20 > 2.3. KeyEncryptionAlgorithmIdentifier >=20 > When ECDH ephemeral-static is used, a key wrap algorithm is also > specified in the KeyEncryptionAlgorithmIdentifier [RFC5652]. The > underlying encryption functions for the key wrap and content > encryption algorithm ([RFC3370] and [RFC3565]) and the key sizes = for > the two algorithms MUST be the same (e.g., AES-128 key wrap = algorithm > with AES-128 content encryption algorithm). >=20 > I understand the recommendation for a sending agent, but it seems that > additional text should be provided in order to describe the behavior = of the > receiver. I am wondering if the receiver is expected to reject the = message or > whether it should assume the associated protection is the least of the = two. > Maybe specifying this is only for sending agent may also clarify this. This probably falls under the category of "I don't care", the object is = to make sending agents do the right thing. However, I have added test = about security strengths for reciepents. >=20 > 2.4.4. AuthEnvelopedData Content Type >=20 > This content type does not provide > authentication or non-repudiation. >=20 > is a really helpful clarification ;-) Maybe it could be helpful to use = the same > formulation for section 2.4.2. SignedData Content Type by > replacing: >=20 > Applying a > signature to a message provides authentication, message integrity, > and non-repudiation of origin. >=20 >=20 > This content type provides provides authentication, message integrity, = and > non-repudiation of origin. A sender signs the message with its own = private > key and shares public part of it with the recipient to validate the = signature. I don't think this necessary for the other content types. The problem = is that many people think that AED algorithms automatically provide = authentication. There are some situations where this is true, but they = are not met when doing S/MIME. >=20 > 2.5. Attributes and the SignerInfo Type >=20 > It would probably ease the reading and clarifying the purpose of the > SignerInfo's attribute. Typically, some of them might necessary to = validate > the received message, while others are informational in prevision of a > response. This is clarified later in the document but could be = introduced > here. I also believe that would be good to also include that there is = a > bootstrapping issue that is solved by the compliance of the = implementations > in supporting the recommended algorithms. >=20 > A reference to section 2.7 may be useful as this section clarifies how = the > sending agent uses these information - at least for the encryption. I have added the following sentence to the first paragraph These attributes can be required for processing of message (i.e. Message = Digest), information the signer supplied (i.e. SMIME Capabilities) that = should be processed, or attributes which are not relevant in the current = situation (i.e. mlExpansionList for mail = viewers). I don't think a forward reference to 2.7 would be useful at this point. >=20 > 2.5.1. Signing Time Attribute >=20 > The message originator has not been specified before, it may be good = to > clarify how it differs from the sender. It may also be good to specify = how this > value is being used - against replay attacks. section 2.7.1 provides = some > indications of the expected usage of the signing time attribute but it = seems > more associated to the capabilities. Replaced message originator with signer. >=20 > 2.5.2. SMIME Capabilities Attribute >=20 > A client does not have to list every capability it > supports, and need not list all its capabilities so that the > capabilities list doesn't get too long. >=20 > It might be worth providing a recommendation on what too long means, > especially as a resulting list of capabilities is (expected) to be = relatively short > compared to the message itself - but I might be wrong. > My reading of this attribute - and again I might be wrong - is that it = would be > useless if implementations would follow the cryptographic > recommendations. It is mostly useful to have non updated senders to > received responses from up-to-date responders. In addition, this > information is likely cached and as such may not be unnecessarily be > repeated. Wouldn't a MAY be more appropriated ? I don't really want to try and quantify what long means because for = different clients it can mean different things. In some considerations = one could consider listing 3 encryption algorithms to be long while in = other situations it might be 30 encryption algorithms that is too long. = If I want to send you a message and need to be sure that there is a = common enabled language then 30 encryption algorrithms is better. On = the other hand trying to figure out a common algorithm for a message = going to 100 recipients where each has a different set of algorithms and = in a different ranking order and come up with the best one means even 3 = can feel really long. The problem is not byte count as even 30 items at 10 bytes apiece is = only 300 bytes which relative to the rest of a signed MIME message is = pretty small. The problem is the question of how to make a decision and = the parameters are different based on how that algorithm is implemented. While the information can be cached, I don't know that it can be assured = to be cached. Additionally this might put a greater burden on the = sender as it would need to know if the current configuration has been = sent to a recipient. It is easier to just always send the list. = However I cannot see that there is any requirements on the document on = having sending the attribute just on receiving it. >=20 > Note also that while we have some cryptographic recommendations for = RSA, > I would have expected a table summarizing the cryptographic > recommendations with other algorithms than RSA. I don't know that adding a table is going to be useful. Much of this = information is not really designed to be put into a table unless you are = going to footnote the heck out of it which kind of defeats the process. = This information is scattered through out the document, but it tries to = be in the right place for a specific field. >=20 > 2.5.3. Encryption Key Preference Attribute >=20 > This attribute is designed to > enhance behavior for interoperating with those clients that use > separate keys for encryption and signing. >=20 > Maybe that would be good to position this attribute versus the = keyusage > when certificate are used to split the usage of each keys. I am = wondering if a > recommendation could be state on whether one or both means should be > used and if one overwrite the other. A preference may still be useful = to > indicate a preference when multiple keys for a given role are = available. Is key > management a relevant usage for preference ? >=20 > I understand that Signing Time is being used to update the preferred > keys as one way to performed key roll over. While there is some similarity between key usage and this attribute, the = attribute is more general and allows for things which are not = necessarily mentioned here. As an example, one could send different = certificates with different algorithms or key sizes and express a = preference on which certificate to use. It may be that the names = between the signing certificate and encryption key certificate are not = the same, in that case which should be used. I think that this is = covered in the introduction and a reference to key usage is not really = helpful. >=20 >=20 > 3.1. Preparing the MIME Entity for Signing, Enveloping, or = Compressing >=20 > A MIME entity can be a sub- > part, sub-parts of a message, or the whole message with all its = sub- > parts. >=20 > I am wondering if "a subpart, many subparts or ..." would not be = clearer. I don't see this as being clearer. >=20 > I understand that "message" in the first paragraph is used as the MIME > message and in other words, the message is not designating the mail. I = am > reading message as MIME multi-part message and the MIME entities as a > subset of MIME headers and parts of MIME multi-part message. Similarly > MIME body would be the MIME multi-part message. Is that correct ? I > believe the terminology paragraph could be clarified. There is no requirement that message be multi-part, it could be a = single-part message such as text/plain. However that is generally = correct. How do you believe that the text can be clarified. Specific = text would be helpful. >=20 >=20 > It is > RECOMMENDED that a distinction be made between the location of the > header. >=20 > I believe the purpose is to make a distinction between "protected" and > 'unprotected' to the end user. I would thus keep this distinction even = though > this translates into 'inner' / 'outer'. The problem of how to do this has been a topic of many discussions = without ever getting to a conclusion. One of the problems is that = protected can mean some different things depending on how you protect = the headers. For example, one could have a multipart/mixed message with = two sections each of which consists of an encrypted message. If each of = those has different protected headers in them then, while the difference = between inner and outer makes sense as that is part of the tree = structure, which set of protected headers now needs to be dealt with. >=20 >=20 > 3.3. Creating an Enveloped-Only Message >=20 >=20 > A sample message would be: >=20 > Content-Type: application/pkcs7-mime; name=3Dsmime.p7m; > smime-type=3Denveloped-data >=20 > Shouldn't we use an OID instead of data for the example ? I don't know what you are trying to ask here. =20 >=20 >=20 >=20 > 3.4. Creating an Authenticated Enveloped-Only Message >=20 > I believe the word "proof" is missing. >=20 > It is important to note that > sending authenticated enveloped messages does not provide for > origination when using S/MIME. >=20 > Maybe we should specify that this is especially true when multiple = recipients > are involved. done >=20 > 3.5.3. Signing Using the multipart/signed Format >=20 > The first part contains > the MIME entity that is signed; the second part contains the > "detached signature" CMS SignedData object in which the > encapContentInfo eContent field is absent. >=20 > I believe it would be good to specify parts are ordered as this is not = always > the case of parts. What is unclear to me is why the second part is = separated > by a boundary usually used to separate parts. It seems boundary can = also be > used as boundary inside a part which seems to make part parsing = harder. The order is part of the definition of multipart/signed. In the definition of multipart/*, the rules require that the boundary = string not exist within any of the different child body parts. This = means that it can be used to uniquely distinguish the boundaries. >=20 >=20 >=20 > 3.5.3.2. Creating a multipart/signed Message >=20 > Algorithm Value Used > MD5 md5 > SHA-1 sha-1 > SHA-224 sha-224 > SHA-256 sha-256 > SHA-384 sha-384 > SHA-512 sha-512 > Any other (defined separately in algorithm profile or "unknown" if > not defined) >=20 >=20 > Should we have any recommendations on the hash algorithm to be used by > sender / receivers ? Is that possible to deprecate MD5, SHA-1 and > SHA-224 for senders ? The recommendations on which algorithms to use is part of the signature = algorithm recommendations. This is a different table and removing items = would be potentially harmful.=20 >=20 >=20 > 3.7. Multiple Operations >=20 > Would it be recommended to have signed clear text than encrypted and > then signed encrypted ? This seems to address all security concerns. There are a large number of security concerns that have been uncovered = with each of the different orders of operations. Part of the question = is going to be what concern are you trying to address and what are the = informal rules about this. I don't think at this point we can really = give an order, however RFC 2634 does have some guidance. >=20 > 3.9. Registration Requests >=20 > Should we mention DANE rfc8162 as a way to register you public key ? I don't think so, we don=E2=80=99t ever talk about how to find keys in = the document. >=20 > 4. Certificate Processing >=20 > EdDSA Signatures recommendations for curve25519 and curve448 seems to > be missing in the key pair generating , signature section. Are there = any > reasons not to consider these curves ? >=20 > May be useful to have the following references: > [1] = https://datatracker.ietf.org/doc/draft-ietf-curdle-cms-eddsa-signatures/ > [2] https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix/ Should have had [1] as a reference, the reference was there but not the = pointer to it. The second would be referenced in rfc5750-bis not here. >=20 > 6. Security Considerations >=20 > I am wondering if any considerations should be provided for data at = rest. > Does the email needs to be archived encrypted or not and whether = S/MIME > can be used to store encrypted content. I believe that email should = not be > stored encrypted and as such S/MIME is only intended to > protect mails in transit.... but I might be wrong. I believe you to be wrong. There are no problems w/ using S/MIME as a = data at rest protection scheme. The question of storing messages as = encrypted or not is something that different clients have dealt with in = different ways. The client I use leaves things encrypted which I = consider to be the correct answer. >=20 > As a general comment I would have like a table that summarizes or = explicitly > mention what crypto is recommended for encrypting / signing. > RSA is being discussed, but ECDSA EdDSA, ECDH, hash... are not. I = believe > such tables should be updated regularly to deprecate and introduce = new > algorithms while leaving S/MIME unchanged. To do this would require that the algorithms be maintained in a separate = document. As above, I don't think a separate table adds to clarity as = it duplicates information and would be hard to write. >=20 > There are a lot of double space in the text. >=20 Jim From nobody Wed May 2 17:01:27 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4441126DED; Wed, 2 May 2018 17:01:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7hQ7tR_OfoNr; Wed, 2 May 2018 17:01:23 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94E46126BF6; Wed, 2 May 2018 17:01:23 -0700 (PDT) Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Wed, 2 May 2018 16:58:44 -0700 From: Jim Schaad To: 'Matthew Miller' , CC: , , References: <152432458128.20660.6956595430755199355@ietfa.amsl.com> In-Reply-To: <152432458128.20660.6956595430755199355@ietfa.amsl.com> Date: Wed, 2 May 2018 17:01:14 -0700 Message-ID: <054301d3e271$dc22db10$94689130$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQIiXucpxcMduUMNivilcG+pvhU0KKOAJOiA Content-Language: en-us X-Originating-IP: [73.180.8.170] Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-lamps-rfc5750-bis-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 May 2018 00:01:26 -0000 > -----Original Message----- > From: Matthew Miller > Sent: Saturday, April 21, 2018 8:30 AM > To: secdir@ietf.org > Cc: spasm@ietf.org; draft-ietf-lamps-rfc5750-bis.all@ietf.org; = ietf@ietf.org > Subject: Secdir last call review of draft-ietf-lamps-rfc5750-bis-05 >=20 > Reviewer: Matthew Miller > Review result: Has Nits >=20 > I have reviewed this document as part of the security directorate's = ongoing > effort to review all IETF documents being processed by the IESG. = These > comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments > just like any other last call comments. >=20 > Document: draft-ietf-lamps-rfc5750-bis-05 > Reviewer: Matthew A. Miller > Review Date: 2018-04-21 > IETF LC End Date: 2018-04-27 > IESG Telechat date: N/A >=20 > Summary: >=20 > This document is ready, but there is one nit around PKCS #6 handling = that > might benefit from explanation. >=20 > This document describes the certificate handling expectations for = senders > and receivers of S/MIME 4.0. It obsoletes RFC 5750, adding = requirements to > support internationalized email addresses, increase RSA minimum key = sizes, > and support ECDSA using P-256 and Ed25519; older algorithms such as = DSA, > MD5, and SHA-1 are relegated to historical. >=20 > Major Issues: N/A >=20 > Minor Issues: N/A >=20 > Nits: >=20 > Section 2.2.1. "Historical Note about CMS Certificates" is almost = entired > unchanged, but added a requirement that receivers MUST be able to = process > PCKS #6 extended certificates. This almost seems at odds with the = rest of > the paragraph that precedes this MUST, noting PKCS #6 has little use = and > PKIX is functionally equivalent. > A short explanation of why this additional handling requirement would = seem > helpful. How about the following which is just a description of what we are = looking for in terms of behavior. Receiving agents MUST be able to parser and process a message = containing PKCS #6 extended certificates although ignoring those = certificates is expected behavior. From nobody Wed May 2 18:51:50 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9F9812D77B; Wed, 2 May 2018 18:51:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g0bObDjrCawP; Wed, 2 May 2018 18:51:44 -0700 (PDT) Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17507127599; Wed, 2 May 2018 18:51:44 -0700 (PDT) Received: by mail-oi0-x231.google.com with SMTP id a6-v6so14755676oia.2; Wed, 02 May 2018 18:51:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hpdUd5PIphGcuTbHTBxkFuVaAjWcT2y0Yt4r2Vy1/0k=; b=k6ozn14GRJxmASVztdX7nydw5EYmDep30IuGjvQn3+CT3OCWTYbGPAtTLwVEn0DUSU y67WtdArltaFhFkcQHBPX0JPaHsgMArHmTrSakWkR/5PzseipJ+GP/QFeon2MK7LcJ3X xXCgbKsDwjFenTR+IIRJwgYMvKUiKkm/L5D84i3ElyVfjKSs+e2ZSJWoi9jCHJhNWYXq HBrsXZs2DTSnu84s+IHDKB2KkCtDUN+aI40ytPxaUIW2pmf959cz3uOiVqclLCyJ65T1 solwuj0SLbppvvutKvg8je0jKzkHo8QX2hLW4VpQIFsoochDm7j87SFMhc7Npdx/wk7Q IZ9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hpdUd5PIphGcuTbHTBxkFuVaAjWcT2y0Yt4r2Vy1/0k=; b=JfHwUKc4M6ltePfYZacji0PYsZsBK2uR2Vnjr/I7VA+X6cLN+x6En6a/MfKkHEV13t tBb35pp2gSdHIwqE+AVnoFM0nbloVeDyGNGIeUJa1eMJXpOcsHU+HA/yZ49+PsuEuLbp /9Ph4OLaKYLk3o5yLipf+VEkquQIUxiJQjdiLAH0YFrz8ORmpecWWy4RQlFLyPMoip6X tNckfSR7sHccKqpj5sPQtIZjR8vYjx49/po6v+fuXn3aKgB7PhSh5y5UgEzGb1WYa61T hB+zKrIhxpeXDT50O9X/W6JX9FQdpD07ORARZCJDqdd5fymwEtQmWsWkWfPmphhz8kw/ hF+Q== X-Gm-Message-State: ALQs6tC7NKAwkeH1LkuCcDrLV+gIwxtQcQ+3unOgIsbqffVn59aXwwLK UPrgRlKUnvM9Ndfnv/0WgbyY0M8NFPyBCQnZBfc= X-Google-Smtp-Source: AB8JxZpalFxY4EoBCmVA8gU57rODAGGa7iAwvUFt2TleteGTK6lbMArw1bjQlnTfoHDEudYYeNdtUi6AlvBZ6Ps4Xj4= X-Received: by 2002:aca:ebd4:: with SMTP id j203-v6mr14518268oih.110.1525312303267; Wed, 02 May 2018 18:51:43 -0700 (PDT) MIME-Version: 1.0 References: <20180502064035.GA12016@1wt.eu> In-Reply-To: <20180502064035.GA12016@1wt.eu> From: Martin Thomson Date: Thu, 03 May 2018 01:51:32 +0000 Message-ID: To: Willy Tarreau Cc: =?UTF-8?Q?Magnus_Nystr=C3=B6m?= , secdir@ietf.org, draft-ietf-httpbis-replay@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-httpbis-replay X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 May 2018 01:51:49 -0000 Yes, thanks Magnus, I think that Willy answered the primary concerns. I'm not sure that there is anything actionable in those, but if you have a suggestion for improvement, that would be appreciated. > > - Section 2, first sentence: Insert "data" after "application" This is fixed in the editor's copy (long story there, but the draft you reviewed was *slightly* out of date). > > - In Section 3, step 3, it is stated that: "If the server receives multiple > > requests in early data, it can determine whether to defer HTTP processing > > on a per-request basis," however, in Section 4, it is stated that: "Note > > that a server cannot choose to selectively reject early data at the TLS > > layer. TLS only permits a server to accept all early data, or none of it" - > > I guess this may be consistent (it will accept all data, but can > > selectively defer processing), but it is a bit confusing. > Probably that we need to refine the wording. The point in section 3 was > to make it clear that early data may affect multiple requests (pipelining, > HTTP/2 multiplexing), and point 4 tries to clarify the fact that the TLS > layer provides you a data stream, part of which was received as early > data, and that the server has no choice but to consume them all or reject > them all. When I went to look at this, I noticed that we don't really explain that rejecting 0-RTT is possible. That's an important option, even if it is pretty severely limited. So I added that: 2. The server can reject early data. A server cannot selectively reject early data, so this results in all requests sent in early data being discarded. Full change at: https://github.com/httpwg/http-extensions/pull/602 In doing so, I think that the context needed to interpret step 3 (now step 4) is available. > > - The attack in Section 4 is outlined as follows: "An attacker sends early > > data to one server instance that accepts and processes the early data, but > > allows that connection to proceed no further. The attacker then forwards > > the same messages from the client to another server instance that will > > reject early data. The client then retries the request, resulting in the > > request being processed twice." > > This seems a little convoluted - how would the attacker know, before the > > client has sent the first message, that it is what the client will send? Is > > the attacker's first message to a server instance intercepted from the > > client? If so, suggest making that clear. > Indeed, that was based on intercepted and replayed traffic. With an > individual hat, I agree that the example is a bit conflated. But the > point here was mostly to expose the risks that could happen by lazy > implementations that would take some shortcuts (like automatically > retrying on timeout for a client or a server accepting to process > unsafe early-data requests). Yeah, maybe this alternative is better: Automatic retry creates the potential for a replay attack. An attacker intercepts a connection that uses early data and copies the early data to another server instance. The second server instance accepts and processes the early data. The attacker then allows the original connection to complete. Even if the early data is detected as a duplicate and rejected, the first server instance might allow the connection to complete. If the client then retries requests that were sent in early data, the request will be processed twice. Details at: https://github.com/httpwg/http-extensions/pull/603 From nobody Wed May 2 21:10:54 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65E5212D7F2; Wed, 2 May 2018 21:10:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 875TgVLhAbk9; Wed, 2 May 2018 21:10:51 -0700 (PDT) Received: from mail-pf0-x22c.google.com (mail-pf0-x22c.google.com [IPv6:2607:f8b0:400e:c00::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17DE5120727; Wed, 2 May 2018 21:10:51 -0700 (PDT) Received: by mail-pf0-x22c.google.com with SMTP id j5so13611565pfh.2; Wed, 02 May 2018 21:10:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CfeEerq54o+Ghl/QoAckUmQSa+89mRBWTza3+oQMz6I=; b=VzmSGmlae86xJFbYczXKIDctp90TY+clznEydle7RGanNE9KbliuVVihc8XiPhiJqk UVvWolahysSwxZPJ01t4gWtzZ8BtPJGb0BRmnFjpSiEU76ruet+vRJhsYtdCaDZVcHep p+jBHqJPJDuYGrlEfI988F5v3kPBhRBoeDi+P4QQ0UAIBfgDK7pYg8f4PVz6YQc34v61 PwRcw1o3EfVJ1GYL48wDxRdJh7JFR6GDyMa+m7xe8LMrv3XlkF7MedLgK2mjhOTmEpfY b2ahHVt6wQTig+RH5dpGh2W8eWmzSPqF6/HjYAI6TwwQMkwpol9ZYo6xzBfbdGzxuSQP OsIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CfeEerq54o+Ghl/QoAckUmQSa+89mRBWTza3+oQMz6I=; b=IyEOO2rI7WMcsx9pmEYVbZsr14i0Rz8KYdzVA+Mu1VENV44Crex0B5gKXec6YOfHj4 m2AMmAdkp6+eZEO99kKz7BJF+ZdV74Gzy8+v/zEQt52Qt3nS30PXd2PMc8WzZyIynaFm k57fvdllalgOuMhO/QM4wPNCc7TzZW9z5PNnAqFBRqc6MZE5IgTNrFXlDrZUSSGi9usD Bd7F5LI3/ow4Q+HbU4XPIySTY6gqhII40CVRI/8HCBYmHaBkY/dPNj7kcfPlzMxpO8yd /Eq38jnXnQh9JhTdxEYgeLOXkO9r1VQ3xstsY3Fkbe3/Tz1P60m2ZjoQ0Z9eXxMvncqc VKDg== X-Gm-Message-State: ALQs6tAjH7zBAulkzVwb4ow/n9nQoJj9EEWMJHzZu46yNGlCElLy15ji 1wYKSeAPzZ6WM9xh0UoaHN6xA7hi7iwIsOWSFNw= X-Google-Smtp-Source: AB8JxZopwVn1JHGn0FdlpQf1AM9om+jzDzIRiOi25A81hLJeKmHzLRhgEd1nRuxbQMPU/suHoV8x1hmTPxry2S/F3ng= X-Received: by 2002:a17:902:1e3:: with SMTP id b90-v6mr21942092plb.273.1525320650611; Wed, 02 May 2018 21:10:50 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.164.165 with HTTP; Wed, 2 May 2018 21:10:50 -0700 (PDT) In-Reply-To: References: <20180502064035.GA12016@1wt.eu> From: =?UTF-8?Q?Magnus_Nystr=C3=B6m?= Date: Wed, 2 May 2018 21:10:50 -0700 Message-ID: To: Martin Thomson Cc: Willy Tarreau , secdir@ietf.org, draft-ietf-httpbis-replay@ietf.org Content-Type: multipart/alternative; boundary="0000000000008c61a3056b456304" Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-httpbis-replay X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 May 2018 04:10:53 -0000 --0000000000008c61a3056b456304 Content-Type: text/plain; charset="UTF-8" Yes Martin, I think all of those changes are improvements - thanks for considering! /M On Wed, May 2, 2018 at 6:51 PM, Martin Thomson wrote: > Yes, thanks Magnus, > > I think that Willy answered the primary concerns. I'm not sure that there > is anything actionable in those, but if you have a suggestion for > improvement, that would be appreciated. > > > > - Section 2, first sentence: Insert "data" after "application" > > This is fixed in the editor's copy (long story there, but the draft you > reviewed was *slightly* out of date). > > > > - In Section 3, step 3, it is stated that: "If the server receives > multiple > > > requests in early data, it can determine whether to defer HTTP > processing > > > on a per-request basis," however, in Section 4, it is stated that: > "Note > > > that a server cannot choose to selectively reject early data at the TLS > > > layer. TLS only permits a server to accept all early data, or none of > it" - > > > I guess this may be consistent (it will accept all data, but can > > > selectively defer processing), but it is a bit confusing. > > > Probably that we need to refine the wording. The point in section 3 was > > to make it clear that early data may affect multiple requests > (pipelining, > > HTTP/2 multiplexing), and point 4 tries to clarify the fact that the TLS > > layer provides you a data stream, part of which was received as early > > data, and that the server has no choice but to consume them all or reject > > them all. > > When I went to look at this, I noticed that we don't really explain that > rejecting 0-RTT is possible. That's an important option, even if it is > pretty severely limited. > > So I added that: > 2. The server can reject early data. A server cannot selectively > reject early data, so this results in all requests sent in early > data being discarded. > > Full change at: https://github.com/httpwg/http-extensions/pull/602 > > In doing so, I think that the context needed to interpret step 3 (now step > 4) is available. > > > > - The attack in Section 4 is outlined as follows: "An attacker sends > early > > > data to one server instance that accepts and processes the early data, > but > > > allows that connection to proceed no further. The attacker then > forwards > > > the same messages from the client to another server instance that will > > > reject early data. The client then retries the request, resulting in > the > > > request being processed twice." > > > This seems a little convoluted - how would the attacker know, before > the > > > client has sent the first message, that it is what the client will > send? Is > > > the attacker's first message to a server instance intercepted from the > > > client? If so, suggest making that clear. > > > Indeed, that was based on intercepted and replayed traffic. With an > > individual hat, I agree that the example is a bit conflated. But the > > point here was mostly to expose the risks that could happen by lazy > > implementations that would take some shortcuts (like automatically > > retrying on timeout for a client or a server accepting to process > > unsafe early-data requests). > > Yeah, maybe this alternative is better: > Automatic retry creates the potential for a replay attack. An > attacker intercepts a connection that uses early data and copies the > early data to another server instance. The second server instance > accepts and processes the early data. The attacker then allows the > original connection to complete. Even if the early data is detected > as a duplicate and rejected, the first server instance might allow > the connection to complete. If the client then retries requests that > were sent in early data, the request will be processed twice. > > Details at: https://github.com/httpwg/http-extensions/pull/603 > -- -- Magnus --0000000000008c61a3056b456304 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Yes Martin, I think all of those changes are improvem= ents - thanks for considering!

/M

On Wed, May 2, 2018 at 6:51 PM, Mart= in Thomson <martin.thomson@gmail.com> wrote:
Yes, thanks Magnus,

I think that Willy answered the primary concerns.=C2=A0 I'm not sure th= at there
is anything actionable in those, but if you have a suggestion for
improvement, that would be appreciated.

> > - Section 2, first sentence: Insert "data" after "= application"

This is fixed in the editor's copy (long story there, but the dr= aft you
reviewed was *slightly* out of date).

> > - In Section 3, step 3, it is stated that: "If the server re= ceives
multiple
> > requests in early data, it can determine whether to defer HTTP processing
> > on a per-request basis," however, in Section 4, it is stated= that: "Note
> > that a server cannot choose to selectively reject early data at t= he TLS
> > layer. TLS only permits a server to accept all early data, or non= e of
it" -
> > I guess this may be consistent (it will accept all data, but can<= br> > > selectively defer processing), but it is a bit confusing.

> Probably that we need to refine the wording. The point in section 3 wa= s
> to make it clear that early data may affect multiple requests (pipelin= ing,
> HTTP/2 multiplexing), and point 4 tries to clarify the fact that the T= LS
> layer provides you a data stream, part of which was received as early<= br> > data, and that the server has no choice but to consume them all or rej= ect
> them all.

When I went to look at this, I noticed that we don't really expl= ain that
rejecting 0-RTT is possible.=C2=A0 That's an important option, even if = it is
pretty severely limited.

So I added that:
=C2=A0 =C2=A0 2.=C2=A0 The server can reject early data.=C2=A0 A server can= not selectively
=C2=A0 =C2=A0 =C2=A0 =C2=A0 reject early data, so this results in all reque= sts sent in early
=C2=A0 =C2=A0 =C2=A0 =C2=A0 data being discarded.

Full change at: https://github.com/httpwg/htt= p-extensions/pull/602

In doing so, I think that the context needed to interpret step 3 (now step<= br> 4) is available.

> > - The attack in Section 4 is outlined as follows: "An attack= er sends
early
> > data to one server instance that accepts and processes the early = data,
but
> > allows that connection to proceed no further. The attacker then f= orwards
> > the same messages from the client to another server instance that= will
> > reject early data. The client then retries the request, resulting= in the
> > request being processed twice."
> > This seems a little convoluted - how would the attacker know, bef= ore the
> > client has sent the first message, that it is what the client wil= l
send? Is
> > the attacker's first message to a server instance intercepted= from the
> > client? If so, suggest making that clear.

> Indeed, that was based on intercepted and replayed traffic. With an > individual hat, I agree that the example is a bit conflated. But the > point here was mostly to expose the risks that could happen by lazy > implementations that would take some shortcuts (like automatically
> retrying on timeout for a client or a server accepting to process
> unsafe early-data requests).

Yeah, maybe this alternative is better:
=C2=A0 =C2=A0 Automatic retry creates the potential for a replay attack.=C2= =A0 An
=C2=A0 =C2=A0 attacker intercepts a connection that uses early data and cop= ies the
=C2=A0 =C2=A0 early data to another server instance.=C2=A0 The second serve= r instance
=C2=A0 =C2=A0 accepts and processes the early data.=C2=A0 The attacker then= allows the
=C2=A0 =C2=A0 original connection to complete.=C2=A0 Even if the early data= is detected
=C2=A0 =C2=A0 as a duplicate and rejected, the first server instance might = allow
=C2=A0 =C2=A0 the connection to complete.=C2=A0 If the client then retries = requests that
=C2=A0 =C2=A0 were sent in early data, the request will be processed twice.=

Details at: https://github.com/httpwg/http-ex= tensions/pull/603



--
-- Magnus
--0000000000008c61a3056b456304-- From nobody Thu May 3 13:10:45 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2C4312EACF for ; Thu, 3 May 2018 13:10:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.908 X-Spam-Level: X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EI83JvpRZcLd for ; Thu, 3 May 2018 13:10:28 -0700 (PDT) Received: from mail-ot0-x22e.google.com (mail-ot0-x22e.google.com [IPv6:2607:f8b0:4003:c0f::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3937B12EAC0 for ; Thu, 3 May 2018 13:10:25 -0700 (PDT) Received: by mail-ot0-x22e.google.com with SMTP id y10-v6so22061766otg.10 for ; Thu, 03 May 2018 13:10:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ifwy6LmQHSiPe6ZARXCskgT/4cOQH+5uPxlycgYbG1A=; b=TvIfYLvkkNx1iZXuus/isyicn+g4n3c3XCwBD5S+5INeB9nHW5ucbgkomhHl78g5MR xzG1du7vLt4y/PS5y/J+H8BzQ4Jgu/p2RKSrJvy22G6AJbR9+wL8s3/gjEF/9a7yBUHI xDgt6dTZbbpb7N+9szbHj4mthG0tII4maIFq7Sb87De1PGQuWOqzkQEoCRiAv8vEliYc pEO8JNy6YtsyyDzdvYOdxusoNGz4YXLzdoE1gqxolEOatk4Ha27H5ocBsICtv4YpK7Rw 1OEFdn2YbCOvBVGofiEDGLfyiC2SfRYO+gQ75RxNjSSrJJA5ZnNhy+WWsaA81/RdNRYg RZxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ifwy6LmQHSiPe6ZARXCskgT/4cOQH+5uPxlycgYbG1A=; b=VLG7eWHEVcH9ROkUyiO9Iz0Wet1XzIu+ZuVfofElSlmgO4klK48MWZ79QpRXHxent9 bB0+BbAieqT9LmGRzr4o7AX/gKHRhGO0MoUCnwItHsarkrfPhelZN5OH8htyEH7yp465 W+GdbU7wFGN/pxDftdhTuqPZhKFB0GaMZFp0eFNZI2MkxQnqbQuksDE33NycS7Ze1u5B 16AuPSSUl0YkiXR4N7DULRLmHb6CY7Vu5jhoCTxNrRMM9brHiIf99SOfsDaXoq2YAvj+ jhZ4CZlycx0WMHCayNjsVfXCZC+ozzKqKjykpTKAQTaDljVRrhysdBL+g8OpMV4xvv9Z kmXQ== X-Gm-Message-State: ALQs6tAA7zBepdp32TYKwrL9Uw2x87xDg26gTk2tKIgSgihUx8VM2jMA EhP641eAs0tPFHZQi4IiOcXZutgLTHXUTf5y9zk3yQ== X-Google-Smtp-Source: AB8JxZrJBqPpgNK0wOv4Zy6HNYPfdlz9AAK9xXn0e4k7fp3c6R5GHgMdMHj/Qo4OthspUdKppR2EF1f3tTKqv0F1Bnk= X-Received: by 2002:a9d:72c6:: with SMTP id d6-v6mr4674037otk.392.1525378224556; Thu, 03 May 2018 13:10:24 -0700 (PDT) MIME-Version: 1.0 Received: by 10.201.118.130 with HTTP; Thu, 3 May 2018 13:09:43 -0700 (PDT) In-Reply-To: <054301d3e271$dc22db10$94689130$@augustcellars.com> References: <152432458128.20660.6956595430755199355@ietfa.amsl.com> <054301d3e271$dc22db10$94689130$@augustcellars.com> From: Eric Rescorla Date: Thu, 3 May 2018 13:09:43 -0700 Message-ID: To: Jim Schaad Cc: Matthew Miller , secdir@ietf.org, SPASM , draft-ietf-lamps-rfc5750-bis.all@ietf.org, IETF discussion list Content-Type: multipart/alternative; boundary="000000000000391e5f056b52cb77" Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-lamps-rfc5750-bis-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 May 2018 20:10:30 -0000 --000000000000391e5f056b52cb77 Content-Type: text/plain; charset="UTF-8" probably "parse" not "parser" On Wed, May 2, 2018 at 5:01 PM, Jim Schaad wrote: > > > > -----Original Message----- > > From: Matthew Miller > > Sent: Saturday, April 21, 2018 8:30 AM > > To: secdir@ietf.org > > Cc: spasm@ietf.org; draft-ietf-lamps-rfc5750-bis.all@ietf.org; > ietf@ietf.org > > Subject: Secdir last call review of draft-ietf-lamps-rfc5750-bis-05 > > > > Reviewer: Matthew Miller > > Review result: Has Nits > > > > I have reviewed this document as part of the security directorate's > ongoing > > effort to review all IETF documents being processed by the IESG. These > > comments were written primarily for the benefit of the security area > > directors. Document editors and WG chairs should treat these comments > > just like any other last call comments. > > > > Document: draft-ietf-lamps-rfc5750-bis-05 > > Reviewer: Matthew A. Miller > > Review Date: 2018-04-21 > > IETF LC End Date: 2018-04-27 > > IESG Telechat date: N/A > > > > Summary: > > > > This document is ready, but there is one nit around PKCS #6 handling that > > might benefit from explanation. > > > > This document describes the certificate handling expectations for senders > > and receivers of S/MIME 4.0. It obsoletes RFC 5750, adding requirements > to > > support internationalized email addresses, increase RSA minimum key > sizes, > > and support ECDSA using P-256 and Ed25519; older algorithms such as DSA, > > MD5, and SHA-1 are relegated to historical. > > > > Major Issues: N/A > > > > Minor Issues: N/A > > > > Nits: > > > > Section 2.2.1. "Historical Note about CMS Certificates" is almost entired > > unchanged, but added a requirement that receivers MUST be able to process > > PCKS #6 extended certificates. This almost seems at odds with the rest > of > > the paragraph that precedes this MUST, noting PKCS #6 has little use and > > PKIX is functionally equivalent. > > A short explanation of why this additional handling requirement would > seem > > helpful. > > How about the following which is just a description of what we are looking > for in terms of behavior. > > Receiving agents MUST be able to parser and process a message > containing PKCS #6 extended certificates although ignoring those > certificates is expected behavior. > > > > --000000000000391e5f056b52cb77 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
probably "parse" not "parser"


On Wed, May 2, 2018 at 5:01 PM, Jim Schaad <ietf@augustcellars.= com> wrote:


> -----Original Message-----
> From: Matthew Miller <linuxwolf+ietf@outer-planes.net>
> Sent: Saturday, April 21, 2018 8:30 AM
> To: secdir@ietf.org
> Cc: spasm@ietf.org; draft-ietf-lamps-rfc5750-b= is.all@ietf.org; ietf@ietf.org
> Subject: Secdir last call review of draft-ietf-lamps-rfc5750-bis-= 05
>
> Reviewer: Matthew Miller
> Review result: Has Nits
>
> I have reviewed this document as part of the security directorate'= s ongoing
> effort to review all IETF documents being processed by the IESG.=C2=A0= These
> comments were written primarily for the benefit of the security area > directors.=C2=A0 Document editors and WG chairs should treat these com= ments
> just like any other last call comments.
>
> Document: draft-ietf-lamps-rfc5750-bis-05
> Reviewer: Matthew A. Miller
> Review Date: 2018-04-21
> IETF LC End Date: 2018-04-27
> IESG Telechat date: N/A
>
> Summary:
>
> This document is ready, but there is one nit around PKCS #6 handling t= hat
> might benefit from explanation.
>
> This document describes the certificate handling expectations for send= ers
> and receivers of S/MIME 4.0.=C2=A0 It obsoletes RFC 5750, adding requi= rements to
> support internationalized email addresses, increase RSA minimum key si= zes,
> and support ECDSA using P-256 and Ed25519; older algorithms such as DS= A,
> MD5, and SHA-1 are relegated to historical.
>
> Major Issues: N/A
>
> Minor Issues: N/A
>
> Nits:
>
> Section 2.2.1. "Historical Note about CMS Certificates" is a= lmost entired
> unchanged, but added a requirement that receivers MUST be able to proc= ess
> PCKS #6 extended certificates.=C2=A0 This almost seems at odds with th= e rest of
> the paragraph that precedes this MUST, noting PKCS #6 has little use a= nd
> PKIX is functionally equivalent.
> A short explanation of why this additional handling requirement would = seem
> helpful.

How about the following which is just a description of what we = are looking for in terms of behavior.

=C2=A0 =C2=A0Receiving agents MUST be able to parser and process a message = containing PKCS #6 extended certificates although ignoring those certificat= es is expected behavior.




--000000000000391e5f056b52cb77-- From nobody Thu May 3 13:55:33 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5985126CC7; Thu, 3 May 2018 13:55:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rff_k7FD2UMI; Thu, 3 May 2018 13:55:26 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A1A51201F2; Thu, 3 May 2018 13:55:26 -0700 (PDT) Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Thu, 3 May 2018 13:52:49 -0700 From: Jim Schaad To: 'Eric Rescorla' CC: 'Matthew Miller' , , 'SPASM' , , 'IETF discussion list' References: <152432458128.20660.6956595430755199355@ietfa.amsl.com> <054301d3e271$dc22db10$94689130$@augustcellars.com> In-Reply-To: Date: Thu, 3 May 2018 13:55:20 -0700 Message-ID: <05b801d3e321$0e2a8590$2a7f90b0$@augustcellars.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_05B9_01D3E2E6.61CE6CB0" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQIiXucpxcMduUMNivilcG+pvhU0KAJBwpJPAYBUCgejY3OCgA== Content-Language: en-us X-Originating-IP: [73.180.8.170] Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-lamps-rfc5750-bis-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 May 2018 20:55:32 -0000 ------=_NextPart_000_05B9_01D3E2E6.61CE6CB0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable It was spelled correctly =E2=80=93 yes done locally. =20 From: Eric Rescorla =20 Sent: Thursday, May 3, 2018 1:10 PM To: Jim Schaad Cc: Matthew Miller ; secdir@ietf.org; = SPASM ; draft-ietf-lamps-rfc5750-bis.all@ietf.org; IETF = discussion list Subject: Re: Secdir last call review of draft-ietf-lamps-rfc5750-bis-05 =20 probably "parse" not "parser" =20 =20 On Wed, May 2, 2018 at 5:01 PM, Jim Schaad > wrote: > -----Original Message----- > From: Matthew Miller > > Sent: Saturday, April 21, 2018 8:30 AM > To: secdir@ietf.org =20 > Cc: spasm@ietf.org ; = draft-ietf-lamps-rfc5750-bis.all@ietf.org = ; ietf@ietf.org = =20 > Subject: Secdir last call review of draft-ietf-lamps-rfc5750-bis-05 >=20 > Reviewer: Matthew Miller > Review result: Has Nits >=20 > I have reviewed this document as part of the security directorate's = ongoing > effort to review all IETF documents being processed by the IESG. = These > comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments > just like any other last call comments. >=20 > Document: draft-ietf-lamps-rfc5750-bis-05 > Reviewer: Matthew A. Miller > Review Date: 2018-04-21 > IETF LC End Date: 2018-04-27 > IESG Telechat date: N/A >=20 > Summary: >=20 > This document is ready, but there is one nit around PKCS #6 handling = that > might benefit from explanation. >=20 > This document describes the certificate handling expectations for = senders > and receivers of S/MIME 4.0. It obsoletes RFC 5750, adding = requirements to > support internationalized email addresses, increase RSA minimum key = sizes, > and support ECDSA using P-256 and Ed25519; older algorithms such as = DSA, > MD5, and SHA-1 are relegated to historical. >=20 > Major Issues: N/A >=20 > Minor Issues: N/A >=20 > Nits: >=20 > Section 2.2.1. "Historical Note about CMS Certificates" is almost = entired > unchanged, but added a requirement that receivers MUST be able to = process > PCKS #6 extended certificates. This almost seems at odds with the = rest of > the paragraph that precedes this MUST, noting PKCS #6 has little use = and > PKIX is functionally equivalent. > A short explanation of why this additional handling requirement would = seem > helpful. How about the following which is just a description of what we are = looking for in terms of behavior. Receiving agents MUST be able to parser and process a message = containing PKCS #6 extended certificates although ignoring those = certificates is expected behavior. =20 ------=_NextPart_000_05B9_01D3E2E6.61CE6CB0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

It was = spelled correctly =E2=80=93 yes done locally.

 

From: Eric = Rescorla <ekr@rtfm.com>
Sent: Thursday, May 3, 2018 = 1:10 PM
To: Jim Schaad = <ietf@augustcellars.com>
Cc: Matthew Miller = <linuxwolf+ietf@outer-planes.net>; secdir@ietf.org; SPASM = <spasm@ietf.org>; draft-ietf-lamps-rfc5750-bis.all@ietf.org; IETF = discussion list <ietf@ietf.org>
Subject: Re: Secdir last = call review of = draft-ietf-lamps-rfc5750-bis-05

 

probably "parse" not = "parser"

 

 

On Wed, = May 2, 2018 at 5:01 PM, Jim Schaad <ietf@augustcellars.com> = wrote:



> -----Original Message-----
> From: = Matthew Miller <linuxwolf+ietf@outer-pl= anes.net>
> Sent: Saturday, April 21, 2018 8:30 AM
> = To: secdir@ietf.org
> Cc: = spasm@ietf.org; draft-ietf-lamp= s-rfc5750-bis.all@ietf.org; ietf@ietf.org
> Subject: Secdir = last call review of draft-ietf-lamps-rfc5750-bis-05
> =

> Reviewer: Matthew Miller
> = Review result: Has Nits
>
> I have reviewed this document = as part of the security directorate's ongoing
> effort to review = all IETF documents being processed by the IESG.  These
> = comments were written primarily for the benefit of the security = area
> directors.  Document editors and WG chairs should = treat these comments
> just like any other last call = comments.
>
> Document: = draft-ietf-lamps-rfc5750-bis-05
> Reviewer: Matthew A. = Miller
> Review Date: 2018-04-21
> IETF LC End Date: = 2018-04-27
> IESG Telechat date: N/A
>
> = Summary:
>
> This document is ready, but there is one nit = around PKCS #6 handling that
> might benefit from = explanation.
>
> This document describes the certificate = handling expectations for senders
> and receivers of S/MIME = 4.0.  It obsoletes RFC 5750, adding requirements to
> support = internationalized email addresses, increase RSA minimum key = sizes,
> and support ECDSA using P-256 and Ed25519; older = algorithms such as DSA,
> MD5, and SHA-1 are relegated to = historical.
>
> Major Issues: N/A
>
> Minor = Issues: N/A
>
> Nits:
>
> Section 2.2.1. = "Historical Note about CMS Certificates" is almost = entired
> unchanged, but added a requirement that receivers MUST = be able to process
> PCKS #6 extended certificates.  This = almost seems at odds with the rest of
> the paragraph that = precedes this MUST, noting PKCS #6 has little use and
> PKIX is = functionally equivalent.
> A short explanation of why this = additional handling requirement would seem
> = helpful.

How about the following which is just a = description of what we are looking for in terms of = behavior.

   Receiving agents MUST be able to parser = and process a message containing PKCS #6 extended certificates although = ignoring those certificates is expected = behavior.


 

------=_NextPart_000_05B9_01D3E2E6.61CE6CB0-- From nobody Thu May 3 16:21:12 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 228C212DA05 for ; Thu, 3 May 2018 16:21:10 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.79.1 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secretary@mit.edu Message-ID: <152538967009.11628.6604643164030690036.idtracker@ietfa.amsl.com> Date: Thu, 03 May 2018 16:21:10 -0700 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 May 2018 23:21:10 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2018-05-10 Reviewer LC end Draft Tobias Gondrom 2018-03-12 draft-ietf-tokbind-https-14 Leif Johansson R2018-02-26 draft-ietf-homenet-babel-profile-06 Barry Leiba 2018-04-10 draft-ietf-bess-evpn-prefix-advertisement-10 For telechat 2018-05-24 Reviewer LC end Draft Radia Perlman 2018-04-20 draft-ietf-ccamp-microwave-framework-05 Tina Tsou 2018-02-26 draft-ietf-softwire-dslite-yang-15 Last calls: Reviewer LC end Draft John Bradley 2018-04-18 draft-ietf-acme-acme-12 Daniel Gillmor 2018-03-19 draft-gutmann-scep-10 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Sandra Murphy 2018-04-24 draft-ietf-mmusic-sdp-simulcast-12 Vincent Roca 2018-05-21 draft-hakala-urn-nbn-rfc3188bis-00 Kyle Rose 2018-05-10 draft-ietf-extra-imap-status-size-01 Joseph Salowey 2018-05-16 draft-ietf-payload-rtp-vc2hq-05 Stefan Santesson 2018-05-14 draft-ietf-extra-specialuse-important-03 Yaron Sheffer 2018-05-14 draft-ietf-extra-imap-list-myrights-05 Early review requests: Reviewer Due Draft Daniel Franke 2018-01-31 draft-ietf-intarea-provisioning-domains-00 Ólafur Guðmundsson 2018-01-09 draft-ietf-opsawg-nat-yang-09 Dan Harkins 2018-05-31 draft-ietf-dtn-bpsec-06 Next in the reviewer rotation: Melinda Shore Robert Sparks Takeshi Takahashi Tina Tsou Sean Turner Carl Wallace David Waltermire Samuel Weiler Brian Weis Klaas Wierenga From nobody Thu May 3 23:32:59 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 68773127078; Thu, 3 May 2018 23:32:46 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Yaron Sheffer To: Cc: extra@ietf.org, ietf@ietf.org, draft-ietf-extra-imap-list-myrights.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.79.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152541556631.11734.11664621461529219097@ietfa.amsl.com> Date: Thu, 03 May 2018 23:32:46 -0700 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-extra-imap-list-myrights-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 May 2018 06:32:46 -0000 Reviewer: Yaron Sheffer Review result: Has Nits The document defines a simple extension to the IMAP LIST command. - LSUB is mentioned in the Introduction, but then never mentioned again. Is the extension applicable to it? - The document does not formally define the syntax of the MYRIGHTS response. Presumably it is exactly as in RFC 4314. - The document should refer to the security considerations of RFC 4314. Specifically, does the first paragraph of those security considerations also apply here? From nobody Fri May 4 06:52:02 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2366D12D7F0; Fri, 4 May 2018 06:51:48 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Barry Leiba To: Cc: draft-ietf-bess-evpn-prefix-advertisement.all@ietf.org, ietf@ietf.org, bess@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.79.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152544190809.11693.11790094151278701234@ietfa.amsl.com> Date: Fri, 04 May 2018 06:51:48 -0700 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-bess-evpn-prefix-advertisement-10 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 May 2018 13:51:48 -0000 Reviewer: Barry Leiba Review result: Has Issues The "issues" I call out below are minor, and if the working group thinks they aren't worth dealing with, I'll not be offended nor lose any sleep. — Section 1 — I’m sure that all these terms are defined in the normative references, and ’tis a small thing, but it would sure help a non-expert reader if this list of terms included, for each term, a citation to the RFC that defines it. I hope you’ll consider adding that; thanks. [Follow-up; I finally found “Tenant System” defined in RFC 7365, which is not in your references at all. Please don’t make your readers work that hard, and please consider beefing up the references and citations to definitions.] — Section 2.1 — If the term Tenant System (TS) is used to designate a physical or virtual system identified by MAC and maybe IP addresses, and connected to a BD by an Attachment Circuit, the following considerations apply: I find the wording “if the term Tenant System is used” to be odd. Are you really saying (maybe you are) that the application of the considerations depends on whether or not we *call* it a Tenant System? Or whether or not it *is* a Tenant System? From the definition I found for “Tenant System” I can see that maybe this can go either way. But if we’re talking about the latter, I’d use wording more like, “The following considerations apply to Tenant Systems (TS) that are physical or virtual systems identified by MAC and maybe IP addresses and connected to BDs by Attachment Circuits:” (cast as plural, because the considerations use plurals). 
— Section 3.1 — I initially couldn’t figure out, as I was reading this, how you’d know whether you’re dealing with v4 or v6 addresses, and, therefore, how to interpret the lengths of the IP Prefix and GW IP Address fields. I finally got to it seven bullets down, where you say, “The total route length will indicate the type of prefix”. Maybe someone already expert in this would find this OK, but to me it was too much work to sort it out, when I think it could be made clearer like this: NEW An IP Prefix Route Type for IPv4 has the Length field set to 34 and consists of the following fields: +---------------------------------------+ | RD (8 octets) | +---------------------------------------+ |Ethernet Segment Identifier (10 octets)| +---------------------------------------+ | Ethernet Tag ID (4 octets) | +---------------------------------------+ | IP Prefix Length (1 octet, 0 to 32) | +---------------------------------------+ | IP Prefix (4 octets) | +---------------------------------------+ | GW IP Address (4 octets) | +---------------------------------------+ | MPLS Label (3 octets) | +---------------------------------------+ An IP Prefix Route Type for IPv6 has the Length field set to 58 and consists of the following fields: +---------------------------------------+ | RD (8 octets) | +---------------------------------------+ |Ethernet Segment Identifier (10 octets)| +---------------------------------------+ | Ethernet Tag ID (4 octets) | +---------------------------------------+ | IP Prefix Length (1 octet, 0 to 128) | +---------------------------------------+ | IP Prefix (16 octets) | +---------------------------------------+ | GW IP Address (16 octets) | +---------------------------------------+ | MPLS Label (3 octets) | +---------------------------------------+ The total route length will indicate the type of IP Prefix (34 for IPv4 or 58 for IPv6) and the type of GW IP Address. The IP Prefix and GW IP Address are always both IPv4 or both IPv6; mixing the two is not allowed. […and then follow with the explanations of the fields…] END Do you agree that that makes things clearer? — Section 3.2 — o If either the ESI or GW IP are non-zero, then one of them is the Overlay Index, regardless of whether the Router's MAC Extended Community is present or the value of the Label. Should that say “then the non-zero one is the Overlay Index”? From nobody Fri May 4 08:49:46 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33F5712D7EC; Fri, 4 May 2018 08:49:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=SI0chm2A; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=nRa4iGtA Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jPcteMsO2CN; Fri, 4 May 2018 08:49:29 -0700 (PDT) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90ECF127136; Fri, 4 May 2018 08:49:26 -0700 (PDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id E3063217B2; Fri, 4 May 2018 11:49:25 -0400 (EDT) Received: from web5 ([10.202.2.215]) by compute7.internal (MEProxy); Fri, 04 May 2018 11:49:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=q/72lhqG6r8khFZs5WiVuNsJG8+zC cMKVFe/CqG+X/c=; b=SI0chm2AUM/H3bbFJaYmAJTf/gARKsulk3ssNHGsVJgCX c/CUFopC7ew+VuvZ9UT/7wY+bsqzy8b3GLDa6oB0GTUlyd4PwFk2gmwrwxCtzORs vpWGlCH4cj0XqTd5+GGu0nqD1ewS87K7p31VzqFPncL67AKVVqHhmzcFsU6906jx eVtgwlLxavYdInW7mtEEg9MJqXua6bl7o5S3a30D1YraXfsHSfI6HgQ78Shr+vHE 9xSk5MCHP4hjH7JNXSC0yz4z7cr1c6cwHgx45Ygczkg9/KxngOHs9XPyvIHrOuCu aEO94unzd2BZm22kWqfy5jMb5V9Pp45SBQ6DkbQ2w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=q/72lh qG6r8khFZs5WiVuNsJG8+zCcMKVFe/CqG+X/c=; b=nRa4iGtA63/vEaOUHRY08l pWcFgS6roBq2mER04/Hnfljsbl9kDDX1Bo4yu6K3G9W7/XH22Y+YQy0oSenyKXeD vAHjQFwYG2x/XYxg8EWPNTfNmLBotlSFtR6EQFmbAZ4clOtwDZweCQ0sDmw5Rwmb JmXzVsL70FqeGxC6sEMw/mhmiUD8C29gVgvHAYxpoJmYBigo82VUJSAfBg9mLe4M AGlVF9I462QsJBZdssekMSt0GxrmIPpMMuvQVrh5CRrlsRC3TPanezFcEREiddXi I3dLbeC+coaL9lapHU9UuOsqycHcCFc4GSByuhgm87izwQc3xEHi4mwwMmpio65A == X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id BB68D9E0F7; Fri, 4 May 2018 11:49:25 -0400 (EDT) Message-Id: <1525448965.3201091.1361023856.2CDEF98E@webmail.messagingengine.com> From: Alexey Melnikov To: Yaron Sheffer , secdir@ietf.org Cc: extra@ietf.org, ietf@ietf.org, draft-ietf-extra-imap-list-myrights.all@ietf.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-62b61488 References: <152541556631.11734.11664621461529219097@ietfa.amsl.com> In-Reply-To: <152541556631.11734.11664621461529219097@ietfa.amsl.com> Date: Fri, 04 May 2018 16:49:25 +0100 Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-extra-imap-list-myrights-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 May 2018 15:49:31 -0000 Hi Yaron, On Fri, May 4, 2018, at 7:32 AM, Yaron Sheffer wrote: > Reviewer: Yaron Sheffer > Review result: Has Nits > > The document defines a simple extension to the IMAP LIST command. > > - LSUB is mentioned in the Introduction, but then never mentioned again. Is the > extension applicable to it? No, LSUB is a non extensible version, which was replaced by extended LIST. > - The document does not formally define the syntax of the MYRIGHTS response. > Presumably it is exactly as in RFC 4314. Correct. > - The document should refer to the security considerations of RFC 4314. > Specifically, does the first paragraph of those security considerations also > apply here? Good point, it does. Best Regards, Alexey From nobody Sat May 5 19:52:37 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A3AC127337; Sat, 5 May 2018 19:52:23 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Kyle Rose To: Cc: extra@ietf.org, draft-ietf-extra-imap-status-size.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.79.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152557514304.26644.17260351667976658025@ietfa.amsl.com> Date: Sat, 05 May 2018 19:52:23 -0700 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-extra-imap-status-size-01 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 May 2018 02:52:23 -0000 Reviewer: Kyle Rose Review result: Ready There are no non-trivial security implications of this protocol change. From nobody Sun May 6 21:14:18 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4621912704A for ; Sun, 6 May 2018 21:14:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0bcEllTJteQn for ; Sun, 6 May 2018 21:14:09 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC4D31270A7 for ; Sun, 6 May 2018 21:14:09 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 7AE70300A26 for ; Mon, 7 May 2018 00:14:07 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id eCl_0dkVdlaA for ; Mon, 7 May 2018 00:14:06 -0400 (EDT) Received: from [172.20.1.136] (h39.7.140.40.ip.windstream.net [40.140.7.39]) by mail.smeinc.net (Postfix) with ESMTPSA id 47A27300435; Mon, 7 May 2018 00:14:05 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) From: Russ Housley In-Reply-To: <152424742315.3484.7625515486296411114@ietfa.amsl.com> Date: Mon, 7 May 2018 00:14:10 -0400 Cc: draft-ietf-secevent-token.all@ietf.org, IETF , id-event@ietf.org Content-Transfer-Encoding: 7bit Message-Id: <607C4253-4F88-4BD2-9AAC-37D52BEB7DC0@vigilsec.com> References: <152424742315.3484.7625515486296411114@ietfa.amsl.com> To: IETF SecDir X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-secevent-token-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 May 2018 04:14:12 -0000 The updated draft (-10) resolves my concern. Thanks, Russ > On Apr 20, 2018, at 2:03 PM, Russ Housley wrote: > > Reviewer: Russ Housley > Review result: Has Issues > > I reviewed this document as part of the Security Directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the Security Area > Directors. Document authors, document editors, and WG chairs should > treat these comments just like any other IETF Last Call comments. > > Document: draft-ietf-secevent-token-09 > Reviewer: Russ Housley > Review Date: 2018-04-20 > IETF LC End Date: unknown > IESG Telechat date: 2018-05-10 > > Summary: Has Issues > > Major Concerns > > I do not understand the first paragraph of Section 3. I made this > comment on version -07, and some words were added, but I still do > not understand this paragraph. I think you are trying to impose some > rules on future specifications that use SET to define events. Let me > ask a couple of questions that may help. I understand that a > profiling specification MUST specify the syntax and semantics for a > collection of security event tokens, including the claims and payloads > that are expected. What MUST a profiling specification include? What > MUST a profiling specification NOT include? From nobody Sun May 6 23:48:19 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19A061270B4; Sun, 6 May 2018 23:48:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjWiZxTc2gZy; Sun, 6 May 2018 23:48:16 -0700 (PDT) Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E30F126D0C; Sun, 6 May 2018 23:48:16 -0700 (PDT) Received: by mail-it0-x22b.google.com with SMTP id c5-v6so10219849itj.1; Sun, 06 May 2018 23:48:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=QEJiHxzQ4vsnIgkYFKk94b0Z1AfoxAbm70aiQ06Jxuw=; b=DCtBmV2iRbLPaEMSKpFETgppn6FSG8aReMsD2+GED/HtdJAhnYkbaNK6/3MFbKdMIB PgMhucQyR+2kUqkCotqiDbZ5RVwd8ipF+P1WJNabjTV+75x1FybVhQ7ViaeK/Afd/1Q8 C1IBzOVk07WS5FBWVqqt5o2K257Am40UemT2jFwHka6IGhBxNLvL9AM/ioX8nT4mV9xC vAkNt6eRALbTBcJWcFMDhXqh6zKY4gSegz01HttIs1M7+DR7y46ToD+8KhoWwgUO6cdj 1FvJfBi/XqWcHtK6KEXhafv2vnlULeshynCXcDzC2j5PXez8C+f0SwyojDgGUez1WhUr 8vBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=QEJiHxzQ4vsnIgkYFKk94b0Z1AfoxAbm70aiQ06Jxuw=; b=gBrmbRSvBJRHMypnBAse8TCRBqXD06u0DOkVzLm9gH3K1KPL1rwcZbxV24BbfaVW/4 z+EdZkgP6BJQnVN7Z1i2767pJDJnRcLuRIyOT5a7/c96o9lMq7opVVoVuNA5b4gpcs45 jHgiL36NQxE4LLasZ3rwqSI3SYL9KTHMCkVkxkLIJykfFXKzqXsn+od/M82Vc1dziOtD lkRiI8zJQHb6eCltuaNgR2lZUObCcbEhRkQS89JtmofG3VZvek0GcQ/RtqF2Qan4paqZ 20lSCG9EQclKt04fr/4e3KbE4UOROr5PLfZn2kZL7lHExthNoR6gypLu9fuJPEiT4fbB 5taQ== X-Gm-Message-State: ALQs6tDlhO1kqWZ3gDvqCzMK56XkCV06mbeVip1JK/Lj/MFRJuu2ldTs lqxIaHKTYlZ+y0YMoHJ97SNl/FJAlhCEfnG4QWYFgA== X-Google-Smtp-Source: AB8JxZo2Sz7k/On+R7WDjxT8Xn3FqgNxUCxvGOkduQdbcEBUPDIO4X5BXDMNVzQpQ8e5mxSQ2blA9sTx1Me4TtunRwk= X-Received: by 2002:a24:ed0f:: with SMTP id r15-v6mr22001907ith.86.1525675695788; Sun, 06 May 2018 23:48:15 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:2a02:0:0:0:0:0 with HTTP; Sun, 6 May 2018 23:48:15 -0700 (PDT) From: Radia Perlman Date: Sun, 6 May 2018 23:48:15 -0700 Message-ID: To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org, The IESG , secdir@ietf.org Content-Type: multipart/alternative; boundary="000000000000e3d7e5056b980d67" Archived-At: Subject: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 May 2018 06:48:18 -0000 --000000000000e3d7e5056b980d67 Content-Type: text/plain; charset="UTF-8" Summary: No security issues found, but I do have questions, and there are editing glitches I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the management interface for microwave radio links. It advocates (correctly, I believe) that such an interface should be extensible to provide for vendor-specific features. I don't understand the difference between a "a traditional network management system" and SDN. Perhaps it is not the job of this document to clearly make the distinction, and I suspect there is no real distinction...setting parameters (traditional network management) is a way of "programming" an interface ("SDN"). This document could use an editing pass for glitches, but these glitches do not impact its readability. The glitches consist mostly of leaving out little words like "of" in the following sentence. "The adoption of an SDN framework for management and control the microwave interface is one of the key applications for this work." The security considerations say that they assume a secure transport layer (authenticated, probably encryption isn't necessary) for communication. Other than that, perhaps, there might be security considerations for inadvertently setting parameters incorrectly, or maliciously by a trusted administrator. But this document does not specify the specific parameters to be managed, just a general framework. Radia --000000000000e3d7e5056b980d67 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Summary:=C2=A0 No security issues= found, but I do have questions, and there are editing glitches
=
I have reviewed this document as part of the= security directorate's ongoing
effort to=C2=A0review=C2=A0all IETF documents being processed by the IESG.=C2= =A0 These
comments were written primarily for the benefit of t= he security area
directors.=C2=A0 Document editors and WG cha= irs should treat these comments just
like any other last call = comments.=C2=A0

This document describes the= management interface for microwave radio links.
It advocates (co= rrectly, I believe) that such an interface should be extensible to provide = for vendor-specific features.

I don't understa= nd the difference between a "a traditional network management system&q= uot; and SDN.=C2=A0 Perhaps it is not the job of this document to clearly m= ake the distinction, and I suspect there is no real distinction...setting p= arameters (traditional network management) is a way of "programming&qu= ot; an interface ("SDN").=C2=A0

This= document could use an editing pass for glitches, but these glitches do not= impact its readability.

The glitches consist=C2= =A0 mostly of leaving out little words like "of" in the following= sentence.
"The adoption of an SDN framework for management = and
=C2=A0 =C2=A0control the microwave interface is one of the ke= y applications for
=C2=A0 =C2=A0this work."

The security considerations say that they assume a secure transpor= t layer (authenticated, probably encryption isn't necessary) for commun= ication.=C2=A0 Other than that, perhaps, there might be security considerat= ions for inadvertently setting parameters incorrectly, or maliciously by a = trusted administrator.=C2=A0 But this document does not specify the specifi= c parameters to be managed, just a general framework.

<= div>Radia

--000000000000e3d7e5056b980d67-- From nobody Sun May 6 23:54:43 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FECD1270B4; Sun, 6 May 2018 23:54:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z7TIf-p9OtMU; Sun, 6 May 2018 23:54:39 -0700 (PDT) Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28871126D0C; Sun, 6 May 2018 23:54:39 -0700 (PDT) Received: by mail-io0-x22b.google.com with SMTP id p124-v6so32424893iod.1; Sun, 06 May 2018 23:54:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=1f/76lrkPpKVR9zok7lFoIuD0hETb4j55Mzg+gQOmyU=; b=KNjSQKD1dXmj6Fxz+Gc48QJSBnNzq7F4PWEEHZqK338SaPd31BsUDvGTk+Kk2XrAJB CR0kwOQnO9913QDhrcLrJS7oEcVmDZlDJ8hopAoXQFJ5moDX7H4cR5UV4KkF+63C53sn UTaph31U60nND0H8BbR/+6+tn6e0Q4znE9I7HWTRxGVxfP7syg0oP7kbmYDuzR/wJNWG BCwtekfoefayspMSUBMKYXuDMocfHx1TjoJzq3B6QH72vtJDH+49w7YB+Z2CbWxiz3qg Gy4vjx73AszpXOvlQ2fKP81otxmNPe7uBePOdIf+K78H6FHY0aYbZ/VcK212M02vaGs4 9N4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=1f/76lrkPpKVR9zok7lFoIuD0hETb4j55Mzg+gQOmyU=; b=eNh1xgOwKV9q6MWMyhyZ8cMFEsO/mRa9Nu0Z0YD1nPqN2srV7Mt6KagkvXr+QrF1AL CKVzZPWRGuGz7hFXyiXnkWlmguneJPTO0zPk9iQoimj4TfkC4U5vWLgtiyC0iikf/slT 0I+O/ZCm4gqJZD2OyIvr3U8dW0NyqdhKtxKEWBCOEwkYJdP89yzFpIgR4/Q7zMrgyV9z m+Hobacr6ClLwgSFegFDhuHnBEaFvArkjnONLP1vfNOqkz2OOr1VqwXMISVlFlOl2XTP NhMiZoGWRzFKaiQrd3VltW9aeJbHWhflm0hf+3Wxsu9snUXhUVjhvJHchkgvxOzD43Ke OuEw== X-Gm-Message-State: ALQs6tD3fYjgFovqkgeNavdtMzOAHtKEhR4tZUbv8aMwDyjUUqSG3ljz SHhQnbhKkkF6Rhc3Hhp4BK30rVsrgw5OP/tJSWY= X-Google-Smtp-Source: AB8JxZq4ZJ7duSdQvpy+g9/kmpZsNlB89KxkgZ2jIuMO4RM+cBq+7SWsByKa1P9uukE65iFH5qMpswaQybcp70N4xmk= X-Received: by 2002:a6b:6113:: with SMTP id v19-v6mr37870114iob.11.1525676078524; Sun, 06 May 2018 23:54:38 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:2a02:0:0:0:0:0 with HTTP; Sun, 6 May 2018 23:54:38 -0700 (PDT) From: Radia Perlman Date: Sun, 6 May 2018 23:54:38 -0700 Message-ID: To: draft-ietf-ccamp-microwave-framework.all@tools.ietf.org, The IESG , secdir@ietf.org Content-Type: multipart/alternative; boundary="000000000000b3ecc6056b98242e" Archived-At: Subject: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 May 2018 06:54:41 -0000 --000000000000b3ecc6056b98242e Content-Type: text/plain; charset="UTF-8" Sorry...resending because I mistyped the author address. ---------- Forwarded message ---------- From: Radia Perlman Date: Sun, May 6, 2018 at 11:48 PM Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05 To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org, The IESG < iesg@ietf.org>, secdir@ietf.org Summary: No security issues found, but I do have questions, and there are editing glitches I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the management interface for microwave radio links. It advocates (correctly, I believe) that such an interface should be extensible to provide for vendor-specific features. I don't understand the difference between a "a traditional network management system" and SDN. Perhaps it is not the job of this document to clearly make the distinction, and I suspect there is no real distinction...setting parameters (traditional network management) is a way of "programming" an interface ("SDN"). This document could use an editing pass for glitches, but these glitches do not impact its readability. The glitches consist mostly of leaving out little words like "of" in the following sentence. "The adoption of an SDN framework for management and control the microwave interface is one of the key applications for this work." The security considerations say that they assume a secure transport layer (authenticated, probably encryption isn't necessary) for communication. Other than that, perhaps, there might be security considerations for inadvertently setting parameters incorrectly, or maliciously by a trusted administrator. But this document does not specify the specific parameters to be managed, just a general framework. Radia --000000000000b3ecc6056b98242e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Sorry...resending because I mistyped the author address.

---------- Forwarded messa= ge ----------
From: Radia Perlman <radiaperlman@gm= ail.com>
Date: Sun, May 6, 2018 at 11:48 PM
Subject: Se= cdir review of draft-ietf-ccamp-microwave-framework-05
To: draft-ietf= -ccamp-microwave-framework-05.all@tools.ietf.org, The IESG <iesg@ietf.org>, secdir@ietf.org


Summary:=C2=A0 No security issues= found, but I do have questions, and there are editing glitches
=
I have reviewed this document as part of the= security directorate's ongoing
effort to=C2=A0review=C2=A0all IETF documents being proces= sed by the IESG.=C2=A0 These
= comments were written primarily f= or the benefit of the security area
directors.=C2=A0 Document = editors and WG chairs should treat these comments just
like an= y other last call comments.=C2=A0

This docu= ment describes the management interface for microwave radio links.
It advocates (correctly, I believe) that such an interface should be exte= nsible to provide for vendor-specific features.

I = don't understand the difference between a "a traditional network m= anagement system" and SDN.=C2=A0 Perhaps it is not the job of this doc= ument to clearly make the distinction, and I suspect there is no real disti= nction...setting parameters (traditional network management) is a way of &q= uot;programming" an interface ("SDN").=C2=A0
<= br>
This document could use an editing pass for glitches, but the= se glitches do not impact its readability.

The gli= tches consist=C2=A0 mostly of leaving out little words like "of" = in the following sentence.
"The adoption of an SDN framework= for management and
=C2=A0 =C2=A0control the microwave interface = is one of the key applications for
=C2=A0 =C2=A0this work."<= /div>

The security considerations say that they assume a= secure transport layer (authenticated, probably encryption isn't neces= sary) for communication.=C2=A0 Other than that, perhaps, there might be sec= urity considerations for inadvertently setting parameters incorrectly, or m= aliciously by a trusted administrator.=C2=A0 But this document does not spe= cify the specific parameters to be managed, just a general framework.
=

