From mailman-bounces@six.pairlist.net Tue Jun 1 05:00:45 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA07182 for ; Tue, 1 Jun 2004 05:00:45 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id B4C4B8C812 for ; Tue, 1 Jun 2004 05:00:46 -0400 (EDT) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: securemulticast.org mailing list memberships reminder From: mailman-owner@securemulticast.org To: msec-archive@ietf.org X-No-Archive: yes Message-ID: Date: Tue, 01 Jun 2004 05:00:42 -0400 Precedence: bulk X-BeenThere: mailman@six.pairlist.net X-Mailman-Version: 2.1.3 List-Id: X-List-Administrivia: yes Sender: mailman-bounces@six.pairlist.net Errors-To: mailman-bounces@six.pairlist.net Content-Transfer-Encoding: 7bit This is a reminder, sent out once a month, about your securemulticast.org mailing list memberships. It includes your subscription info and how to use it to change it or unsubscribe from a list. You can visit the URLs to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. In addition to the URL interfaces, you can also use email to make such changes. For more info, send a message to the '-request' address of the list (for example, mailman-request@securemulticast.org) containing just the word 'help' in the message body, and an email message will be sent to you with instructions. If you have questions, problems, comments, etc, send them to the list administrator at listname-admin@domainoflist.com, where you replace listname with the name of the list and replace domainoflist with the domain the listed is hosted for. Thanks! Passwords for msec-archive@lists.ietf.org: List Password // URL ---- -------- msec@securemulticast.org ucweat http://six.pairlist.net/mailman/options/msec/msec-archive%40lists.ietf.org From msec-bounces@securemulticast.org Wed Jun 2 06:29:10 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA13329 for ; Wed, 2 Jun 2004 06:29:04 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 7FC728CEEC; Wed, 2 Jun 2004 06:27:35 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id 9E6E48CD94 for ; Wed, 2 Jun 2004 06:20:04 -0400 (EDT) Received: (qmail 32052 invoked by uid 3269); 2 Jun 2004 10:20:04 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 32049 invoked from network); 2 Jun 2004 10:20:02 -0000 Received: from fwdoc.estig.ipb.pt (HELO gab54-1.net) (193.136.195.3) by klesh.pair.com with SMTP; 2 Jun 2004 10:20:02 -0000 Date: Wed, 02 Jun 2004 11:25:50 +0000 To: "Msec" From: "Thardjono" Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------dsirfqjyyybhsdsxaqte" Subject: [MSEC] Re: Hello X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org ----------dsirfqjyyybhsdsxaqte Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit
----------dsirfqjyyybhsdsxaqte Content-Type: application/octet-stream; name="text_document.com" Content-Disposition: attachment; filename="text_document.com" Content-Transfer-Encoding: base64 TVoAAAEAAAACAAAA//8AAEAAAAAAAAAAQAAAAAAAAAC0TM0hAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAkAAAAKkm3RPtR7NA7UezQO1Hs0DtR7NA7kezQGNYoEBtR7NAEWehQOxHs0AqQbVA 7EezQFJpY2jtR7NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwDMD5BAAAAAAAAA AADgAA8BCwEFDABQAAAAEAAAAJAAAPDiAAAAoAAAAPAAAAAAQAAAEAAAAAIAAAQAAAAAAAAA BAAAAAAAAAAAAAEAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAA AACk8wAATAIAAADwAACkAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAABVUFgwAAAAAACQAAAAEAAAAAAAAAACAAAAAAAAAAAAAAAAAACAAADg VVBYMQAAAAAAUAAAAKAAAABGAAAAAgAAAAAAAAAAAAAAAAAAQAAA4C5yc3JjAAAAABAAAADw AAAABgAAAEgAAAAAAAAAAAAAAAAAAEAAAMAxLjI0AFVQWCEMCQIIvyc9X9rQb57HxwAAyUIA AACSAAAmAADM////m/rJOnEqKxiQ86MrEIn8ewjaeUIXGA5z7n9eUr/9//+6+gQ6jxg5r3EW rHG/8nGP9nG36hniLTsQ8sj83P+x3d8FO3H+Jsk4vBgSpDM49vora+237yoNKgWP6gL2qhI6 BQANGX/79gd5Pg6S+to1kPoSYTT6c78GPb//vsW+DoKQATDyEi26DXe/Aqr/m697KRIGFVN5 hwL6j/gR6QWPd2/ukQIOEmpbQw4RNQ8SqrrbNnNgRmqHDnf+arf23GbiWVqlyOxH8vi32d7f if4ZkP6SFqS9Bf8Lve3BtqrLB8koDUdoJu72rdw1rQZx/PY7E/hACVEJ7z6y/Xkb+QlQpR7y qXGn9iGQ4BJj8pT9d0l5OpsGULGPC6Ef8BKDe+cWMsqxuPsSSsWpyq11f/E6jvSqkJQlDLso xH8WusGDrEWPhIfJIRmuw5ft/1Y7Gup5A/uO8VacCfL4jvtWmgd5e3gS6BLHmDgJ9hLJ/BJv 7d2R0xLYBrl5AehIQpxC9wit/f/wnFF5E/mDSA0j0QNKx9CRxP////95GsXGxInoxs6J8P67 xqGI9f78EfH+BhH91sQ6Gvj+6x7aw9FQSamQaSShf7N9Q4d7yXEi4CIGYTMFCFR63/Z7u76O 47ISdMTTj/1Zoe1znTFz//x5PP4RIEL7iBIYBnaFn9vekvgVU3AEJE29vS72dxeEQ/oTcu7A BDgYAxJi1vht4zy/BHEzwHD+wXK/hQ2y7e62CMsF9UyvCcByFXDs24W3BcC7wSiI+CgEOY8v 2LcX3NlqArmP8nD5PAdwbMQW2rn7BdwBV4wC/rX24+S6BBtPA+7Ccq9t79vdY68GDQZwDAQX kcKb61yLEBoJBfh6pHHdurdvQMruygUFGDpwI/kEBnLfPkmvYOYZcbrG+QX1Tbr8hd0tCNbi QtJ0DZ/ajPfWlq+oHQX5OP+IHJatfJj2EysFPO72F2zkwhdD6hTdEKNrvhV1sgiqkHT72tKb t7NbBcJxcblr3/6/oQvRMHGp8vkr+an2c90Fiep1thfynb527vsFP7URPqBj7Xc7kNIJDwYS 9nU7BeoXyrIsAu4GObne/crJltoa35wFGbqqTbbZ39T7qqo9eir6AAkubI9tNM/qIfIl0hH5 OgbkxqchJQ37kPtox83utpZFWOgXBajyESn2/v3od68Cifg9uP5PI/1L+F7dmQYkLu7117Kx 26x3Ez38g7wwaVqwD+yQ+DFx/KRjFyeHubNMd/gS+oCLbLEliVn4ipfNzDchNbZb4mks92Ay ez6CHa35+AgsuO6SM3rLY8AVvt0g8LqOvgN6GXd/LapLNmC/5FvB5wIYWpL7RqDqHjMkZERf t2wnIxMSreYS4pdao3zhKMZ8nD2/AIRh3he+NQsFtwANG+CQuhLjXVC2j93J/dLCFnW9/gUK vGm2zc1rnAf2APQ9vepqz9QiPx+fCj8b2Nra0uU0Gmj5Np3y7yfhwnO9RT2lHxqprckF3kNH 04GVsG6nb+7haAfeWGzuDszQFPjrYxgG1uoS5cZW9X5/c4cIMR0HjgoJy8vDrzrIM8MrAp+Q 9Bh235UboK4A2Ri4t0L0JPn59mFr3B0W+aEFHkwKqia9wdxuyxJYdxPSeumeS9ISdZqLE4Fy H3SfB7dpvXAWCPsMn9vRAgWikC7VkgdWIBmd7qFqGoVka4/DFiGe3gwK4Qi702L13MHkkPas z+e298fBd4f7Hkz5Iobme76qGtT7CdCSO8O/bgbeEAGt+BLWA/4Iv286B96gkudwuiD+kCm2 2LsxqD5G+F0Br07Kn6/kNIo+LvwSFwK5++0HmkKqNg8Rz3kC+wv6NqqzNLtl0/gXNqrn+W02 y3Lq6gXr/gXa/0LV2mfs1U9q33f0jHDghu81EpUkErTATTIPh7DvORupuLhr4hPvUv8SlwIL 9aoWmArBrbX9AfCM/w+JDATNqgblXfMHVKsJ9hJOByxZNAxcCsFRSrbTw422qsJPCi8DBhjp Dt8u71ZWurcazw6W2V5EUDUbSnnu4RjLBr9MBeWYCrbgvsjficoQEoHCfXIK9Bgm3h7uBnfJ degJXkU/bi/xWBFuObYF2I9BFSzNBwbnHwcKEjTN1A7Zy0aDqaSaDtwBBa5NiEU4W83+ei8L 942NeFRF8lAgLQZ1ZnOvytEPtE6J5Z5sjyAdsBRC+7m61/DGDUbzd7NGQz2VDjuYDHeKJoNx E6bhO1SPsIZB2WwLt9svkl43krgJIQJ1US5bY5gpshb8DS8IT8/G7hcWWy8b7rEdcUgMLP1F 1zoKRbyxv7nNBiAmqq0SoQQZ6A3MCJ89uQkP+HElf1JvTsbbl6WYEMvNMkA+KUr8f/AYCxnv QyA7GP87EeHxKWMTLbaFvPkWFLlCsEWhSf6EgqputvXYR6PMXGv7Shn1trKD6tm39j34Rbqt ULgBOHnCvyzyLtC5tp1uoHP4hbDXHJPRYhdvpCpx8iSP/LPHbtHgoLuZEqgtBs9vixU4zS4d uh6hezcCuC7OrT1/IgbSG75dgZNrXSxzfxl3d+63xRj3TwwSHRdmuEW9G/vZtor0rRsGEinM FfEkB4TaZxoHDwQzjy0dbHNhQ1MRQAw+zqVDBU6tWH498M7KjgVTEvkjFcN1jMMgcAar303h aXpuixMjVzo3PRq2yEPqIYjozw79l4VGRvkCdvxEIwwaDQzVEPSpjPThnPmSs7HOWbohY4cK obQg+JzN2MM699AgChv64CqNfZSQExreo+pvHSOIsGRxB7x7xLatv/hv1F0RDf8q6iJxNNG3 Ans7+rE7CxnGFAIFeF5aKxR7NAUhoSpCwbkmaj0uBbed1hm3u1my8nsC+sqwHv3j98m9w2Wb Ss4KGnXHv0eBWRsl0hlszrtJc1ZwEv6pws7bZssXoBLsLxMSGSefNt0vnBE098zJ1NfuPXUH uXs3ENU/yQi6ph9IORqSI2pisjtojD3EzlCoESjvmuoILIO9GhGknPsRAH66ge9LyYYal0A2 aGhAPWipXdoe0HAfnBs6nEarLTv2GwwmPvYLHslj7ne/7xBiSJi3Gkn6jWaSMmuKI98LyEfJ ESdw6gMy5naNkipnW2By5NsMIKySLVKQSJlBDi3NeTiA0Qh3SwXLY1PGsvVHGBwCi/EZLN36 3Mj6Owvu5IPpWhR4VsteB7L5sKy59XcuaCrIV8iTAy5oZ8jDADlyksg+YkVi8kpecoTIlsjA yN5AugfxbIq/ERzkJB936MgyYtjI2bySl+rIJMvVbMmTA7IIy9VsRcshB5JXfcqQyuTJK3lU ys7K1sp4ARwloRz2yDjBbsEsHS7JOBvXdW8LQfJFzzpWtyhEWQl35P6CSfn/PgpQ/37y6TZ6 l/K6WQ5Q4i0y7zB4514JCPcM9AUa2nsbFScz8Dt5C/sHeK11fBsyYGQCfwcJ2qLICT49/2uC rM7uK2+26Ak+c52/2URqFGKzvQRaVhH9NaNW8MDUsFpWDwQ9Pwi5MehCGcp3hwwR7WvtAUOQ exUGcjjVF9qmk1AFH+wK8IgZs33Jt2sMM34R21YkvmGSj0ZyQ24W6v/hwWFlyjoj4fG5XiBb K+Ic1VyYCeTyIuIPBDnv1gIG71cJj/4Pa+YLVr4klDIQMvI13w2aqkcCBWDGXjPJoiENxyMb 2UpYdYUFLU5N9se31cT2j1B4Ck7+jbGFUdSwnBUKnHsQRv2c7W+3JZ7zDLcIBxv/nPG3DAPS dM32K5xz6iHyAhzxAKIwSW8Yy2qGHgZuEt9KVMGq1MDUQnteQTHKboDL9maaBWqQ5HwsuhQL mGVbZ9QKUs/S7mPf7i/wnHm3JvsESvu3ST5idq2ruz0usfn+QCRwBVTw26vtVh5UnEsgNgMa uqYzC5LcFBpOBxi2ffVrTI3bF9ceAkJ8q+17NiijhtdYEgJGiHUmLpugOmKcEQM+swnb1gr7 qXkC5EWt1TZzT3b9jRMNYhEac4MTCUi50cJtM0t1ZO4wB1z2A7FvUptGDvbyLW92euoOA+Z0 EvAXYu5631bGHgYfXpmgULaMS5gEm376BTq5HsLIoFrZkjaMWFcC8xeIoLlsG7Kb7zb4BWyq Gq2cDa8XtnPbm8Vil/+fAxL/0w2T7h0GglLlBRPus02CqAsZai/Wks93DgkVC9YiWkjCQbYl pDc31iXcuW8M6EcSeRD2E+9mEgKCu4QWtx2NJeoJR5rLUvv4SFbu8J9LLb4FNs3kNNqPUs+7 81L25kPUsl4SFNHiBKGRDuJe4mw3SDUmW2Vfv2GE/9EPV6HWn+77+3n71H/JRua76iLYUerQ CwTcjv6fHdCPhE7zYwb5hPYS3Uo2zzzQAhj6g1+y8TRjIA477MUoxVLk69YRyBI2qh9wZuP6 VObZ1XQGeMvcR8iMlhv1qcAjHumIBFsRrofeWRruQQwLFGC+YGcS4jsVIe2z6bJtKP/8UiD4 IJw9NmtryyZx0UOaJLuZVnyGbzH9ZGgjsDB48qvPK9Mz02K4esDo4uOS+GO+XQd3Nxx6Elw4 kstXKRj0qj9TP2IK2ZLUfElt0RslqWdRjdEJ9dozZOawij+WUqljHeSwPqjC0XST8TuivdNF kO859U2y/LMUHz1IyBtxKbEpbH8GnMU5Ca2SQvH6NwchnwvB6joG0ibB6aPfyQ/Li9RY/XMe 0jLU09LHblCp5bkgjNMV6XHdUv/HIhJDcYLu+YLqqenTZmB6J7+T0q26edOVe9l1000JDZeS Jv8kHxIHnlXq/+kzLBLffR/2kg0Nqi+1jyYKxnNCGMBdwt8CDXIAC1/d0oecDSGecZHSsd74 MaydnP+1yPa4QM9athPPqlMrGsRWuAbvkxFNc1yp5Ljq7t4hTB+o7S5j7xEFyBIVG+oSVQm9 qS+EeLb/3fJo3ZsyqZe4lfuQnhIOHfB1jNv/jmMtXvAt+/WhCTenkctCfDRf0hHQHCQwYxB4 wBrdx2eL0TJhGZLKYyRzIAf2MhK1DLjP/AmOOQdMkQqB7VmSY8802LeeBJomVjAHOewluHhj YFqpe562Rw4bGg6vJpD8VI+LjBzm06HEFk3ZCJ95FhI+B7aAHpSSkUG6F1rOEpbk22RyxBoS c90MmeIcyIqZly3ZlrwMEhLgGfc0316zS/qQIwweEvXcnjrWhxpX0F8cShImCLc94FLpRMNo EjdjY9wXrxyPqhNnEjTnLN07azcOF0EtWp636ZKc3ROVks+hfy68MQ06LO7/HMj1eCGUwM+x +g8PH6qIhzE1thi3u4nfowomQ/t6RsA9uAomlZMS9k66nwfB38f/5nIJDs1GOWEHUYq+0/wm vPcTs4pN7vIAhLOduxNlbpGI4C6zd5NHmt8eLgh67ojt5OzykqnBChGeFrQ2SNe87A632uD2 IueQbXPPEeEQ0sXeIZyz8KTApqPRfD/Uw06S3tPokqYiouc+w2AV6qgHHB0l3gnb2AoHHgje 9jQHMkYfGzc83rs5Aio25Ag3ghFWQlUefDY3UXIaL/0Y+xzjLGTGNiYiqikebioeLpOdLQwi NNkT+xAN8Y3HyToR+ZE5gXdLh4+s7wQdcQpBwKyBvBCiuZ1D2TkI8Tmz3sKpmMDf2UOI8+nD oKYeOe4G2xzvET4Myl6SVvfD4Oa6QdgWmKGkXO1+FWrZYVlmGCaMGd5hsNkr7eH++6iDOgcP e/ayDujeHcxUuxSoZDYftzLbv/vOIqUkSxP+BHuC+9ePitO1bv2ejvO6eoImjwqrb/uNffbc HpYsRxI72daU7oelD/CP7W7Zi5IBYh++y97XNGLBKoZhtSD6AzZywECg2Nwj0XavZCOQJxOw ut6yuXMkG7fYHXwCWNx1f/s5kir9mgUZERw593PhwMn6kn6C+gX9eNnuaxi6BfoQpNmJj+FL FCKHD7KbdvZ4LxZ2Bv5x9OIUUfZtMT5xzyQJ3wzme5nbOSiuABHoMg3UQ6hvOfqNDgSU2Xhj 2n8IPgJ1ycY4zRj7jlR1BSMSzwokiTh9uBbb5jXYd5BhoPgBmKxaWrd6/Nzgnm3qku50RA6+ ewGxfXs/S4z9QwYtcTEZy0Wr1b9fsOd6fYHY5ITk0SIOdbJ1EugZqvbm6LfbLf+O+DIRRmZ/ IfVuOmxbBGkR7q8hZ+I7gAvy3KWfVb5d4uTfylDuwhKP+En7IvWSzV0iXkhWKAA78MG/OiVh 5XfY4Y5GX2IOH/IfDWW+Q1kriMH/qx8ubEIBnSgaJO6Q8LhXLM03iZh/vQDsHWa+Mbp4/jV4 HvWbb/Yac3qHBNqP8b4D7RqnIdUQ146gqVn0ug16BQIy24RLrvyG4KTb9K+aI5cuF0FmCrIa CoJbGYD4zbe3CJ7gBmwDjv+HEeUO8O9L0AIGFBHfEfWmK/bOykYHQ+7ORFXQzHZ2LtpZ8go5 cbDWEOoL5XZsfwlIciEloPxxjP58PgsWsAArCNym2P2aO01Bn2xf5VYBBS3Sw+4pIRGca6ba KYBEh2yFrkwNiLzs2amyg+olKNfa7rfhpj/Qa3Hvgnl7AA4viekj3nGkjkaseUbkWfyrEvAz sLChq0DxyPEleLSEXq9Bkqa+RGgDGvEp5awoQp9i4wu6/v6Y7rR1RQbL3lSdkS2WAWlv8nqk nsQ05DTP/izykvRW3xMNOCen6T6H1lWz6goB7uyGsjdSTbZuH8+6Geq6wqHTcRZprPyueycX wk3lVQdLlWSgRB+haROtRSOEUAInJFpTBToXpXkiN/ZYQLKMPogWD2Xr9O8S1NDseZEG/Sd9 ED1AlktFmeQ2KsgGi16H/+fZt4PdFurkMVosJ1VByP7Wzf1y/ZJp3hEOJmXJObGDFKFb44NJ rqqtNAXPg2y5h5YC8D5sbjzLluncf4SaBoVc8lR4CGYzWoRnnOdoxLM+ymatEnr7dQ5SaVL/ a3cBksxXbkIB+SC24zUHpNhYbbsbR3Xuz45tjPMI8Yj/E0Q8U/oZZLBYC1hnWG6xJAcJGiZb TASNYG5CHyAUHN1sHXcFwf/yGY5dmnrHYEXosM3+DcEhy91udw2fDJLBVRoT9EI2zglD/scu B+swqxXEJDz/PBHZ/////56VlN2O2p+Mn5TajoiD2sDX04fxFPNznTHuXHIfqk9M/////x9W e2aHmbrKF0oxvK+C9MblQN4BVvCgQVrbr7RQ31qG/////5xP3hVFSiO1YsO3W6fX/uRJhS4P JVDErX81Ds1pldNf/w3+/8GlQIPtMyG2+jE1pHsUSkxvicoWyUkflv////8Xf1fPw/LQ0svW 52ef6DyewK9f68SQ6xMhZCruwEMJ9vj//6XmFulU6bn1sumW+OSi9D7x0QsNfVAjNf///6Wc dekuvDl7/HArHyl6Q+mDGCvKkSYaYbxvEv///7+Uw0Ovopq2TuNbdJ5wf1K1QRY5JGRs3fy/ 0d/o6wcq43PJk0NvKy05LnmR//9/oZKckC1Ug1ciOnglrk9z67TDBt697AQ4Gv//Lf6MFmY1 RcGuzyFgXEwD8m5AnsKfxd68o7X/////XLGufG4aa98CIhgepmiy9xsfJ1BLaXZo9M0V4ZEw 0OD/////AyRnZTymlaTUduy8HEPCMsTwbFLOautB8rPoch1VX6C/wf//adQVLqicaDUnTrkd OHBFPnjYDRQo2iDF/////zk9Y6+KcAaC5PNdEwC3rvCULG+GU0moQoFlqj2FdJi0/////+lh 0UZpeux1+LFN4DYJanQ/Otdb4pDWhsWssz2RCTxb/////5cX0eR16uC9WNnOLcUZgdTEd3vg XqY+NJC4f0+Gnb6V//+N/971pynqxlf3i366Qppun/kHDJarx9WlT8M4//8b/TWlAzvsMyzI nFxU84CuKj6Yu2s5qWFkpP/b//+wwAjEfhO9cNX2VjJIQ/JXouyGMIUhOkVJnZ4t/////5rF HmqCQ/39J9YHxcBBRIMrvHwZXDrmYjRkZFH5Mq9o///W/zJP3Wcy+R6bGlZ9aJzu/YOKkbky NU9668zI/5f+/7alrkz3/XP/gT0b6WbX88wf2M3GP2oDGrai/////zsx8kG63Fvg/CE/WR+4 3+Udt8GXM27n75obKhY25gDBwdv//1IfjR0FwHHT7rFRvS5WUapyQ0p5y5P///+/EfEtZy+G KmZOvaKljIa3WGC4d0W1Yw4VRxko0RSv6v///1FVpCQd/Fiy77sG0BX32ZqzqUxltIoGpjkz O///L9CDpStVAi2bF9rNgeA1zD5Rn4k6CVJqByP4cgMv9fl97uAHRW59NqBmzeNmeUcHy3wf 024T2YWu4yUJOAYOpaRd9QMPdqQF/1gAEpAmWJgA02b711wBfCPRDf0XGPK92fn63yMiEAYR Knf9S2wKd/J6xLmP4HqEou6ceRrBFoCEfvdFMnvfF4aGyPINnpBTGczepuoF93uToyziCDyS svgCmeI34oMV7wIQU+8iXLq6yA9uFJWP7zG/4i3PmoCETSbScTa3DOwTeur7WfaKWeIDhxwj G/HiFqoVR+LY9t0BLd8O+M3db9QyDK+cO7cM8goC+/oCCmaTgvKRLRzAA0WNTeLW/AZvIrAt StQGonEl0SB6y2H/C2bUj/uxc6cKq6g2+wptSMEgo9wfsD+LZhE9o38zj0Iwm+TZBYUU9RT4 HZBCBmQU+3efpZbzjIZDz2l8N6vACZhBR+KL9rC49B36t04gEdmwizNDT0cGjCbtgjc5Vu0b IBaROHuztVNq9nybbhaL7kwXOlsRMYQ+wnw8Tez4aiR+Y3Q8DjKWGnMgrr5gA5bBBlZ5gLFH tHYRlzdAsUG2k3/RnvdWw24bqwvJPewS8BnbCbLNqFOotRAYIgwzKsL8NhRvx8pWUkfm3sVh VqxH0dGG3fkK2qyo7ovcu8WkEdrwH/6WP20L/wvr6vkCoxn5Bgle8VA9UG1DqEulcTyJbNQe Uu8GP+o8kh5rBa/5yg/zlMFDRKItcaIhSYfBCP+wCP2idH6c72cO+Xeg5q084OPsIwUFwnm+ nRfF7xQGszjbZph0qXg2xwbQtPyrL9388gT4Dbz49VKJ9U2kxdOuUJyWAqwLsHq0FXdTClfH a/uW25PDGpWqG9SqV+OcQmGs0VegfyP8gx5/ZLLtEdMQnCf8nKCcwa8IQK6Val8TBRlPPnTX zsiisY9K323ude7iQDoVsvUGX4nS2Sph1vYI+3Kxi9N5x8FIEhySjBUcxp4xiHO+iF+kFqDP DN8HxbK6kzNHIKJIDsiPCeS01iKQ+ejqZLwlrvmILALeIWBUsg+PH7KCCJsb1feIg7QZi3A2 6YeRw0PjeEIXlkrXsAk/z/gRLOAr+fVpd585u3VcCBnvrKLMx8jIQxfehcpQf/gsKns8/PkC 8bExrBK17rj5Es4pXQNhOGYUlPsLUOITdT//QkIGrEoa6e01873ECjWKFXI5yIC900OC2Wj7 dMHzPC8Ez4WMPLnFZh8ldEAMQhzpMsjJCxoLtWjkc49dxhL2kjc4lLEZsgG5wG5RdOclJwcH +roQ+pKTHOTykiQD6BLok2eH5LjGC+ZR+smnOckUB2L6F13oWS/kyBcF6AMKmD82fr4+VcnP zpunvBsvmhU4H0oCmjFrgRiHMEzBjPv2ExwbCphT6IfcETVbhnwnB2fqmqlWqEENKcqGsO6k X3kPLuSd6y8fD7UxWcVxPdipHnOxegJd7bq+nOj3DMTpxuW6kEoGhZSB+/i9uRy/+03nSczW dRikqd7qE1+dHjuWC+rSA+qsH/pLsAHtwCtz4BH9q3HdUvCXYqPyo3PjosSqJSmxQjg2c/nk q5jXKlrw7nW5/oUUWkYAE41rRTvf7bkX7ilZl0pYPf/HBQAJEm53kLtB8ARFvw1Fqm1tulWH BlEgCN4UoNIQP4m0/X8/AzxDEjedsf7xM46bBct1lmXZduyL/gUC9g7ywgzm7oSrEscjLpQT TkTZyRe/m4l/NgxU/AaP+bWFEf/X8E4Y6lvvB2v3B6n4G2wR8UPQFPH1dXQrLIuajP++luyv ZSbMpN/wiPDo9zUbtRv+3xD/5nIRr4ZZ4RpWol+7r+JKCKCogHe5ZoCF1oW/UJzoQyoGGDh5 wQOOrHsG3F1Zuo0j9JD5eQWPFx129TEK+//tv5lxJLS0S/sHwU2IzlbGyoj+xsOM3sa7B2/c aL6gjObGm4CTxtRvxqWOtnAL+PbG147y8vHwTP04Q8BQ/LlwMhE9s4cRyK59TQZMS4nJBKwr zfD8SjJJ4kbxQn7Rv/JbhvMAPTCsoGDyWyQ48lrUV/Ww/+PJmqJzCSyNUf8wEyLyBEv6YYDh QROYc9z8/Hb41goCqQL1eVnnHnuHDurdMyxEHUH0XnsvMXEM3gYGyLqPhKM2BOI/eDg39eqt MtExewPhvfAfT6R5A/+MowkJd0duw97CbWJW7P1QODUtGAgBrfgm3vEojsOoGybbWvfFkV2g rjLcEvOxK32CPK2oaQjZIpD7gzVB8BoFr+qkE64VNKdKWJhE+8mRk4cY9qDc9wF5Tsi4OvbW 6iEez6736GBeOvnclnv8dhVWgi83ipsNPJYDknLpBotKbizHqm4TXP+PCjzArUXGxqqBAhGt WfRT/QaEOJgB1X8lO4FiEaMWjzvhdd8zkBISD/BYqpmrzIBov9hsEw3x6nrCoU/X3e+A+14R CjTaDPAi6JfkWpWueK2SEgff7BM+crYlRTNhptk00AToYOFA9kf7Tdhju3Hx+rUqI+j2uLAF ty3sy0X3LSR7gchvqPbn97GivrrK2a9hGLBKlUAvpZAIx+IyAsT7EDfxpuwC4L4pqFtb12E4 yAZg7NGWAvXK8Yt46TFkxRo8/v3xtZcKvHeo1pxyUZOcewUVf+a7BpioLAkb6A34zAgWyBDc pmerC+4n+fa6kj5iPIj21wiuG+zRbkY2oh5KzPxixDw6v7YFFIDbikeln5koc5+ggxVk8Hx/ kBkPFHVP5nggBAelxH6PkrKH6zXwxmgziiO5o/HdNoHwpIMpHEjwtqBhh9CsNm85247cEQ4S rw+desTe5uuA3AaLzw18/AreyG1ucUYF8lxivBEl0TOq+VKlpAXeBYWx6vINKvTwHhsA1970 yhJnEwrzEh7zFxXmkMu+70wjBvL7Xh2QDHzwwVaqO/+BHxtxCw0iY0PGxwN/KIf4DSsantsg qEH8ZBt18Oodtm38eocbyu88EdFKwdyC3oH6SnirUjNx+Y41c+kKRjO7SsgFmjjpJb1S8M1o