From doug.mtview@gmail.com  Thu Oct  3 18:59:24 2013
Return-Path: <doug.mtview@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65B7F21F8F4A for <perpass@ietfa.amsl.com>; Thu,  3 Oct 2013 18:59:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level: 
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ItV69OUoxDtJ for <perpass@ietfa.amsl.com>; Thu,  3 Oct 2013 18:59:15 -0700 (PDT)
Received: from mail-ie0-x230.google.com (mail-ie0-x230.google.com [IPv6:2607:f8b0:4001:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id 0D85B11E80FD for <perpass@ietf.org>; Thu,  3 Oct 2013 18:58:54 -0700 (PDT)
Received: by mail-ie0-f176.google.com with SMTP id as1so7467681iec.21 for <perpass@ietf.org>; Thu, 03 Oct 2013 18:58:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:message-id:date:to:mime-version; bh=aqJGDSuuSt2fjeWZk/URKvLW0WZbEUSttGeRYoVU7UI=; b=If7ulZcJooNFmevnZamBw4zBt9C964CyHP+L856jkm7JeC9MPj+IayHJIxSi6W3Yd3 iMCxX6NRTjsDlsfhwV9+3k6cm+albHUPCWB8xQOgHda3TlFODboXqxHezpSAvKDRt80e I23TP4HlrIFUx/LibT9j33A8Txi+Nx3HxxEdc0gsDhOVLzdxnxkuCDKCCigoXSwqrfDb b8MiAJIG3539w0aiyUbUr0zM06UGRRj1AmTgWAYnEm9BLBZPBPC1Bq8JBxQaK1lR1nVW Nkrds3hU5HgLQjOeVBsN5cWuyiuzgs/4UNUFS1Bz7iiPa3OnYf81NUJzbd515ihJZ5og SHFg==
X-Received: by 10.50.126.2 with SMTP id mu2mr4451570igb.57.1380851930008; Thu, 03 Oct 2013 18:58:50 -0700 (PDT)
Received: from [192.168.0.54] (107-0-5-6-ip-static.hfc.comcastbusiness.net. [107.0.5.6]) by mx.google.com with ESMTPSA id x5sm3961275iga.6.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 03 Oct 2013 18:58:49 -0700 (PDT)
From: Douglas Otis <doug.mtview@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_080A7D4B-AA9C-416B-910E-BE158EDB40DE"
Message-Id: <4C5C85B1-0DF1-4DFE-9F6D-DC2DEF512F8A@gmail.com>
Date: Thu, 3 Oct 2013 18:58:47 -0700
To: perpass@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
X-Mailer: Apple Mail (2.1510)
X-Mailman-Approved-At: Fri, 04 Oct 2013 05:54:16 -0700
Subject: [perpass] Avoiding abuse related to large scale encrypted email
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Oct 2013 01:59:24 -0000

--Apple-Mail=_080A7D4B-AA9C-416B-910E-BE158EDB40DE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Dear Perpass WG,

Several have expressed valid concerns regarding abuse of encrypted =
email.  While CAs may not be trustworthy, it seems DANE offers a =
workable and reasonably transparent  alternative to protect against =
undetected tampering.  In addition, DANE reduces incremental costs =
associated with certificates which should prove beneficial for email =
use.

That said, proprietary schemes are available permitting multiple =
decoding keys derived from conveyed indexes.  The derived keys are =
assigned to outbound message scanners used by enterprises to ensure =
governmental data compliance requirements while also ensuring the =
integrity of the entire path traversed.  If there is interest, I could =
prevail on my employer to disclose IPR terms and details.

Secondly, while web based TLS exchanges normally ignore client =
certificates, this would not be desirable for StartTLS related to open =
email exchanges.  Currently, only source IP addresses are effectively =
used to defend SMTP servers.  DKIM does not offer a suitable replacement =
because it fails to capture who initiated the exchange, and to whom it =
was being sent.  In other words, DKIM lacks essential elements needed to =
properly identify those accountable for email abuse.

IPv6 will significantly challenge the use of source IP addresses.  While =
the number of legitimate addresses may represent a reasonable number, =
most of email is sourced from compromised systems likely using privacy =
extensions.  Just a bit map tracking whether a /64 prefix is active =
requires 5,650 Terra-bytes to cover just the announced /64 prefix space. =
 At any point in time, a bit more than 100 million registered domains =
are active that collapses down to subdomains below the registrar.  This =
relatively small number is fairly manageable compared against IP =
addresses, even when attempting to just white-list new MTAs.

A domain based approach may seem fairly disruptive, but even the best =
content scanners fail to provide full detections while demanding =
significant resources. Content based acceptance is not cost effective as =
the first stage in a vetting process.  One hundred thousand domains =
control 90% of the Internet traffic. The top 150 domains control 50%, =
and the top 2,500 domains control 75%.=20

Secure SMTP using DNS-Based Authentication of Named Entities (DANE) TLSA =
records and SMTP security via opportunistic DANE TLS offer interesting =
starting points.  For this to work well, a more disruptive approach is =
required where sending domains should be encouraged to use their own =
certificates.  The initial availability of TSLA RRs should not miss the =
opportunity to use this to signal a new paradigm of expectations.

Regards.
Douglas Otis


--Apple-Mail=_080A7D4B-AA9C-416B-910E-BE158EDB40DE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
"><div>Dear Perpass WG,</div><div><br></div><div>Several have expressed =
valid concerns regarding abuse of encrypted email. &nbsp;While CAs may =
not be trustworthy, it seems DANE offers a workable and reasonably =
transparent &nbsp;alternative to protect against undetected tampering. =
&nbsp;In addition, DANE reduces incremental costs associated with =
certificates which should prove beneficial for email =
use.</div><div><br></div><div>That said, proprietary schemes are =
available permitting multiple decoding keys derived from conveyed =
indexes. &nbsp;The derived keys are assigned to outbound message =
scanners used by enterprises to ensure&nbsp;governmental data compliance =
requirements&nbsp;while also ensuring the integrity of the entire path =
traversed. &nbsp;If there is interest, I could prevail on my employer to =
disclose IPR terms and details.</div><div><br></div><div>Secondly, while =
web based TLS exchanges normally ignore client certificates, this would =
not be desirable for StartTLS related to open email exchanges. =
&nbsp;Currently, only source IP addresses are effectively used to defend =
SMTP servers. &nbsp;DKIM does not offer a suitable replacement because =
it fails to capture who initiated the exchange, and to whom it was being =
sent. &nbsp;In other words, DKIM lacks essential elements needed to =
properly identify those accountable for email =
abuse.</div><div><br></div><div>IPv6 will significantly challenge the =
use of source IP addresses. &nbsp;While the number of legitimate =
addresses may represent a reasonable number, most of email is sourced =
from compromised systems likely using privacy extensions. &nbsp;Just a =
bit map tracking whether a /64 prefix is active requires&nbsp;5,650 =
Terra-bytes to cover just the announced /64 prefix space. &nbsp;At any =
point in time, a bit more than 100 million registered domains are active =
that collapses down to subdomains below the registrar. &nbsp;This =
relatively small number is fairly manageable compared against IP =
addresses, even when attempting to just white-list new =
MTAs.</div><div><br></div><div>A domain based approach may seem fairly =
disruptive, but even the best content scanners fail to provide full =
detections while demanding significant resources. Content based =
acceptance is not cost effective as the first stage in a vetting =
process. &nbsp;One hundred
        thousand domains control 90% of the Internet traffic. The top =
150 domains control 50%, and the top 2,500 domains
        control 75%.&nbsp;</div><div><br></div><div><a =
href=3D"http://tools.ietf.org/html/draft-ietf-dane-smtp">Secure SMTP =
using DNS-Based Authentication of Named Entities (DANE) TLSA =
records</a>&nbsp;and&nbsp;<a =
href=3D"http://tools.ietf.org/html/draft-dukhovni-smtp-opportunistic-tls">=
SMTP security via opportunistic DANE TLS</a>&nbsp;offer interesting =
starting points. &nbsp;For this to work well, a more disruptive approach =
is required where sending domains should be encouraged to use their own =
certificates. &nbsp;The initial availability of TSLA RRs should not miss =
the opportunity to use this to signal a new paradigm of =
expectations.</div><div><br></div><div>Regards.</div><div>Douglas =
Otis</div><div><br></div></body></html>=

--Apple-Mail=_080A7D4B-AA9C-416B-910E-BE158EDB40DE--

From stephen.farrell@cs.tcd.ie  Fri Oct  4 06:23:14 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E235521F99F4 for <perpass@ietfa.amsl.com>; Fri,  4 Oct 2013 06:23:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.424
X-Spam-Level: 
X-Spam-Status: No, score=-102.424 tagged_above=-999 required=5 tests=[AWL=0.175, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ARS-efpHYUim for <perpass@ietfa.amsl.com>; Fri,  4 Oct 2013 06:23:00 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id C701121F9D38 for <perpass@ietf.org>; Fri,  4 Oct 2013 06:12:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 21D35BEBF; Fri,  4 Oct 2013 14:12:26 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hwwAPWxjRUUY; Fri,  4 Oct 2013 14:12:21 +0100 (IST)
Received: from [10.10.1.25] (unknown [201.221.11.150]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 6B954BEB1; Fri,  4 Oct 2013 14:12:20 +0100 (IST)
Message-ID: <524EBEB1.7060705@cs.tcd.ie>
Date: Fri, 04 Oct 2013 14:12:17 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "Turner, Sean P." <turners@ieca.com>
Subject: [perpass] perpass session in  Vancouver
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Oct 2013 13:23:15 -0000

Hiya,

The IAB and IESG had our BoF call last week and approved
the perpass session. Scheduling is being discussed now
and a draft agenda for the overall IETF meeting is due
out soon, but as always don't plan any travel around that
until the agenda is final. (Planning for the spending the
entire week at the IETF is of course the best thing:-)

The goal of our session will be to level-set in terms
of what the IETF can realistically do, and then to
construct a list of actions (with willing victims:-)
that can be followed up in the IETF.

The draft agenda we're considering is below.

minutes - topic
0000 - intro, agenda bash
0010 - overview pressie
0040 - open mic, have we level-set?
0060 - threat model
0070 - hard and open topics
0080 - high level on more use of tls
0090 - privacy bcp
0100 - open mic, comments on pressies, what's missing?
0120 - summarise actions, open-points
0150 - end

Since our face to face time is limited and highly valuable,
we're aiming for these slot to discuss concrete and specific
things the IETF should be doing, that are tractable and where
we've some idea that someone is willing and able to do the
work. (We've got some folks who are willing to lead the
various bits of discussion so no need for now to offer to
do that.)

Spending too much time on how stuff works or how soemone
might have broken something is probably not the best use
of our time at this session.

Comments on the above draft agenda are welcome.

And we'll want good note-takers in addition, so if you're
willing to volunteer for that let Sean and I know.

Cheers,
S.

From paul@nohats.ca  Mon Oct  7 07:34:12 2013
Return-Path: <paul@nohats.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 938EE21E81A6 for <perpass@ietfa.amsl.com>; Mon,  7 Oct 2013 07:34:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X6+RmxCR+MDT for <perpass@ietfa.amsl.com>; Mon,  7 Oct 2013 07:34:06 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id B8D7121E80B5 for <perpass@ietf.org>; Mon,  7 Oct 2013 07:33:46 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3ctkhN5vKwz9J; Mon,  7 Oct 2013 10:33:40 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id FlatFmNzf47Q; Mon,  7 Oct 2013 10:33:39 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Mon,  7 Oct 2013 10:33:39 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 409358002F; Mon,  7 Oct 2013 10:33:40 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 31DC28002E; Mon,  7 Oct 2013 10:33:40 -0400 (EDT)
Date: Mon, 7 Oct 2013 10:33:40 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <4C5C85B1-0DF1-4DFE-9F6D-DC2DEF512F8A@gmail.com>
Message-ID: <alpine.LFD.2.10.1310071024540.4993@bofh.nohats.ca>
References: <4C5C85B1-0DF1-4DFE-9F6D-DC2DEF512F8A@gmail.com>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 8BIT
Cc: perpass@ietf.org
Subject: Re: [perpass] Avoiding abuse related to large scale encrypted email
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2013 14:34:12 -0000

On Thu, 3 Oct 2013, Douglas Otis wrote:

> Several have expressed valid concerns regarding abuse of encrypted email.

One can always request encrypted email is signed. Than an abuser's key
can simply be blacklisted. Or all encrypted but not signed email can be
refused or disgarded. Encryption and key verification in DNS is actually
a really good anti-spammer tool.

> That said, proprietary schemes are available permitting multiple decoding keys derived from conveyed indexes.  The derived keys are
> assigned to outbound message scanners used by enterprises to ensure governmental data compliance requirements while also ensuring the
> integrity of the entire path traversed.  If there is interest, I could prevail on my employer to disclose IPR terms and details.

Generaly, I think people are only interested in hearing unencumbered
ideas. So unless your employer has license terms that are unrestricted,
I at least do not wish to hear it.

> Secondly, while web based TLS exchanges normally ignore client certificates, this would not be desirable for StartTLS related to open
> email exchanges.  Currently, only source IP addresses are effectively used to defend SMTP servers.

See above. If that is a concern, simply block encrypted but unsigned
email. Or only allow signed email if the public key is available in DNS.

> IPv6 will significantly challenge the use of source IP addresses.

Someone should tell Paul Vixie that, his ipv6 reverse check is
preventing me from emailing him on various occasions when my mail
client happens to get some v6 address :P

> Secure SMTP using DNS-Based Authentication of Named Entities (DANE) TLSA records and SMTP security via opportunistic DANE TLS offer
> interesting starting points.  For this to work well, a more disruptive approach is required where sending domains should be encouraged
> to use their own certificates.  The initial availability of TSLA RRs should not miss the opportunity to use this to signal a new
> paradigm of expectations.

I am not sure what you are saying here?

encryption is unrelated to authentication or authorization. spam and
verifiable email origin are unrelated to encrypted the content (and/or
meta data) of email. It just happens that we used to use the content
and/or metadata to mark bogus email as spam. Clearly that has to change
if we are successful at hiding those properties from passive attackers
as well as anti-spam technologies.

Paul

From rlb@ipv.sx  Mon Oct  7 12:09:21 2013
Return-Path: <rlb@ipv.sx>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E01A11E8151 for <perpass@ietfa.amsl.com>; Mon,  7 Oct 2013 12:09:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.958
X-Spam-Level: 
X-Spam-Status: No, score=-1.958 tagged_above=-999 required=5 tests=[AWL=-0.648, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SgeF9nxk40Zm for <perpass@ietfa.amsl.com>; Mon,  7 Oct 2013 12:09:17 -0700 (PDT)
Received: from mail-oa0-f45.google.com (mail-oa0-f45.google.com [209.85.219.45]) by ietfa.amsl.com (Postfix) with ESMTP id 7938A11E8121 for <perpass@ietf.org>; Mon,  7 Oct 2013 12:09:13 -0700 (PDT)
Received: by mail-oa0-f45.google.com with SMTP id o17so6461574oag.4 for <perpass@ietf.org>; Mon, 07 Oct 2013 12:09:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=PBvKBsElkHnqEO8NWeRKULRsXkTldORqBcjzbtEB7Jo=; b=ESuxHSqcoU+F0P5wnqST0wOcO1pLgtAtAe3pMNNsa2XlsHZd9oUxAu4kpsW9VX6/TZ 8PZSsJGI5S3aumTomLQEiktB/TpnUexrzXWg55yo7i7gMM+kKNQMssC0xstqGKqSh6K9 zEMpnLiJQjORoDwdtDyN87zlSQ6kMfZIOwyD4Z8MvAD2ykSDm8w/IXfrM2I9+0GVda6y 4lgAQ+FkfSZ9pvEZjEypE1/IJBfEAxRbA3ZwjU5cHrhRkLkFsorYz6Dv4A9xwN7aL9Bt /IFuiUrvDDN94hFDVo1wMHqWNzFvOTdkKwANis9lSVAADg8aN35O31q+8HKDw2DN12Va qznw==
X-Gm-Message-State: ALoCoQk6kamuv3hGTUoe65m7lR/wZ2008l7KSaBajLbpYIX6el82APb6ii6b4NUbVpd7Vc9vscOH
MIME-Version: 1.0
X-Received: by 10.60.51.7 with SMTP id g7mr48646491oeo.6.1381172949865; Mon, 07 Oct 2013 12:09:09 -0700 (PDT)
Received: by 10.60.31.74 with HTTP; Mon, 7 Oct 2013 12:09:09 -0700 (PDT)
In-Reply-To: <alpine.LFD.2.10.1310071024540.4993@bofh.nohats.ca>
References: <4C5C85B1-0DF1-4DFE-9F6D-DC2DEF512F8A@gmail.com> <alpine.LFD.2.10.1310071024540.4993@bofh.nohats.ca>
Date: Mon, 7 Oct 2013 15:09:09 -0400
Message-ID: <CAL02cgQNsR2=jPjkddQ4bLCvWNb0X2tOR3VE=ZkqcJyRFfWpCw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Paul Wouters <paul@nohats.ca>
Content-Type: multipart/alternative; boundary=001a11c308e00ce71c04e82b638f
Cc: perpass@ietf.org, Douglas Otis <doug.mtview@gmail.com>
Subject: Re: [perpass] Avoiding abuse related to large scale encrypted email
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2013 19:09:21 -0000

--001a11c308e00ce71c04e82b638f
Content-Type: text/plain; charset=ISO-8859-1

On Mon, Oct 7, 2013 at 10:33 AM, Paul Wouters <paul@nohats.ca> wrote:

> On Thu, 3 Oct 2013, Douglas Otis wrote:
>
>  Several have expressed valid concerns regarding abuse of encrypted email.
>>
>
> One can always request encrypted email is signed. Than an abuser's key
> can simply be blacklisted. Or all encrypted but not signed email can be
> refused or disgarded. Encryption and key verification in DNS is actually
> a really good anti-spammer tool.


Note that this would require Encrypt-then-Sign or
Sign-then-Encrypt-then-Sign, either of which has some security implications.
<http://tools.ietf.org/html/rfc5751#section-3.6>

--Richard



>
>
>  That said, proprietary schemes are available permitting multiple decoding
>> keys derived from conveyed indexes.  The derived keys are
>> assigned to outbound message scanners used by enterprises to
>> ensure governmental data compliance requirements while also ensuring the
>> integrity of the entire path traversed.  If there is interest, I could
>> prevail on my employer to disclose IPR terms and details.
>>
>
> Generaly, I think people are only interested in hearing unencumbered
> ideas. So unless your employer has license terms that are unrestricted,
> I at least do not wish to hear it.
>
>
>  Secondly, while web based TLS exchanges normally ignore client
>> certificates, this would not be desirable for StartTLS related to open
>> email exchanges.  Currently, only source IP addresses are effectively
>> used to defend SMTP servers.
>>
>
> See above. If that is a concern, simply block encrypted but unsigned
> email. Or only allow signed email if the public key is available in DNS.
>
>
>  IPv6 will significantly challenge the use of source IP addresses.
>>
>
> Someone should tell Paul Vixie that, his ipv6 reverse check is
> preventing me from emailing him on various occasions when my mail
> client happens to get some v6 address :P
>
>
>  Secure SMTP using DNS-Based Authentication of Named Entities (DANE) TLSA
>> records and SMTP security via opportunistic DANE TLS offer
>> interesting starting points.  For this to work well, a more disruptive
>> approach is required where sending domains should be encouraged
>> to use their own certificates.  The initial availability of TSLA RRs
>> should not miss the opportunity to use this to signal a new
>> paradigm of expectations.
>>
>
> I am not sure what you are saying here?
>
> encryption is unrelated to authentication or authorization. spam and
> verifiable email origin are unrelated to encrypted the content (and/or
> meta data) of email. It just happens that we used to use the content
> and/or metadata to mark bogus email as spam. Clearly that has to change
> if we are successful at hiding those properties from passive attackers
> as well as anti-spam technologies.
>
> Paul
> ______________________________**_________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/**listinfo/perpass<https://www.ietf.org/mailman/listinfo/perpass>
>

--001a11c308e00ce71c04e82b638f
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Mon, Oct 7, 2013 at 10:33 AM, Paul Wouters <span dir=3D"ltr">&lt=
;<a href=3D"mailto:paul@nohats.ca" target=3D"_blank">paul@nohats.ca</a>&gt;=
</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div class=3D"im">On Thu, 3 Oct 2013, Douglas Otis wrote:<=
br>

<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">
Several have expressed valid concerns regarding abuse of encrypted email.<b=
r>
</blockquote>
<br></div>
One can always request encrypted email is signed. Than an abuser&#39;s key<=
br>
can simply be blacklisted. Or all encrypted but not signed email can be<br>
refused or disgarded. Encryption and key verification in DNS is actually<br=
>
a really good anti-spammer tool.</blockquote><div><br></div><div>Note that =
this would require Encrypt-then-Sign or Sign-then-Encrypt-then-Sign, either=
 of which has some security implications.</div><div>&lt;<a href=3D"http://t=
ools.ietf.org/html/rfc5751#section-3.6">http://tools.ietf.org/html/rfc5751#=
section-3.6</a>&gt;</div>
<div><br></div><div>--Richard</div><div><br></div><div>=A0</div><blockquote=
 class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:=
1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left=
:1ex">
<div class=3D"im"><br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">
That said, proprietary schemes are available permitting multiple decoding k=
eys derived from conveyed indexes. =A0The derived keys are<br>
assigned to outbound message scanners used by enterprises to ensure=A0gover=
nmental data compliance requirements=A0while also ensuring the<br>
integrity of the entire path traversed. =A0If there is interest, I could pr=
evail on my employer to disclose IPR terms and details.<br>
</blockquote>
<br></div>
Generaly, I think people are only interested in hearing unencumbered<br>
ideas. So unless your employer has license terms that are unrestricted,<br>
I at least do not wish to hear it.<div class=3D"im"><br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">
Secondly, while web based TLS exchanges normally ignore client certificates=
, this would not be desirable for StartTLS related to open<br>
email exchanges. =A0Currently, only source IP addresses are effectively use=
d to defend SMTP servers.<br>
</blockquote>
<br></div>
See above. If that is a concern, simply block encrypted but unsigned<br>
email. Or only allow signed email if the public key is available in DNS.<di=
v class=3D"im"><br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">
IPv6 will significantly challenge the use of source IP addresses.<br>
</blockquote>
<br></div>
Someone should tell Paul Vixie that, his ipv6 reverse check is<br>
preventing me from emailing him on various occasions when my mail<br>
client happens to get some v6 address :P<div class=3D"im"><br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">
Secure SMTP using DNS-Based Authentication of Named Entities (DANE) TLSA re=
cords=A0and=A0SMTP security via opportunistic DANE TLS=A0offer<br>
interesting starting points. =A0For this to work well, a more disruptive ap=
proach is required where sending domains should be encouraged<br>
to use their own certificates. =A0The initial availability of TSLA RRs shou=
ld not miss the opportunity to use this to signal a new<br>
paradigm of expectations.<br>
</blockquote>
<br></div>
I am not sure what you are saying here?<br>
<br>
encryption is unrelated to authentication or authorization. spam and<br>
verifiable email origin are unrelated to encrypted the content (and/or<br>
meta data) of email. It just happens that we used to use the content<br>
and/or metadata to mark bogus email as spam. Clearly that has to change<br>
if we are successful at hiding those properties from passive attackers<br>
as well as anti-spam technologies.<br>
<br>
Paul<br>
______________________________<u></u>_________________<br>
perpass mailing list<br>
<a href=3D"mailto:perpass@ietf.org" target=3D"_blank">perpass@ietf.org</a><=
br>
<a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_blank"=
>https://www.ietf.org/mailman/<u></u>listinfo/perpass</a><br>
</blockquote></div><br></div></div>

--001a11c308e00ce71c04e82b638f--

From hallam@gmail.com  Mon Oct  7 13:07:27 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 788E811E8155 for <perpass@ietfa.amsl.com>; Mon,  7 Oct 2013 13:07:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jhNzRF14KOmR for <perpass@ietfa.amsl.com>; Mon,  7 Oct 2013 13:07:18 -0700 (PDT)
Received: from mail-lb0-x233.google.com (mail-lb0-x233.google.com [IPv6:2a00:1450:4010:c04::233]) by ietfa.amsl.com (Postfix) with ESMTP id B087711E8136 for <perpass@ietf.org>; Mon,  7 Oct 2013 13:07:04 -0700 (PDT)
Received: by mail-lb0-f179.google.com with SMTP id x18so6079443lbi.10 for <perpass@ietf.org>; Mon, 07 Oct 2013 13:07:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=lhnPDQ1nrF4XIXFppSwHPW4gnTjzsXK5CB0LVjiMeXg=; b=GkaTDmTasgShrrCdEpw2idwG0gt3/tmo7sN/iiZe73C8wL/CuifnShiIp7DdHrgav+ cuSBncDAL6pCURIgDWqaBl4UsOMBIu/69h13dPxffSHo5IU3FejVk64Yuvm7WA1REE2C ZwuIFiQ22PP7bdtRYroquNbOSy5KGRAj7R6tWt78DwJf4/TkJzwYA1e59wmKOIBdjaAC RGnDVztqTztXJhQJcj7WhNEqqqQNo1vSYHpiDo9NSgD5+r0Z+FldIlYLRTxG4N6FYKNJ O9ZDHtBDR77eqIjh1d2lF0LJMIWxH4vPBGiK0q6nfLxvcLLtnsunbaOW8RPLh374Nlc7 W8DA==
MIME-Version: 1.0
X-Received: by 10.152.88.74 with SMTP id be10mr28289311lab.4.1381176423200; Mon, 07 Oct 2013 13:07:03 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Mon, 7 Oct 2013 13:07:02 -0700 (PDT)
In-Reply-To: <CAL02cgQNsR2=jPjkddQ4bLCvWNb0X2tOR3VE=ZkqcJyRFfWpCw@mail.gmail.com>
References: <4C5C85B1-0DF1-4DFE-9F6D-DC2DEF512F8A@gmail.com> <alpine.LFD.2.10.1310071024540.4993@bofh.nohats.ca> <CAL02cgQNsR2=jPjkddQ4bLCvWNb0X2tOR3VE=ZkqcJyRFfWpCw@mail.gmail.com>
Date: Mon, 7 Oct 2013 16:07:02 -0400
Message-ID: <CAMm+LwiyBQ-JCA4ff-v9eOe1=tPPyjsbNK6=V+bM945pgja9_g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: multipart/alternative; boundary=001a11c34e6c13c00c04e82c3275
Cc: perpass <perpass@ietf.org>, Paul Wouters <paul@nohats.ca>, Douglas Otis <doug.mtview@gmail.com>
Subject: Re: [perpass] Avoiding abuse related to large scale encrypted email
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2013 20:07:27 -0000

--001a11c34e6c13c00c04e82c3275
Content-Type: text/plain; charset=ISO-8859-1

On Mon, Oct 7, 2013 at 3:09 PM, Richard Barnes <rlb@ipv.sx> wrote:

>
>
>
> On Mon, Oct 7, 2013 at 10:33 AM, Paul Wouters <paul@nohats.ca> wrote:
>
>> On Thu, 3 Oct 2013, Douglas Otis wrote:
>>
>>  Several have expressed valid concerns regarding abuse of encrypted email.
>>>
>>
>> One can always request encrypted email is signed. Than an abuser's key
>> can simply be blacklisted. Or all encrypted but not signed email can be
>> refused or disgarded. Encryption and key verification in DNS is actually
>> a really good anti-spammer tool.
>
>
> Note that this would require Encrypt-then-Sign or
> Sign-then-Encrypt-then-Sign, either of which has some security implications.
> <http://tools.ietf.org/html/rfc5751#section-3.6>
>

Please be specific.

There is no consensus on the order of operations and never will be because
there are security considerations of doing it either way.

There are more options than S(E(m,k1),k2) or E(S(m,k2),k1) as well.

Encryption takes place under a session key and that session key can be used
to encrypt the hash or encrypt the message.

So be precise, it is really important here. One of the things that holds
the field back is that a lot of the time repetition of lore substitutes for
thinking.


The scheme I am currently working with has a policy layer so at the same
time the email recipient publishes their key they tell people how to use it
to send them mail.

This allows for constraints such as:

1) Always try to send me encrypted mail.

2) Only send encrypted mail on prior permission.

3) Encrypt data to my personal key

4) Encrypt data to the organization's key.

5) Encrypt data to my personal key, sign it and then super encrypt under
the enterprise key.


Pre-PRISM we used to argue about choice A or choice B.

What Bruce-who-has-seen-the-docs tells me is that when the NSA has that
choice their answer is always do both.

And we have to do the same if we are going to win this.

-- 
Website: http://hallambaker.com/

--001a11c34e6c13c00c04e82c3275
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Mon, Oct 7, 2013 at 3:09 PM, Richard Barnes <span dir=3D"ltr">&l=
t;<a href=3D"mailto:rlb@ipv.sx" target=3D"_blank">rlb@ipv.sx</a>&gt;</span>=
 wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr"><br><div class=3D"gmail_ext=
ra"><br><br><div class=3D"gmail_quote"><div class=3D"im">On Mon, Oct 7, 201=
3 at 10:33 AM, Paul Wouters <span dir=3D"ltr">&lt;<a href=3D"mailto:paul@no=
hats.ca" target=3D"_blank">paul@nohats.ca</a>&gt;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div>On Thu, 3 Oct 2013, Douglas Otis wrote:<br>

<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">
Several have expressed valid concerns regarding abuse of encrypted email.<b=
r>
</blockquote>
<br></div>
One can always request encrypted email is signed. Than an abuser&#39;s key<=
br>
can simply be blacklisted. Or all encrypted but not signed email can be<br>
refused or disgarded. Encryption and key verification in DNS is actually<br=
>
a really good anti-spammer tool.</blockquote><div><br></div></div><div>Note=
 that this would require Encrypt-then-Sign or Sign-then-Encrypt-then-Sign, =
either of which has some security implications.</div><div>&lt;<a href=3D"ht=
tp://tools.ietf.org/html/rfc5751#section-3.6" target=3D"_blank">http://tool=
s.ietf.org/html/rfc5751#section-3.6</a>&gt;</div>
</div></div></div></blockquote><div><br></div><div>Please be specific.=A0</=
div><div><br></div><div>There is no consensus on the order of operations an=
d never will be because there are security considerations of doing it eithe=
r way. =A0</div>
</div><div><br></div><div>There are more options than S(E(m,k1),k2) or E(S(=
m,k2),k1) as well.</div><div><br></div><div>Encryption takes place under a =
session key and that session key can be used to encrypt the hash or encrypt=
 the message.</div>
<div><br></div><div>So be precise, it is really important here. One of the =
things that holds the field back is that a lot of the time repetition of lo=
re substitutes for thinking.</div><div><br></div><div><br></div><div>The sc=
heme I am currently working with has a policy layer so at the same time the=
 email recipient publishes their key they tell people how to use it to send=
 them mail.=A0</div>
<div><br></div><div>This allows for constraints such as:</div><div><br></di=
v><div>1) Always try to send me encrypted mail.</div><div><br></div><div>2)=
 Only send encrypted mail on prior permission.</div><div><br></div><div>
3) Encrypt data to my personal key=A0</div><div><br></div><div>4) Encrypt d=
ata to the organization&#39;s key.</div><div><br></div><div>5) Encrypt data=
 to my personal key, sign it and then super encrypt under the enterprise ke=
y.</div>
<div><br></div><div><br></div><div>Pre-PRISM we used to argue about choice =
A or choice B.=A0</div><div><br></div><div>What Bruce-who-has-seen-the-docs=
 tells me is that when the NSA has that choice their answer is always do bo=
th.</div>
<div><br></div><div>And we have to do the same if we are going to win this.=
</div><div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/">ht=
tp://hallambaker.com/</a><br>
</div></div>

--001a11c34e6c13c00c04e82c3275--

From rlb@ipv.sx  Mon Oct  7 13:46:02 2013
Return-Path: <rlb@ipv.sx>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2614711E8164 for <perpass@ietfa.amsl.com>; Mon,  7 Oct 2013 13:46:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.786
X-Spam-Level: 
X-Spam-Status: No, score=-2.786 tagged_above=-999 required=5 tests=[AWL=0.190,  BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GmH3ipCQu-nn for <perpass@ietfa.amsl.com>; Mon,  7 Oct 2013 13:45:47 -0700 (PDT)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id EBF8911E8135 for <perpass@ietf.org>; Mon,  7 Oct 2013 13:45:46 -0700 (PDT)
Received: by mail-oa0-f44.google.com with SMTP id l10so6738106oag.31 for <perpass@ietf.org>; Mon, 07 Oct 2013 13:45:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=cSE+Ut8PW8UUAWFj0SDnzO2VBpjdTCfkE++5QJLZLss=; b=Xs4TVDXMn+fICs8fhaZUFefB4EAofj13mQ8URHgK0hqi/VwwR4I+KtQ5JE/TGe5ha7 kHR2VJEdfEXgdoKeIf7hDu7ZUIKlrin8gT6yyDWcZLlPh+LsNn/shxoKppNn9lSNJeMS Qky5xUWjiWYW01yhZZJsqLimbmN4MJiKuFyiHpvafL7UnycHEgPmnIhMDJkZcdPNpJZ+ 9qKB7DssMu2YJN/LNyHldFgjx8itMRzslp8ssz8m6xuEZEn+L3VfohGywVaW320hLipo qgiDPBKuVnHxPxletaHDz17vL1I2RJl+it1X9dYppCYQ8rr9QEfFS9a+dMv67jQfV3Bv cFXg==
X-Gm-Message-State: ALoCoQm+nfjDqQ+5CYjuDRa/5XAO+RcaYPh7oxwBCtKhUCs61oJ9r/B6KLMLkuQ6d0AqGjRnL1CB
MIME-Version: 1.0
X-Received: by 10.60.58.10 with SMTP id m10mr40614oeq.61.1381178746419; Mon, 07 Oct 2013 13:45:46 -0700 (PDT)
Received: by 10.60.31.74 with HTTP; Mon, 7 Oct 2013 13:45:46 -0700 (PDT)
In-Reply-To: <CAMm+LwiyBQ-JCA4ff-v9eOe1=tPPyjsbNK6=V+bM945pgja9_g@mail.gmail.com>
References: <4C5C85B1-0DF1-4DFE-9F6D-DC2DEF512F8A@gmail.com> <alpine.LFD.2.10.1310071024540.4993@bofh.nohats.ca> <CAL02cgQNsR2=jPjkddQ4bLCvWNb0X2tOR3VE=ZkqcJyRFfWpCw@mail.gmail.com> <CAMm+LwiyBQ-JCA4ff-v9eOe1=tPPyjsbNK6=V+bM945pgja9_g@mail.gmail.com>
Date: Mon, 7 Oct 2013 16:45:46 -0400
Message-ID: <CAL02cgQEQpFYjTv6SprMRSa0tnwnL0Ak+PG-9FXH2yAFeNQ1VA@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: multipart/alternative; boundary=089e01538bc48d6d5a04e82cbc5d
Cc: perpass <perpass@ietf.org>, Paul Wouters <paul@nohats.ca>, Douglas Otis <doug.mtview@gmail.com>
Subject: Re: [perpass] Avoiding abuse related to large scale encrypted email
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2013 20:46:02 -0000

--089e01538bc48d6d5a04e82cbc5d
Content-Type: text/plain; charset=ISO-8859-1

I'm not proposing anything new here.  My point was simply that if
anti-abuse requires the sender's key is on the outside, then it rules out
some schemes.  Namely any scheme where the signature only exists within an
encrypted segment (e.g., your E(S(m,k2),k1)).  This limitation could be
considered an undesirable side-effect of Paul's proposal to use the
signature for anti-abuse.

--Richard


On Mon, Oct 7, 2013 at 4:07 PM, Phillip Hallam-Baker <hallam@gmail.com>wrote:

>
>
>
> On Mon, Oct 7, 2013 at 3:09 PM, Richard Barnes <rlb@ipv.sx> wrote:
>
>>
>>
>>
>> On Mon, Oct 7, 2013 at 10:33 AM, Paul Wouters <paul@nohats.ca> wrote:
>>
>>> On Thu, 3 Oct 2013, Douglas Otis wrote:
>>>
>>>  Several have expressed valid concerns regarding abuse of encrypted
>>>> email.
>>>>
>>>
>>> One can always request encrypted email is signed. Than an abuser's key
>>> can simply be blacklisted. Or all encrypted but not signed email can be
>>> refused or disgarded. Encryption and key verification in DNS is actually
>>> a really good anti-spammer tool.
>>
>>
>> Note that this would require Encrypt-then-Sign or
>> Sign-then-Encrypt-then-Sign, either of which has some security implications.
>> <http://tools.ietf.org/html/rfc5751#section-3.6>
>>
>
> Please be specific.
>
> There is no consensus on the order of operations and never will be because
> there are security considerations of doing it either way.
>
> There are more options than S(E(m,k1),k2) or E(S(m,k2),k1) as well.
>
> Encryption takes place under a session key and that session key can be
> used to encrypt the hash or encrypt the message.
>
> So be precise, it is really important here. One of the things that holds
> the field back is that a lot of the time repetition of lore substitutes for
> thinking.
>
>
> The scheme I am currently working with has a policy layer so at the same
> time the email recipient publishes their key they tell people how to use it
> to send them mail.
>
> This allows for constraints such as:
>
> 1) Always try to send me encrypted mail.
>
> 2) Only send encrypted mail on prior permission.
>
> 3) Encrypt data to my personal key
>
> 4) Encrypt data to the organization's key.
>
> 5) Encrypt data to my personal key, sign it and then super encrypt under
> the enterprise key.
>
>
> Pre-PRISM we used to argue about choice A or choice B.
>
> What Bruce-who-has-seen-the-docs tells me is that when the NSA has that
> choice their answer is always do both.
>
> And we have to do the same if we are going to win this.
>
> --
> Website: http://hallambaker.com/
>

--089e01538bc48d6d5a04e82cbc5d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I&#39;m not proposing anything new here. =A0My point was s=
imply that if anti-abuse requires the sender&#39;s key is on the outside, t=
hen it rules out some schemes. =A0Namely any scheme where the signature onl=
y exists within an encrypted segment (e.g., your=A0<span style=3D"font-fami=
ly:arial,sans-serif;font-size:13px">E(S(m,k2),k1)</span>). =A0This limitati=
on could be considered an=A0undesirable side-effect of Paul&#39;s proposal =
to use the signature for anti-abuse.<div>
<br></div><div>--Richard</div></div><div class=3D"gmail_extra"><br><br><div=
 class=3D"gmail_quote">On Mon, Oct 7, 2013 at 4:07 PM, Phillip Hallam-Baker=
 <span dir=3D"ltr">&lt;<a href=3D"mailto:hallam@gmail.com" target=3D"_blank=
">hallam@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr"><br><div class=3D"gmail_ext=
ra"><br><br><div class=3D"gmail_quote"><div class=3D"im">On Mon, Oct 7, 201=
3 at 3:09 PM, Richard Barnes <span dir=3D"ltr">&lt;<a href=3D"mailto:rlb@ip=
v.sx" target=3D"_blank">rlb@ipv.sx</a>&gt;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr"><br><div class=3D"gmail_ext=
ra"><br><br><div class=3D"gmail_quote"><div>On Mon, Oct 7, 2013 at 10:33 AM=
, Paul Wouters <span dir=3D"ltr">&lt;<a href=3D"mailto:paul@nohats.ca" targ=
et=3D"_blank">paul@nohats.ca</a>&gt;</span> wrote:<br>


<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div>On Thu, 3 Oct 2013, Douglas Otis wrote:<br>

<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">
Several have expressed valid concerns regarding abuse of encrypted email.<b=
r>
</blockquote>
<br></div>
One can always request encrypted email is signed. Than an abuser&#39;s key<=
br>
can simply be blacklisted. Or all encrypted but not signed email can be<br>
refused or disgarded. Encryption and key verification in DNS is actually<br=
>
a really good anti-spammer tool.</blockquote><div><br></div></div><div>Note=
 that this would require Encrypt-then-Sign or Sign-then-Encrypt-then-Sign, =
either of which has some security implications.</div><div>&lt;<a href=3D"ht=
tp://tools.ietf.org/html/rfc5751#section-3.6" target=3D"_blank">http://tool=
s.ietf.org/html/rfc5751#section-3.6</a>&gt;</div>

</div></div></div></blockquote><div><br></div></div><div>Please be specific=
.=A0</div><div><br></div><div>There is no consensus on the order of operati=
ons and never will be because there are security considerations of doing it=
 either way. =A0</div>

</div><div><br></div><div>There are more options than S(E(m,k1),k2) or E(S(=
m,k2),k1) as well.</div><div><br></div><div>Encryption takes place under a =
session key and that session key can be used to encrypt the hash or encrypt=
 the message.</div>

<div><br></div><div>So be precise, it is really important here. One of the =
things that holds the field back is that a lot of the time repetition of lo=
re substitutes for thinking.</div><div><br></div><div><br></div><div>The sc=
heme I am currently working with has a policy layer so at the same time the=
 email recipient publishes their key they tell people how to use it to send=
 them mail.=A0</div>

<div><br></div><div>This allows for constraints such as:</div><div><br></di=
v><div>1) Always try to send me encrypted mail.</div><div><br></div><div>2)=
 Only send encrypted mail on prior permission.</div><div><br></div><div>

3) Encrypt data to my personal key=A0</div><div><br></div><div>4) Encrypt d=
ata to the organization&#39;s key.</div><div><br></div><div>5) Encrypt data=
 to my personal key, sign it and then super encrypt under the enterprise ke=
y.</div>

<div><br></div><div><br></div><div>Pre-PRISM we used to argue about choice =
A or choice B.=A0</div><div><br></div><div>What Bruce-who-has-seen-the-docs=
 tells me is that when the NSA has that choice their answer is always do bo=
th.</div>

<div><br></div><div>And we have to do the same if we are going to win this.=
</div><span class=3D"HOEnZb"><font color=3D"#888888"><div><br></div>-- <br>=
Website: <a href=3D"http://hallambaker.com/" target=3D"_blank">http://halla=
mbaker.com/</a><br>

</font></span></div></div>
</blockquote></div><br></div>

--089e01538bc48d6d5a04e82cbc5d--

From trevp@trevp.net  Mon Oct  7 13:51:26 2013
Return-Path: <trevp@trevp.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0D3911E8152 for <perpass@ietfa.amsl.com>; Mon,  7 Oct 2013 13:51:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level: 
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gSuXAyskgtT8 for <perpass@ietfa.amsl.com>; Mon,  7 Oct 2013 13:51:21 -0700 (PDT)
Received: from mail-wi0-f171.google.com (mail-wi0-f171.google.com [209.85.212.171]) by ietfa.amsl.com (Postfix) with ESMTP id 72CE211E8164 for <perpass@ietf.org>; Mon,  7 Oct 2013 13:51:20 -0700 (PDT)
Received: by mail-wi0-f171.google.com with SMTP id hm2so5503536wib.10 for <perpass@ietf.org>; Mon, 07 Oct 2013 13:51:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=cSO6mz5PqVFNlL08up2RAKY7SbdsF5Kf4TjpGAMGHYQ=; b=ejzkvoFUM681/y4ULII+aZuw+ksa+GXWXj50QVqdISF2BNlU9NmqZMnm9jRkufdrga CAV46AOJmlWiFCOURUSrAJwQw/43RAEoxhvBE0oRqc1ZqiDXaEF03dmv30mDbYIoeJyz 9hZUOaPuUeCIQ1SFB1J0puAQDUZcKlocTSqRskEG6EXmK2CzM5lKawni3OTO/poP1gaD 6Z1J1n9U2J0+9yX7F48HZt0JkTVfFyvP799z6orsZqhpPPH/7VZmu6oSHRMvN6dab1BP hKeLF8XTemJFOK6wVhHAeMh1zOvXCkp4TVhJEcNKNtoEUNHNxhWHOQOfG4WZpNpUB4jI LGvQ==
X-Gm-Message-State: ALoCoQlekBsTX1fnmlOGaxAVwBkg+C4qxdeN9kRSYG+rbZcQaVs47cntg4l8Fl4hFlTsuGPnEhty
MIME-Version: 1.0
X-Received: by 10.194.123.227 with SMTP id md3mr26156831wjb.17.1381179078788;  Mon, 07 Oct 2013 13:51:18 -0700 (PDT)
Received: by 10.216.61.13 with HTTP; Mon, 7 Oct 2013 13:51:18 -0700 (PDT)
X-Originating-IP: [12.27.66.5]
In-Reply-To: <alpine.LFD.2.10.1310071024540.4993@bofh.nohats.ca>
References: <4C5C85B1-0DF1-4DFE-9F6D-DC2DEF512F8A@gmail.com> <alpine.LFD.2.10.1310071024540.4993@bofh.nohats.ca>
Date: Mon, 7 Oct 2013 13:51:18 -0700
Message-ID: <CAGZ8ZG1u9eiPNMHMW0fSxMQV6jYeEqs1sv_S3BpDN=AyCRC8-A@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Paul Wouters <paul@nohats.ca>
Content-Type: multipart/alternative; boundary=089e01229a585cddb004e82cd0db
Cc: perpass@ietf.org, Douglas Otis <doug.mtview@gmail.com>
Subject: Re: [perpass] Avoiding abuse related to large scale encrypted email
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2013 20:51:26 -0000

--089e01229a585cddb004e82cd0db
Content-Type: text/plain; charset=ISO-8859-1

On Mon, Oct 7, 2013 at 7:33 AM, Paul Wouters <paul@nohats.ca> wrote:

> On Thu, 3 Oct 2013, Douglas Otis wrote:
>
>  Several have expressed valid concerns regarding abuse of encrypted email.
>>
>
> One can always request encrypted email is signed.



FWIW,

Pond's use of group signatures (with traceability) for anti-abuse is a very
clever idea along these lines, and avoids some of the disadvantages (e.g.
loss of deniability and anonymity) of traditional public-key signatures.

https://pond.imperialviolet.org/tech.html

Trevor

--089e01229a585cddb004e82cd0db
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Mon, Oct 7, 2013 at 7:33 AM, Paul Wouters <span dir=3D"ltr">&lt;=
<a href=3D"mailto:paul@nohats.ca" target=3D"_blank">paul@nohats.ca</a>&gt;<=
/span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div class=3D"im">On Thu, 3 Oct 2013, Douglas Otis wrote:<=
br>

<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">
Several have expressed valid concerns regarding abuse of encrypted email.<b=
r>
</blockquote>
<br></div>
One can always request encrypted email is signed.</blockquote><div><br></di=
v><div><div><br class=3D"">FWIW,</div><div><br></div><div>Pond&#39;s use of=
 group signatures (with traceability) for anti-abuse is a very clever idea =
along these lines, and avoids some of the disadvantages (e.g. loss of denia=
bility and anonymity) of traditional public-key signatures.</div>
<div><br></div><div><a href=3D"https://pond.imperialviolet.org/tech.html">h=
ttps://pond.imperialviolet.org/tech.html</a><br></div><div><br></div><div>T=
revor</div></div><div><br></div></div></div></div>

--089e01229a585cddb004e82cd0db--

From stephen.farrell@cs.tcd.ie  Tue Oct  8 04:56:35 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A89521E819C for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 04:56:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7JMfIZ2IWbOC for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 04:56:31 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id EEDED21E81DF for <perpass@ietf.org>; Tue,  8 Oct 2013 04:56:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id E0401BE57 for <perpass@ietf.org>; Tue,  8 Oct 2013 12:56:22 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7odSogyikUOs for <perpass@ietf.org>; Tue,  8 Oct 2013 12:56:22 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id B93C4BE51 for <perpass@ietf.org>; Tue,  8 Oct 2013 12:56:22 +0100 (IST)
Message-ID: <5253F2E6.1010504@cs.tcd.ie>
Date: Tue, 08 Oct 2013 12:56:22 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
References: <524EBEB1.7060705@cs.tcd.ie>
In-Reply-To: <524EBEB1.7060705@cs.tcd.ie>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] perpass session in  Vancouver
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 11:56:35 -0000

Folks,

Preliminary agenda for the IETF is out [1] with this
session slated for Wed 1pm. That could change but
frankly I doubt it given the constraints for this
one. (But don't blame me if it does:-) Our session
will be preceeded by a tech-plenary Wed morning
that'll also discuss this topic, but (I hope:-) at
a higher level. (That's also described in [1] and
is why our session is unlikely to move.)

I've yet to see any comment on this agenda and am
underwhelmed with volunteers for scribing etc. Be
nice if those both changed...

Cheers,
S.

[1] https://datatracker.ietf.org/meeting/88/agenda.html

On 10/04/2013 02:12 PM, Stephen Farrell wrote:
> 
> Hiya,
> 
> The IAB and IESG had our BoF call last week and approved
> the perpass session. Scheduling is being discussed now
> and a draft agenda for the overall IETF meeting is due
> out soon, but as always don't plan any travel around that
> until the agenda is final. (Planning for the spending the
> entire week at the IETF is of course the best thing:-)
> 
> The goal of our session will be to level-set in terms
> of what the IETF can realistically do, and then to
> construct a list of actions (with willing victims:-)
> that can be followed up in the IETF.
> 
> The draft agenda we're considering is below.
> 
> minutes - topic
> 0000 - intro, agenda bash
> 0010 - overview pressie
> 0040 - open mic, have we level-set?
> 0060 - threat model
> 0070 - hard and open topics
> 0080 - high level on more use of tls
> 0090 - privacy bcp
> 0100 - open mic, comments on pressies, what's missing?
> 0120 - summarise actions, open-points
> 0150 - end
> 
> Since our face to face time is limited and highly valuable,
> we're aiming for these slot to discuss concrete and specific
> things the IETF should be doing, that are tractable and where
> we've some idea that someone is willing and able to do the
> work. (We've got some folks who are willing to lead the
> various bits of discussion so no need for now to offer to
> do that.)
> 
> Spending too much time on how stuff works or how soemone
> might have broken something is probably not the best use
> of our time at this session.
> 
> Comments on the above draft agenda are welcome.
> 
> And we'll want good note-takers in addition, so if you're
> willing to volunteer for that let Sean and I know.
> 
> Cheers,
> S.
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From nweaver@icsi.berkeley.edu  Tue Oct  8 10:18:38 2013
Return-Path: <nweaver@icsi.berkeley.edu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D560B21E826D for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 10:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JjOJoCcOuRVx for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 10:18:33 -0700 (PDT)
Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id 9050A21E80A1 for <perpass@ietf.org>; Tue,  8 Oct 2013 10:18:32 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 37E512C400F for <perpass@ietf.org>; Tue,  8 Oct 2013 10:18:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU
Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id GBU-JocwjiXz; Tue,  8 Oct 2013 10:18:31 -0700 (PDT)
Received: from gala.icir.org (gala.icir.org [192.150.187.130]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id C86C92C4006; Tue,  8 Oct 2013 10:18:31 -0700 (PDT)
From: Nicholas Weaver <nweaver@icsi.berkeley.edu>
Content-Type: multipart/signed; boundary="Apple-Mail=_E75D5EED-8A24-43B6-8CE0-E6A1D8ED4C66"; protocol="application/pgp-signature"; micalg=pgp-sha512
Date: Tue, 8 Oct 2013 10:18:31 -0700
Message-Id: <36019F8C-A7ED-4DF1-A9CD-CC66A2FC6EEB@icsi.berkeley.edu>
To: perpass@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
X-Mailer: Apple Mail (2.1510)
Cc: Nicholas Weaver <nweaver@icsi.berkeley.edu>
Subject: [perpass] Mia Culpa: Recursive resolver DNSSEC validation is necessary...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 17:18:39 -0000

--Apple-Mail=_E75D5EED-8A24-43B6-8CE0-E6A1D8ED4C66
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


I've been a big advocate on the DNSSEC related lists that "Eh, the =
recursive resolver is the enemy, so validate on the client and don't =
bother validating on the recursive resolver". =20

With the recent revelation that the NSA/GCHQ is doing =
packet-injection/man-on-the-side attacks on the backbone, at scale, and =
even using this to target NATO allies, I've changed my tune.  Even =
forget about NSA/GCHQ directly, they've now implicitly said that "hey, =
its OK" for everyone else to do it, too.

Backbone DNS injection allows converting a man-on-the-side attacker =
(who, eg, even with a certificate, can't intercept TLS using perfect =
forward secrecy, and who when attacking HTTP directly can only see =
requests before deciding what to do) into a full man-in-the-middle, as =
long as the attacker knows the target's recursive resolver.


Thus I've changed my tune:

1:  Recursive resolvers MUST validate DNSSEC as well as clients.  Not =
because I trust the recursive resolver, but there is now an adversary =
set where recursive resolver validation does help, and its an easier =
point to do.

2:  Validation failures due to bad signatures/etc MUST result in a =
failure unless specifically whitelisted.

3:  Future protocols MUST support "Connect by multiple name" semantics:  =
Given MULTIPLE names, only connect if all K names have the same IP after =
resolution.  This enables multiple-validation-path DNSSEC, which is a =
pretty unique feature of DNSSEC.  I may not trust Verisign/NSA.  I =
certainly do not trust the Russians.  But I can probably trust that .com =
and .ru won't be subverted by the same parties.



--
Nicholas Weaver                  it is a tale, told by an idiot,
nweaver@icsi.berkeley.edu                full of sound and fury,
510-666-2903                                 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc


--Apple-Mail=_E75D5EED-8A24-43B6-8CE0-E6A1D8ED4C66
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJSVD5nAAoJEG2B1w+SDi/u954QAL8KW7TLdkqYCcOy+4aV2c4K
5IF917xVchaA5UZnehrmmqF/hkF6SvlvV21ANLzPlIey66xiEJAice/mvojqiq1L
li6N8sUZ+isdAL5ZzdKuMZXsFLRWMatQBNeiIohMIBCSJMvIz7lW1N1Qzv81PbI0
wr1vwpqZDoDgtqRzy1chRlHsJDVzjUwJTS1lyfSDq0R3YMdd3hHjbNaiZmbC2Hvc
oiGJAeKol36yz9Jt/5J5uZlnKhkYkCeqfGhi4ehUijtF9HEokyGdmIM/qnXHL1OS
k1XwRaWAmtpjLtflXl6ztRwCZXGj9yTiWCuW/SW5putgvcZx+GK9gYFLTxugbnLZ
S8k110zGCqTRPvh5Xt1MDHlU7E7GVbzSHN1M3NkzX1g2fyFxT7RG0Eq9iwao0DTx
2D1cZCMBsFZFe5DFgMsAa/TH58weMB0phR1ctkHtzjCIGMiEQAHczldGTV8pWizn
TKU3jxPBPtEGRGBB5774FN7ff/8RdF8z3gN5/QcMT/D4x+nXKIWFxygTjFSsTbje
IPCX1Uw0zkbYe4eJrOXLNWKXXps2JLN1iPjKYC+MCPgQS6Vr2qVskeRd5XxHZICW
D6Sih89/kF3nI3H4mD23ikKHirUyh3gVOLqRGW17GjtARJScXsjahZt0CSU74IdH
SkJW3eOxUFinJ3bARPhz
=AvCi
-----END PGP SIGNATURE-----

--Apple-Mail=_E75D5EED-8A24-43B6-8CE0-E6A1D8ED4C66--

From paul@cypherpunks.ca  Tue Oct  8 11:21:37 2013
Return-Path: <paul@cypherpunks.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E97F711E80F8 for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 11:21:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ocZWYpMfL4MY for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 11:21:32 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id CC8FB21E8280 for <perpass@ietf.org>; Tue,  8 Oct 2013 11:21:29 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3cvRhj2Pslz9bC; Tue,  8 Oct 2013 14:21:25 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id S0X-WCkJt0P4; Tue,  8 Oct 2013 14:21:24 -0400 (EDT)
Received: from bofh.nohats.ca (unknown [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Tue,  8 Oct 2013 14:21:24 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 4B9C98002F; Tue,  8 Oct 2013 14:21:17 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 3CE438002E; Tue,  8 Oct 2013 14:21:17 -0400 (EDT)
Date: Tue, 8 Oct 2013 14:21:17 -0400 (EDT)
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <5253F2E6.1010504@cs.tcd.ie>
Message-ID: <alpine.LFD.2.10.1310081420180.7675@bofh.nohats.ca>
References: <524EBEB1.7060705@cs.tcd.ie> <5253F2E6.1010504@cs.tcd.ie>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] perpass session in  Vancouver
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 18:21:38 -0000

On Tue, 8 Oct 2013, Stephen Farrell wrote:

> I've yet to see any comment on this agenda and am
> underwhelmed with volunteers for scribing etc. Be
> nice if those both changed...

Happy to scribe. Happy to talk about some brainstorming that
has happened since last IETF regarding IPsec OE and DNSSEC.

Paul

From kent@bbn.com  Tue Oct  8 11:30:39 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 257F321E8221 for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 11:30:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.135
X-Spam-Level: 
X-Spam-Status: No, score=-105.135 tagged_above=-999 required=5 tests=[AWL=-0.396, BAYES_20=-0.74, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OIfIh8JWJHHJ for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 11:30:34 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id BE0A221E8258 for <perpass@ietf.org>; Tue,  8 Oct 2013 11:30:33 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:51075) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VTc3E-0002yS-HM; Tue, 08 Oct 2013 14:30:32 -0400
Message-ID: <52544F48.7060006@bbn.com>
Date: Tue, 08 Oct 2013 14:30:32 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Dean Willis <dean.willis@softarmor.com>
References: <CAOHm=4ujOYTHO63EFWMYJBgxUWq00zezYKAJ8B4Vgf_C=xRRVg@mail.gmail.com> <5224DF25.60503@cs.tcd.ie> <7C92613E-33E8-48A6-A152-E9DBB29DEC04@softarmor.com> <522A328A.5060008@cs.tcd.ie> <522E17F9.4000206@bbn.com> <7DA623C5-E8C4-437F-BFC9-0CDD350853A8@softarmor.com>
In-Reply-To: <7DA623C5-E8C4-437F-BFC9-0CDD350853A8@softarmor.com>
Content-Type: multipart/alternative; boundary="------------070703090404080902070708"
Cc: perpass@ietf.org
Subject: Re: [perpass] Howdy!
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 18:30:39 -0000

This is a multi-part message in MIME format.
--------------070703090404080902070708
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Dean,

Here are responses to your comments:

  

Too bad. We can try to minimize the impact, but a net that gets you killed because
the wrong person heard you say the wrong thing is worse than one with slightly less bandwidth or temporal QoS.�

  

I'm not sure I understand the context of your assertion re use of deadly 
force. I assume you don't
mean to suggest that many/most Internet users are in physical jeopardy 
as a result of nation state surveillance, right? Is your argument that 
_every_ user of the Internet should incur performance and convenience 
penalties to provide cover for the very, very tiny fraction of users who 
are in real, physical jeopardy as a result of such surveillance? I don’t 
think that those of us who develop Internet standards are in a position 
to make such tradeoffs.


There are legitimate concerns that arise if we push the envelope wrt 
traffic flow security on
a wide scale basis, e.g., bandwidth consumption (especially in mobile 
environments), battery power , user-perceptible performance (traffic 
engineering based on traffic type), and even reliability (load balancing 
performed by devices not so close to servers.) That’s why I’m 
comfortable offering mandatory-to-implement security features in 
standards, but not mandatory-to-use security features.

Perhaps. But unless one accepts it as a principle, one is doomed to build
surveillance-friendly networks.

  

I guess we disagree about the relative threats to personal privacy, and how such threats
are perceived by most users. I base my perception of the security-privacy vs. convenience and
performance tradeoff based on online habits in contexts where folks clearly
sacrifice privacy to commercial concerns on a massive basis.

  

  

I've been enterprise IT. And enterprise security. Most of their security problems
come form their own people abusing the loopholes. Sure, the IT department is lazy.
But once the "generally accepted best practices" require e2e, they'll play along. remember,
corporate policies are driven by generally accepted best practices such as GAAP for
accounting.   Note that, at least under US law, the management of a corporation is subject
to legal attacks from shareholders for losses related to the failure to deploy generally
accepted best practices for information security.

  

I agree that companies do tend to follow the heard, for the reasons you suggest. But, that does
not mean that we are in a position to tell enterprises that their concerns wrt monitoring
internal traffic, debugging, etc. are less important that a (well-intentioned) desire to thwart
surveillance at a global level. Again, it's the mandatory-to-use vs. implement issue.

  

A listing of best practies [sic] is here:   
http://www.wpi.edu/academics/CCC/Policies/bestpractices.html   

  

Note that they're written by people like CDT (an officer of which edited our privacy RFC),
NIST, and other bodies that we influence.

  

The IETF does not generally influence NIST or most of the other organizations that are sources
for the cited documents. (The IETF has often adopted NIST standards for our security RFCs.) Also,
the WPI URL lists security best practices documents from dozens of sources, not just NIST or CDT.

  

Should it? Who funds BBN, anyhow? What's your motivation for making choices that increase
surveillance?    

  

I'm pretty sure we get all our money from the GFF (Good Funding Fairy)  ;-).

I have no idea what triggered this nasty comment in response to my observation that we have offered
TFS options (e.g., in ESP) that have never been used. I was the designer of the TFS features of
ESP, so it’s absurd for you to suggest that I am “making choices that increase surveillance.�

  

Yeah, that's an ad hominem attack . But we're going to get a lot of those, and need to have
a great deal of confidence in our answers. "Nobody wants security" is probably not a good
enough answer … Nor is "Security costs too much", especially until the costs have been
more completely quantified -- including the costs of making systems that nobody will buy
because they don't want to spill their guts to our friends at Meade. Even the least suspicion
of pro-surveillance bias needs to be avoided for the results to be credible.

  

So, your reasoning appears to be that, because “we� may the target of future ad hominem attacks,
you are justified in engaging in one now. Do you now what a non sequitur is?

  

Ah yes, the old "if we build E2E, nobody will use it" argument. I find that to be an
extremely suspicious argument, but recognize it and its kin have, for many years, led
us down a rabbit-warren of bad choices, resulting in the problem we have today.

  

I am the author of several standards (e.g., RFC 4301, 4302, 4303) that enable e-t-e security.
If I didn't hope people would make use of such technology I would not have spent a lot of time
on these documents. You state that you find my comments with  respect to use of security “suspicious.�
I find your comments about an absolute need to impose  Internet standards that mandate_use_  of
security to be amazingly hubristic, especially from someone with NO security RFCs to his credit.

  

Regrettably, and as a former Cisco employee, I can tell you that folks there also face
certain pressures from state actors. I'm sure this is true of most folks. David may be a
saint. He might be a devil. But as an external party lacking the expertise, I have no way of
telling if his position is biased against my objectives.   

  

I agree that you are “an external party lacking expertise.�

  

So unless we have widespread review, from people likely to be in the influence of multiple
and conflicting actors, we really haven't had a review. How widespread? I'm not exactly sure
-- but it means more than one review, from more than one company, from more than one sector,
and from more than one nation-state at a minimum. Trust is really hard; our best substitute
is a very widespread consensus.    

  

I review a fair number of security-themed papers for journals every year. Most are terrible.
I don't think the IETF needs inputs from folks like he authors of those papers. “Very
widespread consensus� is not a substitute for high quality review by competent people. But, this
aspects of our discussion is largely irrelevant, since the IETF process does acquire inputs
from a wide range of folks as we evaluate and progress standards.

  

Arguably, the mode that we've operated in for many years has given us a rather bad current
situation. Perhaps we should reassess "good enough".

  

IWe have standardized a pretty reasonable set of security mechanisms, many of which are
either not used or have been badly implemented, or both. Some of the sources of significant
vulnerabilities have arisen because of decisions by actors external to the IETF, e.g., vendors and
service providers, for business reasons. (One good example is provided by he PKI trust model
implemented in browsers, but there are many, many more examples.)

Could we do better? Yes, in some areas we could have better standards.

Should we mandate_use_  of additional, possibly burdensome security mechanisms by
all Internet users? I think not.

Steve



--------------070703090404080902070708
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Dean,<br>
    <pre>
Here are responses to your comments:<o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre style="margin-left:.5in">Too bad. We can try to minimize the impact, but a net that gets you killed because 
the wrong person heard you say the wrong thing is worse than one with slightly less bandwidth or temporal QoS.�<o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <p class="MsoNormal"><span
        style="font-size:10.0pt;font-family:Courier">I'm not sure I
        understand the context of your assertion re use of deadly force.
        I assume you don't<br>
        mean to suggest that many/most Internet users are in physical
        jeopardy as a result of nation state surveillance, right? Is
        your argument that <u>every</u> user of the Internet should
        incur performance and convenience penalties to provide cover for
        the very, very tiny fraction of users who are in real, physical
        jeopardy as a result of such surveillance? I don’t think that
        those of us who develop Internet standards are in a position to
        make such tradeoffs. <br>
      </span></p>
    <p class="MsoNormal"><span
        style="font-size:10.0pt;font-family:Courier"><br>
        There are legitimate concerns that arise if we push the envelope
        wrt traffic flow security on<br>
        a wide scale basis, e.g., bandwidth consumption (especially in
        mobile environments), battery power , user-perceptible
        performance (traffic engineering based on traffic type), and
        even reliability (load balancing performed by devices not so
        close to servers.) That’s why I’m comfortable offering
        mandatory-to-implement security features in standards, but not
        mandatory-to-use security features.<o:p></o:p></span></p>
    <p class="MsoNormal"><span
        style="font-size:10.0pt;font-family:Courier"><o:p> </o:p></span></p>
    <pre style="margin-left:.5in">Perhaps. But unless one accepts it as a principle, one is doomed to build 
surveillance-friendly networks.<o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre>I guess we disagree about the relative threats to personal privacy, and how such threats 
are perceived by most users. I base my perception of the security-privacy vs. convenience and 
performance tradeoff based on online habits in contexts where folks clearly
sacrifice privacy to commercial concerns on a massive basis. <o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre style="margin-left:.5in">I've been enterprise IT. And enterprise security. Most of their security problems 
come form their own people abusing the loopholes. Sure, the IT department is lazy. 
But once the "generally accepted best practices" require e2e, they'll play along. remember,
corporate policies are driven by generally accepted best practices such as GAAP for 
accounting.<span style="mso-spacerun:yes">  </span>Note that, at least under US law, the management of a corporation is subject 
to legal attacks from shareholders for losses related to the failure to deploy generally 
accepted best practices for information security.<o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre>I agree that companies do tend to follow the heard, for the reasons you suggest. But, that does 
not mean that we are in a position to tell enterprises that their concerns wrt monitoring 
internal traffic, debugging, etc. are less important that a (well-intentioned) desire to thwart 
surveillance at a global level. Again, it's the mandatory-to-use vs. implement issue.<o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre style="margin-left:.5in">A listing of best practies [sic] is here:<span style="mso-spacerun:yes">  
</span><a class="moz-txt-link-freetext" href="http://www.wpi.edu/academics/CCC/Policies/bestpractices.html">http://www.wpi.edu/academics/CCC/Policies/bestpractices.html</a><span style="mso-spacerun:yes">  </span><o:p></o:p></pre>
    <pre style="margin-left:.5in"><o:p> </o:p></pre>
    <pre style="margin-left:.5in">Note that they're written by people like CDT (an officer of which edited our privacy RFC),
NIST, and other bodies that we influence. <o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre>The IETF does not generally influence NIST or most of the other organizations that are sources 
for the cited documents. (The IETF has often adopted NIST standards for our security RFCs.) Also, 
the WPI URL lists security best practices documents from dozens of sources, not just NIST or CDT.<o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre style="margin-left:.5in">Should it? Who funds BBN, anyhow? What's your motivation for making choices that increase
surveillance?<span style="mso-spacerun:yes">   </span><o:p></o:p></pre>
    <pre style="margin-left:.5in"><o:p> </o:p></pre>
    <pre>I'm pretty sure we get all our money from the GFF (Good Funding Fairy) <span class="moz-smiley-s3"><span> ;-) </span></span>. 

I have no idea what triggered this nasty comment in response to my observation that we have offered 
TFS options (e.g., in ESP) that have never been used. I was the designer of the TFS features of 
ESP, so it’s absurd for you to suggest that I am “making choices that increase surveillance.� <o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre style="margin-left:.5in">Yeah, that's an ad hominem attack . But we're going to get a lot of those, and need to have 
a great deal of confidence in our answers. "Nobody wants security" is probably not a good 
enough answer … Nor is "Security costs too much", especially until the costs have been 
more completely quantified -- including the costs of making systems that nobody will buy 
because they don't want to spill their guts to our friends at Meade. Even the least suspicion 
of pro-surveillance bias needs to be avoided for the results to be credible.<o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre>So, your reasoning appears to be that, because “we� may the target of future ad hominem attacks, 
you are justified in engaging in one now. Do you now what a non sequitur is? <o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre style="margin-left:.5in">Ah yes, the old "if we build E2E, nobody will use it" argument. I find that to be an 
extremely suspicious argument, but recognize it and its kin have, for many years, led 
us down a rabbit-warren of bad choices, resulting in the problem we have today.<o:p></o:p></pre>
    <pre> <o:p></o:p></pre>
    <pre>I am the author of several standards (e.g., RFC 4301, 4302, 4303) that enable e-t-e security. 
If I didn't hope people would make use of such technology I would not have spent a lot of time 
on these documents. You state that you find my comments with  respect to use of security “suspicious.� 
I find your comments about an absolute need to impose  Internet standards that mandate <u>use</u> of 
security to be amazingly hubristic, especially from someone with NO security RFCs to his credit.<o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre style="margin-left:.5in">Regrettably, and as a former Cisco employee, I can tell you that folks there also face 
certain pressures from state actors. I'm sure this is true of most folks. David may be a 
saint. He might be a devil. But as an external party lacking the expertise, I have no way of 
telling if his position is biased against my objectives.<span style="mso-spacerun:yes">  </span><o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre>I agree that you are “an external party lacking expertise.�<o:p></o:p></pre>
    <pre style="margin-left:.5in"><o:p> </o:p></pre>
    <pre style="margin-left:.5in">So unless we have widespread review, from people likely to be in the influence of multiple 
and conflicting actors, we really haven't had a review. How widespread? I'm not exactly sure 
-- but it means more than one review, from more than one company, from more than one sector, 
and from more than one nation-state at a minimum. Trust is really hard; our best substitute 
is a very widespread consensus.<span style="mso-spacerun:yes">   </span><o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre>I review a fair number of security-themed papers for journals every year. Most are terrible.
I don't think the IETF needs inputs from folks like he authors of those papers. “Very 
widespread consensus� is not a substitute for high quality review by competent people. But, this 
aspects of our discussion is largely irrelevant, since the IETF process does acquire inputs 
from a wide range of folks as we evaluate and progress standards. <o:p></o:p></pre>
    <pre style="margin-left:.5in"><o:p> </o:p></pre>
    <pre style="margin-left:.5in">Arguably, the mode that we've operated in for many years has given us a rather bad current 
situation. Perhaps we should reassess "good enough". <o:p></o:p></pre>
    <pre><o:p> </o:p></pre>
    <pre>IWe have standardized a pretty reasonable set of security mechanisms, many of which are 
either not used or have been badly implemented, or both. Some of the sources of significant 
vulnerabilities have arisen because of decisions by actors external to the IETF, e.g., vendors and 
service providers, for business reasons. (One good example is provided by he PKI trust model 
implemented in browsers, but there are many, many more examples.) 

Could we do better? Yes, in some areas we could have better standards. 

Should we mandate <u>use</u> of additional, possibly burdensome security mechanisms by 
all Internet users? I think not.

Steve<o:p></o:p></pre>
    <meta name="Keywords" content="">
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta name="ProgId" content="Word.Document">
    <meta name="Generator" content="Microsoft Word 14">
    <meta name="Originator" content="Microsoft Word 14">
    <link rel="File-List"
href="file://localhost/Users/stk/Library/Caches/TemporaryItems/msoclip/0/clip_filelist.xml">
    <!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Revision>0</o:Revision>
  <o:TotalTime>0</o:TotalTime>
  <o:Pages>1</o:Pages>
  <o:Words>919</o:Words>
  <o:Characters>5240</o:Characters>
  <o:Company>BBN Technologies</o:Company>
  <o:Lines>43</o:Lines>
  <o:Paragraphs>12</o:Paragraphs>
  <o:CharactersWithSpaces>6147</o:CharactersWithSpaces>
  <o:Version>14.0</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]-->
    <link rel="themeData"
href="file://localhost/Users/stk/Library/Caches/TemporaryItems/msoclip/0/clip_themedata.xml">
    <!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:View>Normal</w:View>
  <w:Zoom>0</w:Zoom>
  <w:TrackMoves/>
  <w:TrackFormatting/>
  <w:PunctuationKerning/>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:DoNotPromoteQF/>
  <w:LidThemeOther>EN-US</w:LidThemeOther>
  <w:LidThemeAsian>JA</w:LidThemeAsian>
  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
   <w:DontGrowAutofit/>
   <w:SplitPgBreakAndParaMark/>
   <w:EnableOpenTypeKerning/>
   <w:DontFlipMirrorIndents/>
   <w:OverrideTableStyleHps/>
   <w:UseFELayout/>
  </w:Compatibility>
  <m:mathPr>
   <m:mathFont m:val="Cambria Math"/>
   <m:brkBin m:val="before"/>
   <m:brkBinSub m:val="&#45;-"/>
   <m:smallFrac m:val="off"/>
   <m:dispDef/>
   <m:lMargin m:val="0"/>
   <m:rMargin m:val="0"/>
   <m:defJc m:val="centerGroup"/>
   <m:wrapIndent m:val="1440"/>
   <m:intLim m:val="subSup"/>
   <m:naryLim m:val="undOvr"/>
  </m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
  LatentStyleCount="276">
  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
  <w:LsdException Locked="false" Priority="9" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
  <w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
   UnhideWhenUsed="false" Name="Table Grid"/>
  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 1"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 2"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 3"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 4"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 5"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 6"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
 </w:LatentStyles>
</xml><![endif]-->
    <style>
<!--
 /* Font Definitions */
@font-face
	{font-family:"&#65325;&#65331; &#26126;&#26397;";
	mso-font-charset:78;
	mso-generic-font-family:auto;
	mso-font-pitch:variable;
	mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;
	mso-font-charset:0;
	mso-generic-font-family:auto;
	mso-font-pitch:variable;
	mso-font-signature:-536870145 1107305727 0 0 415 0;}
@font-face
	{font-family:Cambria;
	panose-1:2 4 5 3 5 4 6 3 2 4;
	mso-font-charset:0;
	mso-generic-font-family:auto;
	mso-font-pitch:variable;
	mso-font-signature:-536870145 1073743103 0 0 415 0;}
 /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-unhide:no;
	mso-style-qformat:yes;
	mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	mso-bidi-font-size:10.0pt;
	font-family:Cambria;
	mso-ascii-font-family:Cambria;
	mso-ascii-theme-font:minor-latin;
	mso-fareast-font-family:"&#65325;&#65331; &#26126;&#26397;";
	mso-fareast-theme-font:minor-fareast;
	mso-hansi-font-family:Cambria;
	mso-hansi-theme-font:minor-latin;
	mso-bidi-font-family:"Times New Roman";
	mso-bidi-theme-font:minor-bidi;
	mso-fareast-language:JA;}
pre
	{mso-style-priority:99;
	mso-style-link:"HTML Preformatted Char";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.0pt;
	font-family:Courier;
	mso-fareast-font-family:"&#65325;&#65331; &#26126;&#26397;";
	mso-fareast-theme-font:minor-fareast;
	mso-bidi-font-family:Courier;}
span.HTMLPreformattedChar
	{mso-style-name:"HTML Preformatted Char";
	mso-style-priority:99;
	mso-style-unhide:no;
	mso-style-locked:yes;
	mso-style-link:"HTML Preformatted";
	font-family:Courier;
	mso-ascii-font-family:Courier;
	mso-hansi-font-family:Courier;
	mso-bidi-font-family:Courier;
	mso-fareast-language:EN-US;}
.MsoChpDefault
	{mso-style-type:export-only;
	mso-default-props:yes;
	font-size:10.0pt;
	mso-ansi-font-size:10.0pt;
	mso-bidi-font-size:10.0pt;
	font-family:Cambria;
	mso-ascii-font-family:Cambria;
	mso-ascii-theme-font:minor-latin;
	mso-fareast-font-family:"&#65325;&#65331; &#26126;&#26397;";
	mso-fareast-theme-font:minor-fareast;
	mso-hansi-font-family:Cambria;
	mso-hansi-theme-font:minor-latin;
	mso-bidi-font-family:"Times New Roman";
	mso-bidi-theme-font:minor-bidi;
	mso-fareast-language:JA;}
@page WordSection1
	{size:8.5in 792.7pt;
	margin:1.0in 1.0in 1.0in 1.0in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.WordSection1
	{page:WordSection1;}
-->
</style><!--[if gte mso 10]>
<style>
 /* Style Definitions */
table.MsoNormalTable
	{mso-style-name:"Table Normal";
	mso-tstyle-rowband-size:0;
	mso-tstyle-colband-size:0;
	mso-style-noshow:yes;
	mso-style-priority:99;
	mso-style-parent:"";
	mso-padding-alt:0in 5.4pt 0in 5.4pt;
	mso-para-margin:0in;
	mso-para-margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.0pt;
	font-family:Cambria;
	mso-ascii-font-family:Cambria;
	mso-ascii-theme-font:minor-latin;
	mso-hansi-font-family:Cambria;
	mso-hansi-theme-font:minor-latin;
	mso-fareast-language:JA;}
</style>
<![endif]--><!--StartFragment--><!--EndFragment--><br>
  </body>
</html>

--------------070703090404080902070708--

From stephen.farrell@cs.tcd.ie  Tue Oct  8 14:06:24 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D2DF21F9E39 for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 14:06:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.213
X-Spam-Level: 
X-Spam-Status: No, score=-103.213 tagged_above=-999 required=5 tests=[AWL=-0.613, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hiVQ8qb4ehtp for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 14:06:18 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 3DAEB21F9E69 for <perpass@ietf.org>; Tue,  8 Oct 2013 14:06:00 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 4ABDABE58; Tue,  8 Oct 2013 22:05:50 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0L5zDpGxGLZf; Tue,  8 Oct 2013 22:05:49 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.41.48.16]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 136CFBE57; Tue,  8 Oct 2013 22:05:49 +0100 (IST)
Message-ID: <525473AC.3070007@cs.tcd.ie>
Date: Tue, 08 Oct 2013 22:05:48 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Dean Willis <dean.willis@softarmor.com>, Stephen Kent <kent@bbn.com>
References: <CAOHm=4ujOYTHO63EFWMYJBgxUWq00zezYKAJ8B4Vgf_C=xRRVg@mail.gmail.com>	<5224DF25.60503@cs.tcd.ie>	<7C92613E-33E8-48A6-A152-E9DBB29DEC04@softarmor.com>	<522A328A.5060008@cs.tcd.ie> <522E17F9.4000206@bbn.com> <7DA623C5-E8C4-437F-BFC9-0CDD350853A8@softarmor.com>
In-Reply-To: <7DA623C5-E8C4-437F-BFC9-0CDD350853A8@softarmor.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] Howdy!
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 21:06:24 -0000

On 09/13/2013 06:12 PM, Dean Willis wrote:
> Yeah, that's an ad hominem attack .

Oops. Sorry Steve, my fault for not noticing that in Dean's
mail from a few weeks ago. Dean, please desist from ad-hominen
attacks.

And I figure this particular thread has run its course in
terms of being productive. (A new thread on the issue of
MTI vs mandatory-to-use-or-similar would be interesting
though.)

Thanks,
S.





From stephen.farrell@cs.tcd.ie  Tue Oct  8 14:14:37 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 035CD21F9B66 for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 14:14:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.09
X-Spam-Level: 
X-Spam-Status: No, score=-103.09 tagged_above=-999 required=5 tests=[AWL=-0.491, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WVDzL1iYdOXs for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 14:14:27 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 6E30221F918F for <perpass@ietf.org>; Tue,  8 Oct 2013 14:14:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2A233BE57 for <perpass@ietf.org>; Tue,  8 Oct 2013 22:14:21 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OcfrNzGeC2Jm for <perpass@ietf.org>; Tue,  8 Oct 2013 22:14:20 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.41.48.16]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 23191BE59 for <perpass@ietf.org>; Tue,  8 Oct 2013 22:14:19 +0100 (IST)
Message-ID: <525475AA.2010907@cs.tcd.ie>
Date: Tue, 08 Oct 2013 22:14:18 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 21:14:37 -0000

Hi,

Steve's mail argues for the current IETF position that
mandatory-to-implement (MTI) is the correct target IETF
specifications.

Some folks (me included to be honest) wonder if the current
situation argues for raising the bar there somewhat on the
basis that MTI security features are frequently turned off
or not sufficiently well tested to be usable. (Pick your
favourite example, mine are usually rfc4744 or Diameter
being run in clear.) And an upshot from that is that that
helps those who want to pervasively monitor everything.

Others argue that that'd be the IETF straying into the
space of policy - all we should do is define how to use
strong security features and make sure the code is there so
they can be turned on and the rest is policy.

I'm sure there are loads more arguments, and I do think
it'd be useful to see those discussed here.

Thanks,
Stephen.

PS: Our -00 privacy BCP doesn't go beyond MTI for now, but
were there consensus for that, I think it'd be good if we
could go further.



From jon.peterson@neustar.biz  Tue Oct  8 15:24:05 2013
Return-Path: <jon.peterson@neustar.biz>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 319F611E810D for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 15:24:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.161
X-Spam-Level: 
X-Spam-Status: No, score=-106.161 tagged_above=-999 required=5 tests=[AWL=0.438, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PJ-NJHZ7SIcd for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 15:24:01 -0700 (PDT)
Received: from neustar.com (mx2.neustar.com [156.154.25.104]) by ietfa.amsl.com (Postfix) with ESMTP id 1BF0A11E80E6 for <perpass@ietf.org>; Tue,  8 Oct 2013 15:24:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.biz; s=neustarbiz; t=1381271052; x=1696630299; q=dns/txt; h=From:Subject:Date:Message-ID:Content-Language: Content-Type:Content-ID:Content-Transfer-Encoding; bh=8vI0TByJ6H a4+WaSSRTFobC8N9MffKptxMobz+QJXps=; b=Zvs8LH5FAkjCR9cPhG6aLPa2vf o7+MGfr39vz+MbHa1xhEs+WuXv5EExg++iMoK8r8p4sfVuONccYNUW30y90A==
Received: from ([10.31.58.71]) by chihiron2.nc.neustar.com with ESMTP with TLS id J041123125.26807080;  Tue, 08 Oct 2013 18:24:11 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.60]) by stntexhc12.cis.neustar.com ([::1]) with mapi id 14.02.0342.003; Tue, 8 Oct 2013 18:23:50 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, perpass <perpass@ietf.org>
Thread-Topic: [perpass] mandatory-to-implement vs. more?
Thread-Index: AQHOxGt1gKv+/IMKx0apKzYaC3uAzpnrLvwA
Date: Tue, 8 Oct 2013 22:23:49 +0000
Message-ID: <CE79CB08.A63D4%jon.peterson@neustar.biz>
In-Reply-To: <525475AA.2010907@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/14.3.6.130613
x-originating-ip: [192.168.129.154]
x-ems-proccessed: R64IxjzeHPwwd+efoj3ZcA==
x-ems-stamp: fs9ZyDq9/k3KM0nS6SCmiw==
Content-Type: text/plain; charset="us-ascii"
Content-ID: <EACB876225AE4F4C9BA6EB42F59C442B@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 22:24:05 -0000

Moving the bar from MTI to mandatory-to-use (can we overload the acronym
MTU?) goes beyond just questions of policy, and into the questions of how
we build consensus and what the shapes the output of our engineering
process.

Just to take an example I've followed a bit, SIP is relatively successful
IETF protocol. It has some notable security issues. We could have designed
SIP in a way that reduced the ability of middlemen to work themselves into
the path of SIP messages, and thus reduced the potential for eavesdropping
on the sessions that SIP creates - and its usefulness as a tool of
surveillance.

Had we made some of those design decisions, however, it's unclear to me
that SIP would have been such a successful protocol. But we wouldn't have
made those decisions anyway, because the relevant documents would never
have garnered consensus in the working groups. Our consensus process
reflects the aggregate of the requirements of our participants, which come
from many sources: employers, or regulators, or academic interests, or
personal consciences.

If we had designed SIP to be a protocol that didn't meet those
requirements, of course it wouldn't see much deployment. Extensions to SIP
that have leaned in this direction have had little impact on the
protocol's use. That is the purpose of a consensus process, to reflect the
likely implementation and deployment community. Like it or not, the
participants in our consensus process want protocols like SIP to be
modifiable by intermediaries for numerous reasons - and once we open that
door, we have to understand it will be open for all comers.

We could change our process so that it overrides consensus on some of
these crucial points. I think it would be safe to say that we already do
so, in a limited way, as a results of various forms of cross-area review.
As popular protocol go through our process, we levy requirements that are
winked at by document authors and ignored by implementers. There are
however lines here we could cross that would result in nothing but the
severing of IETF work from the reality of deployment. That would not serve
our mission of making the Internet better.

We undoubtedly need to make changes to reflect our new understanding of
the threats facing the Internet. I think this needs to come from the
bottom up, though, not from the top down. I am heartened that our
consensus process has elevated core security mechanisms to
mandatory-to-use level for some recent work, like in RTCWeb. We need to
shed the brightest light we can on these issues, educate the community
about the new risks and the practical countermeasures, and then execute
our consensus process as we always have. In some cases, mandatory-to-use
will be the right choice. In others, it won't.

Jon Peterson
Neustar, Inc.

On 10/8/13 2:14 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:

>
>Hi,
>
>Steve's mail argues for the current IETF position that
>mandatory-to-implement (MTI) is the correct target IETF
>specifications.
>
>Some folks (me included to be honest) wonder if the current
>situation argues for raising the bar there somewhat on the
>basis that MTI security features are frequently turned off
>or not sufficiently well tested to be usable. (Pick your
>favourite example, mine are usually rfc4744 or Diameter
>being run in clear.) And an upshot from that is that that
>helps those who want to pervasively monitor everything.
>
>Others argue that that'd be the IETF straying into the
>space of policy - all we should do is define how to use
>strong security features and make sure the code is there so
>they can be turned on and the rest is policy.
>
>I'm sure there are loads more arguments, and I do think
>it'd be useful to see those discussed here.
>
>Thanks,
>Stephen.
>
>PS: Our -00 privacy BCP doesn't go beyond MTI for now, but
>were there consensus for that, I think it'd be good if we
>could go further.
>
>
>_______________________________________________
>perpass mailing list
>perpass@ietf.org
>https://www.ietf.org/mailman/listinfo/perpass


From brian.e.carpenter@gmail.com  Tue Oct  8 16:03:06 2013
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9341721F9F3D for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 16:03:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.949
X-Spam-Level: 
X-Spam-Status: No, score=-101.949 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUjV2wuEYtpd for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 16:03:00 -0700 (PDT)
Received: from mail-pa0-x22d.google.com (mail-pa0-x22d.google.com [IPv6:2607:f8b0:400e:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 0BED021E80C6 for <perpass@ietf.org>; Tue,  8 Oct 2013 16:02:34 -0700 (PDT)
Received: by mail-pa0-f45.google.com with SMTP id rd3so141652pab.4 for <perpass@ietf.org>; Tue, 08 Oct 2013 16:02:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=90tig1HxNzpTgqjd5IPJzRQE4FHiWvxD6B8sd9H2hao=; b=gAxuCdtMxgtvu/pO8DlHu/x59HKxeQ5ApkYrNKxNZwKS8MG2fbjO3P8o6KtbE0vGZx 4aHhSKJkTHxXDvVtk0aMjal3/ZG3mYnzZFZKqp9ld2gaJPRz/p4tit4rCJ4tezn2JVYp VgVdc4MBlRYPAklMiiF1bhMahSVP8Ly+cntsTN9O2+mKyhRMG3Uj1nJ9eIMqn8CrjcHL rpxRXlawQMCLgMNnbiqdxFfDy+N+x6VB89/YexyZb8ROsCn5ecIXaYhb+zMu48rCElaI VPU0h29COhXCd2MfOCze7M4a7iAwchomViGoHlRcqwTAdGGRDrNoZj9U3CRONV6EDsXS hgbg==
X-Received: by 10.68.125.226 with SMTP id mt2mr4476387pbb.115.1381273347337; Tue, 08 Oct 2013 16:02:27 -0700 (PDT)
Received: from [130.216.38.234] (dhcp-38-19.cs.auckland.ac.nz. [130.216.38.234]) by mx.google.com with ESMTPSA id y5sm42457931pbs.18.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 08 Oct 2013 16:02:26 -0700 (PDT)
Message-ID: <52548F03.6080807@gmail.com>
Date: Wed, 09 Oct 2013 12:02:27 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Peterson, Jon" <jon.peterson@neustar.biz>
References: <CE79CB08.A63D4%jon.peterson@neustar.biz>
In-Reply-To: <CE79CB08.A63D4%jon.peterson@neustar.biz>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 23:03:12 -0000

On 09/10/2013 11:23, Peterson, Jon wrote:
> Moving the bar from MTI to mandatory-to-use (can we overload the acronym
> MTU?) goes beyond just questions of policy, and into the questions of how
> we build consensus and what the shapes the output of our engineering
> process.

How about mandatory-to-be-on-by-default and mandatory-to-have-an-off-switch?

    Brian

From stephen.farrell@cs.tcd.ie  Tue Oct  8 16:12:54 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 479E611E810D for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 16:12:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.008
X-Spam-Level: 
X-Spam-Status: No, score=-103.008 tagged_above=-999 required=5 tests=[AWL=-0.409, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qCnBTnDEHFQN for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 16:12:49 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id CAD0321F9A2D for <perpass@ietf.org>; Tue,  8 Oct 2013 16:12:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C12EBBE57; Wed,  9 Oct 2013 00:12:47 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ajkXOuceoCWF; Wed,  9 Oct 2013 00:12:44 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.41.48.16]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id E193BBE50; Wed,  9 Oct 2013 00:12:43 +0100 (IST)
Message-ID: <5254916B.20906@cs.tcd.ie>
Date: Wed, 09 Oct 2013 00:12:43 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: "Peterson, Jon" <jon.peterson@neustar.biz>,  perpass <perpass@ietf.org>
References: <CE79CB08.A63D4%jon.peterson@neustar.biz>
In-Reply-To: <CE79CB08.A63D4%jon.peterson@neustar.biz>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 23:12:54 -0000

Hi Jon,

I think SIP vs. WebRTC could be a fine contrast that could shed
some light on this, though its maybe a bit early in the latter
case. Do you know if anyone's done a comparison between those
two from the security point of view (well, between SIP deployment
and WebRTC plans is probably the best that could be done I guess).

Some more points below...

On 10/08/2013 11:23 PM, Peterson, Jon wrote:
> 
> Moving the bar from MTI to mandatory-to-use (can we overload the acronym
> MTU?) goes beyond just questions of policy, and into the questions of how
> we build consensus and what the shapes the output of our engineering
> process.

I don't think I agree there. My suggestion was that we discuss
whether or not we may have a new consensus, not a change in how
we determine consenesus. In the event it appeared there was a
new consensus on this list, that'd have to be tested more
broadly before it'd impact on anything.

> 
> Just to take an example I've followed a bit, SIP is relatively successful
> IETF protocol. It has some notable security issues. 

Nice understatement;-) IMO that's quite relevant too. SIP could be
at the same time a nice example of a successful insecure protocol
and of a very unsuccessful security protocol. That's a bit pejorative
but I guess you know what I mean.

> We could have designed
> SIP in a way that reduced the ability of middlemen to work themselves into
> the path of SIP messages, and thus reduced the potential for eavesdropping
> on the sessions that SIP creates - and its usefulness as a tool of
> surveillance.
> 
> Had we made some of those design decisions, however, it's unclear to me
> that SIP would have been such a successful protocol. 

Well, that assumes that the SIP-proxy driven aproach that's current was
always going to be necessary. Its clearly necessary now though so
the middlebox aspect is a real issue here (and for HTTP).

> But we wouldn't have
> made those decisions anyway, because the relevant documents would never
> have garnered consensus in the working groups. Our consensus process
> reflects the aggregate of the requirements of our participants, which come
> from many sources: employers, or regulators, or academic interests, or
> personal consciences.
> 
> If we had designed SIP to be a protocol that didn't meet those
> requirements, of course it wouldn't see much deployment. Extensions to SIP
> that have leaned in this direction have had little impact on the
> protocol's use. That is the purpose of a consensus process, to reflect the
> likely implementation and deployment community. Like it or not, the
> participants in our consensus process want protocols like SIP to be
> modifiable by intermediaries for numerous reasons - and once we open that
> door, we have to understand it will be open for all comers.
> 
> We could change our process so that it overrides consensus on some of
> these crucial points. I think it would be safe to say that we already do
> so, in a limited way, as a results of various forms of cross-area review.
> As popular protocol go through our process, we levy requirements that are
> winked at by document authors and ignored by implementers. 

Yeah, that's a PITA. References to RFC 4744 and RFC 3118 are my least
favourite things to see when reviewing drafts. Both indicate that
people are trying to pretend to do security, and that they're even
doing that badly;-)

That does I think make for an argument for more than MTI - if it
really has to be used for the protocol to operate, then its far
more likely to work and get used and have been properly engineered.

> There are
> however lines here we could cross that would result in nothing but the
> severing of IETF work from the reality of deployment. That would not serve
> our mission of making the Internet better.
> 
> We undoubtedly need to make changes to reflect our new understanding of
> the threats facing the Internet. I think this needs to come from the
> bottom up, though, not from the top down. 

Fully agree. And that's what (I think) we're doing here. Seeing what
really is new and what folks want to do about it. But maybe I'm mixed
up, I've no idea what top-down thing you mean to be honest.

> I am heartened that our
> consensus process has elevated core security mechanisms to
> mandatory-to-use level for some recent work, like in RTCWeb. We need to
> shed the brightest light we can on these issues, educate the community
> about the new risks and the practical countermeasures, and then execute
> our consensus process as we always have. In some cases, mandatory-to-use
> will be the right choice. In others, it won't.

That's one possible outcome - to say that more-than-MTI is a valid
choice that can be made on a protocol by protocol basis. And while
that's not described in BCP61, the WebRTC case shows its doable
aleady I guess that's an argument for the status quo. (Which is fine,
the point for now is to see what arguments there are that might
convince folks here that the status quo is or is not ok.)

S.


> 
> Jon Peterson
> Neustar, Inc.
> 
> On 10/8/13 2:14 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
> 
>>
>> Hi,
>>
>> Steve's mail argues for the current IETF position that
>> mandatory-to-implement (MTI) is the correct target IETF
>> specifications.
>>
>> Some folks (me included to be honest) wonder if the current
>> situation argues for raising the bar there somewhat on the
>> basis that MTI security features are frequently turned off
>> or not sufficiently well tested to be usable. (Pick your
>> favourite example, mine are usually rfc4744 or Diameter
>> being run in clear.) And an upshot from that is that that
>> helps those who want to pervasively monitor everything.
>>
>> Others argue that that'd be the IETF straying into the
>> space of policy - all we should do is define how to use
>> strong security features and make sure the code is there so
>> they can be turned on and the rest is policy.
>>
>> I'm sure there are loads more arguments, and I do think
>> it'd be useful to see those discussed here.
>>
>> Thanks,
>> Stephen.
>>
>> PS: Our -00 privacy BCP doesn't go beyond MTI for now, but
>> were there consensus for that, I think it'd be good if we
>> could go further.
>>
>>
>> _______________________________________________
>> perpass mailing list
>> perpass@ietf.org
>> https://www.ietf.org/mailman/listinfo/perpass
> 
> 
> 

From kathleen.moriarty@emc.com  Tue Oct  8 18:01:21 2013
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DFEC21F8E70 for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 18:01:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6dOKBdvgNjBV for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 18:01:17 -0700 (PDT)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id 4887B21F8A38 for <perpass@ietf.org>; Tue,  8 Oct 2013 18:01:14 -0700 (PDT)
Received: from maildlpprd02.lss.emc.com (maildlpprd02.lss.emc.com [10.253.24.34]) by mailuogwprd02.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9910teN003324 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 8 Oct 2013 21:00:55 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd02.lss.emc.com r9910teN003324
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1381280456; bh=1671J6O3I/CJo7xP4edaarKQzu8=; h=From:To:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=BQ8W0vd7gfrC92SLl3RbXln0nXmMmynccszDXvsHzF6j52OUEhXmayjsZVqmiXdEI 938DVMwyBnjBLGDqHt/KHrSrw9Kew2qXQ6Yk8bZz+wQZeNRLyBSb6Y9BMcDOBh2CpH D89exywlJPZ96tdlSJT9eFD2DDiQ8DS3t4XSQjvI=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd02.lss.emc.com r9910teN003324
Received: from mailusrhubprd54.lss.emc.com (mailusrhubprd54.lss.emc.com [10.106.48.19]) by maildlpprd02.lss.emc.com (RSA Interceptor); Tue, 8 Oct 2013 21:00:37 -0400
Received: from mxhub33.corp.emc.com (mxhub33.corp.emc.com [10.254.93.81]) by mailusrhubprd54.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9910Y8M026617 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 8 Oct 2013 21:00:34 -0400
Received: from mx15a.corp.emc.com ([169.254.1.46]) by mxhub33.corp.emc.com ([::1]) with mapi; Tue, 8 Oct 2013 21:00:34 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: "Peterson, Jon" <jon.peterson@neustar.biz>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, perpass <perpass@ietf.org>
Date: Tue, 8 Oct 2013 21:00:33 -0400
Thread-Topic: [perpass] mandatory-to-implement vs. more?
Thread-Index: AQHOxGt1gKv+/IMKx0apKzYaC3uAzpnrLvwAgABbozA=
Message-ID: <F5063677821E3B4F81ACFB7905573F24049E8BC3F7@MX15A.corp.emc.com>
References: <525475AA.2010907@cs.tcd.ie> <CE79CB08.A63D4%jon.peterson@neustar.biz>
In-Reply-To: <CE79CB08.A63D4%jon.peterson@neustar.biz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd54.lss.emc.com
X-EMM-GWVC: 1
X-RSA-Classifications: public
X-EMM-McAfeeVC: 1
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 01:01:21 -0000

+1

I do run into cases where people are already confused on MTI and think it m=
eans MTU on IETF documents.  I've heard it used as a reason not to use a pr=
otocol (too complex for users to implement).  In one case, mutual authentic=
ation on a peer-to-peer exchange of sensitive information was argued as too=
 much and a non-IETF standard is getting some traction as a result (so is t=
he IETF standard by those who actually evaluated).  I do think it is import=
ant to have key features as MTI, then making it very clear what is MTU and =
what is by policy may be fine.

Many of us will have to worry about customer requirements that will cover a=
 broad range from different governments (these could evolve), those worried=
 about monitoring, and those that don't set forth any requirements.

Thanks,
Kathleen

-----Original Message-----
From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf =
Of Peterson, Jon
Sent: Tuesday, October 08, 2013 6:24 PM
To: Stephen Farrell; perpass
Subject: Re: [perpass] mandatory-to-implement vs. more?


Moving the bar from MTI to mandatory-to-use (can we overload the acronym
MTU?) goes beyond just questions of policy, and into the questions of how w=
e build consensus and what the shapes the output of our engineering process=
.

Just to take an example I've followed a bit, SIP is relatively successful I=
ETF protocol. It has some notable security issues. We could have designed S=
IP in a way that reduced the ability of middlemen to work themselves into t=
he path of SIP messages, and thus reduced the potential for eavesdropping o=
n the sessions that SIP creates - and its usefulness as a tool of surveilla=
nce.

Had we made some of those design decisions, however, it's unclear to me tha=
t SIP would have been such a successful protocol. But we wouldn't have made=
 those decisions anyway, because the relevant documents would never have ga=
rnered consensus in the working groups. Our consensus process reflects the =
aggregate of the requirements of our participants, which come from many sou=
rces: employers, or regulators, or academic interests, or personal conscien=
ces.

If we had designed SIP to be a protocol that didn't meet those requirements=
, of course it wouldn't see much deployment. Extensions to SIP that have le=
aned in this direction have had little impact on the protocol's use. That i=
s the purpose of a consensus process, to reflect the likely implementation =
and deployment community. Like it or not, the participants in our consensus=
 process want protocols like SIP to be modifiable by intermediaries for num=
erous reasons - and once we open that door, we have to understand it will b=
e open for all comers.

We could change our process so that it overrides consensus on some of these=
 crucial points. I think it would be safe to say that we already do so, in =
a limited way, as a results of various forms of cross-area review.
As popular protocol go through our process, we levy requirements that are w=
inked at by document authors and ignored by implementers. There are however=
 lines here we could cross that would result in nothing but the severing of=
 IETF work from the reality of deployment. That would not serve our mission=
 of making the Internet better.

We undoubtedly need to make changes to reflect our new understanding of the=
 threats facing the Internet. I think this needs to come from the bottom up=
, though, not from the top down. I am heartened that our consensus process =
has elevated core security mechanisms to mandatory-to-use level for some re=
cent work, like in RTCWeb. We need to shed the brightest light we can on th=
ese issues, educate the community about the new risks and the practical cou=
ntermeasures, and then execute our consensus process as we always have. In =
some cases, mandatory-to-use will be the right choice. In others, it won't.

Jon Peterson
Neustar, Inc.

On 10/8/13 2:14 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:

>
>Hi,
>
>Steve's mail argues for the current IETF position that=20
>mandatory-to-implement (MTI) is the correct target IETF specifications.
>
>Some folks (me included to be honest) wonder if the current situation=20
>argues for raising the bar there somewhat on the basis that MTI=20
>security features are frequently turned off or not sufficiently well=20
>tested to be usable. (Pick your favourite example, mine are usually=20
>rfc4744 or Diameter being run in clear.) And an upshot from that is=20
>that that helps those who want to pervasively monitor everything.
>
>Others argue that that'd be the IETF straying into the space of policy=20
>- all we should do is define how to use strong security features and=20
>make sure the code is there so they can be turned on and the rest is=20
>policy.
>
>I'm sure there are loads more arguments, and I do think it'd be useful=20
>to see those discussed here.
>
>Thanks,
>Stephen.
>
>PS: Our -00 privacy BCP doesn't go beyond MTI for now, but were there=20
>consensus for that, I think it'd be good if we could go further.
>
>
>_______________________________________________
>perpass mailing list
>perpass@ietf.org
>https://www.ietf.org/mailman/listinfo/perpass

_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass


From stephen.farrell@cs.tcd.ie  Tue Oct  8 18:34:26 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7CE321F9E99 for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 18:34:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.544
X-Spam-Level: 
X-Spam-Status: No, score=-102.544 tagged_above=-999 required=5 tests=[AWL=-0.545, BAYES_00=-2.599, J_CHICKENPOX_52=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pykugGU-+FrT for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 18:34:22 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id D562721F9FF1 for <perpass@ietf.org>; Tue,  8 Oct 2013 18:34:19 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 000A6BE59; Wed,  9 Oct 2013 02:34:05 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xWec9R4WtFJl; Wed,  9 Oct 2013 02:34:01 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.41.48.16]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id B9D5ABE57; Wed,  9 Oct 2013 02:34:00 +0100 (IST)
Message-ID: <5254B288.80504@cs.tcd.ie>
Date: Wed, 09 Oct 2013 02:34:00 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>,  "Peterson, Jon" <jon.peterson@neustar.biz>, perpass <perpass@ietf.org>
References: <525475AA.2010907@cs.tcd.ie>	<CE79CB08.A63D4%jon.peterson@neustar.biz> <F5063677821E3B4F81ACFB7905573F24049E8BC3F7@MX15A.corp.emc.com>
In-Reply-To: <F5063677821E3B4F81ACFB7905573F24049E8BC3F7@MX15A.corp.emc.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 01:34:26 -0000

On 10/09/2013 02:00 AM, Moriarty, Kathleen wrote:
> +1
> 
> I do run into cases where people are already confused on MTI and
> think it means MTU on IETF documents.  

True, but a different discussion.

> I've heard it used as a reason
> not to use a protocol (too complex for users to implement). 

Users don't implement as I'd use those terms, so I'm not
sure I get what you mean.

> In one
> case, mutual authentication on a peer-to-peer exchange of sensitive
> information was argued as too much and a non-IETF standard is getting
> some traction as a result (so is the IETF standard by those who
> actually evaluated).  I do think it is important to have key features
> as MTI, then making it very clear what is MTU and what is by policy
> may be fine.

Right, that's the status quo. AFAIK it leads to pretty much
all Diameter exchanges being done in clear. Now that we have
a new threat model, is that still considered ok? I think that
is really worth questioning. As Jon said - WebRTC can do it,
the initial SPDY proposals did it, so there's no reason why
most protocols can't do similarly that I can see - what's
different other than intent? I think there are interesting
questions there to explore.

> Many of us will have to worry about customer requirements that will
> cover a broad range from different governments (these could evolve),
> those worried about monitoring, and those that don't set forth any
> requirements.

That's a little ambiguous: I'm not sure if you're saying you
have customers who are concerned that pervasive monitoring might
be happening, or customers who are governemtns that worry that
they can't monitor enough;-)

But either way, the new reality seems to be that we have a
demonstration that a set of governments want to pervasively
monitor everything. And I'm sure there're others also trying
that. And now there'll be a whole new set trying to join that
club. So even the governments that want to monitor everyone
else will I think soon realise that they're better off it they
themselves/their citizens are less easy to monitor.

I'm very simple: this is an attack on the network. If we
treat it that way, and do that well, we might all win.

S.


> 
> Thanks, Kathleen
> 
> -----Original Message----- From: perpass-bounces@ietf.org
> [mailto:perpass-bounces@ietf.org] On Behalf Of Peterson, Jon Sent:
> Tuesday, October 08, 2013 6:24 PM To: Stephen Farrell; perpass 
> Subject: Re: [perpass] mandatory-to-implement vs. more?
> 
> 
> Moving the bar from MTI to mandatory-to-use (can we overload the
> acronym MTU?) goes beyond just questions of policy, and into the
> questions of how we build consensus and what the shapes the output of
> our engineering process.
> 
> Just to take an example I've followed a bit, SIP is relatively
> successful IETF protocol. It has some notable security issues. We
> could have designed SIP in a way that reduced the ability of
> middlemen to work themselves into the path of SIP messages, and thus
> reduced the potential for eavesdropping on the sessions that SIP
> creates - and its usefulness as a tool of surveillance.
> 
> Had we made some of those design decisions, however, it's unclear to
> me that SIP would have been such a successful protocol. But we
> wouldn't have made those decisions anyway, because the relevant
> documents would never have garnered consensus in the working groups.
> Our consensus process reflects the aggregate of the requirements of
> our participants, which come from many sources: employers, or
> regulators, or academic interests, or personal consciences.
> 
> If we had designed SIP to be a protocol that didn't meet those
> requirements, of course it wouldn't see much deployment. Extensions
> to SIP that have leaned in this direction have had little impact on
> the protocol's use. That is the purpose of a consensus process, to
> reflect the likely implementation and deployment community. Like it
> or not, the participants in our consensus process want protocols like
> SIP to be modifiable by intermediaries for numerous reasons - and
> once we open that door, we have to understand it will be open for all
> comers.
> 
> We could change our process so that it overrides consensus on some of
> these crucial points. I think it would be safe to say that we already
> do so, in a limited way, as a results of various forms of cross-area
> review. As popular protocol go through our process, we levy
> requirements that are winked at by document authors and ignored by
> implementers. There are however lines here we could cross that would
> result in nothing but the severing of IETF work from the reality of
> deployment. That would not serve our mission of making the Internet
> better.
> 
> We undoubtedly need to make changes to reflect our new understanding
> of the threats facing the Internet. I think this needs to come from
> the bottom up, though, not from the top down. I am heartened that our
> consensus process has elevated core security mechanisms to
> mandatory-to-use level for some recent work, like in RTCWeb. We need
> to shed the brightest light we can on these issues, educate the
> community about the new risks and the practical countermeasures, and
> then execute our consensus process as we always have. In some cases,
> mandatory-to-use will be the right choice. In others, it won't.
> 
> Jon Peterson Neustar, Inc.
> 
> On 10/8/13 2:14 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
> wrote:
> 
>> 
>> Hi,
>> 
>> Steve's mail argues for the current IETF position that 
>> mandatory-to-implement (MTI) is the correct target IETF
>> specifications.
>> 
>> Some folks (me included to be honest) wonder if the current
>> situation argues for raising the bar there somewhat on the basis
>> that MTI security features are frequently turned off or not
>> sufficiently well tested to be usable. (Pick your favourite
>> example, mine are usually rfc4744 or Diameter being run in clear.)
>> And an upshot from that is that that helps those who want to
>> pervasively monitor everything.
>> 
>> Others argue that that'd be the IETF straying into the space of
>> policy - all we should do is define how to use strong security
>> features and make sure the code is there so they can be turned on
>> and the rest is policy.
>> 
>> I'm sure there are loads more arguments, and I do think it'd be
>> useful to see those discussed here.
>> 
>> Thanks, Stephen.
>> 
>> PS: Our -00 privacy BCP doesn't go beyond MTI for now, but were
>> there consensus for that, I think it'd be good if we could go
>> further.
>> 
>> 
>> _______________________________________________ perpass mailing
>> list perpass@ietf.org 
>> https://www.ietf.org/mailman/listinfo/perpass
> 
> _______________________________________________ perpass mailing list 
> perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
> 
> _______________________________________________ perpass mailing list 
> perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From jon.peterson@neustar.biz  Tue Oct  8 22:50:40 2013
Return-Path: <jon.peterson@neustar.biz>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 309AE21E80E1 for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 22:50:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.03
X-Spam-Level: 
X-Spam-Status: No, score=-104.03 tagged_above=-999 required=5 tests=[AWL=-1.984, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TRxxFFoF0Iz7 for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 22:50:35 -0700 (PDT)
Received: from neustar.com (keys.neustar.biz [156.154.42.25]) by ietfa.amsl.com (Postfix) with ESMTP id 9312E11E8133 for <perpass@ietf.org>; Tue,  8 Oct 2013 22:50:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.biz; s=neustarbiz; t=1381298408; x=1696646841; q=dns/txt; h=From:Subject:Date:Message-ID:Content-Language: Content-Type:Content-ID:Content-Transfer-Encoding; bh=hZdB5cAE42 23GFOFzIhdr5gA2YDgqVEYCWNDK7mJ5Xc=; b=oK/bm/RaL5ooTBw88rVXgvPoqE 1g3uDcLSB+uVLx4af16YcfiNot3bia3FHKmxvaa0oSF8CHOHZFrWZmwRsubQ==
Received: from ([10.31.58.71]) by stihiron1.va.neustar.com with ESMTP with TLS id J041124052.33339344;  Wed, 09 Oct 2013 02:00:07 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.60]) by stntexhc12.cis.neustar.com ([::1]) with mapi id 14.02.0342.003; Wed, 9 Oct 2013 01:50:15 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, perpass <perpass@ietf.org>
Thread-Topic: [perpass] mandatory-to-implement vs. more?
Thread-Index: AQHOxGt1gKv+/IMKx0apKzYaC3uAzpnrLvwAgACDA4D///m2AA==
Date: Wed, 9 Oct 2013 05:50:14 +0000
Message-ID: <CE7A3488.A67E8%jon.peterson@neustar.biz>
In-Reply-To: <5254916B.20906@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/14.3.6.130613
x-originating-ip: [192.168.129.154]
x-ems-proccessed: R64IxjzeHPwwd+efoj3ZcA==
x-ems-stamp: PwnRk/6IR1kW1rDTavyfjg==
Content-Type: text/plain; charset="us-ascii"
Content-ID: <DE20A3245ECD1A42A1EA9FDA8F15FB97@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 05:50:40 -0000

I'm sure we could put together some instructive parables on the contrast
between SIP and WebRTC, but that would largely be a discussion about the
different market dynamics of browsers and the web versus the more
telecom-centric influences that shaped SIP. Again, a question of which
requirements constituents bring to the table and what points of consensus
we can reach.

And...

>>=20
>> Moving the bar from MTI to mandatory-to-use (can we overload the acronym
>> MTU?) goes beyond just questions of policy, and into the questions of
>>how
>> we build consensus and what the shapes the output of our engineering
>> process.
>
>I don't think I agree there. My suggestion was that we discuss
>whether or not we may have a new consensus, not a change in how
>we determine consenesus. In the event it appeared there was a
>new consensus on this list, that'd have to be tested more
>broadly before it'd impact on anything.

I think we could get a consensus that people really should eat broccoli,
but that's a very different matter than whether or not the meal in front
of us at any given moment should have broccoli in it.

We have a consensus that there should be cross-area review for security
today, and we are working towards similar constraints for privacy, but we
need to acknowledge that there is a certain amount of broccoli being
shoved onto random plates that is perhaps not going into people's mouths
today. If we replace the whole meal with broccoli, people will decide to
dine elsewhere.

[snip]
>>=20
>> We could change our process so that it overrides consensus on some of
>> these crucial points. I think it would be safe to say that we already do
>> so, in a limited way, as a results of various forms of cross-area
>>review.
>> As popular protocol go through our process, we levy requirements that
>>are
>> winked at by document authors and ignored by implementers.
>
>Yeah, that's a PITA. References to RFC 4744 and RFC 3118 are my least
>favourite things to see when reviewing drafts. Both indicate that
>people are trying to pretend to do security, and that they're even
>doing that badly;-)
>
>That does I think make for an argument for more than MTI - if it
>really has to be used for the protocol to operate, then its far
>more likely to work and get used and have been properly engineered.

I think it makes an argument that we need to target our security
requirements on places where they will genuinely impact implementations
and deployments, rather than flooding security anywhere it will fit and
hoping that a rising tide will lift all boats. Our current process is not
however conducive to identifying places where security will be successful.

[snip]
>> In some cases, mandatory-to-use
>> will be the right choice. In others, it won't.
>
>That's one possible outcome - to say that more-than-MTI is a valid
>choice that can be made on a protocol by protocol basis. And while
>that's not described in BCP61, the WebRTC case shows its doable
>aleady I guess that's an argument for the status quo. (Which is fine,
>the point for now is to see what arguments there are that might
>convince folks here that the status quo is or is not ok.)

I don't mean to argue for the status quo, I'm as outraged and scared as
anyone. I just don't want to see us make changes that will ultimately work
against our interests. I'd like to find ways that we can convince the
community to accept confidentiality mechanisms as routine. My concern is
that, as the case of SIP demonstrated, sometimes the success of a protocol
depends on lacking security features in certain places, and if we're here
to engineer successful protocols, broadly mandating the use of features
like confidentiality will necessary limit that success.

There will be places the community will accept security, and others where
they won't. Today, where they find guidance onerous they just ignore it -
if we make distasteful guidance inseparable from our protocols, then they
will just ignore our protocols.

Jon Peterson
Neustar, Inc.


>S.


From trammell@tik.ee.ethz.ch  Tue Oct  8 23:14:27 2013
Return-Path: <trammell@tik.ee.ethz.ch>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B270121E80F4 for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 23:14:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.799
X-Spam-Level: 
X-Spam-Status: No, score=-4.799 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_33=0.6, J_CHICKENPOX_34=0.6, J_CHICKENPOX_44=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eQTzqVKn9uqE for <perpass@ietfa.amsl.com>; Tue,  8 Oct 2013 23:14:21 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) by ietfa.amsl.com (Postfix) with ESMTP id 9126621E80E6 for <perpass@ietf.org>; Tue,  8 Oct 2013 23:14:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id A1CDFD93A2; Wed,  9 Oct 2013 08:14:20 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id DVvcDKiZ-gW9; Wed,  9 Oct 2013 08:14:20 +0200 (MEST)
Received: from [10.0.27.100] (cust-integra-122-165.antanet.ch [80.75.122.165]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: briant) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id 384FED9302; Wed,  9 Oct 2013 08:14:20 +0200 (MEST)
Content-Type: multipart/signed; boundary="Apple-Mail=_E556D07E-5567-4E52-9D03-EE9A190A706D"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Brian Trammell <trammell@tik.ee.ethz.ch>
In-Reply-To: <52548F03.6080807@gmail.com>
Date: Wed, 9 Oct 2013 08:14:19 +0200
Message-Id: <27D3DECA-9DA4-42A6-9C5A-33D299F19793@tik.ee.ethz.ch>
References: <CE79CB08.A63D4%jon.peterson@neustar.biz> <52548F03.6080807@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
X-Mailer: Apple Mail (2.1510)
Cc: perpass <perpass@ietf.org>, "Peterson, Jon" <jon.peterson@neustar.biz>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 06:14:27 -0000

--Apple-Mail=_E556D07E-5567-4E52-9D03-EE9A190A706D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

hi Brian, all,

On Oct 9, 2013, at 1:02 AM, Brian E Carpenter =
<brian.e.carpenter@gmail.com> wrote:

> On 09/10/2013 11:23, Peterson, Jon wrote:
>> Moving the bar from MTI to mandatory-to-use (can we overload the =
acronym
>> MTU?) goes beyond just questions of policy, and into the questions of =
how
>> we build consensus and what the shapes the output of our engineering
>> process.
>=20
> How about mandatory-to-be-on-by-default and =
mandatory-to-have-an-off-switch?

It doesn't seem to me that going any further is practical; declaring =
something "mandatory to use" especially in absence of a deployment =
certification program (and I hope we can agree we don't want to go =
there) essentially invites people to ignore you,

Mandatory default (beyond MTI) would at the very least have the effect =
of moving testing "with security" up the priority list during interop =
testing.

Case in point: IPFIX. SCTP + DTLS is MTI; TCP and UDP transports (each =
with TLS/DTLS) are optional. The situation is much better now, but at =
the time when the Proposed Standard revision (RFC 5101) was first =
undergoing interop testing, doing a compliant open-source implementation =
pretty much meant trying to hack working DTLS over SCTP into OpenSSL or =
similar, or worse, rolling your own DTLS from scratch. So the interop =
testing ran through all the features "insecure", then treated security =
as an afterthought. At the first one I took part in, we only managed to =
interop TCP+TLS.

The temporary guidance we gave in this situation (RFC 5153): use SCTP on =
dedicated or otherwise-secured (e.g. IPsec tunnels) for new =
installations inside a trusted perimeter, use TCP+TLS for IPFIX on the =
open Internet until SCTP+DTLS works. Since NetFlow ran over UDP (very =
convenient especially for mostly-hardware implementations of exporters) =
and the NetFlow community is used to the myriad ways in which NetFlow =
over UDP can fail, we defined a UDP (and UDP+DTLS) binding for IPFIX as =
well.

Now, SCTP has its own problems on the open Internet, and we'll probably =
end up defining IPFIX over SCTP over UDP+DTLS as an alternate binding to =
get around the dodgy middleboxes; that's a separate issue. But I do =
think part of the problem is that we did not specify default-on for =
security. The result? Most IPFIX I know of runs unsecured on UDP on =
local network links which are presumed secure since they're inside the =
perimeter and don't touch the Big Scary Internet, because that's what =
you get when you take the box out of the box and plug it in.

Making mandatory default security work is difficult in current practice, =
in that it adds key management to the out-of-box experience, and there =
is very little if anything that is fun about key management. Moving =
toward opportunistic encryption here would be a significant improvement: =
it guarantees less than "doing it right", but much more than nothing, =
and in a lot of cases nothing is what we have.

Cheers,

Brian


--Apple-Mail=_E556D07E-5567-4E52-9D03-EE9A190A706D
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJSVPQ7AAoJENt3nsOmbNJcbFYH/RnULwxKx0VOirhBq/V8/f3y
Yyg0XIVCuM5/6NOugnJwfB9YzF7EfKdlvCsmTlo0ZQlU/rN0Tsrq3H01OxO6u7Uq
QHgSVU6R9ve5R/40WmvusmZOgAOHSnwLclQIWhmZJpskc5MjTNGakPYjlHEI9iss
PP14s/Qq0YBb0LwnzrWSEbmBCidHpOJlvR/4cG8rccluieOdOSBIjAdLAcBQbwW+
eqxSWldRwSWgyoCKa7LIAavhyWM0sUQ837Iz7xUMat/9lvaRQu8TPJYvrljervNT
HWcw5daltUWxMf0O8WkCcRTvM+I66pLrttm5Ow357cnuXGMI1P0k0Vykw2e3jvA=
=Sx2h
-----END PGP SIGNATURE-----

--Apple-Mail=_E556D07E-5567-4E52-9D03-EE9A190A706D--

From benl@google.com  Wed Oct  9 03:20:31 2013
Return-Path: <benl@google.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A87F521F9E00 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 03:20:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level: 
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tl0tzCl709GT for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 03:20:31 -0700 (PDT)
Received: from mail-vb0-x233.google.com (mail-vb0-x233.google.com [IPv6:2607:f8b0:400c:c02::233]) by ietfa.amsl.com (Postfix) with ESMTP id D273511E8162 for <perpass@ietf.org>; Wed,  9 Oct 2013 03:20:25 -0700 (PDT)
Received: by mail-vb0-f51.google.com with SMTP id x16so338886vbf.24 for <perpass@ietf.org>; Wed, 09 Oct 2013 03:20:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=uqljZkn1YZcoS/p3efxExvwA6uvzrsRWVygkGz/u2TA=; b=bx+cW6sPn+uDBiMi+POHqG/thELrKCQZ2HQ2WD1aGvPiL7CYGGIeCnINEECUdd7ctO 6DptFwd5f0A1VGCRvo8+SyScQpiiOKfUSouZfoCC2U+7xP7ovUDe58S2px4JApMNorkM vztJwyiedC+eNLSTUz/dtlaayZEP5de9OQrgmV6gmgsSGScD8h4emkUkiG5IeABwpeNu 4h16Ee9ratiAX4IeRpOOOH88C1E0EGUwgytN8V8tSzjmDzcdgaj2cxudTnuncg+Ill5R IM+f4cw13Nt5J0+8pZMShOnkGIgD36sCRqv4dlR6HZ0+5VBv75rMJa2sOmi832hzR3lR CfaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=uqljZkn1YZcoS/p3efxExvwA6uvzrsRWVygkGz/u2TA=; b=HCeO3C//2woytJEeUqtmwto7COVSHtW9tv4Wb3GZBIW0t1sFmGZ42xNPm5FoxrUrMv 6gMGvS3pA3dv3zwapKL8UN+nYd8ZrNroQ31HPBwQtLsp/Z8ndcBUvAtRLqkMGVI6MoSK K17q7jaaak2LpvjdualI3+yMkYc4PrBjPhWzGpFpzHiaXgNbrbOqP7a8J0KHENqCRtlZ Pj/KMZUQ8e2ocVyFpWSzNYqniGbPQ5lvhVX76Nd2xNOMfM+PN70U4ZfUNgVy7LYB01Xq 7k0MmfgnPHArcArGjs67vVQqsB90MzfdEXJK9zV/eXU+1Fa3YyyBnub6UQAoghIR8PbH ryfw==
X-Gm-Message-State: ALoCoQlggmo0R4Yfp0jA6vndykY/ZZjD/QZlYpSKdC8mmEd+8L99cYRupymk25cz+SoD6/UQyWJOCHhbjunK+RydrPCa4RTwmyYzjgy94vZOLmwmkoKE+dXG/JP9p1Y5o9PwVyjPawpztDJZ0MM4VuTWgHV/lecz2shvD0BQKOW77oc1lJz0tCI3hZCNgYUHLCma2gpxeHq2
MIME-Version: 1.0
X-Received: by 10.220.145.132 with SMTP id d4mr5045391vcv.9.1381314025293; Wed, 09 Oct 2013 03:20:25 -0700 (PDT)
Received: by 10.52.183.65 with HTTP; Wed, 9 Oct 2013 03:20:25 -0700 (PDT)
In-Reply-To: <525475AA.2010907@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie>
Date: Wed, 9 Oct 2013 11:20:25 +0100
Message-ID: <CABrd9SQaUYKbD6bGTnueJK0eUjN7NmuXgaD+R-MRZSf70zJN8A@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 10:20:31 -0000

On 8 October 2013 22:14, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>
>
> Hi,
>
> Steve's mail argues for the current IETF position that
> mandatory-to-implement (MTI) is the correct target IETF
> specifications.
>
> Some folks (me included to be honest) wonder if the current
> situation argues for raising the bar there somewhat on the
> basis that MTI security features are frequently turned off
> or not sufficiently well tested to be usable. (Pick your
> favourite example, mine are usually rfc4744 or Diameter
> being run in clear.) And an upshot from that is that that
> helps those who want to pervasively monitor everything.
>
>
> Others argue that that'd be the IETF straying into the
> space of policy - all we should do is define how to use
> strong security features and make sure the code is there so
> they can be turned on and the rest is policy.
>
> I'm sure there are loads more arguments, and I do think
> it'd be useful to see those discussed here.

How about a distinction in compliance? That is, you can say you comply
to RFC xyzw if you implement it, but to say you _securely_ comply, you
have to switch on the MTUFS (mandatory to use for security) and switch
off MTNUFS (mandatory to not use for security) features in the RFC.
Some RFCs could only have a secure compliance mode, of course.

That way, those who argue that the security is too expensive/not
needed for their use case can disable it, but then can't claim that
they're secure (regardless of the name of the RFC :-).

So, in TLS, for example, secure compliance might consist of TLS 1.2 +
AEAD modes only (note: really an example, not an actual proposal).

From kathleen.moriarty@emc.com  Wed Oct  9 06:28:58 2013
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6BF721E8089 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 06:28:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level: 
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_52=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OQPa4-nvUN6H for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 06:28:55 -0700 (PDT)
Received: from mailuogwdur.emc.com (mailuogwdur.emc.com [128.221.224.79]) by ietfa.amsl.com (Postfix) with ESMTP id EC2E621E808E for <perpass@ietf.org>; Wed,  9 Oct 2013 06:28:53 -0700 (PDT)
Received: from maildlpprd51.lss.emc.com (maildlpprd51.lss.emc.com [10.106.48.155]) by mailuogwprd51.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r99DSnCJ009865 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 9 Oct 2013 09:28:50 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com r99DSnCJ009865
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1381325330; bh=Qh5/I4qqVx6NgtKcY4KO1iYB8zI=; h=From:To:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=M0DbAvby4ZG3Z90YK5f2N/fF7umer5N0DqBRhMKDY60T9ySWCxFyC2GDt0Eu+Vd6W g2rekYkK/YQ681tjmcPLspEzA7flWZdM9Q74jRqzCVzj3oYbIW1uiwFiNwU01vTQ6N 0xDiwO21IBjrikf178m+ljr527OHScMU0HJW/zts=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com r99DSnCJ009865
Received: from mailusrhubprd02.lss.emc.com (mailusrhubprd02.lss.emc.com [10.253.24.20]) by maildlpprd51.lss.emc.com (RSA Interceptor); Wed, 9 Oct 2013 09:28:40 -0400
Received: from mxhub18.corp.emc.com (mxhub18.corp.emc.com [10.254.93.47]) by mailusrhubprd02.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r99DSex0026856 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 9 Oct 2013 09:28:40 -0400
Received: from mx15a.corp.emc.com ([169.254.1.46]) by mxhub18.corp.emc.com ([10.254.93.47]) with mapi; Wed, 9 Oct 2013 09:28:39 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "Peterson, Jon" <jon.peterson@neustar.biz>, perpass <perpass@ietf.org>
Date: Wed, 9 Oct 2013 09:28:38 -0400
Thread-Topic: [perpass] mandatory-to-implement vs. more?
Thread-Index: Ac7Ej7Q7rJJcaev+SNKEn2A0bGYcbQAYLAsQ
Message-ID: <F5063677821E3B4F81ACFB7905573F24049E8BC425@MX15A.corp.emc.com>
References: <525475AA.2010907@cs.tcd.ie> <CE79CB08.A63D4%jon.peterson@neustar.biz> <F5063677821E3B4F81ACFB7905573F24049E8BC3F7@MX15A.corp.emc.com> <5254B288.80504@cs.tcd.ie>
In-Reply-To: <5254B288.80504@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd02.lss.emc.com
X-EMM-GWVC: 1
X-RSA-Classifications: public
X-EMM-McAfeeVC: 1
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 13:28:59 -0000

Hi Stephen,

I'll respond in line to clarify my initial email.

Thanks,
Kathleen
-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]=20
Sent: Tuesday, October 08, 2013 9:34 PM
To: Moriarty, Kathleen; Peterson, Jon; perpass
Subject: Re: [perpass] mandatory-to-implement vs. more?



On 10/09/2013 02:00 AM, Moriarty, Kathleen wrote:
> +1
>=20
> I do run into cases where people are already confused on MTI and think=20
> it means MTU on IETF documents.

True, but a different discussion.

KM> Yes, but if these are more clearly defined, it could help with the prob=
lem you are trying to solve.  Non-IETF people (developers and those who use=
/setup protocols), from my experience, have trouble understanding what MTI =
means and the scope of it.  Having MTU defined and differentiated clearly c=
ould help this group and assist with the problem you are trying to solve.

> I've heard it used as a reason
> not to use a protocol (too complex for users to implement).=20

Users don't implement as I'd use those terms, so I'm not sure I get what yo=
u mean.

KM> By implement, I mean setup as opposed to develop code, which is where y=
ou mean implement.  Using a protocol may not be the same person as the one =
who set up a connection. =20

> In one
> case, mutual authentication on a peer-to-peer exchange of sensitive=20
> information was argued as too much and a non-IETF standard is getting=20
> some traction as a result (so is the IETF standard by those who=20
> actually evaluated).  I do think it is important to have key features=20
> as MTI, then making it very clear what is MTU and what is by policy=20
> may be fine.

Right, that's the status quo. AFAIK it leads to pretty much all Diameter ex=
changes being done in clear. Now that we have a new threat model, is that s=
till considered ok? I think that is really worth questioning. As Jon said -=
 WebRTC can do it, the initial SPDY proposals did it, so there's no reason =
why most protocols can't do similarly that I can see - what's different oth=
er than intent? I think there are interesting questions there to explore.

KM> In the case of MILE, there was a protocol written outside of the IETF c=
alled TAXII, that is very similar to RID.  Some of the initial reasons that=
 the developers of TAXII used to promote it over RID was that their protoco=
l didn't require mutual authentication, it also does not require TLS and ca=
n be sent in the clear if security is too much trouble to configure.  This =
explanation came my way by a few people.  RID also specifies the ability to=
 provide object level security (XML encryption and digital signatures), thi=
s was also seen as too much by the TAXII team even though RID has it as MTI=
, not MTU.  They are promoting the use of many options, which in addition t=
o security problems, will make interoperability difficult.  There is a lot =
more to this discussion, but I am limiting it to security features and the =
result - a protocol that did not have the benefit of IETF review and securi=
ty options is in use for some instead.  Some are using RID, but how this wi=
ll play out is still TBD as some prefer the security features and I think i=
t is necessary to have them in a protocol that transports sensitive data.  =
There are other protocols that may be better for some use cases, but that's=
 another discussion as well.

> Many of us will have to worry about customer requirements that will=20
> cover a broad range from different governments (these could evolve),=20
> those worried about monitoring, and those that don't set forth any=20
> requirements.

That's a little ambiguous: I'm not sure if you're saying you have customers=
 who are concerned that pervasive monitoring might be happening, or custome=
rs who are governemtns that worry that they can't monitor enough;-)

KM> Both - some governments do not want to sue protocols they suspect could=
 be subject to monitoring.  Then we still have to worry about FIPS complian=
ce requirements for the US government.  For the last group who are in the d=
ark, it would be nice to have them using secure protocols without them havi=
ng to know about it.

But either way, the new reality seems to be that we have a demonstration th=
at a set of governments want to pervasively monitor everything. And I'm sur=
e there're others also trying that. And now there'll be a whole new set try=
ing to join that club. So even the governments that want to monitor everyon=
e else will I think soon realise that they're better off it they themselves=
/their citizens are less easy to monitor.

I'm very simple: this is an attack on the network. If we treat it that way,=
 and do that well, we might all win.

KM> The current reality for vendors is that we have to have options.  There=
 might be a monitoring prevention set of options or a profile and a profile=
 to meet specific requirements for regulations (industry or government).  I=
n an ideal world, we could just prevent monitoring everywhere (to the best =
of our knowledge)

S.


>=20
> Thanks, Kathleen
>=20
> -----Original Message----- From: perpass-bounces@ietf.org=20
> [mailto:perpass-bounces@ietf.org] On Behalf Of Peterson, Jon Sent:
> Tuesday, October 08, 2013 6:24 PM To: Stephen Farrell; perpass
> Subject: Re: [perpass] mandatory-to-implement vs. more?
>=20
>=20
> Moving the bar from MTI to mandatory-to-use (can we overload the=20
> acronym MTU?) goes beyond just questions of policy, and into the=20
> questions of how we build consensus and what the shapes the output of=20
> our engineering process.
>=20
> Just to take an example I've followed a bit, SIP is relatively=20
> successful IETF protocol. It has some notable security issues. We=20
> could have designed SIP in a way that reduced the ability of middlemen=20
> to work themselves into the path of SIP messages, and thus reduced the=20
> potential for eavesdropping on the sessions that SIP creates - and its=20
> usefulness as a tool of surveillance.
>=20
> Had we made some of those design decisions, however, it's unclear to=20
> me that SIP would have been such a successful protocol. But we=20
> wouldn't have made those decisions anyway, because the relevant=20
> documents would never have garnered consensus in the working groups.
> Our consensus process reflects the aggregate of the requirements of=20
> our participants, which come from many sources: employers, or=20
> regulators, or academic interests, or personal consciences.
>=20
> If we had designed SIP to be a protocol that didn't meet those=20
> requirements, of course it wouldn't see much deployment. Extensions to=20
> SIP that have leaned in this direction have had little impact on the=20
> protocol's use. That is the purpose of a consensus process, to reflect=20
> the likely implementation and deployment community. Like it or not,=20
> the participants in our consensus process want protocols like SIP to=20
> be modifiable by intermediaries for numerous reasons - and once we=20
> open that door, we have to understand it will be open for all comers.
>=20
> We could change our process so that it overrides consensus on some of=20
> these crucial points. I think it would be safe to say that we already=20
> do so, in a limited way, as a results of various forms of cross-area=20
> review. As popular protocol go through our process, we levy=20
> requirements that are winked at by document authors and ignored by=20
> implementers. There are however lines here we could cross that would=20
> result in nothing but the severing of IETF work from the reality of=20
> deployment. That would not serve our mission of making the Internet=20
> better.
>=20
> We undoubtedly need to make changes to reflect our new understanding=20
> of the threats facing the Internet. I think this needs to come from=20
> the bottom up, though, not from the top down. I am heartened that our=20
> consensus process has elevated core security mechanisms to=20
> mandatory-to-use level for some recent work, like in RTCWeb. We need=20
> to shed the brightest light we can on these issues, educate the=20
> community about the new risks and the practical countermeasures, and=20
> then execute our consensus process as we always have. In some cases,=20
> mandatory-to-use will be the right choice. In others, it won't.
>=20
> Jon Peterson Neustar, Inc.
>=20
> On 10/8/13 2:14 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
> wrote:
>=20
>>=20
>> Hi,
>>=20
>> Steve's mail argues for the current IETF position that=20
>> mandatory-to-implement (MTI) is the correct target IETF=20
>> specifications.
>>=20
>> Some folks (me included to be honest) wonder if the current situation=20
>> argues for raising the bar there somewhat on the basis that MTI=20
>> security features are frequently turned off or not sufficiently well=20
>> tested to be usable. (Pick your favourite example, mine are usually=20
>> rfc4744 or Diameter being run in clear.) And an upshot from that is=20
>> that that helps those who want to pervasively monitor everything.
>>=20
>> Others argue that that'd be the IETF straying into the space of=20
>> policy - all we should do is define how to use strong security=20
>> features and make sure the code is there so they can be turned on and=20
>> the rest is policy.
>>=20
>> I'm sure there are loads more arguments, and I do think it'd be=20
>> useful to see those discussed here.
>>=20
>> Thanks, Stephen.
>>=20
>> PS: Our -00 privacy BCP doesn't go beyond MTI for now, but were there=20
>> consensus for that, I think it'd be good if we could go further.
>>=20
>>=20
>> _______________________________________________ perpass mailing list=20
>> perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
>=20
> _______________________________________________ perpass mailing list=20
> perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
>=20
> _______________________________________________ perpass mailing list=20
> perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
>=20
>=20


From kent@bbn.com  Wed Oct  9 08:56:21 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF8B411E81B0 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 08:56:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.093
X-Spam-Level: 
X-Spam-Status: No, score=-106.093 tagged_above=-999 required=5 tests=[AWL=0.506, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k1ZP0LTIhR0Z for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 08:56:09 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 1A46211E81CC for <perpass@ietf.org>; Wed,  9 Oct 2013 08:55:15 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:49796) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VTw6P-000AIL-Nj; Wed, 09 Oct 2013 11:55:09 -0400
Message-ID: <52557C5D.8050408@bbn.com>
Date: Wed, 09 Oct 2013 11:55:09 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Ben Laurie <benl@google.com>
References: <525475AA.2010907@cs.tcd.ie> <CABrd9SQaUYKbD6bGTnueJK0eUjN7NmuXgaD+R-MRZSf70zJN8A@mail.gmail.com>
In-Reply-To: <CABrd9SQaUYKbD6bGTnueJK0eUjN7NmuXgaD+R-MRZSf70zJN8A@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 15:56:21 -0000

Ben,

> O...
> How about a distinction in compliance? That is, you can say you comply
> to RFC xyzw if you implement it, but to say you _securely_ comply, you
> have to switch on the MTUFS (mandatory to use for security) and switch
> off MTNUFS (mandatory to not use for security) features in the RFC.
> Some RFCs could only have a secure compliance mode, of course.
>
> That way, those who argue that the security is too expensive/not
> needed for their use case can disable it, but then can't claim that
> they're secure (regardless of the name of the RFC :-).
>
> So, in TLS, for example, secure compliance might consist of TLS 1.2 +
> AEAD modes only (note: really an example, not an actual proposal).
That's a novel suggestion, a clever way to try to thread the needle!
But, for many, many years we've had trouble getting the broader community to
recognize than not all RFCs are standards. I doubt that the distinction
you suggest would be better understood.

Steve

From benl@google.com  Wed Oct  9 09:47:24 2013
Return-Path: <benl@google.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0527D11E81A0 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 09:47:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level: 
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7OmsXoEpJ8M7 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 09:47:23 -0700 (PDT)
Received: from mail-vb0-x22f.google.com (mail-vb0-x22f.google.com [IPv6:2607:f8b0:400c:c02::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 7739C21F9C8B for <perpass@ietf.org>; Wed,  9 Oct 2013 09:47:23 -0700 (PDT)
Received: by mail-vb0-f47.google.com with SMTP id h10so705954vbh.34 for <perpass@ietf.org>; Wed, 09 Oct 2013 09:47:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=dNGUrLiE0pxpr6Kr6WRN0gOY85kWv6EYIzPEuX5IpVI=; b=hcFe6+GOrNaIMY+bcqo3ehdxIpkt/rec0A4ApVLNpsKrWv5u7nvCErUv+1KD8mPx6J y9RAxQl/ktnszVgCkrz/KRxRw4gWlDtBZz21DI7uG1yPP/3gpB9wckQx6enEYmZgudb/ bXg8MqhzP+hGUXejX0TDqt+hNr5QDOm7mLBrcSoV7+c7hqXGunZYhvQK8DLAuz3nOAIB wlBhkBed9sKp9dKqMYMJN5LW0C5jVNHfpESWG+frFuo4INOuSN1mrzJWb9Dem7N/gBEp 44JfhcjhcW/bvwBVTlaIaDle6fqKDZtFbfX9bgAU73bPS6Vy/znT52D1uNc+SLQ51Tqz RGoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=dNGUrLiE0pxpr6Kr6WRN0gOY85kWv6EYIzPEuX5IpVI=; b=kFY8j9uQYhgBoSfPDb5+fZe5GktI0RzzTvfV39DPisifOA8eOxIX4U9UbUmtBWIucE TgWXLDwUQxgnyArRRpsCEwo0JR+YR+NGFDJIHFYfXG8UoiZ5EzwJq9Yj/OZIcZKUNI5L qxX6Z4Jn1ICtlohcrcN3/mwhn5TKcjP3y1f8ZuXub2D2K0vY0/Vo58x6a1ooxPJOUToi II4oEu/SuDjgNfvHgvo468BDdkGlRBio212B9Hf43nq2/hLI5ObwksvcXXQ4MClygBas BT8IWi9xbUdLRjGRw32ePCVAmE+6ZPvf9wl66ZSrhTGzTbOKma5CzjRxSmU4CDjRrDb/ 8vrA==
X-Gm-Message-State: ALoCoQm8J2tHgd/xT9uJPPYwGw7knULY+09rFJFBn3JqAshphsCzJ+JU02hoZ2Nkoplv4g7u94jqn2XL8zTG6V6Ogzpsh4LLscB0simOtr4Z1k6G56ILXL8zpb0nWWE7sg55ffh8y/TPT2w1pqbsA/ja3pOeWhZltiE2Nd6ddpCkoKzgK/ixgOnSdzU+zd5hWsDlNZiFXNRF
MIME-Version: 1.0
X-Received: by 10.221.37.9 with SMTP id tc9mr934378vcb.39.1381337242625; Wed, 09 Oct 2013 09:47:22 -0700 (PDT)
Received: by 10.52.183.65 with HTTP; Wed, 9 Oct 2013 09:47:22 -0700 (PDT)
In-Reply-To: <52557C5D.8050408@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <CABrd9SQaUYKbD6bGTnueJK0eUjN7NmuXgaD+R-MRZSf70zJN8A@mail.gmail.com> <52557C5D.8050408@bbn.com>
Date: Wed, 9 Oct 2013 17:47:22 +0100
Message-ID: <CABrd9ST4d44_Qw=kPPiZ8C7OztTkq9Y+NKxdmXOp+QzEvhH9ng@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 16:47:24 -0000

On 9 October 2013 16:55, Stephen Kent <kent@bbn.com> wrote:
> Ben,
>
>> O...
>>
>> How about a distinction in compliance? That is, you can say you comply
>> to RFC xyzw if you implement it, but to say you _securely_ comply, you
>> have to switch on the MTUFS (mandatory to use for security) and switch
>> off MTNUFS (mandatory to not use for security) features in the RFC.
>> Some RFCs could only have a secure compliance mode, of course.
>>
>> That way, those who argue that the security is too expensive/not
>> needed for their use case can disable it, but then can't claim that
>> they're secure (regardless of the name of the RFC :-).
>>
>> So, in TLS, for example, secure compliance might consist of TLS 1.2 +
>> AEAD modes only (note: really an example, not an actual proposal).
>
> That's a novel suggestion, a clever way to try to thread the needle!
> But, for many, many years we've had trouble getting the broader community to
> recognize than not all RFCs are standards. I doubt that the distinction
> you suggest would be better understood.

It's all about incentives. Why would anyone care right now whether an
RFC is a standard or not? No-one beats them up for complying with
non-standards. Or even failing to comply with standards.

If we are proposing to move into a world where we incentivise people
to care, then we need to actually call out people who fail to follow
the standards - and, as well, who fail to follow the secure standards.

Just as now it is at least reasonably well understood by vendors that
TLS is desirable, because it gets pointed out if it isn't used, we
need to do the same for other secure standards.

Note that TLS for SMTP does not enjoy the same level of security as
TLS for HTTP. Why? I claim it is because it is completely invisible to
users, so there's no incentives for vendors to get it right.

We need to make these things visible (and I don't mean "show a
padlock", btw, I mean the kind of visibility we propose for
Certificate Transparency, namely, if it doesn't work right, you don't
connect).

From kent@bbn.com  Wed Oct  9 10:22:37 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F71821E811A for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 10:22:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.177
X-Spam-Level: 
X-Spam-Status: No, score=-106.177 tagged_above=-999 required=5 tests=[AWL=0.421, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24S0eWf2SjP8 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 10:22:29 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 16F6621F9E77 for <perpass@ietf.org>; Wed,  9 Oct 2013 10:22:27 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:49924) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VTxSm-000B9J-H8; Wed, 09 Oct 2013 13:22:20 -0400
Message-ID: <525590CC.4030505@bbn.com>
Date: Wed, 09 Oct 2013 13:22:20 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie>
In-Reply-To: <525475AA.2010907@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="------------050609070404060902060408"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 17:22:37 -0000

This is a multi-part message in MIME format.
--------------050609070404060902060408
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Stephen,

Thanks for creating a new thread to discuss this topic. It's a good 
starting point for

an important discussion.


I think MTU (vs. MTI) is a very hard argument to make, for several reasons,
some of which I noted in my response to Dean.

Internet protocols are used in a very, very wide range of contexts, 
e.g., enterprises of various sorts, the IoT, and public environments. In 
principle one ought to make decisions about what security measures to 
deploy and enable based on a perception of threat. Threats differ in 
different contexts. Our current, MTI-based approach to security enables 
responsible parties in each environment to make decisions about what 
security to offer based on perceived threats and tradeoffs, e.g., 
performance, processing overhead, user experience, etc.

I admit that, in my experience, very few parties appear to make such 
decisions in a well thought-out fashion, but they could. Suggesting that 
we can make such decisions for the folks who are ultimately responsible 
for the operation of services in a wide range of contexts strikes me 
hubristic.

We've already made concessions for the Smart Grid context in the case of 
IPsec as MTI for IPv6. To me this suggests that we were persuaded that 
even MTI can be a barrier to adoption and deployment in some contexts. 
Pursuing a single set of MTUstandards for a wide range of contexts seems 
doomed to failure. Generating MTU RFCs for various contexts might be an 
alternative. That would imply MTI protocol standards, augmented with 
BCPs. Is that what you envision?


Evaluating tradeoffs of security and privacy vs. other factors is hard 
when one deals with a wide range of contexts. For example, end user 
devices range from big servers to laptops, to tablets, to smart phones. 
Battery use if a big issue for some of these devices, as is bandwidth. 
Some of the more extreme TFS mechanisms discussed would have adverse 
implications for both. That's an example of why MTU, at the protocol 
spec levelk,
strikes me as a bad idea.

There are a lot of middleboxes in the Internet. I am no fan of them; I'm 
a true believer in the e-t-e model for everything, not just security. 
But middleboxes are a fact of life and they exist because the folks who 
purchase equipment and offer services have found them to be operational 
necessities. Middleboxes provide ways to deal with backward 
compatibility and migration issues, broken implementations from vendors, 
security services for enterprises, network traffic engineering, etc. If 
we argue that security against widespread nation-state surveillance is 
more important than all of these other considerations, I think we risk 
having the IETF be described as out of touch with reality.

Steve



--------------050609070404060902060408
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=us-ascii"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <meta name="Title" content="">
    <p class="MsoNormal"><span
        style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;">Stephen,<br>
        <br>
        Thanks for creating a new thread to discuss this topic. It's a
        good starting point for <br>
      </span></p>
    <p class="MsoNormal"><span
        style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;">an important discussion.</span></p>
    <p class="MsoNormal"><span
        style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;"><br>
        I think MTU (vs. MTI) is a very hard argument to make, for
        several reasons, <br>
        some
        of which I noted in my response to Dean.<br
          style="mso-special-character:line-break">
        <!--[if !supportLineBreakNewLine]--><br
          style="mso-special-character:line-break">
        <!--[endif]--><o:p></o:p></span></p>
    <p class="MsoNormal"><span
        style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;">Internet protocols
        are used in a very, very wide range of contexts, e.g.,
        enterprises of various sorts,
        the IoT, and public environments. In principle one ought to make
        decisions
        about what security measures to deploy and enable based on a
        perception of
        threat. Threats differ in different contexts. Our current,
        MTI-based approach
        to security enables responsible parties in each environment to
        make decisions
        about what security to offer based on perceived threats and
        tradeoffs, e.g., performance,
        processing overhead, user experience, etc. <o:p></o:p></span></p>
    <p class="MsoNormal"><span
        style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;"><o:p>&nbsp;</o:p></span></p>
    <p class="MsoNormal"><span
        style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;">I admit that, in my
        experience, very few parties appear to make such decisions in a
        well
        thought-out fashion, but they could. Suggesting that we can make
        such decisions
        for the folks who are ultimately responsible for the operation
        of services in a
        wide range of contexts strikes me hubristic.<o:p></o:p></span></p>
    <p class="MsoNormal"><span
        style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;"><o:p>&nbsp;</o:p></span></p>
    <p class="MsoNormal"><span
        style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;">We&#8217;ve already made
        concessions for the Smart Grid context in the case of IPsec as
        MTI for IPv6. To
        me this suggests that we were persuaded that even MTI can be a
        barrier to
        adoption and deployment in some contexts. Pursuing a single set
        of MTU<span style="mso-spacerun:yes">&nbsp; </span>standards for a
        wide range of contexts seems doomed to failure. Generating MTU
        RFCs for various contexts might be an alternative. That would
        imply MTI protocol standards, augmented with
        BCPs. Is that what you envision?<o:p></o:p></span></p>
    <p class="MsoNormal"><span
        style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;"><br>
        Evaluating tradeoffs of security and privacy vs. other factors
        is hard when one
        deals with a wide range of contexts. For example, end user
        devices range from
        big servers to laptops, to tablets, to smart phones. Battery use
        if a big issue
        for some of these devices, as is bandwidth. Some of the more
        extreme TFS
        mechanisms discussed would have adverse implications for both.
        That's an example of why MTU, at the protocol spec levelk,<br>
        strikes me as a bad idea.<o:p></o:p></span></p>
    <p class="MsoNormal"><span
        style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;"><o:p>&nbsp;</o:p></span></p>
    <p class="MsoNormal"><span
        style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;">There are a lot of
        middleboxes in the Internet. I am no fan of them; I&#8217;m a true
        believer in the e-t-e
        model for everything, not just security. But middleboxes are a
        fact of life and
        they exist because the folks who purchase equipment and offer
        services have
        found them to be operational necessities. Middleboxes provide
        ways to deal with
        backward compatibility and migration issues, broken
        implementations from vendors,
        security services for enterprises, network traffic engineering,
        etc. If we
        argue that security against widespread nation-state surveillance
        is more
        important than all of these other considerations, I think we
        risk having the
        IETF be described as out of touch with reality.<br>
        <br>
      </span></p>
    <p class="MsoNormal"><span
        style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;">Steve<br>
      </span></p>
    <p class="MsoNormal"><br>
      <span style="font-family:Courier;mso-fareast-font-family:
        &quot;Times New Roman&quot;;mso-bidi-font-family:&quot;Times New
        Roman&quot;"></span><span style="font-family:
        Courier"><o:p></o:p></span></p>
    <meta name="Keywords" content="">
    <meta http-equiv="Content-Type" content="text/html;
      charset=us-ascii">
    <meta name="ProgId" content="Word.Document">
    <meta name="Generator" content="Microsoft Word 14">
    <meta name="Originator" content="Microsoft Word 14">
    <link rel="File-List"
href="file://localhost/Users/stk/Library/Caches/TemporaryItems/msoclip/0clip_filelist.xml">
    <!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Revision>0</o:Revision>
  <o:TotalTime>0</o:TotalTime>
  <o:Pages>1</o:Pages>
  <o:Words>383</o:Words>
  <o:Characters>2189</o:Characters>
  <o:Company>BBN Technologies</o:Company>
  <o:Lines>18</o:Lines>
  <o:Paragraphs>5</o:Paragraphs>
  <o:CharactersWithSpaces>2567</o:CharactersWithSpaces>
  <o:Version>14.0</o:Version>
 </o:DocumentProperties>
 <o:OfficeDocumentSettings>
  <o:AllowPNG/>
 </o:OfficeDocumentSettings>
</xml><![endif]-->
    <link rel="themeData"
href="file://localhost/Users/stk/Library/Caches/TemporaryItems/msoclip/0clip_themedata.xml">
    <!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:View>Normal</w:View>
  <w:Zoom>0</w:Zoom>
  <w:TrackMoves/>
  <w:TrackFormatting/>
  <w:PunctuationKerning/>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:DoNotPromoteQF/>
  <w:LidThemeOther>EN-US</w:LidThemeOther>
  <w:LidThemeAsian>JA</w:LidThemeAsian>
  <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
   <w:DontGrowAutofit/>
   <w:SplitPgBreakAndParaMark/>
   <w:EnableOpenTypeKerning/>
   <w:DontFlipMirrorIndents/>
   <w:OverrideTableStyleHps/>
   <w:UseFELayout/>
  </w:Compatibility>
  <m:mathPr>
   <m:mathFont m:val="Cambria Math"/>
   <m:brkBin m:val="before"/>
   <m:brkBinSub m:val="&#45;-"/>
   <m:smallFrac m:val="off"/>
   <m:dispDef/>
   <m:lMargin m:val="0"/>
   <m:rMargin m:val="0"/>
   <m:defJc m:val="centerGroup"/>
   <m:wrapIndent m:val="1440"/>
   <m:intLim m:val="subSup"/>
   <m:naryLim m:val="undOvr"/>
  </m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
  DefSemiHidden="true" DefQFormat="false" DefPriority="99"
  LatentStyleCount="276">
  <w:LsdException Locked="false" Priority="0" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
  <w:LsdException Locked="false" Priority="9" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
  <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 1"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 2"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 3"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 4"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 5"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 6"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 7"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 8"/>
  <w:LsdException Locked="false" Priority="39" Name="toc 9"/>
  <w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
  <w:LsdException Locked="false" Priority="10" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Title"/>
  <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
  <w:LsdException Locked="false" Priority="11" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
  <w:LsdException Locked="false" Priority="22" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
  <w:LsdException Locked="false" Priority="20" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
  <w:LsdException Locked="false" Priority="59" SemiHidden="false"
   UnhideWhenUsed="false" Name="Table Grid"/>
  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
  <w:LsdException Locked="false" Priority="1" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 1"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
  <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
  <w:LsdException Locked="false" Priority="34" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
  <w:LsdException Locked="false" Priority="29" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
  <w:LsdException Locked="false" Priority="30" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 1"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 2"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 2"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 3"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 3"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 4"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 4"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 5"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 5"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
  <w:LsdException Locked="false" Priority="60" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
  <w:LsdException Locked="false" Priority="61" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light List Accent 6"/>
  <w:LsdException Locked="false" Priority="62" SemiHidden="false"
   UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
  <w:LsdException Locked="false" Priority="63" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
  <w:LsdException Locked="false" Priority="64" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
  <w:LsdException Locked="false" Priority="65" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
  <w:LsdException Locked="false" Priority="66" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
  <w:LsdException Locked="false" Priority="67" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
  <w:LsdException Locked="false" Priority="68" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
  <w:LsdException Locked="false" Priority="69" SemiHidden="false"
   UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
  <w:LsdException Locked="false" Priority="70" SemiHidden="false"
   UnhideWhenUsed="false" Name="Dark List Accent 6"/>
  <w:LsdException Locked="false" Priority="71" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
  <w:LsdException Locked="false" Priority="72" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
  <w:LsdException Locked="false" Priority="73" SemiHidden="false"
   UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
  <w:LsdException Locked="false" Priority="19" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
  <w:LsdException Locked="false" Priority="21" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
  <w:LsdException Locked="false" Priority="31" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
  <w:LsdException Locked="false" Priority="32" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
  <w:LsdException Locked="false" Priority="33" SemiHidden="false"
   UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
  <w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
  <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
 </w:LatentStyles>
</xml><![endif]-->
    <style>
<!--
 /* Font Definitions */
@font-face
	{font-family:"&#65325;&#65331; &#26126;&#26397;";
	mso-font-charset:78;
	mso-generic-font-family:auto;
	mso-font-pitch:variable;
	mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
	{font-family:"&#65325;&#65331; &#26126;&#26397;";
	mso-font-charset:78;
	mso-generic-font-family:auto;
	mso-font-pitch:variable;
	mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
	{font-family:Cambria;
	panose-1:2 4 5 3 5 4 6 3 2 4;
	mso-font-charset:0;
	mso-generic-font-family:auto;
	mso-font-pitch:variable;
	mso-font-signature:-536870145 1073743103 0 0 415 0;}
 /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-unhide:no;
	mso-style-qformat:yes;
	mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	mso-bidi-font-size:10.0pt;
	font-family:Cambria;
	mso-ascii-font-family:Cambria;
	mso-ascii-theme-font:minor-latin;
	mso-fareast-font-family:"&#65325;&#65331; &#26126;&#26397;";
	mso-fareast-theme-font:minor-fareast;
	mso-hansi-font-family:Cambria;
	mso-hansi-theme-font:minor-latin;
	mso-bidi-font-family:"Times New Roman";
	mso-bidi-theme-font:minor-bidi;
	mso-fareast-language:JA;}
.MsoChpDefault
	{mso-style-type:export-only;
	mso-default-props:yes;
	font-size:10.0pt;
	mso-ansi-font-size:10.0pt;
	mso-bidi-font-size:10.0pt;
	font-family:Cambria;
	mso-ascii-font-family:Cambria;
	mso-ascii-theme-font:minor-latin;
	mso-fareast-font-family:"&#65325;&#65331; &#26126;&#26397;";
	mso-fareast-theme-font:minor-fareast;
	mso-hansi-font-family:Cambria;
	mso-hansi-theme-font:minor-latin;
	mso-bidi-font-family:"Times New Roman";
	mso-bidi-theme-font:minor-bidi;
	mso-fareast-language:JA;}
@page WordSection1
	{size:8.5in 792.7pt;
	margin:1.0in 1.0in 1.0in 1.0in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.WordSection1
	{page:WordSection1;}
-->
</style><!--[if gte mso 10]>
<style>
 /* Style Definitions */
table.MsoNormalTable
	{mso-style-name:"Table Normal";
	mso-tstyle-rowband-size:0;
	mso-tstyle-colband-size:0;
	mso-style-noshow:yes;
	mso-style-priority:99;
	mso-style-parent:"";
	mso-padding-alt:0in 5.4pt 0in 5.4pt;
	mso-para-margin:0in;
	mso-para-margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.0pt;
	font-family:Cambria;
	mso-ascii-font-family:Cambria;
	mso-ascii-theme-font:minor-latin;
	mso-hansi-font-family:Cambria;
	mso-hansi-theme-font:minor-latin;
	mso-fareast-language:JA;}
</style>
<![endif]--><!--StartFragment--><!--EndFragment-->
  </body>
</html>

--------------050609070404060902060408--

From kent@bbn.com  Wed Oct  9 10:33:36 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A14C521E815E for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 10:33:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.237
X-Spam-Level: 
X-Spam-Status: No, score=-106.237 tagged_above=-999 required=5 tests=[AWL=0.362, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ouHJHC4qhr6i for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 10:33:30 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 7BFA221E8161 for <perpass@ietf.org>; Wed,  9 Oct 2013 10:33:30 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:49926) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VTxdZ-000Arx-LW; Wed, 09 Oct 2013 13:33:29 -0400
Message-ID: <52559369.5050908@bbn.com>
Date: Wed, 09 Oct 2013 13:33:29 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Ben Laurie <benl@google.com>
References: <525475AA.2010907@cs.tcd.ie> <CABrd9SQaUYKbD6bGTnueJK0eUjN7NmuXgaD+R-MRZSf70zJN8A@mail.gmail.com> <52557C5D.8050408@bbn.com> <CABrd9ST4d44_Qw=kPPiZ8C7OztTkq9Y+NKxdmXOp+QzEvhH9ng@mail.gmail.com>
In-Reply-To: <CABrd9ST4d44_Qw=kPPiZ8C7OztTkq9Y+NKxdmXOp+QzEvhH9ng@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 17:33:36 -0000

Ben,
...
> It's all about incentives. Why would anyone care right now whether an
> RFC is a standard or not? No-one beats them up for complying with
> non-standards. Or even failing to comply with standards.
That does not seem to be uniformly true. Some folks who purchase
equipment have been know to require prospective bidders to
assert that the products being proposed comply with selected RFCs.
> If we are proposing to move into a world where we incentivise people
> to care, then we need to actually call out people who fail to follow
> the standards - and, as well, who fail to follow the secure standards.
I think we gave up on  the notion of the IETF packet police a long time
ago, when Jeff Schiller was Sec AD. :-)
> Just as now it is at least reasonably well understood by vendors that
> TLS is desirable, because it gets pointed out if it isn't used, we
> need to do the same for other secure standards.
TLS has been very successful in terms of widespread deployment, and
a lot of web sites mandate its use. But, it is also an example of
a good technology that has often been misunderstood. If I am at home,
making a credit-card purchase, TLS provides me with protection against
the wrong threat. My CC number is at much greater risk of being stolen
once it has arrived (securely) at the server, vs. when it was in transit.
(If I were using WiFi in Starbucks the threat mode would be different.)
The real benefit to me, as a client, is the nominal authentication of 
the web
site offered by use of the underlying PKI. Of course, the browser PKI model
is not so great, but it's better than nothing.
> Note that TLS for SMTP does not enjoy the same level of security as
> TLS for HTTP. Why? I claim it is because it is completely invisible to
> users, so there's no incentives for vendors to get it right.
My example above suggests another possible reason; I don't perceive
a serious threat against inter-SMTP server hops for the vast majority of 
my e-mail.
> We need to make these things visible (and I don't mean "show a
> padlock", btw, I mean the kind of visibility we propose for
> Certificate Transparency, namely, if it doesn't work right, you don't
> connect).
Ben, please stop pushing CT as the solution for everything; it's become
more than tiresome.

Steve

From benl@google.com  Wed Oct  9 10:51:55 2013
Return-Path: <benl@google.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EA0621F9A96 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 10:51:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level: 
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P+tRy8uvizq2 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 10:51:55 -0700 (PDT)
Received: from mail-vc0-x233.google.com (mail-vc0-x233.google.com [IPv6:2607:f8b0:400c:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id BA33821F9D62 for <perpass@ietf.org>; Wed,  9 Oct 2013 10:51:54 -0700 (PDT)
Received: by mail-vc0-f179.google.com with SMTP id ht10so803492vcb.10 for <perpass@ietf.org>; Wed, 09 Oct 2013 10:51:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=cDb89QqB226DnZKKO65ynUjjeMmaG2FAc698+Fm6VV8=; b=D9kw1+9DmQ5OfJ8wPtheFFMC5R0vfU4dd6eAewyEm8LvmouMXRKTVrNvdtrjElxIRp 9WoF4blhtb5MZYHA7aRDVr9bMT0q9fsQrtXxuWIspiItemUA8zAwL7lLQa4bbNWhoksk LejJPg8yGNbaw2WDsvHY9CU0ifUxIMp/Nz7qqx3qFRd1j3WimQS9TUHygDUGFRy0bV2q lzWgvASpIHiCL7LM9hGiI/SS0gqkBUypl0d5SNVmPB2KiOfbKkGDwQcivbIj6vO+f7Ti qg3irrIlD9SVGPpsV+Pjm+zr9iZrGP8otSuvHl//DdzauJJA3bZtyU3+gB2SX2Ual6E7 GjWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=cDb89QqB226DnZKKO65ynUjjeMmaG2FAc698+Fm6VV8=; b=Qac/MZZJ3kMhXoiRcm8RqBZLqtBrv3Mm5NPG3GuNpDE/rG8KZ6EfinTeNCXcTeTAhW sheyouljwQCTM9zYzr7hf9bQKChT2Sr+jK3LC6h5Kgw38iUfxYNofSeIsJDlxvfoh9Ye sLLZzV3nYVxkEIG6720qL8XBk+wBBR9vN7W0WGalcwNpkuE3a7O8BgzYCWV4E4vGKabU 5ySxMtbi/7AZO42Sd+tQyXRvMoR8TWeG4t+GzXW8DQrtmb/kXsbuLIKsMl9PvwW6GQP/ BuwJRk4OwgUQpjbWUipUfa7NGpOVtZ4zlAV6CmVm8ig57XPanrvxMNUNaUnjPvOl37mN bZZw==
X-Gm-Message-State: ALoCoQlb4ek2Ud5KC0qV2GfAbsAw6ZrB8+0CZF7GsQNB81YjhWGyXA6sK9fhNOteHY6pAfMdDrRHwz/EfBssfNKyNwcDe2I+BQ46o2jBYXjUVH7kI/ZUwrjowP/o6XB7NC1xF77e6Ocpehl1QThc0kweMepKv2Ar9cytuzFp/x0ZKK9UAmtb7APOCkH8Wg5wdlMtkTsV2CQT
MIME-Version: 1.0
X-Received: by 10.52.32.37 with SMTP id f5mr5407245vdi.17.1381341112045; Wed, 09 Oct 2013 10:51:52 -0700 (PDT)
Received: by 10.52.183.65 with HTTP; Wed, 9 Oct 2013 10:51:51 -0700 (PDT)
In-Reply-To: <52559369.5050908@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <CABrd9SQaUYKbD6bGTnueJK0eUjN7NmuXgaD+R-MRZSf70zJN8A@mail.gmail.com> <52557C5D.8050408@bbn.com> <CABrd9ST4d44_Qw=kPPiZ8C7OztTkq9Y+NKxdmXOp+QzEvhH9ng@mail.gmail.com> <52559369.5050908@bbn.com>
Date: Wed, 9 Oct 2013 18:51:51 +0100
Message-ID: <CABrd9SRb-nfUw4=jxm9dTm+pREwWY5JXSocm1ZRmoL-8yUggWw@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 17:51:55 -0000

On 9 October 2013 18:33, Stephen Kent <kent@bbn.com> wrote:
>> We need to make these things visible (and I don't mean "show a
>> padlock", btw, I mean the kind of visibility we propose for
>> Certificate Transparency, namely, if it doesn't work right, you don't
>> connect).
>
> Ben, please stop pushing CT as the solution for everything; it's become
> more than tiresome.

I was not pushing CT in any way! I was pushing for visibility that is
not a padlock, since we know that doesn't work.

From kent@bbn.com  Wed Oct  9 11:01:09 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2985711E80EC for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 11:01:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.282
X-Spam-Level: 
X-Spam-Status: No, score=-106.282 tagged_above=-999 required=5 tests=[AWL=0.317, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZeTHthab6M8m for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 11:01:03 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id C983521E8175 for <perpass@ietf.org>; Wed,  9 Oct 2013 11:00:21 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:50518) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VTy3X-000BZ9-K1; Wed, 09 Oct 2013 14:00:19 -0400
Message-ID: <525599B3.3040106@bbn.com>
Date: Wed, 09 Oct 2013 14:00:19 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Ben Laurie <benl@google.com>
References: <525475AA.2010907@cs.tcd.ie> <CABrd9SQaUYKbD6bGTnueJK0eUjN7NmuXgaD+R-MRZSf70zJN8A@mail.gmail.com> <52557C5D.8050408@bbn.com> <CABrd9ST4d44_Qw=kPPiZ8C7OztTkq9Y+NKxdmXOp+QzEvhH9ng@mail.gmail.com> <52559369.5050908@bbn.com> <CABrd9SRb-nfUw4=jxm9dTm+pREwWY5JXSocm1ZRmoL-8yUggWw@mail.gmail.com>
In-Reply-To: <CABrd9SRb-nfUw4=jxm9dTm+pREwWY5JXSocm1ZRmoL-8yUggWw@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 18:01:09 -0000

Ben,

Sorry if I misinterpreted your comment in this context.

Steve
> ...
>> Ben, please stop pushing CT as the solution for everything; it's become
>> more than tiresome.
> I was not pushing CT in any way! I was pushing for visibility that is
> not a padlock, since we know that doesn't work.
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>


From benl@google.com  Wed Oct  9 11:10:24 2013
Return-Path: <benl@google.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1F6321E8157 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 11:10:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level: 
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11E3Rumnx8q4 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 11:10:22 -0700 (PDT)
Received: from mail-vc0-x22e.google.com (mail-vc0-x22e.google.com [IPv6:2607:f8b0:400c:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 1791F21F9A10 for <perpass@ietf.org>; Wed,  9 Oct 2013 11:09:51 -0700 (PDT)
Received: by mail-vc0-f174.google.com with SMTP id gd11so800359vcb.33 for <perpass@ietf.org>; Wed, 09 Oct 2013 11:09:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ZR16EOeKSifcqx2TxAWm8QESTnjznrkZbBEWJguXbhQ=; b=Dti+MlMwEL9eG0cnGBg65FhzlqY1HcubnakXxd6IoVbxX1lXESAGegcSHZ4U0SHGTD zv53tw314Q9t+OL8uYbg7o6iK7uGyFgZtwtt55YQ7d+7+7hHueq+5vTh7P6PoqI7oUQa SDYhM2/IEi0B67kNAAu34cRI11ePAy78b4s1RJ2SyJJsbD27tEFO3yI+CTbIuzEqMHGw +ztpvfyBcJ0af7Po+9XsB4Z8Oyt4QutPVdybmbP9d51fTbVdW2s4n3DP0lpszImAvpls P7e0Aby76Ouyskl9x/7b0cLkGH3CyStNha9FzX08bOlgGWAxSyFxEopwmf75Oo9qP/Jl VUdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ZR16EOeKSifcqx2TxAWm8QESTnjznrkZbBEWJguXbhQ=; b=LxwFrqt09Nft63zRHswTT6x2cEBX8d1xOE19FdXyltoGIAVVjo54h14fYpAuLi7nhq k5bEr5dDK20mukxlTcHRUhm6lAayK2hhko/0u1+X1sobKU0BfuPZ6GpKDucrzpPJz9Wv KfOtbKIseJ4zCcuc2QM0D/82WQpkMB3/U8OoYiYTWZh6ADW1ZDV5bwGpnBSRAbreyoYS n/YrJqnESUOVqEHuZafeXrhFMKCZtUfulqlOcvd0J6fIgmNB9HgWmE8JzNCV5VGbSt8o LwxmOEWS1ovpehYQ0BB+MDbWQ8+T6T9aEx1ghd9VQ032Vo+q79N5ZZhPRAhdoy9zg9s1 rLTw==
X-Gm-Message-State: ALoCoQkXECeaALMf7jKJGK7+Rf/dtut/lx7XK6RD9dHIADh8Vstzy8rFyPslAtnUHzJzNZ3oE2ZXv0uTDHdcA8C/UDzHkDaYh73VxkAumUlXTcbAP+85U+vdMfiB+PToj6xulSp3w10MLTNr073qnR2Q7Uy31ikIjUyrN9zMgzdcszQNz7I5wV+laQXlxWOs/mG2jgeZFeAo
MIME-Version: 1.0
X-Received: by 10.221.55.4 with SMTP id vw4mr1241308vcb.37.1381342189967; Wed, 09 Oct 2013 11:09:49 -0700 (PDT)
Received: by 10.52.183.65 with HTTP; Wed, 9 Oct 2013 11:09:49 -0700 (PDT)
In-Reply-To: <52559369.5050908@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <CABrd9SQaUYKbD6bGTnueJK0eUjN7NmuXgaD+R-MRZSf70zJN8A@mail.gmail.com> <52557C5D.8050408@bbn.com> <CABrd9ST4d44_Qw=kPPiZ8C7OztTkq9Y+NKxdmXOp+QzEvhH9ng@mail.gmail.com> <52559369.5050908@bbn.com>
Date: Wed, 9 Oct 2013 19:09:49 +0100
Message-ID: <CABrd9SRb7JctxdLUWS9QAv+ApK8MNzMhBSxoDEfY-AbbQeJn5w@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 18:10:24 -0000

On 9 October 2013 18:33, Stephen Kent <kent@bbn.com> wrote:
> Ben,
> ...
>
>> It's all about incentives. Why would anyone care right now whether an
>> RFC is a standard or not? No-one beats them up for complying with
>> non-standards. Or even failing to comply with standards.
>
> That does not seem to be uniformly true. Some folks who purchase
> equipment have been know to require prospective bidders to
> assert that the products being proposed comply with selected RFCs.
>
>> If we are proposing to move into a world where we incentivise people
>> to care, then we need to actually call out people who fail to follow
>> the standards - and, as well, who fail to follow the secure standards.
>
> I think we gave up on  the notion of the IETF packet police a long time
> ago, when Jeff Schiller was Sec AD. :-)

Yeah, I don't think that's the answer. I think the answer is more
along the lines of products not taking the attitude that they should
work around everyone's broken crap, but instead that they should take
a hard line.

In short, "be liberal in what you accept" was a terrible idea for
security and its time we dropped it.

>> Just as now it is at least reasonably well understood by vendors that
>> TLS is desirable, because it gets pointed out if it isn't used, we
>> need to do the same for other secure standards.
>
> TLS has been very successful in terms of widespread deployment, and
> a lot of web sites mandate its use. But, it is also an example of
> a good technology that has often been misunderstood. If I am at home,
> making a credit-card purchase, TLS provides me with protection against
> the wrong threat. My CC number is at much greater risk of being stolen
> once it has arrived (securely) at the server, vs. when it was in transit.
> (If I were using WiFi in Starbucks the threat mode would be different.)
> The real benefit to me, as a client, is the nominal authentication of the
> web
> site offered by use of the underlying PKI. Of course, the browser PKI model
> is not so great, but it's better than nothing.
>
>> Note that TLS for SMTP does not enjoy the same level of security as
>> TLS for HTTP. Why? I claim it is because it is completely invisible to
>> users, so there's no incentives for vendors to get it right.
>
> My example above suggests another possible reason; I don't perceive
> a serious threat against inter-SMTP server hops for the vast majority of my
> e-mail.

But this is exactly the problem: 99% of the time you don't care, so
you argue that we should make it impossible to fix your problem in the
other 1% of cases.

I think the new reality is that you should worry about the 1% of the
time you care and put up with whatever slight hardships it brings for
your 99% case.

From richard@shockey.us  Wed Oct  9 13:57:37 2013
Return-Path: <richard@shockey.us>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 226CC21F9B86 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 13:57:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.52
X-Spam-Level: 
X-Spam-Status: No, score=-101.52 tagged_above=-999 required=5 tests=[AWL=0.745, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KC-iaekPisKX for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 13:57:26 -0700 (PDT)
Received: from oproxy9-pub.mail.unifiedlayer.com (oproxy9-pub.mail.unifiedlayer.com [69.89.24.6]) by ietfa.amsl.com (Postfix) with SMTP id 292D921E81A2 for <perpass@ietf.org>; Wed,  9 Oct 2013 13:57:19 -0700 (PDT)
Received: (qmail 11423 invoked by uid 0); 9 Oct 2013 20:56:57 -0000
Received: from unknown (HELO box462.bluehost.com) (74.220.219.62) by oproxy9.mail.unifiedlayer.com with SMTP; 9 Oct 2013 20:56:57 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default;  h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:To:From; bh=XPHKccg24SrElAKY4uVLfWFVNAan8ovYX32s7qM4InM=;  b=FxFEDnxUcB6I5biQOiK3olvYkTRiIOs5+0Z+FpD4XVvRT2b0hjhAN6+sVF1of8LidYpJKEtYsORPod8heUT91jHjIQGsMYRqVrZzveHf5vp2Fr57wrtNIbYrPFQWoKNj;
Received: from [71.114.100.16] (port=56133 helo=RSHOCKEYPC) by box462.bluehost.com with esmtpa (Exim 4.80) (envelope-from <richard@shockey.us>) id 1VU0mg-0000ud-R9; Wed, 09 Oct 2013 14:55:07 -0600
From: "Richard Shockey" <richard@shockey.us>
To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, "'Peterson, Jon'" <jon.peterson@neustar.biz>, "'perpass'" <perpass@ietf.org>
References: <CE79CB08.A63D4%jon.peterson@neustar.biz> <5254916B.20906@cs.tcd.ie>
In-Reply-To: <5254916B.20906@cs.tcd.ie>
Date: Wed, 9 Oct 2013 16:55:05 -0400
Message-ID: <01a701cec531$d54e7040$7feb50c0$@shockey.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQHiutiOB9h/c82LPzGeD9TL8nvczwGzO1kNmbdSskA=
Content-Language: en-us
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 71.114.100.16 authed with richard@shockey.us}
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 20:57:37 -0000

Well from a SIP perspective we have always had mandatory to implement TLS in
any number of specifications but in practice no one uses it. No one.  No one
cares.  

-----Original Message-----
From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf
Of Stephen Farrell
Sent: Tuesday, October 08, 2013 7:13 PM
To: Peterson, Jon; perpass
Subject: Re: [perpass] mandatory-to-implement vs. more?


Hi Jon,

I think SIP vs. WebRTC could be a fine contrast that could shed some light
on this, though its maybe a bit early in the latter case. Do you know if
anyone's done a comparison between those two from the security point of view
(well, between SIP deployment and WebRTC plans is probably the best that
could be done I guess).

Some more points below...

On 10/08/2013 11:23 PM, Peterson, Jon wrote:
> 
> Moving the bar from MTI to mandatory-to-use (can we overload the 
> acronym
> MTU?) goes beyond just questions of policy, and into the questions of 
> how we build consensus and what the shapes the output of our 
> engineering process.

I don't think I agree there. My suggestion was that we discuss whether or
not we may have a new consensus, not a change in how we determine
consenesus. In the event it appeared there was a new consensus on this list,
that'd have to be tested more broadly before it'd impact on anything.

> 
> Just to take an example I've followed a bit, SIP is relatively 
> successful IETF protocol. It has some notable security issues.

Nice understatement;-) IMO that's quite relevant too. SIP could be at the
same time a nice example of a successful insecure protocol and of a very
unsuccessful security protocol. That's a bit pejorative but I guess you know
what I mean.

> We could have designed
> SIP in a way that reduced the ability of middlemen to work themselves 
> into the path of SIP messages, and thus reduced the potential for 
> eavesdropping on the sessions that SIP creates - and its usefulness as 
> a tool of surveillance.
> 
> Had we made some of those design decisions, however, it's unclear to 
> me that SIP would have been such a successful protocol.

Well, that assumes that the SIP-proxy driven aproach that's current was
always going to be necessary. Its clearly necessary now though so the
middlebox aspect is a real issue here (and for HTTP).

> But we wouldn't have
> made those decisions anyway, because the relevant documents would 
> never have garnered consensus in the working groups. Our consensus 
> process reflects the aggregate of the requirements of our 
> participants, which come from many sources: employers, or regulators, 
> or academic interests, or personal consciences.
> 
> If we had designed SIP to be a protocol that didn't meet those 
> requirements, of course it wouldn't see much deployment. Extensions to 
> SIP that have leaned in this direction have had little impact on the 
> protocol's use. That is the purpose of a consensus process, to reflect 
> the likely implementation and deployment community. Like it or not, 
> the participants in our consensus process want protocols like SIP to 
> be modifiable by intermediaries for numerous reasons - and once we 
> open that door, we have to understand it will be open for all comers.
> 
> We could change our process so that it overrides consensus on some of 
> these crucial points. I think it would be safe to say that we already 
> do so, in a limited way, as a results of various forms of cross-area
review.
> As popular protocol go through our process, we levy requirements that 
> are winked at by document authors and ignored by implementers.

Yeah, that's a PITA. References to RFC 4744 and RFC 3118 are my least
favourite things to see when reviewing drafts. Both indicate that people are
trying to pretend to do security, and that they're even doing that badly;-)

That does I think make for an argument for more than MTI - if it really has
to be used for the protocol to operate, then its far more likely to work and
get used and have been properly engineered.

> There are
> however lines here we could cross that would result in nothing but the 
> severing of IETF work from the reality of deployment. That would not 
> serve our mission of making the Internet better.
> 
> We undoubtedly need to make changes to reflect our new understanding 
> of the threats facing the Internet. I think this needs to come from 
> the bottom up, though, not from the top down.

Fully agree. And that's what (I think) we're doing here. Seeing what really
is new and what folks want to do about it. But maybe I'm mixed up, I've no
idea what top-down thing you mean to be honest.

> I am heartened that our
> consensus process has elevated core security mechanisms to 
> mandatory-to-use level for some recent work, like in RTCWeb. We need 
> to shed the brightest light we can on these issues, educate the 
> community about the new risks and the practical countermeasures, and 
> then execute our consensus process as we always have. In some cases, 
> mandatory-to-use will be the right choice. In others, it won't.

That's one possible outcome - to say that more-than-MTI is a valid choice
that can be made on a protocol by protocol basis. And while that's not
described in BCP61, the WebRTC case shows its doable aleady I guess that's
an argument for the status quo. (Which is fine, the point for now is to see
what arguments there are that might convince folks here that the status quo
is or is not ok.)

S.


> 
> Jon Peterson
> Neustar, Inc.
> 
> On 10/8/13 2:14 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
> 
>>
>> Hi,
>>
>> Steve's mail argues for the current IETF position that 
>> mandatory-to-implement (MTI) is the correct target IETF 
>> specifications.
>>
>> Some folks (me included to be honest) wonder if the current situation 
>> argues for raising the bar there somewhat on the basis that MTI 
>> security features are frequently turned off or not sufficiently well 
>> tested to be usable. (Pick your favourite example, mine are usually 
>> rfc4744 or Diameter being run in clear.) And an upshot from that is 
>> that that helps those who want to pervasively monitor everything.
>>
>> Others argue that that'd be the IETF straying into the space of 
>> policy - all we should do is define how to use strong security 
>> features and make sure the code is there so they can be turned on and 
>> the rest is policy.
>>
>> I'm sure there are loads more arguments, and I do think it'd be 
>> useful to see those discussed here.
>>
>> Thanks,
>> Stephen.
>>
>> PS: Our -00 privacy BCP doesn't go beyond MTI for now, but were there 
>> consensus for that, I think it'd be good if we could go further.
>>
>>
>> _______________________________________________
>> perpass mailing list
>> perpass@ietf.org
>> https://www.ietf.org/mailman/listinfo/perpass
> 
> 
> 
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass


From derhoermi@gmx.net  Wed Oct  9 15:00:42 2013
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B60D721E81EC for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 15:00:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.847
X-Spam-Level: 
X-Spam-Status: No, score=-0.847 tagged_above=-999 required=5 tests=[AWL=-0.208, BAYES_00=-2.599, RCVD_IN_BL_SPAMCOP_NET=1.96]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xg+DRynntuIP for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 15:00:37 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id 40A8721E8201 for <perpass@ietf.org>; Wed,  9 Oct 2013 15:00:32 -0700 (PDT)
Received: from netb.Speedport_W_700V ([91.35.20.241]) by mail.gmx.com (mrgmx103) with ESMTPA (Nemesis) id 0MWkZL-1VJGGj3kip-00XspQ for <perpass@ietf.org>; Thu, 10 Oct 2013 00:00:31 +0200
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Mike Demmers <mdietf@demmers.org>
Date: Thu, 10 Oct 2013 00:00:31 +0200
Message-ID: <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de>
References: <20130925110934.464c7592@cicero.demmers.org> <524343B5.8010808@cs.tcd.ie> <20130930135150.23771137@cicero.demmers.org>
In-Reply-To: <20130930135150.23771137@cicero.demmers.org>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:XN8Ro8htLY/MrvtpANRUvJibRvvainelDcGOlLKVdVeYYUVNXMA lCP49rplhFdh653QyNpEhNgwF0laMcInoWJqzijJwDGbrnTDRoycHoNgv1x9Z9FbFwJmoqS sPa8ug0RL54CtyT89LYCaJtKtiCHx93mfKR/MKMQNlE+arVxYSMPHmDclYd0aPiTO0nBiBZ HVO/xlXoO97ox0f86rOxg==
Cc: Perpass List Submit <perpass@ietf.org>
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 22:00:42 -0000

* Mike Demmers wrote:
>TThe basic concept of default deny for encrypted emails only seems very 'right' to
>me, because if you are going to the trouble to do this, and handle things like
>key exchanges, that communication must be pretty special to begin with. Why would
>you want 'just anyone' to be able to send you encrypted emails?

I got the PGP key in my signature particularily so that strangers can
contact me in a somewhat confidential manner (that was in 1999 when I
was still in secondary education, and pretty much everybody I knew at
the time would have better ways for confidential communication, but
strangers living thousands of kilometers away lacked those options).
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

From jon.peterson@neustar.biz  Wed Oct  9 15:44:16 2013
Return-Path: <jon.peterson@neustar.biz>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F70121E81D2 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 15:44:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.811
X-Spam-Level: 
X-Spam-Status: No, score=-103.811 tagged_above=-999 required=5 tests=[AWL=-1.212, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GUc0GL3ggJet for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 15:44:12 -0700 (PDT)
Received: from neustar.com (mx1.neustar.com [156.154.42.25]) by ietfa.amsl.com (Postfix) with ESMTP id 289CC21E81F4 for <perpass@ietf.org>; Wed,  9 Oct 2013 15:44:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.biz; s=neustarbiz; t=1381358814; x=1696717987; q=dns/txt; h=From:Subject:Date:Message-ID:Content-Language: Content-Type:Content-ID:Content-Transfer-Encoding; bh=4K8wRtydpH teG+JO6doJCciBlP+qnPcKfiixoMIn1Nk=; b=paQZOMWay6QsG+ZX9ZlR1tL/NG WPamuAyp9rDPtMQi+DkW0Gk+213l+rFO24CcdCnHy4dlFvkAZjIS5P3/p+tQ==
Received: from ([10.31.58.69]) by stihiron2.va.neustar.com with ESMTP with TLS id J041124103.31748258;  Wed, 09 Oct 2013 18:46:53 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.60]) by stntexhc10.cis.neustar.com ([169.254.4.132]) with mapi id 14.02.0342.003; Wed, 9 Oct 2013 18:44:00 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: Richard Shockey <richard@shockey.us>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, 'perpass' <perpass@ietf.org>
Thread-Topic: [perpass] mandatory-to-implement vs. more?
Thread-Index: AQHOxGt1gKv+/IMKx0apKzYaC3uAzpnrLvwAgACDA4CAAWvhgP//qRMA
Date: Wed, 9 Oct 2013 22:44:00 +0000
Message-ID: <CE7B2403.A6EB4%jon.peterson@neustar.biz>
In-Reply-To: <01a701cec531$d54e7040$7feb50c0$@shockey.us>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/14.3.6.130613
x-originating-ip: [192.168.129.154]
x-ems-proccessed: R64IxjzeHPwwd+efoj3ZcA==
x-ems-stamp: vKpvBNjYxkikAvrpvVpXjA==
Content-Type: text/plain; charset="us-ascii"
Content-ID: <232B48FADB84F24FB19076C17144DB41@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 22:44:16 -0000

For PSTN replacement deployments in effectively private networks, the case
for transport-level security is unconvincing, sure.

To Steve Kent's earlier point, documents that explain why strong security
is a best practice for particular environments would do better than a
blanket assertion that SIP must always use TLS. If the latter statement
were built into RFC3261, it would serve little purpose other than
rendering many implementations non-compliant with RFC3261. A BCP could
however provide the necessary motivation for using TLS in the situations
where it will actually help, and the recent revelations make that case
rather eloquently.

Jon Peterson
Neustar, Inc.

On 10/9/13 1:55 PM, "Richard Shockey" <richard@shockey.us> wrote:

>Well from a SIP perspective we have always had mandatory to implement TLS
>in
>any number of specifications but in practice no one uses it. No one.  No
>one
>cares. =20
>
>-----Original Message-----
>From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf
>Of Stephen Farrell
>Sent: Tuesday, October 08, 2013 7:13 PM
>To: Peterson, Jon; perpass
>Subject: Re: [perpass] mandatory-to-implement vs. more?
>
>
>Hi Jon,
>
>I think SIP vs. WebRTC could be a fine contrast that could shed some light
>on this, though its maybe a bit early in the latter case. Do you know if
>anyone's done a comparison between those two from the security point of
>view
>(well, between SIP deployment and WebRTC plans is probably the best that
>could be done I guess).
>
>Some more points below...
>
>On 10/08/2013 11:23 PM, Peterson, Jon wrote:
>>=20
>> Moving the bar from MTI to mandatory-to-use (can we overload the
>> acronym
>> MTU?) goes beyond just questions of policy, and into the questions of
>> how we build consensus and what the shapes the output of our
>> engineering process.
>
>I don't think I agree there. My suggestion was that we discuss whether or
>not we may have a new consensus, not a change in how we determine
>consenesus. In the event it appeared there was a new consensus on this
>list,
>that'd have to be tested more broadly before it'd impact on anything.
>
>>=20
>> Just to take an example I've followed a bit, SIP is relatively
>> successful IETF protocol. It has some notable security issues.
>
>Nice understatement;-) IMO that's quite relevant too. SIP could be at the
>same time a nice example of a successful insecure protocol and of a very
>unsuccessful security protocol. That's a bit pejorative but I guess you
>know
>what I mean.
>
>> We could have designed
>> SIP in a way that reduced the ability of middlemen to work themselves
>> into the path of SIP messages, and thus reduced the potential for
>> eavesdropping on the sessions that SIP creates - and its usefulness as
>> a tool of surveillance.
>>=20
>> Had we made some of those design decisions, however, it's unclear to
>> me that SIP would have been such a successful protocol.
>
>Well, that assumes that the SIP-proxy driven aproach that's current was
>always going to be necessary. Its clearly necessary now though so the
>middlebox aspect is a real issue here (and for HTTP).
>
>> But we wouldn't have
>> made those decisions anyway, because the relevant documents would
>> never have garnered consensus in the working groups. Our consensus
>> process reflects the aggregate of the requirements of our
>> participants, which come from many sources: employers, or regulators,
>> or academic interests, or personal consciences.
>>=20
>> If we had designed SIP to be a protocol that didn't meet those
>> requirements, of course it wouldn't see much deployment. Extensions to
>> SIP that have leaned in this direction have had little impact on the
>> protocol's use. That is the purpose of a consensus process, to reflect
>> the likely implementation and deployment community. Like it or not,
>> the participants in our consensus process want protocols like SIP to
>> be modifiable by intermediaries for numerous reasons - and once we
>> open that door, we have to understand it will be open for all comers.
>>=20
>> We could change our process so that it overrides consensus on some of
>> these crucial points. I think it would be safe to say that we already
>> do so, in a limited way, as a results of various forms of cross-area
>review.
>> As popular protocol go through our process, we levy requirements that
>> are winked at by document authors and ignored by implementers.
>
>Yeah, that's a PITA. References to RFC 4744 and RFC 3118 are my least
>favourite things to see when reviewing drafts. Both indicate that people
>are
>trying to pretend to do security, and that they're even doing that
>badly;-)
>
>That does I think make for an argument for more than MTI - if it really
>has
>to be used for the protocol to operate, then its far more likely to work
>and
>get used and have been properly engineered.
>
>> There are
>> however lines here we could cross that would result in nothing but the
>> severing of IETF work from the reality of deployment. That would not
>> serve our mission of making the Internet better.
>>=20
>> We undoubtedly need to make changes to reflect our new understanding
>> of the threats facing the Internet. I think this needs to come from
>> the bottom up, though, not from the top down.
>
>Fully agree. And that's what (I think) we're doing here. Seeing what
>really
>is new and what folks want to do about it. But maybe I'm mixed up, I've no
>idea what top-down thing you mean to be honest.
>
>> I am heartened that our
>> consensus process has elevated core security mechanisms to
>> mandatory-to-use level for some recent work, like in RTCWeb. We need
>> to shed the brightest light we can on these issues, educate the
>> community about the new risks and the practical countermeasures, and
>> then execute our consensus process as we always have. In some cases,
>> mandatory-to-use will be the right choice. In others, it won't.
>
>That's one possible outcome - to say that more-than-MTI is a valid choice
>that can be made on a protocol by protocol basis. And while that's not
>described in BCP61, the WebRTC case shows its doable aleady I guess that's
>an argument for the status quo. (Which is fine, the point for now is to
>see
>what arguments there are that might convince folks here that the status
>quo
>is or is not ok.)
>
>S.
>
>
>>=20
>> Jon Peterson
>> Neustar, Inc.
>>=20
>> On 10/8/13 2:14 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
>>=20
>>>
>>> Hi,
>>>
>>> Steve's mail argues for the current IETF position that
>>> mandatory-to-implement (MTI) is the correct target IETF
>>> specifications.
>>>
>>> Some folks (me included to be honest) wonder if the current situation
>>> argues for raising the bar there somewhat on the basis that MTI
>>> security features are frequently turned off or not sufficiently well
>>> tested to be usable. (Pick your favourite example, mine are usually
>>> rfc4744 or Diameter being run in clear.) And an upshot from that is
>>> that that helps those who want to pervasively monitor everything.
>>>
>>> Others argue that that'd be the IETF straying into the space of
>>> policy - all we should do is define how to use strong security
>>> features and make sure the code is there so they can be turned on and
>>> the rest is policy.
>>>
>>> I'm sure there are loads more arguments, and I do think it'd be
>>> useful to see those discussed here.
>>>
>>> Thanks,
>>> Stephen.
>>>
>>> PS: Our -00 privacy BCP doesn't go beyond MTI for now, but were there
>>> consensus for that, I think it'd be good if we could go further.
>>>
>>>
>>> _______________________________________________
>>> perpass mailing list
>>> perpass@ietf.org
>>> https://www.ietf.org/mailman/listinfo/perpass
>>=20
>>=20
>>=20
>_______________________________________________
>perpass mailing list
>perpass@ietf.org
>https://www.ietf.org/mailman/listinfo/perpass
>


From stephen.farrell@cs.tcd.ie  Wed Oct  9 16:01:05 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 043FD21E81C6 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 16:01:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level: 
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 85Qn3Fmoy9yb for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 16:00:47 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id EB3C821E8235 for <perpass@ietf.org>; Wed,  9 Oct 2013 15:59:15 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 14E22BE4D; Wed,  9 Oct 2013 23:59:15 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8O-nai6fIh4l; Wed,  9 Oct 2013 23:59:14 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.45.54.85]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D50D5BE49; Wed,  9 Oct 2013 23:59:13 +0100 (IST)
Message-ID: <5255DFC1.60308@cs.tcd.ie>
Date: Wed, 09 Oct 2013 23:59:13 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: "Peterson, Jon" <jon.peterson@neustar.biz>,  Richard Shockey <richard@shockey.us>, 'perpass' <perpass@ietf.org>
References: <CE7B2403.A6EB4%jon.peterson@neustar.biz>
In-Reply-To: <CE7B2403.A6EB4%jon.peterson@neustar.biz>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 23:01:05 -0000

On 10/09/2013 11:44 PM, Peterson, Jon wrote:
> A BCP could
> however provide the necessary motivation for using TLS in the situations
> where it will actually help, and the recent revelations make that case
> rather eloquently.

I'm confused by that a bit - given the GCHQ/Belgacom example, in
which situations would running SIP over TLS never help?

Note that I've not yet argued for MTU at all, so that's a real
question.

S.

From jon.peterson@neustar.biz  Wed Oct  9 16:21:28 2013
Return-Path: <jon.peterson@neustar.biz>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90AD821E81CD for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 16:21:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.568
X-Spam-Level: 
X-Spam-Status: No, score=-105.568 tagged_above=-999 required=5 tests=[AWL=1.031, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y63lrw4+TH9C for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 16:21:24 -0700 (PDT)
Received: from neustar.com (mx2.neustar.com [156.154.25.104]) by ietfa.amsl.com (Postfix) with ESMTP id 559DA21F9C37 for <perpass@ietf.org>; Wed,  9 Oct 2013 16:21:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.biz; s=neustarbiz; t=1381360897; x=1696716272; q=dns/txt; h=From:Subject:Date:Message-ID:Content-Language: Content-Type:Content-ID:Content-Transfer-Encoding; bh=urX4ze73N3 84t5dit6wT/XzTg6zo2lPrH5r1jOppkjo=; b=BZIfsIA/IEc29mQR81YbP19R1J dN3J6QIGNAmxkPFqJLDNRDk+tFyfgWOzykX9ABHdmtLON2jURhhNDnazAOUw==
Received: from ([10.31.58.70]) by chihiron2.nc.neustar.com with ESMTP with TLS id J041123125.26864237;  Wed, 09 Oct 2013 19:21:36 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.60]) by stntexhc11.cis.neustar.com ([::1]) with mapi id 14.02.0342.003; Wed, 9 Oct 2013 19:21:14 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Richard Shockey <richard@shockey.us>, 'perpass' <perpass@ietf.org>
Thread-Topic: [perpass] mandatory-to-implement vs. more?
Thread-Index: AQHOxGt1gKv+/IMKx0apKzYaC3uAzpnrLvwAgACDA4CAAWvhgP//qRMAgAB5m4D//5DMAA==
Date: Wed, 9 Oct 2013 23:21:14 +0000
Message-ID: <CE7B3135.A6F68%jon.peterson@neustar.biz>
In-Reply-To: <5255DFC1.60308@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/14.3.6.130613
x-originating-ip: [192.168.129.154]
x-ems-proccessed: R64IxjzeHPwwd+efoj3ZcA==
x-ems-stamp: ODnF1KjBt0EUp93sGal/Vg==
Content-Type: text/plain; charset="us-ascii"
Content-ID: <D112326D551DC447ABF1AC2C34895875@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 23:21:28 -0000

I suspect your confusion surrounds who exactly would be helped and what
that help would be. All I was saying is that there are deployments whose
operators and implementers don't perceive the need for such help, and that
we're unlikely to persuade them of it. Making TLS MTU for SIP would have
no appreciable impact on those environments.

Jon Peterson
Neustar, Inc.

On 10/9/13 3:59 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:

>
>
>On 10/09/2013 11:44 PM, Peterson, Jon wrote:
>> A BCP could
>> however provide the necessary motivation for using TLS in the situations
>> where it will actually help, and the recent revelations make that case
>> rather eloquently.
>
>I'm confused by that a bit - given the GCHQ/Belgacom example, in
>which situations would running SIP over TLS never help?
>
>Note that I've not yet argued for MTU at all, so that's a real
>question.
>
>S.


From stephen.farrell@cs.tcd.ie  Wed Oct  9 16:30:52 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5975E21E8206 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 16:30:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ANjrPCYMt5sR for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 16:30:47 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 1EA1A21E81DC for <perpass@ietf.org>; Wed,  9 Oct 2013 16:30:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7A48BBE4D; Thu, 10 Oct 2013 00:30:40 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H2VC5hqd9KaK; Thu, 10 Oct 2013 00:30:38 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.45.54.85]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 904D0BE49; Thu, 10 Oct 2013 00:30:38 +0100 (IST)
Message-ID: <5255E71E.1080007@cs.tcd.ie>
Date: Thu, 10 Oct 2013 00:30:38 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: "Peterson, Jon" <jon.peterson@neustar.biz>,  Richard Shockey <richard@shockey.us>, 'perpass' <perpass@ietf.org>
References: <CE7B3135.A6F68%jon.peterson@neustar.biz>
In-Reply-To: <CE7B3135.A6F68%jon.peterson@neustar.biz>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 23:30:52 -0000

On 10/10/2013 12:21 AM, Peterson, Jon wrote:
> 
> I suspect your confusion surrounds who exactly would be helped and what
> that help would be. All I was saying is that there are deployments whose
> operators and implementers don't perceive the need for such help, 

I agree with that.

> and that
> we're unlikely to persuade them of it. 

Ah. I thought you had said that TLS wouldn't actually add value.

But you actually meant it wouldn't be perceived to add value by
those who don't perceive the need I guess, which seems a little
tautological.

> Making TLS MTU for SIP would have
> no appreciable impact on those environments.

The question is not IMO whether we declare TLS to be MTU for SIP.

For me, the question is: Nobody uses SIP/TLS now. Using SIP/TLS
would add some value. How can we make it more likely they do use
SIP/TLS?

S.

> 
> Jon Peterson
> Neustar, Inc.
> 
> On 10/9/13 3:59 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
> 
>>
>>
>> On 10/09/2013 11:44 PM, Peterson, Jon wrote:
>>> A BCP could
>>> however provide the necessary motivation for using TLS in the situations
>>> where it will actually help, and the recent revelations make that case
>>> rather eloquently.
>>
>> I'm confused by that a bit - given the GCHQ/Belgacom example, in
>> which situations would running SIP over TLS never help?
>>
>> Note that I've not yet argued for MTU at all, so that's a real
>> question.
>>
>> S.
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From stephen.farrell@cs.tcd.ie  Wed Oct  9 16:31:57 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0914421E81EE for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 16:31:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q7u+fIFUDT6S for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 16:31:52 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 05B3021F9C16 for <perpass@ietf.org>; Wed,  9 Oct 2013 16:31:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C32A6BE4D; Thu, 10 Oct 2013 00:31:45 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GGWaK0MjlBFw; Thu, 10 Oct 2013 00:31:43 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.45.54.85]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C323BBE49; Thu, 10 Oct 2013 00:31:43 +0100 (IST)
Message-ID: <5255E75F.8020706@cs.tcd.ie>
Date: Thu, 10 Oct 2013 00:31:43 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Richard Shockey <richard@shockey.us>, 'perpass' <perpass@ietf.org>
References: <CE79CB08.A63D4%jon.peterson@neustar.biz>	<5254916B.20906@cs.tcd.ie> <01a701cec531$d54e7040$7feb50c0$@shockey.us>
In-Reply-To: <01a701cec531$d54e7040$7feb50c0$@shockey.us>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 23:31:57 -0000

On 10/09/2013 09:55 PM, Richard Shockey wrote:
> Well from a SIP perspective we have always had mandatory to implement TLS in
> any number of specifications but in practice no one uses it. No one.  No one
> cares.  

BTW - thanks Rich - I think saying what really happens is very helpful.
Pretend security is IMO worse and defo much more of a PITA.

S.

> 
> -----Original Message-----
> From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf
> Of Stephen Farrell
> Sent: Tuesday, October 08, 2013 7:13 PM
> To: Peterson, Jon; perpass
> Subject: Re: [perpass] mandatory-to-implement vs. more?
> 
> 
> Hi Jon,
> 
> I think SIP vs. WebRTC could be a fine contrast that could shed some light
> on this, though its maybe a bit early in the latter case. Do you know if
> anyone's done a comparison between those two from the security point of view
> (well, between SIP deployment and WebRTC plans is probably the best that
> could be done I guess).
> 
> Some more points below...
> 
> On 10/08/2013 11:23 PM, Peterson, Jon wrote:
>>
>> Moving the bar from MTI to mandatory-to-use (can we overload the 
>> acronym
>> MTU?) goes beyond just questions of policy, and into the questions of 
>> how we build consensus and what the shapes the output of our 
>> engineering process.
> 
> I don't think I agree there. My suggestion was that we discuss whether or
> not we may have a new consensus, not a change in how we determine
> consenesus. In the event it appeared there was a new consensus on this list,
> that'd have to be tested more broadly before it'd impact on anything.
> 
>>
>> Just to take an example I've followed a bit, SIP is relatively 
>> successful IETF protocol. It has some notable security issues.
> 
> Nice understatement;-) IMO that's quite relevant too. SIP could be at the
> same time a nice example of a successful insecure protocol and of a very
> unsuccessful security protocol. That's a bit pejorative but I guess you know
> what I mean.
> 
>> We could have designed
>> SIP in a way that reduced the ability of middlemen to work themselves 
>> into the path of SIP messages, and thus reduced the potential for 
>> eavesdropping on the sessions that SIP creates - and its usefulness as 
>> a tool of surveillance.
>>
>> Had we made some of those design decisions, however, it's unclear to 
>> me that SIP would have been such a successful protocol.
> 
> Well, that assumes that the SIP-proxy driven aproach that's current was
> always going to be necessary. Its clearly necessary now though so the
> middlebox aspect is a real issue here (and for HTTP).
> 
>> But we wouldn't have
>> made those decisions anyway, because the relevant documents would 
>> never have garnered consensus in the working groups. Our consensus 
>> process reflects the aggregate of the requirements of our 
>> participants, which come from many sources: employers, or regulators, 
>> or academic interests, or personal consciences.
>>
>> If we had designed SIP to be a protocol that didn't meet those 
>> requirements, of course it wouldn't see much deployment. Extensions to 
>> SIP that have leaned in this direction have had little impact on the 
>> protocol's use. That is the purpose of a consensus process, to reflect 
>> the likely implementation and deployment community. Like it or not, 
>> the participants in our consensus process want protocols like SIP to 
>> be modifiable by intermediaries for numerous reasons - and once we 
>> open that door, we have to understand it will be open for all comers.
>>
>> We could change our process so that it overrides consensus on some of 
>> these crucial points. I think it would be safe to say that we already 
>> do so, in a limited way, as a results of various forms of cross-area
> review.
>> As popular protocol go through our process, we levy requirements that 
>> are winked at by document authors and ignored by implementers.
> 
> Yeah, that's a PITA. References to RFC 4744 and RFC 3118 are my least
> favourite things to see when reviewing drafts. Both indicate that people are
> trying to pretend to do security, and that they're even doing that badly;-)
> 
> That does I think make for an argument for more than MTI - if it really has
> to be used for the protocol to operate, then its far more likely to work and
> get used and have been properly engineered.
> 
>> There are
>> however lines here we could cross that would result in nothing but the 
>> severing of IETF work from the reality of deployment. That would not 
>> serve our mission of making the Internet better.
>>
>> We undoubtedly need to make changes to reflect our new understanding 
>> of the threats facing the Internet. I think this needs to come from 
>> the bottom up, though, not from the top down.
> 
> Fully agree. And that's what (I think) we're doing here. Seeing what really
> is new and what folks want to do about it. But maybe I'm mixed up, I've no
> idea what top-down thing you mean to be honest.
> 
>> I am heartened that our
>> consensus process has elevated core security mechanisms to 
>> mandatory-to-use level for some recent work, like in RTCWeb. We need 
>> to shed the brightest light we can on these issues, educate the 
>> community about the new risks and the practical countermeasures, and 
>> then execute our consensus process as we always have. In some cases, 
>> mandatory-to-use will be the right choice. In others, it won't.
> 
> That's one possible outcome - to say that more-than-MTI is a valid choice
> that can be made on a protocol by protocol basis. And while that's not
> described in BCP61, the WebRTC case shows its doable aleady I guess that's
> an argument for the status quo. (Which is fine, the point for now is to see
> what arguments there are that might convince folks here that the status quo
> is or is not ok.)
> 
> S.
> 
> 
>>
>> Jon Peterson
>> Neustar, Inc.
>>
>> On 10/8/13 2:14 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
>>
>>>
>>> Hi,
>>>
>>> Steve's mail argues for the current IETF position that 
>>> mandatory-to-implement (MTI) is the correct target IETF 
>>> specifications.
>>>
>>> Some folks (me included to be honest) wonder if the current situation 
>>> argues for raising the bar there somewhat on the basis that MTI 
>>> security features are frequently turned off or not sufficiently well 
>>> tested to be usable. (Pick your favourite example, mine are usually 
>>> rfc4744 or Diameter being run in clear.) And an upshot from that is 
>>> that that helps those who want to pervasively monitor everything.
>>>
>>> Others argue that that'd be the IETF straying into the space of 
>>> policy - all we should do is define how to use strong security 
>>> features and make sure the code is there so they can be turned on and 
>>> the rest is policy.
>>>
>>> I'm sure there are loads more arguments, and I do think it'd be 
>>> useful to see those discussed here.
>>>
>>> Thanks,
>>> Stephen.
>>>
>>> PS: Our -00 privacy BCP doesn't go beyond MTI for now, but were there 
>>> consensus for that, I think it'd be good if we could go further.
>>>
>>>
>>> _______________________________________________
>>> perpass mailing list
>>> perpass@ietf.org
>>> https://www.ietf.org/mailman/listinfo/perpass
>>
>>
>>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From stephen.farrell@cs.tcd.ie  Wed Oct  9 16:52:21 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7604021E81FF for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 16:52:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Na9ePUB4ARel for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 16:52:02 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 9C05521E81C1 for <perpass@ietf.org>; Wed,  9 Oct 2013 16:52:00 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 363ACBE4D; Thu, 10 Oct 2013 00:51:59 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mFY-+Uzj6HLZ; Thu, 10 Oct 2013 00:51:57 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.45.54.85]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AAE00BE49; Thu, 10 Oct 2013 00:51:57 +0100 (IST)
Message-ID: <5255EC1D.5040006@cs.tcd.ie>
Date: Thu, 10 Oct 2013 00:51:57 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>
In-Reply-To: <525590CC.4030505@bbn.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 23:52:21 -0000

Hi Steve,

On 10/09/2013 06:22 PM, Stephen Kent wrote:
> Stephen,
> 
> Thanks for creating a new thread to discuss this topic. It's a good
> starting point for
> 
> an important discussion.

I agree its important.

> I think MTU (vs. MTI) is a very hard argument to make, for several reasons,
> some of which I noted in my response to Dean.

Well, MTU vs MTI is not quite what the subject line says, but is
clearly one of the options worth discussing.

> Internet protocols are used in a very, very wide range of contexts,
> e.g., enterprises of various sorts, the IoT, and public environments. In
> principle one ought to make decisions about what security measures to
> deploy and enable based on a perception of threat. Threats differ in
> different contexts. Our current, MTI-based approach to security enables
> responsible parties in each environment to make decisions about what
> security to offer based on perceived threats and tradeoffs, e.g.,
> performance, processing overhead, user experience, etc.

All good.

> I admit that, in my experience, very few parties appear to make such
> decisions in a well thought-out fashion, but they could. 

That's the catch though isn't it? They don't, for whatever reason(s)
as seems to be shown by the SIP discussion.

I conclude that that means we're doing something wrong. (Maybe we're
not the only ones doing something wrong, but I do think we contribute
to the problem.)

> Suggesting that
> we can make such decisions for the folks who are ultimately responsible
> for the operation of services in a wide range of contexts strikes me
> hubristic.

Hmm. But we're happy enough to suggest that URI scheme names
can't contain a ":" and as a more relevant example, we don't have
a problem that web sockets requires a Sec-WebSocket-Key header. So
I don't buy the "we can't do that" argument to be honest.

> We've already made concessions for the Smart Grid context in the case of
> IPsec as MTI for IPv6. To me this suggests that we were persuaded that
> even MTI can be a barrier to adoption and deployment in some contexts.

But on the other hand maybe we were wrong there. Not sure myself.

> Pursuing a single set of MTUstandards for a wide range of contexts seems
> doomed to failure. 

Perhaps. But I'm not sure what a "single set of MTUstandards" means
to be honest. If we did have consensus for more than MTI then we
could clearly mess up in loads of ways;-)

> Generating MTU RFCs for various contexts might be an
> alternative. That would imply MTI protocol standards, augmented with
> BCPs. Is that what you envision?

Could be. Defo worth thinking about. Be great if folks had some
suggestions for situations where that might produce a better
outcome than we have today.

> Evaluating tradeoffs of security and privacy vs. other factors is hard
> when one deals with a wide range of contexts. For example, end user
> devices range from big servers to laptops, to tablets, to smart phones.
> Battery use if a big issue for some of these devices, as is bandwidth.
> Some of the more extreme TFS mechanisms discussed would have adverse
> implications for both. That's an example of why MTU, at the protocol
> spec levelk,
> strikes me as a bad idea.

Hm. I don't see why that applies to just this aspect of protocol
development. Sure, crypto involves some more CPU but that's not
that big a deal (far less than having the radio on in a challenged
device) and some round-trips which turns out to be a problem in
unchallenged-envirionments.

> There are a lot of middleboxes in the Internet. I am no fan of them; I'm
> a true believer in the e-t-e model for everything, not just security.
> But middleboxes are a fact of life and they exist because the folks who
> purchase equipment and offer services have found them to be operational
> necessities. Middleboxes provide ways to deal with backward
> compatibility and migration issues, broken implementations from vendors,
> security services for enterprises, network traffic engineering, etc. 

I'm surprised that you're convinced by the existence of bad practice:-)
But yes, middleboxes are there and we can't ignore that.

> If
> we argue that security against widespread nation-state surveillance is
> more important than all of these other considerations, I think we risk
> having the IETF be described as out of touch with reality.

Equally, if we ignored pervasive monitoring, we'd actaully be out of
touch with reality.

But there are definite trade-offs here. Its entirely true that we can't
improve privacy without affecting other things. One of my conclusions
from recent revelations is that we've not done a good enough job on
privacy so fixing that will involve such trade-offs if we're serious
about it and not just pretending.

S.

> 
> Steve
> 
> 
> 

From richard@shockey.us  Wed Oct  9 18:59:30 2013
Return-Path: <richard@shockey.us>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4239321E8264 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 18:59:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.892
X-Spam-Level: 
X-Spam-Status: No, score=-101.892 tagged_above=-999 required=5 tests=[AWL=0.373, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cwULl-I92qgJ for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 18:59:24 -0700 (PDT)
Received: from gproxy4-pub.mail.unifiedlayer.com (gproxy4-pub.mail.unifiedlayer.com [69.89.23.142]) by ietfa.amsl.com (Postfix) with SMTP id 9274721E8262 for <perpass@ietf.org>; Wed,  9 Oct 2013 18:59:24 -0700 (PDT)
Received: (qmail 24194 invoked by uid 0); 10 Oct 2013 01:59:19 -0000
Received: from unknown (HELO box462.bluehost.com) (74.220.219.62) by gproxy4.mail.unifiedlayer.com with SMTP; 10 Oct 2013 01:59:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default;  h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:To:From; bh=NVZGhqHzQPBM0zz3X+PJiV78LyI1/2PAiAl0OCjTDxU=;  b=gTHZotfnDnZw0uEgBGLP7I+rUC7aRaF7V43v5ndAkXnBc6diY2cAJgxKYGZBrAnbgsMkAPyVyMi1hzIsh65mzPqpdkKdGl0QNxEZxGWq6KSUm4UoXVxbFkpoWQtwUi2B;
Received: from [71.114.100.16] (port=59936 helo=RSHOCKEYPC) by box462.bluehost.com with esmtpa (Exim 4.80) (envelope-from <richard@shockey.us>) id 1VU5X4-00021i-UJ; Wed, 09 Oct 2013 19:59:19 -0600
From: "Richard Shockey" <richard@shockey.us>
To: "'Peterson, Jon'" <jon.peterson@neustar.biz>, "'perpass'" <perpass@ietf.org>
References: <5255DFC1.60308@cs.tcd.ie> <CE7B3135.A6F68%jon.peterson@neustar.biz>
In-Reply-To: <CE7B3135.A6F68%jon.peterson@neustar.biz>
Date: Wed, 9 Oct 2013 21:59:16 -0400
Message-ID: <01ef01cec55c$5459fdd0$fd0df970$@shockey.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJKJot8Xkwwa60fkVskGUHZzpQ9gZj2av4g
Content-Language: en-us
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 71.114.100.16 authed with richard@shockey.us}
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 01:59:30 -0000

+1 .. unlikely is a mild word. I would have probably used the words never
persuade them.

-----Original Message-----
From: Peterson, Jon [mailto:jon.peterson@neustar.biz] 
Sent: Wednesday, October 09, 2013 7:21 PM
To: Stephen Farrell; Richard Shockey; 'perpass'
Subject: Re: [perpass] mandatory-to-implement vs. more?


I suspect your confusion surrounds who exactly would be helped and what that
help would be. All I was saying is that there are deployments whose
operators and implementers don't perceive the need for such help, and that
we're unlikely to persuade them of it. Making TLS MTU for SIP would have no
appreciable impact on those environments.

Jon Peterson
Neustar, Inc.

On 10/9/13 3:59 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:

>
>
>On 10/09/2013 11:44 PM, Peterson, Jon wrote:
>> A BCP could
>> however provide the necessary motivation for using TLS in the 
>> situations where it will actually help, and the recent revelations 
>> make that case rather eloquently.
>
>I'm confused by that a bit - given the GCHQ/Belgacom example, in which 
>situations would running SIP over TLS never help?
>
>Note that I've not yet argued for MTU at all, so that's a real 
>question.
>
>S.


From huitema@huitema.net  Wed Oct  9 20:29:09 2013
Return-Path: <huitema@huitema.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADFB121E8275 for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 20:29:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.74
X-Spam-Level: 
X-Spam-Status: No, score=-0.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tFkrRYE20iNp for <perpass@ietfa.amsl.com>; Wed,  9 Oct 2013 20:29:04 -0700 (PDT)
Received: from xsmtp06.mail2web.com (xsmtp06.mail2web.com [168.144.250.232]) by ietfa.amsl.com (Postfix) with ESMTP id DD9BC21E80B6 for <perpass@ietf.org>; Wed,  9 Oct 2013 20:29:03 -0700 (PDT)
Received: from [10.5.2.11] (helo=xmail01.myhosting.com) by xsmtp06.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1VU6vu-0004Fv-K7 for perpass@ietf.org; Wed, 09 Oct 2013 23:29:03 -0400
Received: (qmail 27068 invoked from network); 10 Oct 2013 03:28:58 -0000
Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail01.myhosting.com (qmail-ldap-1.03) with ESMTPA for <jon.peterson@neustar.biz>; 10 Oct 2013 03:28:57 -0000
From: "Christian Huitema" <huitema@huitema.net>
To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, "'Peterson, Jon'" <jon.peterson@neustar.biz>, "'Richard Shockey'" <richard@shockey.us>, "'perpass'" <perpass@ietf.org>
References: <CE7B3135.A6F68%jon.peterson@neustar.biz> <5255E71E.1080007@cs.tcd.ie>
In-Reply-To: <5255E71E.1080007@cs.tcd.ie>
Date: Wed, 9 Oct 2013 20:28:55 -0700
Message-ID: <018701cec568$daa5e960$8ff1bc20$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Content-Language: en-us
Thread-Index: AQJKJot8Xkwwa60fkVskGUHZzpQ9gQC8p8efmPCe5vA=
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 03:29:09 -0000

> For me, the question is: Nobody uses SIP/TLS now. Using SIP/TLS
> would add some value. How can we make it more likely they do use
> SIP/TLS?

Define "nobody," please. Microsoft Lync uses SIP/TLS by default. That must
be more than "nobody."

-- Christian Huitema



From stephen.farrell@cs.tcd.ie  Thu Oct 10 01:41:37 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A14DA21F9C42 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 01:41:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TjnhjElTpRqP for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 01:41:31 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 68D9B21F9BBD for <perpass@ietf.org>; Thu, 10 Oct 2013 01:41:30 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 20921BE76; Thu, 10 Oct 2013 09:41:27 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4DeFjyV3F3kb; Thu, 10 Oct 2013 09:41:27 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id F401DBE75; Thu, 10 Oct 2013 09:41:26 +0100 (IST)
Message-ID: <52566837.3070500@cs.tcd.ie>
Date: Thu, 10 Oct 2013 09:41:27 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Christian Huitema <huitema@huitema.net>,  "'Peterson, Jon'" <jon.peterson@neustar.biz>, 'Richard Shockey' <richard@shockey.us>, 'perpass' <perpass@ietf.org>
References: <CE7B3135.A6F68%jon.peterson@neustar.biz>	<5255E71E.1080007@cs.tcd.ie> <018701cec568$daa5e960$8ff1bc20$@huitema.net>
In-Reply-To: <018701cec568$daa5e960$8ff1bc20$@huitema.net>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 08:41:37 -0000

On 10/10/2013 04:28 AM, Christian Huitema wrote:
>> For me, the question is: Nobody uses SIP/TLS now. Using SIP/TLS
>> would add some value. How can we make it more likely they do use
>> SIP/TLS?
> 
> Define "nobody," please. Microsoft Lync uses SIP/TLS by default. That must
> be more than "nobody."

Apologies. I was going from Rich and Jon's statements which
I guess are more considering telco deployments. But even if
its "almost nobody," the question remains.

S.

From mdietf@demmers.org  Thu Oct 10 05:01:05 2013
Return-Path: <mdietf@demmers.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8733E21F99BD for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 05:01:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.677
X-Spam-Level: 
X-Spam-Status: No, score=-1.677 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3bCoziNO3DUf for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 05:00:56 -0700 (PDT)
Received: from remote.demmers.org (mdemmers.virt.spiritone.com [216.99.193.151]) by ietfa.amsl.com (Postfix) with ESMTP id ECD8811E8136 for <perpass@ietf.org>; Thu, 10 Oct 2013 05:00:52 -0700 (PDT)
Received: from cicero.demmers.org ([50.45.172.144]) by remote.demmers.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id r9AC0hIB026186; Thu, 10 Oct 2013 05:00:44 -0700
Date: Thu, 10 Oct 2013 05:00:40 -0700
From: Mike Demmers <mdietf@demmers.org>
To: Perpass List Submit <perpass@ietf.org>
Message-ID: <20131010050040.03051a8e@cicero.demmers.org>
In-Reply-To: <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de>
References: <20130925110934.464c7592@cicero.demmers.org> <524343B5.8010808@cs.tcd.ie> <20130930135150.23771137@cicero.demmers.org> <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 12:01:06 -0000

On Thu, 10 Oct 2013 00:00:31 +0200
Bjoern Hoehrmann <derhoermi@gmx.net> wrote:

> * Mike Demmers wrote:
> >TThe basic concept of default deny for encrypted emails only seems very 'right' to
> >me, because if you are going to the trouble to do this, and handle things like
> >key exchanges, that communication must be pretty special to begin with. Why would
> >you want 'just anyone' to be able to send you encrypted emails?  
> 
> I got the PGP key in my signature particularily so that strangers can
> contact me in a somewhat confidential manner (that was in 1999 when I
> was still in secondary education, and pretty much everybody I knew at
> the time would have better ways for confidential communication, but
> strangers living thousands of kilometers away lacked those options).

If using default deny for encrypted email, they would simply have to first send you a non-encrypted email that said something like "I would like to exchange email with you confidentially and have added your address to my 'allow' list, would you add me to yours?"

Would this be a problem? Remember, this is email, and PGP - the fact that they are contacting you is not hidden in either case, just the actual content.

Of course, if you ONLY want encrypted email communications in that circumstance, you might want to just turn off default deny. I am suggesting this as a standard default, not as something required - the user must always have the choice.

In the case of someone with no previous contact, if they tried to send you encrypted email, they would get an immediate bounce with an error message something like:

550 "Email rejected because not on users whitelist. Please ask for whitelisting in an unencrypted email."

Ideally, user email programs would have some really simple ways to handle this.

-Mike

From derhoermi@gmx.net  Thu Oct 10 05:44:50 2013
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6ACD21E8109 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 05:44:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.805
X-Spam-Level: 
X-Spam-Status: No, score=-0.805 tagged_above=-999 required=5 tests=[AWL=-0.166, BAYES_00=-2.599, RCVD_IN_BL_SPAMCOP_NET=1.96]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 921bKmfCqPWz for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 05:44:46 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ietfa.amsl.com (Postfix) with ESMTP id 2E13221E8064 for <perpass@ietf.org>; Thu, 10 Oct 2013 05:44:46 -0700 (PDT)
Received: from netb.Speedport_W_700V ([91.35.13.136]) by mail.gmx.com (mrgmx101) with ESMTPA (Nemesis) id 0MWPOI-1VIlPy0Ony-00XZUG for <perpass@ietf.org>; Thu, 10 Oct 2013 14:44:44 +0200
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Mike Demmers <mdietf@demmers.org>
Date: Thu, 10 Oct 2013 14:44:45 +0200
Message-ID: <j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de>
References: <20130925110934.464c7592@cicero.demmers.org> <524343B5.8010808@cs.tcd.ie> <20130930135150.23771137@cicero.demmers.org> <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de> <20131010050040.03051a8e@cicero.demmers.org>
In-Reply-To: <20131010050040.03051a8e@cicero.demmers.org>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:+eUFvqRTpXW5bjGgyRClIL3Uk+ZJzKBK90AtyA58YgM4CluEQrc krPdObZdgkvQF4uFnWMiKjVZgQ7QMoOdI12Kp4FZFu1ew25kp0LflYuoXcQGEvnNQCJBiNz bGFdGYXumYuo81frkwABIHjXcmwW/BraymHY+FoJHRfMOZwHGuv2CbgNwaAeqcOqvHkUlre 7LUOHaAQ/Wis9ovMstfXA==
Cc: Perpass List Submit <perpass@ietf.org>
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 12:44:51 -0000

* Mike Demmers wrote:
>If using default deny for encrypted email, they would simply have to 
>first send you a non-encrypted email that said something like "I would 
>like to exchange email with you confidentially and have added your 
>address to my 'allow' list, would you add me to yours?"
>
>Would this be a problem? Remember, this is email, and PGP - the fact 
>that they are contacting you is not hidden in either case, just the 
>actual content.

Back in the day it did not seem unusual for people to know about things
like anonymous remailers or how trivial it is to manually deliver mails
by typing SMTP commands into a console, including spoofing various bits
of header data, so that did not seem that big an issue to me.

There are a couple of problems with your approach above. One is knowing
whether and when you have been added to someone's `allow` list. Another
is that people can include the encrypted message in their request to be
put on the `allow` list if they can somehow obtain the recipient's key,
rendering the request redundant. Spammers can ask to be put on the list
just like anybody else.

>In the case of someone with no previous contact, if they tried to send 
>you encrypted email, they would get an immediate bounce with an error 
>message something like:

That would be a bad default policy: can be abused to verify addresses,
disclose encrypted email policy, recover parts of the white list if the
mail system allows address spoofing, doesn't work when the receiving
system is down for maintenance for an hour or two, mails might get lost
when the sender switches addresses or uses a wrong one by accident, ...
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

From hallam@gmail.com  Thu Oct 10 06:21:18 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0314221E8103 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 06:21:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.442
X-Spam-Level: 
X-Spam-Status: No, score=-2.442 tagged_above=-999 required=5 tests=[AWL=-0.158, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l6azxyuSiDcA for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 06:21:16 -0700 (PDT)
Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com [IPv6:2a00:1450:4010:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 97B7C11E816D for <perpass@ietf.org>; Thu, 10 Oct 2013 06:21:15 -0700 (PDT)
Received: by mail-la0-f43.google.com with SMTP id ep20so2066724lab.30 for <perpass@ietf.org>; Thu, 10 Oct 2013 06:21:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=kWdVNlZA8cWnG8cW9GnOdbCt9sHgO2D8imdFoTXc6XM=; b=EuZokzWOKk+ET9ZD7cvHS7iYTX1JYI4RDyRkONpjuFtZ0nZ8baZJvIw+bjNS8XKD95 b6J9kPv29s0RJjkFcNCnyJKYgbz7vPYZ4JeWztG12gE2Go5LT3Pd711sTPbZZhgQH2fu as3hZhK+v5SkSp4TnD9MuZRR7r2mq314kPO5sQ7VzC9oq5T4v0pVZkj51VyhQQyQrTLi 8Dz4aB/zmImN2c7cklQKnQQkmc7e/8HgZ/7LG0SkzY7yKBOcuUPWtzQ80E8CCUrN8Jdv HguThqVLz5lybH8tufxj7VHF1/NsJVSRIf8BlifQFuMKg/pzSZI4RFf+cMBnvC96GWDl WbJQ==
MIME-Version: 1.0
X-Received: by 10.112.138.164 with SMTP id qr4mr1048375lbb.49.1381411274256; Thu, 10 Oct 2013 06:21:14 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Thu, 10 Oct 2013 06:21:14 -0700 (PDT)
Date: Thu, 10 Oct 2013 09:21:14 -0400
Message-ID: <CAMm+Lwg9-Bb5fcKzDGUV3NDdDHmjX-zymUrnhh2=OoKpuEYCTw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: perpass <perpass@ietf.org>
Content-Type: multipart/alternative; boundary=089e0118293a4b017c04e862e032
Subject: [perpass] Business cases for strong email encryption
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 13:21:18 -0000

--089e0118293a4b017c04e862e032
Content-Type: text/plain; charset=ISO-8859-1

To make encryption work on the Web we needed a strong business case to
persuade millions of merchants to get SSL certificates. If we are going to
achieve strong email encryption we should look for similar business cases.

I have just received a note from Chase to tell me that my Amazon credit
card bill is due in 10 days. Seems they don't understand that my policy is
that I keep the float, not them. I get maybe ten similar notes a month,
none of which have the amount of the bill specified.

The reason they don't attach the invoice is that email is insecure, there
is no confidentiality. But what if they could send the email and be
confident is was confidential? Their business costs would go down.


So if there was an extended email address of the form
<user>@<domain>?<Key-ID> a sender could consult some infrastructure that
turns key ids into public keys (and validity statements) and encrypt the
message it sends to me.

For purposes of sending invoices the spam problem is easily dealt with. An
invoice sent by Chase or Amex should have a digital signature endorsed by
an EV cert at the very least. It should probably have the logotype
extension populated.


I am not sure about the separator character, # or ! also seem good. Can't
use : or , for obvious reasons, or the braces.

Could even have a scheme where we use all three:

? For encryption keys
! For Signature keys
# For Dual purpose keys

But in the PKI scheme I am thinking would back this, any key that is used
in such a fashion would be seen as a long term key used only for
endorsement of other keys rather than the encryption key itself so I don't
think we need multiple versions.

Tending towards ? as it is the 50th anniversary of Dr Who. This would make
a memorable URI form:

who:alice@example.com?TKLBE-LUOPM-SWYZ5-CNDFY-5FWWC-J6LRA

We can add in a locator version of the same value which would specify the
DNS name of a service that would resolve the identifier to a credential:

who://example.net/alice@example.com?TKLBE-LUOPM-SWYZ5-CNDFY-5FWWC-J6LRA

[This is equivalent to the news/nntp uri treatment]

Yes, I know we can do the same thing in ni, but this is user facing and so
every character in the identifier counts. Not going to repeat the OpenID
idiocy of using a URI (which was only so that someone could make money from
a poxy registry).
-- 
Website: http://hallambaker.com/

--089e0118293a4b017c04e862e032
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>To make encryption work on the Web we needed a strong=
 business case to persuade millions of merchants to get SSL certificates. I=
f we are going to achieve strong email encryption we should look for simila=
r business cases.</div>
<div><br></div><div>I have just received a note from Chase to tell me that =
my Amazon credit card bill is due in 10 days. Seems they don&#39;t understa=
nd that my policy is that I keep the float, not them. I get maybe ten simil=
ar notes a month, none of which have the amount of the bill specified.</div=
>
<div><br></div><div>The reason they don&#39;t attach the invoice is that em=
ail is insecure, there is no confidentiality. But what if they could send t=
he email and be confident is was confidential? Their business costs would g=
o down.</div>
<div><br></div><div><br></div><div>So if there was an extended email addres=
s of the form &lt;user&gt;@&lt;domain&gt;?&lt;Key-ID&gt; a sender could con=
sult some infrastructure that turns key ids into public keys (and validity =
statements) and encrypt the message it sends to me.</div>
<div><br></div><div>For purposes of sending invoices the spam problem is ea=
sily dealt with. An invoice sent by Chase or Amex should have a digital sig=
nature endorsed by an EV cert at the very least. It should probably have th=
e logotype extension populated.</div>
<br clear=3D"all"><div><br></div><div>I am not sure about the separator cha=
racter, # or ! also seem good. Can&#39;t use : or , for obvious reasons, or=
 the braces.</div><div><br></div><div>Could even have a scheme where we use=
 all three:</div>
<div><br></div><div>? For encryption keys</div><div>! For Signature keys</d=
iv><div># For Dual purpose keys</div><div><br></div><div>But in the PKI sch=
eme I am thinking would back this, any key that is used in such a fashion w=
ould be seen as a long term key used only for endorsement of other keys rat=
her than the encryption key itself so I don&#39;t think we need multiple ve=
rsions.</div>
<div><br></div><div>Tending towards ? as it is the 50th anniversary of Dr W=
ho. This would make a memorable URI form:</div><div><br></div><div><a href=
=3D"http://who:alice@example.com?TKLBE-LUOPM-SWYZ5-CNDFY-5FWWC-J6LRA">who:a=
lice@example.com?TKLBE-LUOPM-SWYZ5-CNDFY-5FWWC-J6LRA</a></div>
<div><br></div><div>We can add in a locator version of the same value which=
 would specify the DNS name of a service that would resolve the identifier =
to a credential:</div><div><br></div><div>who://<a href=3D"http://example.n=
et/alice@example.com?TKLBE-LUOPM-SWYZ5-CNDFY-5FWWC-J6LRA">example.net/alice=
@example.com?TKLBE-LUOPM-SWYZ5-CNDFY-5FWWC-J6LRA</a><br>
</div><div><br></div><div>[This is equivalent to the news/nntp uri treatmen=
t]</div><div><br></div><div>Yes, I know we can do the same thing in ni, but=
 this is user facing and so every character in the identifier counts. Not g=
oing to repeat the OpenID idiocy of using a URI (which was only so that som=
eone could make money from a poxy registry).</div>
-- <br>Website: <a href=3D"http://hallambaker.com/">http://hallambaker.com/=
</a><br>
</div>

--089e0118293a4b017c04e862e032--

From mdietf@demmers.org  Thu Oct 10 06:26:00 2013
Return-Path: <mdietf@demmers.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFAAD21E8104 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 06:25:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.377
X-Spam-Level: 
X-Spam-Status: No, score=-1.377 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, J_CHICKENPOX_52=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ts98txTu9N1g for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 06:25:41 -0700 (PDT)
Received: from remote.demmers.org (mdemmers.virt.spiritone.com [216.99.193.151]) by ietfa.amsl.com (Postfix) with ESMTP id C66C811E8173 for <perpass@ietf.org>; Thu, 10 Oct 2013 06:25:26 -0700 (PDT)
Received: from cicero.demmers.org ([50.45.172.144]) by remote.demmers.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id r9ADPJ4N026963; Thu, 10 Oct 2013 06:25:20 -0700
Date: Thu, 10 Oct 2013 06:25:15 -0700
From: Mike Demmers <mdietf@demmers.org>
To: perpass <perpass@ietf.org>
Message-ID: <20131010062515.41d040c5@cicero.demmers.org>
In-Reply-To: <F5063677821E3B4F81ACFB7905573F24049E8BC425@MX15A.corp.emc.com>
References: <525475AA.2010907@cs.tcd.ie> <CE79CB08.A63D4%jon.peterson@neustar.biz> <F5063677821E3B4F81ACFB7905573F24049E8BC3F7@MX15A.corp.emc.com> <5254B288.80504@cs.tcd.ie> <F5063677821E3B4F81ACFB7905573F24049E8BC425@MX15A.corp.emc.com>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 13:26:00 -0000

On Wed, 9 Oct 2013 09:28:38 -0400
"Moriarty, Kathleen" <kathleen.moriarty@emc.com> wrote:

> But either way, the new reality seems to be that we have a demonstration that a set of governments want to pervasively monitor everything. And I'm sure there're others also trying that. And now there'll be a whole new set trying to join that club. So even the governments that want to monitor everyone else will I think soon realise that they're better off it they themselves/their citizens are less easy to monitor.

But that is only one of the major problems: The other is that these idiots are trying to turn the internet into a theater of war. They are actively attackng user systems, not just other state actors. I am not sure if they are actually building botnets of user machines to use as weapons, but they may be. At the least they are attacking routers to gain access for surveillance.

NSA has publicly _admitted_ to attacking over 200 systems. By their own definition, those are acts of war. By most of _our_ definitions, they are, at the least, hacking. Why should any of their packets be allowed on the public internet?

> I'm very simple: this is an attack on the network. If we treat it that way, and do that well, we might all win.

I heartily agree and I think this should be treated as such. All the way to the 'nuclear option', if necessary.

The threat is complex and diffuse. But consider, there is another, somewhat similar threat we have been dealing with for many years, the spam and hacker problems - and some of the specific solutions used for this have been effective.

The antispam community has made community blocklists, used to block email - very effective. Now, even whole providers can find thenselves in blocklists if they do not make an honest attempt to rid themselves of spammers. In the early days, I remember the Cyber Promotions era (Sanford Wallace) and that there was one backbone which decided to allow his business on it that was so heavily blocked and null-routed that it was, if not the cause, at least contrbutory to, its demise.

Maybe we need (voluntary) blocklists for routers, and a similar public response. 'Attack other systems, and you may find ALL your space null routed by blocklists, including nominally unrelated public sites'. Like your spy agency recruiting sites, for example.

RFX-xxxx 'Internet routers, gateways, and firewalls MUST make a good faith effort to drop packets from hosts or networks known to be deliberately attacking other hosts or networks, and SHOULD also block other packets controlled by the same entity'.

Including governments.

It would be nice if all routers had a away to use the kind of blocklists commonly used in email programs (in MTAs).

Because of the amount of spam and hacking that comes from Chinese space, I regularly just block ALL their space, unless there is a business or other good reason not to. This is on -small- business systems, of course. But there are a LOT of those. A lot more than there are large Google sized systems - people forget this. 

If I had a good blocklist for NSA space, GHCQ space, and other defense space, right now I would block it all too, for the same reasons. It's just self defense. 

We have one advantage over the bad guys, which, if we can find good ways to use it, will insure we can win: we outnumber them many, many times over. 

Blocklists are effective because many, many systems voluntariy use them. Nobody -mandated- that, but a mechanism was found to make it -easier-.

Yeah, I am a little angry... ;-) I probably shouldn't write stuff to this list after I have been up all night.

-Mike



From hallam@gmail.com  Thu Oct 10 07:00:53 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25D7411E8170 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 07:00:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.573
X-Spam-Level: 
X-Spam-Status: No, score=-2.573 tagged_above=-999 required=5 tests=[AWL=0.026,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uFY3xnUQJg9h for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 07:00:52 -0700 (PDT)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 82C2F11E8173 for <perpass@ietf.org>; Thu, 10 Oct 2013 07:00:48 -0700 (PDT)
Received: by mail-la0-f46.google.com with SMTP id eh20so2086144lab.33 for <perpass@ietf.org>; Thu, 10 Oct 2013 07:00:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=5+IwBShh1oEziHE9GrJ9jotrauFp8dneyBE6CEg/EV8=; b=WiO3icb8nXWRhQ4nNxvPxfSt/V5C5Hhy2rxFllwS/IxBWx5XNgVyPHoCVx3FZzZxyZ S85Dd/VijtH08N3kiQ8pHpZEMxbnNqTYndNj7hZDlREi6fqA3da00AFrj1igbpXTluhr i2mjCPjhFyBoDnlz3m2IarWtfmjM37Bc5+T5a2pmxuc2R3xco/S4Uina3IBlWmO/nB41 zloIVIAFC9GFC8KJSJt8x/g0yQ2M73apUrGZ8K68LNJdd6YVEMMmfH5evcefJRTV6ToH ZGZWr9cUO/qfa7K9Y9z0xHpQ4wtd3eZBzVBlfG6XewUCw23y4hjzT8jAfk9CrpjIvXlH z0kw==
MIME-Version: 1.0
X-Received: by 10.152.120.37 with SMTP id kz5mr11455824lab.21.1381413647125; Thu, 10 Oct 2013 07:00:47 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Thu, 10 Oct 2013 07:00:47 -0700 (PDT)
In-Reply-To: <525475AA.2010907@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie>
Date: Thu, 10 Oct 2013 10:00:47 -0400
Message-ID: <CAMm+Lwi0bU0zow+XUnUd2WNVEO8+oJ9W=LeKTxSjKFm=iLxS+Q@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary=089e01228148b9927104e8636d02
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 14:00:53 -0000

--089e01228148b9927104e8636d02
Content-Type: text/plain; charset=ISO-8859-1

I think the problem is that many protocols are at the wrong level of
abstraction to mandate use of any security controls.

For example, consider IPSEC which at one time was mandatory to implement in
IPv6 but isn't any more because most protocols use SSL rather than IPSEC in
any case.

Should TLS be mandatory for SMTP? Well probably but what if an
implementation uses IPSEC?

The same problem comes up with SSL and HTTP. We can mandate the use of SSL
but not a mechanism to validate the certs and without that SSL has little
value.

We can mandate the use of DNSSEC but that would be counterproductive at
this point as DNSSEC is still a protocol with real deployment problems and
issues that have to be fixed before it is ready. They might have been
addressed earlier if the people involved were not so confident that
deployment was inevitable, making use mandatory would further discourage
fixing issues such as how clients get access to the DNSSEC signatures so
they can do validation.

--089e01228148b9927104e8636d02
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I think the problem is that many protocols are at the wron=
g level of abstraction to mandate use of any security controls.<div><br></d=
iv><div>For example, consider IPSEC which at one time was mandatory to impl=
ement in IPv6 but isn&#39;t any more because most protocols use SSL rather =
than IPSEC in any case.</div>
<div><br></div><div>Should TLS be mandatory for SMTP? Well probably but wha=
t if an implementation uses IPSEC?</div><div><br></div><div>The same proble=
m comes up with SSL and HTTP. We can mandate the use of SSL but not a mecha=
nism to validate the certs and without that SSL has little value.=A0</div>
<div><br></div><div>We can mandate the use of DNSSEC but that would be coun=
terproductive at this point as DNSSEC is still a protocol with real deploym=
ent problems and issues that have to be fixed before it is ready. They migh=
t have been addressed earlier if the people involved were not so confident =
that deployment was inevitable, making use mandatory would further discoura=
ge fixing issues such as how clients get access to the DNSSEC signatures so=
 they can do validation.</div>
</div>

--089e01228148b9927104e8636d02--

From richard@shockey.us  Thu Oct 10 07:36:51 2013
Return-Path: <richard@shockey.us>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B72521F9A49 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 07:36:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.184
X-Spam-Level: 
X-Spam-Status: No, score=-102.184 tagged_above=-999 required=5 tests=[AWL=0.415, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1e3JibJ2vc96 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 07:36:44 -0700 (PDT)
Received: from outbound-ss-352.hostmonster.com (outbound-ss-352.hostmonster.com [74.220.201.17]) by ietfa.amsl.com (Postfix) with SMTP id C964521F995F for <perpass@ietf.org>; Thu, 10 Oct 2013 07:36:43 -0700 (PDT)
Received: (qmail 27267 invoked by uid 0); 10 Oct 2013 14:36:21 -0000
Received: from unknown (HELO box462.bluehost.com) (74.220.219.62) by oproxy6.mail.unifiedlayer.com with SMTP; 10 Oct 2013 14:36:21 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default;  h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:To:From; bh=HbPTv9lqDWv43GaMUzhvs0V6/6KdS83m+tVmLgtjjUQ=;  b=IFjdmTGMrZcbj+fXtu9ubkakweVRXhu7tFKwZx9VSwIZk50kjyAuxq6unvOZbm8Yl2MzU66gcf+PTDUFJ6zSUMObBa6zRJyEsTY1nB0QKRBSHbt5HVASfISLpsW3OTZ6;
Received: from [71.114.100.16] (port=49982 helo=RSHOCKEYPC) by box462.bluehost.com with esmtpa (Exim 4.80) (envelope-from <richard@shockey.us>) id 1VUHLh-0001UT-Lm; Thu, 10 Oct 2013 08:36:21 -0600
From: "Richard Shockey" <richard@shockey.us>
To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, "'Christian Huitema'" <huitema@huitema.net>, "'Peterson, Jon'" <jon.peterson@neustar.biz>, "'perpass'" <perpass@ietf.org>
References: <CE7B3135.A6F68%jon.peterson@neustar.biz>	<5255E71E.1080007@cs.tcd.ie>	<018701cec568$daa5e960$8ff1bc20$@huitema.net> <52566837.3070500@cs.tcd.ie>
In-Reply-To: <52566837.3070500@cs.tcd.ie>
Date: Thu, 10 Oct 2013 10:36:19 -0400
Message-ID: <009b01cec5c6$1670f0e0$4352d2a0$@shockey.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJKJot8Xkwwa60fkVskGUHZzpQ9gQC8p8efAVlySdEB2Bc9IpjXyIIw
Content-Language: en-us
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 71.114.100.16 authed with richard@shockey.us}
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 14:36:51 -0000

Correct in virtually all the teleco deployments of SIP it is not used.  Its
generally not used in the hosted PBX systems the teleco's deploy as well aka
Broadsoft though I'm sure you have better information on the status of
current hosted Lync deployments. Certainly some enterprises do actually turn
on the TLS function but the anecdotal evidence is a very very small
percentage. The resistance level at both the service provider and enterprise
level is actually considerable. 

For the telecos 
A. the customer demand is not there.  There may be a Government demand but
that is another question.

B.  it does represent computational costs that under the current environment
is difficult for service providers to justify from a CAPEX perspective

That said the security situation with Intercarrier SIP traffic IS a matter
under serious consideration with the IETF STIR proposition, but the problem
statement is not the security of the RTP traffic it is actually validating
the source of the call session itself.  That is going to get serious
attention since the problem centers on criminal fraud, disruption of public
safety communications and violation of the national do not call lists.
There are certainly areas where SIP security could be improved could be
improved but we are not the protocol police and IMHO any thought of a
Mandatory to Use security level will simply be ignored until the usability
factors are improved. 

Personally I find IETF discussions of Government behavior distasteful.
Frankly we have met the enemy and it is us.  The IETF ended up designing
security protocols that are very very difficult to deploy at scale.  

E-Mail encryption is the obvious problem.  Oh gee I'm really going to turn
that on if it ends up defeating the anti-spam measures.  Good luck with
that.  

-----Original Message-----
From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf
Of Stephen Farrell
Sent: Thursday, October 10, 2013 4:41 AM
To: Christian Huitema; 'Peterson, Jon'; 'Richard Shockey'; 'perpass'
Subject: Re: [perpass] mandatory-to-implement vs. more?



On 10/10/2013 04:28 AM, Christian Huitema wrote:
>> For me, the question is: Nobody uses SIP/TLS now. Using SIP/TLS would 
>> add some value. How can we make it more likely they do use SIP/TLS?
> 
> Define "nobody," please. Microsoft Lync uses SIP/TLS by default. That 
> must be more than "nobody."

Apologies. I was going from Rich and Jon's statements which I guess are more
considering telco deployments. But even if its "almost nobody," the question
remains.

S.
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass


From rutkowski.tony@gmail.com  Thu Oct 10 07:52:13 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FCCC21E80ED for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 07:52:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ohTsEQ-nBESp for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 07:52:11 -0700 (PDT)
Received: from mail-qe0-x22e.google.com (mail-qe0-x22e.google.com [IPv6:2607:f8b0:400d:c02::22e]) by ietfa.amsl.com (Postfix) with ESMTP id C9DC321F938E for <perpass@ietf.org>; Thu, 10 Oct 2013 07:51:55 -0700 (PDT)
Received: by mail-qe0-f46.google.com with SMTP id s14so774976qeb.19 for <perpass@ietf.org>; Thu, 10 Oct 2013 07:51:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=CuthlPq3w7h5USiX55Mzl5lVDStW3bOfcKwJvFchkMY=; b=W/21dS/6cKY218Z520eI4KH2yn6dg0I3zuPM9/BsGLwzV0lciZD22YQ7zxzjGidjgg AwPblsm+/wJLt07LEugtZl6wK5BW5OAbtRI4KCNAd0MTpdNi/YIdpXbd7w/jU0jGtaPx d3BCp/rsDXGgA4H05Tdpd9CwFIaFbduJrJXtoOBtbTrIyWG5HyjE4f38Vz1srzuO0CTS qYS8c3fLkOTjO6uBF59FZByCcCBSYlpMVo70+WU0fUomYEdek2zgp7buwRb/IFykXPss cFghD7DpkIk44l0IZ9I57ACbbs9eQDA461uxKurr44ZhD1ybkHG2CAF8Qw1irqx0LJPJ mDNg==
X-Received: by 10.49.71.239 with SMTP id y15mr14124178qeu.14.1381416715242; Thu, 10 Oct 2013 07:51:55 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id i4sm99144365qan.0.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 10 Oct 2013 07:51:54 -0700 (PDT)
Message-ID: <5256BF0A.5040401@gmail.com>
Date: Thu, 10 Oct 2013 10:51:54 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Richard Shockey <richard@shockey.us>,  'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, 'Christian Huitema' <huitema@huitema.net>,  "'Peterson, Jon'" <jon.peterson@neustar.biz>, 'perpass' <perpass@ietf.org>
References: <CE7B3135.A6F68%jon.peterson@neustar.biz>	<5255E71E.1080007@cs.tcd.ie>	<018701cec568$daa5e960$8ff1bc20$@huitema.net>	<52566837.3070500@cs.tcd.ie> <009b01cec5c6$1670f0e0$4352d2a0$@shockey.us>
In-Reply-To: <009b01cec5c6$1670f0e0$4352d2a0$@shockey.us>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 14:52:13 -0000

++1, Rich.

Furthermore, it's fairly clueless.  Anyone seeking
a secure universe isn't going to find it in this one.
Any given instantiation of anything has n to the nth
vulnerabilities waiting to be discovered and exploited
by someone.  Governments are among the lesser of
the threat actors.

Most of the real world has moved to risk management
conceptualizations - as is pretty obvious on this list.
Along those lines, is the new NIST SP800-53 Rev. 4
useful, and shouldn't the discussion be shifted in that
direction?

--tony



On 10/10/2013 10:36 AM, Richard Shockey wrote:
> Personally I find IETF discussions of Government behavior distasteful.
> Frankly we have met the enemy and it is us.  The IETF ended up designing
> security protocols that are very very difficult to deploy at scale.
>
> E-Mail encryption is the obvious problem.  Oh gee I'm really going to turn
> that on if it ends up defeating the anti-spam measures.  Good luck with
> that.


From richard@shockey.us  Thu Oct 10 07:53:18 2013
Return-Path: <richard@shockey.us>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4736721E812E for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 07:53:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.288
X-Spam-Level: 
X-Spam-Status: No, score=-102.288 tagged_above=-999 required=5 tests=[AWL=0.312, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KSvQo0Po1XvI for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 07:53:12 -0700 (PDT)
Received: from qproxy1-pub.mail.unifiedlayer.com (qproxy1-pub.mail.unifiedlayer.com [173.254.64.10]) by ietfa.amsl.com (Postfix) with SMTP id AFD1921E808E for <perpass@ietf.org>; Thu, 10 Oct 2013 07:52:56 -0700 (PDT)
Received: (qmail 19900 invoked by uid 0); 10 Oct 2013 14:52:34 -0000
Received: from unknown (HELO box462.bluehost.com) (74.220.219.62) by qproxy1.mail.unifiedlayer.com with SMTP; 10 Oct 2013 14:52:34 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default;  h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:To:From; bh=YO+zDGOhPLGhrUBS539uJybI3EGQgcDAgtm1E5XHuNQ=;  b=dTv382oijyipmi3I4eEie0ULCw1JuEm/xmlhDBIVDyHHq/1rjh91qg8nF5WRY7Fu/+7ChTdSTVZnBxNn6R1Cl1geMIiHWW35pIY8q4ih6o+AgnGRfYNyF2NT5njBGm8b;
Received: from [71.114.100.16] (port=50090 helo=RSHOCKEYPC) by box462.bluehost.com with esmtpa (Exim 4.80) (envelope-from <richard@shockey.us>) id 1VUHbN-0006Xi-Vz; Thu, 10 Oct 2013 08:52:34 -0600
From: "Richard Shockey" <richard@shockey.us>
To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, "'Peterson, Jon'" <jon.peterson@neustar.biz>, "'perpass'" <perpass@ietf.org>
References: <CE7B2403.A6EB4%jon.peterson@neustar.biz> <5255DFC1.60308@cs.tcd.ie>
In-Reply-To: <5255DFC1.60308@cs.tcd.ie>
Date: Thu, 10 Oct 2013 10:52:31 -0400
Message-ID: <00a401cec5c8$59fb5e20$0df21a60$@shockey.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQITkRwnnA8+8U975/otuAk8jtV9UwJByQcQmVJfRBA=
Content-Language: en-us
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 71.114.100.16 authed with richard@shockey.us}
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 14:53:18 -0000

I suspect the President of Brazil would be very interested in a BCP on
Mandatory to Use TLS for SIP. :-) 

 But the Government of Brazil has the Authority to Act as a protocol police,
the IETF does not. 

-----Original Message-----
From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf
Of Stephen Farrell
Sent: Wednesday, October 09, 2013 6:59 PM
To: Peterson, Jon; Richard Shockey; 'perpass'
Subject: Re: [perpass] mandatory-to-implement vs. more?



On 10/09/2013 11:44 PM, Peterson, Jon wrote:
> A BCP could
> however provide the necessary motivation for using TLS in the 
> situations where it will actually help, and the recent revelations 
> make that case rather eloquently.

I'm confused by that a bit - given the GCHQ/Belgacom example, in which
situations would running SIP over TLS never help?

Note that I've not yet argued for MTU at all, so that's a real question.

S.
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass


From rutkowski.tony@gmail.com  Thu Oct 10 08:09:56 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFDBC21E811D for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 08:09:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c-pLWTuIWauF for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 08:09:50 -0700 (PDT)
Received: from mail-qc0-x22c.google.com (mail-qc0-x22c.google.com [IPv6:2607:f8b0:400d:c01::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 7294C21E8133 for <perpass@ietf.org>; Thu, 10 Oct 2013 08:09:18 -0700 (PDT)
Received: by mail-qc0-f172.google.com with SMTP id k18so1853595qcv.3 for <perpass@ietf.org>; Thu, 10 Oct 2013 08:09:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=/l0o/OcOP70aZmTf4spXQgvEiLp6V3OW4J+n8N12bYA=; b=xacUS0BlZAHF7bn9MN4EcCBp61IIT2kWqgjI9x4LWBfj3K52KSJxRiYmw/PGh2O5wu crzy1H+7ZKp+HLEqCDhA4l97/Am4NOS8+ZpzrdFSfpOHs1v7tpArPp9MmstfJTF/SaXw /lPnRTEI9ZHIfveUx4H0YwoaYA45vj46Lbk5qpap5C/iHWfysz8XjDmY2kn6KtiMNo2T xm/NFS0tk4emyjj1THm5zCTjP1RoH19e3cR2Xl+gwRTKaNrslglZe0Y+a25kDL8+shko kfIaO9pg3nSBnlE5Oi8XRENyc0EH/ohYE79wLFuRXdGnLcdlI27V1V4iDjEtcvEgPiWO BIkg==
X-Received: by 10.229.223.194 with SMTP id il2mr22006070qcb.6.1381417748190; Thu, 10 Oct 2013 08:09:08 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id n10sm99296462qas.5.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 10 Oct 2013 08:09:07 -0700 (PDT)
Message-ID: <5256C313.2040200@gmail.com>
Date: Thu, 10 Oct 2013 11:09:07 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Richard Shockey <richard@shockey.us>,  'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, "'Peterson, Jon'" <jon.peterson@neustar.biz>, 'perpass' <perpass@ietf.org>
References: <CE7B2403.A6EB4%jon.peterson@neustar.biz>	<5255DFC1.60308@cs.tcd.ie> <00a401cec5c8$59fb5e20$0df21a60$@shockey.us>
In-Reply-To: <00a401cec5c8$59fb5e20$0df21a60$@shockey.us>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 15:09:56 -0000

Unlikely; at least not without some back
doors.  Brazil is the leading Latin American
nation in the network surveillance business. :-)
--tony

On 10/10/2013 10:52 AM, Richard Shockey wrote:
> I suspect the President of Brazil would be very interested in a BCP on
> Mandatory to Use TLS for SIP.:-)  
>
>   But the Government of Brazil has the Authority to Act as a protocol police,
> the IETF does not.


From richard@shockey.us  Thu Oct 10 08:12:01 2013
Return-Path: <richard@shockey.us>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D97621F9CC5 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 08:11:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.37
X-Spam-Level: 
X-Spam-Status: No, score=-101.37 tagged_above=-999 required=5 tests=[AWL=-0.731, BAYES_00=-2.599, RCVD_IN_BL_SPAMCOP_NET=1.96, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QUdIW4-XFgLv for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 08:11:53 -0700 (PDT)
Received: from outbound-mail-345.bluehost.com (outbound-mail-345.bluehost.com [66.147.249.6]) by ietfa.amsl.com (Postfix) with SMTP id 5BF7221F9C46 for <perpass@ietf.org>; Thu, 10 Oct 2013 08:11:36 -0700 (PDT)
Received: (qmail 7994 invoked by uid 0); 10 Oct 2013 15:11:07 -0000
Received: from unknown (HELO box462.bluehost.com) (74.220.219.62) by oproxy12.mail.unifiedlayer.com with SMTP; 10 Oct 2013 15:11:07 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default;  h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:To:From; bh=WTJ/wzS0Agh0JS4bVqPtwBhxNyLoEEKOCYF5f1QJHjQ=;  b=aAfbWG/tzpoGGe2PfgKruA7mJfyKJX8QqwddN6bs+rCNysSC9cJCwGWbu7XKB5vVDNQ31zDMoyeOjfknwEl+iDDrAf2jBqT0wBfAA/R/e0yjkSmPO+Oi1s8sXJc5aCJk;
Received: from [71.114.100.16] (port=50254 helo=RSHOCKEYPC) by box462.bluehost.com with esmtpa (Exim 4.80) (envelope-from <richard@shockey.us>) id 1VUHtK-0006Ps-QP; Thu, 10 Oct 2013 09:11:06 -0600
From: "Richard Shockey" <richard@shockey.us>
To: <rutkowski.tony@gmail.com>, "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, "'Christian Huitema'" <huitema@huitema.net>, "'Peterson, Jon'" <jon.peterson@neustar.biz>, "'perpass'" <perpass@ietf.org>
References: <CE7B3135.A6F68%jon.peterson@neustar.biz>	<5255E71E.1080007@cs.tcd.ie>	<018701cec568$daa5e960$8ff1bc20$@huitema.net>	<52566837.3070500@cs.tcd.ie>	<009b01cec5c6$1670f0e0$4352d2a0$@shockey.us> <5256BF0A.5040401@gmail.com>
In-Reply-To: <5256BF0A.5040401@gmail.com>
Date: Thu, 10 Oct 2013 11:11:04 -0400
Message-ID: <00c301cec5ca$f1463960$d3d2ac20$@shockey.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJKJot8Xkwwa60fkVskGUHZzpQ9gQC8p8efAVlySdEB2Bc9IgH3d5eWAdsVeFeYuUHQMA==
Content-Language: en-us
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 71.114.100.16 authed with richard@shockey.us}
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 15:12:01 -0000

Tony .. Always wonderful to hear from you!

The point we clearly agree on is that a productive discussion on this
subject would be the usability and deployability of security protocols. I
there has been a failure it lies there.  

I totally agree the concepts of risk management and ultimately reputation
management are central to mitigating the problems we now see. 

-----Original Message-----
From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf
Of Tony Rutkowski
Sent: Thursday, October 10, 2013 10:52 AM
To: Richard Shockey; 'Stephen Farrell'; 'Christian Huitema'; 'Peterson,
Jon'; 'perpass'
Subject: Re: [perpass] mandatory-to-implement vs. more?

++1, Rich.

Furthermore, it's fairly clueless.  Anyone seeking a secure universe isn't
going to find it in this one.
Any given instantiation of anything has n to the nth vulnerabilities waiting
to be discovered and exploited by someone.  Governments are among the lesser
of the threat actors.

Most of the real world has moved to risk management conceptualizations - as
is pretty obvious on this list.
Along those lines, is the new NIST SP800-53 Rev. 4 useful, and shouldn't the
discussion be shifted in that direction?

--tony



On 10/10/2013 10:36 AM, Richard Shockey wrote:
> Personally I find IETF discussions of Government behavior distasteful.
> Frankly we have met the enemy and it is us.  The IETF ended up 
> designing security protocols that are very very difficult to deploy at
scale.
>
> E-Mail encryption is the obvious problem.  Oh gee I'm really going to 
> turn that on if it ends up defeating the anti-spam measures.  Good 
> luck with that.

_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass


From mdietf@demmers.org  Thu Oct 10 09:25:21 2013
Return-Path: <mdietf@demmers.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8194521E8121 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 09:25:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.37
X-Spam-Level: 
X-Spam-Status: No, score=-1.37 tagged_above=-999 required=5 tests=[AWL=-0.007,  BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Nw931xj+JFr for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 09:25:15 -0700 (PDT)
Received: from remote.demmers.org (mdemmers.virt.spiritone.com [216.99.193.151]) by ietfa.amsl.com (Postfix) with ESMTP id 6177111E8174 for <perpass@ietf.org>; Thu, 10 Oct 2013 09:25:15 -0700 (PDT)
Received: from cicero.demmers.org ([50.45.172.144]) by remote.demmers.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id r9AGP7Kk028567; Thu, 10 Oct 2013 09:25:08 -0700
Date: Thu, 10 Oct 2013 09:25:04 -0700
From: Mike Demmers <mdietf@demmers.org>
To: Perpass List Submit <perpass@ietf.org>
Message-ID: <20131010092504.039f1217@cicero.demmers.org>
In-Reply-To: <j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de>
References: <20130925110934.464c7592@cicero.demmers.org> <524343B5.8010808@cs.tcd.ie> <20130930135150.23771137@cicero.demmers.org> <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de> <20131010050040.03051a8e@cicero.demmers.org> <j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 16:25:21 -0000

On Thu, 10 Oct 2013 14:44:45 +0200
Bjoern Hoehrmann <derhoermi@gmx.net> wrote:

> Back in the day it did not seem unusual for people to know about things
> like anonymous remailers or how trivial it is to manually deliver mails
> by typing SMTP commands into a console, including spoofing various bits
> of header data, so that did not seem that big an issue to me.

Oh, I don't think this is _quite_ to the level of telnetting to the MTA!

How about this:

There are two new standard buttons on the MUA: FRIEND UNFRIEND

Everything possible is set up by the MUA when it is first run - keys, made, if they do not exist, questions asked and answered about keyservers, pass phrases, various preferences etc. Same as it SHOULD be now.

"Coolmail has a new feature! You can 'Friend' people, and if they also friend you, you will be communicating privately from then on. Better yet, you will see no spam in this mode (unless you friend a spammer).

It's easy to use! When someone you wish to communicate with privately emails you, just hit the friend button. This will handle everything automatically. They will be sent a plain text message with your special key. And if they also friend you, their special key will be sent to you, if you do not already have it. (all automatic). 

You can also set up this feature to automatically check the keyserver of your choice in preferences/friending" blah blah blah..."

Something like that. Does not seem hard to me. Probably a bit less hard than learning how to add an attachment to an email, most everyone learns to do that.

You just have to hit one button, all else is handled automatically. 

> There are a couple of problems with your approach above. One is knowing
> whether and when you have been added to someone's `allow` list. 

Works just like now: If you are on the whitelist, your mail just goes through. If not, you get a bounce.

As it works now: My mail goes through, unless someone has me blocked, in which case I get a bounce.

People are quite familiar with bounces.

> Another
> is that people can include the encrypted message in their request to be
> put on the `allow` list if they can somehow obtain the recipient's key,
> rendering the request redundant. 

But it won't be decoded, because it is not marked as encrypted email. If you are trying to spam me this way, I will not see it, so what is the point? Optionally I could just drop all such messages, as part of the normal spam filtering. A friend request with an encrypted section is invalid.

This is just ordinary non encrypted email far as the MTA system knows, and normal antispam measures will be applied.

The best way to get me to add someone to my allow list would be a plain email asking for that (perhaps with a reason so I can judge whether they are a spammer or not) but then don't worry about keys, just hit the friend button and let the system handle the key exchanges.

>Spammers can ask to be put on the list
> just like anybody else.

They can, but why would I add them? This is intended to be private email - friends, family, work, special people. The plain text mail system will still work just as now, for other purposes. 

It is also very likely that message from a spammer will be dropped by a blocklist long before I could see it. Most spam is either sent from (pretty quickly) known spam netblocks, or from hacked user machines, which are generally in ISP spaces labeled as such and mostly blocked (if you have any reasonable anti-spam system in place).

Another factor is that spammers just won't, for the most part, be willing to go through such a two step process. For one thing, most will be -technically- unable to do so, because they are using hacked systems and this setup requires a reply from the actual sender to work. That simply cannot happen for most spam, because it is using forged addresses in the from lines, most often to completely different systems.

-Friending is not complete until both sides have done the exchange.-

This is a bit like confirmed email lists. Spammers could get on my lists if they really tried, but what I actually see is that they do not go past the first step - they just try to send some spam, if that does not work, they just move on. Too much work for them.

OK, so...just checking the steps...

I get plain email requesting friend status.
I hit friend button, friend request is sent to original user, I am in half-completed friend state.
Remote user gets request, half friend status, hits friend button, sends friend request, marks as completed.
I get friend request, hit friend button, mark as completed.

I think that should work. An active friend button hit is required from both sides to complete. There had to be valid return addresses on both sides for this to work.


> >In the case of someone with no previous contact, if they tried to send 
> >you encrypted email, they would get an immediate bounce with an error 
> >message something like:  

> That would be a bad default policy: can be abused to verify addresses,

No different than how email works right now. How is a bounce from this any different from a bounce for any other reason?

If you are a spammer you are sending out millions of emails. To verify an address is in my 'inner circle', you would have to try, what, 200 million or so guesses, of which about 1,999,990 would be negative.

Not likely to happen.

> disclose encrypted email policy, 

The policy is default deny. Pefectly public. Why not? Right now the default policy for -all- mail is default accept, and everyone knows this. 

That is all they can learn from this. The exact same bounce for every single email they try. Millions to get one good one. Defeats the cost basis of spamming.

> recover parts of the white list if the
> mail system allows address spoofing,

Again, millions to test. No spammer will do this. Most MTAs have limits on the number of addresses that can be tried, this is because spammers try to do that now with the existing mail system - this is no different and the same defenses apply.

Now, if they happen to KNOW the address of one of my 'friends', they could send me spam IF my key was in a public keyserver or they got it from an email sent from me, AND they forged the sending address.

A defense against that situation would be to have two sets of keys, one for initial contact that might be given out in an email, and once a secure setup was established, change to a second very private 'public' key, with the key exchange going through the already encrypted emails. This is kind of like how ssh works, I create 'public' keys for servers, but do NOT want those in a public keyserver or in emails. They are sort of private, public keys. 

> doesn't work when the receiving
> system is down for maintenance for an hour or two, 

No, perhaps you do not understand that this is blocking done by the MTA, not the MUA. If the MTA goes down, exactly the same thing happens that happens now: The mail is requeued by the sending MTA and sent later when the receiving MTA is back up. No difference from now.

> mails might get lost
> when the sender switches addresses or uses a wrong one by accident, ...

Same as the existng system. User will get a bounce. They just need to 'friend' the new address. Or correct their error. Just like when you make a typo in an email address. Nothing will be lost. -This is not filtering.- It is mail bounces, done at the MTA, specifically because that insures against such things. The feedback is very fast to the user.

The changes to the mail system are extremely minor. The mailserver has a new way to handle the metadata that an email is encrypted - this is the only new feature change in the MTA. It is set to default deny for encrypted emails, using the existing system (same as used for anti-spam now) and to whitelist certain encrypted emails from that - again using the existing system. Everything else is unchanged, there is no more risk of losing emails or any other mail problem than there is now. For many different reasons, an email may bounce now - we have just added one new reason; a bounce is still a bounce and is handled exactly the same way.

The purpose here is to give the average user a reason to use encryption (anti-spam, some privacy where you especially want it). And to make it so easy to use that many people will.

It helps by at least providing some privacy for the user, and helps us all by the fact that if many people are using encryption, it changes the situation where if you are using encryption, that alone is cause for suspicion.

It does nothing to help the metadata problems of email, and no doubt NSA etc could MITM it pretty easily. But it's work to do that. And if it is encrypted, they cannot do trivial searches on plain text to accuse me of being a terrorist because I happened to need a new seal for my pressure cooker. They at least have to get my keys somehow and decode it, or MITM me. If they want me that bad, I figure I am toast anyway.

All the 'perfect' encryption in the world is useless if no one uses it, the way it is now. 

Get everyone on board, and I am sure things can be improved in time.

-Mike


From kent@bbn.com  Thu Oct 10 10:12:46 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CF8B11E817E for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 10:12:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.362
X-Spam-Level: 
X-Spam-Status: No, score=-106.362 tagged_above=-999 required=5 tests=[AWL=0.236, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zqfcJnc-7T5I for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 10:12:40 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id A584C11E8179 for <perpass@ietf.org>; Thu, 10 Oct 2013 10:12:37 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:52523) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VUJmu-000Jkx-1D; Thu, 10 Oct 2013 13:12:36 -0400
Message-ID: <5256E003.4000606@bbn.com>
Date: Thu, 10 Oct 2013 13:12:35 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Ben Laurie <benl@google.com>
References: <525475AA.2010907@cs.tcd.ie> <CABrd9SQaUYKbD6bGTnueJK0eUjN7NmuXgaD+R-MRZSf70zJN8A@mail.gmail.com> <52557C5D.8050408@bbn.com> <CABrd9ST4d44_Qw=kPPiZ8C7OztTkq9Y+NKxdmXOp+QzEvhH9ng@mail.gmail.com> <52559369.5050908@bbn.com> <CABrd9SRb7JctxdLUWS9QAv+ApK8MNzMhBSxoDEfY-AbbQeJn5w@mail.gmail.com>
In-Reply-To: <CABrd9SRb7JctxdLUWS9QAv+ApK8MNzMhBSxoDEfY-AbbQeJn5w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------070605040208020001030203"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 17:12:46 -0000

This is a multi-part message in MIME format.
--------------070605040208020001030203
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Ben,
> Yeah, I don't think that's the answer. I think the answer is more
> along the lines of products not taking the attitude that they should
> work around everyone's broken crap, but instead that they should take
> a hard line.
Amen! But, I so rarely see that attitude among vendors.
> In short, "be liberal in what you accept" was a terrible idea for
> security and its time we dropped it.
I have long said the same re security, even when Jon and I served together
on the IAB. But, as I noted in my reply to Stephen Farrell, we have 
middleboxes
that are part of today's (and yesterday's and tomorrow's) reality. They 
are not
a potential impediment, they are real, and they impose some limits on 
what we _can_ do
technically, in addition to what we _might_ do even if we were confident 
that the vast
majority of users want to accept some inconvenience in the name of 
improved privacy.
> ...
> But this is exactly the problem: 99% of the time you don't care, so 
> you argue that we should make it impossible to fix your problem in the 
> other 1% of cases.
I did not make that argument. I did argue that we ought not impose 
degraded user
experiences on 99% of the users, all the time, to enable some users 
(probably much less that 1%)
to have high quality, covert communications.
> I think the new reality is that you should worry about the 1% of the
> time you care and put up with whatever slight hardships it brings for
> your 99% case.
Not my reality :-).

Steve


--------------070605040208020001030203
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Ben,
    <blockquote
cite="mid:CABrd9SRb7JctxdLUWS9QAv+ApK8MNzMhBSxoDEfY-AbbQeJn5w@mail.gmail.com"
      type="cite">
      <pre wrap="">Yeah, I don't think that's the answer. I think the answer is more
along the lines of products not taking the attitude that they should
work around everyone's broken crap, but instead that they should take
a hard line.</pre>
    </blockquote>
    Amen! But, I so rarely see that attitude among vendors.<br>
    <blockquote
cite="mid:CABrd9SRb7JctxdLUWS9QAv+ApK8MNzMhBSxoDEfY-AbbQeJn5w@mail.gmail.com"
      type="cite">
      <pre wrap="">In short, "be liberal in what you accept" was a terrible idea for
security and its time we dropped it.</pre>
    </blockquote>
    I have long said the same re security, even when Jon and I served
    together<br>
    on the IAB. But, as I noted in my reply to Stephen Farrell, we have
    middleboxes<br>
    that are part of today's (and yesterday's and tomorrow's) reality.
    They are not<br>
    a potential impediment, they are real, and they impose some limits
    on what we <u>can</u> do<br>
    technically, in addition to what we <u>might</u> do even if we were
    confident that the vast <br>
    majority of users want to accept some inconvenience in the name of
    improved privacy.<br>
    <blockquote
cite="mid:CABrd9SRb7JctxdLUWS9QAv+ApK8MNzMhBSxoDEfY-AbbQeJn5w@mail.gmail.com"
      type="cite">...</blockquote>
    <blockquote
cite="mid:CABrd9SRb7JctxdLUWS9QAv+ApK8MNzMhBSxoDEfY-AbbQeJn5w@mail.gmail.com"
      type="cite">But this is exactly the problem: 99% of the time you
      don't care, so
      you argue that we should make it impossible to fix your problem in
      the
      other 1% of cases.</blockquote>
    I did not make that argument. I did argue that we ought not impose
    degraded user<br>
    experiences on 99% of the users, all the time, to enable some users
    (probably much less that 1%)<br>
    to have high quality, covert communications.<br>
    <blockquote
cite="mid:CABrd9SRb7JctxdLUWS9QAv+ApK8MNzMhBSxoDEfY-AbbQeJn5w@mail.gmail.com"
      type="cite">
      <pre wrap="">I think the new reality is that you should worry about the 1% of the
time you care and put up with whatever slight hardships it brings for
your 99% case.</pre>
    </blockquote>
    Not my reality&nbsp;<span class="moz-smiley-s1"><span> :-)</span></span>.
    <br>
    <br>
    Steve<br>
    <blockquote
cite="mid:CABrd9SRb7JctxdLUWS9QAv+ApK8MNzMhBSxoDEfY-AbbQeJn5w@mail.gmail.com"
      type="cite">
    </blockquote>
    <br>
  </body>
</html>

--------------070605040208020001030203--

From kent@bbn.com  Thu Oct 10 11:50:49 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AB3321E8154 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 11:50:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.38
X-Spam-Level: 
X-Spam-Status: No, score=-106.38 tagged_above=-999 required=5 tests=[AWL=0.217, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PAyKF61JGIhp for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 11:50:40 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 017A221E814F for <perpass@ietf.org>; Thu, 10 Oct 2013 11:49:55 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:52821) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VULIz-000KhJ-JR; Thu, 10 Oct 2013 14:49:49 -0400
Message-ID: <5256F6CD.4090508@bbn.com>
Date: Thu, 10 Oct 2013 14:49:49 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie>
In-Reply-To: <5255EC1D.5040006@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="------------010009080008040407060705"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 18:50:49 -0000

This is a multi-part message in MIME format.
--------------010009080008040407060705
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Stephen,
> Well, MTU vs MTI is not quite what the subject line says, but is
> clearly one of the options worth discussing.
I thought that was the focus, based on the subject line. Sorry.
>> I admit that, in my experience, very few parties appear to make such
>> decisions in a well thought-out fashion, but they could.
> That's the catch though isn't it? They don't, for whatever reason(s)
> as seems to be shown by the SIP discussion.
In my experience, enterprise IT folks want to deploy a "solution"
that has low capital cost and low cost to maintain, and that is
perceived as 'best practice" relative to their industry. This is
consistent with some of Dean's observations. Being truly effective
against legitimate threats often is not on their checklist :-) .
> I conclude that that means we're doing something wrong. (Maybe we're
> not the only ones doing something wrong, but I do think we contribute
> to the problem.)
I don 't think we're doing anything  wrong; we're makers of standards,
not enforcers of good security practices for every business, academic
institution, service provider, and individual user of the Internet.
> Hmm. But we're happy enough to suggest that URI scheme names
> can't contain a ":" and as a more relevant example, we don't have
> a problem that web sockets requires a Sec-WebSocket-Key header. So
> I don't buy the "we can't do that" argument to be honest.
Sorry, but I don't see the analogy. These are MTI examples, and the first
is a technical compatibility issue, right?
> Pursuing a single set of MTUstandards for a wide range of contexts seems
> doomed to failure.
> Perhaps. But I'm not sure what a "single set of MTUstandards" means
> to be honest. If we did have consensus for more than MTI then we
> could clearly mess up in loads of ways;-)
By "single set" I mean MTUs that apply to a standard irrespective
of its use context.
>> Evaluating tradeoffs of security and privacy vs. other factors is hard
>> when one deals with a wide range of contexts. For example, end user
>> devices range from big servers to laptops, to tablets, to smart phones.
>> Battery use if a big issue for some of these devices, as is bandwidth.
>> Some of the more extreme TFS mechanisms discussed would have adverse
>> implications for both. That's an example of why MTU, at the protocol
>> spec levelk,
>> strikes me as a bad idea.
> Hm. I don't see why that applies to just this aspect of protocol
> development. Sure, crypto involves some more CPU but that's not
> that big a deal (far less than having the radio on in a challenged
> device) and some round-trips which turns out to be a problem in
> unchallenged-envirionments.
Fair point; tradeoffs are part of every protocol design, not just
security vs. X tradeoffs. I think that we usually have adequate IETF
participation by folks who are well-positioned to analyze _most_ 
protocol design
tradeoffs. However, we have some significant examples where that has not 
been true.
The first DNSSEC design, approved as a set of RFCs, was not workable. We 
had to
try again, and that cost us several years of effort. I am not convinced 
that we
have the right set of folks participating to design sweeping changes 
that _mandate _
use of security mechanisms that are good enough to deal with nation 
state surveillance.
> Equally, if we ignored pervasive monitoring, we'd actaully be out of
> touch with reality.
For a long time the IETF has offered security mechanisms that can be
used to protect a wide range of users against a broad spectrum of attacks.
We know that use of many of these mechanisms is very minimal in many 
(most?) contexts.
How does that experience justify mandating _use_ of additional, new 
mechanisms?
Let's not assume that the concern over pervasive monitoring that is
triggering our discussions, and which is well-represented on this list, is
necessarily representative of the concerns (priorities) of most users. When
folks stop posting TMI info on Facebook, updating their locations via
social media, and give up many, many other privacy-undermining habits, 
then I'll
be ready to believe that their priorities have shifted.

Steve

--------------010009080008040407060705
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Stephen,<br>
    <blockquote cite="mid:5255EC1D.5040006@cs.tcd.ie" type="cite">
      <pre wrap="">Well, MTU vs MTI is not quite what the subject line says, but is
clearly one of the options worth discussing.</pre>
    </blockquote>
    I thought that was the focus, based on the subject line. Sorry.
    <blockquote cite="mid:5255EC1D.5040006@cs.tcd.ie" type="cite">
      <blockquote type="cite">
        <pre wrap="">I admit that, in my experience, very few parties appear to make such
decisions in a well thought-out fashion, but they could. 
</pre>
      </blockquote>
      <pre wrap="">
That's the catch though isn't it? They don't, for whatever reason(s)
as seems to be shown by the SIP discussion.</pre>
    </blockquote>
    In my experience, enterprise IT folks want to deploy a "solution"<br>
    that has low capital cost and low cost to maintain, and that is<br>
    perceived as 'best practice" relative to their industry. This is<br>
    consistent with some of Dean's observations. Being truly effective<br>
    against legitimate threats often is not on their checklist <span
      class="moz-smiley-s1"><span> :-) </span></span>.<br>
    <blockquote cite="mid:5255EC1D.5040006@cs.tcd.ie" type="cite">
      <pre wrap="">I conclude that that means we're doing something wrong. (Maybe we're
not the only ones doing something wrong, but I do think we contribute
to the problem.)</pre>
    </blockquote>
    I don 't think we're doing anything&nbsp; wrong; we're makers of
    standards,<br>
    not enforcers of good security practices for every business,
    academic<br>
    institution, service provider, and individual user of the Internet.<br>
    <blockquote cite="mid:5255EC1D.5040006@cs.tcd.ie" type="cite">
      <pre wrap="">Hmm. But we're happy enough to suggest that URI scheme names
can't contain a ":" and as a more relevant example, we don't have
a problem that web sockets requires a Sec-WebSocket-Key header. So
I don't buy the "we can't do that" argument to be honest.</pre>
    </blockquote>
    Sorry, but I don't see the analogy. These are MTI examples, and the
    first<br>
    is a technical compatibility issue, right?
    <blockquote cite="mid:5255EC1D.5040006@cs.tcd.ie" type="cite">
      <pre wrap="">Pursuing a single set of MTUstandards for a wide range of contexts seems
doomed to failure. 
</pre>
      <pre wrap="">
Perhaps. But I'm not sure what a "single set of MTUstandards" means
to be honest. If we did have consensus for more than MTI then we
could clearly mess up in loads of ways;-)</pre>
    </blockquote>
    By "single set" I mean MTUs that apply to a standard irrespective<br>
    of its use context.<br>
    <blockquote cite="mid:5255EC1D.5040006@cs.tcd.ie" type="cite">
      <blockquote type="cite">
        <pre wrap="">Evaluating tradeoffs of security and privacy vs. other factors is hard
when one deals with a wide range of contexts. For example, end user
devices range from big servers to laptops, to tablets, to smart phones.
Battery use if a big issue for some of these devices, as is bandwidth.
Some of the more extreme TFS mechanisms discussed would have adverse
implications for both. That's an example of why MTU, at the protocol
spec levelk,
strikes me as a bad idea.
</pre>
      </blockquote>
      <pre wrap="">
Hm. I don't see why that applies to just this aspect of protocol
development. Sure, crypto involves some more CPU but that's not
that big a deal (far less than having the radio on in a challenged
device) and some round-trips which turns out to be a problem in
unchallenged-envirionments.</pre>
    </blockquote>
    Fair point; tradeoffs are part of every protocol design, not just<br>
    security vs. X tradeoffs. I think that we usually have adequate IETF
    <br>
    participation by folks who are well-positioned to analyze <u>most</u>
    protocol design<br>
    tradeoffs. However, we have some significant examples where that has
    not been true. <br>
    The first DNSSEC design, approved as a set of RFCs, was not
    workable. We had to <br>
    try again, and that cost us several years of effort. I am not
    convinced that we <br>
    have the right set of folks participating to design sweeping changes
    that <u>mandate </u><br>
    use of security mechanisms that are good enough to deal with nation
    state surveillance.<br>
    <blockquote cite="mid:5255EC1D.5040006@cs.tcd.ie" type="cite">
      <pre wrap="">Equally, if we ignored pervasive monitoring, we'd actaully be out of
touch with reality.</pre>
    </blockquote>
    For a long time the IETF has offered security mechanisms that can be<br>
    used to protect a wide range of users against a broad spectrum of
    attacks. <br>
    We know that use of many of these mechanisms is very minimal in many
    (most?) contexts. <br>
    How does that experience justify mandating <u>use</u> of
    additional, new mechanisms? <br>
    Let's not assume that the concern over pervasive monitoring that is<br>
    triggering our discussions, and which is well-represented on this
    list, is <br>
    necessarily representative of the concerns (priorities) of most
    users. When<br>
    folks stop posting TMI info on Facebook, updating their locations
    via<br>
    social media, and give up many, many other privacy-undermining
    habits, then I'll <br>
    be ready to believe that their priorities have shifted.<br>
    <br>
    Steve<br>
  </body>
</html>

--------------010009080008040407060705--

From stephen.farrell@cs.tcd.ie  Thu Oct 10 11:52:02 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34BBA21F98EE for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 11:52:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eifg3Zu-cmbk for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 11:51:54 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id ABA7521E8161 for <perpass@ietf.org>; Thu, 10 Oct 2013 11:50:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id CDEC6BE50; Thu, 10 Oct 2013 19:50:50 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CJJmJp6MNxIP; Thu, 10 Oct 2013 19:50:49 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.44.74.26]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 6C7CCBE49; Thu, 10 Oct 2013 19:50:49 +0100 (IST)
Message-ID: <5256F6FF.9070805@cs.tcd.ie>
Date: Thu, 10 Oct 2013 19:50:39 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Richard Shockey <richard@shockey.us>, 'perpass' <perpass@ietf.org>
References: <CE7B3135.A6F68%jon.peterson@neustar.biz>	<5255E71E.1080007@cs.tcd.ie>	<018701cec568$daa5e960$8ff1bc20$@huitema.net>	<52566837.3070500@cs.tcd.ie>	<009b01cec5c6$1670f0e0$4352d2a0$@shockey.us>	<5256BF0A.5040401@gmail.com> <00c301cec5ca$f1463960$d3d2ac20$@shockey.us>
In-Reply-To: <00c301cec5ca$f1463960$d3d2ac20$@shockey.us>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 18:52:02 -0000

On 10/10/2013 04:11 PM, Richard Shockey wrote:
> Tony .. Always wonderful to hear from you!
> 
> The point we clearly agree on is that a productive discussion on this
> subject would be the usability and deployability of security protocols. I
> there has been a failure it lies there.  

I think the above is somewhat fair. We have tended to have only
the crap-or-no security version of protocols and the (ideally)
highly-secure version, which makes a good bit of sense in many
ways but perhaps less when one considers pervasive monitoring.

But personally I don't buy that that exaplains everything. We are
still faced with a bunch of cases where we have MTI security in
specs and its just not deployed. For example, there are no user
interface issues between SIP proxies, and deploying TLS just
should not be hard for such server-server interactions - you'd
nearly have to go out of your way as an implementer to make it
hard I think. (Assuming you start implementing it:-) Maybe as
Jon said the need just wasn't perceived for one reason or
another, but I reckon today's new situation might change that
somewhat.

In any case, mandating strong MTI security just hasn't by
itself worked well enough in some cases for whatever reason.

So... what can we change to make it more likely that good
security and privacy features are specified and deployed?

S.

From stephen.farrell@cs.tcd.ie  Thu Oct 10 12:14:10 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87FC211E8192 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 12:14:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fF2D7JWA14X0 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 12:14:04 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id C7E0711E81AB for <perpass@ietf.org>; Thu, 10 Oct 2013 12:10:24 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 4E9A8BE51; Thu, 10 Oct 2013 20:09:49 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2fcQdc78QvdZ; Thu, 10 Oct 2013 20:09:47 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.44.74.26]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 3E480BE57; Thu, 10 Oct 2013 20:09:47 +0100 (IST)
Message-ID: <5256FB71.8040903@cs.tcd.ie>
Date: Thu, 10 Oct 2013 20:09:37 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>
In-Reply-To: <5256F6CD.4090508@bbn.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 19:14:10 -0000

Hiya,

On 10/10/2013 07:49 PM, Stephen Kent wrote:
> Stephen,
>> Well, MTU vs MTI is not quite what the subject line says, but is
>> clearly one of the options worth discussing.
> I thought that was the focus, based on the subject line. Sorry.

Partly my fault, but I reckon there should be more options than
just an MTI->MTU transition. For example, requiring BCPs as you
suggested, or maybe requiring (some) security be on-by-default
in some cases or lots of other things. I'm hoping to get folks
suggestions and opinions (so please send yours!)

>>> I admit that, in my experience, very few parties appear to make such
>>> decisions in a well thought-out fashion, but they could.
>> That's the catch though isn't it? They don't, for whatever reason(s)
>> as seems to be shown by the SIP discussion.
> In my experience, enterprise IT folks want to deploy a "solution"
> that has low capital cost and low cost to maintain, and that is
> perceived as 'best practice" relative to their industry. This is
> consistent with some of Dean's observations. Being truly effective
> against legitimate threats often is not on their checklist :-) .

Yup. Veniality does win sometimes;-)

>> I conclude that that means we're doing something wrong. (Maybe we're
>> not the only ones doing something wrong, but I do think we contribute
>> to the problem.)
> I don 't think we're doing anything  wrong; we're makers of standards,
> not enforcers of good security practices for every business, academic
> institution, service provider, and individual user of the Internet.

I disagree. IMO all the snowdonia stuff is very good evidence that
we need to do better. And "enforcer" is not at issue.

>> Hmm. But we're happy enough to suggest that URI scheme names
>> can't contain a ":" and as a more relevant example, we don't have
>> a problem that web sockets requires a Sec-WebSocket-Key header. So
>> I don't buy the "we can't do that" argument to be honest.
> Sorry, but I don't see the analogy. These are MTI examples, and the first
> is a technical compatibility issue, right?

And the 2nd. But the 2nd is a case where there's a teeny bit of
crypto baked into websockets so that websockets just doesn't
work without it. But not one to rathole on.

>> Pursuing a single set of MTUstandards for a wide range of contexts seems
>> doomed to failure.
>> Perhaps. But I'm not sure what a "single set of MTUstandards" means
>> to be honest. If we did have consensus for more than MTI then we
>> could clearly mess up in loads of ways;-)
> By "single set" I mean MTUs that apply to a standard irrespective
> of its use context.

Ack.

>>> Evaluating tradeoffs of security and privacy vs. other factors is hard
>>> when one deals with a wide range of contexts. For example, end user
>>> devices range from big servers to laptops, to tablets, to smart phones.
>>> Battery use if a big issue for some of these devices, as is bandwidth.
>>> Some of the more extreme TFS mechanisms discussed would have adverse
>>> implications for both. That's an example of why MTU, at the protocol
>>> spec levelk,
>>> strikes me as a bad idea.
>> Hm. I don't see why that applies to just this aspect of protocol
>> development. Sure, crypto involves some more CPU but that's not
>> that big a deal (far less than having the radio on in a challenged
>> device) and some round-trips which turns out to be a problem in
>> unchallenged-envirionments.
> Fair point; tradeoffs are part of every protocol design, not just
> security vs. X tradeoffs. I think that we usually have adequate IETF
> participation by folks who are well-positioned to analyze _most_
> protocol design
> tradeoffs. However, we have some significant examples where that has not
> been true.
> The first DNSSEC design, approved as a set of RFCs, was not workable. We
> had to
> try again, and that cost us several years of effort. I am not convinced
> that we
> have the right set of folks participating to design sweeping changes
> that _mandate _
> use of security mechanisms that are good enough to deal with nation
> state surveillance.

Going back to a mail from Yoav a few weeks ago - we're not trying to
prevent state surveillance, but we would like to make it more
expensive so Yoav isn't on the list of folks that they can afford
to surveil. Assuming we share that description as a goal, (do we?)
what other kind of folks do you think we might need to make progress
on that?

>> Equally, if we ignored pervasive monitoring, we'd actaully be out of
>> touch with reality.
> For a long time the IETF has offered security mechanisms that can be
> used to protect a wide range of users against a broad spectrum of attacks.
> We know that use of many of these mechanisms is very minimal in many
> (most?) contexts.
> How does that experience justify mandating _use_ of additional, new
> mechanisms?
> Let's not assume that the concern over pervasive monitoring that is
> triggering our discussions, and which is well-represented on this list, is
> necessarily representative of the concerns (priorities) of most users. When
> folks stop posting TMI info on Facebook, updating their locations via
> social media, and give up many, many other privacy-undermining habits,
> then I'll
> be ready to believe that their priorities have shifted.

There is a fair point there but dealing with what people do on FB
is not really within the IETF's scope I think. Making it harder for
a few hacked nodes to record everything everyone does is though.
(And if we can do that well, I suspect we'll get a bunch of other
security benefits too.)

And there's also the user-consent issue - regardless of what one
thinks about web site T&C, it is absolutely the case that users
have not given permission for the pervasive monitoring that's
been reported.

Cheers,
S.

> 
> Steve
> 

From brian.e.carpenter@gmail.com  Thu Oct 10 12:24:41 2013
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE20121E8097 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 12:24:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.555
X-Spam-Level: 
X-Spam-Status: No, score=-102.555 tagged_above=-999 required=5 tests=[AWL=0.044, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FBQIZOc+KKen for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 12:24:39 -0700 (PDT)
Received: from mail-pd0-x232.google.com (mail-pd0-x232.google.com [IPv6:2607:f8b0:400e:c02::232]) by ietfa.amsl.com (Postfix) with ESMTP id 5B8EC21F9EC8 for <perpass@ietf.org>; Thu, 10 Oct 2013 12:24:23 -0700 (PDT)
Received: by mail-pd0-f178.google.com with SMTP id w10so3049894pde.23 for <perpass@ietf.org>; Thu, 10 Oct 2013 12:24:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=JpwU0/gAIMyh3D1tohzXNkbyLh+zRAWLJlo9+fyo7Lk=; b=Zfoo41ZHhhIqyNVNeOtGp6AeZYUg2+s06xoNF2Gl+epYGoVZbbvqLaq9Or60XmaM7p FNU3AOAb++IS23LAqxHF993wR4NahP9qMSOL3Fff6w/lKh54lqLVLywmK+7vL+M+x4mk M9srJ05FTjKACzk3oEoqPS4veBzj3PKm7KVWXi3LWLg+WyKnAHsaUZtlqttpnjs6R8WC 81D7umFpBBclpwd8UA2u5t4C9ilnQTgvtNUz7zw3iDe0BxCmo/lg+Ps1L20wekOkFRMG oyExkIr38u2NXHbZlNBoJmz9AfrRd4y/7NuAb1npZJcd3Mp7pLZhU3sMfE+Ia8ZMrIFI 6b+Q==
X-Received: by 10.68.252.135 with SMTP id zs7mr4174509pbc.194.1381433062435; Thu, 10 Oct 2013 12:24:22 -0700 (PDT)
Received: from [192.168.178.20] (167.201.69.111.dynamic.snap.net.nz. [111.69.201.167]) by mx.google.com with ESMTPSA id xn12sm64516850pac.12.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 10 Oct 2013 12:24:21 -0700 (PDT)
Message-ID: <5256FEED.8070302@gmail.com>
Date: Fri, 11 Oct 2013 08:24:29 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>
References: <525475AA.2010907@cs.tcd.ie> <CAMm+Lwi0bU0zow+XUnUd2WNVEO8+oJ9W=LeKTxSjKFm=iLxS+Q@mail.gmail.com>
In-Reply-To: <CAMm+Lwi0bU0zow+XUnUd2WNVEO8+oJ9W=LeKTxSjKFm=iLxS+Q@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 19:24:41 -0000

Phill,

On 11/10/2013 03:00, Phillip Hallam-Baker wrote:
> I think the problem is that many protocols are at the wrong level of
> abstraction to mandate use of any security controls.
> 
> For example, consider IPSEC which at one time was mandatory to implement in
> IPv6 but isn't any more because most protocols use SSL rather than IPSEC in
> any case.

Please let's be accurate. The reason that IPsec was a MUST in RFC 4294
but became a SHOULD in RFC 6434 was nothing to do with SSL:

  "This document recognizes that there exists a range of device types
   and environments where approaches to security other than IPsec can be
   justified.  For example, special-purpose devices may support only a
   very limited number or type of applications, and an application-
   specific security approach may be sufficient for limited management
   or configuration capabilities.  Alternatively, some devices may run
   on extremely constrained hardware (e.g., sensors) where the full
   IPsec Architecture is not justified."

Also, it was clear from the start that IPsec for IPv6 was MTI, not MTU,
and the downgrade to RTI (recommended to implement) was to allow for low
end devices where the code would never be used anyway.

   Brian

From rutkowski.tony@gmail.com  Thu Oct 10 12:42:59 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB04921F9BEF for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 12:42:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TKNnRswAZG0P for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 12:42:59 -0700 (PDT)
Received: from mail-qa0-x22d.google.com (mail-qa0-x22d.google.com [IPv6:2607:f8b0:400d:c00::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 0669121F9BB5 for <perpass@ietf.org>; Thu, 10 Oct 2013 12:42:31 -0700 (PDT)
Received: by mail-qa0-f45.google.com with SMTP id k4so2309qaq.4 for <perpass@ietf.org>; Thu, 10 Oct 2013 12:42:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=iANodvr1VC4N+w6ISoXyELfBZRGKM6FRaNb+qrbun5U=; b=lS9l4Zt1Css7pGC0X1h9fcpK38bDetsuyH/0piJg7y3esHvocd+jPdlRJBzivOlp9G KnRpA5GqTGyPwDs7JxZENhiFkXFIH4QxbJ2qlryR3BU0KcWLfDYs6vghCsLma7kPh83e Kti/dcBnsEQu0ww8LlgUITUIRxyIOWOiiw4ik3MDRhkdgltIiv+vGY7OSx3gh3qTU2mR NiV6kFvJSU2QUs3WY6I6mGKA4LYQpPrU9nOaG6oK/O2K3Jsv/DDb/d7Eewje3tsJgRxM r0jGNPubf3htNpEvBFl2SCfqvsr0ul/HV66nujkrK8F+pifWUt8pkaCOj/Aww9Rp2NVa ugKw==
X-Received: by 10.49.96.42 with SMTP id dp10mr3439135qeb.94.1381434142037; Thu, 10 Oct 2013 12:42:22 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id e10sm72246801yhj.1.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 10 Oct 2013 12:42:21 -0700 (PDT)
Message-ID: <5257031C.3040103@gmail.com>
Date: Thu, 10 Oct 2013 15:42:20 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie>
In-Reply-To: <5256FB71.8040903@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 19:43:00 -0000

Probably not a shared goal.

State surveillance has been a "mandate" since the
inception of communications - postal, long before
electronic.  Essentially ever nation engages in it.
Most users don't care.  Some welcome it. Few users
will pay the price or accept the contraints to mitigate it.
Even fewer providers will go out of business to avoid
it.  In most instances involving individuals, the State
threat represents a far less a danger than other actors.
The obvious exceptions are industrial espionage and
cyberwarfare.

The paranoid should climb inside a sealed mu-metal
box with a Faraday shield around it and never exit.

--tony




On 10/10/2013 3:09 PM, Stephen Farrell wrote:
> Going back to a mail from Yoav a few weeks ago - we're not trying to
> prevent state surveillance, but we would like to make it more
> expensive so Yoav isn't on the list of folks that they can afford
> to surveil. Assuming we share that description as a goal, (do we?)
> what other kind of folks do you think we might need to make progress
> on that?


From richard@shockey.us  Thu Oct 10 13:47:36 2013
Return-Path: <richard@shockey.us>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D07D421F9A15 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 13:47:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J6N9tTKsTY4P for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 13:47:36 -0700 (PDT)
Received: from outbound-ss-352.hostmonster.com (outbound-ss-352.hostmonster.com [74.220.201.17]) by ietfa.amsl.com (Postfix) with SMTP id 965A321F9B8A for <perpass@ietf.org>; Thu, 10 Oct 2013 13:47:18 -0700 (PDT)
Received: (qmail 3003 invoked by uid 0); 10 Oct 2013 20:46:57 -0000
Received: from unknown (HELO box462.bluehost.com) (74.220.219.62) by oproxy6.mail.unifiedlayer.com with SMTP; 10 Oct 2013 20:46:56 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default;  h=Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:To:From; bh=eFFJqblW3Wh3qO6BTxIUh6y4QuF18Z+gVxvZ0baDV8E=;  b=cBItBnktqRMrUg5okydg3ITeLeUXUN88JaxsDIK2aLuIdZ8QQGC3ubQa6EyrmRXUDYwV1MPWpz9DUolfmE1CNYqZ3mlIaLFU+bUpI71UCOIYg6CcPB7Aduvil6GW2rVG;
Received: from [71.114.100.16] (port=58708 helo=RSHOCKEYPC) by box462.bluehost.com with esmtpa (Exim 4.80) (envelope-from <richard@shockey.us>) id 1VUN8H-0007Du-Tt; Thu, 10 Oct 2013 14:46:56 -0600
From: "Richard Shockey" <richard@shockey.us>
To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, "'perpass'" <perpass@ietf.org>
References: <CE7B3135.A6F68%jon.peterson@neustar.biz>	<5255E71E.1080007@cs.tcd.ie>	<018701cec568$daa5e960$8ff1bc20$@huitema.net>	<52566837.3070500@cs.tcd.ie>	<009b01cec5c6$1670f0e0$4352d2a0$@shockey.us>	<5256BF0A.5040401@gmail.com> <00c301cec5ca$f1463960$d3d2ac20$@shockey.us> <5256F6FF.9070805@cs.tcd.ie>
In-Reply-To: <5256F6FF.9070805@cs.tcd.ie>
Date: Thu, 10 Oct 2013 16:46:52 -0400
Message-ID: <01ce01cec5f9$d9cf4090$8d6dc1b0$@shockey.us>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_01CF_01CEC5D8.52C541B0"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJKJot8Xkwwa60fkVskGUHZzpQ9gQC8p8efAVlySdEB2Bc9IgH3d5eWAdsVeFcCj9mtBQK7Dx1omI87etA=
Content-Language: en-us
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 71.114.100.16 authed with richard@shockey.us}
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 20:47:37 -0000

This is a multipart message in MIME format.

------=_NextPart_000_01CF_01CEC5D8.52C541B0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit



-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] 
Sent: Thursday, October 10, 2013 2:51 PM
To: Richard Shockey; 'perpass'
Subject: Re: [perpass] mandatory-to-implement vs. more?



On 10/10/2013 04:11 PM, Richard Shockey wrote:
> Tony .. Always wonderful to hear from you!
> 
> The point we clearly agree on is that a productive discussion on this 
> subject would be the usability and deployability of security 
> protocols. I there has been a failure it lies there.

I think the above is somewhat fair. We have tended to have only the
crap-or-no security version of protocols and the (ideally) highly-secure
version, which makes a good bit of sense in many ways but perhaps less when
one considers pervasive monitoring.

[RS> ]  A very thoughtful point.  Once we looked at the highly-secure
versions of protocols we inadvertently injected complexity and a difficulty
to implement that caused folks to go .. "WTF I just need this to work."  If
I turn off FOO by default will it work? And we know the answer to that. 

But personally I don't buy that that exaplains everything. 

[RS> ]   I'd never suggest it does. Also a lot of people really don't care
or they actually don't mind a certain level of pervasive surveillance if
there is some rational oversight.  Its not just communications protocols.
London has more CCTV cameras per capita than any city on earth.   RFID tags
on cars can track every conceivable movement.  Forget call detail records..
think of the HLR/VLR/HSS  records on mobile devices. We can go on here but
that is fruitless discussion.  

We are still faced with a bunch of cases where we have MTI security in specs
and its just not deployed. For example, there are no user interface issues
between SIP proxies, and deploying TLS just should not be hard for such
server-server interactions - you'd nearly have to go out of your way as an
implementer to make it hard I think. (Assuming you start implementing it:-) 

[RS> ] Or you don't write the checks...Shockey's law "Money is the answer
what is the question.?"  Look when brother Peterson I and countless others
started working on SIP we idealistically thought we could "replace" the
phone networks. We never envisioned SIP would BECOME the phone network.
When I and others worked on 6116 we thought one thing... the result was
"WHAT!!!  You mean this is really a SS7 TCAP replacement?"   Oh well..  the
best laid plans of mice and engineers. 

Maybe as Jon said the need just wasn't perceived for one reason or another,
but I reckon today's new situation might change that somewhat.

In any case, mandating strong MTI security just hasn't by itself worked well
enough in some cases for whatever reason.

So... what can we change to make it more likely that good security and
privacy features are specified and deployed?

[RS> ]  Well one thing is actually start to enforce "running code"
requirements on new security related protocols.  That is an ongoing debate
in the community well worth expanding on.  We've hit the potholes enough
times where usability and deployability were not mandatory considerations in
the protocol design process.  I would argue now that "pretty good security"
might actually be pretty good vs the alternative which is nothing.  


S.

------=_NextPart_000_01CF_01CEC5D8.52C541B0
Content-Type: image/jpeg;
	name="Fred-DSC_3832-2.jpg"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="Fred-DSC_3832-2.jpg"