Radia


--000000000000b3ecc6056b98242e-- From nobody Mon May 7 02:46:13 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FBD2124205 for ; Mon, 7 May 2018 02:46:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.31 X-Spam-Level: X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=Ea0kptlr; dkim=pass (1024-bit key) header.d=ericsson.com header.b=CefXo+UK Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v6dreBrKYGon for ; Mon, 7 May 2018 02:46:03 -0700 (PDT) Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1593F12D880 for ; Mon, 7 May 2018 02:46:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1525686360; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=UYTxMdh6Pv2Jt8wv0ssVXZCvfUNgYEyKZSj/G5jWMgA=; b=Ea0kptlr4rFgckVYeWeyKG6GddnlqEy3XtyvpUQqTMuvWt4Erp0OsCDZvRF0dW5r FFzD+G/tUD5BQNBNgKtjqy51+0zz1/SAk6MV1bXKTr7r6vYYnRgpUPze0HpZub6/ bALRypInNAkBlXXsns04xCeWU0eBPUNaiqcObCuVDuE=; X-AuditID: c1b4fb3a-d35ff7000000729c-9d-5af020583ccc Received: from ESESSHC003.ericsson.se (Unknown_Domain [153.88.183.27]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 0B.E9.29340.85020FA5; Mon, 7 May 2018 11:46:00 +0200 (CEST) Received: from ESESSMR505.ericsson.se (153.88.183.127) by ESESSHC003.ericsson.se (153.88.183.27) with Microsoft SMTP Server (TLS) id 14.3.382.0; Mon, 7 May 2018 11:46:00 +0200 Received: from ESESBMB503.ericsson.se (153.88.183.170) by ESESSMR505.ericsson.se (153.88.183.127) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 7 May 2018 11:45:59 +0200 Received: from EUR01-HE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB503.ericsson.se (153.88.183.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Mon, 7 May 2018 11:45:59 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UYTxMdh6Pv2Jt8wv0ssVXZCvfUNgYEyKZSj/G5jWMgA=; b=CefXo+UK4s5qvCUQXXwY7IFvEQwpFfcN0gzlm+qrGR3lz72uve6eOE0D2GUgjS9uHVnTlB40YI84qV1ZuCkNOwymYP+trssnSJsyZMcBcBV6tDruz1lKDvl/feuF28foC45gH5x0/ViF9pWY+sL0hYpnkcp4zwQiokynv6r2UG8= Received: from VI1PR07MB3167.eurprd07.prod.outlook.com (10.175.243.17) by VI1PR07MB1325.eurprd07.prod.outlook.com (10.164.92.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.755.15; Mon, 7 May 2018 09:45:58 +0000 Received: from VI1PR07MB3167.eurprd07.prod.outlook.com ([fe80::bd7a:2162:cf36:4392]) by VI1PR07MB3167.eurprd07.prod.outlook.com ([fe80::bd7a:2162:cf36:4392%2]) with mapi id 15.20.0755.012; Mon, 7 May 2018 09:45:58 +0000 From: Daniele Ceccarelli To: Radia Perlman , "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" , The IESG , "secdir@ietf.org" Thread-Topic: Secdir review of draft-ietf-ccamp-microwave-framework-05 Thread-Index: AQHT5dBaSTmpqFmYGkCuUotKdlSMFqQkArvw Date: Mon, 7 May 2018 09:45:58 +0000 Message-ID: References: In-Reply-To: Accept-Language: it-IT, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [93.38.67.165] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; VI1PR07MB1325; 7:CEhdfY+e1vS6vr4XSWt6mkYr4OMpBe1Yrsjt99SU5IEuIdzJClvzOB92gep8UndXzAyjNJoDc8qQOhyvh2lrD1eXX/+AN+YJhyBYZN5ItVwJnEILAk+DoeIVWrofcknSdtvKe+nVhhqSu+Q6pUTMJS3Dn41QaeDw8ZrbjMb41AvsC0DzZ/9VG7UmiuZbeilezgGWz6cE0+S8E6qbGxq2/rjiVFdtJt4cJa5JrzBQr7HKcEY8uJFmRiCGTfPRS7GE x-ms-exchange-antispam-srfa-diagnostics: SOS; x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:VI1PR07MB1325; x-ms-traffictypediagnostic: VI1PR07MB1325: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(278428928389397)(192374486261705)(85827821059158)(21748063052155); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(3231254)(944501410)(52105095)(10201501046)(149027)(150027)(6041310)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(6072148)(201708071742011); SRVR:VI1PR07MB1325; BCL:0; PCL:0; RULEID:; SRVR:VI1PR07MB1325; x-forefront-prvs: 066517B35B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(396003)(346002)(366004)(39380400002)(376002)(22974007)(189003)(199004)(3846002)(790700001)(6116002)(5250100002)(26005)(33656002)(229853002)(6346003)(5660300001)(3280700002)(2906002)(54896002)(44832011)(110136005)(316002)(66066001)(3660700001)(53936002)(25786009)(186003)(55016002)(97736004)(2501003)(6506007)(102836004)(53546011)(6246003)(6436002)(478600001)(2900100001)(8936002)(86362001)(99286004)(59450400001)(7736002)(106356001)(68736007)(81166006)(8676002)(5070765005)(81156014)(39060400002)(476003)(236005)(9686003)(486006)(6306002)(105586002)(14454004)(76176011)(446003)(74316002)(11346002)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB1325; H:VI1PR07MB3167.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=daniele.ceccarelli@ericsson.com; x-microsoft-antispam-message-info: pN08iaOT5TKVVbX+5PEeuCcmSMktQ5n19VSVA9VQ6VxWgqyX0JDaOfwkl0gBy+7K5xMHlyaLnw4orzqEYPYJ6jf2I09OcfTSRv3u6fA/r0mYAcnX5R70G7fTHAFsCTeHy1PT99animYid9Lx6VB8dwigAQCoc16hggSbToXyk5tM1uH24juWzd4l27ls6/rl spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_VI1PR07MB3167FAE7BD03E6751047B60DF09B0VI1PR07MB3167eurp_" MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 52a91ecd-6ad6-48a0-463d-08d5b3ff5639 X-MS-Exchange-CrossTenant-Network-Message-Id: 52a91ecd-6ad6-48a0-463d-08d5b3ff5639 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 May 2018 09:45:58.5738 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB1325 X-OriginatorOrg: ericsson.com X-Brightmail-Tracker: H4sIAAAAAAAAA02SfUhTURjGOffebdfR6rgmvmqKrQ9LmpoYDQnJorIo0iiQUdjI6wfOabtm aZEmSPmVLjV0Wn6LTSlMrUwjXJO0QsGwUrC0zUpSmx9hYmhud4H//Z73PO/znvdwaFLcznOl Y9VJjEatVEn5Qqo0/KmbLNzTovBrzvWQf5zaLi/5qyXlreVTPLmlaozaT4W060YEIbW1i0TI /Ps5fiipEO6LZFSxyYzGN+i8MObPZBZKnM5AVybKKsl01JSWjRxowAFQd6dAkI2EtBgbEXSa h0lOtCDQVY3zOfEbweeXIzxO1BCQV9NOWAWFZwl4981oD9ASMFRYY+8ZQ9A007SaRtN8HAhm w3FrXYLNCEZuDyHr+I34ELwZbBBYWYIPw882E+LYH4yGfr6VKbwVGvSNpJVF+CxMZ/bZ/GIc Cm9bcgkrO+AwKGvttnkQdoeCjmpbDomdYdhcQXCrYqjt7Cc5doIJ0zKPY09oG3hNcewOAxU5 iONWAvJn7H4ZWIqLbS8D+AmCkslee6g3ZNytswfFwYvMecK6MOBrkPXKnuMB+rwxiuttI6HP qLf3boKyolFUgPx0a+7KcQL0LE/zdbadHaG31EzpVmNJvBMePfflLJuhKGdMwPEOyCy/J1hb r0QCPXJiGZaNj/b392E0sRdYNkHto2aSHqPVD9XVuhT4DHV9DzYgTCPpOlGPh0Uh5imT2ZR4 AwKalEpEG7p/KcSiSGVKKqNJiNBcUjGsAbnRlNRZdCBKrhDjaGUSE8cwiYzm/ylBO7imI7nX rW2mYys+2nppauN8aQ58CIqIEkq+NJ0LXuicW7zvK5s4HeCimFRdpKevCtRtzc1njmQUeu1K 01afqs9vvuEkCwkzlqhM12U3oXRp1CU0O/PEg6MLW/Ra3kPvg6a99OWGWd2gS0eFt+XrStbJ H44dktH1MyPBzOA4I4n8tEdKsTHK3d6khlX+A9uPJ5pMAwAA Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 May 2018 09:46:07 -0000 --_000_VI1PR07MB3167FAE7BD03E6751047B60DF09B0VI1PR07MB3167eurp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgUmFkaWEsDQoNCmxldCBtZSByZXBseSBvbiBiZWhhbGYgb2YgdGhlIGF1dGhvcnMuIEZpcnN0 IG9mIGFsbCBtYW55IHRoYW5rcyBmb3IgeW91ciByZXZpZXcuDQoNClJlZ2FyZGluZyB5b3VyIHF1 ZXN0aW9uIGFib3V0IHRyYWRpdGlvbmFsIE5NUyB2cyBTRE4gSSBhZ3JlZSB3aXRoIHlvdSBvbiB0 aGUgZmFjdCB0aGF0IHRoZXkgYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBjb21tb24gY29tcG9uZW50 IGFuZCB0aGUgZGlzdGluY3Rpb24gaXMgcXVpdGUgYmx1cnJ5LCBidXQgdGhlcmUgaXMgc3RpbGwg cGxlbnR5IG9mIG5ldHdvcmtzIHdoZXJlIE5NUyBpcyBzdGlsbCBjb25zaWRlcmVkIGFzIHRoZSBp bXBsZW1lbnRhdGlvbiBvZiB0aGUgbWFuYWdlbWVudCBwbGFuZSB3aGlsZSBTRE4gdGhlIGNlbnRy YWxpemF0aW9uIG9mIHRoZSBjb250cm9sIHBsYW5lIGFuZCB0aGV5IGFyZSBzdGlsbCBrZXB0IGFz IHNlcGFyYXRlIHRoaW5ncy4NCg0KSGVuY2UsIHNpbmNlIHRoZSBhdXRob3JzIHNwZWFrIGFib3V0 IOKAnHRyYWRpdGlvbmFs4oCdIE5NUyBhbmQgU0ROIEkgd291bGQgdGVuZCB0byBhbGxvdyBmb3Ig dGhlIGRpc3RpbmN0aW9uIHRvIGJlIGtlcHQuIElmIHlvdSBwcmVmZXIgYSBub3RlIHNwZWFraW5n IGFib3V0IHRoZSBjb252ZXJnZW5jZSBvZiB0aGUgdHdvIHRoaW5ncyBjYW4gYmUgYWRkZWQuDQoN ClRoYW5rcyBhIGxvdA0KRGFuaWVsZSAgKGNjYW1wIGNvLWNoYWlyKQ0KDQpGcm9tOiBSYWRpYSBQ ZXJsbWFuIFttYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbV0NClNlbnQ6IGx1bmVkw6wgNyBt YWdnaW8gMjAxOCAwODo1NQ0KVG86IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29y ay5hbGxAdG9vbHMuaWV0Zi5vcmc7IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPjsgc2VjZGlyQGll dGYub3JnDQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93 YXZlLWZyYW1ld29yay0wNQ0KDQpTb3JyeS4uLnJlc2VuZGluZyBiZWNhdXNlIEkgbWlzdHlwZWQg dGhlIGF1dGhvciBhZGRyZXNzLg0KDQoNCi0tLS0tLS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0t LS0tLS0tLQ0KRnJvbTogUmFkaWEgUGVybG1hbiA8cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTxtYWls dG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbT4+DQpEYXRlOiBTdW4sIE1heSA2LCAyMDE4IGF0IDEx OjQ4IFBNDQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93 YXZlLWZyYW1ld29yay0wNQ0KVG86IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29y ay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZl LWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc+LCBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9y ZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+LCBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBp ZXRmLm9yZz4NCg0KU3VtbWFyeTogIE5vIHNlY3VyaXR5IGlzc3VlcyBmb3VuZCwgYnV0IEkgZG8g aGF2ZSBxdWVzdGlvbnMsIGFuZCB0aGVyZSBhcmUgZWRpdGluZyBnbGl0Y2hlcw0KDQpJIGhhdmUg cmV2aWV3ZWQgdGhpcyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0 ZSdzIG9uZ29pbmcNCmVmZm9ydCB0byByZXZpZXcgYWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHBy b2Nlc3NlZCBieSB0aGUgSUVTRy4gIFRoZXNlDQpjb21tZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFy aWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJlYQ0KZGlyZWN0b3JzLiAgRG9j dW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCB0aGVzZSBjb21tZW50cyBq dXN0DQpsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwgY29tbWVudHMuDQoNClRoaXMgZG9jdW1lbnQg ZGVzY3JpYmVzIHRoZSBtYW5hZ2VtZW50IGludGVyZmFjZSBmb3IgbWljcm93YXZlIHJhZGlvIGxp bmtzLg0KSXQgYWR2b2NhdGVzIChjb3JyZWN0bHksIEkgYmVsaWV2ZSkgdGhhdCBzdWNoIGFuIGlu dGVyZmFjZSBzaG91bGQgYmUgZXh0ZW5zaWJsZSB0byBwcm92aWRlIGZvciB2ZW5kb3Itc3BlY2lm aWMgZmVhdHVyZXMuDQoNCkkgZG9uJ3QgdW5kZXJzdGFuZCB0aGUgZGlmZmVyZW5jZSBiZXR3ZWVu IGEgImEgdHJhZGl0aW9uYWwgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSIgYW5kIFNETi4gIFBl cmhhcHMgaXQgaXMgbm90IHRoZSBqb2Igb2YgdGhpcyBkb2N1bWVudCB0byBjbGVhcmx5IG1ha2Ug dGhlIGRpc3RpbmN0aW9uLCBhbmQgSSBzdXNwZWN0IHRoZXJlIGlzIG5vIHJlYWwgZGlzdGluY3Rp b24uLi5zZXR0aW5nIHBhcmFtZXRlcnMgKHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCkg aXMgYSB3YXkgb2YgInByb2dyYW1taW5nIiBhbiBpbnRlcmZhY2UgKCJTRE4iKS4NCg0KVGhpcyBk b2N1bWVudCBjb3VsZCB1c2UgYW4gZWRpdGluZyBwYXNzIGZvciBnbGl0Y2hlcywgYnV0IHRoZXNl IGdsaXRjaGVzIGRvIG5vdCBpbXBhY3QgaXRzIHJlYWRhYmlsaXR5Lg0KDQpUaGUgZ2xpdGNoZXMg Y29uc2lzdCAgbW9zdGx5IG9mIGxlYXZpbmcgb3V0IGxpdHRsZSB3b3JkcyBsaWtlICJvZiIgaW4g dGhlIGZvbGxvd2luZyBzZW50ZW5jZS4NCiJUaGUgYWRvcHRpb24gb2YgYW4gU0ROIGZyYW1ld29y ayBmb3IgbWFuYWdlbWVudCBhbmQNCiAgIGNvbnRyb2wgdGhlIG1pY3Jvd2F2ZSBpbnRlcmZhY2Ug aXMgb25lIG9mIHRoZSBrZXkgYXBwbGljYXRpb25zIGZvcg0KICAgdGhpcyB3b3JrLiINCg0KVGhl IHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHNheSB0aGF0IHRoZXkgYXNzdW1lIGEgc2VjdXJlIHRy YW5zcG9ydCBsYXllciAoYXV0aGVudGljYXRlZCwgcHJvYmFibHkgZW5jcnlwdGlvbiBpc24ndCBu ZWNlc3NhcnkpIGZvciBjb21tdW5pY2F0aW9uLiAgT3RoZXIgdGhhbiB0aGF0LCBwZXJoYXBzLCB0 aGVyZSBtaWdodCBiZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBmb3IgaW5hZHZlcnRlbnRseSBz ZXR0aW5nIHBhcmFtZXRlcnMgaW5jb3JyZWN0bHksIG9yIG1hbGljaW91c2x5IGJ5IGEgdHJ1c3Rl ZCBhZG1pbmlzdHJhdG9yLiAgQnV0IHRoaXMgZG9jdW1lbnQgZG9lcyBub3Qgc3BlY2lmeSB0aGUg c3BlY2lmaWMgcGFyYW1ldGVycyB0byBiZSBtYW5hZ2VkLCBqdXN0IGEgZ2VuZXJhbCBmcmFtZXdv cmsuDQoNClJhZGlhDQoNCg0K --_000_VI1PR07MB3167FAE7BD03E6751047B60DF09B0VI1PR07MB3167eurp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1z b0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJw bGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25v cm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGNtOw0KCW1zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBjbTsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4ubTQxMzEzNzY3MjgwMzExNjcz MDZnbWFpbC1tOTAyNjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1Nzc4MjUzNGdt YWlsLWlsDQoJe21zby1zdHlsZS1uYW1lOm1fNDEzMTM3NjcyODAzMTE2NzMwNmdtYWlsLW1fOTAy NjM2ODgwMzcxMzg2MzM0OWdtYWlsLW1fLTUwNTcwMTA5MTIxNTc3ODI1MzRnbWFpbC1pbDt9DQpz cGFuLmhvZW56Yg0KCXttc28tc3R5bGUtbmFtZTpob2VuemI7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjAN Cgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmki LHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28t c3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJp ZjsNCgltc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUzt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7 c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcwLjg1cHQgMi4wY20gMi4wY20gMi4wY207 fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0eWxlPjwh LS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3Bp ZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1s Pg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRh dGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8 Ym9keSBsYW5nPSJJVCIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJX b3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJl YXN0LWxhbmd1YWdlOkVOLVVTIj5IaSBSYWRpYSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMi PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IkVOLVVTIiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPmxldCBtZSBy ZXBseSBvbiBiZWhhbGYgb2YgdGhlIGF1dGhvcnMuIEZpcnN0IG9mIGFsbCBtYW55IHRoYW5rcyBm b3IgeW91ciByZXZpZXcuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+ PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g bGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+UmVnYXJkaW5n IHlvdXIgcXVlc3Rpb24gYWJvdXQgdHJhZGl0aW9uYWwgTk1TIHZzIFNETiBJIGFncmVlIHdpdGgg eW91IG9uIHRoZSBmYWN0IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbW1vbiBj b21wb25lbnQgYW5kIHRoZSBkaXN0aW5jdGlvbiBpcyBxdWl0ZSBibHVycnksIGJ1dCB0aGVyZSBp cw0KIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJl ZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUgd2hpbGUgU0RO IHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZSBhbmQgdGhleSBhcmUgc3Rp bGwga2VwdCBhcyBzZXBhcmF0ZSB0aGluZ3MuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5n dWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1V UyI+SGVuY2UsIHNpbmNlIHRoZSBhdXRob3JzIHNwZWFrIGFib3V0IOKAnHRyYWRpdGlvbmFs4oCd IE5NUyBhbmQgU0ROIEkgd291bGQgdGVuZCB0byBhbGxvdyBmb3IgdGhlIGRpc3RpbmN0aW9uIHRv IGJlIGtlcHQuIElmIHlvdSBwcmVmZXIgYSBub3RlIHNwZWFraW5nIGFib3V0IHRoZSBjb252ZXJn ZW5jZSBvZiB0aGUgdHdvIHRoaW5ncw0KIGNhbiBiZSBhZGRlZC48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1m YXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxh bmd1YWdlOkVOLVVTIj5UaGFua3MgYSBsb3Q8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1 YWdlOkVOLVVTIj5EYW5pZWxlJm5ic3A7IChjY2FtcCBjby1jaGFpcik8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1z by1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCBibHVlIDEuNXB0O3BhZGRp bmc6MGNtIDBjbSAwY20gNC4wcHQiPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2Jv cmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIj5Gcm9tOjwvc3Bhbj48 L2I+PHNwYW4gbGFuZz0iRU4tVVMiPiBSYWRpYSBQZXJsbWFuIFttYWlsdG86cmFkaWFwZXJsbWFu QGdtYWlsLmNvbV0NCjxicj4NCjxiPlNlbnQ6PC9iPiBsdW5lZMOsIDcgbWFnZ2lvIDIwMTggMDg6 NTU8YnI+DQo8Yj5Ubzo8L2I+IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5h bGxAdG9vbHMuaWV0Zi5vcmc7IFRoZSBJRVNHICZsdDtpZXNnQGlldGYub3JnJmd0Ozsgc2VjZGly QGlldGYub3JnPGJyPg0KPGI+U3ViamVjdDo8L2I+IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0 Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlNvcnJ5Li4ucmVzZW5kaW5nIGJlY2F1c2UgSSBt aXN0eXBlZCB0aGUgYXV0aG9yIGFkZHJlc3MuPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPi0tLS0tLS0tLS0gRm9yd2Fy ZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLTxicj4NCkZyb206IDxiPlJhZGlhIFBlcmxtYW48L2I+ICZs dDs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbSI+cmFkaWFwZXJsbWFuQGdt YWlsLmNvbTwvYT4mZ3Q7PGJyPg0KRGF0ZTogU3VuLCBNYXkgNiwgMjAxOCBhdCAxMTo0OCBQTTxi cj4NClN1YmplY3Q6IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUt ZnJhbWV3b3JrLTA1PGJyPg0KVG86IDxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1p Y3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xzLmlldGYub3JnIj5kcmFmdC1pZXRmLWNjYW1w LW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xzLmlldGYub3JnPC9hPiwgVGhlIElFU0cg Jmx0OzxhIGhyZWY9Im1haWx0bzppZXNnQGlldGYub3JnIj5pZXNnQGlldGYub3JnPC9hPiZndDss DQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJy Pg0KPGJyPg0KPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90Oyxz YW5zLXNlcmlmO2NvbG9yOiMyMjIyMjIiPlN1bW1hcnk6Jm5ic3A7IE5vIHNlY3VyaXR5IGlzc3Vl cyBmb3VuZCwgYnV0IEkgZG8gaGF2ZSBxdWVzdGlvbnMsIGFuZCB0aGVyZSBhcmUgZWRpdGluZyBn bGl0Y2hlczwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwm cXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj5JIGhhdmUgcmV2aWV3ZWQgdGhpcyBkb2N1 bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0ZSdzIG9uZ29pbmc8YnI+DQpl ZmZvcnQgdG8mbmJzcDs8c3BhbiBjbGFzcz0ibTQxMzEzNzY3MjgwMzExNjczMDZnbWFpbC1tOTAy NjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1Nzc4MjUzNGdtYWlsLWlsIj5yZXZp ZXc8L3NwYW4+Jm5ic3A7YWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHByb2Nlc3NlZCBieSB0aGUg SUVTRy4mbmJzcDsgVGhlc2U8YnI+DQpjb21tZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZv ciB0aGUgYmVuZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJlYTxicj4NCmRpcmVjdG9ycy4mbmJzcDsg RG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCB0aGVzZSBjb21tZW50 cyBqdXN0PGJyPg0KbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1lbnRzLjwvc3Bhbj4mbmJz cDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ VGhpcyBkb2N1bWVudCBkZXNjcmliZXMgdGhlIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGZvciBtaWNy b3dhdmUgcmFkaW8gbGlua3MuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj5JdCBhZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1 Y2ggYW4gaW50ZXJmYWNlIHNob3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRv ci1zcGVjaWZpYyBmZWF0dXJlcy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+SSBkb24ndCB1bmRlcnN0YW5kIHRoZSBkaWZmZXJlbmNlIGJldHdl ZW4gYSAmcXVvdDthIHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCBzeXN0ZW0mcXVvdDsg YW5kIFNETi4mbmJzcDsgUGVyaGFwcyBpdCBpcyBub3QgdGhlIGpvYiBvZiB0aGlzIGRvY3VtZW50 IHRvIGNsZWFybHkgbWFrZSB0aGUgZGlzdGluY3Rpb24sIGFuZCBJIHN1c3BlY3QgdGhlcmUgaXMg bm8gcmVhbCBkaXN0aW5jdGlvbi4uLnNldHRpbmcgcGFyYW1ldGVycw0KICh0cmFkaXRpb25hbCBu ZXR3b3JrIG1hbmFnZW1lbnQpIGlzIGEgd2F5IG9mICZxdW90O3Byb2dyYW1taW5nJnF1b3Q7IGFu IGludGVyZmFjZSAoJnF1b3Q7U0ROJnF1b3Q7KS4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhpcyBkb2N1bWVudCBjb3VsZCB1c2Ug YW4gZWRpdGluZyBwYXNzIGZvciBnbGl0Y2hlcywgYnV0IHRoZXNlIGdsaXRjaGVzIGRvIG5vdCBp bXBhY3QgaXRzIHJlYWRhYmlsaXR5LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUgZ2xpdGNoZXMgY29uc2lzdCZuYnNwOyBtb3N0bHkgb2Yg bGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxpa2UgJnF1b3Q7b2YmcXVvdDsgaW4gdGhlIGZvbGxv d2luZyBzZW50ZW5jZS48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPiZxdW90O1RoZSBhZG9wdGlvbiBvZiBhbiBTRE4gZnJhbWV3b3JrIGZvciBtYW5h Z2VtZW50IGFuZDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+Jm5ic3A7ICZuYnNwO2NvbnRyb2wgdGhlIG1pY3Jvd2F2ZSBpbnRlcmZhY2UgaXMgb25l IG9mIHRoZSBrZXkgYXBwbGljYXRpb25zIGZvcjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO3RoaXMgd29yay4mcXVvdDs8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5i c3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhlIHNl Y3VyaXR5IGNvbnNpZGVyYXRpb25zIHNheSB0aGF0IHRoZXkgYXNzdW1lIGEgc2VjdXJlIHRyYW5z cG9ydCBsYXllciAoYXV0aGVudGljYXRlZCwgcHJvYmFibHkgZW5jcnlwdGlvbiBpc24ndCBuZWNl c3NhcnkpIGZvciBjb21tdW5pY2F0aW9uLiZuYnNwOyBPdGhlciB0aGFuIHRoYXQsIHBlcmhhcHMs IHRoZXJlIG1pZ2h0IGJlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGZvciBpbmFkdmVydGVudGx5 IHNldHRpbmcNCiBwYXJhbWV0ZXJzIGluY29ycmVjdGx5LCBvciBtYWxpY2lvdXNseSBieSBhIHRy dXN0ZWQgYWRtaW5pc3RyYXRvci4mbmJzcDsgQnV0IHRoaXMgZG9jdW1lbnQgZG9lcyBub3Qgc3Bl Y2lmeSB0aGUgc3BlY2lmaWMgcGFyYW1ldGVycyB0byBiZSBtYW5hZ2VkLCBqdXN0IGEgZ2VuZXJh bCBmcmFtZXdvcmsuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6Izg4ODg4OCI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImNvbG9yOiM4ODg4ODgiPlJhZGlhPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojODg4ODg4 Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8 L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+ DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_VI1PR07MB3167FAE7BD03E6751047B60DF09B0VI1PR07MB3167eurp_-- From nobody Thu May 10 01:07:48 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CAC6126DFB; Thu, 10 May 2018 01:07:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gWbh2Ql0aN8l; Thu, 10 May 2018 01:07:40 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22E33124BFA; Thu, 10 May 2018 01:07:40 -0700 (PDT) Received: from lhreml705-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 7A563EA8D3533; Thu, 10 May 2018 09:07:34 +0100 (IST) Received: from DGGEMA406-HUB.china.huawei.com (10.3.20.47) by lhreml705-cah.china.huawei.com (10.201.108.46) with Microsoft SMTP Server (TLS) id 14.3.382.0; Thu, 10 May 2018 09:07:35 +0100 Received: from DGGEMA521-MBS.china.huawei.com ([169.254.5.75]) by DGGEMA406-HUB.china.huawei.com ([10.3.20.47]) with mapi id 14.03.0382.000; Thu, 10 May 2018 16:07:30 +0800 From: "Yemin (Amy)" To: Daniele Ceccarelli , Radia Perlman , "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" , The IESG , "secdir@ietf.org" Thread-Topic: Secdir review of draft-ietf-ccamp-microwave-framework-05 Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQA= Date: Thu, 10 May 2018 08:07:29 +0000 Message-ID: <9C5FD3EFA72E1740A3D41BADDE0B461FCF003252@dggema521-mbs.china.huawei.com> References: In-Reply-To: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.169.30.234] Content-Type: multipart/alternative; boundary="_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF003252dggema521mbschi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 May 2018 08:07:42 -0000 --_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF003252dggema521mbschi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgUmFkaWEsDQoNClRoYW5rcyBmb3IgeW91ciByZXZpZXcuDQoNClJlZ2FyZGluZyB0aGUgTk1T IGFuZCBTRE4sIGFzIERhbmllbGUgc3VnZ2VzdGVkLCB3ZSB3aWxsIGFkZCB0aGUgZm9sbG93aW5n IHRleHQgaW4gc2VjdGlvbiAzOg0K4oCcSXQncyBub3RlZCB0aGF0IHRoZXJlJ3MgaWRlYSB0aGF0 IHRoZSBOTVMgYW5kIFNETiBhcmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbXBvbmVudCwgYW5kIHRo ZSBkaXN0aW5jdGlvbiBiZXR3ZWVuIHRoZW0gaXMgcXVpdGUgdmFndWUuIEFub3RoZXIgZmFjdCBp cyB0aGF0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3Rp bGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxh bmUsIHdoaWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUg Y29udHJvbCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25lbnQu 4oCdDQoNClJlZ2FyZGluZyB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBk cmFmdCBkb2VzbuKAmXQgc3BlY2lmeSB0aGUgcGFyYW1ldGVycy4NClRoZXJl4oCZcyBhbm90aGVy IGRyYWZ0IGRyYWZ0LWlldGYtY2NhbXAtbXcteWFuZywgd2hlcmUgdGhlIHNlY3VyaXR5IGNvbnNp ZGVyYXRpb24gaXMgYWRkcmVzc2VkIGFzIHlvdSBzdWdnZXN0ZWQuDQoNCkJSLA0KQW15DQpGcm9t OiBEYW5pZWxlIENlY2NhcmVsbGkgW21haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24u Y29tXQ0KU2VudDogTW9uZGF5LCBNYXkgMDcsIDIwMTggNTo0NiBQTQ0KVG86IFJhZGlhIFBlcmxt YW4gPHJhZGlhcGVybG1hbkBnbWFpbC5jb20+OyBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m cmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnOyBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZz47IHNl Y2RpckBpZXRmLm9yZw0KU3ViamVjdDogUkU6IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1j Y2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1DQoNCkhpIFJhZGlhLA0KDQpsZXQgbWUgcmVwbHkg b24gYmVoYWxmIG9mIHRoZSBhdXRob3JzLiBGaXJzdCBvZiBhbGwgbWFueSB0aGFua3MgZm9yIHlv dXIgcmV2aWV3Lg0KDQpSZWdhcmRpbmcgeW91ciBxdWVzdGlvbiBhYm91dCB0cmFkaXRpb25hbCBO TVMgdnMgU0ROIEkgYWdyZWUgd2l0aCB5b3Ugb24gdGhlIGZhY3QgdGhhdCB0aGV5IGFyZSBldm9s dmluZyB0b3dhcmRzIGEgY29tbW9uIGNvbXBvbmVudCBhbmQgdGhlIGRpc3RpbmN0aW9uIGlzIHF1 aXRlIGJsdXJyeSwgYnV0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBO TVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFn ZW1lbnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBw bGFuZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSB0aGluZ3MuDQoNCkhlbmNl LCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVhayBhYm91dCDigJx0cmFkaXRpb25hbOKAnSBOTVMgYW5k IFNETiBJIHdvdWxkIHRlbmQgdG8gYWxsb3cgZm9yIHRoZSBkaXN0aW5jdGlvbiB0byBiZSBrZXB0 LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBzcGVha2luZyBhYm91dCB0aGUgY29udmVyZ2VuY2Ugb2Yg dGhlIHR3byB0aGluZ3MgY2FuIGJlIGFkZGVkLg0KDQpUaGFua3MgYSBsb3QNCkRhbmllbGUgIChj Y2FtcCBjby1jaGFpcikNCg0KRnJvbTogUmFkaWEgUGVybG1hbiBbbWFpbHRvOnJhZGlhcGVybG1h bkBnbWFpbC5jb21dDQpTZW50OiBsdW5lZMOsIDcgbWFnZ2lvIDIwMTggMDg6NTUNClRvOiBkcmFm dC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPG1haWx0 bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3Jn PjsgVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+Pjsgc2VjZGly QGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3 IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpTb3JyeS4uLnJl c2VuZGluZyBiZWNhdXNlIEkgbWlzdHlwZWQgdGhlIGF1dGhvciBhZGRyZXNzLg0KDQoNCi0tLS0t LS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLQ0KRnJvbTogUmFkaWEgUGVybG1hbiA8 cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTxtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbT4+DQpE YXRlOiBTdW4sIE1heSA2LCAyMDE4IGF0IDExOjQ4IFBNDQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3 IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KVG86IGRyYWZ0LWll dGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc8bWFpbHRv OmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5v cmc+LCBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+LCBzZWNk aXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4NClN1bW1hcnk6ICBObyBzZWN1cml0 eSBpc3N1ZXMgZm91bmQsIGJ1dCBJIGRvIGhhdmUgcXVlc3Rpb25zLCBhbmQgdGhlcmUgYXJlIGVk aXRpbmcgZ2xpdGNoZXMNCg0KSSBoYXZlIHJldmlld2VkIHRoaXMgZG9jdW1lbnQgYXMgcGFydCBv ZiB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUncyBvbmdvaW5nDQplZmZvcnQgdG8gcmV2aWV3IGFs bCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cuICBUaGVzZQ0KY29t bWVudHMgd2VyZSB3cml0dGVuIHByaW1hcmlseSBmb3IgdGhlIGJlbmVmaXQgb2YgdGhlIHNlY3Vy aXR5IGFyZWENCmRpcmVjdG9ycy4gIERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNoYWlycyBzaG91 bGQgdHJlYXQgdGhlc2UgY29tbWVudHMganVzdA0KbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNv bW1lbnRzLg0KDQpUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0aGUgbWFuYWdlbWVudCBpbnRlcmZh Y2UgZm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy4NCkl0IGFkdm9jYXRlcyAoY29ycmVjdGx5LCBJ IGJlbGlldmUpIHRoYXQgc3VjaCBhbiBpbnRlcmZhY2Ugc2hvdWxkIGJlIGV4dGVuc2libGUgdG8g cHJvdmlkZSBmb3IgdmVuZG9yLXNwZWNpZmljIGZlYXR1cmVzLg0KDQpJIGRvbid0IHVuZGVyc3Rh bmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICJhIHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdl bWVudCBzeXN0ZW0iIGFuZCBTRE4uICBQZXJoYXBzIGl0IGlzIG5vdCB0aGUgam9iIG9mIHRoaXMg ZG9jdW1lbnQgdG8gY2xlYXJseSBtYWtlIHRoZSBkaXN0aW5jdGlvbiwgYW5kIEkgc3VzcGVjdCB0 aGVyZSBpcyBubyByZWFsIGRpc3RpbmN0aW9uLi4uc2V0dGluZyBwYXJhbWV0ZXJzICh0cmFkaXRp b25hbCBuZXR3b3JrIG1hbmFnZW1lbnQpIGlzIGEgd2F5IG9mICJwcm9ncmFtbWluZyIgYW4gaW50 ZXJmYWNlICgiU0ROIikuDQoNClRoaXMgZG9jdW1lbnQgY291bGQgdXNlIGFuIGVkaXRpbmcgcGFz cyBmb3IgZ2xpdGNoZXMsIGJ1dCB0aGVzZSBnbGl0Y2hlcyBkbyBub3QgaW1wYWN0IGl0cyByZWFk YWJpbGl0eS4NCg0KVGhlIGdsaXRjaGVzIGNvbnNpc3QgIG1vc3RseSBvZiBsZWF2aW5nIG91dCBs aXR0bGUgd29yZHMgbGlrZSAib2YiIGluIHRoZSBmb2xsb3dpbmcgc2VudGVuY2UuDQoiVGhlIGFk b3B0aW9uIG9mIGFuIFNETiBmcmFtZXdvcmsgZm9yIG1hbmFnZW1lbnQgYW5kDQogICBjb250cm9s IHRoZSBtaWNyb3dhdmUgaW50ZXJmYWNlIGlzIG9uZSBvZiB0aGUga2V5IGFwcGxpY2F0aW9ucyBm b3INCiAgIHRoaXMgd29yay4iDQoNClRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBzYXkgdGhh dCB0aGV5IGFzc3VtZSBhIHNlY3VyZSB0cmFuc3BvcnQgbGF5ZXIgKGF1dGhlbnRpY2F0ZWQsIHBy b2JhYmx5IGVuY3J5cHRpb24gaXNuJ3QgbmVjZXNzYXJ5KSBmb3IgY29tbXVuaWNhdGlvbi4gIE90 aGVyIHRoYW4gdGhhdCwgcGVyaGFwcywgdGhlcmUgbWlnaHQgYmUgc2VjdXJpdHkgY29uc2lkZXJh dGlvbnMgZm9yIGluYWR2ZXJ0ZW50bHkgc2V0dGluZyBwYXJhbWV0ZXJzIGluY29ycmVjdGx5LCBv ciBtYWxpY2lvdXNseSBieSBhIHRydXN0ZWQgYWRtaW5pc3RyYXRvci4gIEJ1dCB0aGlzIGRvY3Vt ZW50IGRvZXMgbm90IHNwZWNpZnkgdGhlIHNwZWNpZmljIHBhcmFtZXRlcnMgdG8gYmUgbWFuYWdl ZCwganVzdCBhIGdlbmVyYWwgZnJhbWV3b3JrLg0KDQpSYWRpYQ0KDQoNCg== --_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF003252dggema521mbschi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 5a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtm b250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0 O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUg MiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOWui+S9kyI7DQoJ cGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0K cC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0K CW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5 OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNv LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVy bGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxl LXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5l O30NCnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0 eWxlLW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1y aWdodDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNt Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7 fQ0Kc3Bhbi5tNDEzMTM3NjcyODAzMTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21h aWwtbS01MDU3MDEwOTEyMTU3NzgyNTM0Z21haWwtaWwNCgl7bXNvLXN0eWxlLW5hbWU6bV80MTMx Mzc2NzI4MDMxMTY3MzA2Z21haWwtbV85MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbV8tNTA1NzAx MDkxMjE1Nzc4MjUzNGdtYWlsLWlsO30NCnNwYW4uaG9lbnpiDQoJe21zby1zdHlsZS1uYW1lOmhv ZW56Yjt9DQpzcGFuLkVtYWlsU3R5bGUyMA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglm b250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnNw YW4uRW1haWxTdHlsZTIxDQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQt ZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0KLk1zb0NocERl ZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9 DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcw Ljg1cHQgMi4wY20gMi4wY20gMi4wY207fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRT ZWN0aW9uMTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVk ZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0t PjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0K PG86aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+ PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iYmx1ZSIgdmxp bms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkhpIFJhZGlhLCA8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3 RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlRoYW5rcyBmb3IgeW91ciByZXZpZXcuIDxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjoj MUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+UmVnYXJkaW5nIHRoZSBOTVMgYW5kIFNETiwg YXMgRGFuaWVsZSBzdWdnZXN0ZWQsIHdlIHdpbGwgYWRkIHRoZSBmb2xsb3dpbmcgdGV4dCBpbiBz ZWN0aW9uIDM6DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+4oCcSXQncyBub3RlZCB0aGF0IHRoZXJlJ3MgaWRl YSB0aGF0IHRoZSBOTVMgYW5kIFNETiBhcmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbXBvbmVudCwg YW5kIHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVuIHRoZW0gaXMgcXVpdGUgdmFndWUuIEFub3RoZXIg ZmFjdCBpcyB0aGF0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMg aXMgc3RpbGwNCiBjb25zaWRlcmVkIGFzIHRoZSBpbXBsZW1lbnRhdGlvbiBvZiB0aGUgbWFuYWdl bWVudCBwbGFuZSwgd2hpbGUgU0ROIGlzIGNvbnNpZGVyZWQgYXMgdGhlIGNlbnRyYWxpemF0aW9u IG9mIHRoZSBjb250cm9sIHBsYW5lLiBUaGV5IGFyZSBzdGlsbCBrZXB0IGFzIHNlcGFyYXRlIGNv bXBvbmVudC7igJ08bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlJlZ2FyZGlu ZyB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBkcmFmdCBkb2VzbuKAmXQg c3BlY2lmeSB0aGUgcGFyYW1ldGVycy4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5UaGVyZeKAmXMgYW5vdGhl ciBkcmFmdCBkcmFmdC1pZXRmLWNjYW1wLW13LXlhbmcsIHdoZXJlIHRoZSBzZWN1cml0eSBjb25z aWRlcmF0aW9uIGlzIGFkZHJlc3NlZCBhcyB5b3Ugc3VnZ2VzdGVkLg0KPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0Qi PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJjb2xvcjojMUY0OTdEIj5CUiw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+QW15PG86cD48L286cD48 L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29s aWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxiPkZyb206PC9iPiBEYW5pZWxlIENlY2NhcmVsbGkgW21haWx0bzpkYW5pZWxl LmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tXQ0KPGJyPg0KPGI+U2VudDo8L2I+IE1vbmRheSwgTWF5 IDA3LCAyMDE4IDU6NDYgUE08YnI+DQo8Yj5Ubzo8L2I+IFJhZGlhIFBlcmxtYW4gJmx0O3JhZGlh cGVybG1hbkBnbWFpbC5jb20mZ3Q7OyBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdv cmsuYWxsQHRvb2xzLmlldGYub3JnOyBUaGUgSUVTRyAmbHQ7aWVzZ0BpZXRmLm9yZyZndDs7IHNl Y2RpckBpZXRmLm9yZzxicj4NCjxiPlN1YmplY3Q6PC9iPiBSRTogU2VjZGlyIHJldmlldyBvZiBk cmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0ibXNvLWZhcmVhc3Qt bGFuZ3VhZ2U6RU4tVVMiPkhpIFJhZGlhLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6 RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+bGV0IG1lIHJlcGx5IG9u IGJlaGFsZiBvZiB0aGUgYXV0aG9ycy4gRmlyc3Qgb2YgYWxsIG1hbnkgdGhhbmtzIGZvciB5b3Vy IHJldmlldy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1s YW5ndWFnZTpFTi1VUyI+UmVnYXJkaW5nIHlvdXIgcXVlc3Rpb24gYWJvdXQgdHJhZGl0aW9uYWwg Tk1TIHZzIFNETiBJIGFncmVlIHdpdGggeW91IG9uIHRoZSBmYWN0IHRoYXQgdGhleSBhcmUgZXZv bHZpbmcgdG93YXJkcyBhIGNvbW1vbiBjb21wb25lbnQgYW5kIHRoZSBkaXN0aW5jdGlvbiBpcyBx dWl0ZSBibHVycnksIGJ1dCB0aGVyZSBpcyBzdGlsbCBwbGVudHkNCiBvZiBuZXR3b3JrcyB3aGVy ZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1h bmFnZW1lbnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJv bCBwbGFuZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSB0aGluZ3MuPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1m YXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMi PkhlbmNlLCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVhayBhYm91dCDigJx0cmFkaXRpb25hbOKAnSBO TVMgYW5kIFNETiBJIHdvdWxkIHRlbmQgdG8gYWxsb3cgZm9yIHRoZSBkaXN0aW5jdGlvbiB0byBi ZSBrZXB0LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBzcGVha2luZyBhYm91dCB0aGUgY29udmVyZ2Vu Y2Ugb2YgdGhlIHR3byB0aGluZ3MgY2FuIGJlIGFkZGVkLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpF Ti1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5UaGFua3MgYSBsb3Q8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNv LWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPkRhbmllbGUmbmJzcDsgKGNjYW1wIGNvLWNoYWlyKTxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJt c28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1ZSAxLjVwdDtwYWRk aW5nOjBjbSAwY20gMGNtIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTti b3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Gcm9tOjwvYj4gUmFkaWEgUGVybG1hbiBbPGEgaHJl Zj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iPm1haWx0bzpyYWRpYXBlcmxtYW5AZ21h aWwuY29tPC9hPl0NCjxicj4NCjxiPlNlbnQ6PC9iPiBsdW5lZMOsIDcgbWFnZ2lvIDIwMTggMDg6 NTU8YnI+DQo8Yj5Ubzo8L2I+IDxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jv d2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnIj4NCmRyYWZ0LWlldGYtY2NhbXAtbWlj cm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+OyBUaGUgSUVTRyAmbHQ7PGEg aHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhy ZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciPnNlY2RpckBpZXRmLm9yZzwvYT48YnI+DQo8Yj5T dWJqZWN0OjwvYj4gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m cmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIj5Tb3JyeS4uLnJlc2VuZGlu ZyBiZWNhdXNlIEkgbWlzdHlwZWQgdGhlIGF1dGhvciBhZGRyZXNzLjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+PG86cD4m bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxzcGFuIGxh bmc9IklUIj4tLS0tLS0tLS0tIEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS08YnI+DQpGcm9t OiA8Yj5SYWRpYSBQZXJsbWFuPC9iPiAmbHQ7PGEgaHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBn bWFpbC5jb20iPnJhZGlhcGVybG1hbkBnbWFpbC5jb208L2E+Jmd0Ozxicj4NCkRhdGU6IFN1biwg TWF5IDYsIDIwMTggYXQgMTE6NDggUE08YnI+DQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRy YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNTxicj4NClRvOiA8YSBocmVmPSJt YWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1LmFsbEB0b29scy5p ZXRmLm9yZyI+ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1LmFsbEB0b29s cy5pZXRmLm9yZzwvYT4sIFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9y ZyI+aWVzZ0BpZXRmLm9yZzwvYT4mZ3Q7LA0KPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9y ZyI+c2VjZGlyQGlldGYub3JnPC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImZvbnQtc2l6ZTo5LjVwdDtm b250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyMjIyMjIiPlN1 bW1hcnk6Jm5ic3A7IE5vIHNlY3VyaXR5IGlzc3VlcyBmb3VuZCwgYnV0IEkgZG8gaGF2ZSBxdWVz dGlvbnMsIGFuZCB0aGVyZSBhcmUgZWRpdGluZyBnbGl0Y2hlczwvc3Bhbj48c3BhbiBsYW5nPSJJ VCI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIGxhbmc9IklUIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImZvbnQtc2l6ZTo5 LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyMjIy MjIiPkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5 IGRpcmVjdG9yYXRlJ3Mgb25nb2luZzxicj4NCmVmZm9ydCB0byZuYnNwOzxzcGFuIGNsYXNzPSJt NDEzMTM3NjcyODAzMTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3 MDEwOTEyMTU3NzgyNTM0Z21haWwtaWwiPnJldmlldzwvc3Bhbj4mbmJzcDthbGwgSUVURiBkb2N1 bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiZuYnNwOyBUaGVzZTxicj4NCmNvbW1l bnRzIHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0 eSBhcmVhPGJyPg0KZGlyZWN0b3JzLiZuYnNwOyBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFp cnMgc2hvdWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3Q8YnI+DQpsaWtlIGFueSBvdGhlciBs YXN0IGNhbGwgY29tbWVudHMuPC9zcGFuPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJJVCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPlRoaXMgZG9jdW1lbnQgZGVzY3JpYmVz IHRoZSBtYW5hZ2VtZW50IGludGVyZmFjZSBmb3IgbWljcm93YXZlIHJhZGlvIGxpbmtzLjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIGxhbmc9IklUIj5JdCBhZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1 Y2ggYW4gaW50ZXJmYWNlIHNob3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRv ci1zcGVjaWZpYyBmZWF0dXJlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+PG86cD4mbmJzcDs8L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iSVQiPkkgZG9uJ3QgdW5kZXJzdGFuZCB0aGUgZGlmZmVyZW5jZSBiZXR3ZWVuIGEgJnF1b3Q7 YSB0cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQgc3lzdGVtJnF1b3Q7IGFuZCBTRE4uJm5i c3A7IFBlcmhhcHMgaXQgaXMgbm90IHRoZSBqb2Igb2YgdGhpcyBkb2N1bWVudCB0byBjbGVhcmx5 IG1ha2UgdGhlIGRpc3RpbmN0aW9uLCBhbmQgSSBzdXNwZWN0IHRoZXJlIGlzIG5vIHJlYWwgZGlz dGluY3Rpb24uLi5zZXR0aW5nDQogcGFyYW1ldGVycyAodHJhZGl0aW9uYWwgbmV0d29yayBtYW5h Z2VtZW50KSBpcyBhIHdheSBvZiAmcXVvdDtwcm9ncmFtbWluZyZxdW90OyBhbiBpbnRlcmZhY2Ug KCZxdW90O1NETiZxdW90OykuJm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IklUIj5UaGlzIGRvY3VtZW50IGNvdWxkIHVzZSBhbiBlZGl0aW5nIHBhc3MgZm9yIGds aXRjaGVzLCBidXQgdGhlc2UgZ2xpdGNoZXMgZG8gbm90IGltcGFjdCBpdHMgcmVhZGFiaWxpdHku PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIj5UaGUgZ2xpdGNoZXMg Y29uc2lzdCZuYnNwOyBtb3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxpa2UgJnF1 b3Q7b2YmcXVvdDsgaW4gdGhlIGZvbGxvd2luZyBzZW50ZW5jZS48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+ JnF1b3Q7VGhlIGFkb3B0aW9uIG9mIGFuIFNETiBmcmFtZXdvcmsgZm9yIG1hbmFnZW1lbnQgYW5k PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOyAmbmJzcDtjb250cm9sIHRoZSBtaWNyb3dhdmUgaW50 ZXJmYWNlIGlzIG9uZSBvZiB0aGUga2V5IGFwcGxpY2F0aW9ucyBmb3I8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJ VCI+Jm5ic3A7ICZuYnNwO3RoaXMgd29yay4mcXVvdDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+PG86cD4m bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gbGFuZz0iSVQiPlRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBzYXkgdGhhdCB0 aGV5IGFzc3VtZSBhIHNlY3VyZSB0cmFuc3BvcnQgbGF5ZXIgKGF1dGhlbnRpY2F0ZWQsIHByb2Jh Ymx5IGVuY3J5cHRpb24gaXNuJ3QgbmVjZXNzYXJ5KSBmb3IgY29tbXVuaWNhdGlvbi4mbmJzcDsg T3RoZXIgdGhhbiB0aGF0LCBwZXJoYXBzLCB0aGVyZSBtaWdodCBiZSBzZWN1cml0eSBjb25zaWRl cmF0aW9ucyBmb3IgaW5hZHZlcnRlbnRseQ0KIHNldHRpbmcgcGFyYW1ldGVycyBpbmNvcnJlY3Rs eSwgb3IgbWFsaWNpb3VzbHkgYnkgYSB0cnVzdGVkIGFkbWluaXN0cmF0b3IuJm5ic3A7IEJ1dCB0 aGlzIGRvY3VtZW50IGRvZXMgbm90IHNwZWNpZnkgdGhlIHNwZWNpZmljIHBhcmFtZXRlcnMgdG8g YmUgbWFuYWdlZCwganVzdCBhIGdlbmVyYWwgZnJhbWV3b3JrLjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIiBz dHlsZT0iY29sb3I6Izg4ODg4OCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJjb2xv cjojODg4ODg4Ij5SYWRpYTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImNvbG9yOiM4 ODg4ODgiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rp dj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9i b2R5Pg0KPC9odG1sPg0K --_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF003252dggema521mbschi_-- From nobody Thu May 10 10:19:29 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79CF8126E01 for ; Thu, 10 May 2018 10:19:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.31 X-Spam-Level: X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=ZBXNKVLq; dkim=pass (1024-bit key) header.d=ericsson.com header.b=KzEd/H0r Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vV5wcmkorEya for ; Thu, 10 May 2018 10:19:25 -0700 (PDT) Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 221F3124B17 for ; Thu, 10 May 2018 10:19:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1525972763; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=uZre1LO2m5QTjayy0Q5w85Kd1iuAP6MI7rO9qLMC4AY=; b=ZBXNKVLqgXM4o4nUyiqXc8eVbuGL/rwAFypttBGfpPe2IFVjq5JUz6/ZIQS7tXGR 9o/O32XkJ+w3syIbFhwtkzM7PtUSnb/l2gvaNaoPVVlg9lch80DAHc6OrGUfhRpj KYdrQFQkDSKJzFRQMRmGAHJyt1mDJm1h1IbpDVQ4ONU=; X-AuditID: c1b4fb2d-689ff7000000050d-a0-5af47f1ae219 Received: from ESESSHC024.ericsson.se (Unknown_Domain [153.88.183.90]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 49.D5.01293.A1F74FA5; Thu, 10 May 2018 19:19:23 +0200 (CEST) Received: from ESESSMB504.ericsson.se (153.88.183.165) by ESESSHC024.ericsson.se (153.88.183.90) with Microsoft SMTP Server (TLS) id 14.3.382.0; Thu, 10 May 2018 19:19:22 +0200 Received: from ESESSMB504.ericsson.se (153.88.183.165) by ESESSMB504.ericsson.se (153.88.183.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 10 May 2018 19:19:22 +0200 Received: from NAM01-BY2-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB504.ericsson.se (153.88.183.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 10 May 2018 19:19:22 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=uZre1LO2m5QTjayy0Q5w85Kd1iuAP6MI7rO9qLMC4AY=; b=KzEd/H0rqWbFp9jK2JARp6qK00axPemVBUTfViMWWeKh+4fP9yY2+cPq4Sitm2Mce/WFmU1KTeLOnu6m/v5fQ4TwkjrbPNOwfsE87nHMU6XAx9yHH39XbG1Yz3fUnuGImcPmNWRwwARz7i82IXCYqEzAfJSjUFEn9BA0Ut1av9k= Received: from BYAPR15MB2216.namprd15.prod.outlook.com (52.135.196.155) by BYAPR15MB2311.namprd15.prod.outlook.com (52.135.197.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.735.17; Thu, 10 May 2018 17:19:19 +0000 Received: from BYAPR15MB2216.namprd15.prod.outlook.com ([fe80::7448:aaef:4239:1b5f]) by BYAPR15MB2216.namprd15.prod.outlook.com ([fe80::7448:aaef:4239:1b5f%13]) with mapi id 15.20.0755.012; Thu, 10 May 2018 17:19:18 +0000 From: Wassim Haddad To: Tero Kivinen CC: Wassim Haddad , "secdir@ietf.org" , Suresh Krishnan , "Juan Carlos Zuniga" Thread-Topic: Request Review draft-ietf-intarea-provisioning-domains-01 Thread-Index: AQHT6IMHB/fjqLq8BUOvEkTce/Hing== Date: Thu, 10 May 2018 17:19:18 +0000 Message-ID: <5D347C05-B251-489F-A520-5BE1FFF930D5@ericsson.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3273) x-originating-ip: [129.192.183.10] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BYAPR15MB2311; 7:wMGIlRt9TZgrdeWQTG4Lc55q2byb9hrNIKlasWyLmLiifv18d1lSP7V2AFKoHabktzJytjq3IDTqV4LhIMkmHQlCVOdPSCUU2FSib43iF9qGzmJ6Y2NDZNCdQF1SUcKkC8A56kFWB8xA/W0kBpT1VTdR6QBTN58M14NHbuWsvYnwg0qd5Miw1SFKrONOYZUhPl2rB7kqEO0HwNT4GIZgbI0Tc5JXHi+PF0G3axRfYFuR/pw5PR8/BUoSZsiCR9oX x-ms-exchange-antispam-srfa-diagnostics: SOS;SOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(39380400002)(366004)(396003)(189003)(199004)(316002)(5660300001)(54906003)(3846002)(3660700001)(4326008)(50226002)(5250100002)(97736004)(14454004)(57306001)(25786009)(8676002)(66066001)(105586002)(6116002)(6506007)(36756003)(33656002)(106356001)(7736002)(81156014)(8936002)(305945005)(81166006)(3280700002)(82746002)(44832011)(86362001)(2900100001)(6436002)(476003)(486006)(966005)(102836004)(6512007)(26005)(59450400001)(83716003)(6346003)(186003)(2616005)(68736007)(478600001)(6306002)(99286004)(6916009)(53936002)(2906002)(6486002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR15MB2311; H:BYAPR15MB2216.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BYAPR15MB2311; x-ms-traffictypediagnostic: BYAPR15MB2311: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(192374486261705); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231254)(944501410)(52105095)(149027)(150027)(6041310)(20161123564045)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:BYAPR15MB2311; BCL:0; PCL:0; RULEID:; SRVR:BYAPR15MB2311; x-forefront-prvs: 066898046A received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=wassim.haddad@ericsson.com; x-microsoft-antispam-message-info: sPJSyuD0IrrRq5JKlDNfYuSWANHFnd3eDio7UlX0RTEsQnzeli7AHdIm8tljn7+jbqnCHRIK34ut0zg2JYJwk9gjPgDugiGuO67H0Xp6LFj54dfYn38ThXDj9IHtjIv2WbDtB9msUzeZnEi9YNujt7uAlxufWQpiKiJmJDe0qXwWGEBGoZmOP/R+bw6+PsvC spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <3DF5C3A78A35084A98AFCE4BA721F8CE@namprd15.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: ef037c56-a434-4746-b844-08d5b69a29df X-MS-Exchange-CrossTenant-Network-Message-Id: ef037c56-a434-4746-b844-08d5b69a29df X-MS-Exchange-CrossTenant-originalarrivaltime: 10 May 2018 17:19:18.5289 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2311 X-OriginatorOrg: ericsson.com X-Brightmail-Tracker: H4sIAAAAAAAAA02SbUhTURjHOffebXezwXFpPikFrjQSnW9JQpFmRoO++E27H9KhFx3OabtT si+KkKhjYlLa1FriepuSvcy0FNRphsom+EVxSZpvjPIl0/UiSc47oW+///95/uc8z+HQpKxF EEyrtXpWp1Vp5EIJZcroZqJCyraYmAYPlWh0NaHEDxMrwsSN1nkqmVRaLL8J5dB2K6Vc2lCn kYzkfA6rUZewuugLWZK8nk2XoGiNvFk+YKfK0RxZg8Q04DMwbTdSNUhCy/AwAstCLckLG4JZ 55SIFx4ELxtb9yMybCFgxHTCW6DwJgGVk7sE32UiwDw+inixgKBvrFnojQhxDGw/dQi8HIBD oXexaz9B4j4EzX++iLyFwzgFlu40ivimK9D16baQZwU0TH/bv5vCYTDsmNkbl6alOAnGDYzX RvgI/BzrILxM4iCYWTQT/HYYLH0Tvk0Dwb2wK+D5GPS7q309clj1WKkDf9JsQDzbCGhYj+Q5 Fj4+799/GMB/BdBpXEa8eIugwmn2nRoBmy86RDznw1z7iM8/B25nr4+Pg9U4T/HhLhKGDN2i OhTX9N/kTXvLkfg0dL6P5m0lmNYdJM+hcNcwL/KyFPvDqGmReoQEVhTIsRxXkBsXr2B16myO K9QqtKz+Ndr7M4O2nage1P71oh1hGskPScsytxiZQFXClRbYEdCkPED6y/mDkUlzVKW3WF1h pq5Yw3J2FEJT8iCpwtrHyHCuSs/ms2wRqzuoErQ4uBxRkDWrLsut99OHKXprXSupYH1s+e5g 3hldW8I2T6ooYWtEk/5sduBUiOvaatXlnCTb9fizzsnIweQp631DUPGSXdk+mPTwUlW1ukF8 I+jkmvlzhiwBllse1Pu3Xc0Sp796Ik9BdV3apqPhabZKvwpHszt7543FPLwYfm85T05xearY CFLHqf4BD2ukIy8DAAA= Archived-At: Subject: [secdir] Request Review draft-ietf-intarea-provisioning-domains-01 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 May 2018 17:19:27 -0000 SGkgVGVybywNCg0KSW50YXJlYSBXRyBjaGFpcnMgd291bGQgbGlrZSBwbGVhc2UgdG8gKHJlKS1y ZXF1ZXN0IHNlY3VyaXR5IGRpcmVjdG9yYXRlIHRvIHJldmlldyBkcmFmdC1pZXRmLWludGFyZWEt cHJvdmlzaW9uaW5nLWRvbWFpbnMtMDEgKOKAnERpc2NvdmVyaW5nIFByb3Zpc2lvbmluZyBEb21h aW5zIE5hbWVzIGFuZCBEYXRh4oCdKToNCg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaWQvZHJhZnQt aWV0Zi1pbnRhcmVhLXByb3Zpc2lvbmluZy1kb21haW5zLTAxLnR4dA0KDQpDb21tZW50cyBhbmQg ZmVlZGJhY2sgd291bGQgYmUgaGlnaGx5IGFwcHJlY2lhdGVkLg0KDQoNClJlZ2FyZHMsDQoNCldh c3NpbSAmIEp1YW4gQ2FybG9z From nobody Thu May 10 10:23:11 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9823812D94C for ; Thu, 10 May 2018 10:23:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.309 X-Spam-Level: X-Spam-Status: No, score=-4.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=bITAbffg; dkim=pass (1024-bit key) header.d=ericsson.com header.b=WFlLONGW Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EprX1UYXJv0w for ; Thu, 10 May 2018 10:23:07 -0700 (PDT) Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 444B2124B17 for ; Thu, 10 May 2018 10:23:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1525972985; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ShGgzKRaEkmtqHxE+mcj3cCNuhYmIzFT027CMHqHth4=; b=bITAbffgk69wsXluKD4aKAj72rbowS0WGkjgOLVvqd+s+/W8ZJ2e2I8b1AtSRZwu VXHHsJApyv18t/Iaw/1XsIaUwzwn5Z4gqIeRG5gHGAQj/zpirvQm3QdlWGI+6Wdu Ny1TNhrFGWuI5PepcAnU1WP+wKmqcIlbsQDX36/r/J8=; X-AuditID: c1b4fb2d-689ff7000000050d-f0-5af47ff9341c Received: from ESESSHC015.ericsson.se (Unknown_Domain [153.88.183.63]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 50.46.01293.9FF74FA5; Thu, 10 May 2018 19:23:05 +0200 (CEST) Received: from ESESBMB503.ericsson.se (153.88.183.170) by ESESSHC015.ericsson.se (153.88.183.63) with Microsoft SMTP Server (TLS) id 14.3.382.0; Thu, 10 May 2018 19:23:05 +0200 Received: from ESESBMB503.ericsson.se (153.88.183.170) by ESESBMB503.ericsson.se (153.88.183.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 10 May 2018 19:23:04 +0200 Received: from NAM03-DM3-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB503.ericsson.se (153.88.183.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 10 May 2018 19:23:04 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ShGgzKRaEkmtqHxE+mcj3cCNuhYmIzFT027CMHqHth4=; b=WFlLONGWcAShU7my7YgKmURhwSfWrG2QUM/0JiXs9fBmBfC4L+7Zt6YACfbPUzLXOTnQtguS7kaetN9ZhyZKA+yqeXdCj7WvNlsMrUE9aAL/sojIbxs9rtCEAEguX2Wn5Uc3c3+vpOvNpSuQFmjS7SQYesIVh/AoO9pY7m3dxWM= Received: from BYAPR15MB2216.namprd15.prod.outlook.com (52.135.196.155) by BYAPR15MB2200.namprd15.prod.outlook.com (52.135.196.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.735.20; Thu, 10 May 2018 17:23:02 +0000 Received: from BYAPR15MB2216.namprd15.prod.outlook.com ([fe80::7448:aaef:4239:1b5f]) by BYAPR15MB2216.namprd15.prod.outlook.com ([fe80::7448:aaef:4239:1b5f%13]) with mapi id 15.20.0755.012; Thu, 10 May 2018 17:23:02 +0000 From: Wassim Haddad To: Tero Kivinen CC: Wassim Haddad , Suresh Krishnan , Juan Carlos Zuniga , "secdir@ietf.org" Thread-Topic: Request Review draft-ietf-intarea-provisioning-domains-01 Thread-Index: AQHT6IMHQpZDtTdqMEKZ/itlVZpOZQ== Date: Thu, 10 May 2018 17:23:01 +0000 Message-ID: <6C889A7B-D1F0-421F-93C3-538CD947420D@ericsson.com> References: <5D347C05-B251-489F-A520-5BE1FFF930D5@ericsson.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3273) x-originating-ip: [129.192.183.10] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BYAPR15MB2200; 7:yDpdefxIq1YbE2S3rD6Pky/vGeKRew76Nqf97Y98DTSTHgqBMuENGDx6zKeqgAYhYIkILS4HHLiwdSNgzbtEbuO01w16V6gJZIKXToBGJYj0i3htoWeT+wnhdjA6rYTUfLJWWzUatI66YdvJWmoe/2zSlHOaZHOeYjDdBDOzodUvVtju5oY6O9LvbemkI0GuDoqIvg4whA2Yzy6TOLr8ArDLKuXjeUWPd5Ace2mj3S3+m+fP6dqdkEmrk+aODGCB x-ms-exchange-antispam-srfa-diagnostics: SOS;SOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10009020)(979002)(366004)(39860400002)(346002)(396003)(376002)(39380400002)(199004)(189003)(36756003)(102836004)(33656002)(105586002)(26005)(2906002)(6346003)(86362001)(6436002)(229853002)(3280700002)(606006)(106356001)(3660700001)(5660300001)(14454004)(59450400001)(99286004)(76176011)(5250100002)(186003)(82746002)(6486002)(6506007)(2473003)(966005)(8676002)(476003)(2616005)(478600001)(66066001)(7736002)(53936002)(2900100001)(236005)(6306002)(8936002)(54906003)(6512007)(50226002)(6116002)(486006)(3846002)(54896002)(81166006)(25786009)(57306001)(446003)(6916009)(68736007)(4326008)(97736004)(81156014)(83716003)(44832011)(316002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR15MB2200; H:BYAPR15MB2216.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(2017052603328)(7153060)(7193020); SRVR:BYAPR15MB2200; x-ms-traffictypediagnostic: BYAPR15MB2200: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(37575265505322)(192374486261705); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231254)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:BYAPR15MB2200; BCL:0; PCL:0; RULEID:; SRVR:BYAPR15MB2200; x-forefront-prvs: 066898046A received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=wassim.haddad@ericsson.com; x-microsoft-antispam-message-info: cVh5JbXQwC+865jjT4kzZ9uLWdc2hQ4MSjzAjuiUJLAmo5MF0AWczJVbu1jQfASI4R7U/w15c6z8uzMJC2NWohfgRQyP/25JuJfa2ZJCgl1/qBP5/8kIm+XH7mOs1gSdN0QTlIEnwOZJFJe5udFM1VQ88MkHPXW9K1G2TQvaRK3ENAo4XGos3AXC5XG0lgei spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_6C889A7BD1F0421F93C3538CD947420Dericssoncom_" MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 4278f83f-3a9b-49c0-b5b2-08d5b69aaf07 X-MS-Exchange-CrossTenant-Network-Message-Id: 4278f83f-3a9b-49c0-b5b2-08d5b69aaf07 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 May 2018 17:23:01.9592 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2200 X-OriginatorOrg: ericsson.com X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0iTURjHOe/7br5eRsel+eAVF0lKXmYWfpDsgriIqE8RE7WhLzq87zXL IhTK8sLCrDCXNc2JZoaVl7xMNEtFU1dpX9Qsc2W6hHktTTS3d4Lffv/z/J5znsM5NCns4znT 8uR0RpEsSxTxbaiS869DfVezlqQBpXdcg5VjKhTcrZvmBxvLJ6ngpvx+6igl0WhWCcnb5XJK oht5YCX5YZSfpaQ2IbFMojyDUfgfuWATP9e0iVJ/Hrp841sRmY3UQfmIpgEHwa+btvnIhhbi dwjmC9utuNCAYEBtCtZbYQVB5ZiUYw0B058PmyQKLxDwwjjJ5zpKCKgwKi3tUwjKZovN7Xwc AMtVgzwTO2BPaNM3EiaJxHUINjrqCVNhNw4H7UIeyUnh0Diew+fYDz4ODJsdCu+D32tasyPA ofD99jzJzRQKz9eyzYchvAf+9NeafRI7wahebWbAGDRaHcmxI8xMbfA4doOOmTyLI4K5lRpq e/2TugCZBgXcQEBB97ClWQy9TztIrqDnw0S1kceFJgQthq8WywdKR8YtWyVA82o74vgUFKj0 Vhy7Q41ykipEYtWOaTmOgY5BPV9lvqk99JXoKdXWc5HYG+pa/TnFE+4VTFpxvB9ySh9ZWAK6 7lvkTqcM0TXIkWVYNiku8KAfo5DHsGxKsl8yk/4KbX2wNw3/fJvRM8OxLoRpJLITZEUvSYU8 WQabmdSFgCZFDoK/Q4tSoSBWlnmFUaREKy4mMmwXcqEpkZPAr0YrFeI4WTqTwDCpjGK7StDW ztnoUlgvE32gM0Kyrhal9XhU+d/PHQ90tVMqJwYrOqPGPQzVo0+iI744ul+tq13vV7idczpu eDw0xHsZ4Xb9RNtEf0QlkRr1cHNWtgLViz13wT5u6X3uruLw+MimtDNnxC0fWk8bvKS6a+6R Didzhm29whjv2KLSenkIK9ZoDXtdRBQbLxP7kApW9h9c9vthXAMAAA== Archived-At: Subject: [secdir] Fwd: Request Review draft-ietf-intarea-provisioning-domains-01 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 May 2018 17:23:09 -0000 --_000_6C889A7BD1F0421F93C3538CD947420Dericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 UmUtc2VuZGluZyB3aXRoIFN1cmVzaCBjb3JyZWN0IGVtYWlsIGFkZHJlc3MNCg0KDQpCZWdpbiBm b3J3YXJkZWQgbWVzc2FnZToNCg0KRnJvbTogV2Fzc2ltIEhhZGRhZCA8d2Fzc2ltLmhhZGRhZEBl cmljc3Nvbi5jb208bWFpbHRvOndhc3NpbS5oYWRkYWRAZXJpY3Nzb24uY29tPj4NClN1YmplY3Q6 IFJlcXVlc3QgUmV2aWV3IGRyYWZ0LWlldGYtaW50YXJlYS1wcm92aXNpb25pbmctZG9tYWlucy0w MQ0KRGF0ZTogTWF5IDEwLCAyMDE4IGF0IDEwOjE5OjU4IFBEVA0KVG86IFRlcm8gS2l2aW5lbiA8 a2l2aW5lbkBpa2kuZmk8bWFpbHRvOmtpdmluZW5AaWtpLmZpPj4NCkNjOiBXYXNzaW0gSGFkZGFk IDx3YXNzaW0uaGFkZGFkQGVyaWNzc29uLmNvbTxtYWlsdG86d2Fzc2ltLmhhZGRhZEBlcmljc3Nv bi5jb20+Piwgc2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+LCBTdXJlc2gg S3Jpc2huYW4gPHN1cmVzaC5rcmlzaG5hbkBlcmljc3Nvbi5jb208bWFpbHRvOnN1cmVzaC5rcmlz aG5hbkBlcmljc3Nvbi5jb20+PiwgSnVhbiBDYXJsb3MgWnVuaWdhIDxqdWFuY2FybG9zLnp1bmln YUBzaWdmb3guY29tPG1haWx0bzpqdWFuY2FybG9zLnp1bmlnYUBzaWdmb3guY29tPj4NCg0KSGkg VGVybywNCg0KSW50YXJlYSBXRyBjaGFpcnMgd291bGQgbGlrZSBwbGVhc2UgdG8gKHJlKS1yZXF1 ZXN0IHNlY3VyaXR5IGRpcmVjdG9yYXRlIHRvIHJldmlldyBkcmFmdC1pZXRmLWludGFyZWEtcHJv dmlzaW9uaW5nLWRvbWFpbnMtMDEgKOKAnERpc2NvdmVyaW5nIFByb3Zpc2lvbmluZyBEb21haW5z IE5hbWVzIGFuZCBEYXRh4oCdKToNCg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaWQvZHJhZnQtaWV0 Zi1pbnRhcmVhLXByb3Zpc2lvbmluZy1kb21haW5zLTAxLnR4dA0KDQpDb21tZW50cyBhbmQgZmVl ZGJhY2sgd291bGQgYmUgaGlnaGx5IGFwcHJlY2lhdGVkLg0KDQoNClJlZ2FyZHMsDQoNCldhc3Np bSAmIEp1YW4gQ2FybG9zDQoNCg== --_000_6C889A7BD1F0421F93C3538CD947420Dericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <988369F188BFC242BC6161DE9EEAA32E@namprd15.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KUmUtc2VuZGluZyB3aXRoIFN1cmVz aCBjb3JyZWN0IGVtYWlsIGFkZHJlc3M8YnIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRp diBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8ZGl2PjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3Rl IHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5CZWdpbiBmb3J3YXJkZWQgbWVz c2FnZTo8L2Rpdj4NCjxiciBjbGFzcz0iQXBwbGUtaW50ZXJjaGFuZ2UtbmV3bGluZSI+DQo8ZGl2 IHN0eWxlPSJtYXJnaW4tdG9wOiAwcHg7IG1hcmdpbi1yaWdodDogMHB4OyBtYXJnaW4tYm90dG9t OiAwcHg7IG1hcmdpbi1sZWZ0OiAwcHg7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJmb250LWZh bWlseTogLXdlYmtpdC1zeXN0ZW0tZm9udCwgSGVsdmV0aWNhIE5ldWUsIEhlbHZldGljYSwgc2Fu cy1zZXJpZjsgY29sb3I6cmdiYSgwLCAwLCAwLCAxLjApOyIgY2xhc3M9IiI+PGIgY2xhc3M9IiI+ RnJvbToNCjwvYj48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiAtd2Via2l0LXN5c3Rl bS1mb250LCBIZWx2ZXRpY2EgTmV1ZSwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+ V2Fzc2ltIEhhZGRhZCAmbHQ7PGEgaHJlZj0ibWFpbHRvOndhc3NpbS5oYWRkYWRAZXJpY3Nzb24u Y29tIiBjbGFzcz0iIj53YXNzaW0uaGFkZGFkQGVyaWNzc29uLmNvbTwvYT4mZ3Q7PGJyIGNsYXNz PSIiPg0KPC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luLXRvcDogMHB4OyBtYXJnaW4t cmlnaHQ6IDBweDsgbWFyZ2luLWJvdHRvbTogMHB4OyBtYXJnaW4tbGVmdDogMHB4OyIgY2xhc3M9 IiI+DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJraXQtc3lzdGVtLWZvbnQsIEhlbHZl dGljYSBOZXVlLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IGNvbG9yOnJnYmEoMCwgMCwgMCwgMS4w KTsiIGNsYXNzPSIiPjxiIGNsYXNzPSIiPlN1YmplY3Q6DQo8L2I+PC9zcGFuPjxzcGFuIHN0eWxl PSJmb250LWZhbWlseTogLXdlYmtpdC1zeXN0ZW0tZm9udCwgSGVsdmV0aWNhIE5ldWUsIEhlbHZl dGljYSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPjxiIGNsYXNzPSIiPlJlcXVlc3QgUmV2aWV3IGRy YWZ0LWlldGYtaW50YXJlYS1wcm92aXNpb25pbmctZG9tYWlucy0wMTwvYj48YnIgY2xhc3M9IiI+ DQo8L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW4tdG9wOiAwcHg7IG1hcmdpbi1yaWdo dDogMHB4OyBtYXJnaW4tYm90dG9tOiAwcHg7IG1hcmdpbi1sZWZ0OiAwcHg7IiBjbGFzcz0iIj4N CjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zeXN0ZW0tZm9udCwgSGVsdmV0aWNh IE5ldWUsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsgY29sb3I6cmdiYSgwLCAwLCAwLCAxLjApOyIg Y2xhc3M9IiI+PGIgY2xhc3M9IiI+RGF0ZToNCjwvYj48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQt ZmFtaWx5OiAtd2Via2l0LXN5c3RlbS1mb250LCBIZWx2ZXRpY2EgTmV1ZSwgSGVsdmV0aWNhLCBz YW5zLXNlcmlmOyIgY2xhc3M9IiI+TWF5IDEwLCAyMDE4IGF0IDEwOjE5OjU4IFBEVDxiciBjbGFz cz0iIj4NCjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbi10b3A6IDBweDsgbWFyZ2lu LXJpZ2h0OiAwcHg7IG1hcmdpbi1ib3R0b206IDBweDsgbWFyZ2luLWxlZnQ6IDBweDsiIGNsYXNz PSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiAtd2Via2l0LXN5c3RlbS1mb250LCBIZWx2 ZXRpY2EgTmV1ZSwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBjb2xvcjpyZ2JhKDAsIDAsIDAsIDEu MCk7IiBjbGFzcz0iIj48YiBjbGFzcz0iIj5UbzoNCjwvYj48L3NwYW4+PHNwYW4gc3R5bGU9ImZv bnQtZmFtaWx5OiAtd2Via2l0LXN5c3RlbS1mb250LCBIZWx2ZXRpY2EgTmV1ZSwgSGVsdmV0aWNh LCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+VGVybyBLaXZpbmVuICZsdDs8YSBocmVmPSJtYWlsdG86 a2l2aW5lbkBpa2kuZmkiIGNsYXNzPSIiPmtpdmluZW5AaWtpLmZpPC9hPiZndDs8YnIgY2xhc3M9 IiI+DQo8L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW4tdG9wOiAwcHg7IG1hcmdpbi1y aWdodDogMHB4OyBtYXJnaW4tYm90dG9tOiAwcHg7IG1hcmdpbi1sZWZ0OiAwcHg7IiBjbGFzcz0i Ij4NCjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zeXN0ZW0tZm9udCwgSGVsdmV0 aWNhIE5ldWUsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsgY29sb3I6cmdiYSgwLCAwLCAwLCAxLjAp OyIgY2xhc3M9IiI+PGIgY2xhc3M9IiI+Q2M6DQo8L2I+PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250 LWZhbWlseTogLXdlYmtpdC1zeXN0ZW0tZm9udCwgSGVsdmV0aWNhIE5ldWUsIEhlbHZldGljYSwg c2Fucy1zZXJpZjsiIGNsYXNzPSIiPldhc3NpbSBIYWRkYWQgJmx0OzxhIGhyZWY9Im1haWx0bzp3 YXNzaW0uaGFkZGFkQGVyaWNzc29uLmNvbSIgY2xhc3M9IiI+d2Fzc2ltLmhhZGRhZEBlcmljc3Nv bi5jb208L2E+Jmd0OywNCjxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciIGNsYXNzPSIi PnNlY2RpckBpZXRmLm9yZzwvYT4sIFN1cmVzaCBLcmlzaG5hbiAmbHQ7PGEgaHJlZj0ibWFpbHRv OnN1cmVzaC5rcmlzaG5hbkBlcmljc3Nvbi5jb20iIGNsYXNzPSIiPnN1cmVzaC5rcmlzaG5hbkBl cmljc3Nvbi5jb208L2E+Jmd0OywgSnVhbiBDYXJsb3MgWnVuaWdhICZsdDs8YSBocmVmPSJtYWls dG86anVhbmNhcmxvcy56dW5pZ2FAc2lnZm94LmNvbSIgY2xhc3M9IiI+anVhbmNhcmxvcy56dW5p Z2FAc2lnZm94LmNvbTwvYT4mZ3Q7PGJyIGNsYXNzPSIiPg0KPC9zcGFuPjwvZGl2Pg0KPGJyIGNs YXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+SGkgVGVybyw8YnIgY2xhc3M9 IiI+DQo8YnIgY2xhc3M9IiI+DQpJbnRhcmVhIFdHIGNoYWlycyB3b3VsZCBsaWtlIHBsZWFzZSB0 byAocmUpLXJlcXVlc3Qgc2VjdXJpdHkgZGlyZWN0b3JhdGUgdG8gcmV2aWV3IGRyYWZ0LWlldGYt aW50YXJlYS1wcm92aXNpb25pbmctZG9tYWlucy0wMSAo4oCcRGlzY292ZXJpbmcgUHJvdmlzaW9u aW5nIERvbWFpbnMgTmFtZXMgYW5kIERhdGHigJ0pOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NCjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL2lkL2RyYWZ0LWlldGYtaW50YXJlYS1w cm92aXNpb25pbmctZG9tYWlucy0wMS50eHQiIGNsYXNzPSIiPmh0dHBzOi8vd3d3LmlldGYub3Jn L2lkL2RyYWZ0LWlldGYtaW50YXJlYS1wcm92aXNpb25pbmctZG9tYWlucy0wMS50eHQ8L2E+PGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KQ29tbWVudHMgYW5kIGZlZWRiYWNrIHdvdWxkIGJl IGhpZ2hseSBhcHByZWNpYXRlZC48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xh c3M9IiI+DQpSZWdhcmRzLDxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCldhc3NpbSAmYW1w OyBKdWFuIENhcmxvczwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxiciBj bGFzcz0iIj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_6C889A7BD1F0421F93C3538CD947420Dericssoncom_-- From nobody Fri May 11 08:51:16 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9041312EAEE; Fri, 11 May 2018 08:51:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.399 X-Spam-Level: X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NXyj-5cG3m-X; Fri, 11 May 2018 08:50:57 -0700 (PDT) Received: from mail-lf0-x243.google.com (mail-lf0-x243.google.com [IPv6:2a00:1450:4010:c07::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0798312EAF7; Fri, 11 May 2018 08:50:57 -0700 (PDT) Received: by mail-lf0-x243.google.com with SMTP id r2-v6so8599721lff.4; Fri, 11 May 2018 08:50:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=/Utcay9ANfxXBPlrLudnx4FgPG4MIGu/4E/JQ+zn+2I=; b=dRGuhKa4ooaab289fyIwMn+RUhLq0U/N3v18r6GHydg1EZe9s/ao2QIqynXSgx6Txp wVzwx+BKdpOHOli09C0DkbY6DDRC5I8RKslfniZU6OUV8c0PqAqshW6XTOo2zNoOfirA 7Wny5GGn5C2jZjJJGkQ3VbQAPvv70J7Ih22PCx4q0GDdCbfn7HC9siJskxqM+ajcHrjQ 57uqM1V64APYKbTythXwCe2SQRPfCqf4TSb1uVHp6ius9ZpOjBhphAxd5tmEijMaWEr5 HS798FVWAv4HOaQdIBY50tMbCJlrRO0OJk8b7QyEd41BfK9TQtAa/qZbye55tfW2Ql2D 7CWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=/Utcay9ANfxXBPlrLudnx4FgPG4MIGu/4E/JQ+zn+2I=; b=gs3o2jpI9KBClS0t5zcsh07pP4Kl82QGuf/9fed6VVore0HO5DqejropmglKVG9IIf k+8LljWNJE//At0On2W7qTZMzOXpXPuCIHWB7AvtoIW/pV6NY6mC/ogx8saYrJh+N9PP /UXYNpahgayV4EDc10B24+slbhAVRghPt9J/JPQNp98PHqZiWjN+oifShpPbAJ7EGOXp uXFQwavbUo4JnJnOjTixni11RWXhPlf1GYF+MkPgiSKGzBXZ/nULUE0WqKU1QygCa/UN V1E2mZUWqoaE0LULCO6zMLjUjXG3/T2wAIVRVgZM20KyHKZh/SUbuj5ngxb8qotJF0sJ r+xQ== X-Gm-Message-State: ALKqPwdQ6zyclpV30ygnoED5q4NhVSSh9KbAvJ+JhAOnBb+8wqMvfNvu +/V7F36VS+qe1kz1i84ysC+EDmENpCTQLo2qcmSo5g== X-Google-Smtp-Source: AB8JxZoJPAQCTahGmmQ0KI8rc5i+weFgxz9FL4sGE+h9UH1ANTvX4UBfOwL6j2Jdo+MA8CTdud9FCPHn1I8ovy1exTc= X-Received: by 2002:a19:2143:: with SMTP id h64-v6mr1865250lfh.73.1526053855198; Fri, 11 May 2018 08:50:55 -0700 (PDT) MIME-Version: 1.0 Sender: mglt.ietf@gmail.com Received: by 10.46.158.88 with HTTP; Fri, 11 May 2018 08:50:54 -0700 (PDT) In-Reply-To: <052201d3e247$19431b20$4bc95160$@augustcellars.com> References: <152485706488.6011.12980717250490137013@ietfa.amsl.com> <052201d3e247$19431b20$4bc95160$@augustcellars.com> From: Daniel Migault Date: Fri, 11 May 2018 11:50:54 -0400 X-Google-Sender-Auth: G5Fi-cACOSEOFW2F-2PJliiK4C8 Message-ID: To: Jim Schaad Cc: secdir@ietf.org, spasm@ietf.org, ietf@ietf.org, draft-ietf-lamps-rfc5751-bis.all@ietf.org Content-Type: multipart/alternative; boundary="000000000000f284ee056bf019b1" Archived-At: Subject: Re: [secdir] [lamps] Secdir last call review of draft-ietf-lamps-rfc5751-bis-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 May 2018 15:51:06 -0000 --000000000000f284ee056bf019b1 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Jim, Thanks you for the clarifications. Please see my comments inline. Yours, Daniel On Wed, May 2, 2018 at 2:55 PM, Jim Schaad wrote: > I have published a -08 with these changes. > > > -----Original Message----- > > From: Daniel Migault > > Sent: Friday, April 27, 2018 12:24 PM > > To: secdir@ietf.org > > Cc: spasm@ietf.org; ietf@ietf.org; draft-ietf-lamps-rfc5751-bis.a > ll@ietf.org > > Subject: Secdir last call review of draft-ietf-lamps-rfc5751-bis-07 > > > > Reviewer: Daniel Migault > > Review result: Has Nits > > > > Hi, > > > > > > I have reviewed this document as part of the security directorate's > ongoing > > effort to review all IETF documents being processed by the IESG. > > These comments were written primarily for the benefit of the security > area > > directors. Document editors and WG chairs should treat these comments > > just like any other last call comments. > > > > The summary of the review is Has Minor Nits > > > > > > Please find my comments while reading the draft. > > > > Yours, > > > > Daniel > > > > > > 1. Introduction > > > > As a supplementary service, S/MIME provides for message > > compression. > > > > maybe : > > As a supplementary service, S/MIME provides message > > compression. > > > > Done > > > > > 1.3. Conventions Used in This Document > > > > The term RSA in this document almost always refers to the PKCS#1 v1.5 > > RSA signature or encryption algorithms even when not qualified as > > such. > > > > I am not sure format would not be more appropriated than algorithm, so > > maybe: > > > > The term RSA in this document almost always refers to the PKCS#1 v1.5 > > RSA signature or encryption *format* even when not qualified as > > such. > > Interesting observation. In all of the work that I have ever done I have > always referred to the difference between PKCS #v1.5 signature, PKCS #v1.= 5 > encryption, OAEP, PSS and KEM and different encryption algorithms rather > than just saying that the formats are different. Saying format would mak= e > a degree of sense between the two different 1.5 algorithms, however if yo= u > compare v1.5 signature and PSS then more than just the format of the data > can be thought of as being involved. > > I don't think that this makes sense. > This comment was just mentioned as potential nits. I am fine with protocol and understand the reasons. Thanks for the explanation. I cannot find where I found the use of "format" and RFC8017 seems to use "scheme". > > > > > > 2.3. KeyEncryptionAlgorithmIdentifier > > > > When ECDH ephemeral-static is used, a key wrap algorithm is also > > specified in the KeyEncryptionAlgorithmIdentifier [RFC5652]. The > > underlying encryption functions for the key wrap and content > > encryption algorithm ([RFC3370] and [RFC3565]) and the key sizes for > > the two algorithms MUST be the same (e.g., AES-128 key wrap algorith= m > > with AES-128 content encryption algorithm). > > > > I understand the recommendation for a sending agent, but it seems that > > additional text should be provided in order to describe the behavior of > the > > receiver. I am wondering if the receiver is expected to reject the > message or > > whether it should assume the associated protection is the least of the > two. > > Maybe specifying this is only for sending agent may also clarify this. > > This probably falls under the category of "I don't care", the object is t= o > make sending agents do the right thing. However, I have added test about > security strengths for reciepents. > Thanks. > > > > > 2.4.4. AuthEnvelopedData Content Type > > > > This content type does not provide > > authentication or non-repudiation. > > > > is a really helpful clarification ;-) Maybe it could be helpful to use > the same > > formulation for section 2.4.2. SignedData Content Type by > > replacing: > > > > Applying a > > signature to a message provides authentication, message integrity, > > and non-repudiation of origin. > > > > > > This content type provides provides authentication, message integrity, > and > > non-repudiation of origin. A sender signs the message with its own > private > > key and shares public part of it with the recipient to validate the > signature. > > I don't think this necessary for the other content types. The problem is > that many people think that AED algorithms automatically provide > authentication. There are some situations where this is true, but they a= re > not met when doing S/MIME. > > I agree. My comment was only to mention that 2.4.2 and 2.4.4 could use similar formulation. > > > 2.5. Attributes and the SignerInfo Type > > > > It would probably ease the reading and clarifying the purpose of the > > SignerInfo's attribute. Typically, some of them might necessary to > validate > > the received message, while others are informational in prevision of a > > response. This is clarified later in the document but could be introduc= ed > > here. I also believe that would be good to also include that there is a > > bootstrapping issue that is solved by the compliance of the > implementations > > in supporting the recommended algorithms. > > > > A reference to section 2.7 may be useful as this section clarifies how > the > > sending agent uses these information - at least for the encryption. > > I have added the following sentence to the first paragraph > > These attributes can be required for processing of message (i.e. Message > Digest), information the signer supplied (i.e. SMIME Capabilities) that > should be processed, or attributes which are not relevant in the current > situation (i.e. mlExpansionList for mail viewe= rs). > > I don't think a forward reference to 2.7 would be useful at this point. > I think that helps the reading. Thank you. > > > > > 2.5.1. Signing Time Attribute > > > > The message originator has not been specified before, it may be good to > > clarify how it differs from the sender. It may also be good to specify > how this > > value is being used - against replay attacks. section 2.7.1 provides > some > > indications of the expected usage of the signing time attribute but it > seems > > more associated to the capabilities. > > Replaced message originator with signer. > ok > > > > > 2.5.2. SMIME Capabilities Attribute > > > > A client does not have to list every capability it > > supports, and need not list all its capabilities so that the > > capabilities list doesn't get too long. > > > > It might be worth providing a recommendation on what too long means, > > especially as a resulting list of capabilities is (expected) to be > relatively short > > compared to the message itself - but I might be wrong. > > My reading of this attribute - and again I might be wrong - is that it > would be > > useless if implementations would follow the cryptographic > > recommendations. It is mostly useful to have non updated senders to > > received responses from up-to-date responders. In addition, this > > information is likely cached and as such may not be unnecessarily be > > repeated. Wouldn't a MAY be more appropriated ? > > I don't really want to try and quantify what long means because for > different clients it can mean different things. In some considerations o= ne > could consider listing 3 encryption algorithms to be long while in other > situations it might be 30 encryption algorithms that is too long. If I > want to send you a message and need to be sure that there is a common > enabled language then 30 encryption algorrithms is better. On the other > hand trying to figure out a common algorithm for a message going to 100 > recipients where each has a different set of algorithms and in a differen= t > ranking order and come up with the best one means even 3 can feel really > long. > > The problem is not byte count as even 30 items at 10 bytes apiece is only > 300 bytes which relative to the rest of a signed MIME message is pretty > small. The problem is the question of how to make a decision and the > parameters are different based on how that algorithm is implemented. > > While the information can be cached, I don't know that it can be assured > to be cached. Additionally this might put a greater burden on the sender > as it would need to know if the current configuration has been sent to a > recipient. It is easier to just always send the list. However I cannot > see that there is any requirements on the document on having sending the > attribute just on receiving it. > > I got it, but my point was that by having a mandatory to implement cryptography document, would enable to have inter operable cryptographic primitives that evolve over time. Such document will provide the necessary overlaps. This is how we proceed with IKEv2 / IPsec... but S/MIME may have different deployment considerations. I see your last comment you do not think that is useful. I am fine as long as I am sure you got my purpose.. > > > > > Note also that while we have some cryptographic recommendations for RSA= , > > I would have expected a table summarizing the cryptographic > > recommendations with other algorithms than RSA. > > I don't know that adding a table is going to be useful. Much of this > information is not really designed to be put into a table unless you are > going to footnote the heck out of it which kind of defeats the process. > This information is scattered through out the document, but it tries to b= e > in the right place for a specific field. > > I agree with you point. However, I believe that a mandatory to implement guidance section or document would be helpful to specify which crypto is mandatory and the status of the other algorithms. Evolution of the crypto may address another scope than the protocol description and might be another document. Again this is addressed by your last comment. > > > > 2.5.3. Encryption Key Preference Attribute > > > > This attribute is designed to > > enhance behavior for interoperating with those clients that use > > separate keys for encryption and signing. > > > > Maybe that would be good to position this attribute versus the keyusage > > when certificate are used to split the usage of each keys. I am > wondering if a > > recommendation could be state on whether one or both means should be > > used and if one overwrite the other. A preference may still be useful = to > > indicate a preference when multiple keys for a given role are available= . > Is key > > management a relevant usage for preference ? > > > > I understand that Signing Time is being used to update the preferred > > keys as one way to performed key roll over. > > While there is some similarity between key usage and this attribute, the > attribute is more general and allows for things which are not necessarily > mentioned here. As an example, one could send different certificates wit= h > different algorithms or key sizes and express a preference on which > certificate to use. It may be that the names between the signing > certificate and encryption key certificate are not the same, in that case > which should be used. I think that this is covered in the introduction > and a reference to key usage is not really helpful. > > The response clarifies my question thanks. > > > > > > 3.1. Preparing the MIME Entity for Signing, Enveloping, or Compressing > > > > A MIME entity can be a sub- > > part, sub-parts of a message, or the whole message with all its sub- > > parts. > > > > I am wondering if "a subpart, many subparts or ..." would not be cleare= r. > > I don't see this as being clearer. > > > > > I understand that "message" in the first paragraph is used as the MIME > > message and in other words, the message is not designating the mail. I = am > > reading message as MIME multi-part message and the MIME entities as a > > subset of MIME headers and parts of MIME multi-part message. Similarly > > MIME body would be the MIME multi-part message. Is that correct ? I > > believe the terminology paragraph could be clarified. > > There is no requirement that message be multi-part, it could be a > single-part message such as text/plain. However that is generally > correct. How do you believe that the text can be clarified. Specific te= xt > would be helpful. > I believe that replacing message by MIME message would clarify the difference between the message of the email. Then clarifying that MIME message is composed of MIME entities. Here is what I would propose: S/MIME is used to secure MIME entities. A MIME message is composed of a MIME header and a MIME body, which both can be constituted of a single part or of multiple parts. Any of these parts is designated as a MIME message part. A MIME entity can be a sub- part, sub-parts of a MIME message, or the whole Mime message with all its sub- parts. A MIME entity that is the whole MIME message includes only the MIME message headers and MIME body, and does not include the RFC-822 header. Note that S/MIME can also be used to secure MIME entities used in applications other than Internet mail. If protection of the RFC-822 header is required, the use of the message/rfc822 media type is explained later in this section. > > > > > > > It is > > RECOMMENDED that a distinction be made between the location of the > > header. > > > > I believe the purpose is to make a distinction between "protected" and > > 'unprotected' to the end user. I would thus keep this distinction even > though > > this translates into 'inner' / 'outer'. > > The problem of how to do this has been a topic of many discussions withou= t > ever getting to a conclusion. One of the problems is that protected can > mean some different things depending on how you protect the headers. For > example, one could have a multipart/mixed message with two sections each = of > which consists of an encrypted message. If each of those has different > protected headers in them then, while the difference between inner and > outer makes sense as that is part of the tree structure, which set of > protected headers now needs to be dealt with. > > Thanks for the explanation. I agree. > > > > > > 3.3. Creating an Enveloped-Only Message > > > > > > A sample message would be: > > > > Content-Type: application/pkcs7-mime; name=3Dsmime.p7m; > > smime-type=3Denveloped-data > > > > Shouldn't we use an OID instead of data for the example ? > > I don't know what you are trying to ask here. > I though of specifying an OID instead of using data, but I agree that data is preferred. > > > > > > > > > 3.4. Creating an Authenticated Enveloped-Only Message > > > > I believe the word "proof" is missing. > > > > It is important to note that > > sending authenticated enveloped messages does not provide for > > origination when using S/MIME. > > > > Maybe we should specify that this is especially true when multiple > recipients > > are involved. > > done > > > > > 3.5.3. Signing Using the multipart/signed Format > > > > The first part contains > > the MIME entity that is signed; the second part contains the > > "detached signature" CMS SignedData object in which the > > encapContentInfo eContent field is absent. > > > > I believe it would be good to specify parts are ordered as this is not > always > > the case of parts. What is unclear to me is why the second part is > separated > > by a boundary usually used to separate parts. It seems boundary can als= o > be > > used as boundary inside a part which seems to make part parsing harder. > > The order is part of the definition of multipart/signed. > > In the definition of multipart/*, the rules require that the boundary > string not exist within any of the different child body parts. This mean= s > that it can be used to uniquely distinguish the boundaries. > Agree. Thanks for the clarification. > > > > > > > > > 3.5.3.2. Creating a multipart/signed Message > > > > Algorithm Value Used > > MD5 md5 > > SHA-1 sha-1 > > SHA-224 sha-224 > > SHA-256 sha-256 > > SHA-384 sha-384 > > SHA-512 sha-512 > > Any other (defined separately in algorithm profile or "unknown" if > > not defined) > > > > > > Should we have any recommendations on the hash algorithm to be used by > > sender / receivers ? Is that possible to deprecate MD5, SHA-1 and > > SHA-224 for senders ? > > The recommendations on which algorithms to use is part of the signature > algorithm recommendations. This is a different table and removing items > would be potentially harmful. > > I am reading this as new implementations should still implement MD5. If so, I believe an explanation might be useful. > > > > > > 3.7. Multiple Operations > > > > Would it be recommended to have signed clear text than encrypted and > > then signed encrypted ? This seems to address all security concerns. > > There are a large number of security concerns that have been uncovered > with each of the different orders of operations. Part of the question is > going to be what concern are you trying to address and what are the > informal rules about this. I don't think at this point we can really giv= e > an order, however RFC 2634 does have some guidance. > Correct. Maybe it would be useful the section references ESS for further recommendations. But I agree the reference has been mentioned earlier. > > > > > 3.9. Registration Requests > > > > Should we mention DANE rfc8162 as a way to register you public key ? > > I don't think so, we don=E2=80=99t ever talk about how to find keys in th= e > document. > Agree ;-) > > > > > 4. Certificate Processing > > > > EdDSA Signatures recommendations for curve25519 and curve448 seems to > > be missing in the key pair generating , signature section. Are there an= y > > reasons not to consider these curves ? > > > > May be useful to have the following references: > > [1] https://datatracker.ietf.org/doc/draft-ietf-curdle-cms-eddsa > -signatures/ > > [2] https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix/ > > Should have had [1] as a reference, the reference was there but not the > pointer to it. > The second would be referenced in rfc5750-bis not here. > > > > > 6. Security Considerations > > > > I am wondering if any considerations should be provided for data at res= t. > > Does the email needs to be archived encrypted or not and whether S/MIME > > can be used to store encrypted content. I believe that email should not > be > > stored encrypted and as such S/MIME is only intended to > > protect mails in transit.... but I might be wrong. > > I believe you to be wrong. There are no problems w/ using S/MIME as a > data at rest protection scheme. The question of storing messages as > encrypted or not is something that different clients have dealt with in > different ways. The client I use leaves things encrypted which I conside= r > to be the correct answer. > > I see why... if there are no clear rules, it might be better to leave it as it is. I agree. > > > > As a general comment I would have like a table that summarizes or > explicitly > > mention what crypto is recommended for encrypting / signing. > > RSA is being discussed, but ECDSA EdDSA, ECDH, hash... are not. I belie= ve > > such tables should be updated regularly to deprecate and introduce new > > algorithms while leaving S/MIME unchanged. > > To do this would require that the algorithms be maintained in a separate > document. As above, I don't think a separate table adds to clarity as it > duplicates information and would be hard to write. > > > > > There are a lot of double space in the text. > > > > > Jim > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --000000000000f284ee056bf019b1 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Jim,

Thanks you for the cl= arifications. Please see my comments inline.

Yours,=C2=A0
Daniel

On Wed, May 2, 2018 at 2:55 PM, Jim Schaad <ietf@= augustcellars.com> wrote:
I= have published a -08 with these changes.

> -----Original Message-----
> From: Daniel Migault <daniel.migault@ericsson.com>
> Sent: Friday, April 27, 2018 12:24 PM
> To: secdir@ietf.o= rg
> Cc: spasm@ietf.org= ; ietf@ietf.org;= draft-ietf-lamps-rfc5751-bis.all@ietf.org
> Subject: Secdir last call review of draft-ietf-lamps-rfc5751-bis-07
>
> Reviewer: Daniel Migault
> Review result: Has Nits
>
> Hi,
>
>
> I have reviewed this document as part of the security directorate'= s ongoing
> effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security = area
> directors.=C2=A0 Document editors and WG chairs should treat these com= ments
> just like any other last call comments.
>
> The summary of the review is Has Minor Nits
>
>
> Please find my comments while reading the draft.
>
> Yours,
>
> Daniel
>
>
> 1.=C2=A0 Introduction
>
> As a supplementary service, S/MIME provides for message
>=C2=A0 =C2=A0 compression.
>
> maybe :
> As a supplementary service, S/MIME provides message
>=C2=A0 =C2=A0 compression.
>

Done

>
> 1.3.=C2=A0 Conventions Used in This Document
>
> The term RSA in this document almost always refers to the PKCS#1 v1.5<= br> >=C2=A0 =C2=A0 RSA signature or encryption algorithms even when not qual= ified as
>=C2=A0 =C2=A0 such.
>
> I am not sure format would not be more appropriated than algorithm, so=
> maybe:
>
> The term RSA in this document almost always refers to the PKCS#1 v1.5<= br> >=C2=A0 =C2=A0 RSA signature or encryption *format* even when not qualif= ied as
>=C2=A0 =C2=A0 such.

Interesting observation.=C2=A0 In all of the work that I have ever d= one I have always referred to the difference between PKCS #v1.5 signature, = PKCS #v1.5 encryption, OAEP, PSS and KEM and different encryption algorithm= s rather than just saying that the formats are different.=C2=A0 Saying form= at would make a degree of sense between the two different 1.5 algorithms, h= owever if you compare v1.5 signature and PSS then more than just the format= of the data can be thought of as being involved.

I don't think that this makes sense.

This comment was just mentioned as=C2=A0 potential nits. I am fine with p= rotocol and understand the reasons. Thanks for the explanation. I cannot fi= nd where I found the use of "format" and RFC8017 seems to use &qu= ot;scheme".
=C2=A0=C2=A0
>
>
> 2.3.=C2=A0 KeyEncryptionAlgorithmIdentifier
>
> When ECDH ephemeral-static is used, a key wrap algorithm is also
>=C2=A0 =C2=A0 specified in the KeyEncryptionAlgorithmIdentifier [R= FC5652].=C2=A0 The
>=C2=A0 =C2=A0 underlying encryption functions for the key wrap and cont= ent
>=C2=A0 =C2=A0 encryption algorithm ([RFC3370] and [RFC3565]) and the ke= y sizes for
>=C2=A0 =C2=A0 the two algorithms MUST be the same (e.g., AES-128 key wr= ap algorithm
>=C2=A0 =C2=A0 with AES-128 content encryption algorithm).
>
> I understand the recommendation for a sending agent, but it seems that=
> additional text should be provided in order to describe the behavior o= f the
> receiver. I am wondering if the receiver is expected to reject the mes= sage or
> whether it should assume the associated protection is the least of the= two.
> Maybe specifying this is only for sending agent may also clarify this.=

This probably falls under the category of "I don't care&quo= t;, the object is to make sending agents do the right thing.=C2=A0 However,= I have added test about security strengths for reciepents.

Thanks.
=C2=A0

>
> 2.4.4.=C2=A0 AuthEnvelopedData Content Type
>
> This content type does not provide
>=C2=A0 =C2=A0 authentication or non-repudiation.
>
> is a really helpful clarification ;-) Maybe it could be helpful to use= the same
> formulation for section 2.4.2.=C2=A0 SignedData Content Type by
> replacing:
>
> Applying a
>=C2=A0 =C2=A0 signature to a message provides authentication, message i= ntegrity,
>=C2=A0 =C2=A0 and non-repudiation of origin.
>
>
> This content type provides provides authentication, message integrity,= and
> non-repudiation of origin. A sender signs the message with its own pri= vate
> key and shares public part of it with the recipient to validate the si= gnature.