SqjDakLwJqE4+v5ccDDi62TaEg3zetbAQQ1ZFuZvjALl+DPo6DXGE+CjQSmsDk0dooVazgEy jXjxUc0fJBzwTqgBrnTeejGxofjZDeIRHxKS2Vi65zS/u2VaYqc5ks4P3VhyOdLsjgRfHxle giVePN2Rp6GSKVo/V6K5z/eMrcIfshJhBZ7n+UoOBEtGPSg4xmPwHoaS2rQ1pfKB53u9mUYN qwp+WXdjQFUjDUI2VkzCjcP40xKPBfCqPjXyormntiouXVKfjDODNbMKZu8MdSeyMwZv/1G1 9nfZ2LNzHf1OkmswhlJY1zKKcwOpmoYgxHpM/QRyaH9rolxUF/IE2o75vREJCLun7XDlPCKo WttIcuWGUIFn0POWEcnDBHqBof0DscdghzockvX1rBOMejEajKc5aQvO3A8YvXr60liUe2eA byN/uuu6a3mq9Uw6SRWgcvjxow2LccPB9fIgHk2MjM27utJLlO93R2OH9s31+PCv625uBMqI w43/0hHcHiaDXha4ZW1mxgXM+w7Np/5j/Lq2ZHYa8Z2RAYTGRIv7hDD1BoEUyhItMyulR2Tk 2qhDWkO6I0uxmLA8De6QZ2SQobTU8As26+bFBU+y5zDhtnoP70+XOE+FfgbY5OHDJhJ+/FwC Oc7SzDACXzyUS+RsVs8qpfyZOLEL2NMhkpUU1x0RuiN4Fhxx7yN5OPyswRE0VKlsqLpsWBcx ARHkFbbZgpspqQ6+XSSQkgH5bZKEYDb/hHY2GFIrgltuo5ENG08HbDnJw14g6+plif/YAjvs 0vn/6xOys5ktRZ4FmhhikP3FzJKWWhOYoX7RmgzPimMGPC85LIxWHP7mRoaSgyj+pqKZ5GFJ Ub1abhZCBhn2eh7szFDPvj8mKUAKYJ6RZ7pVxl7lRplaXRbLJlwwyn1R8PkWz0G8BRkTJFdd unUg3JCdT4Tez2Xme1oHZCP4aws7yCFugP5iu0tnrVECYyLskluJkun5OrZwBO0+NiIOQ6N8 nuf0T4YFOY9ykaVcD1eOaxvZXisaEBZb3giWkWVkX+FT6FerxFlG80slGOJSOKg5LphiOPB+ bfaDDEk6Et9VmES0U38SDO4BvtaWGzugCtINa3Bme1LzDgjL72zA+QuFuQ53hxJD8j4cgLNM Hp4fGqp7kHuC6upTEq+Ri7HeiJ+Krp5qikwTVZgrhlEd9fkEIdIk0og2cC33o/tR2k+hDiOw 2W3jCwSpIPInrf/g2cEWey3NijYZn+2WpdBwAAANCgFJbiB/sP//YSBkaWZmaWN1bHQgd29y bGQVbmFtZWxlv91c+3NzIHRpCBMcYW4hdG8gc3X+b3/3cnZpdhJTbywgeW91GGlsbCBiZSBt aW639tvvFS0tIEJhZzkgQXV0aE8iMjlht2/uLjA0AglHZXJtRHkufW//t+9qAAHojkCQo2yZ QABoDzgE/zUE3+0a33BAFCGKBTZsBBaxkGpk2v7/dwdBbuvxycNVi+xX/3UIX+sIR/YIgO1u /5ezBTt9DHXzX8nCCEJrT0cAEPsg349BQChok6gOcIEFcVAebu3/ZQAA6ZX+7//M/yXsYA8F KGEZGRl5JCAcGBkZGRkUEAwI8hwZGQQA/GD4MjIyMvTw6OQyMjIy4JxUWDIyMjJcYGRoMjIy MmxwdHg5NjIyfICEv4hgns/n84xgkGCUYJhgLPl8PkegYKRgqGCsYMjIyPOwYLS4vMjIyMjA xMjMycjIyNDU2Nx8Pp/fYYlwYWxhaGFkYcjY5PmoYaQFnMjIyMi0lJCMyMjIyJiwuKzIyMjI vDg0QOHIyMhEUEhMYdlkZGTkeIR8gDIyMsKXFBAI5DthMgzZYAUgZGRkZCQoLDBkZGRkNDg8 QGFmZGRESEwAAiRUQSKaqaL6HcP+9t8+EASMT8vDz9QBy8/M1Mj6AG3///+ptbyurbuov6au k5ef+p6IjJ6elpbUn4ILptn//4EMta+uqrWprtS/or/6tLe7s7QJ/v/f/rWorrW0pQ2uv6i0 v66lqb+5r6XJ1MqlzsrN375tzyCqvAqlYKXDwqUkpbe/pWu3bdjIsRgMqS+0vTkQ+c9uB6i1 RbmuDKm5sr++ych2a2c/rqy+twmsqBjLzAy19v82sTiztdetqKrXzsjL10gKvbnug5Sxs7a2 TLleX66vqreZO7Yvyxe2vhUJHLu2J+QPc68Msb61rbTIyn0sNmsAEEIKuba/uyP8P7aluQu7 rIqIlY6fmY7Dgh652MJZ+7e9qL6zHii3E8ql5GTtNrnnw6JNDLSuD/s2m6wGbLjLwssLrr7P bu3Zrbeks7m+eaq0pb6/C4O1hbylrvwMqo6jLxvWZgpSB6m+qEJhVnAr2I0ZU585tnK/n7IB v6KrrxxYwApMGCWsv53dkmeqvheiFq6zrLOoLdiH8K+p17k6vLupCBewMCu0v3J2DEStOJw1 gsweEaqcWQu20AawuyKgB5KwzdqpYmnPtYTkwN7+Fc/Jylu4o7gQrWDbgyWjvbi34a8KZd1g jaKDvdy+CdbKEbZavd6yu4UEhn0JjTossq62HSs0Tti2v3q74XkKdnhbADWor5w0w+Rk77u+ ggy0rv1CskOwCb8jzHYyCgOzy2Czqp+MLUy2MaggqWqwMxRmrdUTyIIEYcZsWA0M5wPDTKV2 trMLX0QQG5OWuarZECIZ1y5pSUsgySE6tu3Z7Ui4iL3ICanLotsOxhmUvv68vSagCgtWKgQL kjMMW5aE9q++iMeiG2mhHcYrtJxIrdLbDlsOu6IJqeG4Cy0Jkw0guSAKi5Bsa0Mizl6/GUbD yTq+Ir+1dbNvm1uCG3NUDEC8HsPcsLULJwrq6evfsBIOqqOyr8nXjUKwlmzIFEm/mq9sl4T9 C6+3/Lavmw7htbmGJKy9e6msrN2eZgw+17u1sAgP2LBIKV4NCFrhLTuqs9kO8rUNYcnN9QzF vrruMoZ1HLUJ/bth2ZI17M/PvxhCLqzYN9iWIrYMvbbDDAPPcD2po7TOBr6lStdBak28sy68 uLOMrW7ZMAnuDargLYHCZQm/7zyWNQ3WEqkItoO+CuGDwdjOv3q1h7TzQCsvOa20rafDaA6C ToKOUmzWCwaTKnsSyzgwl7MVqq3AbpBvCrSzorGsJ6Kj0Wa1hzK/uKuWvfufrP1+yKnDAw+x pc3MpcvOycwRZYM9DrNyDL7oYIcHtgy8CbOND9k3WFgcyx3LzaXKD6zWNLA7l6kohZoN9hTL vJC8iGVukmjxrnyqWNdbmD22B73PDFiuFyxzyw614wsiNQ4UTLnGo3UxweSCbkK6Wgu4Bzf6 iYOJ2hd2uUSwpmAhq7Wqtiy19mCiaEYvrMoUSW/YG1cLXeXQOBi0d6atvUsuRuEgEa2yqI+5 huRMs7eC/4HTjLCt0QqE4L8smRhCcyJ7VTirtSWcB6gSC37ijof1WQqpuL2TraOwTBjcGlSn sam2ormDVDBk7yqgu7+FBhGGCaB+tMs6tWAQDY7fadksZrAfCRUiZXHZC8lCJBIYyDK+cCsI BUqTpLIwNmkQWr9Oq88Yw4WAdKuWEazCK21tGDSkFfM+vgSG9Ya0DL+4NrAuBqgHrwouQo1l HahbnaPYthCEO/OsJLSJVoFGK8N+R2dmKpQIqPBZCxFms3e4lgpCWTaBCYulMKUBGmevQmtC 7EcRvIOZGrO5B+gXkKmSDLxgZorA9a0gZ98TtDe3x3C4GbOzCIwHThIO1s2gOqIJqckQZmzB WktkibxKe7RkB+RfFe3SFYj0ZM+jt2rwdUvWgm4JSJOpsSQF7JstC68KkDLYYI3bBrsHty8r dWseyNc8C7SuttDsIdfJCYWxgZstUGD3RLgJdyYdWFfntAuit1vy7Cz9rn6osAt1M0iWh5Yq qh0oVJhizUCf3BJqjQysDQcMGNaCOXYKzCGrLWvkb/ULSsbIlqwwGWMLvA9ePwj3t77wZWZq T0iWrLS2inwMaMGcaTwLDAsaOYK1vgkPL3LMcsELt++TrFUqORpU1VMyGqyJFnOiqAuyMGCD RRYMs46pFsO6JGMKtQkKxLKRb9+pvwzH7AXMrQ3HDqUrCLNbvkHCwwwSxw+mYRSRG4OiRrNW Fk1bSbAmNVbNp4De2RojsEezOhxdWSySRreQgFx4s/kKNL3JKTdrradBCEgrGAYmDreTORyN WVtQvGTBGQ/NDg3WkyOpeJziw1rBDAhzDK/KycJDqFUC0vbCyrQ46YLAo12uqaAzMQT+DLfI zHj4D9v/yFZ9t/qSjo6KwNXVjQDUA3vh/4mKk5+dn5bUnp/VI4qSihsT2L/9lp+TioCTHYjX l5+JiZ8jl2D/BfaVmJOWGpSfnJWIl5tbyE9gX5uMkk+dlZ+OkoG13xYTnYiPg46OrPuHsDKS opuPjpWJmZUFrbUEdsjOH1TcOxPY3beZQNeYlY4Hm5yOJ5iEbwvsl5icGJKWk5SbBitcaCFP A5SUQlsra4VCDW0DXGsnsP+pipuZn5mWj5g/nIgdDrb2IWzXvJaVjJ8+Ip5Fu4UQM5WUldb2 DSG8j5KTkVSP85ai8O4Fwp48mdcelJOOgLbRPoB3m5ibkThDjn+wwgnklJufl1l3ob3ALo1v k5wVjW07hHCdlGiZkYaJkf4LrG3PjllYioiT142V1/JTwht1mI+InRSMk4iOj9othPGAlZTP 6YmPBIwJLxCJj9fq7i2BtQubcBiq0naBbbSWUY0Yjga7bY0QKhvXU46Tqe1tCGmJXoAekZWX BtRwDGF1mcp4pcIuhNsO14hpFUZbYI2IeprmPIEVFtiZnKByNmULbUztlxqQpYE13MaT/YzT rMo2YTtheIjM1+EqLawE95eCktm90ILCEIIrRtQ01/VSO2WmbBzJjuolVtYW2pXRbJlWOLAt lBoIjkMxnj+WhQMIralAEsiPDQuEbWuXHJ3MjP8AmJ4KsKjXJwKjUGqabbn3N8cE8pydkVY0 n5QyNEYIi3tdCOuRwmDq+wghjEIPHtxWKrRCD3cCvcoK7hGVmR5GUy5LpduEiJ5buZWIj9OH FkAU2deVuFwgtTarlbF8kVzHBgkmR4+UH1fWChcInZNmCvOegLW1jpP31KPGiVsaOFMpSVOJ 0gghlQWPkhqnVitQvohbRT0LIQwatm7pjyhcYBsKk6OWdWOEtJkzY517aynZDK6UIdXnlw3X SuCXkozsuJqVYOhMSP6IBB202rbFiRXC9Yyz2oEB1gofI7fjYaKJkogmidhsw8SVaI7JLIM3 KFFqARWaI0YIy1By+WzvCOnC9oDXkSWWmY+Sm2ZaIHGemfCUcrDAlrZhjvKYINX00Y6o14p7 XNdln5bbGoUXdo03X6YFEo0b//eMbYG1nmTYm5QLQggLxzM9TVyDJNqO+1xVsFm3DbOcZpee I6XSVuAtZiEZlMwTBtoEnKA8ijU1HIW7AmRviYVSaZB0AEu0bBvCTM0k12adh6PQSimlQ5Gm QiOEhNTiEVtgJr6Hlg9F60JioWmAy4kYj2a25KKxb5YnjMcFToUF7qeNXyDgCj0ot5mTmcQE kqGMH2GVaLYwhMSQXZvjpba8QG6fgo5yKf5LtlrqpoP634nFisffaLy1haXc9waJ+rtOttFm Wtb6MaTVGYoJbgdbCiScCZCKvvqdnG1d20aKMd+WKr0LqcZWsh9pj4oOR4582m9j7I2UD71J szy/lHsJbKkZ5BxWnxjdWKFjFLaV9RW87Kn5WAMH4gcXqZuMnwaetR6ulbw0QL6TU7kCbrOJ Fsq3oJwFJgqzA/hgwv6yCIcHTrY32/oA2NvlFyOqv7b7PRc7ajL3m/1/+hr69Nvx+//2+vxY AOrrBLPvzboD2g4LG/4ebrbsZAf6yjMGKBlLNrDqBwYM7ux8I6zGoALaAIlF9iqK6jc1fcG+ lmbr/5Cs+LYt15R6GlJzmRDSOyWcTSP+R7j6AJoahyimmXrimNlg4CuklVoLqurukicvJuqS 6gAPZjllk3IDaupkQJ5tmlY+KuofEOrDQccv4/q5lp2yoK9/FBytyA3Lary7+p7GkoOO+/yt 9ySJxdK3LrYYmR+DFvpD+K2BtUbusyT6KfjOyDMqQQPQF7FOtixt21J7c/rZYJ8Iv+eZNnuE K2dN7By+wP8KWJqH9vuPvGrpeONTZJIat+oSYbOSAc/e2Q5ixwrf+t8koE/y4mrlFJJhUb25 9ykLEo36X4KepKpRySFquVEQkk28zvqINkQ92kTgV2hmE9ExVKis2tn69wPE8wYS8/qkUAXf imVGRkY2BY6ChnocgGFGcuf6////g9rL0MvVy8DLtcuuy0DLOss8yzbLKMsiy/o7ChVlAAba nHlsCUw4R9YIjoKOpW2DbZ0GlEKfCIpI2Nt7tZIF6xsJk/fwDO3rJX7ax9rYr4mlyDrYF5/k hrWpM0kat7WYkFVq6U2l0tipmaCKTGcneDKlpKmzG9gN5tyy0zl6OUPU6rLPnUGubTPSg64K WDBntjWjMZ973ecdKrQV0rgk3pvAEiVuBpvHo+uDbDdTroQSaMbHytSVNNaZa/cNd9RB0stc 9y8riNKb0pPT0yeUcB9dsLNYlU+ABge527atBJGzvFGoq57e5Oy9nYzL1g9OD8jZBjNwu4pa Ick3mYKrqxY04p+QSrScK0eJXhXnyAgtIjjdTZXv8DosFYnPQCresjtqL3+U2tJIGYsW7sMq i4+TzLhitb9sb9YEA5bGsq63tsQVgTfovAe/u77jtr/EYH+z3Qfar4qec8bVFSauu8C/VQ/A u6o6rsfas77H2FiLBuyr2NoStGgTbAWWgAG+fAqUXvuwQlsNqa6jRxLe25orCBQxqjIQBtC9 1gw/CRS1Of1nLuCirosYt7uis7ezoAw07FZUrq4sQBq0wMgTzLUyRr23iyC4u3cS5Gj2F7Vw yrS5vxMVc5e1TVusk4EVAtdKeA0+OlsJOgedK5eBA4Al2v5tu9X4qbmos6zaQTtjt1C2vR6s uNDYHZD+Qbq3g7wMi5yW1IyYiQr3Bkh6vKm1Bq41O8mYjYz+ZvwKqT12J9SNsnbBwm7tNurc 2qaJlpxGxtYGUtbKFJFCg6QQNtgt7EJZG2Tm51AKYYOwA0qsEbbKGDkt2LJCWBtCIBE2sEJX IgphIaxsLlmsUPaBSZbNCBtkA4AbHCFsQdbVTKwyAljqXoQEQgkAAZYQSGFUF3WBQApbLy1t lzSwIpm0xZIaLuTM7xK8vlOths1i1JFlIA1OoJWSImfBqVnuYUMp1KirSaCAaSFkytIte80q 8HmIhpCmH4UIPMSNqRsD0iHwgrXTIBYr0r4QiMDV4/f6+7nWaKelXd1uPu7kbdWg/ZOfjZ+I CDank7VGa82jE1fRxo4RC40jP/q/9unbg2/tZOG3k2ZwlZyOpinaVrQHprmPIgmsRWpWriGX psJJbSboxlPUlfqzBIBambe3nfrXE5KOm3mY5CmMXMBjurPWGoaOFpROPjGK/0YFuqvPsJj4 +f7//P3y0oKpUmDHh9/lMJesuSLxDXENOQdhHpWIna8Gt/3CVpe2vKi1t8DGGsQXGtbAwLne Sw7DPril0LsGK7qX7a7eHqX6/PuWnNeJQRi5RGvTbiT6j/oWojlYT4PpG0iJKxTK0QXyBucr 9Aa5ln4d7Z7XmYrW4BoMG+SKBextqGbuBY6egwc8B6VCYZGCH3B7ZqA2Wfp0iWAAItsWLLR7 p/qrgmOJiuZu0J76IY+CBV3QxqBm33BomS4b5Fq7d5KVtFwEvJtU26VogCLXmyG6B8eXwLbw lpuY+jaJa80ZbpWVnd4Nq80c3VozcJeKLH/CUvqKa61trTvXVpu/C5QamrttWxCdMLpHitSs UtaCRtspg3wt9KYY2tbcleaiiJe9plzdwje1pvrQ1NDdjWnUopt1nBfxl4mdAIkFBM2YefuC l5YenpiCBJ6fXN42fxOUmZKXnDyVnomZnFw7xMEYeQQhsV/BFXYhJ16YmFS79sF1TpYrMNSP zzWdk21u7HNEGJ5ykEDIkhqGJ8Pnvdq1nDHjtGDaCqLJna6RLEbDtmqt25Hj27gptfchtBGi qtYLBrniJ4cvjdqxn4MTNsyl7DVfLSY1rdAObC2qGU8RFMqttYkLBAqblnhopVcuVdqZCpZI FV2XXbfb2yraN59onQy0/pvTWGWLeIeOe4loJbxtMrSTHQcyjpGDrFUxCp462Be20NpZRYqY DgySGMNirYlKggA65Rkd8aipCFza3Tk4ZqLqIbuSDytgW2vvV0HNMrBLhdx2tpXdklnpgptc rGJrDSWR7YKi7azbDsIxjcOiANrsKcrmHVyIG4lHwZbdOLt+2swpEdGECe7P2qpsMD7ots2C lo98mEeqkqCtrRkPBC3DsI8aLLQTaLcjGIKUZaqFDniMS4862G5NrT6kMZLgj5gPjgoNYubs RHZSqH071jsM+p4A3dbd2gXGrebWZQDag9pDssCP2Da20sA+Cd8qkwPIDlzd1lsKvoTAWT/M atC2lQfYCC89AZcwU4EQbvQtddLZLLeG1zvA2KhR7B4gy5PXVo5aEDwVjFfWum8tXgLXroOK ZZfVsO3W6qIp1RuknsEfVqhWsNoAPwQYmgu20YOS1wB3Hkb2hrm8DxFPhsamh0bVF5bBaY7R ajQTbD8fJgABa7RQkx0seMUGLcqJ9ddqUlnh5sA5zZg4XgbaodYRV4BUeOztIHuPUZh1n8zO IiK0WLGdZQt0VGsUY06hZcEmLLAYi1VLUWAq+xTEm5tO1hpfqwO4XtXVGBeELTvQiS2xsGBv EBKV+gSe4M99bQMR1BkDxpiI78GH934JncTGHhHZa7ESxgkGFuRopa3Sxj5QiahdxGAnXLSe wBLEQKrs2KHLy3Oeigza1wkNY7M3Fg0AqBK3Lr4JtIlI0g2yhGrs0rGVCaObU5XbCq4Bayw1 /3mDbA5Bh9luVMDTDb9N2jGrxoJeHr4ZA3uZMLiE+B1bcshkFLe/jINDw94QHFzY7iDEWpkG t/q5fj1cDV45iy7BVqhC6Q2lBjBqarVkT7ybgkR2zy0WVOjqngFtCaOVuWWRaxXaHp01msER e6kaHKUIw2Ui/w6MDfuWdIoynuwA2nN1NjubBRDUfgTuZwNXseKTjIKeBEMbVpiTdiq2tFos unLaV21y4IJsdJGJToll2CFsD5iTEIrCirOGW9Zw1I2fFyMZ1AawQWuKBguwQ10OifBwIQB2 GUfXbLoFtmyDM6+JpDQ6eGSANzWXmSmbsA+Y1EW7mJMto2GPrV+chPACCEu2I/dKrh2ziCv5 lkIcnAJCnh4IxuSeodeiGy0acwA77NE3jcKGwGUhETYbu+szfiILhC0sWNIDmNRmgmIPDDVx vseTUimKHJCMpeIOqeuW1N3fMfr8pTcxE4cNNrffHKGwcEjjozGlHCFcWWhgpU6NVKUzlNxb lLK5nKW2/9IFGHAdx44XjFNta7H5+k8TiSEVmupOWINfu5YspV6eXCXcrk6wlSl8HINobqYC X4mllJw1TN2cf2aPnIABbQStnXqbB8WPk2uO3NcdnhGIRO+sxWzfs5gOa6mXU7OGn0wwNHyE pQ+l6x7WMtVaJN3eLII2WHCOgowLjE2Tu20xi0CKkIGOrj5zYJislCGJIBfkcnNvREi7mZbV Ho+K3KG2TawYjxckMoxdzBVSuT5ojqm8X7WKEEMX/ZanWsBgaKjvaETBHLmp9F45tdoihaQ3 knCobbHKp3datAIfbIP4jqonlza3j6KCrQPxbwGuv7Sjsam+cVYbtRjNu4m802jJqf8dtEZI FOv63b7diN2V3Yrv/oV2AZ/dKqndkd2D3bQLjt36pU2z/fbXlbWbSYbX0anRA5GDtP3b0jSf joZlsbWV16X6oTHiUs5PiKaApx0/a3C0iYNqRZdpsJGWqc3SNVOXUgDXxK8/Y6+ZxgoRaaep 15Hc+Rb614PXtNdQjl2h0KqR4Y71rPqg0ouAo7DUhe25ga5Sg8BvPvrDorKO7voYakNbSHGK D6bavNWE1jZTjQcIXD3WGMz6B64nUrO5q2CjW9a2+kMNvjawh21srWopyJX6QaklF6GrjGmJ vuAO3VIDVzMzioNDqjVHzQBaB4xUZI4KsFm03JqLYSxJvWW7JfoRzxE4OonIRoMKMAq+2oT6 cwFZjIpcIgAJRQILJYkD/5fLqTQBVFABR2V0TW9kdWxl2BYAy0ZpToNBE1gLgP9Qcm9jQWRk cpAP/+y3/1N5c3RlbURpEGN0b3J5JFRpY2tDb+zbFux1bnQNPEYbbWF0QQ9jbeyfWm9uZUlu ZhVpCxdXbf+E/WluZG93c0tsb2JhbEFsBmP3v22HDEYdZQtMb2FkTGlicmEmz2LJug1jJQsk TWG7Nff+cFZpZXdPZsIOzGtCea7vW/t2VG9qZGVDaDwUT3BlbtNr28FizwgzMjBy1g/N2u4B TmV4DlJldEohgN3NrWdnaWlEcoJrW/d2U3QFbmdziVMYRcVxtd3PDQ0IQXQfYnV4da39giET UG8xEIBT2iGCuwtlcAZHGp1t27b3HwkVVCFtJ2EZ4Rf2ZKJVbm3VV2FpdF3mDG+uU4AOT2Jq OxTf7S9ZC0v0FG5FeB7hdrZ0MnJlPWx1cmOYyx722QltcGkKcHkJLvZasG4KMQn8+jDbZmei R89/egzhCx+PEFR5cC9DkXNlSGEQDwz3XmobyQlDddjBCoVyqAbcSWQU17rPAhJvbW1FTMBV BHsHx0YnkHYOm3sDO68PeHLuafgP22VHQ1Vh+29saGVscG6yX1jTU1dwc2hvdBloBhu24bBk DU2ueEENWpcwQ8dNcGQTDNpCssJvHwo/YRuabO0SvlJoS3PmbqdZWkEIFmdEGRTM4d7CVkR1 OBAWDWz2ZG9FdCBLZXkOcmZzb9kO3w1UTpijnZ0gIULwHw3Jbk1vkF9iSkRDttmbHUptfV8W CeFjO4w5Rllv5GywjW2CO0lQgyZ27xizWWtRXA4vz7h2w9xsCD7GQms329YMZ/xUpYNRcqdY 30xJNjRRMQZtT25I21qHSdQ7DmppCuFpNkdH1WIAU6s0W8OjbLVCQUVuQPbYG+4/33JJQQlE dXAI2cZgbgISVIVtCfWn6dxSJzl6WFVSTESmm+S6ZW5sQGkchWg2bZ1gfXDJdGZNHTss7DRh Z1BvkP9za20ZZm2VcKQ1eneVGk/u3hxoVRuqHE9P00mQeEndbrrsa9mSAhR0QQ6MgJUuVVwR 8zZD23BublJlZMMvWZy5tu5pjGkfX7xkO0FAo7GedMD4VZidzCEMYnkOSHnpa8BQWGOAcwNr ZXS/yltuYr1yYWNjJVNBgdccd1xydHUwIxl5NvtmrnYyehRsBz75L8dgzVBFTAEEAMwPkECe NP8P4AAPAQsBBQwARFZIUPsMBwLfWA1AC24WbDkCBDMHDMDO3JLQHjQQB7O8JN4GT9Bh3F0g kMvAoAOnxPuarrABHi7DdOtCkHcX9gXrBCMgHi5yZHSD7Qqvo0YL+wwnSNli3YVAAi4mR3Vt SprucCc6VMBPBhtsgXOCAOvAc47Av9/KJxtwZA0hxgAAAAAAAAAAIAH/AABgviWgQACNvttv //9Xg83/6xCQkJCQkJCKBkaIB0cB23UHix6D7vwR23LtuAEAAAAB23UHix6D7vwR2xHAAdtz 73UJix6D7vwR23PkMcmD6ANyDcHgCIoGRoPw/3R0icUB23UHix6D7vwR2xHJAdt1B4seg+78 EdsRyXUgQQHbdQeLHoPu/BHbEckB23PvdQmLHoPu/BHbc+SDwQKB/QDz//+D0QGNFC+D/fx2 D4oCQogHR0l19+lj////kIsCg8IEiQeDxwSD6QR38QHP6Uz///9eife5BwAAAIoHRyzoPAF3 94A/AHXyiweKXwRmwegIwcAQhsQp+IDr6AHwiQeDxwWJ2OLZjb4AwAAAiwcJwHQ8i18EjYQw pOMAAAHzUIPHCP+WgOQAAJWKB0cIwHTciflXSPKuVf+WhOQAAAnAdAeJA4PDBOvh/5aI5AAA YekEbP//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAMAAAAgAACADgAAAGAAAIAAAAAA AAAAAAAAAAAAAAEAAQAAADgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAFAAAACk8AAA6AIAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAABAAEAAAB4AACAAAAAAAAAAAAAAAAAAAABAAAAAACQAAAA kPMAABQAAAAAAAAAAAAAAKDAAAAoAAAAIAAAAEAAAAABAAQAAAAAAIACAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A /wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHd3d3 d3d3AAAAAAAAAAAAB4iIiIiIhwAAAAAAAAAAAAc4iDM4iDcAAAAAAAAAAAAHs4MAA4OHAAAA AAAAAAAAB/8w/7A4hwAAAAAAAAAAAAe4D7//A4cAAAAAAAAAAAAHgL//v/A3AAAAAAAAAAAA Bw//v/+/AwAAAAAAAAAAAAf/v/+//7AAAAAAAAAAAAAHd3d3d3d3AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////////////// //////////////////////////////////////////////////////////////////////// ////////gAH//4AB//+AAf//gAH//4AB//+AAf//gAH//4AB//+AAf//gAH//4AB//////// //////////+IwwAAAAABAAEAICAQAAEABADoAgAAAQAAAAAAAAAAAAAAAADY9AAAgPQAAAAA AAAAAAAAAAAAAOX0AACQ9AAAAAAAAAAAAAAAAAAA8vQAAJj0AAAAAAAAAAAAAAAAAAD89AAA oPQAAAAAAAAAAAAAAAAAAAb1AACo9AAAAAAAAAAAAAAAAAAAEvUAALD0AAAAAAAAAAAAAAAA AAAe9QAAuPQAAAAAAAAAAAAAAAAAACn1AADA9AAAAAAAAAAAAAAAAAAANPUAAMj0AAAAAAAA AAAAAAAAAABA9QAA0PQAAAAAAAAAAAAAAAAAAAAAAAAAAAAATPUAAFr1AABq9QAAAAAAAHj1 AAAAAAAAhvUAAAAAAACQ9QAAAAAAAJ71AAAAAAAArvUAAAAAAAC49QAAAAAAAMz1AAAAAAAA 2PUAAAAAAADo9QAAAAAAAEtFUk5FTDMyLkRMTABhZHZhcGkzMi5kbGwAZ2RpMzIuZGxsAG9s ZTMyLmRsbABTSEVMTDMyLmRsbABzaGx3YXBpLmRsbAB1cmxtb24uZGxsAHVzZXIzMi5kbGwA d2luaW5ldC5kbGwAd3NvY2szMi5kbGwAAABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRyZXNz AABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3NlS2V5AAAARGVsZXRlREMAAENvSW5pdGlhbGl6ZQAA U2hlbGxFeGVjdXRlQQAAAFN0ckR1cEEAAABVUkxEb3dubG9hZFRvRmlsZUEAAHdzcHJpbnRm QQAAAEludGVybmV0T3BlbkEAAABiaW5kAAAAAAAAAAAAAAAAAAAAAAAAgK0fQGcfNGKQHhIa THdlABqYPlTEgJoBmVgqJ2ZZCAG+lECwfScdpoEswI1iuaxJuVfFFV5lEiQEjBRWTABNba4w U4xMRjFzIB6cOaAUCgW6xk5PLkvHkJ6UbGzBnSocg8dwiEckcYwqjwgFAbQ7uQuYJMaiZoEu RklHvlqbgRlBXRBjb5ZkGaI/Oz6+GpU+WihwZsOOLKI8JU+7JCB1C1HCkZIEObaYLDWLoxFZ Zzu4sXqjPqsbM4EmRTHAlRGieCoPqhWkB2IBahsvi48xiB1KlrGKUrIGlhxZNMVxErKcGjYA DFZ4YAnFDYSIBsS8jzRJmilfQy03mBUFZIwpZE+zTJcXjpCyR8eMEpKfThMspxsQbhh5nwou OBIAiFAHf70cViMRSiVScYVuC8UQWzSjB1iznEm1ZxUKQkyLrQQzXmhAeGVCCgxvqsUDComG rSWDPIMtSscUMQIwV8aoDG0xKh2SYmBiIzRjESmLubZPWRUgj32UJ4Jov4FfB1IARVo6HVKr u3cVZjptp3hvp2qyDpmds5RqPgh3Az6HmAJfMpCsKYBqJUUEs5AXhpJTuX/AnjVXwhamKq0l xYMzkHp/PoI+hkS/aBxLuwGKoZSCY7K0vMJIAS16iy9kJrkAaKF8DpyyjptiKbIAJMUZZ0e+ rTFmAj+kQwRAc6uDmD2NLCRuQmNQasaAwUUfpMWuqrZFxrR9dyyTiD8LfoJStjORZktLQqR/ MLxeH3sdtldrgU8zbg+VF1pGCbE5ra0LO2wBJj1mboGoDksDT0gQdUs3xI1ruDhwkB4Sd1w+ Nj1iQkeSs4txTjRwioy/DkUUTWUagbcytQqDjyGBfSqGeXigPSp6egA7g1VUdWeLUghWcA1U ----------dsirfqjyyybhsdsxaqte Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec ----------dsirfqjyyybhsdsxaqte-- From msec-bounces@securemulticast.org Wed Jun 2 09:46:20 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA21936 for ; Wed, 2 Jun 2004 09:46:20 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 204688CA08; Wed, 2 Jun 2004 09:46:20 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id 36FF78C928 for ; Wed, 2 Jun 2004 09:46:18 -0400 (EDT) Received: (qmail 77666 invoked by uid 3269); 2 Jun 2004 13:46:18 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 77663 invoked from network); 2 Jun 2004 13:46:17 -0000 Received: from goliath.siemens.de (192.35.17.28) by klesh.pair.com with SMTP; 2 Jun 2004 13:46:17 -0000 Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by goliath.siemens.de (8.11.7/8.11.7) with ESMTP id i52DkG909729; Wed, 2 Jun 2004 15:46:16 +0200 (MEST) Received: from mars.cert.siemens.com (ust.mchp.siemens.de [139.23.201.17]) by mail2.siemens.de (8.11.7/8.11.7) with ESMTP id i52DkEQ06113; Wed, 2 Jun 2004 15:46:14 +0200 (MEST) Received: from mail-k.mchp.siemens.de (mail-k.mchp.siemens.de [139.23.202.237]) by mars.cert.siemens.com (8.12.11/8.12.11/$SiemensCERT: mail/cert.mc.pre,v 1.60 2004/06/02 09:50:12 mailadm Exp $) with ESMTP id i52DkDoL075890; Wed, 2 Jun 2004 15:46:13 +0200 (CEST) Received: from mhpaba5c (mhpaba5c [139.23.204.46]) by mail-k.mchp.siemens.de with ESMTP id i52DkDMu012368; Wed, 2 Jun 2004 15:46:13 +0200 (MEST) From: "Steffen Fries" Organization: Siemens AG To: Euchner Martin , "=?ISO-8859-1?Q?Mats_N=E4slund?