/9j/4QDSRXhpZgAASUkqAAgAAAAIABIBAwABAAAAAQAAABoBBQABAAAAbgAAABsBBQABAAAAdgAA
ACgBAwABAAAAAgAAADEBAgAKAAAAfgAAADIBAgAUAAAAiAAAABMCAwABAAAAAQAAAGmHBAABAAAA
nAAAAAAAAABIAAAAAQAAAEgAAAABAAAAQUNEU2VlIDE1ADIwMTM6MTA6MTAgMTM6NTQ6MDQAAwCQ
kgIABAAAADc4MgACoAQAAQAAAAAEAAADoAQAAQAAAAADAAAAAAAAAAAAAP/AABEIAwAEAAMBIQAC
EQEDEQH/2wCEAAIBAQEBAQIBAQECAgICAwUDAwICAwYEBAMFBwYHBwcGBwYICQsJCAgKCAYHCg0K
CgsMDA0MBwkODw4MDwsMDAwBAwMDBAMECAQECBIMCgwSEhISEhISEhISEhISEhISEhISEhISEhIS
EhISEhISEhISEhISEhISEhISEhISEhISEv/EAK4AAAAHAQEBAQAAAAAAAAAAAAECAwQFBgcACAkK
EAACAQIEAwYEBAQEBQMDAAsBAgMEEQAFEiEGMUEHEyJRYXEIFDKBI0KRoRWxwdEzUuHwFiRicvEJ
Q4JTkqIXJTRjRLJFwnOD0gEBAQEBAQEBAQEAAAAAAAAAAQACAwQFBgcIEQEBAAICAgICAQQBBAID
AQAAAQIRITEDQRJRBGFxBRMiMgYUQoGRIyShsfDx/9oADAMBAAIRAxEAPwD4UoGI8K2vgwF7lb38
8cnaDXKm97/fBHdVvp3xQ0SR1A8R3OC6iwIHUfbEthWwWxN9umA0+G/MeVsSEnXntvhHuzuS32OG
VWcjx30Dbc9BhaFbjUHNvfBVo5QFUAHXfCkY6E74Kehu9v8ASDcdcd3wF/Xpg0KRdgDcn9cF7zcW
Ow8jhQJJRe5bYeWCSTAxje/ri0tmrS+K22wwViTya2NaAyMbjx72we42tywNenGVFuB7e2BU3a5X
p1xLbmbbSOfrgEYI2+JFWfwep5788HjYbXvbAduYjTq1b4RkBLWuMQorXayjBBpBGoAemNRm8lLC
wHX0wI0HYm/riQ1lABXrgN+Vv0wGzUGFt9ztyGA0hTsftgak4CVUNZSPbBdN9yN/TEgaSdh05Y4L
pGNMOIUbJv8AfBdOk2t++IBJA67nAarAAHY4iLzNz+l8HXkNHPASyWUX9MKKL3UfrgP6G3Btbpjn
J5rz/XAexGbe24PnfCN9O2q564YdClgQQ2OtexBGEDCPfY6vO+DxxWcM/LyxIqi3NgPe/PBxYevr
gVAbXI1bHHNuApO/PfbEO+BO6N7747QLcsRkkJ9yvJunrgNCtut/vhQNOpiftbywB2Nn64qdjoSW
2sb4XiG2q/I74KpyWULp32898EZQPqtgXQrItrk7Y5WJW2mxxAlIXHS/rhvIQNSjCuhUtex2t0vg
3Pw3G+2+NM7cBcW1YNpUgeLf3wAcC4vcD23wUqQdVsTQbAAMCSeoODIoJBtb0viWtuK2JGj3tjjq
bk1r4loVwwsC36Y7QSNj++IUFzuRyvyxxcKL2F8QglifoY7+WODjTdj7XwmUUeHa36YcQbi1rWwX
7MOIzYXFreV8Gcqw5C1umM+2vQirZhyNt/LAgA+tz54auxSVG9/0wlKwDar7WxRXRGVgfpJOCFSw
1AYQMI7H6f3wYJ4tm5eeIwrHGG+pt+WFY4tNzf8ATAuygewDg8udzjlluN+R9cQ2AMNWrXyHPCT2
Gok3PliBMEGwvbDiJLjxHliJdYrWGoj1wsjKduVjjHbfQTdTf9r4K677m21ycWzolLFpTf8AUnDS
QAGxxrtdG0iBTbcXwK8tze+NChLbW3Fut8Cj2IANri+JijByzk3NsGDqDp6+WJDxtvz+4wdWu4vf
fBVDYA873GDHlztthY0C5B8rdL4KWJXY7c/LFVBbsQTe/wB8ApYncfpiaKBbrzt/XHMv5f64kTdS
AVAt13wi6m+364ohogVIANyRhwgvbcfyxIvHcn6j5XwYgLtfpjKAS+m/7Y4ttpP7YR6JNuxOrAWs
vLCCcouthYYQlk20g4YL+iRbxHn9zgyi/wBf6YK1HFip2P6YAtN9v54dMhTf6SPucHuCdz9gcRlG
uFAVbk+uCkkkXGCEZGBI36csKIW5D7Yj6Gd9jtgjixBxQW7FKi+oftgnXUDceWGMjeLY4GwtfqcD
Wgq/gu3L0woAD1viXYVW/i5H1wDWsdv1O2BqcRwAPscdpYXPPE04gcjyGA2QhSPvhYoBYISPYYAl
Q2nSL4mQG4BFxt0GCnnbEnW1Gx54FATt/LCS66nW4Itg6AbkG2MkYfSNzz6YI1l2/riahGQlTdSP
1wmT4jhU4dpvcnCiAeV9sQKqgKhj++DBSNh+mADBNHiLbemDx3YWJ59eWJXsSxuSLj0xxK7ljv5j
COhSLbX++DW0rst+lzgUcY1cenrtgFjUDcctr+eKtTsYU0jsAB9WDV+WvT3VRyA9MJohy+aOn+Ya
Jl3sARzw9pKB5aHvDHYna5xWLoisUgUud8AVA2O98AFZWQAqNjgpAA0C1sC2Slvzvb0HXDeWxJJH
2GGK8ChSGuAd+t8HVBcAsDb98aYo4UW2N7/vgRGQASux6YEFI7EHV9O2B0gG2JqB7skDpfBl0C1r
YK1IGwO5GChb/m5+eI/wAxgjdjfAbi6338/LCwL3YHgB38sJaSTpF8Q0DYCyNgrW3PL0wwUMXPUD
sMOIiLC7fpgvLU6LoDsf9nHFQDa5I98Hs0a1jpHLBQLHyHpgMhF2IYENt74TkcE3vsennhi16J7G
Q7AD+WDIFNlB36YVdFAguFJHvg5RV3vz5AdcS67cAyb3v/XCsb33PlbArRQdTeBsCxBUaenXCzQJ
vtpuPU2OE3axvvbCy5LEXJ36Ycw3IB6dcZrUOdAIA+q46YOsQ0giw9sc3XgYIGWx589+mCOmlNWv
l6dcQFUlrI62OG9VEVJuf3xqLZnNdl2a98JczZjjUNCRqHLnjkDLztvjUY1saNwq73HpgwALar2w
LuDKQttxf+WFY/p1b3OKswkbkgp154E25C4wD2IVDN4ThOSQ8gPthTrAC+q9/XAqpUA74jeCnK9u
vXA6AxN+mBfoV08Fl2++EZI7khScSrkUaRvb0OFowWYAD9MOkWijKkaiMKEcxvgEmgbbc/bBH0kD
bFo+hGW9tP7YKwYEoTv6YWNaIyAldN74byD/AKjhgEuAdRBHocHU+K9yP64TsIsSLg/bHObDbFpb
cgNwt/1wcfV9R5c8FQdLgXvgjFr3v/ri1s9OV/FyvbCiyWFlN/XA0MPGbljtg1gwvceRxIVlA+n9
cdpsfbriZADZdl388AuzkEYiPtYXuB/PBrpbVq9cS4CbXBXr5HAagRfTgMCjHpywKOLWVT74NHYT
yszYJuxBt9sId3YPUj3wVrn1wiwD8vFYX8sJ+Igi/PEIEL1B2OFo0DX9MRLxxqqi3L0wZxa+5++B
rQE2Tw9fLBW8Y035eeBqcQjJCG9cE7s8z02sMaGtB0dVPPBlVVBBH3xCwqhAOk/pg6Ak2XkfXBQO
EBv72tgDYDxDr+uJCu3Ikg774D6tzsfPCzsIVQRdvscKo8gBFxv0wE9y3I6nN5RTUSh5SLiI829s
TGU9mWeZvOyR5dUAodLJoN0Pr6YTOmg8B/DFxHx3w3UVFCjLWUTEGCRSNRH98Xyl+DDO8wy96mso
bP3aP3Z9OYvjpjhvlm56Pc5+DGok4MmrIMtlFREpK+45YiM3+DnOU4MpJqVilX3ZeUG9ibcsa+DP
zZtxT2C8VZa9LGcuZe8TcIL7jnin5hwjmFPNMFoZAsB0s+k2vjlcdOnFRM9HIFB0G4w2mjkXoR54
yfRCQabq5Pp6YSZVUEHr5HFpfyStYgdfIYOnPyv1wslFs2w5YU5L/TEunBQCVK/bAEBlKEcsBnDl
Uq11b9cCARcczyxVqBRBpBPX1wZo0vcNywGwmwB8HIemA0WHhHP1xrpjW3eENc2I88JvpYWOw54g
Qfwk3wFzjQHRbixI88LIFHi23xmmFEDdDy2vhQarELz9cDQdYHPlgrHXyaxHM3wNm7uASx5euEnJ
YEdT640zoUXJIvhRPquAL/piGiqBVF774Nq0v5+2IdFEKsNJHLHd3pa6n74D30BoyVvfAjn473/n
hZ1oCtc6gcEnHXe+JdiRgWBcnyth3C+qycx64qZ+ztTdAyjl++FY9JPljl26FbIBzwm1kQ3XfEej
dhZvC2Eal9R0lbn+eNTtnroylAJ0lrWwhcFtjjUOxlUlb6vtgUha/hNxztiZn0MIi7FQftgw56Ty
98JjlsV5A+2DRyk8r4maCw5jAnexU+uJkXle5uD08sJOAD9NvbFCFVCjwnbB153uLYkV0alG+3Pn
jrAD6va+BUDoLeJvt0wi6aTzFueKKhVFK7Lz5DC0apfY3tip1CwK6Lj9MdpQ73tfF0LyK3hUqQN+
vnghJC2Bv6nEBWsSWAG3lgjqNR3ItzGFnQmi42W2/nhF01G1gcUWicke5H+zgFGnwn/xjS9j6bW0
8vPAiPfUw+18ZOtDIovu32wIjXn1GJRzbgaevQYDQWPMD2xITSByt5b9cACgIJ2xNDKVDnST7YUB
JOnXsMSCb2sP1xw5bn9+WJmcOKWuL3wokYUXY8v3wNadpUtyvgHjFr9PIHCtSucabop++CKFIsb7
eRxIIYA9PfBogStgNxgWwENptfn0GOZGA1b/AHwiR1yNr2OAsLbC5PrzxGi8ySR+uBYbg29cTMCi
CxubnCqRaU8RHviM5K72t6fpgDsee2BudBdlKWU/fBVS9n/lghoTHc2tuefTBBBc2GEAK6VBN/cY
HSFFylziqgVVCdja/wC2DrdCATiRRBYeZxzIOS9NsTN+ibR7WK/bHBAGtqJxAPdMGITfElkGS1Wa
160cVMZC+wjt1OJN87DPhSzriCujqqmG1jq+WnujfY+ePaPZL8PeRnK1izzIV79Rp+ZK+K3+VvP3
x38eOua5+TL1GocF/Dnw1kFQ9VBSIA/5lW2oeuH0PZHRw5vUZfJTKyrZk6XU8xjpXPtLHsfyaOml
gWDwulgCNsReZ9h1HV5fDRnLwQo2svTCz7UPj74fcsgUzU2VoxC6FFuRxkXFfwn0EtK9M2Xqqzkt
LpWxN+mKyNSsQ7T/AIMqmgiaoyKlYMDsLW29cYhxP2H8TZNWSUhyyZ+7GpnVTpGOGWHuO2OW1BzH
J54JWQxMADbDKSkmQE90bDbHPTYkdDU1D6KeJnbyC3JxOZH2YcZ56QMvyGokZtwFU298Mgs42vnD
3wjdqWaTr3mUmIyDYSnSBt1OL3R/ALnsOXLV5lxBGZ3W4hiQ6V5dcamAuUnAj/AhxCq94ubxaerO
hAJxH13wNcYMWbK81gkA6yjT+wwXDRmeN7V7OfhA7SsrjL08Aqim9ofTFMzfsd7RsmQzV3CtUEXq
qE/yxnKadMdZdVX5curqMkVNDLEf+tSMIgEcvffBpUDBGJvzt0GEvCtgzE+2FgHXT5eeE3GoEDz+
+KKwm63Avc+mAWMm5Ye4ws/yVRNIJB29cKIBpsOuA9FkVddyPU4Etddz1wNa2BiOd/0wm973H2tg
02KV8N77W5YIygDxcvTDBRdA5pbA6WOwAHvhZ76GKb7HB1I2uLn3xehqSlFIU7dPLB7G4sefXAtj
KngD33/6sB3KFb8tsSEKdFufbBHG4Ia/pfCJBSRsOQHU4VhNm3IA/liJeOW+kdfTrhwJVAIb9PPH
PTc+ygmuhIf98JyThlO5N8OhzTeSUE7nl9sNnl1G4N8a1pEmKvcch6YTCXYgW++E0qIyE1LhSNLA
C/6YAADS2/XpgrAsdx+mI9iC48LOLnfBlOkc7X64RoNw2+9/TAyDwg3v5YKwIQofc7czbBGXxAH3
tywoZQDbTffCiKNBNifc4kMpCKQLfc45rarcvvgGwORpsThIhSRvy/fE12MhFgAd8KJYbC58tsRL
AqbAiw88BcfScQ9Cki1lO3n54SkYD6W28sXsXWgK9tmv+uOYkWa/ppHTD0HMNNgefnfBTBYajaww
IWWmBNyOmG8iESE7bYZVZoZUa1m/XCiqALHpviUcCNR/ngQvI6uWIh7tTt0xzRkbch74CTaPoRz8
8Jsgvq/rhXYqtZdsKoCw2PPEimjkeo9cHWMBQvLzF8QGCEoCfbngbmwG+3TA0Ejn4emCEm5YkYoq
KbbC3PkRgoKk2VuflhAGPjJH88HU2+k7eWLQnY50k204MFAO3PyPTA3oWWMWF+fPCZUABbW8zh9M
WaodBJJJt0vg2jYKoH98SkGAA8vbHEta5H74CANcbt9sF1GwOJoeI3F9XLCyICQuLo+h9G217rz3
wAUfSu/rgArwjTcHlyGE2BFlvywjqgPhaxbCiWFutzgI6WGwIv8AphaNLgr5+WL0ONhEGlb2v54d
U+SfM+I69J3BTe2KVWWLrwR2C59xRNHV0wZo+ZOn+ePR3Yx8JNOZ6etzLL+6lQghgLq2N4Y/JjPK
Y8PXHZv2Z5Xl1PFl0lOjlALPbe2Na4V4cOXykRxqyt4W1Dnj0vOueU5ZGtCKdlU2NvbC0fClGuY9
/JD4mW2onAkjlmUU9QmoxrZLg3wQUuUUkK/NTKlgTdjawvi3oXSgdofaP2P8NSMc44wy5JWO8SyB
j72GMg4l+IfsTp6+XuK6SdVBOpYzYn02wfOLVUPOe3fs5r1MX8FrZDI31NHYAYzPjri3hfOGqKbK
+F2CTXBO17YPk1rTLc57Ecn4jAWg4XWFmXzOxP2wbJ/g1yvMtPzdOygc0B+rzJ9MZ+O3SZ2NK4P+
EHs/4ZhSNcnibwhjPKupiTv/ALvjQMn7JaKgCUkGUIsbLZVjS2rGpJOmcsrVmyPs9pVmDSJqKkAR
Bb6ftixHs9ydqgTVFG3etusbE7+pwsWm2dcL5ZRxuHqYXCLyI8INjtjL+JOI8nyN2/iHdRRxMAzX
C+tz/bDRtD8QdqPY/wAPZaTX8WZe1QPrMUmkqCOi82xAw9r3ZXJTzVc+b0lJBYjVLLGHsNvpJuL4
xbD8lb4l4h+HzMiIJs9yeonkW6UyMGJv1OxxW63sc7Jc4Vq0ZFQTsoGlKFwDc8tQ9Ry26YxZLeHX
Hy2MP7Z+zym4ezKROFuEM4CKSGMkYZAetiBjNp1kp3MdTTSxsPyyKQcFw06fPYskXdEa3HiFwVN8
JnYXsb+ZOMoXSSDYk44jxAC4GEUrGhvp1D1vywokYjGobb9cBnI4I3vbBS21r/bA3BQ1gVX2OAAB
3JNh64iMqFhqvb3wUw7ctvXEzRWAG2mwwLp0w3hQH0mzML4MFUkLtga0MCQbEi/lhaJSGtcYXM4j
hDX1g3GAkS7aT++MN9kpAOg++GsoH1C4PpjUF+iXPbnhRDZr9cLJXvCDsdsKrIx2JG3XGK6QJmJX
drnywVma19W2FezaRzzX98Jl302wgXWCQLWwZOYu1/LCb0Wj2AwohVl1EWwAVgC1zgjtf6vLliME
AXnywA3JFrD3w0DCx3Dc8cGGnVf154GIDTbflbHDxtc4lodYgQCT6ffBrAEgYlYBrGwJ5YAqoO5x
LW+RXBbp+/LBdQB3exwqBjKj6lwpuQVVgDgaHUnYXB++AAJBG+/XEtAYjZWOEth/TCzk5rXsF5jH
XvYA9P1xMjDxED98LBTuFNx64DOQFBpOG0ib3G4xGiKNQ0gcjtbHNcksRa2HoBDKh98cGuSGxEI8
JIUnBj9JBW/pgU4FIDLY2JwnKo0bcvQ4j6JaSDuuxwrFsdNvbDVC4NyAP3wdFGyaSPY4D2OEIHW+
OLAXtvv1wdmUR5D1t7jCOoXPT088M4FBq56dvMHBb3FgwxDsYW3Jtv0wMWnTbVz64VwWja91PIYU
I23PPqcFanLigttf3wRkAGrV9sTOhbANa23pgQR9XlyxGQDuL7EW6AYAkHe9vbEYJqGq5O/lfADx
XNjtti0eykIsdxt64cxMb21ffFWfRQBd9P74Dwj6BtgVEKhVNt+t74JcEk9fMYQB1Yve/uBjg3j0
3xNbLJG7chbEjluXtVsI41Ja9sFvBk3drhw12S8T5rOJI8rZltfw9R6Y1Xs4+HKIzLJmkf4bC5Rs
OOOxll8Xofsm7P8AhjhGBKWKLSp5698bhwhDkqwfIxvGhP0kdcd8dTh5crvlf8upcuoWiminTWgF
zfFjXivIMrQyVWawxpzLO4GNWsITij4reybgqJ5p8/SpqEFhT03iYn1xnGf/APqIZhNMz8KcCPIV
FkNQ9hbzNsc7lb01rar13xjfELxJCY8vkpMrQm7GCO+3rfrihZxxL2q8VSyzcTcd5jLFKx1a5Sq7
nyHT0wfHfa0j4OGsvf8ACpzJNNvaWQ6vc78sO6PhKpq51ipabv2H5iNsbkScyTsPzjPp5KifRFBF
uT5X5KB1OH1L2O5VSK4njbQrWaRRzHW2NakWzqk4Ig1EZdl4VBsrHew/viZy/giojqFK0txYfikF
lH9ziCVh4Ur5ahZKkhtf1alsoOJleEZZKaKSSolkY7a32AA6KPLDoFMvhgpKgvW1phTyjXdvS+Eu
JalqrTBl9XNpANgyaRbz2w6FU3ifNGybKpKb8Dv5zfXcsVHn+uPIPxGcIcWZx3/EWdcdyK0LEU6R
Du4wRqN9IBYnlu2/ph1Olw8pZ41alS1RUVc00st2aVSSW3xGpT1Th5JDYrvdueOVmq6wCzZjl9QZ
4q6SNyOjEEg+2LBkfbN2k8P0Ryig4nqPkZWBkpmHhkA6XtcD2wCxq3AnxmU9DPFQ8QcA0cEYGlpc
vLapPVtZO46WxrOWcNfD322ZI+ZRQZZJXEK7mtltKb7W2O/thl12t2csb7U/hI434NqTXZBRyVlK
QX0wRE6BzGMzqOB+J6SMvWZBVQgfmmQqNvU2w5Yb5jeOSLNO6SGLUAw573wJhRBdjjjY2MAoAube
g3xzSk9duQwN7+hGPMi9sEZttnsfQ4mtAQgNty98LISbCwwVDW0DUEvv0xzmw0lhijPXAuhSLKxt
1wUoCbEnba+JRxS+4O45YEKdwGI98UbnIwFrb3wtToreh88TNh3GqMq3O552waRUYgKfS9+eMVqT
ZnMGW56++G8o5hxzxuMWm7Ri9iwwYKwPhGzdThZ1ooEUm2xPmMKRlrW/rywNQoVt9NtzhOe6gjr5
DE0QlBsTce18Ivz06jiMgB4vqP64UiUnckffrhGXJVSAvP7HAkeRNx++BnsC3uzAe2Csl+QPsMRm
hTqC8xjmUgbNywkN1Gx2tcCxwCkAeG174nOD6Dbbcc8Cu1luQPTAaG9jp8/LHAsNgcLIDpsLfrgC
dbW1Ee2I9OKg2s1vTCTAE3UE38sRGiBK8sKqCNzz6nBwSiqoa3MeQwRtjdd/TEaK3iGxPvghUhSu
k4We+3BTzZrYDlfVhY0UiFje1/TDmEbeJdzjNMoZUuLHp64bTgKCCOf74u2iD33ucdbaykj2/lhE
JlW3Zef88HSNtRs3TEP4KCL/AM4HTcWBI2/TAdOWIk3ubDBGTVc/zxGE3jJvYg+uCgXNj9sKLKqg
gg++FlIbYmwwU60UBXT9P6YI2/1c/K2AknVfqv8AbCfhUkFsaZFFyTdvvjmto8IOJbdYWF7nBlOm
wI+3XENlFY9L2wvHqY2vz/TA1KMIzIL7g+mAMYJJINj1wLX2Jp2tzt5YI4tZuf3w8GQRio2JscFL
k7L09cJGRbnV5YOkfXff1wLRVFW2luYwdU0kAN/S+IUexFyvPBSzk6SPvg9iiXNtmv8AywUs2q42
9saZcqkm92BwvQ0NRWTiOniuSdvXGWptrPZn8OmdcVQrWzs0ScwHFwca9kHwq8J0tHFUV2qCVD42
Vrq2HHD5c05+SePjFa8lyeg4QiNLkdJ3qg6SGG18TlPFn9KA1RLTxLPt4N7Y7SaebK7u6HNs4zbL
0EL5p4Yx+Xcm/tiPj4y49W8lNmkkQFil2Oo4rAmKLjvtarodcnEdQUQ7hGsAPXC1HT8UZ3rnzLii
oNr3ZnNr/wDSMEi4Gg4Wy6hkE9czTu3O5vidhZqiOKiy/JohcEh7WPucMHZ7ScMcRVkZ0wCGEHUS
AfEfLErQ9nWZ57IBKkgUfmPIn2w6S3cOdh1VUJ+LAY+75udhi5ZZwLw/kOXC8MQJ+p25gefvjQ2b
5hJ3iqmWxOqquwTbn09zhtT8H1jkVNbKyAn/AAyN287DyGLQSUXDFBFCDOTGqAk32Mh8vTBhW0NP
GY2cswAULECfbbCi1M5lieZaEKUtpQLcgf5jh4lYtZN38ptCqmMAHdtsCo1TR8PZZHFClMFv4tDN
cv7/AKYheLcyoZqeOnpsuRNQ8Gg73PU41yyp+fcBZ1xZSR0zyEILn8JdLDe+7Hniq598M3D3ENZD
NnMHjVdKKXPP/MffD+zOGacb/wDp78C5tV/NGOaV1BASmkEQX7W/YYoGZ/8ApqZTXvJU0VHWwwpc
Sz3LRxE8gLC5Pufthuq3L6U7O/8A09xRTNR02bS96q3LfLMVUerMR+wxXM4+BPis3/gtJOwXYSVM
LfiHyUDkPc88Z+MMqPf4Du1pmSP+Bz9/JcvHFEWEQ6XPr6DFs4Q+Cv4jeC82h4myKCip5IbMrVSa
772HgK/0xm4w8VvfZllPbvl1Q446yoVz1A0gUtN3USD1PntjQ8x7HOCeOlEvH3DUEzBbWlpkty2/
Li5g66VHiX4MuzvPMslyLJY4MuSYG0NNGi3/APlbnjBO1T/038+yGnmreHM9CsovHS1UZbvfZx1+
2KyZNzPXbzbxbwHxXwVXy5bxBklRTvE1iWjbSfUHlbELIGttsT0vjhlj8a7Ton3guVU/788FGpra
BfBpvexgABYXPr54Ujuv5cDAwYHYG2OLKxutjiGxNRB2b0xzePqftiU5Cji4sBgWOrxEYmpXK9jY
4cQ+Ftjv0HTFo07hIcDxcumOYqFuD7YxTJwaVA5+K/Xfrhq+g3F2ONxnIRbKouSfU4UVdrrzOFmf
py6Qd9/fCo03Fj774z2ZxCgDFNgLdbdcFlsTpGxtyxNQ2lCqLYbSW8h7jDDXDTbcXvhxCCdm3I9c
IK6Nyqte/ngrkW2UnztgZDEB57HAtEjeJRiMJSqQbEYR1DVd+d+WE0qNNvLbn544aCwA2xMcDC48
XK+ODXAIIwC11hY74FywtpthisAytzv05YArffy54kBrFfDtceeEhqY3DX9sSuysIIsL/wCuFdIO
3n5HA0VEYAPi2wm8JYf0wSnWwMluW3oMEKq2/XzvjTIoFm+o7ftghdQPCNj0xpi6KRmwALb+ZOHU
Wkk2blY4xeFjIUkDbFjscNKmzKdHnjLpr7IsLWtb3wFjqOk7W6Y0yFRcaF2HrhRItztirUH0DTct
c25DAiBdtIwLXIe5H0k2wVohzJ5dMEUISxi2q1v+rCJW3i8+mNIou2+u18KXN7hf9cSpSO2nfASs
2+q/64va1wSLAjY8t8J3ZzYW+2GKzQe66a7b4MVsbcx74hoXSWfSbYEW8736c8QhVBqYG1hhxGFV
dh++CtQpHpsCWFvLzwm4BJa9sZOiTsdVgxv54ScswuzcuuNahEvuLm/ngUQMdj98ShVYbEBn6YUW
Eje9r9B0wdooqbG9jfocGjXw+I7nliHYTbkDuOYwWQEA+L198QIkkeJjf0wLANsAPe+2EFaOKCWU
RSSFT542HsR7IKbiBkzOpi76FG8WhrEYLN3TUvxm3p3hfKMo4eoo8vyxW5WCnocSVW9PAj09cNW/
0BuXljvJw8uV3diU+XV0z3KCFRujEbe5wGYZPSQSQNmGY96w3YRtsPbDQa0mVS5jW93QUbOGN+9c
GwOJyDgHM6WZYa6ICQ/Strbe2LRSFRww8aw00IPiA1KnIn+2JTK+BK140CUbSGTZQv8AvYYdBbMi
7IpEjeKuAcWLCIc79L+mLVw72SiBUrKqltK4Kqqr9Pt64ZEt+Q9ltLEyqCZqpgRoB8K/f2xNU/CX
D+WrpAVtAs5QWuev2ws7MM2zKnpkWlyaEvrFlHLfqW/tglLwXXZlU6q92Oo/Ux8N+tvPFIOk/Q8G
ZflnjKjwnSsV926m/wB8NM3pKHL6jVRiR5kFiFHL74VtFVmU1buHrDYvvYWB++EV4anZbQRqGPOQ
bG/vi0TxeDKlaZ0mq1UKRqiQ7sfIt1w1m4YjpqdSyqGvsJG9fLEKdJwrlzB6maFp5Lgd82wUegHX
EllfBOWxiTM4MliYobh5iWLHEv5DLwnVVEaMsdPGzXYiO5L9cRknBDZge9qdIU8lRNyPfEtbRVZ2
Z10rGWQsFUbqke5HucEg4ThU93VQzMkZGmG7fqQNsRTFDlPD1OyUf8JplMg6xgjfoTbClZwvlQqw
WpKTVp5Rrb97YN1Imt4bVpC+XpENRGptxt625jBJ+HYaWmLrES+/jjsEHrtiKLqchZNL0cB35iMG
59Rg8K0VEBT1VPURSk2F3/0/ngWg5rS5VWslKwRiOSFNJHryxE1fCucyuY5stNRFGP8A9nmHhUeY
IxdqMk7Yvhp4d7TqOSirKZojIbKFsVB9seK+3b4NuM+ynM5qzLaaavowSVKR+ICx6C/XFZ8o7ePL
1WTcR8K13DqDK6uiaOWIXqCejn8v/wAeXvfDSl4ezBqUVK0rXc2W+1/9/wB8cLLvTveBK/LHy50g
chpCN9PK/kMN9Olrabn3waZtAyrbZt8A24sTYjpiFgh3v0sMcpA8JNz54k6w+ofzwpEQ11BtganY
G1KbE3++FomB2X9sRpaFyNg2w6jCkro68ueDXtTg0lZWv7fphvJp3YDGmMnJdvABt/PBlJF99h64
hvQ/h8NmGDo1idzgb7Kqupb6ue1sElQqCSx974jo1nDdbffCPdlm0g7YjrY8UOne/wB8LQA2vz98
TOhyVFrHlgZ0DeEDEiaAKfCCPXzwrGbki1umxxUCyIgXTq3PXDd0Km/K/wB8RnTibra1sAqqpuT9
8LnSl/CLL98JlyNh+2LtqjLqIGlvsMG0hfq2t59cQsC2y2Y7HywW+5sxwIVwb6dWAKKo1Kb4TSkI
AN2XbocLxDVsVsegwVFCQeQt79MF+o22+5xlromVXRc2HphJxpBUn/TGmb+iZJwU/pjbFGicXsDv
h7Co6G2M0zkq/g8Lm/3w0qFsfq5eRxlukimrcnl0wYIG5C+3nhGthCLvb3weNtt8FhnA2kAggbXw
ckMAANj1vgNdYNbxbnfY46w3v+l8AN3W5swv/TCMkYF1vc9Maa04FbXvg6Asb6rWw0UqiALcmxve
/ngsoDb25euBEmUOdh6c8AiWU3H9MaAyrqY7dOZOO0et/IXwDsWx52x3/SAD63xGTjY0drDDiEnR
9Q2wVqQclQAmon0B5YKXQ3DMLg9PLEJqEXI1X9cJllYmx54THKhYXH7YVSO++JFY4wTc29sLALbU
OuMrThbTosN/M4BdFudiDhAxZb6gQfK+CnfxeWCIkV8NzbfBeZ0gn+WEftI8P0L1VYNMZa3Q49C9
j3fZbl0RpqJ42ewZVNr43j2xleGu5NU1UjCrdzGxHIG+o+eLBllDmFbeWnyl3kFjGzbgnHWRwWOP
griLiGmgqMzrNKfQsMexGJTKuyrKqWYgy9+FAvq/KcakXSzwcP5dRUIpskpVJDXa4vy8vTEgnA2b
5zVmtq1Je256E223/pi0Fr4a7GRWSxR1VGQFG8ovucXXh/shpaRIo0p1+osX6legxob2sVLwRQZQ
k1TMqFpmt3vTSOg/TCM82X5dCFgj8TmwLbFRiGzOozdFBjyVCY0Fg42B88RwjzfMVMLLpDBrMwtp
tzPqcWlxTvJsvpo4gY0BVNvHdmk9L4mVnFNHpVRuRuRtf9OWLSputPVtUf8ANnS3OMaTdv8ATDyi
4eVCZaiAuEF7bgb4ukKckoHqDVT3mk30xA7RjzI88DDk7VI11UHcRL9I53PvyxTkF4cqp4Yu9eOV
nsQDGLX9MGqMpUNE606xvbxL0X15YjHRZdGmmKIFixIaQghf1wMWUJMGi727LtpU3W+LS2dR5HMU
7mojJFydQU7/AHw8gymVDpISIHlqHTBtEazhuaGJXgiLhjYMFt/PfDOvyuoUrHWU+m+wREt9zh6U
5MqjLMxGgy5fdV84+nTAVGWpVNFJUZasaKdLFAVVv0/pgIsuU0oivFSRj/oFxYexwnU8OrXUpCxQ
lbggou3/AJxdFGS8Iy0blIaSTXz1Hnv0w1PDUKQyyVEUkkmxs1vDio7NKnK8rEy00psQpN0Xe9v9
74LDw1HURl4M4SmjYE2lFwT/AC/fFUhc3yXMIWSOSnjnEgYExkWa3tim8TcFUNeyw5hQo0QGsra5
t5W64JwWCdtPwgZdx5maVlCBRNGSSixjQL82tbdgCbeuMx43+H2LIKGeWCgalgolKUdOwJDAc5G2
3C9L/Ux8hi+O7t0mV0yak+GzilWm4pz6iqYUk8VPGUPeSKfJfM367X3xW+M+y6uy6WTLKLIlVoD4
xCxYRknbVJ19el9gMc7jY6bU3N+GqrKGSOYFtYJUgW1Dz9r3xHyU7Ri7Id+p5HHNr9k5KdSC1z/P
CYXoeZ29sS0NzW4AuPLHJbXpB3wGUaRBzYg4FWQWC7XxGjLKF5nAvUaVtc7HzxDiE2csCzMd8JPc
sAB/rhZctyQCcGYDVttiUGB1WJO3kcKxhQbBh7XwNcDxN4rbW/ngZtJW6mwxVrHo1lIvuDgqJdiO
VsRpVYfDp6fzwT6GBvscUZ3rtw02DBjt0wIkUnfe3mcSDcbW6YNfYNiZH+tQQ2EpYw3Pr1xNzo1j
bldr+2FNyfvfC5jOALKX5YJpZjuQB/PEdehlVRyuMDtY6ufqeeIUZie78yOuEy7W6X9MTTix+q5s
d8ARuCTt74maVi02vuScKI1thb7YEUVwRZjYbdcEZ1AOjkcDQneqTYAbfvhORr/SQb+XPCNi21eG
9sEcEg36dQcaZBHYG55YfwAEXBv5jGapoqiaRYmwGE54/BcDnga1wahCNhgVDKfCLkYQ46mLeL3w
bUwGrlt54KYPGxsDbfClta2IscGmtg177j/44K7AjUeWIEyQTbcdLYRcaefP0xo1ygW3FsLRhABa
18FRQL3jarY50HIbeZwGckSoB2cXtgAtybfph9GjCBvMbefXHMQOu45Yu2KIwBOpX2wAUi+5O/Pp
hI62UAXueuFUIYbqR7YKRnA2Cnn54RcEbXB88Q0SY9dWAQEkX6YUWiQkWtY4XjjW1wL364Feiphu
oBYXG/lgxUW2N9tiMA3yIxANwx3PTpgjEC2k/phDhdxzt98CCeW23XEbPbjEXGkG9+WJDh7hTMs+
qe4o6R5D0K8sIv7br2SfDfUwvS1+bqzu1mMSDlfkL49I8A/D7R0+Xxu8YSIk6njvqv5bjHbCacc8
t8Lxl/Zrw1klI1LJZnZ9xa5/XErQZdDSxmCgo2JPhDBeXnjf8OaZyfgjO6w90IiGe5RQLG/W5xd8
j7D5KinQ105jRbsdzeQjz9d/2wyfatWzh7swyikonpo41Ehue8I6emLVR8D5RHCHkQRlTZb76v8A
qONM1MUOTUlCgp1SwckC5tthrm3EmTZHKZaMB0VdK9QW5fpg2qg1zGtr6d3AY63H4jg+LyAw0nyX
vL1FadXeHdQdyPL28zikXRzBlqT0hSHLe7jVtRU3Jt0HoMORkjtTd/JEWjtsga5bGgWpMjJnknko
CEIvHCDtfz9BiRhy0og/5pUjtcyWuX9sSoDlsUQMiotRKw2uCNI8yx2w1qpc0ilWBWMha+ruwAo9
L/2xk6ctPJSt8uI2FhqOg8vc4kY6yoaFaeji19bxpfSMWkcRZYhhEctE31E6mNr+9sK09DEytJPM
gVeSp19LnFaoMaKjcrA8b6SLi/IYNHFQ0ksYWgnlaQ+GNAdh09MSE/jdV8yac5YEYsfDe5Ueww6W
uaSJYU0huemMC7H1waBEZlUSVZhqDGGQX1dB9gMKPDJqvHVSSsdydOxv5ny26Yv0f4D3FXIGCaW1
Gx7sHYep54bzURkdTHT6pCLEkm4/XARhQSzTd3UBmZvyoBv98JvQSUlTqpKV41Q+NRf9yRtgQDUz
LMEqKWy72a5XUPfEZmVDlkslmpjHtcqNwf8A5Ykhq2ikgLiF0aw+oJsAfIdfc4qvElNTUVP3qRFX
ZiQ5PXf7DCkScoq0pEqK2sYR2AVjfbV64Z5vLRfxF0oYmlhVlUs3J/T9v5nA1owzjLoKdWe/fTTH
VrFwtr9OuIHO8hyjO2EVbl8dQy6dMEQ1EW5X6AXw7KBz/sgpuI52mrtTshJ0RHa//Vbc+3T0OM14
4+H+NlVKHLlYJdtcsZVBz/LzJ/3ffEmH8dfCYayrfM6rNhSwEHXUVYDMAOQVBt+urGIdqvZ2nDte
0FDTydygsJKtrSSnzC8wPsMYyx9uuOW1Pi4VznuvmJaNoIj9Mk57sN7X3P2wwzCjjoqj5dJRKwG5
UG3tjjrTcuyUakLc+WA7q2xbFGrAtfTYEi2OCqfO/kcRFsQANvbBGI5advXELNCM5JIDfvgNesX6
euNMV0TG3h5eeDyFSB5++BR0LHSAWwZWUc+Xliag4kKgb7emBaW6m+CtdEyRvc4CEgt1I8sGmryc
Iqb2W9+gOCzhLeEc/PCxrk2fYW1ffB0vp578/bCLNDtufEBbAbWBBt574BOSi7LvgNyDcg9N8TU4
MkXTYAkW64VjF7WJH2wsDlb72HsMAI169OmIgVf8vLzwBIQ7kHEAlrjxbe2CDxHkf6YjeXFBY3JB
ODJptux36YmQqQLi4AF8GV7chz9cBgRJexJwHhvvt98DWvYCB9N9vTALptZcMZvATbqbHBGW533w
zgdhVAoN2wvTMFFyTivInHFOkdSvL39cBIoIte1tjvjDpCSxA7E/vgWjWJLBgfMYdr0JpHIgX98F
ZCSQOWL+QPHFfe/rvg6RgCxXFT0KwsAdV/54Tc7bWNsBhNmW/PCbMNVx1xo3oEe/if8AfC8YB2Pl
yOKs7OIUUAKSAcBMyMNj+hxn2ZdQi6gix6Y5B4SLj7YSOFU7m+AKDc7HFtngBjUEkD9TgHVQdQ38
hiMjkQf64OiaeWKkZ0va4wi67En32xAi6+K9/wBNsDGob0+98JLxKSQF+18O4gqX8/LBWf2OTcar
29ccqq3X0xk6FeJh4VAvzvhFo20nRseWNSjX0AKQNLMffDvLcmq8wkEMUBJJ6XxTlXhsvZX8JXEH
GMq/PwPGGAayi5AP9cen+zH4Qct4djpjHlIVTHcHqAOZO2O+GGua4Z5+o0qLgXh/h1I4KeANYAeH
rbmcTmXZVW5pLop0ZKYG4QXsMbc5Vz4V7Jpc0qlnrKd2hjGon1ty/XF24R7GAgWSsp1C31Fbcj5Y
dK1fcv4Ey/L6cOtKrM9o0RV39ScTldway0pNXSCNY0Fhq3PvhZ0jHgp6apbQEZVHikbz8gMRWccZ
UdEzdyEDBbEu11X1xkq7XcVVuZWjp5iVNw8xJFxzIHpgFqcopokmrpxNIbkC9kX3/tjUmhSVPxZH
USLTUMbzMt2SMG177EnyxLUdBXSwrV11QjTbW7oE6fMWtvbFFU/TZeFh7qqq7aDqZYybsfM4cokE
lMYqSyWOkF77fbCJDl5ab5buAhZ1A+ptz/bASPCH/BjiAvYM+5IwEK5fLWghozsbLMWNgB1thxDl
8VONcjo5B8JtbV/fCA/wSmlAeonRyTdlDWuD5+2JGCmKUUlNSVECRgDTEp8VvMnEiDZXSxQSDMKo
BIrLZBy67dOuGs2X5fGkZnkc3N0Rmtq9be2Coatzugy+lJieFI0WyiQ+Jj7YrubdoNPl0HfS1rs4
NtEQuzC3UeXviCnZ7238I02Zp3mfyIFXxIHAMhHQKvPnyJwwrviQ4RoKUyTZtGjNYpFGwdjfkCRy
J8r4LeVsTh3t0yzM6paDujI7A/8ALiUd6PeMEkD1NsXej4uy+N1hSqMOgXZHl0kfzJxnbW03QcZ0
rMsZdUbklwbc/LribyzMMuzdhKJikpBF77n7DEUkpqaTUIoIxt9Tbkn0PljhCTITKEOrxa2e4J9u
uI01qaWmqktIiOpXc23I9MV+pXLIHFQI2MV/CSNudsQVnijjXKKVzSU8i6kcggG9/T7b4zLM+JX4
gzWWJWb5eMEqSbWJ2GLfBkRXEfaLRyw0uUCqDQU5BbQ27uB1x0FZBmlUKh6hdWkKkOoiOP1J6nGN
+nWTjZLPcomqmHz2dzzKlvw6JNIPkPbC+TVs1DAKf/hPMqmJN9AQBfuq2GFWbSrccZtJQfI5TwuK
GMbAslmH2NrYrefZFns1LJVVOXsyk7ybk29xtjTGlB4o4Dyut/GzOtnAY6QuoKfYC2M5457NssSC
alyLJ6eml0n/AJuCMSVB8zrZSFv52JxdmXTyz2n9iPElBWTVtdxFQwRszOGmqQZGufzyG7n/AHtj
J834VqaGWRIqyCpEZ3eFiB9rgE/pjnl27Y9biJZWVivLzGCA3awP745tfsZRyA2vg6RuyhR+uJr9
DPBYDSf0whLT2PibbyxKw3mHj07WtscJi4N2G3pjUcsuyilfvgzHSNPl64DJwLcAWvz6DAk9W/bE
0UiNxqLWt0wY35WxVqEZdiLtywEMumUAG18CupDsSkjYjfp1xzXMWksT5k4hSBS52F7euDxqQ1zt
iQxQA/0wQ3B8rj3xb2zJopr8AueWA7y4JBO3rzwNSELKVBPXzwaI+LT1/njTNHZbsbHnjlRraift
iHsYIFFtrDqMJuF1WX9sC0LpYD6tvXrgSg1c77fpiIWUKt1OC8+RHvhAqi29744nxkeXLEXXuSbi
+BJvzNiPXErQ3uSpNza+AH02tz2vfEzSgHQG/vjnU2Iv1wLQu52Del8Hg/ym1/0xE4ja4/nvvhQs
rCzEke+Bb4DCgKlif1wZoWvctz6npgIghjAJsfbCfd72ufvthXXRVIgBa3PB1iGm2rfAf4FaIX08
vvhrLFoJAxbbhFgoWxU4IVGyD9fPCaMoX74WVWHLfCx/BYHStibn9MJsoBFrYBwARg76ufPHCFw1
gbjkMX8tUZV03FrnHEm43tiApUgWtf1OC6GuTzvi0isa6W0yYWsDsGtba/PAaCWH8pW5O9xhCRCE
+n73xKEWQ6ufPljowo2vy9MaMhWJtNmDG5/bDjvVNt+XnjOmbroZWAW5v7A4UVlPhBJt64KYHd1s
CffAGPVbSfTFF1ykOGuGXzvNKfL3bR3zaVJ5euPQHw19lWR8RcQ00Qyt2gpneSSYrfvNPIenT9cd
/Hjvlw8mT2l2Z8MZfw7lDHL6SJKqVtRjsTbb+mLEaTNqhf4PSHVLMfxGS+lRzsMd3n9rDwh2M/xC
pWWuhdyzWuTy9cahw52S5fBKHjpPwkFlJFtR8/2wFeso4YynL01pSli9vBysbW8sS1LlVHDCvzAJ
Vd2J6enti2tD1dfR0umV4Rrv9C/lt0xX+JeO6eqkMdLOZHZraWPTrv8AyxdhRuKOK8wqI/4dly9y
iHS0jDc+eKlWwTS6pJjqUG4Qk726ffFr7JChqa/MZJliXu4gDpVb7fYcziTyLgnNaumE2aqxjS5G
rlf/AE64dD9rNwxwkYIe+hgWCPfVK/1uep/3yxPZTk0UBE0DDuzykXmvqBh0tnjUlPUWjepIJ+tr
2APltuTheCgVUKx1AbQQwdltgRJg8AaqEjSMD9CLbxdN/wCmFmkWksvy79+NgGGwBHP1++EFUZ4m
AWTU9hczPZd/PDfO81qKSdYi4aTT4jElgg8lFr/c4LTISXiaknj7mljDSczGBqNx1I9sGl7Qcuio
jGEIcm4uLLf7YJVUZm/ah8pAsgK7DYBL3b0H98VjNO1KrlheWSOUup+iO119tsLOma8d9tHEtJSy
VWU5IysD4J5m1c72uW5+wx5V7bfi37ZuKWqOGuABVLMv4dRmEX4axgfVZyLXPpc2GLR1vh5i4/7U
O1bLPm2rO02qklLFVShqXlkPTdwAAo9/tinr2/8AaIlOtJ/GZ5Sq6A9VVSvpX/KqAhR+mMZTTckq
d4P+KXtG4daKKnpx3WsazT94rMt/pv8A3Bxr/Zd8W3apxJm0VBlUa006kNJmVWxLKtzfSAByA5k3
wSbXxj172V9rXH1VTQLW8XyT67F5KlUGleniJJI9AAcekuAeNM2osvjnnqaQoxKkaWBI6+fPFpdL
ivaPk0cAo5avuY3sdDnUxPkB0x2YcXcM0eXtUT5ozlBpB1WGv/KB6X3xbDPOJu2eFMw+WyySRohd
TNqN/sPI4qWd9rubNQxUdFqV+V23CkE3/n+2I6Vaq4sp8sVc7rawyEamsxuGb82Mn7WfiLp8noXy
3L0ebMJVYimprXO97k8lAHViBYHA1pSuxji7N+Pln4wbM61p4JHvTMqtFGitYlbcz/1eeN74V4l4
Vip42rpY27wBo2JP4pP0hWPMnyxiTV27740t2SPlGYWrstknijZbhomvY36qfLqMSlPJXQytHWVR
O/gmQWDfbmDjcc7Rp6mrzGRVpmaNxtrkJXX/ADGEZcsNHBJPW5rPT22YQklSfWw2wxhDSZVSVDGr
yqvgksCNU1m/cf2xXeMOCK7Osukpmrj3cv1dzJpX77Y1EwntN7B+IqymqFgz5lCCyM9RpQ+Q3Fv1
x5O7V+wLjvK80mNRKlcyi/8Ay1QklvsMZyxlbxvqsmzLK67Lqho6qkkiI28SkYQjhZhdrexxx1qO
vZx8swGja/vhdaUkg3+2MbdOh5KZQupdx7c8NaqIILkbn9sUpvSOqksxJN7DlhCxLXVuR88dI4Ue
MAC5I5eeDHdr2xNB7suLXIxyAsb79djjLcLQxXB8Q9b9MHeMgAsDiMITRkcjhKx2Hra+KK8F0BYi
xH2wqAwQ74WdciIjWO+Dp4Ta2+A/yHbTrH74SJGq55cxY4ozXGQgc+WCFiN/03xNCg3vv+mDLzBO
+Fz7GDnmX38xg+pNB1H054kEMCNWq+CsFB9ffAnWOnz9Bjr38TPz6eWJW1zqFBCnCFxq036e1sUV
cgZn35YN139/fCXXUnYi9+WOPhP9MC75cGPL+eOBULuPthZGBPP98GYgi2rbywVewKD9QvgysNVh
y9MKvAwbxW9MLKyWsed7nBYoV7wAE3ufPBjUJvfkdib4zprcBrRR9J++C6g3rt0wqDpIn5r7eWDo
4As4254iK8iXueeG08gvby6YNNTo3c3J3sfXBV09ASR640bfsdVW9wTv64WURbAtgZuoUBQNYt68
8FlVC2u/XFoTnh23lgyyAjSRzw2H3pxto3wXQgOxH64F12NoHIgD2OO0RgfUffEpxyMACot73waO
M6dvfnywH9jFRpEmo78r4RlRgDc88QkIyRkH18sJnY2NiMa7a6GsQBZt+eFEPh5/64hoqAbXB5/t
haNCbEb7exxiiTkcAKwBO7dL88JJWrNU91SQmRtQVR0JvjeOLGefptPYT2D8c8RZ4c6SlvTRBlY2
Olrj6Uv69fQ49tdgHYbS8CZAkq0F3ksGjY3L+dz79MevGajzWto4Y4Kqaqe1PRBC41L5ev2xp3Z1
2Rx0lGs0sQaadiTIwvYYqzGiZfwVQ0lFJFRUwVXNu9OxAHM4mY8semVWWGxiHhTqBbAdDPRwUaRk
qbsfFfobYaZ7mlHCUEMmgKviP+XbB2lLzniFswqzS0oew3LX3G3In2xBtlhiklqXlYOLKCvL2GNs
7hucpqKh9ZoyQfEqf5icFj4MbNHD1YCIt/w4zz9Tiq6SmXZJl1PMHpqFtb2RAvhY/wC9z6YkjQxZ
fEEMVorDSNV1HnfzxbV5P4MoS5qJ5ixtYRMNvS4HTC0EJpisAnEiA+WwP9B6YKeCsC0kk4SKlGlT
u52JwZ3poZGkeojWx3LG4I8hb+eII2qz2CjrxU0thcXBB8K+o8/fDePi8zSP3U5fXcGRjcYLeWtG
E/EOYyu5ppJZY73DqQPF5g/2wlWU9VXRloqSpZbXcu1lJ9T1xnZ0bTUjLTWpY18JN2DaRb+WIWvq
hEhqjIpceFWJJH223OHYQslFnVdHK0s/dxA6dCOq3/8Alv8Ae2GU2S5wKc1lRXFlJ0KIRsR5DYXx
JTONOGafNc1OVQZc1RUSj8VZags2m3Jj/wD2gAD1xlHaV2YVHDVdGkWXwkRoX7tplVDblfSGNrHk
OmHakYpxT8JPE3bBnPz3EGdVCU0mn8OBQiL5BIVCLYX5kkYtXB3/AKXFIgSbLMzpaONoypnkQyVD
qTuSbEL5AKLjzxXXdbnC+ZD/AOnVwFw/UNlVNTw2mj7qaek1sW9SdVgftfFryX4OuzfgFI5+H+HE
nnuLuytrv73v+lsFy9LXtduCsk4n4Hcz5blcEIcEW3TUPXSN/viafP8AjLN6tJoJY4miJFogbA+Y
J5n1xzuWj8NncWQ5lHBT5jm2bzySMxCAsSQPO/uf54Q4kMFHAsj1rNtYq7f08r4tmzSr55ngo4Pm
YJI17tenO4xnHH3aunD9A2bPPPPPHe0MKli3nZcLPbHuI+3TjfijK62syBoZIqdlRctBKS6nNgHb
zJYGwHphzNlGY8O5eeNX4aaWtlXuhQAd47ylBqcnyCkC588UPTSOHuyfNeynMKLLOB6hJZO5jAWQ
3Dd8bSKfYsh+2Jnhng2uy/h3PRWSNJRxlauihkBX5OTYyAemoNt5++N69jftd8oqsyy2cZ/Q0pNL
VQiR4EO6Oyhlby3uR67YsFNPm9XVU9VJV6qOoiuANyjixIPpbfBpbWzLKZqeHXUr3g5M8YvrB5E4
SqcvrKeoFRldV3iEeGO+538z/XFpGq0nDs1RpfL3gkkNywFgW67eeDVPB2W5lRSVNA7CSPaSMXBX
1t5e2KCqLxpwXUzw9zSTTKx2YI9reRtbHnbt47C8+zcmqyqqoq2WJCSkhEckZ89Wm9/vjeoJXkHt
E4bqsmqmyPiDK6mmnivp1MJI7ejD1xS2pIUYrFqIXqRa+PN5MfjXp8d4HSC4CBh6euF1W6i6m2ON
deqAoikEve/TDKsVNRuL+2HHsXpF1aEtbVbrc4aWINgfexx1jlRlGvYczhZQrCzG1jhpg3dE7lum
DojdTvjDpC8cS81P354NJDYbkffBWtGs6Fja/wBsIrGVNwefS+FkqhKH0PXCyqCuktf+WJmgCgDw
nfAWDDcG+JoWZyltztvhF5F1Akc8IoNQKhdr+hwIK7C/74CAEheRsMDa3gJ3OFzgTYfm6Y4G+wxC
wbUALEb4FmA2W18RDGRa2r1tfAmzGwN7chiQjkgAk3wi5LGw6YkOgtup58vMYEKCtrnEq7Sp2v8A
64L4bkEi/tvgXAtxo8Cj74MAxA2scIHiJJ2sbbYPp38PUYFHWtvqG+AFgxC4VQhhqBUWt688G75v
9cOgMrgklTYehwZJeV7nGSBpLC/LHLIGIBP2xUwYTHex2B53wZag8+vlg0d6EkkFtJO2EZGBB/vh
MohFxfVb0wIGlgFt74iUXlZufPBwVtysfXEBXex03At0GOMgJ8JwLQYmIYAn98KrHbxr1HIYRA6b
L7fvgCAPDbAdz26zA7AeYwIB3B39L4YvfLlIJuwP2wdXCDw88FQQ+oXG/p64KQdJBcewO+A4kWbx
3/rgj7tqtv8AyxpqUW9rgkk+eDKt/CSdugxDI6i02GnCrSRRJqOsrexKjFMd1zyykS/Z/wBnXFnF
3FUdFS5RLKTGSoAOkM4stzyGPS/w2fA68mZwZ5xdTA92X0RHdfDtff3OPRjHC17n7LewfIcgy2hp
4qcRU9LESKcAGx5jV641LLOBMuNKJIqVo1BGlVAHeE+vljptzvK3cM8I01MUqe7Gt9iich6DF6oa
GKipkp6UgOyC9+Y88YKSpoJDGsSEaLG+ry/1wNTMe8YTOGY3difTEkDnfEMOjuUntoBJ9PXFVzLN
Vri+qp1gLqLel/5Y1jGaZ08BlTU1gxUkWU3C9Sfe3PClPRxoBFUSJFF9WmS+s+oxqqQumX9zBHV1
TBLDSWFwE62H/nc+WGkmfZdFDJTQxqAjBCEBuAOZ/wBb4LVI6PMEraQMsggLteOOx1sCdz6bDnhz
Td41Tq8ZjH+LJYgHyVffGNtSJcympcPHrp1cgiNbg/8AjDlY6cUxZ5UJHhVYxzHr5Yv5OkfX1s02
mmSGPc7d3y8r3xFVkFXCxNRUxJBGdgb21ex5n7YtrRnJQ96BUVtTUSRP+RiF1G/nvYYS/g7uHc0Y
Emr6QxIUdPc++M27aPYqZlRQ9Wsbx8iAfEffDlKOnr5BD37uOTM/hU/blgSPzmOjjkSOlrY0Fto4
TfSPe25xX81oopxIKiRmj/KWPP09fYbYdjSKoMsmjPzD07pEfo1sQD7+eJSjy6WWoFSsQlJU3UPs
vla/p5YYqbPlkMDSHKcsCz6iGkWwL+2obD1GK5xF2R5fxPVGpzCsZqkWDLGz6bD7jffmb4V7WXhX
si4dyjK0+WodWsXQKitf13v/ADxZMo4Npe6AioRIR4THc3v6gbYxaS0/BktJVKI7U5tYRxxaNvPB
KvKZu67uamhjBFizJqb7WwUyIfM+G8vCd1LDqZxa7Hew9OgxAZjT0eRRkxPETcX07i3THLLLT0eP
x3JVc+4krMvVp5ZSkMal9Z5++Mp447W4K2KSSlkbTERcsTc+58yP54cLseXD4sr437fcqgqf4dPn
YiBH06rG/O1sZfxj2n55XllpKlTDUglDC952IIu2+wQXN7c7Y3Pp51gnyNRJlU3DOYRyx5doetl1
AGpZWMo1bbnUEJ98b52X8LZRI0PEWYTtVVPdSq6EnRGxKll/UWxuC1LKK+gyrMoIM0X5/h5BOpbx
MzAK4Qm3IcsXOCLLqzL6mvknRKDMVScxMbBCwDMDf1BGNj0huCuKcv4UrF4fzt07kRvAoc6u+jUH
Tp+x/bFw4aoZIIVSGYOhj7yOO1wyty/qPfEFj4RzGWCqaGmiEkGzaGvt/mU4nM6yqjTJ1zOik/D1
fiQcmBv9Q/rg9mI+jyugqWbMDFr1izKWufQ+h9fTBanK6+jcVkBMkYPidNrg+frgNU3iICnqmqao
l4ne2sbFPcYrnGXBuWZnSmqZFkRk/Jbmeu/X2ONsS6eQvil7KK0s1ZS5PUVEKHSRGod1XzU8wPQ3
x5ezz5WinkjkpmiiW4RpUKt+gupP6YPJjuOmOWqawUMNTH3tLULKANRG9x9sJvEyPZrg2648Wcsr
142WE3RXXUy7HrhrVKjX9Rz54Js3SJq18Wpm++GjKbkgnfcY6y/blYPGgXwk3v1woLCwcfcYavRZ
QHFgSMH0Df8AvjLf7KK2lTe2DyFWTw8x54K12QqPGSbXPn54bqARqI/fCP4K90eh/fHDZgB++Fmh
QoynSTfyvgbc7bW5k4CTka43JPlfCD/XcE77Yj6AospFwThSMA/UPthAvd389vPBmQKAwa1+ZOJj
XsU6r4KXIIIBtiZoylOZ6bc+eOLLq3NhipDGG02AODBim9t8R6EZrqTp/fBfBfmPtiE5Ch6Hpg1i
PXbliNA7JpJJ54KoYCy4kFWN+W+DaQRcgX52vyxL9DINK6vLHLckMRbzscQCfQjfBSzBh1688MVc
xXVcnl154Kzk8/0xCODb3uPbBldm8Gq18B6GQsBf9sGWzDnvgrXASSNy246YTB0g/wB8QvYne2ud
WA7y+w5eZwqDDxC5JG2Dwp4d2t98B9hbSoA1XvtzwDy6RfVvi0hVkFrk7nfBVO5Fh54j6LRM1wST
c+WFomYPzv74gPfqTtytji25F97YF2Ksuk2JsD547vBy/XDoSgMg0gXwKsWJI67W88WlsqlwN+WO
fTYkG1sVM65N5QuolTywm1g1g3vibmgA36c8PMuoajMZlhpEZ2J2GFmtb7IPhwznixVz3NhHT0RR
xqkNjfSdJt74vPA/wbSZpGuXRxmoLygvMASVHLb3vfHbDHjlw8l5eqOxz4c8p4Ky+PJKTLY+/gXR
3nU2FgffG38E9mkWSyRtWQ+NVsqeQPLHTTlWk8OZS1PELQgtfSWvtv0A/bFwyzLu7XTUJ+ITpjjN
/APPGUsmT5U4VHkWywjWF5E3xY6alSKZqmYdOQ6YiCeqjoKd3mmKgkaF6HFQ4j4r7lGjpnQ6Rd5G
O4GGcs2qsK98wqJUkcJEx1O8m2rqFB8v3OAR1qGNJEgug1EXA1jnc43rTN/SZpaT5vxVkgj1WXTy
BAHX3t+2EKuppVq0AIAjAUWPibfY8tz6ffB7aRuex1E8wdwQktyIlbVr8gPTzOC0vDsUrJHWTgKd
5ViFwG8v9cZt21Id0uW0dPqqwVnkB02U+FR7nBjW1SzRwtWjxHYr5e9r/fGDpINWVInWOqqA0XO5
2Dfrjp62KZFKQTSk38SppRTyte12w7JtpqPmw1NXlNrMLWufL/XBUoyjmreF3e+0ku/3At++MqQW
egnrFWrM7B7/AFk2VPbbDiOOR1EEtQ7J+WNCURdvYnEQNwulbqm+eLkbsLlbf1/3ywhU5XV0zdzD
JqFwqk7gYDAVGUtEhL1iRqeenfUfYDEJX0iwC8dO80l/qGwPuSOXpi2NGIzit1yR1OUvVMCFQU6f
hxjoN9icS1GmdTQxCRGVgLtBqLOo8tKgEfsMLNgJMqpo2c5hQyCJluY2isP/ALuv3wdMpWSKKTL4
o4NViZO9IuPUYrVE3l1LPU05izOoXSOZhW4/nhb/AIbpWAnoJnRwb6F3B9xvjJhavqaamVVlpzLN
sC0PL+mGmYiQwiQQyBW+omTcewwNzlV87ymBF+YoYWLSHU5vdj7k4q3EFIgiXWEZlubHn6e+PN5K
+j+PzGe9peYRUuVzisULePTqHmPT1tjxD2+dq2Z5HVTUGXRCASC9yxBuP2x18PMcPytSvLPEvH/E
2c5y+fSVrtpuFZOQ6HfFq7H+NZ58zSpzaQTyKPl44gCWVWVrbD/qN/cDHfTxPUXY7w9NWFKmWgMe
T1k7Rx0jL45GXxeL3Ea/qcanwJ2kSVz5nT00HykT1U0VJKRYsQ6lyPunPyON+mbC8nFKwvxJxVQ5
kJZK/MO4YavqDoIltb/qW+3rhPiztDSmioqCSq8McBDljuSzIukdPCz3t64dpO8A01R2krRV2Z0/
c1GWSr3qFrGxA6e1v0xqvDuaTUme0cFbIflp1aAst/AC1iPscZVie4Vnpcp4mmo6lnPetp1dFHLb
2OLLO6fJTwxSiUA2aJOljYk/76YfYNeG5YbzJK1jc6dufpidpblC0SgpIpLqxtfof5jEVJ4ty8jM
P+ViLrJuCdzccxbrir12V9xXijqAIBJ4ircrHyxpll/aTQ5LllRLTZgZXpZv/wCIg8QB/wCoeWPI
nxY9lVLQ1EnEQqe5hJZDWqveIp6LIoGpSfPfGjjXn/I63h6mlKcR8Q1VIVP4fy0RKOL7+If2xccp
znsVzhkoJa6aiVVu1ZVya2dugtYbY4ZSV0xyuPKXzXsv4C+R/iGR9q2TvEUDENKCwJ6WHXEBnnZP
HQ0wqaTjnJ6mORdQ7ia5sfTHO4yO08kqnZtwjm8N1SOOZeSvFKrX+wOIeroKqlPd1ETxE9HBGKHL
okgNrD9cHI1csAgQbHTf098HSTYjV+mBoqsgPiwOprg328ziP8ODatrDCUqWJO2KRnblLL9S3Nuf
njpLMvVfXEfQiNY+E8z54VURsCrHFVNE3UHngrx2NlY/fF01OnRxKWG/2OFQiEC5xM8C2YG/O5wD
LcG6XPLCyK1hsd8JkKd7+u+Jm8uNhtce+AU82vthi6GVgbBb3ODaSTbVywLsUgcr/pgLaeZxGRyH
8v8As4FypXY88R2La5Fj6YEC23piDtG1r78vXBghG974jJy7VqFl6eeO1lvqPLEHFlAAQ2wXrq1Y
YMhDdW1qQcAL22YnBsyBUrqJ6n9cHQaNxzHriqkKqxPhva+Dchex3/XBWv24gfm5+eEnYKdHPrig
vBPQTcFv1wZFsLdB++Ea0VjjQgqb/fChVL7sNuhOBoGhSQL8+gwR4owSALemLa0IYxzv9sCkZvrv
Y/rbEdFkVSRqNsOFjRRtv7YqAmPTcqefrgjInRhf0wbXc2JoJIJHrjioK/VYjlhDkhb6h08zhSJV
Fl0jcb4V0UCeHwg2G++E3t/m5b3OA62Ql1EnUOXXCSISdyB64WtpPhrhrNOJs2gybKoGkmncKoHm
cep+xH4Vsm4UvmvG6pVVEngSmXdQed/U41hN8ufkuo3bhXszbNHip6TLu7pYjqERHTp742Pg3gCi
pIFpMpptBXm8fhJt1x2jz2tR4E4EWkotNTSa5CNrncNfmdvLF2yrhXVOPmI923DHp64t6Wk7leQd
5ULFTwHQhuTbc+WLVlWQJTrrPinDag/P/dsQSVPA0slydLA+JzsPf2wjV5zR0tPeYh7EmxNtsSvC
lcUcT1WZz6KeZW0kmw+lP7nFcrMySKyT6Hk180BKqL9fM43pn2NS1KTr3NZU3VmGlEX8Rx/bEw8V
FlIkrK+KKEGwKrvcW6+Z/lgtMmkZmGdySoXgtGnQH6yL7c/PDWTvKmREc2Y7mM3Yr7/64zWpEtBR
iSR5Z2BSMXaRpOYtsCfL0GHUFLTQ0IlMxcS+PfwqDfmf7YztocUYakWKN/FzvyuPa2DVtIwt8vAF
mfwgFjqN/tcYkjfnJnqhRSQxqbWaaU3028sSYqa00zZbQhjvYhDctvgJ3Hlr0kMbJDJ3zCzl92tz
6b4PU0T1MjN8pNoVfxLAqP1JP7nEjKNamR0JqWSIXCrJv7YcvHWTsGnfYbDozfa2M7aNpZYVlEEU
Q8W5WQsT9zyw9ocurg/eSUKyINneM2Uewvf9ThRnmtLTQzK8McwtfY7An9cQ9bllfmA/5Qx6dW6l
jtjK7K0PDVTl09kqhpA8cvNQfIWudvfEtHQ09LGy0UMEYJ3kB3c+wxuM0sMgScD/AJFFLWN1bp64
KcmfLbSTUACE2DI99vXGaD6kny+ngMkOXNdjZXiO/wDLfB0euhX5iMzwxg277uRIB/8AbYjBsuzD
KkqfBUVKqrKfxVU2J9yOeIoUGcUkZ7gUtZEPCY/oI/nivRlMM9y+U5b85CvdsDpdX2tiicQZY0la
yuXVyLaVHpjj5Jw9v42WryyTtQyxKykkpayUs4bQVkHW/XHhj4uOFlpsnqqiKteknWUrbui/fDpq
b8vptjXg6H5nbyxA70cPyU9OzSre6k26/thXgnParhTiGPO6WaJGFwdb+JLjnbbcY9Dwaeyuyftg
y6DhagSiliniFVDSJMX0gtJYsfMAeEfqMaA/FnDmQ5RNNkqhUyqGaPW5CmVzKuwPQWVjtvhjO1Sj
4krJM/4Sy6grzHSxxx19akQsS6FjzPO7Na3kDiV4h4jp834Llz/MK/upFr5HsoHgVp10i3l4AcNv
Jk4aNwHxZEnEEs2XQss1bChdFbwalDaree9rY1DgXi2jzKSP50L3SsJo2JHiHJlPrfy9MZl0qmMo
r6huLTCawI5kZQf8o5i+LrBXw/xOeoEdknFiHFiSdj/f7Y0CWWZjNBHPIE8VO9nK7+E8jibyGrUo
ixzatze/n1+1jiVM+M8kljkhzGINobc2P1W31D7YpPG9YZIRNLHqkhGpHA8Lr1Bxucj0yvjmloq6
CWeJJJoihWaGNvp63IA3FuVseQvifzChyVponnSKodL07RS6oqyIdDcaWK8irWP6Y1rgTivKfEdR
FVVL1cUHco5uYo2Noz5e2IsSuPodhbyPLHCupUZlJ8uKcqpUNqvpAa/L6ueJHJuJ6zKz4FEiG3hk
Fzb3wdlfeC+LsmzmZYJMshQt4Ss1pPvbbEtnfDsFTSyTiagURG/dy0bkAdLEbXxnpuXdU7M8ny9/
pzmgYKNljvHc+xGIGZUjkaONtQBtcG+M1v8AZMjy/QY5WuL35Yy1BhIQTf8AY4OkhCkA29ziMD3p
vy2GFUlG6vY3xBzKLWB+4wk9sQ2IQo3tb74PDaQbMPbEf0Hne5+2OOkEfzxNT7HCJtuL8vfBTo3G
q2IaCmy6dVyMFYaR9XviYJS3PMC/lfCTO2rci+HW2aAnVffpgQTY3GFDJcb/AMsKBd7HEoKRYHfa
+Cn6gFHtfA1QgWN7dOeAawIFr/fEK4qASRyxxbaw59cR6GjHh3FvPbBrgjwj9cB9CnS21jqwWxUe
Lf1wiOCFjYH3xxRjsun3GIXlxQXv1OCgnlblia6CiWHO49cHj2tbl64l0Pa4Nj98KA6LKem9xgq6
Ffe1mHvhGXfmDbFBf2Bbk+G1vLBlVfXbzxEZDy8QwIIAAvvzsMQpQJY3DA+mOba4A5+eLtrEk9h5
HAhlB3O46eWJr0VjlAUeh6YVSW9/ELeQxaZvTnbUbKw+2O13G2BA1ADptfnjm+nkMSkczWsOfvgy
yMFvf98IKLL4bhbnzwmWF9jgMIyWLXviW4O4Kz7jTMxluQ0LTSkXKjoL2J/fC1qPW/YX8OGX9neW
x59UwiXMJk7os637vV+YbemN44K7O6muArAwZIwCSw6+mO8mo8uV+V5bjwL2d3dV0KrGMMQQQqbW
uPtjR+HOBKShk1UVPrV/ClhffGmP2vmRZFT06LHIoZgpJ88S1Lw5qCh4yoO7KP8AL5YkmMqyuClg
V4TdrE87C2HCF4IQ+tQv1D1xJX8/4zpoC2k6wDYBbgHFGzbiWvzAOkpeHfkBsB0sf541Jrli8oPN
uJq6aQ0uTRLGjAAyhrlx1t6eeBySgzioYySRu+pb+Jel9vQXwWtSJ/LHpaH/AJ2ePQyHd73JPv5D
EdnGcRVk9pJSHdrpJK1jpvzsMZM5Jd61bMZ6SCQDQESRuZ8yB5npiWRKxaRKSCkSnWOwKLuznrq8
/wDXBsgpKKs778WxUkAk7AH/AH98TTQGnsBUd62n6nsES3X1OAnE0ZKqkWYgyHfvNWkA9bk7n3wE
Zipiy07Oda6Wmi8Rb0F+eJC1cuVzqkSU8cQTZYU8T/r5/fBaTXSxsY6cJIzfXNKSf/tB/mcROY8r
mlsJ8wTvL6tQcHT9uQwFSsFGhjrMwE6b7oxX7XtbARGhFTKAuXKoIssiG4Hu1v3wNJSVERkcyiFV
/NIxOr2uMZI1RL8z4XqLlTY6gSq/YDAy5P8AhqaSraSTrGw0r/ph2ichg7l/mZIY2b/OC9rdeeGA
y2LQaiarjkDE7yXVP0OBo5WnjoqYPXukgkFgutgCD1v0GHlGaaVu9DpElrKqDb9SMPTNOzVUqBWm
VZlHIKukH74XD9/EUihbQRyZ7hftgZ0i5IJMuGoOQnXQbX/XDvLpKSUNPFXupH5GkIP64UVqKij7
gzRV8isxs0ZYMrHCOUvS5kCtF4XUlWjcd29vMeY/bFQVkSRnairAI9WxaU7H3FsU3P8Ag+noahpo
dSkG4VLge4/3bGMpt28eVxZR2h5DHXf85CltwjoVsTv9X7W+2PKfxR8N5RX0OYxLlTPGyX0qdBlN
uRtuBfmcXj1K35rcnz54ogTKM8lgSOnGlrXp5CyLvy68vfEWghNSZpRJa/hCWIx2rzLNlXHtPl2W
QUGXzSQ6auKWSJx4LI1wR1G5xdcq7c+4yiqoM4r5ZZKmebMJV1kEksdKA9L2HsPfANJDK+2RZcqo
qZn1VQoIZYmYmyaCxN/e5/UYsR7ZMt4j4ZraGtdXfMniSKnW4AIQi/mfF/PCYV4V+J7iDgRaJsxl
VnoqpJUl5swdQJI28ujDptjR8i+ICuyjMflqTNO9y6qYTILjVCzMTYf9JJv6C+AV6D7OO1Ck4hzo
VdTBZydLhG21aRyI5gkbY2Sg4xSpqYai4aIeCc23BIJ2xqM1Ycthjp8qB1MnzMXh1cmVvX3wyyep
qMsolLynu2kG56EbY1obT2Y1MldQrlxZrEaoZn5KeYGKPxbQT00M0DprEi97EkBN4zbe3n52wwMb
z/MZaKrqZBKtlBIcCyEdQQOXPHlD4iuAaXNsxqaVKypkopGaonpqYXeJybd6qnnb81uf89qPK3Ev
COdZHKJSQ9NIfDURnVE3uenscI0XBFXmN279YVU2LPfQb8rN9J9r44WarrvhaqH4fc0raKTM6HiL
K62CFbySRTMhjb/KwK3B9eXriYyr4Z8ynyYZo9PWzNtqWknhOxHMAi5w8Lf0nOC/g87Rc5q4qzIO
J6PLXLlQMykaCRCOpABvjeOD/hK4uynLWh4142oa19Nr5fUOLj/tIAb3xfGKXSF7RPhQy2aZ4qGe
JJVBuKxFIP3AGMS7RPhz464Qleabh4S06i/zGXya0t7HcfrjNw+nXHKXtm9Xl01JKY5Y5FKmxDLa
2ECLb/a2Odmq3AgA8z9sByJ0tgbjlfoD9sHEm9r88DNLobG55EXG+E2ABLLtiHoUBmYm436XwaNQ
Lm+3rhOghgHuB+mAZS5/kDgLixCix/THFSwvq38vLF0ua5SWQgf644jw7n154XOT2Rla+7cv5YTs
gsTiFBqKkj98CgOxvYDCLCyMzXUkbYAc99vbe+Bp0ilttJwS6hrnfbriXQwYNdl5YA2axO3XEQjQ
Vve/oMCFH0sRgX8jKFPJtsHZbG4YYqRDuSzH33x2nX9B9DhAwjt+mB7oW5WOA61RGjQeL9QcAYtW
/XEgaL9fsMCVG6gge2JOUnTYn74VFlW+1iOeKr+QGy7FefTzwkx02sOfngVcLrtzOOH0nl7YU7UQ
PCfv5YGMldjb9cQ2OGF7XxwNxsR7YjITZwL2bbAIwDbH74mxw1jt+2FA4FtJt/TEtOMhN1tf2wKt
uSSPYHliFDa7gKeWBDDnuPXAZBWk9b+uO7w8weRwgfvxYrzPUYKJCx0ja/LAekvwtwTnXF+ZJl2U
0bySSMFAUY9i/Dp8OFL2e5GMzzGJzW1CWlk6IpINvtjphju7cvLlJNRvnCXBn8Wq0epSVkiTUGAs
DbGzcA8BxRKlNT07BXbdW/c47ODUeF+EGhgamaIaQ27+X/Ti95TkeXw08dRBTbKukb3Fup98QSUV
IveCTbUwtqUbafL74kaOnlKNIzAK/wCUj9MQN63NloICsgBa2kDoB/fFY4p47pYKNmlqQkdrA9Cf
fDJ9jKs1z7jyBCkLXeea+wNgFvy9rYjoM2zbNojBOyxxMDqD3CgE302H2JxWqYpGhaCmjTuQ0zsv
icry9h5WxL/xmuFIiTEJGgDMofp0uR0xi1vRlVSZ3mpkjpaPRGTdUUcieQN/5YCiyeaWoWJIA8r/
AFSISzL5+Llz8sBiapcpqI5Y3lDJAG8L3vc+h88TlJHSUkw7mlgivusbtdiPNj09sSBTCnmqe9rJ
Qpf6bi9h5gcsFqGp4pdMVUZBITvzsPe3P2xB0E1HNXiKjmErRDxKqmyW5gk7D+eHqZfHJKJJa1gz
jwoq+G3qxtiIzUKS6hT5ckhXk1wLfc7DA0VHBAGlapuW2SIyA3PuBiMSE2QZjLTmWgcINO8THQP3
Nz+mGUf8WpyyStHKOoa5C/Y7YL9kaKWqlAjpljIvYg3AHmOgwMkiRp3K0yEDYu7agT06WH6YCATS
U06zzNHTwkj8VlLKx/TAmenZnalk71Sdesgsv6YDp2YNS1ciNXQpcbDTIF6beG2GctHURuHgy8O3
nG2on9tsR5dC9fO/jWNmTm0jWVf6nEjQiBogCWR97zWGkey4RZwTDU0MhiihadiL97KNvsLYWian
jU6Z2j89iLfcYAZ1Akk8bZkFX/uH9sMJaqmhkMInMp5kaNNv23wsl6XMaSUdxFAQb21jYk+oxNUl
blGpY6qP8WO5WTTZkP6YgfGODNApjYFgP8NxqVh6A8sRtbFUFhT19CCjXA1jUPsf9nBY1Kz3tI4a
oyZfk7rINyD4v3x5d7buzWlzNJqGoiRRNcMZRqW1jsV6+2MdV07j53fET2F1PDObS5vQvWTUUjuY
Y9vFY22Ucl6+VrYxuSathkVJkkDg7Xx3t3y5a0NMs5jMMlJcyDUrsNyPQ4bCokj7xZ7B2AHiF7j3
6YAkYc/qJZo5ZEJMWlBEmw0+pxZ8m4ggRoZXiCnLz30QlJNypuqny98S66Rs2aVWc5lWZbShQuYW
dBIbG4NxpPoLj1xZuGs4zbhgQMtPMs7ropKpvFHq5NG19ud7EeY6HDrdVet+wftFoJMsps4y9Egq
IwhagZ7ldr+Ww6jbrj0x2e8QZdxFwstSJVjapLVF2ffSp8VunninDPbRoeIqak4Tjp5PxGUa1ccg
AbEfe+CyIklCIHYPFIwkQv8AkONbZqQp66ZMmeiZ3S4DeI+IG/UeeKn2kVk8eTyQyo0ciONDIxVl
I52Prz/8Y1O12xTinNp6FaqrqYmmjkLRsvLUT+YnkOl+gNjyx557V+NBS0WZTZNVwmspC5ajqSNV
wLkD3XryIB5jG+B08rcbZ9TNNNmuQVU9JHW21wQE9255kWPkbbG+KtSZ3PRVDS1KGeCYkvTqxjVr
+i/2xyy7dJ0keGOLKvI8+73h5KoxyeHuBKVcDqLrsfuPtjb+C34NzOelzeb+ITJINMhRXWaNx08O
zeht15YwXqDsTzCPM8tabIpLwxeBaesX/mEA8iRvjV8umn735uMxMW+tNBDj9Nh9sPTJ9mOU5Jmh
78ZRDG67nUA1z/X74bS8MZPHTSHMMho6uMqQbxKRvhW2Jdsnwq9nnHkEj0mSUlDM92FTSR2ZT67i
+PJfa78NHFXZtWOlNQ1VVTAEir7llU+fmP3xWfJ2wy5ZjJTTQMVljII+2E2XUccbNOsFsy3/AJ45
XW97dPPAfRdG6f1x0l2Nwd8TBNbg+I7jBgbfUQPXpgI6EFOX3GC94Vax5frbBpreo64IKrz9OWOG
xP6Y0LXJYXJbc4B7BbE8uuCsa0SdSRcseXTrgh1EeIfpjQ2BRtvf9cGHOwPrY8sCHBs1wxwZtgf6
YjsQEi9/544qNQNt/LF0uwmyrseeAADjXcgnEfY3dNe2nY4OEUKAD/fAeAgMosf1vgysBsuKgRr+
QJ9cHRQFHQ/yxUzsYWAuN7bbYEWuRgIrnUdh++AI/IdvfECZ5G21v0wNha4NsJ061vDqvvuMH21B
djt05YgCTSebW9cJOuIAcnSLn9DjlIO98Rdp5Ab36YEWJ35YRoa5/Kb+/XBXYWtb9DgahIkXsPLB
rGwAG/PCRhttq/0xxe99/fAt6ArXYnz8jgQRvdRyxL0OhBvcj2GDlwBY738t8Vhx4JuwBGo29sAH
v154vTPsKnU1r/bFr7JuzjOO0jiun4eyyAnvG3exsoxSHfD2x2T/AA88LdltIumQyVanW7EXs1um
Ny4Y4WizEwULIG8JZzvvysLdN8eianDyZX5XbW+FOA6GPNHhppI5KcFUXVtsLX/fGncM8IGtnjSl
UKGbwsdtIwsrxRZJS0SRqhLc7t0PT+d8TaCKKhZFjAVbbL1OJDx5e/eQ08bDVLbxcrYb8R8R5fkV
K1R82giUHmd74kyPivtVonlk7yRyhBsF6ffFCzfibMuNq7XJUGGmVLIkSk23226scW+FJs8hyKny
mCGaaT5irc3WIE+AeXv54d09JmVfJ3VPSJGJGBfTewHvbljFaiUSniylEgilM8zG4VTpT7+f9MP6
HKSYu9q5FZg1wse4Nutuu/U4ilaOkNVAUqGiRG2GprA+Z8zyxIUNPDTJ+FKiF18KwqNVvc8hiQ1b
VTPJEEd5FSwUkbKL/lHMknDcQSVE5dawxyWuyy3ureV+QOIV1RUvl9paho5dAsDI19/fkcEpqyml
rY4q9UcOC5p4m/na1gfPCEn3+WSJLUwtRUUK+Ix2Aa/v/pheCeoqNJMqklbEBS23ta/74qYVW81O
8bQOL9G8vRemDNSUcTKkNRHFJz0xKST+1sZaSAFGixvFK8k1rMurSTfy2OOqTDBC0QphYjxNJdrn
364DEcyZdJF/y9G4a+7OAQT6dcLRKtZAXKHShsTpYMLeYPPE1omjfNM9FTRpJoFhHumk+djhLLUz
KNis8umKM/S2ynBTEjPRivBWqaFVts6jZv064jqino6OsEaVKqgH1oCT+mJQjUVMktSq0lECgXxy
yKUH9z+mHTt8wiU8LrpbkIze2Jr4nHcV9N/y/dmIczK4P9cJyOKcnvKqGZgbBQGa39L4mLqI2aCp
rpCtNJOdAuURbafW674j62KIxEVlREZQbCGRma497c8ajFJS5hQB/wAB+4e21mI1WHrttgkfFbyy
LHLFLYLuLnSw8xhC1cNcQwVqinOZWlWxQPz+/niXrpoZgtPIGZGF2Ed7n1XyOMpWOMaHJqulKjVN
CV8M0DnXtz1Kdx9sYL2rcGcOyZXM9DRrLK1x3jvckdbnyxnKN415a7YOzDJ+IqaoNamuKO6voOgk
dQCOQ5Y8hfED2KVaZwanhrLGeO9ldTZd+QUDoB+pOHG6as+XTH6yhrMqdIJUlEPMSMCLgGxIHQXw
pUZTSswMsy6nF1cnYeRxtzpjrelqNFQoa/5luLYk1SrzSmSSlZ3kQAab88SNKOKaqqI6d5WVkB0q
zb352GJXhntHz/JsyVKjM37hpVaRDyuCPGB/m2G+IVs3Yl2vRUHFlQ7Rd+1LOxkrk5d2W/DLDba7
EXHpj012d9q0DZHlsKysBVM7rD1SJh4z7A4ds6ad2c9rUvE3ClO09XssrxAm/jKGx/ocapwzxlFn
2SGnqFMdR3du552Hn/r6YRpOV2ZLC1PJVkktZXbpYgWP64jeLoIq6nqqSoqC506btyBHLb9cai1w
wrtSq2yzIpaqODvEhsJYot7EAi4HmeVj/bHg3t9zKmjqJeIcgzC5la66zaS35TYbhkIIsf643z8R
3WKVlXJJIzT6tTNqIP7/AK4byShjs/Pp0OOLof0ZqsrmSqy+pV9QDCVOa+m42ION+7HMt42zHOsv
zbMXkUIwInmgv3o5jWwFx5c+mBPWnCXF9RlKwGSkYCMaTIsZYlT+pIHmDjS6HOsprFSWlndFbfUh
3P8Ap+mLWgmKCSGrUVFFGkjW8QWTUre/r98TdbwxbKhm2WaKZn5wzLdG89t98ajKs1VPkkhWAZws
MzEh4TDqh++48sVPjbh+qqKKSOopqOaEqQVpjaJvcEEYTK8+doXwwdmXFCPWfJ0uXzG7Gajk0En/
ALeR/bGM8dfCRmmR07V+SVLzwDk80iIP1xjLl3xylZPn3CtbkE5pq6SPWDuEbUB97Yie7IJZenrz
xy063oqg21MfW+BJ0pcbjob4ozSbpzbUPQ4G4bcEWxEYyb2/1wF99v8AziZ2G9luD188GBul8S36
EBIGrcDzOOO5sT+mFnYjCwte49MFsOl74g5xb+4wAB1WNsS6KXDJe3Lrjmve4Nh74D2Cynrf0wIV
tWkczipgSuo2Xa+BVLeFt7db8sRvZZYTa21vbBu5sSQMBC0bDcj7Xwi/LSBywdrQviLAcvW+BUg2
BO/88PpfyVUBdgSfXAkLYb4D1wI91BdrCw6jBHFt74lBdQK4AHUbg7eeFB0j6gR7YMpKkWO2JOks
RfBLC+km598Q1yBgNFwNx1wGgMu4xIJWybj9+WDBLAE7X64k5lUEWb9emE3LWtijQFTx3woqnawv
iQSmuwH6YI6bbE7YkIE3LEAXwYqwBA8ueJON/wAp398G1Eg3NvXCHBPDfzwAjA+kHFs6XTsk7G+J
e1PMfksppiEvZ5m5LfHsv4dewDLeyjI2WcRT17EyNMv1WA2UemN4Y+3PyZamm38HcCz51BHWSN+M
8lgjA7k742jgbheiy2BKamy38TVoa431X5j32/THaR5a0LhrhKkRWIplaachUIPQEb29cXrIsnej
UxxuraZSBvtbr/bEkzRxLNES0YHmQf2GBEkiyd4ZBud1PUDAUVxPx3SZIxvWaNKXJ5FVtvb16ffG
I9o3aXVcSMwoWcJGwCjVZff2H74h3VRy2SfN5THWTlYo2GpuYNufvucW3IcqKsQkMcSDTY32G21/
XGK6RPHI8vpaX5ksZGY6TIx2X7DBLVNTNHTw1jQqX3RT4m/3f1wJI0+TRxu8lIO80eAKTuPNiTy/
niSo4ooXBMbhHtdE2Lkbgs1rnfoMRP4cny+aYSVE7NIDtqN7n0HT9cST0sNPSd98gmgc5He9vMee
IGYJq3keK6oDq56L+pJt/XDaqpaGtlENLdx9Wpbm3n0uT9sagM4IzRyT1rQw1KsbJSylkLEdTtfB
5azNKaENX0c9HHJ4SlOGYHfYXYGww60CCPS1MpqoMrMskI2SqUPIP/vIH6bYmnzyppVQQU0z95u0
kQ0KtvM8j9sFR2c0p3oxUJVfiEXcmQhVPnsLH9cN8tzjVUGOSELqBbvY3ax9rC3P1wNJSGpgmhRp
MqeRxc6jckevLC8c9JUxB7RLIL3Ckqf0xloSfL4oYhWyiGNBf8RgGuPXqMN6Ouip5+9pJIntvpQ8
vQE7nA1DqraTMG+cgqIxIm5VpOn74b00i18klpwjLs7RPy/Q4TqHcVDS/LhlLVBsQWjcrb3Nt8R9
M0glaApIQtxf8oHrYYDCFZFMqfLUny6q3PSwufufPDigWno6dC1UsRG7TSAg/r1we2vQmYVySE6c
waQnnIYjb3F9v3wMMtLmUWlKsyAbWElgPPZRhZuPGzSryzLyG76pMYk2TwstyMRVTk1PKTNBmoOr
cRiUFWtz6H98ajnQdxSU+Xn5zLpke1vw5CY2Pltt+oxDVdTlURURPJAqHSYpU1A/9r9f3wsnuTZ3
QUcpp5pVk7w3IiIJUexscSNZxABJ3ctc6QX8LB9Nj/3dPY4kjcwzSSJpZI6rvi2xcqbMfM2xkHar
xhS0VMy1cySzdY41YIp6DVYYzYZwyaGjy7iikeVoe7JlIl5+NQbG/scUfjTs0pGrCKCiRNKsAgTw
qeRsfM4w646YT2u/DnSZrDPUQZO7yEeAfRqI6Hpa+MBzPsa4ioJ52kgIQO6xXO0ig9L7gDfGpl9q
+P5dKlVUNnFNVHuxcjU674TraeqyYCRZO8DWKzxt9OOjlZog1TGZ453YyO/idmPr09cNVpzXVvdK
/ilvYt1OAH/BXFNVwrxNT5isgaNXUTRy7pIgO4I6jG8ZFxyvD/HNBl8GbR1NHBP3kLgFWlimH0Lf
mAXBsfLDBWv9gnahWx8Ox5AGSOWaVszp5O8BACuUdPQ2Xl649b9meb0lDk8dTQ1Gp5vxG7wXax6H
ysbX++ELGM4WtdoHlRJYoyY9BuWBN9x5b2wSpqoxnFXDUVDyRTojqoHQ3vvzuCP3wj2zXtG4dqK7
MWrqBT8tGNFbT2OnTbn6m2/2x4I+LTs8zHsw4sqa6V4qmDNVb8SIXjkVrWcEbXOx9Cpx2xkso6rz
tVMDJve4P64GKGGeVI1fTqI58seZ0anwD2Q5jJnlHWVFFoppgBI4BaCdTseQuuoEc+Rx7K7MOzo5
RlicMJXViIsYMFZGl0kTyJtsyeXUXw6DW+CeDKeCjjkzSFqh4xYVkKm4IPUc/vi10Cd1VTRJlSyo
5tZk2vbmvlh0D49m2S1FAIZklo52Oq9NKYmIPqu1/cEYhX4F4u4ehdeG+PHzahYFpMvzSPWY/S67
g+tjhnM1Rwg+JWyOjy0ScUZQ1PpIKvSsQw9r2v7c8Yr2y9r/AAPksaU75jIjSA+BmMOrba5Wx/fD
0dPP1d20RUHF3fUE8kMRF+7SrMt/UFmIv6E3xuvZnx12M9oWXCizHiZkrVAD0tUwFx1vf/xjFvLX
SN7Rfhl4Q4miklyHUQ97PHISv7XGPOfaf8PtdwDNM1ZltdoB2kjOtf5YMpLNx2wz+XFZvLStTyGO
S4I6MDhIx3Fr7Y5dNiMoC31XA/fHINN2LfpiGtOdrptz98dqAF9sSd3g0ncc9rYEFtV7WHniAjt6
7+fnjtS6htf+mNacnXvZV5fywV7AWHL0wENvFu36dcdoJ5nn68sXSG0A7k/bHabne5HIjAQlLjY2
9fPHFLt4eV8Rn6HUBjytbB4lQk6mFvLE0cRIHGom1trjrgwAvYcxzF8ZphKVrsDb9DhA+I2vbfDO
F2KQzbFj6Hyx0Sc229fTCOyqnqSSPfAtqbbVgVEk/wC7CYDcx974j7FVSdtX74GzBrE/fEvQwIKg
Aem2Butrk9N8WluOtZbKR9sAVGrc8sTOwMoB1Br26Y4oADbn5YTt248J3wdR1/bBpSgK7cwbYTMb
KBp5HEdhUadxhRF2t/LFVv6H0bXsbHBWGo3tt0via5EKlixG/uMAUsuljzxLdc0ZHkR13x2i406/
viRSKHV4QbDFm4C7Ns641rkpMtpGcswGqxsuGTfCt1y91/Dp2K0HZrwrEaaEvNIoJJF9b+n9MbBw
vwBWq38UqI9M2xaMeu1re+O+M1w8ueVt3WtcEcIQUWaySNEGSlUnRfcP0t540Lhvh2Kji1DafvQb
tsQW2xtzXOgy2ghdaaCUiQ2RGYdemLGtI0VQlL3BYqhBYnkeWLSkO/kFo6RpJJSukg6OhxWeLuMa
HJMsarQhqg+FYzyF/P8AbBOKq8/dpXaI2Y1LgVDMZpCAysd1HtzvviAgXNq1i0MRRLlg58/Tz5Wx
m1qThdOCuBa2pTvoUUBAL94N1v8A1/vi2RUIoohR90k8ijxFVtc353Pv+2MtEq6cxyLRV80MSAgC
KMlg5/Tc+mF4qDLa6qEWT0RupsZJCVF/PGdlNJCyaKfMUigULfSpGo26W5/1w+SaneMH5Q6W+lI1
JJ9T5DCjmqTITohmafyvCNK4Y1uZUFBVGmapkQi1u9IJsf8ApHLCALWV607MkdQisDZyV1D/AOJs
P54VMMkFDHU0S1ElrGSRZVAv7c7+2GCiTCnzQfKU9UrzLchGIRj/APLY/piKmMmXd6k8Sxqq7y1b
mVYz5EXB++IQMNAqCnMfduQBpkpACEJ/7je2+D1OdZjRVQpTTtM23hiQxq45WJAtc4kdS1i5RTMW
4bqnef8A9mV1IQn32P2wzoJuJO9OvJDBGBdHWWEg2/6eeJqLhlFdVx0/fSxNJrG8dPYuo/7SP5Yd
RUVDWjvTmTLIDdQ6gfvzxlqFPlZKeFmCPJEwJV3W4v7jDKrDfLhYqVQR4u7B5+VjgrUEimSr7oVK
yQd3tobcX9xv+ow4lkip3tvGSLLLGNIv6EDATKueetNnzFS6DdnOkk++Ohy+upabvaqoVwRpYQz6
r+lhbE10QSWkpWGhY4dR2ZlDb+5GFppMl8NRLOWe+rUyizYP0b9wEsMWa7wzvysUUWHtfy++Dony
DK02in0/ljsdXvfCzlfR3VZnRzUZjpxUuW5kxoyft0xCVlJO0tkoi2kFlK+AG3vtjTnUfm1dWxSi
mlpYZE0+PXExcex2FvXEHnFM8SAUijQ5uZYHYi/kUO1sajKDq6w5XOKTumjuLkhPw5CfMMCBz6Ww
2qMyp6KkaWsEirLsHhjOhfM/9O3rbFIztBZlx4uW0LR5PmzMrkrJTVAI0X5bgXS/qCMYR2s9pkTz
tHWaImUktFI1ihF7b9fv54K1Drs1qMpzrLhWR1hlRwHSRZLb7i/tvyxNpw7N840U8haM7aJV0sF9
+o+2ObriacTcEwZlB8oabUp3Ia1hf/qxlPFnYdTyTyVUVCjPHGUROekc7/8AnGbNu2F0819uXYnR
0EU1THGNTsT3reERG+/2N8YtUw5amRHLa2oeKoLfhnnHML2uOo++2NeLL0PycJLMvtXswyusygrT
1tPYsNSNfZh6HqPXDMyvCyyR+Fx4lYf0x0eUgveSSsVu3U2HTF17P+JYKnMIKHOgzpBpKHXpsFsL
e3LFsVdOBO1BuHOK6bh+SqjWloMwljV23tE7kNt+h38hj2X2T/EImYZG7rOZJ6SBldIGt+NG+iQe
xILD0bGu6Lw0/hztAp55+8GYxhhT6oCSAzBrm1ud7gj3wvlvagaDM4PnqV5FkvYvYkBgHDD99uhX
DAmM34gy/MTI0AAniUExL4lcnkbdSDjzH8Y/Y/NnfZrm2b5VUmbLxoqI6V/qpJQRqAPkQR7j2x18
erdVm/b5/ZnSyUlVJBMniU2OD5RSS1DPUxyxh6fS+iQ8xfmB1A644Wc6dXuDsRoaWtyeibMsk/Gq
KNKpSjeG4GlgPQg7fv0OPVvZ1ltBFl9LlgjWNyocHpIvQ2I2bzwdM9r5Fw7LHlcizUsQiDGRXAKu
vXe2EJ+/ipXqTUaVI0hebKPfDET+ZpZsou9XI7rsJVGllPLfz/3zxVJeL3oaju551SaMWFQu2q3Q
jDrYYp8Rva5lgpnoM3zWoikKEpJc2t/1jqL9ceRO1DjnKM+rZHqskn7wgJ8zTVXgO3Mrot++NXiN
Y81m2aUNPJYwSqS3OO3i/vf9sMcsznOOH6r5rKMwkp5QLake9x5Wxzbbt2H/ABtZrwey5LxvTtLH
KfHXNMxUC3MoB/L9MeheHe33sB7U6E0mY8T0ZXReUyjuQn3a18UumLPjyzntc+FLgrjJ3zvs+rpI
FlGpZXjtHJ9z/QY889oHZlVdnlcKDNYJ5XN/xFFk+xtvizxl5jthnvtU5u6JEaU+i3n1wiUViT9r
Dpjk3buCsALg8+mAkVdJF7e+IQUKFW29sGDEroN9+gxIlci4sPYnBrXW5P2w1ycEJtZsGHLxGw88
ScFGnVY2B6YFR09OWIjdf6YEL1I5ciBiU2Aq19NxtjtGlrDoMRGvY239hg0Z7s329jgNuy0coI0d
bc8cZAdwdh1viU+yTzC19j64Ly8KqMWlaKbcrc+djgwUAAq1rfviQwbY3a+BsqJzP3NsSF+qxHPy
88BpLHSf1xHYpCKbaccVsRvfENgBCnne4wIAvZt/fCtuA5DBggvfr74A4oCx8VscFBYkc+dj1xaW
4FUAPM2wYLZbfviINK2smC2sbtbEt6AFsd9r7jCgCj836Yqd6cxPMfzx1gRsfvg0d6cEAUnr54Ax
gKQF+2Iyi9y3ng0EDNZVFsSl0uXZb2W5tx7mYhpqdmRXVSVG5uce1vh/+F6HhTJFr4KPVqKhiTdr
W3vjr457cvJfp6F4X4RjhSmhSjSMxlpImLbG35ffFwyRMsy3PZcsqZ3MqxLWOhF9gxH88denGrJw
rnWX5jmEj5ZKrwSOJl1CxI2G/wB8aVwYpzdIKiJBHrYyML7XubfyxBYqWqSB2dYQzRyllB35gf2w
/qMyFHAMyqZTdzsv+Y25n0xJX+Ku0zLMuEkVRPdwwRVPn12x577VO1itz7MjlmWyOzK5UAG5dj/S
2C8KTdMOGsgzFnhzDMYu+kcn8PnboB+mL/leQVExWmFKgZF0+HbSBzsOfkL++MbdFro8temyuJZJ
oYVHS2p/+1VHr54aVk0cZ0a5NQF2UJe33xmkegpIZ5xO1OpFhZphyF+QHQfzxI0TQ1E5kMTTG9gg
BW32Fr4jpOZczKkaCONHvZEjjXUPU88OX+bLpTPQC4FwHvc+/wD4xQCVEsTt3WZvJBKo1COFAWt9
+mILNEqUq4xFMmiffTKo1HyO2/8ALGgb0s80UYiqc2aUIdKU6gqL9b3Y4loquCPVU1+UR0qEi1R9
St+nL7jGmUbxBrzBDUZclJCADqdpWZCPMEC4PLEDm2dRVWXmimzQPLKATTR1qm1htpV78/QYYDPI
+I6FGjpTnETmntejqZ0M0Q33AKjUPQXtiTpuLMsqIngyyrnilmU6qWQqA2++17YCNl2ZStFqr9Dq
drqu/luN/wCeJTKKPKp1etlyqYSqecl2jItbkAd7YikOHTDDmfy9LIrIg/wWYXb25AjFgp9NPUkZ
bGdR2KsBb2tv+xxmtQvX1E0Eas6HTyYU5KqfcWNsKUGWpmDq2Xzqo21Irtq++1r4zWp0QzSjWpqu
7TMNbRHfUlnH6YQnWrNg8004GwaMgg/e3898DUPsvy2R4C6mGdQdXdzbSH9emEK2iEoCxJClzfum
cAfblfEZ2aVXy0aiGoWMHchGQ6T7WOG1SaMLGkVKjBj0W4/U2xNSWloo5HhU0tMAi/UI9v3xwd5n
VaeGzDw6mUsT9rYhZsTMcqWBfl4quznm2rl6WAxEVGb0VKflK+pkdm8lkOkey405WbNuI6vKKBVz
DLKevqowv/8ADE+E+gYjffEO3E0T0zrVcKViMpDA1H4bH77g40yrvFGamHLzVtlEqqNj3aa1X1uu
36jGccSccUFRG9PR5zJktYF2rqZWmppLH6ZYG5+4sfXGoxWQ8S9onFGQVvyCPSzxujvFJcT006c2
ETXuOp0kBhvscZl2p9ptNm9U7VFIUm7u4BuYiDykBGzr5ld/MDGcppucrH2QZ+1S1PS1UDpFKu8+
XC0Kseov9r3FjjZ8ibPHulDnEMs1MPCtQlhMPQ/1xyrrBGapzaY01dR1FNLezRwzWQfYjce2JhOG
6GlgCSQBXcWAby8yB/LGJeXfXDCfiU7KaJcoq6pIklgB8RI2vzANuftjwd2j5XUZPVR1aw63pyfr
QAMCxsSPLfG8eKz5f8sEDW07ZtTG8JRgnhi3Kp7emK9PTOknyzmzKNwTvjo8xvDIKOqWXTrVT4kJ
tqHUbYc1DwUWas9DUB41OqN+VxzG2JHGXZxUw5kucgI7iTvSj7hze5BHljU8g7WZuFOIM5q45Z1p
c0RZ0igJAVZBc2J5b2F8TNj0XwD2s5ZxdlNRVZanzdVSU/fFYz+JOhUMSoHUEC/kb4uPA/bTwrnk
MfGCyST08YjjkVwW7hv93288dJyw0TIxmU+eRZhNWq0VRDdUW5jNjvZulxb22wr2k8KS1nAtTltF
T/8ALTnupHk3BLBrKfIHxC/r6Y3jZsV8z+0Ts14mg4/n4LioZPnNbGKlY2aU87LtuxHIdcMODOzb
NeJ6Rpspp2lqoGdXpbWYlBqsvmdNzp/6TjGeP+VdJeH0P+FbgGGt4ZyatrsvlKw0pUQMAXYEfT6g
b29LY9DZbw7SSU9VDCHIQFkBFtIty/8AGMJN5hXGKgo0aYSRoNQLE3KG1hf788UniHjSPKO9ppo0
kp38KPKNLIb/ANz++KBUuIe0atyuF4svq1cshMlO2xVT69RccueMn4x7ZKDLYXlzeCWlqY7siEF1
qEG/gPI25877Y1OQ8/drvb7wrxJkkVXkE4OZksJKSdWXqd1blfzVhY4ySrzrLMxKzRwx0U7X1kg6
D/8AHz9sGVbxhnVH5yWSRp45Ady066WNhyVRtbyxG1eQ1JK/LUMRLbKrNdvcgcvvjLd7MqrKDTR9
+1ZGWubIFNjv0PX7Ya0lZmGX1PzFJUPC/wDmQ2viZaFwd8WHbDwlGYv+JJ6mnAssLlbA2tckqT9g
cWbLPifyLiaoE3apldTmC8o6SlCxIh6lmNyfa9sTOtdJbJuy/g3toqJK/gQJl5lIHcOO8APuMVrt
J7AuI+z2F1zSamRUaylbjUPPFJMm5l9sulnpUqXh79fB+YcjgYoxUJqja/pjGtNS7AwQHly6YFFA
urC+DTU0QIJ3vv53wZCuolhv74qxOLscc7nkMd4QvK1+eJdhNiTv974EAFjv9sSGXTYg2HkcDp1X
AN7dcXa6dZtxscc25sT7DEunchqB98AzDnhQupib8/vji9xpIuDg0g3ub2IwbwA9T0xdoGkk204P
p5kgYKZBdz4bbnHMANtzi0HEhWBv+pwWS1rkb++GJxN2BvgpYXvc29MSoQo02PTlvgygC5JHriQd
gvLAooO4XARrHlbABRckm59MQoSG53tYYPFF3riJXVSeWprDEodDKEYap80pYvQvq/YDCjZPlV1Q
cUUpv/8Au5LD9sXR9OPD6SKz0Wd0E1j9PeFD/wDkBhGtyXNMu/EqqJ1U8nAup+42xKXZrpIsCTc9
cAG0kgRjY4u112MLkm6jHIupb3vbFpb2Vp6MzVAQX54unZF2R5x2i8Qrl9DFZQSC29gBzwzng71y
9/8Awt/Cnl/CPDlLmLZUHkWVi5ZPEdrjHonL+BKajojTiPwzCwAFrG22O+M1NOGV3TepzTK8nyOo
q1qYo3onWMki5AZiL299sYDxH8U2VV3bzmGQcOPK8Xys6/MWKqXjUeAHyuGOLK/QjbewbM6niXIq
A5fM34SfizMLXBZgQTbkNrY9DcJZbNSULUbAgBlLSjy35fc41BUrUV1DS0whbwNsL3I3PP3OK1xl
xgmX0r6ZgXjQ6Cx5XxVlgnaX2jyyVRMU7akGmNTueX98R3AXB1ZmUcedVzlZJAWUsT4Qfze+OddY
1bh7J46N1NKrybhrsbAeW/74sdBU08aSUyLEmptbSDr6X/tjFrUmziYPDEZoJSQdrg6APYHc3wzh
iesX5etzB44tQJiiuoJ8y3M4DpK5TlmVUN5nV5pWJ2lYgDy9SffElFT0UaAVNNK7zNdrL4R98UWk
xl1C1E3zFLWMiyC2kkqP15nHGCrpZDWxyOrXIPcJt977/riiv0ZVFLmcp+aMSBBzlZrsT74i5csq
Yg/dSiWNRtH3QYN7m5xuM1E5xxVSZNTSGfWJlAtRzKQshtsAzWTf3FsE4V4pXMS1JNk8mWSOt++c
q0VvPUpP72xqM6QHGU2b0tVLPR1rwzozRl5IQY5LbqQDsdvI48u9tnxV1vDXE03BXGdVw+sz/VHx
Dlr0JF/pKSoDq3tzsR0ONzHjhnbGuLPjfm4ZqKmsipqOuXLnRflKWpkITffTUi4sOiuCbdBi+dlv
/qD8DZlTU/8AEc6fKoJn3hzOmjqaeAk8xUppNj6gN54xS1zhn4iOz1cziak45hqVqmIjpstnkWwP
UA3Q+ex1emN14H49j4n4cTMMplq5IQAs0ysXaMdCVUXsfPTghqzR1dboZFoBVLEFswfkD1INtO3r
ibyylklL3qGAtsmkhkPmCQQf1wVqJyhSH5YmSd1IuAoXc+4N7YJM7pGY6qOJlXbVEALj15Yy3NFW
GXyQKupixNxHqFv1vhNY8upotM+VMu201M5a3obbfqMDRCKlg+bKQCWUcwgYhl88OUy+DuzJQVjO
RuYWYFh57f2xE3etqJ2MbM7HkIn5E4bR0KpUXzKneAPsCyXsD64mpwWkyWFoL0VejJHtck/pv1wo
RQrAyZi6LpWygnUD+4xaguVNTT0TgyU9HTyp0a2gG/8A4w3rco+r52ggdLXKA3H97+2NRzqGzb+C
0dD8rSCpjKEMoCagp9NXLEVUcQRVUMkUcckzEkFwq3H3Yaf6Y251Q884cq8vL5pllXUQIP8AEjdG
e4PUrGWU7+QxjHGPaRw7kmbPTcSUc1NHUXPewwLLHLp2JXk4/c89sb0yyrOeM+zrO6mqy/KeLRUU
E+qQRQqI5aVgbd6shFwQbWB3HrjE+OM0zSjpTliZwswSreEd4yQ6pOl+YRyCCQPCbXBsbYxlprHt
eOwXOswpKKGemn0u3gl+bmEUuondlkBIF+dtxjf+F5RT6kz7ICyj/Cqp2JicHcElOR/THKzh1x7W
apm/haxtSUskrzfSlKxZoh6XIJ/nhxlfcU2Xt8zXmQztuKh7MB7enljhl29vj5xVTt6anfg16NKQ
aFUv4geZ2Fh5+mPEnaZ2STQzfOU9Camo1Fyu5ux5L62/THaVxyx4rIOM+Es24NztngLNFEisZeY1
2uy+V99xio54jVqrmi2Bb6iBa+Ojy6Q0twwB/ngUChDYi6jkcQKUrstlUm17364ks1rKiSOOmM7m
KAER6hYgE9cSXHgPtMr+CarJ82yTOO5np7xySEWWNJCVKnzsfFf1GNXy3Ps44T4lrMqyd4kXNo9N
VSU+yB28XhB2AuH0HytjWP0zf23zss7RYj2YUtPDOaiqy0dyaGaYh+7e1vdrHb/t9Max2VcUycd8
PVOQ11UZFqotLhhuJFNwLfa/640z281/HD2Gyf8AEeW8exQyxd64p3qKFbvEQRZ0At4gRfn54q3Y
/wBhVX/+k2jnzykqDNmIE8k8Sh4JH3KVK/8ATILgjmrasdfJrUsUvp9BezDgf/g7hSmWClEkkRDA
utnpwb2F+o3NvfF6hzXKaFJoqmh1CRNJ2sfPn0GPO0zniPjjKuF4f4atWySUrERLMdplLeEfa9gO
txjF+2vtNyWnoqmXN6v5XLsxUr87FcmlY/mI52vYH0xqdp5H7W+3Djqkzat4T4iztJpaZR8pmtK5
jYAC4jYj6lYcj58jiuP8TdTmnDB4c4qpBmMciaYqioUF6cgeliR68x5nFbqr4suzCoNfUGrWpGl7
2vsfY+eCUuZVMLBHkUgHmvPGby3DqDO57tIj2cdRcf8AjADMFKSDU0ermGB039hzwHeyYWV7yySx
kjdgTYkeQ/0w2ndqiVpIlttvo5DEDYU8kamTlfkMI3ba/wDXEVq7MO0vPOzHiOHPcnqWMat+LS6y
ElXHurh6Lgb4iOAqXNYaKOojq4bkEWIbkdjuCMW9Vi8Xbzd20/Azxzkmdz5hwLSippCdSxyPYj03
GMemyfPOz3Nnyvi3h1o3Fxpk5H2ON5Y+4drLl/BuW8XZV8/w+IWqE+qmQkE/0xEtwHxQKs0UWSzG
TmFCk3xysbmSujzwdbDc7egxlDeC31bjl64KZLEWt62xIGq4uB1wZHBuVOJXQ3023/TAliCbGwPr
gV6AD/4wa66tsKCLE3BvjjtudxgQCoA0335b4KQAOVvXCtA8QBwKMb+Pli4XIQRa4bfyx3elgAWx
droOrVcki3ngCcCAHGrwk4KW5hT7YlwANdmwI33vy6YVuBBHMA3wNyW9sPpDb3P9MGD26kffGV1X
JdjYNb364HVY26eoxKTYC5uR1wK2D2P6YukEtYeR9cAGW3nbEbwFSgte364cUea5hQHXS1ci26A7
H7csSOzU5Xmvgq4VpZ//AK0O0be69PcfphnVUVRRzdzUpz3DXuGHmDilGhUpnV42KkCQXHqOWJSH
h+Van5RYnL92pI/7hfD2Z+2i9i3w/wCe9oeb9xFRyBFYgvpO2Pf3wo/B1lPAsyvUUoMgXvGdlvcE
Y6+PH255XT1Rw3wJTZTlsFJLTiAi11HL/dsR3EaUC1yrROBHTeIHobKb43XN4y7eu2n+C1mayZLr
kWjjWapETn6WkCkN7XB9DjG8hyle0XjfKc1ophT1UecTVMtI91klj3BFubCxF/W+M+2o+kPw68Ip
w1w/RwVCB1mjN1ZSBH4VOnff/wAnGqSZvTZfJNM34Q7sBiSbG3IeWOjHas8Q8TQfKx1MjaAAxU3t
f3xk/H3GyNBV1VVmBKqvgQ38ZJ/0xmmfTPuHMgl4kzKHOc01sJSXCc9Vv9/vjY8ip4hE9RKFQOgj
CoNkA2AA/THK8OkWjL4JamNaampxDGtl1f5R19zh/wDwpKMJN3ni52vvvyHKw+2M1qcBSppaaS8l
NNrYbyyjlfyHPC0NEJYe8jQyPzDi9h/rga0l8lEtPII1ghL9XkGm+3rv/LEzWLWVMiCSlEikAt8u
TcAYor2UhpcreXQoeN7WLagLe/8AqcKz0eaQkGmeZRyLu2x9ja2EG9W8CqFqGqQPqMkzM6k+ew3/
AExAVtTR5jGxjrEALWMixOB/LG4xUVnNMksWudGkULoFVdjKpPTla3viuw/wIQNNQ8UNBVB9KAxD
Up/y6RpB+4JxuMs049qeNi1e+QZnl38SKa2iqFaOGoXrdipRbm+/nzIx48+KfjfOsw4abhLtc4Vy
/KljcvHNWQR1CEMPrQ6/EPRST1FsdNWM8WvFte0WXZ1WZfwpxfHDTs1u+gklhjlF7W33t6Nhjk3E
+d8KZga+iqZY5VJVpIpAokG4I1KL2IJ9D1Bxxv6aXjst7TM44M4hhznKY6ilpmkSappIx3yMgP8A
iACx9wOWPon8KHxV8F9oOdx5RkHHNIrzMEZK6mKxup203Ygg9PCw/wC3A09h5XFPPGJHRKZVOnVA
HjINujHZlPkcSsdZHGFV5mZGXepgOnT5CxFsNUWHLoFq4VRnYtGLGYAj7m+36Yc1MLpHqqKWKdNV
u8ZbA29R1xitupKB5Z2MMbWO4Y329uYwsO4i1FK2COe19Mi6e8+464CJLVRB44q1dNzYPIt1v9sM
3yyuopxWwrEuq+kkalI89xgs21BwUq4iZppYajo0JGkn0I3HthpLMKma7ZspcWsHG4t53/tisagf
4dmU6qXqjOuq4EcY29ztgrwmm8NbJIAbFW0quocrXscOl8odZXNmFQzPA8aoOS62sv6jlgc1lqkA
+dpUdrfXHayjGo5ZdoCqmi79VeqjUsLFH8JHpy3xWeKpMzp5W+VqMuuF1fiSBm/+0eL+eNRisb7R
X4poaubMhwusiMCHqKGZwGXrqDDUDbqt8YX2uZvxFJQPFk2dzUqp9C1kfzdKqk8iQxseniVT1GOm
mHln4g8xr+DaqDMaKF6KsDCRmp94K1WBv3Uo2Uje8bb7XBIxUcn43MLmoj7uupqlA0IroQ3dna4Z
rW2Orfr6WxjONTtpHA3HXEEk8LZjQ92zvrQAxxxOOVw2ix59Tj0TwbxLXVGXxHLapaqGVB3lDPKI
3HolzZvYE443t2xq75Rm9BSzLlWYNPErAmH5hGGx6X5g4tPCnDNKf+ajq4rKurVGTIQepLH+uPPn
29/h4nJXj3h+HPsrWOCjEgjBIdxf7nHnHtG4Xq3qWooXMZUWUKNwP747T7jlnNysf7Y+xumbhFZ6
iaK3dswjpxcpb6b+55n1x5omlSfMmyutCr3B7oqOTW6++O8nDxWoDP6D5CqMartf6jhjHvfcA2/X
BRSlIkkkumMbsOmJbNKiCrpkmgpyhKgMFO1wNz9yL/fEkajn6WOx6Xxf+Du06TRNk2eudNZQimFS
PqSaI6oXv9tJPkcMumbNtD7Me27P2iTiWmYtW5f3aVUSxC0iq4IcH/M2o3t1BPXHqHsF7QqKuz6X
iSgib5POqdSsl9Wh9RDMQORDA+tmxruDpqfaL2e0fHXAsjZlTCogp5O87h97qRpJHqCAR7euEuzP
sjr8koaOTuVmSmnZ4JTvobmRy5EXuPW/XG7dxlvmVtTVVDahjMSqigo56A7X9uXthtNNl0nfZfXS
EjSzAC/07kH+mOTTKe2LhOnz3LBl9DUAztRO6TA2FwSQCem4Bx5l7SeIqGfJIYquISd4zw1sF7BZ
VU3Fup2J9d+uOk6Dx/xmZ8wrZIKys7ySMtCHvY2TZR5csVKajfV4hY8iBffHO9tycCGmaxIY2Xo2
BjaAbRsRbnc4GhlnQ+DVpub+LcYNG88jWB75en/jEir0qBNaz2I5rYgj088KRSKsNy3hUe4J9RiG
jeaaCTxXXc30qLacIuYmH1Gx3te9ziQq6VHha4I3HTG5/BD20ZnwTx3HwZPUIaDNXCiOZtIjf/Mr
dDb7HBRl098rl1VXU/y1fTo8Ti4ZuZvyN8UrtU+GzgPtMyn5SfLITK2x1LuPUHHTGs9dPJ/ah8N1
f2HZ6uY8OV9SkQJM0Ut9LD0YcsT3ZJnOU5rnaUnEFBLFM4KxTqwZXPTcdffBlNdF5kZxccx7Y4NZ
hvsN9+uOLcCZNRHLfBdQUgk4TXC55X8+eDqdJ539vPAhr3W++3TAXTqxHpiQSdPtt1x115NYXxAo
GHIbW9cGBFrn9cTQUA2OoH2wVl6G3rgXoQgaAbG2ONrc+XliX6E62v8AbAk7aibHlhoCCbm/Xzx1
+R/bBEDVuCTjiALAHkcKcOdyRtg6i7bLfEI4203Bt9sAWIwNdOBIBuevXBgR15/riQeXJuXTBVZC
bE7e+HQDfyJt09cCCGvZf9MSdqv4Tc44sLkdfMYDQ6jcHzO+D6gfARvbEhls7CPUDiayuklmpmy7
M4yaZZNKzf8A0W/t54hVmm7Ms2GZ5BQz0zMldTO0enfUqswJ2/3vj0B2R/ClW8S8QVWZVVIdEaQm
IE35xDn9wcdMcN0XLT2t8OPwv0ORSGrOVIi1ViDo+k9Tj0zwl2dwU0gTwAFQjWFrgdP2x264cryP
xtWUtHWydxGrJFHZUPptfGP8e5tUcLipmkgIMNIzMSRZtQ6DztfB2OHz77asuizPPayLMMxqO5zO
qqEEVJHpJ0DV4vMXUbdcbH8O3YtlknaXR5tl9S09JOrtHrJY+I2O/unvvgjW/b27wxl0lFly5fM+
kJq7tgT4x5/r+2Bzef8A5J6Od3HfEFwTcBQP540xpnHHvFmXwQiCWoYiMnmeXkMZLLUVnHfFzove
LSRtrNtxpGwxztdMY13gnhOnLRGG6Q06aVe1i/W36n9MX6DK6JHSlpI+RsQRcXHW/vjDR/HGik0B
kjSSM6m3uR/5wokSVcid0wIXYNpO3rYWxlrQsrUMkpjKy6QP8QDliUyyJoiklUaiKJDZDuOf9/bF
+zrRxLRLJCzwgaU3W78/W5GH2VUsSRmSRZpW0/lta/qThi7OIEWOHQaWUC+plUjl+u+C9xSgsU7+
JyfosSv6jYHEKRauqqWOSNVDqRYyFOfvbETLCkWYfMTSFoKgEMCbJGP0B/TG4zSGYZJTxTJUvmMk
cbWLRNIbW6aW6exxT+K8vzicSRQqksROtfmQknMnnGfF6XBv5Xx0jnWE9oXaXU8PV00XElMDEI3i
hkow8qR2uR+KmmVLf5ZVFujY8S9vfxe8T8VSy8JZ7kvDWd5O8rCKrqKgyvEw6SeEMBtzKf8AzPPG
7xGJuvL3EE1FNm0tTJwvT00btrEVJK2grf8AK1zcbEXF8I5rNw9JSiXJDVwSM5vDVaXCDoBILavu
t7447dReDuJc94K4gg4jyHNZaKqpWLxzw7i9uRHUHkQdse3vg37R+Eu0mspsxhyajp817xTVVeUI
nzSORuxpnVe8S3Pu3c9CDil0XvTgt81yPJ0rcoy6skhQA/NZbUFo5FB310x0kbf5RcdRi/cD5t8x
FNmK5xJW0h8bJCQe7HVSpve3qFN8NEXzJqk1lIs+XQKYXHh7kgs49VHL7YeiBYYXSCeVCpuUmU2P
oR198YroBNJW08ywo2w1A6T9+eC1ddPABFraqjUW1MpYD2O/72xlqDCqqXjWeFVCHewWxPv0wSPM
Z1TuxRhiu6xyNYD2I3H6YNn4m09TW1W9S3dsdlRWBt/8uv3wzlSnM3y09TVNc2vGwAB9+X8sXbU4
6HkjpozZs0nUpt3LFgo9dj/LB8upzU1lx3BjG5dYwSx92ucK3s7r5KqHwpmdOiLsVkk0E/oMR08h
rJLF0ldlPgWXvGb2BONOdnCBzagoa+mlaqySvg7r87rGFJ8tiSPviBreEssqqtpVzvaRSukWZjty
tcA/pjUc7ypHaPkXGUNA9RT0Ar412MGYwmF2A6LILAfrjEu1nK6Gvy9sszbhOWCaMjSy1XctFq5l
ZVIJJ5eIkH/pNsdZx0xp4/8AiN+Y4basybiTMTWZakemCGtQianXV4dTgDWhJI1WuDa973xhnBeb
0dBndZkqFvlaxSBZwxTk1r7Arta+M+TjlYtLyfjThmenpJHpoKYSnu1aiqWTuGHUuVNzYchzsN8e
geyNKDNsopYKeroMxSykqVVWRh1kGr6j7Y45R3wrWctp81y0LQU9ARG4t3TSlok6c9R5+XMYtXCu
b5tRUJoctpae0bkNGkjNp5ee5PPHm8kr6HhssaDTUEVZlKSAmGSWOzXbfSfIYxvtT4ThizuSpmgu
xBUrex+/ljpjf8WM+6yving+lr6CojlVyXsIo4/z+dz05Y8V9pPCWY8P8S1sf8GRInmYRGRtL8/T
mMd8Ongy7VXMaGHOKcSQRrG6C7K5sptz3OKvNEYpimxAPO+GspXhL5eKsesrdPd00MjBW/MxUqo/
+4j9MDF4KYxsCGF7+RvyOBezGWExm4bc73/piwZtTUuZ8MUPEVAg72ICmrEUHZ1+l/8A5L+6nDFV
g7DuI6Sk4ireGsznSODOqSSnWolO0MmnUhv/ANRXSf8AuGPQPw3cQjh7ias4LosyX5VnjzKkIYsO
7ZFaQLcb3RnPumNY9MZPaXZznKZ7wlDLWFBPJGYZEJv3hG2q/rscbV2V8JUFdl8ytTSABEdDy8Q2
5eY8+owdKJau4MTL6YOSEvdD679f2xUM1yl52XK5zokiF1l5bHe2BpQu1KtyPhHh95qmmMcNgO8O
+i+32Fjv9seG+37O5Mhztqvh4IzQTFjFINQdAdesX5g+nIhvPHSdDW2DcXplU9ZNX5TTFo6ly4Ry
dSb358rrYj2xA1WT07QLUwfiOdngIJsP81x0xyrpPo3PB1ZI6LSKGVxcXOzf78zgcx4AzLLx3vex
PGRuytfT538ji7NhGPhpVs0qliTYCMEg+o2ufthLNciqaKqal7t9ugBH7dMSsJxmojVUWNmtubbj
/fvhw2RVJXRPIsTHcLz/AFH38jiHcNRldUp0LcoTuStgPv0whV0cQuwiCE7Aarg/fEtGMsUkbaid
umFaDM6vLqqOoppmjaBg6svMEb3xM2Poz8F3xIcP9snBsGQZ7mEcGdUEQVoif8UcrgdcbvVZLLPa
WmnCkeltWDH6ZiE4k7Pcj4yy2bKM+yyKQSKV/EW4IOMc4w/9P7JYWNbwRxVJltWp7wRr4k9rdPtj
rOexvT54XKgb4E2O9/1xwdI7frbbHc9ht/XERgeZG1+WDKRb6rXxJwZSNm54G5XxnAdANiw1c8G2
Frc/fCNB7za1+eBVwwvbl54DRlkNh4tvfA6lfYEjBOT6dcW6b898A6G2onEBTz9+pwQXU72woJLA
bfpgUFx5e+JOHMXwKqfO3viQxtqNhvgNakG4t98CAWUi1rnlgLb3OIjahe3THK4Y2Deu+IVwI5fu
cFDWa6WthAdQvt++BDeC3+ziIQzDfVa3LACQKAOuAh7ywDA29BgytuLj9euERKcNZYuaZmlLMwCy
AgEHryH72xqPZr2V5hxP8rw9JDpmq1bxnldTa/6MMWM5VeteyX4RqnOZuGK7MpppnyxJqbS4LBEY
XBUe4OPYvZF2G5fktPCJsvF3tGW07WA2P749MnxcsrtunBHB9BliGl7gIkNySP5YkcxqqXKMvLUg
MbCSw35/bEzVC4hmpq2sMneMVY2e19yv+uMX7dUqc0zOkZHEdPXVbRuRdhpC7b9N/PEvbLqL4VqL
imlqampij1SyNJGHud3kAuOt7X3xuXZT2U0nBSQxqkcYhjAZf8pJvb73w2RbX2szJcvvGWJNydza
3ljP+PuNI6WoZO+OjSTzta5sP5YzVGPZ7mmZcUZxJQoLljdmJO9zYD3vjQOBuzuDJpu6MoCuoWXz
a+5A9LWxz26SajQcvgpKOBaYLqLnW/Oygch74nYKg1E2qGNmJULZRbboD788YvLUL0dM0SSy1sii
STxIIlLH/wA+uFqQBYu8taw+hj+vvgah40BEKJ8mAttRY2UseYFsPYoJp9M8kiwMOaOpZr+ZOFHF
OVs08aRuychIxN/ULuPvhelqJKx2p6mkk121eN7bYj2Xanlb8CcBVRSEZDc46CoiakOXz1LtLcWu
o5+RIN8IoZYFELTR1E9PKvPu2IuPW2ISqz1FeSnNcsqtZZFZArEHqBbfGoxUdUikqoGosqSqMttQ
pi4jkHPdR0PXyxVM/myapZk4tqBTQg7OtO8cg820gFdQO91sDa+OkrnWDfEmOHsxoKenzkw1jBiK
TMKinY1A2JDhlHiAIBsGBN9r4+fHxJdlp4Veu44y+XKsw76Zo56kRyNEXbkUkDlo5Bbk9rm+5xrf
GhJ7ef46aXMFkm7iQNHdmMY1ctySvl64Pl9JR1iuJ5xDCi/iPBZn09G7skahe3LHLW2y1VkFFQ0y
V+W8TUNQkjFTDE7JKvqVYbX9zj0F8KuazdnucUcsOQ5XXU1dGHNfX0MtPML7WWRSUlAO2pDrHkbW
xaT6e9gfH1JxLwzRxIogqKcOjxVc+sq1/pEw2YeQdVYY0/IMp4eqJDLFk3dVAUjSAQyG9zZhzXrb
ffF6MXbKEo8ti/h6OjT2sA2qMMediCMO5qumqNpaaWNlAOgS3/8At57Yy32dtVtSUK0sEd4jue9a
4B/37YbRJQtUmSHQrMAW7qQkH/44y1JotSgQVskdLKV1c73Ct6WOEs1yVp5DeiaB33s6hlb2/wBM
TRrJFTRui180cUo2I0MAQOm22Bqp3mS2XUkLMm42sD9xgJOaqr2VJptUD2tcLYH0BtYYCqmpquJY
q6nluN9TOCpwqiJT5cwMtJRKwAuwbYfywpVvXVNHZaOmiIP1jwkD3xqMZIGqj4mWnk+WDdypsWhK
yG45Yj6TO6Cvj7jMZ6wSwsQJWy7xK36G4HocajlULxV/E84M0eXZoiE7d5LAyiQct/ED+2MN7ZeG
+MRl70ub8NRfJMd0y9+9771KtZgbdLW2546TljTxT8Sckmc8Ny5XJXyVmW5XIyQ5q66ZqQnnDURa
dQQ8gzDaw3IO3nOm4ShOcToJ+5gkgeWJ5FIaMhT4bjkCdtri5FsWaxW6KSspMpolrMopqpI5FhXL
YWZo0B3ANmB1ta7DmBz6Y9L9g0CGCTM6vJF0yMFQSuHjVegVdPIelxfmTjje3XHhrWXZPmssQqMk
z6Y3cu4aLu0jS999tN8TsHEEuS1VPXZlmVHBNESkMZdyshItv4bDHn8se7wZRpPB3EGT5ll6JVpG
J7lGkFysZ/pz8sV7tb4eoGpjHHOxdgWLWJHuT5m2Lx5S4umfGTH89oaugyqWtoQA4uA7C4F9vtjy
B8UclDU5rVUs8CxVNCE0y73ub736Dpjv4+tvn59sWkleojjNUhKTqQvdX0lvP0OGE7ZXLlcmT1NC
sVdAdcdRf/EHVT9tx7euN9OaJj1L5kX5jrh9HCvcIxmOo7BbeXU4EQqdAlUkjc774luFKz5aOspa
sGShqI9M8avYgX8LjzKtY+1x1xI0rqSqyas7qUFJIiGB336g+x2ON27F+IMul454PSedoErIzQLV
L9SMrnuHPTk4QjyONz/G8s3rh7V4JzKTgniGLh+EAULJqDWuxPIn7G2/lbHtvsAy+nzTK6aqicGK
dAHsL8xz+xtjOfCi59oPAlMMteSJGHh1lR+Y9f6YxHjFJqWieGKlYVKMuiU72sf7HFCw3typ6mtp
vkqaFpZNTRyWJGq6/wA7XH2GPIHa9l1ZlNZlldm8XcCUhYqqUEpFIuxQj/K3L0x0im2QcYcISPU1
GUUNZpkgJkCSkXZfy7n8w5H2viKybMKR6WMVmVU5kt3ffSSHVpta1r2A9bXuDjndOk7Psryxpomy
2gmlfum1QtSxFgwtyF7An3xLVOV0sqU0xy6SC57urkUNITIfzEdbXBt64NNY/s1h4cpqSaqzmnYk
LIY174GOWcbX0m/hax5eR6Yg83yPLanM/HAkIYX3cuV5cz6fzOLejr2g6rJ0oYZJlhBZ5dKSMbA+
oHQbjc4byQU60iyKksju2iJY9jKfzHfcDcYmKLUVMtFSGkFRDECA3dxL3hHu1tva+K3OWml1izEb
ll2xC0tQU8UsE0HeWdj4Qxtq9L4Y/JuJWjYhXX8rG18QrRfhu7Y37Gu0Ki4jpoFMZYRVKsfrjJ32
6+f2x9UeDuJKXi/hShzWhrFaGojDrJfUpBG1jg6rFOKWGaTMRQ1DkKPolX6TiQqKcUOlKqITb212
3tjU7FfFhl5N+oxwH5Sv2BxzdXb2vb7YE2tfb3xIYqoX6ufW+O8RuL7+uIuIATn+mAVwoF7ke+LQ
2MbMbk/vjjs1hsOp8sCduwH674G6ld+V+RxaLlA5X3PlgwbbTp/fEh1fV6W5b44sdNt8CFYncn9c
AxNyvOwthUFBuLL+5wdSOoA++LS2FdvF5442U7DFoiltR9vTBWI8umIBFjyG3Ug4GwN/54Dw4tsV
5nrY442HivfCK4MCdN+f7YKWKdcQ9OvcnxW++BB6rt6XxJ24YEe2OJLWNuWJDXAG+BNyNWrbE0n+
AqSaqz2CJW0B3Fpb7I35T+ot98fQD4c+xKLiPh6k4gp4Fjr4NFQY2G/+Vx9wf2x08eO6xnw9udkH
BGX5Pk9FTSU8ffRkqWI2I88ajDU0VNTNAgAKHYL72tjptz9ptszSiSGSOYMSCGHkbYiM0lE1Eswm
Ztb6jffri2FWz0SqkFEIdMszMfDzBJFsVqs4S11vyklEswpWtJGW2Vj9vvjUSXThHKsqpKipo17u
+kqw5+v2wXNZ4oaX5koFcQ3OlvqNuf7Yr0J9KZxLxYYgmp9YZBa53JIvf0xnlSuZ8SGatgp3ZQyx
qTz3BOw9wcc7WpE/wt2efJVRr5abUbFmFidwb2vi75DTpRytJLpLudJkKn8Plc2/bHOukL0wp5Gq
ZXnUor6VU7Fh199zh1Q8Q63aLL4r72D/AOU8jc+eA+ktlrxpUAVNaDJLubXuP9jEikNVGjRU0iKt
wCzyFm3xaUp3TwS0splqZbMu4Mgvf7f3weoraCKZjVvBsAw/E3P2xNTlI9/TVtKI5aCoKD6poVKX
B9bcsI0eX0q1TfLVBd1OoWS7AevP9sWjOEhFJUVhWMTq4j5soZ/1Ok2+4w8pysExngdytt9ZKld+
a7YdANX3VeYpp4xNG3heWU+NfL/ZxCcU8FVBn7+kpUaN00FZGHiHoeVjjUZqrZrw5BktTDllLUPT
QQlj8vVNqK3H5H5gddjb2wjQ5JNVS/xKLPZJ6dra2qfDKn+XSwBD+l7/APdjcYrNu2Hsvl45pXgp
cuehqaeclXoZtEM7dSVsQjHqPCN+uPAPxyfDHxjlfcZ/QVc2VtUM6SRZ1EtNT1ekgqoqV8EjDos2
k3+k9MdJ/lwy8cjMc14dzcVuXVlTQZjRuQJaZyrAjnZv6G4OD55ldXXU0XEiz5fUxTLrmNCmgwvf
cSxgDQxJ5gaW5jHFo3y7Jpp5Y5FAdW1Npiu7Io5k+Q9Tj0N8OnZT2c8exwPR8XcS5FPG576ON/8A
l5SBc6bkICBubkX9cUL6T9gXZXXZLwlSJTz1EiwFX76OJgASPqaIkjxA81LA87jGxcFGepzaalke
jdUvp7pzESSOWlrc/wDduWFLtBXNKiU1XC7CPbvJLq6DyPmB5jEhTZZJWQxywVaNHG2orKNRb0Nu
foQffGK3DjSKWYBjJoXcxh7Ff/iemAaqpVpGqIoO9W/0qtin9sZanIA9WziookdzcDu1PiG2DC8r
slVUmLSbKxYrpPUEWIwRojX0kkvhaYaI7G9rD72/tglBU0VIhaRtLjm2kkKPcHlh/a/Q9ZJTRxJ3
EcgBue8LED9R/bDUfLSropFhe5sdbXB8jYjEpCEFMkdWykhdPiIjUgE+pwarm4drYmgqq0wSruZH
LpY+ltsMoylqHfhGkqHasoeJJySdwtQpv7DThCuyiuhpFoaHL6WseNrgVEbX/wDuU2/QY3HKkYsr
q8xgnmzCgKyILh4nZgo6iwFwP1xSOM+Ao+J8vmoMploa1hqDU9SxV4bg+JTa4N7cx9743KxY8X/F
/wBhFZlEtZ2kZZkkgzaCPuDURzAisGmxinU7HUL6Sw5gb748b1go6SGr4by/KK2HMldZqWmudR0r
cKR5Dxbb2tjWfUEP3GRmmiSvqWqaakSIpDTR6I+9EY71pDz0h73be9gNycb/ANhGZR0eS075Bw1X
VNNUnvFr0LRRStbmWt4gOtiQOVyRjhY6TltsETV0UNBXUQWskXVKPmJHMflaJeZPlttubDEzl2Xx
1UdPVJRzJHCSGMpLF131MbCyg+X6Xxxzm3r8N+K7cI5Vl2WVscsdJIsTBdEDk6FHmAPP9cSHH9TB
UZXJSmhCMASr+Q9ccsOOHrzu+WN8QGh/hU8dOhWWIFxc7bDmPPHhz4t45aPiaOecSLHWANK5HikP
+m1hj1+Pp8zyb3dscgzOneYLqddVtLLZdLdb/wB8NuKqKOCS7IDIWBDr0B6H+Y++NduaLaPTGNa7
P08sKpOYCsyIHU3Sx9OuBCKhkTvSfpby88LxQ649KOdV7bnEj+prFzTKoEqWJqKO0QkJ+uPoPUg7
e1sS2S8TzUNNlu0hfL5GcMjFWAuCLHodh+mG8jWpp7m4E44qsyyugzPKFkqarLXp5JWlYkzwzICN
z6XUnzUY+gHwUcVRZplCwJdFBJVH2IHUfywZdQTh6UzTIVzjKmhQXOm4Ppb++MF484TMDVcVUhBV
fbk3LFCx7tC4RpaytirxOxIk77uE6spvjyd298F0+Y8LV4qFkSOirFd0tyUkgn08/LHSCPL3aBk8
mSZhBMaxmnit3p25oShHlchQd8R0+RZTmKz5p8uV75tVLCSASD0I8uf6csZvFddcH2QVvEFHSimj
naQsGgZFBOsMbnlv5e1sF4bmjpFqvnKmSpAPdsiKQIhe2o8rsLmw88Z6anPRnXxx5fNU12WVbMrH
urSPd5QTfULi9jbyGEqcVXEFcy1VZI8jU7sxZ7CSw1G+3W3L0waaphxhl9VlskVRNGxgmQJIG/Kw
G/6Dce4xWpK/+I189ZBBGywgKA91UJ5bfzxrqOXaNzWapJZpgpdj/hRAqFHliHm1b2kHg9emAETM
CAjRC/ne2Fly+prF1Fj/AFxIWXL6ilN2jItz/wDOPYX/AKdHxVtklZT9iXF0qd3UuRQTytsTzMR9
+n6YKzk91PFThh/D/pfcxsdvscO1MoiVMwqDpH0Oo/Y4Z9sviZcAbDfyOABty3688YdXattr/frg
dIC+In7YlQ6eYHPy8sdYnxDfAnBbi1tut8CALFgNsKGZVtcHlzwGkEk+XLAuHGwGzf6YApdbg2Hr
i2nG4IAFrdMcL2ABv5jlhQwYEWODXuLn9cGj24FQ1+mA0qdjYEDr0xKfQpPS9/fArpBAJtbyxBxc
LvqBOBDi4I588JgpKhri5vgLE288QGAUC97i3K+OW19N7YC61h4LjAEDku/vhV4CbHa2/OwOAtsb
qPfEHLuSBb2xw0g3JxIK+ZO3S3TAxu8TiRdj0vgqPHpKfMaf5iguJR9dP5/9S+npgmXwvLUKqLc3
tpIvf0xFvHw89iNRnOeUObx0bS0jurSxtzCHYj3B3+2Ppd2LcH/8I8Jwk5evzNN+G8nMSjoR9iMd
sJpjKytc4NzpTMtRA6hjHsl+TX8sW+ESGJ5nbxkB3Fr9en3xWsaKPmjVgMCFlCndr8ziVp6WKskj
KoVSRWsel8UvA4gucZWkJp6ioZH1KtiN9h5HzwhV5PD3XzUYHzBYF0PkB+55Y3AhuLqqJKJhCSuo
DwhSQB5XxQeMOIKGghWNnYBoyCNNvFp2+2KqdKLXxyZzmUcSh2DqQCoN+Q/rbFm4KyHKspRhVs4d
d1Njc+jbdPPHO10kStNnuW5eTJJIGRQ19WwJsOfpthGn4pRKFszqZ0SIylWIO4A31Dz3scc97KHz
LieWKtlSmiLKF1SchpuGIF/sDf8A6hhrw5nCZXNQz08cjipp1aniTVIiK27PfYC56ncjlzGNaSxZ
TxRVUFdU0ub5vDAmpZJJah15MNlLMQEHpc4maDjKuoMqlqqLNaaSEmwq5ZNMai/Q2sR6gHCtp/Jc
9y/PYmbNqOOYk+CaMMsbC3O4AuPXFhoHpVU0p7gHTbwpq29/64NNbO6eRzTClYq2/hY+FkHpthzS
Ze9LAdecwTEnWO7YAp7jnfBonK1LxoIDXxS1BB/DNkYr6NaxOFIqOvyyb5+johIji9ovEwP25YiB
Dl1f3kjySLUnewP8wCD9xfBpzQRU0cNXTgkcnBJH8rg40zYr2b5bHPUoKGQkR7lpLSLzP1Kd/uDh
hWx5JW0zZfX5ylPLJtokF1uOoYWI97398ajFQU2R5bm8bUk8kvzMJKmanuO8Xpc3sefrcXxjHxB9
kmdZzwNU02V5m9VBpaKfLqqNqqmmS4t3sNiwFvzLe1gbdcbxvLN5fMPtv+GTiThrP62pzvhuXKYo
pmkStytWq6aeIgkMDe40mwIO4B8xY0HNuynOKfLlzqsgiyhKqMKlXHrNHUSABjG5IvC5HiAYaTtb
bfFljvk70ieGqmsyTNkqX77v4T4JqCcxyJvuVddt+W4I35Y93/8ApscQcPcRQNwbxNHVxzxtqilz
GKPRe12svM9b2F+oHTHPTT3jwjleW5U0GXZRDHl4Zh3ahwYGY7XUrYaTzH02PnixcPrmVbW1GYNl
saSReHvHYskmnmNxcH7n3w0RL5XV5jDmZ+ZZlp6gAq+nwqfK/X3sD74tNHFDWxOiyCCoh3WSE2D+
tuuMV0gs1NK8zGsQxyKo01BQ6WH25YKtOzQrJltTESw0nUdRHtfmMZsdIWpQFkEVZOkZkQ9bp7en
pg8sRMJjaASaV8ZRrsR098EVhjT1M00vc0tdH3d7aGYq3tY4LJlk0M5irIWjN/yrdW97csR6Elap
lHdNIHdDYxRtpYeVwRf+eGlRFmVIzHMoHjDboO613++FFsvlhaIn5hUty1oAAP54PURpRwiSfMVl
B3VYwpUf1wzlm8CGCvrIkqYJIHAF9CJfWPLcYi64T07mWlotIYeIPHYt52KnGo52K9mdNw3VVyyy
/O0VSpBDxgp99xY+1sK1EbvAXpEeqi5NISQfdWItf3641GLGYfEHwLWZzwrVVmW5f38jqQQyWMgt
vGyn8wv9/fHzY7Ruy+sqe0KieiBhNXFNTrUImtkZUNkKjrsQN77b88dLzGZwjMp7GzxdOhy2mRKN
pIIzFGbSzWRZJWubi63UE2IXxWBNsb5w+mZJXU0GZ1k1bNNaOOnhm0U0Cr9CabFn0rvzABO++ON4
dI1LhxJOHYvkoaKQwKp7xqd9BqpSfpaQXYjpzFvIkbWngelqaqiq6ypIpo0cNom8UZPkBvte2+7G
9tscsnfC+1wyxJq2WM00ckspuhqDt3jDmwHQDkMJ8V5ZJJl7I8ZLPcGQAsWxy1y9WNZFX8N6a2rk
ZgI1G4JsD5C3XHi34yuDp6vM5M9jjcCE2YgEAC+w36nyGO/imnl89+WTz9ApoEkqJIO8hRl1Fh06
nDfiSuNcxmiq/D/h2815jbHR50U+oQqRp2O9+uFY5S8UdOtwrNc387WwI6FHDEXCOSDGGvJfn1/f
AQu93V1sGFwD1xI6yHLYcyzGHLp6xYY6iRY2mblHc7E+l8bF2U9l9JxRxVl3DmeUhFQS+XVEaLsG
AYBjf0udX/7vGsReGxdmWZ5hTzUHD81KFrKKk/hlbGsp8Rp5DcaRvezageVicfQX4R53yCanrJax
tMxETRHowAsfa1v1GHySS6Zj29wlXwZjloLqBdQbeWKV2xcI01fDLmlEq+JN1HU23xzjbyh2pQV+
WV4lgG6sSw0328/fHnntHoqPMc5zDIIwyLVAwG4vfUPDz6b46xl5k7UuAMyrqV8wkCqwcBwU8R5B
r25brv74RyPsoQCkzSeNZ6KoLQsh1XVvLbluLnBl26ylst7PhlNe8crd3rkMeqU2jJI5g8vXnzti
EpuEMtFfPV0bLV1VmU0p1ICVYgkoN9xjNakhjm2UnLM7ho5MhC/OjuXnZfAikiwRTbSQNrnyJxGz
ZHLkGZ1dFU00Php5dJVi4K6SNjy63wGofi6qjXhIpJVvKauCGRRfV3bBQrfqNP6YzaaNqeYwNL9V
te/P0w3pyNcymZmOo3K/l1XFsR7PFIe8Mex6Da+BUukMUMiyG7KBe2ApsxqEnaaJTpvyGJHFVnbt
GFqYWCkWF+uD5RmlTlGZU+cZXUvHLTuJI5E2KsDcH9RiV5mn1U+E/tloO3PsdoOIqRwK2NBDVxX/
AMOVR4vsef3xq+UVlLDUEVLA3FtD4I5x8R25c7X644kXvyxl1GuN73/XHAqTe/XEQ6gouW6frjtX
UHAA2JO428/PA6gOZ28hiLrWX0x24IbULHyxAJCkm3P0wGym1+fli0dgKraw3v0xym3P9L4QEFTt
59cdcg6f59MBBq5m5t64G9gFXptY4qHXBOzbW6YKWFiD0xQgGx3bbBhbSQD+mEdB6bNe2AG5BI2x
VbcN77frjjYG7N++I9hJG1v9Mdcjr/riAbmxscANP0N+uJOsqDf98cxPQ7nocSCo2J/l0wOkfTf9
MGkPDI8EiSQOQynZgbWOLt2c0mTcWcS0wrmFPNIwSZYhZW/yyKPMG1x1xQ8vpB8MvZ1kkGQ0mcx0
0XfLANSlNjY2bbzvv7HG+5TmUcNIaSRrU0aENo2uQLDHo39ONnKZ4eBgpppIkYu5AUjoPPF1o80q
FpVnjri7ykJotb1tbGKTrK1lrq8QzADUti7efU4t1HTyU9PTxB7JGCSxPS2NYs2EZRLUVURmBMar
rULyPrhnnGbwU00dQGI5my9f9m2EWaU/iytqhDJVOwPftpXT08xjMc3zCTPa58vliIRfHqI2vbbf
pipkmznhrh+XvIo6tzpV9SMV+oEAafTpixVFFoEk6s3ia5LMfARfV/LnjjXSGi0GTViRQlS7SWK6
dw11NwT7riNosnybJI3y9sy+YaE3vMfEAWuNvRWUX62wFWc2zvKKagFDB+LJWO7yCQM3froYNfyX
YD0Fh1wnlnEyDRmKyrXSVMpRYMtukMCGw1M5Niy6Ty8rKu18MGlk4fpuHs7gWloMshejjZizvTJI
7ycw34lzqv1IJ5csWjK1lmyeTMMypp5l0FXjrpY6kmNSd1QAqpJ9PTHSBKUfFtEcu0PSVop5gNxR
fStrC6tcL9rDExkXEEFHKhqM2ZItOsa6J4W35Aldv0wWFMUuZx5nXSRsY5St9MtNLew9b7j2OH1M
iOHeRY5Y4jYSaTHb1DMbH7Yy3CnfSIySorFXH/uMrX9j9sLwiaL8GhjV0J1GMG5i9wDiqO1pKCX8
ekdpLCzFJD3i+YscDSVUAf5Ksr+8ZvoE142I8vK/3xRAzWjyzlaITWuCeV/RhyYDFerIHDXbL1qE
F3NQlt/+k/3xqMVXZMvyp69KqKKWJZ7d4I0OiZh6A6b7cziIzCKgzKZEpJolg1EQTSbb3+hgORB2
tz9MaGlI7QOyThXiyujTM8iigqyAJpJwTGhvYkOu4Bva9tr7+WPLHbD8EGa5HxXnFHwZn75fTVpW
X/hzMwamhrl3uIqpQO7e22h1PQ2Nr46Y6vDFYrQ/CRPw9xFQJmeX1GXVKxmNstzKHuO+Ibw2mj1R
yE7WIGo28SdcepuwngvhTiVqVM64DeerjIin7+ktJTKuxKyKb2AFxY7b28sZy46bj1NwplPDXC2R
JBl1RNJBMbrFUFiii2+97g7XBBB9MWvKTSyslH3mtpvFBOkoUDltvtf3545lLw5TmbazUMqyKukj
TY28yv8Ab98SuX/+1SzUiz6RYBWsD/2+R9DjNdMRKysq8tVqimSXukNiVa5iPqOY9+WD0Ryqsg+f
emaPXswGys3ntyJ8+RxitycO/hsi05MGlu83aNn397YXMaUsUZKvFcX8X0E+/Q4jSQyiBnMjQhg4
2aM39rjBaqU06nL5ZipFgS26P6HqPfF+xzeCcFPPWR/ILEzCPw+MXKffy9cNaaLNxUyU9ZPJqTdI
iASfUG9/0xNSzqlzXUUDJTzQxq5NjJc3/b+RGBq8syuSdXTuJCeUkUZVt+h9MaZp+uVU9LTsprac
kjZNQB/fDeWnzCimMcsEdSTY+Egg/wC/PGnIwzNaPMIFlquGg8YsA7IWVCDzuu4PqMVuo4foeGpG
/glXWUtOz6xCxaWIsTva41KfuR6Y1GUVx9RsFSE5dLIkkQJqqb6JufPyO+18eJ+3bgHL8m4sqI0o
1jrA7yhUFtTcg/rcN+hONemfatcPdn8PDnAVLDJAYKxHb5yaNO7a2uyRrtsGNrm3IHzxYqTJ1pZP
l5g4YBhFFBHqMqi2kk9ELKdgbm3Py51udr92ZcM5lmZo34gmEWWKgCC12ncnf6bDflt58yAb6ymQ
5bJXwE5e0ohuqRL4UXawtYW2vz6WGOddJ+nV/D+d0VFL/C6zuIY2EbPDGASObafIdPM4NmTSJlcc
1VFpZx3aQcyD5n7Y59PRNWMf4ic0lfJM8kmllJAgXdjy6481/EnldLnGR5jR09JN3iR+HSNTFuvI
Y6+OuHlnLyhx92cZjl1HTVFLTaopG0F7eIPYGzYomdwvQocvkiGqNydd+nptjo5UyFmp7gW07k3w
poMcI1Egk/tgCyVUeVQ5XRNBOWlalYzLz0NrYBf0sfvhlFRy1V2pVBEKF3N7aV2B/S4wpKcGwllr
IY6aIiCPv5GkFyEHgaw9nufbG3cNcbTnMOE+I0oUpZZIzRVFeh//AGienZWQ2tsWTSPUSHzxvFjL
loHAb5GvxEQ59RVtqXMHSL5tCTIEkUaW8vEp0nz38sfQDsiyg8OOsZqHmCoAjsfK1v2IwZc0PWPA
GdyJQQR98zWAbWDzv0OJPjWoT+FF4V1d2NRW/PHPpvt5o4/paKozueKWO4XU6hT6f+MeZe2gUWVZ
rQVVFJaStbXobcuRa45dLY7Y9M1nPaBlSU3FFVEIo1pcxiWRXGyoWTULejWH3wfLOGcjnySoyZCg
+YHes5/K6jp5Gx//ABwNbU7tB7PqpctppHZFER7rSt7XFiHNvSxP3xWoOGXyjjuizJoQ71pKyNIu
pWfT9W/K9/29cZsbnRxx5wx81TQtUZW1Q88gV32K07A+JlHIE7nFM4oybN8ozFpao0+mlVZI78mj
2DKeourC+KTatZrxitDktLmWTVFQGKO3daByjKjT088ZsJHnZ9Mh1A9Bc4qDKvWOomCoWHhGrflb
HRww9x+K63Q9DscZBxRUK5tMWDrFH9IJtz8rYtfD+V5HlMgizShuj3uUS9mHSx/ngrUH4q7OYOII
lzDJXCeG6BlPjA8wBsRy9cUeuoZMqkWJg4vtv09Ma7F1K+hP/pKHNJOynNhVZavyRzKyVCN4g2hS
ykdMeqOIcppYa2PuJtSH8x5j3wY+3OviWw1WF+XXHDTa46b4w6wBO9r7euODg+3piQSbA/ywZbab
4h7CXUi+o/bHDT0ItvtiIwa3X7YMrkgG+/TBpAY367nBeYvvhQAepNgOduuOI6Efa+Jduvte436Y
5mCnbfEnFxa5wFifET6AYlsNwwsvTBbE733HU4oKHr/LBlNh/XEXMRuevpjuunV98SF1gDUW28sc
ZLgH98SCGJJPUYENqA1W9r4kHVt6dd8dqFvU/wA8RdqDCwt9sCpDHY4uh2PpXV9R3GBtc9PscBG3
O+n+uJThKuTL8/pp5dRi1hXK7EAnmPUcx7Yv2n1H+EHN81zHhKho80qkeanhu0zf/wASltmPrbY4
3aSny5qMJAisztpZdRsBjrvhz6q1ZfHTUuT0fdOxcMSwJsCoPng1HmL1ECxBmaRnHI/4djvgS18N
QVDTiapla9iqqffFqknYkUitrDqF9rjGoL9HF54WeHv1QBQihtitumKxxDHFBlNREZA1QSWJPlsd
vvhZrP8Ajmqp8uy+OGOobvGW6Bj4QwILD/XFZoqYPWpLIr03gJb09bf7vgpi5ZDEKFFy+pVQCdm5
qNtiDbl6+tjhStmp8pY0tVICZHaHa58VrgX9dxjDapZ/m9LBlcuW0ghjSRUjSRG03ew5Hpe9x62x
k2bdqOZ8KDN4jTKxasAgrK6TRqZgqsh1b3VRt+wwVRFU1HX1kq5tSZ1USRmUyPToWMtSpUWiTTbR
HYC5HlsOuIXPV41yiZcups9yvLFrbBVcyiYEtqLKy+JUPIBNX2wwrLwbxFxlw7w/W1ObZJQZ8wmA
WKgkqdfq51sCC3Qjrz8saL2Z9svCtXllQg4ly/LpYotU1FEV+dpuenU72uhN1u66bi2oEY3JpmrF
wXxBw/xtRzZrknEVSamFlV8qpHNLpv4lDITuD5qSp6bYtHDub8TRzf8A65yLOcsnDFEMLLLGq2tu
0Z/Qsgt188IiaqeNssnqY6CSbupFYR3qHaCTbn4yNDH1uRi1cOWp8rarLTkq1m+Yt+J7G2k/pjF4
bnR5VQiOmFVFUCEu26BtBHre5F/S2HVGtMtO0sveSTILMSoJYX9hg9tE/lmFVekr4mkPiWOViAwv
5+d/PDwQ5tIzO6xxp1QgMGHXYc/cb4oaUGXU+YRrP8mh18o722PmOYPrvhnnNJl0AE8CuDTEXDXO
jb8w5j+uFlE1WRVM573L6SONQWeT5RiD76CNx57YheJ+CJKnL56miy6Bmluzx6bMu31BW5+x5jrh
lHSu5fwmP4IK2qeAz0F07zLGdhbzUEkgHqpJAOGHF3BdBxrl6UT1iq8QAM0cXdzD0f8AK6na6sOf
I43KzVOr/h2ybM0Xh2oqHETL3ixO7d3Ku2oKXBK2IB/zIeVxviy8JcF5twkYHrqlM2+WKkSV0fd1
CoCbqzjZyPME8r2xVReWgahSfNoGiloqlO8lCSa2X/qItt7/AK4c5NBBHlSQT0UwWOQSR1KgMlja
3iHQ9DbbGKZytsMcgEShSx2uPpb7Dlb0G2HyU0M0pklIiYcnA0sD5eo8v54y3DctW0Oad5O6VMbb
Ox+oevLClPTdzK7LFIsD+LVC26j1U7EYy3sprpY0VDVxnxW12sRv1H5fttg8qfKiQV+oIbhJBuu/
Ie2JG0ckDxpPROqkeBkHh/3fAVc1AlbHKspkQixFQLlb9L/1ODs9CSZd3rqYJmCoQFIBBHofMYGu
p6lpFvEZE2sL2I/XDrR3seqpqNUDGnn75Rt3HN/dTz+2GHyuX1UZFZSyU7Kbg7rq9/L7jDGbTmnE
qwoY4TIF+jVtq/8AkNj+mDVdWgpzHJl7d8xsCjhHX19cacyISanFxI2rSdKVAOo+zDr98JtSyd18
1XUUoh0htSMZTfptscMZIS5XlywGtgqrFhqESC2u46jzxgPbL2MU2ccQjOospi13VlcnyN2UD1HT
zAw74EVWr7KXzl6qKGJYUZ7IwjLI/h+q335+eHX/AOiPIMiaoy6GicRGURT1FjqkAGllX1I1XPS+
MVqdpjLMigzGspK6ok+XgklAggiBW97Kg9/a1hbF/wAlp4f+XoTBrW5BkG3e79Ael/5YxfttIT5D
BNQygrqdt2JH077get+Z9cQOe5L3k9SKd43n0o5Rhsl9wv33OMV2xuowftsymo4fqPkoIVHzB/BQ
7n1v998YLxdUZZVZFmeVTuC8yMlkFy7dVB/bG8eGM+axiDgDJX4Xai4skqBVxEgNA+oqw3Gx2uAb
YwjtHyKGmlzKlDGSWGQXne3jt1HlcY6zpyynKk0tOzSGlWy6k3JO3ng1QFVTF3fsL4GTqr+ZjyuN
ZV02UFdV7kH/AMYluCoKKtzlaapVzTSDupX2XSjDRq+zMpOJJ2ogjpMrgzfKIu4kaN6CvRt1WYKQ
T7Oov7hsXDhXO8tzHseamDBc1yyeKvgJJv8Ah/hyEDz0d0T08OOuPFYs2sHZR2hU9FxrPTT5lLHQ
ZkiRR1LGwo/EDHIQOWl2A9ice/8AsG7TqvPuF8nNRVa55fwXAveN0crb13FvuMFFj2R2VZ5T1mXQ
QioIfRsGv72OJrO+Ilp3MLzFkK6WB/bHPTW9PN/bdmM1HxHLDl8rq0qalI/MDf8AqMeLe1DtKrqi
JEnrI0rcqqHkRZyR+Hq17W6koVHS7Y7Y8C8m/wDxXkFTmuSpmdSaqOtU0sckjfVGSWjNuV1KsuGP
DvG0S8QZnwtUyvTCnnlaN5b+MHna/MqbH9cHcK/8N1VDxfwtBVZpMxlqFVVRrqUITyt6n9MTmV9n
PD9VlcDxR6xICyTFSWuAD+oIOM/oyoLjPs5kHD8VXLH+JGzFgbEmRbnkPMXxjnaHl+WVGUHLJ2j+
ZpZnVJpFtrikUlASPJtQ38xjUh2868cVVdNw6xqGTvqp4i7W5LGrAknpckbe2M8lq5DK3dnSoxnP
tTo2Vi05LXPqdsTEHBOdPSLmM0LLDbvLDfwnqbYwdJqPh+iyec00kndQ1CJJ3hHnvt+uG8+fPRPJ
lckjkLukibhh5keXtiN1EdUcVcQ5Z+JQZ5JzI7tG1KB6X/rhtV53/HVLZogNQAB3sYtq8ifX1wsv
ot/6POR1g7HM6lk1hJ8xLKGJtIAoFxfbmLXx6Yz3K5qSvczIRcnwPsD54Jzth8QwPLAWFtIO/XGH
YFiP746wJ5/rtiZCT5A4MCtrdfPEXAeXMemOAXngUgQbb35cr4NcGy359cKAbAc7e2AZgD0t6YkL
psbhdvLHbXxD047C17nAXPn98RDt5j3GBFrnxbHriQRbzvbHDc73OJBdbnSmxIxwFtrnFCCy3sts
AQDzO3oL4gDmp32wW1vX1xIa9j/TzwPuD7YkMCbaCftgDYbL9sScGtz/AGx1wq2LH7YtIcW/zWwZ
S3Vd7dMSGDXO17+WFqKo7ipSXRr0m+k4Dt9JPgE46peKOE8pzaCUCaOFqWWADUY3Ucm9CORx6eXN
KYVqVVXGYQi6TvsDbr98dJ053irNl5ipsmD1ExPem/iOwHphXKiq1ncVEJLa7krcbcgcSXnIpTTw
RpsyKeY54nsnJOYGszCcWBuSfbljUB9VVST00lRJa7SC9z0HkfPFK4iqCpkqZagWlUsqt+ZTz3wB
n8wNZmLx5hEjQbo4YElLi4kG3kQfWxwsnC8rxq9PPG0wGpWV/C//AEkdPQ4cjKkRXSCKCpgWzIlm
jPK3t74qXHGf1VTRNQISe+Yu0I1aZNNyv0+JWUjYjyxitKFS8RcScWUU71lBNQJSTmONmbUKmLVd
ZFI5sLWNxcH3xn3arRcP1GW0uWcU0tY8stQgpmy8AywSAghwGIBCtbUb+fPAZFEq+1tcs4uqsqyS
RMwrpZnR5JgIIo41IBAjcgIGOoLvfcEg3Axa24qpOJjPRZjwx/Cpnl1LW0+bUgLVC2KDSpYoLeZA
PnjUisTnEGedsFBR1/DmS/Dsc8MUTBMw4RzYQVrC1zL3QLl7A8lDWP5SDjIOzbjHt3p+LqGSfMsm
zSmMheOfNaRaSt1X8cNRCQoc7eLTZ9gQh5Y6SbjGuW4v2w5LwLmTS5V2b0GRZ0keqTK6+Bfk65D4
nkp508LgdVurD8yD6sb9wbxovEuW004z+nnpq2lEwWlY1UNOALnS1rqDyKsfMqTvgvFE5i35HS8M
x5NTSZlxPXS0oTWJZpBJTyAnqTtpHRufQnFgyrLMvymdIcvzGYxgH/knaygEbFV6DyAYqfTGa3D3
LXzCpjklhyyirIQ41Rq4Eii2+pTuPvf3xK0kGVyBKZ8okpy3igeKS2nfl1H2NsDZ7l6tTTyUVTEj
pq1IRYOfIXO2374kpZppKP5kZcxCC0n4ejR/1W5rfz5e2CI2Dx5dolqYrJGbXjUva/I7XuN+m2HV
SzVF6mWmLSxgBZI72ZPO39MJpBKCSGEyqVdY/HG1vxIj1sbAMP3xB5wtFWSk1s3ewM+g22KN0BW2
3TEzraEzDh+WmgaWGlgEYP8AjU5JdGHI35G3Ije4w0cZf3vzVVUblgj6bCSHUuzDoQRtY8/Pphgs
RNdSzUUpFIzz04cKtTSMbobdY2uCD/07jCJ4fzuuqKSfL1hqVpgFbW+nvUO+kkbMNtri4OEHWT0s
7xNWZdUVNPEk+manlGl4N7EX528jyPliWyehr8tVsuyqI1VG0pbuWGkrfmUO9r9Ryv5YKYtNJItd
SkLanmQaViJ0OD7cgdvY4lKWresy0PmaB5IhdrgxyH7fyxh01o3no6OqRK6Csk5E962xHv5jCrLV
ClDtoLC41xm1wP8Af/nAf5dT0DVgaVJI5KiNSBGbapB02/NguhjR60LQDcGF7lD5gdRv5jbETeup
Pmqe/iui+KRGsyqeVx+ZcBS0ulvlakrOdNxqjKlduhGJei1LNH4qQzFSBYvLzt5X629cGqHmdVjY
oxj+moTxKw6BhzB8v2ws6ISxzJ+K8+qNxsN2HPqbXHvhjnNatNplqO9jU7CRmup8/GP5HDBdBgrp
O5E2Vr36sP8A9opZbhG/6hz387HBaHiLPJkenSpgqXh3YPGUYD0bkf0+2NMOLa40GY0s8Ku1u+As
WP8A3LZR+2JbLaWd/wDlpDJJqNuYbWPQ8/scXQOKXJpkqUCAaGvcON7YrPHHC9PAozOGlY+dj0xB
Q6aifKcx0y0qNCzB9zsoueX6Ydf8IUrGP5gd5U1YeSJA11UMCRf72xjbUQlTkDQ08UFEA8tC+mO5
8AexXV9icSAy5aasiNYZGmjg7oBTbVci9vf+WM3p0ifo6qOdI4qiDV3UlhduY5/qThhmtLRJSVLi
XRUSAF5CNtgT+1hjG2unnXt9yWoTXPTSSSSKvjqCblgem/L2GPMky5dJxiY3rAkNMhLBb7noDy6+
WNY3YznDmySqfOgJqXWj3nFQ0Y0W5cvb+WPM/wAV3C0HDHF09V3KtHWx94dAsjt0t69b47RyvLNq
bgHMarN/kqOtW0kKyIwBJZTH3lh9sQ2bwxwiIq9iLhtv0xaCZXJKbNeIsqyOYiFKiGK7pdvqjuDt
5nBOFKiLIs6ir66mFRTwsY54WH1RkWP3sdvWxxJZKyGq4b4nr8mrKwSUlcyRtUAeGYGzxyD13Bv5
McRvD0lRlGfMFcguz0zxA/UrqVI29/5Y2yloTVZFSTQ1iurgS0rUzbPFIB9XLocez/hd7XqHPcpy
viiiniWo8AzCkUnVFMVAeRQf8xCv7q/lg2LHvvsu4lmqcro8075Qw+pS1wfY9euFONO0+jWB3inV
JY3KjUdzfmp/30wSLt527TO2qgrs/o6GtqU7xp3hC9TcXHi8uuPGXbpxflOT1tZWDNInkjE8cZjF
2V451kU+oNmH2OOnXBis9mvHlNxLR0NE6AS0VUZ6OSS3hAkD6PQWdh9xi402cVVPx/XSZpmCT1dD
WrPHGEVrxM2l732W2xHvjnLtrWlk7Ps5mTM4qrKcyBhpZJNwx7xiRdbjlyJ+98bnwHxUJuD6P5lQ
DS5kY2I5upIK+3hk541Jyzf0uvFNJltVlsmQLSRKZLnWT4tardG9iLjHj/tdFRW05nMkEc9OwdEe
4F42OpfU+C++NzpmXl5v7S5fmM1mpJYDAKSF20lbBmLeE/owIOM5WKqdhT0g1SStYC+OWTpFq4V4
HGX1kL55Ce8aQfhsNgAd/wCWLRT6KCohM0iimYGOSMWJCtcfyP6jGNta0r3Ejx0zfw+WoMiQXCsw
9dvtbFUzV5oKkVEDJ4vpMbXBGEU2pKOScsYzcru3ph3VwRRsrxMrdCUWwviD64f+nRwJX8L/AAt8
L11RBoWpgac2vsGYmxxuHFMUE0GqKNWsLANzIOLBjT4K+Jdi1/6Y6y9Qfbzxh1Fs31EXtgukggkf
riVGNtN97YEE3u25/bEgEG1wf0wPXbyxFwZRcsbYMPDsDiZgDblflgLXBuRv54jXDfra+98Db1+w
xIWx03t/bBSwv1tffEg9b2wKk3FxY4kMDzOknywI06bk88SBazbYBhY+E74lAbNfzwJ2W3O+JACr
puvL188cRYbdDuTiTjYDYc8CtuY2PviQUYEWI54Anyvv54kGw1E3v5Wxw2G/XEgxi3NfbBwoG99+
l8VTlJUXDewwaKRlYOjfcYIntP8A9LzPu5lzOUVBVwQsoZrobC6kDofXHtikrI80qmeopgn4QIZh
4ZN7cvPHXHpnK8rjUVdTDl0MFU4Ii8II89v6jFjyWrSeqaREYa41Ctp5E4tBbcodTJHrQGNAWFub
G/XD53mjnMSSd4GbxMp5+f8AbEIVmeVab8Z7qwJJY7ITt+2KR2iZnBRtBSThlMg0ApzTyxQ1EZfH
OsaVUtLG6FdJqdzcdCfO3n5Yf5DllK0rZbXK5/PFpYhuZOx/qOtrg4aDqTIY6KfT8x3qXP4oHMeR
HQ7i4xAZtwlmNfMZ6OltI6Fk/KUYEXIP3BxgxQc7ouIaOKqpcwhpzr1NBTovjRWUK6EjmpO4/nir
5hwpTV9LHmEtOFV0YT17opMAJ3ijv9R1X3H79CNMp7SuzXtIoK2LMOC6fLaWSY97JUZzHqMSA+G0
qOCb72WwAAtbqaZwt8ReWcI8Z1PBtMHzKqDLFqTuoqiEkb64nf8A5mFib7Lt0J67g2v8K8NcW5jU
5n2M/LUzUsgmqcs0yNAtRy8UJj7+nJ80OkdMY/8AEh2vdtNdJmWTcYdnuT55lVXpjWTKqstXHSPC
5Ri7OyE9Ab7b+WuWfbIOy74uqzhynPCnGEdfm1HU1CW+YqdQpypAU9y4K7WG6MjY2zsy+JbJeDuP
ctrs74rquGIawfM0s0VJ8rTyI1wxIGuMKzAjUGJ/zeLGd8aae6uzXjrgbinh+j7nPRDlkjH5LN0p
SKSdmUllLRlomvfdWCte/MHGo8G5BRUPCCZFTVUsIpmb5XMckbWlMG/KYnvZOYKEkDpborpZUNLk
kMNZV1YlklsoqYY7cuexAI9iT+uJqqgzJYPnGpPGia10fS4Pk1uXoeWMtQ5ilo5snivl1RCVG5G9
weYYbg4e0eo27nOrWQBGlsTblYMN7emAkY3npKphJT27zZhGLgWHl/XDtZK2qUtUBGRVClrWP2OJ
rRlA0sveRCskXuzYxVBuG68vP74aVeTPXs9TPoZGj8UkJa4P89sQIx5ZRxI8I0iS4YSE31na4K7X
PuL4Sky2nr6Waimy5AoXcqbqw6ct/wDxhFV1smqcvr1ip4HMTHUCm8UwGxRwdgfXHfIZIucwtl2X
y08joQYow2hvRl9D5WI5jDGbCspXJ4TVUU0k8LsFUhu8MXSxPVcS3D+WGenkAmkIeQHXEdQikty8
7Eb4L2cYlKqWpyin+fzJRVRBtJlRblVPVvNbjn0OJFJaKuoe8pmWToEdufoMZrejeqWKmjWaiVop
L7xNurg8xfkf93w0mmOXTQpTK51jUqc9I/uP5YGpN8FkhyuTVL3TxsjXKv4o39jzHt0w9qI1BjkN
bqil3s51C/8AP74kSQz0zrHPCbOCFuLi3p1Hthajpmhi7h4pEa/hdNx72PTCCtRkcCs8sC677SR3
3P2wWmyNFg10ExU76onBHL0/tiit9GNfS1FMY6iN2YKxUqD41+/X2xGVldUU1K8bIj96xBQRnc+o
xqdsXmIaCCBa75yllkp6ljdZYTp38rfSfZgPfE3NLV5pEtRmHcTzRn/D0lGYe1+f3Pocac6Tatq6
LVJBOVVT44V3B9GVrWP3xKZbmNBVl46Kd4ww8dORZhbyuMSiRoUdlNPPIHVTcSE2/focO6yi+epX
p6xD3WmwbYH7+2MpmvEeUrTVkdPIi7NoN+gvtjqjLWUpmsevTCNOhBe1tv8AXGa0ZDJI6ZW7mN0s
L3uTqe3/AIwFLlsNPM8tVMXkQKii5Ivv/K/64xXWHFLRpRkSmoUA6mGs/UeV/wCgGG+YZBU5vEI6
xhGjcoifqAG1/cnGe2tsX7fuG6agyOdTKJ2WI+NgSLAH9d8eOa+n1Z+aCZ0WFn1O6qFbV5AdTjeP
DOXK2UWZwmvospVx8zVqNMjR2Xu+Wi/mD/PGE/HXkOS0+WU9bV5ekckbGDWhuVbobcsdcO3LKe2I
8H8RZV/w7QS5jDEdMfyLCQ/VpZwp/wDtdB9jigcSUstPLU0EioXhlKXU/wCU2P2w+mfaw9n9BK2b
LnVRPb+Dy00lnBuFDgEXHIWGGNaiUWf5jl8bhoxM4VwL3AYjl7WweincxzOTPeBEoJPHU0LKhYWB
CJfQfbTIV/8AgMQ6wNV00VQ1xay6kO6kdT/vyxoH+bV1XndTPmdYNDzEO1idN+TG58yL/fGsfD1x
1WdlHaPlRzKYHKs3iEbSg7FS2oMPIhgRv0J88Gha+mXZhxtG/CMrl0aKnAMCxNu6W1Aj16W9MUHj
74jMizRZ8mloUkR/GKlTpZha4I/6v52x0k42y8qdtfbP87maSLopq2km7yVHkFpdHiDAjmStxb1G
POPb7xPUZn2g5kqfhU3eNLFFuBpY6r2/+WLLiHGcobgfOK7KKtczpa4gp+GFAv4WBHLGz5jmqtxN
Q8RViwyLnMaCaKMsWkAA1KB0uy3v0NjjlK66SnCHHT8K5zJHwxSydzDMsgpp2/xQNVzc/wDSPvvj
0JwnV0NFkIznJszkqaeqjSRE+pbndGA5XGynGsbyznNJnL+ONXFYy+rmgX5yEywVMpJAfna4/NsL
Dl05HGD9tpzuHjGanyiCnlhqS1VA+m4kdbOVtuNtPIjqwxue3P2w7tcpcuq61szy1O8Xuy4jZztG
y3UWtzQ3U+wxk2Vd+tfHNE1mWTmfPHPJ0jUJ6ipqMiGeZhWd7Nr2UfkNxc3xH1NOaSKSD/Fgn3fe
wQ/lH8sc5HS8zalZtma1EMqSsElUFdFtm3xDQwrLJqfw79D/ACxpzS8eU1GW04rlkW5S+jfceR9c
TvY52aZ12sceUXC2WUzskso71+ir1OLek+3fYRwimRdluU5BCjd3SUscTIemlQL/AKDDviOhmgY6
qYqE5MvI4semHwLspHhtb3wJAG+MdOoHCi4BP2wUgqLNY+t+WJA2HhDX9cCBsbHn++JBUAcxv5Y4
9VuP1wH0FrXJPTAEEb+eEUFuRG59cBc78x6YkEnSPfpgVLWsCD74kCxO1rffAHTaxHPEhbgbkm/l
gbgg2PXliA466rY5NgAfbniND1t+2AG+x6dMScAFuLm488Ba67HEnCw2vjtOrp+mIijcbm3pgQet
v3xAYexx1iTe++JBY7XA/TAA26+/XEghbAb8sHJGw3uPPEghbj+uOTYbi39MReof/TZhqK7ivPaK
kqxqalXXTltJIvs4Pof549RcO9p+ZLxrLwZnOZxGSlSYXF9WpAAR9wVON49MZTlunCeY1HES0yx1
WpV0MTq1DkL7407hmnj7+WaOVZSigkX2BPQY1Gelqy2pURSQMGDaPwwevUnElAFVYzIbGGO+q/Mn
+uMmTRLNszhocu+f0jSm5jPXewGMj4nr5M6zn5ylKNDGShi1WBF7FT6qbH9MMVW3IIY4kjgdEkFg
xig2uG5so2v1Fup9cSecU8WTQ0xqkD0it+HKCW0g/wCYYewl3yugTL0zOjUyISJVhuGs2ndT6Eef
p54gs6zcvkztkcEcVUiFkjmOkhh9QPpbGSpGa8KZTVZy1bmEUsxaAI9Ur3soYsV9tXIjpbCYyfLc
vylZJsoo5DSSmSWedLpT3VnLC+w26+ZwaLB+37s9p8zoKPOKegT+J1kLQx0U0usIWDObBgSgs2qW
VuSjSvMYxfJOzrhzOeE5l4o4opGqgNNNnMFImRy92DbTTyANIQSdtRW4vuOeNzUq1wxDKe1TjbJO
Oq6lyjiqnlrckn7qTKM0WaaoqkEgXQkxYTueV11H06Xnu0vjfivirh2pn4+ipqLK9aVlPmDVDPU0
UmrZoZ1AljtsPxo9QNgx/NhlZ0w3tDo+NuJAOK+IMmbM4Siyy8TUcah6qMkhWlkjJQubc3s9wbk4
vfYRwJF2j5PNw1wPxmudxIRVRcP5l3Uc9BMLAyhHNmVhsWhcm31xsNxTvk3rh7Z+CvMONOyWvXIm
4lqqqhknvW8PzQfLzZdKNtW6iKSI6dmueYu4JBPs7hnK6PjbOYMyp6qGneId7GkiGnqYLbHRID4o
mvZo3DLysw2xa12N+4vWT0eYqdbUxAnb8QOQ0bEHmDzBNhzsffDmskgjCUdYJae0l4pluqEG90PQ
XNj5XxitwtAKnKakyZZmAkWYASQ1BP1c7EHn6EHDjLpKbMqSVniWCVgzmMEEBgeQvY/bA32HIYau
YyVEb96o37uQnVGeRFudvTDyeNZ6IU0CSKyjUBcra3kcXS7N5HgnrWmIZQi2EcgLBeR523B9RcYa
1OZF4mmodcXeEamiPhPrbkfI+2C8HWyWaRZfPAyVU3eRjwuyHlflf1GCx0ctDHFJl+qSBjZogoLA
9GPX9MUNhpXLFFWx1OW1bwNKS5gY+GQ+VjsN8JvHNVBKwvMruf8AEVdO4/UH1BxbFhPLMsKZhPUZ
hURmnnYXsCYy1rbjmh/briXRRklHJBl7EaT4izalkXoCfPFsaKmGJWiqnrHjSRbtEBdWF9z+vPAw
xx5dPLShI1u34ci3CN5WB64GzyjkMysJotKTnSwK+HV6evpzx38KAnCyTxyrcMgC3/TyIwjehanL
xlsrBXKxSgv4uSnCfd/PKqItrC6htuXt/MYikIgZ2C1NM63Wzt/m9rbX/nhWOcGJRJUxywILapxZ
lPkfXFGaUq6SNnjcR6/8jq5Dr9/73wuaSeFu7E7/AE3u3QdLH+2GCouuhr6BmeqiDoT/AI8nO3kS
MQXEyvWZeGp4FpnY3SeNtUcl+jDmMMZqCNPCkoo86pXEhGzB9Q3572/Q/wAsSOV5RGKhstTMG02u
tLU6nVh6E7j3UnG3O08lqKuTMVgq6dqnuV2qNQvYHkTyYehsduuEKHNKNMyE1ZLHHqJVEIut/IG3
la4GKpZgaatpWlpW0Sps8ItpYdQAdjh9QZgkuihcCFZBYBhYHGCieL+GKaspDUr4tBsY25j74pNP
I9EWjaNnidiu52BsTyxnJqJOCmp5CaiBzIkceog8gbDfCIpqampmSojJAZXuo5Lfp74xY6Y3RrU0
kApfn5FVzE40x9AfLCsjVFUySM2mSTx97GL6QLn9T/TGWqyjt2kpaXImgroO+Gkj6bgWve56kk8s
eKarK6eTtIWuj7uGUMY40qE0hiem3U3v7DG4zeJs4kiyXK6laE17QzKGlSVTfTpJ3APNTY8sedvi
u4zjzfIJ8qrKlJJY6iOeOVD4dAPMeeO0c3n6up/4VnVfRxMGjWXVEW2YqdwR5bEHCfGtVT5zVS52
ngknk1lQeRPPp53xMrX2RxDNc3zXh2qXu4szy6aRLjd+6VmS33B/TFTohUzSNOg1aWtrJ3vpv/Q4
PRPsqrHgrnEiMY5EaM+I73BH647KgZJJIJjs4Om2xta5vhg1ovT656j5c1Cq+iweW9iQP26Y1DgS
kbjPsmzDhsu38Z4bqGrKSKGzPNC1u9XzOkjULeuNY3Vgr2/8KOY5lWdmeV5vUVrstRAIamSR/ovb
Q9vK9wfvjEviMyXM6XOcxoIM6jyqGWWRFdTszgMygn8pPTpfbqMdMJxYx7eVuMeK82z6aizSqDEx
AIWckqwU6C3264q3almTZlxvUVV0CvYfhDSuwC7Dp9OOeTc7LcKxpST6qh6do28HeOC3dta+37Y2
KgyhhlWWNV5k4qC6SU7Qm8KkfUpa197g226+WMY9t3ek3x/leZZPxgJjSwpG5CSyPGFjU/TpXy87
9NsaF2X500GRVGUNJJryJgZo421alJ3dfQ8xjWgvXES0NZlkFZRyIs1NIk6FxbxHc6bctQ+wNsUn
jjO6viior4arKgs+USiqDd2FeeEm+oeZU87c1f0xuM15vz9k/wCIFyjNq4y0/eyCGrG4AIN1Ppe2
M0PexZhVoPqXVdGFv2xzyaml24fzQV9DHRyUzFJ3GjU1/ESAQ3kMROaZj/Du9DVDa43aJkAIVgf5
8sZO+NKgzNV1rmofSoN2OJPJIaBM1V62l1UwbxFNyMS7WHMZK7OYI6BzH3aNYTEaSVx6R+DHhrJs
tzOKekIEgbU0p3LG/XGMvpXp9NeynNHGV0lFK+tXUaZL8tuRPXEzxLTAaoJSSqnZb3BHvjpi5vz3
K1uYO+B6ah1xzdXFVYE+fTCb2C/64k7/AKhb1OA076bfviQ4VebLc3wGgKbasBcQNIO+/QYAt1Nz
hH7AbdeX88c1idj9sSGUhSLkj3wBLE2vbEg72vffBHK2te/riVcdK28/TAAKu9ue+IDsfDucCCPp
6HriOxj4TywFt+W3ptbErANz3+1sFsDyPTEghTa3+xjjz2II6AdcSdbe374C4LaevviVCtj4bnfy
wb0VdsSDYWuNzgANK8ret8CcvjO5Nx5YMbFgOXXChhzBYb9N8De+22BPRH/p/Vv8E7T34kijZ6f5
d6WshjNiiups/tcYuEnHGZR/GFXPStLVK1IsQgLWF3A0g9L+uOk64Zvb3f2VcPw5Xw5SxR94G1Kj
jkENhjX+BqeaSnethjuCxXw7jbmcb0z7W2hjVZTNUqCYlJBPnbDjLNclBJLUjc2AHkP/ADjFaQfF
s0ktOaJUH06mudsZ1k1Fl1dna04a4lkOtT9IZenrfl741Gb2u+YR0ORUlDmNRWd7oJsJebept0Nw
D1GxxEcV9uXDC6uG6qqiVpXV1SQH8HUNLXsP82kn0b0th2C8PHeRZFw/Kc4YkVVj3obSsLXIjZep
uRa/X9MYrL22Vmb8d1c0tDJDSQRQNVVSkljMhJdQORukbkj06i2BqLbmXDvElJwVw+i8Vj+PVtQK
WlqVP4Ml0KrdfWMMbbeL3xd67JxmVJHSz5hFNGdLLThrRsirre/Q8lX/AOWM+z6Z72ipwlDUVfHP
EsoFLlVLqhp3IK1csoCqpuPEvhFvMlsUjivspy3iipoM+7QuAqGSnlkVKSKamdaprE6JToZdKtbU
dRG3od7fJrzn8Q3wwdknHuaZhX0mXcQ8MmKp79M9gyTvsojf86uadFMY2+pgQPPrilS9keVdmdNN
2hcL5fJxrw+shnqqnhitMk+XKpUvI2od5pJG6SGZAem+Os55YZJ2r5l2fZZlw7ROxrtEqNE7MhXL
YZaCppCzAnvwn4Tfm2YIGvsTbFcyvtAoMlzSnq75PxZCzieYPQmgr49I5BlK2PUlGa5AOM3vcL13
8Ofxadn+QZHBmFP2i5zQyUB8NPxhTstNEsh2jaqUm1xfSWJ8+XL37wX2xcB51k+WcTZ3wtSZd82p
KZvQVq1FG4IF3DoWC9Duf1GLYaVkub/w6BZabPRPTkELOy95A1xexIJ0n0Ox6HEhR1U9d3VHG4ET
eJZKVu8MbG/JSBcD9wSNjzzdGJemiz6CoYVNVSyLfkg1RzL6K24+24wE072kadArRyXUX5rzFmt0
8+fMHA6R1NTPBTPWUtSWUnUYXe9xcbqbC9uWxuMOxLUxv3cNM7ITfQLkEnmp8if54y0MsElTGjpB
ZC1nL3VwvmfY9cNJY545ZYmNMEhbWvdn6L+a87H0uMSn0RWGCtqvnqNY4o5R3czx7MtxzIvYjob4
EUjUA0z1Okn6aoCwDDbcchz9iMDf6Na+gR4+8q5jFNE1tcZuAxPMjlpPXBVy0w5Yy0ztMjORJTlt
Ohuv6/pv0xDs4y/LWNA7QSNDJEReOc8x6XwrLVVNbRhDSQ64VJ/CGjUvUMn9RiGuXRVIo4lonja0
ia1QG4HmR6+fnhuk5+SEVVUhgDo1hfAR0DDp/LA1IkaCsqaFQAjiOXZonbUCfIE8xh7VB4YfwrWI
usbndD78/TCzYFIHaA/OTgR/5tyYz5HzGEZKShZEpKia22oMp6k9D64UU7+qg/5AqzWuEMnJh6+u
HT0cFTTvHUsx1AAuw3I8iev3xQa0Uy+ko6bVFTFmKp4RLc2Hp54cRTQQrapmVWI/DaMkAf3wwWle
5imKR+CVFHNdiL+X9sVLiLg96TNHzHL5O4UnxU2k6X+3Q41GKJW0rQUjS10AnjIDIV3JHltzxHUs
FLmE/eZTmjI0R0tRz21p6i/MfvjTnTlszqMsrI6Os7hHdSgOrUh9D1HPoSPbEJxTSQMuuneOnmY7
gjVHOOZLJyI9VNx+2GRbReW9o9XlqfwqupUV13SNJdSyp5o35l62O4xP8N9oqI0slTX66RxfQ4Bk
HsOtr+4wWLaw0fEWXGb5WGR54ptgwH+Hv1xDcQ5PTLURzxkBNYuLmx3/AKY51uUGWo1JBpdtbSSH
wL1C7Wt9sL/KyPVSRS20ixUjr/sY510hvUZd3VJ8rotaSxY7jc8/XnhvLGlBRvQ0pNluviN2JPM/
ti01btm/b0KRuFZKOHLHcqpvIWChbnYm/oMeF+K+HkrOLWzhKjS+swQNI+42ubW5nlvjcY2z7jri
bNMjzqfNsyy0VH8PTuSuv6FVrHbrsd8eeu0uWhr8qzCdYbLCwEQBIAVjqH23x1k4Y39MvfPpaqqh
lrF1NTqIrKbawBYX9hb9MBmDH5BUJ+rxHTjBaB2QVlNUZrkixlWqo4ZIlMi3VSshI22v4JDtiEg4
IqmzziLKZS4nyks4jXmwR9LD/wC039gcb1wz/JpDR11FnSRVdK6gnVpva/64QllNDXySwksykrYj
lcb4FTzL8nnzDLKnNkYPHQSRGVWb6VclQfa4t9xjWezUQcEdo+S11TKUFQhp5JoQyhJ0YhWudjey
gjkQx6Yf2L09p9gfFuQpwpmnBVTTrTy5U7U4gpwFZENmXa26kMLH/qGMS+JLLs0z55aijrVniqx8
tLHPdGilB/CkufUAA+bY7YX0xetvIPGuf1eZZi9oxCxYmSGMWVXa2vbyLC9uhJxWeIMwNfnUlY5N
5DqIv1/8445OkWHIlWLK7vSxnvrMtTKxGgjbly9ca12d0VbmeWJTVWurbMYRPSqrj8OaJiCpHS+/
uDjM1Gu2tcbBOKOGfnadu7qEpo6mSm2W4C2ff+dv8pxWezXP5Y+LMuzKJVKVCGnlMd9Eik2VD/2n
w3PULjXrhnprUSR8SZFVrHNYUUggeNgVKIx2uPJWv9sUrOc7zV2WNmf+LZOjKrIoLVlMzaWQi12Z
d7eY9sbjDJ+LMpy986rY6SBZKaaZZITbdNY8Qta9iACP+3GQcXVWX0GbtFRQBWWWVTtubtte/XGc
m52Sy2ubL6MKbanKuviO3+/6YbZ7m9RPPIJXLvI1rlbdb7eWObRlBk7Gbuqi5cgtpGxONC4cyOm4
Z4WabMsreaOvT8OY7d046euCpEJFKMxW19JNrdGGPX3wQ8KrLmkE00Q7uQi1/wBsYz7V6fQTh6hl
yzKFoYl1xt9NucTeh8sSkcNXX5e1M4JnQcyfqtjq59vz6KLWv0wdbci3+mOddgsBfYH74TIsd15e
eCLTtzv/ACOOsCp3ttscIDa30j13wLG3Nj74NIQEaTa+OFrjS2/UYU42tfUcAT4ue2JOGkkWPLoM
dfqf/OIOH0jxYDwgDSLYi4+ZPMYBdr2ve+EBIDKCTg6jSpW9x5YDBiLgWFr9cBIy32/TEv2Lcm68
scBb6jy9cSDYMCb8/LAi19+XpiLvCbkCxPXBSCSAMArgADa3sMCANWm1xhA6W+kj/TAOoFhyxEJU
De9r7bYBdJtc29sSHXSd/M2vgwG237YC2/4IJ1g7RKimZwpqKfSNZ8JNxtfFj7F8mzXJ/jWrcmaR
o4nqJtMUp1atIuFuegPLHTHpnKcvpT2bU2Z1mQvTT6jU1raAVH09Sd/TGvcJUz0kKwUkpFNSrpu4
2djzON1iJ+PTNK0VVIBGVDErz89OCZpUvT5YRD1NwL7k8hjm0p+cGvy6Grr0i7xwAiLfdiTf9gMQ
GU5dThv4w1Iyq7FwgawRzuVJPnc28tjjpOmf2hu27tHo8jfLaXKqhvkc+hmpRV1BvBR1KobawL6S
WAX/AOXtjy4uf5lV9qK8J8a53WZWuZ5fPBUQ1D968OlNMcurzBdfGLXEV+e+KqLx8UHbHnR4A4Wz
Xhupg+cmrqaKtCSWDRytZtS23AlQX8vCcZ72W9r68Z/xxssQwVtFW0tU3et4JKcj8MgHa5ZTCeni
GM2tYxs/BXbbR8R9iWQStUPSNLNBQU+ZGQEGSOqBMgPn3TSKf+04vtH2icO8QVP8R4g+Vo6TLKSo
Z5IHuYQWCFTba4WNGPt64zDYd0CcFcY8OQZln7wM+XNJVMjyAx9+uvu0tyJRGj2H5nHnia4srMoj
NPxGeFpswrqSAxxzznUlIhbd1Tk072CjyAJ2HNVVMUnaa+axT5O+TUFAhLrlkuqomQEnUwZWSM3P
O+oc7HGadqebdnHZ3nR4dzmrpsoXPWKNU12lqZJzeyltIZVN72NwD9salYs+nm7irIewej49SrzT
gfKKUMCBVtlakZlIDv3VXTuIJTew7uRfER/m2Oa8T8NdgedpV5Zw7lmX5isNU8S5blEC0tcC1gC1
NIUlEisSGRXUG1wGFwNJlc47QOwziSTMOH+KqhpaNRBNS19JJGUjBFopoJR9FyNtxe1iDY4tMfxQ
doPDlTS5xwrncvDtTXXM0mVx/gubWZWRfw5UN9/DrF7Nr54xZovbf/p//HFmvF3CdHBxlwtU0dOr
NRz1eRzKsKgAWdY77G5voIH/AEm3hx7n7L+K6fNG7mlzyGtVovw2aOwlUXFj1vsNr3B88Xpa0uNH
LmOY5Q5rqNI9L6o1Y6gkgO+/PBMxzX5iop4KpPHOmtkFyosfr8zuN/tg01Ej3iUtNHVKqxiYWUi7
I7AbH7jmLYWbOYXpKWsllmiSQhHeE61DAmxv5EbYG+0lX5pTNRisFRZWNw8akhv7HEPVQZa9Vqr2
srlTDONtLH18j1B2wVrEZKGGGselR2Hf7CYNqAI53H9RjqGp+YD5bUVSvIRtFINJBB6eYIxlonm8
y0iHuqaV4xu0SqNSr1t528sIUk0JpGJzBFR7MsrG2oel+vocHta4G7xJ1FJFUMrBrkFbeHzvfcHC
4ppmhiSORG7oHRJqJ1jqobr7YZyuic0CVSFWlClCCOoDfpsehwNHRvRPLDJ9LDxI1tj6eYOEj0ta
1Moj7qTuyQLSDUD6Mvp5jfEoZY56dI6/Lo01khZY3uD6X/pijNjp6efLtUTR95FKdIDA2v7YGhpa
IUSrURjQjFTGV1FL9PVTbCBnp5KGENRyGSnPiF2u6eh9B54XC99L3tJUjWRcI3JtvPFpmntIkFRG
BVrNDLe+lRuP/j1H74aZhSs03eUcgs+zwTi6P6jyP6e+EAijmT/l6Bu7U7kMd1Hv5++Cy0tfVU/c
zOjKCdmuAR/Q8vQ4YzULmWW1dO+nL5DDKX1GBoy67c/D5H9cVrPMxqTmPd11LFBIh1BpVLwy/wDa
/NTbob288dIxUFnHGuXUOZjJBmEyzqvefIVoDLIo6q3UeoJxWc97UcoaKeKaFkhRwJdIt3RPKze/
nv6nGtMKnxLxVw5nbnh3NqmKNpJNMVa6+EMP83Igg8iu4vffcYhM24wz7s9zlMk4szOOngqAjx18
sgYK3JQXICm+9t9xte+KRLzwf24VFbWrlOZCKCoSw1xnTFVC3NT+VuvljSOH+PMv4iyNqsVkbxo+
mXWumSJ72IYcxjlZpqX0l6PS1b34lBXdk8W17f1w+EbpJBPCVLMjXHnubY55R1gpb5lGgETI5JYn
+f8ATEfndDLQUxzBR+KyHSoO97c/0xnWzvTFviGqc6q8ineCp0whToIXdva+2PGmYy1dJnzxsndW
f/Hvr0W6D+tupx0gvTzv279ophz2o4cGaukpZ5lqUS4Bv4kYddgPXGPdpOfCto3gjp4EkeRNUlO2
oMDGNiem+/39MbZV7hvg96yupYqjWVrKeSe6Jq021AfqVH64CiyGqzgtGlI7mGPU0YNtPhNvflg0
kpw8c24WanaSJ45MqqpdYIIAay3UkddjhXs3rM1zztL7w1zSPU940qSHepABYof+4AjCNe1s7VOE
azhugpa2qoi1WrSUtSzbiJ4ja3kLqVO/mMV/hvIKzNM0lp1oRJFPD+IC+kgsQFYH0Zl+2N2aonMS
vA9LSU/E8WQVkJ+RzqielqVZb9y5Hl0tJGp++LvkOVScSPJSQ1EBGWyQVUtJUsQ0mpQjnVz2aO3p
qxSDL7enOB8rzqhzsZ1llVKKitpO6lie343di6b23DLcX81G+KD8QU1VmcElXls4FEjL81G9g7qw
JNiebA7j2AxvBmz6ePO0fR/xPWTJGsaykkiI+HURzHoTv98VKcmSTX3lm25nHLPt0x6XLh6Vm4Ha
lfQFjq7m97m6XHrzU41DhKsbMMuizqnrqZJoFWVlmupGpSrABd/Kx23AxjTSd4f4kzGTMBBlNXBN
JSFJ6eYHURe942Fty17WPLcYtfDPB9LTM82Uap6arkFQtKVuYkeyvH6aWAP2xucKz01Ki4dSgmoO
KFSN2zHVQ1qSP4Z2/KWA6sL/AHU4ZdpnZPDU0Mgy3MZErqU6qeoSwLg7aHPnawJ87HrjePe651il
VS0z5nmuV1CRx5pDSSSGGJCrJ3YDHxfbUPdsYX2mUNNl3EtVTQxsyAq2s3AuQCT+9sGU1wcbuq7L
VEIAjk6tgPK2Bin+dzFJJ33vqZ745NJDJAcx4nQM7NG8oUyHna+ND4raSFpMtjqXdSAHA3W45MuB
rsnkHCtXmLxtHGWPoL/tj3T8D3AdTT5fTtVU5W+6sRsMc+6LxNPZEKI8cc9LpBksrIDspHXCkHzG
W1ZzFnuvNkJ/fHZzfnwFyu/74FdXnY+YxydhgxHTn0wVlJN+dtrYQBtQIscdsSTq/fliQxsFv5+W
AsLbH154IgFreYx1wTv+nlhTm87YBhqBaxxK8gQcl236npjmXfwn74lOnWKjmbeWCtYLc9fLEAcw
SAb+WOUm1yfvhWxiF6HBkI087ed8Gj7CzebfpgVHQ398SAwK73uMcdIG9t+mJXgC2G4waxHO2/S+
JQJNxz36YBUB8RwQg0b7n7YBb81OFnRVAdJsLe2OOnVuCbeuD216A4HO3T74KCGNjyOEDKBba1zh
WMamA1nnz8sC01/sINdwrmdO0dC7NXSRwOW+lNR8MgPuBuMejuxvLMh4k7TxxNNpaq7wlamMbmQ2
BC/pjrizl2+gnZXkklBFA8tAO9SKwJ/cn1xo0FPRUeVpDToravxH0jkxOwvhyZgFp2WcpUP0uTfY
33wxzCsjeoFQyqWDWEINrqOvLzxmNK9ntVV1uiiVEXu0JlUHmSbX+2FKql+Sy+orcyy1FgVNTl/p
stiNvO18b6Y9PKHxK8b0OR01XkPEWamPLszkKTS0kRZxKrlDKNvrWMxuLdYiDs2M/n4gi7Uc1ouJ
MupYaipoLZLmbJ4oopjAbyIp5wz3Zkt9LSG3PGb21OWJ9o3EvE1Hn+QZdxHmolyuGVJPmDE9nMMl
nv8A5RZlb2cdRiSybKh2aHOKsSrVLQ5DWH5gKVRGirDKgtyuNIFj11DFWsWknNV4f7LKnIUrI0p8
sjhqZZJH0hHklSQ6dvCbPbbqcWXg7iCunkzbM88zART5vk9VnUtC+4D92NEe9lvs9/PUNsc+nTXD
Sey7i6izPNsqy/KIIqj5KOfMBDPIe7eWadELuQDexia3QBAeYxpGccbcLZgv8Ok4limMkJjdWk0K
AT9IPMMTfre3lYnGpWMpzpD8b5xltBkS0ZeiqqdVWVKejr46YkAiwLhtRA5+uMQ7eOLOH6zh+XJa
rL81zuiqqd4zl9RQSuvUgpWMEUODYgjUPIHHTFi/bxjVjhnhviuszvJctmqKOnmvmWUZgJ6+hMDo
qsz6o1ZJFLkFm2vYgjENxnkfZ7mfEJpeHeJ86lp8wVTT1NfTSNU0ZG6wzR2/5iAG2mWMl1HRuWD9
DsTMOIe0eoUwZzm1FVZvS06GPLquHvY85pbESLHUAkTIRa8RPTwaWXTikx1VMM5So4IpmaJyJEya
uAm0m3iiIItJ/wBLbMduTDBTGj9g/bL/AMLcXw8U5hU01DW1H/JyVlObGKIA3SqgIHfRMP8A3Ae8
Qre5tY/Sn4RPir4Y7QM6y7grONBq3Q00dardyiVaLqaJbC+plGtdWzKGt4gRh0nq3Is3zSmzFhl9
SyQSbvcm172JK77X/wAp+2JOeeqp2aOskJ0ymQxm4Md+YVh5gXH+mCwyrJl2b0VVSyMkbDUCrDax
a19RHntbbqemD0NDCVSvhqXWQm5jGyvvvdf81j98DcLxyQJTvTrTCQX1IZQQpPXfn/4wFVFTCGNp
5Hsq6Whlu6yKSd/a/O3vjNjUpnGy1NRGtLAaeSOT8KLc6LeXn74JmVFSTRfOtZ5LeKNzvtvsRy3x
ludiRqlRRwtGe9WTmyyXYeYHmf3wjU5ZTMBDQ1NlkUI6/UVNr3KnofMYGurotQRRUjJTyIkl28KG
4D77qD0by6HBqel0VUtNUROELl0nj5keZHmOvti0bqlKCBadvm7vUhrkML/TbqPTzwSenFZEJI3l
0qSyzRXupP25YdD3sMEklLWJLXvJHNYWaP6ZPIgdCPLfEuYZnRZKjS6SA3dTpJA62wwZD0aMaQpN
UGVRYGw/Q2/rg0RZQyzprUnaTzv0NhuD/TEwQkGqBmfwzxNpcKTa3t0w5TLaWmmMsM5kjYAsn5o/
X1vhG0tE6NQrpqUdEA0Mx3HuehHrjkkBF6yIsxX6r7m3W2NMdGk0sUb60ZDFIdzzt5eo9cJztWwq
siSL3PWIHc+obqMQptX1VMtFFVwHWjct+flZvP74pXGWYZeLw5g7Rd4QBIFPiPmwA57Y6RzrPOKq
Th6vo+64vyj+KQNJpjqqaPWkX/cB4l/7lt9jjBO0rNc94Nrq08D8RVM2X62FVkFQwqHRRsJYTzkW
31KLnzHXG50zrbNuJu0KvyIUub0ldHU5dWkokI8UdTa1443uRrB30NZx0JGGXFPbjwZxHwpDw0hi
WRu8ohTO92iYi+kxsLODzte+24BF8HXJZjwf8QfaT2ZPWUUeY/O0dDPeOmml1LEgG8ZB8Y87HltY
kb49L9hnxT8P8d0zZpl9V3VdEo+YgEv4pWw2eM/mXzF7jpcG2MuKo9R9lPG1HxjlAl70OqEDSuxX
09fQ/wBsX3K45ZI17t7iNSupugBvf9DjlXQtJQTNpmiJJuQYztfYE4hswrJq2uCKD+ByNr2wNdsa
+ICoFFwfU6k0iNipZ2+kk9Ft++PGXG1eKSkqa2md2nKukaRi+sBTy8gCBvzONRenjLMoqniHiGGs
zrMwVqDqdHOl0vdSbehGIeq4JpuIK8tQ5pG8FNKRJG20g2LW9RYHfHS81j2lOzviCLLOIMoSUi9J
RNFUKTvGqytLbfn4emHPCmQxU/D8k2XUPfy5zmZoY5gbuQIybAeXjBv6YpFeDjjzKEbjjivh7J6u
JknnhrIikmpXZn0EA8ucg5+WKtwLS1XBXGdLXT5cXqoGSpQagAoR7uGB5jSGBAw2KdabTxrS0vHe
VZzD/C9PzixZnSzb6i4QxyLp8yI2P/xxUuF+y7M0z+nlzCilTK54mWSW5Gi1wQbeRBb2AxvuMtM4
I7JxQcRTxZjToahpBMWh8SRqT4rH0ZX29sWLgLsnrKPiWrziPLoWaqDQ64QAikHQbi3O4BPnfB1w
u2v5FN/BeDEq82y2WXMMpjWWOKJiHeEG5jI9FJA9QMeeO3LjhpMxzWrSnDQVcBq4k0ELOl7uo22I
YH21Y1jNSs/p5d4mmjrMxlghs6EgROFP4ik+E+9jbEQcmkOVVmZVGpTSypD3duZYMTfytpxyy5rp
FhgWaOeqoU2lp445wo2LkKP6N98X/sxzepoYO/75fk1mjkrNP/0mOkknoFaxtbrjDXpfM4hm4e4i
h4l4SpYHIPeVFPGpWKRSAGXlcnVc+l1xr/ZflD5qRFTsY5XIJJOkSEi9+W1wNx5j3xqir+eF8rqI
HycrIKasA75wbfLvfYg9SHH7jETxxn+Y8M5BHnUrBq+jPczIi6hOmm2sC3Jl997jHSOfNeee1PNc
mpeOcp4+yXvatDIsM9HIPqjZfp8yCrEb4xXtR7qbOe/1sompQDG7XIINgD9lwZ3cak0ok6D5QT6x
ckrsd/0wEcB7nxMbk7jHJtd+yPJqn5ufOqSzCnXT411AX8x9sbLwN2IcR9ok/wDEO6REY2LDYW9s
Zt5W+G99j3wjtl2YIucwhk1DxRnkcewuyngPIuDqSOkokTS4DK46N/rhmLGV2vklMtNMJ0iBDNv7
4d09HFVIwlk8J3tbkP8AzjVD874BAuT64EeG+22ObqMFGnbHPbmTgIpBALBv3xw8Q9ugwh3SxY7n
njl673t54lAbnkOeBK25WNsCcbFb3+w64AbC5HvhV7AbE6vT9MALqRta33xaTmvzPP0wFjps52xK
gt0B+5647Y7ct+WIBB5EXvgwIC9NsRHuQ2m/vgGUHry3wHQD+XfcY4Bfpwhym3ljgNyOmIjXHM88
CB1B6YOkKVF/CP1OO0gG4scLIYyN998G3PMnlywdEBYW5chzwQ2J3JH2wrY6sCPq/rhSO2o6ifYY
i3r4ac0WVKTIOLo4ny/vQ1JWt9VNOCGQE/5CRbyuRj2n8LHAseY8QnNpMoLBJS6oFsqEte42x0w6
YvFe2OGaIR5br1eLV3aJb8p3JxI1OYR0EEcSISQ1wBttiohtDK02Yk1UxPh1Nbe3W2K9XtNVVH8U
LOe62AXbYncYpFSgpZY5mqisjxwqbtGd1JI/t+2A7Qquvg4KrqmNomTukZaiUlTcEm9+lwbHGmXh
L4jeLMgzlM3yCrzOuUNI09DPl8ZmKzKdKseqtpJiYWtqQdHUjGezTiep7IO1uqXhyteuyLijLjGi
o9hFUIgmhFjujiRLKDv4yMZrWJlxVmNLmHGWYcDyM1dlvE5TNOH8ydmVV75RpGk8hYvFIt9mjv0w
t2eUPE9JPxF2Y5tPHHVZhRNKIa+7GMu0LaC1gPE0ZFupJxWNw+424w4kzCi4i4cSiKSmpgy8UTLp
7xe67sOTYm2uJSP0w64S4srOL8zyTh/5+cy12TywAqfFAGqWF9J21Fb3P/UDyxz9uskk27N+1bLO
wTgxYuCc7q8xreIqQCOu1sLJrsYgN9OxfUBuCR5g4qeW9smaQJHxOaThzMK2UyMariBWdKZnN2CI
z6i2o3JWO1gADYYt64jOM+e8q0nKu1XtQruG1lTgbIWzKscOuZ0FHVNC69JAEdSpt/8AuiAORxHc
eV/aLwvw/VcaxHj3J1YXq854Qz9aunR25GWjlYlYzsNQYeRtjpjy52MAfjTintPniquPeNMszyKm
do4zm1FTrWBb3DclMse5JjEmrywhxnkXG/Egp8lyukSkrqY6oIKKtqFo80jFrCBZXISVeZjOlj0G
26zZrg24X7TeHWyZeybtMyR6KngqNTMAYWEwJDNKLExTDl3yjewEqOAGWqcQ5c3C+aQZnluZy1NP
VEzU1c66ZdzsHX8rbWNiVNgyscV5mlpKZoKPinIou0nhtjT59l00ceZ01P8AhhTsI6tedg7eFz0k
sT9eNc+G7t+yzh7tUpKnN5xRPNeOWIFUpquoFjF3pFu5bULd4nhBKtZbWxX7HT6t9g3b3Scb8KxV
ldVGppZA0lPmsGzqqmzx1Crfu5UuQ1gUcLrW29try6hGc5NCv8c+YFSVeOpCkNcElW1fmuPvzviU
TGWUiz0rSIRePwuyrZle3Pbqf3++JShkhrIJqSdo+8Cq6lhpLkjpt5fvjNdISq/lKWBYDLK6obao
x97W6Hr/ALOEKbMDIklPmDuA/wBKEWDe1uR2PvjNbhhmXzWX0cbU9RFLGhLK3NkjP5tvqA9NxhDv
IZhK1XExJB72BWuj+To3LkfvjDrJvkhRTpUQSUNXRaGvcSRnTqYcmU/lb05XwfJlasmkNVE0wjPi
lG0iHmrEeR/TBGqeGnEsLTZPWNIdWojqp5MCD5jBijhjVdzKl1UM5JIYed+h998aZ9cnlMJEUisq
HXTZo5YhYqejW6g4ciuRZS1SbSHlUQjZCfMDphFmyFRBBmdDLSRz6nVrmFRYk/5bdL22tgMpNbFT
iSOsZxfVocWZW/kT6jngXrk9iiqVZKiWBwVsSqr4gDzuP3wpWypFUIgUpoOtu63uvR1HX1GNMe9G
la0FbOlZl7HURzvZZB1Hv6YfR0lO0Eda0miNLCRCLgjqPMW/UeuIdHQeBYGigs0kZutt7A+fn98K
0/esrPGwJXkNNiu/IjGma6Slilkv8zpdOaBdx6rfn6jDOZaSUPPTV7oU8IaNfD7len+9sTCKmzdI
nEU8OpXuXkVD3cm/MjocQGf0eVorNGxdGH+HMxuvsT/4xuM1jHaVw7nGXXzTImqWXu2aRqaXuX62
VozcMfXa/wC2PLHbQRxXQNmGRcZ9/U0Fw6QkJUxMDssyW6E7MbEcgy3366nbHTyjxP8AFRnNLxHV
5Bxzw5BOH/DqhCSkWYBeUjA7pOvRxuCN7jFI4n7WpKcTVU1RUVlHmY10dbNKNYKHdJ4hdXYbAtsT
ZWBxi3XB1FTr+1LNM1oTFHUa6lTdKnWRNp2IRm5SKCLi41DzIxN9knb1mnCXFtPn+YVU4fWrPUo1
nupuCT1B5G3Tfpjna2+qXwS/EVS9pnC4mimSCW6/MqwuY3IuC1t9DAXDjY288et+F8xd4u6R7sVu
WG6v5288YqibiqtUJhaFVZjdHb6WA6e+Gc2VQU9e1XEQJGa4B8RFxYgjqDgLDvi1oKOgyd6yjBOr
ZxrFtXQAWx4v47Cos9HQysKqGE/iInItfr542Z08YyU0lJxRRSZpJ86KrXKistmJvcqdud77YU4M
yqvStp6j+FyiGsrEgl7mxklWUyrt5eG/6Xx0vbPI+Y8F5u3D+YcRZdTqJMwzKWkjij8bqkxWMC58
lBN8TeR0KZfRcM5TlUQrKnKK+nkmDDSVXTc3Ps6i/mRzxSM1zcD1Bz2rpsy4cZI4sqLyBbBkUzNI
rqNxfSRbe+xxZO0HspiqgONshjjnmghpirqulZRI7o5v/wD7FONTm6S68C8PZfFWVNDBBorqMJUR
mRSS6o5jkX02s3/yONVbsNzOOgq3okR5J4hXQI9m1FQdQty30utvJ8XtmcJSk7OM6os9y/M6fLBH
G9MgjnfYVCsmxO3M3sb9Qca52V9iuQ1eRQ5zHRRksO+PeCwY20spNrEm2+K9n0gOO+zk0tZWPl9M
Y0VC0YU6pI1bxWNvJr298eQPis4Lqsm4YbMNWmSnmasjh17PFJ+HMo81+hreuOmPYryk71ua5tDl
1MwM8Q0QFb3Yrutv0x2bzTVGY1nD9PMs38QqI5llAIuSp6f/AD/bHC97dJwkuDC83HtJ/GFCipcQ
yawRsQF+3MH7Y0vs04TYZ+1DFRO4UPBUQhrmVRfUAOpK3Yeq4zOy07grIjmEAgSmSeXI5yJJJQby
wg/WP/g29untjWOE8oyPIxNlNFTvHKrh0qqfUGVbakkHPl1+/njSrSMsr5eKeD5eIzJClbE3y9TS
RqFDnkWXbqQGt6ffGedpGV55mtLLLBTtFUMtljB0Br2v9jsbDzPnjcZeY+0jhWvnNRW5ZSlJKJ9E
kRcnSpJ2At+U3Ps3pjOuMOEc4qx/EkpQqxwRgxgk3G9yL4zl9Na0otXMEovkWp7SLIbycvtg1NSC
dkpYkL95bf8AYDHNN27COz2rFPFRRxMWmf8AEUcmsfLHvj4euy7J6fIYo56GNHIHjI/YjGZzRk0y
lyaiyBli7oXjJsUFtx0xc8jiRqOKoLqoYApp5HHSsxY4GlqaQSVUynSLEDBKSpeN+7iJCkfVfbnv
gqj89QVSLki+OAGo3xzdQj6b2ODEBgLC2BAcG2kb+t8E5G/PbocMV4G0rzG/vjrXO/P0xJ3TUD9r
4Aix3PLpiTjzvb7eWAa5W9sScq/5ri+9hgAihrgc+t8QBysSLffHWLAtbEgBSDuP1xxBCW1ffEQK
tha9/vg1wP74kMTvy98CviOJaB4eeke+OIH1ctuYxIAVW8V+eB2Yk2ItiQdt+ftgUO/iwIIHK2Ob
SuygEe+L2nAXu1uXTzwYKea2sNsWzpzLZrXvt+mCNYAA4QFUtsu9zhxSU/eyItyAT03xJ6O7Auya
PtBgoeHuHnzBZTY1lLKjKNI8SyITy3Fjj6n/AA/dntJwdw7S5bOlpwO9Lt18PX/fXHXGajOXbVsp
ekWmhWn06eS287bk/fEXmNdJPIHC/hltn6nBRDaWappo5qmn0p3m2pzuen3OFsty5mpgh31HUque
YBsbjDFUwMtp3hqwkbQqHClYjYFQALfrc4z7tY4hXL+zSvy2okcwUsbsXHiLIu7C1uqE/phD5+9v
i5DxXmwbI8xehzeCXv41093T55Gq2YaxujmPYm9gw32AZcg41noazK6jvaqojr6zTmlFWxxfh1qh
u7m1afplAF3W20kLEfVjPbU60ecI5LJ2ncB8Ly0E06V1FnM2XUXy5AH4qNLpFxcESprUcrSHFm46
45zDMOKOHOP6zKEiXPKSL5mOJgr96kjJKgBGxWU6vYjF01JyZ8SUM2fvmGYR5k0OaZZUS0LyAbuB
MHUFeYY6JLfcb4k8h4qk7P1qplyuPMHQd7HUvSOCUNwpMyKdtreIAjb6uWMTvbpl/qy3IMm7PeOu
Jko8hzgUT1bPH/Ci8tTMjncOpvoCC3MkfytZx2D0FXmcvCuXVxLuqItTRuJfm9+8bpZVRBu/I602
AOM5T2sc9cIPgCi4xyyefKcu4/8A4bS0dQVoqmugLQBkcgq0qqWjOx3+kHnbGw8R9omXJQ0Vb2r5
AcwWSNI0zqFxUUcZBIulTCCUbre2oeRscaw4GUl6ZLn/AAdwHGJHzrgjNK3KZWdo8+yavgqO5LNc
7oCjb9JFia+M84r4LpcuQV/Cebrm1O4ErK8ElNPItyAWjOqMhdiWQt9sbt2xq0+434Am487OKXtH
TS+bZdogep1ITWoBdY5gN+/UDws1xMg031pZpLsx7D+I+1bLaGs4ezejkbL5O9qshr6cwiijmv8A
QTzp3eykjZDKj2G+Na3yx0pGdcDZ92Xdpz8OUuXzRrU3gSHMB3fexSHQY5Qdrq10a+wZL+Rw4rOB
J6bPloG4fU5hSStQZhlLHS4kDFRYja78gf8AMtvzDFZ6Uewf/TX7c+JuzvOanh1njNGHFK+U5tG4
eXXIEdC2w1KdxyYgkEXG31G4Gc5vwzQJw94Yyvhj13VbfSUv9N9x6HAbwuuUmshnfNK3XSp4VkZh
fTIOpHkSAfucPKuNZagxmDuzcOqJusp53H9R/wCcZpxIZmkKHvu97lZLMNG5BB5jztz87G2Eaqpq
hTj50d7AZO9jrIRpK26e/l54y6QyzWGllpjX0sYLyHvYZVJVJh//AGk8j64RgoKOkgjnp4S6O2sQ
E+E9SAehHK3pjPtuXUA8aNWhShjNvCW/Mp/KfMf6eWHWuKM95sJFJWO5sT6avL0PXAduNTTSmR4o
CrgBgYzpkB6qw/pv6YPl+YZrTylKqdiGGpJTYxzKenlq9PTF013CkRifTKYADujFDspPUj1wu1BI
rD5iBJdI0CxOh18iRurY0zslElNSzLOyNK1/rAtLz5E/5gR15+nPCtBQy1ZNblVYrRyE3V10tG3U
MPU4JF+z2lOYUs+uooWDaSupWOiS3vyPocLNUsUuIUZU/wASM7X63t0Ixtz9m9fl8FQRLRQg94t2
CHZx/Xf74dQxUtOhrJInQyKEctdwjcrP/wD9c7HAqPFw+lTTtJRgwaebRtaxv057fthaKJJCaVqk
RvGRpkvax6e1/wBMMZt2JUw1AqRK8hW1wWY7HDKorZpEkNLCJXHhuCA4/vhYR9S0SxGaNVINtarv
p+3TELnEdNmcS0byiSNgSFDWZPsd8IrPeNuEsxVhTU8+tVUgq4Lo62vZhz+4O3PHhj4zOHabJfnO
Mkq6vJK6hNosygVndAw+l9iJYWO1zt52x3w54jne3hrtYzKp46ZI6/IVpM4gsWkkLaa4cgUYi3/x
O/MAtsMZmkogr2o8wmkETG2sDUyHoSvpjjlxWzWR+7cyX0nVcEdfbDpK6GqkTR4Hfnq2Grz9L4y0
9X/BZ2+8T9ljQVWVjMTRRukUdQ7rKkDEgd03XSbeENa9zbcA4+qvYF29cPdpfCtLxBG8UE2oR1NP
GxIhblqAIBAv+mCzQjaaSppqwxkzhS//ANre3kcGrKOrpoe8ikUhfqEht16HmMELzz8WGZJNloig
jWJISXZpOZ+/X7Y8ZcayytQ1dfFTuFV+9lJvq0gi1j+2NVqPIvavk1Xw7XU2b5RGmjVJLFLbVpGt
roW5bdOtjiydn+Q1FRknDWZUpBeprxJ8srHXKFEjXP2c8t9sdPfLF4ajwxwXLw/wzU5XWRRvP3kV
SkjR7FjAQtgfLSu/mThvlPZ9kPC9NxDNPE0clPQ1deoS4PgeNUuLn/ILb+eNRmrXwTwt892sfI1q
xzUldklMxr9VhqMZGgD3HL/qxaa/gWi4Wnm4eno5JEqx3BJI7tRYNCbc79P/AI4vfAnRHhXs3rH4
w/4mpqiUvO4hndFFwjqt1sPJhubY9J5BkCVWVZVTrQhGyxwrSHctGTup9dgcE4pvKeyTs4C0a0GY
WlehlZYwCf8ACBup9rHFx4e4epcsoUyJ4k8Ts0cS7XUjVf354b2FX4r4YbIKyKpuktOwIldhc7nb
3Hl98eO/ifyGhl+cyTPaeMpHNI0Kkals9ibD8o3B9j6Y3j9i14I4oy5+EONY56aKVVpKpWAbZgFc
EfsLfbERWKlHxyzUA7yOOstGGbYjXsL+VrY45cV0XfOuHZavPaaXJ/DIqIuroJVtzJ57kDGu5BR5
weITxDTM0aspqioiCmF1ILrbyVjy8mwe9nqNs4UyrKM4pafinKaURzTqqyJCCQqk238xqYDfocat
wrwjTV2VU1RFRSQ1GWXiVht3kYNwPdb29tsXVS25fwLFWU/zFJSxtFVRsJ4ojYSaRut/81rEee48
sIVHZwc7y3+HLIl4yGglmXUEPKxHrex/XG98bYnbD+POxHJZa/MqsUa0vzCMlRG97xOpJPvv19Rj
HO0jhqiybPMqgikdIaSmaSR4T45CoNrf788FbeWOIY0rc6cUqsTK5O+55m37Yf8ADuTvPmkGUjeS
Rh6csYq7ew/ho4f7zM6YSQgolgH02uLdce5uBcrjosshqIIV0uoBRdg49PXGMRleUrxNlOX5jRip
hvGyLqYfmH/jB+E6ojKmpZn1Mh0qyHkehxtlZGqiIo6tiArmzhfynz++HdCaabwSuVJ3Q32Y+WLh
Pz3Meh5YFguwv++OTsL103tg422LXt1xaACt7sNrYKGLWUc/2wmjblrnr547TZrE2v5YE4gkY7S3
JjYnzOKLThy1WvgLCw2/fEnWtzblgAvh032O+FAZQ1gCPbAEXQEWtgACA1hqt746wU2OFOP07m/v
gCnMBrDEgj6ue3pjlJYCxuTyGJDBRewOAC9bnbpiWnDbkR7Y42BsOZ/fEgqfM7dccCWO+Ijqb74E
WI8QxIAa1za3Xbrgyjr/ACN8SG0hbAk+2CMrDfVb3OCCuCtqtpuTiTyLLpqysjgWCWS7brApZj7D
Ctb6fTT/ANP7sDOU8M0/F+ZS1dQKiACnFUuiZkP/ALbC17A3x7fybhk0PDgmCuktUANN/psN8dpO
NMXtM/K0WXZOkjmwICgA8/O+IJHQtrMRManYknkP9SMZVpnWSPmOdRCphtFHusfI3vYe3+mLFlLR
TcSQ/NL+HGCSsY3A6/yw9BIcSzZbldDIjRufmCCw1kNGzD+W+POHxTdqmWdneXQV9XOYKNpZdclK
L3QBQWb/AKQC1/8ApJwqc14xyPPsgzaszfh6r4kony6GsD0lRNTtUZdCdR0SRm94yRdQw03BKk30
4zLtK4Yquz3vMuzbg1lyouKwJRVbVFPC77mWnl+uMOoAZHuDYbggYy1+j/gvh+qgyupXgbPXrKLM
DDmWWzsmmekroNTorhSCWKd4gIsGIHXbFhyTinIuKaM5XPHGkeed5mAkI8dDPIR3y25hO8EUi2/K
xHMYK3Efn2bQfPVdFxR3MC5mY2aqXUYzUKoMl2/K+tmJ5GwBtvjOe0XjzPsu4aNNmFHmuUZwsiiK
aFiIJVCgMY5QQ4YaQbgkEM1+lsb1XTKbnLH6vjjO8qzM51S5lN8+12WoLXYEixJPnzxonYx8VHaT
2e5nHmOcRJVUpieJ3ljJle6nSNV9gGtyF7Xw5WS8sY4XLevT0VwX2x9mVblHCHCcuUpJX5/Qwq+X
0yqsEZqZJBIXJ3LoCxJ/zunPcYa1mQZdw1WcS0yV0uXUtJEJo2g/CtEkjQSd4i7OGeOxUgmylwfN
k5EulZzDs8y6iyuPjfhKmlpneJZKunoHZGhABuydXQkElT4hbqOUXw1T8G5xOMh44imoXqAv8P4u
yZNPdysDZp6bZJV30kqFkBNzqwzsu4p4LzXh/O2osoqMqp+IWi7hUSP/APVvEoIsVkiYWSVhseSv
sQVkXe3/AAq8TnLe0umjyzg80eZ5BSSLHkuaMz1FMjkCWm7w/wD7TSNqPhYF0Deagtvblrb0Z8WP
wMcAdvnD+X9qPBeXxSZ1lsYObZQZ2SaWBxpDhhswFwyyDYlCG6487cffCxnvZz26cOcR5hmhzvIO
O4Wyqmmqj3bpXJCqfK1dwpRrhNMnO+hxcrvu6ym2Zw9P/Cv2JfIce5vHnuQSNWZ5lzTVNJWgF66o
R2/HCMLCVtHi08pENtmU49q9nmRVVHQU9AlVqpAA6xTBt0GxZGtzHVW8vUYxe2mkQCkYyUVfURtK
khikJXSZwVuNQ5X/ANcHihjp6OHLC2pkfXCZDcWudgfYW38hjNahjmGXd4r5hDVCSn1hjAVv3ZB8
Zt6bE4ay1U0VFJPUjuKZzoJAuBc8j/fGW4jKalgpctqEoamSAO5kj7wXWNr7ix5C/P3weSlkWAyw
TqmptfcObBCfI/5Sb2PmbYxp12CuppqymSeWh1ygWYH6tujLyIIHMYa0NC66hBRGSnbcRyOSRvyB
xaPB/TfLJIYXy6du7ViiMLSAHyYc7YQpvlp6YtFUkPcl6eTe9+oHQ/288VUK0akhmhnLxSkBO+Ow
8xfEjQZbUZksq05VzJH4lubbedsUGXBy8SrTrHLGe8hO5Vdz6X64EUn4hrw3coygMxBAcHkf9f1x
pnfB8tK/crLHVvrBIQltmBGxw1rMum0pVMr0tTGLiUeJWHIqR0B6YmTihrFnpFnjjQRgFAsYsdfU
eh/nhZGbxxQyqrqL61Om+30kdR74WaRjqTMElqBJA0jaHMTX3/7bWt6c8OKvLvmQskniCjZo7ge/
phFIGnkWIOKhy/J1YXW+GE+YtTVCtEVQEAFQ10Pnfr98QqNzTMJie7eltfZWXcj+tsRCTvIxMtNE
x56r21f64majc9qaLuBGs0izLfTG2xU+YP8AQ481fEZ2L8QcUwVdXlU5uxMho2GuFyeZ0nYEjmdr
+uOmF9M2Pmr8T/w7ZlwZTySZcK+FI2ef5UwmSmUXuVjk5rbqLWPvjznVCqEpmkkLyMd3cnVf1v1x
ZzkzoiWtqU31XAKXvqGDx/V3kdrjbSef2xzaaL2Z8by8CzU+dZI0sqSMFq6RtlqBtdHUXDJ5X3x9
SPgY497PeK8np6nhqVqWSfxvl2Zm8iPsGVJBs6+hNx6YKuI9f5HmMSUwo2AA2BGuxt0uDzxIVvG9
RQUxy+eV9FtgV1D/AExSDbzT8W3HGUVUqZZJWsIwNRdVK3POxPM486ZzwwnENeaUVzEZghjYAnQq
25f6+eG8VrFi3xT8KZbwhwVryrJZBHVHXqAFo2/MCPW+IvsTyfNJMs4YqRHGrUpqJNTNqsogNxbz
8Vve2N/QyanT0tVWZzDJSUiIxaGWSmIJWRI42WwO+wN7nELxbLNFk+fQ1VOIZqyBqKlIfUJI2Dsf
K27LvvyxrHtmtY7IeC8u/wCHKbOAxmaqy+nMNTbfUmkkeV97Y0XNuC//ANIdRBL8s5kjkgefSukA
WBUk9SNRGCJL5B2cJk0gfKIQuuQvULe4a4sbHpuD+mNH4O4Tmjo4YqF2Z6l3DltywFyCfYfyxe1Z
wmc5paijzSirjLdKkFHDGwRwOQ8rkG3riwQ00ebwrWU0Q1wLdJVbkbdf5ffCzUJxbQjMcmY0ZEc0
YLrHJ0t05edx98eRviC4Jy7Mc3aSetXVV6JgspYbhj08rMQfQjHTDpmx4c+IrsYqOHa2qr0zpKmW
Je/UxKLSqW3N+u1jv1DjpjMsh4MzDOMpObU8feaa5IO7BKszMbAA/wBsc/Jjy6S8PU/Yh2IUnaB2
W0z1NEBUGWWISON1ZohZgf8AvQH74vPAPBcYp6OvzeDXVz04kqI5xYMyXjlHuyMGv10jGfRaFwdw
DSZFlBoiJKaLvmgdxyVGG23luD9sa1wB2e10NA0MiMhlCgtqP4T2PiHmNQv9xgpafwnwjlgoZKjM
UVYmOmRQL91Jf6l9L2IPkcVfjXh+o4bkac1hWJyWEatYG5AYbdL2P39MPpnusi7WJia6WaWnMRZC
WW1g1ha5v5j+WPOXG9AanipcqkzURzRKX0OoIRGH0/yxNdPK/G+WxcO8X1jzhQySPsvI+w98L9kl
BNxBxVFUsJHEFut+W4F/tjGRe/vhd4OggooKl6azW1DUPvj1JwvRxLQBIgVSRblSfoPpgxc6kqyI
/wAPllZmZgLNYbNbqcRnAK0lXmkuVM5SWSxUMbfb+WNJOVUMmXPHDURHQXswG+3LDukEMdSaJqkM
VNxfr5H9MVT8/RsRa+B2GykHHJ2Ax/zL+mAAXYX97YV2NqQC4It5HBOZA5euCKjGw5fvfAA+LUD9
jhQxO3Pb0wW1m2P2wRV29vD+l8cSOuJBt4gFO+O5qQcQ07SG3tY+eAK22DfcYjoUgm92P2x2lSPM
2xJxI0kc78jgFHivhDrEeG4scCo2AHPAdBI0nbl54Eg9G254ULa2x98dax1EjbEAHSd22t5Y5TpN
74kMN7FdsG582/TAXBb3Ib+eDqbrz3PTyxAa1jZtwMAyjYYoR4FGsakLAflB3ON0+C/syzDtD7Vs
sjpMmCU0U666lRfTbfcnDJurp9hexrgWgynJIomIUwAKoYWJNzuffGhVsc9DNHeo71CdOkbkG2O1
c4hc9q6isniyyCawU2Ba/wCGAdycNM5nemSmy2FtTOdasR153J/fGVTymyippBBUyU6vU1H4kiqb
6f8ALf13vicyynlpDUS00qs8Y098pvub3AHkPPEqjuKXvJJUs4ZdGrTI3+J4wPvyx5D+NXNc0y+s
p+7hhrMslp3WtonZdcSP4bqD5WbcXI2HI4aJHhjhzNOI+COO58qyHIK+npJSz09ZmFC0sXctfaVP
pdCLXIsRvz5Yd8V8Qca8C8SUtanCjU9HNGwkyqomNRRVKk+NIZfq0MbEKTdG36YzpudpGkm4SSKb
P+DBU5bks1RF88k0N5uHqs2MdQlucRICsBsCv/YcQnE9DI+dVWa5Ll0eWVkcjRVVCJ2BLC7OY7fk
azMB5IB5Xzk6YTnk14lz+pqqSaobRKa6GKaWnt4K0EkXJ5B0YEA7HTsTjK+NOM66an/hTMsoKkGO
dNRAJPInkRyFuQAxnHmunlx1FPpaZc9z9EoqdkQ2AXUWtYbnFo47mhyTK6bKYptchUSP6k8h/vzx
y8l+Xlxxd/Bj8Pxs/J98KxkvEefZRnNNxFRZpLFVUcqyRSKxvGVbULffHprs8+IaLj7J9XEOeQZd
X57n9PJmE7EBIsvpqKVnVgdijuG8Pmw649lx0+dKsMvaDTZX2W5VXZ0Eib5SGrhKKXljjqp3MKSn
8xdYZHckXUttsDhxm2S5dkGXy1tBTwwU1SjPMstpqdksrASR8nQ6tO2lgdw2Oc4df0a8Y8QZBmmQ
0WVcacKnRKgCVFNVFinIELO/4iadtPehr20lmFiKdnHDGZZBxfl2dw5/mec5RSlG/jGWgLmFKTsu
uIkjvkKg25OFIubg4bYNV7X+Cz4rIu0StTs87QBRrxDQkx0OZ0uuOmz4AEXAYXhkYbPGxsxI2uMe
me0Lsv4R7XeApuFuJsmh7uojEwiVR3tO4ACyjb/FXwsrje6kHGsbpjKWLf2bdm1OciyyLjuNpM6o
I17vN6YgGM6ABILjYnSuw2NhtucaHw/TGbIny7PK9VqEnaWGqjB0Kxtt56Hsdt7arXxBNqwMkkFY
kiNIoJHTYbMD6f2w7pqV5p0mlmDAhSw3ALixJB9b3H6YKYJLQjL6h64VCatd31fm0/S1uV7bfbEf
JQUtdljU0QljldZA8JPPkQAfK248sZbRlEsiq1Nmk+rxBJFuLXHJrf8AUOYwaTLXqYWjo1TQjMoD
30gedulx/fGXS3kOWUk88ugzKGRRqVgTbf8A2b4AzCjqZIaulCpIv4oBNv8AuHp6/wAsR9nz0tLB
KkulmGoWmDeGx8+n+uDx5RBPVvMJQWhXxKVsWX/KOtx64Vs4iyShMcqUMS921m+WB8J9Rf8AX+2B
gyeogzNq2GqWLufCSxNk9duam49cWhlRpHFVVmpqKNo5Btrja+u3n5jCyTRGjWOVWeNCCyb6kb1H
ly5Ye2PbqxaRswidqkQRldPeR+NTfzX08/fHRvnGXzfw7MWimQCyVEb6gydLHn/vpgPFEqqSEF5Y
0JSUD8RCRv7eeEESKlCztNK1gbMB4uXMf5h0Ixa5B3SS0cyiYSaoxbVAtrj2B5j06YkZrLTxz0x3
O25tf7+fv++NMVH181FIiVTnuGB3j3s3+vpiLzMZfNUfNCkYRMLF99jiSOm75ktHMGCHUpUXOGs/
cyU4cEFybkkXUbdRzGIIWtSsnjELSqxt9Qsft5/bFS4o4NE9PNJQ1kiNazRhrAbeXO2Gds14z+Kn
sBp5WqsxzSlzKKOo8Mj0TosB8zIjEBrjzHPyx84e2DgTJOGeJaulyTO3raWNyiNOGikVvUEW/QkY
6ZTcEUWSnlpWsB4rXIuCPbC1LtOHaMmJDdkvYkdbY5NrPwVm8GVZl8vUZXTywTjQomYxshJ2dZRb
SRf/ALTaxx7Z+EHiHjrheeKLK8qp6hoWTvZoDo7wHkzIbhGN7Ars3ME3tioe/uzXtNz56ZF4tySW
mRQDHM6lwV8n22PryI8sWLjLiLKfkXqULwMBYGM+IE+/TDiHlPt9pYM34niq6Xihp6RDraRt1jPl
Yi9/TliH4PpznGcLTUaxWggd0WZt33A5/f8AXBn23h0pXxc8DT5pwb/D0pWp4pYx4xvbzGMT7NEf
huOgys1Tu0dRMndlra7Q7m/la2NTpVo9J2oZRkWUwzVMqLJVKtDA9/8ANsxXzsp58ueLNwdlMXH0
z0E3y7jTC2mTcqzxytz8wGXl0tjWPTnWnfD9mVA0b8DyxDRl0IhiZvDdQ2kn0O18bJlOW5WuYsMv
mZaaVlgLqbg2Fth58sHV0pytuQ5BT0lWK3ug6aiiryAW/X1uTiyUeWw0tb/yiBTAok1DoQRffETu
syqirYDGqq6RkSKB0J32OHOU5NHFS3WLuyyFx0wiokZfDBnGrMZVHeho1a2xP+98eVvivy2nr5kq
Mipo2q4A706RE3dhfUo9TvYedsdMO2b08i9pVFmnESTZQqJU01dB85RxyL3ZLA/iQ7f5m6H6SfXF
Y7Heyx2pp4PlC9NJNFmENL3rakNwLEDkRoIPsMWfSj1r2PcAydnPCv8ACymtO+ciMDUQVl1WPlZW
/bFwpOzrKUy+hQ0JVVlkjaS12ddxv6EHHJuLpQdnlJrqKBIotUaxg6ze7LsDb/qFsaBwPkTZdlT0
1OnfrCgZZittQ2On7Wt+mJJ3Jf4IKeprYZdEcykPHILaPt/vljOu1DOInymaiNQszISRJ5jyF+h5
YjHn7tRz9KsCGWonMag9zK9zZQD4Df12xkmb0mXB58yzFYkmihMr963K223ryxml4z4/zV804knq
AdTSMzMxvYXO1saN8H/B8me5zVTAk92QAvO9zvb1sMGafSjsT4El4eyGMvCrXUalI3G1wRjVMkaO
ip1rEXXFKLOnkfbFOmB80hWOYSR1fdiQXjfofQ4gaSlqcvz9c0SRAbgkA9L4al84gWOtofnUJBuP
EfM88M8rpZplaoawaLYnnYHCn5/9OnbzwZOWlbY49uwLAkhTb3wUqdl/lhQfy2PPlgoAUWv674F7
DquLCxJ5XxwUa7i3sMXS7GvdT4thgAOW/viioL2FjyGO26p/rhAU03sRe3TAgc9/tg2enFd/Eb26
eeAAJNgeuKIUICLqScCADspIscVU47CQLeXtgNFz6eWJVx32Yny9sFF1H1fcYonAi/XB1vz1Xv54
QDbc3wJTa1xv54CDSOZwQAcugwwUdQCfX0OOU6dibYF0FLAW1c/thRRbcDfpiJS6kc9/PAEW5D98
CqQyPKTmNYlLBKNbdLG+Pql/6cPwvw8AcBZbnWdLGayZBVM+jlr30k8+VsbwnOxlvT2Hl9BUUKmk
pjrZ22KjfDrNitPTaw3d6QdxzPrjdZVeeraGfuk16SC0sq729PfDrL6F5OI6eLMZmkIIul97aRt+
wH64gtsGXVX8KWcsO9qJQFRTufUjyAwotTBltLEaeF216lLeeo2P8sMSJ41GXvRzUbVCIsMZYy36
Fufl0x4O+ObijK82yuXKM+oXn+XY2mjlZHpyTpWVHUbKbaTcMoPhYcjivSnbyjw3nnHVO9VT8GzV
XFGQykLPlVevzUCkW1GWJbsjL0dQPffExT8U5fR0VdlmfcJ/I5fXEuuS09mpla4CtC5GpCBv4tQ9
MY6jftXst/4b4VzKSo4Rzg5ktdFJA1FVxsXhUn6JCPAwOxuARtyFsEz3h7Nc9zePiSuyWKmplIWU
w6nsCBpBUnw/Tbaw8sZy6dcJzum2fQJSZc6Pk2XSTOCFeN3YqSSR4SRpYHnv/PGU9ozVjV3zGayT
PMLqO+O9unL9fPGcLy6eXGyIbgunVc8NlI0gm2+E+LKs5jnsvPTHsBgxm/P/AODnlr8WY/sziiUR
4MqusTQo3gddJt5HY/tj32bj50uq1/hbtiXinhWq4L4oaGPvQlqkL+ZKd6eJNuQCzyHnsTfGgcRc
W5TwbUPxvksUNZktbTJUvSvctEDDFTwRC/JiIZZGsORx57xw7SbSuTJJwBmkVFmDjNMqdmD0MiiR
oydLMhI/yk6bb2a+m+4xKUXAUXFtac+7PZZ6OXUYlpRcU00d/DCw5h9V7A9QAN9jjeuHbvhpfw01
PBtdxjNwr2hGDLc3WMvOZrmnzROaTRSHYMNO4NtQXUCGBGPY/Zxxjl+VcWU9Vn3Esr08Y+VqpJDe
WJjskgDb33AYEncAjZ8bnTjn23TgDNcozDJ5Pls0arlEheUWFtr3df8ApvzX1v6YteTLCaR6IZo0
RD6VV9tQI+i335+2GxknUcTvQVlLSJTvpkKosqvsL/2sP6YmRPLNlbyVcQEMRFmvYoBvb3G2Clzf
85EklWXlHiVnC7Dzv57Wv7XxHLC9PVXpKgmCEhfCx8J6WPkQTbzG2M2Nw2goqj5j5eGPvIJCbxO2
5N+YvzHp0OHkQpqeuenUlDoLBW3Pkd+tjgbv6IUmXZjJrEckcdXFICjE8l8r8iPL022wNEZpqhcm
zSMQVaMzAX8Jv1jYja/UHFVOTmmrqc1JpKuIRMtwRpI1gjc26YcQ5tSzpHQPRx7G5YEgqPP7Ylo5
WskpWjV4TZASrEfWLcxa+FknkM8dFVTlXZfwy4t3g56S3K/vzA28saZpnTwQQ5n85Brjdj+IoIEb
HzHQG2HedRRVo72jcaodlniNrjy2wKkTDWlfnaOjTWReQt9MljzPkb+WHKsjN89JCUeM2eIqGAuP
PEiLziOvZDMYSw1AkExyL/LBmp6aBlqpqcR3vcKt18t/74ux0bT5dRwgM0ZEI+iULfQbeY3F/vhO
KkWGlaGomUws2+hjYet/O+EUwmWUJJBPO3dE3S9yreoI/lhu9HKoY97qVtiqtcD1v/fAEPW1U1PU
921WVUbAv198JSZtKkpgkkjZYwLd6p8Q9DzH8sIMMxrCJTLFSPCzH8pvf7HlhCqaprYO7kou+Mf5
1XxH7EG+JKfxr2aUfG9A1HX0MJgYkmJ/6qb48mfEj/6euRcWzTT5fk6SylGKrTaIJG8vEEZT91x0
xy+2bHhXtW+Fztc7Ic1kyig4Yq6/LTslPmlCJlFzy1AAXHmCp9sVbJewfjPMc1jzF+y7O6KnjbRI
aZPmYw3mqyblfTUffBlNGNr4F+BDOuOKX5+jraXWxDnLGDQtpPPu2c7E2+h9weROPWXwefD5nHZv
8tDxdlkpo41McGazx+OmOq3cspvpS+xVrodiLHHOl6upMho8hUHLpXiS2s0kg1Kh5WUHe3pvil8e
cVZflob56JjTxnfSGPdg+VtwPTG8Wa84dtkOT0k0KcE19PmNTM3eX7zu+5U89SWt9/PENwbmb5W8
mbzRrG8FlVQrBnP1EeovbBn21ic9qPHGXccZXEJmAjgQyMpJ52x5orI6SozOgFfQVEdNVNUuKmIg
aUUDX6gWBHLFhzFl9RE55XyUvCeY8TRVEUk+XRJHpMvevrntpC7WFkRjtyDeeNd7OO02myTNeC56
CKEJW1ETyNfUWPcyEX8gAEv9hjbPbVMr4mSHiX53LFk+XkzGSnaqi5SWjsy3t53N+WNk7Pc80xw8
MzVIDShmcm/gK2YA36/zwXva9NhyPiWjrcupAHcTTFL362J69Rix5dJ3mcPDAAA0ZuD+blh0Npjh
+LvCFYhnibZAL6h64sS06omtFFmXwi3IYEpvG+VpXU/dKxilhPeRtGdzbmR62OMI7T+zoytJlNUm
gPOaqGpi2YajcgHzDC+NxPOXah2IZnNXwmspXEtPUGS1zoSq208t9Mq3B9dJ6YU7KuxikjzGj4gp
cnenoJaqeCsQXD3strjy3t6G+HLrQ9vRPB3COX5e796GMUyFwXN2jPIjbmSOeJWoyqChpKX5YNp5
6rW1jSOf2v8ApjnGu1iyjhZcxtLIXaVo1id+Ra2y/tbExw9TzZEIMvXSI0dtUZJ23N8B0ieO5qXK
lNbTuvdTEmVRysevoMYx2gcQSGQ905dwLtcjSD+Vh1sbbjz3wqMp45z2k4lyKOjqaPuKqnk0NpPQ
ne/qDjHO3SelyrgKrzB9L1NS3ckFjvqPQDnbFO08b5/ULLmEzwuSC+lb7bY9c/Ar2b5hFBRvJDYS
OJS46X6XxzyV4j6L8K5QlBkcMc6KJAoAYG1xbb+WJDL4PlWamk1KrjVpbp5Y3GCFaqSQRUzwm8Z1
ApviJz2i+Wcyo3MArKOW3ngaWrK6pszyRUknA71bW/ynC9BPFFT3dtMsS6G0H698XoPz83IG/lzO
DcxsOXljlp1BZQNjtfBWU3uwuPTbEXEbH32wUkjrviiv2EWt4h644g6rlr25YgH6jck298dZSQWN
/Q4Ie3EenPyxx3v5eWGKh2uNv0ODKLk36/piqjhtYW39cAN+vPAnNcbKTYfvgo32A57Yl7CNJ5kk
YC97gg773GE0UqQxTngbm3LmfbCBW3a4NvTBha1gSRiA1ltdXt0OBtc6QOY5YCKVIJUG1/XAcv8A
zhDgWG29scqBb3Fz74uIux1S/wBQ++Dg3N/1wGDr58vXB449R3N74qnrD/06fhfTtE4jm4v4lyvv
aGIRxoZVJBZmubetgP1x9ZuA+DqPJMmiymhZEhjC6traQOS46Y8RnLvSwVbU2UaVmcmpZ+f+UdP2
xAcRZgJVeoMhlVmvoF/AgG36nCEXBldRmtZE9DOQLainLWFO5PpfFiyely6NZImm1TgHVJz367+Q
wJNZbUJX61irAghFtY2a9t7HCbzItAXdtEETABvpB2/bbGoyzrtr46y/J+DKnO6inKCWEhok3Kx6
Dex6sB4rf2x85+1XNOOOLuI63KM2yaaoyqlmeejmRIzeNgAy6tajS4Ckgi11B54K1igMq4A7PuFW
NfTRZ5DmEcnfKaiWlZ4WtewdJSTb7HpivcS8cZzxWJJP+GoDRxeFc8nWSgdjzGpkJWQi3I3JsMDW
t81DL2hccDh2eiyni2eqemUX7qnSPQvmDsTfccr88MJ864j4lqEoM3zN3pCLAEarkqDsAbk7bi+M
Z3Tt45LeTqu4fpoOFTltNSxVFTUWZCbuTc+Ipvc32Ht98QtV2V8P0FBFxRmVZG4mVncJqDxW2aM3
Gzqbcscsbzt6vJjufGs14Kgo5eLainqJTGHR9Dgdem2IzjDKpMu4klDqQs6LMpPUH/XD4sv/ALFn
6c/Nh/8AUln3TOGNbbEWOJSbhuppsip87LIYp3KbNuGXfcffH1/Hh85f0+Nnl8dEcsCrPKmqwbb9
dsa7w3mlLmVNlebcUQpPluUrHKaUjwzGMARoR7KB7E4+R+Z5P7V/8vtf0/wzzb39HnAdVx7xJ2gC
nTOUlr88lMFBSVZPcXYl5ZHUD/DUFgBbcn/pxq+dcMdpvYdV0snEHCdXSQJGjz1rg/K1Cy+L6gNu
WxO/hBHLHWT5+OZxwzn9ry3CpbiHM67Psqo+OuGahIqpIyJ6eRh3jkka5I7HxK22pORNza++FeEv
iHpaOnkyWNqiPOqAD5QS3MWYQqPHTupuQyi+lQSbAgdFw41jLCenrn4bPiWyHjLLctTOZDS19cpF
PmJe9PVIq7o5+mSQABgbq5tyvsfRvZlnlRxLltHxLX5pFIVc0tQ0c4PeQ6j3MgHmCQLc7NzIAxvm
uV4aRTUNClbNRxVPfgJ3pjcbEH+R2JHkb+WE/mEQ11VJoemOm6ubd4WH1Eex388QSeWZhDmFGkFJ
W2kfw642vcAEBvI+R/1wSvljqaSKwCyx/hyd0CPp6EeXX0vjLcpKLVBTGqaJ3VWAYldR+4/3f3we
sly6tpZZoKXu545LqVOnSee5tyYdfXA1CkNTOV+VMndO4BRiwO4PO3W374bvJE7sKpVXuhe6eIKD
5ny3NvfEOiCUOYU472mlL6Hvqla4cG9hfr/P3wakejq5YzWrLRylrIspsCfzBT1Hvgb/AIShrZqG
Xuo5NIiGpRYBhtvv0vgY8wppIzUBZkK+EOybbcw3Qj2w/pn9jPBGzEU8iawL9zIbjfmeXL3w4oqI
tppp1Ku+yre1x6YgRgmzKgzIxUo0CFz3guQbHY7HbD2eopZpUkemLFG1WhXSbedr7/riTjW076Xo
wYh5SDwt626HAvR089O06VEke5J7sbJfzHkcLIsUUssApIyCgWxYE6QP6/flhvW0dNFAQCqRttr2
Gr3PL9cSR9RUQU0ndo4Bvp/D3ufO39sQ2eIYpBLBGl/pZU8Oo/0O+IIzMy0lGZVhAXTYhwb398QS
RxxsO/YMjrceInTgqdmdK8FnrJ5ZIrDS5XVt7jlgsNNSogly+Q6riwMhF/bbF0i7Q18x/Ey6Ukcn
cnTbyv5Yj6rIhUzGWtSlhS/JmN/1AxbSCzvsq4B4ilIrcnp6nWdpCzKT98Rw+HHsyp60V1JkESNy
tGz2B9OoO2L5I+yzsj4W4fqnqoUjaInUYuWo+9rA/b3xYKCn4eFRqNBa6d2ysLhl/wApA54No7rF
yep0wiJRGht+GdvuD/PFH447PuDc6p3Z6VybkiWIGwO/PzGN40V5c7fOyFaCSHNuHqZpJUk/Fenf
6/I6Ov8Au+KHXvmPDmR11XPLLNKitLcm7ahuVB89sOc3YcOGGcW9sbcUvFW0lTIhlVoHgXwsA24a
w2O/PFWzHOM6rKWnyTKbPVh56SBwSe8VlWRzt/lRGBHW4wTjg1X8l4xin7P86znM6Eh2rnnhqVj0
pr06Ao8+d+gFhzxeewPiFuKu0fLZqujWopafK6aNzIAEp5GYbqPPSBjW+GdaekOyLMosqyTPMpqK
BT/DKuR4gfF3mpRqPuoHPzONf4fzWkjgnzWHV3eiMmQE6SXAvv5jGrNs70a8P9sUVFnhpDPOsNEY
NBJN3DkdPLc43rhDiqnr5pad6jTPAEd5G25k8vTw4qJVs7N6masqjmKXVXXUMaBS2ZXgmcqh2W38
8Y9lD1GW01pqV/GQNa699PnY+uM64vyCGtlmy4q8U0d3jBW+pbcv2xqVdqbnfZnkec6a2mULUVEX
dyxtsH9j5i9x7Yg+DuDKnh7N6jKaqmUUlcUcyOAQjfSb/oDtht3Fpfcs4by+KlNO0SxyCXSw6KwJ
/Yg4WqeEXlTvKaO0cLjkfp9v1GMNRbeHuHSIYXaFhdSF2v8Ab+uE8wyUw1sk1TEIw4uX3sDffbFO
VtnnHWVSU1QMvrKk6UchJi1gyN0Pp0/TGLcf8NVU8/f0sj94qMmm/MKbED1GLosmgi7zjOSinKMt
UmtZHFyrJ5+pxhHxQcTQUVL/AAutj2775gBSbsl7Aem+KRPLNIP4nxFFS91YPLfSOQ35Y+mfwL8H
68vHyFP3kBQAd4NwOh/bGL2L09W1KrQZeqSMC8FjvyKddsMMwzJaOpWfUe7v4ZGP1Dy+2OjGzaSv
lqYDUQuGWNr+E+If6YNmKy5rw9JXQGzxW1i2zYDs74Rdo8rBmlN7lNPVWtt9jiZneCnQVES3cSAO
D1uMET8/fNiA5wdWBJ3xzdRjpty/TAOLeHY+pwRA21Hb0wQAbkNvi6LrqAxGB0+LUTz2xANlFiSb
44gBQdX3xQuFh+a1hfHWGjne+IDKAfF+xx3hJ0/tfAQ22DX/AFwDHr0xJx3FlYDAXU8vt64jKByd
Ox/fAAgmw52wh1xe7G/pjhvyxIAsWNzc+WB02Gx2vi2r9jhtWwG/O5wfZrrfBVBWXa3lgjD13wxZ
O3PJscm4+mxthRQXvcg/2wdVuLCwwVQdEvsLWxeOw/sfz3tf41oeHsspZe4kkAmmRbhE6nBrZj7H
/Cp2B5R2f8M0eV5VljwoiAiNOQNhufYDG1lKmnlTL40NkN+VgT547XiOe9m+d5jT0aNKiXqCNOgG
5v13xVKqv+dX5jWEp0LfhpvqF+R898COskauKu1gO/JDmPmgB2UHFjy2kmpjLQwQOkkxVbsBexHI
epOJJLLaDL6BJII5+8k3DyE7piH4+zm2TPTqxhjSPQUQ9bCzN5bY1GXi7tc7aeLM04tzPIKjKJ8x
oYk0NDTLIjIj6gzkDluNnHJgPPGI8Tf8E8TSUmS1tHm1ZVxb0zF6GpqI7EtpubHQPUfzxmtQtPXZ
5Q1EWX0uXT5gatO7WjqqOlmdEvfdEX8PcdTceWKr2kSDJ6iip+N4YHqIvHS5ZLWiZ0U7EaUiCRb7
cycG9NxTsz4p76BhQRQU1Yy27qkPeJTKb2u5HiksbAjYX54ZVfDeX0Rhi+cs1NZpngBVwxt4Bbbb
3O7fbGM+Y7+H/GiyFcurpmrq099GAjS6LiEW2sLev7e+IOu4/wAqyGmzDh6tvLVuqAELr8bG+99g
d/LHnlvy1Htzxx+PyrP+G8gzjPOJqzNMhpZJZKCMzPBGpJKcm2Hpv9sWTiHJKbjjJF1qhqqIfhvH
z0nz9Dis+PmxyUky/Ezw/wDLPa3K6jLJjFURlTyHrhM1MuhYdV1G9r4+zjdPgZTkvlccjkyiOwLW
FxzxqmW1Pc8NQUWZRvohQae4A3ub87b88fA/qWW7P5fpP6N47u39Nc+CrgWDiv4islzA1IqWoxJ3
vh8UUappsB0uWI/U4+m9TwTwvxVkFfkvE/DEM0FfDFA8E8Sujqqm1/Tc49n42d/s4vH+d45/fy1X
gz40OxPgP4duPY8s7MOIVpqfN2NU+VO2tqFCQpKDquq5A5jfHmzO6ufKuIjmldOkc8Tqs0aAupYb
BgB+YEXv1vvfr18k+PLy4bynK28I9unEPCkKyz1L0y1DtqBPdpUspuDJbcG9jqXe+kjTvq9N/Dd8
c+Z5bPRRzRVEZn8MlO4BiqUZlDw959Pdybsp5xyj/K2zLw55Y6e6uzftmyLjrL4MyyvPREI1NLJJ
I/40dQhvYqdxcWIvzucTzZ3mVFn5dYZPlhGvfxMv1AHUpA6ggsh8iq41phbsoq8sgq4aimpXi752
8af+3q6W9OvuMSoz+njijqhPHdzYG91a3/jBWoLmVdQ/w+VKfSp0/TC5B6adPqN+ex9MRpzbL5lh
qZJ3jkbwsqA2LAEfT0OMtxxr6d4Q8ndERG4mjOl0P/b5ctx9xhKeJppxTUgubXUr4b33IsNvXBVD
6myyoCkwVrwOBp1WJX2YdRiSRazuFjzaFZAqhmMR1ByNr2O/XpiPBekhp5YAkBYKuxZhcJ6lT09s
KU8UaJoSNJUBOpEJ0Nt/l8vIjCyNMlHNEstDTrTVKeBWdiF9bP5nyP6YPQVJrEipqmGSF4yRokG6
/psQfT9MSODT1ElZ3gmu4/MTYn7+uFZaeneAPM5UcgF8LeoPQ/bFoUQxNrFExGlT/iFb6xy39cBK
KikIaniLKoNnTy8rcsLJh3lSCaqmRklQa0eO63+3XDGszGtrKV5pYolcbN3ItqBPX/UYiiqqiljR
WjdgrbsAQbfbDWVa6qbT36P5aiQW9sQMcxLQowE5ePfUq7Efbl/LFdzHMIlVaaLLzIrcmVrEHEhs
tSpWNYqk1CAHZnXYffzw9doI1uJNfmVjAFve+BHcBqJUZJKrUpP0k9f3w1zKhEVw7xlf87AgHEjK
KWGjj0nQmoWXRGWD+18AakzNdpKgk81SP+mMoT5iF9aLUTIztYd4lgfPDar2kXS95CbgKNgPXbFE
atmEbUi99ArsRqC3N998VnPc1rYnaameRUsCe6F7e+2wxuCsQ7ac6kkrYkjmlR9RCgG2kX3N+X3x
iHaNVx5fw/LT0s/jmJZJO83U3vz879cN7anTxvJnWaLxtJBKNUxkYMx8OleYBA67kffDuq4vzPKq
1c0pYQZqKlr2ijjY3jPdiEOb9fF+2NTsVVnizefs+y7L6WJhT1UbzsHY63WJm1PbkFLM1uvhxffh
izesocunnoxGzU+bUztDMbLIptHYnnzYYu7GbOHqXhbiWSqpeJu9o1aVp5CsykIovErspt72t6Yt
/FfaXmOR8KUFFlFVT/K5lTRvCVOqzjSCeXS/PG5OWb0rNBnTUDzZhnlWxpqulSXckt3qrKBy6XS+
/QDHpjgbiIV1Y2fQSrLQ1EUCd2oGpFcKQD9yTfFVtrXZxxpR09BT0rqveEf4Q9f/ABjQ6rMg7inO
zbEC/LGCPXxfMNHTpLolKk6l5H0++K/nNNFO4qCvjiALDzHI4Cr3EmRWoxUZWqiNid1/9tsR+V5R
S5o0hqU7wobrqH67frit4Sy5fkUTJ3aqWGuzO/mNr4kqPL44hoMQtIDcAc7cjghWDKKeFaQHWdt7
XsARzw1zOkFRQySsFZCTrBPiYEb4YKybjWhllo5aKopZHanYgBm3dPf2xmfa5TtUcNzz5YNDwhZg
4Nj5Gw6kdfTD7LzlDHX1WcmvUqDCH0x6uY53t5Y8sfE3xfWcR8TzQVzRRrSxNEAo/wAQkkf64seL
s3lmPZnl9LmHaNFBFRmojS50qbHpuPbH07+CGmfJVgpiGUyJpK+f+9sc/bOXT0XxYIail+dEYLKp
HdAeWKNmuZ24fZJG1x6rx77p98ddMbRvA/F+SZtTz5a9YsdarW7p2sW8rYlck4ppKOqNFUTHuJmK
Pccv9nGdKLdR0cLUq1cNtUDC/wD1qeWFZu8kmbSos63036jBGnwDvawW+/P1wZVHLVv12xzdg9ds
c9jv1wKgsrX0kn0HTBAd78sScbg3OBsORBGIOIA8APL16Y5gBv6YiE6SSAB/PA2sbADyxdINttts
Dy31bjAtAszAG/2xy+Le+/8ALEoByF2xzEHYjl1xHfIuzAMxtbAKbAhTthgoRbkcda35jz6HngTt
N2ux26YFdl033/phqg62vYYMqi53+wOIwa2lbn+eCEKDt7c8ENEK6Tc4NbUDuMaZg6IFXlz8sKIt
zzI98FM4Wzsi7KuIu13jel4L4dp2kmmOp3A2jUc2PoMfT34N/hFyfs0yenqabL7T6BGZmHiYnc38
9/541hPbOXD2Nwhlq5BQRxRM5fRpszcr8/thfNqlqaQRU6k6jpkdjb39sbZVHN6sNM6RSatiFI+k
jqQf64Jw/l9JXNNUzwWVWtGrHSCR1t/XBV2tWW5LHBUQQ0MoMaEMX03DNzNsPKWplhzB66pcMrKy
2YeK56++JVHVmZVmV5ctW8DqKwBbH0ubn7j+WMB+IPtpj4CyCbNuI5Zo6aN1kqapwSqWOlR5E3e+
/QHCI8WdoXaP2kR5vLm/BHaPRRR1NMHVRRJHLILAa1lYEEcri4I6jEx2V8AcC8WVEef9o1UtTUTj
TDBTy9zHK21yxRSBfzAt6k7YzprqLXxzPVZHwpPlvD1XPQzPOgp6WKIiOm6XO2ona93NzfZRjGu0
7g85PSfxGrmlzHNJpGWQsgJeZjZFJuS2kb6F5km52AxVqcICiyCTJMq01DLU1qMtMtRTAMyuLiRV
33WPdbgbsbDlhllGWtPnkEEZbVAe80q4FreZ5czffHLPmaenw6+W07QdmtZmOdqJsydW1kxvTR6u
9UWuGvzBuRfbfCXaN2O9ncYkzLhJanMK+GJJqioqJPwUF2H1NazC1h52PlfHPHGS8PX5M+NelV+E
2lTLOL80rs+ikpMkzKjkNQ0tWtKK+nSVRLBG5BBnNvCvmpO+wL74gOzau7CO0r5ug4eqqLIK1TJQ
0VbKry/LOBJFrKi3ijdHB63Nrch18uPy8e/cefwZa8mt8XhTc94Hy7jLJ2zHJa1RIPEBfUAT0Ixm
lZk2YZdVyUeZR6HQ2Onr7HHTHz246eby/jfHP9LVwJldGdc1dTa0VCEQci3T9NzizniKnyemeCVC
YxZmjY/UPL0x8L8rfm8vxj9R/T8Z4PD869P/APpm8F10FbmXaS1I8wqrRQolwSAbta3r/LHuHO+1
mh4N4GreIs+lNLTUFO08s1Q30KASbn++PtY//Hjjh+nwvNjPLl5PJv2+T/a12sZ9299rmY9rldVm
P5udooomkt3FOFui291Bv6nClNnclDRT1ebgFirBamQCYMpFmJHMbkc7Y1ny83iiMzjI3p8xyzPq
jM6WOhZlXuK5SokA8Ooj9OR5DbocXjJMmzbsinTPcsyb5qjJEgWGbvFMD845OYdGBOiQAG/qCMax
m45eS6y02Lss+ILjTsz45q+G5NVU1NEBUSykAyqpLQ6gP/csQA219hzIx9AuwPtjyDtL4Hp+Isqh
SRnQyO8rHUG6mx3AIPLlf13xrrhi/bT80z6jpsvgzCl1JNcMJAoIJ52YfYcsNY+LYImlkeJo1lcs
VWMlRfnZSLab72F/PBVi6fiCCWPuWZo3B16wGsPQgjlh5SU+Yo4iqZyGkI0OeV/v9sZrpD2jyWrq
Kn5qs1Rv0eMWZyOhFsTdNw9QKBEO8EpN1dV8N/6H0O2Bb0l6c1FLGnfz3OnTpK6V57+x/bBc1PzM
o1IxW9ydQUg+fkThDoZGrFXvKdZUFhZTok28uhwrSLl8I7unp9JBs5O4G/P0OJHFeYFX5eaBZEcX
Ksn1jnuORwQRRd0ktDLqUt4h9QB9zuDhBw86y6Yo6hhMo8STcnA/0xyxxMe8ek1xnZtHX3GIE4JK
VonSBwyLe/R1/wDjhvWQqKfXS1IAjFmPIkeftiBqcyIi0PvpFvCOZ+2I6fM+8dqiMQSK2zBeY/1x
JG1uczTMY6lwSo2Mg3A98Q1TLTorPUSi17lo32PuMSQlfGs0veQ1zyR25NfbCSUVLC4eCYyatypJ
BH3GBHgpqvM5rGWXQ31KptYjp6/ph7l/D0sRJgrGKX+hm3Hvg7SUmoZ6iNHQhUQWshsD98QmYd7U
zikhjEpOw0AfbfEjeHIpqGoNbLUwggfQu5H3wpHn8NLC0Wi7ddtgMHR7ITZlNJGGSqis24S+9va2
IXOKlTQzSFJ2YKQixuEBJ2B5eoxBEnL0liC6nAjAUMqknl0N98RedQZrSQGehzSlUkWbvCVv7g43
innrt+4oIrKXJc0XL5S0g8VDITId/pYHp7Y8/wDxVZhDknBc9dQ50sTTlI45bbR2YE6ca/7lOI8c
0NbmnEvH1PJldd3k9TKW3J8W19/b+mJntLnk4ZWShWGOSXMmcBS12jjCleY83LEi3NcUB3xIy0/Z
/BmVNAYfnadaOkpk3McMKLrYn/qkkbYdcSXw75FTxcPVGaPr+a+eSMRSMQjDwMpHqGU4Z6Xp6E7L
eLOH817Qq+kqJWSCrqELQAWAJijBc9diDh6c8y2aloMpzKueNaWmCRxI6hfEjFTyuLuqj3xuccMX
oyHzvFNLW5Xk1XVaqunpZYgh2LBVdtz/ANMzjGp/CR2p1/EPZhluQV+ZRCqmpXopQSQweBiDqPmN
KH7nDeg2ngHjNcq7QjwpPKskUb2EomF0R73G/PS4P22xvtbxXKlNT11QhKJZGkU7WBA1YzeKe1li
zyno6nvWmEkLgAW/LgGlStlIWwWYWGoW3xhrSLqaGqnpG7lFAV/GgPM354bU+QVdPmAMKgKxBGnl
v54KYtFFlU1LSGqKeFt7A/Yn+WJOoEU9BEoTVqANxtt1wYmjU2VdxQJHObaja45c+eEMxnjipjTR
pfSTYD9LY3GbyqWd5XS1UU+YRM7vKvgFr3IxiXaPLB/DamekVWIBjdG3JB28uY64jHlftQz2DgzK
M6zmr7uM08FgQTzbpjw32n1NRXZ/JPPNpaXxOt/Lr97nB1CkPhlpQ/HjSTQl0/w1ZL+Fidjf7Y+n
nYFFDlS04pqXQYo0nUsd9xuv7HGYzm2DjnOI2p/mcvkvHMoYKdtJvYjGX5txRl7E0M87K7E3VR+j
AfbHb05sz7QsxzLKqhOIcidLo4WcI1mRT+dbcipF/bBeyDtfPFmfNl2Y5zFLUqzRuV2WRlNrg9fX
1xjKe2o9PcJVFTmGTBqhdLiLSWXk9j/a2HWYQyfKU8qyEFZSrefmMYhfAViSdsCL30g7++ObqMDq
O/6YE7kdcJF8X39Md9H9sS6da43J87cscVsblrAYIgqovgLhTueYxdp2lVXUTzwJXV1vfFtaB0sb
/c4MNwd7Yl+q5QBzPLrjjrA1A/bAqAi7Wvz574DTa4ud8NUcfEbgWNsDpQnn0wH+XMLt4QMd1AP6
4YKBgb+Ec8CANdrbe+JUpa+5wNvFuBbFCEDryvjiLnw8vXARdHJRzwABG18LNg6Ibg6eXS+J/gjg
PiHjzPafIeHqF5p6htKqgv8Af2xKR9LvgY+DSg7J6RczzSk73NKmLupqof8Atqd2t/L7Y9q8I8MU
0OWpTZVGUjQFQ9rkC3PHaTU0xburBNmGTZZTfOSzKggTR4WuW8z74p9XnlVnNQFDHRIxugBJG/XE
i1BkzV9ToqZlREFyVS5Cg7ADE5HlVLSwotNTRjxX1Sm/Tmfbyxm0wvBURwKfl3ctKbGVwQDvbYeW
EpKdWrQvdTKWk1PON9W3K3Tcn9MUFRvFsrwZVXVHyctoowUjkYjUCwFx7DHib47OIaTO8kqOEs1n
qYTmAkrY4KKB6hpUQKjMoBCllLHwkjZieYxUPPmQ/wAbyzhBKyo4PzSpyyAqIqrPqdmWEAWB8emF
bj/qYHqDi2dl1RR8Q1Ip6rhmtgnqX1Uz5ZIk9TWdLiQoVgiH+YBRtYXwOmmpdoOcUfDGU0OWZXm0
VNl0BEcqUi6y0h/MZiLyN5WsOXO2PN/atxLNn3G8LcOUrEUlLppKSIkCiLNpD7f+6SVF/fyxbUmy
WZUeX0DS1WWxR/J6zDACxXUFuNQFr28Ltv6HB+HMp/heXJnFbC7whFdIwngkUk3Zm6biwxzyd/Hl
Cec9qwSKGD575eWJgs1odN9JP5wbtt+Xb74r+f8AF0OZw1FYlOnfM6XkT8KMgc10KQCTc2DDYXxz
xn+W3puvgpVJxpR8N8Z0nd8TS5TQU1TJWR1NBAk81BO2klwjWWQ3jUaSdhe2PT/Z7w/2S/Htwnn/
AGeVPbEa7ivhTJSeGv4whpa3OKOijd/lkXUyqxiUlE1MyuqqNSkkenxzHLKTJ4ssvjLZ6eQ3znN+
yjiV8vrYpXpXYrFUyR6VqE87dDY7i5tiekzDs842RZqmWKGY7/8AbjyeXx5Y7mL3+Hy4ZZSeRHZ3
RHh7/maR1mpzylpyCB9umG3BuQ8QdqPEtNw9kMPeajd33tEvVj6DHn8H49yzlye38n8rHHC44vpn
8NHBuVdlfAVBlNBKe7poQpdDY35k26nHlj/1Avi2HapxYOw7sxzdpMopJgc4qqRiVrnB/wADw/Uq
2ufM+2PpZ6yu4+HjlcZr7YdkcuV5TmfyFbSxrAXTSag953RsGYMo8RUHkeZ6XOJ7OP8AiWjhleCG
iqYYFKkUOhyWsWAOoXIFgdgLXF98Ysu3THKfFH1dPlGZ8H1c2WZpDHUT27+CCsZBKtrt+Ax2e45g
MpHlip5P2tcXcO09Pk/DeZp3FDdIo6hQZBdrkDbkb8iTjq895rXeCON+PuJI8rz3iTs6nNXTBoKe
vySmKyCPloliCsrp4j+Xr5bY9ifDR23dqGWcW0vB82Uz08AXuzR1tCUNtheMKTt0sd/6PbH6eyaL
ImqII62uzBxDdXX8IoV26oSCPt5YstE87JvKXVeZKbSL0JtyxaW9JGiMNUURjKCRt4tQW/S4/liw
5JBEisKpo5AGAtUJdf16YzWtp2MQMQWrVjJNrg7e3/nfCuYqTTg3U3P1R+LUByBOAymdVUUhVA4d
QALEOQR/p74CGGlY6xMJIyBzOk2/kDgh6NpZMuS8FOX1arhE3Nx1F/74eUeZmCFZHCyvyYyXH62w
+wcQZrTOpExVdO66muPa+Ca4JavvnhKNp2kh8QP2/vhFLIQ0S1CzRsV2EkLcgeYKnfCqfLjS2WVq
6uRjlOxOIEpaSSJvmHfTK53Nzc9efl6YZV9TUCFESn7tmsxIa2ryI/tiQJKdu51Sks6AXUNqU/fn
iLmmhjmanWjQMw3eQHn1xJEz1axzmEZczhVsQosR52xH1ERrFZmpVkj6EWLYkYVENKlQyNEyDoVF
rfr/AHwkwikk0gNpC21hl+/PBUUhoamkUyQtDotchrFiPa+JHK6aaqYyQS28riwwVF66d9JDSa//
AN5p1AYizF3bljKZ2a/4YNj+3TEkRnOYRQzF6uVmLeEQwjZfTzwh8/3QHcRC5W58N9/UnB7PoL5h
nmZDuo5H0dO6UAH9sMqrLKohR3jk3uyWJO3ntby64QSqKnMKUaIqaYK4v3mkj0NzyxWuIaXM6p5I
6vMGQOvOS1j08r/bDiNMC7c+FaDKc3TMu9SaZd9kJQX22Fhv98eXPjNeCv4KmpZ707QaChI8CEtb
n0uMb6pnMeWezyB/+K+H8wytLzyzPDp/ysNxY+dji6cL9m03HfGeXU+Y03eU1bmE0WsCx0rHt4ui
6v3xTnat0bcWxPmmWVtUqyJ8vEsdOqsSIVebbpt4VxovZ72ZSxUOZ0gnhjpROrQyhbnWoTkPM874
1pm1auNuF/8AgnPZ+K6CVIllSMySxsdMbszqP30X98V7MVqaHtD4fySqrWdXqTT1c1OGs7pKJI/b
kRjdntia3pc+F82zGu4Zo6bheYGpygLBG9QSqSIC4VW59B+2EPhp4hiyjjbM4KqqSkOY5gmY0yRq
baJQSwS/PxoVPvit4WpOXpTi+GgjgXjDIZkY0SnXFCbNIBpDb9dtD/c42Psc49q+KuCKSpnjmkQD
QRMLs1tt+nLn64MvVMadkWcUVUr0ffAxyx2Dk7La9jfElk+ZQVWWIs8wZopCC192HQ45tLbllOBZ
njU3HM9QcK1eUQwoKmGNLgc/6YyYWoJBVQiE3NiQN/TCUsYhl7uC4Rd7HyPPARcyqp6WJqecl4JL
BWP5L4i5q9YSWEry8w6E3II6jG4KgeIK4teWnmCRzL9I/wA3O/vjFe1eKmp6GvloZhGXXvAWJHi/
1wiPGXxi1JyzgNaKpJ7+ul0FL7iwv/bHivjWsrZMwKTJcwro8HXz3xXjFqdtM+EHh5c2zaKrgRg6
VsZLlbg25gfY4+hEPGGX9nHEGRVdfKI4p1VZ9tIdLgE262vfGcJu1jNZq3tOyiryqqyuNWjMbMA8
pIupYrt6cj6XGMWfjeCH+IJn9RMlXRXWN1N9i1tX7j9cdZrTOmd8ZdunyEGYVDr38lJDqVkNhL0Z
T6+fvjNeB+1CnyrjvLO0zh6FUy6ulDVFHDJcRP8ASxI6auvkRjGXE03H064LrKRuGaWeGcyRVEQk
RwehHnh/USgvHHvdGBJY8h0/tjGN4D4CW8zcXtgRYEDr5eeMOweX3wPS2m9xgQdkHh++AG77bH2x
BwCkEFt+m2OVSFtfryxHW3W8IHLBtNwDf+mJdg2KkHcY4b7g8+mJO07gDf0x1wG67Yh+xjuPB5Y4
lQhtbfywNfsU6RuF3wNrnU364g5vECV64AKuqw++I3sJ62O3pgdNthsfO+KCgAve/wC2DBQdrHDT
I4Ko3PsfXCihU22OADWUkWOOt+W45czia7BpBNr+LywCqdunviHpcexrsa4r7ZeLU4Y4XomZtJeS
ZgdESjqTj6RfCD8EGScAUSVs9Aj1UMCmep0amZuqg+pOOmM3yzbw9g8M8E1FL3WXUKLEttLsR9I8
sT/Eedx8LQpBFNo0KUUKfqJ25f3x0rEUnMM5lzXNkd6kRU9MmrUDs7Xtt574k8pyaZIFqpWkVqp9
WnfURz1Hrv0GMWmRYoKOakEaRRRR6lN4y19Q53Yc/YYlVpBJTiasjHeAeBedxfcke+M2t6I1FHPN
EXsH0i6pE3Xp6D/TEXW1axza5KiUOrGxiTXvblvtc2541GKguMzV8QZfM+YZiKZqkBdM7X02+kAD
b1x4t+LLjKPh6Cesm1V+U5ZNEhdLxVIke9+6cMtjYLfewtc4hr0odJxnwnnUWX0KcB59XiWBpYYc
zn7xoSRfVaTVqIG5Y/SPK+Ld2DcA5ZlFb/x5mnFMs9VmClVhiBkiUtcAIbfiuQAL2CKLgX54m9an
KxcVcIQ8SQU8WZU6CNJ0qNUgColgqqbf9RY+4tjzk0NGON6vhCZIoa2rnlqYkRyrgMpWMcriwLED
pqvvtis9mK7mOSZ9kVfV5HNWx1Ay6GnaKVrqJCUJbw9bG+3XTbCkXFVVT5Kb1jM8f4SzsS5mfqfL
n6Y52OuPSo1CpU66ha3MNUpssDta5v1BFgBve55DCqUHCdXCyV9OklVqIjfwFG07clABvckfvjMx
dLnuaiNzXhvL+KBUVVHw5DLBDoV2gTuUO2x1G25A6epxn2b8PcScKZ6c44TkqaF6ZyFq6Gdk0Nbc
JIDflfe9z7HHSacMsbeSjdoueT5WmTcdZXT55R2F46hTHUAb2KyDqPM4rtZQcMzVJk4e4mlpon2+
WzRCGj9Na3De+2N8WcsXK72s/CHAfBs+mo4t7VaOCG4DQ0pLO36/zxuPZ/22/DN2OZIabh7OJDIp
uy0kLSzTEebWtz9cWpjNRvHPn5ZIPtZ+O3tD7TMjfgbs4op8noJwUmrQf+YmXqotsvuN8Z/wJw//
AAPNYGr4ZFWQ6Gk1aVkDXB8Q6c7+++Of+s01lZnlco0DO+Bcuy3MaV8wnieDUjirV+5cwm51lSt9
Y1C+9iEG3XE1xHlM3D1RUZtw5mdDmDFI2NLUmndZ413AZNTKwI5EaTsMak3eRdSKBxcvFPE9I09F
2VxuXdpXq8tpJ5QW3I3BIC2tsTtviv5B2UdpXFk0NHQdk+ZVSRj/ANuCQA6jb6vpG/qMac2sdlZ7
VuzeSHh3PuzWny2CIeKnzTPainecE23WB9Z5+22PoD8LXZ/nElPHxVmiBaoRq6Rx008TW0/SZZ21
tbldQdiDcYZwzXoXLe0bKeHYqkZrWU1PdAzM1QrKU82AOxHLc4r9f8V3DNXVCHJuJaeqpQe7VI00
PIBzYXu2kf5/p8ica4Y3UzwP2v0vELE0NcWgD6EB1LGfXlufS9/TGjZVn2Yzr3UEBjVT4rb29/L2
xitxKw8QZiIVEEzjewcxDSPLcYW/4nq6ZUjdu8HNhGd7333/ANMYa7C2bT1KCT55UU/kDBmJ8uW2
CvmPzhVZlKaT1cD7e2I6KfNLDL3kzlwDYCEagPthxQTPUFmU2Q7lgLFf9+WGAsJSV1xSF2bmFbdv
/idsSVDUZhTqUaBZEWwWyhWX7dcI0cKaF53FVSaXNzrAN19cN6idKIrLH+LENx3i3t7kcsQGOYw1
kKSJCIByGr8Refn5YZ19NRLGrmnZag31FtlffpiRjPR1EMjHRrQ7loHuyAjkRzw1roaekcRoZELi
67lrffEkZW01TFODKdSnbYgkYTcGOJwQHcckluGHoMCMa6pimDxsyMrb/htunlthpBAIVIlOpSL+
NdjiR3BQZb3ZlqYNF9wYwWJPtiQFXOadaaQSCLp32y29sCRuZVPzTtEszMiDfQbD/wAYh62vlnR6
DL6hUBHiEbeJvviRBMpjiOmZGZuiga39r8hh/HHXxUklNBllNEEH+IyAsD74EaUq1kd1qK2Pf6dQ
NvXBqxSlMWOaAsdyAlztiiVbP63LwV0Vss7AfRqKAHzNsV3McrqczkLCAmQ7FwxIGNJlfbjlU9BB
TJXICskgtfrjyT/6gWTUOXcFy11HUBI3KppB3dv81vfljc5q9PJfY7kkmacc5NDLKpgeZ3CK9iWU
X59MeiIMmocuoacZLExhpdcjVNQ/1zSIzogA3PO/qbYcRe0HTcNwfxuoyyupk+QpTOksRBs7RxKB
q6eEuPvfGkdhEhz/ACbOMjkpY1gWqgeGYiy/4IDAtz5EH7Y0yc9sopqvssz+oiKtTT0MqxupLOsq
BWH2ujffGacM1EnFuWR59mMiU9ZQQ0mYNUzm+vW6RsSbWW+k7Y19DQOAuNqOjXMsm+cjeeSgNZHG
X2kkinkVl+6SP/8AaMG7EuIosw+Qp69WWvypJlWI2AeNm/EUeZVtMg/7jgp09E5BxTDBXU9dM4NN
UQiOQM3+C+6MCBz6Dl+TGp9jXanFwxlOY8KVVQyyxA1MSOP8Sw8fL0A/fFR64aPwP2lxVIKwEPT1
MXzEZvZkFvEB/MYvmS5mK2kjqIJluWGkL+Zf773ximNQ4WqGnpUhJbve75kbG2JJx31FdAQ6m9id
8YOtEI1eNWkVyuoX0kbXHlhvLnNPFKjzlvFcX/ynE0ZVecwVrPSzsHicFefn0/qMQNSXoaZ6k1IO
k3QE2t98axZqpcScSNI08E9OCYASYQdyOdx52xhnbFxbNmGimo2Vz/iWU2up539sKjyf8aWcwyUu
XwSVqKblwpBu50kW+5bHkfiao+YFRTvTjXFcGReVi2/9sGXUbleiPgcyajpOHpqhKloyH79zIPpN
wBY+uNV7f+PJ847Oslq6Wo7+ppwid+xN4rhvAfVwpHvbD4u3PLhA8PfETJxLTUtZUSrIwUxSNc6t
K3WTbzsA2KlmnbVR8P8AEM1DxLWl4anvEWRDYowH7g7MPf0w9QRjna7xrUQZ5UQGvhqqOuGuGsiu
EljbrYcmBG46EEdcTPwbUlNxxxbmHANWgMdVpnSW1+7ZQQw9mBv7rjOd21OI+qPYAK2Xs+Tg7NGC
z5OhjilYW7yMG37W/cYuSUjrG0qtuq+IE8xfGcZxoPgG17kLt6Y4bc/9cc3UN9RsSPYnA3G2kEjE
uhhuLdeWDcltflzxEGkcvPHW2uGv6YlQAEAm454FgCQWtiThubAbY7w2uPvvi7TrgWUE4HRYBi3L
AY7w21FvvgOlxhVDYm4uPa+A8IXntgQQW5eeOIIGm+FBCjnqvf8AbAKt92Y3vucACI9A2PrfAbi1
vthMg43Nr3wdVA3Fvt0wEfSel8GVLNcD9cQB3Qc+EffGkdgPw6cXdtXEdLT5flkjZf32meeP8qjc
gfrik2uH0w+F74LOHeyrK4pqGjSKYHXKX3aTyuevQWx6d4Q4bgyeNKOjRUsSXtuC1vLHfWuHO3aY
zTjLKeFqSV52jEasCSn1E28/2xQs1z9uL62LNcwtHSRszLDq0lutvflitUiZ4fo6R9OayxiWZ00R
wBLLEOhsRucWGhgkoqf5ioqF7zTpZpW8V+dgMc8q3IkaGajnBamIhVhpOkFjfzxK02X0qx6z/hcz
Mz2Zvt/TGWugz08MLzVlDJpLeACZzpX7WxWZ1p62k+ZasDRJcx94xQNY2uRa9vLG45VA8WUhp8lW
erlpIK2SNl1yEspP/QOZ2/XHj74l8oampauOnp46rM/w5qaCvp45RFpv+IIWsngtfU97eRthDKux
RuIO0Kl/4G7PoigzSJps14jqEDzThJCrAsy3e7ABVG25J5C3pbs67AGynI6iarRI3lVTrL6AxCgI
FPJVChzbkAB1OGNXg149oaGGmyvVoWWeqWeRnsEqGWFnCW8y/d2HpfHz7hznNcz7fJc9SRzLDXy1
OpPFpih1Er6+GMjbBnPo4d8rpxNmsnHva5lCVedLHlTwETNDEjFFR5SSPCSSAw/TFd4gr6Cspssr
MkpqNIamHRpS6yOLk2A5Bh1Itv05Y52WXbrjZZol8nS5VNWx1dNUvR0gQAKbERFiFQDmXlewJ52H
rhrmvCMtbLUCWlipJacQfMSx20LrHeDRbkETkOrc9zjXoY3V5FbhriTOaevWegqGOTyRRGhRmUOr
MQyi29zdQ173ufs9zbs3zKtySSKuyqB6mNo6eH5c6ael1NcgJ+YKltySSx3NlGLRuUUfiPscziqy
vJkyWq+aqMzfuqaiKhXNxqBJ6WUrqJNgGHvimV/ZukVdJQQVwqVhmEJrIQe5k5agp5kAm97bgX64
Y56lJ/8A6Ks3OZx5RR0oknnAaIKbmbn9J9bG2Jzgrsq/jj0NKZKWFKyZoFqppCAWVVJS3+Yllset
8OtjqrVwr2e0VYlHHw3IY5jrjSVgW0yK99JI3RmW9r8yCBi0Q1+WZO9Zw/xRk6QpG5jqYJUKQNNu
Y5f/AN2XDWJBAuynltjOvbW9TUOMozDhzjEQ5bktFNniZVdzl0rpT5pCliSqhrpMF3s6DUBsUxTu
0Djrsky+qbKOH+zPNaR1BDjMcyLyq17gaO6TSOtulrDGtcDd2odTxFWcS1MeV5pnNVSZdCCVpDNN
IENj/hwqRfl1sB1NsaF2EcIZZxTKMuzKSWlaGbu4HOemlqQf+mN+dyRyKKu+7HEy9ednvw8cH9nO
TjM0zenMskGrUzRN3rXJKmo1qZGvYBgCTuANsR3GPxOdqeV0UlBwe/DtM9LIKVpYmmNOJCun8aTZ
CxA2jUEix8P5sb17Z284ds/xA9rObVL8NZn2gSVdVEirIKWnNKkB1eFdDG+wA8b+fIc8aV8HnD+U
z8Y1X8R4xr8+Wtt/EJ1nZaeKQciJGsGvfSGNuR0rjNXT6PdnOd5BSzxcJ0TU7VkCBnjpHZoqcafp
BYX2A3Cgb41DIqyAZPCaeNlQXKliFRv+oDr7k4KolstrWmhZaaQi/iZ3NwR7efrhxSRPvIBpN9i3
L7ADfGHQ7pq2mjW0kJEgN776j++2HVTX085K1Mrwi35mvf8AQYVr2CiR6iUJQMRH1cEgnbqMPct+
Xy+UyVDpMGbm5Ph9sUCTjr6eNRNTUzSK5v3i8j7YkKDPKeZkhaMeoZdP72xoU7Ndl0DGnmBQyDwv
bwm+Gk8VAZ3V3RZlHhmjOlWv5/2OIGD/ADMKP3kq+M/SBz9TbCVUampjEfyWpORIYKw/XEiMMAMY
iq+9cnkdNtvXzwwzQT00rdxUXGn/AA31Aj13GJGMkhnhEnyquG2YM3iB9MNny7TUa6irlp1Y3BU3
A+xxIyzbL6KGNzJNE56Sq9h+mI2lqJFe0BinsbaFBP7nBUlIO9mfVFSsobmY7g4GopZ57aaloYxs
Wci7D98CElijgphS0ic9y7AqAPbmT74Rp6BcuiNQ0QUybqZD4z9rbYkTXXSTmWc2c84lTU36dMAJ
HrJdMzSaOYXTowI2qRFA1oGSNlB8Uj3FvYf3xX8zzQuzRrWxy6tmanQ8reWJIYT1zL3bw94q7FTH
b9v74kYf4TRU4kioZgW2ZbBf0wxMY+JRoDJCaWgLOX8MiMzr7X5Y8Vf+ohBVHg2mWlmV4HkVpXVj
+GNJsNvNv5Y6TtR5r+GDIEzLtLpIJ5CGRJCFN/qIsPbe2PV+V8JQU2RUeWSKizzSy1EtRfSD40Av
57E/0xTgZdupOEcrpM0zKWenOqrMkccaLp16x4zc8wQN/S2JnsDy6DgiJpJYZJI0WKojjS4uNUkZ
7z/7VFueNsqpxtwrVGhrTRSzi9I4eKK7AkzsLafOwBxRsg4crqitkpKmmBpa+AU5p0sbgSuwFuVw
bDG79is5zDLJeE+LS+Zz/hhdULUwK/htOyP/ADOLhxPk+fZFJLx9l2vvqQR1YjRNQdlAu62/KwD3
/wC0eeM650103ngav4e4hy2CUUcqw1EHzQjgGoTRyEsrL1Hl7nE3xrmNbQQZbmWT1Cd/SEUM7Bd5
ASAGJP8AnVlPvhn7Y00zsvkkTg6gpFrP+bEllivuPFy8t9JFvbG88EWkWjp6SI67eEPcbcxf7HHK
/tucNo4ZXXBHJToqPYnQfPqMLTySmqKxsQVJPocBBeaeRqdXKWGrSTvhrWCjoYkknU6GP6YCq9Xm
ENNVzS6mKBtJC8uexxBcQ5qn8LlWqA7ie4BJ+g43GKxLjnO+IKLKlmirpEen1hKjne2+g/bl6YxU
cZ1WZZqk5qNYqGJSJr6gWFivtf8Algsa9PNfxYcVDNOKkghl76QwqEhU2EIuS36aMebc/qpKStqI
RKD3lgw+9/thz9GPUHwv5pR0XZ9mwrGUpJlysrsbFR3lr39wMQvaZ2j0sEmb5Pl9Y/y2YUbtEGP0
zQS6wR62Y4vHwzlNsU4G4jzLOsyrMjjzf5WepcywSFyipKL2/Xl63wfjTiF+MOH04ky6bua2iUQV
lETuhAtrT0/liKjVHElZmFKtBWVBZFcuqn8rHmR79cb78AAaHtjoYKNNTS2kLnzHNfUWxi8RXp9Z
uC8rlVBVd0FLEA6ORDKL/uMWSGpjgq5IAo1BdJxqRl+fZwDcf+McdhfnjjXbQBb6wTv+2B0k78jb
CAptzP2wYGwuDgQTYXFtvfHeG1v9jAQk7ABf0644LyB5++IuAsfq/XAbAEheu98IDY6djjtG+kjA
enW2vz8zjlG1r8vLFta5cwK8r745l1Dn98W1r0GykbNgQp5EdemI6AEudXp54M1wAFa++Htlw8TW
LeuBAYW1i/S2A6coBJAvfyvg6BiNwPfEiqi/Ij7YOkbu+kLe+JdNi+GL4UOLe27imnkny6SHKVa8
kvIyf9I2/U4+mfw9/DpwrwFlSUGRZQlKrkK/dDxIu23LmbY6YT2zlfT0JlHDK0lEvdooIYMpI3sO
n22wz4t43y/g7LGNNUKarUIy9vCDYk7eeNsM1qs5z/jPOjBChaL8uvqT1ti3ZPw/TUdOgqW71gba
H8P+9/LGLdukmlnymkXumqaimKsW8KJcBvS/MjE/QUveFJTl6soG6i+/lYY5tw/y6f5YL8tShi25
jLWC/tz++HTZd3uuaWN0b6jHGfCfcnF2LBcxpo44AlPI66Vuyqmtj626ffEK+WxSzOKukkELeJZK
kKyg9PUG/mMdI51W85ympq6Z6eHMTM63Ze7sxv78gP8Ad8ef+1fsm/i2ZSHJOEg9VmWqCpr6hjK5
QnxrYXIvY7BrEXtjTKzcBdi/B/BXCNbUZPSR0dbTLNEjRRFdKFCfB6klyMXio4SkzuWklqZJYaKe
MQyFFIZg6G+3pbScaTPviG4IyiDg453lWWSST0jr3ckbf/s5EbEkjoNhy/pjwtxH2Vydmzx5VUyU
8Ga50ojpqwsW0yfLoXa/VWd3NvIYMvs43uMrDVlPWSZzUxy0lZl2YxQtFE1hDcHTIDbkxicEHF64
kyqhhlo0yuNDTUkUrUshUapJL6BpvzNwth5LjGu3TqcF+LeFI8lzpFkzAyTZ7HHLTSMdckOmMopL
cv8AE1i/mB6YnKHgbK+PqinqlozDBTwJTPoB1RhYY0VyBs3qPU4ZNi3hZOFMooJs2Wsop5fk62an
RpEQLJFOGMMgJFubaWBPn6YzjhiOqpuF4c+zGvk7ijzN8vmafnG8i6FL25aVDrc7eHDpklUdmmdU
3FmT5BV5sFgqKKqggMj/AOBLqUOGbew0GMeikHFJquGsy4NzityOIo8cGXV1QI6ganLS6opGBtzT
QoI6BScGvZ2LUrWUnE+XZ1QwI/8AEJm+VeEmR9QNiij8rqGuo63Fr4Uk4RrRU512f1c7O8DPmGV5
gRoEoVFbvF/zK0ZXWvNbhreAjFODlTLIqjiLKOJqfibgGGpeLwrV5fVBpdL83jK/+5GRuCu4B6Hc
67S5fScRZoTxd3kspiCQzGnYTpG5v3U6SJonjFyAxW/kRyFsadN8BXC/EOSR5zkGfZjLmQl7wLSw
lY5kJJACSaXRlG3hLKQMQ/Fvw90+WMtHxVwFnmfOilhVpWyMjaVtoOmNpVcbeHXbnyxv4xjas57l
nZ/DwbUwZD2e0kdbSaGehraPMu9ikI3sJNItz5Sb87YrfZPxbxLBxfSZnwh2bLl1XrijhkyGpSnS
4N3ErSLI1mHTWLW2vgNej+OeG+1SfKFev4Y4byqnq1SeSeXOGesmjUjSHGostyxOhY0U2BN74yzt
NyifhSSl4k4q4hzXLstiYQRR00Ro5CCCSiTyDvLkbHuIVHT1w+gz5Mg4w7ScyTh3sK7KKuKnBMqG
sZppdb7F17wDxG31WY898Pcp4TzLsl4npMs4t7QdGaB0f+FZJVP/AMvNYAsxW9nA2LmxHS3PGbyu
n0f+DzOuCzkIlk4nglra8rK2X0LmaonBP1zTksdF9guxPPfHpk1GY1MsOWRGIxM/41S7gLDY7KBz
Y+vTpgKzwVFNSF4KaEiOM/Wx0gnzNvPDgZ/HRXamq2LoLsVS4Hp5Yw1Dmiqo3ieqqatdQe9i15GJ
9ALYewfMVOplCKuokO/1AW3xNWaC8lFJItAJS8R8JAuQT9sPWkpaWMK8YW2wX8w+2Fk5o6qKBrmJ
ytvCrMQAfPa2H0WW1TVCPLV/hsAQiPdlH9caZSMXfoXhpqszRoLkOLAfryOE62mRBpWlQMw8LwH+
mFG7islmukkTkW2sLW9fL7YVJrZKbulzCAgt9Dxk6R6HkcCRNTXVcLEGqhuW3RRpB+32wxq6+Sdx
IsTq19xI5IPscSNqhn7tgGQk38LMfD7X2xHtVSE/L1EbRi/+IFuP2xIzzCj+fl1Rzhr30sCQTgKG
mlopgjag/mAvi+4GCpIxU00rlo6nS3VWYk+/lg6/iSd1Amiw3lXc/vyxlBqqMUMQasnCl91gi8Uj
ep9MQmYLXVFQKieV1uPBHGfGT036YekJRTU8LO1Q/XexuWPv1wFU1NFPJUqTqI5OdIA++2Aoatcr
G4nnhKtv3WrQD7+eI6Oc1kn/ACeUwKt7alO4/XCA5os9JGJ5oPBaxvsD+mK9W1sk80ggdwDe5S5t
iiZH8QtZVPlUEr1U7qXsNTlufPkNseNPj9zFMm4OioXKO1bOoaK9iLIQB7DG8byvTD/hQ4czKp7R
Z6ym0mKCjNw22vZSRfztY/bHtuLhaXPKPKc9kpYx3ix0iNbcNcMSRy8sU7R1mnZ7UV3EFBRUkvzb
hJrrGQpRyfzHy0ID/wDIYPwjw5XxnNZafLwvc1I+XgiNrQglrknqNLHfzxuConj6kiyrMq+Kuo1W
GmpUkanJN7anv7kEqTjF+DcqnmqfkswnHf5RmtSVjuRrjl/Ej5DcHxC3pjbHpUeKuBq3MOHsshnp
PlTStW0zzzi/fIXMsQB/+VhfoRi4djWUVue9nPdZnmWo5bFVUMsEif4iIFZRvvYo2x/6cGUm+D6W
/wCHfJ0WTL8ukdmnyqneKCMXIdFOt4gx6jaRb9DbGtZHwBBxcwoqqnYtMohnC/lkjN0YnkTptbzt
iok007K+EqXLKWlrYqVGhd+8ZUWzRNyYD3O9ji+cBCrXLYKwTtHUQeLUT/iLfcEe2OdabbktTNRl
Cy/UAQ6H98O6xyzmaAlPzBgcEJvJVSGZSefK198R3EM4qYI6ZAUdb3U33t1xRK3xERlld3zqH7xQ
VsbBvMH3xQu0rOK3IuH3zCkUy0yteQHfuxf6rdR541JsMX7QuIuIJsv+WCp8rUyqRpOloze1r8j6
H1x554r4ufs97RWoM5j7vQzNplWwK6W/YEjF6LzLxtxsmfcR1s0XdKlXKyoZG3XVe4v08/vjL84a
OYsxe95NJ3+oA4MrumcPRnZ+1NkPY/RssgVqugmhlEhuAQ6uq+h3xhPaHxTV1edTSz1IMiy38J2u
2zH7gYcbPgzrVVGWsq6GuWtppGVls4YHcev6jC+dZ9UVWby5/A4SWobW6xiy3PM29f64ztpFm0km
pyLE38rHHpT4AO6TtXy2NJ41eRG2YbrYEn+WM3oXp9csn/5PuZKeQGEojDfmR/fEjGiS5rKymxKa
kJ5nrjU6Yfn30G51G4OOKafED9hjl07uIJPpgNIvpGJXgO1vCDjlK3PiuPfFoDndjYgWwIt1ufPF
6aAu7bn2wYqSen22wUBO91t7A46wOwNvP1w7WhVsDz5beeO5czfyxdIJNxuL/fAC7G97ffAq7kw1
EexwJAJs1vPbEZXaADYkXt1PPBrLfyBxLgPXlgLm3v188UQQgvy3BwP5iHOJTh2nqp2tvgwBBKkD
b1xGnlBl1RWEJSwFifyrfHq74V//AE/s344pMq464y1RwVBEqULLzF7jV/bDjN0XiPoF2VdguUcL
5ZHTZfliUsAfTaMWsSQCNumNqo8lgyGkg/CjjigYs3h3k8hfzx3c6h+LOOoIoamh4fYmoZQpMlws
Fzy/1xRYMrrs2BqMyZakq2vVa63PQDngy4WMWnhbhx8pjTu6eOE2N2lNmsfIb4n0yeMxLJN9eoMF
NlUe+ONdomqWCmllWGomiBHNpGIXE0+Xvl4WObuiwXUjQ+XuP74E6iSojdpQ63IIU/VpH32viRio
qaPLjVKsyqDcayXF/UeuCQ5UEtZVzUjlCUY9DHpU+hG18VvOKevzIlaXMFp9DXaOOUrc+pNjb0x0
jjlEbm2TTBDPVVEKRk2k0qGaP15+JfYHFTqMpps7zZZ8tzCdJom7pkeJ445Iw3mw57dOuNMe01km
U1cWZz0ufTJFFADJ47N38d7gW5AXIvhbiZ2zGpyCnqDUs00jakijK6bo179LD+2NFnHxCZrJkdss
Wi/5fL44qv5jSSrqWaNrj/sbrjxj2qcJZxXcY5RlOauJZKMTt3CrpZ3iLojBuhKtDt138sWRnDIu
PeAMyWm4kgzkSUlUlO866gbVES1Tyo4/6kSo0nysQcPuOcjqJOHeF8wpUqo1qaZamFVXS0U6qzSB
dt7hC1vI3GM/w3jrgz4rHEFXxRl3HIyPTkOVS/LkmXSe7hK96uwtc97q/wDlfGtdmdC+W19CKGlk
qcuzJJ42d1tpKSyRBuXJoJIW3/Mvpgwiz5c8GZ8F5nNT5Nl6d5J3vdyM4ISeNhLpYb+F42vff/DO
IfJc34FnyOrXPctCZJnFeah82rYtOlwUjmjYDYMtg3oySdGGN1zW3MuxarzHi2HOhPEGgkEpB2WR
kiSJ5QfKWNbGwIIZDztjDe3PhzibhvjbLeNYsiaGWizKXLq94f8ABm1n8JyeQWaFyPUqx54rNwy8
rN2d9jL1c9d2YZxlkReseOUSVDGHUEJEFTHKN45I2Jici41AXtqxq/HPwocXcf5VQfxiGto89gmA
eVYh3ryI3gqlKjQWN9yvO51KQfCGpfsd+Huag4krck4q4QDIGSoqKCGleE006mxqKQ2OlepQkqt2
CsVNh6C4f+HqnocoMdHxtOaeNu8yyDOKKKphpyR4oi7DWsTHYrrK+nK1IKqvaR8OnAWa5sOJuMMk
rctniVpJk4frqgUjk83MNmjBuOa29hjzz27cJ9l+Uq2Y5X2O8Txl49KVfDPEdUAWF7yyKo1hSRe4
DAbg2x02xO9sZi7KMyzjNZH4gps/rY6ndcxi4unZiuxXWk0dnA9ugw+4P4UynJuI6aTJuAOIYK2W
YxLP/wATQ2ltzZ44UVwC29gb298Zs1D3Vw4l4++IeKlPBXBlPTZJHXO0bzZTlMU/cqrWL6gGc3ts
dV7+eM0484K7c4467NZqI0E0MZefiPiyop6KSxGwihVnZCfyguTboMX8KX2zzIe26o4ToJOGOCXz
XNK2sjvmc9NUPSrWgDlPUBjO8Q6qGiT03xBcP8Idofadn7z1EoynLpCUkr4YTDRUy89EdrCx5aAb
nr54wZv2+l3/AKaHZcOz3s3oqaooGqGkVqh2hRtEl+UkkxAB9Au3vzx63paKijmirXSN3RVtqv3c
ajcW8z7YvR9rHl/czwtXVFQscdrKp5n/AKrdMGpqh5mMNNEsURa5BGqRrdcZrULUjtGSKKjlMt7q
SdX64l9Y8ArZWkdh+JCgvc+ft6YGjqnWm2krO8gF/BCgBZvc/wBsLTx0+sCOE62OoqTdwPtYYWbw
dUTwwWMczaTvZrj9LX/niThek7qytMZDsPFsP6Y0KfrJVFFMmh1OzMVO9vXCVbNRu/dCKRdO9iMM
BnQU1PPXa5mSN7WUefqQb4MuW0QjljeNFYXGqF7Kx89IwJH1dLRU5/Dl1rYi/wBOr3vhvCtRVRMF
WIW5ArufS1sSN1oJ9RjqaVAzC6mM6Rb2wU5RGiBBNY9Ro3GBEZsqigJLSwSL1Te4wnJl9DESfCGJ
BAF2PsMCLU8tKh7qoqRCw3/Fvf8A+3CpenpnVYnYXveWUgfcDpiSMrGkjcswcx8y7eEW/nbDKoBg
ICRBZZhZR1A5335YESOT01NTGqnr40QG5RSbgdTyxHzPUvLHJBQSCOQ2V2G8g9PT13wo3rOF5e/Z
s2qxTqdynM2v+uGs4yqilU0zysBveQk3PnYC2DW0juKOLIZY0oYEMh6aAuonpe42xVZ5a+oYwvGG
Cg3XVbT/AHxpMn7fcwrKOOmiqhL8sr6u5U2B3/T748R/+oeVq6nKFlpgl9TKuq56fyv1xqdmKd8J
VbTVCZtltFDMspSNlcHbe9x7kfbHuPgWOnfhWjizeS0VMDIe8sTrI0qf2OM9Ve0xwtlcGVVUa0cb
E1Rk1ThdwpAuT5bAAYsk3DCUcdRr3NUpDIXv4dAUAeu53xqUWMlzTg6vlL1tdrMY/wDfZrmQF0BF
+uxxjHa+0vCmTtUU8yrXSVlHMmoaRPospF+dyDuDbHbG8sXrSwU/C+ZZ3w7SS08aTaaOWZIltpWU
KCLnmT4BiS4b4ThgyOCunaWmoM5cIZaYAMCFul2tbcOyEf8ATvgmrNjfo87KMkzzgKp0S0UfzsEk
blwSdRRmjLfdSoPoRj0pkFHlFBw5Hm7NE7VugqWW4W3L7gH9sGXZn2kaFc4rsqmpKiT/AJinlLkO
v+Ip3uL+n7g4nODKuOrmiWSLQ8Z1gKeX2/bGK1r6bDltWKnKYItz3IsHPUf+MSsKQ1NGVBuFbmTu
Rg9LoSanhUJVNINC7f6HELm+YGdTTggyBrqfP0viVVnjLN6WqpRA6spK+Fh+UjofvjGeLu0uoakn
yNaVpEcMkkBG4Ptb7+W2Nehpi3aVnWfZRlAr4YQ1HCBdQ19r7kjmOn6Y8w9r/FkeZ8TfxyW87Sao
0lvfmNNm63vhl4Lzzm8wnrJatYCJEZm1atmsd8V7v0qa2JJUC7+IA2388YpjV6HiipPZfRZLTyyF
Ymlkdvy8tIH3AxkHFL99mc0yEBGtpVeYt541/wBuhEPP3oHe6zuP2wWNyCV333xghjUyHRouRvtj
0L8EdLXjtJy2bL5hHMJi6SSC4KhCCh99WCqvrhwTJW1vDtNTVTFHigVrnfe1xixUJUZhFUyMgKrp
Zf5Y1OnOPz9gbWc7++A8HTcY5O4COoJwVgOR3JxROPiIBblgVPqNuuJDt9O5AvgOYve9sSo/hUgL
bbpg1ifqa2L0gqlxc3/rgGQne/sMSBp8O53tgDys33OJO25AjAqqrsPPzwFyqAb9MCYwTY4lOXKq
72bfywZV6eW2+Ja0BgCDt/rjgu/1DboMSdoBa/ngQPzAfbEpsdV6EkYunZP2I8Y9rOax0XD2X/hs
1nnf6UHU4db6W3vT4avgT4Z4JoYK3NKJKqeRAzz1KXud7gC2w/tj1nwF2cZfkq08GX06Q0+gaYVF
yFt/pjrJpjK7rQMvqcl4cpQ+bVAVIVLaeSj09Tij8X9q9XxPXLFlMhigue773w7eZw0SCZDlFR38
0sriUSyXaWRD5f5cWTLMhgMjqkhJUeFwha3X7YxXSRNUOWiBGSUprGwu/wBd+vpiRo8saWGwgR7n
dDe/64xWpEx8slLTaatIwoGnupEI3PX3w6pA1QFqjVExKNLoxvp9bH+WMlIQ0VDEivSNGso5BLtG
xtsfS+A7+uSRhXU7Rptcp4Qf1wi8iu8HfOJaYrHceJgSpHvyxF8Q5VI9YJ6OrOll8QmGoDf0/TGs
XPJWs0pJaOsEVVDTPE6Flpgzg7eXIH2vgKalh7iWWEzU2vxiGZ3eOM87aTe1+W22Nsk5ZK+MvIA0
7x1CqBo+pDbV6kEG9vTEtLJRT1cOYq9QHpVZO9Dfh2FtK6fLFAx/toyjPOJs2NZR1EMUKJ3M0X1R
t3clwWHUFdvfbHnviXs9h4m4gaaGN6WetilmoKiZWIhlX/EiJ222BvhvKxVLtnpMi4y4bo8xybLA
9ZmVVLBDTzyWeHv4Ss8CnqGJVrdbLjOu0ocQ0MHCmSZ3wu4ip1oqeoCksUmi1wTbjkWQEYMt+m8d
ezjsu4fV+zTO+B83pahko80SOEyobMs8DQkXPXwRXt/mB88XbsNpOIcry7hrh/M6ZlzPKRIvcz7f
NQ6gpJIG7FHViDv+GRixFUDtsrMt7OOK4anL/wAalkk7iSOaRisLP+JACeZACSRXsbhSMK0+d5NS
cM1XD+YKJsuzSOWoqcmnGmalr6ddMi3PLvqc3uBuVRtyTjXbPo8+HHt44fyfuex/tIzPXBFA1PlX
EFz+LFYfLyseasjaVe2+m/8AkGNg4eyjg7MuB6/Ms54VNdCKmZK2mlHes0UbKGQqPqMDtc25xyI6
2ucP6V4q49knw40+bcW5bmhz9arK5Im+VzGKUhojoAjBPQ6LC/J1A5EY9G9nvB2bZTRtk3EaFkiU
BUSMA3G+4GzA8wR/pjJ2tGV8O5fmqLLl5hnlZi+oqr2I+wZSR1G+HOa0VNRUXzbZdFJrktKqi7L6
8v33xBG5nSZJNl0iZNeFpFvMY5OQI5jf1J579ceX/iJ7Gsiy7LZ43yo57TzE1f8ACaCT5VnW9+8j
RmsJBt4kCEnmW5Y1KzXm/Lfhs/iefVma1tJxbE/yzRHKs8qWjrKeK97LJASwBuLKxvvcjfE92NfD
lkHDmfyVMnY9T086oSKjiKeapbqS7ICzsTsACq3sRbBWom+0zi7iXKpvlcryTiMw0qFpqx6hcspl
3sVVUjklItfxF0A5Ag484dvVdVTVcVRl3ZjSyZCSrCfNZZKehnkv+QzyBZOv+GhYnfUcaEU3Muzz
M8yWoyalymkyCnlInko4nENPl8N7Gerd1UsxGyRgaV52JIvcOw7iDLcv45l4e7OMsXMKzL6VVh4r
4ujlqnjubAUtGw2Hlq035sABpxk9PePZd2zcP5PBQ8MVnFtZntTHEDVT1kqpHG5FgWjQBU6hQxOw
xvOW8WS5nltHWUlA2mcaovmXAZ7jnpF7J5E2v5YzStOT5o1ZeKprVLJsYYxZb+1unnc4ffP6TJBR
03eEkM7yeDcdNVsZrU5OVeV4USejkjQHUJJHsZL+Q8vU4kaLue6QRR2LdUub+pJ2wNU9knNEqRUU
cZkP/uEamJ8998HoaGmjdqmZWmm5lC18aZp7NVCCVGrrwpzF1LHnyxIwVuQhiaarlDr/AJrsBf06
ffCykFcPAgy0RSNbUrd4QDf0thGqetXxLSSFY/q7mQ7Hr05YUbzxVdRFqjp43tswddJHrcYbxpDT
M0hhm9HhN9/WxuMCOGpKWr3qBMFAGpLFhfAd1kdCwVDcIDcyra/pfEiHe5dK6zQz+EnZNV1H9sdX
1lEsBEdNsfr8Ia33AwJB1lTDSNqhewP5o2sThtFUzzShNSgEXuWuf5YEdy5SgXvJaglW/LGbf0x1
ZHDSxhNAUrutjqP8tvc4kZRus6mXS7P/AJt9v74aPHBSVWtgXc+Is3i+yjqfXliSIzeSozurWGkZ
mUX21eE4d5dRoNHjYui7BGNl8tzgSOz+tpoJzCsgBk3Lyi/vYDc4gsxqETWIqiVu9uDfb9bb41pK
7nNPJSTCOmpyFnN9ZtsfIW/rg9DQGCiFZVd5HF17s8z6nBpMX+Iaso5Yg0eaGYCSwCHwg336Y8Qf
+oPSPmMNBmMEoRYdrMN31WUWPvc/bG52YgfhF4HrYs2GfBy0VQqQt3fSzFb/ALY97ZZ2fO2QrIal
2Rwj6VsAp1bX89v54zZyt8rJkPDMT06VM0hRpZDGLj8qrvt9v3wOdZVnUmV09RSSNCaaF2Zy1gwB
DLthiZb2j8UtRZFJllHSqpmo2TWXNluuxHkdRH64w/jumkzfifJUmndKUzRJUxR8zIGZGNzyPiRt
sdsenO8NA4C4WzEJFw9WQGJY4SuuN9JKK9iR6gEbdcW7hXgulbhfM+DdD2pphOm5/DYN+IBtyNyR
7jBjxVTqnyuqh4npsvrKeI/MAJJpezxEbMR0KshU787emNH4TyOujiiyTNaSRqNXeESyHSCCfC23
K42N+owZHHpY+G+H85nlqqfMKiUmnUwC7fWp+k7f7540Hg3g6l+WiZ4CXSG0hH+a98YaXRKT5Huq
ZUtqAfnuMOlKxOzR9G8ag8x1NsQFr8yooqb5U3KkWLqd/Q4qOcpUvTM1FKpdWI0tyIOGBUuJa6ro
6A1VTII5RzIOx9SMece2etzPJM9fOrzoh+qoia6nqHt9/wCeNa9Ji/FfaE2Y0mZ0VTmJV6NGLwXI
axFy6eYI39wceSOO+I6yTTk1PWyPGagzowO7EmwJPW4AxdRpTeIZopYRIEKTx3WVNRIvc74hEqGE
qyoBcix9/LHM8rrDV6MmpqaKoCDuTdjvYEG9/bFHr5VlAd4n0W1az+bGmUfW6mCrcXA5g31YIoQK
GS4YcxjJGolYv3iXOg7kHHrb/wBPWiir+0TLcuajDgd7NIQLW16LXPsn74L0L0+pfB2Xy0OVQCVg
UanVFJ8h4ScL0cYFQoiJKarar8yDbGumHwIO3i1X9RgLC1y1/O2OVd+BWA1Xvc4AhQLDc22xIA5+
p6Y4MLgDbbCBtQv1wYWDb/v0weiMoU7E2tgwINiRz9cSCLWvb9DgdK33PS+2AhZOt9/PywRlF9BP
6YYHGMjxLtvgbW2A68/LAeu3aQNv1tgQCdvtscQcUGrSGA233wIUaQR+uI75CwvupwAFthviN7Co
Fzbl5YVihMh0g38sQnbVOxT4Ue0XtbraWSDK5KeiqBqWocfWL22H674+lfw6/C3kPAuS0OQ5Rk6j
5anSnecxjWzqBcn79ffHTCexl1pv+Q8J5XkUOuspY20/SW5MAdyfU4juJePsgyB1iy0sWt9K7tc9
BjbE5VfOs84l4trFhhqGijlF2VFJK+hOJrhvhpKCNUaGOXWQ+t1JYEe/IYxa6SLTR5YtWRWMx71T
4UkO32GJOmoquntbwhjc6DsvocZ23JpNw09GKUSymRdYNlTwg78+WHFJBBru9eqxFL6U3N/I4zVD
+GjWSlVxAXS+nSzkfY/3w6gFEW0yUxLL4X0sWG/I/bAjiWgOXqyqoKA3uCQbn83+mOkkeShjFY5k
ichdrEEev6YQBI1pZTTJB4NIAkg6/brt0w2zqjrqrx0tbCrFdPhXSWHlvsfPGoxkqWbZXPTqDK3f
RK92cMdmA5gG9hzuMG4fanoagag4hl5B4+RINwOnTcfcY2wmMhtmFPPUyRB5BIUOgbMFFgwHTkLg
+Rw0zOnpaKgZYplmCQAhCTcHc7nnba3vbEFI4w4XoYqHM6uBV7hoHu2shzK4DB7+jdMROU9ndJDw
lQtnGXolTA8QlYAkxHxAix6NqIB87Y3OwzbPfh94NbNVrzDUy/IsK+kqYWCd3UJqRtW3QgEeV79M
V7izhGkzzMbz8OQSOq/NsssZj8WtGfVfqTIwBHIqvngOznjrsepa/sbo8i4fovk8+g+YqKefRq+Y
amUzQsw/NrVNN8R+Q5Nkmb5808+XNRVhmjrqcwA3pi8YSaABh1Lrp9dJxSF5h+M7KK7KOMcjd3lq
sszOWTLpqpU1d8FdJY5E2+oM5K7fmt54oPE+Z5vxD2dRVzRRycR8KyQ0lW7javhDXpKnbndHeF/M
SC/LD7E0Go4XyvOcrSlWsgy6mzieX+EzVQAbIK1VCvRVBJ+hxYBuhCN/mxbOw7t14uyjjung42lq
aCpq3/h9cikG1fEumGcoxC69DGORTtIhsTvcX8ivVXYL2n5WlbLkBpoaOOukcCKJm7umqYX7zSt9
1urMVQ7jnvZsevOFeJq96J2/hFQk0RtLTVUezNfcoQbX66b8jcbXtIxznjjK6d1zXLYKqMwlmkgh
USXP+bbc2/6dz1GGWUdpdFxFS09VT1PfQTMSaqn1MiNf817PHcW5i3TywWaU2mahHq6eWtr+4nMx
5P4DN7MNifffzxXJuEakRGnooI3gldiYM6iEkbX52Lbj1UbHFFUb/wDomyE08jOuR2lB7yKGnZ0J
8ggstrbWOIfL+zP+EUsyZfw5l1OkAuk0NKi6Rva1l+/XDvdTP+2LsobizKqmPOK2I0iqHHzDzGNT
b/ICoZr9SDyxlcnwr8D5TCnFE/Cgqa+GLUtTJFecsDdVidm/DAtcMSAL3PLD3wOnlDjvsb4szvjW
qpZMxloMmiqGrY8sopTOGkvbvO8uGqZibnUbKN7MBvip1uadoHBGVPkHAuUjh+CSUGXiviF44JQQ
pssQB0gb/Updr9RjNjUq5fDXxNSUWdfNZxxBn/ECZeyxQPQIqUSuQDJIW0lXN+ckhLW3x9E+xntr
bizKWhkyGojanCgVlVORGQRcN3hAB8gBa/TGC1/Ipf4TCZKOl+ZlrNtatqsL9PP+QxYqcV7D8RRN
IxCs8jE6bbbdLe2KtT7Sq5XFLOK2s7x50HhZyWC+y/Th+k0s0feUwk0qAHkka9h6bWGMmnS1MAYL
BHAsjC/fOCbYWbMmKMDKkZvbvQp8Q+2NCl6JI6oiWSQEL1Iv+l8TWVVscVMRI0MgIG8ZUk+9sLJw
88dONRhdWIA8IIOEocykFH8tLMzB7aO7JBHviQZJpqSNZEqmLMSAwb/xvhrH3tQxmkMisxtbSCD9
ut8SO4q0yQyaaMRldj3bsCD7c/3wAikqDtEDKvLvGB2t688SDHl1PPKxcoR+ZoUscMqzLoqFzI09
1HIpJ/pg0kNVVNNPUASAEG4uSGJHrhq2WSxya4qhTGRsoPhwIaWqAcR1EyRKu9lBY/YDANHSVTFa
iolaO+ym639x0++JHgddJLCNI1WwVQSf0xVM9lSacmSawboPTphnSEyyAy66iNNCDe6ncj1P9Bgm
YZhT047qmlBJ8ICrff8AvgSpZ3nBnnFJDKryP9SpYNb+g9TgazMVoKHvJp9bOvhggAAN+pNr/wBc
NqM2po1eKR5UO4tSptueQOI/i+dVo2arqI4Y4yE0BgQL8hzsMUTzd8QL1OY1KwZVNJPHDJq71pAA
x/yqo2sPM48mfH1SVFBX5Oa+eX5TSgEadGF7n/fnjX/cYn/hQyetpuF6N2bQsMoMSaLHQzFxvbfc
n9Me6eEqOszyhgipwAqx947HZcZ7XSyTcK1y0yJAS0ZdRflzNziO4vZanLpcm7ptCMHcwcyB+X9L
3wwMOz/LP4tC610ZInqLwzlfoj1H9bADED/+iJuK6OTNGrwjUsyI02i4uVKcvLZT/wDHHSUVN5Rk
eY0eV0KtSj5qMPK2km6SAhJF/wDkCrfbGrcGcMZdJKM4pqdhFUwiKQgX7uTfSx9NtJ+2M1aNP+GF
gz/+ORwyzLTqEZUa4KqfDq9R/TF14Keq4oqJKNYXAkJ8MhGgmwuL+tgR64b9qTS/cPcPGkV2qyTE
BoDHnyuAfXni25DSx5fIVILI6adX+b39cZRSnYw1itPuFuFueYx1QI9UtTFz1gbHnfCEVmhqopiI
LHSSNL/qMQGfZy9PSiqqoxE4YLJtsv8A1X8v740Gbdq2YtHlr5krGSKcaWVTsD5Y8+doOdZhBLJR
rF31NYnu5iRqRhuL8wL/ANcXRePOPOOlyniGbI4k7uogkkelmZ9pFNwARy8wehve18ZRxnnME1TJ
V5WojhnjjAU8wVXff3viyrUmqqucMJY+9imY6xqNzuMN8vp1qauKg0L+M9ldj9J6HHM+kzmtT/Da
aSgkpgpQDxqxte1v3O+K1mUoFKiKdkJFjz3vjVZhiYZI20PcDpbpfBoCVn7xeY/f0xkneXQQTO0s
Z8J2aPyvj2B/6cOWwwcfGtlkfSYJIALGx8AKtf0Y4KL0+o+WxQVGXUkKsCojv9iob+eH2UZXMYnd
qfUC9x5Dzxtjb89xAvcNy54Dfkftjk7uKrpst7nzwVrark2xROIXTq1W9MBp/MP1wK/oIbcEW8zg
zEsw8VreeJBBUGx2PXB/CQGJFsSg4ZTzbngwupta+3XBpOuSNx++OZRupPpfD0nMBa97efpjtItt
t5b4CDxEWvg1he3PEhbAm2nA2C7ryxAIFyB+18CulrYj+z7I8hzPP8yhyjKqV5p6h9CRKLkk49Yf
DP8AABNns9NnvaEi+KQL/D3JXTYn6j68/wBMaxm6Oo+gPYl8PmV8O5alLHlUSQRxgIipYKq7Df3x
oM3EmS8F0hqKqojEsZIKsvikJ6KB6Y69MdqRxH2g8QZ7UzQUDyQxObDStzb08sBlPBsT+JoJJC4u
RKw14za3jFpyTKlEZOZwa4yNJkguQv6e2J6nNLl9Os8MyCMiy32J9N8Y26fE9pIolYPl1JJHr8YW
UBmv6C2JWiooTFGamV4wd/Gt7f1/TEUnDUrLItCILDZVG9v+6/8ATCkVHVxVBaA2MezRxnSDfrvt
jNoh/ltAVhapjiD6mGu1gQen/nEhSQTqlpIjqFwVha40k9RikVsC1QUR1EjOt7AnfBWUQoXkewNm
0fUCvX98TI6QfKyL8lLDIkw1EXO1vTzwFZS0tVStHFdXPitIevUW6YYzULmmXyz07zg6tO+lnub9
bH19cRlI0tOiSwyCVVGmRZPqUnlcenUffGozZo8ps3ky7vKOuo1SJST80nIrzufUbYj+JYqKrgnz
Gkiil0xNIZFbmOZHpcrjUZ0rGZ5fUcUcGVPDaXjlrAyyGQ+KEtva/I2DC3pv0wbuKviDJavJnZpW
poQnzKG3emPwsDf8wKg/v1wpHVXDM+aVNFWZXmUbCN5VloybfMQuVKC/LUpud+YJHXFcz/gtcyKZ
L8k1JWUyvLFIWYpWQN4mQAjmO7jIHMEDyxpLAcolpKXLKqSEPFkThIpJDovDKShB89IkVh6DGQdr
FXR8LcQUEFdVPldVm0YK1FOhMbVEHhRvPmhDL5KT0xJifxSvknGHZKnEP40cYqGqUpaFVJyySZGP
eoeoEge8Z6roBBIx5V7Q8xz7g3iOLO4qemrsnzvLlNR/D5TLBPERaYqeY8Ta1NvD3gB+k4ryDrM8
54Z4laqSmmSLJeIo4kSqn8Py2YQrpEjAcu9VgWHlKbfRi3vw9F2vxZXxFm9NSVEnFFElAJJHCNHm
dL4ZI9fINJFqeNjtqIB2Gxv2ZPTZOBqCp4ApafOs5oarMaKpLQyZnTKSKyBTZTIltUVVTENqBsxS
9iSlm9k9jVbm0vZ+uW03aCc6yWOlCUdRMxM6hFv3cnmUFyrDmp3G1zQXpWuMs/qP4llUXD3fU07T
hKdqOYRCvjY2IjlbwmQbEIxNz9JOC8M8Z5tkHG0/DnEtAJ++fv6DO1glRqpGJLJLYFA6EEH1G43v
hpjV+HuNeIInjo5Mmgmgk2cRuhR1uT4o3t1Gxtiw1Vc9c6RT0EdEuixgEY0ML7fSMHQR0qZJB4S8
KlhqsIVUG3TUbeeG1VXIlI8FPTRlZCAaiVwVFuW2nGSgcyyk5tmBpqStUMi/40UBKxjl1tv9sZ/2
uScF8MZRMuYV0dUZHdXWdm1SkD23tvsP1xqCx88/jG7bI8h4ikWN66kkkpTDTx0lYtNUzi+xkI1O
sVvyjTc9ceVqHIMz4wH8XzvPsuy+iDlTmGcVJATrpUeKRz6Ip+2LIyaXug40fKeFabKOAErMwo6J
1QV9VCaWhqZdVwQshZ3N7mxKJtumPYPwY5b2sV+b5bnXadxfTVtZUsHp6BXeqk1m/wCIRbSmw+4H
PfGTJy+gnDH8QqpII6iuqHqJgFOnxeEcwWA2BPQffFykSYzWy+haR0AW7SqAu2425e2+CmHFDBFM
p/iVbLKkY2pIlIQE+o5/fErRyU08fdiYug2WBR4R68rYGqkaWj7mNZe5gQE8xy/THLmNFRztKQ0x
N1VUj6288OgcRyZjVKJ9FPFCpv8AiNct5ix54cQzv8wr0lErkW1Ei1/XlhZSUEzgmeJ9Et/ExXe3
tythR2cAKJQwbckJiRuL983ftd7fluP546OmRUeQhdIH5CVa56jpiQYjJLUCSSTTpNgT9X64SetK
ag2bOWY7pNyP3tiRvVZpOrd33kbv00nEc8NTXE61A333Bt/bBUdQ8PilXvlRwF2J1bHEZm9mlWUy
roXbu2a7ftgRvBMscyyBQTe2/I/fD1Kaqrk0gBwTbQsZX98XtFsy05fl+mZBHq20ov8Au5xSK5JJ
K0Wp/Dz9h5nDpE6uuWtQxPVLT0VGCzMDa/qT15chjP8APu1vh7KIZ6jLsw1U6kXrJG0KCfUj9l8R
th0EDkHaHwPV08teM1jg0bvPXAAkcy5BNkT/AKnODt2rZJmVEazJqmeupkJ01zroiJ//AHeoAv7g
AYP2Q5HxAtbRHNaunuttbF7sw8uW1/TEDxdM9bM9U1DK0bKdTXQ2J+56YomSdqZqBHBRQRRoqyLs
gsE6/c48sfFxl3EHHPbBkvBzeKkKiRQV5AXudXlh/Z7bP2T8DVmUZBS0UzWEKxWC2sBbbpzx6s7K
MuaopoZJFKQxgXbo9xzxmJpa5VT/AMNNTWBmaPZEU2AOMt7QDMIa+CBSS4WwUfTvbG1FS4x4EqaH
gaGCaPVU9+5jCbaFC/ra5t9sNOHaGbJckqsjr4pImqFDk7HccwfXlv64fQWKsymhz2iJivH8xEFC
FbFXAusi/e4v5HFg4Mp8zy4VlBmFOhFSmruQPAPMr97HBtJ+l4UpagNUUjsTVJZ7LaxHtzOF+DOE
Kyjr5JAxgZX/AA5QuzgdPcHf2xJoeTQrVa6apZSZPqsLAnCtD31LULA1zFcjc8vLFpHIipKmWRZt
Wx2HQHDTMC1PBIIyWDeG9+XkcaZqs5lns1I4kap1AeF9R2/8jFP424nFJDJ3swemc2Mg+kBtt/vh
TIOOeLaOWGp4dzCvSB0S6FXJWTpsP0B+xxgfa52g1eX0MJXMEM0SOkTsL6yN9B/3zw62njPtlzh+
I+JTm9IiwP3mpFQ/Ux3NvT++KxL3FXQmXv1vbVYX/DYncG/Q+eMZc1qcIar1NA6yIrLfUu9j5YXy
7IzJHTzx7NJMUKg3ItvjJqY4py+BqJ8vamdJ1laMzkf4ig7X9QTimVNO9VI+iIi3IeR/841eGZ0a
zNIYkjl3ZBsQemCxiLU2tipA8NupxlpYODvk4am9VS6xKpQWNrOT4b49a/AvBW5BnWcS6mjWmqlp
WjfyayEj2xM19MeAcyhnyOkp5jqUQhSbWJIBH9sWHKZpGjaJ78ydV+YwsPzz6bnn6+mBXYbDHL07
iixJNwL/ALYAcvp5eRwoB/TbljtjtuMQcB0G/mccVLbiw/riQwuBbe2DDfY3OKka4ZthYeuDarb6
sCGVh9IN/PBiwN7+fPFU4kG+2OA5W64tIBJGxwIZXFgeWLSjg1z9WOuASARbFpDqLtbe/pjRewz4
c+M+2jOoKbLYDDSM2lqqRfADblik2nu34YvgS4Q4F+RzieiWozij/ENW63HPmAeXTHrfhPs74ejp
rRUt2D6mmfbTsL3++O0x1wxbsTifjoUdO+WZXVXNOe7Vxsi+ptz/ANMVFaTOuJcxLVFdI6ubd49g
T7DGcq3hjtYcs4aamUxxr4WazMRcjflfzOLFlmShY1aSaHu+RuCb78iRyxztdJNJDLKOejq5EtJI
s7BQSSAAPa2JePLu+czJoGjwEbEr/XFOm6fUaKkR1KsbczvZTb9bYW1vURmOnpTK3R4zy++IaPqe
glCa4RvyYSJ+3ofXEjQLNoVI3dSRodCPqHkb9cWt1m2HcsBZSIKYSG4GoEhhtuCBtgFiKBo5pHhe
143QXA8/6bYWYeLE6q8NRCqNz1htjccxjqeqWSKJ5VBLnSHO63/piQK9YnkaWeNdSk22IJ/TCMii
okZJHtID4Q4Le3LmMCJoaclkamW5+pI+Q9vviNzLL6SSLRUMQzOO6lQkFT5NbocajFgFy+SlhK1F
O8llbvIy2zi3MeRHUYj6erpxqy+qoL3jITu4/DIt7ML8rjY+x9MbjFhrNkWWLmGYz5bRspKostMx
OhdI8DDyPNb+oxH1lRElVNlVPSy0phIl71l1I97Al/TUbffCId5pw/kWWzJPSrKrl1Mygak0tZSQ
eoBCk+18DNlFFm2fUdFmMJWalkk7lQx0ujW39g36HfbEhF4drHSphYR1E0BMdVGTfwql9Qv1tpx5
s7Z4m7ZuDaOUzmlzDLatpY3j+p3vYPbmD+Y2/Nq6HCP4YB2g5zWVHZvlXFFbQd7lXG1E0VSKZlWF
a4WYggDw6+6LekiA9TjAuzOtgoMozHs/4groKSB6gxiWSEPNFDJdXtEea2OsAeTje4xScG8qdWNm
HZdmeb8J57QMFMyxSrUDvI6rRukim4FwDcFfqV+e2LZ2Z5rQUVfWdjlTxHHTQcVmKvybP5j3MVPU
i5icE2CBiDGTe19QNxuKnbXOC+2rOezikTiHiHKarNeH61GfPuHqhXFbQPHpilka9j3iOVZJN7oy
Bt1Bbefhm4qzThLhSTijKM2zPMOFJCKmJqOPvYoqaTUNY03fSu4KHxx32LBSATngUv23DjXL8hbt
J7C+NRW5NUEzVeRVbFqSZidXfU5XcNpsxVbb3tZhY1fsn4szbtWyGbMslzPLarMstbW9BBN3tRG4
capoJImV3LLs8bqGuA2k731wp+3q3s4r1zjh2mzSkpFqYIoVVqinj1a2GxueYPmvMHFqo87ySHu5
4I6mnqPyPSI3eMeVr35fY4wYcSy5W+hquuuramJlBDMf+pSMK5nmOVVVIKONAxjS6pE2jV7aeeAm
Iqq+DJZ5aXMqekW92QAu4H/aBcf73xinEk2cZzxLUUFBwk9RIwIfNs2nVFgQ/lUEEoD5KPe+GB5b
+JP4Y+C63OKrNMsy/KEnmkMlTU0OioqJDfdy1RMARtzYqo22PLGFcffDtlWWcPRtmGVpRMiFRPRQ
LVVFWefeSSuqRwr/ANKK3pe++rNiJLsWyHI1zqkq+IuAswnkrLJSZrUU7S1AA56TINK7ggaFUD1O
PfXw2dn38Iof4tScITU8coZlesmZpQLbtpt9R68yPPfGK02rhzL80qKImCSWBGYLaHa467kbDFsy
ahmoaZaOKKljTkuonU/uSADgaiWp4aqOFIe/W43KxNqCW5XPL7DChzavzKZqGlzGCSaPnFGNIXbr
bYffEiiqYDarzNdRAVYqcnc+VyLYXWrlRDDSZeqSg2aUWJAB6k/0xA7y+lZW+drakNIW2QICw9MT
ECzTTNDJ3qKdwY9yvuMMFSNQopKeOWKpaotYMrm339MKRZpJB+FHPGlxYybMT/r74UTrZwyBi0La
NtRN1a/7jDGoqZYEVdCul7bm9vb0wI2rWp699Un1qQSV3B/TClHPHADS1Cxr5vY7bc8SOYJa/MWK
0TxTJCdlkIRh7EjBainy5KruquBiLXIDA/8A5DAjTNamCJilPr0g33ZWv9sRcmVxVTmpIdyTs2k2
P9sViOFgp6VfmlhBVfCO9uAD+2G9PxHHC7mCdmmPJENgo/35YtIjWyNWxvXZlE2kC4XfxkfucZ12
i9oGUcOUz1mYyCOMbClRS7ctuXL/AH0wybTzn8QXxjcL8HcOVOXVWafLDuu8MVJE0jC+w1H/ANxy
dlUCxPmBjyZxd8SVNm1RS512j8VVmU0uvTDTzktNEtrtpjXZHuALEg3O+2NX6jMTsfb1wDX5Xl2c
19W0OUTHvzFXMGeqVfCAUtYsT9l8ycWfs8+K7g/jOt/gOSRVmazx/TFT3mjplY/Qum2s7DmQB64x
xDrbfuAuKMwgyw0sI7yWQEmOrUa4wbbiIX028zbDjPY62rn/AOamcXsGaQm7H2HQeWKFS+OUoaua
iyinjVg0wDTaSG28xytyxlmadmlR2j9usub1WXj5agj0B5PCsajdiTipnTZsr4KocvpJJMvhYrIF
2k2NttyMax2fSvHQR0ytsyb6OS26YQuIzKozG5d2WmiGiyDcm9z+uK9xJwxPVZsauMDu5JAUQi+o
8rkffCjir4Tl+XlnzFR4Iz+G2xIvuvucQUfAz1WZvPNGWesDBSD/AJtwPtYYlUjNwVJllJBltWFD
0xAQjck2/ryxP0fDiCCGYxIHZQwZRc26j+mKxJ3IMqbLKqGSYBYQ3I7gg4mmyWHWYYiqbkg8hfoc
Q26ngNP4nBDX/T0vh49JJDUAupdGIu3oRhQDQOJ3hVjZxdW5DEFxDLNA4gV7ahZTexwiqXn5+Zop
6eOMCYXcRjk48/tjIeNePY8uyCs4YzmkSnZlIEtzYH+g5fzw/tSaee+P+MYEysyVMndzoxXvVctq
b19xsfa+PMfa/wBpmc6K3KCSpWZZDE9wQ/PUNuRAF/e+EyM2z+Ogq+6zN0lYay5l1clYXX7gm32x
XM07l27xLRBI7HuttfQ/+Mc70Uc9FHmE0SZc5bWAGQn6T/Y9Ma9lvZdq7NI+KYI0ElI9PU79V1uj
/wBDinelehuMOy6uzrtB/hbU7IlXA0oaPkj6Ta/uR++KPw/2d1cnFFfwtnDJTTiCR171b6mVbi3q
dv1xqjaiVVEgbvA/1CzFhbS3lhnLTmBrbG++xxkrVwVSPXSFxYMjDQLXu3THpP4O5s5zTi6pmpp7
RTy+M6r965IAP62wWcbF5fTXgnMJkyEPWqEnie5jt1vi3pWIsU2oAEWO3Le2FicR+e5lvc+m4wXa
wUm3THN3EQAbNvvztjiADb+uIOK6b6R645QANLNbEg2sbnr5YEDxbX22wSLbulr4Hf8Ay3Iwocar
WG3W2OGjne1+VsGjXWN/q28sdd15/qMQGJB8V/tjkFgXAA974j7FLG4P9cG5CwvflfCHFvD4Tf2w
vR0VRWyiGmgeRjyVBcnB0XoL4dvgj4m7QKmHO+MU+Xy9oRMIka7sCbC/lj6BdkXw98N8FZGtJT5e
wEGmNNAtckC32tjpjjrkZX02XKaXKeEKONKubu5SOpuf9i2IvibtClq3bJckT5ellY+OJrtIQOd7
Y1aJN1FUHCtdVusldAX1pcRk29Sf/OJ7Lsqh792liWdQe7SEJvvbHKu2Kx0GU6Y1iqYhHfwm3O99
r+eJzL6emoo2jMEp1AWd28JPQcsB7OqOWCSJoWOqTYDSxIU358txh2cvpaWrcs7q6keJxsp+43xI
vJIsVUIhUgMVukkIGlrncE/3w7yvL5JZi2mMlhbSrbja9/8ATEjqV+4q07iR1kLFX1Ldbevph1SU
kzmKupqxCXW5S5F9umFng8pqCYuTFLpUeJlJv3nv5EEYewJ3ndztdg4s+s2K9OvUYWaRkhenZoZk
1mPZnHUefrhSlpI4Y1ZDdZbu3QFv9fMYFvh0VLKJ3kWNGUMDZTfT+vLBZKWnmEivGxBBt3X1LY7E
euIGopy16qOtNRHYEaLB/vbn/PA5fSwTVLuFVnQ6rPzPv54oqWFA9QjSO/I6Ha+9jewt98RGe5DQ
ZdQmExyIpFwYT4kbVyH8/vjcYBS0E1DUzxVEyTd7qdpNNtY3IJHqAPviIznLcyo4pDS5jC080p0S
yi6hCq2Q/wDSSB9zfGoyRzfLa7iPIxm/Dk4p6+lVKkQTA6barSxsLbAgn774kKTI6jXHWljLAiF4
ZABqicaSAT5bffCv0acVSJVZmcwyZHSrKfNGMKQWVNjY2+pdViDzBtjzzx/2eVWXdqNZwXWVMiZZ
xOslbkmaUxsYawJraBjbqh1Lfyt64qpHlLiGXhnJF4l7Bs/p1pqGrJqaGKt8EuXVwsSFPWNm8Q6i
7jfnjzrkfCea8U8by5XWyzUszs1N802pWgluBE7D/LcA/wD3AeRuod8oPj1uK6XM6fs87Vspnpp8
onanaRru8UQYiRR0ZVIZlPkLcrYHiHvskpJuAuPYYEl4ZlPykkKXRo5GVmtfZo2uktr2tIxFtxgv
ZnS1ZJ20domdPT55QyNUVNCY0kzPu+85oVMNQLHUjxDTqINwLG9gRonw4cYZ9BnFRlnYJxHJlGZu
WlThjMZ9MMCvvKsLG6TQOAT3bcr7G/1AsemKfi2GIzZe2W1+Wy5pTK3ytCVOvTzSxIs0e5KFXIU3
64pVd2NdmlVn1b2hJxJNks9RLG8HyUUYkqwu7Rv3llWRXXbZTvcNjp65Y39Lv2EduvDdTxhVUGST
ZstdSPprYeIKOOklke+zOA9yLH6gDccseneHs8yyry+HPqimp6ZH2MzSPEobzAO+Maa0mKOtquJZ
FoYZDMyG2q5cE+eJE0AyuUho+8OizF7JYeQ++MNGk2Tx1Ne01HVymRQNcCn8KH/qIta/qftiCzal
4Ty2jepzCDu+/bu9cwDtUufIb7fYnDAziv7IqKl4qkzmLhWnlpZdDLSyxBQri51tdLHn0+5GGXbT
2X5bQ5dFn9NW06SIto9NPG7ar7kEiw9LKeu5OOk7ZvTPuyXsip817TKri3iTKZ5KqQAhQ7KqC3Ni
wDFvayi998b9wrkVQrQtk9E6siaRB3lozbqTzYjyBtjDbQMhyeqkjeXMqqVmQC0RuoQ+d9hbDo08
FXJHE8MMsd/qK/rc2Nz98Zsaxqco0poFWlSoZYb/AOESI9Z/thxSUWV0t6iWrWMPuI4/ET5+LlgJ
WXuaohII4ybXMrHWwHl5YUWGiy+hWapETixvpluzethf+WHtkpTJN3YeIWjY3tGf6HE1ldPVxwrL
KO6UtbxCwB9Te++EH0eX1Ers86Qt1BU/1wmsMU7uI4iHY2CMu/3tzGJDz0TxNr+UKXAKvDy38uRH
3vgiqJZTT1Tq7bDSLKV388SHn+VikWOCKPUvNjsP1wjWd/Cx7qlU9SCosR79fviQs+c6QUngAA3C
+Y68hiHrM4rCRIXPdtewBubdOmJCU8xzJ9CUwU8/EGJP2GHzQGSn7ioy6oiAGz+Y+5xJCVcVXWDu
jWfh+X5rDz+2OpXpMnIRG6f4a8yfMk8hg9pA8c8bZTQiefMc5Zk07Q048UnSwJ2Uepx4m+MD4yMn
7Po61aHMnlzMm0FHApeGFAv1OBYzMT0uqC12J5Y644ztl4U407TczqK6bjkZm2b5sD8xPmecyWpa
AyC4CKti77addlFvCgsLnIOMe1LNOMq1s4zyf5541WNDJGIo4UvdlijGyXPUC/nvjNpV412YVkIr
K1ahKIzbIAxjX032Jttzv549G9lPxXv2WZLQUvAnDdE82YAwRZfSaaaRGJsHbTdmPLxkjqB5jFhe
pOxPtYzmUrT8V1lPTxuwMlHlMyd47m3hZgWJN+lyfM42eXiejy6ikE6GKaaPwpKe9nYeh5Lgn7VU
mUvPxXlrT1n4slRpZU3Ruey+Z8zjXOEOxyhjy+q4pzAh553JWnvsw9cV7Po+zzhz5Ci0UtP49Wp3
PQcyMPeFqiKBEgE2gAePSeW/LGjV9yisolpPl6KIuXILyHkvpiUoqehNquRiZFa+kn9sTI9RksWa
SfNVUR0ySEFL4Vp8sp8plhkWLTFCdYLb3xIjVfJV66Xi1PG92tzN9/7YctQCjlWNJ/w5BqFjcC+N
CnVBTNFMaac61JuAfy38sSFTCaeRDFutrWB+nFoBkqlMGl1TWrBr3397Yd5nXiKgTuoQSANzthkR
KasjlpEMhUafECDbbyOK3xH3oljqIlUpq5c7YoFKzWUQ1k0FI7GWJu8Rm6jqPbpjG+3Wiy/OlaoM
MkAa6utjqU+vmMM4LzH2sZNleWZTmGR5kkskEYulTC5DFenvbY48x9o+cUeeZxLTNJ39TQpqSTrJ
CNrN6gnn1BwlS8zmo0oxRz0veMALEXuygdL7Yg82emeFZaeqScWsVtpZD5Hp98cyfdkPClTxpx3S
5LTA+Lfu+ew3x7s4H7Fcpn7NIuHa6mMhenBY6d7MCG+4Njgnay+jDiPsSqIMjouMKJLS0tQKORgd
5Au4ufXxDFR7VuxiThTjWl4u4cyuV3p4EqyvWRLjWLf9rH9MdIw829vXCOW5R2i5vU5TH3NNUOtV
BCFujErdlB9z++M6zbIp8tqYjIQBNGkygA7q4uP0O2M2NRZ+E6OsoKH5taYlVUOD0Fja/wBibY9l
/wDp39nMmbR5lmq0UZVKxIgw3KkqJL39NNvvjN3rTNfQHLcokopmjmhVjMu5JuL2H9sSlTJJPlrx
QMgZYLkW5gH/AExoPz9afFuf9cAw3uV9r44uxNk68vXywVh/1WIOEuYEHl+mA7tnNgw36eeKAcIC
D4r2wKx9Di2NDiJSfEefn0wBXxWtiIFBvdTsN7YBgAdXn0OI2hAUnA36ve56YgMoO/TyvgD4Sd+e
+BC6bk2HP98Co6FQMIie4I7PeJ+PcwXK+G8skqJCQCRyW5sLnHtL4Uvgmy7h0pn/ABPGZMxKqpWQ
XWI/mtbyw4zdPUeyOzvsqy3hzJaWmYQm+ookdgW67+nK2L3mlZlvCtOlbmSJJUSiwjXkpty9/XHX
plUc4zKoz4rImYMHIuJAhCIb/SL8x64TgSjj0PM0YdOci31X62OOVu3XGaSArYoIxVRzOCB/75Oo
e/pbkbYm8k4gSphlFRTPH8qb95PszXsQRbmMWtDaw5dWnOwmmeJBLcayLg+Vz/XniyvRZhMsigtU
LDGoYabEm3L7WxmxqWQ8y7uZ4WkkQLKEshXkpPT/AGeeJLwVccCTKxWQlQwO2w/nfE0aGhloaT5d
o5NSHTrA1bWvsR0thzlNFLDMtQ0LpFKpAeRSQCBcbYRamaR3ajSeaiKiS92j3AIP62wpRRUlRogj
gstiwUmxU9bHyOFnR3TxfKkPJGzAG7Ai+kHlg0NHLOjqVUrMpkWWNt7jp+mAUWFZZKmKGQ9yxS5L
jmBhWvjaQRRx7OCwuPCDviXQKi8Vd30ws2jQSDbUwP77YaK80dXdJwy7iRm5eh/liA2X0iQB1SMr
cd4SpuN+t8LzFkmkqIGZnA5ycwNhY+e/88SOIKZXqRUSSkkC62/MRtv6YNUrFW0KVOo3AKsmmxFt
hjUZsMaqiRpRQ1CrrmiZfmEN7AdbYguITRTVElHAjrMI4iCp8TcxuLcuWNRmgpMxpeGcvlzOrLLr
qPlZYrD6GICt+rC4w5yd6rL5WpKmmkXTOyywXso02sRt5FSPc40DPOsrhzHMopZo1pq6hZpYHIIU
h/CSw6izAMPIA9BiidoHCNccuqab5h6GeGsirKKsKazRzqbwsL81+tGHVb+eH9J4U+JbgeHtC44f
iLPMoipPmqc0desBKyUMlyodfOWF0vpO7xKedr4868Q8FcUZ7kua5DMJYeMOFpi1VBTMb18SE6pU
5XZRocDe6EEbrg96Kr57nqdpvDEPEnF3eU3EGURLTSzvdjmdMb93OWP/ALqGyn/Mmk7lTdbiqbLO
07ssoqqon+YzvIYPl5podKiupAxCX82i1Abi+hx/lwb1ReOkP2O8VcZUnE9LBwpWxR5lR0wo6Snh
gVVzFAwYwysSNR07A7G4Xe9jjTOz3iXh3LOKq/j/AIZvVw0UZkqMhcBp8uLuC8kK7E6ZPEw8JAbU
CrA4pPRvHLWsn+K7IO0GioaWXgJc3ocwRGmyapkSPMEnBt31NIrqsukqbAskyXA5WOJXtcm7LOKM
hm/i9GtEualKWop8zMlPPMSLDvSF8Mq8xrVr9GHM6nLOtMfj4w7OuBMtn4dyXids2hyxjHFT5nmE
eYO4Y27uM90s8JW+6NdfIG+Nd7Lfi+p+zakoslouI6NoIkAGXwOTPBfYfimDe5sBr0noTjF+i9Yd
j/bw+d08EWZ580lVVsVjyymkjeo2OxYhfAOlgb42LLY1rKU1FdRmIkgLDq1tfyvzP3wNIfjbiTL+
GOHqvMc2vSUkdwSpJJbzNubemMr4U7WabhbiWTijiDI6x7qRDUZkyxxUoIuFGoXD2tew26nFBUd2
o/Evk1a1JluW5/FV1WY+ENTyM9yd7eHcgDqfDtisZV24dmVBxnFTcRcXqlZArK1RVSOhYk7AG5uL
8gqj+uNVRqPDeecO5plsmccJSaoXYSyTlBGJHO2/Ug+pvi/8L08jwx1nEGXd27J+GKFbyuPMsT4R
6YyknSZbStVs9O00T6bn52RpA2/33+2LBH3S0iU2XAh4zZzpIRPW/PE1DmLQ8qnv2kVR4u9uUUef
p+uHdL8nIGMOYxkb+JYxL9wDsPfB2SCUMEdZIazPnkDtqVVjDH/8NsSWWvlInV6fLQpHNmW5H/xJ
xKpJqETslUZJVVN7gBD6eeH1Nl901yQ1Tqu+uWTa/phZDRokPhaujRS3hUkA/rh7DNSuxaKtpjY2
DNsV/wB+uJCTVNZbQyKQP/cV9P8AL+2BgonqAXmnS/IAC5PmcSJzZXTx6m/iC96/hIa4P6YQMUJB
7qdLhReIvbfzBxI0loYVJlaYA8tLPa338sDImXxxWc07P9WlpRbEjmmFSU+a/wCWiQbC7X/kCcMq
7NI5GaDMpGfT9JRDt9yMQQ2Y5o0UGqmoLKdgzTWBPTa2Mv7SuMc+o0neDNIYe8Rl7/SXIt5ef2t7
41JsV5x7S+1uuy+lqKvPeJJYaIXVKieoWOWTY/k6389lXmS1rY8b59xn2f8AFdfm/FfGVBWQ8OUF
Q/eTGZu7nkK/RqvrmcgX8OwFhdBjd4moJzy87dp3HVLx1VyZnmGaPQ8PROf4dw5RMpdtNlBYDZSd
7yPdjuBfFKzniqesiGW0WT0dBTIBanpIyGbbcs7Esx+9vTHO9tozMs2zLMxF/EMzlmES6ER3JESj
oByH2xKcF5/luSzs+YZVJVkuCkSyFB66rDUwI2tcDAns74Yu0rPM2loYqHJMuyyStiYU+VZPSqJ5
FFwXZ2JZVsv1Er749J8OZVNXqZZKtqseHx6iUQeWu3jP/b4R5nGf4SUp8libtMymjkdYFiGoIo30
jy8hv749E5RAmXcPKzNexNkxX/Y+lb4trMwmh0xnSpvt1P28sIcG6JII1kIaRmOrVtsDjRrScnmp
1pHy+l02RdbaeVz64c5fRLRziWonOuRSVW/K5xBKxVVUiJRwgm5+o/lx2bUZrJlpHc6IgSz+WIE6
SCCkYgsNLrfUf5/yw+7rL2mipUVQrWt5jrjYtGnCwViRObkXAcbXHTE5BFS1MAMjg+HkeR/1xdMq
9xRVpQSiSkYNoIJv1HUfphxJUzzUqSROugqDpvewwg0zsmDKO8jG258BO2IiGufMMsXvSLWuljYt
bmPfEVezXJYqeOaVJiJfqSUmxHpblY9ceZ+3DjrNsprJNQHfIbS073sRfY38sUM5ecO03tFqqnOK
vRTxTd7T64svcELKRs6A+djy++PMVTlzUWe1md5fU/gujPExbUQp5o3kR/TF6PpWZ6urqqpcxiY7
vrsmxBHUYYzv3FQcyidUk3OhluknmvpjJbf8AfAH/FHaNLxCYVHykelVY7eI2JHtj6E8N8LUicNU
MwpbVMZKOf5beRGMzmjKlM+4FpsmpZconhUwtMlVcrfVG+xH2Y74oXHWVTNluRcRxwxzVlDUjL6l
LHTIgLI4PoVscdJGa84fEJ2fZGeKKbLZ6PRTwTSSRzFdV1AuAR5WZh/8cedOPuDKnIeM8ty6um7y
mraFJY2b6e7JY7ex/lhvS3yaZWKuOVMsqZ/Al4tC3s9jf97Y+i3/AKcGVLwj2e5dl1fToWzOaWpl
0G5VbaV36/TjnlOTensSlhoopYZaklo4wQFv1IxC5txJT0zNTU7X1JpN/XGozXwVFiOW/PnghQG3
98ed3FMfmxwDRi2o7ehwhxS5uT++ACqN7bdRiTluTfffCgXcbcsXSgdN/pJ9xgNPmOeJaARY3BG+
CmNtWq9/W+FUYX0/VfAovS979L4kMqWPO/lfBdO/O3pzxKjd0XIVL40DsT7BeI+1TiGnpY6GWKiZ
vHUkWAHkPXF2pHu3sJ+HHK+Cqano8u4fiRYmJJceJzbck/p+mPRvZ3wM2XqmuD8F9mlFgSep5emO
smmdrXV8XcN8OTNSNAamSNCY9gpLWtufLFS4n4hqeJZ/m6qfRGBfTELAHrv198Yyy4bwx3TWgzeC
jjKprA6agW0r/L/zhOu43oIUgtE0a1D6TPfSU3tex2tcDngx5ay4uiFTWZfVyGeSseHXdGdvCQbk
XBubgkddt8T+USzR1aombNJRyKxvHdGjWx3B9DvYjG7HFfeGKqP5F6ilqO8kUqvisuo3tc7bm3MY
uFJmU9O+qVkkWa1nW5KnyIHMc98ZsalTOXQ0NPlUUNDKX1MQCdzdjchiffDpcujmDUquSbBkZTax
57H7Wwa9OkoZMmYJU1VLXOslSoLKWBsfK3n/AK4Wy1IUSBTVKT+XWSL7WA363wHs80VcQcRz6LAS
FLmxPI2I5Yd0EUtQDE7PHKCQqhgBqHL9R+uHpgZzWUrRPMCpnuDp3UEdD5X6YPJpSOJmIjJ2KkX3
8jiRd6GIGCOFyVdLI43sR0vy9vvgxp2ErRnR+GpYAg2Itv8ArgRpWUEEcb0zQq3iCiIMb+hv5/2w
KwTTVMUUqg6mJF257bi3ncdcR3AZYqyNJDMdJGtFRDtpvcEj7EYf01BBEqtVESEErrbY2vcftbf0
GKArHSmaiaOCn1OzXJbmN9icA2XPK14hJoFyb9PMeR9sbZroMs01CwMytZDoZOanz39MRFXl8kEk
NTIpdGJB7sbqd7D2IviBtLwtTZrLLNXlKiOHVG0Y+gxkFl1etja+F68x1lPGjwkFvEs0h8JAWzLf
oQL/AKDG2eiUzUMVGkuc1eumkKD5okFQSdIufJr2xGcW8ORzZVW8P53eehmJiRw1p0VhcG/mpvY+
1+uIPOXxD/C9LPnFZFmnGLiLi3L4aaSsT8NKfMYtPylXqH0ufCjdPELHe2PA3b/lHHmVcY0HHEf8
RyupqJYqefM2TSKOugdkaKXSLKdYuDyKyDmMFmmsbtSu0Pg8PS5ZnVDmArKHO1dMwoUgEb5fU30T
RugAsVYqwI8N2xR8s4NzzhuNM1y7MlWjqZVUGQkiIsp0yMN7I1iL8iCd8Gvaic7MOFYZap0zijnY
MDIRRt+NR1CEWmhC8wDa/oQemNom7OavOOKsj+ImOegoq6aY0Vdl6MYxUy2vIquBZHlV9YWTwnVI
t7acXUN7Y58RXYdmPZv2nzZDSvB/D8ybvcvzKjYpFUJe2mRdwJUJ0tex5Eje+FOEO0Dt37NoJeCu
1jKZK3hqdQssmdUklQkEd/CyVKAugG1vqX0Iw5XV4Zk45NeLuDewOveeWmXOM8zF2eojq8jmp+9i
jO6DSWaORBY/SEfoRhDh3tP7JMrposkyDswrxNSSB3kfM6qCWoOxLtBrKh9gL6itvyjBrfJfRD4T
O0vO+IuGqanyjg2DLoIrAUtT4ZmY2+kjUp67kk+2PTcM/Ez5H8vUxxUjuLd2GAIHncbn2GMlmXaz
meccEBMwYpMKeNrVVQ5tvsWW2+w6KLk23x4O7eviG4iyftUkzriVKaTh+llMdHkzQvUVGYPa5Gn6
dQIuQeV/Eb7Y1Ogwbtr+L7tc7Zcy+ars/XhzJqdh3GXUDkSnSQdLhNN/+3wr5XO+E/hw7acjyLOa
jiftEqeJqiL5jvniyuSKmp2LdZJ2BYXsBYMDblgqnD6a/D38UHB3F3CdDV8MmmiUpaHLqCQzeED/
ADtYG3LfryvjdODM7bNKKR6zKalXva9W/dpv5kE/pi2tLTQ5TUVitJVZrHYW7qKFigPpzOJOkEdC
xizFliUbhYR429yeeCtQon/C1XOtbJENCcl71jv56RYYdjNaWWDRBRBkbYyiFmIHliPNOqfK2lF6
KKZATpLHwKB5WIviWoaIUq91NPECAPDqJLehwipKWRu9RIYjEpG3M6sGFYsTtHUVoVV3UFdyPtiB
PL3VZgI6gBHHhZ+W/ocSE2V0FXThX0iVSRdU0sR9vXEjWkyymhKuZGAN1JcEEenUYcQVk0AmpQr7
8ho/bbEjUzzd6rTsF0H6iAfthComklq1Semi6/iFSoP35Yka1+ZJc0qU3S4RzYkeh8sDR/LrTrK0
CRAj8wvq9tsCI1ucKr/KwZTG7flYk7/tiMlWrdDWlwgBuyFgLfY74QrvFeZ1c8LQ95EIVsWWDxM3
WxOMM7a8yzOlkkizPMYqWHSSlO9jK+w0jYatN/tjpjGby8QdvFRwFk3F6Zvx0Zc4q4SSKfOZrRhQ
NzbdbA7AehNseP8AtV7Tc27RM6FbXziOjpbxU2Xw+COFLnZRyF+Zbriz4OKjEtRyiqdmGltQjU2I
/thg8jEmW99W1mPLHNom7G99O59cXXsl7Os54nFVxR8xHTZdQELPWyTRwojHcAu+wG3S56AHFTNP
XfwfcDVUmXyZtAz/ACNS5M2YU9OYIarSNJAmkAZkHmqi/LHs7s8ywZjQ/wAbzZYIcry+PQJGuino
NzuefQYJBVPi42yvij4hMsgySjCUUTFRKRp74jaw9BbHpmkqkGTPI1Mupb8+QPkMN/2XUU3iHiCg
ijkoAwaqmPjk5n2Hphnkc8VN4pKkFuVgdzv/AD3xLbQ8nq5A4ioYCsdhrfyxYKmrp4IVaFu8cGy2
8sSL0M08R+cqmXUnQjnhGszYqxprXDXlkdTsPIfbDEPU1neZfJX27tlUoqKL6h/4xHvneqmXvU8S
lVAY2LDnscbYOn4mQE9+WsWAPUofP2xODP4VoW7mde8B8S35X5HAtIXNM0pm2qmF131XxFQ56mXl
kknEkLrdRq3H9hhqkIZXx9TSVTZBWzeJryRKOq9fv6YfQVtDNAYo5CsWu6qSLqetsGzox4iKxIaa
s1AFSWKbkDzGPMPxEZXS5jXNR3jkldtMVUDZnvyU+v8AbGpA8gdq8RizlKR6oCYsCZJARpINu923
tcC9uR39MYVxNPX5ZxNJNHTKjwswlple1j1t5r18rHFY0rWaGb5djTUndK0hDsh8HmBa3hPviO+U
kr9KxyhX1aWjsdvUeYxzL3v/AOnj2aJlXCK1E9Iney3ZywsSDa38sexsr4eWA0zmMCKUgW8iP9P5
YzizQcWUkObRhFpSXiDR3G23l+2KN/BoZ5npKyBSsrgaDt4gLFvvtjqy87/FtwVS55kWdz0jLDVZ
bAe5kjNhbSbi/nbHmXtUpqHMHj4YnqA1dk9PD8nMuwkXuV71P/uu3vfGtHe4hOyjg1eIc4raqplm
kXLok7k6djIzAWPpYtj6U/B7wpRZPwdw88qMoRWBDc9yTz/+X7Y5XtW74egs1cJEvy8Nr/R6m/8A
bFUrq6m0TVlboBjARD/ma17X+2NyM7fC42I2IwHh1cufkMeV6AOoYFr8uuChB9+VycanQoSu91t6
YC2xJuNsSCBY2HXBlWxNzuN8SjrXvy87eeAIsfp5YCIQDyOO523vfEtO1WFrYMABdiLHz88K0GzL
uPtfB4IHqHCotyeSjFtabl8NvwncVceZrScS59lMyZarau7K2abyAvj3f2X9h2W8KUVLSUeTQqUJ
06R9J2udsdMcdcjL6bbknAdBlaK9RSsgQaSXJA5bn2w4r+Isl4cpTQUgjqXDjeNttIHn97YbdCTa
tVlRLXVD1tSIBr8QWPbT1Av6Yic6zZqFppZ2HekavxPET1P2xjuun+sQi569ZXLSQwMt0+ZDqrFF
0mwUqQAb3I2O1vbD2eqyKWabI4qijr9SB3iqFBBa2wCjpfz9Ma1pyyu6rWY8YQ0/GcyvlzCKojIV
W1K8oXfwrsW3PIDmPXFr4D48p877qv4VqWnlglYzJEuuOqQbAgHdHN9729fSTQeEHzCszeWTJKlI
AAXmirXukuwN1INgQdrjy5bYvfDsyVUdPJUU5ilMZI/EBBtbkRzHtfzwhd8lSndEo2sokNllHiB2
viZpVUyqndMqsQrldhuP74zXSEbVKZiwmeMwhjL3oXUVa4/e2Fqfu4fwF0zR3NyVGuMk7W9L7Yy0
dSU9VFCBVEBEOtCpF7db+mFMsSncvIkbd2wH4hHiBvz9cMF/RSrnamBMkeoE6jqBFx6YVMEko+Zg
0OhQmTQTf/UYqCifMJTpJQQKFkcHu0PhNxewHTCkneMWd0B8QZAWsyg8/cYtISQUNRoqo5W7w3JG
m97eZ8sElp9cavLCEjZdwxNzvbY+mAFY4IK6okpY5QPFYiM79D+thhxVzQJF8vM+ymwdTsSNhhiO
aCISUTytdXDDRp2vbr++DIaiKE1yX0I41hjsDex3Pv8AtjQDmEUC1UNRJK6lGKFiOX6dCMM6Kmkp
Jmc1AlhdyADuCDyBxA1armoMxSAUqrTTKUeWM+KJgbrcfthpmlLPSzSRUxWdWUywwk/4v+dPfkQf
fGoLCWUwJPlKZVl9IHgQH8GU3IFxYHzFiR6EYWMD1eXGmpLO8Tq+qSxKIpuQw6m119QcLNQ/EmQ5
DxHSHK5Z1kiDrUUveJcaeWkjqoJtvyIHpjzz21fDbl+YdoE8L0MTZZndOxllrDqSW9w0Lnaw5GNu
asqjlhi/TzL24/BZxPHnFVVcGMmZ9+kFatPNcT1EsKWUsgtd2hsHsSHCsRuLY88ZN2W57n+RRxZP
QtQZzw7M4DuxbRTyEs0EpsQ/dvflzSS9vCbGWPs43fDYvhF4J4PzXMKnhzizhE0HEmT5iZVp4YgJ
rGMENETtIhA8SG9x9N72xrHFvw50GZ5Vmz9n1VRZiklMzxZDXF43q4Yw14NVrd7HqPdSEgkHSb2v
gkN4ea8x7Z+FMqoW7NO02uXJY45xHSTTU7tURxgWDOCGUgbobg7cxybGb59lfG/ZpUSZ12R9oOb5
RkVSUajKv8xltajXDrpDNEB1G997EA4e+KLddI7iPivtS4Uq2qm4ao88VYie7paFE0E2N2jCsrCx
F9BU+YBxD0Gf0XaFXis4u7B40lpnUvBlsFT81U3I2QWI2AP1EDp1wb0ZHsj4RKHj7iWjiqsp4aHC
tM73oqKZYO/NtjdUF1Ww5NbHsbg0ZnQ5NJDmdeJqwABp5JWYM3+UAj/TGLeWqzr4gs/4vpIHgyVj
mddMrWoKRNXdKF/9x25L52sPXfHhP42O1KLJOE4OGI/4Y+dTwmJ5cipgska33XvtN9F9tClRfocb
jF08gwcH8QZurQfxGmhKm4oZJWaZ2PQQorNf7DEjkPZ9xtl2dUIzulqcpgMoWKrzVGp4YievjF//
AMcZafS/4J+FqPPKahy/+G0tS0DiT5ilpmWF15BrSaWJJ3vYk36Y9q5bQJrWKaSCNYjp0FvpI8h/
5xJY6HJ0qUKplUtSvL5gOEIPtpth78vDRkq0JY2GqOP8Qj7YGhjFlchWVYZt+qoq29ThzBHmMad5
R5KTGSfG5ucKOYZc0gZEqokNjZFbUxH2O2JKPNI4VKVlOwkuLNGVKn7YmRKzMpkQkxd2hOzhNvX/
AGMRVfxBlkciMrSoosXeFrsftgqS1PxdkFPQaqHN0kBG8ci2P6WtiWyXiBc5pO4jWOWwBDIfEn2/
qMUqSVNS1BIpyzg2voYm2CwUzU8xvTyRspuHV7hsKEr6xWBVnLLbZQtiT6354Y16wxsgIjTV+UKb
H+mJBSmoKSAztAJCDuNP+9sRlbWVFSm0kEcMWwEjWIHt1xB0sdFTQXarikJ+ld7j7j++K5xDncdM
vy3dBdQ1JISSMakCi8bcSZ1PlVRlvD2ZsZ5EOpu70qi2PqPLHj7tW4Z+IvMZe94dgqJoIpDqq4x3
YQWIJ3Cs1uf7Y6emfbxl2/difE/DrVPF/ab2n0ZlYaYMvnnerrXAPWNLpGLf5m2xgOcrJpSKhitJ
Oos5ILNc7DYWX2xzybEzaLh7I6c0MVTHmmZneasYk00B6og/9xvNz4fIHniEqYKoxirmiARydLWC
6vOwxklOHzlUWaR1Ocwd9TxnU8BcoJrb6dQ3AO3LF54Wz2fj7O6Dh+bJnrY6NGFNRmbu6ekjALX6
LGvPU538ydsSe2Pg/bM+0XM4Ur84FZJTRd3S5dl0LfK00IAAYA/4cfkzDW1jawOPU3HdNScM8ILQ
1Lq8hdbO5Kxn03JAHPYXJwY9hjUGfT5f2rZNncgiv3oUJSKQgufXmdumPQ3FPazlNHkpy+GtEMjC
7ux+kYf+4qdw5xtQZjSmumOqSRiIwTYkdCB5WxYeBqpa2dq6EB9D6Qb7arc/e2HYabkbzzxd3JZB
cER3tt6nEtk8lFrec1BbUxJCclUf36YCkhU99Sd1G4UEWIHPfpiPzaeCeiekp5CkjAGVyN1Hlhgp
vnecyw0arDJtIw0KPM9cI5lUPUUcIUqspXVq5EnG2VW4i45qcup5amU6Ujs+lm3IH1X9rHDFu1WP
5uKajrX+XnFxJYsALcj/ADGDRHzztDo5KQ1UVcJpKT64Q17o22of5hhjDxvl6utcalw8Bu8bGwZW
529jY+xw9hC8S8WwvxD8xlTroIEoZWOpfP8Alv74n6XjiioIY6harvI6j83Mg9D+uC96jUHPaKc/
jam77u6inPdsr819PVT0Pl7YxTtyo4M2SqraWr0Ovgkp3Ok6hyIPS52v0OGdj08c9qtDWZjm0tBN
LNLI0omSVmIlpmPXbztpPrbGUcUNHnlR31ayrmtJ4JJVBUVMfIEj8p6HDeUr+YU9dlVQKimhDAt3
Rhv+x6MD06Yf8BcLycR54lLFTrCZns1PvYEeQO4O2Od4a7fSL4TuHGyPKYURDZUVtvS2PTVNkEbZ
fFTa7X3V+drHnjODN7VrjCSTK6wz2Kpqu4HqbbDzxS+M6vLaajkzDvjE8D/k6r1b32x1Z6eW/iI4
9y98vznLlqtSVxchFNmMYYA//jc48i8aZnOnEs+ZVpa5mUIWO4AvfljWXRjffgx7Lf8AibLp8yfL
9UWY1asu5skaKWa49CwGPoHwRkVNw7lUVLTstoEUBQOWoA7Y4zmq36TXFPFEeWZHLmjOwWn/AAgW
5eFNTH+WMm4r7QpMt7LcgqNSS1GYyRv4TvawNz+px2m9M6fHwumgXNvQ4As1+ePI9E4cpY23sPfH
cm1G3688PScNNvXoMArAG223U4AOOV77XwIRjex/U88DUm3Mu256YLo6H+eEyO7oqLc7YDui1rH9
cG2vjy4QhTfp64EAN0NzhGjrLMqrs2rY6HLqSSaWQ2VIwSWPtj1t8LfwQvWNQ8QcZUJkqJSCtPsR
HuCCR1ONYzdWV+L3R2c9h0eSUa/LUgSlhBXuzyXzxdYxw/wfSyT01KlWbAEC4CtzK8v5Y63iOU5Q
uecScQ8QAvX05hTSdABsLX6j288Q+YVuUQxiSOYAWu7setudscrd13mMxilZjx8tXmwpkrEZ50JV
AdrE2vfryxC5hn+ZZjrSelcELYLNCSrKSCVJBIuNJ6+YxuRxyqkcZdt8HD4rjNXPR0VKupKMzalV
W3DhfUry6X9CMZVmvxNcV5BBU55wtGlYvcSTUutg0cwU2ZorXOoAtqQja1+WJmQw7Ju2us4qzunq
q7PcvpKOKWUw5ZXTPGfEPCy67hkexBUbKyki22PTPBuaZrUUcXGPZVQolbmUSyIjvotJEx7yJ2Hh
IIJBIHriV4bZwTTZ8y02YcR0a06PGWlWPSwEhsWjuv12vsedtsablMlNU1Xz0kMcdPTR92sesaNy
bOPW4AtjUCe4drCgjqpqaOCJpdGoNfexIt/bFrhpZ3PyKVTd5Mx+o+GwFxa2M2NYu+Xr2ml1MO7k
cC9/pP5r/wBPTBBSKK1pHdiJXEYWIEqNrkm3mMZ06H3zbLA7iciwGgHmwJ5E253tiRFFFTkLGFWR
wS0B2tf/AH0w9snFUtTAyvLOzKvi1EdLfTjo4oyBVUiBO8HiC3uvnt5YKDikIihmgYqTCqtdTYmx
ve9sNKZatyq1hEfeJ3vdte6nVzB9uhxE6WEJA1E0SKCx/Ej8ieYw3ekM9AtLJU7KDoYHkQev98Wg
XySmjlidIdPeRsy89/S+FYYw9qSWQXj1DTpuBY7H+WFHME8iKIQB4AQr9Nz19L7YVqKWRGlgnBLc
z4rhr+YxARyIqbuG3soS+9yL8ifMYc01HSxw/LSxRqW5yE3AJGx++EGWY5ciU0ixqO9lUsGbdScM
IcuFM1PUgaTFcCI78+u/Ijl7HCjeGjqcmzQ5oaoCidjzW1ww5ehBwzyqOkqaoyUsxaV2NlUlCF6m
3l+oucaZSkPDtNTZI0Esjy9w+pFawdAdiL9bjmOtsUrPgzVySVi/MUDMKaqpBGSYb7LOp5lDcA23
U74RrlCcc9imR8UQx5nlUj/O5cl4pZFvLACfEnQOhuxtsQTe4OM3r/hPos141qc2vSpJWr3VdRiN
o1zG1zHMD+SZd9+u9xfcy6prxD8JUfDfE9FxvlVD/wA7DTfLVQii1LWQrYp4eaMttmXcbdLYpHa9
lOf0mXrx3w3SmjpYKzRUU0s5Wjla+kukw/8A2ebe9n8BJuHHWO+Xnftulz3iXiafLuPez3L80y51
CVWf1WVmSFktqX5yOK81PML7SxMUceIG2xxvtj7AeP8AhnhmDjbsLrYEy6ojZnyKjqYJ4qlerI6k
LUW/yvGsg6q3PGamI8N8bcQ0GaxZZmGZycMyJKyv83RNJTgkXsyFGdNwBsNvS2NP4e7afiH4WyhK
Thjj/Ja/JhG8Rhocwp6iNEc3YiKYrMvnbULdLYuqZHon4Tu0WhzDM6eXMeMsxTv1WKSmWGOhpVsN
2BjLvZupL3PkMe3eEKfhWjyNJcql7ydkLNLE27dNyRy9iMY9tViPxHUnHnD/AA3mydluT01NJW3E
/E2YTGoVrXJRYgLEAdNl9b74+afbDxHntfm1Q+e9qeUV8tMWj+Up8mEl13OosBa9+hOkeuNdM9s9
PajxbXpFkFPxTJldGh1moqpGhiUi97R06gWN+oY7c8XDsZyWfjHtAyykfKMhzNXks9R/CnDKVI8T
yEM6g/5nUDAn1F+F2j4fy/Ikhpc1y+tluVkSkp1kWmN+QnuSR63v6Y9F5Ii/IKtSlLCAw/GlSxb1
uTiKx0FGjoHlmicg28CGNZPYjl++H38by6lT5Y0xWRtiwJLDy8XXBpECwzF2VKfuzf6o3YMfe2x/
TDp0zOn0JWTNYiweNgw++EpXKclcuizUWtSLhg19XuL7YeNQpHfTPEyHcRlTqb0xAyzClrmp3oYq
URgrqCsG/kdsQFdkFXHMX/hwMmmzRtyB9+X2wpWMy4YzySraso4xG5NmiYmzD0/0xJ8N0nENLUao
hq0G7RhjG4Plvt+++Od74anS98OcR1uZf8tUVLJILH8fwSqfK/XEy9dVJKqVlQJbA3TuwGP3tv74
1GSL1KSyLI8Eo1Dbw7D9eWG9ZPUSRGRKl3F9yFNlt09MKMo0mrJUnZWGjcSyttfy26YUq/nkZgxB
AF+7jIKj+uIIaSaoZGgM7qoB8KHSbfrY4iaqijqlajiGZTSMLKCUNvPY32xqCs77Qcui4ay+orKn
iKkyOJls0kzapplvYjQm1/tbHmzth4+kyPJ5aThziDJJ5zIwjkzmRg2o8iKePxSX9dsdIz28RfFD
DxzHmc2Y9o/ErVVRXgslJK8cTBejrAptHGLHxNcm3XHnLNK6SslvPUIkMY7sMV8Kc+Sjck+ftjGX
Lc4QIeVH76lY94GvqHMet8JSRPERrIJ5Eg738sYI1LTq9UEldkX8xUXKj2xu3Yr2XcSdtmZ0nZfw
Rw4mRZFVVCfM1FT46mtKi95pbAm19QjUBQLe5LdGPp92O9h/Bnw3dmlJkWURRGsexcEEPVPYbvbc
9AB0Fhivdo2bVOZ8Q/LZs6zTUgBlVzaOnB30LbYbf63w4zUDLOO81jy/tBynN6iH/k4nvCqrYA22
a3l138r4qPar8TOT5BxC9BXzNKQEVNBud/qYjyxa/wAjOk1w12xacrWNKpoXrQQsjsAEjvawHQ+G
3vjWOxni2RauRs4zF6elUjSTza/O3vbFQ2jK+K8srJaeGmqXJY94Y2bxMPW3UjFvyvMgtI1JTxmx
b8RgOZPl7YROE7l9VFlcbSyFXlY+EHko8xhDPY46KmMs6gpMpYuT9QwyFSKniuKkaFaufZmXSh/L
fb+mO4k4zgoTRyVjFTfS0t9hfkR+mGBnnaFxNHHn4gzB0FLUx6hIdlY8mXla/XGfZpxh/wAHrLQT
1jT5fAnexNC2owpe55b+Dn6j2xrTKNru0+vyunqhUmEVVMFmpnQnRVQnc2I5gqd/UDHN2qRZrSQt
RVh76IieltZhURNzQ+ovbFeF2Y1/aOK9WqKESmSO7FL6SSPqUjz2uLe2HuS9qctcqU9YVEciAiGN
rBT/AJreRHQeYwa9tfpa4s/zHPUp6mCNVqIW7tJ0379Ogaw5jEdx1mGWZ/lctZUUjmdI+5mKmz+R
9Of72wa5Tz1xv2c1eYd3m0WqqChjDWReBpByZDzswAvpPljE+1HgiooMx/ieVUzTmRCZVK6L781I
3B3uR035gjGmarmTZPl8yLQZxOsIt4XkBKxqT9LjyJ5MORxonZD2c1y8YpX1cVogQYZUYsX9z126
4xn01H0N7CeD6ilyClr4Gvr0RkH81zuMbNkUaRRU0dU9iSYlbnY9L/pjOIqocfz0yVQqHkSRmZwY
uVmB6+otjzf289plFw7wcaqrrmWx7vSv+Yk7keVh++O8m6x08MdrvaVWcS5zPXjOfw5UURRA2Kgq
NQ/n+uKvScM5znkuXTNOO9rCO4iO7Pc2G3mbE4xk3H0I+DXhFOzrspkglhD1MiJSxTHmGJDOP749
IwSRUeXQSb6xYvf0BAH7YzjOBWM/FL2pxcKcINlonMfzLSxszkg630otve+MY7Xu0/LOHeEsryiK
dmfKMuqJ4yGNiwgKi5/7mGOv1GY+eqiwvc4EqdutseN6dacU0KbXwUpv9VrDriWhlDAm37YMIt9z
9gcGz8Syxm1mHPqMG7odeRH6Yzt0mIvdXG2OFMr7G49MVumphscUwO7X9sCafSCbYNt/Em0Zvctv
64dZNkc+c18dBAGu5t4ELkfYb41tjT2p8JvwdU2WwUedZ9lPeV7N3iysDZFPltz98e4uzTsry/hm
kElYiOl95Qv03GO+OOo8+d3UxnvGByWJctyqSLQt2kLXJI6ADzxWzm89VTyNG3dhn1kIh1EHqT9s
Zyy9N+PHfJlWZhTxzLI85LOPAytYkdQf0xnXaAUrEmWizKVHVroQCQRex3HlgnKzulQzPPKPJssk
r89yh6loir/MQyN3ekLzAPiAZgdul8Zt2jfEPkcGU1EOWZLmD1MoYQymeSBFlBIG42DXsLnYqRbn
jbjrbA+1Tt1z/ifP4s3iqKVqmCJVqKKaIdy6rbYMebqwO/XYgnFCzTi7iLMMty/JI6cGTIxL3FVC
AsgifdgwXmRb6hvYb4jDrIqYcRGj4Yy+sRq/Mp49Mjv+Gz3B0Oh+hg26lee9+ePXnwyZe2W8UzZr
kXFdZTZZmRkeKhlN5EqdBDOB+UNYMB5qRudyTs1674Bqs3rcgyuhz1S1XLEqS1VJN3bNKNKhgpsC
TYeu1jfGg8OLmuS5rLQZroqlkJAXTfQGA1MF6b2Ony5Y0wuuStVS5j/DYaONo2UymZv822w8iLgf
+MWrL5R3KrI5VgxAHPa2x29sFahzVVTNJE9JEJZZWUyC1gw02/Uc/sRhXK51jr3jopQjm5YL6DmM
Za9FKk1Qr4p6l4xCqgB05O45XHqMO6GOpYPV0tSCqEizNcDrz++FH8UdY1aY30kFCjDmdze4wU09
AIvmUqSlo9LAjyOxt7jAB5ClFGoJA1MQwA2IPMe3X7YNG4FSYkFy0bKgY6lY7be1uWFCOS8DhIWj
VJLspPiQ3/lywWJYjVd4YysMjFtbC6kEb/a+KxHcdLl7f85Tt3TNZWtyJsOeBl0yTNSq6h2uyy6r
X9P1xI2oJ5aWMRStYqxEi+tt/wBdtsO0rpUYyTTDSylb+nQ4JVotO9P8sak7Ojjx3vflheGlimog
DO2o/Sz/AEv1t/TGgQzAy1Ijmh1knwvG4vrU7Df364bxUNbHSGLMXLFiQrkb+xxA5OXytE9E9F3q
S2KHyJ5+2I6PLaejzb5eWhCOL6ZWFiOlr/bf7Y1Aed1BPTkRTqlRA1miP5x+Vh9tsMny2iLCWv0o
rKY7aLEqfPzsefocLIY8my2K1HTVjhH1Mk7WIA/yn7bfbCkFDl/zEMlYneMPCajkw22DDlv54kSr
sqpAjVWqbUTsrPuoPl5Yzrtw4coMx4brsqq6unoZKqFrVD05kSXbdWQWLX9N/Lywyqvnr2ocIcV9
n+VVnFeV12fRw5Y7CPO+EitdTxqRuD3dnMQF/wAOWMuhva+9/OWfZhkfaVS53X5lS8OVE1QQYK4V
kVNHVHcd6qDSqyb2JZLg+WLjau9cMlrM1z3hPPaeo4ioMxr6eBdUkcNfDWRzC+wdvGpX3F/0wpwn
PlXEGfzR9n3ZxVVNVPGwiiNWUYObncnStgNt+dr4zbNaMmrt7D+CXsXraYUdZntJw5ltSGPfR0lH
LPKhBFw1TfSxPPw3ty6Y955RwlSrksdHQVkk8NvFojPit0LbH9cc43UD2ndlw4mogZMqizAMNDCp
CuIhbYFb2AHsceS+2D4V8g4Iy6t4hZJ6yGuYh6ekpfmpFt0UEFQLf9OOkZ6eD+2XIeInzqvThrsv
qqGlE5//AFjXU0gqJjf/AK+X/aij2xIdjHAfaJn3FdCnEXDPE2axRzoDRqrrSgX2LqNPLoOZxmwx
9R/hyyDKch4aoMsg7PpqaEIAYvlY43IB3cgsWFz53OPR/DkdOaNQTZVsRF3p1J9uRxJP09c2lIJq
7WW2COLj72w5noKmBA8U9PIgGpVI19fPmBiROjUmYRJ3CPbfSbDD9aibMYZaORkA5HUws3S2IntL
HSUUQg1vH5PFIdOHafMS2mirJnDcxrBJ8r7YgeGmkNOJDJIraSSszf2wxq4M2qUWF0fSwuTIpP64
UQjy2ezSNIhi+hlYEH29MNsxydYyJqWCWJozbvI2uG9DbmMGlsdiKmBUlJSSKw1A2kT0PmMPaLNj
SWpcwnDlm/CJJBb2v181P2vgSTGbpW0oghRzY2LEXBPnhF5JKNB3kMhR9w5FtvLCiD6InZFgCAjn
ISANsM5KhkBqgzCO+nTFqIP3/wBMSMq/+EySapYqhyRteUBQcQuaNVWkahSKMkBU7tyT63wxljXa
xlnE+Z97lOX5nRxVcv0O9G0hht11kje9rbHHkv4iuzftDykHiHOu0LM5amNmVpY4o6NEuu1pSQ3P
npBx0E4eFO1fL6ps0qcwlrKeanU9387I7M1RpFrKx8RA8+WM2rzmNRCrSKwhQaUbTZfsevTfGMm9
7NYljSIEKDKDzdrAH2wnEvfvpUhupLG2MpoHZB2UcQ55xLRU8Mfy1bUMppjMv4hLfQyoeQNvqbYc
/LH09+Dr4SqDsK4RoqjPJUrc+mj1CvnBMVIh3IC9ST+bqd/LGbN1b00fifOKPMFnzNYGSipgVSeT
ZpD1Ppc9Bih5NRVue5sayVIWjjl72OjlHhdgPrcdQPI8/wBcbDO/iep6LLqylpmmYSBw7sOchPTb
lc9PLbHizt1zhU4sqxIAXMti6XBYrbb/ALRz9Tzw3trGcbPOz3PVGeUOY8STyy01MGkjhllKjYAK
dQ57325C3rj1nwH2jCOhizPM5DG7KFUSDTttyJ98Z7Db+yzi/JsylZsocShhfUhPgB5gE87nGwZB
nUaKkdcwiQC9nPKw/thgqYoa5czzMxySrpmQNpHRcGz3NJs6rIaCe4i0kIeWwHO+FMx40miq66F4
HUSM4jjDX8TBvpt1uR++KvnfGS5jks9FmkSRtDIbo1wSOm1vIn7rhna2y3tE4/y6qyGryrOZZ2EA
uroSGaw5r67fr74y2LtZo0IyXNqxe+lUPBWBrrVIRa/uRsR0PocdOox7RuS8U1k0TcG01XLLSUSt
NROxuyRk7x+d1Yj7EYicw4qp4sopqCirtD5VMxhH5o1JvYH/AC2Jt9x0wXlQlW9sfEFCE4ko+7nk
Nqetpi+kSEGySA22uOvnz54n8k7SaXiMxNlzCCrIvJFLYPE1+duhO/L154LZ6asvtrfC/Ek9HQwv
LmRhMn+HJKt1YjfTfof74ie0TtapsqqpKrMasCaRQs0ekCOpjIsG9GHK452xY8jpmFV221fDtc1P
TzU1RlWYtoWpDFVWT/8AeJyDeZFr88VPiamrMw7zP8shSupXAZqfvNMkZv8ASLet7G1r2vzxSyGq
fmldlfEsyR5XCuyf8xGYtMhA816+R/8AGNt+F7gla6pTLspDmnSTZHNwnLkfvjlm1OI98dmuVQUu
SrlcDnVTuCV6gbf1xPcUVT5Xk2mnDBr69PXUMaxjnWQdtPabS8P97XRyeN1NUARfQSPEMfO34qvi
Orc+4gi4Wy2e0dGGWpB6uwAKX9B++Ou9RScsG+bObZksMEgKudgTyvzv62x6H7AeFabiLj+Okq6N
UgymnVQzC0iSOqqAB6A45b23eHub4d+HKSPgwCSYzRSVBaFi1z5E/t+2NF4kzIZfkstbLLZZ2AUW
3A+nDjOWK8Y/G3x9QVfH9Fw2weakoqgliG8TSghwP/yXGHfENxnBScG5dlpzBhV1yCkNzuseoNIT
99Ix0vF5P1p58MWpgQLf0wPck2WxAGPFvT2XAbumXm3MY402oarE3P64Nn4bGNKym+n9MH+XUbkg
2xm1v4FREjC4uPfphRIFexvb++OdydZhLXfLj6V3tgflmR74N/Z+P0OtPq8QFvTzwDwoAWHlv64p
TcdwWKieolEUY1FjsBj1v8EvwxVE1ZFxLnuSoZpT4DKpOiPqfQn1x6PFPlXm8v8AjH0L7O+CcryW
mIWMPoIUHTbSCth+9sOOK+JFyxTl2UVBcrGTJoIGk33t588ei2SPLJuqayZhm1fGZgFG5EbtpBHP
+mD5jnbw0zQCMaSNSkX028jjhvdevUkZ9mnE4grGpsyqISo1KPl1MhdCPqYWsovtc+uKw05XL34g
jq3po7RmQ0rX/FFyARc3JGwH89sdI8ud3WUcWdquVPlGaSNxF30dIhY0DBtUaSEkk23XTYX228rY
8+dqfGWXVlY2dDMTIiQmjVcvqTG1OANUL+TE3INwRsbWsLQUKtp4p8pkra4QtPUhKpKpp7vLdirK
By9Spsb2IOE+6oWny2kmzlpY4HEVUgj7uSmANnBNrldJBF72+2I+j7gXg6biDtEj4eFfOVhmZZWo
VOpNOwdfsA1+RGPenZH2UcTZfTT5zTxvU2ZZXmmZCzkoikqQett7bcja5OGK9PU/AvBme1HDSZqk
sNXHJOktLT1QEiWFu9jJ5g7Eb8iAdxjQabNp6iWQ0yRrURaahgpUO8d+RBFvS+NMLNws8s2aTKIn
RoVDCFLaWQ3swxY6ehyzW0CgxgJ4wt7AX2+98ZrUP+7o69O47qxj0yakbS2x62wVTo0imXWwW6sw
0tbqP54Gh43hs86Uh8JUGCTqLdP99MO4aRsuqZFprSQiIu6sNmFsUB38pQ1aaoZt0QWBYjc/l/TC
aUiMtRC0bFljsCzX3PT154tI4qKVokDabyqAjauZ2229Nt8Fo6innHeiNVkVfArkgcv3/wBMQ7DT
yd+5Mlz3iFFZjtcb2OC0lDNIjSRQq8AIcRtfY4VOD6KMWLhVWKLmvRrDrhHN6OOYpIEEhY8xsYx1
99sSIVdA5qZFpgO8B8S6r98AvQ+drfph2Y6apptTJ3qtGACvT0IwaOxapI43jpYXGmzWV9gxHTBt
U0MR7mUot7lG3K/bzB8sSOQaeogSOoZyrtdJFNxfr9t+XvhYxRRUiUeYyj8Z7LLHew6Wv0PL7jCy
RFRmRpDlkyv3lM1iyAXIB2PqbYb5gZ6wJ3tK1QJI9d4DZmANiRfqDY2wwWbRsJmzY1GXZvRIH7sM
lS4IWZDuDturAjcdCL9cGWWnmrNUmpHhFzTM11XoSCPQffpvjUB7l3cuQWqkKMdUK2BXRb9x/fB6
/LTNWR1jBGWRdOqN91A8vP8AngA9OUnjZo51Z4jcxSDST9/L3xmPbFlMFfSNl1ZSd7TAG8MqmRI/
VSL/AO+RGKGvHHbt2ccQcNcSRcW9l2b1dJmtRGVd6VgZpVH5dExXvNvys4a17E8sYF2n5pM+XIeP
+yPJaGuKsVrM8oVpVZwbXM8bMY2JIN+W42xvTLOOAfhw4v46kqsv4g7P1o8vre8MGmvp1j7y22mo
F2K+fhxNZf8A+nn2ycKZ1l3EOSJk9LPSus0URzE5gzL10Hu7Ajaxsf1xntrp9B+wHg3tSyCmpG4g
UupjGoPIYizWBudCi5vjfsm4bzaqo+/qacJCnQAffc2xz6aKVnBtP3Lv3D08TLqLQC/eHHnb4quD
+K5ckdOAq2np6/8A9uWWQKUPoSDY/Y4YK8N8S/B78T/EHGQ4qzHtrqcszJ4isc9LM2mME7xmUWJv
by3xsHYV8MPxAZFTU0nEnGcGb0EKguyzSmR3BOprnTfoOuK7PD1N2bcI08NNHMMojiUb6iZAwPqW
JJxc6KklE7MKamiS1lk3C+vngScpjRR0xhjq374fS6MpB6kcv6YSoooqmWf5yaZUIuJDyb7jlhR7
SUj2+VenlbXupksb/fD2iyc/MNEzKzMbmKTr/LEtnTUsWU1I7+jCshvbUSvvhT5aaVhUZcBHq9b6
vP7YklKesq6gCCeGbXazpp+oeYHXC0MEMSsKehI1DUbXWxHTnhRCvVpCs0dFK0Z21SeLT635nDGa
ZaNtqW5tfWLqw9QRcHAhpWmkplr+4aaVVs7AgErfkRbffCz0xmj7qekYiQWCHcL6gHr64kLQPX0B
NFVorq4sHK/V7/8AV/PD/TJJTDuJFI5aU1qFHr0xJGZoKjuxTtWHfkFJYj0v5YiK6WuXVB/zAudt
C2398QN6JHp71dTHG8iG95SAVPoLYbZnM1VUtBQUZnkfqPp/QdcMFVLjLKqqrWeoqK2OmmClCRAN
jbax2JOPKfbbwXQd9Pmc2Xz5rVhmKUrhECnzdrMbX35288dZzGeni/tzj7ziGRJOH6N6uW7SwLIa
0U9j9TIBo2sCASw5cseec/lzTOcylbNW1VM7bysRvboegHLlYDGMm5DWryVxCi5jl0cKxxkRilXa
W35g5vquevLyxY+yDsom4l4ngevhYRUo75oqeMTM55qg/LqPm2wAJIOwObOE9v8AwjfDxNV8cQ8X
cb5MY3kIlennAM5NgBud9KiwBO1yTueXrjiKX+FUy5HlkDn5qyyVIYtoAP0r/fBJ7H6UziGSPMal
sloo20xWQzlrCMeXvzJOJXh/hhMt0/LxrokjuC+wI/nv5nGl/LCPjNGVwtfLtpo5AZJIjdVF9go6
n1x4d7eFapz6miiYxhtUxmt9Kj6t+trfriymq3heKq3CFd81mtG2a8RGKhpfHIhLMVjXcLpHmdgP
1xsnA3aTBnNR/wAW5tWrHDQwSGCidzz1WW/le17++CC8PTHwy9qU4+VramrZYY/BBTJsajzLeQuT
649GZBxpVcQVkdI9IqoF+t3vsb39N8U4Ha75NnbplTQ0dITUswEkw30qDy9sG4lrHosneuka0rxt
HCwG97fyxoRlWa8RDiBXpKOnIMMAJlNwY5EA3H332xg/H3ajWrxGmcVhMcU0mmdb23Lc/wByN8MS
i8Z8RQ5iKqoyDMSaqPxQofz25c+V7WIO1w3pjJ6qtyBIVre+kGWCa0rKRfLne9nXyGq6kWt97Ydq
HHBXGNXl882T1zNHLSuX+YvqEguAHHWxBN7c9sFath/j5aaQKHkuIHUrqFzuDy8m8sBs0fUtHTyS
yxQsh1L3ZQEKYQ5uSbixQ/sbDyx1PB8iYXm/Cq45QiO7eGoU7hC/2FmPpiMbPw1xjFLlcP8AEQDB
OBFLTVF07ph0cdD5Edf3pvaZRfxQTUjslTToSXpnJMsJI9PqQ/64cO2cmRV0AyutEU1OtVS6Sp74
le8W17FuVxy3/wBcBBnuWZbmMVfwzmkwoZWEcsDG5pmOxRl8iOR5bW8jg/k62k6KCCn4qeTLYrCR
QBIDq7w3ve/UHHrX4NuBGggfNIIgNKl2B5E443/KnLp6s4ANGKxZZWRWLAMgPnc4r3bj2gUfC1D3
00otHrc72vpbl7474RzrwP8AEL8SeXZznmY8M0taWZKYxrIzkCJ2sy39PFbHijPcxnr8xnnnZmkl
lLuWNyWJ33xZtSJDgeOWTOooxSNKIj3sixi50rucez/h+7JM6oJY+Nax6iGvq41lkiluP+alJKrb
yRCpxzhr2N2VcPHg3gfLeEJV1tAyBp/Nj4nP3xH9tnF9JQVcQ+b7umjBjCg/WxNzt9sdMHO/T5xd
uHavPnvbGySVwnpJcyaaRgeatMpYj2VFA9sY/wBpvGNRxhxHNn8krdx3jpTxkk6V1E4c7N8N4zUN
e5b6R08tsGSC+18fP3I+jMS6U1xYIN9sKrSAjmf5DGLk644BNKtumC/LoAAN/bGNt3DkdacDZl3P
K+FFiUWXV9sGzMPsXQynRqscG7oC4H6nDaP0A6lXYWwXuy+yvYE2/wDONT7Zu5w3j4RPhvq+O+Iq
fiHP6Mrl8cmhQ4uJGAuD9jj6N9j3ZTPk9LLRR0ccE6ld7WtfpsLW649nix1NvD5st3S+8SZ7TcEZ
TUtOA0lQ3dgp+W21/brjL3qJc0rLmoZhJzIvc+2HOrw47u0vRUkOrvSrqfEDKxNjtyHkcK5vlsVb
RECSNjbZSOZ6Y5TmvVlNRk+a5VnP8SV6HLVmneZY7yhQoja92D3Bty8JuNx1xTeNUenzGp/hlYVE
HOnpnUd0Ab20/la5J3Ftxjt6eDL/AGZHU9mPaLFmGZVWaZr89TpSmsgmmiWGRQVtIm2ygoSCtjzJ
HLHn3tU4NrOEuKH4fiy0QUsmmRGis1xJdo0c3tqXcXHPB+xFV7g0OZQjOKpDFMVdhDEWdQUIv/8A
E7EefpiwcBcM5xLPV1FDQySZzRUksgopP/6hTNH+IoPMkRtrHmFPUYi2D4Tvh242Xi3JO0Oepanj
dBVLIYQ5qY7XZVB6GMk2G9wRj6K9mfZxDw6iigy9J2hqFp4dLFvCBbXy5aSlh5efPDBdRrfCWQ0g
o5DDmRRZppJJoGQ6ATf6b7qR6bHfE+crparKBLrRK2STQb73A5KfNSB++NsdpTKaSGBNMdKIqmIB
dh4XA87en8sS6y1ja6mKt0xd0rOUGq23PGK3DzLo4XUySMZFIukwuu3U/wCmF51nSmVnlMuo8z69
fY2waJanjihqWWR7uqAkR3BN9wfbC0eXyyzpUU0+gkhHVT9Sn0PlscXSPGhp+9hgjlaI7MXt4Xse
Xpgk/eVKrWxRkhHbvFt0v19MX8IpMWlQT/MrrIIa3U9BhoiRSQaplDJruFI8S7cxhBSnp4mpIcte
ZSFJYSOT4RY/+MPcvmi735dZNJU6ldvDyHn5YkWAR/wYqsrK/iKn6SMBmLyUtJJBDEZS6kK6nZNr
gfzGIGJn7mFKkePuNJcEEFkPp5g3GH6iBaqnippNIdbtrNri+IlqzLYtQrKeMMbbpyHqR74LTQrX
0hgDMFBuGFtUfviARE9LE9BJKCVe9kFyP7YOolkpmqalxJG/1QEW8XK98SdQwaqX62MiboWa+oAb
g+ww2MtTQ1Bny1EkWRu8MLX3OwNvIkYkGY95VSQxL3UUm6TEX0k7XI/UffDT+DI0MxjbSU8EyAbo
PMel8a2zSOTQ1Cw/wrMKcwVNOSEmgJKyDmGF/MHcf6YPGI5MxRxUxd7Sgd5EmynVuAVPtcH3GJDT
1tXDWMKeXug63DaNhb/+b2xAcQD5yaRxHH3ltqulHgk8zp/pgTDe33I5M2oDQ1ddFU0rH8XLa6Iy
owG+pWUq6bDYhtvI4848VfCR2M9sFVUV2cSQ9/NCY+/rRJSzpHy/x0XTLa+wcatt/M7Zh12Sf+nb
kHAc38PyvjXOqihMt4pjPH3aXG1gGEYHmGUE42XJewhMglfIK2ggp3UBHqKyNGEouN0QEhQfQXvj
M4a7bR2ZdmlVwwIZK7MpZYR/hxU8AVLW2AJN8aAJaCvhM8bSmODwWnlNh9iN8ZaNa4U9XHqpmuCN
2BAX198UzjPs8yrPoDWmhjUqAAzAazbyPrbElGzbsySrqGfuhpB0eEXLX5gkkAfvhaPJ6Lh+I0Gb
VE0wQDTTodNh/wB1sVB5R9+8izwwKkZWwjmkPL32xK0IepSVO5YSpuBAbg/cYic5ZJBps2VXRbk3
Nyx/mMPFipquY1FAJBqa/hBIB8rHEkjlcKTKYaiouVOwe4t7dMOj3NOVU0a6gbaj4C23TocSJyl6
iJRUxtDp3Uy8m8txy3xL5f3ceinmMK6rfSTYn/u5jEj95pJAIpMtQfmud2AB6N1wpSv80/cB3R1/
MfErevmMSIVNcsMclNA0gcm9mkP6+mGhrHc3qQb7WDGw/XlfEnQtOoLvRF1BOrWCRb/flgr8RUcj
af4Y0LDcEMbYkWq80pq5RDVlUv8ATJqLFT0N8R9ZnUcLPSCrvMFJZkB/+7bofLEDYswiNTNW6oW2
1gBt/vY2xHZjUwxKHErN5urEW+2+JUxDJKoRK8k8wZSLD9sNqtKihjcnMokc9C2rSfa9sMDPuPKz
OqWmklpM3bvljOpmCoqjzB587eePPPHXZr2jdoFG01FxNmpp5SdUFLpWAHqzuxsTbHTqM+2T8fcE
cL8McKVMGaZVV0aMNMmYR3Y1BHMsQC7t0CqPvjIs07Bc14tFLU8GdmsNC1Q4MNRmcJ+YqjYBBFSA
aVXmfFc7AsTg6nJXjhP/ANNl6/ihc34/zmpzCv2HcIe8SCXY/jNYqbDfQLdL2Gx2fh34Yey7s8qU
yqnykvASZWjdismYTdXlZQCVvsEWwA/Y+PG6t74bB2Y8JZFk9JK9Fl0cNRNGve1emxZF/ML8kA2H
nbbEvnmY0cUEs8KmlRmCQzax3jqBc6QeRPn0BHXBIUVFT5cmWhmy0QTTtrCKNelSb6b/AJuhJPM4
ciDMHgkp51WkptWp2Ygu+3It0HmcKeZfjEaCupJHy+qVU5qsQ30g8yfXoMeGO3arqcyaAxyALFGI
rc7KOn9bYM+2sOVT4byidIv4XFUq080ZnqVDeGFB9IPm5/8A7gMWLgvi+HJZamimpYqiolgX5VTu
sbX8JI5bLc74oq2vsQ44zeiy6nqK/MAY6iUS3qGKuEuVBAH+Y3PoMetuy7jqszfhqomoqxJKmSUL
EYzp7pSBe5t6csA6brwpnsdPlkNFTG1lKSSdZDYFjf74LxzmNStLPmyk6EU9xGw2JO3L7Y1BGc55
leZZfwbW1sEKmV172Apf6gLhSfcWx5O+J2qgps0eqFFOlHmLMXVW0LGx35+xv7jG8JuK9sg4f4zr
Yc9FNmhtpBhmdWI7wEXv6HV4vu2EMzoH4fzitn+WHy8pMNREW1LMji4F/UWYHzXBIrTimo6WVDme
WzKtTl0ayJY2FTGB6c9S3PoUI8sHhkgzSvOXNEaecoO7mVy4fqtutiL/AKWxfszlIZe03EafOzOq
5hQjUSieCojv9SdCRf2I/afyzO4MqzCPLM/7qpoZJLM//wBNm3B0kbA/pjN5K8VFPleWrJTtWRTR
GLvFhckm3lv9S8rdRjMOJ+OXGZCiYTxQL/hZqxYtASbaWG4Kchv/ADxRmxW+KuN5vkJMlzWgWaVy
FAV9kYXuobyYbq3Q3BuDiJyDKqLK3735gyzS7PdbXU72P/UuM+S6mm8Z7aNwBkb5jmVOv1WbZR6+
ePb3YpSw5B2dtPRkCeWoWFdJ+oED+xxnDmjNeH44oeHqeozOpqI0hp37zW3Sw2v98eO/jE+JWooc
8y/JvmzFBA4kmQPcusoN7/rj0YzUrnza8J8ZccZpmHGeaZyahgaqR1IBvZbmw/liFkrGqp2qiAGI
6dSOuOVvLcbn8GvYTmnaFxtBmVXBJ8hGbzODZdIBJBP2GPoN2XcHS5pmsde1P3Sx1FxE2+prWJ+w
C/pjM5tVaXxbxLlXCGVS1uYzIVy+Hwxp9TyHz9gMeNPih7dKLJM+mrJ62Sqjy9XggUMQHlYHWxHu
1v8A447Tpz17eLOLahcwzaszeOfQWcqq6vpQC374rU8om8KJZCfCpPLHO/bqsYhIP0m/kcKiG5uN
gORx8619aYlYxty+wwv3C8ja/rjFunXGSuaNQmnkB088JtpVrJtbF2shZHYJpuN8cXGw/NbFIzcn
Bl0+I788A7ldiRy5Y2zvgUBpWJ3Nh0xrPw3dg03aTnnfZvBKlJFZllUXDG/0keVsdPHj8rpz8mXx
m30R7C+xzKsoyykoqKmSKmW19I02YdP0xt0ub5fwjkkq9944ENu9/MQbab+2Pb1HgvLJ+LOKk4gr
JFaR3GokG+2ny/f9sIZSCWaWOco9trDwgY8+d5e7wePU2tFDl08ouGZiBquD09sDxBTTHKWWKNhF
YiSRFtew1czgxPljLa3JJ6TiAVGZwzRB1FRDPUuWiIuth05NzAN7++IzNeD8nTPIuIa2ikjeeNla
leO5kQAsy6zv4b7X5jbpj0Tp83Lipyk4ToazJajKInjqp1jaJQImLgaVYAk/UbDcAnGUcc/DTw7n
meNX5XDTwS1TQVNNmLx94qEgE95HzMWwBXnztgsHSJyz4aOEchpM2nz7h2kzSnijikpzO34tKqkg
gDYnSD4ZB9SNZhcXw++Gb4XKzhfiir4pzPJNeWqojp6JyWiRdRVZdVtSXD7puLMbdMWuTHqzgjsJ
rcn4Sn4drKSlp6CVImjowpbuGH/035gWtuPL2tpeSQV+Uinp5KOOLL/BGY4hq0kbA3522uPfGmbd
rTS0dNTrMtPDGgZrFCCUctsbdQDiaocihy7LUp54g0lP4FFObkDYC/mMQiUy2mmplXvZ7mdSUFja
5Jvv5jbC9OKOZWqFbRLUKU1DcMLfzvY/Y4y0Pkccy0mlggZLLot6btb/AHtg86wSkRsLEgOpUnSN
+X+mBo7iqXbTKGV7f4d+o9ThbSaXNAkQdhKo3k5XA/15+mFFIEjlk7qoDM8TWdNXQWINxhxDTusc
ssU7KWcyFC24Um33GCA0FeqM0UlHeSS41RG4JtuR5G/T0wjTVTa2pa2jKXXZ7Gw9f1xIaGmlgrxU
sQUZQrA9D5+2H9S7CfvJzpQCyBgSHAPn+uFA1qs0cscAIZbRk3JA8v12w5pTDLKRMwQ6QEJPP7ee
EEDJTGeSjqHLVBhKGTlbcWJw3impZ3FOsia0e0febMDbcett74ElaZ454NUxkCgfSu17+nvjqKCj
p62SanmOqUjbzsLXvy5YkX+WhSfvYYZVcEkEmx/319eWApp6mGNkrYoWiLBrpz3xIDQx01M8vdFY
nfnFzA6G1uYO3thSACRfmWsFJsrH8pPQ+m2JGs5YzGnkBYTKSsQHIcmXV72Ix2WRsIZMsqamQVKf
TLKLM39L+nXn6YkVmljoJmLUwMbAEkcred8MqjJqark7uMqk2kiOe+5B3AJ8r/offEDbuWhVadZ1
1INLRnof74YZkaeeA060boxBPg2a/U7b/fENKRxRkENWYkJVZU8CmRAski8yhJFif0/piu0/ZIP4
nLmWQtFJE41GmmXuzC97bqN/1uMa2tLvwvw1NQ06mtyBJWjXS7Rmw+xubjy54c5nRZbWyqlNRSU8
0Ta9LRmQ+RtywJL5PLHAifxKaeyiyyotio/TbDoU0xPgy+OZL+CaQv4h1v0vgaHmzBoUNNTRyjQL
WjAAX7W2xX84onY94dZZLkwtzGDtK3nyVclOqyM4Q7gPs3sLYi6fLVLq1Nkygve0wBMl/M354Un6
Tg8tTRy1lFYk7uuxPra5wrNk+T5Yyf8A6ubUhI7xdj+gxJ0MRMixLDIoZSBb8/vf+mAWCojZSl4y
jC7Oo5eluoxJI/NAxrHUTI7StpM/0k/fp98PIqgAtDJrnisLhvFpPphQnf8Acap0o2MZ2YgX29cP
qWWmlZJ8qdWZRd+/Fl/XFwij5hUKdE8GosLARnYgevXBvnE71PlqWQgi1rhGN/bAikldE9Veogke
ZToto2P3wnLMs0l46mMlTYRsND/vzxCOkzqrpYGpKVTa9iJVA/fAa2YGKsZYurGFSQf0xIx+ZpWa
9KpJj2VXS179QcI1uURTqa2OoIaHfwrs3mPXbpiRtU1GW6R8rTu2nfx3uPdSMNK+jSemieWhSLvL
aZdyP7HEkLW0UdKzouZKp5WjUnEbmmSSslmr3lQ7lDKT+xH9cMCGzSggjy8iLJAbAeNzoUm3+WxH
64hM74b4izyjQxu4jUi6UieFyRy1WG3tjcHat0vw08MUNc+dZ3UT1soUiKGohHdxMTe+trkn1Fjb
Ehwb2WcMZTm8datNNU5hr3muzFhy0ja9htt6YqFmzHg75KFFhp1hGsNFTBdCUyg3ZiP8x5eZ88UT
iCHKaTNnzOpVqiYHVFD4Sik/5iBf2A2/nip0rnEfG2YQ0E0axMtRK6pLWU40KF8vX36W2wzoK5uI
K6nqczmkEcfhiiga5f1N+V+Q9ycZ21FvosyjpaaWsamMUifTqNliW3Ig9b8sQebZ1U1oWjrisdPJ
v8uXsZD6/ucU4Dzp8S6rmEVVpqBJsdQT8tuQx417WlWohFC0aa4oyy22PPcnzP8ATGcu46Yccskh
qK2nkcUZZTUtp7xTYlQen++mJrhmNkppkanLrJuQByQcyD1vy9r4fbLS+Es2q6XjDLaF6qJko0WS
tlblGQjME/7VAW/tbG09jvbbSZZFQZdHXyfMTzCHWnOWRj08gA1vc4dDh6z4A40/iuZ01FTZuslO
JSGG5L3I6/Y40zizRmzCny9yIkCant+Ubn+2KBRs/wA9khoW4XikjjpxUHuS6gkm4Nj6HV+2POvx
DZbkNdSyZZm6IKXMYmjuT/gzKNmvbbly/wCnG8fpV50lyaXNGSnp42jzHJ37mUpGFedOQ26lbMPa
2IbiFo48pFNPTSLW0TkTXYqKmK+pSRyuAwIPXEhMozmfIpKaopKaKpppRrW1ikiHZwTzHIi3TE2M
sp6uCkzLKalDTyNannDFWie9+7YjcgFdr4Nr9i5s2eUElPPQBoBIxZJqdgO7Ygkqw68vYg4seT8X
5fmOWVQGX7hbS0zgBlJAs4a30mxF+m2D21Zwq/Enac+ZU0HB9fNJTS0sgFBWk6duRRjv56Tfbl0x
WK/N8ypcwWEyxRrKGCxT7gMDujA+u3luMao5QTfPLVfO5ksiXuFha/h8v9MWXhZ6qqQLFASTzb+v
vjz55brpjNTTXOzuabhwNVVETAuLGRhvvtjaI+3J+DOH4VkqWi+WYLHEx2Mr+Bf01E43gxlyoPxF
/FPVcN9n2aUUGchqistHDCD9Nn+o/YE48W8ZcfZ/xfms02fZnLK9Qo8btvsAV/ljpldQY9K3Ws09
RrfZmALW88Wvsf7MM87VeLqXhjJKYtrIMjrvoS4BOOdPT6VfDZ2JZH2Q8CLSpCZaipIaOOxu4BAu
f+4/sMbtRQZdwbwuMzqWF6MeJuXeSObk/a+NYY+nO3bBe37tMhiqpo8wzAw0tJDJW1MqcrHkD7hb
AeuPn92n9oed580qZt45MxcVIcndASxAt0+q+OmV01FAqZqiUMHluGAF+pA5nDeGnM0gCyAKgPqM
cmlwEC6ba9rYMsai7G/pj5m33PiAfSSf2wbvBa5It6f1xVE3cBSDywk0vNBYHnhkZyvolJKLlr8+
WO72ykE/e+NyOFy5cZOYBuMcG1ctzjXxZ+TWPh47Bq/tGzZayuiIogR9R+v0x9AewXsFyXhikSCO
iDBNKqttO4F7kdQRcbdcenxYam68/my3dR6I4bynKMllTve7hh7rxKfq8hfzPrjNe1bjWDMJTQ0F
SjHUNr2C22/Tljed1GMMflVMy+nklqFrHc6W5gfSD5Yu2S5XTvMGXY7EBrbdLY83dfUmPxx0slPR
WiEisdY5rfoOoweamnq0cGbu7kK1gTt67bY3i4eSbUPivhGsgmWGOngehqg5KThSY5L7nkdSkH7G
xxAZZkua0dVU5XUGtjbL1jqIqylgMkMyawfCLbMQAGTyuRbHbF87yTlZMqzalysVjVc1UsuY5iZI
amGQARy20BSGACeHxEW2th5kvAPC+bVVRmOeUctJaBqZIdQElSxuxbWPCyXIsOXrjTCbz7h6g7vX
RcOx5o6RxF4njUsgIMbMAT0W9wP/ADactpeE8gM1Xk1JPTXgS6UbgwugBAe56gm1xhG1uyHMsurq
kwS1+mokjWUUxiuq2v8AodyCMSWZmGaKaf5ZEZVU95cgOADsPUf0wg+yySkoI46qdtccniijiuSq
ix3HW18SkefyVVRUmnpdZj8ahT/itYG49gTfGSNWZvHljdzSIZotXeF4jcQtsdQ9Dfl64kqaqgXS
kNQpjdi+l9wDfz6XvjLSThqoUkWWMuT9AkcXYEDrtywjUxSR00gimbaUFCdiTb9xfEYcRqFqFVVU
KynUSLbg77f75YdSmNU72hBRh4tV7aWJA5eV8SLyMvffxRpI4pFQFmts/wDfCNd3NRWRVkEpS0bo
1rgja4/fr64gSqVaqjVBpjY6bONu85H23w5nofmZlXvC2i6mJjcqbe2+IgTugNESC0epQb3DeYw5
oki7r5RGLo7F4+h3H+9/TEKPT1iUIZahQ6IdJsN1J54iqiJpoZQsml+8WTWOqggg/tjTOyryTZbX
9/LFriPOQ/UFLeL36bYje9y2SpnzWaMLHBeVpJPyEHTqP2sb+QxJLZdUzC9MXaSNl7xZkO6gHdT/
ADGJdIaONEk7xSTcg2Ok9b4NESqir1mhqCC8kQOiRNhIhtt5G1v2wFJm+XC61KMkgAuzCwB574CH
LZ54Wkgq2BjcmxO2xP8ATC0qCFy7t+CFILLv+374kTpZ5qySOGRA2oFmA2KEbah58hjp6lUb54wr
t4XWx/E9sSKy1FFUQkRORdbb/VH5e+GtRUxLSp3MUXeobiK5UOOo8wfTEjdvl3eepihHfkDXHKB4
h52wwjhp6NCzoWa+oGQFgvpcbg4hULXI1QDEaSJ435LO+oDfkb8vtjqWgoqJYRPTpC2kgSwuSIj5
aiP2IxI5/gHEMlSM0pEppEUHRNRzFCw9V5f75YGaaVZWhzCDxxWDRzqVb31DYjEj7vZ5YkjhpQrk
7iU7FT64kPmanLVMcdLIqAEtFIxIF+oPLEUVWf8AOxaGqXRna/8AyoKEe9sRta9RHIKUTSsm4ZJX
IuehviSIqaSGPwxTRd5ITq0tqt9zgmWUbCs71ZrAD6nWxv5C+JH0q1tReN6uG/5LRAnbzw2eCKeo
lp6kuZozcSKh0D05XxIM0lHBTn5yJZt/BJFIQR/8SP8AXBqaTZ6um8VyAEJ3J8iMMAyU4kIq1oQs
jCzCNt7evr5YeU89MkTUSLHIrAXIbTb9cSLU+iOXu0mmNlNwCDe3p1/XCgzeWjX/AJSCOWMk3WME
X8wRsRfAgvmNNIiikDQMDdomsQx6GxGF0mDSa6tY7crotuX674i4d2yuYFnH/VqLAepO+2E/mJxT
Kz6XW58Q8Q29DiBsa6hqZSwqO81XBRgd/S3PDhITVxf8vHGF5Hxkbjrh7Q8lcgiENVVBUHNEe+k/
phr3yGZ+/eRUT6HBBB+22II3NkmpayJIammAmBLM1rg+u+GlW1EKCxzmQXOnRCAAv77jAkM5pbn5
GpikFz+JO2w+1sOYKSpqaf8AF4hTu1XV4EZrenK2KLSMrMtyWOoaZKqWWRRcCZQFH/x5nB6riStK
rQstVMgHhRj+H+gG5/TDtaMK6nq5Clfme7PcJTqCWjX06D7YkMhpaXJIxX1CdyyobIJLsR11W2F8
IsVTtL4ihzCVsuSudo6g63KcrAefU++2MwznNZpqR0iowC3IrsCOg5Xt5+Zw0xRs4zSjjrxlLS94
UOtlJsijzNvXa3lh9wxmn8Nnky/LIDNmDLqSV/8A21/zf2vjLSejzyryrLzU5rNEzxgARMNShud/
U+pxT67jjL6jUayZmZ5GjYgjUxG5t5C9hhvTPdUHtdpKKpyaeElRKUuVUfT1tjxN2sUsj1tbJJBY
R3Cm+5xnLUdMN7Y3As6VLMo2kvHYc/8AfTFgyfNquGJGj0QxoujYc7deXT+dsMGktSZvPW00hpp5
USzPNIJPHMx3NyeY2GLn2GpHFxtQZnWTpJT0atOUJ8MZAPP3uP54oK9q/DxNXUeUQZnRRCWSocBG
LHSt+V/scegoHrly/wCVSLVILOQL3tsTf/fljWuWd+2f8U5VNXVDx1V9ZLyCMAjSAdvuRY4wHtwy
aOuy2SrqatzUDVUPTC4E7IfEAPMqW++N462O+GC/P5dHxAmYgs3foaaeWNLPdRYOD/nsqH1IPnhP
O814XzOJdz34U0rLD4lmsbrfyHMA+oxTvhdIiXJssyzL4aaCWoNPUM0sc8ZsouBv08QPNcDw/VUn
DpmmzeRXo5V7mR9RsjWuCPIciCPI+uM6al9J+qpKSnFblMQJ1Rhu61FmLadgjHc3HiU9SNPO2KJP
m1bw3m0E1PmYLuPwayIi0ynpbl4r7g9RiSP4izDJeIpjnDVDUkmko0ZGpO9H76TvY9PbEVQV1Rnd
A+bVC3+V8Nn5uf8AY54MqcTyl7/P5o6sowZbKyFif/kP643vsN7LxWUyZhU0l0O48xjzXmuluo1j
Och4Vo6InvhTVESAkuL6jzxivbPxVwtT1JzCvzGsleD8SOmg+l5ALC/kOuO2PDm82doHE1ZntNAa
yaQuSSFZiTp3Av8AqcV2YI7xvHK0rWBckWG3TGrdo+yPIs540z+DLspoGnq62URx08I3YnYADH0W
+D/4UKLsg4PjlzKjik4gr3BqKhN+6692voP54zrdGT1NwxwtWROkQpgny4VNVvp2xC9qFak+XVc9
dIDluX3aRVO8zLuFHnvzx0wm7pivG3xGxZxm3DWZVk6OJayZZZoiTaU/SkQHuceT+MMsao4lrK6F
S8dMQslx4Ve1tPsLftiy6bnCt1lKsMndadTJYML7YeZVlMP8LnjMI7w28V+XmBjEKWE406Q3PpfH
PMthfHzdPs3PgR5k0gA/r1wi9QASLnG8Ztzyz4FkqAF3a/qDhIzqBqHXnY41ji5ZZ/QrTl1tqwR6
heQP388a+LncnCpLvYfpfF+7HOyfNOOM2Rp6eRIEs2oi2rzGNzHd0zcvb3l8N3ZLDk9LSUdJlbiC
NQpitv7/ANcepOEKLK+FY2zDMO5tEp1KDsRy38reWPTJpxt2pXad2nRs38Npp9LK+lijXJAvjOqS
J80qWk7zUL+GQtvzxx8l9PZ+Lju7XXIskgaEK6oCu5C33/TF0yrLAsAeC5A56vynHKR7MrrhLUsU
hmWeRUCBLeAn74kIKC+kU8Wok9XIJv6dcbjz560Rq+G47xw06kEAlghBOnqoBHI+WKPxHwc+QUeY
1OS0lS9XFFI8dBCCj1JY3Dq45W39em2OseDycpjKMuWqo6OhbJBOKnUGikdm/EKg95dl8Ww2LW6i
+HdRwzmMMtNSV+WfgwxfKywR3RbW1JIgI+vmL+QIuOvTtws1T/Lsvirs1koUopDNl1QiSKAe6kXR
fUy2vYhhyOxsQcSMSV+bQtlrUUjw6mRtPiSVb3s17HURbbnt1xApk9HL/G7VeUgLR1aLrlULMVYE
K99gQP1Nji2ZlnE6WoZFKGMd9NKjjTpuF8IIN/M/a2+HpdkaioU5hUcPrmMqRiJZEmgXUadm6bD0
uRbcHEjl+YtBVjvlWWR1UySU0gAD6bBwv+U7Xt5jywLYMsaSbMY5qN5QlSjKyymwcXuBbowsbeYx
J5dnEtRHRQVSXVz+MGjCNHa9r++m2ArPSSvJTugieOxIUk7ncfuCd/fC8jfJxLTyTfhxDvXW+rS3
+uMtH0FRG9O1TIhIDCUq4tdid/5nDWItLWl1kISe2pD4duhN/wBPtgMSGYQw1FIFkiHcq12Qtuh8
x/PDCWaqFMYokRkgJHdKRc8+R8/TCilPIstB8uWkCxsJVB525Hb02w8E1UYj3TbGw1ONLrb1/viA
slTSSQd0aQlH3cR8mb/N+2+GNNPW0VbFEXNRE20ZdTdTvbly8r4ZBTlqoSZiO/kYSAFtAU6ZOlj0
JGD1o7tw6mJVdCAXuQGsRa3PGmaZPWPTyUdTLBG8DNokuTqQtyPruLEdOeGsMD5XWmmNFqL95CGd
vDJEeV/X++JJqnpko6ePM8riYmnUxyU8u1yCBa/n64fvnSl44ZYpF1+Blfmh6H7cjgqSAGqnMySu
Uja5Xpv1+xw1GWoYJO8hOpX2U9RzBwVqCSoZavu3Gx3Q2536+lsLTy1fcJBVW1ttq5X9DgJCWCmg
RUpZHWwKFtVirdN+n+mFKiREy1ZXcxmFhqdfPp+uJGsMksqNVUdSbgklf8w8rYb1K0lTVCqqgyDS
BIDuPQ/73wRGCvXRVxSKBl1bKwbWtvXrbDpaipSYVUDNBJe1iNX28jfEjWfLkrcwMVQDAZT4CBZW
P3wBXN4aYUUDJLPCb2CbAdD6+2EdFMuoc0WdKqErHNIbulrIT1t5HzBGJTMo6+rjUTyxOgsUlQ6t
P9sSJPTTAj5iqSRR+WP8p/7f9bYP8sWpTHZp0GzKyWI/tiKPemnpqsTLDfVvuvIeQ6Yb1tNJ3mpy
ABf6z9PpiSFrJaw1as9MqADwtuW/ltgy5nDBUKWcOBvcm5ufQXxIdsxqZ6kJT1IdSOTXW3phOojz
jL9Zr2cCbxalO1vfEDM/MCMlS58ri/8Av9cDLJ82UYv4+dwDe/l/s4lSpV9Ihb5khlsbGwB9+mG1
VlfdaXpfwnBvexKn36YVDgFoY9XzUqt/mU3Vj7HnviRilQWaecCQ2N1Glh74i41gnm0xmKQA7GVd
L/pgZZmpFFStYjBjZlC6gvr5jAicmc10jiASo/5QU2ZT+mEJK2sYkwVF+WshdRU+Zw9oZzDPPcTs
GAuzyjRcj1wdaeRAJmkVfViL/rc3GKMiLQh1BrHhUSghpHG1v9+eEGp4oR3SVGiJV37pOl+d/wC2
KkhNS0NXQyxxFWdbgt4t/TDKj+WULHULcLdQrtbQeuBC5p/DaanZqON2JNwEOoLtucQ9TU5fNCHW
oqXa4u6/hgemIGjRGOJnoKiM1J3EdKWd7eRbBqNpKGljmrqj5Z3Fy5Gpl+3niRhVVszVwrpszmWN
9jqNmYdTb+mI7Os8oHgEVIZZFFlWMc2Hl6Y0tKRn+Z0tZWd1XZp+DD4pnMn4caD8o8z6C5xnfFvF
9Oz1NDlElo2Yl2F1IXoC3S/lz88Rik0lcKysWqaPuzIddr3ZzyDG4++LrkcOU8KQDMqmZ55ZlH4U
ezSnpc2+kYIrwwn4mPifyXhzMoOHDxCfmZGIjy+keyK55am622ueQ3xA8C9q9PFS0vzWaQyV5QiB
Q2lCTe73PO+5w5H00DO5zmnCnfzKqzadUi2uBfzOPIPadElRxhV0pkCRuGF3+o3PljN6aw7YvUTN
kuc1MdMjSPEGVLDZDy1Eegv98FpKqtnpxCbKsoC6zyjQbnFQsMFPTvlJqICFbRY9FNza5ty5dcW3
gCsnbJKWmpUihNU7p3jDxaVFzY+w/fGoK9tdgfGFHR8I5PkNHA7ujRzPUE6dVxYC2PRfZzRZm+b1
82dVwlRwJ1Y7eEg7D2AGKM1G8Q5D/F6irzQnRGrfXyJuAD99sYX8QHB7QZec0yykLPDTtKxUfUQD
ew9xjpIHmHPuHsqzPOWSmiMcVRaojdSTpdlDo3p+b7g4hnyykkzJqbLzqSU6lmWw8ZH0k+VwRv5D
FYekjT8BQS0q5fHUd382utHkuDDMt7MDyAbdSPPFWfLKWupJuFKtXhq0Vu9pp/p1L1Q+QNzY9Dfl
fApNVEcM8S1dBXJw3xA0kL07GOGdSQGTmYiedjYFT+UgYY8TZrl8dXVZPmUoMVV4i3d7JIfErqRt
ZjubebeWDoqZldBWtmB72Z44WusoY73H9sWChX+Iximy6DQGcDls+3O36Y4510wjYOxTsamzKojq
qqnGkb++PQNKq9nOVGnilgW63tKdvsRjGE3drNnXEnaLxNnnEUOW1+VKndP4p4GVhKvl+mKB28tR
8YRLluRZLUCoUEvpQmwA2B0+eO847YYhUdi3aTmdVEs+USFZG0CU/So/0xLUfYFmQgqMzq6yMZbl
l4zOP/4uW/0IOZ3wSbVvD0V8Dnw9twxN/wAa5jlCzZzKjCmglFxSqRYsfJj0x7t7GuBloIIjmGqW
p0/Zb7k4IzkuedVNX3ppKaVY4iD3koNjsMZzx5w82Z0iZVG+iigi72TV+ffr7m2OkDzr8QmXQV2U
PNlARBQxtUd842km5Cw62vt648rcWcB5fKKPJMsLmSukj7yU7BpdtZt9ziujFfzPsdzoTfL09Khl
ziq0wX2YRg21egxNZR2AVk/aLFwjTzloUlGuVBcaRzv64zl0tsw+YaxYMSV9ccJjq1X352OPDp9D
57Fac3Pj9sEaQ/5vQY1JIxbyBmbTYG1/LCY3bdrjGozlZAnQPq298AbsLcjijPS39nfZvV57VJW1
1M3cBgRYXufLHrP4fezI5gsa5KF0Ie7sAR4hvb9L/fHbCa5Yyu+HrjgmloeD+DY5cwmUVKL4mjbe
4vb25Ypfat8QcVUZMoyqoHd6mDtGhBmawFvUbc8dKz3dKrw3mldnzsZrkMfEDzNsXvhzJIvllaJh
fmWHn+mPLnzX2Px8fhivfDsfdMPxLFVPht19sT1PUXjLOmltjqJ8I9xinRy7PYHl0Io+nmWUgC46
2xMRRSlY4pHADKGvGNxced8ajh5NHMdNFUyrLIpI2F0Hi9rcv0wjV5UKqAiKqu0rGNo1YExjnqUc
rjr++OkePyRGPw9BUtLSVVIk8Fw8btIQSRbba1h6DEjkjZ9RvphytozTzhDTzyJIKlPNW+oG29+d
xyONzl58ojK1eIctoKuppeIu5zrMNo6g6ZYAUfwhozt9NtRWxvc4BuPKPhqZ5+IsuFO1TEGfQxWN
5eTAH6ee99ja2FhL8O8T5a+QCTMMxSopGCmNahdTAW8avbYnVex8iCMKVtfWZPLNV9zFVZfUQmaK
NTdwLCwHobDb19MM5KM4H4xTiSebiHL6uogy5mEZnlk1JKCotY25q5sRzBv54lcgzmKpq6w0zNLW
xSq0qAaVMZWzFHPLmDb0wbWk7FPmKgt82Geqk0RyKNWiMgMAwtbUGJsfLEnRz1MdCKOqcs6gP3jb
OhB2DfrywhZ8slr2Jp5FbviNakklQOoJH++WJZ6Opno/mO8UBgVZAbcjzOM1uaOaaNmeRqiY/SUW
UG99+v8ATCcj984pZqkMAdRULzHUYCcvUxxIadUZwwLaxc9bW/QYbBtKyQVFIgWVfFIzWa/vyO33
2xIQUIiEUjGTUm6sniZl6gefqMSNJKyo5lmSSIKGZkG6noCMQprUVcUDqWhZJIh3wiV7EgeR5EdD
iMizWCor2heFwxvMku9gl/Eo9QbH2ONM0us8k6S0+YVOh4m1rKBYMOlx52/XA5lXwwU89RPFoSRV
8KmxDW6noPX0xrTJvNVUjUpOZya1jKszI1m5mzbYWqZDULJFRPFosssM2q92W4O3na3+xgKVgzRo
ZZHhkYgQgm4upv1A/n64ekxz1sREhCOwt4etup6/78sGkkoWfvNNPWKkcxZVULqVSDy9sLuFqKho
CdLHlH0FjfbBprZpVSfLqlTSJqRW8Yb6lB57eWC5rWQSUHeoGBWwUqN8BI0FQMzjHfLdgty430jm
Ljy9fbEealqOomg/iCExgKfzRup+m/oR18xiRGOpZKwvSqqyqLmMts49MEfO6uo1mWh7p03Aa2lv
P2ODpG87T1c6VNOBE0YIZHOx9DhF8wq6qIrDV904IjkS2yn1woNZX1rztQZrEoVQDFM1yp5cj0Pv
iULyyaIszETQuB3NZCdreTW5MPI4kdUOZPCwVlSdOXfrs1upI64cZh/DpS1NEkciOA5KErq+/LEj
AwLTOZKOulEbKQY5r+Bv+7yPrhWozOSnjMRg7yMbhluSPW/UYkjqiWCdw1RRBFvsFcgX88R9dVrD
c0c3dgi7FluPsd8SRjKrVetxIVffv9BAv5G+Gxkjp52c03e2N/w3G3X1xI6oswo0DCSjZA4uyawH
+1xgsjVkkhFLT1JDG6iVf7HEjuny2snjRGiKM21mfbCiZZBQsZZObblUJHLyPTEAy1GXTyPEk7BH
AsZh4tvUYa/4EriEa1YC9zvb/T1woPfUrO1KsQL/AFh+R38xyIwlVPl5h70FCwFl13BBv5dMSNDJ
UyVHyvcuicyTuV++Bo66Gao7ufTcG2iM3BPny/ngR69TQ9z3EdNHMCt7hdLr+nXDdpVCA5dEw/zo
H1FfcYUcRLNURGR5QdAtZhtv74bSwJl0xnp3p5HI5EAkX9vbEqL3LzuqrTuzMPEY3uOflhOSWqEL
O1M94yUVO+tc9Li2L0DeKl4lzGF6mCWGFV/KZgG/lhOshz0OIpKuNtS+IOwNx7df9MSRKNncZYVl
aVhtYr3xUEfbDaKnZ5Q/dQ6eYJa/87fvgVBVZtFR3Skq0nWS4/CTxfa22GLSRQlq7NqkQqH0RxIW
LN1NwMKQfFWaVVRAsFNaJEJPdKbEA9S3lin5/wAWVFTSvkPD06ySldLmnsLja93PIev6YUoPH2a5
NwkYcrq83+ZzCBdbrSbR0nlsevvvjPJ8/wAwzauc5iI6eFyvdwk2Vep1ep2JwUrTk1BT1LnNKuoR
aeFRpnm8CE9W9vLqcYr8WHxU8GcEZTLkGUcVSVFfL4Y0p9id7W9Bf2vjeOux+nh7jDtYzDNM3nqe
IoY56pjcoG5eQJHL1GNW+FupyrNM0HaFxvWx1uYNN8pl2XMfDCApZpCOVgNhjneWnoXtB7X8h4J4
JkMtVG80kTTziRgO6UDlbz/vjw+3atUcTdpknE+ezMi1IcBIjYKCLAYcujjxdk+LMkr6PNHp43//
AGi7MF5ML339OuG9I8WY1cWVrUWjjHdpbYAk8yfK9ziV7WeHK56TJzFHGFSpk7tbgmwtqZv0xM8G
5m2Y8SZZQZZULTpFG0JLD6de17f9v74Q9gdirRZbl2W0+Ry94fmQ6yON1jViFX1JAP7Y9ecBZTVV
NNT1U8jr3yNq1c7m/Ty2vi9s3hHZ1SPT5RUcOyTWZ2aXvCu+3l/P7Yy3tjpzleQ00WYSFiZlV0I3
MUg0kX63IH646YisCzjsWTLaKpegM05y9iYVYeJELFkuOXhLMNttzimQ9nNNmvD2ivkNJWU5fu51
TwMb3Unra7WPvgtMitce8Xz8E5zTvnkH4NXGELwnUsMm1yOhF7G3nfzxW+0iekany/jDJnLVcu00
kNyrqGA3PRlYj7EYhrSgca5i0M7U8g7uqhNyF5FhvdfcYhaFnzmqYvIVpNi3ecwL3/nf98YyvtvG
bSmdQQ1U0cWUkFJAGYA7k8je3ti/9kPZhU51XwyotwCAQd7DHnzrq9ecB8CUnDGTRSpHp8NmCjf3
GMB+KbhDN6nMWzXhTiWqZSzfgVEmhLgdBtvjr48eHLbzxwtxdnuQ56W4vyqprB3lg1TKyop98eku
yDtO/wCI8yShV8vy/Llj0OQRqdrdF5n3OHpXlrVPw5lFTk61lPkrW7y0JkXeZj19r4iabsFabOKd
3SKRkkaSGDReONuZkI6m/wDTGvTPEehuwLsmfJaFMyraZ0PeaQjfU7Hck/b+eNty2mp8vgZKaEIv
0lurHywQe0VWPHVB6coXjBsw/wAxvf8Anis8czQfKSUKyqNYAmHn5LjU1vaef+LshzPi+ubhpYF0
KpMspFhADe37XxSIuyAPxDNmdKsEsMKmClOnkWG7e+K8khTdj755xO2cRUKvFlEApY7bCWW21vbn
9sbJ2K/C3lmXZNJxbm9P3M0rGOniYbyN+aQn9cZy54EfKsF2GoX29cHWRvZvfHn09WwaiCbDnjg2
q4PMDFobApLNuMCqEm4FuuIc0osLzERRA7+QxcuDuBYZamH52LU8lmDjZV+554cZs9ct87Key2rr
6BcxqsukiZjqpWjN1qgLg7dL6Tz649Edk+WUPC0K8Ru3dxlfoqUszKNyxA62IvbHp1rhx9qz24fE
NOc0kiyrNY46YFB3sBIWQ2O/sBt74ybKeP5eOuIoqDJauW0j3Zwvhvq329b4553UdfBh8s5Ho/gH
I5MsoYI4477AFiSTfGg5d3EA1atIUXILc/6Y46fXx4xSlLxRSpKsEtUEI+hgRf2tiQ/4xydf8eqU
G1itxbY/6YoxmcUPHWTtUKYquM8/AT0Pliw5RxNQVsapG940W4VgWDX35jbC5Zcp+mq5YYUajq1k
jiYGNVPMnnfa/XC01We5+Y7oKTfQ/wCZT1B25euNPPlN9onOs6oFo1hpZoSDJokhk8WpulrXv5e/
XDLRUT0ck+Y1MhiB1iOxWRVHiPi9COR9RjpHkzmjYcRZJOJEpK6nrqqArII6QKZVbkbg2Oytva+2
Mp7c+P8AN8myis01vcUAvSyoNTS6m3UnSrWAtsTt7YWZGd9mHxRzU/Dy8TwZ8z/L5q+V1NDFBZmi
VQSzRm4YlW1G1t1HQjGmv8TlbP8AKrV9xTsVUd9SvqMi3PdvGpA1I+3sQV54drRPgrtirsxqa/hb
J8lCZTXyFqOWAGQQsSzMrqd+W9rXA/7cbFkvylLnbywVNXFU1k0cckyhjDJGIweRuADyPkfti7Ot
LdkrZhlNJT/OklQ0gfvQXj0HeMkWuCNhe/X3xN5fS0U8UtbPUWVwiSoQVOlhddQ6fmFx1wsrfSZW
KWmgqoPxTHZVUSEE2FjueZt0OJ6no/ltDCdAmokBh4WB3+xwWKDaGRJS0SiZRcDVsb3Nx6HCEdFP
So8TzlnG3hAJQ+frzv8ArjLZXMqEQUaSpUBk21hSSAT5emIhs2kyjMkQzfVddcm6uo8tueIw6rcy
WnLUMkuiNl1oUBIYczuOR98M6evq6pJqjL6nvSGsyk2aMnoeoHLEye0H/OUcj1n4k0Z8S25gdP8A
fPDLKqVVrZ4KJxHPC5JikJIF+l+ht9sbjBDNM+hoasUtcGWNJQkhZdhcc7+n9MVvN+P6PKVC1dZB
PS6zAso3Mt76VK9SLWPW2NM3hC5p2o0FFmXdQU8JjqWWk1xtZdRQsqsP+oKbeotiOyzjDM6bNayk
yaveRlKzGmqNmgN7aAeviH/5jBTGiZHxVDJmTUbPKdQD7j6AbWv7n+eLdQZvGag5PUwM6xkGNjfc
dDfzHlg9n0lcih+bhmq0lKAPeRXGnfzH2GHGYrVGGSoXvBFC2rUu23I4PRhJq2DvlC1IGpdR1H6x
1Aw1rKiDV8vKdJCnS1za4HljLSLqq6vh7ufvC4UaWcdQeeDUk9A8nd1kokicGOS40nSTex/XniR3
WUFLBEqRU5YRvojk1+K3lf288MqyScuaeRF1A6l1i2ryP39MSGp3hn0P8uCjHQxDagCPy36ffD8Z
RkEUBE8dpm/xIWvv5G+JGs9DTUcbCAs0Lgixa5W/P3H8sRENZVUMyko3dyXQrcMrEdSP9nEjyira
aZuZSVbkR2J1jyC8tsFjqq0s/wAjUIjL4uRtp/7f6YkLHnlUswo6oaSBq7sNqVvbqMBPPDNTa8ur
5TT6rtSkEEH0PTEhBLAgSUlTb8kq7+m/TfDPMcwy+R9G6SA7rCcSQ9bVxVaq1RTNKN7t3xuB6Dzw
2hip49c1NShZHYHVMNRJ98SPcqRppGjLpECNJUg2Pv5YkIqioprGeEsE/PEx2xJKPxBAqLEKOGXa
4dB4h+n9sAtfqdHgaPUtyVcEfseeIG00kZ1BqERkLziHgb1K4ZVTUsytJGRHOdgyE7+uJdIk0jur
x/xFdQ+l721eh8v5YO7zLAqVEgZo/wAt7mw57+WGIVs1OhzBI6i21rgFfLEe1dHKrGnOmx8WkkgE
euJFqXMKWSJkauXU55jxA/fBVcQwu0czB327sgkH9OWEC0WfZpTt4K9SqryaQ2I9T54GfiGllkYv
fU3MKoIP3H88SBLXUlG1oEqI/EPDa1xz5jCg4kWQO1GWWQrfTMCw581NueLSNqrO6iqgNdKxSMvb
vADckc73GG0mc5NHFGFzqZ0fp3A28xq5/fAjPNa/Ku7YUUjlVNwrOCP0tc4az1SsA/yUJcqBu7WJ
9tsQGoXzmdlSkeNIkB1IqgDl7YgOIeKIMt1uksVVNCLuoP4cV+V26nGkzfiHiziLihitRM1LC5uz
qtyo8lQc74pfHPH1D2f5fU5dk2bCKqlWxiitJUWI5l+Sm/lgak9MqqZszzGJ6mWp7g61IRidUt7k
sWO5OJWgpOHeFMuPEnHFageNS/dSHT3a/f8AmcGt015w+Kv478/zJ24O7L8yiipnOgVVO2vblZbC
33x5bzvOqfJ2lqWzH+J5zVC8lbKxkWmvzCk838zyHTDbOlOFVLFpDI7sxbe/O5xqHZZx5kPZxw3L
nz1j/wAVlYRRUxFwFPM+3njM/a9Kzx12jcS8VyVNNLmjSx1bCaodSfFbp6KPLFRFXClQKhUB0kBF
8vU4amnZnmkWc8Kw5xCAZJ4jG7p6GxH8sQHD9P8AN5tS0UBGuWULY/l9T088E6aq48a8Qh6lKLh5
/wDl6aLuUK/nutmb73OLBwPwBnMeZCOOnCTUSxyzM2wUuxCged7Y1WfT2v2F9n8nDD5blVTJHIrB
Qyg6mUhFub+l8ereGeLcgiyeOuhMekyhFXVYrZTt7WwyMonOc6jzTL6bMItMYqWsP+kMCDf/AH0x
iHblxHDWgZXV1cLJFoBkZrMtmAa4/wDiMaiZ7nvaEKHMa2Gpm1w9yYmDAk2PUH/fXGcjjyjpw1Qj
oZ+8Mb00anfmG/vf2wJQe1h8i46pflJKzu5FvGVZraGAupBO2+1/O2M/g4py+OkpcnldUndXRAH8
BmtazDlpceE3874jpVaoScVVCQlnjejJiYutiE/Lc+Y3U+2G1aJJZRlOWkmniuBtub8/fHLNvGL/
ANlfZnUZrOhaEm5/UY9g9hvYlHSQR1qZdGzEbb2vjz435VrL/GaWjtUbinJeGp6TK8pg7yNCFIO4
OPBfxDdtXac2cSZXXZkaYr4Cscagbetr88erHcjnpn/DFNQ8X5micW8Y1ksVtbrCNlPqx2GPS/YH
kPA/Db0mb5DwvFBTqQDmGYsXmnufyj1wXnsXh654K4WbiGggzKviEUAUNo/+nqGL5wf2dGrphxLL
RRpBCTDTRSc5N92ONsL7kdDJRUCnReRWJ32G5/riwmgiqIlLF9OnUoHIf+cCmkBVQRxT2SMl7FvD
0xF1HCcU0rtUU2tywYg9D/bF+ipfGHZ7STq2UZLErGqfVNU3sZCDc7/tiOk7E4qXNKSCCJ4gCNUS
/TFccz69cVSycIdmuUxZ4hhpFWmpLiNSNmJ5sfU4vPEdDRxRQ5bTOI41AjUAWsBzP3wdrp8HlsoF
j9/PChvfw/tjz13Bo3szG/l5YG36gYtoJDbW3PpgV5lf9Ti0vaW4fopamrSnpYS5uFZ1BYpfpb1x
u/ZlwN8hlhrs4EFUKYjSlSGjsjXJC7XZlIvpO9rjHbDHjbOVaXNmVFQwQZZkWcNBUywu8DxMxjh0
WkUEDZSrm1v8reRtivZx8S9RSQJlFWSsZibvDAT4g172vvcEkeox0t1y59sQ4y7Ucy4lrggkZ4le
+lbWI/qPTGjdhjT8PRtxDULHBMSqokotz8/PbHl8uWn0fxPHu7emuCe0yjXKlfOZW1Jbw/SSP54k
OKO3XLsrycyx1EIijWznmV3sNuuMTPfD3/H4zlnNR26ZlU8SrKk5lppH7od021O24GofY+t8dmfb
XVJXilizJ5KiV417mG5VnLr9Q6WB5cuWOuOH28Xl88vGK38H8dV1NUUFS1THLHEzmaNY2kcx2Jtp
BD7G4Pt6Y1zs24+pqimkgWWMCaXUiU8haO9zte2zC37j3xq465csPJ8q1vJs0FVDdZS4I1aUYHT7
XwXPM5qKXLZJKSjMzRgtaMG7Dz98EmzeFDqu0euyvMac1FNVxiqGho6SmMrBSSWIA3HS4w8zDiOt
m4Y7j+KzSTwKJZHqISEljBuhG1wSDYnlcHljpj08vl18ma9qvadUdlVLRmTMMtqmgqB848kZlakL
klGVxZgLAqb32I3Nsebe2n4xK+WaryV8xjOX1CrDdGPdyrvtezc7ncqTfBbrhiRj/Z1x5xGtBm9X
FU1lbkcEiVay94vzkZWN4Qupd9S61sxFiF3tyxfuH+3MZrmOX0uXcQCBqxVp0o4x3rPVjxazG1tG
u1rDmbjchSWcNNz7Ju2nh7izjLL+LG4zhTLaz5aCBpAYfkmGoHUSATplLICRe3PHq/s1zWHOM0p6
2pzl5mih1EmQPFIgNo5NY+lwG0kEb6d9xvqM1p3DdDnNJH+IWSOVfDcAhPFve/keY5eWJaDIVaAU
QyN6cxMxD0zkBtXNTe+3W3Q2IxqMb0k+CswtHPw3xBHV00kU1w9Qos4P0kMNiDbZh7HcYuVM0lPS
QyVkhuBeJ13BBv4TtjNahWZWo4UpzTtFqFldTcAHf9P5YCn7v5eWogDl3PdyB7ggjbf0PpjJLTU8
dHTsqo7WiFzHvsByPr64ipqL5iWP+GVyxMbXp6ggB/sR/riJtUpNQyl6lXhilViRGAQu/T02xGzz
0dXMKujGksCjPAf8RTsVKkbjDGac5TUIawZbSzrEyC6MW5jyN+eHZzKJ692nlVCV0MwsD5jl6jrj
TKl8d1NdnWQmg+ScFJWcsdu+UXF1P5lK7/8Axx5z+InjBuFslrqCmzQa6aSOpMs97QAzLolvzKg3
BPPS/pjXoe1Y4g7QOIct4jq3WenLx0kU0kCkkPpfUsd+TfUwDbbMuLVwpnlHmmS03EOZ8SSslFV/
j1zEh6iF+YZL/UuhTiV4emeBcxyji6jpczqaktLoCNIibSAbg+xtce2LhQ0sEdRJA7zd8oANh/ib
fUOgsb4KU4lHUq6VtPOLNHpeNjfvF6W+9iMOklkjoNEpcB7a1N9/9nBVEbVdzVZkcpdRFYAw1Cj6
b7gfrtiKqGzGsU0VcR3qMXjCPubcrHqMYbOMszESydxNGWSWPV3bLz/thOsnop/xpgVcR6Guvha3
n9sSdHU1ZpjSRqO7bkCLq9t7f+cFmqBV1b95GAzggpfdP+30PP8AriTqasr8mjL09IswLeMI1pCp
5kX2J/ngtZxNkATupBM2k+CSUNGVHUFT/TriSM/i8UhajpKkG4uo1bH7874aVFTJNBJVtUJMGbTJ
Hqs6npcdftiQkclT3awzZg2lSHWSIm/2YcsScVVFmumYSoJE+l2fxEemJGeayVTTKtTNCQxsJybs
o6eIC/64RzOvrsvlXTAwa1u9iJb7jEiMOcz1Q76eslLDfSgOpvtbC1dXU7Iskgq4pegkmN7f9vL9
MSR0j/NsiwVCnums3d2W/ofPDpoMrki7pO/ilO+tDcE4kc01QmXPEyVDuxPjBNmP7WOJIZzSwLoi
omjbZiTtfEjoOWUTqVBI1NEE53wQVaAtJ8uAE+na4/TFASEkqWlQgqxvpRrbexw0zFqZ5j83Culf
ECvNfX1wpC1FSocTCKE77CQEAjyviOq8wip5dMyyQsbiOM3KkeYIwg1fOHMvyrB7A/TfY+VjgYhT
9+T8qyaifwm3H/3efvhWyVW1JRzJPlbVEEinxDvLqR7j+uGq5rVw1pqY8yKSHbu2G39rYkJNrziV
qjMKKKAg/VCGAYj2vhxl9TRrKlOXid13Gq4+1/PEik9faRtLqYVPiiksTf0PPCJzOmeMs9SEVLsp
iBuPTEhVnpGT5orI+prFiSLX5XGEjn+QQzBa5YyyAhUlLbex/TpgUEj4oirEWny/5SmsLlz4Tb77
YY13EXDtCGjzKsWR2j8IgkTw/bDRpTuJu1BKaLVCVghY2LRsfFb0I3OKFxNxfUyUy5hR1eYK2okG
c6gd9yPy/wBcV+jr2zLjztYzXIq16DLMwkjqJ1HeSS3uv/dbGfV9TVZnXaqjOTM1+8+acG778lUf
zOM1onxV2nZBwLS/xvNFnnnYaYqeHxSO/RQOpOPJvxIdtPadx0flOITNSUruXTKUYjQpPh7w82J8
jth3qJimb1FUJzHUnxgabX2Q87W6YZgFV8VvfGUKrLoLNcHpgGe/gdut98ROZMwgjyhctpYQru2q
WYnd/Ie2IyXwm1/tiDSOx/PVr8iquFa+oASPxwqRtcnf98GouGp6fiAIhZFQlma9iAeZ/S9sUaWi
SlyyXLIp46HuQJTI072BZbroH2Cm/vjS+yDi/J6etmo8+jdu/aIApclmUlrn2JFsb6Y7b/2X9pbS
8ZDO1YtBplLL9JXSFFz9rY0mi49RquoyzJa8NDSTqwiLHVbTY9fPfGozppCZhUZvw/BDRwJDIEul
wbnqN+V8ecfiiq6zKuJoq+BCsc0HeMgbzF/1uDixN+maZtxDm2fU38QZ1Ssip2jkJayuykGNiOhN
rffGW8S8RVc+eyzZcxieSxGg+NX+lh+tj9ziutCRWKivrOIcpzSOWFhU0lpGUOSQb+XXqP0xVMxy
dq7M003EDjWGW+kC2q3oR+1sZvTaezqWKnp4quiLTTZkpSqmY76gBf7m4N/U4edn3ApzCpjSQG5b
y6Y83kyunbGSPV3YP2PU8YgeqXwixBscemciy3Lcqyj5WKDuyF5k4PHHPPtnPbjPky5LMlRmUkSI
CZJA+hR98fNb4guJsnzLjCqpcki1wxSMBUMbmQ33N+uPROtiKnwlBXVGYJDREh3IXQNy9/S3749f
fCLlFTxklLSzoaimoZiEtc97P79VUfvgZr3P2bcKQmmSSecyJCApibk7WFyfQWxoVJQTVcKNCSI5
PBEvIAdTjTPaWoMme7ETaUhXYP8AmOFKmtqYYoqCme7HnY32xLgOXUaOTVSw3Kiy3/OfP2wWqy56
wFHlCdSAbEjqTgSFGVUGWuKnuw7ID3e21/O2HOUZLmNdRg1LDXP4nfrg2dHcdBlfD41hgQDdwfTF
ezLiCGomOYVOyl20xnoOmGJ8MVYkA6t7YPEP8zfptjz12/ZRVubbD0wYKGIvfniLiq6vv0wmk+h9
MMiA3sXY2CHDjN8C3TQOy7hCvz6qTMsmjqvC1i8KXWMjc2kvv7MLHljTeLOIKLhjLJJjxjVRVU4E
VTQRRBBIw3uiH6dPhYEEjxEcseiTUcr2oGfdslflkM1FlmYNBE7tIO68GosAGvblcAbdCMZ1m3GN
XmM7fjOdWo2Jvfnv74za1BstrZKWSOolmu0fjAkJ0+hsMav2Scc5nVZpAc4rGlUMX0SXPdgciBvu
fI45eTGWbr1fjeS45ajbKrPwiLJBmMSwgFrody1up5nfoMUTj7icTZnJQRZ4mnut4ljJ8SsDcjbl
vf02xx8WG8tvb+R5LjhpC5TWRZnnFLM01V8xKTLGylogbMLsehtvtzAPW2LBQcS5aFqpGkq4RGbm
aJmd9LHwd4Lbrfa/Tw8r49c4fKu6ueS8XZ1WR/xLJ88hjm0RAy90JiAzaj7Ac7g+E/pjXeBM1zDL
zB8xHTuEijZ6mnjYvJJsCSoBvyHI79euKtYcZN+7O+MsnzaP5fv+8ni8LhRYX8reX6YsFVmlLTZe
slTnCpHrJZLmyX5DT9RH7YJ+nXO86QscWV0eZPmVJWyd5HKsjPC/jWIjx6V2sA1jdbmwscTubVE+
ZZe8eYRLOKyQJC6EKKh9mDE2ulhcepGNzh5cuWM/FfSSZtwbLWQU+TR5hMt6tZA0kCDYnvIhtvp5
r0JPTHz47Q85ypqOTMMtilkElVNCaPuhKkC/5JgR4vEBpbfkD1ODKS1Y3UUrg+DOc0zPMKjhPL4q
eNoe6ZKOrFP3bnk4Dbr4hyBt0xbOG6agzuXLoWqIps5p5mZ6XN0ERnBW7IJCe7kOrdfof32Iy20z
s4yvgrOQ2SVfFE9PllVUyUy5VXl/+RqHuGkuRrQarHVZgD9X+Ye5fhn4RhykRVk1VmFRWCBe8Wnl
tBIQAuvRewEg6qbat9sMjNemstz2PMIZMxRKinhhQK7TRHUpH+Zbc+uJ6rr3nokzWgqY3kIDhATo
f1t1B/bG/TnZymMmlfOaET1NKwlpgLgAkG+/I77YsEEUsEUbvbu2UB+7uVIvvYenPGa2WrVhrII0
1meNLshUkWIA5HpfC1KxahIUKjTrqAkb6iCOZ2sRtgRxFPURufBFLq/I4KlLc1Nue298J5pBTVTK
q04eMGx7wWZbdQbb2OJIbOaKWdpsv+eV4iqtdxqdeoNuW/LFWz6ghatVpqpoY0bUHRvCelvY7e2N
SCmZo6j5o6oGlYx6xGSbuL8lPnttgc+zqHKKJGFS3fmNZVlcBmc3tpI8iCOfW+NSM7UHtD7T46Si
gqcnzEulPEXRHXTJTMreJWXqvT0x5c+JfizLczyPJOL81zFZaDM5GoKySnbUkaENuVH5TsD5Gxw1
mMn4m4izKj7KaiqzvMxMVd4ZYw5JSmLXUheqgMbG/MY1nsX4NTNqrJYp83zGnrIadIapVcPG7CwW
fVyIZWVvUOfI4y39vUvYr8/whwdQ5emYCSKGARiRwSABsur/AKdiMapwlxTVZxVKFnIYRMFmW7Kr
DcX8r368rYR2tGTSVmWyCOVmjFlaSO9hGzc7fzxNtUmeGJquIF0JXWevv/PBVDHMcuARygUx6A6S
X8Stckg+YxE07pmkwpKyVe8UHuZVJOr7+eM6bEgra4H5GRgKmn3Vo/q3G3PmpweCqnQyRZjQaL3D
iNiSrdCL/wAsCO6Kkp4qLvoqkuoPhCnSpNuW/Ijyw1rngd0ZqNA6raz7Bvv036jCkbmzZnBElaJB
Uw2sGU3dPRv79cRS57mstJ3UuienBHhmUXS/Xfe3tgSLr0qaWpE1LohDkrqB1K3ocMJsyqquvUzw
/iG4JI5+Vx1xI8yusFHUu9VHKGJuAreIjle38+uFTVqzd2uYRSxHf1U+3MYkNBFFl0utJmhZyCJV
a4bC0zq2iSokE2jcBH0t/Y4kdROKpbx0s6BRqu29un3w4jy4UMZmOXGUEhTOGJ59CDfEiEdDFmNQ
8tPl4ZhzBFrff+mFoMuGX1CvVJGVFiKcErf74keU8dAszVfdNGqbgo2oC/TfBHzKOay1VNrQcii2
26bjEjqAzSxB4TYPtdm2t74GokpkU92gA2LC9wDiRCqko5E1JEq6d7atIBxDVTF1EyzAHVptIbm3
ph9BD5pnscHewyAy6eWhtv0xC5hxJBVRBkiN76SFazHCCMeeZJLJqMki6D/hyp09xglTxFSSoTST
6S72ENiVZffphSLqc6FM7rTEsJDtZ91+xwnBxFTsxaqgaQobWV7aT+4xI7finLIgJGqnS/MUzD+X
88INxFluaTJ31ao8Z094Tfb++JE2zfK6as01YeLux4ZIwSh97/3wpFxBkMp0VDO6hjZizAi/LT54
uhoWor8qhpu+oqiVmY3MMjFR+u+Iytzenmb5pdOtCL2Cm467+WKxSoXN+KaaKc0tJJpUrqMDSArf
ofPFVr+MK2eQNTCnCIbnVsFt5Ha2IxXM+7Ssqy+rctFTzyW1greQKbeZ2/U4yvtQ7VY5apTm3Esc
Cr+II6WYyld+ttr+gxmmRTH4mo+MqtP4LwvUyRMQrVuYysWn36IOQxNSZGKNly6KlgphbW7RklgP
99ME5N4Q1Vwi+a5jLxI9Csk9FFpokm8Kxf5nPrjz/wBreU5PX5suXZIFkq42kd6iTYPKTYzMfTko
xqiMM447PcyyKdK1aeRoJyQkp/8Ada+9vT1xWKqNopGiKAMptpBvbBeDCLqVUFrb7jBTt4SvTAnI
3IE9f1whILNr88SWHssqKeDilEq51SN4ZSQ5sGIQkD9RjYjwdDxDlcNdDmUMT1UayMxYnSqqSxI+
3LB7a9I01lVmM3y+lZqZJQ+hV0hgASB+i3tiX4Kiq6OfMqnMGv3EBlkQPpuzEBRqHkWvb0xuM1pn
C3FBjqaagpc00pDQqZ2HhBfdrDrv4RqHQYtnDnafWDjeTL5czCGpgXvCCTeVgWtf2tjTOvb1f2Z8
VUWecNUeioV51WKwdrHTYYxn4vEoWrp8sqSItdK0Sm5KqVc7j9cOK/TzkOIM1iyOc1IUtCBBLJvq
1C4U/oVNvTFU4lOV6TmlFMVkqrPrXlGzDUu3UalI/TAe1K4WmzKs4mirqCTSlUDFOrm2xNzz9RfD
7i2RKFYsnyvQN2RmA5C/L98c8q3jxEv2d8DV2fxPRSm7EiRNR2JAsf2/lj0j2M9gryGGonoNtrtb
Hmt+VbsmnqngjswocmyqJ4UUmwO2HXFcFJltC8ulmYDYDzx0jnt5V+KTjXKsryCtn4grZq2y/h0C
khHfoDbmL48C8SvV1maSVEqKhkdiIV20b8rdMdvSPeDJxR1mhUZTKQjyIfEqdQPU+ePe/wAD61EO
TJBFk/y8NGvdQADnqOotfzII3wM17I4Lyeq+WioI7rqbxkdBi61MrPVx0OXQ2BG7D8i40ydrU0wh
mTWWYHYX/bBsty2OOm+Zl2kkBLk/l8gMFqg1RXtSKKiQaSFsqjkB0xDz50JHZo2uGJDt54CXy+j+
eqVWXaNBcnocS7TU9JT31hEXofLEfSn5vmkmYxVNTo7uEOQGY/V5DGPdp/aNLkdNUzoTdFK6QeQO
xONYj0+Q9zqB3HvhSJyTduh8seevRIXTqdQwoouDY2PnjCMszr2hf5KnOuVugNrDEpwFwhUVmbw9
488VLPZWl2uL+Z/0Jx3wmptzrdRwlkfCOXwVeTtTUBoWAC1ksjOrncszBFDA22Ug2xmPbH2x5rxH
mIpajM4KgUy2BpYysRO9jYgb78wBt546b405+2Z1eYTVUxYyarcvTAQSMJ1leWwvcqL4y2labMtK
EGHXdiBb8ovi68IcVpkCPVU9GobQVEtgZDysFF7X54xnNx38WfwyXVu0ioraUsyvGqOGbxWZrixs
LbjxXvyGIlc6rayrUrFJPEjSMJS9ylr2P/UN+d9sZwx+Lr5/JM5ClbW1goKV1ggk71W0izFtJsbh
DyBtcYdZNPUUiyLX1k0LLENUBiDK6kbALqAtbcdL46vLI0rgWLMAI6SqqXaCQRsiyWGlVT6dKr11
FSd7g7jF74XOdZjVVYkrVgjRBNTMAXBTZe7BDKwI/fbDrY+WuWmdkFbn3DufRUlRW1TwzAq0piUF
Ct9mJIO3kB1588bMnF2bZrTR5LLk0KpThGeoEwCoTvptz3t57fpgk03ln8jl8myRaWHjarzGWKoo
kSSNpNU0Z3ILMi7MDqCsegF9sXbhisjzUGrSmgRZD8yZIphKBqUjb/KRc7dQDyvfG3G7ee/ibqq7
g/MZ5Gzualyx2jpZqmkVmho25XcC/hYHbULAk7kEgeB+N+CpODJ82M2bdxHS18wkpF8AaNlshVeq
kmzC9xcEXGMU4qPJTZa9f8/kFQtMsqDvYqmQuukEXsVFyNtwdx688W7huk4syLJp8qloVrIM2l0L
TKsdRHI/1IV3+k8tSkEH3xm1ts3w5cMfx/Jaat4py6qM1LKUp6qR7VWXSK4JQqT+Igbctzttj3X2
BUc9PRxcSUXD/wArHUFoXqYfE1z4WJUjdLi97bX6Y1ORZp6AyN61TTU9XJTrKBrZRclwehU772xa
uHMty6r0ySOYVkB1Qw/4TNyBK28N+R/ljbmsmWQ1WSwJSU1PrVOVmux9Bcb2xJ088UY0xKVZvHpL
E3PtyxmtO+bedu8pqdY5H/Kq2Iv/AEx1PraFqWlcpNGSFm6O3UXPpiRGWWSsDmGsiEkRHeQj+m1r
eRxxWKClPcyXNiFDE+EXtgRqKiBKb5w1CNG91K2IJHUX879D5YrGd1WS0oFHWNZa59UQCj/mD1QA
+3LncY1Gb2cSfLUtPPLMG+TSMt3lOPxaQ9Dp5kb4xntTGcUFDJTDMopqRg0sEk0p3AYFlBHMMbEd
QcanDOmXcU0+YS5LNnlRXlpEjdqRWc9+mol7FzsQy3B9VvjybnXEecAZpwLJVCoSI1UlAuy6QrsY
0A5dFG+5O3qYxG0MnEXajxPw98xlkdNlGZxLTSwveMMlgAAD+YXHMn6Rj2N8MXY1PkEGUTvTSloY
/kahZSe8jC3KEk8x4Ta/QkYzGuHpCj7Psvy/JJ6Sjh/Ac/L1KR3JYPuLeviuD7jFt4MyGoiyeKno
YljZLxuGH1n1HPcb/fGqytSU1HmtLPMki95oVCnlbl/LCkKTU7vUU8hmMgDGNVvYcv1GCxQYVCya
aWp0kEXGrkD7+2IOsyRcrzZokdkDuWQILop5mx/f9cZbFrMuWrmhb88R/DqFJGk9QbdPTHV1RXvE
IjSPNI42kjJO99+Xt74kItVAkKyeJJF3MDgjX7f3xF1udQVDPHR1zXIssT3BQ9d/6csQR+ZZrBBH
8toeJz4nKMTcYhmZJi1NDLUJMSdXUW89vPATiHKy0q/I13eEjUY5N7b/AL4etPJArJUxJrH/AEAq
w9+mJAjhpqyCJwI1mhNrSE+Iff06jCjcNRd8+YU2WlnhuQHOqNl9etsSJrlVRO4hpoAsbbsmrUqX
8jztiXoMkhW0bd0b/SzAFSf54kO0YoqtqTuxa9u/hYoE25YSnjzWlIloM0EsTbsHN7+vviQkfzZ1
VRniaS24Xc/yw2rK2ppJ9NQjsGHJdx+vQ4kbTV88JMwcqTzW3T1B2OFafM2nULIBEpJ2Uab+2JHO
Xy1j1Qp4e8ZQPr5hR/I4lHiSyubsSLgWtfFBTTNO4Vr76TvZiL/rivZ29NHEzQVekjfSw/rjSU7M
uJ44nanqqQXQ3D7WP3xXs9z2qWHVltMqsRc6lK3PTCFNqOPswlrPkm8JN9Ytcg+lhh/HxXWiIRTV
7TkbgfS6j0xbNkM8w4oqqOpeWSq1g7XdCTb1NtsLxccUEtMfl5FepZTcKtvT/ZxREWzfPZ/xKyWk
7q+rQg1MPS43wy/ilPP/APq6uWVmN179V2G9/Q2w1lO5fmTUdEy0FJOsSbag+pW91O+EKTiSsWEN
HPEI7m8c4sU9trYoqQquJsxhqVWCpikUnxRKd2G/PbniAzbjDOGVmpctipo1IGhGF5Pckc8SiqcT
dqnDVPRyTVLVEFRI1mZLSByPX0xlfF3xDxTVk1Dk2a0kwRNApxGz3Hnbzxm2RrTN6niDjjjWsagp
zVd0Dbu4V7sNf03OLNwV2DGTMRmfF8bCIeIRyksR+uOfZafkfDmW5PRfL5XSrHEeYUDU49/LB5eG
aOLTU1G7TktHFbe3n7eWNyCmfGnB0ktA+U5NHGJqgDvJZtwB/b0xScx+HfhrLKKdczoonkmFnnI3
Y+mNdh5V+MHjHhDhbiOPgjhlUnqqCMJI/wCWH/p/THnhp5ZJ2mVhqfy6YMuODC1ZIldUw09KhCqq
xJ6+Z/XDeop2hmkhBDCMldWMkmFVW1Fr+WEp7n38r4jBadS72DEHlfGr8AdqLGtzaTiCJR85Bohh
iBVImJVTbyGkH9cF+1OeFmqMtFXl4rslqRICxEoQ+Il/CFHTZf54seQ5Es+V1MeYuySVTqTE4uXC
aiAPTYcsdN7WtJKgpFMtXVHNIlK3EWk3YkFFVTty5/piRoY1qeIo88gy+JZ4amOlkS5uhsBy5Dkb
35DD6Z6j0L2AcaT1OZNTVdQgkgpow8ZJsCNS2v0G374qvxYcZ1OaV+WV9NN8wtSogkRiLhmG9vQ/
0w4jTAs9ro5ayUUUMkQqu7leNjsx7u4b/wDmxW5cr/iBjy2pq379O80KDZQt9a/of54Kois5q6TK
soWjy1kMtQ7FnXYqDva2D8MZJNnNSkcwZ9T6tRubE88efPLh21p6P7DOyy7wySR2NxbHr/sv4Mgo
ctjiVAQi3tjjhFlV1h+WoYf+WjbX0Hliu8X0zZlQPFKxS43RfqOO0YeVfiR7KOKeOJ3iyGlePu9k
kcagTyvb0x4y7XuyWs4Ar3pauYyyC5eUnnjr2tmvY/wRmed5t3y0TyxOREGPQsbX+2PqR8MfZxlf
DvC1JGlHYpEPEx+ogWJ/bBOazk9EcOUsGX5QJWsDK2z9bYX1fJ3kBOojcjoDyxpiHWUZZNWVaSxp
aCPfvW6nqcO+IMyy/Lqd1lkLSqLaB+2BpBKlbm4BqHMcFjvgr0I7rTBD4F8AJ/njJ6PIK6jypPxH
u+1kBxHcS533tFoZgZHPIfl8hi6SB4hk/wD1UtNEoldPEqg9T1xlOecJLxRmU2X9yZFiYBnP/uNz
P2BwwV8jQSVIANvIYOt8cHq1wcwsp2bfDfO84XLYLRWMjbKv9cUm7pi9IeGoq0ZKuR0Zw2pXI1W8
9v6HFq4c4mn+aZ5q9o2UhtKlYiT/AN43C+gtjvHI97QO0qrziipcvfPpKgUw0DRMdC+iKNgB5m5P
mcUSqzB6h2DsSerMb3xLQKcxkABvLYYdoFUXMYLdBb1xEtEsnf8AdBmuyi1upxP8MUmYZtXMtNKi
qqEshO+29tt/Pfpi1s7WnJY6yZUM1f3UkihVTXqDk7ENc7k2A9MTL0lXC6UDANGxLMsQLNbSCY/e
45m+LRuW4kqDhafMJY5s8oKQ2IWOnqHZjJpF1FlJYHxD6rDpticyxKimqIWeBCkMRRUijEZBNywc
7k3vtbfYeWHXsWzpbuGczrcvaFKWqn7lUDoazXoCAXK2HOxB526bi+LdkaNn1VPUZnmSzKQ8LxyL
aGU+EghiSRsbjqD54Wa0Ls6mpo4G4R4djaCGod2asoJHDuVIBdA2xA6jkdt+eNU4Loa1c2aizdai
N8vp45ZpRTsO8LAqJBb6gVUeellIIGxwyCtefLKKJIs7mpRLBHCUWsRvA+sbX5WW5A5H6vTD7gfh
WLJMgp4ZamONzEPloJ0XwIdzZha9iWHnv1w6Zqg9q/ZZkmcVD5vkFdSsoQx1eXyuU+Yj8gQQR+ux
APTHg74nODM6k4uoeGYKt/llppYYJq6RTLOGYmOFgoKsNtrgX0ixBsMYyaxYpnXDDcP0hhZpqR6G
URT1UBE0NUrMSrWN9DDfnbyO4xY6TgSebKaCbKkSrmZytP3FOYjVU7EDeZNmYE2IcBl8JBIxiuse
k/ho4Zr4aeunp5CmeUsgFROyLaIADSJENmINtJurb7hjj3b2OrnWfcKsuY5DHTQRIFSoQ2Go2vYe
R3PX3GNxjLlb6TK2q41EeWV/zKG61AlF2t1Retrcudji3cM0uaitpqnPViEqM5hmgJjd1tsGXz33
HnuMNYi6fI/MAziu7pSNaShv1BHTD2koZpNFJXyxHfWJVNjt0NsZJEVb5ce8qFdwpKt3Y8SEnY7b
EYJSPR0kz5lDUf4q6XWRzpU9DpIxExkZoZxU0xjlEgGuMsRqF/qVuW3kcLP3k1RHUTUkwjQGxXwt
GfUdRtiRtXRUNPC75fSdzNIrOWDfhzb7hh0I8xip9sHA2S9o3Cb8M5pnFRl38UZPlMxphploaxfF
HIp6NcexFx1wwZC8D1mdxR0mTcaSRQZ2sJp59SnuqmRRbWrfmVufmL8sY38UlDmMfB1ZQ5PmH8PR
dURkKktTTa7hyP8AIwGkkeYONfpm98MyyzJcw7nL5eNKk1EZphCM0ia8U9ySjknlpYOjDpceeMyz
b4aa+t47rsrmyGd2p5lqYKgnSVjdRp8QG63HPzX2xXo+0/wJ8M3GWU8fNBVwRpSzky0UMsamJJRI
GeMSdASzEH1t0x7S4FyCDJ8qpKg0SvL4oKgqNLovPSw689v9cHS7Wrh/Lq+M/wAN781NOV1KZbBn
HMcuZA8sWeipcu76SShrCLqJAAdgw2/lfDeAdxxtBOrRRBGZug2LdT7HCksMdG7/AC0dllNyit9J
6m+CmEzEJqeSmmy4SRyXEiFjc77EEbr7+eE2pTHRLJI7gNexNydPqOhwNGBysyRvNRzayBYxgm97
dfcYRyyAUytHJUtpPiVL+L7HriRnnM8TJGEqI3G5RJOTDzB5g4r9SKYsK+hCamch1be3v5YqgSZB
PKwWeS3eG1rXcHobdR7YjngrnqmgqoO9kjJIaO6uAOo/1wInl8rQ1Bqo6kCVTbTItgPW/TD2KrnW
aSSoqU123Y2CG/UetsSOqLI63O8vKUx71g1l0EXH9sOcsyPiahYCbvVCE31m4Hne2JJmLL56WMwv
Qq1/EGppLkX/AOkYIkfjLNpiktuJgRcfpiRKqqsq1LFUp+LycsTb/wAYaNDTzyLTwaor7hA1lYYk
CaX5SORBTBowColTe5/Y4gp+IDS2jmm0u29pl5+gOIE6YpXVhAUuF8RTVY4nsvyiGuRqenPdm9tM
htp/UYCm6HJaanjCy2WQG2teR9D0wSogLVPy89RKqjdO7W9sMCAz/vqF/mknkl7vfTYG/mMUbiji
ijWoEFbCkWrkAbH7nljUXpnPFfHFHTRPAzqZL6QLi3piojiWtzCORI60hB4tPl7Yl0bR5zQ0bDu8
xqJJAdRUEWH3wymzjiySrdcqjaQOdWmVCbD3xQFxxHxdIxY5TTKINiyk+L3Aw1TO5/mteaQRU7E6
TKW+n2xpAqOLuDqJz81nrysDtq8JP3vhsvafl8UYWk4gCKpJ1SMCRbzPl98VRjmnbrk9PpmzrijK
4om8V5plUNb3xBZp8QfA0murpM7pFUjV/wAvKGKfptiqkUvjD4veAspCQ0HaPTPOm4iMjpJfy9cZ
Rm/xTcf8SZu+U5ZVt3Tyau+qaklfvbfGcsvoyfaOzfiWslzKOPPc5kzCsf6aGlZtF/MnyxdOAOAM
04sr4kiyqKmk03buBew9T1xj3y11y2rI+CuFuzrJ2rcynEkyi5YCxv5Ac8Q9bx3lOamWpkqY6aki
vpVm8ZHU41pkKcYUk0sWXZQSEdNTysblV6D74nIszy+nRaqeXXPNsFJ3NuW2FU44fzehzN6mrrpk
bSbvKW8KAdMULti4xrJslqzkDKJZVZaeVzdVJH1W9MajL5ydoGW1FBxfmU3EtT3tTNIzd9I+o3J3
J9cQ3DGUpmZmoaeheasqV0wA7LGObOfYDGLNVtMngmops1WnyajaoldBDTheckhG7+w3x3EnCVDk
AXLZJdUFEoeqnTfvJiP8MHrbrgSqxZXVzxyVUcNo0Gtm6AX26YbyUFUHWN4ypflfbEnQUjRzaWHL
y64WedhKI4WNzYEg264lF+7Oe1JOFsqqsoim71pe7JaS+7hj9Nt9rj3ti/dnHa1lOYCnTiHUJaYv
GzKwHhbrY+gOKcNWLRBxDkcvD9XDlHdeKaKZJGtspXl6bjf1wwyntRyyryrM2NWkdWKuVjJr+sBQ
V297jG6z20Ps17UMsoazLa6KrMr5rRQM8CkAEnXqHuShv1xX+L+Mm4rzeDLT+LTGpaNRvqU2BU35
cxhlg1pTc/EsWWtW11Umigp1MpbYrZiB78yMZ/m/HVVXZgTkchjjKGMsdyQTfnjnndt4z4nHDPD8
uY1Rlm31m4F9zjcOxvsira+pjkjomsTttjzZ3d06Th627LOzL+GUKGWmANtmIxqeTUU1LH3SXUr0
GNTiOfaYgqoqe0Hc323NsI5kKLV3scK7jfVjUCq8aUeU5lkk8CukDdZFG4HXHirtz7Fz2iZlPUQE
w0cM7JEhXxTvy1sfL0x13qcCLP2K9i1MuWU+U0OUr3UR/wD2jRvI6jc49g9k/D75VQ02Xygt3SWc
+bX5D0AwRmtMSoWN4wY/+Xpx9B64TgmOat3ExMYLan9PIfpjYT3zn4QoqNGSGMD/AOZ8sNKrJaer
C11a1mB1FOr4P0RqdDUI0SReLptsBhhmc9QkK00coVU3Onz88ZSIKVMpvFexN7t1OCR5e9VJd7c9
W/8APGWjXMqSmpcukqVOpnXQoHXDDIMgosqp1raiC0zjVYY3GXxBIBJ8/wCWDKDz39Med7tfTpah
KeJ6iS1lF8V6qrfnaxqh72PIE3sOmOmE9vP5PoeCN1JbvFBHMHyw5lfL1YR0yE2G5c7t79MdHMkY
2qFZlBsnO+CTUuhQyEnXuSvIYkFKdo0V+70gE8+d8OKWmmLKzzWO7b3I25YklKKmjlVZJq0RMo1L
t9NuQ/fF84JyeizXK4svyeCUTB2MkopDM8imxFrKRcee1gcaivXK4wZRFluk1GaNERGrB44gsreD
YKVUADYDnz5XN8NZqbI6qnjFJnpkqQQ9RAYryKSbbk+LUTtboCOXLFpTk2po6/LZY3UTCoRmVhG1
yitsbHkRccyDiTyekqakBK15XTlKyy2MgNrAgbjcAmwxejbpPQ5rRRVA+YdookLtJApLNey7agd7
9OXLFy4IzCDN6yWCVO5y6Be7heUR6Fb6ijuw3YWJs17+2KLtuvAmV8PZHls+WZlm1MI4tEve0MJS
OohZPq0glVJvZgDzF7416gruAYqWCtmSqMkQkaLUG1wOo1IEZQCbEXZd9r898ak4c6vuS8WT59ld
BlcncpLMqpJDM5ETKBdrMB4ufkOXTCc2f9n+X15ppeL5aspOQGpPHGpuLqdX0/sTY88FJDNsx4FN
LX1UHDzVklXAwSKta8cpXcaAvM3288eb+1rsnz7tSzVc+oa6Ohhgpu7bKqCBoRODurc/C6HxDa4t
fBYpwbzfD9JwzBJQ55qqKOpJDV8axsZWCXbvI2uAeV2GzWvYG+GeR9gVVlGUd1wnRM1NSVCTd9TI
ydwGN2KlDfnbwkEeRHLGdNytM4E4ZmWSjzPL8vJeORlSetcxwTNyaLWANO4JAKjcnbHoTJZ0yXJF
lj4XqHR6hY3WjKl9rXcqwAIuedvXDBWhcMU5g77LvlZbRMJYklezLceX9v3xZ8rkhlpY56mdXItr
lY2dT0/84aE1HBUQBYKKoQrGdhGtxY+h3AJ64f0BSP8AF+Y8LXTu2UqUNt98Z6JzGEhZF75LlNLM
xsWuNsMK16hdPdzrMASjiSO5JG4senpfY4kb0yiFAscDkhjIdC2UqTyt0PmMKVdXUx1oWOWREmuq
KSTbbqPL+2JDz09FVBKKviYI7W1oliNQ5+18Vz5LMwY6GuKVsTr4N9IYqbEkflNv3xvFmlphSySU
tDUuJokIYPNu6lfW3O3XFN7SuC6DirK6jKs0qX7iodWLNbmp3FvUDkcNZVaPs5zDLeDqbh2uymje
lpquRlpYTtIjXLWPRmFzbzvbpiZyzhrJzQpl1AyVM9LQmGmnl3aop7AqrHmfI+RF8BNZ+zukoDSt
SUmqln0Su3e6ZKZzsG0nmPPrti/8N5fU0VSkNTpj202ItG9h59L4LyltyOhyl1Bp2EDhzpglJAJ6
6T0w7+VigrO/Q6ZAN2Nl1b9fXAUjT1cdXD3TSr4TcKhsy+t/fAyxxSXlEpiI5NbwtiOjOJq2jnkg
pIjJGLsQDYqfXzwt4qtO9EG4GqTu+a4jTGpptVIaymdRO/iCr4Vv/Q+mI+eKgqcvMFdDLFIBdmjs
bHz/ANRiCMqpKiOkc5c7eBRqV7MGHnb+2K/msNZSVS1MVIsiuuoBTcFetutxgJOlr5fkTItc2lNk
v+T0viRjzeVKUVHzQqim4v4ZE9jbcYkaBo6yr75lbU26sBa4PQjkcOoeHaer7qeSJorrZVlUx6vU
HkcSPKbL6alqzJSIYnG2mMFWb1ty/Q4ex1E1VGyLUm55s6stvI3xIFJUU7TNTSN3LgWaVSTcYSNT
U01ZKYqfvI3XTrJNvscSMKytrpI/mUZFAOlQTa9+YJ5YZZjnzxAxVyC6jwd2dh52xI3qeIXaiIoS
jK506xuQf9cQjys8qTOwYgFQSb6fTfEkzwtw+0tVGwkJDeIDTsP7Y0PLaHK6KNVniIkt1NxfBpBz
ScJGsazd3q3EgGxGI2sqKSgHzDsGLXuByOFKzxdmnD9FQsyTpHJIpOl2I99jjDePOIlWRowyWuTc
76fthgUBmpElZq6VT1AUHxYc00dLUh8yzKlBjUWVI1CKBy388KEdiU7umgMcS72VOf7Ya11Y6nQq
SLIygDu3OrGtRmq1xJxTnGU0oXuZFfmNTga/0GM34v7TszDFarJXFxqErEPr/XBTEA3HVOwapOWi
WaVLd1EbFOm4xUONX4hruH55aafMaF1BdSiXDkdCPLBs2PNHadWcdZpUSLxFlyJCCAAkbRg29PPF
MyyGtopJQeIjQqps0feNdgTytjNu61rSbo+JMo4Xoph8t38oN46qWMswPpfpgabtU40zuqNa+Z09
I7PZah4gpG3MWFumDpLt2Q5TxxmPFsE0HFv8QnuC0ik6ACfzMdser8o7WOzjsIyVqrifjdKvMWXV
3FO4KqfL2vhnN5V6YN2l/HbUZ3xE1TQpIIo3OuqDeHT0UepxR6z4s63jDMCYoPlWSSyIG2qx0DDp
vvtjVoXTg34ls1hhg4IyWBKjNJN6zMJnPdQX3Pvbyxpw7c+GeFsuSgObvmGeS2VjquTfyHQYINLB
lPaH/wAYZccvppHpKKisZpAN5m8vbFe7ae0SPhzgKqqcvgWfMDERHG50rTJy1t6+Q88bxs2LNvFN
Bw3mXGvEgoVMtRJNIAsZJLSMxuT/ADON37FvhwqM4lzSqnp+6WVxTsyCxiiFri/ry9r45m9LzB2I
UK8ZVeY0lGlNDRU5WPawgRRz9zjMO1PsSzFswXJZZBHFUyh0RfyahqZvcCwxqe1/KDz/ALF6oPl+
V5ZlsncSV0cTnl3i7WB/QnEDmnC2W8S8R1uV5PlWs0neIjAk7l9K/oBgSv8AaPwSvBqRUMgtUIPx
ANgMUKR2F2vucVmiCCpnpZUqYZdDxnUpvyOHuVcS5jlrP3UmrvARY+Z6/vgSx5J2hyUdJVUHzBRT
HoUk7HxDDbJM0karkpYqgODdgA9un+mIxN5Vx9mdAaGshzBY48v0GJgT4SjE/vqOL7kfHeXUuSSZ
5VzpK0EyFWgfxHxfV+wwWmYqDx7xtmfGPFeYV/zDLTzvpijW4GgMdNx98LcJZBUVcqhFIJtuBjOd
01jy3rsi7KZ63uZTTkuSMev+xPssiy+mhnaFUKi/ix5sf8rtrO64bZkPCoCBwQiHmq9cP0yqOjmL
wLqI2s2Ozls5zChWpgOigCMw2Yc8Q5yunP4NmZibXPIY1NAxznIKOOCRC8bAKTa3PGVcbdlY4mzz
LuGKaMQK7MZXUdDzJ9sa6S7ZRwfkmSLHk+WUq6ItIDILW/2MX7LaWPKaM1OizSE6fXGpwzT6ir56
qaOK4sOY88TFPlZavcgAowDMSbXOFJanNKIRPJayiyjzOFI6cZhMRc91GACfPAEdmlbURIafLBoC
3DSnoMVjMc3envD3mu7XuOtsZrUFoMy79PxGCjqfLCrZhRrH3KC5II25nFFo2o6Knep+dziU6tO0
XRBgtPURPqzKoQrF3lo0PkNsMWnwvKFhpHLob4OiW3DEemOD36R/EU4ES0wI38RBPliMW0cY0Ju2
7G/T2tjrh08vk/2HiMEUTFwWLbKFa1vfBhDHBGVmD3kA06Taw53xtzArpJJ3cQs1wLEdT6YXv3Je
RzaRdRJYkajy1C2xAPK222JJGky+pzKtp8lmAgkT8NI3tGI2uLl2Nhc3O59MOZKNKCmlPdHu0mMK
zMRuw3t6jrfluMKSdHw7UPNEkVNqkcBgrLY2PW3li+8LcLRZfCsmaTVNOWbSVikbc2+oi30259ca
jNbDQ0GYcQ0ktEaaWuqRTCniNHHdEjHhGl2vYi31FD74o2c9m2aUNeMjXKKYVyJ389c8hmIkJuA1
lAVvy/mub741pcSo7OqjM8ojpmzGCOmqhEWklzFtRG5AB5qNgLAdBhCkl+ZaNTAJSFIRqQEmXkNy
xtvcm9+m4GM0zmq7xAmcpWSyZhlk9PJGwXvHYaiD1Ki9wNvEDi69nHaTSZUErMwzuExVDiSTLtBe
EulxqaJwQehDA7crjBvk9vR3Zp2m5LxJ3s9HKKGrlVJlp410rGSByJ20E22Jtv5jF4jqeOcxrVji
nziKWhV5poWIXvCGuHj2K3Fyosd/TDtmzSfzviekOZZZkVJNWTxkyRtmEbau7mIDFDY7b2tf2Hni
Q4ezpFzZqfLaCCV6tZJTWpUapXVgVXXD5DTazXseVsV7S3wZNxA3EYyyLLq6SFkSMvUxXBMnJ9Z+
mZGBG+zAi9jh1RcG5VkFRmkOYZvmAFNIsSVdJoaYORdXNvGCpNmTxC1iLYjta+Fuzer4nhqJ80zK
lMAjVlmgDKUY9dP09NuXMg8sGoeEajhCepzTLhL3KEU7STaQ06MNIYFbXKG2zAeVzgG0hkPBecUN
XJNHl0ZgqYzqp5FPeFibG4vYqdjy68sWrIaSkyt4qZ8ramU2dIhJ4v8A/GFO3mLbjB0V2ybMxPTp
V0aySLD4o15EDlYi17DyxYof4XXua6tplV9Cl4yb2A8xb1OKnR7R1wplFdDQxmOIERzXKpbqpPT2
OHMOaLC800tUTTkk93fVoU9f9cCNs2hqI/8AmqDVPEi3vERuOgKn+Y64aJW1VTeVVdlktcbX09Of
O2JJKlYJKk9RNpEwIGrzta/3tyw/uC0LuqK4XQJCTf7eeJG/zOVPohMqyLHdjYEEi+4xFVEzR1yz
QxuVIdlWRbm9vPl/fGozUY8kMFQtdCqXJBcOxsCTYn054b12ZKIqiuoo6aslEo1024NgN1I89jbD
Welapqymqcv+QjrlkeX8almTY2Nwqup67hf3xm+ScSz5DxLJDmdQwhy9zGvy8wvETuFN9rG9r+RX
3xFeIuLRm9NT5DndfTzd+jJHUsNBZSfCrjmDewxasqmzWqyKop8nleSqjVB/D6skAFdimo7j0Pke
uArrwvWI2mHPsoqqWaVNqaYFlsOelh1B2N/9cSzrBmVDJLlhEciAgK6Ecv2ttjJ0YTTQJOk9VCIp
pF8JRrMpPPB4qud3alWXxJzXkWB6jzxESerno6gx1c7d2wAAUbp6k4e0mZQhAupWk03GgHxf3xIj
PT14IU0pSKUeFl5Iee/lhlWSrd6eqp9LlCTJE19/99MQRM0UsEKhZRYi4qI97edx0OI6OMwEiefT
vdJGvZxfmPXERzU5VJaGopEaBmKOALa/W/TCdIKNFekRdKaiY203JHlfEisOWUNfTf8AIRNEZDcm
M+FvcHD2KAw0XyNRUSFRuacNcrtzAPXEh2pqVYVq5ahTsLg9PUr/AGw2lzF6cM1JUx6bWC6iOfS/
98SE+bEKMFoo5WkBBK3II5kb74ZR98AsmWVbxqdyFY2TflfcDEjPNZJ2msuYOhB1MpOx/ocMdc7M
9PUSKxAv3ke9/fEkNmVdBHMYo1uw/PENJBxIcPZTW19aKvShvvpYadQ9uV8SaTkdOlBTLLThFRrG
zbg/2w/qqmllsFJUNzA3scQMnrHjjPzapJENvL98VXivMKfK6X8GpCBuRYfSffEqyTtT41my+imn
zagFXTBf8SJtNr9dwdxjGJOJctztZWoakpKb6dZvbflbzw/yv4KUNDb/AJ/Nc0EagW7r8z+Vhvhz
PKVqhLF8xIhX6ZT9PsMaZ2bZnFXJlrVbTiOHcaX2Y+mKZn3Eec0sTSR5murl4NtsKU7PMyqayFaq
OvkLA+JVva/viEXL0qplZMrmmkbnJNcD7YxW0jlfZjXz1i5jUoiqTqCk2A9zhpxjw9X1dcKemlXu
1Fvwjq/TF1AyLtT+GxuKFE1fm9a831c/CPYeeMvzn4TOKGKZTw9wxUzSzm5rJzdh9ugwKHlJ8DHa
BTVFNR1WcU8jyA6+9BKRD26nElxB8NHDHZvQHMeL89+d7hA3cBdKoPb1xa2ePTKuOe2VaSt/gnCK
Pl1DH4SsXhMnvbpig55xVm2YOXrKh3Vh4Vc8xiPSOqMzq6qEU7S2jXcIOV/PDjLs2p8ro70VJ/zb
3BqH37seg8/XEC+W57X0N5IMzNOW3JU+J/vi09lObZvX8XQU8VbKZJ2ClhdnNz54k9p8G5PRZFwf
Hk1PU95O1mmlJFkHmx8/TEB2wdmVd2hwRUUZkpKN93ZL6pgManQPewf4Z6Snzr/iZMkSF4EaGFju
dNrXPrjXoOAJOGshfKYaFVZG75+7G7knrjMiIVvDVKwWklp7RzjvJ2O9wu+k+5xnPF/AVRxVxNDm
UUpgpqaFvCg3a5H9sbG05V9mVFFwUamdPx9TNG4G4IHMfrig8E9hPD/Z/krcQZqdc2b1QsWHiCi5
xWbUeafio4pyTPe0HNmySrjaKIrEqp9JYCxt98Y0W1Hdv1ODLW+GpNC7efLAhjHZgbEdcZTmFrL1
HlgY5ZIWEsUhUj/KcSHjnlP4Zc2JvzxN5NHPNGacTMUaxK32JxUxaMm4XkrX3FybcsbZ2NdkklfX
wvNF4fUb48/ku+HSaj2L2NdiVJFBFUmG2kbi2N3yThyjo6WKH5XTYc164MZqM3lY6KOhh0qXKgdM
PY6ahjHzIYHrv1xuQUWJjXs0cl1B6AcsNKzLKSElDJpvsFHM41rbKAzejj7wJTrfSwu55YaUuRpW
Zh85ou8dwHPM3/3bGlUzlXCcVLTA6dT6gxY7b8zhfP2ZVhOtQ3LT0AxqA94cozNLEkaEu/I2/fFo
qjTsgplUARqL2O5tzOGMo+D/APWdTo1kRxG/h8r4m8ykiyvLykbDvZNrA/SMXa0q2dVbvSWeYBOV
htfFfqBB3bTSAxqBsTzOM1qG5kpoqPvvpHqdyfPCeWVSxPJUt4wAbM2DSClTV1AkkqHCK52J64CW
tOaLDQ045ML26740nw+VxyP63wYOo25HrjzWbe/aEz9m+dszDYfphKOQJJHICCVGkEtsPXljvj08
mf8AtXf+4ZC6NcjbexJHP7YUj01RJqJQ7rZVjJN5Cdr39NvtjTBaeSpSGooq+usNd5IwwYs6ggXt
zHS97b4P8xKAO/LVKJD8tF8wDaEfUdNjbwkm2553tiRzQ01E1PWJUQmpqVUOjiptGNt7ra7E3FgC
Nx1xJZfUQzLTZXR5drqIgKb5N47z1Bdru2qxCkWAUgXAwqxba3jCSbJJa2noI6enlWCOaCGSWWpV
0uNJkYX8YW5A8IsLcji75fUpDk9LS1mdxml7hZnmopBPJEj/AEowG4YDpzx1x1eGbwtseZ5Rw9S1
lZw1WxzU1UQiKpZe7jvYEm+rWASLX2vvi2ZKvCvaStBwuc5paagJPy0GcIxQWUErqY7nc2Jvub74
dfQ5M6rgLJc34gqcuy2uphSFpA0qoG7q48TlnCgjwqA1htyxX+H8y7MqhZ/+H89pmhgUIplga1a4
JFlUDc2Gos221sY7XSldpvaBwlT11LllJFQjun1siU6aW8IuAdN1F+Q5C+3LGfxTxU9aHeIOmomP
XtffYEn6h6j98Zyax3G79hPapktBUy01XlPfSJYR06E3ZSDqHSw9Mb/lPF1bl1YrUdZWhavu2kjp
tTx08l7FHQ778gw8uR2uq80bJ6uaDNmaCaenqH0xtOiK6yhVZyCEIYkjxXZQT+2LxwTDm8y0Gb1m
W12U11NMKf5SsgA+YSVgxia3jK2AZSLEX5HcYNmNW4dzt66Stra3h6oy6UfgxV2WyaTVqAGUo5AV
gWDAKRqBB5bYmsvoFrqKWDN66WGqp5vmY5MyptNlYeEOwIvc3ViD5Yu2daWahr66sq1y+nplpJJk
1ywAG+k+EyxH8y3IJBN+R95PKeGcvqo5cxzioneeRVjIivGocdeW/K/scWzpOw5ctM1J/ApHEys2
pp3uNYFiLAAWNr28+mHsFJXZpODNVJdLOJpYVZVPT23HMYydLPl1FFLTqaaNWljfxSU6m8ZPNT1K
n3PpiUlpqyojELxxjuwQxhc6rf76YkXyyLNmDrTVJYIAfx9OmZbctvLlhzQZXR0tT3MEEbNKGCo5
IANtxqH7YiNltGa2n7h3eOWI6SkhtceRvsbfvgZoxMiRJSCNiWUEAgEjmQennbEDqloF0LHJIJWU
XBfzHRrdcdm0M8oaOJ5F1nVG/O58/wBP5Ykhc2q6dIYpaeK9VENSpayyX5gHocQ1ZmVTJBNSwVks
EaWkgmdLkDqp9sMYqgcbccmlzOp4cRBUBoRINEgXvgecTnpf8rDqMU+DtCyug4oo548xroHqmT8a
oLExshsUlU8iD1/vjUWlX4l7T+G6Xi96ep4jjSVTLVU4l1LGsZb8WIMB0PjAI6nFS4q47Ss4n/jg
mWClCKv8RpE76GUMDoiqEsfCGOzjzIv0w3oxuvZVmNDxhwzSZsTT0FWW01FNcywkjbVGSN1N9x0x
q4qa7KnWilVnpARH81CfFC45XvvbfmOmxxlXtbcqqO7Z0qixRypUO4+oeR9cKT1MhqCKOdkLAnVI
t1XfzGM0wekqaqsp2qKmBWH0uIlD3Hp/cYa1FKA7vTEMhOqG42Pp54iPPBQiOCr0WY2jaNB68ifT
1whUQR6xA9Uy33WObcMfflfEDuFaxoVip64RMRYpK17j0w1rqGSWImrkW7XJYEaSBy3xJA5mLMEg
WzxbswvuPUYbL8zWU8qmrgnjjN2WQaWX0xEMTQV0JmpMrCMp3Q/Q4/p9sDSwwNPZJBHG7bAt+b16
YkfRUtNVQtTpL3TxDxKmwb1thvTJm0GgV83fLGCS+jkPK/PEjeF6fMqvU0DwqCR3D6iCPO+HPfRZ
X+EqRzQn6u8F7eVsSM6qVmJlipWWNDfY3AviPzGtoIGVqREjdwQ4DHc+hGJIjM6f8BTLObHcHnb7
4jnpKuKoNRSgqQd2jJsB54kc5dk80tc8ks6y6vECpvqH98XHhuhZFaamqAyq4sjb29jgSz0NbFFG
EzWMLG3KRNt/XDOfMstp2MyzCXu7my8iDhCo8S8SPOsoy+YNG3RTv+mKNV8Qw1FPMO8cFToML+ID
7dMU5VYv2r8YVa1D0MFXD3TqRJFc2f0xQWzCKjUSw0QhFvFpW7NfGqErljNX016HKXcsQDPUalti
aetgpKFmqJbunhBI2Jwxa4VfiHiOOuY/NxqxtpUC/wCtsV6XKqivLUlPTMAdyWGM27Mh3lvZyJmS
KolMig309MSsnDNFl6inpbErew8sBNzwzPU6IsweQxv+Q33wtLwnS0KXpKPQp5Ajc4lp2W8A09SE
nrFWzHkeeJar4fyLKYzVxRKFRd288Q0xDtw7Wsu4Yp5q+AxRrALa+QUe+PJXaX2oZr2lTvnNMJRS
M5CxsSO8tzdj0HljX8LTEs7iaSrmrpd0djoI5P6j0wwLOx7yUn0xkiWJ5b26YNDS1NawjijJ9Bfb
ES8WVVUltCWW+kv0xqfYl2f8VZ3mUdNwtRutOZFWSs0kNIb/AJT5YKHu7sy7H1yjJqXLq+TvSpGo
Hkffzxb8y4XpqirOXQwKyIADYdB0xqcBcODeGKfLcqZmjAINwo8/LDmemRKWYzUwMknLULk74ZQr
mZ8GSx0bVQawnJZvYdMNMk4GifL5ZGp/FUDSt+YXEOymdZBSUOVJSzRbRKNak/TfHnL4rO0+nyHJ
nWnpyI4VaGCKI+JnbbbGoZHi3ijIVmzePI5auKKcAzVUpa4jvud/PFTzQU3zbpQg9yhspPNh54xW
zUgAYMq33bpgADa53wFl6csSLUqBpFFiSfLFz4PyhqyRYIofEx54zldRqPQPY/2NVWamJGgJFhfb
rj1Z2L9iiUbxSGlHgA2Ix55zdtXp6F4U4ejymnVIohfyxO0lBU6+8jQlf/p3tjozo6nK08dzEf8A
tBwrFW0tRCY4EJC+fTDBS2XU1fLFJPCyRRgWMjn9hiPZFmmM0k5cDYeuNaBtLS/P1Bi1WhiGot/v
zxI5e1M7uaWnCIFst+g88MFL1lVHSRMzSABFuovzOIv5WfMqyItHZHNzfoL40Fly/RlqvLp/EA8I
HMDDZsxaRhCNSs31P5+mHoFcsgkoxrjYjvGux9MGzdK6dF8drjn1OAoatp1eA1VbMEgj2W/U9Tit
5tndCY/+ZqdCg7XO+LR7QUGbHPK35aj1OqHTYnniZdXgX5eqnUabXiU8sWhSdRUJmLxU0U3ek+EI
nTE7w/ksOXN87ILlRspPM4qtvhXzAKtywdfD4gb2xwe9EcRIBXJKdg4+rDV2A8N7gjYauWOuPTyZ
/wC1HgaNG0MmvUABe9lJ64XjqWAkpoVEaSgK42YNpN73IuLkdLY0y6NW+YURVEf5bKxsvnbe219j
iVpCKyR6yuzSCDvu8lWFqctGWZTyXZVBbw36WB6YkEqzUy5ToinpoJ2ZRTWaRzaxKva5G3X0xOU/
BHEGUw1fGC8JVs2XZPUUnzlaajw07v4rNLH4lBsfEtyALXvhivW1m4WeDh/iLN8yFLl2dVNXIKKi
XLKhkeQSD6FjddRjMd1uRqB0nnfFjjz/AIF4aoq/+GVi0GUpGz5XLBAJpZJ1Yaom8WpdOtgGcbg+
gxucM9rTLneUUlPl9TPRA0dWkctbJPc1LhlPiQEkhhY7WsRb3w+4+4s4Qoc4Sg4SQLRxxiGSWRY9
ckmi1wFuA224B8r3tjW/YVfiftKzkcJ1GRtG6wGNfxVYNqX132+odAOvTFNlzXLeD+FI5Y60NU1Q
YmMKw+XH+frt0tzuRjPBUOIS8QZwKh5XWmXxNUTEAgdeexPli20WWVFZSNWwSR2pV1JHJIRKkYYD
xKwAIsw39L4w10t3AMNZSZlRVMdIxp2UmXWFWVm31WNx+t+XrjdeGM0z7idqejoUnh74Fvm0e8ci
XAEVwd9t7EtYjY4i07hpMsouJxTVVfOlRSEVIqKFW7yKxBsH06TfU21rEFr42rhnPsozqkU5rkZr
Grgs4axWV3RvCbjxXUEG9vvh9MtR4YyaszbLwXyl6dA0gRJEDNGoNxe56E7Hr5jli15DkccyR0Va
abMKdUkQ0r3HeE2BJB8wdweuDbVWXKOznKs1p1argiApNUYIjteMjePa223MYejLS8K0czq0d1jI
BN00/SQ3MWHXBaoVhoIZ4liqpI55YbFZu7GrWvXawvpFr4Xy/J6VJ2m0ypFK11JkuhPTb8p5g4Cf
5YrT5glHQymMW0q1RIVCC+wG3Q4mYfm1p+9ipStRH+boT1s3W+JHRkjde8kJVxY9yFIt5m1sOssq
MveRZIpEDKTdVuP54l6PzPRBdQHeanto07L+mEq6RYZFjnYdybGMrvcevt/TCyGaGjyypWo7qK2g
hu7Niw6H3xEcQ1ZnjiOV1fcTRuH7uS+iRbjp0GIVXcyzKpqcyp6JMvWKR1YdxJKVLOu/ha1jtf8A
bDTibNoaeniqI1MkcikSiS625WIHQ9N8agunmvttafK+LZ6jJa4NDVxDu4ZlvELHUUI5nSeW24Jx
mXFPGCutNScRcRzZRXoGg72OQSROCNtEvI22sDvtbyxqRb4ZTxPnvGWaq9Rm1ZDNW5fNZZox4Jo1
OnUAN9/0w17GuM+K8mnr+KMgzANl0LBKqnRW/wCWRj1S1wpO1+W3mMZvB4e2vhpzV6iBKjLooJcp
zGwM0MgKU0ttieW/5Tt0HPG/0cGYd40FeBYgBlRbiVOht5+3PGVZpLLPTpCsaMhlv4FZyRIttxcj
+eHFJV1LwSZf3pg7sDTDI9hf35YiVp4aWniLJDJHUAXbuGK2PnbkQfPCNWXmq4kFYbQ735E9enM4
kTpoEzSpaoikWSNzd1jcgk+o88OPlp6W9PLTs6E3DFdVsSNqykqzIBT1L6FtupG1/cYLT5hDHJ8p
VwMU5am3xCmkiGLvFjFyQQ0c29h0IPlhrHlGZJK3yVi8i/U3Jx5YicZfltdl9MGrqWOBXNhpa6gj
zOHAp6F5RSz08aynYjcq1/64kMiRZXMPkqQTLyMUwB0j0OEq2s7mrBpNQU+JY7ctuWIdmlI1QJml
+eWESDky3F/6Yj66viFQ5qJSNR8XdC639sRReZ1U+Xl5aRz4uRYEg/bEVNTMqpWTzoXJ3sNjgqLo
IquEySTsskVgIzhsKiSlkPdwBUUkEp/P2wpyTQMzVArFVDsFUWOHdDxcMhqTDI5WMtcuQbr64hT+
q47pJKcwVFSHjc7tGd7+Z9MRdXxplYXumlDhj4Q119eYxBVeJuO8pSJqjuCkiXF4dyw9fMYw7tY7
TEzWIRUE08bqxtNTy2lU9L+YxqLTKYc845rp3afPxWQXs8FSlr/bz9sXThLJaPNYVK5Y1O99+6uR
+hwS77N/SyVXD0GXRGOSudnYbLytiLq8pqpIlSTvW0nZr2A++KqI5sqQTFo6QvJ0H5cO6bIZnUNK
treJrchjDR/DRhE/DOi+2s7E+gGHsGS0sUKVM6lnG5vzPlhiplPH31QZDE17+EcrYWpMvmrZe7Vj
oTdrndsQIZtW/wAPp5EHNN/9MZ1x1xfm1RRGGmIS97pfCnmft7yDN+J6BaLMJQlM7a5nJsABysOu
POvaNmDZrmq8NcL0ckGW0KaGZb3lPUsffDftSq5/B56iOHNs5Yun0RUindgP5DDek4YzLPa4Tzwf
LwMbkgWAHpgR/XcCipdqjJqSQ0kIKiZgfxD1a9uWJDgjsuzzOGaeameOlQ2Y3sZT0Axfwuu2l8E9
iGUZ1msK51VwxRhwkNFEblj1Y+ePW/Zb2K0vClNG9FSpEqi8ZI3Axe1dNfyLLfl6Hv2N2A5nmScP
spy2koKZ6qeIvI24bzJxBL5bH8zGkatoUnl/XDzLKKmUzTVMgMa7+PqBii/SJzLMcurZJWM6oCQq
pfYC/wDPBhmuV0MN5XAWJSS/lbCGa8ccaRTIe+OhZ3LW66R1x5K+KnPqCkpzmaIkny5JZXbxb8gB
jULyXXz1FdNLmVXIVaUk36tfDKQBtrYwSLR+IhtsBc2CnlfEnFQf9MGhhaV9Cg/bEVs4U4LnrXVj
Gb+2N47DuwzMc2rY6l6MlVPK2OWd9NY/t7M7I+xoZBBD81RWY2IJGNs4QyWmy2xEYBHMDrjOM1Bb
taaaoQK3ewAEdRiTpZkaDvIpNLHkpN8Mi6MqkNLPoaTwA+IjCr5bEgQx1Wlb3Y354dbVLVs7JQFK
JjIepPL9MRdNTVEQHfynzNul8aZJVIrpm+TpgURjdnHXErl4p8vyuSR5BpBCnfdvTGpyqiZZpc0r
ngD3udt8S0UstG/+IGUWGrGuwXOaxAGR2JkYYVoaKaeXvpHKpz+wxULHTRw92GlYEAXAPXEZn1ca
sstGoWKIXZj1wRMu494xDRmGprkp4kuCb2G2MwqONMnqM0mYZi8kOoqJpG2c22t6Y1Irwc5TxnSZ
K7S5VVFzuJJ2NlT/AFwfKuOmz+rlhp6oyDm8qscOtCctO4Co6Sajhqol0d4ly56DFwocvkrgodbR
k2UDmRjFUfBURsNwLA+uFNPhAP6489fRn7N85y1qulJjF5I/EBfn6YgUXWQiELv+Y7D1x08d408/
mx1lstTyL35SSaMrpK6iLiw32/v64fS0mVz07ZnBWIoEmmSjIPeMCCQ6ra2gWANzfUR0x0cQwVct
I9JXZVCYJaZS4mVlLEg7te3nyG9h54d5bS0MtPFTZhIflZqkrJmESqzbrewU+K9wD5Wv1xI5y6SS
qMFLmDSL+MED06EKAQLHwjUb25YmXyzI8j4bgy4rmTVr1BXMYYkCQGDTe2tT4zcevXkcagq7cI1W
ZZ3kVFVxV1VluU5TNNV5Tm1BFHHUJOi+CGSVwdR2UIt9tTHnvhrkfEOYZfw+MiyXMYJqqauMtVFN
SR1FQoUByrrYXDSAi+uxtaw6s+hqbWLixeMv4NHxXU5pXwZVSgtGma0QpFqKmQ6ZYo9Nx4VKjexU
Wt6SlRmNFkWWwzZ5nmTpWZYy0ZpaGVmjC2BX8S5IYnmmmwCEgm5x0mrLKLFS40zrhriDiGTLMn74
CqVdMrHk9/y/l025Hfb12Gd9rlTLNmzLEiDUe7aSHVoayjYX6X3xyvRnZ5wPTxU+TGgrWp1NREzo
teGVZbfSEIH13v8AyuMWfP8AibJsxyybL8opJ6+SR0lbN8xjHzQslmRrEgjUOm9lG/TBOmrzTzgT
Oq16ulSMS07aAvehnfvVBvrIF2uWF7gH2x6Z7MIIsryym4uhEMU8ranjFQe6lCkamKgFQRe+w3B8
8M0fTR+AOJcszDjSHPJchmWmgDsMxinDxXkupV1G5Q202O6sehIvo3AHEVFTZpT5VEtU9LSyJTU1
bXThpg+rxR94BzC7DUfEthe4xCR6E4by8ywQPTGckMH01N+8JBN772JseQ8saJT5ZTUzxVUMQQoL
sI2u2rT1+3TGKdFTXQ0dGlPDPJeRTqa1it+VvPDSeXKZhHJVV7H5dSgMAsfQt+uMb26a0WU0kMkU
1IHLGzai5BO4F122PvcYlRSyzTGeklQaGI7qa4a/UEDl740EjT0cwVTPKl1A0uCGUe48jfnh3RVs
Sd5IzNoVraQSAnWxxBE8YZpUZmsiTVz00JuHdSTpPRtQ3HvivcNw5tR5jBQtmEtUZlLfMKxsfUn6
TtbcYzd9t461qrvkOdpTTsKiZbnqTcE/76+mJmKtpo44z3xOzAKTsvpjU6crCbzVLTCOqnBRIwW1
DfmbEEfv7YjampppEkeoIdUYhW/y3Fj740zUdm1NSz0wjqZAhiAkUndri1jfp7jFR7RjKctmoDVs
scu0j0xtJET1CHnud8MZ7eXe3StrMgyKq/ic9KzJOCKtmKtTEDwO19rE335WP3x5lzOvrM44hqaT
iegraalYtHUSZepnWU38UhXcDb0t69cVrUmy+Z1a8INS8U8J8SU+Z5fUx91JDmX4sLfl1xOn4kTE
cwQdJ57G+G/CPEmR03HVDxZm2cVeRTZo5RMwozq7k20hZUXwyRt1NufMHFwZNvbnwhZpxbBlJy/i
DIMrnpwSyZjk6kQyjfxNB+W4HNdr9Mejsonnq4ookrBIsafhTK1xp52v1wCppJZ55YKl6ZG6Xj2Q
m31A8wTg6rV186vMjodRuXe4b0PliJ8lDOSYkUQO62RZG5nyuOmOy9YWjQ1Uz0s8alZKWYBiSPzK
w5g+eJCxx5ZJM1akjRzrse7+kj1w5hlne4SAMv8Akl2B9/TEKY5skdbK0E8SxCMbMjEOPTVbce+E
KLJq5FapFTezeEjdiP5fbEoMtMslOwB6kfipa3p6bYIaWKKoCSvLGwTex3X28xiTpKmkirI6adiw
l2Dc1kHUWOxOCVfy1PGYFiDxfka9mU9PXESUl+9ST5ga3FgpF9PvbDKograW5qyWsbh0JNhiRHMo
waE1AhaeE+IzAWkQ38uoxFV9MtRIlXFq8YsSDbl6dcSQuZ1tUWWldWSJG2YE7HDPMnnXukmm7yNh
caOp8j/rgQKuYMBTw1oum5/zA+V8JGtjeIFV3X86nrhFQFfnVD3hDzMr8yqtbV7euK1xT2k5qY2p
9DTP1LbHT53xJR+JO1fO+H6fVDULONOoPC12A8iMUY/EbxjUd5T1qh4SCA8f1wn/ADDz9sOzraEz
7tt4kqUFFU5p3zAWiqaa6m/rb+uA4aoc14nzWPM85a8g/wDd3/E9COR98G9ppeXcE8OwlK6qDPNE
LhGHhPpbEmIHJElDliRKeTDD0BQlZSSlZoNbOPqk3GEMxnzCujFElOBGnNVGM2kfLeH44I2qooSS
o+k9ThaSlgeIRMNLueQ5DARZqSCGXvlQMIxbfqcN55JADJJJ+I2yoOmJEHhaFUigUOxPiLYfUNJT
02pzIWbqPM4vYQnF1LGY2M9lZtyqG9hjKO0Cu+VoVSkpF1u1gTjUTK+JeAs1z16rMs7qhIhQrTwL
9Kk9ffFTqvhXpZ1p8qjDQ00w72rnt4io8vfCBOJPhio8ynpUy7KBGZtMMaW2ghH5j5k4cZ/8JnDO
WPS5dU5i6lv8UDmV8vTFZtIntSruzbhNKbhHKsni7mgjHeyoNl8hfqcYpxX2qRVcipk10FyI4YQR
YDb9cXE6Ot1fvhuzzKKfM46zN6rTmDchKf8ADXnj1VwR2uwcSyfKZU/eRRkRmoOyscCs5ajQZvTS
06w9+G0i7aTtfD6TiOkoqHRIw8K62N9l9MCVriDt94c4f0qkoMriyoDvbzxWuMfiRpslgTLDXRrP
LF3kpLf4a32BxodqrX9vmST1NJltHmaiVG72Vr8z5YuUPHlHPww+ZVk3eRPtov8AVi9pmXaBxL3E
VVxbXVpiWKI6ImNgNvCBjyZ225k+b0rZvxDmS945tBl8R3mb/MfQY1Sx2rlSSnQPIWl3FuQQYbqA
WBJ5YwR0gkqpBDEhZnNlXCc9MIZWhZxdTYn1xKiLCzMEjW5PLfGsdjPw58V8bmOvTKpTE/JiCAfv
gt0uHpvs4+D+tp44kqqEs4+o22x6N7H+xOkyCNSKUAr1tjjr7W/ps54dpkgUQuPCo2GF8o/CbRMN
v3w9HSYijLR3Rhp574Uhibu2vOEDf5eYxRAEMESlWmLAjkOpwWlp+8jYSSaADexPLGtA5pynefLw
7kjmTzOHUNDQ0kBnqJ9ZLaf+/wBvTG9AjXCGnpm7wgyspbQh5eWIam1yUJqqm4SIkaf8xw9AGWII
O8r5hpJW6r5AYXimkmhEJGxIJJOGcJI5flL5hVopBG/6Yn6kLSxrDFFzNib8hgZN8wrZIU16ygUW
Jvik9p3GjZBlYho5T30osAp3JOGTaeTO2XtLmpqk0vEeZBmjJZqVH2RBuS2M5qu2fJ6+lh4tzjNF
pMpgcrGH2Mlh+Vcb16NVTNfixzjtU4ppuAezzL3paBJQWnl2Lgc2PpbG+dlXGuVQUYy7LpomIF5J
NVwfM3xnK7q1qaeiOyauqs1y+A1Vx3iDSo2AHS+NHObw0Q7uBtT7KD5Yyo+DUiBeXPpjolvvbflf
yx5fT6fscr15emILP8p7iVq2BlCWuyHzxvx3ly82O8do1bbbrceeHVDA0kyhpitzpbVyC9T628sd
3kOIaWOnq+6laGqjgcxaGlIWTUDZlO3h2vf2w5SSGrkRqOFYYEEayQI5LOQLs/K4FwT6XxBNvntB
UvBmFDllXHWQMzmqEzq1ZCDZWJA8LIBa62Fh5i+LVTLnPH8mUZtnkzNJQXoYcqoqREqwqKXQAFbu
LBQWYdRtvjW+NDpL8O02fZ5kVNScMVUErxSmWohqKON5slMc6rE1iBZnItI3UA3sAcSnGGX5Vw1l
+b8TPxdkknE2U1Fq2LJ3EdM0LiOUPFKrL3rOQUMaKVCg78sakVQfH/H3CfFGX5dmHCldmVPTSU8t
Zn+XTEfLmeSR7mnVtrBdCgXJvuORxFZDxh2aJSNw3mNDKYayJIDPOn/NIDIp1xydbKDYW2FwCb4M
rN7ik41Vr404W4QymnTizgjMcxmyRXMFO2YwaGliBuUEgGkkJu35jv5YzrK2yXiHjeBc/ppZMniq
u9qFp5bSCPZdmYbWFtyMZt2ZNdpzi+KKjpEmy+giegmg7qCq7xj41YFtIIve+xFrXOxtiIpa1zmn
y8tXM8Ez6mAHdhQeqqRsbk88VUjR+yfg/K85zOKsOZCmqIkE0MUhs1SmoKdDW2cdLH7HfHpHs2oa
zKKepjps4NQjOk086U6gTWJBWx+liBZgOt9sM/Z/TTuzWgo+Kqyf/hrLoqmNph+LGe6LltiHPmgA
BOnfY72xuPDPBOXSw02U1VUlRDIgjqaaHV4gWYXZhv7jlfcbYg1qipaKkaimqZ5e6jOuPuhqJ2sf
ffbyxOtVUIyx/kC6VRRiZL2YMD+b1ttbHOtwjDPMlLDU0bCSRiNag7BhsRfphWjpqWr7yO7G8l2K
nZW32uOY3/TGOq6642lMly+JsvHzEsjOWIEUtyUW5sBvtb9NsEnzikyTVVZgQuq3/MIpurDqTh2x
Zum2TccQZyzpSVKMFNu+G48/6fyxZqSoNRTfMz1CqupVOkXBbodt7WwS7Wc+JVcuy59aVMp7t2uC
twLHrhQZZTxOlJTqICgAHdDl/wBW2x/TG9MG70TfMrBbvGGxdNrAefnjs+zuTI4g8atJ4tBBG9jy
b7YrwClLxY/8GEmY06xSIPGoN9Yv5/uPfCVFmkOZVSx1RIjUHUumxtzuMWNFgtdGk8jo9WDHo0qG
8N+u237HnjO+2bPe5MVJk04p6o6VjmnW6ysouB9/I43GXlPt/wCKOJYKZc2rcrhlo5dS1GT1kulJ
7G7Isg3QMLlSdgb487ZtTxcI9oFUOFs9zCkizSNZYcrz/SKije11Mc0QtJHY7MosRzxWmcIA0PEu
a18UqpBmVRVJ3smRuTSWdSblX2GvqrLz6jnjR+xdKTjnOqbI86kgyethcOkFdeB5GXbqLBwOZW1/
UHB3w164fQX4aODKvJ+FRDMgWo1hoZgQqm/MKBsN/I2xrdFlyUNO0IohA6XYohtzte4OFm8ncNEx
pjUCqe2xHdm1iPTC9LNT1U1nqxHIRvG52c+focZJ1EldT0WmoqTUIr/Vb6h1Fuh9Rg9TV/NwqYpk
Cj6FmTUPTfnhQI4npacGGdCZl8URbwkeYODVIqaWNEJkjAIGq2q/sRiRQf8ALFZqqTVG50tNLy/l
hCuiRapIY9Q1NsIjdT5HbEIGenqalWSJlBIu62NmPXbEeKGdRqjlKOtrqdwRfnfEhI6CsppGRvxI
wdXmB15YcUkWX5pUmpJEXd3byDHzxEjUVNJLTmWGRo3UEainP0Pphr383y6zNGqMDYyR8m9/bADS
uqqyKGSSK6kHdguw6/vit5lnE8869zSpHNp5JcKT154iip66sSI6o9YO7KTe33w1jr3hYxinLGRb
6h1xIjNJ8shmqjqZbAEGx9sQWZ8Q01UkgirRDIoOzGze3thCg8Q57WO5Z5LD8zgbg+eKlxBxlT5d
prKiuVmAK6Qxt99sRZZxnx9T11X3iBGcXUrGttfrbDLhnsz474/qBLlFJLTwHcyElRgt5M45aLw/
8LOaUipW1sj1D8yBvi+cKdkVXl5LSoAqb7DcDFJob2scPC7rIE+VuvVjucLHJikj/LEDStgWwozT
h+or2Pelhp2ucKfwiGOKRlARE6/5jgIRSUVNRXijs31FieeItoIYiZ6uRQ3MAnFoIp6+kjuJpPDf
USeWG1TmuVxXPeLc7E35YiGJ6cyqIW1C1yR0GF6rMIqLLg8cVyD9XXBErOcCespXlmcl5dwBivVX
B1PmFRCKpS3lfrjUBCr4AoqhljlTaI3UdMOqnhGEU4g7tT3li5t0GIGFTlkFGTOibu1i9vpGKxxV
kSVzzS04LTMNr4Uwjtv7A+JOJaNDSU5SGnLSSCIWapkI2F/IYymp+HHOuBxDW1FI1RmMw0RU0QJA
ZupPpival4OqDse4i4WojUQZdLVVs9w9QGsAb8h6euNx7K4cwyPLKemqJhqgj8Q/KpO/3OBLZL2s
QcOxPLWVwUDxd2DuftjKu1v424YQ2Q8P1IZtJNRPfZCeSjzOGTRYdmnxJcR5lmk+e1VdYRjTDboc
VDPO2niDNqxJ58wna/ics5JdvXFtJDs97Rs7r88WLMcz062BZ2Y7AdMej+H+3rJp8uMbzs+W5RCL
2O9RLbkPbFOaqxHts+JDiHi2uOX9z3FJGbxwI1yfU+uMrzHOsyrKyTOMxldp7hV1n6R5AYrTIjNU
cqMqRkyOdr9MA9I8XiYDnYDAnRM1KonSaz72seWEkQM4XUdzbnzxLTTPh77HH7RuLUjqYXNNT/iM
oF9Q8sfSLsM7LaGnyimhjy0QwQoNK6baj54xexY2nL+EMvy6kV5oFDs309cTWX5LSw7qgAJ2HLGa
ZA1tOaaaxGzDpgqPNTG6qLHkTgaSdG8xQgoCejdMLskLLpebSxHJemNRki+YUtLTiJUFlNr33bCa
zfNyiplk0oTZUHXGpOAXjp3jZpQ24FifXCq0rifu5ZLsVAXfDpE6umjppndmLMQBYHphlUNKhD1U
emKIXUe+EG1RVz5jFJGkJDsdrcgMSmS00WuOSpsdibHriS10wp8roH0ENKw+ryGGkTSS3atJjtvv
jTKH4kr2SB6h94Id/wDuxg3bJx5LT/MQ5XH8xXsC4kc+CmUjmfXFj2Xz07Y+04Q5vX0lLWyVr1Mp
eeWYn8Yjp/2g/wAsZVm/E+dZyEmr6x3OqyR/ljHoMOVaS3CdfndLK1JkDJTy1PheqJtpHkMe0fhU
4HpU4diocxHfTRKryzEnxX3FzjN+ha9fdnVXTwUca0cWx0oP6nFyyjK6nM53Ij/CDXv6YzRHwmEV
xdh6c8GVQo3/AGx5bX1JI7Sbadt/XAPTxS6kdbqegxS/SuP2reb5LNlk2rR+E30t5emGX5wwYg49
WN3NvBnj8ctFpKpZW714o9erWSFsD6W5WwpFUREpI8KMNd3VLqfb28sLB0lc4jhpzPI2gN3YeQ2i
u1/CL9eoPXfFgy7jDiKOsl4lpONJlzNo+4aR5JEmMAABtLe9rbaeduWKKrNP2g5vl2SGgpctqclz
zK5NFRFTIsXzdK1y6VETD8SRdQ0kg+E7774b5TV5PnTZdWUvCGX5vTZZI8gytpzBV1EWu2lyttbs
W1bb6UsNsa7HSGrqjLDJJxIuQmPLquqb5Qzt3z08ak94Fi2VlBYC5GzAepwhUdpnE1ZUS1WaZpBX
SS0a5eTX0UbyQwI10UG2z7fUN7bXwJLT9qnD9fllXl2Z5I1a9RIkqLDK9HBEAtmRYkOkD15+Vr4b
dm+ay5ZJNNHGln1ancaig02tcgk3Dft54pqNW7TucZjljWiq6g1NWFLNKistlsx0C5Ive2GGSwVN
T3ZrsyWOKC4MiWLxAkXJXmwtgWmmcE502YZhHk7Qwyml8AemjJStUHkByD6eduYtbfHoXsY0cRVb
5OHzOOpp9JFSW8DhbHxAgFjp1b8xpIIvY4Yr9vQPY7lQy15K3LKP5dw5jlug7qVSb3DbXvsRte9j
zvi3x9owyusny3hCpj+bJJSU2DSqty4tuNgdjbc7Y1bwzOa0bhPjOLN8hy+tqqo1MRuxkiYWIO/I
G25B2GLHE8NXK5Mpg0OB4lOrT5gjmOW+ONd8ZpLUk81NTfw+rjktZmSQqWCkncn1O1sSGXw0qoae
kYCm5qPpJJvyB/XGNN05rJ6IItJqK8tUjc+d9vMf3x1dQUlQUjq5WQLd9FrXU3uCORH9MNYnBrl/
B/DlJPTVFPTmGGNiIYoFss1+YJH7DE2scFAD/D4zGNiY3fVpI64ZBlls6geKtnjq6ucIkyXZJRcE
3te4weDOz8ykUEMlhsrKdXhG1sbnDnS0+ZUkqqyRASAXQAadQ639fPEfni/xGBBHFKHkvYs2wPUY
byyjIIp4wY4ooU0hQRa4sBYCx9cOo8yqYKBcwradFl0EBFJ0MD5nob4JNK1FQ8cxyTihzSiIWq8C
q3IsOoI54pPbZU5eMsqIFeNtcaGOKoO7Mp2IPQ+RHUY1OKK849qHB54lrDkGd5pBMs1OZqairtSl
HvfaRdxcfSTcWuMYxX0le0EWTV1M7QUyGCnq4KcTLDZuroLXF7XAvtuOuL2Vqg4Oz6npqStGUVOc
ZdMQzUD6HnpyvKQPtYX8t/MHF54L4WoOKqenGb5XUwVqSh4mFi1NvtbYgGx9ufLDV7exeztIqLh6
KizttEWhbRyqEAsOfuT5XxaqyfM5I45aZy4AAuGJ2H9cZSSyOqizFfmVrHiSJfHG/OJuvhwvHItR
Ce8pg+g271VvcdDjNaOo4TSVsdaimzLfv1NrejDzt1w4lq6RImV5DYfS55H3xQBgShrn7+mZSz7G
FBcrbn6jARQVsbyrQ1QYpyExsp9AMaRCWaoro37yrjVyLGNgQGt0ta33wm1XLG4lpkjjFtOl9gD9
uWIEJc+mqZpKLv5RNGRYMNm++EStTLOSVUlbKSX2HnjNumpDuL/lqcR968bnkeakdLYJXVMOlaWC
oTWwuRY23+2KXYKU1JLHTha2l1hNwU6+gwyq075nNAtwxN0b+VvTCkbU1VZ34pUAuR4k5CQYiK8U
lQGpZodMqg6kJ5DpbEkOgq5T8nTxJIDcjVbUvpiNzICikDNKUK7FD0P9sSV7ibOaRkM8FarkDcXJ
tjOONOIgtMUvqLC3ejcj0whl3E3aJU0NRJCasFTsS5N0xU1zXjHiKr/hXDkVQRMbGQNeNsFujGrd
k3wktmejPeNks5a/g3ufbHonhXsuybIqKKlpKZBGgsABzxYz2rd8JpuHo4YhS0lN3YYXYjDRuFIB
J4ACW63540yQzLhhYd5d9vpUWxHJw4j6Y5I7C5JtzOBpHZlkqEv8rdSPCMRddlzJlzjuxqvZRfpi
SkcXZ1/AqSc1kp1FOYOyjGT8bdss+Xx/IU9Srzlb3U3CjDrhTtl/EvxO1smeNTNmEcdPCunxNbcD
FNqfiqzOqkjpo5mvLISX1dAcZ21Jzp6X7HOLU4h4cp8xNVdpk3ZsXuWlhqURHbUo3IGLtk1rsqhk
CtGOY2Hpjm4fVGVnAuq/qTiQn8GgFOU03cvvhHMcvB/C1b26eWKJHVWQiqgVAtreInDGh4GNfI9T
3Ngp21dcaZok/Zy1S+qQAxR76bbHEJL2Q5c1RJmVVCsj7iNbcr4e0g+I+zjIsky9YZ6dVsDfzxnX
yUeQRSd9IgDkyFW6eV/TFIvTFe1LMoK9ayWhz0RUtNqlq6sc3sPpXHmHibMkrqxhTK0aSNqCXv12
virURs8syJ8qDt6eeCxd1Dq75GZugPTGUWoc0loZu+hNnXlvyxZ+C+0CpyTKaulkY/jKU7w76ATv
YeZxHsvk2U0ckZrDA1TWTeJQ5uIl6E+uI+t4fWqzF8sp7zzMwBkX8zeQxKEZOHDQx/JRUj/NSOUG
roMHpcnoI1mmqpCWg8AHMM1t8SVuddUhsOZttix9nHD1Pnead1UJcnZb8l9cSse3vhB7K6TLMujz
WGGNRVtpI5nSMey+DMtp6GNWCAKoAA6YxWVhEwq61pH3Rdl364kWEfdre4A3LD+WMVuGc1at17ze
x898KRwRtAagzHVfwgcsUmzeC3/OrAClSosL7DphjJUzQsS87O7dBjcZKUFBUV8LSJA2tDzPIYc5
fSlQz1TWIa9v8uNQDtBX1o1oDHDfdm5scCzVZfVECSOvn6YRwRroa2GcyTtcn8t8dUvNX06U0myg
7+bHEj3LsnNMkglW7uAoF98SFLTU9MFMiamG2lf5YdA9s/efN1BsAd06D0wnO82aTOXv3YG9vLEk
JxtTzV+W/JRSdzGxsx9LY85dt8WVVMM2U5HFI1NCCZpxsZ29/LG8RXzz7Y6WhHHNdZESFCQipyB5
fffFAeiET6gu/RfTBl3puLDwfT0UOdR1FbIWIIKxX2Le2PafYZx38zSQrSUOiN9MChBvK9ht7Drj
F7Hp6x7PMxgo6SLL3dWqJNyqevTGqZZIzL3EPhRRdmHXFeBHwVaDu+Qt6c7YKUSwAXn0x4dvsWQY
U/i1k/oMKJCdiVPni3wbjy6pyyOrp2hlQMrdD0xUs/yCfKJTIo1QnYN5e+Onhz51Xn/J8XHyiLK6
iAshU4Uio6+Y6aYCQt+UHc49TwBqqety6RoM1oZqdwbESqVsfvgIagCxjlvbcb4klKXPmkmh/jPe
VsUUwmNPIxAlO2oFh4hcADbe3lhSqzXLqqo7w5VBRxSTs+mgLCSBC19A1E3ABsNRJ23xESWryd6N
oKDKJFkWVn+bkqTqaMiwjKW03B3uN97YQlq6inYqtUkl49JkivezbkE2ufI4gQSHXKphYDfnv4fX
F7y/h/OciqJMvaN3qoKjQZ4WV4ZAq3FiDpO1j7c98RP1yavAp5YYryPEWSOMDW62Y3I67Ei/tid4
MyGmnziCjzGlkb5pwFOkCZdj4f52+24xfym8dkfYnxMjR/8AEGXrBQyGyZxAdashvpU3HhYMpJ32
NwemPR3C+bZNS1UKivhqc0amdZauniVZZCo8NxybnY3879cbmmbfUT/CXEGYU8dJl1VmC6pgnzC/
LAKo2IKrawPKxBtf2wrwFPns2d9wkBeijnljGYU0Q70uAX3v4ha+k+RHUWOM0yNP7Ncqyymy6moT
IhqpgZldQI9Wsk2221An/TGqcLxGGljlmr2ZY2IEkhsFuBew6f78sc+nbfCX+XSomeorJUaRUIGk
koSp2uPPDmmWAwW2jZQAGjvsBuNz64NHZWWVHZXiokexIMh2AuL7D3NsLQvUpKjtIBKq2QvsfI++
FilqXMJaZPkixUHxL/3emH9KlPmJ7yJ5O9I1AsnhcY1GKZZxVTZLSTvNExWJS+lQbi3NQPTEbwxx
DnldSvXpTxxwyi9O4Q2kTo2/9Dgt0ExU1S1CFqdYw6uLo5IXlzHrbAUcsSNDE9QUVkBZpBspPp+2
GCiApBmlql4/GNDKNid+Y6YCsQx0bwUkzyrrLnWbADmAfI41pnavRZSPm0zasnjE0TEgNFpO/n5/
1xSuK8vyuorK1M2y2aqkkJZO6F9PW6g28vPGPbSrL2eZpxNmNLVtS0tVHE/eJJNGGaIkWKMptytf
yviM7ROxKk1zzZe1Tl4kUFpKeImLUOeqC373x1Z9qZT9iEwzaKgkyvNu4eEyw5ik9khb/t+oA7bE
Y2bgPsi/g+WrmuZvTxzBVtNQqCwA57DmPMEYzWmqZEKaLJjD8w9QFXwfNWsfIcsTGWTSUlKqQRFd
YufzAel8ZtKVoIRFH888ZUv4ZNO4I9f73xI0zCm8SRhXdtVhJdZB54yRJ66ljJREaKRvAYb3DEeX
nhB6mqemu9CSl9gDcj39MPSHlrIH0yLTPFNHYqwWxU+45g+uFMxraeSlFRUp3bsLXUE3PUbYZRol
R5hVRwaKapsB4Ssw3Pr64a1OY1kutamRBGQLKm4U+R88FyMmzibaoSYw63CWFuoPmOd8I0a1bQkw
3aRWN008/O3n98Zp2c04zLLnEsGoAW/CcWuPLBmRKUPPNRIUY6he4A9vTF0uxxmBpwYXlCMo1f5l
t/bDavoptaToYzrGvQOQwzkUzzKm1EpM1mUeDuxsfUDFTz+SCGRXaWTUDY69yBjQQmb5pJl8DTUx
uJBs19z7YqOf8S1s3/MCuN/pZVG49xiSg8ScRTZSJHmqYYne/wBZIvjE+Oe0m1e9NTT1Ikc+EU78
t/LDeEU4G7LuPe1KpD5lWOaY9J1sbY9J9kPYdknBdAkVRlsUkoG7DBJvmq8cRqOX5NlyRFoIDGV2
su2JqL5aLREr2AHiYdcaAZ5qcyOjy2XmoHXCUclNdVSS7HlbphEdNJT1JYD8osL9cMkpO5V5ABa1
rnFYURLlsTF+6S7E7seWIGtycySSNITZb7DAqoXaNwIubcNTROhDzHYjcgY82dr/AA3TcJZe9PQU
HfTW3YnxMf7Y1r2JXkHjeh4hzjOqhxRyR1GppHW9hEvT7nETT8H501JDVGrl+eqpBFHCByA5nljn
eXTeq9e9gOYZrw9k1Bl+bkqIkUsCf543nJ87grXWNJdWrr0wSagt2s9LQQVaCQiyqOeFKqhR1aWx
FhZQcWgb0GTu+oSMbKLk4Z1mUFZO8RrncAYYi8eSyFI4pF3YcsP48ojgpBSRxi17lhvfCBK3LIqW
nCiO5f8ALiHly9TVd9HHdV8+WJMn7fc4ly2BqiGIsUU/hr19MeKu2rjvtFgSoyySokFXWtcwxEju
o+gxtRiHEvG3ENRQycPz1LaDbUgP1Yq1LTy1FQQpIYdcYMPaGDLMsnaszZjIy7pAvU+uI6vzD52p
efSASdgNgMSIHbdlODwzMRoOyg3588SWOj4kkostDRTBZptm33VR0xZOz8URzaB5lLMoMh09L4k0
3j2Dgzg/h0Z/JTwvW/JuVQ/lLcj7488VOb1EkPy6Sndi7HzJxq8KfZnHDdDM7jnYDzxPcFNm0eaQ
0dHqUTMLhOZGM9HT6P8AwpUlSvC9HI9NZQgVUUcsej8rmEaIG8r6Bjl6GlhyaAMwedbluSjph1nN
bTQU4WM3NuQ6Yw2haBHqcwBc2v0JxNjJ5pYnSC91632GNYzgXs9y7Ja8xMskfgA3J2wWSPK6EsVj
LyrysOeOkjJHva2rZVRu7udwuwGHMeUvFOkkpOjmb/mxoJKdQyAPDpXoMITSUlERKsfeMfpT1xDS
MzTvFdndibC1/XywfL4VTRLUAXUXC+Xri7KVipKmd1qlc3tZVGFoIf4bUHvFLTvYg32TCC9PDNmM
4po3/DZ7MxOHlXSJDE1NQWsosWPXF2FX4mgWsgNIXJR1sWvz88eYPiv47y7gbhmty/Lmj71gUToX
cj+Qx0wifOTOUzDN86UV0pN9RUMedzzPviIeCalq2otPevq3I625AYze2uklwLw5W5vnpzCVzDDA
+qV2PIDoMes+wOuaGmpZ6Y95VMNVJSR79zHfdm9Tg1rkXnh7J7BcherMnE1bdmdQBfp/5xsOUahA
7Sr3cafqx8sYvJj4QT0Vxz54RFI4a5/THz5lxp9zLDV2WjhtYG/t54V7hGP9sZvDcnBRowq9LnDS
ppoZ42hnTUp2seuLG3sZ4y8VU8+4RmomaqoA0kQ5qOa4bZFW0tHVR/MEG53uNxv0x9Dx5zObfH82
F8eWnqOj7eeyrOewKLh7NH157kNbBmkqVrRMlZDoEWiFAgJkQsWYNcFb3vjzbxjBk/E3EldmmU0s
NKZZGl0UkQihHU6UGyj0GOuVjhMbMkCY5IW7uY6W3sb7NjlaSx8W/wDm63xluhDNp7vw2vfURY4M
jhLhIrk9ByxBK5ZSQ0rJU1cMmggG4/N6YtuSS0DZearLJpo6WNmjCKf8Jjupv0Buf1xFO1b5hmmZ
Q5bldM3eUZsxiv3gPdizDq30H9cXHgevy35eKHM6qWd4f+YNVA97Ky2bmLg2sb8+uHvlTS+ZXx/2
gV1fR5FCs9RSgqRCW0wzq/h1MPpDcr+tjtja+xzPc3zWCTMZcrpZESAAIlmYOtl0MxFw1gAw5G3P
Dvfask6Xbgut7yOnipqW7x2BkjiaN0jLE6b8yOY+22L5wY+R5hXQ5xTRztV08vemlk1iAAsTrvte
9tJ/fEGkcFZPA8f8PraH5aB5O90RKVDeVh5cjt741HJMlp46c0lNJKKaobUokcgKwFtXpv0Oxxzy
dJT6myyKiEbRUJaNSVJvyA5n9MKXjitZGaNW1aXbYXP88Yb3s9gZEBFKy6o7izk3vfb3wwzrIuIM
0j7j5+OOSJxokC7xdeXUA/scarn/ACWy6kzyhpko84MMkhFwyMwU9QfTY4m6OvMUJCrZEAWQF90+
/lixoy16NazjGkgkakgaazqRdhzIBvz6euK9nGeUWW0nziS91A40kwSXQb7jRyvjWtsIbLuLYs7S
eZc2ganpWKlA51W52IF9wbbYnqHO6aXL4p4C6q6jxWNx/wBNidyMa0LTiCty2Vv4hPUlwgIDMpBA
9RhhnGcOlT8rklO5q5NlJe2lefiPXnscV4Gtpk0M8NC0lc7yTKoLo/P2Hn74ZvkBqmVswpQqubHQ
LMR7+WMtJWhyHKKCkangVQCfoVTdvXblgJeHWzqBVpctSGopW0mTXs3kbeeNxlFZv2Z5TGr/ACNE
WqVbU+uRgL9T6/ph1lOWQ5VVIkdJHKwWxihbSrD74xWp0d/N13z7fKUqmkkS0kUoGtT0tYWP88S0
uYItFGZmkjhA0xyRizKT52GAlsvzuKiuzOW1ggne33HLDxKz5efupqNJY28OnQCRgOhs/lpTFHHT
ShBfZmG1/O9rj9cLQVVFGyi76jbWytrjY+Y8sNQomegeSSGdbOb6H8QN+m2BzB6aU37lzYjSb2B2
5EYtAxLs5dkncrswjCljcc8H7yJUWpjg7zXyjZbBx1HqcWkToVqqipmMbLsdYilaxVfTDulqGplW
mKaidg45NY874tHR7VvJCFC0ktuWpH64bSVbtaCQMUO3Pkf74KjTN6tLpHTRhw3h8Jtb74bwZhVr
Ru8kjFblDG4vt6HB7XpD53xNRBTEk7F4xqCgsUB8wT1xSuJuNaGeQyUiSrLsDY339sb6jKv1GeQV
MiyVNbMg5m3NT7HbFR4z47hy3vY4JxAXWxc28WEvO/aRxZxHxZVrQ0WftKGayRwgG3vi39iXYRX1
dSme8WZU1Zy2Y2tgvKel+EODMtyqBTlWWrRRW8SvuTiz0cEFOir3oAB28O5w9A9nrliiAqZ1ijO5
blf7YRjzGOZ1NPuF6tsCPPCkZnHE9LFO0bSchc6cZ3x124Jw3KtGKqJJZWsi6unXDelId0vbplmW
ZYlVmeYIjNvdmux+2JPI+2TL+I6xKLLpjMGF209PTBs6XamHeQpGYyjt5HDTM8oSIMsblj1ucXQq
r59lFTPTuZSRc2t5+2Mg7TeyyjGU1GY18OueW4QdFxqM6ea+NuyPhzh2CfMsxlOp272Vj1xSq7O+
AcglyusKxCWdyIlI+lB1++CyNwNJ20ZXldLX5nmNXoWWQrEgPQdca72E9tGScRpERUhrtYb8lGC8
Jq1H2rUBzFaCnk21BSL4vVPWGuhLo1zbl6YzUO8ywLZJLlwLj+mAWONJx3hBLcsUR/JAhlSMkbD9
cLzUiU0kaDYHfEiFRRNXVvdtcKo3t0wyz+hipqMhBpLbADD2GSdqnDXzcgiQCSY7i4uBjDOO+wGg
qZanMszgXvJFK971t1x0/QeT+1TslrKSszKryikWOCJioJF2bpYDzxl2Y5DLw3AZczbuna+mmvdv
dsZsMqvyd7KTM3InzwSwYmwv7YyR4o5qg91GhYgcsOqnJqyjpo6ipQoJRqCnnbEeDaOe0gbnblfF
jyLiCo4YrO+qCDIwDEenTEiPFnHua8VSSNVTMVayhb8gOmG/CeQxZnmUcNYDoG5AHP0xBO13AGYV
2YpFRUJZqiTu40Qbewx6K7G/hYkoczoszzCMO0ajXtcXtyGC8rb2D2Y8NVWUU0cJVYIkXZU2vjTc
j0TSL4Nh+2OdaizwT90+tWARR+uGDV6VspGjVubkYx7OuC8ZhZgsYs9ufW2JWmraymh0F1F9rX3x
0nDNPf4pVpAaepkCs29r9MN1cT1JjZNKqN288dAexvQwIkrkeQUdcHQ1eYfjFCArHSMPQPViNMi/
MjWx6HpiPra6koWM7MGN7D0xBFRSzVlaNrp/lPU4kKWCJpJPmpLgc7fyxJJCuFMwMJ1FR9XRcBAa
jNKgNH9Nrs5/niSboaVY4FSJNCWPjPU4QzPuxEaSCcg82bqcQUXj/NanIqYLFG0ss3gULyUdceJf
iseu4gqJlgoXrJwdKpHuse++NziF474wy+phzJ6uaK0kshXuVP026Yj46KS0UUMR79Dcv6k9fYYO
ryUvw1k+cZxnsWS5W7MaiUawnK3Llj298IvYOaKt7s1MsimILJUMPq8wMYyoezeD+Fqbh7LoaaFd
KgbRjp6nFlipppHBX/DG6jz9cF4aj4SPHrB8vPfBDAPzDlyOPl3h+hs27um1A2t52wcKg8RNreW2
KnWuxZ7WsgsLbYb92A2nvMajlnOXJEpBTUBiJz3gujriaqhIhmvuBsrY3hncMnLzeGeTFVqiCvyy
Zoq0MDY7nfV98A+ZaqfQ5Nyb2AsF9R/XHvllm4+RljcbqglENTCzSKB3fPfn02wnR5aapzHG5B9W
t++FQvNkgiKrDMJrj6ul/QeWH0dAaOi7tggaUixZrAbnf9sSSWQwf8rJU1qqqQqsmjVp1gsCbeW1
/wBMTuSUJXMjQZXNNQ0VbB43YatViWViLb+JVBPTc4ktPD38QyuVc1mhemZ/wpEp01ybEAkL1Atf
9RzAxO01YlBnCiqnjjpHQ2npIi0Y1X0sdgWGo2IPLxDBtqRpfAoyLOsky1qeveDMpCIjJBI2kSJe
4PqBYetxj0P2fcCvltD8tlNJLClUkxlCKPxW2Nm/ygk3uManLFXXIaRYs1hFdSVbSywxQNUUrDTE
NfMDrY7exxo3BmUT1Nc9LUwLHOjahFINQAsBccudybepw1RpWU5dTUEiUS2i+XUJG/IqeZt/vpiw
ZfSVcksi1FRK2mMNEitdVX1OOeTeKVqKhp6Uzo/4ibLyv5WtiIrckzjMqunYZugRSymNrm5/2L45
ZWx0xk9rFktFHFl6PLVGQ95qZdVrHfkefnzxG5txlArPUV0UyxRboFUl5BexNgMdMenPLtG5Lxpk
M1AwyXMmk7wm0YfxMCb3Knlv097Yetm9VSRwREOJZbAtzZ/t12xqTTFpvXZ1VSd3mIpimgmNtSXs
eVwOfLfEPndBleTSyZksmtmIInCmMe5HnfG5GKgKbieiyq2YV0+XxCTaSWRLh/O9iNz0N9sJ1/bF
wpQZFU1OT19CzJ4u57zTIyjmdLHnzxrQW3s94mpc+o1FTIVikjDLMP8A3QbFTb1Btf0xZ5aDK6cL
JkdFHK8gMbKSdV/MdMc630WhqJEkhWtuz22WYXDeYPW+H9PNMx10ywa0e7xxgi3QG+AUvluV5+O8
lq6dO7kN3A5jfEkMvy2GYMBLAT/iOwvr8jfFtGsfcinmlrZhNLHe0pS116eo/cYr1LVVWYVc719C
qljaGw1Mf/kBgpiXp6aSskCtTyQSILA3K3bof9MPkgpJo/8Am5pNY567r+uCEnQQHWUh1KrbAG5I
9CTiSjMsiF6r/DBsGjNyluRO3LERkozV+GszGmOo3U3+rpbCFLTQZZVP8tlzRylrBHclWHpbGu0M
sE1TE3y7xxSlt0I1Kfcc8DJFLXUqfJQmGpFwY+8FnPpfEA00FZOFbMkVCSSsg8Lm3t5YXcrHK0U0
QCKwIU3Oo+YOBOYGcd40Aj0tbQDv+uAn7qmVZhUnSpsGO5ufMYjCVVncCwrEiHUx+qJuX9sROYcQ
im/5oxGRUuXRgA2BISXiqHMdXyqPGxuwiLaSpvvtyOE8/wA4kp4zE9Y2hk2lPIbcvLD+wpuf1mZU
0SyTV5ZX3AU6gw+39cQskElFVGWqWpGtQQUj5D2OLtIvirOUosp/Ap1Vj/7rtpH6Y8m9v/aNmGbZ
y3D8ATdiupJyT+gGNelO052E9jskbx51VVKlmGu17/zx6c4Tq6DLqeOim7wadtSAAYZNC1aqXMY+
8UUtYzE9JWubfbD+biCjgun8SUso+m4G+FEanPaR0VZJVe/PU/L7YY5vxsKWB4aSNLDa+vc4YGbd
oPbNluTZfLF89EswvY3vv7Y80drvbJTz5vG8MPfVCjUzLdyPX0xnL6axntknHPxIcSVdaaNlaIU9
lAR9RA8zb+WNm+F/tlzjv0meongpYSN5dnlPmcc7edOnxkj2bwB2lQ8RU0dUkqgBbKXNifXF4jjj
NK9VVPq1jY46Tlys0ha/uHVp5j4YuS9BjOeO8wizBRHINMSEki3TGoHmb4hYcsqMrqqyqqu7j+kR
DbX6Y8Q8ff8AEU/GlN87OYPmGKU8dz4UHUftgy4OKqdpedV+U1EWSUNS8mgDvTe+/li1fD32u5lw
rm2uvre5pEu0jsTsMZrXcbn2Zdvg4izmKvo5jprKr8BZDYlF/N/PHrjgTjfvaFHqJt5UuB5nEkjJ
xhHHIoM4Llj12GEq3tBo/m4aaCdWYHexwVLNQZ4lRWwoZPxJNwL8hibkzmnfM/lkbU0a+fLEB6Sp
dfEWGuQ338sRfEVSk9QBqOlPy+eNRmqfn6RNUGrkQBnO1+mM17b62LJeH9UBDTy3VF/rjUWnlTtP
zEZbKY6PRLVkFu9f6IvXHmPjumkq88lp4ZzKinVJVSbaz6YKYqs6hfww/hB2OAWnk1CPTu3K/PGW
mldi/ZpRZ1WmpzepKxEWYjy64b9sa5FT0yUmUMrNqILg38I2AGGdBRDl3y8sUNQ3dl/ExPQYDM6x
ausaZG8PIewwIipuwcH9+WL92TUQnqwkpQPOeZ5Ko5nEXrbsv7K8l4mjoMxy2kjPyiBFcDmxO7Y9
IZf2dRZJDTwRxBQibkDmcHAWTK6T5aP8IWsLb8sT+Tyx08Y1NqY+WOeTUP6/MbRCNbjbz54HKGqm
g0qoF+uMTmtVKR0bLMrRyIzWv7Yco8urVCNbdZDyGOuMc7R5URwNMveSlt2vyw+gomETt3mpj16D
Gwe5dQwRwLJU+Mn6RiUp5IMvVdZB62OGCoXiXidUi/BIDN4R0xXonmqp1+YYmNN7A8zip6SVGyyz
pKzEOfCB6YlJaIX169C89OIU7oqGKZPxJbRDp/mxK0cVLDSqznTG3JRzOBD5nxBTsflU0jQbW8sM
oH7+V5ihY9FwpUeOsszPPqSWlpEKPIT+MfyjrbGB9t/ZxS8F8Nq8csaPVggyPuUXq2NY8i15L464
M4erM8E9JS92kcZEF1uXc83OKLxHwE+TNJQ5VCzO6aXKi7O1+Qw0ytY+HHsCzPMs8o67+GmnmmA7
y2+gWtb3x737L+Al4YyyChy2nCPCtr2545b3VpqGUZN8uwWpN2cXZumD5hJ3TtGlSQVHTpgreM2+
FDEX9T62xwCsb2vbyOPken6XvoVyoPM/c4JKyC+k3PO2NRjLRJxv4rn264TWMnbff9sdJeHHKbui
ndlRsfbfBJ3ZF3O5xcU8xGZpBT1sWiphDL5H+mK3mPDndsXoHuP8jc8enw5a4eD8nCZXc7R+hodS
yCxAt+uHOR1sVJOWnjEg2AVxcc98ep4dLUKHKc1ZsyoaqKki0mRo1JLsoYX25bG2w6Yaz5C+ZTmo
psrma7AxqCSGFrEA9DcfvbEjjL8vl76TKqWTvKdktqZDq0ar9eRUmx++LPltHlHyME9VWzJ8pMAA
RvFfblz06gD92BwHaVzSrEsrDKs0qIw5MjQqf8F+Rsx5ggAe1vLFp7LcvNbJS5NmtOZqckyRTWJ1
sWLSQufJgNVj1FxikPb0r2T9ivAOUtS5tQQxu1ZK06RyoR3Mg5Xtfp543Ph2uWPhyFqOn7gwyOrR
LcsbjTpJPP1PLG5NOdSfCUEOTV8tW1BA7LqLQ6/qW/ME7noSBuMaVwbxFwnV0M1Xlr988bEd+oPi
seYHPn1wFZ63I486m0HMItLIkih25km3688TuU1Jo8oahWqjklaIeFBYqL3I97jGMpt0l4MqrN4R
8xPVSCNZG2kjBIVuYB6+d/bBazig/wATjiyyF+7XV4RuU2sf0B/ljPx2tmWX8Q16ZwrUtW5YO1u/
Ntxf0tuTa3oMdQV+aMJBNVLOZZW0KPqUEX0HyPqOdvPG5GLdiVWV1UneyRpSsGILxcnA9Dbe+56c
8JUqPldHGsmbzCCO4SORydI8rnkMa0xTxOIaqPMpYs+zFlWPSQVYOJEtsym+59f74oHat2u8KZVk
lWxz6VK1BaKJgBvvpNhYlW8999jbGozZ9PKXan25cQU2aGkSFu7f8Idx4rciSW8t+R6E4pnA/DXF
3GlVPTZNxFPLTl7U9OZNMsLBr3WS3K22k+YI2wW1uT29v/D5QcQcMZRS5ZVz188gChaKtU99Gd7g
eG32GNiaaGjMda0kqmTxOkRJRfLbAKe1FJVVqLVRStpP077k29eWJbKKlCsfeFb20GRG0g+hxm0x
Y6DL6qGSN0eJUZLN47k4aZnFLLNL3jrq6aibXHLGbUh81rqeEilaaBXB3aAbEHnc+XpgTlSJSrU5
VV05A8X4hK2HUD/XEYewRmlnApcxSUutwG3UeYv0wMTuwkmrKlZGPhMd738tsEjRxSVdJTSlY42E
j/kQk3Hp1xLxsrwIjRSB2uBIp5jyI640B6mm+YhDKsVQ6jSbbWHnbzw0SkCRhhVG17XlPI+QxKDV
2XUdU0Ziqy0ukEb8h54OscZpRFWyuWv4WCWB++JBpIJpZu6l2aMXWoAuCPI4JW0SxZf3y1yiUCyx
ycmwbSLaonpirPMxL8mG4PuMQ+f5/UBmSBhHIpu3PQ3ofI4P20j2zakgfVXgxav/AKT7NfoRy9fP
ELX5hTVOYxJPmC0sbAqO8uVk32PnfGpNs0WMZNSyrQyz9xUSAmJ3YuCb+fliI4mmzz+Gz02XuFrI
bsaaceCQehH7YgptDNmGeQR1sVX3evn3blkX7W2N8WuKSpjyxhX1shZVOksAALc8XtMF+Irtt4fy
PKKpIqmGZYlIZ1nVDtz5m+PEnHHxI5DR8SCdIZJCTq70Smbbyva36Y1ldHDHdW7gf45cnyilWNXb
wHo1ifti/wDC/wD6h/DUU2niagkVCdKyluQ8/bFMppfHnTc+yz4weCeKIBNlObQsxAB3B0jF5pO0
PL83rGmpmpJi63sB1xuavTNmuy8PGFIr6JCpnA+ldrYq3GXFWf6ZEy+khIYFu8eT974daZ2wztEz
3Po3krKmmjk1LsIzqtjzvx5nvFJzSqqJ0lTvW0iKJwpYe+OeTrj0qeV0NNHWTVPENdJBJOV0RAlp
CPsMbx2Q8Sw5Nl6UVNTNK8lu6DCx+45nHP8AbWnrHsCkMfc1ead4xe2mNz+1sb9/EUfKwFm8RNlU
chjpjGMkTmldUJSmhSZJHfmv9cZvxhUyUkE1EmkzOCzTtyUemOk4c+3nTti+QzOE1Rp9QpLtaTkx
87Y8p8dJltDnFZxfnn/M1Uq91RwDcRgnpgs2cf0xnjFpaTNWomA+YkfWy3vb0JxXa3Mmoo3y2km1
PKfGwP7YzW2kdidfV0/EuXUslQ3eRG7uDtCnlj2fwN2jTT0IrYptccC6UAOxxmKovjPtplyfOY8r
auCzd2ZGUNiI4R7Yvn+KRRS5j44R30o1ch0xUxs3BPbJl3zBzietBIFlueQxeuCOM1zZJc1km/xW
23xQWLBDxbEGYRTaiObX5YSqczkki+ZJux5AYYzVazWqlkkAkYEc8Yx25Z1VTRVKrUAMiHxncIP7
40HlTtR4hyzLKY1VdW20JZUc+Jz1JxgfEedvms0s1MGVHb9cWRiFpYGMoZ9wDv5YsWXZdlZqlqap
vCBZYwbFjjJWvOeIF4a4bX5J1jEgKhYTaw8sU3Ncxp6x4MwlIdyv+EvJcPSNqTLarNpZMxqCNCi9
2NhiPOXyd4URbg33OBF8myDMc6qRBQ05YDm3QeuLRwoldRZt/A4yxLkKz23Hpi/Zj3t8M8MGWcDU
MOvVKunURvvj01HTRV2XwSIAWcb4x1BRXyKYMCosALAeuDR04y9dMpuf8vXGMmoayVU9VWokJJ33
AxZKGmllhWIN3YHQDc4MJycjhqeaBWKAnp64dxLmNZSpAKcxRixJ5Xx2jB2aCZ2SlgFgNyV2xI09
HJDThK2XSoPhjHX3xqcjRVapY6ks26qLKPLDPMzVyM0velVI2U/mw9BGLk001ReoYttex6Ylsn4e
aOEzSxj0xkl48uSGfUY9R5XA2GH0NOjyqXUu3kOV8MCQGTBXWSslCLbZL4NJSd9A0rPbRsiA88Wi
YQcOzTzK84YXN9OJdKaDL10sRq5n0wBA8U5nFl+XvIsYkbyH8sYD2z8M8Q9pUi5RBEXWRw9ZU/kh
Qco18/XG8bqDXO2UcRdj6ioMgpFMK7HTu0hHJR6bb4N2cfDBmfFGf/OS0QjEreKdxsgPkPQYMi9M
9m3YpkXBkUNNlNGpsQO8IuW8zjUstyOClq0IjA02JXGNaMSVU3dxaF+o/tiq9onE/D3ZxwrW8WcT
16xU1NGXZmNtR6AYnbxePLyZTDHuvh251G+rwj8xwANk3I9cfJ1p+g1u7JSPYABht0wiz6dt/ucb
nLnlSkdmbcgbfphSKO1+flzwWiY65KEki1xfDOsfUpF9/fFj2st65RdW5BCgkDrhTKMmizadaRak
LLI4AvyCi5ZifIDHrwmo8Hku6ZZ/w1BIZZKOdZFjbQJ0vZjityZXWRzrD3Td4SAAOpJx2wy41Xk8
mPO2lZBkkOX5dT0ebxQGamk/HkkYsGW6+BQOgAIPmWxM5r8l/wAMJFLK6u8EiwKxClQhiZLqOZaz
fscdHLI04bos6qJYKdEeKmqHEuoR6pKeQeEmx3PS9uY9RiwcYcJZ3lqRPmlE8TXZZu6I0O3RwByF
9I/TzOLW0HhXhTOs3kmndFCUTDvIShLyqSoYavYg29D5Y9CcH03CUKpw7Q5FFQosStG9OpHfafFq
sRclQ3Pyvin0a0PgTi9Mvr5KGjHzToAYolGm9wG9t9Q/X0xpMWZ5vOaeky+F/lZ4O5Ud54omIuwB
8h/MY1GKsfDWQ5lxLJS0lQruaeaGZa1Rs5VbSKTt9R64t9FlMmR14rSGpzUazTqq3CjqLD/478ue
CwypjJq/iQV8cUbROskLG7CxbYbG/wBtsTIrc0nogERESZT+KjWs2rYnbbBo7Pc0z/Oky6HPKHLz
Iy+OWGEA3Tzt5j+mI+l1VHEs2a5ZTzq4B/Ajc6ZOQff0sOXLDobS01JTwIj0smtZbsY3W29uvqDh
zl87VwWsnVIGRSqsnJ3TZlb02NsOoz2WlyWbOIZKWGLSA4KHVp2PIhvQ4Nm/DVFNl5gq6iTvQqjW
8gt7EeeM1Mx7UMtzqh4YqqvguaSKso2FqdAZAb/UoFr6SDf0x5S7SMx7U+K6eXK6qL5wwqQ8EuqJ
lLXBZX5LvYEHa9uhw7+1wrGWcJZvSyUuTcY5MRUpTrAK2bWzvEOSsQbahfmwJHnbF77Ifhv4ZPE5
zHJYpaSYyB6jS7BWFtmZL2YHkSov1xdmXl604frI+GoP4NmNDpq1VSj007SowFtxq6ctjuMWXJOI
svllSigj7qqjBd4Q12B5g+VuVx64v4HaxU9Tm9S7JWl6dzZSsW+55X8sT6SUVNop6ythXcIz6tmb
GSl6epSeP5ZY0LOeQWwA/W4w+rqyHKVCvToQ6BWcajv09PvjnrkoGujqKaJcwy6KKWna4lVEDqRv
zBG5wahy2nlK1DTq8TG6xooHS1rdMMjSWmoJqKNY0o1mAvZ4vCbe3mMM6aClmlJeUxRHwlmF9/L0
wo8aljgVKhJO87nYsCTpHuMP8nRKstCWMZXYO7Fl9GHliGilZM9I6x0VUGLbMy+fXY7EYYvxFl3z
E9JVmRZ1NiGiI1DzHQ2wo3jr6IiOX5i5U+Axmxb7dMGmzto40nN3JuXBbf3A64F2Sk4wk+YR0ns6
jlJcah6C2G/EPHmWUFK0cmo6h4xpuo9b4OzZpTs27UsrSF4RI4dRqEbNYMPQ4rlT2v5a2WzGuDTM
bNdf8TY8r9dsakCu5xx3TVrGlKAxgklS12QjrYcxit8UdoOXPRyxSVAaAjQRKLtERzPuOYONMiZH
2/cOLPDkmZVXed0oHeu51IpGze3LfD9e1B67ODQXep7oEq6HwkeV+h8uhwdE3ouI8ryuoqJsik/5
gH64LjSPJ0P88Qfal22nh/K5XlnemZkBdA4I5b2DYcexXhH4oPiToeKswlpMn4nniKAgzBYVJI6e
EnbHmusGc8U1vfy1Uk5Y3JZiScYzvLrjNRZOGOxLijOAr0mXvZuvIYtMnw08cJR70TsB0BO2Mat5
a+UnBDLuAO0fgSrWsymqqqSXqYyQP9cX/gr4ke13gWtWauVqhQRqO4PvgxzuJymObUMo+OsmoWpr
0sZNmMqm8Z9fTB+IvjSikoJ1pqLvI5F2nh3CH2x6J5JXG+PSq5f8ReVcUURgr6+JJzsgI03xXH4t
4FzzMflZ1YVQcgtclSfMYLYZELnXCfEk1Z84OIHNPeymGLxWxovYenEWXVkMUDsjs2008fiIxz1Z
W7Zp7O7H6DMaTJ0qKp7ytY943P8ATGopnMNLRAfN3Y8z5Y64xxyqEzniCky+Jq2SpRSQbXfGSdoH
aH3crRUzmaWQc1Hhx06Z7ef+1jieeWo+VrapGSxLwI/1H1OPNfalxHUUuaPKI4nUCyuBtF6D1xnP
iNYaZRn2d00xmkWFzNITpfmzYrDU8pq0T6ZGI264w3dL3w3JWZMVoso1zVE5CSPHck36DHoSr7Rq
Hst4LoqSoqLFYg0lj+a2CdpkVV2m13EeaVvHtdM3dDwKXOzDoBivcJ9qebpxBUVVDIxmrGsWudlx
dxa1w2rs07UqoIIswLOrMFRb7ufP2x6B4L7S6inyxKczWZgNMYO++JWND4X4iMwVZZrFiPCDi51G
ZdzAlJCbtJz9BhjNQPFGbQUrGOMi4G/pjzz2y8RM81VU0fjRTpCnfvW8rY3GdPIvavkGfcRcZy1O
Zq5S9308rX5D++KTxWlOMwamy+ERU8ahcZvbX8IIgrGQG26euFIZWBUzTmw3254ENPUVOZ1CRyVL
CnX6S5vgsc8V3hjF1vuxxJasiyaoz+ljoUvDFMRqbkAuJGu7Pf49mb0+QQTPFFaJXC2HqcRaXwj2
WjJeHxHV0QjeX8KMKOeLD2efDhmcVd/xBVwi8jkICOS/5sOXWmcbrl6V7I+GhR5guVUNMTBToovY
2LY9B5FTPBSRqwJcgbDpjneK12nZp46VVfSCVHL1xWM1+amkae9r4xk1jEJl2ZS0ueWJ57e2NO4Z
7qqg1mC5bq2LDmrPhKyPSUZaJY1eQ76R0wegpKqqYGokVAPy47SOZ/FT93C8kdkQ7GRube2ENS6G
mm8NhsT5Y1pbJR1FPOzNSrcfSAeuF0pYGcNUP3j2vt0xAulJSwI1Y7gk8kGDZbNUVR7pUsit9XQD
B0okZ4qaaoCRCyDqMKFqTLYylMAzt+2L2icsNXV1Cz5jKEQDYYUoEaeR3XwInIn+eJbOTXBAaGkO
pyLs/lhKkiDMzTksxNwuJIvP+Ho88QUttMKm7EdcV7PeGDUsuW5RGEhUHUVHXF0kJH2SZatWlRVR
lo4r2T/6jHniy5dw9SUtLHQ5XSiMrs7jkPTEtbWzJ8uhpoY+4juRsD5HEh8rJTvs2t26+WAk60RU
jM851ve4Hljxf/6n3H+aVuUZdwHk1a/fylp5KWI8wBZb/fHLzWY+LK36ff8A+N+L+7/U/FNe9/8A
4fN4sCpUG/pgjuPO1/XHznXchCV13t9t8JB/LpsCcbk045XfJeCSxsW98O4rMSGPTp0wZNY0M2kx
9dtrYjKwgDrfyOLBnyWa5R8yd4fpwNOrxggSFCw0lv8Ap649WPHDwZTfJzNXM9MmXwjTTRnV3Y/O
fMnqcWbstzWhy7ilK1sgp6tAxleKZFYIoB5FhYbnnjWN5c85uNY4dyDsp4qy6BqPJFlkcSTPBG+h
YJCQDdeQFwtvRL8zjWeA/hy7J8xFVXcRRPN3Mfc04ntpDrGH2J81AJt549E1lHks+PaynsO7IqeC
jagqIae0pjSRAZJEc6jZj1674i5/h84d4lyGTM8xjeT55JZYl38ZUWZjfkNxuOtvLGvjpQjl/YbQ
8I0s2d0sqoJo40mDReJbLs4Pmf5DE5w7kpjgWoy8RTSqoCzEW5E/oLn9zg6K2cB9nNW8cdZFl4ZK
eRZzNCtjqRCAm/Q367eH1xcuEqMZPTVCZ5BNGB3cHcP4HdWuS69ANgPTTbCy0fhyiGS0KZMHSWOW
+q5vcElv5H7Yl1hhq2+XE6oYhGFnY/lJNx7b4VUzTzGOjkgrRDbV3MckfNbdft++2HNetVl1DDTl
C51AXj2V0Ue3PANo3MeMXoY5ainFOUpkAIibxi/0iw9T9xizcIZnAlGumogWYbOpa4U2u3TDtaK5
hnnDlJNFRd4paobXCqG/ht6b9DiGqc9yjLHdPltaqrO+g7ixFww5HY3uMFi9p+g4syNsm0mSMxML
hmbTpU8j57E4jl4go6WZhXUrn5kmFJ3UsA3Q3tyIHPpg0UdxLllZV0giWpJMfhilpyNZUtvZvIbX
64oGa9juaVeanO8rzH5VaiLupk5q4t+ZTfex6c/0wjaLqexWhqYUfM6cSJTHUrRHW0JHLT+YC/5f
6YmqfJuHuGspj4hoJ5lnhBjqI1kHjBH9/PzxJn83blVyCu4XyzMMviqkYtSJKNfejTqaHTsRJYGw
38uoxLdgueZ/n3FEPE5Bq8tzZQsVPMdEuXzAbgt/l5WH88TUj05w5w/nDR/MV9VLHLqDFkbe3qev
9sWdGSGRZJ6WOQhdLzOtzsfLqMZoSRWTLCcwrqeJiFuvd3uFPof64ay1sMdAMwWKCUqT+EWZrD2G
MaaNKmiVoYZKcS0wl8UkZjIQE+WHmXwRVBCVMisw2IuVNvO2IntPmGW08kjEMr8jffl5jywylzOG
dxeoUK97yw/1vgMR0U8dFP8APTZqDRt/7tiyqfW3LEvSZsIp+5nrI49K3UMfqHTcYCknzpFUmvAd
WXSkoN1Pl4v64iY6yrqq15SwcoAe6YaSfUdDjcYV3POLaRsyeGMBJCQDEPCYjfn6jDg8QyUlKaWo
0MruXSc7hT1scVhiscX9p+W5MimZI4US67uCurqB6HGR8Q/FDwwUmjpMxSOo8Wq76VCi3h8gd8Mm
heWRdp3xSUUMcuXU6OO6/CnhLWKqTs4PofLnvjJqj4t5crzFeH67MSrzMY+9sbHR9RJO1wN7dRjV
hiy0vb27VEs5zIOrwhjNE5ABOysLdeX2xEZn2uZ5xLxdS1lZOkVBmtFJT1EMb3Mcy3ANh5gbHzxB
ReI+L+Jqj+H0uWZg5zKmZkjlDd0KlB9St6jY29caj2M9o3EiWmSiqqikkhBdR/iUzDmPVL/cY5ZV
uasXjiXtYy/gbIl4mBqCqeLvRGxIH5rsAdvTHiz4wPij4I7TqKWDhniKSoqmcBoIybaeo8Vv2vjc
6Z08rVWbssxEVMIQCfD1Pvie4G7SZeH6+NqmDXHexB3wa2XrPsU7c+AKzL4LTxRvGQGVzbHoXhXi
Pg7OoxJBLA6MAdsagsTddwHwXxEgvSR3ZeYxWeI/h14WzOmkjpoEB/riuMolsZNxf8KTLI/ysBuN
xbGd5x2MZ5kKTUvcuqkG3PHL46rpMt8Vnue8PZnSZeaBqNlZWuWAIN8H4SOaZXmVO8lYtuYEi30+
+LbWpW/dks8nEsAqq+oj0HY92ux9RjWOAOGaY53HMtc+mDdSU2x0k4c8ry3fh7iKOnhjWWUsibDT
thfMuKZ6icRzU8piJ2CtbHSOdJ1VXlzZZIZYEBAJHem5xl3GmYUVXE8UlW0dhuY10/vjUZ/hhPHu
UcPUSyVozFZZTex3ax8reeMI7T6dqaNqiaJ0DKdUk22n2HnjN+m5GN18xrKgHJ6dkCmxlbmcNJYI
KOMLqY1OrxMTe2MNLx2U5smQXzOs2ANlRhdmY9cWLirNcn4rz2nfi3vfkIgGNDCTrmPr5DB6MVzi
yv8A4lVMlNQx0lCvhhpYx9IHQYhsiGW5HUSV9ahQtskQ5/fAeIv/AABJmVSq1tJTM835R0RfM41/
s5zLNpK9IqmYsxIBck2T0xJvfCEvyyR6X1Mv52OLvQV9ZNAe4kuSLA41GKguLZ6opIksoGvYgHnj
E+02uyvIqSozGq0d7ED3SNyU+eNT9h5g4l4srs8rphTUjMBu0sl1X3PnjPc4K19YY1nRt+Y2BOC3
bUmkdWUFJR3WoqdZ8oza+GlVPSA6aSAKtubbnAqaM7M4G+2Jbhmgp5q1JK5fwgblSL3xHTYOFHyO
aWNjSydxGAFhIs0h9fTGkcHcI55nFY0uX0aQxsdrLZQPLDLrpixsvB3ZxCzQtmUQmkH0i2y40vJu
zpRS92kJBYbDEr9NC4I7OI8iofmJFAvuduuLnl9PDEBv7456LqyBrat7E4b1tNR1VOViGoqOXnjn
k3Omb8SRVuX5uKndRe+3TF04RzPMKyGJPnHsd9KnFhlzo5zja60FC1O4qTJuR1NycPYY6qctIziN
R1Jx3jkCszeJ7UyVBcKNt9gcRtQ+Y5sQolKQx+Hb8xxra0ksny6oSFY5JNNupxIxSUkGqGiQuf8A
OepxQUtRZTKyGaWQ73Yjyw4poz3bPr0p0GBHChI6YM8gFzt5nBWmjhd5m5LyB64kRFdNndSWLaY4
t/fDtPHEV1HzKjriRfLoFuXZbKdy3nhOavAeSClUN01YkRkqSY/lI5CFjGp2PU46jpoxBr0X1b28
8S0Tr6R2q1MhCIRY+g9MOcrytZrlF0ov0+Z9TgpSxZE0U0S6QBcn1wnVVyU8a08LanPMjAVQ7Z+0
fK+y3gmv4zz+pWOOmhJAJ5noPe+Plh29dr/HnaxxnV9ouXPIySNpAU30qDsoGPH+fnMPF8ft+8/4
V+JlfLn+VrriMFLKbfiXuL79cFZl3J/bpjhp8G2EXG5sbjyGEgwvv088bk25WwvC3Lb2OFopbAHV
++M3Vbl0GRiwuDsfXDaSEsep3sLHDjw557tJmiLqbDbywBp2t4Ir+hx0+TncBVpnmkEKqSx8OJOk
zXL8ryV8qjqCO/a87wx3lkA5KHOwXGsa55+Pjhc+zevnzzMosgpJxlOVpSPV1ErsTZFsDIzbEseQ
6C+wx6ByLtOpM+iFLw/MzwRRFKSOYad3VS8h/wAoVFBLHkD649XjvDx+XgjntJx78rUZrw7msjZd
S93OV3XU1/CRbqb3A9r40zsy7U3zuho+HamyVmXwRwEFQPE7apBbqLkD7Y6uePN0tHEstHm9bmVO
fH3SqNQPhYi97Dy3xF5JQRZdlTyQkgs2mw9wcc9u3w4XrJszmy+kL0UwHfBQ8a/TsOvrb+eDcTcV
xUVfBPmFL3qOHE0sh0pHHpvv98Py255Yao0faFVCOBqGvjtBKIWErEl1FwT+435YsVJ2l5WlJT97
IFVwxMb3Lsdxf0XpfGtsWbJxcbGOtjemzUpDGGdoo3LAqAPCD+ax3J9MPeM+2igGWD5CrlkP0WQm
5Y7AW6G9v2whk/GXarnKcRQQ0GerHWIwlqqJyGMu3dlQ3ku3P1OEeDviJ4lqomefiBiElanYpEWu
+r6CBzHPfppG2I6bDwJx3BxI1MzZiVmiUksw0mTYKBf35jF/zjgOj4moaavzCPWusvJGsul472Nj
p2P9rHpiFBlnDKLmEtdVxO3dShGptRCuLkl1Pnv/ADxaOHq2cVC0KQ6xASwSTkw5cvOxxAal4YSO
WWgghqLIQYQeWGcuU5nQtLXUxiDop/Cbdja/Q9Rg2dMD7WO2uv4GSqzn5Y1Jh1GojplLLc+LU7DZ
dPkcYLx52+5pLnIqYqoRDMIgtTFMnewzx2JWVSPpcA23tcW52xKMho8wzvJO0c1cPETXrJEmhkkZ
nWmmXeMlRvZuXeDkDvj6RfDhT1FXk8dfJwrEIKtI2DRyK3dSEbgjnbVex6csZ9tX/XbYqWTNaKm/
iVNEGkPhRe+uB0YbWt98Po3zKraL5INIqv4njOu9+tjv0xUQ/wAsppnn+UmqhaRLeIkspJ+kjn9j
iTrKGfJk7mJEeTT4lC6dPUHfGSbQZ7nVVCJM2jaOFdiy2Kv02PPCgSiNQJo6pXRFuD+a3kR1+2C8
tdG5fKZIp1lcCYi6sSV3/tiPoKashy/5yNKfSx8cBYOjb879Dg0dmrz0tPKYYIFhu+pmP0b+vLEb
UcV5fHI2XNRkT0up2jiU6iLXuvn9sakZtOaPjqmjjamXOtS1aa4o5xpS4F7E22v5+eGdZxrBFItF
3z087LYfMclPl5H3GNQKHxL2kwZZmr1FbURsIvE8ga7EXsxAG+3PzGKT21dudBlPD7TZXnDTUdRv
81GC60cn+Z7flPQ+uFPKfa/8UmfZ3Sy5THVgVe6yCNiRMOakDl9ueMC4h7Ts5zOsWKuramkqUQqK
iNzyvsrj8297HnzBxKmdN2j8Z5PksjzulTBrCSwzjV3qnbUp5hh1HliOqKOPNSMykzRgyMZBJUSb
SoALE36geG/UWxrWzIk+EePabJWbK45HqIKuNkkhga5QHcLv5DlbrjR+CMnz/PctgXL5KlpaOUaa
yWMjVG3In7jfHPK6a+Kw5d2WVmY8VQw5rWVNLdl8RH51+mQG3kbH0xvfDmX5Lwdw9DPxLSoWQH/n
6eMjWT1uP5Y5Yy5ZLLiMF7cPiCyHIX/h+X9q7U8cof8A5OSkaQGx8vCR9iceRO1rtGynPc9aoGc0
OYqAQGFCocX9WRT+t8dsppnH9sxzOeKaQlKhpLk8xpAHkMNbkWN7+RxE/wAuzury9GWnq3T/ALWI
xsPYV8TWb8HUxyrNqt3jvszNuMZv2XrDsc+JTJOKqNJ6WvXwgKwY8vfGr5X2g0GYkPTVSk23UHDL
uM2JVM5gklEsul7jBuIeEcg4holc0qB2HMDCGecX/DrklXCZEgQk9bYyTjT4dJ6FWny6M7bCw5Yx
cPpfJU8sy/j3s7qjJlU0giH1QsLqcXDhP4n8/wAhq0y7iHLHMJ27yPnixy+PbWpWqcNfFRwfLVwZ
fUZqUVz4Cx3B8jjUsj7Rchz9BMuYaSBcG/PHaZSsXGwrnHHcsH/L0tRTMGGwJ3GM+4+4pmlgeieo
hiJ6kc8WxJGZ8S1FTSNHJTrBPc/QVtf1xmnGnDXEXHWZy0sGUwzRdFZ7C/6YztrSj1PYNVms/h9d
RCJ78wxK3w4o+wXJstaSld6mrnm+r5aO2n0uRg1tb1NLZ2Z9iPCsUr1tbQyIy7COpa5B88O+Lezn
hynp2hpe7gne/wCIRYfrikXO2Oca8DU3DUxzPNeLYHa90p4m2HviGyyPhCrqFzDM8zZlXcoBzwX9
taXrhTig1NQtPleTtHSk2Urzk9zjaOA6SmWJKqWVIwP/AGhub4lptHBVHFLTrUM3eHkFJxa2zB6K
LSAI1A88MZVTiriGgaN1E7s9iPDjFu0qrpPl3mFEZ5CCAZRdRjV0nnvjTKamoaWSuimfvCSRCCqj
0xSqjLMsoozNDlb95awExtv54zo710rubQuJTLVOutvyJyGGBZFIVo7eoxIpSwwSzLG3InfTi88M
I0kSQ5VlqxRA+OskFz9sRjW+EqDI2iostoow0zsGd/zP98ei+zjhSfMEioqenVI7bkchijNjbuEe
zvLcppkC2eQjmTe2L5w1wzSjcxbjmxwhJZwGVBSQsFC7++OpIvwwoPLdsYsMLV85jg0EDU3S+I2G
GRNUpuL+eMZTbeJlxTw7SZzlb1MIsy7AYrXA9TLl+YvRVkxWx23xyx4ybvOLSaCrjYqYpDIbbXbC
+uqqZ+6lBOr8oO2PU4n9JlVDGwkrBsu+lcOneFaK8FP4QdidsOgPBNA9M0lUxLt+RegwejqEp4Wl
2AXYscQ9DnN3jg1ara+mA+evEJO8sb7LfEg/xZYph3w7xgb26LgTXNmU7VLDwqNkHLFtHlFDMU7u
nS2obnAx1TL3mprhdiQcSOp6ipqqPuEl7uwuSPLyw0paGelWyyEl+vkMC2e0OXLIuiZ9ifER1w87
imo/Cp1b7riQGgWvcMU6XLdPbD6jIiGiFdxtiaHjWGqaQyShVj5nzw0EVFSM9WPEF+m+JPFn/qVd
uOX5t3fY9llajz376pIbwoLbA/fHhsQ8c8HGU01O8tMQSWHiW2Pj/wBRymXkmP0/r/8AxP8AFz/F
/p+Pk1zbv/2z3S7KNzvvhRaUmzW2x1t1H8+xw3SbUhNybnCZo21WANv1xSs3AZYiouFNugwpDC0h
G9vTD+1cbeBylhY7eh2tjlhDtbVfzxmVfHd0WjhDDSTywSohTTYHBt0mE1swqNCAsDb2wnBlFfXR
GpKCCnG7VVSSkY+/X7AnHXGvP5J6PV4jrMyWPhPIZPwJe7SWocBWlCnbUfyoOg+5xo/D/ablHBlP
Pwdks5qMwqZe4eqF9NXotZACLiINv5uw32FsevC6j5/kx51G2cC9plLQ5WOFoMw//Z5hI1NLIrGo
nsSfew6ebYtOU0C5HmkXGGQOs2ZVTElZRtGxNi4A2uWNlv79Mdu44a1ksOXZpVNL8pVEpOWZ3dtg
w6keY2xZaOakrcn0XOlmvGoP1W5k4xXollh/QzzUKRU1gfGXLMbG1he/6Ye5znTVdJIn8IR3WNiy
d2GV9tgb7eWDHirObm1JbPGnIglMLTxgwmCRCnelbEC/qD7HE5S11blWV6qWKXutCRxTMwbSW+td
tiuxA646aeaj1VdV5FkQLGVYIIxCkQU65Gtdltz8RAG3Ij1xFdoPHFFQZRHxIKt4nlCsAvhKjZbk
c7r1+2HgMXppsk+U/jNFxRJHVwS6hFI+qRXFu7a55huvQg4vgoszzWGeXK6hKfMaSraRoKgnu5rK
zbWF76b2uefniVad2KZfxLSmKatjEtZO5eoVjzjZrfTb6tQP+7Y9WcH5RSQZUyVFOFDICJlFtCXs
FPrvhFSFVlr09OKBhG6NdwujfbqCOu+J7hPhHJiGrzWO0jEXcggttyxnY0lYKrh+RWo6OoQSxALa
Q3135Ej+2Kj2jZzl+ZUvyVWFeRHIR4xzItsxG4N8BeXviBFLR522eZjBQoKuNoXigLBKgEaQrbWD
DrqG4PpjyR2hcD0WZcWRDs+zqGlymH/l63KKEmUUDk7ho2/9tvMcudsNnCnb1F8NPZl2VVkMOdyx
R10lJ3dEZ4ItaxyA3B0EXUG9jtb0649S5BwTlPDQgfIFVqeRvHSIukoeu/8AK2LXs2rRkvD1Ws1V
WCrlnBJlgFXZCptul+o2674fS0wqqQZjQrOjkau7IWynqux/TBVE1k9TmMbrHW5OWL/4dTIBr3G9
7YHMqpe7dqmcVDbKUc2VvY+eM7a0janPYKbLTC8Lwgm6i3P7ciMNM0z6L5ZI0yyN5Gj1KDpDMRy3
54OCiabi45ksUlRl1RAmnU8cmm46WIvcWxHy8VRU9fNRwZmiRSrZBIAyar8h543GVH4t7UDR99Aa
Wp+bhcqphYmGUAX5efpviAh7Xcs4ryyOugeWGsgAZEYlZkI+pd9yp6W/niUV7O+2viOjhkpxHSz8
2jlQE6B5AjcE+uKlx128VM2QxU+fVMlKUk/Cq0JPduTtccrH9CPLFbI6Y+O5dKjlGb9oXHmexw8R
0brCGtFmULG6+RPpi013Z9NSZFXQTVhCVUZjKflb1I5WvjMy+Ven+z8ceXiftV4dlyHjGqyzNaqC
F6apESKDdJVG9tXmOhPTbFcgjyo1K5lmjiVKs3tKbCNlbctYbeHr1scdMY8mfaPz7irhzRNIIhJF
FP3sVwdUhuOYt9Fv54rFdx1VyZlC2XFFEJMvdB7gEE3NvLyHLFbpfTWOwnsY4o7Y+IBmVIsYgqJA
tQK6kXvEJGoMrWt52IOPY/BXY5V8CZRHldQYaj5a0bpK+oTDo4vuD5jpjjlu1rcnFJcb/wDDtPSE
VVaKRqc3hm1K2h/LfmL48pfED8TvaVwZX1WQIveRRvvHU07U4nUg/Sykj2I541Mfjyxv083VnGE/
aJXSQZlxDNTzTMe7pamZ2UE+TE2H7YpubpmFJUPlmZg64Wt49yPv5YuWjKwHO++CkKdhbc+eGJxF
ufI73wdXdGuCd+oxUJzhTj7P+EpteV1zICbkBjvjVOy34q+IsjzppM2rXeFwNieWMtTl6E4b+LPh
6opYZavNFUvtpJxp3CXbzlmZU6mGtR1bcMGwysWaWZO03L507uSdTq9cKDPsiroGilZGBHU40zpF
S8GZDnpKrChD4rfEXYRkWYnRHTKHHUdcFkq5ikcTfDRMsDvRqVdd1ZcVtM07Uuz1zStNJLFHyY3u
B74zq48xve+KUzXtu4iVI561XLW+uO97+2IU9sed5xM0VdVu7DdCR/PGvkEJmnbpn7y93neU6+6+
iSI2wpkfxA5PC7JPlckcq9SbXxb+1r1Epw32ycF55mQSqzFaVgfpn5E++NByDjHhiuc0mVZjSVEo
3OgjGpyrNJDNJKSehespI41YfzxhXbJmlXmVU0NbXyU0UY3ttc4b0J2yHMOFqfORIabPTKyH6ZDu
RhvDw5mOXGJJwwQ7hjyOOba9dnvFFfT1Ay9nimRDtENica32d8W0ddmzZc9A9PNzKueeENeyjiub
h+DWs5sPM8sLt2pR5rKYFzRCh2J1bjGumR4uIeHKxCorhIwPiF8Q2fQ8P5gfE48I+k4dQM047yzh
6enk0UvjS90HTGJ8W8IwVcwWCqKa2soODs7UXPskr8tmNBX0pupsHtz9cQFSkkFQ0Trcg8jg6a9F
Ie6Uhg4HmLYunDlNneZ0qJS1hESkeFBiUbT2GcKVMWdLVSxSS2H+LJvvj1r2cZTXT0sfcoUuAAF/
njOIy7bVwjk8OX0iGtbUxGJ2aujpYgsQ0r0HnjWmTWBXrakyyS7D15YXlqhTLpj33/XAYPCiu4nq
t2PJcKz0yxp4l9hjFanaLzPNIKJhTqoKHnit5/kMne/xWgNhe5scccuHWasTPD0s1TSxaS+/W+Lh
lV00xmAj/qJx6Ma4VN0FAsh8aElvPphnnkFWkjQq+lByVRjewiU+Zp1a0rM5w5g+dkVVqzZeei/M
+uAF/mIlezqXYnkMK99TwAGUgseS4VpyBqhrE2ZvyjEpTU8FDRqgYFr3OIiHPpp701MukHbVhSBY
YUZZZLtewX/NiBYPLHCzsdJbzOApapqvwrJZFuL354EeQVSUsfcwPqcndh0w7FOZV16/xOq+QxEt
LVQ06pCj8/Dt/PChnszRRHkPqvzxExr83p6WnK3N8YV8ZvxOV3Yj2ZNWZTGP4lXExU0RNtI5ljgu
Xxly+nu/pv4v/W/l+Pwfd/8A9fN7iau4k7Za6fiav4gaTNKhi5jY2Le+GEPEnaTwgkdPnWVzdw0e
tVkTbRfn7Y/NeTy3y521/c/B4b+J48f7c3jrpRUprrb+eFlol5K1/XHtuT+SY4ANINwBywT5IAEg
Gx8sUy0r4/p3ygPht6+uBak6aT7csXyXw2TeIEXDfp1x0UaAksb+eHamPPIxYBSU2/thvWuoTc7j
z64sWcuIiqqvlp5FqKWYoynUrqdwcRmY5pV1797WVckrLsDIxNserCPD5ru6M5s3lh0rG2kKdQC7
C4/nhBs8r1zNc5NS7VCSCTvCbnUDe+PRjNPFlVr4R7UK7Ic+fj3M3kqJIA5giL6Q0zg6T6hT4j7D
G3dh/b/SU+SU1TWZ4IWkrp2qDKQToih7y4B6liPvjrLY5VtlJ2oZRWz/AC+ZzxxJR09LTLKW1FHk
VCdxtfTq/fFyj4mygQLmWU1ANKtIGVCbMQASG+9r/fDrYmXxqyZ3UjIuHRxNUSiRF7qMrGL/AFgt
+thhvlPFOXHLq2tqpzHDHoV7i5GpgRt19cZ1pu5bhajybLs/mkzGopGgNmnMjrpJJIC2PTmBib4S
rskquEaSOpp6cOZXhWByfxHEhHP1AONxxWKroMtapWvjhjRZIWJs28emxuB/PGZdueRyT5pRSUZM
k1O13Kwhkn7y+kAWtscXQefabhaPNe06qmoKdIqaSRStHE3+CLn8O1vO4ty2GPVXZ/2UZBxPVRqz
IJJ2VC0QIkuVFr32sL/vinMPTUeH+AODMhjXJJZ5pSrssU7HQZgQSVBHVSp/XFxl4qp4eH56QzvH
WvEqFI31GIjlqHkee+HQLZp2j1tBWZXlOYN8vPJE4kq+cUegahY+ZFzbqBify/i8ZlkgqKHNJZZt
TKyRnYWGrcW3HUEb2Yb4Pa0TzLiNV4WlqIcwWaRfGLHxOrC66CdxztbFGq+Iczlp6unz2u7qNEYR
y00xWZVvcd4tt2HRvLY4dB5v+LbtCqskpWzbOcnTNMqp6UBSs7CZCQPFcc25EG++PL8nGVFUcURd
peS1DwNV938xWQr3Rjax0EgbaWUWN77j1wZcNYTcesPgZzzifiLMJcozakNPUVRLPUrEUWfQ3iYX
FnVhv5gg49q5PS5n8g2Z18lC769UFRQgi6g7Kynl0xTpZTSVpqel4hmanzepkZIwbxE2s1+dh18i
MSJh+Rq1SmIdbWUkfVbzt/PBRCuQ5vmLyCCqZW0gnQWN0Pp6Y6eWEZfWUuYtGo1a4ZASrr5gjAVS
r+0PJcvr48lzFZoHmF1kXeKW/lfb9bYGHPBN3wkWnqBH/hPKNW3S3UH2w6TKO1DtHrqfvsyzZ6YU
0cgW0QZjFYXu1t7fbFXftO4Xny+POqSqjlWcg2ZyFRz5E/6HCGc8b/EPk3CMvzDZq0uWVblYszU3
WnlB3Det9j1xF1/aTTca5jS0k0iUGZRfiRvSS2SqT/6ij1HMYuG8MdrvwblVFWSmechWBu68r78/
XE9m3A2RVVEoraGKVQSWQi4YHkMZym493inMSeSZRlFDAKemiUKihUXyGKv29cVwcLdnmZVgK6o4
D3ZsfLlgx1ji7eSXeq+b/aj2lR51JSZvWJMZ3tHNHELm6kkEE3tcHn6YouZ8fZ/nEZgyynkETHc6
wCW3PsT9t8axvD52fdhbhrhTtP4xzuTLOGMuq8xqaiIOKMKTLIjbeEjb98ervhn+CnjbvKHNu0rL
aRsviBZ8uzOlHzUFxuBIvMchvfrjO93TFr05wXwl2Vdm2X/wfgvJ6CjnQu6xVEpsQTutjyseg5dM
VTte+JDgrgGpThvjeI0E8q64q0E9w9+RVv5g7jGpJGe7phnb52g1NfkMlBHnVLJVSrrh1EaJo7cj
+U+YIOPHXGfGVXxLl02RZ5mfeSwXeCWpcyMg/wAgc76fQ8sVMigd83ea9Z1X54sEsv8AxplYmLKM
wpFtubGZR198DSvtddmvfr6YJpU7arenLBE70A+2Otvc2sOmJDBmvct+uBDEHwt98SLLm9bCAsdS
23riy8O9sPF3DbR/J5nJpXpfmMWjto+SfFhnsQX56oJ22F8Xngz4tssmIhzOpZW53vg3RZvpqnAX
xJ8P5mvy0ObJdjtdsaVkfaFRGIT1VQrX3BvjUZs1U8OLsrzaiujLe24xXM3yXLc5UpPTKQ3W2Nds
obMOxvIJAuinQq25FsMU7CcjlqA4oo9jyGC4rZPiD4cOF56UzGnUMfTGeZ18M+Xw1v4YIV+RtyxX
FTKqPxl8MOYZfOZqVi6N5dMVOq7HOPuET/Fckrpo3HSJjf2xnV21sbhPtP7SOFs2aDOaiaWImxjc
7n2wz7X+OKHi5QtCjQOv1K21zjUvpa52zCKvzenqe8gY6gd/XE3Fx/UVuXHKc2iINvA/UYlUVSZh
mmXVorqGdlIN1a+LvlXblnFOI5JSEq4OU3K4xS6GttC4J+J6gzaiej4gmInAsCORxU+Mu2TMcrr2
nyNmVddyQeeHe4ejXIPiezekzb5nMSdB5qDi8zfEvQ59k8jZWpiqFHNjzxSizauQdt3e1HzFfGXa
92UHY4Lm2cZXxrH81lkrQEm+i3I4eF/Cv1NMuavJlOcT6ZVP4U564gc34WWWFqWdFSdNxL0bGT6D
wfwY2cV0VMYQzBjdR1xu/AXZlklRTrBBCaOYNuuncnAum4dmvZlFlsC00bAvcXuttWN77OOHxlaA
SpqIGwGLSXeMy2Mn6DCNTVSNuykkcueHY0FcwkhOq4uRfTfDmhlab/nKoc+QxnbUiay2KMMaiVhf
oMEqzPV6tBsL2wJEVvDxQd9O19R2GIXM8wFAGpdV0O2OWWLUqX4NraQxrEsoGnF4yn5WZlZlZgPL
HTGsWaWSjpnluKWm3wXN8hkmjLOmnSL46sqvUwd1UEMeR6DCEzT00TSMh8RsPPAgyzaoFiji/F6j
C1PQ08kqVFbIFWMfT54QN8wZqnXC2nV9I8hg9bVP3JCsbed98R2Nl8UrxjQ3rfyxIJUUVBB39TJ4
rczzJwA3lzVa1rGQ6bW9sLZepJMkLaYweZ64ikklVFWCnj0kb6j1wtLmMcMRigkPeNzOIuiKxwLV
1LbX5nEZnfHNJQU7PHH4R1vux8sUSpcZdqPD/A/DjcYcXZlHBTQqW0SNa+Pnh8THxQ//AKW+0F6r
OoGfLEbu6dDfSiX5+5x5fzfL/b8Wp3X7X/hv4P8Ac/Iv5efWPX8smzY5HlOZfxPhbNpAGa5S58I6
4HOO3LiLNZhDXSRyBVWFbpYBV5DHw8PFll/lH9I8/wDU/H+D/jOdq6IEFkZfFfnhVKdeb7e2O9fy
/GQBijba/LmcdJHCFvf2GLlrU1SRhjO+oEnBJANi5I9zh7YuOiMp0kjr0thpNLa+kWuOd8bxYyuo
TafTYX5+RwyrKrQN23P647Y4vP5MtTaIrapQ1rcuuIqqm9P3x6sMXz/LkZzysb3vhNVL312UDmx5
Y7R5byJVVZmCxLsifSv8z74c0ucV0fcU8Tnu4SSqD15/rjTC7L2z8RZZwj/wrR1F5q6pNZUzqSXc
6QiR36gAE/fGs8HdvGZ0dDFQcaxrRw0dKlRURFvGkccagR2/zyGwCnfxY1KONNdn+MDIangilpTQ
H/m8zaTuQ4Lae5BA9FvYY0mn4x4Rz/KIJq6pMQFUtNPJTsDplfZVt6b743P8umbLF2yKLIKqkpsw
rM5q3gSKNe4VAFcxyE3LH/MQB9sRlPT/AMRipY6iAxx0Ms4JY2Ylm1Ib9ba7YNKJtMwmo88qKbOc
yeBUSMQSyoQpJXSwLWsBcpiQhhrKfgZGzmqhmrKcuqRq5W7jUR6nYftgWtxUHybKIa+mlrcuiV5E
gjkRAFZS82oOpG9x3nP03xquT0v8EoKnO6NHjeGqnqFSk8XzARegPIgLuOu2HWgVzurpc7zaiyyX
PGp5aWpaSmaYFWjeRidLC1iWF0H/AHYf01FmFXJDmdNFUmo1LJUxU+/fEjTtcbsvh25EXHPCFryy
leOOBqHLYqyWpcSfLVSsuh0CktH5adzp9SMSvy8lJNN3FdPSwzBbiIeOJV2ACnmBy26WxQUbMsni
zCaplWBq2lW7r3RuJL2Ngvvf9xjOeMeH6niKqrc2nyesCxSApPl8hJRLCx0ncML7jkbYk8/9rHZ1
mma1Zp82y+lzCmpmFPTMdUTeFgSGQnT3gH5T9Q5WtjLZeCczi7ZZaLgjgunp6fP0ANPNdqKrUCxB
Rh4WvvbodXO4xlqaeu/ho4DkyzhulnymVqeSCc/8vVEmKCRDuLncXAt62x6V+Yyau4bMaVlPDMur
StOxtt0/XDJwKfZRm2V5dkj1WaVjx1R0q8zmxN+RBGF55Iqh0ipI+8bT/hhxY+ZU9D1wE3Q1MOcw
Vcq96qnSYnFnAwlx/n60YapgJaKJCWhi/wAUjyHQn0wyK1kWa8VRDJTVZy03ysTMe8W/ewxE/V9s
Mh2lVeXQJDkWbx5nR+Jknn8Li4vvYbj1F+eNQMk4k4pr80zmrqeG6/5eeRTKYJTrhJvZlF/9+VsZ
7xTT54Mylo8+k0rmEQDxqD4Qd1JPW3nztscYqigcZdnWa5hlldTx1LR0mYoY6ulqjdDMBZJAbbNt
ueZFvLGbcccI9tPDS5VxVR5QzrkUUI7+jYv3j3KtuN7aVU8sZy5jr48vjk9NdjnbfW5lkdLPxGkM
OYhI3lgLabhlB5euNQr+0ClaCM00zBKkaoh/m9Pe+MZXjb6Pjs3uGLZvxLNL3lHldVa4UutwLn3w
y4ryHi7jHKp8rzfImaJ47OsjgG/LGcbWvN5fH9sBz3/055OI8ygefP8A+GUzSa+6hcOy2BOx87m2
JbhP4IOyHgxjVcXVc+c1kmgFplEKDTcqyhRcPf8AljcxvVfN8ucyu40vL8z7P+zzL0h4SyGjo5NJ
VglgSedyedjz/XEPnvxaZLk+RSZhLnEDinJScRvd4j6gb28/1x01I5a2xztX+Jng6WrheoqZqesC
iSGrpm1JMhHI25joeo9cYR2w9t5494dGTwZ40sUZJjp8xOo28g/Jh5HY4LfpqY+2PVPG3EIyz/h2
rq3moVbUlLMxZYj/ANB/L9sQVVN3rmS5APIE3wQ0kW2sW9LYWoqyfL6pKulkCvGbgjGgl6+lg4jp
mzXKkC1Ki81Ov5v+oYhLsGu3MHcHFpAPK/74Ek76sBBqvcgfrjgbm5O/88KcW6Y4ttuftiQ2qy21
emOSRgbhyDgoP8p4lzTKX1U1Y69dji/ZF8S/GmWZeKKStaQAWDMbnB01P20rsu+Lmo7tY89nIKcz
fnjTaD4sOF62oip1zFRqNgL4pfsXH6WGo+IbI6fu0lzFfFya/niw8PdteRVZEYzKI3HVsa2z8Uz/
APpIyvMpFpPmVt5g4QzzOstlQGOZSy8hfDsSIDNeK8trIfkpgA/INiBmNLJSzK7qdI64lplvG2WZ
YD/F3VQqPY7fzxmfaTlFBK/8Qy6RSGG4G1sBnau5ZSwfw+ScFSy/lOIfNjStIsujSOWDs6NpK2Mx
hYr+H1wFCErZ21y6TbptfFUShpqilrbRyG5OzDridWfMY6fTUUuqPqWHTDtadmXBYky1M4o4mCyb
kC+AynhzNYGvTQuQeaqcVEWvJey7OczqoaiCnYrNzXGgcPdh+d00EkIp2UcwLYFtWOOuzjOMrY1U
kbAI3PC2X8EDOIIIpCzzTct8UV5i+9nHY41HU/MSrpeJraSMbPw7wCsklPUmn8UdvGow6EaTkuQ1
DVUUjAKB5czjROFp5KN7SKTfntgKzyZpEIS4bDSTNomjOkEv0UYrdKTYmWRrUztU1kosBy/piUo2
Motba9gMYtddJenjkCqLknDmKnbR+LJ4Qd8UZvCKzqtaeZoabdV2v0GKhxBBPUIzW2viyGPHYvBG
YJT160lQxvfe5541zJK1miCUyA6vLpjOCz+1rySSsjUIzgMcOq/uCn/NVdyeYXHaOdRzZRRyf+0O
d/fDHNaBWbSkagpviCFSKWCTUtMWZj9RwBoHecq8l77kDERo6SCnkZ5ZALjZb4NFErappioRuRPT
EiFZncK6aaic6Ryt+bCnyb10QmlbcdD0wo9SChjhFKo35k4UM1PGgDyWWO5Kg8zgWjmCokaM1K8z
t7YdCjjigSSZrtzsOuImedZlIYO7kYKqC5XoMUTifMRXVyUtMu0XiN/zYmnjn49u0it4zzNuBMgz
cNHlqBpo428JkPT7DHl2OqNVG+S51ThDEABIR9P3x8T8/P5eXU9P7D/xz8a/i/07xzKf7S7/APPJ
ln2X11C3/wCrvxFKBrAXJvhjWRLU5cjQ5c5nQ3dwNgBzxxw8jv5vw9ZXjf0cd/pvv0/XHCqiKlSf
tjpcX4CZaFNQPqve+wAwnNUMdlO3mMMxHypF6qxsSN/XCTVdjzxqY7FzJS1QPhLXYc8N5qlACoY3
PXG8ceXPLLcM6qsRVLajucR1TWrITdrY9GGPt4fLlvhHVVSD4R+pwxllVr2v+uPRjHjyuzaRifAG
Iwm1z52xuOVE0qxuTy63wpCGlkEfJetjb9cLOkxlfEUWRu8+WUSTZi+yVD7rB/2jqw8zsMM67Pay
akageqMneSGaaUm5lc+Z8hiBfJ8/rzXU1O0zMBKlgST1FhjXazttzLgPNIOF6LMWmeGWOqqJJBa1
QNV/sL2+2GXSvNXLhz4ss/q+B6/hiarv846wxyF9JgSMO+3uWufXF04A+LWu4l4ZmpMxrtElJHEV
QsB8w0ZJb/8AH+WGXk64Xih+KihzWhdeITcVJ0o8p1d4SqkrbkbFR9xjVeF+1PgfirIamSWvlvRP
Drcp4onLFQSLD/OD7Ydi/SQr87o+/jiyI0mlJ1li1DUZ4+7YMP8A8VsPPFl4R4vopcsjvXyOlVT9
9B3q6TdfC4P+U2c/phjC85XlFfWSw5hLUU0sUc5WMSANriuCgc87W5HncYnuHMgnyviKQ5vmGtGQ
rS+JVdCZCCwtsbXAIwrSw0UEUUdOXDVU1BVMwm6rJuD/APcpsfbCC8W0mcZs89OH7qkJUo+/ityB
I/6SDgg0NlvEFNU188cC91FTFkMCNu0mxvt6HFeNRxZUS12b5TRU9UtWyNHTSFkZSGZZAbfSCAGB
HJgfPDKrFanpuDeMeJpeGs2o5KeSV1qYpy+gyMmzx26sNmB66SMJUGQcEcRZqrV0tPlkmWyN3cTI
pTUDz2Gwa9wfW3lg0Jwms/7ReEeGHWPhWen+ajPdTHX4Zr/T++2+HuWdpeWyUskvf6qktpaADS/e
2BBB5E2O49MJ0nqbtRy5g+XrNCrxrqET3dX0mxIHobXHqDiQg7V8uzPJmzDL4hBPtrolY/hyKbEc
tupxSKozM+2bKqGd6zN8xsyMqdxe2oHrfliI4j7fuEcyoZ8xpa+LRHEXd1fUT01W6b3vhHbJc07f
KKkzhctrUhZKu6QVlPdgLi41A7c/sRiFrmqRQHJKOoNPTzNdRGupImJvZTzC35DpjO2pPZlBnGT5
JmcIzjMR8xTqXZbA61/84pvFHxQ9jGT5nUzZzxNQrUrpVKcjVaxJ252OM9dta30xbt7+LHKVo6ep
yOnE1Pmiuyya7BHQ2It64iOz/wCM6KjyLNo5INax04MQkO7Mq7j23ti2dfbWuxP4rOzbMuHM3reJ
eE6N6tY4XpQ2klWLWtuN/D0xeMr+Izs4zjhXucs7uJ3EdVT06DeLxkHbpZ0P64NSm7nVSmf/ABoc
Bx8LvXV2Zr3iFZAFNgy8zYdSR+4xT8+/9QDs7o54oMszttKyKvzTAkFX5FhjXEZ1abZ38bPDmULH
mZzKKGSlkIcqwkRyNwdvysDb3xnXa38bEHElHJUcK1Xd1Gw0sb6DzVgfLbf3xnci+FYXn3xccbZn
nM+bQVBpGluslICSji9wR5EHFB4n7SszzjM24gp5O6qJdphGxCy+tv6YO29SIWo4oqp4hRPUOadD
qij1f4J66fTAZxDMuQ0da8t1mdrW9MQukQWZzZ335XwmwN9V/t5YYAG4J8V74ECxuD9jjSKUlbUU
E4qqSUoym4K4lxBlXFTDu5EpK081Jskp/ocQ7ReYZZW5ZMaeugZGB9wfvhvu3h9PPEXO2wOCjffr
iDhYk7be+DFVvYC33xJwJtz398FJUtfV9vPEqEb8uWDKbHUCb88SHimaE6lb9MLRZlVQyLJHObqb
ixwaPSWm45zqeNY5Kt/DysScHoO0jiakqEmTMZBo/wCo4zrZ2vHCXxD57ltWoqqksvmxO2NEoviO
p6hRrqdZPPfFzDqHua9tuTz0qzrMC6/tiGbt6owZVNR4XXz64dj4Kdn3ar85BNCXvE3IX54pGY8U
z1B0CU6P8pODZ0jlz+SMO8TWvzUHnho2ZNINMvI74WTd5iL9PTClLKQwOog+fXFUn8nqsvnqUjnc
Ai298XfM2yifJ46OhKlmAubYy1pfODuGsgfgspVsrMo23/bFp7N+zbJ6iomlqoFK28N8anpz1qtO
4R7OcnVY2ijH4ZJAxqHDnA+T1EJ106XItyxqcs2s77YezKhalqI3gBWxsAMYtwtFBkvGcGV1YAGr
ws3TfDTK37hfh/L6yZKlQNxvbrjQ+G8voUiEAhsVPXF7CyUlPR04WUDe9jiZNZTMgEZUehxGANfA
E0NJtztfnjosyojKQ0qqLc74xWp9H9GaeZxd9EQ357nFiyxIWiLIlkHK/XGK6y8aSEtbHTxgAXJ8
umElrHqww126XHTDpimVcqRQMlOLDqx64i6rLmnh8ex52GLQl91Va+I5dncRgv4msW8sa52dV8U9
GitLqN/PGZNVZdLy9VTQqFRhc9cBLWU3hjghMkh/McdY5hXaMyTShbnDWtkAOmCMkn8x640DPMjP
LGS2mNUHPENJmMFKpSK7kC5YnnipRNRXNLPeqkN25IDgXraisk+We6oB06DEj7LspjEglI5ftiSm
jjpEEccm77m2BQUhoULIlmfZfTAwU+pdU4IF98RP6GdXcM7AR8gPLCmcZpFFAPljZeV+pxKIDN69
JVCs31bm5548x/GR8UkXZQoyThlo3zOVbNIDcQg7C/qf6Yx5M/7eFzfV/pH4X/X/AJeHhvXd/iPD
PF+eZ9nWcycQQ5k0jVMmtwHvcnmThrmvEdS0T5JWU6CYuCZ25nH57K/PL5P7J8svDj8P+3jRtAvE
EOZLofv1Y2G/S2JGuz+P+ETSQARzBe7lhC/lv54NbvCw8mfil/uf+FXNdpA5gnyOA+ejvtJj33B/
KfnK5qsaRqa1+RBwR6rQdOrbyOKYC+Qm84FySPthu1UCCb9LWvjcxYyz9G7VZLWMhHXDWpribpqH
v546Y48vPl5NQymq7qRqJthlU1OobPe+O0jzZZGdRPb82Gkswa4A/THSRxyyEJDGwa/qcBrvc2/f
GmNutc/2wFgAV1m3riQVcrdUNieo54LazX254WU9wbVUnDZk4tq4g8tOClFEeTTnYN7Jz97Yia+q
nnrXeSVmfkWJ3bzP64leztMyqMvy1YI3sZFNzfzP9gMLZHxHW5fO1V8wRZSDY2vq2P7YGotmS9pV
RTT0s81W/wCG7Mpc3VGI2Nsa72P9tea53lPHeZvUGOJKWKWIufDLN8zEAD9iftiFm1h//Tf3HBmU
5llOdTrLDmNRTq8hvrgiQOP1JIwXsV+IDjKXK8vlznPWkWrzERhGfSRExC3A9GG+Hak120WL41c8
nnrYcwlBFRVFImo2LXPeXX9Bb9Di21P/AKg2U160rZ9KIZrM0bxoQTqNiL+tr/bD8hYs/Z1/6knD
EuUVlTXyquh0YmZdLML2vbqQRb74vUHxkdneaVVTUQZ5DEs0/ejuQG1rJFv/APlY4tn4m6fFrwzT
QxVVDWRSTvZ56uSWw2AUEry3UW+wwlQfFTlCZpVtTZzHUpKQx1ubRi5BK+hBuR54sbGcoR4w7RuE
K+F6mtzH/mKmWKVCHKumh9mDb9D054hYPiDyDKOLZc9zULJlclqZ6ZyFZ9yNQvz02sR1FjjVEx2V
zLjrsdz6rizfLs7SmqEd2m1MW+bjawCkfks2/vg+f9svCUfA9TQ8OZvBSVmYnukzGdLtSTjZZAvo
d7YOl0jMi+IXKs0p6fOI0inzlpZFq5IiQrTabSOF/wArgXAwbPe3TKK/hKPiThbML1xmMbxxNZkA
G1x6gn7jDL9qxnbdonaVxvThK6qakge0eiQm+pTbn5csOarJc9yChp8+zXOZ5opndJouVmGxG3Rh
b7jGd2riIrOe3rsn4T4anglzlalIBY06trkhvve3MAHY4qvFXx49nsvB/wApw7XVT1qXiKtdQVts
3r5YumtWvOXH3xPdqHFNatc3E88bRFlXuDo8J2sbYzjMc9rszqGqqqZmZzdix54y1eOi9ZnFVW8M
QUskl1gqZCoJ5BlW/wD/AC4Y0+aS01P3Mb7PfV98a0wfZdxbX0MKolQwAAFlJF7HbFr4G7Q+JJsw
qhR1LIy5fU6CpP4ZH4oP6qf1wdNdoPPOO84zlIzPXOyqpAF+Vzf+v74i3zWd4O7eViTsbnpzGCmf
RWPiCvgiMAqGZJPqQnbCMecVcB0xTlTpKe4PTATWol17sxv54SErtz6+eNRmiG3MYf1mZSzZHS0Q
bwwsSPviBhc89vbAEbbsNsMQG6b+4xyrZvXzBwpxAI58+mAUatweuJH8Gf1cUYgrAtRHy0zb29jh
NhlFSzMZHgPRbXGIGbFQxWNrjofPAAMDzxIcC4tflzOC+E23tbEXMNWw6b4Ib29fI4gGw3N8DcEX
8sSg1x1P9MCNhe/+mIjLqB2OAut8HCGDFTdemFoMxqaf6ZTf3wGFzntdoI75rH1OEhmc5Okyk39c
Ei2Bq+RlsWuDhLWJN9W/liWwBSN+e974I5JJ3ucKrrFTvzwYFwLDEIPDI0UgkXY+eJKn4orqewjk
I38+WBra38N9pdbE0GXipOnUL749E9nfGuW/JxtNOoZwBYHFJqizbYuE8yooqRHMg5eeLnknGGXU
8RKzjbrjrHPSn9qfGFJPEyK4IbqMed+1HOMs4frI+I45R3yNZEHTDxoSNc7Be1fKs/oUaSddaAal
JxuGSZ/lstVExcaW8sEN4qeatponVmYWblvywyq80klu0bWKm23XBUI+ZSGNCxNyeQOFqNIu+7ye
QgdDfGbGpU5QZjDBoCsrsfM8sWOl4oenpg8xUdAoOD4m3ZtWcaT1afKUK7k7th1R8QfLxLHObAHd
r88WhspV8SQVcg7pVVQNgcHgn76IBnBZz0PTFYoh+KMuvug9rYd8E8XR5MVgmJWxtjJvTSMo4oo8
ziEuoWAuVviRGayAlyQL8h5DGoxYd5XHJmNSvfSWjHUnnh1mssEbBY5AAn6nG5Nsqhn1XUZlVGJq
ru4x0Bw3lSJoAxeyjZbdcVJrHl8bVXfqC1up5DCxmpoL3tc7nANgjz+YzCijU+I9MPZc0WJNKAtI
Ra56YT0UhzNxaSTewsMEatrZZDBpOk8hgJaqlWlijjnk0g8lBwyzbiHKstomaprFuPESx2AxTlvG
b6eYviG+NXKeF62o4d4TqBLUxIQZgfBGT5nHiviHtKTjetq14krpa2rq5S5qJGP+wMfM/O8ty/8A
jx9P6V/xj8Dx/g4f3fP/ALZ//pCtQQ5ZQtNS1zStruUU/SMBUZ1w9nWXM2YxlKlG8GnmcfN+Nt3H
6r5ePCXx53g3+Sr6Jvm8rzTWNNue5PUYUnNXVZSwqaXSryapWFxsOmHjti4+TGXG8xUPm7DZ+WDr
VHlYi/n0x9bLF/IpmN82EY3a498GFUh3JO+M/GtfIlNL+aNrg7Yby1WxAN77c8akc88udw3eqAb6
9jyw1nqV1MdVh1v1xqSuWWWzGoqQfpfmL3w0lm8zjtI45X0QeS5sOuEiU56r+gxuOV5dsWsMCN+f
6YhAlVI388cFupHLytiOgWvY8umFsvpPnKlYNdgfqcn6R1OJSbL5vmaVsyRwLppaYaIY/TzPqTuc
MbEtcE3PPfEKUqGEktwNlsB6DHAqqMh/N5YjpKUOVtVwLUVdT8vSodUk53/+Kjq3pidyji6VOF86
yrLY1p6WpWnpIUJ8Sfi94zk9WIj3Jwyqw2zHjNqrLKmOkBjgilEcCjYhDHo/U2ufU4W4d4wraeH5
iNiqZVTMUAYjU5Jsf1b9sC2JRcXVENHI61JvGuob2sbWH88LVXE1RmcVBBJVkmGnuWP5QCxvgqBl
/FkMj0rSTH8JwSh+luu/7YlX7R6sVjtR1csfcxubo9hsth9r3wSLaFp+0bOkptMmazkyp3bHvDyx
ZKftYqpc7pqfKZpYEnoRSaO9J1GxNz6k2xrS2skHbfJWJFU1WZVIkhoVDCSQsAVIF/e1v0wllXaV
QZ3IarNa+pqV75Y41Z+ZYEs+/XYYVovwJ2kQT8SZbVmpliihqGkmDtyjRS7XP/w/fDil7XuFsxzY
0XFVVOkMx77TGxGhrErt/P3wdzS1ylM0+Ibhylp1ruGaQhogq1ALlTttt73xH5F8TZlzHMTleTrG
ghWoSMMb6o+e/qpJ+2LamP2lcz+MmCNdOW5ddMwQNOGa/wAvJyOn/pP7HFcy/wCLriJo6vhPjyOX
MsnqbC0MpjmhYcpEb/Na3PY2w7HxigcWZBmM9TJxRwhnLZxRSXZ5or9/H5iSPmD68sU+R2LMQ1vS
/LAd74JmTb6ufQYTc32IJPocItOlaN+GZULeIVSEAeWhsMkjklYRxIWJ5BdyftjTKQpsroKI9/xB
VsluVJBvI/ueSj98PMq4kqIq0/IQxU0EcUg7lTsQUZdzzJ3wUxErIQtidsd3lgRfngW3Kw53vgNY
+/lgOxXbe55nBFW7WuAfU41AAttbBjLeAQ9QbgYk640lQRgPCSOmJOsN8cCo+r9MXpBFgNiB63wV
R1LcumKIBGxI/TBbXN7/AHwh1uXTBtHU/pfEnDzv/THHQLne2IgKi9l8sBa19z74g7a+36Y69r3O
3viQRYiynAg2XVfEhlIG1x74G416r2OMkC32W2xOBJ8O/LEQEE76tz1xw2XYbjEOnA3uRz88GBUD
c/piq9hvbp98A6j6tW2AgIHTkccBq3BsOmEA3AvfnjhI3In74eKjvLak0kgqC/LcAYuHC3aPV5dX
LNLUHStrC/8Au2MmNeyL4l1psrWmEniX1xYcq7fpqmBWSYhTvzvfGvkPgacS9pmeZ7PopIXcdB5/
6YzPj6i4mrCJ8yZ7kkol8O9i6Nez7jzOuBc2KxTuA31A8jj1D2U9sdLn1FFPVVqq+wC6ueGM1q2T
8cLmcWuWaxXYYm8krpqyJrtfe1sSSsc6wJ3bxk79emE5qlo2WQykxt64tJI09RlZj1Cfcjbflhu2
evSSMFkLjoCcXxWwSca5nTUZeOiVVPNuuI2t7TKvuRFIqxA/+45wI54f4tiqJ1kmzDVc7C+NL4Yf
voxVVTaUPIE7kYNNXpOy0lDVxFUUFrH2GKdxFw4YZGqaaUlgeS8hg0zDng7iWsyyrFPV3AJF7nGk
ZZnVDmEDSxvqP0qL4sVVhymcw0veubbWAvivZxnVTTVbTSsSReyjG/QVuoramvqjKZdK/wCUYfU8
cs+kVMhC22XBeTStXVd0vcRNYDrhhU1DEFEYk+uIQtkyymTXuXP5jiSfaq7i4LdbdMRPoKWnph8z
O4NuSk4aPnsNNKZGYAm+/liM5Z72x9unD3Zxks2e5vVDTH9CE+Jz0sMeLO2j41c/47payjynNZcv
hvaymzkX/bHk/K8/9ufHHuv1/wDx3+k4+e/9T5/9Jf8A2wPjbtBo63JUiy6tMlQzXlZmJMh9TiP4
Dp/mKuPNa6Bgsh06m2FsfNylx8e8n67+9h+R+djj4v8AWSVMZhleY5TK9Vlkiz07EswB5YjoY8sq
5oZ66n7o3uQPXHDG66fU8vjky+HknCVreBpMsgSp/jSAyr3kcZO4F+uGXEXEGYfJU2TmK0anWdHO
Q+uHH/K8ny45fieLLV3Ko2vfSDv/ADwBlIJNhfnucfZsfxuZOWcg+EYN824YC/P1w/FfK+nNV25n
7YbTVIBvf3wTFXM1mqGYbYbTT72xuRytM5ZbkgNYYQaUEWBx0kcrRG35G33wHM+JbX9cLNGUcxfl
jgV8/vga6CCLj+WODbWBO5xLbtgbX/1xyMQtlNrjpiQQ3I74AEjfoMSDGJHfQo1E9B1w6jgo6U66
6Qs3PuEO59z0xKV2YZpPmLojHTHELJEuyqPQY6Scw5WlKrkGRzIwv6aR/XEuxItT0FQANhpY+m9v
64eZfMtNlcsDEXrFJP8A2ry/e/6YkZOxgphAL6nOpr/sMODUCnopZS9iUWBP5nELwYpKUOvWbjDm
GoMdHUSa/FMAnPpf/TCHJRd5lZrQ4vG9mT3wlDNNDUJURvpZCGDeRB2wE/zapIqHzCCU93VrqAG1
v8y/rhtBXPTd33TEFXD88Ho3hO8N5ouUcOZtnNR4pJwKSAX5s51OfbStv/livz1k1TOal5SXZrkn
CgfOSC/iJDdb4ccP1LQ5tGVY2YMh9QykYtHZmZH6ty9cdJKzbM1yBiZo9FmldldQlZl9dLBKv0yR
MVP6jEk3GceYsP8AiTJKesbrUIO5l/8AuXn9wcOtjZKdeCKnxU1RmVKx5pIqyqPuLHCDUeQIDozy
VvIfLkH+eLSE1ZLANMSVNQvMh2CKT623wWTOKhU7mhjjpo25rANz7tzOGVGdtTG9yee+DLy54gG9
zu2+OLAIAbYNEGrbb+eODeZ59b4k4uDsRgvI6r/Y4UKSRtb1wIsN7jn0woIKg7Hb1wAfT6YgEEHc
t98BqAG33OIg1C9gMdq6g7++JOW+m/Q4H6ibYk4DfV5c8DvyJ2wVOa3K+CuegY+mKADbtY8xjjt1
v7YUDkORGOFt7Na/liQfp36YMNJFmsMRCSG2XHNYcjgiD4l33/XAXsbAbHFwgg8t+nLAH/v54k7Y
Ddtj59cGsBzFjgQwszG5P33wDWO3P0xEBAG/L3wA22U3xADaV3Nr+WOYgi2oi3phiCr7AasGSQBt
ifTfFpHCV0yMB3p9t8XTgDOpHqUime9zYDmcZrT0PwVw3FUZXHUTRBS24Qc2w+zLsrgzJWq6pQzN
sqWvjU6c73tSc67A6mNZ8xkUeG5ut9zigyVufcDZtAsLyKiy8gbC+HWk3rgrteo48mpIaipvO5ux
vyxufZ7xXQzU9MyzqTL0vjTKzZhn1NHU3gAYXswGBqJoaqmK96NJHQ4kpGbcZRcP1UtBmFUU6ocV
/iHtFbuVqMuzXQ672vz+2L2UDL2/8TwQmCaleRb/AFJe38sVnN+2uTOM2jppWkjIO6sSBbBa1JGm
dnPFlD3scsUhnqDawJuFxu/B2bzvCstfW947DwxjkuMwX6XfJ6jvFs7MAdzvh3WUs1Smikp10+Z6
4grGf0M0CmokZUN+Q64T4Q4mmoMwFLJMbX5E4LE2fK6+mr8njfvvEBfbFb4qrIqWQyMouTYXxudC
IGjCyThy9kvu2H8mYBZSUYDoL9BjMNIPOZCojYMRsbHrh5DSx92Zp2FgLsfXCjaXOpIZClHDuTYH
/L64RpMxqZHeYOdV92vgtOj98yfRrrJdCheV9zjEO334xOAOxuSTKKyVqnMGUlYIhfT7+X3wyN44
vEnbN8VVX2kcaLnWYzSGnT/DpSSET1t54yviriDLq6rkqaKpBWQ3Kg4+b5PDnl5rlX9C8X9Y/En9
On4/i4s//qjMmoKTO86ipYwAHOy+ZxfHrI80gXI6jRSrSXRQuxPvjzflWzKYvo/8fxw8njz8s93R
bIKCqghmbvWqY0JURpyt5k+WEhWZXS1d66gdkUc2GwY8jjx63vT9JJMJj/c5kKJRZLnk2p83dCi2
UM1yT0whV8KTU8AqTVq0yi0a9G8/fG5lriufk8E80+XjqgmIE8/XAGIBLkm2PuV/Epfsm8Vrgc/L
BSCPEb/riO+RZud9t9ufPDSWxWxfDBlTaW3IMf74ayMbkN+uNRi03cpc7cx1OEms30f+cbYtAb8r
3x1mtf8AfEAKNxZj62wJ5nfEgaiB4efpgdRHXEg3Xck2x2q/PAY47C/l1xylAfxAfQDCBzVSW0xq
EHkv98J3A8Rufc4EFSZJAij6sGnlV5fCNl2Fj0w6Q9JLOA1PBJYTWDW8gb4U+aU1feHp4UTmAMRp
uzyd5cm5JwpWm5WANtHuTfqeeKC3ZFbAixBvhRn0wiKMjc6jiRainsJKcttIOXrhK1j5WwEtTVMQ
jNNUPaNt9Vr6D5gYTiVHHel7IOZ8/b1xLZ5meaRVGWUWXwxKogV3ci9yzHl9gB+pxHFwBv1xSLbi
7dSfthbLJwlfFIGK6WvfDobIazcnzwF/I74dJxY3sTv78sAACDc8umLSdsDc3scch264tIO3JccB
bf8AriDgSVFxb0x2w5Da+LSDYEbnfAMoUC24xQinbxAYG5J9f1woW+27HntbHMSRt/5xAANjew2x
3oticSBqubdcCDqXScScfINgCW5/zxIB0nYm+Oub+HEhtrH0x29gP2xEOmxsOeO2U873GJOfmLn7
XwB338sSdvfYEYAgfVcYgAm/vgdFmve2JO6bi+/ngwCcvLEXEnobWwFgbC2JDMPFdzb74G/h+o3w
B3hUi4I++AJJvp5YiEAbXx1xbcbeeDSGvbcnp0xw1Ou/88RFJB35eeAI9dsP6Dtrm9zfrgD0ufvi
QR/m/wDxwI2G3tzxVBBAOxFx5nEjkOb1GW1iyxNup88FUbv2OdqE9TUJR11Ud7DSNy2PQfCqHOlF
RNZY7eGPzwzlZcJrMclppqH5dgPFsdPI+mM0447F6LiSqL08QAj5EDmTjbCk1fZJnuR0zyqTeJiV
53tiS4P7Uc44TzaCLMpCI4jbckWGDqHW62HJe2HJs3ikdKtbG1rncnExlXG4rKcyLUWVDvc412zV
c7Q8xyzibL2jjqIxOLlW1bi3rjzPxJ2sVOScQz5TmEhIjYqDe+K9bRvUduGd5dS//q2VX1b6euIa
k7Sc1zvMfnszlCljyBtbGdtTpvfZTxZl2WQRSmokeQi557Y9EdlnGT5vPFHAh0DcsTzxj+Dr22zJ
3mnRGeTQtsSEtRMW7qklYm1tIxqMmVfwnnOY2aRyo82xE5n2e14dZqSs/FXfbF2t6Pcp4s4i4XhM
OZMTG3I+VsT9XnlNxdkiPTtZ13bzxQEFlhpqDQv5ep6nEW9VWTQNPqsouefPAQU2cy0tOEi3vzOH
J4lmmiSF20qu7HFDo9p6hKykMkTWBG5GG1JVlQ0EZsL3J6YjEH2lcfZbwLw/V5zm2YIiwxM12Ppy
x8uu1HtDrO0LjvM+Ja6cu1XMzBWN7LfYfpjpOIbvGbUjOqcEeM36XOK/UaY3OlyfK2MWHDKyLt2U
cPVVIy8XZlCRTxtaO53bzIxo8+XcBcTUTVEdYaapL7rfdsfA/O8ny81s9P7B/wAV/Dx8f9NmHm7y
5Jw8N8T8JiaDh6rSop5LB3tz6kfbDZeJHZTBxFkgVCfEVHM48u9v0OUz/Fxnjym8XVVJwXmLvPFK
1M4FgpNj74fRZW8+XfMxVayaAYYkvvc7kn9sO7ZoYeHx5Zb8VZPGSwNx4sAFF/74/QP4FAOgbxLt
054RkQKbE9PPELTebSU8R2w0nPNf2641Fb7NptNrkb9N8M5WIPiJONRm/oi231fpgoSxv59MIdpA
Y7YIb2398KdYN15dcALdTthQCd9jjix5bWPni0hutydscNyW3uOgwJwAJO9r9b4Hw/v0xIDDfVq3
xwG2/wD5woaJxGCwJ1EWFumE9gbjF7RTWIorBjqcfcDBFIDg2HPEi0TGO9QTv+W/nhJmH1Xvg0gH
TbytywYMNOKpyuQQw5jCk5VvxAxAbFrSE1W3PvzwBY7eLYYkC9rg3uTffHFmPhVfucOk7dBufthS
lus2sdAT+2L9okLdf0wO4NmxJ2nfYgDA6QVtf364gC6jkbemBttfmcRdzODe+IAXUx5/bBh6dMFQ
DboMB6BvscMQhB6i2AJNzbCQW/brjrEWv5cr4g4/Ud9zgvubnpfERgPMb44Ktt2ucQDpRRzv6jAc
xdrb4kAJtztbAhfL9cSCFFiL2vgQP+q39cRA3mTbzGAffn+2JOvY7n2tjmI0ixxJxN/t1wFhc35e
mIA03G/64Na/1H9MSjgL8hgQukc8Scy73tbHBdW6jntzwF1hzJx221zviQbm5N/tgCRzB/TCnX2t
c3x1wN9eJBAsdzcYEOL3Fxg0oAsD6euCsdJsCAcUmk70O2DDbn97YUBthce2DX/L19MHacCLkWvg
yNvtIBfFpLDwfxOeH65awSEkchfG/wDZX8QqyIsFbNYCwtfn/pjM4reM+U03XhTiek4hohVNOPFy
J2H2xP0LZcJD4hYDz546y7cssdUhnWUZLNQu7ldxsBjzn2xPk1LmrfKOpKk3AONa4U7UGftBqMsb
/lJWBS1hqOJfKviOzaliqKMkgOByOM9KzaMzPtjzaqqP+WrWRbbb73PXFG4ylWprGzKOUyFvE7Dz
xb2JxUPDUyNVaoW3K/ThxFnKyTWERRh08zjLTTeznPOIHlpoJK0JE5GooN7Y9jdhebU8lJDFTqW0
Wux64x7avT0Bw5NmGZhVhTQvIXxfMhySCl0y1DAkC/LGpywcZtXxMvdW62AGDZflsNTCrJDY/wCb
GmUVxFwzRVMRDbkHlfFWo3OTVjUg8KE88F4J3PLrqSpfwW2HnhOtkR6JqdDYtyF8BkNI3pqKAicX
PkcN+6nqIjMTbWbgemBpKUlYsOX/ACscmnq74j8+zWnyinSWWpEMQBd3Y22wzlrGbuo8SfGd8Rcf
Hk82TZDWOKClJjDKxAmfkT6gY8umrPelvM8zjPjz+e7Hv/qnh/6XLDwXuSb/AJvKdy/hiq4iyGfM
KaEsYtzbfbFLpsrSrz6GilF1MoU+18bz4x+Twfj4TyeXHD7rX4G/4XrVop6F5aJVARDsAbC+Hk2W
cL8QVpbLJRTsyjU52t1Jx+Wyytu6/v3i8PjmH9jrXTky/i3LInjoKgzQoTpAPPz/AGwelzysp6gp
n2SO3h31DlbfBrbtM/L4r8fJNwrSVfAtf3i18XdSVJCs1rFept+2OpOB46iOepy3Pe4jhBdFL2J3
5frjXXa/t+LzWXxXVZM9lNw3PlgQwINx+uPv+n+fstSk3IFtrEc8ElbUb8vfCxeDaezDy3w1nAFx
qH2xqA1lvY6Tzw0lCknfGoLSO4OoY66kWPTGkA6dwScFJHMGx/niQGS+6n7YKRcXK8uuEAuLWGO8
Nt9/bFU655M2+DbNsD+uKkJIAtb74DmuwvbAgkD7e+OcLp1X3xAA2uGPPywW9xiLio5scGWIX1E+
EYanOdYG+w5b4AgaQR9sCByFr3NtsCLHZj+hw6TrkHbbA62aIp++JOCj8v2OO2vs21uuKoXZrL16
nA3tbr74gMLfSdscHFiAdrdMWiKTte2O1Xa+o7jCAXBO323xxNrjl7YtII8W1zjlPMW3xIIY7kXt
53wKHa4bAgggsLHA7X2a2JB2Ym5GAsB9R/0wEVhfwKb4IRtuOfXGgA25dD647pz+2JO5Hn98cRti
Q2xPhH28sC2wJI+98RdYWsP2OAAItvf1wJwsV3Bv6YEDbn0xIFupPpY46/Lr7YUA2PLBTvuTiTtu
v2Axxs1xa2IBte4A/TAW33bEXAaubc8dY9T974gEG2wvYeuOJ54iNzPTAeMWttf1wAIFt7j2xx02
tbn54iCwv+22AQDkDf3wgFr8/wB8cQPP1xEIuo1XHLA3IW7H7YkAHax54Db8v74g663sTfywa1he
326YiC/K5wJsG9cSDcjYAY4W59bdMFiCrADUG5YlMgzyTLahZO+NlwWNYXVbFwL2v8SRpFDRTEID
bfGkt21z5fSxrPVbCxYk29yccsPLJdV9fy/gZ+TCeTGIzOPiRavo6gwSFFRLKL78sYnmfHc+a1kl
VWzFi5J3Jx6JluPkZYfG6VzMOIZJ6o2bwnb3w7+XkkijqUHhJ3wVkXOG+Xq45IG6WAHTDmgWCfh+
uinYGQbovnhjN4V/VNRVQO9/TD2WlNTT/PxDfrbAv2tnZjx1LkeYJDUQrKl7EdcevexXjGCqpqWr
pCEU2vcWxm/TUekOCuLizIEqgR5DGh5TxI01MAn1H8xONThg/WqpndGB1vfkMTVHJmEqBI4tC264
QJWUyoC0zBma+w64pHFtJYmSKO1r2xGISnr6mddDDddr4cBmRdSC7npjG29EpQ00neT79LdMOaPu
yzLNKBYbW6YiaVuZU2Xo1VXSLHAniNza4GPKfxT/ABVV2c5zJkHDBtQKTC8yH6ulhjj+T5v7Pj3O
6/Rf8c/p3/W/lfPL/XHmvKnaLmnzNcKRHuF8RsepxVGlsCSeR6Y34Mfj4sZXy/6x5v7/AOf5c/3f
/wANq7KsyyThjsTzquzaMd7UKUjc8/tjJ+Bcs/jGbVVXBFqljN0BO3O5OH8qzH8e1r+geH+//UfH
h+//ANNAj41lRny/iChQgWAAHTD+oyzhjOKeN8oqRC6KWY3+pupx+a+Pxf3Dx+bx/kS458ZQnSQc
ZZPpWin79R4iOdvTD9+P80Cas7yINoNi4Ww23P8AbD/DePm8n4815JuOirOAOIK2OKtiFMpJ1PYj
frt+mC5hwjkoDnh/iNiha6gtuQOf7nFu+1l4/D5cfl4bqsgd7t4lI388BJIARc29cfoH+ft8ExKW
6/p0wXUQhDYZBQSxrpvfDeVedlGGD2ZzRjqOXQ4ayqFbpjUFISRj6l/TCTDqTb3xoAtffa+ANmGr
X++2IuvfBN15YdAGwO/XHDou32woDbbEYMdthzwIAsdr22wKE9bcsKGuL36ed8AxBXfGUG4C7scA
qg3BNsKAbjbSPY45mBstwMRB7dOmO5ixscKcLXtfHKRzJFztiQCWvfHXZTa+IdBGptueOtYWIxJ2
wHO/rgdrX6e+IuFtO5Pp64DULWGJC6rEktgL+d8TNDsfpHPr54NzFidsRDsOv3wK25EYkG6keIke
mAuSdxgQTYnnjhzG9vviQWuF8RvbHEjlfFEKSOnXrgp5aTywroB08iN8B97HEqFR0/YYNZRiTh9W
55++OJFjc+2IuPO1sCDtZjywJ3of0wFiNxiiA3Pc4AFbXAvbCgc+ROO06vDy9MQCLat9/XHciSBi
TuQ3bfAHncjEQbkbEC+Bttc2xBxN9rbDAkC1x+mJAvc/V++Dbcr7+nXEgjcWB3PXAk+ZwEGgFt7b
8sBuB9W/vhQPM329ccVtsDceeJOsORwFx6364k4W38W98d9OxF8QcBck9PI4HTq6/viLulvLHBbX
0tfEggC9vLyx2kA+I4kHwgXJxynxCw64k1XsuoUq8tVmcC25Y9fTFjzzIpKpNDT9Lk/0x8Ty53Hy
V/Vf6b+Fh5/wMd+4qOa5BOjPSQSHS3NR1xX5+EsyeQ90u3O98ezx/kTXL8t+d/Rsv7l+CCzGjkpq
gpMNx0xcez2ODOMrngfeRAbL1x7sbubflvJhfHlcag+KEnR+6sboSCPLHZLmVNCxMwuHTkfPDHLt
HTSGoqCWtqHI4s/C2WxZjktRTxktKovY4ZzRRuFuGquurRDGAr6rXN8eoOwaqm4fhTKc9pbR81kO
wxmteno3g6oyuOMTUE4NxtvyxoGRZnJJGoExUdbY1Jplb8mzaliRXRNTDzxa6aukraTvJJtAAvYY
tA2q8xpoowQxZuWInO4BLD35QWYcsFaiuQUcXiCr4idsc9PJHUWUDYbXxz6rrJslPHrp+6j2N7lu
uIjMM7yzhLKajNs4qVAjF7sca7OGFyvxjyb8QPxctxO1VkPD8kkVMAV71TbvOm398YG/EJzPK546
mjYRR7lzfHyfP5P+o8k11OH9R/p/4+P9H/Bywyn+Vlt/9M/zLM/m6p5TsSSPbDaho5K+vjoowWZm
sMfZ64fyjK/K3Krt2p5mnD/CdDwhCQHVNcgG25xVeGJzltNHPlVa6zufxt7bX2GOH5c34/jX2P8A
j+Xw/Lnkl1ZzP5WOn4nymuntm5Gw0g/1w9goqCUu+W5vodzdVvj4lwuHF6f0/wAX5Ph/Mnzxy1kc
5Vn/ABLlTtNBMJgu1yeeJKl7SJhAtLnWWBl1arW5n9PPGLhN8PoeL8/yeLGY+abn2Gvzbg/Npe8M
YiZhbSvT/ZwZuG8r7iGTKs8a4F28X++uMXePbtrwfkby8eWqyskahdtzjjpYXJJ8sfffwYQ7sW1W
9QeeDJvd03HrhQSvh1E2t0OEpo9Y1Aj2GJU2miFiB/PDWeEG6/tjcZpvNCVJv9/M4bPHZjbbpvhR
EgAWc4KQBzsQOeGBwa1gwwO45Wv/ACwoXw2OprdL47ZiRiQBueW3vgdmUjVhTuWOG59PI4E4k3uN
sGFiN+XqcVTmG5HngCVAszbYogeDob+eAI32GFAPLngb8/TEgXBIuf0OA8wd8SCRuADvz364623P
74lrbidXMDAsdwDyt0xJ1yL2OO1C1z++JCsdtsFuOa/riDr9ALjAqtzf9sR7GsCbCw98CLAEW3H7
4kFrWsTYYEFbjxfYYE7mCzb+mAt+Y+fQ4VHX1cjgRpBtb9MQjrhrXbYbXxwN+QxEUsSQLCwwFxy6
4k43tYnHW6lrAYl0G1wVvbAq1uQ2874k6wvZgd/XlgNvqDAHyxF3hLbfrjrkeLV7XwIAOoeE7+pw
OoAXvvhQCOTMccEuLevPEgaRe3lzOBFr3xBzLYg9TjrdCOWJOtcmw3wDHTtfEQHqScANhc/riAb2
Fr7euO6g6vscQCPTrgdQ/L+2IhXqwP8AfBjpbmd+l8CdYeYt5nAE/wCt8SAVUC9xf1x1jbkN/Xlh
QDdbW5+uAbUvIk+2IuS4ttv54477E3xAOwGnlg1wfCG264i42O1vfHeHcct7b4E7YjY7e+OUatr7
e/LEnEWuL/bHC3QDEl47Ns+qY9NFExB9DjU8pyubNY9UtSQg5e/lj4n5mPxzun9V/wCLefL8j8XG
X1wj6/hyGOZjFUgknrhjUZGwiOh1IPXHnxzsfd8/4WN2qfFXA9RUSa6dLkncjrhp2fUtbknEIoal
SBLsRe2PseDzTKafzD+tf0zP8fyXyTor2jZS9BXSWIIk32PLFQWTuZVVhcqd8ex+bs0Xr+71JVR7
ahuMXHslMaJWTOwBZSFF/wBRjU7Zy6Wvs0pVzLM/lXjtJr06/M43bhjM6CjjTKM7C6h9L+YwJpnC
NXRIq/w2vIHudsaFw5ntbBs1SsnRR1vinHSWmh4mzmB9bRDTffyxLUfHlTVv3Ir9PQgG2HkJ7Kqx
5YvE9wN9WJCesiliCyPq8hfGWohq2WGmmvHJ+uCVFSjovdm7W54w7GGbVVHkmXyZrmlUIoIkLMzH
yx44+J/4o6XjpKjh/hisaKggfS0iGxl9PbHD8nyXxePjuv0f/GvwP+q/J/vZ/wCuHLBc2mpc6WCW
mJXob9cRHGmbVOS5bNkpATvSFHmcfN/Dny8sxr9j/wAi839n8LyeXD3qf+1F75mY77AYtHZZkzVm
ctXN9NODISfTH3ZzY/kmU4QfaLnsmb8RzVNRNe3riv02Zz0p1oSAd7XweWfJ3/F8l8OXyh3HnVPK
wM1wcO4c2AkvBVkW9eWPJl433PD+bO5dVI0PFmY06d3HUmxPLEtTccu0gNdThwOePLn+PO4/Rfif
1nPHH458w7TOMizWpEk47vUdxfDmlSF5S+W1xRdXhF8ee43HivtePy+D8m/Px3Vf/9k=