I don't think this necessary for the other content types.=C2=A0 = The problem is that many people think that AED algorithms automatically pro= vide authentication.=C2=A0 There are some situations where this is true, bu= t they are not met when doing S/MIME.

I agree. My comment was only to mention = that 2.4.2 and 2.4.4 could use similar formulation.

>
> 2.5.=C2=A0 Attributes and the SignerInfo Type
>
> It would probably ease the reading and clarifying the purpose of the > SignerInfo's attribute. Typically, some of them might necessary to= validate
> the received message, while others are informational in prevision of a=
> response. This is clarified later in the document but could be introdu= ced
> here. I also believe that would be good to also include that there is = a
> bootstrapping issue that is solved by the compliance of the implementa= tions
> in supporting the recommended algorithms.
>
> A reference to section 2.7 may be useful as this section clarifies how= the
> sending agent uses these information - at least for the encryption.
I have added the following sentence to the first paragraph

These attributes can be required for processing of message (i.e. Message Di= gest), information the signer supplied (i.e. SMIME Capabilities) that shoul= d be processed, or attributes which are not relevant in the current situati= on (i.e. mlExpansionList <xref target=3D"RFC2634"/> for mai= l viewers).

I don't think a forward reference to 2.7 would be useful at this point.=

I think that helps the reading. Thank = you.=C2=A0

>
> 2.5.1.=C2=A0 Signing Time Attribute
>
> The message originator has not been specified before, it may be good t= o
> clarify how it differs from the sender. It may also be good to specify= how this
> value is being used - against replay attacks.=C2=A0 section 2.7.1 prov= ides some
> indications of the expected usage of the signing time attribute but it= seems
> more associated to the capabilities.

Replaced message originator with signer.
ok

>
> 2.5.2.=C2=A0 SMIME Capabilities Attribute
>
> A client does not have to list every capability it
>=C2=A0 =C2=A0 supports, and need not list all its capabilities so that = the
>=C2=A0 =C2=A0 capabilities list doesn't get too long.
>
> It might be worth providing a recommendation on what too long means, > especially as a resulting list of capabilities is (expected) to be rel= atively short
> compared to the message itself - but I might be wrong.
> My reading of this attribute - and again I might be wrong - is that it= would be
> useless if implementations would follow the cryptographic
> recommendations.=C2=A0 It is mostly useful to have non updated senders= to
> received responses from up-to-date responders. In addition, this
> information is likely cached and as such may not be unnecessarily be > repeated. Wouldn't a MAY be more appropriated ?

I don't really want to try and quantify what long means because = for different clients it can mean different things.=C2=A0 In some considera= tions one could consider listing 3 encryption algorithms to be long while i= n other situations it might be 30 encryption algorithms that is too long.= =C2=A0 If I want to send you a message and need to be sure that there is a = common enabled language then 30 encryption algorrithms is better.=C2=A0 On = the other hand trying to figure out a common algorithm for a message going = to 100 recipients where each has a different set of algorithms and in a dif= ferent ranking order and come up with the best one means even 3 can feel re= ally long.

The problem is not byte count as even 30 items at 10 bytes apiece is only 3= 00 bytes which relative to the rest of a signed MIME message is pretty smal= l.=C2=A0 The problem is the question of how to make a decision and the para= meters are different based on how that algorithm is implemented.

While the information can be cached, I don't know that it can be assure= d to be cached.=C2=A0 Additionally this might put a greater burden on the s= ender as it would need to know if the current configuration has been sent t= o a recipient.=C2=A0 It is easier to just always send the list.=C2=A0 Howev= er I cannot see that there is any requirements on the document on having se= nding the attribute just on receiving it.

I got it, but my point was that by havin= g a mandatory to implement cryptography document, would enable to have inte= r operable cryptographic primitives that evolve over time. Such document wi= ll provide the necessary overlaps. This is how we proceed with IKEv2 / IPse= c... but S/MIME may have different deployment considerations. =C2=A0 I see = your last comment you do not think that is useful. I am fine as long as I a= m sure you got my purpose..

>
> Note also that while we have some cryptographic recommendations for RS= A,
> I would have expected a table summarizing the cryptographic
> recommendations with other algorithms than RSA.

I don't know that adding a table is going to be useful.=C2=A0 Mu= ch of this information is not really designed to be put into a table unless= you are going to footnote the heck out of it which kind of defeats the pro= cess.=C2=A0 This information is scattered through out the document, but it = tries to be in the right place for a specific field.


I agree with you point. H= owever, I believe that a mandatory to implement guidance section or documen= t would be helpful to specify which crypto is mandatory and the status of t= he other algorithms. Evolution of the crypto may address another scope than= the protocol description and might be another document. =C2=A0 Again this = is addressed by your last comment.
>
> 2.5.3.=C2=A0 Encryption Key Preference Attribute
>
>=C2=A0 This attribute is designed to
>=C2=A0 =C2=A0 enhance behavior for interoperating with those clients th= at use
>=C2=A0 =C2=A0 separate keys for encryption and signing.
>
> Maybe that would be good to position this attribute versus the keyusag= e
> when certificate are used to split the usage of each keys. I am wonder= ing if a
> recommendation could be state on whether one or both means should be > used and if one overwrite the other.=C2=A0 A preference may still be u= seful to
> indicate a preference when multiple keys for a given role are availabl= e. Is key
> management a relevant usage for preference ?
>
> I understand that Signing Time is being used to update the preferred > keys as one way to performed key roll over.

While there is some similarity between key usage and this attribute,= the attribute is more general and allows for things which are not necessar= ily mentioned here.=C2=A0 As an example, one could send different certifica= tes with different algorithms or key sizes and express a preference on whic= h certificate to use.=C2=A0 It may be that the names between the signing ce= rtificate and encryption key certificate are not the same, in that case whi= ch should be used.=C2=A0 =C2=A0 I think that this is covered in the introdu= ction and a reference to key usage is not really helpful.

The response clarifies my question thank= s.=C2=A0
>
>
> 3.1.=C2=A0 Preparing the MIME Entity for Signing, Enveloping, or Compr= essing
>
>=C2=A0 A MIME entity can be a sub-
>=C2=A0 =C2=A0 part, sub-parts of a message, or the whole message with a= ll its sub-
>=C2=A0 =C2=A0 parts.
>
> I am wondering if "a subpart, many subparts or ..." would no= t be clearer.

I don't see this as being clearer.

>
> I understand that "message" in the first paragraph is used a= s the MIME
> message and in other words, the message is not designating the mail. I= am
> reading message as MIME multi-part message and the MIME entities as a<= br> > subset of MIME headers and parts of MIME multi-part message. Similarly=
> MIME body would be the MIME multi-part message.=C2=A0 Is that correct = ? I
> believe the terminology paragraph could be clarified.

There is no requirement that message be multi-part, it could be a si= ngle-part message such as text/plain.=C2=A0 However that is generally corre= ct.=C2=A0 How do you believe that the text can be clarified.=C2=A0 Specific= text would be helpful.

I believe that = replacing message by MIME message would clarify the difference between the = message of the email. Then clarifying that MIME message is composed of MIME= entities.

Here is what I would propose:

S/MIME is used to secure MIME entities. A MIME message=
 is composed of a 
MIME header and a MIME body, which both can be consti= tuted of a single
part or of multiple parts. Any of these parts is desi= gnated as a MIME message part.
A MIME entity can be a sub- part, sub-parts of a MIME message, or the whole Mime message with all it= s sub- parts. A MIME entity that is the whole MIME message includes only the MIME message headers and MIME body, and does not include the RFC-822 header. Note that S/MIME can also be used to secure MIME entities used in applications other than Internet mail. If protection of the RFC-822 header is req= uired, the use of the message/rfc822 media type is explained later in this section.


=C2=A0
=C2=A0

>
>
>=C2=A0 It is
>=C2=A0 =C2=A0 RECOMMENDED that a distinction be made between the locati= on of the
>=C2=A0 =C2=A0 header.
>
> I believe the purpose is to make a distinction between "protected= " and
> 'unprotected' to the end user. I would thus keep this distinct= ion even though
> this translates into 'inner' / 'outer'.

The problem of how to do this has been a topic of many discussions w= ithout ever getting to a conclusion.=C2=A0 One of the problems is that prot= ected can mean some different things depending on how you protect the heade= rs.=C2=A0 For example, one could have a multipart/mixed message with two se= ctions each of which consists of an encrypted message.=C2=A0 If each of tho= se has different protected headers in them then, while the difference betwe= en inner and outer makes sense as that is part of the tree structure, which= set of protected headers now needs to be dealt with.

Thanks for the explanation. I agree. =C2=A0
>
>
> 3.3.=C2=A0 Creating an Enveloped-Only Message
>
>
> A sample message would be:
>
>=C2=A0 =C2=A0 Content-Type: application/pkcs7-mime; name=3Dsmime.p7m; >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 smime-type=3Denveloped-data >
> Shouldn't we use an OID instead of data for the example ?

I don't know what you are trying to ask here.=C2=A0

I though of specifying an OID instead of using dat= a, but I agree that data is preferred.
=C2=A0

>
>
>
> 3.4.=C2=A0 Creating an Authenticated Enveloped-Only Message
>
> I believe the word "proof" is missing.
>
>=C2=A0 It is important to note that
>=C2=A0 =C2=A0 sending authenticated enveloped messages does not provide= for
>=C2=A0 =C2=A0 origination when using S/MIME.
>
> Maybe we should specify that this is especially true when multiple rec= ipients
> are involved.

done

>
> 3.5.3.=C2=A0 Signing Using the multipart/signed Format
>
>=C2=A0 The first part contains
>=C2=A0 =C2=A0 the MIME entity that is signed; the second part contains = the
>=C2=A0 =C2=A0 "detached signature" CMS SignedData object in w= hich the
>=C2=A0 =C2=A0 encapContentInfo eContent field is absent.
>
> I believe it would be good to specify parts are ordered as this is not= always
> the case of parts. What is unclear to me is why the second part is sep= arated
> by a boundary usually used to separate parts. It seems boundary can al= so be
> used as boundary inside a part which seems to make part parsing harder= .

The order is part of the definition of multipart/signed.

In the definition of multipart/*, the rules require that the boundary strin= g not exist within any of the different child body parts.=C2=A0 This means = that it can be used to uniquely distinguish the boundaries.

Agree. Thanks for the clarification.=C2=A0
<= blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px= #ccc solid;padding-left:1ex">
>
>
>
> 3.5.3.2.=C2=A0 Creating a multipart/signed Message
>
>=C2=A0 =C2=A0 =C2=A0Algorithm Value Used
>=C2=A0 =C2=A0 =C2=A0MD5=C2=A0 =C2=A0 =C2=A0 =C2=A0md5
>=C2=A0 =C2=A0 =C2=A0SHA-1=C2=A0 =C2=A0 =C2=A0sha-1
>=C2=A0 =C2=A0 =C2=A0SHA-224=C2=A0 =C2=A0sha-224
>=C2=A0 =C2=A0 =C2=A0SHA-256=C2=A0 =C2=A0sha-256
>=C2=A0 =C2=A0 =C2=A0SHA-384=C2=A0 =C2=A0sha-384
>=C2=A0 =C2=A0 =C2=A0SHA-512=C2=A0 =C2=A0sha-512
>=C2=A0 =C2=A0 =C2=A0Any other (defined separately in algorithm profile = or "unknown" if
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0not defined)
>
>
> Should we have any recommendations on the hash algorithm to be used by=
> sender / receivers ? Is that possible to deprecate MD5, SHA-1 and
> SHA-224 for senders ?

The recommendations on which algorithms to use is part of the signat= ure algorithm recommendations.=C2=A0 This is a different table and removing= items would be potentially harmful.

I am reading this as new implementations= should still implement MD5. If so, I believe an explanation might be usefu= l.=C2=A0
=C2=A0
>
>
> 3.7.=C2=A0 Multiple Operations
>
> Would it be recommended to have signed clear text than encrypted and > then signed encrypted=C2=A0 ? This seems to address all security conce= rns.

There are a large number of security concerns that have been uncover= ed with each of the different orders of operations.=C2=A0 Part of the quest= ion is going to be what concern are you trying to address and what are the = informal rules about this.=C2=A0 I don't think at this point we can rea= lly give an order, however RFC 2634 does have some guidance.

Correct. Maybe it would be useful the section referen= ces ESS for further recommendations. But I agree the reference has been men= tioned earlier.

>
> 3.9.=C2=A0 Registration Requests
>
> Should we mention DANE rfc8162 as a way to register you public key ?
I don't think so, we don=E2=80=99t ever talk about how to find k= eys in the document.

Agree ;-)

>
> 4.=C2=A0 Certificate Processing
>
> EdDSA Signatures recommendations for curve25519 and curve448 seems to<= br> > be missing in the key pair generating , signature section. Are there a= ny
> reasons not to consider these curves ?
>
> May be useful to have the following references:
> [1] https://datatracker= .ietf.org/doc/draft-ietf-curdle-cms-eddsa-signatures/
> [2] https://datatracker.ietf.org/d= oc/draft-ietf-curdle-pkix/

Should have had [1] as a reference, the reference was there but not = the pointer to it.
The second would be referenced in rfc5750-bis not here.

>
> 6.=C2=A0 Security Considerations
>
> I am wondering if any considerations should be provided for data at re= st.
> Does the email needs to be archived encrypted or not and whether S/MIM= E
> can be used to store encrypted content. I believe that email should no= t be
> stored encrypted and as such S/MIME is only intended to
> protect mails in transit....=C2=A0 but I might be wrong.

I believe you to be wrong.=C2=A0 There are no problems w/ using S/MI= ME as a data at rest protection scheme.=C2=A0 The question of storing messa= ges as encrypted or not is something that different clients have dealt with= in different ways.=C2=A0 The client I use leaves things encrypted which I = consider to be the correct answer.

I see why... if there are no clear rules= , it might be better to leave it as it is. I agree.
=C2=A0
>
> As a general comment I would have like a table that summarizes or expl= icitly
> mention what crypto is recommended for encrypting / signing.
> RSA is being discussed, but ECDSA EdDSA, ECDH, hash... are not. I beli= eve
> such tables should be updated regularly to deprecate=C2=A0 and introdu= ce new
> algorithms while leaving S/MIME unchanged.

To do this would require that the algorithms be maintained in a sepa= rate document.=C2=A0 As above, I don't think a separate table adds to c= larity as it duplicates information and would be hard to write.

>
> There are a lot of double space in the text.
>


Ji= m


_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

--000000000000f284ee056bf019b1-- From nobody Sun May 13 20:49:03 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 98A8C12946D; Sun, 13 May 2018 20:48:51 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Joseph Salowey To: Cc: iesg@ietf.org, payload@ietf.org, draft-ietf-payload-rtp-vc2hq.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.80.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152626973155.10254.510935141360676360@ietfa.amsl.com> Date: Sun, 13 May 2018 20:48:51 -0700 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-payload-rtp-vc2hq-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2018 03:48:52 -0000 Reviewer: Joseph Salowey Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is the document is ready. The security considerations seem well thought out and are follow the guidelines of RFC7202 for RTP payload definitions. I like the fact that it includes some information on possible implementation pitfalls. Cheers, Joe From nobody Mon May 14 07:05:52 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 863D912D80F; Mon, 14 May 2018 07:04:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1526306662; bh=RtZdwR2/Bd4Y3qNMzxvFWdBdSfqDZyvPJaQbRwyF45g=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=zC0GYe92HHT5+RjNlg3HGDbTQOhYrnLoBzOLngcSjqr/WfPhx/hrFlLZK8JjwhiIO 9FKNci6bQsz9A6IBbdJKrPTQTvMEcbbXVMsW0biKpNVKQWe5m4m5QyVgPiNVxRxll0 TPVXgglgRBWQS5LAQClbUjk0mbQrB+252eB2mMvY= X-Mailbox-Line: From new-work-bounces@ietf.org Mon May 14 07:04:21 2018 Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1088512E889; Mon, 14 May 2018 07:04:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1526306661; bh=RtZdwR2/Bd4Y3qNMzxvFWdBdSfqDZyvPJaQbRwyF45g=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=aTla9V7CYVOu57DTGcucbl8lS0kSqOqmwvrtc8YTIZDr2xGiaa5fMmwRdcmmbPqqP 71rAl8nENKLqCZkgUFQxmKSZRWN1XQ5od57fD0kVyC/YQtZ1fE+W8NfD+/xsP1DlQ+ 8cjshTYxlVSFBrRkYPlDHFD/Rg4vA4rqE09BLDUI= X-Original-To: new-work@ietf.org Delivered-To: new-work@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 64D4B12D87B for ; Mon, 14 May 2018 07:04:18 -0700 (PDT) MIME-Version: 1.0 From: The IESG To: X-Test-IDTracker: no X-IETF-IDTracker: 6.80.0 Auto-Submitted: auto-generated Precedence: bulk MIME-Version: 1.0 Reply_to: Message-ID: <152630665840.10130.3108627350220292581.idtracker@ietfa.amsl.com> Date: Mon, 14 May 2018 07:04:18 -0700 Archived-At: X-BeenThere: new-work@ietf.org X-Mailman-Version: 2.1.22 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: new-work-bounces@ietf.org Sender: "new-work" Archived-At: X-Mailman-Approved-At: Mon, 14 May 2018 07:05:51 -0700 Subject: [secdir] [new-work] WG Review: Messaging Layer Security (mls) X-BeenThere: secdir@ietf.org List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2018 14:04:25 -0000 A new IETF WG has been proposed in the Security Area. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2018-05-23. Messaging Layer Security (mls) ----------------------------------------------------------------------- Current status: Proposed WG Chairs: Nick Sullivan Sean Turner Assigned Area Director: Benjamin Kaduk Security Area Directors: Eric Rescorla Benjamin Kaduk Mailing list: Address: mls@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/mls Archive: https://mailarchive.ietf.org/arch/browse/mls/ Group page: https://datatracker.ietf.org/group/mls/ Charter: https://datatracker.ietf.org/doc/charter-ietf-mls/ Several Internet applications have a need for group key establishment and message protection protocols with the following properties: o Message Confidentiality - Messages can only be read by members of the group o Message Integrity and Authentication - Each message has been sent by an authenticated sender, and has not been tampered with o Membership Authentication - Each participant can verify the set of members in the group o Asynchronicity - Keys can be established without any two participants being online at the same time o Forward secrecy - Full compromise of a node at a point in time does not reveal past messages sent within the group o Post-compromise security - Full compromise of a node at a point in time does not reveal future messages sent within the group o Scalability - Resource requirements have good scaling in the size of the group (preferably sub-linear) Several widely-deployed applications have developed their own protocols to meet these needs. While these protocols are similar, no two are close enough to interoperate. As a result, each application vendor has had to maintain their own protocol stack and independently build trust in the quality of the protocol. The primary goal of this working group is to develop a standard messaging security protocol so that applications can share code, and so that there can be shared validation of the protocol (as there has been with TLS 1.3). It is not a goal of this group to enable interoperability/federation between messaging applications beyond the key establishment, authentication, and confidentiality services. Full interoperability would require alignment at many different layers beyond security, e.g., standard message transport and application semantics. The focus of this work is to develop a messaging security layer that different applications can adapt to their own needs. While authentication is a key goal of this working group, it is not the objective of this working group to develop new authentication technologies. Rather, the security protocol developed by this group will provide a way to leverage existing authentication technologies to associate identities with keys used in the protocol, just as TLS does with X.509. In developing this protocol, we will draw on lessons learned from several prior message-oriented security protocols, in addition to the proprietary messaging security protocols deployed within existing applications: o S/MIME - https://tools.ietf.org/html/rfc5751 o OpenPGP - https://tools.ietf.org/html/rfc4880 o Off the Record - https://otr.cypherpunks.ca/Protocol-v3-4.1.1.html o Signal - https://signal.org/docs/ The intent of this working group is to follow the pattern of TLS 1.3, with specification, implementation, and verification proceeding in parallel. By the time we arrive at RFC, we hope to have several interoperable implementations as well as a thorough security analysis. The specifications developed by this working group will be based on pre-standardization implementation and deployment experience, generalizing the design described in: o draft-omara-mls-architecture o draft-barnes-mls-protocol Note that consensus is required both for changes to the current protocol mechanisms and retention of current mechanisms. In particular, because something is in the initial document set does not imply that there is consensus around the feature or around how it is specified. Milestones: May 2018 - Initial working group documents for architecture and key management Sep 2018 - Initial working group document adopted for message protection Jan 2019 - Submit architecture document to IESG as Informational Jun 2019 - Submit key management protocol to IESG as Proposed Standard Sep 2019 - Submit message protection protocol to IESG as Proposed Standard _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work From nobody Mon May 14 10:29:57 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C19D0127076; Mon, 14 May 2018 10:29:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=tobias.gondrom@gondrom.org header.d=gondrom.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iAIsdueL_BA7; Mon, 14 May 2018 10:29:47 -0700 (PDT) Received: from gondrom.org (www.gondrom.org [5.35.241.16]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43395127010; Mon, 14 May 2018 10:29:47 -0700 (PDT) Received: from seraph (x4dbe7024.dyn.telefonica.de [77.190.112.36]) by gondrom.org (Postfix) with ESMTPSA id 9DEA7649A9; Mon, 14 May 2018 19:29:44 +0200 (CEST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=GOVXl2firbU3TIMLFOyeMivUHO4R5dgeh2SF+/b0jakpVhah0m7nxsenpHSPozGt2vTnIi/3Q2vs/6y3ukEBhkVlPPUMnyqbYq8O0LLP3c2JO5dNGJywF+WL1IuljyRd4oy1NB65pqzC5/L/FW3hHTVsQlIXtIkWbH3C1oRVdMk=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Mailer:Content-Language:Thread-Index; From: "Tobias Gondrom" To: , Cc: "'IETF Tokbind WG'" , "'Eric Rescorla'" , , Date: Mon, 14 May 2018 19:29:44 +0200 Message-ID: <025501d3eba9$2649d690$72dd83b0$@gondrom.org> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0256_01D3EBB9.E9D40620" X-Mailer: Microsoft Outlook 16.0 Content-Language: en-us Thread-Index: AdPrpfnLEwhpkOtGRqC2ZHR3OgjJ2w== Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-tokbind-https-15 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2018 17:29:50 -0000 This is a multipart message in MIME format. ------=_NextPart_000_0256_01D3EBB9.E9D40620 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Reviewer: Tobias Gondrom Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Overall the document looks good, ready to go. In my review, I did not find any material concerns with the document, and no nits. It is good that the security considerations part is quite detailed and reflects the main security risks. Additionally also appreciated that privacy considerations are also reasonably addressed in section 8. In case of this particular protocol time well spent to spell this out. Ready to release. Best regards, Tobias Ps.: apologies for my delay in sending out the review. ------=_NextPart_000_0256_01D3EBB9.E9D40620 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable

Reviewer: Tobias Gondrom

Review result: Ready

 

I have = reviewed this document as part of the security directorate's ongoing = effort to review all IETF documents being processed by the = IESG.

These comments were written = primarily for the benefit of the security area directors.  Document = editors and WG chairs should treat these comments just like any other = last call comments.

 

Overall the = document looks good, ready to go.

In = my review, I did not find any material concerns with the document, and = no nits.

It is good that the = security considerations part is quite detailed and reflects the main = security risks.

Additionally also = appreciated that privacy considerations are also reasonably addressed in = section 8. In case of this particular protocol time well spent to spell = this out.

 

Ready to release.

 

Best = regards, Tobias

 

 

Ps.: = apologies for my delay in sending out the review.

 

------=_NextPart_000_0256_01D3EBB9.E9D40620-- From nobody Thu May 17 06:30:11 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id ED9EF120713 for ; Thu, 17 May 2018 06:30:08 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.80.0 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secretary@mit.edu Message-ID: <152656380896.7672.3886008173421206605.idtracker@ietfa.amsl.com> Date: Thu, 17 May 2018 06:30:08 -0700 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 May 2018 13:30:09 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2018-05-24 Reviewer LC end Draft Radia Perlman 2018-04-20 draft-ietf-ccamp-microwave-framework-05 Tina Tsou 2018-02-26 draft-ietf-softwire-dslite-yang-15 For telechat 2018-06-07 Reviewer LC end Draft Vincent Roca 2018-05-21 draft-hakala-urn-nbn-rfc3188bis-00 Stefan Santesson 2018-05-14 draft-ietf-extra-specialuse-important-03 Melinda Shore 2018-05-30 draft-ietf-teas-yang-te-topo-15 Carl Wallace 2018-05-21 draft-ietf-httpbis-h2-websockets-05 David Waltermire 2018-05-21 draft-ietf-extra-imap-unauth-00 Last calls: Reviewer LC end Draft John Bradley 2018-04-18 draft-ietf-acme-acme-12 Daniel Gillmor 2018-03-19 draft-gutmann-scep-10 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Sandra Murphy 2018-04-24 draft-ietf-mmusic-sdp-simulcast-12 Robert Sparks 2018-05-25 draft-ietf-tsvwg-iana-dscp-registry-05 Takeshi Takahashi 2018-05-24 draft-ietf-spring-segment-routing-ldp-interop-11 Tina Tsou 2018-05-21 draft-ietf-v6ops-conditional-ras-04 Sean Turner 2018-05-21 draft-ietf-sfc-hierarchical-08 Samuel Weiler 2018-05-21 draft-ietf-bfd-multipoint-16 Early review requests: Reviewer Due Draft Daniel Franke 2018-01-31 draft-ietf-intarea-provisioning-domains-00 Ă“lafur GuĂ°mundsson 2018-01-09 draft-ietf-opsawg-nat-yang-09 Dan Harkins 2018-05-31 draft-ietf-dtn-bpsec-06 Next in the reviewer rotation: Brian Weis Klaas Wierenga Christopher Wood Paul Wouters Liang Xia Taylor Yu Dacheng Zhang Derek Atkins John Bradley Shaun Cooley From nobody Thu May 17 07:50:07 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B60FE127775; Thu, 17 May 2018 07:49:59 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Robert Sparks To: Cc: draft-ietf-tsvwg-iana-dscp-registry.all@ietf.org, ietf@ietf.org, tsvwg@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.80.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152656859955.7651.10624051963160660895@ietfa.amsl.com> Date: Thu, 17 May 2018 07:49:59 -0700 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-tsvwg-iana-dscp-registry-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 May 2018 14:50:00 -0000 Reviewer: Robert Sparks Review result: Ready Reviewer: Robert Sparks Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Ready for publication as Standards Track RFC This document is entirely about changing the IANA registration policies for part (pool 3) of the DSCP value registry. It is clearly written, and the instructions to IANA are detailed. The security considerations section appropriately notes that the document does not introduce new security considerations for the Internet. From nobody Thu May 17 19:03:41 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B189C126BF7; Thu, 17 May 2018 19:03:27 -0700 (PDT) X-Quarantine-ID: X-Virus-Scanned: amavisd-new at amsl.com X-Amavis-Alert: BAD HEADER SECTION, Improper folded header field made up entirely of whitespace (char 20 hex): References: ...9B0@VI1PR07MB3167.eurprd07.prod.outlook.com>\n X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YrX1OQ8uWtrI; Thu, 17 May 2018 19:03:25 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80EB1126BF3; Thu, 17 May 2018 19:03:25 -0700 (PDT) Received: from LHREML710-CAH.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 02FD99588A6DD; Fri, 18 May 2018 03:03:22 +0100 (IST) Received: from DGGEMA404-HUB.china.huawei.com (10.3.20.45) by LHREML710-CAH.china.huawei.com (10.201.108.33) with Microsoft SMTP Server (TLS) id 14.3.382.0; Fri, 18 May 2018 03:03:22 +0100 Received: from DGGEMA521-MBS.china.huawei.com ([169.254.5.75]) by DGGEMA404-HUB.china.huawei.com ([10.3.20.45]) with mapi id 14.03.0382.000; Fri, 18 May 2018 10:03:17 +0800 From: "Yemin (Amy)" To: Daniele Ceccarelli , Radia Perlman , "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" , The IESG , "secdir@ietf.org" CC: "ccamp@ietf.org" Thread-Topic: Secdir review of draft-ietf-ccamp-microwave-framework-05 Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQCADDFO8A== Date: Fri, 18 May 2018 02:03:16 +0000 Message-ID: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> References: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.169.30.234] Content-Type: multipart/alternative; boundary="_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74dggema521mbschi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2018 02:03:28 -0000 --_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74dggema521mbschi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgUmFkaWEsDQoNCldlIGp1c3QgdXBkYXRlZCB0aGUgZHJhZnQsIGh0dHBzOi8vZGF0YXRyYWNr ZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay8uDQpZ b3VyIGNvbW1lbnRzIGFyZSBhZGRyZXNzZWQgaW4gdGhlIGxhdGVzdCB2ZXJzaW9uLg0KDQpCUiwN CkFteQ0KRnJvbTogWWVtaW4gKEFteSkNClNlbnQ6IFRodXJzZGF5LCBNYXkgMTAsIDIwMTggNDow NyBQTQ0KVG86ICdEYW5pZWxlIENlY2NhcmVsbGknIDxkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nz b24uY29tPjsgUmFkaWEgUGVybG1hbiA8cmFkaWFwZXJsbWFuQGdtYWlsLmNvbT47IGRyYWZ0LWll dGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc7IFRoZSBJRVNH IDxpZXNnQGlldGYub3JnPjsgc2VjZGlyQGlldGYub3JnDQpTdWJqZWN0OiBSRTogU2VjZGlyIHJl dmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNCg0KSGkgUmFk aWEsDQoNClRoYW5rcyBmb3IgeW91ciByZXZpZXcuDQoNClJlZ2FyZGluZyB0aGUgTk1TIGFuZCBT RE4sIGFzIERhbmllbGUgc3VnZ2VzdGVkLCB3ZSB3aWxsIGFkZCB0aGUgZm9sbG93aW5nIHRleHQg aW4gc2VjdGlvbiAzOg0K4oCcSXQncyBub3RlZCB0aGF0IHRoZXJlJ3MgaWRlYSB0aGF0IHRoZSBO TVMgYW5kIFNETiBhcmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbXBvbmVudCwgYW5kIHRoZSBkaXN0 aW5jdGlvbiBiZXR3ZWVuIHRoZW0gaXMgcXVpdGUgdmFndWUuIEFub3RoZXIgZmFjdCBpcyB0aGF0 IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29u c2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUsIHdo aWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJv bCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25lbnQu4oCdDQoN ClJlZ2FyZGluZyB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBkcmFmdCBk b2VzbuKAmXQgc3BlY2lmeSB0aGUgcGFyYW1ldGVycy4NClRoZXJl4oCZcyBhbm90aGVyIGRyYWZ0 IGRyYWZ0LWlldGYtY2NhbXAtbXcteWFuZywgd2hlcmUgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRp b24gaXMgYWRkcmVzc2VkIGFzIHlvdSBzdWdnZXN0ZWQuDQoNCkJSLA0KQW15DQpGcm9tOiBEYW5p ZWxlIENlY2NhcmVsbGkgW21haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tXQ0K U2VudDogTW9uZGF5LCBNYXkgMDcsIDIwMTggNTo0NiBQTQ0KVG86IFJhZGlhIFBlcmxtYW4gPHJh ZGlhcGVybG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20+PjsgZHJh ZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWls dG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9y Zz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2Rp ckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVjdDogUkU6IFNlY2RpciBy ZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1DQoNCkhpIFJh ZGlhLA0KDQpsZXQgbWUgcmVwbHkgb24gYmVoYWxmIG9mIHRoZSBhdXRob3JzLiBGaXJzdCBvZiBh bGwgbWFueSB0aGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KDQpSZWdhcmRpbmcgeW91ciBxdWVzdGlv biBhYm91dCB0cmFkaXRpb25hbCBOTVMgdnMgU0ROIEkgYWdyZWUgd2l0aCB5b3Ugb24gdGhlIGZh Y3QgdGhhdCB0aGV5IGFyZSBldm9sdmluZyB0b3dhcmRzIGEgY29tbW9uIGNvbXBvbmVudCBhbmQg dGhlIGRpc3RpbmN0aW9uIGlzIHF1aXRlIGJsdXJyeSwgYnV0IHRoZXJlIGlzIHN0aWxsIHBsZW50 eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVt ZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXph dGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBh cmF0ZSB0aGluZ3MuDQoNCkhlbmNlLCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVhayBhYm91dCDigJx0 cmFkaXRpb25hbOKAnSBOTVMgYW5kIFNETiBJIHdvdWxkIHRlbmQgdG8gYWxsb3cgZm9yIHRoZSBk aXN0aW5jdGlvbiB0byBiZSBrZXB0LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBzcGVha2luZyBhYm91 dCB0aGUgY29udmVyZ2VuY2Ugb2YgdGhlIHR3byB0aGluZ3MgY2FuIGJlIGFkZGVkLg0KDQpUaGFu a3MgYSBsb3QNCkRhbmllbGUgIChjY2FtcCBjby1jaGFpcikNCg0KRnJvbTogUmFkaWEgUGVybG1h biBbbWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb21dDQpTZW50OiBsdW5lZMOsIDcgbWFnZ2lv IDIwMTggMDg6NTUNClRvOiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxs QHRvb2xzLmlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdv cmsuYWxsQHRvb2xzLmlldGYub3JnPjsgVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFpbHRvOmll c2dAaWV0Zi5vcmc+Pjsgc2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQpT dWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l d29yay0wNQ0KDQpTb3JyeS4uLnJlc2VuZGluZyBiZWNhdXNlIEkgbWlzdHlwZWQgdGhlIGF1dGhv ciBhZGRyZXNzLg0KDQoNCi0tLS0tLS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLQ0K RnJvbTogUmFkaWEgUGVybG1hbiA8cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTxtYWlsdG86cmFkaWFw ZXJsbWFuQGdtYWlsLmNvbT4+DQpEYXRlOiBTdW4sIE1heSA2LCAyMDE4IGF0IDExOjQ4IFBNDQpT dWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l d29yay0wNQ0KVG86IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxA dG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29y ay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc+LCBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86 aWVzZ0BpZXRmLm9yZz4+LCBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4N ClN1bW1hcnk6ICBObyBzZWN1cml0eSBpc3N1ZXMgZm91bmQsIGJ1dCBJIGRvIGhhdmUgcXVlc3Rp b25zLCBhbmQgdGhlcmUgYXJlIGVkaXRpbmcgZ2xpdGNoZXMNCg0KSSBoYXZlIHJldmlld2VkIHRo aXMgZG9jdW1lbnQgYXMgcGFydCBvZiB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUncyBvbmdvaW5n DQplZmZvcnQgdG8gcmV2aWV3IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkg dGhlIElFU0cuICBUaGVzZQ0KY29tbWVudHMgd2VyZSB3cml0dGVuIHByaW1hcmlseSBmb3IgdGhl IGJlbmVmaXQgb2YgdGhlIHNlY3VyaXR5IGFyZWENCmRpcmVjdG9ycy4gIERvY3VtZW50IGVkaXRv cnMgYW5kIFdHIGNoYWlycyBzaG91bGQgdHJlYXQgdGhlc2UgY29tbWVudHMganVzdA0KbGlrZSBh bnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1lbnRzLg0KDQpUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0 aGUgbWFuYWdlbWVudCBpbnRlcmZhY2UgZm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy4NCkl0IGFk dm9jYXRlcyAoY29ycmVjdGx5LCBJIGJlbGlldmUpIHRoYXQgc3VjaCBhbiBpbnRlcmZhY2Ugc2hv dWxkIGJlIGV4dGVuc2libGUgdG8gcHJvdmlkZSBmb3IgdmVuZG9yLXNwZWNpZmljIGZlYXR1cmVz Lg0KDQpJIGRvbid0IHVuZGVyc3RhbmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICJhIHRyYWRp dGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCBzeXN0ZW0iIGFuZCBTRE4uICBQZXJoYXBzIGl0IGlz IG5vdCB0aGUgam9iIG9mIHRoaXMgZG9jdW1lbnQgdG8gY2xlYXJseSBtYWtlIHRoZSBkaXN0aW5j dGlvbiwgYW5kIEkgc3VzcGVjdCB0aGVyZSBpcyBubyByZWFsIGRpc3RpbmN0aW9uLi4uc2V0dGlu ZyBwYXJhbWV0ZXJzICh0cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQpIGlzIGEgd2F5IG9m ICJwcm9ncmFtbWluZyIgYW4gaW50ZXJmYWNlICgiU0ROIikuDQoNClRoaXMgZG9jdW1lbnQgY291 bGQgdXNlIGFuIGVkaXRpbmcgcGFzcyBmb3IgZ2xpdGNoZXMsIGJ1dCB0aGVzZSBnbGl0Y2hlcyBk byBub3QgaW1wYWN0IGl0cyByZWFkYWJpbGl0eS4NCg0KVGhlIGdsaXRjaGVzIGNvbnNpc3QgIG1v c3RseSBvZiBsZWF2aW5nIG91dCBsaXR0bGUgd29yZHMgbGlrZSAib2YiIGluIHRoZSBmb2xsb3dp bmcgc2VudGVuY2UuDQoiVGhlIGFkb3B0aW9uIG9mIGFuIFNETiBmcmFtZXdvcmsgZm9yIG1hbmFn ZW1lbnQgYW5kDQogICBjb250cm9sIHRoZSBtaWNyb3dhdmUgaW50ZXJmYWNlIGlzIG9uZSBvZiB0 aGUga2V5IGFwcGxpY2F0aW9ucyBmb3INCiAgIHRoaXMgd29yay4iDQoNClRoZSBzZWN1cml0eSBj b25zaWRlcmF0aW9ucyBzYXkgdGhhdCB0aGV5IGFzc3VtZSBhIHNlY3VyZSB0cmFuc3BvcnQgbGF5 ZXIgKGF1dGhlbnRpY2F0ZWQsIHByb2JhYmx5IGVuY3J5cHRpb24gaXNuJ3QgbmVjZXNzYXJ5KSBm b3IgY29tbXVuaWNhdGlvbi4gIE90aGVyIHRoYW4gdGhhdCwgcGVyaGFwcywgdGhlcmUgbWlnaHQg YmUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgZm9yIGluYWR2ZXJ0ZW50bHkgc2V0dGluZyBwYXJh bWV0ZXJzIGluY29ycmVjdGx5LCBvciBtYWxpY2lvdXNseSBieSBhIHRydXN0ZWQgYWRtaW5pc3Ry YXRvci4gIEJ1dCB0aGlzIGRvY3VtZW50IGRvZXMgbm90IHNwZWNpZnkgdGhlIHNwZWNpZmljIHBh cmFtZXRlcnMgdG8gYmUgbWFuYWdlZCwganVzdCBhIGdlbmVyYWwgZnJhbWV3b3JrLg0KDQpSYWRp YQ0KDQoNCg== --_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74dggema521mbschi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 5a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtm b250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0 O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUg MiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOWui+S9kyI7DQoJ cGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0K cC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0K CW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5 OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNv LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVy bGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxl LXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5l O30NCnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0 eWxlLW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1y aWdodDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNt Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7 fQ0Kc3Bhbi5tNDEzMTM3NjcyODAzMTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21h aWwtbS01MDU3MDEwOTEyMTU3NzgyNTM0Z21haWwtaWwNCgl7bXNvLXN0eWxlLW5hbWU6bV80MTMx Mzc2NzI4MDMxMTY3MzA2Z21haWwtbV85MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbV8tNTA1NzAx MDkxMjE1Nzc4MjUzNGdtYWlsLWlsO30NCnNwYW4uaG9lbnpiDQoJe21zby1zdHlsZS1uYW1lOmhv ZW56Yjt9DQpzcGFuLkVtYWlsU3R5bGUyMA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglm b250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnNw YW4uRW1haWxTdHlsZTIxDQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5 OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0Kc3Bhbi5FbWFpbFN0eWxl MjINCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGli cmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28t c3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRT ZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzAuODVwdCAyLjBjbSAy LjBjbSAyLjBjbTt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0t Pjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0 PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUg bXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4 dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4N CjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4N CjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iY29sb3I6IzFGNDk3RCI+SGkgUmFkaWEsIDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29s b3I6IzFGNDk3RCI+V2UganVzdCB1cGRhdGVkIHRoZSBkcmFmdCwgPGEgaHJlZj0iaHR0cHM6Ly9k YXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3 b3JrLyI+DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLWNjYW1w LW1pY3Jvd2F2ZS1mcmFtZXdvcmsvPC9hPi4gPG86cD4NCjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+WW91ciBjb21tZW50 cyBhcmUgYWRkcmVzc2VkIGluIHRoZSBsYXRlc3QgdmVyc2lvbi4NCjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iY29sb3I6IzFGNDk3RCI+QlIsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkFteTxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlk ICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48Yj5Gcm9tOjwvYj4gWWVtaW4gKEFteSkgPGJyPg0KPGI+U2VudDo8L2I+IFRodXJz ZGF5LCBNYXkgMTAsIDIwMTggNDowNyBQTTxicj4NCjxiPlRvOjwvYj4gJ0RhbmllbGUgQ2VjY2Fy ZWxsaScgJmx0O2RhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb20mZ3Q7OyBSYWRpYSBQZXJs bWFuICZsdDtyYWRpYXBlcmxtYW5AZ21haWwuY29tJmd0OzsgZHJhZnQtaWV0Zi1jY2FtcC1taWNy b3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzsgVGhlIElFU0cgJmx0O2llc2dAaWV0 Zi5vcmcmZ3Q7OyBzZWNkaXJAaWV0Zi5vcmc8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUkU6IFNlY2Rp ciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFG NDk3RCI+SGkgUmFkaWEsIDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+VGhh bmtzIGZvciB5b3VyIHJldmlldy4gPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdE Ij5SZWdhcmRpbmcgdGhlIE5NUyBhbmQgU0ROLCBhcyBEYW5pZWxlIHN1Z2dlc3RlZCwgd2Ugd2ls bCBhZGQgdGhlIGZvbGxvd2luZyB0ZXh0IGluIHNlY3Rpb24gMzoNCjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj7i gJxJdCdzIG5vdGVkIHRoYXQgdGhlcmUncyBpZGVhIHRoYXQgdGhlIE5NUyBhbmQgU0ROIGFyZSBl dm9sdmluZyB0b3dhcmRzIGEgY29tcG9uZW50LCBhbmQgdGhlIGRpc3RpbmN0aW9uIGJldHdlZW4g dGhlbSBpcyBxdWl0ZSB2YWd1ZS4gQW5vdGhlciBmYWN0IGlzIHRoYXQgdGhlcmUgaXMgc3RpbGwg cGxlbnR5IG9mIG5ldHdvcmtzIHdoZXJlIE5NUyBpcyBzdGlsbA0KIGNvbnNpZGVyZWQgYXMgdGhl IGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lLCB3aGlsZSBTRE4gaXMgY29u c2lkZXJlZCBhcyB0aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUuIFRoZXkg YXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgY29tcG9uZW50LuKAnTxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iY29sb3I6IzFGNDk3RCI+UmVnYXJkaW5nIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9u cywgeWVzLCB0aGlzIGRyYWZ0IGRvZXNu4oCZdCBzcGVjaWZ5IHRoZSBwYXJhbWV0ZXJzLg0KPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNv bG9yOiMxRjQ5N0QiPlRoZXJl4oCZcyBhbm90aGVyIGRyYWZ0IGRyYWZ0LWlldGYtY2NhbXAtbXct eWFuZywgd2hlcmUgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb24gaXMgYWRkcmVzc2VkIGFzIHlv dSBzdWdnZXN0ZWQuDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkJSLDxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJj b2xvcjojMUY0OTdEIj5BbXk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdiBzdHls ZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4w cHQgMGNtIDBjbSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+RnJvbTo8L2I+IERhbmll bGUgQ2VjY2FyZWxsaSBbPGEgaHJlZj0ibWFpbHRvOmRhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nv bi5jb20iPm1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPC9hPl0NCjxicj4N CjxiPlNlbnQ6PC9iPiBNb25kYXksIE1heSAwNywgMjAxOCA1OjQ2IFBNPGJyPg0KPGI+VG86PC9i PiBSYWRpYSBQZXJsbWFuICZsdDs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNv bSI+cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOmRyYWZ0 LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmciPmRyYWZ0 LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+OyBU aGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciPmllc2dAaWV0Zi5vcmc8 L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciPnNlY2RpckBpZXRmLm9y ZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUkU6IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0 Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwv ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdl OkVOLVVTIj5IaSBSYWRpYSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPmxldCBtZSByZXBseSBvbiBiZWhhbGYg b2YgdGhlIGF1dGhvcnMuIEZpcnN0IG9mIGFsbCBtYW55IHRoYW5rcyBmb3IgeW91ciByZXZpZXcu PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6 RU4tVVMiPlJlZ2FyZGluZyB5b3VyIHF1ZXN0aW9uIGFib3V0IHRyYWRpdGlvbmFsIE5NUyB2cyBT RE4gSSBhZ3JlZSB3aXRoIHlvdSBvbiB0aGUgZmFjdCB0aGF0IHRoZXkgYXJlIGV2b2x2aW5nIHRv d2FyZHMgYSBjb21tb24gY29tcG9uZW50IGFuZCB0aGUgZGlzdGluY3Rpb24gaXMgcXVpdGUgYmx1 cnJ5LCBidXQgdGhlcmUgaXMgc3RpbGwgcGxlbnR5DQogb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlz IHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50 IHBsYW5lIHdoaWxlIFNETiB0aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUg YW5kIHRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgdGhpbmdzLjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1s YW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5IZW5jZSwg c2luY2UgdGhlIGF1dGhvcnMgc3BlYWsgYWJvdXQg4oCcdHJhZGl0aW9uYWzigJ0gTk1TIGFuZCBT RE4gSSB3b3VsZCB0ZW5kIHRvIGFsbG93IGZvciB0aGUgZGlzdGluY3Rpb24gdG8gYmUga2VwdC4g SWYgeW91IHByZWZlciBhIG5vdGUgc3BlYWtpbmcgYWJvdXQgdGhlIGNvbnZlcmdlbmNlIG9mIHRo ZSB0d28gdGhpbmdzIGNhbiBiZSBhZGRlZC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+VGhhbmtzIGEgbG90PG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0 LWxhbmd1YWdlOkVOLVVTIj5EYW5pZWxlJm5ic3A7IChjY2FtcCBjby1jaGFpcik8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVh c3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXYgc3R5 bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUgMS41cHQ7cGFkZGluZzowY20g MGNtIDBjbSA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRv cDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAwY20iPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PGI+RnJvbTo8L2I+IFJhZGlhIFBlcmxtYW4gWzxhIGhyZWY9Im1haWx0 bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tIj5tYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwv YT5dDQo8YnI+DQo8Yj5TZW50OjwvYj4gbHVuZWTDrCA3IG1hZ2dpbyAyMDE4IDA4OjU1PGJyPg0K PGI+VG86PC9iPiA8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJh bWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZyI+DQpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m cmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPC9hPjsgVGhlIElFU0cgJmx0OzxhIGhyZWY9Im1h aWx0bzppZXNnQGlldGYub3JnIj5pZXNnQGlldGYub3JnPC9hPiZndDs7DQo8YSBocmVmPSJtYWls dG86c2VjZGlyQGlldGYub3JnIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJyPg0KPGI+U3ViamVjdDo8 L2I+IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3Jr LTA1PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+U29ycnkuLi5yZXNlbmRpbmcgYmVjYXVz ZSBJIG1pc3R5cGVkIHRoZSBhdXRob3IgYWRkcmVzcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IklUIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij48c3BhbiBsYW5nPSJJVCI+ LS0tLS0tLS0tLSBGb3J3YXJkZWQgbWVzc2FnZSAtLS0tLS0tLS0tPGJyPg0KRnJvbTogPGI+UmFk aWEgUGVybG1hbjwvYj4gJmx0OzxhIGhyZWY9Im1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29t Ij5yYWRpYXBlcmxtYW5AZ21haWwuY29tPC9hPiZndDs8YnI+DQpEYXRlOiBTdW4sIE1heSA2LCAy MDE4IGF0IDExOjQ4IFBNPGJyPg0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRm LWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8YnI+DQpUbzogPGEgaHJlZj0ibWFpbHRvOmRy YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmci PmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5v cmc8L2E+LCBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciPmllc2dA aWV0Zi5vcmc8L2E+Jmd0OywNCjxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciPnNlY2Rp ckBpZXRmLm9yZzwvYT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1p bHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj5TdW1tYXJ5OiZu YnNwOyBObyBzZWN1cml0eSBpc3N1ZXMgZm91bmQsIGJ1dCBJIGRvIGhhdmUgcXVlc3Rpb25zLCBh bmQgdGhlcmUgYXJlIGVkaXRpbmcgZ2xpdGNoZXM8L3NwYW4+PHNwYW4gbGFuZz0iSVQiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n PSJJVCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj5JIGhh dmUgcmV2aWV3ZWQgdGhpcyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3Rv cmF0ZSdzIG9uZ29pbmc8YnI+DQplZmZvcnQgdG8mbmJzcDs8c3BhbiBjbGFzcz0ibTQxMzEzNzY3 MjgwMzExNjczMDZnbWFpbC1tOTAyNjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1 Nzc4MjUzNGdtYWlsLWlsIj5yZXZpZXc8L3NwYW4+Jm5ic3A7YWxsIElFVEYgZG9jdW1lbnRzIGJl aW5nIHByb2Nlc3NlZCBieSB0aGUgSUVTRy4mbmJzcDsgVGhlc2U8YnI+DQpjb21tZW50cyB3ZXJl IHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJlYTxi cj4NCmRpcmVjdG9ycy4mbmJzcDsgRG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3Vs ZCB0cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0PGJyPg0KbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxs IGNvbW1lbnRzLjwvc3Bhbj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQi PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIj5UaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0aGUgbWFu YWdlbWVudCBpbnRlcmZhY2UgZm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n PSJJVCI+SXQgYWR2b2NhdGVzIChjb3JyZWN0bHksIEkgYmVsaWV2ZSkgdGhhdCBzdWNoIGFuIGlu dGVyZmFjZSBzaG91bGQgYmUgZXh0ZW5zaWJsZSB0byBwcm92aWRlIGZvciB2ZW5kb3Itc3BlY2lm aWMgZmVhdHVyZXMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIj5J IGRvbid0IHVuZGVyc3RhbmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICZxdW90O2EgdHJhZGl0 aW9uYWwgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSZxdW90OyBhbmQgU0ROLiZuYnNwOyBQZXJo YXBzIGl0IGlzIG5vdCB0aGUgam9iIG9mIHRoaXMgZG9jdW1lbnQgdG8gY2xlYXJseSBtYWtlIHRo ZSBkaXN0aW5jdGlvbiwgYW5kIEkgc3VzcGVjdCB0aGVyZSBpcyBubyByZWFsIGRpc3RpbmN0aW9u Li4uc2V0dGluZw0KIHBhcmFtZXRlcnMgKHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCkg aXMgYSB3YXkgb2YgJnF1b3Q7cHJvZ3JhbW1pbmcmcXVvdDsgYW4gaW50ZXJmYWNlICgmcXVvdDtT RE4mcXVvdDspLiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJ VCI+VGhpcyBkb2N1bWVudCBjb3VsZCB1c2UgYW4gZWRpdGluZyBwYXNzIGZvciBnbGl0Y2hlcywg YnV0IHRoZXNlIGdsaXRjaGVzIGRvIG5vdCBpbXBhY3QgaXRzIHJlYWRhYmlsaXR5LjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IklUIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCI+VGhlIGdsaXRjaGVzIGNvbnNpc3Qm bmJzcDsgbW9zdGx5IG9mIGxlYXZpbmcgb3V0IGxpdHRsZSB3b3JkcyBsaWtlICZxdW90O29mJnF1 b3Q7IGluIHRoZSBmb2xsb3dpbmcgc2VudGVuY2UuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPiZxdW90O1Ro ZSBhZG9wdGlvbiBvZiBhbiBTRE4gZnJhbWV3b3JrIGZvciBtYW5hZ2VtZW50IGFuZDxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IklUIj4mbmJzcDsgJm5ic3A7Y29udHJvbCB0aGUgbWljcm93YXZlIGludGVyZmFjZSBp cyBvbmUgb2YgdGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yPG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPiZuYnNw OyAmbmJzcDt0aGlzIHdvcmsuJnF1b3Q7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IklUIj5UaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2F5IHRoYXQgdGhleSBhc3N1 bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChhdXRoZW50aWNhdGVkLCBwcm9iYWJseSBlbmNy eXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNvbW11bmljYXRpb24uJm5ic3A7IE90aGVyIHRo YW4gdGhhdCwgcGVyaGFwcywgdGhlcmUgbWlnaHQgYmUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMg Zm9yIGluYWR2ZXJ0ZW50bHkNCiBzZXR0aW5nIHBhcmFtZXRlcnMgaW5jb3JyZWN0bHksIG9yIG1h bGljaW91c2x5IGJ5IGEgdHJ1c3RlZCBhZG1pbmlzdHJhdG9yLiZuYnNwOyBCdXQgdGhpcyBkb2N1 bWVudCBkb2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVjaWZpYyBwYXJhbWV0ZXJzIHRvIGJlIG1hbmFn ZWQsIGp1c3QgYSBnZW5lcmFsIGZyYW1ld29yay48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImNv bG9yOiM4ODg4ODgiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0iY29sb3I6Izg4ODg4 OCI+UmFkaWE8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJjb2xvcjojODg4ODg4Ij48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IklUIj48bzpwPiZuYnNwOzwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwv aHRtbD4NCg== --_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74dggema521mbschi_-- From nobody Thu May 17 21:30:05 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0B23126DEE; Thu, 17 May 2018 21:29:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A3jkyTSUbXnN; Thu, 17 May 2018 21:29:54 -0700 (PDT) Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DCAA126D05; Thu, 17 May 2018 21:29:54 -0700 (PDT) Received: by mail-io0-x22c.google.com with SMTP id c9-v6so4673295iob.12; Thu, 17 May 2018 21:29:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Z6bvZ5h9cmf2cjLP34pLwFxhX17EHlRdiIvjnYYk8F4=; b=P8hWwBLY1X/PMpHLvQBNVzhJYdHepYPwyH0RbLnEDwLfnjjFZJzpv+HrUi4EMEvYDT 0Z5lRIAVHNDm9YHokmsJ7cQ9aZo8f/muCHJR+xhqfVwrkH7DhpUlomCo+ToufPK6Y7HP uk+jG+OsRc3D9B270hL11YTt1lJvZeiVuOK9ndifsT/DtKKnnT1UyUw8f7J7GaDp20PN 95Vas3oy4DCRD3PyOhzxLfuhSjqHrLIDWdx/Xnq2L6aNjRrCdU6huOpGJlGRTHJbCo6s eZY7P2WepFkhDU+S1Myx3pQvN5ACakNR9vuMoH5GNFYh8XHsRjk1CqLnIsfwbG+i6Sdo HauA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Z6bvZ5h9cmf2cjLP34pLwFxhX17EHlRdiIvjnYYk8F4=; b=YCFh8StS0i+oQnfOB/KZcC1sOeeR3ydfqWaKpeYhzMy8/6SPXlmLFMQz9uFY0UsWGu gAObPzKUMtLHK+mPLpscYgBgknuSrBxorl9zzehCYFUdu1tNuGb7wANIDwqH/EhpLcYf r41ikOnZKkA9QOtvXQYDI144U2orFx1nLM8/OjDFfTQzSc29Pre/iV5qCi8pV/WLXBgy inZ+YSLQeS+SzLZsRe4dX3IOiAJUDou+DzNfFKoC958NtozMVlewIXp2j4R4TlG8yiHL bN83DnlAyd6Y84xwTKOt5twQINn0LkiuwkvbaS7DOC4JvEgaZD1oWaYtzOYlv/G7zpPK PsBw== X-Gm-Message-State: ALKqPwcr+3w7GFG7fGnykWySgqkvHyOphOciT7XWAtlE0bHj30OLKEgT rbUaG+Q2pi96qoXDqT/Gl3LsvrXsWTRVK/wQfoU= X-Google-Smtp-Source: AB8JxZoQZoHGuxkP5t1XIz50tZcvXBasQWQqvBBN1mmwZcsxbzLJ6mv3pOTEG8l3d7KyirwNJ5yjCKmznluRdycjcao= X-Received: by 2002:a6b:82a0:: with SMTP id m32-v6mr9114990ioi.56.1526617793861; Thu, 17 May 2018 21:29:53 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:2a02:0:0:0:0:0 with HTTP; Thu, 17 May 2018 21:29:53 -0700 (PDT) In-Reply-To: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> References: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> From: Radia Perlman Date: Thu, 17 May 2018 21:29:53 -0700 Message-ID: To: "Yemin (Amy)" Cc: Daniele Ceccarelli , "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" , The IESG , "secdir@ietf.org" , "ccamp@ietf.org" Content-Type: multipart/alternative; boundary="0000000000004f9df5056c73674d" Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2018 04:29:58 -0000 --0000000000004f9df5056c73674d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thank you! Though what you're suggesting is awkward English. Perhaps "We note that the distinction between NMS and SDN is not all that clear, and the two are evolving to be more and more similar." could replace the first sentence. I'm really not sure what you meant by "evolving toward a component", so perhaps I'm not capturing what you are intending to say. Radia On Thu, May 17, 2018 at 7:03 PM, Yemin (Amy) wrote: > Hi Radia, > > > > We just updated the draft, https://datatracker.ietf.org/ > doc/draft-ietf-ccamp-microwave-framework/. > > Your comments are addressed in the latest version. > > > > BR, > > Amy > > *From:* Yemin (Amy) > *Sent:* Thursday, May 10, 2018 4:07 PM > *To:* 'Daniele Ceccarelli' ; Radia > Perlman ; draft-ietf-ccamp-microwave- > framework.all@tools.ietf.org; The IESG ; secdir@ietf.org > *Subject:* RE: Secdir review of draft-ietf-ccamp-microwave-framework-05 > > > > Hi Radia, > > > > Thanks for your review. > > > > Regarding the NMS and SDN, as Daniele suggested, we will add the followin= g > text in section 3: > > =E2=80=9CIt's noted that there's idea that the NMS and SDN are evolving t= owards a > component, and the distinction between them is quite vague. Another fact = is > that there is still plenty of networks where NMS is still considered as t= he > implementation of the management plane, while SDN is considered as the > centralization of the control plane. They are still kept as separate > component.=E2=80=9D > > > > Regarding the security considerations, yes, this draft doesn=E2=80=99t sp= ecify the > parameters. > > There=E2=80=99s another draft draft-ietf-ccamp-mw-yang, where the securit= y > consideration is addressed as you suggested. > > > > BR, > > Amy > > *From:* Daniele Ceccarelli [mailto:daniele.ceccarelli@ericsson.com > ] > *Sent:* Monday, May 07, 2018 5:46 PM > *To:* Radia Perlman ; draft-ietf-ccamp-microwave- > framework.all@tools.ietf.org; The IESG ; secdir@ietf.org > *Subject:* RE: Secdir review of draft-ietf-ccamp-microwave-framework-05 > > > > Hi Radia, > > > > let me reply on behalf of the authors. First of all many thanks for your > review. > > > > Regarding your question about traditional NMS vs SDN I agree with you on > the fact that they are evolving towards a common component and the > distinction is quite blurry, but there is still plenty of networks where > NMS is still considered as the implementation of the management plane whi= le > SDN the centralization of the control plane and they are still kept as > separate things. > > > > Hence, since the authors speak about =E2=80=9Ctraditional=E2=80=9D NMS an= d SDN I would > tend to allow for the distinction to be kept. If you prefer a note speaki= ng > about the convergence of the two things can be added. > > > > Thanks a lot > > Daniele (ccamp co-chair) > > > > *From:* Radia Perlman [mailto:radiaperlman@gmail.com > ] > *Sent:* luned=C3=AC 7 maggio 2018 08:55 > *To:* draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG < > iesg@ietf.org>; secdir@ietf.org > *Subject:* Secdir review of draft-ietf-ccamp-microwave-framework-05 > > > > Sorry...resending because I mistyped the author address. > > > > > > ---------- Forwarded message ---------- > From: *Radia Perlman* > Date: Sun, May 6, 2018 at 11:48 PM > Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05 > To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org, The IESG = < > iesg@ietf.org>, secdir@ietf.org > > Summary: No security issues found, but I do have questions, and there ar= e > editing glitches > > > > I have reviewed this document as part of the security directorate's ongoi= ng > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments ju= st > like any other last call comments. > > > > This document describes the management interface for microwave radio link= s. > > It advocates (correctly, I believe) that such an interface should be > extensible to provide for vendor-specific features. > > > > I don't understand the difference between a "a traditional network > management system" and SDN. Perhaps it is not the job of this document t= o > clearly make the distinction, and I suspect there is no real > distinction...setting parameters (traditional network management) is a wa= y > of "programming" an interface ("SDN"). > > > > This document could use an editing pass for glitches, but these glitches > do not impact its readability. > > > > The glitches consist mostly of leaving out little words like "of" in the > following sentence. > > "The adoption of an SDN framework for management and > > control the microwave interface is one of the key applications for > > this work." > > > > The security considerations say that they assume a secure transport layer > (authenticated, probably encryption isn't necessary) for communication. > Other than that, perhaps, there might be security considerations for > inadvertently setting parameters incorrectly, or maliciously by a trusted > administrator. But this document does not specify the specific parameter= s > to be managed, just a general framework. > > > > Radia > > > > > --0000000000004f9df5056c73674d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thank you!=C2=A0 Though what you're suggesting is awkw= ard English.

Perhaps "We note that the distinction = between NMS and SDN is not all that clear, and the two are evolving to be m= ore and more similar." could replace the first sentence.=C2=A0 I'm= really not sure what you meant by "evolving toward a component",= so perhaps I'm not capturing what you are intending to say.

Radia

On Thu, May 17, 2018 at 7:03 P= M, Yemin (Amy) <amy.yemin@huawei.com> wrote:

Hi Radia,

=C2=A0

We just updated the dr= aft, https://datatracker.ietf.org/doc/draft-ietf-ccamp-microwave-frame= work/.

Your comments are addr= essed in the latest version.

=C2=A0

BR,

Amy

From: Yemin (Amy)
Sent: Thursday, May 10, 2018 4:07 PM
To: 'Daniele Ceccarelli' <daniele.ceccarelli@ericsson.com<= /a>>; Radia Perlman <radiaperlman@gmail.com>; draft-ietf-cc= amp-microwave-framework.all@tools.ietf.org; The IESG <iesg@ietf.org>; secdir@ietf.org
Subject: RE: Secdir review of draft-ietf-ccamp-microwave-framew= ork-05

=C2=A0

Hi Radia,

=C2=A0

Thanks for your review= .

=C2=A0

Regarding the NMS and = SDN, as Daniele suggested, we will add the following text in section 3:

=E2=80=9CIt's note= d that there's idea that the NMS and SDN are evolving towards a compone= nt, and the distinction between them is quite vague. Another fact is that t= here is still plenty of networks where NMS is still considered as the implementation of the management plane, while SDN is con= sidered as the centralization of the control plane. They are still kept as = separate component.=E2=80=9D

=C2=A0

Regarding the security= considerations, yes, this draft doesn=E2=80=99t specify the parameters.

There=E2=80=99s anothe= r draft draft-ietf-ccamp-mw-yang, where the security consideration is addre= ssed as you suggested.

=C2=A0

BR,

Amy

From: Daniele Ceccarelli [mailto:daniele.ceccarelli= @ericsson.com]
Sent: Monday, May 07, 2018 5:46 PM
To: Radia Perlman <radiaperlman@gmail.com>; draft-ietf-ccamp-microwave-framework.all@tools.ietf.= org; The IESG <ie= sg@ietf.org>; secdir@ietf.org Subject: RE: Secdir review of draft-ietf-ccamp-microwave-framew= ork-05

=C2=A0

Hi Radia,

=C2=A0

let me reply on behalf of the authors. First o= f all many thanks for your review.

=C2=A0

Regarding your question about traditional NMS = vs SDN I agree with you on the fact that they are evolving towards a common= component and the distinction is quite blurry, but there is still plenty of networks where NMS is still considered as the implementation of the man= agement plane while SDN the centralization of the control plane and they ar= e still kept as separate things.

=C2=A0

Hence, since the authors speak about =E2=80=9C= traditional=E2=80=9D NMS and SDN I would tend to allow for the distinction = to be kept. If you prefer a note speaking about the convergence of the two = things can be added.

=C2=A0

Thanks a lot

Daniele=C2=A0 (ccamp co-chair)

=C2=A0

From: Radia Perlman [mailto:radiaperlman@gmail.com]
Sent: luned=C3=AC 7 maggio 2018 08:55
To: draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG = <iesg@ietf.org>= ;; secdir@ietf.org Subject: Secdir review of draft-ietf-ccamp-microwave-framework-= 05

=C2=A0

Sorry...resending because I mistyp= ed the author address.

=C2=A0

=C2=A0

---= ------- Forwarded message ----------
From: Radia Perlman <radiaperlman@gmail.com>
Date: Sun, May 6, 2018 at 11:48 PM
Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05
To: draft-ietf-ccamp-microwave-framework-05.all@t= ools.ietf.org, The IESG <iesg@ietf.org>, secdir@ietf.org=

Summary:=C2=A0 No security i= ssues found, but I do have questions, and there are editing glitches=

=C2=A0

I have reviewed this documen= t as part of the security directorate's ongoing
effort to=C2=A0review= =C2=A0all IETF documents being processed by the IESG.=C2=A0 These
comments were written primarily for the benefit of the security area
directors.=C2=A0 Document editors and WG chairs should treat these comments= just
like any other last call comments.
=C2=A0=

=C2=A0

This document describes the manage= ment interface for microwave radio links.

It advocates (correctly, I believe= ) that such an interface should be extensible to provide for vendor-specifi= c features.

=C2=A0

I don't understand the differe= nce between a "a traditional network management system" and SDN.= =C2=A0 Perhaps it is not the job of this document to clearly make the disti= nction, and I suspect there is no real distinction...setting parameters (traditional network management) is a way of "programming&= quot; an interface ("SDN").=C2=A0

=C2=A0

This document could use an editing= pass for glitches, but these glitches do not impact its readability.

=C2=A0

The glitches consist=C2=A0 mostly = of leaving out little words like "of" in the following sentence.<= u>

"The adoption of an SDN frame= work for management and

=C2=A0 =C2=A0control the microwave= interface is one of the key applications for

=C2=A0 =C2=A0this work."

=C2=A0

The security considerations say th= at they assume a secure transport layer (authenticated, probably encryption= isn't necessary) for communication.=C2=A0 Other than that, perhaps, th= ere might be security considerations for inadvertently setting parameters incorrectly, or maliciously by a trusted administrator.= =C2=A0 But this document does not specify the specific parameters to be man= aged, just a general framework.