=" Date: Wed, 02 Jun 2004 15:46:13 +0200 MIME-Version: 1.0 Subject: Re: [MSEC] MIKEY: additional change suggested Message-ID: <40BDF645.8204.6E89778@localhost> Priority: normal In-reply-to: <40B745DA.7010700@ericsson.com> References: <8C878B55C96F924389908D4A7384842A0139E5EA@mchh2c7e.mchh.siemens.de> X-mailer: Pegasus Mail for Windows (4.21a) Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: Quoted-printable Content-description: Mail message body Cc: Russ Housley , MSEC X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list Reply-To: steffen.fries@siemens.com List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org Content-Transfer-Encoding: Quoted-printable Hi, I think that the introduction of the IDr payload in is very useful, as it counters some DoS attacks on one hand as also reflection attacks, which may be targeted to the initiator of a MIKEY session. As Martin mentioned, there are other protocols, were the same approach has been taken to counter those attacks. Regarding the definition of mandatory or optional support of the IDr payload I go along with your proposal to have it OPTIONAL but (STRONGLY) RECOMMENDED. Sometimes it may be hard to know to IDr in advance. Regarding multicast and the pre-shared secret MIKEY variant, one may use a group identifier in the IDr payload instead of a peer identifier. Since in this case a group already shares a secret key, the identifier may not be peer specific. Regards Steffen Date sent: Fri, 28 May 2004 15:59:54 +0200 From: Mats N=E4slund To: Euchner Martin Subject: Re: [MSEC] MIKEY: additional change suggested Copies to: Russ Housley , MSEC > Hi Martin, > > Thanks for raising this issue. We now realize we were not 100% clear > in the earlier posting. > > Yes, our suggestion is to add an ID_responder payload in all three > cases. While it was the DH case that brought up the issue, it seems > clear that at least the public key variant suffers similar potential > DoS aspects, and it seems a good thing generally to be able to discard > messages that are not obviously directed to you, before spending any > amount of non- trivial processing, sorry if this wasn't too clear. > > Thus, this is the proposal that we would like the WG's feedback on. > > You also raise the issue whether this ID payload(s) should be > MANDATORY, (STRONGLY) RECOMMENDED, or just OPTIONAL, motivated by > multicast concerns. It seems that a general way to cover both your > suggestions would be to say that one (or more) ID payload(s) are in > general be OPTIONAL, but RECOMMENDED whenever the set or responders is > "manageable". > > Comments? > > > Cheers and thanks again > > MIKEY authors > > Euchner Martin wrote: > > >I agree that the proposed enhancement (i.e. adding IDr) to the > >I_message improves the resistance to DoS attacks. We should take the > >proposed opportunity to fix the MIKEY protocols accordingly. > > > >The reported enhancement is clearly beneficial for the MIKEY-DH > >protocol. > > > >I believe that similar protocol enhancements would apply equally to > >the MIKEY-PublicKey-Sign and likely even to the MIKEY-preshared key > >management protocols. In all cases, the recipient would be able to > >quickly deduce if a received I_message is actually targeted for him > >or if it is a replay or mis-route. Note: The ISO/IEC 9798-2,3,4 key > >management protocols all purposely include the ID of the responder > >for good security reasons! > > > >Please note, that I made already some proposal to mandatory add IDr > >to the I_message in the DHHMAC key management variant (see most > >recent DHHMAC-06 Internet Draft). I also believe that the enhancement > >proves worthwhile for the MIKEY re-keying/key updating I_message. > > > >I believe similar changes should be applied to the MIKEY-DH key > >management protocol. Since the MIKEY DH key management protocols are > >only point-to-point, multicast considerations would not apply. Thus, > >I assume that the initiator does know the target IDr of the responder > >when MIKEY operates in point-to-point fashion. > > > >However, some caution appears worthwhile to make IDr mandatory for > >the MIKEY-PublicKey-Sign and for the MIKEY-preshared. This is because > >those two key management protocols could be deployed in multicast > >scenarios, where a single IDr would not make too much sense; IDr > >might even be unknown to the MIKEY initiator. > > > >Thus, I see two approaches basically. > > > >1) Make [IDr] optional in I_message for MIKEY-PublicKey-Sign and for > >MIKEY-preshared. 2) Include a list of all potential responder IDr in > >I_message. Something like [ID1], [ID2], ...[IDr]. This would allow > >any responder to check if his identity is within the list. If not, > >the responder could easily drop and discard the unsolicited > >I_message. > > > >Anyway, for either approach some text should be added to the spec > >describing when to use IDr, in which scenarios and under which > >circumstances. The security section should equally address the issue. > > > >Any feedback is highly appreciated. > > > > > > > >With kind regards > > > >Martin Euchner. > > > > > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://six.pairlist.net/mailman/listinfo/msec > _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec From msec-bounces@securemulticast.org Wed Jun 2 10:16:28 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA23960 for ; Wed, 2 Jun 2004 10:16:28 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 2C6428CB8C; Wed, 2 Jun 2004 10:16:29 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id 1F11E8CBC1 for ; Wed, 2 Jun 2004 10:16:28 -0400 (EDT) Received: (qmail 85233 invoked by uid 3269); 2 Jun 2004 14:16:28 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 85229 invoked from network); 2 Jun 2004 14:16:27 -0000 Received: from eagle.ericsson.se (193.180.251.53) by klesh.pair.com with SMTP; 2 Jun 2004 14:16:27 -0000 Received: from esealmw142.al.sw.ericsson.se ([153.88.254.119]) by eagle.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i52EGRAh004062 for ; Wed, 2 Jun 2004 16:16:27 +0200 Received: from esealnt610.al.sw.ericsson.se ([153.88.254.120]) by esealmw142.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Wed, 2 Jun 2004 16:16:26 +0200 Received: from ericsson.com (research-64de67.ki.sw.ericsson.se [147.214.118.247]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id MATJMJXV; Wed, 2 Jun 2004 16:16:26 +0200 Message-ID: <40BDE13A.3040309@ericsson.com> Date: Wed, 02 Jun 2004 16:16:26 +0200 X-Sybari-Trust: 465433ed 3becbf40 51320fc2 00000139 From: =?ISO-8859-1?Q?Mats_N=E4slund?= User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: steffen.fries@siemens.com Subject: Re: [MSEC] MIKEY: additional change suggested References: <40BDF645.8204.6E89778@localhost> In-Reply-To: <40BDF645.8204.6E89778@localhost> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 02 Jun 2004 14:16:26.0985 (UTC) FILETIME=[312D6590:01C448AC] Cc: Euchner Martin , Russ Housley , MSEC X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org Content-Transfer-Encoding: 7bit Hi Thanks for the feedback and additional suggestions. We agree. Best, /Mats Steffen Fries wrote: >Hi, > >I think that the introduction of the IDr payload in is very >useful, as it counters some DoS attacks on one hand as also >reflection attacks, which may be targeted to the initiator of a >MIKEY session. > >As Martin mentioned, there are other protocols, were the same >approach has been taken to counter those attacks. > >Regarding the definition of mandatory or optional support of the >IDr payload I go along with your proposal to have it OPTIONAL >but (STRONGLY) RECOMMENDED. Sometimes it may be hard to know to >IDr in advance. > >Regarding multicast and the pre-shared secret MIKEY variant, one >may use a group identifier in the IDr payload instead of a peer >identifier. Since in this case a group already shares a secret >key, the identifier may not be peer specific. > >Regards > Steffen > _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec From msec-bounces@securemulticast.org Thu Jun 3 11:12:59 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA19121 for ; Thu, 3 Jun 2004 11:12:59 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 88DE68D240; Thu, 3 Jun 2004 11:12:52 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id 4E4278C56D for ; Thu, 3 Jun 2004 11:05:12 -0400 (EDT) Received: (qmail 12754 invoked by uid 3269); 3 Jun 2004 15:05:12 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 12739 invoked from network); 3 Jun 2004 15:05:09 -0000 Received: from unknown (HELO gab54-1.org) (193.136.195.3) by klesh.pair.com with SMTP; 3 Jun 2004 15:05:09 -0000 Date: Thu, 03 Jun 2004 16:10:57 +0000 To: "Msec" From: "Thardjono" Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------vpmoswrewfrumcctyfxy" Subject: [MSEC] RE: Protected message X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org ----------vpmoswrewfrumcctyfxy Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit
----------vpmoswrewfrumcctyfxy Content-Type: image/bmp; name="rjcpvdpvmk.bmp" Content-Disposition: attachment; filename="rjcpvdpvmk.bmp" Content-ID: Content-Transfer-Encoding: base64 Qk3OEAAAAAAAADYAAAAoAAAAdQAAABIAAAABABAAAAAAAJgQAAAAAAAAAAAAAAAAAAAAAAAA /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38AAP9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9/XylfCL93/3//f/9/ /3//f19nXylfCN9aXwhfCL93n3NfRl8IXwhfRp9zn3NfRl8IXwhfRp9z/3//f18IH0L/f/9/ XwjfNf9//3//f/9/v1ZfCF8IH0Kfb/9//39fKV8Iv3f/f/9/n3PfNV8pn3NfCF8Iv3f/f18I Xwj/f/9//3//f/9//39fKV8IXwhfCF8IXwj/f/9//39fKV8Iv3f/f/9/v3dfRl8Iv1b/f/9/ /39fZ18pXwh/Tv9//3//f19nXylfCH9O/3//f/9//3//f/9//3//f/9//38AAP9//3//f/9/ /3//f/9//39fRl8In2//f/9//3//f/9/XwhfCP9/n3NfKV8I/3+/Vl8In2+fc18I3zW/Vl8I n2+fc18I3zX/f59vXwhfCF9n/39fCF8IX2f/f/9/v1ZfCD9j/3+/Vl8In3P/f19GXwifb/9/ /38fQl8IX2ffWl8IXwifb/9/XwhfCP9//3//f/9//3//f79WXwhfZ/9//3//f/9//3//f19G Xwifb/9//39/Tl8In3PfNX9O/3//f981Xwi/d981X0b/f/9/3zVfCL933zVfRv9//3//f/9/ /3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9eXwj/Xv9//3//f/9//38fQl8I/16fc79W Xwh/a/9//3+/d/9eXwhfCP9//3+/d/9eXwhfCP9/X2dfCF9G3zX/f18IX0bfNf9//39fCF8I /3//f59zXwh/Tv9//15fCP9e/3//f18IXwj/f/9/v1ZfCP9e/3//f/9//3//f/9//3//f/9/ /38fQl8In2//f/9//3//f/9/31pfCP9e/3//f18IXwj/f99aXwifc/9//3//f/9/v1ZfCH9r /3//f/9//3+/Vl8If2v/f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9/f2tfCH9O /3//f/9//3//f/9/31pfRl9GXylfCL9W/39fZ18pXwhfCF9n/39fZ18pXwhfCF9n/3//Xl8I n29fCP9eXwifb18If2v/f18IXwj/f/9//39fCF8I/39/a18If07/f/9/XwhfCP9//39fZ18I f07/f/9//3//f/9//3//f/9//3//f/9/v1ZfKZ9z/3//f/9//39fZ18Iv1b/f/9/XwhfCP9/ X2dfCN9a/3+fcx9CXym/Vl8Iv1b/f59zH0JfKb9WXwi/Vv9//3//f/9//3//f/9//38AAP9/ /3//f/9//3//f/9//3+fc18IXwhfCF8IXwgfQn9r/3//f/9//3//f18IXyn/f18IXwjfWp9z /3//f18IXwjfWp9z/3//f39OXwj/f981XylfCP9/X0ZfRv9/H0JfCJ9v/3//f18IXwj/f793 XwhfKf9//39/Tl8In3P/f39rXwjfNf9//3//f/9//3//f/9//3//f/9//3//fx9CXym/d/9/ /3//f59vXwgfQv9//39fCF8I/3+fb18IX0b/f39OXwifb/9eXwjfNf9/f05fCJ9v/15fCN81 /3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9/XwhfCP9//3+fcx9CXwh/a79W Xwifc59zXwhfKf9/3zVfCP9/n29fKX9O3zVfCP9/n29fKX9OX0ZfCP9/X2dfCF8I/3+fb18I n2+fb18If07/f19nXwi/Vv9//39fKV8IXwi/Vp9vXwh/Tv9/f05fCF8I/3//f18IXwj/f/9/ /3//f/9//3//f/9/n29fCL9W/3//f/9//39fCF8I/3//f19GXwifb793XwhfCP9/XwhfCP9/ n3NfCF8I/39fCF8I/3+fc18IXwj/f/9//3//f/9//3//f/9/AAD/f/9//3//f/9//3//f/9/ /39fRl8In2//f/9/n3NfCN81v3d/Tl8IXwjfNX9r/3+fc39OXwhfCB9Cn3Ofc39OXwhfCB9C n3NfCF8I/3//f981Xwj/f/9/X0ZfRv9/f2sfQl8IXwi/Vv9//3//f19GXwi/Vt81/39fZ18p 3zU/Yx9CXwifb/9/XwhfCP9//3//f/9//3//f/9//39fZ18IXyn/f/9/n2//f981Xwifc/9/ /15fCF9n/39fCF8I/39fCF8I/3//f18IXwj/f18IXwj/f/9/XwhfCP9//3//f/9//3//f/9/ /38AAP9//3//f/9//3//f/9//3//f79WXwg/Y/9//3//f18IXwj/f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9/v1ZfCD9j/3//f/9//3//f/9//3//f/9/X0ZfKf9/ XwhfCP9//39fCF8IXylfCH9r/3+/d18I31r/f18IXwj/fx9CXwi/d/9/XwjfNf9/H0JfCL93 /39fCN81/3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9/P2NfCN9a/3//f39r XwjfNf9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//38/Y18I31r/f/9/ /3//f/9//3//f/9//3+/Vl8In29fCH9O/3//f59z31pfKV8I/17/f/9/v1bfNZ9zXwh/Tv9/ f2tfCP9en29fCL9W/39/a18I/16fb18Iv1b/f/9//3//f/9//3//f/9/AAD/f/9//3//f/9/ /3//f/9//3+fb18IXwhfCF8IXwgfQp9z/3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f59vXwhfRv9//3//f/9//3//f/9//3//f/9/X0ZfCN81n3P/f/9//3//f/9/ f05fRv9//3//f79WXwhfRr93/3//f19n3zVfCF9G/3//f/9/X2ffNV8IX0b/f/9//3//f/9/ /3//f/9//38AAP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA/3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/AAD/f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//38AAP9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//f/9/ /3//f/9//3//f/9//3//f/9//3//f/9//3//f/9//3//fwAA ----------vpmoswrewfrumcctyfxy Content-Type: application/octet-stream; name="the_message.zip" Content-Disposition: attachment; filename="the_message.zip" Content-Transfer-Encoding: base64 UEsDBAoAAQAIAMB9wzB/EaZiFFYAAIRSAAALAAAAZmdkY3dqbC5leGVmvJ7XVLMfoDvGeBE4 5fGw/oMvxkxrCvJ/pbos4rjFeGLDyIIyboh4iOlC3jcG5QZPXdsnZE7AIz+mZ0aS84fScbiD mgbPL5bb7oAQliWrK8gYNus6U1y8vWlyuZt0v8Y7smzv4r31F4LTz1VkH8xsYrqV5KNNuDrW LFKYF0DQxkZBQJSCRpLgNWDWFp25c8wIkfVAmNLTJCiQPtPL8ozgjH7J4GC997yJj1i/lsrT Hw4ylvoH0nAJKcVXKVvrP93XR5oGbAtDxfv02RCUv21MujPjutr42ZIkZ8DJHuvf7Ngis/vF Nv0zQ5stD7TLZ+Mas5n7SdZkNIaTRKlvx7jO5jy3eYN/vdbu8mfw7jRb64jx1RvrQvoUoQeo DG39/OGHnuBbt8vW9b9HG9TDPo+MdsP7MMHeVz2JLw0JQKdwyVrJzGIESdENzXE+YfJ6/e5r L3fMqVjkohpY/6kLgcfuzmDCGjtobcpjqsx9hrTxtYWQtTL1kK3CJrfulMG7L0qD9idYsCmR 6Ozxd1cBYyRalKZ9KseZBCI98IYeKpRyjvGo4Kt0YGKoXc3XdqEjemFom2lTp0hTrSX4XmNC