------=_NextPart_000_01CF_01CEC5D8.52C541B0
Content-Type: image/jpeg;
	name="Fred-DSC_3828-3.jpg"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="Fred-DSC_3828-3.jpg"

/9j/4QDSRXhpZgAASUkqAAgAAAAIABIBAwABAAAAAQAAABoBBQABAAAAbgAAABsBBQABAAAAdgAA
ACgBAwABAAAAAgAAADEBAgAKAAAAfgAAADIBAgAUAAAAiAAAABMCAwABAAAAAQAAAGmHBAABAAAA
nAAAAAAAAABIAAAAAQAAAEgAAAABAAAAQUNEU2VlIDE1ADIwMTM6MTA6MTAgMTM6NTM6MTgAAwCQ
kgIABAAAADM3NwACoAQAAQAAAAAEAAADoAQAAQAAAAADAAAAAAAAAAAAAP/AABEIAwAEAAMBIQAC
EQEDEQH/2wCEAAIBAQEBAQIBAQECAgICAwUDAwICAwYEBAMFBwYHBwcGBwYICQsJCAgKCAYHCg0K
CgsMDA0MBwkODw4MDwsMDAwBAwMDBAMECAQECBIMCgwSEhISEhISEhISEhISEhISEhISEhISEhIS
EhISEhISEhISEhISEhISEhISEhISEhISEv/EAMQAAAEEAwEBAQAAAAAAAAAAAAYEBQcIAQIDAAkK
EAABAwMDAwIEAwUFBQQFAxUBAgMEAAURBhIhBzFBE1EIImFxFDKBFSNCkaEJUrHB0RYzYuHwJHLT
8RdDgqLSGBklJlNjkqOywjSTwyg1VVZmc4OzdoaWAQADAQEBAQEBAAAAAAAAAAAAAQIDBAUGBwgR
AAICAgEDAwQBAgUEAQUBAAABAhEhMQMEEkEiUWEFEzJxBkKBFCMzkfBSobHB0QcVJGLx4f/aAAwD
AQACEQMRAD8A+QSf7Rz+0JSAD8efWg7vbW9z/wDGrJ/tG/7QokK/+Xj1nHuf9trnx/8AdqZaSMn+
0c/tCt3zfHj1nHH/AO+9z/8AGrx/tHP7QoDcfjx6z9//AN9rnyP/AMtRQUeP9o5/aF4Gfjy60Ag8
n/be58//AHasq/tGv7QwK2//AC8+s/6a2uf/AI1AUkeV/aN/2haRhXx5dZyR3xra5j/89WR/aM/2
hXj48us/1/8Aq2uf/jUA6Mj+0a/tCtpJ+PDrNkDuNb3P/wAas/8Azjf9oOV4T8eHWcDH8Wt7n7//
AM6kKsGU/wBoz/aFJ+Q/Hn1mIHka3uf/AI1Y/wDnGv7QoI4+O/rP/wD9vc//ABqYG3/zjf8AaDbs
H48Oswz/APxvc+f/ALtWp/tGv7QnGD8eXWfA8/7bXL/xqAoyj+0c/tCd+R8d/WXn/wDje54//vVg
/wBo3/aFKJ//AE8Os4xnn/ba5/8AjUgqzdH9ox/aDAZV8d3Wc58HW9z7/wD5auzf9or/AGhQBUr4
7esqgR41tcv/ABqArAoT/aLf2g44V8dfWUHnGdaXIfz/AH1bp/tE/wC0F5//AE6usYGc4/21uX/j
UDdUdR/aJ/2gYwU/HR1kI9jrW5f+NW6P7Q/+0CVnHxz9YzjwNa3L/wAaihVR2b/tDfj+cXtR8dPW
PB4z/trcuP8A7tXZX9oZ8fqQSr45+sRyfGtLlyPH/rqTGkO9j+PT4/ZriGx8cPWI5I760uXP/wB2
qUunHxFf2gOqnkKV8bnV9QB5B1lcu31/e1cI9zoJSSROejr78cV2iBT/AMZfV9xS/J1fcR/+ep9u
Fo+OJxjc18ZPWJGe2zWVx/8AFruXRNqzkfUpMGrxZv7QI/8A4r8bHWRGO2NZXL/xaGLwx/aTRFqE
L44+shGOy9YXL/xqwl00omseaLEIuv8AaWIIEj42OsJSOCRrG5f+LSpi5/2iLhBc+N/rIg+w1jcj
j/7rUrgbK+7HQR6Wf+Px15P4z42esLo8hWr7iP8A89UpaQR8bCkoMv4tOqyx7uasuB//ADta8fAn
sifIkrQaIuPxXWuCp+R8VXUslPOV6pnH/wDO1HGu/iZ+KHS75ip+KrqOVDgf/VPOH/5yq5ow4o0l
kwjOc38G2hviU+Lqc6h534o+ozmefm1LNI/q5Ut6e+I74lozCBI+IbXDhI7rv8tR/X56zSiolO7H
pv4ifiFWj1pPxB61+iUX2UP/AMOlEH4nOv8AIV+Ge6760Tg49Q3uSP8A8OparQs+GLHfiG+IAfuW
uvetFf8AEL3JJH/v0PXv4n/iMgv/AIdPXzW+Rn5hfJQH6/PQ0mrSBN+WJWvie+JeQU+l181urPtf
JX+G+iu29fPiGaShyX141ooODIR+3ZWQf/t6pQE29WLl/FN1xS2W0dbdX5RwQq8SQf8A7+tEfEb1
4lhKk9etZI3H/wDbMnj/AN+opNg21ix4t/Wv4g3JSPS68avcSoebzJ/+OiWD1c69vNJSes2rDz3/
AGvI/wDirVQjtE9z8sKdOdVOsr49OZ1c1Qsj+L9qyP8A4qeVdRuskSS24jqxqNbTvBzdHzt/96n2
xS0ZuUr2bN9UOsCZCoo6p6iUU8//AKzfyf8A3qC9efFf1N0Za5bM3qRqjcnI9RFzfyj/AN6pkksx
RUHJ4bIHX/aSdV9JyXjces+qXmm1bgVXZ9XHt+any3/2muptSWJdwidcNRIWhJIAurwIP1+auPv7
XTOnte0GujPjb6oTdJt6iX1c1E+lzgf/AEo8f/wqMtNfEl1MvqmpLHVnUoK+C2bo/wDpxurWDToy
n3W6YVxet3VVw+m/1Mv4KfIuL3P/AL1dP/St1gekjZ1O1EE4/huL3P8A71a9qujNya8jhE6q9WkM
FlfUa/nfwFm4PZ/++rq51N6rxVoB6lX9Qx3/AGi9/wDFQ4LY1J+5onqv1Qekp29TdQcDlIuD2P8A
76sr6sdTWUOO/wDpNv8AnHA/aL3/AMVTS9i8+41tdWOrUlZUrqhqNKSeMXJ7/wCKniH1C6pRo6lO
9TtRLzyCbk8cf+9RSHl+Ttbuo3VlTw3dR7/jPGbg8c/+9T+xr/qalopV1BvefJ/HO/600kDbXk1P
UvqA0yUtdQL56gOCFTnT/nWYuuOo0h71H+o99HskT3Rn/wB6ikFvdih3qN1EaX+GRru9FXj/ALa7
/rXF7WnU2KRId6jXw5/h/Hu/60UmK2qycZerOpLo/F/+k2/oP9wXF4D/AO+pO71H6lwGgtzqDflK
+twewf8A3qGkPPuI2uovVaYouq6i35oK7A3F7/4q4TOqfUeKkh3qhf8A5fCbg9z/AO9U9q8jTY1u
9Yuqq3sNa/1Jsz/+0Xv/AIq7r6s9TZyAy31H1E3xyoXF4H/76iqegdvyNdw1p1WSkyGusWqAjHKf
2s/n/wC+oZunXHq1a1ll3qbqxSB/H+1pAJ+v5qtpNYQl3XVjenr/ANSnF5PWLVyFf/W1XWQM/wDv
0lvPXbqzKQlNr6y6tZc7Y/bEjB/96oTWqH6vc4R+sXXh1r991m1cCP4v2tIx/wDfV1d6xddYsX1R
1v1Qr73aRn/76moLyDb0I7h1o+IKKymYz1h1YttX928SD/8AhUhZ+IXr01iS51k1ZtHffdpH/wAV
W4eSO5u1ZtI+Irrg6nerrJqoN/3kXeQCP5Lpvk/EF11Kwkdc9XbO2ReJAP8A9/RSfgSbvZr/APKD
68qQUsdctXn6m7yP/irJ+IHr+W/33WzVvtkXiQP/AMOl2oa7vcYr311+Id4KMPr3rVsjnZ+25I//
AA6bD8QfxICP6b/XnWySP4xfJX/x0qWzSLbxYld68fEuwr12PiE1y4M4Kf25KI/+/ruv4hviGlxd
zPX/AFuhQ7//AE7K/wDjpdiTyNy9hIz8RXxIodCXPiB1t37/ALelf/HSp34hviEkIAT8QWtx9r5K
5/8AfoSSFl+RtvXVz4h7tFWz/wDKP6gsKV2W3qKYn/ByqxfEbe/jsiqenaM+M3q4xtyQhjWFxSkn
24erpiockO1rIoycZ7wVG1l8XP8AaT6PmuRbp8bPWhsIJHOtLnz+vrUNuf2hP9oM1gn46esY75zr
S5H/APPVwSi4umddXlHMf2hv9oEtO5Hx0dZPB41rc+Pp/vq2P9oN/aCFokfHP1lye2da3P8A8apT
sMHGR/aI/wBoAgEf/Lr6ykj21rcv8fWrmr+0T/tA0HCfjs6ykDvjWty/8amVRv8A/OJ/2gufl+Oj
rL25P+2ly/8AGrkf7RL+0FScD46uswP11rcsf/3qSCjJ/tEv7QMBRHx09ZyfAOtbkOf/AMtWh/tD
/wC0IXlX/wAuzrLjxjW1z/X/ANdS/YUjA/tE/wC0FVlK/ju6y/prW5cf/dqyf7RT+0D4x8d3WU//
AO6XP/xqoVGT/aJf2ge1Kh8d/WUew/21uQ5//LVqr+0S/tB0LBV8dnWfCucDW1y/8apTHRyT/aKf
2gq3Up/+Xh1l+b+FOtrn7f8A86tv/nE/7QZpCt/x29Zsnz/ttcv/ABqexUtnj/aJ/wBoKvDY+PDr
KB/e/wBt7l/41ZH9op/aChs7fju6yK8FR1vcsf8A96mFGF/2if8AaFgYb+O/rN9D/ttcv/Gr3/zi
v9oMEhLnx19Zs54/+ra5/wDjUh0aK/tE/wC0IKfn+PHrOD7DWtz/APGryP7Rr+0DSU7vjt6zDHcn
W1z5/wDu3egVI8n+0X/tCXPmHx09ZeBjA1vcv6/vq8f7Rb+0GBSgfHd1nPPH/wBW1zGf/u1LzQUY
/wDnGP7QVIK1fHd1mPOM/wC21z/8avH+0S/tCFED/wCXh1nyR2Gtrn/41Owo8f7Rf+0KaSQr47us
4x5Otrl/41eX/aJ/2gyuP/l4dZhjk41tc+Oe3++pgl7mXP7RT+0FCglHx39ZsZ//AH2uf/jVqf7R
r+0JSvcfjt6zdjnGtrn/AONSCjw/tFv7Qruj47+s5H/+bXL/AMavf/OL/wBoOdpPx5dZk88f/Vtc
v/GoFRBeVA44PPfNZ384HPPOeKofnBkLB7j+vFZSUpG0nn296KBoykBQxkAHvxkprOAkYCvrkUBs
wd2ORxjuKyAopIGcjuO2aBWZ+Yp4PJ4xXknaPlVzjn/SgdYNk8/OpWeO/esePl/l5oFRlKilWO/s
K8VEqJTRWRnt/GNwwn61sAMYOTzkYpaA2Sr5yUkAc/rWzSk5G1eAewNAhRHUhOCDx37mu7eNwWRh
JIP3oBilPzKGMDtzg8CuiRvGAO58+1APIsiW5yWvcgH5u2O1O8fRN0f2uIAKRxgAmjtsLCnRtgVa
3krmsKUjPdPg1ZDopqKywfT3lAUe+OCK1g+y7Imu4tz0Z1ZbpgaaAQRxzirGaO03a70yhTsdKgfY
eK7eHncsM4OXi7coNIPRewTGgpyE2AeOU1pN+HnTUhJBhIGa6HyrTMkpeBqkfDdYGxhqE3/Kkbvw
6aeCgf2WknyQKhzTfpKV1k2Y6F2WMpK0QAjHsK6PaIt9oCj6aRgVlKaTNcyIo63a2t1gtrrTe0HB
5FVPuzszVupFy8fugrIyOK45SfJyG0I9kckkaIthjw0pS1j/ANmi22Q3G0lQGB3545rTexX7DvbG
kOK2v5A74Jxmu92bhRo62kOgA+1S2qCNpjCm83COoxYT4UlXAVnmt7fHlzlKYuEdXqnOAo/mqoRd
4Jk7CHTWj3VoDiEqx/CsjP8AOiVvp/rGU6hC7cdufldQOCK6I8Laszc1dCu7fD/qBK0XdJUc8OIz
48Gl1k6TyYrakTWFnA8iqlxKLslcncP9o0dIjYVHa3BH0o10vYELaUzJTgnsDWDVZKw8BJp3T6C+
qKpODThcLP8Ag1JYTyCO+KV2hCKfYUwQJ6shR4yKgL4qbsNN2iVcXE+sj0juSgckUlp0WlbRQ2/X
yx6lU/OtwCoriSkrUSCk5qCoOqZGldTzIqZa/wAOXFJU3vzt/wChzXPJJqzqWiavh9+IJUNmTp6R
qTc2E746FL+lWw+ELrcnXTiQ6rLqCUd+FY81MWoySRM42i1+nPw8pAlSClO7jFP0IIjP7koKk+57
V03RyKmsnl31AlGGlgbfFZ/GIkjbv7cUnfktJaNoyW4+SrknjNdPwfruFvIKSealspayKF2EuFEZ
pkYBz8vmnVm0bWNi8gjtT3lh+hZZ7YoMqccwAk++KUpiyXEJDT4oTRVeRSmJF4DqRkd1e9ZaWN+1
hAKE9zSv2Cl5O7EePHT+PfcClHsmtEhu4rU4tSeDwii15D9Gtztym2g+vBJHAT5pifjTXQtx9WFJ
PCc06ARuqT6X/at2R2CfNJ2mLdJy+4DnvtNLyAikahiuSzbmmEt+N/aujFga9QuN3HPmp7reR17C
Wej8E2oOsBxY7GhW8Rrk+lcmZC2p7jIxmtIpk4QC3lcdUlTqk+mpJ7HjNehTrQ8wEuRsup/iHmok
82y1jRtIvamkCLEaPPYH/WttsmZB/wB0MnyKSsGhOi0vuIP/AG5SAn+AHIpum2uQlKv+0JKfY1rF
Rq7Mm6Y2xZYjKMRxIUBxxjFelv2iKdhHKhgjPmkmlseXlDWJDbMwsPObUL4BOc05P2tTDX4hqaCg
jOCeKpK9hYikwUuAupcTx/dNc7hHi3CJ+HTtS4OxJxU6ZQwrU/atzTqRj3BrgmOZaxIi5CfKT2NQ
/wDpK0rOc9LYSnO1Kxn71wt0p0SdjiE7fpRJjQUR2Is+N8uOB58UjlaTtt0KmJjKCk8YrSE/Jm42
3ZE/W74NtI68iuqatyCpY7JTzn74qk3W/wCBLUOj5Tki2QnFtJyRye38q6OXjXNHuWy+Hk7biyBb
9oe46afXGmQlIWg454zTHLfZ9JSCkKPb5T25rzpJxdHWqG55ClEkJAPYba44B5ZIB8nwKkR47EKV
h7b+prB2LSULUcge/wDhSpjMemNhbRu5Izn+tcnkHatTisjnB5wKeLwBslKVAFSsDGfm8CsnaEhR
VkYPKeAaLA8SpCSnjHjNaOYx86sAHA+1GM0DwYeYBCdqeBjJRXntmRuQrcB98Uk9AbYbaWFFYAxj
7Vq4ArLX6/f9aE2BqXAGwAk5JxuFYIUtX58nuFE4PFOgPLWEslIKTg+a0OVpTtAH/EaEDZhtYaQV
LOVeM8cVjc6lIcX+ZP5TR5BOjJDhwD8uB7960K1jATgYOd3+P3p4Ezf1ElPKQAex/vVgentADffv
mgZsFBtPphWc8YB5BrxC0pSsoykDJJOTUoR5SvUVt7Zxjn/GsBKVA554z9/rVaDA17vlCnAeea3S
pIVgknHINMGYyltIURnPispA2bSs8/WgEZO3O0YrcZPIVg/fvTsLRhJVtwVZB9z/AErZASeEnPPm
kGjAUScdjxyeK2Gc7UnHjg9qA+DyEq3EjgAd81sSCd2ee/60MGYISRgfpzWF57pB/TuaBGyeQoKH
I4rKSrcFJc4PvQNsyo5yVEZGRj3rZrAI2jAI9/pSFoUIX8oIyCeMq4pQ3jfzg7Txx/jRQ3QpYOVH
f7/1pZFbwrcSognt7igmws0yiOydxTj3z2o6tsyxNsNj1ElZwO3/AFirUkkJix+bESN0fCMeVDIV
T7oGev8AbDbaeyj/AAnA7+1aSIWS33w9PPOlhtThHbjxV2+jTjpjND0c4A5BrXj3g5+V2ibLQpPo
pKkcY9qcHEtFO7aBn+tVKXuYpJiaS3HCSUgU3SFIQMggY71m5exrSrI03SeyGyOAPeo76kaqg2u3
PLU7g4qWxpWU06964kaiuyrdBdUobueaYtF20oWlpEdSj7io4k3ckayqkmSzpuM3EiBDqFbvbHYU
8RkMqI8AdsmtGyaydBIjIcLaElR55of1bqOGnMXeW1DjjzUvOkHvbNdG6V/2kmBUV1a3vzbTwDUx
aR6UftW3IRcYSwtogZAORXZxwpWjmm6dMk3RvSq1MNpUI3zAjcD/ABVIdmhWqKv9kyoSTgZTgc0u
TlrREY2wii6as9xgbFhAI45H9KSvdO4z1tWylpOfBAqVyWNxq0M8HpytAcS2znnkVvI0ku2pQtLP
ynsT4qZLBadHezxQzMDjgCAOD5zToY0V8kFKV+R9KzsY2TrXKeiOFYJ2g4HvUJda9IQ9bxH7TcI+
xSmiBgdxVwXa1Y5ZPnh1K6TXjp3drlBiQQ5BcWstlXABOf8AOqg6rlPNXi5zp8F0OJOCEcBJHH+P
+NZTXsdMM4HixWWTfdExtTWJhbMyGdrgbUfnHvVqvghvk3QWo4q7zNcDMoBaWyeecZrNpNdwS8o+
kWhZibiwwolXpuN7kuKPGaOrbNK4hYCw4UnGRW+jk+DmY6oCvxD7JWf7wpKZyfWW+22UgnPHikxx
9xyhN/jWG5alZSD2pwUgqebQ20fmPas27RqgotsJi3NB2Qj5iOAa6fh3EueuUYbPvVPVCXuKZYC2
0YZCAe/1rUqbZIjNM/MaRTyKYcBpWS/nPgUmWl0vGOQEJJ42+aXgeju9blNkFDZc+ntXVyzsxmkO
Iew4vnGe1VhEWeVBfVhanQtIHAz3pFItJeC19/dNNYCxpuVqb9Pe2gjb/jTLcrasMqZjq+ZZ5WT2
oYL2GFdvYhyShzLm3nI96WN3uJbwlCmzvV/e7Vm1Wi1k7m6tS3UvnYhKf4fesXtyNcYKtyBs9xTi
waRH2p9M2ZxklveXDyOKD7hCt8RJC3g2U+1W6Yo2Il6lW2gQ24vrY/jIyaW2edJeSC4lxCc+BWTv
Rox8TaoFwjKWzIw4kflJxQbqFD8N1TRcXtGTkk8VoqawZeaY3R7eoOpmx3ckD5kHzWuoolkuMZS2
Hfw8kDIDnGT96uFLZnJvwQP1T6xX7Qc5cK44U2D8rjZ3Uj0D8Y+nZstuw6imGO64rCC6cBVY898T
tmsFGSwTtpXU1ruzDclmQlxpzCgtPY043q1xXAHIqsZPcHgVcJqUSWmngYr3YpSUBanNyMe/ApqQ
p+Cra2ePYUnGlaLu8GXGY1zWVr+RSfGeabZaFwHyWO474Pf9KGsZK06HWxXNT6xu4I7gcUQLaU4w
H2RhQ9jUQwKaOEW8PKUGHGzkHuT3rteenFh15bFMTYCSVCt+LkcJZMZxxgrR15/s+LNqR92XHhqa
VydyRziqtdUf7PTUNiK37Qp1YHOCjH6Vty8Cn6kzbi5bwyI7z8Meu7UotnT8lWD3KDig+/dM9QWZ
akyoSm9njBBrifG0dPcgckQH4jnpO/KfIV/jSdTaMEKQMZ8Z4rPTKR5xbijjaQBznuDWrhZUrcRj
JGQanQGnnapCvbIOK2UMAZURk4PPmm8iMs7h86h8vgA1hSVEHb9PrmkPZq4EbClKj/LtWuE/NuO7
A7JOKYGNoPClEAfxEVvuV62EZxjsRQ9AsI9wnvjknscYrm41lQ3L5OO/OKSYP2PEEja22CQf4u4r
AylQ2KCQTj5hzQs7A8ttaMrCc4PO4H/r3rB3JVhYyCcDGeKVWBo/tWoYUCAfBrCVBIDiSBgcDvn6
YqvAvJ47E5A55yAPtW6UqUkkrwR2+tAUYKmtxStYPjG3uK1WCcYP0oQNm4WEEEEZ/wCLit96ikgZ
UrvihpPIawMwIzuOfY5Nbp5woK4/4aoSMAEAhPB9uwrKeFFQH3zTHRlCkjvjj3rZBQpKQRznv4pD
bPAFChkd62+XcSD+me9AnZndtGQASO+a8VYHGPbFAsI8QNhO/nHf9a8AdvHGPNAI3CwkKJJ58Dua
wnGfmVyKB+DKduMDufJ8VlsJ3ck++c0CZ7d9Dj2PgV0aKuUlfB9/FIEdGT2UMqyOE0obc3oAzjJ7
5xigYsYUlYCjjbjOU/enG3lxakITn2PkCgmwktbMqOAvkJGOAf8AI04+slL29B+bPOTitKSFsc7T
Kfnvegh5SUnwew/0qVulWmPUntqUlOPzE55J+9XCK2Zy9i4nQG1MocbScggCrjdKQyxGQA6k4xzW
/G0cvLeyV7bN/cjD2fpXdy6PK4Cxx5rObQo+4kl3nanKnB/Oma76tjRW9pXyPGaycqNku4ENR65S
G1OBW1I5wT3qunxA9W5DbDkONJ+dZISnOSTUSdopLJB0WPMkLVLlNFTjpJKjzjNSB01sa1OJWWtw
9z/5VsouOCW1J2H0mGYkcFSOceOKTxVqWSc4wOfpQ90C9xivupnbbLEdggKJxhR70qgdP5GsXWpU
9lxtRUCHmzkCtOJXsibrJP3SvoozbS1LU0h1SQMLbGP51OVk0tD/AAgchtNhxsALz5FbzmliJz7d
sczZYUBaQz/6wc7a83ZsSBKzkg5B8gVzSdmkaWTvveSVMMq85ymiizxnLjFQhIxhP86hbKksDzb7
WwpgtpQlCiOST3rnftJx5MEEtpATzwa1UrM2qYFzbCpoOOoCspPZPauUG1zS0X1NqTjyamrLuhUh
IWgNLThQ5I96GtedP4M/bcg3jaCCKqLpiavRVXrz0Yji3T5wtvrMnKxxnFfOf4oOl1ms1ymLgQVp
cnJ3Jbb988ir5dJI04nYJaJ0PqDQ+i/9phHUtp0BKopBGT2H61PXw4RDqybb0vWxbE6OQENqyOMj
j/r2rGXG40auV20fQXpZfpbFoj6fub4TIaSBtJ5FTHpOzNWphK1FLiVDcDmml22vKOd0x8FqEiP+
NQBg5y2abndOx5UVwhAC8nsKL8CSFNut7UWCGARuBpyg291+al8YwMceBUOng0iONylJ9dMcpyU/
yrtEWqUttkHdjnvU7KwhTMe9RzbjaEcAGuURyGJW90ZJ857UXQHV6U6XFBhwAH3rDTLxnDKtxHkj
jFFFWOFymNsQ0NxUkE8rVSaHFElwzn31YHATVEt4FsW3NvOBzsB2HvXT9mqceL7iQhCf4SMUyJCC
6MRXFBMfAGcfSmG8QY0ZhTb5/ef8HaqTVA7QF3JxIfKPTIPt70O3CYhiQVyXSsk8JFZvJY52Nj9p
JDn4hLbae6R3NOEqa1EYLK2TtJ/N5pL3G8A9eHI0txZBWEgcgf8AlQHqa3NlanGztJ8L8iqQkD5Z
bbdACx8vcJ4pzi3J4sBEEJUB3GPNQ/2aNWjs0mbMdylQSseE+ab9Syn0tFD8EqIHKlCrjgzatDBD
hTZLZXb3wTn8o71tetr1sVAuUACQOyjnJrSGPUjOWqIG669E7hruA81DX8wH+7WSFfoaoP8AEJpT
q10+vJtZYX6UdRKXFkpUPb5u2eK25OLvhcS+GSTphr8LPx4au0S63p/WU1a2WSEn1T8w59xxV9Oj
/XrTHVSC3Is1zbXuAy2Vdq8mDlwy7Ho3lFbRJa4bi4oaLQKVe1Nr1jiNpLjq8Z8KGP6V2pKsmN+E
MV5aDCg7HVgDjAGf1pllIek5eQ2CR55GaJZyik8G1ruHpyQ28kpOeTRjbblESxl1zkdznvWV08lt
YpDPc5/4eQXGVYAPajnptcWbgpIIx74805PNozrGSR7hpaLOgglpB4/iGc0HXrpfp66JLU2LHyeO
RXXHlUUrMOx7QA6y+F/TVyiL9CEyc+AntVeer3wFxr76zsWKST+UhGK2bjyqomkZuDyVm6lf2duq
ojy5MNIAScYUDmoH1z8NGr9GurRLiurI4+VBwa4+TpXHLOuHLGapAO90/wBWlW2LYZS93fCDxS+H
0Y15OSSuwutEYxuQcmuWm3SNDjJ6U6ubVj9mO7gOwST/AJVs50svqWCp2E62vgnIP8qpwYWqyI1a
FvbZWtyA6EDjeocU2SoD0MhhxBBCvOeBSqh2J3UrS4QpAx3GO1cuWsrCsFXBzSsLMJKUFXzZPfn/
ACrIVhHyYOTnCqNhZ75gFOIGUk5z5P8ASvJKV/uUqyQfbzSasZx/Ms7e/uD9a1JUpzcn5fbJ5qiT
IShxvKnD+teSW0rKEblecZ4+9J5DFGMncFKAyAVcc8GuhwV5Qj7YPmk0CdmFOBKNyMgjj71n0sjL
hBJHfzQ1QzmpeUYAyexxwK8SAPmHJPGM800hHlAJADWV+4rLa9hygAA+TQ8oBrIKkqATn6Dsa27k
HIx4xVaBYMJATklPJPcdjWQcgqJA57GmCPY5yANvuazlKhs+vekHwjAHy7ec/U9qzncolWCfAFDB
/BsHDjcn79u9ZSUlPy4ycHPtmgWEbIA/L2I9z25r2flTgDPt4oDyboQoEFI2n3FaKKkEDIIB7jzQ
PaNkYUcKxzxWR2zuAB5z35FAme3bSMrVt7cVs2r5ilLmfBNIZ0TgqAznI7pru0WlEAq5z3FAmKYz
iwsfNweT9KeLcW2gFEgZPmmtiYreuiwUxmJHPggnFPum9PzZ6xJelJWM5781S9TJbpEgaa0Qtxz1
0pO4cH7VNvSTTb7KmkIA8ckd617XEzbTVotX0es5jIQvZzxx4qx+gLiIraEjnjk5rROjmnnZJtmv
LS0AB3z70vduSNpIUCfoaltUKPpGO73VKEFZcOce9CF9ux+bK8j3zWMsm8XRE3VbqE3Z4a0JkgkA
k4Paq/F2dq++uXCYvc0FfKk5qYx7plt+kdWrW7Kloix0ZwcbU1K+h7FKs9sSuQjjHbFdGXkywjrc
X3Zs0Ao+UeORQz1E1dadI25bz7haUEnkGs26VsdXoAOmd8tPVS+qZc/E7t2EugkYq2fRbprMsUEb
JJkoxnYrk4ro4Uu3uox5m06Jr0e4LegIMMN7hkKSe/6U7q1E1aZyH2WVK9XhSDWU27CKQvbujkx7
/gSdyT7Zp9gpU8+kM43KTgg9jWd+5RzuEF6M58vHk480/wBhSY1sE3cQpo8pz3FJYG9C2x3B56b6
CHDgncT7CnpK48hr8I38xWecnxVp0RsRSbPGck/hWyM5wU5pNdrSW2VRUJwB2IqrsTwMjcRMWSnc
3uKhjJ8UinpU685AlkFCxjaaNMayR31M0dbEackR2yAFg7gqqZ9V/hLf1jqNMptDCooOUKWPf/zr
ohU8Ci+zYruXwjWJHT3/AGflRUJloUFjPY0VdPPh3t2l7W3eXrY23KIThSBg5961lT17EWyQl6Hn
Nr/2ijBSVjakg1MOi4Libe0JLygsNggEk5Ncs0rtlp2qCe1TkOxFRFNFBSOVKpMzhMs5X+581k2V
piptMORcg3EZKm/NOBbdgYbZ4Ch2NTspbNfSeUyXUn5j/OlNscbhNBwtZWPNDGn7mSp64PKc/D/K
eAaUMWxMUtpfYO5X9aM0Vg6zLYpyQ2iGn5+6j7V2bS44r0EsElPBcB5NVnYsC+UwhDSAhsKyORTY
FuKdUUslIJxQ7oSyx1YhyoiG5khffske1dLhKS62hLSgd3cmiiUxHJiQ1xDwoEcbxQrd4z8dS1uk
gu/lJHYVe0LFgterSt5PpMj5u+4dzTI9ZH/QcUIgKk8F1R7VNGiYPuz37K5sjOElXc+BSqLfxOc2
S5GMdzms2qY9rJteHmCkepKQ2k+Ed1UJ6ohRVgFyRlKu27zV2gQLz1Nw2lNeipI8OnJputV4k26Y
pCE5Q4eTUSLWQhhS4zQE1MtXfO1Pilz/AOz71HK1lR/4kntTTpkNWB1wtIsskyoExWQchNdkLVqh
pKH1pS8jsSa1VJ/syabVsB+ot/e0vudcYUdo5KOaot8bvXOMlS4j1mUtas4dSMKx/n+tbSlKF0HH
DuaKQakvzNzvRmxFLaX7t5Sf5VMPwm/ErqfpNrCPIfuTsiCVgONgklP1H+leZyxc0/c7kfX74cev
uiequkI77EptZcQPzd80Tapsf41KlRRkDkFOa34OVcvGrOWUXGTAaVDU68qK4vYoe57U1S0u2l5S
XRuB+tOq0aIbbhcUhYLecZ8eK7W+8vnCFLPPvUyyNaHE3FkJO8fyHFP3Tu9GFekFlZ2kjtmlKVqi
O12WT016N1sgWUZynnbQ5qm0JQ9+6yj61qpJwyRFNSwIIzJabIdSD7nOaTzWrXn95GQc+CKmHI4L
BpPj7ga1HpDTdyBU7CbKT3FRxqv4ZdHamUp4W1nn3AP+VdkedSVSMOxwdoYGvg50Qyk77YwDjulP
+dN1y+GXQ8FC2FW1rHlOOKv/ACoon7k2A+puhejIrykqtLCE5yPlGP50LX/oh0/ciL2RGMecgcVN
8bwN8nIlbIR6tdPNK2tD3oBrPIyg8n7Cqy9RrbGiylBlIHn5xg965ebtuonZxSco2wHnMSCra0w5
jP5sHnNI1oUgneCCBzg9jXM15NTRZKiEp49+e9bpQg5IWnAGcmgqrPKcUQClZAHdIyK5OKBOfPc+
9CBs2bVuUTn9Ae9cyVAqDiAD5GaS2IyjHp4Ce3JwCM1jvn1FZBGAVeD3pjNtuEpSEnB4AHc/WsBs
ITvUScdgKFrAUe9PPIGB3+1bpPyqW2cHHceaNi8mnzuD0dxH0TzmsKXkBLoOeBgHGPrSofg1QdyQ
AAcnk54rqn5+NwKe4HcD7VQkNCBvG0rGR9/5Vt3GSrvzjGcfSmJGEo4wB3GfbNeRtxyAeO/igo8A
kHBUPtXlJBTtBx9jRQV4MnCiMHjyR4rydoVzyScAk0CfuZ5SAnHFZTtSAEpzngCgFrBsCBwSRn9a
yhfypzj3xQxNmMYVlOR9M1seU5Kjzz84pAmZB3DgcjjmvDB7d+2c0AzbcN3KsCskhI/PnAyOM5/W
gDfCUpHPB7Y4z712jpSogYOFHGfNAmOltgD5VHuPI8D604mKqM2lYb2A9gScmqSwD2bWi3iS+VqK
uVZwe9SPpmbGtqNymQUjAJV70J0S1gkLSesLetxpO1pODwBxnmpy6VXa3vON7Xkf6ite/u2ZOCVI
sf00uLK0NhBGAAc5qZNMT2G2gfW/UmrTsxmkFEHVjMUYTJA/WniFq2NIAT+Kz+tZykrolJ1ZvKuM
aSghI3e/NB2uZ6IVvce34wO1KSvJcWkysPU/VEi+35VtaV8pOD/5UmhQ0W2ClLWNyuyeaOHEWy+R
6QSaAhH8aJchO45zuPIqTFzXX4gaZwlIH5hVZaoMMBerPVez9L7A9dJrqCtAJ5qsenOp15+J/Wjk
K2yZLEVpZT8rZKV/rWaTnyLj8D0nItX0A6JWrSvpPyku+oMZUkEA1a7QMO2wWmgpxSAtPCldq75y
SVUckrbsIn4keGkuOXILSTlCx2+1cUz13OP6fyeo0fzD+Ie9cjaukaJOjrb9Sot1yaiB4KU4Nu1R
70ZWe4qlYcYUAtA5Sk8is1kqhbOdnLB9T+7nvS+1SpBsK23FY9RXHPcUqK8D3b1x41sVMdUULPyY
Hc0vsUZtKzM9ZWccA9q1XyZNHWKC3cPxS1HbnkinaYxGZtSpDqty3TgJVTvtyJq2Dt0syo76HFHI
7023e1qStL6h5zzQ6uitgjrO0sOqMedHCmXvPtUf6m0XFZtb9qiMAtn5kqxkj9a145VgiS8sa730
+nIs8WR+G9XBwooPjNPFs0zb7kzFgqKkbVY5H17Vc3Qo5Ca5aLQp1FtjxxsTyr60vajRrW/HZUnj
t9qzk9spHSZ6kp5xFrGUdjs8U52ezIXb/UkI+btg1HyP4F0e2s2z1J6VAbRnbSiDa5F7UJgRlI8V
OGylqzZMH8PJVGdSc9+awbWte4etgZqdui0OsaK3Z4iC62FFXIxWq5frzA64jkflAo0CoxAbTImq
AK957jNc5Mp2C64iK2M9s0/AsWZivPss+pMc/P8A0roGmnxlp4DZ82KE6wNryLo0116P6albnMfL
7JFYDCW0ZKcn+6aaJaRolt6TP9RbQSy2MlP96ud+ssK4wzNeISV/kTn8opp1slx9gafs0N13Ocek
MZx3oK1HDfbDkpHyoyfkxnNDyUgKusxllJ/FJACjgjHJpobKG5wKGT2yE57VL9g+TpPcdkrSgITu
8H2pBdIMBxPoybmS6eyAeAaK7djy0M1wiv26MW3Ch0KHCSntTDcY9z9EOsx2kpHHy0V4Ra+TSy3E
mYGkkZz8zavb3osfaatzSZcVYa3jOwHg1MfYcvcZ7pbm72lWVhtXueM0xq0/c4clIEnbtOA4g960
S7kZN0cNUWYvxlJvNsEhBTgOJTnFUw+Mv4YZWu7NMn6UjJ/EthSksqP5v59q6+NtrsZMX2Pu8Hza
1tpG9aUuz9uvEJyNJjqKFNuApNNVrvE22XBD8J8oWlQIT4P0NefywcZOLO2LTVouv8BXxKzbdeI9
luaTHUcAKQo4VX066d61j6ntDTqnd5KQax4m1Noz5F5FGptLRnVftBo7Vd+BQne7PHmsKCiN45zn
BNdjrZmvkF3rV6GU4J2+VVwafbbUGikpI8Vm8I0iOaXos2MUqdKeOw96VaWcVEuiCVbhu4V2NS6c
SdMs50kujci1ISFc45px1PFjP7gle1Z5we1EH6ckr8gKnNPwn8YIGf50km5eBKXBn7YzUeTpoGbt
+NjBQx+uaGf9r5FufU3IVhP3zQsESjaoUDWzL6TsdP60N6ovocQpYfB+o4rojIwcERXru+QvSUXJ
WSnPmoa1rrKYmI4mNJWlJ/unGftTdaCmQ9qrUj14K0PyfTbGSTnn9TUTaqtTNylKLDICRz6hHf7V
DSSo3i14GmVpiOzFV66kpyM/KM4/WgLUUVLUtSY4I5II7is2qNExnfSkPfvMZPcp8VlKUlRVuyME
fQGs3oo8goJGXQAc8DzWhCsDHGeCCTT8jZqFcqUsgj2HFe2IDg2pAT3OfIp1mxHRlO/chScd8kHm
sFpKsIKAAPFRdMayaH01E53bsnnNbpQN4QXOPc5+aqyB0KlpSkKTkAkn7Vx3thJKe/hXj+VJLAMw
obUn0hgf3vatACr5txPHvjmm6EeDyUkguAnHH1rmXFbSnGR79gKdUIRHglGTxjJ+tZHCgkcDvTG8
HgRySPrnNYwc7UpPPvQC9zCfyYGOfCfNbYKUhI5A5zQH7MFWBt4wT71lSClO7ByB2/50A9GRhGMf
bNeGAOCCP60AqNgspWUlXcdxXuOUhIwPOaBeTzeEAZGB457VlSUgJSrge+fFIPFmQcKCd3GfesgF
SilWCfv3pjZk7AACoDJzk1nG4792QecDNIR1bwragryB4A7U5QUBaidxIBHJ5FAmEdniqUgFLRHt
k9jmnY6delNIWs7we3BFXWKE9iy3ac/CkuLaSCodx2/wra4zPw7BzlO3wDSxoQgj61ftz29p75hg
AgnNSl0r65Jtb7f4mcR2+XP+FTdMKtFm+mPxH2hLaPUuKBgAgE96lu3/ABWafjxwRcmycf3u1UuZ
RwYOGTjI+La0reSGbj3PfPeiHTXxNW6UtIVcCnJxkmsu+2V24JL0z1shTGAfxqVZ+tD/AFX6sR3o
K2mH84B4SatywSooirTVqdu9xXdZYOVnIJoklQrc1gSFZV/QVuqhHIO28D5o+2odWFMkbQe2aftV
XpvT1qXKcd2BKSSr/Sj+mweMFAfiz6va66o63/2A0cXnGy4PU9IE8e32q0nwL9BJ1j0dHl3bYh9a
clKUjOfvVdJB5m/JPK0o0i0Nqslz04yXmYynU+Unk1JWiLy2/BDabcFKxlSFGtJWnRjSaNdX3G5/
s9Jsg99zKj2qLNQ/EYjp683HvbqoygrCtx8e/wBq5Z49SN4JNUIpnxC6cuM226gavxaRHeBUsHhX
3qXeinWrT171RMREmLcMjBAVnb+lQpFdlE7W9gvtNt7Sr1hySeRXvVYj7YQXgMmraMtjw7d2HYiG
WGQUJ5NOWnpKi07IVhTaU8BRzimmS0OdtZ/Fs4aOQDupW4zMuTrUV8JSlvkir2heTS6Wpch3cDwD
gCktzsSnLQXCvJBxg8UimkDt90ww/EQHAVbSOCaY52mYhC4ymNo7Aq81pF0Q02NEvS1yixE+l8za
FEbT9a2t2jXlLztBKDvBB7UxYQ7GDJDgfKeUp7UnhWGRdAudIbJLZ/L7VOLH4oVW1qKwH2EMhK1E
hR80rtnqSpK2GxlDYHI80nkEqY4M29MlpSZKc5PBp3sLv4JgRSyEhJ71LLXyayoTdwuJUhJ+bynx
Sae2zFT+AjNblnkq9qXyV8HEJmvqS0M88AKpU5b0QiHU4z5B96aQ2Jx6rSS4wFess5wPFco8VK3l
Ke+fH5seTSV2M6yLYp5n1nHPkPZOe1c2t8VssowSs96Pgmxzgw0MRVBSyVqNdm4qkx/xC0E+MA8k
1S9iTaNHBjOOuuK44Ce5zTVdi484hJJCcYIT7U6wDeRt1E2DDSxFTjP93v8ArQpf4anIiYgwEgc/
Wn4GgFudh9KWZcphSiD8iT2oelrFokLuEhhZUe2OBQ42xJoZp92fuDpdS0pB/vpV2puQv9nT/wBo
z44kND/1WefvUuPuUnSpGt5vZnsl9EQIDn5Anx7Ck0uGGYO59zapY5bX4o3sq0sg8/ZHErNwUkgH
stKqU2zVkQO/si7yPlzhKjUyxkex7lsLfbSmIkKbHIcQc0lukBZggoUrejvjzVRy7JksCnSM+Ath
UO6bVJPHzdxQh1y6XsXC2uS7G8lK1AlJT9q6OCW4MxkqfcfLL47ugOsot5d1U/ZQtpKj6haTgn9K
rUjSWmH2E3FiXgpPzsr8f5ip6rjcZd0/J08Mo9tR8BL0+v40hqWLO0xLDjaVhRbJ+Yc19RPg962t
6h07FanpUhwJA+bt/wAq4JfmpLRpLVFpWPQv1k3Rn9qynPFA1ytkqFIdaeAUknOfNdKXcrMFugRv
Lr0RSwtJWn+6oc0zNPqVJBDSiM55NQ3So1S8sc1IT6XqNqAPfKe9LtO3aMJiEvnnPepeBVZP3Si8
BMdKmXAR5SDRxcnEz2R8oUe+3zSi/YEs2D01sKywsH6JXTDNiONPFOzj2FJm6Gi7R2nGiFtq49qC
7tZYMx1QwAc+aaZMtDY9pxmGkqQ6ACM9zQnqaRGSFMPSAMDGTxmtsRyc1tkIdW35cVDqofKcEk5w
KhLVGogmIpRe+ZIJ79jRJU7Kiu5URLqjUKpy1KKyOSdqVYB+pNDcK5rmPq9d35ecIAwF1m5Xo3So
xqmY87F9WOlAVs27ff6YqOpVpnLlKeeTkK/hBPFElY1gTSrY06fTHBGOKRv2eRGJITlJ4KgeDz3q
GvBUfk4ONhkqLiTt3Z4Fc8B0BZcUognjmkUzy0L/ADe3PAwRXo4AWfVUc4yMnijawBlpJUlS0nnH
5v8AOtkowvKlJxjgkn5qVgtmoQNg+ZO4/wAWO1dEMkH5lYOPzAf0zR4AwsraSrc2Dn+taqbUpeUl
AxyB2p2BotbCW9+3GOMDsa5LeUAEhZOeSDTEcy6hKiQ2MHyOwrnuSRwdvuKMhsTghYACT75zWyfz
EcD396YMwCNvnH8+KwU4WU4+vfk/rQCMgEgJA5B5Brx74IB78UDujOMNjjtwKxtJSEkd+eDQJ5Mn
H3OOe/FeC8HaUffnOKBI9kbcglPHf3rKtvYHt2x5oC0Z+X82eO3tWCgKcCAST4B/woH4ybH5SRkj
yecVnG75u+OCe9APBsoBKfy8+w7175RkpGBjxSJF9uiKlHBVjn8vfNFFn0o+tsLIUQfPP+FUvkTy
EtrsrUcjgKPHFHGldMOy0IxFJB5BPmmnmhMdrpo0ojFaYxCEcnI71HurbQ0044jJAP8ACT2NOSrA
IEJtpSl35RnPI5JrtbLdLi/vdxAz2HNS0MIbXc72ztKJDqSDxg4NPDGqNUNtbFXJ1tP/AAk5NQ4p
7A7xNcXaG+krffUoeSs0a6M6wXZt9KnH18HtuPFLtxgSrZO+g+sNzLCAFKyfGSak/SjNx1WpL0xw
lKuSDV8fHcrZnOVIkGBb4UFkRmsZT/FSWXb2VyCUr3H/AIfFbtpmYZ6Ksa2Y3qoAHGQB4qCPjY6y
OaNsTtrYurbTjvyJH8RJ9veo5XUMMcacqIF+Gzp1cJt6d1VLva3pche5STghOfc9h9qvx8P1r1I3
b22n3dqMcYTit4caUF2sz5JZeCe9GWV9qQGpTwcQ4OQvmnW86XesUv1bNLLaXfbnBqWlozWCHfiB
6r3fQBSmW1Ja2DPrtcA/eqp9dtXal1E+1qFElE6O8pPqNlzK0DODxWEotNo6IK4pjFp+7XCal7Ss
pxyOyXEuM8dh7VbT4TG7hG1xDsKyPScb9T1FnnjxV9qG2XntrptsRqW/JClI5A7YFM2rNZWh0oZj
PgSFEk4qZunSM4ryznYZk6fl5l792gcg8CjTTQWiOYYWQV8qWTxSBsMdMW8wGTuJcLhpymITGBwM
EDkZq3hEI3itLfaSrYBgd61lW5t5lxtYxnkAng0rxYP2Bu/2mTKYSWDtUk8pFNV0tjrUVX4xfKcH
iqSWxCWa8PwrTbacoV+biuLbUISFenkpWO/kUxNCiTad6kKYWUpUMc+a1YYdghbEbKlf0p70I5N6
WkTVKnZ2qJycU6wNMptkVza6NzgyDRSWx7FFpiNsMqMtzOOcVzBlKlFTbR2KHaoZcaF0WUEuBppG
wJGSr3NJ4kUuPuSZC0jn+dTkpCxTLKnENJawRyVVs8xHVy4PlAxwe9VYaE7B9JTi22QQMpGec1iJ
ZnFtqcScZ7jFCyHg4zrLKO0JUUlRxSm62VUaI0plkKIxk/Wmok2LV2slcdAR8pTk4NeugMFhpKU4
3HsKK8gctzgircLY4JJUBWXrRDmW/wBVpvCzwMnmhsVWN9xszlrjH1IajgY3nyaE7jbQuf8AO38j
QyQeKrSD5BW/6dl3CWtSUqbSPmBx/DQ/I0gi8+ossH02hk+oO5FXFZJeFYCX/SYCl/hArcnknOAT
QldGnWHPQZdLqk5BSk96UlehpsSmHcoUQqMYspJ7rOc0qfuf4SG0xcXkE44+bJAqWu0q1IbjNiyU
luI+XUqOCntik9w0LYX21SFzCl4j8jmRilGnvRbwM9k1ZddFXFTL73qMf8fPFEzWohdyJzW0tr/M
BWbuD7UUleWbJsqkyxcoaypCuVIzT1AYtV1Z/CTUKQT4NbRpVIxk21RB3xlfDoxqvRE39jMha1IJ
CQO5r4zdful+qem2r5MS5W11pAcOFgYBGa6upj9ziUl4K6ZpNoEdNypDNyakNlRSFDcE8/1r6J/B
LdLhFs8C4tThKiv4BBVy39K8pq3g6Z6L/wCi3WVWdp9lwbVJ75/LXPUttRLaU8y4d2CRz3reNUYg
FOS4hSo0lHemdCY8WSUhs7falTWDR0zZ15qQspSkY9hSaVFSy8l5te05qW7WRJZJc6J34gpZdWcY
7nxU3WtQeQnfhQUOyqygN0meuFpYX82Mg+D3FMt6t7DTeAnuMZPcVbqxxbSB1+K06ktFWPvxihTU
el3i8THc4Pg+aqKTQpOmDF7sk8MqR6+OMdyKhnq6blbgtaVKAT/EM1ouOyLK7dTNbXFtpbDodIyR
nPeoJ1Lrdxyc5H9LZ82cuHmoafk1ikkDE5LcxaltyE7gclJ5z+lNlw/7F+9Svvzn/LFQ8mmhmk3C
RJkF1a927+H2+1cyoz8NbSnI/wCuKqsYJ8iJ2xo9X1SpeQc/b2pHcFuhBbUMHsSTzSryUtjO9GeU
4kNHlRzjGDXJ2M62pKlpCUg5+bsealqytnNSSVqUkncVdvCv+dYaS0lRKP4+O/NS8BrZlIKRgI5P
uP8AGshAUs7lbduM/N5oGjwAKsADIJ3Ae1ZKdpI9QZ91UaCj3qDv7nvmuTrwQk/JweDg06WgODji
Qkt43ADt5PP9a5qUpGPn5HPHY0xYOKwogH+eT4rmojuFdv60wxowFJPzE9/J81klKM7aQjCchOfH
v7VjBIODjjgHyKYLeD23jhPyjnAPb9ayM43I5z5x3oG/YySANufqea8M7N27H6ZoB4Ns4G1tWMdu
awlAJGw4GPNAYMgKVnb/ABcZrCNnA5z/ADGaBUZSkYKs81gpCcHJ54+1AXZnARgK5wazypZGf0FA
fs3SPmKs7sHkHxSq32x2W5tQnkjwM/pSDwHOj9ITXQHhH+n5e1SJp/SEhxsNuMqwB8pR3/WtYrBn
eQy0r0odubqUIgLKT3UU/wBaljTfSaNaIqVupA+UZyK0iu3LIm/AK9V22LXHUw26NvOMeagnUsxD
kktqAJz7HGKxk/VaKjqhviWmTPcCvR2k8fKDzT/btBvkguBRz4A4pV7lseLf05nPlKWmyRgDn2og
h9KJCmx/2dR/7vPNGhM4XXpBNaHrKjFOPPn/AApiZ07ItMoHGASORQ8CaJx6FWp+4LbU4oHGPrmr
M6QtQt8NCW0gK75HNbx1aMZJJpBMYCWmFOuq7c480jt8KXcriNiVFIOfpSSyLFD1rHWX+wWl3JMq
R6YCD9K+bvxH9YYWsuprlwkzlXBSV+mzGSrIznuB/nWPI13JGnGi1f8AZ9aJut6is3TVloSyyTuS
3jAx/wBea+hOiYemjbUwINrQ2kD84HJrtc5QgonLNd07Cyy2iPZ1NvqlpW0pXKVdxT9f9OWf003l
u5oDZT+TdxWScVhhl5RCPxeaVhXvpXJuuxMhhKClTrYyoD6f9ea+UvUxvqxpOTP/ANl5MubFEj0g
4sfKE/8AQxUc0e/RvwYRIPUL/bOQ50+m6daVHlXEpEhzJIBTg81dr4VrRfJfX23PyLsHW27ducaT
wnfmpjG5XfsVLC/3LsapkPwNMKkLfQrekJ2juBQRB2XKSnaxhOfkJ7q+tNrJjdq0F1i2291xCzuI
xhIGBRpp5O54PPsqSDyB4pMLRJNmKZiW2AkIQ2nP3NcrlbHpDnrLJwTgAUyVsX263r2JYCxurF0i
LbmIY75HYUqVDq2Mt0t06Mj5UE71fyppdt8iQl5iWnhQ43VSVCdDci2enMVHextTn5TSV+0OR1Ik
xVYOeQPNU/YkX25KpEQNrUflPf2reC0zDklS07ionJx2pXgKQ4JBUPwkVIUkjJUB2riY89Kx67YL
aT3o2g0xfFs65rGW2RtWePeutxtDtrZS42ASobdppeLHppCZEPbtQcZPet3LKGSlzg/xYqTRiZIe
XNMlQUW0jke9dGAqU4pGwJSs8JNGgHP9lMxmA7ISNp7Yrsi0uNNpdbVhPciqa8AZfRFM0POY2JTj
gVpKQHWHCwQNo4B807yTtm0Jtf4ZoFv5t3KceKSXi0PyZX75Zwk7gnziksibo7Ih+hbURd6QVner
cPFYQ3E/DocW4EobPP1oG/dDTfbg++l+MXwSTlP0FDymorLy0XB1CirsCf50Y2L9DVcojrznqNAJ
bc+VsE+KYdRxJC0ORYqiglPzlv8ALVB4AHUtiZbY/CNO4WsfmJ4z75oEMWNZEvRm0h93OQ6f8qq0
hLyMGopcdMJ0yYMhZzylWQkfUGhwXGNJilmI3veHCnUL/wB2P1pNNU2V4HTT9qYgxxcHHw7n5trf
Jp0vc1u7W9MpFrV+74yBjd96N4QvkHbvp1rUNtVJEfaG89x2oetF6b07M/DJ/wB2eCPFRJem2aRd
4DGx6uZfc9JATuzkEeaf25UhCky22QR3IPBpRk3hBKK8nS8CNerUtrGQR8yO+P0qmvxjfB1Y+otr
kzFW0KJB2qSPmSfpXfwS7l2sx/CR82epfw/z+mt9eNtlHLC8FhzPI9vpVsP7OLWekNQ29Wj7qsRZ
iT+VRwlz/nXm9QlxTT8WdluUMF/NJQ7hZYSY6ZJW2kcEnP6U8QpCXnlx5KuF9s1TXbkz/IYNbWRc
ZRebGU98UFzQ26c4KSPanLA0xMtoJV66VHj+75ppu8p1tSHEqOP15qfA8XgkfofdkvyEIWvnOKsj
YE4hoLg3JI4PbFYxdhL2HR9bPpZSvOPBppu6YkqOoLWFEe3erwK2B9zW0ycZSfoe9NEq7MgbXR2q
bobXuC2qby0ULCNmPFQd1ft7k9LhwsZBOQTg1pCbboKSVlWOtumrklC1RHVp2845O7+lV5unqouL
jcpnBzg58/rVSVI0i00cJciNb2j6DTaT5VnOKDtR36U88UoewORtHcj/ACqH7Isa7dfMOFsJ2pRk
E+ae7NcGETEIccSSe2R5ovAh/kadYucRUph3CiOdp5oQucD8O+sOkfLgU37lfA0OKabc3Nk4z+ZX
FJrhKZdR6TDYyMHOTipkvILYkeaJBf8A5jmsbEIRhX5hztHjis1uisG6CS2Usfw9gOaylsJbOUBW
Mdv8aKA0PABUrKskgZ7Vop8vEBKfmPOexqq9gZzKyE7VqwU9knzSYuNgbcHKsZJPc0o50I0Uv5dw
OOOwPFclLVu4T28VYGi3Ujz24x2rmpaz8pWM0UkDo3CTtCvOfespOSVbjnJyaECTTMDGQM/yrxyk
ZSnORQFWYOMbT37dq2wdoWMHnO7/AAoBnlBB5AHPfPmsD8wO7g+/+tAG20djz9h2rO3PKR3oBGee
yu3Bz2rx2jP1PAz3pC0zJShIwB9+awUAcA7vPFME6MoCvfOOeTWAk9gfoVg80DwKYUT1XQ2lHc8b
ec1LvSLpg/elNSPwp5x8xSeKqEe6VGcn2pssLp3oq0xAQoQyjjB47/WnW29KkxJoccZSceM5H8q6
ZwXGYxn360SXo3RkdmOFoaShGOwpXqSHGgwlekFrUOAT2NZSlSsFnBAXVBi7XKapDaVhOe360Fx+
mLzzv4h5C1584rJJvZskkK3NJMWwBxQKPcjuKetLMR5j/oOKTtB9/wClN4eR2ShpLSNqkrQhCUqK
jnA8VIVs6fWsNJcDIOeduB/hSeSLOGotAwZKClEcbu33qMNV9LWpU7YxHKQCOx/rQtZBunZJfRnp
7+AaR6TQP1FTfZbaqAykv4wPrW6/EyksnS5TUSXRFSsfXHina0z7Vp6D+IlKSnjJUo4ApJ9tsiT8
FZ/jk68Qb9ZXNGaRugXNkgtpba71Evwi/AVrXU+pmdSan07Ill5YXvcQT9e/ijg41zcjmka32Qyf
VLoj8OFs0LpRn14XprQkfu8dqPLHedOMTf2UiYy2433QvitueaTo5I2zvd9UJgl2QyyhfpJPG7IN
RfYuujGqb/K03GueUpc//FVHGOeR/wAq5n+SN0sMUdc9X2S3dHrpFs8/1PTRl6KsnKePH/XtVBtS
3FjWNuuOlLdKTFffAkNl7hSiOSB/14onJN0tF8eI52dujVp1Ldb6TOfVJg2FYU26sg7MjkCr/fB3
oli4zn9fM/M8pvY2M8Yx3q+KKVIXM6TD3rjrq92q5WvT8aWr96SpQQeD9KarZ1wtrGqYNtuTgZbQ
yQVeM1EvS3RnFdyRKWiNd6Ok3gNTroSlzaUEnhZqTIOpIT80CECWQng44FHdeBV7hhpy8l+NloZK
fI80QM3BK1pbWoZQM49zSyDrQstzrMi4HkBSRzjxTkIceU8JBWdw4FCYU2hFOt63S6hQ3HOUn2pi
ctW5hf4kfvEKzgVaYu0QyrUhTipKkfrSJqC6+fRQzhI7k0bE40etKYMeQpPpg5OMmsz4SXJCg0Uo
+570rvA1HI6aetyGUYVjChz9acrpb47SB+HQMrTgj2oTxQNZOdoS3GIKwpKUg8+Kw0kXGaXJKgpt
sHANBSQ3Ots/ifkG0INdYcV65lbhJ2p7UlllM3RCTJX6LTZCW+/tWkG0palNynTu+b8tPFCQ+SY7
U5pP7oBAVu+XmvH0S+W/QwF8Hnii7QvJylWgtSSWlpKFDJTXZtph2A4FRwnI4IovOCfkb7c6WZYS
6oBCxtyruK7T3A66VNOJXg7SB3x70aCWRuuzUluQVKdyhQGABTTd7kwHUQm0ncn5yPCsUngpaoQP
xWR6khx8bVpG4k9s0w3BqC/M2KcKkIRwB9/NO0PzZ2uio1ttaHpj6QVK2tozyaELhcYzbCw0/gcj
jvn2ppqiKBibZp9wYLElP7wq4X2CRQlqKzxYKFlpzhKvmKRys+w+laJ+4mA+udY2+ywCxdIrS1k8
MoPYfU1EGsOq8pqX/wDUvpouQ8fvFMDBB9+3Iofe1SKUYp5EugussfR98Qm7v7RK7Qn17VH7DzUz
Wm82bXVpNw09N9BYPzsOHGDWUZ9kux+RyjatCh6fa7NBUyt5PqqGFtHkKqNdZwLQXlp/BqSlfIU2
e1atqqQRs66IiwUbQuSoKSflVmpQtM2LJZSw80AtHn3rCLS0aSzs3lwhEcL0VCihQ/lQpqqCmS2t
l6KFoXwRjgfpXTCTWjFpN2U8+K34NrT1GEi42oGLKAJC2iQT/r9qrp0U6W6r6Wa1/Zd7iONusObW
prY4UM+TVdTxx5I/cX9y+KbXpL69Jdaajl2tEO5p9QJAAV71IFvlLS4Hl9h3Cq40mlRpi7R21Hdo
0yCUekMpGSf+dAMyNEkPKW3kH+lV3e4VV0NjwbBLJcwc9/am64RHEIJUsLSTwRSeRvGh+6Xz0Q7w
0W3cEHn61aXTV4QuwJd3gqSnPesVSkwnpDFe9flpxTAWaZzrGSfnS6SPqeRUOTuhqPkRXO6InIKk
KJ98HvTDIedJxvP8+9N5GsDdcYaJCCXx+tA+vLdGXb3MLBVjxVQwMrH1Yt014Oqgj1PoOaq31UhS
mZDiV21QWD4rb1PIRpkV3O4y47qg+2ptKSfmyeR4ppvN1YfypCl8ntt4FQaCCF+GcdC8rJVz37Ut
jTGQ4EqczjjBpAOrGrZtsASwCNx7JJBP3rrFUq8tLLjZyTn5j2+lHkaEU+zFIU2FDb2NNb9rbjZU
U8e+e9VWRPBwlsMpB9IKPbuaTnOVOlIwOMe9T8lbMhwMp9QjnPfPeua3QMDkg8gZ8f8ARqat2M5O
LSj8pyMcn9K5OPJQANitw8q4oEc3XVD5VgD68/41wK+DgjnjntVRVAcluEZwcHz7VopSSCrce3im
PBoo99ycDvjNagFawQok48eP9KBPYoUDwncRjjisAKG3H8Jz3oFZ4JxlRB+3tWAlRBCRnH170FGA
tSElJOPrWxKWgPk7HvQKjxCU5Xt49hzivEEDaT389hQHwbbkFIx8v3rKUKUQP04oFnyeUnILYc59
s1napajxx9D2oH+zI+bn3+teKUlJBTyOc0CT8GyiQlRKsYORg5rKG9ytoT9Md8UgvBJXRjpXctW3
JrZGUobvA4q4vSboa/aILbi4+0oGe3et+KP9TMuR4okOXaXYaBGS0oHHfPmkcXTjq5YLqCdx7Cpl
OyIxrBIOldJvrip/ckAjGPNOF86fqlRi2I/jsRTisZH+gCu3QyJKkqkuRicfSm66dKodqjLcbhpS
B5I57UqaRXcrIJ6xQZkRxSmElISeyePNCGl3riJgUjjB5Pt9K5lcpGlYJu6a34sMIR6eVqPKz3qY
dP3B1+OnfjkYrTLZm4jo5BjPNFbqwU47J8UO3O1RnpeUpSPt3xVpWqJk6Dnp1aWocVLqU85xiiS5
OzC1ltvHHit2mY2ryxlgxpiZplXHdtzkDxXDVmnrzruIu22J9wbvl+UcZ+9NQ76ixOVZQv6G/wBn
xpydeUak1jbw/JByHnU7lfzq4/Tzp1pvp5aw3a40f92AB8uMfrXS2uGPZHBjKTnsZOofxHwtCyyt
+F8iR+UAkH7YqvfxE/E/oW6xxqTTq1Qpye+zIKv5ivPlySdxlo3hxq04ke2z4p7lrXTf7FTqBxi4
/lbUD/vPoR3+9MXRBevpHXxNk1EtcMyRvS6ScL9zUxhdS/Vm2FaLDdTbDb7PbLxBu8tL65kVSchX
8QFUu6p25m8ps9vtzeyRDeLanWuFbfGf5VpJq3Ff8zZEE3kedN/t+zwEdPLREV6t6fCHFscqI7nn
3r6JfA/oK5QLe9Y5EtcdLDI+VZ57VpwceXKWieolS7UDHxJ6lsmnb5LuFxvamEWoOKLqz+bjxVTr
H14uWreqdqgrmpSzOWU+iVfMpG7v/hWPI03SHx6yWy002dYdYrRboV1W1bLI36rqG1Y3rx598VbB
mYmVb4Vtt7YK3BkhPtWmHdGeVRItgYZi2dhkKCfTxn605RHz+M3KXkq7YqJbFYQwoRjMl4/7xfmn
CyNSUOEqUNoBzg+anRaYp/CuPOqQt3aMZCqaLlHjkr/fkYOFZ81XgSu6OUy2sfggtC+Dxn3pkUxI
9YIQCnGQCPNKx0c3rGqIhJW1g5yfrS1q0sSnNjgKcpJzQCWLFttiBLbSEntx96c/wkdxbvquJ+Xw
e9CDQ3MNBQWgvAoTxjFbBUCEy4lpR3EZwad0GxjVFlPYUw2dxPOfanOGBHCWShSR2JHmigo3RapD
qlojPlO7kjPcUoXFZZSWUkgpTgE+TTpbDWBfDhPQ7cHGGd6cDdzxSe4FZkqAZPpkZ48UJCxZ3CGx
b25e3nkEnuKTuzm4cUJLW7caG6E0mM92nMmaUNp2gDIIHmkyrkhmMmYrIW+QgY8HPNJ5yP4OlzeD
UB1p1ZWhJCkq8/ah5yO5cHPxaF8gYzmkxr3G65OvMx3ApzchLmCD3NMt7LB9dMZ7aFgDKv8AWhOt
gMF7euL80QlrCksoCgoq5T+lNseM3KQVPSClROSf86pUtCZgWufqBkqbkrjw0KwpzHzL+1NeptL2
tAcLaFK47pq40hNEK9StJy1zfxlrtm5IGC4vmoe6n2fUOntMvXO0TmClQ5Ydbx+grp7W/gzUkQpL
N11raGxe75Z4i0OlCUTT8zZzxtJwRTtpfXfVvo2WpaNWWyXGQrapoSM+onPg5NcU4xkqcqaOiLUc
UWA6e64f6mW1AegIUtxO5KkryPtSrUWk7ohYW5uCR/CoHIquO5xE2osYbcJVmnhlxSXEKOAod01J
emZC5CEMOpOVD5XAahqpF2pKwhYW4xmNIWCMcZptvghpZUhTWD9a1i6Zm1aADVdriynfRSkfvOM+
CKALv0Fgzbmq5CMknOSMVqpd1on8chVpjTFs04wG0oCFY447GnSDt/GeirG1R4NYypKjRe6HB+2M
pjONFvnGRzmgO6xUpkr9NJQQSMA96l0lRSeRllwhKBbSv5j5HcUyTmLnbSpp1O5J8ioryUmrM6eu
SotwQv1DkHODVh+n+tESrAlpxzKgntWX4ysJA/qS7pM5Q5Bz70jXeSlGELJxxg1m36qKSwIf9sHo
rxQtBA8FXauh1VECPWW+P18UL2YSQxaj6oWaKyttycj9TjFR/qrqtp6W2tpM5CcjnmqtJ5FWCI9Y
3eBJWqQ0tt0H+JC8VEfUnRlpvzLsuOn50jsvv/KtoSp/DFVZK9a5tsW3S3Ykxg8ZAV4/50D322xw
yXIrwUj2Rz3+lN7o1QyRkrUv0y8QQftkfU0vZsj24LU8pXtn2NSshY6r0nIaZDzLmSk8oUT59q2t
y1MOKStRSc4UCe9DQ4j+m2sz429SUjIx83JpqvVjU2wkNICQf6VSBrIwvaZuCEmQyopQRyO9Iptu
XGCilRSeAcdjU0MQO5QstbDlHJ+v1rg+6paAgZynnmpRRydcz8igSPY+K5/iVEAlf8vNNKxUaFz7
+cJUcVyWslJCPHcA0xtYOanD+VR5z9a9lO35s8DjmgVKjA27sjwPfgV4HaNu7jsf/OgZ0UOM45Vx
9RXhgq+c8jnaaRL+DBVkHOceB+tZTjJGU/bwKY1gyCnbyrzjnuayrOcJPIxjigTvZrwr6+1ZBUpR
BVnI8UAZKV47AD3FZBCSBtBGB3POKA9jYgZyRyRk/StiAcKBI8c0DeTCTxkD6HFeVjcUJUT9RxkU
CVHQj94SU4Gfel+l7aq73dqJtJ3HGCRzSF4PoP8ABx0Sa/ZMZxUAHKR8wT7/AOFW4Y6WW2JbUpTD
5xwB4rtSrio5pS9YwzOl7TjysxT3z9acNN9HGitLj0Q4z7GsEslth5b+nMaDFCS1txSe56ajEk5G
0DsBRNpaFHI1y7JAZByxn64oL1zZ47kdTMZlOT3OMVDneCu32K/9R+lqbrJJcYwjfnJzQ1G6QsxF
FTTICUnjA71KVs0eh6tdgTbHEoaxn2B4HvR5pi4JajenvJOftS2yWPT90S2wXFqCQkds4yaQW1Dt
4nD0t2CefarVuXajNqlbJV0xa34cJBSjB/uqHNK7vFvYTiJHO5XA45Bropt0jnbW2NrES42FlV21
ON7ac7Wedx+m2lOnurvpOmdD04iFHaPK5GEk/wClNucfSvHkpKLzZpqz+0It/S+KqVcA0qK2Pncb
+YD+XJ/lTJav7YbpXcbY8y22tsEHDx3AZ+lcU+efdWzSPAmrI96h/FHprqXYntQW965S0qyUhtBV
ioOs3xQ2uLqZVruWmJE6C+raFPDBB8pIPNVFyVSijTt2mwz1XadI6qtreuekV+Va79bgl42yQohL
oHgj+mRTt0n+K5rU+sbNI1LDVDuMFz0Hgs9j5GfI471bebjrz8NCSbWdlhOqjJn3JjUkHUKnW3gF
rZS5uyMYPFQQ1e7N/wCmmRb7hEUq3hHDmDwsVTqMvT7iSclknDpbpWH/ALfaauESxeo5ImFacc/L
xV+tOttaWU7NhW9tp6Y0lv0wcEZ810xbUX/b/wAHPyK6KN/2wZk6d0VOatswpmqQklDavzgnmqGf
CT1duusOrkS33xDLTjKwETnTgNISRkCuPkS+5g3h/pl4uhGsLxr3rFcF2S77bchSY6ZDaiAvBysj
37V9JeiEQzoCbyZG9tkBptxz+PA5rSKVOSMZuqRJsFtE2OtK3vlP5QmnOzhDMhIfH0+1ISyFrIad
bcXFRv2DsaWMRjAt5JSQpznaan5GkcZUn8G4hDuCVJ7Cm115mS1IjvtnP5sihbLo4wFL/ZTre0q9
PJBNIIkWTMV+7yQk5OKkql5HH8GufH2uZK08dqUCzqLRLKvyJ5pk0c0R1xQ0nYVBPNdXmBKkIYDe
AoZJB5pDqzS6x41tYahJAK1HJweaQfgDLCvU4APB8mrdE1WTf0MgR4ySNxwT3xS9TCW0tsbUqwOV
e9NXsDmC825hpvCs4z70qNoeRHMl9XKudpHaklYNnRh2THhAOEem6rGDXJMpCHpLcr8q28tke9Fe
whrc1JGiepBnow04rHP8JpKt5t4KDqyFo/KCe496PORZSwN1wkOBsOOLAUj8tInHfxdpSsEbis5w
exFGtgmNj10kJhqtrzu/1DnJ7ge1aWw7Im31CFY/KD25rM0Ec5tyS4phfJLgUR7Chy9y/UmlMNX7
hAIO73qhOhvtkZq4R37tL4VnZwfFIGWoTt4ER53aE91IPce1NaoTuxzvzkiSyEwiE7shuM0fH/FT
UxCiIeKLit3e2NyzyUpFaE6I96oX6UUuIsZiqZZUo4KMlVVl6g6tsjLj72sZMqe2vJbi21J/dqHg
8dq2vCf/AGIUclZPiTvmhl6YRKuml5UKM58xJWUrbPvkDn9aqtO61aPuzzmnLTfvxDKFhKUuuqbf
QPcc4V/PNYc+UnKJ08aaVJlkfhm+I3WHTNiJBnTE3aAlYSmZCcO9KT4WnwR+o+1X50LdF9VdKNXq
2XneNgUGXB84FYcS7Z9qeGLk/G2gc1zZJVoImNt9lc4Pn60SaE1E48wxvbBUjyPFb8iqVoIrAclY
mOJfEfII5pDcv2c6oxpnHP5qPlhQxahsEARw9E5CfIJyKQQJCPWSiQ3n/iq+5LKIavBreLeluUlq
VGOxXZQFM7rJtlwShSgpBPBx2pzXcnZEXTSF7staUY84zQxf4ja9zy04V5FZKzZLIIT1PQJqVleU
HzitL3OjTmNxRzjkVDdPBdA/JjmK4l9peR7eRRvoTUjzMdKS5j35qJpbHsIHHDcHfVWrP1BpT+zU
ubVAJ5Hb3rB1dl6Qkv1laXHKsc48HtUb6vny7Ow4hnKuPJrRPBFFeusd/wBVq3KhsPJ55KFYqv8A
q/WnU63qdkNXB4pBwQc5A9qf2e95LTpA431k16Gw5JbWR5wo5pTbviImuBUK6JyPZ3gp+xpfbcKd
jdS0MuprlY9YBby3MHlQz4FRnf7WbNKXsJUyf4kHvWiygGJ90RZXrJAXnuPenFm+tfgwygBfGd3Z
SaLAeLJqt9uN+FfcSpBGAHBnFKZUZh5H4qGCkr8ZosaM2y7LbIivJOOFfKK9LnvTOFoIBP5le1F0
NqmOMP8ADrhqQqPjjuD3P60O3792pYSkoz/DjOKaZIMT2wptS20DKeQQf502OyScKyUqGceKnFl6
Oa3QE5JPHOc1x9XbwOCP71Mdo1V6mSogcDsT3rACQchJHvQK2zJCQNoPfg58VqNpTz9hxSBbPZSk
A5yT/Ovbd42k4Jyfb+lMR0PzJISo/SspVn2PsrNALZqFLwSpX04OKyAlQG0Y47/8qB1RgYCclWOf
es4G3+IeQB/hQNZPcYUGh55JPivDAIO7uT70E6NthG1e/HnJ5rI+RZSrt5HtQN7s2G1eVgk7fFeQ
5lOdpA8gHOKBPZuArG7cATxx/pWpyEjCSRnHNAUdktpWvA7/ANanL4T+hkzW+po8x9hXphQPahK3
QnhH1U+HLpL/ALPWeO0yzwkAdqlu42tlpr09oyBggdq7eRdkEjjXqmI4mmkSF+otjGPan2DZI0Vs
bmhwM4Pmud1FGry6Nbm4002ScAfWg+/3Flt7CCOewxWTeTRKkDlwufqkoR+X6mmK7KRIQf3Y2juc
8mklYUkgN1JCtzeVBKD7Z4AqNNX6gt9q9RlDiR/xCm32qgWQWg3cXGRlpQyfJ7Yov002733HCO47
UJZyJvA4XZCnUbAvP97FPvT4IQ8HAfOADWsUlIznLBLcG4Itlr/EoYSVYzyeRQPrH4rtOdOGH3Z1
sW/JSDtbbScmqnOUPxyZRh9wgZv4reoPVPVjk+6R0Wy2A/JHU6M7fqBkn+Yol1vpO4dWdIOt6T1y
8iVtwhhkltP+tRCCce3leWaOotdvgrnrT4bviTQy9bGLm5LwDlt/94cf97uP5UC6S0Nrjpzehbuq
OipIgvnat8IJA/XtR9p8WVlI2tTwiwnw+xdIaM1MrT0W6fiLTc0bmm5HJaPlNHEHo5036kaguGkt
TRE2+Q2rLEtv5d391Wf0/oRT45xXp8Gc1K+4b9VdH37RbXI9lSH7zaMhp8KILqPYkdxx5/0qLum0
K53nXU2LqbTS4TyngpZwflPbdmq7fPgFK9FobHabkuHElB9a1R0BBTuOFAgYqPb/AGV+2ahf1C8v
0guQAAvjPNS0krHGVqy1vQG86ejahjXiU6lCYsfd6hOdh45qdNLdRFavduN4ZuK3Y8VoutPE/LxW
vdbSMJRdNsoN/akdQBq2zG82qa5+ICdz2V+MlP8ArVKOgOj5mojfNQG7OwmrTHLvrMp4KsZ71gu2
Uvg1zHjovJ/Z5tLm6BsF/uLqm2ysnb6nKge6jX1m6SalgXzTKI1laCGWUhDWDwv3NVHSRHJG3ZJ2
j48j9nCO8gJUVcqz2otYgtiMHUN4JPBPmmlWDOx/0xGCDtdXgkbjThKeU2oBxW8gVD+CsMbLnIRI
kAts4VjANZREQmGqSkJG4YOeaEN2hvSwkIdcTnYo4wk4zXGM+iE4tLLawlXHPip+S1kd0NemkFpW
BtySO5rvEkNN2xxKjyTQFHTYNgU4AEbcDFI28NBb4xvHYU0OhsujqHbmiUvJJ7j2rV4P/gg42jgq
yTmmTYuhQ2lQUvpew4r+E0pYjsvR/TClAoBOTTuiRJtWfSUX8EKz8tK5M58PFta847VKB5OVwnOL
DULYkoCs4B7Uku81kRVyUtYWwBjB7iqJdIC725KnTypbQLBSSpRVyD4pPJvi4rTcgKJXt24PY0hu
vBveZiY0RExaspWAopzWZRi/sJCIoO4qJ+U+DTBLyMT7QGJpSrhByT3NKLXDS+qEW84KfUPjP0NS
VZpf1JRcTKjLCMADv78UwXiPCbtDrbKCSjbjzu980eRUCUS5LiW11L7ZW36hOEeCPFIVyX1suXBo
4343JT+ZNNew2jnZ7y42pLLT765KueQfkH1Na3LWkmHFdtcaKuUTn1SyCQf18mqSa0S2Qz1jucLT
ttbXqTUhitrUVfh4if3qyfBFRYw7p1EYvX1cK0w3cqJmPfvnh9BxjNb2okNWQF1162fDouLL0r+w
HJTbe4pW+r82OOB5FUT64WnS+owm6aD0YlwIUU+vHYKVI9s8Upc3euyjTjg4ZbC74W9O9VZ8JTTu
l25TbKwoLMj0JDePbI+YfQ19FvhJ6qM2aKzbY7jwBIS7CmpwttXnB7H9DXI+OUV3G05Rk6Jn6hRk
X+ObjBOG1J5T9aFNHpk2i/NAO7UuHBSRxW/J6lZlDGCZoDL0dnYtA2kZCvFJ7tZ48+Gp5pA3jnjx
SQ8bQyx3UQyuLKbBSoY/0pGdOKWVORx9RtoXsDrZor1nU+hNbzs4570wX92Op4NAcjnKqu6jRn2+
q0c8LlxsoyFN003JQmtqQ7+ZAOcVCNNArdIbTrSmu5H8zQ8XhHX6LgBHuazl7o1S9zhcy36RORjF
J9N35EeamJu4zjGeRUTeAWyT9LvMScEnNEyLapbW4BISPesMGjY3XptKEFO447c0F6kskK5tKYd4
J9xVwaRJGetOljUhlZ27SR+hqC+pvTaAyh1lUIpXz8yBlJ/0rpUqVohbyRFctCssOLUY5yruMUA6
u0lFS8T6YVnv/wANK1RogHvMeTbHC1ClFI9s96ZLo7cZQ9F5ohOO/wDrWTVPBa0NjtkkkBzavnn5
sj9aRKSW1lactn+6fNMkcYk5BYCHk4J5B9/1p4hOPRGf3LpwcK2nsaB0eMlLz7ZCe6u2cYH+lFEO
Pb5FuSjY0VnKdhV82OD/AC9j5waLyDZhuA24kstFQxzgnvS5vQarrGDgaOR7+KtbEDOsOlsqIhUh
Kx252mo3ucF23yChxR4HI/50mqK2qEX5uQsgE/rWSEqwVc85IzSKSNSM/LwM+9YUvsoqIHg96A0z
xIKSP1OKxyBtJGTn5vagXyex28496xtxgrwD4BoDR0UhaU7xzu7D3rI75JPPPBoBex7C1jbnJ8Vq
kpzlPf2NAmZBSflUcAeBXsHkgAAeaB+TbgpB3DgeTXipJHbv2wcUCeTKgoHIGayUk8hHB9qAwkZ2
nbznPsBWxTlPJx3yff70A/Y8CXCfm29ue1eVzxwfPy9v1oC/Yd9KWRy93xmI2g4WoDCTzX0z+Bjo
rEttmhuKjfOoAncOc1rwK5mXJ+JfHSVjZs1nbaaaAwOcClDlpXKe7jHt71pyycpGPGkkK27cIjQQ
OD9uKQXOYIw2J5A7kVzy9jaMRgvV2WpBBI9zUf6qujySTvAHtntWctGiQE3LVD7ZUd5P60PXnqKm
IkhUnt5zS7qE1egD1j1KfcjFLLnzKHbP+NRBqS+XW63Et7ioqPdP0p1eRJUF2hLVJU2l15slXGPr
9akGGpEGH6alcq5wDWqSRF2I51x9ZQBc/d5OcnvRTocsEoQlZUrOcVfGs0zPkVKx06n9T3NB6fdn
SDgIQTlXaqD69636w6sdRpKhMlswG1FKUMIPzfpUcvqmo3gfFHyGGlumdw1TBQ1Etd6S67jD7oKE
geTzz+lWa6GfDqnSNjRcZnU78M4kZLbowQfvWihDN4KlJpBZO1hp7R93Qxe9YR5DixgKVjJ/pQZ1
Q6vabQ4iJLu1tWy9lKfWSOf1xWb5aVRkSoruI0u2htD3Wa3qqPdhFdzuS7CV8hx5x4FK1Tb9Fkh9
d2UpJTtamc/1/WpqLTo2sGkddNXWTqLEZvSVn0XA07yTvT749sf4Cpx01ctM3TWLc163MrYmNghw
fwnHIp8E2sP3J5YK7RJqbRaINtJtcsK9HwTyAPp/KoF+IzU0Nm1R7xDytCnQ06hPZshWc/4VtytV
SM4ZlZOHwFRZOq9F3mfqiYlTTrJQyV9+xqwfQWTC1Oi6dMNOymmjHjhLyeyk8dqrir0xfnBnyY7i
k/8AaH6HjQ7DfZzQH7pxEFtCeytpyTVWtRdStPaO6KNdL9GRMzby7mdKb4KEDG4Z9zwPtWPI0n6f
JtFOUc+5O3RjqtPVoGyac0Fa1NyggNqLfyoQnjJP6V9hvhcuzlg6XWP9semVuR0qAHfJFOO2yOTK
osFoqTIuLBCEH5j5GKMILLvofgXN2QO3fFUlgxeB5hrcs7BCxlRHG6l7SC5D/aDu05HYeKlopNDe
+lKHm0MjPykkVyLwYtihkqcUe3tSRQkioaQj1FuL2qOcHwa6wSiQkNNt5XuJJ96llJXsUSVtNMFC
EkKJ5z2rpb/QeZISDgnOKXkY4vtYcShtsYCck02LQ2824+lQwnxTF8DRNQ28gSQrAGSa625lVwt6
FtvYBODzTEdmGHG7kW3X/kbG3A812kymoiBDLyi44rH6UBWDsiB+GDMp5wAZ4+v6VlwMPBbi05cB
yAOKtYM5Y0NNpmlT770xv5t3CfOK3vM6G+tTEdvKlJ/NQmJr2ApaZEtp2K8va4lzcEf3hWk6O0uI
iOpkbVKG4jnbSymPA16hTIampjrJMbbtyBxSQzLixNiwoygtonPB8fWhoaN5bhfhqZ9faWXCSnzi
uMm4SbWppuJ6jgQkpG3uM1DKWBPLaenzG2GHCrCQVg8c802w579zt0thyKppLJ2Bauyh709OwBxy
13Vc1VtiOJQhSws7v7v1rvf9NtWmRGZEhB/FfOdv0p0kDYg1GkhRNgjpTvTsVnjd7mlce3pjWNLd
ubZTlP8AvFHGVfetV7mbyiHOsFmstrdN4kMx37gn/wBcsZQ2PoT3qsuv9C2u8XWTqCbb7hNYCTi7
SUlLbJznCE10L1UqsmNLJUbqn0DvXUa7TpmjbTcXHFuKShbyDsWM4+XABo76X/B1qGHpePF1rZmn
kpZwlS2lB1J+o80fabkpJFSklHtvIgvM6x6A/FWG3shibHSQy+3FW2lzjsVADmh/oX8QfUDSOrvS
1ZFcVFde3kSUKHGfCiKw5+OTTrwa8eXkv70m6o9O+penxFg6gDMkpwWVHg0ouTSLXJMVbKVoBylx
vuPrUQmpRxslrtk2yROnWrI17tSrXLWC42MJKu+KcIiUxpK47zmAc7c+aS1+htZwMN6t0j8ep1KQ
oZ7Y70qs6XHFp2IP13Gm92NxtHDUMGO4tWwbHPoe9A95CGULafQAtJ4NU3ZKR6Ay65D/ABjHJwcg
UPXkusSyVcb6l6spZdAzqJlyM4p5oE/8I70OTbm0pol9WSnzjmonSeDSLOFwMeXalfhncKAyUk8f
cVHpvz9rvPouO4UD+Yd6zmk42O33UTT03uD0mK28lecgee9SjalOOtJbWdvHGPNcxbqjhfrW6Ulf
cY8jvQjc7TuBcSCoD+HPIrRE3QwXhhLKVISAtP8AdVUXdQrJbZa1KU1tJHPGP61vB1gVeSEOoOmY
9vDshhaOPAPeol1VbbRdW1htSQrBBwcgUNpMuPuR5d9CXFbinFNbk98n/ritLHpGK9liUwlK8jHH
BrJ4yaCq76AjOtKZaXwR27kGhSZ07cCyytkKI/KU8VS0JoYpOj3WXw2818u7AWKIrXolyRbgGGe3
k+aYVk5f7MvRyUuxTk/wnvT1YLGmUj0nG0qB7J5BFFg0PEbREpEwCEreFHBSrkijfT+h77Fb3NQ1
KQByEDt/SqXwRJjfqixSCgokw9v/ABqT2FQn1Q0SGXlzAUpCudqeB/KtJJ6CL9iNJDZYUpOQcHIN
cjsKyUD7prI0fwZHIBHng885rB4JxnnnHvQOrNSCkcH7knt+tewkJ78eDnvQBhWQM5z454FYII5J
HvmgWzqRlI+fOPbNeR7E4HbFAmYJyOSVDt7GvbM+59hmge8mQQlASc5x3PmshJH5TwecZ96BpnsJ
CQVnt7/eskJJ2Z/r2FIkyr5FYOMjj/yrKUhXIA48f86Y8GR8+VhRB8Ctsp2FGB9j4oBozkE5Xznj
IrKG0q+VKM0haJ3+D/o5cNYarZnPs5abV2Pnmvrb8M/Spu1WqOFR8bEj5iO1dPTryc/O8Fg4lqab
aS1swMefNd3oUVhrAaTSkyI/A03B8ICgkc0K318DcSf5VhLLOiKwBd/vSWN4Uv8ASo+1NeEOhTjj
4B9iazcqNu32I81BcHZRW1FcUr7HgUC6gacDuQ8eaO1VZDdDLI0rMnYWtP8AvDwAewrpa+mIEoyV
tcII4xWtaRF+Q5s2kzbY+QgDCSaab3JWg7EEbRxxRKkCV5BO8X2aiQmNCOTnkc1JnSCJKjwF3SWh
S1YyMmr492ZciZBvxp9XbsrOmW3kx2l8KUCd232HtUR6H+IXQfSaypbd0oZL+OVLRgq+ue5/Ws1N
xk5LZSjcUht158f3USdJaOh2kWttrsEpCifrjFNb39oJ8Q78BcJ+5RXEr49VSSFffg4qKm7bZfbH
QA6h6/dT9RzBKuGoVpWDuyhZHNNt96p60v7XoXO/vPNjsVq5HvzSUEih20L1u17pJxDMa+rdZwQG
nlFSamTo18XcuCw/pTXEJMqLIOUO+UfTn2p/j+OhUmSZO0rD1ZNha5028lcZ5OFhR5HsalX4VrOi
ezPtN6mZeiPq9MFXIT4/yrVVFpi/JMn93Tln0tdQp+YHGLm3hOTylWKgf4gYEPTluVpqHbklMpze
XV9gc/8AOt5uKvtMIW6sR/DtrTXGhtI3+bHuv7q3guBPgDAPajP4Mviu1TfOtOpplqS0pLyB6rxV
jOBjv+lc7vujX/NluKabY6/ELc7D1J6PSp6pMVxDMp155XncM5GffNUz0t8P1wn2hepbulaFXZ70
4zas/Kknk/yrRVJJ/Ak+279x2tl8ueneqQ03pm5rZtlrKG5CkDwCNx/yr7S/CihOoNMaduz10UuM
qOhITk8ccUoJdzbFyt0qLe6LKrX8zroKQoBIA7ijG0XFqTeHpgSoJSMBB96qzn2rHdyYbwkBSPmQ
aUGSxGty4+BxnzUtmiXsIQz6SUBDW4L7EGvTHRAjKcdaAwMAGlXkqr2JpJLsBC2k8/xH2rFnSpLi
nkPZ4xt9zSH+hRNT6zCApwpcJ7UqgstRo620L3KT5PvSexnaLPcYSPxGDkHI80mfTHcKnkKCMA8e
9CBjVJTETG9FwfvFn5dvms2iCtlpalOKSAMhFUskii0FLrqy6kAnnB81iUll+6ttq4U3zzRYstnJ
d1U89tlpOxB4CfFdVympbiZER3KFghRHiqW8kSVZQ1JSLUfXA3uLykKJ4xSKbNeadSjZ823II/rR
XsF27BubcRLmGXGWUrR4P8ST3rq5HP4BT34rY6kpUlCuAv3pb2FCO4TVpjLDrRSUjcUk/m+1cLbb
BL/DvwyAvk7VHukjx9RR+yqN5OnVSrhGchOFIWoocB8mkspDNsfcbXkuIcIUo+MGhrAJ+BJZktSJ
7K2ZZK3pChg9z9KUu2r/ALMpn0whO8pI9zmpQ9AradI3WNfrreLjMUpqYrcEK/K2gDACf5Zre8wl
tzGpcJaHWkNgblePpVVQnbOls0vbhGfeecOw/MCs5Klew9qbtQH8YE2UQyo4ztQkjjxmtI/BNWCR
6FN3N43G9XV19xKv3UBQ/doHtinw9BdGNW1tm4wUy96s/hCMIz7GtlNR0ZNDXdegGg3cNq0wxEWg
/wC7aRjb+tD2p+iuh7C8p1lTaHUJJDauefeto89/kRKFaIG6o2fSEFC13VbLbLKipaFxM7x58VXn
W/xDfDPYryqNJVbWWW8t7ZbWBz4yfFTzdRKFs04+NyWAfTrWFY7k1q/Qeo7S5AeTvSiK6MY7jwKm
Ppl8Sts1xAisXhDKnxwHGXNxrglyLu74vZvT7ckoWW4uQpqbnb39qFdwDipAZnzJkdt4fOlY4Iqq
t2isbO7hS80FNnKk8FJNKLK40lR45PBB70PQqG7UcCQmWJDWVIznmhbV9qMhoSW287e+O4qtsPBz
040wICghzkckUNalWy9OU2jA5/SljtoSVysDtQSUtlUZ8ZH/ABd6FbntaCkqR3z81S9o1oZItx9A
rQleEex8UGasDb94DrRSOc5SeDWb/Fofkm/oski2NKcBB4/Wpfsoj4SpZ7exrmXsWLbqzFXDJbRg
p7GgO8tj1VBDm1QPYVbJBDVDq2EK/FtZxyFjj+tRjra+RGGFh1e5QHfPOfY1tH07Deiv3VfVDhaW
kJI7kEHmoKn3WSu6OttkhSzkZOMc0p1RpDRIOmE2+fBSHkAHBCkfYU2TNKxUTSWhsSecAH/TxUKk
qHdjPfYE60KTcmEbkpxkgZp+0tZImqoSHUx07h823Ham6i8+ReLN53RQ3RxZYj4WM544P1r2j+l8
qFPXbJLCtvcJIwO9DkqsazgNJHw9wbnHLqIZ3+6fFI4/QpqK16cqKQpB4cxz9K0i0RfgW6e6aux5
4akRt4zwSMnHijtOn41rg7Vt7Ud8Dv8AyojaeCZZI06nQYjjCy02XM8BWMVX/qTZZkxhxTSAAM4S
RzW025UmKCSWCFr5b3I7qwvAPnacYpuJKkkBJAx47isDdGxKcEJwPbBrGElBQk7T7/WgPJqpQI2p
HB/pWvGcBfb2oHsyQlWSckHgVqd3jH6eaCas6E7BykfNx8te3fNvGcc/MaAXsY/gSPPv3rOMcpGe
e+eDQNJHgUkY3ee45xWSdqeRnPbPihBvJgFCeSMH6f4VsNqD8xP27UhNYMpUntuB4747c145zjd3
9j5oFg2AO4IV3AHY8kVlPsf0TnmgGbBW84HvwSf6U5abtxuV3ajKyrcsJwPbNAYPpd8AvRaPHtcS
S80QpYCsYx3r6OdNdIxbRZ29jQGB38mvQ4qjxWcfNmQ/ylpZSdoAptlyMD51n/WuN2smkfYZLtKU
QVJ+Xx9qEr+6S2rnd9M1m8HREjLWbrwQ4Rx4yfFRpfFuvuqS88rA89s1lXqybt1EZLkv02y02doI
5x3NM6rM3Kd3vqyd3Fa6dmDyPMGwxlpCtqTt4FLTBjwo4ZIyrO4481o3Ssz2a3eeliOpDaSNwx37
5oK1IEhj1duBnIIrGcr2aRQD22QZF9DbgzlXIJ+tTdGv9v0/pEPJQ4v93yEcYreD7Ysw5LbKo/En
rDQV5dXJRY1fimyT6r2AB/Pkmq6a31fZrnHMKHbUoWn+IcY++eTWfdfg0VgKtTWdjZG4f0rY26e6
rlvG7gJ96VFDixoS4yEpDqljcDkAHOfaiCB0Ku0uIZCpWwHnBrDk6iPHs7uDoZ8wyX/p7eLAtfqO
BW3yDnFN0W8TLdIxMQCkff8AWtYSU13I5uXjfFLtZPXQjrPLaZa06JqgwtYwkk8farbdI0i1TXLz
E/30lIJH94kf8q0isGTZL2u+osOJoq3u3lCW5BUMJPcnxzQB1k01I1joVuc0FLfJLgWeT37Vul3W
vY5/KZH+bvofo9f1zLeUOXRlMdoKVhRUvCf86CHLkv4dtLtQtMsr/EXFv99Jz8ylEdhWPIqTNY0s
Er6bsDty6KWLRiJ/qh9X4qe6onGO5BP1NCeqtZxrnrBNgsjqWIlkjLWoKOAF7cJH3xzT0l/b/sQw
e0p0+Gn7C1KkMGXdLxKbWW1HJWFLHH2719pvg90Y230VtImo9BYCFJSkY248VcFnHsTyul/cslAl
KDrMeIycoAKifJowtsgoAOwBazyqh2jCkx9trCrSkyHU7wtOcUguzu63F8OFBWrOwGpkjSDQshvN
uxGZpUQEDOw964ydsudvfcPKcpSryakqn4E6luIa/DBI3rXyo+BXozDjKkuNvnCSSQOKWyxWHVOt
CTn5vA9qcLZGXJil97+HkkeaQtI0eZQ456/8J4ANcrrGjRILTLa9ynlf9CqVJCexNMt7EdTMhv5Q
33H1pGFyVXDcF4bOTTv2EvcUPBTbjbjeCr+6KzaoyzL9Z9JSVkg7+c06smxLcvRjqcRsUcnaFJ7C
kUOS65GctyHDH44czjNMnwIZkd9VtUtbpLjStpKe1NbFwlLjqaeC1PtLO3PbGKK9hWgOhSnnbxMb
ShQUk+/b3p0Vqm1zdMPtTnW/xEBe0c8qGM4NJ4ZSysDYnXFpuFyhsuobILWNwOflI9vvS+JLhxYj
bDEpXyuE708YGaV2NqjUawVCTBmoQVpLxTntuyf+VIbrd7fcbrJkokAoByUJyeaTwCFMRUa3vW6X
F25ePy4HZWP9KcWAYS34dx5Kh6iSfBNHyM5XpcCSr8Kp7020tYKUnyaBrg1eEyFsJWDGCgEqUe4H
+tWl3Im6Z2td0U7IyhCksNEZT33Komt0GZOuiJBLSdyTjPdIp3QUvI5Cxx4hKXUJChlRcJ5NIXEx
nkqWj0m/T+ZSlK5T9aTkJRsHdU6g04iC+uTqKOlKR8q1LAJPmoxvWorO4BfW9SR3Y6fl9XGR/wA6
ceSOrE4v2Iy6ia/0ldY78yBHakqbBTseRgL98AiqRdeOhbXUa6XWZ+GtUfuttqUhJG0/TFdcObvj
2t0iVDsdlcdL6A6ddLLy/A19+0NkhRS0uzPK9H7bM8UsYuPSbSmtIGo+m3Vp+1vsH5oUxRCHefyq
7EH61xzXEk4Nf3OiLlL1f9i+vQHqxE6gaVYTcn2nVlAAfZWCD/Kpt0LfmmFpt0pRyOU5OQRUQdxs
TjWA0fjWpxaLk0j01gfMj3rzlkauL3r29W09+O1atpiWEa/gBIC4cjhY4OfP1odu1uNveU3IGWld
8/60qDAM3mzm0O/jIoy2s5Ow0K6ihqZUbmhO5JHKc/1p0CAa/utypBwTyfNNVxaZU0oOEEfyNRLL
s0SpApMtiG3VOwlZCu4PahW9Wx5U9KVJyArgDuKmSVNj00icuikMItSEFWeM4qTIy0xXNu8jyK5a
wW/YWuzPWYUA4CMeDQLquYLdIUtxfHvntTiMANd6viIgrCX0oWE8ZPBqCdXXZepJqmGHS06Tjvwa
1lNJDhDIwyukUu7sZkEqB75oC1j0E/APpmtNKGDuyfNKrjRo3ToErhaLnp71nEDASR9K4HUCnm0o
cyVkZBzwTQ407JsdrVKhX2OmK+QVKHA9qJ+m+lm7PdFF5ILbiuSOBWUtUFexNWl+nMabh5DA3Dk4
PelI6RMyLyJLUb8nBVjkVaVxom82HFr6b7YuxSATjj2NIn+mwdklDTYz2KFCtLrAhKnpwi3yyHIy
UqJ7LHekOotOw4w/DymwBnGfArSOCZNEadS9IW1EVyQnaB3z/nUGau01bg26laW1eoDxj/OtLWCY
+/ggbqVoa0x3XHG0KQck4TnAqNZ0VEZzDZyR9axkq0bJicgH5wrse/8AlXsKwUldIqzCgAnCCfcj
3rTOE4JOMH7UB+jwPIWCfr9K8QCngjn+VAaZvgFOQDx23DxWwUkDdn7UhaNQlJyE9j7eRWCcpOPP
gUw0bADbsQf514Dnk8Y8eaQkZCU7Bg1nG1Q2t9xTH+zw2pbyofqayCUkKPbjJPtQFG24IG0gjPjP
etgvKCjAGexz/hSEZShB+bGQT7+cVJHw8aLd1PrSNGQ3uAWM8E+aEB9gPg76fC3WaIdhG1AyCKth
ASYcFDaRgAe/eu5+njo4pZnkS3CagE/N2+tMN3vbLYI9TH0B71ySwbxBi76rYQkpD2Sfc9qGLzqZ
lCSA4DnyDUNmqAPV1zZdSSV5yfJqO7vI9d8pQn588Y8VCRs34YglRuwBOT3+tcUQHVyPUJ+w9qtZ
ZjocypiMlDQP3PtSZ1xUheUEk0XYJUc32XZB2qGSO9Nl504tURawjxnBz/Os+3uZSwRxb9PXORqw
ohw+UK5ODyTSvr1N6naX0osQI6WUhBO9XfH0FbqEuzBhJruyUd17e9T3m8Pu3Oa6rk5Cjmgwx37h
LEaO2pRVwAB3qKo1VeAsh9OGbNBTOurgLzmNqR9/+uae9I9PrlqC6oYaZ2qUe58ZrLquRcMWjt6L
gfPNMkLUmgbZ0yjsS7tKaW6sbg2D9O9CN/6j3G8lMeCEtIT2CfP1NcHTRXUet6PQ6zqX0yfHEaf2
dKuqFLlyN+7uO1N140AJTK3GEhfHGPevTjFRwj56fUKTyMNgfnaO1A288VISlWRznHNXi+F/rL+3
hDlNsIU3GUkO5OSB25qs3g02rLN9bl6J1r0tF3jIjpcjIDjLqfB4NBlj1szp3TsBN6mMlMkJASec
JronPubkc3GnHDIp68dV3tcaxjaeskZDlutgStRa4Dihwn+Xem/XGlo/UXqhpXRKGytooEx9IyeP
A+1Y/lvybpKKJK0rNi6t12rQGmYhYh2mR/21535UBCB2z5yc1DvV/QVwufWWRK0OkO2qZMR60hv8
qwDyAfbxTrvVPySnTJU6eaSkXHrEzPYQXI9tCErSsfI1gcc+/NfYj4NExL701tq25KXNjQP0BrVK
nkw5NE12u0IfuZlOuHCf4E8AmnuDKjxXQyFfmVwDzSZK+Ahush7043oLGT3P0pFeGnn2yw0jKgM8
jipasca8m9ueduiGmg4AkDCgBjGKV3CGZju6G8E7E4BPk1CNHg5M2pXpJUVFSuxyfNJ5zykS/wAI
20AEcHHmk0Gzvb9krb/e8gU8rlttNGM0U4PBGaRRzZQ24gN7hgn8vmmu7F4XVtpQCg325p7QvJx1
BNQ9HTxjd8qkjxXJplEi2iQ058qDjBprIqo2hSVNILzqSdvbjvWb1eTEZ/FLGEj+73BNNaE8m8Jg
XSJ6jo7JCuf4qZ7g3CS+cKAUEn92rvV+MmbwN0i4NIhqbccUlchOAUe/igm+Xm8Wxtb7SVnAxk+T
RVhasGrpr232ixyNSJShBb5dVnO3Pfmob6r9dNPaW1KymDOQuJqOGdqz/wCrfSff65pSdIcYtkcX
rrzqjpnq602K/JUWp0ZzZObyUggjg/oUmn9PxZmDBfa/aqkuttlIfSrKVOI7j9eKzlHsdGv5K0SR
YOtrjemIMx1H4puSDIwgj90CnIP86cOjt6uV5afuMqUh4vOlO1B8E9jTVtIlqrokyHco8eFuREKW
oisBSvJ5Jpsf6hNXHT921FLltI/DM7gjfyjvj/Cq8qyQB6OdVb1qjT7b2rQlD7yytKScnG7gH9BR
LqC9oMdbsZ1Zw4do/hJ9qUPYJKngWaYdQu2AS4impb6gopWrlv6kU6S9T2fSFvcvV4uiGkjhpBVk
rP0pvWRUQH8S3xzvaU0yu16Ditruijlcl5WERwTxk+/0qunUX4y+rEyyOQn9XiIiQlJl3Bs5UgHs
lCR3NYTjKXk3jFbI0tPWjqsiWqRoS0Tbi0oHFy1DIO50eSlv2/lS2Fq3r0zIj6g6ia9s9rtKlhSY
iXUpzz4AP+JqFx7p0i3SWdj/AKg17Yn5Ldst2rIy0P8ADj0aSkfqOaBuoPw/2jVUVyXpzqzPVLlH
sy8FqQPtzXVCfE8SZi1KKtIh3WvwE3TTMBGotQ9Q7y7ty4i4NNrSWvPKcFJ/lUTXL4dtB9R4kuM7
1LZXPjLwuTgIc/VJ/wCvpXRLj44JO8MmEnLSJF+ES5a1+HHV7Gj75fP2lYJKsM3Fhe5Keeyh/Cf6
V9ENG3lM+JHuaXQpPBCh5rkUFCTjF4LlJNKRLUaS1PtzTxSCMdxS2zFDDq2m143efetCRBeIcxMg
y4q1cHkA003RbxYKZLe5Khg7eRTUadktpoEp0h5DbkcHc3z8p5xQ7c2y7GVFQMJNCL2AN5szrL5J
Tx4OcUP3+OREU4y5lSe6fehIbAtq7ONyVodXnao5/wBaRXea3+JS6kgpUr3rJ+UVumTB0dubT0JK
WV444ANSI2t5SdxUDj6VzGlWbPvOtMlW3HmgfXb5mNLSAd2D9KqIbIL1wmXKfMR9KkkcD2NNGndB
OLmJkPN7kA5Ge9Ka8HTwpeQ/RYYsSFn0gTjBBodvlmhzY6x6KV5H5VD/ACo7souXElGyJ+oXTkPM
OehF4IJKcVA+oNOyoN6ShDRAbVglX8Q9sVptHOlg6NPu2Z0SDy2nHYdueamDpTc41+gpWSneDgJ7
5FRO4tWQsk8dPH3I0ZLaufAI7mj7S8NmTIMjb9waIulQnuxxU+qHcw2Gst54p2iW2NId/FBIKTzx
VXmgYk1LZoTzapCRu489x9qi/XkloNmO08N4B4X5rZSrLM9kCdV9VT4rC47wTtSOE5zioU1NqRl0
7lv84xg+KKrDNEsEYdSYc9+Ct+NKHygjG6oduLEpD5S+Sfp2/WiS8lRE4zt3gjkckeK0UASMpykc
1JpZgcj39gPH0rOdygc84oJwYIyr94QR25rwxt/Njnk/SkH6NwFE4C8g+KylIB3L5HnnvQLRqjYS
fmVg8ZHGKyUgZ3qwPceaexvLMfKkDzjyO1ZSofmHYcCgEYySn83c/lJzivZQeyhx45/nQI22gcJJ
78c8VtvCRhR7jv7/AEoGZGd3CgFJPntWysFOArsc59qRO2dWSt11OAOcYq4PwCdKF3C7tXFcccqB
BVVQVyJk6jZ9a+gWj2LPZWlKawQkVId1nJjNbUnH61282FRxxfc7A++6kaZQvLmDUd6p1zsUtQdP
A4NcUtnVEBb51CdyT62B7mh6X1BcWShtY5471nWTVDVdNSB9OHpBV52Z5pmcuLjj37tAHjvRVhYr
jxGl/M8sEnskGliIKXBvOB5wD3qqTJEkuO2gKUtYGOwpvRPajr9NJ7Gl5DY5WdlLwJUrldL7yww1
a1OBHYU0Nsi9jVq7Pf3XYjKQQc7v+u1QZ8VvWPW1/l/sNd6DcXOFNsHv9Cqm7cO2zJxTnZWrqFfE
txUxI6f3izyQOf50V/D307jTIb2rryhKWmU5SVDt9auFSlbNEsCtv1dY6qfuDbH/AGVtexlA7cHv
ipNuGlWemmgV6yuC0pdX+RCe4z2rw+s5Hy8vb7n03RQ/w3T97RB161BetZ3RT8+YtznISpWQml9p
tAbSktoClEcjNetwcUeOCSPlur6h8vI78jtFtvdWSD3PPGaUNwAtO4fmB3ZX7/WtaOBpaQxav0wx
cGFKSjYtPgjiiL4VtV3Sw3+TYN4CHRgpKsfr/wBewpeUdfBPutFzrXHNz6JuSBOKm4/50pVzj/Ko
w6iX9D9ttFsfkyIzjJyjOcLSeOcVq+1xTBKSlSFmq7Ro/p10qSWJiHbzcVBRIOT3oT6PdTdXK6zx
9Ss25byozaWVMJBO1vHcmok/UlHwXBWm2Srq/WVt/CSNGaEURd9TPuKkutd2kn8xz+uK91D1boX4
edN2LTc50KlOpBKQNyuO5x3qVNK5f2E45SHvQHVlV001bI9viiM/qG6JJOMOKbz2/wDtRX13+BmI
1aumDQS2sKCMemruOK0hbeTLkxEsRYdj1pJSnYsjdzXZoRoJCnUjc2NxJqnoyFNmukiXIEggbAMJ
545/Slsgyjci0HgprbgnNQaLJ2szBYZdRt2oZyQryc1pcnnIkeOArBcOQU1LRovYVqkR0FB9QqUn
+Gt/w8ZgqknkuHndSwMxCSmOC8gjcM4ArdqIl9Snn1glIJPgUg0cX3Al5mI18qxzgHxWrTkZc/8A
FyVe5GaEAy3of/SB2PDCjwQe1brW/EiNR8ZS6dxSfNVWQbOhurcOElK0KwHPmCu4FJ5HpXJjdgqD
i+En2p/shmGb3ItbxgpQfQAypY7prhdWkTJDc9SwpZ4CgO4NUsOjOSWwdZaXHuC4kqSpxRPyjwKG
teXgWuD67sULHPyZ5UB3/WqWBVZX3rdqWx2Kx3Fpl1aoMxxt4tIXypJUNwHtxVQvinfueoPx+nNI
3NTMmO0hTDTzmDkZUhY9iQMZoklPBUG1kaemnxCXDqn0NXqHWFrSh7S6jDmbzlbRUAkqPt2zUM/E
BL6l6G0cj8BqVLkV+c6Q5u4W043uSpJ9+Kx7XKFPxf8A2OiCSZbLpIu8ItPTEovbjMe+WbdJQ+vh
a04I/nzVhen+oJNpiXS3WZhoNx221tvJVy4VL/yxT40u1fpf+DKW6/5sdetHxG2XROjGbe/dEIkO
vJRgHlRUQORVVus/xQ6sVNuWldKR3EftyHkq3fJ8rmMj9DSecFwWckpfC/drnqKdb40ycVRmmEZW
o4+cjkGpk6j6si2S/wAKyxH0/h0fOXSfkSfrT41SZPJsB9efFLo7Sz8a0K1Aly8XV4stR2l5yn3+
gqEfiG+JLVUzU7ejrS+T+DSHchWRuV2FJyTbSHCPllc+qfVVnUupIej7lqJpMCA6JE+QhfzSn/AA
8gUj1prmQ/KbesllDz35Yrcj5QPZRHmslLLOhJYR06W9Bep2tLmdT6t15+DYKtxD8ktYyewAxUvv
/DRoN4sJvGlrbevU+Qy3HFOlGRwobieaOPjjFuTeQ5ORXSIn1n8HybZe5SLA8tIQSr8O6gFnH3GP
5U22j/bToLNbXcuhEyXBI3ftSzFagke574/Wtp8Vu+JZM4zUlUmGmrfjQYlaO/Ay7bq+Lb20ZexA
/EoUk/8AEkHGKq5cb38LHUXqE9qGxatvUh+R8siL+HW2tB9wABzTjzS7OzkToj7TjLujQxag6ZdU
dF6hlau6fauXdtKu/lfb4XGUPDrZHBHvx+lXH+CL4ola0skXQur2QiXs2pfSTtWR5qeWP25Llhpk
v1qvJcjRT09iCWHntyRjGaJLE5lZRJVjByFCtPGCdjg7b3EObmXEkK8E5zTZdmmloUFJAUM9+KrW
QXsDhtcGS8pLuAfNA2uGFWaYQhH7s0/DoeLyCd2bYmQVOetheO3mo+u0pSJDrIUnk/zFT4sbwBzr
cb9putLVtOeB70OaqSYEjanJQfY9ql6Y/JKnw9THXiNywQcY+tWBt9pbkNpWprBx3z3rjjHLNmdZ
dkU4lRQk88c0P3nQImoUpTfB960QiPtYdJoy1Fao44/nQ4zYRb1FpTQ+XsT4xVSjXqNeKd4Es4oC
Sn+4O2O9M0qIlW53gbu4rhv1nqyinDAOajtzTrCvTQEqz45KqhDqVplpM1x8sgEgncnziu6DtUzz
JelkfXu2JDa4ak/mGd548U69IdSptE4MOue3A80prBkWK6ea/gyQApae4xzUs6TvMX1speGHBms4
sVBeGLdOQHFkJUod6cLW2iOgoK+AMjB71oiWzvLt6X4pWlWM+FVBPXOwS7atc+IglPcoHc1ruNEx
3kq/1V1CHmjGcThfbJHIqBNVzJMeZ6AcQcq7ntg0Xao0Gm9xZ8u0qSEKO5Oe/cfrUX6gjvIlrSG1
ZT3GORU5opMaFgI8cnx71qrc3gngDvQi1s8sEnbuHJ81qADyo4I7YNDE34PZAQCR/WvLxkEqGTzx
4oFR1VheUhQ574Gc1goyM5wew70hGCDtKQs7ax8izlIxjjB8Uy6MhIwPPHANeJ+VOMjP0oFoxtJP
ORjtWyduNoUeP60hZPA4AI8HgisnapwAK+gzQIylSUq78Y5x5rcEc5B5GOKBsddH2xy5XtiJt3lS
wOM9q+ofwHdMTbbLDecbxuAUeMVtwK5mPL+LL9aYktWWyIRkAhPah/VOtVNrUfVPnsa06h+rBz8U
fcj/AFLrltTag66njxuoCv8Aqj8USlhII/xrmVs6kB9/uCpAO5eM+EmhuTOfivEoxt77lGplGi0z
mzdWt5Lrm8jx710ZnvOvH0jnJyo0sMB/s7SVBKpC8+cHxS/9of7wJWPYc09CGa7XLa6dy+wyaFJF
1/7R6YV3V5qZS9hpWGOkZT0lzant+WiDUTWy0Kbc8jtmtI/iJ7oiy36UgXS+PiYSTnJwcf1qBvit
0labdcfWgJCQ0klZR2HHv71WOxUZq+/JVq726bfrshlDOxJVtCQckc+TU4alYb0R0jiWG3uBL8wJ
bIA+nJqHKoybNoRcpJI26ZadEdthSk8p7bQTg980zdfOodyvM1Gm3JJEdgAJQeBn3rwOD/P6u/Y+
s6//ACOiUPIJWC2MoYKyvcpQz+n3oijRiUAtcA+1fRrR8Hyu5NjjFt6XlhIThQGPIP8AOnMaeffb
JEfnODg5rSMG3g5ZSoRXDT7pV6RbzkcE5OT9qY9L2FzSvUGNcJCPSZcWBnn35qZxo6emmu5lwdE3
S2WK2zLM5J2w57G/Cl5SDio66r3tGr7AzddPqbbRbFhtbihjOD4/lRp0dfyDOkLjBui5OsNZ3jMa
CklKCeFKA7D+n86kTpXd4TVv/atksqGGpQU5MuDw2nHhINSs4RcroHujXUTTdn1xqjXmoZrfpxEr
RDaWfzY7Y+5qNNfaxT1K6xQZN0mBxUl8DduKktN8cf0rG8JCrNsnXo1qay3f4qLHpoyQbPYMFOw8
KXgCvuT8Nt6iRdKR3oMX5ZCUqGP7pHtXTxy/Kjn5Y0lZNNu1Gyy2hhMMnccbiK6Tn0TW3XHFoyr5
AB5FNszS8nWwvtNttMO7W0p+UjPP0pwKYapbTi8gK74qHjDNUO70UAstCSFJdSeU+PoaQSEuGahl
8KUGvm3ewpYeho0nIRKWmW2pSSVAcHxTo4qPJbUUyAA0n8vuako5xwpqMNv5lHOKUuDZEKG/4hk1
IDW9cTGcMgLG9KcAmkrcx16OX3wMnOMduKaExsckpuElUlxG1KE4JT2NZauyZXovSVEoa4CAe1Ox
0Ojz1vnRS7BVyByFc0kS7+yiW5ScYAIV7Zqk7M2N2qLh+DtQ9JRDklWFZPcGu9yuDEW3w4SsNuoa
24Tk7v1qryTihivTrrLEeepraRwVdvNQj151YqTdosS3KKlLf+ZSVHDYwfm/mKtL3Isqv8QiNQ6x
ts1uFCkSH7Sl1xSI6tvqpSQRj9P8arn8S2oHE9OrF1E0fAly3J8ZVuU++SFtLwcAnvkGjtzaNopS
VEVfBb1ekXzTnUbQYhejJvNpUiWxOXuQ68jKVLB8HH+FJPiA6j2vVnw96P0w80hUq2PtMypLOflU
hRGVfcf41yxcu1p/P/o37F33+izNm1dZIHRGLr65zkvt6bdZRDWwSFIb2gOJA/XNSt0v63aVf061
FF62LuDH4hoqV8wTkY5/WrUku0ycW06KW3n4mdWdTPiBl6V1VOComm1TSSpzO/01Eo4/SnvSfWyx
3zq1p53VkQtwZtn3sOtqx86wBg/rg1k5OKb/AOeDZQ0mSpqfrlqzpL1Es3RrQyRIXcA3LkTEqypl
tRHB/lUidc/iPg6egS7zc5PqvMtJjRIaThTzxH9e1aRtcjfjBnJRaTKyacVKuHU0dStTzfVuj5CW
Y+84ZT3x9Pc039Q9ZaxuWrLjP0hbHJLz5OHBnaccZz9qmXsts0ikt6Ip1b1u6QfDw8qbdYgvWq3m
ypUNHLcdw+TnxUR3D44tYxT+2rfDiOXFayr1n1n5B/dSn2FS14Q922NA/tF+scu/IuGomI8qM0CB
GZUW0jjvx3qRtKf2sl3sMH13tGSzLSjahDUr919Dgmo+27slr2GLSn9ph1T1D1CbvOvEPCyFYC4c
NZScZ8nzV+OlPxsdOLjpJnUem7gifGUzhyE1JSXGhjlJQo80490Jimkojbpt7pn17mzrrojVkqwP
OEpS+GsbVeQpP5TUP9eNMdUemtyi3y4aBsl+MZ7CdR6ab9OYUj/66zjJ49ia6+Ob5otp0/b/AJ5J
ap0xNY+oGiesECXL0beP2HekpDUrY2QzJ47OsnlJ+oxQJBvF6+HPq/CnzNsRKlB8soVlh9snlSD9
Papb+7xu9olR7Zn1L+G7rFpHqbYIbzbw2SGklLoPnFSpKt7DI/DtvgqzlK8/mo4ZqUcmbTi8HP1n
z+7JKV/3h2ptvVwIbUp1JK098VaQ3oDrpcXVEyGnMHOSkGmXVjjc+3B91WFDvn/GmtlEcagQlpB/
DPd+5BqPtSSEwZIeLufcjxUvOhr5Au8TVquYWF8KPet1wRdVhl07lduaiSy2UsEkdF7Y7Z5yUITw
cEDwKsHZnd0dIJxwPPNc1U2WPkFn1QNyecck1yubbKQpJVyfarjhEvYBawlpZbUongZ/LUZXqcy9
JIBGfIpydI24Y3JUC95W6gKU3nj2pnm3YtM/OoJCueTXnTvvs92Mf8vA0zp8Sa2UAZ8DFRX1GhvM
LVgbmwT7nIrrhO435PN5402mRJquchgO5bIUnwrxTJZHXFS0zWFqPqZ5GeSe1bv1HG9Eq9PXpqA2
pDhChgk5OamvRGsUFCW3VkHjJzWXbWSFVkmWfU7zsdvDu4J479xT/brq6yQpTxIHINNXQ3QQxrqF
RiouD5hjBPJoN1vBYujK2JjaSk5wa1i6RKWSsvXvpGgByZCbSTnsBVY9e9P7jHlF5LXyDg4GMf0r
WvKLF+kNByLnbVxlxjkeD3xQZ1Q6JzIO+Sw0UDHOR3/pQo3Em8kJ3+2O2+a4w4ggpVjPvSBYKv3S
gOO1ZGqeTCQO4UMg+OK0GN2UeR3PFMdGywfpg/8AX6V7JTkgjuKQjttIIHY/TxWAkpABWBjvj3oF
XuYP5Mgjye9a7cgAgpBwKATo2QgEEZxx4yTWEgoG3ce+eeaYLBnBSgDIyTzmsK4UUpOc9x7UhGQl
ZCSpRA7962BIIJz96Bm2xGSR7dxWAklJOwH6DPBoF8kvfC9oU6j1fHU6jKUODORX1o+GXTUWzWeO
NiUhCRXV0sbdnPzyqNEx6h1WxEh7G3DwOwqOdQapStalqeODnj3rPk9UmyYelEear1U2ltS23Tz4
PFBknVzzpO1zIx3Jx/Wsspm6yhruWuWGGlIUsLWOyR/rQzL1DMuylOoIQ0knntUu5IqqO9rnNrcy
geoTyCO33oksSTJdLylbUp4wDSS9x2EUMoDoS2r5ccknvWfTKiVFKsKOeKe2Ghj1AlSllpBJJHOD
TTC047ImF1xB447d6yfqZSxkkHQ1ldjBAwE/Y0QarhtN21QUNx29q6oq0YzdEL3O+sWK4SN6yEkk
nBxmq1fE/wBTW7lPNqt6UKWcFac8JHtWbfppCSblbIs0PHZuep47bkdP+8BOOMGpB6xqjt3+125s
5SkZII4P/Wa5+d1xSPS6WNziw/6IoscK7/ib20CwGsAEdjUD9eZ8C79WZ7lqa2Ry9tQkHjANeR9M
l38rvwe19djKEE/FCmzwm/w6CpWAQOew/wCuKe7ax8waW2Ae+QeRX0mz4OUlHY/Wm2oBy8k4+hxm
vq3/AGM3wJf2bXxFdBtQa/8Aio6pQEaghylx1aelXpFrEGMG0kSSpRCl7iVcg7U7MHJpdV1keg4l
yTfarpt+MP8A/n7ZXS8K6rkcKvH/ALKC/FroLpNpP4gtX6Z6BX928aPtl1fYs9zdVlUmMhZDaycD
OR5AGeDgZqCeob4ZkxHXlBJbVnk/1o4pT5ek4+Xk20n/ANiY1DqZccfDZKFvtQ1BpqBqL9rrkxUt
AFmOrkEY4/pTdHtC9XNP2OMh8RSrcoA4Cce4rT0yx7nerbtjb0/0VA1beWtPzHCza0ySVF09wk/5
0b/ETrrTTVqj6F0U+G4bIwv0CQXMeMj3/wAqxlJKNe5pTbIF1HqDfERCYi/hwE7AEnlf3oe09arm
u5NzYLpS76gSlRPJJNQleypFuf7P7pfLc+IVy232C4/JWWzg9sHmvvF0o0o3YYcFiEhTSG2Ugtq7
dq6uNVFo5OZ5RJLz5EhoRsYLeNp45rnDslwN2y8RsTz34o/Iz0Oq4za1qUtIG0jP1p0fQ0uKyQ3j
Z82DwSKzeDSOhPp+5KnzHFulQZBwCfFd5d0j/in4qFb0qxhw+Km8GlGjE5tcgNKeSEe+K7eq0l5L
DZ255J96kKFzL/JfUTtQOw80ncuEuR64SjaB5+lIYgnPx1RFr3DdxwDSR52S+z6sJHyA4KSfFMSX
ubOMtpiBhhKSpZ8UkXAJjEwnN/pE7kkeKayGhxgNRXGwlKtvyjkds10vSmHHmYrKfUWogK3dsY8V
SfsRJWxNqXSjWoGmGAlW5AB2p+hrW5Q49uiOzJbaVqXhPPjHtWq3Zn8AnrC+FLC47LOQtslk9+3c
Gqn/ABNXDVmnXoepbO2giSlTf4Pyvz/jTSuwwmVJ1v111FpPUP7XSy+zGfiiS6wMlRaztd++3k/p
UY9UOq1rj397p5LvbC7BKQZ8We6naEuFIUCPHNYybgdEUmivHRC0XR/4gdQWzT0puOxLYfUkFzKH
ARztPkGtdC6gj2/RerOlvUO2LZVcm1uQpJSTskMq3BP0zgVn/wDt8mnikWe6Ci1ap+D+ZrxxDbrE
cGJcooVlTCinZv2/Yg/pUJWG9a60pq7/ANHEu/vttzI/p2+QonDQX8yCD7b04opT44yX/M0TDEpR
ZCbj+obBq+TMnSTH1LKmOwJiVKJUXFq2qJHtzmpr6sRdNPdRenfTjSEz1JdlQlqYWv4DhB5+mCTU
uo90fg0e00S31KlsaU1lM6kWRDk4qabY/aQX8qdgA2j6ZJ/lQfcNZ6i6x9QJV2khAiW1tDbUYq5R
ngr+prZ415Mku7Ixam19bI93l2izS3G5hJYMlKMpaHlX86jTrN8X7WgbBI05pvqIiRcQ36Sm4zO3
aex596yll2aYaplP7retSaru791ckOvvSTlbrhyTWW9E32YQt4uJT37HtVUhNpbNX9AS2UkLJHnJ
zgCtG9FS3SGkOJST28Um0ONS0dJukNU6WSJsyItTGcesnKh9K2tWpZjT3qQ5b0dSvl3x3Sg/0qU1
NFSg4OmWA+Gz40Xuk8xu16yjy3IyQAJkNznOe60+au1B+InoD1W0pHuL+ogu7JSCyM+i8AfBHkVM
JfZnT0TO5K0RbqHqX08g6nXdtUaJLMqOCiPeGUlKnk/3FqH5h7ZNOt30705+JzpWpUFxbT0RZKUL
JDsdf95KvauqPL6/UtmMoNZJV/s/jqzRT6en2p3lKQwrDMkdlDxV/wCDF9XTqHJLp3tjhYPf/So4
odsnBkcj8o0h3FqRCUgAKW3wRmhm73JMeWpayFJIwR5rW8EpATqW8txZai0rCFHOB2pnvd0bfs6m
0Oc48Gp/qNACkv8AqlXqOZ/WgDXA3u4Z7A8gHFJayN7BaO2HH8v/AJicA07WmA45LGM5HgVEsbGi
VtAw3WC2D345qXrG8VMpR3rF7LeB8jzTHb2uEJPY4pJOmBYUvGftTRKI16k3BxlhWF4Tk5FRazOS
/c/3rgHPI81PKdfSrI9P2WFMhlTeASO2aBtW2puE0tbQ/wDKsOWNpM9PhlaaYDsSpCZimX88HwfG
a737SjF5YyG88d6jgVNpnP1XuQt1S6eKglakNHBJ7cUHae089GeSwEYwchNdrWTz3kkDSUkwlemp
nadwSB3781IWlWX1yRIbSoNngg+KH/0mdEjacmqj+nHcc+Yg4J809SdY/s2MA4v5Scbu+DS7WtAL
o+vUrh+qhRz/AHknvSKVrRE5k5XlY780JgDt9gxdRQlokt7io9/aot1f0rt055QEdJOfI4raMqQt
2hkhdO3NPyUpbRlOewHanm+9KmtRWEh6K25uT+Qp5qoupUKWFZTP4k+liNKXd1z8IWhknlOAag+Q
naskDnHP1o5YqMsGnG7VmhCcBRVwPY4xWEIGdu35fpzWRV3gxhLY5VknjArIxgoIPfv7UAkKFBRP
I5x71qVbcDvjI4OaYVZjHHynkfyrwyR8yBnHJHigdXs8hCiMA8D2PavKwlKVAnBJ5zQBqTuTk+fI
/wBKyAsZSMDz96BNGdmAASceBnvWyQVYABx4zx+lIH8GMKSoITwfofr2rtCjvSHW0oHKjgADuP8A
Wgll0vgb6TusejcHI+7cRya+h2goTlisiTk7gn2rq4vTBtGHNmkN+sdSTAFD1CPonPNR/fNZNoBQ
+8rHg5rGu3LACNVa2t+xXpHd7fNQBetXFS1APYKhgY8VDzlmqGGbrAMNfIsZHH1PjmksbVK5Hy+v
8vYjP9KapvJVNDvG1xEhFMZlwFazggHJAo20vqAytu5eEjsBUt27QJPyGkeYw2lJLgJ2g4zSr8V6
6CoK5PAxzSsBI3CD8goVznxT7YtNMrws4POamHuymEcGGzDICCRxSPWV2jNQVhSM/L3NdCfamYzV
lXOtGpzCZmJjqAWSeAe1VK1EqXPvb0iU/kLUcknlXNY37lw2EHSa3OL1iw2jAAUOaLeuzL1r1lDf
cHfA3HtXP1GYM9Ho32zQTaUnpTbvUTzuTwDz/wBd6hDqSRG1s+83gBTmcn381430l1zSR738gjfD
CQ+2ScXoqFADBA4xRHp2VEalIekJ3JyCN3Yf0r6hYPz3lVhZcb9aX0tphNfMBzgY59q9E1bNgZ/C
vKA7AeB9uOK2clPZy9vbFqzivVVxLi3Q4Mr85qN+rNxVNSG0r3KB5wf51PPyNqmb9Jx1yJhv8PWo
75AjJVEUFRkgbkqOR/L9eKOL5q2RarTOladhqD9yBSosj8ueD2FY5o9aldg9ZNP6ztekJF2kMrbZ
x8rmcnnwPvQnMgzJcuPMvUxxCnFhLbRPKh5yPeomraZUfIi6p2+2M3+Om0SG1IYb+YJPnya5aQUz
Nkxp2WxseSG0JHKiDyaTy8Az6SfAl08TK6xWPVMNv15FxZQpxbZ/3e0ea+vnT20LZsbQuX+9IwVV
1qPptHDyO2ONwZaSwgxpqiUHafGOafbPPtSYzUYkqIQdyuxUajCJ2zDR/HMOKZXtV964TbnIXhag
obRsyOxrNm8fY7WtxqKwtDizuV/BnvXSVHYcbzGIB75BqfBdZwcbg0FxkIikF38xx9KdYElDkJtm
QkeoRkgd8UtZAWxIjoiKU45tTu9+9clvoCjFbXlIOVH3pDY03R5hxtTiHEj5iCn2FJXpoiRhHQ58
7mMA/wCNMVHre36jqnnHOc4Rg9qUMOus3ByExhaHRk8/0oQOjFoakrQ6VDZHYJKsnuac3HVyG40p
MYZI3BXtVxRnM9Z3pBbcmh0H94Rt3dqR60jMyLUpSpexDStw885q0Q3ZH2p4Qi3VqXEyUrVuUPG0
jk/SqifElrqTE6irjL2ri23Y4ELXjard2B+xp/02gSvZTD4ytbNxYsbqZEioiw7NdDAfjg7VLYdz
6g+o5zUIX216S6n2F7pPfro3EVYHEqtl33ZAYc5a3+6RnaTUTmu62bQVR/RFVju9x+H/AKmlnVlr
V+Jt7voyLcvJ9RpX/rEK8pI5Bon6zusak13aI2m5TciPd4qZDSoyshR7ABXhWOCPpWT9EnE3XuHX
wx68HSeZqjoZdbk4WtUWmSPTfHyeulB2H7019MnXuuPR2235icprVWmnX7a6CeXEKTuaJ+y0Dn60
L0Pt8W/+6Ikk25foie86kb1Vre166ukd165y1Iam+oNoD6CElQ45yAKlDWHT/UvSybC1AFOPTdSy
FstThjcyCAd2T9OKrtbT9xtpUiUeo0zTM7pRBtzs1yOzBIT6aDw6hGCtZPnKuKDNLvnTdqVNShYf
nOeqlSOcA/lH2AqrTSwTFVkgr4iuvIYQ5pHQMhIcWpS5k/bg5J5AP3qu9v0xOv8ALXcrghZbWvJc
WclRJ71LKQd6c0dGjbVKZSAOO3OKIHrSxblht1SfmGdg5zSSycHPy90u0RTokFTRT+7I3Z3YyUj6
CmS92KBJbL7DmFJHPPA/T3qnH2M+DllxyFWhtUhhxWltSsh63SDsWHOfT+o4rXr18N40j6Gp9ISA
/BmIDqVIPBrzZT/w3OovUj6rjgus6ev6okZWm7hgfs2fFC8r+ZKuCP1qSOkHUuFZrp+yNXOoXaXQ
UtuvJ3Fg84+b2ruejymvctY1qO0zujkdGn3Yi5DgIQuUv1EP/wDDu7g8ec05/BjquPPvEvTd4t6I
rzii09Hc4SrxuTn2o76jF+xm1dotl0n6fydF3Z5oEOlo5So85Qe3P0zVtumbyb1p5EJ94b0I963p
KZzu2mM+r5h0w+ZkZtXBwdvmhO7T/wAclc9Ctu8ZwDWk1UqHHKsjXVF4dceW04oDB4INIIbzspok
SCpI7/asXs2StA9qBxUB5W0kp7kCgTVFwbU/uKe/BzQ8MSVoYUupkSEvJJGD3x3+9FukWDImoynI
TjBByKiT9wXuS9pW3ICkLSnH0FSLY4zSGQR9+TWT2UKpjyUDZ5+hpItYUCFq+uPengPAC9UokNVt
dcKz2JxVcr1q9Nnu6kNDHPk80c9Rh3I6ekvuphJpzWD8z92VgY5ANc9YyEyIqnFN8keOwrihJyuz
2Hx1gA4TCnbkN3IJwRmitNuKYB3J247VXTZZydXgBOoti/HMLStnjaSDUeW6wtOSStbZCgrHKe/1
zXbdZPNfkd9NWNl65NpWEgFeQPepTsVjabh5yB4KT96depszfujtMRIgLDm7G3txwKbr7fUSIpK3
MKBwoH/rzTaGsjZpnXaW1uQXZGccFJ/xrodZwWXlbnP/AGqhOsA0dbN1BZS+pv12zzxzxS13Udvm
LU8sDnwDRF+4naG9+6QJ7vpJQDj+MHmi7TtuhKhek42FfJ+cGrjO5YFJYorZ8c3TCPItDlxirIKR
nCsYqgt3YVBmrZd7pPk1vzrUiuLVCTACQEuEBXPFePHKe/Fc5pWT3gHjHP6VkjOd+RjwKBtig+QT
34x24rxIJJHfv9v9aCdGOSncEg+ee9eO0I2jIHuD/WnsayYCSOVHA84/nXtoCSc59wD3oBmDg/KR
+vvXgQOMAj6+P1oA2ACeAkHAII96wgjG4LP2VQDNilRBCFgpI7DjH9KMekOlXNRaoYjIZKhvGcc0
hM+oPwj9MGbZaIri2E/lGasy7DjRrfhloDaPtXdVcZxya7yMOoVyEcODcABngVB+sr/tkLWXzgE5
71yyzlm0FQAX3ViSkoQ2VZJyTQZdry765WpSVBXgHt/lU2aJDJLlrfV6r76glP8ACg96b5t8lpV6
bLhQlPZPk8VLXgrBm0ajki4AF3KiRyD2+napZ0dqNaFNterlIHJ70klQMO7XqFL7iWUvEYxnPmjG
zrXMQFhXHcVO9DWB1jRC0tJAOcd6fLK6htoNgjvyTT/qB6FkuehtCnt+APY0Ga3vqURXFb8JUPNX
3GUitfV5USXEkuyXAkZJG81VPUdzMe/SSwslKSQMHPOalpNJFRJG6DzW3J8dbsYnOME9vvUj/FLp
haLRA1E0DhKU7vFTyR7uNo6+CTixg0BcIzttQ284SVD8u7NAfWPSMtqaq5JHBOQfavnehl9rrJRf
k+t+rcX3ehjJeBj0lcyhoxn8Dacckj9aK4EsqISXeOOR7V9Snas/Oupj2SHqJKUlvclPfsrwBSiM
p6W56TCM54AP/XvVJ+EcvavB0u9mudrt6pUgbUpBUB/Wg+NaHtQB2fJBU0OMgZwKy62X2Y+o9X6T
033+TAa6BY0vZbUyqy3CS0/kpUh8kD7Yos0bebZZ3JEa/wBybLexRbxyM1SkqTRcotNxGBep9R3R
1yA9eA1BbcOw7eV/YV3v1q0nFdgSH2X5j7iCtRTyW/rj71KSTtlL2QFPdNZWo5smW64WIH5vUzlX
HOCKzpjTUqyX2LMsbSpQjk7gPyo+5PFCjqhNYyfVj+xhh3G76cj3e6ht2Wl5ST6POxOc8V9WbFIj
KhodUnaMY9q6I2oJnDy/mxK8Y0Vv8Gg+q4le859qUW1lstyHn3w2eyMHv9KlhHItRcBBg/hgzlae
SrOK8FPLhiS9jA+baDUGyVGrjqXUpU2kEoOc/wCVLIKGCwv8Q6r1CnASKhlpDfIjymW1OtPn2HNP
VnS47HYkO4SpacDn2pDehxL6w4qOrOEjdtxSNUxohb4OCk/lHegVDFJuLCpSUMA4UopJPatbsw0l
5K0LPyjAKfegDkHXXX246TgJG4nNOVqDbTxllrnae5pg84NWHFPwX0J3cuH5ScAil909WJETFkO9
mQW0g+aqPuZS9hBYHXQjbJZypAJA5G416RKM2GuPOUE78g48HxWlUiLyBHWZmZF060q0/MpaNpCT
81fOn4135SdSzLHZWli4SmELUj1e2P4hVtJxbCD9VFMuul8b1jo7VfT3UN1dF3twRJjR5B2+qUDI
++RkVDHQa6xLtfra7qaU4iDdgbf6zudgSePTUfBzjGa5+RKP7R0Rzdkw/ER0IuOtmrVpOJfYrl9j
w9sEzz6Uh5CeCjceHB2I881XmHZupvS7Ucb9uWSZGk2h71DHdHyqwQcj748UuWHcsGnE1ol34xJ1
unXTRfXLQIVEh6ggJdD7HPpyEfK6k4/Q4qKuhHVvVPTDqs1dklxdtMlLstpCSUkbuVEDvUTbmlJe
UhxUdFipfRnRNxYt+r7K+w9BvOp3FRnuyUod5Cf0KsfpXb4lGnNUaCg6RsFwH7R09N9Fsk/m+dKC
P+vat+5NX7r/AOTJN3QL2pWrzZ7vobVKGhKjejHbcb7NozuV3/r9qS9S+o9h0/pCVGsrv4lUbILg
7/UZ9jUx9Dpl5eEV4sOjLVqG6uao1FCciwFrLrcUkkLPjn2pI+0m8XZZiQktMIJCW09hUQ5FyXRp
1fG+m4/VsemLasISnkAeAe9bvwFFGXRkkfxHOK3UTwHNSY3zIISN6TwDwfem2dDI4byPJCe4pUWp
DFfGVRB+LbVjHJA4B/Spg+Hi92PqNoi7dMNUlXrIbL0KScqKVDuK8r6jFLi734yfTfReb/MUfcg7
rL01kaWuBnoBVk4UAMc/ypg043+MQqEsYT3PzYro6blXNxqQ+v6f/Dc8oE0dKrSiBo51039aTkH8
C6ollf8AoamboXA1LAucOZqq1LZjS3QuHNZVkgZ/LkVrKCccHC3RfHQ13u0FuH+MHqtONhKXvPap
46SXx9n0nCopUBhXPBFaK8IwavIv1nPajznGp21bD/fPO00B6nntW6OqOyrc2eUKT7e1dEn4ZnFV
oie/XFcm5rbC/wAx4PvS7TDDkhp1lKsKA4GcAisJLJ0LQM6skyYklxh9pR5wM+aAtRAyXFBOck9x
VZWCceBt/DuxkHerHPB55o46WRjMkpSkHj+VZTwh7ZNunoRbSkKSc/3s0ZW9RQlKd3HtjmoYUd5c
VK2i52J9zmmaa6lsEcfr4oEA3UmW/ItrjaR3GO/GKq5razS5GocJd4JPKannV8bOvpXU0wl0pFEC
MHFnlI555NOV5lIeiFoLz9PeuVLs9J60W3kYLfbw1N/ElGNpwTmi5bjRtu13Hb3quBVKjm6qmrQJ
3VlE2M6hxXzIVjOe9Ak62IhXda0kbccV2VaPMY2sXNqFf23G3PzeAfb6UdWbXET8THaU/wAL9j3o
k6bZPsEWp7zbV2r8QpaQnHfOeahfXXUVm2oWoPA4PIHmtZNSRELAaz9T0y7mt9L2zBBTlXj2p3vX
UOM7BS8mUEqxkqSrkfesU15NWrGqz9TnHEZUpSlA8EK/5UV2nV7kxQcROUncex+YGksMGgz09blu
4uCXsA85B7/SpK0WtMrEZbgQDxkcZppU7RDpoYPie6Ry9T6HkekN+UHj3/Wvln1Y0nN0tqqTbpPh
X5jxXZyQb4lIOJq2gUVkfp5zXvypBI8dxXKbHk4CQpHNeSnGcgZ+9MMHYBWzBBGOf+VZ4UfvwM96
BYoyN33x2zWo+ZRAJPg0D7TJaOw/Lk+5r2MZSV5I8nnNAj21Sfqe9eIGQc4PsKAZ7IST832rOADn
37ikFUbsI9R1KEp7+AatF8FvSkXa5Mzn2PORk/Wqgu6VETdRZ9OeiejG7PZWiEY2pHFFOqJbkaIW
2kHtXbzLtVI4YvueSG+oMiU+FDYAknvUK64iKSVO7Cs/3c1xyi7s6oURdqB1wuqSUhKf7oFMc1hp
thTzu4qx8vNSq2baVDDPuRKPRbISCOcDBNM12lOIbIh/mUCOO9S3eAOunYi2FiU+kjHHPfNSLpKU
43H9daln3BppYCWw80o8468AEnnipa0s4hEUFS8k0kqBj+zhxgKTnecjvml8KKW2M7j8xpLMiqxY
iuL7hUWk8YOAKDdctP8A4ZSBnjJp7M2Qd1UsYm2Z55xveEg4Pv8ApVPr9HRF1DLa35+fnGef+VOX
gmOwv6e6ykW9LUZgJQkY3LHkf9easvc9PzurHSghhZWW2spBOfFTJdz2d/S9tSsr5Y7lO0tdXrDO
Upt5hWBuzzzxRrNeh6ltHpSlb148mvm+r4nw8/ej6/ouZdR0v2pEb6g0JdbVIVMhs7UjkFIzSG0a
pkQiWLilYKeAQe9e90vPHkhaPjfqHRyjPtaH2JrS3uN70LJx3BOc/XtTjatcFpBMJs+qfyKHPP2r
q70snmR6ZydBBG/bep2EtXKSsoX/AOrz4onTpiy6cs6o/rZ3pyOPNfN/VOsc5qEXZ939C+nx4ON8
jQGWeyv3bUH4eM4pYK/lR2B/WpCvPTRi0WiPcZUlDj4PyRye5r6Pg/0lZ8j1D/zpJe7BuLAaMWZf
ZFrVJS0r50IOPTNcGGb9f3Ui2TURGSnKnln5kJpNWwWgbvk2PAiuQ9JuT3FOL2uS3lEII84FYuV2
vEmxtafhTnGo7pAUWvlLhPHJ74pNexP7Prt/YhdPLnoDpymc+6qS2Ubhg/lJ8V9MWZbEq3NxkoU0
Tg4VxXSo9sEjh5Kc2xDJAYddyvk9ue9P0S1IahRvVSSVfvST70OggjDclidPcQWVAA4z70tjlCWl
llQLajsV7JrJmyycyyhCEpQ5yCTn3rkmUpppLSjl5w8c9veoZaFAUh1RZU3jHyjP+Nd4uyI3hL5L
iT8qfGKMUMUQ5P7xbkpR3Y45rSUpaUbmilSV8/UZoFgZHYIS6lZXtAOM11ZWwZSYjzvyudlHxToB
Z+GitNOj+A/lUO4rEWU0+hC1ulIAIHg4Hmm9kCuDc2CwlhshSSTlQHOaT3uTHjbJaXVOuK+UhX8N
WskSweZvH7OUyzK+bJCgkdgDWZUltTBflRAC4SnaPr71RFJgX1AiIsdtmSHmXXo7LavTCTkg4r5p
fF9pW9DqNZOqK3XEx20uQ39yuML5GfoDWnanFocH6rKUfGXbtN3J6NeG537P1IkhqQnJBfbJwVD3
HZVVvjaqvelrbK0O3KEht1fqBSD+VY53A1y8uX8nXDRavph1JT1s6N2S29VIluvDrSjEh3F9fpOI
dHAaWscoX22qHenrRl6Rr7S116F9QWH4d4sSz+Geu7YXJ/Dk+V/x7ffyOanj5Gkm/GP7C7aboiDW
umtX6Jfd6FaqiB+0KdM62yEK3JZURgqQfIV7UCaY6fzNRuyI9suS48y271LA+QvJHcffFPs7XVmt
4Ja0v1avNl6RM6JanMLfYnsi2vdgDuBJOfYJ70o6u9R4Nr1RHlBhh+bGkNSVrSeHir8/H0UKSbyi
FG9CnqB1N04rp0U6e2zr7qWRlxbJwttPkfTjioz1j0T1xpe0sXbVfqpt89wKaY5BI7810Q431HHK
Uf6U2VwSS5+Pjl/UwY6g3cJtiIMdAaQwMJxkGmvQNhenQRNS2pQJwVHNcH02PdBHR/KJLj5GXG/s
6f7Ljqb/AGht/v8Ap/ptqWx2n/ZuGiVKkXx5aUneopQlKUJUSSUnnAAxyeRUNfE98PGovhu6tX/o
zrRlCbtp+WuDMbQrclDiTzhQ7jsQRwQRXu9J9nqODn7nU4NJL/qTVt/2x/vZ8rycT4uOHLeJf/6R
JcLa43lSQCU85HdRpqlxylBUsjIHnya5GvJUd0MN+hpkwigpGcYB/Sn34XtRw7FryIy+CFFZQSc4
Pjn615v1GDlwSSPoPos0uZBD8RVijzjNfbGUB5e1P0zVb2nHW56m21E+mr+HPb61x/S593E0e79d
h28sZe6JU6cTby9piVKsVzZcdhYW5b5Csb0eSmrQfCz1P0lqfp2rSMqRsuVsV67cVw/wZ5Ka9Jy7
ZJngNWsF2+i92h6v0qbWHkiQEBbKj/FUzdOri3Bitxri3h1IwpX+dbwacUcslTPaymPyXSkLCm/p
5qO9S3NTKXIbzxKUjKT7Vo8uysURTdLus3tJZcyjd2z2o406HUp/Gtngjt3rGSuRqsRB3X0sOqU4
E8E9vNCVwiQZFuC2zheM8981TdshqlYP3WSlYwkbTnweKkvoJbfxKkOOoyCcH6VlyPKHHCdk0pt6
YgTjnHmnqAnKMk5x4PFZy3ZSFbxUWCkHuO4NDd4WpClEfyo2HkD9WMKkxVJHJHt5qENZaeKLkXtu
MHOD5qpq4GvB+VG8SJ/2TZtVnyBSdULavBPIPArkmrpHrcUu1M7N2v5wfSKsit5rYajLZSr5QM8e
K040kzn58qgC1HenoNwLqCdqhzngZofvl3TIYUuOoKUoHP0H0reOHRwTXsRlqnVMmDeGwTgJ3Ajn
/rNLLFqlyaiM6H/nHdYPGc0TRNeQi1Dr+cuwvW9LudqcgJqEtZX+bJU+HX1KGBwT2q0gWQAhanlw
rgRIeO1BylQJojhXZ+W16iHVKSs5IHn9KjyaHmpDjUglo7SCRg9iKl3pZDE2KGn31AEbsJNGUyHo
kq1ahj2VAhE5x2Hf9KkjQ1xShLcxpAJ702qfaRd5D67X2HddNuRnwgnYfkJ+lfMj479Ht2vWb1xY
ihIWrKvpXXFuXC0RHE6K4lCQn5MnHGT/ANc1hwAgAZxxwTXKdN0rPIGE53n71nPzDKCDjPPegWDq
e/zg+MZNZSEkYUT289qBM8lPyZB/9n2rKUFJ3jGR7ngUx7M7sp/LnPOM81lP5BtSOPFAMwR8uwjz
4Nex82CgAj38UBvBkhau3B9s1gD5wU/Y4oBjtpSCq43dphCNxKhgkcmvoz8DXTNLEGM/IbxnBCce
K04F6zHl/Ev7o+xJh2hCUp42jn9KHeoMd1AWAeMHtXVz52cnGQprNSkLd3J+XnzUS62msOhwJQM8
nA8Vyt0dMNkU3dt2TKUpxBQg9gsZzQ/eMJSv95yPI/lWetmyYITFjeostgD3JxitI1v9UDjHc7j5
+tStsdCy1Q0vyEslWR4HtR3ZYxLSIcdv7n3qlVB8h7pZj0G0uFtW4HA4qSNNOrVH2Fvgc5qNWUsh
Zp+MFkOPK84A/wA6IvwaGmtrivrmiFJFS9hnntR1PbhnB4OKFdbtstRVBJyDxgVSxFmEquwA1HpO
PP0y89t/hP8A51QfqtC/YutJ7TaiE+ocZpzpUKG2M8G5mOzsMgpIP5s8mre/BL1CjXmyq0zNkpK8
Y2qrOXudfTyqVe4o+JP4YpinXNb6XiFSh86glJNQlp/UL1umiHckLaUhW0pIIOK4Ou4HyQ7ke39N
6lcHL2B5brpp7ULBiSFpGRzzQpqnpnbbhMWm1qA8ZHY14nS9RPpZuMtHudd0UOsj3R2MzXSSZDUV
F1JH070Y6L0bYYg9SWpO9I4Gc4rs5/qPdH0Hn9N9GUJXMMNOsWV+YWnFJSlIJANNmoG513vS7RbE
KcSnkhJzz7V5vRcPJ1nWKLPb63kh0fSOSGC4ahvtruTenI7MdhaTu3tj5h/0aWuqv0tP4i9SHty1
BLb5UcCvtZRcfT7H5s3b7vcd5Oh7vb7Si5QrzublJ2rSFZA85NDEhmXp6KuAkiQpeeEE5WPrWbii
06tIQO36CNMr/aFuW2627hDCR3z71ppWz3fV+oLfERGUVzJKI7KGhwkqOCfuB/hTT8EM+/39nP0E
T0Z6OWW3PPOrU60k4d75x5qzMyazGcDUhsqXk7SPFdkvT6fY895lZlqAzKcaWtwnKwpQ808zLxIe
WqKwAEIO1Bx4rKXwXH3YlhTHGUbnWThw4C8YA/WlT6zbVmClsrbc5Vt8mszZUaOT4JH4RpxQKT3J
/pXCQFtSVyFYSpHISPP1pFoU26R+0IHqOghQUcnPNbQ17x+IDvIyCc+KQC5hLLhSgunBGN31re4u
o9dqPDKdyE/MRQA2eqA44rb6mD+XviuSVMMrTPkuZVuICEiqExXBkMPRluS1qG3n+vaujvo/jA8W
geMJTjsKaJa8mInqQVGXKYSnceEjgCsXySJNqZbjttqeQsq3Z/NVoylRq5NiyFZlR0IKRjAPf6iv
Xq6xG7aw7HBUsuYUT5IqrJqmCPVOdchZ31vOJQS0V7M9yRXzn+KbWpvenFaf2bZClLeShJztUgng
gf3u1O2kVBJspJ1Qvtn6uWli3NMxf21AawxEmHY6rH8KV+SPY1B2s9JWC2neHlRnH0kvRFI+dh0d
xz4Nc05dyOvji1gcujfToajnTdKWDVPpSbglKm4zzmwOKHbj3H86L9eX/XljvkOwdTnTHvtna9Fi
7xnMvOpxgJcPGfuaz7E49y/ubJ57XsQx0a6vOmEXu53xT/7FcVvdJC1MNqOQsf8ADkYIpzvEzRd0
vto1XEuH4S36kR+Fnfh1AOQpA49Ue6VdzVWokNM536yvaZtM3R+sYgQ5blqdt1zAAC1JGQQfIUk0
ya0FicXakrnMoeXawtTkg89zg/fvVYTom7yGXwWdJm+p/VuHaGYKpiYpBclq/KkZ5AFTn/aXWKJp
Fuz2C3RwEMAAJT44r1Olil0XUT+KMeGXd9T6eC9yj/UhSVWz11I2qzzx2pV0z1MmBYURVkKSruR4
rw/pU6imeh/Lod86Jl+Hv4wernwx6xXrvotri5aeuamFMGZan/TWtCsEpVwUqTkA4UCMgHGRQl1R
6rav6x6ruOu9d6llXe73V9UmXcZzhcekuK5KlKPJJrtj03FHqH1C/J42/jxq8LPwfKLm5JcC4G8L
/m/7g07p9+Rb1TWG0ggffNCd0aaS4pSmidp5Hv3ronSWDLhblhjHdY+yOvahO3GQBTX0heS3rmO6
tKlJQ+flHf8AlXB1n+i6Pf8ApH+tX6JH6oS2Z8p9KArYsHhXFQY5o6UYcu/MlYDLu1QHtXlfSPxa
Pqvr9ylBs6WVyQmQhiGpxtSuEbTjJ9qMrRqm6aacjXO1Idg3KIchYOCseQfcH2r1ZI+dR9Gfga6n
wOp2iLdc2ZIbmNDa6lJ4z5q1Wk58v9qPWyZ+ZSNyF5/MKvp5XFM5eWOaFz8/0AXZHzJHykH/ABqJ
uoepY8aa+QrOckfUV0P0piiu4iy1TDddRKQ0ojeckf41LtkfNrtaRJHGMkk1zt3K0bvVDNq9Fvms
FTJwTk4qP5yHWS4nZvSBxg1phrBldYYyyvRc4JOSfy+1Tb8OlvQ5sxhXbH2rDk2i8U2TVdLWlplL
wRgDuK3t8dpbQTsAFTLY1o6utkAg9vcUPaihEJUvzjPFCfsD2Bl1U4Uls8EcZPmo91jbwHfVdYIz
2VVLKouDqVjfAhx/SKyBmmu4+k07u2DtnJ8VjLR6XHkzFmIKUpT3PYnkmkN7KmytYcAC08pHk0R1
RnzIjrXh9NCCkDKfmx71Hb97fS485wUN+PGa2+TiZG3Ue4BiQlxLu5S/mKR5+lZ09elRbYl1Dgyo
YxjtWknkSQ8Jvq347inQEltHOf4vNAOr1thbjzQ3bgeTn5TQtBiyPlymhNVuwCeMH+lPtluZaOwI
CSe2O1Zst6Hy2OKcUFKORu5KRUnaFvrUOOHGW8LxwCM5NNKyJBJCvxu9wDUllTae2EHv9amrp3Ih
pt6UNSApWMAKNFXIh4QYw/TdYVyn8vvVNf7QfREhUY3WPGUeSSrFdfEk4SITrkVlI3kFCylackHG
TxWBuI2gVynQtmOAnagcg8Zr3CuMpH0J70Bg3IAG1Cs58+f/ACryVZAKMJHbOcUCNkqwn93/ADFe
SOd20ZPGD5+tMrwbpKEkHGOw78V4FRAWnOc980EngnA3Kx+vNZwACE8j6k9qBmRwVZ57HtWAcuHJ
B5yAe1IRJnQXTybtqWOoNc7u4H9a+pfwk6Wbt9si/u+yR8pro6dK7ZhzvFFrrctCbaEpxwnxxQL1
Ck4acKdvsTmr5bbMONUQRrou7nFKxgkjOe9RZqG0yH1rWGCc9k9652dSyB96swQgtvKwoHnaM4/5
0AauSS6tDCQRnaTnFKWUXH5BRy3uNOFa08AZ+9eaZUXg48fkIPJOMCpr3KeR00pbXpE4KAHpdgR3
/SpU0ppxIZD6m/nV7/61SryLK0G9msKkDepvAHHtRfaIikJQztPHc1k14Liwvt8dMdtttIBJx2pb
Kmj8KQkk8dqKekU2gfnzMYCHxxzwTQhqq4KlNrY3DlWO9WtHPLaEtys0r/Yx1z1MnZ2Hmvnb1vgS
E6/nPuHH708ee9VyKmiYZbYHFltmQCVg88gjjtR/0W6lS9B6oanRHFempQzj3qHo3i6aPpL0N1np
/qxoJpqUW1LdQApJwc8VG3xF/BVYpyP2zaGfRkOEncj3NUq7WpaOn1N3DZXHVHQPqN07WZH7OkPp
T8wU1nJ/pQ+jU99t7xRPhPocxj50kV5fVfTnbdHt9H9SUF2yZ2c1pKcRhLTi/OADS/Ts7U16kBq1
6fkvKX/cQT/lXHD6ZKeIo7+T6txxeWSZof4cet+s5iFRdOPw2lHPquZBx9qmGB8NsXpDpxyde9q5
q0Eqcc48V7/07oF0F83Js8D6p9RfXf5UHgrpetIt3bW01yzSRKmKUSrZylkePHem1m06im3JFqvd
0QwlGQ05JO1Jx3Aq3TzZ5Dwxxae1RpqYi3SU+u28dqPTVuSc+abtS3ttFwXaI74hSdm0rA4z96za
d5LTGJprUtyKLe06xPdPyhDYxn6k1bz4AvhYl3LVGmtQX9Edxbc31DHaVuTu+prXihbMuSXasn3A
0DYDEsccIQkhtASNvATRHfo0V18JQ4MsAdj3rebycSMIfZQ2mQhWceM88Urs3pT5qZUh/a2k/Yn6
Vk6LhlDpeHYK1NQY/HPvxXF6RvLTyQSWvzjP5hUPOTWOsjM4tl64PyfT2g9ifNdgzLkvB6Y7tTj5
QfIqNmmhwhJgsRVrW9tB4SnPNc2Xwr04kFkBXc8d80AOEtbjNuLKUneVZKvIpIxFcfQtx2TsWj5s
5xxRWRHOCtDkp99l4YUcJ+pFcmULiICUHcd2V58ZNMf7HO4QIrcpEdCyncApSh2zT09bbNGiNrM9
KndnBHhVWmk8mbuhjudwW1cE+o6CMEJQfP1ppvseGr0vQeIUEnKf8apNZM5HSIz6rqXPypSjASrm
ubLjKlqhSHU7ck4Ue3FMghX4gtfXS2Q8S5ALQV6TS0H89fM/rX1miWfXsVI/cRJj79ufcd7tLPzJ
Vz25o5X2wtGvEk3RVLrrBurPUtF4Zktsxn/kU80dyUOjueOwPBz9aH73c7tcpzcTVdk/EKewlMoK
3H/hVn2rmlluSOyLSQ66d03Lc1XHMVtuFLTgokjhOR2IPcc1I3USPqDWFtbuPUbTDH4uI2WUXpIz
67ZHZeO/PY1NO7RokvOwA00gaMMmVa75HcYeaU0/EdV+ZJ7p2+R9RTReNCWK/QZN50hdksBpAcXb
nh+UY5KfpSjKN9rG09+RFHuruutJL07qG9vF2K56rCnTuOAMbc98UPy4F/1fcUuSlBySwPRTjgFI
7JxTgyJKj6l/2THwtMaJ6aDWl2te2ZLG/cvx9qij+1kuMe3a1iQZrGQ8opQ4O6VV73Fxv/7TzJbq
zyek5u361xT+SiuuIM6fYDGeZ3bOQsjxmgzRt0bjPKtXq4Ug5SM53Cvk/pPJ6Wvk+r/lXD3VNewY
R2VOJyAQPABwKWx2locO5Y4OfPJ+le5s+ET8NHeXe3URPRYc2k8bQfNC1xaX+fOOdw+lNqzLjbgw
Z1VNbhRFOLURngYNK+gduYTfv2vLaUUIIIURwD7V5n1Kf2+nl+j6r6Dxfc517WFHUt71LuXGHB6a
klSh7Gm2yaXad6TzLg8jAedyRx75rh+kZ40z6D68/wDP7WDF00vFsDMC828H1CdygRnB70Vah/2T
vKIjkhRaZnoAMlKcFh0DyPavXWGfOtexLHwcdWm+hOoGrRNnNutyXcJWk8KBPfFfSfSGsIV/iQrx
GkJPqICkLH+FTxVCTizDkb2d9UX8OKdS24AoA7hnjFQj1GvqJDpbWrcsnjB7+9dMnhkRSFHT/Q6v
RZu7fJzk1Id7gLatqdqcDAH6VjE1YA6o/EMhK21YHIBz3pjDLjzRCjz7e1FUS2C96SuC/lY/MrsP
NT98Kq2JKWilWeeceKz5cNAsplir3Yg9bA4gePFCyWHobhScgD60uQIPwKlEFGVEg58mm68Mpcjn
cE1KwymgCu8XbKIPAzzTPqnSAnwCtpG448VpD1Oh6aI/eguQFqbcVs2jzTHcW8vFRUCFc/N4rKUa
PQ45JrAjkbmASpWSngHNcn3USWwhWDkYqapjm1KIC65QCVBDvyjjA81FGrHG7a042HABjCgD71tF
VhnCwFnQWNRXQkAlKBgAcgk0juFvVAW1DaVgKOB9KvdyF8Di6HI1qW+Tk7dpJ+3t9qBr4t5hamnC
ShRwDngUPGgWQEucN925OKDoxngnjP1p50+2840WVu7jjIyP8Kh4dmrpoMLHGCWj6jaTjjk4ok0x
dWwoxEuBJ547c1SwZMlHpjY4VwmBSnSrkfMT2JqaNLabMU43JWFcFJHemoqVszboM4lgU5EUUBYO
OB71Xv4ubUXNPyo8gkDbxuGa6+KParRjKXc6PnXrSE3GvTrTe3G44weBzTOoo3lKkgnHOK5JbZ2L
3MbcEkKyc9z4P0ryjuOSec9x4oK/RsnZjgYIxx/nWyEg8p5xyKRDSRjKlIytRIPtWUrTtUDx9M8U
x5ZkE7fmOAT4zXRJ3I+Y579j/wAqAWjHH5Up57DB817BA3qVjHt9KQrMhCE/MSe3AJreOgOKCuPb
IFA/BPvwp2Qqv7Ug4xke54FfTj4bkFq3sJA7gV0cKxZz83gsFFcxA2b8HFAmu3kJ3toI5z3FVyYw
ZcaVkSalhreeVk7vsOKCb7am21FQRjGeAcVlSOhPBG2tmykKTuCEg5yOc/ao1u/puSCGcq5/OocV
n5o0ihtNmEh3e4lRwMbT5+uK1e0vInPbG0KCPIHbFNrwxBLpHS6mZCW2mSMngdsVLOkbKhptCC0M
+x8UmV5DWJaGwBlvBGMJ9qeYduQlQUlABA/N7VLRUfYfIDAI3JGNvnuTitZURS0rQFcq5xUrDKax
gEL88Izi8HaAD96A7pdlSJmxtWfoTQvgyl8hi3dIx0g8lwDGz3+nevnp8SSYadZzXI5DiVuHIR3H
Na8jurMOPbI4j2+Q4zhyIsrUeOCSf6V3Onr9bWvxLtukJGMfM2ef1pGxKXQb4qtU9J7gwy865+ES
oFSee1XW018aHTTqZZocSbdWkvKABC1YrPkfpaZ19LPt5YsmaBA6a6psLDxlxHPUQMZUOaErr0H6
P3u8lmYxCAXk8Yrs4+bSkTyw9TlFj1pz4R/h5Q4l1w27Oe2RipU0R0S+HPSzCX2RbtyPORzXdLqu
HgjcKPJ7eXmdNiLrP8S/w+dDLA5Kl3i3tFAwhCSAVH6CqEdZPij1L8T+rH7Tou7/ALMtaCQHlHap
z7V4nJ1L6mbinjyepxwXDG2MFn6naK6D6ZesUG2Lu17kA7pC8hCc+c/9Gorv2tbvqacq/wCqJQd3
n5I7A2oaH0H+tat3haRgl6u5i+06ovd5kR7FpxtxPpjepw5JH60mn/jxIkzgkPOklCvXOfvzSGjb
Tul9S3tQREkojFX5VNZT/Kvsv/Yw/DcxG6I2nVGp4odcZKilSyTuPvmt+BVO2c/O7iX9U+IFjWzH
eBQD8qB4FNsaSpSihYJLqdyTnmqecnPpDnEW0uIS0j51Dkg8D6U4afltNW8RJLaVPNL+UnyDWTNY
4wLp7KjERIVy4Vc4HmtGlYDTbjmwOjH0JqXs1RyfjrbCGB8+F5KE88V1VKivgyMYDZ27T3H6VNFG
rEf8ZPawrcFDdtp0tTaY0ovSGCNhznxQB1uc9LrTjzKAd/gCm+4lSX05R/6sjYD3zRsBGG22YPpo
SpC0d0+9ZtL5MgImbfTcIOCeaYDtcZsR9DhYypSQO1c4Tw9ZEaYnkjOfApvLJqlQlub7zd2cDjLb
joQEoKOyR71ibbTDcZclPILxTuKfbNWsmMjjJZegOplKkBSAMKz7003KFKuFzJioy2sjBTwTnxVL
IsFY/jabl2K1PT4ssttQ3QGkkEFLp4x9fevnr16jaE17bUT7vGaVKcUETPTVtSl9J+RY9sj+tXy1
H9Mrht5K49VLHaNKXSGubOUqJMGPnV+U1JOjen9n1ho2GjVMG3ymIYIZuFul+nI244Ck45rjSUZU
jub7opiuxSuh1tuCNM6j0vfEqCtjc9l0KUfoRTN1L1ZE0TLFg0ZqQ3GCXAtMO7DI255QahtZVU0U
oyk8+SNOr+qOnmoUC46e067YbglB9aIwS4w6f7yT4+1B1kF2uERMqMpTcYZQVKWe1V+WWh24vDOk
RTbMZ1xbTaAwFDe0r5s57Ut6YyL1qzX9s05b5CHW35KNyg3yef8AlSeLaJdM+7fwuWSNaOkFutDD
YbW0wAR7nFUW/tidKIj3i3XuYx+6S8Nzhz8tfTdHcui5YL/pZ4HE1D6lxzf/AFFSR/sku1Kt8oIc
3pOFHvUJ9RNO2yyzU320fnbXykdsZr4roZqEnBn331mD6jiU0b6e1hHmMkNvAqHJSeCmnsXQutjc
knd4PP6V7cJdywfn/Nxy45ZG6VeSFlaXM47k+1NNzvyIzCl/iB753cCquiI8b5FS2C71um66u7bN
vbWpCfzd8VJ2lLI1pC1FhLe3d+beDnNfO/WOo7l9uJ+hfxvoe2uR+Bk1g4uW9+DZz60pW1CUgnAo
oRojX2oLGxpbQdmdk/s9sSJakJylHkZ4+ldf0zga4opbf/s5fq/Mp88pXhHDrG1IusG33A2hiK62
wG3/AMN+VShxn/z5oNtQjXHTTtrPzPhfDSudwrvnh5PITwNOnmrzpbqNan7qhxuIl9IUFHAwTgc1
9R/hd6i2edplyySlFaY6Ull3OeMVml28ibMuRXHA9dQNdGzPrcDxKXeAQaAvwD+obgHQslC1ZBz3
rom/BEV5Je0TCXAsaWiAcDtT25cWJluMdXJ7cnuKzTopryBWsrewhgKaPGeRmhWQ83CA2rGfvxVt
EWBHVC/RYUFUggJX3BzUp/BTrNi7OILTuTvzgHOa5+eSwVFbLuQWGp1oTgA/LQhqC2rhSVE/lyTx
Tf4kxwxolPbeex+hpBcn0GOflPIxWfyaDQqxG4D1AO9bNWd1psxXE5z7irgvIm/BGPVKxqgrMhKc
Ec1GEiUlcgpdThOSeTV8iaZ0cUsCC4SG1ObELzjx4pKtTyUlSeQg1i0dGWgJ1o+4l1R2EDv9jmom
6gu/iWFtIV+bPJ81pF28nM1nANWsm1JBWvCxgA+SMV1lW5dxCX1Ag53Af61SWKIZu6wzMZTC4345
yeDQjqKAiW2phGCojkEYqsSyCXaCUiyiEstvsAp8A96c7Nbo5kD0kjCQcjPmofyW2mPZgIUNrSlJ
PY+xNdLXp15ycA16h5xkKPP86ogmfpPbLiy0C5uQU4xjOKmfTF0ltsJacVlQ5z7frSiskSrwSBpK
8kRCiU7z4K+Khr4tnLTO05ILiEhQQc7ea7emkknZhJetHzP6lMtG+vqa7byMY7UKkhIxkc/w+1ck
tnYjIISRsVk9ua8sZ+Uc58DPNSPyzYuAjcrOc/evAt7QhIJPt/zoJ2eACRtCcZ5JFZylZIDmdo4p
j8GyCQdvzY7ADmsg4SFEAY80AjIwCQCn9f8Ar6VsScDcsgHtnikDXgySSoc4+lKbc16r6Uj35yeO
9Aizfwp2eQ7c2UNAHkFWP9K+k/w/2dbVsZSMpwB3FdPFow5d5JrUGIUHapYKseaj7WsxsuKO0E+x
PanybMeMjq/PZUopAz9KCNQsuPtrSpRAPesXo6URzqq24QtfpKUpWeKBLhYnNyn/AEgpRHGc4FSW
hbp3RbpxLlI3H6dhTy1pVASfST37/wClPwDeRfp7TXoub/SwM8GpD01aUxU+q4kjHIrMoKbdbwpr
c4jdml0SB+8zlW3yT5pjQ9RIuE7UHGD2pHd2lNJDefmVn9KllEda0jfh0rUQTn38/Wo2X6irmHCr
gK7DzSWZUZz0EGopUpOkVsMpOUpPJP0qivUS5x4PUGUb4oKSHDkK+9aT2rMYXbHWy9V+nlmU1Kbs
KXlIP+7aHJ+5qV9L3m29XobbCdNx4DG3BSDuXj+WK0jNyfbFYKarLAH4hejmlNMJS5plA9RWNyUK
3fzqK/2dcbTtkQn1oUBlJbUcj6/Sokk214KjJ1Y/WvrV1oszYiWrWFwSkY2p3E4+gFL5PV34hZKk
yHdXXVJIHzNrxisHwRuzf7kqo851A69NBLyup92TuOD/ANoUMfrXZrqt1ybcTGPVO8ltfZRkKzSl
0/G9omM2gfvTmr9RXNx2+3idcFIOPWfcUs/1qSvhb0w/dNcRVv25x6OyQpbYPyqH1q48ajUYobm/
ybJG+KRqya31Ii12CwoiPw29iizjJH1wOMf51D1l0w1BZfcltOObVbEDH5lfStNuzL9hBYLxC6cw
Zn7ckIYnzm9rRKf9yk8cD6CnWPcNDXy2pstjadS2pGXJz3BeV38/407SwKndol74bOht419bocqD
p0723FNJUnkKT7/0819s/gSsVl0L8PVisAbDT6EbVJ7YOa6YJxipM5OV36V7kkXK8W6LEktE5cUr
ahNdrdcfTitSXGkb2U7d4HB+9R3CSPNzJbLRiuJCS4c5R9aW29l5ZUSr/h3exrJo1SocBqluRLEN
CAfTG1X1NL4cu2yLWE3NrBSsY3cYqTT4Rgqj22W+7bn0uEpO3PIrRibKmLUyuAgPkgq2jij9DXyL
mnGIj6pKkemVYCEk+1OKJUbZ6L/5cFZ+tK8gIWN34FyQEhKc8cUnkx3ZC0KbkBbm3KT7D2oigYmY
Q2wt12R862x2HYfek7EJDyxepMkBK14Q17D3qmJe4utqZTkpTSinDnO0Dt9acFRGJMhPopUtz/dh
Q4Ske+KNCZiZBatUdSvVSoggJUrzimq9Sx6zbr4U44tQUQn28Cr1hGTV5Z1vH4NlhM1Mz1ElIKUk
clR/0ph/HyYzMtbLqm17ctuK7k9uKvZDwVe+N7UM26XiDoqUn12I0ZcqXJQn92pZGE5V7jJ/pXzc
1hH02RdtJtXNMF5Mp1pa5C0qbdSrCkryeQQaOTC9RpxbwRQbY1abgvp/rybFuKM72Hp7XqoIPlK0
+KOdK6d0Zb1JgaaVGjObdxaf3uNYHBKSK5HUcM668ofn7vZrU6n/AG+05CkxFj91IYQW1Y9wT5oM
/wBh9NXe/wAi6QWmVQlOFxozZATkY/nUOVumbJUrTBPXMy4XqQ5pqPFtBigbVLht7iOccq96C5Ok
5WhZAfukmM5HbcztjOZIB8kVadrLM5JR0INXQ4jVtZtVriqalSnC6CryhXkijf4GdPuL+IGG7cEo
MdtYKsdgoH/lS5K7Rwi26R9tOkV0jRLYzHbUA2tAwE/aoI/tNOia+q3Sya7Gj+o80grTgc5HP+Vf
SfR+RS5HxvyeB18PszXJ7Oz5CyrjI0/Ncst43tyY6yhYVkeabtTzbbLiemkgoWOcc818b1nDPped
p+7P0PpOo4+r6ft+AIu9lbQA5BfwpA+VSSQe9IousL5DT6D+HSj3zmurg5322eF1/wBPi5dvgxI1
tdZn7mPEKPP9a3tWkdR6pnpDg3IXkEnNPn6pccG2zDovpnfNdqJc0ZpqFou0qbVDa9bGC4rmmTWO
sLdDf/D+qCUnkDjJr5WE5db1GNH6BGEPpvS/2Db4UrnbrTqqT1G6haERcbEQlO2U2clIUCQk+5FW
a1d10+FzRtkv+qvh3hJaj3mKhpxiewptXrHIKcH+6MduPvX23R8y6eLjKOXlP2r/AOT866vu5uTu
i8PaKka4ukCdDLrDPphTfzJJ7fYUD2qNp9Mlu4R5ZW8nlbJVwayb7mVXaqH66X6yX+a1a7pZ1pYk
J9PcsHLZ8H+nj6Vbf4SYF509p5E6UtSwG9uVHJUPc05ZkjKaXaFmob0NVTP2SskrSvjH3o00dpKT
bW2g8g4AB5pzyxRwiSrBGQzgbcpV3HvWJLEZqS42g43DgDuKEDQFasTIalFlx3hR8UIXZlbLhQ8c
pzwrNU1WCSJ/iTmtWzSDrzS9p2En60n/ALMHqsu5XV6BJfO5h7aRnv8A8q5OtVKD+TXjppo+r3Ty
cibamUlWQUjHNKNVadQ82p1LYyRWkcoxppkd3a2usSihSTn7UklWpxyN6rbZP0pVkts1tjfpJwpI
HjBrrISySVYNXHCol2yNer0IORHCEjt9ar3fXlRZJb3YyT3q+TRrwt0MUi6uOPFLKcFJ4570/wBv
SJLQLmMLHI9q5u62dlYGTVmlW5bS2k4JUO481C3UXR85m4/9nCilIIIrSqTZheRql6EfFvbeDSsI
HYf1pbpyzIagPJlNgqKQUfzq1imzJu8Are2jY5zZeXjak7iR9aFHZjK7sstfMlCskA+9ElTKsRag
ZQ8vDASod0lPfFet0F5JDsVI3HuntUyabH4JJ0BooXBr1HWk7sZKCcg0XWnRKI0kKTHSpA42jv8A
eqirWSWHFgtUOCgFlRBJ7EUXacQ84r5WgQTyqreDLzQcWqAHEAJWFcDIPBFRF8TOjXJtmfCIyglQ
OVIzk10cCU7szl6Gj5wdabAbTfHACeFHhXFAYwRwlX61zzVSaOpO9G3KVZGMn+L3rB3KHB+uB5qR
6PYAQCDwe/NZCfnzkc89qQtZMYUU98jP5s/5V4hSeVK7ccUyjcbikc5x5968FJA45545waBPZlsB
WSrznk+K6I+Zwkq254yTSBngFH5RjH0NPWloCpU5CP8Ai8ec0CwXS+ETRrcT0ZBAUeBir/8ASiP+
z7a086rBA8Guzjioxs5eST7gm1BqJmPHx6mQfBNRrqrVDjq1pBVjvz3rCbtlRSSAu43h1YUSrAJ7
k01Sk+sklXb6+aMWWk0Dd/tCH8goJKj4FImenzkkoQpohscnHk/8qjtdlpjtE0GlLaUFr83YClcn
SSVgsRkAJHBIptXgBVZ9IJZWlQa4TwD7URQrP6Te9acJHilSQx3hpaUgIT/F7Uqwllv0kEZxzUOi
kKI0hpIJ7AcccZpBcHg+og884o8lIFdYWn8UwtSgTgdvaoyl2pLM5JQjaNxBAPaisqhT+QkmWyM/
p1aHc8JwTznt5qkPxK9MidXOzoj3yKOQ2f4frW3Ikzk43TI5sNotNknFq7ONgK8r5/UVPPQ7TTl3
tqnrTdS2ztylhOUlYHlXsKmC7nRtJ0rGfqLpHqDermtyRPSiGx+RDQG0J9zWmgemrt2e9WUy240E
5Oe3HanGLsbqgotumdA2lx6TcLWl1aMY2pJ5/wCvFJ2JFpuciRaoVjQXl8NNbcbEnz/50OXhDXyM
jfRy/wBymFExpSEkk5A8ew4rtaemML9pb3GS+3E/NtPClf3R70o8dUDknhDn/wCirWOuVEWa1sQY
5OwHHP2FWC6B/DxfdD6EkPMw0IkOJOH1cEcd6vtd2TaaaI56qaftnS5p1LVxTPvtwUS4tSslsfb/
ACqOI9/a0+y0YdlVcbpIJDbS/wAiD/eIqWqdR8CXqVsBbtp/UOodWvu3tz1ZXlKv4foB4o70H07m
Q7EvUE9xuO3BdTvYkcepkgDvUqtsrWEfSL+yKgov2spVklWhg2xpAWhATnOR3B/SvpMxbbRaIio1
oi+imPyEDgV1KT+3TOHkxPA33ALu01l5B43/ADKSeKWsPyba47DK/UaCgo1lJeS07HtV0ZcIQtoD
aRtUe4NLmZcVicpAzynOCeM1m3ZqkcLeD66pSGEj0lbjnz708tvfjoL7e1IQo+oc/wB36VJYgluq
W0HLalQb4RuwT+tO8SU02y46XSHsDBzwrxQM2fWm8yEj0iko7jPYCu90L6QxIhH5OAr/AEpD0au3
RP4cJW8lHqKwQKROXBDNz9GK4leeSBxQhHFlcqPGejhtRMjP7w9qWISxHgfhw62656Y3EfwimB4X
BcF5vaA4XBs3JPKR9qc3XPwzzEWPv3K+fOfyihZExJeFKdUP+1AJTyonnafYD3rgplKY7kx+SC5t
wls/w1aasylo5xXo8qFIakx1FxsfJzwnNMd0RODgYhJyQNql/wBz/o1oZlXPj/buendDSdI2hTP4
6VHMl2QeQOcnPsK+YPXLS0a0RUK1zZ3ZTcqGJjj0ZPzoJOApP2wKrlWKNOD3IK0RrVu560j2F/Tk
55suekw+glBCfHfsKuh0Q6DSn7c5eNQX+JDMNoqDLB3OKB7ZPauLjXqp4R2TkksDM/YLFcdQzbrr
vRcq822G2fScMj02gP8Au+TQI9qrpxDkSJNq0204oEiPHWglDY9s+9RNpPKNIKUlSZGWq7hqXTU+
Q07bWS/LUXVtNJwGUnscfahabY0S5bLUaR68l1O1SCrCs98Y81pVOmDqrs0veqm5N/Mp6BsVDjeh
6ahgpGD4+9EPwv6xb0hqxVxfGCVjcc8jms+R3aRt0ySmm/c+qfw1dZY2obBGaW/ucSkbVZqdLvCt
uvrAuDJSlW9OFIVXZ9N6n7c1I4vrfRU3E+ePx6/2bL96kydadN4YalnKlNhPDlfPDX2gtf8ATic5
aNXWORHUglOVpO0/XNen9a6JdRH/ABMPOzD6H18uN/Zl4BpNxS28EEjC/wCH/nTrb7NZJjoduDTe
D9Mf1r4zmU+NXE+26f7XUOuQfbbZtGsvB1DKArvu96elSbJZkmY1KSlR52cYFeNz8nNzPtZ7XD0/
DwZiDmqdeyWWh+Ed3JVngHmsdKujl86raujOXVSosN5xOVLHGPc8V6/03pFxLvZ4f1nrHy/5UCy/
XPTlx6P9I7P08s8eJLiXZ0Nsy2lcnjccj6gHn71XbW01cC5uaZiP7WWEglKeyVYr6Xli+OKUvZV/
c+Rg03aBuyT7nLlyfxinHfTPyp8Efaur150rYXhMvmnFstuc+sgHCuK5l/uXKwcuOu5uq781bdAM
KcLKhhASQpX0NXa+HG86qhaCjuXJtbLm0b2VZpSbc12mbWMks9OtPtXHUrd2eb4J4zUzvQmmEISU
/KB/KmnlsmqNotzjxnDsA9sCm27XNK3y625jB5TVeB2DV/kLelJdUeEnk+KZr+7HkgoSASofl/zq
rol1WCtnxoXZ2zaYfaJwdhxg+Khr+z16lL011NUku4RIcBCU8+a5+tjfGXx+Uj7X9AtZx7vYIzwe
7oGM1LCpTMuPtXggDuKnjdpMzfkF77poOvFSADn2pol2b0mihaCkjwe1bebAHLlDcYWoo496TsB1
eAo/8qKCwc6o2lpdpW9sB471U7qDL/BXd1BUAUnjNacv4pl8DttIY7QtiY7vHc8UTwyG9sb1uRXG
tnY9Clxpt9QK0nI7Uz6h0bDukb8SlkE5weK0TvBjLGUMUzS0Zq1yWVMcj8ueMVGt9b/Y9y5c/dqT
hOD2rSvSZO7I46rSXJKXXWHPmAxjOMVGsWXPRdW0LG1wp7k96fJouPkL27fEnwUPpVhQTjjuP9a6
6fMS3NqZlBPHBCuan5DRIGjtX2piMIzckKI4Rn8yfpTw9rRLEkJHqAq/iAyKaljBLQV6PuMqYd6W
wtCzklOc1K+iYmHApwhvOOB2oi7JaS0HsaPEWlKm0JJV3WDQj1o021P066+FrHyHBSa6umpzMea1
FHzK+Kq2mHqKQhW1QSo/Me9QcsBJIQr8vg8VlzV3ujp477TYfMPl7Dz71jHz4CjjvtUazKWTbaVj
d7eBXlHcjG7uM/LQDzo1CAchSxx3xWcIQABg59qQrMZVwM/XIOM1uNuzk9z9OcUxo8AfCcAZrds+
FKx9iaAejZKkhYC1jJ4xnPNGPTOO0/c22lDnPGBSEy/HwsWpqPDZShgngd+cVb3R7LptyE8oAHk1
2/0HHL8md9RtobZPz7ic596j/USFKyEJKfGTWDy7NY6oELtIKBwQVAkDNIUyDvCFulWOe9Ro0Fdu
bRPfCkoykeaf4tobdIZQPv8AQVaQWKJENAUpG3kDGPaurVujsthAAUojJqbwDF0S2eohKtuVE4rp
Ptyt4ZAPPJ+lJ6oZt+HEZOAnJxgYpPcXC02SMpV5GKmsFIQuTnGAOTuV2rEV5bpClgkZ7k9qyNFn
BxuUUSGFZVkeD2qM9YR/wUlJaVgZ745PNWsETO6335NlKELO/Z+bPkVV/wCICC6xc1PyuQsnce2P
oK1nnJzx2V11jNP41DjW9Wwn584PepH6Sa41VFtC4tqW8hop/KlWCv7nGcVKtvBr+xXedV9SdTRn
bf8AiG4sZvulnO5fPn6fenHQGpdWphKs8GO6tnst5BPI84Pn/KindvyGKDm3azcf26etejlhajhL
rieSff6U7aY6W6uGsFTbbDSQMblKPy5PcfWrj3TzRLqJKWtRp/S+h3Y824NiepJS86nACARyAfeo
V0bG1VqG5uIskFce2AlIdcB5T5x/rQ/VJKIReLZL2mbA7pmENQXy5pZix05THzyrH+ZrvcfilvF3
tjtltAKGmwcbOCAPP07cVMr7qQUmQhOflX6dL6gar3IaSra3vOTjx+pqXukfSa0ae0U7ry+2gzrz
dE7YEL+JvI+UfT3Jq+Jdr/5/YU8rAA2zoxHj9Wml3ie9KfB9WQG0/Kg+1ThpL4D3utsaZcZupLi5
Bdd3iJAwlQCeyQMeKrj4ovDIlyOKtFpf7O7SN06LamkaeYiTmnI37kftBOFKSDxV4p2tnHmC5IQG
cpwpP1oaaSMmk5Wjhpa7pDS5PrAo3cgc5+tO1tvEWdOW44lQbUnBRUN6RUVmxZZZ5blLipUhbecJ
Srk89qeVSJMWGZj9uytQ2hwZ4x2qDRHZl1xy2ZWklS1bw4jsM9wa7spkodLgkAp9MYDZ4INCV7Kx
Q6RZyIzCw3H2b1ABGe1b2xlm4z3o2fTU1lfzHg0bGjeBIcacALgSXFkc9yPenG/S4UWEi3R39248
lPvUgME5xLLnrJWPTRyEnzXNa46paPw6ytwgE7fG6gB3/GpZcXbFpSohITgnt9a0ssr0WnUiM2Ny
8kr8gU7EODVvQULl7khTxJA/up9qTynVPL/FofJcxsCU88e1IbNDORFWkNo9RzuopHAPgU36iUoE
XCUko3rB2J/rmqiZyR3bl7wktem224d2M/mFJkXdu3Or3xkOPrBLaAfzH3rWzLJAnWrpdE6h6mlX
zWzjxjOsLbTFCsb1n8qftXzr/tHdLJssnT/TmBBdTKfaWtX4QHKUo59MK/U4redfbb8hxuppFWIr
dsZksxb1EVbG4SyUPA/9oeP1NTD0sfuc6M/edH3iRDjuK9N2RcnD83vtT5rzpLudM7vFku6h6R3+
/wDSz/aZu6FtkK2F2UvZk45IHtUNWXRFx1Db0yXGmUs2yQUoCOQ6EnKle/NNw1nY4zpMj3rLqeDY
tRXaQhtb1wuDaFrAAxGR/Cn74prvlnsUayWbqXZVKAk4bfMg4UhwEZx7VTzaDKQEa1kWxnVs66TS
lZzgFB4II7+1Nlj1IzbbstVuY9JThGVZ4WM1hKVSs7eNL7aLz/CF1cj260wkuXEEjCVDParvdPep
MZwNLLyeQOc8EVhwS7W/g9L6hxLqONTXlB1INn1TFKXUIWCPymoM68/CR066mRHI9407HWFZO7aM
19Z0XV/cjTPhOo4ZdPO44KL9fv7JptE927aAmORyMkMKGU1WvXPwf/EBo1aoi9PqfS0eFtdzXP1n
0yHOu7h/2PU6P6s+PE9gYrov1zL3oo0jLB8DB5ovsnwjdZ9TJZTeEfg0OYwpZ5FeN/8Aa+yVyVUe
yvqk+T0RdktdK/gltFnk5v61S1IwSpwnAP2pZ14uVg+Hy3pdYjhmS+g+iyOAvA8f0/nQ4Jprj0tm
kG4Jvk3RAcbqprJVufumt7vPUypSnoUKStXpNqP8SAeOc+KGbDJumoJz8uWv5nVbirP5h75qnaio
o8pJW2F1p0U3ZbqzLVMzFkJ2l3P5f86FOqVm1aphyyWxC7hGWf3ak87e/wDF2q4r2Iezt8LnS/V1
u6hxZ0/T6gneFFTucGvoDa7HHuMBiPGjobWUgEJFTG4t2RLeCTenekzaIqS8nO3kE0R3W7t70xPW
BNCXbsd2JHWGWUklYUT/AA9jQ5d3pKXCUOn3xVeBLYjQ/uaV6ivzDOAaGLtLUJ+7ONvnNHgT2Vp+
PCeuRpVxI/hSex4+9QX8EENFy6gIjIdCXUKC0fUVn1NKOSoaPs38Nf4mFp+KoHjaPNT9YZ7jjQyQ
c98nmsoQ7VTIexycDCsqWnn6Gmy7xmig7QCa2TJYMXO1hSlccfSmd2KI7mE45qvBF5B3qKyHLG4o
HJwapV1nZej391wuEDkYFXy5ga9Phg7o6cPxnpOq5UeCM0cDKFJeO4lIwftXEltM7pOh2QBIZStA
HbPApWxDV+FKXEkBXGM1ovFGEvkDuoF0YtbLqlKAGCMHjNQnri7suI/HqV8uOw7/AEres0yEvYij
Ut+RISQs5C8nnx5piMUPvpnNL3BI4CfNTLKopYODl7mRQkNOqwcjA5z70uYuLlyYKmHTvHvwoVN2
6HXkctMJfRIBBKyVcc+fqKOrdYnJslt6QtaVp4xu4PFJJoCYOnSokANMvunsO/mpcsci2uNJbRjc
fIV3rWLSwzCSHiK8WXAAtYT2x71p1FekTNOOIZwpO04GK24WoyI5PVE+Z/xmWaTG1K+462UKKj81
V0cQdxx2+vip5/zNuPMTyeU7isf96tdvy7c5B5yKxNTuQcBIyPtWClKk4/gI8UEmqUJwSFjntmtN
gyeCrzQNq8o2GVpxnA57ivEAjOwkZzjzQLJkZSD8ysYJrIIIzjOfBpjxR0ZQguDajn6HtUo9E7AX
bq0t0Z3Ec/5ULZJ9AvhrskaJCYCeBxkngfzq0GnENot6SSkYHfNd1ek45YlYk1BPtjaSl1zcfoeK
AdSXaPvWUOZI7DNc7dmyVANf7sygqWhIweR7Uwx7s48/6QUQCecnk1nTLvyE9mnRo6EobXwPNFFr
lp9MubxuNaNE2qHCNBcd+Y/N5JPmu8OEv1QSg4HtUtUyx4tsVKU79uR4A7UpdgbGlKc4yPY1NXke
huditNoLp5x2prmK3NqcKft9allIbFIUp0L2gY4xmu8Zpx4+mOPoKho0izpMjpTFUFJwce9RV1EU
Q6dqQeexoZMzOnnGVRQHkfKrue9NXV34dIfUbTDy2GQHQjclWPp/hXVFfci15OK+x2Uuv3SV7TGo
ZVov0flC9u9znjPtW07TN0sUJKLTNEf1uNwICiPt4FYV6TpseGdB6hFpakIu5biOAeq92U57gZ/x
NTr8Ptq04bYplu1Ic9LAUVDOfpW3Gvtv5M5+pUh+uOiNS3y8KftVhbYCVcOujaMeAkUTWfTd4tEM
x5tyS26rj1EjG33x/qaeZK26JdQ+SO+rDfT6wRlyrxc35crv6Kl7iT9R2FAcDrbPWy2bPa/QgMk5
Sj8z2PH2rNtR9MDRR7lcjrdOp1z1NCcTPcKnFJ+WMFbUo9h/zpn6WL1Prq/PactpLERpX/a5hGCr
/hB8URTckn5CTSQuQ5btZ9WRYmJQGnLEsZSo5TJdHdX1AP8AhVhtNapvU+1rvNmtJ9UI9GIlwcNo
7bvur/CqTu5R/wCexm/ZnGwvaatiX7VrzqVboE14+o88yMuEk9gf6CjHSlq1habvA1d0v61mNAjr
BELJBke+fvRLskuzu0TC07rBfjpNJtV6tcXVE1pKbkpoFxTXId45NHTmqGxb/wAYztloPyqQrgg1
pyStmSjRrabqZ8VgxWgg5wpIJ29+2KNbUtpFtQyUf9oBCk5OEke1YN+TaOh6sLNuMwPiOUOZ/jPv
2pyul3nSpYg+l86DsUyg8Kz5qdl1THuKG4cP02FpSlWCpKv4fFJUh+HbvSed5QrgJPKge1VQIVSH
2HYLK1IUhbyd+UnJ745rtbEKfvHpmX+6Az6n5e3vSwUKLvKYjbTDVuWoYCj4T71tb1MXZlp7IHo5
+ZXmkwGubAbkJbZZy4FLKlJz4Hikgf8A2dGfusNk+qpzCGT7feisAmK1T0vvCW42pJwkKUM5yBz/
AFpVHuaHXG2WcblqKi34wPNIBxkS/wAI0pK2PkxvO48c1zj3ZSYiHBD9IOZ+dXj6igGj0AmKpl8O
hSQorKT5PtXG7JfuvrTJcVLrm75WUcBsfX61USJjCi5l9xNrbAU4pXKk8hseQKf33bU2gOxLYC8h
O1r8QcEnHJIrRYMWrI91tZbXeGXHruSVtZKSk4IPsK+a/wAYGjJGpdbXS+s3+VJuT0sQWER2/khj
BKlZPAwnua2xKDsItqVlYOoLOg9aGTpCJsROtjfpGWrIDx7qKVeSfeiTo3aNQa21NaLY7AWxYoG1
ltTeUpJGOVf3icVwTXdg74vFssBqRm8avvKunbkB78I1HeWn01EJ3IT2A8moN0L1YtejLPdmNQxC
lL25lts8FsoPOPqTirfpd/JNYogDUWoLzqqdqTUcC1LfQ9J3lbieUAHjmj3/AGXa1b8NLl3s+zKJ
AW8jklpYGCMeM5oj6pf7g9IhuRp65Px2f2jH2lacKKz2xWr9mt7LKEBe9xJ/MO4rFpJnZxybjQ+6
M6vzunk5JhvOegk8AE/4VZXpf/aZ6Rs0Fq26p9RBbT/vU5zUtKLckjfj6iSSjN4J56Z/2nHQi+hL
EfqFHZc4Gx5zaR+lTLp74senGrGwiFq2C8FDPyOg0+HmXHKkzl6nhhzR7x2l6g05qFgqjzGlD3Bz
QXe9KWS7TXPWaaKU8AnzXq/4iVKmebDpkrsEdU9PNMwon4uPBZKh3wBUbX1FilXZTsqY3GZhpKtu
cVz9TycnM6vZ6303h4+GL5H4IU67fFzobp7YpNu03LbfnrCgktqzzVQeo/WTqF1lvkK6a2mh1mCD
6CVN7Sc4JyR3PH9Kxg6XbF72Z9TyOUs+GPWoL7I6qJtNlehBpiCAFqb+UkYqUNOdO9Cm0sREyGnE
KTgPdlpP1pOnK2YJ0sHHWfSBVut6Jly1IiPHbyNyONw8ceDUL6h1debff/8AZbRV7RKSF7S84rdt
H0xWrSirTyZ3bLD/AA/6N1jDhNX+7XhC20gKwhHf/KrKdC3ZuobqVS46vT3cKUOTWeUsu7JtZJ1k
26Lb7eEtlIJFAlyW8/P2pV2P5qqSpCjl2zvMbkobClOHPc5BpBKTuYLjmSrPOKVMrY2zWP3WWFY8
0LXRKC6oEAk+R3qtIlrJBHxeaNevOlXNiAdyOSftVT/hsvs7RPV6NtylTLwSR+uKz6uPdxf2L43T
PtR8LusoV60nFdaXypAympxtd5SwtKd3HfOay433QVmcsMIGbkHmRhWfpXCUpTpzuPbtmtESNkvY
M+ovk5pklpT6hWkE49hWkUQ8Mj7q9qNq2WdxCnByO2aph1W1JGuF3eUteAlR4FVyvtjRvwJN2Ctj
vjLFxQokbcgg+9S5YGE3e1l1k/mwFCuOOZUdU8Kx1t0b8K/6Cx8vP6U4LXHYinafy1rBGMmQz1xd
kCJISySCDxyagjUt1dTZnQ8/g/lA/wCvtWryyY4RGkyW61GkBxW3GSkkZHNaaW1DHkKMRQ4QfTyD
zUvFFnafHY9QpcbOzJAINLNP2zaS4pOCnn1B3ApNIYSW6MI0gSGPzNr+dI8g1IWmXHypsIcC0Agn
1Byml5wJ6D61rSy4hTmxI77k8ijmyXNmM6Ay+kHvt8imo+TNh7pV9F6KWM848Z4NFatKIfhFtwEp
UMY29/0rXj3ZEsqilX9oD0jjtQ3ZrcZPy5Vn2r58XaMmPMcaSOyjwTg1v1aVporhb7aZwBO088nk
DxWqOO+QT49q5DXydCn0/mTwR5zmtkpTkpyMHv8AWgR709uc55/l961yr+E8+1MdGdu7G1Pbwa1I
CvPHbGaA+TwB7Dv4V5rx4IKOCf72aQhba2t7iSk4+veps6IRUGYwtPJQRnGaqGyXovP0FnSkQWkB
IGBxip4iXOQiClK3sD2z2rqd9tM5mldgnq/U4jgpRJAPkjzQFedZIQhS3XCnPbnJNYWa7BO+6hcc
UXAoAD+HPammDqBXqlttfB5Kvf6VPkbwqQRWzUBbSMuDB85ox0pfluOhwg7U/wBatPNErWSQoKz+
ESkjJVzkU5W6CVD1P8u9Ei0PEeCEthSuPpXG7OltBZSR271DVDVsaHgt5CUA8H3pNcmGm0Bjj5Rz
mp+SkMuFB/aMgHgY8UsgMFLhIVu4xmoo1R0n7GIqlKx2qIOojqVyFrzjBzRsmWDhpRyMl9tMjlCi
ORxVj+nFjst90z6DbjRJbwB3x9q7OJx87OHkTWUU3+OTpV/sJPXqhiGFISo7ykefeqtWG+XrqNqI
W+3RAWmlY9RXIz/nXPT7uw6I5jbLLdFvh3Vqa5RWdVTHniCOXTlCR9E9hVh9VdM+n3SKwx5sF1qO
NvdwjKv0roXZxwb8mUpNySQHap1bYlQ0vWu8IQAkkq3crOO/0FRLqb4gbbar5/spakruFwkD0xzj
J9s+BWUpJO1llJSlgF+r+gX7PZos/WlwSHriv5WGBhThPO0D2H/OuGnNBNSLa08xFRHgRRufe7A8
cAfaq7FF9r8b/wDZXe2rQ7Wjofp3qE6q8ftNVvbACUoScK288mmHqBrPSvSi0yunnTBr1XcFEien
3/i58n60ptRVrbErnh+AN6J3hiZeFNP21YZ3/KMZ9RWfNWwtZs6tKN2293xUObLGI8OOrCsHjccd
hShVWyeS06NdA/C9p2fqcR5Ed6TOx6pcfcylCc5zzVi9GaQl2F2Jam9OxXoGwpSvAUc+9buor0GV
OTyyxfTeK4bSwwqUllLPGEJwTTmwXH5zsaHKCSg7ju7LFZNh5HjTMsNXMiU7+7f+XA7ffPvRshTk
u6sWtEoJT+ZtxSsZP1rOWTWIUFhxE1lmW8GS4jk/w7vv96dLQw9KlH8QvDjqcBf97HsaVZK2hzVc
xBdS26gKXgJIH8XOP510djIlvhSnMAqAAX3yPNA/kUw4zv49sSkJ4KuN2ABjtStpqIljcpbikbiM
pqsUGzClNTYLG59rK/lUhAI7VpJcbYgF6Psbb2nBz5zUMehrjXV5tbTw2hLaSFL84z/jXS1SvWnO
SXW8tFWOTkD60BQrUiQ2nfsSQtQQgKGAkZ/Mf0rhbI34Vl+c4rGQUpAGCRnuKQCxh6VOZVGQ0pYx
vPqcYArEybMksoiS2QC3+VpByc+5oBnOTcQCm3tRCp1ACSEnt/Kt5bc25H0GFoQlP+8KVEJSP8zT
RMjhbXIsCS4qPEaVnuc4x9TSe93yS4rZAUne58qnUp4A+la2ZOOQc6ixEwNMGBZLbIlSX0klTZyp
ef8AiPaqafET0b1OLJNhXW7RbU/cEYVBhj1HEpP51KcGMHbW0NfBm7sqP1c0foG2bUwNJK3s7WWn
o7gwsYwDgeT9aknpOoC2WOVbbEpUa1rQp1sIwMZ4yMcnua5pL1YR2RdxyTME6clXZDTdsUJTinFF
bacKAWnOarL8anSe0aS6GMaysKG9kl1chakj8q0qwpOP1/pVxXcmhOVSRCvRhywart07QseSGn7y
2FMqCflDiecfrS+yrmdOP2n05uEbYmePnaX+VwYwCPqDWcUmu72Kk33URld1NRp7smbGUGm1lpwb
vlB/vU1fhkyg+3Di5cIyjZn501i8s7OJ0sgNqNi4Py1suxJDKmyOQg9j/SmJenrhOSW2EF1alYGM
5HPmjt7ckt9+jEzpo6gpdjJCnVnCge6a0fsevNNhVz05qefBW2n/ANS8pFDjGWJIimtMMOm3xkfF
rodhb8DXEubGZ4UmVhYA+9STaP7Vv4gYLAN4skZ/t+8SoiiMJcaqDwFp7Rm+f2q3WS5wFRv9lWkK
WODvP+lRPqP4leufUWa+ZN0citvDCkMk4IrRynNUxRn24QJz9NXa7qTci69IKBlwEk/r/Oi6xaIa
FqiSrxI9OK4dqHyMoB9j/wA6TVLBLfc8kyaQ6eaVat0Vq5ssvhSQVPRj8wB+neh34hul+qunFuGt
Omd2XdLWQCpptWXEe/Hn7d6cY97olutkRXjr5qjVGnlacvdqlOJUnASG1EA/YimHpZpjVLup2EQ7
Q8hhxY3OOIwQM57UnbVIS2XstHVbQeiNKQtMFQ/FvJCVJJ59qsX0IetDljZdgNIC1gFRT5Nad1JQ
9jCndskG/lSWhlA7eKDFM/8Aby8pHY5APGaJaKjbO17lINtUQnJ/xoci3JTrS2nP6mpKRgMBxnfu
+WhDVLzDcgKbwFA/l+lUlhk3kF+oemv9ptMuRlM78p+/iqeRuht6tXVtMhEJYBdyFcg96jlfdxFR
ruZ9KPhaauFh05FbfUQnYOeanmBqwJKUqcwfftWfHHtjkl5YYad1Uy+2B6g54zmnN29MJRlSwMGq
SJGW530biUqzSB2eVtlQOPqa1RDrZCnxC3dKba8gOYyk85ql+spL7l0fXnduJ5T2o5s0dHDhDCqa
4VoCeNis8VMfR7U5QDGkLHzoBAB4NcbTTTNnlBvMmN/i2nGlA7uDXFxchDG1avzL8+K3xeDPaA/X
tnVcIUl11BVtJSDiq1dQtPuQ570MBQQVg7R9a1dUJewB3K0uORyylJznHtQ3YLI7aNQpad3obcO0
k5yDms5rBapBtqHTqG4Tc9rJAGFj+9mttMteonZGkAlQ4B7En6U2vcVoeXgtgJe7EHapY4wftT/b
dSCPBQ64x+8H8aTkKoapg8hFbdXG5R2zDk/lP5FH/Ciey324h1KnHzkn3pO5aJZMPSjU0QSEOuOE
Z7jPIqcLPc4M2Mj0nAoKAHB7VUMZM5Igz43+matRaCmOxmQtXpqI9818h9eWhy0ahlQXkctKI5zz
zXVzq+OMh8TvAyng47Z8/wCVYByABj9a5Dc6AAADBwPOa3TuxuV58GglmvZG3/rNeI4yOcfWmP4M
lGzgDt5OTmsEhtG/HYUAYSE8bQoFX8Q81u2hRVtSB+vfFIVD5pbTzs+QjGQPbvirJ9C9A4cZWgLX
jHOB/hWnHG3ZMpUi3vSazTYcRsIY2jv3qUkMrRE3yZGOOyT3rpbSWTmWZUBWtCFoJbxhHj3qML84
TIX6mVew7Yrnk82awpgndpkiU/t3/KDuCQeDXOAFpdSgbiTySe5qclKmE1vYeUpDKz57+1SFoi25
lJ+QhDdUlkXiiTbHBU6pJX2P65oot0TL2xvsPfxTazQ0xzeaJPGO2KZp0fe8UAk57mlNAmJnYqlP
4SPlR+lIbmGyCQjKlHHvis/gtCFyOkKATg45x7VltCWyQCTSZaEd5exDVnHtmoh6gqR6pSojbu7j
ip0E8nCzxkqYDoewo+Qc1LfR+8XS2BDTLwUjPGDya6IxrJyNrTH7rf0Bi9b9KuRp6QUrQciqNI6Q
PdEeribNItmGAs7HVJ+VIz/KicXxyU/cfH6l2os3Y9a6bsmnm12SIHHwnujkrV9T7VDfXrVGsdWS
v2jc7uAhoja0FkNN+2fc0+S5vGEiYenLIz1prd3Rmi5DyZK5NwdTlCAsZQPc+BUYdLonUS+X9Orm
YSlug7kLVkhI9z9KzpuVR8G61kl22XyHN1G1eeqN3VKkAemzGJyrHskeB9a26l9ZbFp+4RtMxnG0
skb1x2v4z4Sfp5NU2oqv9yKtodtMXCHdEm9TbilpxxG4Mtr+VhPbJH94+KHepvSxEWOzfXoy4LMt
wJSHD82zypWfJoaTTKWGD+o+ounem4j2jSCWnlNp+d1QyAr2z5FP/Q/WeptS3xxx55yZcpvJkrSV
Bn6j2x4FK+6WNC7cWy2fRXQVxacCZMuU8Xhh1+Q4SpWatN0Q0naNKR24X4o/veQHSVpH863ShDRz
3KSDj1lW26H8E8lCgc7By2R96d2P2ddAXocMoeR8yyD8qvfFZY0FPAv09Lt0mAtHpFDiScKT3NSB
Y0N3y3MypCNjyQNrxRgKPbFTs1WAhs8WbPZVDlELLY3J3d8USaXhl+CtpKchHz7N3zA1OdFWLJ0W
JKUFxjtWgZKVeDWWFRxNaTLUW23muN/hY5yPvingFs0uSlKbQ83Iy4kEkntjuDinC3LftgbYeSlY
UNydp45HOf50foo4wmmxNXKU4lLLS9oSOxyMn+Vay5EKSzuCsZUB6J9/ap0A0vlK1uIaX6YHyhPf
contiuzMWQ2+liS8WUIOQAOTz7U2CHFyVGUgMuSfkaG7Yk5z962cuTky6I3MtoLaQEtBW4jwM/Wp
GdLnHlNNei4+lkvnJUFEkVwlTzarckBnAx8q1Dlw0CEcWReoivWiMpZdcG4gnAwfr71xnahl2yIp
Dx2OqICk44wfrRlCeTwn/iLaWknO5IIW2O/1zSIXCdlLSY6ShrG4k43fc1qsoyeGLJ2rGLayUPFt
uMUYUSOQfpUG9VrXqTXNxXF0Vp5pmOvIXLuDRAUPt5BrSDawjNpXbIG118ONrmvKiQ48Nq8PL3mR
FbxHTg9sEd6PulHROxSLN+GvEhMSSgj5W+xI805Vdlxk6G3qb01naB1DO6kRQpUJlDe4NnIStJ2q
49iKp/8AHLdmrx0euVghF1CU3D8Q0k59MtOeP505qn+yoSUimfTq/wCoNC6qiTmXVOrtEhEgxMZK
0A/Ng+2CatF8US7VqFizdTdFWgvFDaXHGEDOW1p5P1wa5eNU5R91/wCDeW4sjC2dHpbsePrGdd25
+mLoSlxwH54Tn91fsKjbqNZtZ6L1V6cKA45aUkBiRH53I+pFZdmbXnJup4pEiaLm6b1dpN2JKsap
Jba2uKKfnT9TxQnJ6TOSbX+2baj8PJaUpSEj+MjOM/etfySRCfa2bWLpxMm2FzVlqgOrmLz+IgPp
J2n+8mnWx9Im9eaZEqTESosBbbyU8EealJpoqUlQPaW6GRp6/wBmOpXHQpSmXUdiecA/rWdR/DtZ
LRqlGmnHAgyGgpneOCoc4/X/AFqksWLup0NWr+lGmr29Bh6QDUaUhJRJhO/wrH/X+FPds6byNHaa
dueo9Ch5lhWFrbGVbD3P6d/tRecEX4YJNXaxaTvi7vpxCZEJX54MgY48j6Uf6MHSHVFjcttsvqYR
nkk2uaRtSSOdoP8AgKFJRlfgUrrBFmo7L1E6VdQW4VkuynIJc3NqSStABPb7VYLRcqLdo6X7yy62
iQgeq2o/u1H3we9LtUZ4FJ9ysFOtR0Nan2plmskZawjO9s/8qhi0ar1rftbph2WC3HbQrOUjdx9v
etuSbr0kwS2yRnenjmrLjHeU+pMkKGSokqPPFXz+GHRzuk9LxFPTPVcKADuOaycU5qQpP00Szc2W
9nqvq8ZNClwTHlSsNJGD5FaPCIg7Y03u2upa24OPdJphbgpbcyQCPes3g0Rh+S1bWloKsAjseaAL
zKbkT1NBXBPv2p6VMX9VhPpe0MyopjPI3JI7VwkdCrTMujV4RDRuBySU8moTtNA8Ml3RsCDp6y/h
07EhIpBe9dRocshMkceyq0VdmTKn3Dpo3qw2HAyqUM++cipDhaxRNjb/AF8jA81np0XWDV67oUoj
f28570ln39lmOoKdAA857VaJrBAnxB6j9eI62h0Zwe/IAqtMhCpr54GVE+c1PLK2qOjjVIQXO1Ib
bWttI79u2eDTzo65OQJDKg4QRgYByDWEi9kqRJDzsNuRtyRgmnuRKjOW1vaQVDBO49vrWsc0/gze
BBNZjy7c5vAG7JGTUA9WLCl26uLbZKhuwSK1r0WKL9VEeu6SdekqCU/KQcDH9a53Tp80+RKbbwcc
58VCVst6E8uVstf7NkIIWOMLPB9qFVyP2S8UpVtQVZSrn5TTprADpar3IuTalPOD1Dn5gflXilyn
0Sow9B4Ag/lPGDSi7DwdNO3hyO6GngpQJxkZ3CpIsFzXLjJaP0+YKwRSrtZLJB0aLlGaSpiYQcZ2
96mrpXeLrICGH3RnwQfFCVaIdMeOtj7UjSD0Z8Zyg4r5C/FdphFk6gynmmjtdUST2Heuycr4afgX
Gqk/kifuSXCT9vFYByscceEk9q5Ddo6I4PyY+v1rO9sHKlAgcfU0xUb5B7ZAPPetANg588AE/wCd
A6tGSsFWEr48jHNe7/XHfGaQv0eIKRhJzz3TSq3RitYKh3PYnmgPBLHSXSC7jMbSWgndyM+1W96J
9O0RI0cJaSTjuk5z/SujiRjyOixmjdKvJhpXtI9jjin64W1uLG2rOSR71pNduDKGXYE6pG5S+AAP
buajHUcJUhxYbQcqzz24rB7NV7Av+yWmFkLUSo/3RTjabCsK9d1JJ+nYU41Y2sBDZ7S5IleoU/Kj
tz/WpN0HZQ2hLjnPtnzTQB/ZoiENhz5c+1PlubU0kccq+namlkG8Gs6QGjsB58nNJHUD0PfJyTmo
dbGvY5FsNsFY4BzzmmmSwEtmSo9k1DRSGx3coJIyCtXY1lsYCiPHGc1JaEN6QUwidvYE5qG+poWF
lYUQCePNDQmJdOOn8OG0Og8Z80f9P58mHIQoqJAIzg/1reODmeWWJ6Zyn7lGDKn/AJF9wrzUC/H7
0sMC1f7YWlhO5rle3uB5xRyJ9jfsKP5UVgidZ3LDpsQrPHXLnODa2hJ4SPJJqHesXVK/OuNO3S7n
8SVfuIbJ4R9T9vc1nJ9yxpG0Yq2zz2mbnd9JsvzpThQ6oFTagf3h+vk0Ssan1bovQgRbbBgOpAQn
aQp4+B9BQrh+I3UsMYOnmjta3jVw1Tq4lTrvKG0/mA9k+AKQdZtHOW29K1LKeG51XzK3flHsPen2
NRyO1eCS/gu0zduoutGEyoLrsGIQ5hachavCj9R4qevir6MzL5GF81JcjDhQGyqNb2M5cIHc+5ql
G4W9ETxLBR2VHduWrHWnmiGGztCQfFWR+H/SlzFkE+0qatrHCUubMrcPvU8eR8mEXb+H3o9qSLaI
1w1POQ36o3JeUrhX1PvUwI3xw1AjupUpPAcb4JFazj2qjmTthTb7Z6NvD0kF8Y5yv5h+tKZv4luG
iLFVtSr5sNnJArOilsItKRfTcQZgCm3AAlwDjP1qRNM3GNBgLENhwJUrDjYOQg47ipZaqx7jSJEl
5ubGa2FA2FQGM0S25mfHjJuMFShzhbgPB+9CWChTGircCXXn1AqJ3DOfPBBpSB+LaagSEpV8w+fG
CMeaV0MVMMJmzEW1pbWEAtqJ78VhaluyFtvxPmZScZPdQ4zVZodjfNalsenbi0kbx6iiO4P/AJUh
eYfZdSlnJKxkKB5SamrFdCiA0hmW1EQr52FZ2q/iPk0slXAoQuSwn9+6TlahlQ+iR4p50P5EiY0b
8GlLCVFxatxTjKlfSlBTEg29xbbai8ThzAyon2BqAOFvkT9qjKg7HEgFsKBVtHk81uxdHlXATHkC
Q6n8oUfkQPYDtQAnvdymOyw9hKm0KypSewPtmmS7T3LkpQTIKgVZI2/509iZ1YlMyA027FC3duEI
aO48eTSa6/iVSHFOSxFaKBkfmKj7VaIkjeG8wq2qXNjJeU12WvIB+5oR1leNaS//AKPs1wQzHfIA
/DNZynyCT2q4t0Zte4m0v0Wt8KzPvx1u/i1qLi25DhV6h9xntSGwaDvM6KgMx0Jlw1qSpR4CxnP+
FXV4Qr9zvdND3aVo+5/jWC5+NxuQobvTAOO1Uq+MXozNsWh5Ol3Y4eZnkNsuFONoKsgfpVpNxGml
LBThjoDqrS0Z3q1a7Y68bVIXGnxgN25ocK4+3NPVg1FIt+n/AE9KXdU6Lbf3yUq5KWVHOD9E1zPj
caa8nQ2pOvYeLzaEu2mRqPTrpjftBkKmWrOY0xs91pHgj+dM+gOmWs7HZpoTIF2tLScCKsb1tNq5
BB+lT2W01/z/APo+7diEfgtKawbujEMiJIKY01hHG1Q/i/UVJ2ntAacf1Ot+1L9a2LQCWnfzNkjO
aFltDeA0s2gtI6Wv0ZCU7WJOQnPIB9qFF6VtFl6hXex2pIa9Ues2hPAUfbFayUVszTdA5rXp1e9V
wm5FhKIs+OrKUg4Do8pND1ttKtV3VUPV0X0rjB+VDijgkjx96icXv+xakR5166TxrBcIWsNOXlcd
yc8Mq3f7pfsfvXXRXWC6W6/jp31DV+8eThl5Y+V4eB96z5F2y7olL1LIzWHodcF6su7b6WnYElKs
sE8oSeQR9OaHLd0qcu3q9NLg2r1mH98eSlXzbR9ff6iqeE2JSTwiyHQ34eL1pX8KL5DTeIZxtMrC
lI/XFSl1i6S6WuulyLTakwFobwpsD/StOng44rBlySSd2Uq6y2i+2ye3pe1euuOtRClJTwn9Kdum
jvTTphFVO1DILsjaTl4jP14pT7VLOkUk3HAhidUJetOo8Sz9NoalfjHhykEcHvk44r6P9EdE3LTm
jISry6pTuwE58msr+5yOlhIT9MVe2Gt1t78iAfUOwEY9qEXIjcZ3aXEkjwO9aSWLYLGEN92fW4op
HI+nemafB/dKX6gzjjHmp8jQwakfQ1EKScnAzQHIStUxKuDk8YobXaC2HumnUtMIUVcDzRtZJbSk
pDhBBHOfFY3kpqzXVN1VAiL9JRHB5FQT1K6hG3vKdVJUEnj5Vcg/WuhLBl5GPQfWGe/c0R25u8E8
FBNWb6capdftiC85kbRn5qw3Oi2nQQTdTsIRvS4cYoV1Vr5mMwr03eMe9aAV96wdRW7j6jaZHI8Z
oH08TOaMlOOc1jyP1I3irTFM+GFANuJwrOaW6csKpMxKAknaM4qXY2qJJRDchWYuADCRwM+abLTq
UFZhvL5wRya1fpSM3kYNSdRY1kQ7HfkJTtV8uVeKCxfGNTz1grSoDk8581U324El5OMiwoQFrZQP
3YOE58ZponsiJvStH7tTPPnP/QpjI01l6gw8wshO0gKA8/5UJSpDzkf0nU5UnJJB4P3oex7HvR8H
/shaUPzjcknuk+1bTXZUV5TiSrPkpP5j7/ehasQotO9c1KkrVz2OeAPtUraThvtR2xsVnj5lDIP8
qlNMGiVdDQ5bykIejpUkcBQ81MejLc3bfTcayB358VatqjF4yd+sjkd7SLrif7hPn2r5VfGItt3V
TziXBjceM5OK6Zf6SZPH+bRBChsOQrdnzWAkZKtxPnJ7muQ6vJtu+XAXnJ/iFeTsKQoHH9TQD9jP
ylPyA8jvntWdw2b+fvn/ACpsbwZJ+YHt4FeKdwyec8Z+tAkvY2bIONzgHPANPWmIRfmpbKE88cnt
zSEWX6CaUYlOtNKSFlIH61cbpXYrfCislTQxt8Cu3hikcnPb0S1bZsGPGRtcwAP4T3pFfLuy4yfT
VuBHAHap5Nig+4CdQl2SfyYAPcUEancbhxVpYAz/AJ+1Yq0m2a92ARD8dtQkvqSVH8qKJbM2hxj9
4OVdznz7U1rBTdK2GGm7EhxsKaTwojAqS9N2MRGEheBt5P3rRqsELLsIocNXyp8q5+wpe8A02ogl
O3zSWEN7obFhTqwd2Ep5J75ri+9uyr1PlHIz5rJq0Wcnp7bpEYLGAOcUjnPNu5bCx4AT9M0UPQ2z
i2h8pR47Ae9cUOIbAQrOCd3FKh3gS6hkMohlIVkYz3qGeqriHW1AnAz3JoloT2MulUuzFp9J3GDU
l6fS7ALZBJScZwKuKaXcc8vZE7dMZb4hILZwrHGTQ78WGmL5rPp7MiNBRKmyCE9+3inyJuLSGlTs
oFpPR82zTp1oeZxK3FtsLzkDPigrVmn9AaA1HIvOp5AfdZHClp3bVfapj2qKb8G2XhC/QPUGH1P1
I3HZgfg7VHwcOD51pHk+2f8ACjjVurIc6Y3CEZo2+CN5bZGS6T+VA/xpxk6v3FNaIkunX5qyaike
kx+JlKOxERtWGmvoT5/zol0l061D1Ylp1Hr2d65c5ZhtD5Wh4ASPNTF9+9D/AByW0+HDTzHQ+0tt
uaf2yHyMNYypOe2ff7CjL4k4WuNSaLcct0NhCpLXL75yUA/TxWjtrsXghu/VZSjSXSjTmltZquvU
+ctbHqkNttDl0/51OES3XrXqGbXpd02KzxiF+u2gl50DwPbNRSrtX92Nt3b0We6J66uNr0zG085b
Lk4223gO3knC8DuPNTJpe6Ni1tvuONocUPlcHIBqljZlOqwPFnu91lMOMRl+q4rPCRTxbE+oGkzo
amg2cOZByQfYVPixqg1gw7WzHbTbprhbSQR65PH+lHmnJi4chltcRKUyE44JO4+D96nWi0rC6DFj
JZITKCWz8waPfNPVsS9JjOxXEYYUjhQV3P1H3pjR2alOPFlD7exspwSOAT4pZb1ovSFOOMH1GUlW
Wzt8YpUOhsVPl22QqUFfIfmBHO3nk8U4JkeuSiJ6jjzyFHaTyM4Oaa+R15EDsmZIlOyUtfOEn5fP
YVsw/CWw3cn2dobBAbB+Z1R7k/SlkMHmkouS/wAf6jipLnyIaaT/ALtGe54/rSn8BHWl16NIDfok
eo8Tu3HttSKQmZNoZVKS+2otMtJICTklR8qPtXNbJkOtFuQsJI+VDYwB9aQzG51mO6y/OQhPPOcl
QP8AWmhtglta2o7uxRytSkkFP0FINHNuQUtGDHt6G2gcqJJyB9T4pjujVx/BqUtTiI5OCGvl3D3/
APKmgtCK1Sn7YQLW/tGeVuHn7Z9qcJji7jF9K5pb3qPDjQOD+tVEzmrOkKDd1QiwyUKQDjCwTx9K
S6l0+ymKz+Ku77alHCVIISAfbFUiBbFhzl2tt70ErQ0Nq1NK+ZQI74pbpeO9pphyNKhlxuV8yFLH
zD7GqTE1eGbyHbhHWu4MxEGK78riCP8Adn/SoR+K3R1i1Fpl+WuG24/GWC222eDjmtoN5RLSwykv
xKRJXSyYnUnTpaXId4bRLXb3TlLjg4cQR9RVfTpV5erldRekFtzGkgrkWJSsb2j/ALxsDtkHJFYy
/wClec/3Ohe4TdPb5p9u3nSstlblmiSgtOEkuxEKOFJPnCSf5Uc9O4Mfpv1aumhGbmxIYXGVItyX
FfJMYUMlAPkpP+NZ9yj/AGLp3RGirLM1bqa4ot9qCmnXSPwquFoI81JcaxuXLQMYaai+lebaoBYJ
wQB3Sr3FOD7/AFPyE124vQ96PlWu5piwbzPCW92SFnlhee32pX1T6ar1NqNF00u40iVEZ3es0rh1
Pkf51pFKXpM77QAkWO+NNOXOa+tsL+UPM5+VXv8AzH86GE6MvU+8fjp7nqtvja6tnghQ/Kse1S4u
slJrNEH/ABH3G76ksUuyRYshi42Z7ZKYIPzo8Oge3nI9jTdoqJd7jIsrPUWzCU3ICWmrkwknafG4
+PHPuKx5PS79tlR9SLK6U6C6yiT/AMbcYL0iM62AiUz+ZIPg+9EehfhQehazjXxFtU+1v3KWpPKM
9+f8qfbcWhX5RP160fYLHZPw8FtbLqUg/J4NV9+IvV2qrfY5EyxXPc80MFtQxuroilVJ0YvLtleN
Ka11HqWQ8xfNEOF/d+7eAJSv7UQK+HOZquOq9alsaAV8pQDhKR9TUQcpPtaLl6M2GnQP4b7RozWM
e9vW9CCTlBA+tXX0/Gakx46XV4abAwgHtU9vbJp+SW7imZ6n6gtsC0BiER6gHZNRnbJEp98vzlH5
jkDNPkadJFca22drwQ1hxtORTNcXVKZKz+X29qislJArq4hbO7Ocj+H3oQdU2lxIAAIPOT/lRJUh
oKrLNCWEAnuMD6UY6ckKWhO48ffvWL2U/JrreR6tvUhpeFgds4qpfxDXiXbC+60o7ecgHtXVHMcG
FXLJHPRvXod1E21IG07vzHIq4mguorEa0o3SkDannCq5ov1M3aFV+6ssJZUPxA7e+BQFq3qyxKhF
LM0E/lwD2rRNCIdvdyn3e5qKCTvV4z2zRtpK1uNsNthP5hnA7Vzy/I3hoeZFickOers4SM/yp+0v
BbjYkrHKeCD4ppZyKTwGdwjx3bI222r8wz9qhfXNwdsFxW+wSChWN2T2961lmBEc2iHOq2sF3FXq
Ic2+nnkHv9KT9NtWyESSy+9j1AeSe1HKryEUvJLWnr1DlNsvIcC9w2rST7+f50n1famFWl5+MsA7
Sc4/pTjkTIjuD6JiH4BbyEnBHlNDjFoiusuo34xnHP5T7U07Q9C6CtEWCGErAz8uB4NKYjTFzdJe
cIUjAOexHufekhaHTT9sS3LCXU553bk/4VN+gIEF2O2FNDf7ZxU1TthLWCT9PW+OFIVHb2q8BI5o
6sRkRlIbdj8DsRV37Ge0IOr72zTTxVuSfTPBNfLP4s1Nq1ZJGQfmPzD/AArrn/oojj/NkHOoUCFA
+a1UQs7lKJPsa4zppI2UCtAWRz5A5r2CNoTwewyaBNmUngncB9D4rCHUryU/0pjeTKfcr8Ywfeug
IUjcFf6UIEbITyFYPan7SSsSEpCcqJB/rSJLJ9Eb03Z/SU+taQocBOef1qymjtfqZiIBUpOQMZNd
UZNRMJpNhtA1u5JQhKpQ+2f86JrTLNzZQc7vG49qSfc8EuKgjXUUZDELk9vFQ11Ovy4+5DCh/wB0
d6z5cYL48kdRtQuyLijc8DhWME/1qRNMXX8QtuM2oJHYk046RUiXdJSo8dpsr424CU9qkSxvB9oK
d/iOeK1eVky84CGJ6TmVpBG0YSD7VrPBWj00qwO5I8+1Q8oqs4G6VsZZ+/YZpluMsR461BW7Ax+t
ZvWC1Wge/bi4W97PzHjv4pNbdSGXLUCvgHye1GmkPaNJt+aS9lbuScnIP1pumakbQ6UokEcYHPaq
WWN4EV+1Hhohx7PyntUZ67e/Ex1Ec/XxWc9EMbNKvvxZaXTxk8j3qZdEuRJzLRWnggEnPatILdGc
8NMmfRg/DwW0t8hPk9xRTfbW3e9OOxnGwolBGQcj+VVbsPk+dvxL2HUHT7q0mVCgKTHcJ3KSOFEn
38VHuuNFWTVyQFM+oWU71KWPzKPJ4rLjympe5o8ZRX/Ul9vej9Sy7TZErSyh7aQnyBT/AKU6i6pn
xXLe27mRIyn1F87M8ZA96lN+DR00PGjvhmvF81HFYQ856ilhbrmMlJJ8n3r6FfCx8J+nrPbGJa3i
/IYTuAV82D7n6108MIp2zHlk6wTjpvpD+PuDtxXbd6mgfTKhwPc9qB+rWjbxOWGdQTfStEfK1Ntn
AUB/jSnG0r0RGVaKM9aL3p5/qki7tBblsiObG2UHhWDzipn6CdX9P6kks2+6Oi2wUkJZiITh179S
KzjNJmkotpNFzLDZtMX3TUeTEUpsNJBCH1EqogtsRlURuAx8yRgqVwOK0eWZfDCq2WiHFjNyIcZb
Kj/Es5J/QeaINJKk32aHHMq9M4B/iI+tR8DSWyRrNaYUB1t25tpdZPJWofMgfaiUW+0ltMeLNLza
UhTewY2D296Tq6NIp7HYKgx2C6CFKkYUhaj8oI9/tTvZ22lXBKhKV+HWnAdR/EnPkfSk6H4FaJMq
GswYv7xTRUCXDuBT4IrexTlREqcWoJJUB6fhQxzj/OigqztNmW9tj1mXE/vFkKbUMA5P/OuEp1cQ
rLjJSsgBKscAc+R9sUDqhOxIQtvCUEubPU3JPBA96Tx/XYUHp7m4ryQhtWdqe/bFDyF5Htq5R7Wx
+H2pYdkpBUkHJabPufKiP8aTIebTcW0RYyURXnCoyHF4CEjtx7k+KhjSFrS2blJdbcl/uGh8ylDG
/wBgB4ra7uxre00xBjBCQnlwAFWfHjz700KhgkpU+suuRdu0ZDQSRu+qj5radDu9yhkNLabWfzbV
cJH1+v2pD0hFNuX+z0dhh8tTFYyW8gAZ+3n70w3O7S744tmJLEbz6CySr9B7UCGP8OyzNL0u6bjx
hpKdgFPbb85xkJQ0hZHIaBwCKFgTWDrAvF1YQWHN8Nafy55TSObaZ15Z3NXmM5I9QKCX0nbnPOKu
vcz+Q3tkp2Ja0NTorK3Bx+5GKcTKsk23NsPRi4lKtySnu2r2prDE86G61yYzc1caYA4zKBaWkf0z
UP8AxJ9Omrfa37raGnXozu31W92eAa349tENaopr8QvRdC7EnUGmHlTIkBz8Qhh5RK2iOVtkfXnF
Q/qnonqS8Wx7U/SWSuM4gCfFRnaQrHztn3qHBTfavJspdqtkaad1Jc9OdQk9RIFi5ebLV3tq0HY4
rsrA9zRJqm1w9V2uJ1E6dXhxcKA5lG05dhqP8B+nOK56u1Lz/wAZrpqhktk7V1r1exryLDcjTml4
djq4bkA/61NvTByXcbw/r6M0Nk9oofhucFCh7inxxlHAptSG9vT9mu1xlzbdMDcn5krYJ+VdRyLp
1LiasTZtKXhcWQSUNofUShz/AIP9K2mk4tmaw6CvpJ1NvVq1VJ0J1t0sGmpCijeDxk/xVINz0PD0
yt22OlEeNK/eQpYPCwRwAfeiF/jNZX/gUt3HyR9cehcLWesVz78yAt2OW/xDIwlwdxmuPRn4WdRQ
DcIkJTU2NDeKm4rg5Rz4qJru/d/+i4ui2HTTTUqZZUQZNq/DKaTt2rHbinG8GJpqPttzbfq55Qmi
KdClugN1DqmDKcxcI3prxzmoa6sRrBqIOQozQKl8YSatS9ye2ngEbNpO4RmGmm7KhaWv4tvfjite
pWt7rb7SmOwyhpTQ/JjaB+uP8KuLdYJa9xJ0z6vqnzEJuL4W4Dgpb7f61ZTR2o37hAQ8n5UYB9sV
hbbopJJCTU0j8TK9Rwkp+tJYUD8c3hSAlKT396T/APJppHG/rajxfSbGQj270Pu+o8wreCnue9Ju
mkCA/UClKKmd+SO3vQk6gfigEqB5zj2olodBDbFhO0Fw/wDdomtl2LEf/fYP65rJ7GCnUHqGiD6i
XHPHcnz9agHqtqW3amYW36id/Ocf610RlTpkdtvBF+nbEzabj+IYVhIVkHPb9akSL1HmWuEllEnO
eOT7Vg4pOzV2Md26saiceIaClII2nk5rXTU++zVFMjesE98nODSSd0KvJJGktMfiw0pQ+ZScGpEs
elC00lahnYP86co2UnSoKrdpaM4v8vcdu/iudy09+DQSxlIUcEU+3AGYz6vwi468kgYGTUb9YtNl
TLj7aeUpyOPpmqjG1Qk6K3ajtch2euItJSDhRJHbx/lXGBa5bADsYBKmed2f8qUtUx1nBI+io1yl
QA6wghaRkA8gjv8AzoqUUy7S4093IwpB8Go4/DCREV408/C1G+YiVFC1/MB/Fmk87Ss+3rU8ywVt
L+YoAz4q/LSChFLte6MVM8FR4x2Na2KNI/E/K2tKxwcjgj2NN5ViDHTdmkGXlIUhKuSCM5+tSppG
HNbCViRuA/hPGPtUv3BksaAkBh5tExGdvj3qTYjlre2JbVtV3rSFGMk/A09U7SzctOuhl3BCTgK8
/rXy9+MHSj1t1NJU41jcsnI4B5rsnC+G0LjfraK6vja6pIPBz9TXLgnG8Z+p7VwHT+zfaG0+cH2r
VISncTgc5xmgRsDhvKgPse9eOEJ+XseaB6Nk4SEgq7VlIRjIwewApgdWGkqcCTx4xRbo+3kLbWlY
ABz/AKfehEt4Jz6fuLYisqKxhI4Hj9RUq6avUl8NtIf2pA5APeujDWTKXwSdod5h5YW69kDnKlVL
GmbmwGghoDHYK96qDVYMpqqsS6xuSlRlNZ7DOBUJa6hvzFLV6e/fnB+lYTyzSCxkDYunnGZodPcH
xUh6DtbiFBTgyr/CmsYLlklLSMCU4v1pB/dp7DNSNYPVkqS0wohI81p/+pmsZCZuQlplKW1D7g1q
8tKk+mo8nk0WOvca7rKbYZ9T1DwOBQrfLwkNKTnH/Dms5VZUViwVuEstxlLWvIJ4z4plgzlxEmTv
USTzmk/ysaqhHO1Ept0lx7JPIB8Uyv6qX+MSk8jdnvSTyFYs2uF+9ZW0LAJH8hntTNf5MdbARntz
g0SRKS2xhRLEaSkglPOOTzUvdKm5ElDalKzwM85q4K5ET1RO2kJTgaQ033I/Sjq1JWiN843J7Y5q
22sk7wV4+MTpE5qCGq62+GpLifmBT/1zULdP+icxWn5UqdE3OBJwk87jjtUcabmy26hggbXnTfTP
TuBeNTayZC5A3qCUj8yjnagZqI+gdtcvGrjcFgZ9QEHuGufb3qFSaijVZPoJ0E6KW2Y0zd5QxtHy
JX/ErypVW16N6Pi6Jshlwz6he7Kd8/p4FdUaX7OaeQ9sTciaHIsUkbx8yuwP0zUW/EhpRrVNif0e
2+llSkbVuoJ5HkVMsxpijiRTodJel+i9TiwRdPv367rJAQ0kqS2D9TwKnPol0JgRrgm/XHphFjPM
nLTjxC1AfbxUwf8A0rHuXK/LJ9hQodktZDzaEKWOMHhP0xSq3uNltJ/BtKOMgnCCf0ptkRVsKNGW
L9rSB+GyiUrJQULKkjij2wWh2zyU74u2U58pTv4P2OOM1nRYdQm7Si2JlTIvC1BtQcJykg+c/wCd
d4EM26Q42mIVKCypvaM7B9fcEeaT2X4H5NmbcbMmMpRSwN6457FJOMj6g8H+dLLcw5FiiI69tCBu
9NR7p9waQ0x6/Bw1ylRYsklawNrqTwoFPIJ8Vs9dY6GYm1tIyVKW0gcDxkfyoGjcKskmApb0bLzC
AoEc8hR4I/lTfepD7mn03BEja64NuxHGBk/4Af1oYq8DXaC67AdQHEpWnCd5PJAPtS+RGjt3Da4t
agvhS0qztx3yB5PaiqRQog21i5Pybu/HDUUK24J+YgeP196UNxzdZQeQpCY6SFJQBjJ7AYHYeaQW
LolrIjvyJMz0m1H8+32+g7Vwnwi56b8D1lDBKVuHbn/ix7fU0UgsTrUuKpZnStyiMr/dbin7D/Om
tZROWUsNqRj5lOvKxj24FJiTsxcmbAYiVKlFUhPsrYB9c47UwT2ES9q2UtBxHPrb+f54pYDYxuz0
3CZ6T76QEAgk8KPOO3f9RTvZYiIUw/hFlxBAIAJ/lg0AOphyA4bq5LC2eElvZgo+9c34b/q+st5H
pudl7e1WtGTHaFEflQimFLy6kDOU8Gl1ttojNOR3pIKVD1BtVnn6U6FdDVJ/EsTTJtziXPXyNqh3
V7UF6vh6mvrEuyLYUhC07QFeDWsbsTorl1Q6fX22SH7/AB3y56ZT60THyvAcH9cVGGpI/wD6O9Qw
rkwEvWC7K7J4ciKP09qc01r9/wDyODUv/BG3UC3WWxXyVerLafxEZ1z94Qj5XEnv+vNV60PcL50N
+I+52h91Z0xqElf4R0fJhRyOPcZrLm9UW14pmvGmWF6l2iwydIxbzYi2+4hvchSf4h7fcUmg9S0q
6ZROoOmLSozoboZuNvT3WkcFQH2pydtdvlf9yVfkBupF2hSmzr7pxcXGJKjuft7h/OPOB70KSeps
nWUD8ZaGkCfZlh2S0Dh3HcLT/L+lKWX6f6v/ACKPz4G74iuu1u1fZWZ0S6JZmFgKYnIGNy0jlKvr
mnn4a/i0snWTQX+x3UW4OpdtyvTQt05U2oeM+RnkGs5cnqjN/o0UV20idtG6rWhuRZHo5cMZIXHd
7+qk+B71Mnw63yw3R5d0hW0tun5XUKHNOTqiauyQ52pYVpkO+q0GSM4yOCKjW4axiqu8g3BPyqJK
F+KuT9yaoEr6p++SyGVhaVnAFdrD0bi3D/t0iH8+e6hSWdhpBHJ0dbbPaDBYt43/AEFV6+IDS8E5
kymDkHhHYV1wScWnowd91ogPSirlbNfoK0luNkYc7ADPare9OtUxJlraZjOEhIA4riaqbZ03aHu5
yvVdCc9z2PNbruAjMFlkncrg44pvDtFUmqE1yiN/s9Ul8jdihty5smOsKJCk9seaFihYdgZdZHrS
F+nkge57mhuUrZMJKcH2FTP3HEcbbIW2RnmldzvzEOJvU7jjHB7VESmyHOsWrGXYjjjUvHfOTxVZ
tY9Q5NuuKk/iioZxkE/1rSWV3IIoS2nqa286AHceCkmpA0heId7cS3IcSr3O7xWN5LZJlm0FZrqw
3ISEf/FRBD0PBgKT6SAlKO4HINaJGfd3BLpSKlMsOIRtSkcY9qkSxJjvQyUpySfPFJYLFFtnlMpL
C88Hk06SowmQ1j+77+aSeaAb37O4yr92MHg++aGOpFuD9sWgo5WO/wBquGBS8FfNZ6aaduzq0J2q
xggdq66X0M3OSsLjHChg7vNKQ0/JIegNMQ4aVWzYErR2Fc9Wack2uc4YjeR22AcUKKUX8E57gfa0
AufcjLXHIzgkZp7l6IjJgqy0CoDGFHv/AEpR3Y2R9qDQiY0sqZZw25yCOMH2pXp3p5FecCX2seAQ
OU1Ulka9wzs/TlcRKQ2M7OQSeCKMNMWKM2Sn0gn7+DmkotbJk8WEcdtMB4BSiD/eTTpabtJSvJkB
Se+c9v0rZJXkyl8HW9dQWmILkSS8kpUCOVA1RL4zpNtudzelJwFHISPFdOuJxZnxt95Um6N7JK0A
JyDwPvSVQwe5Ix2FcB209mVFKlY4z9P8az8ysJbOOeDikIycnCif1IryUgfkGAOc8nBoHgyncrO4
ZrZtvcAT49jQA4W6N6zo2jJ+n1o60fBkIKXA2eO5I7/SqiQyTtMPS20ILpS2O5FH+lXZAcQCc5Gc
jsBVpCJK0ld3W1t7lH7Hj+lS7o6470J4UTj37VrH2RjOnlhDMsLsxkvLSVEjPHgUCai0j68lSigg
JJ5qJxorjeAaOkgZG5LRATzz/jRhonSq1qCmmiBnAz/WlHLKkiTrTYFNR0x9mEp7480Qw224EcMN
J+ZXt4q28krIsKlNNIB/868896EcuO+R/SlXkEBWpNQ+q+WW3RhHJ5oXeuLs6QtCl/UnzWV2y8IQ
3mQlxQaBICcA0yzpqGY6k78Z7AeKex4QI3a7hM/bv87ck0OuXlwylgSP48Y96XlCzoXovCVPITvx
x2zmuMmS6+otqX34wO1ElgBLObMUh9wlJ7/51JXRvUD8zawyTzwVA9vpVRbTpGUrptlgNKvTI0Zt
1xH5R47CpAsWoWX2gh/5SPc4q5OsCQ19R1QrrZHI4SCT7VHOiLDH9ORGKEhKMgBQ81MX6rQ3HBUz
+0O0A3bbM++mOorVwkY8k96Dvge6FJkqjS3rcp1xatwcWngH3xSjSmzR4ij6LaJ6Xw7FY2YLcceo
rBUVVI0bZaba2mSPkb/hHat3g53tD/HubkexfjHGQ00scFPCjULdYddQtM2x9UZlc2e6ohEVPKlE
+KicvPkqKt0Rt0y05q7Vl+TM1Xpl61tJO9TzKduPpmrBWbT1qtVtQWbm80hJ+UrO4qFOu1eoJO3g
6SpFrlJbaQ+XdhyeMZom01DgzWzFRB9VKhuS4kZUkeeSOaluxKwz0rDZI9UNrQW8Bt5ACQr6KA5o
stDK5V3bbQ2lS0jfs5UlQ7YqWi9hYbdEkRm3WHXyXwUvMurO0/TnsR9aX29+bb0tvNxCpQT6YUpW
cjttI7+KX6HF2hyQuM40h5QU0+M7VDI2kDIB+hHvTtDbRd3EWaS3+GeTlTD+chQ4O05+v+NJlVQn
t7c9DrNuecwlBO3BO5JJVgc/XisOElZisNp9MOhKF54J7kA/c809B5FEpxpuVI/BPjDZLe8jG7nH
B98kn9KSOfjFxEtvOr/DoBKAMhQT25+6qQ/Bq3bbi8kQmHQG3VguOq+XcPoKXT/RiRGzEloSkcOF
B+ZShzkn29h9KBXYmhIXKc2TLiGmk/Mr1Dkn9KdmnXWrWmXanY/qqVzvVnH19uP5UFCYS7glvfNU
CjIKVnO0885Hk05y71L9BENphTjYwVJKTlZPYqPgfSkKkjcx2bhGC5j/AKRRjeEggL+59qZbuxG9
RxNmCUlQJDTSlkrFP9i1oHp0p6BK/DyJDaFOJ5ZcRyf/AGu9KX7fMkw97RjNJWOEkEg/ap0N0CN7
i75yYb6FNAJ+RxokpJ/lxThaUt2poxkSi8sjJKzyPsaQmEVsuOWEKUgOuY5KT+YfanJP7PTCCm18
ZyUkdvpVJ0TI7R03VTSnLVGG9PPpJOD9xWn48NrZUY5ZeV8q9o4P3p5WSFQpcZivx3BGbAUPm47k
imORJl3llz0XEgA7VbxzmriyXvJFWu9NNxdSNwprOWnclwKHyrH+tRn1G6b6cuKTJiW1S4sVze4z
jIwe/Fa3sCPr90Ztlt/FSYtxRLsFzT8zSh+8jLHkfSo16g/DbobWt4tzZQPxEJxI345KfeplVP5N
IvI/60+GD/0caigQ4c1x603hnc0gnKUOAdx+lC/+wydLz1zrRHSI0nLT7PhDg9x9abhWV8EqSapl
betzz9xjX+1WRwW+92Zf4hhtJwJCPbHkeKhjVnUmDqTp3F6pdOFrg6rsSjHuluT/AOuR/ElQ8pPc
frWfJ+WfNr++0XHS/wCYApqcrqnGF7gTw3CU4FToQPzRz2K00imWnUvw1a1U61JVN0/fEAtzEc7V
HkHPg/4ismu+Lf8Az5Nlh0Wo6XfEvL1VoKLqKytlE2yYblwXBguJHkHznuD9KuN0D6jaTumn2dQW
2SGzMbClDsUq+o96mE7pP/lGbjQt1/1aSZblqu7QUCPlcQe4pgtzEq/NtsMKUtpRyknkjNaSl4El
5JJ6bdI2C4j8ekZVjGfFSrG6cxLc2lKfy45AGKIKiJu8Az1Cs0GDCWGWACB3JqnnxHXp20x5DqGU
uBGRnburuv0qjCO2mVCuXVi8S9R7FRPT+fCUpOV9/J7D9Oatn8NS58uxImSEFIKAfmzXn8kpSmrO
tQio4JOfy9IAKifqeM0pxGZSC4sZ7Yz3o28j0hr1DPU40EN8JPBoZmRlCMpTauTyDmhZGhkRaTIS
tbg4PP60OT4DrcxTTgIz+XHkUPQWaKJZbHzFOfrQF1O12iyRnUvPgY+tSlQ2irnVfrQ/+JcQmR+7
OQoeSKhbUmsP2pLUpEjcDk4zmm8aKQhgXp2M6FNvHcPIJom0z1bm2GQlwSSdvGf71Q17DJt6bfE6
1+HbQ5Jwe21R7VL+iursTU75jx3worwfY/U1Kl27IcPYlKzuoKVORSMBIGT5NF2jVeuxhJ7+D7Vr
WUOx6NsCJwCQcqwRin0xmyxkt4yMHNKsgaOoQpkLKeEjAOKGdX2YyorjaTyE5Sa0gyJkKag04+5c
AfTypSiCQKKNGaRBBIQPm+mef+s1DTspse3NKyId0beQnBIBz707XPSyLg22XkBSuxye9Uo5a9xN
3Qob0XDjoStLIAXwVDwaZtZWFMeJvbTtI44p9oJoCnrAiZHUUpJIPIPmt2NPSrc2iShoEJ52jyKm
rK0GWmo6LnB9ZHPHO7x967NvNRJp/hI7fWqXqjZGx9tNqZuz4IG3P17/AKU/K0C2Wv3aQM98VcfU
ZvGwG6odJ5j9seejuLQdp5TVBvips96tF3ejyZJcT25OQa35OKUYdzJ4Zxk6K6zxl78oG4k8mk2R
t44xjjPNcJ1pmyslO7sM9qzsBQVHIHgZoDR75ggKIFa7QlHBURQPaN8qz8p+mP8Ar7V2jBKsnP5v
A8UCH/TMRL7qG1Ek54NSlo/TQ2IdOSrvwfNXElhhAtxZUlaV8Z7ntRVp59tT3pR0E4PJHatM6J8k
h6PZU4tAJwr2FTRoBn0UIScckeauG7ZnN4wSdGSw5BDDavp2prv+mm/R2BIyfJFEs5FF9uBiGiUK
d2lsnd5Aot0dpBmNja2eMCpisluSYZR7AltoqS2OBnP0rkLehtXqqAJ9qbWSU0c9iXyTtwlPbNNW
ongzEUEA7jx3qXiJSyyNrsiWuQrAISew81waQ3HT6zhwCM8+9RHDKehn1BMSy0p1RHzfz70JX67k
tOHcBnkHP1qXjQ1kCrhekJdW8XTnOe/imkTGUKWsrOScjims5HXg2avCEvJVvBPA+hP1p7iLcUre
lJ57/Sn3WqE8ZOF/lKaSEP4IPcZ4x9KO+gpQ26h1aeCf86ON2zKa9JafSRjO2xsnkEc58UqkR3WM
uR1cD61pPKJWGM9yurjMRbbij5Bye9Jun7zEic4UE5ScAd8/Ws47RfgBviP6MN9TCm3vN5QpW5RV
7DxT50A6MQdEw2UsRW0qAz8vGB4rWMabl7kylSJjt0p+e8qGyvalvgrT3pepa330R3pSihByoE/m
odkJJhK8iySbc2bhLUwhAyEA4zUOdTbbpG56pZl2pZC45zgnJUftSk1XyVFNMIrVOuL1vbjx20pj
IOXVYwSaelXCaPTbt7KXApO3JHCRRbvIqSWDlFtV2buCI7W8qdOVFtG8n+VSvo7Qt/jRRNlOuraA
xhSS2U+2R2OfvQkF4DSFbbQxIajR47jJdTlaCSrf7eOOae7PanGgZD49MhQU2Sg7SPOFeD2yKmyh
9KLvdpBcgR0Z27h6X5Xfrj+fFOSIDUu3pEhxsfxBxr8yFe31Hb68fSl5D9HeNa1KjrdfWoEYSrJJ
CCOc5HtxinKAgMoYuTLpWY8jbtJ5I9/0H+FGEVZsth1goWpSlhQUpSsc575/wOK1WXY7q22EpLfy
la1qO0AFJJH3oYKhvloDscLDgGFkpQ4r84Jyf1Pf9K63Jq4lhh5VwKGwgEtgYCyOw/0pbLs7QZ9w
UoypLedpIKlgBKARgj6qP9K7NRnYSUuyo5SjO5IxkZ8KJ+g8D2+tAsGjkWK8tpttDKUnKjIe5KlE
8qA8k+BXaa8pltVrgXf9yR+8KEjJP1P6+KBmBDMMpcYU04No4aJW5j7dgT+tKZFzcbfZZQ4phC+V
pQk5H/ePvSXwDR0f1I/HUGIMhSkOJ5cKUnjPtWWlR3YhUr98c4KkKwv748UbwS/cG77EhrWpSrel
GB8pWR8v3OMimx1j9kwN74SpJOB6as5/l/rSrIDf+0o01tccyylIJICgRn6ciuTDbsJReeSps5A3
pGUq+tGwsebIiYt1LsQtK285QeFD6f6U8tym5UhPpgoX2U0rgK96Wg2xwTbZjEj1WnVR1pGQQrgi
mi7yZ0tSlQlhTucLb3c596tEM0N2uEBhuesKQEqHq7h2FKNU3KLZEtXuBG3NSQC6lHhPvVR9iHnQ
PaoRHuy0PKAkQ30cL/iSfvQNNgN2m8vQ7S+281JSAsOf4fetE8WKvAOyNKQFRp+krjbxHebUXUuH
hK0mgG9dOm9O3WBq23pLjKf3S/IIz5oatNeRp0F2vIkDUljh2SYCykEORpXllXtUMa50BdLbcZsF
asyXkkkJ7O+yh9auPqSJuj54/H5N1l0/1hbdVWKM6h9sqaeKRneO+CPaoK6X6mhav6gyCltEJ25s
lDzBGErUP8xWPN6eSv0dHGvRZ207ol/T8q+NsSFxLjFe2egT8rravp5FPFutmsoNtuWn9VQfx1ng
bZCEKG5TII3EfbisqafpK7klbJksUDT0eFY9XaEiB6FObQ3IDf8Ad+o+hqz1ih2bTejWZllk+gta
R+7zjBI7Uo9sna9iLlWR+6VaMvWv9QIReJ5KB+XPmp30x0zh2l5tjKdyD7d6pR22xOXsSVZNPBqQ
h9BwlAyMU/zrij0AhOSpHGapLNmbZEHWu7JEBxxM30xg5GcV87/jC69v29D1i05GVJcJKctjIR7k
/wCldMm4R7nsmCU5Y0Rh0L6azdb3di6XVC28rB2r7k1eTptpuDpvT7UNlkDanFcUMvuZ0NVhD/Ht
zkkk8DYeOa0dt7SEZdUcjvk1SyGhg1PNjNs+ikfTPvTIsOGBuyce3ehtWhpMxY47T6CMcEZxnimL
VEFMaUXdoweB9KV4HVAXrC8tWqGX1LGQKrF156lNTXHosaQNwGNue1F0NZZWPXEmbMlqWpKjyfmN
CqiWDk5P2GRUlHQSEFHp4Ocdif8AOk7z7hOUqwAc8HtSKOsW6yYTmWJCgfZOc1NHw9dQZse5Jdff
XtQQlOe55qZINouz05uyplvbc9QH1EjnPAqU9EMpbQVhPIHc1azkxeApZQA6hxzIKFYp2aYMglIV
nPJFN5K2jk5anGUegvjIyDTfdLWpcZwFGSnsceKpKnYtqgJvmi2XXW5LaM554Fb6Yhxo2UPEDYv9
e9OWrJwnQS3JMIITkJJR5964rXHWygNYwocKp/HwC8MUwSh5pMcn5VDCs9qTak06ZUIp2ZBTndRH
LobdAWxZ2gFNBGHEe/n6U6RdPNTrdgYBUM4I7URXbscqawdrHbxB3sOtBKjxhVbL0v8AjXSpPPOQ
PrRXgVrY/wCn9O3K34ckpyn3p5uF7ftqAnHYdvNOCd4IkCesOoMhUF1hZxhJAzVFfi/cN4nvLegb
Tz+8RXU5y+24Mz44x7+4qde2PRkFpBwN3bzSBKBglPZJ5Feedizg6JCEA4UK1JATvOe2MCgDxCeR
kfU9q2SQhOFpznsTQPSPJACRlY47c8Gldujeu4MLGOO1MH8EhaH016ryMJSEd8q55qYdL2CO00N5
9MAZwa0ilRmxe9ES7tZRko7E9sU56eCGVpDawAeAc9x7U/IYJK0pJjwI4dfwpZHP+lSdom6ktNrb
V3xzntVt+xi1klXSUwSGQpZKgOSc+aIFxkSE+qpPPsTVMlGYloQ8sq2j60TadsjYQHQnj3NTF5bK
lqhwfCQ2rAAT4FM0otqc2I89zQ34HFIw636I9IADHOaHNQr45GFZ/nUSZa2C9xtqCS4rn/vUMaml
fgdyQMAD8v8AzqdFWR3qXU2392Fee+e9CF91EVNn96M4wcVKoEgWMxBT6ZORz380nVMQ6gc5GapX
dFJGrT3/AGoLWCBu4wfP1qQ9JQ1Psg8HcMkqNFWRLGRNrWyfOhxGQQckgnjzRn0JS2ualsuZKTjB
7Zo46UiJW4stFou1rRBQpCsnHKad0pLKi26lOD/I1pL0kJNgX1B2xm1ONuYB7YNKulirbHQZD6vm
JzURSUi28DhqlL11yIydqM8qPkUu0mgx4S8SAskcDPerW7IatD1YFz2FKQ03znk+KfYsSYk/jnw2
AP71FOqF6U8G19lQZdrV6ilLdPGRwkUM2fR1nm3NN3jrStwZSpxQ+VJowK2tneWlM++saeaeS2yl
WXC0OD9aerrGt6JibLai8rkJLpOMfU0V5Hdug50VoBiI0lcZ+dIkoOfVbXkf17VI+n9O3WZBecN5
Q02n/eJW6pZ3DwQO337UUg85CuwxYbOS8W87dvqFzaoH2wf8eadJF9tTvpuxACTgPNoOAfrt9/fF
S/YdGdN3iQ0h6RDb2lLmA+g7dpzwceDTjEnW1ctcWeQlLhKlubCQlXfcPYYz+tJFDs3KkGUqGlAd
QwFEqTypbeAR9wBzxz39q2t7Mj0mzF5jJd2pB/jznGfrRsfgzIlz47Mk+uhJWsNrSvjacHt9KRsF
cuI8xIcS2woH0z3LvbHP3wM0MaSZsr0biyS4WkLSQhCUcbE4yf18VzhzkMoMtQSpDY9JhnO5RI7q
9qRXgVWGLMvYDrqg02hKnNpVtSnnklXt4+uKXuwLlIgqtTbynFLWFqwkkJR7Hz7ceaFkTo3g291y
Sp5e5TbQ2ZKSF/Ydv1ri83DCjEttifdebTsR6JSSj33KPAH2FGh7OkUSbfCLyXHkPpJK3QrIz7A4
5/rSiDEeW0m5akf/ABW4gfh2lkgA+VYxg+aFjAMbY8EpujiVY9Ff+7SlBIR9ie9bXOG/gNNSTJKE
4KkDhIHvt9qNk2IihwtBppKUPYwkpBG4Y4802XUzYAxJcWlKSAUYCPmpUIQTYcot/tRZKk/xbhtz
n6YxmlLf7NnWMthgKdbJO/JTkfanoTY3W+JBaZMmC8QFEFxBJ+Wia3JdkNphuyVOtE5RuxvR+vmp
GOyVpisFtt9SgocKVkjNM90iIDoksEocQPmST+aqVCZyi3BqchUNxJWgp2lBPekQjliG5blJcW3n
a0kHO36GrRFUN09pxtptmIA2rOCFdjQ/f9NPLnMXCIgZCuUeHB/rVbJWBXPiRLpHSzc4u9YPp5P5
gk0N6i0nF0/Zl29x4uQnF7gVf+rNNMKGhy3qnMx7TKbSrd+RXuKizqjqK3Jek2VMxCbrCyWkr7kD
xWkMLJLa7ilnxaP2fXceNeZMJkoU56byCPyr7Z/nXze6tT7hovqo/N0+fwyor/qNFJwBzWPP6lbN
+L2DjV/UVeooFp6gw3yp6chEeS2ycfMCO4+9TXoLqVp9vXjWkdSoR+HvMVLQed4CuMbc+/Nc/e16
jTtxRN/R7pfbtD6xVphhbbtvkD1WW/AJ9vbvWesfVBvRut42h2GnAhRygJBOOcVf4Rk/+ZI/JpFl
vhV0zqHViY1zhNKQ3xkE1aZWhBbI7ciSrcvAzilBOSsmXwPFliRHWgx6nI7nFdNU2+NDgn8PjJHd
PiteNexnL5K99cGLALe6zOmqKlg8JVzVLOsGjLCzLXMgWwLKz5GSee9dD+3FfJMVKSoV9DdAXN24
Jmfh/SQOwxjNWAtkD8NtacUr5R+WuJJv1HTdbFzMlxl0pYRgHud3am28zxG3ndlRp17sFkDbtM/F
Stu4kk8c8ClrcNTlvDe8jPPFT5KN9MQQXFEeKZepMJMNtT6DtyPeqSw0T/UVb6/dUBZ4jrXrAdxg
ntVZ3hN1Rc1ynFEhWcK77vrUN00jVLyLpXR+ZcLaZQYzkfzqP7/0luTEokRFEHPIGBTw1YLLGG+6
PkW1KnHEYB7Ch2QhSAWzjINIpZwcW1/OSlR+mKP+hcsjVTTG4emOcE1M9Ai9PTW9MR7S0ltz5AB9
Kmjp1dBMShp1Xfkj7Vd00jFq0GzstKgfm4QnIp/0spMhxG4fmTwc8ZpyoascLuwhnZv8cAjxXG52
QlhLqPKSDVvbJTBidDRHjrU4gcHzQLepqbZMeCVHbuCh9aazEGsmZOojNYCvUSQRjJOcEUhsesCq
R+zXXsqaVwfcZpSXalJiW2gzt01ClpKOQrk0TWt+PMY/BuDJAP60tNMraaAjUNu/Z96LSEBO45SR
TxEtwZgeqlBJSOcd60kvVRF4Rzejtz2SRwtI4cpXpd4fihEkYJHv/EKybezRq0H9tbtq420LG490
4pm1Lpv8QgvNo24HFbQyqMW/JHGqtMbt6XmOCCDntVfeu/R5q4WuSuG0Fkg5QoHP6V0pOapmVqLK
N9VNCy9P3N3c0SlJ7Ecd+1BBaCFblowFDsK8+ce10dyzlGDjjPnj37V4qwNp59sGpGewchKiQT4z
ivdxxjxxmmPwbNJSrAVyPoe9PWl4jrjg2AnCu+cYpC8Eu6FgCOyhbi0/KPy98fSj+BMZ2Ah/BwDh
KuT9OK2TozkrFL82OGi000n5vCu+f86V26WI6ysfMr+Hjiq8h4CnTM71HkvLcIyO2TipO0VcnZDy
WWcpQDyfeiLtkSrZMmkppDbMdvt5GfzUdwsra9MYKle/IAq9kLI+26AjYGUfNnlS6IIkZMeNsawB
/KivIP2EN2dQwydyScjAx5put7C3llx7H+lThsaXpO01pChvQMISOP8AioVvv72UfTAPsKzn8GsR
nubRaYSkDscHFRp1JmqYQ4Qr5lfKAKU8RBbIW1NMfU8PnJGeB5pjkOOPJ2qQSkHJxmpSLQgeIYTg
JIKu/vSFlay8lXG3d2JIo80UkO1mtqnXVLWgkY4J7fSpR0Fb0CO0slIwMHH+n6VSdYM5e5015AZY
hlxs8HuM8imvpXfUW7UKGlvFI3eDg0ksmbbouV0wnsXKzsqZcBOACM09X2P+EaUrwOxNaz+TOHsR
p1Ce/EMEhzt4JzmuHTOPJce+fdtHuTis4/kW9BnqGU4mAYrOEkjn6CtNJWi4llBDhSjPKqunYsUF
KpUiHKYhR1ZK+6iaekxmnFhMp5S0p5LaTwae9k60JZbH+0C12+G4ENgc7T2FcocQQbauBCcPpI4x
/eNAMQsB+1Bb6Er/ABCuyldh7feibpXp+4aguhkXRXrqCsrClFCvsE0wVU2TDCjC1pjxIsZcVtwb
XS43sUBntkHJojYh2K0KaQpyQlp4bUuLA25Pbn6+5pPYo5yK7Lb3pDg/EzC26vKElxJ9PHsoEfb9
aWtwGy8fWfAUwDuGdijj7d/vU6LHSMxEE4TGG3G0OgEHOTn647n6ece9O7NttqEuJU6lawUvILhx
vSeFJ+9IaHaxwp9yQ49AC1yWFhe1C9q8gnBx7EAjArlPmssxGo0VDjX7wuL2DOCDg8Y8ijwVWcna
RGnIS2uZKLvpgOIK0jDiirHP6Hj9aRonWZ2clZU6AkFCUoySTyf6k9vYUmNGy3pEssQoKGgFhWdw
wUFXY5/vAeaWRrW0z6tvglnkYdfdI/dgHgj7d/1A55oBIcYFrWygs+j6aWfmLjvKinwceAB78U5M
Z/Dtw4NydLSx82whJOT2H8u570/0TZ0hWaRcVPMrgrjRGUHcd4QAM8cnJOfOBTW/AmTltfs6RJQy
ycJhITnOORjJAAP86RX6O7D/AKUwKcaaQnuWFqO5RHuoZP6cUqcjSbk0Zke8LhBKtyoyHEtBX0yU
5Ofc00rQr8jRNeDri3pGGkpIypt0EnxjPAzSl2AzKtxmx4Eja1jLoWV7AfICcgikJ6yI5djjSQy5
ElNNuoB+daQFHPuOOKHdVWWdHkf9qbYLf50vMryVY7ke36GmsieMCOOrZDXDfjqdac7OhW0oPuR4
P8xXFq2otry2Fl0qSrJT3U1/LuKEI52qahp12MlaPxBUSlSf4h5SRT3Y1R3JRivgNhf5dx2qSftS
aRSHlhsWxlxqbu9NStoUeU1pd7bGkRfUgR/VSACopPI/Slp0J+40xba1NdS62vCBx83B/nXBpl+3
3N1KWclHK957g+RVL4JfyNt3txuSkhiaG1ZzgnsfFCsu5XpEv9iyXUh8HPIIAI9jVv3JQ52uaJE5
lU8gIBw5g8U0dRn1i6v2ZtQciSW9yQDn+VNAAq33oFjCXHllcI70Ok8lNVe+Jn8VetaQtYaeuamZ
KTlYzgOp8j/r2qoxuLj7kp07KffFp1JiaRZRPtz/AK8VUrMpod0KP5v9aqZ8W2jEMz4fUWzyg/br
skKSpB4CsZ/rj+lRyPNJ+Dbjdq2NXw32xvW2qoeiLhLSljcXkpJPJAJ4qYevugHoFlhT4iiFR3UN
fiWSUlBB4OaxjFSTRq3TwWq6M2HUDegrFrGfcFSpCGkhUhJzuH1pf1XhsXHX9tuosyZrw7LSnOeP
PFEI9vF74Rk53Oi3XwnavucaE3GZ06uMkgDlB5/pVjYSZ90CUyQdp9+BShJtaCSSdG1wiRLOgrZX
lR55NAuudVXFUZcZLpOeAEmtkq0Zt2skHdQ7e7eX8Sklfmo71D07jS5LbbkUbc5JI7VtpErNC622
iHp0NtQkgj6CnL1JD7m9wHB7+K55XdI2isWxREdZbbV6qtuRwc0w3WGuXLLpJKQew7VGKoobXbWh
UsJbUOODninJ5n0IiUqHce9P+q2PNCayvIafUCrz2oe6uXFlFucUVhXy8UR2Jo+fPxJ3R+4am/AI
cO0rwSPv7U89KOnTE5phJZ/MMqOP6VEl6zS6iT5pzo5EnWsMfhU+3I7Uxa66C2+3wVPLj4Wn5skZ
Nb8cU4mMp1KitnVDpy0wtxhLIwQduDUC6n09It7q9iPlB7dsVnyR7ZG8coYlEpx370V9LbgYV5Dy
nE5JCfqKylosuZ0zursqyx0BZJDYOM/bFT105lKjtgOL+YAAEffmntpmT06JMtrbz7QXnO4Yx9KI
9PKXDkx4pGeOVVbXkV4Hi8Bz0g73G7AHfNL4khmTbgFd0jB5q79RHgENagRY7o4AxnNQxrO9oVJU
4lZHccnFN4Q9sE4Ouk+qtlxeN3H19qzAubz18ZlsrVk5ChnuPNROXpaGsOyQLDrFltLba3MnHINH
NqvLDqG3WHcbhgH2pbwPGxXcobF8YQ+k/Og7TS20wVNxhDkHB8GtO62pEdvg5R7UYMpbZTltWcg1
yTY8zC8jweFJ796lq7iVdZCS3x5ISn1gQR/F70/l1t63Bt4BasYzVQtMiaTB276aRKQpRRkHwKiD
rRpVUWA9hhSeO5Gc12ceYtHPL8ihHxJ2YMTHVraykZ/KO9V4ktn1VJCduD3z2rj5vyO3jusiRvKl
FWcgc5J/6zXgFrTySP59qxLPfL2POfJrIUCfy8ZzTH+jeMEpPyqI5xlXv9aMNHQnHFJwCod+OwoS
yJ6JQsDbTbXqbDnHODjNEFsfTwhDYzn+E962M7sdCptop/dqK1YCfIpZAafddCtpUVHt2pZYwz0r
Z5UhSVlPB7kVL+gdOuJbQ423jb5HmnV6IkS7ovTj6UpfkjBUOKNrFBPq4P8Au0nufFaPDSM0k8hV
Djt+mnZwnzXa4TkNI9NK/lPce9DwJjJOkLlPlXcCukFJX8ic4Heo0aLIqeT6iPTScJApjmW1Ay+R
5wM1Dd5KWAb1O2iMypQPZOMeTUQ67QqV6iUq9wM0p6FHbIy1LZcrwUEY7YHemByC3GXvKM58UlRp
oZ7iw4QEpHYZA85zWlmtTshJWEAbuePvSY7JI03o0GFuQ3xtydvj64pwgPqsreFA7R2zTeFZFuxs
1Nfv26wY7Z2BIpm07DcjXZDyVlJODkGpq8g2W1+H65SVW9psOKPHOTUoX2QXYCm3k8gVtK0jFU3R
DGs58g3JUaOjueOeKIunNsuDMQPLaIB/iUP61ELsuVVYvnh66zkxmnVHaaLtM2yVGYSqW6C2kdqt
XlkNoXtLgyLiqUv5UtDAJrSZeZceO6+ycBw4yfalYV4FFoZZYhKuv4stpCcqUeyjWI7NxktKuTGP
QSCpaycVVewnjZ10tZ7/AKqnpfjRlu+mDlaFBO1P68Y/rUiafhXuxlEmA+FKQQNrjZC08f3h/lTq
hWmFunXii4GZLdZcUrJ9RZUQsY7AKGKIHrU+ZjaZMxCY8hO5DTx+RSRg9hkUmqyJMc2r2huSGIDa
HULVhSVqOCeOxPY8fXINKYbcxF3lCQ0oFYwUnO9s4yOPII81LNB/hMw0RRCaX+HW4QUFzgEZypJx
9e3mnmG4XGY7LzReDSVZUCN3H/LFSWhY+lxu9RpdolLaLu0pcH8BIx9vzDOPrSoWu5QYH+0l0Q26
FeopQbGMjtx7HOB+tGx/A0tTvxT8K2Nr9P8AeBGQrlOTySe3B7V1u+n3lTDbLW+Szkkl1JKgDySM
e/gfzxQPRziQ5sVmO20S2nJDKnh8qE55cPv9M/1p/tdoasyCtMZUmUtSXUuK53exOf5/SmJjrCTc
vxxiyXkOrWdy0sDehvz8wJ+Y9vzcA06SUMR4pnuql5GMtlsIBzxu2pGfrkmjWBUjRN2N4iLfcnrj
sJASluK2AXD2JCjyTSCKwlxQtzUaTLWVYTvSEj2wcf4n60vkNI7uWuBbFZYs0dt4HcreCSc98FX2
riWVNh2QZjrO5JCEONq2DHkEJPj2IppE6E/ovMNMsn01tOd1BIWD9CRz481zulrebgrYcdWsq5Sw
WVJSsfRZo+A/YyuesyEiExKXhI3spJUjP0IycU3SbbDW64+5OdjvpSSG1r+VP2JGP+uaMAxhKVqa
V+CuKlPODKwQRuA5yMfKf05xSu3yEBHqvvhIYO8rQeVjxg96KEJX7G2i5pnuutuRnuUSm/7319jT
0xbHZriHnlbduE++D/pQOx4e9Y28R2FDckH/AHh8VpZm23m1LS6WTjGCeCfbNS0ISpZENT1vlRlI
bUdwOcjP3pRKctzsRpmc2QpfyJeSCTj2V9KpYB5GFyyON3J96QrDKEktIHehGdPhu3NYuTICXPlQ
57Grwsk0JYirkxFejCMHEtnufI+9M1yst7iTv2uyS+0hOQ13KKKvQWR91Q1IiK65JiIPoOtEFH91
WKq91d1Ew3oFm9yuFRJZSrH5kjP+Fabwvn/wSlR82fjLuVzd6u3C2aceW9CntB5bKTuCVds1DR13
c7hoJzQ9zC3WIbm5ouc+jz2rDkpTbR0w/FIWXe2SumVxsuttOSHAUgKC8keKl/pJ1We6xuPaJ1A4
ksyvmT6vOFY5Gayb7H3IqrRbLpbPuOkem0XSTrqi0ygJBcUfy/Q1LXQzSum9SarjXCTcBIdbUD6a
15SOKaVRUWzF0pWi9vTjQkBuAy/EgMoAAP7vj/Ki663KDa4/op2hzGBitvky+LBJ9y5z1uKCSUf3
vFDOpLZFbjl6S5zn8uaccsUlQBX6G3IyqO1wD3xzQxqy3MtRA4rCT9PNb7WDNYYIOQm/VD61ZPfG
c1vJlBhoNjCfr3rke7OuOqEyUOqQAhWSf6Uri215TJccBB7ZIqCwcnvGNd+GwPm7Dit7tIUWwdxz
/jTvLDwJIqjHb9QLyr+VAnVubvs74Ws5KTxnzTjsW0Ul6jaalXrWnrJTwHO4H1qWelkJuDHZS43g
jHJ8VjJu7KxhFjenEaO5G3FQIUOE4pv6ztxWLQ45sA2I4GOa7eCu22cs23OkVL1tHavsl0tgKxnk
eKhfqdo1tNudcUyPlGcgECs36o2da3RB85v05C2ykgg+KdNFEuX2OFK+VKwSRwMVhLRa2XR6FLFx
ZbyrjbuwO30qfNEJcbKWdpGzGM+cmhU6MpbomfTLJkMpCkcDzRLAgo9beMnwK0rBN7CJVoTIgpQU
c9yPam1xtVvYeCk4GODVJXRPdtAF1KvqGYytyjyjBFV5v90/G3NZDqsckDP1p8n4pFpJtgTepb8O
cVpUQBngnv5z/SnbS+o90thXqfMPB5BrOeCqwPUvUD1vltvMk7CeQD2BqQ+lWqHLon8EpzdsPv3q
ZOpWKriSfZ5KGJYZKuF87TT6+tC0peZwQeCAe1aR20J+6NIElqQ8pqQsAgkCsBC40rCEcKPbwaNo
SVMeokxPoBCsFJ81sxNUjhlzcmmpYoTj5FcWZ67gZcTnNDvU/Ssefa1FTOAR4Pat+OSboycadlHv
il6YwZa3Vfhkjg9hg1SvWumlWu5rQ0rcAojjxS6mKu0bcLbWQSSk7AVrx962TwNm4Af51yG9IxwU
7iR7HFeSgqVtQf196YeBXCaSXgg5x/jUg6IiO7EtoWR754H2oWxMkK3QHW2Ny3NyjxtB4FEVlsqk
L3uRSs9sJ8VqlZm8D3Ds+HkqUkfKOEE55p60/p9DzqF+mDg9gOKqvLEtEp6F08w6Ubh47e1TJoTT
0Ze3CBhFXFNIiTV0SXa7WFoQ22ByPHtRBbLYlBDYScA5PscUPLshYwO4QPT+RA3HgYpvuEJ9a9qy
do5+9Q3kpIRtQXkgqUO/il8OKhCPl4I5I/yo2g1g7JYYU2XCO3t5pturaC1uxx4SKT8ItbsCtVsK
dYV9OcVF99ta5EkspbV3yT71EsyoEsAnqjTu4KUton6nxQFeIKWXENqTgJ896k0VDa7aFuAIcbyQ
CAT5NPmkdMqUU7xnb3FUDJT0/Y22rbt9PHy9yKDtdsNQ95Sop7j3q5r0mKdsCYU5BUvY5yjvz/yr
q3ckNOJK/l5yMjg1lSotk39AuoohPNRnnzjIAVnip6ueq40+zeqHedtaqTcSHFWR6xapN2vRfDBU
ndnniiyVdJFltv4QNJRkdzUJtIO1WL+nlkk3jdLWO5zknmiu6RBpy1F+c8Rk4Sj3q2vTsHVmY4tn
7KbmSgEhY4R70kMxTz6YqBkLVhKSOKaZNULbt6voC3Pt7UJ7jxSWO88q2fho99ac9RwoEdvgY9yf
P2p+QxQY6Qs7kG4N29lr0kOJDm907SPsB70X2JUy2yHJDTgWp38rTiEvDbx3BGQfrTpMzb9h5t0i
82parhGnO7Hc+qJKUq/9nYrAH05pfBvyr7aG47hS2wFbCGlFBSfPyK//AATxUvI4of8ATr6ojhTC
cTIacwhSHMkrKeyh/hjxn2ojbs10QWZE5hSFqylDoWUpI8AexA/hJ+1Boh50/ptLMI3dwh9LxACn
U7xnx+ue3inC1xPSXGfZ9JQDvpqcQNoAJyAr+X+NQ/Y0y8jvInLgMOuCAv8A7M96ZSsgqaUc4J47
fWlsFJeiJiyJACJKQ64HD8ra8HH6EAH+VSMZnIsYx3UfhUIUACXNuSFg5P8ARXb7U+NybUzZPxMl
5aZy0emlLWMAYBUo/cH+ZA8VSCrOTtrVcL7Ed9AOuvD5WSvISEpA+ZPk855p4djANvtOvbkx04XJ
QShSeMbQfHfx9aBP2F0OAIUdIs8dUYyTnYptSlKA/vKPjI8+fekxjzH5K49wZX6HJUfV9NCiOxVk
Hge3mqSsl1oWW9F3fbchznGG2UYH/a1YCvAI4x+mRSqJFttqjNhaS2pCiChbh2qwe4GefHbNTQr9
hJfZcpKN7kgtOE59RYCcH27H/Tmkr0y8So26K8ll7CVb0p3g8dsJxx9cGgSEj1jjXN4TJGEPn5d7
DqkhRzyeOP51gR3297N42S7elYCkesd33UhQwQP+EinRV1g46h0xp/8AColQpcJhjlaEN7kqAPjG
Of0plmvsKjpgzEF38OM5dR+dOOBkgHPHnNGPAsjTc4EGUkXhiH/2ZKwD6StqkA+cDjOT96SQGoSk
KSoEpZ+Xe0ATj3H97B4IPNPZLE9wNumREOxVqZc3fN6fv77f60RaYhJUyl1dxacdWghTedu/Hsft
U+QNXozoeRCMzYhXKVk84z2I96UR4ktDRLDCClJ+ZaTkKI9x4pNZKEjsiSp5KUlJbdJTsJ/KR/lW
yJa2gmM4hRUjg7udv0oVi2NyrqVurYRlLieA2r2pjuVhiXT14b4TlIJDgHA+lWvYl4yMlpuDsTbZ
wPVa5Qt7Oa7zAUWx2I0DlIwHR5FNYwJ5VkY3/TtvcfchzGQ6h3Kt596q78UulLRcrRcdP29tTBeS
QXE/lCvetoVWSLd4Pldq+2Xvp312j/7WKVKYD5iOOr5BQrgH9DTNP6Qt3zrfcdBWZaEM3Boyms+D
/Fj/AB/WuWS7W4v/AJ4OtZ9S0L9J2n9tTLj0V1vEBlwwoMO/3x2wD/Wph+Cj4dLe3dJ8HUMYpCDu
YkODHbz9Klxuovw6BtpNlpm9G26HoeVYp0tHqtZSlxQyR7GogsPUqV0X1QiRarylbjS/mQhzB+23
2q+SFwWdGSfqZe34cPi/1Xq7TjKdwO5I+YJqbtPa7auzyHrq6C55FRGUpRyS4pPAVftpu4xfw9rj
ZyO+O1B2rIUaCVquUnBPfccAV0ca7/0jKT7XkiDqF1a09pxDjKHwCBwQeKipvrI7rOQuLEBWkHAO
cD/r7VfNLtVIOKNu2O8FqS+U7z27580um21tcfeDjj+I5rlpnUZsduKl4UokZ/SneewY8FQbTwfG
KUdhIjuXvevKv3ZSAcHPmll0S2hpLYUPm/ipbbKNPTYFtwog/wCVRr1MY/FMORWnAQR4FNYQeSIU
9K0SJa5RYyRzyO9OEPSS7cpJDYABxjtWLZWCWtDPpjwUBSsYGDyaFPiFv4j2V07s7UnhJrs4PwOe
S/zCqljujsy6ykrVuysgJz2HvTF1ZhNosUjyEjOajj/B/s2dKaKwXwBFwcSSSd3ilmj3A1cEKJA3
Hv7Vi9Gpd/4T7Wq7QWi2QogDcon8v0qzOnNLqQUqLYwtQ7cYo41abMZOpEl6Wjfhz6aknaeB70TW
1ltlJHsc1olgnyPESehKsFXdOACaS6kZcXCLjSAcc5Pc1pF+BU0QZ1SecDjoKySRjHtUH3ECJMy+
vnJPPnJqZuqNI6B7UDDcuV6SUZ3eCewPeuFqiOW5uK45uy2raR7c1MnYa0Gi7S3dbJ67Z3KSraAP
NEnSSPKtk/1VZBz2rOatIawS5bkPuqRKQ7tUhWTRdA2KZKyeCMkeTWiyyXhGsuzKWPxMZW0j5gR3
pVY21SvkkJwe2CaJKnY1lD4xZi6nKPAxgjvWzlhS24XSCge3vTWSZDlpzTiHnuVhWee/NOGutEOv
WcqQBkpwAa24l3SsxnKsFLfih0JeYaJEqOgkjPyrHFUG6wWuVHujipMVSeTkY4H1zT6hNGvC8YIl
T+TldePJAyDx49q5DdnsknCRxnv/ANd62Qobse/cnxTH8jhZo5dfGCCvOMdqlPQsBexsqBGO27mh
Ekp6V0zKkKSFM8K4T9KN4GjHIzQwSQMfL2NdCwZv4FcPTTz7hQEjarPKeMUWaT0a7kek0do43Yqb
sUtEjaW0w80tLXpBKe5I81J2jYyWcBKft9aafgmrtkiWiOWmvUOBu8Yp1glTe5OOT5qrpEtZserR
BbfPOcj3pYqxpWjcpAIPYVNWOxFNtaG0FKQP0ppmp9JIRj9QaHhD2c96ygY4GeaQzlJWcqVge3vS
2x+AZ1QylbJGPzDkjxQY9ZkrUpam8nPcUn+RSwhg1PYElBKm/wBO9RtetLJdlLC0EpHP0FTNU7HF
2bsaNfc2uBGQKJdMaTLL3zMjHkgU4oJBmi0tRLcV7eMfyqEOtV4Rb1u/vOeeSfFVy4iqMY25Ee6P
uwuq3ERju55we1PkuKpTe1wZ85B81jh0bPdD7091FIs8hKHnjgEcqPIqedMazeuDCY4WVEpxgea0
TM2iQtGMqb/7WuPgf8XYGlN0Y/bk70Gvn98f4VV2sh5wHGj7aLRHajxmckkZrn1Je/asuNbsFRT8
xApN+BNDE9dFTnEw3kbUtDCQD5rvpadI/bQemOJLKFY3/wB2qXuS84H7UjVslu+k9OSy078yd2VL
cA74ApbpHSDD9yLlveDKlIG0ISDgH3yPl7eKaSbFdRHaNcDCvC7LcCf3ZCVP+ipToT7ff9Mmjk26
6XRCJ8OEoRIzZV60qMI6ncfxH5Qonj7UbJapWc7AqRcmY7qpiYYeJ9RTycbvGSAkgk+5SeP50Vaf
tGmbYf2dIdjtOoUEnYtTyFpB5OFZB+uMfam8DjkL9Labjw3tzSSN/JdjObcpx3APcY/0opcuq/QV
YvUalJ5Ww4cpWCD4V3/Q+9QzVbFkS2ynZDLD7RaQ6QEN7NyVA8kY7fbzkUpesDdtkvwkLWptfBVj
5VK+v15qSk/BvAnMFtUea2662o7QUggqwCACfOCP6VmM276TUJUwo3kpLi8ggjwPsOaRYvUhUl+S
oupdbjK/dtqSR62eMnH1P8h9q2kW1u1R1xI5DrqlBSN4z4HOfagQ4RbRMS/HmPLTGS23gIaI9TYO
fmV3G4kn3/kKdDKEKTFjWdHqy1qO5RypLZ8KUfGfAAz/AI08Cqzu5c3GyIF0nMyd3zJUypZGT37c
AjyK0ud2Nttq2C2uTDQSckbNmeeBtJ71aIaSGebruGphp26Q3l4+VtpScgAAfKcpxnzn5TxzSX9p
tPtquLTRbZKCFOeooIIz374yeM5xSoV0OVmW1Jcchy7U86poDc78oKQceUnH885re4xvXUbnAkOJ
U0dpWpBwoeeP+R5qe1lJoQ3123oEK12+5xY8uaFuNx1uqQZIRjetKCMYSFDJHAyPpXe3yZ0Jxn8R
KdSptJB9NvO7B5zjkjHOQPvR8h4FEyHa30vOQp7UlC07lR3FghR77ktnsrv7H70P6kstqmQN6PTf
ajgrQtJUh1A749NQG4Z78faqI0N8kRFNNpZ9MEt7S8wctjztWnGRn+VMcabb5QVGl2zcWioJG7gc
90r75+hosBLPd/Z1xaYllf4V4Db+I5Lf1BHjNPNguDLja7T6BCm1YQlYICVe4P1oYLQtQpS8JeQ2
NigQHOClX0NONy/DvRFym2S06MFSGTwR9vNR5GDc8SEliS+SplSs/KfmR9PtThMVD/ElyCpakuIH
nkj/AFFC3krwDVzcUgLedcKnkK+RY8j2NJZ929WYWlulKHWvygeaawTsYWGCYDjUbH5twXzXm0zV
rQhpw7XvlJPYGmsksZtQ2GU3a5LSUAqbX3A5FVl+IHSuoNPQ7ihUMPsyhuQo87TW8E2RaTPln8VO
gdZaq6rmyaWjpLzSPWU2rvweDmodvPU+42bqNZ9RuJVHuFsc9CRxhSf4VA+9c/Mnbs6eOmlRJ9ls
juttdr1FEbU1LdSHG3kcBR8H/WpK0r8R07pld12bU1uTDmEkeoRlCiOCD/TmpbeZobVrtJU1Bqu5
3PQJ1Zant7i0blRUOZyn3Gf86gSffdJai1Cq63Z1KnWlZdaeBSpB+2Kp1SvyRG79JOfw3/EnNiz2
tNaUhFewhPqISQlY++BV6ui8TVOolMz7irAWASjPArGMr9MVgGq3snhmT/svaAVt+KgX4muqyotu
dkRColAzgHgfU/8AOvR4Y0qZx8jbeD53fET8R+qrjcDCgOK278FRUduP8T/QU/8AQrqVcXGmiUOr
WvBU52B+lcnNJqVnZxwXaWb0tekS7cmS98pVjinL9qOSHPTbTvGe3vWd4tlVTC3RtjcmLStSMH7d
qftYWaLa7UpxSBwk1UFbFJ0QjdbtGVc1JQsbgogiklymKKNvPHY58UnTuiq9xnuGpDHaKS6c4xj2
pjYBvcogrJB4yOamTpDoe4+iUojEhruO9D1/0v8AhmlAN85zz5rPAGsOUIkX0Q4EqGOM96i34kL+
P2O6Mq5TwR/hXXxOosyf54IC6ZAzp776lAE909x9/vSvq5a1uWB4AAbkHkn3/Sp4f9Ns0f5oqNqV
pTNzcSRjBPH61ztUgsP7wo54+grI1Wi+/wABLrcyyttgjOPmx/QVcq022OiKGxhRAxnPn+VHC/Sz
Ga9QR2a2h2UkAYA7Gnecz+DZBwMqz3NapXZLdM6QklzYtShkGnK5ttvwjgjgH9KUN2KRCPUmzOLl
OL2+ahnWWnVqlDHBBzwPrTmrTLixkhadW7IQVoyU88/ek+trE5GZKYyTk/MkAnJqVWSm6aCfpS1+
Pifg5KO48+eAak7SumYrSw5t7k8CoirX6D4C+HCCEemrssHB9qdErdjQUuA8pGFc96tLJIpt14QG
BGcHvzThFU0EeuFYHg+/0p2mheRxhXzfwk4V96d2Lw1LaCXUZyf4qSlQ5RH3Tr0Fh4L3AE8mieY4
1cYHpIweMVrB07OeZCPW/pWjUcF8CGCopPA8184vjD6SydMyH3VwlbMnxXRyPvg2VwtXRTEAgABR
7Y4rLZ+XbkH78VwHYzCQhXdXH1NbsBRWB2PjNIP2FmibCZ0hKFsk5PACeasR0l6WyZbSHFRtg4IC
sqq4K2Q37lgNDdHzHZQXm92e4Iopd6ZFhriPnHvW0l6cnP5waWvpw7Ik7Cx8oPAHijvTHT5iIENl
oK96UVSKbsLoeiUNJBbaxkYJFP1j08iEoOKb5HGKfmxbWAjiNKUCkgDjAHtTnbY2fl2kqpPOB0E1
nglhG9afGee1OLkhtICijtxgntTFgbbgW3D8o5PmmibbgoYzwfFKg0JnoCWmCc8jimO4ZJVlGB70
nhjVA9c2FOoUo5JJxzTc3aFOLJVxntS2zTCQ36gtPqxlfIPrQPI0sqTOXtayCriiWWC0Plk0a0Me
qyTuNOUTTbMRawUY54x96pLVENnDU7rUO1lBxwOTVQvin1emI8UNLCcZzz3qefQuNZI+6K6pS/IK
C/ncr5QT/lUxRyh1OxfII5OKyjSijWRwNsmqmJXBAJJAwM1ZH4fdD3C4QGXprPJHJNaQT7jOVdtk
yzbGbXASw0zsUfekVitUtiR6gUoknvVbeCcUSVpxsWy2LnTUc44JBoOl6ljSr660k5UrjdSb0hUM
mpXBFkJjxCf+9nlVE2m7M5FtzbxjtbNu51xZ4H+tWvIrxk46UMK9XZy5S7ntJUUtIU0VbiO3OMAD
GaLol2kaMnJuKr5EDq0jasL3LUcfxEn5f8cUaRNJs6WvVzerXHbnGubX46KC23HKQsrz/wACEKJO
c8k/yoi049d4EZE6RMWPWUELRLT6iiD5CSklOO+SMUJDboIrW6LRIkLachz92CTk7W+3zBvbwftx
9KN9PR5N1szTsC2OOocSVJWk70oUPZY5B+h48YFDwEN5CWxQH573qyH8BPCkKbwM9scDucd6ftOW
q2plD/tClNqyQ8rOEc+ePrUNGqa0E7FhSm5vt3JtkhQ2oVFPG4c8/wB0+cj604THo9unsNvJ3uPp
4SQVeoQOc/XkcZ9qRSTsTP6dQZ6ZEJCUNB4uhauQ3kDOfspOefc03yEeslqR6aguO6v1lAZKHOU5
A/7uDSKWjsZ1xhvttBxhsTlhTgxySMYwfHG0/wA6IZkCOz6lzaYDp2BtLCFZVjjOVHuSRikhMcdO
rYjhx1yxmS4tISUKXtBPfk98DH07Vu40n1A43CbR6asqcZ+RtKsfXJP3q0Q7MR1M3CMAH4cVDSt/
4heQVnscccU1zLc63ci5MuDj4OCtDaSU7e4IIx2/lVKiZPyD8+G68p2dEjIVv3Fgl0pJ+hRjv9ab
2LrcLZbnEF3LpXgMkhSSn+IbgODwBz9appPRlbWxytN7uDc1DrrkZlh/PqsuoWtPYAHI44wf5/Sl
8a9T8qmWhlhccq+dGAVoPk/MOQce/FRTRUWdoU63XW4fi5sGKmfCaUn1XEKKw2vapSU55wdic4/u
j2rkZ0YulCYjhSsFLUhBUDnPJG4Y4x24P3or3K+BSxIk3qGtboakIaXhxpKghSgP4SDwfof60xal
nuWuE5Bieu6yV5b3fMGc/wDCckc9z2zj3oSAG5yZgaakQXUF87iptCtqx4/IfzJIPg0ltiHmnUNO
wQ36xCQpYCgo/wCRpDEusor1utxlR9rzKT+Qn52zn29vtW2l9UvSnUIkN72VBOHHe/BwOfpQ9iVB
KqY5+Ie3pZW02cnePmH1+opyluNSLOme0nasHafbHuKXkegZvL7zSkOQwpQSSHWl9j9vau8aVGcg
rZaO11A3pycEUsAhtcltrW48uOooUM8DtTHIfQps+m4VJRkheOaa2AyWy4XJ2c/+EYBZIO8HxXcX
FUaP6CgkNpOcHuPrVIliiS9GTYXLk4rK1DCk981EXW+0w75phyRGIWlacFA7pNacbSeSJI+ZfxMa
JuOmeuMbUdiz68MEusHI9RpXCgf+vFUo+JCwCT1PmXq2QT+HlH1FhsH5VDv/AK1PKsy/5/zwbcaq
v0WG+CaXZdZ6WFuuy0JuUDtvwCtH+opu+PfRbseBH1NBa9F5BSFLaHylQHB/Uf5VHHX23ZTb70iN
OjfUrrJZWWodp1C3KhBPzw3zxt+nkUZT+quk4b6l322oZlKG1SNu7OT7jvWcVKKzmI2l3UtkwfDt
qm0369xnNKWzfKJGQlATj+lfRXoM/rRmBHW+yEpIGQnOMVKfdL0Ckkl6iVtZ6gDNlJmHnbk4OKpj
8T2ublMEi2W1j5fmA54PtmvS43KKvycUqk37FMdRdMLjqDUH/bp5UFK5Sk8f6CrD9Bukun7PbmRt
C1gDkntXFyRblc2dcJLtqJNECwIaZQGh8h7Y7U/WS1MNpH7kZPc4rLBoyROn8RTmMpwPanjqbbWE
6ecUpfIST371pw5kZcjoq6uK2b+6gHgqPvXPUbzURG0LGcc+Kl4bo1WQQuLq5DmxCsg8c0T6C06H
VhRTwfb2rLkK8EmwtMIcjBJSDxQrrfSqGmlqSjjHal+idoiXUrq7etROE7T4NQl18ufrW5a1q4x7
11cTpURKPqI06OJQi5OoIUU5PYdhmiLq8wk6fdb2jIHHnilw/hIqWJopz1CibLw64kYwTnNMMRSP
XSkrwc+RWRtgu9/Z36gQ20uC8ccA7Qf5Zq9mn5KF25BSBuV5+tHDpr5MZqpBxpVhDrwJRgAcmld/
Sh3AP8OTWqvtZOO42ihuNHQpSQSeaSm8okJW2Fc5xjNEY1kTaB/WWnUTmFSijJ8moy1BoluQ+44l
ogpBH/KrkkxwdAorR7lvltjYACn82PzUgu+mTKabDqQop+Umsq8Gg+6T0w1amN7Te3HOPepC0c1H
mvpyoBPuKVUrQN2Fl9sKY0ESmOyfamNF3bDX4d49uCD4qmsomOhZFt4cjqSDtI5T9aVwXzHR6TwO
0+5payh7F1tTGLm51WDng08w1f8AaMIwaaprIP3FUFyQzJ2oWcd9pNSHo9H4uMlLqsFX8Jp12sxk
k0O900bElwFlxvO4dzVMvjX6HxbzbZakRudqjnFdnDJOLTMortlZ8YU8Y7pA/Wsjk71H+Xk1556D
Mg985x7HzS+w2x24SkICclXvSB4LAdC+ln4yUypxkk57eKuT0k6XNNR2GhCBOBxjvW/HEym6ROFg
6asNMBZY7/wnvSu5aMQ02lCY4x7Grlox0cYOk0sqGGDkntiiG0aYQ0rcpGfrR5G06H1qzBwhttrA
HelKLHn5G08n2qW/BSOybclCtgHHtinG1wsOAr4+/mpi85H2j6JDYT6ST275pFcJ7Sc/vQCB71Vi
rNiEXFJUE+pyfJrskhaN23IFCJYlkfOnhOfrTPcYqFJU2nzzxTeWJPGRE9Zw42dqcnsBXBVmabZJ
UjkGpapmilY33GwNutLIGc8CmT/Zf0lJPpn9KTTGnSF8W2Nx2hvSPlPY9qar7OYhb8EZB9+9Xols
jDqfrNmLbVrU6AE54zVCvix6hCXLf9KRk7sJGaw5neCuNZB/oNqgJdaSp3kkcjwas3ZZjsqIh9Pf
A5z3pJekqWcIkjpPpB3UNxbJaUrJHvirgdMNPwNJ2JC3mQMJ8GteP0q2YTt4FF+uzczcst8Dt7U9
6Os8d+OmU8xkk5xTVbYnY/34svwDb44O3HzYqHtSS48W/qXGbKfTyCD5NJ5djj6cHOzPQb/PW/Ne
UVp4SE+9Pt1vkpf4TTEOGVuunhjOMfVR8DFWkqwSPVh0vdYcVEiBCkT15UEtx1EJbzwDuOEBPjvk
0H3/AKnwrDcY8S+a4aiylOq2QQXJTiwOyAEEnnHfmh7KSTVoK9K641/qa9Le/YExOxAQGduwFvuc
tjaoE98lPgVJHT11MxCYrNonF+ICtS5oKlBPfclwJzn9MU0q2TLOiSLXYnHtt4gqakurACFPIC0s
j6J28EUaWyPNTFTPemtbiSnMZJKVn24+/kfyoeQjjARaXjnC1tx1xVLzhCQdh9+D9e4ousca+PKM
h5gvFXDmzBDnjOQO/jmoaLFKrXBt0pUhTCwkJ2lGeSfzI7/yz78cVvEjOiIgfiG3UIcDgfJw4gD3
HuB39wKg1vyO14ZDkRbcB9LZeSFOpRxtVk5A47Y5z9aZ4lrRBZLr5SXUo3qbHygkDjP17D9KGNaN
mUW6SiQ6/DBW4UrZ2/MrnjA+g5zTsw6zNixmGVMuOsuZU2ASFEDHJ7YSBzz3J80BQvVCRNKltXBt
YaSShhscJ8k4HA59/wBabLjLlSoLiJLgYK043he1OM/1J+g/1oboVWNcm/uW9luEyy6t3cMrKMnA
HfwBj+VI7lrd5qYpx+7vylLT/vUlKkKB7oBJx/IGqjbM54ET+qorcotLgR5EdrnaMLeaGeMhJ5A/
nSXVF6XBeCoS220upSpTzzKFoeO3GEgD2OMDnjmtKMUc9M3yRe7i4i+2iUxHZdB9d07GceFZAwck
eT+tdb7NTZ31t2Se5OhyAVNuNIQrtyrPsR45Sece1KgWxXp3V3q3VECZOQpT/wAxQtClDAGQSlXz
fqD9wadrqzHcuTf4ZL0fek4UyslKieR8qhj6cHzxSKTNLSJ0SU4l9C2pCE7kNJ7Oe6cHH8s/avW1
+PchNM+EoNfmdafG1QSeAQDyO/I+xqS6BfUekgiWI29aohXv2lXLaSOD3yR9RTC9DtkVbrKbgveT
+73rOFj6eCR/On8i8CJxy8vuKVAhvSmkABbjK9q057qCeyh7ik7aLrGT+BZuLbseU586wjbsUfce
3gg1LwNJMKrQ6iLF9KU4n0kfnbUdysf8KvIpXb7/ABQzJtbKCYykghB5KD4IpDeUNSrnIjvvMTF7
1kbkqHZX/OuciSqGth9aEKUsEJUk9x7GmIURpsZNvS40tJc3FKkHng+DQndPUgvGTBdSpLayPTP9
RR4HXgGl3K4sXpa4DZQ07+bIOCDTtLthmQkiSghQSUFY8/pTWxNYEkZU6JpuXAnx/wAgwlZ9qi3U
NzUPWisubivkINUsIjyVc+LbpALtqKD1AskEfjm21Muxwk/Ok/8AOqH9R9FrgdSnbY9ZS8hx31HG
duCjPf8A6+tVyrHcv+Oi+J3hhYj4c7zp6E11N0CtyK62fUWlocOe4I+oph6n9S/27pldn1fHElls
EhShhSx/qP8AKsortfctMvEn8ojbQutOjJmbX5rTDrQx++O0Hn2OKJZFj6N6qnsym57Ly3Ffwrz5
qL4qabK9V5LXfDH01g224RZuiLKCrACtqcc/XzV++mVs1DBsrcu5x9iinITjAFLjzKuPRnyUlcgL
699SY+nYTjtwn8JHKQrGKpL1o+IO33N+QzATvVzyDgZ+pr0JyfEss5oRUwM6Wqk6tuAempzuVkZH
v55qy3Tyxx4MdLT5AIHbNcDkm7OuMawSDanYzADakjGPHinWA5EMpPolOM8mpwVT8Eh6SmRYDYUs
DnnvTZ1M1dElQHGErBOMVpxtLJlJMgG4x1NXRcgAjcc8UwamD0obGlkkeT4FT7mqYH3WRJhvNBbJ
+Y+OalTpQ0ZLKCoZA8VzzdOmUS7bLeDHSAP5Uyax0/67CilHg04ElferOnXoqnFI43A/Sqxda3Xl
x1NuKVx3FdPG6ZEvU0DnR1ornYGSSeSRRZ1StS1aecaC8nHGe9LixFlSzPJT/qVYXmrm7t4O48+K
DDCWy6CUkH6H9azRtRZ74Fr9+AuylKJHqHASRwK+g+jJz37OZyv85zUcNqUkzLkSbTRJOj7kSkpU
vnFOssJdcThWccnmuiOY0iXV5G683huNta3YAGMULTtSt22YkKfGN/NU1j+xN5HlzVMKdAcbLyT5
FNKnIcx4qSRtI5zTvCGnWRtu+nIDjuA3zg9+5oSv1nTEjrUCMBWCT5pNWxrBy/aKY9qdCTnaAePt
XbQGpXS44PV+VKs4z9Kl6Q15JHj60jzbeWH1A7PlPNDUyS0ZgcSPlUSlQNF3GhpUx2h3lbDaGQrP
pf4U4OzAtGEOA7udoo1gFuxZbUSUNFScrQfHtS5p1yOErGfqPapSHS2PlhjKuCwtBP6ntUjaIt85
Ckjnb4PNJtkOKJKt1tMlkNLSOR5NRN8Q3SVF4tEhQjJOUmungkro55pp2fm6GfkSlXvyK2J3J5wS
fNcx3nkhJUFIV/50ddNLW07MBWncc5x3xQtiei43w/aZhtssyFNgk48VbvpPZ2Voa3JxjxXVGjnm
8ky2OwRnm07RgDvXW8aejkhDTecdsDvRKNUQnbGh+wKaX6bTfP8AeIpwtll2nK0jjuTWV+DbtQ8R
bWlQ/dj7UrTa220bc9/ak9jE7sNhpw47fSvMxyonHFIbOjqy2yoBXJ9u9D1znK3LBxkfWmS8YEjM
xSVY3c9jzTqzM2xgc4z5rSOjJ7OTtxQQEEjJ+tcY4S84oOEE06yLaPPuMstjZ3PtSMrCtyN2T3Jp
fsP0YS00s5X5B7dq4yIrJBOOcdqaGDmopSYUcryBtHIzwKiXqBrlhgOKMgADI5NJtDWXkrf1t6vR
24rrKJBBUOBmqYdYtTuXy7qHq9jlQzn+lc8ss2iqR16O3tUC8Ia24yrwauL0klNXyDHiuODPHGe9
C0NltOhGjPw0ZqUcJHsM81PFng+vDEdYwPpzW9YpnM3mz1wsiHSmO323DgGi2zP2/T1vRHW3lah2
70k6tsbEMvUMa2NvyH2+4JG6ob1RcrZMmyH2Vlx1RJASeAaEDxkWaJhyYVoVfFPoQ4nJbQE5UT4o
p0npG1/iXrre30qnOJwHHmioIyM8E+R9j9qtayRLDwA/xZ9SLZoOzNaess6zSHJA9Z+dKlKkO7eP
lDSVoUk57A7U+580AdLZ6L1bokq3Wq7NqafQ6JVwS03IfVkbgsNpGxoHGEpWrGeVHNQsytGlemmW
30ppq+Wq1MXK8Q4EhUkKSUQQsuhR8lSVFXPAAJOKkLTf4pu3t2yJb0tRy3tkyHmAp7vzhZTuA+v0
rX5McaQ7WG0yZEhUizyRJZjHaSlspcGTwTnByOfpUi2Bn/Z1xtUtxEuOMJcUctuc9hx7HzUlR2GM
eXGVEDouAUy9y24vugg8pOB3x/1g0utGom2UoS+0hqRu9P1o/HqJJ4UU+SODWcjaKHoz5r8ZV1MX
1gcoddZ7bRwcp78Hn9a5SpTsW7KSxFyl0JyF8kkcZHvwe1Sy0jWRJDgZihtKTlSVOI5AOMgH9RxS
aDIDl0dkPbm0eoUKKznHA/xPagoWtqaXPRcHXVK3LKNrfCUhIyft+YA04WplC3m3RhmNHOAlJ/MT
z98fagQ5748iLKetjYewNvrIITgjwB4pjUxCtkn9qLbjKeRxlxSnMZ+nGOartIbGjVD1mlPtvait
oklRCQpCgnbu/u47U0uXF+3XmOzY4jjS1IOHFSkoKUnjO08H7HvVpGU9HpSVt2N6atbr8ltfyvuH
YlZHuQMfpg+aG3bxeZqDb4yWSvG5AZW3lIOc5BxwccHn9KbIWMkdz+qGpdNPbYttuMosulMkM7kp
a8gIfQVNnPkO4wffNPdq6hSLypC58afb23VDEae2G3GM8hQUnnB+/Y9uaTtFJWFtgv8AYZUsuKbk
SoyUkL/GoKdxBPKXNpSojPYkH6mixMd5draFvRsQv5hGacUSsY5O4jgjuO/tmhK1YmqdIdLPOjGK
3HXHSpxtY2POp+ZGORnPY8Y54INcHdS2u83VRh2+RGkpQpKUKP5HR+ZB77UnkjkpPik1RUX3Apcv
2pBnvKDnqKdbIMYo9ME/3kntkecffFDBEiTPVDmykomOkrS6D8hPfGCMfy9vFDRSoTW6Dcra65dl
OOtreVhX4b/dEg9iknKT9v60rMuQgPPIQkFwZVjnaR5+veoygHCCXWw0/EcbfawCV9jitnyzHu6X
ko+dSsqCeyx9qQDFqp2VFuJmNtKEcq5SFeD5Fa2+8vTGS0n97zjeocih7HhoxAuSYqJCJIyUKznG
MisPtRl2yQ+23vWo7xRH2H4sSWtqM9BaKkJSXAUnd4p2kQhHt6g24HOAQB4FMhjVeZ1tlbozwwXW
9qh25qKp+j4v4l6ahe5DSjkeRVppqiHjKI311pd1y7ouUhG5LZ+UK7KHtVfOuvwtf7ZdQI+rrBbw
0p1O1zYnuO4qm7TiNWmmdmNA3fQWlpFjv8YfhXG8bSO39K+enxYRb3ZNTTo9hilyEpwlQwcjzx/j
UtOMEvYvjzKyE7Tp+HeltLuEJ/5lcqSgkHnvVp/h96TdIICYl19A/ikgHLoJOfoMVzNwbqZvK0sH
0a+Dy1WCLCbch25GCM71pxn9KsdqW/swdPObAEkJ8V0dM1dI5OZFB/jE1veLm9IjMS1JSCdqUHmq
b32Pd2p6pEyItCt2cuk5VzWnP+WB8LwTz0AjF+Iy6Y6ULOO/fNWL09EcVEQ4Sc+Sr/SuTub2dCXa
ElvgrWkKcPbsSadoSokIpc4HjvRQNnW5a7at7O0OAAcAigDW3UNQ3uNObk/3e9U6EkCLuuWpTe3k
U3S77lRcKARjOQaV3opqhoi3CNdrwhlwYweMip66V6faMRt1TaeORisOWacqHVIk23W5KUbQ2CK0
vNrafjqBA/Q5pxJIZ6u6UjuR3ChPYHNU3+IPSKmvXUUnanPI8/0reK8k7YCdE2VolLS62c57qHb/
AKFSpqTTLd1sikLSkgDjmq4cxaHL8is/Vzpn6T7jrsUYHb681Cep7GiE+pKE4x8vB4HNZvDNllEt
/CNIRC1C02VnAWE8mvo5od1SrfG3Y5RkgVHF+bM+T0tEhaVPpx1LB/lTyJbaGMKPOPNbwxRnLIDa
v1GhqaGS8NoVUf641a36jrzToOORg9qt4sElgax1Il29LaFPn94M9/pT9onX/wC0AuOqQCrHBJrN
tRKrBIlvkt3GM08BnjBOaF9bR22EyEKwccgk1cboTfuB8iU00h1hLpIWnHPFM1hv7FslvMlYHOcZ
pPCyUkFEDUwRvebVubWkHg8dqVwroJ0v0Q9ycEc1KrIPYTQ2XnSHAobuD9xTszbnVkBsk+RzxSRQ
R2KXDYaDTuAeykH3pdORBeR6jZSCO4zxVxrTIzYUaDU200AU7sccipW0m9b9icoAwe2eazxobVhn
bpsRKAGlD9DSDWsRq621xKUhQWDxV8b7ZGM1aPywHhPzHdnxzWUJB+YEEY55rM6lg3ithbw28lRx
9DU5/Dj05k6iubJKVEKI4I7/AK01lgy+3RLou4xCYIYI2jPHarCaJ0bIgNo3NAc+M81vTic7kpaJ
IskVTbaW208DvzTyi1pKQSgEq+lXKVqzOKyJpViSglxSB+opImCUKKRnHmsXhnStCptSGCM44zWV
v7iU+p8vvSux0JytCnMdkjz71s3tQrCyOe3NFAzlNeQcjZ9OKGruyQrKj+gp1RnY3AlCC4DjBrlK
1E3HJ9V3HHg96uOFkzeRpe1oyX0oS+AM5pfbtUMqdK1uY+lNAzE/VDI5LgGO1J4t8Q+VrQ+NquOO
KbBfI5RpiUBJJBz3JrnJuLfpqKFdu+aenklvBH/UfUbcWOvarg/Wqr9ceoohF1v1zznGFVjyP2NO
NFTerPUCXKdcR+IPHgc1C1ymOTJKnnFEkn3rI3FmlZ7sC7IWHfPcGrpfCKyvUa2VZWcYyO9VFW6J
lqz6AdFrRKiw22HEqGBUrWuNIQk+nkDH2reV6OcedN6dVc5Cnn1dj2NL7hYHmViS42PSRnvUeMDs
jfrBqiEYX4NkhtQ4wDUTRitcsL9DaVK5JPAHvSWXZWlTDbSylXvUMazWYOekgbi6vOMj347fqKkL
qXfrXo3p/LkXtyPaZDbHyylOgNsk8+oopSo7j32o5x3rR4Rm13MqRE1nprq1eZNq0y7AvDa38i3u
QNzspQwA6lLeFBOOwd3Kzg5HFWL6H9HdIaNDNz/F25+5voKUxno0poDdyoKUsH5ge/cj7URrSLkn
5LC6O6fN21cW2To8dJCjiTAWl1Dw75V8uR+qf1opi2mcJLkebAVghJS8JKRtTnwAAe3t9jmmzJJB
bYn4bdsi2xTL7UnB2yXEnc5zkpKuRRfatKrfCX7oyFpcwpIX8qif+/5PPmjRSyPlosbMNp6HcWEt
odX+8Z5CVAcA+wOD7UvsVkbBVCZaZVszsW9ypYPb9azeTZLA9WRP7J2yY8UGQ6SkoJ4WOxSfBBAx
+ldH2oLMzMppIZGClLasOIBHgnyDSZSVDQm0S35IjPuFY9TIlJyNwIPJ/p/KkkGE678yJZ37ClQe
4G9JIx+oxUjNm3ra2yXpi9i5CigJSeTn/kP86ILGgswRLkP7mFLO1DZO7ccAf9eKayHgWSY647ZF
odZaSOQlQ2IV+p5PNMt5uD0JpD6rcHZKskuA7UI+n1H181aM5IY7tdHJMppFxkQG2uCl2Ikkk9+R
g4/xps1PI06YymZs90l0AH1mipCsZ4KcZI+prSJjJWC1/wBQ6t02Giqz2Q25ag3+KelLjrTxnCeM
n6c45qKOonWW5aZ1DLYvd7maYUlKFMKvK25EKRuAH+9CRtwFZ+Y47cU2vYIkK9Y+qes9Ea1tr80W
eKxdHEpj6gQv8FabiocDM1gqjOHJyPUUlY4CjjkS/wBPteRndJRxr4uImtJ9dp1b6pDTeVZKmX23
FFKPmTjbuHP5sUpJtqiqXbZJujZMy9CU1Z7jHjo9APxlw5hUAPZSiClaeeUqJx747FMK/wBxsYQ3
JkqkIKQVsMrCVNHypSecDOcKRlPANJL2IkvAQaCdizSqXcbkJKlrU22t0L3FsnkbucY48cYPYU42
62wrFdXXSlt6OpYaUjCgpoHsCeRt8DH3GO1J5KSo63OPFlmUyIErOStIIG9O3PKVDPccfpzxQFd2
YK5S0vxVFlxW5L6UkLbUORkY7fXwR9qHoM2D8l0w75+EDy3EKwtClBKQoHuDjg8jOea5TlPiY+lD
ZZZcTuQgK5Kk9/sal7LVD5ZlIbtDr6IgXsQHfw7asE+5HuDmvXeGqfGautrd2qR86Nx+ZP0+tSkD
fkYr0+7PWSSVNjGUgcK98UyRrmqz3R20R1+o24rhSjymk9DWdDhcHHkn0kYODg5PNOfrtRoZYcUn
K07sDzSWwa9gUs012e47HiHKkuHj6U+Wo3Jya0pSyGjlvPin8oK9xu1dYpUSM6+SFFs5BHcUPMfs
uHGffKyXH0fMjNVpoh6YIXtdmuLCLc4AtYOQoUilafWq4R3246SgDYsAfmFW34El5RGfxKQj+yFt
ohnaAc4FUO65aM0j679wmMoUDndu8K+tXJqQ4JxorBrzW+mdNXAR7HbefU5SnBBP0o36Ya6i3yVG
ZhxVR15CSdyeVfzrlk1pI3Sxk+lfwevXKBp6O6r/AHZSCVnzU3601MwmzrShRUdp+Ueavp3WTHkq
RTj4gb21FcfnOW3OM5cUMYP3xVcImhtX9S75+KYS22yVYHf3/nWvLNtdsERxxUX3MsJ0Z6XOabit
xprw49hipw03CioaDKlAgDv7VyqDi6kdNprA8vMw0RiGyk/T2pilXBpDCmg+M+OeBV1ZFg3LTKuD
hjBZ25pvuOk9jBU4rOPB81GzS62BmqLW1b8lojBNCVw1B+zUL3HgHvmm8ZQ0OfTcG8XNLyU5yc4H
NWh6Yxfw0ZCFJ2jHcVytqUmwlaJHiMtFrcByR3FI74tmMyU7xgCtI5wyH8EQdS7xDKXY6lgkgjIq
r/XCJHmsvlCE8g+K3i6JdMhfQ5TDvzjSW8ZVgEA8VNNvjidZT+7QTjO40+J02ipryRX1e0ch+M84
psAn2FVc6kae/DyV8DPsfP1qeVZs0g7HH4cFyW9fRG0qwlKwVc9+favpF0unfjWUISrADeM+Ky46
U2Ty3glmyhLdoylXnOftTPftRN2x7aXSRiupLBiRbrTVKnZiwg7vm4waEr0uRMWsAkJUjJ3Um7tI
1qgV1Pc1MJZCFgEAgA/alWgrzIjT0POu/cj7VlLOCqJe0Hr0KKoTrpwOQSe1PesLgzJti3EEqJGS
ccGtYPaI0yJrzc3PxbzKV/m5B/u0N3SS6lAuLaiDnCwDUfDLHnTepFrhIa9XdgbFZ4yPenzSd0kN
3VtLqyQk4Jzxiok/TY6yS3ZZAbSgn8pHcUWx2mXIiXWuAfJ8Von4Ia8iW6RnFKDzIwrHjsa4fibm
23tJyO+c5psYYdOp0h8JQtwg5754qWNLyDsCS782KzWRSdILbNKcKtqleKdpTzSoqsq/lVxjkylL
GD8r+QkYWMAD8tZxuSeBgjGDUnVYqsyEvXBOTzkc4q7/AMDmlYtyVHUtpIGRz71UPyFLWT6SdIdA
QjbmwGMkDvjtUkxtCstp3Ibro5PY447scbdpdEbunt2HinFNlQ0cqHAGag0TzgSzYCVgqAwB700S
4OAVbOfrWclZsvYbpcZSfmBIxSF5akYUpXBqVgezi28RkqOB9TSeRc/3nCwPH3q1slmirklZ/PhI
7kUgu6w9yAeatYRlMG7xc0x2yMke5qOdU669JxxKFFITznPalJiSWgId6j7ZXyPnP3NOEXqlsWUC
QdwHfNOLwhtZOU3qwhJG9/k84zT5p3qFFWoYfG3Pk81Sdyoh/iGH+3sURVLLic/em+4dQ4zTAK5A
B8jPeraRFvVETdTeobQYebXIAAyQcmqk9ddaImyHHGn07ckbiTnmuad7OjjS2Vu1vePxLi/nB7ja
aFl7ljfx9hWZqLrG2lc5sHIHB74Br6AfAbabS5CYcS6PVUBlKf4avj/Ink/Fo+g3S2xqfbSpLeEg
ADPmpGZsctbiWGUkDyc8VrJM58NhTpe2mGlbCk4z/Fmva0ciWazKDzgJPJ5peLY/OCsvV3UEAXoO
AbkEgbAe1JYTNmjMl5FrcW68BtUpef6ClEombQWkNOab6f8A+1bsd3YwwXm1SVBDaV9zyRzz4CSe
2Oapt8UfWbqFrnUzHSyLHiaVt12cC0XdLS5Nymq/uNNklSE4I/OEp58c0+TEu0XHnLJF+FrofM0m
qDarTf8AUk9bzoJOo5DTjTQHB2MMxgkK8jC1Yz5q7+jNDahtkaO5w86nBLUh4ocx2wEH3+nb2rWl
4M5vJJTVtebtJt8+zbvlG4vITuQc5xlJC8jwaV2fTK7c6zcLdM9QAjDTqSoo/wDa4UDn3zSeBJWP
tm0U24+q5PtkqUDkIVtKD7FPbv7gGiJMi0REBs215KBgqX32n321DdmsY4scoOobdCdLItRW2obS
gpwfvnsR/hSq0PNMSVw1ttup25QScEZ7Gs2zVIWvFmT+HcLxaU2FIcGPynORn9exHvXF51Ey4Kiy
Fb3lbsuoz3HPPjmk2UJpjktFscTDA3lQQCVnAPODj+lImIUqTEUy7H9NKVAuLznJHn/GgBVbY0Zu
54mRyUIAzuGAnz28DH+NPrE6GlQQ/IS2R8wZbHyNfX6n6ULIM0vllblpXKfuaFq3BSEOZ4x7DxQr
q5F0gemHpC/w4G1z1cgEdye4rVGMmMT18Fvkx2be87IbdIB2uJUFf+zkV0kJjRJ6rnMZmtDBUp1x
0p2j2KU7gefNamDB+72YamhvTUokzvX5cRLWtQ29semokc5HYeKrf1i1hpDpt+OiXGFb7dGeSAt8
uyEBKjuScNZ+XjjcEge5prY3dUVX6rdUNINQoLegup9n05c23wyp9VvQ9Z7klRylp90IWtp1J5/f
NrQRghQ7hpmdTdJQ4D0rUTTek7o4r0pzdoeK9PTx29Ura9aOEHnchxlBSP4+ygT3bNIXRZX4U9f6
5uGn7WIep9NSrO6wJMV+y3UyJLSBlO1SkrVls9v3gO0bQVY5FpYM+DdFR7jZZim5aQVGDIHptqwk
BWUgKTj3W2opPY1j5CS8hLpC63SK6JzK22GkqDbkYIKlNuE8FJHO0jHufYqFGtskMXGzmTbGvSlI
AQtfdtwDk7kYycduPFU0tkIb7q65EnOKU0HI6ylpxTK8BAPBSo555xjIB5phvsVcO6on2md6KzjD
T4wVjsAQR84IwM9xjzU+BqrBfVlrtsiEVRXGUuhXrtKYB2MrH5gD4CvbseDwc03vXZufGbuDcVx1
woCHkO/KtB8KHv8AehlIIdLtoXGMqM8XENJJHy84+n29q4T7swmOpa2xtQTtCTwse4qENgRe7+lM
cv2+SELbV8zasjIpNFmtOuet6YU6tIOVjv8AY0mxoc9SSW2IMea28fmwfrSueqG7EYltr27UjcjP
cGlsY1KXb7PcUzrYTgn5kDyKI7G+2w2FOfvGlK3JPtQxeBVNmxJKFpkRQrPBHuKBL5brU9ePSjJC
UY/MO1XdkNEeSWY9u1e5GS3vQFZBosT+GgtpuKWQps+Kb/LBPhAz1Us1l1HYlSmogPHzAjtVCPi1
6MN3r8W3pza2vBChnGa1VTWNjVp5PnR1e6aTdLXVbD6VmQleQSCO1TX8BPSu56uvSH7lHQhIUCVu
jJPauLl32nT/AE2fVXpDouXYtPswR+QJ/NjGKJ9TxYdmtLjzySokfxHOa34VVXpHPyO9FVuvcK66
4ddttot6048gVGejtA6v0e8lp8gnOcKBHmjlnPkysIuEYxwyVNIyro44hEpQT9QO/wCtSPp+PK4S
3wV+awuzUcLi05b2lF+QMKHbNBMuXJXdihk7kk4NU1UQwEcC3IQ2l0p2kjPamjUs1LadhA+wpIVA
BqeS06vkggdyKi7VspgSDFb4UT5py1aKJO+HjT34t5pTbZOcVbDSek/ThILQGcdq4+NZHJ2PSGHI
WQtOMjkHND2tVLMVRaVjjvW8FkzZBuuo8xx9ZKCd2f0qJtc6TfkxnVONqJPAz4q0OiJ42jDFu63T
H2EE8e9SDp6IqPbvS2dh/FVpLuwKWdgv1BhNPQXt6BkggHvmqrdYrV6cx1aEDPt9afIi+N0DHRJw
WzX7AAJTvB3d/wCtfQvo9e0uw29iilW1Nc0PzZXKtUTXDmNx7ImPvBWR4Pmo/wCodwcaWlptRKlG
u1fiYRVMCrfb3LvcVuFJUEHvXK/wTBbejrSQVflJrOPlmj2R3qi1yZ62koUQEjGVeadbLp1xuEcK
OcZGD9KzeZFXgIdGIdTM9fcrarjnwaLn7m64wY74ICUdzVx9yGkR1fZ7SHCj1MKx3z9cU0svplw5
EdPkZIND/IpaEsFMyEPWaJx5SPoakXRKUTGESd3OOSR2NZ14ZTJM0tMQ80mMtWCkcZqQdNoTLj+h
mrXghjqLKFL2lBUhXt4rytNxlYSnjd/F9ataonzY9ab06qA363pY9yKeoV0lw3A3u+T3FJRaQnJN
hVZ9QLDQJdzjjBNOjmpEPRVJLmDjtVRTZmfmOSFDaATjB4HisHG3ert9fasjqZ3t7q2ZCXO3PvV5
/gCvsZ1DLaFDwcDxVR2Kej6ldD5LT1paVxykYqU2GWykZweM10Twc8VZ2SllvISBn6VpIKEICkjF
Z3aNKyN8oBZPbAptuDadvBGTT/Yu4bnIhcBKRwc800zIARwnGKTXsHcM8sOJ3IQn6cUxXd12Nkp7
nj61L0Pus52+S4pOXFfWuV4vCGoyhnn71r4M3vIAap1E22FEuDBB7ntUL671AouOuNOBO4/lJqJl
JEbytTOxZK3VvgYJz35prj66c9VxXrrOSeckURywa8iSRrt/8SUKkKODkAU+ab6nOsSAFSMAHtu5
FOqdj7Uwnd6ztM5QqYeRzlVMeqetqQztEvJBB4NDboXbmiKupXWUyG1MevuKhzzUB9RtavS0ltx3
twAo1k35NEqItnyVSXicjGeOa4pAPY8Y7HmpLoX6eKFXRAc8kDb4r6R/AHpKMuyRpygn5gDtHGBV
8dXkif4l+umr/oFphkYAwO9TFpyPDeBSSCrHJx2rZu8nNoILJp1uSFpWrBHOTUedZW2rey429Iwh
IJJJqGsZHbsqtrecLzqDZEdRtQrv4o96RaFnT451RdJSHYkNxOGG0qcW8r+6P4Rxk/McVUFixyfg
FfjQ+I6XB0pF01oC1XCdKuBTEgRrYFPJdcAyfmVtTxgkhIKR3NVm+HnpY1q7qPJ1hqPQd6v13U4g
SbheXXmmm1qHLe0rbAQORlSipXG1G3FKK752XiED6RfD/wBJpyLeGLdphuGts+nGbZy00gkY49Va
ij7gZJ/mJ+etMu3x4UFVqQ060gbjIUn5z7j5Rn+da1TMHkeo9+m3aIQ4ltD7BG31ElCdvtuHI7e1
PSZsW7QkC4IbbUlO1RjPFxI8/Qn+VS2XGPsKkXgwV+o3hxopCFPrJwB45xXRqQZKFlyf6jOMOBKy
SB71ls3UaHK0XCMwQ00MoaxsdPIWPORToP2wXkOoZUtSCCytnnA/lyKkqh/trNtfQpy5Prbd4CiO
AT7H6VtIgiNG+VxtKm1lHqA8qz25pMYzyYjwlGA/8jaHELK0eB5FOarWzMtyTZo7oU8r51qJAODw
f5UUBqLSYbK5LxXKaaysNsk7nvqfpSqFa5KbYi7fg2kOLVuDbxyUfTH0ppeBM0vkdyQwUyWXdxVu
b9FWCo/f2oE1TpCQv1HZshLjjpx/vVLPPvnj+hzWqMpUND9vu9tQm0RXHpZQRj1ZOxtsjnGQAfpi
vTNY3OwR3HzopyKtTYb2xpYdS4SSPbsfrWqyqs53shjqH8Qcld6kaSTY24MmMkurcU53T4TgAnNV
26hyNJ6vi3CXGvdx/aRWCtUCa5OXD8YUwh0OgE45SnjOCD3ojh0VJUrK8dXtW9L4Gi52kOrNqcXO