=C2= =A0

Radia

=C2= =A0

=C2=A0


--0000000000004f9df5056c73674d-- From nobody Thu May 17 23:12:55 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A09312711E; Thu, 17 May 2018 23:12:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IrszpX5St0u4; Thu, 17 May 2018 23:12:29 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5534012711A; Thu, 17 May 2018 23:12:29 -0700 (PDT) Received: from LHREML713-CAH.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id D8875FEE20363; Fri, 18 May 2018 07:12:25 +0100 (IST) Received: from DGGEMA405-HUB.china.huawei.com (10.3.20.46) by LHREML713-CAH.china.huawei.com (10.201.108.36) with Microsoft SMTP Server (TLS) id 14.3.382.0; Fri, 18 May 2018 07:12:25 +0100 Received: from DGGEMA521-MBS.china.huawei.com ([169.254.5.75]) by DGGEMA405-HUB.china.huawei.com ([10.3.20.46]) with mapi id 14.03.0382.000; Fri, 18 May 2018 14:12:23 +0800 From: "Yemin (Amy)" To: Radia Perlman CC: Daniele Ceccarelli , "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" , The IESG , "secdir@ietf.org" , "ccamp@ietf.org" Thread-Topic: Secdir review of draft-ietf-ccamp-microwave-framework-05 Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQCADDFO8P//o5aAgAChMpA= Date: Fri, 18 May 2018 06:12:22 +0000 Message-ID: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004FA1@dggema521-mbs.china.huawei.com> References: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> In-Reply-To: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.169.30.234] Content-Type: multipart/alternative; boundary="_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004FA1dggema521mbschi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2018 06:12:32 -0000 --_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004FA1dggema521mbschi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 ImV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVudCIgaXMgdG8gc2F5IHRoYXQgb25lIHNpbmdsZSBz b2Z0d2FyZSAodGhlIGNvbXBvbmVudCkgaGFzIHRoZSBmdW5jdGlvbmFsaXR5IG9mIGJvdGggTk1T IGFuZCBTRE4uDQpJZiB5b3UgdGhpbmsgaXTigJlzIG5vdCBjbGVhciBlbm91Z2gsIHdlIGNvdWxk IHJlcGxhY2Ugd2l0aCB3aGF0IHlvdSBzdWdnZXN0ZWQuDQoNCkFteQ0KRnJvbTogUmFkaWEgUGVy bG1hbiBbbWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb21dDQpTZW50OiBGcmlkYXksIE1heSAx OCwgMjAxOCAxMjozMCBQTQ0KVG86IFllbWluIChBbXkpIDxhbXkueWVtaW5AaHVhd2VpLmNvbT4N CkNjOiBEYW5pZWxlIENlY2NhcmVsbGkgPGRhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb20+ OyBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3Jn OyBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZz47IHNlY2RpckBpZXRmLm9yZzsgY2NhbXBAaWV0Zi5v cmcNClN1YmplY3Q6IFJlOiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93 YXZlLWZyYW1ld29yay0wNQ0KDQpUaGFuayB5b3UhICBUaG91Z2ggd2hhdCB5b3UncmUgc3VnZ2Vz dGluZyBpcyBhd2t3YXJkIEVuZ2xpc2guDQoNClBlcmhhcHMgIldlIG5vdGUgdGhhdCB0aGUgZGlz dGluY3Rpb24gYmV0d2VlbiBOTVMgYW5kIFNETiBpcyBub3QgYWxsIHRoYXQgY2xlYXIsIGFuZCB0 aGUgdHdvIGFyZSBldm9sdmluZyB0byBiZSBtb3JlIGFuZCBtb3JlIHNpbWlsYXIuIiBjb3VsZCBy ZXBsYWNlIHRoZSBmaXJzdCBzZW50ZW5jZS4gIEknbSByZWFsbHkgbm90IHN1cmUgd2hhdCB5b3Ug bWVhbnQgYnkgImV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVudCIsIHNvIHBlcmhhcHMgSSdtIG5v dCBjYXB0dXJpbmcgd2hhdCB5b3UgYXJlIGludGVuZGluZyB0byBzYXkuDQoNCg0KUmFkaWENCg0K T24gVGh1LCBNYXkgMTcsIDIwMTggYXQgNzowMyBQTSwgWWVtaW4gKEFteSkgPGFteS55ZW1pbkBo dWF3ZWkuY29tPG1haWx0bzphbXkueWVtaW5AaHVhd2VpLmNvbT4+IHdyb3RlOg0KSGkgUmFkaWEs DQoNCldlIGp1c3QgdXBkYXRlZCB0aGUgZHJhZnQsIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5v cmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay8uDQpZb3VyIGNvbW1l bnRzIGFyZSBhZGRyZXNzZWQgaW4gdGhlIGxhdGVzdCB2ZXJzaW9uLg0KDQpCUiwNCkFteQ0KRnJv bTogWWVtaW4gKEFteSkNClNlbnQ6IFRodXJzZGF5LCBNYXkgMTAsIDIwMTggNDowNyBQTQ0KVG86 ICdEYW5pZWxlIENlY2NhcmVsbGknIDxkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPG1h aWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPj47IFJhZGlhIFBlcmxtYW4gPHJh ZGlhcGVybG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20+PjsgZHJh ZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWls dG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9y Zz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2Rp ckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVjdDogUkU6IFNlY2RpciBy ZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1DQoNCkhpIFJh ZGlhLA0KDQpUaGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KDQpSZWdhcmRpbmcgdGhlIE5NUyBhbmQg U0ROLCBhcyBEYW5pZWxlIHN1Z2dlc3RlZCwgd2Ugd2lsbCBhZGQgdGhlIGZvbGxvd2luZyB0ZXh0 IGluIHNlY3Rpb24gMzoNCuKAnEl0J3Mgbm90ZWQgdGhhdCB0aGVyZSdzIGlkZWEgdGhhdCB0aGUg Tk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBjb21wb25lbnQsIGFuZCB0aGUgZGlz dGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZhZ3VlLiBBbm90aGVyIGZhY3QgaXMgdGhh dCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNv bnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lLCB3 aGlsZSBTRE4gaXMgY29uc2lkZXJlZCBhcyB0aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNvbnRy b2wgcGxhbmUuIFRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgY29tcG9uZW50LuKAnQ0K DQpSZWdhcmRpbmcgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zLCB5ZXMsIHRoaXMgZHJhZnQg ZG9lc27igJl0IHNwZWNpZnkgdGhlIHBhcmFtZXRlcnMuDQpUaGVyZeKAmXMgYW5vdGhlciBkcmFm dCBkcmFmdC1pZXRmLWNjYW1wLW13LXlhbmcsIHdoZXJlIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0 aW9uIGlzIGFkZHJlc3NlZCBhcyB5b3Ugc3VnZ2VzdGVkLg0KDQpCUiwNCkFteQ0KRnJvbTogRGFu aWVsZSBDZWNjYXJlbGxpIFttYWlsdG86ZGFuaWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbV0N ClNlbnQ6IE1vbmRheSwgTWF5IDA3LCAyMDE4IDU6NDYgUE0NClRvOiBSYWRpYSBQZXJsbWFuIDxy YWRpYXBlcmxtYW5AZ21haWwuY29tPG1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tPj47IGRy YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8bWFp bHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5v cmc+OyBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+OyBzZWNk aXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4NClN1YmplY3Q6IFJFOiBTZWNkaXIg cmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpIaSBS YWRpYSwNCg0KbGV0IG1lIHJlcGx5IG9uIGJlaGFsZiBvZiB0aGUgYXV0aG9ycy4gRmlyc3Qgb2Yg YWxsIG1hbnkgdGhhbmtzIGZvciB5b3VyIHJldmlldy4NCg0KUmVnYXJkaW5nIHlvdXIgcXVlc3Rp b24gYWJvdXQgdHJhZGl0aW9uYWwgTk1TIHZzIFNETiBJIGFncmVlIHdpdGggeW91IG9uIHRoZSBm YWN0IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbW1vbiBjb21wb25lbnQgYW5k IHRoZSBkaXN0aW5jdGlvbiBpcyBxdWl0ZSBibHVycnksIGJ1dCB0aGVyZSBpcyBzdGlsbCBwbGVu dHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxl bWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lIHdoaWxlIFNETiB0aGUgY2VudHJhbGl6 YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUgYW5kIHRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2Vw YXJhdGUgdGhpbmdzLg0KDQpIZW5jZSwgc2luY2UgdGhlIGF1dGhvcnMgc3BlYWsgYWJvdXQg4oCc dHJhZGl0aW9uYWzigJ0gTk1TIGFuZCBTRE4gSSB3b3VsZCB0ZW5kIHRvIGFsbG93IGZvciB0aGUg ZGlzdGluY3Rpb24gdG8gYmUga2VwdC4gSWYgeW91IHByZWZlciBhIG5vdGUgc3BlYWtpbmcgYWJv dXQgdGhlIGNvbnZlcmdlbmNlIG9mIHRoZSB0d28gdGhpbmdzIGNhbiBiZSBhZGRlZC4NCg0KVGhh bmtzIGEgbG90DQpEYW5pZWxlICAoY2NhbXAgY28tY2hhaXIpDQoNCkZyb206IFJhZGlhIFBlcmxt YW4gW21haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tXQ0KU2VudDogbHVuZWTDrCA3IG1hZ2dp byAyMDE4IDA4OjU1DQpUbzogZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFs bEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3 b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzpp ZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0K U3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt ZXdvcmstMDUNCg0KU29ycnkuLi5yZXNlbmRpbmcgYmVjYXVzZSBJIG1pc3R5cGVkIHRoZSBhdXRo b3IgYWRkcmVzcy4NCg0KDQotLS0tLS0tLS0tIEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS0N CkZyb206IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVybG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlh cGVybG1hbkBnbWFpbC5jb20+Pg0KRGF0ZTogU3VuLCBNYXkgNiwgMjAxOCBhdCAxMTo0OCBQTQ0K U3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt ZXdvcmstMDUNClRvOiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxs QHRvb2xzLmlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdv cmstMDUuYWxsQHRvb2xzLmlldGYub3JnPiwgVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFpbHRv Omllc2dAaWV0Zi5vcmc+Piwgc2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+ DQpTdW1tYXJ5OiAgTm8gc2VjdXJpdHkgaXNzdWVzIGZvdW5kLCBidXQgSSBkbyBoYXZlIHF1ZXN0 aW9ucywgYW5kIHRoZXJlIGFyZSBlZGl0aW5nIGdsaXRjaGVzDQoNCkkgaGF2ZSByZXZpZXdlZCB0 aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2lu Zw0KZWZmb3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5 IHRoZSBJRVNHLiAgVGhlc2UNCmNvbW1lbnRzIHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9yIHRo ZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBhcmVhDQpkaXJlY3RvcnMuICBEb2N1bWVudCBlZGl0 b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3QNCmxpa2Ug YW55IG90aGVyIGxhc3QgY2FsbCBjb21tZW50cy4NCg0KVGhpcyBkb2N1bWVudCBkZXNjcmliZXMg dGhlIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGZvciBtaWNyb3dhdmUgcmFkaW8gbGlua3MuDQpJdCBh ZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1Y2ggYW4gaW50ZXJmYWNlIHNo b3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRvci1zcGVjaWZpYyBmZWF0dXJl cy4NCg0KSSBkb24ndCB1bmRlcnN0YW5kIHRoZSBkaWZmZXJlbmNlIGJldHdlZW4gYSAiYSB0cmFk aXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQgc3lzdGVtIiBhbmQgU0ROLiAgUGVyaGFwcyBpdCBp cyBub3QgdGhlIGpvYiBvZiB0aGlzIGRvY3VtZW50IHRvIGNsZWFybHkgbWFrZSB0aGUgZGlzdGlu Y3Rpb24sIGFuZCBJIHN1c3BlY3QgdGhlcmUgaXMgbm8gcmVhbCBkaXN0aW5jdGlvbi4uLnNldHRp bmcgcGFyYW1ldGVycyAodHJhZGl0aW9uYWwgbmV0d29yayBtYW5hZ2VtZW50KSBpcyBhIHdheSBv ZiAicHJvZ3JhbW1pbmciIGFuIGludGVyZmFjZSAoIlNETiIpLg0KDQpUaGlzIGRvY3VtZW50IGNv dWxkIHVzZSBhbiBlZGl0aW5nIHBhc3MgZm9yIGdsaXRjaGVzLCBidXQgdGhlc2UgZ2xpdGNoZXMg ZG8gbm90IGltcGFjdCBpdHMgcmVhZGFiaWxpdHkuDQoNClRoZSBnbGl0Y2hlcyBjb25zaXN0ICBt b3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxpa2UgIm9mIiBpbiB0aGUgZm9sbG93 aW5nIHNlbnRlbmNlLg0KIlRoZSBhZG9wdGlvbiBvZiBhbiBTRE4gZnJhbWV3b3JrIGZvciBtYW5h Z2VtZW50IGFuZA0KICAgY29udHJvbCB0aGUgbWljcm93YXZlIGludGVyZmFjZSBpcyBvbmUgb2Yg dGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yDQogICB0aGlzIHdvcmsuIg0KDQpUaGUgc2VjdXJpdHkg Y29uc2lkZXJhdGlvbnMgc2F5IHRoYXQgdGhleSBhc3N1bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxh eWVyIChhdXRoZW50aWNhdGVkLCBwcm9iYWJseSBlbmNyeXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkg Zm9yIGNvbW11bmljYXRpb24uICBPdGhlciB0aGFuIHRoYXQsIHBlcmhhcHMsIHRoZXJlIG1pZ2h0 IGJlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGZvciBpbmFkdmVydGVudGx5IHNldHRpbmcgcGFy YW1ldGVycyBpbmNvcnJlY3RseSwgb3IgbWFsaWNpb3VzbHkgYnkgYSB0cnVzdGVkIGFkbWluaXN0 cmF0b3IuICBCdXQgdGhpcyBkb2N1bWVudCBkb2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVjaWZpYyBw YXJhbWV0ZXJzIHRvIGJlIG1hbmFnZWQsIGp1c3QgYSBnZW5lcmFsIGZyYW1ld29yay4NCg0KUmFk aWENCg0KDQoNCg== --_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004FA1dggema521mbschi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 5a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtm b250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0 O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUg MiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOWui+S9kyI7DQoJ cGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0K cC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0K CW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5 OiJUaW1lcyBOZXcgUm9tYW4iLHNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7 bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVu ZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0 eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJs aW5lO30NCnNwYW4ubS02MTY2OTg1ODA0NjE1Mjc5MzY2bTQxMzEzNzY3MjgwMzExNjczMDZnbWFp bC1tOTAyNjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1Nzc4MjUzNGdtYWlsLWls DQoJe21zby1zdHlsZS1uYW1lOm1fLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3NjcyODAzMTE2 NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3NzgyNTM0 Z21haWwtaWw7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwt cmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6IzFGNDk3 RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250 LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6 ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcyLjBwdCA5MC4wcHQgNzIuMHB0IDkwLjBwdDt9 DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEt LVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlk bWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+ DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0 YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxi b2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9 IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29s b3I6IzFGNDk3RCI+JnF1b3Q7ZXZvbHZpbmcgdG93YXJkIGEgY29tcG9uZW50JnF1b3Q7IGlzIHRv IHNheSB0aGF0IG9uZSBzaW5nbGUgc29mdHdhcmUgKHRoZSBjb21wb25lbnQpIGhhcyB0aGUgZnVu Y3Rpb25hbGl0eSBvZiBib3RoIE5NUyBhbmQgU0ROLg0KPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPklmIHlv dSB0aGluayBpdOKAmXMgbm90IGNsZWFyIGVub3VnaCwgd2UgY291bGQgcmVwbGFjZSB3aXRoIHdo YXQgeW91IHN1Z2dlc3RlZC4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFG NDk3RCI+QW15PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OyxzYW5zLXNlcmlmIj5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj4gUmFkaWEg UGVybG1hbiBbbWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb21dDQo8YnI+DQo8Yj5TZW50Ojwv Yj4gRnJpZGF5LCBNYXkgMTgsIDIwMTggMTI6MzAgUE08YnI+DQo8Yj5Ubzo8L2I+IFllbWluIChB bXkpICZsdDthbXkueWVtaW5AaHVhd2VpLmNvbSZndDs8YnI+DQo8Yj5DYzo8L2I+IERhbmllbGUg Q2VjY2FyZWxsaSAmbHQ7ZGFuaWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbSZndDs7IGRyYWZ0 LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc7IFRoZSBJ RVNHICZsdDtpZXNnQGlldGYub3JnJmd0Ozsgc2VjZGlyQGlldGYub3JnOyBjY2FtcEBpZXRmLm9y Zzxicj4NCjxiPlN1YmplY3Q6PC9iPiBSZTogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNj YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj5UaGFuayB5b3UhJm5ic3A7IFRob3VnaCB3aGF0IHlvdSdyZSBzdWdnZXN0aW5nIGlz IGF3a3dhcmQgRW5nbGlzaC48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPlBlcmhhcHMgJnF1b3Q7V2Ugbm90ZSB0aGF0IHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVu IE5NUyBhbmQgU0ROIGlzIG5vdCBhbGwgdGhhdCBjbGVhciwgYW5kIHRoZSB0d28gYXJlIGV2b2x2 aW5nIHRvIGJlIG1vcmUgYW5kIG1vcmUgc2ltaWxhci4mcXVvdDsgY291bGQgcmVwbGFjZSB0aGUg Zmlyc3Qgc2VudGVuY2UuJm5ic3A7IEknbSByZWFsbHkgbm90IHN1cmUgd2hhdCB5b3UgbWVhbnQg YnkgJnF1b3Q7ZXZvbHZpbmcgdG93YXJkIGEgY29tcG9uZW50JnF1b3Q7LA0KIHNvIHBlcmhhcHMg SSdtIG5vdCBjYXB0dXJpbmcgd2hhdCB5b3UgYXJlIGludGVuZGluZyB0byBzYXkuPG86cD48L286 cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5SYWRpYTxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+T24gVGh1LCBNYXkgMTcsIDIwMTggYXQgNzowMyBQTSwgWWVtaW4gKEFteSkgJmx0 OzxhIGhyZWY9Im1haWx0bzphbXkueWVtaW5AaHVhd2VpLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmFt eS55ZW1pbkBodWF3ZWkuY29tPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8YmxvY2tx dW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtw YWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDow Y20iPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJj b2xvcjojMUY0OTdEIj5IaSBSYWRpYSwNCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9y OiMxRjQ5N0QiPldlIGp1c3QgdXBkYXRlZCB0aGUgZHJhZnQsDQo8YSBocmVmPSJodHRwczovL2Rh dGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdv cmsvIiB0YXJnZXQ9Il9ibGFuayI+DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9k cmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsvPC9hPi4gPC9zcGFuPg0KPG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0 OTdEIj5Zb3VyIGNvbW1lbnRzIGFyZSBhZGRyZXNzZWQgaW4gdGhlIGxhdGVzdCB2ZXJzaW9uLg0K PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHls ZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+QlIsPC9zcGFuPjxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFG NDk3RCI+QW15PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRl cjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAw Y20gMGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGI+RnJvbTo8L2I+IFllbWluIChBbXkp DQo8YnI+DQo8Yj5TZW50OjwvYj4gVGh1cnNkYXksIE1heSAxMCwgMjAxOCA0OjA3IFBNPGJyPg0K PGI+VG86PC9iPiAnRGFuaWVsZSBDZWNjYXJlbGxpJyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmRhbmll bGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb20iIHRhcmdldD0iX2JsYW5rIj5kYW5pZWxlLmNlY2Nh cmVsbGlAZXJpY3Nzb24uY29tPC9hPiZndDs7IFJhZGlhIFBlcmxtYW4gJmx0OzxhIGhyZWY9Im1h aWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tIiB0YXJnZXQ9Il9ibGFuayI+cmFkaWFwZXJsbWFu QGdtYWlsLmNvbTwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWlj cm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRy YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+ OyBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0iX2Js YW5rIj5pZXNnQGlldGYub3JnPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYu b3JnIiB0YXJnZXQ9Il9ibGFuayI+c2VjZGlyQGlldGYub3JnPC9hPjxicj4NCjxiPlN1YmplY3Q6 PC9iPiBSRTogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt ZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3Bh biBzdHlsZT0iY29sb3I6IzFGNDk3RCI+SGkgUmFkaWEsDQo8L3NwYW4+PG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj4mbmJz cDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0 eWxlPSJjb2xvcjojMUY0OTdEIj5UaGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KPC9zcGFuPjxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFG NDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+UmVnYXJkaW5nIHRoZSBOTVMgYW5kIFNETiwg YXMgRGFuaWVsZSBzdWdnZXN0ZWQsIHdlIHdpbGwgYWRkIHRoZSBmb2xsb3dpbmcgdGV4dCBpbiBz ZWN0aW9uIDM6DQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj7igJxJdCdzIG5vdGVkIHRoYXQgdGhlcmUncyBp ZGVhIHRoYXQgdGhlIE5NUyBhbmQgU0ROIGFyZSBldm9sdmluZyB0b3dhcmRzIGEgY29tcG9uZW50 LCBhbmQgdGhlIGRpc3RpbmN0aW9uIGJldHdlZW4gdGhlbSBpcyBxdWl0ZSB2YWd1ZS4gQW5vdGhl ciBmYWN0IGlzDQogdGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUg Tk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5h Z2VtZW50IHBsYW5lLCB3aGlsZSBTRE4gaXMgY29uc2lkZXJlZCBhcyB0aGUgY2VudHJhbGl6YXRp b24gb2YgdGhlIGNvbnRyb2wgcGxhbmUuIFRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUg Y29tcG9uZW50LuKAnTwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0 byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlJl Z2FyZGluZyB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBkcmFmdCBkb2Vz buKAmXQgc3BlY2lmeSB0aGUgcGFyYW1ldGVycy4NCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlRoZXJl4oCZ cyBhbm90aGVyIGRyYWZ0IGRyYWZ0LWlldGYtY2NhbXAtbXcteWFuZywgd2hlcmUgdGhlIHNlY3Vy aXR5IGNvbnNpZGVyYXRpb24gaXMgYWRkcmVzc2VkIGFzIHlvdSBzdWdnZXN0ZWQuDQo8L3NwYW4+ PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xv cjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5CUiw8L3NwYW4+PG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5B bXk8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7 Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAwY20i Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4gRGFuaWVsZSBDZWNjYXJlbGxp IFs8YSBocmVmPSJtYWlsdG86ZGFuaWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbSIgdGFyZ2V0 PSJfYmxhbmsiPm1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPC9hPl0NCjxi cj4NCjxiPlNlbnQ6PC9iPiBNb25kYXksIE1heSAwNywgMjAxOCA1OjQ2IFBNPGJyPg0KPGI+VG86 PC9iPiBSYWRpYSBQZXJsbWFuICZsdDs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWls LmNvbSIgdGFyZ2V0PSJfYmxhbmsiPnJhZGlhcGVybG1hbkBnbWFpbC5jb208L2E+Jmd0OzsNCjxh IGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRv b2xzLmlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+DQpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2 ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPC9hPjsgVGhlIElFU0cgJmx0OzxhIGhyZWY9 Im1haWx0bzppZXNnQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aWVzZ0BpZXRmLm9yZzwvYT4m Z3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNl Y2RpckBpZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUkU6IFNlY2RpciByZXZpZXcg b2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPkhpIFJhZGlhLDwv c3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj5sZXQgbWUgcmVwbHkgb24gYmVoYWxmIG9mIHRoZSBhdXRob3JzLiBGaXJz dCBvZiBhbGwgbWFueSB0aGFua3MgZm9yIHlvdXIgcmV2aWV3LjxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+UmVnYXJkaW5nIHlvdXIgcXVlc3Rpb24gYWJvdXQgdHJhZGl0aW9uYWwgTk1TIHZz IFNETiBJIGFncmVlIHdpdGggeW91IG9uIHRoZSBmYWN0IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcg dG93YXJkcyBhIGNvbW1vbiBjb21wb25lbnQgYW5kIHRoZSBkaXN0aW5jdGlvbiBpcyBxdWl0ZSBi bHVycnksIGJ1dCB0aGVyZQ0KIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMg aXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1l bnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFu ZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSB0aGluZ3MuPG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj5IZW5jZSwgc2luY2UgdGhlIGF1dGhvcnMgc3BlYWsgYWJvdXQg4oCc dHJhZGl0aW9uYWzigJ0gTk1TIGFuZCBTRE4gSSB3b3VsZCB0ZW5kIHRvIGFsbG93IGZvciB0aGUg ZGlzdGluY3Rpb24gdG8gYmUga2VwdC4gSWYgeW91IHByZWZlciBhIG5vdGUgc3BlYWtpbmcgYWJv dXQgdGhlIGNvbnZlcmdlbmNlIG9mIHRoZSB0d28NCiB0aGluZ3MgY2FuIGJlIGFkZGVkLjxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhhbmtzIGEgbG90PG86cD48L286cD48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPkRhbmllbGUmbmJzcDsgKGNjYW1wIGNvLWNoYWlyKTxvOnA+PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxk aXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUgMS41cHQ7cGFkZGlu ZzowY20gMGNtIDBjbSA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9y ZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAwY20iPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4gUmFkaWEgUGVybG1hbiBbPGEgaHJl Zj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdldD0iX2JsYW5rIj5tYWlsdG86 cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwvYT5dDQo8YnI+DQo8Yj5TZW50OjwvYj4gbHVuZWTDrCA3 IG1hZ2dpbyAyMDE4IDA4OjU1PGJyPg0KPGI+VG86PC9iPiA8YSBocmVmPSJtYWlsdG86ZHJhZnQt aWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZyIgdGFyZ2V0 PSJfYmxhbmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29s cy5pZXRmLm9yZzwvYT47IFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9y ZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0 bzpzZWNkaXJAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJy Pg0KPGI+U3ViamVjdDo8L2I+IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNy b3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+ PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPlNvcnJ5 Li4ucmVzZW5kaW5nIGJlY2F1c2UgSSBtaXN0eXBlZCB0aGUgYXV0aG9yIGFkZHJlc3MuPC9zcGFu PjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFu Zz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpw PjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bWFyZ2luLWJvdHRvbToxMi4wcHQiPjxzcGFuIGxhbmc9IklUIj4tLS0tLS0tLS0t IEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS08YnI+DQpGcm9tOiA8Yj5SYWRpYSBQZXJsbWFu PC9iPiAmbHQ7PGEgaHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdldD0i X2JsYW5rIj5yYWRpYXBlcmxtYW5AZ21haWwuY29tPC9hPiZndDs8YnI+DQpEYXRlOiBTdW4sIE1h eSA2LCAyMDE4IGF0IDExOjQ4IFBNPGJyPg0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBkcmFm dC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8YnI+DQpUbzogPGEgaHJlZj0ibWFp bHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0 Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l d29yay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+LCBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFp bHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5pZXNnQGlldGYub3JnPC9hPiZndDss DQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2VjZGly QGlldGYub3JnPC9hPjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0iZm9udC1zaXplOjkuNXB0O2ZvbnQtZmFt aWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzIyMjIyMiI+U3VtbWFyeTom bmJzcDsgTm8gc2VjdXJpdHkgaXNzdWVzIGZvdW5kLCBidXQgSSBkbyBoYXZlIHF1ZXN0aW9ucywg YW5kIHRoZXJlIGFyZSBlZGl0aW5nIGdsaXRjaGVzPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNw YW4gbGFuZz0iSVQiIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJp YWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj5JIGhhdmUgcmV2aWV3ZWQgdGhpcyBk b2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0ZSdzIG9uZ29pbmc8YnI+ DQplZmZvcnQgdG8mbmJzcDs8c3BhbiBjbGFzcz0ibS02MTY2OTg1ODA0NjE1Mjc5MzY2bTQxMzEz NzY3MjgwMzExNjczMDZnbWFpbC1tOTAyNjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkx MjE1Nzc4MjUzNGdtYWlsLWlsIj5yZXZpZXc8L3NwYW4+Jm5ic3A7YWxsIElFVEYgZG9jdW1lbnRz IGJlaW5nIHByb2Nlc3NlZCBieSB0aGUgSUVTRy4mbmJzcDsgVGhlc2U8YnI+DQpjb21tZW50cyB3 ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJl YTxicj4NCmRpcmVjdG9ycy4mbmJzcDsgRG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNo b3VsZCB0cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0PGJyPg0KbGlrZSBhbnkgb3RoZXIgbGFzdCBj YWxsIGNvbW1lbnRzLjwvc3Bhbj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5n PSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+VGhpcyBkb2N1bWVudCBkZXNjcmliZXMg dGhlIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGZvciBtaWNyb3dhdmUgcmFkaW8gbGlua3MuPC9zcGFu PjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48 c3BhbiBsYW5nPSJJVCI+SXQgYWR2b2NhdGVzIChjb3JyZWN0bHksIEkgYmVsaWV2ZSkgdGhhdCBz dWNoIGFuIGludGVyZmFjZSBzaG91bGQgYmUgZXh0ZW5zaWJsZSB0byBwcm92aWRlIGZvciB2ZW5k b3Itc3BlY2lmaWMgZmVhdHVyZXMuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3Bh biBsYW5nPSJJVCI+SSBkb24ndCB1bmRlcnN0YW5kIHRoZSBkaWZmZXJlbmNlIGJldHdlZW4gYSAm cXVvdDthIHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCBzeXN0ZW0mcXVvdDsgYW5kIFNE Ti4mbmJzcDsgUGVyaGFwcyBpdCBpcyBub3QgdGhlIGpvYiBvZiB0aGlzIGRvY3VtZW50IHRvIGNs ZWFybHkgbWFrZSB0aGUgZGlzdGluY3Rpb24sDQogYW5kIEkgc3VzcGVjdCB0aGVyZSBpcyBubyBy ZWFsIGRpc3RpbmN0aW9uLi4uc2V0dGluZyBwYXJhbWV0ZXJzICh0cmFkaXRpb25hbCBuZXR3b3Jr IG1hbmFnZW1lbnQpIGlzIGEgd2F5IG9mICZxdW90O3Byb2dyYW1taW5nJnF1b3Q7IGFuIGludGVy ZmFjZSAoJnF1b3Q7U0ROJnF1b3Q7KS4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8 L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPjxzcGFuIGxhbmc9IklUIj5UaGlzIGRvY3VtZW50IGNvdWxkIHVzZSBhbiBlZGl0aW5nIHBh c3MgZm9yIGdsaXRjaGVzLCBidXQgdGhlc2UgZ2xpdGNoZXMgZG8gbm90IGltcGFjdCBpdHMgcmVh ZGFiaWxpdHkuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+ VGhlIGdsaXRjaGVzIGNvbnNpc3QmbmJzcDsgbW9zdGx5IG9mIGxlYXZpbmcgb3V0IGxpdHRsZSB3 b3JkcyBsaWtlICZxdW90O29mJnF1b3Q7IGluIHRoZSBmb2xsb3dpbmcgc2VudGVuY2UuPC9zcGFu PjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48 c3BhbiBsYW5nPSJJVCI+JnF1b3Q7VGhlIGFkb3B0aW9uIG9mIGFuIFNETiBmcmFtZXdvcmsgZm9y IG1hbmFnZW1lbnQgYW5kPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7ICZuYnNwO2NvbnRyb2wg dGhlIG1pY3Jvd2F2ZSBpbnRlcmZhY2UgaXMgb25lIG9mIHRoZSBrZXkgYXBwbGljYXRpb25zIGZv cjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOyAmbmJzcDt0aGlzIHdvcmsuJnF1b3Q7PC9zcGFu PjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48 c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+VGhlIHNlY3VyaXR5IGNv bnNpZGVyYXRpb25zIHNheSB0aGF0IHRoZXkgYXNzdW1lIGEgc2VjdXJlIHRyYW5zcG9ydCBsYXll ciAoYXV0aGVudGljYXRlZCwgcHJvYmFibHkgZW5jcnlwdGlvbiBpc24ndCBuZWNlc3NhcnkpIGZv ciBjb21tdW5pY2F0aW9uLiZuYnNwOyBPdGhlciB0aGFuIHRoYXQsDQogcGVyaGFwcywgdGhlcmUg bWlnaHQgYmUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgZm9yIGluYWR2ZXJ0ZW50bHkgc2V0dGlu ZyBwYXJhbWV0ZXJzIGluY29ycmVjdGx5LCBvciBtYWxpY2lvdXNseSBieSBhIHRydXN0ZWQgYWRt aW5pc3RyYXRvci4mbmJzcDsgQnV0IHRoaXMgZG9jdW1lbnQgZG9lcyBub3Qgc3BlY2lmeSB0aGUg c3BlY2lmaWMgcGFyYW1ldGVycyB0byBiZSBtYW5hZ2VkLCBqdXN0IGEgZ2VuZXJhbCBmcmFtZXdv cmsuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImNvbG9yOiM4ODg4ODgiPiZuYnNwOzwvc3Bh bj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJjb2xvcjojODg4ODg4Ij5SYWRpYTwvc3Bhbj48bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxz cGFuIGxhbmc9IklUIiBzdHlsZT0iY29sb3I6Izg4ODg4OCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxv Y2txdW90ZT4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF004FA1dggema521mbschi_-- From nobody Thu May 17 23:52:06 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 636D8127599; Thu, 17 May 2018 23:51:51 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Stefan Santesson To: Cc: extra@ietf.org, draft-ietf-extra-specialuse-important.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.80.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152662631099.1578.5728747702102631057@ietfa.amsl.com> Date: Thu, 17 May 2018 23:51:51 -0700 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-extra-specialuse-important-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2018 06:51:52 -0000 Reviewer: Stefan Santesson Review result: Ready This document seems good to go from a security perspective. The security considerations section seems appropriate for this document. From nobody Fri May 18 00:17:52 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52F13127369; Fri, 18 May 2018 00:17:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.104 X-Spam-Level: X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z2iZ3b4eb3Yj; Fri, 18 May 2018 00:17:34 -0700 (PDT) Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2249127275; Fri, 18 May 2018 00:17:34 -0700 (PDT) Received: by mail-it0-x236.google.com with SMTP id n202-v6so11999914ita.1; Fri, 18 May 2018 00:17:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=1YIznKFma79tdd/LMorh1p5c8gEIQRI7t3X6sNt1Nvk=; b=A9IjMXtVZreQXjP+EPgb3O30cx4r4x8mU7RfmFbqxsxtOIbc/B9sD16hUKAEUlz7EM ANmyATuNRqgMuOan7w1pfoCwVUkQkDQvKamk5AhOLFOHTLPFFgeqwbrscZ/6AZ730xsR v6A+DtwfBg96CsI0sacDFCPtrHi+34qKBetxpKBfTdSwHBFaVz+Adx8RPAhxz0mL14DK DoSGtSQiPxOtFQ1pi712X3TqmHOy+gyVKnsesdqCiUo8Kd3xQyczFSSJX6Tjbl/gCYGK Y2PTyH0IvpkfT5GqnHiJKhKxUWNxJqDQlLtvGBxq10IFwyZvGQa1T0kqHT7bC1hhP/zE gxbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=1YIznKFma79tdd/LMorh1p5c8gEIQRI7t3X6sNt1Nvk=; b=NPpKAC0jEdGsenKh+zmznMNQE4GrB2frcZqllGdsYKdkEHKyWpwsWJTaIr7pdlBxs9 5CdYj7FXNQfGrVhX3D2BK0kBIVPc+DxX+q4j+Pg91YSa1VjXa7bzki0aHaFWdrJqsmqr XRDelr3B1YvrDX75EkoqYg53oGLdDXnNZnF/WxOLL97MDRz+CBljyHvfP4y4ik46oUpj ILdo/2yo61C27RNulu6wPt8PxhLpfmMN719eDrq+0/N1xUmXBlaXp+prh7JyU4BDu5qN fJRJn0Seb5hIKRJl8ZeBsN7GOPTJVlrzyUWGagt8zA5clLIP9teaofrRVHdhist10acM D/ZA== X-Gm-Message-State: ALKqPwe70gJsiqP+iHq+D8Q2/ObsKPpLR+20QvYqxx/N+6FX4z8UOhRG wOb3AGvG4CEOwGoMsDNwiiJvpXebp7xX7AMvAhuAWg== X-Google-Smtp-Source: AB8JxZodEgGgWN0CTmpqjErbajHWPvzb3dAhGDyFUDxbl/y90CuED56LzkNs8Vl4L6mKIV2oE5zpnXAIi41nZqfFhac= X-Received: by 2002:a24:4e8e:: with SMTP id r136-v6mr5779748ita.83.1526627853851; Fri, 18 May 2018 00:17:33 -0700 (PDT) MIME-Version: 1.0 Sender: barryleiba@gmail.com Received: by 10.192.142.169 with HTTP; Fri, 18 May 2018 00:17:33 -0700 (PDT) In-Reply-To: <152662631099.1578.5728747702102631057@ietfa.amsl.com> References: <152662631099.1578.5728747702102631057@ietfa.amsl.com> From: Barry Leiba Date: Fri, 18 May 2018 08:17:33 +0100 X-Google-Sender-Auth: jFJAegxlyBTVN6kg9L-dj-G5rTI Message-ID: To: Stefan Santesson Cc: secdir@ietf.org, extra@ietf.org, draft-ietf-extra-specialuse-important.all@ietf.org, IETF discussion list Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-extra-specialuse-important-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2018 07:17:38 -0000 Thanks for the review, Stefan. Barry On Fri, May 18, 2018 at 7:51 AM, Stefan Santesson wrote: > Reviewer: Stefan Santesson > Review result: Ready > > This document seems good to go from a security perspective. > > The security considerations section seems appropriate for this document. > -- Barry -- Barry Leiba (barryleiba@computer.org) http://internetmessagingtechnology.org/ From nobody Fri May 18 12:31:51 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45B1B12E056; Fri, 18 May 2018 12:30:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j8mD9u5MBLEK; Fri, 18 May 2018 12:30:50 -0700 (PDT) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0112.outbound.protection.outlook.com [104.47.1.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7B2E12DA25; Fri, 18 May 2018 12:30:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IHod2xLk+xRs79+69H8dXuYKqYy3ZmBViYnDggA8+Oc=; b=hMDdPMGAe9CFS/Ims3y4zI5npweNoQjROnfJmN9cyFd0SGI86xfDulRNdiOLesHTMgLOoxz75uyVaWSOidRlRZ+i0Z9jRcExBVKtqpIyuESbrU6eBsXlG6DR3jAKKbAu5/xPdRj7muZJyaY8YY/dTjWIqMvg+spj4/vqtPK/LHY= Received: from AM0PR07MB3844.eurprd07.prod.outlook.com (52.134.82.20) by AM0PR07MB3924.eurprd07.prod.outlook.com (52.134.82.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.797.5; Fri, 18 May 2018 19:30:41 +0000 Received: from AM0PR07MB3844.eurprd07.prod.outlook.com ([fe80::94aa:e7c1:4d51:f39c]) by AM0PR07MB3844.eurprd07.prod.outlook.com ([fe80::94aa:e7c1:4d51:f39c%2]) with mapi id 15.20.0797.005; Fri, 18 May 2018 19:30:41 +0000 From: "Rabadan, Jorge (Nokia - US/Mountain View)" To: Barry Leiba , "secdir@ietf.org" CC: "draft-ietf-bess-evpn-prefix-advertisement.all@ietf.org" , "ietf@ietf.org" , "bess@ietf.org" Thread-Topic: Secdir last call review of draft-ietf-bess-evpn-prefix-advertisement-10 Thread-Index: AQHT468OieSeFC4FkUqCsk23oE6256Q2FeCA Date: Fri, 18 May 2018 19:24:37 +0000 Message-ID: <96403E6F-5B94-4BBE-8E22-0077765F646A@nokia.com> References: <152544190809.11693.11790094151278701234@ietfa.amsl.com> In-Reply-To: <152544190809.11693.11790094151278701234@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.d.0.180513 x-originating-ip: [135.245.20.28] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM0PR07MB3924; 7:crKvxN5wfZAeBFuOJm4Q/PK+SSAGFcAGXf3cVtxZkCOaN1wAN1K6kZ8tTDKi/kWP+08EmUke4qgfdZsFkA/0HoH1ctxV94mcGGjyUvdEYAm9dPo4Zt6txuRLCaA8AvPWDwL26ibh9TYMFPnycWo/Wls/DjoXUxJ0RjAKhOzLGmtD0cle9pmuG8RXRmeD5OLfS2Y+PJysuboIAaF2Qj5IKGAuBdJjHX/Dx5tF00y72b5SpxOMKF1JPw+MVd2MFOSu x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:(109105607167333); BCL:0; PCL:0; RULEID:(7020095)(4652020)(8989080)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(8990040)(2017052603328)(7193020); SRVR:AM0PR07MB3924; x-ms-traffictypediagnostic: AM0PR07MB3924: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jorge.rabadan@nokia.com; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(138986009662008)(82608151540597)(85827821059158)(109105607167333)(95692535739014)(18271650672692)(97927398514766); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231254)(11241501184)(806099)(944501410)(52105095)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:AM0PR07MB3924; BCL:0; PCL:0; RULEID:; SRVR:AM0PR07MB3924; x-forefront-prvs: 0676F530A9 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(376002)(346002)(39860400002)(366004)(39380400002)(189003)(199004)(18374002)(13464003)(26005)(3280700002)(3660700001)(82746002)(186003)(68736007)(86362001)(66066001)(36756003)(446003)(6486002)(229853002)(97736004)(76176011)(478600001)(6506007)(53546011)(102836004)(3846002)(2906002)(6116002)(25786009)(6246003)(14454004)(4326008)(83716003)(54906003)(110136005)(58126008)(316002)(99286004)(106356001)(5890100001)(2501003)(5250100002)(105586002)(6436002)(305945005)(33656002)(8676002)(81156014)(81166006)(8936002)(6512007)(7736002)(53936002)(11346002)(486006)(5660300001)(6666003)(476003)(2616005)(2900100001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM0PR07MB3924; H:AM0PR07MB3844.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: ZLmHu2enz1tN+8DASYjTtQeVehBFlPq/rblgUGf0fmpUMZ26bUydTaQJ+KlipzO4EUqCuXDvQ+bGAZRGZ4e4maLnTAtaVpKKbY/u5SNj9lOCzzmsSeaG3BuIFUN+QrYVNbF0Cq2oNjkTZs9J1w83LUM4j6vENycKJuZDrUCzrOgvWx1Svv6nLrKmlVgUVsyxLAQ5JiaGIK2WQoX+1BWzmXHv03vn7P/9zLF9VLP1sGyOwEnAfUOUi0V5F+MU3W1F spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <9BAD6917DC8EDC488A6E81959F1AAB12@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: f578f84b-9a47-4a73-f28a-08d5bcf5d7d6 X-OriginatorOrg: nokia.com X-MS-Exchange-CrossTenant-Network-Message-Id: f578f84b-9a47-4a73-f28a-08d5bcf5d7d6 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2018 19:30:41.6180 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB3924 Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-bess-evpn-prefix-advertisement-10 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2018 19:30:59 -0000 SGkgQmFycnksDQoNClRoYW5rIHlvdSB2ZXJ5IG11Y2ggZm9yIHJldmlld2luZy4NCkkgYWRkcmVz c2VkIGFsbCB5b3VyIGNvbW1lbnRzLCBzZWUgYmVsb3cuDQpUaGFua3MgYSBidW5jaCENCkpvcmdl DQoNCg0K77u/LS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IEJhcnJ5IExlaWJhIDxi YXJyeWxlaWJhQGNvbXB1dGVyLm9yZz4NCkRhdGU6IEZyaWRheSwgTWF5IDQsIDIwMTggYXQgMzo1 MSBQTQ0KVG86ICJzZWNkaXJAaWV0Zi5vcmciIDxzZWNkaXJAaWV0Zi5vcmc+DQpDYzogImRyYWZ0 LWlldGYtYmVzcy1ldnBuLXByZWZpeC1hZHZlcnRpc2VtZW50LmFsbEBpZXRmLm9yZyIgPGRyYWZ0 LWlldGYtYmVzcy1ldnBuLXByZWZpeC1hZHZlcnRpc2VtZW50LmFsbEBpZXRmLm9yZz4sICJpZXRm QGlldGYub3JnIiA8aWV0ZkBpZXRmLm9yZz4sICJiZXNzQGlldGYub3JnIiA8YmVzc0BpZXRmLm9y Zz4NClN1YmplY3Q6IFNlY2RpciBsYXN0IGNhbGwgcmV2aWV3IG9mIGRyYWZ0LWlldGYtYmVzcy1l dnBuLXByZWZpeC1hZHZlcnRpc2VtZW50LTEwDQpSZXNlbnQtRnJvbTogPGFsaWFzLWJvdW5jZXNA aWV0Zi5vcmc+DQpSZXNlbnQtVG86IDxqb3JnZS5yYWJhZGFuQG5va2lhLmNvbT4sIDx3aW0uaGVu ZGVyaWNreEBub2tpYS5jb20+LCA8amRyYWtlQGp1bmlwZXIubmV0PiwgPHdsaW5AanVuaXBlci5u ZXQ+LCA8c2FqYXNzaUBjaXNjby5jb20+LCA8bWF0dGhldy5ib2NjaUBub2tpYS5jb20+LCA8c3Rl cGhhbmUubGl0a293c2tpQG9yYW5nZS5jb20+LCA8bWFydGluLnZpZ291cmV1eEBub2tpYS5jb20+ LCA8ZGIzNTQ2QGF0dC5jb20+LCA8YXJldGFuYS5pZXRmQGdtYWlsLmNvbT4sIFpoYW9odWkgWmhh bmcgPHp6aGFuZ0BqdW5pcGVyLm5ldD4sIDx6emhhbmdAanVuaXBlci5uZXQ+DQpSZXNlbnQtRGF0 ZTogRnJpZGF5LCBNYXkgNCwgMjAxOCBhdCAzOjUxIFBNDQoNCiAgICBSZXZpZXdlcjogQmFycnkg TGVpYmENCiAgICBSZXZpZXcgcmVzdWx0OiBIYXMgSXNzdWVzDQogICAgDQogICAgVGhlICJpc3N1 ZXMiIEkgY2FsbCBvdXQgYmVsb3cgYXJlIG1pbm9yLCBhbmQgaWYgdGhlIHdvcmtpbmcgZ3JvdXAg dGhpbmtzIHRoZXkNCiAgICBhcmVuJ3Qgd29ydGggZGVhbGluZyB3aXRoLCBJJ2xsIG5vdCBiZSBv ZmZlbmRlZCBub3IgbG9zZSBhbnkgc2xlZXAuDQogICAgDQogICAg4oCUIFNlY3Rpb24gMSDigJQN CiAgICBJ4oCZbSBzdXJlIHRoYXQgYWxsIHRoZXNlIHRlcm1zIGFyZSBkZWZpbmVkIGluIHRoZSBu b3JtYXRpdmUgcmVmZXJlbmNlcywgYW5kIOKAmXRpcw0KICAgIGEgc21hbGwgdGhpbmcsIGJ1dCBp dCB3b3VsZCBzdXJlIGhlbHAgYSBub24tZXhwZXJ0IHJlYWRlciBpZiB0aGlzIGxpc3Qgb2YgdGVy bXMNCiAgICBpbmNsdWRlZCwgZm9yIGVhY2ggdGVybSwgYSBjaXRhdGlvbiB0byB0aGUgUkZDIHRo YXQgZGVmaW5lcyBpdC4gIEkgaG9wZSB5b3XigJlsbA0KICAgIGNvbnNpZGVyIGFkZGluZyB0aGF0 OyB0aGFua3MuDQpbSk9SR0VdIEkgYWRkZWQgYSBmZXcgcmVmZXJlbmNlcy4gSG9wZSBpdCdzIGJl dHRlciBub3cuDQogICAgDQogICAgW0ZvbGxvdy11cDsgSSBmaW5hbGx5IGZvdW5kIOKAnFRlbmFu dCBTeXN0ZW3igJ0gZGVmaW5lZCBpbiBSRkMgNzM2NSwgd2hpY2ggaXMgbm90DQogICAgaW4geW91 ciByZWZlcmVuY2VzIGF0IGFsbC4gIFBsZWFzZSBkb27igJl0IG1ha2UgeW91ciByZWFkZXJzIHdv cmsgdGhhdCBoYXJkLCBhbmQNCiAgICBwbGVhc2UgY29uc2lkZXIgYmVlZmluZyB1cCB0aGUgcmVm ZXJlbmNlcyBhbmQgY2l0YXRpb25zIHRvIGRlZmluaXRpb25zLl0NCltKT1JHRV0gYWRkZWQgbm93 Lg0KICAgIA0KICAgIOKAlCBTZWN0aW9uIDIuMSDigJQNCiAgICANCiAgICAgICBJZiB0aGUgdGVy bSBUZW5hbnQgU3lzdGVtIChUUykgaXMgdXNlZCB0byBkZXNpZ25hdGUgYSBwaHlzaWNhbCBvcg0K ICAgICAgIHZpcnR1YWwgc3lzdGVtIGlkZW50aWZpZWQgYnkgTUFDIGFuZCBtYXliZSBJUCBhZGRy ZXNzZXMsIGFuZA0KICAgICAgIGNvbm5lY3RlZCB0byBhIEJEIGJ5IGFuIEF0dGFjaG1lbnQgQ2ly Y3VpdCwgdGhlIGZvbGxvd2luZw0KICAgICAgIGNvbnNpZGVyYXRpb25zIGFwcGx5Og0KICAgIA0K ICAgIEkgZmluZCB0aGUgd29yZGluZyDigJxpZiB0aGUgdGVybSBUZW5hbnQgU3lzdGVtIGlzIHVz ZWTigJ0gdG8gYmUgb2RkLiAgQXJlIHlvdQ0KICAgIHJlYWxseSBzYXlpbmcgKG1heWJlIHlvdSBh cmUpIHRoYXQgdGhlIGFwcGxpY2F0aW9uIG9mIHRoZSBjb25zaWRlcmF0aW9ucw0KICAgIGRlcGVu ZHMgb24gd2hldGhlciBvciBub3Qgd2UgKmNhbGwqIGl0IGEgVGVuYW50IFN5c3RlbT8gIE9yIHdo ZXRoZXIgb3Igbm90IGl0DQogICAgKmlzKiBhIFRlbmFudCBTeXN0ZW0/ICBGcm9tIHRoZSBkZWZp bml0aW9uIEkgZm91bmQgZm9yIOKAnFRlbmFudCBTeXN0ZW3igJ0gSSBjYW4NCiAgICBzZWUgdGhh dCBtYXliZSB0aGlzIGNhbiBnbyBlaXRoZXIgd2F5LiAgQnV0IGlmIHdl4oCZcmUgdGFsa2luZyBh Ym91dCB0aGUgbGF0dGVyLA0KICAgIEnigJlkIHVzZSB3b3JkaW5nIG1vcmUgbGlrZSwg4oCcVGhl IGZvbGxvd2luZyBjb25zaWRlcmF0aW9ucyBhcHBseSB0byBUZW5hbnQNCiAgICBTeXN0ZW1zIChU UykgdGhhdCBhcmUgcGh5c2ljYWwgb3IgdmlydHVhbCBzeXN0ZW1zIGlkZW50aWZpZWQgYnkgTUFD IGFuZCBtYXliZQ0KICAgIElQIGFkZHJlc3NlcyBhbmQgY29ubmVjdGVkIHRvIEJEcyBieSBBdHRh Y2htZW50IENpcmN1aXRzOuKAnSAoY2FzdCBhcyBwbHVyYWwsDQogICAgYmVjYXVzZSB0aGUgY29u c2lkZXJhdGlvbnMgdXNlIHBsdXJhbHMpLg0KW0pPUkdFXSBJIHRvb2sgeW91ciBzdWdnZXN0aW9u LCB0aHgNCiAgICANCiAgICDigKjigJQgU2VjdGlvbiAzLjEg4oCUDQogICAgDQogICAgSSBpbml0 aWFsbHkgY291bGRu4oCZdCBmaWd1cmUgb3V0LCBhcyBJIHdhcyByZWFkaW5nIHRoaXMsIGhvdyB5 b3XigJlkIGtub3cgd2hldGhlcg0KICAgIHlvdeKAmXJlIGRlYWxpbmcgd2l0aCB2NCBvciB2NiBh ZGRyZXNzZXMsIGFuZCwgdGhlcmVmb3JlLCBob3cgdG8gaW50ZXJwcmV0IHRoZQ0KICAgIGxlbmd0 aHMgb2YgdGhlIElQIFByZWZpeCBhbmQgR1cgSVAgQWRkcmVzcyBmaWVsZHMuICBJIGZpbmFsbHkg Z290IHRvIGl0IHNldmVuDQogICAgYnVsbGV0cyBkb3duLCB3aGVyZSB5b3Ugc2F5LCDigJxUaGUg dG90YWwgcm91dGUgbGVuZ3RoIHdpbGwgaW5kaWNhdGUgdGhlIHR5cGUgb2YNCiAgICBwcmVmaXji gJ0uICAgIE1heWJlIHNvbWVvbmUgYWxyZWFkeSBleHBlcnQgaW4gdGhpcyB3b3VsZCBmaW5kIHRo aXMgT0ssIGJ1dCB0byBtZQ0KICAgIGl0IHdhcyB0b28gbXVjaCB3b3JrIHRvIHNvcnQgaXQgb3V0 LCB3aGVuIEkgdGhpbmsgaXQgY291bGQgYmUgbWFkZSBjbGVhcmVyIGxpa2UNCiAgICB0aGlzOg0K ICAgIA0KICAgIE5FVw0KICAgICAgIEFuIElQIFByZWZpeCBSb3V0ZSBUeXBlIGZvciBJUHY0IGhh cyB0aGUgTGVuZ3RoIGZpZWxkIHNldCB0byAzNA0KICAgICAgIGFuZCBjb25zaXN0cyBvZiB0aGUg Zm9sbG93aW5nIGZpZWxkczoNCiAgICANCiAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLSsNCiAgICAgICAgfCAgICAgIFJEICAgKDggb2N0ZXRzKSAgICAgICAg ICAgICAgICAgIHwNCiAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLSsNCiAgICAgICAgfEV0aGVybmV0IFNlZ21lbnQgSWRlbnRpZmllciAoMTAgb2N0ZXRzKXwN CiAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgICAg ICAgfCAgRXRoZXJuZXQgVGFnIElEICg0IG9jdGV0cykgICAgICAgICAgIHwNCiAgICAgICAgKy0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgICAgICAgfCAgSVAgUHJl Zml4IExlbmd0aCAoMSBvY3RldCwgMCB0byAzMikgIHwNCiAgICAgICAgKy0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgICAgICAgfCAgSVAgUHJlZml4ICg0IG9jdGV0 cykgICAgICAgICAgICAgICAgIHwNCiAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLSsNCiAgICAgICAgfCAgR1cgSVAgQWRkcmVzcyAoNCBvY3RldHMpICAgICAg ICAgICAgIHwNCiAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LSsNCiAgICAgICAgfCAgTVBMUyBMYWJlbCAoMyBvY3RldHMpICAgICAgICAgICAgICAgIHwNCiAg ICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgICANCiAg ICAgICBBbiBJUCBQcmVmaXggUm91dGUgVHlwZSBmb3IgSVB2NiBoYXMgdGhlIExlbmd0aCBmaWVs ZCBzZXQgdG8gNTgNCiAgICAgICBhbmQgY29uc2lzdHMgb2YgdGhlIGZvbGxvd2luZyBmaWVsZHM6 DQogICAgDQogICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0r DQogICAgICAgIHwgICAgICBSRCAgICg4IG9jdGV0cykgICAgICAgICAgICAgICAgICB8DQogICAg ICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgIHxF dGhlcm5ldCBTZWdtZW50IElkZW50aWZpZXIgKDEwIG9jdGV0cyl8DQogICAgICAgICstLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgIHwgIEV0aGVybmV0IFRh ZyBJRCAoNCBvY3RldHMpICAgICAgICAgICB8DQogICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgIHwgIElQIFByZWZpeCBMZW5ndGggKDEgb2N0 ZXQsIDAgdG8gMTI4KSB8DQogICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0rDQogICAgICAgIHwgIElQIFByZWZpeCAoMTYgb2N0ZXRzKSAgICAgICAgICAgICAg ICB8DQogICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQog ICAgICAgIHwgIEdXIElQIEFkZHJlc3MgKDE2IG9jdGV0cykgICAgICAgICAgICB8DQogICAgICAg ICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgIHwgIE1Q TFMgTGFiZWwgKDMgb2N0ZXRzKSAgICAgICAgICAgICAgICB8DQogICAgICAgICstLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgDQogICAgICAgVGhlIHRvdGFsIHJv dXRlIGxlbmd0aCB3aWxsIGluZGljYXRlIHRoZSB0eXBlIG9mIElQIFByZWZpeCAoMzQgZm9yDQog ICAgICAgSVB2NCBvciA1OCBmb3IgSVB2NikgYW5kIHRoZSB0eXBlIG9mIEdXIElQIEFkZHJlc3Mu IFRoZSBJUCBQcmVmaXgNCiAgICAgICBhbmQgR1cgSVAgQWRkcmVzcyBhcmUgYWx3YXlzIGJvdGgg SVB2NCBvciBib3RoIElQdjY7IG1peGluZyB0aGUNCiAgICAgICB0d28gaXMgbm90IGFsbG93ZWQu DQogICAgDQogICAgICAgW+KApmFuZCB0aGVuIGZvbGxvdyB3aXRoIHRoZSBleHBsYW5hdGlvbnMg b2YgdGhlIGZpZWxkc+KApl0NCiAgICBFTkQNCiAgICANCiAgICBEbyB5b3UgYWdyZWUgdGhhdCB0 aGF0IG1ha2VzIHRoaW5ncyBjbGVhcmVyPw0KDQpbSk9SR0VdIG9rLCBkb25lDQogICAgDQogICAg 4oCUIFNlY3Rpb24gMy4yIOKAlA0KICAgIA0KICAgICAgIG8gSWYgZWl0aGVyIHRoZSBFU0kgb3Ig R1cgSVAgYXJlIG5vbi16ZXJvLCB0aGVuIG9uZSBvZiB0aGVtIGlzIHRoZQ0KICAgICAgICAgT3Zl cmxheSBJbmRleCwgcmVnYXJkbGVzcyBvZiB3aGV0aGVyIHRoZSBSb3V0ZXIncyBNQUMgRXh0ZW5k ZWQNCiAgICAgICAgIENvbW11bml0eSBpcyBwcmVzZW50IG9yIHRoZSB2YWx1ZSBvZiB0aGUgTGFi ZWwuDQogICAgDQogICAgU2hvdWxkIHRoYXQgc2F5IOKAnHRoZW4gdGhlIG5vbi16ZXJvIG9uZSBp cyB0aGUgT3ZlcmxheSBJbmRleOKAnT8NCltKT1JHRV0gb2ssIGdvb2QgcG9pbnQsIGRvbmUNCiAg ICANCiAgICANCiAgICANCg0K From nobody Fri May 18 12:34:22 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFFA012E6A3; Fri, 18 May 2018 12:33:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.403 X-Spam-Level: X-Spam-Status: No, score=-1.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Now3gGe9Uv67; Fri, 18 May 2018 12:33:52 -0700 (PDT) Received: from mail-io0-f180.google.com (mail-io0-f180.google.com [209.85.223.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEB3B12E858; Fri, 18 May 2018 12:33:34 -0700 (PDT) Received: by mail-io0-f180.google.com with SMTP id g1-v6so7498241iob.2; Fri, 18 May 2018 12:33:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=x5Gn5Dc7a1b+xlyxVM6sElhHYmLQv9nlFhKc/g/iyxA=; b=lyE74miJuUtSvEiGR4r0oERFsJ7SVOZFL22im4oZVoCVMGL/K7mR17xlZN+m+dhJ5o L2eIxMl54rp6ZqjOVumdVjWee58g9toUmoG2RWs0s5z7Idg1YvFhup7QgHi7YUW2voJJ a2RSmsFjwo4KotkScAft1U072ZtGVf1bizQ1dpKffRFbSWAD0nBCnmKBXHz0HpV9YuYE /J2VJjbZpHt/AmB3v3Tt9o6CQn4NiY7/qa0o0RUPoTst3dGPj7pHv19XCXp8hcHr7APb 0jzdDz0U3E7hvOE0SRnOb/RaZyuypqVKbJaGZOElgZbsk65rNxrPBJn3n4O5VrpYfjGZ 6rtw== X-Gm-Message-State: ALKqPwdwHC1tUw9J/fbxkWp2pJvqLYa7PkA0+upXMC3OhHOIzqyzjCWB jt1Pf0EUeg78fAqE3ZSGmwoCgiNct40BHpUzArc= X-Google-Smtp-Source: AB8JxZr33XEf6Hsvdadc71vUdUq9fe/wsUASUkMKmYUhXLDoT1nW9UcSWUHQEqchjfqZqG5s4pQLtd/iWkcbRuHU7aM= X-Received: by 2002:a6b:39d4:: with SMTP id g203-v6mr12777705ioa.165.1526672013885; Fri, 18 May 2018 12:33:33 -0700 (PDT) MIME-Version: 1.0 References: <152544190809.11693.11790094151278701234@ietfa.amsl.com> <96403E6F-5B94-4BBE-8E22-0077765F646A@nokia.com> In-Reply-To: <96403E6F-5B94-4BBE-8E22-0077765F646A@nokia.com> From: Barry Leiba Date: Fri, 18 May 2018 20:33:22 +0100 Message-ID: To: "Rabadan, Jorge (Nokia - US/Mountain View)" Cc: "bess@ietf.org" , "draft-ietf-bess-evpn-prefix-advertisement.all@ietf.org" , "ietf@ietf.org" , "secdir@ietf.org" Content-Type: multipart/alternative; boundary="0000000000001385fd056c80077c" Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-bess-evpn-prefix-advertisement-10 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2018 19:34:02 -0000 --0000000000001385fd056c80077c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable All good, and thanks, Jorge, for taking the time to make the changes. Barry On Fri, May 18, 2018 at 8:30 PM Rabadan, Jorge (Nokia - US/Mountain View) < jorge.rabadan@nokia.com> wrote: > Hi Barry, > > Thank you very much for reviewing. > I addressed all your comments, see below. > Thanks a bunch! > Jorge > > > =EF=BB=BF-----Original Message----- > From: Barry Leiba > Date: Friday, May 4, 2018 at 3:51 PM > To: "secdir@ietf.org" > Cc: "draft-ietf-bess-evpn-prefix-advertisement.all@ietf.org" < > draft-ietf-bess-evpn-prefix-advertisement.all@ietf.org>, "ietf@ietf.org" = < > ietf@ietf.org>, "bess@ietf.org" > Subject: Secdir last call review of > draft-ietf-bess-evpn-prefix-advertisement-10 > Resent-From: > Resent-To: , , < > jdrake@juniper.net>, , , < > matthew.bocci@nokia.com>, , < > martin.vigoureux@nokia.com>, , , > Zhaohui Zhang , > Resent-Date: Friday, May 4, 2018 at 3:51 PM > > Reviewer: Barry Leiba > Review result: Has Issues > > The "issues" I call out below are minor, and if the working group > thinks they > aren't worth dealing with, I'll not be offended nor lose any sleep. > > =E2=80=94 Section 1 =E2=80=94 > I=E2=80=99m sure that all these terms are defined in the normative re= ferences, > and =E2=80=99tis > a small thing, but it would sure help a non-expert reader if this lis= t > of terms > included, for each term, a citation to the RFC that defines it. I > hope you=E2=80=99ll > consider adding that; thanks. > [JORGE] I added a few references. Hope it's better now. > > [Follow-up; I finally found =E2=80=9CTenant System=E2=80=9D defined i= n RFC 7365, which > is not > in your references at all. Please don=E2=80=99t make your readers wo= rk that > hard, and > please consider beefing up the references and citations to > definitions.] > [JORGE] added now. > > =E2=80=94 Section 2.1 =E2=80=94 > > If the term Tenant System (TS) is used to designate a physical or > virtual system identified by MAC and maybe IP addresses, and > connected to a BD by an Attachment Circuit, the following > considerations apply: > > I find the wording =E2=80=9Cif the term Tenant System is used=E2=80= =9D to be odd. Are > you > really saying (maybe you are) that the application of the > considerations > depends on whether or not we *call* it a Tenant System? Or whether o= r > not it > *is* a Tenant System? From the definition I found for =E2=80=9CTenan= t System=E2=80=9D > I can > see that maybe this can go either way. But if we=E2=80=99re talking = about the > latter, > I=E2=80=99d use wording more like, =E2=80=9CThe following considerati= ons apply to > Tenant > Systems (TS) that are physical or virtual systems identified by MAC > and maybe > IP addresses and connected to BDs by Attachment Circuits:=E2=80=9D (c= ast as > plural, > because the considerations use plurals). > [JORGE] I took your suggestion, thx > > =E2=80=94 Section 3.1 =E2=80=94 > > I initially couldn=E2=80=99t figure out, as I was reading this, how y= ou=E2=80=99d know > whether > you=E2=80=99re dealing with v4 or v6 addresses, and, therefore, how t= o > interpret the > lengths of the IP Prefix and GW IP Address fields. I finally got to > it seven > bullets down, where you say, =E2=80=9CThe total route length will ind= icate the > type of > prefix=E2=80=9D. Maybe someone already expert in this would find t= his OK, > but to me > it was too much work to sort it out, when I think it could be made > clearer like > this: > > NEW > An IP Prefix Route Type for IPv4 has the Length field set to 34 > and consists of the following fields: > > +---------------------------------------+ > | RD (8 octets) | > +---------------------------------------+ > |Ethernet Segment Identifier (10 octets)| > +---------------------------------------+ > | Ethernet Tag ID (4 octets) | > +---------------------------------------+ > | IP Prefix Length (1 octet, 0 to 32) | > +---------------------------------------+ > | IP Prefix (4 octets) | > +---------------------------------------+ > | GW IP Address (4 octets) | > +---------------------------------------+ > | MPLS Label (3 octets) | > +---------------------------------------+ > > An IP Prefix Route Type for IPv6 has the Length field set to 58 > and consists of the following fields: > > +---------------------------------------+ > | RD (8 octets) | > +---------------------------------------+ > |Ethernet Segment Identifier (10 octets)| > +---------------------------------------+ > | Ethernet Tag ID (4 octets) | > +---------------------------------------+ > | IP Prefix Length (1 octet, 0 to 128) | > +---------------------------------------+ > | IP Prefix (16 octets) | > +---------------------------------------+ > | GW IP Address (16 octets) | > +---------------------------------------+ > | MPLS Label (3 octets) | > +---------------------------------------+ > > The total route length will indicate the type of IP Prefix (34 for > IPv4 or 58 for IPv6) and the type of GW IP Address. The IP Prefix > and GW IP Address are always both IPv4 or both IPv6; mixing the > two is not allowed. > > [=E2=80=A6and then follow with the explanations of the fields=E2= =80=A6] > END > > Do you agree that that makes things clearer? > > [JORGE] ok, done > > =E2=80=94 Section 3.2 =E2=80=94 > > o If either the ESI or GW IP are non-zero, then one of them is the > Overlay Index, regardless of whether the Router's MAC Extended > Community is present or the value of the Label. > > Should that say =E2=80=9Cthen the non-zero one is the Overlay Index= =E2=80=9D? > [JORGE] ok, good point, done > > > > > -- Barry -- Barry Leiba (barryleiba@computer.org) http://internetmessagingtechnology.org/ --0000000000001385fd056c80077c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
All good, and thanks, Jorge, for taking the time to make = the changes.

Barry
=

On Fri, May 18, 2018 at 8:30 PM Ra= badan, Jorge (Nokia - US/Mountain View) <jorge.rabadan@nokia.com> wrote:
Hi Barry,

Thank you very much for reviewing.
I addressed all your comments, see below.
Thanks a bunch!
Jorge


=EF=BB=BF-----Original Message-----
From: Barry Leiba <barryleiba@computer.org>
Date: Friday, May 4, 2018 at 3:51 PM
To: "secdir@ietf.= org" <secd= ir@ietf.org>
Cc: "draft-ietf-bess-evpn-prefix-advertisement.all@ie= tf.org" <draft-ietf-bess-evpn-prefix-advertise= ment.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "bess@ietf.org" <bess@ietf.org>
Subject: Secdir last call review of draft-ietf-bess-evpn-prefix-advertiseme= nt-10
Resent-From: <alias-bounces@ietf.org>
Resent-To: <jorge.rabadan@nokia.com>, <wim.henderickx@nokia.com>, <jdrake@juniper.net>, <= ;wlin@juniper.net= >, <sajassi@ci= sco.com>, <matthew.bocci@nokia.com>, <stephane.litkowski@orange.com>, = <martin.= vigoureux@nokia.com>, <db3546@att.com>, <aretana.ietf@gmail.com>, Zhaohui Zhang <= zzhang@juniper.net<= /a>>, <zzhang= @juniper.net>
Resent-Date: Friday, May 4, 2018 at 3:51 PM

=C2=A0 =C2=A0 Reviewer: Barry Leiba
=C2=A0 =C2=A0 Review result: Has Issues

=C2=A0 =C2=A0 The "issues" I call out below are minor, and if the= working group thinks they
=C2=A0 =C2=A0 aren't worth dealing with, I'll not be offended nor l= ose any sleep.

=C2=A0 =C2=A0 =E2=80=94 Section 1 =E2=80=94
=C2=A0 =C2=A0 I=E2=80=99m sure that all these terms are defined in the norm= ative references, and =E2=80=99tis
=C2=A0 =C2=A0 a small thing, but it would sure help a non-expert reader if = this list of terms
=C2=A0 =C2=A0 included, for each term, a citation to the RFC that defines i= t.=C2=A0 I hope you=E2=80=99ll
=C2=A0 =C2=A0 consider adding that; thanks.
[JORGE] I added a few references. Hope it's better now.

=C2=A0 =C2=A0 [Follow-up; I finally found =E2=80=9CTenant System=E2=80=9D d= efined in RFC 7365, which is not
=C2=A0 =C2=A0 in your references at all.=C2=A0 Please don=E2=80=99t make yo= ur readers work that hard, and
=C2=A0 =C2=A0 please consider beefing up the references and citations to de= finitions.]
[JORGE] added now.

=C2=A0 =C2=A0 =E2=80=94 Section 2.1 =E2=80=94

=C2=A0 =C2=A0 =C2=A0 =C2=A0If the term Tenant System (TS) is used to design= ate a physical or
=C2=A0 =C2=A0 =C2=A0 =C2=A0virtual system identified by MAC and maybe IP ad= dresses, and
=C2=A0 =C2=A0 =C2=A0 =C2=A0connected to a BD by an Attachment Circuit, the = following
=C2=A0 =C2=A0 =C2=A0 =C2=A0considerations apply:

=C2=A0 =C2=A0 I find the wording =E2=80=9Cif the term Tenant System is used= =E2=80=9D to be odd.=C2=A0 Are you
=C2=A0 =C2=A0 really saying (maybe you are) that the application of the con= siderations
=C2=A0 =C2=A0 depends on whether or not we *call* it a Tenant System?=C2=A0= Or whether or not it
=C2=A0 =C2=A0 *is* a Tenant System?=C2=A0 From the definition I found for = =E2=80=9CTenant System=E2=80=9D I can
=C2=A0 =C2=A0 see that maybe this can go either way.=C2=A0 But if we=E2=80= =99re talking about the latter,
=C2=A0 =C2=A0 I=E2=80=99d use wording more like, =E2=80=9CThe following con= siderations apply to Tenant
=C2=A0 =C2=A0 Systems (TS) that are physical or virtual systems identified = by MAC and maybe
=C2=A0 =C2=A0 IP addresses and connected to BDs by Attachment Circuits:=E2= =80=9D (cast as plural,
=C2=A0 =C2=A0 because the considerations use plurals).
[JORGE] I took your suggestion, thx

=C2=A0 =C2=A0 =E2=80=94 Section 3.1 =E2=80=94

=C2=A0 =C2=A0 I initially couldn=E2=80=99t figure out, as I was reading thi= s, how you=E2=80=99d know whether
=C2=A0 =C2=A0 you=E2=80=99re dealing with v4 or v6 addresses, and, therefor= e, how to interpret the
=C2=A0 =C2=A0 lengths of the IP Prefix and GW IP Address fields.=C2=A0 I fi= nally got to it seven
=C2=A0 =C2=A0 bullets down, where you say, =E2=80=9CThe total route length = will indicate the type of
=C2=A0 =C2=A0 prefix=E2=80=9D.=C2=A0 =C2=A0 Maybe someone already expert in= this would find this OK, but to me
=C2=A0 =C2=A0 it was too much work to sort it out, when I think it could be= made clearer like
=C2=A0 =C2=A0 this:

=C2=A0 =C2=A0 NEW
=C2=A0 =C2=A0 =C2=A0 =C2=A0An IP Prefix Route Type for IPv4 has the Length = field set to 34
=C2=A0 =C2=A0 =C2=A0 =C2=A0and consists of the following fields:

=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0 =C2=A0 RD=C2=A0 =C2=A0(8 octets)= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |Ethernet Segment Identifier (10 octets)|
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 Ethernet Tag ID (4 octets)=C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0|
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 IP Prefix Length (1 octet, 0 to 32)=C2= =A0 |
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 IP Prefix (4 octets)=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 GW IP Address (4 octets)=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 MPLS Label (3 octets)=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+

=C2=A0 =C2=A0 =C2=A0 =C2=A0An IP Prefix Route Type for IPv6 has the Length = field set to 58
=C2=A0 =C2=A0 =C2=A0 =C2=A0and consists of the following fields:

=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0 =C2=A0 RD=C2=A0 =C2=A0(8 octets)= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |Ethernet Segment Identifier (10 octets)|
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 Ethernet Tag ID (4 octets)=C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0|
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 IP Prefix Length (1 octet, 0 to 128) |<= br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 IP Prefix (16 octets)=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 GW IP Address (16 octets)=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 MPLS Label (3 octets)=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
=C2=A0 =C2=A0 =C2=A0 =C2=A0 +---------------------------------------+

=C2=A0 =C2=A0 =C2=A0 =C2=A0The total route length will indicate the type of= IP Prefix (34 for
=C2=A0 =C2=A0 =C2=A0 =C2=A0IPv4 or 58 for IPv6) and the type of GW IP Addre= ss. The IP Prefix
=C2=A0 =C2=A0 =C2=A0 =C2=A0and GW IP Address are always both IPv4 or both I= Pv6; mixing the
=C2=A0 =C2=A0 =C2=A0 =C2=A0two is not allowed.

=C2=A0 =C2=A0 =C2=A0 =C2=A0[=E2=80=A6and then follow with the explanations = of the fields=E2=80=A6]
=C2=A0 =C2=A0 END

=C2=A0 =C2=A0 Do you agree that that makes things clearer?

[JORGE] ok, done

=C2=A0 =C2=A0 =E2=80=94 Section 3.2 =E2=80=94

=C2=A0 =C2=A0 =C2=A0 =C2=A0o If either the ESI or GW IP are non-zero, then = one of them is the
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Overlay Index, regardless of whether the = Router's MAC Extended
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Community is present or the value of the = Label.

=C2=A0 =C2=A0 Should that say =E2=80=9Cthen the non-zero one is the Overlay= Index=E2=80=9D?
[JORGE] ok, good point, done




--
--0000000000001385fd056c80077c-- From nobody Fri May 18 13:28:04 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF00512E03C for ; Fri, 18 May 2018 13:27:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.31 X-Spam-Level: X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ssxZOypoK4Ss for ; Fri, 18 May 2018 13:27:42 -0700 (PDT) Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0B8112DFDB for ; Fri, 18 May 2018 13:27:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1526675256; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=nW6sBR6Hx1MOvSwOvMaH7Rx8FqhxbR/Aw0GDqwREhHQ=; b=L3Xz65IwdotHvJii0rRERX9rHF6ytot1pCpJFdSfPZfIglutSChkhvnIk8UD24Zg Ahsn0sXxuxoGDOzm0mdRSG/ZLiLCwoeu87Y+yMHDNJAbq6oEzxXtyXnN3WG9sJfc DAtyYIKKPYUwRNOUF2EBUjmKX88tjbWVejDwZTldJXw=; X-AuditID: c6180641-a523a9c000002610-79-5aff37383707 Received: from EUSAAHC004.ericsson.se (Unknown_Domain [147.117.188.84]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id ED.C4.09744.8373FFA5; Fri, 18 May 2018 22:27:36 +0200 (CEST) Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC004.ericsson.se ([147.117.188.84]) with mapi id 14.03.0382.000; Fri, 18 May 2018 16:27:35 -0400 From: Eric Gray To: Radia Perlman , "Yemin (Amy)" CC: The IESG , "ccamp@ietf.org" , "secdir@ietf.org" , "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" Thread-Topic: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05 Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQCADDFO8IAAbMGAgADFmvA= Date: Fri, 18 May 2018 20:27:34 +0000 Message-ID: <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se> References: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [147.117.188.9] Content-Type: multipart/alternative; boundary="_000_48E1A67CB9CA044EADFEAB87D814BFF64BA92606eusaamb107erics_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGIsWRmVeSWpSXmKPExsUyuXRPiK6F+f8og1VbZC02d2xgs3gy5waL xfW3ahYz/kxkttgy5y2rxYeFD1kc2Dx2zrrL7tFy5C2rx5IlP5k8vlz+zBbAEsVlk5Kak1mW WqRvl8CVcWfVN7aClkVMFWfmHmZtYNwxi6mLkZNDQsBEYtW5CWxdjFwcQgJHGSVmTHnFApIQ EljOKNGw3A7EZhPQkDh2Zy0jiC0iECSxbEMvO0gDs8B9Rom5k+aCTRIW8JXYd/YLC0RRgMS7 /pdQtp/Ep4nbwWwWAVWJNc2PmUFsXqD6hddfQ23exiQxue8gkMPBwSkQKHF+qhpIDaOAmMT3 U2vA5jMLiEvcejIf6moBiSV7zjND2KISLx//Y4WwFSX29U9nh6jPl9i8+RMrxC5BiZMzn7BM YBSZhWTULCRls5CUzQK6gllAU2L9Ln2IEkWJKd0P2SFsDYnWOXPZkcUXMLKvYuQoLS7IyU03 MtzECIy9YxJsjjsY9/Z6HmIU4GBU4uFtNPwfJcSaWFZcmXuIUYKDWUmE12jGvygh3pTEyqrU ovz4otKc1OJDjNIcLErivOc8eaOEBNITS1KzU1MLUotgskwcnFINjDHtUnd6FU5Fzjr/ymrz q42PHu3ezWDBtTXBwyn+wCIW/oppX68YLQ5+YbTo/4Fvl886dobuYE9M/7tA041hQ+mRz6sr Pl1xkolcZO/SXfXH/5C24gbXp+n7ujftL/7lcHjaFOnOWL4kFt7tHjKK0olCSqlqFXYGIZrK p4pOWvlsWCf5+MuZdiWW4oxEQy3mouJEACn/n4q5AgAA Archived-At: Subject: Re: [secdir] [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2018 20:27:45 -0000 --_000_48E1A67CB9CA044EADFEAB87D814BFF64BA92606eusaamb107erics_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgUmFkaWEuDQoNCkkgYWdyZWUgdGhhdCB0aGUgRW5nbGlzaCBpcyBhd2t3YXJkLCBidXQgSSB3 b3VsZCBoYXZlIGludGVycHJldGVkIOKAnGV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVudOKAnSB0 byBtZWFuIHNvbWV0aGluZyBtb3JlIGFsb25nIHRoZSBsaW5lcyBvZiBldm9sdmluZyB0b3dhcmQg dGhlIHNhbWUgKHNpbmd1bGFyKSB0aGluZy4gIE9yIHBlcmhhcHMgYW5vdGhlciB3YXkgdG8gbG9v ayBhdCBpdCBtaWdodCBiZSB0aGF0LCBiZWNhdXNlIFlBTkcgaXMgYmVjb21pbmcgYSBtb3JlIHBv cHVsYXIgbWVjaGFuaXNtIGZvciBib3RoIE5NUyBhbmQgU0ROLCBpdCBpcyBsaWtlbHkgdGhhdCBv bmUgb3IgYm90aCBvZiB0aGVzZSBtYXkgYmVjb21lIGNvbXBvbmVudHMgb2YgYSBjb21tb24gbWFu YWdlbWVudCBmcmFtZXdvcmsuDQoNCkkgd291bGQgaW50ZXJwcmV0IGl0IHRoaXMgd2F5IHByZWNp c2VseSBiZWNhdXNlIOKAkyBhcyB5b3Ugc2F5IOKAkyB0aGUgZGlzdGluY3Rpb24gaXMgbm90IGF0 IGFsbCBjbGVhciwgdGhvdWdoIEkgd291bGQgYWRkIHRoYXQgKHRvIHNvbWUgb2YgdXMpIHRoZSBk aXN0aW5jdGlvbiBoYXMgbmV2ZXIgYmVlbiB2ZXJ5IGNsZWFyLiAg8J+Yig0KDQpGb3IgdGhpcyBy ZWFzb24sIEkgd291bGQgaGF2ZSBzb21lIHNtYWxsIGRpZmZpY3VsdHkgaW4gc2VlaW5nIGhvdyBp dCB3b3VsZCBtYWtlIG11Y2ggc2Vuc2UgdG8gc2F5IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcgdG93 YXJkIGluY3JlYXNpbmcgc2ltaWxhcml0eS4NCg0KLS0NCkVyaWMNCg0KRnJvbTogQ0NBTVAgW21h aWx0bzpjY2FtcC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgUmFkaWEgUGVybG1hbg0K U2VudDogRnJpZGF5LCBNYXkgMTgsIDIwMTggMTI6MzAgQU0NClRvOiBZZW1pbiAoQW15KSA8YW15 LnllbWluQGh1YXdlaS5jb20+DQpDYzogVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc+OyBjY2FtcEBp ZXRmLm9yZzsgc2VjZGlyQGlldGYub3JnOyBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt ZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnDQpTdWJqZWN0OiBSZTogW0NDQU1QXSBTZWNkaXIgcmV2 aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpUaGFuayB5 b3UhICBUaG91Z2ggd2hhdCB5b3UncmUgc3VnZ2VzdGluZyBpcyBhd2t3YXJkIEVuZ2xpc2guDQoN ClBlcmhhcHMgIldlIG5vdGUgdGhhdCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiBOTVMgYW5kIFNE TiBpcyBub3QgYWxsIHRoYXQgY2xlYXIsIGFuZCB0aGUgdHdvIGFyZSBldm9sdmluZyB0byBiZSBt b3JlIGFuZCBtb3JlIHNpbWlsYXIuIiBjb3VsZCByZXBsYWNlIHRoZSBmaXJzdCBzZW50ZW5jZS4g IEknbSByZWFsbHkgbm90IHN1cmUgd2hhdCB5b3UgbWVhbnQgYnkgImV2b2x2aW5nIHRvd2FyZCBh IGNvbXBvbmVudCIsIHNvIHBlcmhhcHMgSSdtIG5vdCBjYXB0dXJpbmcgd2hhdCB5b3UgYXJlIGlu dGVuZGluZyB0byBzYXkuDQoNCg0KUmFkaWENCg0KT24gVGh1LCBNYXkgMTcsIDIwMTggYXQgNzow MyBQTSwgWWVtaW4gKEFteSkgPGFteS55ZW1pbkBodWF3ZWkuY29tPG1haWx0bzphbXkueWVtaW5A aHVhd2VpLmNvbT4+IHdyb3RlOg0KSGkgUmFkaWEsDQoNCldlIGp1c3QgdXBkYXRlZCB0aGUgZHJh ZnQsIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWlj cm93YXZlLWZyYW1ld29yay8uDQpZb3VyIGNvbW1lbnRzIGFyZSBhZGRyZXNzZWQgaW4gdGhlIGxh dGVzdCB2ZXJzaW9uLg0KDQpCUiwNCkFteQ0KRnJvbTogWWVtaW4gKEFteSkNClNlbnQ6IFRodXJz ZGF5LCBNYXkgMTAsIDIwMTggNDowNyBQTQ0KVG86ICdEYW5pZWxlIENlY2NhcmVsbGknIDxkYW5p ZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPG1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJp Y3Nzb24uY29tPj47IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVybG1hbkBnbWFpbC5jb208bWFpbHRv OnJhZGlhcGVybG1hbkBnbWFpbC5jb20+PjsgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJh bWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dh dmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3Jn PG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGll dGYub3JnPg0KU3ViamVjdDogUkU6IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1t aWNyb3dhdmUtZnJhbWV3b3JrLTA1DQoNCkhpIFJhZGlhLA0KDQpUaGFua3MgZm9yIHlvdXIgcmV2 aWV3Lg0KDQpSZWdhcmRpbmcgdGhlIE5NUyBhbmQgU0ROLCBhcyBEYW5pZWxlIHN1Z2dlc3RlZCwg d2Ugd2lsbCBhZGQgdGhlIGZvbGxvd2luZyB0ZXh0IGluIHNlY3Rpb24gMzoNCuKAnEl0J3Mgbm90 ZWQgdGhhdCB0aGVyZSdzIGlkZWEgdGhhdCB0aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRv d2FyZHMgYSBjb21wb25lbnQsIGFuZCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1 aXRlIHZhZ3VlLiBBbm90aGVyIGZhY3QgaXMgdGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2Yg bmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0 aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lLCB3aGlsZSBTRE4gaXMgY29uc2lkZXJlZCBhcyB0 aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUuIFRoZXkgYXJlIHN0aWxsIGtl cHQgYXMgc2VwYXJhdGUgY29tcG9uZW50LuKAnQ0KDQpSZWdhcmRpbmcgdGhlIHNlY3VyaXR5IGNv bnNpZGVyYXRpb25zLCB5ZXMsIHRoaXMgZHJhZnQgZG9lc27igJl0IHNwZWNpZnkgdGhlIHBhcmFt ZXRlcnMuDQpUaGVyZeKAmXMgYW5vdGhlciBkcmFmdCBkcmFmdC1pZXRmLWNjYW1wLW13LXlhbmcs IHdoZXJlIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9uIGlzIGFkZHJlc3NlZCBhcyB5b3Ugc3Vn Z2VzdGVkLg0KDQpCUiwNCkFteQ0KRnJvbTogRGFuaWVsZSBDZWNjYXJlbGxpIFttYWlsdG86ZGFu aWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbV0NClNlbnQ6IE1vbmRheSwgTWF5IDA3LCAyMDE4 IDU6NDYgUE0NClRvOiBSYWRpYSBQZXJsbWFuIDxyYWRpYXBlcmxtYW5AZ21haWwuY29tPG1haWx0 bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tPj47IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZy YW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93 YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc+OyBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9y ZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+OyBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBp ZXRmLm9yZz4NClN1YmplY3Q6IFJFOiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAt bWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpIaSBSYWRpYSwNCg0KbGV0IG1lIHJlcGx5IG9uIGJl aGFsZiBvZiB0aGUgYXV0aG9ycy4gRmlyc3Qgb2YgYWxsIG1hbnkgdGhhbmtzIGZvciB5b3VyIHJl dmlldy4NCg0KUmVnYXJkaW5nIHlvdXIgcXVlc3Rpb24gYWJvdXQgdHJhZGl0aW9uYWwgTk1TIHZz IFNETiBJIGFncmVlIHdpdGggeW91IG9uIHRoZSBmYWN0IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcg dG93YXJkcyBhIGNvbW1vbiBjb21wb25lbnQgYW5kIHRoZSBkaXN0aW5jdGlvbiBpcyBxdWl0ZSBi bHVycnksIGJ1dCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlz IHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50 IHBsYW5lIHdoaWxlIFNETiB0aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUg YW5kIHRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgdGhpbmdzLg0KDQpIZW5jZSwgc2lu Y2UgdGhlIGF1dGhvcnMgc3BlYWsgYWJvdXQg4oCcdHJhZGl0aW9uYWzigJ0gTk1TIGFuZCBTRE4g SSB3b3VsZCB0ZW5kIHRvIGFsbG93IGZvciB0aGUgZGlzdGluY3Rpb24gdG8gYmUga2VwdC4gSWYg eW91IHByZWZlciBhIG5vdGUgc3BlYWtpbmcgYWJvdXQgdGhlIGNvbnZlcmdlbmNlIG9mIHRoZSB0 d28gdGhpbmdzIGNhbiBiZSBhZGRlZC4NCg0KVGhhbmtzIGEgbG90DQpEYW5pZWxlICAoY2NhbXAg Y28tY2hhaXIpDQoNCkZyb206IFJhZGlhIFBlcmxtYW4gW21haWx0bzpyYWRpYXBlcmxtYW5AZ21h aWwuY29tXQ0KU2VudDogbHVuZWTDrCA3IG1hZ2dpbyAyMDE4IDA4OjU1DQpUbzogZHJhZnQtaWV0 Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJh ZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRo ZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRm Lm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBk cmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNCg0KU29ycnkuLi5yZXNlbmRp bmcgYmVjYXVzZSBJIG1pc3R5cGVkIHRoZSBhdXRob3IgYWRkcmVzcy4NCg0KDQotLS0tLS0tLS0t IEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS0NCkZyb206IFJhZGlhIFBlcmxtYW4gPHJhZGlh cGVybG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20+Pg0KRGF0ZTog U3VuLCBNYXkgNiwgMjAxOCBhdCAxMTo0OCBQTQ0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBk cmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNClRvOiBkcmFmdC1pZXRmLWNj YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xzLmlldGYub3JnPG1haWx0bzpkcmFm dC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xzLmlldGYub3JnPiwg VGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+Piwgc2VjZGlyQGll dGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQpTdW1tYXJ5OiAgTm8gc2VjdXJpdHkgaXNz dWVzIGZvdW5kLCBidXQgSSBkbyBoYXZlIHF1ZXN0aW9ucywgYW5kIHRoZXJlIGFyZSBlZGl0aW5n IGdsaXRjaGVzDQoNCkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhl IHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZw0KZWZmb3J0IHRvIHJldmlldyBhbGwgSUVU RiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiAgVGhlc2UNCmNvbW1lbnRz IHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBh cmVhDQpkaXJlY3RvcnMuICBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRy ZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3QNCmxpa2UgYW55IG90aGVyIGxhc3QgY2FsbCBjb21tZW50 cy4NCg0KVGhpcyBkb2N1bWVudCBkZXNjcmliZXMgdGhlIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGZv ciBtaWNyb3dhdmUgcmFkaW8gbGlua3MuDQpJdCBhZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxp ZXZlKSB0aGF0IHN1Y2ggYW4gaW50ZXJmYWNlIHNob3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3Zp ZGUgZm9yIHZlbmRvci1zcGVjaWZpYyBmZWF0dXJlcy4NCg0KSSBkb24ndCB1bmRlcnN0YW5kIHRo ZSBkaWZmZXJlbmNlIGJldHdlZW4gYSAiYSB0cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQg c3lzdGVtIiBhbmQgU0ROLiAgUGVyaGFwcyBpdCBpcyBub3QgdGhlIGpvYiBvZiB0aGlzIGRvY3Vt ZW50IHRvIGNsZWFybHkgbWFrZSB0aGUgZGlzdGluY3Rpb24sIGFuZCBJIHN1c3BlY3QgdGhlcmUg aXMgbm8gcmVhbCBkaXN0aW5jdGlvbi4uLnNldHRpbmcgcGFyYW1ldGVycyAodHJhZGl0aW9uYWwg bmV0d29yayBtYW5hZ2VtZW50KSBpcyBhIHdheSBvZiAicHJvZ3JhbW1pbmciIGFuIGludGVyZmFj ZSAoIlNETiIpLg0KDQpUaGlzIGRvY3VtZW50IGNvdWxkIHVzZSBhbiBlZGl0aW5nIHBhc3MgZm9y IGdsaXRjaGVzLCBidXQgdGhlc2UgZ2xpdGNoZXMgZG8gbm90IGltcGFjdCBpdHMgcmVhZGFiaWxp dHkuDQoNClRoZSBnbGl0Y2hlcyBjb25zaXN0ICBtb3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxl IHdvcmRzIGxpa2UgIm9mIiBpbiB0aGUgZm9sbG93aW5nIHNlbnRlbmNlLg0KIlRoZSBhZG9wdGlv biBvZiBhbiBTRE4gZnJhbWV3b3JrIGZvciBtYW5hZ2VtZW50IGFuZA0KICAgY29udHJvbCB0aGUg bWljcm93YXZlIGludGVyZmFjZSBpcyBvbmUgb2YgdGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yDQog ICB0aGlzIHdvcmsuIg0KDQpUaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2F5IHRoYXQgdGhl eSBhc3N1bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChhdXRoZW50aWNhdGVkLCBwcm9iYWJs eSBlbmNyeXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNvbW11bmljYXRpb24uICBPdGhlciB0 aGFuIHRoYXQsIHBlcmhhcHMsIHRoZXJlIG1pZ2h0IGJlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25z IGZvciBpbmFkdmVydGVudGx5IHNldHRpbmcgcGFyYW1ldGVycyBpbmNvcnJlY3RseSwgb3IgbWFs aWNpb3VzbHkgYnkgYSB0cnVzdGVkIGFkbWluaXN0cmF0b3IuICBCdXQgdGhpcyBkb2N1bWVudCBk b2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVjaWZpYyBwYXJhbWV0ZXJzIHRvIGJlIG1hbmFnZWQsIGp1 c3QgYSBnZW5lcmFsIGZyYW1ld29yay4NCg0KUmFkaWENCg0KDQoNCg== --_000_48E1A67CB9CA044EADFEAB87D814BFF64BA92606eusaamb107erics_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkRlbmdYaWFuOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAx IDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUg NSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IlxARGVuZ1hpYW4i Ow0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMg Ki8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBp bjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZh bWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJ e21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1 bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1z dHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVy bGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21z by1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJn aW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0 OjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNl cmlmO30NCnNwYW4ubS02MTY2OTg1ODA0NjE1Mjc5MzY2bTQxMzEzNzY3MjgwMzExNjczMDZnbWFp bC1tOTAyNjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1Nzc4MjUzNGdtYWlsLWls DQoJe21zby1zdHlsZS1uYW1lOm1fLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3NjcyODAzMTE2 NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3NzgyNTM0 Z21haWwtaWw7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTkNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWw7 DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9 DQpzcGFuLkVtYWlsU3R5bGUyMA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0K CWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0K Lk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41 aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNl Y3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNv IDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAv Pg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxh eW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwv bzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVO LVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9u MSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSBSYWRpYS48bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+SSBhZ3JlZSB0aGF0IHRoZSBFbmdsaXNoIGlzIGF3a3dhcmQsIGJ1dCBJIHdvdWxkIGhhdmUg aW50ZXJwcmV0ZWQg4oCcZXZvbHZpbmcgdG93YXJkIGEgY29tcG9uZW504oCdIHRvIG1lYW4gc29t ZXRoaW5nIG1vcmUgYWxvbmcgdGhlIGxpbmVzIG9mIGV2b2x2aW5nIHRvd2FyZCB0aGUgc2FtZSAo c2luZ3VsYXIpIHRoaW5nLiZuYnNwOyBPciBwZXJoYXBzIGFub3RoZXIgd2F5IHRvIGxvb2sgYXQg aXQgbWlnaHQgYmUgdGhhdCwgYmVjYXVzZQ0KIFlBTkcgaXMgYmVjb21pbmcgYSBtb3JlIHBvcHVs YXIgbWVjaGFuaXNtIGZvciBib3RoIE5NUyBhbmQgU0ROLCBpdCBpcyBsaWtlbHkgdGhhdCBvbmUg b3IgYm90aCBvZiB0aGVzZSBtYXkgYmVjb21lIGNvbXBvbmVudHMgb2YgYSBjb21tb24gbWFuYWdl bWVudCBmcmFtZXdvcmsuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgd291bGQgaW50ZXJwcmV0 IGl0IHRoaXMgd2F5IHByZWNpc2VseSBiZWNhdXNlIOKAkyBhcyB5b3Ugc2F5IOKAkyB0aGUgZGlz dGluY3Rpb24gaXMgbm90IGF0IGFsbCBjbGVhciwgdGhvdWdoIEkgd291bGQgYWRkIHRoYXQgKHRv IHNvbWUgb2YgdXMpIHRoZSBkaXN0aW5jdGlvbiBoYXMgbmV2ZXIgYmVlbiB2ZXJ5IGNsZWFyLiZu YnNwOw0KPHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O1NlZ29lIFVJIEVtb2ppJnF1b3Q7 LHNhbnMtc2VyaWYiPvCfmIo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkZvciB0aGlz IHJlYXNvbiwgSSB3b3VsZCBoYXZlIHNvbWUgc21hbGwgZGlmZmljdWx0eSBpbiBzZWVpbmcgaG93 IGl0IHdvdWxkIG1ha2UgbXVjaCBzZW5zZSB0byBzYXkgdGhhdCB0aGV5IGFyZSBldm9sdmluZyB0 b3dhcmQgaW5jcmVhc2luZyBzaW1pbGFyaXR5LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4tLTxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+RXJpYzxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48Yj5Gcm9tOjwvYj4gQ0NBTVAgW21haWx0bzpjY2FtcC1ib3VuY2VzQGlldGYub3Jn XSA8Yj5PbiBCZWhhbGYgT2YNCjwvYj5SYWRpYSBQZXJsbWFuPGJyPg0KPGI+U2VudDo8L2I+IEZy aWRheSwgTWF5IDE4LCAyMDE4IDEyOjMwIEFNPGJyPg0KPGI+VG86PC9iPiBZZW1pbiAoQW15KSAm bHQ7YW15LnllbWluQGh1YXdlaS5jb20mZ3Q7PGJyPg0KPGI+Q2M6PC9iPiBUaGUgSUVTRyAmbHQ7 aWVzZ0BpZXRmLm9yZyZndDs7IGNjYW1wQGlldGYub3JnOyBzZWNkaXJAaWV0Zi5vcmc7IGRyYWZ0 LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8YnI+DQo8 Yj5TdWJqZWN0OjwvYj4gUmU6IFtDQ0FNUF0gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNj YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PlRoYW5rIHlvdSEmbmJzcDsgVGhvdWdoIHdoYXQgeW91J3JlIHN1Z2dlc3RpbmcgaXMgYXdrd2Fy ZCBFbmdsaXNoLjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ UGVyaGFwcyAmcXVvdDtXZSBub3RlIHRoYXQgdGhlIGRpc3RpbmN0aW9uIGJldHdlZW4gTk1TIGFu ZCBTRE4gaXMgbm90IGFsbCB0aGF0IGNsZWFyLCBhbmQgdGhlIHR3byBhcmUgZXZvbHZpbmcgdG8g YmUgbW9yZSBhbmQgbW9yZSBzaW1pbGFyLiZxdW90OyBjb3VsZCByZXBsYWNlIHRoZSBmaXJzdCBz ZW50ZW5jZS4mbmJzcDsgSSdtIHJlYWxseSBub3Qgc3VyZSB3aGF0IHlvdSBtZWFudCBieSAmcXVv dDtldm9sdmluZyB0b3dhcmQgYSBjb21wb25lbnQmcXVvdDssDQogc28gcGVyaGFwcyBJJ20gbm90 IGNhcHR1cmluZyB3aGF0IHlvdSBhcmUgaW50ZW5kaW5nIHRvIHNheS48bzpwPjwvbzpwPjwvcD4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlJhZGlhPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5PbiBUaHUsIE1heSAxNywgMjAxOCBhdCA3OjAzIFBNLCBZZW1pbiAoQW15KSAmbHQ7PGEgaHJl Zj0ibWFpbHRvOmFteS55ZW1pbkBodWF3ZWkuY29tIiB0YXJnZXQ9Il9ibGFuayI+YW15LnllbWlu QGh1YXdlaS5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjxibG9ja3F1b3RlIHN0 eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6 MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbiI+DQo8 ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMx RjQ5N0QiPkhpIFJhZGlhLA0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3 RCI+V2UganVzdCB1cGRhdGVkIHRoZSBkcmFmdCwNCjxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNr ZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay8iIHRh cmdldD0iX2JsYW5rIj4NCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWll dGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay88L2E+LiA8L3NwYW4+DQo8bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPllv dXIgY29tbWVudHMgYXJlIGFkZHJlc3NlZCBpbiB0aGUgbGF0ZXN0IHZlcnNpb24uDQo8L3NwYW4+ PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xv cjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5CUiw8L3NwYW4+PG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5B bXk8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7 Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4i Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4gWWVtaW4gKEFteSkNCjxicj4N CjxiPlNlbnQ6PC9iPiBUaHVyc2RheSwgTWF5IDEwLCAyMDE4IDQ6MDcgUE08YnI+DQo8Yj5Ubzo8 L2I+ICdEYW5pZWxlIENlY2NhcmVsbGknICZsdDs8YSBocmVmPSJtYWlsdG86ZGFuaWVsZS5jZWNj YXJlbGxpQGVyaWNzc29uLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmRhbmllbGUuY2VjY2FyZWxsaUBl cmljc3Nvbi5jb208L2E+Jmd0OzsgUmFkaWEgUGVybG1hbiAmbHQ7PGEgaHJlZj0ibWFpbHRvOnJh ZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdldD0iX2JsYW5rIj5yYWRpYXBlcmxtYW5AZ21haWwu Y29tPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUt ZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0KZHJhZnQtaWV0 Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzwvYT47IFRoZSBJ RVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmll c2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciIHRh cmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJyPg0KPGI+U3ViamVjdDo8L2I+IFJF OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0w NTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxl PSJjb2xvcjojMUY0OTdEIj5IaSBSYWRpYSwNCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bh bj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNv bG9yOiMxRjQ5N0QiPlRoYW5rcyBmb3IgeW91ciByZXZpZXcuDQo8L3NwYW4+PG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj4m bmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu IHN0eWxlPSJjb2xvcjojMUY0OTdEIj5SZWdhcmRpbmcgdGhlIE5NUyBhbmQgU0ROLCBhcyBEYW5p ZWxlIHN1Z2dlc3RlZCwgd2Ugd2lsbCBhZGQgdGhlIGZvbGxvd2luZyB0ZXh0IGluIHNlY3Rpb24g MzoNCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4g c3R5bGU9ImNvbG9yOiMxRjQ5N0QiPuKAnEl0J3Mgbm90ZWQgdGhhdCB0aGVyZSdzIGlkZWEgdGhh dCB0aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBjb21wb25lbnQsIGFuZCB0 aGUgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZhZ3VlLiBBbm90aGVyIGZhY3Qg aXMNCiB0aGF0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMg c3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQg cGxhbmUsIHdoaWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0 aGUgY29udHJvbCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25l bnQu4oCdPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3Bh biBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+UmVnYXJkaW5n IHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucywgeWVzLCB0aGlzIGRyYWZ0IGRvZXNu4oCZdCBz cGVjaWZ5IHRoZSBwYXJhbWV0ZXJzLg0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+VGhlcmXigJlzIGFub3Ro ZXIgZHJhZnQgZHJhZnQtaWV0Zi1jY2FtcC1tdy15YW5nLCB3aGVyZSB0aGUgc2VjdXJpdHkgY29u c2lkZXJhdGlvbiBpcyBhZGRyZXNzZWQgYXMgeW91IHN1Z2dlc3RlZC4NCjwvc3Bhbj48bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5 N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkJSLDwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkFteTwvc3Bh bj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXIt dG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPjxiPkZyb206PC9iPiBEYW5pZWxlIENlY2NhcmVsbGkgWzxhIGhy ZWY9Im1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tIiB0YXJnZXQ9Il9ibGFu ayI+bWFpbHRvOmRhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb208L2E+XQ0KPGJyPg0KPGI+ U2VudDo8L2I+IE1vbmRheSwgTWF5IDA3LCAyMDE4IDU6NDYgUE08YnI+DQo8Yj5Ubzo8L2I+IFJh ZGlhIFBlcmxtYW4gJmx0OzxhIGhyZWY9Im1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tIiB0 YXJnZXQ9Il9ibGFuayI+cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwvYT4mZ3Q7Ow0KPGEgaHJlZj0i bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0 Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l d29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+OyBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFpbHRv Omllc2dAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5pZXNnQGlldGYub3JnPC9hPiZndDs7DQo8 YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2VjZGlyQGll dGYub3JnPC9hPjxicj4NCjxiPlN1YmplY3Q6PC9iPiBSRTogU2VjZGlyIHJldmlldyBvZiBkcmFm dC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+SGkgUmFkaWEsPC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu IGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPmxldCBtZSByZXBseSBvbiBiZWhhbGYgb2YgdGhlIGF1dGhvcnMuIEZpcnN0IG9mIGFs bCBtYW55IHRoYW5rcyBmb3IgeW91ciByZXZpZXcuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij5SZWdhcmRpbmcgeW91ciBxdWVzdGlvbiBhYm91dCB0cmFkaXRpb25hbCBOTVMgdnMgU0ROIEkg YWdyZWUgd2l0aCB5b3Ugb24gdGhlIGZhY3QgdGhhdCB0aGV5IGFyZSBldm9sdmluZyB0b3dhcmRz IGEgY29tbW9uIGNvbXBvbmVudCBhbmQgdGhlIGRpc3RpbmN0aW9uIGlzIHF1aXRlIGJsdXJyeSwg YnV0IHRoZXJlDQogaXMgc3RpbGwgcGxlbnR5IG9mIG5ldHdvcmtzIHdoZXJlIE5NUyBpcyBzdGls bCBjb25zaWRlcmVkIGFzIHRoZSBpbXBsZW1lbnRhdGlvbiBvZiB0aGUgbWFuYWdlbWVudCBwbGFu ZSB3aGlsZSBTRE4gdGhlIGNlbnRyYWxpemF0aW9uIG9mIHRoZSBjb250cm9sIHBsYW5lIGFuZCB0 aGV5IGFyZSBzdGlsbCBrZXB0IGFzIHNlcGFyYXRlIHRoaW5ncy48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPkhlbmNlLCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVhayBhYm91dCDigJx0cmFkaXRp b25hbOKAnSBOTVMgYW5kIFNETiBJIHdvdWxkIHRlbmQgdG8gYWxsb3cgZm9yIHRoZSBkaXN0aW5j dGlvbiB0byBiZSBrZXB0LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBzcGVha2luZyBhYm91dCB0aGUg Y29udmVyZ2VuY2Ugb2YgdGhlIHR3bw0KIHRoaW5ncyBjYW4gYmUgYWRkZWQuPG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj5UaGFua3MgYSBsb3Q8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+RGFuaWVsZSZuYnNwOyAoY2NhbXAgY28tY2hhaXIpPG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPGRpdiBzdHls ZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1ZSAxLjVwdDtwYWRkaW5nOjBpbiAw aW4gMGluIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9w OnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPjxiPkZyb206PC9iPiBSYWRpYSBQZXJsbWFuIFs8YSBocmVmPSJtYWls dG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPm1haWx0bzpyYWRpYXBl cmxtYW5AZ21haWwuY29tPC9hPl0NCjxicj4NCjxiPlNlbnQ6PC9iPiBsdW5lZMOsIDcgbWFnZ2lv IDIwMTggMDg6NTU8YnI+DQo8Yj5Ubzo8L2I+IDxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLWNj YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnIiB0YXJnZXQ9Il9ibGFu ayI+DQpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYu b3JnPC9hPjsgVGhlIElFU0cgJmx0OzxhIGhyZWY9Im1haWx0bzppZXNnQGlldGYub3JnIiB0YXJn ZXQ9Il9ibGFuayI+aWVzZ0BpZXRmLm9yZzwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOnNlY2Rp ckBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNlY2RpckBpZXRmLm9yZzwvYT48YnI+DQo8Yj5T dWJqZWN0OjwvYj4gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m cmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+U29ycnkuLi5yZXNl bmRpbmcgYmVjYXVzZSBJIG1pc3R5cGVkIHRoZSBhdXRob3IgYWRkcmVzcy48L3NwYW4+PG86cD48 L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+ Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t LWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttYXJnaW4tYm90dG9tOjEyLjBwdCI+PHNwYW4gbGFuZz0iSVQiPi0tLS0tLS0tLS0gRm9yd2Fy ZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLTxicj4NCkZyb206IDxiPlJhZGlhIFBlcmxtYW48L2I+ICZs dDs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsi PnJhZGlhcGVybG1hbkBnbWFpbC5jb208L2E+Jmd0Ozxicj4NCkRhdGU6IFN1biwgTWF5IDYsIDIw MTggYXQgMTE6NDggUE08YnI+DQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYt Y2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNTxicj4NClRvOiA8YSBocmVmPSJtYWlsdG86ZHJh ZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1LmFsbEB0b29scy5pZXRmLm9yZyIg dGFyZ2V0PSJfYmxhbmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1 LmFsbEB0b29scy5pZXRmLm9yZzwvYT4sIFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVz Z0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OywNCjxhIGhy ZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5v cmc8L2E+PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0 byI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj5TdW1tYXJ5OiZuYnNwOyBO byBzZWN1cml0eSBpc3N1ZXMgZm91bmQsIGJ1dCBJIGRvIGhhdmUgcXVlc3Rpb25zLCBhbmQgdGhl cmUgYXJlIGVkaXRpbmcgZ2xpdGNoZXM8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5n PSJJVCIgc3R5bGU9ImZvbnQtc2l6ZTo5LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90 OyxzYW5zLXNlcmlmO2NvbG9yOiMyMjIyMjIiPkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50 IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZzxicj4NCmVmZm9y dCB0byZuYnNwOzxzcGFuIGNsYXNzPSJtLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3NjcyODAz MTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3Nzgy NTM0Z21haWwtaWwiPnJldmlldzwvc3Bhbj4mbmJzcDthbGwgSUVURiBkb2N1bWVudHMgYmVpbmcg cHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiZuYnNwOyBUaGVzZTxicj4NCmNvbW1lbnRzIHdlcmUgd3Jp dHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBhcmVhPGJyPg0K ZGlyZWN0b3JzLiZuYnNwOyBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRy ZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3Q8YnI+DQpsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwgY29t bWVudHMuPC9zcGFuPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4m bmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0aGUgbWFu YWdlbWVudCBpbnRlcmZhY2UgZm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy48L3NwYW4+PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxh bmc9IklUIj5JdCBhZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1Y2ggYW4g aW50ZXJmYWNlIHNob3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRvci1zcGVj aWZpYyBmZWF0dXJlcy48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9 IklUIj5JIGRvbid0IHVuZGVyc3RhbmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICZxdW90O2Eg dHJhZGl0aW9uYWwgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSZxdW90OyBhbmQgU0ROLiZuYnNw OyBQZXJoYXBzIGl0IGlzIG5vdCB0aGUgam9iIG9mIHRoaXMgZG9jdW1lbnQgdG8gY2xlYXJseSBt YWtlIHRoZSBkaXN0aW5jdGlvbiwNCiBhbmQgSSBzdXNwZWN0IHRoZXJlIGlzIG5vIHJlYWwgZGlz dGluY3Rpb24uLi5zZXR0aW5nIHBhcmFtZXRlcnMgKHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdl bWVudCkgaXMgYSB3YXkgb2YgJnF1b3Q7cHJvZ3JhbW1pbmcmcXVvdDsgYW4gaW50ZXJmYWNlICgm cXVvdDtTRE4mcXVvdDspLiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNw YW4gbGFuZz0iSVQiPlRoaXMgZG9jdW1lbnQgY291bGQgdXNlIGFuIGVkaXRpbmcgcGFzcyBmb3Ig Z2xpdGNoZXMsIGJ1dCB0aGVzZSBnbGl0Y2hlcyBkbyBub3QgaW1wYWN0IGl0cyByZWFkYWJpbGl0 eS48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGUgZ2xp dGNoZXMgY29uc2lzdCZuYnNwOyBtb3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxp a2UgJnF1b3Q7b2YmcXVvdDsgaW4gdGhlIGZvbGxvd2luZyBzZW50ZW5jZS48L3NwYW4+PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxh bmc9IklUIj4mcXVvdDtUaGUgYWRvcHRpb24gb2YgYW4gU0ROIGZyYW1ld29yayBmb3IgbWFuYWdl bWVudCBhbmQ8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDsgJm5ic3A7Y29udHJvbCB0aGUgbWlj cm93YXZlIGludGVyZmFjZSBpcyBvbmUgb2YgdGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yPC9zcGFu PjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48 c3BhbiBsYW5nPSJJVCI+Jm5ic3A7ICZuYnNwO3RoaXMgd29yay4mcXVvdDs8L3NwYW4+PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxh bmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGUgc2VjdXJpdHkgY29uc2lkZXJh dGlvbnMgc2F5IHRoYXQgdGhleSBhc3N1bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChhdXRo ZW50aWNhdGVkLCBwcm9iYWJseSBlbmNyeXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNvbW11 bmljYXRpb24uJm5ic3A7IE90aGVyIHRoYW4gdGhhdCwNCiBwZXJoYXBzLCB0aGVyZSBtaWdodCBi ZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBmb3IgaW5hZHZlcnRlbnRseSBzZXR0aW5nIHBhcmFt ZXRlcnMgaW5jb3JyZWN0bHksIG9yIG1hbGljaW91c2x5IGJ5IGEgdHJ1c3RlZCBhZG1pbmlzdHJh dG9yLiZuYnNwOyBCdXQgdGhpcyBkb2N1bWVudCBkb2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVjaWZp YyBwYXJhbWV0ZXJzIHRvIGJlIG1hbmFnZWQsIGp1c3QgYSBnZW5lcmFsIGZyYW1ld29yay48L3Nw YW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PjxzcGFuIGxhbmc9IklUIiBzdHlsZT0iY29sb3I6Izg4ODg4OCI+Jm5ic3A7PC9zcGFuPjxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBs YW5nPSJJVCIgc3R5bGU9ImNvbG9yOiM4ODg4ODgiPlJhZGlhPC9zcGFuPjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFu Zz0iSVQiIHN0eWxlPSJjb2xvcjojODg4ODg4Ij4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9k aXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3Rl Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwv ZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_48E1A67CB9CA044EADFEAB87D814BFF64BA92606eusaamb107erics_-- From nobody Sat May 19 20:35:03 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34FAD124B0A; Sat, 19 May 2018 20:34:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zfSX7eQfa-eF; Sat, 19 May 2018 20:34:38 -0700 (PDT) Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9740B1243F6; Sat, 19 May 2018 20:34:38 -0700 (PDT) Received: by mail-io0-x22e.google.com with SMTP id e20-v6so10676876iof.4; Sat, 19 May 2018 20:34:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bbj0XWnoaJ79yTHDOEtgFCKGAWw5UGzBwxSmAE2W9ik=; b=OWlg1Pvrcf1S2k8/RMN2CITQC7HXsh595eY35lAspnlwrSx2JCY9KHRQeuVKCIYjQF 3jd9xRaoeSf4cdo0KhIvajzr5oboqx7kRc3wS+T1f8fgMFBOHSEuAvbY1F5t4Uw1gIS2 xOoMG0OTvcoW0pbdfxfxLdPfdBM659gerUKiMDDKcirvRG2YLXlI+oJoXG7ifAHwbV/v FzHyZHf7yyRhqZtN7UaKF3gkn4fOk7kiu9Xy1aW8k3e/uCfy+hfGWU00hQTlQ5qpI4uR YFUJD7gJkXZ4mWheX1TWWX1ryf1lx6kAy9yv5NNlCpwbSugM5v4GspT8NlEZP2ibzYJY nyWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bbj0XWnoaJ79yTHDOEtgFCKGAWw5UGzBwxSmAE2W9ik=; b=psbcVugzh+QCe9tXDLnj3yo1loUedaH9rIfQ6rSmqiAB/1QdU8Gzy17baBwzwDzn9A an8j8xWojUhh4xc3dGX/dRYQWdNnI/UWipUV523DLiB1gt6oOIQE2sDi31z9/xDs7X3L 7zmPlNRdMmYnsQZ5wy7uJt6AXXFXchBNJhhLJNy1ifOfPv632O3NhYcm5ZGpWFhXp4j2 eu5DYTeYvus4tYoaWFsmAA+YUWJRlaNfyf8WY4OkK5S3bTm9jBKi+Zkt+wZheyYMUHwV 4bQYVYzAyAelG+WfCfE7bvJ07q0T751oVRVDz0t1DDASBpONoa7COFm0S5AWsX081RSj 0ZDw== X-Gm-Message-State: ALKqPwe9KJOcuzTDNOemjKuuWi7scdmdxdpDF5Ri4Se9ZAtCnXLuEylI FWG1FByfDgZAYeDvEi/RxetDtRL5l1p5de3i6ZGOKw== X-Google-Smtp-Source: AB8JxZo4jBxH1AEAtNbUVChWJvTRWuLhR8wNN1G9l4VDkNp5dYnUiSAiw9dXZC1Rxr+yDklBGg5C0ebAiwrH+AJEIyY= X-Received: by 2002:a6b:b513:: with SMTP id e19-v6mr16932685iof.267.1526787277786; Sat, 19 May 2018 20:34:37 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:2a02:0:0:0:0:0 with HTTP; Sat, 19 May 2018 20:34:37 -0700 (PDT) In-Reply-To: <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se> References: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se> From: Radia Perlman Date: Sat, 19 May 2018 20:34:37 -0700 Message-ID: To: Eric Gray Cc: "Yemin (Amy)" , The IESG , "ccamp@ietf.org" , "secdir@ietf.org" , "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" Content-Type: multipart/alternative; boundary="0000000000005710d0056c9add87" Archived-At: Subject: Re: [secdir] [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 May 2018 03:34:43 -0000 --0000000000005710d0056c9add87 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Eric, I feel bad for the authors of this document to be burdened with clarifying a distinction that has never been clear before (to lots of people, including me), but their proposed text doesn't make it clearer. " =E2=80=9CIt's noted that there's idea that the NMS and SDN are evolving t= owards a component, and the distinction between them is quite vague. Another fact is that there is still plenty of networks where NMS is still considered as the implementation of the management plane, while SDN is considered as the centralization of the control plane. They are still kept as separate component" Do you (or anyone else) have a suggestion for text that acknowledges to the reader that it's not the reader's fault for not understanding the difference? It would be OK with me for them to leave out the extra entirely, since I'm sure this isn't the first RFC whose verbiage claims SDN and NMS are two different concepts. But if I were trying to get up to speed about this area by reading the documents, I'd be somewhat comforted by an acknowledgement (such as the text they propose, but with the English fixed) that these are fuzzy distinctions, so I wouldn't think it was just me....that if I only read more things, or thought harder, or had more background, the distinction would be clear. Radia On Fri, May 18, 2018 at 1:27 PM, Eric Gray wrote: > Hi Radia. > > > > I agree that the English is awkward, but I would have interpreted > =E2=80=9Cevolving toward a component=E2=80=9D to mean something more alon= g the lines of > evolving toward the same (singular) thing. Or perhaps another way to loo= k > at it might be that, because YANG is becoming a more popular mechanism fo= r > both NMS and SDN, it is likely that one or both of these may become > components of a common management framework. > > > > I would interpret it this way precisely because =E2=80=93 as you say =E2= =80=93 the > distinction is not at all clear, though I would add that (to some of us) > the distinction has never been very clear. =F0=9F=98=8A > > > > For this reason, I would have some small difficulty in seeing how it woul= d > make much sense to say that they are evolving toward increasing similarit= y. > > > > -- > > Eric > > > > *From:* CCAMP [mailto:ccamp-bounces@ietf.org] *On Behalf Of *Radia Perlma= n > *Sent:* Friday, May 18, 2018 12:30 AM > *To:* Yemin (Amy) > *Cc:* The IESG ; ccamp@ietf.org; secdir@ietf.org; > draft-ietf-ccamp-microwave-framework.all@tools.ietf.org > *Subject:* Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave- > framework-05 > > > > Thank you! Though what you're suggesting is awkward English. > > > > Perhaps "We note that the distinction between NMS and SDN is not all that > clear, and the two are evolving to be more and more similar." could repla= ce > the first sentence. I'm really not sure what you meant by "evolving towa= rd > a component", so perhaps I'm not capturing what you are intending to say. > > > > > > Radia > > > > On Thu, May 17, 2018 at 7:03 PM, Yemin (Amy) wrote= : > > Hi Radia, > > > > We just updated the draft, https://datatracker.ietf.org/ > doc/draft-ietf-ccamp-microwave-framework/. > > Your comments are addressed in the latest version. > > > > BR, > > Amy > > *From:* Yemin (Amy) > *Sent:* Thursday, May 10, 2018 4:07 PM > *To:* 'Daniele Ceccarelli' ; Radia > Perlman ; draft-ietf-ccamp-microwave- > framework.all@tools.ietf.org; The IESG ; secdir@ietf.org > *Subject:* RE: Secdir review of draft-ietf-ccamp-microwave-framework-05 > > > > Hi Radia, > > > > Thanks for your review. > > > > Regarding the NMS and SDN, as Daniele suggested, we will add the followin= g > text in section 3: > > =E2=80=9CIt's noted that there's idea that the NMS and SDN are evolving t= owards a > component, and the distinction between them is quite vague. Another fact = is > that there is still plenty of networks where NMS is still considered as t= he > implementation of the management plane, while SDN is considered as the > centralization of the control plane. They are still kept as separate > component.=E2=80=9D > > > > Regarding the security considerations, yes, this draft doesn=E2=80=99t sp= ecify the > parameters. > > There=E2=80=99s another draft draft-ietf-ccamp-mw-yang, where the securit= y > consideration is addressed as you suggested. > > > > BR, > > Amy > > *From:* Daniele Ceccarelli [mailto:daniele.ceccarelli@ericsson.com > ] > *Sent:* Monday, May 07, 2018 5:46 PM > *To:* Radia Perlman ; draft-ietf-ccamp-microwave- > framework.all@tools.ietf.org; The IESG ; secdir@ietf.org > *Subject:* RE: Secdir review of draft-ietf-ccamp-microwave-framework-05 > > > > Hi Radia, > > > > let me reply on behalf of the authors. First of all many thanks for your > review. > > > > Regarding your question about traditional NMS vs SDN I agree with you on > the fact that they are evolving towards a common component and the > distinction is quite blurry, but there is still plenty of networks where > NMS is still considered as the implementation of the management plane whi= le > SDN the centralization of the control plane and they are still kept as > separate things. > > > > Hence, since the authors speak about =E2=80=9Ctraditional=E2=80=9D NMS an= d SDN I would > tend to allow for the distinction to be kept. If you prefer a note speaki= ng > about the convergence of the two things can be added. > > > > Thanks a lot > > Daniele (ccamp co-chair) > > > > *From:* Radia Perlman [mailto:radiaperlman@gmail.com > ] > *Sent:* luned=C3=AC 7 maggio 2018 08:55 > *To:* draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG < > iesg@ietf.org>; secdir@ietf.org > *Subject:* Secdir review of draft-ietf-ccamp-microwave-framework-05 > > > > Sorry...resending because I mistyped the author address. > > > > > > ---------- Forwarded message ---------- > From: *Radia Perlman* > Date: Sun, May 6, 2018 at 11:48 PM > Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05 > To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org, The IESG = < > iesg@ietf.org>, secdir@ietf.org > > Summary: No security issues found, but I do have questions, and there ar= e > editing glitches > > > > I have reviewed this document as part of the security directorate's ongoi= ng > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments ju= st > like any other last call comments. > > > > This document describes the management interface for microwave radio link= s. > > It advocates (correctly, I believe) that such an interface should be > extensible to provide for vendor-specific features. > > > > I don't understand the difference between a "a traditional network > management system" and SDN. Perhaps it is not the job of this document t= o > clearly make the distinction, and I suspect there is no real > distinction...setting parameters (traditional network management) is a wa= y > of "programming" an interface ("SDN"). > > > > This document could use an editing pass for glitches, but these glitches > do not impact its readability. > > > > The glitches consist mostly of leaving out little words like "of" in the > following sentence. > > "The adoption of an SDN framework for management and > > control the microwave interface is one of the key applications for > > this work." > > > > The security considerations say that they assume a secure transport layer > (authenticated, probably encryption isn't necessary) for communication. > Other than that, perhaps, there might be security considerations for > inadvertently setting parameters incorrectly, or maliciously by a trusted > administrator. But this document does not specify the specific parameter= s > to be managed, just a general framework. > > > > Radia > > > > > > > --0000000000005710d0056c9add87 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Eric,