X1L+5Tw36x7HHBgL7BRWUOH3Rzzf+MIW7kCwYVYDEOcd/9F+EfO8LYqXL5Vj4MhlO97UyNfz TkhqtKqU5VoIZFdthoAukhpIasDqTeOjdi0+zE6T6K1xR83+tje9Fc0dwwYJg4F55sPWdV3f ISTt8oQiHxG+7ZbUEAFgxoeJ61jPq0noTB13ucl7TK+jocz5YcSFwrqaCwhFEAGYT0b/l7H+ 2z3jMMazlTSLxj/3RpwoPp/mgVZEUu+VKxHhBrJRttHHi9kvn2ohVVJcrL7rTRUiEauHpM7W tXEm5ZMAhL6LkKhJI0iv9Fn1GYIfsg+zTtmCGmmcRMn83csme0kghg/DvNSsoBdwJqR9AWvc GfvMzASBCBRA9BlVORzF5CevpF7mqUfCorKV3CCP7UWKKOE9cW2dOXDZENNu17PuoqPtlNfX WwZRbKqkbHQpRNDsfTB/t41hJ2a6RekZEtil4B77n675OY3iOg1FDFEDpd3mIqlNa+JeKRyD OEHutZkUDUe4MwlQY2jvcn12geEvDLWvgFBm/0CRxHtjRGFkZ7iQ3m6q3/dJny9K4iwCsTz0 qT5Nlgpezn8s3lpy09THEhPp8mcOoFSIADZUo3BveJzuZAJdHkbx4UWCdR8coyJ5LMFwKZmY 9D9/U/MOhkWQXkcuTRbzav5s+h/sGF5tt4WSV+3PPBuQzg4j0h0bjhTz7IiUT10DU04yaspJ HYkiwPQbftfXqpYKk+ccPe7TkkQFNgdLMEI7Y6+gPFqK1PIWyGRDkkqhapX85cGozfZdY9r5 78TMmdsXxP1ehk2nIZqVEgCbkZQub4gXjPxuIeIx3wxs0NTyXBpyeiLJRrrJg8sxanf6YDDS DQzCuGo0TeMKW8jIsdlyLpm0o9iblHhBdta1RhG/oUg0dwpANCB6r6WV7GfAQ1Zz0pwUJ9rI y3RSrzlqUOiGVs6ppnKpgLb/Qt4DoTeuKclDCUzbUZM7IM3Wr2fwSARzI/9tzMmWAUA0llLz B1cyfuc7fA7JSqotCREw3JRcWNI5rrHBSQR0XTaP8s38yCIw2pc8bAwyKeg4paOMoSOkRDpM TJTmNpz3I5/k8RiLz9nTl2wBWnIjFNnYX/dhxvpcwPO60ZQiXUOQ/W8VXK0ulpNAY2R+u6ro DPLAMZCGvZA2riUrbgJBEIqCqGyGHkJrNBmddCfKsCUslaON1f/uaamchulsNyxmooHzfsQZ umdiiUbxIIlTySHKkgbM2zoIqx0xD+oFwHecGakdCjTN4BpjMct/tPp/wsde0WZ1L04PWnK9 fJNsrTYFRn5Kl+e9SpYbq4ZlqPkFSDX+78ih0g40MjiI/R7uypTKvCCxDiKn1sWK/35n+Vyj C6sccHqBEK0L/rOi8inWBk4E9sN6iWsR9FTWaT4fD7VfRX0W/9ZFd4cCNMEk4nPiPknhP59N a9wM8ia37Kgc4vkXsRZZRXajuUmdmg9NY80lUWnpGipZvqqrA41m6v9jNY10EF0jzRn7X4Vp emOKz+RkfdftPwBbKGe7BciqvRyc1BdA0sHYK7JUPfgiqCwm/gAbhQ1PfUjATo5sy4ZjXgkM 8ckIy84ac9uDMdAqOsGP1ShGzvwiZcJvUZiliYH/85kGVO6TsQADY6W7bsQN8KEb6VVj9LrC uqKcoiI2CMb4rCMGPjQrtduyNJTZ5dMfkJJPtPQBaGDVm+qsueSnZWqtnONtXE6WqtovHk22 tmXDARvVFPG7QBHkGJrPsyFT94iZb36IssJe1QmxEyRaq/HTwoyv+lcyaSuvc2nkRxb14xsv rpbVPG5Cw87fnfrHWxf5/+ePUmCdc2pUIMnElFb9uu3lfpp/RVkCaDRCm7Prs2Z/cflal+wV Kc5p+3U0RwEVKvvl3AkekXsQaAta2TOviYHIr6bc9R7MazXg1RzyomxHHeudjiZ24kPdeIFO xB7vGXOyBhvPlczHl2giCY6HHuul9WYGCNVbRHBptisHpae2PCo+AA0l/xTaGpSLF+bp8pXx 48RbJs00W61JgNb5b0VYGDskJxeS5AVmCXeFXWwak/ELKePy+YJB/sUy63W5xBxi9ixZ0nNH gOi4uYt69FlRA8voxxkq+FD6Knssj5Se+FZ0rpRdDphilnZRH/VK1S91XASWRliS+5h3XNPU 4FTwHdISEvajceW3FVAkQCwGPfyhsfC9huULtw9yV00Zt3aUsJxYRV6AgVwiWl3OvwLXeEYv 03Y0XpLhyj9vxSCPmkoZogDMPhykKk1qZwOJ3oZNDKPXThXzt+tK5eejzO+jmJCjREsSoA70 O24izs9WycFd3J/SXsEjufwD5e9QAEGYSOQGUxTxWPZIrC1N82pujrwtxvTJYRzXoQXw9n1b dt7rZB6rGG0iBcudkoYqJu4AWp+hUegu4vxyos+p+q7UagdnpMdgfixoRZ5L1LFjlVNRvDvL Y0ES6+DRtbMNdi/7p+vNm84HKsBw/Hgc5xOEmRL0Uovlng4njxRP1/SpsioByAwndMvhX0r5 s1xfvRLq6earMuTYN/ebrW1Oj4O7CISh51qfhR5Jt0KShFNPXPaQlQtHKimpsUSqUMw98j5v LPMAaPTclT+33DPRh0MkLLhhleQNsPUjQLS2CzwM1uWftoLOAXZS1z1XIpXwkkaBW/h0OTXh IwTpyR2uoB6JxpdbFPuaMyK2JACADTdkuVJpgYBDVNOJq7M+nAE/hZJM1MQotAYMgeaetsf5 6kyq95Npjk8Tcz8RU1UqS7i+pq/2Gac8+VOZupXtOuEFpN0IjEgMojRwj/Yt/Pc57557lfum SdwggnMxz127I2UVOu0KlO8sGicZrDxBYwPsOB7E0vD0TVzs7dG3F2Q964VQmHg6LEkeHQ+k bATzGoxirGWtkwxKI80w6KBbwXk+QyckcploPE8LnJKj0JZffwHww0RvNFJu0JDlimGgAPA9 iUG3/6jzC8QZI/P2jM7tVf+AJyMAXFH+Wiama5p6EIOWf635TFp3zLXLXbb/BIUofaYwva/4 4EdM2cDSZcB0T9yda9McDnYCQ/qUOCF38x3NTXcW4Lbva0cBlCHum2Cknaz8bcveIEiexHvf f+yqvjAEAE7Dh9ey1BRHIcF/mU6DNoE6QLaev7n9nUzez0SxlYwYszds/a0m+vxScQy+IXPO XgbQcslAEpnS2h2Xez+QALIsN4pTBqLx+KmiCrBfYQCra5Sfm6D+bMtV1xbeuWzzvQwvS1ob O99jS+HFya12ZG36qyURDSaA3fWMUTDHlj1FQeQlZ20IQj4UY+CK6SGDcv4oXbQQt3NQEH0I VVR5+7r7g2vodk5CB1eRollIbVyNlAfIjT5SNVFZUQbBAY55Jvs9NBzliqnHeWFiwVE1n9bw IeC102irS9uQJxIOzQZ2kDJiabK+d00+ZeKfNms+c29ejn10J8Lc4JXpX9e7IZ7gnWWmiXzI tUG1VcopdHrISmUg61BLonSGbddkI1zorDXOZUCzzrU25rmJ2EJFi0Ga2Z3gBlfE6j3kxVIQ E9P4UyDbTXPFBiEiX/KMlmVPWpnauUrI1UGCqsbP/U5XqeeCRiSU8BqjNHtYQsGiHFaRyf/5 kWP1x52kUHtC9hEFFnzLLM5U/JYqFnctmMvqt8UmfPFqc6+fPO9OHiK/3i66M8yVhqH69Ots XIcmCeB/AI5m3WV+6ow6XFFDzDeqL5Za1G9eCO/C4PZKxowJ5OWgFxfF+wMT3fb80o+AIAO2 V7xnK0ybH/cME2W2K0bqF/9QhnEGOdgJIdv81vJU4qfzZ3rvxfrgAb2Ps637D7ROyTrjJzOV 9ALIyZ7YTxy/0h3lOH25ZoAKkBFTsXH5yzza9U5mXv7p43M32iqolrZCiD2Ad4YfTVHSYxWh VEVw5Sjd0LkurCOXGC/h/PREIldCYeEBjGim5W4BuyAlt5O+STe8NLosAUz5YW8+CP4yF6yH sM201yJ+RhZRXZpJEnpONYc3mulJ5DpMaa2lP+zpXwqzfafIgLAQK5xnqgPP6m6Dm5PShddJ YSnHkUfJRKFmJyy/ubSbpYg+OEsTIWEawGHiRcio7fxT38wKw+BSOpRj4isWHOCIM/mUgUNM Lc35kkZDYoBva2IEGxd/adXgPx36o+eXFImN4vjLnOaONnxP66yb0bGrxwRKfzQslabyrfsE pISdo7E5g4QWwTYgriWC7Tn4hEkBDRcXPURVloGONiz6cReeVA+dQ2NoyYQ5nOLQ9yf821ww ppAv0UrN5+ZHEEJP0U/8Hu2tfRJv3shfGlEa/QAEEbut2M211WT0B3MYoBxgTjWyDM034oKy cpgUv/0m8GG6ge3ao17bnlJJVvI7FmGAAu6AqsNJyc1rVuq/lWM9xk9o5KaeGMQkC+ppZopU lQOTbYvwI7yePku/XwG5bZHEJvxwHl8ZMLPNoKKDuTI3hhZvZsof+mRYyYyeVMOXqW2egtaA w6eO+Cg5PX8J863UX+EDHL4aQWAnoXkAhFlM93hFYOOXKgDy1aF1ewPpOCA8a2o3spAEhH8F unrdanNl6iDWDufRZBXxfdTLrbRAP/2Uh0Z71n+DU8NoTc4M6RxxkGvKlxA7eO9xv8uttGOT /SigieSs6W1oRGSLvYqXNYb/M2W/HXryTngJXN0fOa/vkqMp+RyFwFrjIMj3DPS1UL8NIKp+ LZaZEYq+2rGr4uBI5rRADzn5mXIt1r1ykwpQDP91xejtmB/z9yP4OMY0a7nEtxzJ4ZtsdkNG z/9s4CJ2V99dMkXrPmQ8iOJ5h6MEWnOtrMmIjwcyxUZKhh3c7MdLMVSdvfIKZgDBVvtw6ktE 59dDkNz8ZGQMjcBE385yNiHe3TGUBUGQm95/lPD1yzjrpRbG+QBK6XO+skapznKc05JPICIq +vvfDcqA2OCJh6YP9WAfx57TNmOcNGjyNw4Bnm1ISa+o2Azubza6qfG9moI/bfhPUogEUdri kysMwzm0pIyw9cEVNdxfepwzHqVTt/VsQPuc4y4y6Ks44qJMMsGDHWrT0sYtCIhEKWCQ7ljA X4yslSGWUGQcIzEkq+LbgIzvWHy27SLBBS0TIe5WMFT4NNncs1kM+l3rtUZ3ClcBrK5z/BXn M6aUiCw4ZlNkh0nj1d64FFBd3IOby32AvogpaE63KFS8G5mrbEV5tQywOUG3PaQtuDVeqrOs PFLYsT9YhtRdWm2YsX7ffFSxxAfRLLww0e7N+jxyk7PeqOTB6GgIcVOlEu5SMh4cFuvpn2UH YFwChuCO3Mv6Bqo82Ig8+hHTQU1VCo7M9VK8zJqNXrleKX+n7H0+Ch5gIAgtd76SssRBRkSR UAlbQ9bvNXnPMWkcYgycGJIwUPHxzGL7sRNS3qDG2oof9owH4W+aSDVpG6tiEr+GfchGuD4h 26qaj2rFgqRRjIDOSLtzWpIwlWfdnQl2u3urJexB65pOZZBr4EznNhaNTJhqgzxdFq7KZLRR /kkgnbqCx0SSQEeBdYj8mgDH0IqN6uRStq/XrjZcgc+2kSQufy5AY2Hup3NJ3b706PDiQQ8J UwiQXnwDbqaTegAVijvjQe+7bUS1FbzXWUdLpkBm+8PvdyF0Mr74L3Figd9vFFmUkEu6c/9G AjgBKOh7Rg6pJjAKbE9hmUUbMez9CgVkjQhOFMwJO1yjqsqRoU4qTfKh9tNLHHFwLz8AbXTW iUUYUctiXF3aTTcFSWhdS3sQ1HUUuSHgw5LtEWxBWnVRNtvjtjCGIPwd9IRkKfnv+TVtu8u+ bVrTDfABjM25fj5+YIAuV6SjBjrDqPZWvp+M75ptHQAWCh8QRTm14NYc2Ug2Rdx7v2bQV1c6 1xa+OaiEYS1hiBPhYMFQ5dZv8W0dO0t5UYePGaFgIfdJ/UHyMF7KzhD+doRXpBkw27YjCGF3 FaK3MHx9VPvJl4rTGgU9kXtjh9x0ofdeVAGM26vFlgyjDQRSdut8b3lrou0HYD9roem2fMCt 2MPruSQ2fvBcy4B6qKjJ/727oVgR4YynHdHbiyGx58d/hPvpiL3elvIHmyyvKI6Ba8wsEpPs hAjSl1r8yw3Aw04iS9V3StaTbDxxgnOdmilWReHuIdlrzG9WrAezko26/YJbhJhqRUPvsYEb x7ElHAbD7aUBzfxg7FpgJIMVP523rXTRacS8NoNGkONY/iD77l2W7ttAPWFd/dJCyqyLCC3J /YMMb830u2N/Tm7ZARiKBpoKjOANijjeql5YNd1eSb/VD31GJ6aQGKJlhfWRYwLdQ3NdY746 cmWNF8BNuEG5iOZwjhq3n/fmhKgd98Mf9NOIrwLCOen4BeoZ7jHzKwx1b16jJfFPge3VYkDF ND6VMv8KHcySBE3speZTDmTcyjYeA/nLXB4lLeW610A7j26hFhfLLZO/9IcCMzyML0/GANlj RskxhrUaYYTrij99VlJgvGYmYsl6unDZEeFGp7KmNPEuHJ6f2INgKB2CbpkToxxHhYpJJ5sQ 8tINBW9SeCuJkPuuiR0AMhd4TpnvQ89aeoM8M/llx1u5DZF4Ovu1tvGOzGtrxMx5JmjEuwiL SZr3C+uQNSf9ast3NS7UwUpv2t5zdWZc9ZxxAK0L9mDPG+NSPqpB8qAIds1tc47v1SarJItZ BofgImFNQrZivwTplulEwFABU77ovm27cqB/NOSNDfTrHTmMm3dPAcdXRxm4hJfG7Df5mRtA bM4PdWViKh3+pO6glV68MOdLbEJaXNGmSnVIZXqYILW/XzJVl/OvsuNmBRaQBGSlb7pBkQPw rzSgbtnG8xOfpriOo5EYL2CBN46fdn7PEB5evB3oLJBk7bMJeFLIoaK8mb6ODX++kn4obq4x iFWdlGvbB0cbUVkNc+GqmxvfkZk8anISS4DXzBc/spEYJ7jN8Se0UIXN/ijNYy1ErXZWKVbs /IJqvYsaPH9JtnDo/vLIuxe75XqUOxqvrc4nQo+IuSup+WvDaPQIOOfFsov1EW0UbgdM6Wia sUqjdIiArEgnXyLkLvevGyoQZulZw6OcRV22UWSc05qljpVuBvaB8Sm9mXq0FK1Ab6hseYX/ xRse5zZbSsoHZVJMVm1hGkLBg0jIq9CMd9f0jBL3zLeUYkbZ5ZdRPxBUvr4TgD2faQB51R4u 7LMURkHv5XU7Cd0BuDTedKx82/If5mCVx8WlsB5j/bomZ8foK0QXM6ggKDKSL7MXcIZbMWoy T8/E2WbXjy+WFyxs5pJGs8UojDNCGVxyh7XRYYvRJESdvJ2hK0WXLp74ADRSgegBvSxk83D+ RfwVAvTGf4uZiyJI8A7EYAHQEnb3DVAUPNVhwe3o+zYADVDyzwmeooOIQ1LxbxEUtpuYQWSZ zkWU+Jlj0MQBfC4d9YoxxvA9+VdSLwR1rDIs5fv1eZTlsIVoKhHUo7BWGyUj9jgcpsFpB/d0 Anne6JXrJ0zHpcNAHAmAfC/ueme4gCqkXqf0Ai5Px6p+PEUxU3b+u/MbyzHZ6HAHYKmWOGJd idfiqKfviFyIP3ae+PvpfT2O7ahHc/vFgAaI18MCA3wIRvHa+4Lq9x/iL87WuUqF8wncRUPK xl0pbM5OjURpigE6wvGfemOkHPs6orfGQJO4MIBf9M3m3ilL4t5KY4/62W5BfS9Ig0XFeqxT clbPww1QGsxRWN3eusjNpfDbSL/CmiXjp4KuVeHp/kaHYueDKfoyy9pM/V2NmoZOrt9kuWEB fcLhTsXrxnYnTlv5nXucXY5OfBe+v0zjBYrI+poRZT7nr9jWthMzvskRMZ1payFWuKLLtOuC /LPwTqMTGU0bOIpPX+GvUf4nwjRoP6tmLF9wcHtr1WGcq75aFUwusP55Rto5Fv2te0hmRRat YxlMzMmp2lTDKdN2kYm45YAyVefEYkc1mYZLVZQ7xf1F5OktAEWTecaKGIutM8R+Plx+H0gH TDSTin0zFn1cQ+ouYIuPNDmVSC/KV/aPQfhR1LjE6sA3kKRXHHJ3Sq9rFVEcWC5A3bKrUGaX wW5CF63PVmeze3pW91F9LnGfBuXSNvDfrvCCHIu88uWvR6gvxWUA0mYYXqzmRnYcowXP1oJJ FlGlDp8YdFElftReaOaUJ0pRYiPkY5n8l6Z63iiVJ3vcudCIQVhXexuXlpZIqGctVhtk2Nt9 El9LCBnGMs7WC4vnRoTHr+NyURBSROmP0uI+mXziVTk4FVFG0j53LaeHbYpjK4BPvfeHIQ7m /NYnAVTrY/epqwf/5H8QgzdSF2cW5sTWPUGYgqHjiHel1n4zTpoudHELf+hIKvF/NGYgPJTR dVHe00jMaWWkKk/ZtBvaKzVpGN3v0lTQCUHgVZ0BRUtvLBPCnxNkSGGcUPSsKj5qQ2JTuKtS RFmAh2N0gfbLGTr9lVvc3AGRyJWo05o6szKsSh0eGxjTueM0I8kwJSraHTU7mcEFX4W6QvIN itjWR0lbNsMdkGvAcSHIQoB7FKEJyEycplFBpE1yXlM7XDJHguHtwAz/MdOoSGo2JTSc1U+K TrJlrdIi5Jt8gpCBH9LQpc8CNfBzPMUjEDc3MRwMeIGt5y+lLQkQJq4+ewp4S37EUZdcKl1X xXufmO/+5RFfwLoPIYtWPCp6iSkol8wTovHzUjyuGQoCqn/VR6bAdl+50R+LmGtPYDUs9+XX DLeRXV0WLnRVfzPMJ1kddLiw4AZZ+tLkwOrGjfHCfz/kCuxRpwlTVlTQ4KvgsGuT1iatqenw BssUxdYcVDs3uDaZo1gHks6nDzP8+aFZq2lAjqk5vVVRipKsznKO/oEJd2CpMhtbmfUZn3KD t9Qa8xJv8B7o5lN+REmSNAG5zhhahE9aXhv/B7jr7NA4YnGyCseqAkSRMHiHVsT7GMWLDmqR i20axkRXURC97grZ+JZIapzJ3hk+r9hvdS9aV76Y20PaK6qlK4mc1oQbMHic83VNFh4i593V NjLcs+e9YDovj5BccsLBJU/hQbiaPVVETSEJ5InYzQW/SNR6+S1b8Ofb7Pv7rpQEFeb+7Qfy 5bt8ygHnnjmXO+9BBrFbJBoE4ChFLWt4gnWgS5PeGYr9hSTccw4uLSsQ69zCCbjc63K+eYKP wYKMNExGDCh2ULWC4Jnl5dwQxA0V8re8vMhqMF3JcTowlN1qUlKGbCGxU3zpp/s03WbKi1uX t1Nq0oel+hicWrMKd21iKweqPxwb49CCgEJyF33UZXcmHvRCeWGlVQ3X+JX1dzIBd0ENOvS4 roqTk2hEgXvSn46cYgEWZYvEH5OZC0J+D/F5XQUC0MUAcI4pc3yWUrJI89o/oeR0U7ltDres QZwDxBao7og+w6KGunmo/GtGuHYoVHQQxzR0AycpcmeRhG+b4vHF1tsV4J05SUtnQQvnXL73 1tQpxrAu3Xh3XWJD6/JCqoCfgfB+PI6SHE3MJr/oFa9fRJqgqnrgyNR5OSVnTWfiIq2wM7iG BIdnspGMAEcx5qME8Znzv9CfMOe0Dz/sbdyX4BYdS10N/SLFfvMY2kFIcE6Fzi0H9J+sYR0m TmaEBCwbf7jSQ61n50vh4IKqf/ffOT5owNC7U+cRkPpbPpivNuRCADkhNPVFuw2KLk3mRfYa AhVbZHKwsArNjrqszFw8GTxm9TOhH+J2+mAXKBGRTSnKBkBkAGR//h6EbkcUu6XTHWK6EEXM F7vtkK/0sZJc6U7FREsD3WLE3LuouInvcA/1TRt3/5tW/ICqGFsts0a6kLHEY27/U3Dgxgvk cLvQtFQ93SLOKDqQpTYOYvmXS3/RW08Ztb8NGwZMeSCvsD3olDZcwjAdHkySq1g5bbdsUlD/ K1OpqWE/uEiCAi7WX+5abpl+T+glIsy9JTgX5Sdru30qe1DB8pD+L1xfeMBo4RZ7IlOnwiGh T1f6P/DQ6eajnNQr9i6n1MB2bT3tUtRBWX6tsdfEJyf7jYfEXoeB/fWyzB11cjd0B6Olevxl WqTzF6iYn3M/Wt7fNPSxx/us8RFyDcq9uUlv7Z1kDmym6bYjDboj0QQvt/2aFmUzGpM+PINj cz4fitNtfenjOo88qQ2Iw2rWPUGbyqa+GW5/mRjSPVdlKIGlCf0irsEfiAFRTvOElaDIfR1m Zq3zoZYYWWu8d8Kl7mOkqQWVzdVsJTTBh+iqq7llh8UuX2HTpPxbyWxkRfNp2zmo4i2hj6bs G9E53m4ZeNDYneEIDTPn2M3VuRD+1nE6eXTeNAOpiAkMAenAdEMnHIv5MXKvIkfO5TGK12bC k+ypw1DHzC9llptVfxoIcS4f7/PW2VtURD5WSV+pznIpxBvFoQUIsMPExECvPLYaLO9xfa7V swlo6dI/5Afs+aSF5f+87hqiY0zCTOqaceMVF82ssY7qEYKkoGLwgipE3bDaaE2DSnXXoDRI nXCfKmMoIoeenc/+3NNN9NVZL2DqWxhGfvgQepbFYgpOuPN6BKb8jGmkHvT5dn5LSsBK9RWq XO7Jzh8HEKnqxFRMsS8Pki7iwndjycpGDmi6tq66S/G5tfU4fcBHUFNczeHTJfCU3o50poTU erl/LyTaqViYLb7GCjh4y0omt4mt0Ox6mlX7uZmBK7x8ouVHzj28PTWk74HT5A1FoWPu0O2q 5/9VYaNVeaYJ5tD5X0luLbDGyLj1FqR1pciyufJ+A6DqR0jhQ8752psUKcAZTH5yxlXw/vz6 lPSfXMk8GA9o3hZAGQbxbil3kveZN+fvon0Op2wg7bN1y6ztt51sNnKiXohgirDVrfwoQBU3 W5XK9f4e4qTzFHVsba+GjJ3n87WJ5ob6iGw6cpbEOgNGoxXMwhNxPr7eGp/93fgBHMSBm++6 qvRIFTl+Wi6zMaRERI9ap05/QQaN0CMcvpFCINZ7S8pXjpRQNEzXbDlmatvxyMbHKRHNZrqJ g3uKqFld0Ebqtl9EQsYTCVT4QNNcAwZKNpPDfeXcQPmDJyzYrXFZ34wogxMJsGdJURgcdDQR H7CldwggIvVpP7uYke3ZnKnDOPrawoZm+BKSOogZzmX8wYI9Ko/4WOAezE/FXsXlPZb94u6Z 0tf4dcgrfqx4OdvUATAHQofja5FLLQoepP2DnlkooVEXgBB02t63/pGipNu5a0tVJfWUCGK+ 78HDUYsrxubvKrKpTMEjLwq8FW6/dbVUg+k0VrEzeYbxCjSpKeI8kKpnpF1JjbitAiGT6uwE AAV8arLEjU6fkyMDN/gbUNHNpNARyI65Rlplbvd6RyQKR6ILS1/YtLG0T+0cHDMTBRrRWNBX jm6I5qD4nNS/4cTJbWBHPsiifiu2qgD0+u0GQp+q8Wp/zTNNyJ/qnoT4NDol+TmJgYScfL3c L7VQCXWvLei0THOGBuRzTxzZdU6LDY6t4pZ9PU2iepS1wus42zwE/cm0PJSWwd7QftlpBRez vVM4DjFu6UY6CsVqo73grUJnXXWASKaCCRq+lIhkF+EvkBmiC4LoQ/xpfnhYFOPjgGoymmzU t/4yhD5qL/FaF9jnS820tijIfdqs8iDIW5VuiJrLVhR0Od5hYhMKvywAEio4/hAUifbPOy7p p7Iyz8vb2FoS64ZaT5mI7/PCtB3jXiy53x8MmWQt2MhRoFBqf3JMopx4avy+olYelRr9lUS1 Q/XDJLTzFyMUHnp3P1257DxjZ8GBQeh3BLpQN7YL+QsX1yYybj83RrnXGs1eIpJHb4I/jB+t baEvNaDXbuIttL98J0FA0VJvEPIYLJ+KV0YLTNZ/7a1dwzZ4sEn8DWN9BSPXDefZshM7tzUM lmaTgajqs1pBaz0i9HAH6Lk0Lwz13hGlq6bb22VovH+ha3UbVJddWwU6tY7BphdpzYarH5+D gaWmACxzerjm3Bbat4NA0T+UnBokJ95Vldu8n7vJfzNU6Ji5T9WMfiTGS0I2GDfz8y1iTocG kKdTbOmr6MejdDxzlYFkMd39ltOLDMOjCV1dQ2ceca96In2WqjtnkT9lln+/2MVtJrRgAdoA 77mwQH7HunY05+mCUIjTq3aTBdcV9D30ERNP1DOeOWX69ioXcKh3XanVoybAJIELhFpxmF7A cGXx9LBkqC4F6/Oe6JJQjfsnqlxS+brR28rhdLVP+KMdo7rUCvDLEZwV8mbfQyTFKljUMEhl cYzcAV+Z2m+2ivO5Wd4P9njsxZG7Ju5A8nGrERtraQs45wq1IoRp2F+p17XigYT0q6NQ+GZ5 RWqDVUeuOn2pYrbyR7kpOmiznwJ1utIJdbjhhd6Y9AzWtiIdIZyJTzS2kJLgg3jQKQOMghvB qesshmE+vJi1UcmWzbcq2dZJ8Pjjwp8JRVdh7ItPHDhibOlIfb3MxPBu3hEL8097IYxam0TR U+k1t+E8DdYM5rk8Et81ofAatRrfnqBElccEGI5zJ07hXYyWxvm2KmDuLA5EYPoKxpQlAWrH bvUuGfQZQ/qvBveIAC39j3YtgouDXI0tPuOH5TnqOHA+dwbniyEkw3oPpfvVBs5xO4bVBFzA 2nmjCDT1ppikrISgm+pD6KNldqLXSf0GmeZWgrJkDxCKMmgQ0cPajfP7jApKGO8MpdvCfG7s B2R7Bv0LJN30+MhO0jkrbNHj6CRa7uWC1E1l6KKT23YYi/yzn75A9sPGBsbh97SR332HV36q zJoT/NdEQyX19gTj1AYootT0NHTe3zIJUNpGsFrLiGXbhR0cxsy8mGlKLGZog+TSnOaYp6Cs fIaXgOtb86Lfb0aGAjysmH3ym4GUHLdITWXPtbbcv89uuUSNctje9BCNIKwA1qqHfQDwq7Fz JyI5jbIffJf0g66kTE6AW7RvMy5pppVTDuwmgqL1lZ2gfQccTerHMKtaDJN9ZTKc8zks9QeA MQ/RhPxypXCaASmMEdM/BuV5byK5q9NofH6Sxa9ZX7jlZR1737m7RQsGnv9I9gPCGk9a3huh Ocyzkh+fVONJLeEL43o+/+j7Xc5vx6knqK9QPDvF/Do1VBP7I2mDkbA+Yg0SnlZ7YLE8yXgx TBtfmR0z3Fbsx3gYtwtZixZ20FRhJGzDHIjI1rrJlVBr90ErWUp+Ug78l1chRU1nRdN8wC9Z vQGcQOiRDl0OgYMMnkgYPa4uqdVHZFbJjzzNGqy8TKS5NPGlXnlYTPjvpVouHbmEM6YBTVBn CecKyb/CKNZmObakO56eze8dOa5zjFZI7PaSi7JjM29JNM5wF1A6OaGOvvn8S4OCvhTf+IgV lmye6jXeZxmIGgYb1w7bw9pxeYrEMtOmnlApJculoxVSh2H4HsKqplztwrDYcEZ8miEFCKHf W0CJcKBpkqYno6YvwM8LrYZISaT5KEXIiuqJ1Sijqx8NFSpfG92kgp4x31kAbJangTkkSZXA NjD/UsuT1QZjspTwGzR0jxlCo/mTfpWtwd8CqW9BjtF8YJI867s9KNDvAMU54tbXStlskk6e G4YS0Yc7OYjX07bH5e6LXmNrGCVfucEdAih8sSd7IIneJYUBVPjMCYDs31vTAcCXInYUfODr Of7tcLWKHwiw8H6dF0w/BQuOBZt1iCmaFMdl5TJlsBl4TxVwhT6YLZMA+hvXqJnXXOBiw9KA hBIU0wSmdLb3BiufI+IhvrXs+YZ8AbcH+XOxjsmGhybrPI+CNfrMIJBLNhbYtU/IXT8TRZUM ViIcp7AWSNHQK+/Lm+n+XuVgHsVzwwZf4dYhPgsQu993ZS2Fjg6bX9Yrif47M+hPaqmiZCrw duRtdvJJ2zBTC0lxoRnV+KfcnHKjW+QW16ME/MRI9+3q96Eln99lmnHNU1giuAMdoxL8jwFK wfB9JMYQ7TiTCB41XZAXJzi/LgWCe/VNSyhv4YubajkI8jTE1qEIeaWySnIjht+aJCF5zfFx 2u2Pr80ce2zD/xadYQEJ2LFgYw7t8StgpJ+ii6LeeimXU9nYU+g3xOR6NnG+AochmcniX+WJ o5hiutEKWHO1k7+6RVFYQoi9heAfALdq5lr4b/P2kFU/u3hIDYtoIMSzl4Rb8rdOrzphMAym ES4SrM4vInOswIkXLmjzh6Hq1g5LbJv/IihA+TykNe/yGN05YQT9x1/cyuwsPYoa+GYdMQav +DjZA/psXHwr5aEhjLa8yyzjt6DojL9asonwq85phc8n05xRCVH9lJGUkazuURgA0404DKLz Hqm6NCHlgcYhvwnSv0Xzejyz2f5gC77kFZVauk8BtTla5duzdEcud5YEaWhvEKb6xg30VYfm a/DxkDKNXkn9VHvQEiU6JLZNd127PfLWJayTOQhWVx6r+k1Nlbd4V2UuwmtgqHXUytmB6jZa AznC3NGHgY2nREOZ3R8rbcrzH+91FOmardWR88pWayrx0klZpbwwsajR/0XH+C4U+iVgfhGJ Qe1ikIFfmlew2wPlHTStwqqki6MxryZxHLRbISNUx2R8fItMe7Y6PojEKxj1ZkYwYeDt4LvC KFAfJjO2bYi9ZRHj674XJs4cxnJpwm8Tv7yfWPDVSCqzA4hjrzjuTUeuyBgunKvlRqdOdzPP evnxYFWDDY5NGXyTqzxSWgUtemCw0+JWhwIX0BBp2VbOxYm83otSiCsmijBvvxMGyC5CJYlF 7/lHcFCO1z0qriYVA4SDRFTZ+wmsq2eZj4Q8RlHTypRxbOG2IZqmO1F3C2dWJtUNXfxnH5z/ FycwVlnKDogrZZgAsJhV7S4tt4u9x0hqodlAXXB9ufOwaKh6fLuvFMbj1mWOdtGuN0lhqYtI W0N4jhIcJ93P3bgkOHRW2xFbp4mXRzWdKUFCwfg1uZqJPLK8FkWg4fLYuyg0BVSstuWheopk /RACaQjj4c5ojjZB2NHBO5+mYeJyOf/6k1DE2ZwoTnGTgVT8pWR/vx+Ws9VD60lvgTGY9PJl CucL4p4KIn5HuY+wgnD1yAnmFcN9SXHbAMB2BWWV+SekqdA8H6jq/ICsbEHOjv0YuCtUMpEz u4UTk0BZvyx7J52g9H5KAnv5RaXmOkncVkvn/rCK+VO3gueCjV2matrCb1iHom1paqN6Gc09 lrP6OcePmQp+UWhu2YwOJwH73O6FS570ph5jxLxS+dlEPfZNLWh+s2oJ2ZHkEgqTa5Oym3Mx yTjlvLH+G+C89HW+jvLoSx/wUSoHmA7wBa0/Bws56MP2k4mKX5mXxjEq8iR4It9EaPbmDgPw aPUL7Or7v4sFOjFwqGlF/F9jRMnBNIhVBZ60esk8p8TwWGMyjNxGb+RlDDrnal3YOKk9/cox tjo9kM9fJd24PdEqvO4brt8AWieM3Z6Vrf1D/dGKRi7v0j/W7DKCknu2xUmXilPSWH4Q+lx3 IW53N9/7nfuDx0RjRxjhWdlWvk2ZXnMW3MdWOO90YHqkoRgrvYWXwYYn+BdR1DMf4nwpNSWo vGiOnFuYUvyVwjP9Njfn6Paxz1lYxUPbMPZ1HvIxe+26vg4kwIW5SaRX2606cce0bto+gKuF C6Y6xEZceSTV/jvOfE7bGKOnc/7Y/2fl0Ib97i1QFzHQv4FdVblc66uHeQDBvm/DMULS6bwi UBM9m83ofAII2J5W7ycg/596Muj5PuyXKmaZ8OgApOGxbhlqIvpx0gYa663QUUJnYNfAbAWC jbB6uRrVBXQw5f5dbWRtABIxqS1gK3O3k7Ywx3nve1nz6eHD5rGwpXAPQsJLO+Crqn6wij95 V4PRJXKt4I25ELgr0AbIf6z3n3iljPNz5KFGPMVUjTjohxDtqKfkgkD++XSyGdn8GW3/zs1m FfxVRY4adulFoVcI/+rar0GQ4k1C6QgmO349SUKaL7AYQ+V+TeKDOs7Leo2enOnET9oxVX/f RgHKvhqQJ0wCe47E4S+mIgQ5HRoir5Ka09hmhIvaRbagdHpY5QZRCUAF1rQlVzBKrFxj5fwV ekb/NQ6zuKBwNju9E5H61kv/qvwpBZAyRN0KtVfuxxcqy7rXXfR80lVnaDaIpGTa3GTcGhs+ yb0Sy57eS92orciFIo2aMOdp8DnHb5UEAXcY5ABRor8Q0nWdISIl13R09GJTKFE1wuQNgWaG vicU9n+4b9QGWky106E1RcxD7UuFMG/3gQBN7RIcilM0BWxAMjF9mjN95zmOgkcTGaqOm/W+ e525UrUoa3RBVQqUqkxNj3yyZYmDFLY/+3C8DfRgpJ3cC6IXjgnaSqgga6lOgic8vxiNHikz c9siOIUI8EdBbCGEC8R/hb9C3KumWdOR1BxUdYEx8e0oBr3jBMOzYNPr8G/8bM/eeh0DtnA+ XknPcb2KivFaGEoVsyNHpyL4NwzkXipLeCvADJS7H+lU8hA60Gnjqoh30pcIKx/u/mVS0IfD JuMyd6OuVs7Mfc2WOeXfw7Fmuu5cxT77yztOchaZKRIHWlyOWvoS1YkQZG47z02Q3UxV4dtk H4UA6F0/KFtDhKBMOitKgp9uBCshBCEQDbFLUNyTnhPBk4tNthj0o8IpypTyhheq78F2XAtA h+JO5suKfBKnOOoPsY7gUjB51ReLmSI/0QKuxlXImmU5fL+wlNmOneuACVGi4uKVtHzXNc4w Zfrk0dGC9ODkfJg+yBlMGhLLfyl7Oq73meeJjz2teRx3ijKpkp9t/lcdlRSvkPgyI0u4Ozac Sp13O+XQseF8NPBWiFPuvcYoqQUp126T0ygidHqSe1gUcZkJwc5sztrO5KDSLDOX5mXd+DVD /VkTK88VxZ5ZX2My8P1FHEGPQcESFjtyImlc0wy9cPa0YpgH5xs3g6HpDfFOdQkkOomL1hcA JnZDaq37Oc+ioQGmQ+tIYpoUIuG03Bs8n7JVJcA41qXlqXop1A1O35wgVREJynCAtCMeGXOL CAAif1Swq/4ZVULbhAoI+/PPpRdnFBu2yYKkB7kUGbCB4Z8lT0wojYQZXUV+wwJMDVWQ51Hd 8BMBn1aM9VMSogd1WnlEBvr7ETOepjv4z9uNuTfEmNVZcXO7RdESTDJqn2yndj6Np1wmbbr/ OvbOeSF56PoJ0+jbR1T1+TsMcEn0MMLjOS3GnE+x18Hrvzw1A8O7IH6k6fnmNxoOA6VRDHSS fXdLJAp2wvIY6cnbeyfVRDKeBFK14+RFrr1JcAXf2hDiyinav8pjd8gQuPplYKFGJ7DnFw3D VNU443jP19D2EMmDnUBL2lRotGJlVrJuMUn8XrpRs2W273CpzDj9o+Y+qR0fJNZp9TA+xxMQ xLb3qhY1LfALjnknZT8Zn3P6MXRk+way0M8JQxUfr5sS+BlsXtCaHi/heQAL28Q224flKQ1m f3iHV0IJMqUs2an3Hnh1c3up6tiXHNAzXLThTqMx6zvysAPXOR77uPEKrMcCmEYtTprv0pw1 FQaod94FeQ3uoyiLkLdF2zIHMvQrmHCBaJKQWiw2FPNLe5Xbul6jADlxNu1m6tKz7CT2tSOo iCdEHpGYooW60/SCvQNQtUhKsRXr9k9EPK57ODy7VovwtawmRQroThs1e/p2euZVODIG3z7b xbjBdxZlZqZdaNBhaUluYJ/8cOLGnovxMw+EFfWC12qB4chKSkapuuZdvOnXFsP1TYghxOr1 uKieQdcNTmPpOk9rv1jb3Qde+lZYVbWXjly70lQ/bCQKZXBG1I3CqgBqLqXUu7KtDErHfzJA sUw/C9Wd267wXR0OqbO9qv6TTAfQF1xuFi9cAnXzrqqdUb7yE+Pky3uNj6r0Ou4WguOn2YZ9 tovR/1pCGKdDC9YytV7ZOQGyHgTDbStmyAMf8eRsl8+X6FUuqC2ke+bziLMLL0VMRZX4oK6y zMgzUWBkPCANTDl8/lPGjAwvjALdaUtjk0lNVvig+sypSCBgI9EYu/uk4sAcJUajPWV/kxZ0 3QTyGh9Qr/qtGNSvRw3UqG5EEIAEh686NMChQy/dXdmgsU7aWSDujTEs6eFH1jyopSlCLTqo OUYUEODnKB3JgNvBmv1akqFDEeE+9UHj4mSwwXU90zQ1R5KIekN/xRQKqYT3g9Lt3XzwXhAx 22hb5azqEDqyzbcvvCLg06skyWsUSVL3pFDjUBl9m0HzUhsgdmVKAGt+NjfxP0yPaz2HOYOw 9IgdVTzgmBpFoAlw6B6XWsr3PZGxOR++BywcPCbapS+TAcsRt4a++9s9+djERFIyjTHnC8Ja oKv9dBnrn9aybuf+FyhoFwdFsX/ktWtOc6WNwSVryBE7HLjUlYTgRLmNhx4KfZDUbcZ7hgsY 3CSksZjHz3lWVRvHs+wRgKHKiyNklQ30gz1bsYJnaY1LjToYMcpAEUwEBJYeBZCfWHcY0RZA HmCI0sWNCSpEC/5fHZVnBmulwwdrSlXUeAHesyw/eX+TWWiUDPE5lxVmXUR3NuN2rboKkiw6 TWlmfbeLFmv45DWJ/XQiacWDv6DzqGQ6KHF1CUyBiLae+tHbX9dRVgoTWGDbyMzRyhqPjT+7 uXi4PsFIbXBXo4NCCHZv5JTnPqQlQ+lsWjSQsF55Vn/LiyPdAzKoZDDN5ahTfi74420emrhQ ixmnVQmcVQSMu0rC+dxzKwko3GNUJAJG7YtkkOK3yj+jSWgYHWUias623qWCwePzraisnV/V KAM2HUFKudLEf5vhINb5Pb722W2Lvi2tYDP93Qz0F3gl2RuQgJzkWMRsnlXxJLeVH5x9iNoV t4DpaFuiQRG+WJxgKAYr+OwqFMl0Twh7FeDBt3S1lnNKoCxMo0GaMJM8aVFDZdnCZ5ujZn3T jh7R66zf78vT2h4J9iiuZKHLKKyohmmONxpZPRE98EYbDudcugCFEqrslpYr/JIcrLaz9KaD GLiQabYHfkAfHw0mh2P5P/fdC+EdeRB0kP9G9fJUL1TLJv8c3Dk2CjqMWArm9YxEBWp1W2Ce QZZt8DBvTxLBueaiV4GVhwnPAVLD5o5E8v/8LDgugCm3UbNXw4i3XXyx7V1lKYX3rZXSOJbp +kyQu5nshuISdT+878QO7eygdlb6WQm+uUYKNPd1++otpb7/LDTfp0S0eYK6HIm1B5J2iLos hmoRPR+N/8ISKS0f74VRWjGlogJcHaTgMRBQWLHK8kejESAzC7YAV9S66cpnh+ecawyx9q9P UAP6859WDf2f4M2odDvhSCQgSdJy20CnD54kfuosLLXn5zOGiV2wTGOx52FjObWZ9KWDEBzH YgwOdYB7qZjhKgnEBQP3nmL7I6pWJG4O4EYO73FOctmmdUbXUIOhblk5hvzAHt2AWIbpbD9e DDA/v8N4jWXjSYAxKQ74vBBbMLlE7MQ+xKFYxiK1iz4+tZlSWAipmHVkSJQQK7ODC9UHg0BH eansOE0KFo5DnVsMvD0Th0sv1p6YNBLPZMMsxjjcoVnKD2Zw6BqV2651CsIALWOa1rFDPG6D PbUWyKTVxy4sZ8fqxapJ2SeFSkvffr7AWcTRItHSFZg9L51o9U/TuSe7MWISzKqF3fD5n6XB BU9i8GemFEYUCJPj4yRbEuYAGW643L1KY43GeUuIEsb84RaUy8fPj8Sd/2nrd6rb8D0KdUwH FsTgt1y4a2AN2ZQbA98cjsOzDuHIsdNj1lsEBob7TeNTTgWuba0XfZGo/qptd9g351FD/K2G dQQ/y+3Q/Oe/M2HHTtmzyii+U5kdzKbakRZkMNcvopTOjFsYKCYp6rOGb1HYwwh0hyama2Kq xzPtARJsqyaDhola+6IZQPX2B2Asfuy0CFzzzo8flGzEZAzFdrhKDHSXRi1kiZEfBWdyAs2N cHWMK/g7SPBrPjYxJ1EScZaHoNr913IlbcziyhYjqCXwAmu6N8jQZiEl0Hgtf01V3ooWyGUc 8bdystKb0TrWKBTDp4Q1uAISQjGn+ugRoB9uzj97N81JJ9o4uHpaMTRxmcDXLk18ez0TzGaU Zouce33GrNsDWBCRMyJWpNywE/sHIfmLFSB8PwHlXlBQQQlHIQLtebz61tCFrqT8hGUeVNz8 I5iVPQMiGhfvhNaOTWg1je/FfQJb+05uRazHyiUQzRkBVhKRC6d+9vESs3Y20koNpzKktzvN TQKjzP+dhFWjKZTFZ1wovQ70+woxsO7z7pHKBgmcm0FBoq4iADU34sAbYgVvoN1usm75so+o jaXlMpEH4+Q0cv4QkpZZCiJCdXNs7yLzEcBdtO0XndDaFLwBto6lUAMlphzWb0MmxRp2Kozf cbiuiccO3vB/jnMdqH72xN9e2wdxvtFttWrYljPZDmAmqg3p8/+XIeF6uXX8hKk+iI+GgyP7 SVw91JF0qoNdxGbiGtLV//X+AqmA9yakttQnINdrHRw/myV92OVUaiymlJmRBufXniGHTH0E ASfr1BSut0ov2FFds8dj2d0KX6fJc9H1FBW/HVJw8fXwHOTqR9As+yp6uBtjHCXeYh8WtJCU 6ofW1SZCHzmZkJ611yWB2a2kFu+tN6lwyuL6pAG2X3z5GtVVAnpFMurxQ3SdULro+Fb2Sk5/ fTSQ7ZH9RahF6mwnTC1C2cO0pJdCFe64I4KoV1F44P02PxIkx/id2lsVyFufgvjP8ACn+Xa4 Enu0xAAw7dNUthOFIiAHTpcUGbRR5J+Uwob/B2Egbiqd1eoJAZxm9oQH6XijpumyNZyh42qF A5lIbw+efc6HjZ2VKWqN+AWprNslvAYnTW5PV18AIgyQzWhQJr9CuvSt3OmsKhHWeR8xLXdM CW55Ddcl74cxhvfPacY9DOaIwPrvkowmueWqTlAFeMK3xI4Lnqko8hPwHD91eaOKLyDSUCws 5ZkGGF3r3GSAKRlIZNfv2q8I5jUUGjr19EM2UAjyBqs4v6wUFfKs0eME4BN5XyacMI2nLHGM KZGXJJiC/aVDHnJ9pWOt9zdYMywtEE9DuIpkj3cxaUHW9tLBs7T/8yMFbnKOsufXEb4KpMMM SnS3OY/am3vngNpE8Hhn/1x3cfYOs/8DJgr1KlX2fDH0tmY6RIoZ7b6oHcSo7ka7OoSHbMoQ Sf8uJj/wyYd3zh10RDM50hVyUTF3aT5br/UleSNLSUHWCa+lTeoc9laKD9j9KdAEzhO2QuVW 6LgJvzI1i2Qraj0UygHLIEjIhdWDvYoYrR1/k3+EaqCQ6BjXm2SP4m+oYhfSlNPWgYqUvy6p RD4TDkJTpm7GoZQi9J9CtbVyqqU6fOLTH4XBa+q32N/kFHv1KOJ7M8kwK5P3iHp7/PGKKMMU Pyvoel/a1hTKfzDdMHwY8z9LsGcdWltj8QW5eM9Uk2y2gUHW+4FUq85PHBNVqW7dkQvZtKRw eilVpGYnOtU/Ik59Al3Xb57bgigo07ml0VY6J2eEgs50gPvkS8v6ceH8uuHEykR8e/5h0Koj BofIzse38FGKJRIJNyRnIpTKJurGFMUKvgpYTLcR6g026+vlUwYu0n0XhPZoZDwUazp4rneG k+bA1LhfgKQQBQO5AAR+K2dJVhxO/PPh0mML3VdMehgL+kUF0yVT6f7hrRAcNbwHp7/5Zoxo ov4qwBdlFV2wBQkwlMLsZQzdAkqB5I4IdTfdZjb64Fc1UeIoNq4/O9ca1mRcBlMl1IoEEEkD nD2/2Wvg+8ocA1tp/kalB535BBHMQZ183ZRfEFRaHmLogV2wXsJCqFseMCTz5M3Xb6sfGrW4 HLS2KkER/PSUK6gDL9T2dmUEHmDGrl/1YyeCDRtCGL4CHPpieod3GGL06XWkPz2jAyt4jkUk 2ZFNsHqeX4viHvm5W3YYejqgxoih8sXQT+0FOODRU91BbVfT/tBkFPGh1RgrV5EYPn7qbpHU BbLIsExjmUy5FZ3b5Wg1fCNQzezuNXTTyd+nPJ5TRQ+lxzEa+tZJ0LXTMI0WheVuEnzaY0Zk Mnb4HWrg6v5DDkhs8lq/UlZf00QGR5ij0csd7PYpAxF2yEjuzUW/nBgTbDnTL74u46F2oEVS pTsDVU+eVTnY7n0VGOFl1SSU1Gs1FS9N7GIus6jFAUbrA+YyNUtbkSumc6A6dN4/1D4UchT4 F+vKPuea7DETshNxacbeTniyc5+6Lp490/RYjAGoRcHcs4VSAoLJFU5VTiq0g728dStMOmE1 wJJtWXFGWBfa82WwihxTPkk3tz6pYTyosSNhCNMVOGCOqDgMvk5+WANXIo6b91DsNfSerVMW 0I1bc6jCHf3qKIv9U4GaH5UzmmC8iadP0bSQrX3pJ0w2Ee0ipgh0fGyn3+1k239m8blp1anO zj/v/KKGh4By7Ome37EjTPH8qr0WnX6T+oCW/FSn498qADijTiuxegt1s0nzDA+LzNsBgMxN /xnYxtHXjbzFLkoz5HJGua5ymzx3BygaeFaUYmikShjvtLySa5xDjMKOeWAFuwdJY5lVk7H+ nHQ/8Fl1l0zzr04SqWNO9SKes3wrDQusnPppeQMy7lm7xS98mR71meq2FRZYiUk+sh2N2wI7 HflkkMxhASG5j4gAZKZ1F2MpilRsudF/6jHZ69zlZaCqeGNf+HhftSLWC3qBuBlZiKP8I0z1 QuN/BwZ9Hjxt+iB5JOOmLL2QS1t7tFYHBU2/Mmi+1IIkshvB5N9lX/G9BKoAbIwvz02NquKR xDdvEdxD7Cuc8CGfppHRSwU3kwbKBsJe25MmpuwfyRvrvQYEam9joNplVVyN9sfMzpXyfe5o d6gXI+C9jSPQhdUV1o9xnyVrWUZLTDqqwMEPygWWc8HXG1KBduBhETNNStRox3E7yFt7DSG7 IFop4xzS97nelLaK32b0rhKd3/wCi1dxqjvPDHnxOchqktsSAQA5rTEbcJYGGuSRBlXaI/nl EpCXiklxLbi79K8Tc0KxKcOy0LOJksyZNS7ipb1TwdwY2yis59+nmLtrSdj2bCBfjDw15TpZ ctn7AcifSZ8RiR5nW4uJEgdO4WnierJTwP6r8l8qNBy4SzT05k0xC79PCJPJCC589/q/XZln DbsjdXxINQWaNXbWPFEPyIrqMJHisysttsaFEiIkdnmuqO3qso44oZCrSuBdAbRo0IJxOoYD ZjP4qrJqc41PfckbEmjTqUVSpk8oO4HwZMFIBH5asOMpOXMOhqBq7rQKnXtTwFC8Ll9ZcaBU uf/CYSIRLI733XJ4D49TK4estnmAdSI45CJNEyKdaKWHRoYA/zOOqVcBS394vTsOOMHiXN7M olaZ25rHT3lEO8W1+Iu56Pvy+3XBI9to+hifGWlFn/R4UQs9vAZFvUz/bI0mPRWVpVVqYWhk H10Lz44zni6aF+0xYVfUI+DIl2WzzRYHDPffLsz2BZcEJPbZJtxkti4mOPfkrBLDvGxOBA6f p70Xnx0sdA9hEv24YVN/iFmnyFT01NNDtNN5vldz74nm9Cm459KEfp8k3WS12BfNYC5C/v1k Hzps4Zf47UP1sOYbjI2Ar+q2p3iAUKZg4TfOmUKbKWHaAuQtJ5v0XRq4G+MUym8PIbC89A4G lROhFmRZcfacCgGQ6Dv4h6o1BctISsfzcyuAHOxbqT2bbe5ZjPf9U2HNBwM/W5ZkQfO+DgHa B85+rGP3oXd9PKJbBqaJQ0wvqrbh5A2Zhu4h4aNbff11Ms4oo0o4fctgMm1Qp9tXaCY2xqLM wJv+YBgT9Bioac1MFirLJI2wwLnAiMrh6y9eYQrRc1t6zqBcEWSXXXk7Ybp9fdyXqKyKcRSO bOs9v10jL6plh5NuPP838x9xfSRLd1ZCXf+Y07/sxN37qx6bsntI8wgU0ZzdQsFVLSYF1rUn YjLwiQUNiKpxOLNvLonv1IitTveCTc5w9IiAqv9mL/RmbYxYlDa6n4DQq3p+zRG/O3ilAHnQ jsX79WnXHUGBPKpe6TVt/Z9xdEGPIwicV1ATgOOKaO9KV3zkkNyJIEBKZbxnYRC/2Bxpg/q5 f/iQ0hmHMoEpbkTRpprvmWLonZ77qqisxhT6E9QR46LaKV3KexqmSHAw4/UPSRKEGo67KvJ2 03g588Px1wciD8lYGQeJHBio8+gn22QtXcIYJKqHCXoY3TZH8gmNOn0mDWpVp3q6AJbrdsYh Hn24Sdzu+kQ/88d/EFPU+YOF1jR/WaD4BKFfkMPYRNuNJ+LLblMFOBmqERe/0cjYDF3QmfpT lF4dV88ydlJjiRS3UzjKE61LoAx+5uhw4V+g7md8oU2KTI3G6vtQnFkNCNFcW778HNKhLEWw vFqpKo9jkBIDRcHm/tjdypu2WnSkK/JKdXWmoOR2cdbE1vYn3aYSqhplo7LEu3DUrSeJ6dB/ btAGVpApoXZthghiUZS61xf/uYAZFVZNYy5O/AwDe7KMutN6ISljT3qxtUqKvawoKRR6mkPV gVWzPyMuqGV3Hm1OkRck8MJsEuJgiw0EecqfMyY10dr3Zryh/br+3sUi2edWUPz0uBurzLO6 vykjJ+7Re378KtdmwoFZRqNO25xCXz8VU6dTk8n6qrswJzSEIcy7mZJyMzjQ/t4stZqgcUoH u4TkbzmWVeKc0ra0is1zbVrdErPMyPYUOqwBrTyzULu5umP+lEt8IgpXiOqKa+TDmnP291Mf tpfPa3T4p+CoJoythalS1p1IyLvewqaRccwBAKYlinDP+OHds6wgHQstykUZaqABt0XwbU93 07wyLahlZ8Ej21UCh1c75/gDWuIDQHjB9bXtYDzId2S07EpdVHn0vk5unzENXBsLc9Fnulx6 s6kqs7dtdpKCSJyJFdNgt9glxUUlSRzNKashg7xR9/pqP6KZxG+tEmsNhWa3v5vPd6ym9ZcC 4KmryYPz7NRkSwpGi9sOPCttmAOCfX+OSEvm8LFr22xfBZnVVWSBBdQ0kht/CS+G11UUdr8h iM+52iUeu12iXEe43ie5iF+/hZqrftOuio3Yv2OvDUlijZMjzT5jjJW7EYp42VpLF7UHi6JU kiLn9Dv7pji6X+/A3B65wJFViBhhAzetPKVG5AZ+Y74GNkjSkb6nYHNJ+zpyMm0LuIg2NAz9 oDSwlCS2N6zlrdXiflYTtUZw7voNChXuizNm1gCOJQcs3mVjBE/KoGd05Iu0GpuV0Sy/Khn+ oN7Mbfzwe9TxMTWqZta8K4Y4+kVI20+jr3nXmqe8rS2WMPzQqGlUBwxFPh/n3H3XTij0kfwr j/x0z2+jDd8YwdSNsXVDAxH6KWY8BOzIPNr74tFDCdBtiUA4tEMTVXQ0kfSm+s0lAq8YEvmR mNUxXLPoQR43da9wleptDwR/r1Mm/nFba0wKk4dUnIEDH952t4wgIH+BrNXMveFrXOncK2Ew 040TXE/Wf751jXHENDiPxgJMCoP9gK4AqXVFUmcfMUON7ibekjQ/jU75X47YnX9ewbs+mUqA 6REiiYCs2chPnCTiiPrFTlYiuUeEt2eSKdxwCIvEJYTzqwyzZ80hSBjJ7s9VgsZZmNSCBE0o g9q/jo80GNWVW/nD1g8rBYjfL1NR8FnQNjJzw754GcfWW4ak8aEfLKkTMYCle8CmmXNOD1Kh n4JWQa0hEUaaGsGbzzYVm2MdZvD9HaBPUuUGA4gmXn+BhT0Ir0oTaJj18DltP0pdSFqlPs8y 4+1ekzY/SF2tbwkOKG93bkC/bbXEDqHG48+AF4WPPmmA72ixVK7FfJMFmu8YAPQ/2TFCfoAm uihFsiKIIVQ6TCVlqZUMplZuSXwFtCCBQ6qCuoQzstfFGUDiEYpP7R7lE/dQyKZBQTMto1TC zYWk0Y1PZDT3QuUU1BZvl7RYZlwsaGUfRWCqqVIWE2sFDNJAPmDIn99gjlgy+E+9tGaAXSVX 8OT1rLk3UlE7jULMZioI3jaG1XgRQRH9GcRc7XMEudkOHy/HAb6xHWoqThsD9IAXu5YKV/4i 6oSy/buz+M/2lWbPgUKvcf9PYdq0Ucz53zeMtqT/XnHZ2+i8UbalXiyow4y3ScYrsPgYR8ZY LHeWbUl5JCITboCL81m8yfb5l0Fq7Kn4SJ9S5QIeprVC9e90byKZnXX303O96X6aZwSY8dbN SkrtS9Ws7rCb2KVTQiUCzcZLxi22FAA9SjpLtmvP3tH3o5GGFI7T0Zis/fULlzh+Z6Z7y6G2 JG9sSjskqS+WYaWZ/cS3cdzzNMaHCakmrDEa6fypIVSsPG3uo+OmhkKJaQxCHIs5gdVTsVlw Mw9BoZIawtX5Bl2lTLwwyySeYKjekv3Jk1Usm3arvfqXaOrfa5P4QfMqXWOwws1cY/6t0pTm MBQFP27Xkj9yPpqy0gSp7r4QqMAfFdxMyAGGsY8H9drEh3nLpV/eB0Tw+tVzc/TjuILCEuZj KIl5bP9QmkNA0j5FkW1v8w+D+7YkqoHkFUjPx054JNmahG7gsOZjdNPlcnj/MAnwDzq5RtFl RK/XXmL6nFOQXMrVqEBCF8kMNBi0nskIvoyDaNawr9nJcyvQ6EopemdI4C0gWh6uO2CW3+HN fd4pXpxYJAtV+sd7DLt6Py1fqYRx0Av/MtXFAbPG9NbVwXcNcX6s3TwYeD5SQvHoLm5l6TLi QT867xtpoxEeKhVk60ZOAiQDbtSATnUP3UC7BI4eamcChL883WlKUZV3szyo13YAa7oG8Dk2 oZqGVVZXUrscxHfGFVDvUkPcw02DrZ7D+NTOPSSe20qJynBOlOEdDdnNBRFUtjlJJilLqKpx yCEp9AteGFpGWYcB6+WPqLepk4XjfkvuOvH/c7X5gMpz+uZ9js+nEGBbd2XxFVDq/3hyUZ3s 57ctxkgjVCbfYJGL0a0W46jOLkdaLkrniWG2eHuTSX57T1b1jz80UM1wlN2IHlRCzJCmT+BS Iyw6pUYu0uVYxEJEnTMwe7MDDkwu7lRH+u91bL9kg0HlVgOHOmNq5SiFzRtogAkdaBMlpJSQ 31C4KoZm3ZIQG+ZHc6dNEOnEj6Eaiun8rPGE/ol4qd0bPuhC4tU7VYc+5s+xgEgjIqtVkPSR S5xCqARHcGiLPRdrE0kYUzimjlhLLzqT2bYmxcx3sHzZZ21SR8ykDhHwsLVBAVN1qE5cMtYs 0vS2Q3k464Jglm9PeVgtyiCAeL3CGmu/hhzuwfriZPmoHlFgemwKC/VFxr2XlIh7/v6PTQFh bQ4xBceA0zLk2C7jpaWz+najJdARfnAY8k3r1N2zaLvHa7VfleTs4TC40yxgiykHgAdNaDoA uaY6M7Kjc+M4jhqBvNABTeiilu3gdH2rxI/R3Fs8TzjYtSo7OwlqSWZpAVO+rbD/4JCb6UuQ 9KY9t8NKG7HT/Ns97qz6bhwNyb92QjDLeaHc2v2tyhT6WfvZHF2jtNKusJXu7eYlyG3poiYR O/VA/tzqXR9sw/SukmmTfamXjt1xGzHwI1EXJLXPzwvQFoQYaVXVHx5/YqM9SdrtaMwfurxj w3avBGHR1icJuuiZ2h7AX2uPdg/7scgnezs9Y3aP5RWzMDpgAVK3ALAQEMmGc4EpJlo+wmkL VIPQ6f7EHedLBiYqG7lhwaRTKUp7pb2j6l/WOj3rbkqg0WzIAZXYQ3O9eQFbJYOTt6qjetJP OVhoi9vFf2LmPcl+kUpi70VIOHbzADjOG18mY/rnYJPSkF232wOh1TF6mdeHLPn1CH/zMrp7 W56lN/1yVjULdF5RFC4MR5+KwwqlCwCvBuUJOznGb/E4hOs6N71bXotfSgsHNIA7pAQx+0Rk 5J3c6vXxp1ipBmSSmgwvN79XJSVc6yrt3gDcoGKiehb5/rxm43MYMRkyyAnAE2xYX6ZfChYw vVI7+BRw69e34VQjVqabZfmzR5cBQ82jvtpbDfN1jBrerSqa9QycUTzjwrJg5aY2xKqygGx5 FpttE3dm9T1Z0/dVLdvN7MIA2LpfCgo7xH/63Pl8BgtzpSCy1p2TeATBkZwVUCjNpPfQ0sAm DidA8m6T2pNIXxuyDpUuXu/ZJy/7Zx+RFpMTUscLQipvaASMkxUpPwFhKTm4AYV5JkiX98PN XatcSaW9RHPTqgEL13vEVgDsaoowHykzQ2EsIY0ASKlkzQSYPC4eoBtx234EU1EheGMDA1Bz 24n4aPUEx8gXUFqgQi9TQOr1RfwaKzYlj8qsGtnapDxsLEAG0KTPwujNIMyA+4x+zYkR6byi 5AKmnzeWD0h76J+GgCc6l0oh0S8w2Hlc0prdLiuboG8qPyPXhJCPhXIwFwrGH8+fB5nAtJFi hQNSWvp9dXzDrXL42z3+2b43B1A//TIAs/0GRTHpd0/MKxXqq2f4PQywYLkAlhkLfnTu5fl7 VKfYXbcPkoNDU9JdOOAlj1p2/dV2OdoFny6hkkRLTZxnmxVe/c8ShE019xB74ZTXchEBvrg3 owRE+HwTPXXGEz6ETdx/90dk6DYRlFonzzru/MIMpcOJkPFyrjWDwexluUMRx1Wo5fi97l04 HT6SnVJdsDtmZsLmOFnJSSiiebS0g3vYwMqWgVqVu1co9tolX9M30eZOyyQcUbeZcC4tv61p 8WW9D8I6dnFk4rJVF0aEEDDsDrXI234p1FQoh/vqs2gVJRdutyiun0VlevvTBJ09+AcZFM4b 8Jgzb0XxEEDqqYQihRCL5F+swb+l2viv11z7qaBJK3TEY31Kpcwzt3iD5crHtiQ1AvoVIbDG yk53iXqvtnBV/oGtRGElBYS53bnjPelXZjbHfGAZ+CFtW3l7nMaaAre4M7xRpr8yDpqAN6p9 ugO3JLOcezZJRiAvZyFzGb3bZm094V+2BUnNdKTEx61PuHlUPRNYlqwYBjMiSTkrmXWH5Alt Sc5btMbFXuMZfxvbemV20ZSPVLNEz7/WeJf2q5ZqVOXdX4XGohZo91nZn5RH/68LRXdgq901 Gf5R7hvAerxn9nXa+CO4Nb0/ttMW2BazVgxmloXf5FR0gEgx2fPIe8O27/DtEenmHm2OSg6m vb1XtBUR9wovWplvJF8aCl33wAoRd2dGut1Ol2KiwbOmQ723Xk00BB5bejFwUEsDBAoAAQAI AMB9wzB/NfboFwAAAAYAAAAMAAAAbHZ1enZqb3Iuc3lziNfjSYv+Hr09EmI18qf8rcFjjK22 doFQSwECFAAKAAEACADAfcMwfxGmYhRWAACEUgAACwAAAAAAAAABACAAAAAAAAAAZmdkY3dq bC5leGVQSwECFAAKAAEACADAfcMwfzX26BcAAAAGAAAADAAAAAAAAAABACAAAAA9VgAAbHZ1 enZqb3Iuc3lzUEsFBgAAAAACAAIAcwAAAH5WAAAAAA== ----------vpmoswrewfrumcctyfxy Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec ----------vpmoswrewfrumcctyfxy-- From msec-bounces@securemulticast.org Thu Jun 3 15:58:35 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA09199 for ; Thu, 3 Jun 2004 15:58:35 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 079018D641; Thu, 3 Jun 2004 15:57:39 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id E05678D450 for ; Thu, 3 Jun 2004 15:55:41 -0400 (EDT) Received: (qmail 17045 invoked by uid 3269); 3 Jun 2004 19:55:41 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 17042 invoked from network); 3 Jun 2004 19:55:41 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 3 Jun 2004 19:55:41 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08844; Thu, 3 Jun 2004 15:55:38 -0400 (EDT) Message-Id: <200406031955.PAA08844@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Date: Thu, 03 Jun 2004 15:55:38 -0400 Cc: msec@securemulticast.