bd9CDe3rPgIT4TtUy2opBznK1K5yCKhvp/adQybxImdEteWSZNhgoFvsVxdh3F1O3IU224fmTzgJ
5wQeKz5E3g249d3gmn4c/iO09btSLndRUOad1DbEpZeu9phpakNK243vQQkoe7fOUAKxk7T+WvoJ
0Z1zpS5W+BrBu+We+RLohLiJdrZ2QpKwfmeSWuGnByMpTjjCkjsM4vwwmnZPGnJWl2VoXabfKUp5
W2REylZR/wDanaeOe2098A808wWpSZD6bTdChLqSssuNH95g9kg45PlJ5z/OtfBz1THORNs70Bp+
PGaZdS1h0IytKge+Ce3/AHVew8ihLUzLdxQ3DcKVMuN/unckbFA90E+/90/1pLBSywWfWmewiM9H
dS+wNkhJb2l0p5KVey8bVBQ7g1xs0WK6lcCQ22pSvnQ+kYJSfBT7g9xSKWBxct6rMwlpuaW21fkc
aPn2x96bb9/uChUj05AwpKSnhwE8EfzpVQ7vIwRrFBuDsmy3eS2kvNlSVeUr8U3WSE07b2/x7hQG
lFBIV2I81FYKFs23JnluGJivwp5+qVff2ro5+ASymFICg9G7q8KTRQWJ1wYlxZTIZcwFcJWPceKf
LSHkW1snbvbOCB2NL5KYqfecRJbW4wFIcTg48UN3rTbTbMlTKjvCsg55waaZEtEaaos0q0XtEn1t
yV+TRJYrcZtkU267z4B54qqyTao1ctcZ2E5b1Adjyc1Vn4mum8rT81+7wIqltrzlIGRVxqhFFOs+
irVqS8GC5b0tuOLxvUnsc1NHwpdEZWkm40233FCld+R2rDlXfL0m0XSpl2OnpmmK2zcZaiQB82Ke
NXi3TIZiIWFKxyT3q+LGWZyoi7UVns9kZckLaRvxnKqia93m2XK6KaCT3/KKc32xoqGXY62W1Mr9
NaRgmjS0KRBCV7ASO5rHyay0Nmt7q9K/dMObTTdpGyrek/iXiCT7ntQ85JWAlnKZYQBjPGKC9YTm
VEDtmqwNfJG+rX9qFLU58w+tRS6qTeNUoQ2MgK7e9Zcvpgy4lr/hm0gtLDLy2+2DkVanTlh9KKkh
IOBXNxWsils63ixJdbxtAPuKDNR2Ekqb9Pg8YNdMTPID33QbMgqdU0OfNRt1C0MlmKsqQAMccVUd
ju0QxetPtRpRSUc5PPauEdCmWTjBHv2xWyVZQrzQO6uYDsVxBGeD+tVq602lLLru4HBB4qJvyXDd
EVaPUqHrBlTRKSlXjPFXc6CanEm3tAOHgBORXMlUzTl0ixthDs+KklRztz/SmTUOlZVxdL6WlEAH
n2rqTwYp5E1h0Wu2Q1OON4W4e5od6gWR1xxLoTykmklSaLAp60pdnCM3g5A7ijDS2mvVtoQWeR57
ZpJ+pB4Fmm9EKZlLZUj8xyk+30r2prUuIlRQr01p4OfY1pGNt/sz7skS6zjSGpxKCCU/1zTdbZPo
JTIyMKODnPHg1D/KjRasILfbWpTDyUowpCwrB8poi000bY6phJy2vHbsKlu8oadkgachP7EyjnI4
yM1Iuk5LjElGeM84qqxZLDiA8yrC14we9dJLKVEuN8g+1a7M3gdbDc0Ia9F0Ap8Z80tS2wTvZR8p
/hprKM3g3XcG4zZ9NwIUB5OKFb71CcszikrdGPvjNUopqyc2fnpGEIBQSU9txrx7Dg854Fcp24oy
hR/gP5e2R5zVmfgZ1+LHfGYT7wGVAcHHmmnTE4uqPrN8OOuI0u2MpL45A896n233T1mR6ffFbzyj
FYYrS9tTz3NefJUjeo4+g8VK0U3QikPH01KGOPY03OuoIxkEf41ajgybEyn2kklSseBTbOWyteM/
KfFN6JuhBIiNrUQD28+aYr3b2lK25GTzzUuNo0ToH7lITDQrY5jH1oI1tqv8KjKlkD2zQ3SJ2RJq
7X63StlDhwOAc1GuqtSmVvPq5IHb2pNWVF+AFv10wotoXke5PfPtTDIuDbCAlHKcHjwKdVdmj9hg
uGo22X1uJcAOBjKsYpA/rNUZO78VgnnGc1DdPJSWBLI6m7Ggr8Wcj3VyTTBfup7oaJEk9uCD4qe7
AwC1JreVKe9ZcgnPZI8UH3i8uzHTuc3H/rzUDobAnA9TiscbeU/yNAaHvRDEd2+x/wAVgp3DJr6b
/BPdYo09DjxWj+Uee/61px7M56Ly9MoSZjDKm2+ccVOOjbAmFCD7yPmUMg4rR7MBZLMuE/lt3aFe
3eoJ+J3VIhQnmULKlEHOKzdpZKWWV40FbIV91EBdeUk87l7Rz/j/AIVYvT8LR9js7YE2XMU2hS2Y
qmCxFWQPylSO+exIGT2zWixEJbplMurvXEXjrAdP261Qpd0AcZVb7Utsfh2yrHpJWFKUFEjKkpCR
j61aP4cNH2XU0K23Kzw4sB+Bht5j8LGelOkjJGHEl1HfBJIJxiq4FaFyKmi2+i7Mj9qpaMZlTaEB
CI/4QR1rx44IGf60XX1xticzIbuK4524XBS2QFAn8xzkE/yqngypNiK/mG3dUzWVKbWUhLjsZQGS
BwcDinaxN3KIhoXBsKZfHBUEk598Vi2rydEVjAuk2uZFnlsOpU26BhIVlP8AT/OnuyWh1v8Ad/gF
NEjC1oOUke+D5qDVDvb7dEVttyGdz4UPm2/nHuKKbVYZ8Nv8SEmPs7LR/oaBmqrHNvEkfiMNPJG1
Lw4Qsj/WmpUGRY5n7Qvj63mWjuwkkgY7AipGheiTcLtM/a0aMhCFALU2rg4UBxW06TPt0cQEnbHT
k5JwB70/IUKLJbhAt6nIpceWo/MpxXAGO5/yFOMZp59lK8JaSeEcDJpomQkvj7MZlMNEFhwqHzLy
SQPb7/SmC4pcQ/60W2rdQkBIKiEjd7c8itImc9AtIY1Vabiq6So1piqUMKSlR3AH375P1xTXeZUp
yMuXbrhFGRlaULJ2gZ4Uogc/atlRzveSuXXCFbb0qbJdEG8vxAtcRyPDSJMVQAKm0laPm9+TtzVY
up2ntNa/t7MO92S16glTcpjv3dp2GpleQEpLyV7mFZAwQSCR5pR3ZbpJkF9T9S6W0khvRvVTp7qP
R62lHbc52qH0Q5qgSEq9UNrbKk+FEhR4zkUL66uOlZ1jhao15pmLqK2QwFC53KAw+lA7BYu9s+dJ
H/2ROfdNHI/V3FcWI0jTROjnupQi630ih64i3r2RbVdLu2uWhBVhLkO6JABIxgoeA5HKSea+i3wV
wpkrSytRXCJCkvrkenc1SIyYEt95GR+/Q2fSdd/+zI/eK4O5YOKxtWXNqmWp0jcbTepM272O5p9f
KHTFWQFKJIycp43ZHkDPIPNEyJ02IoSIz6HCpJcbaKtpcHAwMgFKhz3x9D4rRqjmT7mKos6B6P41
iMtYXvWh8jK0eClR/jRuHJIyOc4PNDWpbc9Ae9cIUhClBx1uOMoR/wAaT2KPPnzSWSk1YNXsRXLq
PVeTEfDgbd+ZXpPox8pwPcfrSCBGudsnqujbvzj86SQUlCuQSPbPt9aTTGmkOt4PqMousFxvBWlK
45VlTS/OPp3pNeoVuudsckTZBEhkgBAOPlJ8e2KnyNYI01W5c7XqpzAKHVAbdpJyR2NemuyGGnWH
1qK0rDq0g+D3x+lKqbK2PzTUpUVSba8242BlKVHBxWtskouzxeRuSSNh9TvmkCEUx523ldvSnYPU
GR9D5FP0JuRAc9F5RUysbgoeKlotDw9KbZtbaUncc5Cj7UO3+Y7BImF4qacO0j2piBvVEGDeW96A
NyR39qTWR9q3Qm4zru9Sjj+tVfkihY62kSVbHBvV3BoM6p6O/bEJbUmKlSVDOCO1XFtMikyofVz4
brFqOe+8hhTLyVfKUnHOa69I+k2r9MSUMuSVFpB4wc/5VHLFN9yNISvDLFaWZZYhASXSVpHfNJbv
cUw0OPqeTnv8xzmlGI5EO9UOoIkrVAbUSpXB5oc0jo9VwcE55WNx+o4qZtSdIuKpB3F06hjaho9h
kGljrSkI2EYBGCKlKmDYyXSC4t/v9PtTzp9tqJGJfA/QUVko4XVbfzL3YAHigDWDxSVOB0E84HtV
ULwRXrW9qS2tkHHcU1dMbB+1dRBwpP5sbh596w53ijSJeL4fNLJYt7P7oAYqwFotaURBlI7dqzjo
zllms2ED8uBjtzTDd7E1ISSlPP8AjVJ0KgVuVoDRUhaOKjXqfaUoiLKcAY/nVweQ8lbtbtJYuJKV
EY7jx3oWVN9Z5bIcAP3rpi/ST5G68MuOoztwceD3qB+uVp9VLqhkcYyOMmpllGsCCYSExtRNpCyf
3n5iKuJ8OFucftkUNg5XhR5xiuVZkacmi3OhbTmH66842hPPaiA2OPsCSgAkZya7YpONHInkbrtZ
o4aTtQCO5FCeqdKImMOOqRjGeKErZbdWRdc7MiJeRsyB2o00nHbMUJKBwMDFR+LKbsJoVuYipEhx
OMcbs/50AdVrqzFUvaofMcHnit4v0tsy20iJtWzDLirktJHqMnB58UxlbSIbinMbcBeT4BrJ5ao1
Wsjxo/Uccu/vFgqcThXPtR5pR+DdHMgJK+xA8YrKLtUU32km6YQhCUNOIBSocKPejKxMtoeAznPk
9qtexDw7Hpt15KiGidpGR7inG2yXG2t7pyPGTVfoh5FyVsPjelexX05xStN3MWPuU4CR7GtVmmZN
3hghq7XIjguJUcDjANRN1H6gKkIIQ8SO/eq/FlbR8W/lCQjO4Djg1uco+UqyT4zXGdlGCEDBUSUk
9+efNGHSHWTmkdTMyi+UgLA2hXHegTZ9PPhD65R7jbIoE1IOAO9XZ0FrVi4RUK9fPHcGto5iZSWQ
xjXBK0gqdNdpVybACEr+/NESZYQ2XC8soQWwsY+9MU7ULTLigpwAY7ZrTSszG17VUZKSpTgxngE0
1vayjqc2LfBIPPNAvk5q1pEb3Fb47cAGmK76xaffIKwcjtRdWVFXVgnqDWDC1Fv1e1RP1S1UFNLP
q48cHvUvVgiEtWat9BxRLpBweVUKXHVzAaJW5njv5+tSsWaxjgE77rGMtxWHcpzgFfHHOP1oVvGt
IxZKQ/xjz9/al3YKr3BO/wCuW31FZd2g443cihO868XlSG3iCRx9KzeS0MU7WMl08vHA75OaSStR
OupADgwOwJ4pBsbpVxcWsrB5PikwUVfmWP8ASgfgwB/eOB4rGBjgfy7ZoFQ5aYlFq4tknA3cCvoZ
8B2qktQ47DhJzjOTnb9KuDpkTVo+m/RSXZ5FsYcZx6hAqeLPG/EW5AHBx49q3m14OeKrY2anYiws
vynwSBnAPaqt/FBe7e4w4fWSkqP5QeaxaVFeUCvQHSVrfvh1HeJzSGQNmEpU4W89sgDGfoT2FF/X
527OaLuGjdFWyX+PkI9L8cG1BtfkZ4SOAM43Y+nmrksUgvNsrv8ADh8MuuU6mTLTfGluFxSpcpSW
obBHslTaFLVj3JznPFfQnpPpF/TdohzZBbQtSEtqfgqU6EJTjup0BShxnGBzWkUkqJ5HbwSgLyJr
KXllPopwStp9JSB7Y7gcZxW03WaI+1iRFKmVHLjjSwSrPt3HapkEF7CERHXHS83LKGz2KhgYPg47
0V2awQX4Lcn0lKU3xv8AmWlX1z4rNnQh+tdlcdUq4LZbdQ2Rj08k4+g80cQNPvNRm5luUqQ1xu55
R+hqShdEhznZ6ZD0QLS2cb0J2FPtmipxFxmSkRYmCCAC28cFP296AYpgWpUfbYn9jicqIC+DzzTV
edM7FAyopdYJJ+hpAjlCtSIMhEkM+ohtHzoxxnx/KtbnZ4V1lJjTGw4gfvPkPBV3xTGjey2dEdP4
CXLEf5t7iUkkqpTItX7SbT+HVsaaJwEnKiPc+1CJfuDM5EWJNEh5woKDtSc7lqP0Hmm3XsthUEKl
RnW3BzuCgFj2wkVcXkiatAbdL6lgM7WGlpQj9447hBOPbyo80zTdU2tiPOZkofjsLQQXkRSpPbjG
cZz71slaOdlWPiFMmzMJTM6ls2RMl8vvXd4qQhAzxklJynHdKT4qG73pbqH1fgItvRzXEe9JuCVJ
fvNvuKWWnUpzlKoa1KGCQn5gVH3SKEu3LLx2lXtfzOpfQS5PaI1L1KdtUpT+x/TmtrC2uGUqOSGb
kyFpKTnO1ST+tQhqjS/VCyXs3dzSbpta1rcQu2oKW309jh1pIQpA9inBH8IqeaJfDVWiUOjTemdS
WeRCd0rHXKjPJbZ/D3BTLbqljlQaPyh0eC0ptZKflCj8pvP8CcLUbtxfstu1hPnMx8Lk2uUzkSG8
kA5KQiQjjIVhLgIwRndjDLNHTyXN6dWOI5dHpUbU7j7qmiWzuDqk7gSEhZ5cRtOE7vnATjKiKO7d
GhSorV6uDjynmW/RKVL2+ukKHBIGcj5tqxyOxz2roZx60d31qnoLlhhHAWopQtQC0K8kL7Y484II
pu1LNSiIm4W5pcSUAr1xIHyoWeFZxztI5wcjHIzjhIaA272NNwZSiC6B+GAClbshQ7pcSQMntyPp
x4pFa5MBwNsRkJUlaVlO53KtwOSn6pBz+lJplL2HGXcWFQZDLCQmS8NyHV8gK75z7HGP1pCpmZdN
PyLhGjhElCfTcY77T/oahDAO/wAt2dKC7hje0PTUf4sjt96xeLROgWxu+LdSUpSMpBycH6UVbGbT
Lg63EiS7ekoUlPJCsA13szj7Tqy+7hbh3BCvBoawC2ctQuzpznqsLSo9ikeCKKLNFdftjSjIy5tA
2nzUN5LVVQ7OQnoEb0JLROO+R2psmWeJNgONH962OcCiwoHL3b2bXGD0ZolKhgp9qZIFuZnSfXYW
EoQrlJpuqoVD7etP+ky3PhKCgrvg02360OyrPvLwK8dqpZeCHRAvUW0NJkOJKUhQOaabHfWGmzDW
yhJHkDBok/JSwdZ+o3ILxy8OecChfWWtZEeIvftGP+IVF9rKqyKWx/tLffXkb9oV9cGpKsaGocdK
GRjAHms7ttmmsD+iQlqPuJTuPYjtTbJmupcKlZ/SmJHMrKl7zwD/ADNKpSkiNlsdx/Ce1Gw0D94v
CYrByv5j/DnGajjWepUJbUnsffPaq0sjRDer9SNS5pjsOYOeRmpQ+HXTqps1txbfJI7f1rk5XbSR
S0Xv6L6dTFtjQU14FSw1GLMcJxj6UJUiLzYjlMJI5/pSCW0gJ3EUmwBTU6G3ApbYH1FRb1BaD0Z1
spOcHGa0g8g0Vk6q251iS86gYP0qLXLmGn1L38pPNdGkJrIrbuSZUVW8jJB28/4VFHWRgTIC1pHO
fJpvKLjsrhcI642qG3FOHCXMnx5q+/wnacTLskOa4kfO2nJrjX+qkaT/AALO2SOIUL8Ok4yacPVS
+hWE4wPHivQXpo5FgTSopKUdh702uW8SmHkd/FGmi3lABrHRazLLrbOMDIVW+lLetp1DThIyOe9R
KkyqpBBfE+hZw80OcflqCuq0uRIU7tQr5gR9MitP6SEvURzdZStikuOHD6NqiQe+KFZ1+eaiBpKF
BWwo/Ws9KzVew3WXUU1EVMltzC0L2KGeQakXo/rOTHu4VLHylW1WT3+tYSdaKoshom5x7ggNJUOP
mSc+9G1sZWlxO4Z+vvW6allGKXhhHaoyVZWFYVjsaUr9FW9CQASOe9Wl5Ils8hakNq2jtzQzfNSO
RXVR/VKPISo960S7EZ13sj/W+skssObnMDGciok1PrOLKStO5GDxwe9U6isjV+D5XhSjzjhXfNan
Hvz5+tcR2Gdvyq25Bzx9K6RHXGHQ6lagRzmgbRYf4Wev8nSdxZiSJJ2Z7KUeK+kPw/dfoV0iMD8e
CCAQc1cH4ZnNeUWM051DizY6VCQOBWl76isxiUfiAPtWujGVgVqPrHGiuKQJYGB3JoUndZIr73Ew
EAc5NNO0Jr3GmR1fYW4QuWAnGBz3pgvHW2JDdLTMlKl5wee1O6QUc2OrSX1DMrPjk1pdOpPylSn+
PvTSwLuA6/dU2Y8kBU3sM4zUYdSOrEeUpxpqUkpSPB81nd0ilF3aIZ1h1BW6+VB0Hngg5FBt36gn
0lL/ABgJHGzOciovDNs4A3UHUE4CW1nI5UBQxc9bPzFFPrYJ7hJ7VmUNMzUD7xKFq7+fIptelKcO
5Sxxx38UDRxW6FnJHP081r+YZV9fPegFg9jwvx4HP9a8n5RhJH2zzQB7bkjPI7mtj+UYOT5GcUAd
7Y6BNQpRKRuyavb8CGp7SqOxCUUB7jhRq+N1LJnPWD6i/Dij8Qyw5/DgHPv9qsra5P4SChkpySOA
K2lqzDyC3Ucsxobjr6jlQ96qZraE5rnqYm3xYLUuM2fnU+8EIbPuf732rOlZUfLJI0roixaVt/4y
9XZLYZ+RqOlRypec9wkAJxycYP8AjQT1Oteo9TD17Gua0WzlDpbdbDgJ4KTyABzwST5xVtCi7yST
0r0LJS5Df1ZZUXCVGQAxISyouKB5J3KCR+gUPfFTnpqFcbY02IcdcVWSQspQkOIzntgjP0zVWTJW
x3uCon4R+Q3Lkessfk2BQGPtkfWhqDeLi/P2OT2nXEK+XcPnP6Y7VEmaQiFem06kvs7/ALQtcnaQ
Pn8c9xj2qV9J2+PHtZiiS9uTwpPzBJ+vPNZm4/2izswRsemtpcVkoSg8OfQ/Wi7TLTy2UIWytSFc
KI4UPofpRoB3eaXGAV+GCE/kcycZ54reR+IW6VfiELRs+Tb3H0+9IaVihyX68WFLU2fWaBySnkjz
mt20rcjJQh8kt8emRxg5NMfacwlhuXK/Eq4UkKKfA+lMkWeyqQ/LbVguYQlsDhPvSYV5Osu5pu+7
8E2VJY5WsjGVexNbRo8liHs/EhLi/mKEHJ+1Fiob1uojOH1oyUqSSVbvP1ND+obbYNTpD0eUp8Nq
5bWNqV/bNUiWgX1gtiGy1HRY0gJ4UpCd4QPfGKZHTfJTC7THuLa2ZB+VDyQP1GRW0a8nNyJkbaz6
WSrkqTFl3aC5b0IIdiy20qSsfUAH+ZoFsPw8aA0oh3UeiNOyZE/H7tixxmEbgeyg5kZIz3Iz96Tb
8DWI5I0+IboprS3WRJu+ho+pLdO3epElMgSEFY8pxscHjjB+lU3tfwmWsdR1taJ6g656dPK3OJtN
rkBDDue6UIdU2gEngjOFe2aptduBww6C3WPSLq5oOQxdLvp2w6ptyV/h1JvliNtuSsAKG9TCW3FD
j84Lm0jsR3uh8JTcWxaZT1BkWS5RlulouXWU8HJcJRGSlYSkJeQMD96EpWoY37sVk6bRbxF0WDZ1
DbBKt8l5u3JacGWrnCQExJaV8LSpPds554ynJGQODRtZ9Pxocgou0ZTsUNhRkJd3neTggpJPGCD3
P68GtLtHPVM7XNliHJaTFYQxIbBHqK3ArTwUgnsSB2P2B96abqi2XSL+zVLVCmcrR+Ad3IdGM7kg
k+Scp4xzjzk0CAhp+VCQ1INybXgqjJcaXtUlCskfL4SM9xkpII5xQi/Bkw79IiTZiHWbctbqFNn+
BRAJSRxuT7efsaTyhp0wqkuTEWha5CULdQCC6kDY7j2/TBpnVfotsASh9LJfbCVKSslDnn+dR8lg
Zc7qmPe3412gerBCw408n8zRPn6/anKarcwmM8tJZkp/dkK4Vjnn9KPNsT0Ncl0yEPWuI6kqayEj
PIHtSxiY5FTC/FNb1PJASr605BE1c9RN3lIir2+mQS2TzRt07tyJsHEuUUrQflNZyy6NF7hhLjok
bI/rBe9O0mmuzWFuM/IYWMJTng0bAH7/AGuSl0u/hcsA4Pnimn/ZGIlDs1C9rauQPanV4F4NUQgu
MpiLJKkpHCSeKZNSsOtQw8w6SocFINCXgTREXUW1+rvfebAUfNRu8lMJ0rkpABPChVP5EvgS3+Rb
xFEhqZnbzsJ71FuveokV5z9nMrClk4I3Hj+lQ6jk1SsU6Dty5Km3UZAPlVSZEsuY6R3OPFZIpsWN
QdkctubsZ4NJJcRtQwg9vI81RO2J40dlLalK7A8A+DTddrumKSj1QAPBppYsPgFdS3dp9lQ3gnHf
zUPa/u6WYzp9c+eSabK8ETQpD131IEEqIKgMDParf/DJpxO6MFJOeM1wydzZo1SLwdM7Wy1bWkgD
gCjCWAhvAP8AKtawYrY2yXEhOPb60y3mcltHB/WsnsugQvVxR2JGT9aj3WxQ8heD+YeTzVQdsGiv
/WC35ZeUE4yCarNf564lwejZI57fau1P0kPY56WuaJtvVvJURwfpQh1FH4mO+hBHYgJpLTRaK46s
a9G/oTgYKwnvjzX0E+Dp5EvScD0hjLac/wAvFcl11Ef7l8lPjLFAH09rY+YDOBzmltsZKWCv+8cV
6G6Zy+GLJUdJIQT2+lIojCUqO9P5j/Kk37FLR7UmnGZcMltsZ7kihaPpwR5GUt8A/m9qJq0mEXdn
W72lbluU0lBG01EnUTR3qJdWU8qOQT2FXFeAsirU+lltRXW0pUSn8p/yoCumnvSU4iQPmSQtNYtG
qdIxH0eS8t1ts+k+kKzz3o36faOCkFJb5PY45B8Gs2rdDuyZemEOXDkoZdUs4Hc1MtlZTJCQr271
XGqImPsRDjQ+dIzgAk+ay4pBKinua3VGMhsnTHIDpDvKVnPHigfqO9iMt9C+e/Fa8e+1kS90QRrb
UcosutuyFA845yKhy/XV4PLeZdO5J7hRINTJdxcMYKHpCyjkgHsMHtWx3JwoDmuQ6tHhgHAPHY+c
V5XHjn6c0yl8iuy3STapAkxXlBaeefFWL+HL4pJ+n5LECdLIGcEbv8aV1knZdbpl8U9tl29BTc0n
Kc8Lp51d8RkJ2IXxcglQHvitZy9NmXbUiEdW/E8hE1Y/HnGeADnP/WaGJfxJLW+QJJ+b61EW2glC
zSX8QjyYweEj7/N3+oocl9fVKWomWSrOSrOapywLt8Dzpbrz+JkJ3TMADwaer71zYbiEJlhSs+Dx
zVKXoE4W7It1V1vlPSXD+KyCrOQrtQNfOqb0tTjvr53J75+me1ZpmleALvGuXXntypKs8kgc5odu
OpnnEnChhX17cVJQzOzlu59R3PPfNJi+Eq74z2NAzVais7irv5x3rzgUghLiiMe9AWakKxuKTyeM
V5RUs7QRxz96AZtxnCVgfasDZgKIPfyOaAsyg+4+/FZGDgpHP0PagaN461IdGzHJznParA/CF1D/
ANnNXxiV7iVj5Qe5z7VUcMiWUfYv4StUS7/boksufIEgnPirTWy/oaQlxwApSPfg10SeLZytJSoD
er2q4X7EfluPtpJSQnerAFQ501tUDTpnu6ytdtdfuqw5HkOSlKDYz+UpQcAke544rOOWVpDpqew9
QJwcjQbV+MbfIIS0fxAbGcpASnOOOPeu6dC3q0Fhq5uKaccUSmFa3ktutg45AWMkeMZJ47VdBarB
K2krVIlQ/wBnItkiY45t3l5la5LGPK9qcdvI96N3mHrIwwhvLjKlAIQl1QVntnBye36U3gi72I9S
3n8GhLcZGHd2QUkHJ7ckHkfSkdoslxvM1MouJS96mAAnGfoKyZ0QJQ0La2mmQiXbn1FtXJZc5AqQ
tKzLM8ssMrW42BkreG1wH/OpNKsKocOHcJ6YsgILak/IvO1QPjFP8Jv8K4mPDlFZSed3BI9qRVHW
ff40uV+GnBSQshJcPbPjNeuTKYzCnIruxwHPyq+VRpWUkLIF9V+Fc9drAUMbiM178fHgoW3u+XOQ
UnlWfFGtDrwJb5KlrKkoO31VpTtH92kt0trDaWUIwhR7H+FA98e9AaES2mLePTjPLWgHI9ThJPv9
acUzZbsAJbip9fP++84+goExHLYgwif2qt9RPZptQJX9/amq/i1yo+1iCpooUBsQk8frTSJaGS7S
5MWMpMbCnVAhAAJNDd0RcZrSFSypoA7keqrC8/y/wraHuc/IsDPetNynVquFmmp9Uncp11kOEjyA
sYP6HNe0/EnuhmE1Mtyt4IU1Lb9J76AFIwfvTdNmcdZEWoNG2O4ty3dQRyEK/dD02F/uieMhaeSM
85OfuKj/AFV0JslzQmzXyLaLnDxtVBfaSF7SP7+Qog+xycHinQraB239AWNJ2t63dOdV3fS7Lv7p
em7xMF2tBKeQ4ht8eqwT4CFAU7aK0tqmLIiae1HJiuS0tKITHQtkbFE/7tSs7kk+NygD7d6JZd+R
3YWtiVbLMqBYoqFx2VAobeTy24DgpdQOdpI78EZJ57F/0df7nIUxcWIDiURlKQpLLnqONhX8AVgb
0ZJxkcYqdEvOQ0fvr9zZY/HqUFk/u3kEL5TzvHGc+/keQaZb6zZJTjd0nMSNuFNvOJO1aVEcEH7k
HI4PB+tVloVA3frfFkwRBYbC7iyStLxA2vN4G5OO2/H8zj3FBT9rkQ5ciW3J/dqC0cAAhPcApPPB
BxSpjTH5F2auelYinYyVBLm1xA4wsD/MH/Kh3U0qPbVqizbThplWNnPzp8Kx4PjjioLBubf4N0s0
h9oBx5CgUqxj1MDt9FeRXOHqS33yztR0S20OfnYT2A9wfY0KWQa8iuHY4Tl1Fylv7NyOdqvI817T
dxtN0YkNKc9QxnjhzP5RnxVS1ZMXmjrYii4azWpohaHhtUff60b22yuQ2FiHMUkZxgHsayayaJj1
o+PdHHVpkOkKa5G7zS6cuSLun08ArHPPekimcXHsSFx5LQKFJIUn60PxilgvwpqPkJOwmqsmgdce
bhXVbCMoBHBNM95lPw/VSkhwKOeDQsEsifqTLdmrWjftz5qI9YwrmxE3+sHEHuUeP0qnb0ONR2RV
q6+XO2tqEeSFoUD8pOcfrQnpawTtRXn8c6DnPZVYTxg2WrJs0TpeXGaCvRwB7UYsNvt4bOaFgGbu
xlFXpqd7+/imuYBHWrLvc+fNMQ2z7k1Hbyk5P+NBt/mqedUorOBziqrAkBl9uqmgQp04OcD2qG+r
+p22SWEvp3K8VMmaJexy6G6Wcvc5E0t53KznvV4OgOk1W8sYRwnHeuNLuuQ5SxTLYaLbTHgoGMYF
Oc6c2VhO/wCvFaN4M17jVMn4UdxP86FdRXlDYUN/8/FYzZQD3zUDeTh3HNCd+vSHxs35+9Pjfc6G
1RD3Vl9pUVzavkg/YVVPVBQ5qJ1pfYqPIrvl+JmqFuko64yHEuYBJ8f6ULdSH/wz6tqjg5PftS02
aKmQDrtCjdku8HLgyT96v18Fltca0jAb2kENg9+1cc1/+RD+5pKvtMs1b4al5KBwQOc07sWsNbUY
7DJ9q9E406VHKYyQjlvPOM00SpiYzqsnz296bVZCL8CxV1DsDG4AYxTWxLZD5BSPm7fSk1aRUcMW
OIYkNrJHYc7vNRv1HhoCfwu3Gf4h55qlSQtsBrjo38XCJDAPHcVHuqNFCO4iW02VAfKRj/r2qGjV
C/SWikSmixIZHzg7fp9Ke7JYBZZ5ZU1lPbnxWaXpsfwSVpKwFxaXmQMkbsZo2sklyDKSl5GD2IPt
TTzaIYYyWESI6HY5G7GdvuPakZivpQXiOc/Mkea0qzO1WRJOjtuMqSpQII4IqOuoTYbiubV4wMc+
a6ONXRk3WitnVIutB9bAJzk/Kagxernmrq7HkPjG7gAf5YqOT0uzbjpoqAkp7DGM881tk4AJ7VyH
QjySgn5jjPfHY17AQo4HPjntTKeWeKtpBBJ/n29q6xZrsZ71mlKTjtg4pEkhaE643uxJS05NcKQO
OSM0S3L4grtcWvSM5Zzzjd3xQFeQVuHUG4zZJV+MUcfWlMDVj7iA686SPbdyaFgDe5apkOt5ZkqJ
HfKj2pkc1K80ooW+QTwck0CHKz6zUwSHJPYcK7YpReuorrhIZd2ADzkkn7U7xQUDN01Q8/k+oRnt
u8CmV68vKCv3xOBxjNIYjfuLjhI+uKTvvuK+YgYPtQBofc1gpIGAQD70AbpWkEJWD9xW4UlSgVDj
yRyaBHT8Cpw4bVwP5GtHoj8c4daUN3nxigezlhP5Qnv9a97ZT44Ge1AHlkFWPHbJrIAyFN8UBZsn
Ic9Qd/bxmjnoldjbtUx3w4EFKgR831oGfYn4HtUzJOlIkl2Z8qkJISTjPFW80tdZF7ihC3BsT3Oc
ZrqdtK2ccl6mRJ8QV0k6r1PG6b6RZRKU0tLksNZWoeQjA8kD9KUM6Zmrhst3CyLgPNjbGLoW0SAe
TlWOPtz7VEfLQ2EEG3iFBbZlSUtFxY9R5qShlKx9V8kkf8Rou00G3Vu2tqfDdjJWCVT3A+eB/Cs/
If1FXnRNqrJB03ZYqZaJcVyWytI+ch/aHfbHGP5cU+3JuXPZS9KUpbKTlBJPqEgYBB9xUyZUUCq4
i7vIU64FuMtEqKtmF59u2aXWk25D7Ma1B5S1DKVJcwM/Y+azZvFEmaSuwitNvz39ikKGNw5J+vvU
g2RizXpKErwtSjlQA2qVSNFFrI9WaKyZ6rbHd3Np/KFn5kmnu23CNb7kXrutRS78u7PINIurON6m
QGn1OukqZdUNpSc5H+VKYMyLNUWeFhQwAc4JFTZajix5uEqNDt2WY4SAnlsnOPrSe1NiSwmRMjp9
JLm5AHPAoBLFnJ+cZLDk4o9MJUduT9cUzORrg7eFOzn3Ayr8oRzu+1DHFLbOEuaqJNQVufkBI3dh
n/Ou8K8IfdVmY2hxX8RySPtQJxxZum5IivhbJbdUk/Mpxdcbk/8AtBsNLlMtJKiSQrmnZnKIOXhS
W3sIYU4wBgvNpKj+mKaJGnWkx1F55aYx5BG4vDPkA8CtIujKaTGVnSlwEpxdmU5MaSQnY4v0s585
Twf5V2bt8dq4Nm62yQtWdhMYbks/UgeK12csnWBa9dpemkOx7K8ErPCTIRlhfHHAIPI7j6U023Tc
mXdE31y2WiS8+dhQ28Wlt+eEqTzz/KglM6yNNWu4rD0iVGccbWUBtX/Z3ULxykpI2kffv7UM6yfe
0yWoK4bLraUne2tO5CTnj5f4fukg0/ORMZnrou/QXViNKjPBZJdQfUUgj+FX8RH3zxRPpGfaI0qI
Wrc+qUtISErIQHVY9+BnAyMc8dqTQ6oL3WlqSt1yIr0Av1UPAlDzaxg54OCoc8jvxTZdp712Kg7N
PqL+ZtG4BL+TxjxuBPfKfzDIOaFnIsIEZLMyLIVMMZn0XAtaEhwhwKCvr+RaSSnB+o9qQTF2m4uv
O2uEp5THL7EtBQXh5wccke6cjtQ1kpaG+BEnvLbZZc9Eep6KlOHIWnug57H9ecikHUC7om7n7o0t
bkFX4d11HdvA4UR3/wBanTKAGSbUy47Z0Sg5+LQSSkYPHKVDHeklpjWhy2R4jS8PKUpBWFYwfr+l
TjyDVipi4vNWpDTrqVKhuek4Ac5Tnv8AWuOlHXly571oCTuUQpseR702JLyEWmm3Y2oIz3pllLgy
fYmpShNKmsKZb+Ug7j71k9mieAj0+hllaC4okn5TiuepoKWpaFNAn/iSe1CGaT7a43bDOaQFKV5N
Mt4MG7WcbUkPtj5sd6pfJLI01G+83IAyVbfJ8U0zbvGJ3LcT255oWwZG2vmUXNbjUV0AucDB7VBW
t5+qNIy3IFwX6sdz5kr/ALv3/wBappr1IFl0yJ9Z3p5+alhrCgo4KR3FSl0a0lFVbUyJEcZPPvXP
LM6N9IlS2Q4zDWxpAPHtXcQUIK3F8AVSRINan1BHhuqaa5V9KGZ2oXHXVDuPcU2JDBebk8rclpZG
PGe9D9ynOtIIcI3Y5OaB+aI61/fkQojktx7AA7E8VWbU+sn9Xa0btTTqiVL/ACpOazm+3jbNI7Lf
/C90+9G1xnXWu+Dirn9H9LIittuemKzjH0kN1ZNEFhMaIk4x9+Kb7pN2KJzSloSyhlul1S20ohWF
H+lAuqr0rapQVz7VyckjWKsjXVOpUsrO1fvxQbeuoMVoFC5KcgeT3rXgVZYS+CMuoWvokqM4kOhS
sE8Gq+XW5x5OoVOIWOVeeR3rukriZJUgjtzSW4iZAzgjz4qOOq8gxyrc4BtyNvtVMuBD9xjtXW9x
GnCkhTgBz2719C/hRQxH0/HaTjAQBx4OK5KvqF+iuXEMFibc41HjBThHYd6e4rzEgA7xnGST4r0F
g5KG+U+hWcKyAe+aYrvDQULcAGSeBVfALGREwy8v9zztxWW7a+lwp3flBwTUVaNG6eDth5WG+cnz
TPqjSb9xaS6rwaFtoW8jVM08iLbghTaQKEZGkmbpJXFU2Nqu2aeoj8jjbNA/hW9yGwFI8AVzuOl0
GahzaPnG01n20mhp3lhfoWB+GfbjSBt2+aMLlp9p1xExlGDjBA80Rp2hSdMcoLS24X71WCB3rmi4
xipbTn5gMK+o962hoynV2BurdSC1IcWy6Skfwk1FmpdfMT0LblK+VWcH2rVYZL0V96uamZhTnI7j
xAOdrgPB9h9DUDaqkMS563Iy/TcUTgjOajle0acadJlYWynbjdyOwHvWUryQSrIUmuQ6TIBWO3bA
4rKUgjtxgcUx2eG3ZhOPfseRXgWx35HcjPikC9jJ3EklX071sh5zb6e47vB70BR0RMyUkKIHfGaX
QbmpKEtlZ+xoJFSrqlsK3udwcZPamx+bvXvzhQ9j3+tA6NTcSE7EHn/D71wfuLzmdqsA+1AUcHH3
VAqWoE/Q81xSrCjuVz4+tA2smMe2OPFYPOO/3zmgk8UhBGe+ewrxHO4c/Q0AeO/eBjvx37VvvAH7
snPnJoAURpYZPzKwn680+W5UOcgtuAFJ55ORTQHpekI8lvfFPpHyRyM00zdM3aEkrWyXEjgqaORQ
1Q08CDG3KD3Hv4rxGCMEH2AOKQxx09pXUmrpZhaYsU24ugjLUJlTih98Dj9aO9J9FOollurL92kW
C0qSsENXS+Q2HDz5QXNw/UU0SfRv4GrzqSHbI0O4Xm1TAkAH9nXJmRj/AO1Vk1cx7q8jROmf3gKX
n0bWGidu5X3roTwc8o5A/QDcaa8u4vtSnbnMk73CgHYoHngj5v5g1JyoEp5cdMh1LrijlKXFBYT7
jJx/IgE0LCpEzSbyGWltDuTZv4cQGWEPIy4tJG0jPdKccfXGecVI9i0HbtMETrc/l1SANihkqB74
IGD+uabZKjQQIhQYzTcl+J6a1HPpqR6YH/d4xj6Uy6huMiW6pu3TkJS0d+HE7SCPaoZqkMLl2jQ7
h+0Cl1DjuAvcoq/rT/ZTDnOJnwzh7PAcHY/yqNm6RIGmFyWEoWNqnARvaUkEUbxG2Z8Ip/Za2UNn
cFD5VA/QUtGkcD5Y5CJExpt9RbUU/K6e5p0XLt92mKtUqKlZSc5ztKvqD70mWlRyk2kS2HG7cfmT
lJbUckD3reyW19LiFocCRj5xn+tR5NU8Dk+qTNSmOWStSu5RSs3N23xnmmWU+kEBAH1HmmJxxQOz
Lg/bmmWnXA7+KOQkclAz3Nd7hqNDMgNCalII/VIpWPsEYn2G4v8AqPvqQ2OAD5rZoQH8sx2CTn5S
kcmgTTSOUq2vEOLEZwrA2hO7G403NJnsyFoea9NB5PqDJ/nTM5UZakIt26S1Jzu4AWCQft7Vxubb
dwkpuwebKkjbtJIH24qomMlYnstsDr7t1hQmmyjKXG2HDk/XBrZy1QkPfjfSVD3nkyfkUo/94VvF
4OScc2zE7TLl4Ql+yqtq1hW1xuZylf15BFNkKxTYiXJV3stsQllezY2tJUoDyB5FUZml1RcgWTbr
hb3kn94hmS0r5k/dXPHuDxQzqC73OS87InS7VFkBJQYspYCHU+QVnI5/4qVe496AObFkXG8IuM99
TTzKghCUKU2pBz8oK0JwpJA459qJrXdfw02Pp+5yXkJlup2iUkFtac8BW8eFchSSCCKdBrAZuWl2
G9+AuxW0tQHqIdKsSFd9zZVwo4HYH7UmurUlNsTcmbeoEAl0xhuQU9sOIIIUn8w55AJByORSyQ1W
Qc1HaYLdnN3ts5xfzeq+2pfKV7ccpPbASQe+RjPvQVAdYnw50Bth1faRGe3EqjrByRuHYEdjz9aU
vdlI5W+WsLUVKRKK1YKm/kJA5G7nuFJPP6U063RMciSZrQU8y67tW8gkrQDyM47/AG+lZs0QC3f1
nJlvU+U/h0qLbMxGU55J2n2Pnn3rfUVuFrLEFmSE+uRnA8+D+tSkDbQ220PwPxEmVHdIUv8A3Z7p
zxTno+U1pp9yfJScPAjjtnxmm6YkGGkrxE1FKQiaC0WHMgjtipVtaWo8gBtBUhSQQoeazfkvQY2K
1tNttylt5QrnFc75DHrLbYbKkeCKSGNkS4yPw67e6QpCvyq9qEbvcjZlPJltYJ449qpaE/cjPWt0
R8ykqKd/kHiosv8AeptjfdD8gqS5+VXtTY07eSLtXdQp0OQpTMg7kEkEk9qEp2tpGrGHhcUpUpsd
yaLaY1FNWRwuGxcNQJW0B8qqm7p+1+HtrbKMbcDtWD/I1egpZluW1ze6c+wFcL1qxpUYhl7GaqLp
kgFdpTsyUVLWCO45pukvegklSxnJp4FmxpnXJpzKw4O/86HtRXBtqOpxxaRgZOT2oKKz/Ev1ch2i
3vRWJJBGeyqiL4bX3dW68TcpI5Uvgd/Pc1nz/jRSwj6a/DzamkQo7QQDgAVbnpna0txmyoZ45qdU
jN6DOc4hmOEk0KXq47FnB7eazmNAzdbotQIK+KD9QOKeQopVn6VyP1M2iRJ1KkPR2HHGzg44NVi6
wdVZWnXlPB5fy58muqKoRCN5+Ih9dw2rkkJ7Ebu+fpTXA10l2/tSEyBtUrByc8GupP0shol+Bdox
tGEq3ZHH0+tRt1hucf8ADrysApHbyK0fhoONYyQ3BvbbV4StSsbFg5x+tXk+EPqJHlW5hC3gQAMZ
OK5ZKuRMvkXpLETNfNtx2wp4YUewNPFi10260o+uB+tdrdSOTcRyZ1Gw7sQlQwfrS5nZPUNyvlHO
aPkbVmz8BEcKWD44pDLlssPJbwD8uCRT0g2axJDKFZIwO4BpetxiXHUygdxkUlSdg14GLUFvDzCU
stqwfrTNH048y8HVnOPeplspOlgeo0L/ALMV+3cd6QuafU86HgkEZziirQJ0PsLTWxaX0jgDPFPn
4pKIyCrOB+YUlayEnZu9LYXDKOMkcGhSfKeipUsHggjOfNbJJoz+CNte3Zc5tx1CglxsnKc96hfV
NzlwvWWrPpqySPY1Un7BFWQF1S1Cu5yVsBwj2UTnn61GVynPpKQ6kkg8KHP9axnbybxwqK/DCsfL
+hrZWRgE59vasTT5MkHlIwB27/1rGDznIx3OaY3qzyUjlRV581nsMBQHg+aARlXAxkD2J814kqUF
b889s0BoykgDcQog+T4rwcXwpJIH07mkH7PB50p4Vn9a1JT5Vx7E0A94NcfLlWAoex4rRWAQlQxz
xmgRj8pJCuR9e9c9uCVHJJHagDBUoApPjx9K8QMA5yaBGNoSMJ5z7GtgMg5wM+1A2ePJyDgf4V7K
vOM9z9aBHsZP5sDHt3rdl91jaqO4UkUDHaDqtyNgSkn/ALyTRHb9QQZjGEqbWo98cH+VVF1sVHKP
pRWqp6YVsgevIUOyRtOO5JPYAdyTxXRWm9JaTKS2Gr9OTn904pQhNH6lOFO4+hCfvSarQv2M+otT
a+uLBt9xuLrcI8pgQQGYyR9GkAJ/mM0zWxZjy0qYRghXbHNHkrwXV+CB/X7VxivO6YnBpwjatxHp
hQ8Y3Yz+lX+0zdtZpktO3x9iLDCQFQpikrQ990KBBP8AUVtB2smHJVlguk2jOmeooIuMGMINxQ2F
iMpZWwT5CV5JSonnCuO2CO1H/Trpi1qm4uPyX2GFsrKFMvfKsgHB+/b71olkxlayS7BshsFqXATD
RKhbcrSMEN/UdyMfSk+nLfJdiSy83ubRn0wcZx4P6VBSybNtS1suFT5SlsbUIXyk/p4oT1IxbYby
mpjqvUUnKVDsT9qlmiB21uPvXAttJGRykPck/pijXTdvIQQqOQrIUc/lFQbrOQ+03bpjeyRFcadz
+ZA7mpEt34p2I2Fu7kowFNKHbNLbLQofVBS6Y8xhbZbzsUnkfzpI7IbIQ6he9LZ4cB5/WpZvFeWd
7JcXfxqy+8G94I3A9/vTzZZaGnChDgWok5UDnApJlPY8Qx+DT+IjKClOAhO496TXeMZEpfrPpTlI
AGcAU9CWGD8qXFiKSYmXXGvlSVcg0OzYa37kt19SyFHJUKh4NU6yOLNvkqjenFUG0DufJpRHkSLf
EVIaSS52AbG4/emiJeo1j3Ge6AhTr5UPmCSRxXePMuY3rXaRuUMBzO5X8qoylBIQT4tyQ6l65/M0
eU7VAEfcV0RAjzQUW20FlZ+b1h5+5qkzGRh2BPjuouD12CFY5Q0pJK/oeKcoZkSouyUFrbAztS1u
rSPwc/Iaw7ZbrcnfDw8k5/7MlIbWM/bv/Km+6Wie8EPtXGXFa3HYHwlzeMdiSDx9uRWxzuznHhyF
xno1yuCluYARIRHO1P1Chxj70zag0bb1iSHZjkeW0kqCm2m1OOY5GBkY/Xv7UsE3ZHmnrI9Iuzst
6xSJXpq+dao5ZKcnupCQAPfg0+3lDfqiNLhpfQUFf/bG/lAJGCnuMHnnPjk0tMraHG4XCO9DRZE2
e4FlaNyGVK3tpxyQkHkDHZSckY/KRzTGu6Q4nqWsSng89+8YadUEkZxykjAXx32nGM5AqrrRNWcr
mpqRa0QBMe9Z1AaUGilTwG4YAUB8yfZKufHtUbftD9iajWXP3KypUYocJRgjjGPOfY48j3FLNZA5
TreiFNZkypjalLHrMvtq/Jz8zZVj5sY88isvWyWm1O3C0TQ40+lTgwCfV+mPBH+NT5L8EWarLv7T
YekXF0R0qDwXj5XAfCscZHvThNn26+vfioBCilO3atXdPkg+/FTt2yvAjuWo5Fvu0V9tKFNkBS0n
ykUl0i9N1JcZ8JD++P6mQpXse1NsVNZD7ptbDapz0RYLic4yqpd0sp15ltC2inB2jdWVVgvzYb2+
TIhRW46uRnBBpwDpjOlwx9yNpyDRlBSYMTICS87LhKyAdwTmgPqJcipr8O9HKCvsvxVr3EyMb/OR
EjuNTG8+xqHeqV+QiCt9txKvpnmhYH8kKXi5M3KepqQv5Vjvnsaje+3yfpLUK1tPKU2s4KBnB+1Z
SeLRqtjjpqQzc7kJrCCncc8VNOiH/wAPGSonPGeai7ZTFt+1BHW5tbO3A55oXu12SgJy53PzfWtP
JFDHOvLSMn1CCOxHtTbInLfylK+/fFLwNZGW7zBEByT8vk1DPXDrdC09bno6ZCSvB/ioRRSDq31Q
m61vamEufJuJJzUqfCA0f9pISUkqC/P0rPk/Gyv2fUr4bLc49FYcUn2q2mhYpYhJKvbOahO2ZSVj
lfZaQgjOTj3oJvM0ryArkfWs5lA5cXCQST45oeu5RtO4/TNYVksjnqDAEuO6jGOPeqjfEZoj1WZC
0k+TjGBXXxq8CKR9QhMtNxdQpwn5iOMittE66decaakrWSfkOTWr9KKLCaU1K4qxttyHyU7O4Pj6
0AdXtRem2v8AfhRAPzf9earu9JfGkyE7lqEmT6iHsEHsBVoPhP6oGy2wKekEnA5z4rKUbkhTymTh
P61JL8RozMpUrJye1Gdg6qs/s7cJqTvPk8V0qVyOVxpEi6S1n+PcbZSoHd9e1SLp+6pjRy464M44
5oitITZ1nakjuD09/IPg96YJN4S56hzlX0NWxLA2XLVhhOJCnMAcHH1pxsmsozjgCpAyMVMh4asf
03BqaEkEYHNLIzTEtaUoRxupuhaHQ2BLcbcAMnuRSFyI1DPqLwQD2FCjixXY5QfSeiEIOMjI54rz
NuW6pSwklChyM9qfhEjQ64pkrbVn5eBTFe5CVJKEnOe2KpLtsd2RnqBlf4p1Ug/MSQc8VEvUVLEZ
D0cncn+9Va2HnBWjqQyWpbre8DGVJWo9/oaj0znS+pt5PsT96x5Xk3jog1I+XdvyDx7VlAShXy8D
HesTT5MHGCgqzWd2SME5x3plNGUYIAx7jJ5rbcScFQ5/SgPkwRt4Jx9aydowe+PpSEaISVfxEjHg
9q2AH8KeAOfrTBYMKWg/w8j3rUK+QrSnvxg0haNVKAQoDv3OK1Owg/KPbBoDWzTGAT2z+takn2AH
kgUDkZSkqyQOeeTWD9F5zx3oJPcgEJ5z4rxwVbM9/Oe1A78GDjgbvpW5SAglKj7UAajCVY3cfWts
f8geOaARkc9z/XFLdO2Kbf7k3BhPIa+UrckPL2NsIHKlqPgAf6DJxQHgdblrh2DDc05ph5aYJ4dk
rBS7OI8q/upz2R2Hc5PZLB1ONyQ4VIx7DIoEF+nrZap0MXjUdzTBhE4S5t3OSPcNo8n3Pb60sd1x
bLAAOndkYtp/Kbi6lLktz67yMI+yAMe9VhiLJ/Aj0Z1nqjWbOpNTXm5PvO4dZhB5ZkPJPZS1EEpS
ccDuR9Oa+iOntE2mLBbXKhplSGihO1LigGj7LSof1/rWyXbEybtk1dMBYZLYtVutj7UpIKfxDLmw
tg9wUdlDtVj+lmipFphNXeTa03BzbgKb+U4849z7jP6Vo6WTDtzk3v0u1Ge5GtIeQgq3rbUflx5H
869aPwsdYaZk7kJOUoDmd4PcVBojS8yLVHkH8L8iMhS0oc+b74qPtaXyU7cFJ9cLbbGU+qOcVDXu
aQONhtb9z2zWXAV4/wDUnOKk3p8j1GEIluBew/kcByRU2boNrSuIqSVxUBr0jyR+VX6UWqcX+Cau
EXaN4GQheQr/AEqDRIUtm3TIhmONKSvHzBskc/UUPXFgx5u6JJIS7+m01LNuPdM7QnIsV1aLlIUH
cZTzwaJNFwkTFOJWClZG5JPGRSWTWWI2gptzb8GNCnS44WhlSsfXxTPqx+Q+4UR4+1YHqK9gKZnH
dsGo92WYKtmPUTlRSPJprW9NyZCcEH8wSr+lSzRU2dLciatQcksrA993FKU3xDL5jLQpIJ4weKEO
SVYFLN0YeQoMx+R/GDmtUxdRfjAIskhtwA/KrkVSOedLZrcbO/Kc9aTIWh1sggrAANd0yXlNfhvl
SofKS0sEKH2qjCVDjb1YU0wiOjjsVk4H86cnpEiLKAiOsIB4UpRP+VaIwmrOytMxJbXrSDEcJOSp
pRSR9jWl5tcaPaUQpUl0sDGNzRWUn3BBrWLOeSBFuTJtV09G3agaYc3cuMlY3D/jQTg02XmxXG6T
jJvN/ZnS0/Oy4w4tAB8YH+mKd/BGmBtyny7VczPmJkw9qfnH4gkKJ/uhRyD9Oc03N9TYEmSLUYiV
7E7nGySlbZB77DxnntSryUKWU6euU23vRlLiPg+p6ZcU2M54254I9s029SXbu/d27czCjyVOctsy
HcsSMDJCF/wLKeQDntxnjACVMRXO+33S8/8AATrI8ht9I2vOOBW5XsrPO7HAJ4PA74IFtXaoanOO
XJq0uPLknc4+7hwHarCVDPO5JHPfIzzTWqBqmCFxnS4UpNtnvoZZLu5p5rJShX97nuD2PnFLtOAy
bNIs9wkFIbfKm0tvEI3A4UnjtUN2x1SBrX790YdkR5eH0sKC07UFDqkkY4yAFf50wWO5/tWCTHto
jqZBXgJxvSO+R70mVWMDVqjVdmvEgWG3rAdW1vafH5T7pNOPTJS7XLk2xIL6HGwta0Hls02l4Hmq
JNsI/BXRoMPKcDuFlXmpqsamFWxguN8ZHIrN4C7CpuGt9XpNOAfLuBpDJ1DJixnFPqB28YoVhgFJ
eoJUltb0P92ecj3oFv8AqBvU4ctzyylbP6GmngbwwB15eYdqtRLjSXEpGFHPOKrT1Subbsta4E7L
LuflJ7VT1RUasim93g20qQVZWDwrPegHUV5XeJ25fcHzWE3So0QfdNIcdhhBKQR7HvUiw79HhI/3
wTtGO/FTFYG9jHqDVrRc2FwEkd80NTNQPyHC0lZwD3Satio6IWXMF1ac9xn2rCpbMdJKlhPPvjNA
yMetfVm3abtjzf4pAVtPOaoX166zS9T3ByPEk/mODg0DIrilTsoLdc5UeRjvVrfgisDly1cyAk7U
JGCO3f8A6/lWPM6iNe7PrZ8Oul0xLbHPpj8o4qw9pS3EhpSFeKWkZ7Y26glqyUpPB9zQlOWpbhJJ
481lJj0Nc5GUFQHB8UO3VsqyCcAe1SlkojvX85qGysqUPOearN1zvEOVEfUtxOcd66uLBJRnrNax
MuTi2Gzt3HjyaG9AaWlvz21bFEBRxn71csl6LFafsrjOm0gtq3Y7c4qI+sxWgOJc+U/8PBGKUsRR
08CTVkIzpa0PYJH3PGKkPpZ1F/YMcRi6MDyDQlWTGeyT7Z1EXNDUpU38v5fmo80t1PdiR2G1SeSv
tV4Zk0Th0t6sxnFI9SYPUTjIJqY2Oq0VFkDypKcjjvWnE1faznnFpjVI6txVzUMplYLvOzNOtk1c
zNYU6X/mB7ZzVbwPCYL661eGZS223huPIwaabT1LbE5tAkEbsDv/AI0+RJNijlIk7SuuWnlJZL+7
I/LmpC0neUyFJWV8KPvWboeQtTe462Pw5WPlODTZeXkqUNpB3dvFaXgnTsxZp4S6GHMEcg0Sx3Yy
IhKikEA/ephugloDL3LajuOSEE5B5xQpJuCXJDgIGPzD61cgivYDNfXBhMV2U0rBCcHjsKr3rS9y
Jcl3Kjs5Tg+acnSocVm0RDr+2LfacfXjKM4UR4qNZcZpcpQSRvOBtB7f9CspGyIEABSCEcA/cV4p
OAlKznPasTXeD2zePmV4rGcoKgrvxmmHyZyOCD/Ott3YcfrzmgNGQ42hlSQMqV5yRj3xWqOeyTjn
mgNGNqUfKVDnnHNeUM4OCCfPvSBnj2yoA9ucEVoVcb1K59qBGvHdWCTzitCE5PzfqTQDPDG3HcHx
XM84ATjBoBmSlWcpA+uKwcE98Z+lAjJykkY717buUfb6+aAMjGAkLz/13r3PkYPOaBnk5JyfPvXu
5wO3nPagDP5VAlWB9KfnNYRWNDDRdosrbC5L4fnXJSip2UE/7toDsltJyojupRBP5UigQwp4JT4H
tzms/MjDu3ODnmgYok3GbdZaZEl9SlgAJwcBIHYD2AqUuhWnbNftV27TNrltzLxLWB+NkpBZh89m
0EELX5K1jA8A96aVuiXo+vHws9BdEdEtFpm6cvVskyn0B1+V++ekPqOCdzi8jOfPb2xUm2u1MXll
2SW1Mq2EuIU9tDxPfKQMEHGO4roayc6d5Jw6CaOjrsqLvPYksqbVtS/KaQtkD+6F8n+Zqb2dSOss
IhW97bEWna6pkYU0fcDP+FU90RQ3XJ9DNvXJQwn1C4FF0K7+M4NImrmY3qOSYaFNrOMNgnBPnHtU
ssHtSXpMZC0OP/KoY3J8f0plZbtchxEibMDjuMDYoj+fFS0awR007arzGll6E+4d5P5RgJFSnoOI
VhK3HvRWg/nIPz1kboPLTHQlz1XG0qCvBPNEEaZa7blZScH+BwcVJr4OTN2jupcRD2gE/kJ71qGE
JXufx83zo3f4UmawVGJUFu7o9VTG0pHy0Y6PYcZhtTVMJUUJKdvkUUOUvTQ8M3ExEmNKWk7+yT2F
DWpJ0wyH2FPbfU+T1APFMzjVg1PFrgRDEDpcdxlageBTZH1BawQ24rY0D/DySfvUM3iu4VJusS4S
fShRFKSRwpauBSOS69EcLDTSypZ5O3IH60fA0vAutzV0Q0XJDakJV2J7V1YnS0Sy0l9tTZ/MhR5x
71SMJ1Y+JRY1QTI9NpYQOEqUSRTZ+Ptkear8Iy2pxQ+ZsqOMVdHO/gUxI18VJUtqQ6UDBSkjhIP1
FEsIT2W0b3luOgct4AGfviqRlIfIz8+RblocgIXwCk8Agj9OaQKeRLGHI7yUpJyhtRAz9q0Towas
Zb9+z2LqqVLtTJOBtODkn6ntQ/dXBclh02VpYByJUc/lPuQAP8KtYMn8gr1Bn2KzhK7xZ3JEZQ2O
yITSnnW8jg4ByM/aq3dSbm1Z5SJkq/ShAzvYlXUtgqVk7f3yc7cAj5V7Sfcd6pKkNG9p6qO2VpM3
qNeA/Z1KSW7pakkGITg4cYWcgHyW1qJz5oqg32366t8dGnrjHuMNnaoOoTsWyOSCpXGEEZ5xjxnN
Q3StFduUOb+oGr9BXZnlmM6tCm1vPsnJ4478lKu2U9lcEYINA9/kPJtqnJ9q/Flh3dGdjqOzJASS
VYG1XA+U/rkEGhaFJZoYpVyj3S2Pp/GoWtvah+OsFJTnACs87SDg5/KRnsaYUX+dbrlLjuhbaSss
PtL5aU4QBn7nGcg+agtKjjcbrZ78iM247cGltggsNyf3S/cAqyUn6U1NajVCvjjEWMVRyyWyQcL4
7AkcHHvQ8B8Eb3S4womoVRZRMf10qCXl8YPgVInw9WSaNQuXUSvWhSWMlSlZND3gG0kTNZIkaPf4
8PflOO6jUsQsx4jLzR3tp4I9qUlkUcofY9x2TGpLb+35cbc0262jn8J+0oj3I5WM8Gp3gpYBCfdE
pt5kttpTjnA4qPLmp5NzduiPlSQSeaFbVA92Qr1U1i45JksJkkJIPy5qtOu9aNvetbW5RD3O0g8j
9KqTrZcdEfPX+TIaWxPILg+UKOeaa4rRdmh1xY2n9K5puzRYJH0pLWwygpVggdj5pzuV7IQQ6vCu
3erisAwbmSpE5zJcJGffmlUJKUfO8rn6Gl5A2lSQ1/Fgd81HnVTqzE0rAcT+NwsDz2pgilfxA9fJ
2oZrkWHNJySDtPFQi889Nkl190qUeVKBNL5ZTrwLbPCU/LQho85zk1fj+z40a0mUw6pAKuCpfuax
5vAWksn1J6N2hES3skJxgcA1JnqlDKcZ4HanLBlEaLupS8nPFMziEKJJGD9PFZPJYgmMoII880K3
5bbO4dhVJZAr71+1q1a2Hkh7sDwDVSdb6umatujkOE+kpBI81u32tAlYA3bpPcL3LcxEWTkfKO2a
d+n3Ql+FdFJdYOO5J96ctA3Qf33Sr1rtyvQa7J/LjxVZ+ua0KkLYWnlGSM0uR0j0OjVpkF3hQC1f
Mkjnz2pHGnLjOeqjvTWjl5vyCzTuuH0IbYdcIUnIKjn9KMLP1JWhtG6SSUKHHehYM9khdP8AqfMj
vKeRJOFeUnvUl23rhNet/ofiMg84Cv8AOtI5yzOSOjPVibLuzb6ZB+Tj83NSNpbquI0FBXLOFK5S
o4pp1IGvIzas6hqnyQoSTkqPOTxQ7F1wszXEL7pAKcGqlltiSxRKmg+oDi3G/wDtJKtgIGcVOXS3
VSpjaDIeGeDnOKzWxS0HH7a9WUENkkk+DTvcpTYjl4uYUkZGfNa36mZ1dA6nVjMR1ZDuOfBp3t+u
lS1Ly5g4xjNT3drLlGxBeJ29LhWoYUnvmo+1JqNu3MOKbfwUnvWqyTrYC6m1OqRZnkKexnnk8YqH
NRzWVFxC3RvOSnHmpXqSbHWaAyctu4x1sOucqH9fvUa3Cwhm9EleE7vlX2H2P1qX6lRpFUVtwkKS
cKGOwSa8oJJCkJxjuayNX7I9uwkJXj3xnNYSNxUrsMffNISPJCk8nkHsK9uBBSkkDPvTHpWbAkpA
JOTyfrWCcEYT9AD5pBWDClDgJV/7JrGBnBzxz3oFs9klRJJGO2TWuARuI5+lA/0Y4IISOw7VzJSV
ADPBxQJs8cEEIyB71rx2Pf3oA8AVKJCs+4+tYHfJxz9aBHkk9sn9aycbgncTxnvQB75gM/p9qyE/
TnwaAPDHuazkoI/qBQMx8mdxNZHG0kd+aAM4TjO849xWFYxnIH05oA2SgOENgYyavl/ZXfC1cL3d
f/SLqcMqg42MMym1hsq91EJ5/RVacatmfI6ifTfp/oi2Ls8hEuW/IDI9NMZjG5tWOE4VyfptNcI2
mfw97YDUf047ytq0OO7AOcZV/dP9O1baZhZYDo1+zdK2l0JSylw4+eM/+fuclJGFfbGaMWrmtLiX
0FoNvjIegjcjcP6pNN5JG1WubeieWp694Uf3jBTjA8YNBmutciBcmmLQ6p1pQJSllZQpP+v2NTXk
q80MLGoZMqYH5UhKUKABVnKjRdZ4LCHGXVEvIOAkoJ7faokbwCi0Wt9d3AbeUhhwZGDjbUj6asV1
gNb3Zzfpfwb+U1l+ze0gthfsqfEDkh1KX0di2opyaXv3aHcGGocsEOJ/KvvzQVE4zGY0J1LxAQfp
715nULExz03HgdqsbT/jUG8dWPtjdtZbVGVyon5V57Gn78UbSsMtOAo/Nyc5qjNs9db626yhYShK
098mg+76o/EOyNz+HGvlAB4oYRVg85e2IdpdVJIcfePA9qbYSJUlWwx+M5+gqWjojhNir9vOWqai
MhvKTgc8ZooRIlKjiSuGnaByknvSwElSsxdLjCnxkIO5v0+7fJrMOGxLZSpm4LQn+LCQas55ekUr
cFvX6EaKl9Kx+dSttYbu9iUQzc7D6h7FQJ3JqkjCQU6ZRAbWpbUp9DCk5CHEf4U5oXGjektpwOF0
5BWCkH6GtEqMm7N3bw9aFehKWA4s/laJBAPjmkrjKlbZLUOStTh3fOr5aZkxsusOHOmhDZnIW0f3
qGyAkD6qPj7Ugv1gV+GbVbLrseGdqdm4KH6d60MXugMu0rVk1ItN0tcSc22CdgyHseRnd3FVY+LS
bbNNtLn2XpPJf9VQbAjSHW3GSrjOwJUPm+uc/WqSvTCOyvdg68XGNb52m1XFyxx0O/u4l2LSokhZ
GFM+oobEEjGEOYSo57UXdEOqKP2ywwldss7TBD8y0uoehyQ1xuIbUCgs5wfkWkJxntg1g34OlRSL
LO3HT+tIDsOBKbefTlcZooUnCwCQUrQMBRH8X+IzQwpOqra/LdjT5LDcllDchialOXE5wlS0ngpH
HzgEAjng1atLJi9jM80plbz0W1vMOFnDobUPmWDjI9spUP8AhI4oBvpg2qfuYYb2rQr1I6s7FgkA
FGf7v8x9RUscdCKHOgM2xswYCBJcKkuh9RPqKB74PY4xQ8vUggXtJZaAY3bcvn5mznkH6ZpYSsay
2R38RfUpqDNYYhWpta2W1JUcfKont+tF/wAOF81TMssJD6lsOJUW2lZOFoPPNPkdSpBFXG2Tpp3U
Mi4agbgLfV67BGF57iprtV6cjwsqkAJwPlqWsh4HO4XNKbbHmw3RknBSfFJ71fj+y0NOHf6nBANL
TsqgPO1j12JkgpRyUpV5qIdQa3es90mRy4Q2chINNUlYeSvPVDqE3HlyduN3OATjNVt1bqB646hc
ltqKTu5CankeC4nRhKbgAp9exWOeO9dVQS28FNqGBz9P5VhvJY9WzUUeFFDXqgK+pzXJzUv4x70w
slPuCatNVQeRbD9NpGA6cn3rlPvrULK3FAAdzml+gAbX3Wu22SG4n8U2Cnjk4NVN699d3L045Fhv
qGSfJINXeKGkV/ucp+ZJU+47lSjzg1iOz/GR28+1IB9022lLgXuAKXB3819GP7PmA3FtcR1z87pC
s48VhzPKQ6wfS3pYy3+y2vqKM32kobJFU9GUVQzzwUo3HHPimaSooTkKxk+PFZUVsb7hIT6e4q5H
jPeo/wCot6/AwnHUuYUB3rSCB+xR34qOpS0POxw9lZyNue9Bvw/6Ce1JITc5bW8L+fgUcn5pIrCj
ZPtp6JspR670IEq8gc0ui9JmGXVOiN83cK963aMwV6m6PVGt7pLOCc96pN8Rljej3F19IHBOcfxV
HL4PT+nukyvd43oeIfSQc9qbCAcqHj+tNaObm/JmWXltr3BRH1pdBvL7SVBRPP8AFmmZIN9Laobj
sBXqcqHATRNZ9WrW/tSsggc5PBosKCaz6qYTtcU/tJ4G49+feiGNr8pjJifiu3gn+taJqiKdixjU
7khJT+IKlH3Nd/2s22S4pXOzjjz3prIN0EmhdZES2v323I2qP61OWguqEeFLRHZl8o45PmptLJMl
bJt0nq1l+OJbrw3KGQKc75rZlq2qPqchOAK1443/AHMW6I/e1KqVM+V/IznA96JNH3Nbk7d6pORy
M+azn7moT3R5H4Dduzgc4PNQx1MuhYnmMXPze3fNar8XIhZlRH2s9TtRLUQlYSSOeah65asVJuOU
HPpee9S1USoW7NZz6BbzISrO7504HH2ofnW8XEKlFWCRkDJ4pN3VeSlVlTUgFHzfw5zzWUoKcBWM
DsCMZ+9ZG2jCclPGMZryBtzvzj796Qme+UnG8E/zzWctADJPFMt5wZAJ7gY9x5r2cEJweD5J4oJT
MK8EHnv3x+lYCgVD5ewzwe1ALZodqjwc57gVgfkAI7+DSEYTyrKSRjOD3xXM7M4I89s0BR45AI7e
9a/L+YHk+9AMzhO76e9YwBnJx+tAjbsBk/8As54Ne5wSDyeOaAMpRxgKHI5yc1gZQPPt9qBnsJ27
SeM4xWc4yDk/Q0Bo8ec7RwfANYG3duzxQN6M8d931r35htCif86CQj6YxLrJ1hDFptrUhYdTlt9p
LqO/lKuD9q+0Xwo29qydM4MG76C/BBwJcJgMBgNqx3CApSRnvxxW3HVOzLlTwWV0rY5Fst4ucrT7
avxgKg4hRUs9sZAVz2HPcH+VNqm4bMhyDdHC4l1e4pXIKFIPhIJyD2+hq82ZL4JQ0lq6LatO/gIj
Di0YBLclRUpv6jHcYrXWWs7Vb4qJlsuLjBWOMdlDyDn/AM6pk5BbUWuJMOF+0JMhLy1ncAoJJPt/
5igGV1BeuKnmGGHlO+VIT7+wpPRcUrHDS870oi5ElDiSP/riuxH0qUNBayTfLeInqsks8J9JWc1i
3bOlIOId/gRojNyuj3ptNnapHZX3xTrO6qwLPERcYkhMiCRyznCgPcVLNEh4seuIV0htXGx3QLZW
oYSSCCPbNGLV8aUMyGWxkZS60rgH61BSfgcv2ui5QjHmgKxwHE9xTOIjsX8SA8QpA3o55NDLtxwM
+muqoNzVDffI3L5HtTtpbq65dV3pv8YCYTmEA/xCmkS2rO1+6iluyty3XSokbsjwfAqN5fVac1eD
aoicrWC4+86ThA9qGhwlmhVD6m2BbbcUSlOvK5UQciiyzataltIMeQ2Cns0rzU2mdXa6HMPxnsvS
GC5IX2IH5ftTpYZPzhM15xKUckLp0TJ2sj0m6xVLIimOB22uJ/MK6QEW+O4otJSlZ4OxWDVo5p6N
Ls01EWFm6KCVjICsYzQw/LuDl2bKg0hLasLWpZwsUzFj/D1YWV/hoLm1PYrbXkD680RW/UtympbT
LkKd9EZQppI/rVGbpjk7dp10ZKJS47zYI+Qtndj6mk7ipcqFttEhtvjCUPuFATj6e1UmZugWc1Bc
WNQrtr7iRI2ghWTgZ+/iipi5XT1QJslhpnZ+deRj3xx2qzKVEUdUlPpM+5TtcMQ4jedklyIXEp/9
pI3DPvg18+/jHkWzUzEg6g1F+HntOYjotQM5mUj+HKSGngoEkjYPatLpYFFZsrFM1JG6f3OTI1FM
fW+8Q2pdzjT4AScdyrY4FDn+IcGjbpxrrqjKs7OoY9jRJtDDwXFvNku8WQndj/1bvpICSDwpl7Gc
n7jmdXbOqqRZf4b+oN61DNjq1jcP2W2pSvVQw0G0PNnsr5FLbwVHnavv3AJGZr1faLjbGkStOX6U
qHGJZdhuuhwtpUP4SeQk54PbPB8Gqg7MeSKTQEXZy5oENK7oj1GeEzDlsqB5SFjtnHY4IOSM+Kjb
qe7eUXKLEKjgBO2QkDYsHtjHH0++aJOrCKVnrHdoSprIvbziPRV8iwQVEq9xjkf5Uy3WwNswH745
LaCEuFa2MEHZnGUn/KhK8D0Qb1H1ZYf2xLuF0llyOw4EvgjGEA/Kce9T90QuP4yxMrix0GM7++jP
t+E47UpUpCrBI+iLW3+O/aLkjasr+XmpltIcfiCAtSVKUnPNLzY/gSG6zGIL0F9Yw0r35ArEQ3Z2
2h9LhWjPBPtUFJYGPWl1k5KpSggNp4UPNQP1o1NZ4mZUeYlRxkgHmtoq0Qt0Ve6n6mhX6WpyMv8A
egnO3zUept6Zk71ktkZ7g8VzzkmzeKocFwER2flITima6albiNlAXyMjk96h0ihuh3F6fwVeM8e1
PdtQplWSfrzUvI9Cu46thWeOVSHTn6mom6o9a48RhxuM+knH5ge1aLCEkVr6o9ULjdHltIlqAPdR
PJqIrzOekvErfUVE5OTmmhiJDSnFJKSVHPGf60uhMKXhtA5PucUCH+1Q0okMR2jnJHfzzX0R+Axh
92HB9MHakD9aw5doD6XdKmiu2MpzjCR2o0mMlKQc/rT8Ga9hnnJUpJSf5Ux3COEs+kOSOagoHbu5
+HCkqOePBqHut9+biWp4epztPY1rxhhHzp+ITUEjUGvmrSyrIccxgH61ar4VNBMx7JGCo45SMqqH
nlSKf4Fhf9nY7cUNhscDxSSTYmEslPpZNbtkJEb9XbWyLY6CgAgGqD/E3EYMqTwd4JxzjPNHIkon
o9A7kyrmoGklxxsDzklXGKYVZP8AvPHFTHKMuoVSZggq+nGKygYTyoHAqjmFcC6vREBIVwPOae7J
qQoeSd5PGMK5AoGh5Go8hDYWOD3JpWjVElt0rD+dwyE0D+Qo07rQKjpQXElY5O49vtRSNQNT0JCH
AVADHuTVxZDQrs18VbXCgKJUFZ+XmjLR2r5P7WaBfKdys8HtSlrAa2Trbep7tohsgylKUcDAPit7
x1vi/hyhUwLA7/U1pFuOWY9uBLY+oQKdxdAUo8qJ7ealXpdqSHKaRJS4k4xyfNTtpC0rCXUGqCzE
XsXuGKhLqdqdtb7j+/KgeAD7nFbJemhLdkF6718/KU5CadOEZ896DGy8oGY8VgnJwTyQayk7wjZK
kP8AAdDtrZjvO4IJGfrTFqbU0azFbS3Njjee3ZQoTxfsDV7KvAflJIOOO1Y+U4QlX3GSKyNEYwkJ
+VROPFa/947c+1A/BnAI2JO1Q8ntWVZxyrt3PvTGmeTyNqSBjufetVE/lB7+O2KAMgocAUP4ecE5
rVO4qxnOO3NIRhSscpOAPHfNakcYUckDvQKjVe0E+nuNYUnkguHH1oClR4YAwFdvJHetAoZOP0we
1AM25UCSDg+1YA558UCPFKs5zisg+Mee/vQBnHy/LjPnNYA7/N280D0eO3t3+tbKGQM9vcUAYGc/
MBz/AFrXlXKRz96ANwUpBVkZz/OvYG4Ed+MUAWk/s7fhT1N1c11E1a+5b49ohvp9ZydtdSP/AOnu
Cs/XBr6z2DR1wtcZGmId0Q+qJtaZcUgeoE+CEg4V9q6IJqJz8jtk4aCwvT6IV1QFPM4PALbchI4z
kflUP1pr1dAai3qPKce/Dx1A4/EbXiogfY/1zVyraMY4Zyg3az+h+Kamv+uk7QwThCM9uBgY79qF
9T6mDr71pXJ9XnP4c5wT7pzyDQx7Gq6XxcS0IfeQj1kj5mpJxgf3hQA11CNvmS3Ys90vK5SgpG1P
2VioNIpLI/6C6h3Ri4pnzJiXEqKQvOF5z/w0at6ytLFz/a9uKY7jS+Rj08/pS7bNe6gp1T1I1Oq1
MvW5DAbKMKS5ylzP18Gm86vvU3T5kzGXG1N4QpKDuwCe/HtSUExudaFLV11PpC0JmxJnqRkq9XLe
UqSfIOP8alvpR1+01q7T8ZMy6NpdUfTWh44IPsamSxguD7kSzbrhGlW1UZiUgbeUqbX4pLd9QM22
Et+QtSw2kgrHj/lWZo8gBeb5aIj6L07ELaUtqWSP/WVHfRTU2ob5dbzq5L6WYypCmyhSj4Iwf+ve
tI6yZydBZ1B64x49ubtkJrc6ojBSfz0F6019KnQ2LMxdWG5Ms7nlngtiiUUkEJ0xqh3i1wyxCb1V
tLisKfHk/Qd6k7RWqotonstSZhe7bXFHG79K52qZ3cXJKeCYrRqO0TFtyZKiUpHZo0uk3+AuOfQi
Dao993NapYJ2dtO6lehLJ/CoWjwVDNbXDWrbpWtmwo3pH5wvBNNGM1kFperrpeHREefXHUg4SHFA
cU2XO43OxXACRexIaUexwSPp9quOXRhNpDlC1taokPfAiOxwokB1KSQPumjTSWv1Tw3HVcbdMcSM
qDKvTWkfUGtOxo5u5BY/JlMz25bUbC1j8ra96f5U4yJsC4RvQmblOAcJAAKVe9KrYwZvXSOTqS8p
ucvVdwe9M5bt8Z/0kufRW0ZP2JrZGn5+lkLhsW9xS20/M0h/eoJzz+bOPtVJ2RKhh1UxpZEdlNx0
OEhxRK3WuS2e5JKeOfqKpR8b+hv9obkph2wR3ocwFtpl2UGGVY5z6qQsNk543N9x3FaRynbIrtao
+efVyVbLTOToPVky+2MKUUR7lqi7sToCdoJG2Q0gHb7HcT4Irv0t6i6u6WWtdvl6zsGooMj50ai0
ZOTMe47B+KrYo8j8yHG1fWuaap2jtjlUy1Xwo9fpF5uDN6smj7dCbmN7mX4K/WZuDhGFjY4kK3EZ
DiFALH99XBq1Tca3DS6ZVk2IU4n98IbZ2tA921M4ykj2HyqGO3gg84MuRe4yNwrbd2GnYsdmS5gl
DqlYbd+bJQoLwAr6cZx5zUc9SY0awokspt3p+isJU36ighJx2wRkHsR9vIq6M7TYF27UNhTdUxX3
n/ReBR/2jHyk+2PIrr1KXBZsZuX4p0BbJQUhWUqWBjI9uMGlCrHK9lQp0S/a11kLCZSA1KmCNIkK
Oe3k/cVfnoV0qtukenEBDdyGI6VJKFeePFRmXIrKlSjgMtDwYzCSphQKUncN1Hemp8hx1V0Tgsj5
SB4NDEn7iC6y1IkKuEb5gVYWiu03WKLJYVuDhvHKfahbGyG+qvUy5SGFPRlEoAP6Cq5dWdTyblbn
ZTMghwZyMmqcrwOKrJCFtu7k6apteVLz3z9aIbVaWIp9d4JO8+a51k1Eep9noOFhAIAOMVGl1bkO
TiMbsnOTnjmlKhoc7VDMdoOEjjkV0vWrIdkjKcecCcDuTSSsZCvVLrP8y2WJZHsM1CGqNbzbw8cy
FFB5wk96ug8AVfprq3CnfneAce1DzjPqPZUo8HtnimIUx2g2AtPJ7Hn+tLYG1DmUkAnjGKADvpto
q46svDDEZkqKlAZH3x+tfTj4LulD+m7PEYW1ynGfrWHJ6ppA3UbL5dNrcYdtQk8YAxzRNPSEoylV
U9GehlmJyCQTx3BpquuwtYPt4rOigC1ZNSyhf07YNVk+JfWaYtskgu4ABxzW3FXkTRRC3SnNb9aG
mkq3JQ93OeOa+jHw82AQ7JHSGwPkB+1YLPM2aSwkiWn45wFbcY7CkU1koQpavIxit7tkURR1oKUQ
HE7sHHivn58U/rImvj5TzkHNLl0ej9PaU2Vd1Hy+olASU8H2ofeG1RwrgeTVQ0R1a9bNM54yOfNe
yR2qjkRgKHOR2GM+a6MqVwrtk/zoBOhW3cykAnOe3enJmcpeCF49yo80YK0L4F0WDsGM/aivSupX
IzBLzoJVwM8YpLDExfH1Yk3H928flHODmi/SuqGWZDElTxI3Z2pOMVdqyXELb11QS1GShiR+8/hO
eB70xW7Wk+73ANMyFKK1ZODjIpzd6EkHsPVCY0T0PxWEp+VSvBNSx0U1+lbAYDpA4Hzffik/SkJp
bJXuV2jyrI5IQoE4wMVX/qjdFiWttDyhnse+K6dRTRjFXKiKbpHQ4rcpwEk8n2B96Rl9hTKA26OD
sx74rB4ZuJ7jqKNbssrdHzjkhR+U0A9ULy9c2CEOgrQMhROM8UVQERJHAOz6D3r20K4855AqCjQb
cYOPsK8MDk4I9iaCqvB7Cdu5B8djXiE7NqeOe5oE1ZqnARnj2wrzWxUs8H3wcUhI0UQOArk9sGte
Cdy+w44oH4MZCkZBGD4961PCThPnzxQSeByMpH25zXP5ckLz+tAGdoKynOPce9e5QBnGR/WgbMpJ
J27CP861+UZBPagDJwjlPGfFZ4WDz9eTxQB4gEAg815IUAoqUDQB4qGNqvfnB71kbk/NnkfWgLPY
KTz2HmvDhIKVj3+WgDByTgJxnj713tzC5UxuM2yV7yAEBWMn2zQB9V/7LP4Z7To3STPUa+6NlM3F
wgiG9K3q2/3k/LhQI7p4I75NW7v9kbm3Ru63Rp1DjiwfSeV/uUk/L8vBxx3rq9kcs23bJn6J2yRd
XHIaojaj/A7vUUFOe+37jyDzXDqpp+DZLk+++y00VApR6mVpCvunGM0PDwZpAfcbnGmWViREZUzM
bV8ykYUlWPvz/jQLq5ardBL7lsV8ygrepzCk/wDdSfr4zS0XEj3X2odcXSHFuFoucZsNkoWzMaHz
H/hyaGrlKud8hfhbnHUl0jClw0/ISPHHam6ZSVBd01gXS4RUsL024qO3gb1crGKI5sTRd4vRjrvk
qM+RgR5CsJUR3wf+dF5wOKxYQ/7H6ivVgXa7ZqmSsxyFoZUDkj6KHcU6aYtlw0/HF5tVwktyx+7d
iTF7kK+oBotPAhr1V8SUPRl3XpHUNvbU4/ylxhfyqB8H2NJWL5bZkX8dpdbjKgd6m3PA/T/KonHy
maccmiTOhXxDT5Sv2TcpakuRRtKlKOD9zU36f163cHEyZbyPRkj09oOQfvWMlTo6VlWAuudUxU3x
Wl231EIQr0Vf3cg8VGujLhedMMqhTJi1oLq1vII2pAySCf0xWkVRhIcpF7tLloc1PKbbT6JIjAn8
33qGdUdQUQNRybnGuCJT5G30Un5UK+9ORMBps97v0y8NTTdvXcSd3otcIaJ8mpD0v1PjW2cLhd9S
FDrXHpPq4P2rCavR28M+1k3aB66NOQkR2ZvrrWM4BwBUk6Q6hCbFL01TaUpPdxfFQpUbTgghZ1c1
IjOrtzrZTj5Sk01s6zuRnCLOUkNrBCTngn61onk55xpZAnWMA3NL8vUWkZiUIUcSbVNKFKHggDFM
uk9e6HC2rRa9XSXXxkCLdHdyh9DnnNdUE2sZOHlkkGml+p9n07KMa4JKt5ylxKd6Uj/EUa2jXvTc
RHL9qeEw8hsFSHEIPqH7YGa07W8o506wEdg6x6CchIm2i4SWGpBCG2321EA/c9qcbBq556SXIj6k
p38qabKgofc1nJOOGaxzkOLNI066wqZDlMpkKQfnecUCPvk1xnuWe5xdjqQpxlW8uW9RbWj747ih
NoUlYz3mfbGojshxO9pCdgYmKwtXHB5x/jVH/jigC9OvTGlvQJIz6LUtIdTIUB+Qt70k8ZwQVEVp
HDsz80fNjq7aPiBst4VpyXev9nre02ZbTim5cu3y8nhOwNqU0TxnII+tDWgl2Ndyuts6rRtPzrjN
CVH/AOiVNNqR/eMllHrMrB7KU0ofUVyzvutHfGqplpPhBf6jaBQqxNQLg3ZXChbUi7RW5aGkqHDi
Zoy24AO29SSR5Bq9WhNST06fW1crqzcIDgO5SJDZOTnPpnPt/CrP196UGrM+WKoGXoq2Jchq1Qlu
tvLKHGCNqEDwSjJ2q84zt9qjbqlBNsCmrbNVLhymgQ266StspGSjkdv7p+latmMQCt0FE9tm8MJU
YiVeqpvOFIUD8xx9uf507awt0e1aWXJcebWr8USlBPK0k+B9iDxUQXqLeEV06QCJ/wCmy6W24WB0
o/aBmRJSknCk9ik/41d+zajt6dPpYYQgOKG8J9vpSi05sJaFml7upEZBaaKhn5kp7nJqRdOMJjWt
8F/aHBuCDS8ifkYJlwlCI5EaWkOhWRj+KmvUt9j3SzIhvMFKhwvApg8kL9UtRQ7My5Ajnenyc1Wb
Xl+kSp7kSI4r01nsT2olSVGkb2MFu0yuHKVIUrPmnT1HZSxFbSMk4GKx0aD1N0RJbsapjjZyU/Wo
mvrLMO5LCk4KT2pPFWNDNqTW0CzW8la+QDhOagPqz1xJLsZEz5c4wD3qlVCq2QletcyLxMU4JCiT
4rkC6trKEnI7Edj9KYCC5RDwFuHcRyB/1z2psUwW1Hsckk/WgDulKchROD7AU86Rsz97vDUFlsq3
eB/KlJ0gRen4MPhqL6Y90nRSSF5wR2r6K9Fel7dogMYjhJwOQKzgrtsibvBNloifgWkp2Y47Upee
3pwT27kGlIFVDbNWjB3fpQ/e5aG2ynd39jWeRkaa+mlDTiisDGexqlfxdajxbpSd+3uAM+a2hoei
tnws2R259UjNUdwCidx989sV9POidl221lXp448cVzw/1ZMqfgkCXB25+nf2pivSFNtqKs9q6GQR
J1dZQ9b3eO4OM1Q74pbakuvkp7Zz7iib9J6P06nyUyq+o4u6QohPB7poWmRg25kJ4B9+aON2a9dx
07Rw5UCT39vevE7AdqzitDzNIwQMgk8Z7e1e2JHJPagRuDuI2nk96VRFbSAFZz70FocWpALaVLUD
hXJHmnaNLxHWv1kpxg7CCc/r4qNDNo0oNku7vzkZOc4p2iX1cZsEPHHgqPFUiXo3Vqp5bBQtwHv2
zT7oy/CIVH18KVgEjjApktBFK1dsPoNuHB4PPc+9FmjerirC0lwP/J5G7tVPLF8EtaM69N3e3ssK
dSSrOefpxQr1Z1bFLaX23E45OUnB+1aQlcSaakRhqnU6ocArD5CiM89vvQ4zrZlcRZU4ARhQzUN6
ZQF37Xcl+Wtnf8ijtIpAm8vzmyxIWrKfyke3tipbGDikYIDf5j7c4rUgYIORj2HakNKzTaQncNuR
/DWoAV82PfFMrJkbO4HP8qxtJPCsA85oDZ4JO5TinMVjJ4I5x4z2pE6MHOTvQUnP861VgZCT47UB
sw4SocKz45rQrBTkk8jvQDMHOQEn9TWFYKs9vYUCPZBOU4FYxnj/ABNAzZPbIVweOKx9RjtQIxgj
n69jWRkd8frQOzKjk5V+ozWUgkkce9AGpKuB47fethn8wGMfXvQFHispAOOc/wAxWAMEYVj/AFoG
tGxGD3B+g5zR58PmgbvrfqFbIVpQ3lbyQn1EF0nn+5tUSB9sVUVbJej7W9AdKXzQ+hLbBvGrY6kN
I2BHpFAWQMlG0ITj3GRRrab+5c9TN2u9NyFpWkZQwsFSRnORlJ+/HPFdF+o5WsOiyvROw2qHEbk2
65h5DH+7/ENqU5ged3bnzjFAvxYausCr83FjqdU7n96oHYlB9hxg1TWaIXyR1C/Dz4wYKHSU/NuV
ypQ/wNDXVYWyWyIF0t8xTOMNFto5KseOKiVlxu8kYyk3v8Mmy3JDi4m/IjpjErGe3iiPp50zbaaW
qWl5x45U2hQ9Mke2Mc/ypJo1eMhbpp1qJNWym0Soy0jalCHOSffHNCeotY6ig3N+Nb7EZcguYDDp
OCPv2zRSu7FFnO1dQte6bSu/izJhsoO1xhyQd6PsO+KQ641lP1q/G/Z2onoq3jkuBWQD9QcURkrt
ZBx92BPUrojqq4MC/XDUK5LrKdyH2VHOPqPb+Ypp6cdS9S6blO2G/Td6sbUPq4Soexo7lLJXwiXu
nGtI1uhOXQONk4wtjyPqK72f4rrfa9XQ7BPuTjYLw2oCuMDxUxXdM0cmouiXrvr20t3Vy5RklxMx
BUlw90cDBoN1H1VTqGVNetrKfwqW/TcdB4Khkd/t3orNshNuOSH+qnWW7PuMaItc7CXsABpR+Xn/
AKNMsWTZNJIEaXLLshf7xalHJP3PtQ9UikjFp13c5k1SrU2GUD+LON/6V3kWOdqi4Jk3q/paxyMH
gVjJZwdHHLtJX6SoD6CtN29VmONhXvwD/Kpj061Y4C2VDU6pKFgZjJcPf27VkotHRPlWEF9vv2pY
ElLFlSI7Kk/IhZ3A/wA6WTZV0ulvciavlx2U4O1WNpz9FA1pHdGPI01YNW5zXDVqdtMX8c/HjK3I
9ZRWDz4JFN9qvVmf1F+073Dt7agCkmYAMH7n/U12RysHmci9QXvXF+0WtF5sdvjyEKPLTB3Aj70R
aY6tWtxsW2+aZdMhPIAa34Hvxzj9KT/YJBZE1ywuKU3G3MNsY2haBtKfvxW8HVrjF3alKgXBMM4R
+ITJ2pJ9sYpduBrdExWLUml37S0JzaZLaU8pIJUP1OKTPaw0+9NLMW4yGEqO3cXdgx7ZqlZElmwa
1cUxZZeGo/xicHch5RIH1PcVAHW6zRblcPwabdZZjbnKG7pkNAeMlPsfKeRVWyI0mUf+IbpH1Ht2
op8LpFf9OwLjdT6r1ltt+c4T/F6UN0qQo9/ypwTnOKrXaOrmuuk2pXtCJ616tiMOuFMq3xI64Cg5
n5QpGVp5P90AH2rGdr1HZBpqi2HwN3nVt0lSn1S27hdWClxblykMxXpIJPAirKA4Qkn5knx+hvbb
50TUWlWmLhamnpcdJUttCUJUgAfNzyCQPbuBWcFmxcgL3Sz2GG2pVxZmJWGylpIAOeTgjPKTz2yR
27VGfVm1SGbMbD/2p47yveUjeABkKR2zx3HnHuK1oxRDmmZlxbu82FElq2qXj0ncgKV7AfXPHbgi
nrWOjtQaj/Y0lSlxfSKnkhOcYSnsR+lRrCNLV5NYGk7fp6T+0Y7TL6y5+JXtGFIWr8wH081IHT+z
u3ZZfcUUDBIyfFS8Me0EmjYLtjvTgMsraPv/AA1I/wCIiiyCYh7cRxwcUJZqybxYB6vvb8a5triL
/N7eaGdWaquiVo2gj1O49qengK8shLqjfWzPeQ49uIB+RJqH7o23LKt6Nqt27B71MjSKpGsmZEYg
hsuHfjkZog6P6PlamvKF+kpSAoYyPFZTeMFE6606etQdIkhoD5M9uRVP+qrMO0y3gtPzHJHFauHp
RMZWVY63a6Tbw4Gn8HBwN1Vy1Be5d4lFxbqthPHNS1RY4aJ01Ju8jcG/mPAH+tSW300FotQflN5d
PIBP9eKaXcwboCNU2v8ABrW3tCMD+IdvpQw6n5vAye5oewPN/P8AJkHHdPvVhvgz6Izta6iRcXYZ
LTe3nuDz2rHmdRoD6tfDp0bj2O1RkNxNu1I8VZbStiag21CENgKHarSpGLdjw6lLSCEc0jeJCiAs
9uTms5spUhsuTm0eoVHiha/yiUqORx2qCyI+rF9biW93c73HY+KoR8XOr2n2norchKlqJTjPIzW0
MIPIi+CPRT8u9iatCvmUDu755r6VdLbN+HtbQDfjFc3DmcmObCe7NJjsY4JI7CgvUr+AUA4z710f
skivqctJtriCc8ciqP8AxVR0qZf7k8gmlP8AG0el9N/1iqV7ilx9SV5JV2G7vQ1d4bavyDBVnGKz
43TPR67ixYzqYSglOCRnz3rRXnPFdJ4ElTo8BkbwcZ814BJB9jzmgR0baAPHOT70qYaJOAMnyDQ8
IpYFjEcJV86iAOc44/Wu6UOKwoKI2+PpWbHR2EhQWEK24znaK6LmZaUM/l8Z7UJjezdjlBy4D5zm
nKNcC1lTY2k+c/WqTtks9Iv7xU2WlkBPBIJ/nXGZqO4Nx/SZkE++Fd6okKtA61nwZrDbz6gkHPJw
DxRFr7Xjk0IZde3J3jt7UR0DsEdcajclwlBD/LhwADyKE402QgKStwlOO3tVN+wqwc0xUqV67mQT
z7V0ShDZKCTz5AxWTspDb6QztUee+ScVyWyrdhSf1znFWhM5lsY3BPHg+9c3APftTsp6MKSNud2A
eceftXlJSrzyP6UhHspRwo8ewrQj5RwMdzinsGrMEI/OrH6E1qSQnak7c8980hHhhIJzznt71zUr
Od3f696AwYyc5Urn2Na/Lnarx9aBGyvIwOOM1oOc45we1AzcjHYjnz7VocAjgD3oEbEBOFE8V5eC
Pl7k85oAycHPj2IrycbikUDPcE8n6YzXhtzg4J796ANk5KgEBRUTjb3yaKIWh7LaY6Lh1Evi4CVp
3t26KgOS3PuDwgfVX8qAs7xr10yU+mFa9ANlPb17rcV7lfXCQAPFXI/s3ekVqvWqf2/b4OmYiVKA
O19MtXPu2spUMf8ACc1rxJORHI/SfSqRHvjcxVtjrLlujRkNmX6oaZcIAyEbRkkexz7U79L4Me6T
rg1cfxinMILUkLz6e3JBGQf5g1osyZzu+0m3p1rI6L0+uW6lbu7hT6D38gn61XvrRqK5az1m7drT
O/GNqX8xKCNpH0xVSWbIizlpeFdpJcTHWXXtufmbKUp+x/yphuurtX6ZuJdvwZbZ3YQlxYPbyAai
Uo6ZrGPkG5V8u1+lybkWj6aySlxBwcZ+1c3OrzFzsX7NjreblwndpdW2r5seARgGl2p68DesiIdY
406RFEeckrSrClA4IP60I9SdS6ztWsEait8xEZlZHzKV3H6U7im0x1dNCbVnVzRV/tqouq5vqSE4
wpBwkmgAarvkaUqXp65ExWDkbvmxUp9uSu1PA46k+KsR9IyrPcWVIuCU/un2F/L/ACoN0B1Sa1na
X03h5tmUjO1TnYk9j+tU3ehKNKx/0v1XuFsnMW6W6fTUcbhk5/Wn2Aqza21G66pjaYjodSps9/PB
+tJYyinuiarV1Hu8m0zIjEUBCWtiHCr8gwOf6VF976nnSmj/APZ+NJWpx9wqdXu4IptpKgqxi0Tq
PR1zubt2udyUuUU4QrOcGvap1NbHJXpwnkuBP53Cr/OsZS9zSOxmR1EXbQfwiUjnujz/AK1ta9aX
W+y1RzIWVKHCM7aRSlTDnSOv79ZIZs8eCpJXxu3H5f1ow6bdabdpa8k6iuobeQR+7dXkd61Sxghy
bZZnpP1R0p1BntSrYglTYyQtZQlR+lSkq/6BuCDH1Kz6DzfKXQcgfesmmpGjl6RHf5FkQ4y7btdI
iMHuqMvH8x/50wJ0dpu9XKSmRKYukd1PLx5wfriulPtVo4ZbyMOvoWurFpv/AOoJ+CERCCQ08U7Q
PHNDWhOp/VmNeTdlTHUOoVtUVsBaFDyAQOf5VMmvJUcomzRvVrUmpkNQX7aJhV+dDjOwoH0xRbEg
mVPakz4JW0lWCzvKPR+varSSeDNthlarqi2IDksx3oqU4UtMrcoD2xT3aNWR5zjVvsEdtTKk8LSk
YGffNHamKz17s98YmpbvMeCA42Qlf5C79CscZ+9Qr106RS7nbHrnMj/hAn85ZbTI3JweQgKTu4/u
qH3p37CVJ5KPdcpehLTrRVgakoMdAKktX62gstOEYBKlNqJHsQvIB57ZoOlTL/qDVyLNqPSzirME
Bk3GNEYuzUZJGFAhsPLQlPOct4HHNZzvTOmCuib/AIe9GdD7TIjxunmuYNwiRAHZkeJIL7Szk7VL
jKRuYWORkBKRjsOc2m0U/PtdtzY3Q0Gz6iH1Rk4klX9xQIQr7oI/SsoxaeRzlZ2jXK63yBMgXb1E
KcbWWvVYQpJI9yR5/X71G3Uu5It1m/AXWChpqQ2UNty8qaBxyQvOUkkDGPlz7GtcGFPwVw0/G3a0
k2a+XB5xkt4S+vlaU4JH0Vj38jkVKcq4uHT9ttt4khcq2eo3+JQdwfZUMhX3xUrZpLeRjsLsa5xn
XvVLbi2y2FKHCinsf1oj6ayLswRJe5Rjapv7eRWchryHWlY5cck3J1pJCVZKSeTSu4anaTEXDtkU
kKBJB8U1h2IjnUV4fFx3yEken2BNCmsNZyp8VQbOxbXf3p3nBXhMg3Vt8clXN19xeck55plnvNst
fiiASRyRzmoZYxxIg1JfWosRrlau6e1W3+H3pKi0Wtma+wAQM5xWLqUxyxENOrTkKJpxbRKQQk/K
a+cfxWagi2+4SnGTtBz8yTya7WvSjGGylfUtx+8yluvPqKQTwfNAP+zn4iShLI3HOAkcYrBo3LB/
D50lEhhM5cYqV4yOPvUk626cuMWxU52OENtpzjk4FVxtV8mcrcvgrh1NtKkSnEgqIHzBJ8io7uDe
zO1IHONmealmg89PNFztaamjWqK0VeooZKRnjPtX1U+CT4eY2nbLGQqJhZwSr3rlm+/lUfYJWol6
en+kWrbb0JW1ggeaL2drKdqBj6VvLCMkjDziSspOefFJFpSlZSVHk8msZFUNF4WgBSeftQTqiUlt
OEr8c/SpeBrRX/r/AHr8JbnkhwZAIqgPWJidqrWn4ZtRKPUx/Wtm6iUlktF8GXTX9lRWd7ITjGMd
6u9ou3piwEgp7c4rHp40rDkyzpe9qydx4qPtWOZdVyf0NbP3JSIn6kSm0w3A4vZjtVLPianpceeS
tQxyOT3qeTED1/pCvnKyXlhD7x9NsgZ7g0xTLeXFkNtnvzx2rm45HvdZxYweiaDkXDAbZ8Hzz+tc
Lt05ukNRSuOvke2f8q7Iys+U5Y9smhhm2KVFWUFs5H9K5IiLGU/pkeKsyO7UNflYVzjg/wDKlseH
uUcK2bfzfUUmxo6NoUBlYP121nZkhSFEA8knkVDHs1kZ4ShaSont/rWuChaUApI9xzikB2ZdCP8A
er7fXxXVmcpPYYz7HGKaQmdk7CM7cd8+ay2207koWFe2BTsQthPKhLCsdj3rvcrq9KUFuSAdpGPF
N6AbpLpcO5109uxrghDRcCUtkk8kmhsWDdx1LisDgjHHvXIp3YQsrB9zSDyJ1N7gkoIV9DWFsKUA
NpBAwB2AqhCUsoCQt1Ax5IJrkpkqycjHj3NMdnMt8DI/Q/41gpTgkjsaYbZqArfk8+e3atCMneoD
k8/SkM8rBJCUgDPk1oQB8wxyPHNBJqoAEkjjnv5rB5TtTxjnAoA0URnv/WsHJJIVxQBn3JOfbFYw
N24nGaA2ZCfc5z5rHIyR49/NAjKu27JrIAIBPnNAzwAAyfH1rPzD5leaAryeTgYwT25rHA7jP1Bo
GPdokR9Kwk3gsIcuLvMZDichgf8A1wj39qaJMt6fIVMmPrddcJUpxw5Kj96BCzTVucud3aitvbFK
WEpXgEcn6kV9ff7ODo8z0y6HPar1FZg4VIS6hK22md2OxVyoKBPbI7/etePTZlyaSLVaCkNQNJP3
IrgMvZKvSYhqA+b/AICVI3Dsdvy+eOw26X2q/RH1XJmW+uC+5uUCDgn3AxlJGc8D+daRdMwnF1aD
DqzqWT080eYCLst5mW2SlhtO5S1/9725+9Qdpm3axVPbvzN9lNtk7y6ztShonkBaVf8AOlJ07Kjo
GuqnV69Mre23d4vM/uw5BWELUe2cDhVR3dtZ27qPZN901/N/GxlbSwySXMj7mpbxhFqkCVy6/Rej
77ESffHZLaTuXHlqBJ9sf+VIZfxjaZgW524ptUiU/JUVCOhvhAI79u2KUX3ZLlHQEW3rE31Huwm2
K4OxHArDiANuPueK69ROpzk4N6fnXxUoIG0FCz3x96PgSjVAjpTX6LHc1sSLEmUhYOCtQ3Vz1j1n
eQ0q3wrSuFvB4RUvVtl9oJ2m8TLu/ukyiU9gFnz5PNE8xu3WqGhC5KW9/OE5AHNCebG9UO9geuce
Ml9x5LjYHyg8/wAjRJ05v92jXtcmK6sM45STkj6H7U00DXkLLb12vVobm2ZSvUQ8dpVzwPvQTdNT
G/OP+pJWAjsk9vp4puqJSaYKOatMCf8As+2DapQOVpPenGNqr8FEBlzFLSvkoScn9Kik8GiVI4Sd
cOcPQkn2BX/nXbTvUBVokmdMfLfOcgcf60LYmiRIfWSHNtaUMnaQeXQrmn+z2Pp5q5pq/S75skZ5
c3c5q8rRN1klXRXVK+aIhtW633BiTGScNyU8Kx7GpN0T1Qs90WuXdZ0hvf8AmbbWVJz9v+WKSjmy
3JVgedXautSYLDmlJLJcV3afXgOfTH/KnDpPfLbenw+u4SbLMaO1bcdfyr9seD2+tbQbo5uTdhPr
S+TNP/uZMB29QJQw45HVtcbP1SKFdB6j0JGvjzzyLxFLeVek4s7QPqDiiS7l6SYtxuyaNB6ys1qb
/bsNbc1pQ+Xa5tIFHVq1hF1A0h61lRz+dCMrSn7kVSj2mexyi2C3SojrEu0sOqcVkKbSSUn3Iog0
nbH7G4GgwtgJ5AaRgfeiQkPgnzUFwXS4CVG8NOHatJ+ihTTeLWLwRCs1tS2XRkreUlSMn9RjnnI/
lRYllEDdSOlzV31tACZL5chy1IWzDYUy2VKHClvtKCgMjuQQM8mmvqL8PzMYKTdG9a2wuoCksoca
lNAjklDpStIBzzhYPFZyRtF4pDPpPovfbRIjS9HG9XmDMQAt9amvxKcZyO3gnKcLQcnjcOKmTSum
dO2LT37KbhuJedAcdjPNmMXXDnKikqwDkckHOc5HNQlTLcrR1RDuNoQpxLcuG2lKUFDxJUPuhQzt
x5HH1qKet2jNfz4k+fGcd/CxPmdKUE7UK+YKxnBTj/DPer/RmivFjs10m6sehyZYAZdS2zMCMZBz
tSr/AAz396OdH6d/F3Jdoly0/h4zm4Fa/wCHyKzyaMZr0hyO5NtOm5pKEulK0Hn0jnx9Klzpvp28
MaMiSrrCyypOPXH8X3pTxKkJZWRwssiysTX4oecJ84PBpr1He2rXISLblQWcKI8UKsjyR9r+/p/H
CREcC0gcgnzUaX+/THWX3AjlecjzQ3nBaWKYA3OIzOUoNr2kZJzQlcLq9bpS4Th3NnhPeodr1DJL
+G/pwm/XtFxTGGCoED2q7NjtDGltMAutbdqM59qjiXdOyeV4orb8TnVyNEafisvJJIIG0+fevnz1
6vNy1JLeXHcDwyefP2IrrnhEwVbK162jzEKW482pBVnAIwAKT9MNKzNUakagR0EkkeOBXPKVKzZI
+gHQDoam0aaY9ZlWSnKlEc1y6+2eHaLE+w20nCQfPetuCD7LZzuVyKM9WprSri7FQ6NxOSc/zqPR
Ccnyw23uVz8v1FZydnQW1+BHoGbte495lwlZ3BQ3Cvqp0F6ftWqGy2mOMgd/auTjVzcieR+CcIEI
RY4QP4aypGwnae31rWTJWzg4lJ7HJ7033GUlCdwV47VkX8A5e7oCVBS8YHv3oB1ZekpQs5zjtUgk
Vm+IW9mQy8026SRniq/6a0OL3qhEp9KiSrjjPmteTSQ1guR8P+kEWuOykMbSQDkVYO1NNxoITu5x
zRxqiJPI0ajlhCVDcM9uDQDqd9AbVhfJqxohXrBOEW3uuFfcEjFUd+Ia9uS5Du1QV83vzisuelA9
36JFvmbIJkgqWckjBzx7/etIcQSJ6EFIG4gEHOa406R9HzRtUTr0r6St3SK0XGArOMkVIF8+GVFw
t5KYeCBxgd66uKXdGz5HrePs5KIT6g/DvcLa4pTUY8Z5AqMLnoKVa5C0BjyfvWzfg4q8iJvTpQVF
TYxjt71oLYUglCMEcgjxQ3Y6E7sYISApfOfOeTXIhATtUk8+1IEzk6lKChLgGAeOK1KELwncBxzj
v+lA0aoS2hWVqJI7D3FdEtthzLgIAA4zQnQnQpSpASDnySE54/WurWNhdJGQe2O9AGFPuNrz6hOf
y+R/yrDzinRvcWcZ7imsOxHPJcCTtxgHJJrw4SoH+7+U98f6UAbAENFClDtwSe1a5yolKspAyCo0
AZUx+X0wOBgY8/8AOuSkFACgg8eDVpEmjkbttVtBPbPf60nfYScpSjI5OR/hRY2clIR6fBxu488V
yUzg4z3GPmpho5ZKlY7/AErTkqwB82cHJ/5Uwo0UT6YG4eOT5rC9xAAznvkUhLLOfBOdw4H8q1IB
SV7T9aAMDJUTwPoPFanCsBR20BgyAoZz3H97mvFWDyAaBGexz347V4jPzhXGO1Az35UAA5+orJCl
KV29+TQB4cD3ArPOMgceRnmgDUHblXP60sssNqRNBk59BsFxwjyB4/WgDlPmOT5Tkt1eCrgJ/ujw
K5tI3nCGyon+EZ+agPBY34HeknTDqLreFbNSSrhBue7cJa7cZsPAGQkhH7xtRPG4JWOcnFfTaHp3
R8Gw27TjUGQWY20ByAXEsLwMFshSVJ4JBG7HOeRW8VUcMxlbdEvTLbP6e9P4yotxujsd9lK2476/
3ie/Bwo/0J+9PXR3UcWPpZ1EpttxElZUtRdLchrj7Z3ffvVQeWZT0iH/AIpfi3Rp2Yrp9b7kJk5b
JUxGcjF91zjA5HbPuTUH3/rZ1V0/oKTqLW8J9oSgEJZUMIQPPyjOP61Ka8+TRRdAi58TOjpFgXKa
daYb2BL8p85X/wB1AqFtSdabbeNdiNpK7uxYL68qdQdq8++QKjN2zVxSMas1t02t94Wp1mVeZ6Wx
hxSis7v6/wDlTjp2b/tDpI3Sc7Ggo5JbVgqA/Xj9TSfuw2qAKTcrPp+4qest3U02okKXk5V+v1+l
cYurogfdeYX6u7+POTmleAeBod1Revx6lxZTqjnKSD2rrK1XNfQlVxcWpY5zn/likUkd4OoOzqHA
gEHICsk12N5ekPAzJLiU+N5J4+tIKDfTF/lQraZUZ0PsI4UnOcf+VPVj1RemJ/4m0oCW3h8yF5II
+lV+wdNiS5X2RZJK1zJGFuHOF+c02XvqU65EKIqQnACTs4yPejGxDAjUqDtuDuD5WewJpUxr9hua
l+K18p7pJyKSHVCt+5yL0nel9DSAc7Eqway/GfmIBWNyMfKQrjP3NHyNyHC2Rr1Y1tiLI9Qk/wC7
cUSBn3ogt2sxa7s0Z4LRJwpCSNq/rxVxYq7iSLZrWC04y+i5L9F3j8OeRR3pW6fhWlXCxXgtyR83
4N5RCVD7f5iqSbyZybiGvTvqNBN1dRrvTIdTg/uyc8/TwP8AOjTSuodPfj3DaUzI8Zw/NHdBBb+2
c1tFPa0YyySx08tF3vMZaoUhUkJO5pxlwhxJ/wC6f8AaGb/cLq5rx2ya40K3cVOJw1MjK9FzHsR2
J4qaXc3dUJScsEh9P9QR9Pw3pEGM7borKNi2pTIW2PruHA/WpB0jc7gQmTAnxBa30b1bHMhw+c7a
vDVmbVOmEFhF3dkqmW3UUBLf8LcYqPb3JossWrdazwj9pKd9JJ2BSVBR4/ypSa8oX6JF0LYpN/ua
GLoUFlwAgupByPvn/Gja56Rt1kc/AW9iDsByVh5QUT9E4IP86jZd0RdrmO23qB1YdzlW1LjMZBca
A8AHH8xQtrKxw7v66EIkhYbGEICi24nyCE89/pTrIXgG4zN8scM2TS8yIwVlPqMOKLiUg/xbiAec
Z5Ge9PEG2z4rfrIuLQkeplDjnPp5P5ucfpjNZy9JST2xt1ANQxn0RnHIykrT+7cjFQTtB/Ng/fxm
o56kain2aDIafgzkvIb9MuNO4CO+MjBGPII/zqk/IUqK2aUv6onUS4qd9N7a7vPpp2IWUnOcYwDz
W981y5IvkvUkP046ELV/2RK+FD2+tT70aUNXSq/N6jucq7p373HVBTKlHjmrD2vW9+iaCFqYeAbb
5+orO33WNrA127Uk5AVNEDunlfgmkcufLlKWBtHqck0IMAhrVqPbLet7aFLHJqMpdxbvckojt7Oc
bKbwONsY9UWFVpjrlephXcBJoDbit3iYlBSSont5FRLCyUi0Xwy2uLYoTL7jYPANSV1Z6wW232Fy
ImUEkJPHY1XTpRVmfIu6R8+/il6izJdyedgzCfUJ+Xd3qs1/1+22S1NbIKST/eGa0bal8FRXuR5q
K5J1bNEK34Wpw4yk5B/SrH/Bv8OTceU3drhEGc7jvHeubl9b7UX+KsugzBtulrIeG0EJwE5qo/xe
9WokRqQwxKSAnKchXFeg/RxpHLBXIo/erq/ebi/LddJStRIJOaKeiOhXtZawjwmWVKbz8+PbNefy
y7YNnYj6qfBz0OasVpiAxsHaPmI7irn6J0+zboraijtWfEqiZTywkdWlCSAPHbtTfcJyUjaFdz4q
m0OKoSfjUhKlE9/600XmYlAKlHg8A5rLwWA+o7wlG5BVweTUc6yu2UL2LPPsamOGBX3qZCfuktQy
pQNY6TaA3TxIU3/FnOK2nsWCznTe0/g20cYwnFSAZKG2fm4wP61UVRLBLUtwVuP7w/fNAGqb60ht
QUrjwD5qqGQF111W0uI62HewPaqSdX7sJ12caUDuJ/hNcvUvSPqvoHDiUmR/MYQsqKMEeOexrnaE
D9rMrWMjeATnFcrfpZ7/ACRt0Xj+F7Ska42lhLrYCzjI96s7E6VxJFuSURQSBit+hfdxo+O+rY55
Ij/qb8PsO4sKUIYJwf4arV1W+G9LLq3Go2MZwoDvXVONHlwlTyQfqbpq/a3ltLinA884FBtxsBhp
UhKSCruEntSXsWmrsY5cP088cd9x8U3SGR55JHPimGFsSvBG0JUD749q0SW9xIzzxxmjYOvBwKwk
gFJHOSay2spcDm4jjtnFAhWjKlhWVfX612SjY2Dvxu5O0+T9KLA2UylXzuOHPn2rRRTtSjCsfXtT
sRjatxAQcgZI5rDiEJVtSkkkf3qMAzDaEtgKUc48VlAbUNzYB8+cYp7CjspIV9OedwrPpI9UhTZJ
o2JCdbRUpR2AJPOBXNUdPAbSSFf1oWA/ZzcYZDYxj2VtB4/SuLzWEnBxjHBppjx4EzrQ4wMA581w
UhIPzcAfwnNWLZxJPbsAccVoTnPOTikI02hfy7jjHOTWCRtO80Ae4z+bA9zWiijIyrv3zQBkq3J+
UnHnHivYCRjOaBHj8w47+9Z7gKxwfFAGOOw7ntXkkYwD28UDfuZABO7PJHas5ykqHH196AMflPyq
zz48044RD0/+QJXLcxnnOxP0+9AHWLJ0nb2ULdtci4PEAkuPFhpB8jCRuV99wpZE1eEuhmzaLsTG
OPnil9WPqXCr/CgKLe/AUrXiLszcrdEjtsnhThhR2GlJI/uBsKz9e/1q+Hw76Rn9Tb3LkNXiJGEB
orUhieuI+rnnC05StP0WMcdxW3izGWGxR1I1hr2HfF6Z0pqIy48d4IMJ8oU+2fYjelC0gZ5HPOfN
F8nX8DoJ0kuet9UKdjMwIrkh198EtukJJ2YyQAew57mnGVomatpHzEkdcte9W9YXDrjfpMGAtUpS
mhIcUhtCSflQEgckDGMmu3U34xLm8Y2lbVd03CNGRh12Xyhaldx9h4qW1o0SzRBmseod21DMUfxK
W2kfkbYGEc96Z4t3kMOBSFKCt35knk+/NRsvQRRNSSLK0qfHfKnHQRlYpxs+pJc2Kn8ZNdQyTkp3
8Z9yKQUcnrW3cbn6Djy1NKHCvAFdAwbU8pm1ncB8qsikAlkz5UaMp1CQCO+CaQPXeRPGXAdw54JA
FFDWhzt7iorIebe3FIzlZxilzd4N1AakgDHlKe1Iexwt02ZaYC0MSFOIXyAn79qdrPr+6WZKULXs
T3Ge/vTEINUayuV+nB6W+VITxgH3prk3abJV6kbKkDlWPJ9qLQxG5dXlbmHEqKf7o5rpblvurDTP
IoDQ9265SkjC1HanI2++KcW9Sl2KlDb/AKbiTkDd3PmmKvYVxNTuLcSX1gKA+Unt/StZOohcpiEy
HglAxhQPehiSyHGkEm6JQ/bbitTkX5wFHIH09u9SxomZD1xZ3Jt1uyYkyIcICTtyR/r/AI1pF0rW
yZezCXSGorvp+4OvSHfW/DjKPUO4KT3yD7fQ1JM3qdBvei1y9KONpeeThxrAG0/cf4/etY1sxkks
GejHWjX9mnMWW8XB1G/ht9tWCn2z3/0qWYOv9USJr/8AtBcYsoEZSJaMK+4UOx7fT7dq0l2SMm2m
Sh0+1HGtNmdkTZsZSH2wJCFZVlP196V2Od08sN2c/YUNx+3uJ3rRBCkhBPc7R/pS44tXQpttokpi
62Rlhq86ataPnbB3pOAv7g+aLtDTLNfpCpcm++i83+eK2OUkjvilK2rBUnkl7p9CuLbS4rEVt0ON
7vWaCklQz98Z84pymhpwPW2Q86paQBvU4QoH6A/60loT3Yx3IW+DcG1FiVL9NOT6hyceTjHj37UI
6gnCe8qVIWhQKz+9zh5seCcHn7ihryUB0q7oavSXmoNukSHVbFuKQUbufoASfvmju3RnRFMrUDUl
wKSFBjAUe/8ACe+f0NZTqy1rIEdTBavXdTDsrqG5BCgS0hDieOT8o2+2eB54zUI9YBZ1aUfYfvzk
V1ST/wBpQklttX911CRkA/3k5FMpFdtBSpkvWt0bvjwL7CS0qYkgodQPyKz2IoZ6man01Zba+xLc
V8y8HZwUf9d6FTsp4eA7+HGxOjRzmsJNubBU6AcHnnyKlWbfWY7S48VpLiVpypP901jEp7EsO+uW
+0LWz8yFj8ivBNNwZmzWkyn9zQV254p34DCAPXV7kpedhokhweKHdIWRTktU1Z2kc80Sd4GsZGLq
e/KQVoQvIHkcAVHulZCUXoOSMAA49s81E026Kjon3SvU21afs+5uWlBCcHnioP8AiU+JD8KHENzl
FB4GxXKT/pW0YqMTPboq7qXqFcdULcbU76u85G09qizW812CVl8KK3c4J81JaQT/AA49Ml6h1AzP
ltbyPmORxmr79MINs0nY2i4lCVAA9+TUcEO6fcLmbqkB/X/4hLdp+1vtNzkhQyBhXNfPfrh1Yna2
1A4yzJVsyfyq4wa6OadukRwxpZGHTGkbteXm2YsJS1ucbUDIq6vwR/DHMt77d6u0X966R45SK8/n
9VQNtLJ9L+i2hmrVa2Upj7SkDmpaZYTGjpQ2OAO4rTSMqtnCZLJSU+RTZIJcWcHH3NZyZaSEciVs
bwVY+pNDmo7ulCTucHvwagvYBX26BwryoK+lAupnVuNqx5/rRxq3bB/AATdPibKUAnPfijbp5pBM
co2o488VtIkl7TVrUwykhA4p0mtKQ0Tk4pxJAfVUlKEKyrmog1xeURy6XHThOcDNaJDTKs9fNXuK
U8gSuCccHxVXdTXJU25LCslXOFA9683qpeukff8A0Li7OmtjNIHKkK+UnvmtWEBqS25tGU45J8Zr
B5R6PJCpF8vg5kCfZ4T6MKBAziruaMt8aVak/KCcVt9PlcD4z65Ht52ctSaWZdQoFocjHaof6kdN
Y8kLKmk49sd69Rq0eDeSuHVnpAw4XltRwnOfmxVfdc9NZFvcccVHOPOE+axcUmaKVka3rTL7SloE
cpxkEDiha6W5LK8JQQQeeKKbLGx8JSg7lDaeMnxSd5KQP95wfp2oGqE7wGAhKwEjkJ+n3riXML2r
Py8YHajYnsWxXitOSAPYZ70rHppAWkq5GQD2p+aG8m2Gx+bzzwe3vWpIWoEeBnJ/0pvRJ4AkEKc9
+SK0U23nK1knHKhUgYyFqKVHATz5P6VqSplR2qwkDG4+aqgfwKhlKTkkgeKyflKFZznnIOKGsWI8
CkFSlDI/73Fc1RwtXyfl74HbHtQtgaONhWGin5hkZzwa4PR2ktglSsnjA8U0xiVxlIAGcZ9z3pMU
KSvJXnv37VRIndQkKySCB4Oa4EYVjdk85TQP5NFEDgq7exrC9u3JSOaCTBCU/KQcVqQkjG44oAyl
OBs3ZPtXiRggnJ+9AHuDzwB/jWAAkcmgZngjk8E8817IJxjigDwXwdo7eea2GVeCBjigKMjk8DI8
Uquj6lqZilXDLYSP15oASedoOPP0oh0BpLUeo7yj9hWZ6QUfMTwkAe+4kCgD6V/BZ021jZ9ALnXz
TBCQE7WmnFKeUOPmQhB2qxnsVVcfpzc7fonQNw1/cWL09DQwotXi422Sr8LgYIUQrO0e6icHgGtn
oxat4IM0vqfT2supCbhDYttyckPqdZmx3FJbJPf5VIPJzkc4zxQF/bB/EbqnT/TG1fDLEnIYXdfT
nT2S0gKDSDlCcp8KXz9k0QaUUEl3So+d8TWHpsqtuoUPPx1EgMNOlISrHBwP0ofk3RC0GIqLg7vz
+aybs10atOKWgpS8EjylXcU4wYinWspG5KeSRSGPJt0JVube9dSjngZwcUtQyVxgts4aQMFSc8/a
qsQ9W9bSEJkodAI+Uj7/AF8U62CxKlF971UjOT3wD5p2DOknSSL1AV6bYT835Rzk5pn1Nog2SM3I
Q3ncnOCealgC0q5ORSohtSEY4rrAvrLAS6kHJ7nOc0hoWStX5jJbjvkJ5+XPb+Vc5OoWHYCitR9T
HAJzilRSGuLf33W/QcX+Y4x5pYxdXWctoeUUqHBHNFEihMnaj1SvKjjge9dTNVF2eiopzjz3pjoc
lKlSYCHmzu3dxn/r2pIp6aFFHpLV4wO+aBaQoav1yDYbWwUlJzhXGacYaZAjGc6yfS79/OTQ/YMD
vozqWvTt3KfTIbPZJ5TR7aOtunG0ekYnpknkg4I/1FawtMmSUkFY6mfsNxEi73b1IL6f3biCcozy
OfY+/vSjp71Ytdnu0iPEuqy3IJLYI898+1VecE9qoJGeoV9vr6n2pQhPRTuaWk988j9M1LHT7rHq
NiIxdb07Fu2zhTbfDg/69v8AGtItN0zCUfKJ26E6miajuL1y01dEsvSR80CSNyQP+6f8ql6w6ysG
l0qg33TkFtzBJkxAoJKf8BRKLcqeyUcbJfpl3u70jSUtmbHSd34dpaVOJB+lSV0uur1wugbEY+oh
YPpOJAx9CaG7QONFhbNfm0OCCu4txVFISQ2sBSvpnsTSm5z497actTl0i7nBhDlwKVL4/wC6AKaI
By6S9V2hfoRLjFkho4b2rPy8flIV4/lQnc7rfrkp1+S22h1fJSh3AIxyMpzUui0rO2itOS3milNw
eG8hZQ5lSRg/bmpAtlmvVsfaedaccKQU+on5kAHyD7dvNYN2zUDuotrcfTKt02NIZlNgbRjh1J9l
bSM+xzVVupkW4vXKXCj+o4iODtd9NSHGcnJyk4IIIHbg+Ku6QlsgyNFZt2obnBkvhwlzYpZHZJPP
18596rt8ak2+aV1e7ou3SGpBex6byFZ3diMY9gaStJl/1Inf4MJ2oZvSJt+6zXPS24UnyVJPINSp
JkMzELuLDgbHYpSefvWEH3RLkqZ3tVquM1lJUSWQrIJ4zThqWWiJbfTfUAlAwADVIlgEdJRryty4
hWAD7nmkapMC0BcZwbT/AHvenWbY2/BFXV3UbTLC/Qc89zVf9QdX2dNzCn1eQe2e9EvBURkv/wAT
MlmCpyFMVyMbd3f71EOtOsFy1XJWA+tRUSNpJyKLwPtoR2i5S7WwlwoUsr7kKwU0ll7tQ3Bv1EHv
wkjAPtmm8RoS2T58P0WFp6I28DjJBUsnuaPNfdb2bBaXQiSkYzhIPetONdkWZyzIp31x63XPVlyd
ZROUUHIwknn6Uw9KumFz1xe2GxG3bzuI75HisOSfk0WEXf8Ah7+EyEwiO/NhhbxwcAcD/nV2ui/R
OFY4zSURgnbjsKz7PLJbsnzTVqat8NDaE8/SnlakJbKU+2KJVomI1zVZ48GkU19DaNu7k1k2aIYL
xdktJJ3D+dBeoLoHSQFf1rJvJaQKXFaSlSlH5fuaFr2rcTt/pXRxp0Sc7HYxIcAUnvUi6T02G0AB
O0nz7U/yEw/t1qQxETgdseeTSTUBSywTxWkVgzsiDqXqREFtwlQ4HftVcup2vGfQeUqVjcDjnFar
0lwXc0irHWPVTktS2kv53E855P6VEE5BLq/UcGfcGvF6iSfI0fqf03gXH0y/RwUlTjRSv8w8k1zA
yoJ7c+9Zo05F6rLn/AVdttjajBznd79q+gHT7d+y0Hd3Hetfpv4tfLPi/r6/z2Ol0B2E+9BeqIbT
6VDYFZ7ivVTPm5LJD+vNMsPrXvZx35NQrr3puxJCyhhBGMg+1U0K3ZC+t+kikhTgie/5R2qG9b6B
lwCpSmTtHnFZPBumR5cY7kda2nEkbTnntxTYVNuLKT2ByMnnNA0cZGUs7tv5SeB7UkfdxhCkqA9s
/wCNCVjao3jSBlJXn/PmnWA80tSSsEZ5wo9v0pyVMS2d925QSFYHfGayltCFcJ7mkBhaUoQUpXkj
uFDNcgP3o3ZBx48UClgyewGflPgDvWEKBVsSlRPOPpQArQ2EoLpyeOxHmsJWlKdqAT/3vFBJt6aV
DgpGMkkHFc0NoI2pWc+QP8aY6MBKdhQB83Hz5z/5VwUyrcN6Sk5xyrzR4EJ1toGFA58cUmfaQnOF
85xu96sKErycfMUkqPse1Jjg8bNwH9aY1o5OoB7Kz9vNc1YCsD9PpSJNkfKeffvWowkgqV3PmgDP
HcEk48CsBfgYz70Aez8+eTWRxk5HNAzxxwBkfY1jCAnsBg/yoA2HCSAvGMdq9gjJURnzQBvHHqSE
NjOSrt5PNdLkd851YAHzbdoGMUBRx/KoYxke9GfR+yQrtqVo3STIUjGCltZTgffGTTWwaPq78JWl
9Px9GQE6ejRpzfpp3R5Ms7mzjlXtjnuT3FWL6ia9VpDQ407ChWYb0gCE3OWwt75eyHFEZIweACD9
a25HimYRVvBFHQC422bq4OuWVUdbK1lSrm20W0A9ih5Decg5+U5HbtXz1/tS+r07WPxhajQuciQL
Olq2MhvlpKUJCjtHgblHioeFgpfmVsbeckZWpoE5z37ZpdBt5dbMqS/ggZCQPNZmpzlIBUShRKxj
O3zTrpqYGk7lJUogHI96YmOj9q9ZgzI0opBOMDsD7UvttzdcaRAYjlY4yhOaErG8BDadLy56m3jh
CD3SO/8Ayorbg/gbeIkZDSXFcHnn6eKpC+RakQNO25m6yZqPXH/qwc5+/vTPO1QrU8svSGkhsZwn
2+5qnEV+QZ1TY4Mx1CWmvzeB/U0NXfRgawmIcJGclOeazdjTG9zSVyaJLRWsDsB5rZzTF0Q2HHED
HHG7gUh/BpGsbju7YtO5KTwT+U13tFmuLskRiSdwP2FABH/sJMYSiVKUSM5z7H2+1Ox0nCk29LzL
fKQCoKOf6UxWOdj0lPehLktIR6Sc5SDk/wDOl9ktFok71ypKWCeMqGcfpVJUDG6+w7Qpam3ynCMj
cARkU0CahzFubLjjKDghPtSEsnPUjlpaQlUBP5k88dj5pohyXplzbaUs5zng9qWUx+CQLJqSM2Gb
Re1JdjK+UhQ5SDRVeOoWjrPZ2rPbPTyggpWO6Me36Hz9q0WyZHoHXK1iY1GmOI3oTt9QcBXv/r+u
KJdE64ZjarjT7Tc1NxHXMOIUo7Mn/AE/1ounYduC2nTG4DUNwRE07dRarw2kOo2n5JKR/wBc1LcL
qbcbraV2+6S22H4iVIeSCA4FfVJ/MPqM1smmv0c9VLIEaI6v6Yg6yech6qYiz0K2D8KktOq58jsf
virLdFNVXGe21cHp62nVuHe7ITkOfr4qdYYOPlE82/U0C02T171KkeqFbUvSowwAT3Sdqs/yFFqp
VtuloNlFiaks+mFtvrzH9VSuwDigOc/X+VU7WTPA0HSfpRQu/WiZC7/uXJO9aP1BI/lkUNmDbWJg
i2xbzjyjhLzT+zHPHABBqZSvJaSRLvS/SbrTUdT7ElnKc7JHJPbJHHPvxRvO0UtwLT6ru/8AgLaA
XBnwexKf51jHLLkRJ1FFxtk5yIuZJZcVwgIVxx33IPJ/Tmq6dU5lvukiUxeprkqQfkQ9DdKjH5/K
pKglYSfIPAzxV0CpkLat0pbI9zOoG2lOKIIEZ35XOB8oJP5/bPfGO/eqU/E5dbXfNflMV4QbnHVv
jqdVw4vjCR4/Sil2sqLfci0Xwuao1O30oVOlafjRlymtshpYxuXjBUKJ9PtzFyQ2qGA0Du3ZPNc8
fxWDR7C4T3UW0RwoI+bjaKYNZyTKiGOlWSDzg9qtE0D1qVc40N1KnT6Y/KScU1Xt2KIK3JaApWCN
1CrTBrJAHXfWVmtVskBLiUk5xnx96pJ1L1XIlXZbqJOEk/lTz+oNOVeC45yCjt5luq4eVt8c96V2
G3uKd3q4zySKj9lBxarI7OZ2oGN3BJok0h02eXM/HOIKEDuog4Aq3nCM26QSXi9taNthZCjkDHBw
TUJ9Veqkm4FxoSiCr8oB4TVydYHFeSPLLaZOoL02wAVFSsnd4q6nwndIWIrLEiSwNxwTnue1c8st
FPRfHozoOHHjsn0UDAHfxU+aXtUeIwkJGMDt4qmzFrIQsKGMIAAFdSvjvWMnZawIJzyQNqiOaYLr
cPSBUT9+azk6LQGXy8hThCFZ+1DNxntrySo8+QazgrZTwNF3kJLeEq5IxkUyfglynxkH7DzXVpEB
ZpnTIylRb5z3qQrBa247Qyj9aSQmPEqSiMwUoPcdj4oS1VeUoiKO7JxwM1tHZBWT4hNcNWpDo/Ef
N3xntVOuo/VObcpj0dmSCg8DHinzPsi5M7/pnD9/qIxRE+priu4vKSpwnnjvTA4lJSsOg5A4Oe1e
DJ90rP1vj4VDiVCQYIKQn8vfPNa+m4tW5PGeaawcvJFvRa/4BLj6zvouED01cAeK+jvTd5l21IG7
PyjzV/Tn6pV7nxf8iX+aPN0bCknarHg0J35gtoUhQr10fLsjfV6GlpUHRnGeajTUUdgrO5IGfBNa
RdESXsCV80vEuDTiVNZzzt7VC/WDQCIzC3WUYGCMqTihx9hxdlYtf2kQZawE5IPJSexoHdcUH9ud
vPOTz96y7TY3bSp1vbjnGMA9qQymVId/dJV9j70R2X4sTtuFpffCVd8mnKC9+7S7uOc/aqkiRyYK
dmBnnkj3810KAFbgtOT82DxULAjUkkbVLGfGfNauFK+Rjj28GjTwBooHYFlSQMc1hj09xIURkj9a
e0IXpQsoISgjPBI8VhCUJ/dEDvnBNH6EYSEthW7jwCRjJrVAX6fznGOCBnOaQzCwhPzKTyf61hz5
0lZVuAGc57U2wExabWRnkK/MPakslsJHyLz9fBqhCJ8cgE4HekrjatuQrOfPtTBbOSkJUOVcjzmu
RyAQoD70Az2VbgMEZ8+9arCD9j5BoEbbwoEJH/OsFOAQFfrQBg7TnP8AjWckpxgfzoA8c9x4r3Cs
pzgf4UAZGOUlX+te4x8v9aAOjDzkV9Mhv87ZyPvXnHFvOF9eStRyTQM2YirlLwCkBPdSzhKfvUn9
AbVY5uq4zM16TcnEKChHYG1hH1JVgH+VVHYno+snwoaU1W9bLbFbniKdoQltopkr299oRlISD5z/
ACor+KmE3ei3Z5t3kvymUbnbmz6I/CAYwfT3K2jGfA+571tyZVHNDEhr6Jaal6M0+9Jm9R5d6ioS
S0mUFlLQ7kgcgHsQRx96+QHXHUEbWPV3VGpvVUpyfdpDgAOUhPqKA5/QVlN5No7YOxIpbwpO4j2p
zgxW34ymypSTjISPNQaeR0h2K2thTt1ZU0ot7gkgjf7eKRQok0KD0WGv0yrHqbcJoDSDeN07uT1p
ITPbUhad20ZO09+3+dP3TnpnqK32Z3V01DLLHJCHCcvAd8ccD603Ww2EWk7jYmWX7hNiKdDhJTkn
AV7JHvSPTNtcmXJ6Rdni0n8wbXzgZ44+9aESwjSQ3Dk/iI0lO5xonatRwBz3/WleiNN26fI/CSSj
1ArOM5TilrI6Twd79p63ztUC2QG0KCkA72k8Lyfb9Kbb5odq0SfwU1z944M8eB4P86O3AIaZ1kYt
yWSXt6TkKGCOf9OaRajt3qQXJcIgIAA+bsBxUJDBaGhwoLqVHdnuml1nfMW6NmWn5c+/b9KYMPZb
/wCOjNRrNG3qIBUEqxjz3oi6bx7BKlqsOqh6ClDcFEg5B7Ht7VURPQUau6WJ05YX7japzb0YH5Sn
gnigB62RLEoTLxbSWncgEfMP19jVbWBX7grenmbu6qNbv92VEhOTwBTGS5a31R1kpyfzJJIrNj8i
laoyISVyI+9TmQFKPamyzqjsXFbUxXc4Sn2Hf+dJsdDovUcax3Bn8R831XzSK+gXl9ydCe2Bw5IT
RYM107Bg3BaWHytD6TlSt3HH3ogtWuXLZcF2xCgtsfxE7R/1xT2wZP8A0q+Ih2w2OHcXbilUuGsF
PPz7e3c/T/ripp1P8YOj79a0DUOmmH481sJdlRztktnwoHvXRGqvyYSi+4iC4a/tkXVreqLXNfuk
CE8HGXyS3IZOc4J8j71f74cOsMnqNoyFcpa1uMLwAHSg5/8Atf8AWs7umy5R7bLRdO7rPmWhrSWn
HYUplZ3umWkrORyEjcTtqX7TepNngeld2lMt5BbU0jYHPfKTx/KtXTZzV5GLVt2bur3pJU42hayp
aHWjx9eB/hXtHaNtK9Rsttz3n0n5m85WVHucd/8ArxWU3WEXFFi7HBhssx2mWg84pvJS5lXGOccY
HGP9aS60b1A7ACWPTbaRwhp50oIH0OeftxUxxkple+slwvkJpbMr8RJU7naxIwon6DP+RzUQazsr
eoUIvFyCUlQLQy6ELSB4Cjzkf3VHNOTQ0qI011ZpTOmH5C7kpt0J2MFCELURnAG78w7+5+1fN/4g
0Wu+a6kWzUVpDrypHqMyIX7t+M4k/ThQ88jOCexoa/y3YQ/Iut8NmnJ0vorEiXGeFNLSNjrvCwAK
V25dw09dFNuSCppRIyrkVjG3FM08tBRa0x5TolPzOecII4pBdA0Ji0SGkp3/AMQ7VWNisGLgHPWc
iR3wU9xjxSK+aflsWJbi/mIBPbg083SG9FF/jI1LGhvPQPX9JxJICDxVTJkx24SDhSvmOM5yPvSn
RcfxHW02EPhKlJweRgAkUeaN6evzXEqQwdvkDtWd+CvBLWnOm5YbQExt68fKnHai1zTybBaVM7Rv
28nGAPpW8FlHNN2QF121H+zIi223gMA7Ue9QLKW9PlGXNXnKshJPc0uR2zaKpB70dtrS7426tkKc
Ks5V5Hmr6fDRYJMz8O8UFKeMAcVzylQ2i6fSux/h4jYI5IGKlS3sBllJB4AovBnhsXJ2toBJ5NcZ
c5LaM5GT4zWZVMYrndkjcouDP3oRv19S4oobc/51jyM0ivIJXOcVLUfH37UxT5+VFW7n71fEv6gk
IkNPy1YycE0Rad00HwnKMfWt3nKIJCsOmShpJDY7dzT43bkxmvmA4GftTSIbGi/rIQrnjsSKi7qd
qj8BDc2fwjjFax2J6wUY+K3qpsdejiQArsefFVZf1E/cZDjqXFd/lxXN108UfUfxrg+5z9/sc3D6
nzjIJHfFJHmkuA/Nkj+EHmvGWGfp3JD0pCctpJ+cYWOOFVzXtIxtxk9/P860PP5Ylj/gWlBi5rbS
cfPk819IOktxSu1tpKv4cc1X091Kf7PiP5FD/MsMJSt6CnP/ADob1MkGMoKA/WvYTPlWRdriOstq
Wfyioj1Tf48F1UZx3AScAmtFWyXgbYN7akI+QpUB3A4NBvVlqG9bnXM4OO2MfpWkMkPDwU36zhuP
Ld9M5wSTj3qMiVSH8btoIzxWMkbxO7Ede0n08cdsdv0rhcoq0/Mr5ceMZzWa2XntG14BRK1EfqaU
QgvO4uJxwRn2rR0hMdoqySkbu3GEk80pKkBGcAjueeazFRoolQO8AAcgGtS2BuUEfLjuPP3FNOg2
al1tTRQODjjPNaEHKQUlSgBnPj6U17CHRvehn5l8DAx/13rRWwI3I8+5pWBlIWngKJ57K8VlQCQf
kBHnHejeANSE434x4IJzx/LvXMpTsKdpCskZp/IUcnMoOPl4HfvikTqUEdv0JqhCJ3yk84FJnkDf
n+mO1MDg4ODt448c5rkVJB3K/lQIwoHgKV3PAGawrg8KzmgDwCSSCMZ9q8sgHO7v4oAzwkZOR969
gJGB47UAexkAZ+xBrABByFZzzzQB7uO+D4zxWwwo57cd6BngOMeT7ms43Z9/oaAOkWMqU6GkKI+p
8Cpx+Fxlj/aVm02yUhp5SgVuIBKiPuMYH1JH6047B0z6V9A7TGgusMtX9AQwA4pbbQ27R3JyRuP0
zzTx1RtVr6h9Qo7EfpvepbCWP/x15bUfcnJG4tjeUjI8j/EGtpXKrZgmldCbrhNZ6HfC/qXXNkDD
zMW2ubULfU8rcRgA+xBPPbFfHppKZT65S1YUtRXg98k5NZz2Pi1kWRG0pwjOB24P5aetP2h243Bt
DA3IHKwlQBV9qg2QVs2x1c1UR19sJU3hJX82PcfbNO3RS1WI6nYa1wUfs1pZKkLPyqI7biPHOapU
D9h+1Ki0XTVNzvOipjDVpYO1lpRx6oSOTx2ziuUfX13dVHt9zjq/BIBWWyMBR7ZI7GqaWgppGtzu
EFcSVcLW4qNhWUMjAHGPlHuSfatpN8Q/Y0SyVNSxtSUJ7YH9ePeiOMiZsxfYkuNGtNtgl19Sxkgf
NnPJyKcbTa34utP2VcsxdwSrC+N2f8qdXsQ/as0wqDNYuOlHvVWE7lvKKkqwO+Qf8qSW90Nn8fqq
DlO0oCvA5qkm0TdDlaunFj1Ct2Ze5Ko7ZBDQ4x24UBUa6zcjW2S5p9MlC2UrKAtKcZT9DUyVMpZG
X9hNtXJuPDeOFchSjjHuKdzpu1TIxdmSdjraTtWgnJPjI81KYPCCHpxe7BGeFm1FwzglJQdnP3P+
dZk6VRfNUzHNK3FElsHDSSdqnAkcDj2q9Cyc731H1TYn4+l9SOqTDUoLCg5uCgOCRT5C1L0+vdtX
CuK1BoslxKyCSHPASr/Wh5uhkVzlTIV+lN2NS5DbCjtcHcjxTZIuMm5NFx0FWO/vWbQ0ef1RmK3b
HE8FXcntXK6ymGZbcv0yAR27c5peB0c5suLMgkvuZcQfkzwQPr/KtLZdnI7SoiOFq5G49/vSBmYp
ms3ApccU0vHzI7EZ58+/BrtGXGdkkvFa1Dynj9aCfGB4gXxq17478hZUnlO88Yp8tGutO3dTcDUE
6ZHfZTht+P7/AFHkVd+BrAs051F1LZL7Isbsj9oQZZGAtGAv249+K+hnwW9SJlk6ctuvv2mPFeKQ
pmO2relR4+ZIHH3oxZE7eEXV6SwY86xi4Xkm4vlzchu1IKnW1HsrvkJqW9JW3Uuo0Otzw36CMemx
KysLPH5grGP5/rW12jnayaXa1TPx3oPM+isE49BZ24z4yTipm6P2GHHsqLlLS8VJUNyVJAOR2KVD
nNZT9i4rySvKl2GVbW/RnqV6ashe9SFoJ75/z96HdYX6NdbKqFCnsLdb+T0FpC8/pjnzTiqBsgPX
EZ2dLXD3NtKIyQ2AEZH0OMfpUe3/AEoptLtwlyWAlofNHIKlY8ZJGCB9SPvQ8sCC+uMq4wLe65Gh
tpakIOEMKCwrHfc37ecjnj6V85de6U1Zqb4iw3EuC5CY6xJbZCsOt5OAOfzJxnn9KOTHG6Khuz6B
dJrdE0900ZtSwQ842Fek6fynyKYoVvE/UCnHJZy2r5mc1ksQRW2EE+zvb0z4a0oSj+DPNNMy8Cel
cJ9OxaTwR5p6yCdiBMWPEdSFNFWeST4rGq7gmz2ZyQ4kra2HjGcURqxtYPm98dFytWptSL/ADYsE
gpHGar7p/TjjrgBzkHuaXI05WtGsV6aJP0boj13UfuRnsAKnXp504QUocLeSr6YqIkzwSdadJRIo
SlPKseaCur90hWa3PjelJSO/kn2xXVCN5Zzt5KYdZr87drg8oKGwKwAT25oDgNSp8oR2UFSicAAd
qxk1dnQixHw3dDtQX25sPfh3UoGCXVDA+1fRT4dejarPDYK0E7QO/YVw9z5OS1ocsYLN6SsCLdGQ
kDGMc0ROSW2kfl/Wt3qjNIRyLsVcBQH603XC7AIPzZ+1YykjRIFrxe1ZIC+Pp5oZuc47jkng+Oay
XqkVpDRJcO0rVn3Ga4R7YZigVIOK6kqRmx7tmlsqCttGel9O+mQFI74ppZFYawrelpASQPlHatZb
SE5ChkYrREgpqaP+6U20fzc8VAHxAzv2XaXyF4ISeBWkFbFhHze+JG5XG839394QkE5Ge9R3boaC
gbRjyeORXk9bNd9H6T/FOlf2+9neUggH0/B/6NJH2ltgqQfm84rhjjZ9lyq9HE/vVB5OQ4O6ffmu
byUDLjSlA9toJq1g8/liTp8ETzqtVOICuCrnxkV9I+kSVKiJyrKeKvov9SdHxf8AItx/RILidrQU
Qc0x35sPEtJwQqvXjo+NewC1laXDHW2U/wBO9V16wW1yAteE5z7e+a1WifNkf6YvcpExSS7wO27z
Tb1Z1O21bT84xjBHjNXwvDJkvUiovVS5/jJ7jbTmQT3Bpg05pp24yEFBJyOR7D7VE2arRINt6SOy
4PqJaWFbeB7/ANKF9V9PblbEDe0ax82aRfgBrrbhFXy2Qc8AUgaXsOzcc+5J4rWLFi8DrBcS4oAq
Kj35pxZU3n1DgD61EvYarZq+oJ3Kz2OMDtWuVo+XckcfrTskxt9MFQcJI+U5PatASnlJ7HsDwaEn
sWh2QcMqG4/IBjPNY2DbvCgT/d80mqEb5QlRXt4A/iNYSd6SVkc+TxSKOTiNiE+oFJz9cYrRQITt
bWSVZ/LyR9c0xHB8rSjIOPH0HNJFpTtPy/Q88Vf6EJHSAnGTyO3tSN5ASO/A8GmGTivcoFPA+gri
scEfzNAGCrPJH0xWNqT2wfegR4e3GT71ggEfl/zzQMzhaiSrg+OayQMYBAI5zQIwQrsPfzXueVYH
J/lQBkfMklSh7Vng4xz9vNA0eSnjb3+9bZKgMDknjFAh0tlmmzXkWq3NEurTvcVkJCEjuSTwAPJJ
4qxPwhW/TMHWMeDbULurqVguOMYTDb+pJG50j3yke2aqCtgz6K9KrPFF2YX+EDi1gBSDgNkdxnsl
IyKdJ/RHTSNXovEdm4OSVKDv/wCMhDJAOSEqUclPAHbHGa1zgw0I/wC0wg2mB8Buq/2fY3ml+i0C
pLpUjBcRxnsf0r43x1BLpCOyh48fpWTRpxjvbBDbCd7G/wAnB7052lDaW90Z3Y4tRBwo8J89vpU/
s0fuPa5S474Rboq/yYcOSdp5/wAqXWxuIwWW/XCkBJUpDvYnxn3qkDfudGTDkIkvwU7GSc+ijIyR
jOP8acrZBuWtLmiDYYiW1x0KWptWQPcnn6UN7sQRad0jrfVsaVpi36dK3rYv97k4xjsR9STWLFYD
fFuqnSQw9EUpHokcpUDg5HtmrSciXIK9CdKbjHlMXq3RFrlO4OxI3Z9yAPJokj6cjXzWUp7VNu2e
g0B+/QW1Iyex8jFX24J7rQ79OOmdpupnTjc3XkIWUhspBwkfX34pJ1W0lp+6t22y6JdKpgc2vsrU
ClQA7/8ACc8EHvVVcqJd1Ys1vbrC3pCNpLU9tXFeaKUl1kFOSTwd3jIzxUY9WdH6IsdgSizwFrc3
JIUolRJJ5OT4qJJ6RXHoQudLrlqOLDegNIjKX+VwJKc/Q0kXoyVCJsKtsmUpRBcRkkEdsHtzxWSx
g02ddKdM0arvCWLzcvQbZ4WFDCxg/MCPGKM7Q50y6O6vQ8tSHGXeHA5l5GAruO35k/Xiqp6EyNOo
q7TqCbLuSrctDDylCNknCATlICqT6O6f3TUb37DlXIMoSnclSCVK4P5QB370m6eBx0J5/TrWmmdQ
O2dhKH3EuhCdn5lAnAVtPNMt70ldtN3xduvba2XFJCwnA5ChwrjjH2pS2Ecg7JZafWpAKUlPkGls
ONPkRhcZ9rdXAYI3PAHb7dwKWyhHqAwXJC5scbEnBwe3akLj7brCfSJC0jlQ4BpCZvEuKo74IG5X
bJ/i+tZ/akyLLcfaACTn+VAvAss85q4SHnrjI+Zf5Codqd4LMJt1pZSlak8bu4yaaAeGrlcbZeYU
h2SS+0rcltCcAAdsGr5fBp1at+pdKPtwbCw1OYKEyA7IKXXfqCcnH2o7c2J5RefolfH5Vlbef1vE
iRoZH4qKCQtIP5cObhn6jFWc0jemxpgORH/xMVzOH2SFoUr64zjHmuhLWDkljAi0jAdmaiJMFLQC
9+xPCSft2NWQ0xb4LllZdgw0sPoT+9hrwEK9+Pr9KynmRovxNp8ZbYD0NtTRyf48KHuBng0w6rce
uAQl6GytwJykPthLo+qVDBBHfzSQNMjPWL0GLIDd1iKnIVn03T+7UoHuFHPf9aBNU6ch3ixS5UG0
LbDRJb/fKb3J8gcdjg+MZ71TDwVd6/ybHBt7lkuMJ2MlW5aXFOHCxgkAkZAV53J/UeRT/SGkJVx6
ju3KK69IiocyiYojckE57/Xz4zzRPEaKgWzsbMs6SSy00px/bgb1c4x70O6YgXV3VKktxsOI/Nur
L+lFR2x21K5eoco5fShJ7DPFNcRq4PuiS+0AU/8AvU5WNUOkCE489vebxjtSXWsJDlscaUgFJT2P
AqYvI2ig3xe9ObbLvblwQ0gL3H8nc1C+mNHK/FANR+M9zmlyKnaKi8Ex9PenwSUuFtROM58kVNWk
9L/hWUuKIT/jS41bJm0Ot4LcGGQlzYCM5Pmq6fEDe4jUZ0LdLhycAnAFde44MqtlVNRWy46mvHpR
kFQJ4Cc881Pfw0fCS7d32p14jggkEJV3P+dcPNLPajotJZL7dDfhxgWFhpaYKRtxgYqxejdFs2ll
CS0lO0DiphBRWCG7CtoIZASj+VJrlIKWztXweftRIcRklTVJCiSe/vTPdLr8u1C+BzzXNKRYOXGY
64e54800SZIyVg5+la8UfIS2J2GVzXxgfLRXp+yh5QaSjvxW1kMNLTpkApQUZI9vNEtt0+iNjCfY
09k62LnYwZRgfrzTXNUlBIPJqoibBjUshKGlkKGccE+KrB8TN5jRIUj1FhWEk966YVQk7dHzu6wX
BNw1E84VBQKjx9KGG2gGBtUBu7+BXznVTubP2r6B064umj+jg6lISCkc9sjv/wBcVwcbUWytKPpy
e9YpVs9fkj7CZ1jcN6PHdNcC2oguoOPcitE6PN5Y28E6fBakJvrjja/m3AZHevpV0bhqVbGpCjyU
jg0+if8AmyXyfE/yXDRIUhBEYJwD9aZpkVC/mwa9j9HxbB3UlrakN7FY7VBXV7RSpSnd6eB2Petf
BnpkDX7Tj9qkuuIbUFc8jsTUQdY9SyY0dxl4jIB5I71UMJlVmyt1wWu6XVa1K+Xdgjz3qXuh+hW7
o6lBigqJ4yO33rOTNKosbpfo0hMNLjkUds/loT6m9FmXELdTF2J5IAHNX24smLzkrr1G6XLt7ji2
0FI8A+ai282pyBI2FH1weKmKLs429xaGSnjv/D5p2YDb2wNKwO5P+tJ4yNex0UUepucV2+bitVj0
1le49+3cVNio12tqOUD/AL1aEhKuwO3jBPmixDqo9vVPGcZrJQMZxz4p2I6NoUoFaiFeME1z9FR+
UgYB/l9KPcdGpQtXCjuAISceK8ttKNqAtJznKR2FCATvIQCQo9gSOf8AOkbiFDPJ+bmrWcgxE8nO
4Z888YpK83glQyoe1MQmc5VlORn/AArksbflKu/mgMUanhJPPPtWAngnJ4OTQFHs85Pf27V4ggBX
0xQBkowQCSPcexrG3AJ3Ac0CMqGc8/yrBIweM54oA9tUsg5AA5+lbEITwRnjvQMzhKlk+3+NOmk7
VBuNyzdJgYjspLjigfnUkH8qR2Kj/wCdAeBdd9WG5H9maesjMWFuBDCMuOSD4U4o8rP0/KPAqwvw
V2/UN31REZv1vekRUuJITIcEeO2oHjI43E9sdqqGxSwj6T6bs5dhtTY7zXIz6XqhQTx/w9/ucUb6
Qjy5l09C66eiTW1hKUNqddQUqzwQEn8o+pB5raO6OfSsjL+1fuw038GWobfMlDdM9OMIxeIDSlLS
eEHk9v6V8dYqfn+b3AwKwZrDNtDxb3mIbfqsKUHs7f8AhxT0/EiaeZjS2Z3qqkA5A/hP+nf+VI0H
T1rbEtbEu2uKU8VZUlRyFDzRXdk3vU2nUanVpbZEgoU0uWlHynJ/LwOMdhmmgrIy2P8ADXCPFstu
ibZbjnBHn6/1ottsW8aGnP8A4iElMtSNzb7K9wxjA5+hNUlnIMcNJdR9VWSXKRZHQ/Mknc6tfO/6
n9aV6ZYtDkSS9qWO5+PecJcWpXIUfYfc5rSLyQ0S3YNRStCWyHddOz2nJZSEFAGDzwrn3+tGmprR
I1HDcvV0aaizriUbnFIwBxjv54Aq8PJi4tbGqGynRVvVaIjrbj7gKvUbOCr6H3pTa9K6Y0la5Gs7
4gNXR396d6sg57D9O9LL/uOTrA2amtF313a0XuLObKWWgl1ok5SVHcFEY9h38Vwk9NnNbMsabgMp
dcWNi292QeO/ak14QReBFcOgWudKXFVqduBbQyN6GFglRRjBwabdS9P9O6OhNX+1LXIu75DfoqVl
LoPJ48EHFOrVFd2bNZuqtJwrHKhansSI0+chag8gZOSAMZHkEfeo71EhOptPLgLuCfUSd6UPJ5G1
OeDjjI/Sk7SofarGu8tyGdGpiuONYSpAUArdjHY48ZzWelFi1TfNUJOlY61PMJVlIyQnPHGATk+9
Y4NBTrxnqhdtVzYyLcqHMgENKStZBUtA4IUfzZAJoHtcJGsLwId0uiYzjSTvPJIAGdqRnvnPFOfs
CFjHSOzsN3OY9rqCsRSsssKbUoP7UhXJ7JPOOfIxTZbtTtr09M00ViM0pKghBTyndjOPoSBSaQ7Y
Ax40+fJ/ZdviOPukkpbZSVE/YYzXa9abl2SG1MdkAKcO1bW0goOO3NL5ExCypIw4CBk9/evP7ADs
X3GfNIdqjnFnmO8oKTkrwEnOM0vtt0EGcWngoeocYzkUxBNdpjM9yJGgpLq0gAO857c/4Vc34Q9J
Wiz6OtnparBkTFeq8j0AlYx/CHO5+1K8g1gv302l3VVtj/sR+OytSUKQm8YCZAHdAcIKefFWQ0xF
YtMZrU8fT8SNNWN7j1ueQgnI5SoJ+VX1reLwcs45Jj6MWiy359F1esyUSM7imOraE/8As9qmS926
xN25p1K1IeQgFOCUYB8H6faoSt2VdDZKRK9ZAtUVhLgGVMurVs+9C2pV3JMF9p4RWHUqOxeSWifA
I/pkUlhlPRFGq5F8/F/hrzHU0l0AKLKdyFA8BSc9+O/mmi6w4djsK2DqlqQWwfSZnIyScZ2BzuO5
PgjHmnt4JeEU0+JC23y+x5qYVzjocQorMCc6hKnUg5UUFWAceeeahn4c9LfjdYrglKyXndx2q3to
yceCf8aOV4srjd4LRa201drFpgtR47ZUgYBa/hoJ0hdksNyd+31wnG/yTU+yBNU2Nt5kvymPXfKi
c4JOeK72tDH4RL34olSfyjP+NS8l+MBXpuNKlN71xdx9/Brhry0NIsrq3QEHBPNKOXQN0ilHXjT9
hus+S2/JSpSST8px5qNNKaOt8eWSpzIQo8Z8U+SGdji8EsaQtlsjNpcLgwPJNFbVyhxGVBopJHnN
aRj2kumwK6havKI6kNPjH8v6VVjrZqePMluNqlKcd3Y+TJq28CUcmegnS246pvTMlyKfTC8kbe9f
Qn4eOkDVvisKXECcY7p5rz+7ukzaSoszpWwRoTCEtN9hzT+lbcdBSlOAB/OtTNI5rlhsFXHP1pvn
3BAQStQNYTeC0MFxuaCDjtmmSdM9XKs4P2rCEe5mjdYGeY96iS2hRyaS/g3XvlxuP+FdcVSozse7
Bp1wqSdhyaPtM6ZW2hKgz/KiyWGtmsyWkhSwRTsiO2hG5SQPH1q0iXobriCnJz9aHZ6yCtSDwPbm
rQP4AbWk38NDdcDn5QckmqWfFTqsPolBx7CE5J571pKXZxSZr0nE+XqIQ92Ug1Ncjcbw44c43Zzn
vSR1JyfSXz2wBx2r5jklcsn730HF2cCRzbCVpypIUE9wT3rRa8jJJ+bx9KFTZrNPtETyFJ+YDhPc
Gk7yAEB1oYGc7atPyeZzJK0iwXwJ2VUm+vTVI+QKx+tfS7pVESm1t4OCEir+nr/MnL5Pgf5M/wDM
S+A0lNJLYyrOT4ptuDCAnJOPt4r2Ej454B+6tB3KCgUC6406mcytJTnA8VrETRCWvdGtBDpLXIBH
Haqm/EHpZ5CX9jeO5BFaRwmJZZBektGyJd9DDrWBn831zVpegHTty3zWHiySnGMn2rnlujR6stBa
dNstQUeghJGACKG9eaQZfStPojCjnGK61H0HOpeor71Z6ZpKHXQ0rHPcf9cVWjqlosQVLWyzjuMg
GsaN4uyNxBMd1TSh+U5Bp1gx3CxkDkHGT/SoZZ0djkdxgjuRSYJW2CknJHOO2aVBeTygpGFAAK48
8VltHqZVtIzyTnH8qA+B0+fG8NYAHH2rKUrUeDyfHNFiOjaHSkDkjsOa1USk5K8DyaKyBhbZWnKg
AkjlPgVqoKUE7XCMADA7UmBwfQSMuABXPGeP50kcaW2Cvkk/4VcWISOI2JIXjOOw4pGtoOKH2OAa
oEJXACoJVznkAVxcSnPGB758UAc3ErAyM59q8e37s/170AYSlIzuPP18VglKR2HNAjKjg7innznz
Xk4OVZPPNAHgnwj7c14DgqSD37UDPIyFcd63QjuoEfY0BRs2gEbQrJ9qcLS1sYkPpQPlTg7aAHzR
2kIVxg/tvVWsm7BaAstpeSwt+RKUPzJaaTgrxkZUpSUDI+bPFWF+Fe99EbFqKO5pbQtxvM4EIYna
oeLhCs8FEdvDSf8A2g4frWnGsik8H1I6KPTZujPxl1mMIcLYSG1o/IMdkpCcJrbSLDH+1pCZp3Z3
/wDZyE8Z5A3A5P8AifNaLE3Rzf0kDf24GpIML4erXYojspIm3FsIRMwVEJBJP6Yr5XWdxpLpLqU7
f+KsZG3FoVR45U5taH154/Wnb8DL9aNHkQ1LSo5AwcLHHapNRzTn9sG3NtKjekkBSHMj69qcDqi/
Own7ImcpMUfIW0rIBTx+lPAh+6YWq43jVsZNitLktYJwhA7nxRrL1RPh9QpFi1vb3Yi0qDTjD7e1
bXv49uataoTdMWaytmjul8qNe7AtEpU5tXqgLKthJO3H3FPHSuNpmS+5e9ZtvJS8StAV2WTjsfan
HQkFOl2rJc9fLdZKzDZVhtlWSlQ89/epARKb1nqb/Z9bjQjNNJWslSk7R4GPFa3n9IynnBv6Gl7R
qj8G7NS7IZCUlCFbgSr2zzxTtrHo/qvXryHrewt6G2MKClABWOApRHYHIFNOvUyO28DFpDp1edPa
nXpye0r8K66tAirUfkUOFA/zqV7honTXSNmLqNllS3Sc+pHBCftjyRwKqKV0/JMpOrQi1BrmHqK/
MvosyQssBBbV8pUrt8v39qZNSWZ6fq+PJkdP5PqlAU2241xtGBuCfOe2R5pvjfhkqXuCvWOzaaMt
mfPsSW5DSgUsrSMA88j60O63g6Ih6acvN206yfUj7FvfKpb+E7R25SoHHP8AOslFpVZspWAGgelG
lupcV19/WDFvajJ3BhXKle33Pio/tuo9TdMNezGNHXUIDTimFPt/+sTnnFZdrUmbN/0ivqFdtVxF
DUb1xWsSU4LiVfNnHOe/fP3oEk2tN0gGTaEs+qFfmKtu7jt9TUutleDFw12qRolWnFWtsO4QlLiB
ygpJJV27885oWgIVMvLDEt9CEKJy6eB57/8AOh0JCxUlzSWp/wAXp6ShO5ojOD8wI+bt2P2pm1hq
O7akvEm5XNwLccO9QHHOP8amw2NTbmxKQrgd9ordKW1ZUpRBSMZJPNAHJx9oY3N8p/iFdG5cH8Y3
IS16iEj50k96AQWaLUm76whx7DEQVlScNrVhJP61fXorplN5jWa2MWZu3SGfmd9N4+i+fJB52qo0
wej6D/DdprSNktMaG7pydIStsOuIllbzW9J/MhJJHH/D/Kp7sGlUal1C0puG2027jJZGwD78Vom6
2YPZZbQXTKPp2CicxJbDpb2AuI4GfII7j+RrWdbZynQ3MccVGdPylknclXuk9sfTzRHCDyK5Lpsc
dMC5PvpBAKFqbUUY8ZKc4/1qNtb6sZkRF291ltSAohL8Y4358H2/lQkDeSNtQ6wuEcspS4txlnCF
xpPy71e/n6YIqG+vmuGmrXIdZgLaQpQUtmOFKKO53BGcj6lOce1XBoiRVLrdqKDPkImwp8wqfQNh
lE5K++Urxzx59u4qQPhas6XWfxLsNovvYSp9ODkVlyOzVLtRM2qbQkW1amJ3qu7eEbu/0qIJYMa5
lNxjpjqJ7hNN3WSU0NepL1Aaa/CP/MhR7o805aM0y7dG2nmEZR3ANRI0iq2TXpHp7IZtqHnWjgDk
4oY6vafitWZ5suEfKec8CjjJlg+fPxQabt1muTsmBPdU7nJS2vGTUDMdVP2LOEeUtYUk/mWcVTXY
6sperAbaZ6ywpGE/jAe3CTT7dOszMaL6aHAcjkJPH86pO2GiMeoHVOTdEqjQF5UvIwk0g6adELpr
65CbcW1LQsg4Gay6jkpdqKiqLodAPhxh2KKytEBKcAHgc1Z/RGjG7VGRhGMePArnhGkDDFlKYrOA
Rx5FJXpqAcbuMc81cgSEcq5Ia+YL570wXS7qByFkD6Vy8jNIoZ5V13lW/wAe1IJE0vEhB7eK14oK
JMnZ6HCdfPqEfTnxT9ZtOF1QUpH61pRDDbTWmUkgrRweMmjO2WVplICU/wAqKB5HNMdDfcHgcY81
6QtpCcqB8nGatbIYyXR9WwrRxn60N3V/0mC2hXJ5OfFaIKIp6yahbg2V0BQHynzXz9+KbVC3PWip
e5UTwD/Sp6t9vCe39A4fvdfD4K2tqKnFeokZX3NapAGWwrP28V8003s/cuNRjxpHlRVt7lJTwfGK
TuJSRuzjPntThgnlj2CVSVpB+UH6VwdQWwdhwgitVlHl8sfJaT4ALel9KwhGQXc596+jPTGIpNqS
fG0CtPprzL9n5z/Jl/nhZ6CCgAk8eDTXdUJUrHOD5z3r2EfJP3GKcyHF7d3ahnULacHd3PmriIjX
XVpQ7Gdwn5vBqtXV/QCb0pxhtg/OeMZ4rV4iL+oB9K9B2m7kHnI5Cgcn681Yrpr09ZtzDSm2cfL+
orBR9WQcsEnQbYiPDSg/mTQ7qiMg5JIKh5rqaM44wRP1DtTU1h1CmgMg5NVe6w6XIkvKUjgcAeKi
XsawyQZdNOoZuC1EHhXYH/Onm02Bt1kJWcE4wnGaxabNTS6WFTTalIT35PHA+9Ds+GqKrKR378/5
UaYHBR+VLYAPkmvYc3FIXuzz9qVCHchJRv8AbyTWAD6ZcwcqHCgMUgOzCkpbSj5h75FaFBKknPB/
i96Y3k3Q0vHq+VHnNclsoA2hHKeD9SKSdA0aLZVguOISc+3OP6UmU2hx0k/mJzgdqpe4hJIZUSTu
PB7DmkK2UlZV3wKpMNCZbBLWSMjwTx/WuCmRt2pSBn6eKYjiWsOE7gOcYFaeid3I4J70BRjZg7tw
+pFYDeeMDPvQFeDcNNn8xBx3GaylojgAD/E0AZMckZJyc8VulnjG0jnnnk0A1WzHoEEHaeexHtW3
4ZxCfl9u2KY6s2S2NuFKHOceKINMwUzLDc2G0j1EoCk844H0oFgZ0OLcWhD8ha0N/lG44TzyB7c8
1Pnwmwb7K1NGkWu0tpjhYCpTn5iMgE5I4x75FVD8kKeEfWzpd+wVaCjRdOzCtQQPVdfSlAzgexOR
9fNP9rscyFd23LUtlxxwBSnyggJJ8HyR/TmtJLtlk5ilX9t4b+7oDTLjoJYYnlTuM/IsoIBJ/wCd
fOOE8UkemT9/P8qxbs6IaH2DcEBGwNIKynAOccU5jVE4vsbkpQIvZeO5+v6Uim/A9acYtmsL1+Ku
ylBRAT+7VtOB7UjkIbtN2esy5SVsNulHrZ8Z703sNEidI7lZ7TdFsv3qVEGPkchqAWM/U8cUTwbP
db1eHneor6nvxBU21LU4AXAkfIk+UnGMA81ekweXkZJ+nGLpfnoCL+pcaG4n0wo7jwPP0HajS+9V
7T/sCxppiyhUlsoSC0nOOfzdvpVRVkSTcj2juq639UwrczbACoH5Xhgc4Gcd6I9eXzUej9atXiXL
VBYmISrGchSRxVxSTsmVWF10vfTVFojXOPNSua986lle45HP6E06dOfiAuka8N2lq+qQyE/IgEHe
Ac55HOCBwauLbXqRn2qWnoI7pf8AU0KYdRXa5Btx4rdCHh8zvkkHwCf606as6iM3CNZ1Tb6mS644
oGP6mQ2kgH9D96uHa5LBDTpoLr/I0tEj2ydaEj8XGLa0+pt2oJ74PcknFTdoiLpzW+kRJ1GlCFx2
HFsoC8hayAoj3TkjHFTVJMTjWysXX5jQF01P6U+I7FUT8p3bQhJAOPvnPPmofu22TrKPZLY3+JgF
vLwQkqSCSQcnHnzSlFrBcW6s5Svh+Tcpar5pW+/gWW1bAjZhKsnGCB254zQFK6XuiLIvd+b9NTai
hOxHDiv+9+nesbtUa3kYouoomnPWYvcf1mcAo9RIWUAnj7gjigKdPTa73JmQIhbivrJbQDkIz4qH
hmiGBD6E3d6VCOUKOdp7JpDK2rlus3AkLQolKkdv0qH7loyy+xtLm/a4kYBVxu/6xTFNWXpTj3AK
zkjmkJow8wtUdLyUjHYlPauSc7tri+BwMUxGHUBbCkcccY/ypXpe1R73IFvdUEhac7R4pPQkH/TD
SE89R4ttsrSUvx/nSRkqdI8AAHmr1/DhervDvDSnLWl+WVpC2mWP3pPspPn70Km7FL2Pof0Niagn
xoU+bp5uShQIQoNFp1o/3SmrO9MNEOOiPdpocRvHCW8qSjHgitP0c7vyS7E1W5YIybYh9tI43LKS
FY+xxxSITZRufrfiHkR3z8zJGUfccZq3SQJCiRqm56fskmMbNGnw05U3Jt5KlNg/8B+YfUAkVDOu
74EyDfESRGYX8oW8orZcX/CFg8pyTjnkGlS8DAHVF+tc+WhUiNseXw5FjqDLg7glOQUqwfBH8uKg
Xq7PRrjXCLDb1gzor4aeVHUUO7T2KkHhQI8j/nT0mxeaAXrf0d1DAhtx3tOF63kbhcoqSpbPBx6g
HAwrscdj38UXfCVZBGtZQi4IUVD5lbgUn6g+9Ytaou7RIfUKySlRHX48kbSM72x+Wq93u6XVd8cY
nSFOJCtoWsVTbqxR3Rvqe1xYkJqLGc9Vx7BCh25qQ+jlqlREMNyHEkDnHvUSxhGlponW3T348AIL
XBGM+9Rf10t1xuVnkKiI2EpOOavjZDPlX8a991rpO+P+nGLrZzkKz/oaqFdepFxulyLj8dSDk5QD
miUto0ir9QR6e1q82hPpOKB8IJp8avWqdQlMO2RnXFK44zgVL5FBWy6sljov8N+otRzGbhqFopBI
PpqBNXR6JfD9DssdrdBA2gY+WuRXySthJ+EWF0tpaJbI6B6AGPaiP1kRk7Uce9bECSdeEbMepgeR
TTMvaEp+Zf8AWs+SWMFxVjdKu4UPlUQD5zTVMk+oflV+grmiu4t0hC/vccxk8+PelVtsrjxyof8A
OuqK8IzYS2uzIRhITn6UTWSzEkZHAqngkMrLbUtISSnkeBxinplDbKeRz96aCzyyRyVYx2pvmygA
olVUhbB69XYNNFCVfzoRvl0KWlAqzuq8USQJ8QWpCxCdBcGQOAPNfPz4g7wuTfVrbe3ZJ+XPeuf6
hKuNI+x/h/Tvk6lz9iMzGWtre2nn79qURYW5OHPz9iK+e7m1k/YY8T7kjaTF9IhKkkA9sdxTbObS
lZ8BXsP8P1prY+eFRoSKSEjLiQCrPdVcXkJQS2SVJIzu962R5HKki4n9n7YPwtlEn5cOq4A9q+hX
Tu3BuzIIJ/L4rb6Wri5e7Z+Y/wAnlfVSQ+Smg20QhXPmmWejevk8V7Gj5XQ0XEJRknihO9H1FqSf
HsasWwE1sUoZWlSCQc+ajCfZWZs5a3Whz281XgljrpbQ8RTqgphIGMjA7/rRvpiytRnCyUEAdvrV
9u2RaY8zoiGGz8v0yDQXqsbVKSUj7eCarQsvRGWsEIIWSU5OSR2qAerFmbfLjoHzd/61m9m0dEM3
DSqVzFkt+e3ilVq0456gSlHng47VFmhtfLD6bSgGxge4wKjzVNodQs4Tj+6QMA0NYAYU4bSU+p8w
GMDtWqNwT8oGB/M/pUsB6SsHcvbjHAIPH2FdU8BDb+4EAkbvvUjRnB2BaFbe4P1rCW9xC0OJUE8D
PBFA2dk7TglzdkZ2+f0rg+NoKlJJyM4BoCVHJSFFxIOc84UTSdXI+VQ25xnmqxZInUgFKmwSQRwK
TOMhCRsUR5yT3psDg9HwdqCAQPFcFxO43EfX3poRydgpySlPHtXFUUJVk8nk580yrMfgwBuKc7vf
tWW42MYHcdqeAwZ/CbRuGOO2ea2DJxgNnkefFIlGW4oSEk4PPk9q6fhefn7dxzQDMmPj82Qcd/Ir
JiAcEYAoDTOZjqTvUlGfrj2p40JZtYXzUDdl0Np6bdJskbRBgMKdcWPfakE/qeKLrJTD62fDNH0/
KMjrX1Y05pBKPmXbm3jcbiP+H8OwFBCvo4tNTT0O6g/CxoW5RbV090prTVk4Y3P3WY1bWFEEfMpL
aXHAn6eomtONZyZyeD6N/Dl1TkXrTjUlrQmnoIdAQlUaOp4I9xvcKgVYHgVJcu5yJA9aQRvXyY6A
G0Z8fKmtpKKlg5k21kqr/a86OuOrfhglyo7rZctr7UrajJKkpPPHtz/Svkm1KUgK2448VzOvBvBt
oXxbknane4kDHg9jS5m5qaBYSU7XB3Uc/ekaDlDlJixNg+VZwQonA/nWWFxW5DipUtWV5OQe9MdU
LLHd/wAPlzKwQflx3IFSBou5X3WikQLKh6ZIQjcG88Z/XzVJNisWR77aGtTDT94grivtObXULThS
fcH35pe/rbTmh9XsqhsJkMLUAW1fTx9KcbWBSrwOGq9UaXvs6Pf7C8IMljcpCm18DJyMg9+fanC7
3S6ayNvuWqNQx1MML2FDYO5C8A8jyPqKtSRPamqOfUVy1uSIarTcVoZCfnCh+XHkAdxk0h03q+Lb
NWRpNykILcR75XFKIBVjj9KHJurJqk8EtK18xq25RZUiSowGSkFLa9oTu5Uee+D4p41m/oq/XqyN
6duSGHC+klaVYK0hOFZB9zitoSSpGTg1lBPq+6xrDdY5fuKtiGUqUN4UEdspIHcj3FSBbviIbu2i
W7NZW0RnHUJYU81x/F+bPfnitISUqZnJbQ/a96S6Pc0bb9SX28uvSXUpyl1YAVjwn68+ajbST/T7
SmsJEHUTDJZWCplZdIKlAYTkjtWc4uaLg33UjXrZ1C0NHsr2n9HxmWVIUj0lN/IraeVfNjkZoP6n
9U+nk/pxH0srSRhzVraX+LbSSkYGD4xjnP61EYXs0azaIK1v0+tLbjd+gy1qiObSW2sfIkn82PAy
KDtezdKrgRkWDCZAWAshWUrHisWjVHFuBZntIuNFLLU0pyhQGSVDJJz4445oe1H0z6h2awQ9Z3vS
U6NbZah6E+Q0oNuHvwe3+tR2lJ0Mz8Jye+RIkJQEJ+XCT55/Smh1lKFhxwEIGdp3d6kGcwXFslST
kJP5Se1cFqATuCwD75/ypgcXni9xkA9tvn/rNEHTVcGNdiqd+8VjhIpS0C2SB0pfkxuoCtVw/wAQ
n8NkhURWHGT4P2q8fwm33WOutWW+5/ilz2VnAdfbIDpHcBxPzJUPY8GhYYpKz6v9DLHIu9rhsqhr
StoAgA5JP/e84+1ThHS2xGEGUlBeQcJZVxuI7fY+2a1hRyys6RNQRisQLrubIJQkrayTnuMHg4p0
lstxWG3GnmHmpCMBLSvTUR7Dx38d6bGhpu2rVBkRoskFsp2tu537uOUc+e3BOfNQzr7VfpynIVwQ
qGHSUrbWj9w7x2VnISrBzjsRzQsKh7BW8WKLcdOFQuKHI7S9xDi8+icfwrGdpGfPGPtUaW2wIma6
H+1jcebIhKIanpy2+po87XcjOUnBGcjyD4qfA/IK/EPdbzb30vBa0JSrYYyXNri+/HBwRjnjnnxR
P8PVoam6eYlxo61PLJUpkgB32wSkdz9QCaJrSJjSVhTq+VKEGTHEEoaUCC2FHcPvVdZNvkTNWvNo
3L+bltXP+VJtdtFx2Pkm4QmoyWXrcG1o4yfFHfRuK3cFBTDhVg+fFRKkh+CaITTqogjhPIHegfqX
HRHZdVLcSMg8KrTjJmUB+MfQsS/OyfRaTuWD2wQa+enVDohfbfqhSYUTPrKOSnPvT5k45ovhd+SU
uhvwhXbUbbcu5RFYUcgEEVanpd8G1vtSm3nLckHjkJxXA0+R2zVy8Fgen3Qm32VtA/CAY7HFSfZt
ORLY0lKQAcdq1iqIscUvNtJJRjApDcrtsBJPamwSB2537copDhOM8A0kaeU8kFYPPbBrmm+59pql
SN1IWPzHnvXJbSQvjH6VpxwSIlkW2uzKdWF+T5NEFutqE8bf5f4Vsl5IH+12hSlhIAyR2FFdns2x
KQU8ip8g9D/GiekgHPNbqSnaeOKfyAklP7UFSlgCh66zFuZS2r7mrBA7c1OOEqUe1B+rpiGI6hu4
SDyacVbBlV/iP1hG9OSFP9gcAGqV67S5dr+tx0gpBzgmvM+p8lvtP17+DfTUuL7jWxgkQRFdSW8h
J7FOaXMxQ6yh9GO/fyfv9K8ez9I4+D1NI0uUdDqFMqSB7EmmWTBWCUfmSntj/WrVGPVcXlCGTFW0
CpWCPcGkTiBn0vUJz5BraNHz3Uw7S+/9n/piQ7pOG880QMA1e7SsP0bUgA+O/auj6Rnjv5Z+S/yR
/wD5kkdZ6RhSd3emSUQgrKjgfzzXsNHzbYw3p8IQcq+2KFrhgtKVjuDlWe1UABa1c2MLVjv4oQt7
SH3lbiM57e9U8CYWWhlqOUr2BPGCMU9wXGW5CPn9zVawRjYunt72CvcOaCdWRVOIUDgEfwmqfsES
MdVRNyFd+CTk1EmvbbvStpCBz2PiodJmkSL7jpsNzFYx8x5I812RYPQAV6JyRyn61m1ku0I75Zf3
OSg5wVdqjnWtlWlrDaEggZ2896ppAiO5kb03jlGec5PmuKGkqIUCD7+/8vaox5HVj2lGzLAcSpRx
8xBrohGTuUQRg4GakesGzOQAUjA75PY1zcASlW1IP6dv+VAzyXEhpJCR7GtHnWlKSpSOB4PegWDm
8kY2bsgnORXJalFP5TkHk57CqqxM5pLa/lSSnPGPOK5KbUrDeRtPGf1paA1MNQVjO4kEnPGa5Oxm
1qwUqwDxVJ2N6NXIW4bwjv2JGcVxVB/iX/D4HfNCaFRhUNtSCCrn+lYMQI4zjHYmi2htGGoSgB8v
B7/866GIrcpSkE8fn7UyTo1GXgoOFDOeRn9KyIwKgoDjthXYD2peWPJquDkYAznkHNdEx9ywlpAy
oYxjP6UPLHYW2/Q2j9IR03PqrKkLkn5m9NQV7JCh3BedIIZT9MFZ9k963v8A1z1k/ZndKaPMbTFj
d4VabAksJeH/ANlc/wB48fqtR+1O6F+WwAW4+78nrqwTnbk4+/0qR+j+pGbG42l9wR2ArDj7pwlZ
8bUcqUefb9aqLyD0fRv4Qeo671CjqZvc5TSSlH4p0lOAR+XbxnjjwBirOW2QmUUOlbaU5PZW4+/2
rqkjj8jJ8TGiP9uOh9109Ltz6WZjKkAuJDaFZB/U/wCFfDPXGlpmjtXT9MS9wVCdU2Ptng1yP8md
ENUMoeebWkoBOO4Ndmrr2QTt2kjk0F6FrN5cIDaXM05QLkx6gTJAWQeKAHyBeoVruDUwR0lKhyM4
5+3injS/VZzTOq5F6szCEB3AU2BwfuPvTQC24amianu8u+X6DsmSyVB1SSPbBB8YpnnXP15oSQXN
qsbkDHP/AEKdiHU/tCayJUO0uq255QnOOaedJaxiW6/tw9TQnQGiR6LoIwT248/5008YHgJ+qetd
HSbe0zYrWll9Sh6aWsjcNoCsgcYJ8CgW1W66y5S0Be0g8JeVg4zwOaTbWxKtCyNrm82f/skZ7e3y
Ug9we3NEOjdV3yz3VjVdzYU4w0rkKPc/r/1xWkZ0FZJJuXWFOqnE3C2wS4pSAn01DaVHsTgcA5p3
0Pd9ZaMhra1TY/SRI3FqQHUqJKedoweCCRkGtIvwZSilleQp1j1scc0Oyzdb3+8S4RtGUq38EEeC
McGgvU/UKQp22aqmBtxlgpUtpByognz+virlyptVoni4+3LFnWDrVa9S2qBddNIUy/HQdzqgBuI+
vt7UJ2n4iC/DkRbxAQp5eSQCCHDt28jtjnxWFUqbNUgPuP8AtQ/YXVRPUVGI2gK5yPp54zQtqBlp
mz/hBZ3m5yNpGQQo8c/p2rOTyUgdhLul7kfhC4prZycg88+1HN36mdQtU6bR0scuLjzOW0htxXyg
NghP6AE0vhjoA9UW2ZptxdonIT66wFpWhRUFhQyCD7YphlRpcbDb7a0YOdqhjNLQCZS/RSUpUcex
pK+4SspS2dnYkdqBGYTYkr9BtsqVwBnz9aUNmdZJqJqCQoE9+38qAJt+GbQt41PqNi8x33GXNwVh
Zwh76Z9/oa+uHwFdKBZLc2f2M1AXLWkOIkIGxKie6VAcZ+/OaSVvJM3gv70j6fK0jhq8Tm3kLO7e
heEkewo51Cm0uXll6LJaW+4MIwrC148exPtmt4nNLJvGlPT4Dqt5AHzYIG7AP909/wBKaNYXx+NG
bVJShIcUEpfQnGxXcBbZ5x9RyDRpjQP6qlxdQvLetU95koKUK9VwLU2QMgKWnuM52r71H2vtNzNW
SQ0uemRKdVtK1oDalYx3B+XPuMfXHmpK0J16dc0vaC3LYA38NrZX8i0YxhXfb385H1FCEKDJYW7f
4jisQtzbcdzGWBySgKxynyAc45FKOVTCWckVfEHarncbYEW+U+uQ8s7mVNLcQUpxghTaSlPJIO4j
tn7Pnw+JvVs0ghLMPYFEkFJwsnHmnPDQQXpCDUT92bQtSm31uuZSpTw7ewqKp9qNova5El5UV5R/
I4nv+tJ5GsaOl4t8dqImY8lKy53UfNFfRa6QoEgssEcnJA8VnJFeMEvLu7iIxVG2lWPmOah3rtqR
xFuWr8btUQfl3Vtxoh52U0613CTOjvLbmEODON9QhoTpffdW6wD92bbdQVZBBxgfao6lzUVXk046
Ln9EOjMKBCZLsVAAAxxU02zRdugMpCWEcc5rCOh3kWegxHBSMcUklSm0JKWxQ2CQ13C7IbRwv9BQ
9dLq68g7TjP1rOTaRcUNbIKiVK5J8U4wmBtycge1RBeS5Ojd9W4+myee/ftSm3wFrUDjdnvmtlSM
95CK1W11xISlGOaJrPpxZUDsyqhvwJBZY9K7PnWnj/GiBmzobSM8fQUJCMvMhs5Pb296RylKCTtG
B7VYDTPUpai2DkDmma4KSkn0lA8YxTWRa0Dl6mJZCtxHHfFQ31k16zaojjTbvHOcGrT7U2dHTcL5
+WMEUm+IXqR+OmvQ47nJ8ioZlNB8lx10KX9D/jXzXVT+5yYZ/R38a6L/AA3RptDW84RI2OJzt8+9
K2G3GQPTVlCh4rkt3TR7sFk0mx0vx0hSvm8kCuDcVKiWF4Kh5zWsWkrMuaPdKkJJ1k3IUj74+tNV
j009edVRbID/AL1wJJA8U5T7YyfsfP8A1Dh+0u4+oXwfaCbsWlokZLQGEJHFWaiNiJFDQx27ds16
/wBM4lx9Oj8J+scv3epk2ILhJGSnPfnBofucg/MgK/lXoaPIGC6hTpAyf1pluYShlTYH5u9CsLsA
NZNbkKRvye/ehO2RAmR8v8qtkyyE8ZCkNpVu4Hil0NKnAFBRyPbzTYL2HmMouxtjye4oZ1SylAWF
ZweKtatErDI31M2nYohzIyaibXjSGSVZ/NwCBUtLJcX5YA3Vtoq9VBGc9k+1dGI7L8TclW1QAKsc
1HizRbEs61B6KUoVngjI81HusrTtSppTRHsfcUNWhoibUsIxnyGknYOAQOT96ZUEI3EZ+h9vpUNI
Y/Ech0YCh2I4JrxQhScICSOTnPY1I9nmmk7AFeR5NcitIJw4M9sZ/wCs0PJWjKsI/fIwD4z2Oa1U
42rAQvk8DJ7+aBa0c3lISvG48HOT3/SuKtjiiogBRORkUxHF04T6gHB471hGU4WAO/KQc4FAjKW+
NwUc/esBsbdwOD9exp/oDYMAL/ISTwATkAV5TAAGVd+cE4JNDeB1R5MQq2rVnGf4e9eU0lSuEhW0
858UmLRsWCkBKR9vasKjADJWee4HgUbYzKWEY/KflwQAccV78NlGQkk/X/KhvIjKWlqWCEjJ4GP8
aI2JLHT6OXIgS5fVpyHCMi3gj+H/AOzfX+D78hqgYMvlyS6qRIccWtZKlOKOSSTk5PvmkzjQAOUb
gew9hRdjODjDSdqwePdPvTzoz8M7c2jJaWoJwAlv5lrP90ef86pZBn0J+ELSmqbxBhPK0/FjNNAB
mGUpLiEnspWSUpJ91HP1q8egFR7aw0Z2pbYZjYPyIP4wpVjvkfIOfOTiutJtUck6TNur1vlak0vL
lXTWcZ5xKMb1Fz5yc8flI4x2zivkH8XHSRiTq64XG24XMDiuW08KGa5OR1I340iu0m3SYsswp6C0
oHlRpPMsSnHN+7JIyFIplDW65LgL2KXn6g96URL2pKgQRnGDg5oB7F7d5L6BueJSOyR4pa1dlJWJ
De3d5yKYBAzqVi6QksuJ+ZOeU9s0iauC4ql4OVA5OMkA+9IGqCCydQ7hamiWXEflI8/qP61idqRq
6uMyWl7XUp2kgk7QBTWA2PUJ5DP4O4R5C3nWzyk4OfcgYp2av9ml3BciY0FAowEKzhPP/nRYUddM
3uBJjSLW1bUPR1EhIXjJ+bIOe+RTzrV/Sh07EOnZBK1EJfQkfIod84PII8+9FWITaL1NbrFc0JQt
DrbhwfUG4eMmt7zqbqRLlSV6cts2bCbSXC5HaU4lrPJOfHatIyBqhm0E5M1tqaLb9RXcxo5XlS1q
Jx/lU29ZLtohOh4mg9Lpa/Et+m60v0wlxsYO4KI/Nk80N26E7RHdosidQrGk7rcEw9qSpUlCt/qf
QCh7qBoqPoq+KjQL+ZbiCkpXgDeD4I9xUt5HQ/aF1i9bLcGrmWhsKilKuQgH82D4JpnvepmNX3L9
7I9ExxsSVncpYKieT+v9KJU1YldglFhetcpUqVcQPmICwcA4PftTf+05MGUZn4tQWngLB+vvUlLY
iv14l3WY3MfeU4pJ/Mo5xjtXK8TTPbbkLX+XPy8kJ80hDUlW4FbgUoeFA+aTKeQsrws/8KhQA66W
gvOzW3WPcDaO+PtUgt6AFz/+jtOQPxdxWnLm4ja1k9yaTwMuD8D3QCSn0EqcbREKcqbkZQpDnnao
fUV9b/hItEqy6QhPWEuyE7fTdUoIV6xA5BKf8wKIZdszm8Ey296XdXZP4l5CENqCkNEEFGfBPfP3
H605pYhOyWhMePrMKxsV87ax75GcGug5rHVXpIaMiKSyopy2+lZUF++SOR/13pkvE0X2xOwZSULK
F4K0AFaOOCFDHP3AzzUvRaV4BGOxCiuJfs8huWHVbXURzglOP7p79gfcc/emq/2q7thu9WqahbKP
yvAEOhIJ+XI8oPYnsDg8VPwNhBaov7VtJM5ppD6W/UQ8hSUpd45yntk/Q1EvVXUjVgZkQ2Up9XlK
5CgUIQMY25znjHt5quNWyZ4RWvWesmLkqRagq5KisyNwlWyQhJaUcdwo/O2QMED2BBzUr9JLiqJa
0JtDa1rKM+o4gDA+n1+lHI6Y4r0jnqW53lxhTEqQ2txRyHByRQHqdm6XFBVdpBcWhOMkYJHg/p2/
lSb8FRVHax2SI/ZizcZn7xI4CjzSXTUqHpu4FDcwLUVcc1Dji2NPOAwTqu4FCno0rgjG0k1EnVfU
02S+8zLTk+2a0TwT5Ks9XYcmdKcVBlLBJzsBPenToDpS7MTkyJhzkjkjmsea00kaxqrLf9PWEMQ0
YRgJTj70VPTdzeEDHjk1nJ0HaNk24ZBG7xTLdLuGEFRWTx5NQ3ZSQPv3dchagnj65rVhkPncokn6
+Kz/ACZpoXNwGgdwSDit3UqKdjZCfqPNaxSSIeRRa7Qp5YKkZz7UV2PTC3NuWuKrBFhfY9LEqSVI
7UZWXTjLSclrvRVgPbFuDaBgEVrKSltBIAyPNUgGyWr1BtH8/em+Wogn/M00DGee8EJVtP35odvE
8MpUd361SwJ5I26iaxj2mG44qRyR2JqpHX3q5tD3/ajnJPesOsn9ris+p/inRPqusRVe93N263ty
fJUVFxRxu5GKQu2qT6xdZUFp8hNfLyl6nR/RvT8K4+NQXgTvx2HJOxSDyMYBrt+IYj/9mW0Rxxn2
qlHyTKSiILo46XSpkYR2wPNehutOyw22ADwOKbpL4MIyf3MjhcI4cALh5HGR5p56F6XavfVKF8g+
Q5J9jU8+OJs4fq8UuGcn7M+nnQ21RoNpjoa7gDt9qkua+UpCAr7Yr6Tpo9vFFH829bLu55MbZaik
Fau+OKZZLanCVkYANdBxDbLiFZWfHih++JDeRkE1SDQBaqTu9Ra/0HvQzDWgS9xVj/OqaxYs2Elu
V+IjlJWCfeu1tZUh8tgcDwKbSrAk3dDo268gbVj8tMWpSXUqVj+tVarAqsANRxW1KW4v+ncVFHUh
pKGVqQ0MDn3pVbLSoiO6XdsOKaUMYOP+dd7Fd23yUKWM+2PrWd4NPI5xm2ncoAPPBxQ1rWzFSloS
OB/13prKDRDWvLd6LhIQcH/CgpaD6hCUjaOCaylsodQlJaCSSkYB5Pb61lLoS0lI4wO4P/KkVR4O
oCMJB5HbNcFOBTp55UBnB7UkglXg3KnWwMO4/wCHOa1cUpsAhWRn370xaOKkqLvyrH9eK5rcPqKS
Enjuc9+KYjnuUokfp7VhKVEJz574puqAys+mdrhIPYbTyRWShJO1CeAP1P1pAdUK2gqJwB2BFeWE
lSSEjnjA/wAqFQHXI9Pakc9yM1htG4gkDPfb4pUBt6Sij5vnSrwfP2rLbTCjuKMcYyKB/s22I2bk
NnvyFdq5rR6owDj257UA6HO1pFki/tVxoKeUMR0k/lI7r/Tx9ftSBxtDxUpxRKied3k/ehsRyVHK
Bykkeec1xfiNb05cI3HnHihMaOC2Rt+XbjscDvT9pK62/SFwZmxo6JMzOd55S39B9e3NaRq7E8lt
/hg6l3m9PtqTKW68lQyiOkhKD4GTxn+p8Crq9F7zZmJCXtTTXHJBUn/syTuPfsQSOf6/SuyMnJUj
knGmTF1FnxNQadR+EZZabab9NlgKU44M8k4/KkE+wGa+dvxVdO3o+o5L6cAEk/auTlVM04njJTjr
vp+ZZ1MXhlo7MlKiU4SRUcManZCcrUUqxgAGpjo2vIlul0hSk52ZI43DzTUVE8p4FUGNmzUh1lwL
bOPYA0vi3EBG13IGMZz2oAcos5bYy06Eg5HPelTc5S+FuZJ53duaAZ3jpUtKzu7c5BPNLESwkJCO
CFDHjBpoND5Z7wbUlJjqLri+7RVzj/Kkf4y5KmuuS1Br1Fk7CPNKvIDjCviLRtbjrIKu596Vf7Ru
2qW0p7Cm1q8nOTQPGzbVGsIT6o8mHHLLick4TsBH6d/vR10r+Jt3Qtgesqbey8h5WcrKkkKHY5H3
qkk8SJeQLjSbhcZL18jvJSMqX6aTjzzz+vas/wC0jontutXBxbgUACpZyPrmhsKOl71HdRITLeuR
C1D8yDgChm4ahuMmQZb01az23KVSvFDN2tU3JQKEPDATjB7VwXdZHzuF0Fajk7TjNAfIpTqdRgfg
9pO4D7DnvSaRefXLaPSTjO7mgBLNuBfWhX5OP4PPmkj0ggnavAHjtSEzylt+hhIwDxXFvY64UJAO
R5NAWHmirXLsdudvsmCrKU5CyO32qWvhjgPIjKv05bbjlxWUll0cLSfr4IpPGw2W66Wanu2mLixZ
9PWxJiEBYeZWFYcA7KR/e9iK+h3wi616gX+yRZAtFllxdoK5EErYmoWB3wkbSSPsa0j2rZlPRNL1
3najeDKn0KdKySh9RjqVnwVjgKH1712062/EursJgSd6h/vDwsKHjHY/pWjlSoySvIsVq2U/HXHu
UtIjufK3c2Ad8ZwHhRxyMEc55HOQRSadHujzqJJuKESkj03CyDhJz+cDtg8ZH5SDmokykqOmnYNr
kPvQ5qRCluZaWuMSktvA5Dqfbjkj9e1PFxsMiUVnZHaccVvcCBt3rHBPA43fTg58VMchJ0JI0K6W
5DrcKBH/AAzwPoyXW8hpfkHx7fSqt/FzqC46VhvR5mnYBnOKcKsvuBvABA4Bwc8kcnzwK14kmzOT
sp50/sT2staRRASht1p45baBQ4MnJSRkj9RV2+mmn12mI1HukKQ0Wm8BtXBVx3rCUu6ZvVKja/5i
4dsTvzvLw4H0jd9/tSC62d8t+o9coj6ik/usjcQa0p6RCfuCaGm4dyMmWoADujPahPUciNDvf7Ta
YGwnPB/ypVgpX4FSeqVrVG9EubFJGOajvVermJ05S5CkOIVkHBzxWqrtwRTsCrrpvTuobikQANw5
45xRz0/0Mq2uNrQgbffHaufkSvBrF2iYdPsKbYSkLxj2p1kOJQ0cq/WuZuixju04Iydx/Q0K3Sa5
IdKQs+3vUORSOEOI+6rgED6mnyFbVBHzHbjnJqoZBnVSU4DaBk0stVndluABOc1tS0QHOmdGpwFu
tnjmjO1aX7YRgYoIwwitdnaY7gE+1PcSIhKAcc+KEqKN3kBHJWATzTVcJKOUjtVV5AaZL2wncfsM
03TXsfMo/oDTSoGD94uJUvYg8fSgTW+p2be0ta3h8vsa0jG2Tfgq/wBe+sjMQulMtIwDhOcVTjqZ
ryXqq6OOhxSmkqPY5rxvqnNntR+xfwL6dUfuyQOx5EeX+dZHjaDzS9g/hjteUQAn3rxY5do/W4yU
VY23V5tx8rhqCVdyR4pCtxDru7eM4x/qa1bptHHN97E8gupdAyffKvFdY7aGk/ik/n9h3NJq6RC/
NyYqXORIZWpYwojFGXw4XNiBrtovuAKUrt9Knk/HJw/VZd/Tz/TPop0V1LGUw0fVHYYwalkOIkgP
BWR9DX03BLu40fzf9Sh9vnkI5ZQt0q+nYU3SVJcwhJ4z4rejz2IJ5SlBwnGO+fahi/LbWopIAVVV
gFsjvW0hDbasL5weDQEi/MR5wSp3Oee+c1TWMitZCnTV8Q8AG158CiyDELh9ZPfvx2ovNBXkWuxP
3XzcnHf3oa1C16e/K/5U0qC1YBajBKl7lY+5qLuoLCBEdRwrIPH1oq3Q6SyV61g4Y09bSsnJ5Sf8
azoueFTvTyontWTw2jXYe2tkKztVlR4OT/yrXVlraVDDqUnkfxd6pCeyGOotnSG17OCOe3NRS8j0
3C2pXJPBTWbLQsDzQaAVnI8E+K1ecBZCx/DjIVx9akdoxub2FbqjxxisK2pPp8AE8HPegdIwhXpq
3Fwgk8cdq844FflOTnPHg/WgRgqO1SSs5I/NnNcSktq/eKzzgY88Uw2YwgAFKx2zuxWFNthScIzn
2PGaTA19L5toX2/KknmvOJW0oq3KUeO1MDrHWCMKUknnlR71kK9TH95PbmikI2LjgTkEYzzg5rdl
SuHFHnPbwmkM3cdS5laU8iuqgjIKjlJ5A5oHvZrtAT8iuR/CR3rtHiuzHmYzaNhUcZznGaEJnS4O
CVK2tDDaE7W0/wDCPc/1/WuTg3BQSSe3y/X70Ma9jUsLQClIzzykntWq2NoU6fygcA0AkJlt7VLS
SNp+YgU8aN0zZJMpM7U85LbKCCW0qIJ+mB8x+w/mKqNWSWn+HLVrN9n2/ROhdJKQXlYaZbTsWvI5
UQk/KkDJJKuwySauN0i0vMs11SqY/GeDZ9MS3n0swx9Uq43J9iM59zXZFpOjm5W0THJu+l7fEbiy
r2qc4RtUi3gpSTjH5lDnv/dqK+u/TjT2urMqPpbTSEOBPzrQCtxR87lnJ/lWPJGxwdFSupvwxWjU
sJ+w3uAWHDwVr4wAfJ8Cqha9+G1Vn1LPYjTENxohcV6aEq4Sk8FJPfPisopo2Ttgi7ouxM79wXwQ
EqCsD74961uGhobsUOwhtP0Pf71RTSsYLlpm525JkOMFTY43J8U37SnhSMgef+hQJ5FEWatl0ZUM
E06xpSto9PgHx9KAFTLzqd6isYPB5xStl8pUhbhAwc4J/wCuKAFv4ktqD7KtxTxXOTcX5h9YqV2A
+X7UAeYU+2QlJ5H905pQ3cV/iUCRuIQfyk5wP+hQh+KHXVOrYeoLczD/AAQQto5StJ+mMDjtxQ+2
84wsYXkE45PI/T9KBbYrh6kkQWlsNuYQocoBzXEX0IG4LwrPcHtmgDjMv63v3TzxO091HNJP2ww2
pWXc47HP9KBGg1DGQVBxzB9geTXdNyjyWv8Af7f+E0DMKmx0tna6ATx3rD0tlG1bb4JI5SD3o0Bk
XBvblSSrOec9qyZDayEHCknzQI3LR9QJRkpPdPfFGHT7pfftSyxIYY/dIIJUrjFJugC3VN2kOajt
mibNsX+HcSXEgZQo5zg/ep60VDtdxDkaPbURXePVjR0bdp7bkj/SplihljuhXTqUzeok2WiI8HUp
9N0pIWeeCoeD/wBZFX9+Hy3ztLwnIN1kLgzfzttqbKUvo7pUMf4irh+RlyYiTFH1C1PSY10C2ZgT
gS2k5Do/4vCh9e4p7sey2QHLh+MZebxlTDnzYHkpHfjyO9bS9kYxyK4emmpklyepSnDt2vNtrytx
J5DgwML459yKWW/T8Vplt2SwgoGUNSEqIbKefPjHsfFZMuxo1pZ4wUbvDVsnxsbUpO1RWOUqHgnw
R2IUcVrf9TOSbFEvlnnBLcnASQoH0V//AFs54znIIUQeB3NaQVZM5O0C83XGqG2pVvtNvjzSoqwx
IdQr1nB3bAUPzeAFY54yOKp38TnVDphrNMywangSLZMaUr0LhbgENqWOFNrQVDatJylYIIzjt3O8
EmnROUyM/ho0C5atetSm7sy/CKgr12SCUj2xjIxxVxLpDWq3IQxc5boCNyEk4WrNckbcmby8AA/F
eZvHrOOuJkJPDD2VEfUmnQ6ft815pxU1W4p/Kfl2/ah5DQx6vskGC0pz9sJSvHKFc1CHUPVjlhKv
wkoPJSe2c4rVRpWKLTAZeuk3Hc5vU2pQx8isZoWmSrq5PLsC4ukE/kWPrUvCtGnwSB05sD1xcRJd
/MTzU16S08WG0lbhVjun2rGWQVJBbCabZTkEDHgea9NkICTlzP8AlWDwUsghqCYCSEq4PjPemyDG
Ml75c88Z9qxq3Ro8LAQW63MtMpJ/rSlSQsbEAjxkV1wXkzbF1m00ucva0jOfNH+k9CemEkt/qaPJ
MmHVs04zGQkFIyadWbcEpwnH+FVoS+BQxGSyPmIAHk13D6kKCU4x70L3ARzppRkGmWU+EqOP0yab
GNsuYE7iMZ+tNE6S4UklRGfGafwL5BTUt6bhx1uLcAGPJquXX3q/GtzLzaJXIBwAcZrS+yLkzo6P
i/xHNGHuUj6vdTXL7dFw0y1KJJ4B4xUeOPONqOQnaTnaRXyvU8n3Jts/pD+O9Cui6OKXkRPvek4p
6KoBSf7vmlLF3VPUUudynHfg1zxXb6j2u+5dpoxFc4K0bgTjJrv+x3AkvJRhR7DPems3Zf2xPL2O
pwo4V2IrZlsw3FMvKBB555zTXgiWPUI7xIZCgWiSr/hNa6bvcixX+PdmZCg4ysHAPjzVckMOKPL5
WuW4PReb4Yupb9+isIafKgUjPerYaeuCl2wBxznHFex9N5fuQo/Bv5N0/wDhuqlE3lSlbQMj2OD3
pHIewdycYA7GvRPmV8jPdri0VH+Ef50LXeduKnjx9DViWyK+ol9DKXEhzJwec96h25akV+0gtpz8
p5x5qptJDjfkO+ntyel7VK3d/Papt0u0h6IFLHceO1ZxfcxtUh0kw0KjnPcf1oS1U0hDSlJA9q1q
1ZCwRhq2Qtp4oUOM9/ao21alTiHCE5JB5PFLyi0vcr11KjmPdVEZAzycfWmLS81ca5JUFec/eon+
TNFolTSxckMjdkAnlOOKIrvaw7AKxnJT3Hg0ll0J/JEvUSwg7wU8+3eoP1RZ3IU07FED2FRLDKWR
CpaA0keM4yfP1rBU0ob8E8579qko8pQSCPUOUjdkea1S4lHKVhQHf70UDweW4PlVuOe+T+tZcdRs
CgCM8ZTxRWLBmyl+Qe/dWe9ZDim8gY8HmgNHFv0lgrUOD3I8/pWgyr5Uk4HntTAw4EtrKkp/5c14
AKQVBXyg9qLEbtqWFDPPjvxXgkg/OeVE5JOMULYHZp1otABXPOQe1atJSg/Oc4GaQ2bg5RuaTwOT
zXYvICNqd3Axg8/emB0aQpSfUQ7jJ/LilcCQYkOTMTkOH92jHgqPJ/ln+dDQM4I+f5MqSU+M96xl
xk4cO5I45pDTayZTgBXpJ4Pt3rDiCltSQe5zzzRoDkY6kDclSd/c5ODRR0N6Pa7649TLV0t6a6Zf
u98vUgR40KOQCtR5JKjwlIAJUpRASkEkgCmssnRbhzqx0o+Fm0H4YPh2uFuv+oXQWdWdR2yXWZzw
VkxISsZMRBAyr/1y05PyhKamDpbc75qu0IkyX5Db5SCVun96Un3TztGfHeuyDSXyc003lknafusi
3ssQLewp9xIwXFdwO5UamDSTUi82lFvtUj5Cna4rIZTyOewz/KlKmrFVPJDvXfpfBiS0yYUVlRUC
VuND5Cfp3z9ySapT8WukIrc39oRI7uXQEvPJOCjb2A8Y8VgbRK/a2bh3bTUG122xxYkkLLhkE7Vu
p7AH6DFA0BTMZ9xhxzf3ykHiiqNdnVy4LnMGMtSA3nGwea63HpxbrjCTJdQGjj+DjApN0OKyCd80
HMtyVGM96qANwz7U2xC6wPw7owOO/c00S8C5lfZBV28mlkZ8ZO5SRz4PigXyKmg6oDD2W1cE5OSK
1ZkJisqKTnwM0BZtEnlG5wjIPjx2rR5xxT3rN4PIwKA8GQpJTudyDgnA5yfH6UmemL9U4JFAhG/M
LI3KWd3t70icu7p4Q6QM/bigYn/GOqHK1Ee+K5rfccyFL79/agKNNysd6U2+Sll9C3lKKAobgOaA
0HF30HBlWFGo7W8peRgpSeUH60xs2tkBLLa/mTyQaGxChuGlBSSNuPY5zXf0jsIYQoDOPmoGw66U
9PE6inpn3NRaitZKlOfKFD6Zov6idWdN6Nsf+ynT5AdlufKt5I/yFKu5iZjoxpGJeoxlXJK27gol
ZXJBwVd8Z7jNW8+G7Rljvl4t0TUMF11a9mySyneMg4wo+COx8dqzdykViqPon0X6HaKDtomTrTvh
v/lkuDKo6gMEBQ7jt8pqe7j0ss8CREhWpxt9hvCWW1KUkhCh8wCuwweQDW0FWznm/AS2rR8qM2mP
cmnEuITlLqh3+/v96cJNhmzl/hmG0pQE4CkD5VjjG76g9leP1qm/JKHK2Pu6XP7FuDQQVD/szqPz
bu42Hz9vv3pXJvttatQv6v3CXz6EtpkZQ054Ups9h747eM5wHFWKexj1JFt5jSWFKjul1j1Gmmz8
rqB/EgkcKHHB4/mDUVy7g7I0ZFDNwSG3gcKStITnJy26MHB7ckdvB8WlWTJO07I96j6ktlx03I0R
fJENNzKMthg+o4UgfJ6ngp5Ayk5GQQpWAKob1h6o3i9axchaxsqp05pwK/aTEpKZQCTs2upV8rxA
+XccOeFEYq2+2BfGsll/hB0xZr/ZWf27H/COR2w5vbbKHCk9spPn65NTpMt8GDLUmzTXnShrClBB
UlHHvXNHOUaSw6BRFidjK/HMTvUcWsg7wcnmnMwA1GfD0RTy0o4W0SR+tPN5HisESdQEXWKFvyS4
lpeUg+BUPa700xKhKDM1DyjyUhXIqsvIYIxlQZ1tk+mxuXg4Ix2p60tEduUoevHzjjkVLeKZVE3d
PNPsRI6HVs4+qe9SFbfTaV8p4x4qWCQ5NZPzYVtpJdHi2ydg+hrlnkuIIXh5C3cqXwDwc163S221
DYRU8cc2ynofYLy30hKATRJYNNvTVgqbODXRZDJH0potqO2j93yeSSKOLVY247WQ2ATTVJEZHFEZ
LeDjmt0s7s5NMPJzeZ3c7v096TPu+mOFUxjZcHkJR6izkn2plnS9uSVfypj+Boky0/M4rOfrTHfb
60w2t5xwJAq4ruZnKkiA+uHWWHbI7rTUsDGckGqL/EB1xXc5rkWHOKiSeyu9c31Hm+3DtR9l/EPp
3+J6hTfghKLNmy5CpMgqJJJIJ7/rXSVeiv5AjB7c9s18w5W7P37hb4uFRYgC1sKUv+8OadLfFDiE
vgBP61IcKtjhCQ6olopAGeyqWKStGAVbtvBIyRVqSvB2O1HI13YpL37ggEjBxSFTynlegTnBq/Nn
FzvuwJH2nUPYK9+P4s+K722wSrpMTFgsrW86QAE+ambqzgUVFOTLr/Bf0ou2kLKj9qlRW6dxSfH0
q2liiOtxAp1eMDjNen9Hg1xOb8n4V/LOqXU9fKUdHV5C1LIHI+9JZ6ghJT+mQa9hHyrdbBq7SMEk
OBPH5T4oM1PdClCkJcwe3BqkqyxkR9R33Ht5bUR9fFAMbSr0p4OkfxZ+9Kauik7JK6bWJ5hwNuox
kDipk0tHWlpKFHHuM81MMNky0PMplZQSk9x2oW1SwHUKSnggZwM1qngnbsiPXMdSH1q7AVGupwFh
aQrtySDyaXk02skEdZ2MrK0HkHk++aArBId/HJQXM47kVPJhlomnp2tEyGjPkdz5NHrUIuwihIPP
b3FTHDJkyOeodj2qcKQQT7cVBWvbGW3lupAwOCPNEkWgBLjalfn/AC+c8fbFYW6lTZCUpBB81CQz
zamzjOTu4xWCrYkgN9+cGkhmfUUpBBTg/XmtlqaSkNoUQc5x7/pQIyp4hXynAI74rUq4CfB7nOad
AYCUpIOPH9Kz8ykoChx9eaRS0c1EJVlGCTzivOJShWfXHBwMDtQSdMoPcnA/u+a8AhS8kjOOMjmg
DUpwAhAUMjg5rYud1p5BPJNO7YM6IK0cbsit2VOBe5IGM8n/AK70gOwUjb8xHJHIJ5rqh4uNBlJw
N2cE8Z+lAzyGioHKU7U+TnP9K6lAQNu4AUmUkc0IIBcV3PG0/wCdbv4DQdUOR9ck/pTBLDMw4D02
U3Eix3HHHCEoQlG4qJPAAHc58VaDqBPX8APSqb8P2lpbcfq7rOEEazuzfLumIToCk2dpY5S84kpV
JIOQCln/AOuVcaWzOWcAD0Gsv7DWu7KkMxkuHBlSeFLOPyI9vqQMgeatT8P91ky7q1bDc1OlfzIA
bOCr/hQnzjgZP+tb8Txkz5EyxmmLBO1BONisNuLkh1X75LX5mz53K/KnHnJwKlO02SwaOtqIbVy/
bc7JSYsUqRDaH1d4W4r7BKeP4qeiErG3XyX9W2RSpdrLjjCC0002PTbbx3OBzn74qrXVjpQxqeLL
03PgJV6yCpZRzj3JNYSWcGkdFEPiU6cTtO3wxGmPwrEVnDK1E5fTn8w481D0AgLU04MlOQc0I0sc
YbLSyHHtqkN/MU7sGnZm9xn46m3X9ydwSnjHHihqyo0nkY5z5DDzJfVuycEeaYZDba1l0HnvgChC
ls2XF2tpdR2JxtPGK8yQhRCBnzwe1VXkXybh2QobUK4I/Wtys5KFOZWnkCkLZoy6Wl4Kk4Pn612U
6CspS5gY55wKB+DjJWHE4cBBV3z2ri42tDXqbTx296BCBu3zrg6ppoAlZ7e1dkaNuikFXGE4Bx5o
HQsa6fXB5aUCQ2ErPBznNOkXo9LdQVPTUgnxnt+lJuhUL7J0OVcXksvXBScnHb+tXg+Ej+xi+HHr
dZF33qL8aNosUddvckNtoilT6JCc7W1gqAKTjJ53YxgE8VpCLn+Ksjln2KyEdbfBZ1b6Z6bv+uOm
8yFfNMWh0MPvqeQhxfYEpaJ3EAqAJGe9VtuUqZbZhRNtrsUrJGxYI/SiSptDTvIpiXa1LAcfeO0Z
4yeacm9Z6etxK40H1VZ7qqChcdS9Q9RW1btuZcYhIOF7E7Rg0adIukkafaf2/eX3Y88uZjuKIU26
B3H/AAqocqWASLH9IdJnUV7Qm/RN7iihJW4MJUAe+avT0V+FJUcNXjT1teiO7kOJZC1bVDypKu/b
9foaxqmEqRe7p1pu2jTqLZcG0sfKCh0DAbX5B+hp4szf4O4rsr8SR6jR+V31APl9iOx5/wCvNdUV
SOR5ZIVv/FR2PwzDa5LaW/VWgHlSf7yfqPI7/evM3vTrzg/AIQ6Fq2OI3emtk48j6+4x70KFicjv
qGz22Xb0tTg96aQFggZKT7qI7KGAcjggZ96jzU2qIyHno13nhudH+Ra8jLqCcBRPZaefI8iqjH2E
37jNq/Ws3TNqbts2A2qA6hwNTIR2hpZRwUnHCgfzJPBSokVCd/kqTHEMTPQnIJbd9MKDbiT+RSh2
VzxuTnx3q7SWBJZGG+6Ki3TSCP2g+th9kKDDscBwOBWd8dQUAkpVycE8EnwTVUurXQrSc3XG+XrG
K0+tSXgh4n1wUp5bWnkkgAAK3Z4GSe9ZtNxdG0XTplmPhkjjTunokBfqvPODCHVgZGf8OPrR1qi5
XHRqHmxPBU8oEhoZwD4z2zUwwhSVvJi0CG1aPxkqZ60l5GQhw5waaZur7rb2TGiyo7a2x+RacBQ+
9Ne4aIr61axW9DL14djx0qTgFpRKSfrVanbpfLPenpZnh2K8ThYUSBmqknFWio7o5s3r8RJUHvmC
j+YDtUg6At0Z1bcgEDGDyOazlll6RK+n3WkMIT3PuPFE1s/erA38fzqJISHsbENDsKYNUXdplpSU
q7+1YSii0A0+6OPu+m2c84wKdtO2WdOKRs4VzWcH4KZJ+iun77oQVtZz7jtUp6a0IxEaSp1HIHet
ombYVW+zsR0glPIFLitpPG0f4VrRFGPVSlXzHJNYL4SOc49waY9CKVLIO9R4HtTfKmBWR4+9Axqn
yVKV86j/AN0UxXWalGVKVtA+tUkJ4Ba/aoZjNKUpwDA81B3XHrvBs1veaYlp4Bzz3rfjXau4hruw
US+Iz4mVzXnrbBuGXVE8JPioItb8y8TVT7i8olXYE5NeB9Tn3Oj9f/gvTxpSHR6M+22FoG5PsMik
cgpkAFH5j9exrx6Xg/V5w7cM9HS0sJakAk5xg/405NuKYH7v8vBwPpTJgklaFCbmZbXqbiFpGAlN
bJupdYX/AOr2gZ55oiknZcuSxCtas+ohwrJySSa1bj/IVK2/eqWXk5pptWzpDtolOekUn51cY7mr
FfDH0AdmvM3mfDOFEKG/OQKiafJJcaPn/r3WroOjlK8suv020FHtcRvDGAgDx3ozVHVjYAMeB7V9
Rwca4uNRP586vnfNyuRzdZSFZ8AU0XhaEApQT9/et47ORv3ALV98hwEq3PhJHuaifU/UGO9JWww4
OOM5rVxpZBNMGJkpi8uEFzdjBO73p+sGm25CEq2DGM8mlPLQLToNLJYkRpCFJRgZ5PvR7Y4PphIS
kgEVn/UU9ZHR9hBSEjI+tDWpYY2qKOc8faqS8CWMkP8AUSMtO7ACj/hUTagbUVLBJB5xg9qUnk1o
hXrBG+RRCfr3/rUV2ZSXbv6f8SVDG6p5cZZUVjBPnSqKhbKU47jyakhln00bVdhx3pJESwwT1zbG
nYyi2hSiR/0ag7qDZ2wp0bBz/c81cliyo4wQTlZXhShn2ycGsqO0jeee/HesbaLNspbUdw7H3+lZ
Cyp5XzEH+6B2ood4owkBZC1Oc8jI7Vla07hsSFI85Oc0gMFxOUlAO4jz7VlS9i8kEE8nnAp2IwXV
42hPJGMewr2EubVDdgjGBQM8UpQkrPnjGfrWTu3gqRlIxxQGjyVqUfz484J4rxSoPJWSBnkgE4o0
I2y4RhXASewHitQUoWMIGQcc+aQzdKyFYJwT2BORWyXQ2naMnzycEHNAjsjJGUoJ5zxXh8jg2qPf
dj7e9AxQy4VgpD20k+OeP5VnhaCou7ie5xigb9zda1K5KuAMk14oSWthG32pV7DWWWV+DK0Wb4ft
A33499c2mLKOkZKLbo22z0b2rnqFxG9pZQeFtQ2wZKxyCoMJP56gGTPv/UPWEnUGobzIlXO5yHJU
u4yllTjri1Fbji1eSVEkn3JptZElYZaW1BLv18iw4jcSHbYIDLTjysBXPzLI7lRPPAq9nSfTD+hd
FQ9SLmM/tW6MIcjhKRvgRj+V8gfxuYPpp77cq8pNdPH7mHJol3QGqWI8BKX3xGiAf/ibR3F5Q7Fz
byo/8I4H1PNTT0vgztUW2TKg2vhCdxcfWEJQnPnHk9gkEn6VrKksmKVDhfdFXVdtTK1TJdj28D90
2ghPq89kIHc+5JA989qhrqhZ7W424zBhhhs5BbQnCDnyVd1H+ntXMzeKIB6nfDZD67WWXp5UNKXA
2Usyg2Sf0PgeOK+cnWPoxrXojrCTYdVWl1gIdUhJWkhKsKIGD5qU/BV5oHI0pC3g65uIP8KPH0rk
/JcaOfU7kkk/4VRTyIXHnN213ncc7s9q2LSQ2SpWFf4/elYM0ylDSnEO5AzgZ+vtXNUlCgQlOM+1
OxUeCuRtOAO/fmsyEbFFajyP4h/jQCMFGUhQPf3NYcWhHIIyO3NAGqVuKc5GCfJ9qWfhvmwSFDH5
T3FA/OBRDQm2uhW0nJ4SeMU7Wy4pjPqwkKSv+Ajt/ShoGxxaiSG3TIS2lIHOCqnvTVxtsx5bMtam
14wCk+aCmsWFFgsF1n3NqzQSy44+ch3f8oqWdLaT6jdMrcjUFwdQuEv53UxXt5AHhSf9K04Zdjsi
aTwEnxG9RuhNw0lZ3uia71bpq2h+1YkqUXGZDvHzhOODnPA47VAMPRcbqPqFM6+IbLTCdyt6c5Hv
T5M72TEZer3RzRFvcYmWVSG96eUN+f0pp0L0hs0qYqHcGkhx1P7gu/kWo9gT4+/1rFuikHVl6V6o
0lfV6U1XFdjqZSFx8Hc26CMjkdxUt9NekLl0iblpbQhzlKc5ST/kQazll4K1stz8KXQXUEn0VJhR
H24pCXoTiQpx1vGdw/vJNfSvoZ0NTZ9IQrzp2U05BDYLsSQo5Z9tufHjmnFeDKbDiLbIjdx9QFxK
R8rjRTlSD9vIpWbDHmzVBbCVvhBDawSkLA/h4+vY+DXS1WDm8WKBennnYsyLcUpa/wB0tLgCdhwe
FDulYI/X60w324ftASXGHUOPpPyFGAtKsY/+2+/BHetIpENjUjW9+tMb0JL5ZeZzvW2rBaA/i54K
ee3j7UD65vNvcnpvLUgOOxkqStDRIS6CMBQ9kK7EZ+U/Q07FgG/2zq7UGn1afcekILSg3Jblj5FN
k5ZcGOcgEpyPYfWt1aZZt1nYhamUlSyhbfpqGFfLzlCsHCsAHHn2NZTak6RqlWQF13ZnXbI5E0/Y
23A6gvB+RL3sv8j5UpIwknPnKeecZFQVpDRGjOp2u/xCpUu2JbcLUj8dnY26DgYGCQOCOe2KHfbR
UcMn6w9OUaaZ/C2mSkNNYPqsvZQr6gng/anHqHebIuyRbWyXJi0KylWdpSfp+tKMauwvupjbCuNz
g21K/wAEopVkcqBOPr7VH3WC6mLYFyWQ436mSFocztP2qoKwdJlWNR6k6ii5ybBfrgHoMnPpvKPA
+h9qDbm7e9PNG3uSd7eTtC+QftWc5SezSKSZ30uJS30LU5lC/HsamTQb6o7KORux47VCfkuiSLDK
dUpKCMDPGKNbIMt7lK/maWxaF8y4NtsFIGcDtQXqS4rkuKSnGf51lyUkUjnpmwruMkFxGcntUw6D
0GFbFKaHbuRWHElY5uyV9M6fiQ20gtjgc0SNtMBG0KAHvXZFUYnnXm0cJX2+tcTJQokp9qB4OZeB
yd2MVzVK2pKcjH+FNB5EMqQST82BSGVJRjag8eapC8DLdbmllJ2q5+tBGq9TNwWFuvvAd/PetIR8
IlvyyvfW3r5FtMd1tuUEgA8g1Rj4lPidcfU7BgTit0nGEngVpyPtXaiuJeWVWuF8ud31AidLkkqW
52yakLS6ZEtoPNjuBXgfU401Jn6p/wDT/llPkfGPciUuMn0FowMfn8U3OtKbX6rGCAT3rxo3eT9h
528JbNm0et8xVg/1ru1KcaTleMjwfP1pp+DJNpWeW4+0oKY9uc15t1LjAyPmJOeeDTWhPDo2bccQ
6W1/lWPfit8KRhLJGc8jPbmnZE5Os+Ccfh56ATtUzGb1d4aykkFKD/nV4ekvSlq1wWmUxwkDyK6v
p3F92f3j8e/mv1b7vI+CLwiUmYDUGOllpHypGMfWuD604JyftnGK+iS8H5lN3karldY7CCpTgA8C
gDXHUaBaGXMvpB7AZ71vCNmb8FZet3xCxLYpxRuKQACQM9qr418SrMqct0yiSXMHJ7c0uWVs6IRw
SP096mN3bLjsgA55JOMipr0dqOM7FbWHchafB5qE02ZuPaSNYpsZ9lK23EnznNG1jcDrQUlXjGaT
3Y78DqplBj/kHvQvqNWG1pSAPoe9UhEO9QUuBbm3Pmol1FFcXIXg4+velIuPkiDrBE9COp1WMY5z
3NQnCeSm+ZQscqyQeDU8mi4lgOkspammQpIwfrUqoThnAVntUrQpZwMepIaH4yhyTzhIPNQvr617
VOIUkHJwR5rXxkFsrPvCyGyPmTyTW6UoDoKhu8muY1MPKUEl4DAzjKfNaJU0pRUsgZ8imhN5PJUV
DnbnB+VXavA70gd1dyaQGwUlDgJRg+yjXlL9RO1RBOcjFNDM4cRgL4HfPJzWoCFIGxRznPHB70gM
HaVEEblf8XtXQFJ78Y4xnGab0BgNLV8wASDztrcKStwAAkmgXweHCFBaQeeFA1ojIc+ZZ49/FIZg
OJUsJSsffFdUNp3Zczk85zTEdG9qkH94rg/9ZrySoYKhtPcHxRY2js0hSzk7RnkYrs2Q2koSD37c
0gryY3p2FLhwe1OWmbPP1FeI2n7RBXJkzXkMsxmuVOrWQlKQO+SSAPvTStjTomf42td2uHedPfC7
omalenOlENdrU4wrc3Puzit9ymexKnwGkn/63GbqKYbJsuj3b0pr99PUWWscFKB+Y/4CiWHkUFjB
JvwX9LbBqnV1w6idQopXpbR7CbhcW0/mnOKWER4aM/xvunH0Qh1X8NW8ka4a1Ol+6qnsPSpZ9VxL
boWgLUBhOEjalKQAkJ8JAHiujjwrMOR+CRvh30Q3qSe9qe/zltWm1AKlXmacR4oP5W2mhj1HVY+V
OcnBJwATVjunXVe1apmpsmn0Px7e2VGNao5CUp4HzvOj8yjzx2GcAea1ru2ZfCDHWEW53GElx5mK
/IOEBsv4aaz2BwM/ZIGT7eaAOoHSG92u0uTpRbkzFYHohlR2Z5A2d/54rmnh4Noe4G2XT1000tNw
1I0uGy/8iAsBKnPYAeE5qrf9oB8PsrrHbE3SAwhH7KUpSUY+VzcRvUVfp96ltPRdVk+cOtNE37Qd
zVEmwlobHKVLyPtTQoomNFClJKkj8vvTLEim/mTlZSByB5rqXGXGizgkg8Kzn60xN0Jm2pCXC0lI
+Y/xeK6NwC42fT54/wCjQJ/BgWx5vaFpVg+e+PrWk0Nu4DKilOOxHegNHaBEZfiFtxWF4yCeKTSb
c8x+VQORjcD+tAI1j4CgFDt49/8AlS71W/VQo/PjunPegDup0PqS42pQOc8eB/nSiJMUlzO5IIOS
Pf8A6/yoBDqxqJSWlqkYWtYCUkn+tKLZOYiMer6gJV/ePagaJk+HPXnS+wIuDHUHTIuAlI2sPbiF
MEeQfB+tSb8Y/wAVPSXqenSLHSvppb9PKscH8HPXBUQm4dtqlpAAJHPJyeeSeK6ONR7W2zGafcmi
AZF5t61PyVubg4rcltCuB9KNNItF21x4RQ1EdloIQtR/OD9f1rH8maPGBu1D07TItMuUb0l2TBeL
bkU/l2+4P6f1p3semrJpyLb75Mw7HJCFx3Tjk+PfHtSf5DrBJloh6i1A8ypEUqMZO5tLw3eq3nsF
farXfC50CjatYaub8Ba2G9q3DHwVtpJxu2kfOkeR3rK1doHgul0o6XWLojd45uEUNMyHEpDyvmjA
q7d/yZ7YNWE0/PasLIlWZ38GvshLastlJ7jB7j3BrfjjWWcvJL2F0iba7s8ptiZ+CuqQFbUE/vB4
KR9Pp3FKLPqGymM7btRIWzNT87MtpWFEjjPHCgffg+D2rXtt0jLSsGtc3pUMOXG2XZLkgkJ4TgKz
2Ch5GeOee1R9dL7+JWm6wjJhzG/mcjJ+cnB+ZI5GSO6fPB+1GYjpM0XdbpfI3rS3HT+HUUOFHJ2k
5HOOe+R9OCO1awYDUCeiJdHW5TTwKkqc5SVD+H7KBxj6/apbt0h0lsS3CSxpfYqVj9ny2wmLMSnJ
AJ/3SyPbGMEA+1NHVPWUXT1vH4VQuqGwlxSluAONcbgV+QRxhQ59++aqEbeRN2ir3XrrijqFa5Fp
tTwhXRIC24S3g23JPbcNoAQsDj5eD3HJxW/wyac1Zpue1c9bPqkruCSn8S46lZdx234P5hnvjkc0
uZ1UEawXpbZZO1RL1abRMnCK7KK8bEjaWx7Dbj+oqMtcRrpMlNXKQsH1CSptv5dnPiobwNUN0G4q
hx3bnGcmraQClxtwEgD7VBHXHWjc5bi9L3hwOkkKYOQn+RqoOldjog6zam1GiY+NTPLG5RwFZII+
1aXDUsNxCoc5HqJPLagf6VjJ92Wa9qHLSQ9NSFtL3MnBTu8VL+im1upbxnj2qI0tD8kqaTt68J+Y
0YxGPTb+TuPagl7E1zWpTZSPbtTD+zlyZJP1xzXPzt0XEO+n+nU70OFPb3qX9MwmmG0geB39qXCv
JM/YJ4j3pt43Y9sUoMkAApVnNdOSK8ngS4nKl/Xg1sVtIyN2TVbEjg88kDOf60ickJGStfI+vamM
b50/OcEAH2NN0y6BKVJSrv5zVIhgjrDVESzR1vyXcqAyBntVaOvHXhiE08BNCUp/4sZrq449kXJk
PLKD/Ev8Tb1zmPWmzyVKUSQVJVkVX2RNm3WUudPdUtaufm5rmk+5nSkksDa20FXthpsfx84Pf9Kk
7T1skMx0OpcwVD8oPFeN9UllI/Uf/pzwOc5zXuOrmx9BYfyHEjAz/hSVDP4dWxfmvGhR+ycqymzD
zAbX67RGfJFZCG5XJPOAKpIwdJ0aIdCDsdAB+/FeePpIyhQGfGf6UeSHL04PR5a5v7gIII4Hv/Op
J+HnpJcdb6nakSopMVpQ+ZQ/OQajlfp7Y7PK+o9V9jpZ9Q3pH0B6LdKYdrZZbbjDgAdqm622uNbI
oQgBIHf3NfS9Hwri40kfzr9T6p9RzykxNdLpEitEqI4GeexoUvWqm2kqQXUj9ea70sWeY3ZFXU/q
7DscZeJgyM4Ge1VF6+fFlEtiH0Nz8upz5zzW7fYghHuZTjqz17vGrZTizcFYUongnAFBVo1lNjvb
3HVcq5Oa5W7ydKwTN0r6sutw1Ork5G7aATirK9L+sDU+3stfihkAA5Pekn5InGyeun2tm5rLbaXe
/bJqZtDz0PR0oUc55FFmbVBO8pKWT7GgrUzh+YBZ5OD9K0wiY2yK9dR1gqJUSc96izUe7Likoxk8
j2pS2jRfJDfWdYFuWnske/tVdDc24l/CUrGd3CTn/Gly6waRLEdG5P4iO0vHPHGammGCYSVpyeMA
1nG2iGkpDNeULLqk7/FRd1CtmFOIUeFeP8q1WVQRwVNSAogqOSOQe5x969sKlAp+VR71zm2zVWAl
acY989q1QtCQFY7+M8D60AZBbW2QCOTyK8stbAptWT34NPIYNm0J3b9wP+VYKEOEpxjNAHgrKMEk
J7fNWQ2tKcBWM+KBHvT2qTkk5z27YrZKU7wlCMj6HFFgdEpT3WM98ZrBZUhaQFY3eKQzCWylAGcY
571zwgg+kMJB7EdzT8hg2DJUkq+UHOMCs7TvwlPbgCkHg3BV8zgRjb3x2+1bELSQ4nuKAOjawT+d
QJHG2uiVOKKlbwpJHbtQNGQNykhK8cdwalX4YLgzoG+3nrjMipWdF29c6ClasBVwc/cQ8/8AcedD
uPZg04h4I0/eTJRdcdWt11XzPKJKnCT3JPknufrT7rNos3RjTjaxsgNIbI8JURlR/mamrwUkiXuq
13X0d6daM+Gu1srTOcS3qbUiG+FuTJTQ/CR1H/7DEUk7T2XKdqxHwzC36vip07IuohRrE2Fz1KG9
pkDvg/xHPAA7qOK6o1LByzuKsmjX+tU6gZg6b05HTb7Hasm32hA3eqpX5nnVAYU4ccknjhI4FL+m
2p5j1zahqvbTLSSNzjIKgf8AhAT/AID9SK2XpMquy3vQ5+0ahTGuVkU6w7GaBdu9x2uSCnGFJjtj
5GU4/jxuPYFXJqY77ovSx0mzPuzDsCAtZca/EOAvTlHkEI74Iwcq5OfasOVOzSDpUVa6u6R1FcNT
3F666KltKjELblzCcFs8oI7JSk8fSomvFr/DsPquLKX5s4empGMojg9wnPGfrWCpujor0kG9bPgq
s3xJabl2/TtmjR50JsrRNJ2JbbRlS1lX2H3NfP3qf8JXVDppFZukyxv/AIeQpXouAZK0DsvHtihO
nQaI1uVslR3xGloOR5IP864RY2x3BQVpV/dzVoXkJrFoKVcIRmKaSsH5k7fzD6EU7WvpHqCW0mS1
EcUFg4CgR/0aYqOd86eXixM+lJjlaB2JB7/60Jy7BIYfIdjHb32pHagRl/TVwjxRI9NQAOMH3xmu
LUV0pCHQRu596BrBymQQ2A4ho/oeab1LdSv1F44PP1oAX/tBCmENKaCSk8lPFa/KHNwUnjnv3+lD
Hs7plFLYK+yR9v0pfb1pfUFqBCRx3oEO37XfYS3GS1hscpX27VyuV9acaLjihhX909vrTsdCe33w
svNBWCG1biknvUudPE3zWDwNigh9KEgqbzyge4/68Urolk9WLoezB05JckLS7Jnj1Etq75xgj/nS
XRvSaQ/df9lbgw7IYWMBtY5H1T74/nUt2CwWQ6NfDhqdnT5/Axm5ohkLQy4nctKM/Nz32/b+VXf+
H/pBt6dJmwoqIlyt6NwZ24KQecE+QfekqukTJ4JStWnVaktjv7XWH2X0bXIUlsLCQO+4d8Z++OCK
ftJB6FAGlhcx6KAExVyklRGP4Vq7/TNdXwcrYomTIN4cjtSWzBnQlKDQTncCPAP1HjntmmjVV33K
eRIjSF+X1Y3BOezifpzhXt3p6Yt4GGEi7SZb6MultaeUufMHAex+oI4P1GaWDTUR9pm8XD1UBQKf
XIOFqB43E9j2Bz5GfJzMn3MpYVsfHLvaLr6LkO0ogF1n8O8hTKgy+oDgqx+VRI4+oI9qFr5YrlOi
P24xVhLTvrMvFQOxQHKdw/hOD9R3GRnDiu0m35B66TI+vIUhcJR/EFosPwXyktugflVuGMKSeN47
8cZFVo1z1gaudouOlLVJdamxtwjvFzY82UnK2F8cKTytChwRvHjFaJUJK7IQ09aWtQ9QWLtqCE+Z
DSyJEc5AcRn86cfLnkEpzyD2q3L0DRFq0lBnW8KaLSkOo9RskHwRvxxxnvXO/VJtm79KVBj+2rVf
rA9FttwnR8tgtNBBKdwH97vg1F1/1PLtRftqiXX+yUqGTn9e1X4IRH2vus11j6XfWlpa3GsodYaw
hePrVeL91cRJfC32ilDq/kbdHINEmqNoxrIP9QZkbVVu3Wd1LE9kZLauyxUZxL9LU6Yc5O1aFdlZ
z/KuaezVIkrpxdElaEqWClzg/Spz0G+hvY1lPHapiEiXNNymi0EBIz5NFMNC3kJUBkfQ1bwRRmdb
0hG49/vSaJa0rkhJxgcfeubkWCkw80lDbZKEj3o+tUpttsYPJHg1cFRMh2iy1OpxwP6V2Q7t+YrG
K1WRPBsZZSnYCcHyK1XMbR/GT+tWToTrmpVySRn3NJJcpCUkhXfzVJWJjBcrsloKUVcDnvQbqnqR
Gs7K1lwZA/MTWnHHOSXbwitXXz4iW7cy8+ueNqQeSrFUG+IT4oLrq26vWy0SVBlJIKs/mo5eVSdI
6/8ADy44psg5xp24PLlSVFSld8981s+lqLHwrjx37/Ss4kPBz0Xb13e/KeSQduNpJ81LOnbXLiMj
a4CDzjxXz31OXdy17H7V/wDTnpe3p/u+7YqnQvxKlONfmHJ8UlcjhxoNOJO4HOPb7V58UfpnIvU7
ES21sLIURtPc5rR5BQd7KvH5TmnlnNNYo4KdQ4godJC/BNJpLjrI2E8J/i81SXk5OWdLA9aS08/q
e/RrZA3ErUBke1X2+GHo1GslsjhEcAgDKiOc0+Dj+7zpex8P/M+u/wAP0v215LRaXtLdoiJSkAKx
g0puNwU00XHHOAPB719VFdqPxGTt2R1rnXLUBCyXgMe5qEuonXVi2tuITJBWR7108azkyldFTPiJ
+JF5mPJ2Tsk5HB4NU411r686pluSHn1bSeOck1PNJN4NuOPagVdcWrlROV/qc1s2Vep8qsYV457V
iahLpO9vW9SU+ruO7sR2+tTJ081dKirbbakFPYZH3pawJlouimsZbvpNqc74OO9Wy6YTVPxGnCrl
Q89xUReTOWg7lOpTHCkK5x2oM1JIWdw25Oa3rGTNOiONZYUle4HOfy+KiXVmxDjiEo+9E9WXBbIY
6wpKoSy2rPnk9vpVZNQIeY1EhwLKfnHHIpT0aJFlOhGXoDXcHjIJ7fSp3tbeYPp+oTge3as4fiiJ
LORkvaB+IKivB+nBoI17bQ+k7CMgc1pHYt6ZTJLTQBaRzgZCu2a96SsktjAHfP0/SsDfZ70t+cpC
QfbxXItlDoTkqBz28/pQgZhBbyEbUlOeCa6qCPTCtoHPtiix+DVCVIwoZIP+teWVBzCkd/Y/9cU3
RNG21W3gD757VunhSSEfKkUqKRoFH5irbk5APPFbNtZRs8+M0COjLJSQlChux/D5FY9NSdwSrPPC
RTsDxCgkeqMFRyQOK5PI2gK3Ajt7mk9iPM8BJKtoTkj61vla8kAHHgUMabqjRRAOwFW48/b/AFrZ
rarKc4A/vHimI3ThPA7nGQSa7NqVlShg4GE8d6Q9GWcBZWgAHHJ9+KM7zId090btdoKSleoZ7twc
URjc1HHotD7eot8/dNNIBo0Xb/2nqm3RVrJBdC1jvwOT/hUjfDNoiz9XPiKgQtVOJ/YjMl263h50
8IgRULkyCT4BZZUn7qFKOWN4Ec3Wt96odR9Sdd7/AA/Uud8uLj8eLtzulPrJQ2lPs2CAB42pFWL6
F6hjWiF/6KLGsv8A4Q/irvOZOVSZIHzkr/8ArbeSgc8ncR3FbcWzHkTrBNmlpj2okL/ESFNttkNM
sKOPUzzg/wB0Ac/yozt0iy2CYwrMZYaGCltPyfqB3H081tszeC1/SK2XP8HA/wBq5aonrpDqLO2A
0ojAIXIPYJx2bGT2znmprk6tsWpNRxrczDXJcit7Gyle5QwASC52Se2cDuR9KHlE1nIg1h0/0PoV
tzWWtH0S3px+VBKnQhZHCUN8lxzPvkknuPEEdT+m8jUEpL0CzpiobWUqdWsLbjZ7BxSQQp1R4CEZ
x+hNcvb5OmLBy+6GhdLdNyWLm2pz8dG9JAV8oeBV+8UR7E8AewqLL9p2DdrZKvULTYkS1sKjxmi1
uSyFHBIBHgU+2ynuyvOovgV6c6zZnvM6f9FQZQ2HP/snJW5zxySAB96Crn/Zk2iy6miWSGtkfjH2
mw5IST6fBKj7YpRUlgiToNpv9nF6OnlzbTqC3rcjMBbiSjakKUvagA+cgE0r6kfAZ1K0HoWFedO2
t99xTSULfSAlDLmck/UFIP8AKtI1tkOdbBvqR/Z3deLXZYepLJMi3hb8Nl9+2y0pRn1ckbVduAMm
q8XnQGn2NQG2altTtsnR3C07FkDCSof3V9iKS9WUUmN+sum8NFvdXBgIQz/E6XB29xQO506/FpMu
3JLrKRgLB8+aTwUhRB6WsvsFT7wYONwSsd/5imfUvQ+Yw0Z7bf7j/wCutqyP1ovIUBk3SMy2p9cD
jOAgnmkCEFp70yBkn2waewQobaaIUHHsnOcE9zS9iUhKPSWwAR2J4NAzkbhsPpqVuGMYzmuMiTva
/dAcHBAoFsJul/Se/wCuLs3FhR1lKiASeOM+Kv78NvwpWCJbHLWw0+LjHCfWYJ2rcT5x7ilJYsl7
ola/9HLnqG2Q3dMW8olxHS0qMvhSh/rx2o16b/C41r+KwZVscjsKd2qUwopXCdHufAz5qBvCwWh6
I9IZ2hy3pvVWmyuXDG19awU+o2fyOgjwofxDipmsPSqLbtQNaq09c346dgQ7BQeMY4SpPb7KHvzx
WkMZMpNNDnqLReoWID+rdJTWRcUII9Bz5Y8xv+6oD8i8ZAUOR5yOKb9NP3H8NEauUZxhEplLgjS0
/vGTn8u7sSPfyK37k0YpZsNnNII1DAROBQrKfTUDwpCh/wBfcZHihR6HdDNZueErdiq/DuoIxlOc
AkHv3woc8H6VK8g1kdtQaV0/a/StkdsNyJqfUZb9Q7dvGUjH5kjjkHI/TmOeoHUh/QWmlmU025Dl
PejLKXlbo7wTt9RSR2O0gLSRgjBGQRVQjexdzI86W9VV69vUrp04zKguNtKkW6TFfADxa5dirODk
FGHG1YI/djBG7FYY61yGbs5ZWpjiZkBsliaGsJlISQfSdSnOcgjt5IUnzWrSt1ozSyrAjW+vpEG6
u2/SciSw7dEqeZfZVkFYUPkI7JJx34ypOCOQaBbr0A1TrJa+pbkRyLdgQ644lG0LUD3CCcqyRkgc
8nxmsuWdek0gq9QBP6Y19oXVrkSPC01cNL3JO9MaZMS3KhOEgONoRkLOxXAKcEApyKnWzWXUNo0G
qy3O1B9t1nczIXJClJB5AUcc/rzWdZto1bxg3sepJVpszRW+4lQbA2hQ48H/AAqPuruudEQLUq6/
iHpq1Z9UFWNqvcLH1rSKtUJbwVs6ndSWJ0NuXHnrL45alNHG7B/K4PNQ9r3XwmRg4W22394WUs9j
jvWU34N4RxkYJHUVVxnp9FxSCUcK/wCKnCK8xr23/j4IS3cYg/eIHHqjyfvWMnbpGtJJBNoK5Ja2
Bauw7Gpu0JqdlEdI3coGe9Vx5REtkp6S1c2/sSlRP2NSdpiU9LQlRyOMUNkj1KCQkBRGT3JHakrL
qA9t81lJXsEFNhkIS2k7+e/FFFtl5bBAzjuQaIqhMd4kpxzCGsgeTmnNl5DQ+YEnz7CtUJ4NZEtI
O7dn6Umcl/NnP9aoWEcXLhkHJpvuVzQ22d7gGPc96tEMj7XmtolsYcUtwAY4GearN1q64IYZfUiU
NozgA0+af2uNs9X6P0L63qFEo/126xXjVV0dgtTHEtZI4NQS8PUuC1Oq/iz3NcHTt8kmz6D+RdPH
pOOHGju2lpJwhByDwKSX58MRyUuDk+fNdqPkRT06eQpjehwb9xzzz3qVLHc1CNsfwknuf+v8K+c6
5f5rbP3j+BzUOlgl7DjsDqTjt2OO+axItokIOzCSByonGBXDFeD9FnG1Y2SWFoUqK62Nw/lSGXCX
FwrcSCPftTXucfLnI3yo6pCd7RwR/UVxwlxW17BV7VaaPM5Yq7LCfBr0fevN0/2gmMlSSr5Ae1fQ
7pXoyPbYDavSxhOOBXZ9Kg5TlyM/Hf5x1n3OpfGnhBu5HSy1tSDn3FC+qXXUR1rXhKQPtXvo/Pqy
Vr643+Yhxz0HFE84SD3qo/WbW+oFuOsMOLSDwSCeauUrZcYpFbtfWbUep55U9v2I/h5OKBrvoq5Q
1+imOonP8+PbFZ2WNrulpyG/UcYV98dqV2vRUyZISgMHGe5ovFjDaw9ILjLKNrBAzntUvdMOis59
0LcjKAHsDWbk7Eyx/SzQy4nogM4UMVaLpZbFIgNpOU7QDRBUzJhrNSDHwOM98UF35C/VIKRzzk10
yiZpke64aS00ogn61DOrlp9ZaN3cYFE9GkNET9U46fwClKPdOOTjFVp1O1u1C2cZ+bd3qZ/iaRLH
9AGMwmStIG4DkDmp2iMoah8p3H3B/wAay49URNtuxgvSyVDnODQ7qOOh5osqwSRnAH861WGJUija
VIDYwOOwrqptbSgEr4PHvmsDdGGEpypISRgEjngfWtMISolaN3HageMHNRwlLiknGP0Fbr7Etp5/
nigLPIaAKkHP3z4rAbSUFIc2g4AV/wCdAVg3DaAkLxnPsea0Sj0lKUTnKuASRQLRsrc2oELAChwT
3NbLypKuQR7E80AdW/TKQsj5j+lahPy5BGCe470DejoUIQMqVz7e4rglO/csJOBgUA/gz6fIC/yh
JH0yf/KtcOhAKO45xQKq0YQkHIWnaSOTnmt1en+XsB/M0vI8UbfLncc9++e1bNpVtVjHP8R80Ngj
u2gJ2pTnCeeOf1or6uoftd5tWmnCf/omzQmtqQQEqcb/ABK/13SOftVLQ3hiHp+6lm6PStwyxFdU
Mfwnaf8AWpB6MzRo7od1L10iQtuVNt8XTcVaBgKM5/Lwz7/h4jw/9s00T+huYde0rFZajrw/a2gh
ke81/kr+6EZ/UCtdPa+n6cu/4eBdVxYkfCVrGSAcjJCf4lE9s/eiM6lYNWWt6NavYk6favFxaWlK
m/URHK/nxnur7mrD9H9W2LSM2NdVxWHL6MOtiYB6NtSMH11hXG4DGxJGAfmOcAHpfqVGFEx6Z6qy
dTxmn4lxcZYSpTj99lqUPVUo8JbSRuOeyUgblcqOP4Z26PXq13aKGtOtLSIjYVIUtQyhH5lKySAP
4lFR4AyfrQ6SoFGg0b0kzqS6p1RqG/ftBiI0PRSyotMRmj2Q0kgKUtYPzOq5wcJFOF50zZ4lrTqS
6wEx2oiFqZYKvSaigjsGxyVkDufpkjtWTyX4II1fpOZ1T1XI/GtguxwlSLdHB9C3NDsHVdt/sgec
k0zXTp7IsWnlzX0Bt1av3CMYwcAc/QDnHclQGKh+xq8AlpfpDeLpDcamNutoefSlhpYA3qzkqUT2
A/xNc+v+n27HAXIuLobdiuem1JSn5lYAScAdyfmrSLyZcit0BV61xpFPTSHpmwOuIulykCW+t0/I
yy0cBJP15OPpT71c60yLr0FizERJDcWTcm0tjBC1IDRACh4BJJP0rrXGk0n7nLbadim6dW7dqDRF
nsbK0eu8hgK9MY+UK+Xn2J/oKgPq9obQ3U7Xl9mydPsuMWlxVuioLICn17TvWRjvkK/lWU+JRjhl
QnJsrv1O+GfT960a7C6eSVs3L1EGOlTpIKMkHI7chQ5+lR10G+Ez4g9XvB+zR0R4zry2XG5x5BSn
JKR/EM4HHk1nLGWbd6RbfpL/AGZunJca0WTrHqIyrhej6j7TB2oghKSSkEeckD60i1V/ZmWTTmlZ
9vt+oXokxDjjCI5ytMh1R/dp58DjP0qKt/ApSSyVf+ID4COonT9b0eCwZrMZKQ5LjpOCsjKgE+QK
rldumOrbM+TNtj6kgfnKFDv+lJlxfcJJWlL+2wH/ANkrUntuSn8v0pIzaL03lDludykEkLQQO/2o
KHSydMdYXl7H7PcQ2cYUs4H9RUidNfhj1FqW8RID9vW5668ANgkcd848UrQH0W+FX4AnNGQIl8uD
LbcmOhRabWjKXBjODU56c06bNdWouobWExncriy2k7XY6hwpH1H09qmOSM2GOiRYrDqoTJ1m9VM4
GPJTjgLHKcexI5B/Spj0LpUQLsbpY5Ebc6AVEjDcj2S4PGR58HPirryDuiT9K25+4PMy4CHIsiMV
+gh059JXdTf1Qc9qIrfLs7bu4K/BuJUW1NH8zDnls+4OeP5VUdkSWBrut+l2G4IfsrynWZpOYy/l
AWD/AAntzjHPnFKtP6eTqe3tTpRUuM5n8Oh3KFMEnJZWO4KVflPsceK08GTwbsvaj0xM3NtOXGHK
BDTsM5eG3shafK0jsR+YDjnikl11ParuDOCIjiF5jeqElPqrHcKSR+YcHB9uKpLuyiHgYupmt7Mj
Sjc2eA0uMP3u9s7o4PCX0+wB5JH1z7ipnV7rXe9KdSn7Pqx12G8thuO1eUuB1mcgglHrJHCvlJ2L
HJT2JIIrSNKORVcsEcS9c37SWrrfe7CyzbpltlIntvRnNzcpW/eFDBwhe3ukcY7pGc0eauXH1bd5
KtJxlxGbow3dLatnhHoODcpkAdihW9OP+E44OBk3h0a9umSZ0j6HwpNnRI1XbVrVK/fNFbhQVq/v
IXnhWR+UnmpB1JpKxw7W5ebTOekmOfTKUKSXmAE91pWCU7eOcDj6VHGnOVsU6iqPnh1Jvt36h9bJ
XSXWVnRDnRJSptov8JJS2+tvhSCocbltA52nBLaOMmrX9ObdMj9NjHl6kbuAQhJYWwRsUjHfNXyP
/MpFJf5aA7U9ztNs0mFXFDgcQ842lwcJ4IPI/WqwfELruxFt+BbpEiBKaG5KW0gNP/cdjRXpKire
StM7qvDlfiY760kfxIV4NR/ftaBcd6W1MSvYTtzxjNc7OhKhttOqNxCnXSlXtnke9EuhNbq0/eGr
iwojB+YH+IE9qmrRT+SUrrcYtvfj6hshT+CnDcMc7FeU0adPtYqkvoQknB4xR+BmTt01Mxa0FSR9
j3qcdJfiPRRxj/u0fImPsslCPy5wPekbToS78yef8KiQkP8AYnfVCSFAD70YW1baWwG+/nmiIMeY
w9Nr5jgeKUKmtJTlS+9aoTOD0/1AT2HsOKTv3BKElSyPfOe1Usk6G2beykFCFDPvQrqvWMe2xXFu
vjOCc5rWOSVG2Vv639YmmG3cygEj61TPrL1mk3SQ/Btz52qzlWfFeV9Q5/V2I/Wf4h9J7OP70kQN
rDUTbaFqSohWM8+aDY93Sp0rWrIVyTWnRxqPcfM/y3nXN1XYvA5wXVyDsByByff+VNmqgtLKyVnk
cgmu1Kz5PQ16evki3TS/HUUjPk/51J2ntUiY2jLp3kc814/W8VvuP0/+HfUHxJcTYYWS+JZ2x3Hw
P+I96dJElJTtSc5GSa8hLtwfs/Byrk4xI8WpKivJUewI4xSGWhSTtdR2/Wh+7J5F7jZIjuIUfRKi
jvjxSrR2nlam1JFszLJKnljOPbPNKclCLZ5HUS7Itn0U+F3pazZrdGZEcDakYHvVo9P2hMWIhtA8
V7f03i+1wI/nj671H+J6uT+RRMZbQnaE/p70Fa4huym1NozgdgPNeinR4xA/VHQz01axsJWfb2qu
3ULou7NkqQmIVEnAGO31olhWNZGAfDS2GSXIGcdsjvTJcvhYjNMuXKVCO4/kSkcioy0kV3Arc/hZ
ekPpaVCG3GcDyB704ad+FdLU1llcX8xGcjilL4C0iTNMfD7HhS04icJ7cVJWiujrEI5RG247ZHam
o01Zm2GununzUJ9WEDO73qT9G2wx2UjtgVqvyIkx6uKdrW4jx70G6jcQ22onIPuDxWuyP0Rb1Cui
A0tKOxqHb5IS8+Ubxgkg4pTSo1jojPqu4RbVpWQUgHsKrdqDarUrbpSDhXINTyfjRrDGyx/QlpSr
ewSEknAA7VNoOyCndwCO5NZwwiJfkDd7IQgOgZIz3NNFyCXmvV2cgcitFuyfYot8hQDjknBFecC1
Z5AxxyOawOgw0A42R5NYQEpIC+B5wOM0AZCypW3GMHkk1lDexvIyccDvSeASs6JKFDcpXHtWob3J
CS2O448Uw2bAE5SRjHlXFa5cRlQHzE53A9qB0YOxK0ggkJ81hBK296CAT7j3oEzIyccZA8Ctgs5B
JSPr2oA2WUKTlKMjIOCc1rtG9Sk54V2B5pBRokqW4CrgDgEGumzas7AMEZGeAKYLZqtKduU4wDgf
WsJwg4WDz2+tA8Hhls5Qr5fIBzXVr08bCc+O+Qf9KAVWKYLKn1lk5KdpAx+tHfxSWxNl+InWOnSg
o/Z1w/CBBzlIQ02gcH/u0/A9vIM6SAaj3R3lO2KeU89yKkjTH7PT8PEC1O8/jdXpffWexbjwFqAP
6yDQngWgSl3R+VOjOyVZWQ5cHE4/jcPH2wkCmKPKaLzciSd6Unf6ZH5jnz/12qbyCVk36M6nXjSr
8fTiI5l3qWsOSELUEIYO35Wyf4UoGM+3zeanjR+sUs6K9aRMTPkzXQtbxUQl7Cto+pSVBRAHhI96
6YypZM5Ej6V60P3G5tWd+5Ybjc5CsIZSO5PgqI74+gzVoOiHXB+bAh6M089+HYd3SpM7YFqKByVL
HbACRwo445zwKvDFRZ2y67FnsLV3g+q3sZ3oduqwJiVKPDhbUSUqUBkbhuGQdtd3V3y9aSYk3G4h
q5XmX+GQlJ9V9pGNzisnj1CSkc8JGT34rOTLjSyxZH0jp606MXBtiRG0/aSXZEkq+e4Pk8hTn5lZ
Pt4FDd40yLupeqLhFT+7/dxorS9qlqV+VKUnlJPk/mx7E4pKIXezZXSyZpnVUC96xUr92164gA4b
b2ZUE7Rz3HbuTUB9XIM7XltmSLmwkOJKh+Yj0ycnZ9/tQS9ldLX011LfNdM2x24C2WOzo/EXS4PZ
ILacqIT7/wCZpJ1c6hWrVXTa6PwZC2IFruXqQ4jqvmUFNlKEH64wo/et1JyimvBnNJyoYvht1ddr
9r/TDEiOSy24mS6heVAhBAbTn6qJP6Ul6ha6v156iXtWj7Yt+PCekH1x3U64kp3Ej657/eqdPJN2
+2ht6b2ly3XuNqGS1m1qKYcnYcqQVfIcnxhZGDVkvh60Vo46cm6nv0P/APVUpKIZbRkOI2klw48E
8n3IqO3uCXpVju7AkXrqHE0+w+4yiLb/AFVvoHJdcO5KSfJ80F656iXabq6LG9PDgnLbUE5ISreE
JJ++0mtoxSuzC7lgRai6r9PVJt1suT7DzUh9TchtwDcSAcn7E5FDOt9H9KeonRqVY5GlLeiXeJ6h
HcQgBbW1JwR5wBxWEuHTRrGeMjHrL4CujkDpvGmR0x0vzC022htwlQIwFf50rsv9lxoiNbl3Wded
vrLQPSkLCkpSSclR8YGKykmtGileRHpX4GdHXK6vXyDGQ5Ct7rjam0KJB2Z5A8jj+lWM0x8PHS3S
4s9y0hbWFGC22+tKkjKg4CFj9DWMottGl2iYIeo9NNWheno8QLTJj4Zc8pUOCn/KmrpxGtGrtEXC
Hemd9wsTy5CPUHzbQraefttz+ta0lgqPG5RyEqNPWS7OSYC7a2hNyKZLbLXygKx8wB8EEZH3om03
Jbgtfsx1xImtteiXU5Hq4PBUPCxx/KlorsdElaSuVv1JpNuRJnqYlML2uuNjGx1IwFf90juKbZsp
29Oy207Y81tG4pzuEkJPbP8AeHg+QRVrBm40Cl5N6e05cLbLEm4RHG/xUItrIdUjGXEDHdQA3Dzl
I80YdLteQpNng25F5TJZurWxma+okPcfKlasdzkYUfpnzW6Vo5OTOh1uGoZOn3vQ1CpSP3qkytgC
THc8rx3So+ccE5OOaBuqUmNa25NtxHfXcI53zE7ktTwMFAURlKHQCML4BHsRTh7ozkioetvice1N
o2bpKPOlm9Q3XWIsu4o9N1laASqM8B+V0owUrHyr9IdiQaAdM6kv3WLRUnSGpLUWr5aklVufkj5m
G1L3ekD/ABsKVn5TkoUcgjdzXNNRVGvHDFht066R3X0vxMrT4EeehCvwalDa3tOQE/rkjyk7h2VU
0dPdAW6HbLc7Bt7EsW5S1FS9wWhoqBKdvjaoq5H976Vyfky3hFhdMN2nS1oWqFbSbe5ytn0wsRwp
WRjIPyg8djxUQdd+o0+3W2UmLbE3mMUAM3W2vJRLhnsQpvhRRz43Ae1dPEkssxlbZQy/XCZqLqsv
UvTe/wByZujE9t6VaZAQppWOMqRjAP8AxADP0q0Fl1jDtGhn7AuzJZQ+nKW1KAEdf94H2z7Vnh8m
Td4ikQj8RF0l23ScGezcW5DSp0hLqi5gLIQ2efoP86o58RfWOGuQ8/aZI9GOv05UIrJLf/Ek98Zo
la2XDOivGpNYqZU5NafJEgk7grkk0PjV7zja1rfwVH371i8miwdYmsCpSSpQyP8Aiogter1PK+R0
4T9e9KqK2TR0P1GrV1pl6GnSCd6fVi5Odqx2GamzoxpqUp1v8RDUlaSAUk+1ROVtIktL03060Q26
WMEgd+MVLligmO0EpSE8d6pEM7XMqZQecnzzTMp94KJA/UmplSBIfbBKLZClEg/U8Ud6fltOtBRx
/nSigeB4/FJ2cntSCVcQyvalVak7EK7wtBO1XNJn7mF/NvPHiqQVYx37UjMJkuLdxxk81BfWfqum
M06ESAlKc+aqclxcds9L6V0b6rqFEp11z6rft6U5BiTlc8EIOahDUFwaa/cuhSleSrjNfLzk+Xkp
n9BdL0sfp/03u90RPryZtmFtDmd38IofblqSCcjk5BzzXv8ABGuNI/BfrM/udbNhTodZuG4pUeDg
mnDVllZfhLaA+bBIJHmumKtM8mW6ItYmPQ5R9VfypVjbRVp2/rStJbewAc5Brk5odyPZ+ldY+n5k
0yRNP6rZmAFbgyn9KJ7Vd1ElDy8g/lyc14HPx9jP3X6H9SXUcadj1FSh1sLbUkkj+H/GvPw94KQg
Hd3UecVhFI+q5EpxtMaZUL8MsqxlPjB7VM3wjdJ/25qD/aV5jzhGR481E491Q92fJ/yHn/wvRTfw
fQ7o3phNthN7kZIFSi2pDaN2QB45r6niXbFJH879Q/ucjbOD7rfKlEE4xjNMF5hreBSEAZ5rQxQF
6m0q08hQ9EFRHegWb0xYdl5U1uVnk0PKoaMudMojeFOR0jjhNM966cRZhGYwwD2x4prAtjc50ojP
KJTFAA+leZ6XxmJiHUxx8tFYE1bHWJoVhuWlXogJ9gMUUWzSUVpgD0QMcg1VZIZ2ZsTbchS8DBp3
t0ZEdBK1duePNUlklnG6zEhlQz285oA1hdUtNLK14x5q0qFsg3qTquOwVNl3B5wT4qOTdWZkhW4g
j3HY0uTZrHWQG6tvLFvVtxt9s9qrhf3gdUtJQjhSx8tTyfiaQZZjoctLUNj0+Sceaml5K/2ek84I
8CohlEPYN3pjcFAHknOM8U3ux9zKRvPzdsHOaq9CZQwNlKM8gAY58mvIWC5nBHisTY3Q6Sneec+1
e2lxztnaM5HHFIq7watbM7HHCD+YH3+ldCMYShYyo4480MFRshASo+mcjud1eUlId4VlSgSRnzRY
/B5CFIaK1r78HPFYCEpG/IIPHNMVGgGEALPB8jxWyUFfuBnHynigRqgcBIOOex71slLSEIye54Oe
1A1XkzuOSgYGDXMqWVFwJT35IpMN4R7YS0EYPkf860KyjCPV5PHJxT2LRneRhaTxkDjzWWytRygE
jkg4ph+jZpJUARhX07ZrqkKTlS2hzxtNJjQptbojOl0exOSfp/yo2+KK6ydQfELq++Pula504Sic
8H1GW1hX8lU/AkrBjTkplq33NDoILjGASc4+YUaW28sI6EmI2+kPxLs8vYe+HozSAf19JdCHQO3V
7deJfzK/csIa4OPyoSKbrTcnbVPblpaDnoKC0hwZSSO33wcVHkrxgc7VOuMi5NstSVevMdAW8e6i
pXn3GealRfWVrTnUdizsNBy129kQVICsKLXp7VFJ8KxyD7j6mtIvNMholXTmqNP26e3Atl4TOiBC
FiVHzh8qG5ACTySATkHyDnuKstoP4hI/RS2RtNWUhF4nK9WQt1wbY4SP91jHKkkgqV5WkJHCMHp4
1ayYy3QbdOviylSL8Sl52YlDKXX5MhRUoqWr82O2eDtSPGCSompOnfE6zqSXEtMUuR4qI5/Fz4ru
RGbWfnZYPl93hCnP4Rwn3q6Wy2rJKhfEdb7pb5Ux+YiHEsTJQ4sKCYsRYTlLLaT+deQAT3OEj3ol
X1QFqtbFx1RKEGd+GRK9MniGwrOF4IypasE5OPlBwMECs5Kg2C7XUm63q5r1G2/McbkRnPwwcWor
SFJ2owk8bl5GM+TngAUzdQdL3aImHpC2sb5Tm1Ml1l31EsuclSR7njbk+cn2pNoWiKtWSVXaSOnV
ps777y4zk6dHbHzOMNqwlGfAUrA+wJqJXfh8laj02zpeOj0v9oCUoQklTq31qKitP/dbS6Rn6VUb
XpREmrti22dGf/QB1ZgaX9JXp2dhgFbpypfGe47/AJsnHmmb4ftIu2m2X+fqOMtlDbktxaVkpK1J
yUq5+iv1prP9xdyD7U3S/TcnpZa1qkmHHu0F5MlLI25O4OBzPfII/qKkfT+lnemenm+myA1K9eEJ
c2e2SlKGGyAGR5BXnGRzye1XCoumRO5LA9WKTp5tq99RmwUuQ2fTjwmAcBxwgAD3wMfYCq86k0rq
e3S3dV3dTkVoSvXRnI52nb389v51awmjFKqshfq3pqRatU2S3yJKVS1KSt1vdgg4CuP1V7+a2k3+
9yNX26wLuIjpjbl+nnGwFWM/+7mpc2jZJVQrd6/Sbrq5QgqWqPGf9BhkrJIUlGQf1+Y0bsfFZddT
6TkaYjTQFJty1OupJJCgQSPuBVNq18DisUTF8GWrkav0HqOU6r1moMLDK2//AFjrp2AfyJP86lx6
3f7O3G2DB2/gWgtBHnaciuObTmzshBJJG2nZEd6OmA+pLTiCtTchI4OUnj/DmiHp7GRbNTzy3ELj
VxYUtQHc7myFY/Xn9Kzbts3cKQ7aehz7/A/DWxYMuKQ4y2FYUcd+fYpP8xRFPsklQdkyZiYt0hKQ
lSuwkJPKF+3HYn2NDeaB4CHSd4hrYRFW/wCg9cEqKmzkArb/ADED9SFD7Gump2bxYra7cVDeltO5
Hpf75lSBwoDHIUngj6A+9aRyck/SY02hX7CN2ts5AKHQ+tlZwhokAnnw2oZOf4ee4pZoUDTipsiN
akJaC1rNqX8q2gTuKcDjIOeRkKzkdzWvwzklTEuvL8TMlagiNNyWfw25CZZyHGyPkSsj6/KP0H90
1BvVDqBdbVp6Eu0yUm33YBcAOEpct8hJUVsFf9xQSQAfynP1B1i0Q4srz060retd6yvd61kpiVhW
Y01SNolBtWAHePkcAJSoHtjPIwTbfQ3w/aMdsVr1LYrc2JrUba3JITl9sDOxSOf3iB8pHOQnI478
0/VJtHRdJIKLbpzTTLTNrvkVBjyAFtTM7UMuHslQ8Ak8HscEZzxXrYg2a7LsyHYwW2Vtlxk4LaVg
4xu7pyMYP2q1GjJyvA9s3e4NWhK0zENmOwpK1oJO0jg5A7jP8sc5HIgfrXqF6GJ16hJgutTGgHZD
bYwCByoEfMnk4OQfHNaR0L+orlp/SOl1atlahVIKJBKXC87ynnsM+3H2xxxWvxB9e7FoeyIf0xdh
GCiGnmXyFRysg/IFHsDjIPcGo41Um2bNWkVW+MHrtKk/Dbpy7xJBgzLrc7nhpJO570ksJJT7YJ/X
mqJ3zqJcLspN0fWrc6ktPJ3fm+tLkdouCpA9Muj725BkZaByEnxXBdyJyd/A74/pWRZ1j3FIcTtP
zAYUf73PejLRNukXOUgJPGO9JukNbLNfD10/kszotyb4UnCt2O5q4/TLRLapCZQYILnzGsFnInRY
PQ2n2mI7YCUjgdvNGrENCGwEk58cVukQ2cZFqVJwFJ70nc0q6EeoGzx5FTKNgJPwqoCsK8eae7De
Et4Qk/SksA0P37VKkhDasf5UjmSlJTvUs9+5rQkaZd2SnJLuAPOe9Mt11lFhIUpx8YA55q4pmkYO
WERL1S6yxmWHW25aQB7HHFVL629Z3p8ty3RJZKu+AeK876l1CiuxH6p/C/onfJTkiF59wfbd/GSR
kqOVYoU1hcYDjDi07So9s+a8Xp13zs/Sv5Byx4OjcH7EO6guiZFwW4VHAJGDTelxLyQtKsn2+tfT
xVJI/mnqp/c5pS+Qm6cXVESTIZWobtuUpz/SnO+X5pTKnVPE9zycVpB0mYEaSghyW44nupZOPFd4
MiRAd9ZKfkBypOfFQ8ji3CXcgltF9LLyXmHPy4/Sj/Smp0Tmw26s7uB3/wAq8rq+LHcfo/8AFvqv
ZyLjk8BdbL0qOoITnbjnPOKeW5DLrIVvHfNeRXbg/Y+m6lcsdm1tg/ta6R7apJ/fLAAHmrzfC/03
jW23xW0RwlIA4Fa9Nx/c6hfB+f8A8+6tcXTriT2Wt05bW4MNttpOOBn605SnVgbB2xX0dUfie3Ym
cwE7lfzpM9tUConB8D3oQDRcI4cJ4BJpCq0R2cOLTzTzYaQknQm1DcpI5psl2dt5eAgEUyTnItLS
UhtOMeR4Ncv2SzkkIBPtT8UTVHRm3tZ9T9KWIjtITtH29hTTyD0cHGSle3aCD/OtHXHGe2AR71ca
8mcmMF+uPopUCrgioq6jXtDbDmHscHOT/StI+4mVZ6xa4ebmqYQ98qjwQe1MVh1Mt9CfUfxk4wTW
Un3To3r0jZ1PuUaRAJQ5kgYx9ar3qRav9pmXk5A38BXvn2o5MxyVEtB0IQXbawpK8JPOfeppyFQQ
FZwByM4rPjfpMpbGK6sE5KVDvwFDikrrQSzgJ49zVjdlAkp4G9fPfH1rZSUhGMZzwQnwKwOmkYZX
6bKtxx7DPNZaCc5CduRjOc/yptYD2NXGmzsTsVkjO1JrYbCAnjAPZVBOjonYPkwMYzitUE/Lu7Hk
ZHagb1Z5AKl4BPP171tsSpLYBPJOc9x/rQ2JKzVoJSCkhW0e5571u3tKC5uGCccD3oGZbG0biU4P
G4e1c1Ja27fy89v+dAeKMqQ2CSM7c/8AKtWUg5RlQyfANIE1ZhslLSkH5grzWpW3/vAncT2BphZq
GsZ+cKA/hxXRKFMKUgnAPYq7GhiW7Mlv94Et8FX1zW7aFtjJXv5PmkNLODdo7FL3Acn6nj3pz1lq
B7WF+fv7zAQtxDLYaCycBtpDY57k4QD+tFlVbo9p5j8QiYx59Hd8gPfNKocySzpGRDKv3ciU2VDI
wSgKx9f4v60XQqvJoZ7cy6OTJC8F4cnPJ4ArgtS0n5uU+eMg1L2UsK0O2lVoZvrcpWMx0rWCo4wQ
kkY/XArnqJbib0p9ZwXEoWDn8wKR3poTVyoMej+tHdL3dXUO6vpcZsoCorLn5HZKshsEeQDlZ/7g
FO+musEu9X+4X28y1qR6foNDcctt5KnF/wDeV2z/AMZreMqWDOSDq1fEZL/CW602B30nbjISl/0O
Cv5d2wfzQgVOTHWhzRdwRYXZbaRpaKw020jJQ9cXSd6iPPpAnH1Ca2i08Ev2HaN8SAT+AE6aXrZa
SqZ+FWfkeeB2tEgcH5sY98fepcsHX6RY9JN3PqHJXPVLaMyZGKz6k1xJBQxu7obGUp48YAqt4Bhj
prrjORPRImzENyWLeL0FNHCApxQSy0AeE4Kv0CU/ejXSfU3Trtxcd1DqlDMaXl5xUdBPpsJK0kgk
5ypW/B7/AO7o7b0ZydDPdNeWKBbb5rllcVqZqXLCo6TwhhoAJYbxyMqcSODyQfApd05c00dU21pi
K0/Lgus29KWxlIkS1Jb3oHc+myVAf8IrSMfLIlFvETPxDmy9RPiqv0dicmNb4jkhtSWBlbiVLbZB
BPA2lef/AGaDNR6ah3yxSr1phalMeosSEclCQH2m1LHuk7Rkc/mNFxhkns7sjnoy86avmh4tikyD
IkB5txmOrgNMJWpt5R4wBhYG7xxR/wBQ9YaOgxJUhlUZmNZIzbYCiT+IcSdiis+xO1R9ualRvISv
8Qc6UXFu52tm325x6QxJdVJedQdv8Kik/TPzLx9U0TX3TUDqHebNpiW202w3cWXFLdUCXGtvzJ+v
CCM+4NaYu2ZuDeURN1D6J6RldQJ1xlQmt0FP7TkOk5/CpSHCpCfoSGx/7NVxvOkrfffiEjAvBEOX
HbS++wk7ULUla08nHHA/nWTTpmkGroBOn/TW63DqXeLbDibo8xH4qM4o7dpZIC8fYK+9PNl6SXnp
1rjUWk7lLDi3rYJrRPZKHUlBGR/3DWcnlo3iW1+CG123TnSKDotLqFTpzyZMhSBsUWwdqAR+uf1q
adS3VFzuj7iFE+isN9vypHAP2rHyztgraaNV6euMOWJkm3rabK9gXj5SQASAex4IP2NO2mbjMh3p
EeLytpKm21A8pPdI/Wsm8m9KW2G2hLfcLVcDqV5sei3+8dYHyqGeMpPv3/UYo36rRNOvabh36HJa
MO5ZhLfQfmYJ5QpQ8Ak8fqKuMbyjm5HTwME3TVwsVpt8m9PAtNvB5mWlXzMupG05I75SrB8FJogh
Xa63TTTltulqLN4thKFMpVuUAPmQUn+JJSdwP/eSa0gqWTl5X3aGxFmiqujcvTa1xpC29j0dKhmQ
gBS0pCfC07iU+CCR2JrjqO8SIjMCDCuzcaTFa/ERVIbztSkgKbx3UgfKR52nHcVsnlWc/bs11RaJ
DyzPh29K4S21IdhpJxG3cqSBjlskkjH5SR4IwMdQunmm7jp91F/cEmBIH/bXmAUuoSAnZLyOy21B
JURjsVEEEmpu8IdVsFdGdDHtJXV6/TG4+1RLcllbYQiaAkhHqDsFkflcGAcYyDjMg2bTUa0yl2u0
CZ+z7l86o3qAvwJKRneyeDyUhKknnlB5GTUxwwk7Hi5TbZco2y2yGkT1fvkOtDa3KWQlRUEkfIop
HzIPynByMjNA+oLw5E1hEm+gyl2UtKvXZVlIVnyD2Bx+XuOAfBrXRlpjFf8AXGq7XOF6sEtSQ0+6
mQy4Qkp+YKznz+bj6ZqHut/UyBYbmZrNwiFt+R6kiPGawpG4fxJ/uk54HGfpVJ4NEs4K99Wfid0z
pKGm0XG3s/hCopVKj8OtoVztz3KfI8jmoM+Jy/QepHw53HqBp64pcFoUmNdG4/5XIyiPw01GO+1W
EL/71ZSajo1S8srp8XNzmMfDZ0GsktaxPe07MvT5UolahJnuhpR44/dxxVegp19RW4M5zkJ4rO/S
jRCd0HlG4/MeBSNWRk4PsSKQx10/bVzJSUo5wRkVP/RPQTjzrKSxxgfrWcs4G8FyOjWi2YjLWWtp
4xmrK9PLW2lhtC0gFOPpRFKiWSnYlIQlKUHIH1ojgkKITu4rTRI9wIjSiCRkk04OW9ks5CcDuPrT
WSXgFtS2tAVlKRk0yRU/hXwhPHOKlxplIe2bi2y1ucdHA7mme/6rYQkkOAY+tXFFKLbI01x1biWx
Cm2pKcj61C3UL4g22AttycTnjJOBXP1HULgWD6/6F9El1U1KSIE6k9dZMzexAeO9RxuPaowmzZN0
WqUXipZ7/rXznPy/clbP3P6J0Eej4qWxvkS2PwqmpRO7Hb/Oo06k3NqOypLMg8jxXR0MO6aPnP5t
1MYdLJXkjGQp5x0qyok8964ImrSCMKJPnPmvoT8Cbt2KLZcHo8j1mpICu3Hius26reOFrVg+xpon
QiaHqnLnIJ7GujaRn09yR2x9vvQN7O0R51lYdZP6Zxn2oksd2UkB1hYChyU+RWPJBSWT0Og6l9Py
YDbT2oVPNIMhztxyTREjUqYjYcb+ZI9zXhc3A1Kkfsf0b6un0/dJ5CvoFOOqep0RCSVpaO7aOwr6
cfD1p0/g2XCjwOfFb9FH/Pl+kfB/zL6h/iuWKTJ0iMNMpBV82BxzXKSUqURk8+1eyfDI4FJxuWPt
muMlsbTgD9alIbED0fe2VFQz3zSN5tLaCtfBH1oSAbXgp9zJwf1rVcYbQRiqJ8CWRgDaDkj3pL6R
CNxXye9Mlo3LJwnnxng9q7Bn5AFKHPNNITOS4x3YX/PtTfdVhpsrP86uNsh0gG1TPKUqw4f9KiPq
I45KZcQpShkHnzVX4KVWVp6paZdVPXJbJIyftUfz73JsXGQkYHZXH2rJflZrtDbeL4ubE9VSsgDG
D/jUb3OKqbf2mufzj5gOe9ObuDZSWS1vQu0uNWBkLQchIxUtNhSIgQ4jkDnzio4v9NGUlcmNF0aw
2QSfcnPakq0NpZCiTx4Hj6VfwL5Z890KUEhHq8nnmsqBUyE5UfcA4rE6DZGNhQVAe4GcmsAgAr3Z
H18UDZ0bTtSVeqBjIHPNa5CW9uAUgdznNIekdQEryUuYG3A84rxHhITuSM7fpTBGiVhIyoJH61sF
BRSkJBGOx8/rQJPwbKCd3yYIUc7h3rCsHbkhXOSP9aVjfwYwlJJUrGT75rykI27m8jCvvmmLBhwp
2lW0E+ADXk7jynkk8p/680g2ZUhGzaWiMZOawloBCUo7jnvmmGDLm1KfTLhSVe3+dZShIbKEq7DI
we/1pFV4NAFbytagMH8gPiuzaVpO4gKVjg4ofwSsMyttJcCEkoV7jjbWQhTOFJXkdsporwX57kOW
myli4qHrDLjakHnG7Piurm1Wm21JSN34lWR9kgcUn7BjaESEBG5a9xHIIOcj7VssqKQFIzk5yryP
0oYloX2VK1uOEOA4YcAB8kJJpNJua5SENr2qLKdoUfb6/aisiTaO8+9qXYo9obb2NNOKdWrP51HA
B/RIx/P3pAzdnI0d1oLCA8MH5j271SYNBh0WuzsS9f7TPMlcbSsN+6EYyPUBCWgfu6poUSar6xO2
m4IgRpTi5Nyaiylv+QlcdG49+5Vk5rVOkRVsJNGdQnry1aLG22kqQ8mTIB/JkZWMj+6nH2Gak3Sf
Ue5dRZjMFF1ckqnOR2GlKJK1rdkJQP8AA8fQVpGVicSQ+pXXO2Qtba5jw5jaExLqiyR2mzxsiJ9F
OPoVN5pk1F1ovrAegQLrvD8WAw25uznGFrUPbnx/w1opuOTNwUsB9p/rHc1QbzcHUFxmyoDcFv8A
MpyQUAJ/QKUpX1KaWdAus0uF1QsTVwnOBdpuH4uWtSs+q+obEjPskDA+1VGdWEoj11c66S7b1vn3
KI+srcdkqeCRgbWkuOBP1JcKf1FK9F/ETcoHQO3NWuOiVJTvjynCQpDAkn5sjwoKQTn6UNqUaJim
m7I7tvxJW62W89NYd1WmQ6h9P49RwCRg7OfG7aQD3OM1v1o+IP8AbUtiTBub8mJqOytKSVq5S+HP
QfTx3JUyc/8AfrSL7VQu3ulbJusfW+39OeirVtbmhy8yX/xM5vg/gwEIS1HJ7gkrSVfy8GjHQWuI
yr3Y4qJLlxmXC2GepaT86G1ZQg48fu0OK/8AazWcXj/cc44odurTyLz0Tl6psnpRJmp5ybelalgb
mGEZUD9CtXf3zUYwtB2S6av01LERotuXlSHRkYf9NlDLbf8ANWaqWqM4NXYoj9GG+kGs1PLdbWy9
d5trbZfG5TDhbYVnPjJDif5UW/EtoKxaS6a6bv0Vhp6dJDdolvoT/vg24pYVnvgodPesIrvyaZO3
SvoZrnpbppzqI1cEznJs39m+kTyyjYFN7f8AvheP/ZqVNLWyS7b0XZhlyQ05HQ0+SkgJB3bSTjvn
aM+TWTSk7OmM6QZx58G/6Ia05bpavWlIw2p3kMTGslvP0cRuR+qaSaAj2ZMN/VLjqNzLZVKYWrcU
sjgrx7D5s/QZ8UnDNGn3KTJTuempzTEa62ct+oWVD09+USk7fmR7Eqx3HZQz5oYvF1h3GCGYA9aF
cIayG1dnnE/wEfwryNpHuTTinoxnNIT6Cfu03pxIFymLlWuUhMiJKWT68ZlScIUR5KFgoV7gZ8cy
ZF0vedT29WrrpdPw9wskNMdcZIwFt/Kton/7I2vcEnspDmPbGl+TGWwZur0SW9bNTXx5uM82ssKl
MZ9NakHehYWBwQk8A+SsdsUj6jaCTrp6Sza723GnsvplwX2nv3SJIR2+jL6MBSR2UlCh2FHc1oEk
IdN6wauTj67k+YbrSUomxQklcQ4ICsedq/buhZ+gIRc9d3OHqMQIdo/EqaCly2orodTKjEZEhscB
aUkjejvtXlJGBio7smS8D3CvDt8s7dgtMgM3RqJvjxlu+ow+0k7SltX8SMEJKTkgFBIyOdW9eWd6
xyNQQ486OpIU04y+VKdhvMngEHnGAkjB+ZPI5B3Os4IdPZ21n1MtOnrsH4cFK2XBnG5OHApIW2cf
xD5h9twPYmoe1H1Ytd1uPqxXUvIaUHVn1AFsnHP8wSP0HNVSSsO3KBrV3UyLGsr82Te2yqZJWppw
p+VzDSNyT7KG3II74qonxn/EAxaYDNxQ9mSOGnoispDZTyg+4CjkewJHilpGkI5KQdXPiE1Pq5yI
dV3RLTamUK/DsfxkZBJx74oz+Dzqi9fZjXTu+KW5YLzP/wBnpkbcf/xeclTOM9vlcUhQ9imsJy8m
u1QOf2l0i3Wb4mZXR2wvqXA6bWyBoxpYJwpUGOlp5XOcbny8f1qBY7YGQVkj3HanJduAjlWJ5SFl
JSAc558CkiWit7ZhRGeT2qSsBz0xt6JFwQ3lJ54TjtirddBdKMuNoIQMH37VDVkt4wWo6c2FDSEN
4zjGamPTNvdZSkJJ7dwc1SVEphnZ1LSEoWvH1oos7wBBJ8e9MdBFbZraAORkeM07NXBt5G1SsUEj
Tfm2yC4FcmhC7OtwlF5ZwffNOrZSQL6h1qiCwVOSQAM9jUR9R+tLMVpxDcn3wAaUpqEWz1PpvSPq
uZQRXHqn13fWFiNKBWcgZVUO3/XF01AtSnZa1Z4KR/5V851XM+WR++fx76TDpeHukhpYfDyCw8sq
Ue2fNYG+1OBS1KUFD+E1w5bwfUpKEPuPwMep5DRBfQ54xyqo41Qv8c56f5lDuVHivd6Di/qZ+Kfz
j6guXkcIvYNyrSlCBuAOe/j9Kan4SkcpRhW44weK9VI/M2aNR1t7lE4I8Z7Vq8N+VbyD7eAKQPJh
kAp54xxnPce9dGwhQIPJHk8j+dAju2TgDAOaVRlONKDrRwfIoGm07QQ2+4LUhKkrCCONoPFKJF+m
MNBsubzz5ziueXApHtdP9UnwRwyx39nloSdf9Qrv0hr5SsJHHivqv0YsCIFqbCUYGOTXN0kU+SbX
ued1nPLnkpSJBUEob4H0pK61uUSnH+td0jlRzfCcpaRwffNJnlpJKU/w0ngYmkpGSRjA8ZptmJ9V
WE5A709CYmTH/e8p+UUnlKSP3aD280JUSxA5lWdn+FY9IKABTx9aewOjbW5WwEEH3rYNE4b9vFUi
JHltqQo7s/8Aepg1E+kNq5HbsatEsjLVcrcsgHbyeBQDqaJ+JSpanCDj+L2o/qGtEM9WGkW+I7J4
ynnAFVX6gaoEm6ltxWwKVwEnFOSqNmkEZhrU9bN6j443HivaS0z+1bygtt5O8AAp7VhP8DSLVluO
l1g/BWlhsNAAIAyPPFFUxKUlWVY/pVcaqFnO7chquEYvOZGT9DXB5rY2UDHIxVN2UfO30ghX5AAD
wef5VkNrRlSflI4GeKxNjYKKklpYUfr5rCXDtCFLVlAwRQXeMm5wpIbCgPbKsVlzKz2IUO5+lJh4
ydGz6a8gHB5wfNeJRguK5JHAHOKBeKOZ2JbDW/5j8yvfFZWShSXE87u/POKYGSUkbVZQT2wc4rZH
yDYgpIHOaVBjZ5tKw6PTKSAd23NYACzhJJBPP0pio6FtIUFKUBtxk/5ZrkdqSSkYB7fTNLY2qOik
I2ZGDnnOe5+1YCcgNgZxx9qCu1aNdm5RUnyr9RWULKSVKcPfAFMg7IbKiA6efOPPNbgoCwgnkf0p
MvWz2EPHCfHG41lxsFeSMDuSoYH2pLA2lsywEBxIwoKWe49qcQlpWnkpQRgSSCk9xlI5/pSexrVI
R7SkgKUVZPB74rq4pSEpbJxgZ+9DzhCjhM62aU0zc2fWCShRw4TynB4NJZCi6tWUD5TwU/Sq/ZNp
vQlecKEhHJA4Oe/akrqt2Q2cEjn3PNCCXsE1slG29Ir3J9YpduE6JBwDwUJ9R5X9W0fyps1XOTLt
mn7+ysqUIpguf8K2VnH/ANzcR/Kr8E/JKPRebH09pTUeoHQ1IctFkmXGUh0EoQVpEeM2eOSXHwv9
E0QfATfl3bqdpKwyn8//AFSWdAJVlW0ycf4qrXjSTFJ+Rq1jqhcbrVetMXZ9SUw71Omz3Fq5ATIc
CsnwcYA+qhRDYtdS9QXeTdZgDceO6FJYScIbGAjaP0GP0ok7JXuSrDmzkaOuN5cmPthKUzG0IJA3
L3paBPjn1F8/3BRdpTSjGjrPZo1yaCZsRhNxmnn9488AWWk++xshSvqpfkcCbbFoLOodlt9udf1v
dPniSnXhHZ/9ZLdWEgkHyC4Up+xHvROx8Nd3030emBO1EVbMdC22jy5IcProUT3wEJz/AP1RU9zB
rBEvUr4OrwzoZy76ceZD9vj/AIUTgvclUlbinn3CPcFTTQ8k+wUKZ+reitZ9DekNjuWrdOvS9Sad
fmGNER+8RG9dPrLW5jjDbrLpx5O4+auMm3TFhDIjTWs49ngW0SprsufcPVuMhwkmQMBZcwP4Qd3f
vtHvUwdAepevtQdaJd3t1uktftCK7b4yXEqAioaZQ1lYx8qQHFkg45rdTjK7M5LwSJfut9j/ANrL
pbbVdVzNP6St3owVkEJkFtSSp0jwVqKz9iKCtFdTpUrqr08EdD/oOpNykbFchzYFgkfqK6JSSVPZ
hx8bclIljqL1jl6v1wxAhSo7sORKlXUu90YJR85V5/IR+ta/FJ1cRI6ZacNoX6kCK++ZDbx2qeQh
JQlfPsQk8eK54wSo6ZPIa6Q+L6w6u0rbdOyJzDLZtTMwAq5dkMqAWMeNyFD+VF/R34jdHS2NUdN4
UpCo1zhLRAByS04gtPpT744cH3FH2FeBd/pBi6dc3bRYdUJ0reEftWxP+owtCc7m/WQptRB7lCms
g98LUO1G2suodn6S3209R7mv1LTKmvrkRwgpDsSahmQEEDjCUuSAP+6n3pygsJB3PyEekOtknSmq
ZfSS6qXc3LIA9ajniahlJOzd7PMI4PhSge9YidTrOzqu/Oae/EuWtxbd+hFYJO11rLnBGQeGXPor
fScVHIr7mJ7h1yt0LRMnUWkpIgi13J2POt5BI9BxSw+jHgblB1HtkgcYo5tXxFWfUWi29MTb7+Dm
SbYqEq7R3SVPRVg7HAfDjLidw8jYahRyU0+2ge071QuuuNPXfR+pi1IdtrTP7RTHyhL+0+i8tpY/
KoJcacSRgHaR4FBF66rWmxXyLbdPXcTXn4g9OSw6f3oSnd6Zx/6wHJH1BHtSbz8DjEa7Dr/Wh1a5
rhi9Nfh57CW3bitRy24EcFSP7vYkDsCfYUt0n1Qesl4t3UFu3wo7dtkrfbSSHC026driBxz6bgJ9
lJFJNMbQ6a21tabNrX9p2u3/AIeFFfamxmQ4SllLp9NxAUP4ckoIOOAg8EChzV/WyHpezvXq5OSn
zbHfwkl+S5tcfYXktuqwPmUncltSvcZPeqrNEV5BPqh16gqh6eegTD6MyzxJCNh/iSlTKiD54bNV
66i/ERYNJft7USJ7ZjMMJafba4WkqXyR9QOf0oa8FJUQR12+MKYPh9s+uLY4IindXT4YjAlYcaZj
xgpSfp+8GP1qsPUXrnL6idMp9pVfH/x0G4NyGE8JQWHgQ4n3yHAk4AxhRpzkklQ/JD9/uJnzEj1A
sMIS0Mn2HP8APNWu/so9Oaad1Hq7rD1DY36a6YwkarmhxO5Lz0dY/CMe2XZSmU49t3tXB1F/baW3
j/c0hvIOf2rGmbJpz47tdSdMsuItt8di3yMh1JSSmZEZkKODk4Ljiz381ALCN7ROTx47n+VdM0k8
OyOO5RV4OMtODgZP0z3pKhvK+FAK/lmpKJD6UoYjy25To3A881cv4fJLaozXbgCkt5Ey0vTgsqaQ
FcHGOalzTjTRbSn1Bz2571o6ZISx2QAFJUP9aWxJKmeFKOPpU1Q/I8QppGNxpybuaUtg5I/zpCEN
2vjbbZKnO31qOdeayZisuEvgD79q02XFNukQJ1K6tIZC21SwDgnk1XbqL1VcuBdbRJJPI+U15PX8
9Kkfqf8AEfo3c05IiW5znrhJUH1nnkEmuDSlxnwl1BAPkHua8Hufk/YIQ+0lWkLXoW8CeysAj+En
v/Sm66XZLYWmRIbOBzW/Tw756PL+vdaui4Gr2Auo77+05P4WPuKR7e9NbltcQ0p58EDGcHk19Nwc
f24pH85fVusfWdTLk8DBeJTbThwBx78/pTM/KC1FYGTnOD4rX4Z5rObinF5IUMds+xpO6UgqSFEf
epYjb8MpAAxkHOQSa0V+7OAVDPmgDrHf7jAG08J8mlkQ7kAq4I7+RmgB5tjCdu1n8p7k07ItaX1p
wkHd49qBn0G/s/OnTdh0lDc/DgLcAWcDkk19ANBwkxbOgbcZH864ujVw7l5bY+X86CIMj0sfTnnt
SKUpCDhCwcea6iUJ1YKSTyceKSFaGkqX5NFWOxM5uXz2zXEsc8jnHYUCOUpCG0jZ96aJ2SohHJPN
OiRM0yUIJUQCPHesLc2lJ/XAo2LyeZIcO5ORn696VJR8wwMc1aJZrcHfSYJ8igXVNwAKjv4+pxmt
MKJKVsAbz+/JAOcnvQhqZhpKVrGcDP6VMcsp4VFbviI1EmJGebK+OR7ZqpF2nm8aiITkpSf4snzR
yPFGkUthxCjepDQyj8oGCnB7VKHRPRgkT0SnGTx5z/Liufk0kVhFkdOwG4UANhOMAc164RwpZ75P
6CtqpUYLLbEj8YpWlQA5Hv3pvmgDKCfm8Zoq0CPnYhKdisflPYeawtbS87skHnnJH3rBHXeKPJ2K
G1KRz5z2rVUUs717hwCSoc0w7bR5tQUkqzkDwK67m/mKQe3BB/pSEqNWivdwjuPB5xXVxICcNqAI
7kcU2xqNqzRXcqSlIzgEk9/0rZ1KHykK3IxnCRxmisWEc4NQnbwkkEDIwO1ebQtAOxYCj/e7fagT
WTo2VqTuC/m7481jcop3h3vnzS0Nts3Q4h0pByfB57/6VhSxtI2nKRjINAN2bDjckcn3B4rOwBKQ
n3/pQGzb0woBKAncTn71oUgOAEEeefH6UDapHTgrwjI7jjj+tbK2rJ3KwDjg84NGxUjK0lx1DYTw
B74FbllDjQQFb9p4IP1paK/KzKz6SRuzjGPsK6MverEdY9NJRlK+Vc09g3mjUq/dEpUQM5AzisKk
8KTkqVjJBH8qSQtLJop8IwkI88AdvvXNxa+Ur7K4BUabQrzaE8slQx6xATxwaS71KyF/Ke4zTWBS
2Pk15tPSdDaUHIvQ3rz3H4Y4/wA6b7O4u9WeRpZpay4Vfi4rZ/idSkhaB9VIz+qBV0SS7DbGmfg5
1nfw+kv61ds1vYV5LbLj8l4A+Pmjs5H1FDPw06i/2Cta+qQklD9ku0N+MTn946yv8QED64bV/IVc
VmhSSZp8THVXRuqeomtNadPA8V641JLuAQoYVGheqXWmcD+JTzhUfo0j3p5sNwvF0umltAadlfib
heJLUd91JGxt/OF8+Q0k5P8A3VGiu10JYVFjrd1L0nddMWXTk2G3HtlycXdBDz++fRuSmIF+UfuW
EYzyfXXjvmnLpv1IX1c1nOhSLqkbAXktJUSmMjJ+XPgAFWEg+FHgZNXXnwIMJesIvUvVlk0rGkBU
C0paIYQrCThxWxO73UvB+4FWzma4Vaendps60Q58m5pVLSnaEjBDbSVff92w0P8AhCz5oUU8ESYP
2qMxbrGvTkvDyoCZEt5Da8pK0uhlpWf7xUkKAySQAfFE2vtGaLuGubJbr9GS9Y5dsabmKLXyu7kE
uHnv+Yp78lY96OxNilKhk0h0t0Tate6mj6ziMqWxMdIYbQAWm20pK8JxwCCocdimm/pZYm3+l2rn
I7zEW6amQ4FpjYDjDa3lLS2FnsVBvnyccmj7IvuU8kTXfoP+z5USbb1eiy085JfYkKyiWhn0/kUk
84KEOAAHnn6UltvTeB0sverd8hLyrBMeZjo/hSwFFpAHngKSf1FU5uWxxSTwE+iejd0u+m5j0dhp
mGLdIbaecUQpTiU5KCfI+VXHk4oN+Klc6BpOzaQuxX+IstjS5I9VRSpTsh7GPvtx3q4TuyWsoizS
dtvdlv7FgkPOOSrNOejKbb7KQT6YUfoRtP60WaXv2rLHqJGog+61+AuKfWeJwhSc7VD7AkDj3qPu
08mvalhHZV21SrU+oOo4clMW+4+hAdZIIQVZDgGfdW/I9whXtVjPic1G1qbpH04sTcnDWpNI2971
EKO2NJjqlR8q/wCFTaQk/wDsnxVT5HOUWvH/AMExShFpkSyOsGomVWTUbFweZucFktqfSvepYbbI
SMD6Hb+lHlu+IaVD1C5MeeKwyiLFDSDhQ9RlO9Kcd0k7iPbcRTclIKrQC666/MWjUtzs8C4KEWe2
qNPOeFKQrYFE+4ShBpm6edfLiWl2ePeFlMBx5bhKs4SlpS+D45A/r70SkoPA4ZWSRehfXC4TdZ6t
fkXt51EnREmW4jdj9+gtLI/X0jz/AMVD0PUEO8vSJX+0PpSIJN1Yaaykh0KORn2O9R+9HL+ClErj
fraYSab63Wy4Xq99NFTUsC5w3XWdnJblNht5Kh7bvTcSfooUwq6npesL9ji3hDciAsSmGQrhUV3a
3tI87F+mc/8AEfBrKu3KC7Y/av8AiW0XpbppbtYXTULbf7ftxjJEZRO2U0tbD7ZPbB9NKj/3garR
r/47bPddLzm71cnfVQVMONHth1JPn2UgHitlHtRLWbBj4hvivvOkfhr6UzrHJLEi96XdltqwAtgi
5TmgEq8jakfqKhaRrq+P/CzqjVl/lH8XeDH2BwnKS86EIxnz6cd1X/tVDlSSHVgh8Q01Nn6AdH9I
uoLUx+zzb/MCz+YzZzgaV9P3MRo/ZQqEg7tUVepk/wCNZS8BHVmEklYVnz/KrX3xcX4bv7OiJ06Z
KmdVdV7kzfbyBwqNbmkL/ARj/wB7KpCh/wDZGfao7e6S/wBym2lgH/7QbX8Tqn1Y0vrJl5bipGiN
PtOuLUFqK2oKGlduP4P0qDWzxu/KD/CT3qpJLQ1kTyuMg/bGc1zYQC4Ugc5xk+aQgq0bd/TkNRw5
zuHH61bzoFfm48JlpSsZxjd34oWXQnos/wBO7+56CF7wFDHGal/SmpCplJcWARVukxUGFsvZdaCg
5kfWnyBODwSVKBpPOwHJK0NDKFfoTWj9yLSThWKPBQL6w1sxb4qvUfH6VXjrD1dbjh1CJPv3NZ88
/tQs936J9Pl1fMsYKv8AUHqdMmznEh/jtkGgOdc3pTgdW99cA4zXzPNy/ddn799H6GPR8KXkTyGj
sS5HPzd8Z811jymn2tr4wpHGCawXqke032b0Nt9u4tjfyvbknnv2FAs283HUt0FqtLCnFuHAS3yS
a9ro+NRj3S8H45/NfqzbfDF7JY0j8NztosqbxqdJ9ZxOQ1g4Gajzqu3GsLjjLZSgZOCD/Sva4IS+
33y8n5T9xTnUSIZ09ch9SUK3bj3J71xiMvPKIIye4JPArN5NBS+3t9++TgUts2nH5it62lKCjkIH
epk6RrxcT5ZUhyk2JyKnYuOUg5x9qZptpWVcKwT3TUxmmdvUdI4Ib/QcZcKFJJKRjI5pdBWSBk4P
1P8Ah9Ks84IbLsU2EAncBnv5ov0HZzeNTwrYgFSXnUoIH3qOWXbBy9hxVySPqh8JWkW4NoiRfR+V
tKc/erXWuOmNGabSfHaselXbxJCnTkKZcpISGW+5780ikgEhAJGecVswQnlqQyNgOTSJttb7vIOB
4PihukCOzsZByPbmkjhAycjjimSJLi/hJx5prdSCQkH5u2KBHn2kobyRkkU3vNK2jJBz2581ROEx
TDYUUDdkH/GuywGiVqV2+tCyJvIw6iuxbQvnn60CXqW5K3JV5qmwivIw3FkFO7nj+GgXXUsMMuBl
Rpwwwl7FRfiTvZJdbSMH3Jqv+nLamZevxPGSr83681PJk2SwSzpjTy5WxtLPyZx2/wCs1O3SnSIh
spc9LCsccdqykraE9EoQ2C2j0lKx9vNcJbYD2zafr5810N2YV2ms5oFsOAJ700zIpW4SFduCSM4p
SWBp2z5yIIKTgcAgEV4pSghIVjznniuY6qxZqBuSpbicZ5GD2+teLW5BIV8hHcckUBTZlDStgBOA
K2KG+Eox353c0DpJWzb1CFJSORjkpNZSQ5lCOQQeO3NFeQ7no1yhXJV2HJ7+awhOE7lrJ8Y96GCV
vB5GdykpHbgkZ4NbtKc27lJz4Io8C+DK2UqXuAJIPfOK8toJVjBIx/FxihDdNm/prSgupcyOxAHa
sBwlJynjjH8/NFjeDbKVDyBjOQMiumd247j8v8sef8qaryCWDJ3kbykjB+1c2kKUslkEeOeeKWgz
o6KThWST7AA967IinkoOSccZzknxStIdXgwhs5253cZ/zrygkqCkdiecZPFOwoyVoDoUQeeeK2Sk
pdw2jA/Wl8DxZh5aiMJwP+KtX1rXkIwM9xjvRSQnb0cpD6k8L4yrv5NJnXUeqpBH5ee/enRLecnF
T4ClICT/AD4rg84UoO3GB785piv2COzrh3LpNqG1oipVJgvxLk26VEEISpbDiQPP+/bP02/eg1p9
6LNQ+y8ptbR3J2E5Se4Oa08iwyx+iNKDrN8G991DaCluRoe8t3CVbEuf7xh9AbdcQnuEgqCsc4yr
xgVGmoLA/pb4aLzGf2My4usIyQkr2uKbVDeKSB5GR3pd3qaJaZDipTrboebUQpJB4PtzU4/CexP1
BpLXK2X1Jm2S1uTbfIQcrbceH4Z8p91CMt9wD/7ETVrYTpIHL71luWsdV3C8WpQhMpIRGjNubEIY
bAS2AT5CUpz9RUiWrrU5oKzu3DTs8IkX11X4xSRtKEIQAEoHcJcWMk9ztx270nkTyTj8GWp4ur7j
P1NfbwzFtllgKus+4PH5WGWhsQDxy4tW4No7qWR2GSLPwettjNiX1FctJQ1b3o4i29KgptIQApKV
+6UuBvcBjcRjgGtYryZztPApvPViHIl2aRcJPoovkR6Wt1Z2qy3LISceceisnj/1lP69ZRGNLWe2
Xa9LRPeQma68CVBphQ/doPPbKdx+pQPBpxusCqtg7Zerw1R1h1bC01Mcdm3Owq23GUs5S462sDH9
35j374xQv8N3VD9oOLsCr2tLUuKIpXuyN3pPBsn67lBX61fc06ZHYnkMOvHWOFcuubenCrMO2hDT
rjKdgfWqK1vUfb50qGfv3zTZrx9EZnU98jI3Qpl7VbAtLmStKkBaB9chscjyKxknSNYpLJIPSG6Y
0zHs8+7pQgvSEiIRkblLKdxPvsST/wDa1C/xHaqjam6iTYgcChOShlTjnP5EZHf+6SB900XSYVbs
YenkL/aC/wBz1PKQhkotyy8od96WEoCgfcqAP3V+tEuqW2o3QS1XG6OtMv39d0npjpTtW0UmCrcT
/dKkLGP+E1k0XjKHr8XbtT/AyzLhNoRckXf0nk7sqfRHdDrBGP4yy88M+QgUu+JzVKOl2tNG9LJT
hcRp+yWyI+FuBO1D7rr7iSeP/Ur7d8kVcY1Kv2RJO7I2scA6hjP3n1mSUXJqIiOtwBXpPNJcC8/X
cB2703dTtTwtIXiJ+w5wcclsoU46Mgkx/wBwdvvlxIHvSpxY7BrqDplyz6YXrGaVKau7KZvq54Wr
1XmVjH0cbOR9U0gs8G3aM6Xu9VbxOKU3iJ6SkDKStxQ3BCR/xNg8nxn2qbcmV4OnQLq9ITrHU29f
7x3Sd0ddKSMhHphCUhPt84/nQBN+IG4WmdOKH1IacaW04tPbgoWB98Guh/6avQkk5MBrF8UF4gdY
2prL6lLZW2kqQo/m+bcP/eA/9mizoH19maj686UlarvBaj36I9Y0xm8KXJ/ElSG3FJI/IlfpY9yk
Y7ZqFJVQNWNeqbxd75/ZwW/VMm5Pfi9LdRp0ZcVSSAG5cVLn58dw9GWMH3P1qrN01fcbw66JT/Dz
gccSDjJHA/xNVzN4ZHG27TJ5+J+3vak050I6Vh70Xomgrd6hVwGhJkSZRUfsh8KNMvWYO3rTGjuh
+h2FLuGoZqZTcTztcKYsBvH/AHAV4/8As2ayltUWhm+OnUem7t8Qd5sGhZfq2DTCWNOWxee8aAwi
Ikj6KUypf/t1DRCkZSc8/wBTRPDoI6D74fdA6e1TqiRq3qCy6dI6VaTcLwG1bTKTuw1EQr/64+5h
seyd6uyTT58TfU6+a/1HGdv76Pxi0GZIaZyG2XHcbW0DwhDaUISPCUgVK8jOvxJz7bPvOklWmAI7
KdJ2tvaCcOKDRCl/cqz/ACoGio37vlPHA+3uKnSoqPuayLe4oYSODwTnikTkdbavlHzHjA80xMVW
l16PMakIJ+VQ5B5P/WKsp0J1GXn46XFHJ4Iycff+dGsiLe9PZ5MJkgkk4wM5xUt6Z/ELbS7vJx4F
W1gnyGtklPN4Qe3bk96J4E8tDhfPkUqGKnL0WhvLnB+tD+quo0S2RlhclIOO+e1Ul5ZtwcT5pqCI
B6vdbmojLilztoycYV3qtPUnqU7fnlenKXnPjmvD+odS5Ptifsv8U+i/aSnNAHJSX2vWKSo9zuPe
uSC2+wWgQk9ua8ZtI/S4pLAlcdds68FW8H+JXvTZetQMttesCEkDuD7V09Pw9zR8/wDWPqcem4pc
XsA+odRzLxI/BRpO5SzgBPmrZ/Bp8M1m0/aW+oOtYqVyFDc2y4MhH/Ovf4+CXK4dPHz/AOD+fPrn
XPn5p8t37Eh9arrY7VY35zxQ0ywnPGBivnl1d14NW6nfMFR9AOHCgc5Fez1nbB9kPB4XSp9tsZbR
AE07AyTg0Sr0mi2xApTB3dzgcj6VwJWzr0N1s00u7TQkx1FBOEoSPzGps0J0XjmAiRdGXE/LkqAP
H9KyknOXaj2fpvEl65CXqLpGz21v8I0FKAHyrURxUWzLclxRAGccE+DWUo/anTZ73WcHfx4Q2y7G
l1fytgEHxnmm/wDDFh70+EqbI571vF2fHc/H2SHi1KUjCCfFTT8JelXtTdSoriGVKRG+ZX05rDq5
dvCyeL8j6x/Drp1NutLLpbHAGMeamZp39zuyQPeteJVAx2z2FLWDnGKwoAEqChyexp7yWInmVLfC
i2RXQRkNpGE0ksgzk8sJaJHfyR4ptfUCnBzzVbJobrm78ob4z7UkZC3HuR/OgRvIbJVyeCa5/hUJ
UkKwM+DVEvB3aaQgb9w4Pak12WlDRVvwDzmrisES3YF6lccWCQMA8fehyTFUvKsn9Kh5LXsMV5Up
LCtn/Ooz19JWwhwbwAfaqjTwwZU34hhHluuJbSdxOD3FRpofT6WrhtSnAUc8/epms0ap4J40Dp1o
NIUpA7DOBUy6LtoZjpCRwPIpUZyeKQ+IaBeKUjHkjmtH2PVlfLwPArXwZmJ7WGQkDOBnmmuXGHzb
kY9sUPAYTPmwgkNnarnzjPNZUgBIShJO7+InGK5TrNmvnC0IwQT3Hesp/Lt/Lxx9qGUn5ZrhJZ3c
DB74PNYd3K+fYoDz9KBPVGUKJwpsHseT5FbpShLRAdO5PIwaLpDS7maJQ5nHfBAOPf3rbaAhR29u
MD/WhugisNmEbklRRuB/vGuiQVJH8Rznj/IUN4sL8I2A3ZU4NvPfPesKQlJOwn5+Md/vzSvI3FUd
VRkqQrHHPHNY/Dkj5cpSrHJ8UWLtMttpQnBUU4GMY/5VlTS28bjgnzRZSvwbFsnKQrPnk/0rm0hK
DwsfPxQw82zdzavCcAFPGRWzLigcBZ453k8H/nTF5Ng6AolwYHjBxWw2KO71fJOB5/0pVkdp4ZqP
zJUpXA8DmsJ5WUpOQfJJ7UtMl5wYKyoFtxW4jwK1Ue7bYIPceQDTGn/ucHxuXtCgCDnHNcnlK2ne
N2eM5/yqifliaQsKAU3ynsB7UmkY2EYyT58/zoRLF+nNSJ0+uV+MhJkNT4b8NTJcKM+oggKyB3So
JV9dtDrzhUeDhQ9jgVaoCSPhk6wQOmutW7dqdzdYL0FwLoxk4Uw8nYpX12Haof8AdqZfix6brs/w
1y71FQ5iHNiR57w5S+60Vhh76BbTvB7HNE1dSRMnTSZTd1SCoeB5HijPpH1qv/SK6wbjp8gKiXNm
4rT/APXwhC0FpXulSHXAR/x1adMc1aybdfdDWHQPUV06FmKf03eGkXayvqSQTFeG4Nn/AIm1bmj9
WzQ5c9QO3f0hLd2lCNgWk8jHv/SpTEsolXTvWiZZOl7+l7JITFiOrjtOR2Rlbu1fqKWVYyoktjcT
jAKEgYBqTfhy+Iy6X7S1/wBFXe5p2zG1PIBJ4Wle5IT9flSOa3jNVQqolHUHXViRfIMyO8hUPS95
ct6mkkla2JMXeknzn1m1/TI+tGV96qXSNAEePLZcT+xWbonalW5TJccDYz5GxTajnwKd9pnV7Azo
91li6J6wr1y5cSbbOVEgOAr2+mv10KUgnxlsnH/Kt+nHUKL0q6y3HTbctKo8ea96LiiMmOiO6UH+
Sk5P1oT8hXgdLl1WTd+qMN+CfWmTWmXnEqIP5W1Bz+QQTUodUOoU26dFGZlvuSEsta5txfQlISVp
ctz7m/IHYFOzv4BpZbKoYNf9fP2bZdNXbRjqGX7m6zFloaWFBhxDuFKKR+UrHpnv3UcVHtz6qt6p
63XJyNKCobSmkJWVApBUFFairtypXf6ChqlTCIWvdRmdH9OfTEpAVOuLdvdeUoBJUhCX1gE+AdnI
5OMCk/xba3c1dc7PpbRWqnWJmkmy1KtzgyZEVOVSXmyO7gc372scp2qT2UKlenIxm+Gb4gDq9202
Ce+Y9lXPNwwSAllpnDTAB8qWlspI9nM0C/Eh8Sa+uPxfXnUku8tI09Hkqlbwo7C2hBabGPJ2hKQP
GK2tVaFr0inpX8TMPXOoZjlthSX0wFJmBG4qUSyG20hIA5yhpAA/vKNOkrUrtztekW7z6jj8R16Q
+tfzF1xcz1ksoA8Nk7T43YNTJqqQkvLEfxNdW9LsdNG7VJuSd7d1mMswrW5uW6ymRHcSFL5Ccuer
2BJCj5rp1Q6pWvV3Sq/9MJCG4SNEWe03hxouA73C76TqR/3Q+ykj/vVPZ4HJ1kj74R9f2xjTfVfq
ZqF0Fp2xtWdLrhO6Ml6W2o4PYrUiOQB9zUcaq6kWy/XBd/jIEViFDdf9F0le95xZSgkD2bCTinOT
cFH2JjDtm5LyCkTUHTTRp/bFvulx1BeBuVukx0xoTa1ZG7ZuU44RnztGfBpn0b1AvTfVuzazmT3F
yI9ziyAvJGPTdQQAAOAAkAAdgKx0aFvNTwm0/CT1y6csL9NFtuFt1OmPjAUp68TWU/b9w8jH0NUi
jR3rhNTbYTZcffWlptCeSpZOAP5kVtyZhFmXGu2Ui43X+Bo5vrJqvUF8lpYtmjI0PSvosKypbMKI
1GcSg/33VslseRvWrxUcfDPqK4X/AKxar+LPVDLRa6eWx29MMY2ti4OERbawgf8AA86hwAfwRVHx
WcsP/YtNtEB3qU5MmrdceLiiSfUXyVfXPvms2Kw3XUt4i6fslvXImTHAyzHR3WongZPAHnJ4ABJ4
FTJ22ylSRI67ha2fwPSTTs1C7LaHVz7pcGFfJcpISQp3PltCctt/QqV3XUeX68yNQ36TeXiSZDhX
tORtHgfoMD9KPgNhFq/XDutGrG08hANntbNsTtTjKUKWQfv89b2C2KnHZk4WexpPI6CFWj1FkrUj
CT3889vame6aeSwtSQz8xHGR+agBMm3lopde/N2zjAqSej11MKewQvGFfl/Wk1Yi5XR/UjciMx6j
nOPPOKnjSV5aU0lAWkeCc1ul3IhumG9suDHC215/Wlz99ahs+ouQEjBOKaiOK7mkgJ1p1hYtyFJa
kgEds1CPUfrqFtO7JoKhk8GuDrOpXDHtP0D+M/Q5cvIpSRAOsOoNw1O+ttcn5QckbuTQ02Q6paHp
G4jJ74r5mU3N2z9s6bpo9PxrjRqHDGd2FWW/72fNYmttZDzDmMJzj3qYRcmadXzLg4G34BTUeqW2
m1sPEkjtzg0Bahv8uYTt3BHhPua+h6bp6Xcz8M/kn1uXPyPjg/2EPQiyQ7pquPc70rDDKgSF55xV
yrZ1z05a7MmL+KShtlPyjP8AlXs9HGpS5fY/PuofdKmVh+K/4oZWs3F6XsUlSI3Ze0nKj9TVeWHV
PSN5c+YnHJrHll3Ss1iqQc6LVBhtGY+kFafyg9ieOafxKfv0kpDg2jOSOyfp+tTajGyox7pJIkvp
d06biqYuEu3jcsAhKxwge33qVr7eImnbGGnJ7Km1DGB3z7VPTVfez63p+mxGJBfUfVLUmS4zDc3J
z8uTn9KCYZL7gZI3bz378k1xc0+6TZ7U1ce1j0/phcZgKWjBPkjtQjf7YlubkJI58jtXTw5jZ8X9
Sj28riK9M6eueobizbLZCcdddISENgknnivoF8DfwuP6Ltjd0u0bMyWQ4snx7CuTqpfc5I8K/b/s
eclUXIvjoCyC0W5tptGOKLN5KQjdn3rtWFRmjKVrUrCe2fevKICuP0qd4KRu2xnLijwK0kBIbKzx
9M00sYENzqFOZG7vxSWWgBGBxxTExpmfO4VKTnHatGkJ9MKAP1Oe9PySzWQtQSNpIOfNafnG72PP
NVVEN2YkPhtokq/QUzz5inGfSUrkc1eiVkYbqyD5J98mmecyptJbSSOPNZmgI6nfVGSQkZ98Got1
/OZEZwryVEflPFaLAmVc60tpkTsBH5vr/pQ7pS1CIttx1OOfI4rKVOWDVaJa0TOhpBa3JJz7k1Me
knEfgApBxlOPrVLODOSHZGd3qKRjBxxWoO50rCh9v9Kt6I0dJTXqxvlbBPnmmScnKCnPHv703hCi
8nzSSlZbyoA/LyO3mtiklKScbRzzXIddG4UQ0SGz37GtWkblH1PPcUFPwbx8ISSk5JOPl4rZTa+Q
oEgjsTyaUilrBqgLAUlI3Edj715Ec7SMc4xgDBpkv3MoQAvCgB5KveujLbf8WSCefv7Uv2NKmaqZ
xIw4RxzhR+tb+kUZU4eFcg5pjqmYQwlasJd5Azjx/WtiAkpKk4V5KjjHNS8sLrB1LSFDascKPk96
y3gqJQ2CR285NFFNr+5qWc5CgAM87PFYUxuyUhIwP4u1FkpWeQVNJyo598dhWimml4cD2dxySqmw
avDNlhKkAjhSa6grB2rWCcjnwfbxS8ZHVSo5ghk/OvAPnFdcFttTSchee3bPmmGDXCyPVB+bHOfN
ZCUO4JVnI70mhpnBWUNqTv5JzlR7c1gFO1RbVnHb60ydbE8g9gCRtPHtSVa0tglYIxxVGbeTlIcT
j95ghPak6tgRvS4SCM4ByBQAnW83sBUeFHHekqlrHCiFDtgeKqqGxK6/6SslQIHc+9Wb+GzrXG6o
9Nbn0C10/wDiFS4JjNrfVn1Wk/k7/wAbZ/L9Me1axXcu33M+RWis2sNPzNLakmaano/fQ3C2SON+
D+b7EY/nTYMBXyqAI55NSi7TCF3UzN70E3pa7Jy/anVPQZC1flbXy4zj2JwsfXd70OFPlIUR2H1o
FVHeLPlRFboz6kH/AITwf0p20prGVpi9RbvEGHWJLbytpISsDgg/fNAUqDLqLrm8XB6Fq2FMLTEx
n8O42knCHGlkjPv3BBPualrpj1tla30LGuMt70nNI21FouLTKsKftSwGkvAfxKZdWN30Wk/w1cZX
hktXkjrXmo7pplV907OdKFS7gylW3P7tTTW4OJ/9p3P2NNFz6uagmXyU5McSHZcURg+nPzJUUkq/
VKcfYUd2KAMulvWWU5NfvV1uwjtyrm3HSUEB1llxCm3SD4SlpSv1WKmfX/XmRqL4Vdc3ewyPQW3d
dPykhggpaL37Uz28pQW0cdsGr462yW3F4IW1X1XkabvMu1Mz/kCEoR6ayUoX+HbCFcf8RJ+4z3FN
zPVOTpC1RzNbVJTdYqHytCsErCVN7VHHKQpAJ/51HdZVUTLY5Vw6s2joXoBUp8ydX6rlT3dwxiKh
1hgKx7bWHyfsaiDrb1sveptf3S82O8OtPM31+bHksLKVhLrinEkK78HBFNusi+BbpfqgjUOr5Opr
ehqB+GhPTZceGnYyt5to/vEIAwhJUAdo43nI44EP3DWl8urqWo6yC+Bv9MZUtR49vc/zNJypFVgn
7p3MtfwmdI5TnVGA9H1ffyh2NZI7u2SzFHIL5HDIWrnH+8ITgbc5pj0p1ZuGqL3cOrF5eQLdpCP+
Ibhtp2Ml5R2Q4qG+20OKKyT32KJzgULVi2AcbXtxgWdjUl7wuUiQ6/bm15OXFbU+sR22o2AJHlXP
imtnqfNkw9Spm3ORvu8FuKE/mCwl5pR3Hv2bz9zR30woWTNX3GxdEoOiY6iym6zVXN9DfHqhALTW
73OfUI9qEpF6kLtrkFSip2UsLdWo5OAOB/19KlvAqobVFKVJA8099NdO3DWPUKxaVtiFLkT57LKA
nuMrGT+gyT9qQy3nSi9XPqp0T+LfqMqQfw6YVmZQhIHplBvKEtJwe2ENZGPr71AXwc6DGu/iV041
Mba/Z1mkKvk8yFbUpjQkKlOZ98pZxjuc0KTk5L2f/pDaSSoaes/VSVru8yGIoW1CclPTnPUP7yW+
6sqcec/4juIA7JHA8kk+sp//AKJ/h40/0pjKAueq1p1TesEbkoU2pu3x1H/hZU4+R7yk+1W1csiW
CHR85+fBwc9jzUh6ks6eiNpc0t6qVasuDOy5lPJs7SgD+FCv/rykkeqR+UENjnfUADr7ydP6XVbU
qInXUBboBP7tkHhP/tHn7CmBtsFQKxuyfy580DqhwtscuKSgjB8cec1JvT6wiStBKck+T2480mws
kr/ZRH7PB9IAAeT2oO1RpV5E0FCOF/XvVywSnkZJekkpYBSjA/6xWunXXLRMbz8m1XJV/jUj2WE6
MdQVsFMd2SQRgjJqxuhteCTHbKXuRjNaxZDVhzH6nNW9sLQ78w4POaF9Z9bm221KErsM4zUc3MuK
J9H9C+lS6rlUmsEGa/65SbkpyLEWo+MhVRrOvs6e+pMlxStwJyo8Zr5XqeZzndn7x9H+nx6PgjjI
gfkiK9vX/Fgdq5u7t34tpQBz+tc6y7Z7LzhG6JrLqPTeXtwOw96HtSajRb0bWnCc8BJNdvScbnK2
fJfyv6nHp+nfb4AefdVSn1KcUCpRP/s0iFok3N1LEVKllWBtGTivoklGJ+A83JLl5HJ+SR9J9JNb
2+1fjlRvSSU7kk96GNfax1JY99rU4UKA7g4/rT4+VuNLRg0myLJTsidILjzhKlHJ5rtDjJC8kZV7
DsaBj5aFPSXhGiHJV5PIFS90x01HMf8AFOs+oWhkA8gn3NZ8jukel9N4Pu8tsl6Dq2NaoHrJiJKW
04UjHCeO1Rlr7WpfecEaQpLKjuDajV8vJHh46Xk+16bp4wdkbzZTs+aVKCvmPCDRLojTKn3U3GWk
pQnzn+deZLOPcJyUU5PwOerp0ZxOzBSkDAGRk036C6Nar6s3tEezw9rBOFPK7fpXbyci6fis+H6u
f3uZsvB8MnwWWLR6I8iRbw7JwN7zieTVydAdPI1mZbCGUpAAwMVh03C0/uz2zhnPuwg/iRPRQNgA
CRjPtSoIOQgcY5Jrs8CR19Ij8v3PNcinKsJ4HmlVDO6VpDfzp496TTHQU/KPtVITG/O4nBwRyAK4
SV7kHKxx3oRLoapiUkcDnuQfNc2nU+hyfrmmlZLZxkO707QO/bJrEQbW/mV38VRDdZEVzfSBkHI9
qZZMgZyCTx4q2siTG6Y8gEKyCO3emW7SWhuKeFePes/ksCtRuesVbhtqMtcR2nW1hwnOe+e9O/I8
EEaz0wqdcVKUMjPAoWvcRFl5Ix6YzhI7VMY22WjtoG/rmT20tucbsYBOSKsJoScH4iE7+wGOTxSi
3YphM2SpOCoYNKIjXqAL/mcVrsxsUS0oaaCQMk/1obvBCitWOPfn+VVJUhLdn//Z