I feel bad for the authors of = this document to be burdened with clarifying a distinction that has never b= een clear before (to lots of people, including me),=C2=A0 but their propose= d text doesn't make it clearer.

" =E2=80=9CIt's noted that there's idea t= hat the NMS and SDN are evolving towards a component, and the distinction b= etween them is quite vague. Another fact is that there is still plenty of n= etworks where NMS is still considered as the implementation of the manageme= nt plane, while SDN is considered as the centralization of the control plan= e. They are still kept as separate component"

=C2= =A0Do you (or anyone else) have a suggestion for text that acknowledges to = the reader that it's not the reader's fault for not understanding t= he difference?

It would be= OK with me for them to leave out=C2=A0 the extra entirely, since I'm s= ure this isn't the first RFC whose verbiage claims SDN and NMS are two = different concepts. But if I were trying to get up to speed about this area= by reading the documents, I'd be somewhat comforted by an acknowledgem= ent (such as the text they propose, but with the English fixed) that these = are fuzzy distinctions, so I wouldn't think it was just me....that if I= only read more things, or thought harder, or had more background, the dist= inction would be clear.=C2=A0

Radia


<= /span>


On Fri, May 18, 2018 at 1:27 PM, Eric Gray <eric.g= ray@ericsson.com> wrote:

Hi Radia.

=C2=A0

I agree that the English is awkward, but I would hav= e interpreted =E2=80=9Cevolving toward a component=E2=80=9D to mean somethi= ng more along the lines of evolving toward the same (singular) thing.=C2=A0= Or perhaps another way to look at it might be that, because YANG is becoming a more popular mechanism for both NMS and SDN, it is like= ly that one or both of these may become components of a common management f= ramework.

=C2=A0

I would interpret it this way precisely because =E2= =80=93 as you say =E2=80=93 the distinction is not at all clear, though I w= ould add that (to some of us) the distinction has never been very clear.=C2= =A0 =F0=9F=98= =8A

=C2=A0

For this reason, I would have some small difficulty = in seeing how it would make much sense to say that they are evolving toward= increasing similarity.

=C2=A0

--

Eric

=C2=A0

From: CCAMP [mailto:ccamp-bounces@ietf.org= ] On Behalf Of Radia Perlman
Sent: Friday, May 18, 2018 12:30 AM
To: Yemin (Amy) <amy.yemin@huawei.com>
Cc: The IESG <= iesg@ietf.org>; = ccamp@ietf.org; se= cdir@ietf.org; draft-ietf-ccamp-microwave-framew= ork.all@tools.ietf.org
Subject: Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05

=C2=A0

Thank you!=C2=A0 Though what you're suggesting i= s awkward English.

=C2=A0

Perhaps "We note that the distinction between N= MS and SDN is not all that clear, and the two are evolving to be more and m= ore similar." could replace the first sentence.=C2=A0 I'm really n= ot sure what you meant by "evolving toward a component", so perhaps I'm not capturing what you are intending to say.<= /u>

=C2=A0

=C2=A0

Radia

=C2=A0

On Thu, May 17, 2018 at 7:03 PM, Yemin (Amy) <amy.yemin@huawei.com= > wrote:

Hi Radia,

=C2=A0

We just updated the dr= aft, https://datatracker.ietf.org/doc/draft-ietf-ccamp-microwave-frame= work/.

Your comments are addr= essed in the latest version.

=C2=A0

BR,

Amy

From: Yemin (Amy)
Sent: Thursday, May 10, 2018 4:07 PM
To: 'Daniele Ceccarelli' <daniele.ceccarelli@ericsson.com<= /a>>; Radia Perlman <radiaperlman@gmail.com>; draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG = <iesg@ietf.org>= ;; secdir@ietf.org Subject: RE: Secdir review of draft-ietf-ccamp-microwave-framew= ork-05

=C2=A0

Hi Radia,

=C2=A0

Thanks for your review= .

=C2=A0

Regarding the NMS and = SDN, as Daniele suggested, we will add the following text in section 3:

=E2=80=9CIt's note= d that there's idea that the NMS and SDN are evolving towards a compone= nt, and the distinction between them is quite vague. Another fact is that there is still plenty of networks where NMS is still considered as th= e implementation of the management plane, while SDN is considered as the ce= ntralization of the control plane. They are still kept as separate componen= t.=E2=80=9D

=C2=A0

Regarding the security= considerations, yes, this draft doesn=E2=80=99t specify the parameters.

There=E2=80=99s anothe= r draft draft-ietf-ccamp-mw-yang, where the security consideration is addre= ssed as you suggested.

=C2=A0

BR,

Amy

From: Daniele Ceccarelli [mailto:daniele.ceccarelli= @ericsson.com]
Sent: Monday, May 07, 2018 5:46 PM
To: Radia Perlman <radiaperlman@gmail.com>; draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG = <iesg@ietf.org>= ;; secdir@ietf.org Subject: RE: Secdir review of draft-ietf-ccamp-microwave-framew= ork-05

=C2=A0

Hi Radia,

=C2=A0

let me reply on behalf of the authors. First of all = many thanks for your review.

=C2=A0

Regarding your question about traditional NMS vs SDN= I agree with you on the fact that they are evolving towards a common compo= nent and the distinction is quite blurry, but there is still plenty of networks where NMS is still considered as the implement= ation of the management plane while SDN the centralization of the control p= lane and they are still kept as separate things.

=C2=A0

Hence, since the authors speak about =E2=80=9Ctradit= ional=E2=80=9D NMS and SDN I would tend to allow for the distinction to be = kept. If you prefer a note speaking about the convergence of the two things can be added.

=C2=A0

Thanks a lot

Daniele=C2=A0 (ccamp co-chair)

=C2=A0

From: Radia Perlman [mailto:radiaperlman@gmail.com]
Sent: luned=C3=AC 7 maggio 2018 08:55
To: draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG = <iesg@ietf.org>= ;; secdir@ietf.org Subject: Secdir review of draft-ietf-ccamp-microwave-framework-= 05

=C2=A0

Sorry...resending because I mistyp= ed the author address.

=C2=A0

=C2=A0

---= ------- Forwarded message ----------
From: Radia Perlman <radiaperlman@gmail.com>
Date: Sun, May 6, 2018 at 11:48 PM
Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05
To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org, T= he IESG <iesg@ietf.or= g>, secdir@ietf.org

Summary:=C2=A0 No security i= ssues found, but I do have questions, and there are editing glitches=

=C2=A0

I have reviewed this documen= t as part of the security directorate's ongoing
effort to=C2=A0review=C2=A0all IETF documents being processed by the IESG.=C2= =A0 These
comments were written primarily for the benefit of the security area
directors.=C2=A0 Document editors and WG chairs should treat these comments= just
like any other last call comments.
=C2=A0=

=C2=A0

This document describes the manage= ment interface for microwave radio links.

It advocates (correctly, I believe= ) that such an interface should be extensible to provide for vendor-specifi= c features.

=C2=A0

I don't understand the differe= nce between a "a traditional network management system" and SDN.= =C2=A0 Perhaps it is not the job of this document to clearly make the disti= nction, and I suspect there is no real distinction...setting parameters (tradition= al network management) is a way of "programming" an interface (&q= uot;SDN").=C2=A0

=C2=A0

This document could use an editing= pass for glitches, but these glitches do not impact its readability.

=C2=A0

The glitches consist=C2=A0 mostly = of leaving out little words like "of" in the following sentence.<= /span>

"The adoption of an SDN frame= work for management and

=C2=A0 =C2=A0control the microwave= interface is one of the key applications for

=C2=A0 =C2=A0this work."

=C2=A0

The security considerations say th= at they assume a secure transport layer (authenticated, probably encryption= isn't necessary) for communication.=C2=A0 Other than that, perhaps, there might be security considerations for inadvertently setting = parameters incorrectly, or maliciously by a trusted administrator.=C2=A0 Bu= t this document does not specify the specific parameters to be managed, jus= t a general framework.