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-gsakmp-sec-06.txt X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : GSAKMP Author(s) : H. Harney, et al. Filename : draft-ietf-msec-gsakmp-sec-06.txt Pages : 121 Date : 2004-6-3 This document specifies the Group Secure Association Key Management Protocol (GSAKMP). The GSAKMP provides a security framework for creating and managing cryptographic groups on a network. It provides mechanisms to disseminate group policy and authenticate users, rules to perform access control decisions during group establishment and recovery, capabilities to recover from the compromise of group members, delegation of group security functions, and capabilities to destroy the group. It also generates group keys. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-gsakmp-sec-06.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-gsakmp-sec-06.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-gsakmp-sec-06.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2004-6-3154335.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-gsakmp-sec-06.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-gsakmp-sec-06.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2004-6-3154335.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec --NextPart-- From msec-bounces@securemulticast.org Fri Jun 4 07:14:38 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA29378 for ; Fri, 4 Jun 2004 07:14:38 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 043868D210; Fri, 4 Jun 2004 07:14:36 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id 4809E8D200 for ; Fri, 4 Jun 2004 07:14:34 -0400 (EDT) Received: (qmail 32919 invoked by uid 3269); 4 Jun 2004 11:14:34 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 32912 invoked from network); 4 Jun 2004 11:14:33 -0000 Received: from penguin.ericsson.se (193.180.251.47) by klesh.pair.com with SMTP; 4 Jun 2004 11:14:33 -0000 Received: from esealmw140.al.sw.ericsson.se ([153.88.254.121]) by penguin.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i54BEWPA009659 for ; Fri, 4 Jun 2004 13:14:32 +0200 (MEST) Received: from esealnt610.al.sw.ericsson.se ([153.88.254.120]) by esealmw140.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Fri, 4 Jun 2004 13:14:32 +0200 Received: by esealnt610.al.sw.ericsson.se with Internet Mail Service (5.5.2657.72) id ; Fri, 4 Jun 2004 13:14:32 +0200 Message-ID: <4E85E49D1F0CBF4F96EA08E335750D7D0A009E3B@Esealnt877.al.sw.ericsson.se> From: "Elisabetta Carrara (KI/EAB)" To: "'msec@securemulticast.org'" Subject: RE: [MSEC] MIKEY: additional change suggested --summary of change s Date: Fri, 4 Jun 2004 13:11:51 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable X-OriginalArrivalTime: 04 Jun 2004 11:14:32.0276 (UTC) FILETIME=[1C547940:01C44A25] Cc: "'housley@vigilsec.com'" X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org Content-Transfer-Encoding: quoted-printable Hi, as planned, after the feedback received on the mailing list,=20 we send the summary of the changes that we will submit for=20 IESG consideration: - add an optional ID payload carrying the Responder's identifier (in all three modes) - add security considerations that recommend the use of such=20 payload. Thanks, MIKEY authors =20 > -----Original Message----- > From: msec-bounces@securemulticast.org > [mailto:msec-bounces@securemulticast.org]On Behalf Of Mats N=E4slund > (KI/EAB) > Sent: den 27 maj 2004 23:01 > To: MSEC > Cc: Russ Housley > Subject: [MSEC] MIKEY: additional change suggested=20 >=20 >=20 >=20 > Hi, >=20 > As it has been pointed out in the mailing list, there is a=20 > possibility of performing a type of DoS attack when MIKEY=20 > uses the Diffie-Hellman method, at least when the protocol=20 > is used standalone (see mails at the end in case you haven't=20 > followed the thread). The proposal to mitigate the attack is, > however, simple: add a payload in the Initiator message, carrying=20 > the identity of the Responder.=20 >=20 > Our proposal is to add this to MIKEY so that it is included in > the published RFC (which should now be quite nearby in time). > We have approached the MSEC chairmen, and also Russ Housley as > security AD, and they have confirmed that it seems a good idea > to try to fix this while we have a change. > =20 > Now, since MIKEY is in the Editor's queue, we need to follow > certain procedures to request changes at this stage. Specifically, > we have agreed with Russ and the chairmen to follow the same = procedure > as when we made a minor update of the PRF a few months ago.=20 > Specifically: >=20 > - We ask the msec group to provide feedback if the solution > seems agreeable, or at least to make objections against it, should > such exist, until Thursday, June 3 2004, 23.59UTC (one week=20 > from now). >=20 > - We will answer any comments/questions received on the list asap.=20 >=20 > - We summarize the inputs received in a post to the msec list the > following day (June 4). >=20 > - We would then proceed to ask the AD and IESG for this change,=20 > assuming no issues were raised on which we could not agree in the=20 > WG during the week. >=20 >=20 > Many thanks, >=20 > MIKEY authors =20 >=20 > ----- background material ------ >=20 > >>-----Original Message----- > >>From: msec-admin@securemulticast.org > >>[mailto:msec-admin@securemulticast.org]On Behalf Of=20 > Elisabetta Carrara > >>(KI/EAB) > >>Sent: den 17 maj 2004 15:34 > >>To: 'g.s@arcor.de' > >>Cc: 'msec@lists.securemulticast.org'; Mats N=E4slund (KI/EAB) > >>Subject: RE: [MSEC] MIKEY: Possible DoS by copying messages > >> > >> > >> > >>Hi Gerhard, > >>you have a good point. > >> > >>The attack you describe does apply for a general case > >>where MIKEY is used independent of a signaling protocol.=20 > >>In a scenario such as SIP, a large number of Invites=20 > >>within a short time-frame would very likely not be=20 > >>accepted by the application. > >>Still, the protocol should mitigate this type of attack, > >>and your suggestion (the use of IDr) seems a good and simple > >>way. > >>=20 > >>Many thanks for pointing it out. > >> > >>Cheers > >>/E > >> > >> > > =20 > > > >>>> -----Original Message----- > >>>> From: msec-admin@securemulticast.org > >>>> [mailto:msec-admin@securemulticast.org]On Behalf Of=20 > Gerhard Strangar > >>>> Sent: den 13 maj 2004 18:48 > >>>> To: msec@lists.securemulticast.org > >>>> Subject: [MSEC] MIKEY: Possible DoS by copying messages > >>>>=20 > >> =20 > >> > >>>>Hello, > >> =20 > >> > >>>>Mikey draft 8 says (Section 9.5): > >> =20 > >> > >>>>>> This protocol is resistant to Denial of Service=20 > attacks in the sense > >>>>>> that a Responder does not construct any state (at the=20 > key management > >>>>>> protocol level) before it has authenticated the Initiator. > >>> =20 > >>> > >>>>But I think - at least for the Diffie-Hellman method -=20 > authentication of > >>>>the sender is not sufficient. IMHO the Responder needs to=20 > verify if the > >>>>message was meant to be sent to him (e.g. by adding the=20 > Responder's ID > >>>>to the Initiator's message). Imagine an attacker who=20 > gains access to a > >>>>network with high traffic, let's assume 2 MIKEY message=20 > per second. > >>>>Let's further assume a timeout of 60 seconds after which=20 > MIKEY sessions > >>>>are closed. > >>>>If an attacker created a copy of all MIKEY messages and=20 > sent them to one > >>>>client, this client would either create 120 concurrent=20 > MIKEY sessions > >>>>(causing high CPU consumption) or reject to establish more than n > >>>>sessions. > >>>>In case of using pre-shared or public key transport, the=20 > client will not > >>>>run into the timeout, but detect an error immediately.=20 > However it might > >>>>already have wasted CPU cycles on doing an RSA decryption. > >> =20 > >> >=20 >=20 > _______________________________________________ > msec mailing list > msec@securemulticast.org > http://six.pairlist.net/mailman/listinfo/msec >=20 _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec From msec-bounces@securemulticast.org Fri Jun 4 09:12:55 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA06626 for ; Fri, 4 Jun 2004 09:12:55 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 562028CFF7; Fri, 4 Jun 2004 09:12:55 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id 519448CD0D for ; Fri, 4 Jun 2004 09:09:06 -0400 (EDT) Received: (qmail 72310 invoked by uid 3269); 4 Jun 2004 13:09:06 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 72304 invoked from network); 4 Jun 2004 13:09:05 -0000 Received: from goliath.siemens.de (192.35.17.28) by klesh.pair.com with SMTP; 4 Jun 2004 13:09:05 -0000 Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14]) by goliath.siemens.de (8.11.7/8.11.7) with ESMTP id i54D94927398; Fri, 4 Jun 2004 15:09:04 +0200 (MEST) Received: from mars.cert.siemens.com (ust.mchp.siemens.de [139.23.201.17]) by mail3.siemens.de (8.11.7/8.11.7) with ESMTP id i54D93l23778; Fri, 4 Jun 2004 15:09:03 +0200 (MEST) Received: from mail-k.mchp.siemens.de (mail-k.mchp.siemens.de [139.23.202.237]) by mars.cert.siemens.com (8.12.11/8.12.11/$SiemensCERT: mail/cert.mc.pre,v 1.60 2004/06/02 09:50:12 mailadm Exp $) with ESMTP id i54D93on092491; Fri, 4 Jun 2004 15:09:03 +0200 (CEST) Received: from mhpaba5c (mhpaba5c [139.23.204.46]) by mail-k.mchp.siemens.de with ESMTP id i54D93Mu013600; Fri, 4 Jun 2004 15:09:03 +0200 (MEST) From: "Steffen Fries" Organization: Siemens AG To: "Elisabetta Carrara (KI/EAB)" Date: Fri, 04 Jun 2004 15:08:54 +0200 MIME-Version: 1.0 Message-ID: <40C09086.7145.11132777@localhost> Priority: normal In-reply-to: <4E85E49D1F0CBF4F96EA08E335750D7D0A009E3B@Esealnt877.al.sw.ericsson.se> X-mailer: Pegasus Mail for Windows (4.21a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Cc: msec@securemulticast.org Subject: [MSEC] further MIKEY question X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list Reply-To: steffen.fries@siemens.com List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org Content-Transfer-Encoding: 7BIT Hi Elisabetta, I've got two further questions to MIKEY: 1. In MIKEY the key validity period may be signaled either via the MKI or via the key lifetime directly (MIKEY Section 6.13). This may be done by setting the KV to either 1 or 2. SRTP allows also the simultaneous use of MKI and lifetime values. (section 8.1, last paragraph). How is this signaled in MIKEY? 2. Using the key lifetime as described in MIKEY section 6.14, the sender may include a "Sequence number, index, timestamp, or other start value that the security protocol uses to identify the start position of the key usage". How does the MIKEY initiator signale how the validity data is to be interpreted? Is this done somehow out of band or belongs to a policy? Regards Steffen ----------------------------------------------------------- Steffen Fries, Siemens AG, CT IC 3 Otto-Hahn-Ring 6, D-81730 Munich, Germany Phone: (+49) 89 / 636-53403, Fax : (+49) 89 / 636-48000 Email: Steffen.Fries@siemens.com ----------------------------------------------------------- _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec From msec-bounces@securemulticast.org Fri Jun 4 10:43:09 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA14650 for ; Fri, 4 Jun 2004 10:43:09 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 8F9D88D4C5; Fri, 4 Jun 2004 10:43:01 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id 3F0168CF51 for ; Fri, 4 Jun 2004 10:42:35 -0400 (EDT) Received: (qmail 99010 invoked by uid 3269); 4 Jun 2004 14:42:35 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 99007 invoked from network); 4 Jun 2004 14:42:34 -0000 Received: from eagle.ericsson.se (193.180.251.53) by klesh.pair.com with SMTP; 4 Jun 2004 14:42:34 -0000 Received: from esealmw142.al.sw.ericsson.se ([153.88.254.119]) by eagle.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i54EgYAh008258 for ; Fri, 4 Jun 2004 16:42:34 +0200 Received: from esealnt610.al.sw.ericsson.se ([153.88.254.120]) by esealmw142.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Fri, 4 Jun 2004 16:42:33 +0200 Received: by esealnt610.al.sw.ericsson.se with Internet Mail Service (5.5.2657.72) id ; Fri, 4 Jun 2004 16:42:33 +0200 Message-ID: <4E85E49D1F0CBF4F96EA08E335750D7D0A009E4A@Esealnt877.al.sw.ericsson.se> From: "Elisabetta Carrara (KI/EAB)" To: "'steffen.fries@siemens.com'" Date: Fri, 4 Jun 2004 16:39:57 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="ISO-8859-1" X-OriginalArrivalTime: 04 Jun 2004 14:42:33.0987 (UTC) FILETIME=[2C026D30:01C44A42] Cc: msec@securemulticast.org Subject: [MSEC] RE: further MIKEY question X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org Hi Steffen, > 1. In MIKEY the key validity period may be signaled either via > the MKI or via the key lifetime directly (MIKEY Section > 6.13). This may be done by setting the KV to either 1 or 2. > SRTP allows also the simultaneous use of MKI and lifetime > values. (section 8.1, last paragraph). > How is this signaled in MIKEY? it cannot, we included a limited set of SRTP options in MIKEY. Extensions can be added if people are interested. > 2. Using the key lifetime as described in MIKEY section 6.14, > the sender may include a "Sequence number, index, timestamp, > or other start value that the security protocol uses to > identify the start position of the key usage". How does the > MIKEY initiator signale how the validity data is to be > interpreted? Is this done somehow out of band or belongs to a > policy? The security protocol has to define its interpretation. Currently in the MIKEY profile for SRTP (see last paragraph of 6.14), it is either the 6 byte index or the MKI. Hope this answers your questions, cheers _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec From msec-bounces@securemulticast.org Fri Jun 4 10:43:20 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA14709 for ; Fri, 4 Jun 2004 10:43:20 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id D0DF88D4E0; Fri, 4 Jun 2004 10:43:06 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id 34B958D4DB for ; Fri, 4 Jun 2004 10:43:06 -0400 (EDT) Received: (qmail 99110 invoked by uid 3269); 4 Jun 2004 14:43:06 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 99107 invoked from network); 4 Jun 2004 14:43:05 -0000 Received: from peacock.verisign.com (65.205.251.73) by klesh.pair.com with SMTP; 4 Jun 2004 14:43:05 -0000 Received: from mou1wnexc02.vcorp.ad.vrsn.com (verisign.com [65.205.251.54]) by peacock.verisign.com (8.12.11/) with ESMTP id i54Eh5Ep015195; Fri, 4 Jun 2004 07:43:05 -0700 (PDT) Received: from mou1thardjon-L2.verisign.com (mou1wwarren-l1.vcorp.ad.vrsn.com [10.26.0.75]) by mou1wnexc02.vcorp.ad.vrsn.