------=_NextPart_000_01CF_01CEC5D8.52C541B0--


From hallam@gmail.com  Thu Oct 10 14:20:30 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4498A21E8087 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 14:20:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.579
X-Spam-Level: 
X-Spam-Status: No, score=-2.579 tagged_above=-999 required=5 tests=[AWL=0.020,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NuHqL5ofyLfd for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 14:20:23 -0700 (PDT)
Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) by ietfa.amsl.com (Postfix) with ESMTP id C617D21E805F for <perpass@ietf.org>; Thu, 10 Oct 2013 14:20:19 -0700 (PDT)
Received: by mail-lb0-f180.google.com with SMTP id q8so2568010lbi.25 for <perpass@ietf.org>; Thu, 10 Oct 2013 14:20:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=pzJfxWOhTg5xiuSXxtCflZ1N14JCTHu+ZDOYU0vPRK0=; b=JPdW2m1tCPPJthmHQ4RA/bi1o9yT6wy5moQHJNZp3JYEWp9C6pI8/rW5EW4r8kL1+8 5haKzqSQNrKAdgDIH8XCpjFMtgFZvsDuWtoJQxy4EN7d12I/K3ElBToXhDXaumOsrXrR 9nirJhQj5grynmMHExkHNV/OSe0QhHS7vHDG8ClpQ5yEDmXq002fno3GTtSOARDRrNRO ZU6Rdr7GIZTOtpNH21IQgfkygN9GfxJrvXKUdD4QVmZLgW6+9/u5afIobAraZ5RdXHTf h4uVqa5IQz+mZszQCixJuk8jR25v7FeDw7nKdNO9FlhHbotv1Kxnhe/LbqYxS2ZRhm/6 opqw==
MIME-Version: 1.0
X-Received: by 10.112.146.200 with SMTP id te8mr3445211lbb.32.1381440018758; Thu, 10 Oct 2013 14:20:18 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Thu, 10 Oct 2013 14:20:18 -0700 (PDT)
Date: Thu, 10 Oct 2013 17:20:18 -0400
Message-ID: <CAMm+LwhCRKMdptth28yguZNyymm4dcALu0yACMjNwQ=JA1YbPw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: perpass <perpass@ietf.org>
Content-Type: multipart/alternative; boundary=047d7b3a83d498c3a704e86991de
Subject: [perpass] PKCS#12 needs fix'n
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 21:20:30 -0000

--047d7b3a83d498c3a704e86991de
Content-Type: text/plain; charset=ISO-8859-1

Looking at some comments from Peter Guttman from way back he reports having
a large collection of PKCS#12 files with private keys and no password.

Ooops

So I am wondering if this might be one of the holes being exploited? It
would be consistent with a lot of what we have heard.

There seem to be several issues

1) Chronic usability issues on Windows re PFX PKCS#12 which leads users to
export without a password

2) Weak cipher suites. The strongest seems to be 3DES, I suspect the
default is RC4 which is one of the ciphers I trust least right now.


The ciphersuites issue seems to be a real problem. PKCS#12 does not use
standard identifiers so a new one has to be cut each time and because it is
a low priority it tends to lag. It is also unnecessarily captive to the
legacy base.

There is a draft to update PKCS#12 and to put it under IETF control. I
think it needs to be given a higher priority (the draft has expired BTW).

It could also do to have some examples. I am finding the draft very opaque
without.

http://tools.ietf.org/html/draft-moriarty-pkcs12v1-1-01


-- 
Website: http://hallambaker.com/

--047d7b3a83d498c3a704e86991de
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Looking at some comments from Peter Guttman from way =
back he reports having a large collection of PKCS#12 files with private key=
s and no password.=A0</div><div><br></div><div>Ooops</div><div><br></div><d=
iv>
So I am wondering if this might be one of the holes being exploited? It wou=
ld be consistent with a lot of what we have heard.</div><div><br></div><div=
>There seem to be several issues</div><div><br></div><div>1) Chronic usabil=
ity issues on Windows re PFX PKCS#12 which leads users to export without a =
password</div>
<div><br></div><div>2) Weak cipher suites. The strongest seems to be 3DES, =
I suspect the default is RC4 which is one of the ciphers I trust least righ=
t now.</div><div><br></div><div><br></div><div>The ciphersuites issue seems=
 to be a real problem. PKCS#12 does not use standard identifiers so a new o=
ne has to be cut each time and because it is a low priority it tends to lag=
. It is also unnecessarily captive to the legacy base.</div>
<div><br></div><div>There is a draft to update PKCS#12 and to put it under =
IETF control. I think it needs to be given a higher priority (the draft has=
 expired BTW).</div><div><br></div><div>It could also do to have some examp=
les. I am finding the draft very opaque without.</div>
<div><br></div><div><a href=3D"http://tools.ietf.org/html/draft-moriarty-pk=
cs12v1-1-01">http://tools.ietf.org/html/draft-moriarty-pkcs12v1-1-01</a><br=
></div><div><br clear=3D"all"><div><br></div>-- <br>Website: <a href=3D"htt=
p://hallambaker.com/">http://hallambaker.com/</a><br>

</div></div>

--047d7b3a83d498c3a704e86991de--

From kathleen.moriarty@emc.com  Thu Oct 10 14:28:01 2013
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0767521F9D90 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 14:28:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YyPUysPpFOYS for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 14:27:54 -0700 (PDT)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id 578D221F9D0A for <perpass@ietf.org>; Thu, 10 Oct 2013 14:27:46 -0700 (PDT)
Received: from maildlpprd01.lss.emc.com (maildlpprd01.lss.emc.com [10.253.24.33]) by mailuogwprd01.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9ALRhwH021362 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Oct 2013 17:27:44 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd01.lss.emc.com r9ALRhwH021362
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1381440464; bh=5z0D/2Vmu07f7wg5eUG49JJWbBk=; h=From:To:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=CZk7eSrTYixUBGux62SSSFEcOPOYbxCp9nxc7UQvaSimFgvEyDKDodZtC7Wee77y1 2yxTODcB2TxUgjbF2PB0gcleBF+03cUvg++ew5fvEU2Ve65Gb0IQqHRCfhp0M/BVzK oyS2mWHQk8sAGASvcvdG/5XzIjKme18pAsUkjhYk=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd01.lss.emc.com r9ALRhwH021362
Received: from mailusrhubprd04.lss.emc.com (mailusrhubprd04.lss.emc.com [10.253.24.22]) by maildlpprd01.lss.emc.com (RSA Interceptor); Thu, 10 Oct 2013 17:27:27 -0400
Received: from mxhub10.corp.emc.com (mxhub10.corp.emc.com [10.254.92.105]) by mailusrhubprd04.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9ALRQA3017030 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 10 Oct 2013 17:27:27 -0400
Received: from mx15a.corp.emc.com ([169.254.1.46]) by mxhub10.corp.emc.com ([10.254.92.105]) with mapi; Thu, 10 Oct 2013 17:27:27 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: Phillip Hallam-Baker <hallam@gmail.com>, perpass <perpass@ietf.org>
Date: Thu, 10 Oct 2013 17:27:21 -0400
Thread-Topic: [perpass] PKCS#12 needs fix'n
Thread-Index: Ac7F/pK3Xps1Y5wITWKeFhpFFelsBAAAF9HA
Message-ID: <F5063677821E3B4F81ACFB7905573F24049E8BC61F@MX15A.corp.emc.com>
References: <CAMm+LwhCRKMdptth28yguZNyymm4dcALu0yACMjNwQ=JA1YbPw@mail.gmail.com>
In-Reply-To: <CAMm+LwhCRKMdptth28yguZNyymm4dcALu0yACMjNwQ=JA1YbPw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_F5063677821E3B4F81ACFB7905573F24049E8BC61FMX15Acorpemcc_"
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd04.lss.emc.com
X-EMM-GWVC: 1
X-RSA-Classifications: public
X-EMM-McAfeeVC: 1
Subject: Re: [perpass] PKCS#12 needs fix'n
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 21:28:01 -0000

--_000_F5063677821E3B4F81ACFB7905573F24049E8BC61FMX15Acorpemcc_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello,

I should have a new version of the draft out soon, hopefully before the nex=
t meeting.  My working version has incorporated most of the adjustments req=
uested by the sponsoring AD and the document shepherd.  I am just waiting o=
n some language on transferring change control to ensure this is done prope=
rly.  We will get this version transferred and then updates can be made in =
a new document to revise as needed.

It does have a high priority, but we need to do this correctly so that ther=
e are no issues with the transfer.  I chose to let it expire rather than pr=
ovide an update without the right language in the document for the transfer=
, since this would happen soon.

Thank you,
Kathleen

From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf =
Of Phillip Hallam-Baker
Sent: Thursday, October 10, 2013 5:20 PM
To: perpass
Subject: [perpass] PKCS#12 needs fix'n

Looking at some comments from Peter Guttman from way back he reports having=
 a large collection of PKCS#12 files with private keys and no password.

Ooops

So I am wondering if this might be one of the holes being exploited? It wou=
ld be consistent with a lot of what we have heard.

There seem to be several issues

1) Chronic usability issues on Windows re PFX PKCS#12 which leads users to =
export without a password

2) Weak cipher suites. The strongest seems to be 3DES, I suspect the defaul=
t is RC4 which is one of the ciphers I trust least right now.


The ciphersuites issue seems to be a real problem. PKCS#12 does not use sta=
ndard identifiers so a new one has to be cut each time and because it is a =
low priority it tends to lag. It is also unnecessarily captive to the legac=
y base.

There is a draft to update PKCS#12 and to put it under IETF control. I thin=
k it needs to be given a higher priority (the draft has expired BTW).

It could also do to have some examples. I am finding the draft very opaque =
without.

http://tools.ietf.org/html/draft-moriarty-pkcs12v1-1-01


--
Website: http://hallambaker.com/

--_000_F5063677821E3B4F81ACFB7905573F24049E8BC61FMX15Acorpemcc_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV=3D"Content-Type" CONTENT=
=3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator content=3D"Micros=
oft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue vli=
nk=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><span style=3D'f=
ont-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hello,<o:=
p></o:p></span></p><p class=3DMsoNormal><span style=3D'font-size:11.0pt;fon=
t-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p>=
<p class=3DMsoNormal><span style=3D'font-size:11.0pt;font-family:"Calibri",=
"sans-serif";color:#1F497D'>I should have a new version of the draft out so=
on, hopefully before the next meeting.&nbsp; My working version has incorpo=
rated most of the adjustments requested by the sponsoring AD and the docume=
nt shepherd.&nbsp; I am just waiting on some language on transferring chang=
e control to ensure this is done properly.&nbsp; We will get this version t=
ransferred and then updates can be made in a new document to revise as need=
ed.<o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'font-size:11.0=
pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></spa=
n></p><p class=3DMsoNormal><span style=3D'font-size:11.0pt;font-family:"Cal=
ibri","sans-serif";color:#1F497D'>It does have a high priority, but we need=
 to do this correctly so that there are no issues with the transfer.&nbsp; =
I chose to let it expire rather than provide an update without the right la=
nguage in the document for the transfer, since this would happen soon.<o:p>=
</o:p></span></p><p class=3DMsoNormal><span style=3D'font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p=
 class=3DMsoNormal><span style=3D'font-size:11.0pt;font-family:"Calibri","s=
ans-serif";color:#1F497D'>Thank you,<o:p></o:p></span></p><p class=3DMsoNor=
mal><span style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";colo=
r:#1F497D'>Kathleen<o:p></o:p></span></p><p class=3DMsoNormal><span style=
=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p=
>&nbsp;</o:p></span></p><p class=3DMsoNormal><b><span style=3D'font-size:10=
.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style=3D'font=
-size:10.0pt;font-family:"Tahoma","sans-serif"'> perpass-bounces@ietf.org [=
mailto:perpass-bounces@ietf.org] <b>On Behalf Of </b>Phillip Hallam-Baker<b=
r><b>Sent:</b> Thursday, October 10, 2013 5:20 PM<br><b>To:</b> perpass<br>=
<b>Subject:</b> [perpass] PKCS#12 needs fix'n<o:p></o:p></span></p><p class=
=3DMsoNormal><o:p>&nbsp;</o:p></p><div><div><p class=3DMsoNormal>Looking at=
 some comments from Peter Guttman from way back he reports having a large c=
ollection of PKCS#12 files with private keys and no password.&nbsp;<o:p></o=
:p></p></div><div><p class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p c=
lass=3DMsoNormal>Ooops<o:p></o:p></p></div><div><p class=3DMsoNormal><o:p>&=
nbsp;</o:p></p></div><div><p class=3DMsoNormal>So I am wondering if this mi=
ght be one of the holes being exploited? It would be consistent with a lot =
of what we have heard.<o:p></o:p></p></div><div><p class=3DMsoNormal><o:p>&=
nbsp;</o:p></p></div><div><p class=3DMsoNormal>There seem to be several iss=
ues<o:p></o:p></p></div><div><p class=3DMsoNormal><o:p>&nbsp;</o:p></p></di=
v><div><p class=3DMsoNormal>1) Chronic usability issues on Windows re PFX P=
KCS#12 which leads users to export without a password<o:p></o:p></p></div><=
div><p class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p class=3DMsoNorm=
al>2) Weak cipher suites. The strongest seems to be 3DES, I suspect the def=
ault is RC4 which is one of the ciphers I trust least right now.<o:p></o:p>=
</p></div><div><p class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p clas=
s=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p class=3DMsoNormal>The ciph=
ersuites issue seems to be a real problem. PKCS#12 does not use standard id=
entifiers so a new one has to be cut each time and because it is a low prio=
rity it tends to lag. It is also unnecessarily captive to the legacy base.<=
o:p></o:p></p></div><div><p class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><d=
iv><p class=3DMsoNormal>There is a draft to update PKCS#12 and to put it un=
der IETF control. I think it needs to be given a higher priority (the draft=
 has expired BTW).<o:p></o:p></p></div><div><p class=3DMsoNormal><o:p>&nbsp=
;</o:p></p></div><div><p class=3DMsoNormal>It could also do to have some ex=
amples. I am finding the draft very opaque without.<o:p></o:p></p></div><di=
v><p class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p class=3DMsoNormal=
><a href=3D"http://tools.ietf.org/html/draft-moriarty-pkcs12v1-1-01">http:/=
/tools.ietf.org/html/draft-moriarty-pkcs12v1-1-01</a><o:p></o:p></p></div><=
div><p class=3DMsoNormal><br clear=3Dall><o:p></o:p></p><div><p class=3DMso=
Normal><o:p>&nbsp;</o:p></p></div><p class=3DMsoNormal>-- <br>Website: <a h=
ref=3D"http://hallambaker.com/">http://hallambaker.com/</a><o:p></o:p></p><=
/div></div></div></body></html>=

--_000_F5063677821E3B4F81ACFB7905573F24049E8BC61FMX15Acorpemcc_--

From housley@vigilsec.com  Thu Oct 10 14:41:58 2013
Return-Path: <housley@vigilsec.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9340821E8094 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 14:41:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.522
X-Spam-Level: 
X-Spam-Status: No, score=-102.522 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fnBaE7zrecM2 for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 14:41:53 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by ietfa.amsl.com (Postfix) with ESMTP id 8773011E80E2 for <perpass@ietf.org>; Thu, 10 Oct 2013 14:41:51 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id 8A527F2409A; Thu, 10 Oct 2013 17:42:10 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id XdRDWWNmmDaH; Thu, 10 Oct 2013 17:41:46 -0400 (EDT)
Received: from [192.168.2.107] (pool-71-191-197-233.washdc.fios.verizon.net [71.191.197.233]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 99C65F24093; Thu, 10 Oct 2013 17:42:08 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: multipart/alternative; boundary=Apple-Mail-126--592817620
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <F5063677821E3B4F81ACFB7905573F24049E8BC61F@MX15A.corp.emc.com>
Date: Thu, 10 Oct 2013 17:41:48 -0400
Message-Id: <8476775E-4828-47BC-9812-55DD75695A51@vigilsec.com>
References: <CAMm+LwhCRKMdptth28yguZNyymm4dcALu0yACMjNwQ=JA1YbPw@mail.gmail.com> <F5063677821E3B4F81ACFB7905573F24049E8BC61F@MX15A.corp.emc.com>
To: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
X-Mailer: Apple Mail (2.1085)
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] PKCS#12 needs fix'n
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 21:41:58 -0000

--Apple-Mail-126--592817620
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Kathleen:

Thanks for working to transfer change control to the IETF.  Once this =
happens, the community can work to resolve any shortcomings in the =
specification in an open and transparent manner.

Once the specification is done, hopefully all of the implementers will =
quickly incorporate the improvements.

Russ


On Oct 10, 2013, at 5:27 PM, Moriarty, Kathleen wrote:

> Hello,
> =20
> I should have a new version of the draft out soon, hopefully before =
the next meeting.  My working version has incorporated most of the =
adjustments requested by the sponsoring AD and the document shepherd.  I =
am just waiting on some language on transferring change control to =
ensure this is done properly.  We will get this version transferred and =
then updates can be made in a new document to revise as needed.
> =20
> It does have a high priority, but we need to do this correctly so that =
there are no issues with the transfer.  I chose to let it expire rather =
than provide an update without the right language in the document for =
the transfer, since this would happen soon.
> =20
> Thank you,
> Kathleen
> =20
> From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On =
Behalf Of Phillip Hallam-Baker
> Sent: Thursday, October 10, 2013 5:20 PM
> To: perpass
> Subject: [perpass] PKCS#12 needs fix'n
> =20
> Looking at some comments from Peter Guttman from way back he reports =
having a large collection of PKCS#12 files with private keys and no =
password.=20
> =20
> Ooops
> =20
> So I am wondering if this might be one of the holes being exploited? =
It would be consistent with a lot of what we have heard.
> =20
> There seem to be several issues
> =20
> 1) Chronic usability issues on Windows re PFX PKCS#12 which leads =
users to export without a password
> =20
> 2) Weak cipher suites. The strongest seems to be 3DES, I suspect the =
default is RC4 which is one of the ciphers I trust least right now.
> =20
> =20
> The ciphersuites issue seems to be a real problem. PKCS#12 does not =
use standard identifiers so a new one has to be cut each time and =
because it is a low priority it tends to lag. It is also unnecessarily =
captive to the legacy base.
> =20
> There is a draft to update PKCS#12 and to put it under IETF control. I =
think it needs to be given a higher priority (the draft has expired =
BTW).
> =20
> It could also do to have some examples. I am finding the draft very =
opaque without.
> =20
> http://tools.ietf.org/html/draft-moriarty-pkcs12v1-1-01
>=20
> =20
> --=20
> Website: http://hallambaker.com/
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass


--Apple-Mail-126--592817620
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
">Kathleen:<div><br></div><div>Thanks for working to transfer change =
control to the IETF. &nbsp;Once this happens, the community can work to =
resolve any shortcomings in the specification in an open and transparent =
manner.</div><div><br></div><div>Once the specification is done, =
hopefully all of the implementers will quickly incorporate the =
improvements.</div><div><br></div><div>Russ</div><div><br></div><div><br><=
div><div>On Oct 10, 2013, at 5:27 PM, Moriarty, Kathleen wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
font-family: Helvetica; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: =
none; white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div =
lang=3D"EN-US" link=3D"blue" vlink=3D"purple"><div class=3D"WordSection1" =
style=3D"page: WordSection1; "><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; "><span style=3D"font-size: =
11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); =
">Hello,<o:p></o:p></span></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; "><span style=3D"font-size: =
11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); =
"><o:p>&nbsp;</o:p></span></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; "><span style=3D"font-size: =
11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">I =
should have a new version of the draft out soon, hopefully before the =
next meeting.&nbsp; My working version has incorporated most of the =
adjustments requested by the sponsoring AD and the document =
shepherd.&nbsp; I am just waiting on some language on transferring =
change control to ensure this is done properly.&nbsp; We will get this =
version transferred and then updates can be made in a new document to =
revise as needed.<o:p></o:p></span></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; "><span style=3D"font-size: =
11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); =
"><o:p>&nbsp;</o:p></span></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; "><span style=3D"font-size: =
11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">It =
does have a high priority, but we need to do this correctly so that =
there are no issues with the transfer.&nbsp; I chose to let it expire =
rather than provide an update without the right language in the document =
for the transfer, since this would happen =
soon.<o:p></o:p></span></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; "><span style=3D"font-size: =
11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); =
"><o:p>&nbsp;</o:p></span></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; "><span style=3D"font-size: =
11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Thank =
you,<o:p></o:p></span></div><div style=3D"margin-top: 0in; margin-right: =
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; =
font-family: 'Times New Roman', serif; "><span style=3D"font-size: 11pt; =
font-family: Calibri, sans-serif; color: rgb(31, 73, 125); =
">Kathleen<o:p></o:p></span></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; "><span style=3D"font-size: =
11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); =
"><o:p>&nbsp;</o:p></span></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; "><b><span =
style=3D"font-size: 10pt; font-family: Tahoma, sans-serif; =
">From:</span></b><span style=3D"font-size: 10pt; font-family: Tahoma, =
sans-serif; "><span class=3D"Apple-converted-space">&nbsp;</span><a =
href=3D"mailto:perpass-bounces@ietf.org" style=3D"color: blue; =
text-decoration: underline; ">perpass-bounces@ietf.org</a><span =
class=3D"Apple-converted-space">&nbsp;</span>[mailto:perpass-bounces@ietf.=
org]<span class=3D"Apple-converted-space">&nbsp;</span><b>On Behalf =
Of<span class=3D"Apple-converted-space">&nbsp;</span></b>Phillip =
Hallam-Baker<br><b>Sent:</b><span =
class=3D"Apple-converted-space">&nbsp;</span>Thursday, October 10, 2013 =
5:20 PM<br><b>To:</b><span =
class=3D"Apple-converted-space">&nbsp;</span>perpass<br><b>Subject:</b><sp=
an class=3D"Apple-converted-space">&nbsp;</span>[perpass] PKCS#12 needs =
fix'n<o:p></o:p></span></div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; =
"><o:p>&nbsp;</o:p></div><div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; ">Looking at some comments =
from Peter Guttman from way back he reports having a large collection of =
PKCS#12 files with private keys and no =
password.&nbsp;<o:p></o:p></div></div><div><div style=3D"margin-top: =
0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; =
font-size: 12pt; font-family: 'Times New Roman', serif; =
"><o:p>&nbsp;</o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; =
">Ooops<o:p></o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; =
"><o:p>&nbsp;</o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; ">So I am wondering if this =
might be one of the holes being exploited? It would be consistent with a =
lot of what we have heard.<o:p></o:p></div></div><div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New =
Roman', serif; "><o:p>&nbsp;</o:p></div></div><div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New =
Roman', serif; ">There seem to be several =
issues<o:p></o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; =
"><o:p>&nbsp;</o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; ">1) Chronic usability =
issues on Windows re PFX PKCS#12 which leads users to export without a =
password<o:p></o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; =
"><o:p>&nbsp;</o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; ">2) Weak cipher suites. =
The strongest seems to be 3DES, I suspect the default is RC4 which is =
one of the ciphers I trust least right =
now.<o:p></o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; =
"><o:p>&nbsp;</o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; =
"><o:p>&nbsp;</o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; ">The ciphersuites issue =
seems to be a real problem. PKCS#12 does not use standard identifiers so =
a new one has to be cut each time and because it is a low priority it =
tends to lag. It is also unnecessarily captive to the legacy =
base.<o:p></o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; =
"><o:p>&nbsp;</o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; ">There is a draft to =
update PKCS#12 and to put it under IETF control. I think it needs to be =
given a higher priority (the draft has expired =
BTW).<o:p></o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; =
"><o:p>&nbsp;</o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; ">It could also do to have =
some examples. I am finding the draft very opaque =
without.<o:p></o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; =
"><o:p>&nbsp;</o:p></div></div><div><div style=3D"margin-top: 0in; =
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: =
12pt; font-family: 'Times New Roman', serif; "><a =
href=3D"http://tools.ietf.org/html/draft-moriarty-pkcs12v1-1-01" =
style=3D"color: blue; text-decoration: underline; =
">http://tools.ietf.org/html/draft-moriarty-pkcs12v1-1-01</a><o:p></o:p></=
div></div><div><div style=3D"margin-top: 0in; margin-right: 0in; =
margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: =
'Times New Roman', serif; "><br clear=3D"all"><o:p></o:p></div><div><div =
style=3D"margin-top: 0in; margin-right: 0in; margin-left: 0in; =
margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New =
Roman', serif; "><o:p>&nbsp;</o:p></div></div><div style=3D"margin-top: =
0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; =
font-size: 12pt; font-family: 'Times New Roman', serif; ">--<span =
class=3D"Apple-converted-space">&nbsp;</span><br>Website:<span =
class=3D"Apple-converted-space">&nbsp;</span><a =
href=3D"http://hallambaker.com/" style=3D"color: blue; text-decoration: =
underline; =
">http://hallambaker.com/</a><o:p></o:p></div></div></div></div>__________=
_____________________________________<br>perpass mailing list<br><a =
href=3D"mailto:perpass@ietf.org" style=3D"color: blue; text-decoration: =
underline; ">perpass@ietf.org</a><br><a =
href=3D"https://www.ietf.org/mailman/listinfo/perpass" style=3D"color: =
blue; text-decoration: underline; =
">https://www.ietf.org/mailman/listinfo/perpass</a><br></div></span></bloc=
kquote></div><br></div></body></html>=

--Apple-Mail-126--592817620--

From kent@bbn.com  Thu Oct 10 14:57:37 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD11B21F9E7E for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 14:57:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.397
X-Spam-Level: 
X-Spam-Status: No, score=-106.397 tagged_above=-999 required=5 tests=[AWL=0.202, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w+NBsQovfXuZ for <perpass@ietfa.amsl.com>; Thu, 10 Oct 2013 14:57:31 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id DEFC621F9BB5 for <perpass@ietf.org>; Thu, 10 Oct 2013 14:57:27 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:52945) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VUOEW-0007pd-Nu; Thu, 10 Oct 2013 17:57:24 -0400
Message-ID: <525722C4.4020408@bbn.com>
Date: Thu, 10 Oct 2013 17:57:24 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie>
In-Reply-To: <5256FB71.8040903@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 21:57:37 -0000

Hay,

> Hiya,
>>> I...
> I disagree. IMO all the snowdonia stuff is very good evidence that
> we need to do better. And "enforcer" is not at issue.
Can yo be more specific here? I have not examined all of what is being made
public; I do have a day job :-) .
> And the 2nd. But the 2nd is a case where there's a teeny bit of
> crypto baked into websockets so that websockets just doesn't
> work without it. But not one to rathole on.
OK, moving on.
> ...
> Going back to a mail from Yoav a few weeks ago - we're not trying to
> prevent state surveillance, but we would like to make it more
> expensive so Yoav isn't on the list of folks that they can afford
> to surveil. Assuming we share that description as a goal, (do we?)
> what other kind of folks do you think we might need to make progress
> on that?
I understand the goal of making life harder for state surveillance.
However, I am not willing (personally) to incur any degraded user 
experience,
premature cell phone battery depletion, etc in order to support this goal.
I suspect, but cannot prove, that most users would express similar feelings.

But, if there are things we can do that are "free" of adverse impacts,
and supportive of the goal you noted, we should consider them.
> There is a fair point there but dealing with what people do on FB
> is not really within the IETF's scope I think. Making it harder for
> a few hacked nodes to record everything everyone does is though.
> (And if we can do that well, I suspect we'll get a bunch of other
> security benefits too.)
I use Gmail for some traffic. If I really cared about the confidentiality
of that traffic, I should choose another provider. How many million
folks make the same decision?

I use the weather channel to check forecasts for my home area, and
for airports en route to destinations, and for vacation and work
trips. I see ads popping up that are a obvious, direct result of
the WC folks having access to cookies from my browser! Somehow
I learned to live with that ;-) .
> And there's also the user-consent issue - regardless of what one
> thinks about web site T&C, it is absolutely the case that users
> have not given permission for the pervasive monitoring that's
> been reported.
Agreed.

Steve

From benl@google.com  Fri Oct 11 07:47:21 2013
Return-Path: <benl@google.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8434D21E8125 for <perpass@ietfa.amsl.com>; Fri, 11 Oct 2013 07:47:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level: 
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dIA84WL4Rw9f for <perpass@ietfa.amsl.com>; Fri, 11 Oct 2013 07:47:21 -0700 (PDT)
Received: from mail-vb0-x22f.google.com (mail-vb0-x22f.google.com [IPv6:2607:f8b0:400c:c02::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 0410021E816A for <perpass@ietf.org>; Fri, 11 Oct 2013 07:47:16 -0700 (PDT)
Received: by mail-vb0-f47.google.com with SMTP id h10so2790378vbh.6 for <perpass@ietf.org>; Fri, 11 Oct 2013 07:47:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=nkdyiwHSffhUFVWqNTyjRRsdSNY/KkfCi0dXBrx3hy4=; b=TqXw6Wxrgk+adfHWG4w1XTOPG5gIT24Rbo3DUToJHBt8nuUJBWhfEm05TqTzGWk6oG 5vstuyksFq0Tscs6xRigT2m2rmw4ShoVm0v5Kb1JMg2JDKfDHk6De0Zu8Hk28nRk7NO5 DBLDF+DBend/rVxrN6BFeqV55mQLeTfwAimy4WD017yFvTQUiUhxEAKrjAAXIz5SxdfZ oRYcG4NU4cIydno+M18obvGY21TE9jyeIxa/r6uZzFaqJvk97JgbGRIvBVkjF8vBB5pU ykzBj7QpwxHHPUwk78FkFZ41rnCdSLw9Cc3tygEH/dRdLfoJkd5bafT4zwQhu5fenKlG A1Kw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=nkdyiwHSffhUFVWqNTyjRRsdSNY/KkfCi0dXBrx3hy4=; b=N5Ui+B96rTIDyhjvihyWyjz77DIDwpymtJdRqBIM8k0z6etpd03dK/nlWgXhmX2rvb 13+hh8aXmlxt0XLiGpkSMUxZKqtYh+MSyIveGv6Kkx0jHQljeEIqrjBy9NzP5A7/ZECF gxJ4my2+9lrpeXWxMApRBX4vuQP3mmL+KmU0p0r4TPBwm02WYo0L9e52p+Ru142T8T8e gKPD3gKR1SGPwamqNunTwOs41WObwyA5opeWWTYHSoHfaoV3Zy0Qzz90xltPLDfFhT40 mz0WhvJgl1uKgByqOClVLC053ebPjs8JvabodWWV3qZXsTMoiY88qUTUcjIGfu2ZuSnf VzZQ==
X-Gm-Message-State: ALoCoQnm1G24hb9JBTcXzPoHqOIXZLE3nwCxgjQLmEvr1T9P6TvzrmmKxtBvfIcDfMAzGXwUz0aSasLQbbOBCBBAjgwaEZDjPpwaYyzNmJYV+UINTlfQwXX7+xvhsIpgn4RsxIHyLo52YFq/wvgZkBFsI+RaHRXbNQ6v+lzAcJ8+NaoXinHJuPjA8Yt3OsF0sCCzk2uhd14I
MIME-Version: 1.0
X-Received: by 10.52.33.147 with SMTP id r19mr1320835vdi.37.1381502836138; Fri, 11 Oct 2013 07:47:16 -0700 (PDT)
Received: by 10.52.183.65 with HTTP; Fri, 11 Oct 2013 07:47:15 -0700 (PDT)
In-Reply-To: <00c301cec5ca$f1463960$d3d2ac20$@shockey.us>
References: <CE7B3135.A6F68%jon.peterson@neustar.biz> <5255E71E.1080007@cs.tcd.ie> <018701cec568$daa5e960$8ff1bc20$@huitema.net> <52566837.3070500@cs.tcd.ie> <009b01cec5c6$1670f0e0$4352d2a0$@shockey.us> <5256BF0A.5040401@gmail.com> <00c301cec5ca$f1463960$d3d2ac20$@shockey.us>
Date: Fri, 11 Oct 2013 15:47:15 +0100
Message-ID: <CABrd9SSyT+_jdz1S3cXb1QDvgJuFpWE7u825ux6NHxG2KTxJAw@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Richard Shockey <richard@shockey.us>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>, Christian Huitema <huitema@huitema.net>, "Peterson, Jon" <jon.peterson@neustar.biz>, rutkowski.tony@gmail.com, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 14:47:21 -0000

On 10 October 2013 16:11, Richard Shockey <richard@shockey.us> wrote:
> The point we clearly agree on is that a productive discussion on this
> subject would be the usability and deployability of security protocols. I
> there has been a failure it lies there.
>
> I totally agree the concepts of risk management and ultimately reputation
> management are central to mitigating the problems we now see.

+1.

From rlb@ipv.sx  Fri Oct 11 07:56:49 2013
Return-Path: <rlb@ipv.sx>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06B3A11E81F5 for <perpass@ietfa.amsl.com>; Fri, 11 Oct 2013 07:56:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.88
X-Spam-Level: 
X-Spam-Status: No, score=-2.88 tagged_above=-999 required=5 tests=[AWL=0.096,  BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jyb2q+ESU5Sc for <perpass@ietfa.amsl.com>; Fri, 11 Oct 2013 07:56:41 -0700 (PDT)
Received: from mail-oa0-f52.google.com (mail-oa0-f52.google.com [209.85.219.52]) by ietfa.amsl.com (Postfix) with ESMTP id 5F76711E81E0 for <perpass@ietf.org>; Fri, 11 Oct 2013 07:56:25 -0700 (PDT)
Received: by mail-oa0-f52.google.com with SMTP id n2so2484002oag.39 for <perpass@ietf.org>; Fri, 11 Oct 2013 07:56:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=H5wAmT7ucOJdMyhyDcJdqKMJQ+UnqoDIy2fI7orYoKs=; b=P6IKTDBg7OZY3vLvHgX27MA5q6ooHGv2oqDqft1YzOLrmOOWfeCmKoiKvuHmr3QXG3 BMC4hKR8Q2duc5abEo3gIrU247F0DeQ4S6VNh/QO70E2jzRRiSWo15H0wdCSy2bI2N2h bvyxu/iS+Y2cMKwZWhX05m2jjQ0bN1TgB4/8hR3lel1bHWnNvZsoM/xbWW2iHp6j5qbb ABdAjXSJaEFtU192FZgytIUTWD8iDxTZSnLgT8nqvnr0Gi5cgErUmWhClRZmG9eIbNOj +3l8EN9jAwRf8XY5w+TNfdVwjJErW9/jrwt63Tyra6nMikzOQmFFGJ5UEx/V35DfTwSJ IvJw==
X-Gm-Message-State: ALoCoQm23gh3eq+Z0aXMeq54//wEb0c34sUAuPfbOSqc0/yR+bQ+9MNh2BHD0oNioftcwEssn79H
MIME-Version: 1.0
X-Received: by 10.182.129.42 with SMTP id nt10mr14377309obb.19.1381503384614;  Fri, 11 Oct 2013 07:56:24 -0700 (PDT)
Received: by 10.76.101.10 with HTTP; Fri, 11 Oct 2013 07:56:24 -0700 (PDT)
In-Reply-To: <8476775E-4828-47BC-9812-55DD75695A51@vigilsec.com>
References: <CAMm+LwhCRKMdptth28yguZNyymm4dcALu0yACMjNwQ=JA1YbPw@mail.gmail.com> <F5063677821E3B4F81ACFB7905573F24049E8BC61F@MX15A.corp.emc.com> <8476775E-4828-47BC-9812-55DD75695A51@vigilsec.com>
Date: Fri, 11 Oct 2013 10:56:24 -0400
Message-ID: <CAL02cgStY5USwLnN2-bMCMU0jfRQqhj7E8z3p27BUtXt+FvqfQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary=e89a8fb1fbfe7f08d504e87852e2
Cc: perpass <perpass@ietf.org>, "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
Subject: Re: [perpass] PKCS#12 needs fix'n
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 14:56:49 -0000

--e89a8fb1fbfe7f08d504e87852e2
Content-Type: text/plain; charset=ISO-8859-1

I would note that the JSON Web Key [1] spec from the JOSE WG provides a
similar, much simpler format than PKCS#12.  Just have JWK Set with one
public, unencrypted member, and one encrypted member:

[
  { "kty": "RSA", "n": "...", "e": "...", "x5c": "..." },
  JWE({ "kty": "RSA", "n": "...", "e": "...", "d": "..." })
]

Since software is going to have to change in any case to use a revised
PKCS#12, I wonder if it might not be a better idea to ditch ASN.1 while
we're at it.

--Richard


On Thu, Oct 10, 2013 at 5:41 PM, Russ Housley <housley@vigilsec.com> wrote:

> Kathleen:
>
> Thanks for working to transfer change control to the IETF.  Once this
> happens, the community can work to resolve any shortcomings in the
> specification in an open and transparent manner.
>
> Once the specification is done, hopefully all of the implementers will
> quickly incorporate the improvements.
>
> Russ
>
>
> On Oct 10, 2013, at 5:27 PM, Moriarty, Kathleen wrote:
>
> Hello,****
> ** **
> I should have a new version of the draft out soon, hopefully before the
> next meeting.  My working version has incorporated most of the adjustments
> requested by the sponsoring AD and the document shepherd.  I am just
> waiting on some language on transferring change control to ensure this is
> done properly.  We will get this version transferred and then updates can
> be made in a new document to revise as needed.****
> ** **
> It does have a high priority, but we need to do this correctly so that
> there are no issues with the transfer.  I chose to let it expire rather
> than provide an update without the right language in the document for the
> transfer, since this would happen soon.****
> ** **
> Thank you,****
> Kathleen****
> ** **
> *From:* perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] *On
> Behalf Of *Phillip Hallam-Baker
> *Sent:* Thursday, October 10, 2013 5:20 PM
> *To:* perpass
> *Subject:* [perpass] PKCS#12 needs fix'n****
> ** **
> Looking at some comments from Peter Guttman from way back he reports
> having a large collection of PKCS#12 files with private keys and no
> password. ****
> ** **
> Ooops****
> ** **
> So I am wondering if this might be one of the holes being exploited? It
> would be consistent with a lot of what we have heard.****
> ** **
> There seem to be several issues****
> ** **
> 1) Chronic usability issues on Windows re PFX PKCS#12 which leads users to
> export without a password****
> ** **
> 2) Weak cipher suites. The strongest seems to be 3DES, I suspect the
> default is RC4 which is one of the ciphers I trust least right now.****
> ** **
> ** **
> The ciphersuites issue seems to be a real problem. PKCS#12 does not use
> standard identifiers so a new one has to be cut each time and because it is
> a low priority it tends to lag. It is also unnecessarily captive to the
> legacy base.****
> ** **
> There is a draft to update PKCS#12 and to put it under IETF control. I
> think it needs to be given a higher priority (the draft has expired BTW).*
> ***
> ** **
> It could also do to have some examples. I am finding the draft very opaque
> without.****
> ** **
> http://tools.ietf.org/html/draft-moriarty-pkcs12v1-1-01****
>
> ****
> ** **
> --
> Website: http://hallambaker.com/****
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>
>
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>
>

--e89a8fb1fbfe7f08d504e87852e2
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I would note that the JSON Web Key [1] spec from the JOSE =
WG provides a similar, much simpler format than PKCS#12. =A0Just have JWK S=
et with one public, unencrypted member, and one encrypted member:<div><br><=
/div>
<div>[</div><div>=A0 { &quot;kty&quot;: &quot;RSA&quot;, &quot;n&quot;: &qu=
ot;...&quot;, &quot;e&quot;: &quot;...&quot;, &quot;x5c&quot;: &quot;...&qu=
ot; },</div><div>=A0 JWE({ &quot;kty&quot;: &quot;RSA&quot;, &quot;n&quot;:=
 &quot;...&quot;, &quot;e&quot;: &quot;...&quot;, &quot;d&quot;: &quot;...&=
quot; })</div>
<div>]</div><div><br></div><div>Since software is going to have to change i=
n any case to use a revised PKCS#12, I wonder if it might not be a better i=
dea to ditch ASN.1 while we&#39;re at it.</div><div><br></div><div>--Richar=
d</div>
</div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Thu,=
 Oct 10, 2013 at 5:41 PM, Russ Housley <span dir=3D"ltr">&lt;<a href=3D"mai=
lto:housley@vigilsec.com" target=3D"_blank">housley@vigilsec.com</a>&gt;</s=
pan> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div style=3D"word-wrap:break-word">Kathleen=
:<div><br></div><div>Thanks for working to transfer change control to the I=
ETF. =A0Once this happens, the community can work to resolve any shortcomin=
gs in the specification in an open and transparent manner.</div>
<div><br></div><div>Once the specification is done, hopefully all of the im=
plementers will quickly incorporate the improvements.</div><div><br></div><=
div>Russ</div><div><br></div><div><br><div><div><div class=3D"h5"><div>On O=
ct 10, 2013, at 5:27 PM, Moriarty, Kathleen wrote:</div>
<br></div></div><blockquote type=3D"cite"><span style=3D"border-collapse:se=
parate;font-family:Helvetica;font-style:normal;font-variant:normal;font-wei=
ght:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto=
;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;fo=
nt-size:medium"><div lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div><div class=3D"h5"><div><div style=3D"margin-top:0in;margin-right:0in;m=
argin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:&#39;Times=
 New Roman&#39;,serif"><span style=3D"font-size:11pt;font-family:Calibri,sa=
ns-serif;color:rgb(31,73,125)">Hello,<u></u><u></u></span></div>
<div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom=
:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span=
 style=3D"font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125=
)"><u></u>=A0<u></u></span></div>
<div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom=
:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span=
 style=3D"font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125=
)">I should have a new version of the draft out soon, hopefully before the =
next meeting.=A0 My working version has incorporated most of the adjustment=
s requested by the sponsoring AD and the document shepherd.=A0 I am just wa=
iting on some language on transferring change control to ensure this is don=
e properly.=A0 We will get this version transferred and then updates can be=
 made in a new document to revise as needed.<u></u><u></u></span></div>
<div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom=
:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span=
 style=3D"font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125=
)"><u></u>=A0<u></u></span></div>
<div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom=
:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span=
 style=3D"font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125=
)">It does have a high priority, but we need to do this correctly so that t=
here are no issues with the transfer.=A0 I chose to let it expire rather th=
an provide an update without the right language in the document for the tra=
nsfer, since this would happen soon.<u></u><u></u></span></div>
<div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom=
:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span=
 style=3D"font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125=
)"><u></u>=A0<u></u></span></div>
<div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom=
:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span=
 style=3D"font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125=
)">Thank you,<u></u><u></u></span></div>
<div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom=
:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span=
 style=3D"font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125=
)">Kathleen<u></u><u></u></span></div>
<div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom=
:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span=
 style=3D"font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125=
)"><u></u>=A0<u></u></span></div>
<div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom=
:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><b><s=
pan style=3D"font-size:10pt;font-family:Tahoma,sans-serif">From:</span></b>=
<span style=3D"font-size:10pt;font-family:Tahoma,sans-serif"><span>=A0</spa=
n><a href=3D"mailto:perpass-bounces@ietf.org" style=3D"color:blue;text-deco=
ration:underline" target=3D"_blank">perpass-bounces@ietf.org</a><span>=A0</=
span>[mailto:<a href=3D"mailto:perpass-bounces@ietf.org" target=3D"_blank">=
perpass-bounces@ietf.org</a>]<span>=A0</span><b>On Behalf Of<span>=A0</span=
></b>Phillip Hallam-Baker<br>
<b>Sent:</b><span>=A0</span>Thursday, October 10, 2013 5:20 PM<br><b>To:</b=
><span>=A0</span>perpass<br><b>Subject:</b><span>=A0</span>[perpass] PKCS#1=
2 needs fix&#39;n<u></u><u></u></span></div><div style=3D"margin-top:0in;ma=
rgin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-f=
amily:&#39;Times New Roman&#39;,serif">
<u></u>=A0<u></u></div><div><div><div style=3D"margin-top:0in;margin-right:=
0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:&#39;=
Times New Roman&#39;,serif">Looking at some comments from Peter Guttman fro=
m way back he reports having a large collection of PKCS#12 files with priva=
te keys and no password.=A0<u></u><u></u></div>
</div><div><div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;ma=
rgin-bottom:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,s=
erif"><u></u>=A0<u></u></div></div><div><div style=3D"margin-top:0in;margin=
-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-famil=
y:&#39;Times New Roman&#39;,serif">
Ooops<u></u><u></u></div></div><div><div style=3D"margin-top:0in;margin-rig=
ht:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:&#=
39;Times New Roman&#39;,serif"><u></u>=A0<u></u></div></div><div><div style=
=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;=
font-size:12pt;font-family:&#39;Times New Roman&#39;,serif">
So I am wondering if this might be one of the holes being exploited? It wou=
ld be consistent with a lot of what we have heard.<u></u><u></u></div></div=
><div><div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-=
bottom:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"=
>
<u></u>=A0<u></u></div></div><div><div style=3D"margin-top:0in;margin-right=
:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:&#39=
;Times New Roman&#39;,serif">There seem to be several issues<u></u><u></u><=
/div>
</div><div><div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;ma=
rgin-bottom:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,s=
erif"><u></u>=A0<u></u></div></div><div><div style=3D"margin-top:0in;margin=
-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-famil=
y:&#39;Times New Roman&#39;,serif">
1) Chronic usability issues on Windows re PFX PKCS#12 which leads users to =
export without a password<u></u><u></u></div></div><div><div style=3D"margi=
n-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size=
:12pt;font-family:&#39;Times New Roman&#39;,serif">
<u></u>=A0<u></u></div></div><div><div style=3D"margin-top:0in;margin-right=
:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:&#39=
;Times New Roman&#39;,serif">2) Weak cipher suites. The strongest seems to =
be 3DES, I suspect the default is RC4 which is one of the ciphers I trust l=
east right now.<u></u><u></u></div>
</div><div><div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;ma=
rgin-bottom:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,s=
erif"><u></u>=A0<u></u></div></div><div><div style=3D"margin-top:0in;margin=
-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-famil=
y:&#39;Times New Roman&#39;,serif">
<u></u>=A0<u></u></div></div><div><div style=3D"margin-top:0in;margin-right=
:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:&#39=
;Times New Roman&#39;,serif">The ciphersuites issue seems to be a real prob=
lem. PKCS#12 does not use standard identifiers so a new one has to be cut e=
ach time and because it is a low priority it tends to lag. It is also unnec=
essarily captive to the legacy base.<u></u><u></u></div>
</div><div><div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;ma=
rgin-bottom:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,s=
erif"><u></u>=A0<u></u></div></div><div><div style=3D"margin-top:0in;margin=
-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-famil=
y:&#39;Times New Roman&#39;,serif">
There is a draft to update PKCS#12 and to put it under IETF control. I thin=
k it needs to be given a higher priority (the draft has expired BTW).<u></u=
><u></u></div></div><div><div style=3D"margin-top:0in;margin-right:0in;marg=
in-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:&#39;Times Ne=
w Roman&#39;,serif">
<u></u>=A0<u></u></div></div><div><div style=3D"margin-top:0in;margin-right=
:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-family:&#39=
;Times New Roman&#39;,serif">It could also do to have some examples. I am f=
inding the draft very opaque without.<u></u><u></u></div>
</div><div><div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;ma=
rgin-bottom:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,s=
erif"><u></u>=A0<u></u></div></div><div><div style=3D"margin-top:0in;margin=
-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-famil=
y:&#39;Times New Roman&#39;,serif">
<a href=3D"http://tools.ietf.org/html/draft-moriarty-pkcs12v1-1-01" style=
=3D"color:blue;text-decoration:underline" target=3D"_blank">http://tools.ie=
tf.org/html/draft-moriarty-pkcs12v1-1-01</a><u></u><u></u></div></div><div>=
<div style=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom=
:0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif">
<br clear=3D"all"><u></u><u></u></div><div><div style=3D"margin-top:0in;mar=
gin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:12pt;font-fa=
mily:&#39;Times New Roman&#39;,serif"><u></u>=A0<u></u></div></div><div sty=
le=3D"margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001p=
t;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif">
--<span>=A0</span><br>Website:<span>=A0</span><a href=3D"http://hallambaker=
.com/" style=3D"color:blue;text-decoration:underline" target=3D"_blank">htt=
p://hallambaker.com/</a><u></u><u></u></div></div></div></div></div></div>_=
______________________________________________<br>
perpass mailing list<br><a href=3D"mailto:perpass@ietf.org" style=3D"color:=
blue;text-decoration:underline" target=3D"_blank">perpass@ietf.org</a><br><=
a href=3D"https://www.ietf.org/mailman/listinfo/perpass" style=3D"color:blu=
e;text-decoration:underline" target=3D"_blank">https://www.ietf.org/mailman=
/listinfo/perpass</a><br>
</div></span></blockquote></div><br></div></div><br>_______________________=
________________________<br>
perpass mailing list<br>
<a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_blank"=
>https://www.ietf.org/mailman/listinfo/perpass</a><br>
<br></blockquote></div><br></div>

--e89a8fb1fbfe7f08d504e87852e2--

From carl@redhoundsoftware.com  Fri Oct 11 11:27:02 2013
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8788321E808A for <perpass@ietfa.amsl.com>; Fri, 11 Oct 2013 11:27:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.202
X-Spam-Level: 
X-Spam-Status: No, score=-2.202 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4IUlsv2Q-Zn for <perpass@ietfa.amsl.com>; Fri, 11 Oct 2013 11:26:56 -0700 (PDT)
Received: from mail-qe0-f45.google.com (mail-qe0-f45.google.com [209.85.128.45]) by ietfa.amsl.com (Postfix) with ESMTP id BFAF821E809B for <perpass@ietf.org>; Fri, 11 Oct 2013 11:26:54 -0700 (PDT)
Received: by mail-qe0-f45.google.com with SMTP id 8so3617891qea.32 for <perpass@ietf.org>; Fri, 11 Oct 2013 11:26:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:in-reply-to:mime-version:content-type; bh=le46H14fWUUvtDYXluCqWE1cE3otwzimjQOtVsO6i7A=; b=XoDNtZiFaQCqaQxI6G2uobViiTuP81Zm7P6JiVsOr+PZVjj/Arr2AL8B6a3qefzt7d 8VQ066zLpAxZ5z8Lq+MFUFDXolQhM9BukFzDXs92yqjY79gHMSMPEhJCZHy6BeH5QwF3 vpD0EWbk1Yw+aJqztbt8TfUfZe9aWqSlzC5ejpdOC/XgAkUkqeAYxmYkVTh0fOYMa9h0 8+Dx8bfeDsUZJc9Mke/icYh1w/wQqwv9P0muaw1YWY70cjq/WOcrt2QKEBje3TdQXVuB r2cq8gS73wxa2q+Ghq3KWFRPk6aXHxh6tPTTQ1CnKGH/mwI4s+Jee37sg0DamLOOS/f+ ycFg==
X-Gm-Message-State: ALoCoQkTSE8ZMqSKYU+AOa/tM3T1swrCNzwantXLmyTNDjXpgBCZkyn4UnAwtv/Rcg7OTqPUvLfX
X-Received: by 10.229.251.201 with SMTP id mt9mr4109635qcb.26.1381516013995; Fri, 11 Oct 2013 11:26:53 -0700 (PDT)
Received: from [192.168.2.9] (pool-173-79-121-77.washdc.fios.verizon.net. [173.79.121.77]) by mx.google.com with ESMTPSA id k4sm18482484qaa.8.1969.12.31.16.00.00 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 11 Oct 2013 11:26:53 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.3.8.130913
Date: Fri, 11 Oct 2013 14:26:50 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Richard Barnes <rlb@ipv.sx>
Message-ID: <CE7DBA5F.5924%carl@redhoundsoftware.com>
Thread-Topic: [perpass] PKCS#12 needs fix'n
In-Reply-To: <CAL02cgStY5USwLnN2-bMCMU0jfRQqhj7E8z3p27BUtXt+FvqfQ@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3464346414_30499081"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] PKCS#12 needs fix'n
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 18:27:02 -0000

> This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--B_3464346414_30499081
Content-type: text/plain;
	charset="US-ASCII"
Content-transfer-encoding: 7bit


From:  Richard Barnes <rlb@ipv.sx>
Date:  Friday, October 11, 2013 10:56 AM
To:  Russ Housley <housley@vigilsec.com>
Cc:  perpass <perpass@ietf.org>, "Moriarty, Kathleen"
<kathleen.moriarty@emc.com>
Subject:  Re: [perpass] PKCS#12 needs fix'n

> I would note that the JSON Web Key [1] spec from the JOSE WG provides a
> similar, much simpler format than PKCS#12.  Just have JWK Set with one public,
> unencrypted member, and one encrypted member:
> 
> [
>   { "kty": "RSA", "n": "...", "e": "...", "x5c": "..." },
>   JWE({ "kty": "RSA", "n": "...", "e": "...", "d": "..." })
> ]
> 
> Since software is going to have to change in any case to use a revised
> PKCS#12, I wonder if it might not be a better idea to ditch ASN.1 while we're
> at it.

I think I see some ASN.1 in your JSON too:-)



--B_3464346414_30499081
Content-type: text/html;
	charset="US-ASCII"
Content-transfer-encoding: quoted-printable

<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: s=
pace; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size:=
 14px; font-family: Calibri, sans-serif; "><div><br></div><span id=3D"OLK_SRC_=
BODY_SECTION"><div style=3D"font-family:Calibri; font-size:11pt; text-align:le=
ft; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDI=
NG-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1=
pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style=3D"font-wei=
ght:bold">From: </span> Richard Barnes &lt;<a href=3D"mailto:rlb@ipv.sx">rlb@i=
pv.sx</a>&gt;<br><span style=3D"font-weight:bold">Date: </span> Friday, Octobe=
r 11, 2013 10:56 AM<br><span style=3D"font-weight:bold">To: </span> Russ Housl=
ey &lt;<a href=3D"mailto:housley@vigilsec.com">housley@vigilsec.com</a>&gt;<br=
><span style=3D"font-weight:bold">Cc: </span> perpass &lt;<a href=3D"mailto:perp=
ass@ietf.org">perpass@ietf.org</a>&gt;, "Moriarty, Kathleen" &lt;<a href=3D"ma=
ilto:kathleen.moriarty@emc.com">kathleen.moriarty@emc.com</a>&gt;<br><span s=
tyle=3D"font-weight:bold">Subject: </span> Re: [perpass] PKCS#12 needs fix'n<b=
r></div><div><br></div><blockquote id=3D"MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" s=
tyle=3D"BORDER-LEFT: #b5c4df 5 solid; PADDING:0 0 0 5; MARGIN:0 0 0 5;"><div d=
ir=3D"ltr">I would note that the JSON Web Key [1] spec from the JOSE WG provid=
es a similar, much simpler format than PKCS#12. &nbsp;Just have JWK Set with=
 one public, unencrypted member, and one encrypted member:<div><br></div><di=
v>[</div><div>&nbsp; { "kty": "RSA", "n": "...", "e": "...", "x5c": "..." },=
</div><div>&nbsp; JWE({ "kty": "RSA", "n": "...", "e": "...", "d": "..." })<=
/div><div>]</div><div><br></div><div>Since software is going to have to chan=
ge in any case to use a revised PKCS#12, I wonder if it might not be a bette=
r idea to ditch ASN.1 while we're at it.</div></div></blockquote></span><div=
><br></div><div>I think I see some ASN.1 in your JSON too:-)</div></body></h=
tml>

--B_3464346414_30499081--



From rlb@ipv.sx  Fri Oct 11 11:31:19 2013
Return-Path: <rlb@ipv.sx>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62B4B21E808C for <perpass@ietfa.amsl.com>; Fri, 11 Oct 2013 11:31:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.882
X-Spam-Level: 
X-Spam-Status: No, score=-2.882 tagged_above=-999 required=5 tests=[AWL=0.094,  BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9e5j0OnuymeM for <perpass@ietfa.amsl.com>; Fri, 11 Oct 2013 11:31:14 -0700 (PDT)
Received: from mail-ob0-f176.google.com (mail-ob0-f176.google.com [209.85.214.176]) by ietfa.amsl.com (Postfix) with ESMTP id 65BA021E809B for <perpass@ietf.org>; Fri, 11 Oct 2013 11:31:13 -0700 (PDT)
Received: by mail-ob0-f176.google.com with SMTP id wo20so3016587obc.7 for <perpass@ietf.org>; Fri, 11 Oct 2013 11:31:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=EWHLPypI6J4M/+3XFqYPdwjqIaerr6UK4tc9zcezj9c=; b=GVPDtTpyhrGb++HLhKeI8kl638h7LiaN/qYsXoh5AuUHmJYum5iLBziya9G3/TFtM6 JWd/7gt/HtMkhKKuTkmM/HpwnqW0MLsN8wM8F9W8wn+JVOkJEvbNfZNDCcq9TjdhS7bY tGX82bD8i1WcbafyQkD47IizkY4vtX7r0pl/CqPylRjFuXns70Frg7X0uWptItjwd60S UnrsTiwZFrfuVouQ+YUPrB6FUpT6bXJxQa6SqVyi6VKh8AxiYsOj5PIVIbWnnCIbd70r GVfrX6F7trWP9gRxAyEN/lX4jHvvDKXE9ulPrEN/e74ZDeTP6HRsTu6jW7k2d1XsxyEy 12ig==
X-Gm-Message-State: ALoCoQkb+WmyvC0ZUyXx4DuLqcmQzEKL61DNS/dQqRN8Pk1FEWccmx/E/zOhC1Cyl1bbDgQH+ubz
MIME-Version: 1.0
X-Received: by 10.60.68.135 with SMTP id w7mr15718081oet.9.1381516268721; Fri, 11 Oct 2013 11:31:08 -0700 (PDT)
Received: by 10.76.101.10 with HTTP; Fri, 11 Oct 2013 11:31:08 -0700 (PDT)
In-Reply-To: <CE7DBA5F.5924%carl@redhoundsoftware.com>
References: <CAL02cgStY5USwLnN2-bMCMU0jfRQqhj7E8z3p27BUtXt+FvqfQ@mail.gmail.com> <CE7DBA5F.5924%carl@redhoundsoftware.com>
Date: Fri, 11 Oct 2013 14:31:08 -0400
Message-ID: <CAL02cgQSWHx=XebPKByKXuEmDHAP3Obw1i0UX8xxHJaxiV2N8Q@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Carl Wallace <carl@redhoundsoftware.com>
Content-Type: multipart/alternative; boundary=001a1134c4c272f92104e87b5281
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] PKCS#12 needs fix'n
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 18:31:19 -0000

--001a1134c4c272f92104e87b5281
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Oct 11, 2013 at 2:26 PM, Carl Wallace <carl@redhoundsoftware.com>wrote:

>
> From: Richard Barnes <rlb@ipv.sx>
> Date: Friday, October 11, 2013 10:56 AM
> To: Russ Housley <housley@vigilsec.com>
> Cc: perpass <perpass@ietf.org>, "Moriarty, Kathleen" <
> kathleen.moriarty@emc.com>
> Subject: Re: [perpass] PKCS#12 needs fix'n
>
> I would note that the JSON Web Key [1] spec from the JOSE WG provides a
> similar, much simpler format than PKCS#12.  Just have JWK Set with one
> public, unencrypted member, and one encrypted member:
>
> [
>   { "kty": "RSA", "n": "...", "e": "...", "x5c": "..." },
>   JWE({ "kty": "RSA", "n": "...", "e": "...", "d": "..." })
> ]
>
> Since software is going to have to change in any case to use a revised
> PKCS#12, I wonder if it might not be a better idea to ditch ASN.1 while
> we're at it.
>
>
> I think I see some ASN.1 in your JSON too:-)
>

X.509 is one thing.  PKCS#12 is quite another.  Having implemented both (in
JavaScript, no less), I can tell you which one caused less pain and got
more interop.

--Richard

--001a1134c4c272f92104e87b5281
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On F=
ri, Oct 11, 2013 at 2:26 PM, Carl Wallace <span dir=3D"ltr">&lt;<a href=3D"=
mailto:carl@redhoundsoftware.com" target=3D"_blank">carl@redhoundsoftware.c=
om</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div style=3D"font-size:14px;font-family:Cal=
ibri,sans-serif;word-wrap:break-word"><div><br></div><span><div style=3D"bo=
rder-right:medium none;padding-right:0in;padding-left:0in;padding-top:3pt;t=
ext-align:left;font-size:11pt;border-bottom:medium none;font-family:Calibri=
;border-top:#b5c4df 1pt solid;padding-bottom:0in;border-left:medium none">
<span style=3D"font-weight:bold">From: </span> Richard Barnes &lt;<a href=
=3D"mailto:rlb@ipv.sx" target=3D"_blank">rlb@ipv.sx</a>&gt;<br><span style=
=3D"font-weight:bold">Date: </span> Friday, October 11, 2013 10:56 AM<br><s=
pan style=3D"font-weight:bold">To: </span> Russ Housley &lt;<a href=3D"mail=
to:housley@vigilsec.com" target=3D"_blank">housley@vigilsec.com</a>&gt;<br>
<span style=3D"font-weight:bold">Cc: </span> perpass &lt;<a href=3D"mailto:=
perpass@ietf.org" target=3D"_blank">perpass@ietf.org</a>&gt;, &quot;Moriart=
y, Kathleen&quot; &lt;<a href=3D"mailto:kathleen.moriarty@emc.com" target=
=3D"_blank">kathleen.moriarty@emc.com</a>&gt;<br>
<span style=3D"font-weight:bold">Subject: </span> Re: [perpass] PKCS#12 nee=
ds fix&#39;n<br></div><div class=3D"im"><div><br></div><blockquote style=3D=
"BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div dir=3D"lt=
r">I would note that the JSON Web Key [1] spec from the JOSE WG provides a =
similar, much simpler format than PKCS#12. =A0Just have JWK Set with one pu=
blic, unencrypted member, and one encrypted member:<div>
<br></div><div>[</div><div>=A0 { &quot;kty&quot;: &quot;RSA&quot;, &quot;n&=
quot;: &quot;...&quot;, &quot;e&quot;: &quot;...&quot;, &quot;x5c&quot;: &q=
uot;...&quot; },</div><div>=A0 JWE({ &quot;kty&quot;: &quot;RSA&quot;, &quo=
t;n&quot;: &quot;...&quot;, &quot;e&quot;: &quot;...&quot;, &quot;d&quot;: =
&quot;...&quot; })</div>
<div>]</div><div><br></div><div>Since software is going to have to change i=
n any case to use a revised PKCS#12, I wonder if it might not be a better i=
dea to ditch ASN.1 while we&#39;re at it.</div></div></blockquote></div>
</span><div><br></div><div>I think I see some ASN.1 in your JSON too:-)</di=
v></div>
</blockquote></div><br></div><div class=3D"gmail_extra">X.509 is one thing.=
 =A0PKCS#12 is quite another. =A0Having implemented both (in JavaScript, no=
 less), I can tell you which one caused less pain and got more interop.</di=
v>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">--Richard</=
div></div>

--001a1134c4c272f92104e87b5281--

From leo@vegoda.org  Sat Oct 12 11:04:00 2013
Return-Path: <leo@vegoda.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6178C21E815F for <perpass@ietfa.amsl.com>; Sat, 12 Oct 2013 11:04:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BjqHwn9etxYU for <perpass@ietfa.amsl.com>; Sat, 12 Oct 2013 11:03:55 -0700 (PDT)
Received: from mail-wi0-f180.google.com (mail-wi0-f180.google.com [209.85.212.180]) by ietfa.amsl.com (Postfix) with ESMTP id 0FEE921F9A90 for <perpass@ietf.org>; Sat, 12 Oct 2013 11:03:54 -0700 (PDT)
Received: by mail-wi0-f180.google.com with SMTP id h11so1520233wiv.1 for <perpass@ietf.org>; Sat, 12 Oct 2013 11:03:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition :content-transfer-encoding:in-reply-to:user-agent; bh=q6b3ihMI7VmgwanrWO1uwE64NAO/cNzyr8r6wl57mMA=; b=UIZzlahPxhYlaki6xyxwo2MfBdn6h6fVwloxU3Gi74Dw/WkgnNja+bToxUMvac3ZAg 903JzxwfIwb45IOmlElDs0zvdcmBTZxQtDDMkxn0NUIA4DhSxz1VkHhwmih4SoPppaYY UE14f+u5mdJbYfhWLJP2zunFbvVFkilnhdJ7H1xrjlgDcVEmO/4gqG2UdUSa9i9cKH9K 7AhibC+UUEPPkmpjk/oATq6531g8uvg6QtX8KoZ9tHbwj/CoilaLxLcJ/A3KUxhrRP+q QQ5Pln02D5ShWujTDTGpUxC7tdJQB+LvGaE4/ln2G6o9IijXCOFPdFzjSVi5Q/PP/NW7 /XDQ==
X-Gm-Message-State: ALoCoQkO6S6kAQWw0yhbZpGDvBNsOCICF/wmXZNFLfTakU9/liHgk36XXuMR6UoBJ3dlRs7XAmoA
X-Received: by 10.180.109.132 with SMTP id hs4mr8089174wib.46.1381601033409; Sat, 12 Oct 2013 11:03:53 -0700 (PDT)
Received: from vegoda.org (vps.ldn.bind.org. [2001:67c:1b8:100f::2]) by mx.google.com with ESMTPSA id y20sm16491790wib.0.1969.12.31.16.00.00 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 12 Oct 2013 11:03:52 -0700 (PDT)
Date: Sat, 12 Oct 2013 19:03:44 +0100
From: Leo Vegoda <leo@vegoda.org>
To: Mike Demmers <mdietf@demmers.org>
Message-ID: <20131012180344.GA11447@vegoda.org>
References: <20130925110934.464c7592@cicero.demmers.org> <524343B5.8010808@cs.tcd.ie> <20130930135150.23771137@cicero.demmers.org> <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de> <20131010050040.03051a8e@cicero.demmers.org> <j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de> <20131010092504.039f1217@cicero.demmers.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20131010092504.039f1217@cicero.demmers.org>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: Perpass List Submit <perpass@ietf.org>
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Oct 2013 18:04:00 -0000

On Thu, Oct 10, 2013 at 09:25:04AM -0700, Mike Demmers wrote:

[...]

> How about this:
> 
> There are two new standard buttons on the MUA: FRIEND UNFRIEND
> 
> Everything possible is set up by the MUA when it is first run - keys, made, if they do not exist, questions asked and answered about keyservers, pass phrases, various preferences etc. Same as it SHOULD be now.
> 
> "Coolmail has a new feature! You can 'Friend' people, and if they also friend you, you will be communicating privately from then on. Better yet, you will see no spam in this mode (unless you friend a spammer).
> 
> It's easy to use! When someone you wish to communicate with privately emails you, just hit the friend button. This will handle everything automatically. They will be sent a plain text message with your special key. And if they also friend you, their special key will be sent to you, if you do not already have it. (all automatic). 
> 
> You can also set up this feature to automatically check the keyserver of your choice in preferences/friending" blah blah blah..."
> 
> Something like that. Does not seem hard to me. Probably a bit less hard than learning how to add an attachment to an email, most everyone learns to do that.
> 
> You just have to hit one button, all else is handled automatically. 

How is key management handled? Managing scheduled key rollovers
might be easy enough but what about unscheduled key rollovers when
a system is compromised and the old keypair needs to be revoked and
a new keypair needs to be created and publishedr?

Making good key management lightweight strÑ–kes me as a hard problem.
Is that wrong?

Regards,

Leo

From mdietf@demmers.org  Sat Oct 12 23:45:14 2013
Return-Path: <mdietf@demmers.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10F1721F9D7A for <perpass@ietfa.amsl.com>; Sat, 12 Oct 2013 23:45:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.367
X-Spam-Level: 
X-Spam-Status: No, score=-1.367 tagged_above=-999 required=5 tests=[AWL=-0.005, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kDxdF-5oKvRG for <perpass@ietfa.amsl.com>; Sat, 12 Oct 2013 23:45:08 -0700 (PDT)
Received: from remote.demmers.org (mdemmers.virt.spiritone.com [216.99.193.151]) by ietfa.amsl.com (Postfix) with ESMTP id B507611E817E for <perpass@ietf.org>; Sat, 12 Oct 2013 23:45:07 -0700 (PDT)
Received: from cicero.demmers.org ([50.45.172.144]) by remote.demmers.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id r9D6j4pc030652; Sat, 12 Oct 2013 23:45:05 -0700
Date: Sat, 12 Oct 2013 23:45:00 -0700
From: Mike Demmers <mdietf@demmers.org>
To: Perpass List Submit <perpass@ietf.org>
Message-ID: <20131012234500.2813ff1c@cicero.demmers.org>
In-Reply-To: <20131012180344.GA11447@vegoda.org>
References: <20130925110934.464c7592@cicero.demmers.org> <524343B5.8010808@cs.tcd.ie> <20130930135150.23771137@cicero.demmers.org> <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de> <20131010050040.03051a8e@cicero.demmers.org> <j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de> <20131010092504.039f1217@cicero.demmers.org> <20131012180344.GA11447@vegoda.org>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Oct 2013 06:45:14 -0000

On Sat, 12 Oct 2013 19:03:44 +0100
Leo Vegoda <leo@vegoda.org> wrote:

> How is key management handled?

Ok, first I want to summarize again, incorporating the changes made after B=
joern's commants.

We are now looking at a two level key exchange, one with a 'public' public =
key, and a second with a 'private' public key. And I am trying to keep this=
 just two buttons, 'Friend' and 'Unfriend' to make it as simple as possible.

This is for the case where the MUA is 'default deny' aware. (If not availab=
le yet, this would be trivial to do with a small helper program or plugin, =
since SMTP is such a simple protocol).

I am using 'sender' as the person who wants to initiate this, who could be =
unknown to the 'recipient'.

Note that some state during the 'friend' process has to be kept by both sid=
es, somehow. Not hard.

Somewhere in the email program's setup prefs are two options:

/X/ Use Private public keys for friends (use the two level keys). ON by def=
ault.

/_/ Use Individual Super Private Keys for friends. (off by default...maybe)=
. This forces a new, individual  'private' public key (keypair, actually) t=
o be created for EACH friend. This provides some additional protection in c=
ase senders machine is compromised - only THAT private public key will be c=
ompromised.

OK, I am the sender, and I want to send to someone who may or may not know =
me.

1. I hit the friend button. I may have an email message from the person, or=
 maybe not. The MUA creates a blank, unencrypted email for me, getting the =
TO: either from the email I have up in view or prompting me for it. The pro=
gram sees that I do not have a public key for this person and no transactio=
n is already in progress, so it knows this is the initial state. I write th=
e email, and had better be convincing about why I want to be friended if th=
e other person does not know me. Send the email.

Program changes the state of this transaction to a state where it is expect=
ing a public key to be sent back.

Note that no key is sent within this step, and the email must be unencrypte=
d.

2. The recipient gets the email, and now has a choice to friend me or not. =
To friend me, he hits the friend button. Note that the onus here is on the =
recipient, this is exactly the opposite of normail email, where anyone can =
spam you and then you have to take positive action (like blocking) to preve=
nt any more mail from that source. Here, if recipient wants no encrypted em=
ail from this source, they just do nothing.

Now his MUA checks state, sees it is time to send his 'public' public key t=
o the sender. It sends his public key, unencrypted.=20

State is changed.

3. Sender gets public public key from recipient, and sends senders public k=
ey back, still unencrypted.

4. Recipient gets 'public' public key from sender. Now we have a way to enc=
rypt mail successfullly on both ends.=20

Recipient encrypts recipients 'private' public key with senders 'public' pu=
blic key and sends it to sender, who will now be able to decode it.

5. Sender decrypts recipients 'private' public key. Sender now encrypts sen=
ders 'private' public key and sends it to recipient, who can now decode it.=
 Sender now switches the 'active' public key from the 'public' public key t=
o the 'private' public key, and notifies the senders MTA to whitelist the r=
ecipient for encrypted email.

6. Recipents gets senders encrypted 'private' public key, decodes it. Recip=
ient now switches the 'active' public key from the 'public' public key to t=
he 'private' public key, and notifies the recipients MTA to whitelist the s=
ender for encrypted email.

Friending completed.

All done with one button press from each side, everything else is automatic.
Only email is used for the whole transactions, no keyservers or other side =
channels needed.
The public keys _actually used_ by both sides have never been sent in the c=
lear.
The private keys have never been sent anywhere either, of course.
Not very fast, be we do not really need fast for something like this that j=
ust happens once.
Spammer can send all the unencryted 'requests' they like, but they can do t=
hat now. Only the recipient can actually initiate the automated stuff, so t=
here is no DOS type leverage from automated emails.

Possible spammer actions:

1. Try to use the 'public' public key and forge senders email address. A po=
intless exercise since recipient will not be able to decode it, they are ex=
pecting encrypted mail to use the 'private' public key.

2. Compromise senders system obtaining the private private key. Always a da=
nger, but spammers depend upon being able to send millions of emails easily=
. Not practical to have to compromise every one of their spam recipients ma=
chines, and how do they know who has friended who? Only a mass surveillance=
 state actor could do this, and whatever you may feel about that, so far th=
ey have not resorted to spamming. ;-)

Both of these attempts would incidentally provide a pretty much 100 percent=
 sure way to filter the emails out as spam. Though, if my friends system wa=
s compromised, and the spammer sent me spam, I would consider that valuable=
 information since it would tell me my friends system and my private public=
 key were compromised.=20

> Managing scheduled key rollovers
> might be easy enough but what about unscheduled key rollovers when
> a system is compromised and the old keypair needs to be revoked and
> a new keypair needs to be created and publishedr?

OK, this is a special case.

If I hold down the shift button in my MUA, the 'friend' button changes to '=
refriend'. This means 'make a new 'private' public key (pair), and do the '=
private' public key exchange again. Of course will want to make sure my fri=
end has cleaned up his system first.

On his end, his private keys are compromised too, so he has to hold doen th=
e shift and control keys to see the friend button change to 'Redo all' or '=
Was Hacked' or something similar.=20

May want to keep the old keys to be able to read old emails, but they will =
no longer be current. Both the 'public' public and private keys will be rem=
ade, and the 'private' public and private keys need to be remade in his cas=
e.

If neither of us was actually compromised, and we just want new keys (new '=
private' public keys) for some reason, we both just hit the 'refriend' butt=
on. All else handled by the MUAs.

Something like that.


> Making good key management lightweight str=D1=96kes me as a hard problem.
> Is that wrong?

You tell me. Will the above work? Seems pretty simple to me. I am not a sec=
urity expert though, just a poor user who wants this to all be MUCH easier =
(for end users, system admin users, and programmers). Where are the flaws?

I think what makes present key management hard in email is the current assu=
mption that 'anyone must be able to email anyone at any time' - default acc=
ept, in other words. To do this you need things like public keyservers, or =
some other way that keys can be easily known.

Default deny for encrypted email removes that problem, since both sides mus=
t already be known to each other.=20

Remember my goals:

Get everyone to use at least some email encryption by making it really simp=
le to use, and having a reason (less spam) more instantly apparent than jus=
t privacy.=20

Perfection not required. I'm sure this could be probably be MITMed but to d=
o that someone has to go to much extra effort. And the thing is, pretty muc=
h everything we are using now has had serious, sometimes 'banging head on d=
esk' 'how could that possibly have been missed' problems at one point or an=
other. Get everyone using this, we can then later come out with version2, w=
hich is MUCH easier to do that just getting everyone on board to start with=
. There would also still be the option of exchanging keys manually. You cou=
ld still perhaps build in some 'web of trust' type checks with keyservers (=
for the 'public' public keys). First you have to get the users hooked. THEN=
 up the ante. ;-)

-Mike

From leo@vegoda.org  Sun Oct 13 08:25:21 2013
Return-Path: <leo@vegoda.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4B2E21E808D for <perpass@ietfa.amsl.com>; Sun, 13 Oct 2013 08:25:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ywBZMNXRta3H for <perpass@ietfa.amsl.com>; Sun, 13 Oct 2013 08:25:15 -0700 (PDT)
Received: from mail-pd0-f176.google.com (mail-pd0-f176.google.com [209.85.192.176]) by ietfa.amsl.com (Postfix) with ESMTP id 98ECF21E80E5 for <perpass@ietf.org>; Sun, 13 Oct 2013 08:25:12 -0700 (PDT)
Received: by mail-pd0-f176.google.com with SMTP id q10so6352152pdj.35 for <perpass@ietf.org>; Sun, 13 Oct 2013 08:25:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=0KpyoUO64HAyKBfgaINLD4QFMCyOuQKOAcMNDNaMgXU=; b=fbPAYjWjfOesG1Z0ogrPs6QaQRXhHVu5KQOQ7yKqYh5E9OjB6dZglJDgasIxa8iEDg Np2+s38QA9oQEMPgSPVnnetHUmoYMJkp7jDCokMMIHKF5U57dfAKCsoeY7Jf0o+GIORH jxbsW4NObLFK8fbPUQxPeMvo0kz5e2r/dO6IzEHRkanitJhkrPl5Xd8R61F79sE6RoV4 KBLTQJBBatWzoV+8O//xWFTgoz4a6VrVZLK3Ns5gthjRRNHcsiINmUuRjNspbpjh+KTG jbKBCowSq2zD5pKbJjx3ZrZGv9sCNHl2+gl4gnusJ/GkMMDwni/EXEEtr+aB4xOBsWLJ kafw==
X-Gm-Message-State: ALoCoQnzqEWoFfCi1Hu6bVePSoBfW6jtu2i55wFb8SJk4NoJzSAlfi9k907Os+tkLs3GFY2v+x70
X-Received: by 10.66.119.202 with SMTP id kw10mr33093205pab.118.1381677911929;  Sun, 13 Oct 2013 08:25:11 -0700 (PDT)
Received: from vegoda.org (cpe-172-250-31-169.socal.res.rr.com. [172.250.31.169]) by mx.google.com with ESMTPSA id 7sm84868988paf.22.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 13 Oct 2013 08:25:11 -0700 (PDT)
Date: Sun, 13 Oct 2013 08:25:08 -0700
From: Leo Vegoda <leo@vegoda.org>
To: Mike Demmers <mdietf@demmers.org>
Message-ID: <20131013152508.GA12990@vegoda.org>
References: <20130925110934.464c7592@cicero.demmers.org> <524343B5.8010808@cs.tcd.ie> <20130930135150.23771137@cicero.demmers.org> <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de> <20131010050040.03051a8e@cicero.demmers.org> <j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de> <20131010092504.039f1217@cicero.demmers.org> <20131012180344.GA11447@vegoda.org> <20131012234500.2813ff1c@cicero.demmers.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20131012234500.2813ff1c@cicero.demmers.org>
X-raffinose: fart
X-stachiose: fart
X-verbascose: fart
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: Perpass List Submit <perpass@ietf.org>
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Oct 2013 15:25:21 -0000

On Sat, Oct 12, 2013 at 11:45:00PM -0700, Mike Demmers wrote:
> On Sat, 12 Oct 2013 19:03:44 +0100
> Leo Vegoda <leo@vegoda.org> wrote:
> 
> > How is key management handled?
> 
> Ok, first I want to summarize again, incorporating the changes made after Bjoern's commants.
> 
> We are now looking at a two level key exchange, one with a 'public' public key, and a second with a 'private' public key. And I am trying to keep this just two buttons, 'Friend' and 'Unfriend' to make it as simple as possible.

[...]

> > Making good key management lightweight strikes me as a hard problem.
> > Is that wrong?
> 
> You tell me. Will the above work? Seems pretty simple to me. I am not a security expert though, just a poor user who wants this to all be MUCH easier (for end users, system admin users, and programmers). Where are the flaws?
> 
> I think what makes present key management hard in email is the current assumption that 'anyone must be able to email anyone at any time' - default accept, in other words. To do this you need things like public keyservers, or some other way that keys can be easily known.
> 
> Default deny for encrypted email removes that problem, since both sides must already be known to each other. 
> 
> Remember my goals:
> 
> Get everyone to use at least some email encryption by making it really simple to use, and having a reason (less spam) more instantly apparent than just privacy. 

I am not a security expert either but presumably people will need to
export keys for backup and deployment on other systems. For
instance, many people have something like a laptop computer, a
smartphone and a tablet. Presumably, users would want to use the
same keys on all those devices so that they can read all their
e-mail no matter which device they use.

I also expect people would want to be able to revoke a key if a
device is stolen and then generate a new key to replace it, back
that up and distribute it to all the devices in use.

I think the UI elements for generating and publishing a key are
important but if the underlying key management doesn't meet people's
needs then your goal of getting people to use encryption won't be
achieved because the things they can do today won't be possible.

So my questions are:

- how do people use the same keys on all their devices?
- how do people securely backup their keys?
- how do people revoke keys when a device is stolen or otherwise
  compromised?

Regards,

Leo

From acooper@cdt.org  Sun Oct 13 14:36:05 2013
Return-Path: <acooper@cdt.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D03C21E808A for <perpass@ietfa.amsl.com>; Sun, 13 Oct 2013 14:36:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.874
X-Spam-Level: 
X-Spam-Status: No, score=-102.874 tagged_above=-999 required=5 tests=[AWL=-0.275, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C1-iKzjW2B9B for <perpass@ietfa.amsl.com>; Sun, 13 Oct 2013 14:36:01 -0700 (PDT)
Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id 6046121E8133 for <perpass@ietf.org>; Sun, 13 Oct 2013 14:35:58 -0700 (PDT)
X-Footer: Y2R0Lm9yZw==
Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Sun, 13 Oct 2013 17:35:51 -0400
Content-Type: multipart/signed; boundary="Apple-Mail=_E4008C96-FCEB-493E-BAAA-25C75EB08CEF"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Alissa Cooper <acooper@cdt.org>
In-Reply-To: <525722C4.4020408@bbn.com>
Date: Sun, 13 Oct 2013 17:35:50 -0400
Message-Id: <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1499)
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Oct 2013 21:36:05 -0000

--Apple-Mail=_E4008C96-FCEB-493E-BAAA-25C75EB08CEF
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Hi Steve,

I'd like to challenge your assertions that because Gmail and Facebook =
have billions of users, the bulk of Internet users do not care about =
pervasive state surveillance of all or most of their of their Internet =
communications, and therefore the IETF's attempts at promoting strong =
security have thus far been sufficient. Privacy is often valued =
contextually. The fact that a user accepts the trade-offs that Gmail =
presents (accepting that a private company will scan her emails in =
exchange for a snappy interface or beneficial network effects) does not =
mean that the same user is comfortable with pervasive government =
surveillance that could allow her to be pursued (using police force) =
under legal standards that are often vague or uncertain for anything she =
writes in every email she sends. The state's ability to impinge on a =
wide range of individual freedoms surpasses by far the ability of any =
single private company to do so. The line between private and public =
sector data collection has obviously blurred as more and more data is =
exchanged between the two, but that does not make the two of them =
equivalent.

For the list: much of this thread's discussion seems to presume that the =
business considerations behind individual companies' decisions about =
whether to deploy secure protocols or not are unchanged from what they =
were four months ago prior to the beginning of the revelations. Yet =
elsewhere there seems to be a whole lot of hand-wringing going on about =
how much business is being lost or how nervous various customers are in =
the wake of the revelations. Can we really assume that no IT managers in =
charge of enterprise SIP deployments or middlebox-based =
backwards-compatability solutions are even considering re-evaluating how =
they balance competing requirements?=20

Alissa

On Oct 10, 2013, at 5:57 PM, Stephen Kent <kent@bbn.com> wrote:

> Hay,
>=20
>> Hiya,
>>>> I...
>> I disagree. IMO all the snowdonia stuff is very good evidence that
>> we need to do better. And "enforcer" is not at issue.
> Can yo be more specific here? I have not examined all of what is being =
made
> public; I do have a day job :-) .
>> And the 2nd. But the 2nd is a case where there's a teeny bit of
>> crypto baked into websockets so that websockets just doesn't
>> work without it. But not one to rathole on.
> OK, moving on.
>> ...
>> Going back to a mail from Yoav a few weeks ago - we're not trying to
>> prevent state surveillance, but we would like to make it more
>> expensive so Yoav isn't on the list of folks that they can afford
>> to surveil. Assuming we share that description as a goal, (do we?)
>> what other kind of folks do you think we might need to make progress
>> on that?
> I understand the goal of making life harder for state surveillance.
> However, I am not willing (personally) to incur any degraded user =
experience,
> premature cell phone battery depletion, etc in order to support this =
goal.
> I suspect, but cannot prove, that most users would express similar =
feelings.
>=20
> But, if there are things we can do that are "free" of adverse impacts,
> and supportive of the goal you noted, we should consider them.
>> There is a fair point there but dealing with what people do on FB
>> is not really within the IETF's scope I think. Making it harder for
>> a few hacked nodes to record everything everyone does is though.
>> (And if we can do that well, I suspect we'll get a bunch of other
>> security benefits too.)
> I use Gmail for some traffic. If I really cared about the =
confidentiality
> of that traffic, I should choose another provider. How many million
> folks make the same decision?
>=20
> I use the weather channel to check forecasts for my home area, and
> for airports en route to destinations, and for vacation and work
> trips. I see ads popping up that are a obvious, direct result of
> the WC folks having access to cookies from my browser! Somehow
> I learned to live with that ;-) .
>> And there's also the user-consent issue - regardless of what one
>> thinks about web site T&C, it is absolutely the case that users
>> have not given permission for the pervasive monitoring that's
>> been reported.
> Agreed.
>=20
> Steve
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>=20


--Apple-Mail=_E4008C96-FCEB-493E-BAAA-25C75EB08CEF
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJSWxI2AAoJEIXyHQftqgBQ/nEH/iQI5RyGyJ3FASBkQzSRjnq7
NLAO5CHpTXGs1ddZenJRxo+n05s1xrrtobS2Gvh94aXkK28xMV9hDnYvsjGfA+7q
pKgQv9A57VX4znq5Bnplr2zgwmgDZ0eRs/PRmJ9BWG864TpzlMWu97aT/PKspWAn
cUpKfxV67S3+9kRWRWiQuRAq8wEpory9VX8xs2XLG7fMS9ECrSfwA5aHKhXtA7Z0
GV4pg4ERXb/qAosrelihUCcvPTHi2YnCgDgjuE4jU2qa+oQxh5MEP+KNvk8eoYvl
NWYRfNqFvPrkXVMYOv4OGA5Vnlol7dt8iRQViEXk3/pvVfhwPHFch6D6IxAp0/4=
=ML1g
-----END PGP SIGNATURE-----

--Apple-Mail=_E4008C96-FCEB-493E-BAAA-25C75EB08CEF--


From rschulman@gmail.com  Mon Oct 14 05:47:02 2013
Return-Path: <rschulman@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9528521E816D for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 05:47:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g7DEfjBsPtEp for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 05:47:00 -0700 (PDT)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) by ietfa.amsl.com (Postfix) with ESMTP id 56A6021E8162 for <perpass@ietf.org>; Mon, 14 Oct 2013 05:46:57 -0700 (PDT)
Received: by mail-wi0-f182.google.com with SMTP id ez12so1126158wid.9 for <perpass@ietf.org>; Mon, 14 Oct 2013 05:46:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XvYYuiWtTsZht1xj2+Y6m/nNAWoTB8PGH/Nc2r4ri40=; b=xJEVwsQVRQ6R0ub4EeOR1hR1XJkaPSqZ45ejcanMaYk7oOKQ5Zhns3G1w9aZtUM6u9 eohuJnAKSEIGda/+ZZnFM6FUWOAd9bLVj2vAJVtRsXUjnXT7bTDrGfnwe6SNQZHXcwo8 a6gB7fRgzGjwmXqDIcbVUaGl2bwo/VxPCGh1Kg2VlfzRAyNcRitVKSBzBHTUUfjVyb6S wemP4X22znS7yxVGm7XgXQFhtYkw7XqC3vLDrAwyVRYmJ0z/WD8t9yzbdtkAjmy/hydj hBrnDFI8fs4zFf1n6v849vbVfvqRwCGvcRK9fEb4S1zlO6eXeZvZUb/QKMBRb1Sfdzyr mQ5g==
MIME-Version: 1.0
X-Received: by 10.194.77.167 with SMTP id t7mr29190836wjw.27.1381754816423; Mon, 14 Oct 2013 05:46:56 -0700 (PDT)
Received: by 10.180.5.197 with HTTP; Mon, 14 Oct 2013 05:46:56 -0700 (PDT)
In-Reply-To: <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>
Date: Mon, 14 Oct 2013 08:46:56 -0400
Message-ID: <CAOpR=kOECHx7dFtvD2sOs88dXptCQwVPGU_4p=0zf89DNPC-Pg@mail.gmail.com>
From: Ross Schulman <rschulman@gmail.com>
To: Alissa Cooper <acooper@cdt.org>
Content-Type: multipart/alternative; boundary=047d7bf0d628ffee0404e8b2dc2e
Cc: perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 12:47:02 -0000

--047d7bf0d628ffee0404e8b2dc2e
Content-Type: text/plain; charset=ISO-8859-1

Alissa got to writing this email before I did, but I second pretty much
everything she said here. Corporate data collection is not the same as
pervasive government surveillance. Each has their concerns, but they are
separate and the solutions to the two are considerably different.

-Ross


On Sun, Oct 13, 2013 at 5:35 PM, Alissa Cooper <acooper@cdt.org> wrote:

> Hi Steve,
>
> I'd like to challenge your assertions that because Gmail and Facebook have
> billions of users, the bulk of Internet users do not care about pervasive
> state surveillance of all or most of their of their Internet
> communications, and therefore the IETF's attempts at promoting strong
> security have thus far been sufficient. Privacy is often valued
> contextually. The fact that a user accepts the trade-offs that Gmail
> presents (accepting that a private company will scan her emails in exchange
> for a snappy interface or beneficial network effects) does not mean that
> the same user is comfortable with pervasive government surveillance that
> could allow her to be pursued (using police force) under legal standards
> that are often vague or uncertain for anything she writes in every email
> she sends. The state's ability to impinge on a wide range of individual
> freedoms surpasses by far the ability of any single private company to do
> so. The line between private and public sector data collection has
> obviously blurred as more and more data is exchanged between the two, but
> that does not make the two of them equivalent.
>
> For the list: much of this thread's discussion seems to presume that the
> business considerations behind individual companies' decisions about
> whether to deploy secure protocols or not are unchanged from what they were
> four months ago prior to the beginning of the revelations. Yet elsewhere
> there seems to be a whole lot of hand-wringing going on about how much
> business is being lost or how nervous various customers are in the wake of
> the revelations. Can we really assume that no IT managers in charge of
> enterprise SIP deployments or middlebox-based backwards-compatability
> solutions are even considering re-evaluating how they balance competing
> requirements?
>
> Alissa
>
> On Oct 10, 2013, at 5:57 PM, Stephen Kent <kent@bbn.com> wrote:
>
> > Hay,
> >
> >> Hiya,
> >>>> I...
> >> I disagree. IMO all the snowdonia stuff is very good evidence that
> >> we need to do better. And "enforcer" is not at issue.
> > Can yo be more specific here? I have not examined all of what is being
> made
> > public; I do have a day job :-) .
> >> And the 2nd. But the 2nd is a case where there's a teeny bit of
> >> crypto baked into websockets so that websockets just doesn't
> >> work without it. But not one to rathole on.
> > OK, moving on.
> >> ...
> >> Going back to a mail from Yoav a few weeks ago - we're not trying to
> >> prevent state surveillance, but we would like to make it more
> >> expensive so Yoav isn't on the list of folks that they can afford
> >> to surveil. Assuming we share that description as a goal, (do we?)
> >> what other kind of folks do you think we might need to make progress
> >> on that?
> > I understand the goal of making life harder for state surveillance.
> > However, I am not willing (personally) to incur any degraded user
> experience,
> > premature cell phone battery depletion, etc in order to support this
> goal.
> > I suspect, but cannot prove, that most users would express similar
> feelings.
> >
> > But, if there are things we can do that are "free" of adverse impacts,
> > and supportive of the goal you noted, we should consider them.
> >> There is a fair point there but dealing with what people do on FB
> >> is not really within the IETF's scope I think. Making it harder for
> >> a few hacked nodes to record everything everyone does is though.
> >> (And if we can do that well, I suspect we'll get a bunch of other
> >> security benefits too.)
> > I use Gmail for some traffic. If I really cared about the confidentiality
> > of that traffic, I should choose another provider. How many million
> > folks make the same decision?
> >
> > I use the weather channel to check forecasts for my home area, and
> > for airports en route to destinations, and for vacation and work
> > trips. I see ads popping up that are a obvious, direct result of
> > the WC folks having access to cookies from my browser! Somehow
> > I learned to live with that ;-) .
> >> And there's also the user-consent issue - regardless of what one
> >> thinks about web site T&C, it is absolutely the case that users
> >> have not given permission for the pervasive monitoring that's
> >> been reported.
> > Agreed.
> >
> > Steve
> > _______________________________________________
> > perpass mailing list
> > perpass@ietf.org
> > https://www.ietf.org/mailman/listinfo/perpass
> >
>
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>
>

--047d7bf0d628ffee0404e8b2dc2e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Alissa got to writing this email before I did, but I =
second pretty much everything she said here. Corporate data collection is n=
ot the same as pervasive government surveillance. Each has their concerns, =
but they are separate and the solutions to the two are considerably differe=
nt.<br>
<br></div>-Ross<br></div><div class=3D"gmail_extra"><br><br><div class=3D"g=
mail_quote">On Sun, Oct 13, 2013 at 5:35 PM, Alissa Cooper <span dir=3D"ltr=
">&lt;<a href=3D"mailto:acooper@cdt.org" target=3D"_blank">acooper@cdt.org<=
/a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Hi Steve,<br>
<br>
I&#39;d like to challenge your assertions that because Gmail and Facebook h=
ave billions of users, the bulk of Internet users do not care about pervasi=
ve state surveillance of all or most of their of their Internet communicati=
ons, and therefore the IETF&#39;s attempts at promoting strong security hav=
e thus far been sufficient. Privacy is often valued contextually. The fact =
that a user accepts the trade-offs that Gmail presents (accepting that a pr=
ivate company will scan her emails in exchange for a snappy interface or be=
neficial network effects) does not mean that the same user is comfortable w=
ith pervasive government surveillance that could allow her to be pursued (u=
sing police force) under legal standards that are often vague or uncertain =
for anything she writes in every email she sends. The state&#39;s ability t=
o impinge on a wide range of individual freedoms surpasses by far the abili=
ty of any single private company to do so. The line between private and pub=
lic sector data collection has obviously blurred as more and more data is e=
xchanged between the two, but that does not make the two of them equivalent=
.<br>

<br>
For the list: much of this thread&#39;s discussion seems to presume that th=
e business considerations behind individual companies&#39; decisions about =
whether to deploy secure protocols or not are unchanged from what they were=
 four months ago prior to the beginning of the revelations. Yet elsewhere t=
here seems to be a whole lot of hand-wringing going on about how much busin=
ess is being lost or how nervous various customers are in the wake of the r=
evelations. Can we really assume that no IT managers in charge of enterpris=
e SIP deployments or middlebox-based backwards-compatability solutions are =
even considering re-evaluating how they balance competing requirements?<br>

<span class=3D"HOEnZb"><font color=3D"#888888"><br>
Alissa<br>
</font></span><div class=3D"HOEnZb"><div class=3D"h5"><br>
On Oct 10, 2013, at 5:57 PM, Stephen Kent &lt;<a href=3D"mailto:kent@bbn.co=
m">kent@bbn.com</a>&gt; wrote:<br>
<br>
&gt; Hay,<br>
&gt;<br>
&gt;&gt; Hiya,<br>
&gt;&gt;&gt;&gt; I...<br>
&gt;&gt; I disagree. IMO all the snowdonia stuff is very good evidence that=
<br>
&gt;&gt; we need to do better. And &quot;enforcer&quot; is not at issue.<br=
>
&gt; Can yo be more specific here? I have not examined all of what is being=
 made<br>
&gt; public; I do have a day job :-) .<br>
&gt;&gt; And the 2nd. But the 2nd is a case where there&#39;s a teeny bit o=
f<br>
&gt;&gt; crypto baked into websockets so that websockets just doesn&#39;t<b=
r>
&gt;&gt; work without it. But not one to rathole on.<br>
&gt; OK, moving on.<br>
&gt;&gt; ...<br>
&gt;&gt; Going back to a mail from Yoav a few weeks ago - we&#39;re not try=
ing to<br>
&gt;&gt; prevent state surveillance, but we would like to make it more<br>
&gt;&gt; expensive so Yoav isn&#39;t on the list of folks that they can aff=
ord<br>
&gt;&gt; to surveil. Assuming we share that description as a goal, (do we?)=
<br>
&gt;&gt; what other kind of folks do you think we might need to make progre=
ss<br>
&gt;&gt; on that?<br>
&gt; I understand the goal of making life harder for state surveillance.<br=
>
&gt; However, I am not willing (personally) to incur any degraded user expe=
rience,<br>
&gt; premature cell phone battery depletion, etc in order to support this g=
oal.<br>
&gt; I suspect, but cannot prove, that most users would express similar fee=
lings.<br>
&gt;<br>
&gt; But, if there are things we can do that are &quot;free&quot; of advers=
e impacts,<br>
&gt; and supportive of the goal you noted, we should consider them.<br>
&gt;&gt; There is a fair point there but dealing with what people do on FB<=
br>
&gt;&gt; is not really within the IETF&#39;s scope I think. Making it harde=
r for<br>
&gt;&gt; a few hacked nodes to record everything everyone does is though.<b=
r>
&gt;&gt; (And if we can do that well, I suspect we&#39;ll get a bunch of ot=
her<br>
&gt;&gt; security benefits too.)<br>
&gt; I use Gmail for some traffic. If I really cared about the confidential=
ity<br>
&gt; of that traffic, I should choose another provider. How many million<br=
>
&gt; folks make the same decision?<br>
&gt;<br>
&gt; I use the weather channel to check forecasts for my home area, and<br>
&gt; for airports en route to destinations, and for vacation and work<br>
&gt; trips. I see ads popping up that are a obvious, direct result of<br>
&gt; the WC folks having access to cookies from my browser! Somehow<br>
&gt; I learned to live with that ;-) .<br>
&gt;&gt; And there&#39;s also the user-consent issue - regardless of what o=
ne<br>
&gt;&gt; thinks about web site T&amp;C, it is absolutely the case that user=
s<br>
&gt;&gt; have not given permission for the pervasive monitoring that&#39;s<=
br>
&gt;&gt; been reported.<br>
&gt; Agreed.<br>
&gt;<br>
&gt; Steve<br>
&gt; _______________________________________________<br>
&gt; perpass mailing list<br>
&gt; <a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_b=
lank">https://www.ietf.org/mailman/listinfo/perpass</a><br>
&gt;<br>
<br>
</div></div><br>_______________________________________________<br>
perpass mailing list<br>
<a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_blank"=
>https://www.ietf.org/mailman/listinfo/perpass</a><br>
<br></blockquote></div><br></div>

--047d7bf0d628ffee0404e8b2dc2e--

From rutkowski.tony@gmail.com  Mon Oct 14 05:47:27 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C8A321F9CC7 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 05:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j3CasTKHOzhz for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 05:47:26 -0700 (PDT)
Received: from mail-qe0-x233.google.com (mail-qe0-x233.google.com [IPv6:2607:f8b0:400d:c02::233]) by ietfa.amsl.com (Postfix) with ESMTP id 6CB8821F9E91 for <perpass@ietf.org>; Mon, 14 Oct 2013 05:47:26 -0700 (PDT)
Received: by mail-qe0-f51.google.com with SMTP id q19so5118512qeb.38 for <perpass@ietf.org>; Mon, 14 Oct 2013 05:47:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=k3DaP4oOYQrjeoPy+vxseFZ24JvEmxpEwKWV1Hh4aa4=; b=FWM+LFyxQ/E4wXeJ1kqpzGeWKzEaF+EgZYo0oVJAEC/Cb+bcTyc4DB3xMr85yd6yZj WmFMA8IcmTjSRKMDMt/Hn5RoJE2UuS7v16q0qRk/zvBqRHwIsSjQfHtQIiTERmtFDccm nzl02YlWY93JAzfjhdli9XRtI/Or/JLyZF4fWcVwJ9eLDY8jEo1xaQMCrRMqSz467hew dL3xnW28LDC81h5tG6Ru97bA22nLksxIcnm16ZiQkeeMspYC+yGsq7ffjHYOujknvvib 1SwMDPyDUIwsTW9wRLge7UMNiQWEDfkAPUTTG7Y2FfLIWBi9Zg1Qrb06mjv3GHlmgDrz /JQA==
X-Received: by 10.224.8.65 with SMTP id g1mr21950027qag.68.1381754845881; Mon, 14 Oct 2013 05:47:25 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id d7sm61400897qas.10.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 14 Oct 2013 05:47:25 -0700 (PDT)
Message-ID: <525BE7DC.4080407@gmail.com>
Date: Mon, 14 Oct 2013 08:47:24 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Alissa Cooper <acooper@cdt.org>, Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>
In-Reply-To: <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 12:47:27 -0000

Hi Alissa,

I'd like to challenge your challenge. :-)
The environment here seems much more
complex than you portray.  It is, however,
still all about risk management.

Most users make their choice of provider
and platform based on factors such as:
cost, performance, ease of use, SPAM
and malware reduction, image (i.e.,
account/domain name), mobility,
identity theft mitigation, familiarity,
and social feature sets.  Like credit
card fraud protection, some of those
features require a lot of invasive knowledge.
Fortunately, there are a lot of providers
competing in the marketplace.

A much smaller number of users who
for reason of employment and need to
protect sensitive information, will be
using designated platforms/providers
- frequently implementing their national
government security agency techniques
and practices.

An even smaller set of people who are
engaged in serious criminal and terrorist
activities will employ a variety of security
methods to prevent detection and interception.
Typically, the more dangerous the activity,
the more secure the communications employed.

An even smaller set who are paranoid about
government - which may be context dependent
- will also want to employ a variety of readily
available security methods.

Since the inception of messaging networks,
governments and societies worldwide have
instituted surveillance for all kinds of
essential legitimate purposes - especially
where the potential harm to people is great.
There are few if any exceptions, and some
like Italy purport to be the world's leaders.
Most citizens want that to continue because
the risks of not doing so are great.  What is
perhaps new is the ability for providers
to make use of some of the same technologies
for commercial services of substantial use
by their customers.  Big Data analysis is
growing by leaps and bounds.

So we come full circle back to the subject
of risk management.  You can probably assume
that wherever you are, your message traffic
is being seen by at least a half dozen parties
who are at least extracting meta data along
the way.  In some contexts, it may be more.
Even in 1995, Scott MacNeally urged the
paranoid to "get over it."

So as many have opined, the IETF is a
technical standards body, not an evangelical
organization for socio-political views, and
hopefully will continue to do what it
does well - produce usable protocols - and
leave the implementation choices to others
based on their assessment of the risk.

--tony


On 10/13/2013 5:35 PM, Alissa Cooper wrote:
> Hi Steve,
>
> I'd like to challenge your assertions that because Gmail and Facebook h=
ave billions of users, the bulk of Internet users do not care about perva=
sive state surveillance of all or most of their of their Internet communi=
cations, and therefore the IETF's attempts at promoting strong security h=
ave thus far been sufficient. Privacy is often valued contextually. The f=
act that a user accepts the trade-offs that Gmail presents (accepting tha=
t a private company will scan her emails in exchange for a snappy interfa=
ce or beneficial network effects) does not mean that the same user is com=
fortable with pervasive government surveillance that could allow her to b=
e pursued (using police force) under legal standards that are often vague=
 or uncertain for anything she writes in every email she sends. The state=
's ability to impinge on a wide range of individual freedoms surpasses by=
 far the ability of any single private company to do so. The line between=
 private and public sector data collection has obviously blurred as more =
and more data is exchanged between the two, but that does not make the tw=
o of them equivalent.
>
> For the list: much of this thread's discussion seems to presume that th=
e business considerations behind individual companies' decisions about wh=
ether to deploy secure protocols or not are unchanged from what they were=
 four months ago prior to the beginning of the revelations. Yet elsewhere=
 there seems to be a whole lot of hand-wringing going on about how much b=
usiness is being lost or how nervous various customers are in the wake of=
 the revelations. Can we really assume that no IT managers in charge of e=
nterprise SIP deployments or middlebox-based backwards-compatability solu=
tions are even considering re-evaluating how they balance competing requi=
rements?
>
> Alissa
>
> On Oct 10, 2013, at 5:57 PM, Stephen Kent<kent@bbn.com>  wrote:
>
>> >



From stephen.farrell@cs.tcd.ie  Mon Oct 14 06:00:44 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18ECD11E817E for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 06:00:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.574
X-Spam-Level: 
X-Spam-Status: No, score=-102.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z8v99+S4HK+5 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 06:00:38 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 38A9621F9399 for <perpass@ietf.org>; Mon, 14 Oct 2013 06:00:38 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 3955BBE29; Mon, 14 Oct 2013 14:00:37 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2rUPBlfR9Ahn; Mon, 14 Oct 2013 14:00:37 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id E725CBE1C; Mon, 14 Oct 2013 14:00:36 +0100 (IST)
Message-ID: <525BEAF4.5090802@cs.tcd.ie>
Date: Mon, 14 Oct 2013 14:00:36 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: rutkowski.tony@gmail.com, Alissa Cooper <acooper@cdt.org>,  Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com>
In-Reply-To: <525BE7DC.4080407@gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 13:00:44 -0000

On 10/14/2013 01:47 PM, Tony Rutkowski wrote:
> Most citizens want that to continue because
> the risks of not doing so are great.

If the "that" above refers to pervasive monitoring,
then please provide evidence (but please do so in
another thread, I bet it'll not be conclusive
enough that one mail will be convincing;-)

If you are referring to tracking or surveillance
of a specific set of targets, then a) that's irrelevant
for this list/discussion which is about pervasive
monitoring, and b) see RFC 2804.

As an aside, its also misleading to speak of citizens
here, since most of us are not citizens of the same
country, for all values of country. So while it is
important and relevant that different jurisdictions
put in place policy/political controls on pervasive
monitoring, those are also not relevant for this
list since in general our protocols can be used
across all possible jurisdictional boundaries.

> So as many have opined, the IETF is a
> technical standards body,

Yes we are. And given that pervasive monitoring is
in some ways indistinguishable from other forms of
attack, we should treat those aspects as an attack
and put in place the best technical mitigations we
can.

And as a reminder the question for this thread,
is whether or not going further than MTI would help
with that.

S.


From rutkowski.tony@gmail.com  Mon Oct 14 06:26:09 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47B5421E8160 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 06:26:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V7sqJjAB7FEW for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 06:26:07 -0700 (PDT)
Received: from mail-qe0-x22d.google.com (mail-qe0-x22d.google.com [IPv6:2607:f8b0:400d:c02::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 5C3E211E8147 for <perpass@ietf.org>; Mon, 14 Oct 2013 06:25:25 -0700 (PDT)
Received: by mail-qe0-f45.google.com with SMTP id 8so5122694qea.18 for <perpass@ietf.org>; Mon, 14 Oct 2013 06:25:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=CmJ9TifOmjDQ6LU84y0eG2Lj0+/6MDorHwKRFVk5VY0=; b=XtpJI1QA8GmKeR8pPK5NHZbxu7yaTTp28OeedmgAQbLFobRLOeokIfKjIfI4myppkD hYSX+rIIw/4E79EP6aMT1uG1tbgecGqjNb35mCXhAWZMbVANUVW9NAsiMYs+jotz2vkS 09VB/pAlT/ibXM3VseXMxzkgPJU5nJe6JMGI3w18muMgBq/re0lNRbjtTKx7oNMY3PxD t8bDy0pdOHUNGz1ncP2qqb9z69+uAJcomBE9tn/zr1y8eHazzcLZ5qc9ccjjlcxGdn2y ydWH+y64/KAhnRr2pmsd0sJ5AZgqscmTbc0PQ1Yu323irGwQBA4+L9/rOPHQIFhEWGZa oIiw==
X-Received: by 10.224.36.146 with SMTP id t18mr1826166qad.111.1381757123051; Mon, 14 Oct 2013 06:25:23 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id l4sm143812117qae.4.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 14 Oct 2013 06:25:22 -0700 (PDT)
Message-ID: <525BF0C2.8010201@gmail.com>
Date: Mon, 14 Oct 2013 09:25:22 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>,  Alissa Cooper <acooper@cdt.org>, Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <525BEAF4.5090802@cs.tcd.ie>
In-Reply-To: <525BEAF4.5090802@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 13:26:09 -0000

Hi Steve,

The "that" clearly refers to the precedent sentence:
> Since the inception of messaging networks,
> governments and societies worldwide have
> instituted surveillance for all kinds of
> essential legitimate purposes - especially
> where the potential harm to people is great. 
"Pervasive monitoring" seems an utterly meaningless
term used for political rhetoric/evangelical purposes
that isn't worth pursuing.  That should be a first order
conclusion.

The point was that this is all about risk management.
However, if you or anyone else want to denominate
a religious abstraction as an "attack" - go for it. :-)
It'll be fun to watch.

--tony


On 10/14/2013 9:00 AM, Stephen Farrell wrote:
>
> On 10/14/2013 01:47 PM, Tony Rutkowski wrote:
>> Most citizens want that to continue because
>> the risks of not doing so are great.
> If the "that" above refers to pervasive monitoring,
> then please provide evidence (but please do so in
> another thread, I bet it'll not be conclusive
> enough that one mail will be convincing;-)
>
> If you are referring to tracking or surveillance
> of a specific set of targets, then a) that's irrelevant
> for this list/discussion which is about pervasive
> monitoring, and b) see RFC 2804.
>
> As an aside, its also misleading to speak of citizens
> here, since most of us are not citizens of the same
> country, for all values of country. So while it is
> important and relevant that different jurisdictions
> put in place policy/political controls on pervasive
> monitoring, those are also not relevant for this
> list since in general our protocols can be used
> across all possible jurisdictional boundaries.
>
>> So as many have opined, the IETF is a
>> technical standards body,
> Yes we are. And given that pervasive monitoring is
> in some ways indistinguishable from other forms of
> attack, we should treat those aspects as an attack
> and put in place the best technical mitigations we
> can.
>
> And as a reminder the question for this thread,
> is whether or not going further than MTI would help
> with that.
>
> S.
>


From avri@acm.org  Mon Oct 14 06:43:34 2013
Return-Path: <avri@acm.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FE2A21E8168 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 06:43:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.288
X-Spam-Level: 
X-Spam-Status: No, score=-110.288 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XMyGqPdrcteZ for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 06:43:29 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id E9E9F21E8160 for <perpass@ietf.org>; Mon, 14 Oct 2013 06:43:26 -0700 (PDT)
Received: from psg.com ([147.28.0.62] helo=[127.0.0.1]) by psg.com with esmtp (Exim 4.80.1 (FreeBSD)) (envelope-from <avri@acm.org>) id 1VViQf-000BZE-W1 for perpass@ietf.org; Mon, 14 Oct 2013 13:43:26 +0000
From: Avri Doria <avri@acm.org>
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: multipart/signed; boundary="Apple-Mail=_583887AA-29D0-428D-82CA-46E7F907E67D"; protocol="application/pgp-signature"; micalg=pgp-sha1
Date: Mon, 14 Oct 2013 09:43:24 -0400
In-Reply-To: <525BE7DC.4080407@gmail.com>
To: perpass <perpass@ietf.org>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com>
Message-Id: <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>
X-Mailer: Apple Mail (2.1283)
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 13:43:34 -0000

--Apple-Mail=_583887AA-29D0-428D-82CA-46E7F907E67D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


Hi,

On 14 Oct 2013, at 08:47, Tony Rutkowski wrote:

> So as many have opined, the IETF is a
> technical standards body, not an evangelical
> organization for socio-political views, and
> hopefully will continue to do what it
> does well - produce usable protocols - and
> leave the implementation choices to others
> based on their assessment of the risk.


Yes, but in doing so, it should provide the ability for the individual =
users, whether companies or individuals, to mitigate their risks.  If =
technical standards do not include a mandatory option (MTI) of privacy =
protection they are making a political techno-decsion against privacy.  =
If the Internet cannot be used in a manner that enhances privacy, for =
those who value privacy, but only maximizes surveillance based security =
for those who value surveillance, then it looks to me like we are acting =
evangelically.

We can only maintain the belief that our technology and protocols are =
neutral if they can be used by people of diverse socio-political views.

So while I can see problems with MTU, I think genuine MTI (and perhaps =
some MTU) is needed for privacy enhancements at a level that matches the =
MTIs and MTUs for security.  I technical neutrality requires it.

avri

--Apple-Mail=_583887AA-29D0-428D-82CA-46E7F907E67D
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJSW/T9AAoJEOo+L8tCe36HD9wH/1+7s/VR4jFUdG/0+aBQQMHp
QDVycwYKtJzDKWY/+3w2Y1GA3ANs8mM5jmeYXZHr2D2gIekyxn2/b3ikLpvE9g2+
Aj4ReBHG9imzMyG1gzpO6WhSFYQRwQrqz1O+XgukM1IEnhjZNtn/HRPOly1EnEdA
vKpbIwuq2A1qG5Si5xzweyAgx+CkESCEvr22Ezt1+UrcBTvbaV0+VKizuw9otMqY
Ih0dgswHPlXLiTYHYg16oqq6z1xqvCqEjDWAQdJIj9orqIO+CjrtjHOag8l/OSUe
n0+2uwuwXZpjMZraG2tTH7+SMj1fRxCB54zTucBz/ZUUa8i4kDj+1Rf6+ApAHXY=
=oo/S
-----END PGP SIGNATURE-----

--Apple-Mail=_583887AA-29D0-428D-82CA-46E7F907E67D--

From stephen.farrell@cs.tcd.ie  Mon Oct 14 06:44:11 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE33221E8160 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 06:44:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.578
X-Spam-Level: 
X-Spam-Status: No, score=-102.578 tagged_above=-999 required=5 tests=[AWL=0.021, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dqP0YEzBTXPC for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 06:44:07 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id E2C6021E8173 for <perpass@ietf.org>; Mon, 14 Oct 2013 06:43:59 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id BB0A2BE38; Mon, 14 Oct 2013 14:43:56 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d6t7K5AclQQg; Mon, 14 Oct 2013 14:43:56 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 61266BE35; Mon, 14 Oct 2013 14:43:56 +0100 (IST)
Message-ID: <525BF51C.6090901@cs.tcd.ie>
Date: Mon, 14 Oct 2013 14:43:56 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: rutkowski.tony@gmail.com, Alissa Cooper <acooper@cdt.org>,  Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com> <525BEAF4.5090802@cs.tcd.ie> <525BF0C2.8010201@gmail.com>
In-Reply-To: <525BF0C2.8010201@gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 13:44:11 -0000

Hiya,

On 10/14/2013 02:25 PM, Tony Rutkowski wrote:
> Hi Steve,
> 
> The "that" clearly refers to the precedent sentence:
>> Since the inception of messaging networks,
>> governments and societies worldwide have
>> instituted surveillance for all kinds of
>> essential legitimate purposes - especially

"all kinds of essential legitimate purposes" simply
begs the question IMO.

>> where the potential harm to people is great. 
> "Pervasive monitoring" seems an utterly meaningless
> term used for political rhetoric/evangelical purposes
> that isn't worth pursuing.  That should be a first order
> conclusion.

Personally, I entirely disagree. It is true that we
don't have a worked out threat model for this yet,
but Brian's draft is a start on which I hope we'll
build so that protocol designers, implementers and
those deploying networks and services will have a
useful threat model to use when doing their work.

> The point was that this is all about risk management.

That's agreed. One reason for this list is that we have a
new threat model that we've not considered when designing
protocols. The risk analysis has been changed by
recent revelations IMO. If you disagree, that's fine,
but surprising.

> However, if you or anyone else want to denominate
> a religious abstraction as an "attack" - go for it. :-)
> It'll be fun to watch.

I'll take that rhetorical flourish as a lack of
evidence then:-)

And we're going way off topic for this thread, so
please change the subject if you want to continue
on this topic - its not really to do with MTI at
all.

Ta,
S.


> 
> --tony
> 
> 
> On 10/14/2013 9:00 AM, Stephen Farrell wrote:
>>
>> On 10/14/2013 01:47 PM, Tony Rutkowski wrote:
>>> Most citizens want that to continue because
>>> the risks of not doing so are great.
>> If the "that" above refers to pervasive monitoring,
>> then please provide evidence (but please do so in
>> another thread, I bet it'll not be conclusive
>> enough that one mail will be convincing;-)
>>
>> If you are referring to tracking or surveillance
>> of a specific set of targets, then a) that's irrelevant
>> for this list/discussion which is about pervasive
>> monitoring, and b) see RFC 2804.
>>
>> As an aside, its also misleading to speak of citizens
>> here, since most of us are not citizens of the same
>> country, for all values of country. So while it is
>> important and relevant that different jurisdictions
>> put in place policy/political controls on pervasive
>> monitoring, those are also not relevant for this
>> list since in general our protocols can be used
>> across all possible jurisdictional boundaries.
>>
>>> So as many have opined, the IETF is a
>>> technical standards body,
>> Yes we are. And given that pervasive monitoring is
>> in some ways indistinguishable from other forms of
>> attack, we should treat those aspects as an attack
>> and put in place the best technical mitigations we
>> can.
>>
>> And as a reminder the question for this thread,
>> is whether or not going further than MTI would help
>> with that.
>>
>> S.
>>
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From kathleen.moriarty@emc.com  Mon Oct 14 06:58:08 2013
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31D9221E8168 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 06:58:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.999
X-Spam-Level: 
X-Spam-Status: No, score=-2.999 tagged_above=-999 required=5 tests=[AWL=-0.400, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AVZeE2bhTATq for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 06:57:59 -0700 (PDT)
Received: from mailuogwdur.emc.com (mailuogwdur.emc.com [128.221.224.79]) by ietfa.amsl.com (Postfix) with ESMTP id 11FAE21E80CB for <perpass@ietf.org>; Mon, 14 Oct 2013 06:57:55 -0700 (PDT)
Received: from maildlpprd55.lss.emc.com (maildlpprd55.lss.emc.com [10.106.48.159]) by mailuogwprd51.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9EDvpax029709 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Oct 2013 09:57:51 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com r9EDvpax029709
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1381759071; bh=m6ssy0i/iFR5SIVjpDXCgM3dN5g=; h=From:To:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=B55WaDoOcjPWSTJEK3N+U9VieDUueKC3sJUfRouKiZTGwF7WU3NZ6munTIMNdQwqP HB+XyzvTVJ3La+yU8gM/Uhj5cwxb1q6z12xmr5HLm9Q8Z8s0T7o9WgsYFodW6KHAN9 wylAZYSGh16LpnbXkKKq9kGGDAIpDfDQGpjFoh7o=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com r9EDvpax029709
Received: from mailusrhubprd01.lss.emc.com (mailusrhubprd01.lss.emc.com [10.253.24.19]) by maildlpprd55.lss.emc.com (RSA Interceptor); Mon, 14 Oct 2013 09:57:27 -0400
Received: from mxhub13.corp.emc.com (mxhub13.corp.emc.com [128.222.70.234]) by mailusrhubprd01.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9EDvR4T026203 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 14 Oct 2013 09:57:27 -0400
Received: from mx15a.corp.emc.com ([169.254.1.46]) by mxhub13.corp.emc.com ([128.222.70.234]) with mapi; Mon, 14 Oct 2013 09:57:27 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: Avri Doria <avri@acm.org>, perpass <perpass@ietf.org>
Date: Mon, 14 Oct 2013 09:57:24 -0400
Thread-Topic: [perpass] mandatory-to-implement vs. more?
Thread-Index: Ac7I42YUWlZsZ61lSwisR3dpZMHPhQAAHdnw
Message-ID: <F5063677821E3B4F81ACFB7905573F24049E8BC760@MX15A.corp.emc.com>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>
In-Reply-To: <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd01.lss.emc.com
X-EMM-GWVC: 1
X-EMM-McAfeeVC: 1
X-RSA-Classifications: public
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 13:58:08 -0000

This is a good discussion.  I do want to add that we should not forget that=
 there are some simple education issues that we have not made enough progre=
ss on yet.  How many of you find yourself explaining to small companies (an=
d even some big ones), that they should not be sending your personal data o=
ver email?  This seems to happen to me and luckily, I was able to head it o=
ff before it happened the last few times.  As we work to bridge gaps, it wi=
ll take time and we may need to figure out education options as we work to =
improve security options.

Bets regards,
Kathleen =20

-----Original Message-----
From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf =
Of Avri Doria
Sent: Monday, October 14, 2013 9:43 AM
To: perpass
Subject: Re: [perpass] mandatory-to-implement vs. more?


Hi,

On 14 Oct 2013, at 08:47, Tony Rutkowski wrote:

> So as many have opined, the IETF is a
> technical standards body, not an evangelical organization for=20
> socio-political views, and hopefully will continue to do what it does=20
> well - produce usable protocols - and leave the implementation choices=20
> to others based on their assessment of the risk.


Yes, but in doing so, it should provide the ability for the individual user=
s, whether companies or individuals, to mitigate their risks.  If technical=
 standards do not include a mandatory option (MTI) of privacy protection th=
ey are making a political techno-decsion against privacy.  If the Internet =
cannot be used in a manner that enhances privacy, for those who value priva=
cy, but only maximizes surveillance based security for those who value surv=
eillance, then it looks to me like we are acting evangelically.

We can only maintain the belief that our technology and protocols are neutr=
al if they can be used by people of diverse socio-political views.

So while I can see problems with MTU, I think genuine MTI (and perhaps some=
 MTU) is needed for privacy enhancements at a level that matches the MTIs a=
nd MTUs for security.  I technical neutrality requires it.

avri

From kent@bbn.com  Mon Oct 14 07:33:17 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66FCB11E8184 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 07:33:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.41
X-Spam-Level: 
X-Spam-Status: No, score=-106.41 tagged_above=-999 required=5 tests=[AWL=0.189, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d5dCMH8z3fZF for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 07:33:11 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 913CE11E8144 for <perpass@ietf.org>; Mon, 14 Oct 2013 07:33:11 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:54490) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VVjCf-000J16-23; Mon, 14 Oct 2013 10:33:01 -0400
Message-ID: <525C009D.50402@bbn.com>
Date: Mon, 14 Oct 2013 10:33:01 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Alissa Cooper <acooper@cdt.org>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>
In-Reply-To: <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 14:33:17 -0000

Alissa,
> Hi Steve,
>
> I'd like to challenge your assertions that because Gmail and Facebook h=
ave billions of users, the bulk of Internet users do not care about perva=
sive state surveillance of all or most of their of their Internet communi=
cations, and therefore the IETF's attempts at promoting strong security h=
ave thus far been sufficient. Privacy is often valued contextually. The f=
act that a user accepts the trade-offs that Gmail presents (accepting tha=
t a private company will scan her emails in exchange for a snappy interfa=
ce or beneficial network effects) does not mean that the same user is com=
fortable with pervasive government surveillance that could allow her to b=
e pursued (using police force) under legal standards that are often vague=
 or uncertain for anything she writes in every email she sends. The state=
's ability to impinge on a wide range of individual freedoms surpasses by=
 far the ability of any single private company to do so. The line between=
 private and public sector data collection has obviously blurred as more =
and more data is exchanged between the two, but that does not make the tw=
o of them equivalent.
I appreciate your analysis, but I don't necessarily agree with your=20
conclusions. The state has a
responsibility to provide for the security of its citizens. To the=20
extent that surveillance supports
this goal, it is potentially justified, irrespective of whether every=20
citizen agrees with the
methods. Corporate collection of personal data tends to be driven by=20
greed, not quite so noble
a goal :-).

I agree that the state has a more powerful capability to collect info=20
about Internet users, and
yes, there are no T's & C's to read and agree to (or, more likely ignore =

and agree to). But
that does not mean that we, as developers of Internet standards, are in=20
a position to know
whether all users feel that state vs. corporate surveillance is a=20
greater personal concern, and
thus warrants mandatory to use (vs. implement) security features.
> For the list: much of this thread's discussion seems to presume that th=
e business considerations behind individual companies' decisions about wh=
ether to deploy secure protocols or not are unchanged from what they were=
 four months ago prior to the beginning of the revelations. Yet elsewhere=
 there seems to be a whole lot of hand-wringing going on about how much b=
usiness is being lost or how nervous various customers are in the wake of=
 the revelations. Can we really assume that no IT managers in charge of e=
nterprise SIP deployments or middlebox-based backwards-compatability solu=
tions are even considering re-evaluating how they balance competing requi=
rements?
I'll defer to folks with more direct experience with these businesses,=20
but I have seen no such
change in perception. The only change I have seen is that enterprises=20
makign use of cloud storage
and backup are more concerned about the confidentiality of the data=20
stored there, and are considering
offshore alternatives.

Steve


From kent@bbn.com  Mon Oct 14 07:43:45 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C95511E8189 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 07:43:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.422
X-Spam-Level: 
X-Spam-Status: No, score=-106.422 tagged_above=-999 required=5 tests=[AWL=0.177, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id efYJqgKxf389 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 07:43:39 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id A050311E8140 for <perpass@ietf.org>; Mon, 14 Oct 2013 07:43:39 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:54515) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VVjMw-000K0e-Om; Mon, 14 Oct 2013 10:43:38 -0400
Message-ID: <525C031B.5030100@bbn.com>
Date: Mon, 14 Oct 2013 10:43:39 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Avri Doria <avri@acm.org>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>
In-Reply-To: <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 14:43:45 -0000

Avri,
> ...
>
> Yes, but in doing so, it should provide the ability for the individual users, whether companies or individuals, to mitigate their risks.  If technical standards do not include a mandatory option (MTI) of privacy protection they are making a political techno-decsion against privacy.  If the Internet cannot be used in a manner that enhances privacy, for those who value privacy, but only maximizes surveillance based security for those who value surveillance, then it looks to me like we are acting evangelically.
>
> We can only maintain the belief that our technology and protocols are neutral if they can be used by people of diverse socio-political views.
>
> So while I can see problems with MTU, I think genuine MTI (and perhaps some MTU) is needed for privacy enhancements at a level that matches the MTIs and MTUs for security.  I technical neutrality requires it.
To first order, we're in agreement, i.e., MTI provides a reasonable 
basis for deploying privacy
measures when users and service providers choose to make use of them. If 
we fail to provide
MTI options, we deprive users and providers of the ability to engage in 
interoperable
security/privacy measures.

The question Stephen raised is whether that's enough. For me, the answer 
is yes, and going
beyond MTI to MTU is pursuing an "evangelical" path that we ought to avoid.

Since you alluded to "some MTU" above, the obvious question is what are 
examples of
MTU mechanisms that you support?

Steve

From derhoermi@gmx.net  Mon Oct 14 07:52:27 2013
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 831CE21E80C4 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 07:52:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FYtT99F6kiz5 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 07:52:17 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by ietfa.amsl.com (Postfix) with ESMTP id 7A12A21E8082 for <perpass@ietf.org>; Mon, 14 Oct 2013 07:52:15 -0700 (PDT)
Received: from netb.Speedport_W_700V ([84.180.228.86]) by mail.gmx.com (mrgmx101) with ESMTPA (Nemesis) id 0MVrQS-1VGSm30wIq-00X1QO for <perpass@ietf.org>; Mon, 14 Oct 2013 16:52:12 +0200
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Stephen Kent <kent@bbn.com>
Date: Mon, 14 Oct 2013 16:52:14 +0200
Message-ID: <9ttn59pa62se7foo2hf90gf38r8oalqqf4@hive.bjoern.hoehrmann.de>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com>
In-Reply-To: <525722C4.4020408@bbn.com>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:t3R89aXAmC/7xDRErpz6FaJxjvwt56m9gkXecfCphyZt8aHF18J giNX2bWWH1vsII8gGMmU5kC/U3MSzpymmyJVV/jFFVAjPxlKW+pKBcj3czicj54YHbX0c+M Db7ATsVo+9j0tGPNI2gshgyHoVeuAQvJY44dws48+FERAq5XkDuQ73RoGecbw+6NTupYG7w XO46G9LudOQcfqaJKvTww==
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 14:52:27 -0000

* Stephen Kent wrote:
>I understand the goal of making life harder for state surveillance.
>However, I am not willing (personally) to incur any degraded user 
>experience,
>premature cell phone battery depletion, etc in order to support this goal.
>I suspect, but cannot prove, that most users would express similar feelings.

We generally regard representative opinion polls conducted by reputable
polling organisations as adequate proof for statements like that and it
is reasonably inexpensive to commission them, so I think you can. The
problem is of course how to structure the interview, how to phrase the
questions, what kind of answers to offer, what information to provide
upfront, and so on.

I imagine, for instance, many people also do not want to incur degraded
user experience due to state surveillance, like being unable to work
jobs that require a security clearance or being put on a "no fly list"
because some automated system detected too many ungood words in messages
they sent or received; or losing their job because their employer went
out of business after losing the corporate espionage game with a foreign
power.

I suspect, if you asked people whether they are willing to give up, say,
10% battery life, or pay 10% more for their batteries, and be protected
against such threats, most would take the deal. In contrast, if you tell
the story from the other side, get 10% more battery and better chances
to stay in business because some NSA guys owe the CEO a favour, well, I
suspect that also sounds appealing to many.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

From skyper@thc.org  Mon Oct 14 07:55:02 2013
Return-Path: <skyper@thc.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C679D21E8093 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 07:55:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.023
X-Spam-Level: ***
X-Spam-Status: No, score=3.023 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aMv5oF3K7-s7 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 07:54:58 -0700 (PDT)
Received: from mail-ie0-x230.google.com (mail-ie0-x230.google.com [IPv6:2607:f8b0:4001:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id 45E1921F8F78 for <perpass@ietf.org>; Mon, 14 Oct 2013 07:54:36 -0700 (PDT)
Received: by mail-ie0-f176.google.com with SMTP id u16so5685143iet.35 for <perpass@ietf.org>; Mon, 14 Oct 2013 07:54:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thc.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=8IuMFxR6b6IV2/rO9rntNq4cfeSciJLpxGq+V8eASTU=; b=F36wBo0T/8LCXwCC0bzEfTde1wm3fakvP40UGZdglQYkGm2mEe6pElx6S4acTZiopk HGRrm4Ox5VKE9MSlp+J0Lfv/mzpmZKIjBlcLn/5sHGE/NA899/Mc3VH/buNYP42UF8+D WH9eUBwGhQJ56oxQoWLIwjkWzvAImk3T4QvgI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=8IuMFxR6b6IV2/rO9rntNq4cfeSciJLpxGq+V8eASTU=; b=jZIAY2u3wECT+e7ZUfspGH21pAWELqqY6hVoZijOY1hm5129km68YAbNhGlkcWaevT QY2oj5eucCmp1QTHoR92xq9cQWfcpr4+4wHCxQyPg2+3zuavGS9x84nx/XEKkz4kzh/b NShoLtuSuWFISm68eHP33obZyF1RD6Fv0t5Er9KFu6INyW8UCM430/F35g+XAB60fvy0 0jV+LPJUWaPPaBBpI6IEIE9mt708ydW1VYnNzdXnP3wFqdju+TTws9q1B3ZO0n0GYBxK E861Nlt6J8778SE/3eI52dRIWqFHyEYqpjYI7VTQhpsHjq3Xo0+TFhoMHw0vc7CBwMRq UMcw==
X-Gm-Message-State: ALoCoQlv7HbabPj04bOykoo3D2PVAc+K+eS93xzbVwUolf4W3adsrtnWZJW47bziV+qJoHJ4CNVF
MIME-Version: 1.0
X-Received: by 10.50.30.67 with SMTP id q3mr7127985igh.46.1381762475282; Mon, 14 Oct 2013 07:54:35 -0700 (PDT)
Received: by 10.64.231.100 with HTTP; Mon, 14 Oct 2013 07:54:35 -0700 (PDT)
X-Originating-IP: [86.157.5.209]
In-Reply-To: <525C009D.50402@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525C009D.50402@bbn.com>
Date: Mon, 14 Oct 2013 15:54:35 +0100
Message-ID: <CA+BZK2posNKLY5hOBzz2Fe9fDfhKuo-13F9gbjbnm7BNt862KQ@mail.gmail.com>
From: Ralf Skyper Kaiser <skyper@thc.org>
To: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary=047d7bdc131080e7ef04e8b4a55d
Cc: perpass <perpass@ietf.org>, Alissa Cooper <acooper@cdt.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 14:55:03 -0000

--047d7bdc131080e7ef04e8b4a55d
Content-Type: text/plain; charset=ISO-8859-1

Stephen,

"The state has a  responsibility to provide for the security of its
citizens. To the extent that surveillance supports
this goal, it is potentially justified, irrespective of whether every
citizen agrees with the  methods."

If this is the case why dont we hand a copy of our house key to the police?
This way the police can come around every evening and check what we are up
to.

Why not cameras on toilets as well?

Because mass surveillance (for good and bad) scares the Internet user. It
makes it less attractive to use the Internet. It restricts the Internet. It
violates the Universal Declaration of Human Rights (to which your country
is a signatory as well).

It is not the targeted surveillance but the unregulated mass surveillance
that is the problem.

The current IETF standards do not protect against mass surveillance
sufficiently.

regards,

Ralf



On Mon, Oct 14, 2013 at 3:33 PM, Stephen Kent <kent@bbn.com> wrote:

> Alissa,
>
>  Hi Steve,
>>
>> I'd like to challenge your assertions that because Gmail and Facebook
>> have billions of users, the bulk of Internet users do not care about
>> pervasive state surveillance of all or most of their of their Internet
>> communications, and therefore the IETF's attempts at promoting strong
>> security have thus far been sufficient. Privacy is often valued
>> contextually. The fact that a user accepts the trade-offs that Gmail
>> presents (accepting that a private company will scan her emails in exchange
>> for a snappy interface or beneficial network effects) does not mean that
>> the same user is comfortable with pervasive government surveillance that
>> could allow her to be pursued (using police force) under legal standards
>> that are often vague or uncertain for anything she writes in every email
>> she sends. The state's ability to impinge on a wide range of individual
>> freedoms surpasses by far the ability of any single private company to do
>> so. The line between private and public sector data collectio
>>
> n has obviously blurred as more and more data is exchanged between the
> two, but that does not make the two of them equivalent.
> I appreciate your analysis, but I don't necessarily agree with your
> conclusions. The state has a
> responsibility to provide for the security of its citizens. To the extent
> that surveillance supports
> this goal, it is potentially justified, irrespective of whether every
> citizen agrees with the
> methods. Corporate collection of personal data tends to be driven by
> greed, not quite so noble
> a goal :-).
>
> I agree that the state has a more powerful capability to collect info
> about Internet users, and
> yes, there are no T's & C's to read and agree to (or, more likely ignore
> and agree to). But
> that does not mean that we, as developers of Internet standards, are in a
> position to know
> whether all users feel that state vs. corporate surveillance is a greater
> personal concern, and
> thus warrants mandatory to use (vs. implement) security features.
>
>  For the list: much of this thread's discussion seems to presume that the
>> business considerations behind individual companies' decisions about
>> whether to deploy secure protocols or not are unchanged from what they were
>> four months ago prior to the beginning of the revelations. Yet elsewhere
>> there seems to be a whole lot of hand-wringing going on about how much
>> business is being lost or how nervous various customers are in the wake of
>> the revelations. Can we really assume that no IT managers in charge of
>> enterprise SIP deployments or middlebox-based backwards-compatability
>> solutions are even considering re-evaluating how they balance competing
>> requirements?
>>
> I'll defer to folks with more direct experience with these businesses, but
> I have seen no such
> change in perception. The only change I have seen is that enterprises
> makign use of cloud storage
> and backup are more concerned about the confidentiality of the data stored
> there, and are considering
> offshore alternatives.
>
>
> Steve
>
> ______________________________**_________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/**listinfo/perpass<https://www.ietf.org/mailman/listinfo/perpass>
>

--047d7bdc131080e7ef04e8b4a55d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div><div><div><div>Stephen,<br><br>&quot;The state h=
as a=A0
responsibility to provide for the security of its citizens. To the extent t=
hat surveillance supports<br>
this goal, it is potentially justified, irrespective of whether every citiz=
en agrees with the=A0
methods.&quot;<br><br></div>If this is the case why dont we hand a copy of =
our house key to the police? This way the police can come around every even=
ing and check what we are up to.<br><br></div>Why not cameras on toilets as=
 well?<br>
<br></div>Because mass surveillance (for good and bad) scares the Internet =
user. It makes it less attractive to use the Internet. It restricts the Int=
ernet. It violates the Universal Declaration of Human Rights (to which your=
 country is a signatory as well).<br>
<br></div>It is not the targeted surveillance but the unregulated mass surv=
eillance that is the problem.<br><br></div>The current IETF standards do no=
t protect against mass surveillance sufficiently.<br><div><br>regards,<br>
<br>Ralf<br>=A0<br></div></div><div class=3D"gmail_extra"><br><br><div clas=
s=3D"gmail_quote">On Mon, Oct 14, 2013 at 3:33 PM, Stephen Kent <span dir=
=3D"ltr">&lt;<a href=3D"mailto:kent@bbn.com" target=3D"_blank">kent@bbn.com=
</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Alissa,<div class=3D"im"><br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
Hi Steve,<br>
<br>
I&#39;d like to challenge your assertions that because Gmail and Facebook h=
ave billions of users, the bulk of Internet users do not care about pervasi=
ve state surveillance of all or most of their of their Internet communicati=
ons, and therefore the IETF&#39;s attempts at promoting strong security hav=
e thus far been sufficient. Privacy is often valued contextually. The fact =
that a user accepts the trade-offs that Gmail presents (accepting that a pr=
ivate company will scan her emails in exchange for a snappy interface or be=
neficial network effects) does not mean that the same user is comfortable w=
ith pervasive government surveillance that could allow her to be pursued (u=
sing police force) under legal standards that are often vague or uncertain =
for anything she writes in every email she sends. The state&#39;s ability t=
o impinge on a wide range of individual freedoms surpasses by far the abili=
ty of any single private company to do so. The line between private and pub=
lic sector data collectio<br>

</blockquote>
n has obviously blurred as more and more data is exchanged between the two,=
 but that does not make the two of them equivalent.<br></div>
I appreciate your analysis, but I don&#39;t necessarily agree with your con=
clusions. The state has a<br>
responsibility to provide for the security of its citizens. To the extent t=
hat surveillance supports<br>
this goal, it is potentially justified, irrespective of whether every citiz=
en agrees with the<br>
methods. Corporate collection of personal data tends to be driven by greed,=
 not quite so noble<br>
a goal :-).<br>
<br>
I agree that the state has a more powerful capability to collect info about=
 Internet users, and<br>
yes, there are no T&#39;s &amp; C&#39;s to read and agree to (or, more like=
ly ignore and agree to). But<br>
that does not mean that we, as developers of Internet standards, are in a p=
osition to know<br>
whether all users feel that state vs. corporate surveillance is a greater p=
ersonal concern, and<br>
thus warrants mandatory to use (vs. implement) security features.<div class=
=3D"im"><br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
For the list: much of this thread&#39;s discussion seems to presume that th=
e business considerations behind individual companies&#39; decisions about =
whether to deploy secure protocols or not are unchanged from what they were=
 four months ago prior to the beginning of the revelations. Yet elsewhere t=
here seems to be a whole lot of hand-wringing going on about how much busin=
ess is being lost or how nervous various customers are in the wake of the r=
evelations. Can we really assume that no IT managers in charge of enterpris=
e SIP deployments or middlebox-based backwards-compatability solutions are =
even considering re-evaluating how they balance competing requirements?<br>

</blockquote></div>
I&#39;ll defer to folks with more direct experience with these businesses, =
but I have seen no such<br>
change in perception. The only change I have seen is that enterprises makig=
n use of cloud storage<br>
and backup are more concerned about the confidentiality of the data stored =
there, and are considering<br>
offshore alternatives.<div class=3D"HOEnZb"><div class=3D"h5"><br>
<br>
Steve<br>
<br>
______________________________<u></u>_________________<br>
perpass mailing list<br>
<a href=3D"mailto:perpass@ietf.org" target=3D"_blank">perpass@ietf.org</a><=
br>
<a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_blank"=
>https://www.ietf.org/mailman/<u></u>listinfo/perpass</a><br>
</div></div></blockquote></div><br></div>

--047d7bdc131080e7ef04e8b4a55d--

From skyper@thc.org  Mon Oct 14 08:01:32 2013
Return-Path: <skyper@thc.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC89021E817C for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 08:01:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.19
X-Spam-Level: **
X-Spam-Status: No, score=2.19 tagged_above=-999 required=5 tests=[AWL=0.833, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o60N6E37T828 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 08:01:28 -0700 (PDT)
Received: from mail-ie0-x22a.google.com (mail-ie0-x22a.google.com [IPv6:2607:f8b0:4001:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 8733021E8195 for <perpass@ietf.org>; Mon, 14 Oct 2013 08:01:17 -0700 (PDT)
Received: by mail-ie0-f170.google.com with SMTP id x13so15532021ief.29 for <perpass@ietf.org>; Mon, 14 Oct 2013 08:01:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thc.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=PIpc8q0+oga2WJ494aa9RnC7TsANCE56tB7JxAcGydg=; b=NWZA1Ie9szUgw8sCAFJtcQrWQ0Nqi/NYKS58xApMWb6m8ltZZnR7y3c+JMoFHE/Z6i SonTwN3MIa+/dBR7nIbBNp91QVnRBr7f5IY5Wbbh3mQEW2hX0WrreogAwF1uvnLQCmE1 wVzKQeQ6Cq5JfiKOtAY99qLA9RkNBF/s7XIzM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=PIpc8q0+oga2WJ494aa9RnC7TsANCE56tB7JxAcGydg=; b=azXhQkLHSY97l6WntrC1oStR7FhG2nA3fmfTqGxzE8BmJWf+I03tuKHNXJsidsBRSl IodGkQsjr/hIFXiwE44u8QUEopMiwwoC/KrC04PdgPXFSjPXd6vjx/VCLNgv3lWlP2uE XS/sPrmhy44fLd6TioUMLprEQSidSPJ9jt1OdKNfIjAklfiS08nx5oE/MISJPJzy3XcE PhW3jui6z5jXK7eSz1aM9tZOoSpF/51MX2HX8moOgT8buF0mrBItu/MJ03xW3lIl5jec 4bjImsFKolm2sLt5swKxApucd3DTJxRkTsoB4C0r7Htn9JwqRTPXWRES7/D498yuGyGx j3LA==
X-Gm-Message-State: ALoCoQnKT0FEr6UEMzq5Zex7YWUQefZHywF44X9rsy+eGE4lQvSPteRN9x+mmVoTW83WJw+0NHta
MIME-Version: 1.0
X-Received: by 10.50.46.67 with SMTP id t3mr13225796igm.46.1381762876969; Mon, 14 Oct 2013 08:01:16 -0700 (PDT)
Received: by 10.64.231.100 with HTTP; Mon, 14 Oct 2013 08:01:16 -0700 (PDT)
X-Originating-IP: [86.157.5.209]
In-Reply-To: <525722C4.4020408@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com>
Date: Mon, 14 Oct 2013 16:01:16 +0100
Message-ID: <CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com>
From: Ralf Skyper Kaiser <skyper@thc.org>
To: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary=001a11347edc722c2b04e8b4bdf5
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 15:01:32 -0000

--001a11347edc722c2b04e8b4bdf5
Content-Type: text/plain; charset=ISO-8859-1

Hi,

I understand the goal of making life harder for state surveillance.

> However, I am not willing (personally) to incur any degraded user
> experience,
> premature cell phone battery depletion, etc in order to support this goal.
> I suspect, but cannot prove, that most users would express similar
> feelings.
>
>

I remember the same argument from the last decade when the Internet
transitioned from TELNET to SSH. Some people said SSH would cause to much
internet traffic and the servers could not handle the extra crypto.

Imagine today's internet with every admin still using TELNET.

Where are these admins now? Speak up please.

regards,

Ralf

--001a11347edc722c2b04e8b4bdf5
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi,<br><br>I understand the goal of making life harder for=
 state surveillance.<br><div class=3D"gmail_extra"><div class=3D"gmail_quot=
e"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left=
:1px #ccc solid;padding-left:1ex">

However, I am not willing (personally) to incur any degraded user experienc=
e,<br>
premature cell phone battery depletion, etc in order to support this goal.<=
br>
I suspect, but cannot prove, that most users would express similar feelings=
.<br>
<br></blockquote></div><br><br></div><div class=3D"gmail_extra">I remember =
the same argument from the last decade when the Internet transitioned from =
TELNET to SSH. Some people said SSH would cause to much internet traffic an=
d the servers could not handle the extra crypto.<br>
<br></div><div class=3D"gmail_extra">Imagine today&#39;s internet with ever=
y admin still using TELNET.<br></div><div class=3D"gmail_extra"><br></div><=
div class=3D"gmail_extra">Where are these admins now? Speak up please.<br><=
br>
regards,<br><br>Ralf<br><br></div><div class=3D"gmail_extra"><br></div></di=
v>

--001a11347edc722c2b04e8b4bdf5--

From avri@acm.org  Mon Oct 14 08:05:56 2013
Return-Path: <avri@acm.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8EC421E80C9 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 08:05:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.288
X-Spam-Level: 
X-Spam-Status: No, score=-110.288 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ZhApn4sofW7 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 08:05:51 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id 7071121E8082 for <perpass@ietf.org>; Mon, 14 Oct 2013 08:05:49 -0700 (PDT)
Received: from psg.com ([147.28.0.62] helo=[127.0.0.1]) by psg.com with esmtp (Exim 4.80.1 (FreeBSD)) (envelope-from <avri@acm.org>) id 1VVjiN-000Grk-VL for perpass@ietf.org; Mon, 14 Oct 2013 15:05:48 +0000
From: Avri Doria <avri@acm.org>
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: multipart/signed; boundary="Apple-Mail=_4CEDDC03-67F4-4E12-A375-7659C4248724"; protocol="application/pgp-signature"; micalg=pgp-sha1
Date: Mon, 14 Oct 2013 11:05:46 -0400
In-Reply-To: <525C031B.5030100@bbn.com>
To: perpass <perpass@ietf.org>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com>
Message-Id: <ABCBD3AB-BA00-4931-AB9D-F5B2B6CE3444@acm.org>
X-Mailer: Apple Mail (2.1283)
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 15:05:56 -0000

--Apple-Mail=_4CEDDC03-67F4-4E12-A375-7659C4248724
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii



> Since you alluded to "some MTU" above, the obvious question is what =
are examples of
> MTU mechanisms that you support?

I don't know.  But just as I beleive we sometimes decide some things are =
so critical to security that they must be used, I would like to see us =
leave open the discussion of whether there may, on occasion, be things =
that require this. =20

They may, for example, be protocol options in servers that unless used, =
prevent users from optionally using a privacy feature.  But I am not far =
enough down into the weeds on this issue to have an example at the =
moment.  I admit that in many occasions MTU is probably more of a policy =
decision than a technical one, but not always.

avri



On 14 Oct 2013, at 10:43, Stephen Kent wrote:

> Avri,
>> ...
>>=20
>> Yes, but in doing so, it should provide the ability for the =
individual users, whether companies or individuals, to mitigate their =
risks.  If technical standards do not include a mandatory option (MTI) =
of privacy protection they are making a political techno-decsion against =
privacy.  If the Internet cannot be used in a manner that enhances =
privacy, for those who value privacy, but only maximizes surveillance =
based security for those who value surveillance, then it looks to me =
like we are acting evangelically.
>>=20
>> We can only maintain the belief that our technology and protocols are =
neutral if they can be used by people of diverse socio-political views.
>>=20
>> So while I can see problems with MTU, I think genuine MTI (and =
perhaps some MTU) is needed for privacy enhancements at a level that =
matches the MTIs and MTUs for security.  I technical neutrality requires =
it.
> To first order, we're in agreement, i.e., MTI provides a reasonable =
basis for deploying privacy
> measures when users and service providers choose to make use of them. =
If we fail to provide
> MTI options, we deprive users and providers of the ability to engage =
in interoperable
> security/privacy measures.
>=20
> The question Stephen raised is whether that's enough. For me, the =
answer is yes, and going
> beyond MTI to MTU is pursuing an "evangelical" path that we ought to =
avoid.
>=20
> Since you alluded to "some MTU" above, the obvious question is what =
are examples of
> MTU mechanisms that you support?
>=20
> Steve
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>=20


--Apple-Mail=_4CEDDC03-67F4-4E12-A375-7659C4248724
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJSXAhKAAoJEOo+L8tCe36Ho0IH/0Ah2ZNdCvX8P47UaXYMZc+9
Zm5HjLf2LMRxJqIYX7Wh1JRyZlGW2QobfFTMQma/RHcR9pkfVW2RWbR8dR7gnXRu
unAZsSNfspF5eGrXZujTuNOqmxLtFjahNftbjz5nOkpdF2LswhqLkPGRSX85zUxW
xvP5DQTp5IxPWa+aiDjvh7U6nGRysi1/ZQZgNvLMTvNqlwcnCZ4pLSVdMf9WF5bm
//F3xWAgejbE9zsY6/VVN9SwHdZobqECsugHHz0GwT6OzTf2ginGSmEWYrGvsNqe
hLNgPH7WTTv+tBVLp4ZMjyoGxqJViS9S5Vd8fdDgHiCxhoIjpb5TU8otnu5iIY4=
=ys4l
-----END PGP SIGNATURE-----

--Apple-Mail=_4CEDDC03-67F4-4E12-A375-7659C4248724--

From kent@bbn.com  Mon Oct 14 08:21:23 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9563F11E8144 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 08:21:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.432
X-Spam-Level: 
X-Spam-Status: No, score=-106.432 tagged_above=-999 required=5 tests=[AWL=0.167, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3v0HiCeCthXW for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 08:21:17 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 4DEA611E813F for <perpass@ietf.org>; Mon, 14 Oct 2013 08:21:15 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:55032) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VVjxK-000Kk1-1D; Mon, 14 Oct 2013 11:21:14 -0400
Message-ID: <525C0BEA.7060007@bbn.com>
Date: Mon, 14 Oct 2013 11:21:14 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Bjoern Hoehrmann <derhoermi@gmx.net>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <9ttn59pa62se7foo2hf90gf38r8oalqqf4@hive.bjoern.hoehrmann.de>
In-Reply-To: <9ttn59pa62se7foo2hf90gf38r8oalqqf4@hive.bjoern.hoehrmann.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 15:21:23 -0000

Bjoern,
> * Stephen Kent wrote:
>> I understand the goal of making life harder for state surveillance.
>> However, I am not willing (personally) to incur any degraded user
>> experience,
>> premature cell phone battery depletion, etc in order to support this goal.
>> I suspect, but cannot prove, that most users would express similar feelings.
> We generally regard representative opinion polls conducted by reputable
> polling organisations as adequate proof for statements like that and it
> is reasonably inexpensive to commission them, so I think you can. The
> problem is of course how to structure the interview, how to phrase the
> questions, what kind of answers to offer, what information to provide
> upfront, and so on.
An opinion poll is not necessarily the best way to measure the
relative priority of individuals in matters like this. The behavior
of individuals may be a better measure. (Individuals may want to
say that they are in favor of X or against Y, but their behavior
may not be consistent with their response to a poll.
> I imagine, for instance, many people also do not want to incur degraded
> user experience due to state surveillance, like being unable to work
> jobs that require a security clearance or being put on a "no fly list"
> because some automated system detected too many ungood words in messages
> they sent or received; or losing their job because their employer went
> out of business after losing the corporate espionage game with a foreign
> power.
> I suspect, if you asked people whether they are willing to give up, say,
> 10% battery life, or pay 10% more for their batteries, and be protected
> against such threats, most would take the deal. In contrast, if you tell
> the story from the other side, get 10% more battery and better chances
> to stay in business because some NSA guys owe the CEO a favour, well, I
> suspect that also sounds appealing to many.
Yes, depending on how one asks the questions, contradictory responses
may be elicited.

Steve

From rutkowski.tony@gmail.com  Mon Oct 14 08:35:47 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30AF111E81A5 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 08:35:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MYiLM-NGpy9D for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 08:35:45 -0700 (PDT)
Received: from mail-qa0-x22f.google.com (mail-qa0-x22f.google.com [IPv6:2607:f8b0:400d:c00::22f]) by ietfa.amsl.com (Postfix) with ESMTP id DA9AC11E81A2 for <perpass@ietf.org>; Mon, 14 Oct 2013 08:35:44 -0700 (PDT)
Received: by mail-qa0-f47.google.com with SMTP id k15so2319838qaq.6 for <perpass@ietf.org>; Mon, 14 Oct 2013 08:35:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=LpQJSkF5872O04ILlO7/YCFVpODuVxjP0F3JbqWjJiU=; b=SAJM6tn2+rGFisDbj388HFJ5hvC7h74wDUSiLNRO+FhELqBTbtbb8Y/TeJQciOErID a2WfyAAO5G44zQru3dMnYtynEesYyje2lNlqNcjibVxEeDsmfgJ9qcFmMnyNElDor9E4 SERMOZXxKXFVT9+J2dMglmYaYQk/edsPeKEK8ycvkaQufDLar8Dnr0JW7ITTHZAvUx34 ZPtTHJd6t/10qg9MLRi+ZhWxoMUVfEx22J/QBNFR4+pmRHza+Oennl/Q9gId6hDqqTKu qxdXSsvAsHI4e+H7qog2D+x/yJ2YP8HoafsgvB3LiPgHBBO9L0C0qZArtGl+l+ztSZ0a 1FiQ==
X-Received: by 10.224.171.196 with SMTP id i4mr23066464qaz.38.1381764944162; Mon, 14 Oct 2013 08:35:44 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id b10sm33176249qeg.7.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 14 Oct 2013 08:35:43 -0700 (PDT)
Message-ID: <525C0F4F.8050406@gmail.com>
Date: Mon, 14 Oct 2013 11:35:43 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>,  Alissa Cooper <acooper@cdt.org>, Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com> <525BEAF4.5090802@cs.tcd.ie> <525BF0C2.8010201@gmail.com> <525BF51C.6090901@cs.tcd.ie>
In-Reply-To: <525BF51C.6090901@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 15:35:47 -0000

Steve,

Brian's draft defines "pervasive surveillance" as
> the practice of
> surveillance at widespread observation points, without any
> modification of network traffic, and without any particular
> surveillance target in mind.
There are a couple of obvious deficiencies here..

As a starter, the definition is self-contradictory.
The first sentence in the introduction uses RFC6973's
definition of surveillance with is aimed at an individual
and concatenates it with "pervasive" to come up with
something that says there "is no particular surveillance
target in  mind."  Which is it?  You cannot logically
concatenate the two notions together.

You also don't deal with timeframes.  Most Big Data
implementations for all kinds of purposes, acquire
observations and sort out the metadata.  That's how
particular particular targets (e.g., purveyors of cheap
nuclear devices) are found, and it's mandated by law
under the E.U. Data Retention Directive.

Additionally, all this is context dependent as there all
kinds of bases for exactly this kind of activity that are
operational, commercial, and legal.  It would also be
interesting to see a definition of "network."  Radio
networks have been subject to constant monitoring
for many decades.  Fast forwarding to SDNs and Cloud
Computing services, renders most of these this efforts
irrelevant.

Then after proffering a definition, the religious statement
appears: "we presume a priori that communications systems
should aim to provide appropriate privacy guarantees to
their users, and that such pervasive surveillance is therefore
a bad thing."  "Presume a priori?"  There are innumerable
contexts where privacy - which is itself a socio-political-
legal abstraction - is not relevant or applicable.

Similarly, the "perfect passive adversary" definition is a
self-contradiction.  If the observer is taking no action,
there is no threat by definition.

> We explicitly assume the PPA does not have the ability to compromise
> trusted systems at either the initiator or a recipient of a
> communication.
Give me a break.  Here again, an assertion is made that
is simply not credible.  Essentially all systems are
capable of compromise - either technically, lawfully,
or through insider threats (which is generally regarded
as the greatest threat).

If you want to analyze any of this within the context of
substantive ongoing work, you should consider applying
the STIX threat analysis/exchange model.

This kind of work tends to turn the IETF into a script
writing exercise for the third season of VEEP.

--tony

On 10/14/2013 9:43 AM, Stephen Farrell wrote:
> Personally, I entirely disagree. It is true that we
> don't have a worked out threat model for this yet,
> but Brian's draft is a start on which I hope we'll
> build so that protocol designers, implementers and
> those deploying networks and services will have a
> useful threat model to use when doing their work.


From stephen.farrell@cs.tcd.ie  Mon Oct 14 09:29:13 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D8BA21E80E0 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 09:29:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.58
X-Spam-Level: 
X-Spam-Status: No, score=-102.58 tagged_above=-999 required=5 tests=[AWL=0.019, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xfNh2IdsUF21 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 09:29:08 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 484F321E8064 for <perpass@ietf.org>; Mon, 14 Oct 2013 09:29:05 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 97E1DBE39; Mon, 14 Oct 2013 17:29:04 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5m3CdcIv0Hbd; Mon, 14 Oct 2013 17:29:04 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 61093BDCA; Mon, 14 Oct 2013 17:29:04 +0100 (IST)
Message-ID: <525C1BD0.1060705@cs.tcd.ie>
Date: Mon, 14 Oct 2013 17:29:04 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: rutkowski.tony@gmail.com
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com> <525BEAF4.5090802@cs.tcd.ie> <525BF0C2.8010201@gmail.com> <525BF51C.6090901@cs.tcd.ie> <525C0F4F.8050406@gmail.com>
In-Reply-To: <525C0F4F.8050406@gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: [perpass] threat model draft (was: Re: mandatory-to-implement vs. more?)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 16:29:13 -0000

Hi Tony,

(Subject lines are cheap and helpful, let's try use
'em a bit better please.)

On 10/14/2013 04:35 PM, Tony Rutkowski wrote:
> Steve,
> 
> Brian's draft defines "pervasive surveillance" as
>> the practice of
>> surveillance at widespread observation points, without any
>> modification of network traffic, and without any particular
>> surveillance target in mind.
> There are a couple of obvious deficiencies here..
> 
> As a starter, the definition is self-contradictory.
> The first sentence in the introduction uses RFC6973's
> definition of surveillance with is aimed at an individual
> and concatenates it with "pervasive" to come up with
> something that says there "is no particular surveillance
> target in  mind."  Which is it?  You cannot logically
> concatenate the two notions together.

I don't see the contradiction. I'm sure wordsmithing will
be needed of course, and we'll want a better definition
of pervasive monitoring for sure. (See earlier comments
on the draft in the list archive.)

> You 

s/You/the draft/ I guess.

> also don't deal with timeframes.  Most Big Data
> implementations for all kinds of purposes, acquire
> observations and sort out the metadata.  That's how
> particular particular targets (e.g., purveyors of cheap
> nuclear devices) are found, and it's mandated by law
> under the E.U. Data Retention Directive.

Timeframes are an interesting aspect to consider, I agree.

> Additionally, all this is context dependent as there all
> kinds of bases for exactly this kind of activity that are
> operational, commercial, and legal.  It would also be
> interesting to see a definition of "network."  Radio
> networks have been subject to constant monitoring
> for many decades.  Fast forwarding to SDNs and Cloud
> Computing services, renders most of these this efforts
> irrelevant.

Huh? I don't get what you mean.

> Then after proffering a definition, the religious statement
> appears: "we presume a priori that communications systems
> should aim to provide appropriate privacy guarantees to
> their users, and that such pervasive surveillance is therefore
> a bad thing."  "Presume a priori?"  

Yep. For this draft, such an a-priori assumption is ok
I think - the point is so that when its done (and its a
-00) it'll be useful for protocol designers who need to
consider this threat model.

So its not at all "religious" here (and incidentally,
I figure such terms are purely pejorative, and not
generally helpful).

> There are innumerable
> contexts where privacy - which is itself a socio-political-
> legal abstraction - is not relevant or applicable.

Can you enumerate some real cases where someone might
be designing an Internet protocol and where privacy
is irrelevant or not applicable?

That kind of scoping could be useful, if such cases
exist.

> Similarly, the "perfect passive adversary" definition is a
> self-contradiction.  If the observer is taking no action,
> there is no threat by definition.
> 
>> We explicitly assume the PPA does not have the ability to compromise
>> trusted systems at either the initiator or a recipient of a
>> communication.
> Give me a break.  

Ok, take a break:-)

> Here again, an assertion is made that
> is simply not credible.  Essentially all systems are
> capable of compromise - either technically, lawfully,
> or through insider threats (which is generally regarded
> as the greatest threat).

As it happens I also commented on the definitions, and I
agree they do need work - that's what'll happen as the
draft progresses.

> If you want to analyze any of this within the context of
> substantive ongoing work, you should consider applying
> the STIX threat analysis/exchange model.

Do you mean this? [1]

S.

[1] http://stix.mitre.org/

> 
> This kind of work tends to turn the IETF into a script
> writing exercise for the third season of VEEP.
> 
> --tony
> 
> On 10/14/2013 9:43 AM, Stephen Farrell wrote:
>> Personally, I entirely disagree. It is true that we
>> don't have a worked out threat model for this yet,
>> but Brian's draft is a start on which I hope we'll
>> build so that protocol designers, implementers and
>> those deploying networks and services will have a
>> useful threat model to use when doing their work.
> 
> 
> 

From stephen.farrell@cs.tcd.ie  Mon Oct 14 09:49:40 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B42C21E80D0 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 09:49:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.582
X-Spam-Level: 
X-Spam-Status: No, score=-102.582 tagged_above=-999 required=5 tests=[AWL=0.017, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-FbeQoWJydb for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 09:49:35 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id CE57321F9FB5 for <perpass@ietf.org>; Mon, 14 Oct 2013 09:49:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5CB85BE39; Mon, 14 Oct 2013 17:49:30 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VjXDvNCHltUs; Mon, 14 Oct 2013 17:49:30 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 36024BE35; Mon, 14 Oct 2013 17:49:30 +0100 (IST)
Message-ID: <525C2099.6010307@cs.tcd.ie>
Date: Mon, 14 Oct 2013 17:49:29 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>, Avri Doria <avri@acm.org>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com>
In-Reply-To: <525C031B.5030100@bbn.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 16:49:40 -0000

On 10/14/2013 03:43 PM, Stephen Kent wrote:
> Avri,
>> ...
...
>> So while I can see problems with MTU, I think genuine MTI (and perhaps
>> some MTU) is needed for privacy enhancements at a level that matches
>> the MTIs and MTUs for security.  I technical neutrality requires it.
> To first order, we're in agreement, i.e., MTI provides a reasonable
> basis for deploying privacy
> measures when users and service providers choose to make use of them. If
> we fail to provide
> MTI options, we deprive users and providers of the ability to engage in
> interoperable
> security/privacy measures.
> 
> The question Stephen raised is whether that's enough. For me, the answer
> is yes, and going
> beyond MTI to MTU is pursuing an "evangelical" path that we ought to avoid.

That's not an unreasonable answer. However, we do have to
face the fact that a lot of times MTI stuff is just not
used when you and I would probably argue that it really
ought be used. It also not unreasonable to say that doing
more-than-MTI won't fix that, but that's what I'd like
to explore here.

> Since you alluded to "some MTU" above, the obvious question is what are
> examples of
> MTU mechanisms that you support?

Good question. Without saying I "support" it, rtcweb does
mandate more than MTI for e.g. DTLS-SRTP - the current
draft [1] says it MUST be offered as the default. I think
I'd maybe "support" it more if I understood better what
kind of key management  will be behind that, which I don't
yet, but its a data point for what a lot of folks think
will be an important protocol that does take a more-than-MTI
approach.

Maybe someone who knows more about that can explain the
reasoning behind that decision and whether they think it
could or should be generalised?

Other examples could be good too, esp if they're actually
used and not just RFC 6919 text;-)

S.

[1]
http://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-07#section-5.5

> 
> Steve
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From derhoermi@gmx.net  Mon Oct 14 10:04:05 2013
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BECF21E818C for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 10:04:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kCJgwuvOCF7t for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 10:04:00 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by ietfa.amsl.com (Postfix) with ESMTP id 8FEC321E808D for <perpass@ietf.org>; Mon, 14 Oct 2013 10:04:00 -0700 (PDT)
Received: from netb.Speedport_W_700V ([84.180.228.86]) by mail.gmx.com (mrgmx101) with ESMTPA (Nemesis) id 0LorB9-1VzLfy3mGJ-00gt1K for <perpass@ietf.org>; Mon, 14 Oct 2013 19:03:59 +0200
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: rutkowski.tony@gmail.com
Date: Mon, 14 Oct 2013 19:04:01 +0200
Message-ID: <pa8o59d4s0vbssn22k7suffqca1ajjee8l@hive.bjoern.hoehrmann.de>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com> <525BEAF4.5090802@cs.tcd.ie> <525BF0C2.8010201@gmail.com> <525BF51C.6090901@cs.tcd.ie> <525C0F4F.8050406@gmail.com>
In-Reply-To: <525C0F4F.8050406@gmail.com>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:OQ60Ak41eLEriIMwqW8At1sa6N9AJQLrkTBeBZEKqY4F78rSJ3x LEbputSblcntR4eIbU6yYB4LZpS1bXbRhC+lCtasG9SeeHywY9WBHM2QFivumlX6cjnhyi6 CVZ4c3KPy0TjHk4zERdOnovwD6jFZUK+BpAMgVmZfXAcpOiXit/sTwEu6XAjBfPreUFVDYB dNk8Qtl3ZIWpqxUmu5BZw==
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 17:04:05 -0000

* Tony Rutkowski wrote:
>As a starter, the definition is self-contradictory.
>The first sentence in the introduction uses RFC6973's
>definition of surveillance with is aimed at an individual
>and concatenates it with "pervasive" to come up with
>something that says there "is no particular surveillance
>target in  mind."  Which is it?  You cannot logically
>concatenate the two notions together.

You can resolve this by taking it as meaning everyone is a target, or
simply accept that this is a common and easily understood construction
just like we might talk of a "dry lake" even though we normally under-
stand a lake to be a water body.

>Similarly, the "perfect passive adversary" definition is a
>self-contradiction.  If the observer is taking no action,
>there is no threat by definition.

It seems to me the "passive" here is jargon and meant with respect to
"the bits on the wire". An "active" attacker would manipulate bits on
the wire, while a "passive" one does not; that does not stop them from
taking other actions than manipulating the bits on the wire. Also, it
should be clear that observation is an action and a threat by itself.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

From kent@bbn.com  Mon Oct 14 10:39:32 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79FF321F8E1F for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 10:39:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.442
X-Spam-Level: 
X-Spam-Status: No, score=-106.442 tagged_above=-999 required=5 tests=[AWL=0.157, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xxsalGCyGZ0R for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 10:39:27 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id CBCC221E8192 for <perpass@ietf.org>; Mon, 14 Oct 2013 10:39:26 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:55195) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VVm6u-000NGR-0h; Mon, 14 Oct 2013 13:39:16 -0400
Message-ID: <525C2C44.2070404@bbn.com>
Date: Mon, 14 Oct 2013 13:39:16 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie>
In-Reply-To: <525C2099.6010307@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, Avri Doria <avri@acm.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 17:39:32 -0000

Stephen,
...
> That's not an unreasonable answer. However, we do have to
> face the fact that a lot of times MTI stuff is just not
> used when you and I would probably argue that it really
> ought be used. It also not unreasonable to say that doing
> more-than-MTI won't fix that, but that's what I'd like
> to explore here.
This may be where we have a significant disagreement. I am comfortable
developing security/privacy mechanisms that users and providers may
choose to employ, because compliant implementations will make it 
available in an
interoperable fashion. Insisting that a set of such mechanisms be employed,
seems beyond our remit.
> Good question. Without saying I "support" it, rtcweb does mandate more 
> than MTI for e.g. DTLS-SRTP - the current draft [1] says it MUST be 
> offered as the default. I think I'd maybe "support" it more if I 
> understood better what kind of key management will be behind that, 
> which I don't yet, but its a data point for what a lot of folks think 
> will be an important protocol that does take a more-than-MTI approach. 
> Maybe someone who knows more about that can explain the reasoning 
> behind that decision and whether they think it could or should be 
> generalised? Other examples could be good too, esp if they're actually 
> used and not just RFC 6919 text;-) S. [1] 
> http://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-07#section-5.5

6919's "MUST (but we know you won't) was motivated by security MUSTs in 
a wide range of
docs. the RTCWEB doc isn't an RFC yet, so we'll have to see what 
happens.  Also, this is
an arch doc. As the author of 4301, the IPsec arch doc, I can attest 
that very, very few
implementation are compliant with all of it's MUSTs. Implementors tend 
to focus more on
bits on the wire than on other protocol "features"

Steve

From joelja@bogus.com  Mon Oct 14 10:42:29 2013
Return-Path: <joelja@bogus.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7211511E8145 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 10:42:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fdxqpQvnF3ps for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 10:42:29 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id ED4EF11E8137 for <perpass@ietf.org>; Mon, 14 Oct 2013 10:42:28 -0700 (PDT)
Received: from mb-aye.corp.zynga.com ([199.48.105.4]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id r9EHg5Vu013476 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 14 Oct 2013 17:42:06 GMT (envelope-from joelja@bogus.com)
Content-Type: multipart/signed; boundary="Apple-Mail=_B005FF4A-9F7F-405D-AADD-76507CADB679"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: joel jaeggli <joelja@bogus.com>
In-Reply-To: <CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com>
Date: Mon, 14 Oct 2013 10:42:01 -0700
Message-Id: <02DDDAE5-6016-4793-9142-8B1CD73475A3@bogus.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com>
To: Ralf Skyper Kaiser <skyper@thc.org>
X-Mailer: Apple Mail (2.1510)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [147.28.0.81]); Mon, 14 Oct 2013 17:42:06 +0000 (UTC)
Cc: perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 17:42:29 -0000

--Apple-Mail=_B005FF4A-9F7F-405D-AADD-76507CADB679
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252


On Oct 14, 2013, at 8:01 AM, Ralf Skyper Kaiser <skyper@thc.org> wrote:

> Hi,
>=20
> I understand the goal of making life harder for state surveillance.
> However, I am not willing (personally) to incur any degraded user =
experience,
> premature cell phone battery depletion, etc in order to support this =
goal.
> I suspect, but cannot prove, that most users would express similar =
feelings.

the browser/CA transition from 1024 to 2048 bit certs is ongoing albiet =
done soon. That's a cost that everyone is paying for whether they know =
it or not=85 We therefore have an internet scale existence proof.

>=20
>=20
> I remember the same argument from the last decade when the Internet =
transitioned from TELNET to SSH. Some people said SSH would cause to =
much internet traffic and the servers could not handle the extra crypto.
>=20
> Imagine today's internet with every admin still using TELNET.
>=20
> Where are these admins now? Speak up please.
>=20
> regards,
>=20
> Ralf
>=20
>=20
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass


--Apple-Mail=_B005FF4A-9F7F-405D-AADD-76507CADB679
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlJcLOkACgkQ8AA1q7Z/VrLbgACePSC0fxy7SrslM5c4IW3DxnKZ
Lt0AmwWkQ2ZWOGmxW+aXsoeNN8u/5Aci
=0us1
-----END PGP SIGNATURE-----

--Apple-Mail=_B005FF4A-9F7F-405D-AADD-76507CADB679--

From kent@bbn.com  Mon Oct 14 10:50:46 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3523021F93B9 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 10:50:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.45
X-Spam-Level: 
X-Spam-Status: No, score=-106.45 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4LS7hwt2TjhW for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 10:50:40 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id ED47221E80F2 for <perpass@ietf.org>; Mon, 14 Oct 2013 10:50:36 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:55315) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VVmHr-000LFl-QF; Mon, 14 Oct 2013 13:50:35 -0400
Message-ID: <525C2EEC.9090707@bbn.com>
Date: Mon, 14 Oct 2013 13:50:36 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Ralf Skyper Kaiser <skyper@thc.org>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525C009D.50402@bbn.com> <CA+BZK2posNKLY5hOBzz2Fe9fDfhKuo-13F9gbjbnm7BNt862KQ@mail.gmail.com>
In-Reply-To: <CA+BZK2posNKLY5hOBzz2Fe9fDfhKuo-13F9gbjbnm7BNt862KQ@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 17:50:46 -0000

Ralf,
> Stephen,
>
> "The state has a  responsibility to provide for the security of its 
> citizens. To the extent that surveillance supports
> this goal, it is potentially justified, irrespective of whether every 
> citizen agrees with the  methods."
>
> If this is the case why dont we hand a copy of our house key to the 
> police? This way the police can come around every evening and check 
> what we are up to.
An exaggerated, poor analogy, but I suspect you know that.
> Why not cameras on toilets as well?
maintenance issues?
> Because mass surveillance (for good and bad) scares the Internet user. 
> It makes it less attractive to use the Internet. It restricts the 
> Internet. It violates the Universal Declaration of Human Rights (to 
> which your country is a signatory as well).
As Stephen noted, Internet standards are used throughout the world, so 
whether a given country is
a signatory to the UDHR seems irrelevant.

If most users feel that security and privacy are high priorities, why do 
so many users download
free apps that monitor aspects of mobile phone use and direct ads 
accordingly? My position, in
part, is that people behave in a fashion that suggests that personal 
privacy is not a very
high priority when it comes to use of the Internet.
> It is not the targeted surveillance but the unregulated mass 
> surveillance that is the problem.
>
> The current IETF standards do not protect against mass surveillance 
> sufficiently.
On what objective basis can one say that, i.e., who gets to decide what 
is "sufficient?"

Steve



From kent@bbn.com  Mon Oct 14 10:51:44 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED27E11E8145 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 10:51:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.457
X-Spam-Level: 
X-Spam-Status: No, score=-106.457 tagged_above=-999 required=5 tests=[AWL=0.141, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4a0JtZBjRsJq for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 10:51:23 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 4C26A21E80F2 for <perpass@ietf.org>; Mon, 14 Oct 2013 10:51:19 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:55316) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VVmIY-000LG0-Oh for perpass@ietf.org; Mon, 14 Oct 2013 13:51:18 -0400
Message-ID: <525C2F17.1090504@bbn.com>
Date: Mon, 14 Oct 2013 13:51:19 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: perpass@ietf.org
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com>
In-Reply-To: <CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------000408020909050405020202"
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 17:51:44 -0000

This is a multi-part message in MIME format.
--------------000408020909050405020202
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Ralf,

I don't recall such comments. perhaps we travel in different circles.

Which IETF meetings have you attended over the past 20 years?

Steve
> Hi,
>
> I understand the goal of making life harder for state surveillance.
>
>     However, I am not willing (personally) to incur any degraded user
>     experience,
>     premature cell phone battery depletion, etc in order to support
>     this goal.
>     I suspect, but cannot prove, that most users would express similar
>     feelings.
>
>
>
> I remember the same argument from the last decade when the Internet 
> transitioned from TELNET to SSH. Some people said SSH would cause to 
> much internet traffic and the servers could not handle the extra crypto.
>
> Imagine today's internet with every admin still using TELNET.
>
> Where are these admins now? Speak up please.
>
> regards,
>
> Ralf
>
>
>
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass


--------------000408020909050405020202
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Ralf,<br>
    <br>
    I don't recall such comments. perhaps we travel in different
    circles.<br>
    <br>
    Which IETF meetings have you attended over the past 20 years?<br>
    <br>
    Steve<br>
    <blockquote
cite="mid:CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com"
      type="cite">
      <div dir="ltr">Hi,<br>
        <br>
        I understand the goal of making life harder for state
        surveillance.<br>
        <div class="gmail_extra">
          <div class="gmail_quote">
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              However, I am not willing (personally) to incur any
              degraded user experience,<br>
              premature cell phone battery depletion, etc in order to
              support this goal.<br>
              I suspect, but cannot prove, that most users would express
              similar feelings.<br>
              <br>
            </blockquote>
          </div>
          <br>
          <br>
        </div>
        <div class="gmail_extra">I remember the same argument from the
          last decade when the Internet transitioned from TELNET to SSH.
          Some people said SSH would cause to much internet traffic and
          the servers could not handle the extra crypto.<br>
          <br>
        </div>
        <div class="gmail_extra">Imagine today's internet with every
          admin still using TELNET.<br>
        </div>
        <div class="gmail_extra"><br>
        </div>
        <div class="gmail_extra">Where are these admins now? Speak up
          please.<br>
          <br>
          regards,<br>
          <br>
          Ralf<br>
          <br>
        </div>
        <div class="gmail_extra"><br>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
perpass mailing list
<a class="moz-txt-link-abbreviated" href="mailto:perpass@ietf.org">perpass@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/perpass">https://www.ietf.org/mailman/listinfo/perpass</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------000408020909050405020202--

From trammell@tik.ee.ethz.ch  Mon Oct 14 10:57:26 2013
Return-Path: <trammell@tik.ee.ethz.ch>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 456FC11E8151 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 10:57:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level: 
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[AWL=0.300,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IfDendGNKuUN for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 10:57:19 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) by ietfa.amsl.com (Postfix) with ESMTP id 9BBCC21E81A3 for <perpass@ietf.org>; Mon, 14 Oct 2013 10:57:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id 8BDFFD9307; Mon, 14 Oct 2013 19:57:15 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id OKggDDnoKJcD; Mon, 14 Oct 2013 19:57:15 +0200 (MEST)
Received: from [10.0.27.100] (cust-integra-122-165.antanet.ch [80.75.122.165]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: briant) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id 1390BD9304; Mon, 14 Oct 2013 19:57:15 +0200 (MEST)
Content-Type: multipart/signed; boundary="Apple-Mail=_5D249842-21E7-48A7-8287-1B8E5E376744"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Brian Trammell <trammell@tik.ee.ethz.ch>
In-Reply-To: <525C1BD0.1060705@cs.tcd.ie>
Date: Mon, 14 Oct 2013 19:57:13 +0200
Message-Id: <595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com> <525BEAF4.5090802@cs.tcd.ie> <525BF0C2.8010201@gmail.com> <525BF51C.6090901@cs.tcd.ie> <525C0F4F.8050406@gmail.com> <525C1BD0.1060705@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1510)
Cc: perpass <perpass@ietf.org>, rutkowski.tony@gmail.com
Subject: Re: [perpass] threat model draft (was: Re: mandatory-to-implement vs. more?)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 17:57:26 -0000

--Apple-Mail=_5D249842-21E7-48A7-8287-1B8E5E376744
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1

hi Stephen, Tony,

a few further points inline...

On Oct 14, 2013, at 6:29 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> =
wrote:

>=20
> Hi Tony,
>=20
> (Subject lines are cheap and helpful, let's try use
> 'em a bit better please.)
>=20
> On 10/14/2013 04:35 PM, Tony Rutkowski wrote:
>> Steve,
>>=20
>> Brian's draft defines "pervasive surveillance" as
>>> the practice of
>>> surveillance at widespread observation points, without any
>>> modification of network traffic, and without any particular
>>> surveillance target in mind.
>> There are a couple of obvious deficiencies here..
>>=20
>> As a starter, the definition is self-contradictory.
>> The first sentence in the introduction uses RFC6973's
>> definition of surveillance with is aimed at an individual
>> and concatenates it with "pervasive" to come up with
>> something that says there "is no particular surveillance
>> target in  mind."  Which is it?  You cannot logically
>> concatenate the two notions together.
>=20
> I don't see the contradiction. I'm sure wordsmithing will
> be needed of course, and we'll want a better definition
> of pervasive monitoring for sure. (See earlier comments
> on the draft in the list archive.)

Although I don't represent the clarity or quality of the draft as =
anything other than -00, I also don't understand what's not clear here.

For those who don't have 6973 open in front of them:

"Surveillance is the observation or monitoring of an individual's =
communications or activities... [and] can be conducted by observers or =
eavesdroppers at any point along the communications path."

The argument is that this definition is deficient, in that it presumes =
an individual target. The whole conceptual framework of surveillance as =
an activity presumes a target. Legal surveillance requires one in order =
to get the necessary documents signed by the necessary oversight =
authority. Illegal surveillance generally has one in mind because it's =
cheaper that way.

(One could make a case that there are indiscriminate attacks by criminal =
networks, e.g. skimming keystrokes from compromised machines to search =
for credit-card numbers... while these are untargeted with respect to =
individual, they're also not really surveillance per 6973, in that it's =
specific types of data that's the goal of the eavesdropping, not the =
communication or the activity in general.)

"Pervasive surveillance" (to mangle the 6973 defintion) is "the =
observation or monitoring of all individuals' communications or =
activities." Removing the concept of targeting (even if targeting is =
done after the fact) changes the character of the activity, both in =
terms of its impact on the monitored individual(s) (and -- at the risk =
of getting too far from the engineering -- its impact on the civil =
society of which the monitored individuals are presumed to be members) =
and in terms of how the impact it has on protocol design. Specifically, =
in targetless surveillance, attempts not to become a target are =
meaningless. (Which goes back to someone's... I think it was Yoav's... =
stated desire to increase the cost of pervasive surveillance to the =
point that he dropped out of the target set, which captures nicely the =
level of sensitivity we have to infinite versus finite target sets.)

>> You=20
>=20
> s/You/the draft/ I guess.
>=20
>> also don't deal with timeframes.  Most Big Data
>> implementations for all kinds of purposes, acquire
>> observations and sort out the metadata.  That's how
>> particular particular targets (e.g., purveyors of cheap
>> nuclear devices) are found, and it's mandated by law
>> under the E.U. Data Retention Directive.
>=20
> Timeframes are an interesting aspect to consider, I agree.

+1. I think we should assume they are for all intents and purposes =
infinite.

>> Additionally, all this is context dependent as there all
>> kinds of bases for exactly this kind of activity that are
>> operational, commercial, and legal.  It would also be
>> interesting to see a definition of "network."  Radio
>> networks have been subject to constant monitoring
>> for many decades.  Fast forwarding to SDNs and Cloud
>> Computing services, renders most of these this efforts
>> irrelevant.
>=20
> Huh? I don't get what you mean.

I'm also confused, but I'm going to take a guess.

If by "cloud computing" you mean that protocols are being replaced by =
services, then yes, this is a problem. Nothing we can do on the network =
can protect against "PRISM"-class surveillance activities, by which I =
mean at least one endpoint of the communication (in this case, your =
email provider) cooperates with the observer. One could advocate the use =
of messaging protocols with end-to-end encryption of everything, as =
discussed in another thread on this list I've had to only halfway =
follow, as a workaround here. But then you'd have to come up with =
another business model to pay for email than the one we've arrived at to =
date.

>=20
>> Then after proffering a definition, the religious statement
>> appears: "we presume a priori that communications systems
>> should aim to provide appropriate privacy guarantees to
>> their users, and that such pervasive surveillance is therefore
>> a bad thing."  "Presume a priori?" =20
>=20
> Yep. For this draft, such an a-priori assumption is ok
> I think - the point is so that when its done (and its a
> -00) it'll be useful for protocol designers who need to
> consider this threat model.

The "limiting assumptions" of the threat model need, I think, to be more =
explicitly stated as such.

> So its not at all "religious" here (and incidentally,
> I figure such terms are purely pejorative, and not
> generally helpful).
>=20
>> There are innumerable
>> contexts where privacy - which is itself a socio-political-
>> legal abstraction - is not relevant or applicable.
>=20
> Can you enumerate some real cases where someone might
> be designing an Internet protocol and where privacy
> is irrelevant or not applicable?
>=20
> That kind of scoping could be useful, if such cases
> exist.
>=20
>> Similarly, the "perfect passive adversary" definition is a
>> self-contradiction.  If the observer is taking no action,
>> there is no threat by definition.

As Bj=F6rn pointed out, "passive" here is measurement jargon, opposed to =
"active": a passive adversary acts only as an observer, and cannot =
modify any traffic along the path. All they can to is observe. The =
question is: given that, what can they know? An observer that wanted to =
do much more and was positioned to do so could, of course -- there's a =
tradeoff here in terms of risk of detection of the observer.

(As an aside, I'll note that "perfect passive adversary" collides with a =
related-enough-to-be-dangerous term in the anonymity literature, such =
that it will be renamed in a future revision.)

>>> We explicitly assume the PPA does not have the ability to compromise
>>> trusted systems at either the initiator or a recipient of a
>>> communication.
>> Give me a break. =20
>=20
> Ok, take a break:-)
>=20
>> Here again, an assertion is made that
>> is simply not credible.  Essentially all systems are
>> capable of compromise - either technically, lawfully,
>> or through insider threats (which is generally regarded
>> as the greatest threat).
>=20
> As it happens I also commented on the definitions, and I
> agree they do need work - that's what'll happen as the
> draft progresses.

And this is another limiting assumption. We are explicitly not treating =
these compromises _in this threat model_. Why? First, because if the =
observer owns your terminal or the terminal at the other endpoint, there =
is nothing you can do as a protocol designer. The game is over. What to =
do in that case is best handled at layer 9. We also make the explicit =
assumption that crypto works as advertised. That's also a risky =
assumption. Why do we make it? Because it's best treated somewhere else =
(and by someone else -- I learned years ago, when I was young and didn't =
know any better, with a home-spun Blowfish implementation, that I'm no =
cryptographer).

Best regards,

Brian

--Apple-Mail=_5D249842-21E7-48A7-8287-1B8E5E376744
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJSXDB5AAoJENt3nsOmbNJcib8IALcaXrrz9S5i7SuBrYhUHS7H
FvLgQa3CP9W10zUF4NSYj32elcjYPHr1Oa/SG+yz86lCyf4DMRUM27qb5+qA3XdA
M6y+tNGJH4gFV9sdL/eivJktbvc3uHff3IYeB9iS9BjHehTac7lLEtHSVnAliLfd
EnCM/SI15RmJu/DLj4FBn0O65KQXs8XwsWQ93MVb5mNnd76F0f5YzXGmhaHILgmU
LDQnHdE/QIjZOlm2iHIMp1fmz+wYzEkRO1XMNT1msCpt7Mztof7kJ/XfIC3CVOD7
xpK4Xp706yfUJN8z/cwKUL/DShZrB9m1tD8JHQDkLLbxXRD/boYWPHfCSfIJWe8=
=K4hX
-----END PGP SIGNATURE-----

--Apple-Mail=_5D249842-21E7-48A7-8287-1B8E5E376744--

From skyper@thc.org  Mon Oct 14 11:30:43 2013
Return-Path: <skyper@thc.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C362021E80B3 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 11:30:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.357
X-Spam-Level: *
X-Spam-Status: No, score=1.357 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VRlNozrXhcXs for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 11:30:39 -0700 (PDT)
Received: from mail-ie0-x22e.google.com (mail-ie0-x22e.google.com [IPv6:2607:f8b0:4001:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 93E8D21F936F for <perpass@ietf.org>; Mon, 14 Oct 2013 11:30:39 -0700 (PDT)
Received: by mail-ie0-f174.google.com with SMTP id qd12so8569951ieb.33 for <perpass@ietf.org>; Mon, 14 Oct 2013 11:30:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thc.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=jRgvDTvYBUM+JlgElmEkdKdLbFdN++SK9t0GVuJLqW0=; b=DKWJRiNjhGDlNBWI9RutjGOuv5gPVgBcENc2Xs+3dvr5RkbO90dYgLzObmNwgqMXKW rYMvw1Wt27elhD96ozdZNPbxsSuoUuFCTTRb5W3YDCfBHnGy1KHRR1nACp81+fPxN2p6 GPebfdWh7oHpoOO72s2TMzleY4zR5LaZYx9ek=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=jRgvDTvYBUM+JlgElmEkdKdLbFdN++SK9t0GVuJLqW0=; b=SaO3ZXimb2mkpCjIGC5D9laEvijABMvoEOUX75cr+IcDI37eMPKfQn4BYqzc29f8AA flpUgbPrEnzTzQIKYkqaSCvji9Oxj4+ZXjuN3MPcZcYNU8In1U3lYDZp5FFq+uy2FP7B jNgOVC7Kg4NyyLv36JH6eORIlWA5HsjBNzKql2bwKFDxsoV0FVjYTp1gVJGUF9R+U+to 47y6g4ucJxzOY9Z66OkakD0AV48UjMXE4MnQwVv0SBVYHRsyHClMaJBiKpaaEK+atwkQ u9PJssd2ljgKNaMKrEqyPGdNlAwmgnaQtIGiTdkOJF00FFs6l0jlIu76eOOs1DT5R6WC FFPA==
X-Gm-Message-State: ALoCoQnWLalEI3gwe3G6eKZXtZEHr3INAdbxTwnwpcFiyS98pmq247vo360sqfPgmIiwxWrVm2F0
MIME-Version: 1.0
X-Received: by 10.50.30.67 with SMTP id q3mr7877274igh.46.1381775438878; Mon, 14 Oct 2013 11:30:38 -0700 (PDT)
Received: by 10.64.231.100 with HTTP; Mon, 14 Oct 2013 11:30:38 -0700 (PDT)
X-Originating-IP: [80.195.189.45]
In-Reply-To: <525C2EEC.9090707@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525C009D.50402@bbn.com> <CA+BZK2posNKLY5hOBzz2Fe9fDfhKuo-13F9gbjbnm7BNt862KQ@mail.gmail.com> <525C2EEC.9090707@bbn.com>
Date: Mon, 14 Oct 2013 19:30:38 +0100
Message-ID: <CA+BZK2pfH9ZhBjcUVCTaD_ARXGCJ5AR1eVJF6g_=1OmM6TiAJw@mail.gmail.com>
From: Ralf Skyper Kaiser <skyper@thc.org>
To: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary=047d7bdc131031aa3a04e8b7aa25
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 18:30:43 -0000

--047d7bdc131031aa3a04e8b7aa25
Content-Type: text/plain; charset=ISO-8859-1

> If most users feel that security and privacy are high priorities, why do
> so many users download
> free apps that monitor aspects of mobile phone use and direct ads
> accordingly? My position, in
> part, is that people behave in a fashion that suggests that personal
> privacy is not a very
> high priority when it comes to use of the Internet.
>
>
That's like saying "People should not have airbags because they should not
drive ruthless or fast in the first place. They surely do not care about
their safety so why should we invent the airbag?".

regards,

Ralf

--047d7bdc131031aa3a04e8b7aa25
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><div class=3D"gmail_quote">=
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
If most users feel that security and privacy are high priorities, why do so=
 many users download<br>
free apps that monitor aspects of mobile phone use and direct ads according=
ly? My position, in<br>
part, is that people behave in a fashion that suggests that personal privac=
y is not a very<br>
high priority when it comes to use of the Internet.<div class=3D"im"><br></=
div></blockquote></div><br></div><div class=3D"gmail_extra">That&#39;s like=
 saying &quot;People should not have airbags because they should not drive =
ruthless or fast in the first place. They surely do not care about their sa=
fety so why should we invent the airbag?&quot;. <br>
<br>regards,<br><br>Ralf<br><br></div></div>

--047d7bdc131031aa3a04e8b7aa25--

From rutkowski.tony@gmail.com  Mon Oct 14 11:56:05 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C688B11E819C for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 11:56:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iDi+HqK+fe-q for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 11:56:05 -0700 (PDT)
Received: from mail-qe0-x234.google.com (mail-qe0-x234.google.com [IPv6:2607:f8b0:400d:c02::234]) by ietfa.amsl.com (Postfix) with ESMTP id 29D2521E80EA for <perpass@ietf.org>; Mon, 14 Oct 2013 11:55:56 -0700 (PDT)
Received: by mail-qe0-f52.google.com with SMTP id w7so5478868qeb.39 for <perpass@ietf.org>; Mon, 14 Oct 2013 11:55:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=T0/z7EfIe1ktnp1j0gPYrKKzPpPyJU97g/LBEvNsjcU=; b=NvDV8KXQzs3G/ZLF7QH6NA/kjjj+Nii4/4IFPIp3OhEQtKx9mX4XhFjJkmyRkej5iA pJino5tImwGTkThtfYJf4DefzsyPvthOaN0wiISv6n4/zxz5sMwQjWUND2s4nLFKPbki nlC/E02ocU+PFi5trH3OTJQlAAywhJ2Ef815F1VkueurluO4uCr1NJGkPlUWsFRQNC0Y 4bxrBfZi3bmRi+UAo9+d5mDsDsggCCJQMzHbLlKzGopar4MTbbRnmWLs7W5BgjgiWONw MEzcmZ6lzFlf2+ATHbbkb1OPjyOfN0l/LQf6uZ8GGVFFxWWsBNjUKUGO5vTej1/DNyZv u2tw==
X-Received: by 10.224.37.198 with SMTP id y6mr4042042qad.104.1381776946821; Mon, 14 Oct 2013 11:55:46 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id x1sm146795227qai.6.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 14 Oct 2013 11:55:46 -0700 (PDT)
Message-ID: <525C3E31.7020203@gmail.com>
Date: Mon, 14 Oct 2013 14:55:45 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Brian Trammell <trammell@tik.ee.ethz.ch>,  Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com> <525BEAF4.5090802@cs.tcd.ie> <525BF0C2.8010201@gmail.com> <525BF51C.6090901@cs.tcd.ie> <525C0F4F.8050406@gmail.com> <525C1BD0.1060705@cs.tcd.ie> <595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch>
In-Reply-To: <595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] threat model draft
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 18:56:05 -0000

Hi Brian et al.,

This has been kind of fun to watch - based
on someone's note about it.  But I'm not
into this kind of far out academic religious
stuff and have real work to do.

But have fun.

--tony

From brian.e.carpenter@gmail.com  Mon Oct 14 12:13:21 2013
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4476F21E80B7 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 12:13:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.569
X-Spam-Level: 
X-Spam-Status: No, score=-102.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZIS0oPsbV37R for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 12:13:20 -0700 (PDT)
Received: from mail-pd0-x22f.google.com (mail-pd0-x22f.google.com [IPv6:2607:f8b0:400e:c02::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 802EE21E80EE for <perpass@ietf.org>; Mon, 14 Oct 2013 12:13:19 -0700 (PDT)
Received: by mail-pd0-f175.google.com with SMTP id q10so7733869pdj.20 for <perpass@ietf.org>; Mon, 14 Oct 2013 12:13:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=y05qHHLjPOJ8xGEyz9huhM0iEhjbrT8jUhWZcnpaCR0=; b=UluRqm1tiR6TF9gjvFSKZpN4PzNfar0EO1zlxPqUAGSp1W8bTBaN6BZLuhYlgwpffp K90zGSFh6+aFPsLpcjJQ2S2YLY4tVl0/nigJIclvJMZp2xxbbLZ2Ge8yjyXN8i66i+7k JXjKfHIj6+js5lkalH8Zj/Mwxpz7ZFlXkvkMZ637qa7bOguE9zTAoXCiqOhw7hNgGif3 7djj2edqsVEkNptLCfaXgPG2rSQnKD7xA2thNscYME+bGXWj5cTzA80JTzEM4J1jtQTm 4n+RfDlu1U2I2U6CscL8IW25dCdb9T3EWURgA9s8PbvbhgqtM45KPfNc/kThnat/0uw9 cFtw==
X-Received: by 10.68.253.67 with SMTP id zy3mr4624766pbc.137.1381777996708; Mon, 14 Oct 2013 12:13:16 -0700 (PDT)
Received: from [192.168.178.20] (19.202.69.111.dynamic.snap.net.nz. [111.69.202.19]) by mx.google.com with ESMTPSA id hz10sm79571574pbc.36.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 14 Oct 2013 12:13:15 -0700 (PDT)
Message-ID: <525C4249.3030206@gmail.com>
Date: Tue, 15 Oct 2013 08:13:13 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Brian Trammell <trammell@tik.ee.ethz.ch>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<525BEAF4.5090802@cs.tcd.ie> <525BF0C2.8010201@gmail.com>	<525BF51C.6090901@cs.tcd.ie> <525C0F4F.8050406@gmail.com>	<525C1BD0.1060705@cs.tcd.ie> <595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch>
In-Reply-To: <595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, rutkowski.tony@gmail.com, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] threat model draft
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 19:13:21 -0000

On 15/10/2013 06:57, Brian Trammell wrote:
...
>>> Additionally, all this is context dependent as there all
>>> kinds of bases for exactly this kind of activity that are
>>> operational, commercial, and legal.  It would also be
>>> interesting to see a definition of "network."  Radio
>>> networks have been subject to constant monitoring
>>> for many decades.  Fast forwarding to SDNs and Cloud
>>> Computing services, renders most of these this efforts
>>> irrelevant.
>> Huh? I don't get what you mean.
> 
> I'm also confused, but I'm going to take a guess.
> 
> If by "cloud computing" you mean that protocols are being replaced by services, then yes, this is a problem. Nothing we can do on the network can protect against "PRISM"-class surveillance activities, by which I mean at least one endpoint of the communication (in this case, your email provider) cooperates with the observer. 

A realisation I had while watching "Terms and conditions may apply" on Sunday
is that it's even worse. Given the weak privacy protection on the social
networks, a very large amount of traffic analysis and personal behaviour
analysis is possible without needing the cooperation of even one endpoint.
You just scrape stuff off the social network, squirt it through HADOOP,
and out comes a list of targets worthy of detailed investigation.
That is definitely part of today's threat model.

I'd say we actually have a hierarchy of threats to consider, starting with
'big data' analysis of publicly available data and ending with traditional
personally targetted wiretapping.

   Brian C

From ajs@anvilwalrusden.com  Mon Oct 14 12:26:40 2013
Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3074721E8119 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 12:26:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.84
X-Spam-Level: 
X-Spam-Status: No, score=-0.84 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rKK6zbnV2O1e for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 12:26:34 -0700 (PDT)
Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id 20DC221E8163 for <perpass@ietf.org>; Mon, 14 Oct 2013 12:26:33 -0700 (PDT)
Received: from mx1.yitter.info (nat-05-mht.dyndns.com [216.146.45.244]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id C172E8A031 for <perpass@ietf.org>; Mon, 14 Oct 2013 19:26:32 +0000 (UTC)
Date: Mon, 14 Oct 2013 15:26:40 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: perpass@ietf.org
Message-ID: <20131014192639.GQ56454@mx1.yitter.info>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525C009D.50402@bbn.com> <CA+BZK2posNKLY5hOBzz2Fe9fDfhKuo-13F9gbjbnm7BNt862KQ@mail.gmail.com> <525C2EEC.9090707@bbn.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <525C2EEC.9090707@bbn.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 19:26:40 -0000

On Mon, Oct 14, 2013 at 01:50:36PM -0400, Stephen Kent wrote:

> accordingly? My position, in
> part, is that people behave in a fashion that suggests that personal
> privacy is not a very
> high priority when it comes to use of the Internet.

While I have some sympathy for the above, I think it runs the risk of
a considerable oversimplification of the behaviour model of users.
Most importantly, I think it contains in it the sort of picture of end
users that is frequently part of _homo economicus_: a rational,
good-maximising agent.  Just as in economics, however, I suspect that
peoples' security decision-making actually relies on a number of
principles that we can scarcely believe are rational.  For instance,
it could just as easily be that people using privacy-invading apps
have convinced themselves of the utility of data protection policies,
or think that they're too individually insignificant for anyone to
care about.  There could also be (suppressed) cognitivie dissonance
involved.  Finally, there's the issue of how usable much of the
security support in systems is when actual users encounter it.

Best,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com

From kent@bbn.com  Mon Oct 14 12:33:52 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F217411E8185 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 12:33:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.463
X-Spam-Level: 
X-Spam-Status: No, score=-106.463 tagged_above=-999 required=5 tests=[AWL=0.135, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3eYp4JyI-uSi for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 12:33:47 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 97A8111E816D for <perpass@ietf.org>; Mon, 14 Oct 2013 12:33:46 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:55483) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VVnth-000M8z-F1; Mon, 14 Oct 2013 15:33:45 -0400
Message-ID: <525C4719.9090602@bbn.com>
Date: Mon, 14 Oct 2013 15:33:45 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Ralf Skyper Kaiser <skyper@thc.org>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525C009D.50402@bbn.com> <CA+BZK2posNKLY5hOBzz2Fe9fDfhKuo-13F9gbjbnm7BNt862KQ@mail.gmail.com> <525C2EEC.9090707@bbn.com> <CA+BZK2pfH9ZhBjcUVCTaD_ARXGCJ5AR1eVJF6g_=1OmM6TiAJw@mail.gmail.com>
In-Reply-To: <CA+BZK2pfH9ZhBjcUVCTaD_ARXGCJ5AR1eVJF6g_=1OmM6TiAJw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------090307020506040704030409"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 19:33:53 -0000

This is a multi-part message in MIME format.
--------------090307020506040704030409
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit


>
>     If most users feel that security and privacy are high priorities,
>     why do so many users download
>     free apps that monitor aspects of mobile phone use and direct ads
>     accordingly? My position, in
>     part, is that people behave in a fashion that suggests that
>     personal privacy is not a very
>     high priority when it comes to use of the Internet.
>
>
> That's like saying "People should not have airbags because they should 
> not drive ruthless or fast in the first place. They surely do not care 
> about their safety so why should we invent the airbag?".
>
> regards,
>
> Ralf
Your proposed analogy is really, really bad, yet again. But it does provide
a good basis for a better analogy.

Seat belts are an example of an MTI, mandated by government-level 
regulations.
There are state laws in the U.S. that make them MTU, in 33 states. Note that
the MTU provision is a weak one; an audible warning sounds for a few 
seconds,
and then is silent. If one were very serious about seat belt use, there 
could
be an ignition interlock. But, since seat belt use is not mandatory in all
U.S. states, such an interlock would be problematic for vehicle 
manufacturers.

Air bags were initially an alternative, passive restraint option, viewed as
equivalent to 3-point seat belts, when passive restraints were first 
mandated
in  1984 (for vehicles produced in 1989), and the regulation applied 
only to drivers,
not passengers. In 1998 the rules were changed to mandate airbags in 
addition to
(3-point) seat belts, for front seat passengers, as well as drivers.

Over time vehicle manufacturers have voluntarily added more air bags in 
cars,
as a selling point, i.e., they perceive that some buyers will pay more for
knee bags, etc.

So, some take aways from this (corrected) analogy are

     - MTI can be appropriate for safety (security/privacy) features

     - MTU is a problem for such featyures when products are used across 
a wide range of
       jurisdictions

     - a safety (security/privacy) feature will be offered by vendors 
(service providers)
       when they that it is valued by their customers


Steve

--------------090307020506040704030409
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <br>
    <blockquote
cite="mid:CA+BZK2pfH9ZhBjcUVCTaD_ARXGCJ5AR1eVJF6g_=1OmM6TiAJw@mail.gmail.com"
      type="cite">
      <div dir="ltr"><br>
        <div class="gmail_extra">
          <div class="gmail_quote">
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              If most users feel that security and privacy are high
              priorities, why do so many users download<br>
              free apps that monitor aspects of mobile phone use and
              direct ads accordingly? My position, in<br>
              part, is that people behave in a fashion that suggests
              that personal privacy is not a very<br>
              high priority when it comes to use of the Internet.
              <div class="im"><br>
              </div>
            </blockquote>
          </div>
          <br>
        </div>
        <div class="gmail_extra">That's like saying "People should not
          have airbags because they should not drive ruthless or fast in
          the first place. They surely do not care about their safety so
          why should we invent the airbag?". <br>
          <br>
          regards,<br>
          <br>
          Ralf<br>
        </div>
      </div>
    </blockquote>
    Your proposed analogy is really, really bad, yet again. But it does
    provide<br>
    a good basis for a better analogy.<br>
    <br>
    Seat belts are an example of an MTI, mandated by government-level
    regulations.<br>
    There are state laws in the U.S. that make them MTU, in 33 states.
    Note that<br>
    the MTU provision is a weak one; an audible warning sounds for a few
    seconds,<br>
    and then is silent. If one were very serious about seat belt use,
    there could<br>
    be an ignition interlock. But, since seat belt use is not mandatory
    in all<br>
    U.S. states, such an interlock would be problematic for vehicle
    manufacturers.<br>
    <br>
    Air bags were initially an alternative, passive restraint option,
    viewed as<br>
    equivalent to 3-point seat belts, when passive restraints were first
    mandated<br>
    in&nbsp; 1984 (for vehicles produced in 1989), and the regulation applied
    only to drivers,<br>
    not passengers. In 1998 the rules were changed to mandate airbags in
    addition to<br>
    (3-point) seat belts, for front seat passengers, as well as drivers.<br>
    <br>
    Over time vehicle manufacturers have voluntarily added more air bags
    in cars,<br>
    as a selling point, i.e., they perceive that some buyers will pay
    more for<br>
    knee bags, etc.<br>
    <br>
    So, some take aways from this (corrected) analogy are<br>
    <br>
    &nbsp;&nbsp;&nbsp; - MTI can be appropriate for safety (security/privacy) features<br>
    <br>
    &nbsp;&nbsp;&nbsp; - MTU is a problem for such featyures when products are used
    across a wide range of <br>
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; jurisdictions<br>
    <br>
    &nbsp;&nbsp;&nbsp; - a safety (security/privacy) feature will be offered by vendors
    (service providers) <br>
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; when they that it is valued by their customers<br>
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br>
    <br>
    Steve<br>
  </body>
</html>

--------------090307020506040704030409--

From richard@shockey.us  Mon Oct 14 13:09:25 2013
Return-Path: <richard@shockey.us>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E4DA21E8114 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 13:09:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.061
X-Spam-Level: 
X-Spam-Status: No, score=-102.061 tagged_above=-999 required=5 tests=[AWL=0.204, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zt+GljH+zlJ9 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 13:09:20 -0700 (PDT)
Received: from outbound-ss-874.bluehost.com (outbound-ss-874.bluehost.com [69.89.29.198]) by ietfa.amsl.com (Postfix) with SMTP id E3FB121E80F9 for <perpass@ietf.org>; Mon, 14 Oct 2013 13:09:17 -0700 (PDT)
Received: (qmail 20731 invoked by uid 0); 14 Oct 2013 15:42:26 -0000
Received: from unknown (HELO box462.bluehost.com) (74.220.219.62) by oproxy4.mail.unifiedlayer.com with SMTP; 14 Oct 2013 15:42:26 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default;  h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:Cc:To:From; bh=DVamdINgEHx65ONSCxt6P8I3WBS+J84/2dW6VZP9wOk=;  b=DUazzvGp+b7s7Z636AjohelGJm1rUazqTsyZsPTzWdQamiD14uE92FQkPQ5kX9btuKJKQADiLJckCUGwc/FJf8unS+RWDA1hlOuvrYPFhddVLYq3F5oLaMX1DKrUzldW;
Received: from [71.114.100.16] (port=53658 helo=RSHOCKEYPC) by box462.bluehost.com with esmtpa (Exim 4.80) (envelope-from <richard@shockey.us>) id 1VVkHq-0000a0-12; Mon, 14 Oct 2013 09:42:26 -0600
From: "Richard Shockey" <richard@shockey.us>
To: "'Stephen Kent'" <kent@bbn.com>, "'Alissa Cooper'" <acooper@cdt.org>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525C009D.50402@bbn.com>
In-Reply-To: <525C009D.50402@bbn.com>
Date: Mon, 14 Oct 2013 11:42:23 -0400
Message-ID: <012c01cec8f3$fabcac00$f0360400$@shockey.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQEw1d0AomIEaLDZVUzinr0J3YhpLwIjOxW0AQjpm88CDcGoaADNKq7CAhCQNA4CcCI/bwC/nxVgmtYA1XA=
Content-Language: en-us
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 71.114.100.16 authed with richard@shockey.us}
Cc: 'perpass' <perpass@ietf.org>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 20:09:25 -0000

> public sector data collectio
 n has obviously blurred as more and more data is exchanged between the two,
but that does not make the two of them equivalent.
I appreciate your analysis, but I don't necessarily agree with your
conclusions. The state has a responsibility to provide for the security of
its citizens. To the extent that surveillance supports this goal, it is
potentially justified, irrespective of whether every citizen agrees with the
methods. Corporate collection of personal data tends to be driven by greed,
not quite so noble a goal :-).

I agree that the state has a more powerful capability to collect info about
Internet users, and yes, there are no T's & C's to read and agree to (or,
more likely ignore and agree to). But that does not mean that we, as
developers of Internet standards, are in a position to know whether all
users feel that state vs. corporate surveillance is a greater personal
concern, and thus warrants mandatory to use (vs. implement) security
features.
> For the list: much of this thread's discussion seems to presume that the
business considerations behind individual companies' decisions about whether
to deploy secure protocols or not are unchanged from what they were four
months ago prior to the beginning of the revelations. Yet elsewhere there
seems to be a whole lot of hand-wringing going on about how much business is
being lost or how nervous various customers are in the wake of the
revelations. Can we really assume that no IT managers in charge of
enterprise SIP deployments or middlebox-based backwards-compatability
solutions are even considering re-evaluating how they balance competing
requirements?

[RS> ]  Short answer. No.  Especially if the cost far outweighs the
benefits.  

I'll defer to folks with more direct experience with these businesses, but I
have seen no such change in perception. The only change I have seen is that
enterprises makign use of cloud storage and backup are more concerned about
the confidentiality of the data stored there, and are considering offshore
alternatives.

Steve

_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass


From jon.peterson@neustar.biz  Mon Oct 14 15:33:42 2013
Return-Path: <jon.peterson@neustar.biz>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F1C521E813A for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 15:33:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.74
X-Spam-Level: 
X-Spam-Status: No, score=-105.74 tagged_above=-999 required=5 tests=[AWL=0.858, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id inGCeBNt0wwj for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 15:33:37 -0700 (PDT)
Received: from neustar.com (mx11.neustar.com [156.154.25.104]) by ietfa.amsl.com (Postfix) with ESMTP id CF54521E8136 for <perpass@ietf.org>; Mon, 14 Oct 2013 15:33:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.biz; s=neustarbiz; t=1381790030; x=1697147661; q=dns/txt; h=From:Subject:Date:Message-ID:Content-Language: Content-Type; bh=S3e3pEsVO9sf7fJiIDgHFOMhSo+6uC363vqwZho3P7g=; b=qopBSkiXQi4VebhhN+GrGiFC4HgPAQcb0FEXMCoyXocau7xBNt7GI8WZ+2xx5J 5qJI/sF4d7e1TJKuAp2Bsj0Q==
Received: from ([10.31.58.69]) by chihiron2.nc.neustar.com with ESMTP with TLS id J041123125.27100982;  Mon, 14 Oct 2013 18:33:49 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.60]) by stntexhc10.cis.neustar.com ([169.254.4.132]) with mapi id 14.02.0342.003; Mon, 14 Oct 2013 18:33:26 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: Stephen Kent <kent@bbn.com>, Ralf Skyper Kaiser <skyper@thc.org>
Thread-Topic: [perpass] mandatory-to-implement vs. more?
Thread-Index: AQHOxGt1gKv+/IMKx0apKzYaC3uAzpns4m8AgABs24CAAT3rgIAABYiAgAAu4QCABLD4AIABHDKAgAAGB4CAADEuAIAACy8AgAARooD//7zXAA==
Date: Mon, 14 Oct 2013 22:33:25 +0000
Message-ID: <CE81BDE4.A834C%jon.peterson@neustar.biz>
In-Reply-To: <525C4719.9090602@bbn.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/14.3.6.130613
x-originating-ip: [192.168.129.141]
x-ems-proccessed: R64IxjzeHPwwd+efoj3ZcA==
x-ems-stamp: FUXaFJqLoB4p4hzOJ1s2RQ==
Content-Type: multipart/alternative; boundary="_000_CE81BDE4A834Cjonpetersonneustarbiz_"
MIME-Version: 1.0
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 22:33:42 -0000

--_000_CE81BDE4A834Cjonpetersonneustarbiz_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Would you agree though Steve that wearing seat belts is our best current pr=
actice for safety, and that we (if we imagine ourselves car designers) shou=
ld explain to people how unsafe the roads are and that they really should w=
ear seat belts? Not everyone who builds cars might feel like they need to t=
ake responsibility for explaining this, of course, but some will.

I don't want us to throw up our hands and say there's nothing to be done to=
 improve the situation because users don't understand security and some dep=
loyments would resist it. Here in the IETF, our responsibilities as partici=
pants differ from those of users and even operators. We write standards. I =
think we need to write standards that are clear about what people should do=
 to be secure on the Internet as we understand it. Our understanding of the=
 Internet has changed because of these revelations, and what we need to do =
has to change as well. I agree that we can't levy unrealistic mandates and =
hope for anything but our own irrelevance. But let's not swing too far in t=
he opposite direction here either.

Jon Peterson
Neustar, Inc.

From: Stephen Kent <kent@bbn.com<mailto:kent@bbn.com>>
Date: Monday, October 14, 2013 12:33 PM
To: Ralf Skyper Kaiser <skyper@thc.org<mailto:skyper@thc.org>>
Cc: perpass <perpass@ietf.org<mailto:perpass@ietf.org>>
Subject: Re: [perpass] mandatory-to-implement vs. more?



If most users feel that security and privacy are high priorities, why do so=
 many users download
free apps that monitor aspects of mobile phone use and direct ads according=
ly? My position, in
part, is that people behave in a fashion that suggests that personal privac=
y is not a very
high priority when it comes to use of the Internet.


That's like saying "People should not have airbags because they should not =
drive ruthless or fast in the first place. They surely do not care about th=
eir safety so why should we invent the airbag?".

regards,

Ralf
Your proposed analogy is really, really bad, yet again. But it does provide
a good basis for a better analogy.

Seat belts are an example of an MTI, mandated by government-level regulatio=
ns.
There are state laws in the U.S. that make them MTU, in 33 states. Note tha=
t
the MTU provision is a weak one; an audible warning sounds for a few second=
s,
and then is silent. If one were very serious about seat belt use, there cou=
ld
be an ignition interlock. But, since seat belt use is not mandatory in all
U.S. states, such an interlock would be problematic for vehicle manufacture=
rs.

Air bags were initially an alternative, passive restraint option, viewed as
equivalent to 3-point seat belts, when passive restraints were first mandat=
ed
in  1984 (for vehicles produced in 1989), and the regulation applied only t=
o drivers,
not passengers. In 1998 the rules were changed to mandate airbags in additi=
on to
(3-point) seat belts, for front seat passengers, as well as drivers.

Over time vehicle manufacturers have voluntarily added more air bags in car=
s,
as a selling point, i.e., they perceive that some buyers will pay more for
knee bags, etc.

So, some take aways from this (corrected) analogy are

    - MTI can be appropriate for safety (security/privacy) features

    - MTU is a problem for such featyures when products are used across a w=
ide range of
      jurisdictions

    - a safety (security/privacy) feature will be offered by vendors (servi=
ce providers)
      when they that it is valued by their customers


Steve

--_000_CE81BDE4A834Cjonpetersonneustarbiz_
Content-Type: text/html; charset="us-ascii"
Content-ID: <4038B8EE1A7191428C728AAC1D0432AA@neustar.biz>
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Calibri, sans-serif; ">
<div><br>
</div>
<div>Would you agree though Steve that wearing seat belts is our best curre=
nt practice for safety, and that we (if we imagine ourselves car designers)=
 should explain to people how unsafe the roads are and that they really sho=
uld wear seat belts? Not everyone
 who builds cars might feel like they need to take responsibility for expla=
ining this, of course, but some will.</div>
<div><br>
</div>
<div>I don't want us to throw up our hands and say there's nothing to be do=
ne to improve the situation because users don't understand security and som=
e deployments would resist it. Here in the IETF, our responsibilities as pa=
rticipants differ from those of
 users and even operators. We write standards. I think we need to write sta=
ndards that are clear about what people should do to be secure on the Inter=
net as we understand it. Our understanding of the Internet has changed beca=
use of these revelations, and what
 we need to do has to change as well. I agree that we can't levy unrealisti=
c mandates and hope for anything but our own irrelevance. But let's not swi=
ng too far in the opposite direction here either.</div>
<div><br>
</div>
<div>Jon Peterson</div>
<div>Neustar, Inc.</div>
<div><br>
</div>
<span id=3D"OLK_SRC_BODY_SECTION">
<div style=3D"font-family:Calibri; font-size:11pt; text-align:left; color:b=
lack; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM:=
 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid;=
 BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style=3D"font-weight:bold">From: </span>Stephen Kent &lt;<a href=3D"m=
ailto:kent@bbn.com">kent@bbn.com</a>&gt;<br>
<span style=3D"font-weight:bold">Date: </span>Monday, October 14, 2013 12:3=
3 PM<br>
<span style=3D"font-weight:bold">To: </span>Ralf Skyper Kaiser &lt;<a href=
=3D"mailto:skyper@thc.org">skyper@thc.org</a>&gt;<br>
<span style=3D"font-weight:bold">Cc: </span>perpass &lt;<a href=3D"mailto:p=
erpass@ietf.org">perpass@ietf.org</a>&gt;<br>
<span style=3D"font-weight:bold">Subject: </span>Re: [perpass] mandatory-to=
-implement vs. more?<br>
</div>
<div><br>
</div>
<div>
<div bgcolor=3D"#FFFFFF" text=3D"#000000"><br>
<blockquote cite=3D"mid:CA&#43;BZK2pfH9ZhBjcUVCTaD_ARXGCJ5AR1eVJF6g_=3D1OmM=
6TiAJw@mail.gmail.com" type=3D"cite">
<div dir=3D"ltr"><br>
<div class=3D"gmail_extra">
<div class=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
If most users feel that security and privacy are high priorities, why do so=
 many users download<br>
free apps that monitor aspects of mobile phone use and direct ads according=
ly? My position, in<br>
part, is that people behave in a fashion that suggests that personal privac=
y is not a very<br>
high priority when it comes to use of the Internet.
<div class=3D"im"><br>
</div>
</blockquote>
</div>
<br>
</div>
<div class=3D"gmail_extra">That's like saying &quot;People should not have =
airbags because they should not drive ruthless or fast in the first place. =
They surely do not care about their safety so why should we invent the airb=
ag?&quot;.
<br>
<br>
regards,<br>
<br>
Ralf<br>
</div>
</div>
</blockquote>
Your proposed analogy is really, really bad, yet again. But it does provide=
<br>
a good basis for a better analogy.<br>
<br>
Seat belts are an example of an MTI, mandated by government-level regulatio=
ns.<br>
There are state laws in the U.S. that make them MTU, in 33 states. Note tha=
t<br>
the MTU provision is a weak one; an audible warning sounds for a few second=
s,<br>
and then is silent. If one were very serious about seat belt use, there cou=
ld<br>
be an ignition interlock. But, since seat belt use is not mandatory in all<=
br>
U.S. states, such an interlock would be problematic for vehicle manufacture=
rs.<br>
<br>
Air bags were initially an alternative, passive restraint option, viewed as=
<br>
equivalent to 3-point seat belts, when passive restraints were first mandat=
ed<br>
in&nbsp; 1984 (for vehicles produced in 1989), and the regulation applied o=
nly to drivers,<br>
not passengers. In 1998 the rules were changed to mandate airbags in additi=
on to<br>
(3-point) seat belts, for front seat passengers, as well as drivers.<br>
<br>
Over time vehicle manufacturers have voluntarily added more air bags in car=
s,<br>
as a selling point, i.e., they perceive that some buyers will pay more for<=
br>
knee bags, etc.<br>
<br>
So, some take aways from this (corrected) analogy are<br>
<br>
&nbsp;&nbsp;&nbsp; - MTI can be appropriate for safety (security/privacy) f=
eatures<br>
<br>
&nbsp;&nbsp;&nbsp; - MTU is a problem for such featyures when products are =
used across a wide range of
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; jurisdictions<br>
<br>
&nbsp;&nbsp;&nbsp; - a safety (security/privacy) feature will be offered by=
 vendors (service providers)
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; when they that it is valued by their custome=
rs<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br>
<br>
Steve<br>
</div>
</div>
</span>
</body>
</html>

--_000_CE81BDE4A834Cjonpetersonneustarbiz_--

From mdietf@demmers.org  Mon Oct 14 16:09:46 2013
Return-Path: <mdietf@demmers.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AE2321F9DC9 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 16:09:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.077
X-Spam-Level: 
X-Spam-Status: No, score=0.077 tagged_above=-999 required=5 tests=[AWL=-1.446,  BAYES_50=0.001, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, J_CHICKENPOX_83=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kL8TUQn8QDyW for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 16:09:40 -0700 (PDT)
Received: from remote.demmers.org (mdemmers.virt.spiritone.com [216.99.193.151]) by ietfa.amsl.com (Postfix) with ESMTP id 7160611E81A9 for <perpass@ietf.org>; Mon, 14 Oct 2013 16:09:15 -0700 (PDT)
Received: from cicero.demmers.org ([50.45.172.144]) by remote.demmers.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id r9EN9ArA020406; Mon, 14 Oct 2013 16:09:11 -0700
Date: Mon, 14 Oct 2013 16:09:06 -0700
From: Mike Demmers <mdietf@demmers.org>
To: Perpass List Submit <perpass@ietf.org>
Message-ID: <20131014160906.27647ff6@cicero.demmers.org>
In-Reply-To: <20131013152508.GA12990@vegoda.org>
References: <20130925110934.464c7592@cicero.demmers.org> <524343B5.8010808@cs.tcd.ie> <20130930135150.23771137@cicero.demmers.org> <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de> <20131010050040.03051a8e@cicero.demmers.org> <j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de> <20131010092504.039f1217@cicero.demmers.org> <20131012180344.GA11447@vegoda.org> <20131012234500.2813ff1c@cicero.demmers.org> <20131013152508.GA12990@vegoda.org>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 23:09:46 -0000

On Sun, 13 Oct 2013 08:25:08 -0700
Leo Vegoda <leo@vegoda.org> wrote:

> I am not a security expert either but presumably people will need to
> export keys for backup and deployment on other systems. For
> instance, many people have something like a laptop computer, a
> smartphone and a tablet. Presumably, users would want to use the
> same keys on all those devices so that they can read all their
> e-mail no matter which device they use.
> 
> I also expect people would want to be able to revoke a key if a
> device is stolen and then generate a new key to replace it, back
> that up and distribute it to all the devices in use.

...

> So my questions are:

Excellent questions.

> - how do people use the same keys on all their devices?

OK. Keys are just small files. So this boils down to 'how do I securely transfer small files between my devices?'.

This involves private keys, so we really need to be a little careful with this one.

Here is how I think this might work:

Besides the normal keys that are generated when your MUA is first started, a 'device key' (device keypair, public and private key for the device) is generated. These are unique to each device, and you are prompted for 'device name' at some point ('Joe's tablet', 'Joe's Phone' etc.). So now we have a way to encode something that only one device can read.

But we need to exchange public keys. Since these are public keys, just about any way will work that will transfer a file. Best would be something completely local of course, but this could also be something like an attachment to an email. 

So: select menu item 'Friend a Device'

See:

"Friending a device means interchanging device public keys. This is required in order to be able to securely share your friending environment between all your devices that use email (home computer, tablet, phone, etc.). Each device must have the device public keys for all your other devices. This step only must be done once.

There are two ways you can make this key exchange:

1. You can export your device public key for the device you are currently using to a file, which will be called YOURDEVICENAME.devicepublickey. This is then copied to all your other devices using a disk, usbstick, local lan, or other means of locally copying files from one device to another. Then, on the other device, you select 'Import Other Device Public Key From file'. You must export the device public key from each device you use, and import it to the other devices.

This is the most secure means of making this key exchange since the device public key never leaves your local environment.

2. You can use email to send the device public key as well. This is slightly less secure, since your device public key will go over the network, where it could be seen by someone else. Your private key will still be completely safe though. This may be required for certain kinds of devices where other means are not possible. If you select this option, a new email message will be created, to yourself, that contains the device public key in the body of the email. You should send this, then on each device you wish to 'friend' as a device, call up the email and select from the menu 'Import Device Public Key From Current Email'.
You must do the to and from each device.

Select 'Method 1' 'Method 2' 'Abort'"

Now we have a way to encode transfers between devices.

To actually sync:

Select from menu: "Sync my complete email friending environment from this device to another"

See:

"Select device to sync to from list"

Select one.

"Select method:

1. Export to file, which will be called USERNAME.friendkeysenv. This will create a standard format file, encrypted with the other devices device public key, that can be copied over and imported and decoded.

2. Use email. This will create a standard format file, encrypted with the other devices public key, in the body of an email to send to yourself. Select 'Import Friend Environment From Current Email' from menu on the other device.

This will update all private public keys and private private keys on the remote device to be the same as on the source device ('master'). Any existing files will be overwritten."

That will sync a device to a master device, but we need another option, because life is messy. Ideally, we would have all our friending be on one device, and then replcate that environment to other devices. But people do not always follow such rules, and sometimes this is inconvenient or impossible.

So we also need a similar function that can copy just ONE new friend over to other devices. So if I friend someone on my phone in a meeting, I can later just import that one into my master.

This would work just like the above function, but would create a file with just one name in it, in some standard format, so the importing device will know to just append it.

Well, that's a bit awkward, isn't it? What I really want as a user is something like

Hit sync button

See 'Select device from list'

Everything else handled automatically.

Can that be done? 

The very first step, that only has to be done once - the initial device public key exchange, pretty much has to be done the way shown. We can't have a device just automatically grabbing anothers public key through some protocol, it would be less secure. The user really needs to be in control of that from the device sending the key, to be sure only his own devices are in his inner circle.

But after that...can't be done by the file method since we do not know ahead of time how files might be transferred between two random devices.

Perhaps through email, by keeping track of state similarly to how the friending stuff works. IF this became standardized, we would at least know that the email program on the other end (and we don't really have control of what email program is running on many devices, like phones) would be able to handle that somehow.

-This is important- 

A sort of 'Default Deny' standard way of creating these files and formats could be created, but what I really feel is that having a way of exchanging a crypto environment _that is tied to some particular 'Default Deny' standard or program is the wrong way to go. What I WANT to use for this is standard formats for keys, key exchanges, whole key environment exchanges, using standard methods. That could be used by ANY program.

The difficulties here point up a real, serious flaw in the current crypto ecosystem, I believe, which is this: there are not enough GENERIC standards for crypto. Mostly because all this is still really new, everything seems to have developed in isolation, each protocol or program more or less in its own world, tied to a particular program. Often even when doing identical things, names are different, locations are unpredictable. There are subtle differences in the way things are done that should be the same, and standardized.

For example, consider where my email public/private keys are kept for gnupg. They are kept in /~user/.gnupg/. They are actually in a little database, formatted in a certain way, probably unique to gnupg.
I suppose if I used pgp, they would be in ~user/.pgp/. Probably with  different format. My ssh keys are in /~user/.ssh, not in a database, stored in a different way. Here, even within a single application, all the private and public keys even have different names, and are stored in a different way. And not in a database.

id_dsa.pub
id_rsa.pub
identity.pub

Here we have some metadata in the actual name, but it is pointless, because:

# more id_dsa.pub 
ssh-dss AAAAB3NzaC...

that metadata is already in the file itself.

Ssh has a list of authorized keys in 'authorized_keys'. Whatever gpupgs equivalent is, is stored in a completely different form. Look up 'using gpg keys for my ssh keys' in Google to see people struggling to do something that SHOULD be simple. (Even if not, in my opinion, wise.)

Gnupg has other uses than just email, why tie all the email keys to this one program?

Why not have a generic place for those email keys, something like /~user/.crypto/email/publickeys/ with some kind of standard naming scheme? That way, if a user used two different email programs, things would just work the same. If you WANTED, for some reason, one to be different, just use '/~user/.crypto/email/publickeys/eudora/' as an override of the default. But that would be exceptional.

Having standards that put things in standard places with standard names and formats makes intoperability and writing helper programs possible. 

Crypto is complicated and affects security. You know what else is complicated and affects security? Networking. Consider the difference in how the two work:

Networking:

Some expert discovers a security problem with some protocol, say 'talk'. I want to know if I have this at all, and if is is running. What is 'talk' anyway? Look at the standard list of services in /etc:

# grep talk /etc/services 
talk            517/tcp                         # like tenex link
talk            517/udp

Not REAL helpful, but something.
# cryptstat
-bash: cryptstat: command not found

# man talk

NAME
       talk - talk to another user

OK, fine, some sort of chat thing, port 517 service. Is it available? Is anyone running this?

# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 *:submission            *:*                     LISTEN     
tcp        0      0 *:http                  *:*                     LISTEN     
... 

nope, so will not worry about this for now.

Crypto:

Some expert discovers a security problem with some crypto method, say '3des'. I want to know if I have this at all, and if anyone is using it. What is '3des' anyway? Look at the standard list of crypto methods in  in /etc:

Oops, doesn't exist.

OK, well, try:
# cryptstat
-bash: cryptstat: command not found

# man 3des
No manual entry for 3des

# man des

des(3)                                OpenSSL                                des(3)

NAME
       DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
       DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, DES_ecb_encrypt,
       DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, DES_cfb_encrypt,
       DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, DES_ofb64_encrypt,
       DES_xcbc_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt,
       DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, DES_ede3_cbcm_encrypt,
       DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, DES_cbc_cksum,
       DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt,
       DES_crypt, DES_enc_read, DES_enc_write - DES encryption
DESCRIPTION
       This library contains a fast implementation of the DES encryption algorithm.

Well, thank you openSSL, at least. I infer it must exist on my system somewhere since I have a man page for it.
# cryptstat
-bash: cryptstat: command not found

Is anyone using it? Try a little wishful thinking...

# cryptstat
-bash: cryptstat: command not found

Oops, no such program. No way to easily tell if someone might be running a serious security hazard on my system.

Not only does 'cryptstat' not exist, but it would be nearly impossible to write one. It would have to know every single crypto program that MIGHT exist on the system, what their formats are, how to discover what is currently seleted for use.

IETF is all about standards and interoperability. It's time for some in this area.

> - how do people securely backup their keys?

They get backed up when they back up their system.

They can also use the functions mentioned above to make a 'standard' crypto environment file to share between friendly devices, which has all their own and friends public keys, and their own private keys. Put it on a disk somewhere safe.

In a multi-device environment, if a single device loses a disk or somethng, they can just use the 'export to friendly device' from any of the remaining good devices to restore everything.

> - how do people revoke keys when a device is stolen or otherwise
>   compromised?

I covered this previously - if your device is stolen or hacked, it is basically 'game over'. You need to use the functions that drop all your current private and public keys (to 'inactive' status), and create new ones, and refriend your email contacts that use encryption. Public key cryptography depends upon keeping your private key safe. I know of no way to change that.

As to 'revocation' - none needed (other than telling your friends to refriend you - the 'I was Hacked' menu item could possibly do that part automatically), because we are not using any public keyservers or Certificate Authorities external to our own envronment. There is nothing in public to 'revoke'.

I need to be very clear about what I am doing here by NOT using that stuff: I am deliberately sacrificing some security for usability.

The reasons for -all- that complicated keyservers and Certificate Authority stuff are 1. The need to have public keys available for anyone who asks (we do not need that since this is 'default deny' for all except our 'friends') and 2. The need to establish authentication - 'are we actually talking to who we think we are?'.

The need for an external authentication authority is to make sure there is not a 'man in the middle' of our transaction. Specifically, in the key exchange as I suggest it, someone COULD insert themselves in between us, get both public keys from us, and impersonate each of us to the other. So I would think I was emailing you my public key, but 'spook' in the middle actually gets it, and sends you a different key, which he also has the private key for. You think you got my key, you actually got his. He now gets an email from me, decodes it since I encoded it with HIS public key, recodes it with your public key which he has but you think only I have.

Protecting against this possibility causes an immense amount of extra complexity, which is one of the things that puts people off using cryptography.

The question is, 'While theoretically possible, how likely is this in real life'. My answer to that is: not very likely, unless you are specifically targeted by someone powerful enough to insert themselves into someone elses network. Most people are using large isps now, like ATT, Verizon, and they have direct connections to each other, so in actual reality this man in the middle has to have access to these large networks in a very deep way.

Who could do this?

A hacker? Maybe briefly, for a very small number of people. To do this to EVERYONE would take immense amounts of money, and for what gain? They would be pretty quickly found out. 

Verizon itself, perhaps for commercial reasons? To sell ads? The cost equation just does not work, it takes far too many resources for too little gain.

A foreign government? Maybe in specifically targeted cases. No practical return and pretty much impossible to do for everyone, there are simply far too many resoures needed, too much exposure, it would surely be found out quickly. 

Your own government? Most of what they do is more in the line of 'taps' to get information than man in the middle (with possible exception of https, in some situations). It does take a lot of resources, even for a govenment. But this has another problem in the case of email: it is very likely to be found out.

In the MITM setup I described above, remember that the man in the middle is fooling both sides by giving them the wrong keys. So what happens if you take your cell phone with you on vacation (to Russia, Brazil, Hong Kong, a place with a very small isp in the country...) and use another network to connect? Well, that network had better be MITM'd too , because if it is not, you and your friend will not be able to read each others email, because you both do not have each others keys, you have the man in the middle's keys. You will know by this that you are compromised.

This is also defeated by exchanging keys manually, or even by something so easy as checking through another channel, for example, call up your friend and tell him to start reading what he thinks is your public key out loud. It had better match what you see...

It makes little sense for a government to try to MITM every single possible path for every single person, in every possible circumstance, something that is not practically possible, to do something so easily found out, and of limited value.

Even if I went the other way, and forced everyone to use a complex system, buy personal certificates from a CA, what would be gained? Apparently they have the private keys of the CAs already, and can still game this.
Key-signing by multiple people as used for pgp still useful, and still can be used as desired. 

One thing I left out of the key exchange is that of course, while the initial emails are not encrypted, they should still be signed, and by the 'private' private key which can be later checked after the friend has obtained it. That may help some.

What the user gains from this is ease of use, less spam, privacy protection from most bad actors reading your mail, and protection from generic, automated, mass 'fishing expeditions' of the type that create a lot of false positives - so you don't get put on a 'watch list' for talking about pressure cookers. Or a couple actors for talking about 'making a bomb' after watching 'The Producers'.

This is all about 'reasonable privacy' not 'perfect security'. It is like deciding to have a private conversation with someone by walking outside your house. Yes, someone COULD be using a parbolic microphone from a half mile away to pick it up and record it. Still, I see no need to build a solid concrete soundproof blockhouse just to keep old Aunt Biddie from being shocked by what the young folk are talking about.

-Mike

From stephen.farrell@cs.tcd.ie  Mon Oct 14 16:41:57 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEAA511E8142 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 16:41:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T8YdHfm8J4im for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 16:41:53 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id BC3B521F9CA5 for <perpass@ietf.org>; Mon, 14 Oct 2013 16:41:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 09CA1BE39; Tue, 15 Oct 2013 00:41:51 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GZinX2rUaRSX; Tue, 15 Oct 2013 00:41:47 +0100 (IST)
Received: from [10.87.48.3] (unknown [86.41.58.108]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id F40E6BE35; Tue, 15 Oct 2013 00:41:46 +0100 (IST)
Message-ID: <525C8130.2000606@cs.tcd.ie>
Date: Tue, 15 Oct 2013 00:41:36 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com>
In-Reply-To: <525C2C44.2070404@bbn.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, Avri Doria <avri@acm.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 23:41:57 -0000

Hi Steve,

On 10/14/2013 06:39 PM, Stephen Kent wrote:
> Stephen,
> ...
>> That's not an unreasonable answer. However, we do have to
>> face the fact that a lot of times MTI stuff is just not
>> used when you and I would probably argue that it really
>> ought be used. It also not unreasonable to say that doing
>> more-than-MTI won't fix that, but that's what I'd like
>> to explore here.
> This may be where we have a significant disagreement. 

Note that I've no espoused any particular more-than-MTI
position so its not yet clear how you and I disagree
(on this one:-)

> I am comfortable
> developing security/privacy mechanisms that users and providers may
> choose to employ, because compliant implementations will make it
> available in an
> interoperable fashion. Insisting that a set of such mechanisms be employed,
> seems beyond our remit.

I get that argument. But what's the difference between that
and saying "don't use MD5" really? We're comfortable with
the latter since MD5 is just broken for collisions. I don't
see why we shouldn't be equally comfortable in saying "don't
send cleartext" - *if* that's an IETF consensus position - as
we have seen sending cleartext is also just broken when one
consideres pervasive monitoring.

In fact I don't really believe there's a crystal clear line
between protocol and policy in many cases, I think its blurrier
than is claimed by those who argue against more-than-MTI as
being beyond our remit, as you do.

That doesn't by itself invalidate your basic position that MTI
is good enough of course, but personally I do think it means
that a more-than-MTI position could exist that is equally
as defensible as the status quo.

>> Good question. Without saying I "support" it, rtcweb does mandate more
>> than MTI for e.g. DTLS-SRTP - the current draft [1] says it MUST be
>> offered as the default. I think I'd maybe "support" it more if I
>> understood better what kind of key management will be behind that,
>> which I don't yet, but its a data point for what a lot of folks think
>> will be an important protocol that does take a more-than-MTI approach.
>> Maybe someone who knows more about that can explain the reasoning
>> behind that decision and whether they think it could or should be
>> generalised? Other examples could be good too, esp if they're actually
>> used and not just RFC 6919 text;-) S. [1]
>> http://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-07#section-5.5
> 
> 6919's "MUST (but we know you won't) was motivated by security MUSTs in
> a wide range of
> docs. the RTCWEB doc isn't an RFC yet, so we'll have to see what
> happens.  Also, this is
> an arch doc. As the author of 4301, the IPsec arch doc, I can attest
> that very, very few
> implementation are compliant with all of it's MUSTs. Implementors tend
> to focus more on
> bits on the wire than on other protocol "features"

Its not like 4301 and that draft is I think nearing LC and code
that does this (again I think) has been deployed, possibly widely,
though I think I do recall some part where one of the popular
browsers doesn't do the DTLS thing for data channels or some
such, so I'm not claiming its a perfect example, but it is a
real one.  Again I'd be interested in hearing from folks who
were involved in that discussion or who know more about the
reality of rtcweb code and deployments.

But this is a real example where we are specifying more-than-MTI
for one important protocol already, I think that's unquestionable
frankly.

S.



> 
> Steve
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 

From hallam@gmail.com  Mon Oct 14 19:57:37 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5A3311E80FC for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 19:57:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.583
X-Spam-Level: 
X-Spam-Status: No, score=-2.583 tagged_above=-999 required=5 tests=[AWL=0.016,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ujO9w3ndj170 for <perpass@ietfa.amsl.com>; Mon, 14 Oct 2013 19:57:37 -0700 (PDT)
Received: from mail-lb0-x231.google.com (mail-lb0-x231.google.com [IPv6:2a00:1450:4010:c04::231]) by ietfa.amsl.com (Postfix) with ESMTP id ECE7C11E8167 for <perpass@ietf.org>; Mon, 14 Oct 2013 19:57:33 -0700 (PDT)
Received: by mail-lb0-f177.google.com with SMTP id w7so6147766lbi.8 for <perpass@ietf.org>; Mon, 14 Oct 2013 19:57:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=D8MT68Jrx5wh1x9pM7wCWGTXZNB6RkK394p5z+wHYqM=; b=Y/B8yieesyzB1JdFkLbzczaEaTyK9ogt+aiyZbWClQKeN/kWyQrlvKd8S8BMZLGjFx IzCp8hVOCAxWakK5anSrBOQp+17tw9UE26N4GgJ6ZtkXi/YBjUOOypEMnLbOOZWByYDG UZBLq0joEGc9wh8jHQXQ6siSH/Ur3cunDIg/CQD8/pVnhb2y7rsD58yTrrXjqqLLzACe IiMtc6RnSwn0r4Oq+rlGXTdLDt52SQyBqNfQSaKNTa43CsT2GunToxoM2WvfU0Ckk6lZ qjWSTEzfr1vugy+O9LMO9VTyBiRynbpi94q+AILkcNT41b8y3vx9hpjoLOIMXnZMbbbJ pArQ==
MIME-Version: 1.0
X-Received: by 10.152.26.72 with SMTP id j8mr33669094lag.19.1381805852724; Mon, 14 Oct 2013 19:57:32 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Mon, 14 Oct 2013 19:57:32 -0700 (PDT)
In-Reply-To: <CAL02cgStY5USwLnN2-bMCMU0jfRQqhj7E8z3p27BUtXt+FvqfQ@mail.gmail.com>
References: <CAMm+LwhCRKMdptth28yguZNyymm4dcALu0yACMjNwQ=JA1YbPw@mail.gmail.com> <F5063677821E3B4F81ACFB7905573F24049E8BC61F@MX15A.corp.emc.com> <8476775E-4828-47BC-9812-55DD75695A51@vigilsec.com> <CAL02cgStY5USwLnN2-bMCMU0jfRQqhj7E8z3p27BUtXt+FvqfQ@mail.gmail.com>
Date: Mon, 14 Oct 2013 22:57:32 -0400
Message-ID: <CAMm+LwgAfgU3-AE-d8+5qJ9m-pBeEgcZ1+7DQQwiOt7T9U-78g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: multipart/alternative; boundary=089e0160c36e00163104e8bebf5f
Cc: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>, perpass <perpass@ietf.org>, Russ Housley <housley@vigilsec.com>
Subject: Re: [perpass] PKCS#12 needs fix'n
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 02:57:37 -0000

--089e0160c36e00163104e8bebf5f
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Oct 11, 2013 at 10:56 AM, Richard Barnes <rlb@ipv.sx> wrote:

> I would note that the JSON Web Key [1] spec from the JOSE WG provides a
> similar, much simpler format than PKCS#12.  Just have JWK Set with one
> public, unencrypted member, and one encrypted member:
>
> [
>   { "kty": "RSA", "n": "...", "e": "...", "x5c": "..." },
>   JWE({ "kty": "RSA", "n": "...", "e": "...", "d": "..." })
> ]
>
> Since software is going to have to change in any case to use a revised
> PKCS#12, I wonder if it might not be a better idea to ditch ASN.1 while
> we're at it.
>

Actually I had pretty much done that before making the post. I am actually
sending PKCS#8 encrypted keys to the cloud.

But there is a value in being able to return a PKCS#12 which is that
several programs and platforms will eat them as input and store the keys in
the desired places. So for that it is a legacy compatibility issue. And so
when I found the PKCS#12 docs to be basically unreadable, I had a problem.

As for getting rid of Assanine 1, I would love to get rid of it completely.
But as a pragmatic matter, there is just too much ASN.1 already. I have
even had to reluctantly write a key signing format in Assanine.1 because
having the cert and key signing in different syntaxes is just too confusing.



-- 
Website: http://hallambaker.com/

--089e0160c36e00163104e8bebf5f
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Fri, Oct 11, 2013 at 10:56 AM, Richard Barnes <span dir=3D"ltr">=
&lt;<a href=3D"mailto:rlb@ipv.sx" target=3D"_blank">rlb@ipv.sx</a>&gt;</spa=
n> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr">I would note that the JSON =
Web Key [1] spec from the JOSE WG provides a similar, much simpler format t=
han PKCS#12. =A0Just have JWK Set with one public, unencrypted member, and =
one encrypted member:<div>
<br></div>
<div>[</div><div>=A0 { &quot;kty&quot;: &quot;RSA&quot;, &quot;n&quot;: &qu=
ot;...&quot;, &quot;e&quot;: &quot;...&quot;, &quot;x5c&quot;: &quot;...&qu=
ot; },</div><div>=A0 JWE({ &quot;kty&quot;: &quot;RSA&quot;, &quot;n&quot;:=
 &quot;...&quot;, &quot;e&quot;: &quot;...&quot;, &quot;d&quot;: &quot;...&=
quot; })</div>

<div>]</div><div><br></div><div>Since software is going to have to change i=
n any case to use a revised PKCS#12, I wonder if it might not be a better i=
dea to ditch ASN.1 while we&#39;re at it.</div></div></blockquote><div>
<br></div><div>Actually I had pretty much done that before making the post.=
 I am actually sending PKCS#8 encrypted keys to the cloud.=A0</div><div><br=
></div><div>But there is a value in being able to return a PKCS#12 which is=
 that several programs and platforms will eat them as input and store the k=
eys in the desired places. So for that it is a legacy compatibility issue. =
And so when I found the PKCS#12 docs to be basically unreadable, I had a pr=
oblem.</div>
<div><br></div><div>As for getting rid of Assanine 1, I would love to get r=
id of it completely. But as a pragmatic matter, there is just too much ASN.=
1 already. I have even had to reluctantly write a key signing format in Ass=
anine.1 because having the cert and key signing in different syntaxes is ju=
st too confusing.</div>
<div><br></div><div>=A0</div></div><div><br></div>-- <br>Website: <a href=
=3D"http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>

--089e0160c36e00163104e8bebf5f--

From p.j.bakker@offspark.com  Tue Oct 15 02:19:30 2013
Return-Path: <p.j.bakker@offspark.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18B8821F9DFB for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 02:19:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.504
X-Spam-Level: 
X-Spam-Status: No, score=-0.504 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FoH9uEM1qQWT for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 02:19:24 -0700 (PDT)
Received: from vps2.brainspark.nl (vps2.brainspark.nl [141.138.204.106]) by ietfa.amsl.com (Postfix) with ESMTP id A859C21E80AE for <perpass@ietf.org>; Tue, 15 Oct 2013 02:19:20 -0700 (PDT)
Received: from a82-161-132-220.adsl.xs4all.nl ([82.161.132.220] helo=Slimpy) by vps2.brainspark.nl with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <p.j.bakker@offspark.com>) id 1VW0fd-0008IJ-W6; Tue, 15 Oct 2013 11:12:06 +0200
From: "Paul Bakker" <p.j.bakker@offspark.com>
To: "'Phillip Hallam-Baker'" <hallam@gmail.com>, "'Richard Barnes'" <rlb@ipv.sx>
References: <CAMm+LwhCRKMdptth28yguZNyymm4dcALu0yACMjNwQ=JA1YbPw@mail.gmail.com>	<F5063677821E3B4F81ACFB7905573F24049E8BC61F@MX15A.corp.emc.com>	<8476775E-4828-47BC-9812-55DD75695A51@vigilsec.com>	<CAL02cgStY5USwLnN2-bMCMU0jfRQqhj7E8z3p27BUtXt+FvqfQ@mail.gmail.com> <CAMm+LwgAfgU3-AE-d8+5qJ9m-pBeEgcZ1+7DQQwiOt7T9U-78g@mail.gmail.com>
In-Reply-To: <CAMm+LwgAfgU3-AE-d8+5qJ9m-pBeEgcZ1+7DQQwiOt7T9U-78g@mail.gmail.com>
Date: Tue, 15 Oct 2013 11:18:58 +0200
Message-ID: <00b901cec987$978d7080$c6a85180$@offspark.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQKtD95an4QEdoxPj8CeTi2s9/6d0QFawf0DAer/FpICARReFQJaCvb0l/vn1kA=
Content-Language: nl
X-SA-Exim-Connect-IP: 82.161.132.220
X-SA-Exim-Mail-From: p.j.bakker@offspark.com
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on vps2.brainspark.nl)
Cc: 'Russ Housley' <housley@vigilsec.com>, 'perpass' <perpass@ietf.org>, "'Moriarty, Kathleen'" <kathleen.moriarty@emc.com>
Subject: Re: [perpass] PKCS#12 needs fix'n
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 09:19:30 -0000

On Oct 15, 2013 Phillip Hallam-Baker wrote:

> As for getting rid of Assanine 1, I would love to get rid of it
completely. But as
> a pragmatic matter, there is just too much ASN.1 already. I have even had
to
> reluctantly write a key signing format in Assanine.1 because having the
cert
> and key signing in different syntaxes is just too confusing.

While I do understand the reluctance for ASN.1, in an embedded environment I
really prefer it over text parsing and buffer duplication that is required
for JSON parsing..

Paul Bakker


From atlunde@panix.com  Tue Oct 15 03:17:22 2013
Return-Path: <atlunde@panix.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A30A421F9D31 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 03:17:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level: 
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jPUEEvlRr2vU for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 03:16:59 -0700 (PDT)
Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89]) by ietfa.amsl.com (Postfix) with ESMTP id EC99711E81C1 for <perpass@ietf.org>; Tue, 15 Oct 2013 03:16:57 -0700 (PDT)
Received: from [192.168.15.4] (unknown [50.9.9.201]) by mailbackend.panix.com (Postfix) with ESMTP id D6BAA28760; Tue, 15 Oct 2013 06:16:56 -0400 (EDT)
Message-ID: <525D1619.7080007@panix.com>
Date: Tue, 15 Oct 2013 05:16:57 -0500
From: Albert Lunde <atlunde@panix.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
References: <CAMm+LwhCRKMdptth28yguZNyymm4dcALu0yACMjNwQ=JA1YbPw@mail.gmail.com>	<F5063677821E3B4F81ACFB7905573F24049E8BC61F@MX15A.corp.emc.com>	<8476775E-4828-47BC-9812-55DD75695A51@vigilsec.com>	<CAL02cgStY5USwLnN2-bMCMU0jfRQqhj7E8z3p27BUtXt+FvqfQ@mail.gmail.com> <CAMm+LwgAfgU3-AE-d8+5qJ9m-pBeEgcZ1+7DQQwiOt7T9U-78g@mail.gmail.com>
In-Reply-To: <CAMm+LwgAfgU3-AE-d8+5qJ9m-pBeEgcZ1+7DQQwiOt7T9U-78g@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [perpass]  sending data without side effects
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 10:17:23 -0000

I'm not sure it directly does anything to improve resistance to 
monitoring or active man-in-the-middle attacks, but it seems like 
security properties of some protocols could be improved by better 
separation of code from data, making data formats that are finite, can 
be validated, and don't embed a Turning-complete programming language 
interpreter.

An implementation that doesn't depend on artifacts from all over the net 
is good too.

A HTTP client that doesn't embed JavaScript or DOM is potentially more 
secure, though more limited in scope. (DNS and TCP can still be attacked.)

Groups like OpenID connect seem to be engaged in reinventing SAML in 
JSON, I'm less concerned about JSON as such, as the likelihood it will 
be run in web browser's JavaScript/DOM environments.

XML is not without warts: external entities and the difficulty of 
validating XML signatures come to mind.

I don't know ASN.1 well enough to comment on its issues...


From stephen.farrell@cs.tcd.ie  Tue Oct 15 03:26:20 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B5BB11E817D for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 03:26:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.584
X-Spam-Level: 
X-Spam-Status: No, score=-102.584 tagged_above=-999 required=5 tests=[AWL=0.015, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QiQcFxMiCcWV for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 03:26:15 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 971EE11E81C0 for <perpass@ietf.org>; Tue, 15 Oct 2013 03:26:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 90921BE47 for <perpass@ietf.org>; Tue, 15 Oct 2013 11:26:05 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hbioYGLO3xt1 for <perpass@ietf.org>; Tue, 15 Oct 2013 11:26:05 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 7030EBE39 for <perpass@ietf.org>; Tue, 15 Oct 2013 11:26:05 +0100 (IST)
Message-ID: <525D183E.7000200@cs.tcd.ie>
Date: Tue, 15 Oct 2013 11:26:06 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie>
In-Reply-To: <525C8130.2000606@cs.tcd.ie>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 10:26:20 -0000

Following up on my own point - not stylish but I think
in this case justified:-)

On 10/15/2013 12:41 AM, Stephen Farrell wrote:
> I don't
> see why we shouldn't be equally comfortable in saying "don't
> send cleartext" - *if* that's an IETF consensus position - as
> we have seen sending cleartext is also just broken when one
> consideres pervasive monitoring.

I guess this Washington Post story [1] that I saw this
morning would appear to provide a relevant example.

In that case, I would argue that the fact that cleartext
IMAP provides interop and is successful does imply that
some services somewhere will use that for large populations
that will inevitably (as we now know) be subject to
pervasive monitoring.

When the numbers involved ("500,000 buddylists and
inboxes" collected on a "representative day" for just
one agency) are at that scale, then it seems to me that
one can fairly describe that as a failure in protocol
design and not solely as a bad deployment choice.

With the 20-20 hindsight afforded, if IMAP were a new
protocol, would we be correct to only have TLS as MTI as
we currently do [2] or would the Internet be better
if we *only* had port 993 and had TLS as MTU perhaps
with anon DH or something (*) like that?

The latter approach is certainly now far more likely to
be tractable than it was in 2003 (when RFC3501 was done).
Maybe its time we do that.

Cheers,
S.

(*) Yes, there's a bit of arm-waving there since one
can validly argue that the TLS ciphersuite that's MTI
for 3501 is still just a bit too hard to deploy as
one is supposed to get a server cert that the UA can
verify, which implies some management overhead. So
something slightly more easily deployed (and hence
not quite 3501) might really be needed. But *how* to
do MTU stuff could be a protocol-specific debate to
have after we concluded we had consensus for
more-than-MTI in some form. (Which we don't, today.)
But of course, a new IMAP security BCP doesn't have
to wait either (hint, hint:-)

[1]
http://www.washingtonpost.com/world/national-security/nsa-collects-millions-of-e-mail-address-books-globally/2013/10/14/8e58b5be-34f9-11e3-80c6-7e6dd8d22d8f_story.html
[2] https://tools.ietf.org/html/rfc3501#section-11

From ynir@checkpoint.com  Tue Oct 15 04:19:36 2013
Return-Path: <ynir@checkpoint.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C41021F958A for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 04:19:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.404
X-Spam-Level: 
X-Spam-Status: No, score=-10.404 tagged_above=-999 required=5 tests=[AWL=0.195, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s-LNUxi0YXMt for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 04:19:30 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 4A19111E81D3 for <perpass@ietf.org>; Tue, 15 Oct 2013 04:19:30 -0700 (PDT)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r9FBJ58c010502; Tue, 15 Oct 2013 14:19:05 +0300
X-CheckPoint: {525D248B-9-1B221DC2-1FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.92]) by DAG-EX10.ad.checkpoint.com ([169.254.3.173]) with mapi id 14.02.0347.000; Tue, 15 Oct 2013 14:18:56 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: [perpass] mandatory-to-implement vs. more?
Thread-Index: AQHOxGtzJxaK/Jl9L0CLhpsOIhc2QJnsbRYAgABs3ICAAT3qgIAABYiAgAAu4QCABLD4AIAA/rAAgAAPpgCAABDVgIAAIymAgAAN6ACAAGU8AIAAtBMAgAAO0QA=
Date: Tue, 15 Oct 2013 11:18:56 +0000
Message-ID: <AFF52737-AEC4-44AE-88E0-1AD996A7EFB4@checkpoint.com>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie>
In-Reply-To: <525D183E.7000200@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [172.31.20.79]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-ID: <4AB15E1CB719F741BC5B48351838D81E@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 11:19:36 -0000

On Oct 15, 2013, at 1:26 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
 wrote:

>=20
> Following up on my own point - not stylish but I think
> in this case justified:-)
>=20
> On 10/15/2013 12:41 AM, Stephen Farrell wrote:
>> I don't
>> see why we shouldn't be equally comfortable in saying "don't
>> send cleartext" - *if* that's an IETF consensus position - as
>> we have seen sending cleartext is also just broken when one
>> consideres pervasive monitoring.
>=20
> I guess this Washington Post story [1] that I saw this
> morning would appear to provide a relevant example.
>=20
> In that case, I would argue that the fact that cleartext
> IMAP provides interop and is successful does imply that
> some services somewhere will use that for large populations
> that will inevitably (as we now know) be subject to
> pervasive monitoring.
>=20
> When the numbers involved ("500,000 buddylists and
> inboxes" collected on a "representative day" for just
> one agency) are at that scale, then it seems to me that
> one can fairly describe that as a failure in protocol
> design and not solely as a bad deployment choice.
>=20
> With the 20-20 hindsight afforded, if IMAP were a new
> protocol, would we be correct to only have TLS as MTI as
> we currently do [2] or would the Internet be better
> if we *only* had port 993 and had TLS as MTU perhaps
> with anon DH or something (*) like that?

But with anon-DH you're not making those large populations less subject to =
pervasive monitoring. You've only made it a bit more difficult, and not in =
a way that is significant to the adversaries we're talking about.=20

You would get them better security if they were doing TLS with mutual authe=
ntication, but that requires a lot of infrastructure, and you would hesitat=
e to mandate that even if IMAP was a new protocol. You added "perhaps with =
anon DH" because you know what response you would get if you had said inste=
ad "with mutual authentication and PFS".

Yoav



From stephen.farrell@cs.tcd.ie  Tue Oct 15 04:31:56 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A194F11E81C7 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 04:31:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.587
X-Spam-Level: 
X-Spam-Status: No, score=-102.587 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HmCDp8kHzWd9 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 04:31:50 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 82BEF11E81CC for <perpass@ietf.org>; Tue, 15 Oct 2013 04:31:50 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id D343ABE58; Tue, 15 Oct 2013 12:31:49 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id izAnV8QWQYGo; Tue, 15 Oct 2013 12:31:49 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id B044DBE56; Tue, 15 Oct 2013 12:31:49 +0100 (IST)
Message-ID: <525D27A6.7080404@cs.tcd.ie>
Date: Tue, 15 Oct 2013 12:31:50 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Yoav Nir <ynir@checkpoint.com>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com>	<525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <AFF52737-AEC4-44AE-88E0-1AD996A7EFB4@checkpoint.com>
In-Reply-To: <AFF52737-AEC4-44AE-88E0-1AD996A7EFB4@checkpoint.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 11:31:56 -0000

Hiya,

On 10/15/2013 12:18 PM, Yoav Nir wrote:
> But with anon-DH you're not making those large populations less
> subject to pervasive monitoring. You've only made it a bit more
> difficult, and not in a way that is significant to the adversaries
> we're talking about.
> 
> You would get them better security if they were doing TLS with mutual
> authentication, but that requires a lot of infrastructure, and you
> would hesitate to mandate that even if IMAP was a new protocol. You
> added "perhaps with anon DH" because you know what response you would
> get if you had said instead "with mutual authentication and PFS".

In this case, it appears (but we don't know) that the
monitoring was done at a lower layer and a mitm would
arguably be more expensive and more detectable, so even
anon DH might help enough to get Yoav's inbox off the
list of those 500,000 getting snarfed each day.

But, that's really discussing the IMAP-specific "how
to mitigate" and the more interesting question I think
is whether we should regard this report as an existence
proof of a protocol design failure that's had the
spotlight shined on it a decade after 3501 was published,
or as a mere case of deployments that didn't do the
right thing.

S.

From derhoermi@gmx.net  Tue Oct 15 06:01:34 2013
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FE2521E809A for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 06:01:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.038
X-Spam-Level: 
X-Spam-Status: No, score=-2.038 tagged_above=-999 required=5 tests=[AWL=0.561,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZVA7HqkRU4e0 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 06:01:30 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id E100611E81E6 for <perpass@ietf.org>; Tue, 15 Oct 2013 06:01:29 -0700 (PDT)
Received: from netb.Speedport_W_700V ([91.35.29.63]) by mail.gmx.com (mrgmx103) with ESMTPA (Nemesis) id 0Lt1yI-1Vuysk30na-012Wpi for <perpass@ietf.org>; Tue, 15 Oct 2013 15:01:29 +0200
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Albert Lunde <atlunde@panix.com>
Date: Tue, 15 Oct 2013 15:01:33 +0200
Message-ID: <n1fq59958mkdkvlbjv7m4n5kfno7v7fe6t@hive.bjoern.hoehrmann.de>
References: <CAMm+LwhCRKMdptth28yguZNyymm4dcALu0yACMjNwQ=JA1YbPw@mail.gmail.com>	<F5063677821E3B4F81ACFB7905573F24049E8BC61F@MX15A.corp.emc.com>	<8476775E-4828-47BC-9812-55DD75695A51@vigilsec.com>	<CAL02cgStY5USwLnN2-bMCMU0jfRQqhj7E8z3p27BUtXt+FvqfQ@mail.gmail.com> <CAMm+LwgAfgU3-AE-d8+5qJ9m-pBeEgcZ1+7DQQwiOt7T9U-78g@mail.gmail.com> <525D1619.7080007@panix.com>
In-Reply-To: <525D1619.7080007@panix.com>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:QBqsNWTTFoqgVVWetXpqKqK2WqH6tbIAYiqZdwD37plXGD5t8RL IL6/LgnAD+IGvkRMdI+QsgN01JTcAc0JQKbhVdke3B5t5CJraJw9Tkw0PeWfEHdaNDOaFDO H9paE5f0+1Ydm4vUceqdjHH7/py5pfqHbzb+oz+u+vz9xGaHZhw0JlVSJHuvVjjtaFJZcU1 rcswTPEE80Hiu7GZM6JFA==
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] sending data without side effects
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 13:01:34 -0000

* Albert Lunde wrote:
>I'm not sure it directly does anything to improve resistance to 
>monitoring or active man-in-the-middle attacks, but it seems like 
>security properties of some protocols could be improved by better 
>separation of code from data, making data formats that are finite, can 
>be validated, and don't embed a Turning-complete programming language 
>interpreter.

That is indeed a popular demand, see <http://langsec.org/occupy>.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

From hallam@gmail.com  Tue Oct 15 06:19:00 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3814F11E818B for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 06:19:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.585
X-Spam-Level: 
X-Spam-Status: No, score=-2.585 tagged_above=-999 required=5 tests=[AWL=0.014,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cpq3twBF82BU for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 06:18:59 -0700 (PDT)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) by ietfa.amsl.com (Postfix) with ESMTP id AA07111E81E3 for <perpass@ietf.org>; Tue, 15 Oct 2013 06:18:58 -0700 (PDT)
Received: by mail-lb0-f170.google.com with SMTP id w7so6959870lbi.1 for <perpass@ietf.org>; Tue, 15 Oct 2013 06:18:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=JZkIVGXkGTeDTCHdOyXpes87guV9DSMgy7xjwIM6iuQ=; b=0Qo/zY1BWCi8F9GenRpvCZwcAWpUWQ6iLy4CZ8xaCKGYEQjDabCz87ViGwMyznYcX2 ocB8Zl3f9IMEFPwpyBYkylna6dsjp6hZyH9KP7UAD3mAF1ZcMySVk0K3WIIG6yNIughu i119tX8+xKIFFKtsVGNppydNQhyCyt3NasM1f1UA9oWc3nrltQWpwbBnmnqE8iDhs5z+ ZcmnUg1VAaJdo+gGtdQrWGk7nQmv5nB/fFMtggZjN/vzyHq9vq1NCSo8mY78jwdS7ruF KR/sT9zsyxxl0DVxBD58T4kFtTqR610+w7dMslIUPkORITF9aIVRZeWkVtTKJpo7wiEu j5Qw==
MIME-Version: 1.0
X-Received: by 10.112.50.72 with SMTP id a8mr1245374lbo.50.1381843137415; Tue, 15 Oct 2013 06:18:57 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Tue, 15 Oct 2013 06:18:57 -0700 (PDT)
In-Reply-To: <00b901cec987$978d7080$c6a85180$@offspark.com>
References: <CAMm+LwhCRKMdptth28yguZNyymm4dcALu0yACMjNwQ=JA1YbPw@mail.gmail.com> <F5063677821E3B4F81ACFB7905573F24049E8BC61F@MX15A.corp.emc.com> <8476775E-4828-47BC-9812-55DD75695A51@vigilsec.com> <CAL02cgStY5USwLnN2-bMCMU0jfRQqhj7E8z3p27BUtXt+FvqfQ@mail.gmail.com> <CAMm+LwgAfgU3-AE-d8+5qJ9m-pBeEgcZ1+7DQQwiOt7T9U-78g@mail.gmail.com> <00b901cec987$978d7080$c6a85180$@offspark.com>
Date: Tue, 15 Oct 2013 09:18:57 -0400
Message-ID: <CAMm+LwgXer+0=uUEz5ziSw2nfTm6PSBtMDkhszjwcDBXG_nWQw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Paul Bakker <p.j.bakker@offspark.com>
Content-Type: multipart/alternative; boundary=001a1133b2d05752b104e8c76d74
Cc: Richard Barnes <rlb@ipv.sx>, Russ Housley <housley@vigilsec.com>, perpass <perpass@ietf.org>, "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
Subject: Re: [perpass] PKCS#12 needs fix'n
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 13:19:00 -0000

--001a1133b2d05752b104e8c76d74
Content-Type: text/plain; charset=ISO-8859-1

On Tue, Oct 15, 2013 at 5:18 AM, Paul Bakker <p.j.bakker@offspark.com>wrote:

> On Oct 15, 2013 Phillip Hallam-Baker wrote:
>
> > As for getting rid of Assanine 1, I would love to get rid of it
> completely. But as
> > a pragmatic matter, there is just too much ASN.1 already. I have even had
> to
> > reluctantly write a key signing format in Assanine.1 because having the
> cert
> > and key signing in different syntaxes is just too confusing.
>
> While I do understand the reluctance for ASN.1, in an embedded environment
> I
> really prefer it over text parsing and buffer duplication that is required
> for JSON parsing..
>

There are real problems there for embedded apps and for cryptography. But
extending the JSON approach modestly to incorporate fixed length strings
and binary blobs solves 95% of them:

https://datatracker.ietf.org/doc/draft-hallambaker-jsonbcd/


Having to remember whether an object is implicit or explicit or vague is
just too much hassle.

-- 
Website: http://hallambaker.com/

--001a1133b2d05752b104e8c76d74
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Tue, Oct 15, 2013 at 5:18 AM, Paul Bakker <span dir=3D"ltr">&lt;=
<a href=3D"mailto:p.j.bakker@offspark.com" target=3D"_blank">p.j.bakker@off=
spark.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div class=3D"im">On Oct 15, 2013 Phillip Hallam-Baker wro=
te:<br>

<br>
&gt; As for getting rid of Assanine 1, I would love to get rid of it<br>
completely. But as<br>
&gt; a pragmatic matter, there is just too much ASN.1 already. I have even =
had<br>
to<br>
&gt; reluctantly write a key signing format in Assanine.1 because having th=
e<br>
cert<br>
&gt; and key signing in different syntaxes is just too confusing.<br>
<br>
</div>While I do understand the reluctance for ASN.1, in an embedded enviro=
nment I<br>
really prefer it over text parsing and buffer duplication that is required<=
br>
for JSON parsing..<br></blockquote><div><br></div><div>There are real probl=
ems there for embedded apps and for cryptography. But extending the JSON ap=
proach modestly to incorporate fixed length strings and binary blobs solves=
 95% of them:</div>
<div><br></div><div><a href=3D"https://datatracker.ietf.org/doc/draft-halla=
mbaker-jsonbcd/">https://datatracker.ietf.org/doc/draft-hallambaker-jsonbcd=
/</a>=A0</div></div><div class=3D"gmail_extra"><br></div><div class=3D"gmai=
l_extra">
<br></div><div class=3D"gmail_extra">Having to remember whether an object i=
s implicit or explicit or vague is just too much hassle.</div><div><br></di=
v>-- <br>Website: <a href=3D"http://hallambaker.com/">http://hallambaker.co=
m/</a><br>

</div></div>

--001a1133b2d05752b104e8c76d74--

From derhoermi@gmx.net  Tue Oct 15 06:40:40 2013
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C92F311E8186 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 06:40:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.067
X-Spam-Level: 
X-Spam-Status: No, score=-2.067 tagged_above=-999 required=5 tests=[AWL=0.532,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0IRz0+9Obu5D for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 06:40:36 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id E7D6521E80B8 for <perpass@ietf.org>; Tue, 15 Oct 2013 06:40:34 -0700 (PDT)
Received: from netb.Speedport_W_700V ([91.35.29.63]) by mail.gmx.com (mrgmx101) with ESMTPA (Nemesis) id 0M0cs6-1Vl07L1DF0-00uqK8 for <perpass@ietf.org>; Tue, 15 Oct 2013 15:40:34 +0200
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Tue, 15 Oct 2013 15:40:36 +0200
Message-ID: <isfq5996osdaa80hr2082jibfh6ch3sv2o@hive.bjoern.hoehrmann.de>
References: <525475AA.2010907@cs.tcd.ie>
In-Reply-To: <525475AA.2010907@cs.tcd.ie>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:1exJuO2TZrh2YiWqG50U+0WR/CDFommECW6Gqk+GpPPSXFs8QoO 026+Kd2ehT4f7Jxk0f2z5ag+wwbh1a47WpYPaM8b8c8gGze3tHTMCJ0d1tKkf7iS5GbSI0n MRo1v7DoEjEIyEcqJzLFNJ29ZrjrElEFuLWmDBNw2FpbhfR/0EgGtKNNb+Y8wAvqe8adku+ R1u+44ANwapDdyHDc0EZQ==
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 13:40:41 -0000

* Stephen Farrell wrote:
>Some folks (me included to be honest) wonder if the current
>situation argues for raising the bar there somewhat on the
>basis that MTI security features are frequently turned off
>or not sufficiently well tested to be usable. (Pick your
>favourite example, mine are usually rfc4744 or Diameter
>being run in clear.) And an upshot from that is that that
>helps those who want to pervasively monitor everything.
>
>Others argue that that'd be the IETF straying into the
>space of policy - all we should do is define how to use
>strong security features and make sure the code is there so
>they can be turned on and the rest is policy.

I need to monitor everything that comes in and out of my computer
systems and networks so I can detect exfiltrations and intrusions,
like when the latest operating system update comes with a helpful
default-on automatic cloud backup solution for my encryption keys,
or detailed information about nearby radio signals and microwaves
collected over prolonged periods of time by my smartphone. Lacking
a mandate to allow the user to effectively disable any "security"
mechanism would also help those who want to "pervasively monitor
everything", but "mandatory-to-use" digital repression mechanisms
are being deployed faster than I can track them. That would seem
to belong to this debate aswell.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

From skyper@thc.org  Tue Oct 15 07:43:37 2013
Return-Path: <skyper@thc.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 969AF21E80C6 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 07:43:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.357
X-Spam-Level: *
X-Spam-Status: No, score=1.357 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cdrHCq6aBQ2J for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 07:43:33 -0700 (PDT)
Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com [IPv6:2607:f8b0:4001:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id 3136C21E815A for <perpass@ietf.org>; Tue, 15 Oct 2013 07:43:29 -0700 (PDT)
Received: by mail-ie0-f177.google.com with SMTP id e14so11496108iej.36 for <perpass@ietf.org>; Tue, 15 Oct 2013 07:43:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thc.org; s=google; h=mime-version:date:message-id:subject:from:to:content-type; bh=saR/GAy/HwJYJZmY3NBTKk8huqvnET7KZGKCL36jdf4=; b=XCyPC4Z1Odja+BoWFZNGKvQ8ZYMDtCwlzF3OWVFM1uArDodCN2w8tlRlDPIzSyOIoL CxexEIzBwYK512si5VZ2nMQ8id9YbBVFMQVX3NeBbYZ+o7VMoonYgIvpfffIpiQKSdBR BKixqs5ZE4FU9kEmDqkvlyW158ZBqDa1WNklI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=saR/GAy/HwJYJZmY3NBTKk8huqvnET7KZGKCL36jdf4=; b=aCnM3+efsXpya/D8pnQLRFbAAbPjGsLXvSLayqvlcQFjqxY1EfP5pOZ2SkN0Esgr8S 2tuoHCl3L4Po1SUlcrlaNIepdaosNVWa5gkiMoG8stv+g5n2NSWlFDkVyL1SsGz8Z7Mi SCgvkvPzLwr5mwc0Jst3Ls9+9tnUOd7Kqg+2JagCmDap5ciI/sX8FZMsfgRfYLr3rQLA 8wlJwatfh2EDa7hYB+adSbPA/mlEtp5r++eAFKGIht/epUxfReThqenJrJJikjPWFsyb cA1Am6HZ1Y3NvrHFcD1XXIsEAdeCXzlaCCRPWxEsLS+HDauM7X5eZsR38WO8mxh/fg32 XFeQ==
X-Gm-Message-State: ALoCoQl2n6sTVVd7OIQl80cFXB/e8jz8xO2ycZ5nT1AqeOUZcdeUBUdOaBZXiuiQGzHRb373UPMf
MIME-Version: 1.0
X-Received: by 10.43.138.8 with SMTP id iq8mr7629135icc.37.1381848208355; Tue, 15 Oct 2013 07:43:28 -0700 (PDT)
Received: by 10.64.231.100 with HTTP; Tue, 15 Oct 2013 07:43:28 -0700 (PDT)
X-Originating-IP: [80.195.189.45]
Date: Tue, 15 Oct 2013 15:43:28 +0100
Message-ID: <CA+BZK2qp0PmN_bmh=b02hsUEHMcrig6RnU9Z1f61cuPfR0-yCA@mail.gmail.com>
From: Ralf Skyper Kaiser <skyper@thc.org>
To: perpass <perpass@ietf.org>
Content-Type: multipart/alternative; boundary=001a11c2036497c4da04e8c89b17
Subject: [perpass] SSL/TLS and HTTPS in a Post-Prism Era
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 14:43:37 -0000

--001a11c2036497c4da04e8c89b17
Content-Type: text/plain; charset=ISO-8859-1

Hi,

I created an incomplete summary of various reports about Certification
Authority breaches. I believe it is the most complete list to date
(additions welcome).

The summary also contains some (but not all) proposed security solutions
and enhancements for the 'CA Trust Problem' and some general security
enhancement for the deployment of SSL/TLS.

Comments and feedback are welcome.


https://thc.org/ssl


and a video parody to explain the problem to non-technical people:


http://youtu.be/F3BMA3IuvYs


Best Regards,

Ralf

--001a11c2036497c4da04e8c89b17
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi,<br><br>I created an incomplete summary of various repo=
rts about Certification Authority breaches. I believe it is the most comple=
te list to date (additions welcome).<br><br>The summary also contains some =
(but not all) proposed security solutions and enhancements for the &#39;CA =
Trust Problem&#39; and some general security enhancement for the deployment=
 of SSL/TLS.<br>
<br>Comments and feedback are welcome.<br><br><br><a href=3D"https://thc.or=
g/ssl">https://thc.org/ssl</a><br><br><br>and a video parody to explain the=
 problem to non-technical people:<br><br><br><a href=3D"http://youtu.be/F3B=
MA3IuvYs">http://youtu.be/F3BMA3IuvYs</a><br>
<br><br>Best Regards,<br><br>Ralf<br></div>

--001a11c2036497c4da04e8c89b17--

From rutkowski.tony@gmail.com  Tue Oct 15 07:45:09 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B64D21F9FCF for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 07:45:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z36mDXSHtLn5 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 07:45:07 -0700 (PDT)
Received: from mail-qa0-x233.google.com (mail-qa0-x233.google.com [IPv6:2607:f8b0:400d:c00::233]) by ietfa.amsl.com (Postfix) with ESMTP id 2EA0F21E80BB for <perpass@ietf.org>; Tue, 15 Oct 2013 07:45:00 -0700 (PDT)
Received: by mail-qa0-f51.google.com with SMTP id ii20so3389496qab.10 for <perpass@ietf.org>; Tue, 15 Oct 2013 07:44:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:content-type; bh=a8om8sxFaJIdjduGBtjv3/blpPy2a/Fxp00O5Pduc34=; b=q7b8ZGsxxbH4c5NUmmoqj/N6IV+Rbi1p3PPEAH5kk5py/Kl8sLjyLnBMR/zwnYZy91 19zat/1t+qcvy41TDY7UPL7QI38HbB9+Nu2CkgKYoZxd6xNI6C4riQSLX51PAWR6yLSa 8Yi7dDCqs5wuJkTwHtZ6lM28A6TY4minoexQrZf9aZs4s99iSm9Q8WqVQPWhCbIYPyxt pdl7Bbb6grTujoA9B06/l5hWDFMH/x77Mh2HkhBtzxsYCbHVAS/Nxizs/5YohriTMbp8 a/tJIB+6vK3Ejd820WzF453pVEjOO0UX8BmHXHKRor7SsPcD/O6nLRLTXYJh5QAFeqT5 PuQw==
X-Received: by 10.224.111.195 with SMTP id t3mr30495612qap.49.1381848299613; Tue, 15 Oct 2013 07:44:59 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id d7sm74200438qas.10.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 15 Oct 2013 07:44:59 -0700 (PDT)
Message-ID: <525D54EA.2070104@gmail.com>
Date: Tue, 15 Oct 2013 10:44:58 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, perpass <perpass@ietf.org>, Tony Rutkowski <rutkowski.tony@gmail.com>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie>	<525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie>
In-Reply-To: <525D183E.7000200@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="------------080605010103070900020100"
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 14:45:09 -0000

This is a multi-part message in MIME format.
--------------080605010103070900020100
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Pardon the intervention, but when you scrape
some traitor's stolen material from Washington's
tabloid press as your use case, it is embarking far
into WTF territory.

The activity described in the material appears
not only to be perfectly legal, but consonant
with the fundamental purpose of the agencies
and communities involved.  It is consonant
with activities with a continuum over many
decades.  It is also essential to discovering
active planning designed to bring about
substantial harm to people and infrastructure.

One gets the feeling that if an Al-Shabaab IT
guy sent a Dear PERPASS email, asking if
the IETF could be its service bureau for secure
communications to plan its next mass killing
at a shopping centre, the answer would be
"sure enough" as we're concerned about your
privacy rights.

On 11 Sep 2001, as fate had it, I was on one
of the suspect planes in the air.  So perhaps
you can understand the interest in preventing
a similar event - which was coordinated via
Internet messages - as well as a certain
disdain for what seems to be ensuing here.

--tony


On 10/15/2013 6:26 AM, Stephen Farrell wrote:
> Following up on my own point - not stylish but I think
> in this case justified:-)
>
> On 10/15/2013 12:41 AM, Stephen Farrell wrote:
>> >I don't
>> >see why we shouldn't be equally comfortable in saying "don't
>> >send cleartext" -*if*  that's an IETF consensus position - as
>> >we have seen sending cleartext is also just broken when one
>> >consideres pervasive monitoring.
> I guess this Washington Post story [1] that I saw this
> morning would appear to provide a relevant example.


--------------080605010103070900020100
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Pardon the intervention, but when you
      scrape<br>
      some traitor's stolen material from Washington's <br>
      tabloid press as your use case, it is embarking far <br>
      into WTF territory.<br>
      <br>
      The activity described in the material appears <br>
      not only to be perfectly legal, but consonant <br>
      with the fundamental purpose of the agencies <br>
      and communities involved.&nbsp; It is consonant <br>
      with activities with a continuum over many<br>
      decades.&nbsp; It is also essential to discovering <br>
      active planning designed to bring about<br>
      substantial harm to people and infrastructure.<br>
      <br>
      One gets the feeling that if an Al-Shabaab IT<br>
      guy sent a Dear PERPASS email, asking if<br>
      the IETF could be its service bureau for secure<br>
      communications to plan its next mass killing <br>
      at a shopping centre, the answer would be <br>
      "sure enough" as we're concerned about your <br>
      privacy rights.<br>
      <br>
      On 11 Sep 2001, as fate had it, I was on one<br>
      of the suspect planes in the air.&nbsp; So perhaps<br>
      you can understand the interest in preventing<br>
      a similar event - which was coordinated via<br>
      Internet messages - as well as a certain<br>
      disdain for what seems to be ensuing here.<br>
      <br>
      --tony<br>
      <br>
      <br>
      On 10/15/2013 6:26 AM, Stephen Farrell wrote:<br>
    </div>
    <blockquote cite="mid:525D183E.7000200@cs.tcd.ie" type="cite">
      <pre wrap="">Following up on my own point - not stylish but I think
in this case justified:-)

On 10/15/2013 12:41 AM, Stephen Farrell wrote:
</pre>
      <blockquote type="cite" style="color: #000000;">
        <pre wrap=""><span class="moz-txt-citetags">&gt; </span>I don't
<span class="moz-txt-citetags">&gt; </span>see why we shouldn't be equally comfortable in saying "don't
<span class="moz-txt-citetags">&gt; </span>send cleartext" - <b class="moz-txt-star"><span class="moz-txt-tag">*</span>if<span class="moz-txt-tag">*</span></b> that's an IETF consensus position - as
<span class="moz-txt-citetags">&gt; </span>we have seen sending cleartext is also just broken when one
<span class="moz-txt-citetags">&gt; </span>consideres pervasive monitoring.
</pre>
      </blockquote>
      <pre wrap="">I guess this Washington Post story [1] that I saw this
morning would appear to provide a relevant example.
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------080605010103070900020100--

From hallam@gmail.com  Tue Oct 15 08:22:50 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98BEE21F9E1A for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 08:22:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.586
X-Spam-Level: 
X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[AWL=0.013,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4CG7P4pTHM86 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 08:22:49 -0700 (PDT)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 5CC7421F9FCF for <perpass@ietf.org>; Tue, 15 Oct 2013 08:22:40 -0700 (PDT)
Received: by mail-la0-f46.google.com with SMTP id eh20so6910010lab.5 for <perpass@ietf.org>; Tue, 15 Oct 2013 08:22:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=5//Bz/vSzALuYlSwh3X31zU8iLig4cCdxHkcKausEuE=; b=qxcDh9GIdWhMhz9+QyN8LPYzsRdhWGwAJ2/Ifch0EBbP230DQfQE2MCG2ZbrfiM/09 ra/qfG14l59aSx0KrT7uafNr8nAHT82BQLKVjJjXUqWi1tKVMKzT5lM8bGIIxQ6f4cFP vKhtkCqFMkc8uJJ2y/8SH6Roy3mCHYg1OSmrU20AFLsrp66YoEmmD8gp0OFwWnVg3KmN nnyKErtDCBvfWRNn7grsIVoMKOBeLwiXxFZwnYZrHKcvmDAKtJd/4ayue7NgcR5JFCrB RR6sdBabioTFL58bZ9EW4iyPz7oXzr6mlNcGhiKLhsYs7wjv4lFyynErmK4VzOYJelDC zTaw==
MIME-Version: 1.0
X-Received: by 10.152.202.167 with SMTP id kj7mr1944685lac.43.1381850559274; Tue, 15 Oct 2013 08:22:39 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Tue, 15 Oct 2013 08:22:39 -0700 (PDT)
Date: Tue, 15 Oct 2013 11:22:39 -0400
Message-ID: <CAMm+LwjjWn0ai-KJHkr+tY1jDf75YNXpkXm6JRZO9doWWjZMmw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: perpass <perpass@ietf.org>, ?phill@hallambaker.com
Content-Type: multipart/alternative; boundary=001a1135f79cb7e6d304e8c9276a
Subject: [perpass] Encoding email security policy into email addresses.
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 15:22:50 -0000

--001a1135f79cb7e6d304e8c9276a
Content-Type: text/plain; charset=ISO-8859-1

One of the reasons that SSL works is that there is a convention that a
https: url is resolved over SSL transport. I have been thinking about
something similar for email.

Where I am at with the code at the moment is that I can generate keys and
throw them at a gateway to some PKI which is currently TBS. This allows
someone to configure their email client to accept encrypted email.

The hard part is how to decide whether the email should be encrypted and if
so under which key. As a pro-tem solution I plan to code up a simple
SMTP/SUBMIT proxy which the user points their outbound email at (using TLS
of course). This allows all the 'research stuff' to be isolated from the
email client.


One problem with this approach is that there is no way for the sender to
force use of encryption or to force encryption to a key validated under a
particular trust anchor.

Which had me thinking about a convention similar to https for email.


It turns out that the question mark is actually a valid RFC822 address and
is actually supported by a few MUAs. It is however rejected by plenty of
MTAs. Which is actually perfect for my purposes.

What I propose is the following:

?<user>@<domain>   : Force encryption of the email message

<key-identifier>?<user>@<domain>   : Force encryption of the email message
under a key that is chained under the specified <key-identifier>


The <key-identifier> here would be a base32 encoded one of the following:

* If it is 20 bytes, a PGP v4 sha1 fingerprint

* Otherwise, it a key identifier computed as a hash over the ASN.1 public
key info block that uses new, stronger hashes.


Note that this still requires the gateway to convert from either the email
address or the key identifier to a public key for encryption. But it does
place control in the hands of the user in a reasonably intelligible fashion
without needing to rewrite the email client.


An aware email client would of course have a handy button for this. But I
rather prefer it when the handy button is connected to something I can
relate to under the hood.


The key-identifier might specify the encryption key itself or there might
be a personal or enterprise hierarchy.

Consider the case that alice works for example.com.

Example Inc. has a corporate PKI and a key fingerprint X

alice@example.com has a personal key fingerprint Y which she has used to
endorse her email encryption key issued under the example.com PKI.


Depending on how well I know Alice and the nature of my message, I might
want to specify X or Y.

[I guess people might even want to allow for requiring the key to be
endorsed under X and Y]


Note that this approach still leaves open some research questions:

If the Key-Identifier is specified then we have a trust path Discovery
problem.

If the Key-Identifier is not specified then we have a trust path discovery
and validation problem.