=C2=A0

Radia

=C2=A0

=C2=A0

=C2=A0


--0000000000005710d0056c9add87-- From nobody Sun May 20 13:26:06 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8429C12D94A; Sun, 20 May 2018 13:25:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.611 X-Spam-Level: X-Spam-Status: No, score=-0.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t8cOBmtmixZE; Sun, 20 May 2018 13:25:51 -0700 (PDT) Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBE9E12D864; Sun, 20 May 2018 13:25:50 -0700 (PDT) Received: from pps.filterd (m0049462.ppops.net [127.0.0.1]) by m0049462.ppops.net-00191d01. (8.16.0.22/8.16.0.22) with SMTP id w4KKP2dl038948; Sun, 20 May 2018 16:25:45 -0400 Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049462.ppops.net-00191d01. with ESMTP id 2j3euagt3v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 20 May 2018 16:25:45 -0400 Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id w4KKPiva031292; Sun, 20 May 2018 16:25:44 -0400 Received: from zlp27128.vci.att.com (zlp27128.vci.att.com [135.66.87.50]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id w4KKPdwo031272; Sun, 20 May 2018 16:25:39 -0400 Received: from zlp27128.vci.att.com (zlp27128.vci.att.com [127.0.0.1]) by zlp27128.vci.att.com (Service) with ESMTP id 3E4D540006B6; Sun, 20 May 2018 20:25:39 +0000 (GMT) Received: from MISOUT7MSGHUBAE.ITServices.sbc.com (unknown [130.9.129.149]) by zlp27128.vci.att.com (Service) with ESMTPS id 1B53E4000694; Sun, 20 May 2018 20:25:39 +0000 (GMT) Received: from MISOUT7MSGUSRDE.ITServices.sbc.com ([169.254.5.208]) by MISOUT7MSGHUBAE.ITServices.sbc.com ([130.9.129.149]) with mapi id 14.03.0389.001; Sun, 20 May 2018 16:25:38 -0400 From: "BRUNGARD, DEBORAH A" To: Radia Perlman , Eric Gray CC: "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" , "ccamp@ietf.org" , The IESG , "secdir@ietf.org" Thread-Topic: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05 Thread-Index: AQHT5dBPet2Bgtmt1EKn9EjHvpwz36QjfqkAgAUccQCADDFO8IAAbMGAgAELkwCAAgmlgIAAtarQ Date: Sun, 20 May 2018 20:25:37 +0000 Message-ID: References: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [130.10.206.117] Content-Type: multipart/alternative; boundary="_000_F64C10EAA68C8044B33656FA214632C888316F24MISOUT7MSGUSRDE_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-05-20_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805200249 Archived-At: Subject: Re: [secdir] [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 May 2018 20:25:55 -0000 --_000_F64C10EAA68C8044B33656FA214632C888316F24MISOUT7MSGUSRDE_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksDQoNCkEgYml0IGxhdGUganVtcGluZyBpbiwgYnV0IEkgd2FzIGludm9sdmVkIGluIGEgbWVl dGluZyBhbmQgdHJhdmVsbGluZyB0by9mcm9tIEV1cm9wZS4NCg0KVGhlcmXigJlzIHNldmVyYWwg UkZDcyBwcm92aWRpbmcgYSBkaXN0aW5jdGlvbiBvbiBTRE4gYW5kIHRyYWRpdGlvbmFsIE5NUyAo RXJpYywgd2XigJlsbCBoYXZlIGEgYmFyIGNoYXQgb24gdGhhdPCfmIopLiBIZXJlLCBJ4oCZZCBz dWdnZXN0IGFuIGluZm9ybWF0aXZlIHJlZmVyZW5jZSB0byBSRkMgNzQyNiDigJxTRE46IExheWVy cyBhbmQgQXJjaGl0ZWN0dXJlIFRlcm1pbm9sb2d54oCdLiBGb3IgdGhvc2Ugd2FudGluZyBjbGFy aWZpY2F0aW9uIG9uIOKAnG9uZeKAnSBjb21wb25lbnQsIGNoZWNrIG91dCBTZWN0aW9uIDTigJlz IGFkdm9jYXRlZCBldm9sdXRpb24gZGlyZWN0aW9uLg0KDQpIZXJlIGluIHRoaXMgbWljcm93YXZl IGRyYWZ0LCB0aGUgcXVlc3Rpb24gaXMgbm90IGhvdyBtYW55IGludGVyZmFjZXMgb3IgaWYgY29t cG9uZW50cyBhcmUgb25lIG9yIHR3byBwaHlzaWNhbGx5L2Z1bmN0aW9uYWxseSwgYnV0IHRvIGFk ZHJlc3Mgd2h5IHRoZXJlIGlzIGludGVyZXN0IGluIGRvaW5nIHRoaXMgd29yayAodG8gc3VwcG9y dCBtdWx0aS12ZW5kb3IgKFNETiBOQkkpIGVudmlyb25tZW50cyB2cy4gdHJhZGl0aW9uYWwgb25l IHZlbmRvciB1c2luZyBpbnRlcm1lZGlhdGUgKHByb3ByaWV0YXJ5KSBzeXN0ZW1zKSBhbmQgd2hh dCBpcyBuZWVkZWQgZm9yIG1hbmFnZW1lbnQgYW5kIGNvbnRyb2wgc28gYXMgdG8gaWRlbnRpZnkg YSBzdGFuZGFyZCBZQU5HIG1vZGVsLiBUaGVzZSBjb3VwbGUgb2Ygc2VudGVuY2VzIHdhbnQgdG8g c2F5IHRoaXMgZHJhZnQgZG9lcyBub3Qgd2FudCB0byBwcmVjbHVkZSBpbXBsZW1lbnRhdGlvbnMg d2hpY2ggc3RpbGwgdXNlIHRoZSBtb3JlIHRyYWRpdGlvbmFsIHR3byBpbnRlcmZhY2UgYXBwcm9h Y2ggKGNvbnRyb2wsIG1hbmFnZW1lbnQpIG9yIGEgc2luZ2xlIGVudGl0eSBkb2luZyB0aGUgZnVu Y3Rpb25hbGl0eSBvdmVyIOKAnG9uZeKAnSBpbnRlcmZhY2UuDQoNCknigJlkIHN1Z2dlc3Qgb24g djA2Og0KU29mdHdhcmUgRGVmaW5lZCBOZXR3b3JraW5nIChTRE4pDQpTZWN0aW9uIDIgKERlZmlu aXRpb25zKToNClNETuKApiBTRE4gY2FuIGJlIHVzZWQgYXMgYSB0ZXJtIGZvciBhdXRvbWF0aW9u IG9mIHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCwgd2hpY2ggY2FuIGJlIGltcGxlbWVu dGVkIHVzaW5nIGEgc2ltaWxhciBhcHByb2FjaC4NCi9zLw0KU0ROIGNhbiBiZSB1c2VkIGZvciBh dXRvbWF0aW9uIG9mIHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCBmdW5jdGlvbmFsaXR5 IHVzaW5nIGFuIFNETiBhcHByb2FjaCBvZiBzdGFuZGFyZGl6ZWQgcHJvZ3JhbW1hYmxlIGludGVy ZmFjZXMgZm9yIGNvbnRyb2wgYW5kIG1hbmFnZW1lbnQgW1JGQzc0MjZdLg0KDQpTZWN0aW9uIDM6 DQpTRE4gc29sdXRpb25zIGNhbiBiZSB1c2VkIGFzIHBhcnQgb2YgdGhlIG5ldHdvcmsgbWFuYWdl bWVudCBzeXN0ZW0sIGFsbG93aW5nIGZvciBkaXJlY3QgbmV0d29yayBwcm9ncmFtbWFiaWxpdHkg YW5kIGF1dG9tYXRlZCBjb25maWd1cmFiaWxpdHkgYnkgbWVhbnMgb2YgYSBjZW50cmFsaXplZCBT RE4gY29udHJvbCBhbmQgc3RhbmRhcmRpemVkIGludGVyZmFjZXMgdG8gcHJvZ3JhbSB0aGUgbm9k ZXMuICBJdCdzIG5vdGVkIHRoYXQgdGhlcmUncyBpZGVhIHRoYXQgdGhlIE5NUyBhbmQgU0ROIGFy ZSBldm9sdmluZyB0b3dhcmRzIGEgY29tcG9uZW50LCBhbmQgdGhlIGRpc3RpbmN0aW9uIGJldHdl ZW4gdGhlbSBpcyBxdWl0ZSB2YWd1ZS4gIEFub3RoZXIgZmFjdCBpcyB0aGF0IHRoZXJlIGlzIHN0 aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0 aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUsIHdoaWxlIFNETiBpcyBj b25zaWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZS4gIFRo ZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgY29tcG9uZW50cy4NCi9zLw0KU0ROIHNvbHV0 aW9ucyB3aXRoIHN0YW5kYXJkaXplZCBpbnRlcmZhY2VzIGNhbiBiZSB1c2VkIGFzIHBhcnQgb2Yg dGhlIG5ldHdvcmsgbWFuYWdlbWVudCBzeXN0ZW0uICBBcyBub3RlZCBpbiBbUkZDNzQyNl0sIHdp dGggdGhlIGFkb3B0aW9uIG9mIG9wZW4gYW5kIHN0YW5kYXJkaXplZCBpbnRlcmZhY2VzLCB0aGUg cGFydGl0aW9uIG9mIGZ1bmN0aW9uYWxpdHkgYW5kIGRpc3RpbmN0aW9ucyBiZXR3ZWVuIGFuIE5N UyBjb250cm9sbGVyIGFuZCBTRE4gY29udHJvbGxlciBhcmUgYmVjb21pbmcgbGVzcyBjbGVhciwg YW5kIGZvciBzb21lIGFwcGxpY2F0aW9ucywgaGF2ZSBldm9sdmVkIHRvIG9uZSBjb250cm9sbGVy L29uZSBpbnRlcmZhY2UuICBBcyB0aGVyZSBhcmUgc3RpbGwgbWFueSBuZXR3b3JrcyB3aGVyZSB0 aGUgTk1TIGlzIGltcGxlbWVudGVkIGFzIG9uZSBjb21wb25lbnQvaW50ZXJmYWNlIGFuZCB0aGUg U0ROIGNvbnRyb2xsZXIgaXMgc2NvcGVkIHRvIGNvbnRyb2wgcGxhbmUgZnVuY3Rpb25hbGl0eSBh cyBhIHNlcGFyYXRlIGNvbXBvbmVudC9pbnRlcmZhY2UsIHRoaXMgZG9jdW1lbnQgZG9lcyBub3Qg cHJlY2x1ZGUgZWl0aGVyIG1vZGVsLiBUaGUgYWltIG9mIHRoaXMgZG9jdW1lbnQgaXMgdG8gcHJv dmlkZSBhIGZyYW1ld29yayBkZXNjcmliaW5nIGJvdGggbWFuYWdlbWVudCBhbmQgY29udHJvbCBv ZiBtaWNyb3dhdmUgaW50ZXJmYWNlcyB0byBzdXBwb3J0IGRldmVsb3BtZW50IG9mIGEgY29tbW9u IFlBTkcgRGF0YSBNb2RlbC4NCg0KSG9wZWZ1bGx5IHRoaXMgaW1wcm92ZXMtDQpUaGFua3MgZXZl cnlvbmUgZm9yIHRoZSBjb21tZW50cy9jYXJlZnVsIHJlYWRpbmctDQpEZWJvcmFoDQoNCg0KRnJv bTogQ0NBTVAgPGNjYW1wLWJvdW5jZXNAaWV0Zi5vcmc+IE9uIEJlaGFsZiBPZiBSYWRpYSBQZXJs bWFuDQpTZW50OiBTYXR1cmRheSwgTWF5IDE5LCAyMDE4IDExOjM1IFBNDQpUbzogRXJpYyBHcmF5 IDxlcmljLmdyYXlAZXJpY3Nzb24uY29tPg0KQ2M6IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZl LWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc7IGNjYW1wQGlldGYub3JnOyBUaGUgSUVTRyA8 aWVzZ0BpZXRmLm9yZz47IHNlY2RpckBpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtDQ0FNUF0gU2Vj ZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNCg0K SGkgRXJpYywNCg0KSSBmZWVsIGJhZCBmb3IgdGhlIGF1dGhvcnMgb2YgdGhpcyBkb2N1bWVudCB0 byBiZSBidXJkZW5lZCB3aXRoIGNsYXJpZnlpbmcgYSBkaXN0aW5jdGlvbiB0aGF0IGhhcyBuZXZl ciBiZWVuIGNsZWFyIGJlZm9yZSAodG8gbG90cyBvZiBwZW9wbGUsIGluY2x1ZGluZyBtZSksICBi dXQgdGhlaXIgcHJvcG9zZWQgdGV4dCBkb2Vzbid0IG1ha2UgaXQgY2xlYXJlci4NCg0KIiDigJxJ dCdzIG5vdGVkIHRoYXQgdGhlcmUncyBpZGVhIHRoYXQgdGhlIE5NUyBhbmQgU0ROIGFyZSBldm9s dmluZyB0b3dhcmRzIGEgY29tcG9uZW50LCBhbmQgdGhlIGRpc3RpbmN0aW9uIGJldHdlZW4gdGhl bSBpcyBxdWl0ZSB2YWd1ZS4gQW5vdGhlciBmYWN0IGlzIHRoYXQgdGhlcmUgaXMgc3RpbGwgcGxl bnR5IG9mIG5ldHdvcmtzIHdoZXJlIE5NUyBpcyBzdGlsbCBjb25zaWRlcmVkIGFzIHRoZSBpbXBs ZW1lbnRhdGlvbiBvZiB0aGUgbWFuYWdlbWVudCBwbGFuZSwgd2hpbGUgU0ROIGlzIGNvbnNpZGVy ZWQgYXMgdGhlIGNlbnRyYWxpemF0aW9uIG9mIHRoZSBjb250cm9sIHBsYW5lLiBUaGV5IGFyZSBz dGlsbCBrZXB0IGFzIHNlcGFyYXRlIGNvbXBvbmVudCINCg0KIERvIHlvdSAob3IgYW55b25lIGVs c2UpIGhhdmUgYSBzdWdnZXN0aW9uIGZvciB0ZXh0IHRoYXQgYWNrbm93bGVkZ2VzIHRvIHRoZSBy ZWFkZXIgdGhhdCBpdCdzIG5vdCB0aGUgcmVhZGVyJ3MgZmF1bHQgZm9yIG5vdCB1bmRlcnN0YW5k aW5nIHRoZSBkaWZmZXJlbmNlPw0KDQpJdCB3b3VsZCBiZSBPSyB3aXRoIG1lIGZvciB0aGVtIHRv IGxlYXZlIG91dCAgdGhlIGV4dHJhIGVudGlyZWx5LCBzaW5jZSBJJ20gc3VyZSB0aGlzIGlzbid0 IHRoZSBmaXJzdCBSRkMgd2hvc2UgdmVyYmlhZ2UgY2xhaW1zIFNETiBhbmQgTk1TIGFyZSB0d28g ZGlmZmVyZW50IGNvbmNlcHRzLiBCdXQgaWYgSSB3ZXJlIHRyeWluZyB0byBnZXQgdXAgdG8gc3Bl ZWQgYWJvdXQgdGhpcyBhcmVhIGJ5IHJlYWRpbmcgdGhlIGRvY3VtZW50cywgSSdkIGJlIHNvbWV3 aGF0IGNvbWZvcnRlZCBieSBhbiBhY2tub3dsZWRnZW1lbnQgKHN1Y2ggYXMgdGhlIHRleHQgdGhl eSBwcm9wb3NlLCBidXQgd2l0aCB0aGUgRW5nbGlzaCBmaXhlZCkgdGhhdCB0aGVzZSBhcmUgZnV6 enkgZGlzdGluY3Rpb25zLCBzbyBJIHdvdWxkbid0IHRoaW5rIGl0IHdhcyBqdXN0IG1lLi4uLnRo YXQgaWYgSSBvbmx5IHJlYWQgbW9yZSB0aGluZ3MsIG9yIHRob3VnaHQgaGFyZGVyLCBvciBoYWQg bW9yZSBiYWNrZ3JvdW5kLCB0aGUgZGlzdGluY3Rpb24gd291bGQgYmUgY2xlYXIuDQoNClJhZGlh DQoNCg0KDQoNCk9uIEZyaSwgTWF5IDE4LCAyMDE4IGF0IDE6MjcgUE0sIEVyaWMgR3JheSA8ZXJp Yy5ncmF5QGVyaWNzc29uLmNvbTxtYWlsdG86ZXJpYy5ncmF5QGVyaWNzc29uLmNvbT4+IHdyb3Rl Og0KSGkgUmFkaWEuDQoNCkkgYWdyZWUgdGhhdCB0aGUgRW5nbGlzaCBpcyBhd2t3YXJkLCBidXQg SSB3b3VsZCBoYXZlIGludGVycHJldGVkIOKAnGV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVudOKA nSB0byBtZWFuIHNvbWV0aGluZyBtb3JlIGFsb25nIHRoZSBsaW5lcyBvZiBldm9sdmluZyB0b3dh cmQgdGhlIHNhbWUgKHNpbmd1bGFyKSB0aGluZy4gIE9yIHBlcmhhcHMgYW5vdGhlciB3YXkgdG8g bG9vayBhdCBpdCBtaWdodCBiZSB0aGF0LCBiZWNhdXNlIFlBTkcgaXMgYmVjb21pbmcgYSBtb3Jl IHBvcHVsYXIgbWVjaGFuaXNtIGZvciBib3RoIE5NUyBhbmQgU0ROLCBpdCBpcyBsaWtlbHkgdGhh dCBvbmUgb3IgYm90aCBvZiB0aGVzZSBtYXkgYmVjb21lIGNvbXBvbmVudHMgb2YgYSBjb21tb24g bWFuYWdlbWVudCBmcmFtZXdvcmsuDQoNCkkgd291bGQgaW50ZXJwcmV0IGl0IHRoaXMgd2F5IHBy ZWNpc2VseSBiZWNhdXNlIOKAkyBhcyB5b3Ugc2F5IOKAkyB0aGUgZGlzdGluY3Rpb24gaXMgbm90 IGF0IGFsbCBjbGVhciwgdGhvdWdoIEkgd291bGQgYWRkIHRoYXQgKHRvIHNvbWUgb2YgdXMpIHRo ZSBkaXN0aW5jdGlvbiBoYXMgbmV2ZXIgYmVlbiB2ZXJ5IGNsZWFyLiAg8J+Yig0KDQpGb3IgdGhp cyByZWFzb24sIEkgd291bGQgaGF2ZSBzb21lIHNtYWxsIGRpZmZpY3VsdHkgaW4gc2VlaW5nIGhv dyBpdCB3b3VsZCBtYWtlIG11Y2ggc2Vuc2UgdG8gc2F5IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcg dG93YXJkIGluY3JlYXNpbmcgc2ltaWxhcml0eS4NCg0KLS0NCkVyaWMNCg0KRnJvbTogQ0NBTVAg W21haWx0bzpjY2FtcC1ib3VuY2VzQGlldGYub3JnPG1haWx0bzpjY2FtcC1ib3VuY2VzQGlldGYu b3JnPl0gT24gQmVoYWxmIE9mIFJhZGlhIFBlcmxtYW4NClNlbnQ6IEZyaWRheSwgTWF5IDE4LCAy MDE4IDEyOjMwIEFNDQpUbzogWWVtaW4gKEFteSkgPGFteS55ZW1pbkBodWF3ZWkuY29tPG1haWx0 bzphbXkueWVtaW5AaHVhd2VpLmNvbT4+DQpDYzogVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFp bHRvOmllc2dAaWV0Zi5vcmc+PjsgY2NhbXBAaWV0Zi5vcmc8bWFpbHRvOmNjYW1wQGlldGYub3Jn Pjsgc2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+OyBkcmFmdC1pZXRmLWNj YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPG1haWx0bzpkcmFmdC1p ZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPg0KU3ViamVj dDogUmU6IFtDQ0FNUF0gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2 ZS1mcmFtZXdvcmstMDUNCg0KVGhhbmsgeW91ISAgVGhvdWdoIHdoYXQgeW91J3JlIHN1Z2dlc3Rp bmcgaXMgYXdrd2FyZCBFbmdsaXNoLg0KDQpQZXJoYXBzICJXZSBub3RlIHRoYXQgdGhlIGRpc3Rp bmN0aW9uIGJldHdlZW4gTk1TIGFuZCBTRE4gaXMgbm90IGFsbCB0aGF0IGNsZWFyLCBhbmQgdGhl IHR3byBhcmUgZXZvbHZpbmcgdG8gYmUgbW9yZSBhbmQgbW9yZSBzaW1pbGFyLiIgY291bGQgcmVw bGFjZSB0aGUgZmlyc3Qgc2VudGVuY2UuICBJJ20gcmVhbGx5IG5vdCBzdXJlIHdoYXQgeW91IG1l YW50IGJ5ICJldm9sdmluZyB0b3dhcmQgYSBjb21wb25lbnQiLCBzbyBwZXJoYXBzIEknbSBub3Qg Y2FwdHVyaW5nIHdoYXQgeW91IGFyZSBpbnRlbmRpbmcgdG8gc2F5Lg0KDQoNClJhZGlhDQoNCk9u IFRodSwgTWF5IDE3LCAyMDE4IGF0IDc6MDMgUE0sIFllbWluIChBbXkpIDxhbXkueWVtaW5AaHVh d2VpLmNvbTxtYWlsdG86YW15LnllbWluQGh1YXdlaS5jb20+PiB3cm90ZToNCkhpIFJhZGlhLA0K DQpXZSBqdXN0IHVwZGF0ZWQgdGhlIGRyYWZ0LCBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3Jn L2RvYy9kcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsvPGh0dHBzOi8vdXJsZGVm ZW5zZS5wcm9vZnBvaW50LmNvbS92Mi91cmw/dT1odHRwcy0zQV9fZGF0YXRyYWNrZXIuaWV0Zi5v cmdfZG9jX2RyYWZ0LTJEaWV0Zi0yRGNjYW1wLTJEbWljcm93YXZlLTJEZnJhbWV3b3JrXyZkPUR3 TUZhUSZjPUxGWVotbzlfSFVNZU1UU1FpY3ZqSWcmcj02VWhHcFc5bHdpOWRNN2pZbHhYRDh3Jm09 WmlVbFdjSko3SnF3Mnh4V3lMSHR5R2FVMlZJY094OXU2ZHlDb0Y0eGRDbyZzPUd5SGFxUlVRazFE UEZmdHRYYTZGWFVwTkRCNHJPblJYdGsycDhtbXZ0b2cmZT0+Lg0KWW91ciBjb21tZW50cyBhcmUg YWRkcmVzc2VkIGluIHRoZSBsYXRlc3QgdmVyc2lvbi4NCg0KQlIsDQpBbXkNCkZyb206IFllbWlu IChBbXkpDQpTZW50OiBUaHVyc2RheSwgTWF5IDEwLCAyMDE4IDQ6MDcgUE0NClRvOiAnRGFuaWVs ZSBDZWNjYXJlbGxpJyA8ZGFuaWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbTxtYWlsdG86ZGFu aWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbT4+OyBSYWRpYSBQZXJsbWFuIDxyYWRpYXBlcmxt YW5AZ21haWwuY29tPG1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tPj47IGRyYWZ0LWlldGYt Y2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0 LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc+OyBUaGUg SUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+OyBzZWNkaXJAaWV0Zi5v cmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4NClN1YmplY3Q6IFJFOiBTZWNkaXIgcmV2aWV3IG9m IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpIaSBSYWRpYSwNCg0K VGhhbmtzIGZvciB5b3VyIHJldmlldy4uDQoNClJlZ2FyZGluZyB0aGUgTk1TIGFuZCBTRE4sIGFz IERhbmllbGUgc3VnZ2VzdGVkLCB3ZSB3aWxsIGFkZCB0aGUgZm9sbG93aW5nIHRleHQgaW4gc2Vj dGlvbiAzOg0K4oCcSXQncyBub3RlZCB0aGF0IHRoZXJlJ3MgaWRlYSB0aGF0IHRoZSBOTVMgYW5k IFNETiBhcmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbXBvbmVudCwgYW5kIHRoZSBkaXN0aW5jdGlv biBiZXR3ZWVuIHRoZW0gaXMgcXVpdGUgdmFndWUuIEFub3RoZXIgZmFjdCBpcyB0aGF0IHRoZXJl IGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJl ZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUsIHdoaWxlIFNE TiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFu ZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25lbnQu4oCdDQoNClJlZ2Fy ZGluZyB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBkcmFmdCBkb2VzbuKA mXQgc3BlY2lmeSB0aGUgcGFyYW1ldGVycy4NClRoZXJl4oCZcyBhbm90aGVyIGRyYWZ0IGRyYWZ0 LWlldGYtY2NhbXAtbXcteWFuZywgd2hlcmUgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb24gaXMg YWRkcmVzc2VkIGFzIHlvdSBzdWdnZXN0ZWQuDQoNCkJSLA0KQW15DQpGcm9tOiBEYW5pZWxlIENl Y2NhcmVsbGkgW21haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tXQ0KU2VudDog TW9uZGF5LCBNYXkgMDcsIDIwMTggNTo0NiBQTQ0KVG86IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVy bG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20+PjsgZHJhZnQtaWV0 Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJh ZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRo ZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRm Lm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVjdDogUkU6IFNlY2RpciByZXZpZXcg b2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1DQoNCkhpIFJhZGlhLA0K DQpsZXQgbWUgcmVwbHkgb24gYmVoYWxmIG9mIHRoZSBhdXRob3JzLiBGaXJzdCBvZiBhbGwgbWFu eSB0aGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KDQpSZWdhcmRpbmcgeW91ciBxdWVzdGlvbiBhYm91 dCB0cmFkaXRpb25hbCBOTVMgdnMgU0ROIEkgYWdyZWUgd2l0aCB5b3Ugb24gdGhlIGZhY3QgdGhh dCB0aGV5IGFyZSBldm9sdmluZyB0b3dhcmRzIGEgY29tbW9uIGNvbXBvbmVudCBhbmQgdGhlIGRp c3RpbmN0aW9uIGlzIHF1aXRlIGJsdXJyeSwgYnV0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBu ZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRp b24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXphdGlvbiBv ZiB0aGUgY29udHJvbCBwbGFuZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSB0 aGluZ3MuDQoNCkhlbmNlLCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVhayBhYm91dCDigJx0cmFkaXRp b25hbOKAnSBOTVMgYW5kIFNETiBJIHdvdWxkIHRlbmQgdG8gYWxsb3cgZm9yIHRoZSBkaXN0aW5j dGlvbiB0byBiZSBrZXB0LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBzcGVha2luZyBhYm91dCB0aGUg Y29udmVyZ2VuY2Ugb2YgdGhlIHR3byB0aGluZ3MgY2FuIGJlIGFkZGVkLg0KDQpUaGFua3MgYSBs b3QNCkRhbmllbGUgIChjY2FtcCBjby1jaGFpcikNCg0KRnJvbTogUmFkaWEgUGVybG1hbiBbbWFp bHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb21dDQpTZW50OiBsdW5lZMOsIDcgbWFnZ2lvIDIwMTgg MDg6NTUNClRvOiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xz LmlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxs QHRvb2xzLi5pZXRmLm9yZz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGll dGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVj dDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmst MDUNCg0KU29ycnkuLi5yZXNlbmRpbmcgYmVjYXVzZSBJIG1pc3R5cGVkIHRoZSBhdXRob3IgYWRk cmVzcy4NCg0KDQotLS0tLS0tLS0tIEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS0NCkZyb206 IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVybG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlhcGVybG1h bkBnbWFpbC5jb20+Pg0KRGF0ZTogU3VuLCBNYXkgNiwgMjAxOCBhdCAxMTo0OCBQTQ0KU3ViamVj dDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmst MDUNClRvOiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xz LmlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUu YWxsQHRvb2xzLmlldGYub3JnPiwgVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dA aWV0Zi5vcmc+Piwgc2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQpTdW1t YXJ5OiAgTm8gc2VjdXJpdHkgaXNzdWVzIGZvdW5kLCBidXQgSSBkbyBoYXZlIHF1ZXN0aW9ucywg YW5kIHRoZXJlIGFyZSBlZGl0aW5nIGdsaXRjaGVzDQoNCkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRv Y3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZw0KZWZm b3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJ RVNHLiAgVGhlc2UNCmNvbW1lbnRzIHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5l Zml0IG9mIHRoZSBzZWN1cml0eSBhcmVhDQpkaXJlY3RvcnMuICBEb2N1bWVudCBlZGl0b3JzIGFu ZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3QNCmxpa2UgYW55IG90 aGVyIGxhc3QgY2FsbCBjb21tZW50cy4NCg0KVGhpcyBkb2N1bWVudCBkZXNjcmliZXMgdGhlIG1h bmFnZW1lbnQgaW50ZXJmYWNlIGZvciBtaWNyb3dhdmUgcmFkaW8gbGlua3MuDQpJdCBhZHZvY2F0 ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1Y2ggYW4gaW50ZXJmYWNlIHNob3VsZCBi ZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRvci1zcGVjaWZpYyBmZWF0dXJlcy4NCg0K SSBkb24ndCB1bmRlcnN0YW5kIHRoZSBkaWZmZXJlbmNlIGJldHdlZW4gYSAiYSB0cmFkaXRpb25h bCBuZXR3b3JrIG1hbmFnZW1lbnQgc3lzdGVtIiBhbmQgU0ROLiAgUGVyaGFwcyBpdCBpcyBub3Qg dGhlIGpvYiBvZiB0aGlzIGRvY3VtZW50IHRvIGNsZWFybHkgbWFrZSB0aGUgZGlzdGluY3Rpb24s IGFuZCBJIHN1c3BlY3QgdGhlcmUgaXMgbm8gcmVhbCBkaXN0aW5jdGlvbi4uLnNldHRpbmcgcGFy YW1ldGVycyAodHJhZGl0aW9uYWwgbmV0d29yayBtYW5hZ2VtZW50KSBpcyBhIHdheSBvZiAicHJv Z3JhbW1pbmciIGFuIGludGVyZmFjZSAoIlNETiIpLg0KDQpUaGlzIGRvY3VtZW50IGNvdWxkIHVz ZSBhbiBlZGl0aW5nIHBhc3MgZm9yIGdsaXRjaGVzLCBidXQgdGhlc2UgZ2xpdGNoZXMgZG8gbm90 IGltcGFjdCBpdHMgcmVhZGFiaWxpdHkuDQoNClRoZSBnbGl0Y2hlcyBjb25zaXN0ICBtb3N0bHkg b2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxpa2UgIm9mIiBpbiB0aGUgZm9sbG93aW5nIHNl bnRlbmNlLg0KIlRoZSBhZG9wdGlvbiBvZiBhbiBTRE4gZnJhbWV3b3JrIGZvciBtYW5hZ2VtZW50 IGFuZA0KICAgY29udHJvbCB0aGUgbWljcm93YXZlIGludGVyZmFjZSBpcyBvbmUgb2YgdGhlIGtl eSBhcHBsaWNhdGlvbnMgZm9yDQogICB0aGlzIHdvcmsuIg0KDQpUaGUgc2VjdXJpdHkgY29uc2lk ZXJhdGlvbnMgc2F5IHRoYXQgdGhleSBhc3N1bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChh dXRoZW50aWNhdGVkLCBwcm9iYWJseSBlbmNyeXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNv bW11bmljYXRpb24uICBPdGhlciB0aGFuIHRoYXQsIHBlcmhhcHMsIHRoZXJlIG1pZ2h0IGJlIHNl Y3VyaXR5IGNvbnNpZGVyYXRpb25zIGZvciBpbmFkdmVydGVudGx5IHNldHRpbmcgcGFyYW1ldGVy cyBpbmNvcnJlY3RseSwgb3IgbWFsaWNpb3VzbHkgYnkgYSB0cnVzdGVkIGFkbWluaXN0cmF0b3Iu ICBCdXQgdGhpcyBkb2N1bWVudCBkb2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVjaWZpYyBwYXJhbWV0 ZXJzIHRvIGJlIG1hbmFnZWQsIGp1c3QgYSBnZW5lcmFsIGZyYW1ld29yay4NCg0KUmFkaWENCg0K DQoNCg0K --_000_F64C10EAA68C8044B33656FA214632C888316F24MISOUT7MSGUSRDE_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiU2Vnb2UgVUkgRW1vamkiO30NCi8qIFN0 eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9y bWFsDQoJe21hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZTox MS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFu Lk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0 ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtG b2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQt ZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5tc29ub3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYu bXNvbm9ybWFsMA0KCXttc28tc3R5bGUtbmFtZTptc29ub3JtYWw7DQoJbXNvLW1hcmdpbi10b3At YWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0 bzsNCgltYXJnaW4tbGVmdDowaW47DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToi Q2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLm0tMjA1ODc5NTQ4MjI5NzM3MzY4MW0tNjE2Njk4 NTgwNDYxNTI3OTM2Nm00MTMxMzc2NzI4MDMxMTY3MzA2Z21haWwtbTkwMjYzNjg4MDM3MTM4NjMz NDlnbWFpbC1tLTUwNTcwMTA5MTIxNTc3ODI1MzRnbWFpbC1pbA0KCXttc28tc3R5bGUtbmFtZTpt Xy0yMDU4Nzk1NDgyMjk3MzczNjgxbS02MTY2OTg1ODA0NjE1Mjc5MzY2bTQxMzEzNzY3MjgwMzEx NjczMDZnbWFpbC1tOTAyNjM2ODgwMzcxMzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1Nzc4MjUz NGdtYWlsLWlsO30NCnNwYW4uRW1haWxTdHlsZTE5DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFs LXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRv d3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJ Zm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJ e3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpk aXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtp ZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4 PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8 bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0i MSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5 IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9Ildv cmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSw8bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+QSBiaXQgbGF0ZSBqdW1waW5nIGluLCBidXQgSSB3YXMgaW52b2x2ZWQgaW4gYSBtZWV0 aW5nIGFuZCB0cmF2ZWxsaW5nIHRvL2Zyb20gRXVyb3BlLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5UaGVyZeKAmXMgc2V2ZXJhbCBSRkNzIHByb3ZpZGluZyBhIGRpc3RpbmN0aW9uIG9uIFNETiBh bmQgdHJhZGl0aW9uYWwgTk1TIChFcmljLCB3ZeKAmWxsIGhhdmUgYSBiYXIgY2hhdCBvbiB0aGF0 PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O1NlZ29lIFVJIEVtb2ppJnF1b3Q7LHNhbnMt c2VyaWYiPvCfmIo8L3NwYW4+KS4gSGVyZSwgSeKAmWQgc3VnZ2VzdCBhbiBpbmZvcm1hdGl2ZSBy ZWZlcmVuY2UgdG8gUkZDIDc0MjYg4oCcU0ROOiBMYXllcnMNCiBhbmQgQXJjaGl0ZWN0dXJlIFRl cm1pbm9sb2d54oCdLiBGb3IgdGhvc2Ugd2FudGluZyBjbGFyaWZpY2F0aW9uIG9uIOKAnG9uZeKA nSBjb21wb25lbnQsIGNoZWNrIG91dCBTZWN0aW9uIDTigJlzIGFkdm9jYXRlZCBldm9sdXRpb24g ZGlyZWN0aW9uLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IZXJlIGluIHRoaXMgbWljcm93YXZl IGRyYWZ0LCB0aGUgcXVlc3Rpb24gaXMgbm90IGhvdyBtYW55IGludGVyZmFjZXMgb3IgaWYgY29t cG9uZW50cyBhcmUgb25lIG9yIHR3byBwaHlzaWNhbGx5L2Z1bmN0aW9uYWxseSwgYnV0IHRvIGFk ZHJlc3Mgd2h5IHRoZXJlIGlzIGludGVyZXN0IGluIGRvaW5nIHRoaXMgd29yayAodG8gc3VwcG9y dCBtdWx0aS12ZW5kb3IgKFNETiBOQkkpIGVudmlyb25tZW50cyB2cy4gdHJhZGl0aW9uYWwNCiBv bmUgdmVuZG9yIHVzaW5nIGludGVybWVkaWF0ZSAocHJvcHJpZXRhcnkpIHN5c3RlbXMpIGFuZCB3 aGF0IGlzIG5lZWRlZCBmb3IgbWFuYWdlbWVudCBhbmQgY29udHJvbCBzbyBhcyB0byBpZGVudGlm eSBhIHN0YW5kYXJkIFlBTkcgbW9kZWwuIFRoZXNlIGNvdXBsZSBvZiBzZW50ZW5jZXMgd2FudCB0 byBzYXkgdGhpcyBkcmFmdCBkb2VzIG5vdCB3YW50IHRvIHByZWNsdWRlIGltcGxlbWVudGF0aW9u cyB3aGljaCBzdGlsbCB1c2UgdGhlIG1vcmUNCiB0cmFkaXRpb25hbCB0d28gaW50ZXJmYWNlIGFw cHJvYWNoIChjb250cm9sLCBtYW5hZ2VtZW50KSBvciBhIHNpbmdsZSBlbnRpdHkgZG9pbmcgdGhl IGZ1bmN0aW9uYWxpdHkgb3ZlciDigJxvbmXigJ0gaW50ZXJmYWNlLjxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj5J4oCZZCBzdWdnZXN0IG9uIHYwNjo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPlNvZnR3YXJlIERlZmluZWQgTmV0d29ya2luZyAoU0ROKTxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+U2VjdGlvbiAyIChEZWZpbml0aW9ucyk6PG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5TRE7igKYgU0ROIGNhbiBiZSB1c2VkIGFzIGEg dGVybSBmb3IgYXV0b21hdGlvbiBvZiB0cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQsIHdo aWNoIGNhbiBiZSBpbXBsZW1lbnRlZCB1c2luZyBhIHNpbWlsYXIgYXBwcm9hY2guPG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4vcy88bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPlNETiBjYW4gYmUgdXNlZCBmb3IgYXV0b21hdGlvbiBvZiB0cmFkaXRpb25h bCBuZXR3b3JrIG1hbmFnZW1lbnQgZnVuY3Rpb25hbGl0eSB1c2luZyBhbiBTRE4gYXBwcm9hY2gg b2Ygc3RhbmRhcmRpemVkIHByb2dyYW1tYWJsZSBpbnRlcmZhY2VzIGZvciBjb250cm9sIGFuZCBt YW5hZ2VtZW50IFtSRkM3NDI2XS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+U2VjdGlvbiAzOjxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+U0ROIHNvbHV0aW9ucyBjYW4gYmUg dXNlZCBhcyBwYXJ0IG9mIHRoZSBuZXR3b3JrIG1hbmFnZW1lbnQgc3lzdGVtLCBhbGxvd2luZyBm b3IgZGlyZWN0IG5ldHdvcmsgcHJvZ3JhbW1hYmlsaXR5IGFuZCBhdXRvbWF0ZWQgY29uZmlndXJh YmlsaXR5IGJ5IG1lYW5zIG9mIGEgY2VudHJhbGl6ZWQgU0ROIGNvbnRyb2wgYW5kIHN0YW5kYXJk aXplZCBpbnRlcmZhY2VzIHRvIHByb2dyYW0gdGhlIG5vZGVzLiZuYnNwOyBJdCdzDQogbm90ZWQg dGhhdCB0aGVyZSdzIGlkZWEgdGhhdCB0aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2Fy ZHMgYSBjb21wb25lbnQsIGFuZCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRl IHZhZ3VlLiZuYnNwOyBBbm90aGVyIGZhY3QgaXMgdGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkg b2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVu dGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lLA0KIHdoaWxlIFNETiBpcyBjb25zaWRlcmVk IGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZS4mbmJzcDsgVGhleSBh cmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25lbnRzLjxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+L3MvPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5TRE4gc29sdXRpb25zIHdpdGggc3RhbmRhcmRpemVkIGludGVyZmFjZXMgY2FuIGJlIHVzZWQg YXMgcGFydCBvZiB0aGUgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbS4mbmJzcDsgQXMgbm90ZWQg aW4gW1JGQzc0MjZdLCB3aXRoIHRoZSBhZG9wdGlvbiBvZiBvcGVuIGFuZCBzdGFuZGFyZGl6ZWQg aW50ZXJmYWNlcywgdGhlIHBhcnRpdGlvbiBvZiBmdW5jdGlvbmFsaXR5IGFuZCBkaXN0aW5jdGlv bnMgYmV0d2VlbiBhbiBOTVMNCiBjb250cm9sbGVyIGFuZCBTRE4gY29udHJvbGxlciBhcmUgYmVj b21pbmcgbGVzcyBjbGVhciwgYW5kIGZvciBzb21lIGFwcGxpY2F0aW9ucywgaGF2ZSBldm9sdmVk IHRvIG9uZSBjb250cm9sbGVyL29uZSBpbnRlcmZhY2UuJm5ic3A7IEFzIHRoZXJlIGFyZSBzdGls bCBtYW55IG5ldHdvcmtzIHdoZXJlIHRoZSBOTVMgaXMgaW1wbGVtZW50ZWQgYXMgb25lIGNvbXBv bmVudC9pbnRlcmZhY2UgYW5kIHRoZSBTRE4gY29udHJvbGxlciBpcyBzY29wZWQgdG8gY29udHJv bA0KIHBsYW5lIGZ1bmN0aW9uYWxpdHkgYXMgYSBzZXBhcmF0ZSBjb21wb25lbnQvaW50ZXJmYWNl LCB0aGlzIGRvY3VtZW50IGRvZXMgbm90IHByZWNsdWRlIGVpdGhlciBtb2RlbC4gVGhlIGFpbSBv ZiB0aGlzIGRvY3VtZW50IGlzIHRvIHByb3ZpZGUgYSBmcmFtZXdvcmsgZGVzY3JpYmluZyBib3Ro IG1hbmFnZW1lbnQgYW5kIGNvbnRyb2wgb2YgbWljcm93YXZlIGludGVyZmFjZXMgdG8gc3VwcG9y dCBkZXZlbG9wbWVudCBvZiBhIGNvbW1vbiBZQU5HIERhdGENCiBNb2RlbC48bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+SG9wZWZ1bGx5IHRoaXMgaW1wcm92ZXMtPG86cD48L286cD48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj5UaGFua3MgZXZlcnlvbmUgZm9yIHRoZSBjb21tZW50cy9jYXJlZnVs IHJlYWRpbmctPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5EZWJvcmFoPG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PGI+RnJvbTo8L2I+IENDQU1QICZsdDtjY2FtcC1ib3VuY2VzQGlldGYub3JnJmd0 OyA8Yj5PbiBCZWhhbGYgT2YgPC9iPg0KUmFkaWEgUGVybG1hbjxicj4NCjxiPlNlbnQ6PC9iPiBT YXR1cmRheSwgTWF5IDE5LCAyMDE4IDExOjM1IFBNPGJyPg0KPGI+VG86PC9iPiBFcmljIEdyYXkg Jmx0O2VyaWMuZ3JheUBlcmljc3Nvbi5jb20mZ3Q7PGJyPg0KPGI+Q2M6PC9iPiBkcmFmdC1pZXRm LWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnOyBjY2FtcEBpZXRm Lm9yZzsgVGhlIElFU0cgJmx0O2llc2dAaWV0Zi5vcmcmZ3Q7OyBzZWNkaXJAaWV0Zi5vcmc8YnI+ DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtDQ0FNUF0gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRm LWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPkhpIEVyaWMsPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5JIGZlZWwgYmFkIGZvciB0aGUgYXV0aG9ycyBvZiB0aGlzIGRvY3VtZW50IHRvIGJlIGJ1cmRl bmVkIHdpdGggY2xhcmlmeWluZyBhIGRpc3RpbmN0aW9uIHRoYXQgaGFzIG5ldmVyIGJlZW4gY2xl YXIgYmVmb3JlICh0byBsb3RzIG9mIHBlb3BsZSwgaW5jbHVkaW5nIG1lKSwmbmJzcDsgYnV0IHRo ZWlyIHByb3Bvc2VkIHRleHQgZG9lc24ndCBtYWtlIGl0IGNsZWFyZXIuPG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZxdW90OyA8c3BhbiBzdHls ZT0iZm9udC1zaXplOjkuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2Vy aWY7Y29sb3I6IzFGNDk3RDtiYWNrZ3JvdW5kOndoaXRlIj4NCuKAnEl0J3Mgbm90ZWQgdGhhdCB0 aGVyZSdzIGlkZWEgdGhhdCB0aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBj b21wb25lbnQsIGFuZCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZhZ3Vl LiBBbm90aGVyIGZhY3QgaXMgdGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mg d2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRo ZSBtYW5hZ2VtZW50DQogcGxhbmUsIHdoaWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50 cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBz ZXBhcmF0ZSBjb21wb25lbnQmcXVvdDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS41cHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEO2Jh Y2tncm91bmQ6d2hpdGUiPiZuYnNwO0RvIHlvdSAob3IgYW55b25lIGVsc2UpIGhhdmUgYSBzdWdn ZXN0aW9uIGZvciB0ZXh0IHRoYXQgYWNrbm93bGVkZ2VzIHRvIHRoZSByZWFkZXIgdGhhdCBpdCdz IG5vdCB0aGUgcmVhZGVyJ3MgZmF1bHQgZm9yIG5vdCB1bmRlcnN0YW5kaW5nIHRoZSBkaWZmZXJl bmNlPzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjVwdDtjb2xvcjojMUY0OTdEIj5JdCB3 b3VsZCBiZSBPSyB3aXRoIG1lIGZvciB0aGVtIHRvIGxlYXZlIG91dCZuYnNwOyB0aGUgZXh0cmEg ZW50aXJlbHksIHNpbmNlIEknbSBzdXJlIHRoaXMgaXNuJ3QgdGhlIGZpcnN0IFJGQyB3aG9zZSB2 ZXJiaWFnZSBjbGFpbXMgU0ROIGFuZCBOTVMgYXJlIHR3byBkaWZmZXJlbnQgY29uY2VwdHMuIEJ1 dCBpZiBJIHdlcmUgdHJ5aW5nIHRvDQogZ2V0IHVwIHRvIHNwZWVkIGFib3V0IHRoaXMgYXJlYSBi eSByZWFkaW5nIHRoZSBkb2N1bWVudHMsIEknZCBiZSBzb21ld2hhdCBjb21mb3J0ZWQgYnkgYW4g YWNrbm93bGVkZ2VtZW50IChzdWNoIGFzIHRoZSB0ZXh0IHRoZXkgcHJvcG9zZSwgYnV0IHdpdGgg dGhlIEVuZ2xpc2ggZml4ZWQpIHRoYXQgdGhlc2UgYXJlIGZ1enp5IGRpc3RpbmN0aW9ucywgc28g SSB3b3VsZG4ndCB0aGluayBpdCB3YXMganVzdCBtZS4uLi50aGF0IGlmIEkgb25seSByZWFkDQog bW9yZSB0aGluZ3MsIG9yIHRob3VnaHQgaGFyZGVyLCBvciBoYWQgbW9yZSBiYWNrZ3JvdW5kLCB0 aGUgZGlzdGluY3Rpb24gd291bGQgYmUgY2xlYXIuJm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjkuNXB0O2NvbG9yOiMxRjQ5N0QiPlJhZGlhPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZu YnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBGcmksIE1heSAx OCwgMjAxOCBhdCAxOjI3IFBNLCBFcmljIEdyYXkgJmx0OzxhIGhyZWY9Im1haWx0bzplcmljLmdy YXlAZXJpY3Nzb24uY29tIiB0YXJnZXQ9Il9ibGFuayI+ZXJpYy5ncmF5QGVyaWNzc29uLmNvbTwv YT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpu b25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2 LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluIj4NCjxkaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj5IaSBSYWRpYS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPkkgYWdyZWUgdGhhdCB0aGUgRW5nbGlzaCBpcyBhd2t3YXJkLCBidXQgSSB3b3VsZCBoYXZl IGludGVycHJldGVkIOKAnGV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVudOKAnSB0byBtZWFuIHNv bWV0aGluZyBtb3JlIGFsb25nIHRoZSBsaW5lcyBvZiBldm9sdmluZyB0b3dhcmQgdGhlIHNhbWUg KHNpbmd1bGFyKSB0aGluZy4mbmJzcDsNCiBPciBwZXJoYXBzIGFub3RoZXIgd2F5IHRvIGxvb2sg YXQgaXQgbWlnaHQgYmUgdGhhdCwgYmVjYXVzZSBZQU5HIGlzIGJlY29taW5nIGEgbW9yZSBwb3B1 bGFyIG1lY2hhbmlzbSBmb3IgYm90aCBOTVMgYW5kIFNETiwgaXQgaXMgbGlrZWx5IHRoYXQgb25l IG9yIGJvdGggb2YgdGhlc2UgbWF5IGJlY29tZSBjb21wb25lbnRzIG9mIGEgY29tbW9uIG1hbmFn ZW1lbnQgZnJhbWV3b3JrLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4m bmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SSB3b3VsZCBpbnRl cnByZXQgaXQgdGhpcyB3YXkgcHJlY2lzZWx5IGJlY2F1c2Ug4oCTIGFzIHlvdSBzYXkg4oCTIHRo ZSBkaXN0aW5jdGlvbiBpcyBub3QgYXQgYWxsIGNsZWFyLCB0aG91Z2ggSSB3b3VsZCBhZGQgdGhh dCAodG8gc29tZSBvZiB1cykgdGhlIGRpc3RpbmN0aW9uIGhhcyBuZXZlciBiZWVuIHZlcnkgY2xl YXIuJm5ic3A7DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkgRW1vamkm cXVvdDssc2Fucy1zZXJpZiI+8J+Yijwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PkZvciB0aGlzIHJlYXNvbiwgSSB3b3VsZCBoYXZlIHNvbWUgc21hbGwgZGlmZmljdWx0eSBpbiBz ZWVpbmcgaG93IGl0IHdvdWxkIG1ha2UgbXVjaCBzZW5zZSB0byBzYXkgdGhhdCB0aGV5IGFyZSBl dm9sdmluZyB0b3dhcmQgaW5jcmVhc2luZyBzaW1pbGFyaXR5LjxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+LS08bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+RXJpYzxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGI+RnJvbTo8L2I+IENDQU1QIFttYWlsdG86PGEg aHJlZj0ibWFpbHRvOmNjYW1wLWJvdW5jZXNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5jY2Ft cC1ib3VuY2VzQGlldGYub3JnPC9hPl0NCjxiPk9uIEJlaGFsZiBPZiA8L2I+UmFkaWEgUGVybG1h bjxicj4NCjxiPlNlbnQ6PC9iPiBGcmlkYXksIE1heSAxOCwgMjAxOCAxMjozMCBBTTxicj4NCjxi PlRvOjwvYj4gWWVtaW4gKEFteSkgJmx0OzxhIGhyZWY9Im1haWx0bzphbXkueWVtaW5AaHVhd2Vp LmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmFteS55ZW1pbkBodWF3ZWkuY29tPC9hPiZndDs8YnI+DQo8 Yj5DYzo8L2I+IFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFy Z2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpjY2Ft cEBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmNjYW1wQGlldGYub3JnPC9hPjsgPGEgaHJlZj0i bWFpbHRvOnNlY2RpckBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0Kc2VjZGlyQGlldGYub3Jn PC9hPjsgPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29y ay5hbGxAdG9vbHMuaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2NhbXAt bWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+PGJyPg0KPGI+U3ViamVj dDo8L2I+IFJlOiBbQ0NBTVBdIFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNy b3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhh bmsgeW91ISZuYnNwOyBUaG91Z2ggd2hhdCB5b3UncmUgc3VnZ2VzdGluZyBpcyBhd2t3YXJkIEVu Z2xpc2guPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj5QZXJoYXBzICZxdW90O1dlIG5vdGUgdGhhdCB0aGUgZGlzdGluY3Rpb24g YmV0d2VlbiBOTVMgYW5kIFNETiBpcyBub3QgYWxsIHRoYXQgY2xlYXIsIGFuZCB0aGUgdHdvIGFy ZSBldm9sdmluZyB0byBiZSBtb3JlIGFuZCBtb3JlIHNpbWlsYXIuJnF1b3Q7IGNvdWxkIHJlcGxh Y2UgdGhlIGZpcnN0IHNlbnRlbmNlLiZuYnNwOyBJJ20gcmVhbGx5DQogbm90IHN1cmUgd2hhdCB5 b3UgbWVhbnQgYnkgJnF1b3Q7ZXZvbHZpbmcgdG93YXJkIGEgY29tcG9uZW50JnF1b3Q7LCBzbyBw ZXJoYXBzIEknbSBub3QgY2FwdHVyaW5nIHdoYXQgeW91IGFyZSBpbnRlbmRpbmcgdG8gc2F5Ljxv OnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4m bmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0 byI+UmFkaWE8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0 byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5P biBUaHUsIE1heSAxNywgMjAxOCBhdCA3OjAzIFBNLCBZZW1pbiAoQW15KSAmbHQ7PGEgaHJlZj0i bWFpbHRvOmFteS55ZW1pbkBodWF3ZWkuY29tIiB0YXJnZXQ9Il9ibGFuayI+YW15LnllbWluQGh1 YXdlaS5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxl PSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGlu IDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4t cmlnaHQ6MGluO21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5IaSBSYWRpYSwNCjwvc3Bh bj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNv bG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPldlIGp1c3QgdXBkYXRlZCB0aGUg ZHJhZnQsDQo8YSBocmVmPSJodHRwczovL3VybGRlZmVuc2UucHJvb2Zwb2ludC5jb20vdjIvdXJs P3U9aHR0cHMtM0FfX2RhdGF0cmFja2VyLmlldGYub3JnX2RvY19kcmFmdC0yRGlldGYtMkRjY2Ft cC0yRG1pY3Jvd2F2ZS0yRGZyYW1ld29ya18mYW1wO2Q9RHdNRmFRJmFtcDtjPUxGWVotbzlfSFVN ZU1UU1FpY3ZqSWcmYW1wO3I9NlVoR3BXOWx3aTlkTTdqWWx4WEQ4dyZhbXA7bT1aaVVsV2NKSjdK cXcyeHhXeUxIdHlHYVUyVkljT3g5dTZkeUNvRjR4ZENvJmFtcDtzPUd5SGFxUlVRazFEUEZmdHRY YTZGWFVwTkRCNHJPblJYdGsycDhtbXZ0b2cmYW1wO2U9IiB0YXJnZXQ9Il9ibGFuayI+DQpodHRw czovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m cmFtZXdvcmsvPC9hPi4gPC9zcGFuPg0KPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5Zb3VyIGNvbW1lbnRzIGFyZSBhZGRy ZXNzZWQgaW4gdGhlIGxhdGVzdCB2ZXJzaW9uLg0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9z cGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0i Y29sb3I6IzFGNDk3RCI+QlIsPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+QW15PC9zcGFuPjxvOnA+PC9vOnA+ PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0Ux RTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+PGI+RnJvbTo8L2I+IFllbWluIChBbXkpDQo8YnI+DQo8Yj5TZW50OjwvYj4gVGh1cnNk YXksIE1heSAxMCwgMjAxOCA0OjA3IFBNPGJyPg0KPGI+VG86PC9iPiAnRGFuaWVsZSBDZWNjYXJl bGxpJyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmRhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb20i IHRhcmdldD0iX2JsYW5rIj5kYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPC9hPiZndDs7 IFJhZGlhIFBlcmxtYW4gJmx0OzxhIGhyZWY9Im1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29t IiB0YXJnZXQ9Il9ibGFuayI+cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwvYT4mZ3Q7Ow0KPGEgaHJl Zj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMu aWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZy YW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+OyBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFp bHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5pZXNnQGlldGYub3JnPC9hPiZndDs7 DQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2VjZGly QGlldGYub3JnPC9hPjxicj4NCjxiPlN1YmplY3Q6PC9iPiBSRTogU2VjZGlyIHJldmlldyBvZiBk cmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+SGkg UmFkaWEsDQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxz cGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5UaGFua3Mg Zm9yIHlvdXIgcmV2aWV3Li4NCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5 N0QiPlJlZ2FyZGluZyB0aGUgTk1TIGFuZCBTRE4sIGFzIERhbmllbGUgc3VnZ2VzdGVkLCB3ZSB3 aWxsIGFkZCB0aGUgZm9sbG93aW5nIHRleHQgaW4gc2VjdGlvbiAzOg0KPC9zcGFuPjxvOnA+PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3 RCI+4oCcSXQncyBub3RlZCB0aGF0IHRoZXJlJ3MgaWRlYSB0aGF0IHRoZSBOTVMgYW5kIFNETiBh cmUgZXZvbHZpbmcgdG93YXJkcyBhIGNvbXBvbmVudCwgYW5kIHRoZSBkaXN0aW5jdGlvbiBiZXR3 ZWVuIHRoZW0gaXMgcXVpdGUgdmFndWUuIEFub3RoZXIgZmFjdCBpcw0KIHRoYXQgdGhlcmUgaXMg c3RpbGwgcGxlbnR5IG9mIG5ldHdvcmtzIHdoZXJlIE5NUyBpcyBzdGlsbCBjb25zaWRlcmVkIGFz IHRoZSBpbXBsZW1lbnRhdGlvbiBvZiB0aGUgbWFuYWdlbWVudCBwbGFuZSwgd2hpbGUgU0ROIGlz IGNvbnNpZGVyZWQgYXMgdGhlIGNlbnRyYWxpemF0aW9uIG9mIHRoZSBjb250cm9sIHBsYW5lLiBU aGV5IGFyZSBzdGlsbCBrZXB0IGFzIHNlcGFyYXRlIGNvbXBvbmVudC7igJ08L3NwYW4+PG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0 OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5SZWdhcmRpbmcgdGhlIHNlY3VyaXR5IGNvbnNp ZGVyYXRpb25zLCB5ZXMsIHRoaXMgZHJhZnQgZG9lc27igJl0IHNwZWNpZnkgdGhlIHBhcmFtZXRl cnMuDQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu IHN0eWxlPSJjb2xvcjojMUY0OTdEIj5UaGVyZeKAmXMgYW5vdGhlciBkcmFmdCBkcmFmdC1pZXRm LWNjYW1wLW13LXlhbmcsIHdoZXJlIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9uIGlzIGFkZHJl c3NlZCBhcyB5b3Ugc3VnZ2VzdGVkLg0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6 IzFGNDk3RCI+QlIsPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+QW15PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K PGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAx LjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ PGI+RnJvbTo8L2I+IERhbmllbGUgQ2VjY2FyZWxsaSBbPGEgaHJlZj0ibWFpbHRvOmRhbmllbGUu Y2VjY2FyZWxsaUBlcmljc3Nvbi5jb20iIHRhcmdldD0iX2JsYW5rIj5tYWlsdG86ZGFuaWVsZS5j ZWNjYXJlbGxpQGVyaWNzc29uLmNvbTwvYT5dDQo8YnI+DQo8Yj5TZW50OjwvYj4gTW9uZGF5LCBN YXkgMDcsIDIwMTggNTo0NiBQTTxicj4NCjxiPlRvOjwvYj4gUmFkaWEgUGVybG1hbiAmbHQ7PGEg aHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdldD0iX2JsYW5rIj5yYWRp YXBlcmxtYW5AZ21haWwuY29tPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1j Y2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJfYmxh bmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRm Lm9yZzwvYT47IFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFy Z2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpzZWNk aXJAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJyPg0KPGI+ U3ViamVjdDo8L2I+IFJFOiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93 YXZlLWZyYW1ld29yay0wNTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPjxzcGFuIGxhbmc9IklUIj5IaSBSYWRpYSw8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwv c3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+bGV0IG1lIHJlcGx5 IG9uIGJlaGFsZiBvZiB0aGUgYXV0aG9ycy4gRmlyc3Qgb2YgYWxsIG1hbnkgdGhhbmtzIGZvciB5 b3VyIHJldmlldy48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7 PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlJlZ2FyZGluZyB5b3VyIHF1 ZXN0aW9uIGFib3V0IHRyYWRpdGlvbmFsIE5NUyB2cyBTRE4gSSBhZ3JlZSB3aXRoIHlvdSBvbiB0 aGUgZmFjdCB0aGF0IHRoZXkgYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBjb21tb24gY29tcG9uZW50 IGFuZCB0aGUgZGlzdGluY3Rpb24gaXMgcXVpdGUgYmx1cnJ5LCBidXQgdGhlcmUNCiBpcyBzdGls bCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhl IGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lIHdoaWxlIFNETiB0aGUgY2Vu dHJhbGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUgYW5kIHRoZXkgYXJlIHN0aWxsIGtlcHQg YXMgc2VwYXJhdGUgdGhpbmdzLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SGVuY2UsIHNp bmNlIHRoZSBhdXRob3JzIHNwZWFrIGFib3V0IOKAnHRyYWRpdGlvbmFs4oCdIE5NUyBhbmQgU0RO IEkgd291bGQgdGVuZCB0byBhbGxvdyBmb3IgdGhlIGRpc3RpbmN0aW9uIHRvIGJlIGtlcHQuIElm IHlvdSBwcmVmZXIgYSBub3RlIHNwZWFraW5nIGFib3V0IHRoZSBjb252ZXJnZW5jZSBvZiB0aGUg dHdvDQogdGhpbmdzIGNhbiBiZSBhZGRlZC48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlRo YW5rcyBhIGxvdDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5EYW5pZWxl Jm5ic3A7IChjY2FtcCBjby1jaGFpcik8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3Jk ZXItbGVmdDpzb2xpZCBibHVlIDEuNXB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNC4wcHQiPg0KPGRp dj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBw dDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGI+ RnJvbTo8L2I+IFJhZGlhIFBlcmxtYW4gWzxhIGhyZWY9Im1haWx0bzpyYWRpYXBlcmxtYW5AZ21h aWwuY29tIiB0YXJnZXQ9Il9ibGFuayI+bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb208L2E+ XQ0KPGJyPg0KPGI+U2VudDo8L2I+IGx1bmVkw6wgNyBtYWdnaW8gMjAxOCAwODo1NTxicj4NCjxi PlRvOjwvYj4gPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l d29yay5hbGxAdG9vbHMuLmlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+DQpkcmFmdC1pZXRmLWNj YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPC9hPjsgVGhlIElFU0cg Jmx0OzxhIGhyZWY9Im1haWx0bzppZXNnQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aWVzZ0Bp ZXRmLm9yZzwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyIgdGFyZ2V0 PSJfYmxhbmsiPnNlY2RpckBpZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gU2VjZGly IHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxh bmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t LWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+U29ycnkuLi5yZXNlbmRpbmcgYmVjYXVzZSBJIG1p c3R5cGVkIHRoZSBhdXRob3IgYWRkcmVzcy48L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBs YW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttYXJnaW4tYm90dG9tOjEy LjBwdCI+PHNwYW4gbGFuZz0iSVQiPi0tLS0tLS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0t LS0tLTxicj4NCkZyb206IDxiPlJhZGlhIFBlcmxtYW48L2I+ICZsdDs8YSBocmVmPSJtYWlsdG86 cmFkaWFwZXJsbWFuQGdtYWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPnJhZGlhcGVybG1hbkBnbWFp bC5jb208L2E+Jmd0Ozxicj4NCkRhdGU6IFN1biwgTWF5IDYsIDIwMTggYXQgMTE6NDggUE08YnI+ DQpTdWJqZWN0OiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZy YW1ld29yay0wNTxicj4NClRvOiA8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNy b3dhdmUtZnJhbWV3b3JrLTA1LmFsbEB0b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0K ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1LmFsbEB0b29scy5pZXRmLm9y ZzwvYT4sIFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFyZ2V0 PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OywNCjxhIGhyZWY9Im1haWx0bzpzZWNkaXJA aWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PC9zcGFuPjxvOnA+ PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQi IHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fu cy1zZXJpZjtjb2xvcjojMjIyMjIyIj5TdW1tYXJ5OiZuYnNwOyBObyBzZWN1cml0eSBpc3N1ZXMg Zm91bmQsIGJ1dCBJIGRvIGhhdmUgcXVlc3Rpb25zLCBhbmQgdGhlcmUgYXJlIGVkaXRpbmcgZ2xp dGNoZXM8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImZvbnQt c2l6ZTo5LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9y OiMyMjIyMjIiPkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNl Y3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZzxicj4NCmVmZm9ydCB0byZuYnNwOzxzcGFuIGNs YXNzPSJtLTIwNTg3OTU0ODIyOTczNzM2ODFtLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3Njcy ODAzMTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3 NzgyNTM0Z21haWwtaWwiPnJldmlldzwvc3Bhbj4mbmJzcDthbGwgSUVURiBkb2N1bWVudHMgYmVp bmcgcHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiZuYnNwOyBUaGVzZTxicj4NCmNvbW1lbnRzIHdlcmUg d3JpdHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBhcmVhPGJy Pg0KZGlyZWN0b3JzLiZuYnNwOyBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxk IHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3Q8YnI+DQpsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwg Y29tbWVudHMuPC9zcGFuPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklU Ij4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0aGUg bWFuYWdlbWVudCBpbnRlcmZhY2UgZm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy48L3NwYW4+PG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu IGxhbmc9IklUIj5JdCBhZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1Y2gg YW4gaW50ZXJmYWNlIHNob3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRvci1z cGVjaWZpYyBmZWF0dXJlcy48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxh bmc9IklUIj5JIGRvbid0IHVuZGVyc3RhbmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICZxdW90 O2EgdHJhZGl0aW9uYWwgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSZxdW90OyBhbmQgU0ROLiZu YnNwOyBQZXJoYXBzIGl0IGlzIG5vdCB0aGUgam9iIG9mIHRoaXMgZG9jdW1lbnQgdG8gY2xlYXJs eSBtYWtlIHRoZSBkaXN0aW5jdGlvbiwNCiBhbmQgSSBzdXNwZWN0IHRoZXJlIGlzIG5vIHJlYWwg ZGlzdGluY3Rpb24uLi5zZXR0aW5nIHBhcmFtZXRlcnMgKHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFu YWdlbWVudCkgaXMgYSB3YXkgb2YgJnF1b3Q7cHJvZ3JhbW1pbmcmcXVvdDsgYW4gaW50ZXJmYWNl ICgmcXVvdDtTRE4mcXVvdDspLiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bh bj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ PHNwYW4gbGFuZz0iSVQiPlRoaXMgZG9jdW1lbnQgY291bGQgdXNlIGFuIGVkaXRpbmcgcGFzcyBm b3IgZ2xpdGNoZXMsIGJ1dCB0aGVzZSBnbGl0Y2hlcyBkbyBub3QgaW1wYWN0IGl0cyByZWFkYWJp bGl0eS48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGUg Z2xpdGNoZXMgY29uc2lzdCZuYnNwOyBtb3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRz IGxpa2UgJnF1b3Q7b2YmcXVvdDsgaW4gdGhlIGZvbGxvd2luZyBzZW50ZW5jZS48L3NwYW4+PG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu IGxhbmc9IklUIj4mcXVvdDtUaGUgYWRvcHRpb24gb2YgYW4gU0ROIGZyYW1ld29yayBmb3IgbWFu YWdlbWVudCBhbmQ8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDsgJm5ic3A7Y29udHJvbCB0aGUg bWljcm93YXZlIGludGVyZmFjZSBpcyBvbmUgb2YgdGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yPC9z cGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7ICZuYnNwO3RoaXMgd29yay4mcXVvdDs8L3NwYW4+PG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu IGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGUgc2VjdXJpdHkgY29uc2lk ZXJhdGlvbnMgc2F5IHRoYXQgdGhleSBhc3N1bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChh dXRoZW50aWNhdGVkLCBwcm9iYWJseSBlbmNyeXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNv bW11bmljYXRpb24uJm5ic3A7IE90aGVyIHRoYW4gdGhhdCwNCiBwZXJoYXBzLCB0aGVyZSBtaWdo dCBiZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBmb3IgaW5hZHZlcnRlbnRseSBzZXR0aW5nIHBh cmFtZXRlcnMgaW5jb3JyZWN0bHksIG9yIG1hbGljaW91c2x5IGJ5IGEgdHJ1c3RlZCBhZG1pbmlz dHJhdG9yLiZuYnNwOyBCdXQgdGhpcyBkb2N1bWVudCBkb2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVj aWZpYyBwYXJhbWV0ZXJzIHRvIGJlIG1hbmFnZWQsIGp1c3QgYSBnZW5lcmFsIGZyYW1ld29yay48 L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0iY29sb3I6Izg4ODg4OCI+Jm5ic3A7PC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3Bh biBsYW5nPSJJVCIgc3R5bGU9ImNvbG9yOiM4ODg4ODgiPlJhZGlhPC9zcGFuPjxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4g bGFuZz0iSVQiIHN0eWxlPSJjb2xvcjojODg4ODg4Ij4mbmJzcDs8L3NwYW4+PG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0 byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1 b3RlPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4N CjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rp dj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_F64C10EAA68C8044B33656FA214632C888316F24MISOUT7MSGUSRDE_-- From nobody Mon May 21 11:57:25 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F05E12D80E for ; Mon, 21 May 2018 11:57:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.31 X-Spam-Level: X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58sbIk1B29bM for ; Mon, 21 May 2018 11:57:12 -0700 (PDT) Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B577812D82F for ; Mon, 21 May 2018 11:57:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1526929030; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=7M2EmHITAcLFDs/NeyoVzZplzdhm4L2da62/0+J10Xg=; b=UtWWZRYTpob8aU8sWiP3G6r/RUlVe0rnqVoIb5qzw8aK/ejOJo/raqzvkjJ23RZo UGPbNhphNz/z9KPYeT32vuu1dLfNCvmH2oKFaowCE+7jvpnkcHs6LvNb5TMO3ixD yLLxcg9SGbb+ciky0wDLzNm3Yv4kBp/l6YlzjGLlFCA=; X-AuditID: c6180641-691ff70000002610-8f-5b031686307b Received: from EUSAAHC006.ericsson.se (Unknown_Domain [147.117.188.90]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id DD.ED.09744.686130B5; Mon, 21 May 2018 20:57:10 +0200 (CEST) Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC006.ericsson.se ([147.117.188.90]) with mapi id 14.03.0382.000; Mon, 21 May 2018 14:57:09 -0400 From: Eric Gray To: Radia Perlman CC: "Yemin (Amy)" , The IESG , "ccamp@ietf.org" , "secdir@ietf.org" , "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" Thread-Topic: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05 Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQCADDFO8IAAbMGAgADFmvCAAk+egIACQesQ Date: Mon, 21 May 2018 18:57:09 +0000 Message-ID: <48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2@eusaamb107.ericsson.se> References: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [147.117.188.221] Content-Type: multipart/alternative; boundary="_000_48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2eusaamb107erics_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBIsWRmVeSWpSXmKPExsUyuXRPlG6bGHO0wetvShabOzawWTyZc4PF 4vpbNYsZfyYyW2yZ85bV4sPChywObB47Z91l92g58pbVY8mSn0weXy5/ZgtgieKySUnNySxL LdK3S+DK2NKzmL2g5RRzxd1HvSwNjBP2MXcxcnJICJhINHybAWRzcQgJHGWUuHT/PTuEs5xR YsKcd0wgVWwCGhLH7qxlBLFFBLQkWjs/MIIUMQu0Mkls7poHlhAW8JXYd/YLC0RRgMS7/pdQ dpRE8+s/YOtYBFQlbnaAbODk4AWqn3X8KBPEtoPMEnP/HAJLcAoESmw+94INxGYUEJP4fmoN 2BXMAuISt57MZ4K4W0BiyZ7zUD+ISrx8/I8VwlaWuL7qCgtEfb7Evr5fzBDLBCVOznzCMoFR ZBaSUbOQlM1CUjaLkQMorimxfpc+RImixJTuh+wQtoZE65y57MjiCxjZVzFylBYX5OSmGxlu YgTG3zEJNscdjHt7PQ8xCnAwKvHwrmVkjhZiTSwrrsw9xCjBwawkwvvpElO0EG9KYmVValF+ fFFpTmrxIUZpDhYlcd5znrxRQgLpiSWp2ampBalFMFkmDk6pBsYZaZzrK+OKD0ttey/+NGXp DfOIcCmxlM+dHom6kZPbtLg/mrzgfh821VhG4ezkKrW/byc/a09k1fO9ryS7+dEKFa+F7t1l 59V+XY6z1unIepV053ym1qtnf//9+y6xer193gdl6TKluoTHYhu6N89qnxyw0iKzvSb6/41S /5q820GxN99lRimxFGckGmoxFxUnAgDy4iKWuwIAAA== Archived-At: Subject: Re: [secdir] [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2018 18:57:17 -0000 --_000_48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2eusaamb107erics_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 U28sIG9uZSBjb3VsZCByZWFkIHRoaXMgYXMgc2F5aW5nIHRoYXQgc29tZSBwZW9wbGUgdmlldyBu ZXR3b3JrIG1hbmFnZW1lbnQgKGUuZy4g4oCTIHVzZSBvZiBhbiBOTVMpIGFuZCBjZW50cmFsaXpl ZCBuZXR3b3JrIGNvbnRyb2wgKGUuZy4g4oCTIFNETikgYXMgYmVpbmcgc29tZWhvdyBhdCBsZWFz dCBtYXJnaW5hbGx5IGRpc3RpbmN0LCB5ZXQgYmVjb21pbmcgaW5jcmVhc2luZ2x5IGxlc3Mgc28u ICBPdGhlciBwZW9wbGUgdmlldyB0aGVtIGFzIGNvbXBsZXRlbHkgZGlzam9pbnQsIHBlcmhhcHMg aGF2aW5nIGEgcHJlZmVyZW5jZSwgYW5kIHdvdWxkIGxpa2UgdGhlbSB0byBjb250aW51ZSBiZWlu ZyBjb25zaWRlcmVkIGNvbXBsZXRlbHkgc2VwYXJhdGUgYW5kIGRpc3RpbmN0IGNvbmNlcHRzLg0K DQpXaGlsZSBJIHRoaW5rIGl0IGlzIHByb2JhYmx5IGZhaXIgdG8gc2F5IHRoYXQgdGhpcyBpcyB2 ZXJ5IGxpa2VseSB0cnVlLCB0aGlzIGhhcyBhbGwgdGhlIGVhciBtYXJrcyBvZiBiZWluZyBhIHJh dCBob2xlLCBhbmQgSSBjYW5ub3QgaW1hZ2luZSB3aGF0IHZhbHVlIHRoZSBwcm9wb3NlZCB0ZXh0 IGFkZHMgdG8gdGhlIGRyYWZ0Lg0KDQpBcyBJIHVuZGVyc3RhbmQgaXQsIHRoZSBpbnRlbnQgd2Fz IHRvIGNsYXJpZnkgc29tZXRoaW5nIHRvIGRvIHdpdGggdGhlIGZvbGxvd2luZyB0ZXh0Og0KDQoN CiAgIFRoaXMgZnJhbWV3b3JrIGFkZHJlc3NlcyB0aGUgZGVmaW5pdGlvbiBvZiBhbiBvcGVuIGFu ZCBzdGFuZGFyZGl6ZWQNCiAgIGludGVyZmFjZSBmb3IgdGhlIHJhZGlvIGxpbmsgZnVuY3Rpb25h bGl0eSBpbiBhIG1pY3Jvd2F2ZSBub2RlLiAgVGhlDQogICBhcHBsaWNhdGlvbiBvZiBzdWNoIGFu IGludGVyZmFjZSB1c2VkIGZvciBtYW5hZ2VtZW50IGFuZCBjb250cm9sIG9mDQogICBub2RlcyBh bmQgbmV0d29ya3MgdHlwaWNhbGx5IHZhcnkgZnJvbSBvbmUgb3BlcmF0b3IgdG8gYW5vdGhlciwg aW4NCiAgIHRlcm1zIG9mIHRoZSBzeXN0ZW1zIHVzZWQgYW5kIGhvdyB0aGV5IGludGVyYWN0LiAg QSB0cmFkaXRpb25hbA0KICAgc29sdXRpb24gaXMgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSwg d2hpbGUgYW4gZW1lcmdpbmcgb25lIGlzIFNETi4NCiAgIFNETiBzb2x1dGlvbnMgY2FuIGJlIHVz ZWQgYXMgcGFydCBvZiB0aGUgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSwNCiAgIGFsbG93aW5n IGZvciBkaXJlY3QgbmV0d29yayBwcm9ncmFtbWFiaWxpdHkgYW5kIGF1dG9tYXRlZA0KICAgY29u ZmlndXJhYmlsaXR5IGJ5IG1lYW5zIG9mIGEgY2VudHJhbGl6ZWQgU0ROIGNvbnRyb2wgYW5kDQog ICBzdGFuZGFyZGl6ZWQgaW50ZXJmYWNlcyB0byBwcm9ncmFtIHRoZSBub2Rlcy4NCg0KWW91ciBj b21tZW50IHdhcyB0aGF0IHRoZSBkaXN0aW5jdGlvbiBpcyBub3QgY2xlYXIuICBUaGF0IGlzIGEg ZmFpciBwb2ludC4gIEFuZCBpdCBpcyBwcm9iYWJseSBub3QgYWRkcmVzc2VkIGJ5IHRoZSBwcm9w b3NhbC4NCg0KSSB3b3VsZCBmdXJ0aGVyIGFkZCB0aGF0IHVzaW5nIGVtb3Rpb25hbGx5IGZyZWln aHRlZCBleHByZXNzaW9ucyAo4oCcY2xhc3NpY+KAnS/igJ1sZWdhY3nigJ0v4oCddHJhZGl0aW9u YWzigJ0gdmVyc2VzIOKAnGlubm92YXRpdmXigJ0v4oCdbm92ZWzigJ0v4oCdZW1lcmdpbmfigJ0p IGRvZXNu4oCZdCBoZWxwIGFuZCByZWFsbHkgaXNu4oCZdCBhcHByb3ByaWF0ZSBpbiBzcGVjaWZp Y2F0aW9uLg0KDQpJIHN1c3BlY3QgdGhhdCB0aGUgcmVhc29uIGZvciBjbGFpbWluZyBhIGRpc3Rp bmN0aW9uIGV4aXN0cyAoaG93ZXZlciBkaWZmaWN1bHQgaXQgbWF5IGJlIHRvIGNoYXJhY3Rlcml6 ZSB0aGF0IGRpc3RpbmN0aW9uKSBpcyBpbiB0aGUgcGFydCBvZiB0aGUgYWJvdmUgdGV4dCBoYXZp bmcgdG8gZG8gd2l0aCBvcGVyYXRvciBwcmVmZXJlbmNlcy4gIFRoZXNlIGRlZmluaXRlbHkgZG8g ZXhpc3QuICDwn5iKDQoNClBlcmhhcHMgYSBnb29kIHdheSB0byBhZGRyZXNzIHRoZSBpc3N1ZSBp cyB0byByZXBsYWNlIHRoZSBsYXN0IHR3byBzZW50ZW5jZXMgaW4gdGhlIHRleHQgYWJvdmUgd2l0 aCBzb21ldGhpbmcgYWxvbmcgdGhlIGxpbmVzIG9mOg0KDQogICAg4oCcUG9zc2libGUgYXBwcm9h Y2hlcyBpbmNsdWRlIHZpYSB0aGUgdXNlIG9mIGEgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSAo Tk1TKSwgdmlhIHNvZnR3YXJlIGRlZmluZWQgbmV0d29ya2luZyAoU0ROKSBhbmQgdmlhIHNvbWUg Y29tYmluYXRpb24gb2YgTk1TIGFuZCBTRE4u4oCdDQoNCk5vdGUgdGhhdCDigJxhdXRvbWF0ZWQg Y29uZmlndXJhYmlsaXR54oCdIGlzIG5vdCBhIG5ldyBjb25jZXB0IGluIGNvbmZpZ3VyYXRpb24g b2YgbmV0d29yayBkZXZpY2VzLCB1bmlxdWUgdG8gU0ROLCBoZW5jZSB0aGUgbGFzdCBwYXJ0IG9m IHRoZSBmaW5hbCBzZW50ZW5jZSAoc3RhcnRpbmcgd2l0aCDigJxhbGxvd2luZyBmb3Ig4oCm4oCd KSBhZGRzIG5vIHZhbHVlIGFuZCBzaG91bGQgYmUgbGVmdCBvdXQuDQoNCi0tDQpFcmljDQoNCkZy b206IFJhZGlhIFBlcmxtYW4gW21haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tXQ0KU2VudDog U2F0dXJkYXksIE1heSAxOSwgMjAxOCAxMTozNSBQTQ0KVG86IEVyaWMgR3JheSA8ZXJpYy5ncmF5 QGVyaWNzc29uLmNvbT4NCkNjOiBZZW1pbiAoQW15KSA8YW15LnllbWluQGh1YXdlaS5jb20+OyBU aGUgSUVTRyA8aWVzZ0BpZXRmLm9yZz47IGNjYW1wQGlldGYub3JnOyBzZWNkaXJAaWV0Zi5vcmc7 IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmcN ClN1YmplY3Q6IFJlOiBbQ0NBTVBdIFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1t aWNyb3dhdmUtZnJhbWV3b3JrLTA1DQpJbXBvcnRhbmNlOiBIaWdoDQoNCkhpIEVyaWMsDQoNCkkg ZmVlbCBiYWQgZm9yIHRoZSBhdXRob3JzIG9mIHRoaXMgZG9jdW1lbnQgdG8gYmUgYnVyZGVuZWQg d2l0aCBjbGFyaWZ5aW5nIGEgZGlzdGluY3Rpb24gdGhhdCBoYXMgbmV2ZXIgYmVlbiBjbGVhciBi ZWZvcmUgKHRvIGxvdHMgb2YgcGVvcGxlLCBpbmNsdWRpbmcgbWUpLCAgYnV0IHRoZWlyIHByb3Bv c2VkIHRleHQgZG9lc24ndCBtYWtlIGl0IGNsZWFyZXIuDQoNCiIg4oCcSXQncyBub3RlZCB0aGF0 IHRoZXJlJ3MgaWRlYSB0aGF0IHRoZSBOTVMgYW5kIFNETiBhcmUgZXZvbHZpbmcgdG93YXJkcyBh IGNvbXBvbmVudCwgYW5kIHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVuIHRoZW0gaXMgcXVpdGUgdmFn dWUuIEFub3RoZXIgZmFjdCBpcyB0aGF0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3Jr cyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2Yg dGhlIG1hbmFnZW1lbnQgcGxhbmUsIHdoaWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50 cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBz ZXBhcmF0ZSBjb21wb25lbnQiDQoNCiBEbyB5b3UgKG9yIGFueW9uZSBlbHNlKSBoYXZlIGEgc3Vn Z2VzdGlvbiBmb3IgdGV4dCB0aGF0IGFja25vd2xlZGdlcyB0byB0aGUgcmVhZGVyIHRoYXQgaXQn cyBub3QgdGhlIHJlYWRlcidzIGZhdWx0IGZvciBub3QgdW5kZXJzdGFuZGluZyB0aGUgZGlmZmVy ZW5jZT8NCg0KSXQgd291bGQgYmUgT0sgd2l0aCBtZSBmb3IgdGhlbSB0byBsZWF2ZSBvdXQgIHRo ZSBleHRyYSBlbnRpcmVseSwgc2luY2UgSSdtIHN1cmUgdGhpcyBpc24ndCB0aGUgZmlyc3QgUkZD IHdob3NlIHZlcmJpYWdlIGNsYWltcyBTRE4gYW5kIE5NUyBhcmUgdHdvIGRpZmZlcmVudCBjb25j ZXB0cy4gQnV0IGlmIEkgd2VyZSB0cnlpbmcgdG8gZ2V0IHVwIHRvIHNwZWVkIGFib3V0IHRoaXMg YXJlYSBieSByZWFkaW5nIHRoZSBkb2N1bWVudHMsIEknZCBiZSBzb21ld2hhdCBjb21mb3J0ZWQg YnkgYW4gYWNrbm93bGVkZ2VtZW50IChzdWNoIGFzIHRoZSB0ZXh0IHRoZXkgcHJvcG9zZSwgYnV0 IHdpdGggdGhlIEVuZ2xpc2ggZml4ZWQpIHRoYXQgdGhlc2UgYXJlIGZ1enp5IGRpc3RpbmN0aW9u cywgc28gSSB3b3VsZG4ndCB0aGluayBpdCB3YXMganVzdCBtZS4uLi50aGF0IGlmIEkgb25seSBy ZWFkIG1vcmUgdGhpbmdzLCBvciB0aG91Z2h0IGhhcmRlciwgb3IgaGFkIG1vcmUgYmFja2dyb3Vu ZCwgdGhlIGRpc3RpbmN0aW9uIHdvdWxkIGJlIGNsZWFyLg0KDQpSYWRpYQ0KDQoNCg0KDQpPbiBG cmksIE1heSAxOCwgMjAxOCBhdCAxOjI3IFBNLCBFcmljIEdyYXkgPGVyaWMuZ3JheUBlcmljc3Nv bi5jb208bWFpbHRvOmVyaWMuZ3JheUBlcmljc3Nvbi5jb20+PiB3cm90ZToNCkhpIFJhZGlhLg0K DQpJIGFncmVlIHRoYXQgdGhlIEVuZ2xpc2ggaXMgYXdrd2FyZCwgYnV0IEkgd291bGQgaGF2ZSBp bnRlcnByZXRlZCDigJxldm9sdmluZyB0b3dhcmQgYSBjb21wb25lbnTigJ0gdG8gbWVhbiBzb21l dGhpbmcgbW9yZSBhbG9uZyB0aGUgbGluZXMgb2YgZXZvbHZpbmcgdG93YXJkIHRoZSBzYW1lIChz aW5ndWxhcikgdGhpbmcuICBPciBwZXJoYXBzIGFub3RoZXIgd2F5IHRvIGxvb2sgYXQgaXQgbWln aHQgYmUgdGhhdCwgYmVjYXVzZSBZQU5HIGlzIGJlY29taW5nIGEgbW9yZSBwb3B1bGFyIG1lY2hh bmlzbSBmb3IgYm90aCBOTVMgYW5kIFNETiwgaXQgaXMgbGlrZWx5IHRoYXQgb25lIG9yIGJvdGgg b2YgdGhlc2UgbWF5IGJlY29tZSBjb21wb25lbnRzIG9mIGEgY29tbW9uIG1hbmFnZW1lbnQgZnJh bWV3b3JrLg0KDQpJIHdvdWxkIGludGVycHJldCBpdCB0aGlzIHdheSBwcmVjaXNlbHkgYmVjYXVz ZSDigJMgYXMgeW91IHNheSDigJMgdGhlIGRpc3RpbmN0aW9uIGlzIG5vdCBhdCBhbGwgY2xlYXIs IHRob3VnaCBJIHdvdWxkIGFkZCB0aGF0ICh0byBzb21lIG9mIHVzKSB0aGUgZGlzdGluY3Rpb24g aGFzIG5ldmVyIGJlZW4gdmVyeSBjbGVhci4gIPCfmIoNCg0KRm9yIHRoaXMgcmVhc29uLCBJIHdv dWxkIGhhdmUgc29tZSBzbWFsbCBkaWZmaWN1bHR5IGluIHNlZWluZyBob3cgaXQgd291bGQgbWFr ZSBtdWNoIHNlbnNlIHRvIHNheSB0aGF0IHRoZXkgYXJlIGV2b2x2aW5nIHRvd2FyZCBpbmNyZWFz aW5nIHNpbWlsYXJpdHkuDQoNCi0tDQpFcmljDQoNCkZyb206IENDQU1QIFttYWlsdG86Y2NhbXAt Ym91bmNlc0BpZXRmLm9yZzxtYWlsdG86Y2NhbXAtYm91bmNlc0BpZXRmLm9yZz5dIE9uIEJlaGFs ZiBPZiBSYWRpYSBQZXJsbWFuDQpTZW50OiBGcmlkYXksIE1heSAxOCwgMjAxOCAxMjozMCBBTQ0K VG86IFllbWluIChBbXkpIDxhbXkueWVtaW5AaHVhd2VpLmNvbTxtYWlsdG86YW15LnllbWluQGh1 YXdlaS5jb20+Pg0KQ2M6IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYu b3JnPj47IGNjYW1wQGlldGYub3JnPG1haWx0bzpjY2FtcEBpZXRmLm9yZz47IHNlY2RpckBpZXRm Lm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPjsgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUt ZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNy b3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbQ0NBTVBd IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1 DQoNClRoYW5rIHlvdSEgIFRob3VnaCB3aGF0IHlvdSdyZSBzdWdnZXN0aW5nIGlzIGF3a3dhcmQg RW5nbGlzaC4NCg0KUGVyaGFwcyAiV2Ugbm90ZSB0aGF0IHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVu IE5NUyBhbmQgU0ROIGlzIG5vdCBhbGwgdGhhdCBjbGVhciwgYW5kIHRoZSB0d28gYXJlIGV2b2x2 aW5nIHRvIGJlIG1vcmUgYW5kIG1vcmUgc2ltaWxhci4iIGNvdWxkIHJlcGxhY2UgdGhlIGZpcnN0 IHNlbnRlbmNlLiAgSSdtIHJlYWxseSBub3Qgc3VyZSB3aGF0IHlvdSBtZWFudCBieSAiZXZvbHZp bmcgdG93YXJkIGEgY29tcG9uZW50Iiwgc28gcGVyaGFwcyBJJ20gbm90IGNhcHR1cmluZyB3aGF0 IHlvdSBhcmUgaW50ZW5kaW5nIHRvIHNheS4NCg0KDQpSYWRpYQ0KDQpPbiBUaHUsIE1heSAxNywg MjAxOCBhdCA3OjAzIFBNLCBZZW1pbiAoQW15KSA8YW15LnllbWluQGh1YXdlaS5jb208bWFpbHRv OmFteS55ZW1pbkBodWF3ZWkuY29tPj4gd3JvdGU6DQpIaSBSYWRpYSwNCg0KV2UganVzdCB1cGRh dGVkIHRoZSBkcmFmdCwgaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0 Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLy4NCllvdXIgY29tbWVudHMgYXJlIGFkZHJlc3Nl ZCBpbiB0aGUgbGF0ZXN0IHZlcnNpb24uDQoNCkJSLA0KQW15DQpGcm9tOiBZZW1pbiAoQW15KQ0K U2VudDogVGh1cnNkYXksIE1heSAxMCwgMjAxOCA0OjA3IFBNDQpUbzogJ0RhbmllbGUgQ2VjY2Fy ZWxsaScgPGRhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb208bWFpbHRvOmRhbmllbGUuY2Vj Y2FyZWxsaUBlcmljc3Nvbi5jb20+PjsgUmFkaWEgUGVybG1hbiA8cmFkaWFwZXJsbWFuQGdtYWls LmNvbTxtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbT4+OyBkcmFmdC1pZXRmLWNjYW1wLW1p Y3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWNj YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPjsgVGhlIElFU0cgPGll c2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+Pjsgc2VjZGlyQGlldGYub3JnPG1haWx0 bzpzZWNkaXJAaWV0Zi5vcmc+DQpTdWJqZWN0OiBSRTogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1p ZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNCg0KSGkgUmFkaWEsDQoNClRoYW5rcyBm b3IgeW91ciByZXZpZXcuDQoNClJlZ2FyZGluZyB0aGUgTk1TIGFuZCBTRE4sIGFzIERhbmllbGUg c3VnZ2VzdGVkLCB3ZSB3aWxsIGFkZCB0aGUgZm9sbG93aW5nIHRleHQgaW4gc2VjdGlvbiAzOg0K 4oCcSXQncyBub3RlZCB0aGF0IHRoZXJlJ3MgaWRlYSB0aGF0IHRoZSBOTVMgYW5kIFNETiBhcmUg ZXZvbHZpbmcgdG93YXJkcyBhIGNvbXBvbmVudCwgYW5kIHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVu IHRoZW0gaXMgcXVpdGUgdmFndWUuIEFub3RoZXIgZmFjdCBpcyB0aGF0IHRoZXJlIGlzIHN0aWxs IHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUg aW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUsIHdoaWxlIFNETiBpcyBjb25z aWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZS4gVGhleSBh cmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25lbnQu4oCdDQoNClJlZ2FyZGluZyB0aGUg c2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBkcmFmdCBkb2VzbuKAmXQgc3BlY2lm eSB0aGUgcGFyYW1ldGVycy4NClRoZXJl4oCZcyBhbm90aGVyIGRyYWZ0IGRyYWZ0LWlldGYtY2Nh bXAtbXcteWFuZywgd2hlcmUgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb24gaXMgYWRkcmVzc2Vk IGFzIHlvdSBzdWdnZXN0ZWQuDQoNCkJSLA0KQW15DQpGcm9tOiBEYW5pZWxlIENlY2NhcmVsbGkg W21haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tXQ0KU2VudDogTW9uZGF5LCBN YXkgMDcsIDIwMTggNTo0NiBQTQ0KVG86IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVybG1hbkBnbWFp bC5jb208bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20+PjsgZHJhZnQtaWV0Zi1jY2FtcC1t aWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1j Y2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRoZSBJRVNHIDxp ZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWls dG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVjdDogUkU6IFNlY2RpciByZXZpZXcgb2YgZHJhZnQt aWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1DQoNCkhpIFJhZGlhLA0KDQpsZXQgbWUg cmVwbHkgb24gYmVoYWxmIG9mIHRoZSBhdXRob3JzLiBGaXJzdCBvZiBhbGwgbWFueSB0aGFua3Mg Zm9yIHlvdXIgcmV2aWV3Lg0KDQpSZWdhcmRpbmcgeW91ciBxdWVzdGlvbiBhYm91dCB0cmFkaXRp b25hbCBOTVMgdnMgU0ROIEkgYWdyZWUgd2l0aCB5b3Ugb24gdGhlIGZhY3QgdGhhdCB0aGV5IGFy ZSBldm9sdmluZyB0b3dhcmRzIGEgY29tbW9uIGNvbXBvbmVudCBhbmQgdGhlIGRpc3RpbmN0aW9u IGlzIHF1aXRlIGJsdXJyeSwgYnV0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3 aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhl IG1hbmFnZW1lbnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29u dHJvbCBwbGFuZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSB0aGluZ3MuDQoN CkhlbmNlLCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVhayBhYm91dCDigJx0cmFkaXRpb25hbOKAnSBO TVMgYW5kIFNETiBJIHdvdWxkIHRlbmQgdG8gYWxsb3cgZm9yIHRoZSBkaXN0aW5jdGlvbiB0byBi ZSBrZXB0LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBzcGVha2luZyBhYm91dCB0aGUgY29udmVyZ2Vu Y2Ugb2YgdGhlIHR3byB0aGluZ3MgY2FuIGJlIGFkZGVkLg0KDQpUaGFua3MgYSBsb3QNCkRhbmll bGUgIChjY2FtcCBjby1jaGFpcikNCg0KRnJvbTogUmFkaWEgUGVybG1hbiBbbWFpbHRvOnJhZGlh cGVybG1hbkBnbWFpbC5jb21dDQpTZW50OiBsdW5lZMOsIDcgbWFnZ2lvIDIwMTggMDg6NTUNClRv OiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3Jn PG1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmll dGYub3JnPjsgVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+Pjsg c2VjZGlyQGlldGYub3JnPG1haWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQpTdWJqZWN0OiBTZWNkaXIg cmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpTb3Jy eS4uLnJlc2VuZGluZyBiZWNhdXNlIEkgbWlzdHlwZWQgdGhlIGF1dGhvciBhZGRyZXNzLg0KDQoN Ci0tLS0tLS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLQ0KRnJvbTogUmFkaWEgUGVy bG1hbiA8cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTxtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNv bT4+DQpEYXRlOiBTdW4sIE1heSA2LCAyMDE4IGF0IDExOjQ4IFBNDQpTdWJqZWN0OiBTZWNkaXIg cmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KVG86IGRy YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc8 bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMu aWV0Zi5vcmc+LCBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+ LCBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4NClN1bW1hcnk6ICBObyBz ZWN1cml0eSBpc3N1ZXMgZm91bmQsIGJ1dCBJIGRvIGhhdmUgcXVlc3Rpb25zLCBhbmQgdGhlcmUg YXJlIGVkaXRpbmcgZ2xpdGNoZXMNCg0KSSBoYXZlIHJldmlld2VkIHRoaXMgZG9jdW1lbnQgYXMg cGFydCBvZiB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUncyBvbmdvaW5nDQplZmZvcnQgdG8gcmV2 aWV3IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cuICBUaGVz ZQ0KY29tbWVudHMgd2VyZSB3cml0dGVuIHByaW1hcmlseSBmb3IgdGhlIGJlbmVmaXQgb2YgdGhl IHNlY3VyaXR5IGFyZWENCmRpcmVjdG9ycy4gIERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNoYWly cyBzaG91bGQgdHJlYXQgdGhlc2UgY29tbWVudHMganVzdA0KbGlrZSBhbnkgb3RoZXIgbGFzdCBj YWxsIGNvbW1lbnRzLg0KDQpUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0aGUgbWFuYWdlbWVudCBp bnRlcmZhY2UgZm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy4NCkl0IGFkdm9jYXRlcyAoY29ycmVj dGx5LCBJIGJlbGlldmUpIHRoYXQgc3VjaCBhbiBpbnRlcmZhY2Ugc2hvdWxkIGJlIGV4dGVuc2li bGUgdG8gcHJvdmlkZSBmb3IgdmVuZG9yLXNwZWNpZmljIGZlYXR1cmVzLg0KDQpJIGRvbid0IHVu ZGVyc3RhbmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICJhIHRyYWRpdGlvbmFsIG5ldHdvcmsg bWFuYWdlbWVudCBzeXN0ZW0iIGFuZCBTRE4uICBQZXJoYXBzIGl0IGlzIG5vdCB0aGUgam9iIG9m IHRoaXMgZG9jdW1lbnQgdG8gY2xlYXJseSBtYWtlIHRoZSBkaXN0aW5jdGlvbiwgYW5kIEkgc3Vz cGVjdCB0aGVyZSBpcyBubyByZWFsIGRpc3RpbmN0aW9uLi4uc2V0dGluZyBwYXJhbWV0ZXJzICh0 cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQpIGlzIGEgd2F5IG9mICJwcm9ncmFtbWluZyIg YW4gaW50ZXJmYWNlICgiU0ROIikuDQoNClRoaXMgZG9jdW1lbnQgY291bGQgdXNlIGFuIGVkaXRp bmcgcGFzcyBmb3IgZ2xpdGNoZXMsIGJ1dCB0aGVzZSBnbGl0Y2hlcyBkbyBub3QgaW1wYWN0IGl0 cyByZWFkYWJpbGl0eS4NCg0KVGhlIGdsaXRjaGVzIGNvbnNpc3QgIG1vc3RseSBvZiBsZWF2aW5n IG91dCBsaXR0bGUgd29yZHMgbGlrZSAib2YiIGluIHRoZSBmb2xsb3dpbmcgc2VudGVuY2UuDQoi VGhlIGFkb3B0aW9uIG9mIGFuIFNETiBmcmFtZXdvcmsgZm9yIG1hbmFnZW1lbnQgYW5kDQogICBj b250cm9sIHRoZSBtaWNyb3dhdmUgaW50ZXJmYWNlIGlzIG9uZSBvZiB0aGUga2V5IGFwcGxpY2F0 aW9ucyBmb3INCiAgIHRoaXMgd29yay4iDQoNClRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBz YXkgdGhhdCB0aGV5IGFzc3VtZSBhIHNlY3VyZSB0cmFuc3BvcnQgbGF5ZXIgKGF1dGhlbnRpY2F0 ZWQsIHByb2JhYmx5IGVuY3J5cHRpb24gaXNuJ3QgbmVjZXNzYXJ5KSBmb3IgY29tbXVuaWNhdGlv bi4gIE90aGVyIHRoYW4gdGhhdCwgcGVyaGFwcywgdGhlcmUgbWlnaHQgYmUgc2VjdXJpdHkgY29u c2lkZXJhdGlvbnMgZm9yIGluYWR2ZXJ0ZW50bHkgc2V0dGluZyBwYXJhbWV0ZXJzIGluY29ycmVj dGx5LCBvciBtYWxpY2lvdXNseSBieSBhIHRydXN0ZWQgYWRtaW5pc3RyYXRvci4gIEJ1dCB0aGlz IGRvY3VtZW50IGRvZXMgbm90IHNwZWNpZnkgdGhlIHNwZWNpZmljIHBhcmFtZXRlcnMgdG8gYmUg bWFuYWdlZCwganVzdCBhIGdlbmVyYWwgZnJhbWV3b3JrLg0KDQpSYWRpYQ0KDQoNCg0KDQo= --_000_48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2eusaamb107erics_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 Q291cmllcjsNCglwYW5vc2UtMToyIDcgNCA5IDIgMiA1IDIgNCA0O30NCkBmb250LWZhY2UNCgl7 Zm9udC1mYW1pbHk6IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIg NDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkRlbmdYaWFuOw0KCXBhbm9zZS0xOjIgMSA2 IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBh bm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IlNlZ29lIFVJIEVtb2ppIjt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQERlbmdYaWFu IjsNCglwYW5vc2UtMToyIDEgNiAwIDMgMSAxIDEgMSAxO30NCi8qIFN0eWxlIERlZmluaXRpb25z ICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjow aW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1m YW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0K CXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246 dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28t c3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRl cmxpbmU7fQ0KcHJlDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoi SFRNTCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJbWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4w MDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30N CnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxl LW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdo dDowaW47DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0K CWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0K c3Bhbi5tLTIwNTg3OTU0ODIyOTczNzM2ODFtLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3Njcy ODAzMTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3 NzgyNTM0Z21haWwtaWwNCgl7bXNvLXN0eWxlLW5hbWU6bV8tMjA1ODc5NTQ4MjI5NzM3MzY4MW0t NjE2Njk4NTgwNDYxNTI3OTM2Nm00MTMxMzc2NzI4MDMxMTY3MzA2Z21haWwtbTkwMjYzNjg4MDM3 MTM4NjMzNDlnbWFpbC1tLTUwNTcwMTA5MTIxNTc3ODI1MzRnbWFpbC1pbDt9DQpzcGFuLkVtYWls U3R5bGUxOQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToi Q2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnNwYW4uSFRNTFByZWZv cm1hdHRlZENoYXINCgl7bXNvLXN0eWxlLW5hbWU6IkhUTUwgUHJlZm9ybWF0dGVkIENoYXIiOw0K CW1zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0 ZWQiOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0Kc3Bhbi5ncmV5DQoJe21zby1zdHls ZS1uYW1lOmdyZXk7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9u bHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rp b24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBp bjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+ PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBz cGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4 bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIg ZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4N Cjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xh c3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5Tbywgb25lIGNvdWxkIHJl YWQgdGhpcyBhcyBzYXlpbmcgdGhhdCBzb21lIHBlb3BsZSB2aWV3IG5ldHdvcmsgbWFuYWdlbWVu dCAoZS5nLiDigJMgdXNlIG9mIGFuIE5NUykgYW5kIGNlbnRyYWxpemVkIG5ldHdvcmsgY29udHJv bCAoZS5nLiDigJMgU0ROKSBhcyBiZWluZyBzb21laG93IGF0IGxlYXN0IG1hcmdpbmFsbHkgZGlz dGluY3QsIHlldCBiZWNvbWluZyBpbmNyZWFzaW5nbHkgbGVzcyBzby4mbmJzcDsgT3RoZXIgcGVv cGxlDQogdmlldyB0aGVtIGFzIGNvbXBsZXRlbHkgZGlzam9pbnQsIHBlcmhhcHMgaGF2aW5nIGEg cHJlZmVyZW5jZSwgYW5kIHdvdWxkIGxpa2UgdGhlbSB0byBjb250aW51ZSBiZWluZyBjb25zaWRl cmVkIGNvbXBsZXRlbHkgc2VwYXJhdGUgYW5kIGRpc3RpbmN0IGNvbmNlcHRzLjxvOnA+PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj5XaGlsZSBJIHRoaW5rIGl0IGlzIHByb2JhYmx5IGZhaXIgdG8gc2F5IHRo YXQgdGhpcyBpcyB2ZXJ5IGxpa2VseSB0cnVlLCB0aGlzIGhhcyBhbGwgdGhlIGVhciBtYXJrcyBv ZiBiZWluZyBhIHJhdCBob2xlLCBhbmQgSSBjYW5ub3QgaW1hZ2luZSB3aGF0IHZhbHVlIHRoZSBw cm9wb3NlZCB0ZXh0IGFkZHMgdG8gdGhlIGRyYWZ0LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5B cyBJIHVuZGVyc3RhbmQgaXQsIHRoZSBpbnRlbnQgd2FzIHRvIGNsYXJpZnkgc29tZXRoaW5nIHRv IGRvIHdpdGggdGhlIGZvbGxvd2luZyB0ZXh0OjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlzIj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQt ZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlz Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1 b3Q7Ij4mbmJzcDsmbmJzcDsgVGhpcyBmcmFtZXdvcmsgYWRkcmVzc2VzIHRoZSBkZWZpbml0aW9u IG9mIGFuIG9wZW4gYW5kIHN0YW5kYXJkaXplZDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJwYWdlLWJyZWFrLWJlZm9yZTphbHdheXMiPjxzcGFuIGxh bmc9IkVOIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPiZuYnNw OyZuYnNwOyBpbnRlcmZhY2UgZm9yIHRoZSByYWRpbyBsaW5rIGZ1bmN0aW9uYWxpdHkgaW4gYSBt aWNyb3dhdmUgbm9kZS4mbmJzcDsgVGhlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9InBhZ2UtYnJlYWstYmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0i RU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5i c3A7IGFwcGxpY2F0aW9uIG9mIHN1Y2ggYW4gaW50ZXJmYWNlIHVzZWQgZm9yIG1hbmFnZW1lbnQg YW5kIGNvbnRyb2wgb2Y8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlzIj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9 ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij4mbmJzcDsmbmJzcDsgbm9kZXMg YW5kIG5ldHdvcmtzIHR5cGljYWxseSB2YXJ5IGZyb20gb25lIG9wZXJhdG9yIHRvIGFub3RoZXIs IGluPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InBh Z2UtYnJlYWstYmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWls eTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5ic3A7IHRlcm1zIG9mIHRoZSBzeXN0 ZW1zIHVzZWQgYW5kIGhvdyB0aGV5IGludGVyYWN0LiZuYnNwOyBBIHRyYWRpdGlvbmFsPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InBhZ2UtYnJlYWst YmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtD b3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5ic3A7IHNvbHV0aW9uIGlzIG5ldHdvcmsgbWFuYWdl bWVudCBzeXN0ZW0sIHdoaWxlIGFuIGVtZXJnaW5nIG9uZSBpcyBTRE4uPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InBhZ2UtYnJlYWstYmVmb3JlOmFs d2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5l dyZxdW90OyI+Jm5ic3A7Jm5ic3A7IFNETiBzb2x1dGlvbnMgY2FuIGJlIHVzZWQgYXMgcGFydCBv ZiB0aGUgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlzIj48c3Bh biBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij4m bmJzcDsmbmJzcDsgYWxsb3dpbmcgZm9yIGRpcmVjdCBuZXR3b3JrIHByb2dyYW1tYWJpbGl0eSBh bmQgYXV0b21hdGVkPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9InBhZ2UtYnJlYWstYmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJm b250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5ic3A7IGNvbmZpZ3Vy YWJpbGl0eSBieSBtZWFucyBvZiBhIGNlbnRyYWxpemVkIFNETiBjb250cm9sIGFuZDxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJwYWdlLWJyZWFrLWJl Zm9yZTphbHdheXMiPjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291 cmllciBOZXcmcXVvdDsiPiZuYnNwOyZuYnNwOyBzdGFuZGFyZGl6ZWQgaW50ZXJmYWNlcyB0byBw cm9ncmFtIHRoZSBub2Rlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4iPllvdXIgY29tbWVudCB3YXMgdGhhdCB0aGUg ZGlzdGluY3Rpb24gaXMgbm90IGNsZWFyLiZuYnNwOyBUaGF0IGlzIGEgZmFpciBwb2ludC4mbmJz cDsgQW5kIGl0IGlzIHByb2JhYmx5IG5vdCBhZGRyZXNzZWQgYnkgdGhlIHByb3Bvc2FsLjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTiI+SSB3b3VsZCBmdXJ0aGVyIGFkZCB0aGF0IHVzaW5nIGVtb3Rpb25hbGx5IGZyZWln aHRlZCBleHByZXNzaW9ucyAo4oCcY2xhc3NpY+KAnS/igJ1sZWdhY3nigJ0v4oCddHJhZGl0aW9u YWzigJ0gdmVyc2VzIOKAnGlubm92YXRpdmXigJ0v4oCdbm92ZWzigJ0v4oCdZW1lcmdpbmfigJ0p IGRvZXNu4oCZdCBoZWxwIGFuZCByZWFsbHkgaXNu4oCZdCBhcHByb3ByaWF0ZSBpbiBzcGVjaWZp Y2F0aW9uLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IkVOIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTiI+SSBzdXNwZWN0IHRoYXQgdGhlIHJlYXNvbiBmb3IgY2xhaW1p bmcgYSBkaXN0aW5jdGlvbiBleGlzdHMgKGhvd2V2ZXIgZGlmZmljdWx0IGl0IG1heSBiZSB0byBj aGFyYWN0ZXJpemUgdGhhdCBkaXN0aW5jdGlvbikgaXMgaW4gdGhlIHBhcnQgb2YgdGhlIGFib3Zl IHRleHQgaGF2aW5nIHRvIGRvIHdpdGggb3BlcmF0b3IgcHJlZmVyZW5jZXMuJm5ic3A7IFRoZXNl IGRlZmluaXRlbHkgZG8gZXhpc3QuJm5ic3A7DQo8L3NwYW4+PHNwYW4gbGFuZz0iRU4iIHN0eWxl PSJmb250LWZhbWlseTomcXVvdDtTZWdvZSBVSSBFbW9qaSZxdW90OyxzYW5zLXNlcmlmIj7wn5iK PC9zcGFuPjxzcGFuIGxhbmc9IkVOIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4iPlBlcmhhcHMgYSBnb29kIHdheSB0 byBhZGRyZXNzIHRoZSBpc3N1ZSBpcyB0byByZXBsYWNlIHRoZSBsYXN0IHR3byBzZW50ZW5jZXMg aW4gdGhlIHRleHQgYWJvdmUgd2l0aCBzb21ldGhpbmcgYWxvbmcgdGhlIGxpbmVzIG9mOjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTiI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IDwvc3Bhbj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9 ImZvbnQtZmFtaWx5OkNvdXJpZXIiPuKAnFBvc3NpYmxlIGFwcHJvYWNoZXMgaW5jbHVkZSB2aWEg dGhlIHVzZSBvZiBhIG5ldHdvcmsgbWFuYWdlbWVudCBzeXN0ZW0gKE5NUyksIHZpYSBzb2Z0d2Fy ZSBkZWZpbmVkIG5ldHdvcmtpbmcgKFNETikgYW5kIHZpYSBzb21lIGNvbWJpbmF0aW9uIG9mIE5N UyBhbmQgU0ROLuKAnTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIGxhbmc9IkVOIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTiI+Tm90ZSB0aGF0IOKAnGF1dG9tYXRlZCBjb25maWd1 cmFiaWxpdHnigJ0gaXMgPGI+DQo8aT48dT5ub3Q8L3U+PC9pPjwvYj4gYSBuZXcgY29uY2VwdCBp biBjb25maWd1cmF0aW9uIG9mIG5ldHdvcmsgZGV2aWNlcywgdW5pcXVlIHRvIFNETiwgaGVuY2Ug dGhlIGxhc3QgcGFydCBvZiB0aGUgZmluYWwgc2VudGVuY2UgKHN0YXJ0aW5nIHdpdGgg4oCcYWxs b3dpbmcgZm9yIOKApuKAnSkgYWRkcyBubyB2YWx1ZSBhbmQgc2hvdWxkIGJlIGxlZnQgb3V0Ljxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVO Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTiI+LS08bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBsYW5nPSJFTiI+RXJpYzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+ RnJvbTo8L2I+IFJhZGlhIFBlcmxtYW4gW21haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tXSA8 YnI+DQo8Yj5TZW50OjwvYj4gU2F0dXJkYXksIE1heSAxOSwgMjAxOCAxMTozNSBQTTxicj4NCjxi PlRvOjwvYj4gRXJpYyBHcmF5ICZsdDtlcmljLmdyYXlAZXJpY3Nzb24uY29tJmd0Ozxicj4NCjxi PkNjOjwvYj4gWWVtaW4gKEFteSkgJmx0O2FteS55ZW1pbkBodWF3ZWkuY29tJmd0OzsgVGhlIElF U0cgJmx0O2llc2dAaWV0Zi5vcmcmZ3Q7OyBjY2FtcEBpZXRmLm9yZzsgc2VjZGlyQGlldGYub3Jn OyBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3Jn PGJyPg0KPGI+U3ViamVjdDo8L2I+IFJlOiBbQ0NBTVBdIFNlY2RpciByZXZpZXcgb2YgZHJhZnQt aWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PGJyPg0KPGI+SW1wb3J0YW5jZTo8L2I+ IEhpZ2g8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkhpIEVyaWMsPG86cD48L286cD48 L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JIGZlZWwgYmFkIGZvciB0aGUgYXV0 aG9ycyBvZiB0aGlzIGRvY3VtZW50IHRvIGJlIGJ1cmRlbmVkIHdpdGggY2xhcmlmeWluZyBhIGRp c3RpbmN0aW9uIHRoYXQgaGFzIG5ldmVyIGJlZW4gY2xlYXIgYmVmb3JlICh0byBsb3RzIG9mIHBl b3BsZSwgaW5jbHVkaW5nIG1lKSwmbmJzcDsgYnV0IHRoZWlyIHByb3Bvc2VkIHRleHQgZG9lc24n dCBtYWtlIGl0IGNsZWFyZXIuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPiZxdW90OyA8c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuNXB0O2ZvbnQt ZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RDtiYWNrZ3Jv dW5kOndoaXRlIj4NCuKAnEl0J3Mgbm90ZWQgdGhhdCB0aGVyZSdzIGlkZWEgdGhhdCB0aGUgTk1T IGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBjb21wb25lbnQsIGFuZCB0aGUgZGlzdGlu Y3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZhZ3VlLiBBbm90aGVyIGZhY3QgaXMgdGhhdCB0 aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNp ZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50DQogcGxhbmUsIHdo aWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJv bCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSBjb21wb25lbnQmcXVvdDs8 L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwm cXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEO2JhY2tncm91bmQ6d2hpdGUiPiZuYnNwO0Rv IHlvdSAob3IgYW55b25lIGVsc2UpIGhhdmUgYSBzdWdnZXN0aW9uIGZvciB0ZXh0IHRoYXQgYWNr bm93bGVkZ2VzIHRvIHRoZSByZWFkZXIgdGhhdCBpdCdzIG5vdCB0aGUgcmVhZGVyJ3MgZmF1bHQg Zm9yIG5vdCB1bmRlcnN0YW5kaW5nIHRoZSBkaWZmZXJlbmNlPzwvc3Bhbj48bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZTo5LjVwdDtjb2xvcjojMUY0OTdEIj5JdCB3b3VsZCBiZSBPSyB3aXRoIG1lIGZvciB0 aGVtIHRvIGxlYXZlIG91dCZuYnNwOyB0aGUgZXh0cmEgZW50aXJlbHksIHNpbmNlIEknbSBzdXJl IHRoaXMgaXNuJ3QgdGhlIGZpcnN0IFJGQyB3aG9zZSB2ZXJiaWFnZSBjbGFpbXMgU0ROIGFuZCBO TVMgYXJlIHR3byBkaWZmZXJlbnQgY29uY2VwdHMuIEJ1dCBpZiBJIHdlcmUgdHJ5aW5nIHRvDQog Z2V0IHVwIHRvIHNwZWVkIGFib3V0IHRoaXMgYXJlYSBieSByZWFkaW5nIHRoZSBkb2N1bWVudHMs IEknZCBiZSBzb21ld2hhdCBjb21mb3J0ZWQgYnkgYW4gYWNrbm93bGVkZ2VtZW50IChzdWNoIGFz IHRoZSB0ZXh0IHRoZXkgcHJvcG9zZSwgYnV0IHdpdGggdGhlIEVuZ2xpc2ggZml4ZWQpIHRoYXQg dGhlc2UgYXJlIGZ1enp5IGRpc3RpbmN0aW9ucywgc28gSSB3b3VsZG4ndCB0aGluayBpdCB3YXMg anVzdCBtZS4uLi50aGF0IGlmIEkgb25seSByZWFkDQogbW9yZSB0aGluZ3MsIG9yIHRob3VnaHQg aGFyZGVyLCBvciBoYWQgbW9yZSBiYWNrZ3JvdW5kLCB0aGUgZGlzdGluY3Rpb24gd291bGQgYmUg Y2xlYXIuJm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuNXB0O2NvbG9yOiMxRjQ5 N0QiPlJhZGlhPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBGcmksIE1heSAxOCwgMjAxOCBhdCAxOjI3IFBNLCBFcmlj IEdyYXkgJmx0OzxhIGhyZWY9Im1haWx0bzplcmljLmdyYXlAZXJpY3Nzb24uY29tIiB0YXJnZXQ9 Il9ibGFuayI+ZXJpYy5ncmF5QGVyaWNzc29uLmNvbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+ PC9wPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICND Q0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDtt YXJnaW4tcmlnaHQ6MGluIj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5I aSBSYWRpYS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkkgYWdyZWUgdGhhdCB0aGUgRW5n bGlzaCBpcyBhd2t3YXJkLCBidXQgSSB3b3VsZCBoYXZlIGludGVycHJldGVkIOKAnGV2b2x2aW5n IHRvd2FyZCBhIGNvbXBvbmVudOKAnSB0byBtZWFuIHNvbWV0aGluZyBtb3JlIGFsb25nIHRoZSBs aW5lcyBvZiBldm9sdmluZyB0b3dhcmQgdGhlIHNhbWUgKHNpbmd1bGFyKSB0aGluZy4mbmJzcDsN CiBPciBwZXJoYXBzIGFub3RoZXIgd2F5IHRvIGxvb2sgYXQgaXQgbWlnaHQgYmUgdGhhdCwgYmVj YXVzZSBZQU5HIGlzIGJlY29taW5nIGEgbW9yZSBwb3B1bGFyIG1lY2hhbmlzbSBmb3IgYm90aCBO TVMgYW5kIFNETiwgaXQgaXMgbGlrZWx5IHRoYXQgb25lIG9yIGJvdGggb2YgdGhlc2UgbWF5IGJl Y29tZSBjb21wb25lbnRzIG9mIGEgY29tbW9uIG1hbmFnZW1lbnQgZnJhbWV3b3JrLjxvOnA+PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+SSB3b3VsZCBpbnRlcnByZXQgaXQgdGhpcyB3YXkgcHJlY2lz ZWx5IGJlY2F1c2Ug4oCTIGFzIHlvdSBzYXkg4oCTIHRoZSBkaXN0aW5jdGlvbiBpcyBub3QgYXQg YWxsIGNsZWFyLCB0aG91Z2ggSSB3b3VsZCBhZGQgdGhhdCAodG8gc29tZSBvZiB1cykgdGhlIGRp c3RpbmN0aW9uIGhhcyBuZXZlciBiZWVuIHZlcnkgY2xlYXIuJm5ic3A7DQo8c3BhbiBzdHlsZT0i Zm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkgRW1vamkmcXVvdDssc2Fucy1zZXJpZiI+8J+Yijwv c3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkZvciB0aGlzIHJlYXNvbiwgSSB3b3Vs ZCBoYXZlIHNvbWUgc21hbGwgZGlmZmljdWx0eSBpbiBzZWVpbmcgaG93IGl0IHdvdWxkIG1ha2Ug bXVjaCBzZW5zZSB0byBzYXkgdGhhdCB0aGV5IGFyZSBldm9sdmluZyB0b3dhcmQgaW5jcmVhc2lu ZyBzaW1pbGFyaXR5LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJz cDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+LS08bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+RXJpYzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0 byI+PGI+RnJvbTo8L2I+IENDQU1QIFttYWlsdG86PGEgaHJlZj0ibWFpbHRvOmNjYW1wLWJvdW5j ZXNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5jY2FtcC1ib3VuY2VzQGlldGYub3JnPC9hPl0N CjxiPk9uIEJlaGFsZiBPZiA8L2I+UmFkaWEgUGVybG1hbjxicj4NCjxiPlNlbnQ6PC9iPiBGcmlk YXksIE1heSAxOCwgMjAxOCAxMjozMCBBTTxicj4NCjxiPlRvOjwvYj4gWWVtaW4gKEFteSkgJmx0 OzxhIGhyZWY9Im1haWx0bzphbXkueWVtaW5AaHVhd2VpLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmFt eS55ZW1pbkBodWF3ZWkuY29tPC9hPiZndDs8YnI+DQo8Yj5DYzo8L2I+IFRoZSBJRVNHICZsdDs8 YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5v cmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpjY2FtcEBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxh bmsiPmNjYW1wQGlldGYub3JnPC9hPjsgPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyIg dGFyZ2V0PSJfYmxhbmsiPg0Kc2VjZGlyQGlldGYub3JnPC9hPjsgPGEgaHJlZj0ibWFpbHRvOmRy YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmciIHRh cmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxA dG9vbHMuaWV0Zi5vcmc8L2E+PGJyPg0KPGI+U3ViamVjdDo8L2I+IFJlOiBbQ0NBTVBdIFNlY2Rp ciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhhbmsgeW91ISZuYnNwOyBUaG91Z2ggd2hh dCB5b3UncmUgc3VnZ2VzdGluZyBpcyBhd2t3YXJkIEVuZ2xpc2guPG86cD48L286cD48L3A+DQo8 ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5QZXJoYXBzICZx dW90O1dlIG5vdGUgdGhhdCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiBOTVMgYW5kIFNETiBpcyBu b3QgYWxsIHRoYXQgY2xlYXIsIGFuZCB0aGUgdHdvIGFyZSBldm9sdmluZyB0byBiZSBtb3JlIGFu ZCBtb3JlIHNpbWlsYXIuJnF1b3Q7IGNvdWxkIHJlcGxhY2UgdGhlIGZpcnN0IHNlbnRlbmNlLiZu YnNwOyBJJ20gcmVhbGx5DQogbm90IHN1cmUgd2hhdCB5b3UgbWVhbnQgYnkgJnF1b3Q7ZXZvbHZp bmcgdG93YXJkIGEgY29tcG9uZW50JnF1b3Q7LCBzbyBwZXJoYXBzIEknbSBub3QgY2FwdHVyaW5n IHdoYXQgeW91IGFyZSBpbnRlbmRpbmcgdG8gc2F5LjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+UmFkaWE8bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8 ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5PbiBUaHUsIE1heSAxNywgMjAxOCBhdCA3 OjAzIFBNLCBZZW1pbiAoQW15KSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmFteS55ZW1pbkBodWF3ZWku Y29tIiB0YXJnZXQ9Il9ibGFuayI+YW15LnllbWluQGh1YXdlaS5jb208L2E+Jmd0OyB3cm90ZTo8 bzpwPjwvbzpwPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVm dDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxl ZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206 NS4wcHQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxl PSJjb2xvcjojMUY0OTdEIj5IaSBSYWRpYSwNCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bh bj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNv bG9yOiMxRjQ5N0QiPldlIGp1c3QgdXBkYXRlZCB0aGUgZHJhZnQsDQo8YSBocmVmPSJodHRwczov L2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt ZXdvcmsvIiB0YXJnZXQ9Il9ibGFuayI+DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2Rv Yy9kcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsvPC9hPi4gPC9zcGFuPg0KPG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjoj MUY0OTdEIj5Zb3VyIGNvbW1lbnRzIGFyZSBhZGRyZXNzZWQgaW4gdGhlIGxhdGVzdCB2ZXJzaW9u Lg0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBz dHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+QlIsPC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6 IzFGNDk3RCI+QW15PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJv cmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBp biAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGI+RnJvbTo8L2I+IFllbWluIChB bXkpDQo8YnI+DQo8Yj5TZW50OjwvYj4gVGh1cnNkYXksIE1heSAxMCwgMjAxOCA0OjA3IFBNPGJy Pg0KPGI+VG86PC9iPiAnRGFuaWVsZSBDZWNjYXJlbGxpJyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmRh bmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb20iIHRhcmdldD0iX2JsYW5rIj5kYW5pZWxlLmNl Y2NhcmVsbGlAZXJpY3Nzb24uY29tPC9hPiZndDs7IFJhZGlhIFBlcmxtYW4gJmx0OzxhIGhyZWY9 Im1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tIiB0YXJnZXQ9Il9ibGFuayI+cmFkaWFwZXJs bWFuQGdtYWlsLmNvbTwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAt bWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4N CmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8 L2E+OyBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0i X2JsYW5rIj5pZXNnQGlldGYub3JnPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGll dGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2VjZGlyQGlldGYub3JnPC9hPjxicj4NCjxiPlN1Ympl Y3Q6PC9iPiBSRTogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m cmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48 c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+SGkgUmFkaWEsDQo8L3NwYW4+PG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj4m bmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu IHN0eWxlPSJjb2xvcjojMUY0OTdEIj5UaGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KPC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6 IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph dXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+UmVnYXJkaW5nIHRoZSBOTVMgYW5kIFNE TiwgYXMgRGFuaWVsZSBzdWdnZXN0ZWQsIHdlIHdpbGwgYWRkIHRoZSBmb2xsb3dpbmcgdGV4dCBp biBzZWN0aW9uIDM6DQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj7igJxJdCdzIG5vdGVkIHRoYXQgdGhlcmUn cyBpZGVhIHRoYXQgdGhlIE5NUyBhbmQgU0ROIGFyZSBldm9sdmluZyB0b3dhcmRzIGEgY29tcG9u ZW50LCBhbmQgdGhlIGRpc3RpbmN0aW9uIGJldHdlZW4gdGhlbSBpcyBxdWl0ZSB2YWd1ZS4gQW5v dGhlciBmYWN0IGlzDQogdGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hl cmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBt YW5hZ2VtZW50IHBsYW5lLCB3aGlsZSBTRE4gaXMgY29uc2lkZXJlZCBhcyB0aGUgY2VudHJhbGl6 YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUuIFRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJh dGUgY29tcG9uZW50LuKAnTwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0Qi PlJlZ2FyZGluZyB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMsIHllcywgdGhpcyBkcmFmdCBk b2VzbuKAmXQgc3BlY2lmeSB0aGUgcGFyYW1ldGVycy4NCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlRoZXJl 4oCZcyBhbm90aGVyIGRyYWZ0IGRyYWZ0LWlldGYtY2NhbXAtbXcteWFuZywgd2hlcmUgdGhlIHNl Y3VyaXR5IGNvbnNpZGVyYXRpb24gaXMgYWRkcmVzc2VkIGFzIHlvdSBzdWdnZXN0ZWQuDQo8L3Nw YW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJj b2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5CUiw8L3NwYW4+PG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdE Ij5BbXk8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5v bmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAw aW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4gRGFuaWVsZSBDZWNjYXJl bGxpIFs8YSBocmVmPSJtYWlsdG86ZGFuaWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbSIgdGFy Z2V0PSJfYmxhbmsiPm1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29tPC9hPl0N Cjxicj4NCjxiPlNlbnQ6PC9iPiBNb25kYXksIE1heSAwNywgMjAxOCA1OjQ2IFBNPGJyPg0KPGI+ VG86PC9iPiBSYWRpYSBQZXJsbWFuICZsdDs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdt YWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPnJhZGlhcGVybG1hbkBnbWFpbC5jb208L2E+Jmd0OzsN CjxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxs QHRvb2xzLmlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+DQpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jv d2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPC9hPjsgVGhlIElFU0cgJmx0OzxhIGhy ZWY9Im1haWx0bzppZXNnQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aWVzZ0BpZXRmLm9yZzwv YT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsi PnNlY2RpckBpZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUkU6IFNlY2RpciByZXZp ZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPkhpIFJhZGlh LDwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph dXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj5sZXQgbWUgcmVwbHkgb24gYmVoYWxmIG9mIHRoZSBhdXRob3JzLiBG aXJzdCBvZiBhbGwgbWFueSB0aGFua3MgZm9yIHlvdXIgcmV2aWV3LjxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+UmVnYXJkaW5nIHlvdXIgcXVlc3Rpb24gYWJvdXQgdHJhZGl0aW9uYWwgTk1T IHZzIFNETiBJIGFncmVlIHdpdGggeW91IG9uIHRoZSBmYWN0IHRoYXQgdGhleSBhcmUgZXZvbHZp bmcgdG93YXJkcyBhIGNvbW1vbiBjb21wb25lbnQgYW5kIHRoZSBkaXN0aW5jdGlvbiBpcyBxdWl0 ZSBibHVycnksIGJ1dCB0aGVyZQ0KIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3b3JrcyB3aGVyZSBO TVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24gb2YgdGhlIG1hbmFn ZW1lbnQgcGxhbmUgd2hpbGUgU0ROIHRoZSBjZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBw bGFuZSBhbmQgdGhleSBhcmUgc3RpbGwga2VwdCBhcyBzZXBhcmF0ZSB0aGluZ3MuPG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj5IZW5jZSwgc2luY2UgdGhlIGF1dGhvcnMgc3BlYWsgYWJvdXQg 4oCcdHJhZGl0aW9uYWzigJ0gTk1TIGFuZCBTRE4gSSB3b3VsZCB0ZW5kIHRvIGFsbG93IGZvciB0 aGUgZGlzdGluY3Rpb24gdG8gYmUga2VwdC4gSWYgeW91IHByZWZlciBhIG5vdGUgc3BlYWtpbmcg YWJvdXQgdGhlIGNvbnZlcmdlbmNlIG9mIHRoZSB0d28NCiB0aGluZ3MgY2FuIGJlIGFkZGVkLjxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhhbmtzIGEgbG90PG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPkRhbmllbGUmbmJzcDsgKGNjYW1wIGNvLWNoYWlyKTxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4N CjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUgMS41cHQ7cGFk ZGluZzowaW4gMGluIDBpbiA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7 Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4i Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4gUmFkaWEgUGVybG1hbiBbPGEg aHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdldD0iX2JsYW5rIj5tYWls dG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwvYT5dDQo8YnI+DQo8Yj5TZW50OjwvYj4gbHVuZWTD rCA3IG1hZ2dpbyAyMDE4IDA4OjU1PGJyPg0KPGI+VG86PC9iPiA8YSBocmVmPSJtYWlsdG86ZHJh ZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZyIgdGFy Z2V0PSJfYmxhbmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0 b29scy5pZXRmLm9yZzwvYT47IFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRm Lm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1h aWx0bzpzZWNkaXJAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+ PGJyPg0KPGI+U3ViamVjdDo8L2I+IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1t aWNyb3dhdmUtZnJhbWV3b3JrLTA1PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9v OnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPlNv cnJ5Li4ucmVzZW5kaW5nIGJlY2F1c2UgSSBtaXN0eXBlZCB0aGUgYXV0aG9yIGFkZHJlc3MuPC9z cGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4g bGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwv bzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bWFyZ2luLWJvdHRvbToxMi4wcHQiPjxzcGFuIGxhbmc9IklUIj4tLS0tLS0t LS0tIEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS08YnI+DQpGcm9tOiA8Yj5SYWRpYSBQZXJs bWFuPC9iPiAmbHQ7PGEgaHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdl dD0iX2JsYW5rIj5yYWRpYXBlcmxtYW5AZ21haWwuY29tPC9hPiZndDs8YnI+DQpEYXRlOiBTdW4s IE1heSA2LCAyMDE4IGF0IDExOjQ4IFBNPGJyPg0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBk cmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8YnI+DQpUbzogPGEgaHJlZj0i bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNS5hbGxAdG9vbHMu aWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZy YW1ld29yay0wNS5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+LCBUaGUgSUVTRyAmbHQ7PGEgaHJlZj0i bWFpbHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5pZXNnQGlldGYub3JnPC9hPiZn dDssDQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2Vj ZGlyQGlldGYub3JnPC9hPjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0iZm9udC1zaXplOjkuNXB0O2ZvbnQt ZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzIyMjIyMiI+U3VtbWFy eTombmJzcDsgTm8gc2VjdXJpdHkgaXNzdWVzIGZvdW5kLCBidXQgSSBkbyBoYXZlIHF1ZXN0aW9u cywgYW5kIHRoZXJlIGFyZSBlZGl0aW5nIGdsaXRjaGVzPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bh bj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj5JIGhhdmUgcmV2aWV3ZWQgdGhp cyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0ZSdzIG9uZ29pbmc8 YnI+DQplZmZvcnQgdG8mbmJzcDs8c3BhbiBjbGFzcz0ibS0yMDU4Nzk1NDgyMjk3MzczNjgxbS02 MTY2OTg1ODA0NjE1Mjc5MzY2bTQxMzEzNzY3MjgwMzExNjczMDZnbWFpbC1tOTAyNjM2ODgwMzcx Mzg2MzM0OWdtYWlsLW0tNTA1NzAxMDkxMjE1Nzc4MjUzNGdtYWlsLWlsIj5yZXZpZXc8L3NwYW4+ Jm5ic3A7YWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHByb2Nlc3NlZCBieSB0aGUgSUVTRy4mbmJz cDsgVGhlc2U8YnI+DQpjb21tZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVu ZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJlYTxicj4NCmRpcmVjdG9ycy4mbmJzcDsgRG9jdW1lbnQg ZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0PGJy Pg0KbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1lbnRzLjwvc3Bhbj48c3BhbiBsYW5nPSJJ VCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+ VGhpcyBkb2N1bWVudCBkZXNjcmliZXMgdGhlIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGZvciBtaWNy b3dhdmUgcmFkaW8gbGlua3MuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+SXQgYWR2b2NhdGVzIChjb3Jy ZWN0bHksIEkgYmVsaWV2ZSkgdGhhdCBzdWNoIGFuIGludGVyZmFjZSBzaG91bGQgYmUgZXh0ZW5z aWJsZSB0byBwcm92aWRlIGZvciB2ZW5kb3Itc3BlY2lmaWMgZmVhdHVyZXMuPC9zcGFuPjxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBs YW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+SSBkb24ndCB1bmRlcnN0YW5kIHRo ZSBkaWZmZXJlbmNlIGJldHdlZW4gYSAmcXVvdDthIHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdl bWVudCBzeXN0ZW0mcXVvdDsgYW5kIFNETi4mbmJzcDsgUGVyaGFwcyBpdCBpcyBub3QgdGhlIGpv YiBvZiB0aGlzIGRvY3VtZW50IHRvIGNsZWFybHkgbWFrZSB0aGUgZGlzdGluY3Rpb24sDQogYW5k IEkgc3VzcGVjdCB0aGVyZSBpcyBubyByZWFsIGRpc3RpbmN0aW9uLi4uc2V0dGluZyBwYXJhbWV0 ZXJzICh0cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQpIGlzIGEgd2F5IG9mICZxdW90O3By b2dyYW1taW5nJnF1b3Q7IGFuIGludGVyZmFjZSAoJnF1b3Q7U0ROJnF1b3Q7KS4mbmJzcDs8L3Nw YW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGlzIGRvY3VtZW50 IGNvdWxkIHVzZSBhbiBlZGl0aW5nIHBhc3MgZm9yIGdsaXRjaGVzLCBidXQgdGhlc2UgZ2xpdGNo ZXMgZG8gbm90IGltcGFjdCBpdHMgcmVhZGFiaWxpdHkuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5i c3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj48c3BhbiBsYW5nPSJJVCI+VGhlIGdsaXRjaGVzIGNvbnNpc3QmbmJzcDsgbW9zdGx5 IG9mIGxlYXZpbmcgb3V0IGxpdHRsZSB3b3JkcyBsaWtlICZxdW90O29mJnF1b3Q7IGluIHRoZSBm b2xsb3dpbmcgc2VudGVuY2UuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+JnF1b3Q7VGhlIGFkb3B0aW9u IG9mIGFuIFNETiBmcmFtZXdvcmsgZm9yIG1hbmFnZW1lbnQgYW5kPC9zcGFuPjxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJ VCI+Jm5ic3A7ICZuYnNwO2NvbnRyb2wgdGhlIG1pY3Jvd2F2ZSBpbnRlcmZhY2UgaXMgb25lIG9m IHRoZSBrZXkgYXBwbGljYXRpb25zIGZvcjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOyAmbmJz cDt0aGlzIHdvcmsuJnF1b3Q7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBs YW5nPSJJVCI+VGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHNheSB0aGF0IHRoZXkgYXNzdW1l IGEgc2VjdXJlIHRyYW5zcG9ydCBsYXllciAoYXV0aGVudGljYXRlZCwgcHJvYmFibHkgZW5jcnlw dGlvbiBpc24ndCBuZWNlc3NhcnkpIGZvciBjb21tdW5pY2F0aW9uLiZuYnNwOyBPdGhlciB0aGFu IHRoYXQsDQogcGVyaGFwcywgdGhlcmUgbWlnaHQgYmUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMg Zm9yIGluYWR2ZXJ0ZW50bHkgc2V0dGluZyBwYXJhbWV0ZXJzIGluY29ycmVjdGx5LCBvciBtYWxp Y2lvdXNseSBieSBhIHRydXN0ZWQgYWRtaW5pc3RyYXRvci4mbmJzcDsgQnV0IHRoaXMgZG9jdW1l bnQgZG9lcyBub3Qgc3BlY2lmeSB0aGUgc3BlY2lmaWMgcGFyYW1ldGVycyB0byBiZSBtYW5hZ2Vk LCBqdXN0IGEgZ2VuZXJhbCBmcmFtZXdvcmsuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImNv bG9yOiM4ODg4ODgiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJjb2xvcjojODg4 ODg4Ij5SYWRpYTwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIiBzdHlsZT0iY29sb3I6Izg4ODg4 OCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3Nw YW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2 Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwv ZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4N Cg== --_000_48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2eusaamb107erics_-- From nobody Mon May 21 19:52:16 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2451120724; Mon, 21 May 2018 19:52:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZNi2JGQBLnSG; Mon, 21 May 2018 19:51:51 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFB36120047; Mon, 21 May 2018 19:51:50 -0700 (PDT) Received: from lhreml708-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 05EB5C34DBE6B; Tue, 22 May 2018 03:51:44 +0100 (IST) Received: from DGGEMA405-HUB.china.huawei.com (10.3.20.46) by lhreml708-cah.china.huawei.com (10.201.108.49) with Microsoft SMTP Server (TLS) id 14.3.382.0; Tue, 22 May 2018 03:51:44 +0100 Received: from DGGEMA501-MBX.china.huawei.com ([169.254.1.56]) by DGGEMA405-HUB.china.huawei.com ([10.3.20.46]) with mapi id 14.03.0382.000; Tue, 22 May 2018 10:51:41 +0800 From: "Yemin (Amy)" To: Eric Gray , Radia Perlman , "BRUNGARD, DEBORAH A" CC: The IESG , "ccamp@ietf.org" , "secdir@ietf.org" , "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" Thread-Topic: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05 Thread-Index: AQHT5dBO/5ALFr14fkSUuJDxnAyomKQjfqkAgAUccQCADDFO8P//o5aAgAELkwCAAgmmgIAClBaAgAEGIWA= Date: Tue, 22 May 2018 02:51:40 +0000 Message-ID: <9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0A@DGGEMA501-MBX.china.huawei.com> References: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se> <48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2@eusaamb107.ericsson.se> In-Reply-To: <48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2@eusaamb107.ericsson.se> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.169.30.234] Content-Type: multipart/alternative; boundary="_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0ADGGEMA501MBXchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [secdir] [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2018 02:52:02 -0000 --_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0ADGGEMA501MBXchi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgRXJpYywgUmFkaWEsIGFuZCBEZWJvcmFoLA0KDQpUaGFua3MgZm9yIHRoZSBkaXNjdXNzaW9u LiBDb25zaWRlcmluZyBhbGwgdGhlIGNvbW1lbnRzIHJlY2VpdmVkLCBiZWxvdyBpcyB0aGUgbmV3 IHByb3Bvc2VkIHRleHQgZm9yIHRoaXMgcGFyYWdyYXBoOg0KDQogICBUaGlzIGZyYW1ld29yayBh ZGRyZXNzZXMgdGhlIGRlZmluaXRpb24gb2YgYW4gb3BlbiBhbmQgc3RhbmRhcmRpemVkIGludGVy ZmFjZSBmb3IgdGhlDQogICByYWRpbyBsaW5rIGZ1bmN0aW9uYWxpdHkgaW4gYSBtaWNyb3dhdmUg bm9kZS4gIFRoZSBhcHBsaWNhdGlvbiBvZiBzdWNoIGFuIGludGVyZmFjZSB1c2VkDQogICBmb3Ig bWFuYWdlbWVudCBhbmQgY29udHJvbCBvZiBub2RlcyBhbmQgbmV0d29ya3MgdHlwaWNhbGx5IHZh cnkgZnJvbSBvbmUgb3BlcmF0b3INCiAgIHRvIGFub3RoZXIsIGluIHRlcm1zIG9mIHRoZSBzeXN0 ZW1zIHVzZWQgYW5kIGhvdyB0aGV5IGludGVyYWN0LiBQb3NzaWJsZSBhcHByb2FjaGVzDQogICBp bmNsdWRlIHZpYSB0aGUgdXNlIG9mIGEgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSAoTk1TKSwg dmlhIHNvZnR3YXJlIGRlZmluZWQNCiAgIG5ldHdvcmtpbmcgKFNETikgYW5kIHZpYSBzb21lIGNv bWJpbmF0aW9uIG9mIE5NUyBhbmQgU0ROLiBBcyB0aGVyZSBhcmUgc3RpbGwgbWFueQ0KICAgbmV0 d29ya3Mgd2hlcmUgdGhlIE5NUyBpcyBpbXBsZW1lbnRlZCBhcyBvbmUgY29tcG9uZW50L2ludGVy ZmFjZSBhbmQgdGhlIFNETg0KICAgY29udHJvbGxlciBpcyBzY29wZWQgdG8gY29udHJvbCBwbGFu ZSBmdW5jdGlvbmFsaXR5IGFzIGEgc2VwYXJhdGUgY29tcG9uZW50L2ludGVyZmFjZSwNCiAgIHRo aXMgZG9jdW1lbnQgZG9lcyBub3QgcHJlY2x1ZGUgZWl0aGVyIG1vZGVsLiBUaGUgYWltIG9mIHRo aXMgZG9jdW1lbnQgaXMgdG8gcHJvdmlkZSBhDQogICBmcmFtZXdvcmsgZGVzY3JpYmluZyBib3Ro IG1hbmFnZW1lbnQgYW5kIGNvbnRyb2wgb2YgbWljcm93YXZlIGludGVyZmFjZXMgdG8gc3VwcG9y dA0KICAgZGV2ZWxvcG1lbnQgb2YgYSBjb21tb24gWUFORyBEYXRhIE1vZGVsLg0KDQpQbGVhc2Ug Y2hlY2sgaWYgdGhlIHRleHQgaXMgb2suDQpUaGFua3MuDQoNCkJSLA0KQW15DQpGcm9tOiBFcmlj IEdyYXkgW21haWx0bzplcmljLmdyYXlAZXJpY3Nzb24uY29tXQ0KU2VudDogVHVlc2RheSwgTWF5 IDIyLCAyMDE4IDI6NTcgQU0NClRvOiBSYWRpYSBQZXJsbWFuIDxyYWRpYXBlcmxtYW5AZ21haWwu Y29tPg0KQ2M6IFllbWluIChBbXkpIDxhbXkueWVtaW5AaHVhd2VpLmNvbT47IFRoZSBJRVNHIDxp ZXNnQGlldGYub3JnPjsgY2NhbXBAaWV0Zi5vcmc7IHNlY2RpckBpZXRmLm9yZzsgZHJhZnQtaWV0 Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZw0KU3ViamVjdDog UkU6IFtDQ0FNUF0gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1m cmFtZXdvcmstMDUNCg0KU28sIG9uZSBjb3VsZCByZWFkIHRoaXMgYXMgc2F5aW5nIHRoYXQgc29t ZSBwZW9wbGUgdmlldyBuZXR3b3JrIG1hbmFnZW1lbnQgKGUuZy4g4oCTIHVzZSBvZiBhbiBOTVMp IGFuZCBjZW50cmFsaXplZCBuZXR3b3JrIGNvbnRyb2wgKGUuZy4g4oCTIFNETikgYXMgYmVpbmcg c29tZWhvdyBhdCBsZWFzdCBtYXJnaW5hbGx5IGRpc3RpbmN0LCB5ZXQgYmVjb21pbmcgaW5jcmVh c2luZ2x5IGxlc3Mgc28uICBPdGhlciBwZW9wbGUgdmlldyB0aGVtIGFzIGNvbXBsZXRlbHkgZGlz am9pbnQsIHBlcmhhcHMgaGF2aW5nIGEgcHJlZmVyZW5jZSwgYW5kIHdvdWxkIGxpa2UgdGhlbSB0 byBjb250aW51ZSBiZWluZyBjb25zaWRlcmVkIGNvbXBsZXRlbHkgc2VwYXJhdGUgYW5kIGRpc3Rp bmN0IGNvbmNlcHRzLg0KDQpXaGlsZSBJIHRoaW5rIGl0IGlzIHByb2JhYmx5IGZhaXIgdG8gc2F5 IHRoYXQgdGhpcyBpcyB2ZXJ5IGxpa2VseSB0cnVlLCB0aGlzIGhhcyBhbGwgdGhlIGVhciBtYXJr cyBvZiBiZWluZyBhIHJhdCBob2xlLCBhbmQgSSBjYW5ub3QgaW1hZ2luZSB3aGF0IHZhbHVlIHRo ZSBwcm9wb3NlZCB0ZXh0IGFkZHMgdG8gdGhlIGRyYWZ0Lg0KDQpBcyBJIHVuZGVyc3RhbmQgaXQs IHRoZSBpbnRlbnQgd2FzIHRvIGNsYXJpZnkgc29tZXRoaW5nIHRvIGRvIHdpdGggdGhlIGZvbGxv d2luZyB0ZXh0Og0KDQoNCiAgIFRoaXMgZnJhbWV3b3JrIGFkZHJlc3NlcyB0aGUgZGVmaW5pdGlv biBvZiBhbiBvcGVuIGFuZCBzdGFuZGFyZGl6ZWQNCiAgIGludGVyZmFjZSBmb3IgdGhlIHJhZGlv IGxpbmsgZnVuY3Rpb25hbGl0eSBpbiBhIG1pY3Jvd2F2ZSBub2RlLiAgVGhlDQogICBhcHBsaWNh dGlvbiBvZiBzdWNoIGFuIGludGVyZmFjZSB1c2VkIGZvciBtYW5hZ2VtZW50IGFuZCBjb250cm9s IG9mDQogICBub2RlcyBhbmQgbmV0d29ya3MgdHlwaWNhbGx5IHZhcnkgZnJvbSBvbmUgb3BlcmF0 b3IgdG8gYW5vdGhlciwgaW4NCiAgIHRlcm1zIG9mIHRoZSBzeXN0ZW1zIHVzZWQgYW5kIGhvdyB0 aGV5IGludGVyYWN0LiAgQSB0cmFkaXRpb25hbA0KICAgc29sdXRpb24gaXMgbmV0d29yayBtYW5h Z2VtZW50IHN5c3RlbSwgd2hpbGUgYW4gZW1lcmdpbmcgb25lIGlzIFNETi4NCiAgIFNETiBzb2x1 dGlvbnMgY2FuIGJlIHVzZWQgYXMgcGFydCBvZiB0aGUgbmV0d29yayBtYW5hZ2VtZW50IHN5c3Rl bSwNCiAgIGFsbG93aW5nIGZvciBkaXJlY3QgbmV0d29yayBwcm9ncmFtbWFiaWxpdHkgYW5kIGF1 dG9tYXRlZA0KICAgY29uZmlndXJhYmlsaXR5IGJ5IG1lYW5zIG9mIGEgY2VudHJhbGl6ZWQgU0RO IGNvbnRyb2wgYW5kDQogICBzdGFuZGFyZGl6ZWQgaW50ZXJmYWNlcyB0byBwcm9ncmFtIHRoZSBu b2Rlcy4NCg0KWW91ciBjb21tZW50IHdhcyB0aGF0IHRoZSBkaXN0aW5jdGlvbiBpcyBub3QgY2xl YXIuICBUaGF0IGlzIGEgZmFpciBwb2ludC4gIEFuZCBpdCBpcyBwcm9iYWJseSBub3QgYWRkcmVz c2VkIGJ5IHRoZSBwcm9wb3NhbC4NCg0KSSB3b3VsZCBmdXJ0aGVyIGFkZCB0aGF0IHVzaW5nIGVt b3Rpb25hbGx5IGZyZWlnaHRlZCBleHByZXNzaW9ucyAo4oCcY2xhc3NpY+KAnS/igJ1sZWdhY3ni gJ0v4oCddHJhZGl0aW9uYWzigJ0gdmVyc2VzIOKAnGlubm92YXRpdmXigJ0v4oCdbm92ZWzigJ0v 4oCdZW1lcmdpbmfigJ0pIGRvZXNu4oCZdCBoZWxwIGFuZCByZWFsbHkgaXNu4oCZdCBhcHByb3By aWF0ZSBpbiBzcGVjaWZpY2F0aW9uLg0KDQpJIHN1c3BlY3QgdGhhdCB0aGUgcmVhc29uIGZvciBj bGFpbWluZyBhIGRpc3RpbmN0aW9uIGV4aXN0cyAoaG93ZXZlciBkaWZmaWN1bHQgaXQgbWF5IGJl IHRvIGNoYXJhY3Rlcml6ZSB0aGF0IGRpc3RpbmN0aW9uKSBpcyBpbiB0aGUgcGFydCBvZiB0aGUg YWJvdmUgdGV4dCBoYXZpbmcgdG8gZG8gd2l0aCBvcGVyYXRvciBwcmVmZXJlbmNlcy4gIFRoZXNl IGRlZmluaXRlbHkgZG8gZXhpc3QuICDwn5iKDQoNClBlcmhhcHMgYSBnb29kIHdheSB0byBhZGRy ZXNzIHRoZSBpc3N1ZSBpcyB0byByZXBsYWNlIHRoZSBsYXN0IHR3byBzZW50ZW5jZXMgaW4gdGhl IHRleHQgYWJvdmUgd2l0aCBzb21ldGhpbmcgYWxvbmcgdGhlIGxpbmVzIG9mOg0KDQogICAg4oCc UG9zc2libGUgYXBwcm9hY2hlcyBpbmNsdWRlIHZpYSB0aGUgdXNlIG9mIGEgbmV0d29yayBtYW5h Z2VtZW50IHN5c3RlbSAoTk1TKSwgdmlhIHNvZnR3YXJlIGRlZmluZWQgbmV0d29ya2luZyAoU0RO KSBhbmQgdmlhIHNvbWUgY29tYmluYXRpb24gb2YgTk1TIGFuZCBTRE4u4oCdDQoNCk5vdGUgdGhh dCDigJxhdXRvbWF0ZWQgY29uZmlndXJhYmlsaXR54oCdIGlzIG5vdCBhIG5ldyBjb25jZXB0IGlu IGNvbmZpZ3VyYXRpb24gb2YgbmV0d29yayBkZXZpY2VzLCB1bmlxdWUgdG8gU0ROLCBoZW5jZSB0 aGUgbGFzdCBwYXJ0IG9mIHRoZSBmaW5hbCBzZW50ZW5jZSAoc3RhcnRpbmcgd2l0aCDigJxhbGxv d2luZyBmb3Ig4oCm4oCdKSBhZGRzIG5vIHZhbHVlIGFuZCBzaG91bGQgYmUgbGVmdCBvdXQuDQoN Ci0tDQpFcmljDQoNCkZyb206IFJhZGlhIFBlcmxtYW4gW21haWx0bzpyYWRpYXBlcmxtYW5AZ21h aWwuY29tXQ0KU2VudDogU2F0dXJkYXksIE1heSAxOSwgMjAxOCAxMTozNSBQTQ0KVG86IEVyaWMg R3JheSA8ZXJpYy5ncmF5QGVyaWNzc29uLmNvbTxtYWlsdG86ZXJpYy5ncmF5QGVyaWNzc29uLmNv bT4+DQpDYzogWWVtaW4gKEFteSkgPGFteS55ZW1pbkBodWF3ZWkuY29tPG1haWx0bzphbXkueWVt aW5AaHVhd2VpLmNvbT4+OyBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRm Lm9yZz4+OyBjY2FtcEBpZXRmLm9yZzxtYWlsdG86Y2NhbXBAaWV0Zi5vcmc+OyBzZWNkaXJAaWV0 Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz47IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZl LWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWlj cm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc+DQpTdWJqZWN0OiBSZTogW0NDQU1Q XSBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0w NQ0KSW1wb3J0YW5jZTogSGlnaA0KDQpIaSBFcmljLA0KDQpJIGZlZWwgYmFkIGZvciB0aGUgYXV0 aG9ycyBvZiB0aGlzIGRvY3VtZW50IHRvIGJlIGJ1cmRlbmVkIHdpdGggY2xhcmlmeWluZyBhIGRp c3RpbmN0aW9uIHRoYXQgaGFzIG5ldmVyIGJlZW4gY2xlYXIgYmVmb3JlICh0byBsb3RzIG9mIHBl b3BsZSwgaW5jbHVkaW5nIG1lKSwgIGJ1dCB0aGVpciBwcm9wb3NlZCB0ZXh0IGRvZXNuJ3QgbWFr ZSBpdCBjbGVhcmVyLg0KDQoiIOKAnEl0J3Mgbm90ZWQgdGhhdCB0aGVyZSdzIGlkZWEgdGhhdCB0 aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBjb21wb25lbnQsIGFuZCB0aGUg ZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZhZ3VlLiBBbm90aGVyIGZhY3QgaXMg dGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxs IGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5l LCB3aGlsZSBTRE4gaXMgY29uc2lkZXJlZCBhcyB0aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNv bnRyb2wgcGxhbmUuIFRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgY29tcG9uZW50Ig0K DQogRG8geW91IChvciBhbnlvbmUgZWxzZSkgaGF2ZSBhIHN1Z2dlc3Rpb24gZm9yIHRleHQgdGhh dCBhY2tub3dsZWRnZXMgdG8gdGhlIHJlYWRlciB0aGF0IGl0J3Mgbm90IHRoZSByZWFkZXIncyBm YXVsdCBmb3Igbm90IHVuZGVyc3RhbmRpbmcgdGhlIGRpZmZlcmVuY2U/DQoNCkl0IHdvdWxkIGJl IE9LIHdpdGggbWUgZm9yIHRoZW0gdG8gbGVhdmUgb3V0ICB0aGUgZXh0cmEgZW50aXJlbHksIHNp bmNlIEknbSBzdXJlIHRoaXMgaXNuJ3QgdGhlIGZpcnN0IFJGQyB3aG9zZSB2ZXJiaWFnZSBjbGFp bXMgU0ROIGFuZCBOTVMgYXJlIHR3byBkaWZmZXJlbnQgY29uY2VwdHMuIEJ1dCBpZiBJIHdlcmUg dHJ5aW5nIHRvIGdldCB1cCB0byBzcGVlZCBhYm91dCB0aGlzIGFyZWEgYnkgcmVhZGluZyB0aGUg ZG9jdW1lbnRzLCBJJ2QgYmUgc29tZXdoYXQgY29tZm9ydGVkIGJ5IGFuIGFja25vd2xlZGdlbWVu dCAoc3VjaCBhcyB0aGUgdGV4dCB0aGV5IHByb3Bvc2UsIGJ1dCB3aXRoIHRoZSBFbmdsaXNoIGZp eGVkKSB0aGF0IHRoZXNlIGFyZSBmdXp6eSBkaXN0aW5jdGlvbnMsIHNvIEkgd291bGRuJ3QgdGhp bmsgaXQgd2FzIGp1c3QgbWUuLi4udGhhdCBpZiBJIG9ubHkgcmVhZCBtb3JlIHRoaW5ncywgb3Ig dGhvdWdodCBoYXJkZXIsIG9yIGhhZCBtb3JlIGJhY2tncm91bmQsIHRoZSBkaXN0aW5jdGlvbiB3 b3VsZCBiZSBjbGVhci4NCg0KUmFkaWENCg0KDQoNCg0KT24gRnJpLCBNYXkgMTgsIDIwMTggYXQg MToyNyBQTSwgRXJpYyBHcmF5IDxlcmljLmdyYXlAZXJpY3Nzb24uY29tPG1haWx0bzplcmljLmdy YXlAZXJpY3Nzb24uY29tPj4gd3JvdGU6DQpIaSBSYWRpYS4NCg0KSSBhZ3JlZSB0aGF0IHRoZSBF bmdsaXNoIGlzIGF3a3dhcmQsIGJ1dCBJIHdvdWxkIGhhdmUgaW50ZXJwcmV0ZWQg4oCcZXZvbHZp bmcgdG93YXJkIGEgY29tcG9uZW504oCdIHRvIG1lYW4gc29tZXRoaW5nIG1vcmUgYWxvbmcgdGhl IGxpbmVzIG9mIGV2b2x2aW5nIHRvd2FyZCB0aGUgc2FtZSAoc2luZ3VsYXIpIHRoaW5nLiAgT3Ig cGVyaGFwcyBhbm90aGVyIHdheSB0byBsb29rIGF0IGl0IG1pZ2h0IGJlIHRoYXQsIGJlY2F1c2Ug WUFORyBpcyBiZWNvbWluZyBhIG1vcmUgcG9wdWxhciBtZWNoYW5pc20gZm9yIGJvdGggTk1TIGFu ZCBTRE4sIGl0IGlzIGxpa2VseSB0aGF0IG9uZSBvciBib3RoIG9mIHRoZXNlIG1heSBiZWNvbWUg Y29tcG9uZW50cyBvZiBhIGNvbW1vbiBtYW5hZ2VtZW50IGZyYW1ld29yay4NCg0KSSB3b3VsZCBp bnRlcnByZXQgaXQgdGhpcyB3YXkgcHJlY2lzZWx5IGJlY2F1c2Ug4oCTIGFzIHlvdSBzYXkg4oCT IHRoZSBkaXN0aW5jdGlvbiBpcyBub3QgYXQgYWxsIGNsZWFyLCB0aG91Z2ggSSB3b3VsZCBhZGQg dGhhdCAodG8gc29tZSBvZiB1cykgdGhlIGRpc3RpbmN0aW9uIGhhcyBuZXZlciBiZWVuIHZlcnkg Y2xlYXIuICDwn5iKDQoNCkZvciB0aGlzIHJlYXNvbiwgSSB3b3VsZCBoYXZlIHNvbWUgc21hbGwg ZGlmZmljdWx0eSBpbiBzZWVpbmcgaG93IGl0IHdvdWxkIG1ha2UgbXVjaCBzZW5zZSB0byBzYXkg dGhhdCB0aGV5IGFyZSBldm9sdmluZyB0b3dhcmQgaW5jcmVhc2luZyBzaW1pbGFyaXR5Lg0KDQot LQ0KRXJpYw0KDQpGcm9tOiBDQ0FNUCBbbWFpbHRvOmNjYW1wLWJvdW5jZXNAaWV0Zi5vcmc8bWFp bHRvOmNjYW1wLWJvdW5jZXNAaWV0Zi5vcmc+XSBPbiBCZWhhbGYgT2YgUmFkaWEgUGVybG1hbg0K U2VudDogRnJpZGF5LCBNYXkgMTgsIDIwMTggMTI6MzAgQU0NClRvOiBZZW1pbiAoQW15KSA8YW15 LnllbWluQGh1YXdlaS5jb208bWFpbHRvOmFteS55ZW1pbkBodWF3ZWkuY29tPj4NCkNjOiBUaGUg SUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+OyBjY2FtcEBpZXRmLm9y ZzxtYWlsdG86Y2NhbXBAaWV0Zi5vcmc+OyBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBp ZXRmLm9yZz47IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMu aWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxA dG9vbHMuaWV0Zi5vcmc+DQpTdWJqZWN0OiBSZTogW0NDQU1QXSBTZWNkaXIgcmV2aWV3IG9mIGRy YWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNQ0KDQpUaGFuayB5b3UhICBUaG91 Z2ggd2hhdCB5b3UncmUgc3VnZ2VzdGluZyBpcyBhd2t3YXJkIEVuZ2xpc2guDQoNClBlcmhhcHMg IldlIG5vdGUgdGhhdCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiBOTVMgYW5kIFNETiBpcyBub3Qg YWxsIHRoYXQgY2xlYXIsIGFuZCB0aGUgdHdvIGFyZSBldm9sdmluZyB0byBiZSBtb3JlIGFuZCBt b3JlIHNpbWlsYXIuIiBjb3VsZCByZXBsYWNlIHRoZSBmaXJzdCBzZW50ZW5jZS4gIEknbSByZWFs bHkgbm90IHN1cmUgd2hhdCB5b3UgbWVhbnQgYnkgImV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVu dCIsIHNvIHBlcmhhcHMgSSdtIG5vdCBjYXB0dXJpbmcgd2hhdCB5b3UgYXJlIGludGVuZGluZyB0 byBzYXkuDQoNCg0KUmFkaWENCg0KT24gVGh1LCBNYXkgMTcsIDIwMTggYXQgNzowMyBQTSwgWWVt aW4gKEFteSkgPGFteS55ZW1pbkBodWF3ZWkuY29tPG1haWx0bzphbXkueWVtaW5AaHVhd2VpLmNv bT4+IHdyb3RlOg0KSGkgUmFkaWEsDQoNCldlIGp1c3QgdXBkYXRlZCB0aGUgZHJhZnQsIGh0dHBz Oi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZy YW1ld29yay8uDQpZb3VyIGNvbW1lbnRzIGFyZSBhZGRyZXNzZWQgaW4gdGhlIGxhdGVzdCB2ZXJz aW9uLg0KDQpCUiwNCkFteQ0KRnJvbTogWWVtaW4gKEFteSkNClNlbnQ6IFRodXJzZGF5LCBNYXkg MTAsIDIwMTggNDowNyBQTQ0KVG86ICdEYW5pZWxlIENlY2NhcmVsbGknIDxkYW5pZWxlLmNlY2Nh cmVsbGlAZXJpY3Nzb24uY29tPG1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24uY29t Pj47IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVybG1hbkBnbWFpbC5jb208bWFpbHRvOnJhZGlhcGVy bG1hbkBnbWFpbC5jb20+PjsgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFs bEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3 b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPG1haWx0bzpp ZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0K U3ViamVjdDogUkU6IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUt ZnJhbWV3b3JrLTA1DQoNCkhpIFJhZGlhLA0KDQpUaGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KDQpS ZWdhcmRpbmcgdGhlIE5NUyBhbmQgU0ROLCBhcyBEYW5pZWxlIHN1Z2dlc3RlZCwgd2Ugd2lsbCBh ZGQgdGhlIGZvbGxvd2luZyB0ZXh0IGluIHNlY3Rpb24gMzoNCuKAnEl0J3Mgbm90ZWQgdGhhdCB0 aGVyZSdzIGlkZWEgdGhhdCB0aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMgYSBj b21wb25lbnQsIGFuZCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZhZ3Vl LiBBbm90aGVyIGZhY3QgaXMgdGhhdCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mg d2hlcmUgTk1TIGlzIHN0aWxsIGNvbnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRo ZSBtYW5hZ2VtZW50IHBsYW5lLCB3aGlsZSBTRE4gaXMgY29uc2lkZXJlZCBhcyB0aGUgY2VudHJh bGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUuIFRoZXkgYXJlIHN0aWxsIGtlcHQgYXMgc2Vw YXJhdGUgY29tcG9uZW50LuKAnQ0KDQpSZWdhcmRpbmcgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRp b25zLCB5ZXMsIHRoaXMgZHJhZnQgZG9lc27igJl0IHNwZWNpZnkgdGhlIHBhcmFtZXRlcnMuDQpU aGVyZeKAmXMgYW5vdGhlciBkcmFmdCBkcmFmdC1pZXRmLWNjYW1wLW13LXlhbmcsIHdoZXJlIHRo ZSBzZWN1cml0eSBjb25zaWRlcmF0aW9uIGlzIGFkZHJlc3NlZCBhcyB5b3Ugc3VnZ2VzdGVkLg0K DQpCUiwNCkFteQ0KRnJvbTogRGFuaWVsZSBDZWNjYXJlbGxpIFttYWlsdG86ZGFuaWVsZS5jZWNj YXJlbGxpQGVyaWNzc29uLmNvbV0NClNlbnQ6IE1vbmRheSwgTWF5IDA3LCAyMDE4IDU6NDYgUE0N ClRvOiBSYWRpYSBQZXJsbWFuIDxyYWRpYXBlcmxtYW5AZ21haWwuY29tPG1haWx0bzpyYWRpYXBl cmxtYW5AZ21haWwuY29tPj47IGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay5h bGxAdG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l d29yay5hbGxAdG9vbHMuaWV0Zi5vcmc+OyBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86 aWVzZ0BpZXRmLm9yZz4+OyBzZWNkaXJAaWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4N ClN1YmplY3Q6IFJFOiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZl LWZyYW1ld29yay0wNQ0KDQpIaSBSYWRpYSwNCg0KbGV0IG1lIHJlcGx5IG9uIGJlaGFsZiBvZiB0 aGUgYXV0aG9ycy4gRmlyc3Qgb2YgYWxsIG1hbnkgdGhhbmtzIGZvciB5b3VyIHJldmlldy4NCg0K UmVnYXJkaW5nIHlvdXIgcXVlc3Rpb24gYWJvdXQgdHJhZGl0aW9uYWwgTk1TIHZzIFNETiBJIGFn cmVlIHdpdGggeW91IG9uIHRoZSBmYWN0IHRoYXQgdGhleSBhcmUgZXZvbHZpbmcgdG93YXJkcyBh IGNvbW1vbiBjb21wb25lbnQgYW5kIHRoZSBkaXN0aW5jdGlvbiBpcyBxdWl0ZSBibHVycnksIGJ1 dCB0aGVyZSBpcyBzdGlsbCBwbGVudHkgb2YgbmV0d29ya3Mgd2hlcmUgTk1TIGlzIHN0aWxsIGNv bnNpZGVyZWQgYXMgdGhlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBtYW5hZ2VtZW50IHBsYW5lIHdo aWxlIFNETiB0aGUgY2VudHJhbGl6YXRpb24gb2YgdGhlIGNvbnRyb2wgcGxhbmUgYW5kIHRoZXkg YXJlIHN0aWxsIGtlcHQgYXMgc2VwYXJhdGUgdGhpbmdzLg0KDQpIZW5jZSwgc2luY2UgdGhlIGF1 dGhvcnMgc3BlYWsgYWJvdXQg4oCcdHJhZGl0aW9uYWzigJ0gTk1TIGFuZCBTRE4gSSB3b3VsZCB0 ZW5kIHRvIGFsbG93IGZvciB0aGUgZGlzdGluY3Rpb24gdG8gYmUga2VwdC4gSWYgeW91IHByZWZl ciBhIG5vdGUgc3BlYWtpbmcgYWJvdXQgdGhlIGNvbnZlcmdlbmNlIG9mIHRoZSB0d28gdGhpbmdz IGNhbiBiZSBhZGRlZC4NCg0KVGhhbmtzIGEgbG90DQpEYW5pZWxlICAoY2NhbXAgY28tY2hhaXIp DQoNCkZyb206IFJhZGlhIFBlcmxtYW4gW21haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tXQ0K U2VudDogbHVuZWTDrCA3IG1hZ2dpbyAyMDE4IDA4OjU1DQpUbzogZHJhZnQtaWV0Zi1jY2FtcC1t aWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1j Y2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZz47IFRoZSBJRVNHIDxp ZXNnQGlldGYub3JnPG1haWx0bzppZXNnQGlldGYub3JnPj47IHNlY2RpckBpZXRmLm9yZzxtYWls dG86c2VjZGlyQGlldGYub3JnPg0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRm LWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNCg0KU29ycnkuLi5yZXNlbmRpbmcgYmVjYXVz ZSBJIG1pc3R5cGVkIHRoZSBhdXRob3IgYWRkcmVzcy4NCg0KDQotLS0tLS0tLS0tIEZvcndhcmRl ZCBtZXNzYWdlIC0tLS0tLS0tLS0NCkZyb206IFJhZGlhIFBlcmxtYW4gPHJhZGlhcGVybG1hbkBn bWFpbC5jb208bWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20+Pg0KRGF0ZTogU3VuLCBNYXkg NiwgMjAxOCBhdCAxMTo0OCBQTQ0KU3ViamVjdDogU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRm LWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUNClRvOiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jv d2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xzLmlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLWNj YW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDUuYWxsQHRvb2xzLmlldGYub3JnPiwgVGhlIElFU0cg PGllc2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+Piwgc2VjZGlyQGlldGYub3JnPG1h aWx0bzpzZWNkaXJAaWV0Zi5vcmc+DQpTdW1tYXJ5OiAgTm8gc2VjdXJpdHkgaXNzdWVzIGZvdW5k LCBidXQgSSBkbyBoYXZlIHF1ZXN0aW9ucywgYW5kIHRoZXJlIGFyZSBlZGl0aW5nIGdsaXRjaGVz DQoNCkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5 IGRpcmVjdG9yYXRlJ3Mgb25nb2luZw0KZWZmb3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVu dHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiAgVGhlc2UNCmNvbW1lbnRzIHdlcmUgd3Jp dHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBhcmVhDQpkaXJl Y3RvcnMuICBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0IHRoZXNl IGNvbW1lbnRzIGp1c3QNCmxpa2UgYW55IG90aGVyIGxhc3QgY2FsbCBjb21tZW50cy4NCg0KVGhp cyBkb2N1bWVudCBkZXNjcmliZXMgdGhlIG1hbmFnZW1lbnQgaW50ZXJmYWNlIGZvciBtaWNyb3dh dmUgcmFkaW8gbGlua3MuDQpJdCBhZHZvY2F0ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0 IHN1Y2ggYW4gaW50ZXJmYWNlIHNob3VsZCBiZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZl bmRvci1zcGVjaWZpYyBmZWF0dXJlcy4NCg0KSSBkb24ndCB1bmRlcnN0YW5kIHRoZSBkaWZmZXJl bmNlIGJldHdlZW4gYSAiYSB0cmFkaXRpb25hbCBuZXR3b3JrIG1hbmFnZW1lbnQgc3lzdGVtIiBh bmQgU0ROLiAgUGVyaGFwcyBpdCBpcyBub3QgdGhlIGpvYiBvZiB0aGlzIGRvY3VtZW50IHRvIGNs ZWFybHkgbWFrZSB0aGUgZGlzdGluY3Rpb24sIGFuZCBJIHN1c3BlY3QgdGhlcmUgaXMgbm8gcmVh bCBkaXN0aW5jdGlvbi4uLnNldHRpbmcgcGFyYW1ldGVycyAodHJhZGl0aW9uYWwgbmV0d29yayBt YW5hZ2VtZW50KSBpcyBhIHdheSBvZiAicHJvZ3JhbW1pbmciIGFuIGludGVyZmFjZSAoIlNETiIp Lg0KDQpUaGlzIGRvY3VtZW50IGNvdWxkIHVzZSBhbiBlZGl0aW5nIHBhc3MgZm9yIGdsaXRjaGVz LCBidXQgdGhlc2UgZ2xpdGNoZXMgZG8gbm90IGltcGFjdCBpdHMgcmVhZGFiaWxpdHkuDQoNClRo ZSBnbGl0Y2hlcyBjb25zaXN0ICBtb3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxp a2UgIm9mIiBpbiB0aGUgZm9sbG93aW5nIHNlbnRlbmNlLg0KIlRoZSBhZG9wdGlvbiBvZiBhbiBT RE4gZnJhbWV3b3JrIGZvciBtYW5hZ2VtZW50IGFuZA0KICAgY29udHJvbCB0aGUgbWljcm93YXZl IGludGVyZmFjZSBpcyBvbmUgb2YgdGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yDQogICB0aGlzIHdv cmsuIg0KDQpUaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2F5IHRoYXQgdGhleSBhc3N1bWUg YSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChhdXRoZW50aWNhdGVkLCBwcm9iYWJseSBlbmNyeXB0 aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNvbW11bmljYXRpb24uICBPdGhlciB0aGFuIHRoYXQs IHBlcmhhcHMsIHRoZXJlIG1pZ2h0IGJlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGZvciBpbmFk dmVydGVudGx5IHNldHRpbmcgcGFyYW1ldGVycyBpbmNvcnJlY3RseSwgb3IgbWFsaWNpb3VzbHkg YnkgYSB0cnVzdGVkIGFkbWluaXN0cmF0b3IuICBCdXQgdGhpcyBkb2N1bWVudCBkb2VzIG5vdCBz cGVjaWZ5IHRoZSBzcGVjaWZpYyBwYXJhbWV0ZXJzIHRvIGJlIG1hbmFnZWQsIGp1c3QgYSBnZW5l cmFsIGZyYW1ld29yay4NCg0KUmFkaWENCg0KDQoNCg0K --_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0ADGGEMA501MBXchi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 Q291cmllcjsNCglwYW5vc2UtMToyIDcgNCA5IDIgMiA1IDIgNCA0O30NCkBmb250LWZhY2UNCgl7 Zm9udC1mYW1pbHk65a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZv bnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAz IDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5v c2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJc QOWui+S9kyI7DQoJcGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQpAZm9udC1mYWNlDQoJ e2ZvbnQtZmFtaWx5OkNvbnNvbGFzOw0KCXBhbm9zZS0xOjIgMTEgNiA5IDIgMiA0IDMgMiA0O30N Ci8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYu TXNvTm9ybWFsDQoJe21hcmdpbjowY207DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5r LCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1 ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBl cmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0K CXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcHJlDQoJe21zby1zdHlsZS1wcmlvcml0eTo5 OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCDpooTorr7moLzlvI8gQ2hhciI7DQoJbWFyZ2luOjBj bTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZh bWlseToiQ291cmllciBOZXciO30NCnNwYW4uSFRNTENoYXINCgl7bXNvLXN0eWxlLW5hbWU6IkhU TUwg6aKE6K6+5qC85byPIENoYXIiOw0KCW1zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5 bGUtbGluazoiSFRNTCDpooTorr7moLzlvI8iOw0KCWZvbnQtZmFtaWx5OkNvbnNvbGFzO30NCnAu bXNvbm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5h bWU6bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDow Y207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZv bnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bh bi5tLTIwNTg3OTU0ODIyOTczNzM2ODFtLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3NjcyODAz MTE2NzMwNmdtYWlsLW05MDI2MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3Nzgy NTM0Z21haWwtaWwNCgl7bXNvLXN0eWxlLW5hbWU6bV8tMjA1ODc5NTQ4MjI5NzM3MzY4MW0tNjE2 Njk4NTgwNDYxNTI3OTM2Nm00MTMxMzc2NzI4MDMxMTY3MzA2Z21haWwtbTkwMjYzNjg4MDM3MTM4 NjMzNDlnbWFpbC1tLTUwNTcwMTA5MTIxNTc3ODI1MzRnbWFpbC1pbDt9DQpzcGFuLkVtYWlsU3R5 bGUyMQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIs c2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnAuSFRNTFByZWZvcm1hdHRlZCwgbGku SFRNTFByZWZvcm1hdHRlZCwgZGl2LkhUTUxQcmVmb3JtYXR0ZWQNCgl7bXNvLXN0eWxlLW5hbWU6 IkhUTUwgUHJlZm9ybWF0dGVkIjsNCgltc28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQg Q2hhciI7DQoJbWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXpl OjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLkhUTUxQ cmVmb3JtYXR0ZWRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFy IjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9y bWF0dGVkIjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCnNwYW4uZ3JleQ0KCXttc28t c3R5bGUtbmFtZTpncmV5O30NCnNwYW4uRW1haWxTdHlsZTI1DQoJe21zby1zdHlsZS10eXBlOnBl cnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9y OiMxRjQ5N0Q7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7 DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0 IDc5Mi4wcHQ7DQoJbWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIuMHB0IDcyLjBwdDt9DQpkaXYuV29y ZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUg bXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2 IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFw ZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4N CjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9 IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0 aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+ SGkgRXJpYywgUmFkaWEsIGFuZCBEZWJvcmFoLCA8bzpwPg0KPC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29s b3I6IzFGNDk3RCI+VGhhbmtzIGZvciB0aGUgZGlzY3Vzc2lvbi4gQ29uc2lkZXJpbmcgYWxsIHRo ZSBjb21tZW50cyByZWNlaXZlZCwgYmVsb3cgaXMgdGhlIG5ldyBwcm9wb3NlZCB0ZXh0IGZvciB0 aGlzIHBhcmFncmFwaDoNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTiI+Jm5ic3A7Jm5ic3A7IFRo aXMgZnJhbWV3b3JrIGFkZHJlc3NlcyB0aGUgZGVmaW5pdGlvbiBvZiBhbiBvcGVuIGFuZCBzdGFu ZGFyZGl6ZWQgaW50ZXJmYWNlIGZvciB0aGUNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj4mbmJzcDsmbmJzcDsmbmJzcDtyYWRpbyBs aW5rIGZ1bmN0aW9uYWxpdHkgaW4gYSBtaWNyb3dhdmUgbm9kZS4mbmJzcDsgVGhlIGFwcGxpY2F0 aW9uIG9mIHN1Y2ggYW4gaW50ZXJmYWNlIHVzZWQNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj4mbmJzcDsmbmJzcDsmbmJzcDtmb3Ig bWFuYWdlbWVudCBhbmQgY29udHJvbCBvZiBub2RlcyBhbmQgbmV0d29ya3MgdHlwaWNhbGx5IHZh cnkgZnJvbSBvbmUgb3BlcmF0b3INCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj4mbmJzcDsmbmJzcDsmbmJzcDt0byBhbm90aGVyLCBp biB0ZXJtcyBvZiB0aGUgc3lzdGVtcyB1c2VkIGFuZCBob3cgdGhleSBpbnRlcmFjdC4gUG9zc2li bGUgYXBwcm9hY2hlcw0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gbGFuZz0iRU4iPiZuYnNwOyZuYnNwOyZuYnNwO2luY2x1ZGUgdmlhIHRoZSB1c2Ug b2YgYSBuZXR3b3JrIG1hbmFnZW1lbnQgc3lzdGVtIChOTVMpLCB2aWEgc29mdHdhcmUgZGVmaW5l ZA0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4iPiZuYnNwOyZuYnNwOyZuYnNwO25ldHdvcmtpbmcgKFNETikgYW5kIHZpYSBzb21lIGNv bWJpbmF0aW9uIG9mIE5NUyBhbmQgU0ROLiBBcyB0aGVyZSBhcmUgc3RpbGwgbWFueTxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj4mbmJz cDsmbmJzcDsgbmV0d29ya3Mgd2hlcmUgdGhlIE5NUyBpcyBpbXBsZW1lbnRlZCBhcyBvbmUgY29t cG9uZW50L2ludGVyZmFjZSBhbmQgdGhlIFNETg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4iPiZuYnNwOyZuYnNwOyZuYnNwO2NvbnRy b2xsZXIgaXMgc2NvcGVkIHRvIGNvbnRyb2wgcGxhbmUgZnVuY3Rpb25hbGl0eSBhcyBhIHNlcGFy YXRlIGNvbXBvbmVudC9pbnRlcmZhY2UsDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTiI+Jm5ic3A7Jm5ic3A7Jm5ic3A7dGhpcyBkb2N1 bWVudCBkb2VzIG5vdCBwcmVjbHVkZSBlaXRoZXIgbW9kZWwuIFRoZSBhaW0gb2YgdGhpcyBkb2N1 bWVudCBpcyB0byBwcm92aWRlIGENCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj4mbmJzcDsmbmJzcDsmbmJzcDtmcmFtZXdvcmsgZGVz Y3JpYmluZyBib3RoIG1hbmFnZW1lbnQgYW5kIGNvbnRyb2wgb2YgbWljcm93YXZlIGludGVyZmFj ZXMgdG8gc3VwcG9ydDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIGxhbmc9IkVOIj4mbmJzcDsmbmJzcDsgZGV2ZWxvcG1lbnQgb2YgYSBjb21tb24gWUFO RyBEYXRhIE1vZGVsLiA8bzpwPg0KPC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+UGxl YXNlIGNoZWNrIGlmIHRoZSB0ZXh0IGlzIG9rLiA8bzpwPg0KPC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5UaGFua3MuIDxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJj b2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+QlIsPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkFt eTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTti b3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Gcm9tOjwvYj4gRXJpYyBHcmF5IFttYWlsdG86ZXJp Yy5ncmF5QGVyaWNzc29uLmNvbV0gPGJyPg0KPGI+U2VudDo8L2I+IFR1ZXNkYXksIE1heSAyMiwg MjAxOCAyOjU3IEFNPGJyPg0KPGI+VG86PC9iPiBSYWRpYSBQZXJsbWFuICZsdDtyYWRpYXBlcmxt YW5AZ21haWwuY29tJmd0Ozxicj4NCjxiPkNjOjwvYj4gWWVtaW4gKEFteSkgJmx0O2FteS55ZW1p bkBodWF3ZWkuY29tJmd0OzsgVGhlIElFU0cgJmx0O2llc2dAaWV0Zi5vcmcmZ3Q7OyBjY2FtcEBp ZXRmLm9yZzsgc2VjZGlyQGlldGYub3JnOyBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt ZXdvcmsuYWxsQHRvb2xzLmlldGYub3JnPGJyPg0KPGI+U3ViamVjdDo8L2I+IFJFOiBbQ0NBTVBd IFNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1 PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86 cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5Tbywgb25lIGNvdWxkIHJl YWQgdGhpcyBhcyBzYXlpbmcgdGhhdCBzb21lIHBlb3BsZSB2aWV3IG5ldHdvcmsgbWFuYWdlbWVu dCAoZS5nLiDigJMgdXNlIG9mIGFuIE5NUykgYW5kIGNlbnRyYWxpemVkIG5ldHdvcmsgY29udHJv bCAoZS5nLiDigJMgU0ROKSBhcyBiZWluZyBzb21laG93IGF0IGxlYXN0IG1hcmdpbmFsbHkgZGlz dGluY3QsIHlldCBiZWNvbWluZyBpbmNyZWFzaW5nbHkgbGVzcyBzby4mbmJzcDsgT3RoZXIgcGVv cGxlDQogdmlldyB0aGVtIGFzIGNvbXBsZXRlbHkgZGlzam9pbnQsIHBlcmhhcHMgaGF2aW5nIGEg cHJlZmVyZW5jZSwgYW5kIHdvdWxkIGxpa2UgdGhlbSB0byBjb250aW51ZSBiZWluZyBjb25zaWRl cmVkIGNvbXBsZXRlbHkgc2VwYXJhdGUgYW5kIGRpc3RpbmN0IGNvbmNlcHRzLjxvOnA+PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj5XaGlsZSBJIHRoaW5rIGl0IGlzIHByb2JhYmx5IGZhaXIgdG8gc2F5IHRo YXQgdGhpcyBpcyB2ZXJ5IGxpa2VseSB0cnVlLCB0aGlzIGhhcyBhbGwgdGhlIGVhciBtYXJrcyBv ZiBiZWluZyBhIHJhdCBob2xlLCBhbmQgSSBjYW5ub3QgaW1hZ2luZSB3aGF0IHZhbHVlIHRoZSBw cm9wb3NlZCB0ZXh0IGFkZHMgdG8gdGhlIGRyYWZ0LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5B cyBJIHVuZGVyc3RhbmQgaXQsIHRoZSBpbnRlbnQgd2FzIHRvIGNsYXJpZnkgc29tZXRoaW5nIHRv IGRvIHdpdGggdGhlIGZvbGxvd2luZyB0ZXh0OjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlzIj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQt ZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlz Ij48c3BhbiBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1 b3Q7Ij4mbmJzcDsmbmJzcDsgVGhpcyBmcmFtZXdvcmsgYWRkcmVzc2VzIHRoZSBkZWZpbml0aW9u IG9mIGFuIG9wZW4gYW5kIHN0YW5kYXJkaXplZDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJwYWdlLWJyZWFrLWJlZm9yZTphbHdheXMiPjxzcGFuIGxh bmc9IkVOIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPiZuYnNw OyZuYnNwOyBpbnRlcmZhY2UgZm9yIHRoZSByYWRpbyBsaW5rIGZ1bmN0aW9uYWxpdHkgaW4gYSBt aWNyb3dhdmUgbm9kZS4mbmJzcDsgVGhlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9InBhZ2UtYnJlYWstYmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0i RU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5i c3A7IGFwcGxpY2F0aW9uIG9mIHN1Y2ggYW4gaW50ZXJmYWNlIHVzZWQgZm9yIG1hbmFnZW1lbnQg YW5kIGNvbnRyb2wgb2Y8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlzIj48c3BhbiBsYW5nPSJFTiIgc3R5bGU9 ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij4mbmJzcDsmbmJzcDsgbm9kZXMg YW5kIG5ldHdvcmtzIHR5cGljYWxseSB2YXJ5IGZyb20gb25lIG9wZXJhdG9yIHRvIGFub3RoZXIs IGluPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InBh Z2UtYnJlYWstYmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWls eTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5ic3A7IHRlcm1zIG9mIHRoZSBzeXN0 ZW1zIHVzZWQgYW5kIGhvdyB0aGV5IGludGVyYWN0LiZuYnNwOyBBIHRyYWRpdGlvbmFsPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InBhZ2UtYnJlYWst YmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtD b3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5ic3A7IHNvbHV0aW9uIGlzIG5ldHdvcmsgbWFuYWdl bWVudCBzeXN0ZW0sIHdoaWxlIGFuIGVtZXJnaW5nIG9uZSBpcyBTRE4uPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InBhZ2UtYnJlYWstYmVmb3JlOmFs d2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5l dyZxdW90OyI+Jm5ic3A7Jm5ic3A7IFNETiBzb2x1dGlvbnMgY2FuIGJlIHVzZWQgYXMgcGFydCBv ZiB0aGUgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0icGFnZS1icmVhay1iZWZvcmU6YWx3YXlzIj48c3Bh biBsYW5nPSJFTiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij4m bmJzcDsmbmJzcDsgYWxsb3dpbmcgZm9yIGRpcmVjdCBuZXR3b3JrIHByb2dyYW1tYWJpbGl0eSBh bmQgYXV0b21hdGVkPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9InBhZ2UtYnJlYWstYmVmb3JlOmFsd2F5cyI+PHNwYW4gbGFuZz0iRU4iIHN0eWxlPSJm b250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90OyI+Jm5ic3A7Jm5ic3A7IGNvbmZpZ3Vy YWJpbGl0eSBieSBtZWFucyBvZiBhIGNlbnRyYWxpemVkIFNETiBjb250cm9sIGFuZDxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJwYWdlLWJyZWFrLWJl Zm9yZTphbHdheXMiPjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291 cmllciBOZXcmcXVvdDsiPiZuYnNwOyZuYnNwOyBzdGFuZGFyZGl6ZWQgaW50ZXJmYWNlcyB0byBw cm9ncmFtIHRoZSBub2Rlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4iPllvdXIgY29tbWVudCB3YXMgdGhhdCB0aGUg ZGlzdGluY3Rpb24gaXMgbm90IGNsZWFyLiZuYnNwOyBUaGF0IGlzIGEgZmFpciBwb2ludC4mbmJz cDsgQW5kIGl0IGlzIHByb2JhYmx5IG5vdCBhZGRyZXNzZWQgYnkgdGhlIHByb3Bvc2FsLjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTiI+SSB3b3VsZCBmdXJ0aGVyIGFkZCB0aGF0IHVzaW5nIGVtb3Rpb25hbGx5IGZyZWln aHRlZCBleHByZXNzaW9ucyAo4oCcY2xhc3NpY+KAnS/igJ1sZWdhY3nigJ0v4oCddHJhZGl0aW9u YWzigJ0gdmVyc2VzIOKAnGlubm92YXRpdmXigJ0v4oCdbm92ZWzigJ0v4oCdZW1lcmdpbmfigJ0p IGRvZXNu4oCZdCBoZWxwIGFuZCByZWFsbHkgaXNu4oCZdCBhcHByb3ByaWF0ZSBpbiBzcGVjaWZp Y2F0aW9uLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IkVOIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTiI+SSBzdXNwZWN0IHRoYXQgdGhlIHJlYXNvbiBmb3IgY2xhaW1p bmcgYSBkaXN0aW5jdGlvbiBleGlzdHMgKGhvd2V2ZXIgZGlmZmljdWx0IGl0IG1heSBiZSB0byBj aGFyYWN0ZXJpemUgdGhhdCBkaXN0aW5jdGlvbikgaXMgaW4gdGhlIHBhcnQgb2YgdGhlIGFib3Zl IHRleHQgaGF2aW5nIHRvIGRvIHdpdGggb3BlcmF0b3IgcHJlZmVyZW5jZXMuJm5ic3A7IFRoZXNl IGRlZmluaXRlbHkgZG8gZXhpc3QuJm5ic3A7DQo8L3NwYW4+PHNwYW4gbGFuZz0iRU4iIHN0eWxl PSJmb250LWZhbWlseTomcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDssc2VyaWYiPvCfmIo8L3Nw YW4+PHNwYW4gbGFuZz0iRU4iPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIGxhbmc9IkVOIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTiI+UGVyaGFwcyBhIGdvb2Qgd2F5IHRvIGFk ZHJlc3MgdGhlIGlzc3VlIGlzIHRvIHJlcGxhY2UgdGhlIGxhc3QgdHdvIHNlbnRlbmNlcyBpbiB0 aGUgdGV4dCBhYm92ZSB3aXRoIHNvbWV0aGluZyBhbG9uZyB0aGUgbGluZXMgb2Y6PG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4iPjxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9 IkVOIj4mbmJzcDsmbmJzcDsmbmJzcDsgPC9zcGFuPjxzcGFuIGxhbmc9IkVOIiBzdHlsZT0iZm9u dC1mYW1pbHk6Q291cmllciI+4oCcUG9zc2libGUgYXBwcm9hY2hlcyBpbmNsdWRlIHZpYSB0aGUg dXNlIG9mIGEgbmV0d29yayBtYW5hZ2VtZW50IHN5c3RlbSAoTk1TKSwgdmlhIHNvZnR3YXJlIGRl ZmluZWQgbmV0d29ya2luZyAoU0ROKSBhbmQgdmlhIHNvbWUgY29tYmluYXRpb24gb2YgTk1TIGFu ZCBTRE4u4oCdPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gbGFuZz0iRU4iPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIGxhbmc9IkVOIj5Ob3RlIHRoYXQg4oCcYXV0b21hdGVkIGNvbmZpZ3VyYWJp bGl0eeKAnSBpcyA8Yj4NCjxpPjx1Pm5vdDwvdT48L2k+PC9iPiBhIG5ldyBjb25jZXB0IGluIGNv bmZpZ3VyYXRpb24gb2YgbmV0d29yayBkZXZpY2VzLCB1bmlxdWUgdG8gU0ROLCBoZW5jZSB0aGUg bGFzdCBwYXJ0IG9mIHRoZSBmaW5hbCBzZW50ZW5jZSAoc3RhcnRpbmcgd2l0aCDigJxhbGxvd2lu ZyBmb3Ig4oCm4oCdKSBhZGRzIG5vIHZhbHVlIGFuZCBzaG91bGQgYmUgbGVmdCBvdXQuPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4iPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxh bmc9IkVOIj4tLTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIGxhbmc9IkVOIj5FcmljPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Gcm9t OjwvYj4gUmFkaWEgUGVybG1hbiBbPGEgaHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5j b20iPm1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tPC9hPl0NCjxicj4NCjxiPlNlbnQ6PC9i PiBTYXR1cmRheSwgTWF5IDE5LCAyMDE4IDExOjM1IFBNPGJyPg0KPGI+VG86PC9iPiBFcmljIEdy YXkgJmx0OzxhIGhyZWY9Im1haWx0bzplcmljLmdyYXlAZXJpY3Nzb24uY29tIj5lcmljLmdyYXlA ZXJpY3Nzb24uY29tPC9hPiZndDs8YnI+DQo8Yj5DYzo8L2I+IFllbWluIChBbXkpICZsdDs8YSBo cmVmPSJtYWlsdG86YW15LnllbWluQGh1YXdlaS5jb20iPmFteS55ZW1pbkBodWF3ZWkuY29tPC9h PiZndDs7IFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyI+aWVzZ0Bp ZXRmLm9yZzwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOmNjYW1wQGlldGYub3JnIj5jY2FtcEBp ZXRmLm9yZzwvYT47IDxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciPg0Kc2VjZGlyQGll dGYub3JnPC9hPjsgPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZy YW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmciPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUt ZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6 IFtDQ0FNUF0gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFt ZXdvcmstMDU8YnI+DQo8Yj5JbXBvcnRhbmNlOjwvYj4gSGlnaDxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+SGkgRXJpYyw8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPkkgZmVlbCBiYWQgZm9yIHRoZSBhdXRob3JzIG9mIHRoaXMgZG9jdW1lbnQgdG8g YmUgYnVyZGVuZWQgd2l0aCBjbGFyaWZ5aW5nIGEgZGlzdGluY3Rpb24gdGhhdCBoYXMgbmV2ZXIg YmVlbiBjbGVhciBiZWZvcmUgKHRvIGxvdHMgb2YgcGVvcGxlLCBpbmNsdWRpbmcgbWUpLCZuYnNw OyBidXQgdGhlaXIgcHJvcG9zZWQgdGV4dCBkb2Vzbid0IG1ha2UgaXQgY2xlYXJlci48bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+JnF1b3Q7IDxz cGFuIHN0eWxlPSJmb250LXNpemU6OS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDss c2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEO2JhY2tncm91bmQ6d2hpdGUiPg0K4oCcSXQncyBub3Rl ZCB0aGF0IHRoZXJlJ3MgaWRlYSB0aGF0IHRoZSBOTVMgYW5kIFNETiBhcmUgZXZvbHZpbmcgdG93 YXJkcyBhIGNvbXBvbmVudCwgYW5kIHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVuIHRoZW0gaXMgcXVp dGUgdmFndWUuIEFub3RoZXIgZmFjdCBpcyB0aGF0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBu ZXR3b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRp b24gb2YgdGhlIG1hbmFnZW1lbnQNCiBwbGFuZSwgd2hpbGUgU0ROIGlzIGNvbnNpZGVyZWQgYXMg dGhlIGNlbnRyYWxpemF0aW9uIG9mIHRoZSBjb250cm9sIHBsYW5lLiBUaGV5IGFyZSBzdGlsbCBr ZXB0IGFzIHNlcGFyYXRlIGNvbXBvbmVudCZxdW90Ozwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZTo5LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMx RjQ5N0Q7YmFja2dyb3VuZDp3aGl0ZSI+Jm5ic3A7RG8geW91IChvciBhbnlvbmUgZWxzZSkgaGF2 ZSBhIHN1Z2dlc3Rpb24gZm9yIHRleHQgdGhhdCBhY2tub3dsZWRnZXMgdG8gdGhlIHJlYWRlciB0 aGF0IGl0J3Mgbm90IHRoZSByZWFkZXIncyBmYXVsdCBmb3Igbm90IHVuZGVyc3RhbmRpbmcgdGhl IGRpZmZlcmVuY2U/PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuNXB0O2NvbG9yOiMxRjQ5 N0QiPkl0IHdvdWxkIGJlIE9LIHdpdGggbWUgZm9yIHRoZW0gdG8gbGVhdmUgb3V0Jm5ic3A7IHRo ZSBleHRyYSBlbnRpcmVseSwgc2luY2UgSSdtIHN1cmUgdGhpcyBpc24ndCB0aGUgZmlyc3QgUkZD IHdob3NlIHZlcmJpYWdlIGNsYWltcyBTRE4gYW5kIE5NUyBhcmUgdHdvIGRpZmZlcmVudCBjb25j ZXB0cy4gQnV0IGlmIEkgd2VyZSB0cnlpbmcgdG8NCiBnZXQgdXAgdG8gc3BlZWQgYWJvdXQgdGhp cyBhcmVhIGJ5IHJlYWRpbmcgdGhlIGRvY3VtZW50cywgSSdkIGJlIHNvbWV3aGF0IGNvbWZvcnRl ZCBieSBhbiBhY2tub3dsZWRnZW1lbnQgKHN1Y2ggYXMgdGhlIHRleHQgdGhleSBwcm9wb3NlLCBi dXQgd2l0aCB0aGUgRW5nbGlzaCBmaXhlZCkgdGhhdCB0aGVzZSBhcmUgZnV6enkgZGlzdGluY3Rp b25zLCBzbyBJIHdvdWxkbid0IHRoaW5rIGl0IHdhcyBqdXN0IG1lLi4uLnRoYXQgaWYgSSBvbmx5 IHJlYWQNCiBtb3JlIHRoaW5ncywgb3IgdGhvdWdodCBoYXJkZXIsIG9yIGhhZCBtb3JlIGJhY2tn cm91bmQsIHRoZSBkaXN0aW5jdGlvbiB3b3VsZCBiZSBjbGVhci4mbmJzcDs8L3NwYW4+PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNw OzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6OS41cHQ7Y29sb3I6IzFGNDk3RCI+UmFkaWE8L3NwYW4+PG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk9uIEZy aSwgTWF5IDE4LCAyMDE4IGF0IDE6MjcgUE0sIEVyaWMgR3JheSAmbHQ7PGEgaHJlZj0ibWFpbHRv OmVyaWMuZ3JheUBlcmljc3Nvbi5jb20iIHRhcmdldD0iX2JsYW5rIj5lcmljLmdyYXlAZXJpY3Nz b24uY29tPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8YmxvY2txdW90ZSBzdHlsZT0i Ym9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAw Y20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJp Z2h0OjBjbTttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t LWFsdDphdXRvIj5IaSBSYWRpYS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0 byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkkgYWdyZWUg dGhhdCB0aGUgRW5nbGlzaCBpcyBhd2t3YXJkLCBidXQgSSB3b3VsZCBoYXZlIGludGVycHJldGVk IOKAnGV2b2x2aW5nIHRvd2FyZCBhIGNvbXBvbmVudOKAnSB0byBtZWFuIHNvbWV0aGluZyBtb3Jl IGFsb25nIHRoZSBsaW5lcyBvZiBldm9sdmluZyB0b3dhcmQgdGhlIHNhbWUgKHNpbmd1bGFyKSB0 aGluZy4mbmJzcDsNCiBPciBwZXJoYXBzIGFub3RoZXIgd2F5IHRvIGxvb2sgYXQgaXQgbWlnaHQg YmUgdGhhdCwgYmVjYXVzZSBZQU5HIGlzIGJlY29taW5nIGEgbW9yZSBwb3B1bGFyIG1lY2hhbmlz bSBmb3IgYm90aCBOTVMgYW5kIFNETiwgaXQgaXMgbGlrZWx5IHRoYXQgb25lIG9yIGJvdGggb2Yg dGhlc2UgbWF5IGJlY29tZSBjb21wb25lbnRzIG9mIGEgY29tbW9uIG1hbmFnZW1lbnQgZnJhbWV3 b3JrLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SSB3b3VsZCBpbnRlcnByZXQgaXQgdGhp cyB3YXkgcHJlY2lzZWx5IGJlY2F1c2Ug4oCTIGFzIHlvdSBzYXkg4oCTIHRoZSBkaXN0aW5jdGlv biBpcyBub3QgYXQgYWxsIGNsZWFyLCB0aG91Z2ggSSB3b3VsZCBhZGQgdGhhdCAodG8gc29tZSBv ZiB1cykgdGhlIGRpc3RpbmN0aW9uIGhhcyBuZXZlciBiZWVuIHZlcnkgY2xlYXIuJm5ic3A7DQo8 c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7LHNlcmlm Ij7wn5iKPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJz cDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Rm9yIHRoaXMgcmVhc29u LCBJIHdvdWxkIGhhdmUgc29tZSBzbWFsbCBkaWZmaWN1bHR5IGluIHNlZWluZyBob3cgaXQgd291 bGQgbWFrZSBtdWNoIHNlbnNlIHRvIHNheSB0aGF0IHRoZXkgYXJlIGV2b2x2aW5nIHRvd2FyZCBp bmNyZWFzaW5nIHNpbWlsYXJpdHkuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4tLTxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5FcmljPG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t LWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4gQ0NBTVAgW21haWx0bzo8YSBocmVmPSJtYWlsdG86Y2Nh bXAtYm91bmNlc0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmNjYW1wLWJvdW5jZXNAaWV0Zi5v cmc8L2E+XQ0KPGI+T24gQmVoYWxmIE9mIDwvYj5SYWRpYSBQZXJsbWFuPGJyPg0KPGI+U2VudDo8 L2I+IEZyaWRheSwgTWF5IDE4LCAyMDE4IDEyOjMwIEFNPGJyPg0KPGI+VG86PC9iPiBZZW1pbiAo QW15KSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmFteS55ZW1pbkBodWF3ZWkuY29tIiB0YXJnZXQ9Il9i bGFuayI+YW15LnllbWluQGh1YXdlaS5jb208L2E+Jmd0Ozxicj4NCjxiPkNjOjwvYj4gVGhlIElF U0cgJmx0OzxhIGhyZWY9Im1haWx0bzppZXNnQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aWVz Z0BpZXRmLm9yZzwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOmNjYW1wQGlldGYub3JnIiB0YXJn ZXQ9Il9ibGFuayI+Y2NhbXBAaWV0Zi5vcmc8L2E+OyA8YSBocmVmPSJtYWlsdG86c2VjZGlyQGll dGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+DQpzZWNkaXJAaWV0Zi5vcmc8L2E+OyA8YSBocmVmPSJt YWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRm Lm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3 b3JrLmFsbEB0b29scy5pZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtDQ0FN UF0gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmst MDU8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286 cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5UaGFuayB5b3UhJm5ic3A7IFRo b3VnaCB3aGF0IHlvdSdyZSBzdWdnZXN0aW5nIGlzIGF3a3dhcmQgRW5nbGlzaC48bzpwPjwvbzpw PjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7 PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlBl cmhhcHMgJnF1b3Q7V2Ugbm90ZSB0aGF0IHRoZSBkaXN0aW5jdGlvbiBiZXR3ZWVuIE5NUyBhbmQg U0ROIGlzIG5vdCBhbGwgdGhhdCBjbGVhciwgYW5kIHRoZSB0d28gYXJlIGV2b2x2aW5nIHRvIGJl IG1vcmUgYW5kIG1vcmUgc2ltaWxhci4mcXVvdDsgY291bGQgcmVwbGFjZSB0aGUgZmlyc3Qgc2Vu dGVuY2UuJm5ic3A7IEknbSByZWFsbHkNCiBub3Qgc3VyZSB3aGF0IHlvdSBtZWFudCBieSAmcXVv dDtldm9sdmluZyB0b3dhcmQgYSBjb21wb25lbnQmcXVvdDssIHNvIHBlcmhhcHMgSSdtIG5vdCBj YXB0dXJpbmcgd2hhdCB5b3UgYXJlIGludGVuZGluZyB0byBzYXkuPG86cD48L286cD48L3A+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5SYWRpYTxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K PGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwv bzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPk9uIFRodSwgTWF5IDE3LCAy MDE4IGF0IDc6MDMgUE0sIFllbWluIChBbXkpICZsdDs8YSBocmVmPSJtYWlsdG86YW15LnllbWlu QGh1YXdlaS5jb20iIHRhcmdldD0iX2JsYW5rIj5hbXkueWVtaW5AaHVhd2VpLmNvbTwvYT4mZ3Q7 IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2Jv cmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowY20gMGNtIDBjbSA2LjBwdDtt YXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1yaWdodDowY207bWFyZ2lu LWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNw YW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkhpIFJhZGlhLA0KPC9zcGFuPjxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5i c3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBz dHlsZT0iY29sb3I6IzFGNDk3RCI+V2UganVzdCB1cGRhdGVkIHRoZSBkcmFmdCwNCjxhIGhyZWY9 Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWljcm93 YXZlLWZyYW1ld29yay8iIHRhcmdldD0iX2JsYW5rIj4NCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0 Zi5vcmcvZG9jL2RyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay88L2E+LiA8L3Nw YW4+DQo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9 ImNvbG9yOiMxRjQ5N0QiPllvdXIgY29tbWVudHMgYXJlIGFkZHJlc3NlZCBpbiB0aGUgbGF0ZXN0 IHZlcnNpb24uDQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5CUiw8 L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxl PSJjb2xvcjojMUY0OTdEIj5BbXk8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdiBz dHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6 My4wcHQgMGNtIDBjbSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj5Gcm9tOjwvYj4g WWVtaW4gKEFteSkNCjxicj4NCjxiPlNlbnQ6PC9iPiBUaHVyc2RheSwgTWF5IDEwLCAyMDE4IDQ6 MDcgUE08YnI+DQo8Yj5Ubzo8L2I+ICdEYW5pZWxlIENlY2NhcmVsbGknICZsdDs8YSBocmVmPSJt YWlsdG86ZGFuaWVsZS5jZWNjYXJlbGxpQGVyaWNzc29uLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmRh bmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5jb208L2E+Jmd0OzsgUmFkaWEgUGVybG1hbiAmbHQ7 PGEgaHJlZj0ibWFpbHRvOnJhZGlhcGVybG1hbkBnbWFpbC5jb20iIHRhcmdldD0iX2JsYW5rIj5y YWRpYXBlcmxtYW5AZ21haWwuY29tPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0 Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJf YmxhbmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLmFsbEB0b29scy5p ZXRmLm9yZzwvYT47IFRoZSBJRVNHICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIg dGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpz ZWNkaXJAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJyPg0K PGI+U3ViamVjdDo8L2I+IFJFOiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWlj cm93YXZlLWZyYW1ld29yay0wNTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5IaSBSYWRpYSwNCjwvc3Bhbj48bzpw PjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMx RjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0 byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPlRoYW5rcyBmb3IgeW91ciByZXZpZXcuDQo8 L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxl PSJjb2xvcjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5SZWdhcmRpbmcgdGhlIE5N UyBhbmQgU0ROLCBhcyBEYW5pZWxlIHN1Z2dlc3RlZCwgd2Ugd2lsbCBhZGQgdGhlIGZvbGxvd2lu ZyB0ZXh0IGluIHNlY3Rpb24gMzoNCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPuKAnEl0J3Mgbm90ZWQgdGhh dCB0aGVyZSdzIGlkZWEgdGhhdCB0aGUgTk1TIGFuZCBTRE4gYXJlIGV2b2x2aW5nIHRvd2FyZHMg YSBjb21wb25lbnQsIGFuZCB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGVtIGlzIHF1aXRlIHZh Z3VlLiBBbm90aGVyIGZhY3QgaXMNCiB0aGF0IHRoZXJlIGlzIHN0aWxsIHBsZW50eSBvZiBuZXR3 b3JrcyB3aGVyZSBOTVMgaXMgc3RpbGwgY29uc2lkZXJlZCBhcyB0aGUgaW1wbGVtZW50YXRpb24g b2YgdGhlIG1hbmFnZW1lbnQgcGxhbmUsIHdoaWxlIFNETiBpcyBjb25zaWRlcmVkIGFzIHRoZSBj ZW50cmFsaXphdGlvbiBvZiB0aGUgY29udHJvbCBwbGFuZS4gVGhleSBhcmUgc3RpbGwga2VwdCBh cyBzZXBhcmF0ZSBjb21wb25lbnQu4oCdPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6 IzFGNDk3RCI+UmVnYXJkaW5nIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucywgeWVzLCB0aGlz IGRyYWZ0IGRvZXNu4oCZdCBzcGVjaWZ5IHRoZSBwYXJhbWV0ZXJzLg0KPC9zcGFuPjxvOnA+PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3 RCI+VGhlcmXigJlzIGFub3RoZXIgZHJhZnQgZHJhZnQtaWV0Zi1jY2FtcC1tdy15YW5nLCB3aGVy ZSB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbiBpcyBhZGRyZXNzZWQgYXMgeW91IHN1Z2dlc3Rl ZC4NCjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4g c3R5bGU9ImNvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkJSLDwvc3Bhbj48 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImNvbG9y OiMxRjQ5N0QiPkFteTwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJi b3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAw Y20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxiPkZyb206PC9iPiBEYW5pZWxl IENlY2NhcmVsbGkgWzxhIGhyZWY9Im1haWx0bzpkYW5pZWxlLmNlY2NhcmVsbGlAZXJpY3Nzb24u Y29tIiB0YXJnZXQ9Il9ibGFuayI+bWFpbHRvOmRhbmllbGUuY2VjY2FyZWxsaUBlcmljc3Nvbi5j b208L2E+XQ0KPGJyPg0KPGI+U2VudDo8L2I+IE1vbmRheSwgTWF5IDA3LCAyMDE4IDU6NDYgUE08 YnI+DQo8Yj5Ubzo8L2I+IFJhZGlhIFBlcmxtYW4gJmx0OzxhIGhyZWY9Im1haWx0bzpyYWRpYXBl cmxtYW5AZ21haWwuY29tIiB0YXJnZXQ9Il9ibGFuayI+cmFkaWFwZXJsbWFuQGdtYWlsLmNvbTwv YT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1l d29yay5hbGxAdG9vbHMuaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj4NCmRyYWZ0LWlldGYtY2Nh bXAtbWljcm93YXZlLWZyYW1ld29yay5hbGxAdG9vbHMuaWV0Zi5vcmc8L2E+OyBUaGUgSUVTRyAm bHQ7PGEgaHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5pZXNnQGll dGYub3JnPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86c2VjZGlyQGlldGYub3JnIiB0YXJnZXQ9 Il9ibGFuayI+c2VjZGlyQGlldGYub3JnPC9hPjxicj4NCjxiPlN1YmplY3Q6PC9iPiBSRTogU2Vj ZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNw OzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+ SGkgUmFkaWEsPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPmxldCBtZSByZXBseSBvbiBiZWhhbGYgb2YgdGhlIGF1 dGhvcnMuIEZpcnN0IG9mIGFsbCBtYW55IHRoYW5rcyBmb3IgeW91ciByZXZpZXcuPG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj5SZWdhcmRpbmcgeW91ciBxdWVzdGlvbiBhYm91dCB0cmFkaXRp b25hbCBOTVMgdnMgU0ROIEkgYWdyZWUgd2l0aCB5b3Ugb24gdGhlIGZhY3QgdGhhdCB0aGV5IGFy ZSBldm9sdmluZyB0b3dhcmRzIGEgY29tbW9uIGNvbXBvbmVudCBhbmQgdGhlIGRpc3RpbmN0aW9u IGlzIHF1aXRlIGJsdXJyeSwgYnV0IHRoZXJlDQogaXMgc3RpbGwgcGxlbnR5IG9mIG5ldHdvcmtz IHdoZXJlIE5NUyBpcyBzdGlsbCBjb25zaWRlcmVkIGFzIHRoZSBpbXBsZW1lbnRhdGlvbiBvZiB0 aGUgbWFuYWdlbWVudCBwbGFuZSB3aGlsZSBTRE4gdGhlIGNlbnRyYWxpemF0aW9uIG9mIHRoZSBj b250cm9sIHBsYW5lIGFuZCB0aGV5IGFyZSBzdGlsbCBrZXB0IGFzIHNlcGFyYXRlIHRoaW5ncy48 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkhlbmNlLCBzaW5jZSB0aGUgYXV0aG9ycyBzcGVh ayBhYm91dCDigJx0cmFkaXRpb25hbOKAnSBOTVMgYW5kIFNETiBJIHdvdWxkIHRlbmQgdG8gYWxs b3cgZm9yIHRoZSBkaXN0aW5jdGlvbiB0byBiZSBrZXB0LiBJZiB5b3UgcHJlZmVyIGEgbm90ZSBz cGVha2luZyBhYm91dCB0aGUgY29udmVyZ2VuY2Ugb2YgdGhlIHR3bw0KIHRoaW5ncyBjYW4gYmUg YWRkZWQuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5UaGFua3MgYSBsb3Q8bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+RGFuaWVsZSZuYnNwOyAoY2NhbXAgY28tY2hh aXIpPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1ZSAx LjVwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3Jk ZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20g MGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxiPkZyb206PC9iPiBSYWRpYSBQZXJs bWFuIFs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNvbSIgdGFyZ2V0PSJfYmxh bmsiPm1haWx0bzpyYWRpYXBlcmxtYW5AZ21haWwuY29tPC9hPl0NCjxicj4NCjxiPlNlbnQ6PC9i PiBsdW5lZMOsIDcgbWFnZ2lvIDIwMTggMDg6NTU8YnI+DQo8Yj5Ubzo8L2I+IDxhIGhyZWY9Im1h aWx0bzpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmsuYWxsQHRvb2xzLmlldGYu b3JnIiB0YXJnZXQ9Il9ibGFuayI+DQpkcmFmdC1pZXRmLWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdv cmsuYWxsQHRvb2xzLmlldGYub3JnPC9hPjsgVGhlIElFU0cgJmx0OzxhIGhyZWY9Im1haWx0bzpp ZXNnQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aWVzZ0BpZXRmLm9yZzwvYT4mZ3Q7Ow0KPGEg aHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNlY2RpckBpZXRm Lm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gU2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRm LWNjYW1wLW1pY3Jvd2F2ZS1mcmFtZXdvcmstMDU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9k aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+ PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5n PSJJVCI+U29ycnkuLi5yZXNlbmRpbmcgYmVjYXVzZSBJIG1pc3R5cGVkIHRoZSBhdXRob3IgYWRk cmVzcy48L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5ic3A7PC9zcGFu PjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttYXJnaW4tYm90dG9tOjEyLjBwdCI+PHNwYW4gbGFuZz0iSVQi Pi0tLS0tLS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLTxicj4NCkZyb206IDxiPlJh ZGlhIFBlcmxtYW48L2I+ICZsdDs8YSBocmVmPSJtYWlsdG86cmFkaWFwZXJsbWFuQGdtYWlsLmNv bSIgdGFyZ2V0PSJfYmxhbmsiPnJhZGlhcGVybG1hbkBnbWFpbC5jb208L2E+Jmd0Ozxicj4NCkRh dGU6IFN1biwgTWF5IDYsIDIwMTggYXQgMTE6NDggUE08YnI+DQpTdWJqZWN0OiBTZWNkaXIgcmV2 aWV3IG9mIGRyYWZ0LWlldGYtY2NhbXAtbWljcm93YXZlLWZyYW1ld29yay0wNTxicj4NClRvOiA8 YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1jY2FtcC1taWNyb3dhdmUtZnJhbWV3b3JrLTA1LmFs bEB0b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0KZHJhZnQtaWV0Zi1jY2FtcC1taWNy b3dhdmUtZnJhbWV3b3JrLTA1LmFsbEB0b29scy5pZXRmLm9yZzwvYT4sIFRoZSBJRVNHICZsdDs8 YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5v cmc8L2E+Jmd0OywNCjxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciIHRhcmdldD0iX2Js YW5rIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJmb250LXNpemU6OS41 cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIy Ij5TdW1tYXJ5OiZuYnNwOyBObyBzZWN1cml0eSBpc3N1ZXMgZm91bmQsIGJ1dCBJIGRvIGhhdmUg cXVlc3Rpb25zLCBhbmQgdGhlcmUgYXJlIGVkaXRpbmcgZ2xpdGNoZXM8L3NwYW4+PG86cD48L286 cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5i c3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImZvbnQtc2l6ZTo5LjVwdDtmb250LWZhbWls eTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyMjIyMjIiPkkgaGF2ZSByZXZp ZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mg b25nb2luZzxicj4NCmVmZm9ydCB0byZuYnNwOzxzcGFuIGNsYXNzPSJtLTIwNTg3OTU0ODIyOTcz NzM2ODFtLTYxNjY5ODU4MDQ2MTUyNzkzNjZtNDEzMTM3NjcyODAzMTE2NzMwNmdtYWlsLW05MDI2 MzY4ODAzNzEzODYzMzQ5Z21haWwtbS01MDU3MDEwOTEyMTU3NzgyNTM0Z21haWwtaWwiPnJldmll dzwvc3Bhbj4mbmJzcDthbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJ RVNHLiZuYnNwOyBUaGVzZTxicj4NCmNvbW1lbnRzIHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9y IHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBhcmVhPGJyPg0KZGlyZWN0b3JzLiZuYnNwOyBE b2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRz IGp1c3Q8YnI+DQpsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwgY29tbWVudHMuPC9zcGFuPjxzcGFu IGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxh bmc9IklUIj5UaGlzIGRvY3VtZW50IGRlc2NyaWJlcyB0aGUgbWFuYWdlbWVudCBpbnRlcmZhY2Ug Zm9yIG1pY3Jvd2F2ZSByYWRpbyBsaW5rcy48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5JdCBhZHZvY2F0 ZXMgKGNvcnJlY3RseSwgSSBiZWxpZXZlKSB0aGF0IHN1Y2ggYW4gaW50ZXJmYWNlIHNob3VsZCBi ZSBleHRlbnNpYmxlIHRvIHByb3ZpZGUgZm9yIHZlbmRvci1zcGVjaWZpYyBmZWF0dXJlcy48L3Nw YW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5JIGRvbid0IHVuZGVy c3RhbmQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhICZxdW90O2EgdHJhZGl0aW9uYWwgbmV0d29y ayBtYW5hZ2VtZW50IHN5c3RlbSZxdW90OyBhbmQgU0ROLiZuYnNwOyBQZXJoYXBzIGl0IGlzIG5v dCB0aGUgam9iIG9mIHRoaXMgZG9jdW1lbnQgdG8gY2xlYXJseSBtYWtlIHRoZSBkaXN0aW5jdGlv biwNCiBhbmQgSSBzdXNwZWN0IHRoZXJlIGlzIG5vIHJlYWwgZGlzdGluY3Rpb24uLi5zZXR0aW5n IHBhcmFtZXRlcnMgKHRyYWRpdGlvbmFsIG5ldHdvcmsgbWFuYWdlbWVudCkgaXMgYSB3YXkgb2Yg JnF1b3Q7cHJvZ3JhbW1pbmcmcXVvdDsgYW4gaW50ZXJmYWNlICgmcXVvdDtTRE4mcXVvdDspLiZu YnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPlRoaXMg ZG9jdW1lbnQgY291bGQgdXNlIGFuIGVkaXRpbmcgcGFzcyBmb3IgZ2xpdGNoZXMsIGJ1dCB0aGVz ZSBnbGl0Y2hlcyBkbyBub3QgaW1wYWN0IGl0cyByZWFkYWJpbGl0eS48L3NwYW4+PG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9 IklUIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj5UaGUgZ2xpdGNoZXMgY29uc2lzdCZuYnNw OyBtb3N0bHkgb2YgbGVhdmluZyBvdXQgbGl0dGxlIHdvcmRzIGxpa2UgJnF1b3Q7b2YmcXVvdDsg aW4gdGhlIGZvbGxvd2luZyBzZW50ZW5jZS48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mcXVvdDtUaGUg YWRvcHRpb24gb2YgYW4gU0ROIGZyYW1ld29yayBmb3IgbWFuYWdlbWVudCBhbmQ8L3NwYW4+PG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu IGxhbmc9IklUIj4mbmJzcDsgJm5ic3A7Y29udHJvbCB0aGUgbWljcm93YXZlIGludGVyZmFjZSBp cyBvbmUgb2YgdGhlIGtleSBhcHBsaWNhdGlvbnMgZm9yPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCI+Jm5i c3A7ICZuYnNwO3RoaXMgd29yay4mcXVvdDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIj4mbmJzcDs8L3Nw YW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PjxzcGFuIGxhbmc9IklUIj5UaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2F5IHRoYXQgdGhl eSBhc3N1bWUgYSBzZWN1cmUgdHJhbnNwb3J0IGxheWVyIChhdXRoZW50aWNhdGVkLCBwcm9iYWJs eSBlbmNyeXB0aW9uIGlzbid0IG5lY2Vzc2FyeSkgZm9yIGNvbW11bmljYXRpb24uJm5ic3A7IE90 aGVyIHRoYW4gdGhhdCwNCiBwZXJoYXBzLCB0aGVyZSBtaWdodCBiZSBzZWN1cml0eSBjb25zaWRl cmF0aW9ucyBmb3IgaW5hZHZlcnRlbnRseSBzZXR0aW5nIHBhcmFtZXRlcnMgaW5jb3JyZWN0bHks IG9yIG1hbGljaW91c2x5IGJ5IGEgdHJ1c3RlZCBhZG1pbmlzdHJhdG9yLiZuYnNwOyBCdXQgdGhp cyBkb2N1bWVudCBkb2VzIG5vdCBzcGVjaWZ5IHRoZSBzcGVjaWZpYyBwYXJhbWV0ZXJzIHRvIGJl IG1hbmFnZWQsIGp1c3QgYSBnZW5lcmFsIGZyYW1ld29yay48L3NwYW4+PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IklUIiBz dHlsZT0iY29sb3I6Izg4ODg4OCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJJVCIgc3R5bGU9ImNv bG9yOiM4ODg4ODgiPlJhZGlhPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiIHN0eWxlPSJjb2xv cjojODg4ODg4Ij4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iSVQiPiZu YnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2 Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwv ZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0K PC9odG1sPg0K --_000_9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0ADGGEMA501MBXchi_-- From nobody Mon May 21 21:07:31 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE44912E055; Mon, 21 May 2018 21:07:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.698 X-Spam-Level: X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X3CvRfSGfxSL; Mon, 21 May 2018 21:07:17 -0700 (PDT) Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93F2F12DA43; Mon, 21 May 2018 21:07:16 -0700 (PDT) Received: by mail-io0-x22d.google.com with SMTP id r9-v6so16878068iod.6; Mon, 21 May 2018 21:07:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/oeh4wX37prBMBB8q42nJ8OcxYmO9HtX767YPw0/5T0=; b=kTvyhKYwWxAQctfk16o/2bguOB3u+FMO8qm/iQ/AhfyQ6zJqxv482xkcTe6A8ASLDj GgkmvSI3DGowS7lvDqQuOEvMAKuj+3DuQf9nrXJV9HeHdvvvHEBn3xEF9oZLoo7c0R1y lG6u1eldFWjWD7c295WVc3wf687N0FfP4yC+syrBU8YXYu1+rLAN09tEchasUaV/+mpG Ft78HSSDTu1gzAXt+EqhLfRaa1OByiZvUGzmF+7XXsB5u3lg4ohW8s24Tileu1JyE9iH 9WGxa0REi/VU6qrHbfoWbnVp7MKymYI1zPTLu/z0TGQKVDPeMXdu6lgHU2NVnK+7rjZk B4dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/oeh4wX37prBMBB8q42nJ8OcxYmO9HtX767YPw0/5T0=; b=dQ103oxS8P9f6bjlVWILNheWrgKoZNt0Es9Q/K4us8p1olfwmk+gDHmE8hWUm34Jv6 oO70Kg3rLSfZmN18KvijeqhUNMylj24xYJVwNTA8jRL9CWV69ZbEOnQi99dDaogp166d qabfCSgXo/S5SpRH+ueiaBN2NNYqSk+UTR+yzSo+G7M428a2BDpJeM7cr0BJM0omG59w 11S3L10uEe22+6yidiqX2ErJHpCAysTVUVXnGMgbs2fYg09w8bo+xaWdXusN7fdy66sD KX7g/AbSIZbSp8+SNOmQRESot5qR4EX3fYg35h+Irs3Ex+ABsm18dGGHAh5KJQV/cKw2 0p4A== X-Gm-Message-State: ALKqPwduTmFUbRgkLQ0Zk2himyfy3hpGHpN+LDlicVL85RRVhRZJJlZD XhCFdCwsCBXvEpO8wlwBtZTfZ3fueVNGvBOf9Cc= X-Google-Smtp-Source: AB8JxZoSNPaNOGj8fdcW3eh/2jztSrOknSAFh8MPfHgWZrHluvnlyCUVZmIMcIzEfbu1K3C49BEgYl9aJhAEzQioazg= X-Received: by 2002:a6b:82a0:: with SMTP id m32-v6mr15531134ioi.56.1526962035927; Mon, 21 May 2018 21:07:15 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:2a02:0:0:0:0:0 with HTTP; Mon, 21 May 2018 21:07:15 -0700 (PDT) In-Reply-To: <9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0A@DGGEMA501-MBX.china.huawei.com> References: <9C5FD3EFA72E1740A3D41BADDE0B461FCF004E74@dggema521-mbs.china.huawei.com> <48E1A67CB9CA044EADFEAB87D814BFF64BA92606@eusaamb107.ericsson.se> <48E1A67CB9CA044EADFEAB87D814BFF64BA97AD2@eusaamb107.ericsson.se> <9C5FD3EFA72E1740A3D41BADDE0B461FCF00AA0A@DGGEMA501-MBX.china.huawei.com> From: Radia Perlman Date: Tue, 22 May 2018 00:07:15 -0400 Message-ID: To: "Yemin (Amy)" Cc: Eric Gray , "BRUNGARD, DEBORAH A" , The IESG , "ccamp@ietf.org" , "secdir@ietf.org" , "draft-ietf-ccamp-microwave-framework.all@tools.ietf.org" Content-Type: multipart/alternative; boundary="000000000000bcaf2b056cc38d24" Archived-At: Subject: Re: [secdir] [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2018 04:07:21 -0000 --000000000000bcaf2b056cc38d24 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Amy...I think your proposed text is excellent. Radia On Mon, May 21, 2018 at 10:51 PM, Yemin (Amy) wrote: > Hi Eric, Radia, and Deborah, > > > > Thanks for the discussion. Considering all the comments received, below i= s > the new proposed text for this paragraph: > > > > This framework addresses the definition of an open and standardized > interface for the > > radio link functionality in a microwave node. The application of such > an interface used > > for management and control of nodes and networks typically vary from > one operator > > to another, in terms of the systems used and how they interact. > Possible approaches > > include via the use of a network management system (NMS), via software > defined > > networking (SDN) and via some combination of NMS and SDN. As there are > still many > > networks where the NMS is implemented as one component/interface and > the SDN > > controller is scoped to control plane functionality as a separate > component/interface, > > this document does not preclude either model. The aim of this document > is to provide a > > framework describing both management and control of microwave > interfaces to support > > development of a common YANG Data Model. > > > > Please check if the text is ok. > > Thanks. > > > > BR, > > Amy > > *From:* Eric Gray [mailto:eric.gray@ericsson.com] > *Sent:* Tuesday, May 22, 2018 2:57 AM > *To:* Radia Perlman > *Cc:* Yemin (Amy) ; The IESG ; > ccamp@ietf.org; secdir@ietf.org; draft-ietf-ccamp-microwave- > framework.all@tools.ietf.org > *Subject:* RE: [CCAMP] Secdir review of draft-ietf-ccamp-microwave- > framework-05 > > > > So, one could read this as saying that some people view network managemen= t > (e.g. =E2=80=93 use of an NMS) and centralized network control (e.g. =E2= =80=93 SDN) as > being somehow at least marginally distinct, yet becoming increasingly les= s > so. Other people view them as completely disjoint, perhaps having a > preference, and would like them to continue being considered completely > separate and distinct concepts. > > > > While I think it is probably fair to say that this is very likely true, > this has all the ear marks of being a rat hole, and I cannot imagine what > value the proposed text adds to the draft. > > > > As I understand it, the intent was to clarify something to do with the > following text: > > > > > > This framework addresses the definition of an open and standardized > > interface for the radio link functionality in a microwave node. The > > application of such an interface used for management and control of > > nodes and networks typically vary from one operator to another, in > > terms of the systems used and how they interact. A traditional > > solution is network management system, while an emerging one is SDN. > > SDN solutions can be used as part of the network management system, > > allowing for direct network programmability and automated > > configurability by means of a centralized SDN control and > > standardized interfaces to program the nodes. > > > > Your comment was that the distinction is not clear. That is a fair > point. And it is probably not addressed by the proposal. > > > > I would further add that using emotionally freighted expressions > (=E2=80=9Cclassic=E2=80=9D/=E2=80=9Dlegacy=E2=80=9D/=E2=80=9Dtraditional= =E2=80=9D verses =E2=80=9Cinnovative=E2=80=9D/=E2=80=9Dnovel=E2=80=9D/=E2= =80=9Demerging=E2=80=9D) > doesn=E2=80=99t help and really isn=E2=80=99t appropriate in specificatio= n. > > > > I suspect that the reason for claiming a distinction exists (however > difficult it may be to characterize that distinction) is in the part of t= he > above text having to do with operator preferences. These definitely do > exist. =F0=9F=98=8A > > > > Perhaps a good way to address the issue is to replace the last two > sentences in the text above with something along the lines of: > > > > =E2=80=9CPossible approaches include via the use of a network managem= ent > system (NMS), via software defined networking (SDN) and via some > combination of NMS and SDN.=E2=80=9D > > > > Note that =E2=80=9Cautomated configurability=E2=80=9D is * not* a new con= cept in > configuration of network devices, unique to SDN, hence the last part of t= he > final sentence (starting with =E2=80=9Callowing for =E2=80=A6=E2=80=9D) a= dds no value and should be > left out. > > > > -- > > Eric > > > > *From:* Radia Perlman [mailto:radiaperlman@gmail.com > ] > *Sent:* Saturday, May 19, 2018 11:35 PM > *To:* Eric Gray > *Cc:* Yemin (Amy) ; The IESG ; > ccamp@ietf.org; secdir@ietf.org; draft-ietf-ccamp-microwave- > framework.all@tools.ietf.org > *Subject:* Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave- > framework-05 > *Importance:* High > > > > Hi Eric, > > > > I feel bad for the authors of this document to be burdened with clarifyin= g > a distinction that has never been clear before (to lots of people, > including me), but their proposed text doesn't make it clearer. > > > > " =E2=80=9CIt's noted that there's idea that the NMS and SDN are evolving= towards > a component, and the distinction between them is quite vague. Another fac= t > is that there is still plenty of networks where NMS is still considered a= s > the implementation of the management plane, while SDN is considered as th= e > centralization of the control plane. They are still kept as separate > component" > > > > Do you (or anyone else) have a suggestion for text that acknowledges to > the reader that it's not the reader's fault for not understanding the > difference? > > > > It would be OK with me for them to leave out the extra entirely, since > I'm sure this isn't the first RFC whose verbiage claims SDN and NMS are t= wo > different concepts. But if I were trying to get up to speed about this ar= ea > by reading the documents, I'd be somewhat comforted by an acknowledgement > (such as the text they propose, but with the English fixed) that these ar= e > fuzzy distinctions, so I wouldn't think it was just me....that if I only > read more things, or thought harder, or had more background, the > distinction would be clear. > > > > Radia > > > > > > > > > > On Fri, May 18, 2018 at 1:27 PM, Eric Gray wrote= : > > Hi Radia. > > > > I agree that the English is awkward, but I would have interpreted > =E2=80=9Cevolving toward a component=E2=80=9D to mean something more alon= g the lines of > evolving toward the same (singular) thing. Or perhaps another way to loo= k > at it might be that, because YANG is becoming a more popular mechanism fo= r > both NMS and SDN, it is likely that one or both of these may become > components of a common management framework. > > > > I would interpret it this way precisely because =E2=80=93 as you say =E2= =80=93 the > distinction is not at all clear, though I would add that (to some of us) > the distinction has never been very clear. =F0=9F=98=8A > > > > For this reason, I would have some small difficulty in seeing how it woul= d > make much sense to say that they are evolving toward increasing similarit= y. > > > > -- > > Eric > > > > *From:* CCAMP [mailto:ccamp-bounces@ietf.org] *On Behalf Of *Radia Perlma= n > *Sent:* Friday, May 18, 2018 12:30 AM > *To:* Yemin (Amy) > *Cc:* The IESG ; ccamp@ietf.org; secdir@ietf.org; > draft-ietf-ccamp-microwave-framework.all@tools.ietf.org > *Subject:* Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave- > framework-05 > > > > Thank you! Though what you're suggesting is awkward English. > > > > Perhaps "We note that the distinction between NMS and SDN is not all that > clear, and the two are evolving to be more and more similar." could repla= ce > the first sentence. I'm really not sure what you meant by "evolving towa= rd > a component", so perhaps I'm not capturing what you are intending to say. > > > > > > Radia > > > > On Thu, May 17, 2018 at 7:03 PM, Yemin (Amy) wrote= : > > Hi Radia, > > > > We just updated the draft, https://datatracker.ietf.org/ > doc/draft-ietf-ccamp-microwave-framework/. > > Your comments are addressed in the latest version. > > > > BR, > > Amy > > *From:* Yemin (Amy) > *Sent:* Thursday, May 10, 2018 4:07 PM > *To:* 'Daniele Ceccarelli' ; Radia > Perlman ; draft-ietf-ccamp-microwave- > framework.all@tools.ietf.org; The IESG ; secdir@ietf.org > *Subject:* RE: Secdir review of draft-ietf-ccamp-microwave-framework-05 > > > > Hi Radia, > > > > Thanks for your review. > > > > Regarding the NMS and SDN, as Daniele suggested, we will add the followin= g > text in section 3: > > =E2=80=9CIt's noted that there's idea that the NMS and SDN are evolving t= owards a > component, and the distinction between them is quite vague. Another fact = is > that there is still plenty of networks where NMS is still considered as t= he > implementation of the management plane, while SDN is considered as the > centralization of the control plane. They are still kept as separate > component.=E2=80=9D > > > > Regarding the security considerations, yes, this draft doesn=E2=80=99t sp= ecify the > parameters. > > There=E2=80=99s another draft draft-ietf-ccamp-mw-yang, where the securit= y > consideration is addressed as you suggested. > > > > BR, > > Amy > > *From:* Daniele Ceccarelli [mailto:daniele.ceccarelli@ericsson.com > ] > *Sent:* Monday, May 07, 2018 5:46 PM > *To:* Radia Perlman ; draft-ietf-ccamp-microwave- > framework.all@tools.ietf.org; The IESG ; secdir@ietf.org > *Subject:* RE: Secdir review of draft-ietf-ccamp-microwave-framework-05 > > > > Hi Radia, > > > > let me reply on behalf of the authors. First of all many thanks for your > review. > > > > Regarding your question about traditional NMS vs SDN I agree with you on > the fact that they are evolving towards a common component and the > distinction is quite blurry, but there is still plenty of networks where > NMS is still considered as the implementation of the management plane whi= le > SDN the centralization of the control plane and they are still kept as > separate things. > > > > Hence, since the authors speak about =E2=80=9Ctraditional=E2=80=9D NMS an= d SDN I would > tend to allow for the distinction to be kept. If you prefer a note speaki= ng > about the convergence of the two things can be added. > > > > Thanks a lot > > Daniele (ccamp co-chair) > > > > *From:* Radia Perlman [mailto:radiaperlman@gmail.com > ] > *Sent:* luned=C3=AC 7 maggio 2018 08:55 > *To:* draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG < > iesg@ietf.org>; secdir@ietf.org > *Subject:* Secdir review of draft-ietf-ccamp-microwave-framework-05 > > > > Sorry...resending because I mistyped the author address. > > > > > > ---------- Forwarded message ---------- > From: *Radia Perlman* > Date: Sun, May 6, 2018 at 11:48 PM > Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05 > To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org, The IESG = < > iesg@ietf.org>, secdir@ietf.org > > Summary: No security issues found, but I do have questions, and there ar= e > editing glitches > > > > I have reviewed this document as part of the security directorate's ongoi= ng > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments ju= st > like any other last call comments. > > > > This document describes the management interface for microwave radio link= s. > > It advocates (correctly, I believe) that such an interface should be > extensible to provide for vendor-specific features. > > > > I don't understand the difference between a "a traditional network > management system" and SDN. Perhaps it is not the job of this document t= o > clearly make the distinction, and I suspect there is no real > distinction...setting parameters (traditional network management) is a wa= y > of "programming" an interface ("SDN"). > > > > This document could use an editing pass for glitches, but these glitches > do not impact its readability. > > > > The glitches consist mostly of leaving out little words like "of" in the > following sentence. > > "The adoption of an SDN framework for management and > > control the microwave interface is one of the key applications for > > this work." > > > > The security considerations say that they assume a secure transport layer > (authenticated, probably encryption isn't necessary) for communication. > Other than that, perhaps, there might be security considerations for > inadvertently setting parameters incorrectly, or maliciously by a trusted > administrator. But this document does not specify the specific parameter= s > to be managed, just a general framework. > > > > Radia > > > > > > > > > --000000000000bcaf2b056cc38d24 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Amy...I think your proposed text is excellent.