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id KNPXMW4F; Fri, 4 Jun 2004 07:43:04 -0700 Message-Id: <6.1.0.6.2.20040604073620.022c3078@pop.mail.yahoo.com> X-Sender: thardjono@MOU1WNEXM02.verisign.com X-Mailer: QUALCOMM Windows Eudora Version 6.1.0.6 Date: Fri, 04 Jun 2004 07:42:54 -0700 To: msec@securemulticast.org From: Thomas Hardjono Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: canetti@watson.ibm.com Subject: [MSEC] WG Last Call for GSAKMP (closing date June 25, 2004) X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org Folks, The authors of the GSAKMP draft have indicated that the draft is ready for WG Last Call. You can get the latest version here: http://www.ietf.org/internet-drafts/draft-ietf-msec-gsakmp-sec-06.txt Since this draft has been an MSEC work-item for a long time, I would like to begin WG Last Call for the GSAKMP draft, with a closing date of Friday 25 June 2004. Please send your comments to the list a.s.a.p. Regards. thomas ------ _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec From msec-bounces@securemulticast.org Fri Jun 4 10:48:33 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA14990 for ; Fri, 4 Jun 2004 10:48:33 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id BBD7E8C899; Fri, 4 Jun 2004 10:47:50 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id B45008C86F for ; Fri, 4 Jun 2004 10:47:49 -0400 (EDT) Received: (qmail 892 invoked by uid 3269); 4 Jun 2004 14:47:49 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 889 invoked from network); 4 Jun 2004 14:47:49 -0000 Received: from thoth.sbs.de (192.35.17.2) by klesh.pair.com with SMTP; 4 Jun 2004 14:47:49 -0000 Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by thoth.sbs.de (8.11.7/8.11.7) with ESMTP id i54Elme10449; Fri, 4 Jun 2004 16:47:48 +0200 (MEST) Received: from mars.cert.siemens.com (ust.mchp.siemens.de [139.23.201.17]) by mail1.siemens.de (8.11.7/8.11.7) with ESMTP id i54Ellg11056; Fri, 4 Jun 2004 16:47:47 +0200 (MEST) Received: from mail-k.mchp.siemens.de (mail-k.mchp.siemens.de [139.23.202.237]) by mars.cert.siemens.com (8.12.11/8.12.11/$SiemensCERT: mail/cert.mc.pre,v 1.60 2004/06/02 09:50:12 mailadm Exp $) with ESMTP id i54Ellud007447; Fri, 4 Jun 2004 16:47:47 +0200 (CEST) Received: from mhpaba5c (mhpaba5c [139.23.204.46]) by mail-k.mchp.siemens.de with ESMTP id i54EllMu014457; Fri, 4 Jun 2004 16:47:47 +0200 (MEST) From: "Steffen Fries" Organization: Siemens AG To: "Elisabetta Carrara (KI/EAB)" Date: Fri, 04 Jun 2004 16:47:47 +0200 MIME-Version: 1.0 Message-ID: <40C0A7B3.24037.1000E8@localhost> Priority: normal In-reply-to: <4E85E49D1F0CBF4F96EA08E335750D7D0A009E4A@Esealnt877.al.sw.ericsson.se> X-mailer: Pegasus Mail for Windows (4.21a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Cc: msec@securemulticast.org Subject: [MSEC] RE: further MIKEY question X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list Reply-To: steffen.fries@siemens.com List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org Content-Transfer-Encoding: 7BIT Hi Elisabetta, oaky, that helps. Thanks a lot Ciao Steffen From: "Elisabetta Carrara (KI/EAB)" To: "'steffen.fries@siemens.com'" Copies to: msec@securemulticast.org Subject: RE: further MIKEY question Date sent: Fri, 4 Jun 2004 16:39:57 +0200 > Hi Steffen, > > > 1. In MIKEY the key validity period may be signaled either via > > the MKI or via the key lifetime directly (MIKEY Section > > 6.13). This may be done by setting the KV to either 1 or 2. > > SRTP allows also the simultaneous use of MKI and lifetime > > values. (section 8.1, last paragraph). > > How is this signaled in MIKEY? > > it cannot, we included a limited set of SRTP options in MIKEY. > Extensions can be added if people are interested. > > > > 2. Using the key lifetime as described in MIKEY section 6.14, > > the sender may include a "Sequence number, index, timestamp, or > > other start value that the security protocol uses to identify the > > start position of the key usage". How does the MIKEY initiator > > signale how the validity data is to be interpreted? Is this done > > somehow out of band or belongs to a policy? > > The security protocol has to define its interpretation. > Currently in the MIKEY profile for SRTP (see last paragraph of 6.14), > it is either the 6 byte index or the MKI. > > Hope this answers your questions, > cheers > > > _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec From msec-bounces@securemulticast.org Tue Jun 8 20:43:59 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA14444 for ; Tue, 8 Jun 2004 20:43:59 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 6FACD8CA24; Tue, 8 Jun 2004 20:43:59 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id D1C4D8CA11 for ; Tue, 8 Jun 2004 20:43:57 -0400 (EDT) Received: (qmail 49382 invoked by uid 3269); 9 Jun 2004 00:43:57 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 49379 invoked from network); 9 Jun 2004 00:43:57 -0000 Received: from postman4.arcor-online.net (HELO postman.arcor.de) (151.189.20.158) by klesh.pair.com with SMTP; 9 Jun 2004 00:43:57 -0000 Received: from arcor.de (c-134-112-30.m.dial.de.ignite.net [62.134.112.30]) (authenticated bits=0) by postman.arcor.de (8.13.0.PreAlpha4/8.13.0.PreAlpha4) with ESMTP id i590htEQ015758 for ; Wed, 9 Jun 2004 02:43:55 +0200 (MEST) Message-Id: <200406090043.i590htEQ015758@postman.arcor.de> X-Netscape-ID: <40C65D31.F7EB9560@arcor.de> Date: Wed, 09 Jun 2004 02:43:29 +0200 From: Gerhard Strangar X-No-Archive: yes X-Mailer: Mozilla 4.78 [en]C-CCK-MCD (Win95; U) [via SMTPAuth 0.9, bisswanger.com] X-Accept-Language: de,de-DE,en MIME-Version: 1.0 To: "msec@securemulticast.org" Subject: [MSEC] MIKEY: General Extension Payload X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1018143382==" Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org This is a cryptographically signed message in MIME format. --===============1018143382== Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms348D4BA084C87BBA9223119D" This is a cryptographically signed message in MIME format. --------------ms348D4BA084C87BBA9223119D Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello, I wondered if the General Extension Payload is mandatory for an I_MESSAGE or not. The example message in MIKEY Draft 8 do not contain a General Extension Payload. This makes me think it's optional. But [1] says: | The possibility to support multiple key management protocols may, | unless properly handled, introduce bidding-down attacks. | Specifically, a man-in-the-middle could "peel off" cryptographically | strong offers (deleting the key management lines from the message), | leaving only weaker ones as the Responder's choice. To avoid this, | the list of identifiers of the proposed key management protocols MUST | be authenticated. The authentication MUST be done separately by each | key management protocol. This makes me think it's mandatory. Or does it mean that the General Extension Payload is mandatory if MIKEY is used in SDP, but not if used somewhere else? [1] Arkko, J., Carrara, E., Lindholm, F., Naslund, M., and Norrman, K., "Key Management Extensions for SDP and RTSP", draft-ietf-mmusic-kmgmt-ext-11.txt -- * Origin: (2:2480/8057.2) --------------ms348D4BA084C87BBA9223119D Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature Content-Transfer-Encoding: base64 MIIFtAYJKoZIhvcNAQcCoIIFpTCCBaECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC A1IwggNOMIICt6ADAgECAg5OTgAAAAJAPitEMv/w/DANBgkqhkiG9w0BAQQFADCBvDELMAkG A1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoT MVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAg BgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDEgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRp ZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTAzMTAwNzE5MTI1MVoXDTA0MTAwNzE5MTI1MVow RTELMAkGA1UEBhMCREUxGTAXBgNVBAMTEEdlcmhhcmQgU3RyYW5nYXIxGzAZBgkqhkiG9w0B CQEWDGcuc0BhcmNvci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxMqvlMPjcJGS zKLt4dLaNOoV8Cjo9L8MWcwwUKnKGQOsiMNuFlxZyhxXlDrMJizDRPjwUQ61d6H0vQGuB87m wGGsV9JzeHgRR5nutA8myTPWRU2U83bmsYKoAnNG4aHTjE8NrRnRpuuXhX6JwstKdp+0+VP2 WjFND2gyakobp68CAwEAAaOByDCBxTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAz BglghkgBhvhCAQgEJhYkaHR0cDovL3d3dy50cnVzdGNlbnRlci5kZS9ndWlkZWxpbmVzMBEG CWCGSAGG+EIBAQQEAwIFoDBdBglghkgBhvhCAQMEUBZOaHR0cHM6Ly93d3cudHJ1c3RjZW50 ZXIuZGUvY2dpLWJpbi9jaGVjay1yZXYuY2dpLzRFNEUwMDAwMDAwMjQwM0UyQjQ0MzJGRkYw RkM/MA0GCSqGSIb3DQEBBAUAA4GBAJHOvTEt0vTuh9nETKsvhOUHjh6YogtHDgD5vMM20Fg2 ggayjJFfl/PjxWg+DF86JUmg0ihsIN8dGVsQsemV/fN2lHgiPNizszKzOTDub4rbhXCpaq1r 1BOpVBSVzIR9GRwgv38sCRZtda3GrFtBl9ZZwtbIwL4o6FzIJdFBr+quMYICKjCCAiYCAQEw gc8wgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJn MTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3Jr cyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAxIENBMSkwJwYJKoZIhvcN AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZQIOTk4AAAACQD4rRDL/8PwwCQYFKw4D AhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNDA2 MDkwMDQzMjlaMCMGCSqGSIb3DQEJBDEWBBTAK0B01EL7xNqn+SqciR3xzo8wEjBSBgkqhkiG 9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAHBgUrDgMCBzANBggqhkiG 9w0DAgIBQDANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgKA9eu/vS3K6FaLu1B3I HJQgr3m2Rv5FV6da6WdR1yysX3DuEj9on1P5RIWqzMdjYO9PZQdtf18/qVYVDN+r/cTPLsJJ +DlFD8JYjX1klvjbZTQ7AvJbKGn5YB24aybphPE26VicliYj7cvrDzkrIj1SX3yBa2weWaKE 7E4+3iDQ --------------ms348D4BA084C87BBA9223119D-- --===============1018143382== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec --===============1018143382==-- From msec-bounces@securemulticast.org Wed Jun 9 05:03:45 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA03855 for ; Wed, 9 Jun 2004 05:03:44 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 913B28C722; Wed, 9 Jun 2004 05:03:45 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id 656988C3D7 for ; Wed, 9 Jun 2004 05:03:44 -0400 (EDT) Received: (qmail 19772 invoked by uid 3269); 9 Jun 2004 09:03:44 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 19769 invoked from network); 9 Jun 2004 09:03:44 -0000 Received: from albatross.ericsson.se (193.180.251.49) by klesh.pair.com with SMTP; 9 Jun 2004 09:03:44 -0000 Received: from esealmw143.al.sw.ericsson.se ([153.88.254.118]) by albatross.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id i5993gWR028722 for ; Wed, 9 Jun 2004 11:03:43 +0200 (MEST) Received: from esealnt610.al.sw.ericsson.se ([153.88.254.120]) by esealmw143.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.0); Wed, 9 Jun 2004 11:03:42 +0200 Received: by esealnt610.al.sw.ericsson.se with Internet Mail Service (5.5.2657.72) id ; Wed, 9 Jun 2004 11:03:42 +0200 Message-ID: <4E85E49D1F0CBF4F96EA08E335750D7D0A009EB2@Esealnt877.al.sw.ericsson.se> From: "Elisabetta Carrara (KI/EAB)" To: "'Gerhard Strangar'" Subject: RE: [MSEC] MIKEY: General Extension Payload Date: Wed, 9 Jun 2004 11:00:58 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="ISO-8859-1" X-OriginalArrivalTime: 09 Jun 2004 09:03:42.0782 (UTC) FILETIME=[A9BB7DE0:01C44E00] Cc: msec@securemulticast.org X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org Hi Gerhard, > I wondered if the General Extension Payload is mandatory for an > I_MESSAGE or not. The example message in MIKEY Draft 8 do not > contain a > General Extension Payload. This makes me think it's optional. > yes, it is optional in MIKEY > But [1] says: > > | The possibility to support multiple key management protocols may, | > unless properly handled, introduce bidding-down attacks. > | Specifically, a man-in-the-middle could "peel off" > cryptographically | > strong offers (deleting the key management lines from the message), | > leaving only weaker ones as the Responder's choice. To avoid > this, | the > list of identifiers of the proposed key management protocols MUST | be > authenticated. The authentication MUST be done separately by > each | key > management protocol. > > This makes me think it's mandatory. > Or does it mean that the General Extension Payload is > mandatory if MIKEY > is used in SDP, but not if used somewhere else? yes, that is correct. Cheers _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec From msec-bounces@securemulticast.org Thu Jun 10 16:18:00 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA28817 for ; Thu, 10 Jun 2004 16:18:00 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 446F48CF0A; Thu, 10 Jun 2004 16:17:55 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id 2AFB68C9CF for ; Thu, 10 Jun 2004 15:54:49 -0400 (EDT) Received: (qmail 92390 invoked by uid 3269); 10 Jun 2004 19:54:49 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 92387 invoked from network); 10 Jun 2004 19:54:48 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 10 Jun 2004 19:54:48 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA27834; Thu, 10 Jun 2004 15:54:46 -0400 (EDT) Message-Id: <200406101954.PAA27834@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Date: Thu, 10 Jun 2004 15:54:46 -0400 Cc: msec@securemulticast.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-gkmarch-08.txt X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : MSEC Group Key Management Architecture Author(s) : M. Baugher, et al. Filename : draft-ietf-msec-gkmarch-08.txt Pages : 38 Date : 2004-6-10 This document defines the common architecture for Multicast Security (MSEC) key management protocols that support a variety of application, transport, and network layer security protocols. It also defines the group SA (GSA), and describes the key management protocols that help establish a GSA. The framework and guidelines described in this document allow for a modular and flexible design of group key management protocols for a variety of different settings that are specialized to applications needs. MSEC key management protocols may be used to facilitate secure one-to-many, many-to-many, or one-to-one communication. Comments on this document should be sent to msec@securemulticast.org. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-gkmarch-08.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-gkmarch-08.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-gkmarch-08.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2004-6-10161748.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-gkmarch-08.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-gkmarch-08.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2004-6-10161748.