-- 
Website: http://hallambaker.com/

--001a1135f79cb7e6d304e8c9276a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>One of the reasons that SSL works is that there is a =
convention that a https: url is resolved over SSL transport. I have been th=
inking about something similar for email.</div><div><br></div><div>Where I =
am at with the code at the moment is that I can generate keys and throw the=
m at a gateway to some PKI which is currently TBS. This allows someone to c=
onfigure their email client to accept encrypted email.</div>
<div><br></div><div>The hard part is how to decide whether the email should=
 be encrypted and if so under which key. As a pro-tem solution I plan to co=
de up a simple SMTP/SUBMIT proxy which the user points their outbound email=
 at (using TLS of course). This allows all the &#39;research stuff&#39; to =
be isolated from the email client.=A0</div>
<div><br></div><div><br></div><div>One problem with this approach is that t=
here is no way for the sender to force use of encryption or to force encryp=
tion to a key validated under a particular trust anchor.</div><div><br>
</div><div>Which had me thinking about a convention similar to https for em=
ail.</div><div><br></div><div><br></div><div>It turns out that the question=
 mark is actually a valid RFC822 address and is actually supported by a few=
 MUAs. It is however rejected by plenty of MTAs. Which is actually perfect =
for my purposes.</div>
<div><br></div><div>What I propose is the following:</div><div><br></div><d=
iv>?&lt;user&gt;@&lt;domain&gt; =A0 : Force encryption of the email message=
</div><div><br></div><div>&lt;key-identifier&gt;?&lt;user&gt;@&lt;domain&gt=
; =A0 : Force encryption of the email message under a key that is chained u=
nder the specified &lt;key-identifier&gt;</div>
<div><br></div><div><br></div><div>The &lt;key-identifier&gt; here would be=
 a base32 encoded one of the following:</div><div><br></div><div>* If it is=
 20 bytes, a PGP v4 sha1 fingerprint=A0</div><div><br></div><div>* Otherwis=
e, it a key identifier computed as a hash over the ASN.1 public key info bl=
ock that uses new, stronger hashes.</div>
<div><br></div><div><br></div><div>Note that this still requires the gatewa=
y to convert from either the email address or the key identifier to a publi=
c key for encryption. But it does place control in the hands of the user in=
 a reasonably intelligible fashion without needing to rewrite the email cli=
ent.</div>
<div><br></div><div><br></div><div>An aware email client would of course ha=
ve a handy button for this. But I rather prefer it when the handy button is=
 connected to something I can relate to under the hood.</div><div><br></div=
>
<div><br></div><div>The key-identifier might specify the encryption key its=
elf or there might be a personal or enterprise hierarchy.</div><div><br></d=
iv>Consider the case that alice works for <a href=3D"http://example.com">ex=
ample.com</a>.<div>
<br></div><div>Example Inc. has a corporate PKI and a key fingerprint X</di=
v><div><br></div><div><a href=3D"mailto:alice@example.com">alice@example.co=
m</a> has a personal key fingerprint Y which she has used to endorse her em=
ail encryption key issued under the <a href=3D"http://example.com">example.=
com</a> PKI.</div>
<div><br></div><div><br></div><div>Depending on how well I know Alice and t=
he nature of my message, I might want to specify X or Y.</div><div><br></di=
v><div>[I guess people might even want to allow for requiring the key to be=
 endorsed under X and Y]</div>
<div><br></div><div><br></div><div>Note that this approach still leaves ope=
n some research questions:</div><div><br></div><div>If the Key-Identifier i=
s specified then we have a trust path Discovery problem.</div><div><br>
</div><div>If the Key-Identifier is not specified then we have a trust path=
 discovery and validation problem.</div><div><br clear=3D"all"><div><br></d=
iv>-- <br>Website: <a href=3D"http://hallambaker.com/">http://hallambaker.c=
om/</a><br>

</div></div>

--001a1135f79cb7e6d304e8c9276a--

From hallam@gmail.com  Tue Oct 15 08:42:33 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C84C21E817B for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 08:42:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.587
X-Spam-Level: 
X-Spam-Status: No, score=-2.587 tagged_above=-999 required=5 tests=[AWL=0.012,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BzUfUVaGdf+O for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 08:42:32 -0700 (PDT)
Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com [IPv6:2a00:1450:4010:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 88F7021E8102 for <perpass@ietf.org>; Tue, 15 Oct 2013 08:42:31 -0700 (PDT)
Received: by mail-la0-f43.google.com with SMTP id ec20so868306lab.30 for <perpass@ietf.org>; Tue, 15 Oct 2013 08:42:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=IazZWuz2HNy3ne5f/QXVyvR4mlLjRCez5VD4FlF+dvk=; b=yMh7xBhUOKuIvsKMd/ezqI/vXxp4FAYmRrdERgevUkrYEkqf7K44R8bKxNkr6RQyHu JpDRkH72oXsw1q8tuWjLq9cmmCDNFw4Gi+M//DRvyg5BFTJmq+BzWWy/zvrcdnXGK1Ei 4OvPv1g3pGyST3OQT4OH6uwhGn/jIFALIEczbcbacxO810K3qejO1LtU5GLF4JH1heI2 6ygGK2slITDqZybHewCYHooXH3ecDsQvngsrz1Tb2TBvM+KF+7bDfWUaLfTiZoNKw2dG dvTDSldGFgo3PQYIiW7B7JPukToVHlP/zLgFx+Yh1cTsfflP9x4r3lV6q8uL4VA23nTC Sxnw==
MIME-Version: 1.0
X-Received: by 10.152.120.5 with SMTP id ky5mr36532276lab.18.1381851750390; Tue, 15 Oct 2013 08:42:30 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Tue, 15 Oct 2013 08:42:30 -0700 (PDT)
In-Reply-To: <525BF51C.6090901@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <525BEAF4.5090802@cs.tcd.ie> <525BF0C2.8010201@gmail.com> <525BF51C.6090901@cs.tcd.ie>
Date: Tue, 15 Oct 2013 11:42:30 -0400
Message-ID: <CAMm+LwhRsn_Pr+DsHr8NS0bmagVDA2vMCc12g0uOhP9RXrEinA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary=089e01227ca4b6e39304e8c96eb2
Cc: perpass <perpass@ietf.org>, Alissa Cooper <acooper@cdt.org>, Stephen Kent <kent@bbn.com>, Tony Rutkowski <rutkowski.tony@gmail.com>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 15:42:33 -0000

--089e01227ca4b6e39304e8c96eb2
Content-Type: text/plain; charset=ISO-8859-1

On Mon, Oct 14, 2013 at 9:43 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie>wrote:

>
> Hiya,
>
> On 10/14/2013 02:25 PM, Tony Rutkowski wrote:
> > Hi Steve,
> >
> > The "that" clearly refers to the precedent sentence:
> >> Since the inception of messaging networks,
> >> governments and societies worldwide have
> >> instituted surveillance for all kinds of
> >> essential legitimate purposes - especially
>
> "all kinds of essential legitimate purposes" simply
> begs the question IMO.
>
> >> where the potential harm to people is great.
> > "Pervasive monitoring" seems an utterly meaningless
> > term used for political rhetoric/evangelical purposes
> > that isn't worth pursuing.  That should be a first order
> > conclusion.
>
> Personally, I entirely disagree. It is true that we
> don't have a worked out threat model for this yet,
> but Brian's draft is a start on which I hope we'll
> build so that protocol designers, implementers and
> those deploying networks and services will have a
> useful threat model to use when doing their work.
>
> > The point was that this is all about risk management.
>
> That's agreed. One reason for this list is that we have a
> new threat model that we've not considered when designing
> protocols. The risk analysis has been changed by
> recent revelations IMO. If you disagree, that's fine,
> but surprising.
>
> > However, if you or anyone else want to denominate
> > a religious abstraction as an "attack" - go for it. :-)
> > It'll be fun to watch.
>
> I'll take that rhetorical flourish as a lack of
> evidence then:-)
>
> And we're going way off topic for this thread, so
> please change the subject if you want to continue
> on this topic - its not really to do with MTI at
> all.
>
> Ta,
> S.
>
>
> >
> > --tony
> >
> >
> > On 10/14/2013 9:00 AM, Stephen Farrell wrote:
> >>
> >> On 10/14/2013 01:47 PM, Tony Rutkowski wrote:
> >>> Most citizens want that to continue because
> >>> the risks of not doing so are great.
> >> If the "that" above refers to pervasive monitoring,
> >> then please provide evidence (but please do so in
> >> another thread, I bet it'll not be conclusive
> >> enough that one mail will be convincing;-)
> >>
> >> If you are referring to tracking or surveillance
> >> of a specific set of targets, then a) that's irrelevant
> >> for this list/discussion which is about pervasive
> >> monitoring, and b) see RFC 2804.
> >>
> >> As an aside, its also misleading to speak of citizens
> >> here, since most of us are not citizens of the same
> >> country, for all values of country. So while it is
> >> important and relevant that different jurisdictions
> >> put in place policy/political controls on pervasive
> >> monitoring, those are also not relevant for this
> >> list since in general our protocols can be used
> >> across all possible jurisdictional boundaries.
> >>
> >>> So as many have opined, the IETF is a
> >>> technical standards body,
> >> Yes we are. And given that pervasive monitoring is
> >> in some ways indistinguishable from other forms of
> >> attack, we should treat those aspects as an attack
> >> and put in place the best technical mitigations we
> >> can.
> >>
> >> And as a reminder the question for this thread,
> >> is whether or not going further than MTI would help
> >> with that.
> >>
> >> S.
> >>
> >
> > _______________________________________________
> > perpass mailing list
> > perpass@ietf.org
> > https://www.ietf.org/mailman/listinfo/perpass
> >
> >
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>



-- 
Website: http://hallambaker.com/

--089e01227ca4b6e39304e8c96eb2
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br></div><div class=3D"gmail_extra"><br><br><div class=3D=
"gmail_quote">On Mon, Oct 14, 2013 at 9:43 AM, Stephen Farrell <span dir=3D=
"ltr">&lt;<a href=3D"mailto:stephen.farrell@cs.tcd.ie" target=3D"_blank">st=
ephen.farrell@cs.tcd.ie</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><br>
Hiya,<br>
<div class=3D"im"><br>
On 10/14/2013 02:25 PM, Tony Rutkowski wrote:<br>
&gt; Hi Steve,<br>
&gt;<br>
&gt; The &quot;that&quot; clearly refers to the precedent sentence:<br>
&gt;&gt; Since the inception of messaging networks,<br>
&gt;&gt; governments and societies worldwide have<br>
&gt;&gt; instituted surveillance for all kinds of<br>
&gt;&gt; essential legitimate purposes - especially<br>
<br>
</div>&quot;all kinds of essential legitimate purposes&quot; simply<br>
begs the question IMO.<br>
<div class=3D"im"><br>
&gt;&gt; where the potential harm to people is great.<br>
&gt; &quot;Pervasive monitoring&quot; seems an utterly meaningless<br>
&gt; term used for political rhetoric/evangelical purposes<br>
&gt; that isn&#39;t worth pursuing. =A0That should be a first order<br>
&gt; conclusion.<br>
<br>
</div>Personally, I entirely disagree. It is true that we<br>
don&#39;t have a worked out threat model for this yet,<br>
but Brian&#39;s draft is a start on which I hope we&#39;ll<br>
build so that protocol designers, implementers and<br>
those deploying networks and services will have a<br>
useful threat model to use when doing their work.<br>
<div class=3D"im"><br>
&gt; The point was that this is all about risk management.<br>
<br>
</div>That&#39;s agreed. One reason for this list is that we have a<br>
new threat model that we&#39;ve not considered when designing<br>
protocols. The risk analysis has been changed by<br>
recent revelations IMO. If you disagree, that&#39;s fine,<br>
but surprising.<br>
<div class=3D"im"><br>
&gt; However, if you or anyone else want to denominate<br>
&gt; a religious abstraction as an &quot;attack&quot; - go for it. :-)<br>
&gt; It&#39;ll be fun to watch.<br>
<br>
</div>I&#39;ll take that rhetorical flourish as a lack of<br>
evidence then:-)<br>
<br>
And we&#39;re going way off topic for this thread, so<br>
please change the subject if you want to continue<br>
on this topic - its not really to do with MTI at<br>
all.<br>
<br>
Ta,<br>
<div class=3D"HOEnZb"><div class=3D"h5">S.<br>
<br>
<br>
&gt;<br>
&gt; --tony<br>
&gt;<br>
&gt;<br>
&gt; On 10/14/2013 9:00 AM, Stephen Farrell wrote:<br>
&gt;&gt;<br>
&gt;&gt; On 10/14/2013 01:47 PM, Tony Rutkowski wrote:<br>
&gt;&gt;&gt; Most citizens want that to continue because<br>
&gt;&gt;&gt; the risks of not doing so are great.<br>
&gt;&gt; If the &quot;that&quot; above refers to pervasive monitoring,<br>
&gt;&gt; then please provide evidence (but please do so in<br>
&gt;&gt; another thread, I bet it&#39;ll not be conclusive<br>
&gt;&gt; enough that one mail will be convincing;-)<br>
&gt;&gt;<br>
&gt;&gt; If you are referring to tracking or surveillance<br>
&gt;&gt; of a specific set of targets, then a) that&#39;s irrelevant<br>
&gt;&gt; for this list/discussion which is about pervasive<br>
&gt;&gt; monitoring, and b) see RFC 2804.<br>
&gt;&gt;<br>
&gt;&gt; As an aside, its also misleading to speak of citizens<br>
&gt;&gt; here, since most of us are not citizens of the same<br>
&gt;&gt; country, for all values of country. So while it is<br>
&gt;&gt; important and relevant that different jurisdictions<br>
&gt;&gt; put in place policy/political controls on pervasive<br>
&gt;&gt; monitoring, those are also not relevant for this<br>
&gt;&gt; list since in general our protocols can be used<br>
&gt;&gt; across all possible jurisdictional boundaries.<br>
&gt;&gt;<br>
&gt;&gt;&gt; So as many have opined, the IETF is a<br>
&gt;&gt;&gt; technical standards body,<br>
&gt;&gt; Yes we are. And given that pervasive monitoring is<br>
&gt;&gt; in some ways indistinguishable from other forms of<br>
&gt;&gt; attack, we should treat those aspects as an attack<br>
&gt;&gt; and put in place the best technical mitigations we<br>
&gt;&gt; can.<br>
&gt;&gt;<br>
&gt;&gt; And as a reminder the question for this thread,<br>
&gt;&gt; is whether or not going further than MTI would help<br>
&gt;&gt; with that.<br>
&gt;&gt;<br>
&gt;&gt; S.<br>
&gt;&gt;<br>
&gt;<br>
&gt; _______________________________________________<br>
&gt; perpass mailing list<br>
&gt; <a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_b=
lank">https://www.ietf.org/mailman/listinfo/perpass</a><br>
&gt;<br>
&gt;<br>
_______________________________________________<br>
perpass mailing list<br>
<a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_blank"=
>https://www.ietf.org/mailman/listinfo/perpass</a><br>
</div></div></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>=
Website: <a href=3D"http://hallambaker.com/">http://hallambaker.com/</a><br=
>
</div>

--089e01227ca4b6e39304e8c96eb2--

From hallam@gmail.com  Tue Oct 15 09:21:38 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD17621E80C7 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 09:21:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.588
X-Spam-Level: 
X-Spam-Status: No, score=-2.588 tagged_above=-999 required=5 tests=[AWL=0.011,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2tn4auSI-s14 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 09:21:38 -0700 (PDT)
Received: from mail-lb0-x231.google.com (mail-lb0-x231.google.com [IPv6:2a00:1450:4010:c04::231]) by ietfa.amsl.com (Postfix) with ESMTP id AFA8F11E819D for <perpass@ietf.org>; Tue, 15 Oct 2013 09:21:32 -0700 (PDT)
Received: by mail-lb0-f177.google.com with SMTP id w7so6922813lbi.22 for <perpass@ietf.org>; Tue, 15 Oct 2013 09:21:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=+V/JLUcDtH9Dp06ImEQO5ltKwiLjdNh6wloBmzM7zgs=; b=yprvpMchJBKt/4cJW9+Mn6FM90fboazXrpJG9j5s1ulS14A1WRBxhAA3FZcPtDj8iq PIgclahVWmfxbwy275y7m/Iw2a/lLWfgvEboYRyTJZ5F9UfeiCY9nvbYsbOj0s3Xf1/+ F4a/DvOKDFeV8RR0L3NumsEWSUBiDWOPiUqV2Nm8kSKqrnxVzbL5nEDOiqYk3EoWYm4b XD9imgcuY8QxuCk/W614WnryN6b+fkSCSYIRMPAV5PwSXZZYtbScklvoLQfM9TR+pPjk vvxvcT3QCsSxtu8Oh2nzCOFbYyy5tDnU69Ld3nVQsHCOLHIIQGu3LTHkVdwe8mruSi9i CDYw==
MIME-Version: 1.0
X-Received: by 10.152.170.135 with SMTP id am7mr36875960lac.25.1381854086390;  Tue, 15 Oct 2013 09:21:26 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Tue, 15 Oct 2013 09:21:26 -0700 (PDT)
In-Reply-To: <525D54EA.2070104@gmail.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525D54EA.2070104@gmail.com>
Date: Tue, 15 Oct 2013 12:21:26 -0400
Message-ID: <CAMm+Lwg4Ppk8CQGKceyJaLuhjac1+iOk5V=MXKoGuAcSogg3dQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Tony Rutkowski <rutkowski.tony@gmail.com>
Content-Type: multipart/alternative; boundary=089e0122797af36a7f04e8c9f93b
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 16:21:38 -0000

--089e0122797af36a7f04e8c9f93b
Content-Type: text/plain; charset=ISO-8859-1

On Tue, Oct 15, 2013 at 10:44 AM, Tony Rutkowski
<rutkowski.tony@gmail.com>wrote:

>  Pardon the intervention, but when you scrape
> some traitor's stolen material from Washington's
> tabloid press as your use case, it is embarking far
> into WTF territory.
>

One problem is that the traitor in question was employed by the NSA and was
able to operate undetected for several years.

We have seen the greatest breach of internal security in NSA history and
nobody has been held accountable at a senior level.


Organizations that do not hold themselves accountable get held accountable
through external means. In this case pervasive unaccountable surveillance
is going to be met with pervasive unaccountable encryption.

Of all the evils in the world, where does snuffing out democracies in
Chile, Iran, Brazil, Greece and the rest stand next to terrorism? Pinochet
alone murdered more people than all the terrorists of the 20th century did.
Where does starting an illegal war that causes a half million deaths stand?


This is an international organization.

Suggesting that we leave such matters to those in authority without
specifying which authorities makes a large set of assumptions that are
probably more apparent to those of us who are not US citizens.

You might think it improper for someone like me to question the decisions
of your government. I think it rather presumptuous for US citizens to
assume that control of the Internet should lie exclusively with their
government because none of the rest could ever be trusted.


-- 
Website: http://hallambaker.com/

--089e0122797af36a7f04e8c9f93b
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Tue, Oct 15, 2013 at 10:44 AM, Tony Rutkowski <span dir=
=3D"ltr">&lt;<a href=3D"mailto:rutkowski.tony@gmail.com" target=3D"_blank">=
rutkowski.tony@gmail.com</a>&gt;</span> wrote:<br><div class=3D"gmail_extra=
"><div class=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
 =20
   =20
 =20
  <div bgcolor=3D"#FFFFFF" text=3D"#000000">
    <div>Pardon the intervention, but when you
      scrape<br>
      some traitor&#39;s stolen material from Washington&#39;s <br>
      tabloid press as your use case, it is embarking far <br>
      into WTF territory.<br></div></div></blockquote></div><div><br></div>=
<div>One problem is that the traitor in question was employed by the NSA an=
d was able to operate undetected for several years.</div><div><br></div>
<div>We have seen the greatest breach of internal security in NSA history a=
nd nobody has been held accountable at a senior level.</div><div><br></div>=
<div><br></div><div>Organizations that do not hold themselves accountable g=
et held accountable through external means. In this case pervasive unaccoun=
table surveillance is going to be met with pervasive unaccountable encrypti=
on.</div>
<div><br></div><div>Of all the evils in the world, where does snuffing out =
democracies in Chile, Iran, Brazil, Greece and the rest stand next to terro=
rism? Pinochet alone murdered more people than all the terrorists of the 20=
th century did. Where does starting an illegal war that causes a half milli=
on deaths stand?</div>
<div><br></div><div><br></div><div>This is an international organization.</=
div><div><br></div><div>Suggesting that we leave such matters to those in a=
uthority without specifying which authorities makes a large set of assumpti=
ons that are probably more apparent to those of us who are not US citizens.=
=A0</div>
<div><br></div><div>You might think it improper for someone like me to ques=
tion the decisions of your government. I think it rather presumptuous for U=
S citizens to assume that control of the Internet should lie exclusively wi=
th their government because none of the rest could ever be trusted.</div>
<div><br></div><div><br></div>-- <br>Website: <a href=3D"http://hallambaker=
.com/">http://hallambaker.com/</a><br>
</div></div>

--089e0122797af36a7f04e8c9f93b--

From stephen.farrell@cs.tcd.ie  Tue Oct 15 09:27:21 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38AC021F9D2E for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 09:27:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.588
X-Spam-Level: 
X-Spam-Status: No, score=-102.588 tagged_above=-999 required=5 tests=[AWL=0.011, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LelRe8sIAkge for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 09:27:07 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id BBD1D21F9FB9 for <perpass@ietf.org>; Tue, 15 Oct 2013 09:25:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 04A3ABE58; Tue, 15 Oct 2013 17:25:56 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9EZoWP-d8noM; Tue, 15 Oct 2013 17:25:55 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D7B79BE51; Tue, 15 Oct 2013 17:25:55 +0100 (IST)
Message-ID: <525D6C94.6040206@cs.tcd.ie>
Date: Tue, 15 Oct 2013 17:25:56 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>,  Tony Rutkowski <rutkowski.tony@gmail.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie>	<525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie>	<525D183E.7000200@cs.tcd.ie> <525D54EA.2070104@gmail.com> <CAMm+Lwg4Ppk8CQGKceyJaLuhjac1+iOk5V=MXKoGuAcSogg3dQ@mail.gmail.com>
In-Reply-To: <CAMm+Lwg4Ppk8CQGKceyJaLuhjac1+iOk5V=MXKoGuAcSogg3dQ@mail.gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 16:27:21 -0000

Tony, Phill, (and everyone else)

Please - this and Tony's last mail are inappropriate
for this list and probably any IETF list.

Please don't continue it further.

Thanks,
Stephen. (As list moderator)

On 10/15/2013 05:21 PM, Phillip Hallam-Baker wrote:
> On Tue, Oct 15, 2013 at 10:44 AM, Tony Rutkowski
> <rutkowski.tony@gmail.com>wrote:
> 
>>  Pardon the intervention, but when you scrape
>> some traitor's stolen material from Washington's
>> tabloid press as your use case, it is embarking far
>> into WTF territory.
>>
> 
> One problem is that the traitor in question was employed by the NSA and was
> able to operate undetected for several years.
> 
> We have seen the greatest breach of internal security in NSA history and
> nobody has been held accountable at a senior level.
> 
> 
> Organizations that do not hold themselves accountable get held accountable
> through external means. In this case pervasive unaccountable surveillance
> is going to be met with pervasive unaccountable encryption.
> 
> Of all the evils in the world, where does snuffing out democracies in
> Chile, Iran, Brazil, Greece and the rest stand next to terrorism? Pinochet
> alone murdered more people than all the terrorists of the 20th century did.
> Where does starting an illegal war that causes a half million deaths stand?
> 
> 
> This is an international organization.
> 
> Suggesting that we leave such matters to those in authority without
> specifying which authorities makes a large set of assumptions that are
> probably more apparent to those of us who are not US citizens.
> 
> You might think it improper for someone like me to question the decisions
> of your government. I think it rather presumptuous for US citizens to
> assume that control of the Internet should lie exclusively with their
> government because none of the rest could ever be trusted.
> 
> 
> 
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 

From hallam@gmail.com  Tue Oct 15 10:26:49 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69C9111E8183 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 10:26:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.589
X-Spam-Level: 
X-Spam-Status: No, score=-2.589 tagged_above=-999 required=5 tests=[AWL=0.010,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7vM7ii0cm0JB for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 10:26:48 -0700 (PDT)
Received: from mail-la0-x229.google.com (mail-la0-x229.google.com [IPv6:2a00:1450:4010:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id BED4E11E813F for <perpass@ietf.org>; Tue, 15 Oct 2013 10:26:47 -0700 (PDT)
Received: by mail-la0-f41.google.com with SMTP id ec20so7321349lab.0 for <perpass@ietf.org>; Tue, 15 Oct 2013 10:26:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=LNUBsjqjVOOaZED8c377Bnz7jQVuIMBVnK4qbaoPdQU=; b=OZpKTZyZ++kt61YhDZp9Eri+i8CC8IyDNgD3YMebhceIyWKWtfFMG5VYaQaxobS998 mAnjQWqO6I19B8wRV5yZszv7DZqy8aNZAPEYqG4p8lIauMonITjoZ3WOgpd38NtxeyL5 s6rp0wSunNg3rixqPLHg5MoIxqlF7I0yTUorZ+0GgHIfqtf24oE2pY1J0VUP368fMfQx obULaPxVKMhvL+51uWtdbRyLuz3fAsgpIbAHCPdOLcCaBZGRnJusJbvwP0YXe7t9lZeM cKpLKj6tmKcnH525+im9KnzVvcB4+W938+sf5rzDBXhDSMda+JdxO4yLFwJutfsRm3RM +q4Q==
MIME-Version: 1.0
X-Received: by 10.112.158.225 with SMTP id wx1mr2728542lbb.37.1381858006715; Tue, 15 Oct 2013 10:26:46 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Tue, 15 Oct 2013 10:26:46 -0700 (PDT)
In-Reply-To: <CAMm+LwjjWn0ai-KJHkr+tY1jDf75YNXpkXm6JRZO9doWWjZMmw@mail.gmail.com>
References: <CAMm+LwjjWn0ai-KJHkr+tY1jDf75YNXpkXm6JRZO9doWWjZMmw@mail.gmail.com>
Date: Tue, 15 Oct 2013 13:26:46 -0400
Message-ID: <CAMm+Lwi3U1nRy6Qh-h_5173WRBgbw2UBioh-ea6kV6bN_88T8Q@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: perpass <perpass@ietf.org>
Content-Type: multipart/alternative; boundary=001a11c349329ed3be04e8cae3c7
Subject: Re: [perpass] Encoding email security policy into email addresses.
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 17:26:49 -0000

--001a11c349329ed3be04e8cae3c7
Content-Type: text/plain; charset=ISO-8859-1

This is how the scheme works in practice.



Private Key Example

Alice uses a key generation tool to generate a public keypair. The public
parameters in hexadecimal are:

Modulus  :
 a4 11 df 43 4a 6b a1 3e 29 78 5e 65 3c 3e 77 71
 78 e5 be bf 1e aa cd 4b 07 94 78 05 c6 c8 06 52
 a6 32 ce 8d 31 88 43 f5 78 b4 17 03 99 b1 1b a4
 fc e9 82 ec d7 10 f2 56 f4 dc b8 0e e4 d2 e9 e8
 ad 90 41 e6 9a 65 ad 97 c3 a6 f4 49 51 b2 cb 98
 4c d9 19 ba b4 b6 06 7c 87 79 3f 30 01 fa 1d d9
 5c ad 94 f6 5e 09 2d 32 5f 1d f7 ce d2 f5 d1 68
 05 c6 95 2b 9a c3 f5 f4 8a f2 a1 a6 9d 7a de 93
Exponent :
 01 00 01

The Key Identifier is calculated using SHA512 and truncated to 224 bits to
produce the Key Identifier value. The Key Identifier in Base32 encoding is:

KeyIdentifier: ABAFYA-ATQBAB-UAG4VXA-MMACY7-4AMIAB4-NWALTA-GSHYAK-5AA

An email sender may send email to Alice through a compliant gateway as
follows: alice@example.com Send email to Alice using encryption if and only
if an encryption key for Alice can be found and Alice has published the
email encryption policy 'encryption preferred' or stronger. ?
alice@example.com Send email to Alice using encryption if and only if an
encryption key for Alice can be found, otherwise report an error.
ABAFYA-ATQBAB-UAG4VXA-MMACY7-4AMIAB4-NWALTA-GSHYAK-5AA?alice@example.com Send
email to Alice using encryption if and only if an encryption key for Alice
can be found that is directly endorsed under the specified key, otherwise
report an error. ABAFYA-ATQBAB-UAG4VXA-MMACY7-4AMIAB4-NWALTA-GSHYAK-5AA??
alice@example.com Send email to Alice using encryption if and only if an
encryption key for Alice can be found that is (directly or indierectly)
endorsed under the specified key, otherwise report an error.

The key identifiers are 224 bits long plus an 8 bit prefix to specify the
algorithm. It might well be desirable to trim them back to 160 bits but
certainly no less than 128 bits.

Here is 160 bits:
AAAMDA-GF5JAP-IAH7P3A-DSAEYB-IAHMAFB?alice@example.com

Here is 128 bits:
ADAHSA-CSZLAG-AAHTZ2A-IFAF3PF?alice@example.com


The 128 bit key identifier might be strong enough for a personal key
identifier since the difficulty of finding a key that would match by brute
force would be 128 bits.

For an organizational key, there is a risk of the key being formed
maliciously so as to evade transparency requirements and so the longer
identifier is 'probably' necessary.

-- 
Website: http://hallambaker.com/

--001a11c349329ed3be04e8cae3c7
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">This is how the scheme works in practice.<div><br></div><d=
iv><br></div><div><div class=3D"gmail_extra"><br><h2>Private Key Example</h=
2>

<p>
Alice uses a key generation tool to generate a public keypair. The public
parameters in hexadecimal are:
</p>

<pre>Modulus  :=20
 a4 11 df 43 4a 6b a1 3e 29 78 5e 65 3c 3e 77 71
 78 e5 be bf 1e aa cd 4b 07 94 78 05 c6 c8 06 52
 a6 32 ce 8d 31 88 43 f5 78 b4 17 03 99 b1 1b a4
 fc e9 82 ec d7 10 f2 56 f4 dc b8 0e e4 d2 e9 e8
 ad 90 41 e6 9a 65 ad 97 c3 a6 f4 49 51 b2 cb 98
 4c d9 19 ba b4 b6 06 7c 87 79 3f 30 01 fa 1d d9
 5c ad 94 f6 5e 09 2d 32 5f 1d f7 ce d2 f5 d1 68
 05 c6 95 2b 9a c3 f5 f4 8a f2 a1 a6 9d 7a de 93
Exponent :
 01 00 01</pre>

The Key Identifier is calculated using SHA512 and truncated to 224 bits to
produce the Key Identifier value. The Key Identifier in Base32 encoding is:

<pre>KeyIdentifier: ABAFYA-ATQBAB-UAG4VXA-MMACY7-4AMIAB4-NWALTA-GSHYAK-5AA
</pre>

An email sender may send email to Alice through a compliant gateway as
follows:

<dl>
<dt><a href=3D"mailto:alice@example.com">alice@example.com</a></dt><dt>
</dt><dd>Send email to Alice using encryption if and only if an encryption =
key=20
for Alice can be found and Alice has published the email encryption
policy &#39;encryption preferred&#39; or stronger.</dd><dd>
</dd><dt>?<a href=3D"mailto:alice@example.com">alice@example.com</a></dt><d=
t>
</dt><dd>Send email to Alice using encryption if and only if an encryption =
key=20
for Alice can be found, otherwise report an error.</dd><dd>
</dd><dt>ABAFYA-ATQBAB-UAG4VXA-MMACY7-4AMIAB4-NWALTA-GSHYAK-5AA?<a href=3D"=
mailto:alice@example.com">alice@example.com</a></dt><dt>
</dt><dd>Send email to Alice using encryption if and only if an encryption =
key=20
for Alice can be found that is directly endorsed under the specified key,=
=20
otherwise report an error.</dd><dd>
</dd><dt>ABAFYA-ATQBAB-UAG4VXA-MMACY7-4AMIAB4-NWALTA-GSHYAK-5AA??<a href=3D=
"mailto:alice@example.com">alice@example.com</a></dt><dt>
</dt><dd>Send email to Alice using encryption if and only if an encryption =
key=20
for Alice can be found that is (directly or indierectly) endorsed under=20
the specified key, otherwise report an error.</dd><dd>
</dd></dl><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra"><=
div>The key identifiers are 224 bits long plus an 8 bit prefix to specify t=
he algorithm. It might well be desirable to trim them back to 160 bits but =
certainly no less than 128 bits.</div>
<div><br></div><div>Here is 160 bits:</div><div>AAAMDA-GF5JAP-IAH7P3A-DSAEY=
B-IAHMAFB?<a href=3D"mailto:alice@example.com">alice@example.com</a></div><=
/div><div class=3D"gmail_extra"><br></div>Here is 128 bits:<br clear=3D"all=
">
<div>ADAHSA-CSZLAG-AAHTZ2A-IFAF3PF?<a href=3D"mailto:alice@example.com">ali=
ce@example.com</a><br></div><div><br></div><div><br></div><div>The 128 bit =
key identifier might be strong enough for a personal key identifier since t=
he difficulty of finding a key that would match by brute force would be 128=
 bits.</div>
<div><br></div><div>For an organizational key, there is a risk of the key b=
eing formed maliciously so as to evade transparency requirements and so the=
 longer identifier is &#39;probably&#39; necessary.</div><div><br></div>
-- <br>Website: <a href=3D"http://hallambaker.com/">http://hallambaker.com/=
</a><br>
</div></div></div>

--001a11c349329ed3be04e8cae3c7--

From kent@bbn.com  Tue Oct 15 11:03:55 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6B0B1F0D5C for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 11:03:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.476
X-Spam-Level: 
X-Spam-Status: No, score=-106.476 tagged_above=-999 required=5 tests=[AWL=0.123, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MetpOGPJZSkV for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 11:03:49 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id B01DD11E81A1 for <perpass@ietf.org>; Tue, 15 Oct 2013 11:03:44 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:55652) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VW8y7-0004NL-1l; Tue, 15 Oct 2013 14:03:43 -0400
Message-ID: <525D837E.2030309@bbn.com>
Date: Tue, 15 Oct 2013 14:03:42 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: "Peterson, Jon" <jon.peterson@neustar.biz>
References: <CE81BDE4.A834C%jon.peterson@neustar.biz>
In-Reply-To: <CE81BDE4.A834C%jon.peterson@neustar.biz>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 18:03:55 -0000

Jon,
> Would you agree though Steve that wearing seat belts is our best 
> current practice for safety, and that we (if we imagine ourselves car 
> designers) should explain to people how unsafe the roads are and that 
> they really should wear seat belts? Not everyone who builds cars might 
> feel like they need to take responsibility for explaining this, of 
> course, but some will.
Taking this analogy too far ...

Yes, I'd support a BCP that calls for wearing seat belts. I would object 
to a standard
for cars that prevents them from starting unless the driver and 
passenger seat belts
are fastened, and prevents them from being unbuckled until the car is 
shifted into "park."
> I don't want us to throw up our hands and say there's nothing to be 
> done to improve the situation because users don't understand security 
> and some deployments would resist it. Here in the IETF, our 
> responsibilities as participants differ from those of users and even 
> operators. We write standards. I think we need to write standards that 
> are clear about what people should do to be secure on the Internet as 
> we understand it.
There certainly are things that can be done to improve security, in 
terms of our standards. We
should explain to people what that MAY do (not MUST or SHOULD) to be 
more secure. We're neither
Internet police nor Internet nannies.
> Our understanding of the Internet has changed because of these 
> revelations, and what we need to do has to change as well. I agree 
> that we can't levy unrealistic mandates and hope for anything but our 
> own irrelevance. But let's not swing too far in the opposite direction 
> here either.
Competent security folks were not surprised by the technical 
capabilities that have been revealed.
It's obvious that one can gain access to tons of metadata with the 
assistance of service providers,
and that a first world country can (and would) analyze that data looking 
for bad guys.

Steve

From kent@bbn.com  Tue Oct 15 13:49:24 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEDAD21F9928 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 13:49:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.481
X-Spam-Level: 
X-Spam-Status: No, score=-106.481 tagged_above=-999 required=5 tests=[AWL=0.118, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmGJxhrd0rfG for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 13:49:19 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id D074A21F8517 for <perpass@ietf.org>; Tue, 15 Oct 2013 13:49:17 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:49490) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VWBYK-000IPx-TN; Tue, 15 Oct 2013 16:49:16 -0400
Message-ID: <525DAA4C.6070107@bbn.com>
Date: Tue, 15 Oct 2013 16:49:16 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: joel jaeggli <joelja@bogus.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com> <02DDDAE5-6016-4793-9142-8B1CD73475A3@bogus.com>
In-Reply-To: <02DDDAE5-6016-4793-9142-8B1CD73475A3@bogus.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 20:49:25 -0000

Joel,
> On Oct 14, 2013, at 8:01 AM, Ralf Skyper Kaiser <skyper@thc.org> wrote:
>
>> Hi,
>>
>> I understand the goal of making life harder for state surveillance.
>> However, I am not willing (personally) to incur any degraded user experience,
>> premature cell phone battery depletion, etc in order to support this goal.
>> I suspect, but cannot prove, that most users would express similar feelings.
> the browser/CA transition from 1024 to 2048 bit certs is ongoing albiet done soon. That's a cost that everyone is paying for whether they know it or not… We therefore have an internet scale existence proof.
Which RFC mandated this? My guess is NONE.

This represents a decision by a set of CAs and browser vendors, external 
to the
IETF, to improve security. That's fine, but it is also not 
representative of many
of the suggested mechanisms that have been proposed on this list, by 
some folks.

Steve

From kent@bbn.com  Tue Oct 15 14:00:35 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5979721F9983 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:00:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.485
X-Spam-Level: 
X-Spam-Status: No, score=-106.485 tagged_above=-999 required=5 tests=[AWL=0.113, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FpDHuWn4rAEu for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:00:29 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 8B05721F94FA for <perpass@ietf.org>; Tue, 15 Oct 2013 14:00:26 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:49497) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VWBj7-000Ide-Nh; Tue, 15 Oct 2013 17:00:25 -0400
Message-ID: <525DACE9.5070006@bbn.com>
Date: Tue, 15 Oct 2013 17:00:25 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Brian Trammell <trammell@tik.ee.ethz.ch>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com> <525BEAF4.5090802@cs.tcd.ie> <525BF0C2.8010201@gmail.com> <525BF51C.6090901@cs.tcd.ie> <525C0F4F.8050406@gmail.com> <525C1BD0.1060705@cs.tcd.ie> <595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch>
In-Reply-To: <595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch>
Content-Type: multipart/alternative; boundary="------------080703060208070206050408"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] threat model draft
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 21:00:35 -0000

This is a multi-part message in MIME format.
--------------080703060208070206050408
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Brian,

...
> Although I don't represent the clarity or quality of the draft as anything other than -00, I also don't understand what's not clear here.
>
> For those who don't have 6973 open in front of them:
>
> "Surveillance is the observation or monitoring of an individual's communications or activities... [and] can be conducted by observers or eavesdroppers at any point along the communications path."
a reasonable definition, when we are focusing on cyberspace.
> The argument is that this definition is deficient, in that it presumes an individual target. The whole conceptual framework of surveillance as an activity presumes a target. Legal surveillance requires one in order to get the necessary documents signed by the necessary oversight authority. Illegal surveillance generally has one in mind because it's cheaper that way.
I would not interpret the definition that narrowly, just because it 
mentions an individual.
Surveillance directed against a class of individuals seems to fit here 
as well.
> (One could make a case that there are indiscriminate attacks by criminal networks, e.g. skimming keystrokes from compromised machines to search for credit-card numbers... while these are untargeted with respect to individual, they're also not really surveillance per 6973, in that it's specific types of data that's the goal of the eavesdropping, not the communication or the activity in general.)
I'd disagree here too. Grabbing keystrokes is one way to get a password 
or a credit card number
at the source, an alternative to wiretapping. The goal would be the same 
for an adversary, independent
of the means by which it is accomplished.
> "Pervasive surveillance" (to mangle the 6973 defintion) is "the observation or monitoring of all individuals' communications or activities."
I suspect that the Internet is too big even for NSA and its friends to 
observe _all_  individuals, so
this definition seems too narrow, in a different way.
> Removing the concept of targeting (even if targeting is done after the fact) changes the character of the activity, both in terms of its impact on the monitored individual(s) (and -- at the risk of getting too far from the engineering -- its impact on the civil society of which the monitored individuals are presumed to be members) and in terms of how the impact it has on protocol design.
I suspect that the sort of very widespread surveillance that we have 
been discussing is still
targeted, in a sense. It may target users of specific providers or 
specific web sites, either
because the folks performing surveillance believe those are good places 
to gather the data
of interest, or because those are places within their ability to 
surveil. (Remember the joke
abut the drunk looking for his car keys under the street lamp, not 
because he lost them
there, but because the light was better?)
> Specifically, in targetless surveillance, attempts not to become a target are meaningless. (Which goes back to someone's... I think it was Yoav's... stated desire to increase the cost of pervasive surveillance to the point that he dropped out of the target set, which captures nicely the level of sensitivity we have to infinite versus finite target sets.)
I understand Yoav's model, and it has a rational basis. However, I have 
concerns about increasing
the "cost" for all users of some service, to make it easier for Yoav to 
avoid being targeted. This
seems like an externalization of cost, not my favorite economic model.

Steve

--------------080703060208070206050408
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Brian,<br>
    <br>
    ...
    <blockquote
      cite="mid:595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch"
      type="cite">
      <pre wrap="">
Although I don't represent the clarity or quality of the draft as anything other than -00, I also don't understand what's not clear here.

For those who don't have 6973 open in front of them:

"Surveillance is the observation or monitoring of an individual's communications or activities... [and] can be conducted by observers or eavesdroppers at any point along the communications path."</pre>
    </blockquote>
    a reasonable definition, when we are focusing on cyberspace. <br>
    <blockquote
      cite="mid:595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch"
      type="cite">
      <pre wrap="">The argument is that this definition is deficient, in that it presumes an individual target. The whole conceptual framework of surveillance as an activity presumes a target. Legal surveillance requires one in order to get the necessary documents signed by the necessary oversight authority. Illegal surveillance generally has one in mind because it's cheaper that way.</pre>
    </blockquote>
    I would not interpret the definition that narrowly, just because it
    mentions an individual.<br>
    Surveillance directed against a class of individuals seems to fit
    here as well.<br>
    <blockquote
      cite="mid:595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch"
      type="cite">
      <pre wrap="">
(One could make a case that there are indiscriminate attacks by criminal networks, e.g. skimming keystrokes from compromised machines to search for credit-card numbers... while these are untargeted with respect to individual, they're also not really surveillance per 6973, in that it's specific types of data that's the goal of the eavesdropping, not the communication or the activity in general.)</pre>
    </blockquote>
    I'd disagree here too. Grabbing keystrokes is one way to get a
    password or a credit card number<br>
    at the source, an alternative to wiretapping. The goal would be the
    same for an adversary, independent<br>
    of the means by which it is accomplished.<br>
    <blockquote
      cite="mid:595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch"
      type="cite">
      <pre wrap="">"Pervasive surveillance" (to mangle the 6973 defintion) is "the observation or monitoring of all individuals' communications or activities." </pre>
    </blockquote>
    I suspect that the Internet is too big even for NSA and its friends
    to observe <u>all</u>&nbsp; individuals, so<br>
    this definition seems too narrow, in a different way.<br>
    <blockquote
      cite="mid:595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch"
      type="cite">
      <pre wrap="">Removing the concept of targeting (even if targeting is done after the fact) changes the character of the activity, both in terms of its impact on the monitored individual(s) (and -- at the risk of getting too far from the engineering -- its impact on the civil society of which the monitored individuals are presumed to be members) and in terms of how the impact it has on protocol design. </pre>
    </blockquote>
    I suspect that the sort of very widespread surveillance that we have
    been discussing is still<br>
    targeted, in a sense. It may target users of specific providers or
    specific web sites, either<br>
    because the folks performing surveillance believe those are good
    places to gather the data<br>
    of interest, or because those are places within their ability to
    surveil. (Remember the joke<br>
    abut the drunk looking for his car keys under the street lamp, not
    because he lost them<br>
    there, but because the light was better?)<br>
    <blockquote
      cite="mid:595F53A6-70BB-4E5D-B899-2BEEAC1DF0D8@tik.ee.ethz.ch"
      type="cite">
      <pre wrap="">Specifically, in targetless surveillance, attempts not to become a target are meaningless. (Which goes back to someone's... I think it was Yoav's... stated desire to increase the cost of pervasive surveillance to the point that he dropped out of the target set, which captures nicely the level of sensitivity we have to infinite versus finite target sets.)
</pre>
    </blockquote>
    I understand Yoav's model, and it has a rational basis. However, I
    have concerns about increasing<br>
    the "cost" for all users of some service, to make it easier for Yoav
    to avoid being targeted. This<br>
    seems like an externalization of cost, not my favorite economic
    model.<br>
    <br>
    Steve<br>
  </body>
</html>

--------------080703060208070206050408--

From joelja@bogus.com  Tue Oct 15 14:03:13 2013
Return-Path: <joelja@bogus.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC42821F9D35 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:03:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cgbpkIQr1N-s for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:03:13 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id DCE0921F9D2A for <perpass@ietf.org>; Tue, 15 Oct 2013 14:03:12 -0700 (PDT)
Received: from 00698a-hsutim.corp.zynga.com ([199.48.105.4]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id r9FL39AH086422 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 15 Oct 2013 21:03:09 GMT (envelope-from joelja@bogus.com)
Content-Type: multipart/signed; boundary="Apple-Mail=_60A73666-548D-43FA-9252-349D5634B6BE"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: joel jaeggli <joelja@bogus.com>
In-Reply-To: <525DAA4C.6070107@bbn.com>
Date: Tue, 15 Oct 2013 14:03:04 -0700
Message-Id: <80FA935E-7332-4387-99C5-B1FB62514B63@bogus.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com> <02DDDAE5-6016-4793-9142-8B1CD73475A3@bogus.com> <525DAA4C.6070107@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1510)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [147.28.0.81]); Tue, 15 Oct 2013 21:03:09 +0000 (UTC)
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 21:03:14 -0000

--Apple-Mail=_60A73666-548D-43FA-9252-349D5634B6BE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252


On Oct 15, 2013, at 1:49 PM, Stephen Kent <kent@bbn.com> wrote:

> Joel,
>> On Oct 14, 2013, at 8:01 AM, Ralf Skyper Kaiser <skyper@thc.org> =
wrote:
>>=20
>>> Hi,
>>>=20
>>> I understand the goal of making life harder for state surveillance.
>>> However, I am not willing (personally) to incur any degraded user =
experience,
>>> premature cell phone battery depletion, etc in order to support this =
goal.
>>> I suspect, but cannot prove, that most users would express similar =
feelings.
>> the browser/CA transition from 1024 to 2048 bit certs is ongoing =
albiet done soon. That's a cost that everyone is paying for whether they =
know it or not=85 We therefore have an internet scale existence proof.
> Which RFC mandated this? My guess is NONE.
>=20

the recommendation comes from nist 800-131A and 800-57  I'd link to them =
if the nist website were up but it isn't.

> This represents a decision by a set of CAs and browser vendors, =
external to the
> IETF, to improve security.

I'm not particularly enamoured of the idea the the IETF is the sole or =
even principle arbiter of industry consensus, so lets assume that it =
isn't. Whether you want to pay the cpu consumption tax or not, there's =
enough industry consensus on the subject that you don't have a choice.

> That's fine, but it is also not representative of many
> of the suggested mechanisms that have been proposed on this list, by =
some folks.


> Steve
>=20


--Apple-Mail=_60A73666-548D-43FA-9252-349D5634B6BE
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlJdrYgACgkQ8AA1q7Z/VrK1XQCcD7nU61EkWY6QuwRDtkcKitaC
sEEAn3FRBmsG5PgTprc1zebXtr7K8dK6
=2+as
-----END PGP SIGNATURE-----

--Apple-Mail=_60A73666-548D-43FA-9252-349D5634B6BE--

From stephen.farrell@cs.tcd.ie  Tue Oct 15 14:17:17 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1914311E8195 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:17:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9+ZOKE-HBaj for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:17:05 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 985A211E80E0 for <perpass@ietf.org>; Tue, 15 Oct 2013 14:17:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 90F86BE58; Tue, 15 Oct 2013 22:17:00 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X8tO4N4cSRoW; Tue, 15 Oct 2013 22:16:59 +0100 (IST)
Received: from [10.87.48.8] (unknown [86.45.49.3]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 85844BE51; Tue, 15 Oct 2013 22:16:59 +0100 (IST)
Message-ID: <525DB0C1.5040707@cs.tcd.ie>
Date: Tue, 15 Oct 2013 22:16:49 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>,  "Peterson, Jon" <jon.peterson@neustar.biz>
References: <CE81BDE4.A834C%jon.peterson@neustar.biz> <525D837E.2030309@bbn.com>
In-Reply-To: <525D837E.2030309@bbn.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 21:17:18 -0000

Steve,

On 10/15/2013 07:03 PM, Stephen Kent wrote:
> Competent security folks were not surprised by the technical
> capabilities that have been revealed.
> It's obvious that one can gain access to tons of metadata with the
> assistance of service providers,
> and that a first world country can (and would) analyze that data looking
> for bad guys.

Competent people have been surprised by the scale here.
The level of collusion and coercion was not obvious to
many.

>From their pre-shutdown reaction, NIST appear both to
be surprised and to think something non-obvious has
occurred and I'm sure you'd consider NIST's crypto
people as being competent.

I think your comment above subtly understates the
situation in a way that's just not credible.

The subtlety is nicely done though:-)

S.

From kent@bbn.com  Tue Oct 15 14:21:36 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87EDF21F9B58 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:21:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.89
X-Spam-Level: 
X-Spam-Status: No, score=-105.89 tagged_above=-999 required=5 tests=[AWL=-0.491, BAYES_00=-2.599, J_CHICKENPOX_62=0.6, J_CHICKENPOX_81=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uokPLmzgga6T for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:21:29 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 9DCD521F99F7 for <perpass@ietf.org>; Tue, 15 Oct 2013 14:21:27 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:49503) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VWC3O-0006Wl-2W; Tue, 15 Oct 2013 17:21:22 -0400
Message-ID: <525DB1D1.8070104@bbn.com>
Date: Tue, 15 Oct 2013 17:21:21 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie>
In-Reply-To: <525C8130.2000606@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 21:21:36 -0000

Hello,
> ...
>> This may be where we have a significant disagreement.
> Note that I've no espoused any particular more-than-MTI
> position so its not yet clear how you and I disagree
> (on this one:-)
I must have misunderstood your comments (on this one :-) )
> ...
> I get that argument. But what's the difference between that
> and saying "don't use MD5" really? We're comfortable with
> the latter since MD5 is just broken for collisions. I don't
> see why we shouldn't be equally comfortable in saying "don't
> send cleartext" - *if* that's an IETF consensus position - as
> we have seen sending cleartext is also just broken when one
> consideres pervasive monitoring.
Saying don't use a specific alg, because it's defective, is a mandate
within a context where users/providers have already decided to employ
a security mechanism. Saying"no cleartext" is a statement without that
context, and thus not analogous. Or, in a lighter analogy, in the first
case we know what kind of people we're talking about, and we're just
haggling over the algorithm ;-) .
> In fact I don't really believe there's a crystal clear line
> between protocol and policy in many cases, I think its blurrier
> than is claimed by those who argue against more-than-MTI as
> being beyond our remit, as you do.
There may some gray areas; when I asked Avri about this she demurred,
so we'll have to examine specific examples to make progress.
> That doesn't by itself invalidate your basic position that MTI
> is good enough of course, but personally I do think it means
> that a more-than-MTI position could exist that is equally
> as defensible as the status quo.
Again, we'll have to see what more-that-MIT positions are put
forth before we'll be able to resolve this speculation on both
of our parts.
> ...
> Its not like 4301 and that draft is I think nearing LC and code
> that does this (again I think) has been deployed, possibly widely,
> though I think I do recall some part where one of the popular
> browsers doesn't do the DTLS thing for data channels or some
> such, so I'm not claiming its a perfect example, but it is a
> real one.  Again I'd be interested in hearing from folks who
> were involved in that discussion or who know more about the
> reality of rtcweb code and deployments.
In the RTCWEB case is the difference that  "a major browser vendor" has
decided its good, so it's a done deal? Frankly I've become concerned, 
recently,
that one major browser vendor has become very pushy about its ideas of 
what is
best for everyone. Because that vendor also is an OS vendor, it's
influence seems outsized, to me. But that's a different rant.
> But this is a real example where we are specifying more-than-MTI
> for one important protocol already, I think that's unquestionable
> frankly.
OK, and frankly, I think this is a questionable idea.

I just skimmed the I-D in question. It has over 80 MUSTs. Given the 
rather poor
track record of browsers wrt security,I am amazed to see the following 
text, in Section 3:

    The basic assumption of this architecture is that network resources
    exist in a hierarchy of trust, rooted in the browser, which serves as
    the user's TRUSTED COMPUTING BASE (TCB).

I suspect that most IETF participants are not familiar with the term TCB 
(and
there is no cite in the I-D), so they do not realize how odd this 
statement seems
to those of who are familiar with the term.

I have a lot of respect for Eric, but ...

Steve



From stephen.farrell@cs.tcd.ie  Tue Oct 15 14:28:48 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D18221F9DF3 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:28:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DhI4BCZa1JPb for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:28:42 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 4ACBF21F9D04 for <perpass@ietf.org>; Tue, 15 Oct 2013 14:28:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id AE7F6BE58; Tue, 15 Oct 2013 22:28:34 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kiWmpImoLONK; Tue, 15 Oct 2013 22:28:33 +0100 (IST)
Received: from [10.87.48.8] (unknown [86.45.49.3]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 9A337BE51; Tue, 15 Oct 2013 22:28:33 +0100 (IST)
Message-ID: <525DB377.3000402@cs.tcd.ie>
Date: Tue, 15 Oct 2013 22:28:23 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com>	<525C8130.2000606@cs.tcd.ie> <525DB1D1.8070104@bbn.com>
In-Reply-To: <525DB1D1.8070104@bbn.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 21:28:48 -0000

On 10/15/2013 10:21 PM, Stephen Kent wrote:
>>
> Again, we'll have to see what more-that-MIT positions are put
> forth before we'll be able to resolve this speculation on both
> of our parts.

Fully agree. Brian Carpenter mentioned one in an earlier
mail (on-by-default with an option to turn off) but we've
not seen others proposed so far.

S.

From trammell@tik.ee.ethz.ch  Tue Oct 15 14:45:04 2013
Return-Path: <trammell@tik.ee.ethz.ch>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6595721F9DF3 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:45:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.374
X-Spam-Level: 
X-Spam-Status: No, score=-6.374 tagged_above=-999 required=5 tests=[AWL=0.225,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E9UsfKRdVj2A for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:44:59 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) by ietfa.amsl.com (Postfix) with ESMTP id 4CE9621F9C68 for <perpass@ietf.org>; Tue, 15 Oct 2013 14:44:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id 47248D9302; Tue, 15 Oct 2013 23:44:56 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id HNCS0vPTxoeL; Tue, 15 Oct 2013 23:44:56 +0200 (MEST)
Received: from [10.0.27.100] (cust-integra-122-165.antanet.ch [80.75.122.165]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: briant) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id DBCD0D9300; Tue, 15 Oct 2013 23:44:55 +0200 (MEST)
Content-Type: multipart/signed; boundary="Apple-Mail=_CB0CE6EA-9413-4347-8963-C4D9F7DC3FF0"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Brian Trammell <trammell@tik.ee.ethz.ch>
In-Reply-To: <525DB377.3000402@cs.tcd.ie>
Date: Tue, 15 Oct 2013 23:44:55 +0200
Message-Id: <07404908-4AFC-428C-B0D2-C5CAA63C0850@tik.ee.ethz.ch>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com>	<525C8130.2000606@cs.tcd.ie> <525DB1D1.8070104@bbn.com> <525DB377.3000402@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1510)
Cc: perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 21:45:04 -0000

--Apple-Mail=_CB0CE6EA-9413-4347-8963-C4D9F7DC3FF0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

hi, Stephens,

+1 (again) to MaD (mandatory as default); I've been following the thread =
and trying to thing of an MTU mechanism that is meaningful in an IETF =
context. Unfortunately for that, that we've done a reasonably good job =
of layering security -- making it simple to integrate in makes it simple =
to separate out as well.

I really think the best we can do is MaD with guidance for usage that =
enumerates specific, limited cases in which it makes sense to turn off.

Cheers,

(another) Brian

On Oct 15, 2013, at 11:28 PM, Stephen Farrell =
<stephen.farrell@cs.tcd.ie> wrote:

>=20
>=20
> On 10/15/2013 10:21 PM, Stephen Kent wrote:
>>>=20
>> Again, we'll have to see what more-that-MIT positions are put
>> forth before we'll be able to resolve this speculation on both
>> of our parts.
>=20
> Fully agree. Brian Carpenter mentioned one in an earlier
> mail (on-by-default with an option to turn off) but we've
> not seen others proposed so far.
>=20
> S.
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass


--Apple-Mail=_CB0CE6EA-9413-4347-8963-C4D9F7DC3FF0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJSXbdXAAoJENt3nsOmbNJcZI8H/2H4qnxjz5UMcLuWIBfUwWEi
UCk1MdYcvdaN7HQTUYB9SJH76nu86EFgm0DE9gvYJAQvsVy08klfK+IfTC7LJPDS
mpvRKcH5Q/3Cdpn5aBcJc72DSLgno2/LLl2haQVak4CUXs9zI6ZFVk3/JxRJ4yNh
4GU0MSTIyy7O05lBWvH2bWsjbDJn5vRyJBzuUZ2SToFU7anYKXTdQPM0OJ7nQX1P
l9tzJwRh6lGlkz3bDbm+0o2sPr6SKVIjejx5Mb61cpJsiIsX+ydeejWQQkDHcoj6
/xLqIDIu8dQmgL0MUAZ5zn7uuzlB4/p6yDPDReV0Ju47Iszxg4pocd+RY4LfAlk=
=4LtS
-----END PGP SIGNATURE-----

--Apple-Mail=_CB0CE6EA-9413-4347-8963-C4D9F7DC3FF0--

From kent@bbn.com  Tue Oct 15 14:52:31 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4D6321F93F8 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:52:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.472
X-Spam-Level: 
X-Spam-Status: No, score=-106.472 tagged_above=-999 required=5 tests=[AWL=0.127, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8RsNWj1mNQlU for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:52:19 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 20C8021F9FF3 for <perpass@ietf.org>; Tue, 15 Oct 2013 14:52:16 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:49865) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VWCXH-000JU1-9k; Tue, 15 Oct 2013 17:52:15 -0400
Message-ID: <525DB90F.1070700@bbn.com>
Date: Tue, 15 Oct 2013 17:52:15 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: joel jaeggli <joelja@bogus.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com> <02DDDAE5-6016-4793-9142-8B1CD73475A3@bogus.com> <525DAA4C.6070107@bbn.com> <80FA935E-7332-4387-99C5-B1FB62514B63@bogus.com>
In-Reply-To: <80FA935E-7332-4387-99C5-B1FB62514B63@bogus.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 21:52:31 -0000

Joel,

Thanks for the quick reply.
...
>> Which RFC mandated this? My guess is NONE.
>>
> the recommendation comes from nist 800-131A and 800-57  I'd link to them if the nist website were up but it isn't.
OK, then, as I suspected, this is not the result of any RFC.

> I'm not particularly enamoured of the idea the the IETF is the sole or 
> even principle arbiter of industry consensus, so lets assume that it 
> isn't. Whether you want to pay the cpu consumption tax or not, there's 
> enough industry consensus on the subject that you don't have a choice.
I agree that the IETF is not an arbiter of industry consensus. The 
question being debated on this
list is whether it ought to become more of an arbiter of what users and 
service providers do,
by mandating use of security mechanisms, vs. just offering specs for 
interoperable mechanisms.

BTW, who got to form the industry consensus this time? How many folks, 
and in what venue?

Steve



From kent@bbn.com  Tue Oct 15 14:56:39 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E730521F94FA for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:56:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.476
X-Spam-Level: 
X-Spam-Status: No, score=-106.476 tagged_above=-999 required=5 tests=[AWL=0.123, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yLpwBnJMy7oP for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:56:20 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id A9F5621F9425 for <perpass@ietf.org>; Tue, 15 Oct 2013 14:55:32 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:49866) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VWCaR-000JXq-SI; Tue, 15 Oct 2013 17:55:31 -0400
Message-ID: <525DB9D3.8080505@bbn.com>
Date: Tue, 15 Oct 2013 17:55:31 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <CE81BDE4.A834C%jon.peterson@neustar.biz> <525D837E.2030309@bbn.com> <525DB0C1.5040707@cs.tcd.ie>
In-Reply-To: <525DB0C1.5040707@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, "Peterson, Jon" <jon.peterson@neustar.biz>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 21:56:40 -0000
X-List-Received-Date: Tue, 15 Oct 2013 21:56:40 -0000

Stephen,
> Steve,
>
> On 10/15/2013 07:03 PM, Stephen Kent wrote:
>> Competent security folks were not surprised by the technical
>> capabilities that have been revealed.
>> It's obvious that one can gain access to tons of metadata with the
>> assistance of service providers,
>> and that a first world country can (and would) analyze that data looking
>> for bad guys.
> Competent people have been surprised by the scale here.
> The level of collusion and coercion was not obvious to
> many.
I was not addressing the level and scale of collusion.
I was noting that the vulnerability was always obvious,
and if one was concerned about the confidentiality of metadata, ...
> >From their pre-shutdown reaction, NIST appear both to
> be surprised and to think something non-obvious has
> occurred and I'm sure you'd consider NIST's crypto
> people as being competent.
>
> I think your comment above subtly understates the
> situation in a way that's just not credible.
>
> The subtlety is nicely done though:-)
The comment about NIST was not from me, although I
too admire subtlety in such contexts.

Steve


From ned+perpass@mrochek.com  Tue Oct 15 14:57:26 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CDCC21F9642 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:57:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.24
X-Spam-Level: 
X-Spam-Status: No, score=-2.24 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DATE_IN_PAST_03_06=0.044, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1hQxKic5ZcOa for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 14:57:20 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 2461721F9E73 for <perpass@ietf.org>; Tue, 15 Oct 2013 14:57:04 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZM7M6JR00006LNT@mauve.mrochek.com> for perpass@ietf.org; Tue, 15 Oct 2013 14:51:55 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZJ0YGW1O000004R@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Tue, 15 Oct 2013 14:51:53 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01OZM7M57NWK00004R@mauve.mrochek.com>
Date: Tue, 15 Oct 2013 11:13:34 -0700 (PDT)
In-reply-to: "Your message dated Tue, 15 Oct 2013 11:26:06 +0100" <525D183E.7000200@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 21:57:27 -0000

> Following up on my own point - not stylish but I think
> in this case justified:-)

> On 10/15/2013 12:41 AM, Stephen Farrell wrote:
> > I don't
> > see why we shouldn't be equally comfortable in saying "don't
> > send cleartext" - *if* that's an IETF consensus position - as
> > we have seen sending cleartext is also just broken when one
> > consideres pervasive monitoring.

> I guess this Washington Post story [1] that I saw this
> morning would appear to provide a relevant example.

> In that case, I would argue that the fact that cleartext
> IMAP provides interop and is successful does imply that
> some services somewhere will use that for large populations
> that will inevitably (as we now know) be subject to
> pervasive monitoring.

What is this "cleartext IMAP" of which you speak? A quick check of some of the
major US MSPs shows that Gmail, Hotmail, and Apple all require SSL/TLS for
IMAP. And AOL definitely offers SSL/TLS support, but I can't tell if they
require it or not.

Now, it seems to me like I'm missing one ... it's on the tip of my tongue ...
oh yeah, that would be Yahoo, the only vendor actually mentioned by name in the
Powerpoint slides the Washington Post story you cite is based on. But lo and
behold, they also require SSL for all IMAP access!

I haven't bothered to survey ISPs (although I will note that Verizon and
several others only offers POP, not IMAP, and yes, they do offer SSL with
that), but my sense is most of them support SSL/TLS and many even require it.

But don't for a moment think this is due to anyone caring deeply about privacy.
This is about support costs, specifically, the costs that accrue when someone's
account password is compromised, as it easily can be when using any of the
email protocols from, say, a wireless hotspot. SSL/TLS covering an AUTH
PLAIN/LOGIN exchange is the method of choice for addressing this problem, and
you end up getting SSL/TLS for the rest of the session for free when you do
that.

And before the IETF spends any time patting itself on the back here, I'll also
point out that almost all secure IMAP is imaps on port 993. IETF specifications
call for STARTTLS on the regular IMAP port (143). I also doubt that the
supported ciphersuites conforms all that well to IETF guidelines.

> When the numbers involved ("500,000 buddylists and
> inboxes" collected on a "representative day" for just
> one agency) are at that scale, then it seems to me that
> one can fairly describe that as a failure in protocol
> design and not solely as a bad deployment choice.

And again I have to ask: What is the "protocol design failure" of which you
speak? I'm especially interested in the one the IETF has made that exposes
buddy lists and address books.

In case you weren't aware, IMAP does not handle address book information or
buddy lists. It's just not part of the protocol, unless you do something quite
outre like storing your address book as a special message in a special folder.

The IETF protocol that does do part of this is carddav, but it's a relative
newcomer on the scene, and while many MSPs, including Yahoo, support it, I
see no indication that it's involved here.

Rather, this all looks to me like it has a lot more to do with web access
to mail and IM, to the point where I'm skeptical that access to cleartext
IMAP is a significant factor. (There is a slide at the end about IMAP,
but it's oddly disconnected from the rest of the presentation, and seems
like something added as an afterthought.)

Something else not mentioned on the slides is ActiveSync. AFAIK ActiveSync is
the biggest player in the address book and calendar access protocol space right
now. And there may well be security issues in it. But since it's a Microsoft
creation, it's going to be tough for the IETF to do anything about any problems
it has.

> With the 20-20 hindsight afforded, if IMAP were a new
> protocol, would we be correct to only have TLS as MTI as
> we currently do [2] or would the Internet be better
> if we *only* had port 993 and had TLS as MTU perhaps
> with anon DH or something (*) like that?

No, what 20-20 hindsight actually reveals is that when you fail to respond to
market needs, in particular the needs of mobile devices, in a timely and
appropriate way, alternatives to your protocols crop up that you have no
control over. And when those alternatives have security issues there's not all
that much you can do about it.

> The latter approach is certainly now far more likely to
> be tractable than it was in 2003 (when RFC3501 was done).
> Maybe its time we do that.

> Cheers,
> S.

> (*) Yes, there's a bit of arm-waving there since one
> can validly argue that the TLS ciphersuite that's MTI
> for 3501 is still just a bit too hard to deploy as
> one is supposed to get a server cert that the UA can
> verify, which implies some management overhead. So
> something slightly more easily deployed (and hence
> not quite 3501) might really be needed. But *how* to
> do MTU stuff could be a protocol-specific debate to
> have after we concluded we had consensus for
> more-than-MTI in some form. (Which we don't, today.)
> But of course, a new IMAP security BCP doesn't have
> to wait either (hint, hint:-)

... And that's a strawman. I've not heard and provider of any size make such an
argument in many, many, many years. The fact of the matter is that secure IMAP
*is* widely and successfully deployed, albeit in a way that the IETF did not
intend and in spite of the fact that the IETF did bugger-all to make it easy to
do. And since only yesterday I was listening to a presentation that among other
things covered the specifics of how a provider with 10s of millions of users
handles this particular problem, I can state with some authority that the costs
aren't that big a deal.

But if you really think it's worth spending the time to make IMAP security even
better, that's fine with me. But the work needs to be based on what's in play
in the real world, which seems markedly at odds with what you imagine is out
there. It also needs to be informed by what's actually possible given real
world constraints, e.g., what ciphersuites are actually offered by the SSL/TLS
libraries in common use. (I've heard it mooted that support for anon-DH in
particular is likely to be dropped from some of them.) And finally,
expectations as to what this will actually accomoplish in terms of thwaring
pervasive surveilance need to be lowered pretty dramatically.

But more generally - and I'm afraid I'm going to be a bit unkind here - there's
way too much yacketing about non-issues and completely impractical
non-solutions going on here, at least when it comes to securing the
bulk of present-day email.

So I'm once again going to ask, "What's the goal here?". If the goal is to make
the email of select group of cognescenti more secure that's one thing. It's
quite another to talk seriously about improving email security for everyone
else.

If we're going to do the latter, I'm afraid that needs to start with a better
understanding of what present-day email service actually looks like and where
market trends are pushing it. 

				Ned

From davieseb@scss.tcd.ie  Tue Oct 15 15:05:01 2013
Return-Path: <davieseb@scss.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0FC011E80E0 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 15:05:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PCTwAk-wHPS8 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 15:04:55 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id EB89211E8187 for <perpass@ietf.org>; Tue, 15 Oct 2013 15:04:42 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 511E7BE56; Tue, 15 Oct 2013 23:04:41 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6yrY0BFBqlab; Tue, 15 Oct 2013 23:04:40 +0100 (IST)
Received: from [81.187.254.250] (mightyatom.folly.org.uk [81.187.254.250]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 2D36CBE59; Tue, 15 Oct 2013 23:04:40 +0100 (IST)
From: Elwyn Davies <davieseb@scss.tcd.ie>
To: Stephen Kent <kent@bbn.com>
In-Reply-To: <525D837E.2030309@bbn.com>
References: <CE81BDE4.A834C%jon.peterson@neustar.biz> <525D837E.2030309@bbn.com>
Content-Type: text/plain
Organization: School of Computer Science and Statistics,  TCD
Date: Tue, 15 Oct 2013 23:05:19 +0100
Message-Id: <1381874719.5148.5805.camel@mightyatom>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.3 
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, "Peterson, Jon" <jon.peterson@neustar.biz>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 22:05:01 -0000

On Tue, 2013-10-15 at 14:03 -0400, Stephen Kent wrote:

> Yes, I'd support a BCP that calls for wearing seat belts. I would object 
> to a standard
> for cars that prevents them from starting unless the driver and 
> passenger seat belts
> are fastened, and prevents them from being unbuckled until the car is 
> shifted into "park."
I observe that the car designers have gone quite a way down this path.
Today's default seems to be irritating and unsilenceable audio alarms
triggered when you drive off without belting up.

I agree that I don't think we would want to go that way with email even
if there was an equivalent to this analogy.

However the automatic (person strangling) seat belt seems to have had a
brief outing and disappeared again - or maybe I haven't driven the right
US cars recently. 

/Elwyn  



From joelja@bogus.com  Tue Oct 15 17:06:02 2013
Return-Path: <joelja@bogus.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F45621F9C3A for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 17:06:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MNLgULa9iA15 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 17:06:00 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id 73CAD21F9E43 for <perpass@ietf.org>; Tue, 15 Oct 2013 17:05:35 -0700 (PDT)
Received: from [192.168.1.13] (c-50-174-18-221.hsd1.ca.comcast.net [50.174.18.221]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id r9G05I5T088418 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 16 Oct 2013 00:05:19 GMT (envelope-from joelja@bogus.com)
Content-Type: multipart/signed; boundary="Apple-Mail=_1C5AB68E-69DB-48EF-B4C8-4A6D0DCFF8B0"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: joel jaeggli <joelja@bogus.com>
In-Reply-To: <525DB90F.1070700@bbn.com>
Date: Tue, 15 Oct 2013 17:05:14 -0700
Message-Id: <C26C8B1B-7FA1-456A-A35E-32AAE761A8DE@bogus.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com> <02DDDAE5-6016-4793-9142-8B1CD73475A3@bogus.com> <525DAA4C.6070107@bbn.com> <80FA935E-7332-4387-99C5-B1FB62514B63@bogus.com> <525DB90F.1070700@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1510)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [147.28.0.81]); Wed, 16 Oct 2013 00:05:20 +0000 (UTC)
Cc: perpass <perpass@ietf.org>, Tim Moses <tim.moses@entrust.com>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 00:06:02 -0000

--Apple-Mail=_1C5AB68E-69DB-48EF-B4C8-4A6D0DCFF8B0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1


On Oct 15, 2013, at 2:52 PM, Stephen Kent <kent@bbn.com> wrote:

> Joel,
>=20
> Thanks for the quick reply.
> ...
>>> Which RFC mandated this? My guess is NONE.
>>>=20
>> the recommendation comes from nist 800-131A and 800-57  I'd link to =
them if the nist website were up but it isn't.
> OK, then, as I suspected, this is not the result of any RFC.
>=20
>> I'm not particularly enamoured of the idea the the IETF is the sole =
or even principle arbiter of industry consensus, so lets assume that it =
isn't. Whether you want to pay the cpu consumption tax or not, there's =
enough industry consensus on the subject that you don't have a choice.
> I agree that the IETF is not an arbiter of industry consensus. The =
question being debated on this
> list is whether it ought to become more of an arbiter of what users =
and service providers do,
> by mandating use of security mechanisms, vs. just offering specs for =
interoperable mechanisms.
>=20
> BTW, who got to form the industry consensus this time? How many folks, =
and in what venue?

I belive the vehicle for coordination that was the ca/b forum

www.cabforum.org

Tim Moses who is one of the wpkops co-chairs is also the chair of that =
iirc so I would defer to an expert there.

>=20
> Steve
>=20
>=20


--Apple-Mail=_1C5AB68E-69DB-48EF-B4C8-4A6D0DCFF8B0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlJd2DoACgkQ8AA1q7Z/VrIERgCbBHr4i3tgMbA26SUGg3Yc3UQ6
QP4AnA1XMO1xPfvh+k5xR8XyPqM818pG
=I1Ke
-----END PGP SIGNATURE-----

--Apple-Mail=_1C5AB68E-69DB-48EF-B4C8-4A6D0DCFF8B0--

From stephen.farrell@cs.tcd.ie  Tue Oct 15 17:31:16 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBE1611E8246 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 17:31:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.142
X-Spam-Level: 
X-Spam-Status: No, score=-102.142 tagged_above=-999 required=5 tests=[AWL=-0.458, BAYES_00=-2.599, J_CHICKENPOX_52=0.6, SARE_MILLIONSOF=0.315, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s69IsYfcQe5E for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 17:31:11 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id A97D111E8244 for <perpass@ietf.org>; Tue, 15 Oct 2013 17:31:07 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5AE85BE58; Wed, 16 Oct 2013 01:31:06 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YG68+nyBnCU2; Wed, 16 Oct 2013 01:31:03 +0100 (IST)
Received: from [10.87.48.8] (unknown [86.45.49.3]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 50FF0BE56; Wed, 16 Oct 2013 01:31:03 +0100 (IST)
Message-ID: <525DDE3D.6020500@cs.tcd.ie>
Date: Wed, 16 Oct 2013 01:30:53 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: ned+perpass@mrochek.com
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com>	<525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <01OZM7M57NWK00004R@mauve.mrochek.com>
In-Reply-To: <01OZM7M57NWK00004R@mauve.mrochek.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 00:31:16 -0000

Hiya,

Many snippets below...

On 10/15/2013 07:13 PM, ned+perpass@mrochek.com wrote:
>> Following up on my own point - not stylish but I think
>> in this case justified:-)
> 
>> On 10/15/2013 12:41 AM, Stephen Farrell wrote:
>>> I don't
>>> see why we shouldn't be equally comfortable in saying "don't
>>> send cleartext" - *if* that's an IETF consensus position - as
>>> we have seen sending cleartext is also just broken when one
>>> consideres pervasive monitoring.
> 
>> I guess this Washington Post story [1] that I saw this
>> morning would appear to provide a relevant example.
> 
>> In that case, I would argue that the fact that cleartext
>> IMAP provides interop and is successful does imply that
>> some services somewhere will use that for large populations
>> that will inevitably (as we now know) be subject to
>> pervasive monitoring.
> 
> What is this "cleartext IMAP" of which you speak? 

I guess that's a fair comment - we don't know that they're
able gather to inbox data via IMAP due to it being sent in
clear,  however that seems like a reasonable guess based
on the newspaper story which says that collection is done
by telcos that are "overseas" and assuming that TLS is not
busted for these services. (Even were TLS busted for those
services though, I don't think that changes so much of the
analysis *if* one can separately mitigate whatever's gone
wrong with those TLS deployments.)

But yes, that's guessing and we need to keep that in mind
and there could well be alternative explanations.

> A quick check of some of the
> major US MSPs shows that Gmail, Hotmail, and Apple all require SSL/TLS for
> IMAP. And AOL definitely offers SSL/TLS support, but I can't tell if they
> require it or not.
> 
> Now, it seems to me like I'm missing one ... it's on the tip of my tongue ...
> oh yeah, that would be Yahoo, the only vendor actually mentioned by name in the
> Powerpoint slides the Washington Post story you cite is based on. But lo and
> behold, they also require SSL for all IMAP access!
> 
> I haven't bothered to survey ISPs (although I will note that Verizon and
> several others only offers POP, not IMAP, and yes, they do offer SSL with
> that), but my sense is most of them support SSL/TLS and many even require it.

Is there publicly available information about the deployment of IMAP
in terms of how many servers/services allow or disallow cleartext,
STARTTLS or 993? (To expose my ignorance, yes, I did assume that many
services still allow IMAP over 143 without STARTTLS in addition to
993.)

> But don't for a moment think this is due to anyone caring deeply about privacy.
> This is about support costs, specifically, the costs that accrue when someone's
> account password is compromised, as it easily can be when using any of the
> email protocols from, say, a wireless hotspot. SSL/TLS covering an AUTH
> PLAIN/LOGIN exchange is the method of choice for addressing this problem, and
> you end up getting SSL/TLS for the rest of the session for free when you do
> that.

Sure.

> And before the IETF spends any time patting itself on the back here, I'll also
> point out that almost all secure IMAP is imaps on port 993. IETF specifications
> call for STARTTLS on the regular IMAP port (143). 

Rught. An important point I think.

> I also doubt that the
> supported ciphersuites conforms all that well to IETF guidelines.

Again, any information on what's available & what's used (if its
basically the same set of libraries as used for HTTP that's
probably known).

> 
>> When the numbers involved ("500,000 buddylists and
>> inboxes" collected on a "representative day" for just
>> one agency) are at that scale, then it seems to me that
>> one can fairly describe that as a failure in protocol
>> design and not solely as a bad deployment choice.
> 
> And again I have to ask: What is the "protocol design failure" of which you
> speak? 

Basically, having three flavours of IMAP (clear, STARTTLS and 993)
where one that just mandated use of TLS could arguably be simpler
and more secure. And note - I'm not saying this should've been
done years ago, I'm asking if in a similar situation today we
ought go for the one-with-security or the 3-flavoured approach.

(Ignoring the rest of the message and just dealing with that
would be fine from my pov if that helps.)

> I'm especially interested in the one the IETF has made that exposes
> buddy lists and address books.

Address books? When did I mention those? I don't believe I did and
if I did then that was in error. The buddylists things in the slides
are also presumably not IMAP related.

> 
> In case you weren't aware, IMAP does not handle address book information or
> buddy lists. It's just not part of the protocol, unless you do something quite
> outre like storing your address book as a special message in a special folder.
> 
> The IETF protocol that does do part of this is carddav, but it's a relative
> newcomer on the scene, and while many MSPs, including Yahoo, support it, I
> see no indication that it's involved here.
> 
> Rather, this all looks to me like it has a lot more to do with web access
> to mail and IM, to the point where I'm skeptical that access to cleartext
> IMAP is a significant factor. (There is a slide at the end about IMAP,
> but it's oddly disconnected from the rest of the presentation, and seems
> like something added as an afterthought.)
> 
> Something else not mentioned on the slides is ActiveSync. AFAIK ActiveSync is
> the biggest player in the address book and calendar access protocol space right
> now. And there may well be security issues in it. But since it's a Microsoft
> creation, it's going to be tough for the IETF to do anything about any problems
> it has.

Yeah, address books would be different, but again I don't
believe I even used that term in this discussion.

> 
>> With the 20-20 hindsight afforded, if IMAP were a new
>> protocol, would we be correct to only have TLS as MTI as
>> we currently do [2] or would the Internet be better
>> if we *only* had port 993 and had TLS as MTU perhaps
>> with anon DH or something (*) like that?
> 
> No, what 20-20 hindsight actually reveals is that when you fail to respond to
> market needs, in particular the needs of mobile devices, in a timely and
> appropriate way, alternatives to your protocols crop up that you have no
> control over. And when those alternatives have security issues there's not all
> that much you can do about it.

Hmmm. That may be true. But I don't think you answered
the question, except with the first word and then I'm
not sure if that's an answer or disagreeing with the
question.

Lemme try another way: if IMAP were a brand new protocol
today and given today's kit and network and what we've
learned, would we argue to define both an insecure and
a secure (but maybe not much used) variant or would we
be better off only defining one version that builds in
whatever we think is the right set of securiy features
and ensures that those are used (by not having the
option to not use 'em)?

> 
>> The latter approach is certainly now far more likely to
>> be tractable than it was in 2003 (when RFC3501 was done).
>> Maybe its time we do that.
> 
>> Cheers,
>> S.
> 
>> (*) Yes, there's a bit of arm-waving there since one
>> can validly argue that the TLS ciphersuite that's MTI
>> for 3501 is still just a bit too hard to deploy as
>> one is supposed to get a server cert that the UA can
>> verify, which implies some management overhead. So
>> something slightly more easily deployed (and hence
>> not quite 3501) might really be needed. But *how* to
>> do MTU stuff could be a protocol-specific debate to
>> have after we concluded we had consensus for
>> more-than-MTI in some form. (Which we don't, today.)
>> But of course, a new IMAP security BCP doesn't have
>> to wait either (hint, hint:-)
> 
> ... And that's a strawman. I've not heard and provider of any size make such an
> argument in many, many, many years. The fact of the matter is that secure IMAP
> *is* widely and successfully deployed, albeit in a way that the IETF did not
> intend and in spite of the fact that the IETF did bugger-all to make it easy to
> do. 

Yes - I think that supports my argument - the existence of a
"pretend" security variant at day zero is damaging so we should
ask whether we ought just make the security mandatory to use
and end up with one version.

> And since only yesterday I was listening to a presentation that among other
> things covered the specifics of how a provider with 10s of millions of users
> handles this particular problem, I can state with some authority that the costs
> aren't that big a deal.

I don't get what you mean there.

> 
> But if you really think it's worth spending the time to make IMAP security even
> better, that's fine with me. But the work needs to be based on what's in play
> in the real world, which seems markedly at odds with what you imagine is out
> there. 

Disagree. But that (I hope) is because you misinterpreted what
I'm asking/saying.

> It also needs to be informed by what's actually possible given real
> world constraints, e.g., what ciphersuites are actually offered by the SSL/TLS
> libraries in common use. 

Yeah. There're similar issues for TLS in general.

> (I've heard it mooted that support for anon-DH in
> particular is likely to be dropped from some of them.) 

That's fair. I did acknowledge arm-waving though.

> And finally,
> expectations as to what this will actually accomoplish in terms of thwaring
> pervasive surveilance need to be lowered pretty dramatically.

Why? And even if so, it may be worth doing as proection
against other bad actors.

> But more generally - and I'm afraid I'm going to be a bit unkind here - there's
> way too much yacketing about non-issues and completely impractical
> non-solutions going on here, at least when it comes to securing the
> bulk of present-day email.

I think that's not unkind but is unfair. (Given that I think
you yacketed about address books above for example.)

> So I'm once again going to ask, "What's the goal here?". If the goal is to make
> the email of select group of cognescenti more secure that's one thing. It's
> quite another to talk seriously about improving email security for everyone
> else.
> 
> If we're going to do the latter, I'm afraid that needs to start with a better
> understanding of what present-day email service actually looks like and where
> market trends are pushing it. 

Better understanding is always good and the main goal here (at least
mine) is to make pervasive monitoring more expensive to the extent
technically feasible. Personally, I think there are things about IMAP
that could be impoved but I'm very skeptical that we can "solve" the
problem for mail in general. (Some others on this list are more
optimistic.)

S.

> 
> 				Ned
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From leo@vegoda.org  Tue Oct 15 17:38:11 2013
Return-Path: <leo@vegoda.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14DB321F93BF for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 17:38:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level: 
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=0.500,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rU7RFp6GUN-Q for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 17:38:03 -0700 (PDT)
Received: from mail-pa0-f52.google.com (mail-pa0-f52.google.com [209.85.220.52]) by ietfa.amsl.com (Postfix) with ESMTP id A158511E8205 for <perpass@ietf.org>; Tue, 15 Oct 2013 17:38:03 -0700 (PDT)
Received: by mail-pa0-f52.google.com with SMTP id kl14so206046pab.39 for <perpass@ietf.org>; Tue, 15 Oct 2013 17:38:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=r5f8HEezJguec5vIGC+6G8TWXQmFdkxg1XRIPf7Lz/4=; b=l7Fr/mezlEDlFLKCtokDOa+s96GBNKR/bKRJq6cPmyUf2Jo51Ca3LqJDSWH4QkoZEK U4fixy8lh3KLgTa8a3Ot0zWIu+11Bnhds601sh6mVfI9xxMToPazJEJ3HTd19sacjf7q j2Vu0vNcV636u73V1NluD+hPehticXiiHXmf9jJSePB/3V6xHB1a6qij3aFWz6Cm2TV3 gDOfIwn++sv3Co6gCAmf+d+0t7CMpcEZRrosyIcA5YL02awhPv0g1AL2sFXP6otYQ8lw LCxyfooLQwl6oJwCDuROjnGvkYRQIsXzHRQf6GV6gYVhCyLVMO8Q0+iVbk6x8VzBhz7g gAPA==
X-Gm-Message-State: ALoCoQlWQDdESOK/f+0mGHj6Rnf5DYBXlpFpMnXP6seg5WZKvVQqZgWbY2p35P3jDKGWwiJDEgB9
X-Received: by 10.68.221.233 with SMTP id qh9mr44367356pbc.103.1381883880112;  Tue, 15 Oct 2013 17:38:00 -0700 (PDT)
Received: from vegoda.org (cpe-172-250-31-169.socal.res.rr.com. [172.250.31.169]) by mx.google.com with ESMTPSA id b3sm87235124pbu.38.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 15 Oct 2013 17:37:58 -0700 (PDT)
Date: Tue, 15 Oct 2013 17:37:54 -0700
From: Leo Vegoda <leo@vegoda.org>
To: Mike Demmers <mdietf@demmers.org>
Message-ID: <20131016003754.GA2428@vegoda.org>
References: <524343B5.8010808@cs.tcd.ie> <20130930135150.23771137@cicero.demmers.org> <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de> <20131010050040.03051a8e@cicero.demmers.org> <j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de> <20131010092504.039f1217@cicero.demmers.org> <20131012180344.GA11447@vegoda.org> <20131012234500.2813ff1c@cicero.demmers.org> <20131013152508.GA12990@vegoda.org> <20131014160906.27647ff6@cicero.demmers.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20131014160906.27647ff6@cicero.demmers.org>
X-raffinose: fart
X-stachiose: fart
X-verbascose: fart
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: Perpass List Submit <perpass@ietf.org>
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 00:38:11 -0000

On Mon, Oct 14, 2013 at 04:09:06PM -0700, Mike Demmers wrote:

[...]

> > - how do people securely backup their keys?
> 
> They get backed up when they back up their system.

You seem to have ignored the word "securely" in that sentence. And
anyway, most people don't backup their systems at all. 

[...]

> I need to be very clear about what I am doing here by NOT using that stuff: I am deliberately sacrificing some security for usability.

I found it hard to distinguish between your thoughts about user
interface design and your ideas for a protocol. Frankly, I'd wait
for a strong protocol design before thinking about UI elements.

Have you considered documenting your thoughts in a less
conversational style?

Leo

From stephen.farrell@cs.tcd.ie  Tue Oct 15 18:09:50 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E83A11E8255 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 18:09:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.358
X-Spam-Level: 
X-Spam-Status: No, score=-101.358 tagged_above=-999 required=5 tests=[AWL=-1.058, BAYES_00=-2.599, MANGLED_TOOL=2.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PorZQzdaARbS for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 18:09:45 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id B140811E823F for <perpass@ietf.org>; Tue, 15 Oct 2013 18:09:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 501FBBE58; Wed, 16 Oct 2013 02:09:43 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8zpsja-UO40L; Wed, 16 Oct 2013 02:09:41 +0100 (IST)
Received: from [10.87.48.8] (unknown [86.45.49.3]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id CA500BE56; Wed, 16 Oct 2013 02:09:41 +0100 (IST)
Message-ID: <525DE74B.6080609@cs.tcd.ie>
Date: Wed, 16 Oct 2013 02:09:31 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Leo Vegoda <leo@vegoda.org>, Mike Demmers <mdietf@demmers.org>
References: <524343B5.8010808@cs.tcd.ie>	<20130930135150.23771137@cicero.demmers.org>	<nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de>	<20131010050040.03051a8e@cicero.demmers.org>	<j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de>	<20131010092504.039f1217@cicero.demmers.org>	<20131012180344.GA11447@vegoda.org>	<20131012234500.2813ff1c@cicero.demmers.org>	<20131013152508.GA12990@vegoda.org>	<20131014160906.27647ff6@cicero.demmers.org> <20131016003754.GA2428@vegoda.org>
In-Reply-To: <20131016003754.GA2428@vegoda.org>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Perpass List Submit <perpass@ietf.org>
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 01:09:50 -0000

On 10/16/2013 01:37 AM, Leo Vegoda wrote:
> Have you considered documenting your thoughts in a less
> conversational style?

Good suggestion. And there's time before the I-D
cutoff too. [1]

S.

[1] https://www.ietf.org/meeting/cutoff-dates-2013.html#IETF88

From mdietf@demmers.org  Tue Oct 15 19:54:49 2013
Return-Path: <mdietf@demmers.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A26D111E8220 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 19:54:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.084
X-Spam-Level: 
X-Spam-Status: No, score=-0.084 tagged_above=-999 required=5 tests=[AWL=-0.707, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, MANGLED_TOOL=2.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8VTco6ote90S for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 19:54:42 -0700 (PDT)
Received: from remote.demmers.org (mdemmers.virt.spiritone.com [216.99.193.151]) by ietfa.amsl.com (Postfix) with ESMTP id 36F7121F9D2A for <perpass@ietf.org>; Tue, 15 Oct 2013 19:54:37 -0700 (PDT)
Received: from cicero.demmers.org ([50.45.172.144]) by remote.demmers.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id r9G2sRPt004289; Tue, 15 Oct 2013 19:54:27 -0700
Date: Tue, 15 Oct 2013 19:54:23 -0700
From: Mike Demmers <mdietf@demmers.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Perpass List Submit <perpass@ietf.org>
Message-ID: <20131015195423.0dcf2939@cicero.demmers.org>
In-Reply-To: <525DE74B.6080609@cs.tcd.ie>
References: <524343B5.8010808@cs.tcd.ie> <20130930135150.23771137@cicero.demmers.org> <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de> <20131010050040.03051a8e@cicero.demmers.org> <j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de> <20131010092504.039f1217@cicero.demmers.org> <20131012180344.GA11447@vegoda.org> <20131012234500.2813ff1c@cicero.demmers.org> <20131013152508.GA12990@vegoda.org> <20131014160906.27647ff6@cicero.demmers.org> <20131016003754.GA2428@vegoda.org> <525DE74B.6080609@cs.tcd.ie>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 02:54:49 -0000

On Wed, 16 Oct 2013 02:09:31 +0100
Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:

> On 10/16/2013 01:37 AM, Leo Vegoda wrote:
> > Have you considered documenting your thoughts in a less
> > conversational style?  
> 
> Good suggestion. And there's time before the I-D
> cutoff too. [1]

You mean, write a draft?

I am new here...

I am only a user who really just came here out of frustration, thinking that if there was anything at all I could do to badger people to improve usablility, my main concern, I might do that. Just a consumer of RFCs, etc.

The whole default deny thing was just an offhand thought based off anothers comment. I surely didn't have any such thing in mind before that moment. I decided to just explore the idea a bit, thinking that either someone would point out a serious flaw, or if it seemed useful, someone wiser than I might possibly incorporate the idea in some improved form into something already being worked on.

At this point I don't really know if anyone else thinks this is a good idea, or a bad idea, or I am just another nutcase so out of the flow most are ignoring me. If it is the last, just say so, I am not thin skinned and will shut up about this with no rancor. ;-) 

> I found it hard to distinguish between your thoughts about user
> interface design and your ideas for a protocol. Frankly, I'd wait
> for a strong protocol design before thinking about UI elements.

Yes, I think I misunderstood what you were asking, as I thought to myself while writing that last exactly the same thing, that specifics like that were not really very relevant yet. Except to the degree they may shed some light on what might be required underneath.

I don't really think of this as a protocol, it is more in the nature of 'if you add this minor capability to MTAs, we could do this'.

In short form:

--

Encrypted email should be default deny, causing it to be a special case for a persons inner circle, providing anti-spam benefits, and allowing normal unencrypted mail and the many years of expected behaviors to procede just as before so as not to break important existing uses of email and encourage its use.

Add another extended command to ESMTP that allows a user agent to indicate that a message has been encrypted by it, so that state can be passed on and used further down the line to filter email, allowing a default deny mode to be used for encrypted mail. 

--

What is that? Not really a protocol, yes? Minor change to a protocol.

By the way -Steve- usually on lists there is no need to also CC people with your posts, but I noticed some here seemed to do that. I did notice sometimes the list, or at least the archive, seems a little slow. What is the norm here? 

-Mike

From mdietf@demmers.org  Tue Oct 15 20:46:39 2013
Return-Path: <mdietf@demmers.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA4D111E8131 for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 20:46:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.116
X-Spam-Level: 
X-Spam-Status: No, score=-1.116 tagged_above=-999 required=5 tests=[AWL=0.561,  BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QFSnHGD+dIhw for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 20:46:34 -0700 (PDT)
Received: from remote.demmers.org (mdemmers.virt.spiritone.com [216.99.193.151]) by ietfa.amsl.com (Postfix) with ESMTP id EB90221F9E6C for <perpass@ietf.org>; Tue, 15 Oct 2013 20:46:27 -0700 (PDT)
Received: from cicero.demmers.org ([50.45.172.144]) by remote.demmers.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id r9G3kOm0004731 for <perpass@ietf.org>; Tue, 15 Oct 2013 20:46:25 -0700
Date: Tue, 15 Oct 2013 20:46:20 -0700
From: Mike Demmers <mdietf@demmers.org>
To: Perpass List Submit <perpass@ietf.org>
Message-ID: <20131015204620.379f32f1@cicero.demmers.org>
In-Reply-To: <20131016003754.GA2428@vegoda.org>
References: <524343B5.8010808@cs.tcd.ie> <20130930135150.23771137@cicero.demmers.org> <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de> <20131010050040.03051a8e@cicero.demmers.org> <j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de> <20131010092504.039f1217@cicero.demmers.org> <20131012180344.GA11447@vegoda.org> <20131012234500.2813ff1c@cicero.demmers.org> <20131013152508.GA12990@vegoda.org> <20131014160906.27647ff6@cicero.demmers.org> <20131016003754.GA2428@vegoda.org>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 03:46:39 -0000

On Tue, 15 Oct 2013 17:37:54 -0700
Leo Vegoda <leo@vegoda.org> wrote:

> > They get backed up when they back up their system.  
> 
> You seem to have ignored the word "securely" in that sentence. And
> anyway, most people don't backup their systems at all. 

Here is, I hope, a better answer to your question 'How are keys securely backed up' , which I now understabd better:

That is handled by the underlying program you are using to encrypt your mail, and so has nothng to do with this proposal directly - it's implementation dependent. Out of scope.

For example, here I have Claws-Mail with gnupg installed in a plugin. Gnupg stores (or Claws-Mail tells it to store) its keys in a little database, that is encrypted on disk, with a passphrase. So claws mail must have some way to access that, store keys, etc. Since that program would have to understand both 'default-deny' and whatever its interface to gnupg is, it should be able to store keys in the same way for this. And use whatever means are available to it in Claws-Mail for backup. Or on the system.

-Mike

From elijah@leap.se  Tue Oct 15 21:36:04 2013
Return-Path: <elijah@leap.se>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6088821F9A4C for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 21:36:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level: 
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id se1Fp1Cu-F-H for <perpass@ietfa.amsl.com>; Tue, 15 Oct 2013 21:36:00 -0700 (PDT)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) by ietfa.amsl.com (Postfix) with ESMTP id 4C7F111E8239 for <perpass@ietf.org>; Tue, 15 Oct 2013 21:35:56 -0700 (PDT)
Received: from fruiteater.riseup.net (fruiteater-pn.riseup.net [10.0.1.74]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 3C1AA48512 for <perpass@ietf.org>; Tue, 15 Oct 2013 21:35:56 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: elijah@fruiteater.riseup.net) with ESMTPSA id 02851CBB
Message-ID: <525E17AB.1010805@leap.se>
Date: Tue, 15 Oct 2013 21:35:55 -0700
From: Elijah Sparrow <elijah@leap.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Perpass List Submit <perpass@ietf.org>
References: <524343B5.8010808@cs.tcd.ie>	<20130930135150.23771137@cicero.demmers.org>	<nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de>	<20131010050040.03051a8e@cicero.demmers.org>	<j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de>	<20131010092504.039f1217@cicero.demmers.org>	<20131012180344.GA11447@vegoda.org>	<20131012234500.2813ff1c@cicero.demmers.org>	<20131013152508.GA12990@vegoda.org>	<20131014160906.27647ff6@cicero.demmers.org>	<20131016003754.GA2428@vegoda.org> <20131015204620.379f32f1@cicero.demmers.org>
In-Reply-To: <20131015204620.379f32f1@cicero.demmers.org>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.97.8 at mx1
X-Virus-Status: Clean
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 04:36:04 -0000

On 10/15/2013 08:46 PM, Mike Demmers wrote:
> On Tue, 15 Oct 2013 17:37:54 -0700 Leo Vegoda <leo@vegoda.org>
> wrote:
> 
>>> They get backed up when they back up their system.
>> 
>> You seem to have ignored the word "securely" in that sentence. And 
>> anyway, most people don't backup their systems at all.
> 
> Here is, I hope, a better answer to your question 'How are keys
> securely backed up' , which I now understabd better:
> 
> That is handled by the underlying program you are using to encrypt
> your mail, and so has nothng to do with this proposal directly - it's
> implementation dependent. Out of scope.

I agree that this problem is out of scope, but it is very important
nonetheless. Every time someone hits upon a bright idea to make
encrypted communication easier to use they run up against the problem of
improving key management. These schemes, however, only work if the user
has access everywhere to their list of trusted keys. Essentially, the
authenticity problem gets transformed into an availability problem, and
the availability problem is perhaps even harder.

Three different free software projects try to securely tackle the
availability problem and could form the basis for an agnostic protocol
for portable and secure data sync:

(1) Firefox Sync https://www.mozilla.org/en-US/mobile/sync/
(2) SpiderOak's Crypton https://crypton.io/
(3) LEAP's Soledad https://leap.se/en/soledad

All of these are overkill for the narrow problem of key management.
Instead, they try to tackle the general question of secure data
synchronization and backup. I think this is probably the proper approach.

Our hope with the next version of Soledad is to add federation, so that
two or more users on different providers could share a synchronized,
searchable, client encrypted database. This could be useful for all
kinds of things.

-elijah

From rlb@ipv.sx  Wed Oct 16 00:02:07 2013
Return-Path: <rlb@ipv.sx>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D78FA11E815F for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 00:02:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.888
X-Spam-Level: 
X-Spam-Status: No, score=-2.888 tagged_above=-999 required=5 tests=[AWL=0.088,  BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A5MMdD7fAchq for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 00:02:03 -0700 (PDT)
Received: from mail-oa0-f48.google.com (mail-oa0-f48.google.com [209.85.219.48]) by ietfa.amsl.com (Postfix) with ESMTP id B990F21F9D44 for <perpass@ietf.org>; Wed, 16 Oct 2013 00:02:03 -0700 (PDT)
Received: by mail-oa0-f48.google.com with SMTP id m17so214168oag.35 for <perpass@ietf.org>; Wed, 16 Oct 2013 00:02:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=jTvXNXkR/28V+jPQ6Gx/nMVmtyu0zRZTcbizSVWlZcc=; b=h2EXpm0dlcN95LbbJBi/bT0uRwKHEeVpzvvtqeEhJB5xREuRuEwo3W4c+foi5t3kRU 8pZykh1r3qHs4vUsMMQ2mCHf0awga3G8gGGFJDMUF4f0Ma8dmAR3yIsVtJVKd/gWrtXU 3QEZ2pmYnGIS6vcthrEVB70eDcBKgEkVl6J6I8AiR7Rj2mhVH/RBCw9TCG6PhBDZllq8 unWEqhnX4XtCMELW+CjeuQ+6uALoJ3SKpr+cUxfNQfNkHf1zf2xqPn9jbV/L+i2uFOxZ AwwxNXz/68euhTpafYCOqrqjwTDF9XPhKRkshFj8ypCJDDIFzkD7Eic7DBgo0Vw+N9Gc jlyQ==
X-Gm-Message-State: ALoCoQlUBBpcYmxFvcd6JR9WPGw5ElzcrH7XNrmBhuJKOppayS5ezWFjP/7+GKDg69/7bGBPsW+G
MIME-Version: 1.0
X-Received: by 10.182.220.225 with SMTP id pz1mr5525obc.51.1381906923238; Wed, 16 Oct 2013 00:02:03 -0700 (PDT)
Received: by 10.76.101.10 with HTTP; Wed, 16 Oct 2013 00:02:03 -0700 (PDT)
In-Reply-To: <CAMm+LwgXer+0=uUEz5ziSw2nfTm6PSBtMDkhszjwcDBXG_nWQw@mail.gmail.com>
References: <CAMm+LwhCRKMdptth28yguZNyymm4dcALu0yACMjNwQ=JA1YbPw@mail.gmail.com> <F5063677821E3B4F81ACFB7905573F24049E8BC61F@MX15A.corp.emc.com> <8476775E-4828-47BC-9812-55DD75695A51@vigilsec.com> <CAL02cgStY5USwLnN2-bMCMU0jfRQqhj7E8z3p27BUtXt+FvqfQ@mail.gmail.com> <CAMm+LwgAfgU3-AE-d8+5qJ9m-pBeEgcZ1+7DQQwiOt7T9U-78g@mail.gmail.com> <00b901cec987$978d7080$c6a85180$@offspark.com> <CAMm+LwgXer+0=uUEz5ziSw2nfTm6PSBtMDkhszjwcDBXG_nWQw@mail.gmail.com>
Date: Wed, 16 Oct 2013 10:02:03 +0300
Message-ID: <CAL02cgT9f=V7J_FDG_Bp4YG+ncFX7PxgDOdXu3GR+6t0z8PY-w@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c30fac45f98604e8d6471b
Cc: Russ Housley <housley@vigilsec.com>, perpass <perpass@ietf.org>, "Moriarty, Kathleen" <kathleen.moriarty@emc.com>, Paul Bakker <p.j.bakker@offspark.com>
Subject: Re: [perpass] PKCS#12 needs fix'n
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 07:02:08 -0000

--001a11c30fac45f98604e8d6471b
Content-Type: text/plain; charset=ISO-8859-1

CBOR does this pretty well:
<http://tools.ietf.org/html/draft-bormann-cbor-09>


On Tue, Oct 15, 2013 at 4:18 PM, Phillip Hallam-Baker <hallam@gmail.com>wrote:

>
>
>
> On Tue, Oct 15, 2013 at 5:18 AM, Paul Bakker <p.j.bakker@offspark.com>wrote:
>
>> On Oct 15, 2013 Phillip Hallam-Baker wrote:
>>
>> > As for getting rid of Assanine 1, I would love to get rid of it
>> completely. But as
>> > a pragmatic matter, there is just too much ASN.1 already. I have even
>> had
>> to
>> > reluctantly write a key signing format in Assanine.1 because having the
>> cert
>> > and key signing in different syntaxes is just too confusing.
>>
>> While I do understand the reluctance for ASN.1, in an embedded
>> environment I
>> really prefer it over text parsing and buffer duplication that is required
>> for JSON parsing..
>>
>
> There are real problems there for embedded apps and for cryptography. But
> extending the JSON approach modestly to incorporate fixed length strings
> and binary blobs solves 95% of them:
>
> https://datatracker.ietf.org/doc/draft-hallambaker-jsonbcd/
>
>
> Having to remember whether an object is implicit or explicit or vague is
> just too much hassle.
>
> --
> Website: http://hallambaker.com/
>

--001a11c30fac45f98604e8d6471b
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">CBOR does this pretty well:<div>&lt;<a href=3D"http://tool=
s.ietf.org/html/draft-bormann-cbor-09">http://tools.ietf.org/html/draft-bor=
mann-cbor-09</a>&gt;</div></div><div class=3D"gmail_extra"><br><br><div cla=
ss=3D"gmail_quote">
On Tue, Oct 15, 2013 at 4:18 PM, Phillip Hallam-Baker <span dir=3D"ltr">&lt=
;<a href=3D"mailto:hallam@gmail.com" target=3D"_blank">hallam@gmail.com</a>=
&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0=
 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote"><div><div class=3D"h5">On Tue, Oct 15, 2013 at 5:18 AM, Paul Bakker=
 <span dir=3D"ltr">&lt;<a href=3D"mailto:p.j.bakker@offspark.com" target=3D=
"_blank">p.j.bakker@offspark.com</a>&gt;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div>On Oct 15, 2013 Phillip Hallam-Baker wrote:<br>

<br>
&gt; As for getting rid of Assanine 1, I would love to get rid of it<br>
completely. But as<br>
&gt; a pragmatic matter, there is just too much ASN.1 already. I have even =
had<br>
to<br>
&gt; reluctantly write a key signing format in Assanine.1 because having th=
e<br>
cert<br>
&gt; and key signing in different syntaxes is just too confusing.<br>
<br>
</div>While I do understand the reluctance for ASN.1, in an embedded enviro=
nment I<br>
really prefer it over text parsing and buffer duplication that is required<=
br>
for JSON parsing..<br></blockquote><div><br></div></div></div><div>There ar=
e real problems there for embedded apps and for cryptography. But extending=
 the JSON approach modestly to incorporate fixed length strings and binary =
blobs solves 95% of them:</div>

<div><br></div><div><a href=3D"https://datatracker.ietf.org/doc/draft-halla=
mbaker-jsonbcd/" target=3D"_blank">https://datatracker.ietf.org/doc/draft-h=
allambaker-jsonbcd/</a>=A0</div></div><div class=3D"gmail_extra"><br></div>=
<div class=3D"gmail_extra">

<br></div><div class=3D"gmail_extra">Having to remember whether an object i=
s implicit or explicit or vague is just too much hassle.</div><span class=
=3D"HOEnZb"><font color=3D"#888888"><div><br></div>-- <br>Website: <a href=
=3D"http://hallambaker.com/" target=3D"_blank">http://hallambaker.com/</a><=
br>


</font></span></div></div>
</blockquote></div><br></div>

--001a11c30fac45f98604e8d6471b--

From hallam@gmail.com  Wed Oct 16 07:16:36 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0760A11E81D1 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 07:16:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.59
X-Spam-Level: 
X-Spam-Status: No, score=-2.59 tagged_above=-999 required=5 tests=[AWL=0.009,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id njZSCXlxfDTX for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 07:16:34 -0700 (PDT)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) by ietfa.amsl.com (Postfix) with ESMTP id 464AE11E813B for <perpass@ietf.org>; Wed, 16 Oct 2013 07:16:25 -0700 (PDT)
Received: by mail-wi0-f180.google.com with SMTP id ey11so837507wid.13 for <perpass@ietf.org>; Wed, 16 Oct 2013 07:16:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=M4NNI3+VO/CLJ63T05LPG1L782QYmb9wM7sX8if9RY0=; b=KMP3P3wSN7JIbXz9TzOja+SdrWifCp/yVUEgRDB85aCMFCX3rCfeIv5jV1HRXjX80X TiRhXFmo3twHz1SYwKTcGNcrgT3MbYVPGpG1V9WMM0mWL/SUYGmvMDpVbsqJ65TA7iOu 5e5BA2mLyMWjoKmtfs+CnN4JEnyKebpSXLDjKlLpNjKP2moiy8gCnCXhQ/JAUqp+Pp2c wZ1FWBMkIjXCVd2lY/c7bVXA30OYM1eqgqLOYLz/1DVlv/z8RBEyOsXxUraJXV9o6FEW H2uHg5dhp6pEb7+PNat8DoUOlHSbvpzAJXph4rFtTYyUqSXSGAEi3613Nv62ZO4+qme2 iweg==
MIME-Version: 1.0
X-Received: by 10.194.158.67 with SMTP id ws3mr2666496wjb.5.1381932975732; Wed, 16 Oct 2013 07:16:15 -0700 (PDT)
Received: by 10.194.32.169 with HTTP; Wed, 16 Oct 2013 07:16:15 -0700 (PDT)
In-Reply-To: <525E17AB.1010805@leap.se>
References: <524343B5.8010808@cs.tcd.ie> <20130930135150.23771137@cicero.demmers.org> <nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de> <20131010050040.03051a8e@cicero.demmers.org> <j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de> <20131010092504.039f1217@cicero.demmers.org> <20131012180344.GA11447@vegoda.org> <20131012234500.2813ff1c@cicero.demmers.org> <20131013152508.GA12990@vegoda.org> <20131014160906.27647ff6@cicero.demmers.org> <20131016003754.GA2428@vegoda.org> <20131015204620.379f32f1@cicero.demmers.org> <525E17AB.1010805@leap.se>
Date: Wed, 16 Oct 2013 10:16:15 -0400
Message-ID: <CAMm+LwhKSgeNjsdWmyd0opHuuaCwimsP8e_+r7qH7PVpEsMJoQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Elijah Sparrow <elijah@leap.se>
Content-Type: multipart/alternative; boundary=089e0122eca41f3ce404e8dc5855
Cc: Perpass List Submit <perpass@ietf.org>
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 14:16:36 -0000

--089e0122eca41f3ce404e8dc5855
Content-Type: text/plain; charset=ISO-8859-1

The subject is not out of scope if you decide to store the private key blob
in the cloud...

That looks to me like it might be the answer in some cases. I would rather
guarantee that the blob is strongly encrypted and can't be lost than have
the user export them to a USB stick under a weak password that they chose.

Peter has an interesting collection of PKCS#12 files...


Storage on the target device is preferably in a form that does not support
or better actively resists extraction. But that is quite expensive and
difficult to do well. There are issues such as leaking the key when it is
used (power analysis) that are hard problems.

--089e0122eca41f3ce404e8dc5855
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">The subject is not out of scope if you decide to store the=
 private key blob in the cloud...<div><br></div><div>That looks to me like =
it might be the answer in some cases. I would rather guarantee that the blo=
b is strongly encrypted and can&#39;t be lost than have the user export the=
m to a USB stick under a weak password that they chose.</div>
<div><br></div><div>Peter has an interesting collection of PKCS#12 files...=
</div><div><br></div><div><br></div><div>Storage on the target device is pr=
eferably in a form that does not support or better actively resists extract=
ion. But that is quite expensive and difficult to do well. There are issues=
 such as leaking the key when it is used (power analysis) that are hard pro=
blems.</div>
</div>

--089e0122eca41f3ce404e8dc5855--

From kent@bbn.com  Wed Oct 16 07:22:13 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3869B11E82B0 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 07:22:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.481
X-Spam-Level: 
X-Spam-Status: No, score=-106.481 tagged_above=-999 required=5 tests=[AWL=0.119, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kXmjkQsbMWzF for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 07:22:04 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 8B6A311E82A8 for <perpass@ietf.org>; Wed, 16 Oct 2013 07:21:59 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:50405) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VWRz4-0001lS-LY; Wed, 16 Oct 2013 10:21:58 -0400
Message-ID: <525EA106.4040800@bbn.com>
Date: Wed, 16 Oct 2013 10:21:58 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: joel jaeggli <joelja@bogus.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com> <02DDDAE5-6016-4793-9142-8B1CD73475A3@bogus.com> <525DAA4C.6070107@bbn.com> <80FA935E-7332-4387-99C5-B1FB62514B63@bogus.com> <525DB90F.1070700@bbn.com> <C26C8B1B-7FA1-456A-A35E-32AAE761A8DE@bogus.com>
In-Reply-To: <C26C8B1B-7FA1-456A-A35E-32AAE761A8DE@bogus.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, Tim Moses <tim.moses@entrust.com>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 14:22:13 -0000

Joel,

Thanks for the followup, identifying the CABF as the source of the key 
length change.

Steve



From kent@bbn.com  Wed Oct 16 07:28:15 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A10111E82BE for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 07:28:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.484
X-Spam-Level: 
X-Spam-Status: No, score=-106.484 tagged_above=-999 required=5 tests=[AWL=0.115, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y+kqEQJ6YN1a for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 07:28:09 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 5230311E82C2 for <perpass@ietf.org>; Wed, 16 Oct 2013 07:28:09 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:50411) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VWS50-0001vN-Ff; Wed, 16 Oct 2013 10:28:06 -0400
Message-ID: <525EA275.5020107@bbn.com>
Date: Wed, 16 Oct 2013 10:28:05 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com>	<525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie>
In-Reply-To: <525DDE3D.6020500@cs.tcd.ie>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 14:28:15 -0000

Stephen,

Just commenting on one of your comments ...
> ...
>> What is this "cleartext IMAP" of which you speak?
> I guess that's a fair comment - we don't know that they're
> able gather to inbox data via IMAP due to it being sent in
> clear,  however that seems like a reasonable guess based
> on the newspaper story which says that collection is done
> by telcos that are "overseas" and assuming that TLS is not
> busted for these services.
Based only on the story that you cited, and your observation about
telcos being the sources of the info, might it be the case that the
telcos were also the mail providers? I'm not sure how to interpret
the slides the the cite story included. That sort of explanation
would be consistent with Ned's observations about commercial provider
use of SSL to protect IMAP/POP access.

Steve

From richard@shockey.us  Wed Oct 16 07:36:13 2013
Return-Path: <richard@shockey.us>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DB1C11E82A5 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 07:36:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.257
X-Spam-Level: 
X-Spam-Status: No, score=-102.257 tagged_above=-999 required=5 tests=[AWL=0.342, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id trdevq6QkK8r for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 07:36:09 -0700 (PDT)
Received: from outbound-ss-1194.bluehost.com (outbound-ss-1194.bluehost.com [74.220.211.4]) by ietfa.amsl.com (Postfix) with SMTP id 37E2F11E8255 for <perpass@ietf.org>; Wed, 16 Oct 2013 07:36:08 -0700 (PDT)
Received: (qmail 24538 invoked by uid 0); 16 Oct 2013 14:35:44 -0000
Received: from unknown (HELO box462.bluehost.com) (74.220.219.62) by oproxy1.mail.unifiedlayer.com with SMTP; 16 Oct 2013 14:35:44 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default;  h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:To:From; bh=ZfLKHdvrVlZ9/pnFTpoqZTnqryIF16DDUCMJpYnOL+A=;  b=jl33cfJ7sZD2xremF5rCysv/fz6FXv38H0ktrkRrtRzxZdhZ/4drRkSNPUZ7MincOsHOVWWHfBv+RntBSPWwN8cXIk/63C4JVoCy+FPBKYca69ZR/o+ITg+qmk/rfBbX;
Received: from [71.114.100.16] (port=51948 helo=RSHOCKEYPC) by box462.bluehost.com with esmtpa (Exim 4.80) (envelope-from <richard@shockey.us>) id 1VWSCO-0003sb-92; Wed, 16 Oct 2013 08:35:44 -0600
From: "Richard Shockey" <richard@shockey.us>
To: "'Elijah Sparrow'" <elijah@leap.se>, "'Perpass List Submit'" <perpass@ietf.org>
References: <524343B5.8010808@cs.tcd.ie>	<20130930135150.23771137@cicero.demmers.org>	<nrjb59ha1af4nhnc1to7758iammd4o7dn4@hive.bjoern.hoehrmann.de>	<20131010050040.03051a8e@cicero.demmers.org>	<j46d59lctinvqcnsan9s7ogu1l3oq10ab9@hive.bjoern.hoehrmann.de>	<20131010092504.039f1217@cicero.demmers.org>	<20131012180344.GA11447@vegoda.org>	<20131012234500.2813ff1c@cicero.demmers.org>	<20131013152508.GA12990@vegoda.org>	<20131014160906.27647ff6@cicero.demmers.org>	<20131016003754.GA2428@vegoda.org>	<20131015204620.379f32f1@cicero.demmers.org> <525E17AB.1010805@leap.se>
In-Reply-To: <525E17AB.1010805@leap.se>
Date: Wed, 16 Oct 2013 10:35:42 -0400
Message-ID: <00cb01ceca7c$fe40d420$fac27c60$@shockey.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Content-Language: en-us
Thread-Index: AQE17G81EdpnVlKgu0tp755C1sUnJgEKoG6MAevBjZwCS7mJxwHawXh6AZ/TKgYCsmS67gG2eG8wAjyyl00BwuE+3gFt5TrrAXNUaFACgb7TG5p031yg
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 71.114.100.16 authed with richard@shockey.us}
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 14:36:13 -0000

> That is handled by the underlying program you are using to encrypt 
> your mail, and so has nothng to do with this proposal directly - it's 
> implementation dependent. Out of scope.

I agree that this problem is out of scope, but it is very important
nonetheless. Every time someone hits upon a bright idea to make encrypted
communication easier to use they run up against the problem of improving key
management. 

[RS> ]  +1  Thank you for pointing that out.  It's the one of the core
problems usabiligy and implementation. "We have met the enemy and it is us."




These schemes, however, only work if the user has access everywhere to their
list of trusted keys. Essentially, the authenticity problem gets transformed
into an availability problem, and the availability problem is perhaps even
harder.

Three different free software projects try to securely tackle the
availability problem and could form the basis for an agnostic protocol for
portable and secure data sync:

(1) Firefox Sync https://www.mozilla.org/en-US/mobile/sync/
(2) SpiderOak's Crypton https://crypton.io/
(3) LEAP's Soledad https://leap.se/en/soledad

All of these are overkill for the narrow problem of key management.
Instead, they try to tackle the general question of secure data
synchronization and backup. I think this is probably the proper approach.

Our hope with the next version of Soledad is to add federation, so that two
or more users on different providers could share a synchronized, searchable,
client encrypted database. This could be useful for all kinds of things.

-elijah
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass


From joe@cdt.org  Wed Oct 16 07:43:44 2013
Return-Path: <joe@cdt.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33C3E11E82A5 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 07:43:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_21=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fVkhcUHIon-i for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 07:43:40 -0700 (PDT)
Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id 3927E21F9CE8 for <perpass@ietf.org>; Wed, 16 Oct 2013 07:43:40 -0700 (PDT)
X-Footer: Y2R0Lm9yZw==
Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES256-SHA (256 bits)); Wed, 16 Oct 2013 10:43:37 -0400
Message-ID: <525EA61B.3080902@cdt.org>
Date: Wed, 16 Oct 2013 10:43:39 -0400
From: Joseph Lorenzo Hall <joe@cdt.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>
References: <CAMm+LwjjWn0ai-KJHkr+tY1jDf75YNXpkXm6JRZO9doWWjZMmw@mail.gmail.com> <CAMm+Lwi3U1nRy6Qh-h_5173WRBgbw2UBioh-ea6kV6bN_88T8Q@mail.gmail.com>
In-Reply-To: <CAMm+Lwi3U1nRy6Qh-h_5173WRBgbw2UBioh-ea6kV6bN_88T8Q@mail.gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Encoding email security policy into email addresses.
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 14:43:44 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I can't tell you how many conversations I've had lately with laypeople
and journalists who have tried to get up to speed with PGP and just
can't manage it... they inevitably ask me if there is a way to encrypt
email such that they have to know nothing or little to us it. I have
to tell them, not really. This seems to be getting in that direction!
So, thank you, for working on this... I do wish the delimiter were
something other than "?", but I'm not sure if there are any other
design choices.

best, Joe

On Tue Oct 15 13:26:46 2013, Phillip Hallam-Baker wrote:
> This is how the scheme works in practice.
> 
> 
> 
> Private Key Example
> 
> Alice uses a key generation tool to generate a public keypair. The
> public parameters in hexadecimal are:
> 
> Modulus  : a4 11 df 43 4a 6b a1 3e 29 78 5e 65 3c 3e 77 71 78 e5 be
> bf 1e aa cd 4b 07 94 78 05 c6 c8 06 52 a6 32 ce 8d 31 88 43 f5 78
> b4 17 03 99 b1 1b a4 fc e9 82 ec d7 10 f2 56 f4 dc b8 0e e4 d2 e9
> e8 ad 90 41 e6 9a 65 ad 97 c3 a6 f4 49 51 b2 cb 98 4c d9 19 ba b4
> b6 06 7c 87 79 3f 30 01 fa 1d d9 5c ad 94 f6 5e 09 2d 32 5f 1d f7
> ce d2 f5 d1 68 05 c6 95 2b 9a c3 f5 f4 8a f2 a1 a6 9d 7a de 93 
> Exponent : 01 00 01
> 
> The Key Identifier is calculated using SHA512 and truncated to 224
> bits to produce the Key Identifier value. The Key Identifier in
> Base32 encoding is:
> 
> KeyIdentifier:
> ABAFYA-ATQBAB-UAG4VXA-MMACY7-4AMIAB4-NWALTA-GSHYAK-5AA
> 
> An email sender may send email to Alice through a compliant gateway
> as follows: alice@example.com Send email to Alice using encryption
> if and only if an encryption key for Alice can be found and Alice
> has published the email encryption policy 'encryption preferred' or
> stronger. ? alice@example.com Send email to Alice using encryption
> if and only if an encryption key for Alice can be found, otherwise
> report an error. 
> ABAFYA-ATQBAB-UAG4VXA-MMACY7-4AMIAB4-NWALTA-GSHYAK-5AA?alice@example.com
> Send email to Alice using encryption if and only if an encryption
> key for Alice can be found that is directly endorsed under the
> specified key, otherwise report an error.
> ABAFYA-ATQBAB-UAG4VXA-MMACY7-4AMIAB4-NWALTA-GSHYAK-5AA?? 
> alice@example.com Send email to Alice using encryption if and only
> if an encryption key for Alice can be found that is (directly or
> indierectly) endorsed under the specified key, otherwise report an
> error.
> 
> The key identifiers are 224 bits long plus an 8 bit prefix to
> specify the algorithm. It might well be desirable to trim them back
> to 160 bits but certainly no less than 128 bits.
> 
> Here is 160 bits: 
> AAAMDA-GF5JAP-IAH7P3A-DSAEYB-IAHMAFB?alice@example.com
> 
> Here is 128 bits: ADAHSA-CSZLAG-AAHTZ2A-IFAF3PF?alice@example.com
> 
> 
> The 128 bit key identifier might be strong enough for a personal
> key identifier since the difficulty of finding a key that would
> match by brute force would be 128 bits.
> 
> For an organizational key, there is a risk of the key being formed 
> maliciously so as to evade transparency requirements and so the
> longer identifier is 'probably' necessary.
> 
> 
> 
> This is how the scheme works in practice.
> 
> 
> 
> Private Key Example
> 
> Alice uses a key generation tool to generate a public keypair. The 
> public parameters in hexadecimal are:
> 
> Modulus  : a4 11 df 43 4a 6b a1 3e 29 78 5e 65 3c 3e 77 71 78 e5 be
> bf 1e aa cd 4b 07 94 78 05 c6 c8 06 52 a6 32 ce 8d 31 88 43 f5 78
> b4 17 03 99 b1 1b a4 fc e9 82 ec d7 10 f2 56 f4 dc b8 0e e4 d2 e9
> e8 ad 90 41 e6 9a 65 ad 97 c3 a6 f4 49 51 b2 cb 98 4c d9 19 ba b4
> b6 06 7c 87 79 3f 30 01 fa 1d d9 5c ad 94 f6 5e 09 2d 32 5f 1d f7
> ce d2 f5 d1 68 05 c6 95 2b 9a c3 f5 f4 8a f2 a1 a6 9d 7a de 93 
> Exponent : 01 00 01 The Key Identifier is calculated using SHA512
> and truncated to 224 bits to produce the Key Identifier value. The
> Key Identifier in Base32 encoding is: KeyIdentifier:
> ABAFYA-ATQBAB-UAG4VXA-MMACY7-4AMIAB4-NWALTA-GSHYAK-5AA An email
> sender may send email to Alice through a compliant gateway as 
> follows:
> 
> alice@example.com <mailto:alice@example.com> Send email to Alice
> using encryption if and only if an encryption key for Alice can be
> found and Alice has published the email encryption policy
> 'encryption preferred' or stronger. ?alice@example.com
> <mailto:alice@example.com> Send email to Alice using encryption if
> and only if an encryption key for Alice can be found, otherwise
> report an error. 
> ABAFYA-ATQBAB-UAG4VXA-MMACY7-4AMIAB4-NWALTA-GSHYAK-5AA?alice@example.com
>
> 
<mailto:alice@example.com>
> Send email to Alice using encryption if and only if an encryption 
> key for Alice can be found that is directly endorsed under the 
> specified key, otherwise report an error. 
> ABAFYA-ATQBAB-UAG4VXA-MMACY7-4AMIAB4-NWALTA-GSHYAK-5AA??alice@example.com
>
> 
<mailto:alice@example.com>
> Send email to Alice using encryption if and only if an encryption 
> key for Alice can be found that is (directly or indierectly) 
> endorsed under the specified key, otherwise report an error.
> 
> 
> The key identifiers are 224 bits long plus an 8 bit prefix to
> specify the algorithm. It might well be desirable to trim them back
> to 160 bits but certainly no less than 128 bits.
> 
> Here is 160 bits: 
> AAAMDA-GF5JAP-IAH7P3A-DSAEYB-IAHMAFB?alice@example.com 
> <mailto:alice@example.com>
> 
> Here is 128 bits: ADAHSA-CSZLAG-AAHTZ2A-IFAF3PF?alice@example.com
> <mailto:alice@example.com>
> 
> 
> The 128 bit key identifier might be strong enough for a personal
> key identifier since the difficulty of finding a key that would
> match by brute force would be 128 bits.
> 
> For an organizational key, there is a risk of the key being formed 
> maliciously so as to evade transparency requirements and so the
> longer identifier is 'probably' necessary.
> 
> -- Website: http://hallambaker.com/
> 
> 
> _______________________________________________ perpass mailing
> list perpass@ietf.org 
> https://www.ietf.org/mailman/listinfo/perpass
- -- 
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlJephsACgkQwOJtkPJXd/i1FACfczzEWerNIIy3Xau7yn28pQzf
R3YAn1+UeV5yFzq1YqXQHA5Wy1Sje4By
=2w2c
-----END PGP SIGNATURE-----


From stephen.farrell@cs.tcd.ie  Wed Oct 16 07:46:41 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85D5B11E8289 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 07:46:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.29
X-Spam-Level: 
X-Spam-Status: No, score=-102.29 tagged_above=-999 required=5 tests=[AWL=-0.291, BAYES_00=-2.599, J_CHICKENPOX_52=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tItJdhDNdipI for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 07:46:34 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 7C6C211E8255 for <perpass@ietf.org>; Wed, 16 Oct 2013 07:46:30 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id EBBB1BE6E; Wed, 16 Oct 2013 15:46:24 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J5xJO+oZINrk; Wed, 16 Oct 2013 15:46:24 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C6343BDCA; Wed, 16 Oct 2013 15:46:24 +0100 (IST)
Message-ID: <525EA6C0.2040708@cs.tcd.ie>
Date: Wed, 16 Oct 2013 15:46:24 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie>	<525C2C44.2070404@bbn.com>	<525C8130.2000606@cs.tcd.ie>	<525D183E.7000200@cs.tcd.ie> <01OZM7M57NWK00004R@mauve.mrochek.com>	<525DDE3D.6020500@cs.tcd.ie> <525EA275.5020107@bbn.com>
In-Reply-To: <525EA275.5020107@bbn.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 14:46:41 -0000

On 10/16/2013 03:28 PM, Stephen Kent wrote:
> Stephen,
> 
> Just commenting on one of your comments ...
>> ...
>>> What is this "cleartext IMAP" of which you speak?
>> I guess that's a fair comment - we don't know that they're
>> able gather to inbox data via IMAP due to it being sent in
>> clear,  however that seems like a reasonable guess based
>> on the newspaper story which says that collection is done
>> by telcos that are "overseas" and assuming that TLS is not
>> busted for these services.
> Based only on the story that you cited, and your observation about
> telcos being the sources of the info, might it be the case that the
> telcos were also the mail providers? I'm not sure how to interpret
> the slides the the cite story included. That sort of explanation
> would be consistent with Ned's observations about commercial provider
> use of SSL to protect IMAP/POP access.

That could be but I guess we're not likely to be told;-)

I did take a peek to see if I could figure out if there're
lots of services running on 143 without STARTTLS but haven't
found anything that answers that question. I did find
this [1] (no idea how accurate though) which says their
survey found 4.7M listeners on 143, but there's no info
about how many have a usable STARTTLS config. With that
number of services, I guess collecting O(10^5) "inboxes"
per day in plaintext could be credible, but who knows.

But, nonetheless I think the question about 3-flavours
of IMAP and MTI is still worth thinking about.

S

[1] http://www.openemailsurvey.org/imap-143.html

From kent@bbn.com  Wed Oct 16 08:23:43 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA70921F9FA5 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 08:23:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.488
X-Spam-Level: 
X-Spam-Status: No, score=-106.488 tagged_above=-999 required=5 tests=[AWL=0.110, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gh+KMVskGR4t for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 08:23:37 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id CA94E21F9E4F for <perpass@ietf.org>; Wed, 16 Oct 2013 08:23:36 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:50443) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VWSwh-000C7v-Li for perpass@ietf.org; Wed, 16 Oct 2013 11:23:35 -0400
Message-ID: <525EAF77.3090203@bbn.com>
Date: Wed, 16 Oct 2013 11:23:35 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: perpass@ietf.org
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie>
In-Reply-To: <525D183E.7000200@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="------------000406030204000805090107"
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 15:23:43 -0000

This is a multi-part message in MIME format.
--------------000406030204000805090107
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Stephen,

I realized that I forgot to reply to your message about MTI vs. MTU for 
IMAP.

Even absent Ned's detailed note showing that most major e-mail providers 
already
mandate use of TLS for access, I would not see the Washington Post story as
evidence that we need to change IMAP (and POP?) to mandate _use_ of TLS. 
One reason
is that these e-mail access protocols are used in enterprise environment 
where passive
wiretapping often not considered a viable attack. Internal to the 
enterprise net
there is usually a perception of adequate physical security. For 
external access,
VPN use is usually mandated. If we mandated use of TLS with these 
protocols, and
access was already protected by IPsec, it would seem overkill, and 
create possible PMTU
problems.

This is another example of why it's hard to justify MTU for protocols, 
independent of
context. Ned's observations, and Joel's, suggest that when a service 
providers decide that
security against passive wiretapping is a concern, they make use of it 
(eventually),
irrespective of IETF mandates. It's disappointing that, as Ned noted, 
the providers
elected to adopt a different port for this protected access, contrary to 
IETF specs.
Maybe this shows that we're not always in the best position to decide 
the MTI details :-( .

Steve

--------------000406030204000805090107
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=us-ascii"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Stephen,<br>
    <br>
    I realized that I forgot to reply to your message about MTI vs. MTU
    for IMAP.<br>
    <br>
    Even absent Ned's detailed note showing that most major e-mail
    providers already <br>
    mandate use of TLS for access, I would not see the Washington Post
    story as<br>
    evidence that we need to change IMAP (and POP?) to mandate <u>use</u>
    of TLS. One reason<br>
    is that these e-mail access protocols are used in enterprise
    environment where passive <br>
    wiretapping often not considered a viable attack. Internal to the
    enterprise net<br>
    there is usually a perception of adequate physical security. For
    external access,<br>
    VPN use is usually mandated. If we mandated use of TLS with these
    protocols, and<br>
    access was already protected by IPsec, it would seem overkill, and
    create possible PMTU<br>
    problems.<br>
    <br>
    This is another example of why it's hard to justify MTU for
    protocols, independent of <br>
    context. Ned's observations, and Joel's, suggest that when a service
    providers decide that<br>
    security against passive wiretapping is a concern, they make use of
    it (eventually),<br>
    irrespective of IETF mandates. It's disappointing that, as Ned
    noted, the providers <br>
    elected to adopt a different port for this protected access,
    contrary to IETF specs.<br>
    Maybe this shows that we're not always in the best position to
    decide the MTI details <span class="moz-smiley-s2"><span> :-( </span></span>.<br>
    <br>
    Steve<br>
  </body>
</html>

--------------000406030204000805090107--

From nweaver@icsi.berkeley.edu  Wed Oct 16 09:32:09 2013
Return-Path: <nweaver@icsi.berkeley.edu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FAF011E8319 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 09:32:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7UGRsLQqF5DF for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 09:32:05 -0700 (PDT)
Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id 1A9C211E830F for <perpass@ietf.org>; Wed, 16 Oct 2013 09:32:05 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 962EB2C4017; Wed, 16 Oct 2013 09:32:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU
Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id bNGUZCHMXrTV; Wed, 16 Oct 2013 09:32:04 -0700 (PDT)
Received: from gala.icir.org (gala.icir.org [192.150.187.130]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 3B9082C4012; Wed, 16 Oct 2013 09:32:04 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_242E23E1-BEDB-47F1-A239-1394269C7615"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Nicholas Weaver <nweaver@icsi.berkeley.edu>
In-Reply-To: <525EAF77.3090203@bbn.com>
Date: Wed, 16 Oct 2013 09:32:03 -0700
Message-Id: <989619D4-FCB3-4DF4-A4DB-C8864D2155D0@icsi.berkeley.edu>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1510)
Cc: perpass@ietf.org, Nicholas Weaver <nweaver@icsi.berkeley.edu>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 16:32:09 -0000

--Apple-Mail=_242E23E1-BEDB-47F1-A239-1394269C7615
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


On Oct 16, 2013, at 8:23 AM, Stephen Kent <kent@bbn.com> wrote:
> One reason
> is that these e-mail access protocols are used in enterprise =
environment where passive=20
> wiretapping often not considered a viable attack.=20

As someone who remembers the switch to Kerberos and then SSH driven by =
password sniffers in the LAN, including one which got my own password =
back in the day, I find this assumption grossly unrealistic.

You have to REALLY lock-down the LAN, including properly configure high =
end switches with ARP filtering and/or other layer 3 management, for =
this assumption to be even remotely plausible.


Finally, we must consider passive wiretapping an active attack.  The =
only thing which prevents a passive wiretap from modifying (rather than =
just monitoring) traffic is almost invariably the will of the attacker, =
not any technical limitation, since even on-path wiretappers can packet =
inject, allowing the attacker to trivially promote themselves into a =
MitM situation in almost all circumstances.

--
Nicholas Weaver                  it is a tale, told by an idiot,
nweaver@icsi.berkeley.edu                full of sound and fury,
510-666-2903                                 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc


--Apple-Mail=_242E23E1-BEDB-47F1-A239-1394269C7615
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJSXr+DAAoJEG2B1w+SDi/ujyMQAIrzPn5Y9o0zZA9CEKUNfJPV
1xDa4ZFmwiqdB5qu3PMjNIGZ3VjuyofrDOTTqbXHnTFavMvn+482Le/Vx0jpPXgB
sUD6kai8AqIcCWM49ms7n/62A6YyPDnhuYGZiZxKzDZgC612v6c/1QC1hAUI8WfW
P3xOsWDERf4YjQOnNP7Y33qhHMb9xN4/AumFHqbmi8s3IJtLj/vHMVI/5X+H5g34
jKywvne6mfvRAEcJrPDTtmflAAj8sn3nfXDDm0AyU0MQ2BZj1cJmwHbhWgxEbyMf
VvLxd76J7MtF4DiFLtChpeAgHKT7R9rQ7XcI6cTpsqNbAHkDqbnzSph5CDxs8W3n
gXgZJ2P2tIIJgpxV9RQ3BGkWhqfoUNkSodU/UqefpQIznQzI+aLl8Y8fz3ujQlvm
jpo60QLv//SF6rlyzBAcAQZAJrcIGn8oVNXdCaLUL4K4M0J0HKem7JEeDFRHUpHF
1MOVgSxXZcMRmdhKtZAPmVfoi8JIdVm5QBbWDWP8TBrNMegeLp834IakLs/vdWq0
ocdddqot9A0YEqNILINvpsLA0DjIZDCNGu5g/zn6UycrL9CokznS37U7LcuE57FE
weegYM0N9QYd/cP5mZENKJXOPgsznzMqWNNpEPoW9WgUczhQ9TC6spQYBfW6K3u7
s9cD6I2ipye0kfXib0pi
=/jbY
-----END PGP SIGNATURE-----

--Apple-Mail=_242E23E1-BEDB-47F1-A239-1394269C7615--

From atlunde@panix.com  Wed Oct 16 10:33:05 2013
Return-Path: <atlunde@panix.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79A1221F99F3 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 10:33:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level: 
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JOHEgsZSphMF for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 10:32:59 -0700 (PDT)
Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89]) by ietfa.amsl.com (Postfix) with ESMTP id 9FDD321F99DC for <perpass@ietf.org>; Wed, 16 Oct 2013 10:32:53 -0700 (PDT)
Received: from [129.105.233.63] (socrates.tss.northwestern.edu [129.105.233.63]) by mailbackend.panix.com (Postfix) with ESMTP id 13B4D28233 for <perpass@ietf.org>; Wed, 16 Oct 2013 13:32:53 -0400 (EDT)
Message-ID: <525ECDC4.5090009@panix.com>
Date: Wed, 16 Oct 2013 12:32:52 -0500
From: Albert Lunde <atlunde@panix.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: perpass@ietf.org
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie>	<525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie>	<525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com>
In-Reply-To: <525EAF77.3090203@bbn.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 17:33:05 -0000

On 10/16/2013 10:23 AM, Stephen Kent wrote:
> Stephen,
>
> I realized that I forgot to reply to your message about MTI vs. MTU for
> IMAP.
>
> Even absent Ned's detailed note showing that most major e-mail providers
> already
> mandate use of TLS for access, I would not see the Washington Post story as
> evidence that we need to change IMAP (and POP?) to mandate _use_ of TLS.

Another concern might be that the Oauth 2.0 family of protocols, as used 
on various social medial, could be used to dump a "profile" for a user 
(which might include contacts).

There's not a lot of uniform cross-provider interop yet (in say, openid 
connect), but the per-provider extensions seem able to leak excessive 
user information in some use cases.

(Based on what I've read, I haven't looked at the traffic myself).

-- 
     Albert Lunde  albert-lunde@northwestern.edu
                   atlunde@panix.com  (address for personal mail)

From hallam@gmail.com  Wed Oct 16 10:37:09 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CE7311E81F5 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 10:37:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.59
X-Spam-Level: 
X-Spam-Status: No, score=-2.59 tagged_above=-999 required=5 tests=[AWL=0.009,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LAOqu-OOQd4H for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 10:37:09 -0700 (PDT)
Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 571BE11E8192 for <perpass@ietf.org>; Wed, 16 Oct 2013 10:37:08 -0700 (PDT)
Received: by mail-wi0-f171.google.com with SMTP id h11so2800756wiv.10 for <perpass@ietf.org>; Wed, 16 Oct 2013 10:37:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=/blaIbElqacz1ZLaYbsJW2SUzgZFuH0RjMRb6uKL79c=; b=lmhwx03G+rQRNgKYCjpREjvRSG/qWu2wVMV6WYRT6PI03EY8h7iecavHIft3nZKBMY 4x/Q1kZnlY8pEmDdP0hzSpwjyL4qRl6rLTwAB/rXEqZpvC7OX2DQspyXje9PPHyk8S19 OgotC9rVJFReQFjBoaqqaM+HIuhlPVnSMUitdP0ZZokY61PVjoxxhqLmIKXz/HS8NjoO sVtJt+SdJPkhorifR5Gz/x+T5HtPFMsF0K1LWJXswHioHYCsiUJ+kiZNb0bdzeVAtjSt jnKn1ZYe64vwv7IozxFw190xMNAwZtsK+IXvBIWIPCqSKSPrMdLyC9NHhsM4ZaqoWl7J 9CRw==
MIME-Version: 1.0
X-Received: by 10.180.126.101 with SMTP id mx5mr24757138wib.63.1381945025376;  Wed, 16 Oct 2013 10:37:05 -0700 (PDT)
Received: by 10.194.32.169 with HTTP; Wed, 16 Oct 2013 10:37:05 -0700 (PDT)
In-Reply-To: <525EA61B.3080902@cdt.org>
References: <CAMm+LwjjWn0ai-KJHkr+tY1jDf75YNXpkXm6JRZO9doWWjZMmw@mail.gmail.com> <CAMm+Lwi3U1nRy6Qh-h_5173WRBgbw2UBioh-ea6kV6bN_88T8Q@mail.gmail.com> <525EA61B.3080902@cdt.org>
Date: Wed, 16 Oct 2013 13:37:05 -0400
Message-ID: <CAMm+LwhJuWw3ZfNiazgR=gA+5-CW-PQjoWfL+CRDH1TrKzDptw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Joseph Lorenzo Hall <joe@cdt.org>
Content-Type: multipart/alternative; boundary=e89a8f642e1656376f04e8df264e
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Encoding email security policy into email addresses.
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 17:37:09 -0000

--e89a8f642e1656376f04e8df264e
Content-Type: text/plain; charset=ISO-8859-1

We can use almost anything as the separator except for

It can't be @ (reserved for use as a separator)
It can't be ! (legacy of UUCP)
It can't be : or . (used in IP addresses)
It can't be - or _  (widely used already)
It can't be % (used as escaping in URIs)
It can't be < or > and probably not [({ })] either

That leaves very little. I dislike $.

I chose ? because it poses a problem for the NSA to decrypt which is a
reasonable mnemonic.

The other options I looked at were =, &, ^, *, +, #


Could do # I guess. But that will create issues with URI encoding (so will
?)


I think one big advantage of the approach is that it is easy to explain
that the gobbledygook in front of the name represents the encryption key.
Now it is really an index to the key rather than the key itself, just like
the DNS 'address' is actually an index not an address.

--e89a8f642e1656376f04e8df264e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">We can use almost anything as the separator except for<div=
><br></div><div>It can&#39;t be @ (reserved for use as a separator)</div><d=
iv>It can&#39;t be ! (legacy of UUCP)</div><div>It can&#39;t be : or . (use=
d in IP addresses)</div>
<div>It can&#39;t be - or _ =A0(widely used already)</div><div>It can&#39;t=
 be % (used as escaping in URIs)</div><div>It can&#39;t be &lt; or &gt; and=
 probably not [({ })] either</div><div><br></div><div>That leaves very litt=
le. I dislike $.</div>
<div><br></div><div>I chose ? because it poses a problem for the NSA to dec=
rypt which is a reasonable mnemonic.</div><div><br></div><div>The other opt=
ions I looked at were =3D, &amp;, ^, *, +, #</div><div><br></div><div><br>
</div><div>Could do # I guess. But that will create issues with URI encodin=
g (so will ?)</div><div><br></div><div><br></div><div>I think one big advan=
tage of the approach is that it is easy to explain that the gobbledygook in=
 front of the name represents the encryption key. Now it is really an index=
 to the key rather than the key itself, just like the DNS &#39;address&#39;=
 is actually an index not an address.</div>
</div>

--e89a8f642e1656376f04e8df264e--

From sm@resistor.net  Wed Oct 16 11:34:05 2013
Return-Path: <sm@resistor.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CE7411E814C for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 11:34:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.684
X-Spam-Level: 
X-Spam-Status: No, score=-102.684 tagged_above=-999 required=5 tests=[AWL=0.051, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gVVP50BqIf+5 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 11:34:01 -0700 (PDT)
Received: from mx.elandsys.com (ns1.qubic.net [208.69.177.116]) by ietfa.amsl.com (Postfix) with ESMTP id 36D1B11E812A for <perpass@ietf.org>; Wed, 16 Oct 2013 11:33:59 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r9GIBgwS027193; Wed, 16 Oct 2013 11:11:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1381947139; bh=H9NtKARoFITxO3IWfmodPD8VmkMAvTxyv8EE+Gyjbaw=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=1D3zyCOG6RtoQh+c9iTDok8auvZZlB3p5JEf/vuYY0MUb1qpkRI1NVj0te3AxXt+W 1BzmGRXq0yOXu+eih19cZpjPatdMW9XZ7ooTOn1/lbZ/W6RdUqylTm4x9/+Uo6GVTT Bu38YIx08pmr1VMVYbHkIQDsT43KJsIVC24btaP0=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1381947139; i=@resistor.net; bh=H9NtKARoFITxO3IWfmodPD8VmkMAvTxyv8EE+Gyjbaw=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=oOGxT40rO1v8kplFCfRnanryTqOQKrbjm3yyklKPKBc+IKpYo0OJTaujX/4PEMROs xopqzwQ50ZEhsqOG9EgTtqjYseK+djjaDhtTH5RhEelfQ3BlUoh8NBYdL1PFcRL5yP vtwKSSq/TKszVvl1De19qiTHgSHrfPfhrfWch33w=
Message-Id: <6.2.5.6.2.20131016082707.0c0f1530@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Wed, 16 Oct 2013 08:53:27 -0700
To: rutkowski.tony@gmail.com
From: SM <sm@resistor.net>
In-Reply-To: <525BE7DC.4080407@gmail.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: perpass@ietf.org
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 18:34:05 -0000

At 05:47 14-10-2013, Tony Rutkowski wrote:
>Most users make their choice of provider
>and platform based on factors such as:
>cost, performance, ease of use, SPAM
>and malware reduction, image (i.e.,
>account/domain name), mobility,
>identity theft mitigation, familiarity,
>and social feature sets.  Like credit
>card fraud protection, some of those
>features require a lot of invasive knowledge.
>Fortunately, there are a lot of providers
>competing in the marketplace.

I could do a study to find out which provider is popular in the 
IETF.  The result would probably be gmail.com.  There aren't that 
many providers competing in the marketplace.  It is difficult to 
compete when most users want a free service.  For what it is worth, 
there hasn't been any noticeable shift in providers used by IETF participants.

>So as many have opined, the IETF is a
>technical standards body, not an evangelical
>organization for socio-political views, and
>hopefully will continue to do what it
>does well - produce usable protocols - and
>leave the implementation choices to others
>based on their assessment of the risk.

If the IETF is a technical standards body it should not discuss about 
privacy in its specifications.  That would not go down well in 
practice as other bodies will point out that the IETF is designing 
standards without any thought to how it affects the users.

Security considerations are mandatory for IETF specifications.  I 
gather that there would be some guidance in that section so that 
people making implementation choices can assess the risks.

The topic in the subject line is about mandatory-to-implement.  If 
the feature is not available in an implementation the user has less 
choices.  The default setting also matters.  If a feature is off by 
default the average user won't turn it on.  Note that some 
implementations usually make that choice based on feedback from the 
users.  As an example, if the key length chosen by the user is 
considered as insecure, the implementation might generate a warning 
or exit with an error message.

Regards,
-sm 


From kent@bbn.com  Wed Oct 16 12:31:07 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5858321F9A7D for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 12:31:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.492
X-Spam-Level: 
X-Spam-Status: No, score=-106.492 tagged_above=-999 required=5 tests=[AWL=0.107, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aya9zp1mXDmT for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 12:31:01 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 43C8921F849C for <perpass@ietf.org>; Wed, 16 Oct 2013 12:31:01 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:51755) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VWWo3-000Eji-5N; Wed, 16 Oct 2013 15:30:55 -0400
Message-ID: <525EE96F.4020901@bbn.com>
Date: Wed, 16 Oct 2013 15:30:55 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Nicholas Weaver <nweaver@icsi.berkeley.edu>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <989619D4-FCB3-4DF4-A4DB-C8864D2155D0@icsi.berkeley.edu>
In-Reply-To: <989619D4-FCB3-4DF4-A4DB-C8864D2155D0@icsi.berkeley.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 19:31:07 -0000

On Oct 16, 2013, at 8:23 AM, Stephen Kent <kent@bbn.com> wrote:
>> One reason
>> is that these e-mail access protocols are used in enterprise environment where passive
>> wiretapping often not considered a viable attack.
> As someone who remembers the switch to Kerberos and then SSH driven by password sniffers in the LAN, including one which got my own password back in the day, I find this assumption grossly unrealistic.
That used to be a valid concern. I'm not sure why, but it seems to be 
less of a concern
today. Maybe use of VLANs, better switch management, ...
> You have to REALLY lock-down the LAN, including properly configure high end switches with ARP filtering and/or other layer 3 management, for this assumption to be even remotely plausible.
OK.
> Finally, we must consider passive wiretapping an active attack.  The only thing which prevents a passive wiretap from modifying (rather than just monitoring) traffic is almost invariably the will of the attacker, not any technical limitation, since even on-path wiretappers can packet inject, allowing the attacker to trivially promote themselves into a MitM situation in almost all circumstances.
I don't agree that we should ignore the differences between passive and 
active wiretapping.
I do agree that passive wiretapping can be augment with active attacks 
of various sorts.
It's not just the "will" of the attacker that matters; it's also the 
capabilities of the
attacker and their sensitivity to being detected.

Steve

From nweaver@ICSI.Berkeley.EDU  Wed Oct 16 12:47:54 2013
Return-Path: <nweaver@ICSI.Berkeley.EDU>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1622721F849C for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 12:47:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uWNzmpJJq9MK for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 12:47:49 -0700 (PDT)
Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id 3B2AE11E82D1 for <perpass@ietf.org>; Wed, 16 Oct 2013 12:47:46 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id A0F2C2C4012; Wed, 16 Oct 2013 12:47:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU
Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id COOGOHodVQCW; Wed, 16 Oct 2013 12:47:45 -0700 (PDT)
Received: from gala.icir.org (gala.icir.org [192.150.187.130]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 32BC92C4008; Wed, 16 Oct 2013 12:47:45 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_D8B33780-E786-4F2E-B2C2-B990D899A2B2"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
In-Reply-To: <525EE96F.4020901@bbn.com>
Date: Wed, 16 Oct 2013 12:47:44 -0700
Message-Id: <0A4B1BCB-81FC-4EFF-88CD-D6C496C0847F@ICSI.Berkeley.EDU>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <989619D4-FCB3-4DF4-A4DB-C8864D2155D0@icsi.berkeley.edu> <525EE96F.4020901@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1510)
Cc: perpass@ietf.org, Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 19:47:54 -0000

--Apple-Mail=_D8B33780-E786-4F2E-B2C2-B990D899A2B2
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


On Oct 16, 2013, at 12:30 PM, Stephen Kent <kent@bbn.com> wrote:
>> Finally, we must consider passive wiretapping an active attack.  The =
only thing which prevents a passive wiretap from modifying (rather than =
just monitoring) traffic is almost invariably the will of the attacker, =
not any technical limitation, since even on-path wiretappers can packet =
inject, allowing the attacker to trivially promote themselves into a =
MitM situation in almost all circumstances.
> I don't agree that we should ignore the differences between passive =
and active wiretapping.
> I do agree that passive wiretapping can be augment with active attacks =
of various sorts.
> It's not just the "will" of the attacker that matters; it's also the =
capabilities of the
> attacker and their sensitivity to being detected.


Capability wise, there is nothing except cryptographic data integrity =
that prevents an eavesdropper from injecting their own traffic.  On =
HTTP, this enables redirecting the browser to an arbitrary site (for =
exploitation), extracting any not-SSL-only cookies, injecting arbitrary =
code at the end of a web page, etc.  Absent DNSSEC validation on the =
part of the victim, DNS injection allows the attacker to MITM any =
connection. =20

Similarly, at layer 2, absent significant protection in the switch, =
properly configured, both DHCP and ARP injection allows similar total =
hijacking.  There are no capability limitations of note for a "passive" =
eavesdropper who wants to become active.

Thus it really is "will" as convenient shorthand: is the attacker =
willing to use this and chance getting caught if a subtle detector is =
actually looking for the signs of attack?


We need universal protection against active adversaries, because the =
precedents have been set and the distinction between passive and active =
really is the willingness of the adversary to include active techniques. =
 We need end-to-end data integrity on all communication and if you have =
end-to-end integrity, anything point-to-point rather than broadcast =
should also include confidentiality since you can just about get it for =
free by this point.

--
Nicholas Weaver                  it is a tale, told by an idiot,
nweaver@icsi.berkeley.edu                full of sound and fury,
510-666-2903                                 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc


--Apple-Mail=_D8B33780-E786-4F2E-B2C2-B990D899A2B2
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJSXu1gAAoJEG2B1w+SDi/uE90P/2/7iDrNawC7FFIRZzSYd7Yc
2U0+vtEXB6evVg7HpVbc6CITFfTMdxBrH7n6MdWJTyFH5ccQezUmoQMoRQlFV4H2
Ks0gVuJ9Z7WUIhjP2YfTWP+8VUaVElAXu1TIzUCCw+Dc/WLXBtbDaYl3E2UmU4uJ
/j45mWm8P690A4J5qO2+h75tzNxscel5bWsg0xHr4GDM5NPLSGM7MdMnMpd2c91b
oy1YGOxD0invW/FHQ6oP1QZsdy1i/LfjO6FwG1XoLvP+xYcuDcjqVvbYb9c2fRvg
IpKfogfK5sGvpNrsnQrVC3cS+16QEbMvRDChiAWyvJAjgBub/p/B4siAW/Tl9IgQ
Mv2S2s7aKc+5dcGq7D7tWooguwoz9grRhKmH0lnqOm51mBxYJPoVjH8jUMuFgNMO
S7oUA91Oo3++WiJo6NdQbDV5xpTJ1QpMSF/+f316d5GoN1emKVXjXues1eX/kI7P
wXNdMMLWBpvCDVWzHEvQ3xF/9umASGBgx+bHjTmVyLzBmLrnA1OjLhNa/cyJ3OjR
0wZStD+wnhwhusyesKyZhWCd5a1Jm3fGs/HUkbPuw4OSUsMDbanQifkaIExPL8n/
oPz9cobbqkPHZMKWG70nZ5gVo/z+Z8PixrIvFCTZTih4zgIDNGHMy/5cYYHPlXuy
7B1hmPPysS9//8hhYkTz
=GUiq
-----END PGP SIGNATURE-----

--Apple-Mail=_D8B33780-E786-4F2E-B2C2-B990D899A2B2--

From stephen.farrell@cs.tcd.ie  Wed Oct 16 13:24:11 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6AD211E81A7 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 13:24:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oIVyu5SlpaYz for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 13:24:05 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 89CF211E8163 for <perpass@ietf.org>; Wed, 16 Oct 2013 13:24:04 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A29F0BE74; Wed, 16 Oct 2013 21:23:59 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XZmoD+WsHm62; Wed, 16 Oct 2013 21:23:58 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.42.21.8]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 53E0EBE73; Wed, 16 Oct 2013 21:23:58 +0100 (IST)
Message-ID: <525EF5D4.4080300@cs.tcd.ie>
Date: Wed, 16 Oct 2013 21:23:48 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>, Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie>	<525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie>	<525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com>	<989619D4-FCB3-4DF4-A4DB-C8864D2155D0@icsi.berkeley.edu>	<525EE96F.4020901@bbn.com> <0A4B1BCB-81FC-4EFF-88CD-D6C496C0847F@ICSI.Berkeley.EDU>
In-Reply-To: <0A4B1BCB-81FC-4EFF-88CD-D6C496C0847F@ICSI.Berkeley.EDU>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 20:24:11 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hiya,

On 10/16/2013 08:47 PM, Nicholas Weaver wrote:
> 
> We need universal protection against active adversaries, because
> the precedents have been set and the distinction between passive
> and active really is the willingness of the adversary to include
> active techniques.  We need end-to-end data integrity on all
> communication and if you have end-to-end integrity, anything
> point-to-point rather than broadcast should also include
> confidentiality since you can just about get it for free by this
> point.

While I sympathise with more protection and with moves towards
more-than-MTI, and I fully agree with you about LAN traffic, I
think also requiring e2e mutual auth (which I think is implied
in the above) would be counterproductive.

The problem is that that introduces a management problem into
every scenario and that management overhead is I think is (today)
the main reason why the most of the MTI security features we
define don't get traction until the exploits experienced by
users/networks become intolerable.

I think the path forward is more like making opportunistic
security mechanisms (in particular confidentiality) more-than-MTI
in a way that builds in some security (against passive attacks)
as an inherent feature of new protocols, but also results in
a far easier transition from there to fully authenticated,
compared to the massive gap between cleartext and fully
authenticated.

S.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSXvXMAAoJEC88hzaAX42iRasIAKCb5fYaOPKttao3+KYEXnrb
cxZ4+/uw9YSc7VDnuWrd3HgD/+2czeZGJB5mqKUCcFsNfX1yjdwD471l7ugIeAlO
BNH61PbB5UVrxMxXBV4E016lFSgf0A/TFYMb6C0afBE7mGBI5z+2mro4fTPfUwji
NMQ98SUfMzYG7rBie4gyFBnKU5WiFnqLihy+QkFbHwc9aJMfFZWImnf5baWouoNN
jMshAZyaPiyYuT/Vsgj5E2mGmWkqKLkQ+q8qdrbg+AJC52qjd7+p96A/LTq46IQk
2SPocGdQYZaohHHPYWzzHcGNGIfznG9Ibn0nbyelXP3U6k5LAz74vnT8DsmZG4Y=
=/l+A
-----END PGP SIGNATURE-----

From hallam@gmail.com  Wed Oct 16 13:24:16 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7EE611E81FD for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 13:24:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.591
X-Spam-Level: 
X-Spam-Status: No, score=-2.591 tagged_above=-999 required=5 tests=[AWL=0.008,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tbfwOEdz-mde for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 13:24:16 -0700 (PDT)
Received: from mail-lb0-x230.google.com (mail-lb0-x230.google.com [IPv6:2a00:1450:4010:c04::230]) by ietfa.amsl.com (Postfix) with ESMTP id 6E75811E82D7 for <perpass@ietf.org>; Wed, 16 Oct 2013 13:24:14 -0700 (PDT)
Received: by mail-lb0-f176.google.com with SMTP id y6so1092360lbh.35 for <perpass@ietf.org>; Wed, 16 Oct 2013 13:24:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=s02PjEiBxJKUOAqiZ/FxWJ0rTam2v0lEMWMK4J6zMz0=; b=kWtyuDT8mLOifiPF7+mLcodvCYTFR/cnZT4uRXsBAexKD4AaS55nfakPsHsUd+kwyX eq206pvK0buWLS/aRReC4QHOb4p8hB7wAhcBbm/e2AQ5cmL5Kv3f1046zRQhjFiH/mwP UrW4PErnCtm5Opaqnie5YlUFqQLz/4gT0Ha4SMrr4+PnTpdmueDCnOj7GElOpYHVQycG gbXwpUVcuwDd1FGx1vHOFGz9kWh0dFW6M08uFvqh+jv0d4WrAFLE6NbZ4HUsmZ3Nc3XJ MA/fFo3G4eoQ4BaCcea6PnFz8hSjcpP6354zlLS5n/RLLqtMyQs3iBhSorzQutVnLelD qRTA==
MIME-Version: 1.0
X-Received: by 10.112.190.1 with SMTP id gm1mr4079106lbc.30.1381955053091; Wed, 16 Oct 2013 13:24:13 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Wed, 16 Oct 2013 13:24:12 -0700 (PDT)
In-Reply-To: <525EA106.4040800@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com> <02DDDAE5-6016-4793-9142-8B1CD73475A3@bogus.com> <525DAA4C.6070107@bbn.com> <80FA935E-7332-4387-99C5-B1FB62514B63@bogus.com> <525DB90F.1070700@bbn.com> <C26C8B1B-7FA1-456A-A35E-32AAE761A8DE@bogus.com> <525EA106.4040800@bbn.com>
Date: Wed, 16 Oct 2013 16:24:12 -0400
Message-ID: <CAMm+Lwgw9sZfgt_aUeTRJQpZu-9UyhDfpTdefLG73t-5s48y2Q@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary=001a11c3836c0903bc04e8e17c6c
Cc: joel jaeggli <joelja@bogus.com>, perpass <perpass@ietf.org>, Tim Moses <tim.moses@entrust.com>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 20:24:17 -0000

--001a11c3836c0903bc04e8e17c6c
Content-Type: text/plain; charset=ISO-8859-1

On Wed, Oct 16, 2013 at 10:21 AM, Stephen Kent <kent@bbn.com> wrote:

> Joel,
>
> Thanks for the followup, identifying the CABF as the source of the key
> length change.


I recently came across a document I wrote in 1999 arguing for 2048 bit
keys...

The problem that required CABForum intervention was that a 1024 bit key is
compatible with more browsers and always will be. Thus there is a
commercial advantage in using a 1024 bit cert so as to maximize the
customer base.

CAs were not prepared to stop issuing 1024 bit certs if doing so would lose
sales to a competitor. Browsers could not stop recognizing 1024 bit certs
as long as they were the majority of certs in use.

Agreeing to stop issue of 1024 bit certs (with some rare exceptions outside
the WebPKI) required both groups to make a mutual commitment.


-- 
Website: http://hallambaker.com/

--001a11c3836c0903bc04e8e17c6c
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Wed, Oct 16, 2013 at 10:21 AM, Stephen Kent <span dir=3D"ltr">&l=
t;<a href=3D"mailto:kent@bbn.com" target=3D"_blank">kent@bbn.com</a>&gt;</s=
pan> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Joel,<br>
<br>
Thanks for the followup, identifying the CABF as the source of the key leng=
th change.</blockquote><div><br></div><div>I recently came across a documen=
t I wrote in 1999 arguing for 2048 bit keys...</div><div><br></div><div>
The problem that required CABForum intervention was that a 1024 bit key is =
compatible with more browsers and always will be. Thus there is a commercia=
l advantage in using a 1024 bit cert so as to maximize the customer base.</=
div>
<div><br></div><div>CAs were not prepared to stop issuing 1024 bit certs if=
 doing so would lose sales to a competitor. Browsers could not stop recogni=
zing 1024 bit certs as long as they were the majority of certs in use.</div=
>
<div><br></div><div>Agreeing to stop issue of 1024 bit certs (with some rar=
e exceptions outside the WebPKI) required both groups to make a mutual comm=
itment.</div><div><br></div></div><div><br></div>-- <br>Website: <a href=3D=
"http://hallambaker.com/">http://hallambaker.com/</a><br>

</div></div>

--001a11c3836c0903bc04e8e17c6c--

From derhoermi@gmx.net  Wed Oct 16 14:08:16 2013
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC00711E81E6 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 14:08:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.151
X-Spam-Level: 
X-Spam-Status: No, score=-3.151 tagged_above=-999 required=5 tests=[AWL=1.133,  BAYES_00=-2.599, GB_I_LETTER=-2, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T3pK34tZTgkz for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 14:08:03 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id 887FE11E8166 for <perpass@ietf.org>; Wed, 16 Oct 2013 14:08:02 -0700 (PDT)
Received: from netb.Speedport_W_700V ([91.35.18.233]) by mail.gmx.com (mrgmx102) with ESMTPA (Nemesis) id 0MXmpv-1VHYYx1jWB-00Wn61 for <perpass@ietf.org>; Wed, 16 Oct 2013 23:08:00 +0200
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Date: Wed, 16 Oct 2013 23:08:07 +0200
Message-ID: <5put591tf27lp8n7admb6cp20n3rn0m1du@hive.bjoern.hoehrmann.de>
References: <525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <989619D4-FCB3-4DF4-A4DB-C8864D2155D0@icsi.berkeley.edu> <525EE96F.4020901@bbn.com> <0A4B1BCB-81FC-4EFF-88CD-D6C496C0847F@ICSI.Berkeley.EDU>
In-Reply-To: <0A4B1BCB-81FC-4EFF-88CD-D6C496C0847F@ICSI.Berkeley.EDU>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:RljIGv2a+PotjsDP0e4sWadZ85Av+doRVxSn/0qtQ9vX3ruH1Cp qo/g8JdWCNJeCC1SQOfgqCe6LzF2gbxhCLnRXi9BvYcUda51sK95bLPZP1MMNqZlZO/L+vJ k+MUYzY3g3zH/tN9j5XDLX2otrlws49LLqiPnXU/5Tl0OVpBkvM6a0dFeJbIMLgul6YjKZr yhbb7O7l0/gEUAH/UQ34g==
Cc: perpass@ietf.org
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 21:08:17 -0000

* Nicholas Weaver wrote:
>We need universal protection against active adversaries, because the 
>precedents have been set and the distinction between passive and active 
>really is the willingness of the adversary to include active techniques.  
>We need end-to-end data integrity on all communication and if you have 
>end-to-end integrity, anything point-to-point rather than broadcast 
>should also include confidentiality since you can just about get it for 
>free by this point.

Adversaries do not necessarily have the resources to do anything they
are willing to do. Active attacks might require more expensive hardware
which they might not have the capital for, or they may increase latency
so that people get angry about them slowing down the Internet too much.

Authenticity and integrity are also sometimes at odds with other
desirable features like anonymity, deniability, and maintainability. In
some cases systems are not purely end-to-end, e-mail for instance also
has public discussion lists and newsletters with millions of subscribers
to consider.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

From fallenpegasus@gmail.com  Wed Oct 16 17:21:38 2013
Return-Path: <fallenpegasus@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C600521F9702 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 17:21:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level: 
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p1imaDbGtII2 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 17:21:38 -0700 (PDT)
Received: from mail-vb0-x22a.google.com (mail-vb0-x22a.google.com [IPv6:2607:f8b0:400c:c02::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 9A2A921F9649 for <perpass@ietf.org>; Wed, 16 Oct 2013 17:21:34 -0700 (PDT)
Received: by mail-vb0-f42.google.com with SMTP id e12so781812vbg.29 for <perpass@ietf.org>; Wed, 16 Oct 2013 17:21:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=HENIhvXY3deK8sEN8QwXj31/h25Pseru9kNs+VMJv7o=; b=xzlpwhQ61CkoZCQegESJdCE4mGQqDfC0ly2G6wVXzM3OYxD4dWGQFc0AKSxLz4+bdG vpfFrc52CVpAEX28LkdChUP5GBKcLY+Hqw90WRudNfoaM3JpeLenYw+Wd6ZgITxfWbsb /pzscZET/DvD27nqiHNvihJ7IvDcDNf71DFJs1rcZBekzYvZzZdndyGIvR5Ikr8V1+jh odCXfOCrTaF2cx1QN6qVZwMSxIALRxZZmVqT8qnBQllFVxfIqYW585DrykXmTs0SZkhy cT0WTmjY9C82/KfRY6WZsHHANvVBNrMFw8c9V33EOYt8wjx2c+GjE+dCeCfDaV2l0oMF AmZg==
X-Received: by 10.52.187.138 with SMTP id fs10mr3745726vdc.10.1381969293880; Wed, 16 Oct 2013 17:21:33 -0700 (PDT)
MIME-Version: 1.0
Sender: fallenpegasus@gmail.com
Received: by 10.52.173.80 with HTTP; Wed, 16 Oct 2013 17:21:13 -0700 (PDT)
In-Reply-To: <525EAF77.3090203@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com>
From: Mark Atwood <me@mark.atwood.name>
Date: Wed, 16 Oct 2013 17:21:13 -0700
X-Google-Sender-Auth: DGj8tf3Qof2kUAacEZMfxs2c3kc
Message-ID: <CANW5CYXY1fB5eC6LjmQoP=qDwgZAwB-85fAuBFvYRNo7qR2Lvg@mail.gmail.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset=UTF-8
Cc: perpass@ietf.org
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 00:21:38 -0000

| One reason is that these e-mail access protocols are used in
| enterprise environment where passive wiretapping often not
| considered a viable attack. Internal to the enterprise net there
| is usually a perception of adequate physical security.

I have discovered, in the last couple of months of investigation, to
my disappointment and horror, that many many very large IT shops in
the US that are doing telecoms between their various offices and
datacenters, do not encrypt.  Large telecoms users typically use MPLS
or telco provided "dark fiber".  Cleartext.  No encryption.  Not at
the wireline layer, not at the packet layer, and not at the
application layer.

The statement I get back when I have been investigating this is has
always been along the lines of "it's OUR glass" / "it's OUR circuit",
"it makes doing packet tracing and intrusion detection harder" (that
one makes me headdesk hard), "why should we be afraid of our telco
partner?", and "just because Google is doing it doesn't mean it's
useful to us".

I am working hard to assume ignorance and pollyanna-ism, instead of
malice and NSA-suborn-ism on the part of the CTOs and their security
people.

But anyway, that means that corporate use of Outlook & Exchange, Lync,
SAML, Intranet HTTP, SIP, remote file stores, IMAP & SMTP, remote
database access, remote backup, and internal customer and financial
records are completely transparent to the NSA, and to most every other
major spook agency in the world.  The NSA probably has a better view
into the second by second status of the health and wealth of the US
and world economy than any of the financial regulators.

..m

From hallam@gmail.com  Wed Oct 16 19:35:11 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF96221F9A10 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 19:35:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.591
X-Spam-Level: 
X-Spam-Status: No, score=-2.591 tagged_above=-999 required=5 tests=[AWL=0.008,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6EQ8Al3CbhNw for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 19:35:10 -0700 (PDT)
Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com [IPv6:2a00:1450:4010:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 831DD21F9D0F for <perpass@ietf.org>; Wed, 16 Oct 2013 19:35:09 -0700 (PDT)
Received: by mail-la0-f43.google.com with SMTP id ec20so1248999lab.2 for <perpass@ietf.org>; Wed, 16 Oct 2013 19:35:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=Xg8y564erRMpRDzW7Ggg3eVXYaZShondq3jRdju0l1k=; b=foLfgC1cRnI5YypnY/UvrulW6BhFO55I4iwLOvNxXQtjUf0+WCdA9uoLEKlDTzGxtI WiqlXQOg1rnLnJf+23FJgoror2oJiSxtranVmMxtPYqFgm4ltYm/Vzs3PZF85YMAWeEy GVCQNTNFABEBu5pChMCswThb83LSLkHDgYw5P344ob94eqVZHLMyNd5MyjqDWcl6ZlL3 /SRy62E94WdNQdMm4CpiS+Fx1J3tJTMBJMVe3S/BuSQBsQbKR4jlYI6IL6jkCK42VAbX jjn9OTElGaf5KLE3zM+DFHvd1FzvoFunbJak6VvjNgFdToquojvDB6ea+1rzdFOBGc/k A37g==
MIME-Version: 1.0
X-Received: by 10.152.171.72 with SMTP id as8mr324439lac.33.1381977308282; Wed, 16 Oct 2013 19:35:08 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Wed, 16 Oct 2013 19:35:08 -0700 (PDT)
Date: Wed, 16 Oct 2013 22:35:08 -0400
Message-ID: <CAMm+Lwj4sxeyvW-hdiM-qZdxx-FeFu3SV+kfdqO8cyAADo89oA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: perpass <perpass@ietf.org>
Content-Type: multipart/alternative; boundary=001a1135e5a48c449404e8e6aa75
Subject: [perpass] Draft describing how to evaluate trust models in the age of PRISM
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 02:35:12 -0000

--001a1135e5a48c449404e8e6aa75
Content-Type: text/plain; charset=ISO-8859-1

http://tools.ietf.org/html/draft-hallambaker-prismproof-trust-00

I would like to spend a lot longer getting this right but don't have time
to do that and write code.

The work factor measures may be of general interest. In particular
introducing the time element has interesting effects.

-- 
Website: http://hallambaker.com/

--001a1135e5a48c449404e8e6aa75
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><a href=3D"http://tools.ietf.org/html/draft-hallambaker-pr=
ismproof-trust-00">http://tools.ietf.org/html/draft-hallambaker-prismproof-=
trust-00</a><div><br></div><div>I would like to spend a lot longer getting =
this right but don&#39;t have time to do that and write code.</div>
<div><br></div><div>The work factor measures may be of general interest. In=
 particular introducing the time element has interesting effects.</div><div=
><br></div><div>-- <br>Website: <a href=3D"http://hallambaker.com/">http://=
hallambaker.com/</a><br>

</div></div>

--001a1135e5a48c449404e8e6aa75--

From joelja@bogus.com  Wed Oct 16 23:09:37 2013
Return-Path: <joelja@bogus.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9EA911E80E2 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 23:09:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBbQ--+Pi172 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 23:09:37 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id F384E21F9CC7 for <perpass@ietf.org>; Wed, 16 Oct 2013 23:09:36 -0700 (PDT)
Received: from [192.168.1.13] (c-50-174-18-221.hsd1.ca.comcast.net [50.174.18.221]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id r9H69U9F007801 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 17 Oct 2013 06:09:31 GMT (envelope-from joelja@bogus.com)
Content-Type: multipart/signed; boundary="Apple-Mail=_BDAFD3A0-8CED-4094-97D1-38087A8AD05A"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: joel jaeggli <joelja@bogus.com>
In-Reply-To: <CANW5CYXY1fB5eC6LjmQoP=qDwgZAwB-85fAuBFvYRNo7qR2Lvg@mail.gmail.com>
Date: Wed, 16 Oct 2013 23:09:25 -0700
Message-Id: <3DEEBAC1-FA1C-4EB7-BDAA-7E32502037B7@bogus.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <CANW5CYXY1fB5eC6LjmQoP=qDwgZAwB-85fAuBFvYRNo7qR2Lvg@mail.gmail.com>
To: Mark Atwood <me@mark.atwood.name>
X-Mailer: Apple Mail (2.1510)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [147.28.0.81]); Thu, 17 Oct 2013 06:09:32 +0000 (UTC)
Cc: perpass@ietf.org, Stephen Kent <kent@bbn.com>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 06:09:38 -0000

--Apple-Mail=_BDAFD3A0-8CED-4094-97D1-38087A8AD05A
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252


On Oct 16, 2013, at 5:21 PM, Mark Atwood <me@mark.atwood.name> wrote:

> | One reason is that these e-mail access protocols are used in
> | enterprise environment where passive wiretapping often not
> | considered a viable attack. Internal to the enterprise net there
> | is usually a perception of adequate physical security.
>=20
> I have discovered, in the last couple of months of investigation, to
> my disappointment and horror, that many many very large IT shops in
> the US that are doing telecoms between their various offices and
> datacenters, do not encrypt.  Large telecoms users typically use MPLS
> or telco provided "dark fiber".  Cleartext.  No encryption.  Not at
> the wireline layer, not at the packet layer, and not at the
> application layer.
>=20
> The statement I get back when I have been investigating this is has
> always been along the lines of "it's OUR glass" / "it's OUR circuit",
> "it makes doing packet tracing and intrusion detection harder" (that
> one makes me headdesk hard), "why should we be afraid of our telco
> partner?", and "just because Google is doing it doesn't mean it's
> useful to us".
>=20
> I am working hard to assume ignorance and pollyanna-ism, instead of
> malice and NSA-suborn-ism on the part of the CTOs and their security
> people.
>=20
> But anyway, that means that corporate use of Outlook & Exchange, Lync,
> SAML, Intranet HTTP, SIP, remote file stores, IMAP & SMTP, remote
> database access, remote backup, and internal customer and financial
> records are completely transparent to the NSA, and to most every other
> major spook agency in the world.  The NSA probably has a better view
> into the second by second status of the health and wealth of the US
> and world economy than any of the financial regulators.

MPLS VPN is more virtually private not virtual private. If you consider =
that the functional equivalent of your own wavelength or your own glass =
then maybe it's good enough for your purposes. from my vantage point =
none of those things are the tautological equivalent of an ipsec vpn

Wire-speed link-layer encryption is rather expensive at the feeds and =
speeds of modern routers. IP layer encapsulation in a ce-router in an =
MPLS hand-off is an expensive place to put it since that encryption =
complex is going on a asic in the fowarding path. For relatively slow =
links lots of these things are doable in a software forwarding engine=85 =
for 16 x 10Gb/s it's going to cost you.

operators and their customers make tradeoffs all the time, this is one =
of them.

=
http://www.safenet-inc.com/products/data-protection/network-wan-encryption=
/ethernet-encryption/

>=20
> ..m
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>=20


--Apple-Mail=_BDAFD3A0-8CED-4094-97D1-38087A8AD05A
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlJffxUACgkQ8AA1q7Z/VrLEYQCfewJZeM0josRGXlT8AxNdHx3i
/HgAoILx445Uwm/eVCifzOdAskqe34R4
=0KlA
-----END PGP SIGNATURE-----

--Apple-Mail=_BDAFD3A0-8CED-4094-97D1-38087A8AD05A--

From sm@resistor.net  Wed Oct 16 23:45:40 2013
Return-Path: <sm@resistor.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 615BB11E8247 for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 23:45:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.69
X-Spam-Level: 
X-Spam-Status: No, score=-102.69 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QVu80KDqNnHT for <perpass@ietfa.amsl.com>; Wed, 16 Oct 2013 23:45:36 -0700 (PDT)
Received: from mx.elandsys.com (ns1.qubic.net [208.69.177.116]) by ietfa.amsl.com (Postfix) with ESMTP id 7544611E810C for <perpass@ietf.org>; Wed, 16 Oct 2013 23:45:31 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r9H6ix9Z003284; Wed, 16 Oct 2013 23:45:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1381992305; bh=7UpI6TvYHrGONMeFISGcVXMURiOj8063X4SLKYdA6yo=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=0ii6oLcCA/DiNj5grq/jTKYY14o6mrN0uVIPnmmeu9YM/5a/s0xjSSDIwQYV+xTLo gbjBaD2UAMhe3Q5iVKYEWiPMlyQuSNjoVPma98wr2PtH7Jaugds2S5ELKNLK5KTVt9 sMA+weFOHqzFtiff8e12NPkjvbWJxEeAS8/6fbtc=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1381992305; i=@resistor.net; bh=7UpI6TvYHrGONMeFISGcVXMURiOj8063X4SLKYdA6yo=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=tblculSwk00QijzE932d3GuaURrbtripE5+TsB4cWOB6MO+3/hrA+DuxETGyiPa+4 C8cQ4y5BG1EnCu/LfyyUvOhrU9o2nPGPS3L9rW31aWyRvcIXDqDsNziDW3+9h3OeOs wTvHAfsrzBvivjouybtsaFMYJCuROqWWaw8vcIIk=
Message-Id: <6.2.5.6.2.20131016231335.0d2dc150@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Wed, 16 Oct 2013 23:44:15 -0700
To: joel jaeggli <joelja@bogus.com>
From: SM <sm@resistor.net>
In-Reply-To: <3DEEBAC1-FA1C-4EB7-BDAA-7E32502037B7@bogus.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <CANW5CYXY1fB5eC6LjmQoP=qDwgZAwB-85fAuBFvYRNo7qR2Lvg@mail.gmail.com> <3DEEBAC1-FA1C-4EB7-BDAA-7E32502037B7@bogus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: perpass@ietf.org, Stephen Kent <kent@bbn.com>, Mark Atwood <me@mark.atwood.name>
Subject: [perpass] When private is equated with secure (was: mandatory-to-implement vs. more?)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 06:45:40 -0000

Hi Joel,
At 23:09 16-10-2013, joel jaeggli wrote:
>MPLS VPN is more virtually private not virtual private. If you 
>consider that the functional equivalent of your own wavelength or 
>your own glass then maybe it's good enough for your purposes. from 
>my vantage point none of those things are the tautological 
>equivalent of an ipsec vpn

[snip]

>operators and their customers make tradeoffs all the time, this is 
>one of them.

If I am not mistaken IP VPN has been sold over the years as a secure 
link.  That might have been good enough previously (see above about 
tradeoffs).  The threat evolves over time.  I am not thinking about 
state-sponsored surveillance here.  The tradeoff seems to be that the 
link is secure as it is private.

Regards,
-sm 


From scott.brim@gmail.com  Thu Oct 17 04:52:46 2013
Return-Path: <scott.brim@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BCC811E8175 for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 04:52:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IynCw6l53TV0 for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 04:52:46 -0700 (PDT)
Received: from mail-ea0-x231.google.com (mail-ea0-x231.google.com [IPv6:2a00:1450:4013:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 0C0FF11E8177 for <perpass@ietf.org>; Thu, 17 Oct 2013 04:52:44 -0700 (PDT)
Received: by mail-ea0-f177.google.com with SMTP id f15so990870eak.36 for <perpass@ietf.org>; Thu, 17 Oct 2013 04:52:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=uXGQmxdbFrWB0lmlue73FmviYW9wOjheSUZ+E67858k=; b=01UTZ0zm58R/QLoP9ChSA2oiUECHVQ6erEin+SJiKO/ZHKJfaECL8JDrZeVwxoZsmV x6pq8EeSYaM5T4pN4z5KsmYNjju1AFe9Uf0NpNdEdLqYFYmHVE3B0fmdygdmGQkI0XMd jGdV2muI20pXK1ZVf69pIJ0ShRQOf3M7Sg3hteSbYa5X5Q62xZitVQHF4t4DAFG/R8YM Wmk4+2mubynj99kumuJnNFeddzNWV/m41nBHPlduloc+sQVP8nPqJiON16Ocvogj/1Eq 48MXwn9UvW/Io2RlIKGVoyfnFE0J4fsnyNLFg4JrV7uIGH3BCocvDgLd4kQqWaMSOkA2 Y71w==
MIME-Version: 1.0
X-Received: by 10.15.93.204 with SMTP id w52mr3172647eez.69.1382010763984; Thu, 17 Oct 2013 04:52:43 -0700 (PDT)
Received: by 10.14.205.7 with HTTP; Thu, 17 Oct 2013 04:52:43 -0700 (PDT)
Received: by 10.14.205.7 with HTTP; Thu, 17 Oct 2013 04:52:43 -0700 (PDT)
In-Reply-To: <6.2.5.6.2.20131016231335.0d2dc150@resistor.net>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <CANW5CYXY1fB5eC6LjmQoP=qDwgZAwB-85fAuBFvYRNo7qR2Lvg@mail.gmail.com> <3DEEBAC1-FA1C-4EB7-BDAA-7E32502037B7@bogus.com> <6.2.5.6.2.20131016231335.0d2dc150@resistor.net>
Date: Thu, 17 Oct 2013 07:52:43 -0400
Message-ID: <CAPv4CP_jdA1_KSZgVzn2b-08LCmKzLmB5-2E91v3pa0UDfTW+Q@mail.gmail.com>
From: Scott Brim <scott.brim@gmail.com>
To: SM <sm@resistor.net>
Content-Type: multipart/alternative; boundary=089e01681486a9c55c04e8ee74d5
Cc: joel jaeggli <joelja@bogus.com>, perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>, Mark Atwood <me@mark.atwood.name>
Subject: Re: [perpass] When private is equated with secure (was: mandatory-to-implement vs. more?)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 11:52:46 -0000

--089e01681486a9c55c04e8ee74d5
Content-Type: text/plain; charset=ISO-8859-1

On Oct 17, 2013 2:45 AM, "SM" <sm@resistor.net> wrote:
> If I am not mistaken IP VPN has been sold over the years as a secure
link.

"IP VPN" includes not only MPLS VPN but also e2e IPsec. Also the meaning of
"secure" has been diluted down by marketing.

--089e01681486a9c55c04e8ee74d5
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr"><br>
On Oct 17, 2013 2:45 AM, &quot;SM&quot; &lt;<a href=3D"mailto:sm@resistor.n=
et">sm@resistor.net</a>&gt; wrote:<br>
&gt; If I am not mistaken IP VPN has been sold over the years as a secure l=
ink. =A0</p>
<p dir=3D"ltr">&quot;IP VPN&quot; includes not only MPLS VPN but also e2e I=
Psec. Also the meaning of &quot;secure&quot; has been diluted down by marke=
ting. </p>

--089e01681486a9c55c04e8ee74d5--

From kent@bbn.com  Thu Oct 17 07:12:37 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30DCF11E8269 for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 07:12:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.498
X-Spam-Level: 
X-Spam-Status: No, score=-106.498 tagged_above=-999 required=5 tests=[AWL=0.101, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hRRrHz116eQu for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 07:12:31 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id DC39211E8205 for <perpass@ietf.org>; Thu, 17 Oct 2013 07:12:30 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:52610) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VWoJR-000Jvc-Sj; Thu, 17 Oct 2013 10:12:29 -0400
Message-ID: <525FF04D.6060204@bbn.com>
Date: Thu, 17 Oct 2013 10:12:29 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Mark Atwood <me@mark.atwood.name>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <CANW5CYXY1fB5eC6LjmQoP=qDwgZAwB-85fAuBFvYRNo7qR2Lvg@mail.gmail.com>
In-Reply-To: <CANW5CYXY1fB5eC6LjmQoP=qDwgZAwB-85fAuBFvYRNo7qR2Lvg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 14:12:37 -0000

Mark,

I've long referred to non-crypto VPNs as "virtually" private nets, for the
reasons you note. More cluefull enterprises do use encrypting firewalls for
inter-site protection. Cisco, Juniper, Checkpoint and others have made a
fair amount of money selling devices for this purpose.

When  alluded to remote access by employees, I was thinking along the lines
of road warriors, using IPsec or SSH tunnels for remote access.

I don't think we've seen any evidence to suggest that NSA is 
eavesdropping on
inter-site enterprise comms, at least for U.S companies, based on the 
Snodwen
docs released (so far).

Steve

From joelja@bogus.com  Thu Oct 17 07:49:14 2013
Return-Path: <joelja@bogus.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97BDF11E810F for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 07:49:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level: 
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AZE95gdSfS5f for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 07:49:10 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id 8B68911E80F5 for <perpass@ietf.org>; Thu, 17 Oct 2013 07:49:10 -0700 (PDT)
Received: from [192.168.43.134] (mf92636d0.tmodns.net [208.54.38.249]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id r9HEmxhm013215 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 17 Oct 2013 14:49:04 GMT (envelope-from joelja@bogus.com)
Content-Type: multipart/signed; boundary="Apple-Mail=_53E4D1E8-5C22-48A7-AB1C-91515F3A2282"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: joel jaeggli <joelja@bogus.com>
In-Reply-To: <6.2.5.6.2.20131016231335.0d2dc150@resistor.net>
Date: Thu, 17 Oct 2013 07:36:00 -0700
Message-Id: <1D2033FA-CC56-4F72-AD06-25BCA120B4C7@bogus.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <CANW5CYXY1fB5eC6LjmQoP=qDwgZAwB-85fAuBFvYRNo7qR2Lvg@mail.gmail.com> <3DEEBAC1-FA1C-4EB7-BDAA-7E32502037B7@bogus.com> <6.2.5.6.2.20131016231335.0d2dc150@resistor.net>
To: SM <sm@resistor.net>
X-Mailer: Apple Mail (2.1510)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [147.28.0.81]); Thu, 17 Oct 2013 14:49:05 +0000 (UTC)
Cc: perpass@ietf.org, Stephen Kent <kent@bbn.com>, Mark Atwood <me@mark.atwood.name>
Subject: Re: [perpass] When private is equated with secure (was: mandatory-to-implement vs. more?)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 14:49:14 -0000

--Apple-Mail=_53E4D1E8-5C22-48A7-AB1C-91515F3A2282
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


On Oct 16, 2013, at 11:44 PM, SM <sm@resistor.net> wrote:

> Hi Joel,
> At 23:09 16-10-2013, joel jaeggli wrote:
>> MPLS VPN is more virtually private not virtual private. If you =
consider that the functional equivalent of your own wavelength or your =
own glass then maybe it's good enough for your purposes. from my vantage =
point none of those things are the tautological equivalent of an ipsec =
vpn
>=20
> [snip]
>=20
>> operators and their customers make tradeoffs all the time, this is =
one of them.
>=20
> If I am not mistaken IP VPN has been sold over the years as a secure =
link.

It doesn't take a lot of sophistication to understand that putting a new =
header on the outsside and whacking an lsp on something doesn't make it =
secure in the encryption sense. when you still use the inner ip header =
as a hash for flow distribution across trunks, that ought be a reminder =
that you're a label strip away from an ip packet.

Regarding marketing, I hear that beer makes me smarter and cigarettes =
more sophisticated as well.


>  That might have been good enough previously (see above about =
tradeoffs).  The threat evolves over time.  I am not thinking about =
state-sponsored surveillance here.  The tradeoff seems to be that the =
link is secure as it is private.
>=20
> Regards,
> -sm=20


--Apple-Mail=_53E4D1E8-5C22-48A7-AB1C-91515F3A2282
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlJf9dAACgkQ8AA1q7Z/VrKv7wCfZ36ej75btr5+RiN1aYR3vFXC
y0sAn3WKNCPV0TzVloG7kCVn92iCX8FV
=VE07
-----END PGP SIGNATURE-----

--Apple-Mail=_53E4D1E8-5C22-48A7-AB1C-91515F3A2282--

From kent@bbn.com  Thu Oct 17 07:58:43 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C646511E825D for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 07:58:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.501
X-Spam-Level: 
X-Spam-Status: No, score=-106.501 tagged_above=-999 required=5 tests=[AWL=0.098, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VbK82Sugo5w0 for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 07:58:36 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id E15CE11E8257 for <perpass@ietf.org>; Thu, 17 Oct 2013 07:58:27 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:52624) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VWp1u-000Kwo-O3; Thu, 17 Oct 2013 10:58:26 -0400
Message-ID: <525FFB12.6030306@bbn.com>
Date: Thu, 17 Oct 2013 10:58:26 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <989619D4-FCB3-4DF4-A4DB-C8864D2155D0@icsi.berkeley.edu> <525EE96F.4020901@bbn.com> <0A4B1BCB-81FC-4EFF-88CD-D6C496C0847F@ICSI.Berkeley.EDU>
In-Reply-To: <0A4B1BCB-81FC-4EFF-88CD-D6C496C0847F@ICSI.Berkeley.EDU>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 14:58:44 -0000

> ...
>
>
> Capability wise, there is nothing except cryptographic data integrity that prevents an eavesdropper from injecting their own traffic.  On HTTP, this enables redirecting the browser to an arbitrary site (for exploitation), extracting any not-SSL-only cookies, injecting arbitrary code at the end of a web page, etc.  Absent DNSSEC validation on the part of the victim, DNS injection allows the attacker to MITM any connection.
The ability to effect active and passive attacks is not uniform, and 
often not equivalent,
at least not on a per link basis. An attacker may be able to listen to a 
satellite down link or
a fiber cable, but not be able to inject packets into these links. So it 
is not quite accurate
to assert that any adversary who can passively monitor (a link) can also 
engage in active attacks
(on that link). The general form of active attacks that we usually 
assume in IETF security assesments
are MITM, which may be very hard to effect, depending on the context.
> Similarly, at layer 2, absent significant protection in the switch, properly configured, both DHCP and ARP injection allows similar total hijacking.  There are no capability limitations of note for a "passive" eavesdropper who wants to become active.
What constitutes "significant protection?"
> Thus it really is "will" as convenient shorthand: is the attacker willing to use this and chance getting caught if a subtle detector is actually looking for the signs of attack?
I think it is more than just a concern re being detected.
> We need universal protection against active adversaries, because the precedents have been set and the distinction between passive and active really is the willingness of the adversary to include active techniques.  We need end-to-end data integrity on all communication and if you have end-to-end integrity, anything point-to-point rather than broadcast should also include confidentiality since you can just about get it for free by this point.
I agree that adding confidentiality is almost free once you have 
accepted the costs of integrity.
There may be hidden costs, though, of the sort I mentioned earlier, 
e.g., reduced ability to effect
traffic engineering, load balancing, and debugging.

When you mention integrity do you mean integrity w/o authentication? To 
me that's reminiscent of
the Rocky and Bullwinkle ad cut-away about fan mail from a flounder. If 
a bottle containing a note
were securely sealed, then one might assume that it was afforded 
integrity. But without authentication,
we don't know which flounder sent the note, which seems unsatisfying. 
Integrity w/o authentication
is MUCH easier than authenticated integrity, but I worry that folks will 
misinterpret the security
they're getting, with unfortunate results.
> --
> Nicholas Weaver                  it is a tale, told by an idiot,
> nweaver@icsi.berkeley.edu                full of sound and fury,
> 510-666-2903                                 .signifying nothing
> PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
>


From joelja@bogus.com  Thu Oct 17 08:15:09 2013
Return-Path: <joelja@bogus.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E25A21F85BB for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 08:15:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ozFhWhECpnU7 for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 08:15:08 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id 0ED5E21F9C4A for <perpass@ietf.org>; Thu, 17 Oct 2013 08:14:56 -0700 (PDT)
Received: from [192.168.43.134] (mf92636d0.tmodns.net [208.54.38.249]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id r9HFEguT013493 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 17 Oct 2013 15:14:46 GMT (envelope-from joelja@bogus.com)
Content-Type: multipart/signed; boundary="Apple-Mail=_65880F71-C420-4132-8B2B-1E675A3BDB1A"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: joel jaeggli <joelja@bogus.com>
In-Reply-To: <CAMm+Lwgw9sZfgt_aUeTRJQpZu-9UyhDfpTdefLG73t-5s48y2Q@mail.gmail.com>
Date: Thu, 17 Oct 2013 08:14:36 -0700
Message-Id: <EDFB61EA-81A5-456F-9596-C10CF5710146@bogus.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <CA+BZK2oaVxodkUf09KTMf2NPkBZEvC1E9QtxQR_fB7kiarqmEg@mail.gmail.com> <02DDDAE5-6016-4793-9142-8B1CD73475A3@bogus.com> <525DAA4C.6070107@bbn.com> <80FA935E-7332-4387-99C5-B1FB62514B63@bogus.com> <525DB90F.1070700@bbn.com> <C26C8B1B-7FA1-456A-A35E-32AAE761A8DE@bogus.com> <525EA106.4040800@bbn.com> <CAMm+Lwgw9sZfgt_aUeTRJQpZu-9UyhDfpTdefLG73t-5s48y2Q@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
X-Mailer: Apple Mail (2.1510)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [147.28.0.81]); Thu, 17 Oct 2013 15:14:50 +0000 (UTC)
Cc: perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>, Tim Moses <tim.moses@entrust.com>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 15:15:09 -0000

--Apple-Mail=_65880F71-C420-4132-8B2B-1E675A3BDB1A
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1


On Oct 16, 2013, at 1:24 PM, Phillip Hallam-Baker <hallam@gmail.com> =
wrote:

>=20
>=20
>=20
> On Wed, Oct 16, 2013 at 10:21 AM, Stephen Kent <kent@bbn.com> wrote:
> Joel,
>=20
> Thanks for the followup, identifying the CABF as the source of the key =
length change.
>=20
> I recently came across a document I wrote in 1999 arguing for 2048 bit =
keys...
>=20
> The problem that required CABForum intervention was that a 1024 bit =
key is compatible with more browsers and always will be. Thus there is a =
commercial advantage in using a 1024 bit cert so as to maximize the =
customer base.
>=20
> CAs were not prepared to stop issuing 1024 bit certs if doing so would =
lose sales to a competitor. Browsers could not stop recognizing 1024 bit =
certs as long as they were the majority of certs in use.
>=20
> Agreeing to stop issue of 1024 bit certs (with some rare exceptions =
outside the WebPKI) required both groups to make a mutual commitment.
>=20

which is pretty much the point I was making in terms of citing it as =
expensive  for the operators and consumers , but necessary. As a content =
provider I would have continued to use 1024 bit keys  as long as was =
plausible because the computational hit is significant enough that =
caused us to swap in an entire new generation of hardware.

>=20
> --=20
> Website: http://hallambaker.com/
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass


--Apple-Mail=_65880F71-C420-4132-8B2B-1E675A3BDB1A
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlJf/twACgkQ8AA1q7Z/VrJJAACghhUcOpK5AQN3DjuzKfUxlqAD
DhkAoIebIHsX2H5lK8y/qZ0rjFcLyC9C
=ikgw
-----END PGP SIGNATURE-----

--Apple-Mail=_65880F71-C420-4132-8B2B-1E675A3BDB1A--

From ynir@checkpoint.com  Thu Oct 17 08:24:10 2013
Return-Path: <ynir@checkpoint.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B87AA21F9EB0 for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 08:24:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.423
X-Spam-Level: 
X-Spam-Status: No, score=-10.423 tagged_above=-999 required=5 tests=[AWL=0.176, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CieH-Ye9fYSN for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 08:24:03 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id BFCD121F9F20 for <perpass@ietf.org>; Thu, 17 Oct 2013 08:23:47 -0700 (PDT)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r9HFNOCl000905; Thu, 17 Oct 2013 18:23:24 +0300
X-CheckPoint: {526000AD-1-1B221DC2-1FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.92]) by DAG-EX10.ad.checkpoint.com ([169.254.3.173]) with mapi id 14.02.0347.000; Thu, 17 Oct 2013 18:23:14 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: joel jaeggli <joelja@bogus.com>
Thread-Topic: [perpass] When private is equated with secure (was: mandatory-to-implement vs. more?)
Thread-Index: AQHOy0gUJjcepctixEmMfcRcadSq1pn40MeA
Date: Thu, 17 Oct 2013 15:23:15 +0000
Message-ID: <90613AB4-8A86-4A35-8225-E4A0A1700325@checkpoint.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <CANW5CYXY1fB5eC6LjmQoP=qDwgZAwB-85fAuBFvYRNo7qR2Lvg@mail.gmail.com> <3DEEBAC1-FA1C-4EB7-BDAA-7E32502037B7@bogus.com> <6.2.5.6.2.20131016231335.0d2dc150@resistor.net> <1D2033FA-CC56-4F72-AD06-25BCA120B4C7@bogus.com>
In-Reply-To: <1D2033FA-CC56-4F72-AD06-25BCA120B4C7@bogus.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [172.31.21.76]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-ID: <8B8C22671766E74CA5378599B0BB90EE@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: SM <sm@resistor.net>, "<perpass@ietf.org>" <perpass@ietf.org>, Stephen Kent <kent@bbn.com>, Mark Atwood <me@mark.atwood.name>
Subject: Re: [perpass] When private is equated with secure (was:	mandatory-to-implement vs. more?)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 15:24:10 -0000

On Oct 17, 2013, at 5:36 PM, joel jaeggli <joelja@bogus.com> wrote:

>=20
> On Oct 16, 2013, at 11:44 PM, SM <sm@resistor.net> wrote:
>=20
>> Hi Joel,
>> At 23:09 16-10-2013, joel jaeggli wrote:
>>> MPLS VPN is more virtually private not virtual private. If you consider=
 that the functional equivalent of your own wavelength or your own glass th=
en maybe it's good enough for your purposes. from my vantage point none of =
those things are the tautological equivalent of an ipsec vpn
>>=20
>> [snip]
>>=20
>>> operators and their customers make tradeoffs all the time, this is one =
of them.
>>=20
>> If I am not mistaken IP VPN has been sold over the years as a secure lin=
k.
>=20
> It doesn't take a lot of sophistication to understand that putting a new =
header on the outsside and whacking an lsp on something doesn't make it sec=
ure in the encryption sense. when you still use the inner ip header as a ha=
sh for flow distribution across trunks, that ought be a reminder that you'r=
e a label strip away from an ip packet.

Yeah. The term has been used for a variety of things, that are "virtually p=
rivate" in various different senses. I've seen it used for phone networks t=
o indicate that you can dial a short number ("It's a VPN, so you can dial 4=
903 instead of 7534903!"), for MPLS networks because you can move any proto=
col you want, even if it's not IP (that's the multi-protocol thing), for MP=
LS networks where RTT is guaranteed by an SLA (just like your corporate LAN=
). Maybe we need to invent a different word for a virtual private network t=
hat actually provides privacy.

> Regarding marketing, I hear that beer makes me smarter and cigarettes mor=
e sophisticated as well.

That's confusing cause and effect. It's not that cigarettes make you sophis=
ticated, it's that it takes a sophisticated person to hold a fire in your m=
outh without getting burned. As for beer, I thought IETF meetings were abou=
t converting beer into specs.

Yoav


From nweaver@ICSI.Berkeley.EDU  Thu Oct 17 08:47:53 2013
Return-Path: <nweaver@ICSI.Berkeley.EDU>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5304B11E8278 for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 08:47:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[AWL=-0.698, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ri7anHBe1NRv for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 08:47:49 -0700 (PDT)
Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id 6EB5711E827D for <perpass@ietf.org>; Thu, 17 Oct 2013 08:47:48 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 2E3D12C4028; Thu, 17 Oct 2013 08:47:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU
Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id tdLcK0y7vac6; Thu, 17 Oct 2013 08:47:47 -0700 (PDT)
Received: from gala.icir.org (gala.icir.org [192.150.187.130]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 936322C4052; Thu, 17 Oct 2013 08:47:47 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_6D749331-616F-4423-8074-584FE274A9ED"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
In-Reply-To: <525FFB12.6030306@bbn.com>
Date: Thu, 17 Oct 2013 08:47:47 -0700
Message-Id: <FD2D5981-770E-4D7A-BEF6-CDB04600275A@ICSI.Berkeley.EDU>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <989619D4-FCB3-4DF4-A4DB-C8864D2155D0@icsi.berkeley.edu> <525EE96F.4020901@bbn.com> <0A4B1BCB-81FC-4EFF-88CD-D6C496C0847F@ICSI.Berkeley.EDU> <525FFB12.6030306@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1510)
Cc: perpass@ietf.org, Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 15:47:53 -0000

--Apple-Mail=_6D749331-616F-4423-8074-584FE274A9ED
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8


On Oct 17, 2013, at 7:58 AM, Stephen Kent <kent@bbn.com> wrote:
>> Capability wise, there is nothing except cryptographic data integrity =
that prevents an eavesdropper from injecting their own traffic.  On =
HTTP, this enables redirecting the browser to an arbitrary site (for =
exploitation), extracting any not-SSL-only cookies, injecting arbitrary =
code at the end of a web page, etc.  Absent DNSSEC validation on the =
part of the victim, DNS injection allows the attacker to MITM any =
connection.

> The ability to effect active and passive attacks is not uniform, and =
often not equivalent,
> at least not on a per link basis. An attacker may be able to listen to =
a satellite down link or
> a fiber cable, but not be able to inject packets into these links.

Thanks to an ability to spoof packets from a gazillion different =
locations, as long as they can inject a spoofed packet from ANOTHER link =
in time, they will still be able to do packet injection.  The attacker's =
point of injection needs to be closer (latency wise) on the network than =
the final destination of the packet, but thats usually a pretty easy =
constraint to meet.


> So it is not quite accurate
> to assert that any adversary who can passively monitor (a link) can =
also engage in active attacks
> (on that link). The general form of active attacks that we usually =
assume in IETF security assesments
> are MITM, which may be very hard to effect, depending on the context.

If you are assuming MITM on a packet level rather than just an =
eavesdropper (man on the side), then it really is a full-active attack =
is just a matter of willingness to do so, since a full MitM can drop =
packets as well.

>> Similarly, at layer 2, absent significant protection in the switch, =
properly configured, both DHCP and ARP injection allows similar total =
hijacking.  There are no capability limitations of note for a "passive" =
eavesdropper who wants to become active.
> What constitutes "significant protection?"

Configurations like this:

=
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/confi=
guration/guide/dynarp.html

=
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisp=
lay/?sp4ts.oid=3D1827663&spf_p.tpst=3DkbDocDisplay&spf_p.prp_kbDocDisplay=3D=
wsrp-navigationalState%3DdocId%253Demr_na-c02609533-1%257CdocLocale%253D%2=
57CcalledBy%253D&javax.portlet.begCacheTok=3Dcom.vignette.cachetoken&javax=
.portlet.endCacheTok=3Dcom.vignette.cachetoken

for ARP, and similar configurations for DHCP.


For the wireless "LAN", the problem is even worse, unless you deploy =
something like this:
meraki.cisco.com/lib/pdf/meraki_datasheet_airmarshal.pdf=E2=80=8E

you have to assume that the attackers can do all sorts of fun things if =
they know the password/can authenticate, such as spoofing an AP and =
relaying traffic.


For both cases, this requires reasonably high end switches and almost =
invariably require that they be properly configured.   Thus it is =
foolish to assume, in developing and deploying protocols, that the =
network does NOT suffer from man-in-the-middle attackers, even when you =
are "just in the LAN".


>> Thus it really is "will" as convenient shorthand: is the attacker =
willing to use this and chance getting caught if a subtle detector is =
actually looking for the signs of attack?
> I think it is more than just a concern re being detected.

Why?  Since its clear that there aren't technical limitations on an =
eavesdropper becoming a full MitM in most cases, its really is only =
"does becoming a full MitM benefit me as an attacker vs any increased =
risk of detection".

> When you mention integrity do you mean integrity w/o authentication? =
To me that's reminiscent of
> the Rocky and Bullwinkle ad cut-away about fan mail from a flounder. =
If a bottle containing a note
> were securely sealed, then one might assume that it was afforded =
integrity. But without authentication,
> we don't know which flounder sent the note, which seems unsatisfying. =
Integrity w/o authentication
> is MUCH easier than authenticated integrity, but I worry that folks =
will misinterpret the security
> they're getting, with unfortunate results.

You need full authentication of all data and communication, so sorry for =
being unclear.



--
Nicholas Weaver                  it is a tale, told by an idiot,
nweaver@icsi.berkeley.edu                full of sound and fury,
510-666-2903                                 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc


--Apple-Mail=_6D749331-616F-4423-8074-584FE274A9ED
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJSYAajAAoJEG2B1w+SDi/uUxUQAKhl3/TSR0V82zcJJjU9rLrU
yu9Ww6LrMtYv/hiyTgO1swgREf8nLLrxrsOQOIE6ejpHUZVyLKHlQWi+0nmIBJDk
WkYczsGEOgIIzYIjo0a6/NpyrPCTXfKpiehjzjKppsXHo2fydTSH17zmZDWFrwQu
/fPWbe2/ewgosO6I7njNL80DTA3dcxD6SNnPtEVSJgjddkgoWHwcjm56oF0b8QTv
KTyKLaom6/zS2zD0l0J7mmwGcLuq4fvjnIAbHNifhOIKjEfma6Rs9N0F7rpeSGdg
vRQvdUFWbje2Y4ohSaugrGRa51jRiIvwzpYMQh3JKsiLJaGmpgLdl702PxCS5e80
Lzj1mgKTzJOSC29OvMrclJdu/lsS/bCnjr81Yd7g/JISEPnXjG1pnwzA8/E/4/TN
/S04HZq2ZHsC+/tGMETErQ46yc1QqoDT59GxoTrTfAJXdC5gIv4tF/2wMII/z6mH
rZQRLIUrOJYBxwpwL3Zc5aKOb61w4anG3OW50omecupx+tPlyweU/UzDYqtToz7O
rWGiZxsukYDg9uBLCzA7wQm4BHVUnLT/DTG6K0ZEPUgnTjf2kTjkNJNh709iYH8Y
deiYw5rjewAN96jl1OXZZkrIG1ezxhsJz2hFzIvOUDvY3kf6Tw97nan4gnT0C9NF
m7ciLH/S3mRJ6MXBe5Ra
=jlxm
-----END PGP SIGNATURE-----

--Apple-Mail=_6D749331-616F-4423-8074-584FE274A9ED--

From ned+perpass@mrochek.com  Thu Oct 17 12:35:54 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3318C11E81E4 for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 12:35:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.01
X-Spam-Level: 
X-Spam-Status: No, score=-1.01 tagged_above=-999 required=5 tests=[AWL=-1.230,  BAYES_20=-0.74, DATE_IN_PAST_03_06=0.044, J_CHICKENPOX_52=0.6,  SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5GjlymKn1--J for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 12:35:49 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 2C39511E826B for <perpass@ietf.org>; Thu, 17 Oct 2013 12:35:48 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZOV9RM1R4006FXB@mauve.mrochek.com> for perpass@ietf.org; Thu, 17 Oct 2013 12:30:41 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZJ0YGW1O000004R@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Thu, 17 Oct 2013 12:30:38 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01OZOV9PPNIU00004R@mauve.mrochek.com>
Date: Thu, 17 Oct 2013 07:51:26 -0700 (PDT)
In-reply-to: "Your message dated Wed, 16 Oct 2013 01:30:53 +0100" <525DDE3D.6020500@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: ned+perpass@mrochek.com, perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 19:35:54 -0000

> Hiya,

> Many snippets below...

> On 10/15/2013 07:13 PM, ned+perpass@mrochek.com wrote:
> >> Following up on my own point - not stylish but I think
> >> in this case justified:-)
> >
> >> On 10/15/2013 12:41 AM, Stephen Farrell wrote:
> >>> I don't
> >>> see why we shouldn't be equally comfortable in saying "don't
> >>> send cleartext" - *if* that's an IETF consensus position - as
> >>> we have seen sending cleartext is also just broken when one
> >>> consideres pervasive monitoring.
> >
> >> I guess this Washington Post story [1] that I saw this
> >> morning would appear to provide a relevant example.
> >> In that case, I would argue that the fact that cleartext
> >> IMAP provides interop and is successful does imply that
> >> some services somewhere will use that for large populations
> >> that will inevitably (as we now know) be subject to
> >> pervasive monitoring.
> >
> > What is this "cleartext IMAP" of which you speak?

> I guess that's a fair comment - we don't know that they're
> able gather to inbox data via IMAP due to it being sent in
> clear,  however that seems like a reasonable guess based
> on the newspaper story which says that collection is done
> by telcos that are "overseas" and assuming that TLS is not
> busted for these services.

Actually, it's exactly the opposite: Details from the article make it very
unlikely that tapping into IMAP sessions is a significant source of data here.
In particular, both the article and the source material make it very clear that
this is primarily about address book information and only secondarily about
actual message content. As I noted previously IMAP does not carry address book
information.

Additionally, there's the peculiar use of the term "inbox" rather than to email
messages in general. IMAP provides access to all folders, whereas protocols
like ActiveSync are used specifically to notify users of the presence of new
messages in their inbox.

And as I noted previously, the peculiarly isolated IMAP slide at the  end is
not evidence of anything because we lack context. For all we know it was
included as an example of a case where collection is particularly difficult.

> (Even were TLS busted for those
> services though, I don't think that changes so much of the
> analysis *if* one can separately mitigate whatever's gone
> wrong with those TLS deployments.)

> But yes, that's guessing and we need to keep that in mind
> and there could well be alternative explanations.

Explanations that appear to me to fit the available information a lot 
better than yours does.

> > A quick check of some of the
> > major US MSPs shows that Gmail, Hotmail, and Apple all require SSL/TLS for
> > IMAP. And AOL definitely offers SSL/TLS support, but I can't tell if they
> > require it or not.
> >
> > Now, it seems to me like I'm missing one ... it's on the tip of my tongue ...
> > oh yeah, that would be Yahoo, the only vendor actually mentioned by name in the
> > Powerpoint slides the Washington Post story you cite is based on. But lo and
> > behold, they also require SSL for all IMAP access!
> >
> > I haven't bothered to survey ISPs (although I will note that Verizon and
> > several others only offers POP, not IMAP, and yes, they do offer SSL with
> > that), but my sense is most of them support SSL/TLS and many even require it.

> Is there publicly available information about the deployment of IMAP
> in terms of how many servers/services allow or disallow cleartext,
> STARTTLS or 993? (To expose my ignorance, yes, I did assume that many
> services still allow IMAP over 143 without STARTTLS in addition to
> 993.)

I doubt it, but even if such information were available it would be irrelevant
to the matter at hand. Once more you're failing to take into account how email
is actually deployed these days. For better or worse, email has seen a huge
degree of centralization: The overwhelming majority of email now resides on a
fairly small number of server farms. If your concern in protecting the accesses
done by the majority of email users, those are the servers that count, not the
one I have at home or the one operated by my (tiny) ISP.

The state of play for those servers is actually pretty easy to quantify, and
I'll do that in a followup message.

> >> When the numbers involved ("500,000 buddylists and
> >> inboxes" collected on a "representative day" for just
> >> one agency) are at that scale, then it seems to me that
> >> one can fairly describe that as a failure in protocol
> >> design and not solely as a bad deployment choice.
> >
> > And again I have to ask: What is the "protocol design failure" of which you
> > speak?

> Basically, having three flavours of IMAP (clear, STARTTLS and 993)
> where one that just mandated use of TLS could arguably be simpler
> and more secure.

More on this later.

> And note - I'm not saying this should've been
> done years ago, I'm asking if in a similar situation today we
> ought go for the one-with-security or the 3-flavoured approach.

First of all, IMAP is a less than ideal example because if we were doing it
today it would almost certainly be cast as a web service, and in that case it
would simply be another thing in the https/http space.

But if you ignore that little detail, I don't think you're going to like my
conclusions of the lessons learned from IMAP in particular and email in
general. My conclusionare that that most of the time the right things to do
are:

(1) Define the service on two ports, one with SSL/TLS covering the entire
    session and the other with no SSL/TLS option at all. (This makes the secure
    variant easy to deploying on connection-terminating load balancers, 
    which I believe is one of the driving factors behind the use of port 993.)

    There are going to be a few cases, like protocols that inherently deal
    with nothing but highly sensitive data, where specifying the insecure port
    variant should not be done. But not many.

    In contrast, there are *no* cases where the secure port should be omitted.
    I don't care if the protocol as designed only transfers public information.
    Protocols have a way of being used in ways their designers did not intend.

(2) Use the DNS in some way to announce which port a specific server expects
    connections to be on.

(3) Specify client latching semantics as a means to detect downgrade attacks.

(4) Think very hard and carefully about how certificate naming issues should
    be handled, and make sure your specification of them is both clear and
    complete.

(5) Think very hard and carefully about allowed/required ciphersuites and
    specify that very clearly and completely as well. (It is unclear to me
    whether this can be done for various classes of protocols versus on a
    case by case basis.)

(6) Do not design your protocol so that compliant operation depends on the
    use of SSL/TLS extensions or ciphersuites that aren't readily available
    in the various widely used crypto frameworks. And if this means there's
    some ugly wart in the protocol, so be it. (Note that this doesn't mean
    you call for implementation of the hoopy perfect forward secrecy scheme
    du jour, only that you can't depend on it.)

    That said, I think an exception needs to be made in the case of
    ciphersuites that employ rc4. I think rc4 is sufficiently problematic
    that its use needs to be discouraged even though that may make
    compliance difficult or even impossible in some cases.

(7) Since there are going to be choices to make when deploying, document
    those choices and their consequences clearly.

(8) The current fixed security considerations sections we currently employ
    are inadequate given how rapidly this stuff evolves. The IETF needs to
    develop a means of formally amending security considerations with
    additional information without having to open the entire document up
    for revision.

(9) Keep the use of normative references for purposes of specifying
    security to a minimum. And if this means some repetition of material,
    so be it.

Conspicuous by its abence on this list is any mention of anything being 
mandatory to use, and as few things as possible that would translate into
something being mandatory to implement. This is because I think history shows
that these sorts of IETF pronouncements - in the email world at least - have
been about as useful as pissing into a strong wind.

More generally, persuasion beats being doctrinaire hands down. Not to toot my
own horn or anything, but since Internet email a la RFC 821/RFC 822 deployed
we've managed to make exactly one really substantive change stick on a more or
less global basis. That was MIME, and we did it without a single mandate that
it be used. Instead we made it as compeling as we possibly could and we also
bent over backwards to make it as easy to deploy as possible.

> (Ignoring the rest of the message and just dealing with that
> would be fine from my pov if that helps.)

> > I'm especially interested in the one the IETF has made that exposes
> > buddy lists and address books.

> Address books? When did I mention those? I don't believe I did and
> if I did then that was in error. The buddylists things in the slides
> are also presumably not IMAP related.

That would be where you said:

    When the numbers involved ("500,000 buddylists and
    inboxes" collected on a "representative day" for just
    one agency) are at that scale, then it seems to me that
    one can fairly describe that as a failure in protocol
    design and not solely as a bad deployment choice.

And as I noted above, you can't divorce them from inbox data collection nearly
as easily as you seem to think.

> Lemme try another way: if IMAP were a brand new protocol
> today and given today's kit and network and what we've
> learned, would we argue to define both an insecure and
> a secure (but maybe not much used) variant or would we
> be better off only defining one version that builds in
> whatever we think is the right set of securiy features
> and ensures that those are used (by not having the
> option to not use 'em)?

See above. Again ignoring the fact that IMAP wouldn't be done in remotely
the same way if we were doing it today, the anwer is no, we'd almost
certainly still want to have an insecure variant.

> >> (*) Yes, there's a bit of arm-waving there since one
> >> can validly argue that the TLS ciphersuite that's MTI
> >> for 3501 is still just a bit too hard to deploy as
> >> one is supposed to get a server cert that the UA can
> >> verify, which implies some management overhead. So
> >> something slightly more easily deployed (and hence
> >> not quite 3501) might really be needed. But *how* to
> >> do MTU stuff could be a protocol-specific debate to
> >> have after we concluded we had consensus for
> >> more-than-MTI in some form. (Which we don't, today.)
> >> But of course, a new IMAP security BCP doesn't have
> >> to wait either (hint, hint:-)
> >
> > ... And that's a strawman. I've not heard and provider of any size make such an
> > argument in many, many, many years. The fact of the matter is that secure IMAP
> > *is* widely and successfully deployed, albeit in a way that the IETF did not
> > intend and in spite of the fact that the IETF did bugger-all to make it easy to
> > do.

> Yes - I think that supports my argument - the existence of a
> "pretend" security variant at day zero is damaging so we should
> ask whether we ought just make the security mandatory to use
> and end up with one version.

On the contrary, what's damaging on day zero is having a specification for
which compliance isn't practical for a significant fraction of implementors,
deployers, or both. This is what happened in the case of IMAP, and the result
was vendors ignored what the specifications called for and secured the protocol
in their own way. (And security isn't the only example of this in IMAP.)

> > And since only yesterday I was listening to a presentation that among other
> > things covered the specifics of how a provider with 10s of millions of users
> > handles this particular problem, I can state with some authority that the costs
> > aren't that big a deal.

> I don't get what you mean there.

You claimed that there are valid arguments that the TLS ciphersuites that are
MTI are too hard to deploy. AFAICT that claim is false.

> >
> > But if you really think it's worth spending the time to make IMAP security even
> > better, that's fine with me. But the work needs to be based on what's in play
> > in the real world, which seems markedly at odds with what you imagine is out
> > there.

> Disagree. But that (I hope) is because you misinterpreted what
> I'm asking/saying.

> > It also needs to be informed by what's actually possible given real
> > world constraints, e.g., what ciphersuites are actually offered by the SSL/TLS
> > libraries in common use.

> Yeah. There're similar issues for TLS in general.

> > (I've heard it mooted that support for anon-DH in
> > particular is likely to be dropped from some of them.)

> That's fair. I did acknowledge arm-waving though.

> > And finally,
> > expectations as to what this will actually accomoplish in terms of thwaring
> > pervasive surveilance need to be lowered pretty dramatically.

> Why? And even if so, it may be worth doing as proection
> against other bad actors.

Because given the way email actually works this may well be a case of putting
bars on the barn windows while leaving the door unlocked.

> > But more generally - and I'm afraid I'm going to be a bit unkind here - there's
> > way too much yacketing about non-issues and completely impractical
> > non-solutions going on here, at least when it comes to securing the
> > bulk of present-day email.

> I think that's not unkind but is unfair. (Given that I think
> you yacketed about address books above for example.)

You need to reread your own original message as well as the material in the
slides before making any such claim.

> > So I'm once again going to ask, "What's the goal here?". If the goal is to make
> > the email of select group of cognescenti more secure that's one thing. It's
> > quite another to talk seriously about improving email security for everyone
> > else.
> >
> > If we're going to do the latter, I'm afraid that needs to start with a better
> > understanding of what present-day email service actually looks like and where
> > market trends are pushing it.

> Better understanding is always good and the main goal here (at least
> mine) is to make pervasive monitoring more expensive to the extent
> technically feasible. Personally, I think there are things about IMAP
> that could be impoved but I'm very skeptical that we can "solve" the
> problem for mail in general. (Some others on this list are more
> optimistic.)

You're still not answering the question, at least directly, and I really want a
direct answer. More expensive for whom? The vast majority of current and likely
future email users, who seem perfectly happy to use the service offerings of
large ISPs and MSPs? If so, then any proposal you come up with needs to done in
a way that persuades those providers that making changes to their service
offerings is the right thing for them to do.

				Ned

From stephen.farrell@cs.tcd.ie  Thu Oct 17 14:53:55 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3798211E820D for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 14:53:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.442
X-Spam-Level: 
X-Spam-Status: No, score=-102.442 tagged_above=-999 required=5 tests=[AWL=-0.158, BAYES_00=-2.599, SARE_MILLIONSOF=0.315, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tVfOk08W9w9x for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 14:53:50 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 89A0111E81E6 for <perpass@ietf.org>; Thu, 17 Oct 2013 14:53:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 3D458BE88; Thu, 17 Oct 2013 22:53:48 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vwGb1XvqFRo6; Thu, 17 Oct 2013 22:53:45 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.42.23.232]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id E063EBE87; Thu, 17 Oct 2013 22:53:42 +0100 (IST)
Message-ID: <52605C61.5080507@cs.tcd.ie>
Date: Thu, 17 Oct 2013 22:53:37 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: ned+perpass@mrochek.com
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com>	<525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie>	<01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie> <01OZOV9PPNIU00004R@mauve.mrochek.com>
In-Reply-To: <01OZOV9PPNIU00004R@mauve.mrochek.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 21:53:55 -0000

Some bits snipped out...

On 10/17/2013 03:51 PM, ned+perpass@mrochek.com wrote:
> 
>> Hiya,
> 
>> Many snippets below...
> 
>> On 10/15/2013 07:13 PM, ned+perpass@mrochek.com wrote:
>>>> Following up on my own point - not stylish but I think
>>>> in this case justified:-)
>>>
>>>> On 10/15/2013 12:41 AM, Stephen Farrell wrote:
>>>>> I don't
>>>>> see why we shouldn't be equally comfortable in saying "don't
>>>>> send cleartext" - *if* that's an IETF consensus position - as
>>>>> we have seen sending cleartext is also just broken when one
>>>>> consideres pervasive monitoring.
>>>
>>>> I guess this Washington Post story [1] that I saw this
>>>> morning would appear to provide a relevant example.
>>>> In that case, I would argue that the fact that cleartext
>>>> IMAP provides interop and is successful does imply that
>>>> some services somewhere will use that for large populations
>>>> that will inevitably (as we now know) be subject to
>>>> pervasive monitoring.
>>>
>>> What is this "cleartext IMAP" of which you speak?
> 
>> I guess that's a fair comment - we don't know that they're
>> able gather to inbox data via IMAP due to it being sent in
>> clear,  however that seems like a reasonable guess based
>> on the newspaper story which says that collection is done
>> by telcos that are "overseas" and assuming that TLS is not
>> busted for these services.
> 
> Actually, it's exactly the opposite: Details from the article make it very
> unlikely that tapping into IMAP sessions is a significant source of data here.
> In particular, both the article and the source material make it very clear that
> this is primarily about address book information and only secondarily about
> actual message content. As I noted previously IMAP does not carry address book
> information.

So you're interpreting "inbox" to mean address book. To be
honest, I'm not convinced by that.

That's not how I read it - I do interpret inbox to mean
inbox, primarily mail accessed via imap or webmail.

> Additionally, there's the peculiar use of the term "inbox" rather than to email
> messages in general. IMAP provides access to all folders, whereas protocols
> like ActiveSync are used specifically to notify users of the presence of new
> messages in their inbox.
> 
> And as I noted previously, the peculiarly isolated IMAP slide at the  end is
> not evidence of anything because we lack context. For all we know it was
> included as an example of a case where collection is particularly difficult.

I agree it stands out from the others and is hard to interpret.
I don't think inbox is hard to intepret at all though.

>> Is there publicly available information about the deployment of IMAP
>> in terms of how many servers/services allow or disallow cleartext,
>> STARTTLS or 993? (To expose my ignorance, yes, I did assume that many
>> services still allow IMAP over 143 without STARTTLS in addition to
>> 993.)
> 
> I doubt it, but even if such information were available it would be irrelevant
> to the matter at hand. Once more you're failing to take into account how email
> is actually deployed these days. For better or worse, email has seen a huge
> degree of centralization: The overwhelming majority of email now resides on a
> fairly small number of server farms. If your concern in protecting the accesses
> done by the majority of email users, those are the servers that count, not the
> one I have at home or the one operated by my (tiny) ISP.

Protecting the majority of email users is not the same issue. Its
also a fine thing but slightly different, see the end.

> The state of play for those servers is actually pretty easy to quantify, and
> I'll do that in a followup message.
> 
>>>> When the numbers involved ("500,000 buddylists and
>>>> inboxes" collected on a "representative day" for just
>>>> one agency) are at that scale, then it seems to me that
>>>> one can fairly describe that as a failure in protocol
>>>> design and not solely as a bad deployment choice.
>>>
>>> And again I have to ask: What is the "protocol design failure" of which you
>>> speak?
> 
>> Basically, having three flavours of IMAP (clear, STARTTLS and 993)
>> where one that just mandated use of TLS could arguably be simpler
>> and more secure.
> 
> More on this later.
> 
>> And note - I'm not saying this should've been
>> done years ago, I'm asking if in a similar situation today we
>> ought go for the one-with-security or the 3-flavoured approach.
> 
> First of all, IMAP is a less than ideal example because if we were doing it
> today it would almost certainly be cast as a web service, and in that case it
> would simply be another thing in the https/http space.
> 
> But if you ignore that little detail, I don't think you're going to like my
> conclusions of the lessons learned from IMAP in particular and email in
> general. 

I don't dislike 'em actually. Most seem reasonable.

> My conclusionare that that most of the time the right things to do
> are:
> 
> (1) Define the service on two ports, one with SSL/TLS covering the entire
>     session and the other with no SSL/TLS option at all. (This makes the secure
>     variant easy to deploying on connection-terminating load balancers, 
>     which I believe is one of the driving factors behind the use of port 993.)

That's the bit I'm questioning. I figure that if we could do
just the secure one, then we'd be done and that'd be a better
approach than having two. I also think that if we muck up and
do a pretend job on security then we end up with 3: plain,
pretend-secure and eventually-fixed-secure. That's happened
with more than IMAP.

I don't know if only doing the secure one in an IETF context
is at all likely though. History would seem to show that its
not. OTOH, it is true that doing the secure versions is much
better understood now and much more practical than it was a
decade ago, so I think its worth exploring.

> 
>     There are going to be a few cases, like protocols that inherently deal
>     with nothing but highly sensitive data, where specifying the insecure port
>     variant should not be done. But not many.

Yep. And some cases like DHCP where its just hard to do
meaningful (crypto) security.

> 
>     In contrast, there are *no* cases where the secure port should be omitted.
>     I don't care if the protocol as designed only transfers public information.
>     Protocols have a way of being used in ways their designers did not intend.
> 
> (2) Use the DNS in some way to announce which port a specific server expects
>     connections to be on.
> 
> (3) Specify client latching semantics as a means to detect downgrade attacks.
> 
> (4) Think very hard and carefully about how certificate naming issues should
>     be handled, and make sure your specification of them is both clear and
>     complete.
> 
> (5) Think very hard and carefully about allowed/required ciphersuites and
>     specify that very clearly and completely as well. (It is unclear to me
>     whether this can be done for various classes of protocols versus on a
>     case by case basis.)
> 
> (6) Do not design your protocol so that compliant operation depends on the
>     use of SSL/TLS extensions or ciphersuites that aren't readily available
>     in the various widely used crypto frameworks. And if this means there's
>     some ugly wart in the protocol, so be it. (Note that this doesn't mean
>     you call for implementation of the hoopy perfect forward secrecy scheme
>     du jour, only that you can't depend on it.)
> 
>     That said, I think an exception needs to be made in the case of
>     ciphersuites that employ rc4. I think rc4 is sufficiently problematic
>     that its use needs to be discouraged even though that may make
>     compliance difficult or even impossible in some cases.
> 
> (7) Since there are going to be choices to make when deploying, document
>     those choices and their consequences clearly.
> 
> (8) The current fixed security considerations sections we currently employ
>     are inadequate given how rapidly this stuff evolves. The IETF needs to
>     develop a means of formally amending security considerations with
>     additional information without having to open the entire document up
>     for revision.
> 
> (9) Keep the use of normative references for purposes of specifying
>     security to a minimum. And if this means some repetition of material,
>     so be it.

I think I'd agree with almost all of (2)-(9).

> Conspicuous by its abence on this list is any mention of anything being 
> mandatory to use, and as few things as possible that would translate into
> something being mandatory to implement. This is because I think history shows
> that these sorts of IETF pronouncements - in the email world at least - have
> been about as useful as pissing into a strong wind.

I agree about pronouncements. But I also think we might be able
to do better than we're doing now without 'em.

> More generally, persuasion beats being doctrinaire hands down. Not to toot my
> own horn or anything, but since Internet email a la RFC 821/RFC 822 deployed
> we've managed to make exactly one really substantive change stick on a more or
> less global basis. That was MIME, and we did it without a single mandate that
> it be used. Instead we made it as compeling as we possibly could and we also
> bent over backwards to make it as easy to deploy as possible.
> 
>> (Ignoring the rest of the message and just dealing with that
>> would be fine from my pov if that helps.)
> 
>>> I'm especially interested in the one the IETF has made that exposes
>>> buddy lists and address books.
> 
>> Address books? When did I mention those? I don't believe I did and
>> if I did then that was in error. The buddylists things in the slides
>> are also presumably not IMAP related.
> 
> That would be where you said:
> 
>     When the numbers involved ("500,000 buddylists and
>     inboxes" collected on a "representative day" for just
>     one agency) are at that scale, then it seems to me that
>     one can fairly describe that as a failure in protocol
>     design and not solely as a bad deployment choice.
> 
> And as I noted above, you can't divorce them from inbox data collection nearly
> as easily as you seem to think.

As per above. I don't find that convincing.

> 
>> Lemme try another way: if IMAP were a brand new protocol
>> today and given today's kit and network and what we've
>> learned, would we argue to define both an insecure and
>> a secure (but maybe not much used) variant or would we
>> be better off only defining one version that builds in
>> whatever we think is the right set of securiy features
>> and ensures that those are used (by not having the
>> option to not use 'em)?
> 
> See above. Again ignoring the fact that IMAP wouldn't be done in remotely
> the same way if we were doing it today, the anwer is no, we'd almost
> certainly still want to have an insecure variant.

Why? Serious question.

> 
>>>> (*) Yes, there's a bit of arm-waving there since one
>>>> can validly argue that the TLS ciphersuite that's MTI
>>>> for 3501 is still just a bit too hard to deploy as
>>>> one is supposed to get a server cert that the UA can
>>>> verify, which implies some management overhead. So
>>>> something slightly more easily deployed (and hence
>>>> not quite 3501) might really be needed. But *how* to
>>>> do MTU stuff could be a protocol-specific debate to
>>>> have after we concluded we had consensus for
>>>> more-than-MTI in some form. (Which we don't, today.)
>>>> But of course, a new IMAP security BCP doesn't have
>>>> to wait either (hint, hint:-)
>>>
>>> ... And that's a strawman. I've not heard and provider of any size make such an
>>> argument in many, many, many years. The fact of the matter is that secure IMAP
>>> *is* widely and successfully deployed, albeit in a way that the IETF did not
>>> intend and in spite of the fact that the IETF did bugger-all to make it easy to
>>> do.
> 
>> Yes - I think that supports my argument - the existence of a
>> "pretend" security variant at day zero is damaging so we should
>> ask whether we ought just make the security mandatory to use
>> and end up with one version.
> 
> On the contrary, what's damaging on day zero is having a specification for
> which compliance isn't practical for a significant fraction of implementors,
> deployers, or both. This is what happened in the case of IMAP, and the result
> was vendors ignored what the specifications called for and secured the protocol
> in their own way. (And security isn't the only example of this in IMAP.)

I agree that that happened and was damaging. I don't thinks its
at all contrary to what I said.

> 
>>> And since only yesterday I was listening to a presentation that among other
>>> things covered the specifics of how a provider with 10s of millions of users
>>> handles this particular problem, I can state with some authority that the costs
>>> aren't that big a deal.
> 
>> I don't get what you mean there.
> 
> You claimed that there are valid arguments that the TLS ciphersuites that are
> MTI are too hard to deploy. AFAICT that claim is false.

I do think that the PKI parts are too hard to deploy. Not for
the larger MSPs, but it could be a good bit easier. Or maybe
you're the one person in the universe who thinks that deploying
PKI is a doddle:-)

>>> So I'm once again going to ask, "What's the goal here?". If the goal is to make
>>> the email of select group of cognescenti more secure that's one thing. It's
>>> quite another to talk seriously about improving email security for everyone
>>> else.
>>>
>>> If we're going to do the latter, I'm afraid that needs to start with a better
>>> understanding of what present-day email service actually looks like and where
>>> market trends are pushing it.
> 
>> Better understanding is always good and the main goal here (at least
>> mine) is to make pervasive monitoring more expensive to the extent
>> technically feasible. Personally, I think there are things about IMAP
>> that could be impoved but I'm very skeptical that we can "solve" the
>> problem for mail in general. (Some others on this list are more
>> optimistic.)
> 
> You're still not answering the question, at least directly, and I really want a
> direct answer. More expensive for whom?

Ah sorry. I think the goal here is to make pervasive monitoring
more expensive for anyone (govt or other) who wants to do that,
in cases where we think we can create a maybe significant enough
disencentive, but without making things harder for people who're
using protocols as designed. There will be some tradeoffs there
for sure, but in some cases if we get consensus for changes then
we might actually improve things for the normal users too.

The first part of that is new to the extent that we're dealing
with a new threat model. If we can do something for that, then
my hope is that we can improve general security and usabiliy as
well, since we've learned a good bit about that (or should have)
in the last decade.

> The vast majority of current and likely
> future email users, who seem perfectly happy to use the service
offerings of
> large ISPs and MSPs? If so, then any proposal you come up with needs
to done in
> a way that persuades those providers that making changes to their service
> offerings is the right thing for them to do.

That's fair.

S.


> 
> 				Ned
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 

From hallam@gmail.com  Thu Oct 17 15:12:39 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5265911E82A2 for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 15:12:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.591
X-Spam-Level: 
X-Spam-Status: No, score=-2.591 tagged_above=-999 required=5 tests=[AWL=0.008,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V6wnzvadjtEu for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 15:12:38 -0700 (PDT)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id 27B2721F9A40 for <perpass@ietf.org>; Thu, 17 Oct 2013 15:12:37 -0700 (PDT)
Received: by mail-la0-f48.google.com with SMTP id er20so25277lab.21 for <perpass@ietf.org>; Thu, 17 Oct 2013 15:12:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=EYqU+CFiXeIRYIVfANF6EBphCHJ3gU6Y8uOjPy8rq/Y=; b=H7MfG1hzUQ2ZG9OJTkBnkHjWIGWigQyuh+qcVuhXmf7ydJ0qtL+L2hgDvCdez/F6M3 VLvp4TqkPVft27LwZn7U+GyoP5mp2/bmrJYVE9vH2A5e2Z84JzhdOeADvcK5MVkzQiiT 6mEyMBThgInsg/ShkQRmef37SYhXZ8fSoGCaflDdZs3cTxg/IU7+KECII3O1bWzpPHcs R0R/ZIwSaLxDulNCjEsWVIq03nenLny8XprM4rBsoMOFSxsio8iRrUoJMytflhqKEckT eSPONPhE+UlF+h4baEcrxonWCUSPv4L92eATfqrG6m4vr5hmsYyMrSUsYCyE0j/Y3HcG VKEg==
MIME-Version: 1.0
X-Received: by 10.112.180.66 with SMTP id dm2mr92050lbc.68.1382047956952; Thu, 17 Oct 2013 15:12:36 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Thu, 17 Oct 2013 15:12:36 -0700 (PDT)
Date: Thu, 17 Oct 2013 18:12:36 -0400
Message-ID: <CAMm+LwioSoi-UXnDQy3+tL6sFcoC_MoGTDtOcDXJGXEZqQ=yDA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary=089e01182d9e896e2a04e8f71d05
X-Mailman-Approved-At: Thu, 17 Oct 2013 15:22:11 -0700
Subject: [perpass] PRISM-Proof Email, Key Management and Publication Specification
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 22:12:39 -0000

--089e01182d9e896e2a04e8f71d05
Content-Type: text/plain; charset=ISO-8859-1

I have produced a first draft of the specification for the Key Publication
service and key management tool that talks to it.

The code being documented is rough. Not least because the ASN.1 encoder I
wrote does not know about ASN.1 inanities like OPTIONAL, IMPLICIT or such
yet so the certs are not DER encoded.

http://tools.ietf.org/html/draft-hallambaker-prismproof-key-00


This specification represents one of the two interfaces to the blob in the
cloud that I call 'research'. We don't yet know the best approach to trust
management but it is going to be a lot easier to find out if we separate
that hard research problem from the 'plumbing' required to make secure
email work.

The other interface is the Omnibroker specification I wrote earlier this
year.

http://tools.ietf.org/html/draft-hallambaker-httpsession-01
http://tools.ietf.org/html/draft-hallambaker-wsconnect-04
http://tools.ietf.org/html/draft-hallambaker-omnibroker-06


I believe that between these specifications we have a fairly complete idea
of what the 'plumbing' side of 'Privacy Protected' Email should look like.

The Strong Email Addresses shown earlier provide a demonstration that we
can solve this problem for at least some class of email user using stock
email clients (OK plus a proxy gateway to send the mail).

If people would like to write code, we are at the point where that is now
practical. In addition it would be very useful if people could find out
information such as how various commonly used email clients store S/MIMe
keys and how might a program do the user's job of configuration for them.

-- 
Website: http://hallambaker.com/

--089e01182d9e896e2a04e8f71d05
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I have produced a first draft of the specification for the=
 Key Publication service and key management tool that talks to it.<div><br>=
</div><div>The code being documented is rough. Not least because the ASN.1 =
encoder I wrote does not know about ASN.1 inanities like OPTIONAL, IMPLICIT=
 or such yet so the certs are not DER encoded.</div>
<div><br clear=3D"all"><div><a href=3D"http://tools.ietf.org/html/draft-hal=
lambaker-prismproof-key-00">http://tools.ietf.org/html/draft-hallambaker-pr=
ismproof-key-00</a><br></div><div><br></div><div><br></div><div>This specif=
ication represents one of the two interfaces to the blob in the cloud that =
I call &#39;research&#39;. We don&#39;t yet know the best approach to trust=
 management but it is going to be a lot easier to find out if we separate t=
hat hard research problem from the &#39;plumbing&#39; required to make secu=
re email work.</div>
<div><br></div><div>The other interface is the Omnibroker specification I w=
rote earlier this year.</div><div><br></div><div><a href=3D"http://tools.ie=
tf.org/html/draft-hallambaker-httpsession-01">http://tools.ietf.org/html/dr=
aft-hallambaker-httpsession-01</a><br>
</div><div><a href=3D"http://tools.ietf.org/html/draft-hallambaker-wsconnec=
t-04">http://tools.ietf.org/html/draft-hallambaker-wsconnect-04</a><br></di=
v><div><a href=3D"http://tools.ietf.org/html/draft-hallambaker-omnibroker-0=
6">http://tools.ietf.org/html/draft-hallambaker-omnibroker-06</a><br>
</div><div><br></div><div><br></div><div>I believe that between these speci=
fications we have a fairly complete idea of what the &#39;plumbing&#39; sid=
e of &#39;Privacy Protected&#39; Email should look like.</div><div><br>
</div><div>The Strong Email Addresses shown earlier provide a demonstration=
 that we can solve this problem for at least some class of email user using=
 stock email clients (OK plus a proxy gateway to send the mail).</div><div>
<br></div><div>If people would like to write code, we are at the point wher=
e that is now practical. In addition it would be very useful if people coul=
d find out information such as how various commonly used email clients stor=
e S/MIMe keys and how might a program do the user&#39;s job of configuratio=
n for them.</div>
<div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/">http://h=
allambaker.com/</a><br>
</div></div>

--089e01182d9e896e2a04e8f71d05--

From hallam@gmail.com  Thu Oct 17 16:27:46 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0BFF11E8195 for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 16:27:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.592
X-Spam-Level: 
X-Spam-Status: No, score=-2.592 tagged_above=-999 required=5 tests=[AWL=0.007,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HGbroEsRfpbn for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 16:27:45 -0700 (PDT)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id A2B2E11E81F0 for <perpass@ietf.org>; Thu, 17 Oct 2013 16:27:41 -0700 (PDT)
Received: by mail-la0-f49.google.com with SMTP id ev20so82621lab.8 for <perpass@ietf.org>; Thu, 17 Oct 2013 16:27:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=iSpATh1+xaHPpxnWuFuAtcXA6A/Wf/vbbRbtYEdbrZY=; b=Bd/w0q6PzXLnF1mIQXAHvcAEqXe5+Ca2t6bGVm6uxHIWCcLpUUp+4ubUZIF1Jlj/qV dwzu9b68WRwyiVt2+smnFs+24MGLQ8/9Nmh5aiauNOyX3BHTFxu0XrwlBOyX9W+fTf7Y RB+AffymY57N3woThMCOQGdzzHkKBZQSmFZBxJTqkcHK1effB1hzEDtjIuEx9ooJ6cuk A2aItYSpQHeEfO/xhJWpouhVz7gMhnUHByIAtK7aDoT7H6nVlF3vDyqlLUGIysGo/G+Q fzHqZv18bOXv67Qjgp5a9FKNFU797cGtJWyNIy9vF8R8KYPS4hkwtlERQuRID1uZnuhq YtuQ==
MIME-Version: 1.0
X-Received: by 10.152.9.194 with SMTP id c2mr77559lab.83.1382052460528; Thu, 17 Oct 2013 16:27:40 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Thu, 17 Oct 2013 16:27:40 -0700 (PDT)
In-Reply-To: <CAMm+LwioSoi-UXnDQy3+tL6sFcoC_MoGTDtOcDXJGXEZqQ=yDA@mail.gmail.com>
References: <CAMm+LwioSoi-UXnDQy3+tL6sFcoC_MoGTDtOcDXJGXEZqQ=yDA@mail.gmail.com>
Date: Thu, 17 Oct 2013 19:27:40 -0400
Message-ID: <CAMm+LwjH86U2Lb4t4T558GiaM-UPLA1hReZB6n1VUGE+_hCW0g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: perpass <perpass@ietf.org>
Content-Type: multipart/alternative; boundary=001a1133dba0f8874e04e8f8298b
Subject: [perpass] Fwd: PRISM-Proof Email, Key Management and Publication Specification
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 23:27:46 -0000

--001a1133dba0f8874e04e8f8298b
Content-Type: text/plain; charset=ISO-8859-1

[Try #2]

I have produced a first draft of the specification for the Key Publication
service and key management tool that talks to it.

The code being documented is rough. Not least because the ASN.1 encoder I
wrote does not know about ASN.1 inanities like OPTIONAL, IMPLICIT or such
yet so the certs are not DER encoded.

http://tools.ietf.org/html/draft-hallambaker-prismproof-key-00


This specification represents one of the two interfaces to the blob in the
cloud that I call 'research'. We don't yet know the best approach to trust
management but it is going to be a lot easier to find out if we separate
that hard research problem from the 'plumbing' required to make secure
email work.

The other interface is the Omnibroker specification I wrote earlier this
year.

http://tools.ietf.org/html/draft-hallambaker-httpsession-01
http://tools.ietf.org/html/draft-hallambaker-wsconnect-04
http://tools.ietf.org/html/draft-hallambaker-omnibroker-06


I believe that between these specifications we have a fairly complete idea
of what the 'plumbing' side of 'Privacy Protected' Email should look like.

The Strong Email Addresses shown earlier provide a demonstration that we
can solve this problem for at least some class of email user using stock
email clients (OK plus a proxy gateway to send the mail).

If people would like to write code, we are at the point where that is now
practical. In addition it would be very useful if people could find out
information such as how various commonly used email clients store S/MIMe
keys and how might a program do the user's job of configuration for them.

-- 
Website: http://hallambaker.com/



-- 
Website: http://hallambaker.com/

--001a1133dba0f8874e04e8f8298b
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">[Try #2]<br><div class=3D"gmail_quote"><br><div dir=3D"ltr=
">I have produced a first draft of the specification for the Key Publicatio=
n service and key management tool that talks to it.<div><br></div><div>The =
code being documented is rough. Not least because the ASN.1 encoder I wrote=
 does not know about ASN.1 inanities like OPTIONAL, IMPLICIT or such yet so=
 the certs are not DER encoded.</div>

<div><br clear=3D"all"><div><a href=3D"http://tools.ietf.org/html/draft-hal=
lambaker-prismproof-key-00" target=3D"_blank">http://tools.ietf.org/html/dr=
aft-hallambaker-prismproof-key-00</a><br></div><div><br></div><div><br></di=
v>
<div>This specification represents one of the two interfaces to the blob in=
 the cloud that I call &#39;research&#39;. We don&#39;t yet know the best a=
pproach to trust management but it is going to be a lot easier to find out =
if we separate that hard research problem from the &#39;plumbing&#39; requi=
red to make secure email work.</div>

<div><br></div><div>The other interface is the Omnibroker specification I w=
rote earlier this year.</div><div><br></div><div><a href=3D"http://tools.ie=
tf.org/html/draft-hallambaker-httpsession-01" target=3D"_blank">http://tool=
s.ietf.org/html/draft-hallambaker-httpsession-01</a><br>

</div><div><a href=3D"http://tools.ietf.org/html/draft-hallambaker-wsconnec=
t-04" target=3D"_blank">http://tools.ietf.org/html/draft-hallambaker-wsconn=
ect-04</a><br></div><div><a href=3D"http://tools.ietf.org/html/draft-hallam=
baker-omnibroker-06" target=3D"_blank">http://tools.ietf.org/html/draft-hal=
lambaker-omnibroker-06</a><br>

</div><div><br></div><div><br></div><div>I believe that between these speci=
fications we have a fairly complete idea of what the &#39;plumbing&#39; sid=
e of &#39;Privacy Protected&#39; Email should look like.</div><div><br>

</div><div>The Strong Email Addresses shown earlier provide a demonstration=
 that we can solve this problem for at least some class of email user using=
 stock email clients (OK plus a proxy gateway to send the mail).</div>
<div>
<br></div><div>If people would like to write code, we are at the point wher=
e that is now practical. In addition it would be very useful if people coul=
d find out information such as how various commonly used email clients stor=
e S/MIMe keys and how might a program do the user&#39;s job of configuratio=
n for them.</div>
<span class=3D"HOEnZb"><font color=3D"#888888">
<div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/" target=
=3D"_blank">http://hallambaker.com/</a><br>
</font></span></div></div>
</div><br><br clear=3D"all"><div><br></div>-- <br>Website: <a href=3D"http:=
//hallambaker.com/">http://hallambaker.com/</a><br>
</div>

--001a1133dba0f8874e04e8f8298b--

From doug.mtview@gmail.com  Thu Oct 17 17:45:10 2013
Return-Path: <doug.mtview@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE32221F9123 for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 17:45:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AUlLeliU3q6p for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 17:45:10 -0700 (PDT)
Received: from mail-pa0-x235.google.com (mail-pa0-x235.google.com [IPv6:2607:f8b0:400e:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id F119B11E82E0 for <perpass@ietf.org>; Thu, 17 Oct 2013 17:45:07 -0700 (PDT)
Received: by mail-pa0-f53.google.com with SMTP id kq14so3655480pab.12 for <perpass@ietf.org>; Thu, 17 Oct 2013 17:45:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=C82dMg0Hc/9QsncR+OCZozyU4iFC36Yc4B0njo31Tds=; b=LX8TDV1fMW4a5sM1TSPh/3uaUGlxM8GTL7/EII2IpRJnyr/hRTvdtldt0Qm4JZg7D0 SM2xHMLgCRmHvK0N8wOeYRv6z8PaWNcnVjhCP+y7vGOe3UdfW+3KTebxTtKykHPMsYHX qiyaXUGOfoteMj7oIfWFWaGfdvbOwhmPcNH2JWEFoHWWoaptc0tX4XKL5IA3mF/x17CG EDrwmlpO53nJkOcEaoaZxd1cGNG3iIRRxoJ5evUPviSXnHfpLz6WoUhX5EQIKnNSjxVn 4qdmLWQ93g4CvMrDDW7cFicMgmc1u6+JEwpAsYwhl+/jnTSczgHKBdATsKSdC2gGLiyw QehQ==
X-Received: by 10.66.233.69 with SMTP id tu5mr753456pac.78.1382057107475; Thu, 17 Oct 2013 17:45:07 -0700 (PDT)
Received: from [192.168.2.229] (c-24-6-103-174.hsd1.ca.comcast.net. [24.6.103.174]) by mx.google.com with ESMTPSA id rp8sm2965705pbc.25.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 17 Oct 2013 17:45:06 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <01OZOV9PPNIU00004R@mauve.mrochek.com>
Date: Thu, 17 Oct 2013 17:45:04 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <DE130FF7-92C3-41FA-87B0-D7E48288F5A0@gmail.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie> <01OZOV9PPNIU00004R@mauve.mrochek.com>
To: ned+perpass@mrochek.com
X-Mailer: Apple Mail (2.1510)
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2013 00:45:11 -0000

On Oct 17, 2013, at 7:51 AM, ned+perpass@mrochek.com wrote:
> Stephen Farrell <stephen.farrell@cs.tcd.ie> on Oct 15, 2013 5:31PM =
wrote:
>> Better understanding is always good and the main goal here (at least
>> mine) is to make pervasive monitoring more expensive to the extent
>> technically feasible. Personally, I think there are things about IMAP
>> that could be impoved but I'm very skeptical that we can "solve" the
>> problem for mail in general. (Some others on this list are more
>> optimistic.)
>=20
> You're still not answering the question, at least directly, and I =
really want a
> direct answer. More expensive for whom? The vast majority of current =
and likely
> future email users, who seem perfectly happy to use the service =
offerings of
> large ISPs and MSPs? If so, then any proposal you come up with needs =
to done in
> a way that persuades those providers that making changes to their =
service
> offerings is the right thing for them to do.

Dear Ned,

Improving the efficiency of email acceptance might be this incentive.  =
As IPv6 becomes pervasive, an authenticated domain source as a basis is =
likely to be more sustainable over time.  Establishing expectations that =
StartTLS confirms both server and client certificates affords improved =
transactional protection from spoofing or reputation poisoning, =
especially with the transparency and economy afforded by DANE for =
protection from simple monitoring, malicious spoofing, and reputation =
poisoning.  Providers will need to be trustworthy and may need to reside =
in specific geopolitical regions willing to ensure such protections.

Multiple keying of encrypted data where each key subset resides in =
different geopolitical regions might be a way to increase trust, but =
this is not off-the-shelf crypto which you state as a requirement.

Regards,
Douglas Otis



From randy@psg.com  Thu Oct 17 21:50:31 2013
Return-Path: <randy@psg.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32B0321F964C for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 21:50:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.513
X-Spam-Level: 
X-Spam-Status: No, score=-2.513 tagged_above=-999 required=5 tests=[AWL=0.087,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yl5iF4AnjUPn for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 21:50:30 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) by ietfa.amsl.com (Postfix) with ESMTP id A8C0721F9C72 for <perpass@ietf.org>; Thu, 17 Oct 2013 21:50:30 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76) (envelope-from <randy@psg.com>) id 1VX216-0000H7-H2; Fri, 18 Oct 2013 04:50:28 +0000
Date: Fri, 18 Oct 2013 07:50:27 +0300
Message-ID: <m2vc0vgp2k.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Scott Brim <scott.brim@gmail.com>
In-Reply-To: <CAPv4CP_jdA1_KSZgVzn2b-08LCmKzLmB5-2E91v3pa0UDfTW+Q@mail.gmail.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <CANW5CYXY1fB5eC6LjmQoP=qDwgZAwB-85fAuBFvYRNo7qR2Lvg@mail.gmail.com> <3DEEBAC1-FA1C-4EB7-BDAA-7E32502037B7@bogus.com> <6.2.5.6.2.20131016231335.0d2dc150@resistor.net> <CAPv4CP_jdA1_KSZgVzn2b-08LCmKzLmB5-2E91v3pa0UDfTW+Q@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] When private is equated with secure (was: mandatory-to-implement vs. more?)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2013 04:50:31 -0000

> "IP VPN" includes not only MPLS VPN

the vpn without a p

From dhc@dcrocker.net  Thu Oct 17 22:01:54 2013
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2205F21F9E62 for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 22:01:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level: 
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CZkB7zX5Bz8y for <perpass@ietfa.amsl.com>; Thu, 17 Oct 2013 22:01:49 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 2320921F9E26 for <perpass@ietf.org>; Thu, 17 Oct 2013 22:01:38 -0700 (PDT)
Received: from [192.168.110.108] (koruout.airnz.co.nz [162.112.38.5]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r9I50o8k021185 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 17 Oct 2013 22:01:04 -0700
Message-ID: <5260C06C.4070901@dcrocker.net>
Date: Fri, 18 Oct 2013 18:00:28 +1300
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Scott Brim <scott.brim@gmail.com>, SM <sm@resistor.net>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie>	<525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie>	<525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com>	<CANW5CYXY1fB5eC6LjmQoP=qDwgZAwB-85fAuBFvYRNo7qR2Lvg@mail.gmail.com>	<3DEEBAC1-FA1C-4EB7-BDAA-7E32502037B7@bogus.com>	<6.2.5.6.2.20131016231335.0d2dc150@resistor.net> <CAPv4CP_jdA1_KSZgVzn2b-08LCmKzLmB5-2E91v3pa0UDfTW+Q@mail.gmail.com>
In-Reply-To: <CAPv4CP_jdA1_KSZgVzn2b-08LCmKzLmB5-2E91v3pa0UDfTW+Q@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Thu, 17 Oct 2013 22:01:21 -0700 (PDT)
Cc: joel jaeggli <joelja@bogus.com>, perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>, Mark Atwood <me@mark.atwood.name>
Subject: Re: [perpass] When private is equated with secure
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2013 05:01:54 -0000

On 10/18/2013 12:52 AM, Scott Brim wrote:
> On Oct 17, 2013 2:45 AM, "SM" <sm@resistor.net <mailto:sm@resistor.net>>
> wrote:
>  > If I am not mistaken IP VPN has been sold over the years as a secure
> link.
>
> "IP VPN" includes not only MPLS VPN but also e2e IPsec. Also the meaning
> of "secure" has been diluted down by marketing.


The words "secure" and "security" have long lost any technical meaning. 
  Today they are useful only as umbrella terms as referencing an area of 
effort, not an actual capability.  So "working on security" rather than 
"producing security".

Unfortunately, 'privacy' also lacks any serious technical meaning, since 
even the IAB was not willing to define it in their RFC.  Hence the term 
means whatever the speaker wants it to mean, which might not be what the 
listener understands it to mean.


So if someone wants to assert the presence or need for some sort of 
security-related functionality, they need to use terminology that is 
universally understood to be precise.

For this thread, I suspect what is mean is IP-layer Confidentiality, 
which is e2e only if the application layer doesn't have any hops, where 
the content will be in the clear during the relaying.  Like with email 
MTAs, or Web caches...

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

From acooper@cdt.org  Fri Oct 18 03:49:10 2013
Return-Path: <acooper@cdt.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8051E11E81D4 for <perpass@ietfa.amsl.com>; Fri, 18 Oct 2013 03:49:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.756
X-Spam-Level: 
X-Spam-Status: No, score=-102.756 tagged_above=-999 required=5 tests=[AWL=-0.157, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0t+8fDCKG+ca for <perpass@ietfa.amsl.com>; Fri, 18 Oct 2013 03:49:06 -0700 (PDT)
Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id 313C211E81BF for <perpass@ietf.org>; Fri, 18 Oct 2013 03:49:06 -0700 (PDT)
X-Footer: Y2R0Lm9yZw==
Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Fri, 18 Oct 2013 06:49:03 -0400
Content-Type: multipart/signed; boundary="Apple-Mail=_F65372BA-AA9B-4119-9A31-8309C185206F"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Alissa Cooper <acooper@cdt.org>
In-Reply-To: <01OZOV9PPNIU00004R@mauve.mrochek.com>
Date: Fri, 18 Oct 2013 06:49:02 -0400
Message-Id: <9567F1DE-8795-4FFF-9BFB-3CFEB68E1497@cdt.org>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie> <01OZOV9PPNIU00004R@mauve.mrochek.com>
To: ned+perpass@mrochek.com
X-Mailer: Apple Mail (2.1499)
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2013 10:49:10 -0000

--Apple-Mail=_F65372BA-AA9B-4119-9A31-8309C185206F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

On Oct 17, 2013, at 10:51 AM, ned+perpass@mrochek.com wrote:

>=20
>> Hiya,
>=20
>> Many snippets below...
>=20
>> On 10/15/2013 07:13 PM, ned+perpass@mrochek.com wrote:
>>>> Following up on my own point - not stylish but I think
>>>> in this case justified:-)
>>>=20
>>>> On 10/15/2013 12:41 AM, Stephen Farrell wrote:
>>>>> I don't
>>>>> see why we shouldn't be equally comfortable in saying "don't
>>>>> send cleartext" - *if* that's an IETF consensus position - as
>>>>> we have seen sending cleartext is also just broken when one
>>>>> consideres pervasive monitoring.
>>>=20
>>>> I guess this Washington Post story [1] that I saw this
>>>> morning would appear to provide a relevant example.
>>>> In that case, I would argue that the fact that cleartext
>>>> IMAP provides interop and is successful does imply that
>>>> some services somewhere will use that for large populations
>>>> that will inevitably (as we now know) be subject to
>>>> pervasive monitoring.
>>>=20
>>> What is this "cleartext IMAP" of which you speak?
>=20
>> I guess that's a fair comment - we don't know that they're
>> able gather to inbox data via IMAP due to it being sent in
>> clear,  however that seems like a reasonable guess based
>> on the newspaper story which says that collection is done
>> by telcos that are "overseas" and assuming that TLS is not
>> busted for these services.
>=20
> Actually, it's exactly the opposite: Details from the article make it =
very
> unlikely that tapping into IMAP sessions is a significant source of =
data here.
> In particular, both the article and the source material make it very =
clear that
> this is primarily about address book information and only secondarily =
about
> actual message content. As I noted previously IMAP does not carry =
address book
> information.
>=20
> Additionally, there's the peculiar use of the term "inbox" rather than =
to email
> messages in general. IMAP provides access to all folders, whereas =
protocols
> like ActiveSync are used specifically to notify users of the presence =
of new
> messages in their inbox.


Disclosures about inboxes and individual messages were part of earlier =
revelations/declassification:

=
https://www.eff.org/document/october-3-2011-fisc-opinion-holding-nsa-surve=
illance-unconstitutional
=
https://www.eff.org/deeplinks/2013/08/intelligence-agency-attorney-explain=
s-how-multi-communication-transactions-allowed
=
https://www.cdt.org/blogs/alissa-cooper/1109nsa%E2%80%99s-laziness-masquer=
ading-reasonableness

Alissa


--Apple-Mail=_F65372BA-AA9B-4119-9A31-8309C185206F
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJSYRIeAAoJEIXyHQftqgBQMD8IAKqsP6xY+LeS30W8XH9K7vZ1
L1P7KY7bycByJwVaesJ2ZciyogMj85oVBaldSRg4XilfbBiFZXjDD4TdprU6zXd3
q0IGSdN7l73Ch63WdrSu+zXuGxDrF2wbLuXBJhoRCmBAJUyWuop3p3M3mGs+rNYo
ZvQB1F+GEkgk8PpSc7Z49ZMCkGuu4oqkaUECoKMxEEq2O/eBLR5jFjkBPmp3Hl75
c4CBcQ5K7qfpBkfm0EiVy0sohsUhnwiCihtJz6yqrDhW039baHEugEvtlbo4wKE8
pTFHuqVuXuvs4uVAMqAb2FAnYjWFYN/ZZhiKBSX7T0iXvunqSbFrcWBuaPXIts0=
=/Ss8
-----END PGP SIGNATURE-----

--Apple-Mail=_F65372BA-AA9B-4119-9A31-8309C185206F--


From ned+perpass@mrochek.com  Fri Oct 18 11:02:47 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47ECE11E8298 for <perpass@ietfa.amsl.com>; Fri, 18 Oct 2013 11:02:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.151
X-Spam-Level: 
X-Spam-Status: No, score=-1.151 tagged_above=-999 required=5 tests=[AWL=0.141,  BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QmGKFiu2vIz8 for <perpass@ietfa.amsl.com>; Fri, 18 Oct 2013 11:02:42 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 36BCB11E825D for <perpass@ietf.org>; Fri, 18 Oct 2013 11:02:41 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZQ6BQZ7EO003L15@mauve.mrochek.com> for perpass@ietf.org; Fri, 18 Oct 2013 10:57:39 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZJ0YGW1O000004R@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Fri, 18 Oct 2013 10:57:36 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01OZQ6BPCLOG00004R@mauve.mrochek.com>
Date: Thu, 17 Oct 2013 15:11:07 -0700 (PDT)
In-reply-to: "Your message dated Thu, 17 Oct 2013 22:53:37 +0100" <52605C61.5080507@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie> <01OZOV9PPNIU00004R@mauve.mrochek.com> <52605C61.5080507@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: ned+perpass@mrochek.com, perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2013 18:02:47 -0000

> > Actually, it's exactly the opposite: Details from the article make it very
> > unlikely that tapping into IMAP sessions is a significant source of data here.
> > In particular, both the article and the source material make it very clear that
> > this is primarily about address book information and only secondarily about
> > actual message content. As I noted previously IMAP does not carry address book
> > information.

> So you're interpreting "inbox" to mean address book. To be
> honest, I'm not convinced by that.

Of course I'm not interpreting it that way. Inbox has a very specific
and well defined meaning in email - the place where messages are delivered
to the user by default - and I'm using that definition.

> That's not how I read it - I do interpret inbox to mean
> inbox, primarily mail accessed via imap or webmail.

Of course that is what it means. But I'm starting to wonder whether or not
we're reading the same article. There's only one reference to acquisition
of mail message content in the one I'm reading, which says:

  Each day, the presentation said, the NSA collects contacts from an estimated
  500,000 buddy lists on live-chat services as well as from the inbox displays
  of Web-based e-mail accounts.

I'm not going to bother quoting the correponding material on the actual slides
because I'd have to retype it, but it absolutely backs up this paragraph.

Clearly the inbox information is coming from web mail. And the way modern web
mail works is a big wad of Javascript gets  downloaded to the browser, which
then communicates with the back end server by exchanging JSON, XML, HTML,
whatever with a back end server. The client state, to the extent there is any,
is jointly maintained by the front and back ends.

The web mail server (which may consist of multiple server layers, proxies,
caches, separate authentication servers, and who knows what else) then talks to
the actual message store. In many cases this is done in a proprietary fashion.
And if IMAP is used, those IMAP connections are happening within the data
center, not on the open Internet. Even if the connections travel from
one data center to another (the use-case for that would be shared folder
access, which by definition is not going to be your inbox), that's going
to be done on a private network, if for no other reason than to avoid timeout
issues.

And as I noted before, ActiveSync may play a role here, although I'm not
familiar enough with the use cases for it to be sure.

> > Additionally, there's the peculiar use of the term "inbox" rather than to email
> > messages in general. IMAP provides access to all folders, whereas protocols
> > like ActiveSync are used specifically to notify users of the presence of new
> > messages in their inbox.
> >
> > And as I noted previously, the peculiarly isolated IMAP slide at the  end is
> > not evidence of anything because we lack context. For all we know it was
> > included as an example of a case where collection is particularly difficult.

> I agree it stands out from the others and is hard to interpret.
> I don't think inbox is hard to intepret at all though.

It isn't. But you appear to have not considered the context in which it was
used.

> > The state of play for those servers is actually pretty easy to quantify, and
> > I'll do that in a followup message.
> >
> >>>> When the numbers involved ("500,000 buddylists and
> >>>> inboxes" collected on a "representative day" for just
> >>>> one agency) are at that scale, then it seems to me that
> >>>> one can fairly describe that as a failure in protocol
> >>>> design and not solely as a bad deployment choice.
> >>>
> >>> And again I have to ask: What is the "protocol design failure" of which you
> >>> speak?
> >
> >> Basically, having three flavours of IMAP (clear, STARTTLS and 993)
> >> where one that just mandated use of TLS could arguably be simpler
> >> and more secure.
> >
> > More on this later.
> >
> >> And note - I'm not saying this should've been
> >> done years ago, I'm asking if in a similar situation today we
> >> ought go for the one-with-security or the 3-flavoured approach.
> >
> > First of all, IMAP is a less than ideal example because if we were doing it
> > today it would almost certainly be cast as a web service, and in that case it
> > would simply be another thing in the https/http space.
> >
> > But if you ignore that little detail, I don't think you're going to like my
> > conclusions of the lessons learned from IMAP in particular and email in
> > general.

> I don't dislike 'em actually. Most seem reasonable.

> > My conclusionare that that most of the time the right things to do
> > are:
> >
> > (1) Define the service on two ports, one with SSL/TLS covering the entire
> >     session and the other with no SSL/TLS option at all. (This makes the secure
> >     variant easy to deploying on connection-terminating load balancers,
> >     which I believe is one of the driving factors behind the use of port 993.)

> That's the bit I'm questioning. I figure that if we could do
> just the secure one, then we'd be done and that'd be a better
> approach than having two. I also think that if we muck up and
> do a pretend job on security then we end up with 3: plain,
> pretend-secure and eventually-fixed-secure. That's happened
> with more than IMAP.

It's not what happened with IMAP. We specified one mechanism with real
security, but included enough weasel words that engaging that security was not
required. But the mechanism we specified failed to meet deployability
requirements in the real world, and as a result a plurality if not an actual
majority of what actually deployed was a secure mechanism we did not specify.

> I don't know if only doing the secure one in an IETF context
> is at all likely though. History would seem to show that its
> not. OTOH, it is true that doing the secure versions is much
> better understood now and much more practical than it was a
> decade ago, so I think its worth exploring.

And the reason it is not is that there are compelling reasons to provide
the variant without security.

> > See above. Again ignoring the fact that IMAP wouldn't be done in remotely
> > the same way if we were doing it today, the anwer is no, we'd almost
> > certainly still want to have an insecure variant.

> Why? Serious question.

Because of things like usage inside of data centers, where all the connections
are either protected physically or by encryption at a different layer. Indeed,
there are use cases where security auditing mandates that SSL/TLS *not* be
used.

Now, of course you can argue that this is some sort of private use case that
doesn't warrant coverage in the relevant standards. But I'm here to tell you
that this sort of handwaving is increasingly being seen for what it really is:
A refusal to come to grips with how applications are implemented and deployed
at very large scale. And it doesn't help when we also botch the secure variant
we do specify.

> >> Yes - I think that supports my argument - the existence of a
> >> "pretend" security variant at day zero is damaging so we should
> >> ask whether we ought just make the security mandatory to use
> >> and end up with one version.
> >
> > On the contrary, what's damaging on day zero is having a specification for
> > which compliance isn't practical for a significant fraction of implementors,
> > deployers, or both. This is what happened in the case of IMAP, and the result
> > was vendors ignored what the specifications called for and secured the protocol
> > in their own way. (And security isn't the only example of this in IMAP.)

> I agree that that happened and was damaging. I don't thinks its
> at all contrary to what I said.

I don't know what "contrary" means in this context. That said, it is my
position, based on decades of dealing with the major players in this space,
is that what you are proposing will at best be ignored and at worst be even
more damaging.

> >
> >>> And since only yesterday I was listening to a presentation that among other
> >>> things covered the specifics of how a provider with 10s of millions of users
> >>> handles this particular problem, I can state with some authority that the costs
> >>> aren't that big a deal.
> >
> >> I don't get what you mean there.
> >
> > You claimed that there are valid arguments that the TLS ciphersuites that are
> > MTI are too hard to deploy. AFAICT that claim is false.

> I do think that the PKI parts are too hard to deploy. Not for
> the larger MSPs, but it could be a good bit easier. Or maybe
> you're the one person in the universe who thinks that deploying
> PKI is a doddle:-)

The way the PKI part of this plays is that there's an initial pain point
getting it going and, for a large data center, automating certification
generation and distribution. But this is a one time cost, and not a substantial
one.

More generally, you don't seem to grasp the way a setup with 10s of millions of
accounts with services scattered across hundreds, thousands, or even tens of
thousands of hosts has to operate. In such a world the automation of 
certificate generation and distribution is an insignificant detail buried
inside of a vast amount of other automatic configuration processig.

				Ned

From stephen.farrell@cs.tcd.ie  Fri Oct 18 14:22:19 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC61511E82E3 for <perpass@ietfa.amsl.com>; Fri, 18 Oct 2013 14:22:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.169
X-Spam-Level: 
X-Spam-Status: No, score=-102.169 tagged_above=-999 required=5 tests=[AWL=0.115, BAYES_00=-2.599, SARE_MILLIONSOF=0.315, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lGFz-fge6TPQ for <perpass@ietfa.amsl.com>; Fri, 18 Oct 2013 14:22:15 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 91DD911E828B for <perpass@ietf.org>; Fri, 18 Oct 2013 14:22:13 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 70078BE7C; Fri, 18 Oct 2013 22:22:06 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmVZ+7eJyYUq; Fri, 18 Oct 2013 22:22:02 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.45.50.37]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 40C98BE77; Fri, 18 Oct 2013 22:22:02 +0100 (IST)
Message-ID: <5261A67A.1090109@cs.tcd.ie>
Date: Fri, 18 Oct 2013 22:22:02 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: ned+perpass@mrochek.com
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com>	<525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie>	<01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie>	<01OZOV9PPNIU00004R@mauve.mrochek.com> <52605C61.5080507@cs.tcd.ie> <01OZQ6BPCLOG00004R@mauve.mrochek.com>
In-Reply-To: <01OZQ6BPCLOG00004R@mauve.mrochek.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2013 21:22:19 -0000

Hi,

On 10/17/2013 11:11 PM, ned+perpass@mrochek.com wrote:
> ...I'm starting to wonder whether or not
> we're reading the same article. There's only one reference to acquisition
> of mail message content in the one I'm reading, which says:
> 
>   Each day, the presentation said, the NSA collects contacts from an estimated
>   500,000 buddy lists on live-chat services as well as from the inbox displays
>   of Web-based e-mail accounts.
> 
> I'm not going to bother quoting the correponding material on the actual slides
> because I'd have to retype it, but it absolutely backs up this paragraph.

The slides eventually linked to are at [1], slide 4 bullet 2
is the main one I think but you're right that the first bullet
says webmail. My assumption is that they use every possible
way they can, whether that's webmail or IMAP or IM or whatever
goes by in clear or more probably some combination.

[1]
http://s3.documentcloud.org/documents/804763/a-sso-content-optimization-detailed-redacted.pdf

> 
> Clearly the inbox information is coming from web mail. And the way modern web
> mail works is a big wad of Javascript gets  downloaded to the browser, which
> then communicates with the back end server by exchanging JSON, XML, HTML,
> whatever with a back end server. The client state, to the extent there is any,
> is jointly maintained by the front and back ends.

Thanks for web-mail-101 lesson;-)

> The web mail server (which may consist of multiple server layers, proxies,
> caches, separate authentication servers, and who knows what else) then talks to
> the actual message store. In many cases this is done in a proprietary fashion.
> And if IMAP is used, those IMAP connections are happening within the data
> center, not on the open Internet. Even if the connections travel from
> one data center to another (the use-case for that would be shared folder
> access, which by definition is not going to be your inbox), that's going
> to be done on a private network, if for no other reason than to avoid timeout
> issues.

Sure. But with 4.7M listeners on port 143 (see my earlier mail) it
would be credible too to get a bunch of those via installations
that don't have a working starttls setup.

Mind you the above speculations aren't really decideable so its
probably not worth our time to quibble further on it.

> 
> And as I noted before, ActiveSync may play a role here, although I'm not
> familiar enough with the use cases for it to be sure.
> 
>>> Additionally, there's the peculiar use of the term "inbox" rather than to email
>>> messages in general. IMAP provides access to all folders, whereas protocols
>>> like ActiveSync are used specifically to notify users of the presence of new
>>> messages in their inbox.
>>>
>>> And as I noted previously, the peculiarly isolated IMAP slide at the  end is
>>> not evidence of anything because we lack context. For all we know it was
>>> included as an example of a case where collection is particularly difficult.
> 
>> I agree it stands out from the others and is hard to interpret.
>> I don't think inbox is hard to intepret at all though.
> 
> It isn't. But you appear to have not considered the context in which it was
> used.
> 
>>> The state of play for those servers is actually pretty easy to quantify, and
>>> I'll do that in a followup message.
>>>
>>>>>> When the numbers involved ("500,000 buddylists and
>>>>>> inboxes" collected on a "representative day" for just
>>>>>> one agency) are at that scale, then it seems to me that
>>>>>> one can fairly describe that as a failure in protocol
>>>>>> design and not solely as a bad deployment choice.
>>>>>
>>>>> And again I have to ask: What is the "protocol design failure" of which you
>>>>> speak?
>>>
>>>> Basically, having three flavours of IMAP (clear, STARTTLS and 993)
>>>> where one that just mandated use of TLS could arguably be simpler
>>>> and more secure.
>>>
>>> More on this later.
>>>
>>>> And note - I'm not saying this should've been
>>>> done years ago, I'm asking if in a similar situation today we
>>>> ought go for the one-with-security or the 3-flavoured approach.
>>>
>>> First of all, IMAP is a less than ideal example because if we were doing it
>>> today it would almost certainly be cast as a web service, and in that case it
>>> would simply be another thing in the https/http space.
>>>
>>> But if you ignore that little detail, I don't think you're going to like my
>>> conclusions of the lessons learned from IMAP in particular and email in
>>> general.
> 
>> I don't dislike 'em actually. Most seem reasonable.
> 
>>> My conclusionare that that most of the time the right things to do
>>> are:
>>>
>>> (1) Define the service on two ports, one with SSL/TLS covering the entire
>>>     session and the other with no SSL/TLS option at all. (This makes the secure
>>>     variant easy to deploying on connection-terminating load balancers,
>>>     which I believe is one of the driving factors behind the use of port 993.)
> 
>> That's the bit I'm questioning. I figure that if we could do
>> just the secure one, then we'd be done and that'd be a better
>> approach than having two. I also think that if we muck up and
>> do a pretend job on security then we end up with 3: plain,
>> pretend-secure and eventually-fixed-secure. That's happened
>> with more than IMAP.
> 
> It's not what happened with IMAP. 

I didn't say the above was a blow-by-blow description of
how we ended up with IMAP. But we did end up with 3 flavours
as described.

> We specified one mechanism with real
> security, but included enough weasel words that engaging that security was not
> required. But the mechanism we specified failed to meet deployability
> requirements in the real world, and as a result a plurality if not an actual
> majority of what actually deployed was a secure mechanism we did not specify.

That's consistent with what I said above.

>> I don't know if only doing the secure one in an IETF context
>> is at all likely though. History would seem to show that its
>> not. OTOH, it is true that doing the secure versions is much
>> better understood now and much more practical than it was a
>> decade ago, so I think its worth exploring.
> 
> And the reason it is not is that there are compelling reasons to provide
> the variant without security.
> 
>>> See above. Again ignoring the fact that IMAP wouldn't be done in remotely
>>> the same way if we were doing it today, the anwer is no, we'd almost
>>> certainly still want to have an insecure variant.
> 
>> Why? Serious question.
> 
> Because of things like usage inside of data centers, where all the connections
> are either protected physically or by encryption at a different layer. Indeed,
> there are use cases where security auditing mandates that SSL/TLS *not* be
> used.

That's not inconsistent with the default being to include and
turn on security from day 1. Things can also be turned off for
scenarios such as the above, so I still don't see a need to
have specs that only cover the insecure/plain version of things
like IMAP.

My point is that if we took that approach then we'd be far
less likely to screw up the security bits, for performance,
deployment or "too much" security reasons or whatever reason
your undoubted experience tells you is most common.

> Now, of course you can argue that this is some sort of private use case that
> doesn't warrant coverage in the relevant standards. But I'm here to tell you
> that this sort of handwaving is increasingly being seen for what it really is:

You put words in my mouth and then accuse me of handwaving?
That makes it hard to have a discussion on what is I think
an important topic. (How to screw up less with how we define
security for our protocols.) It'd be better maybe to tone
that kind of thing down a bit.

> A refusal to come to grips with how applications are implemented and deployed
> at very large scale. And it doesn't help when we also botch the secure variant
> we do specify.
> 
>>>> Yes - I think that supports my argument - the existence of a
>>>> "pretend" security variant at day zero is damaging so we should
>>>> ask whether we ought just make the security mandatory to use
>>>> and end up with one version.
>>>
>>> On the contrary, what's damaging on day zero is having a specification for
>>> which compliance isn't practical for a significant fraction of implementors,
>>> deployers, or both. This is what happened in the case of IMAP, and the result
>>> was vendors ignored what the specifications called for and secured the protocol
>>> in their own way. (And security isn't the only example of this in IMAP.)
> 
>> I agree that that happened and was damaging. I don't thinks its
>> at all contrary to what I said.
> 
> I don't know what "contrary" means in this context. 

You said "on the contrary" - I don't think we're disagreeing
much.

> That said, it is my
> position, based on decades of dealing with the major players in this space,
> is that what you are proposing will at best be ignored and at worst be even
> more damaging.

I'm getting the impression you think I'm proposing something
I'm not, but its quite hard to tell really.

S.

> 
>>>
>>>>> And since only yesterday I was listening to a presentation that among other
>>>>> things covered the specifics of how a provider with 10s of millions of users
>>>>> handles this particular problem, I can state with some authority that the costs
>>>>> aren't that big a deal.
>>>
>>>> I don't get what you mean there.
>>>
>>> You claimed that there are valid arguments that the TLS ciphersuites that are
>>> MTI are too hard to deploy. AFAICT that claim is false.
> 
>> I do think that the PKI parts are too hard to deploy. Not for
>> the larger MSPs, but it could be a good bit easier. Or maybe
>> you're the one person in the universe who thinks that deploying
>> PKI is a doddle:-)
> 
> The way the PKI part of this plays is that there's an initial pain point
> getting it going and, for a large data center, automating certification
> generation and distribution. But this is a one time cost, and not a substantial
> one.
> 
> More generally, you don't seem to grasp the way a setup with 10s of millions of
> accounts with services scattered across hundreds, thousands, or even tens of
> thousands of hosts has to operate. In such a world the automation of 
> certificate generation and distribution is an insignificant detail buried
> inside of a vast amount of other automatic configuration processig.
> 
> 				Ned
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From hallam@gmail.com  Sat Oct 19 08:24:39 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39BCA11E81E3 for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 08:24:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.544
X-Spam-Level: 
X-Spam-Status: No, score=-2.544 tagged_above=-999 required=5 tests=[AWL=0.055,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ez7eD6tGvbXl for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 08:24:38 -0700 (PDT)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id DB98311E81CB for <perpass@ietf.org>; Sat, 19 Oct 2013 08:24:37 -0700 (PDT)
Received: by mail-la0-f48.google.com with SMTP id er20so1749965lab.35 for <perpass@ietf.org>; Sat, 19 Oct 2013 08:24:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=ulC+8yPd6Kv5dlDDtdnesv6+PGOmt9b5qrrTyqBNj/c=; b=wVen9MKiWEoXkDHY0jVxSOqIxwGn7IPwNGSosKOsAxnye+J8XU057YiQDOVfOotbOv n927CfN6ouq8CNL6umDto5BuSwm8k/9HJL18pzOmGh1K1rdkVW2bRAt7ihek/s++2UPK 6k0+JMwPSeRSjuU8mWyeHHhKNEEax50gQCM3yJDPANGw74oeaA67bcsyLR3V8ipvBOx8 QAsKsvkWMyzQ8nZf12bkLM02athQQng2keZhd7Ba6tvwbs3POnEA0VMSIrZaHa2a1AJj 2x3rfqLutqPvlq0QZIgmoDLav8irVYTPnOtCKf567f93I1Sa5mLTD/3CeAU2Ic2CCFJU 1iiw==
MIME-Version: 1.0
X-Received: by 10.152.120.5 with SMTP id ky5mr6684110lab.18.1382196276751; Sat, 19 Oct 2013 08:24:36 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Sat, 19 Oct 2013 08:24:36 -0700 (PDT)
Date: Sat, 19 Oct 2013 11:24:36 -0400
Message-ID: <CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: perpass <perpass@ietf.org>
Content-Type: multipart/alternative; boundary=089e01227ca415f1ab04e919a670
Subject: [perpass] NSA inspired PKIX limitations?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Oct 2013 15:24:39 -0000

--089e01227ca415f1ab04e919a670
Content-Type: text/plain; charset=ISO-8859-1

There are a bunch of changes to PKIX that were blocked for quite some time.
The opposition coming from a cabal of DoD etc. contractors. This opposition
has proven ultimately futile since the industry has decided to ignore the
specification and set its own standards in two cases.

I don't want to get into a discussion of Snowden etc. I will however note
that I suspected something of the sort was going on several years ago and
that is why I was looking to take the standards process to a forum where
such interference could be prevented. The only practical effect of Snowden
is that I can now explain the reasons for that decision without sounding
like a black helicopter paranoid nut.


1) Name Constraints MUST be marked critical

And utterly stupid restriction since the semantics of the criticality bit
are 'break backwards compatibility'. Use of name constraints provide a
significant reduction in the attack surface and would have prevented the
Flame attack. However marking a name constraint critical breaks Safari and
provides no security benefit in the Web PKI.

Outcome: Industry has decided that the standard is that name constraints
MAY be marked non-critical.


2) OCSP reports success for unknown/unissued certificates.

One of the reasons that the DigiNotar incident was so severe is that the
OCSP responder reported 'Valid' status for certificates that the CA had not
issued. This limit is allegedly a consequence of the DoD's billion dollar
PKI being unable to issue OCSP responses except by using CRLs as a source.

One important consequence of this constraint is that it provides a weak
form of CA transparency. It is possible to determine whether a CA is
consistently defaulting on this requirement or not.


Outcome: Industry has mandated OCSP responses report INVALID status if the
certificate was not issued.



-- 
Website: http://hallambaker.com/

--089e01227ca415f1ab04e919a670
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">There are a bunch of changes to PKIX that were blocked for=
 quite some time. The opposition coming from a cabal of DoD etc. contractor=
s. This opposition has proven ultimately futile since the industry has deci=
ded to ignore the specification and set its own standards in two cases.<div=
>
<br><div>I don&#39;t want to get into a discussion of Snowden etc. I will h=
owever note that I suspected something of the sort was going on several yea=
rs ago and that is why I was looking to take the standards process to a for=
um where such interference could be prevented. The only practical effect of=
 Snowden is that I can now explain the reasons for that decision without so=
unding like a black helicopter paranoid nut.</div>
<div><br></div><div><br></div><div>1) Name Constraints MUST be marked criti=
cal</div><div><br></div><div>And utterly stupid restriction since the seman=
tics of the criticality bit are &#39;break backwards compatibility&#39;. Us=
e of name constraints provide a significant reduction in the attack surface=
 and would have prevented the Flame attack. However marking a name constrai=
nt critical breaks Safari and provides no security benefit in the Web PKI.=
=A0</div>
<div><br></div><div>Outcome: Industry has decided that the standard is that=
 name constraints MAY be marked non-critical.</div><div><br clear=3D"all"><=
div><br></div><div>2) OCSP reports success for unknown/unissued certificate=
s.</div>
<div><br></div><div>One of the reasons that the DigiNotar incident was so s=
evere is that the OCSP responder reported &#39;Valid&#39; status for certif=
icates that the CA had not issued. This limit is allegedly a consequence of=
 the DoD&#39;s billion dollar PKI being unable to issue OCSP responses exce=
pt by using CRLs as a source.</div>
<div><br></div><div>One important consequence of this constraint is that it=
 provides a weak form of CA transparency. It is possible to determine wheth=
er a CA is consistently defaulting on this requirement or not.</div><div>
<br></div><div><br></div><div>Outcome: Industry has mandated OCSP responses=
 report INVALID status if the certificate was not issued.</div><div><br></d=
iv><div><br></div><div><br></div>-- <br>Website: <a href=3D"http://hallamba=
ker.com/">http://hallambaker.com/</a><br>

</div></div></div>

--089e01227ca415f1ab04e919a670--

From stephen.farrell@cs.tcd.ie  Sat Oct 19 08:46:40 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DB4711E81EC for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 08:46:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.37
X-Spam-Level: 
X-Spam-Status: No, score=-102.37 tagged_above=-999 required=5 tests=[AWL=0.229, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oEAdLlVp+Fer for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 08:46:35 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 644D011E81DF for <perpass@ietf.org>; Sat, 19 Oct 2013 08:46:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 47566BE56; Sat, 19 Oct 2013 16:46:33 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Csb2VcmvhX+A; Sat, 19 Oct 2013 16:46:31 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.45.50.37]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 8F578BE33; Sat, 19 Oct 2013 16:46:31 +0100 (IST)
Message-ID: <5262A957.8020504@cs.tcd.ie>
Date: Sat, 19 Oct 2013 16:46:31 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>, perpass <perpass@ietf.org>
References: <CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com>
In-Reply-To: <CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] NSA inspired PKIX limitations?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Oct 2013 15:46:40 -0000

Hiya,

FWIW, I don't buy Phill's theory at all.

I do think its fair to say that the US DoD set of requirements
for PKI have dominated discussion at various times. Now that
is a complex PKI and not much like the web PKI so that has
generated some friction, but I don't see any need at all for
conspiracy theories to explain that. It just seems to me like
a normal case of different reasonably large sets of folks
having very similar but slightly different requirements.

On the specific topics below, if I recall correctly, both
were uncontroversial parts of the "design" of PKI for years
before they became problematic for the web PKI when it
finally started to seriously consider revocation. And it
seems to me that both "sides" in that debate were inflexible
and unwilling to make changes. I still don't know why that
was, and it still seems dumb to me, but life's full of little
mysteries like that.

And I am just not seeing how this is related to pervasive
monitoring except very very tangentially - Phill, can you
please explain its relevance?

And finally the subject line also seems unwise as it'll probably
just annoy folks and just distract us from getting real work
done. (So, if it does annoy you, please try be moderate in
your response, or maybe don't even send that mail, until we
see how Phill justifies its relevance.)

Cheers,
S.

On 10/19/2013 04:24 PM, Phillip Hallam-Baker wrote:
> There are a bunch of changes to PKIX that were blocked for quite some time.
> The opposition coming from a cabal of DoD etc. contractors. This opposition
> has proven ultimately futile since the industry has decided to ignore the
> specification and set its own standards in two cases.
> 
> I don't want to get into a discussion of Snowden etc. I will however note
> that I suspected something of the sort was going on several years ago and
> that is why I was looking to take the standards process to a forum where
> such interference could be prevented. The only practical effect of Snowden
> is that I can now explain the reasons for that decision without sounding
> like a black helicopter paranoid nut.
> 
> 
> 1) Name Constraints MUST be marked critical
> 
> And utterly stupid restriction since the semantics of the criticality bit
> are 'break backwards compatibility'. Use of name constraints provide a
> significant reduction in the attack surface and would have prevented the
> Flame attack. However marking a name constraint critical breaks Safari and
> provides no security benefit in the Web PKI.
> 
> Outcome: Industry has decided that the standard is that name constraints
> MAY be marked non-critical.
> 
> 
> 2) OCSP reports success for unknown/unissued certificates.
> 
> One of the reasons that the DigiNotar incident was so severe is that the
> OCSP responder reported 'Valid' status for certificates that the CA had not
> issued. This limit is allegedly a consequence of the DoD's billion dollar
> PKI being unable to issue OCSP responses except by using CRLs as a source.
> 
> One important consequence of this constraint is that it provides a weak
> form of CA transparency. It is possible to determine whether a CA is
> consistently defaulting on this requirement or not.
> 
> 
> Outcome: Industry has mandated OCSP responses report INVALID status if the
> certificate was not issued.
> 
> 
> 
> 
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 

From hallam@gmail.com  Sat Oct 19 10:48:58 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 155C911E8235 for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 10:48:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.546
X-Spam-Level: 
X-Spam-Status: No, score=-2.546 tagged_above=-999 required=5 tests=[AWL=0.052,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kEpD6SHHAPrU for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 10:48:56 -0700 (PDT)
Received: from mail-lb0-x230.google.com (mail-lb0-x230.google.com [IPv6:2a00:1450:4010:c04::230]) by ietfa.amsl.com (Postfix) with ESMTP id 48DFC11E823B for <perpass@ietf.org>; Sat, 19 Oct 2013 10:48:56 -0700 (PDT)
Received: by mail-lb0-f176.google.com with SMTP id y6so4106317lbh.7 for <perpass@ietf.org>; Sat, 19 Oct 2013 10:48:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=E172siuDZmnPODDSJD1eWvWCrZ6Q3iy+QkqSw96l7ek=; b=RZ7pyhc7Zw8UE13YJ0+fPa62bNTT2aNkSmNWHyF1QP26o1f3m3yPZ/aGhhiCs4u28f t8HsWElDlFQLvzWVSq4lKAwGl6CkL6j/36bn4NJyOmmA8FpCdqfaQQc9qfapKC2Pu+Sw +xV50dEgXNCk5ahPGE8xyYo50vR+R/piJ8mQYrevcA5NFUrErfJUbqdA9/ZQv0Wl1Sfa nIYJYTObjie+aEaUwGzENq8lNQ0xxj7bQeaCEfn/CQhp1S/9HqNOcij3+Mduo+nspb/w ryqun/tnbnSy8zP1EGhHww5lE64RA4npGW/SKyNZDrXCHfFxdOjmumhYvNb+wDcLS+rp 6nGA==
MIME-Version: 1.0
X-Received: by 10.152.28.7 with SMTP id x7mr6241876lag.26.1382204935106; Sat, 19 Oct 2013 10:48:55 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Sat, 19 Oct 2013 10:48:55 -0700 (PDT)
In-Reply-To: <5262A957.8020504@cs.tcd.ie>
References: <CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com> <5262A957.8020504@cs.tcd.ie>
Date: Sat, 19 Oct 2013 13:48:55 -0400
Message-ID: <CAMm+Lwjx-XjFOYEGg7cYfyw-m5Yet0fd86Pka9um7YCyOJx4Wg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary=089e0160bf7029f71604e91baab4
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] NSA inspired PKIX limitations?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Oct 2013 17:48:58 -0000

--089e0160bf7029f71604e91baab4
Content-Type: text/plain; charset=ISO-8859-1

On Sat, Oct 19, 2013 at 11:46 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie
> wrote:

>
> Hiya,
>
> FWIW, I don't buy Phill's theory at all.
>

We have a document that states there is a $250 million budget set for a
program that includes infiltrating the standards process as a stated part
of the program.

Now we can dispute the authenticity of the document but I see it as
confirming my earlier strong suspicion.



> On the specific topics below, if I recall correctly, both
> were uncontroversial parts of the "design" of PKI for years
> before they became problematic for the web PKI when it
> finally started to seriously consider revocation.


They were uncontroversial until the DigiNotar and Flame incidents and until
the EFF certificate observatory started a FUD attack making spurious claims
. Until that point I was mainly concerned with the risk that one of my CAs
might be breached. I did not see the need for Name constraints because I
had other controls that I consider to be sufficient.

The OCSP feature was very controversial at the time the limitation was
originally introduced. The reason I did not press the issue then was that I
did not see it as critical and insisting on a strong status result could
arguably be seen as interfering with the Valicert business model at the
time.


> And it
> seems to me that both "sides" in that debate were inflexible
> and unwilling to make changes. I still don't know why that
> was, and it still seems dumb to me, but life's full of little
> mysteries like that.
>

My position is based on the actions taken by the deployed base. I can't
change that and so I don't have much ability to change my position.

I can't see why the inability of the DoD to support an accurate status
result should require the rest of us to adopt their lowest common
denominator security.



> And I am just not seeing how this is related to pervasive
> monitoring except very very tangentially - Phill, can you
> please explain its relevance?
>

I believe that the vulnerability exploited in Flame would have been closed
had the standards changes resisted by the DoD been adopted in a timely
fashion and that the DigiNotar incident might have been detected earlier.

The documentary evidence shows that interfering with the standards process
to prevent deployment of countermeasures is part of the cost of running
PRISM etc. That is a cost that I am not prepared to pay because these
generals who I have to sit in rooms with and listen to their plans for
cyber-attack are making use less safe by compromising our ability to
achieve strong cyber-defense.

The question of how we can build open standards to defend against covert
pervasive monitoring in the face of attempts to disrupt these efforts is a
very difficult one.



> And finally the subject line also seems unwise as it'll probably
> just annoy folks and just distract us from getting real work
> done. (So, if it does annoy you, please try be moderate in
> your response, or maybe don't even send that mail, until we
> see how Phill justifies its relevance.)
>

Well we could spend the next few years dancing round the subject and
pretending that the elephants are not in the room but I have no intention
of doing so.

Now that my question on Alexander has been answered, I am looking for an
answer to the question I raised at the RSA conference this year: How can we
have a government-industry partnership to improve cyber security when a
part of the military is actively engaged in subverting the standards
process to protect vulnerabilities they might use in attacks? This is not
the only forum I am raising this question, I am raising it with the policy
makers in government as well.

I am quite used to being accused of peddling an agenda. For some reasons
CAs are always accused of having some covert agenda and raising this on the
lists is never seen as objectionable because it is so frequent. But the
response I give is not 'how dare you ask that question' but instead 'why
don't you hold all the other parties you rely on to the same degree of
scrutiny'.


-- 
Website: http://hallambaker.com/

--089e0160bf7029f71604e91baab4
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Sat, Oct 19, 2013 at 11:46 AM, Stephen Farrell <span di=
r=3D"ltr">&lt;<a href=3D"mailto:stephen.farrell@cs.tcd.ie" target=3D"_blank=
">stephen.farrell@cs.tcd.ie</a>&gt;</span> wrote:<br><div class=3D"gmail_ex=
tra"><div class=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><br>
Hiya,<br>
<br>
FWIW, I don&#39;t buy Phill&#39;s theory at all.<br></blockquote><div><br><=
/div><div>We have a document that states there is a $250 million budget set=
 for a program that includes infiltrating the standards process as a stated=
 part of the program.=A0</div>
<div><br></div><div>Now we can dispute the authenticity of the document but=
 I see it as confirming my earlier strong suspicion.</div><div><br></div><d=
iv>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo=
rder-left:1px #ccc solid;padding-left:1ex">

On the specific topics below, if I recall correctly, both<br>
were uncontroversial parts of the &quot;design&quot; of PKI for years<br>
before they became problematic for the web PKI when it<br>
finally started to seriously consider revocation. </blockquote><div><br></d=
iv><div>They were uncontroversial until the DigiNotar and Flame incidents a=
nd until the EFF certificate observatory started a FUD attack making spurio=
us claims . Until that point I was mainly concerned with the risk that one =
of my CAs might be breached. I did not see the need for Name constraints be=
cause I had other controls that I consider to be sufficient.=A0</div>
<div><br></div><div>The OCSP feature was very controversial at the time the=
 limitation was originally introduced. The reason I did not press the issue=
 then was that I did not see it as critical and insisting on a strong statu=
s result could arguably be seen as interfering with the Valicert business m=
odel at the time.=A0</div>
<div>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;=
border-left:1px #ccc solid;padding-left:1ex">And it<br>
seems to me that both &quot;sides&quot; in that debate were inflexible<br>
and unwilling to make changes. I still don&#39;t know why that<br>
was, and it still seems dumb to me, but life&#39;s full of little<br>
mysteries like that.<br></blockquote><div><br></div><div>My position is bas=
ed on the actions taken by the deployed base. I can&#39;t change that and s=
o I don&#39;t have much ability to change my position.</div><div><br></div>
<div>I can&#39;t see why the inability of the DoD to support an accurate st=
atus result should require the rest of us to adopt their lowest common deno=
minator security.=A0</div><div><br></div><div>=A0</div><blockquote class=3D=
"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding=
-left:1ex">

And I am just not seeing how this is related to pervasive<br>
monitoring except very very tangentially - Phill, can you<br>
please explain its relevance?<br></blockquote><div><br></div><div>I believe=
 that the vulnerability exploited in Flame would have been closed had the s=
tandards changes resisted by the DoD been adopted in a timely fashion and t=
hat the DigiNotar incident might have been detected earlier.</div>
<div><br></div><div>The documentary evidence shows that interfering with th=
e standards process to prevent deployment of countermeasures is part of the=
 cost of running PRISM etc. That is a cost that I am not prepared to pay be=
cause these generals who I have to sit in rooms with and listen to their pl=
ans for cyber-attack are making use less safe by compromising our ability t=
o achieve strong cyber-defense.</div>
<div><br></div><div>The question of how we can build open standards to defe=
nd against covert pervasive monitoring in the face of attempts to disrupt t=
hese efforts is a very difficult one.=A0</div><div><br></div><div>=A0<br></=
div>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
And finally the subject line also seems unwise as it&#39;ll probably<br>
just annoy folks and just distract us from getting real work<br>
done. (So, if it does annoy you, please try be moderate in<br>
your response, or maybe don&#39;t even send that mail, until we<br>
see how Phill justifies its relevance.)<br></blockquote><div><br></div><div=
>Well we could spend the next few years dancing round the subject and prete=
nding that the elephants are not in the room but I have no intention of doi=
ng so.=A0</div>
<div><br></div><div>Now that my question on Alexander has been answered, I =
am looking for an answer to the question I raised at the RSA conference thi=
s year: How can we have a government-industry partnership to improve cyber =
security when a part of the military is actively engaged in subverting the =
standards process to protect vulnerabilities they might use in attacks? Thi=
s is not the only forum I am raising this question, I am raising it with th=
e policy makers in government as well.</div>
<div><br></div><div>I am quite used to being accused of peddling an agenda.=
 For some reasons CAs are always accused of having some covert agenda and r=
aising this on the lists is never seen as objectionable because it is so fr=
equent. But the response I give is not &#39;how dare you ask that question&=
#39; but instead &#39;why don&#39;t you hold all the other parties you rely=
 on to the same degree of scrutiny&#39;.<br>
</div></div><br clear=3D"all"><div><br></div>-- <br>Website: <a href=3D"htt=
p://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>

--089e0160bf7029f71604e91baab4--

From ned+perpass@mrochek.com  Sat Oct 19 14:56:44 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 906DF11E82B7 for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 14:56:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.852
X-Spam-Level: 
X-Spam-Status: No, score=-1.852 tagged_above=-999 required=5 tests=[AWL=0.747,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gzIqQhEyJIcq for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 14:56:38 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 10E4611E8296 for <perpass@ietf.org>; Sat, 19 Oct 2013 14:56:38 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZRSS1JP68006QIW@mauve.mrochek.com> for perpass@ietf.org; Sat, 19 Oct 2013 14:51:31 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZQXEDTQ3400004R@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Sat, 19 Oct 2013 14:51:28 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01OZRSRZURME00004R@mauve.mrochek.com>
Date: Sat, 19 Oct 2013 14:48:02 -0700 (PDT)
In-reply-to: "Your message dated Thu, 17 Oct 2013 17:45:04 -0700" <DE130FF7-92C3-41FA-87B0-D7E48288F5A0@gmail.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie> <01OZOV9PPNIU00004R@mauve.mrochek.com> <DE130FF7-92C3-41FA-87B0-D7E48288F5A0@gmail.com>
To: Douglas Otis <doug.mtview@gmail.com>
Cc: ned+perpass@mrochek.com, perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Oct 2013 21:56:44 -0000

> On Oct 17, 2013, at 7:51 AM, ned+perpass@mrochek.com wrote:
> > Stephen Farrell <stephen.farrell@cs.tcd.ie> on Oct 15, 2013 5:31PM wrote:
> >> Better understanding is always good and the main goal here (at least
> >> mine) is to make pervasive monitoring more expensive to the extent
> >> technically feasible. Personally, I think there are things about IMAP
> >> that could be impoved but I'm very skeptical that we can "solve" the
> >> problem for mail in general. (Some others on this list are more
> >> optimistic.)
> >
> > You're still not answering the question, at least directly, and I really want a
> > direct answer. More expensive for whom? The vast majority of current and likely
> > future email users, who seem perfectly happy to use the service offerings of
> > large ISPs and MSPs? If so, then any proposal you come up with needs to done in
> > a way that persuades those providers that making changes to their service
> > offerings is the right thing for them to do.

> Dear Ned,

> Improving the efficiency of email acceptance might be this incentive.  As
> IPv6 becomes pervasive, an authenticated domain source as a basis is likely to
> be more sustainable over time.  Establishing expectations that StartTLS
> confirms both server and client certificates affords improved transactional
> protection from spoofing or reputation poisoning, especially with the
> transparency and economy afforded by DANE for protection from simple
> monitoring, malicious spoofing, and reputation poisoning.  Providers will need
> to be trustworthy and may need to reside in specific geopolitical regions
> willing to ensure such protections.

I must be missing something here, because I don't see how what we've been
discussing - preventing pervasive surveilance in general and mandating
SSL/TLS on more connections in particular - has anything to do with email
acceptance.

> Multiple keying of encrypted data where each key subset resides in different
> geopolitical regions might be a way to increase trust, but this is not
> off-the-shelf crypto which you state as a requirement.

The security of IMAP and similar mailbox manipulation protocols seems 
entirely divorced from what you're talking about.

				Ned

From ted.ietf@gmail.com  Sat Oct 19 18:21:32 2013
Return-Path: <ted.ietf@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACDF311E8108 for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 18:21:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.074
X-Spam-Level: 
X-Spam-Status: No, score=-2.074 tagged_above=-999 required=5 tests=[AWL=-0.525, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_TOWRITE=1.05]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id noT3slsfR4-j for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 18:21:32 -0700 (PDT)
Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id 1C14A11E80F6 for <perpass@ietf.org>; Sat, 19 Oct 2013 18:21:31 -0700 (PDT)
Received: by mail-ie0-f180.google.com with SMTP id e14so8901166iej.39 for <perpass@ietf.org>; Sat, 19 Oct 2013 18:21:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=f0R9a8wgt/zFJ3lwCoOJWl8Tto9f66naTCL4jtF8tgA=; b=BzMF60lSkwTFCQTrpZbvzfAANdyzQZWL0YeEve0jXvqC+U1GPRqHNSvCd4nfKklELv SJeytUfHQWtzg7H6db5uODSyq0Wr9KnhxefyeiIrRXyBzv5PjD7HdgZsCKqx5tFlLRsW AkLQZNMxYXULefp0VjH3++TXf/nFhjub4gr6xwvOT/UiCVra0rVD7B7PucNNa8eTUF2D n3hnmyN2JLeva9eYi7UyzMkLN//GkrDej6BtBuBUYLVSET4US0zZW/kcsavaXyk8UPzQ Tq2wj/RzYx1gdfvHq847tHXglhBVuOlpKttNgHpjTcB2/D4fBpw9A2oFUh3ZX9PoZ8c4 8Nvg==
MIME-Version: 1.0
X-Received: by 10.50.61.205 with SMTP id s13mr4673002igr.29.1382232091197; Sat, 19 Oct 2013 18:21:31 -0700 (PDT)
Received: by 10.42.29.202 with HTTP; Sat, 19 Oct 2013 18:21:31 -0700 (PDT)
Date: Sat, 19 Oct 2013 18:21:31 -0700
Message-ID: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: perpass@ietf.org
Content-Type: multipart/alternative; boundary=047d7bd7679acb068004e921fc9a
Subject: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 01:21:32 -0000

--047d7bd7679acb068004e921fc9a
Content-Type: text/plain; charset=ISO-8859-1

Like most folks involved in this list, I have a personal response to the
current situation and some thoughts on how it will impact my or our work in
the future.  Since I expect we will pretty short of mic time in Vancouver
for thoughts like these, I decided to write them out.

http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00

is the result.  It's quite short but a quick summary is this:

Pervasive monitoring induces self-censoring which harms the Internet and
its users.  At the scale of the modern Internet, that means it harms
humanity.

We can and should change our approach to Internet engineering and system
design to deal with this.  There will be costs for that, but we should pay
them.

It helps me, personally, to focus on a single user when asking whether a
system or protocol is appropriate in the current environment.  The draft
lays out why.

regards,

Ted Hardie

--047d7bd7679acb068004e921fc9a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div>Like most folks involved in this list, I have a =
personal response to the current situation and some thoughts on how it will=
 impact my or our work in the future.=A0 Since I expect we will pretty shor=
t of mic time in Vancouver for thoughts like these, I decided to write them=
 out.<br>
<br><a href=3D"http://tools.ietf.org/html/draft-hardie-perpass-touchstone-0=
0">http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00</a><br><br=
></div>is the result.=A0 It&#39;s quite short but a quick summary is this:<=
br>
<br>Pervasive monitoring induces self-censoring which harms the Internet an=
d=20
its users.=A0 At the scale of the modern Internet, that means it harms=20
humanity.<br><br>We can and should change our approach to Internet engineer=
ing and system design to deal with this.=A0 There will be costs for that, b=
ut we should pay them.<br><br>It
 helps me, personally, to focus on a single user when asking whether a=20
system or protocol is appropriate in the current environment.=A0 The draft
 lays out why.<br><br></div>regards,<br><br>Ted Hardie<br></div>

--047d7bd7679acb068004e921fc9a--

From hallam@gmail.com  Sat Oct 19 18:42:15 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41DD311E8312 for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 18:42:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level: 
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[AWL=-1.122, BAYES_00=-2.599, HTML_MESSAGE=0.001, MISSING_HEADERS=1.292, NO_RELAYS=-0.001, SARE_TOWRITE=1.05]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0eMqGKgRTul7 for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 18:42:05 -0700 (PDT)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) by ietfa.amsl.com (Postfix) with ESMTP id B987011E831D for <perpass@ietf.org>; Sat, 19 Oct 2013 18:42:01 -0700 (PDT)
Received: by mail-lb0-f170.google.com with SMTP id u14so1506721lbd.1 for <perpass@ietf.org>; Sat, 19 Oct 2013 18:42:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=eKKr2rg9JN2HRQUeeRhw3RT9G9ftfR7NTxjwr8yDrug=; b=yEfWUKX7ROMSnuKnygp2gLGnZ6lPIIs6hzD4QjS71IxX4ZzSev3hCQJfUVfnOm0rWf yUfu4fg1XFLSDUXUpNG24MNQuLVCd1/cVoL0eC84N99ge+sJISJvD8jFNOXBrf75KHe6 EPqANCFRyY1HrSlsSP4+sShVFyu7coWxfU8UxdEUIbKKsZDh4XCmV3M67yuLLiIHZsGA VgmxKMMBTXfbMJ9civGGhjvUgDxEFgN4N7OUDd81G7okfaQA3Zv0WHcIgsc3NRiSN09M +Py3USh42RZ4eg5SNLSycTBnvAtk13J42CW43ZyeP7gmgJdE9Fd4cjn0Ss477k+ddjHo +lug==
MIME-Version: 1.0
X-Received: by 10.152.170.166 with SMTP id an6mr7879183lac.20.1382233320455; Sat, 19 Oct 2013 18:42:00 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Sat, 19 Oct 2013 18:42:00 -0700 (PDT)
In-Reply-To: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
Date: Sat, 19 Oct 2013 21:42:00 -0400
Message-ID: <CAMm+Lwi2oHbW7yd-iM3GxHL8Yhmn9NHRJyuzetuPfPTCPx=NwQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
Cc: perpass <perpass@ietf.org>
Content-Type: multipart/alternative; boundary=089e0117747510014804e92246e9
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 01:42:15 -0000

--089e0117747510014804e92246e9
Content-Type: text/plain; charset=ISO-8859-1

[offlist]

On Sat, Oct 19, 2013 at 9:21 PM, Ted Hardie <ted.ietf@gmail.com> wrote:

> Like most folks involved in this list, I have a personal response to the
> current situation and some thoughts on how it will impact my or our work in
> the future.  Since I expect we will pretty short of mic time in Vancouver
> for thoughts like these, I decided to write them out.
>
> http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00
>
> is the result.  It's quite short but a quick summary is this:
>
> Pervasive monitoring induces self-censoring which harms the Internet and
> its users.  At the scale of the modern Internet, that means it harms
> humanity.
>

People behave differently when they know they are being watched.

I am not responding to PRISM, I am responding to the arrest of Miranda
using anti-terrorism powers. Trying to scare me makes me conclude that we
need to drastically reduce their capabilities.


-- 
Website: http://hallambaker.com/

--089e0117747510014804e92246e9
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>[offlist]</div><div><br></div>On Sat, Oct 19, 2013 at=
 9:21 PM, Ted Hardie <span dir=3D"ltr">&lt;<a href=3D"mailto:ted.ietf@gmail=
.com" target=3D"_blank">ted.ietf@gmail.com</a>&gt;</span> wrote:<br><div cl=
ass=3D"gmail_extra">
<div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margi=
n:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr">=
<div><div>Like most folks involved in this list, I have a personal response=
 to the current situation and some thoughts on how it will impact my or our=
 work in the future.=A0 Since I expect we will pretty short of mic time in =
Vancouver for thoughts like these, I decided to write them out.<br>

<br><a href=3D"http://tools.ietf.org/html/draft-hardie-perpass-touchstone-0=
0" target=3D"_blank">http://tools.ietf.org/html/draft-hardie-perpass-touchs=
tone-00</a><br><br></div>is the result.=A0 It&#39;s quite short but a quick=
 summary is this:<br>

<br>Pervasive monitoring induces self-censoring which harms the Internet an=
d=20
its users.=A0 At the scale of the modern Internet, that means it harms=20
humanity.<br></div></div></blockquote><div><br></div><div>People behave dif=
ferently when they know they are being watched.</div><div><br></div><div>I =
am not responding to PRISM, I am responding to the arrest of Miranda using =
anti-terrorism powers. Trying to scare me makes me conclude that we need to=
 drastically reduce their capabilities.</div>
<div>=A0</div></div><div><br></div>-- <br>Website: <a href=3D"http://hallam=
baker.com/">http://hallambaker.com/</a><br>
</div></div>

--089e0117747510014804e92246e9--

From lists@eitanadler.com  Sat Oct 19 19:04:40 2013
Return-Path: <lists@eitanadler.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B14A21F9F86 for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 19:04:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.928
X-Spam-Level: 
X-Spam-Status: No, score=-0.928 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001, SARE_TOWRITE=1.05]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JXT20J+Wfs6Q for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 19:04:39 -0700 (PDT)
Received: from mail-qa0-x232.google.com (mail-qa0-x232.google.com [IPv6:2607:f8b0:400d:c00::232]) by ietfa.amsl.com (Postfix) with ESMTP id A99D711E810F for <perpass@ietf.org>; Sat, 19 Oct 2013 19:04:37 -0700 (PDT)
Received: by mail-qa0-f50.google.com with SMTP id cm18so1688739qab.2 for <perpass@ietf.org>; Sat, 19 Oct 2013 19:04:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=XB+KUSduuDNjcyuOTa12ppP1oC8Vxiwt3o3ppk5YjgQ=; b=lNfhDidlzpR2dmoDbZGiCD9+TFMTRQvAv6SwW3fjj2d+C1BYaM2M3b2ivmBPQWN94R 9HOflNj397z3dSb0YHXjYXFQY2hZ6+GqzJuZ1VnrAz9W9BKHeggHPbrVBW730jP8v6dE 8uJUTHjtZmUwqJEW+zQnjZnuJqhJY5NxFXcwA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=XB+KUSduuDNjcyuOTa12ppP1oC8Vxiwt3o3ppk5YjgQ=; b=aAyRjkfxcXgkfXlhy280RRQzndiaDyW0pfmgiUcW8ArUlp690IePvYeVBB+9r7KRTw adyUShtMJarqSLxJjCxF3PuWXXULJDJmP3V8skRLPLYsUlxWW3m+pTsZf1oeGB1svguP fA9FsVV9J5iipRbj9bt/RNdrsR1aLjQEEe4sD4LaH5U7f1sAlG0kMHmZitJB88UbW+iq Xv0m+lEX9cQKRFkEkIe9z3Pl2p5OCtWetB/qmMPYVbvv2DAi/qyJ0+KFnl5R4vwIB02/ ryt/HvxcZoqzq/comFvUgg8G+c0hkL8ZmixPjL4MHbnWlNu0VTQhinL4O/0jU4A2/VDG 8wmw==
X-Gm-Message-State: ALoCoQlPUBateCVKi9Brr0FjNgrYskeLeSSU26cam5frVijzvXQzZlfr3AkczOGhmJZZKiCRTQll
X-Received: by 10.49.50.7 with SMTP id y7mr13671226qen.45.1382234676895; Sat, 19 Oct 2013 19:04:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.96.63.101 with HTTP; Sat, 19 Oct 2013 19:04:06 -0700 (PDT)
In-Reply-To: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
From: Eitan Adler <lists@eitanadler.com>
Date: Sat, 19 Oct 2013 22:04:06 -0400
Message-ID: <CAF6rxg=jBkCHErd_N8sUE-kGp+FM6xyvYD7bcnW=L+CP_TETDA@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: perpass@ietf.org
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 02:04:40 -0000

On Sat, Oct 19, 2013 at 9:21 PM, Ted Hardie <ted.ietf@gmail.com> wrote:
> Like most folks involved in this list, I have a personal response to the
> current situation and some thoughts on how it will impact my or our work =
in
> the future.  Since I expect we will pretty short of mic time in Vancouver
> for thoughts like these, I decided to write them out.
>
> http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00
>
> is the result.  It's quite short but a quick summary is this:
>
> Pervasive monitoring induces self-censoring which harms the Internet and =
its
> users.  At the scale of the modern Internet, that means it harms humanity=
.
>
> We can and should change our approach to Internet engineering and system
> design to deal with this.  There will be costs for that, but we should pa=
y
> them.
>
> It helps me, personally, to focus on a single user when asking whether a
> system or protocol is appropriate in the current environment.  The draft
> lays out why.

You may want to directly address the arguments made in the paper
"Tussle in Cyberspace: Defining Tomorrow=E2=80=99s Internet" by Clark et al=
.

--=20
Eitan Adler

From tbray@textuality.com  Sat Oct 19 20:19:49 2013
Return-Path: <tbray@textuality.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B226611E813D for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 20:19:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.416
X-Spam-Level: 
X-Spam-Status: No, score=-2.416 tagged_above=-999 required=5 tests=[AWL=-0.490, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_TOWRITE=1.05]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FQVcP99O1pxG for <perpass@ietfa.amsl.com>; Sat, 19 Oct 2013 20:19:45 -0700 (PDT)
Received: from mail-ve0-f173.google.com (mail-ve0-f173.google.com [209.85.128.173]) by ietfa.amsl.com (Postfix) with ESMTP id EAB8B21F9E9D for <perpass@ietf.org>; Sat, 19 Oct 2013 20:19:44 -0700 (PDT)
Received: by mail-ve0-f173.google.com with SMTP id jw12so2612273veb.32 for <perpass@ietf.org>; Sat, 19 Oct 2013 20:19:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=yCGmPRP4TIvIcUEQnIVhDz0QbER40UqLMquejN3LzqE=; b=i0rjQR41LexJAx65kAFHWHudawyw4npwtUbh15Yb4cIrIAnfO4cD7IKWAKy25381Bf Iphp1pEv50xqN5NjD7OgOmVX/PERotkSZdUi8AYgKfY4W+z6NPLKpH9tJYnDImhQpD/8 PIuxS90qm4yPf4e3n9hP2dIxMXiMAryvQtDyKVsIas6smhPl7y9FInDHVL6OViPfBy3Z 4ppOFg52fhyurB5lmYPm81HfhcH3ET51BBFw87UMdgRxHwz9RyN8bSdODGCUBrTOrknZ viSI7u4hds4GwiACFKSWbC6h6Qgu+HUF9K4xZAu7VIQZIyczCHrWZ9dBn/jODAcNPZND b3hg==
X-Gm-Message-State: ALoCoQlzsLv6kXKiIh9GdHO8WzQJY/8QvGiirBnecWi79qQGJe5TUHMI4C2cMuWTUpKY/vyVkacO
MIME-Version: 1.0
X-Received: by 10.220.69.212 with SMTP id a20mr6844642vcj.10.1382239184248; Sat, 19 Oct 2013 20:19:44 -0700 (PDT)
Received: by 10.220.174.197 with HTTP; Sat, 19 Oct 2013 20:19:44 -0700 (PDT)
X-Originating-IP: [24.84.235.32]
In-Reply-To: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
Date: Sat, 19 Oct 2013 20:19:44 -0700
Message-ID: <CAHBU6iu2HVmsDdVEe+eVkXH4me+yK-=D34EQjEkDhMUHCyOd+A@mail.gmail.com>
From: Tim Bray <tbray@textuality.com>
To: Ted Hardie <ted.ietf@gmail.com>
Content-Type: multipart/alternative; boundary=047d7b3a83ac92723f04e923a3a5
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 03:19:49 -0000

--047d7b3a83ac92723f04e923a3a5
Content-Type: text/plain; charset=UTF-8

Excellent piece!


On Sat, Oct 19, 2013 at 6:21 PM, Ted Hardie <ted.ietf@gmail.com> wrote:

> Like most folks involved in this list, I have a personal response to the
> current situation and some thoughts on how it will impact my or our work in
> the future.  Since I expect we will pretty short of mic time in Vancouver
> for thoughts like these, I decided to write them out.
>
> http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00
>
> is the result.  It's quite short but a quick summary is this:
>
> Pervasive monitoring induces self-censoring which harms the Internet and
> its users.  At the scale of the modern Internet, that means it harms
> humanity.
>
> We can and should change our approach to Internet engineering and system
> design to deal with this.  There will be costs for that, but we should pay
> them.
>
> It helps me, personally, to focus on a single user when asking whether a
> system or protocol is appropriate in the current environment.  The draft
> lays out why.
>
> regards,
>
> Ted Hardie
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>
>

--047d7b3a83ac92723f04e923a3a5
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Excellent piece!<br></div><div class=3D"gmail_extra"><br><=
br><div class=3D"gmail_quote">On Sat, Oct 19, 2013 at 6:21 PM, Ted Hardie <=
span dir=3D"ltr">&lt;<a href=3D"mailto:ted.ietf@gmail.com" target=3D"_blank=
">ted.ietf@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div><div>Like most folks i=
nvolved in this list, I have a personal response to the current situation a=
nd some thoughts on how it will impact my or our work in the future.=C2=A0 =
Since I expect we will pretty short of mic time in Vancouver for thoughts l=
ike these, I decided to write them out.<br>

<br><a href=3D"http://tools.ietf.org/html/draft-hardie-perpass-touchstone-0=
0" target=3D"_blank">http://tools.ietf.org/html/draft-hardie-perpass-touchs=
tone-00</a><br><br></div>is the result.=C2=A0 It&#39;s quite short but a qu=
ick summary is this:<br>

<br>Pervasive monitoring induces self-censoring which harms the Internet an=
d=20
its users.=C2=A0 At the scale of the modern Internet, that means it harms=
=20
humanity.<br><br>We can and should change our approach to Internet engineer=
ing and system design to deal with this.=C2=A0 There will be costs for that=
, but we should pay them.<br><br>It
 helps me, personally, to focus on a single user when asking whether a=20
system or protocol is appropriate in the current environment.=C2=A0 The dra=
ft
 lays out why.<br><br></div>regards,<br><br>Ted Hardie<br></div>
<br>_______________________________________________<br>
perpass mailing list<br>
<a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_blank"=
>https://www.ietf.org/mailman/listinfo/perpass</a><br>
<br></blockquote></div><br></div>

--047d7b3a83ac92723f04e923a3a5--

From ynir@checkpoint.com  Sun Oct 20 01:47:48 2013
Return-Path: <ynir@checkpoint.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7939311E837F for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 01:47:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.931
X-Spam-Level: 
X-Spam-Status: No, score=-9.931 tagged_above=-999 required=5 tests=[AWL=-0.383, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, SARE_TOWRITE=1.05]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sg5p1Y6sUWSX for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 01:47:43 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 1C64211E8136 for <perpass@ietf.org>; Sun, 20 Oct 2013 01:47:42 -0700 (PDT)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r9K8lIGB013245; Sun, 20 Oct 2013 11:47:40 +0300
X-CheckPoint: {5263982D-0-1B221DC2-1FFFF}
Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.30]) by DAG-EX10.ad.checkpoint.com ([169.254.3.173]) with mapi id 14.02.0347.000; Sun, 20 Oct 2013 11:47:14 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Ted Hardie <ted.ietf@gmail.com>
Thread-Topic: [perpass] Some personal thoughts on the impact of pervasive monitoring
Thread-Index: AQHOzXD57It3TUC14k6/6rSiZGMHYg==
Date: Sun, 20 Oct 2013 08:47:14 +0000
Message-ID: <3D3E3D53-96C9-4A2E-9751-A088183CFB4B@checkpoint.com>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
In-Reply-To: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [172.31.21.184]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: multipart/alternative; boundary="_000_3D3E3D5396C94A2E9751A088183CFB4Bcheckpointcom_"
MIME-Version: 1.0
Cc: "<perpass@ietf.org>" <perpass@ietf.org>
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive	 monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 08:47:48 -0000

--_000_3D3E3D5396C94A2E9751A088183CFB4Bcheckpointcom_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


On Oct 20, 2013, at 4:21 AM, Ted Hardie <ted.ietf@gmail.com<mailto:ted.ietf=
@gmail.com>> wrote:

Like most folks involved in this list, I have a personal response to the cu=
rrent situation and some thoughts on how it will impact my or our work in t=
he future.  Since I expect we will pretty short of mic time in Vancouver fo=
r thoughts like these, I decided to write them out.

http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00

is the result.  It's quite short but a quick summary is this:

Pervasive monitoring induces self-censoring which harms the Internet and it=
s users.  At the scale of the modern Internet, that means it harms humanity=
.

We can and should change our approach to Internet engineering and system de=
sign to deal with this.  There will be costs for that, but we should pay th=
em.

It helps me, personally, to focus on a single user when asking whether a sy=
stem or protocol is appropriate in the current environment.  The draft lays=
 out why.

regards,

Ted Hardie

Hi, Ted

In your draft, you propose we ask ourselves a question about any protocol w=
e design, and that question can be something like "Can a gay kid in Uganda =
use this safely?"

IMO nothing we do here can yield an unqualified "yes" answer to that questi=
on. Nothing here relates to public statements such as personal blogs or Int=
ernet Drafts. Those are obviously public and the authors are identified, an=
d the state apparatus can read them just fine, regardless of how secure we =
make them.

So there are two kinds of communications that we would seek to protect. pub=
lic statements made anonymously, and private statements made either person-=
to-person or within a small group. You can't avoid any kind of monitoring, =
pervasive or otherwise, without having both encryption and authentication. =
This is regardless of whether the encryption and authentication are with th=
e communications peer or with an anonymizer. Encryption and authentication =
with a middlebox (such as using a web-based mail service with TLS) is not s=
ufficient, as the privacy of the communications depends on both the trustwo=
rthiness of the intermediary and strength of the authentication that the in=
termediary performs. I think it would be naive to expect an intermediary pr=
oviding a web service to resist the government. So we're left with mandator=
y mutual authentication.

And that's the issue. We (meaning the people who work on Internet infrastru=
cture) have never been able to deploy an identity management system good en=
ough that everyone will use it.

I am not familiar enough with Ugandan politics to know to what extent the a=
nti-gay laws are enforced or investigated. Most European countries and US s=
tates had such laws for decades without the police ever expending any resou=
rces to catch the criminals. But from what I've read in Wikipedia, the huma=
n rights situation is pretty grim for gays. So although it's tempting to th=
ink that using a US-based service like GMail would be safe from the local g=
overnment, I don't think that's good enough to merit an unqualified "yes" a=
nswer to your question. The thing about pervasive monitoring, is that even =
if it was set up to catch terrorists, once the system is in place, it's ver=
y tempting to use the collected information to fight crime.

If the Ugandan government has decided to investigate a specific person, the=
y can big his phone, install spyware on his computer, and follow him around=
. They will find evidence. The best we can do is to make our protocols such=
 that pervasive surveillance is impossible. We can only hope, that if surve=
illance resistance is made such that the US government has the resources to=
 spy on 10,000 people while Uganda has the resources to spy on 9 people (ba=
sed on the ratio of national budget expenditures), that the Ugandan governm=
ent will not waste its precious 9 "slots" on tracking down homosexuals.

So while I don't think we can make any particular protocol safe for a suspe=
ct, we can make it so that the average person feels safe enough to risk pri=
vate communications as long as they believe they are "under the radar".  Id=
eally, the steps to reach that goal would be enough to obscure the few who =
do use strong person-to-person authentication.

But even with strong person-to-person authentication, a gay Ugandan would s=
till have to avoid discussing anything that is illegal in Uganda with peopl=
e he's not familiar enough with, for fear they are government agents. There=
 can be no online support group helping teenagers, and there can be no Inte=
rnet dating sites. Nothing we do can make that happen.

Yoav



--_000_3D3E3D5396C94A2E9751A088183CFB4Bcheckpointcom_
Content-Type: text/html; charset="iso-8859-1"
Content-ID: <D606258137C9E149872DE20E2540402D@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; ">
<br>
<div>
<div>On Oct 20, 2013, at 4:21 AM, Ted Hardie &lt;<a href=3D"mailto:ted.ietf=
@gmail.com">ted.ietf@gmail.com</a>&gt; wrote:</div>
<br class=3D"Apple-interchange-newline">
<blockquote type=3D"cite">
<div dir=3D"ltr">
<div>
<div>Like most folks involved in this list, I have a personal response to t=
he current situation and some thoughts on how it will impact my or our work=
 in the future.&nbsp; Since I expect we will pretty short of mic time in Va=
ncouver for thoughts like these, I decided
 to write them out.<br>
<br>
<a href=3D"http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00">h=
ttp://tools.ietf.org/html/draft-hardie-perpass-touchstone-00</a><br>
<br>
</div>
is the result.&nbsp; It's quite short but a quick summary is this:<br>
<br>
Pervasive monitoring induces self-censoring which harms the Internet and it=
s users.&nbsp; At the scale of the modern Internet, that means it harms hum=
anity.<br>
<br>
We can and should change our approach to Internet engineering and system de=
sign to deal with this.&nbsp; There will be costs for that, but we should p=
ay them.<br>
<br>
It helps me, personally, to focus on a single user when asking whether a sy=
stem or protocol is appropriate in the current environment.&nbsp; The draft=
 lays out why.<br>
<br>
</div>
regards,<br>
<br>
Ted Hardie<br>
</div>
</blockquote>
<br>
</div>
<div>Hi, Ted</div>
<div><br>
</div>
<div>In your draft, you propose we ask ourselves a question about any proto=
col we design, and that question can be something like &quot;Can a gay kid =
in Uganda use this safely?&quot;</div>
<div><br>
</div>
<div>IMO nothing we do here can yield an unqualified &quot;yes&quot; answer=
 to that question. Nothing here relates to public statements such as person=
al blogs or Internet Drafts. Those are obviously public and the authors are=
 identified, and the state apparatus can read
 them just fine, regardless of how secure we make them.</div>
<div><br>
</div>
<div>So there are two kinds of communications that we would seek to protect=
. public statements made anonymously, and private statements made either pe=
rson-to-person or within a small group. You can't avoid any kind of monitor=
ing, pervasive or otherwise, without
 having both encryption and authentication. This is regardless of whether t=
he encryption and authentication are with the communications peer or with a=
n anonymizer. Encryption and authentication with a middlebox (such as using=
 a web-based mail service with TLS)
 is not sufficient, as the privacy of the communications depends on both th=
e trustworthiness of the intermediary and strength of the authentication th=
at the intermediary performs. I think it would be naive to expect an interm=
ediary providing a web service to
 resist the government. So we're left with mandatory mutual authentication.=
</div>
<div><br>
</div>
<div>And that's the issue. We (meaning the people who work on Internet infr=
astructure) have never been able to deploy an identity management system go=
od enough that everyone will use it.</div>
<div><br>
</div>
<div>I am not familiar enough with Ugandan politics to know to what extent =
the anti-gay laws are enforced or investigated. Most European countries and=
 US states had such laws for decades without the police ever expending any =
resources to catch the criminals.
 But from what I've read in Wikipedia, the human rights situation is pretty=
 grim for gays. So although it's tempting to think that using a US-based se=
rvice like GMail would be safe from the local government, I don't think tha=
t's good enough to merit an unqualified
 &quot;yes&quot; answer to your question. The thing about pervasive monitor=
ing, is that even if it was set up to catch terrorists, once the system is =
in place, it's very tempting to use the collected information to fight crim=
e.</div>
<div><br>
</div>
<div>If the Ugandan government has decided to investigate a specific person=
, they can big his phone, install spyware on his computer, and follow him a=
round. They will find evidence. The best we can do is to make our protocols=
 such that pervasive surveillance
 is impossible. We can only hope, that if surveillance resistance is made s=
uch that the US government has the resources to spy on 10,000 people while =
Uganda has the resources to spy on 9 people (based on the ratio of national=
 budget expenditures), that the
 Ugandan government will not waste its precious 9 &quot;slots&quot; on trac=
king down homosexuals.</div>
<div><br>
</div>
<div>So while I don't think we can make any particular protocol safe for a =
suspect, we can make it so that the average person feels safe enough to ris=
k private communications as long as they believe they are &quot;under the r=
adar&quot;. &nbsp;Ideally, the steps to reach that
 goal would be enough to obscure the few who do use strong person-to-person=
 authentication.&nbsp;</div>
<div><br>
</div>
<div>But even with strong person-to-person authentication, a gay Ugandan wo=
uld still have to avoid discussing anything that is illegal in Uganda with =
people he's not familiar enough with, for fear they are government agents. =
There can be no online support group
 helping teenagers, and there can be no Internet dating sites. Nothing we d=
o can make that happen.&nbsp;</div>
<div><br>
</div>
<div>Yoav</div>
<div><br>
</div>
<br>
</body>
</html>

--_000_3D3E3D5396C94A2E9751A088183CFB4Bcheckpointcom_--

From ynir@checkpoint.com  Sun Oct 20 02:28:40 2013
Return-Path: <ynir@checkpoint.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C68CB11E818F for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 02:28:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.917
X-Spam-Level: 
X-Spam-Status: No, score=-9.917 tagged_above=-999 required=5 tests=[AWL=-0.369, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, SARE_TOWRITE=1.05]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Glg6gQ31QioY for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 02:28:36 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 88A8111E8388 for <perpass@ietf.org>; Sun, 20 Oct 2013 02:28:26 -0700 (PDT)
Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r9K9SNeb023669; Sun, 20 Oct 2013 12:28:23 +0300
X-CheckPoint: {5263A1CD-15-1B221DC2-1FFFF}
Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.30]) by IL-EX10.ad.checkpoint.com ([169.254.2.14]) with mapi id 14.03.0123.003; Sun, 20 Oct 2013 12:28:12 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Ted Hardie <ted.ietf@gmail.com>
Thread-Topic: [perpass] Some personal thoughts on the impact of pervasive monitoring
Thread-Index: AQHOzXD57It3TUC14k6/6rSiZGMHYpn9IEMA
Date: Sun, 20 Oct 2013 09:28:11 +0000
Message-ID: <11AC03FC-E1A1-4533-8CDF-EB64E466F4B2@checkpoint.com>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <3D3E3D53-96C9-4A2E-9751-A088183CFB4B@checkpoint.com>
In-Reply-To: <3D3E3D53-96C9-4A2E-9751-A088183CFB4B@checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [172.31.20.248]
x-kse-antivirus-interceptor-info: protection disabled
Content-Type: multipart/alternative; boundary="_000_11AC03FCE1A145338CDFEB64E466F4B2checkpointcom_"
MIME-Version: 1.0
Cc: "<perpass@ietf.org>" <perpass@ietf.org>
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive	 monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 09:28:40 -0000

--_000_11AC03FCE1A145338CDFEB64E466F4B2checkpointcom_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

On Oct 20, 2013, at 4:21 AM, Ted Hardie <ted.ietf@gmail.com<mailto:ted.ietf=
@gmail.com>> wrote:

Like most folks involved in this list, I have a personal response to the cu=
rrent situation and some thoughts on how it will impact my or our work in t=
he future.  Since I expect we will pretty short of mic time in Vancouver fo=
r thoughts like these, I decided to write them out.

http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00

is the result.  It's quite short but a quick summary is this:

Pervasive monitoring induces self-censoring which harms the Internet and it=
s users.  At the scale of the modern Internet, that means it harms humanity=
.

We can and should change our approach to Internet engineering and system de=
sign to deal with this.  There will be costs for that, but we should pay th=
em.

It helps me, personally, to focus on a single user when asking whether a sy=
stem or protocol is appropriate in the current environment.  The draft lays=
 out why.

regards,

Ted Hardie

Hi, Ted

In your draft, you propose we ask ourselves a question about any protocol w=
e design, and that question can be something like "Can a gay kid in Uganda =
use this safely?"

IMO nothing we do here can yield an unqualified "yes" answer to that questi=
on. Nothing here relates to public statements such as personal blogs or Int=
ernet Drafts. Those are obviously public and the authors are identified, an=
d the state apparatus can read them just fine, regardless of how secure we =
make them.

So there are two kinds of communications that we would seek to protect. pub=
lic statements made anonymously, and private statements made either person-=
to-person or within a small group. You can't avoid any kind of monitoring, =
pervasive or otherwise, without having both encryption and authentication. =
This is regardless of whether the encryption and authentication are with th=
e communications peer or with an anonymizer. Encryption and authentication =
with a middlebox (such as using a web-based mail service with TLS) is not s=
ufficient, as the privacy of the communications depends on both the trustwo=
rthiness of the intermediary and strength of the authentication that the in=
termediary performs. I think it would be naive to expect an intermediary pr=
oviding a web service to resist the government. So we're left with mandator=
y mutual authentication.

And that's the issue. We (meaning the people who work on Internet infrastru=
cture) have never been able to deploy an identity management system good en=
ough that everyone will use it.

I am not familiar enough with Ugandan politics to know to what extent the a=
nti-gay laws are enforced or investigated. Most European countries and US s=
tates had such laws for decades without the police ever expending any resou=
rces to catch the criminals. But from what I've read in Wikipedia, the huma=
n rights situation is pretty grim for gays. So although it's tempting to th=
ink that using a US-based service like GMail would be safe from the local g=
overnment, I don't think that's good enough to merit an unqualified "yes" a=
nswer to your question. The thing about pervasive monitoring, is that even =
if it was set up to catch terrorists, once the system is in place, it's ver=
y tempting to use the collected information to fight crime.

If the Ugandan government has decided to investigate a specific person, the=
y can big his phone, install spyware on his computer, and follow him around=
. They will find evidence. The best we can do is to make our protocols such=
 that pervasive surveillance is impossible. We can only hope, that if surve=
illance resistance is made such that the US government has the resources to=
 spy on 10,000 people while Uganda has the resources to spy on 9 people (ba=
sed on the ratio of national budget expenditures), that the Ugandan governm=
ent will not waste its precious 9 "slots" on tracking down homosexuals.

So while I don't think we can make any particular protocol safe for a suspe=
ct, we can make it so that the average person feels safe enough to risk pri=
vate communications as long as they believe they are "under the radar".  Id=
eally, the steps to reach that goal would be enough to obscure the few who =
do use strong person-to-person authentication.

But even with strong person-to-person authentication, a gay Ugandan would s=
till have to avoid discussing anything that is illegal in Uganda with peopl=
e he's not familiar enough with, for fear they are government agents. There=
 can be no online support group helping teenagers, and there can be no Inte=
rnet dating sites. Nothing we do can make that happen.

Yoav


--_000_11AC03FCE1A145338CDFEB64E466F4B2checkpointcom_
Content-Type: text/html; charset="iso-8859-1"
Content-ID: <456F085C75EA544AAFE7936BD47F93D6@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; ">
<div>
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<div>
<div>On Oct 20, 2013, at 4:21 AM, Ted Hardie &lt;<a href=3D"mailto:ted.ietf=
@gmail.com">ted.ietf@gmail.com</a>&gt; wrote:</div>
<br class=3D"Apple-interchange-newline">
<blockquote type=3D"cite">
<div dir=3D"ltr">
<div>
<div>Like most folks involved in this list, I have a personal response to t=
he current situation and some thoughts on how it will impact my or our work=
 in the future.&nbsp; Since I expect we will pretty short of mic time in Va=
ncouver for thoughts like these, I decided
 to write them out.<br>
<br>
<a href=3D"http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00">h=
ttp://tools.ietf.org/html/draft-hardie-perpass-touchstone-00</a><br>
<br>
</div>
is the result.&nbsp; It's quite short but a quick summary is this:<br>
<br>
Pervasive monitoring induces self-censoring which harms the Internet and it=
s users.&nbsp; At the scale of the modern Internet, that means it harms hum=
anity.<br>
<br>
We can and should change our approach to Internet engineering and system de=
sign to deal with this.&nbsp; There will be costs for that, but we should p=
ay them.<br>
<br>
It helps me, personally, to focus on a single user when asking whether a sy=
stem or protocol is appropriate in the current environment.&nbsp; The draft=
 lays out why.<br>
<br>
</div>
regards,<br>
<br>
Ted Hardie<br>
</div>
</blockquote>
<br>
</div>
<div>Hi, Ted</div>
<div><br>
</div>
<div>In your draft, you propose we ask ourselves a question about any proto=
col we design, and that question can be something like &quot;Can a gay kid =
in Uganda use this safely?&quot;</div>
<div><br>
</div>
<div>IMO nothing we do here can yield an unqualified &quot;yes&quot; answer=
 to that question. Nothing here relates to public statements such as person=
al blogs or Internet Drafts. Those are obviously public and the authors are=
 identified, and the state apparatus can read
 them just fine, regardless of how secure we make them.</div>
<div><br>
</div>
<div>So there are two kinds of communications that we would seek to protect=
. public statements made anonymously, and private statements made either pe=
rson-to-person or within a small group. You can't avoid any kind of monitor=
ing, pervasive or otherwise, without
 having both encryption and authentication. This is regardless of whether t=
he encryption and authentication are with the communications peer or with a=
n anonymizer. Encryption and authentication with a middlebox (such as using=
 a web-based mail service with TLS)
 is not sufficient, as the privacy of the communications depends on both th=
e trustworthiness of the intermediary and strength of the authentication th=
at the intermediary performs. I think it would be naive to expect an interm=
ediary providing a web service to
 resist the government. So we're left with mandatory mutual authentication.=
</div>
<div><br>
</div>
<div>And that's the issue. We (meaning the people who work on Internet infr=
astructure) have never been able to deploy an identity management system go=
od enough that everyone will use it.</div>
<div><br>
</div>
<div>I am not familiar enough with Ugandan politics to know to what extent =
the anti-gay laws are enforced or investigated. Most European countries and=
 US states had such laws for decades without the police ever expending any =
resources to catch the criminals.
 But from what I've read in Wikipedia, the human rights situation is pretty=
 grim for gays. So although it's tempting to think that using a US-based se=
rvice like GMail would be safe from the local government, I don't think tha=
t's good enough to merit an unqualified
 &quot;yes&quot; answer to your question. The thing about pervasive monitor=
ing, is that even if it was set up to catch terrorists, once the system is =
in place, it's very tempting to use the collected information to fight crim=
e.</div>
<div><br>
</div>
<div>If the Ugandan government has decided to investigate a specific person=
, they can big his phone, install spyware on his computer, and follow him a=
round. They will find evidence. The best we can do is to make our protocols=
 such that pervasive surveillance
 is impossible. We can only hope, that if surveillance resistance is made s=
uch that the US government has the resources to spy on 10,000 people while =
Uganda has the resources to spy on 9 people (based on the ratio of national=
 budget expenditures), that the
 Ugandan government will not waste its precious 9 &quot;slots&quot; on trac=
king down homosexuals.</div>
<div><br>
</div>
<div>So while I don't think we can make any particular protocol safe for a =
suspect, we can make it so that the average person feels safe enough to ris=
k private communications as long as they believe they are &quot;under the r=
adar&quot;. &nbsp;Ideally, the steps to reach that
 goal would be enough to obscure the few who do use strong person-to-person=
 authentication.&nbsp;</div>
<div><br>
</div>
<div>But even with strong person-to-person authentication, a gay Ugandan wo=
uld still have to avoid discussing anything that is illegal in Uganda with =
people he's not familiar enough with, for fear they are government agents. =
There can be no online support group
 helping teenagers, and there can be no Internet dating sites. Nothing we d=
o can make that happen.&nbsp;</div>
<div><br>
</div>
<div>Yoav</div>
</div>
</div>
<br>
</body>
</html>

--_000_11AC03FCE1A145338CDFEB64E466F4B2checkpointcom_--

From rutkowski.tony@gmail.com  Sun Oct 20 05:39:59 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 188E011E81A7 for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 05:39:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TpQg9Hd4VMAH for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 05:39:53 -0700 (PDT)
Received: from mail-yh0-x235.google.com (mail-yh0-x235.google.com [IPv6:2607:f8b0:4002:c01::235]) by ietfa.amsl.com (Postfix) with ESMTP id 55FD721F9FB1 for <perpass@ietf.org>; Sun, 20 Oct 2013 05:39:52 -0700 (PDT)
Received: by mail-yh0-f53.google.com with SMTP id z20so1466797yhz.12 for <perpass@ietf.org>; Sun, 20 Oct 2013 05:39:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=axnw1XBu3eZM+rKgLjZG/TGhNcnb6/hgFkCYj/WhkHg=; b=hvjk7g3JBp1zp8xWvmUT9YpRvccNxjLEr3+aIM35q805jVIbHvsbkN59Ech/8OxBCu 9fAzrGbMmamwGWFARfmQRQ5tYYcsrQnVk1BjXoZwDKdlssSUlSZ+64RDkcdiz1Tj6XRy DevdjCMTxlBKIt7Esb548HjwgiFvLKb3m1u64SIYW1rwhMIDzJyrBoCrDkNcqyoYboT1 Xuj1pGJVIJI9epHAo6bIeRJopDyQcyolTb2dY91KxeWaByfHc5ehgMRjX8BKkAV5qiqC vLeqeVukitGNg3Uw2yV6AlmWn+mEWZH+Kj3eg3Wi7685lqQRdowcUE5psb+kRUNTqZZ2 OI3A==
X-Received: by 10.236.163.228 with SMTP id a64mr8171992yhl.35.1382272791784; Sun, 20 Oct 2013 05:39:51 -0700 (PDT)
Received: from [192.168.1.107] (c-174-48-167-34.hsd1.fl.comcast.net. [174.48.167.34]) by mx.google.com with ESMTPSA id s46sm18389311yha.27.2013.10.20.05.39.50 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 20 Oct 2013 05:39:51 -0700 (PDT)
Message-ID: <5263CF15.6020407@gmail.com>
Date: Sun, 20 Oct 2013 08:39:49 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Yoav Nir <ynir@checkpoint.com>, Ted Hardie <ted.ietf@gmail.com>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>	<3D3E3D53-96C9-4A2E-9751-A088183CFB4B@checkpoint.com> <11AC03FC-E1A1-4533-8CDF-EB64E466F4B2@checkpoint.com>
In-Reply-To: <11AC03FC-E1A1-4533-8CDF-EB64E466F4B2@checkpoint.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "<perpass@ietf.org>" <perpass@ietf.org>
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 12:39:59 -0000

Reality check.

That is assuming the "average person" or the providers
of services to such persons, cares enough to do anything.
If the past ten years have demonstrated anything, the
average person and provider do not care.  Indeed,
conversely, they will be concerned about cost,
performance, ease of use,  and attractive feature sets.

Only the non-average will care in the following order:
governments (mostly), companies communicating
sensitive information, criminals and terrorists, and
a few super-paranoid.

The latest traitor-theft incident has principally
accomplished: 1) a significant shift of resources
by almost all the other governments to scale up
their ability to do better pervasive surveillance,
2) the significant scaling of surveillance and
analysis vendors to sell into the expanding
government and commercial markets, 3) the
shift of criminals and terrorists to more secure
communication, and 4) a degree of largely self
serving flailing around for exploitation purposes
by politicians and lobbying groups.  Perpass falls
into the noise, except for generating new ideas
for the above actors.  It is called the law of
unintended consequences. :-)
-t

On 2013-10-20 5:28 AM, Yoav Nir wrote:
> So while I don't think we can make any particular protocol safe for a 
> suspect, we can make it so that the average person feels safe enough 
> to risk private communications as long as they believe they are "under 
> the radar".  Ideally, the steps to reach that goal would be enough to 
> obscure the few who do use strong person-to-person authentication.
>


From stephen.farrell@cs.tcd.ie  Sun Oct 20 06:47:30 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D10211E81A6 for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 06:47:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MjjAYP1BHklk for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 06:47:24 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 94E6411E83F3 for <perpass@ietf.org>; Sun, 20 Oct 2013 06:47:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B95A6BE56; Sun, 20 Oct 2013 14:47:19 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i2zxqZoO9qvk; Sun, 20 Oct 2013 14:47:18 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.41.52.5]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 13530BE38; Sun, 20 Oct 2013 14:47:18 +0100 (IST)
Message-ID: <5263DEE5.4070504@cs.tcd.ie>
Date: Sun, 20 Oct 2013 14:47:17 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>
References: <CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com>	<5262A957.8020504@cs.tcd.ie> <CAMm+Lwjx-XjFOYEGg7cYfyw-m5Yet0fd86Pka9um7YCyOJx4Wg@mail.gmail.com>
In-Reply-To: <CAMm+Lwjx-XjFOYEGg7cYfyw-m5Yet0fd86Pka9um7YCyOJx4Wg@mail.gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] NSA inspired PKIX limitations?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 13:47:30 -0000

Hi Phill,

On 10/19/2013 06:48 PM, Phillip Hallam-Baker wrote:
> On Sat, Oct 19, 2013 at 11:46 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie
>> wrote:
> 
>>
>> Hiya,
>>
>> FWIW, I don't buy Phill's theory at all.
>>
> 
> We have a document that states there is a $250 million budget set for a
> program that includes infiltrating the standards process as a stated part
> of the program.

I'll come back on that in a separate mail.

> Now we can dispute the authenticity of the document but I see it as
> confirming my earlier strong suspicion.
> 
>> On the specific topics below, if I recall correctly, both
>> were uncontroversial parts of the "design" of PKI for years
>> before they became problematic for the web PKI when it
>> finally started to seriously consider revocation.
> 
> 
> They were uncontroversial until the DigiNotar and Flame incidents and until
> the EFF certificate observatory started a FUD attack making spurious claims
> . Until that point I was mainly concerned with the risk that one of my CAs
> might be breached. I did not see the need for Name constraints because I
> had other controls that I consider to be sufficient.
> 
> The OCSP feature was very controversial at the time the limitation was
> originally introduced. The reason I did not press the issue then was that I
> did not see it as critical and insisting on a strong status result could
> arguably be seen as interfering with the Valicert business model at the
> time.

Right, I tihnk we're agreeing that these features were introduced
years ago as part of the normal process. No conspiracy needed nor
credible.

>> And it
>> seems to me that both "sides" in that debate were inflexible
>> and unwilling to make changes. I still don't know why that
>> was, and it still seems dumb to me, but life's full of little
>> mysteries like that.
>>
> 
> My position is based on the actions taken by the deployed base. I can't
> change that and so I don't have much ability to change my position.
> 
> I can't see why the inability of the DoD to support an accurate status
> result should require the rest of us to adopt their lowest common
> denominator security.

That's re-litigating the argument though. You had your position,
others had theirs. All of 'em had merits. None of the relevant
parties seemed willing to change. 'twas just dumb IMO.

However, we now have the wpkops wg, which should provide a better
venue and process for handling any similar issues that arise in
future. If the web PKI folks do actively work on that, (and I'm
more hopeful on that than I was a month or two ago) then we
shouldn't hit that kind of problem again I'd hope.

>> And I am just not seeing how this is related to pervasive
>> monitoring except very very tangentially - Phill, can you
>> please explain its relevance?
>>
> 
> I believe that the vulnerability exploited in Flame would have been closed
> had the standards changes resisted by the DoD been adopted in a timely

Flame was relatively targetted and more of a host-based attack tool
rather than an attack on the n/w. But yes, its relevant to monitoring
though arguable as to whether its in scope here I think. (I do agree
its a relevant part of the background for sure though.)

> fashion and that the DigiNotar incident might have been detected earlier.

Again, that's fairly weak I think.

> The documentary evidence shows that interfering with the standards process
> to prevent deployment of countermeasures is part of the cost of running
> PRISM etc. That is a cost that I am not prepared to pay because these
> generals who I have to sit in rooms with and listen to their plans for
> cyber-attack are making use less safe by compromising our ability to
> achieve strong cyber-defense.
> 
> The question of how we can build open standards to defend against covert
> pervasive monitoring in the face of attempts to disrupt these efforts is a
> very difficult one.

I'll respond in a separate mail on the general inferference issue.

My conclusion here is that the specific issues you raise aren't
convincingly part of this and is better not intertwined with the
generic point about interference.

S.

>> And finally the subject line also seems unwise as it'll probably
>> just annoy folks and just distract us from getting real work
>> done. (So, if it does annoy you, please try be moderate in
>> your response, or maybe don't even send that mail, until we
>> see how Phill justifies its relevance.)
>>
> 
> Well we could spend the next few years dancing round the subject and
> pretending that the elephants are not in the room but I have no intention
> of doing so.
> 
> Now that my question on Alexander has been answered, I am looking for an
> answer to the question I raised at the RSA conference this year: How can we
> have a government-industry partnership to improve cyber security when a
> part of the military is actively engaged in subverting the standards
> process to protect vulnerabilities they might use in attacks? This is not
> the only forum I am raising this question, I am raising it with the policy
> makers in government as well.
> 
> I am quite used to being accused of peddling an agenda. For some reasons
> CAs are always accused of having some covert agenda and raising this on the
> lists is never seen as objectionable because it is so frequent. But the
> response I give is not 'how dare you ask that question' but instead 'why
> don't you hold all the other parties you rely on to the same degree of
> scrutiny'.
> 
> 

From stephen.farrell@cs.tcd.ie  Sun Oct 20 06:52:40 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43D2311E83F2 for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 06:52:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kxw8h7040s9S for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 06:52:35 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 17EF811E81CF for <perpass@ietf.org>; Sun, 20 Oct 2013 06:52:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 16828BE56 for <perpass@ietf.org>; Sun, 20 Oct 2013 14:52:34 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1OHEMY5tXl3E for <perpass@ietf.org>; Sun, 20 Oct 2013 14:52:32 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.41.52.5]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id F41CEBE39 for <perpass@ietf.org>; Sun, 20 Oct 2013 14:52:31 +0100 (IST)
Message-ID: <5263E01F.2000106@cs.tcd.ie>
Date: Sun, 20 Oct 2013 14:52:31 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [perpass] spending US$250M per year
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 13:52:40 -0000

Hi,

Phill raised the US$250M/year issue. [1] That is something we
might prefer to ignore, but perhaps its better to address it
briefly, and then move on if we can.

In fact, I don't think its impact is that significant, except
in so far as it has damaged the reputation of some, and there is
real reputational damage to institutions and even, very unfairly,
maybe to some individuals.

FWIW, my take on this is the following:

1. The only convincingly known case so far is dual-ec-dbrg.
There are no others that I'm aware of, and none directly
involving the IETF. There was some discussion of IPsec but
Jeff Schiller convincingly countered that, and Jeff's
account matches my recollection (not that I was really
involved in that at the time). The "NIST Curve" topic is I
think different and is being actively discussed on the TLS
list. (The difference is that the NIST curve debate is a
result of, and not a cause of, reputational damage.)

2. It seems unlikely to me, and others who've mailed me offlist,
that anyone was being directly paid as part of this solely to
deliberately bugger up IETF processes or output by participating
in IETF activities. I can't imagine that funders with such motives
would be that unsubtle and direct - they'd find someone who
genuinely thinks that e.g. more complexity is needed for "foo"
and fund them or even better they'd fund someone who has real
requirements that suit the funder's needs - same as every funder.

3. Other than the scale, such activities are not that different
from when vendor X plays a game against vendor Y proposals
or technologies while at the same time both vendors contribute
fairly in other areas. Our defence is the same: transparency,
running our processes, broad participation and thorough technical
review.

4. I'd have to imagine that most of that US$250M is spent outside
of standards work, e.g. to pay vendors or service providers to
do stuff that works for the funder, whether duplicitously or not.

5. I feel real sympathy for individual IETF participants sponsored
by USG organisations - all of those folks I know have afaik been
totally honest and above-board contributors. (Doesn't mean I agree
with 'em of course:-) But I can't see but that there is real damage
to trust there maybe mostly for IETF participants who don't
personally know the people involved. That's a shame but I don't
this folks funded by USG ought be silent - that'd make the overall
situation worse same as any self-censorship.

6. There's really not much point in saying more on this. Its a PITA,
but absent a smoking-gun like dual-ec-dbrg, speculating on this
is going to be counterproductive. Sure, we should review our stuff
and see what needs changing/improvement but doing so on the basis of
who paid whom is both very hard to do accurately and probably
pointless. (As an aside - if you're reading this and have written
some RFCs - have you looked over what you did to check how it might
need changing?)

7. We should all definitely avoid any finger pointing at individuals
both in fairness and for all the usual other reasons why we don't
defame people on mailing lists. As list moderator, I'll slap down
as hard as I can on any such mail, so please continue to not send
anything like that. (And thanks for not doing it so far.)

8. If they insist on spending that money, they should just buy us
loads of gigantic cookies for meetings. The discussion that'd ensue
would kill productivity far more effectively:-)

If the above summary covered this, then I'd hope we can move on and
not need much or any more discussion on the topic, but do folks think
I'm wrong or missing important aspects?

If this is close-enough, then you don't need to respond.

Regards,
S.

[1]
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security




From mdietf@demmers.org  Sun Oct 20 10:09:07 2013
Return-Path: <mdietf@demmers.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA40B11E8212 for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 10:09:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.196
X-Spam-Level: 
X-Spam-Status: No, score=-1.196 tagged_above=-999 required=5 tests=[AWL=0.481,  BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sBAyZcKr0Gtb for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 10:09:03 -0700 (PDT)
Received: from remote.demmers.org (mdemmers.virt.spiritone.com [216.99.193.151]) by ietfa.amsl.com (Postfix) with ESMTP id 851F411E810A for <perpass@ietf.org>; Sun, 20 Oct 2013 10:08:59 -0700 (PDT)
Received: from cicero.demmers.org ([50.45.172.83]) by remote.demmers.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id r9KH8eZ7007522; Sun, 20 Oct 2013 10:08:41 -0700
Date: Sun, 20 Oct 2013 10:08:37 -0700
From: Mike Demmers <mdietf@demmers.org>
To: Ted Hardie <ted.ietf@gmail.com>
Message-ID: <20131020100837.528bb00a@cicero.demmers.org>
In-Reply-To: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 17:09:07 -0000

On Sat, 19 Oct 2013 18:21:31 -0700
Ted Hardie <ted.ietf@gmail.com> wrote:

> http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00

Suggest change from:

   "Can a gay kid in Uganda use this safely?"

to

   "Can a gay kid in Uganda use this safely? Is its design flexible enough to be used in his circumstances? Is it easy enough to use that a non-technical user may be reasonably be expected to use it?"

I'd guess you intended this. I think it is important to spell it out explicitly.

-Mike
 

From tytso@thunk.org  Sun Oct 20 10:20:14 2013
Return-Path: <tytso@thunk.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7355411E820B for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 10:20:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkzWc+FUE7st for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 10:20:13 -0700 (PDT)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by ietfa.amsl.com (Postfix) with ESMTP id 101DF11E8219 for <perpass@ietf.org>; Sun, 20 Oct 2013 10:20:12 -0700 (PDT)
Received: from root (helo=closure.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.80) (envelope-from <tytso@thunk.org>) id 1VXwfi-0006sL-9d; Sun, 20 Oct 2013 17:20:10 +0000
Received: by closure.thunk.org (Postfix, from userid 15806) id DFCC75806AF; Sun, 20 Oct 2013 13:20:06 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thunk.org; s=mail; t=1382289606; bh=G6Ss3cZncYcOBEsYq5TmRqC4DOR6Wq3Qzq5yqvcWMJI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=GNIqBBZBGKgnHg+MAN1ZkzLL+S+vrCpLJOQLgLoNurwq1cgvrKROx3+VmaeK0UR8U DqQ7Jd+eJK35cGXsNdCz3MzZKtAoN0nY6M4a6uTRz7nYqXqa8nbzQGfZVYYq8ezMUY 2DoEAb0g+z0SXK1SSE7bRtk5xwetdoA6sOEa0whQ=
Date: Sun, 20 Oct 2013 13:20:06 -0400
From: Theodore Ts'o <tytso@mit.edu>
To: Tony Rutkowski <rutkowski.tony@gmail.com>
Message-ID: <20131020172006.GC23798@thunk.org>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <3D3E3D53-96C9-4A2E-9751-A088183CFB4B@checkpoint.com> <11AC03FC-E1A1-4533-8CDF-EB64E466F4B2@checkpoint.com> <5263CF15.6020407@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5263CF15.6020407@gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Cc: Ted Hardie <ted.ietf@gmail.com>, Yoav Nir <ynir@checkpoint.com>, "<perpass@ietf.org>" <perpass@ietf.org>
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 17:20:14 -0000

On Sun, Oct 20, 2013 at 08:39:49AM -0400, Tony Rutkowski wrote:
> 
> That is assuming the "average person" or the providers
> of services to such persons, cares enough to do anything.
> If the past ten years have demonstrated anything, the
> average person and provider do not care.  Indeed,
> conversely, they will be concerned about cost,
> performance, ease of use,  and attractive feature sets.

As they say, past results is not necessarily indicative of future
performance.

There seem to be at least some evidence that "normal users" have
started to care more about their security --- or you could say that
there have been a greater number of people joining the ranks of the
"super-paranoid".  And Yahoo has announced they will start turning on
encryption by default starting early next year; some have speculated
that Yahoo may have been felt impact of the reporting that showed that
the NSA had collected twice as many address books from Yahoo Users as
from all of the other major services combined.

One interesting indicator of how much "the average person" will care
is how much pressure politicians feel from their constiuents when some
of the intelligence gathering reform bills start getting debated
before congress --- especially the bill from Senators Wyden and Udall.

> Perpass falls
> into the noise, except for generating new ideas
> for the above actors.

People who feel this way certainly have no obligation to participate
in perpass.  :-)

					- Ted

From mdietf@demmers.org  Sun Oct 20 12:31:14 2013
Return-Path: <mdietf@demmers.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33FB911E8266 for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 12:31:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.748
X-Spam-Level: 
X-Spam-Status: No, score=-0.748 tagged_above=-999 required=5 tests=[AWL=-0.929, BAYES_20=-0.74, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gU-3tpVufKKK for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 12:31:14 -0700 (PDT)
Received: from remote.demmers.org (mdemmers.virt.spiritone.com [216.99.193.151]) by ietfa.amsl.com (Postfix) with ESMTP id 0250811E8286 for <perpass@ietf.org>; Sun, 20 Oct 2013 12:31:08 -0700 (PDT)
Received: from cicero.demmers.org ([50.45.172.83]) by remote.demmers.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id r9KJV5OG008770; Sun, 20 Oct 2013 12:31:06 -0700
Date: Sun, 20 Oct 2013 12:31:02 -0700
From: Mike Demmers <mdietf@demmers.org>
To: Eitan Adler <lists@eitanadler.com>, perpass@ietf.org
Message-ID: <20131020123102.49cb282d@cicero.demmers.org>
In-Reply-To: <CAF6rxg=jBkCHErd_N8sUE-kGp+FM6xyvYD7bcnW=L+CP_TETDA@mail.gmail.com>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <CAF6rxg=jBkCHErd_N8sUE-kGp+FM6xyvYD7bcnW=L+CP_TETDA@mail.gmail.com>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 19:31:14 -0000

On Sat, 19 Oct 2013 22:04:06 -0400
Eitan Adler <lists@eitanadler.com> wrote:

> You may want to directly address the arguments made in the paper
> "Tussle in Cyberspace: Defining Tomorrow=E2=80=99s Internet" by Clark et =
al.

Yes.

That paper, located here:

http://groups.csail.mit.edu/ana/Publications/PubPDFs/Tussle%20in%20Cyberspa=
ce%20Defining%20Tomorrows%20Internet%202005's%20Internet.pdf

is excellent and directly relevant to the design of protocols. Written in 2=
005.

-md

From ted.ietf@gmail.com  Sun Oct 20 13:42:01 2013
Return-Path: <ted.ietf@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 850F111E8446 for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 13:42:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.034
X-Spam-Level: 
X-Spam-Status: No, score=-2.034 tagged_above=-999 required=5 tests=[AWL=-0.485, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_TOWRITE=1.05]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AuyYGOO3A92W for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 13:42:00 -0700 (PDT)
Received: from mail-ie0-x22a.google.com (mail-ie0-x22a.google.com [IPv6:2607:f8b0:4001:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 2079211E8278 for <perpass@ietf.org>; Sun, 20 Oct 2013 13:42:00 -0700 (PDT)
Received: by mail-ie0-f170.google.com with SMTP id at1so10238419iec.1 for <perpass@ietf.org>; Sun, 20 Oct 2013 13:41:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9d8LamyahbUse80/utroAsu5Q+ht9seagQrnh4fAdPM=; b=AmlVtu5BpAeQoln/yGrNYn7G/Izd9UQTmjIlBZl5PJV4mP6OiOedwZ8Abgm/x2ta6Y QdqFvFnpCDC2PDE1cL+CElZvU7CfE+Ox0TzP6LxEcw1/VhnbsAh0ZkErYTIVX9s7xXaE kzQkXWsocPQwAu2H34pv8Gx8pXU8UtFR4QcVrCGdHJFxKlmlXpISR6+v/cFAm+36vNrM hRCRONxGaMwzOtFdYCdr4UiClvWaUs8oIf6t5wTPx65NX5Flrw6ATVcSbOXcoftAIhcH PavicDpvXEEvD3siZXPhi9/zDO/13IeKG0RNYiWvsaSCAAOHMQdPVyCUnmqbx9pxf9Ce iZsA==
MIME-Version: 1.0
X-Received: by 10.42.94.208 with SMTP id c16mr8504310icn.18.1382301719623; Sun, 20 Oct 2013 13:41:59 -0700 (PDT)
Received: by 10.42.29.202 with HTTP; Sun, 20 Oct 2013 13:41:59 -0700 (PDT)
In-Reply-To: <3D3E3D53-96C9-4A2E-9751-A088183CFB4B@checkpoint.com>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <3D3E3D53-96C9-4A2E-9751-A088183CFB4B@checkpoint.com>
Date: Sun, 20 Oct 2013 13:41:59 -0700
Message-ID: <CA+9kkMBi_+guP9jTmzOA9x=n5H_PqC-KHEoHO98GiixQ05rAwQ@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: multipart/alternative; boundary=485b397dd1abf880be04e93232a9
Cc: "<perpass@ietf.org>" <perpass@ietf.org>
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 20:42:01 -0000

--485b397dd1abf880be04e93232a9
Content-Type: text/plain; charset=ISO-8859-1

Hi Yoav,

Thanks for reading the draft; some comments in-line.

On Sun, Oct 20, 2013 at 1:47 AM, Yoav Nir <ynir@checkpoint.com> wrote:

>
>  On Oct 20, 2013, at 4:21 AM, Ted Hardie <ted.ietf@gmail.com> wrote:
>
>   Like most folks involved in this list, I have a personal response to
> the current situation and some thoughts on how it will impact my or our
> work in the future.  Since I expect we will pretty short of mic time in
> Vancouver for thoughts like these, I decided to write them out.
>
> http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00
>
>  is the result.  It's quite short but a quick summary is this:
>
> Pervasive monitoring induces self-censoring which harms the Internet and
> its users.  At the scale of the modern Internet, that means it harms
> humanity.
>
> We can and should change our approach to Internet engineering and system
> design to deal with this.  There will be costs for that, but we should pay
> them.
>
> It helps me, personally, to focus on a single user when asking whether a
> system or protocol is appropriate in the current environment.  The draft
> lays out why.
>
>  regards,
>
> Ted Hardie
>
>
>  Hi, Ted
>
>  In your draft, you propose we ask ourselves a question about any
> protocol we design, and that question can be something like "Can a gay kid
> in Uganda use this safely?"
>
>  IMO nothing we do here can yield an unqualified "yes" answer to that
> question. Nothing here relates to public statements such as personal blogs
> or Internet Drafts. Those are obviously public and the authors are
> identified, and the state apparatus can read them just fine, regardless of
> how secure we make them.
>
>
I think we agree that there can be no unqualified "yes"; even if the
protocol and application are secure, there is always the risk of the camera
looking over your shoulder.

But I want to point out something about blogs or similar public statements;
while some systems require real names, not all do.  It's quite possible to
have an online journal or blog that uses a pseudonym and it's actually
relatively easy for that to be an okay outlet for a gay kid worried about
pervasive surveillance.  If that kid connects to largeblogsite.example over
a TLS protected link, the metadata shows the connection, but not the
content.  If largeblogsite has blogs on knitting, agriculture, and custom
cars, there is no signal to those engaged in surveillance that the blogs of
interest are LGBT in nature.  The authentication of largeblogsite.example
within TLS to the user needs to be secure (pinned to a CA, for example, to
avoid MiTM proxies), but there are various ways of making this more trusted
(again, no way to avoid all risk; if the CA is compromised, most bets are
off).

This doesn't gainsay the main point about safety, but it shows how thinking
about a particular user or group of users may actually make the general
privacy considerations more concrete.



>  So there are two kinds of communications that we would seek to protect.
> public statements made anonymously, and private statements made either
> person-to-person or within a small group. You can't avoid any kind of
> monitoring, pervasive or otherwise, without having both encryption and
> authentication. This is regardless of whether the encryption and
> authentication are with the communications peer or with an anonymizer.
> Encryption and authentication with a middlebox (such as using a web-based
> mail service with TLS) is not sufficient, as the privacy of the
> communications depends on both the trustworthiness of the intermediary and
> strength of the authentication that the intermediary performs. I think it
> would be naive to expect an intermediary providing a web service to resist
> the government. So we're left with mandatory mutual authentication.
>
>
> I think this presumes that there is a single government and a single
potential response from a web service.  That may not be valid.  If it is,
and you don't trust a particular service provider,  then mutual
authentication doesn't actually do much for you.  You need confidentiality
among participants without the participation of the service provider.
There are ways to achieve that, but they are not common nor are they
currently deployed at scale.  That may change. That may help with the point
you raise below, that the use of some techniques is currently a signal to
deepen the level of surveillance on an individual; if they become common,
that signal is lost to those who wish to follow those trails.



>
 And that's the issue. We (meaning the people who work on Internet
> infrastructure) have never been able to deploy an identity management
> system good enough that everyone will use it.
>
>  I am not familiar enough with Ugandan politics to know to what extent
> the anti-gay laws are enforced or investigated. Most European countries and
> US states had such laws for decades without the police ever expending any
> resources to catch the criminals. But from what I've read in Wikipedia, the
> human rights situation is pretty grim for gays. So although it's tempting
> to think that using a US-based service like GMail would be safe from the
> local government, I don't think that's good enough to merit an unqualified
> "yes" answer to your question.
>

I agree that it may never be unqualified.  But we can make it stronger.


> The thing about pervasive monitoring, is that even if it was set up to
> catch terrorists, once the system is in place, it's very tempting to use
> the collected information to fight crime.
>
>  If the Ugandan government has decided to investigate a specific person,
> they can big his phone, install spyware on his computer, and follow him
> around. They will find evidence. The best we can do is to make our
> protocols such that pervasive surveillance is impossible. We can only hope,
> that if surveillance resistance is made such that the US government has the
> resources to spy on 10,000 people while Uganda has the resources to spy on
> 9 people (based on the ratio of national budget expenditures), that the
> Ugandan government will not waste its precious 9 "slots" on tracking down
> homosexuals.
>
>  So while I don't think we can make any particular protocol safe for a
> suspect, we can make it so that the average person feels safe enough to
> risk private communications as long as they believe they are "under the
> radar".  Ideally, the steps to reach that goal would be enough to obscure
> the few who do use strong person-to-person authentication.
>
>  But even with strong person-to-person authentication, a gay Ugandan
> would still have to avoid discussing anything that is illegal in Uganda
> with people he's not familiar enough with, for fear they are government
> agents.
>

But can she see the videos of the Trevor Project?  Can he read medical
resources about HIV?   Can we assure throwaway@messageservice.example that
they are really in a chat session with counsellor@pflag.org?

All of those will help.

There can be no online support group helping teenagers, and there can be no
> Internet dating sites. Nothing we do can make that happen.
>
> I appreciate that you have thought so deeply about this particular user;
thank you.  I hope it convinces you that thinking through a specific user
case can help us make concrete the steps we need to take to make our
protocols and systems more usable in the light of pervasive surveillance.

thanks,

Ted



>  Yoav
>
>
>

--485b397dd1abf880be04e93232a9
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hi Yoav,<br><br></div>Thanks for reading the draft; s=
ome comments in-line.<br><div class=3D"gmail_extra"><br>On Sun, Oct 20, 201=
3 at 1:47 AM, Yoav Nir <span dir=3D"ltr">&lt;<a href=3D"mailto:ynir@checkpo=
int.com" target=3D"_blank">ynir@checkpoint.com</a>&gt;</span> wrote:<br>
<div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margi=
n:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex=
">



<div style=3D"word-wrap:break-word"><div><div class=3D"h5">
<br>
<div>
<div>On Oct 20, 2013, at 4:21 AM, Ted Hardie &lt;<a href=3D"mailto:ted.ietf=
@gmail.com" target=3D"_blank">ted.ietf@gmail.com</a>&gt; wrote:</div>
<br>
<blockquote type=3D"cite">
<div dir=3D"ltr">
<div>
<div>Like most folks involved in this list, I have a personal response to t=
he current situation and some thoughts on how it will impact my or our work=
 in the future.=A0 Since I expect we will pretty short of mic time in Vanco=
uver for thoughts like these, I decided
 to write them out.<br>
<br>
<a href=3D"http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00" t=
arget=3D"_blank">http://tools.ietf.org/html/draft-hardie-perpass-touchstone=
-00</a><br>
<br>
</div>
is the result.=A0 It&#39;s quite short but a quick summary is this:<br>
<br>
Pervasive monitoring induces self-censoring which harms the Internet and it=
s users.=A0 At the scale of the modern Internet, that means it harms humani=
ty.<br>
<br>
We can and should change our approach to Internet engineering and system de=
sign to deal with this.=A0 There will be costs for that, but we should pay =
them.<br>
<br>
It helps me, personally, to focus on a single user when asking whether a sy=
stem or protocol is appropriate in the current environment.=A0 The draft la=
ys out why.<br>
<br>
</div>
regards,<br>
<br>
Ted Hardie<br>
</div>
</blockquote>
<br>
</div>
</div></div><div>Hi, Ted</div>
<div><br>
</div>
<div>In your draft, you propose we ask ourselves a question about any proto=
col we design, and that question can be something like &quot;Can a gay kid =
in Uganda use this safely?&quot;</div>
<div><br>
</div>
<div>IMO nothing we do here can yield an unqualified &quot;yes&quot; answer=
 to that question. Nothing here relates to public statements such as person=
al blogs or Internet Drafts. Those are obviously public and the authors are=
 identified, and the state apparatus can read
 them just fine, regardless of how secure we make them.</div>
<div><br></div></div></blockquote><div><br></div><div>I think we agree that=
 there can be no unqualified &quot;yes&quot;; even if the protocol and appl=
ication are secure, there is always the risk of the camera looking over you=
r shoulder.=A0 <br>
<br></div><div>But I want to point out something about blogs or similar pub=
lic statements; while some systems require real names, not all do.=A0 It&#3=
9;s quite possible to have an online journal or blog that uses a pseudonym =
and it&#39;s actually relatively easy for that to be an okay outlet for a g=
ay kid worried about pervasive surveillance.=A0 If that kid connects to lar=
geblogsite.example over a TLS protected link, the metadata shows the connec=
tion, but not the content.=A0 If largeblogsite has blogs on knitting, agric=
ulture, and custom cars, there is no signal to those engaged in surveillanc=
e that the blogs of interest are LGBT in nature.=A0 The authentication of l=
argeblogsite.example within TLS to the user needs to be secure (pinned to a=
 CA, for example, to avoid MiTM proxies), but there are various ways of mak=
ing this more trusted (again, no way to avoid all risk; if the CA is compro=
mised, most bets are off).<br>
<br></div><div>This doesn&#39;t gainsay the main point about safety, but it=
 shows how thinking about a particular user or group of users may actually =
make the general privacy considerations more concrete.<br></div><div><br>
=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8e=
x;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style=3D"wo=
rd-wrap:break-word"><div>
</div>
<div>So there are two kinds of communications that we would seek to protect=
. public statements made anonymously, and private statements made either pe=
rson-to-person or within a small group. You can&#39;t avoid any kind of mon=
itoring, pervasive or otherwise, without
 having both encryption and authentication. This is regardless of whether t=
he encryption and authentication are with the communications peer or with a=
n anonymizer. Encryption and authentication with a middlebox (such as using=
 a web-based mail service with TLS)
 is not sufficient, as the privacy of the communications depends on both th=
e trustworthiness of the intermediary and strength of the authentication th=
at the intermediary performs. I think it would be naive to expect an interm=
ediary providing a web service to
 resist the government. So we&#39;re left with mandatory mutual authenticat=
ion.</div>
<div><br><br></div></div></blockquote><div>I think this presumes that there=
 is a single government and a single potential response from a web service.=
=A0 That may not be valid.=A0 If it is, and you don&#39;t trust a particula=
r service provider,=A0 then mutual authentication doesn&#39;t actually do m=
uch for you.=A0 You need confidentiality among participants without the par=
ticipation of the service provider.=A0=A0=A0 There are ways to achieve that=
, but they are not common nor are they currently deployed at scale.=A0 That=
 may change. That may help with the point you raise below, that the use of =
some techniques is currently a signal to deepen the level of surveillance o=
n an individual; if they become common, that signal is lost to those who wi=
sh to follow those trails.<br>
<br><br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px=
 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style=
=3D"word-wrap:break-word"><div>=A0</div></div></blockquote><blockquote clas=
s=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid r=
gb(204,204,204);padding-left:1ex">
<div style=3D"word-wrap:break-word"><div>
</div>
<div>And that&#39;s the issue. We (meaning the people who work on Internet =
infrastructure) have never been able to deploy an identity management syste=
m good enough that everyone will use it.</div>
<div><br>
</div>
<div>I am not familiar enough with Ugandan politics to know to what extent =
the anti-gay laws are enforced or investigated. Most European countries and=
 US states had such laws for decades without the police ever expending any =
resources to catch the criminals.
 But from what I&#39;ve read in Wikipedia, the human rights situation is pr=
etty grim for gays. So although it&#39;s tempting to think that using a US-=
based service like GMail would be safe from the local government, I don&#39=
;t think that&#39;s good enough to merit an unqualified
 &quot;yes&quot; answer to your question. <br></div></div></blockquote><div=
><br></div><div>I agree that it may never be unqualified.=A0 But we can mak=
e it stronger.<br></div><div>=A0</div><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);paddi=
ng-left:1ex">
<div style=3D"word-wrap:break-word"><div>The thing about pervasive monitori=
ng, is that even if it was set up to catch terrorists, once the system is i=
n place, it&#39;s very tempting to use the collected information to fight c=
rime.</div>

<div><br>
</div>
<div>If the Ugandan government has decided to investigate a specific person=
, they can big his phone, install spyware on his computer, and follow him a=
round. They will find evidence. The best we can do is to make our protocols=
 such that pervasive surveillance
 is impossible. We can only hope, that if surveillance resistance is made s=
uch that the US government has the resources to spy on 10,000 people while =
Uganda has the resources to spy on 9 people (based on the ratio of national=
 budget expenditures), that the
 Ugandan government will not waste its precious 9 &quot;slots&quot; on trac=
king down homosexuals.</div>
<div><br>
</div>
<div>So while I don&#39;t think we can make any particular protocol safe fo=
r a suspect, we can make it so that the average person feels safe enough to=
 risk private communications as long as they believe they are &quot;under t=
he radar&quot;. =A0Ideally, the steps to reach that
 goal would be enough to obscure the few who do use strong person-to-person=
 authentication.=A0</div>
<div><br>
</div>
<div>But even with strong person-to-person authentication, a gay Ugandan wo=
uld still have to avoid discussing anything that is illegal in Uganda with =
people he&#39;s not familiar enough with, for fear they are government agen=
ts.</div>
</div></blockquote><div><br><div>But can she see the videos of the Trevor P=
roject?=A0 Can he read medical resources about HIV?=A0=A0 Can we assure thr=
owaway@messageservice.example that they are really in a chat session with <=
a href=3D"mailto:counsellor@pflag.org">counsellor@pflag.org</a>?<br>
<br></div><div>All of those will help.<br></div><div><br></div></div><block=
quote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1=
px solid rgb(204,204,204);padding-left:1ex"><div style=3D"word-wrap:break-w=
ord">
<div> There can be no online support group
 helping teenagers, and there can be no Internet dating sites. Nothing we d=
o can make that happen.=A0</div><span class=3D""><font color=3D"#888888">
<div><br></div></font></span></div></blockquote>I appreciate that you have =
thought so deeply about this particular user; thank you.=A0 I hope it convi=
nces you that thinking through a specific user case can help us make concre=
te the steps we need to take to make our protocols and systems more usable =
in the light of pervasive surveillance.<br>
<br>thanks,<br><br>Ted<br></div><div class=3D"gmail_quote"><br><div>=A0</di=
v><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;borde=
r-left:1px solid rgb(204,204,204);padding-left:1ex"><div style=3D"word-wrap=
:break-word">
<span class=3D""><font color=3D"#888888"><div>
</div>
<div>Yoav</div>
<div><br>
</div>
<br>
</font></span></div>

</blockquote></div><br></div></div>

--485b397dd1abf880be04e93232a9--

From ted.ietf@gmail.com  Sun Oct 20 13:44:53 2013
Return-Path: <ted.ietf@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82CC211E827B for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 13:44:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.524
X-Spam-Level: 
X-Spam-Status: No, score=-2.524 tagged_above=-999 required=5 tests=[AWL=0.075,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hE0i1XsvaOo9 for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 13:44:52 -0700 (PDT)
Received: from mail-ie0-x233.google.com (mail-ie0-x233.google.com [IPv6:2607:f8b0:4001:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 73CEC11E8443 for <perpass@ietf.org>; Sun, 20 Oct 2013 13:44:51 -0700 (PDT)
Received: by mail-ie0-f179.google.com with SMTP id aq17so10027750iec.38 for <perpass@ietf.org>; Sun, 20 Oct 2013 13:44:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HGsjYVpMfehTCaxrChBAvl1DL++6a1qO8tpKxl9EWZw=; b=cN0csjWFkq1Hz05z1h3Q4lZgIQGd86mwqRbblvaukZqYw98fum6h7GDk/bwJ/mSYxr TWqQhfHQ4777OPcHAHQ2hdYQjk8NQPSz0K8/XO53THnYSOmCT21603gAxr7XXIgJ0uvF uFlX5WIXLhgdtblRCfjCxptttI11PkPHmKhdpa56D96wIIVLyF82CWOmRlwqK9CXJtj+ K+u53QFfh3uxQTbJ1uLGACU9P1ju2+kqp0fgwbPyRCWVTchZUpoLrOEw6QoeBzTh1DOK Et9HMTHItB39iOJfJsQW+CG5B++q/E3LxbmRrNvdCDCuieouJF2fKGDqUuMIdfbG2Q9j oqCw==
MIME-Version: 1.0
X-Received: by 10.43.132.66 with SMTP id ht2mr8335058icc.26.1382301891000; Sun, 20 Oct 2013 13:44:51 -0700 (PDT)
Received: by 10.42.29.202 with HTTP; Sun, 20 Oct 2013 13:44:50 -0700 (PDT)
In-Reply-To: <5263CF15.6020407@gmail.com>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <3D3E3D53-96C9-4A2E-9751-A088183CFB4B@checkpoint.com> <11AC03FC-E1A1-4533-8CDF-EB64E466F4B2@checkpoint.com> <5263CF15.6020407@gmail.com>
Date: Sun, 20 Oct 2013 13:44:50 -0700
Message-ID: <CA+9kkMAaoV7ECf3RsDEAj-LzLD03wgB7hMTBVna3k74qJtmnuQ@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: rutkowski.tony@gmail.com
Content-Type: multipart/alternative; boundary=20cf307f31fe2f8b4404e9323d2a
Cc: "<perpass@ietf.org>" <perpass@ietf.org>, Yoav Nir <ynir@checkpoint.com>
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 20:44:53 -0000

--20cf307f31fe2f8b4404e9323d2a
Content-Type: text/plain; charset=ISO-8859-1

On Sun, Oct 20, 2013 at 5:39 AM, Tony Rutkowski <rutkowski.tony@gmail.com>wrote:

> Reality check.
>
> That is assuming the "average person" or the providers
> of services to such persons, cares enough to do anything.
> If the past ten years have demonstrated anything, the
> average person and provider do not care.  Indeed,
> conversely, they will be concerned about cost,
> performance, ease of use,  and attractive feature sets.
>
>
I think we are increasingly aware of folks who do care; journalists, for
example, are pretty sensitized at the moment to these issues.



> Only the non-average will care in the following order:
> governments (mostly), companies communicating
> sensitive information, criminals and terrorists, and
> a few super-paranoid.
>
> The latest traitor-theft incident has principally
> accomplished: 1) a significant shift of resources
> by almost all the other governments to scale up
> their ability to do better pervasive surveillance,
> 2) the significant scaling of surveillance and
> analysis vendors to sell into the expanding
> government and commercial markets, 3) the
> shift of criminals and terrorists to more secure
> communication, and 4) a degree of largely self
> serving flailing around for exploitation purposes
> by politicians and lobbying groups.  Perpass falls
> into the noise,


I think you and I disagree pretty fundamentally on this topic.  I think our
work can be signal that rises above the noise.  It's up to us to determine
whether or not we'll spend our efforts boosting the signal or not.

Ted Hardie




> except for generating new ideas
> for the above actors.  It is called the law of
> unintended consequences. :-)
>


> -t
>
>
> On 2013-10-20 5:28 AM, Yoav Nir wrote:
>
>> So while I don't think we can make any particular protocol safe for a
>> suspect, we can make it so that the average person feels safe enough to
>> risk private communications as long as they believe they are "under the
>> radar".  Ideally, the steps to reach that goal would be enough to obscure
>> the few who do use strong person-to-person authentication.
>>
>>
>

--20cf307f31fe2f8b4404e9323d2a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Sun, Oct 20, 2013 at 5:39 AM, Tony Rutkowski <span dir=
=3D"ltr">&lt;<a href=3D"mailto:rutkowski.tony@gmail.com" target=3D"_blank">=
rutkowski.tony@gmail.com</a>&gt;</span> wrote:<br><div class=3D"gmail_extra=
"><div class=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Reality check.<br>
<br>
That is assuming the &quot;average person&quot; or the providers<br>
of services to such persons, cares enough to do anything.<br>
If the past ten years have demonstrated anything, the<br>
average person and provider do not care. =A0Indeed,<br>
conversely, they will be concerned about cost,<br>
performance, ease of use, =A0and attractive feature sets.<br>
<br></blockquote><div><br></div><div>I think we are increasingly aware of f=
olks who do care; journalists, for example, are pretty sensitized at the mo=
ment to these issues.<br></div><div><br>=A0</div><blockquote class=3D"gmail=
_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:=
1ex">

Only the non-average will care in the following order:<br>
governments (mostly), companies communicating<br>
sensitive information, criminals and terrorists, and<br>
a few super-paranoid.<br>
<br>
The latest traitor-theft incident has principally<br>
accomplished: 1) a significant shift of resources<br>
by almost all the other governments to scale up<br>
their ability to do better pervasive surveillance,<br>
2) the significant scaling of surveillance and<br>
analysis vendors to sell into the expanding<br>
government and commercial markets, 3) the<br>
shift of criminals and terrorists to more secure<br>
communication, and 4) a degree of largely self<br>
serving flailing around for exploitation purposes<br>
by politicians and lobbying groups. =A0Perpass falls<br>
into the noise, </blockquote><div><br></div><div>I think you and I disagree=
 pretty fundamentally on this topic.=A0 I think our work can be signal that=
 rises above the noise.=A0 It&#39;s up to us to determine whether or not we=
&#39;ll spend our efforts boosting the signal or not.=A0 <br>
<br></div><div>Ted Hardie <br></div><div><br><br>=A0</div><blockquote class=
=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=
ing-left:1ex">except for generating new ideas<br>
for the above actors. =A0It is called the law of<br>
unintended consequences. :-)<span class=3D"HOEnZb"><font color=3D"#888888">=
<br></font></span></blockquote><div>=A0</div><blockquote class=3D"gmail_quo=
te" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"=
><span class=3D"HOEnZb"><font color=3D"#888888">
-t</font></span><div class=3D"HOEnZb"><div class=3D"h5"><br>
<br>
On 2013-10-20 5:28 AM, Yoav Nir wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
So while I don&#39;t think we can make any particular protocol safe for a s=
uspect, we can make it so that the average person feels safe enough to risk=
 private communications as long as they believe they are &quot;under the ra=
dar&quot;. =A0Ideally, the steps to reach that goal would be enough to obsc=
ure the few who do use strong person-to-person authentication.<br>

<br>
</blockquote>
<br>
</div></div></blockquote></div><br></div></div>

--20cf307f31fe2f8b4404e9323d2a--

From stephen.farrell@cs.tcd.ie  Sun Oct 20 13:59:27 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD3A711E843A for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 13:59:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.074
X-Spam-Level: 
X-Spam-Status: No, score=-102.074 tagged_above=-999 required=5 tests=[AWL=-0.525, BAYES_00=-2.599, SARE_TOWRITE=1.05, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cNFr-t5X0het for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 13:59:23 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 11D3511E8281 for <perpass@ietf.org>; Sun, 20 Oct 2013 13:59:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B4D0EBE55; Sun, 20 Oct 2013 21:59:19 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tjbV0UD+6eXC; Sun, 20 Oct 2013 21:59:15 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.41.48.206]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C67D5BE50; Sun, 20 Oct 2013 21:59:15 +0100 (IST)
Message-ID: <52644423.1090800@cs.tcd.ie>
Date: Sun, 20 Oct 2013 21:59:15 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Ted Hardie <ted.ietf@gmail.com>, perpass@ietf.org
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
In-Reply-To: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 20:59:28 -0000

Hi Ted,

Thanks for the draft. As you might guess from earlier discussion
on here, I think the more-than-MTI approach espoused is maybe the
right one, if we can figure out how to state the requirement well.
Have you any ideas on that, or on how we could get towards a
situation where that gained consensus?