Radia

On Mon, May 21, 2018 at 10:51 PM, Yemin (Amy) <= ;amy.yemin@huawei= .com> wrote:

Hi Eric, Radia, and De= borah,

=C2=A0

Thanks for the discuss= ion. Considering all the comments received, below is the new proposed text = for this paragraph:

=C2=A0

=C2=A0=C2=A0 This framework addres= ses the definition of an open and standardized interface for the

=C2=A0=C2=A0=C2=A0radio link funct= ionality in a microwave node.=C2=A0 The application of such an interface us= ed

=C2=A0=C2=A0=C2=A0for management a= nd control of nodes and networks typically vary from one operator

=C2=A0=C2=A0=C2=A0to anothe= r, in terms of the systems used and how they interact. Possible approaches

=C2=A0=C2=A0=C2=A0include via the = use of a network management system (NMS), via software defined

=C2=A0=C2=A0=C2=A0networkin= g (SDN) and via some combination of NMS and SDN. As there are still many=

=C2=A0=C2=A0 networks where the NM= S is implemented as one component/interface and the SDN

=C2=A0=C2=A0=C2=A0controller is sc= oped to control plane functionality as a separate component/interface,

=C2=A0=C2=A0=C2=A0this document do= es not preclude either model. The aim of this document is to provide a

=C2=A0=C2=A0=C2=A0framework descri= bing both management and control of microwave interfaces to support<= u>

=C2=A0=C2=A0 development of a comm= on YANG Data Model.

=C2=A0

Please check if= the text is ok.

Thanks. =

=C2=A0

BR,

Amy

From: Eric Gray [mailto:eric.gray@ericsson.com] Sent: Tuesday, May 22, 2018 2:57 AM
To: Radia Perlman <radiaperlman@gmail.com>
Cc: Yemin (Amy) <amy.yemin@huawei.com>; The IESG <iesg@ietf.org>; ccamp@ietf.org; secdir@ietf.org; draft-i= etf-ccamp-microwave-framework.all@tools.ietf.org
Subject: RE: [CCAMP] Secdir review of draft-ietf-ccamp-microw= ave-framework-05

=C2=A0

So, one could read this as saying that some people v= iew network management (e.g. =E2=80=93 use of an NMS) and centralized netwo= rk control (e.g. =E2=80=93 SDN) as being somehow at least marginally distin= ct, yet becoming increasingly less so.=C2=A0 Other people view them as completely disjoint, perhaps having a preference, and would l= ike them to continue being considered completely separate and distinct conc= epts.