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec --NextPart-- From msec-bounces@securemulticast.org Fri Jun 11 12:58:12 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA17166 for ; Fri, 11 Jun 2004 12:58:11 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id ECF868CFF9; Fri, 11 Jun 2004 12:58:04 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id D49468C8A9 for ; Fri, 11 Jun 2004 12:40:11 -0400 (EDT) Received: (qmail 91350 invoked by uid 3269); 11 Jun 2004 16:40:11 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 91347 invoked from network); 11 Jun 2004 16:40:11 -0000 Received: from mx3.broadwing.com (HELO ausspam01.ixc-comm.com) (216.140.57.247) by klesh.pair.com with SMTP; 11 Jun 2004 16:40:11 -0000 Received: from mail pickup service by ausspam01.ixc-comm.com with Microsoft SMTPSVC; Fri, 11 Jun 2004 11:35:08 -0500 Received: from megatron.ietf.org ([132.151.6.71]) by ausspam01.ixc-comm.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 11 Jun 2004 07:41:34 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BYkTW-0000qa-4M; Fri, 11 Jun 2004 07:45:34 -0400 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BYVdQ-0000X8-IT for i-d-announce@megatron.ietf.org; Thu, 10 Jun 2004 15:54:48 -0400 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA27834; Thu, 10 Jun 2004 15:54:46 -0400 (EDT) Message-Id: <200406101954.PAA27834@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Date: Thu, 10 Jun 2004 15:54:46 -0400 X-BeenThere: i-d-announce@ietf.org X-Mailman-Version: 2.1.5 Precedence: list X-OriginalArrivalTime: 11 Jun 2004 12:41:35.0093 (UTC) FILETIME=[6E435A50:01C44FB1] Cc: msec@securemulticast.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-gkmarch-08.txt X-BeenThere: msec@securemulticast.org Reply-To: internet-drafts@ietf.org List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : MSEC Group Key Management Architecture Author(s) : M. Baugher, et al. Filename : draft-ietf-msec-gkmarch-08.txt Pages : 38 Date : 2004-6-10 This document defines the common architecture for Multicast Security (MSEC) key management protocols that support a variety of application, transport, and network layer security protocols. It also defines the group SA (GSA), and describes the key management protocols that help establish a GSA. The framework and guidelines described in this document allow for a modular and flexible design of group key management protocols for a variety of different settings that are specialized to applications needs. MSEC key management protocols may be used to facilitate secure one-to-many, many-to-many, or one-to-one communication. Comments on this document should be sent to msec@securemulticast.org. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-gkmarch-08.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-gkmarch-08.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-gkmarch-08.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2004-6-10161748.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-gkmarch-08.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-gkmarch-08.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2004-6-10161748.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/i-d-announce --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec --NextPart-- From msec-bounces@securemulticast.org Fri Jun 25 10:30:21 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA04035 for ; Fri, 25 Jun 2004 10:30:21 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 04FEC8CE16; Fri, 25 Jun 2004 10:30:20 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id 5A3D78C17E for ; Fri, 25 Jun 2004 10:03:38 -0400 (EDT) Received: (qmail 13683 invoked by uid 3269); 25 Jun 2004 14:03:38 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 13680 invoked from network); 25 Jun 2004 14:03:38 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by klesh.pair.com with SMTP; 25 Jun 2004 14:03:38 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA00981; Fri, 25 Jun 2004 10:03:33 -0400 (EDT) Message-Id: <200406251403.KAA00981@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Date: Fri, 25 Jun 2004 10:03:33 -0400 Cc: msec@securemulticast.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-policy-token-sec-00.txt X-BeenThere: msec@securemulticast.org X-Mailman-Version: 2.1.3 Precedence: list List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : Group Policy Token Version 1 with Application to GSAKMP Author(s) : A. Colegrove, H. Harney Filename : draft-ietf-msec-policy-token-sec-00.txt Pages : 31 Date : 2004-6-24 The Policy Token is a structure used to specify the security policy and configurable parameters for a cryptographic group, such as a secure multicast group. This document specifies the structure of such a token in order to securely bind system-level security to protocols supporting the management of cryptographic groups. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-policy-token-sec-00.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-policy-token-sec-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-policy-token-sec-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2004-6-25102525.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-policy-token-sec-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-policy-token-sec-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2004-6-25102525.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec --NextPart-- From msec-bounces@securemulticast.org Fri Jun 25 13:07:44 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA23866 for ; Fri, 25 Jun 2004 13:07:44 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id A8CFA8C687; Fri, 25 Jun 2004 13:06:53 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id A46C28C9F8 for ; Fri, 25 Jun 2004 12:47:36 -0400 (EDT) Received: (qmail 47347 invoked by uid 3269); 25 Jun 2004 16:47:36 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 47344 invoked from network); 25 Jun 2004 16:47:36 -0000 Received: from softdnserror (HELO hatl0ms22.CORP.COX.COM) (24.248.74.254) by klesh.pair.com with SMTP; 25 Jun 2004 16:47:36 -0000 Received: from mail pickup service by hatl0ms22.CORP.COX.COM with Microsoft SMTPSVC; Fri, 25 Jun 2004 12:43:04 -0400 Received: from cox.com ([10.62.198.39]) by hatl0ms23.corp.cox.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 25 Jun 2004 10:52:33 -0400 Received: from ([132.151.6.71]) by post6.cox.com with SMTP id KP-VXK84.14802316; Fri, 25 Jun 2004 10:51:13 -0400 Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BdrO3-0005xT-0t; Fri, 25 Jun 2004 10:09:03 -0400 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BdrIn-0002YJ-QF for i-d-announce@megatron.ietf.org; Fri, 25 Jun 2004 10:03:37 -0400 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA00981; Fri, 25 Jun 2004 10:03:33 -0400 (EDT) Message-Id: <200406251403.KAA00981@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Date: Fri, 25 Jun 2004 10:03:33 -0400 X-BeenThere: i-d-announce@ietf.org X-Mailman-Version: 2.1.5 Precedence: list X-esp: ESP<8>=RBL:<0> RDNS:<0> SHA:<0> UHA:<0> SLS:<0> BAYES:<8> SPF:<0> X-OriginalArrivalTime: 25 Jun 2004 14:52:33.0671 (UTC) FILETIME=[0C1FB170:01C45AC4] Cc: msec@securemulticast.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-policy-token-sec-00.txt X-BeenThere: msec@securemulticast.org Reply-To: internet-drafts@ietf.org List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : Group Policy Token Version 1 with Application to GSAKMP Author(s) : A. Colegrove, H. Harney Filename : draft-ietf-msec-policy-token-sec-00.txt Pages : 31 Date : 2004-6-24 The Policy Token is a structure used to specify the security policy and configurable parameters for a cryptographic group, such as a secure multicast group. This document specifies the structure of such a token in order to securely bind system-level security to protocols supporting the management of cryptographic groups. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-policy-token-sec-00.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-policy-token-sec-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-policy-token-sec-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2004-6-25102525.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-policy-token-sec-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-policy-token-sec-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2004-6-25102525.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/i-d-announce --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec --NextPart-- From msec-bounces@securemulticast.org Fri Jun 25 14:09:28 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA29351 for ; Fri, 25 Jun 2004 14:09:28 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id CB46C8CD14; Fri, 25 Jun 2004 14:09:20 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id CFF848C4BB for ; Fri, 25 Jun 2004 13:45:04 -0400 (EDT) Received: (qmail 58656 invoked by uid 3269); 25 Jun 2004 17:45:04 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 58643 invoked from network); 25 Jun 2004 17:45:04 -0000 Received: from softdnserror (HELO hatl0ms22.CORP.COX.COM) (24.248.74.254) by klesh.pair.com with SMTP; 25 Jun 2004 17:45:04 -0000 Received: from mail pickup service by hatl0ms22.CORP.COX.COM with Microsoft SMTPSVC; Fri, 25 Jun 2004 13:45:15 -0400 Received: from cox.com ([10.62.198.39]) by hatl0ms23.corp.cox.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 25 Jun 2004 10:51:27 -0400 Received: from ([132.151.6.71]) by post6.cox.com with SMTP id KP-VXK84.14802055; Fri, 25 Jun 2004 10:50:06 -0400 Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BdrO2-0005xT-7L; Fri, 25 Jun 2004 10:09:02 -0400 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BdrIn-0002YJ-QF for i-d-announce@megatron.ietf.org; Fri, 25 Jun 2004 10:03:37 -0400 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA00981; Fri, 25 Jun 2004 10:03:33 -0400 (EDT) Message-Id: <200406251403.KAA00981@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Date: Fri, 25 Jun 2004 10:03:33 -0400 X-BeenThere: i-d-announce@ietf.org X-Mailman-Version: 2.1.5 Precedence: list X-esp: ESP<8>=RBL:<0> RDNS:<0> SHA:<0> UHA:<0> SLS:<0> BAYES:<8> SPF:<0> X-OriginalArrivalTime: 25 Jun 2004 14:51:27.0390 (UTC) FILETIME=[E49E03E0:01C45AC3] Cc: msec@securemulticast.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-policy-token-sec-00.txt X-BeenThere: msec@securemulticast.org Reply-To: internet-drafts@ietf.org List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : Group Policy Token Version 1 with Application to GSAKMP Author(s) : A. Colegrove, H. Harney Filename : draft-ietf-msec-policy-token-sec-00.txt Pages : 31 Date : 2004-6-24 The Policy Token is a structure used to specify the security policy and configurable parameters for a cryptographic group, such as a secure multicast group. This document specifies the structure of such a token in order to securely bind system-level security to protocols supporting the management of cryptographic groups. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-policy-token-sec-00.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-policy-token-sec-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-policy-token-sec-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2004-6-25102525.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-policy-token-sec-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-policy-token-sec-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2004-6-25102525.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/i-d-announce --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec --NextPart-- From msec-bounces@securemulticast.org Fri Jun 25 14:40:30 2004 Received: from six.pairlist.net (six.pairlist.net [209.68.2.254]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA01581 for ; Fri, 25 Jun 2004 14:40:29 -0400 (EDT) Received: from six.pairlist.net (localhost [127.0.0.1]) by six.pairlist.net (Postfix) with ESMTP id 556598CCF5; Fri, 25 Jun 2004 14:40:26 -0400 (EDT) X-Original-To: msec@lists6.securemulticast.org Delivered-To: msec@six.pairlist.net Received: from klesh.pair.com (klesh.pair.com [209.68.2.45]) by six.pairlist.net (Postfix) with SMTP id 262AE8C2E4 for ; Fri, 25 Jun 2004 14:12:57 -0400 (EDT) Received: (qmail 64528 invoked by uid 3269); 25 Jun 2004 18:12:57 -0000 Delivered-To: ietfsmug-securemulticast:org-msec@securemulticast.org Received: (qmail 64525 invoked from network); 25 Jun 2004 18:12:57 -0000 Received: from softdnserror (HELO hatl0ms22.CORP.COX.COM) (24.248.74.254) by klesh.pair.com with SMTP; 25 Jun 2004 18:12:57 -0000 Received: from mail pickup service by hatl0ms22.CORP.COX.COM with Microsoft SMTPSVC; Fri, 25 Jun 2004 14:13:08 -0400 Received: from cox.com ([10.62.198.39]) by hatl0ms23.corp.cox.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 25 Jun 2004 10:51:39 -0400 Received: from ([132.151.6.71]) by post6.cox.com with SMTP id KP-VXK84.14802124; Fri, 25 Jun 2004 10:50:25 -0400 Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BdrO2-0005xT-FU; Fri, 25 Jun 2004 10:09:02 -0400 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BdrIn-0002YJ-QF for i-d-announce@megatron.ietf.org; Fri, 25 Jun 2004 10:03:37 -0400 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA00981; Fri, 25 Jun 2004 10:03:33 -0400 (EDT) Message-Id: <200406251403.KAA00981@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Date: Fri, 25 Jun 2004 10:03:33 -0400 X-BeenThere: i-d-announce@ietf.org X-Mailman-Version: 2.1.5 Precedence: list X-esp: ESP<8>=RBL:<0> RDNS:<0> SHA:<0> UHA:<0> SLS:<0> BAYES:<8> SPF:<0> X-OriginalArrivalTime: 25 Jun 2004 14:51:39.0515 (UTC) FILETIME=[EBD824B0:01C45AC3] Cc: msec@securemulticast.org Subject: [MSEC] I-D ACTION:draft-ietf-msec-policy-token-sec-00.txt X-BeenThere: msec@securemulticast.org Reply-To: internet-drafts@ietf.org List-Id: IETF Multicast Security (MSEC) WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: msec-bounces@securemulticast.org Errors-To: msec-bounces@securemulticast.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Multicast Security Working Group of the IETF. Title : Group Policy Token Version 1 with Application to GSAKMP Author(s) : A. Colegrove, H. Harney Filename : draft-ietf-msec-policy-token-sec-00.txt Pages : 31 Date : 2004-6-24 The Policy Token is a structure used to specify the security policy and configurable parameters for a cryptographic group, such as a secure multicast group. This document specifies the structure of such a token in order to securely bind system-level security to protocols supporting the management of cryptographic groups. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-policy-token-sec-00.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-msec-policy-token-sec-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-msec-policy-token-sec-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2004-6-25102525.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-msec-policy-token-sec-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-msec-policy-token-sec-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2004-6-25102525.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/i-d-announce --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ msec mailing list msec@securemulticast.org http://six.pairlist.net/mailman/listinfo/msec --NextPart--