I've a similar question wrt how to "consider more carefully and
more consistently the effects of information leakage by DNS and
other infrastructure" - any ideas how an effort in that direction
could usefully be structured?

Ta,
S.

On 10/20/2013 02:21 AM, Ted Hardie wrote:
> Like most folks involved in this list, I have a personal response to the
> current situation and some thoughts on how it will impact my or our work in
> the future.  Since I expect we will pretty short of mic time in Vancouver
> for thoughts like these, I decided to write them out.
> 
> http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00
> 
> is the result.  It's quite short but a quick summary is this:
> 
> Pervasive monitoring induces self-censoring which harms the Internet and
> its users.  At the scale of the modern Internet, that means it harms
> humanity.
> 
> We can and should change our approach to Internet engineering and system
> design to deal with this.  There will be costs for that, but we should pay
> them.
> 
> It helps me, personally, to focus on a single user when asking whether a
> system or protocol is appropriate in the current environment.  The draft
> lays out why.
> 
> regards,
> 
> Ted Hardie
> 
> 
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 

From hallam@gmail.com  Sun Oct 20 14:16:32 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5978D11E8449 for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 14:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.21
X-Spam-Level: 
X-Spam-Status: No, score=-2.21 tagged_above=-999 required=5 tests=[AWL=-0.211,  BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_21=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yflaZgSbP-kk for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 14:16:31 -0700 (PDT)
Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) by ietfa.amsl.com (Postfix) with ESMTP id 1878F11E8452 for <perpass@ietf.org>; Sun, 20 Oct 2013 14:16:26 -0700 (PDT)
Received: by mail-lb0-f178.google.com with SMTP id o14so737554lbi.9 for <perpass@ietf.org>; Sun, 20 Oct 2013 14:16:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=DFfa7aN5/r64NCvW+SL02TwWGERQDuITYaPY0ll1wzg=; b=NXubZvCVi6zkyj4Ja6VGq6fAyx2zsLXNrAb0FVeXzuYElvQZ5kRb1aFntjpI7oqToD TiNbmNii3RaNv5xeyXLle/AjzUb45l66HMhpN6eEcfn8ROTkzqSE7bWJ3igjRbayfGEy GsuboqTmCoX0lLVO318dM3TXrtxhOVC7m9J7tt/v0Xqr0mxwcUDzUuwsCRcIvoc7gvhp kJSfjsWOBxqjWvcxVwdfVMXGaZzxHFAIKEgZL2+rkc3aUT62DnomNuTUC4crpaFhvfvM OjV7SvK8FWzV/2Gx1/TnzmuXUKqTLmzJv3RNWxghogWuORQQWIxJwC7JlVJF4g6UYsKM Qbww==
MIME-Version: 1.0
X-Received: by 10.112.14.3 with SMTP id l3mr9727316lbc.27.1382303785818; Sun, 20 Oct 2013 14:16:25 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Sun, 20 Oct 2013 14:16:25 -0700 (PDT)
In-Reply-To: <20131020172006.GC23798@thunk.org>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <3D3E3D53-96C9-4A2E-9751-A088183CFB4B@checkpoint.com> <11AC03FC-E1A1-4533-8CDF-EB64E466F4B2@checkpoint.com> <5263CF15.6020407@gmail.com> <20131020172006.GC23798@thunk.org>
Date: Sun, 20 Oct 2013 17:16:25 -0400
Message-ID: <CAMm+LwjURRgU=QzvGdaGKeU2nAcR4TdRoEr=UrWkOGGrFDHJBQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "Theodore Ts'o" <tytso@mit.edu>
Content-Type: multipart/alternative; boundary=001a11c37a08201ffd04e932ae1c
Cc: Ted Hardie <ted.ietf@gmail.com>, Yoav Nir <ynir@checkpoint.com>, "<perpass@ietf.org>" <perpass@ietf.org>, Tony Rutkowski <rutkowski.tony@gmail.com>
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 21:16:32 -0000

--001a11c37a08201ffd04e932ae1c
Content-Type: text/plain; charset=ISO-8859-1

On Sun, Oct 20, 2013 at 1:20 PM, Theodore Ts'o <tytso@mit.edu> wrote:

> On Sun, Oct 20, 2013 at 08:39:49AM -0400, Tony Rutkowski wrote:
> >
> > That is assuming the "average person" or the providers
> > of services to such persons, cares enough to do anything.
> > If the past ten years have demonstrated anything, the
> > average person and provider do not care.  Indeed,
> > conversely, they will be concerned about cost,
> > performance, ease of use,  and attractive feature sets.
>
> As they say, past results is not necessarily indicative of future
> performance.
>

It occurred to me the other day that many security mechanisms suffer from
the same problem as a Ponzi scheme: Bernie Madoff's investment fund never
missed a payment till the day it collapsed and all the money was gone.

Which is why I don't like arguments based on probability because the
probability you will be paid in full in a Ponzi scheme is 100% right up to
the day that they close their doors at which point the probability drops to
0%.


There are ways round this problem however. What I am doing at the moment is
to look at measures of the work factor that take into account things like
the time the effort is required, the monetary costs, the personnel etc.

--001a11c37a08201ffd04e932ae1c
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Sun, Oct 20, 2013 at 1:20 PM, Theodore Ts&#39;o <span d=
ir=3D"ltr">&lt;<a href=3D"mailto:tytso@mit.edu" target=3D"_blank">tytso@mit=
.edu</a>&gt;</span> wrote:<br><div class=3D"gmail_extra"><div class=3D"gmai=
l_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On Sun, Oct 20, 2013 at 08=
:39:49AM -0400, Tony Rutkowski wrote:<br>
&gt;<br>
&gt; That is assuming the &quot;average person&quot; or the providers<br>
&gt; of services to such persons, cares enough to do anything.<br>
&gt; If the past ten years have demonstrated anything, the<br>
&gt; average person and provider do not care. =A0Indeed,<br>
&gt; conversely, they will be concerned about cost,<br>
&gt; performance, ease of use, =A0and attractive feature sets.<br>
<br>
</div>As they say, past results is not necessarily indicative of future<br>
performance.<br></blockquote><div><br></div><div>It occurred to me the othe=
r day that many security mechanisms suffer from the same problem as a Ponzi=
 scheme: Bernie Madoff&#39;s investment fund never missed a payment till th=
e day it collapsed and all the money was gone.</div>
<div><br></div><div>Which is why I don&#39;t like arguments based on probab=
ility because the probability you will be paid in full in a Ponzi scheme is=
 100% right up to the day that they close their doors at which point the pr=
obability drops to 0%.</div>
<div><br></div><div><br></div><div>There are ways round this problem howeve=
r. What I am doing at the moment is to look at measures of the work factor =
that take into account things like the time the effort is required, the mon=
etary costs, the personnel etc.=A0</div>
<div><br></div><div><br></div></div>
</div></div>

--001a11c37a08201ffd04e932ae1c--

From derhoermi@gmx.net  Sun Oct 20 14:32:09 2013
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC0F211E8290 for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 14:32:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K4fENyyfvP0n for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 14:32:04 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by ietfa.amsl.com (Postfix) with ESMTP id 15D2D11E828C for <perpass@ietf.org>; Sun, 20 Oct 2013 14:32:04 -0700 (PDT)
Received: from netb.Speedport_W_700V ([84.180.230.25]) by mail.gmx.com (mrgmx103) with ESMTPA (Nemesis) id 0Lskr7-1VjNMZ34rR-012HyO for <perpass@ietf.org>; Sun, 20 Oct 2013 23:32:03 +0200
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Ted Hardie <ted.ietf@gmail.com>
Date: Sun, 20 Oct 2013 23:32:02 +0200
Message-ID: <qlg869d4s2c29ebfdg5q88771g3461m2c8@hive.bjoern.hoehrmann.de>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <3D3E3D53-96C9-4A2E-9751-A088183CFB4B@checkpoint.com> <CA+9kkMBi_+guP9jTmzOA9x=n5H_PqC-KHEoHO98GiixQ05rAwQ@mail.gmail.com>
In-Reply-To: <CA+9kkMBi_+guP9jTmzOA9x=n5H_PqC-KHEoHO98GiixQ05rAwQ@mail.gmail.com>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:Kc8vpUk1YhotY3TCZS54VYIpfymePzxLN/e7yKr1L6NfEB5Qzoe IakrBxb2j9Dr8dPMqYpz+1ZG1vdgEqCQEotXzERmt8wZdxE7nLh94gVMveu+a9RVz7TcvCr hPTvrRuU2e/6KOZygmWJC99qf/gOBiP9z7eIndG3cDREAQzv+MviKp8wBbyG/T/vpq962rZ dbFnhHjKgcj156bAYEZ/w==
Cc: "<perpass@ietf.org>" <perpass@ietf.org>
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 21:32:09 -0000

* Ted Hardie wrote:
>But I want to point out something about blogs or similar public statements;
>while some systems require real names, not all do.  It's quite possible to
>have an online journal or blog that uses a pseudonym and it's actually
>relatively easy for that to be an okay outlet for a gay kid worried about
>pervasive surveillance.  If that kid connects to largeblogsite.example over
>a TLS protected link, the metadata shows the connection, but not the
>content.  If largeblogsite has blogs on knitting, agriculture, and custom
>cars, there is no signal to those engaged in surveillance that the blogs of
>interest are LGBT in nature.

I was under the impression that TLS as currently deployed would still
let an attacker know roughly when and how many bytes are exchanged and
if the blogs are reasonably static and public that should be enough to
reconstruct which are being read, especially if you can capture repeat
visits (the knitting blog might feature small vector graphics with
knitting patterns, and the custom cars blog might have large photos,
so if the user downloads a lot, custom cars are much more likely).

(And in practise there are many more problems, like the blogs might be
on different hostnames and the DNS lookup gives you away, or they might
load resources from third-party hosts, so you can tell blogs that have
some video from a popular video site on them from those that have not,
simply from the client connecting to the video service after loading up
whatever blog they are interested in, and so on.)
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

From doug.mtview@gmail.com  Sun Oct 20 15:46:04 2013
Return-Path: <doug.mtview@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C80F911E8299 for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 15:46:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.157
X-Spam-Level: 
X-Spam-Status: No, score=-2.157 tagged_above=-999 required=5 tests=[AWL=-0.443, BAYES_00=-2.599, HTML_FONT_FACE_BAD=0.884, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ufe7o7GsSMsI for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 15:46:03 -0700 (PDT)
Received: from mail-pd0-x234.google.com (mail-pd0-x234.google.com [IPv6:2607:f8b0:400e:c02::234]) by ietfa.amsl.com (Postfix) with ESMTP id AC01B11E80DC for <perpass@ietf.org>; Sun, 20 Oct 2013 15:46:03 -0700 (PDT)
Received: by mail-pd0-f180.google.com with SMTP id p10so4499284pdj.39 for <perpass@ietf.org>; Sun, 20 Oct 2013 15:46:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=vxF2IGKZyikFGDS3hO7gjorPa+41gWfZfNR08Ktt6F4=; b=ExpS6P9DiofCCVzJWc0eCJDyFcvBDfA2MbhPTBrWf8sUjVOL7Jmg2PgtQOWWh3rcz8 ZSeFfxdLhXRLw3ipFpfd7ZBqn1oC5dZz3791CmqJVyyv5z0GUg/AvZrwl439lZHW2ySV pWxeTVawTbAt/88RYkdMtBnx0/e8c7/bgaTpxEzTfFYrlDc6dF6u4DVVaIwcTmSIb7TV QSjWnCbihvELGiqnlUF3YHuNIyczBJLb12TUpjqtxIOQ6Mi2VgCKnzUbJYlU8KTQ2J5A dc+ye9x5BMD8+375M7nMa0q2ew1PjMckFuLlGoJMM1FORPX+VaEl+Q1iiL4wU8gsgm0N ZhNQ==
X-Received: by 10.68.14.200 with SMTP id r8mr14574458pbc.52.1382309162182; Sun, 20 Oct 2013 15:46:02 -0700 (PDT)
Received: from [192.168.2.110] (c-24-6-103-174.hsd1.ca.comcast.net. [24.6.103.174]) by mx.google.com with ESMTPSA id tu6sm16643066pbc.41.2013.10.20.15.45.59 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 20 Oct 2013 15:46:01 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_27ACF02C-0076-427B-BB77-2389CA2CD4AE"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <01OZRSRZURME00004R@mauve.mrochek.com>
Date: Sun, 20 Oct 2013 15:45:58 -0700
Message-Id: <B45B8338-B7D0-4651-A734-E2003DC379CF@gmail.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie> <01OZOV9PPNIU00004R@mauve.mrochek.com> <DE130FF7-92C3-41FA-87B0-D7E48288F5A0@gmail.com> <01OZRSRZURME00004R@mauve.mrochek.com>
To: Ned Freed <ned.freed@mrochek.com>
X-Mailer: Apple Mail (2.1510)
Cc: ned+perpass@mrochek.com, perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 22:46:04 -0000

--Apple-Mail=_27ACF02C-0076-427B-BB77-2389CA2CD4AE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1

Dear Ned,

Good questions. See comments inline.

On Oct 19, 2013, at 2:48 PM, Ned Freed <ned.freed@mrochek.com> wrote:

>>> You're still not answering the question, at least directly, and I =
really want a
>>> direct answer. More expensive for whom? The vast majority of current =
and likely
>>> future email users, who seem perfectly happy to use the service =
offerings of
>>> large ISPs and MSPs? If so, then any proposal you come up with needs =
to done in
>>> a way that persuades those providers that making changes to their =
service
>>> offerings is the right thing for them to do.
>=20
>> Dear Ned,
>=20
>> Improving the efficiency of email acceptance might be this incentive. =
 As
>> IPv6 becomes pervasive, an authenticated domain source as a basis is =
likely to
>> be more sustainable over time.  Establishing expectations that =
StartTLS
>> confirms both server and client certificates affords improved =
transactional
>> protection from spoofing or reputation poisoning, especially with the
>> transparency and economy afforded by DANE for protection from simple
>> monitoring, malicious spoofing, and reputation poisoning.  Providers =
will need
>> to be trustworthy and may need to reside in specific geopolitical =
regions
>> willing to ensure such protections.
>=20
> I must be missing something here, because I don't see how what we've =
been
> discussing - preventing pervasive surveilance in general and mandating
> SSL/TLS on more connections in particular - has anything to do with =
email
> acceptance.

This is achieved by StartTLS exchanging BOTH client and server =
certificates.  While indeed security concerns are normally related with =
destinations of account access over web, IMAP, and POP where the client =
is authenticated using other means, it is important not to overlook the =
lack of privacy protection afforded plaintext exchanges over SMTP.  =
Internet exchange in plaintext is exposed to undetectable surveillance =
not requiring any provider cooperation.  Deprecating use of plaintext =
exchange for what should be considered "private" user-to-user =
communications would force governments and providers to use expressed =
policies.  Any plaintext exchange should be considered "public" =
especially when warrantless wiretapping has become the norm since 2007 =
with legal clarifications suggesting "information gathering" is not =
"electronic surveillance".  This can lead to Orwellian concerns of "self =
censorship" through various forms of suppression and ostracism.

Private exchanges should be able to use encryption as the prevalent mode =
for all exchanges.  With SMTP, encrypted exchanges immediately confront =
a lack of source authentication necessary to defend the service from =
pervasive abuse.  With IPv4, a lack of source authentication is =
supplanted by reliance on the IP address as a basis for acceptance.  =
This practice has many drawbacks such as preventing the effective use of =
IPv6 that could be remedied by validating the client certificate used in =
what would have been a plaintext port 25 exchange and its related loss =
of privacy.

>> Multiple keying of encrypted data where each key subset resides in =
different
>> geopolitical regions might be a way to increase trust, but this is =
not
>> off-the-shelf crypto which you state as a requirement.
>=20
> The security of IMAP and similar mailbox manipulation protocols seems=20=

> entirely divorced from what you're talking about.

Almost.  There are some delivery schemes that do not depend upon privacy =
protections afforded by the infrastructure.  For example, Trend acquired =
an identify based keying product developed by the University of Bristol =
back in 2002.  Here is a white paper created by the Enterprise Strategy =
Group.
=
http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_t=
rue-costs-of-email-encryption_analyst-esg.pdf

It uses Identity Base Encryption (IBE) a derivative of PKI, but with =
simple identity attributes.  Rather than depending on CAs, Central Trust =
Authority (CTA) is used instead.  Because destination addresses decode =
the symmetric key, only that portion of the message is uniquely =
encrypted.  This allows one image to be sent to several destinations =
where only those intended to see the message are able to decrypt.  This =
approach allows enterprises a means to inspect for data leaks to comply =
with governmental requirements not practical with S/MIME or OpenPGP =
unless key management and encryption has been centralized.  As such, =
this means a portion of the message path could be exposed.  After =
speaking with the developer of this technology, one of the features =
envisioned from this approach was to require the use of multiple CTAs =
each located in different geo-political regions to prevent any =
unilateral governmental action defeating message privacy.

If there is any interest in this technology, perhaps I could then =
request my management share its terms and conditions and more of the =
underlying details.

Regards,
Douglas Otis





--Apple-Mail=_27ACF02C-0076-427B-BB77-2389CA2CD4AE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=iso-8859-1

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; ">Dear =
Ned,<div><br></div><div>Good questions. See comments =
inline.</div><div><br></div><div>On Oct 19, 2013, at 2:48 PM, Ned Freed =
&lt;<a href=3D"mailto:ned.freed@mrochek.com">ned.freed@mrochek.com</a>&gt;=
 wrote:<br><br><blockquote type=3D"cite"><blockquote type=3D"cite" =
style=3D"font-family: Helvetica; font-size: medium; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; =
"><blockquote type=3D"cite">You're still not answering the question, at =
least directly, and I really want a<br>direct answer. More expensive for =
whom? The vast majority of current and likely<br>future email users, who =
seem perfectly happy to use the service offerings of<br>large ISPs and =
MSPs? If so, then any proposal you come up with needs to done in<br>a =
way that persuades those providers that making changes to their =
service<br>offerings is the right thing for them to =
do.<br></blockquote></blockquote><br><blockquote type=3D"cite" =
style=3D"font-family: Helvetica; font-size: medium; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; =
">Dear Ned,<br></blockquote><br><blockquote type=3D"cite" =
style=3D"font-family: Helvetica; font-size: medium; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; =
">Improving the efficiency of email acceptance might be this incentive. =
&nbsp;As<br>IPv6 becomes pervasive, an authenticated domain source as a =
basis is likely to<br>be more sustainable over time. &nbsp;Establishing =
expectations that StartTLS<br>confirms both server and client =
certificates affords improved transactional<br>protection from spoofing =
or reputation poisoning, especially with the<br>transparency and economy =
afforded by DANE for protection from simple<br>monitoring, malicious =
spoofing, and reputation poisoning. &nbsp;Providers will need<br>to be =
trustworthy and may need to reside in specific geopolitical =
regions<br>willing to ensure such protections.<br></blockquote><br>I =
must be missing something here, because I don't see how what we've =
been<br>discussing - preventing pervasive surveilance in general and =
mandating<br>SSL/TLS on more connections in particular - has anything to =
do with email<br>acceptance.<br></blockquote><div><br></div><span =
style=3D"font-family: CMR9; ">This is achieved by StartTLS exchanging =
BOTH client and server certificates. &nbsp;While indeed security =
concerns are normally related with destinations of account access over =
web, IMAP, and POP where the client is authenticated using other means, =
it is important </span><span style=3D"font-family: CMR9; ">not to =
overlook the lack of privacy protection afforded plaintext exchanges =
over SMTP. &nbsp;</span>Internet exchange in plaintext is exposed to =
undetectable surveillance not requiring any provider cooperation. =
&nbsp;Deprecating use of plaintext exchange for what should be =
considered "private" user-to-user communications would <span =
style=3D"font-family: CMR9; ">force governments and providers to use =
expressed policies. &nbsp;A</span>ny plaintext exchange should be =
considered "public" especially when warrantless wiretapping has become =
the norm since 2007&nbsp;with legal clarifications suggesting =
"information gathering" is not "electronic surveillance". &nbsp;This can =
lead to&nbsp;Orwellian concerns of "self censorship" through various =
forms of suppression and ostracism.<div><font face=3D"CMR9" =
size=3D"3"><br></font></div><div><font face=3D"CMR9" size=3D"3">Private =
exchanges should be able to use encryption as the prevalent mode for all =
exchanges. &nbsp;With SMTP, encrypted exchanges&nbsp;</font><font =
face=3D"CMR9">immediately</font><font face=3D"CMR9" =
size=3D"3">&nbsp;confront a lack of source authentication necessary to =
defend the service from pervasive abuse. &nbsp;</font><font =
face=3D"CMR9">With IPv4, a lack of source authentication is supplanted =
by reliance on the IP address as a basis for acceptance. &nbsp;This =
practice has many drawbacks such as preventing the effective use of IPv6 =
that could be remedied by validating the client certificate used in what =
would have been a plaintext port 25 exchange and its related loss of =
privacy.</font></div><div><br></div><blockquote type=3D"cite"><blockquote =
type=3D"cite" style=3D"font-family: Helvetica; font-size: medium; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: 2; text-align: =
-webkit-auto; text-indent: 0px; text-transform: none; white-space: =
normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; =
-webkit-text-stroke-width: 0px; ">Multiple keying of encrypted data =
where each key subset resides in different<br>geopolitical regions might =
be a way to increase trust, but this is not<br>off-the-shelf crypto =
which you state as a requirement.<br></blockquote><br>The security of =
IMAP and similar mailbox manipulation protocols seems&nbsp;<br>entirely =
divorced from what you're talking =
about.<br></blockquote><div><br></div><div>Almost. &nbsp;There are some =
delivery schemes that do not depend upon privacy protections afforded by =
the infrastructure. &nbsp;For example, Trend acquired an identify based =
keying product developed by the University of Bristol back in 2002. =
&nbsp;Here is a white paper created by the Enterprise Strategy =
Group.</div><div><a =
href=3D"http://www.trendmicro.com/cloud-content/us/pdfs/business/white-pap=
ers/wp_true-costs-of-email-encryption_analyst-esg.pdf">http://www.trendmic=
ro.com/cloud-content/us/pdfs/business/white-papers/wp_true-costs-of-email-=
encryption_analyst-esg.pdf</a></div><div><br></div><div>It uses Identity =
Base Encryption (IBE) a derivative of PKI, but with simple identity =
attributes. &nbsp;Rather than depending on CAs, Central Trust Authority =
(CTA) is used instead. &nbsp;Because destination addresses decode the =
symmetric key, only that portion of the message is uniquely encrypted. =
&nbsp;This allows one image to be sent to several destinations where =
only those intended to see the message are able to decrypt. &nbsp;This =
approach allows enterprises a means to inspect for data leaks to comply =
with governmental requirements not practical with S/MIME or OpenPGP =
unless key management and encryption has been centralized. &nbsp;As =
such, this means a portion of the message path could be exposed. =
&nbsp;After speaking with the developer of this technology, one of the =
features envisioned from this approach was to require the use of =
multiple CTAs each located in different geo-political regions to prevent =
any unilateral governmental action defeating message =
privacy.</div><div><br></div><div>If there is any interest in this =
technology, perhaps I could then request my management share its terms =
and conditions and more of the underlying =
details.</div><div><br></div><div>Regards,</div><div>Douglas =
Otis</div><div><br></div><div><br></div><div><br><br></div></div></body></=
html>=

--Apple-Mail=_27ACF02C-0076-427B-BB77-2389CA2CD4AE--

From fluffy@iii.ca  Sun Oct 20 15:57:05 2013
Return-Path: <fluffy@iii.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E951B11E80DC for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 15:57:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level: 
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[AWL=-0.100, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K1NukaZVfzYN for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 15:56:59 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by ietfa.amsl.com (Postfix) with ESMTP id 4D83011E828C for <perpass@ietf.org>; Sun, 20 Oct 2013 15:56:54 -0700 (PDT)
Received: from sjc-vpn7-1401.cisco.com (unknown [128.107.239.233]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 64F5322E1F3 for <perpass@ietf.org>; Sun, 20 Oct 2013 18:56:43 -0400 (EDT)
From: Cullen Jennings <fluffy@iii.ca>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <7A3480BE-9791-4B80-B5B7-6B07F9F68E48@iii.ca>
Date: Sun, 20 Oct 2013 18:58:30 -0400
To: perpass@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
X-Mailer: Apple Mail (2.1510)
Subject: [perpass] Few things the IETF might standardize for secure collaboration
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2013 22:57:05 -0000

I've been thinking about how to build cloud collaborations systems where =
the data is encrypted and the cloud does not have the keys. Very =
interested in hearing others thoughts on how to do this.=20

Near the end is a list of things that it would be helpful if the IETF =
standardized.=20

http://www.ietf.org/id/draft-jennings-perpass-secure-rai-cloud-00.pdf

Cullen


From lear@cisco.com  Sun Oct 20 23:38:37 2013
Return-Path: <lear@cisco.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B41711E84CC for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 23:38:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.531
X-Spam-Level: 
X-Spam-Status: No, score=-110.531 tagged_above=-999 required=5 tests=[AWL=0.068, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kOrKFKIlimzK for <perpass@ietfa.amsl.com>; Sun, 20 Oct 2013 23:38:28 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by ietfa.amsl.com (Postfix) with ESMTP id 265BC11E8358 for <perpass@ietf.org>; Sun, 20 Oct 2013 23:38:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=732; q=dns/txt; s=iport; t=1382337507; x=1383547107; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=5xPOyJkoQwsiLyKFW3ODe6HO9Bv6qxGrf6Geo5h7fPI=; b=E0qe6VL+xJ43mEeaII9GwJ8NjKbcglyP66kFQzhaH4GER6fbqtk0E87n lxtilLDR4Pdt+nMnK7jBCVWyrgplVEpNhvPAPhaj28J/0w9D2HIvpKhCZ RRmtKQnTjydCNoWmX/grOifyimGIBGku+7+2NCdDnmugHTPVSWTNj2Qd9 Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjEFAOPKZFKQ/khL/2dsb2JhbABYgweENrp6CoEnFnSCJQEBAQMBI1YFCwsaAgUhAgIPAiwaBg0BBwEBh3wGrBeSA4EpjjMHgmqBPwOYCZIHgyY6
X-IronPort-AV: E=Sophos;i="4.93,537,1378857600"; d="scan'208";a="160843267"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-1.cisco.com with ESMTP; 21 Oct 2013 06:38:25 +0000
Received: from mctiny.local ([10.61.223.17]) by ams-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r9L6cLaK018985 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 21 Oct 2013 06:38:23 GMT
Message-ID: <5264CBDD.70806@cisco.com>
Date: Mon, 21 Oct 2013 08:38:21 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie>	<525C2C44.2070404@bbn.com>	<525C8130.2000606@cs.tcd.ie>	<525D183E.7000200@cs.tcd.ie>	<01OZM7M57NWK00004R@mauve.mrochek.com>	<525DDE3D.6020500@cs.tcd.ie>	<01OZOV9PPNIU00004R@mauve.mrochek.com>	<52605C61.5080507@cs.tcd.ie> <01OZQ6BPCLOG00004R@mauve.mrochek.com> <5261A67A.1090109@cs.tcd.ie>
In-Reply-To: <5261A67A.1090109@cs.tcd.ie>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 06:38:37 -0000

Stephen wrote:

> I think the path forward is more like making opportunistic
> security mechanisms (in particular confidentiality) more-than-MTI
> in a way that builds in some security (against passive attacks)
> as an inherent feature of new protocols, but also results in
> a far easier transition from there to fully authenticated,
> compared to the massive gap between cleartext and fully
> authenticated.

Teasing out OE from other potential tasks is a good thing; of that I'm
convinced.  Whether it's more than MTI *or even MTI* depends on what
recommendations can be made regarding how to do it.  A draft there would
be most welcome (I've heard that some are thinking about doing something
with OTR).

Eliot

From rutkowski.tony@gmail.com  Mon Oct 21 03:16:03 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 444C011E838A for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 03:16:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level: 
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=0.500,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q5N68w4AZq8S for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 03:15:54 -0700 (PDT)
Received: from mail-gg0-f181.google.com (mail-gg0-f181.google.com [209.85.161.181]) by ietfa.amsl.com (Postfix) with ESMTP id 922E311E8390 for <perpass@ietf.org>; Mon, 21 Oct 2013 03:15:13 -0700 (PDT)
Received: by mail-gg0-f181.google.com with SMTP id i2so1540906ggn.12 for <perpass@ietf.org>; Mon, 21 Oct 2013 03:14:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:subject:message-id:from:to:cc:mime-version:content-type :content-transfer-encoding; bh=aXxrLrnDWVPVhJZNpSCUedZkpfAaeLC60GBrBtV98+o=; b=jbDh+sGqiuF4oNceyHpcpe5WWi6KV8gams1R7Pa22x3KLD/ItKKUPJKvYnZsEDldRt ocUaxUtZjh2Vkz3i3goyLaZ/ydEVCpa7zd6i16zl/DcUb/uxQsROtCQuwzvLFtPe4jP0 VnbM+sAp3Tct4cOyTfIEC097/2HW3DT/BKU9ht+Au76dqgXzB8GzuWobM4l4pSgt0Hkv KuJ/7vFI8PtpkESc8PQGpEyuv6sV8TowrFGOrFjNERgz81AT7rVkWIpzS/oA+k4l48YD YoT43BsKy92cj+O6GyTfTAR3zRSmUxtM+073jnBs+l5JpKfyYx2xEEyMoVZAW6foCWAA zUZg==
X-Received: by 10.236.158.100 with SMTP id p64mr246830yhk.148.1382350494069; Mon, 21 Oct 2013 03:14:54 -0700 (PDT)
Received: from [192.168.1.103] (c-174-48-167-34.hsd1.fl.comcast.net. [174.48.167.34]) by mx.google.com with ESMTPSA id u52sm25616895yhg.5.2013.10.21.03.14.52 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 21 Oct 2013 03:14:53 -0700 (PDT)
Date: Mon, 21 Oct 2013 06:14:47 -0400
Message-ID: <mwbvm3a28qudrjetywp4j5s5.1382349748578@email.android.com>
From: Tony Rutkowski <rutkowski.tony@gmail.com>
To: Eliot Lear <lear@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 10:16:03 -0000

SGkgRWxpb3QsCgpBcHJvcG9zIHRvIHlvdXIgc3VnZ2VzdGlvbi4uLgoKV2hhdCBhYm91dCBNVG5J
IChtYW5kYXRvcnkgdG8gbm90IGltcGxlbWVudCkgb3IgTVRCIChtYW5kYXRvcnkgdG8gYnJlYWsp
PyBQdWJsaWMgbmV0d29ya3MgYW5kIHNlcnZpY2VzIGhhdmUgYmVlbiBzdWJqZWN0IHRvIGdvdmVy
bm1lbnRhbCBjb250cm9scyBvbiBlbmNyeXB0aW9uIGJ5IGV2ZXJ5IGNvdW50cnkgaW4gaW50ZXJu
YXRpb25hbCBsYXcgc2luY2UgMTg1MC4gSW5kaXZpZHVhbHMgYW5kIHNtYWxsIGdyb3VwcyBtYXkg
YmUgYWJsZSB0byBza2lydCB0aGUgcmVxdWlyZW1lbnRzLCBidXQgbm90IGNvbW1lcmNpYWwgb3Ig
aW5zdGl0dXRpb25hbCBwcm92aWRlcnMuIFNlZW1zIGxpa2UgYSBiaXQgb2YgYSBzY2FsaW5nIGNo
YWxsZW5nZT8KCi0tdG9ueQoKRWxpb3QgTGVhciA8bGVhckBjaXNjby5jb20+IHdyb3RlOgoKPlN0
ZXBoZW4gd3JvdGU6Cj4KPj4gSSB0aGluayB0aGUgcGF0aCBmb3J3YXJkIGlzIG1vcmUgbGlrZSBt
YWtpbmcgb3Bwb3J0dW5pc3RpYwo+PiBzZWN1cml0eSBtZWNoYW5pc21zIChpbiBwYXJ0aWN1bGFy
IGNvbmZpZGVudGlhbGl0eSkgbW9yZS10aGFuLU1USQo+PiBpbiBhIHdheSB0aGF0IGJ1aWxkcyBp
biBzb21lIHNlY3VyaXR5IChhZ2FpbnN0IHBhc3NpdmUgYXR0YWNrcykKPj4gYXMgYW4gaW5oZXJl
bnQgZmVhdHVyZSBvZiBuZXcgcHJvdG9jb2xzLCBidXQgYWxzbyByZXN1bHRzIGluCj4+IGEgZmFy
IGVhc2llciB0cmFuc2l0aW9uIGZyb20gdGhlcmUgdG8gZnVsbHkgYXV0aGVudGljYXRlZCwKPj4g
Y29tcGFyZWQgdG8gdGhlIG1hc3NpdmUgZ2FwIGJldHdlZW4gY2xlYXJ0ZXh0IGFuZCBmdWxseQo+
PiBhdXRoZW50aWNhdGVkLgo+Cj5UZWFzaW5nIG91dCBPRSBmcm9tIG90aGVyIHBvdGVudGlhbCB0
YXNrcyBpcyBhIGdvb2QgdGhpbmc7IG9mIHRoYXQgSSdtCj5jb252aW5jZWQuICBXaGV0aGVyIGl0
J3MgbW9yZSB0aGFuIE1USSAqb3IgZXZlbiBNVEkqIGRlcGVuZHMgb24gd2hhdAo+cmVjb21tZW5k
YXRpb25zIGNhbiBiZSBtYWRlIHJlZ2FyZGluZyBob3cgdG8gZG8gaXQuICBBIGRyYWZ0IHRoZXJl
IHdvdWxkCj5iZSBtb3N0IHdlbGNvbWUgKEkndmUgaGVhcmQgdGhhdCBzb21lIGFyZSB0aGlua2lu
ZyBhYm91dCBkb2luZyBzb21ldGhpbmcKPndpdGggT1RSKS4KPgo+RWxpb3QKPl9fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCj5wZXJwYXNzIG1haWxpbmcgbGlz
dAo+cGVycGFzc0BpZXRmLm9yZwo+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5m
by9wZXJwYXNzCg==


From lear@cisco.com  Mon Oct 21 03:31:06 2013
Return-Path: <lear@cisco.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD94A11E8506 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 03:31:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.534
X-Spam-Level: 
X-Spam-Status: No, score=-110.534 tagged_above=-999 required=5 tests=[AWL=0.065, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sFn7owhUolHI for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 03:30:58 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by ietfa.amsl.com (Postfix) with ESMTP id EF0FC11E84EC for <perpass@ietf.org>; Mon, 21 Oct 2013 03:28:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1927; q=dns/txt; s=iport; t=1382351311; x=1383560911; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=KDufDKqiY9F9OaZVKMpi6N6861iiv59UOnm5NwEJyA8=; b=B49GP/ZwdbeYSkDtZHp5Btd/QMqrSiDJ1oYmJCmcF1Ajoj19kJWBPhwj 8YZHukXp6Q4aAohnnOZOXaqG+BDZa7Zpb3WdFB+uZvQaZgTfGikEf4Zyf VeCi75jpbR0CGrkW0/y6PfWJpMQVfbrnuL1i2n10ihKeK4EpJeAAxtdow A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjQFABQBZVKQ/khN/2dsb2JhbABZgwc4g366OUuBKhZ0giUBAQEEAQEBIEsKARALGAICBRYLAgIJAwIBAgEVFhoGDQEFAgEBiAINq1yCDZAHBIEpjjMHgmqBPwOYCZIHgyY6
X-IronPort-AV: E=Sophos;i="4.93,538,1378857600"; d="scan'208";a="160857927"
Received: from ams-core-4.cisco.com ([144.254.72.77]) by ams-iport-1.cisco.com with ESMTP; 21 Oct 2013 10:28:04 +0000
Received: from mctiny.local ([10.61.223.17]) by ams-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id r9LAS0Dq014793 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 21 Oct 2013 10:28:02 GMT
Message-ID: <526501B0.2080103@cisco.com>
Date: Mon, 21 Oct 2013 12:28:00 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Tony Rutkowski <rutkowski.tony@gmail.com>
References: <mwbvm3a28qudrjetywp4j5s5.1382349748578@email.android.com>
In-Reply-To: <mwbvm3a28qudrjetywp4j5s5.1382349748578@email.android.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 10:31:06 -0000

Yes, and this begs a question about which encryption we're talking
about, as well.  While most of us see the world as AES, others see it as
GOST and yet others may have other algorithms they are required to use. 
Plain text may be the least common denominator in some cases, for
interoperability.  That doesn't mean we have to code to that case, but
we should at least recognize that if we don't there may be some sites
that become inaccessible to some class of users.

Eliot

On 10/21/13 12:14 PM, Tony Rutkowski wrote:
> Hi Eliot,
>
> Apropos to your suggestion...
>
> What about MTnI (mandatory to not implement) or MTB (mandatory to break)? Public networks and services have been subject to governmental controls on encryption by every country in international law since 1850. Individuals and small groups may be able to skirt the requirements, but not commercial or institutional providers. Seems like a bit of a scaling challenge?
>
> --tony
>
> Eliot Lear <lear@cisco.com> wrote:
>
>> Stephen wrote:
>>
>>> I think the path forward is more like making opportunistic
>>> security mechanisms (in particular confidentiality) more-than-MTI
>>> in a way that builds in some security (against passive attacks)
>>> as an inherent feature of new protocols, but also results in
>>> a far easier transition from there to fully authenticated,
>>> compared to the massive gap between cleartext and fully
>>> authenticated.
>> Teasing out OE from other potential tasks is a good thing; of that I'm
>> convinced.  Whether it's more than MTI *or even MTI* depends on what
>> recommendations can be made regarding how to do it.  A draft there would
>> be most welcome (I've heard that some are thinking about doing something
>> with OTR).
>>
>> Eliot
>> _______________________________________________
>> perpass mailing list
>> perpass@ietf.org
>> https://www.ietf.org/mailman/listinfo/perpass


From york@isoc.org  Mon Oct 21 05:11:23 2013
Return-Path: <york@isoc.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CB0D11E83AE for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 05:11:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.499
X-Spam-Level: 
X-Spam-Status: No, score=-103.499 tagged_above=-999 required=5 tests=[AWL=0.101, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XeSrEfVQEVSh for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 05:11:17 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0212.outbound.protection.outlook.com [207.46.163.212]) by ietfa.amsl.com (Postfix) with ESMTP id DB38B11E83A7 for <perpass@ietf.org>; Mon, 21 Oct 2013 05:11:16 -0700 (PDT)
Received: from BN1PR06MB072.namprd06.prod.outlook.com (10.242.211.17) by BN1PR06MB071.namprd06.prod.outlook.com (10.242.211.15) with Microsoft SMTP Server (TLS) id 15.0.785.10; Mon, 21 Oct 2013 12:11:03 +0000
Received: from BN1PR06MB072.namprd06.prod.outlook.com ([169.254.5.2]) by BN1PR06MB072.namprd06.prod.outlook.com ([169.254.5.132]) with mapi id 15.00.0785.001; Mon, 21 Oct 2013 12:11:03 +0000
From: Dan York <york@isoc.org>
To: Cullen Jennings <fluffy@iii.ca>, "perpass@ietf.org" <perpass@ietf.org>
Thread-Topic: [perpass] Few things the IETF might standardize for secure collaboration
Thread-Index: AQHOzlacSc2fViSZd0aFROWFnKAC4A==
Date: Mon, 21 Oct 2013 12:11:03 +0000
Message-ID: <CE8A8DC9.369F0%york@isoc.org>
In-Reply-To: <7A3480BE-9791-4B80-B5B7-6B07F9F68E48@iii.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.255.101.4]
x-forefront-prvs: 00064751B6
x-forefront-antispam-report: SFV:NSPM; SFS:(377454003)(479174003)(199002)(189002)(24454002)(76482001)(80022001)(15975445006)(15202345003)(56776001)(54316002)(81342001)(81816001)(65816001)(79102001)(74706001)(76796001)(74876001)(15395725003)(56816003)(63696002)(46102001)(74366001)(69226001)(74662001)(47446002)(74502001)(31966008)(76786001)(4396001)(49866001)(50986001)(47976001)(47736001)(59766001)(77096001)(77982001)(81686001)(36756003)(51856001)(53806001)(54356001)(80976001)(76176001)(83322001)(83072001)(19580395003)(19580405001)(81542001)(85306002); DIR:OUT; SFP:; SCL:1; SRVR:BN1PR06MB071; H:BN1PR06MB072.namprd06.prod.outlook.com; CLIP:10.255.101.4; FPR:; RD:InfoNoRecords; A:1; MX:1; LANG:en; 
Content-Type: text/plain; charset="utf-8"
Content-ID: <D93D131EC2012B48B2FC2EE3EB5D778D@namprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
Subject: Re: [perpass] Few things the IETF might standardize for secure collaboration
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 12:11:23 -0000

Q3VsbGVuLA0KDQpPbiAxMC8yMC8xMyA2OjU4IFBNLCAiQ3VsbGVuIEplbm5pbmdzIiA8Zmx1ZmZ5
QGlpaS5jYT4gd3JvdGU6DQoNCg0KPkkndmUgYmVlbiB0aGlua2luZyBhYm91dCBob3cgdG8gYnVp
bGQgY2xvdWQgY29sbGFib3JhdGlvbnMgc3lzdGVtcyB3aGVyZQ0KPnRoZSBkYXRhIGlzIGVuY3J5
cHRlZCBhbmQgdGhlIGNsb3VkIGRvZXMgbm90IGhhdmUgdGhlIGtleXMuIFZlcnkNCj5pbnRlcmVz
dGVkIGluIGhlYXJpbmcgb3RoZXJzIHRob3VnaHRzIG9uIGhvdyB0byBkbyB0aGlzLg0KDQpHb29k
IGRvY3VtZW50LiBJbiBhIHF1aWNrIHJlYWQgSSBuYXR1cmFsbHkgaGF2ZSB0byByZWFjdCB0byBz
bGlkZSAyMw0KKFRydXN0aW5nIEROUykgYW5kIGFsc28gc2xpZGUgMTEgKENlcnRpZmljYXRlIEF1
dGhvcml0eSkuICBPbiBzbGlkZSAyMywNCnlvdSBzYXkgIlNvcnJ5LCBjYW4ndCB0cnVzdCB0aGlz
IHlldC4iLCBidXQgd2hhdCBoYXBwZW5zIGFzIHdlIGdldCBtb3JlDQpETlNTRUMgZGVwbG95ZWQ/
ICBXZSdyZSBhbHJlYWR5IHNlZWluZyBpbmNyZWFzZWQgdmFsaWRhdGlvbiB3aXRoaW4gY2FjaGlu
Zw0KcmVzb2x2ZXJzIGFuZCBzb21lIG1lYXN1cmVtZW50cyBhcmUgc2hvd2luZyBhcm91bmQgOCUg
b2YgYWxsIEROUyBxdWVyaWVzDQpjb21pbmcgZnJvbSByZXNvbHZlcnMgdGhhdCBwZXJmb3JtIHZh
bGlkYXRpb24uICBXZSdyZSBzZWVpbmcgc3RlYWR5IGdyb3d0aA0KaW4gdGhlIG51bWJlciBvZiBE
TlNTRUMtc2lnbmVkIGRvbWFpbnMuICBJIGtub3cgdGhlcmUgYXJlIHRob3NlIHdobyBhcmUNCnNr
ZXB0aWNhbCBhYm91dCBETlNTRUMgZGVwbG95bWVudCwgYnV0IEknbSBkZWZpbml0ZWx5IHNlZWlu
ZyByZWFsDQpncm93dGguLi4gYW5kIHNlZSBhIG51bWJlciBvZiB0cmVuZHMgcG9pbnRpbmcgdG8g
dGhhdCBvbmx5IGNvbnRpbnVpbmcuDQoNClNpbWlsYXJseSwgb24gc2xpZGUgMTEgeW91IG1lbnRp
b24gdGhlIG9uZ29pbmcgaXNzdWUgdGhhdCBDQSdzIGNhbiBpc3N1ZQ0KYmFkIGNlcnRzIGFuZCB0
aGUgZ29hbCBpcyB0byBkZXRlY3QgdGhpcy4gIFdlIGRvIGhhdmUgYW4gZXhpc3RpbmcNCm1lY2hh
bmlzbSB0aGF0IGNhbiBoZWxwIGhlcmUuICBEQU5FIChSRkMgNjY5OCkgYWxsb3dzIHRoZSB6b25l
IG9wZXJhdG9yIHRvDQppbmNsdWRlIGEgZmluZ2VycHJpbnQgb2YgYSBjZXJ0IChvciBhbiBlbnRp
cmUgY2VydCkgaW4gYSBETlMgem9uZSBhbmQgdGhlbg0Kc2lnbiB0aGF0IHdpdGggRE5TU0VDLiAg
Q291cGxlIHRoYXQgd2l0aCBETlNTRUMtdmFsaWRhdGluZyByZXNvbHZlcnMgYW5kDQp5b3UndmUg
Z290IGEgd2F5IHRvIGFkZCBhbiBhZGRpdGlvbmFsIGxheWVyIG9mIHRydXN0IGFzc2VydGlvbnMg
b24gdG9wIG9mDQp0aGUgQ0EgaW5mcmFzdHJ1Y3R1cmUuICBTdXJlLCBDQXMgY2FuIHN0aWxsIGlz
c3VlIGJhZCBjZXJ0cywgYnV0IGlmIHRoZQ0KY2VydCBiZWluZyBvZmZlcmVkIGRvZXNuJ3QgbWF0
Y2ggdGhlIGNlcnQgZmluZ2VycHJpbnQgc2VjdXJlbHkgc3RvcmVkIGluDQpETlMgdGhlbiB0aGUg
ZW5kcG9pbnQgc2hvdWxkIGtub3cgcmlnaHQgdGhlbiB0byByZWplY3QgdGhlIGJhZCBjZXJ0Lg0K
DQpUeXBvOiBzbGlkZSA4IC0gSSB0aGluayB5b3UgbWVhbnQgImluIHRoYXQgeW91IiAtICJUaGUg
Q0EgaXMgImhvbmVzdCIgaXMNCnRoYXQgeW91IGNhbiB0ZWxsIGlmIGl0IGlzc3VlcyB5b3VyIGNl
cnRp76yBY2F0ZSB0byBzb21lb25lIGVsc2UgYnV0IHRoZXJlDQppcyBubyB3YXkgdG8gc3RvcCBp
dCBmcm9tIGRvaW5nIHRoYXQiDQoNCj5OZWFyIHRoZSBlbmQgaXMgYSBsaXN0IG9mIHRoaW5ncyB0
aGF0IGl0IHdvdWxkIGJlIGhlbHBmdWwgaWYgdGhlIElFVEYNCj5zdGFuZGFyZGl6ZWQuDQoNCkdv
b2QgbGlzdCENCkRhbg0KDQotLQ0KRGFuIFlvcmsNClNlbmlvciBDb250ZW50IFN0cmF0ZWdpc3Qs
IEludGVybmV0IFNvY2lldHkNCnlvcmtAaXNvYy5vcmcgPG1haWx0bzp5b3JrQGlzb2Mub3JnPiAg
ICsxLTgwMi03MzUtMTYyNA0KSmFiYmVyOiB5b3JrQGphYmJlci5pc29jLm9yZyA8bWFpbHRvOnlv
cmtAamFiYmVyLmlzb2Mub3JnPg0KU2t5cGU6IGRhbnlvcmsgICBodHRwOi8vdHdpdHRlci5jb20v
ZGFueW9yaw0KDQpodHRwOi8vd3d3LmludGVybmV0c29jaWV0eS5vcmcvZGVwbG95MzYwLyANCg0K

From nweaver@icsi.berkeley.edu  Mon Oct 21 06:33:13 2013
Return-Path: <nweaver@icsi.berkeley.edu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DF0F11E83CC for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 06:33:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.459
X-Spam-Level: 
X-Spam-Status: No, score=-2.459 tagged_above=-999 required=5 tests=[AWL=0.140,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WHwXEfqjQJMt for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 06:33:04 -0700 (PDT)
Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id 0475811E813A for <perpass@ietf.org>; Mon, 21 Oct 2013 06:32:52 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id B01D62C4053; Mon, 21 Oct 2013 06:32:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU
Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 73lHeE5Hkuux; Mon, 21 Oct 2013 06:32:51 -0700 (PDT)
Received: from gala.icir.org (gala.icir.org [192.150.187.130]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id C49552C404B; Mon, 21 Oct 2013 06:32:51 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_32177DBD-009B-4340-902A-5406CF5B559B"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Nicholas Weaver <nweaver@icsi.berkeley.edu>
In-Reply-To: <CE8A8DC9.369F0%york@isoc.org>
Date: Mon, 21 Oct 2013 06:32:51 -0700
Message-Id: <DE0DE0E8-7BC7-457E-A7A1-AF263B37FEAF@icsi.berkeley.edu>
References: <CE8A8DC9.369F0%york@isoc.org>
To: Dan York <york@isoc.org>
X-Mailer: Apple Mail (2.1510)
Cc: "perpass@ietf.org" <perpass@ietf.org>, Nicholas Weaver <nweaver@icsi.berkeley.edu>, Cullen Jennings <fluffy@iii.ca>
Subject: Re: [perpass] Few things the IETF might standardize for secure collaboration
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 13:33:13 -0000

--Apple-Mail=_32177DBD-009B-4340-902A-5406CF5B559B
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


On Oct 21, 2013, at 5:11 AM, Dan York <york@isoc.org> wrote:
> Good document. In a quick read I naturally have to react to slide 23
> (Trusting DNS) and also slide 11 (Certificate Authority).  On slide =
23,
> you say "Sorry, can't trust this yet.", but what happens as we get =
more
> DNSSEC deployed?  We're already seeing increased validation within =
caching
> resolvers and some measurements are showing around 8% of all DNS =
queries
> coming from resolvers that perform validation.  We're seeing steady =
growth
> in the number of DNSSEC-signed domains.  I know there are those who =
are
> skeptical about DNSSEC deployment, but I'm definitely seeing real
> growth... and see a number of trends pointing to that only continuing.

DNSSEC has two huge issues and one huge potential (untapped) advantage.

Issue #1:  Validation at the wrong place.  Recursive resolver validation =
is of only small (but non-zero) utility: It allows countering =
packet-injection (NSA and their foreign competitors), which can =
otherwise be used to promote a man-on-the-side to a full =
man-in-the-middle.  But the recursive resolver itself is proven =
untrustworthy, so its not the point which should conduct validation.

And if clients are to validate in a mandatory way, they need to be able =
to get DNSSEC over an alternate means, as many clients can't get DNSSEC =
over the wire on UDP 53, many others can't get DNSSEC from the recursive =
resolver, and the combination (can't get either from the wire OR =
recursive resolver) is high enough that its in the "break 1%" category, =
which is generally regarded as unacceptable.


Issue #2:  The big threat against DNS, and the big reason you can't =
trust it, is that the major high-profile attacks have been attacks on =
the registrar.  DNSSEC does no good, because if you can social engineer =
the registrar, you can also get new DS records accepted.



Untapped advantage:  Multiple paths of trust.  If, say, TLS was modified =
to have multiple hostnames, eg
https://www.example.com/www.example.ru/

where the resulting certificate is fetched through DNSSEC, and BOTH =
domains must agree, in order for the connection to proceed.  This =
provides a very unique property: it requires that all paths-of-trust be =
compromised by the same cooperating entity.  That is

. -> .com -> example.com
. -> .ru -> example.ru

both must be compromised by the same entity. =20

"I don't trust .com, I don't trust .ru, but I trust they won't collude =
against me" is a very interesting property that is unique to protocols =
built on top of DNSSEC-as-a-CA.


--
Nicholas Weaver                  it is a tale, told by an idiot,
nweaver@icsi.berkeley.edu                full of sound and fury,
510-666-2903                                 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc


--Apple-Mail=_32177DBD-009B-4340-902A-5406CF5B559B
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJSZS0DAAoJEG2B1w+SDi/uctEP/Aqgsj7q9s2hu5rgRnBGeU4/
Dfec+JcQ8ZVKZfSCXQqP4IbYwy/G+Y0OTvyjd4PZzCK5ZUC3QkcaUXKOurGARor2
LeBEBWEw3k5n0t1CdNsUMtlvWVUvg3ySPD+DYUpw4pkOB/Cz7ZB6piWouoer2LzQ
5O9xUn1GuGWK9N4tuU2NMhWV6rcpYSerYU3puLoavT+ZOVPe+/JcGCLbd1IDVO6G
3u+N7XJYYzJACNxFOtsUaX5Q17RjGVqOmbR2ROsB93U2W2yxmQ4pB7JbJYLWj7bc
xSYqmwYLRIrZk9C4H9csi0Eprzm2MpU1yxTdxyssrs5/RudLOw3Iddlmz0J9uG2O
wjmNMVgWcV0SATSLPLUVEuobL+JUfT7ra4V1yUj6V8UY6RNylV29ULniPPsONrJE
ptNVRHN17vbj1wbCXR5RenvNV4/EdbPR+4icYRqHw6uO8CxGlux7VM/gmHl3bGkb
clC+ab5OhIouZKPNjsweYMf3qlVOo+/Q68Sp3dRzjTNp9xt1foJviN0j22RkU68S
jKTw5n/E9oKfBCEsXDD4HRLV+R0S7HoMG97hFVoO0MD21WD/wP7Dl1i7P774W+c6
lsPsCG3RDEm/fS+3HhK3i5BLRe60nsQOiiQE6FriFCREPt4lDUWn8OdaHNvjZMdG
p6Hs8pNVVRBu/FUWwI/O
=Go/5
-----END PGP SIGNATURE-----

--Apple-Mail=_32177DBD-009B-4340-902A-5406CF5B559B--

From ted.ietf@gmail.com  Mon Oct 21 07:08:27 2013
Return-Path: <ted.ietf@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 870DB11E8554 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 07:08:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.008
X-Spam-Level: 
X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[AWL=-0.459, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_TOWRITE=1.05]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s0csc-0HoSj7 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 07:08:26 -0700 (PDT)
Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id A0E4C11E83E8 for <perpass@ietf.org>; Mon, 21 Oct 2013 07:08:26 -0700 (PDT)
Received: by mail-ie0-f180.google.com with SMTP id e14so11115112iej.25 for <perpass@ietf.org>; Mon, 21 Oct 2013 07:08:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=/pO9HsIxTfbdNSUOWTvDIhCEh/z91rbZM+YQT5UWwBE=; b=y0Gt2N9uAZCi2aDcrlhl0lInAeACSXT/M0U/1X73UqS5rfA1QAZCl5F8Xb7TmVCQXx XB2Vf5lK/yImI2lzErestQqUd1lX5j3lDODQR0ZKNMiUQw1IgeYkeAwcjN0jB7CtialC RWTnj1d1dDsR44yDpo5B75NbPv/xmNedVnZrhe9QBcyLX/ToZQsL4/52/LMA6kLdWWmd qgRhAmt/adEbJg+xAjG3H8697mCaqvk6q5EVnacd/ewL4tY5n9rbIV2zc3nOtXtnZw5t tkJh5nA3iO/8Fukwx9XTpKLNQfe/x6GrWYxEZhw/dGmGaWKBmXI9Yt+zlmMaumYm6QGl Gm7g==
MIME-Version: 1.0
X-Received: by 10.50.61.205 with SMTP id s13mr9510968igr.29.1382364501249; Mon, 21 Oct 2013 07:08:21 -0700 (PDT)
Received: by 10.42.29.202 with HTTP; Mon, 21 Oct 2013 07:08:21 -0700 (PDT)
In-Reply-To: <52644423.1090800@cs.tcd.ie>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <52644423.1090800@cs.tcd.ie>
Date: Mon, 21 Oct 2013 07:08:21 -0700
Message-ID: <CA+9kkMC6xY5qNYf3+Of_D=KV_GjKdN-_A6x_m8_fi7N6-WxmZg@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary=047d7bd7679a0c27e404e940d157
Cc: "<perpass@ietf.org>" <perpass@ietf.org>
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 14:08:27 -0000

--047d7bd7679a0c27e404e940d157
Content-Type: text/plain; charset=ISO-8859-1

On Sun, Oct 20, 2013 at 1:59 PM, Stephen Farrell
<stephen.farrell@cs.tcd.ie>wrote:

>
> Hi Ted,
>
> Thanks for the draft. As you might guess from earlier discussion
> on here, I think the more-than-MTI approach espoused is maybe the
> right one, if we can figure out how to state the requirement well.
> Have you any ideas on that, or on how we could get towards a
> situation where that gained consensus?
>
>
I think the issue here is that "mandatory to implement" is theoretically
something testable by the IETF's process; mandatory to use is a condition
of the overall system and far less liable to the same testing.  "Default
on" might be testable.

I think, though, to get anywhere we'll need a combination of insistence at
the protocol stage, user education about the meaning of confidentiality and
data integrity, and plain old marketing.  When a user can evaluate a
statement like "safer messaging alternative" and the company providing it
can profit from that evaluation, we'll get traction.



> I've a similar question wrt how to "consider more carefully and
> more consistently the effects of information leakage by DNS and
> other infrastructure" - any ideas how an effort in that direction
> could usefully be structured?
>
>
Well, I think some of the other comments have explored this.  If you are
putting up a web site for blogs, providing a URL like
blogname.blogsite.example leaks data that blogsite.example/blogname does
not; providing both (for vanity or safety, but not both) is a better design
than forcing the leak.  A document that described the issues here may be
quite useful, though I suspect it needs a lot more marketing than the usual
RFC.     On a slightly more protocol-oriented note, David Conrad pointed
out years ago that once DNS data is secured by DNSSEC, you could deliver it
over confidential channels.  If the validation is done at the end user's
system (or within the application there), downloading the data from
anywhere you trust should work.

regards,

Ted




> Ta,
> S.
>
> On 10/20/2013 02:21 AM, Ted Hardie wrote:
> > Like most folks involved in this list, I have a personal response to the
> > current situation and some thoughts on how it will impact my or our work
> in
> > the future.  Since I expect we will pretty short of mic time in Vancouver
> > for thoughts like these, I decided to write them out.
> >
> > http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00
> >
> > is the result.  It's quite short but a quick summary is this:
> >
> > Pervasive monitoring induces self-censoring which harms the Internet and
> > its users.  At the scale of the modern Internet, that means it harms
> > humanity.
> >
> > We can and should change our approach to Internet engineering and system
> > design to deal with this.  There will be costs for that, but we should
> pay
> > them.
> >
> > It helps me, personally, to focus on a single user when asking whether a
> > system or protocol is appropriate in the current environment.  The draft
> > lays out why.
> >
> > regards,
> >
> > Ted Hardie
> >
> >
> >
> > _______________________________________________
> > perpass mailing list
> > perpass@ietf.org
> > https://www.ietf.org/mailman/listinfo/perpass
> >
>

--047d7bd7679a0c27e404e940d157
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Sun, Oct 20, 2013 at 1:59 PM, Stephen Farrell <span dir=
=3D"ltr">&lt;<a href=3D"mailto:stephen.farrell@cs.tcd.ie" target=3D"_blank"=
>stephen.farrell@cs.tcd.ie</a>&gt;</span> wrote:<br><div class=3D"gmail_ext=
ra"><div class=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><br>
Hi Ted,<br>
<br>
Thanks for the draft. As you might guess from earlier discussion<br>
on here, I think the more-than-MTI approach espoused is maybe the<br>
right one, if we can figure out how to state the requirement well.<br>
Have you any ideas on that, or on how we could get towards a<br>
situation where that gained consensus?<br>
<br></blockquote><div><br></div><div>I think the issue here is that &quot;m=
andatory to implement&quot; is theoretically something testable by the IETF=
&#39;s process; mandatory to use is a condition of the overall system and f=
ar less liable to the same testing.=A0 &quot;Default on&quot; might be test=
able.<br>
<br></div><div>I think, though, to get anywhere we&#39;ll need a combinatio=
n of insistence at the protocol stage, user education about the meaning of =
confidentiality and data integrity, and plain old marketing.=A0 When a user=
 can evaluate a statement like &quot;safer messaging alternative&quot; and =
the company providing it can profit from that evaluation, we&#39;ll get tra=
ction.<br>
</div><div><br>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0=
 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I&#39;ve a similar question wrt how to &quot;consider more carefully and<br=
>
more consistently the effects of information leakage by DNS and<br>
other infrastructure&quot; - any ideas how an effort in that direction<br>
could usefully be structured?<br>
<br></blockquote><div><br></div><div>Well, I think some of the other commen=
ts have explored this.=A0 If you are putting up a web site for blogs, provi=
ding a URL like blogname.blogsite.example leaks data that blogsite.example/=
blogname does not; providing both (for vanity or safety, but not both) is a=
 better design than forcing the leak.=A0 A document that described the issu=
es here may be quite useful, though I suspect it needs a lot more marketing=
 than the usual RFC.=A0=A0=A0=A0 On a slightly more protocol-oriented note,=
 David Conrad pointed out years ago that once DNS data is secured by DNSSEC=
, you could deliver it over confidential channels.=A0 If the validation is =
done at the end user&#39;s system (or within the application there), downlo=
ading the data from anywhere you trust should work.=A0 <br>
<br>regards,<br><br>Ted<br></div><div><br><br>=A0</div><blockquote class=3D=
"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding=
-left:1ex">
Ta,<br>
S.<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
On 10/20/2013 02:21 AM, Ted Hardie wrote:<br>
&gt; Like most folks involved in this list, I have a personal response to t=
he<br>
&gt; current situation and some thoughts on how it will impact my or our wo=
rk in<br>
&gt; the future. =A0Since I expect we will pretty short of mic time in Vanc=
ouver<br>
&gt; for thoughts like these, I decided to write them out.<br>
&gt;<br>
&gt; <a href=3D"http://tools.ietf.org/html/draft-hardie-perpass-touchstone-=
00" target=3D"_blank">http://tools.ietf.org/html/draft-hardie-perpass-touch=
stone-00</a><br>
&gt;<br>
&gt; is the result. =A0It&#39;s quite short but a quick summary is this:<br=
>
&gt;<br>
&gt; Pervasive monitoring induces self-censoring which harms the Internet a=
nd<br>
&gt; its users. =A0At the scale of the modern Internet, that means it harms=
<br>
&gt; humanity.<br>
&gt;<br>
&gt; We can and should change our approach to Internet engineering and syst=
em<br>
&gt; design to deal with this. =A0There will be costs for that, but we shou=
ld pay<br>
&gt; them.<br>
&gt;<br>
&gt; It helps me, personally, to focus on a single user when asking whether=
 a<br>
&gt; system or protocol is appropriate in the current environment. =A0The d=
raft<br>
&gt; lays out why.<br>
&gt;<br>
&gt; regards,<br>
&gt;<br>
&gt; Ted Hardie<br>
&gt;<br>
&gt;<br>
&gt;<br>
</div></div><div class=3D"HOEnZb"><div class=3D"h5">&gt; __________________=
_____________________________<br>
&gt; perpass mailing list<br>
&gt; <a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_b=
lank">https://www.ietf.org/mailman/listinfo/perpass</a><br>
&gt;<br>
</div></div></blockquote></div><br></div></div>

--047d7bd7679a0c27e404e940d157--

From ted.ietf@gmail.com  Mon Oct 21 07:17:18 2013
Return-Path: <ted.ietf@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 084FE11E8597 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 07:17:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.506
X-Spam-Level: 
X-Spam-Status: No, score=-2.506 tagged_above=-999 required=5 tests=[AWL=0.093,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PjtGEv65e3r1 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 07:17:13 -0700 (PDT)
Received: from mail-ie0-x232.google.com (mail-ie0-x232.google.com [IPv6:2607:f8b0:4001:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id 06C0B11E8581 for <perpass@ietf.org>; Mon, 21 Oct 2013 07:16:52 -0700 (PDT)
Received: by mail-ie0-f178.google.com with SMTP id to1so15901813ieb.9 for <perpass@ietf.org>; Mon, 21 Oct 2013 07:16:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=NerC8lDxD1iRTbE5YdLHaLPy7PfWnWNA+RC75v6vvVI=; b=xtk7h0CS+sUJoGtPjB/Xi5LZaz9nGAGF3aGVz4sKVGgApbDvaU3VgATPp9j/pJCKXu 5zNMENXpe3uxM4zF6c269eqaWFyLuJsecKKdfqhkh8MRaa4sedbAf/ztCUgOBf27EmR+ p4tMlxXYZfT8LZQ2av57c9Dg7q8R7ZnX10Chuhc//s0TESVq9c4ym9Ov6A2NZBSRHpg4 AtlNzaqisfHWs8XGwvPb/QOoM8BQakEXMaSjCbv9KHVVxkqLAdYeYVImvCW+J8HGmnYG R8+WiN0rNHGUsdPILTuV4vQowVCHrl27sVR0ryk9qRzZHeupUvMcCuU+AJ6gadZh/xJ2 YfaA==
MIME-Version: 1.0
X-Received: by 10.42.232.206 with SMTP id jv14mr1092852icb.52.1382365011412; Mon, 21 Oct 2013 07:16:51 -0700 (PDT)
Received: by 10.42.29.202 with HTTP; Mon, 21 Oct 2013 07:16:51 -0700 (PDT)
In-Reply-To: <qlg869d4s2c29ebfdg5q88771g3461m2c8@hive.bjoern.hoehrmann.de>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <3D3E3D53-96C9-4A2E-9751-A088183CFB4B@checkpoint.com> <CA+9kkMBi_+guP9jTmzOA9x=n5H_PqC-KHEoHO98GiixQ05rAwQ@mail.gmail.com> <qlg869d4s2c29ebfdg5q88771g3461m2c8@hive.bjoern.hoehrmann.de>
Date: Mon, 21 Oct 2013 07:16:51 -0700
Message-ID: <CA+9kkMBDWqPtEQfFAfK1djcY9NDX3ETUvq=gZNb4DWHwuNED=A@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
Content-Type: multipart/alternative; boundary=047d7b86eae6748b7b04e940ef34
Cc: "<perpass@ietf.org>" <perpass@ietf.org>
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 14:17:18 -0000

--047d7b86eae6748b7b04e940ef34
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Sun, Oct 20, 2013 at 2:32 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote=
:

>
> I was under the impression that TLS as currently deployed would still
> let an attacker know roughly when and how many bytes are exchanged and
> if the blogs are reasonably static and public that should be enough to
> reconstruct which are being read, especially if you can capture repeat
> visits (the knitting blog might feature small vector graphics with
> knitting patterns, and the custom cars blog might have large photos,
> so if the user downloads a lot, custom cars are much more likely).
>
>
If the pattern of download is consistent and the passive surveillance
system is keyed to look for that pattern, you're right that this is a
risk.  You can mitigate it as a user by downloading from multiple sites at
the blog site--if you're looking at custom cars and support information and
knitting, you're not going to trigger the pattern (or not as easily).  A
site that knows its data may be sensitive can also vary the data to avoid
easy pattern matching; this might get easier with the deployment of HTTP
2.0, since multiple flows are multiplexed over a single TLS connection;
deliver different in-line ads for the same content and you get different
patterns.



> (And in practise there are many more problems, like the blogs might be
> on different hostnames and the DNS lookup gives you away, or they might
> load resources from third-party hosts, so you can tell blogs that have
> some video from a popular video site on them from those that have not,
> simply from the client connecting to the video service after loading up
> whatever blog they are interested in, and so on.)
>

Third party hosts are indeed a problem; it's no help if you avoid
name.blogsite.example in favor of blogsite.example/name if you then point
to a third party whose DNS name leaks.

regards,

Ted


> --
> Bj=F6rn H=F6hrmann =B7 mailto:bjoern@hoehrmann.de =B7 http://bjoern.hoehr=
mann.de
> Am Badedeich 7 =B7 Telefon: +49(0)160/4415681 =B7 http://www.bjoernsworld=
.de
> 25899 Dageb=FCll =B7 PGP Pub. KeyID: 0xA4357E78 =B7 http://www.websitedev=
.de/
>

--047d7b86eae6748b7b04e940ef34
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Sun, Oct 20, 2013 at 2:32 PM, Bjoern Hoehrmann <span di=
r=3D"ltr">&lt;<a href=3D"mailto:derhoermi@gmx.net" target=3D"_blank">derhoe=
rmi@gmx.net</a>&gt;</span> wrote:<br><div class=3D"gmail_extra"><div class=
=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im"><br>
I was under the impression that TLS as currently deployed would still<br></=
div>
let an attacker know roughly when and how many bytes are exchanged and<br>
if the blogs are reasonably static and public that should be enough to<br>
reconstruct which are being read, especially if you can capture repeat<br>
visits (the knitting blog might feature small vector graphics with<br>
knitting patterns, and the custom cars blog might have large photos,<br>
so if the user downloads a lot, custom cars are much more likely).<br>
<br></blockquote><div><br></div><div>If the pattern of download is consiste=
nt and the passive surveillance system is keyed to look for that pattern, y=
ou&#39;re right that this is a risk.=A0 You can mitigate it as a user by do=
wnloading from multiple sites at the blog site--if you&#39;re looking at cu=
stom cars and support information and knitting, you&#39;re not going to tri=
gger the pattern (or not as easily).=A0 A site that knows its data may be s=
ensitive can also vary the data to avoid easy pattern matching; this might =
get easier with the deployment of HTTP 2.0, since multiple flows are multip=
lexed over a single TLS connection; deliver different in-line ads for the s=
ame content and you get different patterns.<br>
</div><div><br>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0=
 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
(And in practise there are many more problems, like the blogs might be<br>
on different hostnames and the DNS lookup gives you away, or they might<br>
load resources from third-party hosts, so you can tell blogs that have<br>
some video from a popular video site on them from those that have not,<br>
simply from the client connecting to the video service after loading up<br>
whatever blog they are interested in, and so on.)<br></blockquote><div><br>=
</div><div>Third party hosts are indeed a problem; it&#39;s no help if you =
avoid name.blogsite.example in favor of blogsite.example/name if you then p=
oint to a third party whose DNS name leaks.<br>
<br></div><div>regards,<br><br>Ted<br></div><div>=A0</div><blockquote class=
=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=
ing-left:1ex">
<span class=3D"HOEnZb"><font color=3D"#888888">--<br>
Bj=F6rn H=F6hrmann =B7 mailto:<a href=3D"mailto:bjoern@hoehrmann.de">bjoern=
@hoehrmann.de</a> =B7 <a href=3D"http://bjoern.hoehrmann.de" target=3D"_bla=
nk">http://bjoern.hoehrmann.de</a><br>
Am Badedeich 7 =B7 Telefon: <a href=3D"tel:%2B49%280%29160%2F4415681" value=
=3D"+491604415681">+49(0)160/4415681</a> =B7 <a href=3D"http://www.bjoernsw=
orld.de" target=3D"_blank">http://www.bjoernsworld.de</a><br>
25899 Dageb=FCll =B7 PGP Pub. KeyID: 0xA4357E78 =B7 <a href=3D"http://www.w=
ebsitedev.de/" target=3D"_blank">http://www.websitedev.de/</a><br>
</font></span></blockquote></div><br></div></div>

--047d7b86eae6748b7b04e940ef34--

From stephen.farrell@cs.tcd.ie  Mon Oct 21 08:49:41 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF88611E8651 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 08:49:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.679
X-Spam-Level: 
X-Spam-Status: No, score=-102.679 tagged_above=-999 required=5 tests=[AWL=-0.080, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xaOggb2ayKKd for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 08:49:35 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id D7F2011E8400 for <perpass@ietf.org>; Mon, 21 Oct 2013 08:48:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 9EE96BE4C for <perpass@ietf.org>; Mon, 21 Oct 2013 16:48:03 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v4owF7ZrOsKb for <perpass@ietf.org>; Mon, 21 Oct 2013 16:48:03 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 72DC9BE51 for <perpass@ietf.org>; Mon, 21 Oct 2013 16:48:03 +0100 (IST)
Message-ID: <52654CB3.1050507@cs.tcd.ie>
Date: Mon, 21 Oct 2013 16:48:03 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [perpass] draft agenda for Vancouver session
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 15:49:41 -0000

Hi,

I've posted a draft agenda [1] as previously outlined.

Comments still welcome - folks are starting to make the
various (small) bits of slideware so agenda-bash comments
this week would be most useful.

Thanks to Paul Wouters and Karen O'Donoghue for volunteering
to scribe. One or two more might be useful - if you're up
for it, just mail Sean and I.

Ta,
S.

[1] https://datatracker.ietf.org/meeting/88/agenda/perpass/

From kent@bbn.com  Mon Oct 21 08:58:46 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78D5711E8544 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 08:58:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.353
X-Spam-Level: 
X-Spam-Status: No, score=-106.353 tagged_above=-999 required=5 tests=[AWL=0.246, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rUoQjuQ8D3wd for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 08:58:40 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 7E9A021F9A10 for <perpass@ietf.org>; Mon, 21 Oct 2013 08:58:08 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:41454 helo=comsec.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VYHrr-000I2A-8E; Mon, 21 Oct 2013 11:58:07 -0400
Message-ID: <52654F0E.7050604@bbn.com>
Date: Mon, 21 Oct 2013 11:58:06 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
References: <525475AA.2010907@cs.tcd.ie>	<525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie>	<5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie>	<525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <525EAF77.3090203@bbn.com> <989619D4-FCB3-4DF4-A4DB-C8864D2155D0@icsi.berkeley.edu> <525EE96F.4020901@bbn.com> <0A4B1BCB-81FC-4EFF-88CD-D6C496C0847F@ICSI.Berkeley.EDU> <525FFB12.6030306@bbn.com> <FD2D5981-770E-4D7A-BEF6-CDB04600275A@ICSI.Berkeley.EDU>
In-Reply-To: <FD2D5981-770E-4D7A-BEF6-CDB04600275A@ICSI.Berkeley.EDU>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 15:58:46 -0000

Nicholas,
> ...
> Thanks to an ability to spoof packets from a gazillion different locations, as long as they can inject a spoofed packet from ANOTHER link in time, they will still be able to do packet injection.  The attacker's point of injection needs to be closer (latency wise) on the network than the final destination of the packet, but thats usually a pretty easy constraint to meet.
If I understand the attack, it requires wiretapping to determine the TCP 
sequence numbers and window
info to create an acceptable response, then send a packet to effect the 
redirect. When you factor
in the latency constraint, it's not clear that there are "a gazillion 
different locations" for
an active wiretapper to use, relative to a wide range of possible targets.
> ...
> If you are assuming MITM on a packet level rather than just an eavesdropper (man on the side), then it really is a full-active attack is just a matter of willingness to do so, since a full MitM can drop packets as well.
Sorry that I was not clear in my comment. What I was saying is that we 
usually view a full, MITM
capability as representing a active wiretap capability, and that is NOT 
the assumption on which
the attack you noted is based. Thus I was arguing that the full MITM 
capability may be much harder
achieve, vs. a passive capability. Also, given the asymmetric routing 
common for many Internet paths,
it might be hard to be a MITM, or a passive wiretapper, for both 
directions of a session, unless
one is able to be very close to one end of the session.

Your discussion of what it takes to securely configure LAN switches, and 
WLANs does
not convince me that its easy for an adversary to gain access, or, 
conversely, that it's
very hard to manage LANs and WLANs to address the cited vulnerabilities. 
That does not mean
that I assume all LANs will be well-managed in this regard, but it's a 
big jump from
"sloppy LAN management" to "easy to effect a MITM" attack on most 
enterprise LANs.

Over the weekend i checked with a friend who consults on security 
matters to a number of large firms,
principally in the financial services and related industries. He 
confirmed by earlier comments re use
of encryption within enterprise LANs. It is almost non-existent, and the 
IT folks want to keep it
that way. They do not see credible passive wiretapping threats in their 
nets, and they value ease of
monitoring and debugging more that the incremental security offered by 
adding encryption. (They're big
on authentication and integrity, just no confidentiality measures within 
a LAN.)

> Why?  Since its clear that there aren't technical limitations on an eavesdropper becoming a full MitM in most cases, its really is only "does becoming a full MitM benefit me as an attacker vs any increased risk of detection".
You have asserted that it's easy, but I don't agree with a number of 
your arguments, so
I'm not ready to concede that becoming a MiTM is easy in many cases.
> ...
> You need full authentication of all data and communication, so sorry for being unclear.
OK, glad we agree on that point.

The problem many of us see is that it's much easier to perform 
opportunistic encryption,
that does not provide authentication, than to provide authentication 
with encryption.

Steve

From kent@bbn.com  Mon Oct 21 09:13:28 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4C6411E81AB for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 09:13:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.393
X-Spam-Level: 
X-Spam-Status: No, score=-106.393 tagged_above=-999 required=5 tests=[AWL=0.205, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VD+PXU418v4Y for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 09:13:21 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 7F81811E8584 for <perpass@ietf.org>; Mon, 21 Oct 2013 09:12:59 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:51262 helo=comsec.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VYI6E-000FhR-Ew for perpass@ietf.org; Mon, 21 Oct 2013 12:12:58 -0400
Message-ID: <52655288.6080502@bbn.com>
Date: Mon, 21 Oct 2013 12:12:56 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: perpass@ietf.org
References: <CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com>
In-Reply-To: <CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------000105080301010007030200"
Subject: Re: [perpass] NSA inspired PKIX limitations?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 16:13:28 -0000

This is a multi-part message in MIME format.
--------------000105080301010007030200
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

PHB,

> There are a bunch of changes to PKIX that were blocked for quite some 
> time. The opposition coming from a cabal of DoD etc. contractors. This 
> opposition has proven ultimately futile since the industry has decided 
> to ignore the specification and set its own standards in two cases.
A cabal? Gee do member have secret handshakes and a secret clubhouse? 
That sounds like fun. Can I join? Oh, you're
saying that I _am_ a member!
> I don't want to get into a discussion of Snowden etc. I will however 
> note that I suspected something of the sort was going on several years 
> ago and that is why I was looking to take the standards process to a 
> forum where such interference could be prevented. The only practical 
> effect of Snowden is that I can now explain the reasons for that 
> decision without sounding like a black helicopter paranoid nut.
The fact that the PKIX WG did not elect to adopt every proposal you made 
is hardly a justification for name calling.
Moving your crusade to the CABF was a good strategy; fewer folks to 
convince and a focus on outcomes independent of
architectural considerations. This is the same group that wanted to give 
CAs 3 years to fix a serious security bug,
before the ICANN SSAC insisted otherwise, if I recall Warren's briefing 
in SAAG.
> 1) Name Constraints MUST be marked critical
>
> And utterly stupid restriction since the semantics of the criticality 
> bit are 'break backwards compatibility'. Use of name constraints 
> provide a significant reduction in the attack surface and would have 
> prevented the Flame attack. However marking a name constraint critical 
> breaks Safari and provides no security benefit in the Web PKI.
>
> Outcome: Industry has decided that the standard is that name 
> constraints MAY be marked non-critical.
It might be worth emhpasizing that the principal reason cited for not 
marking the extension critical, as per X,.509
and RFC 5280, was a single vendor's unwillingness to fix a bug in their 
browser. The CABF members, being browser vendors
as well as third-party CAs, was the prefect venue in which elect to 
given precedence to a vendor's intransigence.
> 2) OCSP reports success for unknown/unissued certificates.
>
> One of the reasons that the DigiNotar incident was so severe is that 
> the OCSP responder reported 'Valid' status for certificates that the 
> CA had not issued. This limit is allegedly a consequence of the DoD's 
> billion dollar PKI being unable to issue OCSP responses except by 
> using CRLs as a source.
>
> One important consequence of this constraint is that it provides a 
> weak form of CA transparency. It is possible to determine whether a CA 
> is consistently defaulting on this requirement or not.
>
>
> Outcome: Industry has mandated OCSP responses report INVALID status if 
> the certificate was not issued.
A number of folks have long wanted OCSP to be a cert status protocol, 
instead of a cert _revocation_ status protocol.
DoD is probably not the only CA that uses CRLs to generate OCSP replies. 
The relevant RFCs have always allowed
this practice, and it's a reasonable one, especially if the OCSP service 
providers is not the CA.

There are a number of ways that the major problems associated with 
DigiNotar breech could have been mitigated, many
of them not requiring any changes to protocols.

The fundamental issue here, for both of the examples cited, is that the 
browser PKI model is a terrible one.
DANE is a much better solution, except for the CAs that might lose 
business as a result.

Steve

--------------000105080301010007030200
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    PHB,<br>
    <br>
    <blockquote
cite="mid:CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com"
      type="cite">
      <div dir="ltr">There are a bunch of changes to PKIX that were
        blocked for quite some time. The opposition coming from a cabal
        of DoD etc. contractors. This opposition has proven ultimately
        futile since the industry has decided to ignore the
        specification and set its own standards in two cases.</div>
    </blockquote>
    A cabal? Gee do member have secret handshakes and a secret
    clubhouse? That sounds like fun. Can I join? Oh, you're<br>
    saying that I <u>am</u> a member!<br>
    <blockquote
cite="mid:CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>
          I don't want to get into a discussion of Snowden etc. I will
          however note that I suspected something of the sort was going
          on several years ago and that is why I was looking to take the
          standards process to a forum where such interference could be
          prevented. The only practical effect of Snowden is that I can
          now explain the reasons for that decision without sounding
          like a black helicopter paranoid nut.</div>
      </div>
    </blockquote>
    The fact that the PKIX WG did not elect to adopt every proposal you
    made is hardly a justification for name calling.<br>
    Moving your crusade to the CABF was a good strategy; fewer folks to
    convince and a focus on outcomes independent of<br>
    architectural considerations. This is the same group that wanted to
    give CAs 3 years to fix a serious security bug, <br>
    before the ICANN SSAC insisted otherwise, if I recall Warren's
    briefing in SAAG.<br>
    <blockquote
cite="mid:CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>
          <div>1) Name Constraints MUST be marked critical</div>
          <div><br>
          </div>
          <div>And utterly stupid restriction since the semantics of the
            criticality bit are 'break backwards compatibility'. Use of
            name constraints provide a significant reduction in the
            attack surface and would have prevented the Flame attack.
            However marking a name constraint critical breaks Safari and
            provides no security benefit in the Web PKI.&nbsp;</div>
          <div><br>
          </div>
          <div>Outcome: Industry has decided that the standard is that
            name constraints MAY be marked non-critical.</div>
        </div>
      </div>
    </blockquote>
    It might be worth emhpasizing that the principal reason cited for
    not marking the extension critical, as per X,.509<br>
    and RFC 5280, was a single vendor's unwillingness to fix a bug in
    their browser. The CABF members, being browser vendors<br>
    as well as third-party CAs, was the prefect venue in which elect to
    given precedence to a vendor's intransigence.<br>
    <blockquote
cite="mid:CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>
          <div>2) OCSP reports success for unknown/unissued
            certificates.
            <div><br>
            </div>
            <div>One of the reasons that the DigiNotar incident was so
              severe is that the OCSP responder reported 'Valid' status
              for certificates that the CA had not issued. This limit is
              allegedly a consequence of the DoD's billion dollar PKI
              being unable to issue OCSP responses except by using CRLs
              as a source.</div>
            <div><br>
            </div>
            <div>One important consequence of this constraint is that it
              provides a weak form of CA transparency. It is possible to
              determine whether a CA is consistently defaulting on this
              requirement or not.</div>
            <div>
              <br>
            </div>
            <div><br>
            </div>
            <div>Outcome: Industry has mandated OCSP responses report
              INVALID status if the certificate was not issued.</div>
          </div>
        </div>
      </div>
    </blockquote>
    A number of folks have long wanted OCSP to be a cert status
    protocol, instead of a cert <u>revocation</u> status protocol. <br>
    DoD is probably not the only CA that uses CRLs to generate OCSP
    replies. The relevant RFCs have always allowed<br>
    this practice, and it's a reasonable one, especially if the OCSP
    service providers is not the CA. <br>
    <br>
    There are a number of ways that the major problems associated with
    DigiNotar breech could have been mitigated, many<br>
    of them not requiring any changes to protocols. <br>
    <br>
    The fundamental issue here, for both of the examples cited, is that
    the browser PKI model is a terrible one.<br>
    DANE is a much better solution, except for the CAs that might lose
    business as a result. <br>
    <br>
    Steve<br>
  </body>
</html>

--------------000105080301010007030200--

From kathleen.moriarty@emc.com  Mon Oct 21 10:55:49 2013
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBA5311E8377; Mon, 21 Oct 2013 10:55:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.024
X-Spam-Level: 
X-Spam-Status: No, score=-2.024 tagged_above=-999 required=5 tests=[AWL=0.575,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ddRFF-ftdU0y; Mon, 21 Oct 2013 10:55:30 -0700 (PDT)
Received: from mailuogwdur.emc.com (mailuogwdur.emc.com [128.221.224.79]) by ietfa.amsl.com (Postfix) with ESMTP id 8A6CF11E832C; Mon, 21 Oct 2013 10:55:27 -0700 (PDT)
Received: from maildlpprd54.lss.emc.com (maildlpprd54.lss.emc.com [10.106.48.158]) by mailuogwprd52.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9LHtPTV004933 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 21 Oct 2013 13:55:25 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd52.lss.emc.com r9LHtPTV004933
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1382378125; bh=blsitGAzF5pKhj0VYduguxpQj5A=; h=From:To:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=lNhOyduR5HsE3uONITOY22orVZ5AJ/qB4UJ81aH6cqJFnAvosU9z0RmXFzCufS89x h8Ht8C0mInBk11i6kqq7H5loo6LnSjBMFw3fDDaOQTWnRMx8bbvuetrh9GiY3IIN6I gOJJIRzy4jzglVGY59o6DbXrts0aGst7iQ13VKqs=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd52.lss.emc.com r9LHtPTV004933
Received: from mailusrhubprd01.lss.emc.com (mailusrhubprd01.lss.emc.com [10.253.24.19]) by maildlpprd54.lss.emc.com (RSA Interceptor); Mon, 21 Oct 2013 13:55:15 -0400
Received: from mxhub35.corp.emc.com (mxhub35.corp.emc.com [10.254.93.83]) by mailusrhubprd01.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9LHtE8Z027442 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 21 Oct 2013 13:55:14 -0400
Received: from mx15a.corp.emc.com ([169.254.1.46]) by mxhub35.corp.emc.com ([::1]) with mapi; Mon, 21 Oct 2013 13:55:14 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: "perpass@ietf.org" <perpass@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Date: Mon, 21 Oct 2013 13:55:11 -0400
Thread-Topic: New Version Notification - draft-moriarty-pkcs12v1-1-02.txt
Thread-Index: Ac7Ohmeo9EZJYnCeR+6bFr4bHWwQXwAABy7g
Message-ID: <F5063677821E3B4F81ACFB7905573F24049E8BCDCD@MX15A.corp.emc.com>
References: <20131021175237.32469.2938.idtracker@ietfa.amsl.com>
In-Reply-To: <20131021175237.32469.2938.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd01.lss.emc.com
X-RSA-Classifications: DLM_1, public
Subject: [perpass] FW: New Version Notification - draft-moriarty-pkcs12v1-1-02.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 17:55:49 -0000

RllJIC0NCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IGludGVybmV0LWRyYWZ0
c0BpZXRmLm9yZyBbbWFpbHRvOmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZ10gDQpTZW50OiBNb25k
YXksIE9jdG9iZXIgMjEsIDIwMTMgMTo1MyBQTQ0KVG86IE1vcmlhcnR5LCBLYXRobGVlbjsgbW55
c3Ryb21AbWljcm9zb2Z0LmNvbTsgUGFya2luc29uLCBTZWFuOyBSdXNjaCwgQW5kcmVhczsgU2Nv
dHQsIE1pY2hhZWwyOyBkcmFmdC1tb3JpYXJ0eS1wa2NzMTJ2MS0xQHRvb2xzLmlldGYub3JnOyB0
dXJuZXJzQGllY2EuY29tDQpTdWJqZWN0OiBOZXcgVmVyc2lvbiBOb3RpZmljYXRpb24gLSBkcmFm
dC1tb3JpYXJ0eS1wa2NzMTJ2MS0xLTAyLnR4dA0KDQoNCkEgbmV3IHZlcnNpb24gKC0wMikgaGFz
IGJlZW4gc3VibWl0dGVkIGZvciBkcmFmdC1tb3JpYXJ0eS1wa2NzMTJ2MS0xOg0KaHR0cDovL3d3
dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtbW9yaWFydHktcGtjczEydjEtMS0wMi50
eHQNCg0KDQpUaGUgSUVURiBkYXRhdHJhY2tlciBwYWdlIGZvciB0aGlzIEludGVybmV0LURyYWZ0
IGlzOg0KaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtbW9yaWFydHktcGtj
czEydjEtMS8NCg0KRGlmZiBmcm9tIHByZXZpb3VzIHZlcnNpb246DQpodHRwOi8vd3d3LmlldGYu
b3JnL3JmY2RpZmY/dXJsMj1kcmFmdC1tb3JpYXJ0eS1wa2NzMTJ2MS0xLTAyDQoNClBsZWFzZSBu
b3RlIHRoYXQgaXQgbWF5IHRha2UgYSBjb3VwbGUgb2YgbWludXRlcyBmcm9tIHRoZSB0aW1lIG9m
IHN1Ym1pc3Npb24gdW50aWwgdGhlIGh0bWxpemVkIHZlcnNpb24gYW5kIGRpZmYgYXJlIGF2YWls
YWJsZSBhdCB0b29scy5pZXRmLm9yZy4NCg0KSUVURiBTZWNyZXRhcmlhdC4NCg0KDQo=

From datapacrat@gmail.com  Mon Oct 21 12:00:50 2013
Return-Path: <datapacrat@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E05AF11E8699 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 12:00:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8zEVoBxEWdIZ for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 12:00:37 -0700 (PDT)
Received: from mail-we0-x235.google.com (mail-we0-x235.google.com [IPv6:2a00:1450:400c:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id 7F24011E86A7 for <perpass@ietf.org>; Mon, 21 Oct 2013 11:58:18 -0700 (PDT)
Received: by mail-we0-f181.google.com with SMTP id t60so6849709wes.26 for <perpass@ietf.org>; Mon, 21 Oct 2013 11:58:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=lP868XCJU7uTagMHZhrlIFv7MTKe3J4+0oxRui06Dh4=; b=AKU8wt8pCCxcRO6gp2ycKqBOpWftKytfqCFs4kHjFF3AYg7XN6IDcXi5CpvmjMVh0K Y2BTlAHftagWYd/ng7LJn7y6vJRjKwtc5Boknv1WnKeKfV0EZfJv+Auw/uweRdYJWYkj ysoonvr6PN8rLr3rPrgNcoSXgI3W2Rak8CDpxRHp9KByOrEWfPWkwKfZxdrwQVIMKae1 e8CdQ2Vm/6Hsyl6qUlUHy0HUzfYxOreKEEbhAuNCzlaJHDYRleABT+22844ZBGLw8hlX t1GbFGmf85HB3gLCZzMOj/QkQsZAcThyW0+TtdkkZP6x5ZRWEbMhEzuy0DN4+PMEw9aY tkHA==
MIME-Version: 1.0
X-Received: by 10.180.185.203 with SMTP id fe11mr11065839wic.29.1382381892590;  Mon, 21 Oct 2013 11:58:12 -0700 (PDT)
Received: by 10.194.133.193 with HTTP; Mon, 21 Oct 2013 11:58:12 -0700 (PDT)
Date: Mon, 21 Oct 2013 14:58:12 -0400
Message-ID: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: perpass@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: [perpass]  Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 19:00:53 -0000

I've just posted a new version of a draft for an extension to the
current vCard format, "Signed vCards" [1]. The general idea is to use
existing encryption techniques to turn an existing format for
"identity description" into one for "identity authentication",
including non-email-based identifiers, change of identifiers over
time, publication and revocation of keys, and so forth.

The reason I'm putting all of this together is that, after finding out
just how brittle the current Certificate Authority system is, I wanted
to have a replacement that was much mushier and resistant to root-CA
hijacking, possibly based on some form of web-of-trust. I'm currently
trying to teach myself enough about webfist [2] to see if it can be
adapted for the purpose, likely by replacing its current DKIM-based
authentication system. My thought is that if that can be made to work,
then it may be feasible to try combining Signed vCards with CA-style
certificates.

There's also the possibility that I'm completely deluded about the
whole approach. I'm not an expert in the field; I'm just trying to
find a solution that's within my meager skills. So I'm hoping to evoke
as much feedback and constructive criticism as I can. Since swapping
out hierarchical CAs for a system more resistant to a subpoena attack
would seem to help reduce pervasive monitoring, this list seems a
worthwhile place to discuss it.

So: How can my ideas be improved?



[1] https://datatracker.ietf.org/doc/draft-boese-vcarddav-signedvcard/
[2] http://www.onebigfluke.com/2013/06/bootstrapping-webfinger-with-webfist.html


Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."

From brian.e.carpenter@gmail.com  Mon Oct 21 12:19:07 2013
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2596A11E8557 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 12:19:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.577
X-Spam-Level: 
X-Spam-Status: No, score=-102.577 tagged_above=-999 required=5 tests=[AWL=0.022, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QJk+RahMqzmj for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 12:19:06 -0700 (PDT)
Received: from mail-pa0-x22c.google.com (mail-pa0-x22c.google.com [IPv6:2607:f8b0:400e:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 22CB611E86B3 for <perpass@ietf.org>; Mon, 21 Oct 2013 12:19:00 -0700 (PDT)
Received: by mail-pa0-f44.google.com with SMTP id fb1so5490137pad.31 for <perpass@ietf.org>; Mon, 21 Oct 2013 12:18:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=idB1v/5xJmxDPm4WSKCOT5Nw2cikSgSpWU2aJ1sJUcY=; b=mLY8irslDPTWn7aQSnnYB2pSl9xHysapyqGP+Za3b5gnBHYVdS6ZKzLmofA+OvOEkO pTv30NA0e/jNws/aHt0Wf9QgXCvt4lG0Sg7wAXRegb2tgfoZy+czTrmww26V8eofUPuj k+fyvHkj6AbDz4NNIdtS7eJdykeuksaKLCtkQ7vXM7dYriDQ0vDPQj3kvUkAqvet5cRq tH36KEffzNTRf6z/SEJJ95PSmts8eh/BS1HnTZlXa6aej9mhq+nFFKHKqho3eCfO7kX4 +qBBsVNnv4OX8pQOFptqFFqiSGJXZXceeFslPppwI+Qn3EdFSTcNxAXcpvgp7GBWR+k4 8qUQ==
X-Received: by 10.66.156.199 with SMTP id wg7mr19221376pab.81.1382383139812; Mon, 21 Oct 2013 12:18:59 -0700 (PDT)
Received: from [192.168.178.20] (254.194.69.111.dynamic.snap.net.nz. [111.69.194.254]) by mx.google.com with ESMTPSA id zq10sm27698999pab.6.2013.10.21.12.18.56 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 21 Oct 2013 12:18:57 -0700 (PDT)
Message-ID: <52657E22.60309@gmail.com>
Date: Tue, 22 Oct 2013 08:18:58 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Tony Rutkowski <rutkowski.tony@gmail.com>
References: <mwbvm3a28qudrjetywp4j5s5.1382349748578@email.android.com>
In-Reply-To: <mwbvm3a28qudrjetywp4j5s5.1382349748578@email.android.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, Eliot Lear <lear@cisco.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 19:19:07 -0000

Tony,

On 21/10/2013 23:14, Tony Rutkowski wrote:
> Hi Eliot,
> 
> Apropos to your suggestion...
> 
> What about MTnI (mandatory to not implement) or MTB (mandatory to break)? Public networks and services have been subject to governmental controls on encryption by every country in international law since 1850. Individuals and small groups may be able to skirt the requirements, but not commercial or institutional providers. Seems like a bit of a scaling challenge?
> 

I believe that is *exactly* why the IETF endorsed both RFC 1984 and
RFC 2804. It's *our* job to make our specs as secure as reasonably
possible and to not help make them liable to eavesdropping. If that
makes signals intelligence agencies unhappy, or presents implementors
with a conflict between an IETF "MUST" and a jurisdictional "MUST NOT",
that isn't our concern.

Here, I believe we should focus only on specifications that enhance
privacy, and IMHO that certainly includes specifying that implementations
must have strong privacy-protecting default configurations.

    Brian

From hallam@gmail.com  Mon Oct 21 12:20:38 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1DA211E8237 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 12:20:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.517
X-Spam-Level: 
X-Spam-Status: No, score=-2.517 tagged_above=-999 required=5 tests=[AWL=0.082,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UmzNpASkm67P for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 12:20:37 -0700 (PDT)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id D086C11E8262 for <perpass@ietf.org>; Mon, 21 Oct 2013 12:20:35 -0700 (PDT)
Received: by mail-la0-f49.google.com with SMTP id eh20so925661lab.8 for <perpass@ietf.org>; Mon, 21 Oct 2013 12:20:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kLngrKlWE4XDp6CJZhSUU8TjPw/Mc7B22s7vwvJF614=; b=T47xZ17d/xAZJhANUpi/8+dKVAz5UFhts/gkQlDYKvVH7kQkcDXjgTcQGcp2ymmUjv VS3mMftu7PVeVs15yVcIOpx8D3m0iSOASzxLpt3CGudw0AKwtUDSTn99uM6/4B0yswUY 0EVL5iC7NeHYeKR2kK1eSBps+lLDbPLHmY18C8u3u71dfZZqlLxqvQ8aGpwXhv2mSc0/ CwRYOmRK0EVv7aXfmnqVuaDniRzVcnnWJj1+2NO8YscGfXv+dx4lTda4tH0bacL3iM4f UyLu6xpBiZp2/SMU6+Eh1QNmhYYxU+DR+1z1/d1Fq+6OXwEtnV/DcUQqtMP31xaliQlY a1WQ==
MIME-Version: 1.0
X-Received: by 10.112.29.147 with SMTP id k19mr14437962lbh.9.1382383234565; Mon, 21 Oct 2013 12:20:34 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Mon, 21 Oct 2013 12:20:34 -0700 (PDT)
In-Reply-To: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com>
Date: Mon, 21 Oct 2013 15:20:34 -0400
Message-ID: <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: DataPacRat <datapacrat@gmail.com>
Content-Type: multipart/alternative; boundary=001a1133aa86a3ca9d04e9452de3
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 19:20:38 -0000

--001a1133aa86a3ca9d04e9452de3
Content-Type: text/plain; charset=ISO-8859-1

On Mon, Oct 21, 2013 at 2:58 PM, DataPacRat <datapacrat@gmail.com> wrote:

> I've just posted a new version of a draft for an extension to the
> current vCard format, "Signed vCards" [1]. The general idea is to use
> existing encryption techniques to turn an existing format for
> "identity description" into one for "identity authentication",
> including non-email-based identifiers, change of identifiers over
> time, publication and revocation of keys, and so forth.
>
> The reason I'm putting all of this together is that, after finding out
> just how brittle the current Certificate Authority system is, I wanted
> to have a replacement that was much mushier and resistant to root-CA
> hijacking, possibly based on some form of web-of-trust. I'm currently
> trying to teach myself enough about webfist [2] to see if it can be
> adapted for the purpose, likely by replacing its current DKIM-based
> authentication system. My thought is that if that can be made to work,
> then it may be feasible to try combining Signed vCards with CA-style
> certificates.
>
> There's also the possibility that I'm completely deluded about the
> whole approach. I'm not an expert in the field; I'm just trying to
> find a solution that's within my meager skills. So I'm hoping to evoke
> as much feedback and constructive criticism as I can. Since swapping
> out hierarchical CAs for a system more resistant to a subpoena attack
> would seem to help reduce pervasive monitoring, this list seems a
> worthwhile place to discuss it.
>

I think you need to work out how to evaluate how trust in the Web of Trust
is evaluated:

http://tools.ietf.org/html/draft-hallambaker-prismproof-trust-00

You can accuse the CA system of being 'brittle' but so is Web of Trust once
you get past the keys that you signed directly yourself.


Putting the key in a vcard only addresses one part of the problem, you need
to know whether you have the right vcard. An attacker that can knock over a
CA will have no trouble knocking over a simple vcard scheme either.

To replace that system you have to show that what you propose as a
replacement is actually stronger and that it is not susceptible to
sovereign control by a single government (at minimum, some of us are not
going to be any more happy with a group of governments acting in concert
unless you can assure us that they will not collude).


Where vcard is supported, it makes a fine mechanism for converting a key
identifier to a key. It is a less good mechanism for establishing trust in
a key which is what most of us see as the hard part.

-- 
Website: http://hallambaker.com/

--001a1133aa86a3ca9d04e9452de3
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Mon, Oct 21, 2013 at 2:58 PM, DataPacRat <span dir=3D"ltr">&lt;<=
a href=3D"mailto:datapacrat@gmail.com" target=3D"_blank">datapacrat@gmail.c=
om</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">I&#39;ve just posted a new version of a draft for an exten=
sion to the<br>

current vCard format, &quot;Signed vCards&quot; [1]. The general idea is to=
 use<br>
existing encryption techniques to turn an existing format for<br>
&quot;identity description&quot; into one for &quot;identity authentication=
&quot;,<br>
including non-email-based identifiers, change of identifiers over<br>
time, publication and revocation of keys, and so forth.<br>
<br>
The reason I&#39;m putting all of this together is that, after finding out<=
br>
just how brittle the current Certificate Authority system is, I wanted<br>
to have a replacement that was much mushier and resistant to root-CA<br>
hijacking, possibly based on some form of web-of-trust. I&#39;m currently<b=
r>
trying to teach myself enough about webfist [2] to see if it can be<br>
adapted for the purpose, likely by replacing its current DKIM-based<br>
authentication system. My thought is that if that can be made to work,<br>
then it may be feasible to try combining Signed vCards with CA-style<br>
certificates.<br>
<br>
There&#39;s also the possibility that I&#39;m completely deluded about the<=
br>
whole approach. I&#39;m not an expert in the field; I&#39;m just trying to<=
br>
find a solution that&#39;s within my meager skills. So I&#39;m hoping to ev=
oke<br>
as much feedback and constructive criticism as I can. Since swapping<br>
out hierarchical CAs for a system more resistant to a subpoena attack<br>
would seem to help reduce pervasive monitoring, this list seems a<br>
worthwhile place to discuss it.<br></blockquote><div><br></div><div>I think=
 you need to work out how to evaluate how trust in the Web of Trust is eval=
uated:</div><div><br></div><div><a href=3D"http://tools.ietf.org/html/draft=
-hallambaker-prismproof-trust-00">http://tools.ietf.org/html/draft-hallamba=
ker-prismproof-trust-00</a><br>
</div><div><br></div><div>You can accuse the CA system of being &#39;brittl=
e&#39; but so is Web of Trust once you get past the keys that you signed di=
rectly yourself.</div><div><br></div><div><br></div><div>Putting the key in=
 a vcard only addresses one part of the problem, you need to know whether y=
ou have the right vcard. An attacker that can knock over a CA will have no =
trouble knocking over a simple vcard scheme either.</div>
<div><br></div><div>To replace that system you have to show that what you p=
ropose as a replacement is actually stronger and that it is not susceptible=
 to sovereign control by a single government (at minimum, some of us are no=
t going to be any more happy with a group of governments acting in concert =
unless you can assure us that they will not collude).</div>
<div><br></div><div><br></div><div>Where vcard is supported, it makes a fin=
e mechanism for converting a key identifier to a key. It is a less good mec=
hanism for establishing trust in a key which is what most of us see as the =
hard part.</div>
<div><br></div></div>-- <br>Website: <a href=3D"http://hallambaker.com/">ht=
tp://hallambaker.com/</a><br>
</div></div>

--001a1133aa86a3ca9d04e9452de3--

From rutkowski.tony@gmail.com  Mon Oct 21 12:51:35 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A59521E809D for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 12:51:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hep+ZpxQxQcY for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 12:51:34 -0700 (PDT)
Received: from mail-ye0-x22d.google.com (mail-ye0-x22d.google.com [IPv6:2607:f8b0:4002:c04::22d]) by ietfa.amsl.com (Postfix) with ESMTP id AFFDC11E8719 for <perpass@ietf.org>; Mon, 21 Oct 2013 12:47:23 -0700 (PDT)
Received: by mail-ye0-f173.google.com with SMTP id m4so1710379yen.4 for <perpass@ietf.org>; Mon, 21 Oct 2013 12:47:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:subject:message-id:from:to:cc:mime-version:content-type :content-transfer-encoding; bh=F2+Xql/zlu9fOGHcpdP+mzkTPmg6VktkFwtPRaOj73I=; b=C+J5dsnsIZnmc4AyIoIsP7vq5vybYJXj8NXI5nFkCNSQErtloL0G3n0eV+TLI+kWnP Lt+u2yr5MOLlJKBYpFR4Q9QLtjDn46bY8XVcC35eYnnaqF8qL+xk33BLbjGbQLW7DAaB ksrE0MDvK69929IgtJr9hsNfwBBV7m9C8TYt+6OcS89gkqEG54sJBogAywqxS6xvGYIx sFIevhNCdIfnHpFLW+72SLwEfGz1aayGNWWc4iHXjAOXtaJ4zW7Sq03VwVsvAyZzPoO3 WghQF3eUFONJ4ErA4cJvUSDLB3xeQBWBlbvoGlTffSNV5z9hzvE7M/j7PkuuUgBfazFT u2Xw==
X-Received: by 10.236.129.162 with SMTP id h22mr2414324yhi.80.1382384837612; Mon, 21 Oct 2013 12:47:17 -0700 (PDT)
Received: from [192.168.15.201] ([68.208.127.71]) by mx.google.com with ESMTPSA id s4sm29397318yhs.14.2013.10.21.12.47.11 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 21 Oct 2013 12:47:16 -0700 (PDT)
Date: Mon, 21 Oct 2013 15:47:09 -0400
Message-ID: <8dy8vrduywxmujacpk0u3rwv.1382384829092@email.android.com>
From: Tony Rutkowski <rutkowski.tony@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64
Cc: perpass <perpass@ietf.org>, Eliot Lear <lear@cisco.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 19:51:35 -0000

SGkgQnJpYW4sCgpJdCdzIGZhaXIgZW5vdWdoIHRvIHN0YXkgb3V0IG9mIHRoZSBqdXJpc2RpY3Rp
b25hbCBsZWdhbCBjb25zdHJ1Y3QgYXJlbmEuIE1vc3QgYm9kaWVzIGRvLgoKSG93ZXZlciwgInBy
aXZhY3kiIGlzIGFsc28gYSBqdXJpc2RpY3Rpb25hbCBsZWdhbCBjb25zdHJ1Y3QuICBJbmRlZWQs
IHNvbWUgaW5zdGFudGlhdGlvbnMgb2YgInByaXZhY3kiIC0gZXNwZWNpYWxseSBhcyBtYW5pZmVz
dGVkIHVuZGVyIHRoZSBwZXJwYXNzIHJ1YnJpYyAtIGFyZSBwbGFpbmx5IGFudGktZ292ZXJubWVu
dCAoaWYgbm90IGFudGktYnVzaW5lc3MpCmluIG5hdHVyZS4gIFRoZSBhaW0gaXMgdG8gaGFybSBs
ZWdpdGltYXRlIGludGVyZXN0cyBvZiBsYXcgZW5mb3JjZW1lbnQuICBJbiBzbyBkb2luZywgMjQw
OCBpcyBiZWluZyBjb250cmF2ZW5lZCBieSBzd2luZ2luZyB0aGUgaWRlb2xvZ2ljYWwgcGVuZHVs
dW0gdG93YXJkIGEgcmF0aGVyIGV4dHJlbWUgcGVyc3BlY3RpdmUuICBJbmRlZWQsIGFsdGVybmF0
aXZlIHZpZXdzIHNlZW0gcGxhaW5seSBub3Qgd2VsY29tZS4KClRoZSBJRVRGIGFzIGEgYm9keSBp
cyBkZW5pZ3JhdGVkIGJ5IHZlbnR1cmluZyBpbnRvIHRoZXNlIGtpbmRzIG9mIHJlbGlnaW91cyBl
eGVyY2lzZXMuICBJdCBzaG91bGQgbmV1dHJhbCBpbiB0aGVzZSBtYXR0ZXJzLgoKT24gdGhlIG90
aGVyIGhhbmQsIGFzIHNvbWVvbmUgd2hvIHBhcnRpY2lwYXRlcyBpbiBkb3plbnMgb2YgZGlmZmVy
ZW50IHN0YW5kYXJkcyB2ZW51ZXMsIGl0J3MgYmV0dGVyIHRoZSB3YWNraW5lc3Mgb24gdGhpcyBz
dWJqZWN0IHN0YXkgaW4gcGVycGFzcyEKCi0tdG9ueQoKQnJpYW4gRSBDYXJwZW50ZXIgPGJyaWFu
LmUuY2FycGVudGVyQGdtYWlsLmNvbT4gd3JvdGU6Cgo+VG9ueSwKPgo+T24gMjEvMTAvMjAxMyAy
MzoxNCwgVG9ueSBSdXRrb3dza2kgd3JvdGU6Cj4+IEhpIEVsaW90LAo+PiAKPj4gQXByb3BvcyB0
byB5b3VyIHN1Z2dlc3Rpb24uLi4KPj4gCj4+IFdoYXQgYWJvdXQgTVRuSSAobWFuZGF0b3J5IHRv
IG5vdCBpbXBsZW1lbnQpIG9yIE1UQiAobWFuZGF0b3J5IHRvIGJyZWFrKT8gUHVibGljIG5ldHdv
cmtzIGFuZCBzZXJ2aWNlcyBoYXZlIGJlZW4gc3ViamVjdCB0byBnb3Zlcm5tZW50YWwgY29udHJv
bHMgb24gZW5jcnlwdGlvbiBieSBldmVyeSBjb3VudHJ5IGluIGludGVybmF0aW9uYWwgbGF3IHNp
bmNlIDE4NTAuIEluZGl2aWR1YWxzIGFuZCBzbWFsbCBncm91cHMgbWF5IGJlIGFibGUgdG8gc2tp
cnQgdGhlIHJlcXVpcmVtZW50cywgYnV0IG5vdCBjb21tZXJjaWFsIG9yIGluc3RpdHV0aW9uYWwg
cHJvdmlkZXJzLiBTZWVtcyBsaWtlIGEgYml0IG9mIGEgc2NhbGluZyBjaGFsbGVuZ2U/Cj4+IAo+
Cj5JIGJlbGlldmUgdGhhdCBpcyAqZXhhY3RseSogd2h5IHRoZSBJRVRGIGVuZG9yc2VkIGJvdGgg
UkZDIDE5ODQgYW5kCj5SRkMgMjgwNC4gSXQncyAqb3VyKiBqb2IgdG8gbWFrZSBvdXIgc3BlY3Mg
YXMgc2VjdXJlIGFzIHJlYXNvbmFibHkKPnBvc3NpYmxlIGFuZCB0byBub3QgaGVscCBtYWtlIHRo
ZW0gbGlhYmxlIHRvIGVhdmVzZHJvcHBpbmcuIElmIHRoYXQKPm1ha2VzIHNpZ25hbHMgaW50ZWxs
aWdlbmNlIGFnZW5jaWVzIHVuaGFwcHksIG9yIHByZXNlbnRzIGltcGxlbWVudG9ycwo+d2l0aCBh
IGNvbmZsaWN0IGJldHdlZW4gYW4gSUVURiAiTVVTVCIgYW5kIGEganVyaXNkaWN0aW9uYWwgIk1V
U1QgTk9UIiwKPnRoYXQgaXNuJ3Qgb3VyIGNvbmNlcm4uCj4KPkhlcmUsIEkgYmVsaWV2ZSB3ZSBz
aG91bGQgZm9jdXMgb25seSBvbiBzcGVjaWZpY2F0aW9ucyB0aGF0IGVuaGFuY2UKPnByaXZhY3ks
IGFuZCBJTUhPIHRoYXQgY2VydGFpbmx5IGluY2x1ZGVzIHNwZWNpZnlpbmcgdGhhdCBpbXBsZW1l
bnRhdGlvbnMKPm11c3QgaGF2ZSBzdHJvbmcgcHJpdmFjeS1wcm90ZWN0aW5nIGRlZmF1bHQgY29u
ZmlndXJhdGlvbnMuCj4KPiAgICBCcmlhbgo=


From hallam@gmail.com  Mon Oct 21 13:21:38 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B42011E81CE for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 13:21:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.069
X-Spam-Level: 
X-Spam-Status: No, score=-1.069 tagged_above=-999 required=5 tests=[AWL=-1.370, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_31=0.6, MANGLED_YOUR=2.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O51NaQw54FCD for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 13:21:37 -0700 (PDT)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id DA85411E81FF for <perpass@ietf.org>; Mon, 21 Oct 2013 13:21:33 -0700 (PDT)
Received: by mail-la0-f42.google.com with SMTP id ea20so2026330lab.1 for <perpass@ietf.org>; Mon, 21 Oct 2013 13:21:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=LGbaBd/2CeIn+wklotborHWVOUiRsJeEQFEhBLVzdEw=; b=OWzfnH/D3fyzpAHqOOnLsCDP4eqinYMQYkN2w5WPwK8r6bs4/8xBuSqBLygZrusYK3 NZOnKll/UegqaJpUECulVUvzmreCPTgtqeJWALi+l6JsH+eL/BNzi1v4ZUV+JIrKips9 +86YvtVtib+phhFekZxfKbWsqig8QpoaPLRSuAUI5YsqlKoX69ROeUjB936Ld3fqdQlV BlXkt/YgYRvuerJcKqhqMaIKhtACq4hhmCDaN/03zA7dsQ7byOHJkCM39aojH/jchgCe El8zYsndZfFCyQ+Ywt86Pse7XneZjkg7EzVxhM4d19vxKkYPdu4n+E30mcys4J0NXtP3 DNFQ==
MIME-Version: 1.0
X-Received: by 10.152.235.40 with SMTP id uj8mr2646023lac.39.1382386886710; Mon, 21 Oct 2013 13:21:26 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Mon, 21 Oct 2013 13:21:26 -0700 (PDT)
Date: Mon, 21 Oct 2013 16:21:26 -0400
Message-ID: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary=001a11345d84531a1204e9460734
Cc: perpass <perpass@ietf.org>
Subject: [perpass] Standards in the age of pervasive suspicion Re: NSA inspired PKIX limitations?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 20:21:38 -0000

--001a11345d84531a1204e9460734
Content-Type: text/plain; charset=ISO-8859-1

On Mon, Oct 21, 2013 at 12:12 PM, Stephen Kent <kent@bbn.com> wrote:

>  PHB,
>
>
>  There are a bunch of changes to PKIX that were blocked for quite some
> time. The opposition coming from a cabal of DoD etc. contractors. This
> opposition has proven ultimately futile since the industry has decided to
> ignore the specification and set its own standards in two cases.
>
> A cabal? Gee do member have secret handshakes and a secret clubhouse? That
> sounds like fun. Can I join? Oh, you'r saying that I *am* a member!
>


One of the issues that has been raised in the government world is how do we
convince people looking in that the IETF spec have not been contaminated by
some of the alleged $250 mil/yr being spent on such purposes.

This is not a theoretical problem or even a new one, but it is one that has
been ignored in the past and is now going to be very much harder to ignore.


Whether we like it or not, this is now part of the distrust landscape we
have to deal with when designing technical solutions. If people want
technologies like DNSSEC/DANE or RPKI to be deployed in practice they are
going to have to answer the difficult questions about how cryptography is
used to concentrate power over the Internet infrastructure by a very narrow
range of institutions, most of which are ultimately under US govt. control.

Now you can dismiss the conspiracy theories as nonsense but these are now
conspiracy theories which are believed by the heads of government in some
very large and significant countries. Countries that have the ability to
decide Internet standards within their borders for themselves if they
choose. So anyone who is proposing to deploy cryptographic infrastructures
who does not take these issues into account is likely wasting their time at
best or may at worse provoke those governments to fracture the Internet
rather than allow entrenchment of existing powers.


If we try to look at the situation from their point of view, what do we see?

On past vulnerabilities, it would seem that the NSA has delivered a paltry
return if very much of that $250mil was spent on subverting standards. At
best they have one borked random number generator that Ferguson spotted was
bjorked back in 2007 and Bruce blogged on, a couple of PKIX holes that they
maybe helped keep open. Thats hardly a return on investment to be proud of.


Another hypothesis is that much of that money was spent for the purposes it
should have been spent on - protecting US cyber infrastructure from attack
i.e. cyberdefense but that the expenditures were written up as cyber attack
because that is what was prized during the Alexander years at the NSA.

So even if we see future documents come out naming names or programs, they
don't necessarily mean what they might say.



-- 
Website: http://hallambaker.com/

--001a11345d84531a1204e9460734
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Mon, Oct 21, 2013 at 12:12 PM, Stephen Kent <span dir=
=3D"ltr">&lt;<a href=3D"mailto:kent@bbn.com" target=3D"_blank">kent@bbn.com=
</a>&gt;</span> wrote:<br><div class=3D"gmail_extra"><div class=3D"gmail_qu=
ote"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-le=
ft:1px #ccc solid;padding-left:1ex">

 =20
   =20
 =20
  <div bgcolor=3D"#FFFFFF" text=3D"#000000">
    PHB,<div class=3D"im"><br>
    <br>
    <blockquote type=3D"cite">
      <div dir=3D"ltr">There are a bunch of changes to PKIX that were
        blocked for quite some time. The opposition coming from a cabal
        of DoD etc. contractors. This opposition has proven ultimately
        futile since the industry has decided to ignore the
        specification and set its own standards in two cases.</div>
    </blockquote></div>
    A cabal? Gee do member have secret handshakes and a secret
    clubhouse? That sounds like fun. Can I join? Oh, you&#39;r=A0saying tha=
t I <u>am</u> a member!</div></blockquote><div><br></div><div><br></div><di=
v>One of the issues that has been raised in the government world is how do =
we convince people looking in that the IETF spec have not been contaminated=
 by some of the alleged $250 mil/yr being spent on such purposes.</div>
<div><br></div><div>This is not a theoretical problem or even a new one, bu=
t it is one that has been ignored in the past and is now going to be very m=
uch harder to ignore.</div><div><br></div><div><br></div><div>Whether we li=
ke it or not, this is now part of the distrust landscape we have to deal wi=
th when designing technical solutions. If people want technologies like DNS=
SEC/DANE or RPKI to be deployed in practice they are going to have to answe=
r the difficult questions about how cryptography is used to concentrate pow=
er over the Internet infrastructure by a very narrow range of institutions,=
 most of which are ultimately under US govt. control.</div>
<div><br></div><div>Now you can dismiss the conspiracy theories as nonsense=
 but these are now conspiracy theories which are believed by the heads of g=
overnment in some very large and significant countries. Countries that have=
 the ability to decide Internet standards within their borders for themselv=
es if they choose. So anyone who is proposing to deploy cryptographic infra=
structures who does not take these issues into account is likely wasting th=
eir time at best or may at worse provoke those governments to fracture the =
Internet rather than allow entrenchment of existing powers.</div>
</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra"><br><=
/div>If we try to look at the situation from their point of view, what do w=
e see?</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra"=
>On past vulnerabilities, it would seem that the NSA has delivered a paltry=
 return if very much of that $250mil was spent on subverting standards. At =
best they have one borked random number generator that Ferguson spotted was=
 bjorked back in 2007 and Bruce blogged on, a couple of PKIX holes that the=
y maybe helped keep open. Thats hardly a return on investment to be proud o=
f.<br clear=3D"all">
<div><br></div><div><br></div><div>Another hypothesis is that much of that =
money was spent for the purposes it should have been spent on - protecting =
US cyber infrastructure from attack i.e. cyberdefense but that the expendit=
ures were written up as cyber attack because that is what was prized during=
 the Alexander years at the NSA.</div>
<div><br></div><div>So even if we see future documents come out naming name=
s or programs, they don&#39;t necessarily mean what they might say.</div><d=
iv><br></div><div><br></div><div><br></div>-- <br>Website: <a href=3D"http:=
//hallambaker.com/">http://hallambaker.com/</a><br>

</div></div>

--001a11345d84531a1204e9460734--

From datapacrat@gmail.com  Mon Oct 21 13:47:04 2013
Return-Path: <datapacrat@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FAA411E85CB for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 13:47:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dFbPg-EFS9DP for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 13:47:03 -0700 (PDT)
Received: from mail-we0-x22b.google.com (mail-we0-x22b.google.com [IPv6:2a00:1450:400c:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id B3E9E11E8266 for <perpass@ietf.org>; Mon, 21 Oct 2013 13:46:47 -0700 (PDT)
Received: by mail-we0-f171.google.com with SMTP id t60so7224716wes.30 for <perpass@ietf.org>; Mon, 21 Oct 2013 13:46:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=8Vuqroh0rjjsh4wF3Hn+ejUyiB2t/ASiJYGZvoKhEPg=; b=BfMvkLtlGhnFYDks4H6SxC88lbZyBih+3xzNqgS0riYAoQ2M+0oKpFFLBtIg4OH2ha JNDNCA0d/XZHOAZzg/kO5R9rtZKH9tAidLwq1zZavX6LqgpW/qoSVf3QEumKDv5ufDE6 ZE6ZB0nqChwbk3vV2633zmu6S1pbLUIBR3V1iboH1uc45INxcF4DYSgVJTHApQqrSOSR 1vWbKpxYHOSK3LUxrC8QXT7TKcNSyYifkhARR5NzGydvmah6pcplf02BTMetsjPSCoUT nEXZJ/7hijTD4rQ8APOgyb95lVL4ACYW22tC/J9VZwsECe6Q0aHimPH9bILRLygmBZ0f oioQ==
MIME-Version: 1.0
X-Received: by 10.180.72.237 with SMTP id g13mr11671061wiv.0.1382388405710; Mon, 21 Oct 2013 13:46:45 -0700 (PDT)
Received: by 10.194.133.193 with HTTP; Mon, 21 Oct 2013 13:46:45 -0700 (PDT)
In-Reply-To: <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com>
Date: Mon, 21 Oct 2013 16:46:45 -0400
Message-ID: <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 20:47:04 -0000

On Mon, Oct 21, 2013 at 3:20 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote:

> I think you need to work out how to evaluate how trust in the Web of Trust
> is evaluated:
>
> http://tools.ietf.org/html/draft-hallambaker-prismproof-trust-00
>
> You can accuse the CA system of being 'brittle' but so is Web of Trust once
> you get past the keys that you signed directly yourself.
>
> Putting the key in a vcard only addresses one part of the problem, you need
> to know whether you have the right vcard. An attacker that can knock over a
> CA will have no trouble knocking over a simple vcard scheme either.
>
> To replace that system you have to show that what you propose as a
> replacement is actually stronger and that it is not susceptible to sovereign
> control by a single government (at minimum, some of us are not going to be
> any more happy with a group of governments acting in concert unless you can
> assure us that they will not collude).
>
>
> Where vcard is supported, it makes a fine mechanism for converting a key
> identifier to a key. It is a less good mechanism for establishing trust in a
> key which is what most of us see as the hard part.

The reasons you list are the ones behind why I included the
'Confidence' parameter in the Signed vCard spec. In fact, that
parameter is the key to the whole approach.

There is good reason to treat Bayesian analysis as a useful tool for
analyzing iffy data, such as a pool of keys that may include false
ones. Using existing terminology, any given vCard Authority can be
treated as an ad-hoc Certificate Authority. Using one's own
self-signed vCard as a baseline, web-of-trust techniques could then
determine the relative amount of trust to apply to any other Signed
vCard's data. Eg, if I trust my own vCard at a level of 100 decibans,
I trust Alice's card at 30, and Alice trusts Bob's card at 40, it's
easy to determine that Bob's card should be trusted at somewhere under
30 decibans. (Real situations would be much more complicated, such as
with multiple assertion paths; but this is still early days.)

If this approach is, in fact, workable, then once the details can be
hammered out (perhaps with Webfist-style exchanges, perhaps some
entirely different method), I'm hoping that those details can be
hidden from the end-user as well as the certificate negotiations for
https browsing are, for users who just want to get things done. Throw
in a collection of open-source key/vCard signing apps, which use
cellphone cameras and QR codes, and then, as you mention in your
PRISM-Proof trust model, even a thousand attendees at a conference
could potentially perform mutual key endorsements with just about
every other attendee. But that's still pie-in-the-sky - getting the
Signed vCard draft nailed down is the current step. Getting it nailed
down so it can, at least potentially, eventually support the
pie-in-the-sky, is why I've brought it up on this list.

So: What can I do to improve the current Signed vCard draft?



Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."

From derhoermi@gmx.net  Mon Oct 21 15:23:13 2013
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44CF911E876C for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 15:23:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.397
X-Spam-Level: 
X-Spam-Status: No, score=-2.397 tagged_above=-999 required=5 tests=[AWL=0.202,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7W5tgqoDBpYh for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 15:23:08 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id 79BC211E82B6 for <perpass@ietf.org>; Mon, 21 Oct 2013 15:23:08 -0700 (PDT)
Received: from netb.Speedport_W_700V ([91.35.27.33]) by mail.gmx.com (mrgmx101) with ESMTPA (Nemesis) id 0MYbFe-1VCzO50muY-00VOuZ for <perpass@ietf.org>; Tue, 22 Oct 2013 00:23:07 +0200
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Ted Hardie <ted.ietf@gmail.com>
Date: Tue, 22 Oct 2013 00:23:07 +0200
Message-ID: <rf9b691af144iuvgg2lsp729e370fo1gtk@hive.bjoern.hoehrmann.de>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <3D3E3D53-96C9-4A2E-9751-A088183CFB4B@checkpoint.com> <CA+9kkMBi_+guP9jTmzOA9x=n5H_PqC-KHEoHO98GiixQ05rAwQ@mail.gmail.com> <qlg869d4s2c29ebfdg5q88771g3461m2c8@hive.bjoern.hoehrmann.de> <CA+9kkMBDWqPtEQfFAfK1djcY9NDX3ETUvq=gZNb4DWHwuNED=A@mail.gmail.com>
In-Reply-To: <CA+9kkMBDWqPtEQfFAfK1djcY9NDX3ETUvq=gZNb4DWHwuNED=A@mail.gmail.com>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:LcNuGo/I8r7RYhMd/X8l1IUAUZrnKiOt5t4rpvuhJFN3TVPPrb9 D0e0SLX/r7wv8QrsSQ590JclS2o46IW/5KJAckB2f+NY5Yeg0hZkzsv1isO3mz3yRLP0EId NMv1yavDA4ibvrs0KS0QB0tQixrTWKqnwPAH+MO8MCto4uYIdPmY5w/6E7u/pmzZpooyvsy 3nHoFPnYkUz3vR7NOoUfg==
Cc: "<perpass@ietf.org>" <perpass@ietf.org>
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 22:23:13 -0000

* Ted Hardie wrote:
>If the pattern of download is consistent and the passive surveillance
>system is keyed to look for that pattern, you're right that this is a
>risk.  You can mitigate it as a user by downloading from multiple sites at
>the blog site--if you're looking at custom cars and support information and
>knitting, you're not going to trigger the pattern (or not as easily).  A
>site that knows its data may be sensitive can also vary the data to avoid
>easy pattern matching; this might get easier with the deployment of HTTP
>2.0, since multiple flows are multiplexed over a single TLS connection;
>deliver different in-line ads for the same content and you get different
>patterns.

Right, thanks for the confirmation. Is this an area where the IETF can
and should do more? As an example, should the HTTP/2.0 specification
discuss or an accompanying specification discuss protocol options that
could be useful in mitigating such attacks? Perhaps some kind of meta
document that discusses when adding automatically generated noise to
mitigate such attacks becomes abusive and harmful to the network? It
seems to me this would be a next attack point if suddenly "everything"
goes encrypted over the wire, but I am not sure what level of interest
there is in doing anything about it.

(Even with HTTP/1.1 there are many options to add some innocious noise
and randomness, a browser can decide to forget a cached resource and
fetch it again, or decide it is not going to prefetch a resource or do
it later than normally, and with HTTP/2.0 servers can do similar things
with server-push).
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

From lear@cisco.com  Mon Oct 21 21:31:07 2013
Return-Path: <lear@cisco.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDFB811E8338 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 21:31:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.419
X-Spam-Level: 
X-Spam-Status: No, score=-110.419 tagged_above=-999 required=5 tests=[AWL=0.179, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OyxiiGequbPb for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 21:30:58 -0700 (PDT)
Received: from ams-iport-4.cisco.com (ams-iport-4.cisco.com [144.254.224.147]) by ietfa.amsl.com (Postfix) with ESMTP id A8A0B11E8127 for <perpass@ietf.org>; Mon, 21 Oct 2013 21:30:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6225; q=dns/txt; s=iport; t=1382416254; x=1383625854; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=bSL+flaDKtpmblYGnsTct6MuO+ocALGqNfuIasc/t6Y=; b=e90F/JYmoMhjNiBxwLkmLOFjpqyX5JAvNvMLvZ2B9Fh/QUaseZTWfvy3 Ca68X1YVhlq9pnJLRMP/dlz8s/+mwoSOBvHV1cmPEbHZITw57pTgCocuV ts/MSR+LlHgiAulp0gUHyuHPQ3l6k1ypjetJW7OZBxaxc2TL4IF/9qFVi E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgYFACP+ZVKQ/khR/2dsb2JhbABZgweENoVdskGCeg+BFhZ0giUBAQEDASNVARALGAkMCgsCAgkDAgECAUUGAQwBBwEBF4dlBqg0klSOI4E4BwqCYIE/A5gJkgeBZoFAOg
X-IronPort-AV: E=Sophos;i="4.93,545,1378857600"; d="scan'208,217";a="18915871"
Received: from ams-core-1.cisco.com ([144.254.72.81]) by ams-iport-4.cisco.com with ESMTP; 22 Oct 2013 04:30:53 +0000
Received: from dhcp-10-61-108-155.cisco.com (dhcp-10-61-108-155.cisco.com [10.61.108.155]) by ams-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id r9M4UjWD018168 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 22 Oct 2013 04:30:48 GMT
Message-ID: <5265FB71.1020408@cisco.com>
Date: Tue, 22 Oct 2013 06:13:37 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>, Stephen Kent <kent@bbn.com>
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>
In-Reply-To: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: multipart/alternative; boundary="------------060909000601020706050902"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Standards in the age of pervasive suspicion Re: NSA inspired PKIX limitations?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 04:31:07 -0000

This is a multi-part message in MIME format.
--------------060909000601020706050902
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Phill,

On 10/21/13 10:21 PM, Phillip Hallam-Baker wrote:
>
> Whether we like it or not, this is now part of the distrust landscape
> we have to deal with when designing technical solutions.

I agree with this statement.  It reminds me of a famous statement: trust
but verify.  The only method we have to deal with the sort of
interference we've read about are our open and transparent processes
(it's one of the reasons draft-resnick-consensus is very important, by
the way).  Nobody has anything better to offer, nor will they have.
> If people want technologies like DNSSEC/DANE or RPKI to be deployed in
> practice they are going to have to answer the difficult questions
> about how cryptography is used to concentrate power over the Internet
> infrastructure by a very narrow range of institutions, most of which
> are ultimately under US govt. control.

To this we can only say that if the U.S. attempted to exert that
control, it would be widely noticed, and it would quickly lead to changes.

>
> On past vulnerabilities, it would seem that the NSA has delivered a
> paltry return if very much of that $250mil was spent on subverting
> standards. At best they have one borked random number generator that
> Ferguson spotted was bjorked back in 2007 and Bruce blogged on, a
> couple of PKIX holes that they maybe helped keep open. Thats hardly a
> return on investment to be proud of.

Two things:

1.  $250 million probably doesn't account for everything that was done.
2.  I would expect that this was a relatively small portion of what was
spent.
>
>
> Another hypothesis is that much of that money was spent for the
> purposes it should have been spent on - protecting US cyber
> infrastructure from attack i.e. cyberdefense but that the expenditures
> were written up as cyber attack because that is what was prized during
> the Alexander years at the NSA.

Who knows?  Does it matter from an IETF perspective?  Does it change the
attack surface discussion in a formal sense?

Eliot

--------------060909000601020706050902
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Phill,<br>
    <br>
    <div class="moz-cite-prefix">On 10/21/13 10:21 PM, Phillip
      Hallam-Baker wrote:<br>
    </div>
    <blockquote
cite="mid:CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <div dir="ltr"><br>
        <div class="gmail_extra">
          <div class="gmail_quote">
            <div>Whether we like it or not, this is now part of the
              distrust landscape we have to deal with when designing
              technical solutions. </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    I agree with this statement.  It reminds me of a famous statement:
    trust but verify.  The only method we have to deal with the sort of
    interference we've read about are our open and transparent processes
    (it's one of the reasons draft-resnick-consensus is very important,
    by the way).  Nobody has anything better to offer, nor will they
    have.<br>
    <blockquote
cite="mid:CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div class="gmail_extra">
          <div class="gmail_quote">
            <div>If people want technologies like DNSSEC/DANE or RPKI to
              be deployed in practice they are going to have to answer
              the difficult questions about how cryptography is used to
              concentrate power over the Internet infrastructure by a
              very narrow range of institutions, most of which are
              ultimately under US govt. control.</div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    To this we can only say that if the U.S. attempted to exert that
    control, it would be widely noticed, and it would quickly lead to
    changes.<br>
    <br>
    <blockquote
cite="mid:CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com"
      type="cite">
      <div dir="ltr"><br>
        <div class="gmail_extra">On past vulnerabilities, it would seem
          that the NSA has delivered a paltry return if very much of
          that $250mil was spent on subverting standards. At best they
          have one borked random number generator that Ferguson spotted
          was bjorked back in 2007 and Bruce blogged on, a couple of
          PKIX holes that they maybe helped keep open. Thats hardly a
          return on investment to be proud of.<br clear="all">
        </div>
      </div>
    </blockquote>
    <br>
    Two things:<br>
    <br>
    1.  $250 million probably doesn't account for everything that was
    done.<br>
    2.  I would expect that this was a relatively small portion of what
    was spent.<br>
    <blockquote
cite="mid:CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div class="gmail_extra">
          <div><br>
          </div>
          <div><br>
          </div>
          <div>Another hypothesis is that much of that money was spent
            for the purposes it should have been spent on - protecting
            US cyber infrastructure from attack i.e. cyberdefense but
            that the expenditures were written up as cyber attack
            because that is what was prized during the Alexander years
            at the NSA.</div>
        </div>
      </div>
    </blockquote>
    <br>
    Who knows?  Does it matter from an IETF perspective?  Does it change
    the attack surface discussion in a formal sense?<br>
    <br>
    Eliot<br>
  </body>
</html>

--------------060909000601020706050902--

From hannes.tschofenig@gmx.net  Mon Oct 21 23:14:23 2013
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F5A411E8403 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 23:14:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ej9rhEfTXs7A for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 23:14:18 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by ietfa.amsl.com (Postfix) with ESMTP id 2D60111E8163 for <perpass@ietf.org>; Mon, 21 Oct 2013 23:14:18 -0700 (PDT)
Received: from [172.16.254.200] ([80.92.115.161]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0LfC4q-1W5fAu1JlI-00olSH for <perpass@ietf.org>; Tue, 22 Oct 2013 08:14:16 +0200
Message-ID: <526617D2.5060903@gmx.net>
Date: Tue, 22 Oct 2013 08:14:42 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Eliot Lear <lear@cisco.com>, Phillip Hallam-Baker <hallam@gmail.com>,  Stephen Kent <kent@bbn.com>
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com> <5265FB71.1020408@cisco.com>
In-Reply-To: <5265FB71.1020408@cisco.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:bHK5tSSGgKJpXsEuYS15aBOwqqAf+56+efOhQ4ahGJRbT6KXUrC z8hllJsLNDGszDh+tYsWMPEOwqw6lr7jCfMurxrNpD1Lg5IYUoJS9yRLA1sYqMESC2sMuoS DUV6sJ4lCqac1mnVBlqeDeTvIej7CGl2ZdzUHFsZSrQW4INXHrE2KVstWomfdoD5ObwoHUQ KFVOoMsrKoZg+kIdmMfdw==
Cc: Marcelo Bagnulo <marcelo@it.uc3m.es>, perpass <perpass@ietf.org>
Subject: Re: [perpass] Standards in the age of pervasive suspicion Re: NSA inspired PKIX limitations?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 06:14:23 -0000

Hi Eliot, Hi Phillip,

On 10/22/2013 06:13 AM, Eliot Lear wrote:
>>
>> Whether we like it or not, this is now part of the distrust landscape
>> we have to deal with when designing technical solutions.
>
> I agree with this statement.  It reminds me of a famous statement: trust
> but verify.  The only method we have to deal with the sort of
> interference we've read about are our open and transparent processes
> (it's one of the reasons draft-resnick-consensus is very important, by
> the way).  Nobody has anything better to offer, nor will they have.

In context of the cryptographic primitives we certainly have relied a 
lot on NIST, which is reflected in the number of presentations at the 
SAAG meetings.

We have made too few attempts to reach out to other communities (if 
those even exist) to hear other views. I once talked to Bart Preneel, 
who is involved in the European crypto community, to attend an IETF 
meeting but (for whatever reason) it didn't work out.

Maybe that's something to think about?

>> If people want technologies like DNSSEC/DANE or RPKI to be deployed in
>> practice they are going to have to answer the difficult questions
>> about how cryptography is used to concentrate power over the Internet
>> infrastructure by a very narrow range of institutions, most of which
>> are ultimately under US govt. control.
>
> To this we can only say that if the U.S. attempted to exert that
> control, it would be widely noticed, and it would quickly lead to changes.

Although I wasn't at the IAB at that time I recall that the RPKI 
decision for having a single trust anchor was everything but easy.

Here is the IAB statement from that time:
http://www.ietf.org/mail-archive/web/ietf-announce/current/msg07028.html

Maybe Marcelo, who was at the IAB at that time, can say something about 
the discussions.

Ciao
Hannes


From huitema@huitema.net  Mon Oct 21 23:26:23 2013
Return-Path: <huitema@huitema.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B80B11E8166 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 23:26:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.67
X-Spam-Level: 
X-Spam-Status: No, score=-1.67 tagged_above=-999 required=5 tests=[AWL=0.930,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kGPi8RpLkfk7 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 23:26:17 -0700 (PDT)
Received: from xsmtp05.mail2web.com (xsmtp25.mail2web.com [168.144.250.191]) by ietfa.amsl.com (Postfix) with ESMTP id CFE0E11E8174 for <perpass@ietf.org>; Mon, 21 Oct 2013 23:26:14 -0700 (PDT)
Received: from [10.5.2.15] (helo=xmail05.myhosting.com) by xsmtp05.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1VYVPx-00044i-Gc for perpass@ietf.org; Tue, 22 Oct 2013 02:26:14 -0400
Received: (qmail 4235 invoked from network); 22 Oct 2013 06:26:01 -0000
Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail05.myhosting.com (qmail-ldap-1.03) with ESMTPA for <perpass@ietf.org>; 22 Oct 2013 06:26:00 -0000
From: "Christian Huitema" <huitema@huitema.net>
To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, "'Ted Hardie'" <ted.ietf@gmail.com>, <perpass@ietf.org>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <52644423.1090800@cs.tcd.ie>
In-Reply-To: <52644423.1090800@cs.tcd.ie>
Date: Mon, 21 Oct 2013 23:25:59 -0700
Message-ID: <076e01ceceef$93ad3230$bb079690$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Content-Language: en-us
Thread-Index: AQJp2+BPsOBTlZvlNMkMotn4yU5YiwDWxOIHmMNtltA=
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive	monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 06:26:24 -0000

> Thanks for the draft. As you might guess from earlier discussion
> on here, I think the more-than-MTI approach espoused is maybe the
> right one, if we can figure out how to state the requirement well.
> Have you any ideas on that, or on how we could get towards a
> situation where that gained consensus?

Networking standards are promoted by consensus and by network effects. In
the absence of some forcing function, "fallback to clear text" gets promoted
by network effects, because it is de facto forced by the sites that don't
bother deploying the more secure options. The best way to break that is to
provide "air cover" for security, e.g. a text in the protocol description
RFC that says "nodes requiring a modicum of security SHOULD refuse to use
clear text connections."  That would effectively turn the tables.

Suppose for example that a large enough mail service starts to require TLS
for SMTP connections. Many sites who are accustomed to send mail in clear
text will initially protest when their mail gets bounced. But if the
standard says that yes, they have all right to do that, then the big site
has "air cover." "I am not breaking you, I am just following best practice."
At this point, you will see more and more sites opting to turn on TLS, and
pretty soon the network effects will work in favor of encryption.

Of course, to be practical, this requires that sites can easily get a
certificate of some kind, PKI or DANE, to actually use TLS...

-- Christian Huitema



From hannes.tschofenig@gmx.net  Mon Oct 21 23:38:05 2013
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4926311E8484 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 23:38:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UC9EFWbvzqov for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 23:38:00 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id 8C74811E847A for <perpass@ietf.org>; Mon, 21 Oct 2013 23:37:14 -0700 (PDT)
Received: from [172.16.254.200] ([80.92.115.161]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MC7em-1VPkAD2SmW-008w4i for <perpass@ietf.org>; Tue, 22 Oct 2013 08:37:13 +0200
Message-ID: <52661D34.5000405@gmx.net>
Date: Tue, 22 Oct 2013 08:37:40 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:h8TMy8YrfI+n69eEYmsm3Xp/Et9/YRmgzgUtPsPhkW4fOUcN50T wl1MZBJVT7jQsZqFA54FqQ549PdH6hyGQAFZQnW63+bBuG5OkehDozeCNtfKgYOi/fcC/au zzM+ad7kpvxnkPN+9KvuVp4Rahr0pRkEfj3WCL4WV3Mtu9xu2C4go4Q9PP+bMX9CqjlFn12 X/b4KhkoS9bDPZz3psJjw==
Cc: hannes.tschofenig@gmx.net
Subject: [perpass] draft-tschofenig-perpass-surveillance-00.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 06:38:05 -0000

Hi all,

with Bruce Schneiers proposal to dedicate the November IETF meeting to 
the topic of surveillance there was a lot of discussion about what the 
IETF can do in this area.

In preparation of an IAB tech chat and the technical plenary about 
Internet hardening I prepared a short presentation to the IAB.

The presentation contained a summary of some of the discovered attacks 
and tried to explain how they relate to the bigger security picture.

While many of you, as security experts, are aware of the role and the 
limitations of the IETF in security others in the IAB thought it would 
be useful to produce a short writeup.

I produced that write-up and you can find it here:
http://tools.ietf.org/html/draft-tschofenig-perpass-surveillance-00

It might help others to understand what we can do ourselves in standards 
development and where we have to work with communities outside the IETF 
to make a difference.

Ciao
Hannes

From hannes.tschofenig@gmx.net  Mon Oct 21 23:48:28 2013
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B408511E8477 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 23:48:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.625
X-Spam-Level: 
X-Spam-Status: No, score=-102.625 tagged_above=-999 required=5 tests=[AWL=-0.026, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GNuxMwVCpvnF for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 23:48:24 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by ietfa.amsl.com (Postfix) with ESMTP id 15B4811E847C for <perpass@ietf.org>; Mon, 21 Oct 2013 23:48:24 -0700 (PDT)
Received: from [172.16.254.200] ([80.92.115.161]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MB2G8-1VOdrL3LzY-00A0ev for <perpass@ietf.org>; Tue, 22 Oct 2013 08:48:20 +0200
Message-ID: <52661FCE.6040209@gmx.net>
Date: Tue, 22 Oct 2013 08:48:46 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:p+y5eiiN4d1Ha8NnxcYwe3+vRIWPjasHlcShBDNC3jCCbDYenqh vmADjIrAK3joLIPrfnFPFbZOYnPf6hFPm0S+s4iQPCB2msVMXHU6w11+qjRc5cuCApYnhni vIs52Dy6GD8+15g83e7LdZaWrutiGjEeeijsC6ey/yFv5RdBtEHPuu4c8JgSD5NLNvp9HQ3 +wsSI+syqbN6j65nUH2iA==
Cc: hannes.tschofenig@gmx.net
Subject: [perpass] draft-tschofenig-iab-webpki-evolution-00
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 06:48:28 -0000

Hi all,

one item that predates the pervasive surveillance debate is the 
discussion about improving the public key infrastructure (but still has 
relevance in this discussion, see 
https://www.net-security.org/secworld.php?id=15579).

Following the workshop at NIST earlier this year the IAB and ISOC have 
been reaching out to different players (and are still doing that) to 
continue the conversation.

We have put together a first document that describes the different 
proposals (and as you can see the level of detail available for them and 
their maturity varies greately). Here is the writeup:
http://tools.ietf.org/html/draft-tschofenig-iab-webpki-evolution-00

The analysis is still a bit weak and requires more work but the 
proposals are hopefully captured accurately. Let us know whether there 
is something missing.

We hope that this could help to create move momentum behind certain 
proposals to get them accepted by the community and widely deployed.

Ciao
Hannes

From sm@resistor.net  Mon Oct 21 23:59:53 2013
Return-Path: <sm@resistor.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE1CD11E8489 for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 23:59:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.569
X-Spam-Level: 
X-Spam-Status: No, score=-102.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 43aX4wr8TwTe for <perpass@ietfa.amsl.com>; Mon, 21 Oct 2013 23:59:53 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F1A911E84AD for <perpass@ietf.org>; Mon, 21 Oct 2013 23:59:52 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r9M6xTPE008724; Mon, 21 Oct 2013 23:59:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1382425176; bh=c2vKBNLAjhx0O72d59esq+OGLYPW98Rrm7+U3LxW1xI=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=cXA05g4/SHq5gJiZZWb0eNn57D9MiYZ9ZuI9h8OR5Ndf9R9tt1P9d7TxZodBlRgqz tQeWEqOKMjnn1lbZ7oDJ7FdC9+T9kSHtVBVT8xCvYX2VwdQ4v77AYCeBbGrxtGn4MH 8ouciQg/kruDpU6pZ8riZ736/ssYbOvfISZySphA=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1382425176; i=@resistor.net; bh=c2vKBNLAjhx0O72d59esq+OGLYPW98Rrm7+U3LxW1xI=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=YhrWCVQfd/G6UkiyoqOQzph3UjMXiyu/URY3Xqo72YCLvoi3ftV/z4RPjIinXfZDi OgGGKBChOUUCSlSc9IJqocpMYvuQo1CB/HOPXBYfA5xCER9MajqGJzoWhcWXyuUoD7 tfBny94+aBpMIByIYly4cohkK8TmjjRrlLxMwtwk=
Message-Id: <6.2.5.6.2.20131021232826.0dbc9530@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Mon, 21 Oct 2013 23:41:13 -0700
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
From: SM <sm@resistor.net>
In-Reply-To: <526617D2.5060903@gmx.net>
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com> <5265FB71.1020408@cisco.com> <526617D2.5060903@gmx.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: Marcelo Bagnulo <marcelo@it.uc3m.es>, perpass@ietf.org, Phillip Hallam-Baker <hallam@gmail.com>, Stephen Kent <kent@bbn.com>, Eliot Lear <lear@cisco.com>
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 06:59:54 -0000

Hi Hannes,
At 23:14 21-10-2013, Hannes Tschofenig wrote:
>In context of the cryptographic primitives we certainly have relied 
>a lot on NIST, which is reflected in the number of presentations at 
>the SAAG meetings.
>
>We have made too few attempts to reach out to other communities (if 
>those even exist) to hear other views. I once talked to Bart 
>Preneel, who is involved in the European crypto community, to attend 
>an IETF meeting but (for whatever reason) it didn't work out.
>
>Maybe that's something to think about?

There are several governments which rely on NIST.  It's difficult to 
say whether there will be a shift away from that.

In this age of suspicion a single-source provider is not a good 
idea.  If the IETF decides to review and re-review its protocols it 
would be good to have input from other communities (re. what you 
mentioned above).

Regards,
-sm 


From benl@google.com  Tue Oct 22 07:00:49 2013
Return-Path: <benl@google.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84DA211E8397 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 07:00:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level: 
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zl5ue9MFDLen for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 07:00:49 -0700 (PDT)
Received: from mail-ve0-x232.google.com (mail-ve0-x232.google.com [IPv6:2607:f8b0:400c:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id B87AD11E8391 for <perpass@ietf.org>; Tue, 22 Oct 2013 07:00:46 -0700 (PDT)
Received: by mail-ve0-f178.google.com with SMTP id jy13so5178910veb.37 for <perpass@ietf.org>; Tue, 22 Oct 2013 07:00:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=fmhjo5pUmsH8lkOtbEp3O8uyefUnABdryueKuTYOa/4=; b=KWcPulOPL1JpUO4WUr+3Fs216Gy2eC6aBwQ04Ma+/BhT1eO558z9KnOT6l4T4T23lj OuzpjgOgtAmp3xGCmV1DQOzL3ZDbGT35bnjQMxrBvRqhm1YbA+gPe+XqJIwLQSr0vvOh i7OTEDdKak/ThrtT4QBb9tozLKAodHo9e0wKDaVbeJepWCfuTVGycC0VUlE5CvxQ4r9A LBvJSzfGYYLAR8F0kJLmwjCi1DAZsG5bZI3YWoQxZe2v2lXLeqPFpJc8dEf/S8yHQC87 h47n7lkVSLJYzCkY3gN2v9bi9hyGNlfEqyPTaDcaL+Uu1FIwT9d25BwurJk6075EQ2KF 0JaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=fmhjo5pUmsH8lkOtbEp3O8uyefUnABdryueKuTYOa/4=; b=VFeO4AEh7A5jvZ/ut+7jZgtOzcNZvYC1ZcjSu4Ycs0BpHPCzfIQ5a6jJup8ERDlHO8 VBXFANsPLNWJv5FgPYo+lOnFPp2X6VLZh7IOeOIo6MP3AxEXgtibMMkQURSN9sQoU9jw aBqYaMDtzEnHa5MHtgqSrAuB8WjPJgLpS2giyAmXaFamYcxZZIOsnjd8P5LJtrhdmdq8 AEP08wcH2BHoID2kWKItCcGc/6vUgSUklqy4ecaaFENBLgltjrYfoViKfh7aXHiR/yrw e1lCpBwXQANav3AAFDIidUD8nfP8Oh8E5yCqtV2WwvatZmqVyfaucjqViCXw3zbAfDbq 9hUg==
X-Gm-Message-State: ALoCoQlLuzmR6zBqQ2zaXN7L4NQy8LgwLVUA+vTDFGgKB1KB2eJpuLrDWnNXS41hqGwB+Hl0b8j0t9pJxqJj1C9lvFAumBv9WXco92MhgvabTEkTJXlfEkRIqvgjXL+LagAKQnRckoUXEHw3WSVN8FjJ028tV401J/2V+sBhZEZsGAzNVXh6ngFH6pe09NASw8tdpSX8/GVt
MIME-Version: 1.0
X-Received: by 10.52.100.202 with SMTP id fa10mr12799047vdb.0.1382450445979; Tue, 22 Oct 2013 07:00:45 -0700 (PDT)
Received: by 10.52.183.65 with HTTP; Tue, 22 Oct 2013 07:00:45 -0700 (PDT)
In-Reply-To: <52655288.6080502@bbn.com>
References: <CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com> <52655288.6080502@bbn.com>
Date: Tue, 22 Oct 2013 15:00:45 +0100
Message-ID: <CABrd9SR4ErCjxf5XFZf3u1Dsepodh8LK_-oi8Zy4R4pEiSSNpA@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary=20cf307f3128c0b17204e954d369
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] NSA inspired PKIX limitations?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 14:00:49 -0000

--20cf307f3128c0b17204e954d369
Content-Type: text/plain; charset=ISO-8859-1

On 21 October 2013 17:12, Stephen Kent <kent@bbn.com> wrote:

>
>   1) Name Constraints MUST be marked critical
>
>  And utterly stupid restriction since the semantics of the criticality
> bit are 'break backwards compatibility'. Use of name constraints provide a
> significant reduction in the attack surface and would have prevented the
> Flame attack. However marking a name constraint critical breaks Safari and
> provides no security benefit in the Web PKI.
>
>  Outcome: Industry has decided that the standard is that name constraints
> MAY be marked non-critical.
>
> It might be worth emhpasizing that the principal reason cited for not
> marking the extension critical, as per X,.509
> and RFC 5280, was a single vendor's unwillingness to fix a bug in their
> browser. The CABF members, being browser vendors
> as well as third-party CAs, was the prefect venue in which elect to given
> precedence to a vendor's intransigence.
>
>   Even if that vendor had been willing to fix the bug, you'd still need
name constraints to be non-critical, or they'd break every outdated
browser. Which would mean they could not be used for many years. So clearly
they had to be non-critical, as will future extensions have to be, I'm sure.

So, I don't think the emphasis is worth it.

--20cf307f3128c0b17204e954d369
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">=
On 21 October 2013 17:12, Stephen Kent <span dir=3D"ltr">&lt;<a href=3D"mai=
lto:kent@bbn.com" target=3D"_blank">kent@bbn.com</a>&gt;</span> wrote:<br><=
blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px=
 #ccc solid;padding-left:1ex">
<div class=3D"im"><br>
    <blockquote type=3D"cite">
      <div dir=3D"ltr">
        <div>
          <div>1) Name Constraints MUST be marked critical</div>
          <div><br>
          </div>
          <div>And utterly stupid restriction since the semantics of the
            criticality bit are &#39;break backwards compatibility&#39;. Us=
e of
            name constraints provide a significant reduction in the
            attack surface and would have prevented the Flame attack.
            However marking a name constraint critical breaks Safari and
            provides no security benefit in the Web PKI.=A0</div>
          <div><br>
          </div>
          <div>Outcome: Industry has decided that the standard is that
            name constraints MAY be marked non-critical.</div>
        </div>
      </div>
    </blockquote></div>
    It might be worth emhpasizing that the principal reason cited for
    not marking the extension critical, as per X,.509<br>
    and RFC 5280, was a single vendor&#39;s unwillingness to fix a bug in
    their browser. The CABF members, being browser vendors<br>
    as well as third-party CAs, was the prefect venue in which elect to
    given precedence to a vendor&#39;s intransigence.<div class=3D"im"><br>
    <blockquote type=3D"cite">
      <div dir=3D"ltr">
        <div>
          <div></div></div></div></blockquote></div></blockquote></div>Even=
 if that vendor had been willing to fix the bug, you&#39;d still need name =
constraints to be non-critical, or they&#39;d break every outdated browser.=
 Which would mean they could not be used for many years. So clearly they ha=
d to be non-critical, as will future extensions have to be, I&#39;m sure.</=
div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">So, I don&#=
39;t think the emphasis is worth it.</div><div class=3D"gmail_extra"><br></=
div></div>

--20cf307f3128c0b17204e954d369--

From kent@bbn.com  Tue Oct 22 07:19:48 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B469B21E8098 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 07:19:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.506
X-Spam-Level: 
X-Spam-Status: No, score=-106.506 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ZobmAiW9-HO for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 07:19:42 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id D497521E8094 for <perpass@ietf.org>; Tue, 22 Oct 2013 07:19:29 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:50195) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VYcnw-000OzT-Li for perpass@ietf.org; Tue, 22 Oct 2013 10:19:28 -0400
Message-ID: <52668970.4080500@bbn.com>
Date: Tue, 22 Oct 2013 10:19:28 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: perpass@ietf.org
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com>	<CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com>
In-Reply-To: <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 14:19:48 -0000

DataPacRat,
> ...
> The reasons you list are the ones behind why I included the
> 'Confidence' parameter in the Signed vCard spec. In fact, that
> parameter is the key to the whole approach.
A similar proposal, adding qualitative metrics to the basic web of trust 
model,
was the focus of a PhD thesis about 20 years ago, in France. It was not 
a great
idea; trust is not transitive and adding numbers to the mix doesn't 
change that,
although it can lead to considerable confusion for users.

Steve

From datapacrat@gmail.com  Tue Oct 22 08:06:18 2013
Return-Path: <datapacrat@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E926011E84AA for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 08:06:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1AfU7D7Se9-A for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 08:06:17 -0700 (PDT)
Received: from mail-we0-x22a.google.com (mail-we0-x22a.google.com [IPv6:2a00:1450:400c:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id AC8C111E83F0 for <perpass@ietf.org>; Tue, 22 Oct 2013 08:06:15 -0700 (PDT)
Received: by mail-we0-f170.google.com with SMTP id u57so8423028wes.1 for <perpass@ietf.org>; Tue, 22 Oct 2013 08:06:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=52Yd20G451cdXoXLia8W/rtdYkpVUDSBDraAx43xqGc=; b=zEQvN47v5TV2koxTDYB7gcIAZOqBEFHJ3EYXPDjklWzZT14eJXZA7CdjX5PQnglhDW 7l5UJ0li3RuH14FmicZTjlkzDxOYAkOe/GT9UXgSaTB9ftf/qAzaP1GY6KljA3BqGQwa j66V9vIMEl660y5o4r8yltQ4U2UwULgz9buPRpdkBpROtJyHp+088FGxAvEI7VpD8Ebe +OT433JdDC9wfn+QRnPLTicY8rZVl9UbINh0SnuSOpi/8wOileZoNnXKOkurvva+bCLm STOTh3lBBjNj/BjmE0LbNx2jPF5KLCMgpTWQsLIvBWHKFPJwhtmbBM1KfEjzoLRAoLD0 N44A==
MIME-Version: 1.0
X-Received: by 10.194.23.73 with SMTP id k9mr19916093wjf.24.1382454374647; Tue, 22 Oct 2013 08:06:14 -0700 (PDT)
Received: by 10.194.133.193 with HTTP; Tue, 22 Oct 2013 08:06:14 -0700 (PDT)
In-Reply-To: <52668970.4080500@bbn.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <52668970.4080500@bbn.com>
Date: Tue, 22 Oct 2013 11:06:14 -0400
Message-ID: <CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 15:06:18 -0000

On Tue, Oct 22, 2013 at 10:19 AM, Stephen Kent <kent@bbn.com> wrote:

>> The reasons you list are the ones behind why I included the
>> 'Confidence' parameter in the Signed vCard spec. In fact, that
>> parameter is the key to the whole approach.
>
> A similar proposal, adding qualitative metrics to the basic web of trust
> model,
> was the focus of a PhD thesis about 20 years ago, in France. It was not a
> great
> idea; trust is not transitive and adding numbers to the mix doesn't change
> that,
> although it can lead to considerable confusion for users.

(I know that this isn't the idea you were trying to convey, but I find
the very fact that the idea I came up with was able to /be/ the topic
for a thesis very cheering. :) )

I am extremely aware that Bayesian numbers are extremely non-intuitive
for many people. Simply by rephrasing a basic Bayesian-style word
problem in different ways, from 15% to 46% of doctors get the right
answer [1]. This is why I spent so many paragraphs describing decibans
and their use in the draft, including a table. It's also why, once the
basics of the system are worked out, I'm hoping to offer the option of
hiding all the fiddly bits in the background for the end-user, as in
present-day https.

The key item I am gathering from your response is 'trust is not
transitive'. If that's the case, then wouldn't that also apply to
chains of 'official' CAs, as well? If all that is so, then is it
possible that ad-hoc / mesh-network / web-of-trust /
(insert-buzzword-here) CAs would fare no worse by that metric than the
current hierarchical CA system?


[1] http://yudkowsky.net/rational/bayes/


Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."

From paul.hoffman@gmail.com  Tue Oct 22 08:27:01 2013
Return-Path: <paul.hoffman@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06BE311E84C4 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 08:27:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QgLz1i69k9kv for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 08:27:00 -0700 (PDT)
Received: from mail-vb0-x230.google.com (mail-vb0-x230.google.com [IPv6:2607:f8b0:400c:c02::230]) by ietfa.amsl.com (Postfix) with ESMTP id 31CF811E83FF for <perpass@ietf.org>; Tue, 22 Oct 2013 08:26:58 -0700 (PDT)
Received: by mail-vb0-f48.google.com with SMTP id w16so3101vbf.21 for <perpass@ietf.org>; Tue, 22 Oct 2013 08:26:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=nq/ICG1GeSKUzfXT3tsanczABCWT6sWKLzh/6Y5S2Ik=; b=YBqew2jZZRmuAqZT1ygKG6a/5XWSU0VP9gMoJHRlfXdJTBT5QJlAvmZBKkKHDVJUtZ VIr3XqwfPWlw9Mg92BEe3npp307nJo7fSMPiHx1w2k7MCthNle7GaFSkTdOPhA/2OPN9 rcaQLxRfz77KFRCGKw99ffi10NxodMa2fKTwHeWNmBBsI57XmgCM/SaKJzDCbfFNKeby ptEbcDZDDW4vqfO+aQXZd8wJwJdv4Ja4LrrMveUvGMPjGPBGmQWdYZOBypuEbnjqKW4B VQlD3OX3/lOYPqDH2QZoSxlbXV4OdQNb5cmEhyoZGBWna3PYYz5FEFy+mM581896iy6d G3hw==
MIME-Version: 1.0
X-Received: by 10.58.168.205 with SMTP id zy13mr5253746veb.19.1382455617593; Tue, 22 Oct 2013 08:26:57 -0700 (PDT)
Received: by 10.220.150.208 with HTTP; Tue, 22 Oct 2013 08:26:57 -0700 (PDT)
Date: Tue, 22 Oct 2013 08:26:57 -0700
Message-ID: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>
From: Paul Hoffman <paul.hoffman@gmail.com>
To: perpass@ietf.org
Content-Type: multipart/alternative; boundary=047d7b6dc22401286904e95608c5
Subject: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 15:27:01 -0000

--047d7b6dc22401286904e95608c5
Content-Type: text/plain; charset=UTF-8

This was posted last night by Viktor Dukhovni on the cryptography mailing
list, but is certainly applicable here. Forwarded with Viktor's permission.

====================

There have been many recent efforts to harden the cryptographic
security of various systems.  I would like to urge anyone considering
taking steps in that direction to exercise due caution.

Multiple recent attempts at improvement backfire in various ways:

   - RedHat has been under pressure for some time to enable EC support
     in their OpenSSL RPM package.

    * They finally relented and added EC support ~1 week ago.  However,
      they quickly decided to play it safe and enable just the Suite-B
      curves: secp256r1, secp384r1 and no others.

    * They neglected to consider that the new libraries now
      happily negotiate EECDH key exchange TLS cipher-suites with
      servers that typically don't know of (or can't act on) the
      client's limitations.

    * At the same time newly hardened SMTP servers at gmx.de
      and other sites have "stronger" security by switching to
      secp521r1.

      # Result: SMTP TLS handshakes break, and more mail goes out in
        the clear!

      # With TLS, no EC is better than crippled EC.

   - GnuTLS sets aggressive client-side EDH prime-size lower bound.

    * Exim encounters interoperability problems and works-around
      the setting by allowing 1024-bit EDH in SMTP clients while
      using 2048-bit EDH in the server (which generally works for
      SMTP).

    * Debian decides to improve security in Exim and raises this
      to 2048-bits, breaking interoperability again.

       # Result:  Since SMTP TLS is generally opportunistic, when
         TLS handshakes break, more mail is transmitted in the clear!

   - Some email administrators disable RC4 (enable only the OpenSSL "HIGH"
     ciphers) in opportunistic TLS.  Many extant Microsoft Exchange servers
     support only RC4-SHA1, RC4-MD5 and 3DES (whose implementation is
     breaks post handshake in data transfer).

       # Result: TLS handshakes fail, and mail is sent in the clear.

   - There's lots of press about CRIME, BEAST, ... and some SMTP
     administrators configure their systems to prefer RC4 and
     avoid CBC ciphersuites.

    # The attacks in question are primarily HTTPS attacks,
    cryptanalysis of RC4 may well be the greater threat to SMTP.

There are I expect similar examples of good intentions, but poor
outcomes outside the world of SMTP.  Raising the bar on Internet
security will take considerable time and effort.  Updated standards
will have to be developed, toolkits extended to support them and
applications updated.  Rolling improved security out to end-users
will likely take on the order of a decade.

In the mean-time, users should make an effort to configure their
systems to employ current best-practice security, trying to go
beyond that into uncharted territory may well be counter-productive.

Endpoint security and misuse of data at rest are still IMHO the
bigger issues.  I am much more concerned about the proliferation
of miniature programmable computers inside our computers (CPUs and
programmable firmware in disk controllers, battery controllers,
BMC controllers, with opaque binary firmware update blobs, and
complex supply chains) that about secp256r1 vs secp521r1.

We thought embedded devices were for physical infrastructure
engineers to worry about, but now they are proliferating inside
our general purpose computers.  The next Stuxnet will run on one
of the invisible computers inside your computer.

With concerted effort we can improve the crypto protocols, but will
it matter if the architecture on top of which the crypto runs has
an ever growing attack surface.

--047d7b6dc22401286904e95608c5
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">This was posted last night by Viktor Dukhovni on the crypt=
ography mailing list, but is certainly applicable here. Forwarded with Vikt=
or&#39;s permission.<br><br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D<br><br>There have been many recent efforts to harden the cr=
yptographic<br>
security of various systems.=C2=A0 I would like to urge anyone considering<=
br>taking steps in that direction to exercise due caution.<br><br>Multiple =
recent attempts at improvement backfire in various ways:<br><br>=C2=A0=C2=
=A0 - RedHat has been under pressure for some time to enable EC support<br>
=C2=A0=C2=A0=C2=A0=C2=A0 in their OpenSSL RPM package.<br><br>=C2=A0=C2=A0=
=C2=A0 * They finally relented and added EC support ~1 week ago.=C2=A0 Howe=
ver,<br>=C2=A0=C2=A0=C2=A0 =C2=A0 they quickly decided to play it safe and =
enable just the Suite-B<br>=C2=A0=C2=A0=C2=A0 =C2=A0 curves: secp256r1, sec=
p384r1 and no others.<br>
<br>=C2=A0=C2=A0=C2=A0 * They neglected to consider that the new libraries =
now<br>=C2=A0=C2=A0=C2=A0 =C2=A0 happily negotiate EECDH key exchange TLS c=
ipher-suites with<br>=C2=A0=C2=A0=C2=A0 =C2=A0 servers that typically don&#=
39;t know of (or can&#39;t act on) the<br>=C2=A0=C2=A0=C2=A0 =C2=A0 client&=
#39;s limitations.<br>
<br>=C2=A0=C2=A0=C2=A0 * At the same time newly hardened SMTP servers at <a=
 href=3D"http://gmx.de">gmx.de</a><br>=C2=A0=C2=A0=C2=A0 =C2=A0 and other s=
ites have &quot;stronger&quot; security by switching to<br>=C2=A0=C2=A0=C2=
=A0 =C2=A0 secp521r1.<br><br>=C2=A0=C2=A0=C2=A0 =C2=A0 # Result: SMTP TLS h=
andshakes break, and more mail goes out in<br>
=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 the clear!<br><br>=C2=A0=C2=A0=C2=A0 =
=C2=A0 # With TLS, no EC is better than crippled EC.<br><br>=C2=A0=C2=A0 - =
GnuTLS sets aggressive client-side EDH prime-size lower bound. <br><br>=C2=
=A0=C2=A0=C2=A0 * Exim encounters interoperability problems and works-aroun=
d<br>
=C2=A0=C2=A0=C2=A0 =C2=A0 the setting by allowing 1024-bit EDH in SMTP clie=
nts while<br>=C2=A0=C2=A0=C2=A0 =C2=A0 using 2048-bit EDH in the server (wh=
ich generally works for<br>=C2=A0=C2=A0=C2=A0 =C2=A0 SMTP).<br><br>=C2=A0=
=C2=A0=C2=A0 * Debian decides to improve security in Exim and raises this<b=
r>
=C2=A0=C2=A0=C2=A0 =C2=A0 to 2048-bits, breaking interoperability again.<br=
><br>=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0 # Result:=C2=A0 Since SMTP TLS is gene=
rally opportunistic, when<br>=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 TL=
S handshakes break, more mail is transmitted in the clear!<br><br>=C2=A0=C2=
=A0 - Some email administrators disable RC4 (enable only the OpenSSL &quot;=
HIGH&quot;<br>
=C2=A0=C2=A0=C2=A0=C2=A0 ciphers) in opportunistic TLS.=C2=A0 Many extant M=
icrosoft Exchange servers<br>=C2=A0=C2=A0=C2=A0=C2=A0 support only RC4-SHA1=
, RC4-MD5 and 3DES (whose implementation is<br>=C2=A0=C2=A0=C2=A0=C2=A0 bre=
aks post handshake in data transfer).<br><br>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0 # Result: TLS handshakes fail, and mail is sent in the clear.<br>
<br>=C2=A0=C2=A0 - There&#39;s lots of press about CRIME, BEAST, ... and so=
me SMTP<br>=C2=A0=C2=A0=C2=A0=C2=A0 administrators configure their systems =
to prefer RC4 and<br>=C2=A0=C2=A0=C2=A0=C2=A0 avoid CBC ciphersuites.<br><b=
r>=C2=A0=C2=A0=C2=A0 # The attacks in question are primarily HTTPS attacks,=
<br>
=C2=A0=C2=A0=C2=A0 cryptanalysis of RC4 may well be the greater threat to S=
MTP.<br><br>There are I expect similar examples of good intentions, but poo=
r<br>outcomes outside the world of SMTP.=C2=A0 Raising the bar on Internet<=
br>security will take considerable time and effort.=C2=A0 Updated standards=
<br>
will have to be developed, toolkits extended to support them and<br>applica=
tions updated.=C2=A0 Rolling improved security out to end-users<br>will lik=
ely take on the order of a decade.<br><br>In the mean-time, users should ma=
ke an effort to configure their<br>
systems to employ current best-practice security, trying to go<br>beyond th=
at into uncharted territory may well be counter-productive.<br><br>Endpoint=
 security and misuse of data at rest are still IMHO the<br>bigger issues.=
=C2=A0 I am much more concerned about the proliferation<br>
of miniature programmable computers inside our computers (CPUs and<br>progr=
ammable firmware in disk controllers, battery controllers,<br>BMC controlle=
rs, with opaque binary firmware update blobs, and<br>complex supply chains)=
 that about secp256r1 vs secp521r1.<br>
<br>We thought embedded devices were for physical infrastructure<br>enginee=
rs to worry about, but now they are proliferating inside<br>our general pur=
pose computers.=C2=A0 The next Stuxnet will run on one<br>of the invisible =
computers inside your computer.<br>
<br>With concerted effort we can improve the crypto protocols, but will<br>=
it matter if the architecture on top of which the crypto runs has<br>an eve=
r growing attack surface.<br><br></div>

--047d7b6dc22401286904e95608c5--

From datapacrat@gmail.com  Tue Oct 22 08:55:18 2013
Return-Path: <datapacrat@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C6B711E84C2 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 08:55:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e5+wupW99FUx for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 08:55:14 -0700 (PDT)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) by ietfa.amsl.com (Postfix) with ESMTP id 04CAC11E84B4 for <perpass@ietf.org>; Tue, 22 Oct 2013 08:55:05 -0700 (PDT)
Received: by mail-wi0-f180.google.com with SMTP id ey11so6010580wid.13 for <perpass@ietf.org>; Tue, 22 Oct 2013 08:55:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hPAcGz8i21PV3oN8CZG5tjT79mjj+xALRx0i9pioIz4=; b=avn7Qfgb6wB1/AM8kMfR9GtnXHSebqx+nBvzOUN1up8NXeDPiqK9qV+YuKNaRyNphH SJtCGo6N/yCGqd9BCfeL2QE4YJFsfvUzFg0KhT+So9ENFVJVj6mUxuDA5zhXRzVu1n3r DHVcRHRmB50O2PbCXQMaIXAYItznvJsA7DUAVvHhSZaX78FGxLiyKY4QH5o7ITpqXA6n bNL3Updb8Rn9olKel1hKr83KyAUpbKS7rx/p094v5g/g7TVjgKfuQOST7Cw7VvhgEhLc tZDlu1j5PubE5xA/Uc5QdjJE4E+qtANcxiu4il7LUp9hqIDzFONOZyaDRUopVZSizivy LysA==
MIME-Version: 1.0
X-Received: by 10.195.13.164 with SMTP id ez4mr19558716wjd.11.1382457304527; Tue, 22 Oct 2013 08:55:04 -0700 (PDT)
Received: by 10.194.133.193 with HTTP; Tue, 22 Oct 2013 08:55:04 -0700 (PDT)
In-Reply-To: <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com>
Date: Tue, 22 Oct 2013 11:55:04 -0400
Message-ID: <CAB5WduDidbABUCK1_uPT9yhsBqmEQN9bHKf33pYb_KoEi2QWuQ@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 15:55:19 -0000

On Mon, Oct 21, 2013 at 4:46 PM, DataPacRat <datapacrat@gmail.com> wrote:

> Eg, if I trust my own vCard at a level of 100 decibans,
> I trust Alice's card at 30, and Alice trusts Bob's card at 40, it's
> easy to determine that Bob's card should be trusted at somewhere under
> 30 decibans. (Real situations would be much more complicated, such as
> with multiple assertion paths; but this is still early days.)

I've just realized that not only might this problem be easier to solve
than I expected, it might already be solved. After waking from an
unusual dream, I've realized that it may be possible to analyze trust
networks with the same tools used to measure electrical networks;
specifically, by treating the user as a voltage source, any individual
as a node, and their level of trust in another individual/node as
conductivity (the inverse of resistance). There are plenty of existing
tools to perform analysis of bizarre electrical architectures, so if
this model has any validity, it should be reasonably trivial to apply
them to trust architectures, to work out how much current/trust
emanating from the source/user arrives at any given node/individual.

The question is whether this model /has/ any validity. I'm going to do
all the reading I can think of on trust modeling, but would also
appreciate any useful references anyone reading this might be able to
offer. (I have a limited budget, so free-to-read references are
preferred to paywalled ones.)


Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."

From stephen.farrell@cs.tcd.ie  Tue Oct 22 09:47:20 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C02611E8226 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 09:47:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.674
X-Spam-Level: 
X-Spam-Status: No, score=-102.674 tagged_above=-999 required=5 tests=[AWL=-0.075, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e+NKl2j5BD0r for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 09:47:13 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id B4F1F11E8145 for <perpass@ietf.org>; Tue, 22 Oct 2013 09:47:00 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 680F5BE53; Tue, 22 Oct 2013 17:46:57 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1oagE9oryxmM; Tue, 22 Oct 2013 17:46:57 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 39D72BE3E; Tue, 22 Oct 2013 17:46:57 +0100 (IST)
Message-ID: <5266AC02.80506@cs.tcd.ie>
Date: Tue, 22 Oct 2013 17:46:58 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@gmail.com>, perpass@ietf.org,  cryptography@dukhovni.org
References: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>
In-Reply-To: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 16:47:20 -0000

Yep, that's a useful post - we shouldn't rush too much,
but we do want to get things done so that developers
and deployers have something to use.

I wonder what's the best way to proceed with this kind
of stuff. I guess we want a BCP of some sort, but the
question is how to handle the various different cases
of foo-with-tls.

- Yaron did a generic TLS BCP draft. [1]
- PSA did an XMPP TLS BCP draft [2]
- This sounds like we might want an SMTP TLS BCP draft
  or perhaps to add text to [3], but that's aiming for
  experimental and is just about using DANE.

So at present we're heading towards a bunch of foo-with-tls
BCPs. Could those usefully be merged or are they better
kept separate?

Thoughts?

S.

[1] https://tools.ietf.org/html/draft-sheffer-tls-bcp
[2] https://tools.ietf.org/html/draft-saintandre-xmpp-tls
[3] https://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane

On 10/22/2013 04:26 PM, Paul Hoffman wrote:
> This was posted last night by Viktor Dukhovni on the cryptography mailing
> list, but is certainly applicable here. Forwarded with Viktor's permission.
> 
> ====================
> 
> There have been many recent efforts to harden the cryptographic
> security of various systems.  I would like to urge anyone considering
> taking steps in that direction to exercise due caution.
> 
> Multiple recent attempts at improvement backfire in various ways:
> 
>    - RedHat has been under pressure for some time to enable EC support
>      in their OpenSSL RPM package.
> 
>     * They finally relented and added EC support ~1 week ago.  However,
>       they quickly decided to play it safe and enable just the Suite-B
>       curves: secp256r1, secp384r1 and no others.
> 
>     * They neglected to consider that the new libraries now
>       happily negotiate EECDH key exchange TLS cipher-suites with
>       servers that typically don't know of (or can't act on) the
>       client's limitations.
> 
>     * At the same time newly hardened SMTP servers at gmx.de
>       and other sites have "stronger" security by switching to
>       secp521r1.
> 
>       # Result: SMTP TLS handshakes break, and more mail goes out in
>         the clear!
> 
>       # With TLS, no EC is better than crippled EC.
> 
>    - GnuTLS sets aggressive client-side EDH prime-size lower bound.
> 
>     * Exim encounters interoperability problems and works-around
>       the setting by allowing 1024-bit EDH in SMTP clients while
>       using 2048-bit EDH in the server (which generally works for
>       SMTP).
> 
>     * Debian decides to improve security in Exim and raises this
>       to 2048-bits, breaking interoperability again.
> 
>        # Result:  Since SMTP TLS is generally opportunistic, when
>          TLS handshakes break, more mail is transmitted in the clear!
> 
>    - Some email administrators disable RC4 (enable only the OpenSSL "HIGH"
>      ciphers) in opportunistic TLS.  Many extant Microsoft Exchange servers
>      support only RC4-SHA1, RC4-MD5 and 3DES (whose implementation is
>      breaks post handshake in data transfer).
> 
>        # Result: TLS handshakes fail, and mail is sent in the clear.
> 
>    - There's lots of press about CRIME, BEAST, ... and some SMTP
>      administrators configure their systems to prefer RC4 and
>      avoid CBC ciphersuites.
> 
>     # The attacks in question are primarily HTTPS attacks,
>     cryptanalysis of RC4 may well be the greater threat to SMTP.
> 
> There are I expect similar examples of good intentions, but poor
> outcomes outside the world of SMTP.  Raising the bar on Internet
> security will take considerable time and effort.  Updated standards
> will have to be developed, toolkits extended to support them and
> applications updated.  Rolling improved security out to end-users
> will likely take on the order of a decade.
> 
> In the mean-time, users should make an effort to configure their
> systems to employ current best-practice security, trying to go
> beyond that into uncharted territory may well be counter-productive.
> 
> Endpoint security and misuse of data at rest are still IMHO the
> bigger issues.  I am much more concerned about the proliferation
> of miniature programmable computers inside our computers (CPUs and
> programmable firmware in disk controllers, battery controllers,
> BMC controllers, with opaque binary firmware update blobs, and
> complex supply chains) that about secp256r1 vs secp521r1.
> 
> We thought embedded devices were for physical infrastructure
> engineers to worry about, but now they are proliferating inside
> our general purpose computers.  The next Stuxnet will run on one
> of the invisible computers inside your computer.
> 
> With concerted effort we can improve the crypto protocols, but will
> it matter if the architecture on top of which the crypto runs has
> an ever growing attack surface.
> 
> 
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 

From hallam@gmail.com  Tue Oct 22 09:55:49 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9178311E81BF for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 09:55:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.824
X-Spam-Level: 
X-Spam-Status: No, score=-1.824 tagged_above=-999 required=5 tests=[AWL=-0.516, BAYES_00=-2.599, MISSING_HEADERS=1.292, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QhfTKiSH2nc4 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 09:55:49 -0700 (PDT)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 4696911E81D5 for <perpass@ietf.org>; Tue, 22 Oct 2013 09:55:47 -0700 (PDT)
Received: by mail-la0-f42.google.com with SMTP id ea20so3051108lab.15 for <perpass@ietf.org>; Tue, 22 Oct 2013 09:55:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:from:in-reply-to:mime-version:date:message-id:subject:cc :content-type; bh=PgfrRL+KHVNk93AP/1UZ5Rzq5o/hLTOc7FRm8j59PY0=; b=PGnzJXAWeZFSyWeywowXssNaMAn0Tps1h6PxxNE3auOs3b1a/XBZ5HyVieA+N0uIeq ZVj/7qqxXRNqoVBWofP0ZJAa8ZqRUdIRSHUizOc6HWAtVIQMODUwfVbdUOwKc4a+UqZQ 6MGo6LF59ZJQb05k8pMYXmEbhz8ESI7JF9IWXYFu+NDIxVH6GWCdgWSeFQmoIhDKJr5x wZsY2jD7EO4SstUE+mYrhWbCDsoz+lBN82jBXhYVIY2H7v4TiuykEBfXep8W2vtejthz GXHHzaEtESQhseZWkbqFOjQseoMXnQl24ozFqHIs7mmEVrMeREfagCSk6J6MCaJGJMm+ R1nA==
X-Received: by 10.152.29.103 with SMTP id j7mr18298383lah.7.1382460946047; Tue, 22 Oct 2013 09:55:46 -0700 (PDT)
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <52668970.4080500@bbn.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
In-Reply-To: <52668970.4080500@bbn.com>
Mime-Version: 1.0 (1.0)
Date: Tue, 22 Oct 2013 12:33:31 -0400
Message-ID: <-2488479915836391546@unknownmsgid>
Cc: "perpass@ietf.org" <perpass@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 16:55:49 -0000

Trust is not transitive but cost measures are pretty stable

Producing a web of trust with a thousand bogus entries costs essentially nothing

Producing such a web with twenty links to verified parties is much
more expensive

Incidentally, I can't claim any originality for the extended work
factors I use as it happens. Although I came to them independently it
turns out that a co collaborator had gone so far as to organize an
event on the topic,

But what I had not appreciated earlier is just what a difference it
makes to cast the web of trust problem in terms of a work factor
metric and introduce a combination of peer and ttp trust providers.



Sent from my difference engine


> On Oct 22, 2013, at 10:19 AM, Stephen Kent <kent@bbn.com> wrote:
>
> DataPacRat,
>> ...
>> The reasons you list are the ones behind why I included the
>> 'Confidence' parameter in the Signed vCard spec. In fact, that
>> parameter is the key to the whole approach.
> A similar proposal, adding qualitative metrics to the basic web of trust model,
> was the focus of a PhD thesis about 20 years ago, in France. It was not a great
> idea; trust is not transitive and adding numbers to the mix doesn't change that,
> although it can lead to considerable confusion for users.
>
> Steve
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass

From paul.hoffman@gmail.com  Tue Oct 22 11:53:34 2013
Return-Path: <paul.hoffman@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1703711E8142 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 11:53:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id htncbY3xA4hH for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 11:53:32 -0700 (PDT)
Received: from mail-vc0-x22f.google.com (mail-vc0-x22f.google.com [IPv6:2607:f8b0:400c:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 82E0A21F8EDF for <perpass@ietf.org>; Tue, 22 Oct 2013 11:53:31 -0700 (PDT)
Received: by mail-vc0-f175.google.com with SMTP id ht10so1435103vcb.20 for <perpass@ietf.org>; Tue, 22 Oct 2013 11:53:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=p9SfushZeOJa2zKsMM3dVhRnU03FzMmNef69XSWeEtU=; b=moTXl6z2o4bGpDFb34dyfEJ43gX05CPT8M4dQhJwq3iqvrJz2oVWhAQ87gSDuX6tZK /zmQNBmpUvHcdxlGVFoI+S5ibz7JhPkQ+V4pJSw7u49MlHgNUziDfNfgqJNaDDikbHiR /f76L1cqnDuyVpu937CSASr7K2A05YtlNtnMr5R+gUB+45+1TurqzHI0K2XJtCj8cQjM 5AYGDMRmg2q3Vv8E1fT5v6CwaVpCqBs5qW9yQv4M03/PJIC8Gf+FFxUbRfVcd/OXk2uo JnW4loyWl2Xlevr5/zzpAmr0R/st6oIr2HrpuJQnxlKZ7Qr8j3g7nUYQu3V+u90IIPV3 fBhg==
MIME-Version: 1.0
X-Received: by 10.58.11.73 with SMTP id o9mr15331401veb.8.1382468009837; Tue, 22 Oct 2013 11:53:29 -0700 (PDT)
Received: by 10.220.150.208 with HTTP; Tue, 22 Oct 2013 11:53:29 -0700 (PDT)
In-Reply-To: <5266AC02.80506@cs.tcd.ie>
References: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com> <5266AC02.80506@cs.tcd.ie>
Date: Tue, 22 Oct 2013 11:53:29 -0700
Message-ID: <CAPik8yaUz77+ZExH+SRz=SGiFJuD9_T-bga7TH9hNDtzfGf5bw@mail.gmail.com>
From: Paul Hoffman <paul.hoffman@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary=047d7b2ed341a3cd0804e958ea1c
Cc: perpass@ietf.org, cryptography@dukhovni.org
Subject: Re: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 18:53:34 -0000

--047d7b2ed341a3cd0804e958ea1c
Content-Type: text/plain; charset=UTF-8

I could certainly do a rfc3207bis document, or participate in a
foo-over-tls omnibus. But, as Viktor points out, it's probably going to be
a bit less self-congratulatory than we might have expected.


On Tue, Oct 22, 2013 at 9:46 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie>wrote:

>
> Yep, that's a useful post - we shouldn't rush too much,
> but we do want to get things done so that developers
> and deployers have something to use.
>
> I wonder what's the best way to proceed with this kind
> of stuff. I guess we want a BCP of some sort, but the
> question is how to handle the various different cases
> of foo-with-tls.
>
> - Yaron did a generic TLS BCP draft. [1]
> - PSA did an XMPP TLS BCP draft [2]
> - This sounds like we might want an SMTP TLS BCP draft
>   or perhaps to add text to [3], but that's aiming for
>   experimental and is just about using DANE.
>
> So at present we're heading towards a bunch of foo-with-tls
> BCPs. Could those usefully be merged or are they better
> kept separate?
>
> Thoughts?
>
> S.
>
> [1] https://tools.ietf.org/html/draft-sheffer-tls-bcp
> [2] https://tools.ietf.org/html/draft-saintandre-xmpp-tls
> [3] https://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane
>
> On 10/22/2013 04:26 PM, Paul Hoffman wrote:
> > This was posted last night by Viktor Dukhovni on the cryptography mailing
> > list, but is certainly applicable here. Forwarded with Viktor's
> permission.
> >
> > ====================
> >
> > There have been many recent efforts to harden the cryptographic
> > security of various systems.  I would like to urge anyone considering
> > taking steps in that direction to exercise due caution.
> >
> > Multiple recent attempts at improvement backfire in various ways:
> >
> >    - RedHat has been under pressure for some time to enable EC support
> >      in their OpenSSL RPM package.
> >
> >     * They finally relented and added EC support ~1 week ago.  However,
> >       they quickly decided to play it safe and enable just the Suite-B
> >       curves: secp256r1, secp384r1 and no others.
> >
> >     * They neglected to consider that the new libraries now
> >       happily negotiate EECDH key exchange TLS cipher-suites with
> >       servers that typically don't know of (or can't act on) the
> >       client's limitations.
> >
> >     * At the same time newly hardened SMTP servers at gmx.de
> >       and other sites have "stronger" security by switching to
> >       secp521r1.
> >
> >       # Result: SMTP TLS handshakes break, and more mail goes out in
> >         the clear!
> >
> >       # With TLS, no EC is better than crippled EC.
> >
> >    - GnuTLS sets aggressive client-side EDH prime-size lower bound.
> >
> >     * Exim encounters interoperability problems and works-around
> >       the setting by allowing 1024-bit EDH in SMTP clients while
> >       using 2048-bit EDH in the server (which generally works for
> >       SMTP).
> >
> >     * Debian decides to improve security in Exim and raises this
> >       to 2048-bits, breaking interoperability again.
> >
> >        # Result:  Since SMTP TLS is generally opportunistic, when
> >          TLS handshakes break, more mail is transmitted in the clear!
> >
> >    - Some email administrators disable RC4 (enable only the OpenSSL
> "HIGH"
> >      ciphers) in opportunistic TLS.  Many extant Microsoft Exchange
> servers
> >      support only RC4-SHA1, RC4-MD5 and 3DES (whose implementation is
> >      breaks post handshake in data transfer).
> >
> >        # Result: TLS handshakes fail, and mail is sent in the clear.
> >
> >    - There's lots of press about CRIME, BEAST, ... and some SMTP
> >      administrators configure their systems to prefer RC4 and
> >      avoid CBC ciphersuites.
> >
> >     # The attacks in question are primarily HTTPS attacks,
> >     cryptanalysis of RC4 may well be the greater threat to SMTP.
> >
> > There are I expect similar examples of good intentions, but poor
> > outcomes outside the world of SMTP.  Raising the bar on Internet
> > security will take considerable time and effort.  Updated standards
> > will have to be developed, toolkits extended to support them and
> > applications updated.  Rolling improved security out to end-users
> > will likely take on the order of a decade.
> >
> > In the mean-time, users should make an effort to configure their
> > systems to employ current best-practice security, trying to go
> > beyond that into uncharted territory may well be counter-productive.
> >
> > Endpoint security and misuse of data at rest are still IMHO the
> > bigger issues.  I am much more concerned about the proliferation
> > of miniature programmable computers inside our computers (CPUs and
> > programmable firmware in disk controllers, battery controllers,
> > BMC controllers, with opaque binary firmware update blobs, and
> > complex supply chains) that about secp256r1 vs secp521r1.
> >
> > We thought embedded devices were for physical infrastructure
> > engineers to worry about, but now they are proliferating inside
> > our general purpose computers.  The next Stuxnet will run on one
> > of the invisible computers inside your computer.
> >
> > With concerted effort we can improve the crypto protocols, but will
> > it matter if the architecture on top of which the crypto runs has
> > an ever growing attack surface.
> >
> >
> >
> > _______________________________________________
> > perpass mailing list
> > perpass@ietf.org
> > https://www.ietf.org/mailman/listinfo/perpass
> >
>

--047d7b2ed341a3cd0804e958ea1c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I could certainly do a rfc3207bis document, or participate=
 in a foo-over-tls omnibus. But, as Viktor points out, it&#39;s probably go=
ing to be a bit less self-congratulatory than we might have expected.<br></=
div>
<div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Tue, Oct 2=
2, 2013 at 9:46 AM, Stephen Farrell <span dir=3D"ltr">&lt;<a href=3D"mailto=
:stephen.farrell@cs.tcd.ie" target=3D"_blank">stephen.farrell@cs.tcd.ie</a>=
&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><br>
Yep, that&#39;s a useful post - we shouldn&#39;t rush too much,<br>
but we do want to get things done so that developers<br>
and deployers have something to use.<br>
<br>
I wonder what&#39;s the best way to proceed with this kind<br>
of stuff. I guess we want a BCP of some sort, but the<br>
question is how to handle the various different cases<br>
of foo-with-tls.<br>
<br>
- Yaron did a generic TLS BCP draft. [1]<br>
- PSA did an XMPP TLS BCP draft [2]<br>
- This sounds like we might want an SMTP TLS BCP draft<br>
=C2=A0 or perhaps to add text to [3], but that&#39;s aiming for<br>
=C2=A0 experimental and is just about using DANE.<br>
<br>
So at present we&#39;re heading towards a bunch of foo-with-tls<br>
BCPs. Could those usefully be merged or are they better<br>
kept separate?<br>
<br>
Thoughts?<br>
<br>
S.<br>
<br>
[1] <a href=3D"https://tools.ietf.org/html/draft-sheffer-tls-bcp" target=3D=
"_blank">https://tools.ietf.org/html/draft-sheffer-tls-bcp</a><br>
[2] <a href=3D"https://tools.ietf.org/html/draft-saintandre-xmpp-tls" targe=
t=3D"_blank">https://tools.ietf.org/html/draft-saintandre-xmpp-tls</a><br>
[3] <a href=3D"https://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane" =
target=3D"_blank">https://tools.ietf.org/html/draft-ietf-dane-smtp-with-dan=
e</a><br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
On 10/22/2013 04:26 PM, Paul Hoffman wrote:<br>
&gt; This was posted last night by Viktor Dukhovni on the cryptography mail=
ing<br>
&gt; list, but is certainly applicable here. Forwarded with Viktor&#39;s pe=
rmission.<br>
&gt;<br>
&gt; =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>
&gt;<br>
&gt; There have been many recent efforts to harden the cryptographic<br>
&gt; security of various systems. =C2=A0I would like to urge anyone conside=
ring<br>
&gt; taking steps in that direction to exercise due caution.<br>
&gt;<br>
&gt; Multiple recent attempts at improvement backfire in various ways:<br>
&gt;<br>
&gt; =C2=A0 =C2=A0- RedHat has been under pressure for some time to enable =
EC support<br>
&gt; =C2=A0 =C2=A0 =C2=A0in their OpenSSL RPM package.<br>
&gt;<br>
&gt; =C2=A0 =C2=A0 * They finally relented and added EC support ~1 week ago=
. =C2=A0However,<br>
&gt; =C2=A0 =C2=A0 =C2=A0 they quickly decided to play it safe and enable j=
ust the Suite-B<br>
&gt; =C2=A0 =C2=A0 =C2=A0 curves: secp256r1, secp384r1 and no others.<br>
&gt;<br>
&gt; =C2=A0 =C2=A0 * They neglected to consider that the new libraries now<=
br>
&gt; =C2=A0 =C2=A0 =C2=A0 happily negotiate EECDH key exchange TLS cipher-s=
uites with<br>
&gt; =C2=A0 =C2=A0 =C2=A0 servers that typically don&#39;t know of (or can&=
#39;t act on) the<br>
&gt; =C2=A0 =C2=A0 =C2=A0 client&#39;s limitations.<br>
&gt;<br>
&gt; =C2=A0 =C2=A0 * At the same time newly hardened SMTP servers at <a hre=
f=3D"http://gmx.de" target=3D"_blank">gmx.de</a><br>
&gt; =C2=A0 =C2=A0 =C2=A0 and other sites have &quot;stronger&quot; securit=
y by switching to<br>
&gt; =C2=A0 =C2=A0 =C2=A0 secp521r1.<br>
&gt;<br>
&gt; =C2=A0 =C2=A0 =C2=A0 # Result: SMTP TLS handshakes break, and more mai=
l goes out in<br>
&gt; =C2=A0 =C2=A0 =C2=A0 =C2=A0 the clear!<br>
&gt;<br>
&gt; =C2=A0 =C2=A0 =C2=A0 # With TLS, no EC is better than crippled EC.<br>
&gt;<br>
&gt; =C2=A0 =C2=A0- GnuTLS sets aggressive client-side EDH prime-size lower=
 bound.<br>
&gt;<br>
&gt; =C2=A0 =C2=A0 * Exim encounters interoperability problems and works-ar=
ound<br>
&gt; =C2=A0 =C2=A0 =C2=A0 the setting by allowing 1024-bit EDH in SMTP clie=
nts while<br>
&gt; =C2=A0 =C2=A0 =C2=A0 using 2048-bit EDH in the server (which generally=
 works for<br>
&gt; =C2=A0 =C2=A0 =C2=A0 SMTP).<br>
&gt;<br>
&gt; =C2=A0 =C2=A0 * Debian decides to improve security in Exim and raises =
this<br>
&gt; =C2=A0 =C2=A0 =C2=A0 to 2048-bits, breaking interoperability again.<br=
>
&gt;<br>
&gt; =C2=A0 =C2=A0 =C2=A0 =C2=A0# Result: =C2=A0Since SMTP TLS is generally=
 opportunistic, when<br>
&gt; =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0TLS handshakes break, more mail is t=
ransmitted in the clear!<br>
&gt;<br>
&gt; =C2=A0 =C2=A0- Some email administrators disable RC4 (enable only the =
OpenSSL &quot;HIGH&quot;<br>
&gt; =C2=A0 =C2=A0 =C2=A0ciphers) in opportunistic TLS. =C2=A0Many extant M=
icrosoft Exchange servers<br>
&gt; =C2=A0 =C2=A0 =C2=A0support only RC4-SHA1, RC4-MD5 and 3DES (whose imp=
lementation is<br>
&gt; =C2=A0 =C2=A0 =C2=A0breaks post handshake in data transfer).<br>
&gt;<br>
&gt; =C2=A0 =C2=A0 =C2=A0 =C2=A0# Result: TLS handshakes fail, and mail is =
sent in the clear.<br>
&gt;<br>
&gt; =C2=A0 =C2=A0- There&#39;s lots of press about CRIME, BEAST, ... and s=
ome SMTP<br>
&gt; =C2=A0 =C2=A0 =C2=A0administrators configure their systems to prefer R=
C4 and<br>
&gt; =C2=A0 =C2=A0 =C2=A0avoid CBC ciphersuites.<br>
&gt;<br>
&gt; =C2=A0 =C2=A0 # The attacks in question are primarily HTTPS attacks,<b=
r>
&gt; =C2=A0 =C2=A0 cryptanalysis of RC4 may well be the greater threat to S=
MTP.<br>
&gt;<br>
&gt; There are I expect similar examples of good intentions, but poor<br>
&gt; outcomes outside the world of SMTP. =C2=A0Raising the bar on Internet<=
br>
&gt; security will take considerable time and effort. =C2=A0Updated standar=
ds<br>
&gt; will have to be developed, toolkits extended to support them and<br>
&gt; applications updated. =C2=A0Rolling improved security out to end-users=
<br>
&gt; will likely take on the order of a decade.<br>
&gt;<br>
&gt; In the mean-time, users should make an effort to configure their<br>
&gt; systems to employ current best-practice security, trying to go<br>
&gt; beyond that into uncharted territory may well be counter-productive.<b=
r>
&gt;<br>
&gt; Endpoint security and misuse of data at rest are still IMHO the<br>
&gt; bigger issues. =C2=A0I am much more concerned about the proliferation<=
br>
&gt; of miniature programmable computers inside our computers (CPUs and<br>
&gt; programmable firmware in disk controllers, battery controllers,<br>
&gt; BMC controllers, with opaque binary firmware update blobs, and<br>
&gt; complex supply chains) that about secp256r1 vs secp521r1.<br>
&gt;<br>
&gt; We thought embedded devices were for physical infrastructure<br>
&gt; engineers to worry about, but now they are proliferating inside<br>
&gt; our general purpose computers. =C2=A0The next Stuxnet will run on one<=
br>
&gt; of the invisible computers inside your computer.<br>
&gt;<br>
&gt; With concerted effort we can improve the crypto protocols, but will<br=
>
&gt; it matter if the architecture on top of which the crypto runs has<br>
&gt; an ever growing attack surface.<br>
&gt;<br>
&gt;<br>
&gt;<br>
</div></div><div class=3D"HOEnZb"><div class=3D"h5">&gt; __________________=
_____________________________<br>
&gt; perpass mailing list<br>
&gt; <a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_b=
lank">https://www.ietf.org/mailman/listinfo/perpass</a><br>
&gt;<br>
</div></div></blockquote></div><br></div>

--047d7b2ed341a3cd0804e958ea1c--

From hallam@gmail.com  Tue Oct 22 12:20:52 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9609211E8215 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 12:20:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.624
X-Spam-Level: 
X-Spam-Status: No, score=-1.624 tagged_above=-999 required=5 tests=[AWL=-0.691, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7-xI8Kl01ZJ6 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 12:20:51 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) by ietfa.amsl.com (Postfix) with ESMTP id DCB1F11E8211 for <perpass@ietf.org>; Tue, 22 Oct 2013 12:20:49 -0700 (PDT)
Received: by mail-lb0-f181.google.com with SMTP id x18so5279167lbi.12 for <perpass@ietf.org>; Tue, 22 Oct 2013 12:20:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=UgLSA1B+v/p8w46LAMpd6VnDPh4gA4ElzgG6hupUnZ0=; b=Wx55/xjeC1cTPs4kHEJXkcR4ddCUr1Ni5HgtAzNaghtXarDF2GQ5BmYHdwDM2XQdUH x/9/MQuIdgDpw9VbbrtPzQisreFwN/F3AinRO7BhMO4Euh6sO4aTr3TSeVhvyOj/t8Z2 YH/6xWrWJ73XMq0rKKVL1/wC60ik7yKpY0OzXU3YK9D+zJ0xHM8n69wR/g7PePxtZpfx y2TxiaV3bBNkMWQT6gudVEn35QklZ+ZuVQUte0BOykstZZ1Iz8MUg3/0n9oci5kKfLGO rDQ9qgMHih6ixw9k+wWbVHbLXDP/DmDetFsWKquTBlfb4LhhKlPrChvu/E8OkSsHcpYR Ql3w==
MIME-Version: 1.0
X-Received: by 10.152.23.137 with SMTP id m9mr19091187laf.17.1382469648766; Tue, 22 Oct 2013 12:20:48 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Tue, 22 Oct 2013 12:20:48 -0700 (PDT)
In-Reply-To: <52661FCE.6040209@gmx.net>
References: <52661FCE.6040209@gmx.net>
Date: Tue, 22 Oct 2013 15:20:48 -0400
Message-ID: <CAMm+Lwg8q2K3ZCWNg8aX4dzNeXYU+skaakTvvc6A=4+qvySxsg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary=089e0160a67653df2d04e9594ce8
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] draft-tschofenig-iab-webpki-evolution-00
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 19:20:52 -0000

--089e0160a67653df2d04e9594ce8
Content-Type: text/plain; charset=ISO-8859-1

Some comments:

Paragraph1:

It should be noted that in the DigiNotar case the breach was not discovered
for several weeks and not reported after discovery and due to the nature of
the breach revocation was not possible. In the Comodo case the mis-issue
was discovered within minutes and the certificates revoked.

This is a very important point to raise since the next paragraph is
conculsory, "The main problem, however, is
   that any CA can issue a certificate for any domain name."

1) one could make a very good argument that the main problem is that the
browsers don't implement revocation reliably.

2) CAA has already been created to address this problem. If that was the
'main' problem it would be solved. Unfortunately it isn't.


The 'EFF 600' number is unfortunately a XXX and I use the term advisedly.
They have accepted that they are mis-measuring the number of CAs but they
continue to insist on a number they admit they can't support. Please do not
present Fox News figures in what is meant to be a serious report. I regret
that I have to use the word 'XXX' here but when a falsehood is presented
and then insisted on after being proven untrue, what other description is
there?

The EFF study conflates all intermediate certs whose subject name is
different to the issuer with cross certificates to a CA. In practice 300+
of the certificates they identify as 'CA certificates' are issued by a
single CA and none are CA certificates. We have had exhaustive discussion
of the issue and no correction from the EFF unfortunately.

The fact that they can't measure what they would like to measure from the
certificate graph does not mean that they can measure it wrongly in a
fashion that inflates it by a factor of ten and present that figure and
assert that it is up to others to supply a better figure.


The principal problem with Sovereign keys is that it simplifies the trust
management problem by assuming that no network manager will ever make a
mistake. If they make one mistake they will lose control of their domain in
perpetuity. Nobody is ever going to take responsibility for deploying such
a scheme on ebay.com or the like.


I think that you miss the point of CT which is that Transparency is the
principle that the CA can be audited by any party without access to hidden
knowledge. That is a groundbreaking concept in trust infrastructure.

What the client checks is proof that the certificate was entered into the
log, not the log itself. That is an important but subtle point.



On DANE among the risks that have to be considered is that there is only
one provider of PKI services in DANE. Thus if that provider decides to deny
access to a party they have no recourse. Hence the Russian interest in GOST
etc. Whether or not you accept that scenario, the folk who do accept it are
willing to fracture the Internet over it.



On Tue, Oct 22, 2013 at 2:48 AM, Hannes Tschofenig <
hannes.tschofenig@gmx.net> wrote:

> Hi all,
>
> one item that predates the pervasive surveillance debate is the discussion
> about improving the public key infrastructure (but still has relevance in
> this discussion, see https://www.net-security.org/**secworld.php?id=15579<https://www.net-security.org/secworld.php?id=15579>
> ).
>
> Following the workshop at NIST earlier this year the IAB and ISOC have
> been reaching out to different players (and are still doing that) to
> continue the conversation.
>
> We have put together a first document that describes the different
> proposals (and as you can see the level of detail available for them and
> their maturity varies greately). Here is the writeup:
> http://tools.ietf.org/html/**draft-tschofenig-iab-webpki-**evolution-00<http://tools.ietf.org/html/draft-tschofenig-iab-webpki-evolution-00>
>
> The analysis is still a bit weak and requires more work but the proposals
> are hopefully captured accurately. Let us know whether there is something
> missing.
>
> We hope that this could help to create move momentum behind certain
> proposals to get them accepted by the community and widely deployed.
>
> Ciao
> Hannes
> ______________________________**_________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/**listinfo/perpass<https://www.ietf.org/mailman/listinfo/perpass>
>



-- 
Website: http://hallambaker.com/

--089e0160a67653df2d04e9594ce8
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Some comments:<div><br></div><div>Paragraph1:</div><div><b=
r></div><div>It should be noted that in the DigiNotar case the breach was n=
ot discovered for several weeks and not reported after discovery and due to=
 the nature of the breach revocation was not possible. In the Comodo case t=
he mis-issue was discovered within minutes and the certificates revoked.</d=
iv>
<div><br></div><div>This is a very important point to raise since the next =
paragraph is conculsory, &quot;<span style=3D"color:rgb(0,0,0);font-size:1e=
m">The main problem, however,=A0</span><span style=3D"color:rgb(0,0,0);font=
-size:1em">is</span></div>
<div><span style=3D"color:rgb(0,0,0);font-size:1em">=A0 =A0that any CA can =
issue a certificate for any domain name.</span><span style=3D"color:rgb(0,0=
,0);font-size:1em">&quot;=A0</span></div><div><span style=3D"color:rgb(0,0,=
0);font-size:1em"><br>
</span></div><div><span style=3D"color:rgb(0,0,0);font-size:1em">1) one cou=
ld make a very good argument that the main problem is that the browsers don=
&#39;t implement revocation reliably.=A0</span></div><div><span style=3D"co=
lor:rgb(0,0,0);font-size:1em"><br>
</span></div><div><span style=3D"color:rgb(0,0,0);font-size:1em">2) CAA has=
 already been created to address this problem. If that was the &#39;main&#3=
9; problem it would be solved. Unfortunately it isn&#39;t.</span></div><div=
>
<span style=3D"color:rgb(0,0,0);font-size:1em"><br></span></div><div><span =
style=3D"color:rgb(0,0,0);font-size:1em"><br></span></div><div><font color=
=3D"#000000">The &#39;EFF 600&#39; number is=A0unfortunately=A0a XXX and I =
use the term advisedly. They have accepted that they are mis-measuring the =
number of CAs but they continue to insist on a number they admit they can&#=
39;t support. Please do not present Fox News figures in what is meant to be=
 a serious report. I regret that I have to use the word &#39;XXX&#39; here =
but when a falsehood is presented and then insisted on after being proven u=
ntrue, what other description is there?</font></div>
<div><font color=3D"#000000"><br></font></div><div><font color=3D"#000000">=
The EFF study conflates all intermediate certs whose subject name is differ=
ent to the issuer with cross certificates to a CA. In practice 300+ of the =
certificates they identify as &#39;CA certificates&#39; are issued by a sin=
gle CA and none are CA certificates. We have had exhaustive discussion of t=
he issue and no correction from the EFF unfortunately.=A0</font></div>
<div><font color=3D"#000000"><br></font></div><div><font color=3D"#000000">=
The fact that they can&#39;t measure what they would like to measure from t=
he certificate graph does not mean that they can measure it wrongly in a fa=
shion that inflates it by a factor of ten and present that figure and asser=
t that it is up to others to supply a better figure.=A0</font></div>
<div><br></div><div><br></div><div>The principal problem with Sovereign key=
s is that it simplifies the trust management problem by assuming that no ne=
twork manager will ever make a mistake. If they make one mistake they will =
lose control of their domain in perpetuity. Nobody is ever going to take re=
sponsibility for deploying such a scheme on <a href=3D"http://ebay.com">eba=
y.com</a> or the like.</div>
<div><br></div><div><br></div><div>I think that you miss the point of CT wh=
ich is that Transparency is the principle that the CA can be audited by any=
 party without access to hidden knowledge. That is a groundbreaking concept=
 in trust infrastructure.</div>
<div><br></div><div>What the client checks is proof that the certificate wa=
s entered into the log, not the log itself. That is an important but subtle=
 point.</div><div><br></div><div><br></div><div><br></div><div>On DANE amon=
g the risks that have to be considered is that there is only one provider o=
f PKI services in DANE. Thus if that provider decides to deny access to a p=
arty they have no recourse. Hence the Russian interest in GOST etc. Whether=
 or not you accept that scenario, the folk who do accept it are willing to =
fracture the Internet over it.</div>
<div><br></div></div><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Tue, Oct 22, 2013 at 2:48 AM, Hannes Tschofenig <span dir=3D"ltr=
">&lt;<a href=3D"mailto:hannes.tschofenig@gmx.net" target=3D"_blank">hannes=
.tschofenig@gmx.net</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Hi all,<br>
<br>
one item that predates the pervasive surveillance debate is the discussion =
about improving the public key infrastructure (but still has relevance in t=
his discussion, see <a href=3D"https://www.net-security.org/secworld.php?id=
=3D15579" target=3D"_blank">https://www.net-security.org/<u></u>secworld.ph=
p?id=3D15579</a>).<br>

<br>
Following the workshop at NIST earlier this year the IAB and ISOC have been=
 reaching out to different players (and are still doing that) to continue t=
he conversation.<br>
<br>
We have put together a first document that describes the different proposal=
s (and as you can see the level of detail available for them and their matu=
rity varies greately). Here is the writeup:<br>
<a href=3D"http://tools.ietf.org/html/draft-tschofenig-iab-webpki-evolution=
-00" target=3D"_blank">http://tools.ietf.org/html/<u></u>draft-tschofenig-i=
ab-webpki-<u></u>evolution-00</a><br>
<br>
The analysis is still a bit weak and requires more work but the proposals a=
re hopefully captured accurately. Let us know whether there is something mi=
ssing.<br>
<br>
We hope that this could help to create move momentum behind certain proposa=
ls to get them accepted by the community and widely deployed.<br>
<br>
Ciao<br>
Hannes<br>
______________________________<u></u>_________________<br>
perpass mailing list<br>
<a href=3D"mailto:perpass@ietf.org" target=3D"_blank">perpass@ietf.org</a><=
br>
<a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_blank"=
>https://www.ietf.org/mailman/<u></u>listinfo/perpass</a><br>
</blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>Website: <a =
href=3D"http://hallambaker.com/">http://hallambaker.com/</a><br>
</div>

--089e0160a67653df2d04e9594ce8--

From brian.e.carpenter@gmail.com  Tue Oct 22 12:32:53 2013
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5A3B11E822E for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 12:32:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.535
X-Spam-Level: 
X-Spam-Status: No, score=-102.535 tagged_above=-999 required=5 tests=[AWL=0.064, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eIYaw5z131vY for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 12:32:53 -0700 (PDT)
Received: from mail-pb0-x22f.google.com (mail-pb0-x22f.google.com [IPv6:2607:f8b0:400e:c01::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 6DAD711E8217 for <perpass@ietf.org>; Tue, 22 Oct 2013 12:32:53 -0700 (PDT)
Received: by mail-pb0-f47.google.com with SMTP id rq2so955563pbb.6 for <perpass@ietf.org>; Tue, 22 Oct 2013 12:32:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=fkoppKJ6O4deC4A3Esm3DzDOipKyEn1SUhvZHTHLoqM=; b=O81icyAuG3H1Kpx1AprFuIjDw27ebgYTx0THer5R2oOYyNkI2+TiZCLDeVTMbEuPjs IZtxwcGbhe6+rlZg5C6wLkxZITEUNYuzDWlsXLnlF7hy70OI8X/LpaTjEkonEugbEU7L ybPE/AN67STUwGAJY5A8mBpf2S58hFtr3U64UJrvGBVQmVZBdZti5N6ygdkWGXf5K1Sy I5nDAbUmFfk9oIhO0A0xc5R9ri3MkUmS4mVT2i2hFhWGtbJy+4nByL8QiHWrOvuG6qS1 zLr4pvnJlvvUDRSSBSsi9/309j6IScPszRKT9qAMedlj9bK4PTBOQniGQOxiHjs1TsSB ++zQ==
X-Received: by 10.68.195.233 with SMTP id ih9mr9587779pbc.160.1382470373091; Tue, 22 Oct 2013 12:32:53 -0700 (PDT)
Received: from [192.168.178.20] (178.193.69.111.dynamic.snap.net.nz. [111.69.193.178]) by mx.google.com with ESMTPSA id og5sm29371591pbb.10.2013.10.22.12.32.50 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 22 Oct 2013 12:32:52 -0700 (PDT)
Message-ID: <5266D2E6.8040403@gmail.com>
Date: Wed, 23 Oct 2013 08:32:54 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: DataPacRat <datapacrat@gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com>	<CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com>	<CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <CAB5WduDidbABUCK1_uPT9yhsBqmEQN9bHKf33pYb_KoEi2QWuQ@mail.gmail.com>
In-Reply-To: <CAB5WduDidbABUCK1_uPT9yhsBqmEQN9bHKf33pYb_KoEi2QWuQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, Phillip Hallam-Baker <hallam@gmail.com>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 19:32:54 -0000

On 23/10/2013 04:55, DataPacRat wrote:
> On Mon, Oct 21, 2013 at 4:46 PM, DataPacRat <datapacrat@gmail.com> wrote:
> 
>> Eg, if I trust my own vCard at a level of 100 decibans,
>> I trust Alice's card at 30, and Alice trusts Bob's card at 40, it's
>> easy to determine that Bob's card should be trusted at somewhere under
>> 30 decibans. (Real situations would be much more complicated, such as
>> with multiple assertion paths; but this is still early days.)

Excuse my ignorance, but while I have no difficulty understanding
Bayes' Theorem and know who invented decibans, I don't understand how
I can use a trust value that is different from 1 or 0, in practice.

I won't trust somebody with half my PIN code because they rate 47 decibans.

    Brian

> 
> I've just realized that not only might this problem be easier to solve
> than I expected, it might already be solved. After waking from an
> unusual dream, I've realized that it may be possible to analyze trust
> networks with the same tools used to measure electrical networks;
> specifically, by treating the user as a voltage source, any individual
> as a node, and their level of trust in another individual/node as
> conductivity (the inverse of resistance). There are plenty of existing
> tools to perform analysis of bizarre electrical architectures, so if
> this model has any validity, it should be reasonably trivial to apply
> them to trust architectures, to work out how much current/trust
> emanating from the source/user arrives at any given node/individual.
> 
> The question is whether this model /has/ any validity. I'm going to do
> all the reading I can think of on trust modeling, but would also
> appreciate any useful references anyone reading this might be able to
> offer. (I have a limited budget, so free-to-read references are
> preferred to paywalled ones.)
> 
> 
> Thank you for your time,
> --
> DataPacRat
> "Then again, I could be wrong."
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 

From datapacrat@gmail.com  Tue Oct 22 13:14:46 2013
Return-Path: <datapacrat@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A508611E8265 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 13:14:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mzih81kbLbYo for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 13:14:44 -0700 (PDT)
Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) by ietfa.amsl.com (Postfix) with ESMTP id A9D9F11E8261 for <perpass@ietf.org>; Tue, 22 Oct 2013 13:14:41 -0700 (PDT)
Received: by mail-wi0-f170.google.com with SMTP id l12so7371499wiv.5 for <perpass@ietf.org>; Tue, 22 Oct 2013 13:14:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=2k3jnayJGbnUpmrj111+VAFi9immtFIOyD6YIq/rooQ=; b=Hc7xRM0Ke7P2vrT2hmlVH12EKD1jTpmtLZuGkV4j8bCXfWIJ0BsHrKhpFopYX4hCRL H3To4EE91NTHjxC7qYruIjmAcTTYsj9lCsMSrhg8yMHmsslQXm2j9cUCVTff4TknLaRo 5fAEFvaYPPxXr6QsvDzNH0N4BPF5sKAJ44aI0j4v/n1sisjEhgNnE7gy63UOK1zQtxHM BUKiX+hfx5qkWdPtO8IQLuE4g/u5OqnXTVZNVrvrd2GYyB2/FdON9ecd05fQKCv3+z8V VKNCR8QSrkT16btuGNFWmO2T4rP6MhxEeFAOOe8KmGtnAXQJsBz6oPHM7tJqXsMe1mgS v0wQ==
MIME-Version: 1.0
X-Received: by 10.180.72.237 with SMTP id g13mr16388884wiv.0.1382472880841; Tue, 22 Oct 2013 13:14:40 -0700 (PDT)
Received: by 10.194.133.193 with HTTP; Tue, 22 Oct 2013 13:14:40 -0700 (PDT)
In-Reply-To: <5266D2E6.8040403@gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <CAB5WduDidbABUCK1_uPT9yhsBqmEQN9bHKf33pYb_KoEi2QWuQ@mail.gmail.com> <5266D2E6.8040403@gmail.com>
Date: Tue, 22 Oct 2013 16:14:40 -0400
Message-ID: <CAB5WduDqLSUCexHac_kHa69sjqSyjDSDu5E6eowbnKwgoNK9SA@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>, Phillip Hallam-Baker <hallam@gmail.com>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 20:14:46 -0000

On Tue, Oct 22, 2013 at 3:32 PM, Brian E Carpenter
<brian.e.carpenter@gmail.com> wrote:
> On 23/10/2013 04:55, DataPacRat wrote:
>> On Mon, Oct 21, 2013 at 4:46 PM, DataPacRat <datapacrat@gmail.com> wrote:

>>> Eg, if I trust my own vCard at a level of 100 decibans,
>>> I trust Alice's card at 30, and Alice trusts Bob's card at 40, it's
>>> easy to determine that Bob's card should be trusted at somewhere under
>>> 30 decibans. (Real situations would be much more complicated, such as
>>> with multiple assertion paths; but this is still early days.)
>
> Excuse my ignorance, but while I have no difficulty understanding
> Bayes' Theorem and know who invented decibans, I don't understand how
> I can use a trust value that is different from 1 or 0, in practice.
>
> I won't trust somebody with half my PIN code because they rate 47 decibans.

I could suggest that the values be interpreted in terms of LaPlace's
Sunrise formula - eg, "there's been 10 reports of the key being used
falsely and 500,000 that it's been used successfully: Do you wish to
continue?".

More usefully, though, I'd suggest that you already go through this
process today, with whatever security/privacy procedures you may use,
only qualitatively rather than quantitatively. Eg, if something like
this is used as a replacement for hierarchical CAs for https
transactions, then some practice and experiment would have been done
by then to figure out reasonable trust values for any given result.
Eg, "Below 0 decibans: Reject. 1-20 decibans: Warn user, show highest
trust paths, ask for confirmation. 20+ decibans: Proceed normally."

(Smart software would allow users to tweak their own thresholds, with
suitable warnings. Even smarter software would use more complicated
metrics involving calibrating the trust values reported by each
issuer, adding time-based factors, and so on.)

To you, as an end user, part of the goal of the infrastructure system
here is to fade into the background as much as possible, so that you
don't even realize it's there, and generally don't have to worry about
it, any more than you have to worry about what makes your browser give
a green-light to your bank's website today.


Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."

From doug.mtview@gmail.com  Tue Oct 22 13:39:02 2013
Return-Path: <doug.mtview@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA12811E826F for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 13:38:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.452
X-Spam-Level: 
X-Spam-Status: No, score=-2.452 tagged_above=-999 required=5 tests=[AWL=0.148,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xFI5LmZB1tNU for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 13:38:53 -0700 (PDT)
Received: from mail-pa0-x22b.google.com (mail-pa0-x22b.google.com [IPv6:2607:f8b0:400e:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 16E8411E827D for <perpass@ietf.org>; Tue, 22 Oct 2013 13:38:19 -0700 (PDT)
Received: by mail-pa0-f43.google.com with SMTP id hz1so9065pad.2 for <perpass@ietf.org>; Tue, 22 Oct 2013 13:38:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=hPAgju2CpwF4CaHrqPBa9n1DXS1Ov+nGh7M0D8ZYMpc=; b=bSw7OSBgq8fs8tYdnHiCVXuHjPGF4JFoKrGvoiFTz3I4bZ3XLGu9dOynPm2huXKcFO EA1atrxXAHhSHWXtQ75ysPwM1khk7Q0oSn0jfFZVGKxhj74SmMs39+qkcJ4WGblbsvg0 LdxoN+J6uiu49l2m9Kz6wcwnDFTdPPZNwmyA5p/RkB0ksEnLr3GRlkuP0ydKNEx1819I Mvwaghl55bvmBFUXihLtuSYoBNSnGqE4ZW8jNl7KWhE9RtpJ8QhO0ChKgAt3t5Opa+4i 6aOeEno0Ej7vcfkcXJ3X6YaAaYET52U6gE7gBjTpDUR1288RG2dSdpKlvg6bL41DQDGv 87VQ==
X-Received: by 10.68.197.129 with SMTP id iu1mr10016253pbc.139.1382474281729;  Tue, 22 Oct 2013 13:38:01 -0700 (PDT)
Received: from [192.168.2.233] (c-24-6-103-174.hsd1.ca.comcast.net. [24.6.103.174]) by mx.google.com with ESMTPSA id q4sm29568971pba.12.2013.10.22.13.37.59 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 22 Oct 2013 13:38:00 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <-2488479915836391546@unknownmsgid>
Date: Tue, 22 Oct 2013 13:37:59 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <00D864DA-0333-4194-B747-1754AFB70C4D@gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <52668970.4080500@bbn.com> <-2488479915836391546@unknownmsgid>
To: Phillip Hallam-Baker <hallam@gmail.com>
X-Mailer: Apple Mail (2.1510)
Cc: "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 20:39:06 -0000

On Oct 22, 2013, at 9:33 AM, Phillip Hallam-Baker <hallam@gmail.com> =
wrote:

> Trust is not transitive but cost measures are pretty stable
>=20
> Producing a web of trust with a thousand bogus entries costs =
essentially nothing
>=20
> Producing such a web with twenty links to verified parties is much
> more expensive
>=20
> Incidentally, I can't claim any originality for the extended work
> factors I use as it happens. Although I came to them independently it
> turns out that a co collaborator had gone so far as to organize an
> event on the topic,
>=20
> But what I had not appreciated earlier is just what a difference it
> makes to cast the web of trust problem in terms of a work factor
> metric and introduce a combination of peer and ttp trust providers.

Dear Phillip,

Some hope to establish defenses for services that lack mandatory =
authentication.  Without authentication, any possible reaction would be =
based on unconfirmed suspicions as the only rational response.  Lack of =
authentication is often justified as a means to provide anonymity.  =
While enabling individual anonymity is fine, those managing a system =
that may initiate abuse must be authenticated and held accountable (to =
be responsive to reports of abuse).  Only those managing a system should =
be expected to attribute individual abuse based on internal accounts.  =
As such, this management can be done with anonymity as well.

Developing a group form of reputation for unauthenticated services as a =
means to avoid liabilities for errors made in identifying suspected =
abusive actors assumes dilution of these errors is a solution.  This =
approach can not be fair and represents a dangerous easily poisoned =
system.

Regards,
Douglas Otis







From hallam@gmail.com  Tue Oct 22 14:03:04 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26C3811E81F2 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:03:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.441
X-Spam-Level: 
X-Spam-Status: No, score=-2.441 tagged_above=-999 required=5 tests=[AWL=0.158,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hBuXMFKk26i2 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:03:03 -0700 (PDT)
Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id 5F11B11E820E for <perpass@ietf.org>; Tue, 22 Oct 2013 14:02:39 -0700 (PDT)
Received: by mail-la0-f50.google.com with SMTP id ec20so3799537lab.23 for <perpass@ietf.org>; Tue, 22 Oct 2013 14:02:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mJxY3l7dql8lOsLh8h4dwfJ0YLMOWMSdWiae4woDUyc=; b=GnD7aYIL+pWlNhJAZLWc1U86kHdLLzvBXZOfSNvZIbpO3Te3v6+B0AQmrYKy3opnSN MiBCWZTG8GFFZT3Uuon15AqBU/dZmF4Jf97/wEsyX3LbUhQFJnaJAcqH43Iykn+q2XQJ 5iI/ZajS6dD6qvTbX+BP+pxcE6Nopxz2QI2Y877pxcpzHl1GPwl53oiHMbFlmNznIunB S4zBON5wAdDPk7aVYJN40oDDn79157C5vzq1cTksuNUg9Fbfjr8AhRJSB+XVPrp/CKVC l90RcMwcR16xT77XF2qQxONw89l2MwUJVxk+RvTulYrRejc90uvvuW+kUDQuFlOHTppg cWYQ==
MIME-Version: 1.0
X-Received: by 10.112.52.225 with SMTP id w1mr6782665lbo.31.1382475758277; Tue, 22 Oct 2013 14:02:38 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Tue, 22 Oct 2013 14:02:38 -0700 (PDT)
In-Reply-To: <CAB5WduDqLSUCexHac_kHa69sjqSyjDSDu5E6eowbnKwgoNK9SA@mail.gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <CAB5WduDidbABUCK1_uPT9yhsBqmEQN9bHKf33pYb_KoEi2QWuQ@mail.gmail.com> <5266D2E6.8040403@gmail.com> <CAB5WduDqLSUCexHac_kHa69sjqSyjDSDu5E6eowbnKwgoNK9SA@mail.gmail.com>
Date: Tue, 22 Oct 2013 17:02:38 -0400
Message-ID: <CAMm+LwjqMYGTi3qy-8yVNPyF72_z9-QaCYN2a3+k59kqcaXvWQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: DataPacRat <datapacrat@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c3fe907b9a1204e95ab8da
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 21:03:04 -0000

--001a11c3fe907b9a1204e95ab8da
Content-Type: text/plain; charset=ISO-8859-1

On Tue, Oct 22, 2013 at 4:14 PM, DataPacRat <datapacrat@gmail.com> wrote:

> On Tue, Oct 22, 2013 at 3:32 PM, Brian E Carpenter
> <brian.e.carpenter@gmail.com> wrote:
> > On 23/10/2013 04:55, DataPacRat wrote:
> >> On Mon, Oct 21, 2013 at 4:46 PM, DataPacRat <datapacrat@gmail.com>
> wrote:
>
> >>> Eg, if I trust my own vCard at a level of 100 decibans,
> >>> I trust Alice's card at 30, and Alice trusts Bob's card at 40, it's
> >>> easy to determine that Bob's card should be trusted at somewhere under
> >>> 30 decibans. (Real situations would be much more complicated, such as
> >>> with multiple assertion paths; but this is still early days.)
> >
> > Excuse my ignorance, but while I have no difficulty understanding
> > Bayes' Theorem and know who invented decibans, I don't understand how
> > I can use a trust value that is different from 1 or 0, in practice.
> >
> > I won't trust somebody with half my PIN code because they rate 47
> decibans.
>
> I could suggest that the values be interpreted in terms of LaPlace's
> Sunrise formula - eg, "there's been 10 reports of the key being used
> falsely and 500,000 that it's been used successfully: Do you wish to
> continue?".
>

This is why I would not attempt to use Bayesian logic.

You have no way to measure probability reliably. An attacker can simulate
any behavior before they defect. The only measure that is useful is the
cost of simulating that behavior. If it is prohibitively high then we can
decide to trust them.

Remember that Bernie Madoff paid out 100% of every redemption request right
up to the point where the money ran out.


-- 
Website: http://hallambaker.com/

--001a11c3fe907b9a1204e95ab8da
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Tue, Oct 22, 2013 at 4:14 PM, DataPacRat <span dir=3D"ltr">&lt;<=
a href=3D"mailto:datapacrat@gmail.com" target=3D"_blank">datapacrat@gmail.c=
om</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On Tue, Oct 22, 2013 at 3:=
32 PM, Brian E Carpenter<br>
&lt;<a href=3D"mailto:brian.e.carpenter@gmail.com">brian.e.carpenter@gmail.=
com</a>&gt; wrote:<br>
&gt; On 23/10/2013 04:55, DataPacRat wrote:<br>
&gt;&gt; On Mon, Oct 21, 2013 at 4:46 PM, DataPacRat &lt;<a href=3D"mailto:=
datapacrat@gmail.com">datapacrat@gmail.com</a>&gt; wrote:<br>
<br>
&gt;&gt;&gt; Eg, if I trust my own vCard at a level of 100 decibans,<br>
&gt;&gt;&gt; I trust Alice&#39;s card at 30, and Alice trusts Bob&#39;s car=
d at 40, it&#39;s<br>
&gt;&gt;&gt; easy to determine that Bob&#39;s card should be trusted at som=
ewhere under<br>
&gt;&gt;&gt; 30 decibans. (Real situations would be much more complicated, =
such as<br>
&gt;&gt;&gt; with multiple assertion paths; but this is still early days.)<=
br>
&gt;<br>
&gt; Excuse my ignorance, but while I have no difficulty understanding<br>
&gt; Bayes&#39; Theorem and know who invented decibans, I don&#39;t underst=
and how<br>
&gt; I can use a trust value that is different from 1 or 0, in practice.<br=
>
&gt;<br>
&gt; I won&#39;t trust somebody with half my PIN code because they rate 47 =
decibans.<br>
<br>
</div>I could suggest that the values be interpreted in terms of LaPlace&#3=
9;s<br>
Sunrise formula - eg, &quot;there&#39;s been 10 reports of the key being us=
ed<br>
falsely and 500,000 that it&#39;s been used successfully: Do you wish to<br=
>
continue?&quot;.<br></blockquote><div><br></div><div>This is why I would no=
t attempt to use Bayesian logic.</div><div><br></div><div>You have no way t=
o measure probability reliably. An attacker can simulate any behavior befor=
e they defect. The only measure that is useful is the cost of simulating th=
at behavior. If it is prohibitively high then we can decide to trust them.<=
/div>
<div><br></div><div>Remember that Bernie Madoff paid out 100% of every rede=
mption request right up to the point where the money ran out.</div><div><br=
></div><div>=A0</div></div>-- <br>Website: <a href=3D"http://hallambaker.co=
m/">http://hallambaker.com/</a><br>

</div></div>

--001a11c3fe907b9a1204e95ab8da--

From kent@bbn.com  Tue Oct 22 14:18:58 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7797711E81FF for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:18:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.508
X-Spam-Level: 
X-Spam-Status: No, score=-106.508 tagged_above=-999 required=5 tests=[AWL=0.090, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ns2Js-0gdnmb for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:18:52 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 9C60B11E81F2 for <perpass@ietf.org>; Tue, 22 Oct 2013 14:18:52 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:50484) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VYjLn-0002z4-Mw for perpass@ietf.org; Tue, 22 Oct 2013 17:18:51 -0400
Message-ID: <5266EBBB.4070504@bbn.com>
Date: Tue, 22 Oct 2013 17:18:51 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
References: <CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com>	<52655288.6080502@bbn.com> <CABrd9SR4ErCjxf5XFZf3u1Dsepodh8LK_-oi8Zy4R4pEiSSNpA@mail.gmail.com>
In-Reply-To: <CABrd9SR4ErCjxf5XFZf3u1Dsepodh8LK_-oi8Zy4R4pEiSSNpA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------040506010800020102050909"
Subject: Re: [perpass] NSA inspired PKIX limitations?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 21:18:58 -0000

This is a multi-part message in MIME format.
--------------040506010800020102050909
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Ben,
>
>
>>     ...
>     It might be worth emhpasizing that the principal reason cited for
>     not marking the extension critical, as per X,.509
>     and RFC 5280, was a single vendor's unwillingness to fix a bug in
>     their browser. The CABF members, being browser vendors
>     as well as third-party CAs, was the prefect venue in which elect
>     to given precedence to a vendor's intransigence.
>
> Even if that vendor had been willing to fix the bug, you'd still need 
> name constraints to be non-critical, or they'd break every outdated 
> browser. Which would mean they could not be used for many years. So 
> clearly they had to be non-critical, as will future extensions have to 
> be, I'm sure.
>
> So, I don't think the emphasis is worth it.
>
So, are you saying that other browsers also are not complaint with 5280 
in this respect, or is this more
or a rhetorical distinction?

Steve

--------------040506010800020102050909
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Ben,
    <blockquote
cite="mid:CABrd9SR4ErCjxf5XFZf3u1Dsepodh8LK_-oi8Zy4R4pEiSSNpA@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div class="gmail_extra">
          <div class="gmail_quote">
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div class="im"><br>
                <blockquote type="cite">
                  <div dir="ltr">
                    <div>...</div>
                  </div>
                </blockquote>
              </div>
              It might be worth emhpasizing that the principal reason
              cited for not marking the extension critical, as per
              X,.509<br>
              and RFC 5280, was a single vendor's unwillingness to fix a
              bug in their browser. The CABF members, being browser
              vendors<br>
              as well as third-party CAs, was the prefect venue in which
              elect to given precedence to a vendor's intransigence.
              <div class="im"><br>
                <blockquote type="cite">
                  <div dir="ltr">
                    <div> </div>
                  </div>
                </blockquote>
              </div>
            </blockquote>
          </div>
          Even if that vendor had been willing to fix the bug, you'd
          still need name constraints to be non-critical, or they'd
          break every outdated browser. Which would mean they could not
          be used for many years. So clearly they had to be
          non-critical, as will future extensions have to be, I'm sure.</div>
        <div class="gmail_extra"><br>
        </div>
        <div class="gmail_extra">So, I don't think the emphasis is worth
          it.</div>
        <div class="gmail_extra"><br>
        </div>
      </div>
    </blockquote>
    So, are you saying that other browsers also are not complaint with
    5280 in this respect, or is this more <br>
    or a rhetorical distinction?<br>
    <br>
    Steve<br>
  </body>
</html>

--------------040506010800020102050909--

From kent@bbn.com  Tue Oct 22 14:24:10 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F200C11E81F2 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:24:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.51
X-Spam-Level: 
X-Spam-Status: No, score=-106.51 tagged_above=-999 required=5 tests=[AWL=0.088, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BUXA7NNgnGjk for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:24:05 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 8052A11E81C8 for <perpass@ietf.org>; Tue, 22 Oct 2013 14:24:03 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:50490) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VYjQo-000347-LV; Tue, 22 Oct 2013 17:24:02 -0400
Message-ID: <5266ECF2.5020901@bbn.com>
Date: Tue, 22 Oct 2013 17:24:02 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: DataPacRat <datapacrat@gmail.com>, perpass <perpass@ietf.org>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com>	<CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com>	<CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com>	<52668970.4080500@bbn.com> <CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com>
In-Reply-To: <CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------050206030001020503090202"
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 21:24:11 -0000

This is a multi-part message in MIME format.
--------------050206030001020503090202
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

DataPacRat,
> ...
>
> The key item I am gathering from your response is 'trust is not
> transitive'. If that's the case, then wouldn't that also apply to
> chains of 'official' CAs, as well? If all that is so, then is it
> possible that ad-hoc / mesh-network / web-of-trust /
> (insert-buzzword-here) CAs would fare no worse by that metric than the
> current hierarchical CA system?
That is a fair comment for some PKIs, but not all.

If a PKI represents an _authoritative_ set of CAs, vs. a "trusted"
set of CAs, then this issue does not arise. So for example in the
DANE context or the RPKI context, we're not dealing with transitive trust.

Steve

--------------050206030001020503090202
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    DataPacRat,<br>
    <blockquote
cite="mid:CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com"
      type="cite">
      <pre wrap="">...

The key item I am gathering from your response is 'trust is not
transitive'. If that's the case, then wouldn't that also apply to
chains of 'official' CAs, as well? If all that is so, then is it
possible that ad-hoc / mesh-network / web-of-trust /
(insert-buzzword-here) CAs would fare no worse by that metric than the
current hierarchical CA system?
</pre>
    </blockquote>
    That is a fair comment for some PKIs, but not all.<br>
    <br>
    If a PKI represents an <u>authoritative</u> set of CAs, vs. a
    "trusted"<br>
    set of CAs, then this issue does not arise. So for example in the<br>
    DANE context or the RPKI context, we're not dealing with transitive
    trust.<br>
    <br>
    Steve<br>
  </body>
</html>

--------------050206030001020503090202--

From housley@vigilsec.com  Tue Oct 22 14:42:59 2013
Return-Path: <housley@vigilsec.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77B4611E8251 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:42:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.524
X-Spam-Level: 
X-Spam-Status: No, score=-101.524 tagged_above=-999 required=5 tests=[AWL=-1.087, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4hkAB8PjMt5d for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:42:54 -0700 (PDT)
Received: from odin.smetech.net (unknown [209.135.209.4]) by ietfa.amsl.com (Postfix) with ESMTP id 9731721F9DD6 for <perpass@ietf.org>; Tue, 22 Oct 2013 14:42:53 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 0A6CB9A415B; Tue, 22 Oct 2013 17:42:43 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id hNeS6pZTAcSi; Tue, 22 Oct 2013 17:42:20 -0400 (EDT)
Received: from v150.vpn.iad.rg.net (v150.vpn.iad.rg.net [198.180.150.150]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 949759A4158; Tue, 22 Oct 2013 17:42:20 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <526617D2.5060903@gmx.net>
Date: Tue, 22 Oct 2013 17:42:08 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <43BBE94D-4291-4C5D-9B9C-72BBB33EB866@vigilsec.com>
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com> <5265FB71.1020408@cisco.com> <526617D2.5060903@gmx.net>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
X-Mailer: Apple Mail (2.1085)
Cc: Marcelo Bagnulo <marcelo@it.uc3m.es>, perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>
Subject: Re: [perpass] Standards in the age of pervasive suspicion Re: NSA inspired PKIX limitations?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 21:42:59 -0000

Hannes:

>>> If people want technologies like DNSSEC/DANE or RPKI to be deployed =
in
>>> practice they are going to have to answer the difficult questions
>>> about how cryptography is used to concentrate power over the =
Internet
>>> infrastructure by a very narrow range of institutions, most of which
>>> are ultimately under US govt. control.
>>=20
>> To this we can only say that if the U.S. attempted to exert that
>> control, it would be widely noticed, and it would quickly lead to =
changes.
>=20
> Although I wasn't at the IAB at that time I recall that the RPKI =
decision for having a single trust anchor was everything but easy.
>=20
> Here is the IAB statement from that time:
> =
http://www.ietf.org/mail-archive/web/ietf-announce/current/msg07028.html
>=20
> Maybe Marcelo, who was at the IAB at that time, can say something =
about the discussions.

I was on the IAB when this statement was produced, and confidence in the =
cryptography had nothing to do with the discussion.

The long standing plan for deployment of the RPKI global trust anchor =
keeps it separate from all of the things that have US Government =
entanglements.  This decision was made a long time ago, and it remains =
the correct decision.

IANA administers the pool of IPv4 addresses, IPv6 addresses, and AS =
numbers, and IANA assigns these resources to the Regional Internet =
Registries (RIRs) for further assignment within their regions.  Thus, =
IANA is authoritative about the assignments made to RIRs, and RIRs are =
authoritative about assignments to the next level.  For this reason, the =
IAB said:

>  1. the RPKI should have a single authoritative trust anchor
>
>  2. this trust anchor should be aligned with the registry of the root
>    of the allocation hierarchy

The reason for these is included in the statement.

> The reasoning is of a technological nature and is as follows. A
> single root for the certification hierarchy significantly reduces
> the risk of two or more parties accidentally (or maliciously)
> issuing conflicting certifications for the same address block,
> because a single authoritative entity at the top-level of the
> allocation hierarchy is authoritative for both (a) the allocation of
> the address block and (b) the cryptographic certification of the
> fact that it did indeed allocate that address block.
>
> Thus, the IAB strongly recommends a single root aligned with the
> root of the address allocation hierarchy (now part of the IANA
> function). Doing so will minimize unnecessary complexity in the
> system, in particular virtually eliminating the possibility of
> resource conflicts in the system, reducing substantially the
> likelihood of errors as the allocation and certificate generation
> can be done together by the same operator.

Russ


From jmg@h2.funkthat.com  Tue Oct 22 14:50:59 2013
Return-Path: <jmg@h2.funkthat.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD6FD11E8289 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:50:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d15MNCe+o8b1 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:50:53 -0700 (PDT)
Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) by ietfa.amsl.com (Postfix) with ESMTP id CF16311E8276 for <perpass@ietf.org>; Tue, 22 Oct 2013 14:50:13 -0700 (PDT)
Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id r9MLnlNX076266 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 22 Oct 2013 14:49:48 -0700 (PDT) (envelope-from jmg@h2.funkthat.com)
Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id r9MLnlO4076265; Tue, 22 Oct 2013 14:49:47 -0700 (PDT) (envelope-from jmg)
Date: Tue, 22 Oct 2013 14:49:47 -0700
From: John-Mark Gurney <jmg@funkthat.com>
To: Paul Hoffman <paul.hoffman@gmail.com>
Message-ID: <20131022214947.GE56872@funkthat.com>
References: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
X-Operating-System: FreeBSD 7.2-RELEASE i386
X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88  9322 9CB1 8F74 6D3F A396
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html
X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger?
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Tue, 22 Oct 2013 14:49:48 -0700 (PDT)
Cc: perpass@ietf.org
Subject: Re: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 21:51:03 -0000

Paul Hoffman wrote this message on Tue, Oct 22, 2013 at 08:26 -0700:
> This was posted last night by Viktor Dukhovni on the cryptography mailing
> list, but is certainly applicable here. Forwarded with Viktor's permission.
> 
> ====================
> 
> There have been many recent efforts to harden the cryptographic
> security of various systems.  I would like to urge anyone considering
> taking steps in that direction to exercise due caution.
> 
> Multiple recent attempts at improvement backfire in various ways:
> 
>    - RedHat has been under pressure for some time to enable EC support
>      in their OpenSSL RPM package.
> 
>     * They finally relented and added EC support ~1 week ago.  However,
>       they quickly decided to play it safe and enable just the Suite-B
>       curves: secp256r1, secp384r1 and no others.
> 
>     * They neglected to consider that the new libraries now
>       happily negotiate EECDH key exchange TLS cipher-suites with
>       servers that typically don't know of (or can't act on) the
>       client's limitations.
> 
>     * At the same time newly hardened SMTP servers at gmx.de
>       and other sites have "stronger" security by switching to
>       secp521r1.
> 
>       # Result: SMTP TLS handshakes break, and more mail goes out in
>         the clear!
> 
>       # With TLS, no EC is better than crippled EC.
> 
>    - GnuTLS sets aggressive client-side EDH prime-size lower bound.
> 
>     * Exim encounters interoperability problems and works-around
>       the setting by allowing 1024-bit EDH in SMTP clients while
>       using 2048-bit EDH in the server (which generally works for
>       SMTP).
> 
>     * Debian decides to improve security in Exim and raises this
>       to 2048-bits, breaking interoperability again.
> 
>        # Result:  Since SMTP TLS is generally opportunistic, when
>          TLS handshakes break, more mail is transmitted in the clear!
> 
>    - Some email administrators disable RC4 (enable only the OpenSSL "HIGH"
>      ciphers) in opportunistic TLS.  Many extant Microsoft Exchange servers
>      support only RC4-SHA1, RC4-MD5 and 3DES (whose implementation is
>      breaks post handshake in data transfer).
> 
>        # Result: TLS handshakes fail, and mail is sent in the clear.
> 
>    - There's lots of press about CRIME, BEAST, ... and some SMTP
>      administrators configure their systems to prefer RC4 and
>      avoid CBC ciphersuites.
> 
>     # The attacks in question are primarily HTTPS attacks,
>     cryptanalysis of RC4 may well be the greater threat to SMTP.

Is anyone working on an interop spread sheet?  Like limitations and
others...  I was looking at sendmail's TLS and realized it did 1024
DH (server) and 512 DH (client), but increasing DH beyond 1024 is a
problem since Java can't handle 1024 bit DH...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

From datapacrat@gmail.com  Tue Oct 22 14:53:50 2013
Return-Path: <datapacrat@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63E7B11E81DB for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:53:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SwBiGpaMZR51 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:53:49 -0700 (PDT)
Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 59E7311E8276 for <perpass@ietf.org>; Tue, 22 Oct 2013 14:53:37 -0700 (PDT)
Received: by mail-wi0-f174.google.com with SMTP id cb5so6427203wib.13 for <perpass@ietf.org>; Tue, 22 Oct 2013 14:53:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vCxSiL0ChwwUauTwdu32j9QWnGWXYyGJX/MwXp0Wt+M=; b=xSmlwou5iW9W+pF+pMRY4N8v+7lyEzHqMwcu0M4PG7p9vExNdIDa+XT8Tm/nMLIp5a O33LwA6747tuh5s1eRa1jxAU0ewjJhc2wogzhnHl/XsfSrG6UFamrt0VnQy+wdTQ6xNW UvpH1DnGbHrDJiF0T8tDTQqt8F9BeTrEzj5YW6NdG1OEfGoWHnuj15nfOyRZxdWNUkmr PYBJZGA1+q96iMGgwpbPjy7CxEPSchtLEC+/gj4w65XyKd0VwSYNCJMGluz0Jt0cIBqn w/EUF1p+xGq4aoMxgf/mPOzmKpLKOqMiIf1l4nim/Y7JxkY/LGRWmy7lPU2yxIfnS/Ys S8JQ==
MIME-Version: 1.0
X-Received: by 10.180.185.203 with SMTP id fe11mr16429157wic.29.1382478803504;  Tue, 22 Oct 2013 14:53:23 -0700 (PDT)
Received: by 10.194.133.193 with HTTP; Tue, 22 Oct 2013 14:53:23 -0700 (PDT)
In-Reply-To: <CAMm+LwjqMYGTi3qy-8yVNPyF72_z9-QaCYN2a3+k59kqcaXvWQ@mail.gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <CAB5WduDidbABUCK1_uPT9yhsBqmEQN9bHKf33pYb_KoEi2QWuQ@mail.gmail.com> <5266D2E6.8040403@gmail.com> <CAB5WduDqLSUCexHac_kHa69sjqSyjDSDu5E6eowbnKwgoNK9SA@mail.gmail.com> <CAMm+LwjqMYGTi3qy-8yVNPyF72_z9-QaCYN2a3+k59kqcaXvWQ@mail.gmail.com>
Date: Tue, 22 Oct 2013 17:53:23 -0400
Message-ID: <CAB5WduDqcgVsrE97zcLaDODaTT8BCCBdu8YAC=mkFYF=csQtng@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 21:53:50 -0000

On Tue, Oct 22, 2013 at 5:02 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
> On Tue, Oct 22, 2013 at 4:14 PM, DataPacRat <datapacrat@gmail.com> wrote:

>> I could suggest that the values be interpreted in terms of LaPlace's
>> Sunrise formula - eg, "there's been 10 reports of the key being used
>> falsely and 500,000 that it's been used successfully: Do you wish to
>> continue?".
>
> This is why I would not attempt to use Bayesian logic.
>
> You have no way to measure probability reliably. An attacker can simulate
> any behavior before they defect. The only measure that is useful is the cost
> of simulating that behavior. If it is prohibitively high then we can decide
> to trust them.
>
> Remember that Bernie Madoff paid out 100% of every redemption request right
> up to the point where the money ran out.

One thing using Bayesian/LaPlacian numbers /can/ do is indicate how
much effort would need to have been exerted in order to simulate the
behaviour. If implemented correctly, then put simply, you can't get to
40 decibans of confidence without having had 10,000 successful tests
for every failed test.


Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."

From datapacrat@gmail.com  Tue Oct 22 14:56:34 2013
Return-Path: <datapacrat@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D88C11E821F for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:56:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8G70pW14UErp for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 14:56:31 -0700 (PDT)
Received: from mail-wg0-x232.google.com (mail-wg0-x232.google.com [IPv6:2a00:1450:400c:c00::232]) by ietfa.amsl.com (Postfix) with ESMTP id 6B8BA11E8250 for <perpass@ietf.org>; Tue, 22 Oct 2013 14:56:27 -0700 (PDT)
Received: by mail-wg0-f50.google.com with SMTP id n12so8539267wgh.17 for <perpass@ietf.org>; Tue, 22 Oct 2013 14:56:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=2yOGQ2S4A1MHDsTgNkSLpMw5jK2BSbLVftuGm9hN9kg=; b=Ki9I09DXlAdaCBuZ6KzfKMFL9hYJJUyotFl6UnOYNGjkX30i1g7VzQCPftzkbKkk9K MnPIZ4wGFsHgHI7IYnBZCOrHAa4OyViF0xdGFxGRefmukXJC8RmNKlgvpjyLBighjU6g AfMtXGf88drFarcFAeVqueFjwtcgt5UjrpILiPFuJWWhBVcH7aaz21llhgaQMyXSxnzV UPxgoHJrBS4YX3kqapHR9pCKXk3AAA9Vr6Wkd/n1m98+ycoqmjMcWnTlb7YGbSDYHrx1 SHR/Jtl0MHtMUQQuADxMAZgSlRUxLJL5n8SY4eHfv3QT56uxkk9yus5ZPLn/kEem0ygC QLlg==
MIME-Version: 1.0
X-Received: by 10.180.106.133 with SMTP id gu5mr6845682wib.0.1382478978136; Tue, 22 Oct 2013 14:56:18 -0700 (PDT)
Received: by 10.194.133.193 with HTTP; Tue, 22 Oct 2013 14:56:18 -0700 (PDT)
In-Reply-To: <5266ECF2.5020901@bbn.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <52668970.4080500@bbn.com> <CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com> <5266ECF2.5020901@bbn.com>
Date: Tue, 22 Oct 2013 17:56:18 -0400
Message-ID: <CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 21:56:37 -0000

On Tue, Oct 22, 2013 at 5:24 PM, Stephen Kent <kent@bbn.com> wrote:
> DataPacRat,
>
> > ...
> >
> > The key item I am gathering from your response is 'trust is not
> > transitive'. If that's the case, then wouldn't that also apply to
> > chains of 'official' CAs, as well? If all that is so, then is it
> > possible that ad-hoc / mesh-network / web-of-trust /
> > (insert-buzzword-here) CAs would fare no worse by that metric than the
> > current hierarchical CA system?
>
> That is a fair comment for some PKIs, but not all.
>
> If a PKI represents an authoritative set of CAs, vs. a "trusted"
> set of CAs, then this issue does not arise. So for example in the
> DANE context or the RPKI context, we're not dealing with transitive trust.

I'm not familiar with many of the details of DANE and RPKI. Do either
of them provide any protection against a subpoena attack?



Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."

From sm@resistor.net  Tue Oct 22 22:56:51 2013
Return-Path: <sm@resistor.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A99E11E82E3 for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 22:56:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.576
X-Spam-Level: 
X-Spam-Status: No, score=-102.576 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B3YPFc33L6Hg for <perpass@ietfa.amsl.com>; Tue, 22 Oct 2013 22:56:50 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 40C2011E82E6 for <perpass@ietf.org>; Tue, 22 Oct 2013 22:56:40 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r9N5uV5d007781; Tue, 22 Oct 2013 22:56:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1382507795; bh=iYmKr+d753Pfu2aJibrUHr8bWcfbFzGj0dJCKwUIk2A=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=s4ysydI0t1HGJGAfnKVvmgE/mdYiPbgjDu7XlQLdAHP6v0AfXKq3NEDs3x++K8GeS xE5CvYCMDS6PTbNqN+6txpVXgqwpY93VrgrcQMVVS8XABUbG4v75/7VrPivT6H5hpH qftgUiHVIi0ozWHi26GFUN5en6Ver3il9bsUdTR8=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1382507795; i=@resistor.net; bh=iYmKr+d753Pfu2aJibrUHr8bWcfbFzGj0dJCKwUIk2A=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=AxeK625fi5UdEI8bEi+4OnMEgWVghUVmmbSogrmTZGl/h8nGOzfYoHSXfT1w4Z/uW YFbk5N/fati1nSgxmc+f06OgfN2BH6Sq3TUixy7sCh7g5x9JPGZxy4TpUMu2I6/ul0 RFSAVh88Pxc44P5YP4mEv262Of0hAJWrgLPinlSQ=
Message-Id: <6.2.5.6.2.20131022224559.0db01bc8@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Tue, 22 Oct 2013 22:56:26 -0700
To: DataPacRat <datapacrat@gmail.com>
From: SM <sm@resistor.net>
In-Reply-To: <CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.g mail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <52668970.4080500@bbn.com> <CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com> <5266ECF2.5020901@bbn.com> <CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: perpass@ietf.org
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 05:56:51 -0000

At 14:56 22-10-2013, DataPacRat wrote:
>I'm not familiar with many of the details of DANE and RPKI. Do either
>of them provide any protection against a subpoena attack?

DANE is specified in RFC 6698.  The DNSSEC Practice Statement for the 
Root Zone KSK Operator is at https://www.iana.org/dnssec/icann-dps.txt

Regards,
-sm




From hannes.tschofenig@gmx.net  Wed Oct 23 00:19:40 2013
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C39D811E8311 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 00:19:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.622
X-Spam-Level: 
X-Spam-Status: No, score=-102.622 tagged_above=-999 required=5 tests=[AWL=-0.023, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3K48n9HJYgAO for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 00:19:34 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id 0E49711E8314 for <perpass@ietf.org>; Wed, 23 Oct 2013 00:19:29 -0700 (PDT)
Received: from [172.16.254.200] ([80.92.115.161]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MS5jy-1VA1VF3YjK-00TEUn for <perpass@ietf.org>; Wed, 23 Oct 2013 09:19:28 +0200
Message-ID: <52677899.5000203@gmx.net>
Date: Wed, 23 Oct 2013 09:19:53 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: DataPacRat <datapacrat@gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com>	<CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com>	<CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com>	<52668970.4080500@bbn.com>	<CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com>	<5266ECF2.5020901@bbn.com>	<CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com> <6.2.5.6.2.20131022224559.0db01bc8@resistor.net>
In-Reply-To: <6.2.5.6.2.20131022224559.0db01bc8@resistor.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:yoKjn7tamDJOeMAdDu+Kpa+XYqQVH4QztqgwuF/ufKa9kKOlwba PyCDdaeVOEf6r0ky2SmIv0xBEuB5wrohdlP8q7Haow36rKfeh1ZzXmsDMvk/zjHUR9NC6R4 DFQe+B2GIQpG2duRTkQ4EliqOpAWIBEQgHZPyqUzFaMYYGwxKn2noJDI3MyDTUDbQhLh6UB Zpv0YffrGEKkyp91t/3vg==
Cc: SM <sm@resistor.net>, perpass@ietf.org
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 07:19:40 -0000

At 14:56 22-10-2013, DataPacRat wrote:
> Do either of them provide any protection against a subpoena attack?

Could you explain the 'subpoena attack' in more detail?

Ciao
Hannes

PS: I know what a subpoena is.

From linus@nordberg.se  Wed Oct 23 00:57:25 2013
Return-Path: <linus@nordberg.se>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC29F11E8321 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 00:57:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level: 
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PBwk3XZKKovx for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 00:57:22 -0700 (PDT)
Received: from smtp.nordberg.se (smtp.nordberg.se [193.10.5.87]) by ietfa.amsl.com (Postfix) with ESMTP id 1614311E8314 for <perpass@ietf.org>; Wed, 23 Oct 2013 00:57:22 -0700 (PDT)
Received: from tool.nordberg.se (dhcp32.se-tug.nordu.net [109.105.104.166]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.nordberg.se (Postfix) with ESMTPSA id F317D1156C; Wed, 23 Oct 2013 09:57:19 +0200 (CEST)
From: Linus Nordberg <linus@nordberg.se>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <52661D34.5000405@gmx.net>
Date: Wed, 23 Oct 2013 09:57:19 +0200
In-Reply-To: <52661D34.5000405@gmx.net> (Hannes Tschofenig's message of "Tue,  22 Oct 2013 08:37:40 +0200")
Message-ID: <87ob6gwhb4.fsf@nordberg.se>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] draft-tschofenig-perpass-surveillance-00.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 07:57:26 -0000

Hi Hannes,

Thanks for writing draft-tschofenig-perpass-surveillance-00. I wish I
could muster the powers needed to make text.

Generally, I lack information about what's often called meta-data or
traffic data and the key issue here -- linkability. I don't really know
what I want to say here. I started a private thread with Stephen about a
month ago but then dropped the ball. It's quite broad and I don't know
how to tackle it really.

Should 2.2 mention IPv4? Widely (heh) deployed protocol leaking
meta-data by design. I think it should be touched upon even if we don't
expect changes to it. Maybe that's exactly why we must mention it
somewhere -- some people do not grasp it while others might be hesitant
to touch the issue. IPv6 is another one. I bet there are more.


Typos and other minor things.

- Is the expire date 2014-04-24 correct?

- 2.1. s/a a/a/1

- 2.1. s/'crypto-aglity'/'crypto-agility'/1

- 2.2. s/exploided/exploited/1

- 2.4. last sentence "With the juridiction [...]" needs some love.

- 3. copied from another document

- 6. [10] and [11], swap Nadia and IETF


Http vs https. (Flogging a dead horse?)

- 6. the following urls could and should be https rather than http:
  http://packetstormsecurity.com/files/105499/Browser-Exploit-Against-SSL-TLS.html
  http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
  http://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters

- 6. (and other places) the following urls should be https even if they
  redirect to https, both for educational reasons and for security/privacy
  (not leaking the full url, not having to trust that a hijacker doesn't
  eat the redirect):
  http://www.ietf.org/mail-archive/web/perpass/current/maillist.html
  http://datatracker.ietf.org/drafts/current/

- 6. (and other places) the following urls should have a warning about
  not being https or perhaps have their content mirrored on a site
  providing https (with a proper certificate):
  http://boingboing.net/2013/08/05/anti-tor-malware-reported-back.html
  http://fileperms.org/whatsapp-is-broken-really-broken/ (bad certificate)
  http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/ (bad certificate)
  http://www.tschofenig.priv.at (bad certificate)
  http://trustee.ietf.org/license-info (404)

From ynir@checkpoint.com  Wed Oct 23 01:10:58 2013
Return-Path: <ynir@checkpoint.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4BB711E82E9 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 01:10:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.441
X-Spam-Level: 
X-Spam-Status: No, score=-10.441 tagged_above=-999 required=5 tests=[AWL=0.158, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aFX7lXRRKYXH for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 01:10:52 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 314AF11E8321 for <perpass@ietf.org>; Wed, 23 Oct 2013 01:10:46 -0700 (PDT)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r9N8Acf5006962; Wed, 23 Oct 2013 11:10:38 +0300
X-CheckPoint: {526783E7-5-1B221DC2-1FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.106]) by DAG-EX10.ad.checkpoint.com ([169.254.3.213]) with mapi id 14.03.0123.003; Wed, 23 Oct 2013 11:10:23 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Thread-Topic: [perpass] Web-of-trust CAs
Thread-Index: AQHOz7Sc4vVJF3tzn0CkIdYrwmvIWZoBrtWAgAAOMAA=
Date: Wed, 23 Oct 2013 08:10:21 +0000
Message-ID: <783BD9B2-705A-490D-AE32-9BB5EAAD220A@checkpoint.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <52668970.4080500@bbn.com> <CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com> <5266ECF2.5020901@bbn.com> <CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com> <6.2.5.6.2.20131022224559.0db01bc8@resistor.net> <52677899.5000203@gmx.net>
In-Reply-To: <52677899.5000203@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [172.31.21.231]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-ID: <8545C4E1ED810C489CBBC3182C9E5D04@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: SM <sm@resistor.net>, "<perpass@ietf.org>" <perpass@ietf.org>, DataPacRat <datapacrat@gmail.com>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 08:10:59 -0000

On Oct 23, 2013, at 10:19 AM, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>=
 wrote:

> At 14:56 22-10-2013, DataPacRat wrote:
>> Do either of them provide any protection against a subpoena attack?
>=20
> Could you explain the 'subpoena attack' in more detail?
>=20
> Ciao
> Hannes
>=20
> PS: I know what a subpoena is.

So do I, and AFAIK it can compel you to come and testify, or to hand over s=
ome documents. I don't think it can be used to force a CA to sign a certifi=
cate request or for whoever to register bad keys in the DNS.

Not saying a national government can't do either of these things, but not w=
ith a subpoena.

Yoav



From alexey.melnikov@isode.com  Wed Oct 23 04:52:10 2013
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7E8911E8185 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 04:52:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.963
X-Spam-Level: 
X-Spam-Status: No, score=-102.963 tagged_above=-999 required=5 tests=[AWL=-0.364, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lyvJONPxl8Io for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 04:52:06 -0700 (PDT)
Received: from statler.isode.com (statler.isode.com [62.3.217.254]) by ietfa.amsl.com (Postfix) with ESMTP id 590C311E83AA for <perpass@ietf.org>; Wed, 23 Oct 2013 04:52:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1382529119; d=isode.com; s=selector; i=@isode.com; bh=hEm3CHg9oyUfwCHszqPDVquI5RJaKcQWop8/EnvyFOE=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=w9DHCvgoFo21DIMFppcbmk9uF/nNBcyZ7e3LbgLHIv5WP11mDuy/+/6ioekJ0J8VcgjKoi x3CYVib3YUHufjYMWoNAw6mKb+SO1CONUfqzr70ffMtZcN+UewPhEy6bWufa4gKa53PPdZ 3AdSl7sZgghKopYKl1S9IoirLK0cvjA=;
Received: from [172.16.1.29] (richard.isode.com [62.3.217.249])  by statler.isode.com (submission channel) via TCP with ESMTPA  id <Ume4XwB8lx=S@statler.isode.com>; Wed, 23 Oct 2013 12:51:59 +0100
Message-ID: <5267B862.6000105@isode.com>
Date: Wed, 23 Oct 2013 12:52:02 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com> <5266AC02.80506@cs.tcd.ie>
In-Reply-To: <5266AC02.80506@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org, Paul Hoffman <paul.hoffman@gmail.com>
Subject: Re: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 11:52:10 -0000

Hi Stephen,

On 22/10/2013 17:46, Stephen Farrell wrote:
> Yep, that's a useful post - we shouldn't rush too much,
> but we do want to get things done so that developers
> and deployers have something to use.
>
> I wonder what's the best way to proceed with this kind
> of stuff. I guess we want a BCP of some sort, but the
> question is how to handle the various different cases
> of foo-with-tls.
>
> - Yaron did a generic TLS BCP draft. [1]
> - PSA did an XMPP TLS BCP draft [2]
> - This sounds like we might want an SMTP TLS BCP draft
>    or perhaps to add text to [3], but that's aiming for
>    experimental and is just about using DANE.
I think some generic fallback rules can be protocol independent. But 
needs of different protocols might be different. For example backward 
compatibility with deployed TLS ciphers might be different for XMPP and 
SMTP.

I think SMTP TLS BCP would be a good idea. I think it should be 
independent of DANE, because of the status of the DANE document. I would 
be happy to work on it (and would be happy to collaborate with PSA to 
discuss similarities and differences).
> So at present we're heading towards a bunch of foo-with-tls
> BCPs. Could those usefully be merged or are they better
> kept separate?
>
> Thoughts?
>
> S.
>
> [1] https://tools.ietf.org/html/draft-sheffer-tls-bcp
> [2] https://tools.ietf.org/html/draft-saintandre-xmpp-tls
> [3] https://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane


From stephen.farrell@cs.tcd.ie  Wed Oct 23 05:02:42 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90C0B11E8183 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 05:02:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.672
X-Spam-Level: 
X-Spam-Status: No, score=-102.672 tagged_above=-999 required=5 tests=[AWL=-0.073, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dHbT2NlHcwMO for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 05:02:37 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id AEF7111E82CA for <perpass@ietf.org>; Wed, 23 Oct 2013 05:02:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id EA0ECBE60; Wed, 23 Oct 2013 13:02:33 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 55ppscjIdvlN; Wed, 23 Oct 2013 13:02:33 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id CA229BE59; Wed, 23 Oct 2013 13:02:33 +0100 (IST)
Message-ID: <5267BAD9.8070702@cs.tcd.ie>
Date: Wed, 23 Oct 2013 13:02:33 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Alexey Melnikov <alexey.melnikov@isode.com>
References: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>	<5266AC02.80506@cs.tcd.ie> <5267B862.6000105@isode.com>
In-Reply-To: <5267B862.6000105@isode.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org, Paul Hoffman <paul.hoffman@gmail.com>
Subject: Re: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 12:02:42 -0000

On 10/23/2013 12:52 PM, Alexey Melnikov wrote:
> Hi Stephen,
> 
> On 22/10/2013 17:46, Stephen Farrell wrote:
>> Yep, that's a useful post - we shouldn't rush too much,
>> but we do want to get things done so that developers
>> and deployers have something to use.
>>
>> I wonder what's the best way to proceed with this kind
>> of stuff. I guess we want a BCP of some sort, but the
>> question is how to handle the various different cases
>> of foo-with-tls.
>>
>> - Yaron did a generic TLS BCP draft. [1]
>> - PSA did an XMPP TLS BCP draft [2]
>> - This sounds like we might want an SMTP TLS BCP draft
>>    or perhaps to add text to [3], but that's aiming for
>>    experimental and is just about using DANE.
> I think some generic fallback rules can be protocol independent. But
> needs of different protocols might be different. For example backward
> compatibility with deployed TLS ciphers might be different for XMPP and
> SMTP.

Sounds reasonable. I guess even if they have the same libraries
the update cycles might differ. (Anyone know?)

> I think SMTP TLS BCP would be a good idea. I think it should be
> independent of DANE, because of the status of the DANE document. I would
> be happy to work on it (and would be happy to collaborate with PSA to
> discuss similarities and differences).

Great. Let's talk in YVR about how to get that done so
its a real BCP that gets followed in the wild. If someone
else is up for helping I guess contact Alexey.

Cheers,
S.

>> So at present we're heading towards a bunch of foo-with-tls
>> BCPs. Could those usefully be merged or are they better
>> kept separate?
>>
>> Thoughts?
>>
>> S.
>>
>> [1] https://tools.ietf.org/html/draft-sheffer-tls-bcp
>> [2] https://tools.ietf.org/html/draft-saintandre-xmpp-tls
>> [3] https://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From hhalpin@w3.org  Wed Oct 23 05:02:57 2013
Return-Path: <hhalpin@w3.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4049211E83C0 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 05:02:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level: 
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BeBXWDuSGqwK for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 05:02:52 -0700 (PDT)
Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) by ietfa.amsl.com (Postfix) with ESMTP id 8721611E8183 for <perpass@ietf.org>; Wed, 23 Oct 2013 05:02:52 -0700 (PDT)
Received: from [199.254.238.212] (helo=[172.27.0.86]) by jay.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <hhalpin@w3.org>) id 1VYx9G-0006tG-VA; Wed, 23 Oct 2013 08:02:51 -0400
Message-ID: <5267BAE6.9000000@w3.org>
Date: Wed, 23 Oct 2013 14:02:46 +0200
From: Harry Halpin <hhalpin@w3.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@gmail.com>, perpass@ietf.org
References: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>
In-Reply-To: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------060406070404080005010306"
Subject: Re: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 12:02:57 -0000

This is a multi-part message in MIME format.
--------------060406070404080005010306
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

On 10/22/2013 05:26 PM, Paul Hoffman wrote:
> This was posted last night by Viktor Dukhovni on the cryptography 
> mailing list, but is certainly applicable here. Forwarded with 
> Viktor's permission.
>

Very good post - although the main problem seems to be fallback to 
cleartext in SMTP due to lack of co-ordination, not attempting better 
support of crypto.  Although this has historically not been the case, 
perhaps users may start wanting draconian error-handling as regards 
encrypted email between the client and server as a default. IMHO that is 
the only factor that could force co-ordination of better support of 
larger keys in the client and ECC curves. Obviously, this option already 
exists in most mail clients - yet users are typically unaware of the 
distinction (and the confusing terminological history re enforcement of 
TLS and StarTLS upgrading). While perhaps more draconian error-handling 
would help in standards rather than assuming cleartext fallback, it 
seems the real failure here is a usability issue with many mail clients 
where users are unaware their mail is being sent in the clear.

Right now, at least on Linux, Mozilla has effectively it seems stopped 
development on Thunderbird (truly a shame) so there's virtually no 
usable email clients.  Are folks aware of any that make "forcing TLS 
encryption" both the default and offer severe warnings if it fails?

> ====================
>
> There have been many recent efforts to harden the cryptographic
> security of various systems.  I would like to urge anyone considering
> taking steps in that direction to exercise due caution.
>
> Multiple recent attempts at improvement backfire in various ways:
>
>    - RedHat has been under pressure for some time to enable EC support
>      in their OpenSSL RPM package.
>
>     * They finally relented and added EC support ~1 week ago. However,
>       they quickly decided to play it safe and enable just the Suite-B
>       curves: secp256r1, secp384r1 and no others.
>
>     * They neglected to consider that the new libraries now
>       happily negotiate EECDH key exchange TLS cipher-suites with
>       servers that typically don't know of (or can't act on) the
>       client's limitations.
>
>     * At the same time newly hardened SMTP servers at gmx.de 
> <http://gmx.de>
>       and other sites have "stronger" security by switching to
>       secp521r1.
>
>       # Result: SMTP TLS handshakes break, and more mail goes out in
>         the clear!
>
>       # With TLS, no EC is better than crippled EC.
>
>    - GnuTLS sets aggressive client-side EDH prime-size lower bound.
>
>     * Exim encounters interoperability problems and works-around
>       the setting by allowing 1024-bit EDH in SMTP clients while
>       using 2048-bit EDH in the server (which generally works for
>       SMTP).
>
>     * Debian decides to improve security in Exim and raises this
>       to 2048-bits, breaking interoperability again.
>
>        # Result:  Since SMTP TLS is generally opportunistic, when
>          TLS handshakes break, more mail is transmitted in the clear!
>
>    - Some email administrators disable RC4 (enable only the OpenSSL "HIGH"
>      ciphers) in opportunistic TLS.  Many extant Microsoft Exchange 
> servers
>      support only RC4-SHA1, RC4-MD5 and 3DES (whose implementation is
>      breaks post handshake in data transfer).
>
>        # Result: TLS handshakes fail, and mail is sent in the clear.
>
>    - There's lots of press about CRIME, BEAST, ... and some SMTP
>      administrators configure their systems to prefer RC4 and
>      avoid CBC ciphersuites.
>
>     # The attacks in question are primarily HTTPS attacks,
>     cryptanalysis of RC4 may well be the greater threat to SMTP.
>
> There are I expect similar examples of good intentions, but poor
> outcomes outside the world of SMTP.  Raising the bar on Internet
> security will take considerable time and effort.  Updated standards
> will have to be developed, toolkits extended to support them and
> applications updated.  Rolling improved security out to end-users
> will likely take on the order of a decade.
>
> In the mean-time, users should make an effort to configure their
> systems to employ current best-practice security, trying to go
> beyond that into uncharted territory may well be counter-productive.
>
> Endpoint security and misuse of data at rest are still IMHO the
> bigger issues.  I am much more concerned about the proliferation
> of miniature programmable computers inside our computers (CPUs and
> programmable firmware in disk controllers, battery controllers,
> BMC controllers, with opaque binary firmware update blobs, and
> complex supply chains) that about secp256r1 vs secp521r1.
>
> We thought embedded devices were for physical infrastructure
> engineers to worry about, but now they are proliferating inside
> our general purpose computers.  The next Stuxnet will run on one
> of the invisible computers inside your computer.
>
> With concerted effort we can improve the crypto protocols, but will
> it matter if the architecture on top of which the crypto runs has
> an ever growing attack surface.
>
>
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass


--------------060406070404080005010306
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 10/22/2013 05:26 PM, Paul Hoffman
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">This was posted last night by Viktor Dukhovni on
        the cryptography mailing list, but is certainly applicable here.
        Forwarded with Viktor's permission.<br>
        <br>
      </div>
    </blockquote>
    <br>
    Very good post - although the main problem seems to be fallback to
    cleartext in SMTP due to lack of co-ordination, not attempting
    better support of crypto.&nbsp; Although this has historically not been
    the case, perhaps users may start wanting draconian error-handling
    as regards encrypted email between the client and server as a
    default. IMHO that is the only factor that could force co-ordination
    of better support of larger keys in the client and ECC curves.
    Obviously, this option already exists in most mail clients - yet
    users are typically unaware of the distinction (and the confusing
    terminological history re enforcement of TLS and StarTLS upgrading).
    While perhaps more draconian error-handling would help in standards
    rather than assuming cleartext fallback, it seems the real failure
    here is a usability issue with many mail clients where users are
    unaware their mail is being sent in the clear. <br>
    <br>
    Right now, at least on Linux, Mozilla has effectively it seems
    stopped development on Thunderbird (truly a shame) so there's
    virtually no usable email clients.&nbsp; Are folks aware of any that make
    "forcing TLS encryption" both the default and offer severe warnings
    if it fails? <br>
    <br>
    <blockquote
cite="mid:CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">====================<br>
        <br>
        There have been many recent efforts to harden the cryptographic<br>
        security of various systems.&nbsp; I would like to urge anyone
        considering<br>
        taking steps in that direction to exercise due caution.<br>
        <br>
        Multiple recent attempts at improvement backfire in various
        ways:<br>
        <br>
        &nbsp;&nbsp; - RedHat has been under pressure for some time to enable EC
        support<br>
        &nbsp;&nbsp;&nbsp;&nbsp; in their OpenSSL RPM package.<br>
        <br>
        &nbsp;&nbsp;&nbsp; * They finally relented and added EC support ~1 week ago.&nbsp;
        However,<br>
        &nbsp;&nbsp;&nbsp; &nbsp; they quickly decided to play it safe and enable just the
        Suite-B<br>
        &nbsp;&nbsp;&nbsp; &nbsp; curves: secp256r1, secp384r1 and no others.<br>
        <br>
        &nbsp;&nbsp;&nbsp; * They neglected to consider that the new libraries now<br>
        &nbsp;&nbsp;&nbsp; &nbsp; happily negotiate EECDH key exchange TLS cipher-suites
        with<br>
        &nbsp;&nbsp;&nbsp; &nbsp; servers that typically don't know of (or can't act on) the<br>
        &nbsp;&nbsp;&nbsp; &nbsp; client's limitations.<br>
        <br>
        &nbsp;&nbsp;&nbsp; * At the same time newly hardened SMTP servers at <a
          moz-do-not-send="true" href="http://gmx.de">gmx.de</a><br>
        &nbsp;&nbsp;&nbsp; &nbsp; and other sites have "stronger" security by switching to<br>
        &nbsp;&nbsp;&nbsp; &nbsp; secp521r1.<br>
        <br>
        &nbsp;&nbsp;&nbsp; &nbsp; # Result: SMTP TLS handshakes break, and more mail goes
        out in<br>
        &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; the clear!<br>
        <br>
        &nbsp;&nbsp;&nbsp; &nbsp; # With TLS, no EC is better than crippled EC.<br>
        <br>
        &nbsp;&nbsp; - GnuTLS sets aggressive client-side EDH prime-size lower
        bound. <br>
        <br>
        &nbsp;&nbsp;&nbsp; * Exim encounters interoperability problems and works-around<br>
        &nbsp;&nbsp;&nbsp; &nbsp; the setting by allowing 1024-bit EDH in SMTP clients while<br>
        &nbsp;&nbsp;&nbsp; &nbsp; using 2048-bit EDH in the server (which generally works
        for<br>
        &nbsp;&nbsp;&nbsp; &nbsp; SMTP).<br>
        <br>
        &nbsp;&nbsp;&nbsp; * Debian decides to improve security in Exim and raises this<br>
        &nbsp;&nbsp;&nbsp; &nbsp; to 2048-bits, breaking interoperability again.<br>
        <br>
        &nbsp;&nbsp;&nbsp; &nbsp;&nbsp; # Result:&nbsp; Since SMTP TLS is generally opportunistic,
        when<br>
        &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; TLS handshakes break, more mail is transmitted in the
        clear!<br>
        <br>
        &nbsp;&nbsp; - Some email administrators disable RC4 (enable only the
        OpenSSL "HIGH"<br>
        &nbsp;&nbsp;&nbsp;&nbsp; ciphers) in opportunistic TLS.&nbsp; Many extant Microsoft
        Exchange servers<br>
        &nbsp;&nbsp;&nbsp;&nbsp; support only RC4-SHA1, RC4-MD5 and 3DES (whose
        implementation is<br>
        &nbsp;&nbsp;&nbsp;&nbsp; breaks post handshake in data transfer).<br>
        <br>
        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # Result: TLS handshakes fail, and mail is sent in the
        clear.<br>
        <br>
        &nbsp;&nbsp; - There's lots of press about CRIME, BEAST, ... and some SMTP<br>
        &nbsp;&nbsp;&nbsp;&nbsp; administrators configure their systems to prefer RC4 and<br>
        &nbsp;&nbsp;&nbsp;&nbsp; avoid CBC ciphersuites.<br>
        <br>
        &nbsp;&nbsp;&nbsp; # The attacks in question are primarily HTTPS attacks,<br>
        &nbsp;&nbsp;&nbsp; cryptanalysis of RC4 may well be the greater threat to SMTP.<br>
        <br>
        There are I expect similar examples of good intentions, but poor<br>
        outcomes outside the world of SMTP.&nbsp; Raising the bar on Internet<br>
        security will take considerable time and effort.&nbsp; Updated
        standards<br>
        will have to be developed, toolkits extended to support them and<br>
        applications updated.&nbsp; Rolling improved security out to
        end-users<br>
        will likely take on the order of a decade.<br>
        <br>
        In the mean-time, users should make an effort to configure their<br>
        systems to employ current best-practice security, trying to go<br>
        beyond that into uncharted territory may well be
        counter-productive.<br>
        <br>
        Endpoint security and misuse of data at rest are still IMHO the<br>
        bigger issues.&nbsp; I am much more concerned about the proliferation<br>
        of miniature programmable computers inside our computers (CPUs
        and<br>
        programmable firmware in disk controllers, battery controllers,<br>
        BMC controllers, with opaque binary firmware update blobs, and<br>
        complex supply chains) that about secp256r1 vs secp521r1.<br>
        <br>
        We thought embedded devices were for physical infrastructure<br>
        engineers to worry about, but now they are proliferating inside<br>
        our general purpose computers.&nbsp; The next Stuxnet will run on one<br>
        of the invisible computers inside your computer.<br>
        <br>
        With concerted effort we can improve the crypto protocols, but
        will<br>
        it matter if the architecture on top of which the crypto runs
        has<br>
        an ever growing attack surface.<br>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
perpass mailing list
<a class="moz-txt-link-abbreviated" href="mailto:perpass@ietf.org">perpass@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/perpass">https://www.ietf.org/mailman/listinfo/perpass</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------060406070404080005010306--

From kent@bbn.com  Wed Oct 23 07:43:19 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15A9211E8410 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 07:43:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.213
X-Spam-Level: 
X-Spam-Status: No, score=-106.213 tagged_above=-999 required=5 tests=[AWL=-0.214, BAYES_00=-2.599, J_CHICKENPOX_43=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OESi5UuRxgBM for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 07:43:13 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id E687E11E8424 for <perpass@ietf.org>; Wed, 23 Oct 2013 07:43:02 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:49485) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VYzeI-000NJI-BB for perpass@ietf.org; Wed, 23 Oct 2013 10:43:02 -0400
Message-ID: <5267E076.5010700@bbn.com>
Date: Wed, 23 Oct 2013 10:43:02 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: perpass@ietf.org
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>	<5265FB71.1020408@cisco.com> <526617D2.5060903@gmx.net> <6.2.5.6.2.20131021232826.0dbc9530@resistor.net>
In-Reply-To: <6.2.5.6.2.20131021232826.0dbc9530@resistor.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 14:43:19 -0000

SM,

> Hi Hannes,
> At 23:14 21-10-2013, Hannes Tschofenig wrote:
>> In context of the cryptographic primitives we certainly have relied a 
>> lot on NIST, which is reflected in the number of presentations at the 
>> SAAG meetings.
>>
>> We have made too few attempts to reach out to other communities (if 
>> those even exist) to hear other views. I once talked to Bart Preneel, 
>> who is involved in the European crypto community, to attend an IETF 
>> meeting but (for whatever reason) it didn't work out.
>>
>> Maybe that's something to think about?
>
> There are several governments which rely on NIST. It's difficult to 
> say whether there will be a shift away from that.
NIST creates standards that are mandatory only for US Gov use. (Even 
then it's standards may be waived by a gov
agency if the agency head believes the costs are too great.) However, I 
agree that NIST crypto standards tend to
be widely adopted by folks around the world on a voluntary basis.
> In this age of suspicion a single-source provider is not a good idea. 
> If the IETF decides to review and re-review its protocols it would be 
> good to have input from other communities (re. what you mentioned above).

The major NIST crypto standards are the result of solicitations that are 
open to the world, at least
in the recent past.AES was developed by two Belgians. SHA-3 is the 
result of work more Belgians.
Should we infer that NSA co-opted theseBelgian crypto experts?

I think it is appropriate to focus on specific NIST crypto standards 
that may have been inappropriately influenced,
rather than assuming that every NIST crypto standard is suspect. So far, 
the only NIST crypto standard I've seen for
which there appears to be an objectively-justified concern is the PRNG 
based on ECC.

Steve



From nweaver@icsi.berkeley.edu  Wed Oct 23 07:48:08 2013
Return-Path: <nweaver@icsi.berkeley.edu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4007511E83DC for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 07:48:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.183
X-Spam-Level: 
X-Spam-Status: No, score=-2.183 tagged_above=-999 required=5 tests=[AWL=-0.184, BAYES_00=-2.599, J_CHICKENPOX_43=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GBPtXGQVBUwp for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 07:48:04 -0700 (PDT)
Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id CCFBE11E8429 for <perpass@ietf.org>; Wed, 23 Oct 2013 07:47:55 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 7F2B32C402D; Wed, 23 Oct 2013 07:47:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU
Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id jhmRKOZBqHmO; Wed, 23 Oct 2013 07:47:52 -0700 (PDT)
Received: from gala.icir.org (gala.icir.org [192.150.187.130]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id DB14E2C4008; Wed, 23 Oct 2013 07:47:52 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_0573F3B7-3402-43CC-B73D-589CBFA22B09"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Nicholas Weaver <nweaver@icsi.berkeley.edu>
In-Reply-To: <5267E076.5010700@bbn.com>
Date: Wed, 23 Oct 2013 07:47:52 -0700
Message-Id: <21D6C0EE-0C10-4DC9-ADD6-A6CFA212D163@icsi.berkeley.edu>
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>	<5265FB71.1020408@cisco.com> <526617D2.5060903@gmx.net> <6.2.5.6.2.20131021232826.0dbc9530@resistor.net> <5267E076.5010700@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1510)
Cc: perpass@ietf.org, Nicholas Weaver <nweaver@icsi.berkeley.edu>
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 14:48:08 -0000

--Apple-Mail=_0573F3B7-3402-43CC-B73D-589CBFA22B09
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


On Oct 23, 2013, at 7:43 AM, Stephen Kent <kent@bbn.com> wrote:
> The major NIST crypto standards are the result of solicitations that =
are open to the world, at least
> in the recent past.AES was developed by two Belgians. SHA-3 is the =
result of work more Belgians.
> Should we infer that NSA co-opted theseBelgian crypto experts?

Rijndael was accepted unchanged as AES.  Thats why as part of =
everything, people still trust it.

Keccak however, is being mysteriously changed in the SHA-3 process, =
which is not inspiring confidence in the process:

https://www.schneier.com/blog/archives/2013/10/will_keccak_sha-3.html

--
Nicholas Weaver                  it is a tale, told by an idiot,
nweaver@icsi.berkeley.edu                full of sound and fury,
510-666-2903                                 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc


--Apple-Mail=_0573F3B7-3402-43CC-B73D-589CBFA22B09
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJSZ+GYAAoJEG2B1w+SDi/uTgEP/0cQJrkDPnTwPqIEPTXN6GmN
f4AJxqMdM2rwZy9nYjLrOJ1xeqZ9pPlZRH8IGpngptrVpFrmZjA4cPg7+K004xg1
WDBXwlf/KrWwEp/IYs/Rmqvovym1nH6K3b1eoMtJbKcxaE3CnL6yTzlhSMSfb/6W
mcTh3QHdFYbyq+7hLyXPB3mTMM6CLQ/inJ3M2IQqBJhNs1QQrjsEvt2cJ6/5gAlg
iV5vP6MeguEF3BiGtJs1DE52x8dDUqTPLMC7z3dTtOd3FvtbGHIxu5uuEWyncd8T
OMbRIMb3SLZRKOOcCEMlmIa5UMAbH164CkQ8HJCYkvkFCRNErd2/bzHu3C9vzWrN
6Nbxo1mbqCoDN4+aNNpw0tkrFJYCjpWcEKt5bQJ6rHTCfkh240968FTgwGFDsbyw
pVdzkCpgEDJVPTjFCvqNpBcUy2WWORNc+vbWIGdAd7GH1mMt8iwx+t+7Y8scaYDY
C7KVDqSDxuI718M8GaO7S+hmDlUNcz/YcqvdMJnUR0IMfrHXqx7icB4rvg6ZcyiK
VMtPSaEYu1ZZlmrDF5c5GiYKvWWbXmDxJt4Mo01RWOcbnxJckknVP8N0trVN8I1W
1w/1fAkwCqVZudjaC60oLmQ6z7ZftclS6ME6gNe1ezHYxQLW+ZJLg2dUm6fTuagl
uQ7FguQfYcC20pvwu/gh
=6xZP
-----END PGP SIGNATURE-----

--Apple-Mail=_0573F3B7-3402-43CC-B73D-589CBFA22B09--

From paul@nohats.ca  Wed Oct 23 07:48:13 2013
Return-Path: <paul@nohats.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DEF911E83D1 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 07:48:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pMNg459TKLfn for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 07:48:08 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id 087A111E842A for <perpass@ietf.org>; Wed, 23 Oct 2013 07:47:57 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3d4ZFN4rh4zB1d; Wed, 23 Oct 2013 10:47:52 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id x2-jy6jxzNLy; Wed, 23 Oct 2013 10:47:51 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Wed, 23 Oct 2013 10:47:51 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 474B0807CA; Wed, 23 Oct 2013 10:47:52 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 3DA62805BD; Wed, 23 Oct 2013 10:47:52 -0400 (EDT)
Date: Wed, 23 Oct 2013 10:47:52 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: Paul Hoffman <paul.hoffman@gmail.com>
In-Reply-To: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>
Message-ID: <alpine.LFD.2.10.1310231036280.7047@bofh.nohats.ca>
References: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=ISO-8859-15
Content-Transfer-Encoding: 8BIT
Cc: perpass@ietf.org, Paul Wouters <pwouters@redhat.com>
Subject: Re: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 14:48:13 -0000

On Tue, 22 Oct 2013, Paul Hoffman wrote:

[ With my Red Hat on but using personal email to prevent moderation queues ]

>    - RedHat has been under pressure for some time to enable EC support
>      in their OpenSSL RPM package.
> 
>     * They finally relented and added EC support ~1 week ago.  However,
>       they quickly decided to play it safe and enable just the Suite-B
>       curves: secp256r1, secp384r1 and no others.

Note that "quickly decided" is a little judgemental and unfair. Enabling
ECC has been at least a year in the making. It predates Snowden.

>     * They neglected to consider that the new libraries now
>       happily negotiate EECDH key exchange TLS cipher-suites with
>       servers that typically don't know of (or can't act on) the
>       client's limitations.

The elliptic_curves extension informs a server which curves the client
supports, and openssl uses that extension. So that should not be a
problem. However, Hubert Kario found out that we advertise support for
curves that are not actually supported. We are addressing that bug now:

https://bugzilla.redhat.com/show_bug.cgi?id=1022468
Openssl advertises support for curves it doesn't actually support in Client Hello (edit)

Remember, bugs are resolved faster if reported properly. Please feel
free to contact me regarding any security/crypto bugs in RHEL/Fedora
and I'll ensure proper bugs are filed and tracked.

>     * At the same time newly hardened SMTP servers at gmx.de
>       and other sites have "stronger" security by switching to
>       secp521r1.

With the above bug addressed, it should select a non-ECC cipher suite.

> Rolling improved security out to end-users will likely take on the order of a decade.

Wow, that's rather pessimistic :P

> In the mean-time, users should make an effort to configure their
> systems to employ current best-practice security, trying to go
> beyond that into uncharted territory may well be counter-productive.

Users should not do so. Vendors should do it for them. Users who tweak
crypto parameters manually are not users - they are developers.

Paul

From datapacrat@gmail.com  Wed Oct 23 07:56:26 2013
Return-Path: <datapacrat@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A149911E83D4 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 07:56:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.393
X-Spam-Level: 
X-Spam-Status: No, score=-3.393 tagged_above=-999 required=5 tests=[AWL=0.893,  BAYES_00=-2.599, GB_I_LETTER=-2, NO_RELAYS=-0.001, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kmL3LlWXSZUZ for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 07:56:22 -0700 (PDT)
Received: from mail-wg0-x22b.google.com (mail-wg0-x22b.google.com [IPv6:2a00:1450:400c:c00::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 7A22E11E83E1 for <perpass@ietf.org>; Wed, 23 Oct 2013 07:56:04 -0700 (PDT)
Received: by mail-wg0-f43.google.com with SMTP id b13so950687wgh.10 for <perpass@ietf.org>; Wed, 23 Oct 2013 07:56:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=gFgzJUyHJWss7WQoT7+/zpk3QP2ESOpEFENyXKraQlY=; b=c46QXqjHmwUy/2yU8dmVf1Xv4sVRvV7Ie8zCUruEyL1ULZBsWYPLHak5OBSKX392HM bpMLqMBBBfnskNjTN5Fa9RMf0n58kv6/VqruXMOkYnqHP/in4OTgGkWJasTUYTRDokON VIU59e8nbKPM+B9rPZ8U8J07q/I86EKcqovsmcpkjfigd5De0WKc2l2nkfCDwoY5nrz9 nlyli7lfT8P6GW+pHPGu1JxlLn4vs7dP0v10nsL/jdMHPDBEu//9o9+XqNQQ/VcTkGd6 TUbxXNvlYumczmMPLckQ384QKylA1kepE4sF58o+Q6GmIqcLqWvEGVG8HgibiQiLuHuD 7e3A==
MIME-Version: 1.0
X-Received: by 10.194.202.230 with SMTP id kl6mr2103650wjc.9.1382540162545; Wed, 23 Oct 2013 07:56:02 -0700 (PDT)
Received: by 10.194.165.170 with HTTP; Wed, 23 Oct 2013 07:56:02 -0700 (PDT)
In-Reply-To: <52677899.5000203@gmx.net>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <52668970.4080500@bbn.com> <CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com> <5266ECF2.5020901@bbn.com> <CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com> <6.2.5.6.2.20131022224559.0db01bc8@resistor.net> <52677899.5000203@gmx.net>
Date: Wed, 23 Oct 2013 10:56:02 -0400
Message-ID: <CAB5WduAnprne+yJdXPAXVihu=5oCZTuTWDyLV8HHRif9jbSnCQ@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset=ISO-8859-1
Cc: SM <sm@resistor.net>, perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 14:56:26 -0000

On Wed, Oct 23, 2013 at 3:19 AM, Hannes Tschofenig
<hannes.tschofenig@gmx.net> wrote:
> At 14:56 22-10-2013, DataPacRat wrote:

>> Do either of them provide any protection against a subpoena attack?
>
> Could you explain the 'subpoena attack' in more detail?
>
> Ciao
> Hannes
>
> PS: I know what a subpoena is.

An exemplar could be the attack against Lavabit's customers, which was
only prevented by Lavabit shutting down entirely. More generally, it's
a government issuing some sort of demand, often secret, to an online
service provider, requiring at least that they hand over various keys,
occasionally much more. 'Subpoena' is a placeholder for any similar
document, such as court orders, search warrants, and the American
"National Security Letters". A tad sillily, it's the official
bureaucratic version of lead pipe cryptoanalysis, with lots more
paperwork, and with the claim that the group making the threats have
legitimacy in doing so because they're the government.


My general thought, as of the start of this thread, is that such
attacks could be made much harder to implement and much less effective
by massively increasing the number of CAs (essentially, by turning
everyone into a CA). Sending a lone piece of paper to a single
middle-manager would no longer force sufficient compliance to track
the online behaviour of thousands-to-millions of individuals. Should
measurable effort be required in order to spy on any one individual,
then it seems at least possible that simple budgetary concerns would
reduce the amount of spying done on ordinary citizens. (Of course, my
current .sig quote might apply.)


Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."

From kent@bbn.com  Wed Oct 23 08:05:03 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDDE611E8440 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 08:05:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.508
X-Spam-Level: 
X-Spam-Status: No, score=-106.508 tagged_above=-999 required=5 tests=[AWL=0.091, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1CcIISb5xBFw for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 08:04:56 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id F262811E842F for <perpass@ietf.org>; Wed, 23 Oct 2013 08:04:46 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:49673) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VYzzG-000Nnd-7A; Wed, 23 Oct 2013 11:04:42 -0400
Message-ID: <5267E58A.7070006@bbn.com>
Date: Wed, 23 Oct 2013 11:04:42 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: DataPacRat <datapacrat@gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com>	<CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com>	<CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com>	<52668970.4080500@bbn.com>	<CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com>	<5266ECF2.5020901@bbn.com> <CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com>
In-Reply-To: <CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 15:05:03 -0000

DataPacRat,
> On Tue, Oct 22, 2013 at 5:24 PM, Stephen Kent <kent@bbn.com> wrote:
>> DataPacRat,
>>
>>> ...
>>>
>>> The key item I am gathering from your response is 'trust is not
>>> transitive'. If that's the case, then wouldn't that also apply to
>>> chains of 'official' CAs, as well? If all that is so, then is it
>>> possible that ad-hoc / mesh-network / web-of-trust /
>>> (insert-buzzword-here) CAs would fare no worse by that metric than the
>>> current hierarchical CA system?
>> That is a fair comment for some PKIs, but not all.
>>
>> If a PKI represents an authoritative set of CAs, vs. a "trusted"
>> set of CAs, then this issue does not arise. So for example in the
>> DANE context or the RPKI context, we're not dealing with transitive trust.
> I'm not familiar with many of the details of DANE and RPKI. Do either
> of them provide any protection against a subpoena attack?
I'll let other folks comment on DANE, right Warren?

As for the RPKI, first note that it is a PKI that provides
authenticated info about who holds which blocks of IP address
space, and thus encryption is not an issue. I recently published
an I-D (draft-kent-sidr-suspenders-00) that tries to address concerns
that have been raised by some folks about possible law enforcement
influence on the CAs in the hierarchy. The focus here is at influence
that might be effected across national boundaries.

Steve

From paul@cypherpunks.ca  Wed Oct 23 08:22:51 2013
Return-Path: <paul@cypherpunks.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AD1F11E8447 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 08:22:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.581
X-Spam-Level: 
X-Spam-Status: No, score=-2.581 tagged_above=-999 required=5 tests=[AWL=0.018,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SbM-hv8B9wFV for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 08:22:45 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id 7974511E81B6 for <perpass@ietf.org>; Wed, 23 Oct 2013 08:22:45 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3d4b1b4HTwzB8x; Wed, 23 Oct 2013 11:22:43 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id K4CebT6e4vCQ; Wed, 23 Oct 2013 11:22:42 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Wed, 23 Oct 2013 11:22:42 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id CC58F807CA; Wed, 23 Oct 2013 11:22:40 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id C4BE3805BD; Wed, 23 Oct 2013 11:22:40 -0400 (EDT)
Date: Wed, 23 Oct 2013 11:22:40 -0400 (EDT)
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: DataPacRat <datapacrat@gmail.com>
In-Reply-To: <CAB5WduAnprne+yJdXPAXVihu=5oCZTuTWDyLV8HHRif9jbSnCQ@mail.gmail.com>
Message-ID: <alpine.LFD.2.10.1310231115100.7047@bofh.nohats.ca>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <52668970.4080500@bbn.com> <CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com> <5266ECF2.5020901@bbn.com> <CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com> <6.2.5.6.2.20131022224559.0db01bc8@resistor.net> <52677899.5000203@gmx.net> <CAB5WduAnprne+yJdXPAXVihu=5oCZTuTWDyLV8HHRif9jbSnCQ@mail.gmail.com>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 15:22:51 -0000

On Wed, 23 Oct 2013, DataPacRat wrote:

>>> Do either of them provide any protection against a subpoena attack?

> An exemplar could be the attack against Lavabit's customers, which was
> only prevented by Lavabit shutting down entirely. More generally, it's
> a government issuing some sort of demand, often secret, to an online
> service provider, requiring at least that they hand over various keys,
> occasionally much more.

> My general thought, as of the start of this thread, is that such
> attacks could be made much harder to implement and much less effective
> by massively increasing the number of CAs (essentially, by turning
> everyone into a CA).

That's basically what DANE does. Everyone becomes their own CA within
their own domain, by securely (DNSSEC) publishing TLS public keys.

You still need to run these TLS servers yourself to protect against the
"subpoena attack". So it won't help you with ISPs offering TLS.

But if I run a TLS server in my own infrastructure and publish my TLS
key using DANE as I do:

  dig +short tlsa _443._tcp.nohats.ca
3 0 1 6327233AE15A460A4AD9875C547FE83208924387E09F3A18E6594D4A CCDF5D87

Then no "subpoena attack" could be launched. They could force a
registrar or TLD to change the delegation of my domain by modifying the
DS and NS records at the parent (.ca) and point to their own TLS server
using a modified TLSA record, but this would be clearly visible to the
entire world (and hopefully me, as my server would not be getting any
traffic anymore)

The only defense against a "subpoena attack" is not outsourcing your
end to end encryption. That's what we need to facilitate. Where we do
need to depend on others for delegation, it should be public and we
should have notaries/transparency/logs. Any such change should be
visibly globally and to everyone to avoid targeted attacks.

Paul

From Jeff.Hodges@KingsMountain.com  Wed Oct 23 08:28:13 2013
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96E0311E81AF for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 08:28:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.081
X-Spam-Level: 
X-Spam-Status: No, score=-95.081 tagged_above=-999 required=5 tests=[BAYES_60=1, GB_I_INVITATION=-2, GB_I_LETTER=-2, GB_SUMOF=5, MANGLED_BACK=2.3, RCVD_IN_SORBS_WEB=0.619, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GN7UmBjSb2WT for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 08:28:09 -0700 (PDT)
Received: from outbound-ss-1194.bluehost.com (outbound-ss-1194.bluehost.com [74.220.211.4]) by ietfa.amsl.com (Postfix) with SMTP id DCBBF11E83CF for <perpass@ietf.org>; Wed, 23 Oct 2013 08:28:08 -0700 (PDT)
Received: (qmail 12725 invoked by uid 0); 23 Oct 2013 15:27:46 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy1.mail.unifiedlayer.com with SMTP; 23 Oct 2013 15:27:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default;  h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=IQ35VM01a56YxgL2y3t7z8nvPz9S4zXSa45c77z2VgE=;  b=wQkBkSJ8n1VNnkRqsb/i0vknf9/fOS8nvADgZu5V1TRgliEzFZFnP8j1aGkiuIR7bD0scSfFoIXS6JY5YNzJsFDdgXrxgWqbzggT/W/Bd0ji05kLFpZ8xkKcxMLQTfYg;
Received: from [216.113.168.128] (port=63916 helo=[10.244.137.220]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.80) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1VZ0LY-0000CZ-U4; Wed, 23 Oct 2013 09:27:45 -0600
Message-ID: <5267EAF2.2000608@KingsMountain.com>
Date: Wed, 23 Oct 2013 08:27:46 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130330 Thunderbird/17.0.5
MIME-Version: 1.0
To: IETF Security Area Advisory Group <saag@ietf.org>,  perpass <perpass@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Subject: [perpass] fyi: Dan Geer: Tradeoffs in Cyber Security [9 October 13, UNCC[
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 15:28:13 -0000

.Tradeoffs in Cyber Security
.Dan Geer, 9 October 13, UNCC
<http://geer.tinho.net/geer.uncc.9x13.txt>

Thank you for the invitation to speak with you today, which, let
me be clear, is me speaking as myself and not for anybody or anything
else.  As you know, I work the cybersecurity trade, and I am gratified
that ten days ago the U.S. National Academy of Sciences, on behalf
of the Department of Homeland Security, concluded that cybersecurity
should be seen as an occupation and not a profession because the
rate of change is too great to consider professionalization.[1]
That rate of change is why cybersecurity is perhaps the most
intellectually demanding occupation on the planet.  In writing this
essay, the breadth of tradeoffs in cyber security and that fundamental
intellectual challenge in those tradeoffs caused me to choose to
narrow my focus to one class of tradeoffs in cyber security rather
than them all; looking at the state of the current world, I decided
to focus on personal data and the government.

I am not yet old in chronologic years when compared to the life
expectancies that obtain in the United States of 2013, but measured
in Internet years I'm an ancient.  Ancient-ness makes it tempting
to just tell stories that begin with "In my day" which, if nothing
else, proves that you are no longer in the century in which you
actually belong.  Stories are good, but as economist Roger Brinner
so succinctly said, "The plural of anecdote is not data."

Except that maybe it, or something like it, is.  In a gathering of
this size you can play a game that I'll just describe rather than
play.  Ask for an audience volunteer willing to answer a mildly
embarrassing question, something as mild as "How many pairs of
never-used underwear do you own?"  Then see if that volunteer will
take a second question, and make it similarly mild such as "Have
you ever had an evil grin while wrapping a birthday gift?"  If you
keep going at this game, the volunteer will become uneasy and no
one will get to the proverbial "twenty questions."  Why?  Because
the subject realizes that you are publicly triangulating them, that
data fusion of even mild, innocuous questions has the effect of
painting a picture.  In this game, the questions cannot be mild
enough to be innocuous in sum.  In point of fact, the more inane
the questions are, the more inane the picture painted becomes.

If you get to pick the questions and the subject is sufficiently
willing to keep answering them, then you can pretty much box in
your subject however you like.  Politicians know that the surest
way to win an argument is, as they say, to "frame the question" by
which they mean painting a picture that their opposition has to
work to overcome.  The better practitioners at the political version
of this game can impose a considerable work factor on their opponents,
one that is not unlike what we here call a denial of service.  Every
time there is a televised debate where some self-important interlocutor
asks a question that is impossible to answer succinctly, and then
gives the candidate sixty seconds of airtime, painting into a corner
by way of selective disclosure is what is happening.

I previously worked for a data protection company.  Our product
was, and I believe still is, the most thorough on the market.  By
"thorough" I mean the dictionary definition, "careful about doing
something in an accurate and exact way."  To this end, installing
our product instrumented every system call on the target machine.
Data did not and could not move in any sense of the word "move"
without detection.  Every data operation was caught and monitored.
It was total surveillance data protection.  Its customers were
companies that don't accept half-measures.  What made this product
stick out was that very thoroughness, but here is the point: Unless
you fully instrument your data handling, it is not possible for you
to say what did not happen.  With total surveillance, and total
surveillance alone, it is possible to treat the absence of evidence
as the evidence of absence.  Only when you know everything that
*did* happen with your data can you say what did *not* happen with
your data.

The alternative to total surveillance of data handling is to answer
more narrow questions, questions like "Can the user steal data with
a USB stick?" or "Does this outbound e-mail have a Social Security
Number in it?"  Answering direct questions is exactly what a defensive
mindset says you must do, and that is "never make the same mistake
twice."  In other words, if someone has lost data because of misuse
of some facility on the computer, then you either disable that
facility or you wrap it in some kind of perimeter.  Lather, rinse,
and repeat.  This extends all the way to such trivial matters as
timer-based screen locking.

The difficulty with the defensive mindset is that it leaves in place
the fundamental strategic asymmetry of cybersecurity, namely that
while the workfactor for the offender is the price of finding a new
method of attack, the workfactor for the defender is the cumulative
cost of forever defending against all attack methods yet discovered.
Over time, the curve for the cost of finding a new attack and the
curve for the cost of defending against all attacks to date cross.
Once those curves cross, the offender never has to worry about being
out of the money.  I believe that that crossing occurred some time
ago.

The total surveillance strategy is, to my mind, an offensive strategy
used for defensive purposes.  It says "I don't know what the
opposition is going to try, so everything is forbidden unless we
know it is good."  In that sense, it is like whitelisting applications.
Taking either the application whitelisting or the total data
surveillance approach is saying "That which is not permitted is
forbidden."

The essential character of a free society is this: That which is
not forbidden is permitted.  The essential character of an unfree
society is the inverse, that which is not permitted is forbidden.
The U.S. began as a free society without question; the weight of
regulation, whether open or implicit, can only push it toward being
unfree.  Under the pressure to defend against offenders with a
permanent structural advantage, defenders who opt for forbidding
anything that is not expressly permitted are encouraging a computing
environment that does not embody the freedom with which we are
heretofore familiar.

This brings us to the larger question.  No one in this room needs
to be told that more and more data is collected and more and more
of that data is in play.  The general dynamics of change are these:
Moore's Law continues to give us two orders of magnitude in compute
power per dollar per decade while storage grows at three orders of
magnitude and bandwidth at four.  These are top-down economic
drivers.  As such, the future is increasingly dense with stored
data but, paradoxically, despite the massive growth of data volume,
that data becomes more mobile with time.

Everyone here knows the terminology "attack surface" and knows that
one of the defender's highest goals is to minimize the attack surface
wherever possible.  Every coder adhering to a security-cognizant
software lifecycle program does this.  Every company or research
group engaged in static analysis of binaries does this.  Every
agency enforcing a need-to-know regime for data access does this.
Every individual who reserves one low-limit credit card for their
Internet purchases does this.  I might otherwise say that any person
who encrypts their e-mail to their closest counterparties does this,
but because consistent e-mail encryption is so rare, encrypting
one's e-mail marks it for collection and indefinite retention by
those entities in a position to do so, regardless of what country
you live in.

Data retention for observable data is growing by legislative fiat
seemingly everywhere.  The narrow logic is sound, namely if data
has passed through your hands then that you retain it has no new
risk for the transmitter and may contain valuable protections against
malfeasance.  In parallel with the game I proposed at the outset,
neither you nor I would be concerned with some entity having access
to one of our transmitted messages, but 1000 of them is a different
story, and all-of-them forever is a different world.

I have not yet said the phrase that is the title of this talk, which
is "Tradeoffs in Cyber Security."  Perhaps you will soon see why
I am slow to do so.  As is frequently noted, in the United States
90+% of the critical infrastructure is in private hands.  With each
passing day Internet-dependent services become more essential to
what I will for the moment call "normal life."  As we have seen,
the Government's response to the growing pervasiveness of Internet
services held in private hands is deputize the owners of those
services against their will.  The entire imbroglio around ISPs, the
NSA, and so forth and so on comes down to that -- if the government
does not itself own the critical infrastructure, those that do own
it can and will be compelled to become government agents.  In the
21st century, we have a physical army of volunteers but a digital
army of conscripts.

At the core of it all there is data.  The great majority of attacks
target data acquisition.  The work of surveillance is, per se,
targeted data acquisition.  There is considerable irony in the
Federal Communications Commission classifying the Internet as an
information service and not as a communications service insofar as
while that may have been a gambit to relieve ISPs of telephone-era
regulation, the value of the Internet is ever more the bits it
carries, not the carriage of those bits.  The FCC decisions are
both several and now old, the FCC classified cable as an information
service in 2002, classified DSL as an information service in 2005,
classified wireless broadband as an information service in 2007,
and classified broadband over power lines as an information service
in 2008.  A decision by the D.C. Circuit Court of Appeals on this
very point is pending as we speak: Is the Internet a telecommunications
service or an information service?

If I ran the zoo, I would call up the ISPs and say

   Hello, Uncle Sam here.

   You can charge whatever you like based on the contents of what
   you are carrying, but you are responsible for that content if it
   is illegal; inspecting brings with it a responsibility for what
   you learn.
    -or-
   You can enjoy common carrier protections at all times, but you
   can neither inspect nor act on the contents of what you are
   carrying and can only charge for carriage itself.  Bits are bits.

   Choose wisely.  No refunds or exchanges at this window.

We humans can design systems more complex than we can then operate.
The financial sector's "flash crashes" are an example of that;
perhaps the fifty interlocked insurance exchanges for Obamacare
will soon be another.  Above some threshold of system complexity,
it is no longer possible to test, it is only possible to react to
emergent behavior.  Even the lowliest Internet user is involved --
one web page can easily touch scores of different domains.  While
writing this, the top level page from cnn.com had 400 out-references
to 85 unique domains each of which is likely to be similarly
constructed and all of which move data one way or another.  If you
leave those pages up and they have an auto-refresh, then moving to
a new network signals to every one of those ad networks that you
have done so.

We have known for some time that traffic analysis is more powerful
than content analysis.  If I know everything about to whom you
communicate including when, where, with what inter-message latency
and at what length, then I know you.  If all I have is the undated,
unaddressed text of your messages, then I am an archaeologist, not
a case officer.  The soothing mendacity of proxies for the President
saying "It's only metadata" relies on the ignorance of the listener.

But this is not an attack on the business of intelligence.  The
Intelligence Community is operating under the rules it knows, most
of which you, too, know, and the goal states it has been tasked to
achieve.  The center of gravity for policy is those goal states.

We all know the truism, that knowledge is power.  We all know that
there is a subtle yet important distinction between information and
knowledge.  We all know that a negative declaration like "X did not
happen" can only proven true if you have the enumeration of
*everything* that did happen and can show that X is not in it.  We
all know that when a President says "Never again" he is asking for
the kind of outcome for which proving a negative, lots of negatives,
is categorically essential.  Proving a negative requires omniscience.
Omniscience requires god-like powers.

Perhaps the point is that the more technologic the society becomes,
the greater the dynamic range of possible failures.  When you live
in a cave, starvation, predators, disease, and lightning are about
the full range of failures that end life as you know it and you are
well familiar with all of them.  When you live in a technologic
society where everybody and everything is optimized in some way
akin to just-in-time delivery, the dynamic range of failures is
incomprehensibly larger and largely incomprehensible.  The wider
the dynamic range of failure, the more prevention is the watchword.
Cadres of people charged with defending masses of other people must
focus on prevention, and prevention is all about proving negatives.
Therefore, one must conclude that as technologic society grows more
interdependent within itself, the more it must rely on prediction
based on data collected in broad ways, not targeted ways.

Spoken of in this manner, intelligence agencies that hoover up
everything are reacting rationally to the demand that they ensure
"Never again" comes true.  Not only that, the more complex the
society they are charged with protecting becomes, the more they
must surveil, the more they must analyze, the more data fusion
becomes their only focus.

Part of the picture is that it is categorically true that technology
is today far more democratically available than it was yesterday
and less than it will be tomorrow.  3D printing, the whole "maker"
community, DIY biology, micro-drones, search, constant contact with
whomever you choose to be in constant contact with -- these are all
examples of democratizing technology.  This is perhaps our last
fundamental tradeoff before the Singularity occurs: Do we, as a
society, want the comfort and convenience of increasingly technologic,
invisible digital integration enough to pay for those benefits with
the liberties that must be given up to be protected from the downsides
of that integration?

This is not a Chicken Little talk, it is an attempt to preserve if
not make a choice while choice is still relevant.  We are ever more
a service economy, but every time an existing service disappears
into the cloud, our vulnerability to its absence increases.  Every
time we ask the government to provide goodnesses that can only be
done with more data, we are asking government to collect more data.
Let me ask a yesterday question: How do you feel about traffic jam
detection based on the handoff rate between cell towers of those
cell phones in use in cars on the road?  Let me ask a today question:
How do you feel about auto insurance that is priced from a daily
readout of your automobile's black box?  Let me ask a tomorrow
question: In what calendar year will compulsory auto insurance be
more expensive for the driver who insists on driving their car
themselves rather than letting a robot do it?  How do you feel about
public health surveillance done by requiring Google and Bing to
report on searches for cold remedies and the like?  How do you feel
about a Smart Grid that reduces your power costs and greens the
atmosphere but reports minute-by-minute what is on and what is off
in your home?  Have you or would you install that toilet that does
a urinalysis with every use?

How do you feel about using standoff biometrics as a solution to
authentication?  At this moment in time, facial recognition is
possible at 500 meters, iris recognition is possible at 50 meters,
and heart-beat recognition is possible at 5 meters.  Your dog can
identify you by smell; so, too, can an electronic dog's nose.  Your
cell phone's accelerometer is plenty sensitive enough to identify
you by gait analysis.  There are 3+ billion new photos online each
month, and even if you've never uploaded photos of yourself someone
else has.  All of these are data dependent, cheap, convenient, and
none of them reveal anything that is a secret as we currently
understand the term "secret" yet the sum of them is greater than
the parts.

Everyone in this room knows how and why passwords are a problem.
At the same time, passwords may be flatly essential for a reason
that requires I read a paragraph from Marcia Hofmann's September
12th piece in Wired[2]

    If the police try to force you to divulge the combination to a
    wall safe, your response would reveal the contents of your mind
    and so would implicate the Fifth Amendment.  (If you've written
    down the combination on a piece of paper and the police demand
    that you give it to them, that may be a different story.)

    To invoke Fifth Amendment protection, there may be a difference
    between things we have or are -- and things we know.  The important
    feature about PINs and passwords is that they're generally
    something we know.  These memory-based authenticators are the
    type of fact that benefit from strong Fifth Amendment protection
    should the government try to make us turn them over against our
    will.  Indeed, last year a federal appeals court held that a man
    could not be forced by the government to decrypt data.

    But if we move toward authentication systems based solely on
    physical tokens or biometrics -- things we have or things we
    are, rather than things we remember -- the government could
    demand that we produce them without implicating anything we know.
    Which would make it less likely that a valid privilege against
    self-incrimination would apply.

As Hofmann notes, a Court could find otherwise and set a different
precedent, but her analysis is cautionary.  Perhaps a balance of
power requires the individual actually does have some secrets.  But
is having some secrets the same as having some privacy?

No society, no people need rules against things which are impossible.
Today I observe a couple fornicating on a roof top in circumstances
where I can never know who the couple are.  Do they have privacy?
The answer is "no" if your definition of privacy is the absence of
observability.  The answer is "yes" if your definition of privacy
is the absence of identifiability.

Technical progress in image acquisition guarantees observability
pretty much everywhere now.  Those standoff biometrics are delivering
multi-factor identifiability at ever greater distances.  We will
soon live in a society where identity is not an assertion like "My
name is Dan," but rather an observable like "Sensors confirm that
is Dan."  With enough sensors, concentration camps don't need to
tatoo their inmates.  How many sensors are we installing in normal
life?

If data kills both privacy as impossible-to-observe and privacy as
impossible-to-identify, then what might be an alternative?  If you
are an optimist or an apparatchik, then your answer will tend toward
rules of procedure administered by a government you trust or control.
If you are a pessimist or a hacker/maker, then your answer will
tend towards the operational, and your definition of a state of
privacy will be mine: the effective capacity to misrepresent yourself.

Misrepresentation is using disinformation to frustrate data fusion
on the part of whomever it is that is watching you.  Misrepresentation
means paying your therapist in cash under an assumed name.
Misrepresentation means arming yourself not at Walmart but in living
rooms.  Misrepresentation means swapping affinity cards at random
with like-minded folks.  Misrepresentation means keeping an inventory
of misconfigured webservers to proxy through.  Misrepresentation
means putting a motor-generator between you and the Smart Grid.
Misrepresentation means using Tor for no reason at all.  Misrepresentation
means hiding in plain sight when there is nowhere else to hide.
Misrepresentation means having not one digital identity that you
cherish, burnish, and protect, but having as many as you can.  Your
identity is not a question unless you work to make it be.

The Obama administration's issuance of a National Strategy for
Trusted Identities in Cyberspace is case-in-point; it "calls for
the development of interoperable technology standards and policies
-- an 'Identity Ecosystem' -- where individuals, organizations, and
underlying infrastructure -- such as routers and servers -- can be
authoritatively authenticated."  If you can trust a digital identity,
that is because it can't be faked.  Why does the government care
about this?  It cares because it wants to digitally deliver government
services and it wants attribution.  Is having a non-fake-able digital
identity for government services worth the registration of your
remaining secrets with that government?  Is there any real difference
between a system that permits easy, secure, identity-based services
and a surveillance system?  Do you trust those who hold surveillance
data on you over the long haul by which I mean the indefinite
retention of transactional data between government services and
you, the individual required to proffer a non-fake-able identity
to engage in those transactions?  If you are building authentication
systems today, then you are playing in this league.

Standoff biometry by itself terminates the argument over whether
security and privacy are a zero sum game -- the sum is nowhere near
that good, and it is the surveilled who are capitalizing the system.
As with my game, entirely innocuous things become problematic when
surveilled.  Shoshana Zuboff, Harvard Business School Emerita,
called this "anticipatory conformity" and said:

    [W]e anticipate surveillance and we conform, and we do that with
    awareness. We know, for example, when we're going through the
    security line at the airport not to make jokes about terrorists
    or we'll get nailed, and nobody wants to get nailed for cracking
    a joke.  It's within our awareness to self-censor.  And that
    self-censorship represents a diminution of our freedom.  We
    self-censor not only to follow the rules, but also to avoid the
    shame of being publicly singled out.  Once anticipatory conformity
    becomes second nature, it becomes progressively easier for people
    to adapt to new impositions on their privacy, their freedoms.
    The habit has been set.

Leonard Downie, the former executive editor of The Washington Post,
wrote in that very paper on October 4th:

    Many reporters covering national security and government policy
    in Washington these days are taking precautions to keep their
    sources from becoming casualties in the Obama administration's
    war on leaks.  They and their remaining government sources often
    avoid telephone conversations and e-mail exchanges, arranging
    furtive one-on-one meetings instead.  A few news organizations
    have even set up separate computer networks and safe rooms for
    journalists trained in encryption and other ways to thwart
    surveillance.[3]

Once again, this is all about data and, to the exact point, about
fused data from many sources.  Do you like it?  Do you not like it?
All you engineers know that for the engineer, it is "fast, cheap,
reliable: choose two."  I am here to argue that for policy makers
working the cybersecurity beat, it is "freedom, security, convenience:
choose two."  But so long as policy makers in a democracy eventually
come around to the people's desires, my argument, such as it is,
is with the public at large, not with those who are trying to deliver
failure-proof protection to an impatient, risk-averse, gadget-addicted
population.

We learned in the financial crisis that there are levels of achievable
financial return that require levels of unsustainable financial
risk.  We learned that lesson on the large scale and on the small,
on the national scale and on the personal one.  I would like us to
not have to learn the parallel lesson with respect to data that
powers the good versus data that powers the bad.  If we can, for
the moment, think of data as a kind of money, then investing too
much our own data in an institution too big to influence is just
as insensate as investing too much of our own money in an institution
too big to fail.

I have become convinced that all security tools and all the data
that they acquire are, as they say in the military, dual use -- the
security tools and their data can be used for good or for ill.  I
am similarly convinced that the root cause, the wellspring of risk
is dependence, especially dependence on expectations of system
state.  If you would accept that you are most at risk from the
things you most depend upon, then damping dependence is the cheapest,
most straightforward, lowest latency way to damp risk.  This is,
in further analogy, just like the proven fact that the fastest and
most reliable way to put more money on the bottom line is through
cost control.  John Gilmore famously said, "Never give a government
a power you wouldn't want a despot to have."  I might amend that
to read "Never demand the government have a power you wouldn't want
a despot to have."

I have also become convinced that a state of security is one in
which there is no unmitigatable surprise, that is to say that you
have reached a state of security when you can mitigate the surprises
you will face.  Note that I did not say a state of security is the
absence of surprise, but rather the absence of unmitigatable surprise.
California Senate Bill 1386, the first of the state-level data
breach laws, did not criminalize losing credit card data; rather,
it prescribed the actions that a firm which has lost the credit
card data of its customers must take.  SB1386 is wise in that regard.

But only rarely do we ask our Legislatures to make mitigation
effective.  Instead, over and over again we ask our Legislatures
to make failure impossible.  When you embark on making failure
impossible, and that includes delivering on statements like "Never
again," you are forced into cost-benefit analyses where at least
one of the variables is infinite.  It is not heartless to say that
if every human life is actually priceless, then it follows that
there will never be enough money.  One is not anti-government to
say that doing a good job at preventing terrorism is better than
doing a perfect job.

And there is the Gordian Knot of this discussion: As society becomes
more technologic, even the mundane comes to depend on distant digital
perfection.  Our food pipeline contains less than a week's supply,
just to take one example, and that pipeline depends on digital
services for everything from GPS driven tractors to robot vegetable
sorting machinery to coast-to-coast logistics to RFID-tagged
livestock.  Is all the technologic dependency and the data that
fuels it making us more resilient or more fragile?

In cybersecurity practice, in which most of us here work, we seem
to be getting better and better.  We have better tools, we have
better understood practices, and we have more colleagues.  That's
the plus side.  But I'm interested in the ratio of skill to challenge,
and as far as I can estimate, we are expanding the society-wide
attack surface faster than we are expanding our collection of tools,
practices, and colleagues.  If you are growing more food, that's
great.  If your population is growing faster than your improvements
in food production can keep up, that's bad.  As with most decision
making under uncertainty, statistics have a role, particularly ratio
statistics that magnify trends so that the latency of feedback from
policy changes is more quickly clear.  Yet statistics, too, require
data.

In medicine, we have well established rules about medical privacy.
Those rules are helpful.  Those rules also have holes big enough
to drive a truck through.  Regardless, when you check into the
hospital there is an accountability-based, need-to-know regime that
governs your data most days.  However, if you check in with Bubonic
Plague or Anthrax, you will have zero privacy as those are mandatory
data reporting conditions.  So I ask you, would it make sense in a
public health of the Internet way to have a mandatory reporting
regime for cybersecurity failures?  Do you favor having to report
penetrations of your firm or household to the government or face
criminal charges for failing to make that report?  Is that data
that you want to share?  Sharing it can only harm you.  It might
help others.

This is not, in fact, about you personally.  Even Julian Assange,
in his book _Cypherpunks_, said "Individual targeting is not the
threat."  It is about a culture where personal data is increasingly
public data, and assembled en masse.  All we have to go on now is
the hopeful phrase "A reasonable expectation of privacy" but what
is reasonable when one inch block letters can be read from orbit?
What is reasonable when all of your financial or medical life is
digitized and available primarily over the Internet?  Do you want
ISPs to retain e-mails when you are asking your doctor a medical
question (or, for that matter, do you want those e-mails to become
part of your Electronic Health Record)?  Who owns your medical data
anyway?  Until the 1970s, it was the patient but regulations then
made it the provider.  With an Electronic Health Record, it is
likely to revert to patient ownership but if the EHR belongs to
you, do you get to surveil the use that is made of it by medical
providers and those that they outsource to?  And if not, why not?

Observability is fast extending to devices.  Some of it has already
appeared, such as the fact that any newish car is broadcasting four
unique Bluetooth radio IDs, one for each tire's valve stem.  Some
of it is in a daily progression, such as training our youngsters
to accept surveillance by stuffing a locator beacon in their backpack
as soon as they go off to Kindergarten.  Some of it is newly
technologic, like through the wall imaging, and some of it is simply
that we are now surrounded by cameras that we can't even see where
no one camera is important but they are important in the aggregate
when their data is fused.  Anything that has "wireless" in its name
creates an opportunity for traffic analysis.

In the days of radio, there was Sarnoff's Law, namely that the value
of a broadcast network was proportional to N, the number of listeners.
Then came packetized network communications and Metcalfe's Law,
that the value of a network was proportional to N squared, the
number of possible two-way conversations.  We are now in the era
of Reed's Law where the value of a network is proportional to the
number of groups that can form in it, that is to say 2 to the power
N.  Reed's Law is the new reality because it fits the age of social
networks.  In tune with my claim that everything is dual use, any
entity (such as a government) that can acquire the entirety of all
social media transactions learns nearly everything there is to
learn, and all in one place, and all courtesy of the participants
themselves.  The growth of social networks is a surveiller's dream
come true.

Total system complexity from a security person's point of view is
essentially just geometry.  Security is non-composable -- we can
get insecure results even when our systems are assembled from secure
components.  The more components, the less likely a secure result.
Might the same be said of data?  Of course it can -- search for the
term "reidentification" and you'll find that incomplete data, even
intentionally anonymized data, can be put together if there is
enough of it, and what is enough seems to be a lower hurdle every
year.  Put differently, if you share one fact each with ten different
people, how many of the ten have to be compromised before you are
exposed?

Howard Brin was the first to suggest that if you lose control over
what data is collected on you, the only freedom-preserving alternative
is that if everyone else does, too.  If the government or the
corporation can surveil you without asking, then the balance of
power is preserved when you can surveil them without asking.  Bruce
Schneier countered that preserving the balance of power doesn't
mean much if the effect of new information is non-linear, that is
to say if new information is the exponent in an equation, not one
more factor in a linear sum.[4]  Solving that debate requires you
have a strong opinion on what data fusion means operationally to
you, to others, to society.

There is some axiom of Nature at work here.  Decision making under
uncertainty is what we do in the small, and what policy makers do
in the large.  Uncertainty is partial information, so it is natural
to want information that is less partial.  We are closing in on
having more information than we can use.  The Intelligence Community
has felt the heat of too much information to handle for some time.
The business community is feeling it now insofar as it is far cheaper
to keep everything than it is to do careful selective deletion.
The individual is feeling pretty warm, too, as evidenced by something
as simple as how much they depend on the ability to search their
e-mail rather than folderizing it after reading.

I have amassed all the fortune I am going to amass.  I have raised
all the children I am going to raise.  I have made all the commitments
I am going to make.  I am old enough that I can opt out of many of
the corporate data collection schemes and live out the remainder
of my days unaffected by what I might be missing out on.  That those
corporations are agents of government data collection means that
for now I am opting out of some of that as well.  Anyone under 40
has no such option, or at least no such easy option.  Everything I
am talking about here is a young person's problem, just like the
National Debt, which the young will soon inherit.  It is your choice
and responsibility whether to demand protections and conveniences
and services that can only be done with pervasive data.  It is your
choice and responsibility whether to fear only fear itself or to
fear the absence of fear.  It is your choice and responsibility to
be part of the problem or part of the solution.

Any finite tolerance for risk caps the amount of information you
will want in play.  This has nothing whatsoever to do with whether
you have anything to hide, and therefore it is your choice and
responsibility to make it understood that just as "..there is nothing
sinister in so arranging one's affairs as to [minimize] taxes"[5]
neither is there anything sinister in minimizing the data collectible
from you.  The price of freedom is the probability of crime.  But
as technology progresses, your choice will not be between Big Brother
or no Big Brother, rather it is already between one Big Brother and
lots of Little Brothers.  Think carefully, yours is the last
generation that will have a choice.


As Dylan Thomas wrote, "Do not go gentle into that good night//
Rage, rage against the dying of the light."

Thank you for hearing me out.



--------------

[1] "Professionalizing the Nation's Cyber Workforce?"
www.nap.edu/openbook.php?record_id=18446

[2] "Fingerprint ID May Mean You Can't 'Take the Fifth'," Marcia Hofmann
www.wired.com/opinion/2013/09/the-unexpected-result-of-fingerprint-authentication-that-you-cant-take-the-fifth

[3] "In Obama's War on Leaks, Reporters Fight Back," Leonard Downie
www.washingtonpost.com/opinions/in-obamas-war-on-leaks-reporters-fight-b
ack/2013/10/04/70231e1c-2aeb-11e3-b139-029811dbb57f_print.html

[4a] "The Myth of the 'Transparent Society'," Bruce Schneier
www.wired.com/politics/security/commentary/securitymatters/2008/03/securitymatters_0306
[4b] "Rebuttal," David Brin
www.wired.com/politics/security/news/2008/03/brin_rebuttal

[5] Judge Learned Hand, COMMISSIONER V. NEWMAN, 159 F.2D 848, 850-851
(CA2 1947): "Over and over again, the courts have said there is
nothing sinister in so arranging one's affairs as to keep taxes as
low as possible.  Everybody does so, rich and poor, and all do
right, for nobody owes any duty to pay more tax than the law demands.
Taxes are enforced exactions, not voluntary contributions.  To
demand more in the name of morals is mere cant."

---
end

From kent@bbn.com  Wed Oct 23 08:32:08 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B07411E8451 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 08:32:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.209
X-Spam-Level: 
X-Spam-Status: No, score=-106.209 tagged_above=-999 required=5 tests=[AWL=-0.211, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_43=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X3oai0lZPjur for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 08:31:56 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id ACBA211E81AF for <perpass@ietf.org>; Wed, 23 Oct 2013 08:31:56 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:49724) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VZ0Pc-000OVx-0L; Wed, 23 Oct 2013 11:31:56 -0400
Message-ID: <5267EBEB.5030701@bbn.com>
Date: Wed, 23 Oct 2013 11:31:55 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Nicholas Weaver <nweaver@icsi.berkeley.edu>
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>	<5265FB71.1020408@cisco.com> <526617D2.5060903@gmx.net> <6.2.5.6.2.20131021232826.0dbc9530@resistor.net> <5267E076.5010700@bbn.com> <21D6C0EE-0C10-4DC9-ADD6-A6CFA212D163@icsi.berkeley.edu>
In-Reply-To: <21D6C0EE-0C10-4DC9-ADD6-A6CFA212D163@icsi.berkeley.edu>
Content-Type: multipart/alternative; boundary="------------080009000306050902010801"
Cc: perpass@ietf.org
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 15:32:08 -0000

This is a multi-part message in MIME format.
--------------080009000306050902010801
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit


>> The major NIST crypto standards are the result of solicitations that are open to the world, at least
>> in the recent past.AES was developed by two Belgians. SHA-3 is the result of work more Belgians.
>> Should we infer that NSA co-opted theseBelgian crypto experts?
> Rijndael was accepted unchanged as AES.  Thats why as part of everything, people still trust it.
>
> Keccak however, is being mysteriously changed in the SHA-3 process, which is not inspiring confidence in the process:
>
> https://www.schneier.com/blog/archives/2013/10/will_keccak_sha-3.html
>

I read Bruces's post at the cited URL. The developers of the alg replied:

    EDITED TO ADD (10/5): It's worth reading the response from the
    Keccak team on this issue.
    I misspoke when I wrote that NIST made "internal changes" to the
    algorithm. That was sloppy of me.
    The Keccak permutation remains unchanged. What NIST proposed was
    reducing the hash function's capacity
    in the name of performance. One of Keccak's nice features is that
    it's highly tunable.

    I do not believe that the NIST changes were suggested by the NSA.
    Nor do I believe that the changes
    make the algorithm easier to break by the NSA. I believe NIST made
    the changes in good faith, and
    the result is a better security/performance trade-off. My problem
    with the changes isn't cryptographic,
    it's perceptual. There is so little trust in the NSA right now, and
    that mistrust is reflecting on NIST.
    I worry that the changed algorithm won't be accepted by an
    understandably skeptical security community, and that no one will
    use SHA-3 as a result.


That does not seem consistent with "mysteriously changed."

Steve

--------------080009000306050902010801
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <br>
    <blockquote
      cite="mid:21D6C0EE-0C10-4DC9-ADD6-A6CFA212D163@icsi.berkeley.edu"
      type="cite">
      <blockquote type="cite">
        <pre wrap="">The major NIST crypto standards are the result of solicitations that are open to the world, at least
in the recent past.AES was developed by two Belgians. SHA-3 is the result of work more Belgians.
Should we infer that NSA co-opted theseBelgian crypto experts?
</pre>
      </blockquote>
      <pre wrap="">
Rijndael was accepted unchanged as AES.  Thats why as part of everything, people still trust it.

Keccak however, is being mysteriously changed in the SHA-3 process, which is not inspiring confidence in the process:

<a class="moz-txt-link-freetext" href="https://www.schneier.com/blog/archives/2013/10/will_keccak_sha-3.html">https://www.schneier.com/blog/archives/2013/10/will_keccak_sha-3.html</a>

</pre>
    </blockquote>
    <br>
    I read Bruces's post at the cited URL. The developers of the alg
    replied:<br>
    <br>
    <blockquote>EDITED TO ADD (10/5): It's worth reading the response
      from the Keccak team on this issue.<br>
      I misspoke when I wrote that NIST made "internal changes" to the
      algorithm. That was sloppy of me. <br>
      The Keccak permutation remains unchanged. What NIST proposed was
      reducing the hash function's capacity <br>
      in the name of performance. One of Keccak's nice features is that
      it's highly tunable.<br>
      <br>
      I do not believe that the NIST changes were suggested by the NSA.
      Nor do I believe that the changes <br>
      make the algorithm easier to break by the NSA. I believe NIST made
      the changes in good faith, and <br>
      the result is a better security/performance trade-off. My problem
      with the changes isn't cryptographic, <br>
      it's perceptual. There is so little trust in the NSA right now,
      and that mistrust is reflecting on NIST. <br>
      I worry that the changed algorithm won't be accepted by an
      understandably skeptical security community, and that no one will
      use SHA-3 as a result.<br>
    </blockquote>
    <br>
    That does not seem consistent with "mysteriously changed." <br>
    <br>
    Steve<br>
  </body>
</html>

--------------080009000306050902010801--

From rutkowski.tony@gmail.com  Wed Oct 23 08:43:40 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1971B11E842A for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 08:43:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oV8KvA0ToEcS for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 08:43:39 -0700 (PDT)
Received: from mail-qa0-x234.google.com (mail-qa0-x234.google.com [IPv6:2607:f8b0:400d:c00::234]) by ietfa.amsl.com (Postfix) with ESMTP id A7FCF11E8451 for <perpass@ietf.org>; Wed, 23 Oct 2013 08:42:58 -0700 (PDT)
Received: by mail-qa0-f52.google.com with SMTP id w8so620213qac.11 for <perpass@ietf.org>; Wed, 23 Oct 2013 08:42:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=Y0VcdNK63YVgvxIMsOPMfFQWQkIspqZzbYaoJuygWTU=; b=rDY6/7wyNEKcsUq2cBOU5c7krX+j2x+hywd9tyFDZGwVX2pu2GN1ZYTXys5dTAiIcA WfdLhQI6WX7ahu2RI10ZN6F9M2wPah8FAlgog0xcrhNJ1+nWXjm4VE58M81F/eqg32CG ahx8MjVU9jOB1fx2hE2DQGsar3G3lWDjGJHG7ODaeEKl1kzgkcUSGO5j1c57okV5zvOz fEWoJWUXaoDES49SswiOqXI1iHWoBasbfuSPsA3PuFm7S6vQCBMkShdLFm+6PF6MjTX1 yDNllUOc/AUfxgZT5jic6T3Q16CAFOuiu3ntHkkKQHUPuaHmyLzEDaTyi148Is86rc0R 5/DQ==
X-Received: by 10.49.61.9 with SMTP id l9mr2091693qer.64.1382542968529; Wed, 23 Oct 2013 08:42:48 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id r5sm62582014qaj.13.2013.10.23.08.42.47 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 23 Oct 2013 08:42:47 -0700 (PDT)
Message-ID: <5267EE76.8060500@gmail.com>
Date: Wed, 23 Oct 2013 11:42:46 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Yoav Nir <ynir@checkpoint.com>,  Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com>	<CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com>	<CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com>	<52668970.4080500@bbn.com>	<CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com>	<5266ECF2.5020901@bbn.com>	<CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com>	<6.2.5.6.2.20131022224559.0db01bc8@resistor.net>	<52677899.5000203@gmx.net> <783BD9B2-705A-490D-AE32-9BB5EAAD220A@checkpoint.com>
In-Reply-To: <783BD9B2-705A-490D-AE32-9BB5EAAD220A@checkpoint.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: SM <sm@resistor.net>, "<perpass@ietf.org>" <perpass@ietf.org>, DataPacRat <datapacrat@gmail.com>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 15:43:40 -0000

A subpoena in this context is one of the
multiple instantiations of "lawful authorization."
The exact form varies in different jurisdictions
pursuant to the statutory or administrative law
being employed.

The force and effect derives from the fact
that the entity receiving the lawful authorization
and refuses will befall one of the following
adverse effects: loss of business authorization,
loss of equipment/software approval, fine, or
imprisonment.

The global requirements that are implemented
with minor modifications in essentially every
nation can be found here.  Those implementations
have multiple sub-categories depending on whether
the handovers are real-time or not, and whether
content or metainformation/signalling is being
provided.

http://www.etsi.org/deliver/etsi_ts/101300_101399/101331/01.03.01_60/ts_101331v010301p.pdf

Vendors and service providers build
and operate devices and services to
be compliant.  The encryption controls
can be found at Sec. 4.3.

The underlying international law supporting
these requirements has a long and extensive
history dating back to 1850.

Hope this helps.

-t


On 10/23/2013 4:10 AM, Yoav Nir wrote:
> So do I, and AFAIK it can compel you to come and testify, or to hand over some documents. I don't think it can be used to force a CA to sign a certificate request or for whoever to register bad keys in the DNS.
>
> Not saying a national government can't do either of these things, but not with a subpoena.


From dhc@dcrocker.net  Wed Oct 23 09:29:23 2013
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E374011E8431 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 09:29:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level: 
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_43=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USacuSQUz-lu for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 09:29:19 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id EB06211E83F2 for <perpass@ietf.org>; Wed, 23 Oct 2013 09:29:12 -0700 (PDT)
Received: from [172.16.22.13] ([207.253.19.196]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r9NGT5AF023452 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 23 Oct 2013 09:29:09 -0700
Message-ID: <5267F949.2010302@dcrocker.net>
Date: Wed, 23 Oct 2013 12:28:57 -0400
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>, perpass@ietf.org
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>	<5265FB71.1020408@cisco.com>	<526617D2.5060903@gmx.net>	<6.2.5.6.2.20131021232826.0dbc9530@resistor.net> <5267E076.5010700@bbn.com>
In-Reply-To: <5267E076.5010700@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Wed, 23 Oct 2013 09:29:10 -0700 (PDT)
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 16:29:24 -0000

On 10/23/2013 10:43 AM, Stephen Kent wrote:
> The major NIST crypto standards are the result of solicitations that are
> open to the world, at least
> in the recent past.AES was developed by two Belgians. SHA-3 is the
> result of work more Belgians.
> Should we infer that NSA co-opted theseBelgian crypto experts?

Since I've never participated in those processes, but did assume that 
the major benefit of open review would be assurance of 'valid' 
operation, I'm left with the conclusion that the compromised algorithms 
did not receive sufficiently diligent review.

Or is there some other aspect of the technology or process that would 
account for the cited algorithm weakness' slipping through?


> I think it is appropriate to focus on specific NIST crypto standards
> that may have been inappropriately influenced,
> rather than assuming that every NIST crypto standard is suspect. So far,
> the only NIST crypto standard I've seen for
> which there appears to be an objectively-justified concern is the PRNG
> based on ECC.

This presumes that we/the-public know the full list of inappropriately 
influenced work and that there is a way of detecting inappropriate 
influence on future work.

Since such monitoring and alerting failed in the past, what will ensure 
its succeeding in the future?

d/
-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

From datapacrat@gmail.com  Wed Oct 23 09:51:14 2013
Return-Path: <datapacrat@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0BE911E8457 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 09:51:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.619
X-Spam-Level: 
X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[AWL=-0.019, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MudIPZRnXdSP for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 09:51:14 -0700 (PDT)
Received: from mail-we0-x229.google.com (mail-we0-x229.google.com [IPv6:2a00:1450:400c:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id 6FCE611E8445 for <perpass@ietf.org>; Wed, 23 Oct 2013 09:51:09 -0700 (PDT)
Received: by mail-we0-f169.google.com with SMTP id q58so1129619wes.28 for <perpass@ietf.org>; Wed, 23 Oct 2013 09:51:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=JFRSr9C4L2hPJMotTusmvCiw6UwnWYWglzp0daIHhko=; b=nKJm8JgadAAlpOnwhQT0ec0B6vkTmyGqvJvaoTrtyB0zqfehJ3pFLSp/8B8a9+wRYt vT9mC2Hpm7yHc8om27aN/G25rieoLBxI/vv2s95DN6pxZw3rQz5jbEiKmj4/hEUuMqTN 5pNu4Lw3TqJSBmkr9eKjNj/OyhRF+zi1/+Cxf46edqqh1rh199XkdQ7NKwQnA9OnTwlR XSxq+vlD4jTaMnQjtf/4ESL0PcNtAjFOoWQ84MBsvPYWaG9h4ufk/ovg3/jy73frhbFY 5JxMJ3fA0GrzK78kRvVLdPFvu7zMk+dr/Q+YZp0XE26xkNt9XbIPQCAK0YtAZlRWAAPV ONNA==
MIME-Version: 1.0
X-Received: by 10.194.219.1 with SMTP id pk1mr2523946wjc.36.1382547067237; Wed, 23 Oct 2013 09:51:07 -0700 (PDT)
Received: by 10.194.165.170 with HTTP; Wed, 23 Oct 2013 09:51:07 -0700 (PDT)
In-Reply-To: <alpine.LFD.2.10.1310231115100.7047@bofh.nohats.ca>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <52668970.4080500@bbn.com> <CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com> <5266ECF2.5020901@bbn.com> <CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com> <6.2.5.6.2.20131022224559.0db01bc8@resistor.net> <52677899.5000203@gmx.net> <CAB5WduAnprne+yJdXPAXVihu=5oCZTuTWDyLV8HHRif9jbSnCQ@mail.gmail.com> <alpine.LFD.2.10.1310231115100.7047@bofh.nohats.ca>
Date: Wed, 23 Oct 2013 12:51:07 -0400
Message-ID: <CAB5WduA7iAyqOeiMAkiRoHg=AT3D0WEZap_X+H4iVkVauSRy9g@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Paul Wouters <paul@cypherpunks.ca>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 16:51:15 -0000

On Wed, Oct 23, 2013 at 11:22 AM, Paul Wouters <paul@cypherpunks.ca> wrote:
> On Wed, 23 Oct 2013, DataPacRat wrote:

>> My general thought, as of the start of this thread, is that such
>> attacks could be made much harder to implement and much less effective
>> by massively increasing the number of CAs (essentially, by turning
>> everyone into a CA).
>
> That's basically what DANE does. Everyone becomes their own CA within
> their own domain, by securely (DNSSEC) publishing TLS public keys.

> The only defense against a "subpoena attack" is not outsourcing your
> end to end encryption. That's what we need to facilitate.

I think I see a differing assumption between DANE and RPKI, and the
model I'm using. Both of those security systems seem to be aimed at
provably linking a domain name with a particular server, so that when
you go to 'gmail.com' you're not secretly being redirected to some
other server which decrypts your private email. But if no domain name
is involved, neither of those systems applies.

I'm thinking of a different layer of security: the end-user, rather
than their ISP. While many companies and some people run their own
domain names, an increasing number of people don't even bother having
email addresses anymore - they have accounts at an ever-shifting
collection of social media sites, each of which has different
capabilities, each of which uses different security procedures.
Proving that the tweets sent by @DataPacRat are from the same person
as the posts of facebook.com/DataPacRat, and both are sent by someone
posting to an otherwise-anonymized Tor-based bulletin board, seems, to
me, to be a related but slightly different problem than securing
twitter.com and facebook.com themselves.

Put another way - I'm trying to find a security solution that includes
sites with URIs resembling randomstring.onion , as well as whatever
random pseudo-URIs will have been invented in five to ten years. With
luck, such a solution will be broad enough to cover more ordinary
internet usage, as well. As .onion addresses don't use the DNS system,
DNS-based security systems aren't quite general enough for what I'm
hoping to aim for. A highly distributed CA-like system /might/ be
broad enough to do the trick (not to mention many other tricks); it's
possible I'll have to look somewhere else, or even that it's not a
soluble problem.

There don't seem to be many people thinking in this direction, so I'm
doing what I can to figure out as much as I can, in case I manage to
collect enough ideas to assemble into a useful new pattern. Signed
vCards seem as if they'd be a handy tool to build any such solution
on, as they allow for keys to be asserted as being linked to arbitrary
ID strings (including any given URI or pseudo-URI). Working out a
system for easy use, exchange, and storage of Signed vCards is...
still an open problem. Since enduser-to-enduser security would help
reduce pervasive passive monitoring, and I've started getting a better
handle on IETF mailing lists and working groups, I've brought up the
idea here, in hopes of evoking as many potentially useful ideas as I
can.

I'm all too aware that this logic chain may have fallen off the rails
at just about any point in the above-described thought processes, so
I'm also trying to keep an eye out for any alternative approaches that
can handle non-DNS-based identifiers.


We now return you to your regularly scheduled mailing list.


Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."

From scott.brim@gmail.com  Wed Oct 23 10:08:55 2013
Return-Path: <scott.brim@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AA1A11E8170; Wed, 23 Oct 2013 10:08:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.589
X-Spam-Level: 
X-Spam-Status: No, score=-102.589 tagged_above=-999 required=5 tests=[AWL=0.010, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PO2zFVj98yqh; Wed, 23 Oct 2013 10:08:53 -0700 (PDT)
Received: from mail-ob0-x22d.google.com (mail-ob0-x22d.google.com [IPv6:2607:f8b0:4003:c01::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 5EC9911E81DC; Wed, 23 Oct 2013 10:08:49 -0700 (PDT)
Received: by mail-ob0-f173.google.com with SMTP id gq1so1099511obb.18 for <multiple recipients>; Wed, 23 Oct 2013 10:08:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=3XAFIOIhAyuWyFdodRlBIGMa0eEmeybO1rxeot9rgXE=; b=dnaoNmPG52xPZBlg3Qnai+qwKh5hNNOpAy0ePL5DkhJbhHzxp3WOrF2Y22P4cdHcS7 Y2vL4fIkDNTmbfbBFMMDNwMbP2NS6dL8XtCio7VooFGH4yEOqm6cYODo3+Ru1v4eT3IS 90Cjeynpxc3YgkAPPuSkNkWA+J/zpvbSOQm7GqylGugqPxx87L4x90fU75OoaMUXf9De ThHKzRJh6QYBzw26mB+kRy1kHN+9TFviUTHCkMwks89HjaKLDnyBvOzyXiDLffujCOf3 dlNrKycDYvENkQFBdpaLUJvsY2rrsC9pPN6HF9GXJHMAhoW9mnIrOh+aC31Rk2EJmMsD FwAA==
X-Received: by 10.60.42.203 with SMTP id q11mr2704061oel.54.1382548127677; Wed, 23 Oct 2013 10:08:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.2.134 with HTTP; Wed, 23 Oct 2013 10:08:27 -0700 (PDT)
In-Reply-To: <5267EAF2.2000608@KingsMountain.com>
References: <5267EAF2.2000608@KingsMountain.com>
From: Scott Brim <scott.brim@gmail.com>
Date: Wed, 23 Oct 2013 13:08:27 -0400
Message-ID: <CAPv4CP-mxR5whK+yW6Gjrs20nJ+3zZ7Wwyn3_ZRdUw-bS0y2Mg@mail.gmail.com>
To: "=JeffH" <Jeff.Hodges@kingsmountain.com>
Content-Type: multipart/alternative; boundary=001a11c207f009049404e96b9276
Cc: perpass <perpass@ietf.org>, IETF Security Area Advisory Group <saag@ietf.org>
Subject: Re: [perpass] fyi: Dan Geer: Tradeoffs in Cyber Security [9 October 13, UNCC[
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 17:08:55 -0000

--001a11c207f009049404e96b9276
Content-Type: text/plain; charset=ISO-8859-1

This is fantastic.  Thanks.

It illumines something: Surveillance by governments is not the biggest of
our problems. Privacy in the ordinary operation of a technology-based
society is significantly bigger. Criminals, big business ... but also
businesses and casual individuals have access to data you wish they didn't.
Yes the IETF needs to do better with crypto and authentication, but the
fundamental designs of the protocols they are being added to need to
support them.  From the bottom up, we need to proactively (not reactively)
make sure that IETF protocol designs take privacy into consideration.

Scott

--001a11c207f009049404e96b9276
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra">This is fantastic. =A0Thanks.</=
div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">It illu=
mines something: Surveillance by governments is not the biggest of our prob=
lems. Privacy in the ordinary operation of a technology-based society is si=
gnificantly bigger. Criminals, big business ... but also businesses and cas=
ual individuals have access to data you wish they didn&#39;t. Yes the IETF =
needs to do better with crypto and authentication, but the fundamental desi=
gns of the protocols they are being added to need to support them. =A0From =
the bottom up, we need to proactively (not reactively) make sure that IETF =
protocol designs take privacy into consideration.=A0</div>

<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">Scott</div>=
</div>

--001a11c207f009049404e96b9276--

From kent@bbn.com  Wed Oct 23 10:19:06 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D350611E8455 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 10:19:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.507
X-Spam-Level: 
X-Spam-Status: No, score=-106.507 tagged_above=-999 required=5 tests=[AWL=0.092, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id plUXl3py6pnz for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 10:19:01 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id DA9F911E8470 for <perpass@ietf.org>; Wed, 23 Oct 2013 10:18:55 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:50261) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VZ258-0009H9-72; Wed, 23 Oct 2013 13:18:54 -0400
Message-ID: <526804FE.5010907@bbn.com>
Date: Wed, 23 Oct 2013 13:18:54 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: dcrocker@bbiw.net, perpass@ietf.org
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>	<5265FB71.1020408@cisco.com>	<526617D2.5060903@gmx.net>	<6.2.5.6.2.20131021232826.0dbc9530@resistor.net> <5267E076.5010700@bbn.com> <5267F949.2010302@dcrocker.net>
In-Reply-To: <5267F949.2010302@dcrocker.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 17:19:06 -0000

Dave,

The one NIST standard that has been identified as suspect did not follow 
the open solicitation
and review processes to which I alluded.

Steve

From kent@bbn.com  Wed Oct 23 10:21:28 2013
Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52AC011E847F for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 10:21:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.509
X-Spam-Level: 
X-Spam-Status: No, score=-106.509 tagged_above=-999 required=5 tests=[AWL=0.090, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YVbANCfBSOxf for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 10:21:22 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 4A64111E8470 for <perpass@ietf.org>; Wed, 23 Oct 2013 10:21:10 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:50262) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VZ27J-0009JE-Vk for perpass@ietf.org; Wed, 23 Oct 2013 13:21:10 -0400
Message-ID: <52680585.8080809@bbn.com>
Date: Wed, 23 Oct 2013 13:21:09 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: perpass@ietf.org
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com>	<CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com>	<CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com>	<52668970.4080500@bbn.com>	<CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com>	<5266ECF2.5020901@bbn.com>	<CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com>	<6.2.5.6.2.20131022224559.0db01bc8@resistor.net>	<52677899.5000203@gmx.net>	<CAB5WduAnprne+yJdXPAXVihu=5oCZTuTWDyLV8HHRif9jbSnCQ@mail.gmail.com>	<alpine.LFD.2.10.1310231115100.7047@bofh.nohats.ca> <CAB5WduA7iAyqOeiMAkiRoHg=AT3D0WEZap_X+H4iVkVauSRy9g@mail.gmail.com>
In-Reply-To: <CAB5WduA7iAyqOeiMAkiRoHg=AT3D0WEZap_X+H4iVkVauSRy9g@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 17:21:28 -0000

DataPacRat,
> ...
> I think I see a differing assumption between DANE and RPKI, and the
> model I'm using. Both of those security systems seem to be aimed at
> provably linking a domain name with a particular server, so that when
> you go to 'gmail.com' you're not secretly being redirected to some
> other server which decrypts your private email. But if no domain name
> is involved, neither of those systems applies.
This is not true of the RPKI. The RPKI was developed to support
routing security, not binding public keys to DNS names.

Steve

From dhc@dcrocker.net  Wed Oct 23 10:25:51 2013
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 172AC11E81B3 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 10:25:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.566
X-Spam-Level: 
X-Spam-Status: No, score=-6.566 tagged_above=-999 required=5 tests=[AWL=0.033,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8rK5-FqpgYKy for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 10:25:46 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id B51CE11E8176 for <perpass@ietf.org>; Wed, 23 Oct 2013 10:25:45 -0700 (PDT)
Received: from [172.16.22.13] ([207.253.19.196]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r9NHPdSs024762 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 23 Oct 2013 10:25:43 -0700
Message-ID: <5268068B.2000000@dcrocker.net>
Date: Wed, 23 Oct 2013 13:25:31 -0400
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>, perpass@ietf.org
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>	<5265FB71.1020408@cisco.com>	<526617D2.5060903@gmx.net>	<6.2.5.6.2.20131021232826.0dbc9530@resistor.net>	<5267E076.5010700@bbn.com> <5267F949.2010302@dcrocker.net> <526804FE.5010907@bbn.com>
In-Reply-To: <526804FE.5010907@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Wed, 23 Oct 2013 10:25:43 -0700 (PDT)
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 17:25:51 -0000

On 10/23/2013 1:18 PM, Stephen Kent wrote:
> Dave,
>
> The one NIST standard that has been identified as suspect did not follow
> the open solicitation
> and review processes to which I alluded.


Thanks for the clarification; I had obviously missed that rather basic 
point.

A consequence of having /any/ occurrence of undue influence is that it 
tends to prompt a broader concern about the entire process.  Doesn't 
matter whether it should; it does.  The brand is tainted.

So it would probably be helpful for (re-)establishing trust in the 
typical, open NIST process to formulate some sort of affirmative 
analysis of its quality assurances practices and track-record, with a 
specific eye on its prevention of inappropriate influence.

At one level, it's inherent in saying "open", but the details of actual 
practice -- in particular a track record of aggressive and independent 
multi-participant critical review -- would give flesh to the bones of 
saying "open".

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

From envite@rolamasao.org  Wed Oct 23 11:13:49 2013
Return-Path: <envite@rolamasao.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D43111E8219 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:13:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.562
X-Spam-Level: *
X-Spam-Status: No, score=1.562 tagged_above=-999 required=5 tests=[AWL=0.725,  BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888,  HELO_MISMATCH_ORG=0.611, HOST_EQ_STATIC=1.172]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z0pQnsBRIF+Y for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:13:44 -0700 (PDT)
Received: from rolamasao.org (68.167.216.87.static.jazztel.es [87.216.167.68]) by ietfa.amsl.com (Postfix) with ESMTP id 7276D21F9E80 for <perpass@ietf.org>; Wed, 23 Oct 2013 11:13:42 -0700 (PDT)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by rolamasao.org (Postfix_t) with ESMTPSA id 1413B11EB0 for <perpass@ietf.org>; Wed, 23 Oct 2013 19:13:41 +0100 (WEST)
Message-ID: <526811D1.3000802@rolamasao.org>
Date: Wed, 23 Oct 2013 19:13:37 +0100
From: Noel Torres <envite@rolamasao.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 18:13:49 -0000

Hi all

I think it would be possible, and even easy for the developers, to 
program an extension to SMTP in which servers use OpenPGP among them, 
independently of any TLS/SSL usage.

Why: It helps stopping spam because the receiver server can trust the 
identity of the sender, and it helps avoiding wiretapping.

This idea I have developed does not help with the Government asking the 
mail provider directly for the e-mail contents, but helps with 
eavesdropping and also with spam, as I said.

Are you interested in reading about it?

Regards

Noel Torres
er Envite

From paul@cypherpunks.ca  Wed Oct 23 11:18:15 2013
Return-Path: <paul@cypherpunks.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAE9F11E83E8 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:18:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.582
X-Spam-Level: 
X-Spam-Status: No, score=-2.582 tagged_above=-999 required=5 tests=[AWL=0.017,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWiPFRX-EksI for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:18:09 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id C43BC11E83E4 for <perpass@ietf.org>; Wed, 23 Oct 2013 11:18:07 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3d4fvw0dVfzBd; Wed, 23 Oct 2013 14:18:04 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id v7kM0o9ZZbZ2; Wed, 23 Oct 2013 14:18:03 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Wed, 23 Oct 2013 14:18:03 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 02836807CA; Wed, 23 Oct 2013 14:18:03 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id EA586805BD; Wed, 23 Oct 2013 14:18:03 -0400 (EDT)
Date: Wed, 23 Oct 2013 14:18:03 -0400 (EDT)
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: Noel Torres <envite@rolamasao.org>
In-Reply-To: <526811D1.3000802@rolamasao.org>
Message-ID: <alpine.LFD.2.10.1310231415350.25774@bofh.nohats.ca>
References: <526811D1.3000802@rolamasao.org>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 18:18:15 -0000

On Wed, 23 Oct 2013, Noel Torres wrote:

> I think it would be possible, and even easy for the developers, to program an 
> extension to SMTP in which servers use OpenPGP among them, independently of 
> any TLS/SSL usage.

That's the point of:

http://tools.ietf.org/html/draft-wouters-dane-openpgp-01

It allows the mail client, or MUA, or MTA, to encrypt a message
during transport.

Commenting on the draft in one of the IETF lists (openpgp, dane or here)
would be useful to show support for this moving forward.

A sendmail/postfix milter implementation is planned.

Paul

From dhc@dcrocker.net  Wed Oct 23 11:19:00 2013
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FAB011E8198 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:19:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.569
X-Spam-Level: 
X-Spam-Status: No, score=-6.569 tagged_above=-999 required=5 tests=[AWL=0.030,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sEeYKBxIRZZR for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:18:55 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 7C88111E83E4 for <perpass@ietf.org>; Wed, 23 Oct 2013 11:18:52 -0700 (PDT)
Received: from [172.16.22.13] ([207.253.19.196]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r9NIIlha026183 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 23 Oct 2013 11:18:51 -0700
Message-ID: <52681300.7020701@dcrocker.net>
Date: Wed, 23 Oct 2013 14:18:40 -0400
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Noel Torres <envite@rolamasao.org>, perpass <perpass@ietf.org>
References: <526811D1.3000802@rolamasao.org>
In-Reply-To: <526811D1.3000802@rolamasao.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Wed, 23 Oct 2013 11:18:52 -0700 (PDT)
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 18:19:00 -0000

On 10/23/2013 2:13 PM, Noel Torres wrote:
> I think it would be possible, and even easy for the developers, to
> program an extension to SMTP in which servers use OpenPGP among them,
> independently of any TLS/SSL usage.
>
> Why: It helps stopping spam because the receiver server can trust the
> identity of the sender, and it helps avoiding wiretapping.



Please explain it's superiority over DKIM and SPF and DMARC.

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

From datapacrat@gmail.com  Wed Oct 23 11:25:45 2013
Return-Path: <datapacrat@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A2D811E814F for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:25:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.617
X-Spam-Level: 
X-Spam-Status: No, score=-2.617 tagged_above=-999 required=5 tests=[AWL=-0.017, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pv6HHycUAtpc for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:25:44 -0700 (PDT)
Received: from mail-we0-x22d.google.com (mail-we0-x22d.google.com [IPv6:2a00:1450:400c:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 66B4611E8126 for <perpass@ietf.org>; Wed, 23 Oct 2013 11:25:44 -0700 (PDT)
Received: by mail-we0-f173.google.com with SMTP id u57so1223937wes.4 for <perpass@ietf.org>; Wed, 23 Oct 2013 11:25:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=S9je65dL2oUP0KCbYmpYDbrWmpFYDg0FtN65oaWDsRY=; b=MCeUg30J5cxSwBGh5VxQrpStZLc2r1xH2VqIrspUCmJyvU/Ql9OynTfWUrVmBNqpCG vArHvgybu3HMGukrDSilMoX/d5VQEiMHe9EbziMkeLJySOiWQ4zhVExuboiQRbz9pC1R 6ppo31SxN/H4uAfZ22XPKmhQcL8+X2VE33VsQxn/1x3T3C+uiIF297/FO/V9DpL7BEYZ b1gaCq2Qf4PhBNX0T4aHmN+1vCQ80uxXVscfT67hpoLb5t0UWwNq/We5TByrvsRoTo+F 9AJFsYsPbKrIBqpbMYLYMeGAF1spv4Z79jt9o5InV3wOn9SaD5WQqhHD7jMkm69hwe4y VYrQ==
MIME-Version: 1.0
X-Received: by 10.194.2.108 with SMTP id 12mr2879412wjt.64.1382552737106; Wed, 23 Oct 2013 11:25:37 -0700 (PDT)
Received: by 10.194.165.170 with HTTP; Wed, 23 Oct 2013 11:25:37 -0700 (PDT)
In-Reply-To: <52680585.8080809@bbn.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <52668970.4080500@bbn.com> <CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com> <5266ECF2.5020901@bbn.com> <CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com> <6.2.5.6.2.20131022224559.0db01bc8@resistor.net> <52677899.5000203@gmx.net> <CAB5WduAnprne+yJdXPAXVihu=5oCZTuTWDyLV8HHRif9jbSnCQ@mail.gmail.com> <alpine.LFD.2.10.1310231115100.7047@bofh.nohats.ca> <CAB5WduA7iAyqOeiMAkiRoHg=AT3D0WEZap_X+H4iVkVauSRy9g@mail.gmail.com> <52680585.8080809@bbn.com>
Date: Wed, 23 Oct 2013 14:25:37 -0400
Message-ID: <CAB5WduAHxBkwV-Tqi8xES_ehfmFasHD+7yYGBfkad4WJs8YxLA@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 18:25:45 -0000

On Wed, Oct 23, 2013 at 1:21 PM, Stephen Kent <kent@bbn.com> wrote:
> DataPacRat,

>> I think I see a differing assumption between DANE and RPKI, and the
>> model I'm using. Both of those security systems seem to be aimed at
>> provably linking a domain name with a particular server, so that when
>> you go to 'gmail.com' you're not secretly being redirected to some
>> other server which decrypts your private email. But if no domain name
>> is involved, neither of those systems applies.
>
> This is not true of the RPKI. The RPKI was developed to support
> routing security, not binding public keys to DNS names.

My mistake; my apologies.



Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."

From jmg@h2.funkthat.com  Wed Oct 23 11:28:19 2013
Return-Path: <jmg@h2.funkthat.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74D5611E8208 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:28:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KqyRBFl04-YA for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:28:14 -0700 (PDT)
Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) by ietfa.amsl.com (Postfix) with ESMTP id 97D6F11E8198 for <perpass@ietf.org>; Wed, 23 Oct 2013 11:28:08 -0700 (PDT)
Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id r9NIS4RA093785 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <perpass@ietf.org>; Wed, 23 Oct 2013 11:28:05 -0700 (PDT) (envelope-from jmg@h2.funkthat.com)
Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id r9NIS4kc093784 for perpass@ietf.org; Wed, 23 Oct 2013 11:28:04 -0700 (PDT) (envelope-from jmg)
Date: Wed, 23 Oct 2013 11:28:04 -0700
From: John-Mark Gurney <jmg@funkthat.com>
To: perpass <perpass@ietf.org>
Message-ID: <20131023182804.GH56872@funkthat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.3i
X-Operating-System: FreeBSD 7.2-RELEASE i386
X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88  9322 9CB1 8F74 6D3F A396
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html
X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger?
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Wed, 23 Oct 2013 11:28:05 -0700 (PDT)
Subject: [perpass] perpass list email not sent encrypted...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 18:28:19 -0000

Is it just me, or is it funny that we are talking about securing the
inet, yet the ietf apparently doesn't do STARTTLS when sending email?
and hence the perpass email list is sent out unencrypted...

Guess I'll drop a note to postmaster@ietf.com.

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

From ned+perpass@mrochek.com  Wed Oct 23 11:29:16 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB1E411E814F for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:29:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.739
X-Spam-Level: 
X-Spam-Status: No, score=-1.739 tagged_above=-999 required=5 tests=[AWL=0.261,  BAYES_00=-2.599, J_CHICKENPOX_52=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7fevuIvM7JgC for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:29:12 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id A0A2711E8145 for <perpass@ietf.org>; Wed, 23 Oct 2013 11:29:12 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZX6PCMCWG0076WI@mauve.mrochek.com> for perpass@ietf.org; Wed, 23 Oct 2013 11:24:11 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZQXEDTQ3400004R@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Wed, 23 Oct 2013 11:24:06 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01OZX6PAAIZS00004R@mauve.mrochek.com>
Date: Wed, 23 Oct 2013 10:49:35 -0700 (PDT)
In-reply-to: "Your message dated Wed, 16 Oct 2013 15:46:24 +0100" <525EA6C0.2040708@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie> <525EA275.5020107@bbn.com> <525EA6C0.2040708@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 18:29:16 -0000

> On 10/16/2013 03:28 PM, Stephen Kent wrote:
> > Stephen,
> >
> > Just commenting on one of your comments ...
> >> ...
> >>> What is this "cleartext IMAP" of which you speak?
> >> I guess that's a fair comment - we don't know that they're
> >> able gather to inbox data via IMAP due to it being sent in
> >> clear,  however that seems like a reasonable guess based
> >> on the newspaper story which says that collection is done
> >> by telcos that are "overseas" and assuming that TLS is not
> >> busted for these services.
> > Based only on the story that you cited, and your observation about
> > telcos being the sources of the info, might it be the case that the
> > telcos were also the mail providers? I'm not sure how to interpret
> > the slides the the cite story included. That sort of explanation
> > would be consistent with Ned's observations about commercial provider
> > use of SSL to protect IMAP/POP access.

> That could be but I guess we're not likely to be told;-)

> I did take a peek to see if I could figure out if there're
> lots of services running on 143 without STARTTLS but haven't
> found anything that answers that question. I did find
> this [1] (no idea how accurate though) which says their
> survey found 4.7M listeners on 143, but there's no info
> about how many have a usable STARTTLS config.

But more to the point, the same study found 3.9M listeners on port 993. And
these days most clients try 993 first and only then fall back to port 143.
Assuming that everyone offering port 993 also offers 143, this would indicate
that at least 83% of IMAP servers out there are capable of being used in a
secure fashion. Which I have to say is a lot better than I expected.

But as I indicated previously, when it comes to addressing pervasive
surveilance of large numbers of users, even if we restrict ourselves to the
IMAP space this sort of survey is completely meaningless because if fails to
take the number of users on a server into account. My home server, with its
whopping total of 3 IMAP users is almost certainly on that list under two IPs,
and so is another server I know of, also under just two IPs, that hosts around
100 million users.

According to The Radicati Group, the ISP/MSP space is dominated by software
produced by folks like Critical Path (Intermail), Openwave Messaging, and yes,
Oracle (Oracle CMES). Now take a look at where these products rank on the
list you cite.

Like it or not, the email world is hugely lopsided and getting even more so as
an increasing number of small ISPs and enterprises migrate to hosted
solutions in the cloud. This growing concentration is both a curse and a
blessing: On the one hand, it means that a single exposure, like the fact that
Yahoo's webmail doesn't offer SSL/TLS even as an option (and is almost
certainly a major source of the information collection we're talking about
here). But on the other hand, when Yahoo implements SSL/TLS on their web mail,
as they have now said they are going to do in 2014, a major exposure will be
blocked.

Now think what a benefit it would be if SMTP traffic between Gmail, Apple, and
Yahoo was all done over encrypted links.

> With that
> number of services, I guess collecting O(10^5) "inboxes"
> per day in plaintext could be credible, but who knows.

That number is credible coming just from Yahoo web mail, which we know is wide
open and which we know they were collecting because it's referenced directly on
the slides. You *really* need to start thinking on a larger scale here.

Some additional information about the state of web mail showed up in
SANS Newsbites the other day:

  --Yahoo Webmail Gets Default SSL Protection in January
  (October 14, 2013)
  Yahoo has announced that starting on January 8, 2014, all Yahoo mail
  will be protected by SSL by default. Microsoft has offered optional SSL
  protection since 2010 and it has been default for Microsoft webmail
  since July 2012. Facebook implemented SSL for all connections several
  months ago; it has been an option since 2011. Twitter offered it as an
  option at the beginning on 2011 and made it default by August of that
  year. Google has had SSL on by default since 2010, an option since 2008.
  Yahoo began offering the option of SSL encryption earlier this year.
  http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/14/yahoo-to-make-ssl-encryption-the-default-for-webmail-users-finally/
  http://news.cnet.com/8301-1009_3-57607486-83/yahoo-mail-finally-turns-on-ssl/
  http://www.theregister.co.uk/2013/10/15/yahoo_mail_encryption_by_default_in_2014/

> But, nonetheless I think the question about 3-flavours
> of IMAP and MTI is still worth thinking about.

Not along the lines you seem to be considering.

				Ned

From joe@cdt.org  Wed Oct 23 11:31:20 2013
Return-Path: <joe@cdt.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46D7F11E814F for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:31:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_21=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o5mwWvPaHNz0 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:31:16 -0700 (PDT)
Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id 1CEE111E8126 for <perpass@ietf.org>; Wed, 23 Oct 2013 11:31:16 -0700 (PDT)
X-Footer: Y2R0Lm9yZw==
Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES256-SHA (256 bits)); Wed, 23 Oct 2013 14:31:13 -0400
Message-ID: <526815F0.8020100@cdt.org>
Date: Wed, 23 Oct 2013 14:31:12 -0400
From: Joseph Lorenzo Hall <joe@cdt.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>, perpass <perpass@ietf.org>
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>	<5265FB71.1020408@cisco.com>	<526617D2.5060903@gmx.net>	<6.2.5.6.2.20131021232826.0dbc9530@resistor.net>	<5267E076.5010700@bbn.com>	<21D6C0EE-0C10-4DC9-ADD6-A6CFA212D163@icsi.berkeley.edu> <5267EBEB.5030701@bbn.com>
In-Reply-To: <5267EBEB.5030701@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 18:31:20 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 10/23/13 11:31 AM, Stephen Kent wrote:
> 
> 
> I read Bruces's post at the cited URL. The developers of the alg
> replied:
> 
> That does not seem consistent with "mysteriously changed."

It is consistent... the process from a winning cryptographic algorithm
to NIST FIPS standardization is pretty murky, and if you follow the
hash-forum list at NIST, you'd see a lot of hue and cry about the
reduction in capacity of Keccak. Of course, now that the Keccak team
has weighed in, it appears that the eventual SHA-3 FIPS standard will
include one or more high-security modes.

NIST appears to have learned from this that the standardization
process has to be equally as transparent as the
competition/cryptanalysis process. That's a very good thing.

best, Joe

- -- 
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlJoFfAACgkQwOJtkPJXd/gbPgCeJfMqOD+LE6JyxEiv5T1Pzr3J
sv8AoIKcHCx6Ph3YAdUnYIkGBI0i4Kl0
=Xecl
-----END PGP SIGNATURE-----


From envite@rolamasao.org  Wed Oct 23 11:34:51 2013
Return-Path: <envite@rolamasao.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C59D11E8156 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:34:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.32
X-Spam-Level: *
X-Spam-Status: No, score=1.32 tagged_above=-999 required=5 tests=[AWL=0.483, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_EQ_STATIC=1.172]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IeUImFqeeOM3 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:34:47 -0700 (PDT)
Received: from rolamasao.org (68.167.216.87.static.jazztel.es [87.216.167.68]) by ietfa.amsl.com (Postfix) with ESMTP id 0222711E81E9 for <perpass@ietf.org>; Wed, 23 Oct 2013 11:34:39 -0700 (PDT)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by rolamasao.org (Postfix_t) with ESMTPSA id 1498D11EB0 for <perpass@ietf.org>; Wed, 23 Oct 2013 19:34:31 +0100 (WEST)
Message-ID: <526816B6.4080301@rolamasao.org>
Date: Wed, 23 Oct 2013 19:34:30 +0100
From: Noel Torres <envite@rolamasao.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: perpass@ietf.org
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net>
In-Reply-To: <52681300.7020701@dcrocker.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 18:34:51 -0000

On 23/10/13 19:18, Dave Crocker wrote:
> On 10/23/2013 2:13 PM, Noel Torres wrote:
>> I think it would be possible, and even easy for the developers, to
>> program an extension to SMTP in which servers use OpenPGP among them,
>> independently of any TLS/SSL usage.
>>
>> Why: It helps stopping spam because the receiver server can trust the
>> identity of the sender, and it helps avoiding wiretapping.
>
>
>
> Please explain it's superiority over DKIM and SPF and DMARC.
>
> d/
>
>
Hi Dave

In short, DKIM does not avoid wiretapping on itself, SPF does not, 
either, nor DMARC.

My idea is that server2server communication is signed and ecrypted using 
OpenPGP (which can be done on the fly without great changes to current 
Internet structure). e-mails with bad server signature will be rejected 
before they are transmitted, so we save bandwidth.

Servers will trust other server signatures on a "configured by the 
administrator" basis, so Alice, as Admin of Alice.com, chooses to trust 
Bob.com's key to sign Charles.com key as valid, like in the standard GPG 
Web of Trust. Keys that are not specifically accepted nor signed by a 
trusted party, will cause e-mail to be accepted but marked as 
non-trustable (maybe directly as spam).

I have also developed how it could work on the wire, with a simple 
extension to current SMTP.

Regards

Noel
er Envite

From dhc@dcrocker.net  Wed Oct 23 11:45:36 2013
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A06E511E8223 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:45:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.572
X-Spam-Level: 
X-Spam-Status: No, score=-6.572 tagged_above=-999 required=5 tests=[AWL=0.027,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pkcs-ixzp9wi for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:45:31 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 820BF11E819C for <perpass@ietf.org>; Wed, 23 Oct 2013 11:45:21 -0700 (PDT)
Received: from [172.16.22.13] ([207.253.19.196]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r9NIiD6q026745 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 23 Oct 2013 11:44:17 -0700
Message-ID: <526818F6.9000006@dcrocker.net>
Date: Wed, 23 Oct 2013 14:44:06 -0400
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Noel Torres <envite@rolamasao.org>, perpass@ietf.org
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org>
In-Reply-To: <526816B6.4080301@rolamasao.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Wed, 23 Oct 2013 11:44:17 -0700 (PDT)
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 18:45:36 -0000

On 10/23/2013 2:34 PM, Noel Torres wrote:
> On 23/10/13 19:18, Dave Crocker wrote:
>> On 10/23/2013 2:13 PM, Noel Torres wrote:
>>> I think it would be possible, and even easy for the developers, to
>>> program an extension to SMTP in which servers use OpenPGP among them,
>>> independently of any TLS/SSL usage.
>>>
>>> Why: It helps stopping spam because the receiver server can trust the
>>> identity of the sender, and it helps avoiding wiretapping.
>>
>>
>>
>> Please explain it's superiority over DKIM and SPF and DMARC.
>>
>> d/
>>
>>
> Hi Dave
>
> In short, DKIM does not avoid wiretapping on itself, SPF does not,
> either, nor DMARC.


You cited the benefit you are seeking as trusting who the 'sender' was. 
  That's an authentication/signature task, not a 
confidentiality/encryption task.


d/

ps. the mere fact of authentication does not vet the trustworthiness of 
the validated identity.


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

From envite@rolamasao.org  Wed Oct 23 11:56:45 2013
Return-Path: <envite@rolamasao.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9343C11E820A for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:56:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.199
X-Spam-Level: *
X-Spam-Status: No, score=1.199 tagged_above=-999 required=5 tests=[AWL=0.363,  BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888,  HELO_MISMATCH_ORG=0.611, HOST_EQ_STATIC=1.172]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W+KqdHQ7qRyS for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:56:33 -0700 (PDT)
Received: from rolamasao.org (68.167.216.87.static.jazztel.es [87.216.167.68]) by ietfa.amsl.com (Postfix) with ESMTP id 6BA8E11E8137 for <perpass@ietf.org>; Wed, 23 Oct 2013 11:56:28 -0700 (PDT)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by rolamasao.org (Postfix_t) with ESMTPSA id 4FCB311EB0 for <perpass@ietf.org>; Wed, 23 Oct 2013 19:56:27 +0100 (WEST)
Message-ID: <52681BDB.9050002@rolamasao.org>
Date: Wed, 23 Oct 2013 19:56:27 +0100
From: Noel Torres <envite@rolamasao.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: perpass@ietf.org
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net>
In-Reply-To: <526818F6.9000006@dcrocker.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 18:56:46 -0000

On 23/10/13 19:44, Dave Crocker wrote:
[...]
 >
 > You cited the benefit you are seeking as trusting who the 'sender' was.
 >   That's an authentication/signature task, not a
 > confidentiality/encryption task.
 >
Hi Dave

I said that my idea would achieve both authentication and confidentiality.
 >
 > d/
 >
 > ps. the mere fact of authentication does not vet the trustworthiness of
 > the validated identity.
 >
It depends on the configuration and contents of the Web of Trust.

Regards

Noel
er Envite

From fenton@bluepopcorn.net  Wed Oct 23 12:09:53 2013
Return-Path: <fenton@bluepopcorn.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92D3911E81DF for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 12:09:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id prf92FI62fZ1 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 12:09:52 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) by ietfa.amsl.com (Postfix) with ESMTP id 6782C11E8353 for <perpass@ietf.org>; Wed, 23 Oct 2013 12:09:48 -0700 (PDT)
Received: from splunge.local (c-50-136-244-117.hsd1.ca.comcast.net [50.136.244.117]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.3/8.14.3/Debian-9.4) with ESMTP id r9NJ8sOv030240 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <perpass@ietf.org>; Wed, 23 Oct 2013 12:08:55 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1382555335; bh=qBWDdC3vhGn2t/dYujWoYwACfnXMq8EkY/S7V6ky+kA=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=KHvXnmTZ/Ml0NFYrH90xfUD/nM8uxARIFHKsxHLYzSn1lvWvW5NVZGP17pPXFCl2T ek2Q0SAxC0aSpDvyyWvCV8J9bo5n5MALDJv9aoxdEatxUAvg6POSXWdGKB2vmBCgbE MVoLtL42jG/G4/yEZ5eBeUPZ1fIgYQ+C9c6v6v1o=
Message-ID: <52681EF6.2030801@bluepopcorn.net>
Date: Wed, 23 Oct 2013 12:09:42 -0700
From: Jim Fenton <fenton@bluepopcorn.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: perpass@ietf.org
References: <20131023182804.GH56872@funkthat.com>
In-Reply-To: <20131023182804.GH56872@funkthat.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] perpass list email not sent encrypted...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 19:09:53 -0000

On 10/23/13 11:28 AM, John-Mark Gurney wrote:
> Is it just me, or is it funny that we are talking about securing the
> inet, yet the ietf apparently doesn't do STARTTLS when sending email?
> and hence the perpass email list is sent out unencrypted...
>
> Guess I'll drop a note to postmaster@ietf.com.
>
It's not just you.  IETF SHOULD be using STARTTLS for email, not
particularly for this or other mailing lists (where attackers could just
read the archives, anyway) but because it's the Right Thing To Do.