=C2=A0

While I think it is probably fair to say that this i= s very likely true, this has all the ear marks of being a rat hole, and I c= annot imagine what value the proposed text adds to the draft.=

=C2=A0

As I understand it, the intent was to clarify someth= ing to do with the following text:

=C2=A0

=C2=A0<= /p>

=C2=A0=C2=A0 This framework = addresses the definition of an open and standardized

=C2=A0=C2=A0 interface for t= he radio link functionality in a microwave node.=C2=A0 The

=C2=A0=C2=A0 application of = such an interface used for management and control of

=C2=A0=C2=A0 nodes and netwo= rks typically vary from one operator to another, in

=C2=A0=C2=A0 terms of the sy= stems used and how they interact.=C2=A0 A traditional<= /p>

=C2=A0=C2=A0 solution is net= work management system, while an emerging one is SDN.<= /p>

=C2=A0=C2=A0 SDN solutions c= an be used as part of the network management system,

=C2=A0=C2=A0 allowing for di= rect network programmability and automated

=C2=A0=C2=A0 configurability= by means of a centralized SDN control and

=C2=A0=C2=A0 standardized in= terfaces to program the nodes.

=C2=A0

Your comment was that the distinct= ion is not clear.=C2=A0 That is a fair point.=C2=A0 And it is probably not = addressed by the proposal.

=C2=A0

I would further add that using emo= tionally freighted expressions (=E2=80=9Cclassic=E2=80=9D/=E2=80=9Dlegacy= =E2=80=9D/=E2=80=9Dtraditional=E2=80=9D verses =E2=80=9Cinnovative=E2= =80=9D/=E2=80=9Dnovel=E2=80=9D/=E2=80=9Demerging=E2=80=9D) doesn=E2=80= =99t help and really isn=E2=80=99t appropriate in specification.<= /u>

=C2=A0

I suspect that the reason for clai= ming a distinction exists (however difficult it may be to characterize that= distinction) is in the part of the above text having to do with operator p= references.=C2=A0 These definitely do exist.=C2=A0 =F0=9F=98=8A

=C2=A0

Perhaps a good way to address the = issue is to replace the last two sentences in the text above with something= along the lines of:

=C2=A0

=C2=A0=C2=A0=C2=A0 =E2=80=9CPossible approaches includ= e via the use of a network management system (NMS), via software defined ne= tworking (SDN) and via some combination of NMS and SDN.=E2=80=9D<= /u>

=C2=A0

Note that =E2=80=9Cautomated confi= gurability=E2=80=9D is not a new concept in configuration of network devices, un= ique to SDN, hence the last part of the final sentence (starting with =E2= =80=9Callowing for =E2=80=A6=E2=80=9D) adds no value and should be left out= .

=C2=A0

--

Eric

=C2=A0

From: Radia Perlman [mailto:radiaperlman@gmail.com]
Sent: Saturday, May 19, 2018 11:35 PM
To: Eric Gray <eric.gray@ericsson.com>
Cc: Yemin (Amy) <amy.yemin@huawei.com>; The IESG <iesg@ietf.org>; ccamp@ietf.org; secdir@ietf.org; draft-ietf-ccamp-microwave-framework.all@tools.ietf.org
Subject: Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05
Importance: High

=C2=A0

Hi Eric,

=C2=A0

I feel bad for the authors of this document to be bu= rdened with clarifying a distinction that has never been clear before (to l= ots of people, including me),=C2=A0 but their proposed text doesn't mak= e it clearer.

=C2=A0

" =E2=80=9CIt's noted that there's idea that the NMS and SDN are evol= ving towards a component, and the distinction between them is quite vague. = Another fact is that there is still plenty of networks where NMS is still c= onsidered as the implementation of the management plane, while SDN is considered as the centralization of the control plane.= They are still kept as separate component"

=C2=A0

=C2=A0Do you (or anyone= else) have a suggestion for text that acknowledges to the reader that it&#= 39;s not the reader's fault for not understanding the difference?

=C2=A0

It wou= ld be OK with me for them to leave out=C2=A0 the extra entirely, since I= 9;m sure this isn't the first RFC whose verbiage claims SDN and NMS are= two different concepts. But if I were trying to get up to speed about this area by reading the documents, I'd be somew= hat comforted by an acknowledgement (such as the text they propose, but wit= h the English fixed) that these are fuzzy distinctions, so I wouldn't t= hink it was just me....that if I only read more things, or thought harder, or had more background, the distinction wo= uld be clear.=C2=A0

=C2=A0

Radia<= /span>

=C2=A0

=C2=A0

=C2=A0

=C2=A0

On Fri, May 18, 2018 at 1:27 PM, Eric Gray <eric.gray@ericsson.c= om> wrote:

Hi Radia.

=C2=A0

I agree that the English is awkward, but I would hav= e interpreted =E2=80=9Cevolving toward a component=E2=80=9D to mean somethi= ng more along the lines of evolving toward the same (singular) thing.=C2=A0 Or perhaps another way to look at it might be that, because YANG is becomi= ng a more popular mechanism for both NMS and SDN, it is likely that one or = both of these may become components of a common management framework.

=C2=A0

I would interpret it this way precisely because =E2= =80=93 as you say =E2=80=93 the distinction is not at all clear, though I w= ould add that (to some of us) the distinction has never been very clear.=C2= =A0 =F0=9F=98=8A<= /span>

=C2=A0

For this reason, I would have some small difficulty = in seeing how it would make much sense to say that they are evolving toward= increasing similarity.

=C2=A0

--

Eric

=C2=A0

From: CCAMP [mailto:ccamp-bounces@ietf.org] On Behalf Of Radia Perlman
Sent: Friday, May 18, 2018 12:30 AM
To: Yemin (Amy) <amy.yemin@huawei.com>
Cc: The IESG <= iesg@ietf.org>; ccamp@ietf.org; secdir@ietf.org; draft-ietf-ccamp-microwave-framework.all@tools.ietf.org
Subject: Re: [CCAMP] Secdir review of draft-ietf-ccamp-microwave-framework-05

=C2=A0

Thank you!=C2=A0 Though what you're suggesting i= s awkward English.

=C2=A0

Perhaps "We note that the distinction between N= MS and SDN is not all that clear, and the two are evolving to be more and m= ore similar." could replace the first sentence.=C2=A0 I'm really not sure what you meant by "evolving toward a component", so per= haps I'm not capturing what you are intending to say.

=C2=A0

=C2=A0

Radia

=C2=A0

On Thu, May 17, 2018 at 7:03 PM, Yemin (Amy) <amy.yemin@huawei.com= > wrote:

Hi Radia,

=C2=A0

We just updated the dr= aft, https://datatracker.ietf.org/doc/draft-ietf-ccamp-microwave-frame= work/.

Your comments are addr= essed in the latest version.

=C2=A0

BR,

Amy

From: Yemin (Amy)
Sent: Thursday, May 10, 2018 4:07 PM
To: 'Daniele Ceccarelli' <daniele.ceccarelli@ericsson.com<= /a>>; Radia Perlman <radiaperlman@gmail.com>; draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG = <iesg@ietf.org>= ;; secdir@ietf.org Subject: RE: Secdir review of draft-ietf-ccamp-microwave-framew= ork-05

=C2=A0

Hi Radia,

=C2=A0

Thanks for your review= .

=C2=A0

Regarding the NMS and = SDN, as Daniele suggested, we will add the following text in section 3:

=E2=80=9CIt's note= d that there's idea that the NMS and SDN are evolving towards a compone= nt, and the distinction between them is quite vague. Another fact is that there is still plenty of networks where NMS is still considered as th= e implementation of the management plane, while SDN is considered as the ce= ntralization of the control plane. They are still kept as separate componen= t.=E2=80=9D

=C2=A0

Regarding the security= considerations, yes, this draft doesn=E2=80=99t specify the parameters.

There=E2=80=99s anothe= r draft draft-ietf-ccamp-mw-yang, where the security consideration is addre= ssed as you suggested.

=C2=A0

BR,

Amy

From: Daniele Ceccarelli [mailto:daniele.ceccarelli= @ericsson.com]
Sent: Monday, May 07, 2018 5:46 PM
To: Radia Perlman <radiaperlman@gmail.com>; draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG = <iesg@ietf.org>= ;; secdir@ietf.org Subject: RE: Secdir review of draft-ietf-ccamp-microwave-framew= ork-05

=C2=A0

Hi Radia,

=C2=A0

let me reply on behalf of the authors. First of all = many thanks for your review.

=C2=A0

Regarding your question about traditional NMS vs SDN= I agree with you on the fact that they are evolving towards a common compo= nent and the distinction is quite blurry, but there is still plenty of networks where NMS is still considered as the implement= ation of the management plane while SDN the centralization of the control p= lane and they are still kept as separate things.

=C2=A0

Hence, since the authors speak about =E2=80=9Ctradit= ional=E2=80=9D NMS and SDN I would tend to allow for the distinction to be = kept. If you prefer a note speaking about the convergence of the two things can be added.

=C2=A0

Thanks a lot

Daniele=C2=A0 (ccamp co-chair)

=C2=A0

From: Radia Perlman [mailto:radiaperlman@gmail.com]
Sent: luned=C3=AC 7 maggio 2018 08:55
To: draft-ietf-ccamp-microwave-framework.all@tools.ietf.org; The IESG = <iesg@ietf.org>= ;; secdir@ietf.org Subject: Secdir review of draft-ietf-ccamp-microwave-framework-= 05

=C2=A0

Sorry...resending because I mistyp= ed the author address.

=C2=A0

=C2=A0

---= ------- Forwarded message ----------
From: Radia Perlman <radiaperlman@gmail.com>
Date: Sun, May 6, 2018 at 11:48 PM
Subject: Secdir review of draft-ietf-ccamp-microwave-framework-05
To: draft-ietf-ccamp-microwave-framework-05.all@tools.ietf.org, T= he IESG <iesg@ietf.or= g>, secdir@ietf.org

Summary:=C2=A0 No security i= ssues found, but I do have questions, and there are editing glitches=

=C2=A0

I have reviewed this documen= t as part of the security directorate's ongoing
effort to=C2=A0review=C2=A0all IETF documents being proc= essed by the IESG.=C2=A0 These
comments were written primarily for the benefit of the security area
directors.=C2=A0 Document editors and WG chairs should treat these comments= just
like any other last call comments.
=C2=A0=

=C2=A0

This document describes the manage= ment interface for microwave radio links.

It advocates (correctly, I believe= ) that such an interface should be extensible to provide for vendor-specifi= c features.

=C2=A0

I don't understand the differe= nce between a "a traditional network management system" and SDN.= =C2=A0 Perhaps it is not the job of this document to clearly make the disti= nction, and I suspect there is no real distinction...setting parameters (tradition= al network management) is a way of "programming" an interface (&q= uot;SDN").=C2=A0

=C2=A0

This document could use an editing= pass for glitches, but these glitches do not impact its readability.

=C2=A0

The glitches consist=C2=A0 mostly = of leaving out little words like "of" in the following sentence.<= /span>

"The adoption of an SDN frame= work for management and

=C2=A0 =C2=A0control the microwave= interface is one of the key applications for

=C2=A0 =C2=A0this work."

=C2=A0

The security considerations say th= at they assume a secure transport layer (authenticated, probably encryption= isn't necessary) for communication.=C2=A0 Other than that, perhaps, there might be security considerations for inadvertently setting = parameters incorrectly, or maliciously by a trusted administrator.=C2=A0 Bu= t this document does not specify the specific parameters to be managed, jus= t a general framework.

=C2=A0

Radia

=C2=A0

=C2=A0

=C2=A0

=C2=A0


--000000000000bcaf2b056cc38d24-- From nobody Thu May 24 08:45:20 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C5FD312EAB7; Thu, 24 May 2018 08:45:11 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Takeshi Takahashi To: Cc: draft-ietf-spring-segment-routing-ldp-interop.all@ietf.org, spring@ietf.org, iesg@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.80.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152717671174.29916.15871063863957499908@ietfa.amsl.com> Date: Thu, 24 May 2018 08:45:11 -0700 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-spring-segment-routing-ldp-interop-11 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2018 15:45:12 -0000 Reviewer: Takeshi Takahashi Review result: Ready I have only minor comments. The section said that security issues in this document are mostly inherited from the underlying techniques/specs. Some pointers to RFC documents describing the security issues of MPLS dataplane, routing protocols, and so on (if any) could help readers. Having these pointers in this section will not harm readers. Some typo: In Section 1: "co- exist" (unnecessary space)-> "co-exist" In Section 2.1: "switches it our" -> "switches it out" Spelling out is appreciated: LDP and FEC Clarification question: Regarding the paragraph "P6 does not have an LDP binding from its next-hop P5 for the FEC "PE1". However P6 has an SR node segment to the IGP route "PE1". Hence, P6 forwards the packet to P5 and swaps its local LDP-label for FEC "PE1" by the equivalent node segment (i.e. 101)."(in Section 4.1), I have got the impression that the behavior of P6 is not defined by any other specs (incl, LDP) and is a behavior this document newly defines, correct? If it is correct, must P6 support this behavior? or is it just optional? I am not familiar with these routing protocols, thus clarification is appreciated. From nobody Fri May 25 02:32:53 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E8ED2124B0A for ; Fri, 25 May 2018 02:32:51 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.80.1 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secretary@mit.edu Message-ID: <152724077194.12695.5647116226470357624.idtracker@ietfa.amsl.com> Date: Fri, 25 May 2018 02:32:51 -0700 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 May 2018 09:32:52 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2018-06-07 Reviewer LC end Draft Vincent Roca 2018-05-21 draft-hakala-urn-nbn-rfc3188bis-00 Melinda Shore 2018-05-30 draft-ietf-teas-yang-te-topo-15 Carl Wallace 2018-05-21 draft-ietf-httpbis-h2-websockets-05 David Waltermire 2018-05-21 draft-ietf-extra-imap-unauth-00 For telechat 2018-06-21 Reviewer LC end Draft Sandra Murphy 2018-04-24 draft-ietf-mmusic-sdp-simulcast-12 Last calls: Reviewer LC end Draft John Bradley 2018-04-18 draft-ietf-acme-acme-12 Daniel Gillmor 2018-03-19 draft-gutmann-scep-10 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Tina Tsou 2018-05-21 draft-ietf-v6ops-conditional-ras-04 Sean Turner 2018-05-21 draft-ietf-sfc-hierarchical-08 Samuel Weiler 2018-05-21 draft-ietf-bfd-multipoint-16 Brian Weis 2018-06-04 draft-ietf-tsvwg-rfc4960-errata-06 Early review requests: Reviewer Due Draft Daniel Franke 2018-01-31 draft-ietf-intarea-provisioning-domains-00 Ă“lafur GuĂ°mundsson 2018-01-09 draft-ietf-opsawg-nat-yang-09 Dan Harkins 2018-05-31 draft-ietf-dtn-bpsec-06 Next in the reviewer rotation: Klaas Wierenga Christopher Wood Paul Wouters Liang Xia Taylor Yu Dacheng Zhang Derek Atkins John Bradley Shaun Cooley Roman Danyliw From nobody Fri May 25 07:24:07 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7472012D960; Fri, 25 May 2018 07:23:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CKxXpKcgI72R; Fri, 25 May 2018 07:23:57 -0700 (PDT) Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15FDA126CB6; Fri, 25 May 2018 07:23:55 -0700 (PDT) X-IronPort-AV: E=Sophos;i="5.49,440,1520895600"; d="scan'208,217";a="266467312" Received: from dom38-1-82-236-155-50.fbx.proxad.net (HELO [192.168.1.100]) ([82.236.155.50]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 May 2018 16:23:53 +0200 From: Vincent Roca Content-Type: multipart/alternative; boundary="Apple-Mail=_F15D2211-D8D5-4749-BA4E-93B5F8547E07" Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) Message-Id: <623421A0-B3BE-43CA-87AD-9B0AA6EF14F4@inria.fr> Date: Fri, 25 May 2018 16:23:52 +0200 To: The IESG , secdir@ietf.org, draft-hakala-urn-nbn-rfc3188bis.all@ietf.org X-Mailer: Apple Mail (2.3445.6.18) Archived-At: Subject: [secdir] Secdir review of draft-hakala-urn-nbn-rfc3188bis-00 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 May 2018 14:24:00 -0000 --Apple-Mail=_F15D2211-D8D5-4749-BA4E-93B5F8547E07 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hello, I have reviewed this document as part of the security directorate=E2=80=99= s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments = just like any other last call comments. Summary: Ready with nits This document specifies the use of National Bibliography Numbers (NBN)s = as a particular URN namespace. The authors explain that "no specific security threats have been = identified for NBN-based URNs". The authors also explain that, since this document specifies high level = concepts, several security aspects are out of scope. I tend to agree with the authors, although I don't know the domain. Otherwise a few general comments: ABNF compliance: * Section 5: please check the ABNF compliance, for instance using Bill's = ABNF Parser, https://tools.ietf.org/tools/bap/abnf.cgi I guess you mean: nbn_string =3D rather than: nbn_string =3D <specific per prefix> The checker also complains with rule names (Illegal character '_'). Typos: * Introduction: remove "to" in "must to have a namespace of its own" (or = do you mean "too"?). * Introduction: rather than "ISSN (International Serial Standard = Number)", it seems (wikipedia) that the acronym stands for = "International Standard Serial Number". Regards, Vincent= --Apple-Mail=_F15D2211-D8D5-4749-BA4E-93B5F8547E07 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hello,

I have reviewed this document as part of the = security directorate=E2=80=99s ongoing
effort to review = all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the = security area
directors.  Document editors and WG = chairs should treat these comments just
like any other = last call comments.

Summary: Ready with nits


This document specifies the use of National Bibliography = Numbers (NBN)s as a particular URN namespace.
The = authors explain that "no specific security threats have been identified = for NBN-based URNs".
The authors also explain that, = since this document specifies high level concepts, several security = aspects are out of scope.
I tend to agree with the = authors, although I don't know the domain.


Otherwise a few general comments:

ABNF compliance:
* Section 5: please check the ABNF = compliance, for instance using Bill's ABNF Parser, https://tools.ietf.org/tools/bap/abnf.cgi
I guess you mean:
      =   nbn_string  =3D <specific per prefix>
rather than:
        = nbn_string  =3D &lt;specific per prefix&gt;
The checker also complains with rule names (Illegal character = '_').


Typos:

* Introduction: remove "to" in "must to = have a namespace of its own" (or do you mean "too"?).

* Introduction: rather = than "ISSN (International Serial Standard Number)", it seems (wikipedia) = that the acronym stands for "International Standard Serial = Number".


Regards,

  =  Vincent
= --Apple-Mail=_F15D2211-D8D5-4749-BA4E-93B5F8547E07-- From nobody Tue May 29 07:19:13 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6231512E050; Tue, 29 May 2018 07:19:11 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Sean Turner To: Cc: draft-ietf-sfc-hierarchical.all@ietf.org, ietf@ietf.org, sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.81.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152760355124.12572.4328281075629737814@ietfa.amsl.com> Date: Tue, 29 May 2018 07:19:11 -0700 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-sfc-hierarchical-08 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2018 14:19:12 -0000 Reviewer: Sean Turner Review result: Ready Hi! I’m no expert on SFC so I spent some time reviewing RFC7665 and Simon Josefsson’s secdir review [0] as well as RFC 8300 and 8393. It looks like all the things I was going to pick on are addressed by the references. I’ll let somebody else on the IESG debate whether Figure 4 is trying to be a little different than the rest of this architectural document by specify some protocols bits; informational still? [0] https://datatracker.ietf.org/doc/review-ietf-sfc-architecture-08-secdir-lc-josefsson-2015-05-28/ From nobody Tue May 29 09:09:43 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F09412EAF8 for ; Tue, 29 May 2018 09:09:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mozilla.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbAa_ungmHwg for ; Tue, 29 May 2018 09:09:28 -0700 (PDT) Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFB3612EB21 for ; Tue, 29 May 2018 09:09:28 -0700 (PDT) Received: by mail-it0-x22d.google.com with SMTP id 76-v6so3884122itx.4 for ; Tue, 29 May 2018 09:09:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=5TZfb7B+ZOgUhCv5ukJZrvWgXvbsFDYkq1kWyGTKrk8=; b=FDz/YthaRTXjCdf5w65cMXh+uOVRT/RN4G7tQySqIoKCZwGuNHuEC6z48yVUHyBYu6 m9JvN3NXFbOrJDSdjDD2LoTNnfoxC+lvazAunT8dY7Mm7w6yxhm/HNWswjf4Vf6hoGRq HcYR5eXlEJYoOT/40WXWnyZM3LghZFGxOJsW8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=5TZfb7B+ZOgUhCv5ukJZrvWgXvbsFDYkq1kWyGTKrk8=; b=UOrh/BmD3yvB6oRrXm/jqqp8hRO1wvCF7m86n0rtQ5lMgh9O4SDWD7KgbSZBTopPrg 9eXZ2zxopK6Y0v3wCX+WOSSE4ohM0oP9/gOXjOtEGM0MqjCXldcWt2qEFo5c1nV6Zyw3 g3Qio4DAAYxlD4oUTawoztAphVhjtPa4xEHSeiWKvRB/WLDR0dvMXyckKsFGsiPw03/p 7tK1eP2VESaGEIH2alxHLsUOnUL4GReZfXadpLjLVp3wYIFxIIHd0sE6X1it6csvlgCA yvL7jtzqCd/Azd/j5GskLHBqj5FZo22m8im/hGvHJD4beWAFquqy24PCN7fttRnA0YMa vaCw== X-Gm-Message-State: ALKqPwehODg0rrO9q6rT9zULts+py6DKfwRCEzllF5qLwpvnonzPJN4T NfAV64IjLpDAtAy+MQID3a3LtA== X-Google-Smtp-Source: ADUXVKKUpMFyI8YwOBKfyhwGOdvqm57lP+Oi4n7CF+JqWVa2mOfaNuSbf7+tdIdKpOQo5LTWSzhF3g== X-Received: by 2002:a24:5947:: with SMTP id p68-v6mr15074442itb.37.1527610168102; Tue, 29 May 2018 09:09:28 -0700 (PDT) Received: from dragon.local ([76.25.3.152]) by smtp.gmail.com with ESMTPSA id y14-v6sm16415249ioc.52.2018.05.29.09.09.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 29 May 2018 09:09:27 -0700 (PDT) To: Vincent Roca , The IESG , secdir@ietf.org, draft-hakala-urn-nbn-rfc3188bis.all@ietf.org References: <623421A0-B3BE-43CA-87AD-9B0AA6EF14F4@inria.fr> From: Peter Saint-Andre Openpgp: preference=signencrypt Autocrypt: addr=stpeter@mozilla.com; prefer-encrypt=mutual; keydata= xsFNBFonEf4BEADvZ+RGsJoOyZaw2rKedB9pBb2nNXVGgymNS9+FAL/9SsfcrKaGYSiWEz7P Lvc97hWH3LACFAHvnzoktv+4IWHjItvhdi9kUQ3Gcbahe55OcdZuSXXH3w5cHF0rKz9aYRpN jENqXM5dA8x4zIymJraqYvHlFsuuPB8rcRIV9SKsvcy14w9iRqu770NjXfE/aIsyRwwmTPiU FQ0fOSDPA/x2DLjed/GYHem90C5vF4Er9InMqH5KAMLnjIYZ9DbPx5c5EME4zW/d648HOvPB bm+roZs4JTHBhjlrTtzDDpMcxHq1e8YPvSdDLPvgFXDcTD4+ztkdO5rvDkbc61QFcLlidU8H 3KBiOVMA/5Rgl4lcWZzGfJBnwvSrKVPsxzpuCYDg01Y/7TH4AuVkv5Na6jKymJegjxEuJUNw CBzAhxOb0H9dXROkvxnRdYS9f0slcNDBrq/9h9dIBOqLhoIvhu+Bhz6L/NP5VunQWsEleGaO 3gxGh9PP/LMyjweDjPz74+7pbyOW0b5VnIDFcvCTJKP0sBJjRU/uqmQ25ckozuYrml0kqVGp EfxhSKVqCFoAS4Q7ux99yT4re2X1kmlHh3xntzmOaRpcZsS8mJEnVyhJZBMOhqE280m80ZbS CYghd2K0EIuRbexd+lfdjZ+t8ROMMdW5L51CJVigF0anyYTcAwARAQABzSdQZXRlciBTYWlu dC1BbmRyZSA8c3RwZXRlckBtb3ppbGxhLmNvbT7CwZQEEwEIAD4WIQQ1VSPTuPTvyWCdvvRl YYwYf2gUqQUCWicR/gIbIwUJCWYBgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBlYYwY f2gUqdaREAChG8qU1853mP0sv2Mersns8TLG1ztgoKHvMXFlMUpNz6Oi6CjjaMNFhP7eUY4T D43+yQs7f4qCkOAPWuuqO8FbNWQ+yUoVkqF8NUrrVkZUlZ1VZBMQHNlaEwwu1CGoHsLoRohP SiZ0hpmGTWB3V6cDDK4KN6nl610WJbzE9LeKY1AxtePdJi2KM281U0Fz8ntij1jWu0gF2xU4 Sez46JDogHLWKgd0srauhcCVzZjAhiWrXp1+ryzSWYaZO8Kh8SnF1f4o6jtYikMqkxUaI5nX wvD3kNX4AMSkCAZfG7Jcfj/SLDojTcREgO87g7B9bcOOsHN4lj3lHoFV0aXpgPmjfIvAjJHu fHkXZAQAH8w0u9bgJqRn703+A4NPfLopnjegyhlNi7fQ3cMQV1H7Oj7WrB/pCcprx+1u/6Uq oTtDwWh1U5uVthVAI0QojpNWR08zABDX19TlGtVoeygaQV3CAEolxTiYQtCfVavUzUplCZ/t 3v4YiRov+NylflJd+1akyOs1IAgARf444BnoH1fotkpfXNOpp9wUXXwsQcFRdP7vpMkSCkc0 sxPNTVX3ei0QImp4NsrFdaep7LV3zEb3wkAp6KE5Qno4hVVEypULbvB0G6twNZbeRfcs2Rjp jnPb2fofvg2WhAKB20dnRfIfK8OKTD/P+JDcauJANjmekM7BTQRaJxH+ARAApPwkbOTChAQu jMvteb/xcwuL5JZElmLxIqvJhqybV7JknM+3ATyN0CTYQFvPTgIrhpk4zSn0A6pEePdK8mKK 5/aHyd7pr7rLEi1sI/X3UE8ld/E83MExksKrYbs0UX1wSQwYXU6g64KicnuP2Abqg+8wrQ18 1nPcZci9jJI75XVPnTdUpZD5aaQWGp7IJ06NTbiOk30I50ORfulgKoe4m3UfsMALFxIx3pJk oy76xC2tjxYGf+4Uq1M0iK3Wy655GrcwXq/5ieODNUcAZzvK5hsUVRodBq0Lq3g1ivQF4ba7 RQayDzlW6XgoeU49xnCr9XdZYnTnj4iaPmr2NtY6AacBwRz+bJsyugeSyGgHsnVGyUSMk8YN wZHvUykMjH21LLzIUX5NFlcumLUXDOECELCJwewui4W81sI5Sq/WDJet+iJwwylUX22TSulG VwDS+j66TLZpk1hEwPanGLwFBSosafqSNBMDVWegKWvZZVyoNHIaaQbrTIoAwuAGvdVncSQz ttC6KkaFlAtlZt3+eUFWlMUOQ9jxQKTWymyliWKrx+S6O1cr4hwVRbg7RQkpfA8E2Loa13oO vRSQy/M2YBRZzRecTKY6nslJo6FWTftpGO7cNcvbmQ6I++5cBG1B1eNy2RFGJUzGh1vlYo51 pdfSg0U1oPHBPCHNvPYCJ7UAEQEAAcLBfAQYAQgAJhYhBDVVI9O49O/JYJ2+9GVhjBh/aBSp BQJaJxH+AhsMBQkJZgGAAAoJEGVhjBh/aBSpAw0P/1tEcEaZUO1uLenNtqysi3mQ6qAHYALR Df3p2z/RBKRVx0DJlzDfDvJ2R/GRwoo+vyCviecuG2RNKmJbf1vSm/QTtbQMUjwut9mx6KCY CyKwniqdhaMBmjCfV2DB2MxxZLYMtDfx/2mY7vzAci7AkjC+RkSUByMEOkyscUydKC/ETdf9 tvI8GhTY/8Q7JSylS3lQA5pMUHiIf+KpSmqKZeBPkGc7nSKM1w1UKUvFAsyyVsiG6A/hWrTr 7tTQAl7YfjtOGE8n4IKGktvrT99bbh9wdWKZ5FdHUN9hx2Q8VP8+0lR1CH2laVFbEwCOv1vM W4cgQDLxwwpo1iOTdHBVtQDxlQ9hPMKVlB1KP9KjchxuiLc24wLmCjP3pDMml4LQxOYB34Eq cgPZ3uHvJZG309sb2wTMTWaXobWNI++ZrsRD5GTmuzF3kkx3krtrq6HI5NSaemxK6MTDTjDN Rj/OwTl0yU35eJXuuryB20GFOSUsxiw00I2hMGQ1Cy9L/+IW6Dvotd8O3LmKh2tFArzXaKLx /rZyGNurS/Go5YjHp8wdJOs7Ka2p1U31js24PMWO6hf6hIiY2WRUsnE6xZNhvBTgKOY6u0KT V6hTevFqEw7OAZDCWUoE2Ob2/oHGZCCMW5SLAMgp7eihF0kGf2S2CmpIFYXGb61hAD8SqSY7 Fn7V X-Enigmail-Draft-Status: N11100 Message-ID: <19fae0b2-55b8-17cd-bb40-33581a936f08@mozilla.com> Date: Tue, 29 May 2018 10:09:26 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <623421A0-B3BE-43CA-87AD-9B0AA6EF14F4@inria.fr> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [secdir] Secdir review of draft-hakala-urn-nbn-rfc3188bis-00 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2018 16:09:41 -0000 Hi Vincent, thanks for your review. I'm the document shepherd and the author is on holiday right now, so I'll reply on a few points. On 5/25/18 8:23 AM, Vincent Roca wrote: > Hello, > > I have reviewed this document as part of the security directorate’s ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area > directors.  Document editors and WG chairs should treat these comments just > like any other last call comments. > > Summary: *Ready with nits* > > > This document specifies the use of National Bibliography Numbers (NBN)s > as a particular URN namespace. > The authors explain that "no specific security threats have been > identified for NBN-based URNs". > The authors also explain that, since this document specifies high level > concepts, several security aspects are out of scope. > I tend to agree with the authors, although I don't know the domain. Would you like to see a bit more explanatory text on these matters? > Otherwise a few general comments: > > ABNF compliance: > > * Section 5: please check the ABNF compliance, for instance using Bill's > ABNF Parser, https://tools.ietf.org/tools/bap/abnf.cgi > I guess you mean: >         nbn_string  = > rather than: >         nbn_string  = <specific per prefix> > The checker also complains with rule names (Illegal character '_'). This has been noted and will be fixed in -01, see here: https://www.ietf.org/mail-archive/web/urn/current/msg03891.html > Typos: > > * Introduction: remove "to" in "must to have a namespace of its own" (or > do you mean "too"?). > > * Introduction: rather than "ISSN (International Serial Standard > Number)", it seems (wikipedia) that the acronym stands for > "International Standard Serial Number". Thanks for the review! Peter From nobody Tue May 29 10:32:37 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6000712D885 for ; Tue, 29 May 2018 10:32:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zKrFN-MW9rhr for ; Tue, 29 May 2018 10:32:34 -0700 (PDT) Received: from mail-qt0-x22c.google.com (mail-qt0-x22c.google.com [IPv6:2607:f8b0:400d:c0d::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E52E126D73 for ; Tue, 29 May 2018 10:32:34 -0700 (PDT) Received: by mail-qt0-x22c.google.com with SMTP id m5-v6so19691762qti.1 for ; Tue, 29 May 2018 10:32:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :mime-version:content-transfer-encoding; bh=v4weYQW0y/4foBhwGD2pC68ugrokNhTGderbwVFDq10=; b=cwziYF+ZgO6kCGcXp0AgHXA/xKlQM8XV7ONdDJOCG2mh+JsuP0NYyEuRLYMY5bIGO8 xjwQ6s0iqR9Jyo3i9rPmxKhW1YGSdtizcLhlQRv1hkDb7qe40yBJv3QF5A7U3lbKJ4aX 6uUcnf5zHnC/YgjrF7mRiWOTwNeUXxdVqVtSQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:mime-version:content-transfer-encoding; bh=v4weYQW0y/4foBhwGD2pC68ugrokNhTGderbwVFDq10=; b=gowCNzbC31rf8J4q2ZyhFdaA6HL8knYhWOjSy2fv6RRoK+xiYKdCy4XWIqTKQfV9N/ 9ALS9C2N0u812rROqoc8/J+ZHqtbW5BkdxhpxBTHw8EfUjvcWZfA49h1iR7+iIp0lsoI B9z1yP1zc4X1dbk5sgfXJUDZTQW9nz8Kx+j2edq+HxdBHvz94BPs3Q9rkeJk8TS1+Scn tJgIm7kUGYmnCSMwpPVX64hAi5Y28tvLa7P374oW6MSQo/DTKwBOUtKPo9uRsJNCE38C SzjAdp4c7o7tvvvTAXMPugODScHbnmp437hu8vBvrfUJ5h/yBhrNKU4asmbDndzwCAPJ nvhA== X-Gm-Message-State: ALKqPwemGrSB4bnM99qtBkemy0Y7s390Yq/NH41evU7Fl6Mjj5S0wHs5 tWvQzCae3c9ESAeygY/piI95kQ== X-Google-Smtp-Source: ADUXVKKIKwK/MKitz+lsIqkIMgQzxJ8yW7U3VyhXRVsnJeJ/uEEBF6nByIhQKV0HxNno5Rw9PhF1rQ== X-Received: by 2002:ac8:2e1c:: with SMTP id r28-v6mr8814736qta.156.1527615153430; Tue, 29 May 2018 10:32:33 -0700 (PDT) Received: from [192.168.2.27] (pool-74-96-253-73.washdc.fios.verizon.net. [74.96.253.73]) by smtp.googlemail.com with ESMTPSA id s19-v6sm25057498qki.62.2018.05.29.10.32.30 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 29 May 2018 10:32:32 -0700 (PDT) User-Agent: Microsoft-MacOutlook/14.7.6.170621 Date: Tue, 29 May 2018 13:32:25 -0400 From: Carl Wallace To: CC: , Message-ID: Thread-Topic: secdir review of draft-ietf-httpbis-h2-websockets Mime-version: 1.0 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: quoted-printable Archived-At: Subject: [secdir] secdir review of draft-ietf-httpbis-h2-websockets X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2018 17:32:37 -0000 I have reviewed this document as part of the security directorate=E2=80=99s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines a mechanism for running the WebSocket Protocol (RFC 6455 ) over a single stream of an HTTP/2 connection. The mechanism takes the form of a new SETTINGS parameter and a new pseudo-header. The document is well-written and I see no issues with it other than some friction with this statement in section 8.1.2.1 of RFC7540: "Endpoints MUST NOT generate pseudo-header fields other than those defined in this document." The draft-ietf-httpbis-h2-websockets defines a new pseudo-header field in section 4. Section 3 addresses extending HTTP/2 via a reference to section 5.5 of RFC7540, but there was nothing in that section to relax the prohibition on using pseudo-header fields not defined by 7540. Is a mod to 7540 necessary to enable support for the mechanism in draft-ietf-httpbis-h2-websockets? One minor nit, section 3 states "a sender MUST NOT send a SETTINGS_ENABLE_CONNECT_PROTOCOL parameter with the value of 0 after previously sending a value of 1". This reads as though one could never turn off web socket support once enabled.=20 From nobody Tue May 29 10:49:46 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6095712D87B; Tue, 29 May 2018 10:49:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.233 X-Spam-Level: X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YkW5vabRX0Bd; Tue, 29 May 2018 10:49:41 -0700 (PDT) Received: from linode64.ducksong.com (www.ducksong.com [192.155.95.102]) by ietfa.amsl.com (Postfix) with ESMTP id CC28512E9DC; Tue, 29 May 2018 10:49:40 -0700 (PDT) Received: from mail-oi0-f48.google.com (mail-oi0-f48.google.com [209.85.218.48]) by linode64.ducksong.com (Postfix) with ESMTPSA id 2AC6E3A03C; Tue, 29 May 2018 13:49:40 -0400 (EDT) Received: by mail-oi0-f48.google.com with SMTP id l1-v6so13851985oii.1; Tue, 29 May 2018 10:49:40 -0700 (PDT) X-Gm-Message-State: ALKqPwcQTR8NoaVGyPRcnC7m3RE6TK2M6+nm4SWoddWkk0R0vDmSTKib KL3rfHG6cYl5RdlVpffqMXy8g6M2E1dDwbujV9k= X-Google-Smtp-Source: ADUXVKLWeuQqHI3TiGPVBv6LyHIIM6uNMQcjwtA0JRJGQoVKShDoePPgYNwB401wVZLw6uP69CH29fjIPwTA3CBDAqs= X-Received: by 2002:aca:1a06:: with SMTP id a6-v6mr97531oia.213.1527616179783; Tue, 29 May 2018 10:49:39 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4a:8a24:0:0:0:0:0 with HTTP; Tue, 29 May 2018 10:49:39 -0700 (PDT) In-Reply-To: References: From: Patrick McManus Date: Tue, 29 May 2018 13:49:39 -0400 X-Gmail-Original-Message-ID: Message-ID: To: Carl Wallace Cc: draft-ietf-httpbis-h2-websockets.all@ietf.org, secdir@ietf.org, The IESG Content-Type: multipart/alternative; boundary="000000000000bfdb41056d5bdbd5" Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-httpbis-h2-websockets X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2018 17:49:45 -0000 --000000000000bfdb41056d5bdbd5 Content-Type: text/plain; charset="UTF-8" Hey Carl, thanks for doing this On Tue, May 29, 2018 at 1:32 PM, Carl Wallace wrote: > > The draft-ietf-httpbis-h2-websockets defines a new pseudo-header field in > section 4. Section 3 addresses extending HTTP/2 via a reference to section > 5.5 of RFC7540, but there was nothing in that section to relax the > prohibition on using pseudo-header fields not defined by 7540. Is a mod to > 7540 necessary to enable support for the mechanism in > draft-ietf-httpbis-h2-websockets? > > imo no update to 7540 is needed. the wg also considered the question and had the same conclusion. I will highlight the reasoning: 5.5 . Extending HTTP/2 HTTP/2 permits extension of the protocol. Within the limitations described in this section, protocol extensions can be used to provide additional services or alter any aspect of the protocol. Extensions are effective only within the scope of a single HTTP/2 connection. note "alter any aspect of this protocol" [..] Extensions that could change the semantics of existing protocol components MUST be negotiated before being used. This is one of the limitations mentioned above.. so the websockets extension needs to be negotiated (and it is). [..] For example, an extension that changes the layout of the HEADERS frame cannot be used until the peer has given a positive signal that this is acceptable. In this case, it could also be necessary to coordinate when the revised layout comes into effect. Note that treating any frames other than DATA frames as flow controlled is such a change in semantics and can only be done through negotiation. These two examples are also powerful citations that negotiated extensions can change the interpretation of basic pieces of 7540 such as existing frame layouts and even flow control rules (both of which have MUSTs associated with them). The whole section is a little bit confusing because it also enumerates a few extension points that the websockets draft is not using. But those are specifically enumerated because they can be used without negotiated opt-in and implementations not aware of the extensions need to take care to keep them clean and available for extending (so there are requirements even if you're not implementing the extension). As the example paragraph shows, extensions are not solely limited to that model. Cheers -Patrick --000000000000bfdb41056d5bdbd5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hey Carl, thanks for doing this

On Tue, May 29, 2018 at 1:32 PM, Ca= rl Wallace <carl@redhoundsoftware.com> wrote:

The draft-ietf-httpbis-h2-websockets defines a new pseudo-header field= in
section 4. Section 3 addresses extending HTTP/2 via a reference to section<= br> 5.5 of RFC7540, but there was nothing in that section to relax the
prohibition on using pseudo-header fields not defined by 7540. Is a mod to<= br> 7540 necessary to enable support for the mechanism in
draft-ietf-httpbis-h2-websockets?


imo no update to 7540 is needed. the w= g also considered the question and had the same conclusion. I will highligh= t the reasoning:

=

5.5. Exten= ding HTTP/2

HTTP/2 permits extension of the protocol. Within the limitations described in this section, protocol extensions can be used to provide additional services or alter any aspect of the protocol. Extensions are effective only within the scope of a single HTTP/2 connection.
note "alter any aspect of this protocol"<=
br>
[..]

   Extensions that could change the semantics of existing protocol
   components MUST be negotiated before being used. 
This is on=
e of the limitations mentioned above.. so the websockets extension needs to=
 be negotiated (and it is).
[..] For example, an extension that changes the layout of the HEADERS frame cannot be used until the peer has given a positive signal that this is acceptable.
= =C2=A0In this case, it could also be necessary to coordinate when the revised layout comes into effect. Note that treating any frames other than DATA frames as flow controlled is such a change in semantics and can only be done through negotiation.
These two examp= les are also powerful citations that negotiated extensions can change the i= nterpretation of basic pieces of 7540 such as existing frame layouts and ev= en flow control rules (both of which have MUSTs associated with them).

The whole section is a little bit confusing because it= also enumerates a few extension points that the websockets draft is not us= ing. But those are specifically enumerated because they can be used without= negotiated opt-in and implementations not aware of the extensions need to = take care to keep them clean and available for extending (so there are requ= irements even if you're not implementing the extension). As the example= paragraph shows, extensions are not solely limited to that model.

Cheers
-Patrick



--000000000000bfdb41056d5bdbd5-- From nobody Tue May 29 10:50:14 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4280A12EAEC; Tue, 29 May 2018 10:50:12 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: David Waltermire To: Cc: extra@ietf.org, ietf@ietf.org, draft-ietf-extra-imap-unauth.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.81.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152761621220.30011.11575332790456344157@ietfa.amsl.com> Date: Tue, 29 May 2018 10:50:12 -0700 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-extra-imap-unauth-00 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2018 17:50:12 -0000 Reviewer: David Waltermire Review result: Has Nits This standards track draft adds a new state transition to IMAP allowing the current authentication context to be reset to an non-authenticated state using the UNAUTHENTICATE command. This allows a client to issue the IMAP AUTHENTICATE command with administrative credentials to act on behalf of other users, without having to create a new connection for each user, providing for greater efficiency. This draft appears to be ready for publication, with some relatively minor nits to improve readability. Section 4.1: The requirements in this list go beyond the stated requirement to reset connection state. Some text should be added to make it clear that the list defines additional behavior to be followed. Something like the following could be used to address this: s/This lists some IMAP extensions that have connection state that/The connection state for the following list of IMAP extensions/ Append to the end of the paragraph "Additional requirements apply to specific extensions as follows:". From nobody Tue May 29 12:37:20 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E9BD12E8A9 for ; Tue, 29 May 2018 12:37:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.698 X-Spam-Level: X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RscGyubtkqXF for ; Tue, 29 May 2018 12:37:09 -0700 (PDT) Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DDDD12E8C3 for ; Tue, 29 May 2018 12:37:08 -0700 (PDT) Received: by mail-qk0-x229.google.com with SMTP id g14-v6so191201qkm.6 for ; Tue, 29 May 2018 12:37:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version; bh=NZLNgfgkgaEM5GgYUpMc1SS9UHiMt8bS6qEh4RyjUA8=; b=KBwFvDHrtytjnCpz2GEhoC1jua2n85Z+ORX33RPLs22PXqBOaq1BWp7SJqVK7w6oq2 ncuB/hwVrq9WG/Q80pTxnJFc7GSPG2Te+na+f3PDP3jTZDppxioAWcEPdf0gI9T8zHyg 0p8k6cjRDH/f8LgfPmsv4A0/oTBdGLSxJtnPA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version; bh=NZLNgfgkgaEM5GgYUpMc1SS9UHiMt8bS6qEh4RyjUA8=; b=GNi0LjyLV+dqRyYMxdYkH6c5svKZZndACozicEgQqcpu+IPjFe60iJ8+eOmf7yl2EW 3t41SP4oqrNAnwRZ0+PxEpOXAyJh/BjxYZYrSoxyKeD7vSDVVnGi9Hk1sxC2uL2xYbnq Fc2BcKNbroq0CNLqxmPGxDE8hNmTyr98+4c6+Cu1ADMT7msSSag1leXeYMWQ3eNMkegU 8tiuyZEXgsDIWnAmNfaaZbdbX9M4UqTZ5+YqfL+D3ttP/0hEh91ZCYzG0zt53wbSh4p9 i38DO7E4RC2JMsDkJk64TiTCX7IxW8zGXcIXi4TTuWMZteKPn+W6SGStAocCFcPuLJAN iOoA== X-Gm-Message-State: ALKqPwfEhNRnTUFOkzb2/rfAn7MIzrf3jILhQSGMw2QJ4awcd7nEBcIM ZcjiZ9OIFj9Ir0D/yFiEkJUaNw== X-Google-Smtp-Source: ADUXVKLtPnPDIScSiqzhBUn2z3+YIEbfb899Jm4lTqw6JZJFpsjL6HBhKK9MTZwYLu7oGnlogmdMyg== X-Received: by 2002:a37:d7c1:: with SMTP id t62-v6mr15680453qkt.123.1527622627745; Tue, 29 May 2018 12:37:07 -0700 (PDT) Received: from [192.168.2.27] (pool-74-96-253-73.washdc.fios.verizon.net. [74.96.253.73]) by smtp.googlemail.com with ESMTPSA id l5-v6sm23681821qtp.25.2018.05.29.12.37.04 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 29 May 2018 12:37:07 -0700 (PDT) User-Agent: Microsoft-MacOutlook/14.7.6.170621 Date: Tue, 29 May 2018 15:37:02 -0400 From: Carl Wallace To: Patrick McManus CC: , , The IESG Message-ID: Thread-Topic: secdir review of draft-ietf-httpbis-h2-websockets References: In-Reply-To: Mime-version: 1.0 Content-type: multipart/alternative; boundary="B_3610453025_11300491" Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-httpbis-h2-websockets X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2018 19:37:13 -0000 > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --B_3610453025_11300491 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit Your reasoning makes sense but it requires an awfully careful reading to counter the clarity of the prohibition on new pseudo-headers. Maybe an errata could be filed against 7540 to clarify the "alter any aspect of this protocol" where the prohibition is asserted for the benefit of future readers. For example, something like "Endpoints MUST NOT generate pseudo-header fields other than those defined in this document, except where support for additional pseudo-headers is negotiated as permitted in section 5.5" would help. From: Patrick McManus Date: Tuesday, May 29, 2018 at 1:49 PM To: Carl Wallace Cc: , , The IESG Subject: Re: secdir review of draft-ietf-httpbis-h2-websockets > Hey Carl, thanks for doing this > > On Tue, May 29, 2018 at 1:32 PM, Carl Wallace > wrote: >> >> The draft-ietf-httpbis-h2-websockets defines a new pseudo-header field in >> section 4. Section 3 addresses extending HTTP/2 via a reference to section >> 5.5 of RFC7540, but there was nothing in that section to relax the >> prohibition on using pseudo-header fields not defined by 7540. Is a mod to >> 7540 necessary to enable support for the mechanism in >> draft-ietf-httpbis-h2-websockets? >> > > imo no update to 7540 is needed. the wg also considered the question and had > the same conclusion. I will highlight the reasoning: > > 5.5 . Extending HTTP/2 > > > HTTP/2 permits extension of the protocol. Within the limitations > described in this section, protocol extensions can be used to provide > additional services or alter any aspect of the protocol. Extensions > are effective only within the scope of a single HTTP/2 connection. > > note "alter any aspect of this protocol" > [..] > > Extensions that could change the semantics of existing protocol > components MUST be negotiated before being used. > This is one of the limitations mentioned above.. so the websockets extension > needs to be negotiated (and it is). > [..] For example, an > extension that changes the layout of the HEADERS frame cannot be used > until the peer has given a positive signal that this is acceptable. > In this case, it could also be necessary to coordinate when the > revised layout comes into effect. Note that treating any frames > other than DATA frames as flow controlled is such a change in > semantics and can only be done through negotiation. > These two examples are also powerful citations that negotiated extensions can > change the interpretation of basic pieces of 7540 such as existing frame > layouts and even flow control rules (both of which have MUSTs associated with > them). > > The whole section is a little bit confusing because it also enumerates a few > extension points that the websockets draft is not using. But those are > specifically enumerated because they can be used without negotiated opt-in and > implementations not aware of the extensions need to take care to keep them > clean and available for extending (so there are requirements even if you're > not implementing the extension). As the example paragraph shows, extensions > are not solely limited to that model. > > Cheers > -Patrick > > > --B_3610453025_11300491 Content-type: text/html; charset="UTF-8" Content-transfer-encoding: quoted-printable
Your reasoning makes sense bu= t it requires an awfully careful reading to counter the clarity of the prohi= bition on new pseudo-headers. Maybe an errata could be filed against 7540 to= clarify the "alter any aspect of this protocol" where the prohibition  = ;is asserted for the benefit of future readers. For example, something like = "Endpoints MUST NOT generate pseudo-header fields other than those defined i= n this document, except where support for additional pseudo-headers is negot= iated as permitted in section 5.5" would help.

From: Patrick McManus <pmcmanus@mozilla.com>
Date: Tuesday, May 29, 2018 at 1:49 PM
To: Carl Wallace <carl@redhoundsoftware.com>
Cc: <= /span> <dr= aft-ietf-httpbis-h2-websockets.all@ietf.org>, <secdir@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: secdir review of draft-ietf-httpbis-h2-websockets

=
Hey Carl= , thanks for doing this

On Tue, May 29, 2018 at 1:32 PM, Carl Wallace <= carl@redhoundsoft= ware.com> wrote:

The draft-ietf-httpbis-h2-websockets defines a new pseudo-header field= in
section 4. Section 3 addresses extending HTTP/2 via a reference to section<= br> 5.5 of RFC7540, but there was nothing in that section to relax the
prohibition on using pseudo-header fields not defined by 7540. Is a mod to<= br> 7540 necessary to enable support for the mechanism in
draft-ietf-httpbis-h2-websockets?


<= div>imo no update to 7540 is needed. the wg also considered the question and= had the same conclusion. I will highlight the reasoning:

=

5.5. Extending HTTP/2

HTTP/2 permits extension of the protocol. Within the limitations described in this section, protocol extensions can be used to provide additional services or alter any aspect of the protocol. Extensions are effective only within the scope of a single HTTP/2 connection.
note "alter any aspect of this protocol"
[..]

   Extensions that could change the semantics of existing protocol
   components MUST be negotiated before being used. 
This is one of =
the limitations mentioned above.. so the websockets extension needs to be ne=
gotiated (and it is).
[..] For example, an extension that changes the layout of the HEADERS frame cannot be used until the peer has given a positive signal that this is acceptable.
&= nbsp;In this case, it could also be necessary to coordinate when the revised layout comes into effect. Note that treating any frames other than DATA frames as flow controlled is such a change in semantics and can only be done through negotiation.
These two examp= les are also powerful citations that negotiated extensions can change the in= terpretation of basic pieces of 7540 such as existing frame layouts and even= flow control rules (both of which have MUSTs associated with them).

The whole section is a little bit confusing because it als= o enumerates a few extension points that the websockets draft is not using. = But those are specifically enumerated because they can be used without negot= iated opt-in and implementations not aware of the extensions need to take ca= re to keep them clean and available for extending (so there are requirements= even if you're not implementing the extension). As the example paragraph sh= ows, extensions are not solely limited to that model.

Cheers
-Patrick



--B_3610453025_11300491-- From nobody Wed May 30 08:56:31 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 228FC1250B8; Wed, 30 May 2018 08:53:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1527695626; bh=iPzikdozaEfgoqn34Xwf+u4iaGPZPQnPVbyT/5lS/xs=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=CAZmVuL2X1w1obXLtFnKUfw16Dl6HF4C0AGD7WFp0eXP15gClTR3wOyyLAjeKi7d0 mBwEqZus6St1n1IugCWJwBYRM4KTQ7KuIIwD4f4yETvZTBKf2OPcDx6ARpt6AupY+V vl5BKELi08gWeseIaR0NFv0OJT2B/HHzwe4usMjI= X-Mailbox-Line: From new-work-bounces@ietf.org Wed May 30 08:53:41 2018 Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D0D612E9D9; Wed, 30 May 2018 08:53:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1527695593; bh=iPzikdozaEfgoqn34Xwf+u4iaGPZPQnPVbyT/5lS/xs=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=a1f4yeKr13bW0OzqzQA1r5kM1ZG2pC+QBAJSr/oyG0nCgy8Vub9z58ox7HFZRaEX+ uVfaHM5EtE3eNtsrcw9kD6lBydfPaOXYFekdRBHOBDRwvNB0KQKNjWsSP9JQczs3xL PVKJzx8Qj7YHijPgxH+BYXRggrbQgnn2qFqkq81I= X-Original-To: new-work@ietf.org Delivered-To: new-work@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1026212D775 for ; Wed, 30 May 2018 08:53:05 -0700 (PDT) MIME-Version: 1.0 From: The IESG To: X-Test-IDTracker: no X-IETF-IDTracker: 6.81.1 Auto-Submitted: auto-generated Precedence: bulk MIME-Version: 1.0 Reply_to: Message-ID: <152769558505.27675.6470390159766637784.idtracker@ietfa.amsl.com> Date: Wed, 30 May 2018 08:53:05 -0700 Archived-At: X-BeenThere: new-work@ietf.org X-Mailman-Version: 2.1.22 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: new-work-bounces@ietf.org Sender: "new-work" Archived-At: X-Mailman-Approved-At: Wed, 30 May 2018 08:56:29 -0700 Subject: [secdir] [new-work] WG Review: Limited Additional Mechanisms for PKIX and SMIME (lamps) X-BeenThere: secdir@ietf.org List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2018 15:53:57 -0000 The Limited Additional Mechanisms for PKIX and SMIME (lamps) WG in the Security Area of the IETF is undergoing rechartering. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2018-06-06. Limited Additional Mechanisms for PKIX and SMIME (lamps) ----------------------------------------------------------------------- Current status: Active WG Chairs: Russ Housley Timothy Hollebeek Assigned Area Director: Eric Rescorla Security Area Directors: Eric Rescorla Benjamin Kaduk Mailing list: Address: spasm@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/spasm Archive: https://mailarchive.ietf.org/arch/browse/spasm/ Group page: https://datatracker.ietf.org/group/lamps/ Charter: https://datatracker.ietf.org/doc/charter-ietf-lamps/ The PKIX and S/MIME Working Groups have been closed for some time. Some updates have been proposed to the X.509 certificate documents produced by the PKIX Working Group and the electronic mail security documents produced by the S/MIME Working Group. The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working Group is chartered to make updates where there is a known constituency interested in real deployment and there is at least one sufficiently well specified approach to the update so that the working group can sensibly evaluate whether to adopt a proposal. The LAMPS WG is now tackling these topics: 1. Specify a discovery mechanism for CAA records to replace the one described in RFC 6844. Implementation experience has demonstrated an ambiguity in the handling of CNAME and DNAME records during discovery in RFC 6844, and subsequent discussion has suggested that a different discovery approach would resolve limitations inherent in that approach. 2. Specify the use of SHAKE128/256 and SHAKE256/512 for PKIX and S/MIME. Unlike the previous hashing standards, the SHA-3 family of functions are the outcome of an open competition. They have a clear design rationale and have received a lot of public analysis, giving great confidence that the SHA-3 family of functions are secure. Also, since SHA-3 uses a very different construction from SHA-2, the SHA-3 family of functions offers an excellent alternative. In particular, SHAKE128/256 and SHAKE256/512 offer security and performance benefits. 3. Specify the use of short-lived X.509 certificates for which no revocation information is made available by the Certification Authority. Short-lived certificates have a lifespan that is shorter than the time needed to detect, report, and distribute revocation information, as a result revoking them pointless. 4. Specify the use of a pre-shared key (PSK) along with other key management techniques with supported by the Cryptographic Message Syntax (CMS) as a near-term mechanism to protect present day communication from the future invention of a large-scale quantum computer. The invention of a such a quantum computer would pose a serious challenge for the key management algorithms that are widely deployed, especially the key transport and key agreement algorithms used today with the CMS to protect S/MIME messages. 5. Specify the use of hash-based signatures with the Cryptographic Message Syntax (CMS). A hash-based signature uses small private and public keys, and it has low computational cost; however, the signature values are quite large. For this reason they might not be used for signing X.509 certificates or S/MIME messages, but they are secure even if a large-scale quantum computer is invented. These properties make hash-based signatures useful in some environments, such a the distribution of software updates. 6. Specifies a certificate extension that is carried in a self-signed certificate for a trust anchor, which is often called a Root Certification Authority (CA) certificate, to identify the next public key that will be used by the trust anchor. In addition, the LAMPS WG may investigate other updates to documents produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not adopt any of these potential work items without rechartering. Milestones: Jun 2018 - Adopt a draft for short-lived certificate conventions Jun 2018 - Adopt a draft for the CMS with PSK Jun 2018 - Adopt a draft for hash-based signatures with the CMS Jun 2018 - Adopt a draft for root key rollover certificate extension Jul 2018 - rfc6844bis sent to IESG for standards track publication Aug 2018 - Root key rollover certificate extension sent to IESG for informational publication Sep 2018 - SHAKE128/256 and SHAKE256/512 for PKIX sent to IESG for standards track publication Sep 2018 - SHAKE128/256 and SHAKE256/512 for S/MIME sent to IESG for standards track publication Oct 2018 - Short-lived certificate conventions sent to IESG for BCP publication Oct 2018 - The CMS with PSK sent to IESG for standards track publication Dec 2018 - Hash-based signatures with the CMS sent to IESG for standards track publication _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work From nobody Wed May 30 11:45:18 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FE0F12EA52; Wed, 30 May 2018 11:45:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.198 X-Spam-Level: X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_FAIL=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m0K5rBrijT0m; Wed, 30 May 2018 11:45:13 -0700 (PDT) Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 4FDA012E8D6; Wed, 30 May 2018 11:45:13 -0700 (PDT) Received: from thinny.local (69-12-173-8.static.dsltransport.net [69.12.173.8]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by colo.trepanning.net (Postfix) with ESMTPSA id 75E8FA888020; Wed, 30 May 2018 11:45:12 -0700 (PDT) To: secdir@ietf.org, "iesg@ietf.org" Cc: draft-ietf-dtn-bpsec.all@ietf.org From: Dan Harkins Message-ID: <3e8f4b68-f4af-00e8-293b-e2adbc3f1798@lounge.org> Date: Wed, 30 May 2018 11:45:10 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------0AEA476AFDA53DBF7C4335C2" Content-Language: en-US Archived-At: Subject: [secdir] secdir review of draft-ietf-dtn-bpsec-06 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2018 18:45:16 -0000 This is a multi-part message in MIME format. --------------0AEA476AFDA53DBF7C4335C2 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of my review is: Almost-Ready. This draft describes a protocol called BPSec which "provides end-to-end integrity and confidentiality services for BP bundles." But it doesn't really define a security protocol because it leaves key establishment and the actual ciphers used to afford end-to-end protection to bundles to different documents. So it's sort of like EAP in that respect. 1. Issues with encryption and integrity protection There are 2 different blocks defined, a Block Integrity Block (BIB) that provides integrity protection and a Block Confidentiality Block (BCB) that encrypts the block. Apparently, the BCB does not also provide integrity protection of its ciphertext since the draft says that, while multiple security operations on the same block are invalid, doing integrity protection and confidentiality on the same block is valid. This opens up some insecure options that don't need to be allowed, like integrity protect then encrypt, or integrity protect and encrypt. I think it would be a good idea to mandate that whatever ciphersuite is used for a BCB (again, the draft does not specify ciphersuites) that it provides authenticated encryption. Then update the uniqueness requirement in section 3.2. The example in figure 3 does authenticate-then-encrypt which is not robust. This needs to change. The processing order in 5.1 states "BCBs MUST be evaluated first and BIBs second." This is wrong, it's mandating a fragile construct whose security depends on the cipher mode and that is dangerous. Strongly suggest changing this and using and AEAD cipher. Also in 5.1: "If an encrypted payload block cannot be decrypted...." How would you know? As long as it's the right size it will decrypt into something. That something might be garbage but decryption was successful. This is another reason to mandate AEAD. If it fails, it fails hard, no two step required. My suggestion to use an AEAD cipher seems to conflict somewhat with the fragmentation/reassembly text which says that application of a confidentiality cipher suite MUST NOT alter the size of the payload. That is going to have to be reconciled somehow. This document should not allow anything other than encrypt-then-authenticate (and it should do so by mandating AEAD ciphers) and if that requires some rewrite of the fragmentation/reassembly text then so be it. II. Issues with RFC 2119 words I hate to be a stickler on stuff like this but... Section 2.2 which begins, "A bundle MAY have multiple security blocks and these blocks MAY have different security sources." Now, to me, MAY means it's optional and that if I don't implement it I can still stay compliant. But that's not how I'm reading this. What I'm reading is an admonition to not assume uniformity in bundles, which seems like an important statement that is the opposite of the literal MAY text. It's really you MUST NOT assume that a bundle has uniform security. Section 3.3: "A set of security operations may be represented by a single security block if and only if the following conditions are true...." That sounds kind of normative. Do the authors mean "A set of security operations SHALL be represented by a single security block...."? Regarding the optional "Security Source" in the Abstract Security Block in section 3.6: "If the security source field is not present then the ource MAY be inferred from other information...." And that means I can choose to not implement this optional inference. In which case, what do I do? I think some instruction to implementers is needed but I'm not sure what it is. Basically, I think the whole document should be searched for "may" (case insensitively) and each instance looked at closely. III. Security Considerations The security considerations are thorough and well done although the first three paragraphs in section 8 seem to boil down to the fact that the DTN is assumed to be completely under the control of an attacker. I think that's all that needs to be said there. regards, Dan. --------------0AEA476AFDA53DBF7C4335C2 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit
  Hello,

  I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

  The summary of my review is: Almost-Ready.

  This draft describes a protocol called BPSec which "provides
end-to-end integrity and confidentiality services for BP bundles."
But it doesn't really define a security protocol because it leaves
key establishment and the actual ciphers used to afford end-to-end
protection to bundles to different documents. So it's sort of like
EAP in that respect.

 1. Issues with encryption and integrity protection

  There are 2 different blocks defined, a Block Integrity Block (BIB)
that provides integrity protection and a Block Confidentiality Block
(BCB) that encrypts the block. Apparently, the BCB does not also
provide integrity protection of its ciphertext since the draft says
that, while multiple security operations on the same block are invalid,
doing integrity protection and confidentiality on the same block is
valid. This opens up some insecure options that don't need to be allowed, 
like integrity protect then encrypt, or integrity protect and encrypt.
I think it would be a good idea to mandate that whatever ciphersuite
is used for a BCB (again, the draft does not specify ciphersuites) that
it provides authenticated encryption. Then update the uniqueness
requirement in section 3.2. 

  The example in figure 3 does authenticate-then-encrypt which is
not robust. This needs to change.

  The processing order in 5.1 states "BCBs MUST be evaluated first
and BIBs second." This is wrong, it's mandating a fragile construct
whose security depends on the cipher mode and that is dangerous.
Strongly suggest changing this and using and AEAD cipher.

  Also in 5.1: "If an encrypted payload block cannot be decrypted...."
How would you know? As long as it's the right size it will decrypt 
into something. That something might be garbage but decryption was
successful. This is another reason to mandate AEAD. If it fails, it
fails hard, no two step required. 

  My suggestion to use an AEAD cipher seems to conflict somewhat with the
fragmentation/reassembly text which says that application of a
confidentiality cipher suite MUST NOT alter the size of the payload.
That is going to have to be reconciled somehow. This document should
not allow anything other than encrypt-then-authenticate (and it should
do so by mandating AEAD ciphers) and if that requires some rewrite of
the fragmentation/reassembly text then so be it. 

 II. Issues with RFC 2119 words

  I hate to be a stickler on stuff like this but...

  Section 2.2 which begins, "A bundle MAY have multiple security blocks
and these blocks MAY have different security sources." Now, to me, MAY
means it's optional and that if I don't implement it I can still stay
compliant. But that's not how I'm reading this. What I'm reading
is an admonition to not assume uniformity in bundles, which seems
like an important statement that is the opposite of the literal MAY
text. It's really you MUST NOT assume that a bundle has uniform
security. 

  Section 3.3: "A set of security operations may be represented by a
single security block if and only if the following conditions are true...."
That sounds kind of normative.  Do the authors mean "A set of security
operations SHALL be represented by a single security block...."?

  Regarding the optional "Security Source" in the Abstract Security Block
in section 3.6: "If the security source field is not present then the 
ource MAY be inferred from other information...." And that means I can
choose to not implement this optional inference. In which case, what do
I do? I think some instruction to implementers is needed but I'm
not sure what it is.

  Basically, I think the whole document should be searched for "may" (case
insensitively) and each instance looked at closely.

  III. Security Considerations

  The security considerations are thorough and well done although the
first three paragraphs in section 8 seem to boil down to the fact that
the DTN is assumed to be completely under the control of an attacker. I
think that's all that needs to be said there. 

  regards,

  Dan.








--------------0AEA476AFDA53DBF7C4335C2-- From nobody Wed May 30 20:23:32 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D9231318CA; Wed, 30 May 2018 20:23:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=Hdu9wcsY; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=JCNuZaoO Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRM_3fT7IliL; Wed, 30 May 2018 20:23:22 -0700 (PDT) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18CE31314DD; Wed, 30 May 2018 20:23:22 -0700 (PDT) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 8027121BAF; Wed, 30 May 2018 23:23:21 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Wed, 30 May 2018 23:23:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=szCb2KWFZ7KX1Oj+jODZFgzd2Fkx3 09JXPHpSILByxs=; b=Hdu9wcsYzUK5jBcq/ZZFhCoY2W6WvbuefPsmsvvtxJDm4 s72TubjMzXFPWVYPVL/BpQkFV2NgSE+fpFHGYGiuKGKIvxaVi8EaksFCzIxSpt8p KGqSxhWXcc/YIVGb6LuC6fH+8lEr9cxTyUaW6Cr1tZh9oiVfE7uF7tSqcmwr8NEv wPB0Nmns6ySyG70+raNoVPUjYLk3Bt3keO3zN+yNLxjU+b59F8lE+JNexZdLHU++ uQF/wIjnzMBKAIZ1vZSN2BeSDkECb6/rHcIRsgxIyoNL0iG9SmcVRNfNgseKjJzD 3GKYOVy3DsW7GjjI4mYNI/YW6xCjbGTxiwAtPh9XA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=szCb2K WFZ7KX1Oj+jODZFgzd2Fkx309JXPHpSILByxs=; b=JCNuZaoOqvF79A+sEN1iNM VuR6Nv5jZEpGCm875LT0A6CVD+QABXiKsNBNnDQ5shWVs4Wd+2cl4lXm2q7sLqpV j+QEdXkTNjJblY9fPc+c3zE/+WB3w1fyzRa1m44X97ioV/FBBCD9ZjYBHYw37qLu HvIC5sHS1JgXBcFHfSTdJebBkKG1MpZyk7PAPxkeENgsmI6uT3yjy7Ei1B5wqo+G TccdRidz5YJKwGa+WkVdqGzs1GtaeCFC64ylz9VAwnVKdpAVjn6aTxfhHoH3oiyb bd7a0EfsBpby6dbhQcjFiyUrtXmtBvpfznLywdQunm5k5fE6ZGfhQAhTspt89+UA == X-ME-Proxy: X-ME-Proxy: X-ME-Proxy: X-ME-Proxy: X-ME-Proxy: X-ME-Proxy: X-ME-Sender: Received: from attitudadjuster.localdomain (unknown [144.136.175.28]) by mail.messagingengine.com (Postfix) with ESMTPA id A34A310262; Wed, 30 May 2018 23:23:19 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) From: Mark Nottingham In-Reply-To: Date: Thu, 31 May 2018 13:23:16 +1000 Cc: Patrick McManus , draft-ietf-httpbis-h2-websockets.all@ietf.org, secdir@ietf.org, The IESG Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Carl Wallace X-Mailer: Apple Mail (2.3445.6.18) Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-httpbis-h2-websockets X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2018 03:23:25 -0000 The problem is that we'd have to put such a caveat on pretty much every = MUST in the document.=20 Cheers, > On 30 May 2018, at 5:37 am, Carl Wallace = wrote: >=20 > Your reasoning makes sense but it requires an awfully careful reading = to counter the clarity of the prohibition on new pseudo-headers. Maybe = an errata could be filed against 7540 to clarify the "alter any aspect = of this protocol" where the prohibition is asserted for the benefit of = future readers. For example, something like "Endpoints MUST NOT generate = pseudo-header fields other than those defined in this document, except = where support for additional pseudo-headers is negotiated as permitted = in section 5.5" would help. >=20 > From: Patrick McManus > Date: Tuesday, May 29, 2018 at 1:49 PM > To: Carl Wallace > Cc: , = , The IESG > Subject: Re: secdir review of draft-ietf-httpbis-h2-websockets >=20 >> Hey Carl, thanks for doing this >>=20 >> On Tue, May 29, 2018 at 1:32 PM, Carl Wallace = wrote: >>>=20 >>> The draft-ietf-httpbis-h2-websockets defines a new pseudo-header = field in >>> section 4. Section 3 addresses extending HTTP/2 via a reference to = section >>> 5.5 of RFC7540, but there was nothing in that section to relax the >>> prohibition on using pseudo-header fields not defined by 7540. Is a = mod to >>> 7540 necessary to enable support for the mechanism in >>> draft-ietf-httpbis-h2-websockets? >>>=20 >>=20 >> imo no update to 7540 is needed. the wg also considered the question = and had the same conclusion. I will highlight the reasoning: >>=20 >> 5.5. Extending HTTP/2 >>=20 >>=20 >>=20 >> HTTP/2 permits extension of the protocol. Within the limitations >> described in this section, protocol extensions can be used to = provide >> additional services or alter any aspect of the protocol. = Extensions >> are effective only within the scope of a single HTTP/2 connection. >>=20 >>=20 >> note "alter any aspect of this protocol" >> [..] >>=20 >> Extensions that could change the semantics of existing protocol >> components MUST be negotiated before being used.=20 >>=20 >> This is one of the limitations mentioned above.. so the websockets = extension needs to be negotiated (and it is). >> [..] For example, an >> extension that changes the layout of the HEADERS frame cannot be = used >> until the peer has given a positive signal that this is = acceptable. >>=20 >> In this case, it could also be necessary to coordinate when the >> revised layout comes into effect. Note that treating any frames >> other than DATA frames as flow controlled is such a change in >> semantics and can only be done through negotiation. >>=20 >> These two examples are also powerful citations that negotiated = extensions can change the interpretation of basic pieces of 7540 such as = existing frame layouts and even flow control rules (both of which have = MUSTs associated with them). >>=20 >> The whole section is a little bit confusing because it also = enumerates a few extension points that the websockets draft is not = using. But those are specifically enumerated because they can be used = without negotiated opt-in and implementations not aware of the = extensions need to take care to keep them clean and available for = extending (so there are requirements even if you're not implementing the = extension). As the example paragraph shows, extensions are not solely = limited to that model. >>=20 >> Cheers >> -Patrick >>=20 >>=20 >>=20 -- Mark Nottingham https://www.mnot.net/ From nobody Thu May 31 01:02:58 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CF4F12EBE8; Thu, 31 May 2018 01:02:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AeEQdce_PUns; Thu, 31 May 2018 01:02:53 -0700 (PDT) Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1AE412E8EE; Thu, 31 May 2018 01:02:51 -0700 (PDT) X-IronPort-AV: E=Sophos;i="5.49,463,1520895600"; d="scan'208,217";a="267086073" Received: from unknown (HELO [192.168.16.115]) ([193.55.47.16]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 May 2018 10:02:47 +0200 From: Vincent Roca Message-Id: <6875C56D-A978-415B-A98F-BEAF886DE846@inria.fr> Content-Type: multipart/alternative; boundary="Apple-Mail=_5ABA35CC-B81B-4E84-B6AD-563D826BCA13" Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) Date: Thu, 31 May 2018 10:02:47 +0200 In-Reply-To: <19fae0b2-55b8-17cd-bb40-33581a936f08@mozilla.com> Cc: Vincent Roca , The IESG , secdir@ietf.org, draft-hakala-urn-nbn-rfc3188bis.all@ietf.org To: Peter Saint-Andre References: <623421A0-B3BE-43CA-87AD-9B0AA6EF14F4@inria.fr> <19fae0b2-55b8-17cd-bb40-33581a936f08@mozilla.com> X-Mailer: Apple Mail (2.3445.6.18) Archived-At: Subject: Re: [secdir] Secdir review of draft-hakala-urn-nbn-rfc3188bis-00 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2018 08:02:56 -0000 --Apple-Mail=_5ABA35CC-B81B-4E84-B6AD-563D826BCA13 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hello Peter, > Hi Vincent, thanks for your review. I'm the document shepherd and the > author is on holiday right now, so I'll reply on a few points. [..] >> This document specifies the use of National Bibliography Numbers = (NBN)s >> as a particular URN namespace. >> The authors explain that "no specific security threats have been >> identified for NBN-based URNs". >> The authors also explain that, since this document specifies high = level >> concepts, several security aspects are out of scope. >> I tend to agree with the authors, although I don't know the domain. >=20 > Would you like to see a bit more explanatory text on these matters? More explanatory text is always welcome, but as I said, I wouldn=E2=80=99t= object if the doc stays as is. > Thanks for the review! You=E2=80=99re welcome. Vincent --Apple-Mail=_5ABA35CC-B81B-4E84-B6AD-563D826BCA13 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hello= Peter,

Hi Vincent, thanks for your = review. I'm the document shepherd and the
author is on holiday right now, so I'll reply on a few = points.

[..]

This = document specifies the use of National Bibliography Numbers (NBN)s
as a particular URN namespace.
The authors = explain that "no specific security threats have been
identified for NBN-based URNs".
The authors = also explain that, since this document specifies high level
concepts, several security aspects are out of scope.
I tend to agree with the authors, although I don't know the = domain.

Would you like to see a bit more explanatory text on these = matters?

More = explanatory text is always welcome, but as I said, I = wouldn=E2=80=99t
object if the doc stays as is.

Thanks for = the review!

You=E2=80=99re welcome.

  Vincent

= --Apple-Mail=_5ABA35CC-B81B-4E84-B6AD-563D826BCA13-- From nobody Thu May 31 03:18:37 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3012312EA54 for ; Thu, 31 May 2018 03:18:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r0wULnSoqhNh for ; Thu, 31 May 2018 03:18:33 -0700 (PDT) Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E544112EC1D for ; Thu, 31 May 2018 03:18:32 -0700 (PDT) Received: by mail-qk0-x229.google.com with SMTP id j12-v6so13428395qkk.4 for ; Thu, 31 May 2018 03:18:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=jueXlFv401kdBDjsnUMkJM6TN6QSzXdnSDuLXQdbVQU=; b=fs1tsrPS4D3o4cP4XnME3hN247Qs3CjqU646rdZZdYfgOzGYtjYU64lRoJig08JVP2 SuOeVwJtQ5k3BFhEpp6JpAh8lpEvvaYYiHUYE4A52SQgTlOIZn6hTPpwVrcOYEnF5+jr rWkqx7fGkVccw2y6xoeVRQgX7SDdcNbePC5bM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=jueXlFv401kdBDjsnUMkJM6TN6QSzXdnSDuLXQdbVQU=; b=Fm7YFk9aLNfDHKYO4R19fszJjeXgWYKt5ZgsYiKtc6H+JRspWtWSpMt3SKhux4BUPe zho4pcPDQ6curhjD4wPgBg5KJBALsZTiLwf0NSUgpIRHE9YF/YTnWYJ9qkdzOKsrRSSw HDVffdTMYaFMV3ACcfTPMs433k+fRfNw5bkzReQUnS3z6y0bi4n8gpgNoAZmeCbifGMe Yzb5Y+KARFWv1+dXFkCUEe/hjXRGWdmoyqeeev3NkpbY9OZb24pIXfK5YjLLkfXIcGK0 A4UGzUxs449/3OASxF9bxEStZ8piOh8d480DzMYHEtC34dTbifga+9Xd14dhQyhip/tw DwuA== X-Gm-Message-State: APt69E2A0RWTwCg5onT/C8eJ0fxUh0eWsXawoJ1eovOA08prQjPDS2O1 BG04oimFdtI+3icpC1det73YSQ== X-Google-Smtp-Source: ADUXVKKrmh9Pj4nb3qyYYTPCeT9G5VzAqzFATxZ4z+rqQeQBV+iLWiZrqcNA7qg90t010YoFLcdF9w== X-Received: by 2002:a37:f59:: with SMTP id z86-v6mr5494993qkg.234.1527761911900; Thu, 31 May 2018 03:18:31 -0700 (PDT) Received: from [192.168.2.158] (pool-74-96-253-73.washdc.fios.verizon.net. [74.96.253.73]) by smtp.gmail.com with ESMTPSA id 31-v6sm2316477qtq.80.2018.05.31.03.18.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 May 2018 03:18:31 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) From: Carl Wallace X-Mailer: iPhone Mail (14G60) In-Reply-To: Date: Thu, 31 May 2018 06:18:29 -0400 Cc: Patrick McManus , draft-ietf-httpbis-h2-websockets.all@ietf.org, secdir@ietf.org, The IESG Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Mark Nottingham Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-httpbis-h2-websockets X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2018 10:18:36 -0000 Good enough.=20 > On May 30, 2018, at 11:23 PM, Mark Nottingham wrote: >=20 > The problem is that we'd have to put such a caveat on pretty much every MU= ST in the document.=20 >=20 > Cheers, >=20 >=20 >> On 30 May 2018, at 5:37 am, Carl Wallace wrot= e: >>=20 >> Your reasoning makes sense but it requires an awfully careful reading to c= ounter the clarity of the prohibition on new pseudo-headers. Maybe an errata= could be filed against 7540 to clarify the "alter any aspect of this protoc= ol" where the prohibition is asserted for the benefit of future readers. Fo= r example, something like "Endpoints MUST NOT generate pseudo-header fields o= ther than those defined in this document, except where support for additiona= l pseudo-headers is negotiated as permitted in section 5.5" would help. >>=20 >> From: Patrick McManus >> Date: Tuesday, May 29, 2018 at 1:49 PM >> To: Carl Wallace >> Cc: , , T= he IESG >> Subject: Re: secdir review of draft-ietf-httpbis-h2-websockets >>=20 >>> Hey Carl, thanks for doing this >>>=20 >>>> On Tue, May 29, 2018 at 1:32 PM, Carl Wallace wrote: >>>>=20 >>>> The draft-ietf-httpbis-h2-websockets defines a new pseudo-header field i= n >>>> section 4. Section 3 addresses extending HTTP/2 via a reference to sect= ion >>>> 5.5 of RFC7540, but there was nothing in that section to relax the >>>> prohibition on using pseudo-header fields not defined by 7540. Is a mod= to >>>> 7540 necessary to enable support for the mechanism in >>>> draft-ietf-httpbis-h2-websockets? >>>>=20 >>>=20 >>> imo no update to 7540 is needed. the wg also considered the question and= had the same conclusion. I will highlight the reasoning: >>>=20 >>> 5.5. Extending HTTP/2 >>>=20 >>>=20 >>>=20 >>> HTTP/2 permits extension of the protocol. Within the limitations >>> described in this section, protocol extensions can be used to provide >>> additional services or alter any aspect of the protocol. Extensions >>> are effective only within the scope of a single HTTP/2 connection. >>>=20 >>>=20 >>> note "alter any aspect of this protocol" >>> [..] >>>=20 >>> Extensions that could change the semantics of existing protocol >>> components MUST be negotiated before being used.=20 >>>=20 >>> This is one of the limitations mentioned above.. so the websockets exten= sion needs to be negotiated (and it is). >>> [..] For example, an >>> extension that changes the layout of the HEADERS frame cannot be used >>> until the peer has given a positive signal that this is acceptable. >>>=20 >>> In this case, it could also be necessary to coordinate when the >>> revised layout comes into effect. Note that treating any frames >>> other than DATA frames as flow controlled is such a change in >>> semantics and can only be done through negotiation. >>>=20 >>> These two examples are also powerful citations that negotiated extension= s can change the interpretation of basic pieces of 7540 such as existing fra= me layouts and even flow control rules (both of which have MUSTs associated w= ith them). >>>=20 >>> The whole section is a little bit confusing because it also enumerates a= few extension points that the websockets draft is not using. But those are s= pecifically enumerated because they can be used without negotiated opt-in an= d implementations not aware of the extensions need to take care to keep them= clean and available for extending (so there are requirements even if you're= not implementing the extension). As the example paragraph shows, extensions= are not solely limited to that model. >>>=20 >>> Cheers >>> -Patrick >>>=20 >>>=20 >>>=20 >=20 > -- > Mark Nottingham https://www.mnot.net/ >=20 From nobody Thu May 31 05:48:27 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 635BC12EC02 for ; Thu, 31 May 2018 05:48:25 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.81.1 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secretary@mit.edu Message-ID: <152777090539.22664.932728959769738863.idtracker@ietfa.amsl.com> Date: Thu, 31 May 2018 05:48:25 -0700 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2018 12:48:26 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2018-06-07 Reviewer LC end Draft Melinda Shore 2018-05-30 draft-ietf-teas-yang-te-topo-15 For telechat 2018-06-21 Reviewer LC end Draft Sandra Murphy 2018-04-24 draft-ietf-mmusic-sdp-simulcast-12 Last calls: Reviewer LC end Draft John Bradley 2018-04-18 draft-ietf-acme-acme-12 Daniel Gillmor 2018-03-19 draft-gutmann-scep-10 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Tina Tsou 2018-05-21 draft-ietf-v6ops-conditional-ras-04 Samuel Weiler 2018-05-21 draft-ietf-bfd-multipoint-16 Brian Weis 2018-06-04 draft-ietf-tsvwg-rfc4960-errata-06 Klaas Wierenga 2018-06-26 draft-richer-vectors-of-trust-11 Christopher Wood 2018-06-12 draft-ietf-oauth-device-flow-09 Paul Wouters 2018-06-12 draft-ietf-dcrup-dkim-crypto-10 Early review requests: Reviewer Due Draft Daniel Franke 2018-01-31 draft-ietf-intarea-provisioning-domains-00 Ă“lafur GuĂ°mundsson 2018-01-09 draft-ietf-opsawg-nat-yang-09 Liang Xia 2018-06-30 draft-ietf-cellar-ffv1-02 Next in the reviewer rotation: Taylor Yu Dacheng Zhang Derek Atkins John Bradley Shaun Cooley Roman Danyliw Alan DeKok Donald Eastlake Shawn Emery Stephen Farrell From nobody Thu May 31 20:19:52 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44BC61250B8; Thu, 31 May 2018 20:19:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id geMW7DYk9wtq; Thu, 31 May 2018 20:19:49 -0700 (PDT) Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD843124D6C; Thu, 31 May 2018 20:19:46 -0700 (PDT) Received: by mail-pg0-x233.google.com with SMTP id 15-v6so10280891pge.2; Thu, 31 May 2018 20:19:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=D7/OXtx0B4phrfgZYYWq+/JS6RkoQMaaFfkbrVlAHRo=; b=UMcDaU8Sn5e5Ypa7zoe90RtLiDc7M7pmm7fBUNognO+vQJeCm0a+HKVr7JZsW/06gu TcdjRmo0kHgWqnM8vMTJuqOiP7OQfsgtuAbt6Lmj3EoghMYTIpxx8kcncp7Agb39H2ZG mUsnrdJdqUmeN0WA8A7CKZP8Y7MOYlruHYfSexjtI3kcP+HBsWTgO/hJAjpNqCQxvwz5 Lm7CX/ULI0mveH6bhHKRYwuCWAZ1amj+5bNhWrLBdMucKZqGpeGu1d7uSOo20y1Fy1uA YYXJHnM2SiAKrxkaeDf7Zgv5q9/T/YeeOVsBLIyqj+YSug4RKV9DUVmsiISXKrOTWMmy hKLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=D7/OXtx0B4phrfgZYYWq+/JS6RkoQMaaFfkbrVlAHRo=; b=J3jg41vTVQoiD5s26qhIYc7R3MaMNQAX3xq6VY6amQvXWCgHBQ40f3arZY/Pslnw9q T5jxDCAuZ/atI5j1WJYarTEbUz1RP59j1BQ7NWfU25XrAfzyRrpHcH/S0tBFGLJTn0Mx puc5dnpsuzcvVcBAclOy/k3+pAEvAXd0qiDgEjTvr0cF97qnmmXTkL46JedGhKbXlJyE PBn5YtQS5xz7zvH8Nnd2DfVoqdjNkRSoQA3rTLr3F55gVVqkGoSXu0db68dLKKcv5jq8 pDdHNG4g4/vmgJKrgQaGZeFcjP4AEU1YEC7+ULTUW4QsZ6dC8ZjohH/CxU5SejNJgJbz VyGg== X-Gm-Message-State: ALKqPwcVmGjZaL2WrvFW8iSvFcjGgJ01cBVMnYK7DljFniCndWT5xOC8 1NGd8O0zU0tJfUsAWLDbDMFrGEy7 X-Google-Smtp-Source: ADUXVKLxUuFp6TpXJEakrVs77wNKh90ZF8yY2c284cIIbv3mLD4InRGPObBFUJ6iRpFF+nhDmtiUPQ== X-Received: by 2002:a65:4b49:: with SMTP id k9-v6mr7365382pgt.369.1527823185763; Thu, 31 May 2018 20:19:45 -0700 (PDT) Received: from aspen.local (216-67-39-96-radius.dynamic.acsalaska.net. [216.67.39.96]) by smtp.gmail.com with ESMTPSA id x124-v6sm67959480pfx.72.2018.05.31.20.19.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 May 2018 20:19:44 -0700 (PDT) From: Melinda Shore To: secdir@ietf.org, IESG , draft-ietf-teas-yang-te-topo.all@ietf.org Message-ID: <1b9239b4-ff6a-4f85-4c6e-8b714cf6b6a3@gmail.com> Date: Thu, 31 May 2018 19:19:42 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: [secdir] Secdir review of draft-ietf-teas-yang-te-topo-15 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jun 2018 03:19:51 -0000 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with issues This document defines a technology-agnostic YANG data model for representation of traffic engineering topologies, and is intended to serve as a base model for other technology-specific traffic engineering topology models. The document is clearly written and appears comprehensive with respect to its subject matter. I suspect that sections 1-4 would be a useful reference for people wanting to learn about TE topologies in general, and I enjoyed reading it. The security considerations section is scanty and, unfortunately, insufficient. The statement "The data-model by itself does not create any security implications" seems questionable at best, since it contains information about network topology and the treatment of traffic, which may be of value to an attacker. The lack of discussion of the threat environment is particularly problematic given that the model is intended to be used for manipulating TE topologies. The authors may want to look to draft-ietf-i2rs-yang-network-topo as a model (no pun intended) of a good security considerations section for a topology model. I don't see how this document can be published with the security considerations section in its current condition. This is really a trivial nit, but a nit nevertheless - the second paragraph of the terminology section probably belongs in the introduction instead, as it lays out expectations for the reader and contains a pointer to introductory material for readers unfamiliar with the IETF's traffic engineering work. Melinda