-Jim

From jmg@h2.funkthat.com  Wed Oct 23 12:14:02 2013
Return-Path: <jmg@h2.funkthat.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64E0211E8218 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 12:14:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GPI9ixFGFPV8 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 12:13:53 -0700 (PDT)
Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) by ietfa.amsl.com (Postfix) with ESMTP id 5C5BE11E820A for <perpass@ietf.org>; Wed, 23 Oct 2013 12:13:52 -0700 (PDT)
Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id r9NJDpFW094732 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 23 Oct 2013 12:13:51 -0700 (PDT) (envelope-from jmg@h2.funkthat.com)
Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id r9NJDpZa094731; Wed, 23 Oct 2013 12:13:51 -0700 (PDT) (envelope-from jmg)
Date: Wed, 23 Oct 2013 12:13:51 -0700
From: John-Mark Gurney <jmg@funkthat.com>
To: Noel Torres <envite@rolamasao.org>
Message-ID: <20131023191350.GA94140@funkthat.com>
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <526816B6.4080301@rolamasao.org>
User-Agent: Mutt/1.4.2.3i
X-Operating-System: FreeBSD 7.2-RELEASE i386
X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88  9322 9CB1 8F74 6D3F A396
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html
X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger?
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Wed, 23 Oct 2013 12:13:51 -0700 (PDT)
Cc: perpass@ietf.org
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 19:14:02 -0000

Noel Torres wrote this message on Wed, Oct 23, 2013 at 19:34 +0100:
> On 23/10/13 19:18, Dave Crocker wrote:
> >On 10/23/2013 2:13 PM, Noel Torres wrote:
> >>I think it would be possible, and even easy for the developers, to
> >>program an extension to SMTP in which servers use OpenPGP among them,
> >>independently of any TLS/SSL usage.
> >>
> >>Why: It helps stopping spam because the receiver server can trust the
> >>identity of the sender, and it helps avoiding wiretapping.
> >
> >
> >
> >Please explain it's superiority over DKIM and SPF and DMARC.
> >
> >d/
> >
> >
> Hi Dave
> 
> In short, DKIM does not avoid wiretapping on itself, SPF does not, 
> either, nor DMARC.

Except that we already have STARTTLS... How is this better than
DKIM/SPF/DMARC and STARTTLS?

And don't say it means that spam will be encrypted, because you (and the
spammer) don't care about encryption of a spam message, and any real
email (w/ a valid DKIM, etc) will be sent wrapped in STARTTLS...

And the advantage of STARTTLS is that it only now needs simple
configuration as opposed to having to install a new milter and gpg,
etc...

This doesn't prevent MITM attacks, but w/ DNSSEC + DANE, it could be
addressed...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

From mcr@sandelman.ca  Wed Oct 23 11:24:10 2013
Return-Path: <mcr@sandelman.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9CEE11E814F for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:24:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.34
X-Spam-Level: 
X-Spam-Status: No, score=-2.34 tagged_above=-999 required=5 tests=[AWL=0.260,  BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vue55HBc3LMv for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 11:24:10 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3::184]) by ietfa.amsl.com (Postfix) with ESMTP id 2717211E8126 for <perpass@ietf.org>; Wed, 23 Oct 2013 11:24:10 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 40A8420186; Wed, 23 Oct 2013 15:35:02 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: Noel Torres <envite@rolamasao.org>
In-Reply-To: <526811D1.3000802@rolamasao.org>
References: <526811D1.3000802@rolamasao.org>
X-Mailer: MH-E 8.2; nmh 1.5; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
Date: Wed, 23 Oct 2013 14:24:07 -0400
Message-ID: <18047.1382552647@obiwan.sandelman.ca>
X-Mailman-Approved-At: Wed, 23 Oct 2013 12:16:45 -0700
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 18:24:10 -0000

Noel Torres <envite@rolamasao.org> wrote:
    > I think it would be possible, and even easy for the developers, to program an
    > extension to SMTP in which servers use OpenPGP among them, independently of
    > any TLS/SSL usage.

    > Why: It helps stopping spam because the receiver server can trust the
    > identity of the sender, and it helps avoiding wiretapping.

No, it doesn't, because you are assuming some kind of trust model which does
not exist.

DKIM can already sign emails, and it's the signing that adds trust for the
sender.

There have been PGP encrypting sendmail plugins for years (decades?)... the
problem is finding and trusting the keys.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [ 
	

From stephen.farrell@cs.tcd.ie  Wed Oct 23 12:36:02 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 668D811E820A for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 12:36:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Japd6GetLycQ for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 12:35:52 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 63B5D11E8236 for <perpass@ietf.org>; Wed, 23 Oct 2013 12:35:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 0EAE9BE57; Wed, 23 Oct 2013 20:35:51 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5QgJvG5tUEJx; Wed, 23 Oct 2013 20:35:49 +0100 (IST)
Received: from [10.87.48.13] (unknown [86.41.61.48]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 6593EBE55; Wed, 23 Oct 2013 20:35:49 +0100 (IST)
Message-ID: <52682514.4070609@cs.tcd.ie>
Date: Wed, 23 Oct 2013 20:35:48 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Jim Fenton <fenton@bluepopcorn.net>, perpass@ietf.org
References: <20131023182804.GH56872@funkthat.com> <52681EF6.2030801@bluepopcorn.net>
In-Reply-To: <52681EF6.2030801@bluepopcorn.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] perpass list email not sent encrypted...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 19:36:02 -0000

On 10/23/2013 08:09 PM, Jim Fenton wrote:
> On 10/23/13 11:28 AM, John-Mark Gurney wrote:
>> Is it just me, or is it funny that we are talking about securing the
>> inet, yet the ietf apparently doesn't do STARTTLS when sending email?
>> and hence the perpass email list is sent out unencrypted...
>>
>> Guess I'll drop a note to postmaster@ietf.com.
>>
> It's not just you.  IETF SHOULD be using STARTTLS for email, not
> particularly for this or other mailing lists (where attackers could just
> read the archives, anyway) but because it's the Right Thing To Do.

That was discussed in the DANE meeting in Berlin and
there's a plan for eating our own dogfood, but I'm
not sure where its at. Will check.

S.

> 
> -Jim
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 

From doug.mtview@gmail.com  Wed Oct 23 12:47:27 2013
Return-Path: <doug.mtview@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5CC511E83D4 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 12:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.51
X-Spam-Level: 
X-Spam-Status: No, score=-2.51 tagged_above=-999 required=5 tests=[AWL=0.089,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kz2As+TgJywe for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 12:47:27 -0700 (PDT)
Received: from mail-pb0-x229.google.com (mail-pb0-x229.google.com [IPv6:2607:f8b0:400e:c01::229]) by ietfa.amsl.com (Postfix) with ESMTP id 62A8111E83D1 for <perpass@ietf.org>; Wed, 23 Oct 2013 12:47:24 -0700 (PDT)
Received: by mail-pb0-f41.google.com with SMTP id rp16so1454080pbb.0 for <perpass@ietf.org>; Wed, 23 Oct 2013 12:47:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=uQjGkCtmw+p4iWNKtCX2oEZmA86R5plG7zdConrcOqs=; b=azmZC2FOAPXcfnvipzNoAlDQ8wf+ywG5/JpnU6h7KabFhl3wdVTlVc3bkhDo9o4fjm JFMtZ4sibtWW3UI+PuYELyF9RPeY92GkrV2ms4nhzQGj1ipY3uKcFvqJJZMfs11jaY0x s6H5MJ+b7IME1F3ARdzCpLikUmc5ZisuiEUlhHsMNKF4t2X2koUBf+vXBXqWEJSe2YlY RNps4vpy8cb3jybT+6CzTV8hohv248fRUTckmQoyJX/pJG9HF2NsII9/RjzYBUnNH4fU y7vbrHebQ5isazEjoBKqT0zLlSjKZ0F6fY9c5/LracqsFKI2YoQmX7ITyn8pUrfP1IlA wb/Q==
X-Received: by 10.66.251.1 with SMTP id zg1mr4877343pac.160.1382557644230; Wed, 23 Oct 2013 12:47:24 -0700 (PDT)
Received: from [192.168.2.116] (c-24-6-103-174.hsd1.ca.comcast.net. [24.6.103.174]) by mx.google.com with ESMTPSA id q4sm6360607pba.12.2013.10.23.12.47.22 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 23 Oct 2013 12:47:23 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1816\))
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <526818F6.9000006@dcrocker.net>
Date: Wed, 23 Oct 2013 12:47:21 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com>
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net>
To: Dave Crocker <dcrocker@bbiw.net>
X-Mailer: Apple Mail (2.1816)
Cc: Noel Torres <envite@rolamasao.org>, perpass@ietf.org
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 19:47:27 -0000

On Oct 23, 2013, at 11:44 AM, Dave Crocker <dhc@dcrocker.net> wrote:

> On 10/23/2013 2:34 PM, Noel Torres wrote:
>> On 23/10/13 19:18, Dave Crocker wrote:
>>> On 10/23/2013 2:13 PM, Noel Torres wrote:
>>>> I think it would be possible, and even easy for the developers, to
>>>> program an extension to SMTP in which servers use OpenPGP among =
them,
>>>> independently of any TLS/SSL usage.
>>>>=20
>>>> Why: It helps stopping spam because the receiver server can trust =
the
>>>> identity of the sender, and it helps avoiding wiretapping.
>>>=20
>>> Please explain it's superiority over DKIM and SPF and DMARC.
>>>=20
>>> d/
>>>=20
>> Hi Dave
>>=20
>> In short, DKIM does not avoid wiretapping on itself, SPF does not,
>> either, nor DMARC.
>=20
> You cited the benefit you are seeking as trusting who the 'sender' =
was.  That's an authentication/signature task, not a =
confidentiality/encryption task.
>=20
> d/
>=20
> ps. the mere fact of authentication does not vet the trustworthiness =
of the validated identity.

Dear Dave,

As you know, DKIM can not authenticate the sender.  DKIM authenticates =
some unseen domain signed a portion of the message.  DKIM does not =
confirm the signing domain intended to send the message to the recipient =
either.  Nor does DKIM ensure valid message structure where acceptance =
on the basis of trusted DKIM signatures can be hazardous, contrary to =
the process described in the DKIM deployment RFC.  In addition, because =
DKIM can not authenticate the sender, it can never abate email abuse =
either, nor was that ever described as a supported feature.

StartTLS is not affected by message structure and indicates the intended =
recipient as well as identifying an accountable sender. StartTLS offers =
a safe basis for trust, reputation, and acceptance.  DKIM in conjunction =
with DMARC has very limited applicability and only prevents =46rom =
header field spoofing but even then allows click-able links to be =
injected into a spoofed Subject header field.

Regards,
Douglas Otis

ps. DKIM authentication does not vet the message nor the trustworthiness =
of the signing domain.  DKIM does not validate any identity either.



From jmg@h2.funkthat.com  Wed Oct 23 13:02:47 2013
Return-Path: <jmg@h2.funkthat.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A70B411E83A6 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 13:02:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WniIXfpT11Bd for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 13:02:34 -0700 (PDT)
Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) by ietfa.amsl.com (Postfix) with ESMTP id D05BC11E83B4 for <perpass@ietf.org>; Wed, 23 Oct 2013 13:02:33 -0700 (PDT)
Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id r9NK2S56095465 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 23 Oct 2013 13:02:28 -0700 (PDT) (envelope-from jmg@h2.funkthat.com)
Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id r9NK2RgS095464; Wed, 23 Oct 2013 13:02:27 -0700 (PDT) (envelope-from jmg)
Date: Wed, 23 Oct 2013 13:02:27 -0700
From: John-Mark Gurney <jmg@funkthat.com>
To: Douglas Otis <doug.mtview@gmail.com>
Message-ID: <20131023200227.GB94140@funkthat.com>
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com>
User-Agent: Mutt/1.4.2.3i
X-Operating-System: FreeBSD 7.2-RELEASE i386
X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88  9322 9CB1 8F74 6D3F A396
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html
X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger?
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Wed, 23 Oct 2013 13:02:28 -0700 (PDT)
Cc: Noel Torres <envite@rolamasao.org>, Dave Crocker <dcrocker@bbiw.net>, perpass@ietf.org
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 20:02:48 -0000

Douglas Otis wrote this message on Wed, Oct 23, 2013 at 12:47 -0700:
> On Oct 23, 2013, at 11:44 AM, Dave Crocker <dhc@dcrocker.net> wrote:
> 
> > On 10/23/2013 2:34 PM, Noel Torres wrote:
> >> On 23/10/13 19:18, Dave Crocker wrote:
> >>> On 10/23/2013 2:13 PM, Noel Torres wrote:
> >>>> I think it would be possible, and even easy for the developers, to
> >>>> program an extension to SMTP in which servers use OpenPGP among them,
> >>>> independently of any TLS/SSL usage.
> >>>> 
> >>>> Why: It helps stopping spam because the receiver server can trust the
> >>>> identity of the sender, and it helps avoiding wiretapping.
> >>> 
> >>> Please explain it's superiority over DKIM and SPF and DMARC.
> >>> 
> >>> d/
> >>> 
> >> Hi Dave
> >> 
> >> In short, DKIM does not avoid wiretapping on itself, SPF does not,
> >> either, nor DMARC.
> > 
> > You cited the benefit you are seeking as trusting who the 'sender' was.  That's an authentication/signature task, not a confidentiality/encryption task.
> > 
> > d/
> > 
> > ps. the mere fact of authentication does not vet the trustworthiness of the validated identity.
> 
> Dear Dave,
> 
> As you know, DKIM can not authenticate the sender.  DKIM authenticates some unseen domain signed a portion of the message.  DKIM does not confirm the signing domain intended to send the message to the recipient either.  Nor does DKIM ensure valid message structure where acceptance on the basis of trusted DKIM signatures can be hazardous, contrary to the process described in the DKIM deployment RFC.  In addition, because DKIM can not authenticate the sender, it can never abate email abuse either, nor was that ever described as a supported feature.

What is your definition of sender?  The sender can be many different
entities in this context.. I can be the relay, it could be the domain's
email server or it could be the end user...

>From my understanding, DKIM is basicly a statement from a responsible
domain, that I have done my best to validate that this is a legitimate
email and I don't relay for untrusted people, etc...

> StartTLS is not affected by message structure and indicates the intended recipient as well as identifying an accountable sender. StartTLS offers a safe basis for trust, reputation, and acceptance.  DKIM in conjunction with DMARC has very limited applicability and only prevents From header field spoofing but even then allows click-able links to be injected into a spoofed Subject header field.

Maybe I'm missing something, but I'm not sure how STARTTLS (plus presuably
w/ DANE) can authenticate that the client is the sender?  I might be
missing the RFC/standard/etc. that allows server to auth the client cert..

In most cases I've seen, it's only the client/relay authenticating server..

> ps. DKIM authentication does not vet the message nor the trustworthiness of the signing domain.  DKIM does not validate any identity either.

As far as my understanding, nor does STARTTLS...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

From dhc@dcrocker.net  Wed Oct 23 13:07:04 2013
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BEA011E827E for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 13:07:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.574
X-Spam-Level: 
X-Spam-Status: No, score=-6.574 tagged_above=-999 required=5 tests=[AWL=0.025,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ES9MFQ-r4PpL for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 13:06:48 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id E1E5F11E8196 for <perpass@ietf.org>; Wed, 23 Oct 2013 13:06:41 -0700 (PDT)
Received: from [172.16.22.13] ([207.253.19.196]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r9NK6OfE028665 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 23 Oct 2013 13:06:28 -0700
Message-ID: <52682C39.9050202@dcrocker.net>
Date: Wed, 23 Oct 2013 16:06:17 -0400
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: John-Mark Gurney <jmg@funkthat.com>
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net>	<526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net>	<7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com>
In-Reply-To: <20131023200227.GB94140@funkthat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Wed, 23 Oct 2013 13:06:28 -0700 (PDT)
Cc: Noel Torres <envite@rolamasao.org>, perpass@ietf.org
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 20:07:04 -0000

On 10/23/2013 4:02 PM, John-Mark Gurney wrote:
> What is your definition of sender?  The sender can be many different
> entities in this context.. I can be the relay, it could be the domain's
> email server or it could be the end user...


Please terminate this sub-thread.  It has many years of wasted history 
on many mailing lists.

Really.  The script this thread will follow has been run so many times, 
the pages are tattered.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

From hallam@gmail.com  Wed Oct 23 13:50:04 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF22511E820D for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 13:50:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.451
X-Spam-Level: 
X-Spam-Status: No, score=-2.451 tagged_above=-999 required=5 tests=[AWL=0.148,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQLqrcmsq8oQ for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 13:50:04 -0700 (PDT)
Received: from mail-lb0-x229.google.com (mail-lb0-x229.google.com [IPv6:2a00:1450:4010:c04::229]) by ietfa.amsl.com (Postfix) with ESMTP id EF18811E8237 for <perpass@ietf.org>; Wed, 23 Oct 2013 13:49:57 -0700 (PDT)
Received: by mail-lb0-f169.google.com with SMTP id o14so1192637lbi.14 for <perpass@ietf.org>; Wed, 23 Oct 2013 13:49:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=zaupDeQvvp19nqYAehsuIJ2FyAjTjJbA/uLLR/6vXoY=; b=PXJoTdv1IxzYHjlUMdrYOgChtR5MoZEdrOhqFw2ZWO1Y1V7tI7fdzj9C1mrAOGZKJ2 Kd/Ftaa22KDPs/WmhA7LzbvMFu9T/1gPZpgSTd8dhoWa+alLClxzcfxEv8Vxx7hERTNg P6JyPbM2plMWJymCpotTfLVBw/fWtZXUpUu7OUx6/TSZ3GQd3Ic2U3j3cy31LWRh0YmK tpyZb4YeztlFSPbfJNvj+CEa1Nt58cm+JqJsG2GbXEmQNz/9Jmx496bJyg/7WtdyWCI6 vr2rlaDk8pmeR1dNk+hSghdZYBVF9zKNLdAsRkSonXQ4BZWlXWCkZsQr/N1wRVEDVdvZ QGKg==
MIME-Version: 1.0
X-Received: by 10.112.138.164 with SMTP id qr4mr124735lbb.49.1382561396368; Wed, 23 Oct 2013 13:49:56 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Wed, 23 Oct 2013 13:49:56 -0700 (PDT)
In-Reply-To: <CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com>
References: <CAMm+LwhRq6S8dO+ihYVfNOe8GYZtSfwW8+CCdWgkaJVQ9kfBCg@mail.gmail.com>
Date: Wed, 23 Oct 2013 16:49:56 -0400
Message-ID: <CAMm+LwityMPqov38t=HEbHZN7zDMj5y8FAnvK7s+dS0gh4_76Q@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: perpass <perpass@ietf.org>
Content-Type: multipart/alternative; boundary=089e0118293ae92a4104e96ea8c5
Subject: Re: [perpass] NSA inspired PKIX limitations?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 20:50:04 -0000

--089e0118293ae92a4104e96ea8c5
Content-Type: text/plain; charset=ISO-8859-1

Just to clarify, I was not suggesting that anyone in the WG is an NSA mole.

The model I had in mind was more one where someone on the classified side
decides that a certain proposal would close a zero day vulnerability that
they plan to exploit. A plausible argument is then constructed as to why
this would be a bad idea and this is farmed out to people who cross the
internal/external line without an explanation as to why.

If you read Sun Tsu, this is the bit about the unknowing spy.


My point was that I think we have to be a lot more careful about arguments
that end up leaving the Internet insecure.

--089e0118293ae92a4104e96ea8c5
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Just to clarify, I was not suggesting that anyone in the W=
G is an NSA mole.<div><br></div><div>The model I had in mind was more one w=
here someone on the classified side decides that a certain proposal would c=
lose a zero day vulnerability that they plan to exploit. A plausible argume=
nt is then constructed as to why this would be a bad idea and this is farme=
d out to people who cross the internal/external line without an explanation=
 as to why.=A0</div>
<div><br></div><div>If you read Sun Tsu, this is the bit about the unknowin=
g spy.</div><div><br></div><div><br></div><div>My point was that I think we=
 have to be a lot more careful about arguments that end up leaving the Inte=
rnet insecure.=A0</div>
<div><br></div><div><br></div></div>

--089e0118293ae92a4104e96ea8c5--

From doug.mtview@gmail.com  Wed Oct 23 14:06:03 2013
Return-Path: <doug.mtview@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A252111E8122 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 14:06:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.525
X-Spam-Level: 
X-Spam-Status: No, score=-2.525 tagged_above=-999 required=5 tests=[AWL=0.074,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NuHF-RncJnyJ for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 14:06:03 -0700 (PDT)
Received: from mail-pb0-x22e.google.com (mail-pb0-x22e.google.com [IPv6:2607:f8b0:400e:c01::22e]) by ietfa.amsl.com (Postfix) with ESMTP id EB63B11E8261 for <perpass@ietf.org>; Wed, 23 Oct 2013 14:06:02 -0700 (PDT)
Received: by mail-pb0-f46.google.com with SMTP id un1so1534365pbc.19 for <perpass@ietf.org>; Wed, 23 Oct 2013 14:06:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=UsJL/SXgHi4tG0oejga/FmgDgn03AFUEy7cjSwTRDhs=; b=sJJ4/d7uxZ2rRqQjDIGokSOMY1oj8VDkBCdcDlU6UCrM+shVmf6+UXTAYWjhaZZ7Nd duziXGgQ8k1Qffei7W33UzKFciin992ICSUVb2zuQXBTx50C4iZLzy9n5Jrk2ySI52yw 1wln1JWrGLGpbBn6+VbwqCnJ+Q48ykGF4fhozaJPMmbrXs1/9zkxAd6y7MW1wUp+4lqS J6y9OA9Xw05btyjCMno1vKVEQxdrjL51fCDw1zm8KRu/IUG5RT2boo9Zktj9hboib6Q1 558zzoEN6up3mry2ocAA6YxSz6vhnTDtOqwpUyQM3bHP4R7NytfGGnGyqbF4vrg27nm7 2ikQ==
X-Received: by 10.68.36.10 with SMTP id m10mr3597984pbj.158.1382562362611; Wed, 23 Oct 2013 14:06:02 -0700 (PDT)
Received: from [192.168.2.116] (c-24-6-103-174.hsd1.ca.comcast.net. [24.6.103.174]) by mx.google.com with ESMTPSA id xn12sm43567543pac.12.2013.10.23.14.06.00 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 23 Oct 2013 14:06:01 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1816\))
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <20131023200227.GB94140@funkthat.com>
Date: Wed, 23 Oct 2013 14:05:59 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com>
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com>
To: John-Mark Gurney <jmg@funkthat.com>
X-Mailer: Apple Mail (2.1816)
Cc: Noel Torres <envite@rolamasao.org>, Dave Crocker <dcrocker@bbiw.net>, perpass@ietf.org
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 21:06:03 -0000

Dear John-Mark,

Good Questions.  See brief comments inline.

On Oct 23, 2013, at 1:02 PM, John-Mark Gurney <jmg@funkthat.com> wrote:

> Douglas Otis wrote this message on Wed, Oct 23, 2013 at 12:47 -0700:
>> On Oct 23, 2013, at 11:44 AM, Dave Crocker <dhc@dcrocker.net> wrote:
>>=20
>>> On 10/23/2013 2:34 PM, Noel Torres wrote:
>>>> On 23/10/13 19:18, Dave Crocker wrote:
>>>>> On 10/23/2013 2:13 PM, Noel Torres wrote:
>>>>>> I think it would be possible, and even easy for the developers, =
to
>>>>>> program an extension to SMTP in which servers use OpenPGP among =
them,
>>>>>> independently of any TLS/SSL usage.
>>>>>>=20
>>>>>> Why: It helps stopping spam because the receiver server can trust =
the
>>>>>> identity of the sender, and it helps avoiding wiretapping.
>>>>>=20
>>>>> Please explain it's superiority over DKIM and SPF and DMARC.
>>>>>=20
>>>>> d/
>>>>>=20
>>>> Hi Dave
>>>>=20
>>>> In short, DKIM does not avoid wiretapping on itself, SPF does not,
>>>> either, nor DMARC.
>>>=20
>>> You cited the benefit you are seeking as trusting who the 'sender' =
was.  That's an authentication/signature task, not a =
confidentiality/encryption task.
>>>=20
>>> d/
>>>=20
>>> ps. the mere fact of authentication does not vet the trustworthiness =
of the validated identity.
>>=20
>> Dear Dave,
>>=20
>> As you know, DKIM can not authenticate the sender.  DKIM =
authenticates some unseen domain signed a portion of the message.  DKIM =
does not confirm the signing domain intended to send the message to the =
recipient either.  Nor does DKIM ensure valid message structure where =
acceptance on the basis of trusted DKIM signatures can be hazardous, =
contrary to the process described in the DKIM deployment RFC.  In =
addition, because DKIM can not authenticate the sender, it can never =
abate email abuse either, nor was that ever described as a supported =
feature.
>=20
> What is your definition of sender?  The sender can be many different
> entities in this context.. I can be the relay, it could be the =
domain's
> email server or it could be the end user...

Based on whatever definition used, an entity held accountable for =
sending a message to a recipient not desiring its receipt should be =
authenticated for having actually issued the message to said recipient.  =
DKIM can not do this.  It only indicates an unseen signing domain =
handled the signed portion of the message and nothing more. =20

> =46rom my understanding, DKIM is basicly a statement from a =
responsible
> domain, that I have done my best to validate that this is a legitimate
> email and I don't relay for untrusted people, etc...

Responsible for what?  When the DKIM mechanism fails to ensure elements =
needed to hold domains accountable for unwanted email abusing a =
recipient, it would be unwise to assume the domain is therefore =
responsible.  Any such assumption can be easily poisoned.=20
 =20
>> StartTLS is not affected by message structure and indicates the =
intended recipient as well as identifying an accountable sender. =
StartTLS offers a safe basis for trust, reputation, and acceptance.  =
DKIM in conjunction with DMARC has very limited applicability and only =
prevents =46rom header field spoofing but even then allows click-able =
links to be injected into a spoofed Subject header field.
>=20
> Maybe I'm missing something, but I'm not sure how STARTTLS (plus =
presuably
> w/ DANE) can authenticate that the client is the sender?  I might be
> missing the RFC/standard/etc. that allows server to auth the client =
cert..

Normally the critical aspect when submitting a message is to ensure =
credentials are shared with the intended submission server.  This is =
where StartTLS is normally used, but StartTLS can also exchange client =
certificates.  Since client certificates become essential when accepting =
encrypted email over IPv6, perhaps the presence of a DANE certificate =
located at the MX could automatically signal a paradigm change.

> In most cases I've seen, it's only the client/relay authenticating =
server..

You mean StartTLS verifying the domain of the server requesting client =
credentials?  Then yes.

>> ps. DKIM authentication does not vet the message nor the =
trustworthiness of the signing domain.  DKIM does not validate any =
identity either.
>=20
> As far as my understanding, nor does STARTTLS...

This represents an unused feature that could greatly strengthen and =
protect all forms of email.  Abuse would drop significantly within a new =
paradigm that safely permits the establishment of domain reputations, =
while also enabling services to operate safely from any IP address and =
from any provider.  Not even Reverse DNS has less overhead when DNS =
timeouts are considered.

Regards,
Douglas Otis=

From envite@rolamasao.org  Wed Oct 23 14:21:47 2013
Return-Path: <envite@rolamasao.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B940D11E8285 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 14:21:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.127
X-Spam-Level: *
X-Spam-Status: No, score=1.127 tagged_above=-999 required=5 tests=[AWL=0.290,  BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888,  HELO_MISMATCH_ORG=0.611, HOST_EQ_STATIC=1.172]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G5ifKBfZu4mB for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 14:21:43 -0700 (PDT)
Received: from rolamasao.org (68.167.216.87.static.jazztel.es [87.216.167.68]) by ietfa.amsl.com (Postfix) with ESMTP id 37DAD11E821A for <perpass@ietf.org>; Wed, 23 Oct 2013 14:21:40 -0700 (PDT)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by rolamasao.org (Postfix_t) with ESMTPSA id F189B11F6D for <perpass@ietf.org>; Wed, 23 Oct 2013 22:21:38 +0100 (WEST)
Message-ID: <52683DDF.9030407@rolamasao.org>
Date: Wed, 23 Oct 2013 22:21:35 +0100
From: Noel Torres <envite@rolamasao.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: perpass@ietf.org
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com>
In-Reply-To: <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 21:21:47 -0000

On 23/10/13 22:05, Douglas Otis wrote:
[...]

> This represents an unused feature that could greatly strengthen and protect all forms of email.  Abuse would drop significantly within a new paradigm that safely permits the establishment of domain reputations, while also enabling services to operate safely from any IP address and from any provider.  Not even Reverse DNS has less overhead when DNS timeouts are considered.

Domain reputations are also considered in my idea, but I'm starting to 
think I'm losing time and energy here, since I see only negativity.

Do some of you want to read how do I think it should be implemented?

Them, you can discuss with a basis and not just pre-concepts about other 
methods (STARTTLS/DKIM/whatever)
>
> Regards,
> Douglas Otis
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>

Thanks

Noel
er Envite

From jmg@h2.funkthat.com  Wed Oct 23 14:36:02 2013
Return-Path: <jmg@h2.funkthat.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56C7011E821E for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 14:36:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e8bHdhQyQEGi for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 14:35:57 -0700 (PDT)
Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) by ietfa.amsl.com (Postfix) with ESMTP id 2FC6B11E81EB for <perpass@ietf.org>; Wed, 23 Oct 2013 14:35:57 -0700 (PDT)
Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id r9NLZuOC096752 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 23 Oct 2013 14:35:56 -0700 (PDT) (envelope-from jmg@h2.funkthat.com)
Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id r9NLZt00096751; Wed, 23 Oct 2013 14:35:55 -0700 (PDT) (envelope-from jmg)
Date: Wed, 23 Oct 2013 14:35:55 -0700
From: John-Mark Gurney <jmg@funkthat.com>
To: Noel Torres <envite@rolamasao.org>
Message-ID: <20131023213555.GE94140@funkthat.com>
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com> <52683DDF.9030407@rolamasao.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <52683DDF.9030407@rolamasao.org>
User-Agent: Mutt/1.4.2.3i
X-Operating-System: FreeBSD 7.2-RELEASE i386
X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88  9322 9CB1 8F74 6D3F A396
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html
X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger?
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Wed, 23 Oct 2013 14:35:56 -0700 (PDT)
Cc: perpass@ietf.org
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 21:36:02 -0000

Noel Torres wrote this message on Wed, Oct 23, 2013 at 22:21 +0100:
> On 23/10/13 22:05, Douglas Otis wrote:
> [...]
> 
> >This represents an unused feature that could greatly strengthen and 
> >protect all forms of email.  Abuse would drop significantly within a new 
> >paradigm that safely permits the establishment of domain reputations, 
> >while also enabling services to operate safely from any IP address and 
> >from any provider.  Not even Reverse DNS has less overhead when DNS 
> >timeouts are considered.
> 
> Domain reputations are also considered in my idea, but I'm starting to 
> think I'm losing time and energy here, since I see only negativity.
> 
> Do some of you want to read how do I think it should be implemented?
> 
> Them, you can discuss with a basis and not just pre-concepts about other 
> methods (STARTTLS/DKIM/whatever)

My question is what does your idea bring the isn't already covered by
some combination of STARTTLS/DKIM/SPF/etc?  Assuming small modifications
are made, such as expanding SPF to include the FP of the sender's cert.

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

From envite@rolamasao.org  Wed Oct 23 14:39:34 2013
Return-Path: <envite@rolamasao.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CDF911E825B for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 14:39:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.079
X-Spam-Level: *
X-Spam-Status: No, score=1.079 tagged_above=-999 required=5 tests=[AWL=0.242,  BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888,  HELO_MISMATCH_ORG=0.611, HOST_EQ_STATIC=1.172]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BJKxMxDWrCaP for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 14:39:29 -0700 (PDT)
Received: from rolamasao.org (68.167.216.87.static.jazztel.es [87.216.167.68]) by ietfa.amsl.com (Postfix) with ESMTP id A9AC611E8282 for <perpass@ietf.org>; Wed, 23 Oct 2013 14:39:04 -0700 (PDT)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by rolamasao.org (Postfix_t) with ESMTPSA id 8421111EB0 for <perpass@ietf.org>; Wed, 23 Oct 2013 22:38:59 +0100 (WEST)
Message-ID: <526841F3.4040505@rolamasao.org>
Date: Wed, 23 Oct 2013 22:38:59 +0100
From: Noel Torres <envite@rolamasao.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: perpass@ietf.org
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com> <52683DDF.9030407@rolamasao.org> <20131023213555.GE94140@funkthat.com>
In-Reply-To: <20131023213555.GE94140@funkthat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 21:39:34 -0000

On 23/10/13 22:35, John-Mark Gurney wrote:
[...]
>
> My question is what does your idea bring the isn't already covered by
> some combination of STARTTLS/DKIM/SPF/etc?  Assuming small modifications
> are made, such as expanding SPF to include the FP of the sender's cert.
>
Mostly two things:
a) stopping some spam messages before they even are transmitted
b) not being a combination but an idea that naturally addresses both 
wiretapping and spam
Also
c) not being DNS dependant

I will follow a good advice from one list member and will write a 
document with the idea.

Thanks all

Noel
er Envite

From ned+perpass@mrochek.com  Wed Oct 23 15:23:03 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3F1211E826F for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 15:23:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.769
X-Spam-Level: 
X-Spam-Status: No, score=-0.769 tagged_above=-999 required=5 tests=[AWL=-0.814, BAYES_50=0.001, DATE_IN_PAST_03_06=0.044]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wFfKYXRQIJAt for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 15:23:00 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 3E6FC11E8276 for <perpass@ietf.org>; Wed, 23 Oct 2013 15:23:00 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZXEV66N9S00587G@mauve.mrochek.com> for perpass@ietf.org; Wed, 23 Oct 2013 15:17:57 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1; Format=flowed
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZQXEDTQ3400004R@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Wed, 23 Oct 2013 15:17:52 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01OZXEV3WQ5O00004R@mauve.mrochek.com>
Date: Wed, 23 Oct 2013 11:30:10 -0700 (PDT)
In-reply-to: "Your message dated Wed, 16 Oct 2013 10:28:05 -0400" <525EA275.5020107@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie> <525EA275.5020107@bbn.com>
To: Stephen Kent <kent@bbn.com>
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 22:23:03 -0000

> Based only on the story that you cited, and your observation about
> telcos being the sources of the info, might it be the case that the
> telcos were also the mail providers? I'm not sure how to interpret
> the slides the the cite story included. That sort of explanation
> would be consistent with Ned's observations about commercial provider
> use of SSL to protect IMAP/POP access.

It is almost certainly the case that large ISPs and MSPs are what's being
targeted, because, to paraphrase the quote falsely attributed to Willie Sutton,
"That's where the data is".

So perhaps we should, you know, take a closer look at the current state of play
in this space. Given the relatively small number of players this isn't
all that difficult. 

For my testing I used a client that supported the following ciphersuites:

  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
  TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
  TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
  TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
  TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
  SSL_RSA_WITH_RC4_128_MD5 (0x0004)
  SSL_RSA_WITH_RC4_128_SHA (0x0005)
  TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
  SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
  SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
  SSL_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
  SSL_CK_RC4_128_WITH_MD5 (0xff01)
  SSL_CK_RC2_128_CBC_WITH_MD5 (0xff03)
  SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0xff07)

As most people are probably aware, the way SSL/TLS works is the client
proposes then the server selects the ciphersuite to use. The client I'm
using lets me enable whatever ciphersuite set I want, so when the server
selected something less than stellar I used this capability to see if I could
force a better result.

I mostly tested large MSPs and North American ISPs, but I tried a few European
and Australian ones as well. I attemped a few Asian and Middle Eastern
sites, but setup directions written in scripts I don't understand proved to
be too much of an obstable.

Anyway, the results are as follows:

1and1.com - imaps and imap, imap allows starttls
   imap.1and1.com - TLS_RSA_WITH_AES_256_CBC_SHA
     no DHE variants available

Apple: imaps only
   imap.mail.me.com - SSL_RSA_WITH_RC4_128_MD5,
     SSL_RSA_WITH_3DES_EDE_CBC_SHA if RC4 disabled,
     TLS_RSA_WITH_AES_256_CBC_SHA will be used if only AES ciphers allowed,
     no DHE variants available
     
AOL: imaps and imap, imap allows starttls
   imap.aol.com - TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA available
   
Cox Cable: imaps only
   imap.cox.net - TLS_RSA_WITH_AES_256_CBC_SHA, no DHE variants available

Charter: imaps only
   mobile.charter.net - TLS_RSA_WITH_AES_256_CBC_SHA,
     SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA available
   
Covad: imaps and imap, imap allows starttls
   mail.covad.net - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_RSA_WITH_AES_256_CBC_SHA if Camillia disabled
     no DHE variants available

Eastlink: imaps and imap, imap allows starttls
   mail.eastlink.ca - TLS_RSA_WITH_AES_256_CBC_SHA, no DHE variants available

free.fr: imaps and imap, imap w/o starttls
   imap.free.fr - TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  
GoDaddy: imaps and imap, imap allows starttls
   imap.secureserver.net - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_RSA_WITH_AES_256_CBC_SHA if Camillia disabled,
     no DHE variants available

Gmail: imaps only
   imap.gmail.com - SSL_RSA_WITH_RC4_128_SHA,
     TLS_RSA_WITH_AES_128_CBC_SHA if RC4 disabled, no DHE variants available

GMX Mail: imaps and imap, imap w/o starttls
   imap.gmx.com - TLS_RSA_WITH_AES_256_CBC_SHA
     no DHE variants available

Hotmail: imaps only
   imap-mail.outlook.com - TLS_RSA_WITH_AES_128_CBC_SHA,
     no DHE variants available

iinet: imaps and imap, imap allows starttls
   mail.iinet.net.au - TLS_RSA_WITH_AES_256_CBC_SHA
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA available

Insight Communications: imaps and imap, imap allows starttls
   mail.insightbb.com - TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Internode: imaps and imap, imap w/o starttls
   mail.internode.on.net - SSL_RSA_WITH_RC4_128_MD5
     SSL_RSA_WITH_3DES_EDE_CBC_SHA if RC4 disabled,
     TLS_RSA_WITH_AES_128_CBC_SHA if only AES ciphers allowed,
     no DHE variants available

Namesco: imaps and imap, imap w/o starttls
   imap.hosts.co.uk - TLS_DHE_RSA_WITH_AES_256_CBC_SHA

neuf.fr: imaps and imap, imap w/o starttls
   imap.neuf.fr - TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Optus Broadband: imaps and imap, imap allows starttls
   mail.optusnet.com.au - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA is Camilla disabled

telefonica.net: imap w/o starttls
   imap.telefonica.net

tre.it: imap w/o starttls (8 year old server software!)
   imap.tre.it

Yahoo: imaps and imap, imap requires starttls
   imap.mail.yahoo.com - SSL_RSA_WITH_RC4_128_SHA,
     TLS_RSA_WITH_AES_128_CBC_SHA if RC4 disabled,
     no DHE variants available

Videotron: imap w/o starttls
   imap.videotron.ca

Notes:

(1) Verizon, Comcast, Netzero, Earthlink, Mindspring, Sprint (?),
    Shaw Cable, lightspeed.ca, Cogeco, Time Warner Cable,
    CableVision(OptimumOnline) (?), Bigpond, and Mediacom do not support IMAP
(2) AT&T?, Rogers Cable use Yahoo for IMAP
(3) Cable One, Telecable uses gmail for IMAP
(4) The presence of Camellia as an option is explained by the fact that in
    NSS if Camillia is enabled at all it is used preferentially. (Although
    maybe not in the case of Optus Broadband.)

Keeping in mind that this is hardly a comprehensive list of the world's ISPs,
I'll first note that the ciphersuite situation is better than I expected. A
minority of services, albeit some of the biggest ones, prefer RC4. And nobody
insisted on it. Quite a few even go so far as to prefer a DHE variant. But more
of them need to support and prefer something in the DHE/AES set. This is a place
where some clear guidance would probably be helpful, as long as it involves
using ciphersuites for which support is readily available. (The obvious starting
point is for servers to always prefer AES to RC4 and always prefer DHE variants
to non-DHE variants. I'll the ranking of those two to those more pedantic than
I.)

Only three of the services tested, one in North America and the others in
Europe, offered no SSL/TLS at all. That strikes me as pretty good coverage
overall, and perhaps the Snoden revelations will make something good happen to
those, as it is doing at Yahoo.

But these results, while encouraging, don't say anything good about the IETF's
ability to mandate security. The IETF recommended best operational practice
(effectively a SHOULD in RFC 3501) is to only offer port 143 and require
STARTTLS on that port, as indicated by the LOGINDISABLED capability. Not a
single provider I tested implemented that specific variant. Not. One.

The closest was Yahoo - you know, the folks whose web mail has no security at
all - which does operate port 143 that way, but they also offered the
nonstandard imaps on port 993. Five services, including most of the largest
ones, offered the nonstandard imaps only. An equal number offered imaps but no
SSL/TLS capability on port 143. (These results are explained by the use of load
balancers that act as the termination point for SSL/TLS.)

Anyway, I've spent enough time on this, but if anyone else wants to throw
additional results for large ISPs and MSPs my way, especially from places using
scripts I don't grok, I'd appreciate it.

				Ned

From ned+perpass@mrochek.com  Wed Oct 23 15:30:07 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1962D11E8266 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 15:30:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.955
X-Spam-Level: 
X-Spam-Status: No, score=-1.955 tagged_above=-999 required=5 tests=[AWL=0.644,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0igR5mZNSWTx for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 15:30:02 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 8997411E826F for <perpass@ietf.org>; Wed, 23 Oct 2013 15:30:01 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZXF3XD6740077BK@mauve.mrochek.com> for perpass@ietf.org; Wed, 23 Oct 2013 15:24:59 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZQXEDTQ3400004R@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Wed, 23 Oct 2013 15:24:56 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01OZXF3VXLUO00004R@mauve.mrochek.com>
Date: Wed, 23 Oct 2013 15:19:52 -0700 (PDT)
In-reply-to: "Your message dated Wed, 23 Oct 2013 20:35:48 +0100" <52682514.4070609@cs.tcd.ie>
References: <20131023182804.GH56872@funkthat.com> <52681EF6.2030801@bluepopcorn.net> <52682514.4070609@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Jim Fenton <fenton@bluepopcorn.net>, perpass@ietf.org
Subject: Re: [perpass] perpass list email not sent encrypted...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 22:30:07 -0000

> On 10/23/2013 08:09 PM, Jim Fenton wrote:
> > On 10/23/13 11:28 AM, John-Mark Gurney wrote:
> >> Is it just me, or is it funny that we are talking about securing the
> >> inet, yet the ietf apparently doesn't do STARTTLS when sending email?
> >> and hence the perpass email list is sent out unencrypted...
> >>
> >> Guess I'll drop a note to postmaster@ietf.com.
> >>
> > It's not just you.  IETF SHOULD be using STARTTLS for email, not
> > particularly for this or other mailing lists (where attackers could just
> > read the archives, anyway) but because it's the Right Thing To Do.

> That was discussed in the DANE meeting in Berlin and
> there's a plan for eating our own dogfood, but I'm
> not sure where its at. Will check.

If by "for email" you mean "for outgoing SMTP relay", this this is *not*
as easy as turning on opportunistic use of STARTTLS in SMTP.

The main problem is dealing with SSL/TLS negotiation failures, either because
you don't share a ciphersuite or because the server says it supports STARTTLS
but doesn't actally have a certificate installed. (The latter is distressingly
common.) When this happens you have to close the connection and try again. Some
SMTP clients support this, others do not.

As for DANE or other DNS announcements, it's far too new to be of much use.

				Ned

From kathleen.moriarty@emc.com  Wed Oct 23 15:36:53 2013
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDE0311E8280 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 15:36:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.753
X-Spam-Level: 
X-Spam-Status: No, score=-2.753 tagged_above=-999 required=5 tests=[AWL=-0.154, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Yc7YjIIdcvj for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 15:36:35 -0700 (PDT)
Received: from mailuogwdur.emc.com (mailuogwdur.emc.com [128.221.224.79]) by ietfa.amsl.com (Postfix) with ESMTP id 9824311E8282 for <perpass@ietf.org>; Wed, 23 Oct 2013 15:36:18 -0700 (PDT)
Received: from maildlpprd56.lss.emc.com (maildlpprd56.lss.emc.com [10.106.48.160]) by mailuogwprd54.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9NMaGx3017646 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 23 Oct 2013 18:36:17 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd54.lss.emc.com r9NMaGx3017646
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1382567777; bh=67twz6orNs7IJr6tjj6RzAie30c=; h=From:To:CC:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=HcWZ8A+ZG5a8FqQco5wNP9hZxkar7+k+jU1b84h6wXWLxAbnigEyqW6ABZQ9A2oHK 7RRUd3hdkK+F2dSKS75NqzY9iuj6gA0uYjzefEz//g1aQdLU29hNI9OGsnaNjwJuLQ Mk7AqffvStCees6Kj0u9R/ncvsDLuS1qIC6KfrHw=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd54.lss.emc.com r9NMaGx3017646
Received: from mailusrhubprd54.lss.emc.com (mailusrhubprd54.lss.emc.com [10.106.48.19]) by maildlpprd56.lss.emc.com (RSA Interceptor); Wed, 23 Oct 2013 18:35:59 -0400
Received: from mxhub08.corp.emc.com (mxhub08.corp.emc.com [128.222.70.205]) by mailusrhubprd54.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9NMZwTt028253 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 23 Oct 2013 18:35:59 -0400
Received: from mx15a.corp.emc.com ([169.254.1.46]) by mxhub08.corp.emc.com ([128.222.70.205]) with mapi; Wed, 23 Oct 2013 18:35:47 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: Noel Torres <envite@rolamasao.org>
Date: Wed, 23 Oct 2013 18:35:53 -0400
Thread-Topic: [perpass] e-mail security idea: server2server PGP
Thread-Index: Ac7QQD4dK/+NJNW/R3+ucbrY6SHqiw==
Message-ID: <47EC7968-F4DD-42D9-BEAA-9435A010CECB@emc.com>
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com> <52683DDF.9030407@rolamasao.org> <20131023213555.GE94140@funkthat.com> <526841F3.4040505@rolamasao.org>
In-Reply-To: <526841F3.4040505@rolamasao.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd54.lss.emc.com
X-RSA-Classifications: public
Cc: "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 22:36:53 -0000
X-List-Received-Date: Wed, 23 Oct 2013 22:36:53 -0000

Noel,

Great, writing a draft will be helpful and appreciated.  While the comments=
 may have come across as negative, think of them as helpful to possibly imp=
rove your idea or to combine with other ideas as appropriate through brains=
torming.  What I see is interest in a discussion, that's positive. =20

Seeing the full idea may change minds or offer opportunities for you to ass=
ist with improvements to existing efforts. =20

Kathleen=20
(Reading way too much for the diversity work - LOL).=20

Sent from my iPhone

On Oct 23, 2013, at 4:39 PM, "Noel Torres" <envite@rolamasao.org> wrote:

> On 23/10/13 22:35, John-Mark Gurney wrote:
> [...]
>>=20
>> My question is what does your idea bring the isn't already covered by
>> some combination of STARTTLS/DKIM/SPF/etc?  Assuming small modifications
>> are made, such as expanding SPF to include the FP of the sender's cert.
> Mostly two things:
> a) stopping some spam messages before they even are transmitted
> b) not being a combination but an idea that naturally addresses both=20
> wiretapping and spam
> Also
> c) not being DNS dependant
>=20
> I will follow a good advice from one list member and will write a=20
> document with the idea.
>=20
> Thanks all
>=20
> Noel
> er Envite
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>=20

From stephen.farrell@cs.tcd.ie  Wed Oct 23 15:40:22 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C52511E82E5 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 15:40:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J3NHI-0NfLzH for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 15:40:16 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id E17EF11E83ED for <perpass@ietf.org>; Wed, 23 Oct 2013 15:39:04 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5D4C2BE61; Wed, 23 Oct 2013 23:38:42 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hIZ-XqYovSGI; Wed, 23 Oct 2013 23:38:41 +0100 (IST)
Received: from [10.87.48.13] (unknown [86.41.61.48]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 1BD02BE60; Wed, 23 Oct 2013 23:38:41 +0100 (IST)
Message-ID: <52684FF0.4040306@cs.tcd.ie>
Date: Wed, 23 Oct 2013 23:38:40 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: ned+perpass@mrochek.com, Stephen Kent <kent@bbn.com>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com>	<525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie>	<01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie>	<525EA275.5020107@bbn.com> <01OZXEV3WQ5O00004R@mauve.mrochek.com>
In-Reply-To: <01OZXEV3WQ5O00004R@mauve.mrochek.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 22:40:22 -0000

Hiya,

On 10/23/2013 07:30 PM, ned+perpass@mrochek.com wrote:
> 
> Keeping in mind that this is hardly a comprehensive list of the world's
> ISPs,

Quite useful though. Thanks.

> I'll first note that the ciphersuite situation is better than I expected. 

Ditto.

> A
> minority of services, albeit some of the biggest ones, prefer RC4. And
> nobody
> insisted on it. Quite a few even go so far as to prefer a DHE variant.
> But more
> of them need to support and prefer something in the DHE/AES set. This is
> a place
> where some clear guidance would probably be helpful, as long as it involves
> using ciphersuites for which support is readily available. (The obvious
> starting
> point is for servers to always prefer AES to RC4 and always prefer DHE
> variants
> to non-DHE variants. I'll the ranking of those two to those more
> pedantic than
> I.)

Any voluneteers? Might be close enough to fit in the smtp/tls
draft Alexey said he'd look at.

> 
> Only three of the services tested, one in North America and the others in
> Europe, offered no SSL/TLS at all. That strikes me as pretty good coverage
> overall, and perhaps the Snoden revelations will make something good
> happen to
> those, as it is doing at Yahoo.
> 
> But these results, while encouraging, don't say anything good about the
> IETF's
> ability to mandate security. The IETF recommended best operational practice
> (effectively a SHOULD in RFC 3501) is to only offer port 143 and require
> STARTTLS on that port, as indicated by the LOGINDISABLED capability. Not a
> single provider I tested implemented that specific variant. Not. One.

Yep. I agree that's a problem. Seems we disagree about the
conclusion to be drawn though. For me, the above indicates
that our current "make 'em specify a MTI (in the RFC6919
sense)" failed in this case.

I conjecture that had there been a more-than-MTI practice in
place way back then, its a good bit more likely we'd not have
screwed up on the TLS stuff. And so I figure its worth
investigating that some more. (Not for IMAP, but in general
for current/future work.)

S.





From warren@kumari.net  Wed Oct 23 15:44:31 2013
Return-Path: <warren@kumari.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42D5D11E827F for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 15:44:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8C-gVEZCFA8i for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 15:44:26 -0700 (PDT)
Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE09011E8277 for <perpass@ietf.org>; Wed, 23 Oct 2013 15:44:25 -0700 (PDT)
Received: from [192.168.1.153] (unknown [66.84.81.103]) by vimes.kumari.net (Postfix) with ESMTPSA id B5E801B40313; Wed, 23 Oct 2013 18:44:24 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <52682514.4070609@cs.tcd.ie>
Date: Wed, 23 Oct 2013 18:44:24 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <DDAD3BB6-2502-4040-939C-863EEFB004AB@kumari.net>
References: <20131023182804.GH56872@funkthat.com> <52681EF6.2030801@bluepopcorn.net> <52682514.4070609@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1510)
Cc: Jim Fenton <fenton@bluepopcorn.net>, perpass@ietf.org, Warren Kumari <warren@kumari.net>
Subject: Re: [perpass] perpass list email not sent encrypted...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 22:44:31 -0000

On Oct 23, 2013, at 3:35 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> =
wrote:

>=20
>=20
> On 10/23/2013 08:09 PM, Jim Fenton wrote:
>> On 10/23/13 11:28 AM, John-Mark Gurney wrote:
>>> Is it just me, or is it funny that we are talking about securing the
>>> inet, yet the ietf apparently doesn't do STARTTLS when sending =
email?
>>> and hence the perpass email list is sent out unencrypted...
>>>=20
>>> Guess I'll drop a note to postmaster@ietf.com.
>>>=20
>> It's not just you.  IETF SHOULD be using STARTTLS for email, not
>> particularly for this or other mailing lists (where attackers could =
just
>> read the archives, anyway) but because it's the Right Thing To Do.
>=20
> That was discussed in the DANE meeting in Berlin and
> there's a plan for eating our own dogfood, but I'm
> not sure where its at. Will check.

Yup.

We reached out to the folk who run the mail servers for the IETF (AMS).

The servers that are currently handling mail are (or, were when I =
chatted with them) older boxes, running older versions of Linux (and, =
presumably older MTA).
AMS was in the process of deploying shiny new boxes, with new OS, etc. =
I'm suspecting that the plans might have gotten delayed a bit.

Once the newer boxes are up the plan (from what I understand) was to =
migrate over to them, and then enable STARTTLS. After that we were =
planning on doing DANE.

W

>=20
> S.
>=20
>>=20
>> -Jim
>> _______________________________________________
>> perpass mailing list
>> perpass@ietf.org
>> https://www.ietf.org/mailman/listinfo/perpass
>>=20
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>=20

--
What our ancestors would really be thinking, if they were alive today, =
is: "Why is it so dark in here?"

    -- (Terry Pratchett, Pyramids)



From kathleen.moriarty@emc.com  Wed Oct 23 16:19:19 2013
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E692E11E8290 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 16:19:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.339
X-Spam-Level: 
X-Spam-Status: No, score=-2.339 tagged_above=-999 required=5 tests=[AWL=0.260,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xL3P5iTm4q5M for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 16:19:16 -0700 (PDT)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id EC1CA11E828A for <perpass@ietf.org>; Wed, 23 Oct 2013 16:19:15 -0700 (PDT)
Received: from maildlpprd03.lss.emc.com (maildlpprd03.lss.emc.com [10.253.24.35]) by mailuogwprd01.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9NNJDfv014532 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 23 Oct 2013 19:19:14 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd01.lss.emc.com r9NNJDfv014532
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1382570354; bh=Siw1F6HoWlc6NMGtZKXiVgsSEMU=; h=From:To:CC:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=rNmvwhDDxCsQQ7dTlKLyeczo/wk755eq4wChmFhUb5ckPcKHMXcPFY6wIlr8a35Ce /9CTjSEEjMrJ0DgPw81GaILhu7n6ZQHQZWlUKSvhCU12P3FOH0bH1fUB4iQjyJRlix o8sWN5bYuQknu2OtgbiaZ2mreXSjj98ikm605vhI=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd01.lss.emc.com r9NNJDfv014532
Received: from mailusrhubprd04.lss.emc.com (mailusrhubprd04.lss.emc.com [10.253.24.22]) by maildlpprd03.lss.emc.com (RSA Interceptor); Wed, 23 Oct 2013 19:19:03 -0400
Received: from mxhub34.corp.emc.com (mxhub34.corp.emc.com [10.254.93.82]) by mailusrhubprd04.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9NNJ2H9011317 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 23 Oct 2013 19:19:02 -0400
Received: from mx15a.corp.emc.com ([169.254.1.46]) by mxhub34.corp.emc.com ([::1]) with mapi; Wed, 23 Oct 2013 19:19:02 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: Cullen Jennings <fluffy@iii.ca>
Date: Wed, 23 Oct 2013 19:18:59 -0400
Thread-Topic: [perpass] Few things the IETF might standardize for secure collaboration
Thread-Index: Ac7QRkJhewfp3WMiQGubJ5yDpBMVHA==
Message-ID: <77E25C20-CF02-4EBD-A9AF-4440634BEE9E@emc.com>
References: <7A3480BE-9791-4B80-B5B7-6B07F9F68E48@iii.ca>
In-Reply-To: <7A3480BE-9791-4B80-B5B7-6B07F9F68E48@iii.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd04.lss.emc.com
X-RSA-Classifications: public
Cc: "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] Few things the IETF might standardize for secure	collaboration
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2013 23:19:20 -0000

Cullen,

Nice draft!  I have been thinking about this problem as well and wonder whe=
re the line is for those who want protections from monitoring.  What level =
of protection is needed so that the options we provide make sense and are a=
ctually used?  Do we need to go further and what is the demand?

In addition to your proposal, I am wondering if we need alternate algorithm=
s when worried about these use cases (e.g. Twofish instead of AES, etc.).  =
Also, having the IdP as a service provider may be a showstopper for those c=
oncerned with monitoring, why couldn't that service provider be contacted a=
s well?

The point at which encryption is performed is use case dependent.  You ment=
ion encryption at the client in the strategy slide, which is very important=
 for this use case (not at the host or storage level).  I would suggest rep=
eating this in the Encrypted Data Content slide - encryption at the client =
or 'guest' level.  Guest is another term I have been hearing, but I am not =
sure if it is a common term.

Thanks,
Kathleen=20

Sent from my iPhone

On Oct 20, 2013, at 5:57 PM, "Cullen Jennings" <fluffy@iii.ca> wrote:

>=20
> I've been thinking about how to build cloud collaborations systems where =
the data is encrypted and the cloud does not have the keys. Very interested=
 in hearing others thoughts on how to do this.=20
>=20
> Near the end is a list of things that it would be helpful if the IETF sta=
ndardized.=20
>=20
> http://www.ietf.org/id/draft-jennings-perpass-secure-rai-cloud-00.pdf
>=20
> Cullen
>=20
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>=20

From rlb@ipv.sx  Wed Oct 23 17:47:58 2013
Return-Path: <rlb@ipv.sx>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B4BE11E8264 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 17:47:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.886
X-Spam-Level: 
X-Spam-Status: No, score=-2.886 tagged_above=-999 required=5 tests=[AWL=0.090,  BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AVK9okUZGeER for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 17:47:54 -0700 (PDT)
Received: from mail-ob0-f173.google.com (mail-ob0-f173.google.com [209.85.214.173]) by ietfa.amsl.com (Postfix) with ESMTP id 7715A11E82A2 for <perpass@ietf.org>; Wed, 23 Oct 2013 17:47:51 -0700 (PDT)
Received: by mail-ob0-f173.google.com with SMTP id gq1so1649589obb.32 for <perpass@ietf.org>; Wed, 23 Oct 2013 17:47:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=IQpSwGgAob4umpbj8hJfPt3ivWPcZEmxys74+kZvpkU=; b=J0djr8GZhAcFbwdNxEPhzwpsC6w2PK+FlTLHu+sVqCqWUc5o7DHuWr6yVKSN8HVY0U YgF9wOvI+3CGs7WiVoSuMKH6soZy/2qEfARhgFDiObUt+P5IIZVcByyDA+ZFqST+yJ4M qykG6eqK+hp/xGWEuwxvoxKLnOPv+n5Adu9FK5vNL+LWlxr4VIcQzKbBaEvSvHqNPWe1 uyrcMdOGpv9Qep+V51v5d9Sz+Bxy7tEdbhx31TK36i+XAAHsCi7s91xJG0rkFfAHvY7R TdJBJNMWbs/yysmy6rW+DNewAofuvjUTt0XvUaSNvz7M6ZjMhDhpDEkuSNr+8fQMiZty vGMQ==
X-Gm-Message-State: ALoCoQn48xQzQiGU84kyYweh3QnhuWbLYuCDSvoAukrsbv02JqFW3zo/Awbw5dKm/i9HAYxeHa4D
MIME-Version: 1.0
X-Received: by 10.182.38.228 with SMTP id j4mr55149obk.94.1382575670947; Wed, 23 Oct 2013 17:47:50 -0700 (PDT)
Received: by 10.76.101.10 with HTTP; Wed, 23 Oct 2013 17:47:50 -0700 (PDT)
In-Reply-To: <52682514.4070609@cs.tcd.ie>
References: <20131023182804.GH56872@funkthat.com> <52681EF6.2030801@bluepopcorn.net> <52682514.4070609@cs.tcd.ie>
Date: Wed, 23 Oct 2013 20:47:50 -0400
Message-ID: <CAL02cgSnN6x7R3Se1kajwJkXzWAkoLtK0HDe9pYiNNWyi7WEag@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary=001a11c2f3a6bdff3504e971fb9b
Cc: Jim Fenton <fenton@bluepopcorn.net>, perpass <perpass@ietf.org>
Subject: Re: [perpass] perpass list email not sent encrypted...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 00:47:58 -0000

--001a11c2f3a6bdff3504e971fb9b
Content-Type: text/plain; charset=ISO-8859-1

On Wed, Oct 23, 2013 at 3:35 PM, Stephen Farrell
<stephen.farrell@cs.tcd.ie>wrote:
>
>
> On 10/23/2013 08:09 PM, Jim Fenton wrote:
> > On 10/23/13 11:28 AM, John-Mark Gurney wrote:
> >> Is it just me, or is it funny that we are talking about securing the
> >> inet, yet the ietf apparently doesn't do STARTTLS when sending email?
> >> and hence the perpass email list is sent out unencrypted...
> >>
> >> Guess I'll drop a note to postmaster@ietf.com.
> >>
> > It's not just you.  IETF SHOULD be using STARTTLS for email, not
> > particularly for this or other mailing lists (where attackers could just
> > read the archives, anyway) but because it's the Right Thing To Do.
>
> That was discussed in the DANE meeting in Berlin and
> there's a plan for eating our own dogfood, but I'm
> not sure where its at. Will check.
>
> S.
>

I can sort of see the dogfood / Right Thing To Do argument.  But it seems
kind of silly to waste the bits / cycles encrypting things whose entire
point is to be public.

--Richard



> >
> > -Jim
> > _______________________________________________
> > perpass mailing list
> > perpass@ietf.org
> > https://www.ietf.org/mailman/listinfo/perpass
> >
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>

--001a11c2f3a6bdff3504e971fb9b
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On W=
ed, Oct 23, 2013 at 3:35 PM, Stephen Farrell <span dir=3D"ltr">&lt;<a href=
=3D"mailto:stephen.farrell@cs.tcd.ie" target=3D"_blank">stephen.farrell@cs.=
tcd.ie</a>&gt;</span> wrote:<blockquote class=3D"gmail_quote" style=3D"marg=
in:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class=3D"im">
<br>
On 10/23/2013 08:09 PM, Jim Fenton wrote:<br>
&gt; On 10/23/13 11:28 AM, John-Mark Gurney wrote:<br>
&gt;&gt; Is it just me, or is it funny that we are talking about securing t=
he<br>
&gt;&gt; inet, yet the ietf apparently doesn&#39;t do STARTTLS when sending=
 email?<br>
&gt;&gt; and hence the perpass email list is sent out unencrypted...<br>
&gt;&gt;<br>
&gt;&gt; Guess I&#39;ll drop a note to <a href=3D"mailto:postmaster@ietf.co=
m">postmaster@ietf.com</a>.<br>
&gt;&gt;<br>
&gt; It&#39;s not just you. =A0IETF SHOULD be using STARTTLS for email, not=
<br>
&gt; particularly for this or other mailing lists (where attackers could ju=
st<br>
&gt; read the archives, anyway) but because it&#39;s the Right Thing To Do.=
<br>
<br>
</div>That was discussed in the DANE meeting in Berlin and<br>
there&#39;s a plan for eating our own dogfood, but I&#39;m<br>
not sure where its at. Will check.<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
S.<br></div></div></blockquote><div><br></div><div>I can sort of see the do=
gfood / Right Thing To Do argument. =A0But it seems kind of silly to waste =
the bits / cycles encrypting things whose entire point is to be public. =A0=
</div>
<div><br></div><div>--Richard</div><div><br></div><div>=A0</div><blockquote=
 class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc soli=
d;padding-left:1ex"><div class=3D"HOEnZb"><div class=3D"h5">
&gt;<br>
&gt; -Jim<br>
&gt; _______________________________________________<br>
&gt; perpass mailing list<br>
&gt; <a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_b=
lank">https://www.ietf.org/mailman/listinfo/perpass</a><br>
&gt;<br>
_______________________________________________<br>
perpass mailing list<br>
<a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_blank"=
>https://www.ietf.org/mailman/listinfo/perpass</a><br>
</div></div></blockquote></div><br></div></div>

--001a11c2f3a6bdff3504e971fb9b--

From stephen.farrell@cs.tcd.ie  Wed Oct 23 17:53:31 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB47111E82A3 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 17:53:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9e-PFvDlIYoc for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 17:53:27 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id B9FDC11E823D for <perpass@ietf.org>; Wed, 23 Oct 2013 17:53:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 05089BE6F; Thu, 24 Oct 2013 01:53:25 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5P19fDfNmu4h; Thu, 24 Oct 2013 01:53:23 +0100 (IST)
Received: from [10.87.48.13] (unknown [86.41.61.48]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 9FC54BE3F; Thu, 24 Oct 2013 01:53:23 +0100 (IST)
Message-ID: <52686F83.5070508@cs.tcd.ie>
Date: Thu, 24 Oct 2013 01:53:23 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Richard Barnes <rlb@ipv.sx>
References: <20131023182804.GH56872@funkthat.com>	<52681EF6.2030801@bluepopcorn.net> <52682514.4070609@cs.tcd.ie> <CAL02cgSnN6x7R3Se1kajwJkXzWAkoLtK0HDe9pYiNNWyi7WEag@mail.gmail.com>
In-Reply-To: <CAL02cgSnN6x7R3Se1kajwJkXzWAkoLtK0HDe9pYiNNWyi7WEag@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Jim Fenton <fenton@bluepopcorn.net>, perpass <perpass@ietf.org>
Subject: Re: [perpass] perpass list email not sent encrypted...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 00:53:31 -0000

On 10/24/2013 01:47 AM, Richard Barnes wrote:
> I can sort of see the dogfood / Right Thing To Do argument.  But it seems
> kind of silly to waste the bits / cycles encrypting things whose entire
> point is to be public.

Not everything that goes in or out of ietf.org via
SMTP is public. See ombudspersonage discussion for
example. Or nomcom. For most lists, yes, this isn't
much of a deal over and above dogfood consumption.

S


> 
> --Richard
> 
> 
> 
>>>
>>> -Jim
>>> _______________________________________________
>>> perpass mailing list
>>> perpass@ietf.org
>>> https://www.ietf.org/mailman/listinfo/perpass
>>>
>> _______________________________________________
>> perpass mailing list
>> perpass@ietf.org
>> https://www.ietf.org/mailman/listinfo/perpass
>>
> 
> 
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 

From rlb@ipv.sx  Wed Oct 23 18:54:17 2013
Return-Path: <rlb@ipv.sx>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94D2C11E82B3 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 18:54:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.887
X-Spam-Level: 
X-Spam-Status: No, score=-2.887 tagged_above=-999 required=5 tests=[AWL=0.089,  BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id thqrAyhb3Q-u for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 18:54:13 -0700 (PDT)
Received: from mail-oa0-f42.google.com (mail-oa0-f42.google.com [209.85.219.42]) by ietfa.amsl.com (Postfix) with ESMTP id 75D5C11E82AC for <perpass@ietf.org>; Wed, 23 Oct 2013 18:54:11 -0700 (PDT)
Received: by mail-oa0-f42.google.com with SMTP id k14so1793804oag.15 for <perpass@ietf.org>; Wed, 23 Oct 2013 18:54:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=L8K6LKGPhUbElRAdYUOmivJD+CAGYTnQf8dDxBM1BwA=; b=WPx4KfSLug8qMcN7nW4JN3vjeykSskWvR8F3/Wh51PHbgIXr2dcOnw8oXcOxseHBDP m/ID8n7cKu0UHbujc9yhauWxXO8fIRQlXDfqc60I4fzS7KsJFirzYc1a/2k4gn6DrFi2 csoTxTzKpcSOSVBDtMRekvtqQ8G+HzQtho9/g2Fdzm463PFe9iTpYVlEYReriNhOyS37 yqNJt/OMciTzFcVC+W/jmf3wdsT+qCDejpttTErKe4eOp8S+lxp1yV/4iJ/V+qJAJ8tu MQOFrDYZZ+EAAqXdStuZApXLdcONJDVq2CMOD9YWn+2NNY6wA0gihDfM+5BlpxBOd8CS 8ovg==
X-Gm-Message-State: ALoCoQmGAwXq2RLs42xREw8P7Jihx0RoF9zhy36s26eELn+GVZ70GrCyx2O3QGxdO/apiOXc9PLw
MIME-Version: 1.0
X-Received: by 10.60.44.193 with SMTP id g1mr153286oem.47.1382579650796; Wed, 23 Oct 2013 18:54:10 -0700 (PDT)
Received: by 10.76.101.10 with HTTP; Wed, 23 Oct 2013 18:54:10 -0700 (PDT)
In-Reply-To: <52686F83.5070508@cs.tcd.ie>
References: <20131023182804.GH56872@funkthat.com> <52681EF6.2030801@bluepopcorn.net> <52682514.4070609@cs.tcd.ie> <CAL02cgSnN6x7R3Se1kajwJkXzWAkoLtK0HDe9pYiNNWyi7WEag@mail.gmail.com> <52686F83.5070508@cs.tcd.ie>
Date: Wed, 23 Oct 2013 21:54:10 -0400
Message-ID: <CAL02cgQ6PbkQe4XoYCK-H1RtZmaX8weCDUZBD=4j_+wUWDfu+Q@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary=001a11333dc8f5b1e104e972e823
Cc: Jim Fenton <fenton@bluepopcorn.net>, perpass <perpass@ietf.org>
Subject: Re: [perpass] perpass list email not sent encrypted...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 01:54:17 -0000

--001a11333dc8f5b1e104e972e823
Content-Type: text/plain; charset=ISO-8859-1

On Wed, Oct 23, 2013 at 8:53 PM, Stephen Farrell
<stephen.farrell@cs.tcd.ie>wrote:
>
> On 10/24/2013 01:47 AM, Richard Barnes wrote:
> > I can sort of see the dogfood / Right Thing To Do argument.  But it seems
> > kind of silly to waste the bits / cycles encrypting things whose entire
> > point is to be public.
>
> Not everything that goes in or out of ietf.org via
> SMTP is public. See ombudspersonage discussion for
> example. Or nomcom. For most lists, yes, this isn't
> much of a deal over and above dogfood consumption.
>

Ok, fair enough.  Those instances had slipped my mind.  Perhaps this a good
illustration of why turning on TLS is the Right Thing To Do -- even if you
think everything transiting your mail server is public, there's probably
something you've forgotten.  :)

--Richard




>
> S
>
>
> >
> > --Richard
> >
> >
> >
> >>>
> >>> -Jim
> >>> _______________________________________________
> >>> perpass mailing list
> >>> perpass@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/perpass
> >>>
> >> _______________________________________________
> >> perpass mailing list
> >> perpass@ietf.org
> >> https://www.ietf.org/mailman/listinfo/perpass
> >>
> >
> >
> >
> > _______________________________________________
> > perpass mailing list
> > perpass@ietf.org
> > https://www.ietf.org/mailman/listinfo/perpass
> >
>

--001a11333dc8f5b1e104e972e823
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On W=
ed, Oct 23, 2013 at 8:53 PM, Stephen Farrell <span dir=3D"ltr">&lt;<a href=
=3D"mailto:stephen.farrell@cs.tcd.ie" target=3D"_blank">stephen.farrell@cs.=
tcd.ie</a>&gt;</span> wrote:<blockquote class=3D"gmail_quote" style=3D"marg=
in:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class=3D"im">
On 10/24/2013 01:47 AM, Richard Barnes wrote:<br>
&gt; I can sort of see the dogfood / Right Thing To Do argument. =A0But it =
seems<br>
&gt; kind of silly to waste the bits / cycles encrypting things whose entir=
e<br>
&gt; point is to be public.<br>
<br>
</div>Not everything that goes in or out of <a href=3D"http://ietf.org" tar=
get=3D"_blank">ietf.org</a> via<br>
SMTP is public. See ombudspersonage discussion for<br>
example. Or nomcom. For most lists, yes, this isn&#39;t<br>
much of a deal over and above dogfood consumption.<br></blockquote><div><br=
></div><div>Ok, fair enough. =A0Those instances had slipped my mind. =A0Per=
haps this a good illustration of why turning on TLS is the Right Thing To D=
o -- even if you think everything transiting your mail server is public, th=
ere&#39;s probably something you&#39;ve forgotten. =A0:)</div>
<div><br></div><div>--Richard</div><div><br></div><div><br></div><div>=A0</=
div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-lef=
t:1px #ccc solid;padding-left:1ex">
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
S<br>
</font></span><div class=3D"HOEnZb"><div class=3D"h5"><br>
<br>
&gt;<br>
&gt; --Richard<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; -Jim<br>
&gt;&gt;&gt; _______________________________________________<br>
&gt;&gt;&gt; perpass mailing list<br>
&gt;&gt;&gt; <a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
&gt;&gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/perpass" targ=
et=3D"_blank">https://www.ietf.org/mailman/listinfo/perpass</a><br>
&gt;&gt;&gt;<br>
&gt;&gt; _______________________________________________<br>
&gt;&gt; perpass mailing list<br>
&gt;&gt; <a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
&gt;&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=
=3D"_blank">https://www.ietf.org/mailman/listinfo/perpass</a><br>
&gt;&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; _______________________________________________<br>
&gt; perpass mailing list<br>
&gt; <a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_b=
lank">https://www.ietf.org/mailman/listinfo/perpass</a><br>
&gt;<br>
</div></div></blockquote></div><br></div></div>

--001a11333dc8f5b1e104e972e823--

From fluffy@iii.ca  Wed Oct 23 21:18:48 2013
Return-Path: <fluffy@iii.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DC0A11E8106 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 21:18:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.63
X-Spam-Level: 
X-Spam-Status: No, score=-2.63 tagged_above=-999 required=5 tests=[AWL=-0.031,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id frwNSuC5EDmD for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 21:18:42 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by ietfa.amsl.com (Postfix) with ESMTP id B3F0E11E8317 for <perpass@ietf.org>; Wed, 23 Oct 2013 21:18:41 -0700 (PDT)
Received: from [192.168.4.100] (unknown [128.107.239.233]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id DD2D922E200; Thu, 24 Oct 2013 00:18:30 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <DE0DE0E8-7BC7-457E-A7A1-AF263B37FEAF@icsi.berkeley.edu>
Date: Wed, 23 Oct 2013 22:18:28 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <BA6F4919-7164-4504-97B2-1229FC24F974@iii.ca>
References: <CE8A8DC9.369F0%york@isoc.org> <DE0DE0E8-7BC7-457E-A7A1-AF263B37FEAF@icsi.berkeley.edu>
To: Nicholas Weaver <nweaver@icsi.berkeley.edu>
X-Mailer: Apple Mail (2.1510)
Cc: "perpass@ietf.org" <perpass@ietf.org>, Dan York <york@isoc.org>
Subject: Re: [perpass] Few things the IETF might standardize for secure collaboration
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 04:18:48 -0000

On Oct 21, 2013, at 7:32 AM, Nicholas Weaver <nweaver@icsi.berkeley.edu> =
wrote:

> "I don't trust .com, I don't trust .ru, but I trust they won't collude =
against me" is a very interesting property

I have thought about this from a game theory point of view. Imagine a =
game where both player saw all the traffic pass though an under sea =
fiber optic cable. And then on some day in the future neither player can =
see any of the traffic unless they one player enables the other. =
Obviously if they both cooperated, they would be back the how it was at =
the start of the game. The question of if they will cooperate or not =
seems to me to depend on how they both use the data they used to get =
from the fiber optic cable, and the calculus of value of the information =
to them vs the value of the other player not having the information.=20

I get your point but I'm pretty cautious about assumption of who will =
and will not cooperate when people feel the end result justifies pretty =
outrageous means of getting to the end result. That said, I'm a fan of =
the types of check and balances you get when more than one person has to =
behave badly.=20



From fluffy@iii.ca  Wed Oct 23 21:23:49 2013
Return-Path: <fluffy@iii.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76D7C11E83B9 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 21:23:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.628
X-Spam-Level: 
X-Spam-Status: No, score=-2.628 tagged_above=-999 required=5 tests=[AWL=-0.029, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZqoVMS1ni5RP for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 21:23:45 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by ietfa.amsl.com (Postfix) with ESMTP id F20D611E8324 for <perpass@ietf.org>; Wed, 23 Oct 2013 21:23:44 -0700 (PDT)
Received: from [192.168.4.100] (unknown [128.107.239.233]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 2E41D22E253; Thu, 24 Oct 2013 00:23:43 -0400 (EDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <CE8A8DC9.369F0%york@isoc.org>
Date: Wed, 23 Oct 2013 22:23:42 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <7300A364-26EC-4966-86E1-B8463AB0D0C1@iii.ca>
References: <CE8A8DC9.369F0%york@isoc.org>
To: Dan York <york@isoc.org>
X-Mailer: Apple Mail (2.1510)
Cc: "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] Few things the IETF might standardize for secure collaboration
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 04:23:49 -0000

HI Dan,=20

inline =E2=80=A6

On Oct 21, 2013, at 6:11 AM, Dan York <york@isoc.org> wrote:

> Cullen,
>=20
> On 10/20/13 6:58 PM, "Cullen Jennings" <fluffy@iii.ca> wrote:
>=20
>=20
>> I've been thinking about how to build cloud collaborations systems =
where
>> the data is encrypted and the cloud does not have the keys. Very
>> interested in hearing others thoughts on how to do this.
>=20
> Good document. In a quick read I naturally have to react to slide 23
> (Trusting DNS) and also slide 11 (Certificate Authority).  On slide =
23,
> you say "Sorry, can't trust this yet.", but what happens as we get =
more
> DNSSEC deployed?  We're already seeing increased validation within =
caching
> resolvers and some measurements are showing around 8% of all DNS =
queries
> coming from resolvers that perform validation.  We're seeing steady =
growth
> in the number of DNSSEC-signed domains.  I know there are those who =
are
> skeptical about DNSSEC deployment, but I'm definitely seeing real
> growth... and see a number of trends pointing to that only continuing.

No question that things are going the right direction. Let figure out =
how we could use this and likely when. In fairness it will take time to =
build something like I am proposing and DNSSEC will be better then than =
it is now.=20

>=20
> Similarly, on slide 11 you mention the ongoing issue that CA's can =
issue
> bad certs and the goal is to detect this.  We do have an existing
> mechanism that can help here.  DANE (RFC 6698) allows the zone =
operator to
> include a fingerprint of a cert (or an entire cert) in a DNS zone and =
then
> sign that with DNSSEC.  Couple that with DNSSEC-validating resolvers =
and
> you've got a way to add an additional layer of trust assertions on top =
of
> the CA infrastructure.  Sure, CAs can still issue bad certs, but if =
the
> cert being offered doesn't match the cert fingerprint securely stored =
in
> DNS then the endpoint should know right then to reject the bad cert.

Using DANE for belt and suspenders on CAs seems good. I also think it =
would be well worth think about who is in the trust chain for a domain =
that was in .us vs say .cn and consider how that might all play out from =
security point of view. I had not thought much about this but it does =
deserve thinking about what we can do.=20


>=20
> Typo: slide 8 - I think you meant "in that you" - "The CA is "honest" =
is
> that you can tell if it issues your certi=EF=AC=81cate to someone else =
but there
> is no way to stop it from doing that"

oops - yes - The type of thing I was thinking about here are various =
proposal where CA publish all the certificates they have issued and =
there are various cryptographic hash chains that make it difficult for =
them to lie about this. That means a CA might be able to issue your cert =
to a bad guy but that it would later be possible to detect that.=20


>=20
>> Near the end is a list of things that it would be helpful if the IETF
>> standardized.
>=20
> Good list!

Tell me what to add to this list for DNSSEC / DANE that we are not =
already doing

> Dan
>=20
> --
> Dan York
> Senior Content Strategist, Internet Society
> york@isoc.org <mailto:york@isoc.org>   +1-802-735-1624
> Jabber: york@jabber.isoc.org <mailto:york@jabber.isoc.org>
> Skype: danyork   http://twitter.com/danyork
>=20
> http://www.internetsociety.org/deploy360/=20
>=20


From fluffy@iii.ca  Wed Oct 23 21:29:55 2013
Return-Path: <fluffy@iii.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C9D611E812B for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 21:29:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.626
X-Spam-Level: 
X-Spam-Status: No, score=-2.626 tagged_above=-999 required=5 tests=[AWL=-0.027, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EiJUjYkeRFTg for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 21:29:50 -0700 (PDT)
Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) by ietfa.amsl.com (Postfix) with ESMTP id C11E811E8121 for <perpass@ietf.org>; Wed, 23 Oct 2013 21:29:49 -0700 (PDT)
Received: from [192.168.4.100] (unknown [128.107.239.234]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id B072C50A86; Thu, 24 Oct 2013 00:29:48 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <77E25C20-CF02-4EBD-A9AF-4440634BEE9E@emc.com>
Date: Wed, 23 Oct 2013 22:29:46 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <DE4BA1FB-8113-43D5-A1C3-1B4CE22FB4C6@iii.ca>
References: <7A3480BE-9791-4B80-B5B7-6B07F9F68E48@iii.ca> <77E25C20-CF02-4EBD-A9AF-4440634BEE9E@emc.com>
To: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
X-Mailer: Apple Mail (2.1510)
Cc: "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] Few things the IETF might standardize for secure collaboration
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 04:29:55 -0000

On Oct 23, 2013, at 5:18 PM, "Moriarty, Kathleen" =
<kathleen.moriarty@emc.com> wrote:

> Cullen,
>=20
> Nice draft!  I have been thinking about this problem as well and =
wonder where the line is for those who want protections from monitoring. =
 What level of protection is needed so that the options we provide make =
sense and are actually used?  Do we need to go further and what is the =
demand?

I'v been pitching we need to make it harder for the bad guys and easier =
for the good guys. I think the lowest hanging fruit right now is mostly =
in easier for the good guys. Lot so places we have no security because =
it is inconvenient. Opportunistic encryption for example might make it =
easier for the good guys to have some encryption even though it was not =
as good as authenticated encryption. I want to figure out how to make =
this all cheap and easy for the end user.=20

>=20
> In addition to your proposal, I am wondering if we need alternate =
algorithms when worried about these use cases (e.g. Twofish instead of =
AES, etc.).

I'm not a crypto guy but it seems someone needs to be thinking about =
this. I sort of mention the formation of a "Suite Z" for people that =
don't like "Suite B".


>  Also, having the IdP as a service provider may be a showstopper for =
those concerned with monitoring, why couldn't that service provider be =
contacted as well?

If Skype is both the service provide and the IdP, well this is not much =
different than the current situation. But if I could run my own IdP on =
hardware I trust, or my employer could run an IdP on a server they trust =
and I trust them, well that would make for a different model.=20


>=20
> The point at which encryption is performed is use case dependent.  You =
mention encryption at the client in the strategy slide, which is very =
important for this use case (not at the host or storage level).  I would =
suggest repeating this in the Encrypted Data Content slide - encryption =
at the client or 'guest' level.  Guest is another term I have been =
hearing, but I am not sure if it is a common term.

Hmm - I'm not familiar with this "Guest" term in this context - can you =
explain more.=20

>=20
> Thanks,
> Kathleen=20
>=20
> Sent from my iPhone
>=20
> On Oct 20, 2013, at 5:57 PM, "Cullen Jennings" <fluffy@iii.ca> wrote:
>=20
>>=20
>> I've been thinking about how to build cloud collaborations systems =
where the data is encrypted and the cloud does not have the keys. Very =
interested in hearing others thoughts on how to do this.=20
>>=20
>> Near the end is a list of things that it would be helpful if the IETF =
standardized.=20
>>=20
>> http://www.ietf.org/id/draft-jennings-perpass-secure-rai-cloud-00.pdf
>>=20
>> Cullen
>>=20
>> _______________________________________________
>> perpass mailing list
>> perpass@ietf.org
>> https://www.ietf.org/mailman/listinfo/perpass
>>=20


From fluffy@cisco.com  Wed Oct 23 22:24:42 2013
Return-Path: <fluffy@cisco.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D667C11E82D6 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 22:24:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level: 
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onVebJ77j84K for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 22:24:37 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 3A40911E812F for <perpass@ietf.org>; Wed, 23 Oct 2013 22:24:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1655; q=dns/txt; s=iport; t=1382592277; x=1383801877; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=aoXUgmZ9glDV8uAWBuG8Z+fNewmp05hjozYVvDsbVRk=; b=Bpq51iAyY2qkix18w9ZkSZjxEDOjHUb15IKHLTkdbCDieMdH6NX9Y7Ku d5sHLck9I1tlm8Jz4bpU433NYmpBASr2MKzE5MtwTPdkoGGRUmVj2jBsk x7oVF1rbqrVs4R+TmnqPTZCRkWA9R//iW8KJt3nfOPiznYqgNQfmq8CCT A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArUFANetaFKtJXHB/2dsb2JhbABZgweBDL5cgRkWbQeCJQEBAQMBOh8OIgIBCCIKChAyJAECBBMIh3gGuz6OIHsCOIMfgQsDqhCCUlKCKg
X-IronPort-AV: E=Sophos;i="4.93,559,1378857600"; d="scan'208";a="275966271"
Received: from rcdn-core2-6.cisco.com ([173.37.113.193]) by rcdn-iport-8.cisco.com with ESMTP; 24 Oct 2013 05:24:36 +0000
Received: from xhc-aln-x01.cisco.com (xhc-aln-x01.cisco.com [173.36.12.75]) by rcdn-core2-6.cisco.com (8.14.5/8.14.5) with ESMTP id r9O5OaoO022227 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <perpass@ietf.org>; Thu, 24 Oct 2013 05:24:36 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.143]) by xhc-aln-x01.cisco.com ([173.36.12.75]) with mapi id 14.02.0318.004; Thu, 24 Oct 2013 00:24:36 -0500
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: "perpass@ietf.org" <perpass@ietf.org>
Thread-Topic: [perpass] mandatory-to-implement vs. more?
Thread-Index: AQHO0HlTWHjzzqOCKEW30jSYmSCrrg==
Date: Thu, 24 Oct 2013 05:24:35 +0000
Message-ID: <C5E08FE080ACFD4DAE31E4BDBF944EB123CD0DA4@xmb-aln-x02.cisco.com>
References: <CE7B3135.A6F68%jon.peterson@neustar.biz> <5255E71E.1080007@cs.tcd.ie> <018701cec568$daa5e960$8ff1bc20$@huitema.net>
In-Reply-To: <018701cec568$daa5e960$8ff1bc20$@huitema.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.20.249.164]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <18AD2E8AFC3B96488845233F44285314@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 24 Oct 2013 01:42:37 -0700
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 05:24:43 -0000

On Oct 9, 2013, at 9:28 PM, Christian Huitema <huitema@huitema.net> wrote:

>> For me, the question is: Nobody uses SIP/TLS now. Using SIP/TLS
>> would add some value. How can we make it more likely they do use
>> SIP/TLS?
>=20
> Define "nobody," please. Microsoft Lync uses SIP/TLS by default. That mus=
t
> be more than "nobody."
>=20
> -- Christian Huitema

And it used by the other nobody, Cisco=20

I realize it may be less common on service providers private  networks but =
the carriers assume they have adequate protection for the attacks they care=
 about just by controlling who has access to the private network.=20
=20
The only reason I mention this is that some people do read our stuff, read =
our security sections, and try to make a rational decision. The rational de=
cisions for many places that Cisco and Microsoft PBX's deploy is to turn on=
 TLS. The rational decision after reading the security sections we wrote fo=
r the service provider private networks may actually be to not use TLS. (no=
te I'm not arguing private networks are private, or that firewalls work, or=
 anything like that - I'm say that people make have thought about the secur=
ity and decided they had adequate protection against the attacks they cared=
 about - which to be clear were probably toll fraud and not confidentiality=
 of the media )

A threat models change, deployments do to. I'm pretty confident more than a=
 few business are rethinking the threat model of how much nations state gra=
de attackers might be sharing data with their competitors, or do that in th=
e future, and what they might do about that.=20






From fluffy@cisco.com  Wed Oct 23 22:47:53 2013
Return-Path: <fluffy@cisco.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E6AA11E82D7 for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 22:47:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level: 
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ww2GeuLpxQLo for <perpass@ietfa.amsl.com>; Wed, 23 Oct 2013 22:47:48 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) by ietfa.amsl.com (Postfix) with ESMTP id 7673A11E8141 for <perpass@ietf.org>; Wed, 23 Oct 2013 22:47:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=865; q=dns/txt; s=iport; t=1382593668; x=1383803268; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=mLoDmYzEcsT6hlw5603SCJopkidkobOzZFIxE3i+6AA=; b=AiRPjUBAgRVtrbNCuREn8jN+Uuz3fBo6BboxaETdtjO4XIs8P8T8U4wG UlkR/kLdWDcNT8RLxDm6ikZbM8PkKhkgDTOBTqePMF/iBv91YXoCD40yy GOkrsWRsNCoEjyArd4j8+Nyq63aWM5c8sXgZ1WkcxB9smTziLzDj3uszk o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgUFACq0aFKtJXHB/2dsb2JhbABZgwc4VL4QS4EbFnSCJQEBAQMBAQEBNzQLEAIBCCIUECcLJQIEDgUIh3gGDbsuBI4VgQYCMQeDH4ELA6oQgySBcTk
X-IronPort-AV: E=Sophos;i="4.93,560,1378857600"; d="scan'208";a="275987175"
Received: from rcdn-core2-6.cisco.com ([173.37.113.193]) by rcdn-iport-3.cisco.com with ESMTP; 24 Oct 2013 05:47:47 +0000
Received: from xhc-aln-x02.cisco.com (xhc-aln-x02.cisco.com [173.36.12.76]) by rcdn-core2-6.cisco.com (8.14.5/8.14.5) with ESMTP id r9O5llFA028950 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 24 Oct 2013 05:47:47 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.143]) by xhc-aln-x02.cisco.com ([173.36.12.76]) with mapi id 14.02.0318.004; Thu, 24 Oct 2013 00:47:47 -0500
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: [perpass] draft agenda for Vancouver session
Thread-Index: AQHO0HyQQyPpXHHHZUut6KMsd6nVow==
Date: Thu, 24 Oct 2013 05:47:46 +0000
Message-ID: <C5E08FE080ACFD4DAE31E4BDBF944EB123CD0F2D@xmb-aln-x02.cisco.com>
References: <52654CB3.1050507@cs.tcd.ie>
In-Reply-To: <52654CB3.1050507@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.20.249.164]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <F424CE07ACB86C40849A4CE40E1C10F0@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 24 Oct 2013 01:42:37 -0700
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] draft agenda for Vancouver session
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 05:47:53 -0000

The biggest thing I would add to this Agenda is a discussion of additional =
standards work the IETF could do to help the situtation.=20


On Oct 21, 2013, at 9:48 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wr=
ote:

>=20
> Hi,
>=20
> I've posted a draft agenda [1] as previously outlined.
>=20
> Comments still welcome - folks are starting to make the
> various (small) bits of slideware so agenda-bash comments
> this week would be most useful.
>=20
> Thanks to Paul Wouters and Karen O'Donoghue for volunteering
> to scribe. One or two more might be useful - if you're up
> for it, just mail Sean and I.
>=20
> Ta,
> S.
>=20
> [1] https://datatracker.ietf.org/meeting/88/agenda/perpass/
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass


From stephen.farrell@cs.tcd.ie  Thu Oct 24 02:00:55 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45C3B11E8180 for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 02:00:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id erz6JZ352SyF for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 02:00:50 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 7261911E8144 for <perpass@ietf.org>; Thu, 24 Oct 2013 02:00:50 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id BE44BBEDE; Thu, 24 Oct 2013 10:00:49 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hEJja8E-wQMV; Thu, 24 Oct 2013 10:00:49 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 9D560BED9; Thu, 24 Oct 2013 10:00:49 +0100 (IST)
Message-ID: <5268E1C1.8070307@cs.tcd.ie>
Date: Thu, 24 Oct 2013 10:00:49 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
References: <52654CB3.1050507@cs.tcd.ie> <C5E08FE080ACFD4DAE31E4BDBF944EB123CD0F2D@xmb-aln-x02.cisco.com>
In-Reply-To: <C5E08FE080ACFD4DAE31E4BDBF944EB123CD0F2D@xmb-aln-x02.cisco.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] draft agenda for Vancouver session
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 09:00:55 -0000

On 10/24/2013 06:47 AM, Cullen Jennings (fluffy) wrote:
> 
> The biggest thing I would add to this Agenda is a discussion of
> additional standards work the IETF could do to help the situtation.

Fair point. That is the main goal of the session but
I can make it clearer.

Also, the idea of Scott's slot towards the end is that
he'll be building a summary/plan for things we should
be doing as the meeting progresses and will pop that
up near the end as about the last thing to discuss. Not
minutes/action-items as such but more an attempt to
capture exactly what you're after above as a plan.

Cheers,
S.

> 
> 
> On Oct 21, 2013, at 9:48 AM, Stephen Farrell
> <stephen.farrell@cs.tcd.ie> wrote:
> 
>> 
>> Hi,
>> 
>> I've posted a draft agenda [1] as previously outlined.
>> 
>> Comments still welcome - folks are starting to make the various
>> (small) bits of slideware so agenda-bash comments this week would
>> be most useful.
>> 
>> Thanks to Paul Wouters and Karen O'Donoghue for volunteering to
>> scribe. One or two more might be useful - if you're up for it, just
>> mail Sean and I.
>> 
>> Ta, S.
>> 
>> [1] https://datatracker.ietf.org/meeting/88/agenda/perpass/ 
>> _______________________________________________ perpass mailing
>> list perpass@ietf.org 
>> https://www.ietf.org/mailman/listinfo/perpass
> 
> _______________________________________________ perpass mailing list 
> perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From kathleen.moriarty@emc.com  Thu Oct 24 06:12:41 2013
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65DDE11E8322 for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 06:12:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.742
X-Spam-Level: 
X-Spam-Status: No, score=-2.742 tagged_above=-999 required=5 tests=[AWL=-0.143, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BoCxWOJcjpgV for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 06:12:28 -0700 (PDT)
Received: from mailuogwdur.emc.com (mailuogwdur.emc.com [128.221.224.79]) by ietfa.amsl.com (Postfix) with ESMTP id 1D9C611E81A1 for <perpass@ietf.org>; Thu, 24 Oct 2013 06:12:13 -0700 (PDT)
Received: from maildlpprd55.lss.emc.com (maildlpprd55.lss.emc.com [10.106.48.159]) by mailuogwprd54.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9ODCBAe015716 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 24 Oct 2013 09:12:12 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd54.lss.emc.com r9ODCBAe015716
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1382620332; bh=N5YqCJDAYWF4twv7iF4dsldxTS4=; h=From:To:CC:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=tJukAozCspDNfbBglfckzCZpZT7dcDyfBetHHpDbugsnK5wo0cJzQ3zIwfmUFcP8i eWqH37fXrgmVPKvQuDOcf/Ht2M3yvw2pTj8FcqTgK2oOuAqkdntjLPPUJGijkrMd9n 6Jk+ejUSAyo2YkRuczaU+zvPmXKygo8DMExzHlCY=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd54.lss.emc.com r9ODCBAe015716
Received: from mailusrhubprd02.lss.emc.com (mailusrhubprd02.lss.emc.com [10.253.24.20]) by maildlpprd55.lss.emc.com (RSA Interceptor); Thu, 24 Oct 2013 09:11:56 -0400
Received: from mxhub07.corp.emc.com (mxhub07.corp.emc.com [128.222.70.204]) by mailusrhubprd02.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9ODBtJU006101 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 24 Oct 2013 09:11:56 -0400
Received: from mx15a.corp.emc.com ([169.254.1.46]) by mxhub07.corp.emc.com ([128.222.70.204]) with mapi; Thu, 24 Oct 2013 09:11:55 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: Cullen Jennings <fluffy@iii.ca>
Date: Thu, 24 Oct 2013 09:11:54 -0400
Thread-Topic: [perpass] Few things the IETF might standardize for secure collaboration
Thread-Index: Ac7QcbCKEuS2k7qDROWtyP1Fc6Y9kgARkymw
Message-ID: <F5063677821E3B4F81ACFB7905573F24049EA32BB3@MX15A.corp.emc.com>
References: <7A3480BE-9791-4B80-B5B7-6B07F9F68E48@iii.ca> <77E25C20-CF02-4EBD-A9AF-4440634BEE9E@emc.com> <DE4BA1FB-8113-43D5-A1C3-1B4CE22FB4C6@iii.ca>
In-Reply-To: <DE4BA1FB-8113-43D5-A1C3-1B4CE22FB4C6@iii.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd02.lss.emc.com
X-RSA-Classifications: public
Cc: "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] Few things the IETF might standardize for secure collaboration
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 13:12:41 -0000

Thanks for the quick response, comments in-line.

Thanks,
Kathleen=20
-----Original Message-----
From: Cullen Jennings [mailto:fluffy@iii.ca]=20
Sent: Thursday, October 24, 2013 12:30 AM
To: Moriarty, Kathleen
Cc: perpass@ietf.org
Subject: Re: [perpass] Few things the IETF might standardize for secure col=
laboration


On Oct 23, 2013, at 5:18 PM, "Moriarty, Kathleen" <kathleen.moriarty@emc.co=
m> wrote:

> Cullen,
>=20
> Nice draft!  I have been thinking about this problem as well and wonder w=
here the line is for those who want protections from monitoring.  What leve=
l of protection is needed so that the options we provide make sense and are=
 actually used?  Do we need to go further and what is the demand?

I'v been pitching we need to make it harder for the bad guys and easier for=
 the good guys. I think the lowest hanging fruit right now is mostly in eas=
ier for the good guys. Lot so places we have no security because it is inco=
nvenient. Opportunistic encryption for example might make it easier for the=
 good guys to have some encryption even though it was not as good as authen=
ticated encryption. I want to figure out how to make this all cheap and eas=
y for the end user.=20

KM> Okay, that's a good goal and this may point to a question of what probl=
ems we try to solve in the area of monitoring or that the goal is clear for=
 any of the proposals (not intending to call this one out at all).  We will=
 wind up with different solutions if the focus is on preventing monitoring =
for those who are blissfully unaware from those who are actively seeking to=
 prevent monitoring.  The latter may not what to trust anymore and may want=
 to use alternate algorithms or add in more complex features to prevent mon=
itoring without worry of configuration complexities or protocol overhead.  =
Their decisions may or may not be based on cryptographic analysis either. =
=20

>=20
> In addition to your proposal, I am wondering if we need alternate algorit=
hms when worried about these use cases (e.g. Twofish instead of AES, etc.).

I'm not a crypto guy but it seems someone needs to be thinking about this. =
I sort of mention the formation of a "Suite Z" for people that don't like "=
Suite B".

KM> I'm not a cryptographer either and a move in this direction (at this po=
int - unless I missed some news) would be suspicion driven rather than thro=
ugh any actual analysis.  The people who are reading what has been publishe=
d and have purchasing power may not be cryptographers either.  I have only =
heard of a few requests, so it would be interesting to observe trends in th=
is area to see if something needs to be done so that alternate options are =
secure IF they are in demand.


>  Also, having the IdP as a service provider may be a showstopper for thos=
e concerned with monitoring, why couldn't that service provider be contacte=
d as well?

If Skype is both the service provide and the IdP, well this is not much dif=
ferent than the current situation. But if I could run my own IdP on hardwar=
e I trust, or my employer could run an IdP on a server they trust and I tru=
st them, well that would make for a different model.=20

KM> Okay, that model makes sense to me.  I asked the question because there=
 is a new service already that offers key management from a service provide=
r, supporting alternate algorithms so that the keys and encryption is not w=
here your data is stored.  I can try to dig up the link.  Someone sent me i=
t to review and my first take on that was if a customer was worried about m=
onitoring, they would not want their keys at any service provider. =20


>=20
> The point at which encryption is performed is use case dependent.  You me=
ntion encryption at the client in the strategy slide, which is very importa=
nt for this use case (not at the host or storage level).  I would suggest r=
epeating this in the Encrypted Data Content slide - encryption at the clien=
t or 'guest' level.  Guest is another term I have been hearing, but I am no=
t sure if it is a common term.

Hmm - I'm not familiar with this "Guest" term in this context - can you exp=
lain more.=20

KM> Essentially, the same as client in your description.  I was not sure if=
 it was becoming a common term or if the terminology in that circle was uni=
que :-)  It may very well be unique to them.

>=20
> Thanks,
> Kathleen=20
>=20
> Sent from my iPhone
>=20
> On Oct 20, 2013, at 5:57 PM, "Cullen Jennings" <fluffy@iii.ca> wrote:
>=20
>>=20
>> I've been thinking about how to build cloud collaborations systems where=
 the data is encrypted and the cloud does not have the keys. Very intereste=
d in hearing others thoughts on how to do this.=20
>>=20
>> Near the end is a list of things that it would be helpful if the IETF st=
andardized.=20
>>=20
>> http://www.ietf.org/id/draft-jennings-perpass-secure-rai-cloud-00.pdf
>>=20
>> Cullen
>>=20
>> _______________________________________________
>> perpass mailing list
>> perpass@ietf.org
>> https://www.ietf.org/mailman/listinfo/perpass
>>=20



From fluffy@cisco.com  Thu Oct 24 07:08:14 2013
Return-Path: <fluffy@cisco.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94AAD11E8155 for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 07:08:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level: 
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YYAeambaeQR1 for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 07:08:02 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) by ietfa.amsl.com (Postfix) with ESMTP id A9E0511E819B for <perpass@ietf.org>; Thu, 24 Oct 2013 07:07:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2108; q=dns/txt; s=iport; t=1382623627; x=1383833227; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=YjNAt/Jrj+kl+e+OCqZ8X0B9cedMb/TsGeKBQRC6aGI=; b=DTrtj27ERo7Bo3ARq6gatQQyx1uTBG/1Xk5EhtV3A/9Sb7iNTvVrd1r+ KWw99bWgtaAooNZEMsn2CgizjiIvwktji+uzbKLU4cPPQEOxBjSquvQTb 3lvd4dEzKbOhmJE6yKrnwf5aWT8i8xx7LvEdYwaTPYLq6aZmosnY5UnGB Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgUFADQoaVKtJXHA/2dsb2JhbABZgwc4VL4NS4EbFnSCJQEBAQMBAQEBawsQAgEIGAokJwslAgQOBQiHeQYNuhYEjgQQgQYCMQeDH4ENA4kHoQqDJIFxOQ
X-IronPort-AV: E=Sophos;i="4.93,562,1378857600"; d="scan'208";a="276120527"
Received: from rcdn-core2-5.cisco.com ([173.37.113.192]) by rcdn-iport-7.cisco.com with ESMTP; 24 Oct 2013 14:07:06 +0000
Received: from xhc-aln-x08.cisco.com (xhc-aln-x08.cisco.com [173.36.12.82]) by rcdn-core2-5.cisco.com (8.14.5/8.14.5) with ESMTP id r9OE76QE007592 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 24 Oct 2013 14:07:06 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.143]) by xhc-aln-x08.cisco.com ([173.36.12.82]) with mapi id 14.02.0318.004; Thu, 24 Oct 2013 09:07:05 -0500
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: [perpass] draft agenda for Vancouver session
Thread-Index: AQHO0JePeBIA0dfItECQYi9DDtmW3ZoEN0QA
Date: Thu, 24 Oct 2013 14:07:05 +0000
Message-ID: <C5E08FE080ACFD4DAE31E4BDBF944EB123CD2370@xmb-aln-x02.cisco.com>
References: <52654CB3.1050507@cs.tcd.ie> <C5E08FE080ACFD4DAE31E4BDBF944EB123CD0F2D@xmb-aln-x02.cisco.com> <5268E1C1.8070307@cs.tcd.ie>
In-Reply-To: <5268E1C1.8070307@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.20.249.164]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <4FCF53FCB7A44A429E52443ACB3E735E@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] draft agenda for Vancouver session
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 14:08:15 -0000

On Oct 24, 2013, at 3:00 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
 wrote:

>=20
>=20
> On 10/24/2013 06:47 AM, Cullen Jennings (fluffy) wrote:
>>=20
>> The biggest thing I would add to this Agenda is a discussion of
>> additional standards work the IETF could do to help the situtation.
>=20
> Fair point. That is the main goal of the session but
> I can make it clearer.

Sounds good - as long as that's the goal, I'm not worried about the agenda.=
 Changes looked fine.=20

Do you expect one of the slot to discuss building secure email systems, or =
IM, or collaboration? Would that be in PHB section?

(And I do realize how packed the agenda is here and that not everything wil=
l fit - I'm just trying to figure out what range of things is in scope)


>=20
> Also, the idea of Scott's slot towards the end is that
> he'll be building a summary/plan for things we should
> be doing as the meeting progresses and will pop that
> up near the end as about the last thing to discuss. Not
> minutes/action-items as such but more an attempt to
> capture exactly what you're after above as a plan.
>=20
> Cheers,
> S.
>=20
>>=20
>>=20
>> On Oct 21, 2013, at 9:48 AM, Stephen Farrell
>> <stephen.farrell@cs.tcd.ie> wrote:
>>=20
>>>=20
>>> Hi,
>>>=20
>>> I've posted a draft agenda [1] as previously outlined.
>>>=20
>>> Comments still welcome - folks are starting to make the various
>>> (small) bits of slideware so agenda-bash comments this week would
>>> be most useful.
>>>=20
>>> Thanks to Paul Wouters and Karen O'Donoghue for volunteering to
>>> scribe. One or two more might be useful - if you're up for it, just
>>> mail Sean and I.
>>>=20
>>> Ta, S.
>>>=20
>>> [1] https://datatracker.ietf.org/meeting/88/agenda/perpass/=20
>>> _______________________________________________ perpass mailing
>>> list perpass@ietf.org=20
>>> https://www.ietf.org/mailman/listinfo/perpass
>>=20
>> _______________________________________________ perpass mailing list=20
>> perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
>>=20
>>=20


From stephen.farrell@cs.tcd.ie  Thu Oct 24 07:36:57 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF7C511E833F for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 07:36:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R0PIUgnh+53E for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 07:36:53 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id A1CBB11E8315 for <perpass@ietf.org>; Thu, 24 Oct 2013 07:36:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 6CCAFBEDB; Thu, 24 Oct 2013 15:35:57 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id npYlzOYqEB-Y; Thu, 24 Oct 2013 15:35:57 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 4A18FBE8E; Thu, 24 Oct 2013 15:35:57 +0100 (IST)
Message-ID: <5269304D.8040101@cs.tcd.ie>
Date: Thu, 24 Oct 2013 15:35:57 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
References: <52654CB3.1050507@cs.tcd.ie>	<C5E08FE080ACFD4DAE31E4BDBF944EB123CD0F2D@xmb-aln-x02.cisco.com>	<5268E1C1.8070307@cs.tcd.ie> <C5E08FE080ACFD4DAE31E4BDBF944EB123CD2370@xmb-aln-x02.cisco.com>
In-Reply-To: <C5E08FE080ACFD4DAE31E4BDBF944EB123CD2370@xmb-aln-x02.cisco.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] draft agenda for Vancouver session
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 14:36:57 -0000

On 10/24/2013 03:07 PM, Cullen Jennings (fluffy) wrote:
> 
> On Oct 24, 2013, at 3:00 AM, Stephen Farrell
> <stephen.farrell@cs.tcd.ie> wrote:
> 
>> 
>> 
>> On 10/24/2013 06:47 AM, Cullen Jennings (fluffy) wrote:
>>> 
>>> The biggest thing I would add to this Agenda is a discussion of 
>>> additional standards work the IETF could do to help the
>>> situtation.
>> 
>> Fair point. That is the main goal of the session but I can make it
>> clearer.
> 
> Sounds good - as long as that's the goal, I'm not worried about the
> agenda. Changes looked fine.

Cool.

> Do you expect one of the slot to discuss building secure email
> systems, or IM, or collaboration? Would that be in PHB section?

Yep. Though it'll be ultra-brief in terms of presentation I'd
say. We don't want to aim to present or develop solutions during
the session (bet we can't resist trying though;-) but rather to
identify work that's tractable, that could make a difference
etc.

> (And I do realize how packed the agenda is here and that not
> everything will fit - I'm just trying to figure out what range of
> things is in scope)

If need be, Sean and I have kept the saag agenda light so we
have some time for follow-up there if that's needed. That's
on Thursday, same time (1300) same room (Regency D).

"What's in scope" is also in scope btw:-)

And of course if folks want to start threads on the list
in the meantime, esp for things they think should be in
scope but haven't been much discussed so far, that'd be
even better...

Cheers,
S.

> 
> 
>> 
>> Also, the idea of Scott's slot towards the end is that he'll be
>> building a summary/plan for things we should be doing as the
>> meeting progresses and will pop that up near the end as about the
>> last thing to discuss. Not minutes/action-items as such but more an
>> attempt to capture exactly what you're after above as a plan.
>> 
>> Cheers, S.
>> 
>>> 
>>> 
>>> On Oct 21, 2013, at 9:48 AM, Stephen Farrell 
>>> <stephen.farrell@cs.tcd.ie> wrote:
>>> 
>>>> 
>>>> Hi,
>>>> 
>>>> I've posted a draft agenda [1] as previously outlined.
>>>> 
>>>> Comments still welcome - folks are starting to make the
>>>> various (small) bits of slideware so agenda-bash comments this
>>>> week would be most useful.
>>>> 
>>>> Thanks to Paul Wouters and Karen O'Donoghue for volunteering
>>>> to scribe. One or two more might be useful - if you're up for
>>>> it, just mail Sean and I.
>>>> 
>>>> Ta, S.
>>>> 
>>>> [1] https://datatracker.ietf.org/meeting/88/agenda/perpass/ 
>>>> _______________________________________________ perpass
>>>> mailing list perpass@ietf.org 
>>>> https://www.ietf.org/mailman/listinfo/perpass
>>> 
>>> _______________________________________________ perpass mailing
>>> list perpass@ietf.org
>>> https://www.ietf.org/mailman/listinfo/perpass
>>> 
>>> 
> 
> _______________________________________________ perpass mailing list 
> perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From lear@cisco.com  Thu Oct 24 08:44:24 2013
Return-Path: <lear@cisco.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57AB911E835F for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 08:44:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.404
X-Spam-Level: 
X-Spam-Status: No, score=-110.404 tagged_above=-999 required=5 tests=[AWL=0.195, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D69nFTQpF-Yp for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 08:44:18 -0700 (PDT)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id 2113411E81E2 for <perpass@ietf.org>; Thu, 24 Oct 2013 08:42:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=414; q=dns/txt; s=iport; t=1382629352; x=1383838952; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=xQHxazdCmlEbLNMQLHnA7j5Ozcz8dohWfketMzXVQ4A=; b=E6XlK9nRpgMa2k8fjO52y+3wzJv0Wgp2wZ33z0Ge15g+j5GgbeH0FrQm m0j8tn/pGbiQrJnqYSlCDTWdL1kkqe/bXjOiCjaM45RcZgEi4vAHsnK3n IJAXpCBozZpCT14oUxy7DKtbobe7qc20KLvxGKwZxmCbIxRQ4FUSuqXc2 M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgQFAJo/aVKQ/khR/2dsb2JhbABZgweENrsugR0WdIIlAQEBBCMPAUUBEAsYAgIFFgsCAgkDAgECASsaBgEMAQcBAYgDp2CSW4EpjiQHgmqBQgOYCpIHgyY6
X-IronPort-AV: E=Sophos;i="4.93,563,1378857600"; d="scan'208";a="87636307"
Received: from ams-core-1.cisco.com ([144.254.72.81]) by ams-iport-2.cisco.com with ESMTP; 24 Oct 2013 15:42:05 +0000
Received: from mctiny.local ([10.61.212.20]) by ams-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id r9OFfw7s007470 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 24 Oct 2013 15:42:02 GMT
Message-ID: <52693FC7.3080203@cisco.com>
Date: Thu, 24 Oct 2013 17:41:59 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Paul Wouters <paul@cypherpunks.ca>, DataPacRat <datapacrat@gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com>	<CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com>	<CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com>	<52668970.4080500@bbn.com>	<CAB5WduCY+tE16RviFK_yC2nLPBTYkDYS_PePkNNXwoo9MJqYzA@mail.gmail.com>	<5266ECF2.5020901@bbn.com>	<CAB5WduDGEDBJnAo_PssDix7B+e_OkvC_j4+p8-X=BW-1cJ7BCA@mail.gmail.com>	<6.2.5.6.2.20131022224559.0db01bc8@resistor.net>	<52677899.5000203@gmx.net>	<CAB5WduAnprne+yJdXPAXVihu=5oCZTuTWDyLV8HHRif9jbSnCQ@mail.gmail.com> <alpine.LFD.2.10.1310231115100.7047@bofh.nohats.ca>
In-Reply-To: <alpine.LFD.2.10.1310231115100.7047@bofh.nohats.ca>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 15:44:24 -0000

Hi Paul,

On 10/23/13 5:22 PM, Paul Wouters wrote:
> The only defense against a "subpoena attack" is not outsourcing your
> end to end encryption. That's what we need to facilitate.
This overstates the case.  Unless you know the individual or site, you
must trust others.

On your other points, Hannes has written an excellent entré that starts
as an overview and will continue as an analysis.

Eliot

From rgb@tricolour.net  Thu Oct 24 06:36:33 2013
Return-Path: <rgb@tricolour.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F2F911E8179 for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 06:36:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gDsoaz6eEVYD for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 06:36:32 -0700 (PDT)
Received: from rhayader.tricolour.net (rhayader.tricolour.ca [IPv6:2001:470:b13d:1::4]) by ietfa.amsl.com (Postfix) with ESMTP id 5055E11E831F for <perpass@ietf.org>; Thu, 24 Oct 2013 06:36:05 -0700 (PDT)
Received: by rhayader.tricolour.net (Postfix, from userid 1000) id 1A5DD201D; Thu, 24 Oct 2013 09:35:51 -0400 (EDT)
Date: Thu, 24 Oct 2013 09:35:50 -0400
From: Richard Guy Briggs <rgb@tricolour.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <20131024133550.GA32098@rhayader.tricolour.net>
References: <20131023182804.GH56872@funkthat.com> <52681EF6.2030801@bluepopcorn.net> <52682514.4070609@cs.tcd.ie> <CAL02cgSnN6x7R3Se1kajwJkXzWAkoLtK0HDe9pYiNNWyi7WEag@mail.gmail.com> <52686F83.5070508@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <52686F83.5070508@cs.tcd.ie>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Mailman-Approved-At: Thu, 24 Oct 2013 08:58:28 -0700
Cc: Richard Barnes <rlb@ipv.sx>, Jim Fenton <fenton@bluepopcorn.net>, perpass <perpass@ietf.org>
Subject: Re: [perpass] perpass list email not sent encrypted...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 15:34:13 -0000
X-List-Received-Date: Thu, 24 Oct 2013 15:34:13 -0000

On Thu, Oct 24, 2013 at 01:53:23AM +0100, Stephen Farrell wrote:
> On 10/24/2013 01:47 AM, Richard Barnes wrote:
> > I can sort of see the dogfood / Right Thing To Do argument.  But it seems
> > kind of silly to waste the bits / cycles encrypting things whose entire
> > point is to be public.
> 
> Not everything that goes in or out of ietf.org via
> SMTP is public. See ombudspersonage discussion for
> example. Or nomcom. For most lists, yes, this isn't
> much of a deal over and above dogfood consumption.

But the whole point of Opportunistic Encryption, which is essentially
what STARTTLS is about, is to encrypt as much of the traffic as possible
to discourage targetting any particular traffic for analysis.

This is why you might run a newsfeed through an IPsec link carrying more
sensitive traffic, so that the sheer volume makes it impractical to
decode or suspect it all.

> S
> 
> > --Richard
> > 
> >>> -Jim

	slainte mhath, RGB

--
Richard Guy Briggs               --  ~\    -- ~\            <hpv.tricolour.net>
<www.TriColour.net>                --  \___   o \@       @       Ride yer bike!
Ottawa, ON, CANADA                  --  Lo_>__M__\\/\%__\\/\%
Vote! -- <greenparty.ca>_____GTVS6#790__(*)__(*)________(*)(*)_________________

From ned+perpass@mrochek.com  Thu Oct 24 10:24:42 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 679BA11E81B4 for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 10:24:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level: 
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[AWL=0.056,  BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6XixQFB6Ol4h for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 10:24:37 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 9037811E81A0 for <perpass@ietf.org>; Thu, 24 Oct 2013 10:24:36 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZYIQL7CDC002999@mauve.mrochek.com> for perpass@ietf.org; Thu, 24 Oct 2013 10:19:35 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZQXEDTQ3400004R@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Thu, 24 Oct 2013 10:19:29 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01OZYIQIFI0Y00004R@mauve.mrochek.com>
Date: Wed, 23 Oct 2013 19:53:28 -0700 (PDT)
In-reply-to: "Your message dated Wed, 23 Oct 2013 23:38:40 +0100" <52684FF0.4040306@cs.tcd.ie>
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com> <5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com> <5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com> <5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org> <525BE7DC.4080407@gmail.com> <95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org> <525C031B.5030100@bbn.com> <525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com> <525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie> <01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie> <525EA275.5020107@bbn.com> <01OZXEV3WQ5O00004R@mauve.mrochek.com> <52684FF0.4040306@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: ned+perpass@mrochek.com, perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 17:24:42 -0000

> Hiya,

> On 10/23/2013 07:30 PM, ned+perpass@mrochek.com wrote:
> >
> > Keeping in mind that this is hardly a comprehensive list of the world's
> > ISPs,

> Quite useful though. Thanks.

> > I'll first note that the ciphersuite situation is better than I expected.

> Ditto.

> > A
> > minority of services, albeit some of the biggest ones, prefer RC4. And
> > nobody
> > insisted on it. Quite a few even go so far as to prefer a DHE variant.
> > But more
> > of them need to support and prefer something in the DHE/AES set. This is
> > a place
> > where some clear guidance would probably be helpful, as long as it involves
> > using ciphersuites for which support is readily available. (The obvious
> > starting
> > point is for servers to always prefer AES to RC4 and always prefer DHE
> > variants
> > to non-DHE variants. I'll the ranking of those two to those more
> > pedantic than
> > I.)

> Any voluneteers? Might be close enough to fit in the smtp/tls
> draft Alexey said he'd look at.

> >
> > Only three of the services tested, one in North America and the others in
> > Europe, offered no SSL/TLS at all. That strikes me as pretty good coverage
> > overall, and perhaps the Snoden revelations will make something good
> > happen to
> > those, as it is doing at Yahoo.
> >
> > But these results, while encouraging, don't say anything good about the
> > IETF's
> > ability to mandate security. The IETF recommended best operational practice
> > (effectively a SHOULD in RFC 3501) is to only offer port 143 and require
> > STARTTLS on that port, as indicated by the LOGINDISABLED capability. Not a
> > single provider I tested implemented that specific variant. Not. One.

> Yep. I agree that's a problem. Seems we disagree about the
> conclusion to be drawn though. For me, the above indicates
> that our current "make 'em specify a MTI (in the RFC6919
> sense)" failed in this case.

It absolutely did fail, but because we screwed up and specified the wrong
thing. It absolutely escapes me how you can believe that putting a stronger
mandate for the wrong thing would have helped. The far more likely
result would have been more confusion and a overall poorer outcome.

What happened instead was both implementors and deployers of the technology did
the right thing IN SPITE OF OUR HAVING SCREWED UP. A "let's give implementors
and deployers even less leeway in the name of better security" change hardly
seems to be justified by these events.

> I conjecture that had there been a more-than-MTI practice in
> place way back then, its a good bit more likely we'd not have
> screwed up on the TLS stuff. And so I figure its worth
> investigating that some more. (Not for IMAP, but in general
> for current/future work.)

OK, if I understand you correctly, you're saying that had we demanded more back
then, we would have done a better job. Since I was there at the time and
remember the arguments and decisions quite well, it's easy to demonstate that
this conjecture does not stand up to any sort of analysis.

I first note that the main reason SSL/TLS was on the table was to protect 
passwords, not to protect entire mail sessions. The latter was a "nice to
have", not a "must have".

Nevertheless, the concern over password protection was serious. But there was
also serious concern that whatever was specified would be both implementable
and deployable. That concern was focused on clients - it was felt that the
number of combinations and permutations clients had to deal with needed to be
kept to an absolute minimum or client implementors wouldn't support any of it.
(This concern seems ridiculous now in light of the large number of IMAP
extensions that have specified since then and the resulting combinatoric
explosion that clients have to deal with.) 

On the server side, there was little if any concern expressed over
deployability at large scale. There was some concern expressed over export
restrictions. (Remember that this was happening in 1999-2002 and all this stuff
was in a state of flux.)

And then there was the feedback we were getting from the security area. We
were being told:

(1) Having any sort of clear text mechanism was bad, because there was
    tremendous skepticism that SSL/TLS would actually be deployed to
    protect password exchanges.

(2) Two port solutions are bad. If you're going to use SSL/TLS, it needed to
    be negotiated inband.

(3) GSSAPI/Kerberos was the path of truth and righteousness for password
    protection. There was reluctant acceptance that DIGEST-MD5 could be
    used, but not CRAM-MD5.

As a result of all these competing interests, what got specified was that
password needed to be protected and therefore it was mandatory to implement
either STARTTLS/PLAIN, DIGEST-MD5, or GSSAPI. Which was hardly a recipe for
interoperability. Rather, it was a reflection of the fact that we just didn't
know what the right solution was.

And at that point we got really, really lucky: Four separate IETF screwups
conspired to make the right thing happen: (1) DIGEST-MD5 was a total faiure,
(2) GSSAPI was seen as undeployable, (3) The negotiated one port solution for
SSL/TLS was undeployable, and (4) Our assessment of what implementors would be
willing and able to do was wildly incorrect.

Given this backdrop, I don't think a claim that demaning more security would
have led us to the correct two port SSL/TLS solution is remotely credible. Had
that happened it is *far* more likely we would have mandated DIGEST-MD5
support. But even if we'd moved in the SSL/TLS direction it would have
been a one port approach.

Of course if we were doing this now we wouldn't make the same mistakes. What
we'll do intead is make a great big bunch of new ones. Indeed, that is already
happening: See Paul Hoffman's recent message about how attempts to increase
SSL/TLS security is conspiring to lower its use in the field.

				Ned

From stephen.farrell@cs.tcd.ie  Thu Oct 24 10:36:41 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98C7E11E8377 for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 10:36:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.449
X-Spam-Level: 
X-Spam-Status: No, score=-102.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iUCTm12LOrhV for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 10:36:19 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id B4A8111E835A for <perpass@ietf.org>; Thu, 24 Oct 2013 10:35:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 820BABEF4; Thu, 24 Oct 2013 18:35:17 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ciTS-Izs45ei; Thu, 24 Oct 2013 18:35:15 +0100 (IST)
Received: from [10.87.48.13] (unknown [86.45.61.152]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 6FD43BEEE; Thu, 24 Oct 2013 18:35:15 +0100 (IST)
Message-ID: <52695A53.1030403@cs.tcd.ie>
Date: Thu, 24 Oct 2013 18:35:15 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: ned+perpass@mrochek.com
References: <525475AA.2010907@cs.tcd.ie> <525590CC.4030505@bbn.com>	<5255EC1D.5040006@cs.tcd.ie> <5256F6CD.4090508@bbn.com>	<5256FB71.8040903@cs.tcd.ie> <525722C4.4020408@bbn.com>	<5C28CCD5-4B7D-4BFB-94F4-1C33E43BDCD7@cdt.org>	<525BE7DC.4080407@gmail.com>	<95859161-25E3-45BC-A5C2-B3C548FB2417@acm.org>	<525C031B.5030100@bbn.com>	<525C2099.6010307@cs.tcd.ie> <525C2C44.2070404@bbn.com>	<525C8130.2000606@cs.tcd.ie> <525D183E.7000200@cs.tcd.ie>	<01OZM7M57NWK00004R@mauve.mrochek.com> <525DDE3D.6020500@cs.tcd.ie>	<525EA275.5020107@bbn.com> <01OZXEV3WQ5O00004R@mauve.mrochek.com>	<52684FF0.4040306@cs.tcd.ie> <01OZYIQIFI0Y00004R@mauve.mrochek.com>
In-Reply-To: <01OZYIQIFI0Y00004R@mauve.mrochek.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>
Subject: Re: [perpass] mandatory-to-implement vs. more?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 17:36:41 -0000

Hiya,

On 10/24/2013 03:53 AM, ned+perpass@mrochek.com wrote:
> 
> Of course if we were doing this now we wouldn't make the same mistakes. What
> we'll do intead is make a great big bunch of new ones.

Thanks for sticking with it. I now realise where we disagree.

I do think we've learned enough in the interim that we'd be
likely to get how to use TLS much closer to right for something
like IMAP today.

I don't doubt that we'll find lots of ways to make mistakes as
well of course, I just don't think they'd be in that area.

Cheers,
S.

From stpeter@stpeter.im  Thu Oct 24 11:03:56 2013
Return-Path: <stpeter@stpeter.im>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2397411E81AB for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 11:03:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.365
X-Spam-Level: 
X-Spam-Status: No, score=-102.365 tagged_above=-999 required=5 tests=[AWL=0.234, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id th0SCu2CQSmZ for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 11:03:51 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 122E711E8349 for <perpass@ietf.org>; Thu, 24 Oct 2013 11:03:46 -0700 (PDT)
Received: from sjc-vpn7-273.cisco.com (unknown [128.107.239.235]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 1D1924100F; Thu, 24 Oct 2013 12:10:32 -0600 (MDT)
Message-ID: <526960FF.3050902@stpeter.im>
Date: Thu, 24 Oct 2013 12:03:43 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>,  Alexey Melnikov <alexey.melnikov@isode.com>
References: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>	<5266AC02.80506@cs.tcd.ie>	<5267B862.6000105@isode.com> <5267BAD9.8070702@cs.tcd.ie>
In-Reply-To: <5267BAD9.8070702@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Salvatore Loreto <salvatore.loreto@ericsson.com>, perpass@ietf.org
Subject: Re: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 18:03:56 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/23/13 6:02 AM, Stephen Farrell wrote:
> 
> 
> On 10/23/2013 12:52 PM, Alexey Melnikov wrote:
>> Hi Stephen,
>> 
>> On 22/10/2013 17:46, Stephen Farrell wrote:
>>> Yep, that's a useful post - we shouldn't rush too much, but we
>>> do want to get things done so that developers and deployers
>>> have something to use.
>>> 
>>> I wonder what's the best way to proceed with this kind of
>>> stuff. I guess we want a BCP of some sort, but the question is
>>> how to handle the various different cases of foo-with-tls.
>>> 
>>> - Yaron did a generic TLS BCP draft. [1] - PSA did an XMPP TLS
>>> BCP draft [2] - This sounds like we might want an SMTP TLS BCP
>>> draft or perhaps to add text to [3], but that's aiming for 
>>> experimental and is just about using DANE.
>> I think some generic fallback rules can be protocol independent.
>> But needs of different protocols might be different. For example
>> backward compatibility with deployed TLS ciphers might be
>> different for XMPP and SMTP.
> 
> Sounds reasonable. I guess even if they have the same libraries the
> update cycles might differ. (Anyone know?)

I expect that the update cycles are indeed different.

I don't particularly *want* to have different BCPs for different
protocols, and personally I'd like to see as much commonality as
possible (with everyone pointing to Yaron's generic document).
However, there are some application-level differences (e.g., with
regard to session resumption) and each community (email, IM, web,
etc.) has had a different experience with the use of TLS, including
varying release schedules or willingness to release more often, use of
STARTTLS vs. separate ports, bigger or smaller networks, more or less
diverse developer community (e.g., with no one dominant implementation
or small set of implementations), client-to-server only communications
vs. also server-to-server federation, varying user expectations, etc.

>> I think SMTP TLS BCP would be a good idea. I think it should be 
>> independent of DANE, because of the status of the DANE document.
>> I would be happy to work on it (and would be happy to collaborate
>> with PSA to discuss similarities and differences).
> 
> Great. Let's talk in YVR about how to get that done so its a real
> BCP that gets followed in the wild. If someone else is up for
> helping I guess contact Alexey.

Before this thread emerged, I suggested the idea of having a chat
about this topic during the AppsArea session on Monday morning (and
BTW there are no SEC area sessions opposite). That might be a good
place to start.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSaWD/AAoJEOoGpJErxa2p9/0P/1BVxsw8CBDfzv+hlT4Gg8vo
Jh3lPmEDuLnolqulFFUnFWos83egKabC/aGZ02i4YoAOzKhA48OIgKgjxaqA99H1
qzt/84s/C0m2z4iXG/AUCxI6TuLh2VoZkjJTVG//wFHVkde0Ooa8kv09g6yeOsmO
DD6iPEft4tSrvZM6F9dQTZuciBza/nFpq5pJ8EZHwnMKQgmPp2W9gtd7+ua/BDwL
w2CbxeJ8pGiDVXu9wjLenYVrapHs0Ul5zCNfmX0fK3qSijdlz4iUAC9+vrZF+Jnv
ufvvGhNZwMlmmMLguQnyFoFAmf7uleHiufuIyAVn27Aa9tUWUQtNNS2CBx3NFxs2
iozYIyYOdjRC8D3fXNe+kmauVhTZtYx6yjKIvZdWpFLtBYo2MzWBUyJ/zzx+7dx4
5Y2oqphKedZzSkW2dRlqCqCJ52Wiv2mCwDtuUfx3XEeVxDezcSMLtrLc7sTvQ8wK
22YoU42+maHk0V7Ggzdb0avrK9/SSRQ7rJnvVANUWzMlYYLZSMgHsUXEwhetYYyO
vAIwLvEkdckMLaLLN672rHHzY7WyJWhQUmDxb16FEWeLayAOOjAAWNcdGu86ehpF
/T/WXIIrD4msirRCJEvpVe0lihIWoQHAX6ZyJcsjGGU5rrrM5JwdPJS+PpkxvG00
8EU5HwKYOSngShp+vzu3
=4/i5
-----END PGP SIGNATURE-----

From envite@rolamasao.org  Thu Oct 24 11:04:32 2013
Return-Path: <envite@rolamasao.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5D4311E81E8 for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 11:04:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.044
X-Spam-Level: *
X-Spam-Status: No, score=1.044 tagged_above=-999 required=5 tests=[AWL=0.207,  BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888,  HELO_MISMATCH_ORG=0.611, HOST_EQ_STATIC=1.172]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4WntMZvuJ388 for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 11:04:27 -0700 (PDT)
Received: from rolamasao.org (68.167.216.87.static.jazztel.es [87.216.167.68]) by ietfa.amsl.com (Postfix) with ESMTP id 17EBD11E8357 for <perpass@ietf.org>; Thu, 24 Oct 2013 11:04:21 -0700 (PDT)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by rolamasao.org (Postfix_t) with ESMTPSA id 78F4A11EB0 for <perpass@ietf.org>; Thu, 24 Oct 2013 19:04:20 +0100 (WEST)
Message-ID: <52696123.9000209@rolamasao.org>
Date: Thu, 24 Oct 2013 19:04:19 +0100
From: Noel Torres <envite@rolamasao.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: perpass@ietf.org
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com> <52683DDF.9030407@rolamasao.org> <20131023213555.GE94140@funkthat.com> <526841F3.4040505@rolamasao.org> <47EC7968-F4DD-42D9-BEAA-9435A010CECB@emc.com>
In-Reply-To: <47EC7968-F4DD-42D9-BEAA-9435A010CECB@emc.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Subject: [perpass] OpenPGP Server-side Signed E-mail [Was: e-mail security idea: server2server PGP]
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 18:04:32 -0000

Hi all

The promised rough draft:

Initial Draft about OpenPGP Server-side Signed E-mail (OPSS e-mail)

Intent: To provide a method for server to server SMTP transmission that 
allows both
a) encryption
b) rejection before transmission of a message sent by an unauthenticated 
server

Throughout this work we will use “server” as the SMTP server intending 
to receive e-mail and “client” as the SMTP server trying to send a message.

How it works:
It will work as a standard, plaintext SMTP communication: client starts 
SMTP communication with HELO or EHLO. If client starts with HELO, server 
MUST assume that the client is not capable of authentication, but this 
is not the end of the protocol. If client starts with EHLO, server MUST 
announce OPSS as an available extension, then wait for client to confirm 
its usage. For a OPSS-enabled EHLO client, second command MUST be OPSS 
INIT. If it is, server will try to authenticate client, else server MUST 
assume that the client is not capable of authentication, but this is not 
the end of the protocol.

If a client is not capable of authentication, server MUST try to match 
HELO or EHLO node name with its internal list of known parties. If the 
match succeeds, it means that the server knows that the client hloud be 
able to do OPSS so server will reject the message with a 554 error 
before the message if transmitted and close connection.

If a client gives the OPSS INIT command, server will answer with 250 OK 
OPSS CHALLENGE and a printable random string. Client MUST give the OPSS 
RESPONSE command adding the ASCII-armored OpenPGP signature of the 
random string. Failure to do so means that server will reject the 
message with a 554 error before the message if transmitted and close 
connection. After OPSS RESPONSE server will opss-verify the signature 
(see procedure below) and if it is correct will follow the “Add host to 
known parties list” procedure (explained below) and answer with 250 OK 
OPSS OK announcing willingness to receive a message, while if the 
signature is not opss-verified server MUST reject the message with a 554 
error before the message if transmitted and close connection.

On this point a client MAY request the server's OpenPGP key (procedure 
below).

Now the client MUST do one of the following: MAY use the STARTTLS 
procedures, or MAY issue the OPSS ENCRYPT command. This command will be 
answered by a 250 OK message, after which point the entire commands and 
replies will be OpenPGP encrypted and signed.

How the client knows the server's OpenPGP key
There are four ways for doing this:
a) It is preloaded by the Administrator
b) It is downloaded from an OpenPGP keyserver before starting the 
communication
c) It is present on a DNS record for the server (this method is not 
covered by this document)
d) It is requested by the client on the fly

For requesting a key on the fly the client uses OPSS KEY command, which 
MUST be answered by the server with a 250 OK OPSS KEY answer and its own 
ASCII-armored OpenPGP key.

How the server knows the client's OpenPGP key
There are three ways for doing this:
a) It is preloaded by the Administrator
b) It is downloaded from an OpenPGP keyserver, out of band, while 
crafting, sending, receiving and checking the challenge-response.
c) It is present on a DNS record for the client (this method is not 
covered by this document) which is checked out of band while crafting, 
sending, receiving and checking the challenge-response.

Signature opss-verification procedure
Once the server has the signed response to the challenge, it will 
perform a standard OpenPGP verification (OpenPGP verification is one 
step of OPSS verification). If this fails, the verification fails. If it 
succeeds, server will match the EHLO node name againts its known parties 
list.
If it is found as “verified”, server will check the key also stored 
there against the one used for the response, and if they match, 
verification succeeds and message will be accepted, otherwise 
verification fails and message will not be accepted.
If it is found as “non-verified”, server MAY update the key from an 
OpenPGP keyserver in order to check if further signatures on it makes it 
verified. Anycase verification succeeds and message will be accepted. 
Server MAY also check the key also stored in the known parties list 
against the one used for the response, and add a 
X-OPSS-Signature-not-verified header to the message before delivering it.
Key update from a keyserver may also bring as revoked a previously 
verified signature, or may bring a different key for the same client.

Known parties list maintenance
Administrator can add pairs of EHLO node name-OpenPGP key to the list by 
hand. Also, any new key detected from OPSS RESPONSE commands will be 
added to the list together with the corresponding EHLO node name by 
using the “Add host to known parties list” procedure (explained below). 
If the server tries to update a key from a keyserver and finds a new 
key, this will be added as well, together with the corresponding EHLO 
node name.
A node name-key pair can have one of two statuses: verified and 
non-verified. Verified means that the server administrator manually 
choosed this, or that the trust on the keys signing it justifies to do so.
A node with a verified key can appear only once on the known parties 
list, but a node can have several non-verified keys on it, all of them 
valid.

Add host to known parties list procedure
When a server receives an OPSS RESPONSE command, it must check its 
correpsonding node name on the known parties list. If found as 
“Verified”, it does nothing. If found as “non-verified”, server adds the 
pair node name-key to the list without removing the already present 
pair. If not found, it just adds the pair node name-key to the list.

Web of Trust
The administrator can manually assign a trust level to each key, even 
keys that have an empty node name. Procedures for this are standard 
OpenPGP. If the configured amount of keys with the correct trust level 
are signing a key, that key will be considered verified without manual 
administrator intervention. Security note: An administrator should only 
assign trust to keys belonging to people or server he positively knows 
are conscious of the security implications of signing a key.

Key format
Keys will be standard OpenPGP keys with a corresponding e-mail address 
of OPSS_e-mail@[nodename]

X-OPSS-Signature-not-verified header
A server MAY add this header for a non-verified signature. Format is one of:
X-OPSS-Signature-not-verified: Not found [nodename]
X-OPSS-Signature-not-verified: Key found for [nodename], [key]
X-OPSS-Signature-not-verified: Several keys found for [nodename], [key used]
These can be used for MUA spam checking.

Regards
Noel
er Envite

From ted.ietf@gmail.com  Thu Oct 24 12:43:37 2013
Return-Path: <ted.ietf@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B53EC11E8152 for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 12:43:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.527
X-Spam-Level: 
X-Spam-Status: No, score=-2.527 tagged_above=-999 required=5 tests=[AWL=0.072,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K5toScAlolTS for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 12:43:37 -0700 (PDT)
Received: from mail-ie0-x232.google.com (mail-ie0-x232.google.com [IPv6:2607:f8b0:4001:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id 5CD0811E820F for <perpass@ietf.org>; Thu, 24 Oct 2013 12:43:35 -0700 (PDT)
Received: by mail-ie0-f178.google.com with SMTP id x13so4721090ief.23 for <perpass@ietf.org>; Thu, 24 Oct 2013 12:43:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=84+8b29IUhlS5DLH6dR2Lx6MkhxSIX/2Hhwx4ps8b6M=; b=R6Ymy6LSVY4I4XxI8rHzqs7oL8BONBGRLgVbcsGDgSNDLaQ7d9erw0I4sjBedZ5YxF ZX6gpxak13hvp5JA7pOZ2SEcGmFBjkzJMzSZGBQBemtOYpiVFu9eF/1KGVPstm+uoCm5 9C819+BNuFe9dsVi+9mRD2Jwp8xj3AaOARMF5ngxkpV+T9NhQf6lDqUu5pBzEKSIZT8Q zDQgtlGTK1jifej2b/KcZ4EegJxzNkj4Fspoak3crvMdVFsA8e6veJ2pvVCe3OMBrUjf eQybzyrJ5CPIOkvYo18Dunb5oPxS9mdggv+hseRbYj4hlAHjR0P6zHuJWhiATfs0WsJt N7HQ==
MIME-Version: 1.0
X-Received: by 10.50.120.104 with SMTP id lb8mr3118028igb.22.1382643811284; Thu, 24 Oct 2013 12:43:31 -0700 (PDT)
Received: by 10.42.29.202 with HTTP; Thu, 24 Oct 2013 12:43:31 -0700 (PDT)
In-Reply-To: <526960FF.3050902@stpeter.im>
References: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com> <5266AC02.80506@cs.tcd.ie> <5267B862.6000105@isode.com> <5267BAD9.8070702@cs.tcd.ie> <526960FF.3050902@stpeter.im>
Date: Thu, 24 Oct 2013 12:43:31 -0700
Message-ID: <CA+9kkMAVP4sW6_fQc5rvzS8zomcvyz5hddM7Hobbw+MMC7y1Ew@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Peter Saint-Andre <stpeter@stpeter.im>
Content-Type: multipart/alternative; boundary=047d7bd76bb23902a204e981d928
Cc: Salvatore Loreto <salvatore.loreto@ericsson.com>, Alexey Melnikov <alexey.melnikov@isode.com>, "<perpass@ietf.org>" <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 19:43:37 -0000

--047d7bd76bb23902a204e981d928
Content-Type: text/plain; charset=ISO-8859-1

On Thu, Oct 24, 2013 at 11:03 AM, Peter Saint-Andre <stpeter@stpeter.im>wrote:

>
> >> I think SMTP TLS BCP would be a good idea. I think it should be
> >> independent of DANE, because of the status of the DANE document.
> >> I would be happy to work on it (and would be happy to collaborate
> >> with PSA to discuss similarities and differences).
> >
> > Great. Let's talk in YVR about how to get that done so its a real
> > BCP that gets followed in the wild. If someone else is up for
> > helping I guess contact Alexey.
>
> Before this thread emerged, I suggested the idea of having a chat
> about this topic during the AppsArea session on Monday morning (and
> BTW there are no SEC area sessions opposite). That might be a good
> place to start.
>
>
Are you thinking of this in terms of MSAs in the RFC 6409 sense, as well as
MTAs?   Though SMTP is used for both, the usefulness of things like DANE is
likely to be different in the different contexts.

That hints, unfortunately, that there is a strong possibility that the best
current practice may be best specified in relation to a specific use of a
protocol rather than generally to the protocol.

regards,

Ted



> Peter
>
> - --
> Peter Saint-Andre
> https://stpeter.im/
>
>

--047d7bd76bb23902a204e981d928
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Thu, Oct 24, 2013 at 11:03 AM, Peter Saint-Andre <span =
dir=3D"ltr">&lt;<a href=3D"mailto:stpeter@stpeter.im" target=3D"_blank">stp=
eter@stpeter.im</a>&gt;</span> wrote:<br><div class=3D"gmail_extra"><div cl=
ass=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><br><div class=3D"im">
&gt;&gt; I think SMTP TLS BCP would be a good idea. I think it should be<br=
>
&gt;&gt; independent of DANE, because of the status of the DANE document.<b=
r>
&gt;&gt; I would be happy to work on it (and would be happy to collaborate<=
br>
&gt;&gt; with PSA to discuss similarities and differences).<br>
&gt;<br>
&gt; Great. Let&#39;s talk in YVR about how to get that done so its a real<=
br>
&gt; BCP that gets followed in the wild. If someone else is up for<br>
&gt; helping I guess contact Alexey.<br>
<br>
</div>Before this thread emerged, I suggested the idea of having a chat<br>
about this topic during the AppsArea session on Monday morning (and<br>
BTW there are no SEC area sessions opposite). That might be a good<br>
place to start.<br>
<br></blockquote><div><br></div><div>Are you thinking of this in terms of M=
SAs in the RFC 6409 sense, as well as MTAs?=A0=A0 Though SMTP is used for b=
oth, the usefulness of things like DANE is likely to be different in the di=
fferent contexts.<br>
<br></div><div>That hints, unfortunately, that there is a strong possibilit=
y that the best current practice may be best specified in relation to a spe=
cific use of a protocol rather than generally to the protocol.<br><br></div=
>
<div>regards,<br><br>Ted<br></div><div><br>=A0</div><blockquote class=3D"gm=
ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le=
ft:1ex">
Peter<br>
<br>
- --<br>
Peter Saint-Andre<br>
<a href=3D"https://stpeter.im/" target=3D"_blank">https://stpeter.im/</a><b=
r>
<br></blockquote></div><br></div></div>

--047d7bd76bb23902a204e981d928--

From stpeter@stpeter.im  Thu Oct 24 13:01:51 2013
Return-Path: <stpeter@stpeter.im>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C45D711E83AF for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 13:01:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.372
X-Spam-Level: 
X-Spam-Status: No, score=-102.372 tagged_above=-999 required=5 tests=[AWL=0.227, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S103K20dj557 for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 13:01:46 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id A0B5211E820F for <perpass@ietf.org>; Thu, 24 Oct 2013 13:01:34 -0700 (PDT)
Received: from ergon.local (unknown [128.107.239.234]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 0484C4100F; Thu, 24 Oct 2013 14:08:04 -0600 (MDT)
Message-ID: <52697C8C.8040907@stpeter.im>
Date: Thu, 24 Oct 2013 14:01:16 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Ted Hardie <ted.ietf@gmail.com>
References: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>	<5266AC02.80506@cs.tcd.ie> <5267B862.6000105@isode.com>	<5267BAD9.8070702@cs.tcd.ie> <526960FF.3050902@stpeter.im> <CA+9kkMAVP4sW6_fQc5rvzS8zomcvyz5hddM7Hobbw+MMC7y1Ew@mail.gmail.com>
In-Reply-To: <CA+9kkMAVP4sW6_fQc5rvzS8zomcvyz5hddM7Hobbw+MMC7y1Ew@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Salvatore Loreto <salvatore.loreto@ericsson.com>, Alexey Melnikov <alexey.melnikov@isode.com>, "<perpass@ietf.org>" <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 20:01:52 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/24/13 1:43 PM, Ted Hardie wrote:
> On Thu, Oct 24, 2013 at 11:03 AM, Peter Saint-Andre
> <stpeter@stpeter.im <mailto:stpeter@stpeter.im>> wrote:
> 
> 
>>> I think SMTP TLS BCP would be a good idea. I think it should
>>> be independent of DANE, because of the status of the DANE
>>> document. I would be happy to work on it (and would be happy to
>>> collaborate with PSA to discuss similarities and differences).
>> 
>> Great. Let's talk in YVR about how to get that done so its a
>> real BCP that gets followed in the wild. If someone else is up
>> for helping I guess contact Alexey.
> 
> Before this thread emerged, I suggested the idea of having a chat 
> about this topic during the AppsArea session on Monday morning
> (and BTW there are no SEC area sessions opposite). That might be a
> good place to start.
> 
> 
> Are you thinking of this in terms of MSAs in the RFC 6409 sense, as
> well as MTAs?

I'm thinking about what Keith Moore posted in draft-moore-email-tls.
So yes, MSAs in the RFC 6409 sense (but also covering IMAP and POP).

> Though SMTP is used for both, the usefulness of things like DANE is
> likely to be different in the different contexts.
> 
> That hints, unfortunately, that there is a strong possibility that
> the best current practice may be best specified in relation to a
> specific use of a protocol rather than generally to the protocol.

So it seems.

We all need to up our game, but each of us might need to do so in
different ways.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSaXyMAAoJEOoGpJErxa2piAwP/23f/rQ9VpAfJlcsFGLHmwEB
haJoQpJ4DJFuH201p+5U4w8YeZyCRaH1qrAv+kVNTBuiZwqQilkKty8FoMAg3cTl
NK15NVMWmR78lgNAW0FsPsRvvGmuuZGEdER6IvtytbL1xJue18RuaKWXiA5ZPeub
aXwtV9s5Qkj3asXTJexXmZvBwGa1oA1tXJHzrsmHOTZf/72OYo1J5o4hjIRlgK2h
jxGXl8mv94flj0ySk6lr4/vbfxNeLHpMDyuXZm2wPGnRQbfFANd0XsuvNa/YGmIy
4nm3cWHxtcRL1nGoD0JI6tb9ekgMzLIVAu0stl5T2/l663ppTW40QqAXLNEpp/Xc
UaIOtq9pEy0BKlzaRCqotV1AEgdiu1u7Mygo+r7nqjCA1gJV9evtSUE7ESGkM9y5
NXu0pfdqmPXa8Y3v+DoXZADkCFuz/4Jwgtq0vpGsWW3YMltv5L5SRgH5WYu7T4VI
VFXHkt1GpNYqT6x5IygkFswQVsC7Reast2RfYIaohefQ0VljteDZCivJK8VGvh1g
ob4bWjhbYcBHPrWD/2GxorUWz6ZXELDGyB+BU7cf8GgYyo+nwGq0enk4X5iGKxCJ
Y8begsJ1USF1X4NLQQV/pYk2BK4ZqczYANRR1tAMOEedzNukO1RtNGf9aU9VRPvP
uCqJyTfuOkvDsQPKjs6v
=QKwx
-----END PGP SIGNATURE-----

From sm@resistor.net  Thu Oct 24 16:53:55 2013
Return-Path: <sm@resistor.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDF2D11E821F for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 16:53:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.428
X-Spam-Level: 
X-Spam-Status: No, score=-102.428 tagged_above=-999 required=5 tests=[AWL=-0.129, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oDQsbAfxCvWz for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 16:53:55 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 068E611E8277 for <perpass@ietf.org>; Thu, 24 Oct 2013 16:53:53 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r9ONrlAJ020997 for <perpass@ietf.org>; Thu, 24 Oct 2013 16:53:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1382658832; bh=RJqn8lHgJj9HtvM+T73t4jbHEw+rZCoQrIO4DcGB/IA=; h=Date:To:From:Subject; b=yqGnjxMK/9uOipQS3/jsTvIUUSg9AtCpSOlWYeFYR4Be9YOX2+HA2QwoS5oFDGW+6 Wtlu1KjjETJPdEvZfUo9+ngUlOn0Gh21CuBPcQI1d1bwktYKs+NpO7NZZLxXKqI3Ie /nhMsadVpwqYXzsOd6FTdcUg1B5vprXjlMY5uk0c=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1382658832; i=@resistor.net; bh=RJqn8lHgJj9HtvM+T73t4jbHEw+rZCoQrIO4DcGB/IA=; h=Date:To:From:Subject; b=31fwqUDcsMiqIWdNgzzcw4KKbg9ux+oC8EJ2NtGTU4Aeoe5aA6qh5yVH5gmdtfcwg XbT1aczLn12VUUQu5gXhkDLkjn5j/2ihTPjn8EsVNRwADk8Ikaf9LoWNDZre1WpWBW s75rsGNPxUixs0dNEJKVoB69RSeXmfCv/GmoelbQ=
Message-Id: <6.2.5.6.2.20131024162357.0e207098@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Thu, 24 Oct 2013 16:41:45 -0700
To: perpass@ietf.org
From: SM <sm@resistor.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Subject: [perpass] =?iso-8859-1?q?Intro=92s_approach_of_proxying_IMAP?=
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 23:53:55 -0000

Hello,

 From 
http://engineering.linkedin.com/mobile/linkedin-intro-doing-impossible-ios

   "Similarly, Intro's approach of proxying IMAP is a novel way of delivering
    software to users. It operates at the limit of what is 
technically possible,
    but it has a big advantage: we can enhance the apps you already use."

What is technical possible is not always a good idea.  This is a 
matter of personal opinion.

Regards,
-sm


From ned+perpass@mrochek.com  Thu Oct 24 19:23:50 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 798ED11E824B for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 19:23:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.054
X-Spam-Level: 
X-Spam-Status: No, score=-2.054 tagged_above=-999 required=5 tests=[AWL=0.545,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rTPZ8CYluHns for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 19:23:45 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 6132E11E819E for <perpass@ietf.org>; Thu, 24 Oct 2013 19:23:45 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZZ1K15P6O007KBK@mauve.mrochek.com> for perpass@ietf.org; Thu, 24 Oct 2013 19:18:44 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZQXEDTQ3400004R@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Thu, 24 Oct 2013 19:18:39 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01OZZ1JZTBRI00004R@mauve.mrochek.com>
Date: Thu, 24 Oct 2013 19:15:00 -0700 (PDT)
In-reply-to: "Your message dated Thu, 24 Oct 2013 12:43:31 -0700" <CA+9kkMAVP4sW6_fQc5rvzS8zomcvyz5hddM7Hobbw+MMC7y1Ew@mail.gmail.com>
References: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com> <5266AC02.80506@cs.tcd.ie> <5267B862.6000105@isode.com> <5267BAD9.8070702@cs.tcd.ie> <526960FF.3050902@stpeter.im> <CA+9kkMAVP4sW6_fQc5rvzS8zomcvyz5hddM7Hobbw+MMC7y1Ew@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: Salvatore Loreto <salvatore.loreto@ericsson.com>, Alexey Melnikov <alexey.melnikov@isode.com>, "<perpass@ietf.org>" <perpass@ietf.org>, Peter Saint-Andre <stpeter@stpeter.im>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 02:23:50 -0000

> On Thu, Oct 24, 2013 at 11:03 AM, Peter Saint-Andre <stpeter@stpeter.im>wrote:

> >
> > >> I think SMTP TLS BCP would be a good idea. I think it should be
> > >> independent of DANE, because of the status of the DANE document.
> > >> I would be happy to work on it (and would be happy to collaborate
> > >> with PSA to discuss similarities and differences).
> > >
> > > Great. Let's talk in YVR about how to get that done so its a real
> > > BCP that gets followed in the wild. If someone else is up for
> > > helping I guess contact Alexey.
> >
> > Before this thread emerged, I suggested the idea of having a chat
> > about this topic during the AppsArea session on Monday morning (and
> > BTW there are no SEC area sessions opposite). That might be a good
> > place to start.
> >
> >
> Are you thinking of this in terms of MSAs in the RFC 6409 sense, as well as
> MTAs?   Though SMTP is used for both, the usefulness of things like DANE is
> likely to be different in the different contexts.

Quite right. SUBMIT is best thought of as a separate protocol that happens to
share a lot of syntax and semantics with SMTP. And I'd say the utility is
certain to be different. (I hope we don't have to go through the same
discussion we've just had regarding IMAP for SUBMIT.)

> That hints, unfortunately, that there is a strong possibility that the best
> current practice may be best specified in relation to a specific use of a
> protocol rather than generally to the protocol.

Agreed.

				Ned

From huitema@huitema.net  Thu Oct 24 22:23:31 2013
Return-Path: <huitema@huitema.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38B2C11E82A6 for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 22:23:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.134
X-Spam-Level: 
X-Spam-Status: No, score=-2.134 tagged_above=-999 required=5 tests=[AWL=0.465,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dPVjAIry5dqn for <perpass@ietfa.amsl.com>; Thu, 24 Oct 2013 22:23:25 -0700 (PDT)
Received: from xsmtp01.mail2web.com (xsmtp01.mail2web.com [168.144.250.230]) by ietfa.amsl.com (Postfix) with ESMTP id D315711E82A4 for <perpass@ietf.org>; Thu, 24 Oct 2013 22:23:23 -0700 (PDT)
Received: from [10.5.2.14] (helo=xmail04.myhosting.com) by xsmtp01.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1VZZrm-0000DA-5y for perpass@ietf.org; Fri, 25 Oct 2013 01:23:23 -0400
Received: (qmail 10211 invoked from network); 25 Oct 2013 05:23:20 -0000
Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail04.myhosting.com (qmail-ldap-1.03) with ESMTPA for <dcrocker@bbiw.net>; 25 Oct 2013 05:23:20 -0000
From: "Christian Huitema" <huitema@huitema.net>
To: <dcrocker@bbiw.net>, "'John-Mark Gurney'" <jmg@funkthat.com>
References: <526811D1.3000802@rolamasao.org>	<52681300.7020701@dcrocker.net>	<526816B6.4080301@rolamasao.org>	<526818F6.9000006@dcrocker.net>	<7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com>	<20131023200227.GB94140@funkthat.com> <52682C39.9050202@dcrocker.net>
In-Reply-To: <52682C39.9050202@dcrocker.net>
Date: Thu, 24 Oct 2013 22:23:19 -0700
Message-ID: <0b1a01ced142$51abbfa0$f5033ee0$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Content-Language: en-us
Thread-Index: AQKYALQ9YQeLZHFPrvEjR86bZ3A57ALETYMrAnJcHL4BlqKCjwHwztQ2Aivu0lwBSZuvIJgQ445w
Cc: 'Noel Torres' <envite@rolamasao.org>, perpass@ietf.org
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 05:23:31 -0000

> Please terminate this sub-thread.  It has many years of wasted history =

> on many mailing lists.
>=20
> Really.  The script this thread will follow has been run so many =
times,=20
> the pages are tattered.

Dave, I am well aware of past discussions, but something has changed. We =
can
certainly agree that server-to-server encryption is not the best way to
provide end-to-end authentication or confidentiality of messages.=20

However, if I was running a spying system and if I was in the business =
of
collecting meta-data, I would love looking at unencrypted SMTP traffic.
Suppose that I tap  a number of big Internet pipe, at exchanges or on =
the
path to big servers. I can filter out the SMTP traffic with not much =
effort.
Even if the poor schmucks are using PGP or S-MIME, I will be able to =
read
the entire set of RFC-822 headers in clear-text. I can use that to =
create a
database of who sends e-mail to whom, and pretty soon I will have a good
idea of the "social network."

If I was running such a system, I would hate to see SMTP traffic =
becoming
encrypted.=20

In the past, we did not suspect that someone would run such a system. We
were probably na=EFve.=20

-- Christian Huitema



From hannes.tschofenig@gmx.net  Fri Oct 25 00:58:22 2013
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9671511E82C1 for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 00:58:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.615
X-Spam-Level: 
X-Spam-Status: No, score=-102.615 tagged_above=-999 required=5 tests=[AWL=-0.016, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jr0pNUE5nI7H for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 00:58:18 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id AA33611E815C for <perpass@ietf.org>; Fri, 25 Oct 2013 00:58:14 -0700 (PDT)
Received: from [172.16.254.200] ([80.92.115.161]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MNMyz-1Vc7O01mxN-006wDx for <perpass@ietf.org>; Fri, 25 Oct 2013 09:58:13 +0200
Message-ID: <526A24AD.8000107@gmx.net>
Date: Fri, 25 Oct 2013 09:58:37 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Joseph Lorenzo Hall <joe@cdt.org>, Stephen Kent <kent@bbn.com>,  perpass <perpass@ietf.org>
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>	<5265FB71.1020408@cisco.com>	<526617D2.5060903@gmx.net>	<6.2.5.6.2.20131021232826.0dbc9530@resistor.net>	<5267E076.5010700@bbn.com>	<21D6C0EE-0C10-4DC9-ADD6-A6CFA212D163@icsi.berkeley.edu>	<5267EBEB.5030701@bbn.com> <526815F0.8020100@cdt.org>
In-Reply-To: <526815F0.8020100@cdt.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:VDRfnbYBsSJcxvXPGEoxU4NO/WL+1x1pvUwAAnhGLJ2FnXfknrN r/HBQC8XrNdAg9d8GBqRSZC8h0ZTQYrA8iuXqcVAGF8kLaasOlr+8vDC0Y8dPvlvnIzSWen Aj92+CiJs55LHFzHKDUiy3Rp3PTtmlsvGi8L1H6/J21jeKRrlXeSaxDdMBPwq44u93/CPkw 91655z8A8wBAWUH4de6Ig==
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 07:58:22 -0000

On 10/23/2013 08:31 PM, Joseph Lorenzo Hall wrote:
> NIST appears to have learned from this that the standardization
> process has to be equally as transparent as the
> competition/cryptanalysis process. That's a very good thing.

There is still something to learn for NIST when it comes to good 
standardization principles, such as those outlined by OpenStand
http://open-stand.org/principles/

I am sure you have seen the related post from the IAB on this topic:
http://www.iab.org/2013/10/23/comments-from-the-iab-on-nist-sp-800-90a-proceeding/

But it would be unfair to just complain about NIST when many other 
government bodies aren't any better. I will share one story I 
experienced recently with the European Commission (EC) created Network 
and Information Security (NIS) platform. This group was created in 
response to the proposed regulation on CyberSecurity by the EC.

The responsible persons from the EC decided to organize a f2f meeting 
early June to get their work started. Around 150 persons from all 
sectors in the industry showed up to the meeting (mostly from bigger 
cooperations who have public policy people in Brussels) since the 
meeting was announced short notice.

The meeting was lead by Giuseppe Abbamonte and he ran the meeting in the 
style expressed at their webpage: "the Commission will select the 
platform participants, with a view to ensuring a balanced and manageable 
representation of the different stakeholders."

At the end of the meeting he came up with the idea that there should be 
3 groups with maximum 20 persons each and he will nominate the persons 
for those groups.

I dared to suggest to follow a model like in the IETF with open 
participation. He shouted at me and said that this will never happen. 
The argument was that this has never worked in the EC so far.

Of course the folks in the participating people in the room quickly 
noticed that 3x20 by no means leads to 150 and so more than half of the 
participants of the f2f meeting wouldn't be allowed to participate in 
the work. (I ignore those who weren't able to show up at the f2f meeting 
or smaller enterprises who don't have the budget to fly to Brussels just 
to chat.) I am sure most of them had no expectation that it would lead 
to something useful but they at least wanted to follow it and jump it 
when it completely goes into the wrong direction.

An hour later the model was changed and larger groups were allowed; 
that's still far away from an IETF type of participation style.

These are the types of groups who are supposed to develop solutions to 
improve the security of the Internet.

Ciao
Hannes



From dhc@dcrocker.net  Fri Oct 25 04:28:58 2013
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E2E811E8127 for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 04:28:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level: 
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4DwT+gD8sCg7 for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 04:28:53 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 3D23E11E83C1 for <perpass@ietf.org>; Fri, 25 Oct 2013 04:28:53 -0700 (PDT)
Received: from [10.3.89.42] (IP-173-231-109-130.static.fibrenoire.ca [173.231.109.130] (may be forged)) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r9PBSh7Z023529 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 25 Oct 2013 04:28:47 -0700
Message-ID: <526A55E4.2050708@dcrocker.net>
Date: Fri, 25 Oct 2013 07:28:36 -0400
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Christian Huitema <huitema@huitema.net>, "'John-Mark Gurney'" <jmg@funkthat.com>
References: <526811D1.3000802@rolamasao.org>	<52681300.7020701@dcrocker.net>	<526816B6.4080301@rolamasao.org>	<526818F6.9000006@dcrocker.net>	<7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com>	<20131023200227.GB94140@funkthat.com>	<52682C39.9050202@dcrocker.net> <0b1a01ced142$51abbfa0$f5033ee0$@huitema.net>
In-Reply-To: <0b1a01ced142$51abbfa0$f5033ee0$@huitema.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Fri, 25 Oct 2013 04:28:48 -0700 (PDT)
Cc: 'Noel Torres' <envite@rolamasao.org>, perpass@ietf.org
Subject: Re: [perpass] e-mail security idea: server2server PGP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 11:28:58 -0000

On 10/25/2013 1:23 AM, Christian Huitema wrote:
>> Please terminate this sub-thread.  It has many years of wasted
>> history on many mailing lists.
>>
>> Really.  The script this thread will follow has been run so many
>> times, the pages are tattered.
>
> Dave, I am well aware of past discussions, but something has
> changed. We can certainly agree that server-to-server encryption is
> not the best way to provide end-to-end authentication or
> confidentiality of messages.
>
> However, if I was running a spying system and if I was in the
> business of collecting meta-data, I would love looking at
> unencrypted SMTP traffic.

Christian,

I apologize for being ambiguous.  The "sub-thread" I meant was the
sole-sourced, compulsive attacks on DKIM.  I left the specific reference
off in an attempt to trigger yet-another round of attacks...  sigh.


FWIW, I think "link" (that is, lower transfer layer) encryption is just
fine, much like washing one's hands is good hygiene.

The fact that it won't really provide protection against most/all of the
actual attacks we've been seeing or hearing about doesn't mean we
shouldn't do it, for at least the reason you cite.

But of course it does mean we also need to look at things more broadly, 
for the additional mechanisms that will cover current, typical attacks.


d/
-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

From rutkowski.tony@gmail.com  Fri Oct 25 05:40:13 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F86611E83E0 for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 05:40:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level: 
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id coj4vFZXInOx for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 05:40:12 -0700 (PDT)
Received: from mail-qe0-x229.google.com (mail-qe0-x229.google.com [IPv6:2607:f8b0:400d:c02::229]) by ietfa.amsl.com (Postfix) with ESMTP id 90F2711E83D3 for <perpass@ietf.org>; Fri, 25 Oct 2013 05:40:12 -0700 (PDT)
Received: by mail-qe0-f41.google.com with SMTP id x7so2322175qeu.28 for <perpass@ietf.org>; Fri, 25 Oct 2013 05:40:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=XhWYKwtEAevT9HVUNqk3MvJI41ibNbGSZmMymvQe09w=; b=k4TyhNCoPFeR2Y7afypV8X9qBOet850uL1830E/L3Y1m6zhRFeAgYr8+2OeW67xPnl 3wggPDbXAMfolk68qYoGlGW9fF3BOzaeoPnxeSeiNvHs4o1B+KnX13wfSCrPHzD+9QO+ HB3cOemCeqGj2oCDc7kRzLt2s8p3xnRt0DRWWMWCeh/7TAOWD2VwUhlvSGIr/rgxk39o ouvhP5F4safG1B+Tu+3jYZwnZmeySOxpOLAS2pZN7CUCOOJrTwyUHlTDgjc9leUmE4lI oj58aqHebOh1KubhL2Zb7h1SlaT3CAvrrjmuW8EyUhg6P0tm1vHTQdYIeCma0jyXOG/q A+3w==
X-Received: by 10.49.15.129 with SMTP id x1mr10381264qec.49.1382704812074; Fri, 25 Oct 2013 05:40:12 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id l5sm18880099qac.12.2013.10.25.05.40.10 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 25 Oct 2013 05:40:11 -0700 (PDT)
Message-ID: <526A66AA.1020009@gmail.com>
Date: Fri, 25 Oct 2013 08:40:10 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <52654CB3.1050507@cs.tcd.ie>	<C5E08FE080ACFD4DAE31E4BDBF944EB123CD0F2D@xmb-aln-x02.cisco.com>	<5268E1C1.8070307@cs.tcd.ie>	<C5E08FE080ACFD4DAE31E4BDBF944EB123CD2370@xmb-aln-x02.cisco.com> <5269304D.8040101@cs.tcd.ie>
In-Reply-To: <5269304D.8040101@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="------------090009060304010404030708"
Cc: perpass <perpass@ietf.org>
Subject: [perpass] ITU-T 's anti-perpass work
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 12:40:13 -0000

This is a multi-part message in MIME format.
--------------090009060304010404030708
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi Steve,

As fate has it, the ITU-T is meeting
in Kampala at about the same time as
the IETF meeting.  On its agenda, it
has some "anti-perpass" contributions
shown below that were just submitted.

The ITU-T - IETF cooperation agreement
provides both access to these materials
as well as an ability to comment.  Perpass
might wish to consider providing comment.

--tony

Number 	Received 	Source 	Title 	Questions
[ 370 r1] 	22-Oct-13 	Korea Electronics and Telecommunications Research 
Institute (ETRI) 	Survey and proposal of Big data definition for 
Y.BigData-reqts 	Q17/13
[ 426 ] 	23-Oct-13 	China Telecommunications Corporation 	Proposal about 
benefits of Big Data in Y.Bigdata-reqts 	Q17/13
[ 427 ] 	23-Oct-13 	China Telecommunications Corporation 	Proposal about 
definition and characteristics of Big Data in Y.Bigdata-reqts 	Q17/13
[ 428 ] 	23-Oct-13 	China Telecommunications Corporation 	Proposal about 
the relationship between cloud computing and big data in 
Y.Bigdata-reqts 	Q17/13
[ 430 ] 	24-Oct-13 	TELEKOMUNIKACJA POLSKA S.A. 	Areas of cloud 
computing support for big data 	Q17/13



--------------090009060304010404030708
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hi Steve,<br>
    <br>
    As fate has it, the ITU-T is meeting<br>
    in Kampala at about the same time as<br>
    the IETF meeting.&nbsp; On its agenda, it<br>
    has some "anti-perpass" contributions<br>
    shown below that were just submitted.<br>
    <br>
    The ITU-T - IETF cooperation agreement<br>
    provides both access to these materials<br>
    as well as an ability to comment.&nbsp; Perpass<br>
    might wish to consider providing comment.<br>
    <br>
    --tony<br>
    <br>
    <table style="border-collapse: collapse;width:593pt" cellpadding="0"
      cellspacing="0" border="0" width="791">
      <colgroup><col
          style="mso-width-source:userset;mso-width-alt:2048;width:42pt"
          width="56"> <col
          style="mso-width-source:userset;mso-width-alt:2377;width:49pt"
          width="65"> <col
          style="mso-width-source:userset;mso-width-alt:5961;width:122pt"
          width="163"> <col
          style="mso-width-source:userset;mso-width-alt:16201;width:332pt"
          width="443"> <col style="width:48pt" width="64"> </colgroup><tbody>
        <tr style="height:12.0pt" height="16">
          <td class="xl63" style="height:12.0pt;width:42pt" height="16"
            width="56">Number&nbsp;</td>
          <td class="xl64" style="width:49pt" width="65">Received</td>
          <td class="xl63" style="width:122pt" width="163">Source</td>
          <td class="xl63" style="width:332pt" width="443">Title</td>
          <td class="xl63" style="width:48pt" width="64">Questions</td>
        </tr>
        <tr style="height:36.0pt" height="48">
          <td class="xl65" style="height:36.0pt;width:42pt" height="48"
            width="56">[ 370 r1] &nbsp;</td>
          <td class="xl66" style="width:49pt" align="right" width="65">22-Oct-13</td>
          <td class="xl65" style="width:122pt" width="163">Korea
            Electronics and Telecommunications Research Institute (ETRI)
            &nbsp;</td>
          <td class="xl65" style="width:332pt" width="443">Survey and
            proposal of Big data definition for Y.BigData-reqts &nbsp; &nbsp;</td>
          <td class="xl65" style="width:48pt" width="64">Q17/13 &nbsp;</td>
        </tr>
        <tr style="height:24.0pt" height="32">
          <td class="xl65" style="height:24.0pt;width:42pt" height="32"
            width="56">[ 426 ] &nbsp;</td>
          <td class="xl66" style="width:49pt" align="right" width="65">23-Oct-13</td>
          <td class="xl65" style="width:122pt" width="163">China
            Telecommunications Corporation &nbsp;</td>
          <td class="xl65" style="width:332pt" width="443">Proposal
            about benefits of Big Data in Y.Bigdata-reqts &nbsp; &nbsp;</td>
          <td class="xl65" style="width:48pt" width="64">Q17/13 &nbsp;</td>
        </tr>
        <tr style="height:24.0pt" height="32">
          <td class="xl65" style="height:24.0pt;width:42pt" height="32"
            width="56">[ 427 ] &nbsp;</td>
          <td class="xl66" style="width:49pt" align="right" width="65">23-Oct-13</td>
          <td class="xl65" style="width:122pt" width="163">China
            Telecommunications Corporation &nbsp;</td>
          <td class="xl65" style="width:332pt" width="443">Proposal
            about definition and characteristics of Big Data in
            Y.Bigdata-reqts &nbsp; &nbsp;</td>
          <td class="xl65" style="width:48pt" width="64">Q17/13 &nbsp;</td>
        </tr>
        <tr style="height:24.0pt" height="32">
          <td class="xl65" style="height:24.0pt;width:42pt" height="32"
            width="56">[ 428 ] &nbsp;</td>
          <td class="xl66" style="width:49pt" align="right" width="65">23-Oct-13</td>
          <td class="xl65" style="width:122pt" width="163">China
            Telecommunications Corporation &nbsp;</td>
          <td class="xl65" style="width:332pt" width="443">Proposal
            about the relationship between cloud computing and big data
            in Y.Bigdata-reqts &nbsp; &nbsp;</td>
          <td class="xl65" style="width:48pt" width="64">Q17/13 &nbsp;</td>
        </tr>
        <tr style="height:24.0pt" height="32">
          <td class="xl65" style="height:24.0pt;width:42pt" height="32"
            width="56">[ 430 ] &nbsp;</td>
          <td class="xl66" style="width:49pt" align="right" width="65">24-Oct-13</td>
          <td class="xl65" style="width:122pt" width="163">TELEKOMUNIKACJA
            POLSKA S.A. &nbsp;</td>
          <td class="xl65" style="width:332pt" width="443">Areas of
            cloud computing support for big data &nbsp; &nbsp;</td>
          <td class="xl65" style="width:48pt" width="64">Q17/13 &nbsp;</td>
        </tr>
      </tbody>
    </table>
    <br>
  </body>
</html>

--------------090009060304010404030708--

From dhc@dcrocker.net  Fri Oct 25 06:33:05 2013
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EB7511E81BB for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 06:33:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.578
X-Spam-Level: 
X-Spam-Status: No, score=-6.578 tagged_above=-999 required=5 tests=[AWL=0.021,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sLwpd9SC1awH for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 06:33:00 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 1EC3311E81A8 for <perpass@ietf.org>; Fri, 25 Oct 2013 06:33:00 -0700 (PDT)
Received: from [172.16.58.7] ([207.253.19.2]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r9PDWraJ026725 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 25 Oct 2013 06:32:57 -0700
Message-ID: <526A72FC.5020802@dcrocker.net>
Date: Fri, 25 Oct 2013 09:32:44 -0400
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: rutkowski.tony@gmail.com
References: <52654CB3.1050507@cs.tcd.ie>	<C5E08FE080ACFD4DAE31E4BDBF944EB123CD0F2D@xmb-aln-x02.cisco.com>	<5268E1C1.8070307@cs.tcd.ie>	<C5E08FE080ACFD4DAE31E4BDBF944EB123CD2370@xmb-aln-x02.cisco.com>	<5269304D.8040101@cs.tcd.ie> <526A66AA.1020009@gmail.com>
In-Reply-To: <526A66AA.1020009@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Fri, 25 Oct 2013 06:32:58 -0700 (PDT)
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] ITU-T 's anti-perpass work
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 13:33:05 -0000

On 10/25/2013 8:40 AM, Tony Rutkowski wrote:
> On its agenda, it
> has some "anti-perpass" contributions
> shown below that were just submitted.



Tony,

Please provide some detail, to explain how these contributions are 
anti-perpass.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

From kathleen.moriarty@emc.com  Fri Oct 25 06:52:14 2013
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 031CD11E830F for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 06:52:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.732
X-Spam-Level: 
X-Spam-Status: No, score=-2.732 tagged_above=-999 required=5 tests=[AWL=-0.133, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BA+tKlhpxWHq for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 06:52:09 -0700 (PDT)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id 6B62211E81A8 for <perpass@ietf.org>; Fri, 25 Oct 2013 06:52:09 -0700 (PDT)
Received: from maildlpprd04.lss.emc.com (maildlpprd04.lss.emc.com [10.253.24.36]) by mailuogwprd01.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9PDpgwW013739 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 25 Oct 2013 09:51:43 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd01.lss.emc.com r9PDpgwW013739
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1382709103; bh=uVy+VYGmFtyebbwaYaRpUeQhTII=; h=From:To:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=EKPXFKNVEcbvEX97OA29929vr6/hhNegpTUklswDUZYIcPrwVd/ON05BgeCYu0M51 a/WqeZcnG0vvSGoFGDR1Zjff9rJXKyieh1b8StEHiSU9M7KLjPNiXshuoX5+CyPZNt 5+nRjTjkecKSjQfNZaESySekTWu+QArEEzPibu8Y=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd01.lss.emc.com r9PDpgwW013739
Received: from mailusrhubprd01.lss.emc.com (mailusrhubprd01.lss.emc.com [10.253.24.19]) by maildlpprd04.lss.emc.com (RSA Interceptor); Fri, 25 Oct 2013 06:51:29 -0700
Received: from mxhub40.corp.emc.com (mxhub40.corp.emc.com [128.222.70.107]) by mailusrhubprd01.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9PDpT58004984 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 25 Oct 2013 09:51:29 -0400
Received: from mx15a.corp.emc.com ([169.254.1.46]) by mxhub40.corp.emc.com ([128.222.70.107]) with mapi; Fri, 25 Oct 2013 09:51:29 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Joseph Lorenzo Hall <joe@cdt.org>, Stephen Kent <kent@bbn.com>, perpass <perpass@ietf.org>
Date: Fri, 25 Oct 2013 09:51:26 -0400
Thread-Topic: [perpass] Standards in the age of pervasive suspicion
Thread-Index: Ac7RV/+6QGzlr0FIQviVkdUe++5/VAAMK4Vw
Message-ID: <F5063677821E3B4F81ACFB7905573F24049EA32CF5@MX15A.corp.emc.com>
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com> <5265FB71.1020408@cisco.com>	<526617D2.5060903@gmx.net> <6.2.5.6.2.20131021232826.0dbc9530@resistor.net>	<5267E076.5010700@bbn.com> <21D6C0EE-0C10-4DC9-ADD6-A6CFA212D163@icsi	<526815F0.8020100@cdt.org> <526A24AD.8000107@gmx.net>
In-Reply-To: <526A24AD.8000107@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd01.lss.emc.com
X-RSA-Classifications: public
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 13:52:14 -0000

As the final expert reviewer on a fairly recent NIST publication (about 1 y=
ear ago), I will attest to their good practices.  They do work on standards=
 collaboratively, take open calls for feedback and then provide responses t=
o those who comment.

I wound up reading the document 5 different times, providing feedback in ea=
ch instance that was typically accepted and all responses were reasonable. =
 They do make an effort to find an expert in the area of the standard publi=
cation as well.

I did not read the full thread, so sorry if any of this was out-of-context,=
 but I thought the first-hand experience and their use of a final external =
reviewer might be helpful for some to understand.

Best regards,
Kathleen=20

-----Original Message-----
From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf =
Of Hannes Tschofenig
Sent: Friday, October 25, 2013 3:59 AM
To: Joseph Lorenzo Hall; Stephen Kent; perpass
Subject: Re: [perpass] Standards in the age of pervasive suspicion

On 10/23/2013 08:31 PM, Joseph Lorenzo Hall wrote:
> NIST appears to have learned from this that the standardization=20
> process has to be equally as transparent as the=20
> competition/cryptanalysis process. That's a very good thing.

There is still something to learn for NIST when it comes to good standardiz=
ation principles, such as those outlined by OpenStand http://open-stand.org=
/principles/

I am sure you have seen the related post from the IAB on this topic:
http://www.iab.org/2013/10/23/comments-from-the-iab-on-nist-sp-800-90a-proc=
eeding/

But it would be unfair to just complain about NIST when many other governme=
nt bodies aren't any better. I will share one story I experienced recently =
with the European Commission (EC) created Network and Information Security =
(NIS) platform. This group was created in response to the proposed regulati=
on on CyberSecurity by the EC.

The responsible persons from the EC decided to organize a f2f meeting early=
 June to get their work started. Around 150 persons from all sectors in the=
 industry showed up to the meeting (mostly from bigger cooperations who hav=
e public policy people in Brussels) since the meeting was announced short n=
otice.

The meeting was lead by Giuseppe Abbamonte and he ran the meeting in the st=
yle expressed at their webpage: "the Commission will select the platform pa=
rticipants, with a view to ensuring a balanced and manageable representatio=
n of the different stakeholders."

At the end of the meeting he came up with the idea that there should be
3 groups with maximum 20 persons each and he will nominate the persons for =
those groups.

I dared to suggest to follow a model like in the IETF with open participati=
on. He shouted at me and said that this will never happen.=20
The argument was that this has never worked in the EC so far.

Of course the folks in the participating people in the room quickly noticed=
 that 3x20 by no means leads to 150 and so more than half of the participan=
ts of the f2f meeting wouldn't be allowed to participate in the work. (I ig=
nore those who weren't able to show up at the f2f meeting or smaller enterp=
rises who don't have the budget to fly to Brussels just to chat.) I am sure=
 most of them had no expectation that it would lead to something useful but=
 they at least wanted to follow it and jump it when it completely goes into=
 the wrong direction.

An hour later the model was changed and larger groups were allowed; that's =
still far away from an IETF type of participation style.

These are the types of groups who are supposed to develop solutions to impr=
ove the security of the Internet.

Ciao
Hannes


_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass


From hannes.tschofenig@gmx.net  Fri Oct 25 07:31:00 2013
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2BF511E8314 for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 07:31:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.622
X-Spam-Level: 
X-Spam-Status: No, score=-102.622 tagged_above=-999 required=5 tests=[AWL=-0.023, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fs4QSn3Mrq6H for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 07:30:56 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id 747ED11E8153 for <perpass@ietf.org>; Fri, 25 Oct 2013 07:30:44 -0700 (PDT)
Received: from [172.16.254.200] ([80.92.115.161]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MUDXS-1V8sAV3aza-00R1ZA for <perpass@ietf.org>; Fri, 25 Oct 2013 16:30:42 +0200
Message-ID: <526A80AA.3080504@gmx.net>
Date: Fri, 25 Oct 2013 16:31:06 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>,  Joseph Lorenzo Hall <joe@cdt.org>, Stephen Kent <kent@bbn.com>, perpass <perpass@ietf.org>
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>	<5265FB71.1020408@cisco.com>	<526617D2.5060903@gmx.net>	<6.2.5.6.2.20131021232826.0dbc9530@resistor.net>	<5267E076.5010700@bbn.com>	<21D6C0EE-0C10-4DC9-ADD6-A6CFA212D163@icsi	<526815F0.8020100@cdt.org>	<526A24AD.8000107@gmx.net> <F5063677821E3B4F81ACFB7905573F24049EA32CF5@MX15A.corp.emc.com>
In-Reply-To: <F5063677821E3B4F81ACFB7905573F24049EA32CF5@MX15A.corp.emc.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:JEk6SXRz+bMnvUCMgA5ruTao5PFI8aGtUOajVaBRNBbDH6fFRLo JKG1Iq/PM4a9m94tF2mEAJx9TG5NJ6ht+JiFoYTVfZN0parUT29Wl0qcPixlow7U4LbdKKV Ut74umDNzCSn2n+03T/vdsW1dk0UgzJfmpDL+Yt6xC3WyXToNbwFJJqfKcsrIwrnzsBQ3qa y+uhNLBxNS3yVhKfBbdjA==
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 14:31:00 -0000

Hi Kathleen,

in my mail below I had shared one example of how the process in other 
parts of the world look like and actually defended NIST to a certain 
extend.

However, I had some experience with NIST myself, for example with the 
NSTIC work. I am sure there are other on the list who have had 
experience with other initiatives, such as the SmartGrid.

Take your experience described below and compare it with the IETF. Have 
your comments been published somewhere and are they accessible to the 
public? What is the decision process for incorporating comments from 
different sources? What is the dispute resolution process?

Ciao
Hannes

On 10/25/2013 03:51 PM, Moriarty, Kathleen wrote:
> As the final expert reviewer on a fairly recent NIST publication
> (about 1 year ago), I will attest to their good practices.  They do
> work on standards collaboratively, take open calls for feedback and
> then provide responses to those who comment.
>
> I wound up reading the document 5 different times, providing feedback
> in each instance that was typically accepted and all responses were
> reasonable.  They do make an effort to find an expert in the area of
> the standard publication as well.
>
> I did not read the full thread, so sorry if any of this was
> out-of-context, but I thought the first-hand experience and their use
> of a final external reviewer might be helpful for some to
> understand.
>
> Best regards, Kathleen
>
> -----Original Message----- From: perpass-bounces@ietf.org
> [mailto:perpass-bounces@ietf.org] On Behalf Of Hannes Tschofenig
> Sent: Friday, October 25, 2013 3:59 AM To: Joseph Lorenzo Hall;
> Stephen Kent; perpass Subject: Re: [perpass] Standards in the age of
> pervasive suspicion
>
> On 10/23/2013 08:31 PM, Joseph Lorenzo Hall wrote:
>> NIST appears to have learned from this that the standardization
>> process has to be equally as transparent as the
>> competition/cryptanalysis process. That's a very good thing.
>
> There is still something to learn for NIST when it comes to good
> standardization principles, such as those outlined by OpenStand
> http://open-stand.org/principles/
>
> I am sure you have seen the related post from the IAB on this topic:
> http://www.iab.org/2013/10/23/comments-from-the-iab-on-nist-sp-800-90a-proceeding/
>
>  But it would be unfair to just complain about NIST when many other
> government bodies aren't any better. I will share one story I
> experienced recently with the European Commission (EC) created
> Network and Information Security (NIS) platform. This group was
> created in response to the proposed regulation on CyberSecurity by
> the EC.
>
> The responsible persons from the EC decided to organize a f2f meeting
> early June to get their work started. Around 150 persons from all
> sectors in the industry showed up to the meeting (mostly from bigger
> cooperations who have public policy people in Brussels) since the
> meeting was announced short notice.
>
> The meeting was lead by Giuseppe Abbamonte and he ran the meeting in
> the style expressed at their webpage: "the Commission will select the
> platform participants, with a view to ensuring a balanced and
> manageable representation of the different stakeholders."
>
> At the end of the meeting he came up with the idea that there should
> be 3 groups with maximum 20 persons each and he will nominate the
> persons for those groups.
>
> I dared to suggest to follow a model like in the IETF with open
> participation. He shouted at me and said that this will never
> happen. The argument was that this has never worked in the EC so
> far.
>
> Of course the folks in the participating people in the room quickly
> noticed that 3x20 by no means leads to 150 and so more than half of
> the participants of the f2f meeting wouldn't be allowed to
> participate in the work. (I ignore those who weren't able to show up
> at the f2f meeting or smaller enterprises who don't have the budget
> to fly to Brussels just to chat.) I am sure most of them had no
> expectation that it would lead to something useful but they at least
> wanted to follow it and jump it when it completely goes into the
> wrong direction.
>
> An hour later the model was changed and larger groups were allowed;
> that's still far away from an IETF type of participation style.
>
> These are the types of groups who are supposed to develop solutions
> to improve the security of the Internet.
>
> Ciao Hannes
>
>
> _______________________________________________ perpass mailing list
> perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
>
> _______________________________________________ perpass mailing list
> perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
>


From rutkowski.tony@gmail.com  Fri Oct 25 07:35:37 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B600A21F9CF3 for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 07:35:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pW61V6DLP0vu for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 07:35:37 -0700 (PDT)
Received: from mail-yh0-x231.google.com (mail-yh0-x231.google.com [IPv6:2607:f8b0:4002:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 174F111E81C0 for <perpass@ietf.org>; Fri, 25 Oct 2013 07:35:25 -0700 (PDT)
Received: by mail-yh0-f49.google.com with SMTP id a41so1568050yho.36 for <perpass@ietf.org>; Fri, 25 Oct 2013 07:35:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=shmqM+/XeielqTrX6i6lrzV35W/GpU7ekp0GGE8/mp0=; b=F6UILbXvYaIwGhss5TAqOdGwZWhnQwWzd8LLVkFaI61zChCrhpgLAXI77hkgRnieFK 7suatWNNs3u/OMz7hWXauqssDf+kJDOUYwg/9sJUKNsMsCgl1nS58BJYBe+LXwLlj+VA SqLwF0F9AJrMeK6BNeZluy7OZS2dJkWtrHZDbeLOWE7mQ+D0jOqnZTc9zpakRHGHsxW8 MTrmBHNdLvANlyr9ZWtM7CUh4tC01eIa3kiKgdAixy0krdVuNrcpbbGmOM4tBVnCjoAj udBGR7UEGfUHFfi7X0i78r9CCPKlbcbA9weaaYtHL/XP2Gv4JCZlqsBQt/+ISix9Hqp5 AItA==
X-Received: by 10.236.199.81 with SMTP id w57mr314239yhn.139.1382711724434; Fri, 25 Oct 2013 07:35:24 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id d26sm11654522yhj.25.2013.10.25.07.35.20 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 25 Oct 2013 07:35:22 -0700 (PDT)
Message-ID: <526A81A8.8010507@gmail.com>
Date: Fri, 25 Oct 2013 10:35:20 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: dcrocker@bbiw.net
References: <52654CB3.1050507@cs.tcd.ie>	<C5E08FE080ACFD4DAE31E4BDBF944EB123CD0F2D@xmb-aln-x02.cisco.com>	<5268E1C1.8070307@cs.tcd.ie>	<C5E08FE080ACFD4DAE31E4BDBF944EB123CD2370@xmb-aln-x02.cisco.com>	<5269304D.8040101@cs.tcd.ie> <526A66AA.1020009@gmail.com> <526A72FC.5020802@dcrocker.net>
In-Reply-To: <526A72FC.5020802@dcrocker.net>
Content-Type: multipart/mixed; boundary="------------030709060406040307040302"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] ITU-T 's anti-perpass work
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 14:35:37 -0000

This is a multi-part message in MIME format.
--------------030709060406040307040302
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

On 10/25/2013 9:32 AM, Dave Crocker wrote:
> Please provide some detail, to explain how these contributions are 
> anti-perpass. 

Hi Dave,

The term "anti-perpass" was used to
described a significant initiative
begun in the ITU-T last year to
develop a set of Recommendations in
its Study Group 13 (essentially Internet
and Cloud Computing) to Hoover up,
store, and analyze everything passing
through the networks.

The proponents (China Unicom, the China
Information Ministry, ZTE, and ETRI)
argued argued that "Over the Top"
providers were capturing and
using information about "their"
telco customer to their detriment
and instituted a Big Data project.
The work included coupling to the
many new DPI standards being developed
in the same Study Group.

The ITU-T today is predominantly a forum
for China, Korea ETRI, and Japan.  However
some governments intervened to suggest this
work was not a good thing.  An exacerbating
factor is that 89 nations last year signed
an ITU treaty obligating themselves to
implement ITU-T Recommendations.  The work
was temporarily halted early this year
because of the interventions, but with the
Kampala meeting, it is now scaling up again
with these documents.

The IETF could perhaps help here by offering
critical comment that having global ITU
Recommendations that promote if not mandate
pervasive surveillance and analysis of
individual users is not a good thing.
The attached documents are exemplary.

--tony

--------------030709060406040307040302
Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document;
 name="T13-SG13-C-0370!!MSW-E.docx"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="T13-SG13-C-0370!!MSW-E.docx"

UEsDBBQABgAIAAAAIQDd3cGB7QEAAE4JAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIo
oAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0lk2P0zAQhu9I/IfIV5S4ywEh1HQPsBxh
JYrg6tqTxiL+kD3d3f57xkkbdXezTZbQS6TYmfd9PPZ4srx+ME12ByFqZ0t2VSxYBlY6pe22
ZD/XX/OPLIsorBKNs1CyPUR2vXr7Zrnee4gZRdtYshrRf+I8yhqMiIXzYGmmcsEIpNew5V7I
P2IL/P1i8YFLZxEs5pg02Gr5BSqxazC7eaDhjsTbLcs+d98lq5Jpk+LTOB+MCNDEJyHC+0ZL
gbQ2fmfVE678wFRQZPtNrLWP7wj8BYc085jp1OAQ952SGbSC7FYE/CYMkfN7FxRXTu4Mrbo4
LzPA6apKS+jjk5oPTkKMtEumKfoZI7Q98g9xyF1EZ36bhmsEcxucj1ezcXrRpAcBNfQ5HGJo
c2F3ZgOB6Ge7P0tGL30uES1ExH0D8f8TdLoT7X9prG+qCiTVyfjBMDFP6EVncRI77gaIlO8p
Jo+rNx87ffGgPIpwD5sfF6M4ER8FqZxD6/ASe99Lj0KAVRdiOCqPItQgFIT5N8CzGuyER/1T
si7i3wlP8Le4FpsGJlTeK4uios7VSo9CILVM4O1z/k60MucsqVW01z614PAPyz52zBSdUw+a
cN/3jtQrZ+cZ0g+CAvVa765HzbbvZAbMefs3tPoLAAD//wMAUEsDBBQABgAIAAAAIQCZVX4F
BAEAAOECAAALAAgCX3JlbHMvLnJlbHMgogQCKKAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAArJLPSsNAEMbvgu+wzL2ZtIqINOlFhN5E4gMMu9MkmP3D7lTbt3ctiAZq0oPHnfnmm998
7HpzsIN655h67ypYFiUodtqb3rUVvDZPi3tQScgZGrzjCo6cYFNfX61feCDJQ6nrQ1LZxaUK
OpHwgJh0x5ZS4QO73Nn5aEnyM7YYSL9Ry7gqyzuMvz2gHnmqrakgbs0NqOYY8uZ5b7/b9Zof
vd5bdnJmBfJB2Bk2ixAzW5Q+X6Maii1LBcbr51xOSCEUGRvwPNHqcqK/r0XLQoaEUPvI0zxf
iimg5eVA8xGNFT/pfPhoMEd0ynaK5vY/afQ+ibcz8Zw030g4+pj1JwAAAP//AwBQSwMEFAAG
AAgAAAAhACxYsg5YAgAACA0AABwACAF3b3JkL19yZWxzL2RvY3VtZW50LnhtbC5yZWxzIKIE
ASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1Fc9b9swEN0L
9D8I3CNaTho3RWQDRVIgQ5fWRbsZNHWSWIukQJ7j+N+XkiNbbiwmRrl0MXAnmff47t2HbmdP
sooewVihVUqSeEQiUFxnQhUp+TH/cvGRRBaZylilFaRkC5bMpu/f3X6DiqH7ky1FbSN3irIp
KRHrT5RaXoJkNtY1KPck10YydKYpaM34ihVAx6PRNTX9M8j06MzoIUuJechc/Pm2dpFfP1vn
ueBwp/lagsITISioTGl0V4jmzBSAKek8scNJ6GkIyWVIDKW7jamEWh1APF9NZDzT3IJ5jLmW
NEmuxt07X3XmKLh/QjCKDQMNSlYJLAPTIXAJaO3Ex1RQoixuq36qdrYv/DgJmSh0IobD9VuT
tr9eDiYhMeRa41+K3bt8TCSNcoKVzbBkN5tNjMBLbMuplW2JsqICF7XRi0pYjBtHR+MbdRyU
Qz/6ghlUYFroAl1/KiD+beuZyNJkcpncJNfnYQ9KvFrLJRjXizsMKdm7vOlvQP+36R+7IRQO
fa4Vztmy6pXy3uXlMCQIvrao5a9DIaQkjune6+oFpLerBE3oBpbfAdHpqjcJe04vLUF77Dm1
eVFU2lpmtrSrhrd1kw8hE2lf8NZ5vKQFxTBMGqh4I1aihkywdt1qLPpZFIs7huw82pKgVTiM
uRkhR6DPhHkTMr3NcO3vPDvbW5lXA/Gl4EZbnWM7Wna7abOTTo7XXrpba34KLO/zHDj2SvLF
I5/GgvIgpJuDXSJSIhtB0daZxLUbR0Ob8hAZJ74EXt/W/Zr5t7WDHn2/TP8AAAD//wMAUEsD
BBQABgAIAAAAIQD3UXw2TC8AAC5dAQARAAAAd29yZC9kb2N1bWVudC54bWzsXd9S40x2v09V
3kHli9Ru1TDY+B94F2/AmPmoZRgCTFKbL6ktWW5j7ciSPkmGYa7yDnmHPEH2bp8ml8lL5HdO
d8uSLNkyxmD4oGrG+tt9+vT536ePfv+H7xPHuBNBaHvuYaX2sVoxhGt5Q9u9Pax8vTnd2a8Y
YWS6Q9PxXHFYeRBh5Q/dv/+73993hp41nQg3MtCEG3bufeuwMo4iv7O7G1pjMTHDjxPbCrzQ
G0UfLW+y641GtiV2771guLtXrVX5yA88S4Qh+uuZ7p0ZVlRzk/nWPF+46GvkBRMzCj96we3u
xAy+Tf0dtO6bkT2wHTt6QNvVlm7GO6xMA7ejANqJAaJXOhIg9aPfCOZGkdOvfPNEYYB73A2E
Axg8Nxzb/mwYj20NQxxrkO4WDeJu4ujn7v1aY66/eMhl5uAkMO8xFbMG55rLQcZQvjRxJB5o
fmezmm2xVl00GDUj1EQMQxkQ0n1qSCam7cbNPA41SeSCI9ah70+BN/VjcHx7vdbO3G9xW8SY
K0BWbTHnJYcWrtTAHOtej01fVIyJ1Tm7db3AHDiA6L7WMIgiK10Ii4E3fKDfaOCon8tAHfyL
cd+5P6wcHOzVKziMHny8PPxuVnbVA+fmgzeN4lsj+7sYxjd7wnE+m9yWI0b0FNpqtnNaCuzb
cfH9XYYt0RogPfe8b2jwznQOK1X8UaMjOwijKw+d8KljJs/4Zs9zphMI0/h+6oLr/XQMcapu
u94/6zOMVsIQI+ZTYA8JBbf4RRtyaLVGrS0Hn7oMmZdztV5v5V1u7OddrdX2arltNJp0WQKn
YYoCgAOtMbwi1NTbjVrzlNDDly4hQ6vV02qtV5WzHwVyUJbpRtc+hLRqT12OLJ5pS43cUhTB
Q0WbGYq4+yyCW4HrPC+BgHoKIg2hasPXoCyDTj93Ikbm1InmH79MXCIoB6AJ0jrX1CvetuOp
NCeg2zM3FEF07t16EpV5j9cIUS4/PoyIV8xp+uG+O4xbZiaIkT2HWYXBAT/mepeB5434OPyB
JhhD9ZZs3THdW31NuDtfrwkMAfo9Cm3zsPLN2/njFT2JiVatKsGOYfsd23VsVxhDO4xugJIK
Hx3HR+fxEREEWgbjd0zXGnvBGTBUO2qfHLfbe+qGGNoRXW7VT+vN9n6TRITfEd8jMies74eV
drvW3GtWDOvhsLJf39fUjWdGI2FFffkk2LJ2UG2iu4g7Bdkd8GsDOiU0+GSlXAYGzRLQLpF+
aVvRNBAGLgxFaOEtO5rueI4UKn7Hurj7FJj+2LZOA8wSUaUJJpxdOfesb6GyU4C5jOhdriGl
XnK93hhTIo5CH0Mi+Bj5i/tft9fEUE7MyDSmwbweWj4AX2IQ04ajDv4psHD0CHSkW3PvLm3m
YlymqVCzh0kuMXv6HdmCSaDJyZpHthFfCgLvfizMIZSgnIN0K7t0moJq4Nj+qe1Ak5kdOjaC
jpgMBGgMxH4AqoVIiiAM/MB2WTKZnTCwrjDLmGEcR4GIrDEdjtCKur6buMFdznohAEIfiBjc
f/aGaNicRh6Qb3a+j4IJ/cJuMsA2QBIYhknfJHZawEvoTr/sQ6N9Et7EoAOMAXBy4+bdeciS
GnhUj1Bfrkdj55E4rkGam3guc2diRyIwHHsC/iXVqWAiNEO68cuRaTvyGLA4LgSPHqc6xCmO
YtYjek2e4ziWS3TcicUVSTC+4vP/Wr2Q+I6Ugoi0kmnWWiyPM0qGlOu1b2J8Uog2lGTU729O
wWCeCVAlgmdifI9RqIUzfvWDADFf6y5pAsjonl3c9K8ujm7OvlwcnRs3/fN+78vnz18vznp8
zcDRlwtW/YzJ0lit12E0ALAUVgHzhtBXbezVj/qgwRgr/nX04MRGAhw1dwoODdQsKtTlKWdS
UVo54x3WIp2gEMfs/YI5TYv5XUD734lKF1g0UmjDHOk2wKBV6ML9PTipRVMXdWuLXlfjXfB6
fdHrzXatWj1idBXAb/zPf/yn0SvZhqKz4NRzoxAwjSH1DivaspAYVMaHvphrbkRdGJLVok7n
TJ9FoPczreiZnllWe5oUYhFB5Mmst75tSy39JJS/IY2wZmxEK3RpqbSK0csGwqaYSBnxxEQa
XUkjl50zZbUOod6IeC3POSV/6LDCbIPTc9iTdAZI85tp0HuymT9/8o5NC27skoZI1sWzRDKE
2taSJBbkjWqD7M60yJHOU1KQ1yVoL+tEaNEt534gkdUL+Tch8dlwx+iZYggLSjVglAslfrkG
garunMTP8E3wVF0NAh5c1L2+Obo4Obo6OftXqWGu+72bL1epbuV8Y7i6c5KYi1xM/dxiJ+6g
X2+e7CWVhFaQE9NxeqY/h/8NaFwylOfVxfXN15M/GZf9q7MvJwv1hhqDHvCcTNQjip2/tNVA
U47Ia30H/7VycA7Ma+7K57FGi5VWSq3P85iWrZpH15nI41bzoH5MjE0kz954v9+q1faTE/kX
C/dlOICErmRxhYtCZtinx56Su1INIlLkDOHgEQepoxuObA3ELaKSqmvCcsxjy8icH14iMjIw
2C6cjRvyBHLpjmktfkabeBmQmgfVo70FwZ2V8IyAiQap27vqH92wpp5d4wl5YaycACrj3/7R
qHzGn/GAv8pSRBVxYjnqi0kkSyyh8M2AlG0RvZy2a/0DyQtqHhaaYWlw8uNFe0xD951yJtuF
d0e+b5CSJhkKUgyrePiqHK4WAae5FuKqgLBJyhWBVK7/hB7OMFUBYwuXA0gEG3PSzGYhsbox
y7Itg7nch7Ylc4X3wnCq1M7WMRZesBhI7w+8KEJMQMlVWqBz2OYLfyBMwuae8nrY6oLp5yGQ
xoEJSavRrDGCTfnd66iCtAlQJjDLPqiyWb2ACJoUSUmrdeYrKJtRW8WzGzoqMJvqmQLVc6GC
2Y8xT1//pGiLdYnWyjV0QTVl8LqCSUKTsxkKB5ccOfZtHC6yEMiOow2bp32F5q00g6JuH6LD
DseG5zoPKZksZ/jJDf2EI7vdiPmCJUnbNZ2OoVCUgx2WndL73ZgKwRqMMjD0Qp32AjJCDLHS
vJXVbLD0Ke3/xUK/WL4Ab2wQEY0p6ZOzcsfejFIQEyEizn0orSGS4RHGi2pp4EyFb9MCfbIp
DjPHIRK11DqvUzhOlDCgylgrerAQcN1/mmJFFGkovwl/2ymmp0I9xUvGgDvl4jERSiyuo8Cb
tcb+SY+wEvtyicht7AcVjXihZVvOWq21UyhJoLmM8xV1dxe9/sxBXaJsKRhUQCzX6mscNMq4
7GziPNE0l2LZHF1FAyIiSw2MYHp5wVeQnJIVfNqO2ZDGT8Tt5xTbzOJQgg8/iwLyaU9wOffo
ycmP6iJLUEd1h5EdSU9hZmdrF0FGhzmsNmtnZk6rRIV5magyXpZKiOSgALDyiAt8RBl0+3T1
5evlwpjbca3dqPa11CrlvSb6Xm8hR42gYFzdtVzcBJAFTjQvAn25uLk6O/5KS4QL0ZQgTgX1
k9Ifqba55SEiylgE4mQLJMWbM5GQzxCzduhNAyuz8lPSrFFBpceycPeau36MRbNfp3TgjEUz
H7TWvvxTyO4cQ2feKVFcsoroXYq9hSy3vCdisj7YPWXlvHImw5g25PSTwNl4WEspeoq1wTkB
GZsjRBYoBKdXpxa4NzVWvMorYb2suVUt2+pTqZgLfZIDcg8TxnKRhV6kp27IJNg07279RDcO
agf12JDg+OX+aesIlwi5SyY6tmaWczExrHTW2HAuo42XNwrs5lsJ11NkvDwsNA3q/dopotRM
QgqwRabpGsAgsxpZbJ7vhaZjeKOFUCVw/2Qo6g5SohOT9qSD7tq3BnIvTOStjmzXJjc/2x8k
BOcGkD/b6tX6LZmB/WQjzCcCA5tyssjGPHijfkA6SwYTkOfqOBwzyYiTTcHa/dPHY/uW8gZ3
AvFLFGZwlQ8g3BECL0/rkcCX+xfmXZRC2QkZzMIzFThRM6MnK5G4cHJaP9pPr3cnEukVX9uc
IM67Dc6RlU3LzJS8mtihQJeRh4OUGCm5Jdst56yE7NDAFQn75Y0BXd2bDNKfwYTJJ9GxHRoW
MtQCezAlxsmSawzYxqgxHHv3WRqMey3C8voWXT46Vhx+qcnO72kmq8LtEMmasPMneo2Raul8
j60DY+NeYI8BD14MjcFiDfl8kjoU2O1JyjG4NV37h9yxaIRTAGyGxtlJ74PxCTtbRPDBuDi7
vjGQqf7ROIK8sSPSrHc2tkwY2HSDzTLLZrPd2jvZ7z2t2u+GbG4UCZX8Kd0YD0VjLxSb4KTu
jGm2Y6ihEdoT33kwIs8YC8ffZoVPFhIUfvRLVtguVPgJ9+a5qchbSELV03pjv3yKTyn51Q1F
NPW3g7QWDn4TMiRfTUXjVTl5U2JlxvvLJOzzuDCL9eWmsKCVqe0aNDW+h10Fxp0t7gkpZzdf
d24+pilHWuzwfZPwNtvtxh5nKyUyphXa9HMns72f6cfZRU+oZu1Vr2pMl4esVq82+xyUYXAT
kNXre3WZfBuvnSpgE8GD9K4XlYWPXSwSYNu5o03EnCer/ALcO6O9pnytppev4jfSIUp+qMzO
0ZkTof2k5Ep5jccng1J/vvGseqNda9dbNbXwnfsKz2D2lTbS0KR3k3CylfgrDSv5KDKEkZWG
iUbL0PgqPeZLICTIZGHQJCq9A0UDzw9YEVikKB8ng1bB1tpBlZU603JnuGjQCdZbIbKyEhxF
ER7NH7NlUzAUs0HOHZ2Jg1WyMoIxLf6uEuLnoFc/7cVJ4FIwInIJkcEtKwHDYQkqwxBvAVpb
gjxtAC2f8c4iA8EB+EUP2NVORWrIuYGhy4p4sVXwOOpfsg1us0HEfBxosh8Iy5zCqYG7l2WA
hNwpZ2QOBSr2DLNW+HPM6BzsaUGq1GxiQM8j4RF1uh/HdEXBahkqGHpUEoCI0PRRHkMMPxo/
effkqX+YG0kC6EfouvzJh4GFWIWJfxPTnY9UJLp8JjylghNZOtRz+Xg3bRVBXICxeZ/t2bEU
QV7NpJQdZezhpQ7tI8inOJz7PJPRhScw8hzHoypVBhdPMTisaoTeRGQJ5dlnZKPrMqsQbXdd
obtKZ/kcshnfdRW4ntVuzEeC1qqjAFtpdOh1AZk+hiWTkdxs088rKreA6jpGWmHmut6t02pb
lghLBAWKl+TSj7PtW+1VD/bkyqoKCkAW8bYp/ALpTKYWKjsFFZxhORoljQ44wwj+ZtETtdqB
suSLH2kiEsjGfvEjB6inhEcwcjzDMGGLXjCCzLyculyCBkkkKCCDXfGWOOlza7PzC3k+/MsU
hc1oM+0Zl2u5503LMgOFCkHBwEc3GBudXE2p3psZnZNdq8DDnlPeEcMVIhVCqBd5O+s0zQzi
//3rf//ff/1NPsWbyjQ2qYjM6am8kdibp0IA4Y8elZ5gvCPew4NYlZl02ELTTE6tulRVEVOl
xeA5tckrUYBgNtZsIbnGET/Gq7dcSI7jIQsKycX3e8nKcgWF5JiCaO4HjnTKcKCLtlG6MtoA
nlC1Z6+VWxuu2Wqr2FDq6VqzGu8RmTWYrpSR5pMbJClVqwfVdu1IBq/jvSWZ0hg1VA9S9KrI
omD3CUMM4EttTUgDcyUDKJmLCf82fUf6t1JKkBGRWnbP829js7gEIdf57zkIuSD9ZCtgxDR2
vyTM/KzmyrPd5gAHMeQVm0nJjc2jm4aStrekBCEuXLQ1g1ntnZ6XVyIkdEphlhs72GKygIRR
eVqPIRAWui9JINqAKDQ2XrtRIxOpUhI9enLLZfMSKMEgIJekUTvTYUtNru0RpgGKhwffFnAM
SVYWBU9kgMCUf7dAtNn8lKZ0IgaVssBKaXc24l9Al1P+k5upaEIcJn2qd43+hK7Wa6SP/EgP
Eo1lajaC+GP4zTt35KyJD+pEOJ6FbxMYFPOXt83AFrhgu/J7BpSRaoZIywmR7mBGiCQiFD9E
xmoY7ciix/YdWrNd17tD0t4dxUGDCWdUJptAipP6nAJnaAkXJYYt5B+iwhKXI6Q2h8Ky6XsP
CPZ/g0e/OGy8v99otU8rpRh2ezTIz7V/TzkU5dj3xe2tHHNkqdp+CSmp7Y0UWnHyGKWs5KkK
VuiyvO++Poqbr5Zrk0klVxGNV8a4SEB+BOM+syfdO2rtNQ9YJiq/NM6YWpZjJY0ssMrsDVoF
7mgXhEQoylRBLFOEVUWMt1oGvEYV3j1KEdlaQ9gapZdvl6SXQxIjpehsgpCX0tjWjLO7JEvu
VQq+/MlDsuutgCvCuzRoQTUS1thFqb1bG7swyJYzA2uMUvv8QYuwcK5fj++F3SUooyYKk+9W
H8nW0G3+FFMGByJOgWkhu9lE4ajQENim5uGzXahK/GDwyjElQHN6mmPSp2+ka8G2v2ncY0fO
G5j4O+kP/XrkMriZt/JiZ5hw8RUgWls1M96iZfr0pZoP9LEdi1ZxHz4Q1+9is62JunEPoR2+
Se9tL+29QWu9LjO2gNXTbJpynmZLRRlH6N0nXdERSqH1bfmkb345Zlbl5GVyTN5XalQKTZnI
A0RW97P1R0QWRYmyrukEi6uUHQcTLbvdKf14QT7GOz9sOOfq+fghJbULleE6cZ7FyT6JMPd7
Qt/zJPQ9H3Eloh4pufMWjEpad6IKN2nbcq0Rv8SKAimTQIzw7YFfjwcIzx+VnDB3WPWjfUHY
dRXaP7D1KjQG4sFDdIf8flN+1ZyjPw/4JCJqd9A7A7yFTQ+j6J627USe52Dh0DNijzGMPHIc
sYho3uKXY0XkMv4otUtie1OqClyrIqqhKGdCtr+iKOfP9bQTLDUk0hC0tcRDa7VbSMzVl6R0
209fTCg+lY2rHmerKpGg+674tlzxzbhy7mPNRB2vMkWyDD+XMw7XiZQkeCTH83jf7fHmd3uA
xChXm36eMLGwHe/GUIpH54NngnybzHbYb2DjzIlWESzzm9Xa8bGsx6mExmqBl6Va9CUsyFcr
AbtUZy1lv5STdys5w2kqUOGXzMWEEEzfYaJRl8hnUkQzS2FYUljmV5D0kMDOVnIH5Fq+po39
R+l98YZyfJUoUm6GWmv8gOXHWQYjrT+p9bolbuf2o4X33aFKBQogDC/hKh0HwvzG8qsAYZSd
2XnCYcMY35I9TD83yngcKXXy3IJEf4kxFj1byWwJVZTxzCTySsWdXkKHFkoJXqEWBnKPhUM1
SgLPtMZIVUDEAQkKbmSLwPhFfXgqRJ1QcWd70xDpC/i8mcUJyQNHoOaogSKSlOrAYYwpfVTS
sKZBgK/l0U3kPdzhEKnJkD4Tgeqaw/B3esE7R0NmneF30vx6TYZeKT9xrhjmbWBO8qpzq6DC
9pNuV3y3xFzqUO44VZHvuTDp9uurAq3EoUKK+UGFURAQX4vA5oJEnghfnIUSl3AdxwvDhzAS
k/DjO+c97ZaoXIp83ZxHZdNgQUF242PV2RB+7njfHgcikYsYkPO4KDOTo+105nv+1JEpnJzx
RbF414uM0ERFZRnzRxpX2qSULuC7gtNfIS9d9+ft2V68uocdYSi6HrFcRqW4icefMKAPP8Ca
EoGNT35ay/J/V1FuW+OV5Hutxk5KKb1GPd79h9vod2QPOw8kJEIs7OE3Nax3IbBmJZ9XSRcu
sv4FbQES4Gv39oNBFybeUHCKMHwkS/iRXiEOhNQsFK7h1HntLvljZAfrxWJWTGQZ/iZFX1Av
Qdlv9LweL+Anc+h5fqmBvmIjpPtb9pgdlOmi0BVpB/5CYtr4ypUg6RWuX1UIp5RnnNlIuYra
fKGgTRd8TFEWkAQCmaROLNpFiACNqp7Pdqdjj4T1gKp0cms4FTq2hWvlJW+CbvRSFQWr9GcO
I709932t9b2y3gqpwtool+JIERf95Ky1KnZTgdPyVeSq+/rzBXGhuSfYWp6GRsnKjABdvG72
1hdb0xFuhZpSEe5t8TEWLAF1r4+uqUZ3hA+QmP7ma8KsT24JbfUm1/Y3Rm7/LwAAAAD//+xd
yXLjSHp+FYQOdneEpOJOSWMxQmuNZro6FKVy1aFjogMCQRItEOBgEUt9qnfwxY6YufoJ7Juf
po72S/j7c6EywQQIsAiJqlEfZkoACPz5579veW/7xztt9t/Om8G/zI/i3635EbvaaskrZ3H2
mm8HY3nNDfb+9WYHf7l2nJzEnn28cxfu/fk9/frN/Ci6jui9yeDUG1tDO7EtL7ZsK3J9O/Hu
XStxo6k1dGMn8m49vNW2Yi9JcS8MrPnEjfDExLXuQz+durvWveuHjpc8WHYwtO7tyHPx73DE
X+x+dlx3iFtWGI3twPudvYWASDgoBEgESKPYG76/jo53Go3eZaPf7e+wOxzS6DIMElrx43r+
97//6//+8384OpzQD+kdT4i5r1/+Y3OLAOgTL0iOd+TynmtZ1uepfxTPbMc93plFbuxG9+7O
ILbiJIzssYs9tJxwOksT13JsPEa7PsJF23HSyMZVIoHEm7r+A+jH8WKimKl9ByLat7L4KrW/
W4OawS/dv2grAAnPGAknDmMm8b+CtZxPgHx+vNPsNvrEiMnDDDgdfrYFCyYOf3CGe4z0ifAP
Oo1G45weZ5fO3ZGd+iCL7J1rutQ4axy2OoxLZuKj9m3MQLFv8QrGDI7v2hG9cBbGxzv9ww6n
rCTviWbzsLnqke7BwapHDg+6cp0CpvDejUZ+OL9OAydhUs1Ok/CGSO38IvP3z/zv4W9pnLz3
xpPkKhiyS0SZJI/mR74XAJ0tfEb88T71ccFOfiIWEuC5n5MT3xsHUzdIJELoq/y2EIJVRAuQ
3ri85D+vRygTUdFmasRFwpIL7AjLWFCLEJPi0gcmOg8b/ebJASMKSZYZgmz1eg1CWimC1D+h
i2cJikKlzU7j5PKA3k5AMirtNpqnpw2VSqtt4hq7VL/qlLsEsQ22jkCMd1Z05A2Pd6KrYZOh
d+KRzHyAAGBrL9g4HasvTCjO5/N9TSpi6yVhKKpcXno5+n3u3Xkzd+jZ+7BbtBVi8xe7nmFU
cJVZC3R7/dqYTudRxnRCjxAtvaoG90lUw1MKnQWHvRx2ko6GxkmQFS9L3JnN4yXD9sVJO/O6
4BOSm8ecQWbkw/b3fddhbqD072IXflkcWr4dwT8g858cBN/9jN/aieUl1q2LK25sDb3RyHNg
z1pJaM2i0HHj2EpjsufCYG9CPyVX9NaOXbgMAdwNZrclYejH5HgkkT306Nu2z11L8Q7moM5m
vucw1zLetz4AamdiA9ZgjA97geOnQ+axJGkEhzVDhHhPOLqIiKu4URTPXN+/SexIGJIvkN+Y
OwZclVrqRTAUJvGLo9zBrvRNdzNL/YZNAxa22R3P0u83rJR5Vc8QPYnhlToT7N0E4aJgvEvM
HcQjN9qFCLH9h9iLX/dzDcfgufaTRf68OLV9EeArdAoODjq9/iX3i7h3mu+Ebw0vDn7JEzBK
fOZlmTODXuGSXuQu1R6j092t90r0Q7+TE/2AgfMao3uN0ckYnQhvJdEfXQp0QtqxsG2z0SaL
jAX+ZPyOZIuMGicyvFwpmifkrtHIkxcVehaxRHGHBxYeZYIILHxX0byqnoASbd3KOCUIZvDB
dSZwZcZukhH25sUKX4AinJz+REDLSH11hrVM1MfTIwTK90h9GTv+BRCXOW4gYz3WD7aPyADz
ppECpsvncPB/5MnmsRu4EVx5Fl5IYzyAsIDIOSv5ZS8IU+Smp2GKHA6CDmkQJ1HqkCNPWeWh
FbtTb0+5xtLZNotC2MGD5UQu8pKxtbfHgwYsKjEPUx/fs+/woTC0pqkzYVlLEb+IKUQhLk/D
wH0g0PzQHiKUgH/JRPkiEsFCFixCInyXfevETyZhOp6wVTOQhqEbB/+cIMkON4deSNABN46H
qIj119QOEmRT4QnJkAvCL+EocQPESLBUpN0DepzlUi37NkwTa+bCmnig1REiSrF3flTjBZDb
wP3M11tqqXlRjRewUDNfyZqKfeuX/naZua+p6H+wVDQZprc+U8TScDRk+xRb0uAbvRLNd080
sNMKyINnry4bzbNGZ0c+p9DM2Umv1T2Ud5j/IchIsQBnN8mD7+LXvD6Ox7GDdMq9Js+/9+W9
xuLeFdSp8LN6ws1a/ELY8VWL6cheFqEsAi7rDZjCyVU/Qcb8TUbzLUxG4r52u9Xu9YxhtQ19
36yX0unUjljFXxF0B5e9k/ZFndANbrPfr3ErzKiQ5ZRZQCR1K0KyRtgGSH5FtgPLGkUonpMF
psYvm7ES67Yp9y0zsuHwrH15dimZXQ2r6XeYGBCXaCGC6zwYwKgKc0eolhM1sjony8pKQyGs
5F0jXM2D3ukZqzJjdVerZFa/3zloXshlMGDFG6oAy2RZmRpeCXpOJr2A7QvwAUFj3sdPlEMN
LG+IejpvBN8qnMI90jdXh0TIuOKPZcg1/kZ6Lf6YeWVkWmc/q/LsesKrGJJvFlcrXi9lUTbu
s9AZnJYFxSpCodymTaIwzaKs6kvMmwGvmZxgmQikvaG/sx9T90fhsQqqdwUCUQB97yH6kP3w
ZlaJ8MOt75arit4wH1+hJjtEkGPojryAlVTES0URG6KSj6xHoACDi8zfhte4a31U2xI+irYE
G70LWWgkIX0TP5hJmQV7KFJF8Z6MGoSklF8ms6AWEr5zH+ZhNMyuWKHguvD/HUpU8xZLMZvF
sdzbb6KqwdCLUHCVffcT7B8aOFBzBbOKAeA/LAsquUAi3sZlu4OugCeAK5d7zWCU02WXWQTX
vbYBCunCOSpfYqqEu4dFBYkM0TRERNfzqXhNsd+pgs1ybcSoBTv/oQjck5Nu88BcXLFhEWv9
cmAKQ2YMe6MB3T/tNLpn0kxWrX39cWZAi4eJuIS1rzv99mjh2Zfz+tusxQW288Lrf3QfzoB6
dMqIYIHuQ6xjlktKEmKAr7sin5T+LoUIuMY9YkWQqHxE+gP1lCAgloTgLXtopPMSEAMzq2DL
u9EMnqJrxQ9x4k4pPePYLOlwi8wHFWbBl6RGLvlryjaEMMkMNZlUQCkqMJOICjiHlL7hPySV
ELhziz1DfzCQksgbj92I+g9ll5kXxynKNG+R4mAZpDF6EinHYYWzWRglKWwW3nZGZiHP94jE
C2DHT/XiI6NblyFAbXfklimhKP3xV6qs2mhqVp3CKDuyrj5Y6FMbEhVMbPSf2v7cfqB/s8ZR
tqecEKk/lfWj8nLjR7oiSlBIFXnFPBmpbbXCiOuE47wAWb9piY5WRYRV8E+q8L0ZwzxhKTsx
8w3QTSLl65d/q4r7MkboBpARhBA+rH2Z3ACmcBeySNlKnpxFFervK32FJXG+DhVtL8KmthfA
EESch7huFIVTpjJitHuDw6bUHsVSz9Pw1kMQ/gcHXdpoutyz50Dwj0jNR/ceyvzhiwn3S5Ti
88aCZ6YSH42i76Gg0M4+vEa3wSlU5R0roM0Jf8FhTyF3uMb5gfQOJf7jH1f6zhuhkomHcgkU
TaPNwX9mzOXghyFm1xqGDsYCoF1/13L3QEH+LiiFYtEgIUIaBgbA3g2pcN/zfcubAvd41k6H
HrsYOncoxnDuYF7wxxGksANGcVXXvQ43KlpkKfIjLYM8cflEcozsL5Jem7dzXq3vhKZlcH9i
HeqRQSeyv2FHewFMFDJeUaDk2lOq6BFErVQswcNHjIZXKsHMphYI2D334BwbYlXauhixQA1T
dG/o+rCIkXJjlhHMbflVMBqsdesWxrk1gbIbQcSx75FNf+sSB8LdHKZ4E3vR4pmFIT1Fyz2e
lP1ZPHI1dd2ECX44BdEb4SVE7l9TxAYYp69LiOedZvOkaXIDDQb3Gkmf0jaDzKMYfYXTs+bl
YWsBJWd+kWyVEkHxFfTHma8gLuV6sCJj9eiOrpu21lp5aFpBg7cdT7BPZzQk5XiHFLQY8VCV
wCWWlMilhgzFmq4XEPJzr4uVQcVkeP3wRiFGcOSrbgpfZWgqD7eFWqb2heQ4GtpuGNmo32ud
HxhjPu2L5uUBI9TF2Ahl+2RdBY/t1Lu+XAoXwCsUXrgLt8uNWBvnxtw0rXUtaM1qaruisO33
T20ZXlLks36HyefNUltBWjGXvhQIygQI1uKCArhyaQkp/ywNleWBGmAczLLASP1LBC3qxZ4R
PrNsZNzIS9qz4G8drI8p4Q0n8OqghrXrvWoAxrz1q5KD20G2A6SmRywjFeuppTJ6XLNSJDsq
4lZX+8Xi9hvUZoFwk0LXuBrdWlczUaLmRywpB/ClxBHzZmQdGn478qI4+QnTykRiqcvsnMVV
zIdqimlqQu5vmjbl6pE8y865GEf2VG0IKSuN6tkmMuqXOFoSFDFKt9Vr84FvSinesuKsDzpP
HwSVg9HlvhMCPuPqalzz7Hg3Cy9rqW5kq3YDocSsOl0Dvk2zG1HxEXKZeG92VA4lXVkYJZve
D0cbWEihP1LDKnNoZgMrqQHYwQTd1Xs8Xbhr8T/U8jB+hScpNrCCLdmLOZIFEwr9yfbKDSyt
js2BYqLYZhF0mxCfdYCuRz4zHnZJhbUl1FKEfj1C834t7VUD+svIIKPVp7cWqVbf6Xn3sKeP
MBWXSEsvdRsIq06z+ljsR1hzIsRawjoF7ZS1A7z1o0sFgJDmKpxx0250zy8fpxMLIuAXFdDr
g+4M6WVMJMcE3wjjtwvlRWaD82AtZL3aFpJDtkGYuEVMWDEGWRv4A73qLyP0BJUoBLFVSC5C
8DLo9eHwqhog24RDTHXMryQiX2drCDXA0QMvAc8DnmcderGTUo6XZ1sp7YqUbYkFSL8nT8zV
RsY5kqwEyM8uHwZeCSi3DLF0iAbqlahALQv8s+PTTAoYD5vOloCVaCVh8exWBdU+sHYoewZH
BJXQdI7FYxw8i2gD7FuK+0zLhtEQ1qOzwrDPXFwRzOXJW8KBnqmtR+jIcKZxNUY3JX81+uM8
wpu3mnqiinI1ig3FZXhFFVoPdLlZwccMc0tjD/Om8LEEkm8UaqqSia3kSMlvCX1YbS7Ck/mp
yK2SwAlZfwYqq1hpu4bPCj7hk0HNE0VUSpYFVWKdpLriM9eU1yB3NRNIzQJUVi4/Ge5ec6qZ
0rPicITZpMjLqZbd7dWShEgLJhYZBrEYd9/bL6ylWSb3QoetHAi5E7AVBpM8xyWdAkZejXaW
R+QLct+5rIm4Yi+1BvMOfv3ytytEcqgQlfWVbQCmQnRXABj7vgFoKnzQjCHrVlD51y9/LwHP
Rkk/B6JFjUARPMvEUrgxpWhoUBjoU0heKJoNfFGvgqighUstKAfBGl6NlpRYq2RZYSnmttLq
jzPzVsGWMNZfW2nzT8f8yIZXvLbSmk7qJH1x0u6eXZ5W7fovXZTPEhJlWsx1QpdO7CtfVBCI
VTbFLL9em3khlwsmLHw7hl+beZUzaa3gtZk351RnM3/iTK06m3lfm2OFtM1zvHgv62tzbN1C
0twcqwRYFctFt6TrN2dyOFOz/M2QVvTwqiibQakxPq82llJ0XP84j4Fs6f1HbiQ2s8Ir05Z2
jIREkxhTUi/6HRYbUMRf5TK3enN9Ch3wmIcCahkfpx7o2C7kie48OOsDpWRxXB5ghVGz2qDO
UYhUCfeXwvzSYad1cVF+mnhtC1huQy+rqWsDyYxTnmjElInMaEGahISxgjio18V4isgd29GQ
knuGEhMpRsiAqjgQubbFLncMbSn+ZdaKzFM2y9G0EXOcO7xE9sqC6kOjPHhpqVxO+fo2iYhM
bQs0hAJofWj6Y1beK1/dJvSEcxcDYmR5wRCHbH3GMd3E604481BtyGZ58RmOBUuqD5FhNLYD
cVZsAQDbhFPrB4a0q/OzH5+J+j5sHaYGNE0PMxBxAIuL2Z7rlrFuizY3q87l3VY1Yb/b6fa3
wRIRpzM4k5AqigrT2NuN72B55kQxwmsUUzMqUFhKBxeDs1VCKysyVNC3mwwgUbyAyuJQiEMU
XW0l9dFExnCrBtZW0YaYAK3UOPFpnkgUYAx5sC0YN0tlL6kI3zahng4LpfKyxJu6fDAfn/qH
azjvc4ZcAYgf069XrPGi0ep1Suff62MJDBOPMXuQtasUa56t0ZbRC+bbUUrH30qEZ8wTY+WQ
Hu6TFRLccpEa4aVGB40L7jdbqC5fzGxU1qbfYZFPcYl8OWNV1MbGM4rysNLZGVraE5wq+J6O
JHYDR+8+NeLVeIR85qKCbP0OQ7a4pCBbhHDXRU5NcDZ77cP2IROuRqKofOpEq7uDvm1A+zjm
E7EgfmjdmXLqhLLpkjV50FbBXDJ4a0cJDtCm0flv/TCOcQJjnkRb+vXqmDlgEA/lpLOXZl5P
cPBD5HvBnRUdecPjnehq2GRd8VAN6Nd+wKAjrqgK1jRJktnRmzfz+XwfYUha3j5Gj7/xkr2x
WOIbbY2AcvFZhlkcWQ+OkV9gccqDTq9vPFaw2WmcXOqN/s+25Qtsr64ffaSOxdIVjDOJp2Cc
jyIoQAinjc5F57BxzvYnZ78vPmMuNqq1ERn+aPupywNIINsQo7sRElmih5XDpioBNfhTGujS
CftsGmdlHr6kiyGh/lYv2mo1ms2jrJlpwnubNI2CdxYWXLlCjaEF8XtDBzUiNDmf0X6z2Vlq
sVoAUO4r6joHhfNKFHg2ICJ0vBHdVuBOfce44uj1e41+rQIZRUwxAYn/x+YxNe3gYJKIdhd9
Wsc7/cMOCfGCJ5rNQzFdOfclzS6OylrxlkMMOuPaQsIUIqA7wqFR12ngJOzXNgZh3Mxsxz2/
yPz9M/97+Bumeb/H5KPkKhiySzEeJx6G1sFIOhyVyuep0R/vUx8X7OQn6snh4C0NtxOnIlE0
+cT3xgEN/5aIImj4zwTtVJFlEd6i1FesSYgFJzoM3jl/pmhCVkkueEkRouwwaoWZGeYWEDKt
8kiKqxkFuLYZytdpdlqSqyvgKPWpARpwNEUK5MsNUJYnLwn7YWnN5b51KjJfvIw+AOmQ7sAB
sjBeyA32giC8Z0fo7NJBIzM4kRRz4/4wZDxrErrHFPwSEDOByA3mcsCtaK85WFpzYRCh3DcL
27rEFzeCenPcxHpnV0Tld7BmUuTV6GcDi9Z1rVEBCotTbrfiOel3mAJ8WebpQqJw8aEAX1o/
UIXNz1c3HyySIeeY92gBQfLEWhaq/GB/DgOcToTzLD7i9DA6pK6539jVnvsnezr7g6U8eZPe
jnF48czS3/0pjO5IN75l9374+fR879NbHO5zko6hRnfJGGxrNGTcUd1wUSeL6Xde4o4q4rWA
PYAWscM5vsSnCYpNrJkNh3FZvTHjqkhBcXJSQjbJYEEe7xCCjB+p5YROBcRRQksNhPIjS72V
lVc4wDGFD9bNyc2uRS4KEcmSvb79dq/Z0CP6VqJPyeCTd+fN6NAvjQ3MxkM5TG7WNjIZc90d
CFfFmGNwSXmba+wc9tsnDRGwECi4SR5wxJnwCmyHm7rlNL5w7dxgfy4xuI8CiDf01xsQ768k
2zScAvWLxeRB/AQY/iYX7rsMsPRWkpMecBK2M79IO5YMlChX4jqTxI7GbsKc/Uky9RHt+hVW
768+wmb7dKE8XXR77c5Zl0fZBNFewtDGaa9FfWnreCVWCcIQ5xBLVuOIyFxU7B39DtOOyknG
WxKBVSDK0W3Wsmu1YGTFxewXkZGGKk4zMtp7Q8ei3uBIMTJUvn75d6n5MA7TQjAOI6eDsWtd
yVPH3lFlzocJTs79E53r9c4O7DEL4bHGZnYaWXnRswyW2cGATyWVYZ9ZTc0yGarOaat7sQjH
qnaTYUqTeJhwIyjjUYMd73R7nEvhdWOxIrTeaqsX+UPcsdf8xS1LzZgxXIL7Mujke5e5qHCf
fodxn2JhCRzLSFRuYMsUHaOjEIjYWfisjWw1kA7tJt+l7lunpW8R/b2JLSI7hpGKlEWk9vU0
oEpv+h2Gi8ZBt3HSU0OPvzl4GQ8QsgO0TYAWSFZpWhlB61y0L1vmg7JOm+3e4ry8CqDJ7ym2
GieJy0bzrMFLCJLBr9n/srqHoZHKRa4jFZc6wDe4Txhu9zvNLj+IfsIOd16kGfFbOnf3eGfo
juzUB3085oxEZHQUogUgWv4FOzhDff6QY342vvkdr53TeRqHiBLj3xP8u3fQETHL2fgdjm7F
h8MZrnea7JGIYqP0kzaL+eHcxCScPt7mx3jIu3wRiAG3+BEeDMLFn+M0AcBYN4cHI6VI71K8
FeuknzBKRmzLd6/H7N8I87+NPJYBRPj12kscQNzmNI/94mhmzHIbDh/YP2T36OD/BQAAAP//
AwBQSwMEFAAGAAgAAAAhABLLVJv9BgAAeSoAABAAAAB3b3JkL2Zvb3RlcjEueG1s7Bpdb9s2
8H3A/gOhpw1rbMtxnNSo3aVp0gZtgSBxt2dKpmPNEimQtB331++OpGTJ34ndJmgdBLBIUfd9
x+Md37x9SGIyZlJFgrc9v1LzCOOh6EX8vu197V4dnXlEacp7NBactb0pU97bzu+/vZm0+loS
+Jqr1iQN295A67RVrapwwBKqKkkUSqFEX1dCkVRFvx+FrDoRslet1/yaeUqlCJlSgOqC8jFV
ngOXLEITKeOAqy9kQrWqCHlfTagcjtIjgJ5SHQVRHOkpwK41MzCi7Y0kbzmCjnKC8JOWJcj9
ZF/IBS6W4LVfvhfhKGFcG4xVyWKgQXA1iNIZG0+FBiwOMpLG65gYJ3G2bpL6jQV8Ocvb6OC9
pBNQxQzgArglwujZj5LYygH1O9PqPES/to4ZpxEEkdOwDQllnBklCY14DuZpoikKF5xhF/v+
IMUozclJo92gXfNhDgt98hGU1ZrG84qsqUcBWHDduwFNmUeSsHV9z4WkQQwUTfwGQYv0OhAn
dBC7nxvpHv4lk9ak7b1+XT/24FFPU/io90C9Ki74L4S5MY3bXggexqSdBTCf6VSMdP5BP3pg
vfzlBYvjL9RgiFkfVwGGk9Ml8GV0P1j9vmooLkBDxEIMM5pq8IdA+5FU+lYAEjOMaXFkXl6I
eJRAVM3flya4+PgO4qp7zcU/2QhkYGnIxfVBRj0UzD38AgzLmt/0Ty3zpenjk8bxkunGadNM
W8gZQIjgkxbE/t4tkFE7rZ/49ffIm5m6gXBYqx2fNvyTq2yyW5wzypSWypByfZdCDDYa1PIj
c0I2eqzXGpamZapFkhwUHRqYoeM8dHZiWAWy5uxEh+8gWMDeZT4SKaww2HBHicEmJy31Dfa0
unlKaQg2ZlQRilgAH3SkBVKF+GeQzMjiR4DrhXN+1jw9gQ3HrXvP+nQU60VZ3uBUHeR4dmpc
IrUIHNeBkVlwoSwxZhbIcIsCsD3c6+40lWi1EZiMb9yG0wTdJhRc01BbAS9d3UAKC6vBq3yc
AkFcoRUDQDf8DFaMI0ORzPiyluCYRWGvIRyE2bmwFLWMaI2AwS2RIydsq+SlqjbmC3h/GlVv
FKK8AmkpYHkQcZA9Aw2cq8iFwpjye3iVTba9oTj6dOusNnOazpeID6eCXPOSwEFNmxS4Bjeo
K9OyNNagO5fd2+vvi+GTkIySP25ZOgriKCSi/2cJ4XY2ZGLdr2FDutNlcdnP9qV2jdl4S9m4
mUqmmBwzr0P+OquTRp2cNWukpJvd8E5a25l6s3H2eo9o56wchya+rXQc3bmiD88kcJ+cNGqN
5+X+EhLrvRrclopfYYxzwhhAIiljiIZEmn1SXvfMzjaIlBZyijvbevW6kCfv9DRmYAQmn6Ch
2w93j9TJMOJ/My2jimSVoSyRD8aX078dlTvTs41USzEXBtp4yCFztMnaS84cN27/gdnYy4nn
IX9bl6pv3qTQXVx2v3ITyaLMzv7b+QT5YTignHxmrBRMdtuNgYli8ofDHxSRvnOS+SM5OSSz
5vQ8f/ZdHZWeI5nd2mlWpMPPmww3T365ZHhfCvOf4/RyyN+xCFc4TM5pM89/Z/m7qd69mPwd
99qXn7/v07RnqcCKCDiPbIkOTbWyoEObOs+qgYDDniqy6uUl70Hy5CqdNkl1VdDCG1dS3sNJ
JIhv5OUDZjhQ6y9U/md9BL8GfVB4XW5UFBoJyxYgWwV4dphjcglWuXD+tPr4ij4K9gXuUkgO
3TnW9QUKRxYgcFXZ3NSMXfVnWdUczu22y7Kk5L7520BoLZKMsHLBfvPXmdyfgBqVMCv242Bf
PSMLyMDftn1Q7q3crm8fuMVope6AgdqBVgdIMWDQGTftDeMszrTUt0zA/lmxZAw0Lj+iFFBk
6X/hhIjtlOUAQYydc62hrQA98A3FsUUca6CuqE90IZYQ+OdCE0psrdj030lCe4zQMdSosBFJ
tCB6wNyKVySA5uHcjjOXjS5SVzwjr5cAOBpU8JnkNCbX3a9HXZJdEngszsdLBBHzHusRweMp
AWMgI8VIMDXsf2FJwCSBBpJmCmrqSB0IY+qovGMhFMeIXaUI9CTJuVIijHD5KzMGIUaSQA04
hbXRmOGVkH7fvIIeEsgaGr8AA5TCESOsBRSwHm5FAE3QoR9WyLUmakDj2GgtYIuqsqiA7h7Q
hoMpEQBMEqjpKbhbQYBINDEdAReTSA+wF2zUKyN4NZERmiCBdpiCZY7Po26lJH20/bwLhc66
r2rWYQ/Bhv1jI/lhD8nvPZidw2xG5umF7CHbhT/0KiQYfw/ehVmFVZ/ObjAcMrT8Psam9M5Y
f/Fix0+coe3uXSgte7+qdFvlGBqF9Us8sqy8ylNMN8vLTcWukAntKd3MgwNcHO38DwAA//8D
AFBLAwQUAAYACAAAACEAaRUgsMMBAACaBQAAEgAAAHdvcmQvZm9vdG5vdGVzLnhtbKSUUW+b
MBCA3yftPyC/JzZTVE0opKoWderruv0A15hgFd9ZtgnLv99BgGQlitrmxYDB333n47y+/2vr
ZK99MAg5S5eCJRoUFgZ2Ofvz+3HxnSUhSihkjaBzdtCB3W++flm3WYkYAaMOCTEgZK1TOati
dBnnQVXayrC0RnkMWMalQsuxLI3SvEVf8G8iFf2d86h0CBTwh4S9DGzA2TkNnQaKVaK3MoYl
+h230r82bkF0J6N5MbWJB2KLuxGDOWs8ZIPQYhLqlmRHoeEyrvCzLC7EPa7comqshthH5F7X
5IAQKuNOaXyWRilWo9L+WhJ7W4/ftS5dzeJNKb+nBlsvWyrFCTjDXdiM4rjI1sd96Op7qupb
YiquJTNUpENMDu9R+D/maGKlgQnzua0531xqiVv+758eGzfpOHMb7QleJ1bXmR8wE3d9552n
Fj4EmLXucyWdZolV2dMO0MuXmozadJV0fyTbnJ0WSZvFg6O3QTvpZUTPaMoUOVuk/YeOHuk4
Kn7lTIh0JR4e6Qgapra6lE0dz950aN8NE45v1ryfo9H19+NBdVFDIUQDTd+4z2+VxC1GF8nX
7Eh4VA2bfwAAAP//AwBQSwMEFAAGAAgAAAAhAIwYDui5AgAAYAgAABAAAAB3b3JkL2hlYWRl
cjEueG1spFbdbtowGL2ftHewfDkJktC0bFFDRSFUlVYVAbuYtBuTOCRqYlu2IXDXd9gb7klm
Oz+FhiLa3mDL9ne+853v2OH6ZptnYIO5SCnxodO1IcAkpFFKVj78tZh0vkMgJCIRyijBPtxh
AW8GX79cF14ScaCiifAKFvowkZJ5liXCBOdIdPM05FTQWHZDmls0jtMQWwXlkdWzHdvMGKch
FkKlGiGyQQJWcHkbjTJMVK6Y8hxJ0aV8ZeWIP61ZR6EzJNNlmqVyp7DtqxqG+nDNiVcR6jSE
dIhXEqqGOoK3qjiSt4wc03CdYyJNRovjTHGgRCQpeynjo2iqxKSmtDlVxCbP6nMFc9xWvqbk
c3ow5qhQrXgBbMEdESMqg/Ks1EH396WrrxEd+1QxVUc0RMPhHAqHOWsmOUpJA/MxafbFVZfh
M/6+43TNGjos/RzaPXlqsPSdfAcz+8rcvP3SxLsAWld3niCGIchD735FKEfLTDEqHBdoR8KB
eicYKDz1vkQzH9r2hWu7vQDWS1N15dRi33UuJ83iGMdoncn28eneYYM85WaYy12GFeQGZT5E
fWjpVV5uZois6i0mO7czvWtV22pk5TF+lJHGkfpV8gRDoSqMcSww32A46ACNIkssk0//xFk0
SpAGq2aLHVNhS7xSdqwSN4dTIiRf4O0bGcB0eBcA8OcbeAhmd8HkcfYwXJisTeB52QVmiCOJ
DwjU9WpJL/uObQ9NsyrVCJ1ySuM9qXSt7rGST0S8oQYm0VEqB2YwKp3RwjcbBDoHbHWrNeZn
3Di67Y3649qnxo2XP+xhb1L6/JQbtX/U66pUR7HEyvU919YivNenStJ5mjNjd2MDH4L54vfP
YBZMAFBfJbLOl5i3bFM29yNNHz0+AOcC/Hv+C0ZguzWT4LW0DS3jSCW0klv9Pxj8BwAA//8D
AFBLAwQUAAYACAAAACEA3bq+QegAAACLAgAAGwAAAHdvcmQvX3JlbHMvZm9vdGVyMS54bWwu
cmVsc7ySwUoDMRCG74LvEObuZltBpDRbDyr04EXqAwzZ2U26yWSZpNK+vbkIFgqKhx6Hmfn+
j2HWm2MM6pMk+8QGFk0Litim3vNo4GP3evcIKhfkHkNiMnCiDJvu9mb9TgFLXcrOz1lVCmcD
rpR5pXW2jiLmJs3EtTMkiVhqKaOe0U44kl627YOWnwzozphq2xuQbX8Paneaa/Lv7DQM3tJz
sodIXC5EaFdJEjxPFYoyUjEQ0YeSVvnAe89PVMQ3Qs0k3xNvqa/hL8dCwhhAX7ZcXsfSOvy/
4+I6jnH64x312Qt1XwAAAP//AwBQSwMEFAAGAAgAAAAhAE5dv2zDAQAAlAUAABEAAAB3b3Jk
L2VuZG5vdGVzLnhtbKSUUW/bIBDH3yftO1i8J+ApqiYrTlUt6tTXdfsAFOMY1dwhwPHy7Xd2
bCero6htXjAG7nf/47hb3/+1dbLXPhiEnKVLwRINCgsDu5z9+f24+M6SECUUskbQOTvowO43
X7+s20xDARh1SAgBIWudylkVo8s4D6rSVoalNcpjwDIuFVqOZWmU5i36gn8TqehnzqPSIZC/
HxL2MrABZ+c0dBrIV4neyhiW6HfcSv/auAXRnYzmxdQmHogt7kYM5qzxkA2CFpOgziQ7Cho+
o4WfRXHB79Fyi6qxGmLvkXtdkwaEUBl3CuOzNAqxGiXtrwWxt/V4rnXpauZvCvk9Odh62VIq
TsAZ7sJlFEcjWx/vocvvKatviam4FsyQkQ4xaXiPhP99jkqsNDBhPnc155dLFXHL+/7psXGT
HGduoz3B68TqCvMDysRdX3nnoYUPAWal+1xJp1liVfa0A/TypSZFbbpKuhfJNqdmkbRZPDja
DNpJLyN6RkumyNki7c85+qVmVPzKmRDpSjw8UgMalra6lE0dz3Y6su+GCcc3a96v0ej6+dCm
LolQCNFA01ft81tB4hY9F8lXtJHasZ1u/gEAAP//AwBQSwMECgAAAAAAAAAhANuvootDFwAA
QxcAABUAAAB3b3JkL21lZGlhL2ltYWdlMS5wbmeJUE5HDQoaCgAAAA1JSERSAAAAawAAAHgI
AwAAAMIj/AsAAAMAUExURaLE2YeVxOzx8oq20sTW37zT3dzm6dXh5ZiEp2SOvKzK2pG61Rs3
j/r6+qWyz+pnhfLF0ChElpajyeRUdnWlyLHN23eJu/Hz+DhTnml8tPT19sbZ4K1ojsPL4oej
xs3d4mqXwe+xwNDe5J3B2Upgp7jS4+jt71lureTr7ODo6u2Rp4Szz+Tu9N7n6uvv8LO92OLq
7FV+tOQmUvKfstjj5tPY6csqV8ja4fP09cDW37rM2t0NPefX3rbQ3O/y8+br7aS30Ja91/b3
+Oc/ZqQMS+MQQPvg5l11r5qvyy5MmlyFt0NaoTldorPG18rU3+p+l051r9bk6r5GcGMcaOLl
8Zm/2ERipt/r8n6Tvs+Zr8isvazD1rzH2kduq8aAncvc4+Pm7T9lp1Fqqc/g6tgYR5Kvzc7e
5r03ZbvF1e/j59nf6rLA1cnc5cre66m90p6tzMfc6c/a4/Hz86fH2v3w89HX56Ww0/3v8qfJ
3ePs72BXmOEAM3+xzg4rif///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM25c8QAAACAdFJOU///////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
//////8AOAVLZwAAAAFiS0dEf0i/ceUAAAAMY21QUEpDbXAwNzEyAAAAA0gAc7wAABNNSURB
VGhDvZrtQ9rYEsYDCFQgahDDiciLQImIICouUgsivTWGRCpdtdytrCu+tFddbXHXyhrCv37n
JAESxLb3g3ewQgPyyzMzZ86ckxAd1bYmtBfP+ERo302ubD0jRf3qLqvz+h353LAeq/NuVn5m
WJ+19ebb/40lv5t8Zi/2dXUm3q48rzAdSx5/+7y5qGN1vj08rxf1rM67h5XnzEUDa2v5Wb1o
YMnzD2/+er78MLA6W6cP88/nRSMLIvbwfEV4gPVt+TteJElvyvzHHlgq5ZVL/7OzB1jyysPD
+DAvbmz4b0wMy3Isyzbwb5q+81/8b7gBVgeEPQwUYZK8WKxFBZY2uYuHn/2Vr5XDz5djbppu
CNGa/2/ypyvbIKsz+/CwrC8fqQs3y7Omy9WNmLnZNJvNsVgshX9a8UyFbgsCY7qY/jl9j1jf
3jzoysfeIsu76Mp0qQDfD7YxB5ZOx8GSNls8zrGHgUaUOyz8DO0RSwZhWuKX9kxRqs2uNpsq
SKUBToEl062Y2SaYCvZX4GHTxo9d+YjVIUHYW5z4q6YowyB3qbS21lxrNpvw1GwWCqkUprVi
Mf9YwBSouV61bEn7dkNw7/1I22NWZ2IdQvYt5UZM5VIYu6jcmGo0BwapV3OP+b9mzNPNpj0Q
RXAqDEtRDfoyvJApNpB7+vt1YAhLHgcvTtbZSuyzi2KFKMvUgFEsKkzIvQZbKxYFdiwD8pLx
MCDRgcmXDG4LDf93HTmE1dl6C7CZj7TgargvK3+QMjxKJBi8aMYrn9200G7Tl/a5VMtmS28L
9hGTgEzBqo9Gte85chiriYU9/GOihTmyNA0hAoNQNQv4ZXO6VCoIpkM6KnA32dScLdOotWzB
bXRwXQ1/FITK09KGsMia61/AWt6qu0uplFnhrCmGU6NgTk1fCxupZuzQ1EBc0WYuokomDKKo
2tHJUY1ffLJ4PWbFuDb1Hgv7FK02VRRgpsG0RDSTNN2E1Dc3459pJAS+sjVbOFxtXYtMLngy
hkzeJxLyEetCaDMjc5D3Dw/vSbOCmlZICg0rM8ucu4lHdTo9F7PfRAUBhVvBy+0A10Zso4Ha
jdjwfBxkVXjqGurPLOT9w/pKCVBYU0k1DUbStWYspgzpdKw0d4Pa0Yag5CtPBc4C26wwvIwM
sCpUYzU1F2+ZlfRYnyiZdagujHSz00q5ipnTOwGucYDaLs5qD56fWAUanqycMNSNRtbfPB1v
xePpdPo1zvuH5dekqgpnPEkqsLXC2ioKm1MF89wlLSDWdP01LNANFDgJZ893qMBVznpVHqrM
wLrga7F4Elhzc+Z5zHp4kyr1URqsWSixtJw6pA8EZiycTKVtczRXdfONS3v2JICsOWsuxwqx
xwmiZ8UEJh23KaxWSk2Ph3EcJ1VVV1izQFaQiUVMMW2GymHLZDJ+tJMcYaiaLzgi1M6t1nye
Yx9PNDoW2UAZm01lzW14JxQvPrwraTVDVlil6TWStNdcbfdFszkH9d4GLLuNpW326jYSPlYD
Qi4HLIdgejSo+yyZdh3GAZaEcM3NtRbU9ID5RVEkg6kw+YJG3CLLrKUwClgAs40hXzhYzTFU
4JVwDaypfIRaHMz8PuuwTafhrzRWLDVdxNUDbEXHIhWSnyQziEmleqzMV2GsGswenQR4Ttj2
AWsqH+BXB0LWY11QVAWfYdeHqcJXFx5kkPmzWJEiSy6YEFcpkVCnKgKbTCm6wIf2FsPZg9ls
1r5z0D67wizHSwYNZH6XRTIuJm3vs2Ix80bjvRqy0wnMwbhF1PDLJeg6UqlCkkOH5jnoBDAr
WRSywPL5gjsuqujL56cc9w6xZhTWZRUFNGbrsj6YF6CJIQNLk6oX3yow+Q8OFUlyrQnlN5WK
FVI1nrab4wrLHhaKYYW1LTDUmU9hnbn+NsA0VgGZDip2jdV6vTIx8fo///n8z2/QwanKQNQd
ojdkaAhwqccNyEbzsIFMmZgNs2wcUwUfBnOIPqnxtdyU4/b2fjRqqPkqS65x2w34C+xDWzKd
WV4/XQZbP1WdiJUtcOizTE7D9K+xNuZgeI1FUe1VJh2v2twH1XP7ybXQyPmyAVfNCiyCQHd6
YSprj7cGmDBmASweX1CLht5O/6FTslZ8FRdC7YXim0qOsahRu9mpvOKvX21zFJPz5ay+ABXK
A+o+ZCgfCktmmBbNgC5FGIxlm+Y7PW0F+0+bLbELAYWbxLnYKzcnRBFy8dCXFo9GclawABWY
IsAO3DphCmuP32kxNHa7logL0NY/snelkjIva9FSukSchsm07av18yuGtebOgyNQNaBsWGuu
gIOIEB6ka0AwS4bSaWPoKjhRg32wqdXQaOMFmM8wCmRBtNSRDG63Z+xhOwQse+Tzaax8fpS3
3EYi+8d3/eqBWXvo8qha4+AP+sKUyXLQJl/DTK2herKUjA8H7R/RTo8FQ3lqF+0TkUhI6JdF
YMl3bDBbNXHhsAJTym9yQauGRtzyBHQ7Sr4r0VJcqLFOXqHrI1UWlA2Hw0GgOhHZd6LFXsSA
ZY6ehbN2d0NjYVg83no9JD2gXs2bvQva/G9ABY/sjUAQs3CVB9btvZMaJTb3y4yetYpGYBDu
IKsCU9Ie5pUhea9onHxtVpYPBlXhYPCoyjDBETVc4EIYXfc1Soo4JdQrwaCrRtt9vmxQ2Aa3
KxFTi31LK1CDQVteWVhQFyp9D4aDR1l7jVV0YVnAgoS/30WbTiffcyLRIaPbENPsCRQZnReT
8Q8Tp0PSQ5WmqeoGC6Oy4cABDC5NFmZFIk5+CVhct9wTHb+Qs0Gn4v16WGo2vbD68cYzMS+e
+SdWhtv8BFlKJZNmrT/1Fppes/kke42U0ZW3LbRarQ+KjYxVCdGV0iJGdIqcbwHPun3bsDeN
B4b8b9pmKxkOV32v0A7UJ2veazjuOG53qz0hc4FcTHbjtb368Mtpe0F/oPtG/5l1y2uYVcP7
AvjBVuTqiA8RmDVVInvHGxfyfd3VncaIvWhxZEFm2z27kdPhgv5A/63eqwawMtMy6h1YxCzh
LItbjRLJ94775YAocl0frjamrAsyM8jSHRjKamaABcswze7kTG4k6s7ihC+R/eOHcsNVRlrp
IPwHVmtML+PuJ3SxcjNjN+qyj/gO3NDV5B0lsq/XL3MuSfSrwggT47O2jLriwYLMDVHTPySo
LL0uO9alsfS6aJdUv9FYdMiXbxl1xY/M8g3LMhw8GKbv/DZilCMccyMX7IO6crloADc190Zd
jXa5TGusRiAHLEO8MAuWxvgH/pn6ckxKR6ocV1gGXVZg5aBk3Orj5Zfpulg2aazomXVqQJct
OOe/S8E6D5qpkkzrWWuFC/dNjDQX0uGwMV4nGstx6zXEi/DwS6yaHAQq5oFl0GU7OkK0LYiL
Yzgm1/SsuP3rDaz57TaonWsGXSdWK+jCldCYh4QkHjeUKnVBIGLqkS67SQjDl+FSHDPqitvt
6bAbaCM2+5phfJ3kgWWFtpAwxouQlvio0ggsYpYjbtSVHEFuexCzwuGUUdcH3ABV7e4DxHw0
xus8bz0IWGHeIryG8UVIIVdD2WhcBZYDWLq6cSeba4IvCAao4ICu2eoJPgNbGFo1v0HXeT6P
tvG8FTHqikiSS1A3NQkUcdwmjbqyKGDPHik0YBni9Wb8T4AFg+fV8KukIV7nU1N8ceoWWNNG
XR4LxWss6sxxO6CLEUZgPsoeHR0FjzaM8XrzMFk5CcI78AGvMV65InJAajyOV0JEGstVmyIG
dEVRLugDGOCyrQFdsIT+fILPJOvzGnRdB2j+7CzgqbF7uuOHMuFJ1LusdhmzDPGCRbcVpmoF
lx7UBZsDv/2JVyS+gkEXLVKUANsqYn3POL4kYKkNKUEd30YGdF3mBAGUYZjvsS5YSPz7zyuF
pa8bV1PcbsRZ3CegRunrIehaiqpdACG4nIO6qr4RUIZhPt8QXdBxjPuufCPGeH3JR0chWETE
OVA3pESvbjDtEFE15qHd6oMNimvorjDLmIdauzP5+QvM5lHd/JUlUOAWms99YBl0SVLdpPbZ
BO2qR6rGeEFp811x/Fh4xDdi1EXCNRDVln/7op9haXnhTG3gnffyhat3DhekU0rsduv8HeKl
AV1Q2qwjVzQVgJ45btSV+b0LW//9g24KcO3Jl8ebkf1N571XDvRQVKxkgdzozl8X4nH9g1EX
lBuwKzdFj/iSxjy0+37vLSrGZX+/LHMl2XwCDXZSlg/7R1n5gyRJQndeXo2GqJfGeJ1PKTDf
NTrYWTDqOsl9+a0LO93SJXdbOFRbtT1T34Ntt/xSkjy8tl1EeBsewW3UdTSVh9Va3urLc/yi
Udc5bGx1F+wP72S3vlMQaPeNiaV0hxBJWiRLudHto+TarmdsoB5CrcG4fC5XCxh1wb6W9cu1
toRZ3vpBa7cof5GkhKilBtwPsHjg/NOoK3vrwDRFXcao6wifgnVHW1aMy3t6GYPtkEk2Q2Z4
+n0vrCo9A3noA5ZKm5qyGXVdYdZU3jGjpuOKvNd4quFyuWUSJpTEMdVdMsOaiC1XZd1f3Mg5
AqYGjAOrGnVlMR/OI6+m4zpsDtzoGi0dl1mVSwSgRttMd0MFWHfoBPbzXJRmd8AiMO1eZZl6
78CZ+rRTcNz/W10xjX+TS4cMr8s94LngQo4s2zYh3yW+vailBr5/Y4F/aVyI5CIqDMTdVgfe
gm0mxz2cB3F/84sCO53fgo9c3MEFxihYg6Pdfmj55A8OTAIP9ncdgFXiAt4F8/mqF+94XeyZ
zS8jGIbtlvgC6zFYX8FP0r/aJHPKKeBFI3F/rVwxgLI/OT8xsGqyvYRIKShUp3ubDnjPoYKk
hHOU8mw6N51iiNjfj4BpNFUflkiM8mItMgWlXDH4xMeZ7rBef/tmfP5PvLqrfsk59hMKSEpI
x7wHaUUD11745xXKiYSlzktOZ0IMRTY3N/dVXg+oaHREaJ5fOru9h3KumaZM1ffLC6gR8Oia
JcQjqXzQ32pT9oiu+YSUSIh8ArP2nU4dzcC7j3gOqIOQhbgn4Fy2X3zqFmL1ef2TqQeSLNKu
qy4l+DHjvk2nhEYBJomiJYEwC8M290FdRJXXM4jSWRnxx6HEvntmyNJ9/X1A9V5CWqL4kCVR
1m3bqPcRyXe84l5elMSQ02IBmsrDzhywyH1E4tCvv/TKvVHb6UwAohWqU/wofGEC6mk347v3
LJEQMYB5EEKYBTQdr89U2E73zLCNsR7ydIYTqeMQ1mYpi/pNem1fdJGCs8BubIeckCeqKfIM
tul+8f4pRX1967/WLGoq8od9Vb17sWS2blHdSIGXe7RB3OZMd1PW6LmB/52+wF8GEzI3ZL8X
FixUCJ8KjHNqFE4K47ryFI8qD0C/eGozRyfrPQ4ZLoW88Uppd89cDuD0gMmmXKZ2sT8xTidQ
c6vFeWYYU4/lrb9/AZFSfeQ2XuXoXXcoNbAXLfW6M0SJCgx/XAWqTOUZjvSqxRA/rr83aUUD
XNQYuHrTv56yR5Vhwt49hnQU+VHF4X1TOZqZ1Kr72E5nXvQ+ZCnz3X0oXZ3XXsp+CBlkKZaz
hIe8kaYHS8Ok/fIealTPLCHKkINKL9pPStnNe6CGeQBi8fAg7WmaNFCe1j/NvDCcXMLDBx5d
jNVf1yvRIIpX81HapeqeAUcapRkS8sXgiVH9qaSnxnC90sscW8QlLS9CIrX0PUcGDAk5Y4iu
hJghl+oNLNhmFpdETU0iMUqhMtTrp8zyj74mflKrrpq+Yq/HGFI3uoe8LE/1ZiBcrGEGeCJs
liVqVF/rT7s5CAOL/onryx25wLSXnP1s8uxSYhmX0UFLJJZcoUTCpMvIddWPCQ81VJUhD1Vt
JRoqYt8dFs8STMaewdAnErsUzHlgpvd9T/4CAxkyufbEnQ7GeCmwOxe0BH0d4EkEc4RuLCud
BNXN0oSpnySnM9Iu737qDo7HrA5cqT42pLtFCh1T/G5IgjKlnAMefngYdnNBp+1f/zwawsNz
vnv0ghlIiYTFUz7m0e4o4CB6owNlJSEFtMuo0C++e/JG0CG6sB/HQJoxIyyAE3lK3PV46lTZ
iSVq5VwpzFLtk3Y5+mF54gnacBbMZzS/OzC2EpAyoSWx7WqjpdFRDx4aUPyhT/OEynVRpFy/
vtFm0smJoXdMPsXqkH4WT2TGbE9YQsd8ubwrQmPCg4miCL8RL9Z3RZ67ImfHVdryUEc+yerI
Xriku+TBaro5kPAc4yqJ1XhATWh0aakcCoHC0K7ILpbkDklOvFtWxgC0+fqSobx+moUb4kNO
EKH3wurgF2RjP4raPIpDNSqKjL9XKbZmJ5WyvDw7SPsuC2h/wybo7ijExgOjrA6jTDfwICck
z2idj5r29KOX/LaliHv7ZpY0zCs/YIE4smKKHoh8G6IH3Y2uJ5BC5WPxIGq6GHILCojDTeTk
rP5+8h+zAGdeLdKsyIvHu+XyaAjiVF7aPYaMYN03F0/dVLa1Na/cFzdruDb6KIbDDsDNKYdw
xyjNNKLRA5ZmTHeHF96S/L175Uhyax5GQX8A/JSunzqboR/agrx8Oz6hevKZWZ3OX3/Nji+P
z/4FWfLsLCwIMmUesuT/wgJ1W7Ozf/0XvHEVdKRHia0AAAAASUVORK5CYIJQSwMEFAAGAAgA
AAAhAJa1reKWBgAAUBsAABUAAAB3b3JkL3RoZW1lL3RoZW1lMS54bWzsWU9v2zYUvw/YdyB0
b2MndhoHdYrYsZstTRvEboceaYmW2FCiQNJJfRva44ABw7phhxXYbYdhW4EW2KX7NNk6bB3Q
r7BHUpLFWF6SNtiKrT4kEvnj+/8eH6mr1+7HDB0SISlP2l79cs1DJPF5QJOw7d0e9i+teUgq
nASY8YS0vSmR3rWN99+7itdVRGKCYH0i13Hbi5RK15eWpA/DWF7mKUlgbsxFjBW8inApEPgI
6MZsablWW12KMU08lOAYyN4aj6lP0FCT9DZy4j0Gr4mSesBnYqBJE2eFwQYHdY2QU9llAh1i
1vaAT8CPhuS+8hDDUsFE26uZn7e0cXUJr2eLmFqwtrSub37ZumxBcLBseIpwVDCt9xutK1sF
fQNgah7X6/W6vXpBzwCw74OmVpYyzUZ/rd7JaZZA9nGedrfWrDVcfIn+ypzMrU6n02xlslii
BmQfG3P4tdpqY3PZwRuQxTfn8I3OZre76uANyOJX5/D9K63Vhos3oIjR5GAOrR3a72fUC8iY
s+1K+BrA12oZfIaCaCiiS7MY80QtirUY3+OiDwANZFjRBKlpSsbYhyju4ngkKNYM8DrBpRk7
5Mu5Ic0LSV/QVLW9D1MMGTGj9+r596+eP0XHD54dP/jp+OHD4wc/WkLOqm2chOVVL7/97M/H
H6M/nn7z8tEX1XhZxv/6wye//Px5NRDSZybOiy+f/PbsyYuvPv39u0cV8E2BR2X4kMZEopvk
CO3zGBQzVnElJyNxvhXDCNPyis0klDjBmksF/Z6KHPTNKWaZdxw5OsS14B0B5aMKeH1yzxF4
EImJohWcd6LYAe5yzjpcVFphR/MqmXk4ScJq5mJSxu1jfFjFu4sTx7+9SQp1Mw9LR/FuRBwx
9xhOFA5JQhTSc/yAkArt7lLq2HWX+oJLPlboLkUdTCtNMqQjJ5pmi7ZpDH6ZVukM/nZss3sH
dTir0nqLHLpIyArMKoQfEuaY8TqeKBxXkRzimJUNfgOrqErIwVT4ZVxPKvB0SBhHvYBIWbXm
lgB9S07fwVCxKt2+y6axixSKHlTRvIE5LyO3+EE3wnFahR3QJCpjP5AHEKIY7XFVBd/lbobo
d/ADTha6+w4ljrtPrwa3aeiINAsQPTMR2pdQqp0KHNPk78oxo1CPbQxcXDmGAvji68cVkfW2
FuJN2JOqMmH7RPldhDtZdLtcBPTtr7lbeJLsEQjz+Y3nXcl9V3K9/3zJXZTPZy20s9oKZVf3
DbYpNi1yvLBDHlPGBmrKyA1pmmQJ+0TQh0G9zpwOSXFiSiN4zOq6gwsFNmuQ4OojqqJBhFNo
sOueJhLKjHQoUcolHOzMcCVtjYcmXdljYVMfGGw9kFjt8sAOr+jh/FxQkDG7TWgOnzmjFU3g
rMxWrmREQe3XYVbXQp2ZW92IZkqdw61QGXw4rxoMFtaEBgRB2wJWXoXzuWYNBxPMSKDtbvfe
3C3GCxfpIhnhgGQ+0nrP+6hunJTHirkJgNip8JE+5J1itRK3lib7BtzO4qQyu8YCdrn33sRL
eQTPvKTz9kQ6sqScnCxBR22v1VxuesjHadsbw5kWHuMUvC51z4dZCBdDvhI27E9NZpPlM2+2
csXcJKjDNYW1+5zCTh1IhVRbWEY2NMxUFgIs0Zys/MtNMOtFKWAj/TWkWFmDYPjXpAA7uq4l
4zHxVdnZpRFtO/ualVI+UUQMouAIjdhE7GNwvw5V0CegEq4mTEXQL3CPpq1tptzinCVd+fbK
4Ow4ZmmEs3KrUzTPZAs3eVzIYN5K4oFulbIb5c6vikn5C1KlHMb/M1X0fgI3BSuB9oAP17gC
I52vbY8LFXGoQmlE/b6AxsHUDogWuIuFaQgquEw2/wU51P9tzlkaJq3hwKf2aYgEhf1IRYKQ
PShLJvpOIVbP9i5LkmWETESVxJWpFXtEDgkb6hq4qvd2D0UQ6qaaZGXA4E7Gn/ueZdAo1E1O
Od+cGlLsvTYH/unOxyYzKOXWYdPQ5PYvRKzYVe16szzfe8uK6IlZm9XIswKYlbaCVpb2rynC
ObdaW7HmNF5u5sKBF+c1hsGiIUrhvgfpP7D/UeEz+2VCb6hDvg+1FcGHBk0Mwgai+pJtPJAu
kHZwBI2THbTBpElZ02atk7ZavllfcKdb8D1hbC3ZWfx9TmMXzZnLzsnFizR2ZmHH1nZsoanB
sydTFIbG+UHGOMZ80ip/deKje+DoLbjfnzAlTTDBNyWBofUcmDyA5LcczdKNvwAAAP//AwBQ
SwMEFAAGAAgAAAAhAC6gIIs8CQAADx4AABEAAAB3b3JkL3NldHRpbmdzLnhtbLRZWW/bSBJ+
X2D/g6Hnddw3SSHKgOdMZuMkiJINsG8U2baI8EKTsuL8+q1uklFkl7IzO9gnU11dR1d9VV2u
fvnL16a+etBmqLp2s6IvyOpKt0VXVu39ZvXpY3btr66GMW/LvO5avVk96mH1y6u//+3lcT3o
cYRtwxWIaId1U2xW+3Hs1zc3Q7HXTT686HrdAvGuM00+wk9zf9Pk5suhvy66ps/HalfV1fh4
wwhRq1lMt1kdTLueRVw3VWG6obsbLcu6u7urCj3/WTjMH9E7cSZdcWh0OzqNN0bXYEPXDvuq
HxZpzf8qDY64X4Q8/OwQD0297DtS8rOd83GPnSm/c/wR8yxDb7pCDwMEqKmn4zZ51X4XQ8Uz
Qd9d/QJcfTPpvrGigJ0S93WyfKif8SPRnqL4ptqZ3ExhBgBYK5pi/fq+7Uy+qwFURypWrwBR
37quuTque20KCBLAkdPVjSWU3dtuTKqhr/PH9/m9jroDINJUenDk3lTtmJm8sNHM63if229t
PlfluHc7dLPT5fZxGHWTde04se3gbID8xArfHoyxQn/TOaw5HoycdR3IdWSr7UF/NpVNgu34
WGswPe/7t3kDR7rdfnZRO67r3KZSqa+TdAU7HnRbduZ1slkF9mdZ1/9ask9SZpcgeYovTuBm
Rabz/zld/XgdfTjXRZ/r4k91zb4G4HR32zEf7XmGXte1qwVFrXMI3HF9b/IGsnizmlacLwZ7
/Pd5qzOX6llVg5dg70MOMOEZcerzunanGiCwTvdhGLtmWYLCY301QuDPlpzo4XX7aQCvuk17
CNHicpDl1toDBBhQMAViWR0tvM6klZXRxThZaeP2rv1waBeDnhPfA5DgvP3+8pa3i+b5VM+F
fLRWLAKs08xJ/8w0dj23yPvhAM5FD9VQPT1Cbn3bgqPcwSza3HFdHEp9lx/qETRuQeQSAKm8
CUb7x36vgRWy5N9QzRe6YHKiuzT7bd6k47yf8qQ0+REs+9VU5W+dqb5BAuX1ts8LWFxkUDZD
tZyy9LQxOXGncNE8Lhzn+yEJxqrI6/+22+XqHnLU+jDJx9ydu+3eH9piPLij/RPcA5Y5QrGU
gtncGGw3Xb3Y4A4cw11koFTOPirNdp/3OplcObx62a0HuzD7drh6WOuvUJx0WY1wN/ZV2eRf
NytGRGAl3BzX+2cijus7KBwt1I73xtaz5RfYUZWb1fWcek+WnYdA3rI88UL9OAmafzyRc766
iDljnC5ga8th0Fn6Jn/sDuPkMnc1b6fLHQS3rp5N++cL+7YrtU3Xg6me3QIXbxHL4OoBFPuf
KOoAIwA07bLGQdwW7G31TYdt+TuUjApaABfnv2DBzwyABIGUewety8fHXmc6Hw+Ajv+TMgfA
rK762wruH/O6LaH+/VVlAJlTeKGzKwHEx7X9+AAoXMJAiKdYStLJF5Z6ohBCuJwT9AmFMyYU
ysO9WMxAfsIjGA9xPUrR2EeleSwUOI8vSYhbEBLp4zwhUwQ/T0wCNgPyidWxF7IYtS3jwket
ppwojuqhgoQZziO9UEhMD1U84K6oTNE7xYf6KopxnoBwgp6HSariCNPDJKceTvFUDJe3S9dz
77CQ+3F2gRJmuLSUZpyjPKlIQlQaJzLJEoyHg699hlMYVyhCuCCCoQjhgsoLejwWBGjkuGeZ
UAt8xfBo84BQhvOE0udoTHlEuUKjwMGjPoo3QTzBURwISiEMmNWCU+6jvgZREccpyuMCzRIR
0ICjvhYRkynqUZHyDM85kYqAoBZIwhOKRltS4SeobZJxmaDYkUxxH42CFCTzUVxLBS7AeZTy
GOpr6VFCQiwK0mNphsZUep5guNUBCXFUyUBKgludEJah8ZEp9z3c6lRyhvpaMeFHqDTFPB7O
Deh5DVGCZiGqR4WAbFxPxHyGYkfFNFUo4lWqVIr6TWXEk7htGXTNqB6PMs5RaR6UWIZi1JNC
eqh34A5OfBSjl29ngIFPcWmRIBKXFnkEzwUvphey0ace9dAo+AI6BPSkvqLSx3mUlKnEEO8r
TxE0Cr5PkhDn8YXyMlRaSBWeJX5EEon6zc+oDFAk+pnFIqbHFnKF4gAocYTmXEA8GqKoCriK
8F4sgBsrxS3wWYQjMfB5EOG2+cKTaHyCmGf4jR6khOGZFaSX6miQKs7QmAYZFCTU10GmfDwK
trHDb8AQyqhA62hIRYJnY8hljHcoocf9DK0hYcgE3j2FoaQ+isQQ7kyBnjSMeRyjnV2YcKgI
GN4iIr0Aze2Iwv+eqLSIegJHVcRJtowFzqtyxD3mox6NFCQJiusILiZ5gaLoJR7Px++SCPod
vA+JYpoFKK6jRAYKzawog04VjWmUeRmOt5h5cYJGLubgHLQixUpeuGXigEELicU0DpTCu/U4
5AqG4kjnHYeKSVxaxGIPxU6cSIX3fHGqwmlw8fR/jAQaxRDtOhMP2hqc4osgQm1LQuqHqG1Q
4P0LPHAzcTSmSexFAq0uCZwUr/EJdJB4FJKMh3hnl2RK4L1LyrkXoKhKFUnwyKVK+gHa2aWp
DAWaP2mqKEV9kGY8Vmg9gHlrjKMqI4qEqB64ANMYzfoMJlt4tcygJY5RHGQeTfH/mbKIwT/C
GK6zhPrTEBHmF7YkwdSiWdtXFTv3mr7sKOiqmcZIcd7sTJVf3dp3F8iTZr0zX6KqXeg7fdcZ
/SNle9gtxOvriTA0MJW2LwcLwYWnWdspJkwAndj6Njf3J7nzDoOuwpDw9++y7COGNr/Cu0I/
aTvCKHka8SzqqBCzPHjBeFM1y/pw2G0XrhbeTn4gHdry3YOxAm9O7jmuR3hyg6EoSIH3hmVS
oNvrT1s7utL5MIZDlW9W3/bX8Vu7tKtKmN7l5no7h72ozdY+3OlbeMWYRru7e7pZ1dX9fnTj
6BF+wbPLF/djd89mmnu1GOGXpbkfeWHPDrvnD6tv+oRd88dpjS9r7kliIotlTZz2yWVNntbU
sgYPiDB5hYmdgfeKLzCWXD7t+l1X191RlzDbXujPlqxH55em121RH0oNeCm7At4e7GvINAp3
k2AAhp2y/+nR8DxIhjcsmLWejZHtkNnOkfuz1asS5tv2hcDG+ozZjZmf2AK266ICPG8fm91p
xP1iOlddDeNW9/CeMXYGPOImsf9wkk8vua/+AwAA//8DAFBLAwQUAAYACAAAACEAWHG6NM8Y
AAB4twAADwAAAHdvcmQvc3R5bGVzLnhtbOw9TW8bSXb3APkPBA/B7kFjkRQpSlnNQpLttbEe
rUeSM0ehSbbEXpPdnO6mZfsUILOXXSw2CbLBAMkGCRJkc0sOCbAI9hfFnv+QV68+uqtfVbGL
bMqaGc9hZHZ3va73/VGvqn/049fzWetVmGZREh+1O5/stlthPE4mUXxz1H5x+Xhn2G5leRBP
glkSh0ftN2HW/vGnf/onP7o9zPI3szBrAYA4O5yPj9rTPF8cPniQjafhPMg+SRZhDDevk3Qe
5PAzvXkwD9KXy8XOOJkvgjwaRbMof/Ogu7s7aAswaR0oyfV1NA4fJuPlPIxzHP8gDWcAMYmz
abTIJLTbOtBuk3SySJNxmGWA9HzG4c2DKFZgOnsE0Dwap0mWXOefADIP+IweMFAwvLOL/5rP
2q35+PDpTZykwWgGxLvt7LU/BcpNkvHD8DpYzvKM/Uyfp+Kn+IV/HidxnrVuD4NsHEVH7cto
DsQ+C29b58k8gLndHoZBlh9nUXDUfvdff/fNX/2WXZsex5n56XFGgTxgb5oF8Q2MfBXMjtph
vPPiQof9drpzesYujaIJQA7SnYvjNgx8gBOXf0sILBQ6/KkKtsAn4NoFFx6gRXj9LBm/DCcX
Odw4aoMA4sUXT5+nUZKCgBTXLsJ59CSaTEIQVfVcPI0m4RfTMH6RhZPi+uePUe7EhXGyjPOj
dnewjwyYZZNHr8fhgkkMvC4O5vDmMzYAeHZ7+KUc22GIAoVMj0/DgGlJq+M9ous9ouc9Ys97
RN97BGitJ632vUeA+fF8x0HtEeMABYA9n5UkCxm6rIhVfS5fRvksrD2Hi+Uo9xrw5M0iTGdR
/JK9YhkVSnJw4BDWizxN4pvqkG59SXw0X0yDLALTqr+1i3pYS2GeXH72rHWZLFrJdYspWBWU
EwEcfJLkeTJfazxX7tYPvghHP/R68fNZMA6nyWwSpq3L8HXOBlNpqcuHs6R1sQjGYDeqk6gv
YM+im2neupii+amCGew6pICPfBZliEVZeAYuS8eH/SSNJuRtXcfbPgsn0XIuJ8rtpPbOXv3B
KKja4L3Vgxmihtf2a46k7xysHsmoZHjnfs2R9J3DmiPRRWgUctmDhxCItUyCsO+Sn9NklqTX
y5nkaVUc9l1SpAYbX+sSJDXSJIL7LinSVKV1PB5D5GHgjgvnQmfs411oF8pjH+9CvqpFdigu
QlSgdO1QauuVHYRLwc7DVxHLNZjorG9GUbOfB2lwkwaLaVUMe/WDn8+XSY7Ouqw53fohxNMY
gtksbBnh9Or7RsEfxMvBnNoGyM6c2pbIDqK2SbKDqGWbrMO9jJQdikttlc1Bltgsx75LcxUI
9AlWEC61Ndov6iP87Bcd7yIEtV90vIsKFcvTkeygUFyEqEBRKkKheNsvCsJlv4yKSkF4KyoF
4a2oFIS3olIQXopKhq+lqBSKSz6VlpUVlYJwiagCUVZUCsIln0ZFpSGZn6LS8S5CUEWl411U
qKiYUlQKxUWIChSlqBSKt6JSEN6KSkF4KyoF4a2oFIS3olIQXopKhq+lqBSKSz6VlpUVlYJw
iagCUVZUCsIln0ZFxXixHAHWzKKlL6PjXYSgikrHu6hQUTGlqBSKixAVKEpRKRRvRaUgvBWV
gvBWVArCW1EpCG9FpSC8FJUMX0tRKRSXfCotKysqBeESUQWirKgUhEs+jYqKNeoNFJWOdxGC
Kiod76JCRcWUolIoLkJUoChFpVC8FZWC8FZUCsJbUSkIb0WlILwVlYLwUlQyfC1FpVBc8qm0
rKyoFIRLRBWIsqJSEC75NCoqLg1toKh0vIsQVFHpeBcVKiqmFJVCcRGiAkUpKoXiragUhLei
UhDeikpBeCsqBeGtqBSEl6KS4WspKoXikk+lZWVFpSBcIqpAlBWVgnDJJ1tqnIUt20pex7/q
aQPVrb+YJSZ1Hl6HKTSehKSWWx+UrMXaYWFOX2ut8iRJXrbUSm7ZkPUw36gHJBrNogRL1G9W
1rt7uDZOl53tDQiXPzttPeFNCKuhI3MpdKjC66hAV0e5QYN1P2CfDzyYw8rzUXtRrrpD8wbr
YoHGIZwB6+l4Cj0YATZZsK4KGIZ9JaK3ApERL8R/Q9/RRD4DbUAn3WFXGAToImEvz4MR9sjA
X/ncLLzO2esWCXS07B8IY2p7oNM5EKppfaI/FO+0PnEwRHsLxIFHcD4J9Exdz5Lb58t4nMuZ
ifJOsMwTtsobPnxkvXNWvTP5+TLLz9nS7tO4IAlf/Mv4kjEMGYXQTgVc6MC6OxIwhyXp41l0
E7NWKAlzFGQhtAiE7BGYsyAltBkhO9/Kx7rSD+kNQD85YdQtmot4TxAHhTAAJMrECuHAZ5g4
dIg4FL0ziASb7+RnrBMHhSXgqMWAWuWSl+i8DMPFGcDAV7Afz4AkGf6iBO3JlD9C6jMZ48IF
M5gCfbAfTglbsswZfZ+9mskJIjsIrUcbUK1rpZrwExWqCSnflGqUNN09IWsUa3ynxNpXLHpW
BIUXuysEO5L3FEEk9boI8ma/shmUci8Ur4KgQHtTDkoTVbJm41kYpB42cxc8OBddCaysFh12
u6wXeAEVi1IQkVqXgn2riIj4t0JBQddNKUixQMDrYjGwYiFC8O1gIVlnlYOCbfZHhPcE1CU4
TRKY69QkQflSSkPpQtEdAUAvH8L7Nk26JHKQCg0FZZuXBAS8riQMrZIgIpC7wgKJti4WB1Ys
RCZ2V1gg0VZjMZ5CzDrOQ7SAtpB1lyAlWppbqs8EuhbjnMcmRUYgAwDhfoueFrSHesTNTapF
7kG/eN+obYY0jBJNjZc4kr9PNSLKecmuylUTAwUfzUTMPZrxGBT657GFhUf+k9cBRx4ePA1n
s8+CFCN06Oi8PbQ8yuIofrezi5aiAmrEOzqt41PsdcTbJgDA+/Jk+E+GBPzLQuZ4OR+FqWjA
tJGaxl7QuMmSdxv361LZPi8trxpDLpDML1g+Vc2tjmOwaWcJbxpm9C/bRLx5BXP9s2C++PMW
fwgFo6KSgpMG87gyI/MKq/eGInb8+VgKJOvBA1XkuqCnJiOcalYkKFLBV6QdmoK7aLdYAMeJ
oh8vFlfsupFQYv52soi0Kl29X8OyN4O/ltOjOURTC6Ls+jqINiC5C9gQNInswivu15FfTQsQ
HQ9RtqNSW5DS3ChIaf4tEaTa1ibNRc5CtQaQlfeMAsXFzIMvqlJBc9C7sSMeVDlLjASByw3T
YovmFva/iHLI9ixumhsNEcjOBzREaW5xnzCtD+8zVb1lqz6ztqxfnNHA8/ji7BMR8JoDC7u7
tNd1Vxcp9CeMld3KIyodtWe4oraLCa6MUbQScx82DaJSl2BoD3Q60HHufmJ/V5DLBqPbHawo
QneHPVH0sMHo7e2K0qD1iYOBSNFsT+z1eyJ1tj3R7+yKQpX1iQFfUwM/C49guZxadHPBtBpF
nSbLNIKdV7DvFesMfHdr+So3t/j/OHmeJsk1/rsURMo3rYit6irEaTCbEduPF/lU6tayV6qI
l+VXNcxyeUbUq4EPepwdwUzhYlMEmQYLgzs8hcsQyn2L/OEIGbiBV6wtQkAaswdCon1fXJAW
bWO6jouHdF0A0oYY9um0IGQQq8RGVROpWqXSYdczkbnBSh5fQpPWP1vCFttsnEYLzPeb05QQ
ig+z8BX1p+qGES+uQnY8hHJTGyuT76pNAESra1rSRsBfS+GkrnALXGgJRd0wIalTYCWuZYww
Diij1DtYp7zpqBuIyZkEExlqXq/S8fVDScQtzXHl0ZdLPB+DeC51w8QVUSZaOXfp5ksRQSUQ
M63CVx5ZM1YT9SQQAGwI2BuqpfGiZQDLiGr962DQwygIqMsn3jyZZ+ENGC0rsa/E/a3SXK1W
N84VnZydIRxrApgocoIJIQ0LJlPUYaF3WXHxAoeENg0gbmiMHkc3yzQkfBCXHeRfp2zhFbCx
LA9wD66hGFrq53DlfE2RwyKcnChNiKaDECstxfaktmJuaE8PlVp+uoXgEbcr0laI8BkkVBVP
OjXL1XU9KWeIrdYv2LX9Yr+rbWYNKVaEY+E2ULOhLEQS6+Tcou2Qi1zBzQ+p86yK6anziloi
LWmOYJds1RBTDQPJ8CavhX1ooq1Psm0ImI1gQhvxto1iGsVRDjfxMiBI2C0nsx7lcoW5EiVz
aa/gbyO+9DbKp9DbwXPU6vqjoIJ4Znu11IZNUk3aFCkq7ey6TiBBxVVNaNI0loA2D6Lv2jU6
SqIHfVrx1KNCEmSbokJZmtPLU6oCYy7odWQLTmOeI83yx5x/VKCLe0bPIciwOXP7JpLqIYuB
pFobMk6w1Hxc+X3Gf2uNxniJxj2y49PYXczeIOJ9yreKVRIc1K4258I40z5/Tj0+cvMK7iCC
332FPNilaxS6Pg73h7T0rz9ikC8qGmaVZa62HArDyXJwZTWnLSVA2vfJ7OsWa4BQOojEYZDo
VMUayPZie4jqaVqKFzeRWMounncDI3wS6sLR0dZVxQhmG4zqVWBRuxIr7AjLGwvXbkgVtWW3
bl92lMony1VBdhfMjqpzFk/7UMJRFMQzQulKkLhs4iKsmopVQLu7EDXp0SYWs2CfuWv2uxan
gHRLCaAKIMJjV11F5VjbU/cnfJ/WiHgqceNqZFQlUX/dJE3ghlklByO5gYjveZCGQZGAGfLV
ZrtuBUNgF1nRju4J2musiCot69DWYTBE4Ws4aNBkBew8rWkugT34bvS4rEUUbIVhb56aH9St
qmEtnx/6aFu6YpC5mvNTq82aOR5utBEEjtIz42BeetmYxkYc+gOZeTTkQnj/Nubr5nyaP3CF
T2wnm6YGU+yEk5bBLm2W2I3ucVgEN2GL912bNULYaJtXtE+hrh16HqS5oUWBXb4PLQqgwKJo
I5dJarkrlScXfovvngWCNZQbMwqZGviQctYOPs5lgwWxcVipm2PlgEpqtw61mhEes3oiFfit
mpaeaDyOa5gs2spSLSJp7l/L4xpe0jgPxxM45p8Yc7h+hTc+GB1lBAl/ZeytV1/uuvoGgivn
VFgDnrADkeCuSJpExsAiGI1zNTPwRXk/vyPd+XwZZixDNrJP3rTzUDIeZ1m2DH4asbk2w0QM
noDJ3wfuVatZWGlYISXnDDSRt2yE4ZQkDBWxl82mNcRBw5oV56Ft8cUeEtpmqjTMyyn57VS4
Axcu2XiWGGgmbzoWR5HNcuG0rLl3wWhT7MH47BF6wOOFZ9mE19Ia328P4dhet0aSW8MhmFik
xMrGJ2CKulWWKTlwNccasSPmsI4J2L2L6tQBJUUw4GD1qBoNbMltmAkoueigItC4RGKTCCj5
sOmsXQK0zNQhwsw0GLZJMv5vvB+UcQBm2FAedg77qFm9vVoEgetX1kL8CgOt/Fu5TsOiXIh/
VdlcRL2ASUM1D4YJfvDIiAreQdk1r9mVBUXSBB+3CYlCkqaPfp66aX4ujIH0eQhbkVmCZKIB
E1d1r0yJu4+hTRs+2NwtMTTMXN4pz3uFgNoVvG7SAlMyhj18qrZQEWf7gSKeRWo0SAtrxAOT
ZUNQXsq0BRQLYbFpRyMUtqnzYi3zD/NW+Gxz2plF/7IPqH/1/VZm9lsweSkLVfu5osaqKkDV
HXiG705ufo5Bff3NDInpeZjdP0MDEzXkV3yq99HQZGZDk61haLgqOd1wE4YGyk/sy4o0bsjW
NDRIgi1P+4LFuUlMt3yJG1cdo6sXnrFs0Fc4SxXo3Oc0lQZhA3kIZe20BkSpoaBasIDuVJO8
8V0gtfmrbylv/A4iaLa6IFhgsP6SOTKgrDo6GgrV1RzvOt/9XbcTRDJbTElBfteUaRjMj1+O
oSR+A5rer5WrCziJAI6nrnofcXm7RKRmc6iv8e36dDmNcLLbWzO+WITjKJhZOqrFXThLz94w
v0FTtdYheM9O7gDPJZ1z4e3gBLwpM1lwU1/QY0sDciVSsHe9buq6WcUl2xB0nYZfEiHHO1d4
yyjodXMLLnlj9hVZiVmpmbwhr46TZQdTWdDAW0Y0GvIcksfwV2J5VyvJmvR3h3SPhvbASvUY
9jucJiVUNAg1Tr7Z47siUfQlOXQYTZyN0++LWM020xqn58A5Am5sa5yvMxiKznHbPHriBJ6S
LTBY9/KetzpNLip75xpWsu0NdwFcMhth2T+M95rYPgy0q575/1GBPioQP9/BqUBy6yM6JOJR
t6wWsO/BWKDgerHePm0cW3islQmmV7jNlhTBJAuiqU9KFLHJigVGIHCTPttYQJPEs5XQDJkK
DkFWyBq+H9moPe5vQCjR4dEwrUzFO04qVTxfnRc3TyhveQKy1Olld6zhciRMa6OcHhuvjuYf
vVHxuZ3Ox3BOC16d3mgk9tpouTrfWnuXvok5JVp/vmSXLVtUykWN70QJ2h48rcyBaqQ4TSQw
4nBPkAtpb6gb0g9bMcc4KuUUOXnz7ofJDS2Zc3EyF8zxnsgkPcSpAd/A5kpPbeNzNe8cwnsC
DY+5qgSMVG0Ai6aCJIYNPXmCYyNS/YrTx3sC0TI2ghn2uAinDFvDeGGqIQTyZEy3ccHFlpDV
yuQNoV1n5cRFDU0qEfyVRYe7SiH198gjzTQLtGLbPXEOa7BB7f4DklVr1ozkgpBmkvtu9GNZ
h3Pftk6Tu95JodFec98HA3uJDD6ZNWFHs02SIvxp6hAFtbJWbr0bQKUHhBWF46jNam/wSzXi
sbulMnFN46jEAL7YZRIDs8GWauYrB9RlyeJVGc9Ov6ejJsqMUux9UQNoJtTM9p1/2AyyjnAe
PYkmkzDGUrDNEvrOBaI701zM1hkmji/f0lz65rmIQ8Qrms/D0q3RBRJoE11EsfRu5wKHk5vm
Ig5Qudu5gH6Y5oLd2mRndmM8Aq/IPzWlzENAv+l1yR5qsc8NcymtECYwuuKD3c7pyQkf4PM9
qZMkBWPLq774PSk8hSWDzzSJib49amNjMjMx8E0ktJS4kARfmxXnEcGXa/nXptYaq75EtdZo
NNoy0vCddhTDV3DDJ5sN/4v1hoOBAz6Vyf9t/riX1ldYCHdAlEyeKL6qOjSL4peSsKfwGTku
2bq36O3vdfqP+R0RflJHqDlvlS2UKtLygRWxdt3FXJxs1bS8+88/vP/XP7a++cWv3//y3775
5R9aBUpV7RYheRn/IFiFvcgaZtv5nrCjCPgwGYvzBaooF3fQ1VbRNGHUP9g97ur8LEri9g24
I+7L1Wmwa23FL2SWHhVzAh+eSJK4dWk7eEnwp8wzxmDBSl1od/e6veNHawkt6RAOpsk8wGCV
f57jUl0Ywxe6xa8KdfghfmzD8qnqcqh7sJ+PDlD/+s3f/vr9V//cevebr97/w1+++/1fr60O
I5PwlOkq1GHL9GIfbI9vpJGCj3Vv8P1ujbKFLI6J/XwC34JPmaBxGlTVSogc/Uqm/E4i+S4m
mETtU/APH/eOhyKQEHTU+kZ24b/HQkmXEnnheEHUwK01ZEiDxWIW7oyTmH0mIpzsYABC6GF+
ymhyjOpYoOubcRj6XHirXusHX4SjH5r5w69uwJ5HvZ7K4u9ryYWFNmLtZkvHZHag7w5kj9f5
jyEMFX5ffLNTLqzyp/BX5SEUEBaDHM+im3gOX8aUoiyDWkBCbwurWpP/+5//fvfvf2TTCIMs
P86i4KhdXBNbNYoLzCKLX8IiF/ZXtmJX7MmLCx36y2Tnp+dMgjyVrLAnhjbKPE3iG7OwWo0J
P2Ty9vBLPHMvR3x0K1IWU2FFRvjY6JR9+W41ApaAkn5DlH0ctvhSsBkRfpVqnfx6WD08hDgU
FRXm44Gre1zMWA4E1SP4wRHExwFRpD6LjvAfIC6uI8Pe7hAL9+Tys2etS8jNkmvo3UznLhTL
pWZDUPJ2h02ZA5gWNRhKmNreAjqz9rp6NLM4maQMXVdeN2CCLTJKLElVMkqmfAKMtCTwV6ro
hy1qwtzknLZk3YTeFbFv0Q4C797IaB2n0CCsW5XCRAmbpZ5hJov/QNV9FcRRNsV/FumTPZwk
4VFT5syRjggBr+Yib3fe//3fvP/V797/7uvWu9//R+v9P37ll4GBWiLedk3RzV9ZLSzBqKKy
w3uoZxriRPEqD1ditsRvd2iAj5bqhH9YvCljJXRh69YqtxW/Ppqqaf40nnC1J6eZfjRVVb+u
ZXIrTRVVImKrfvvVu3/62tdcCb58H+1VXQZE8c5tNLkJ6dkexR2UekuObbP49pDPY2a82lX1
YzAxVQYjixSB4PkW55XTBb8IrtWn0sNHewcythR+kR+fF9VMCzQSFnnNNdWjR/PFNMiizDk7
qh9wZi+iY08JTg8Gg12xrtgoDpS4jxMoPN6Gk3pFH53xw+HeYF/UacQ0tToOJCq7fN0bPjQ/
D0/Z3qCj9rX5jWsVerTAwWEJO7Sp6f3//sv7X3xtkSzOIB3b4+N+Z6iXjmWQ/r1KHCBFksUP
WIVGSd4sYSiygyJ4LK6trHKMuG1A7b491ARwgP/xOZbyCbEarJWnxbX1yyPSJmef/r8AAAAA
//8DAFBLAwQUAAYACAAAACEAIPlf8F0RAAC13QAAEgAAAHdvcmQvbnVtYmVyaW5nLnhtbOxd
y47rthneF+g7DAzM8nhEXa1BJoF8K06QBkVzii6KLjwenTNGfIPsmcnJKpcnKJAsCxTdZFO0
AYqi79Nl0+C8Qn+Ski2JIiXSlIdtVCCdY4uSxY//T378b3zvg89Wy4vHONktNuubHupbvYt4
Pd/cLdZvbnq/eTV9Mehd7Paz9d1suVnHN7238a73wfs//9l7T9frh9VtnEDDC3jGenf9tJ3f
9O73++311dVufh+vZrv+ajFPNrvN631/vlldbV6/Xszjq6dNcndlW8gi/9omm3m828FzRrP1
42zXSx+3Yp+22cZr+K3Xm2Q12+/6m+TN1WqWfPqwfQFP3872i9vFcrF/C8+2/Owxm5veQ7K+
Tl/oxeGF8C3X9IXSP9kdCdOLit+ld44384dVvN6TX7xK4iW8w2a9u19sj91QfRp08T57pUdR
Jx5Xy6zd0xa5zO8dutxkDMbJ7AmG4vhA5nEVYNzRm1ZLigMe3+Oolp+ILFFn0hHBjzi8Q5NX
KP5m9iar2WJ9eIwaNHlwQSVOke9fJJuH7eF1tovTnvZy/enhWVgzJd7M8onm5bu2k3oAo7qf
3M+2ce9iNb9++Wa9SWa3S3ijJ+ReYInsvQ+zxex2t09m8/3HD6uLwqeXdzc9izRZ7xZ3cO1x
trzpTcn/glHvCt+8eljuFx/Fj/Hy1dttnLXBc8YyJl/TZvvVdpldHI1Ho5E1teiV5SO+sIA/
2Y/BpJbss8aItoIZbbo6fHkXzxer2fLwgFfxZ4drl6h/+P7DefaYZfx6T7/e/irB772HXqd/
szbwGz3493YDiCM3tHH7q2PLxRpDgB+UXoZP97P1G+jqTc/xSXegOXk+/IUOkdtz6NaCjXhg
j+m7q4AdBi6yR4MDJvDWxoFtW6EIbHxZP9g2D+yJMth+gOzID40GO7R9Adb4qn6oHR7UU2Wo
HccehYFl9CTiu44AanxVP9R0Smfn60GKlMIUYtloEE28E6T69mG5jNP5F+bF/HT97qt/UhmA
759tun66TuiqkEw36/0ORmW2my+ABXzydnW7AQ4HM30EmBa+WKxhIbiLX89gBUyHmTxFce73
ODoySFdAhYFzXGcSOcMTdKT9gTtt6jdh4HzewBECocSQwiCKLLxTIhQLNAMEUG7Rbn3gTlpG
TBi2gDdsZM5WGrbhxB0Ek5Fr8LCdtCSZMGwD3rCly5PCNIlcx7YGZlOJ4/4i27jktyP4qn4q
EfKgJmRdSUM8H43Gw9Dkie0kpE3QEMTbsk+HdGKqVhHy7RJv5Gmr/I59EvmwY7fTjZHKeiTe
sR8mTHUGCDqMn8LZr+OreQU5tk7NAWX+d1/H7sgG/7As0437yYaLy5QynMSFvUC0wcNX80gc
W+tBgu6qNSDRv0wX4pPACOzMLlM1b+KreTCOrfWAQfe9esDoXx55hbqaDHzyFI6a4Kt5PI6t
9eBBN6fa8OhfehpmDmRZhDtwMCGX86Dk2utBhe78dKLSvzyusOqygpAnmlPJ5QIwx/Z6gKE7
K83A9C8DHUJjUxLDExp8uYDNsb0ebOj2RT82/cujnecE0XFd0byL8OUCPMf2euCh24RW4Olf
pvz3pIUJeQPRTEwuFxA6tldFCGRVyhnBeiMs23I8xxJapO7f3iaLu19itxCHTU6DgRWG4XE5
g35m1g345367BP/y0I3cEP6je5CC90dg23jRRLXzOycftn15mI/sn4Nyahh8tVjFu4uP46eL
X29WM/BkPl3Hs90+2i1mN70fvv/mx6+/Jc+lVsOK1nNwMlV8Lc07D4BZrhWCzYjYlPfg+AZ/
9yN4+poyUwGo7778qyysCN6mgKtLt9cggmJcfwveNBzhAE76g821+J0cMSe0n0pUCpCHn6wb
oH9IA1SeAZ8LICovROVSgFAbAP1FGqCBIRJEGHFBgsxQMds2BCCqUHkJMkPFbN8QgAgTLEiQ
GSrmmDJJB2TGyUuQGSrmmDJJQ6RfxouMWsWc55ukZcksG+1hDSaWbVP7EM+YXU9mh2Nkhe60
0jRaHjQdXKyZuzxPcctGrqYU9xTfd9k6WkaiBf3eSDOMsnY3BWa0eUgWcYLZP9bLNDKg9C3m
96WvJLn9eajrV9/J4mYjsbeJ6wMp8ni6Myp+J8ftz0Nd5RXOHkCwDRYMTnAgFyB9GncW0iqt
caBgasCUFYnKTunb0zXuPExWXuOwf1pJoIradbrGnYfJymucV2ayTadyfRp3Fg4rrXHg3VOT
nJJutbXGnYfYymuc7ypO4adrnCyxZWNrrbE3dqco9Y1Ve/sbEFsw004cLw3zL/r8D3TOsUPL
iSJNTl9ZJuL4Ra9+rdZLMjC6Tc/tSxGJQ1cwHj5st3HyUbzfx8mhk/ko2Eu7UdJCntYPrGLn
SwZEECMYM5xxkB86hlOiIdlaytuLl5unOKG27yxIsdAhp6pDyeLN/Z4CkJqB8z1CtkqXWBY4
VeySMEbFreoPk1VS6I6v0h2GubUnc550lyB7T0HoGFrVmtD5VT0SCx1YURW6xBKhVoQuqOqP
UOhspWmBIS/tCd1AuktAfhVGiGEWrQldWNUjsdDBQtWoS7JcgE3+sCaDkTuAkEAySatygZE/
juwxOGOzqR4IAOOxTS2TU+KxPdnzfvgpQRBCfratsXJVL4f6FniyHOpd4JkgiRK9qe4Skau8
s6E1uVdY4RnTEaJpSdAVwgequ2TsCl9n6Knujr4Vvlbo5Fd4kDHhhrG6S0av8Iz1pJHQGbvC
19k6qkdI3wpfK3TyK3ydlaK6S0av8IwBgSN00DWpmCw2SxB5k0kAe/DTVnjbHrhB4IpX+IkX
uf4QTAJ4W3naCv+7S/R72SUep+jkzeqlHS9rVqfb/SwuC/8cwF3I0SzujvXRgRb2+7A7Fna/
WkmMpgPgSFLokrl0AMLvRAJaPUL66ECt0MnTAdgdK3TJaDoAO2SFLhlLB2B3rNAdfXSgVujk
6QDDQUsTfbUeGU0HoAeNRgm6JkUH2NxzBM5nFDpp/ofqhj8aTaJpBPFzog2/Z41tK4I4bkwH
igV6BNHE0iHa0lZ+w0O027OtdU4EiHdXshYayymAIjWyFBaJrNmconMiUNupsZyicyKk1m2j
OUVbTgS2MAoK3UlgoxPTvqJp6NrjjJnkvdKEGlGb9Zk4hWpYTEXGVmZeeO60r2Y2GQExU0nz
qtl8sCaZlJudHiZTXPAYM4dF96DycQ1CgOTTvGosHGcDiCU4ZuSggAAJN0ZnA4ihTIZkUtZZ
YM4GEGPUMUTF6uw5ZwOIpXNmqFidhehsADFGJ0NUrM7edDaAGLppiIrVWa9aBEjWIMaWh0ND
a+pE7vA0/9iwi4Y12jumFPbGsEaTYmU6QxYUhGdYWXvGUwXnWGfI6gxZEJBATkVIjSNFN0gb
zjEl+zbDLFqb6QyKhmXrl9pBMEaBuA5mfWZMAHEwQxcOzxA5x6CgLC7H81wp30WnATDcNPpF
XH1HXzqc0WQBoVLiUCMHs9lswVPpEmsVmhqSOxOqdMdstlD2YzcSOsbq0trErZI7E6iMEmsn
aUXo5HNnHKVpgbFqtEdRFUJplKYFs9lCw6lB0nIAGfYkjCV30JVr+77lRlOR5YAE2HDqHPr2
1LfCSRqZW3R4NfPWCDMSU8YJzxWkyGRVj+FvxlTzx1y5NskSBqyyhvmcGny1EHB7aC2mERVe
sjSBvOpKuegHhBZ/nr2rnZKs3ecjfCoLYdr0O3hlYSSvDoD7eupx+6TgLAdjD67mMcafaaCy
6RhrSvqG1Gc9lb6FZ4gFpSPE8GchzGzs+NP1Lb1DIHcGFvz2yDzBkb4BXM1LH/4sCYtYEfVX
/K7KtmRSYrPZjDPthcLD/fDVPCjH1hyVZGVFDEorBb914IKQQyZcjrSQy3lkcu01QdNWyW8t
6NjCkxUQvlxA59heEzotFv3WApCLhJX08eUCQMf2mgBqt+y3Fow8L1t5skkqT7kQvlzA6Nhe
GSNQZ5mocpst/O2O3AkauynlVI0q75xoUI4bBreQnt2VlAFECLHvSsqAx4uhMoXZoYsGpx4n
s81iXUmZm57ZZrHOiUbPe8dWkhw1gJk49wkf/26zdZPd8QjZLtihYaOoXjd57HpWhCZiJ5qD
nEEQhFHLGWbtRIN/94f//PGLi3///U8/fPMtoXQ/1bNAuiDx2lXdjBho1h1I6armKHrps0C6
IPEaXtgFidcBVJP032IEazFRhXV+mqFiXZB4jQR1QeI1AP3vBInbbMlkD00nrj05sWqCP3Rc
JxiLSyZb1tgPPKi0hNlzMVxQkHv2ry/+TPm22N2bNxbUhERzp7zRbLmAI/wwZT3mNua+zGqB
H5v9n59lV7NZ5AL5E0pyLDrMSpFNZwPIYP5qBkBMgJwhGVh1RZjPJkGMXdGQDKy6igxnA8hg
/mqGijF2T0NUrK5axNkkiAkuNETFYNF6LgmS9c+yZb69ke1702F6dLeqfzZyUDQM/UZn2T1T
me+afTwgCQQZM+t8uGWV0xW3qS9hWpvAI19yq6vjmRbXYdlaK3Hg8gd31Jkbq4WM4VbtxYEr
pCpiSg4busORdCWKXt0lhg0ZlXygNBWw/KUVoVNIPqjxklSPEMM22hM6heSDmuI31V1i+EFr
QqeQqghq00iPoGs5Rypea3IfK7ysbFlvbzyZQNWt1D+quqLb3th2J77Yy9rV3Fru06hnQWg3
QyIMIfZ1fOJsxJ6w53xomyHEvq7K+NkAYgmPGb6fOr5zNoAYCmWIinXu1RrfT1eDqwagzr1a
B1ANVzzbHMTQT0NWsTrm2SJAsmSWLUoPabTI9xzhKXSiTNpgFI6m4+wUu7xph2bt1htyBK7V
d83Om86yNTgpZQEkENPMuaxh3heLr+a3320U5CjkzWYvU0totcZ2NTqfOsOHAyQ59o6PZN2p
eFw9aHSiNXNAsCyolARrBfVds+Ora2AlR+/xYWVO5msqofJObllIKW02EVI4akOg83WnA3Il
tX1IKdE2EFISZcWXUnJZZR5tH1JqKzUQUnL8IR9S5nREcxSf2moNhJQcwciHtO6ExmdUfGov
NhFSnIMhgFQ1RaN9xacbBgMhJUdQ8iFlTqh8TsWX3WKwZ1T4COprocGJGcojxwNcwjQOtLjR
gHWHWjeHdjTwx0MdW48v/4aFnnirBUV88juJsFQvpuTI0zi3wJjU7h62y/lNz0FTyxl5khGt
0ueAIccm09fBh9lUYCuKDh0DW3/4/psfvz5Lfpax9vHAEJEy1j6ODAHIWPt4uYjVc01KTMCC
IcY725RZmw1/MMMF5TiGqBgTUGGIC8oxZZI21j7+fJO0LHllz6jwPRsOVh8LU+pF9vHJZBiN
o2Fl4lGzQMfOPs6JGtW6sevs4519fHHTKxolhPVPM6OIYCfW2ce1Q9rZx7VD2tnHtUPa2ce1
Q9rZx7VD2tnHNUAqu8Vgj76B9LCpM5kQPqFetaur4NlV8BScd9VV8OwqeMKhfZAjQ/2OpGIx
zF0VOZmMqba1NB+Vg226Cp5dBU/w9/JP9qub6RRyy8CdSawjB/8mR49YLgBVhOBl4f9xxU5a
vDuXbvby7tCTTC+hKTYLFu6jhT7l76PFlOTvo+5i+ftoqpz8fTQqufK+rCB7FSw00qDytuyg
lqrbqI238jYSXACDWHUb5W2Vt2UH9VTdBpHRpRzD46CT3D/OzyGBsGSV/Ct/TyAsTjr3V94n
EBZbdJ9IWET3CYRFpAtIICyHOO/KDgrExRYNPJyMwB1BGCW6nFb+okBkbNEYQj+4vwgnAPB/
ES7ybxSpUlpLuFK6IbRD8IsCsUEieYOjorivejiqogpVOOiKf6NIE2GQ+TeKRBwA4N8o0mEY
ZO6NUOlOgKpAciCNnH8j5HHwf1HUR0ckOSJUHcF8czgOrGocHZHkiEQOzsHh9hFmhxw4dGq9
jZPF+s37/xUAAAD//wMAUEsDBBQABgAIAAAAIQCEhj1YeQEAAAAEAAATAAgBZG9jUHJvcHMv
Y3VzdG9tLnhtbCCiBAEooAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAALSTS07DMBCG90jcwfICwSK1E+g7aQVpKrGAorYgtiZxUwvHjuxJaYWQuAM35CSkPJMF
G1B345nR/31ejD9cZxKtuLFCqwC7DYoRV7FOhEoDfD0fOx2MLDCVMKkVD/CGWzwc7O/5V0bn
3IDgFpURygZ4CZD3CLHxkmfMNsqxKicLbTIG5dOkRC8WIuYjHRcZV0A8SlskLizozMm/4/BH
Xm8Ff41MdLy1szfzTV7qDvzP8A1aZCCSAD+OmuFo1KRNx4u6oeNS98zpHnfbDu1Q6p154bh7
Gj1hlG+XPYwUy8qvl96qyMq4FfRk/mDBDMLJBXJb6PX5BYVovX4vIp/8LPjki/1Pi+OKRcKA
1zQmMeg7bpBHXXcn9JMKXRvJVFrjRyqVwi6RVnKDJkakQjHZQ5/tnRg1K0Z3suC5UPc1p1vi
tnZCblXICbdQo+6E2K4QWQFLbWrMAwn988tZNJ2j2eR6GkaHs6ODFPq/uZDtcXyc7uANAAD/
/wMAUEsDBBQABgAIAAAAIQB0Pzl6wgAAACgBAAAeAAgBY3VzdG9tWG1sL19yZWxzL2l0ZW0x
LnhtbC5yZWxzIKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAhM/BigIxDAbgu+A7lNydzngQkel4WRa8ibjgtXQyM8VpU5oo+vYWTyss7DEJ+f6k3T/C
rO6Y2VM00FQ1KIyOeh9HAz/n79UWFIuNvZ0pooEnMuy75aI94WylLPHkE6uiRDYwiaSd1uwm
DJYrShjLZKAcrJQyjzpZd7Uj6nVdb3T+bUD3YapDbyAf+gbU+ZlK8v82DYN3+EXuFjDKHxHa
3VgoXMJ8zJS4yDaPKAa8YHi3mqrcC7pr9cd/3QsAAP//AwBQSwMEFAAGAAgAAAAhALwihrrg
AAAAVQEAABgAKABjdXN0b21YbWwvaXRlbVByb3BzMS54bWwgoiQAKKAgAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAnJDBSsQwEIbvgu8Q5p5NNqSlLk2X1W5hr6LgNZumbaBJ
SpKKIr67KZ7Wo6fhm2Hm+5n6+GFn9K5DNN4J2O8oIO2U740bBby+dLgCFJN0vZy90wKch2Nz
f1f38dDLJGPyQV+Stig3TK6XVsAXZ7TgxemEWck55sVDiaun8x7Tlp158VhWHeu+AWW1y2ei
gCml5UBIVJO2Mu78ol0eDj5YmTKGkfhhMEq3Xq1Wu0QYpSVRa9bbNztDs+X53X7WQ7zFLdoa
zH8tV3OdjR+DXKZPIE1N/qg2vnlF8wMAAP//AwBQSwMEFAAGAAgAAAAhAG+laUScAwAAXw4A
ABIAAAB3b3JkL2ZvbnRUYWJsZS54bWzUl01v0zAYx+9IfIco9y1OmvVN66a1WxEXDqyIs5u6
rUVsR3a60hsSR06IcUTiBDeEBNzg28Blg+/AYyfpa0IbGEIkWtc9jp8kP/+f/+MdHj9moXVB
pKKCt2x3H9kW4YEYUD5q2Q963b26bakY8wEOBScte0aUfXx0+9bhtDkUPFYWzOeqyYKWPY7j
qOk4KhgThtW+iAiHwaGQDMfwpxw5DMtHk2gvECzCMe3TkMYzx0Ooaqdp5C5ZxHBIA3Iqggkj
PDbzHUlCyCi4GtNIZdmmu2SbCjmIpAiIUvDOLEzyMUz5PI3rbyRiNJBCiWG8Dy/jJE/k6FQw
3UXmGwttiwXNuyMuJO6HwG7q+vZRCs6aNjlmEDyfsb4ITTzCXCjiwtAFDls2OoDTRTphDVXh
9wGq2Y5OEIyxVCSeX+gl4SFmNJxlUSkY5slARONgnMUvsKT6eZIhRUcwMFF9BDdMDzuJuKCH
1Yi3cU1lNRKYPPWlWRCBPPPM8PhOopwNED3KiLLukal13zy5vmCdiAcUqqgCJHz48eCbn08E
3QyRM3hw76TbXRDpQKRW9900siDSSCO5RMz7u0me3Ylcv7/88fSlkQYO43sgl2wN2xhKcpQu
7ppqNJVqckNQjjlzGdXdm2HU1vcCSAtG1cZprdbpttcZVcBcjNaKGIFwGibP7oweQtFqs1IF
FWRALH/kskC5FYQnsUgZ/w8F1BETSYnUJZQLwwMbqaAGlI22Eg9KqEzxMDEgMvUTLuKenJDe
LCLGj1b8ZUgfk0GCLcdcKguZZKuyLhO0TSZ6oinA3WVy/fb591dPrKsPr68vk4ratJY2UKkA
F33oz3w6+WWzTGeFRrHbNsx9lusGFdSN622vm7JAOjikfUkLhNI1AtFC8Q2SfBSwUGb5V/uO
mlKlSpWNdlnkLbusD4GTzjyycNnMd4scBIRR1kF6eAz9pgBEG6xUI9ANx9c4khdbb8A3BQL6
rXc2f21onLrdVNHBhpV629oN+H7ZdnP16eP1m88GxFq7uTMJKUuXdKPbaET6SHsNCDFvj3Jj
ZfNv280J7J3yN2seSrSiiyY5/7JWAHnu1iRz2EXRbNMKrF1ZrZxTdj7heVr59u7Z1y8visTi
GrFUtomlmsxfNZbfbccZECgnr17vaq2utxwX/gP55c5EG1LJltPBDAy2yFj0/jWxFb2fLWcs
5Xf2+Q6L/LnVLMSSsfkTh023+OroJwAAAP//AwBQSwMEFAAGAAgAAAAhABQRy0lfAQAAqwIA
ABEACAFkb2NQcm9wcy9jb3JlLnhtbCCiBAEooAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAIySUWuDMBSF3wf7D5J3TWJZt4laWEefVihbx8beQnLbhpooSVbr
v1/Ualu2h4Evl3Pyec5N0tlRFcEBjJWlzhCNCApA81JIvc3Q+3oRPqDAOqYFK0oNGWrAoll+
e5PyKuGlgZUpKzBOgg08SduEVxnaOVclGFu+A8Vs5B3ai5vSKOb8aLa4YnzPtoBjQqZYgWOC
OYZbYFiNRHRCCj4iq29TdADBMRSgQDuLaUTx2evAKPvngU65cCrpmsp3OsW9ZAvei6P7aOVo
rOs6qiddDJ+f4s/ly1tXNZS63RUHlKeCJ9wAc6XJX+cpvhjb1RXMuqXf8kaCeGpyJfW+KVP8
W2nNBg6yvZ+cPnaWcR5IKyO1A5HHhE5CSsKYrkmctB/5GqGDySfrFtHHAxH4akm/iEH5mMyf
1wt05sVrMk3oQ88bXF09/9cRqE6F/k28u78mDoC8C339vPIfAAAA//8DAFBLAwQUAAYACAAA
ACEAqchcqowAAADaAAAAEwAoAGN1c3RvbVhtbC9pdGVtMS54bWwgoiQAKKAgAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAskmyCs4vLUpOLVYITs1JTS5JTQkuqcxJtVWKcQxw
1IsI9lFSAAv4JeYCBYFiSgoVuTl5xVZJtkoZJSUFVvr6xckZqbmJxXr5Bal5QLm0/KLcxBIg
tyhdPz8tLTM51SU/uTQ3Na9E38jAwEw/KTMpJzM/vSixIKMSahhVjLKz0Yd7xo6XCwAAAP//
AwBQSwMEFAAGAAgAAAAhAE56GwfyBQAAHGMAABQAAAB3b3JkL3dlYlNldHRpbmdzLnhtbOxd
bW+jRhD+Xqn/weJ74n1/sc45KU1PqtRP17sfQDBJUIG1gMS9+/Udg7GhgQtWjMk143ywA8sa
ZmZnn5l5dv3h4z9JPHsKszxy6dKjl8SbhWngVlF6v/S+fvl0YbxZXvjpyo9dGi69b2Hufbz6
9ZcPm8UmvP0rLApomc+glzRfJMHSeyiK9WI+z4OHMPHzS7cOUzh557LEL+Df7H6e+Nnfj+uL
wCVrv4huozgqvs0ZIcrbdZMN6cXd3UVBeOOCxyRMi/L6eRbG0KNL84donde9bYb0tnHZap25
IMxzeJ4krvpL/Cjdd0PFs46SKMhc7u6KS3iYeXVH821XcDkl5ack9mZJsPjjPnWZfxuDBDdU
eFcgvlX0lO/eZ5tFtFp6jGsrha5O37rVt5voCU49+TFoxptvG4Ps/gzvivoo2R/9HN0/dBz+
4tbP2167onDJf47D7Vyvsu13FIdrUtC5Bw3z70sPLAM+rP0AnqH8HLjYgar8x8JVtxE37uy4
K29bd3TctVnzyY+5dF7qoHzo6mNbG1IrYiyzstQWqmOgEZxCHdXg+O0hildtnQhlmeSWlSrB
sfBsBI4qfEoZU8IyZbvEf8EJeqPNYlQNMAUuCYZAl/xR+CMLnxJNlTRGKRR/9/x/CtvvmokN
pVZwoykKfjzB9865VBFhCBWao/gnEL+wUlHOdOeki07/NE6/y+tIwiw3TFbhGILNc4NNEL1l
xKDTGc/p1GZfvee7gKs+Ws4IEPOXqQkiuOJMUnRDPcmPU4Kfbn2c92hT+4oqSgnVmAo5Kh92
CpPoh2WcaG244BgNjjgi+8VPmdFCaobwYBrxU0mstRSDkinEr4yFUoUVnWgANNNdlmiewMJE
fyWlmuh31ZhtmagjE26t0Ewz26mBHvkfDqP0B0m/RsLTIS9KiBWUCl75OaxCnbEKVWu/iYQp
44oZKXbjDvVxRn30YzGrGRQFIVuDyYLxkgW94meUaw0ZejNafp4xWSGKd01S6FWA4VCUgtI4
YoEpsDDUR5RWhird5X0uIGlSM3c+N5kqnWCs0RhJOiWraAgWZoQriC0U+v8+ZtaomShLIA1i
JSVd9n8w85et/9AWjX+w8UMeShhJ9OtnX1nPslDraitA1BH9G5p/tzzNeE9OBO7onpwIjNXN
YletuilflQcedRBAoEaIoBwLVpP4IAoYiFKuLKZjR8RAdUR83nzIWN/Wius5MxzIjbqaxDCu
fxNxPTBfrNGcvSNk0T+tNSP73+X27xzTmoCqrzSMYGw5mV9t+ilhjOGS2Vdnupps7TbY2595
Q2DvmGUdp2GE9SZbmGKaC4Nl90lwHhQeleUUKdgjeqNe06eQZiRCy85E1yF4x0C/XLF3jM8a
kuWiRkohpbRo/FMYP6fGSM4Y0q2mkL6xIH2jduHZK8jYTQ5KG/fsz3TinjYup6yRb2oCc1W+
KmD+8y6H7Z0BBDGCAevtHQVkx7jx00DPnzXL0oxTqBKQNIaqcOUuMZ/yJvIpAJ41AQbLq6PH
A9hr+9Dd8U4PetxA+h86T8M0LKRj6DwniRw54cAY3jJJcB+NRoHssHvHqOUxI4A2B/l1LM9M
gZ5h9bSC5escpT+F9AWsXYfyMC4kncTvAztREgn0LIxZpjB+qCYY2DdG4rQ7hfQN10CJAPmP
BXqQmVvtmQYRT9cqHQaFU/D+aPwjGv+P0yXNpIRSEhYxM4489d4t/E4RBPxYIdXZerC8/bZN
A6LawiZofFsh3waRmNU6Y1artpSWPqzVlIh6l5BB+tin+aGI8HKlstkaU13DSckaSOFGEIGg
e8SZrxwKtSdtjQuuiOVA3MKAfwrxSwEELaYNSn8K6TPCYJNG2DUNxT+F+KmFop+lTOHOHCOK
v0ZD50XTzTkGIlvY/AYCqmqYDcJeh7Lhy8jr0BZx12DcBftEQLoTnN9r8z17EvCztWBY4t1t
Sd4FvOBXDAisxBask6PXDCZaA6B5ArdmGXtrlq3+3LqIkuh7+Mll15nb5GEGi7TBmTZ+0+Lq
XwAAAP//AwBQSwMEFAAGAAgAAAAhABxsNwJcGQAAaboAABoAAAB3b3JkL3N0eWxlc1dpdGhF
ZmZlY3RzLnhtbOw9TW/jSHb3APkPgg7B7sHdkmzLsrOehe3unm5sj7fH9mSOBiXRFrclUkNS
7e4+BcjsZReLTYJsMECyQYIE2dySQwIsgv1Fac9/yKtXH2TxVZVYEmV7dnoO4xbJeqz3/VGv
ij/68dvZtPUmTLMoiQ/b3UeddiuMR8k4iq8P219cPNsatFtZHsTjYJrE4WH7XZi1f/zJn/7J
j24OsvzdNMxaACDODm7mo8P2JM/nB48fZ6NJOAuyR7NolCZZcpU/GiWzx8nVVTQKH98k6fhx
r9Pt4L/maTIKswzedhLEb4KsLcDNKLRkHsbwrqsknQV59ihJrx/PgvT1Yr4F0OdBHg2jaZS/
A9idvgSTHLYXaXwgJrSlJsSGHPAJiT9yREqwMLyXj3ySjBazMM7xjY/TcApzSOJsEs0LNFaF
BihO5JTeuJB4M5vK527m3R3yPoVyHR48SYMbYEUBkIAzEGPMB82mnA6MvwVXqxC7HRcygiMM
hJpDnSno75QzmQVRrMCsRpoycUEf1pHvT9NkMVfTmUfrQXsRv1awmFp6zKzTR80ro5Z5ASCq
ez4J5mG7NRsdvLiOkzQYTmFGN92dFpPI9idgKsbJ6El4FSymecZ+pq9S8VP8wj/PkjjPWjcH
QTaKgDwX0Qysy2l40zpLZgFw8uYgDLL8KIuCw/aH//q7b//qN+za5CjOzE+PAK0qkMfsTdMg
voaRb4LpYTuMt74412G/n2ydnLJLw2gMkIN06/yoDQMf48Tl3xICc4UOf6qCLdgFsBLn3FoC
LcKrl8nodTg+z+HGYRssLl784sWrNEpSMGHFtfNwFj2PxuMQbLN6Lp5E4/DLSRh/kYXj4vrn
z9AyigujZBHnh+1efw8ZMM3GT9+OwjmzUPC6OJjBm0/ZADAfNwdfybFdhihQyPT4JAyYW2h1
vUf0vEdse4/Y8R6x6z0C/Ionrfa8R4C/9XzHfu0RowAFgD2flSQLGbqoiFV9Ll9E+RTUv+as
zxfD3GvA83fzMJ1GzODdHCyiQkn29x3Cep6nCfNk+pBefUl8OptPgiwCV14BgXpYS2GeX3z2
snWRzFvJVYspWBWUEwEcfJzkeTJbaTxX7tYPvgyHP/R68atpMAonyXQcpq2L8G3OBlNpqcuH
06R1Pg9GGFXohKwvYC+j60neAi/DzE8Vl37HIQV85MsoQyzKwtN3WTo+7NM0gjBEn3S/53jb
Z+E4WszkRLmd1N65XX8wCqo2eGf5YIao4bW7NUfSd/aXj2RUMrxzr+ZI+s5BzZHoIjQKuezB
E0gVWiZB2HPJz0kyTdKrxVTytCoOey4pUoONr3UJkhppEsE9lxRpqtI6Go0g8jBwx4VzoTP2
8S60C+Wxj3chX9UiOxQXISpQenYotfXKDsKlYGfhm4gl1+uZUdTsV0EaXKfBHDJD3Spt1w9+
Pl8kOTrrsub06ocQL2IIZrOwZYSzXd83Cv4gXg7m1DZAdubUtkR2ELVNkh1ELdtkHe5lpOxQ
XGqrbA6yxGY59lyaq0CgT7CCcKmt0X5RH+Fnv+h4FyGo/aLjXVSoWJ6uZAeF4iJEBYpSEQrF
235REC77ZVRUCsJbUSkIb0WlILwVlYLwUlQyfCVFpVBc8qm0rKyoFIRLRBWIsqJSEC75NCoq
Dcn8FJWOdxGCKiod76JCRcWUolIoLkJUoChFpVC8FZWC8FZUCsJbUSkIb0WlILwVlYLwUlQy
fCVFpVBc8qm0rKyoFIRLRBWIsqJSEC75NCoqxovlCLBmFi19GR3vIgRVVDreRYWKiilFpVBc
hKhAUYpKoXgrKgXhragUhLeiUhDeikpBeCsqBeGlqGT4SopKobjkU2lZWVEpCJeIKhBlRaUg
XPJpVFSsUa+hqHS8ixBUUel4FxUqKqYUlUJxEaICRSkqheKtqBSEt6JSEN6KSkF4KyoF4a2o
FISXopLhKykqheKST6VlZUWlIFwiqkCUFZWCcMmnUVFxaWgNRaXjXYSgikrHu6hQUTGlqBSK
ixAVKEpRKRRvRaUgvBWVgvBWVArCW1EpCG9FpSC8FJUMX0lRKRSXfCotKysqBeESUQWirKgU
hEs+2VLjNGzZVvK6/lVPG6he/cUsMamz8CpModMqJLXc+qBkLdYOC3P6WmuVx0nyuqVWcsuG
bBvzjXpAouE0SrBE/W5pvXsb18bpsrO9AeHipyet57wJYTl0ZC6FDpVzHRXo6ig3aLDuB2xs
gwdzWHk+bM/LVXdo3mBdLNAphzNgPR0voAcjwCYL1lUBw7CvRPRWIDLihfhvaLQby2egUe24
N+gJgwBdJOzleTDEHhn4K5+bhlc5e908gY6WvX1hTG0PdLv7QjWtT+wOxDutT+wP0N4CceAR
nE8CTYJX0+Tm1SIe5XJmorwTLPKErfKGT55a75xW74x/tsjyM7a0+yIuSMIX/zK+ZAxDhiE0
/AEXuj3xrhyWpI+m0XXMWu8kzGGQhdAiELLRMGdBSmgzQna+l4/1pB/SG4A+PWbULZqLeE8Q
B4UwACTKxBLhwGeYOHSJOBS9MygFbL7jn7JOHBSWgGMdA2qVS16i8zoM56cAA1/BfrwEkmT4
ixJ0W6b8EVKfyRgXLpjBBOgDS+0lYUsWOaPvyzdTOUFkB6H1cA2q9axUE36iQjUh5etSjZKm
tyNkjWKN75RY+4rFthVB4cXuCsGu5D1FEEm9KoK82a9sBqXcC8WrICjQXpeD0kSVrNloGgap
h83sgAfnoiuBldWiy26X9QIvoGJRCiJSq1Jw1yoiIv6tUFDQdV0KUiwQ8KpY9K1YiBB8M1hI
1lnloGCb/RHhPQF1CU6TBOY6NUlQvpTSULpQdEcA0MuH8L5Nky6JHKRCQ0HZ5iUBAa8qCQOr
JIgI5K6wQKKtisW+FQuRid0VFki05ViMJhCzjvIQLaAtZO0QpERLc0v1mUDXYpzz2KTICGQA
INxv0RqI9lCPuLlJtcg96BfvG7XNkIZRoqnxAkfy96lGRDkv2VW5bGKg4MOpiLmHUx6D3oju
aR75j98GHHl48CScTj8LUozQoaPz5sDyKIuj+N1uBy1FBdSQd3Rax6fY64i3TQCA9+XJ8J8M
CfiXhczxYjYMU9E5aSM1jb2gcZMl7zbu16WyfV5aXjWCXCCZnbN8qppbHcVg004T3jTM6F+2
iXjzEub6Z8Fs/uct/hAKRkUlBScN5nFpRuYVVu8MROz4s5EUSNaDB6rIdUFPTYY41axIUKSC
L0k7NAV30W4+B44TRT+azy/ZdSOhxPztZBFpVbp8v4ZlbwZ/LadHc4imFkTZ9VUQbUBy57Bl
bRzZhVfcryO/mhYgOh6ibEeltiCluVGQ0vw7Iki1rU2ai5yFag0gK+8ZBYqLmQdfVKWC5qB3
Y0c8qHKaGAkClxumxQbNLex/EeWQzVncNDcaIpCdezREaW5xnzCt+/eZqt6yUZ9ZW9bPT2ng
eXR++kgEvObAwu4u7XXd5UUK/QljZbfyiEpH7RmuqO1igitjFK3EvAubBlGpSzC0B7pd6Dh3
P7HXEeSywej1+kuK0L3Btih62GBs73REadD6xH5fpGi2J3Z2t0XqbHtit9sRhSrrE32+pgZ+
Fh7Bcjm16OaCaTWKOkkWaQQ7r2DfK9YZ+O7W8lVubvH/cfIqTZIr/HcpiJRvWhJb1VWIk2A6
JbYfL/Kp1K1lL1URL8uvapjl8oxYHAE+6HF2BDOFi00RBPY7G9zhCVyGUO475A+HyMA1vGJt
EQLSmD0QEu374oK0aBvTdVw8pOsCkDbEsE+nBSGDWCU2qppI1SqVDrueicwNVvL4Epq0/tkC
tthmozSaY77fnKaEUHyYhm+oP1U3jHhxFbLjIZSb2liZfFdtAiBaXdOSNgL+WgondYVb4EJL
KOqGCUmdAktxLWOEcUAZpe39VcqbjrqBmJxJMJGh5vUqHV8/lETc0hxXnn61wPNYiOdSN0xc
EWWipXOXbr4UEVQCMdMqfOWRFWM1UU8CAcCGgJ2BWhovWgawjKjWv/b72xgFAXX5xJsn8zS8
BqNlJfaluL9RmptaIyokX5ErOjm7AzjWBDBR5AQTQhoWTKaoy0LvsuLiBQ4JbRpAXNMYPYuu
F2lI+CAuO8i/StnCK2BjWR7gHlxBMbTUz+HK+Zoih0U4OVGaEE0HIZZais1JbUX2aU8PlVow
JQWPuF2RtkKEzyChqnjSrVmurutJOUNstX7Brs0X+11tMytIsSIcC7eBmg1lIZJYx2cWbYdc
5BJu3qfOsypmIU+qh8ul84paIi1pjmAXbNUQUw0DyfAmr4XdN9FWJ9kmBMxGMKGNeNtGMY3i
KIfreBkQJOyWk1mPcrnCpYiSubRX8LcRX3oT5RPo7eA5anX9UVBBPLO5WmrDJqkmbYoUlXZ2
XSWQoOKqJjRpGktA6wfRd+0aHSXR/V1a8dSjQhJkm6JCWZrTy1OqAmMu6HVlC05jniPN8mec
f1Sgi3tGzyHIsD5zd00k1UMWA0m1NmScYKn5uPL7lP/WGo3xEo17ZMensbuYvUHE+5RvFask
OKhdbc6FcaZ9/op6fOTmJdxBBP/4FXK/Q9codH0c7A1o6V9/xCBfVDTMKstcbTkUhpPl4Mpy
TltKgLTvk9nXDdYAoXQQicMg0amKNZDNxfYQ1dO0FC+uI7GUXTzvBkb4JNSFo6Otq4oRzDYY
1avAonYlVtgRljcWrt2QKmrLbr1d2VEqnyxXBdldMDuqzlk87UMJR1EQzwilK0HisomLsGoq
VgHt7kLUpIfrWMyCfeau2T+2OAWkW0oAVQARHtfKsTan7s/5Pq0h8VTixuXQqEqi/rpOmsAN
s0oOhnIDEd/zIA2DSjOZIV9ututWMAR2kRXt6IGgvcKKqNKyLm0dBkMUvoWDBk1WwM7TmuYS
2IPvRo/LWkTBVhj25qn5Qd2qGtby+aGPtqUrBpmrOT+12qyZ48FaG0HgKD0zDuall7VpbMRh
ty8zj4ZcCO/fxnzdnE/zBy7xic1k09Rgip1w0jLYpc0Su9E9DvPgOmzxvmuzRggbbfOK9inU
tUOvgjQ3tCiwyw+hRQEUWBRt5DJJLXel8uTCb/Hds0CwhnJjRiFTAx9SztrBx7lssCA2Dit1
c6wcUEnt1aFWM8JjVk+kAr9V09ITjcdxDZNFW1mqRSTN/Wt5XMNLGmfhaAzH/BNjDtcv8ca9
0VFGkPBXxt569eWuq28guHJOhTXgCTsQCe6KpElkDCyC0ThXMwOfl/fzO9KdzxdhxjJkI/vk
TTsPJeNxlmXL4KcR62szTMTgCZj83XOvWs3CSsMKKTlnoIm8ZSMMpyRhqIi9bDatIQ4a1qw4
D22LL/aQ0DZTpWFeTslvp8IduHDJxtPEQDN507E4imyWC6dlzb0LRptiD8Znj9ADHi88yzq8
ltb4YXsIx/a6FZLcGg7BxCIlVjY+AVPUrbJMyYHLOdaIHTGHdUzAHlxUpw4oKYIBB6uH1Whg
Q27DTEDJRQcVgcYlEptEQMmHTWftEqBlpg4RZqbBsE2S8X/t/aCMAzDDhvKwM9hHzert1SII
XL+0FuKXGGjl38p1GhblQvyryuYi6gVMGqp5MEzwg0dGVPAOyq55za4sKJIm+LhNSBSSNH30
89RN83NuDKTPQtiKzBIkEw2YuKp7ZUrcfQxt2vDB5m6JoWHm8k553ksE1K7gdZMWmJIx7OFT
tYWKONt7injmqdEgza0RD0yWDUF5KdMWUCyExaYdjVDYps7zlcw/zFvhs8lpZxb9y+5R/+r7
rczst2DyUhaq9nNJjVVVgKo78KqfjGTOwfyNSW6y4P9Nur3MkJiehdnDMzQwUUN+xaf6EA1N
ZjY02QqGhqsSsn+jGmszNNmKhgZJsOFpn7M4N4npli9x47JrdPXCM5YN+hJnqQKdh5ym0iCs
Lw+hrJ3WNGddBAvoTjXJG98FUpv0f0d543cQQbPVBcECg/WXzJEBZdXR0VCoruZ41/ke7rqd
IJLZYkoK8rvcbRtblsvmxy/HUBK/Bk0f1srVOZxEAMdTV7NWcXmzRKRmc6Cv8XV8upyGONnN
rRmfz8NRFEwtHdXiLpylZ2+YX6OpWusQfGAnd4Dnks658HZwAt6EmSy4qS/osaUBuRIp2Lta
N3XdrOKCbQi6SsOviJDjnUu8ZRT0urkFl7wR+4qsxKzUTN5QqQwnyw6msqCBt4xoNOQ5JI/h
r8TyrlaSNenvDegeDe2Bpeox2BXRaQkVDUKNk292+K5IFH1JDh1GE2fj7O6KWM020xqn58A5
AlwCbDBqnK/TH4jOcSsMcQJPyRYYrHt5z1udJheVvXMNK9n2hrsALpiNsOwfxntNbB8G2lXP
/P+oQB8ViJ/vsO1SILn1ER0S8agbVgvY92Bc2OB6sdo+bRxbeKylCaZXuM2WFMEkC6L5bUdm
hgYI3KTPNhbQJPFsJTRDoQSHICtkDd+PbNQe765BKNHh0TCtTMU7TipVPF+eFzdPKG95ArLU
6WV3rOFyJExro5wea6+O5h+9UfG5ne7HcE4LXp3eaCj22mi5Ot9ae5e+iTklWn++YJctW1TK
RY1yDahuIe0eVUYPFOWBQvbgaWkOVCPFaSKBEYd7glxI4lE3pB+2Yo5xVMopcvLm3Q+TG1oy
5+JkLpjjPZFJeohTA76BzZWe2sbnat45hPcEGh5zVQkYqdoAFk0FSQwbevIEx0ak+hWnj/cE
omVsBDPscRFOGbaGNRrl5cmIbuOCiy0hq5XJG0K77tKJixqaVCL4K4sOumW4625+zQIt2XZP
nMMKbFC7/4Bk1Zo1I7kgpJnkvhv9WNbh3Lf9gGivue/9vr1EBp/MGrOj2cZJEf40dYiCWlkr
t971odIDworCcdhmtTf4pRrx2F2ujT6NeEoM4ItdJjEwG2ypZr5yQF2WLF6V8ezubuuoiTKj
FPuadl+hBtBMqJntO/+wGWQd4Sx6Ho3HYYylYJsl9J0LRHemuZitM0wcX76hueya5yIOEa9o
Pg9LN0YXSKBNdBHF0rudCxxObpqLOEDlbucC+mGaC3Zrk53ZjfEIvCL/1JTSoYB+0+uCPdRi
nxvmUlohTGB0xfud7snxMR/g8z2p4yQFY8urvvg9KTyFJYPPNImJvj9sY2MyMzHwTSS0lLiQ
BF+bFecRwZdr+demVhqrvkS10mg02jLS8J12FMNXcMPn6w3/i9WGg4EDPpXJ/13+uJfWF1wI
d0CUTJ4ovqw6NI3i15KwJ/AZOS7ZurfY3tvp7j7jd0T4SR2h5rxVtlCqSMsHliQLdRdzcbJV
0/LhP39/+69/aH3781/d/uLfvv3F71sFSlXtFiF5Gf8gWIa9yBqmm/mesKMI+CQZifMFqigX
d9DVVtE0YbS73znq6fwsluvtG3CH3Jer02BX2opfyCw9KuYYPjyRJHHrwnbwkuBPmWeMwYKV
utB2dnrbR09XElrSIRxMklmAwapoDFYXRvCF7gv+q0Idfogf27B8oroc6h7s56MD1L9++7e/
uv36n1sffv317T/85Yff/fXK6jA0CU+ZrkIdNkwv9sH2+FoaKfhY9xrf79YoW8jiiNjP5/At
+JQJGqdBVa2EyNGvZMrvJJLvYoJJ1D4F/+TZ9tFABBKCjlrfSAf+eyaUdCGRF44XRA3cWkOG
NJjPp+HWKInZZyLC8RYGIIQe5qeMJseojgW6vhmHoc+Ft+q1fvBlOPyhmT/86hrsebq9rSoo
D7XkwkIbsXazoWMyu9B3B7LH6/xHEIYKvy++2SkXVvlT+KvyEAoIi0GOptF1PIMvY0pRlkEt
ICHoa7Em//c///3h3//AphEGWX6URcFhu7gmtmoUF5hFFr+ERS7sr2zFrtiTL8516K+TrZ+c
MQnyVLLCnhjaKPM0ia/Nwmo1JvyQyZuDr/DMvRzx0a1IWUwF/Yb42PCEffluOQKWgJJ+Q5R9
HLb4UrAZEX6Vap38elg9PIQ4FBUV5uOBqztczFgOBNUj+MERxMcBUaQ+i47wHyAuriPD3m8R
C/f84rOXrQvIzZIr6N1MZy4Uy6VmQ1DyfotNmQOYFDUYSpja3gI6s3Z6ejQzPx6nDF1XXtdn
gi0ySixJVTJKpnwCjLQk8Feq6P0WNWFuck4bsm5C74rYt9hvDu9ey2gdpdAgrFuVwkQJm6We
YSaL/0DVfRPEUTbBfxbpkz2cJOFRU+bMkY4IAa/mIu+3bv/+b25/+dvb337T+vC7/2jd/uPX
fhkYqCXibdcU3fyV1cLiPhSVHd5DPdMQJ4pXebgSsyV+v0UDfLRUx/zD4k0ZK6ELG7dWua34
9dFUTfIX8ZirPTnN9KOpqvp1LZNbaqqoEhFb9ZuvP/zTN77mSvDl+2iv6jIgirduovF1SM/2
KO6g1FtybJvFt4d8HjPj1a6qH4OJqTIYWaQIBM83OK+cLvhFcK0+lZ483dmXsaXwi/z4vKhm
WqCRsMhrrqgePZ3NJ0EWZc7ZUf2AM3sRHXtKcLLf73fEumKjOFDiPkug8HgTjusVfXTGDwY7
/T1RpxHT1Oo4kKh0+Lo3fGh+Fp6wvUGH7SvzG1cq9GiBg8MSdmlT0+3//svtz7+xSBZnkI7t
0dFud6CXjmWQ/r1KHCBFksUPWIVGSV4vYSiygyJ4LK4trXIMuW1A7b450ASwj//xOZbyCbEa
rJWnxbXVyyPSJmef/L8AAAAA//8DAFBLAwQUAAYACAAAACEApKrEXSkCAACSBAAAEAAIAWRv
Y1Byb3BzL2FwcC54bWwgogQBKKAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAACkVMuO0zAU3SPxD1FWsGjdljKtqluPUEdoRmKYSk1n1sa5aS0c27Ldasq3sGAL
vwYfwU3SZlJALKCr+8q5x8fHhcvHUid79EFZM0+H/UGaoJE2V2YzT9fZ2940TUIUJhfaGpyn
BwzpJX/+DJbeOvRRYUgIwoR5uo3RzRgLcoulCH1qG+oU1pciUuo3zBaFknhl5a5EE9loMLhg
+BjR5Jj3XAuYNoizffxX0NzKil+4zw6OCHPIsHRaROTvKzoaWFuAzEahM1UiH02p3mawFBsM
fAysCeDB+jzw4WA6AdbEsNgKL2Qk+fgFnQZYpwBvnNNKikjK8lslvQ22iMldrUFSAQDrjgDp
skK58yoeOEF1U3inDHF5PQTWRETOi40XbkuMaoptCispNC7o+LwQOiCwpwJco6iudikUUYZ9
nO1RRuuToD7R5Y7T5IMIWIk2T/fCK2EiiVeNNUkdaxei5z++fP7+7SswajaFOuzOdWM15sSd
Zin462CDlamoifj/YlcAzQFp6fnR6w3hriAd4x+UGHWVqDk1OnSOegzPOXb67eJfVt0KQ8by
/CZb9zJgpxQWtnTCHPiNIT+Z2jZCJxlqlLYsd+ZopWRtyFDJC/r8Jfnt+FFlkI9h7TJ7Vbn8
ePHnxY5bH1TcrpyQ5KnJaPKq69tOC1Zkb8zJiCfApwJck0m8rraS580G89PM743qJdw3fzFk
1v6AfrX1TzV6Ye3b5z8BAAD//wMAUEsBAi0AFAAGAAgAAAAhAN3dwYHtAQAATgkAABMAAAAA
AAAAAAAAAAAAAAAAAFtDb250ZW50X1R5cGVzXS54bWxQSwECLQAUAAYACAAAACEAmVV+BQQB
AADhAgAACwAAAAAAAAAAAAAAAAAmBAAAX3JlbHMvLnJlbHNQSwECLQAUAAYACAAAACEALFiy
DlgCAAAIDQAAHAAAAAAAAAAAAAAAAABbBwAAd29yZC9fcmVscy9kb2N1bWVudC54bWwucmVs
c1BLAQItABQABgAIAAAAIQD3UXw2TC8AAC5dAQARAAAAAAAAAAAAAAAAAPUKAAB3b3JkL2Rv
Y3VtZW50LnhtbFBLAQItABQABgAIAAAAIQASy1Sb/QYAAHkqAAAQAAAAAAAAAAAAAAAAAHA6
AAB3b3JkL2Zvb3RlcjEueG1sUEsBAi0AFAAGAAgAAAAhAGkVILDDAQAAmgUAABIAAAAAAAAA
AAAAAAAAm0EAAHdvcmQvZm9vdG5vdGVzLnhtbFBLAQItABQABgAIAAAAIQCMGA7ouQIAAGAI
AAAQAAAAAAAAAAAAAAAAAI5DAAB3b3JkL2hlYWRlcjEueG1sUEsBAi0AFAAGAAgAAAAhAN26
vkHoAAAAiwIAABsAAAAAAAAAAAAAAAAAdUYAAHdvcmQvX3JlbHMvZm9vdGVyMS54bWwucmVs
c1BLAQItABQABgAIAAAAIQBOXb9swwEAAJQFAAARAAAAAAAAAAAAAAAAAJZHAAB3b3JkL2Vu
ZG5vdGVzLnhtbFBLAQItAAoAAAAAAAAAIQDbr6KLQxcAAEMXAAAVAAAAAAAAAAAAAAAAAIhJ
AAB3b3JkL21lZGlhL2ltYWdlMS5wbmdQSwECLQAUAAYACAAAACEAlrWt4pYGAABQGwAAFQAA
AAAAAAAAAAAAAAD+YAAAd29yZC90aGVtZS90aGVtZTEueG1sUEsBAi0AFAAGAAgAAAAhAC6g
IIs8CQAADx4AABEAAAAAAAAAAAAAAAAAx2cAAHdvcmQvc2V0dGluZ3MueG1sUEsBAi0AFAAG
AAgAAAAhAFhxujTPGAAAeLcAAA8AAAAAAAAAAAAAAAAAMnEAAHdvcmQvc3R5bGVzLnhtbFBL
AQItABQABgAIAAAAIQAg+V/wXREAALXdAAASAAAAAAAAAAAAAAAAAC6KAAB3b3JkL251bWJl
cmluZy54bWxQSwECLQAUAAYACAAAACEAhIY9WHkBAAAABAAAEwAAAAAAAAAAAAAAAAC7mwAA
ZG9jUHJvcHMvY3VzdG9tLnhtbFBLAQItABQABgAIAAAAIQB0Pzl6wgAAACgBAAAeAAAAAAAA
AAAAAAAAAG2eAABjdXN0b21YbWwvX3JlbHMvaXRlbTEueG1sLnJlbHNQSwECLQAUAAYACAAA
ACEAvCKGuuAAAABVAQAAGAAAAAAAAAAAAAAAAABzoAAAY3VzdG9tWG1sL2l0ZW1Qcm9wczEu
eG1sUEsBAi0AFAAGAAgAAAAhAG+laUScAwAAXw4AABIAAAAAAAAAAAAAAAAAsaEAAHdvcmQv
Zm9udFRhYmxlLnhtbFBLAQItABQABgAIAAAAIQAUEctJXwEAAKsCAAARAAAAAAAAAAAAAAAA
AH2lAABkb2NQcm9wcy9jb3JlLnhtbFBLAQItABQABgAIAAAAIQCpyFyqjAAAANoAAAATAAAA
AAAAAAAAAAAAABOoAABjdXN0b21YbWwvaXRlbTEueG1sUEsBAi0AFAAGAAgAAAAhAE56Gwfy
BQAAHGMAABQAAAAAAAAAAAAAAAAA+KgAAHdvcmQvd2ViU2V0dGluZ3MueG1sUEsBAi0AFAAG
AAgAAAAhABxsNwJcGQAAaboAABoAAAAAAAAAAAAAAAAAHK8AAHdvcmQvc3R5bGVzV2l0aEVm
ZmVjdHMueG1sUEsBAi0AFAAGAAgAAAAhAKSqxF0pAgAAkgQAABAAAAAAAAAAAAAAAAAAsMgA
AGRvY1Byb3BzL2FwcC54bWxQSwUGAAAAABcAFwDkBQAAD8wAAAAA
--------------030709060406040307040302
Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document;
 name="T13-SG13-C-0426!!MSW-E.docx"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="T13-SG13-C-0426!!MSW-E.docx"

UEsDBBQABgAIAAAAIQDd3cGB7QEAAE4JAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIo
oAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0lk2P0zAQhu9I/IfIV5S4ywEh1HQPsBxh
JYrg6tqTxiL+kD3d3f57xkkbdXezTZbQS6TYmfd9PPZ4srx+ME12ByFqZ0t2VSxYBlY6pe22
ZD/XX/OPLIsorBKNs1CyPUR2vXr7Zrnee4gZRdtYshrRf+I8yhqMiIXzYGmmcsEIpNew5V7I
P2IL/P1i8YFLZxEs5pg02Gr5BSqxazC7eaDhjsTbLcs+d98lq5Jpk+LTOB+MCNDEJyHC+0ZL
gbQ2fmfVE678wFRQZPtNrLWP7wj8BYc085jp1OAQ952SGbSC7FYE/CYMkfN7FxRXTu4Mrbo4
LzPA6apKS+jjk5oPTkKMtEumKfoZI7Q98g9xyF1EZ36bhmsEcxucj1ezcXrRpAcBNfQ5HGJo
c2F3ZgOB6Ge7P0tGL30uES1ExH0D8f8TdLoT7X9prG+qCiTVyfjBMDFP6EVncRI77gaIlO8p
Jo+rNx87ffGgPIpwD5sfF6M4ER8FqZxD6/ASe99Lj0KAVRdiOCqPItQgFIT5N8CzGuyER/1T
si7i3wlP8Le4FpsGJlTeK4uios7VSo9CILVM4O1z/k60MucsqVW01z614PAPyz52zBSdUw+a
cN/3jtQrZ+cZ0g+CAvVa765HzbbvZAbMefs3tPoLAAD//wMAUEsDBBQABgAIAAAAIQCZVX4F
BAEAAOECAAALAAgCX3JlbHMvLnJlbHMgogQCKKAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAArJLPSsNAEMbvgu+wzL2ZtIqINOlFhN5E4gMMu9MkmP3D7lTbt3ctiAZq0oPHnfnmm998
7HpzsIN655h67ypYFiUodtqb3rUVvDZPi3tQScgZGrzjCo6cYFNfX61feCDJQ6nrQ1LZxaUK
OpHwgJh0x5ZS4QO73Nn5aEnyM7YYSL9Ry7gqyzuMvz2gHnmqrakgbs0NqOYY8uZ5b7/b9Zof
vd5bdnJmBfJB2Bk2ixAzW5Q+X6Maii1LBcbr51xOSCEUGRvwPNHqcqK/r0XLQoaEUPvI0zxf
iimg5eVA8xGNFT/pfPhoMEd0ynaK5vY/afQ+ibcz8Zw030g4+pj1JwAAAP//AwBQSwMEFAAG
AAgAAAAhAAspwUGYAQAAXAcAABwACAF3b3JkL19yZWxzL2RvY3VtZW50LnhtbC5yZWxzIKIE
ASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArJVNT8MwDIbv
SPyHKneadcD40DougMQViuCape4a0SRV4gH793grdB0b4ZJLJb9R7bdPY3t686mb5B2cV9bk
LEtHLAEjbanMImfPxf3JJUs8ClOKxhrI2Qo8u5kdH00foRFIL/latT6hLMbnrEZsrzn3sgYt
fGpbMHRSWacFUugWvBXyTSyAj0ejCXfDHGy2kzN5KHPmHkqqX6xaqvx/bltVSsKtlUsNBg+U
4GBKY5E+ISmEWwDm7EdJySfjhy1kpzE9ILGBrYFNyDfPLGQiqgePq2ZIoYtD5S9iIqisxV//
oZdCJrJxXBcGCzFvBj+jst9SyEVUE2ap5+Co27Y3opdCJrKYJOTSo9Wv1AF9X6Qp71WuEHTw
ck5iuvmA+RMgEpNBnw7EIJaoXNaXEtwWShcHSZzHJOH3MPwoQQY0w+ONzBpEOWTQxUEGZ3/U
10o6622FqbSad9N6PaUvdhcB76bRi8L6rqpA4uAa7B2FQFz94ePAWvp/dShNa4sSfu8NDaUS
fCNmaUvtS7uD7+zE2RcAAAD//wMAUEsDBBQABgAIAAAAIQDvSh8ocRkAAIeyAAARAAAAd29y
ZC9kb2N1bWVudC54bWzsXdty20iSfd+I/QcEHza6I2yLFC+S6BEnJIpyK0a2tZK8G7MvGyBY
FDECURhcRMtP+w/7h/Mlc7KqAAJggQRFEmRPuyPaAnEpZOU9s7ISf/rz96ljvDA/sLl7Xmt8
qNcM5lp8ZLtP57Vvj9fvT2tGEJruyHS4y85rryyo/bn37//2p1l3xK1oytzQwBBu0J151nlt
EoZe9+gosCZsagYfprbl84CPww8Wnx7x8di22NGM+6Oj43qjLo48n1ssCPC+vum+mEFNDTdd
HI17zMW7xtyfmmHwgftPR1PTf4689xjdM0N7aDt2+Iqx6514GH5ei3y3qwB6nwBEj3QlQOpP
/IS/MAvNe+WTVwoD4o1HPnMAA3eDie3Np/HW0TDFSQzSy7JJvEyd+L6Z12gtvC+ZchkaXPnm
DKSYD7gwnAYZI/nQ1JF4IPrOqZofsVFfNhlFERoigaEMCNl3xpBMTdtNhnkbatLIhURswt+f
fB55CTievdloN+5zMhYJ5hqQ1TtC8tJTC9YaYEF0Hyamx2rG1OrePLncN4cOIJo1WgZxZK0H
ZTHko1f6Gw4d9efOVwf/bcy6s/Pa2dlxs4bD8NXDw6PvZu1I3XBrvvIoTC6N7e9slFzsM8f5
bIqxHDamuzBW+0Qzkm8/TYqvHwnYUqMB0lvOnzHgi+mc1+r4jwYd234Q3nO8RPx0zPQvcbHP
nWgKZZpcz5xw+W+XUKfqssv/K/6F2UoYEsR88u0RoeAJfzGGnFqj1TiRk8+chs7TnG02O7rT
rVPd2UbjuKEdo9Wm0xK4GKbQBziwGqN7Qk2/1aw3zwg94tQddGhyUhDRl5OyTDd88KCk1Xjq
dGiJmyw1c0txhJgqxsxxxMtn5j8xnBd08RnMkx/GEKoxvBiUFCDxqQx08ckrNjYjJ1y8/S51
iqAcgifI6jzQW/G0nZDSnIJvb9yA+eEtf+ISlbrbG4QoV9w+cqMp/bK4c02MdV47Vj9vwVj0
SwiBbhRxoxolJIkzo+KbhWTJm//3E780refsvQN3lMwl88b5haZ8wsd9eiIrYg7F8y6/8zkf
i+PgB54RxGp25CCO6T7hHMMcLwLbPK/9mLzvf6Fr4DI1jrIqwLnXtV3HdpkxsoPwEfSoiaPL
5Og2OSJuBAKhdbqma024fwPydJpn153mBekEusBGdkinT1qXg+vTfof0k9dl30PyZazvuHDS
aB+3a4b1el47bZ7GooV7xmNmhQN5J3RC46zexutAJ/wLnj8Tjw3pJ03cIxfpzjeIRUBzif47
2wojnxk4MWKBhafsMHrPHanRvK715eWTb3oT27r2wSIkEiY0wPzMLbeeA+UkAXM5vb/aPEuj
6PL+BERgF4GHKRF8AvnL37/pW1NTuTJD04j8RSO4egKexCDIhqMu/ldg4egN6MiO5r7c2UKF
4DSRQlEP5C1BvfgZOYJJoEliLSLbSE75Pp9NmDmCBZY0yI5yRD8zUA0d27u2HZhRs0vHht9l
0yEDj4HZz4iMZjfwrXuQVR6HPgutCZ0e4zF1/gg3xRfEO+bD0hsDDzMfzj7zEXSaGYUc2Da7
38f+lP7CSzMgJ8AKJETwuknys0R48Lr4YQ9q7hPjU4MOADTgFIObL7eBsAtAnLqF3uVymqyY
ieMa5CeQkOWuTO2Q+YZjTyGwZKgVTIRXKDDxcGjajjwGLI4LTRPPUx3iJ44SWSMGTf/GcaKI
6Lib6CdSWeKMJ/6NjRkZizBv0tqNjtD+OZNGpvzBMzE/qSdbShXGz+/OnIHOBKjSuXNNfSxQ
GGtj/I1vXKX+i4YAMno3Xx4H918uHm++frm4NR4Ht4P+18+fv3256YtzBo6+fhGOhsBkaaw2
m3BRAFgGq4C5MvR5D+Grk7gkCAth1ofMF1ZAg9tTRV6B9RRu9ZTI3E1oBNKMRtP4x//9v9E3
WscdcTQoxhthQlB5c6eNRvqNKUdamvR24h0qJooFYB1vDiJaCb10jlSLWEc5UiMzRBxT2h+b
e0fKfnZL6IBWvQXNCUxmA528DlD+1n693VjqJS2HIBM84H4g/qYkXbh1IGCeoTHLEr7iqgGJ
5xeURYbd8ZptvWroi8mFvYfHiy9XF/dXN/8jldPDoP/49T7zWhJdwkhl6nlqOk7f9BbwvwNl
TU4V3ADTggPgIchi/gurASnfrv5q3A3ub75eGRlcgAR69ZWBjUiJ1F/zPf7pZJ6XuBRKgMYp
UCKtVgepvZWyI8ImMZZk3J0T6G8WgJLxKCnHjOIvlJqMYqf5K1ucwmO5ZwmrX62Qw+QYhN1i
xBJOdmYKTmRaQbwjVv6SlvGvMoG9FD/rEilApKXp+SEPQ/iLCsGUKnaEkg5+wGcWYbDiU6FW
EUpzRFXCacVYgguSwcSvXfOEzsgI/0QZGe5T/PsmMxM7hjsyM79/3McyJGlcKD5agwXmKIPX
NVQQ6bGE97bKyBCGC8d+SiIGC8kL6XCWZPHSCS+F0f1ruAHk3g4mBnedV42Gq8AM7x8HX5HE
tl3T6RoKGxpECAaQim9nqr6JDLtSriu8/g7S1QdosBXUaQUBvOX8V50iF+6HUuRTxkKxWlY6
YEhnjQVe1EhDJ2KeTUs66aFEqgD2TOaCVXI+Bmoee4gAbE0XOJ4suQ7/GSGHjoXLX4Jfu8X8
RLpMa83FIkOexCW10Ga5eB9v1ccXYa9xcrTMESqcTeusVcbDFNFZJZMs1r94vbhIf5Wjcyhi
X7CYl49xYzNcWaJmrsHnBlOJPcyzcH9kNAqcllAGKI5IUgehHUq3dL6WE/ujUn5FIEROgFxA
msuvWhRZvKAW+orZfIkWI8GW0dqn+6/f7pKE0dcvj/c3l98oB0e5o2J5J+b+aT9G+fW/Ygez
HMuIVVKl9QMe+VYu31RS54vYcQOd/yBe/RZ1f9qk6howx/L0VRyp7F60i8UDqdIJvCXjkTkM
9T7v/pWYnQzYbkILEny1brHzvAkF7vCgwE7mGPELxfNxvkgJWqwV055TQyhWJURC78ZSoxbR
458rHCexWraBED2Syt+1DP1RCL1EjPW5SBQYeDwwHcMcUnnQkLlsbIeBwcfGpf1kiBVm281n
KVGZxscDn94mNRgWwB1HcBdFNMu4Iez99QNGxhqB+d5nfw+DjD6BE6YdGnZehUoaJy3m7rkz
kKv4mF8A06uIS5ZQZWSzXj85bV2SWk75w42LxuXFRXIyFfFnbxcmTp0iDCjJm8vmkKHmEnlg
5cEor8O/5i7QnS7j+Gw6T5FrfOIh6hckOocCqQsFH8/8/V/u1YQyjha0D/CEf+K54LX11uBk
0BTOVmp67WbjcjAvOkpNL3u7mJ46lZpeds3uxh1zVGtImLF6J/NHtvNCZVcisasmj2s3VCsj
zsV55uQBFOKIlCX+xvdYqMzxiQhgVui3VkOZ7tQtVLiW3NHuJKG1GqwY3w/29CFylyJ6obKG
ECxn5wOoRXwKGVA3LFJYvRFPwrJi+T4u4VkPBshe72KIAgTTCjNCVJ76g+OTM7mOJqawRerv
hIa2KLAiQpMYAX2iVPAWVU0lxCpN5gVJKiRweVxenLYHzWuC6l8dl4+oSwfGpzaqVAeq+kyy
bnm8AkulZESv+BbIBVnQ27fHiR0YFnSsbw8jys/kTVkiv6Qim6edTv2kVgqyAuldjQKSW1g5
aDKWN37V4OQgUKAnVzhhS6Fr47/jfgUEih2hjGIF08biTdxycXLcP6EyKpx/o64vxS16VC3F
U2WMzMfLMNS6brcGg4PEUFXE68HZ/Z2iaB0m2lRPi0BjGZ6qkny9sJlYLnoNbSvYmtSVR1gv
ZNbExYL8k71oMNL6aB16bWK99CgysCFjKXYqk7jgNQjZdBkzVYWpXpBNl/00ILn9CQVeGxw2
7IphPmW1yCVIUhGmh40vltwheBjMhuTI2GbOiFImh8ByBcJ5Q5UNLgtJSpeBWZWQFoAZyiTz
NHIVlfOwLnO2tHHJJoqu9yHz+vKx4KBTv7ju/4wFgfw4t6HZnhQnUcrjdXcxdpJ8+kNlqxQ+
lwnVeW172aorO7AibFPn7mq5uuy3mx1t3jV7RSQm1SmaR5yWKwjItDqipC8W8+uK3IX2FZuo
Ib2uTGwiEhxDWpkjY2katBXNNh37BxsZEx4aUPvTD4WmUpaOtDuty/710jBNO6mSeKOEx4oo
6KzfvLp+AwTbR6vxH+bU+2hcI69ViDUK/usX9WskzpeJjhZnm0Dcu8rITcqbrIqOelakbYh5
yKpFjM/GqHM2Qi7cxSRgejVmWEOZIAEYOSNISR5IECOdu9+5GOjRZwivFvIK8GldzAgYLQlN
kCA0AgiyIST8lSO+CuEMm7JDBy3RQeqnVMlpRAEepx4hMxPbYkPOnbVSi1vn1IKJ/hJEoIa5
GEUTt4S9uPkHliMJD0MTGVIRVmKT73PIPWqiEmL7MuLwoxc7iEjNiVigiK4kqMf144v2VbWC
WjD9mEB5cKuVlV/zrz8QKQD3W6ZH+7rfLWiTGMR9EbQXhFi83TfiegvZhEo5p4irsTRrTd4Z
wQS6ZwHCmHL7tVALDHUAiBM5Raj4fXOVnqy6bF6lSOuRhi/Czd70gJmHqFqckF+fh+BAJIxc
E+G9zGwUrrgIRULuMNHGyEBTL488lNCessVgpFoU9g8Tf5HvY/cRXDmK6/IgVouhA44yyB2G
Swgf1zSm/EXkh000MgoNH7sB6efYxy5H0xizmTHiP5hLAbA5fA3xGByMqem+5rGrrzjTFbPt
Tet4eYaoWuZ7hVpnbzjJ1jztIRbu5W2BnpFU6WIKwH2hTG/o8+KQlDhU5bH1pHQinBXmQ5gO
uT85iYbXz8OnStkOIV+YlddUurKocEQbkZfPt+lJPfiO3JYDTQhcF2kUYs59ZON6l0UQST7c
F8401jgm5r5QpSduibxlVZjsCUEOsDvM9G0eGBBpl8/MkflKx5YTjdDmhw0NlDQEH43765ur
j8h5uQH3DSxRog3pM04HnPLYiyfE2L+MIkpziXyYulGc99kLGkdSnd+v74xkzTOkvloU0KA4
WXTbxfDJxUCEr4BrxL7DgfiIJISD/BOjXlcGGmuhhQJuRzrY5y6fvr4zzHDKA2+C1WnLCCwb
nX6RsHhiuIi81DtjaPMnxql3L5YwHfGbSjfEMcGAsm50mEDmDpL4naA6wrRRBsx8dOazbKxv
A2uvcuTQRrNfACFh/GhMqTevuBqhkwhaeqE/H/tovGCtnMMrsiZ2kRDty+b0XoogqowZVQ4x
4Nj0XsKQZM3FfQbMWPJT1kWVkqgrf4DVqN5jEUWJx96qpoE/XS38BvWRKwt/Kw2q9DpblgFD
y8X1wAtmeRmQq5ZmN0AeBfPLyFyiGk/rwWxC5l5RTe6ecBTvkcrjqRQ4m7pyV7o1t1g9kSCW
oNAO+ae4XnLL2FlaHFnqXZuwpF6qhashixAXVuHSJGpdNNv146UrUzsk0VL5LgHa9uUbbuLy
vYFJaEoMXm93Gq3lteXbB7GE/5DdN6f8h6yXcJ/yH7K3F2yzm9kjPuvTLhbRwTy9lW7lRivs
8JKbc1J75XLb6Rpnqi1K8S3t08Udd7lRzk6TJpZqzx3HNzHGDp/dRa7oo4sNyuiC+0D98K4G
QgPOf3+Rv0d/i4Lwntq/3YieszPRPo8Se2j6kOygxA/qZX1ea8rWZfTjPqJ++XHHsll33qUC
rc8mCgUIBETHJ/HJDbX/cP7I+sH4UEAd915cbXDjEqLyJW+ds1azvZNSwj9myZvC5yamQRJ9
NbGppOFO7a/OOAla6vdbnQHqFGIDkVIR2StCRahTNAtV8PZTRRyqilCdXlfzS6wcUqliGX2W
2K6wjqkrr67AwXoXB69b8B+WidTOwCsMCmI5OlQMxtEDOfIZ5QDq7wWTekLH+bo8iIeD3l62
d8iBoS+DtzJ6X/Jr5/j4uj9vRZEyBtkrBcYg25bhFiVzd6Zvig9gSEdoibUo7xbEjceSJ376
osoxzfuisnFB0q0AXw3x0cZCNcOoxFHdwPoojltbKUnXWPy7+u2qRlyu+CEbpj5nJ0JpWSgV
l7lnJGrBVL4VWBBOl39cw9XT609KPlP/AURCWCKwmOFx5PoXbGdWnb51EutiXA/yksXBjHJa
myF2hWMXtR674YrtINRGWxz62uKy7hObYXZNOB2sZt0zLHj5bHRnPrFLn5nPYoxwnk97lWXp
crPlbtC7OUP0ChNslSI0zO0U3JpaEkQppT31smx85tgtwJLVzsXK6m1JcSkge8mqK5QMVQk+
7ZJ+5UBC4XJmpRlAvcOn0Z6w0OpgB9UUi7uMPnQ6ZWgzmZeDarEHSEKLqt/yYGzRfJRCWgGz
5cGqFju0bO8iwZeH4kCQA/OPSkRhBNIGIbVXKbW5PT+HajG5d6HU89eelZceKF2dfNUc1wsn
KBFJ22vZ88p2o/0yEo+C3GcGDscy7hczShscqiZ3qKh6wamuVAvpxY3Ku6ZsWQHjFhy/DWwg
VaF9MPoOj0aixgu1aFi7yvNarCBoHbPTP2mezDtw7hd8RN5UTGZI+ouSOtr5hhhBROJUtSZn
5OEz7RTVLG7ljOe234kANioOhFacmug48CLhH+HAX7LlKkWPSnldFEwWMcl+Ebm4XScm8N6Q
9VsRplIQxUDuF3kR5AYVpKI0VFaFyFADC/ioX52hgLOMaqiUFfVqd7hoDGIM7xHpPQuJi7DQ
hqYgqxSFvdHvhkEPjv16ew/fehOfR08TUVqO7WIwfVQs8o5KNFVSGiXg1A4wQEZaFHR72NZY
ohGBMvSVsqJemstQPRbvqhRoT+3/KSE6h4BB2mZYAtSqsVhA75E9Rn8UsDFyXfS1lGKvjXTm
ZbtxWW8trUtcZz1/A2/6EIJrPUrhW9K+jMhBp5ahaT3Hm1GW8cTh4BXfon2xEZwXKoLKpH5J
ziuWnX2x5E7XFkoJRW5VoXz5wGW9PTgTX0vN96LPXpHbVeTNpFVVLdnP8oHDKmXdf/lA2XXw
VAnbtqx02VeLCoIi9Sv1mWL+tSFbc3m1oGYOO0lFQiUP49rgQDHupFYhpYtXGIb9IlLEzaLl
IfaAwg4/s1djjI+gcHSAO1jkrqyqqAqntFiA1CRaaFA2j+HLX0iKuSzQNTA+GNY0xJeZPd+O
O8Jx/8l0VdBVuFxFnsPgGDtFWklZdbWKIGfAt1mbuHFlwK4kpZRno3eqr5G0ZbJHwTvqg0O1
sfNYWzZxnDDHg+dNu7NVx0fq/kI8jTIgfIIX+V7/GWfSa6wURkzNZ2b8PbLhqsNv99BgfEWb
uVarc3FV8f4iPVp0UdC2JHMDaglKbMxF5fmYFNfGryuwnRugIaOa0JIgD2IcxmxB82wA5Yi9
MAcdNKek+E3LilCKINdEGFIDFtkAJTm0XkUfFQsZfW+icDqkW/chIugWc5gYpgQh1s6KgNsb
vkDPIpj2y5LosWHZ1AzcCCLP435h5ndfqNNr48UqlKolvPcxQ9DyaYHsRrLMLlRp7NRMfu4q
UFtDD3uH6/7TAqsN0r4TAss/vqUNDtTJbXlYa+Qv9ApHeMEZid9PHNETcbfwo4fIZVgTdFyE
g0DtPuViGQsnHN/BEd42M13RZkw0SMq2McpPJVafqWhtW7hfzZ+UNcpu6k9VqBFEOZ0pTWZq
+21BsqfQb5IDvNVzWsNbvkHrS0RFqDmlaimiGGWf3uGkXN/E0rnznhqywid0bSRPNI5CpXTQ
cz+xUxHHVIXLAsjoy7vPuvKuA0Abkf4w0RbXYw3ZxKRFKB9l9jvNi5ZSAnoSr0zaaeT4nwIA
AAD//+xXYU/bMBD9K1Y+s9G0oUC0VEKlm5AYioA/4CaXxJtrW7bTEn79znYKpQNUVCQmjW/O
+c5+fr5753yXwhqySoEae2YYvW1gAVm0YELqWW+LDiffVimnot5wzKL75sv0ys0drlKda+dj
yd2Cp0bRAtdQGgzoJUQTY9uyI87PBm/n6wP6OL0TDNy9YcJm0Rrs3sDk/BcUeP69oe3O0EQK
YhsgF8KCFmD33vr9WTkgVCneMbzvbXS4mTasvM51Fg0GSTI+O59F/jZDAux2kbuz9Xw+YXY+
B+7NON6fOirKf5QzKijvDDMHRMMSKHcEujzUULecamY7Iiu0oB19Xrp3d+vxLDk6OX77re/D
9sTIglFOTMFAFEAKKQreGiaFeQnqx6YowUx4CdlHkfh8MRElOUNaDZLa8pLMgSgtlTTw6gGm
yXh2dB49FYTe+Eor+Po0tbAlKOet1us4bsYnw7NZvLX0lvEcKtpy7AXb7vmGya8chEnd2I4D
7rKkPIsumbE51bTWVDWhi/wGUFdwZ702uY9LJsD4L9EuwiKML/l6iUEIw7mLcm2LR307fIhw
rdBV2iqdQyU1dsVh0kcylIpVWjFtrNtq2lBtEHtYVrYWKxQuH/eLw0TfMOce2JIKZpod1dRR
7Y7xSfkn5f9Plht83+UaC80/Wza0YW0KbeKputxgkHOdJqPB6NR3ugZoCfoaKtC+AeFTtlNY
zmXQoYjolJVZpC/KuC/hSkp84f0d4St+07+vbFXf3COoVRbF8eng2Mlfg+PxyVowVP2TupNY
qdCexN5Fs7pBrHE8SlzEXForF4/THKqN2XCILDoeDpxzQPjwWbcWAT9IUCG5+zHoH/MuxAuN
ZZZDXvtxKYsfmjkZc2KVM1sg4tFw7DxRZgL3fjiXZecHGNIuQNjJHwAAAP//AwBQSwMEFAAG
AAgAAAAhAM9qijiZCgAAam0AABAAAAB3b3JkL2Zvb3RlcjEueG1s7B3bcuK48n2rzj+o/Hom
BAi5URt2CUNmU7WzlUqYM3UehRHBO8ZyySIk87S/sb+3X7Ktm7GMcWwCGWfGU1MBbLnV6nu3
ZOnnXx7nPnogLPJocOG0Gk0HkcClEy+4v3A+ja4OzhwUcRxMsE8DcuE8kcj5pfefn35edqec
IXg6iLrL0L1wZpyH3cPDyJ2ROY4ac89lNKJT3nDp/JBOp55LDpeUTQ7bzVZTfgsZdUkUQVcD
HDzgyNHg5uvQaEgC6GtK2RzzqEHZ/eEcsy+L8ACgh5h7Y8/3+BPAbp4YMPTCWbCgqxE6iBES
j3QVQvrDPMHWRpHRr3ryPXUXcxJw2eMhIz7gQINo5oWrYWwLDYY4Myg95A3iYe6bdsuw1Vnr
Lx5yER68Z3gJrFgBXAOXQYyJemjuKzoI/q64mobYauYNRnNEgIhxKIKC3afBZI69IAazHWmS
xAVleIl8f2B0EcbohN7LoF0HX2JYQidLYNY8kZqXHFpUCsCa6t7NcEgcNHe71/cBZXjsA0bL
VgcJiXR6YCf42NcfN0x/+YyW3eWFc37ePnLgK38K4aHJI3YORYM/Xbj2gP0LxwUNI0xdBTC/
4ye64PEDU++RTOKbA+L7H7HswSdT0Qp6OD7NgM+8+9nm+4cS4wQ00TGlXwxOTfgngE49FvFb
Cp3Inz5O/pI3B9RfzMGqxvetCwH97RLsqr4d0P+ZX0ADhUNMrg/MmwjC3MMnwFBDa520TtXg
rcudo/NOxuWj81ZbXFaQDUCw4Msu2P7JLaDRPB+eHJ+ei7HJSzdgDpvNzrB1NWiZiyN57fJ9
R9hZyUymsHRxwO9CsMGSg5z9RjSRJR/bTY1TFmsFShoKdyVMV4/c1XIihwpopeSEu5dgLMB3
yYdoCC1kb8Kj+CCTy270FXxaW34LsQsyJlnhUp/COPCCU0OSFSSBje5fANxEnPdkihc+Xyfb
jbiUIFCoxhJB/4AWQBwT8GISFUkqPXJ2RQMewW0CctSPPDwCNwqt5h4o1VBfU3wdy+fGg0h+
Rl/hIUVkyeBl18eyHwPowvk6Oxj8oUcqu4MxarSYGaLFbEFPjVd+ZwDIcK43gAFgl3eliElB
A10UPQloeaRUXQ9PO+dXQyNnt98FfdXo4a+R60zplhoLfPiOpTstpEZuBIGUfkDUQKdDJuRR
0SEKwZ7fccy4knpp2NPKMvMCUEEj6arhpr4AcG+APUs8ofvMfoeB9iu76FVEtV2h/6DOISMR
YQ/E6aFCiOyaAP+nwX00WwSFOn8NKiCbDkpj8u3FNzQNadmKja00wB4/uB4JC2YEMt/0Jqxs
Ebhg7Y3aSFEG2cdoRHwC6UyKnVtLbdZ4Uv2+s/oqwi/LtRh/s3cmXjh33vxuEWQbBXugJDj4
dPdajLtp3DbQQHAvg5JAz1xfIcO42EbGEfO3jISq5r7zdYlEB8MSrDbiaslwQnHXwrZSYlcA
F6HqoOR2VAVR1/aIwZNF3GZKQ4qhWszVvQD5/JBXWuEiHAaqYhHZCoMquZnH0sxIfJ9U7P33
7AS1muj47Pi4fXbczrAT+R7SklYjKdWyuAXkSfgWFRxWQmB6V/ixVsPiPrUAh9+SGjZbW6ph
dRLb788zDqHMW/vGEoHu21dKF3tP0exXl4+ZJ6Y1Gq6dzKqMRMfR4kM6+LrQqaKdRKIgSaSL
LyZGWC9nfh+FuAIBswgHoTi7oaoKxHp5oXPvEVhmpKrGlTu6ONYvULgAStQVXTAreqZCCI2Z
L+BmvqKu6IoJhL3nVDnSCkzJzkV/J55dcQRxziwBP1d5NZ1n6lzZ7NAAyygYwkh6l5jOFna5
aBPadc02PV2WH/XWNducud83k7rU9dvtZ7Lr+m1y2r2u3z4/VVmJctxbqd+22p0tC0f2ypv9
J2K7Fn2RKdT1W7Mcp8zcRHbomo5bazV8Jmy2plHq+i0kZFVTybp+6+Fdm11IGKvsG33ijXPK
twUqda8x556goCp4wV9R8hEfdUG5XjlbQExfoaBctdQtf8jlq8xa6ZTqib8qnKxynVWxpDU8
OeoPHDOtkij8n3ZOhv2+ubP/xeIbq185sZOweDpwr2QN97NY4G4lVZuqoVUq4t4uaFBq9bFg
g6B/3tr5hGTZb298Q8mq18KCdyjxTk3FMvu6llrXUtXKSOEDEr7AeDNrdWGeg9hDZlOvhf3R
8sVEESfl8uP6l1i1ouOqPHHcyUxtmTJer33eObaQLuLSLfUyOrd3P79rXa2a3agX7+6aw5CP
Jaokr7Heo5TuJexG++x1ir8JG6Tzpx2+9bsxkStMlaqpZF38fYXir3EglfWRS0jmWWB5ycrZ
knq1sdiMo95WQWzfUKxuZtTOCuYSwWl+pRQsdb3aWLrQ4gFzddaq5fP2h6iCJ9KVfr/TUVuw
iJrYlmXJdPBjFGQV0lR/Ee8HTFNeLhvn/BW8xvzsJJk1wLKXHW9YhfKZpKvYViKuy9AJWxfP
1xZ57dhwFrKLDf0X2TFieNnudDpmluVWWeHUxYSM2nekjOpLYhjbxvJ2wvWCXXkSuKQ3QFlx
UL8EBo4ni8zP976R4IP+6Lbx8fp6ZE+57MIy74fumaoh339Jm5HYFqscqlzl23bxr8WjHowO
3RAa+iRlTWIttKQ9Sw/XhEYSp5CI9P756+/d9fsSYe1F6JaEi7HvuYhO6w01zIZs21qrrbWm
wCulKzedElK9xLW4kD6jwQVwATtXTyL8YJMI2ZGErhBuMmeiYmI7KDuOyBPafSqTEOATe08Q
SBeNN0pgXRrBDeZ4Nzp38hbpDFt92hM4b4HS5xali8dp9fsGBXcLK+hl6iknOwPaiR2p8JRT
7WUK7WFbexkH8q1EnaMHXsa22W/By9j+vLiXKVWnTWTVdV4DirPK3Nf2dBZhYT2j+sozqgn5
3FSZy0wF9moD7zFdrtdoq5UN/GrFqG/B3rmYszTS1aJpeiesBFU3TUPGpfmVYdnnZmLKS8Df
nFepWp3WcRMOnQHsxRrqNczhNIYbNnwUpIeviWMaVoc+tNTzqf3UE6c+ZDUQWCXgqZ9xT1q7
7VMOtjvMYMOhF+IQh7sQBzBwWY0+ElGCoFSRMw7kVIfeYjzriAModKsjMSRoeyL/+WfHlHM6
N4iVfdrQfYuupaQkx+/u6oAPBUjCV2+6WC9Z5MmgEczE9JHdXE4fJQqbBQOXVXbUOksGiICj
hhDXeNZ0QkvnpolnGyDIVK/POZysAgcWld7QdBOaADU7/0GjmRch+B9QjjBSFXt5WBKa4wlB
+AG2cBSnxiBOEYfJDdXiHRrDSS9pg2uI/3IKgKLB2QGEBdhH16NPByNkTnQq22d5ioiOgwmZ
IBr4TwhOA0GLiKDxkxz+RzIfE4bgzSVOIjGzAdgBMZ40lnfE5fCAahUhOEAG9aOIup5o/k7+
BiJ6DMFBAyG09R6IOL9rOpW34OQToDWc0gMwgCmB6BHaQhfQHo6wApzgOKUvDXTNUTTDvi+5
NibrrFJdAd4TwE38eEIUgDEUwnkscBAWAiSFiHEPRrH0+Ewc3CPZyzy4tWSeEEHkQlNopsd5
MGpY1BeyL1OlhL8QOqsOFLJUtj/sXJ6ujg+xBMRITUJl7eZ7UtkYfTgprfcvAAAA//8DAFBL
AwQUAAYACAAAACEAv30vlIwCAADsCAAAEAAAAHdvcmQvaGVhZGVyMS54bWzEVk1v2kAQvVfq
f1jtsRLYEJS2VkyUEieNVBRE6KFSL4s9xla8H9pdcLjlP/Qf9pd0bGMHCkkhKOrFXo09772Z
ebv22fkDz8gCtEml8Gmn7VICIpRRKmY+/T65an2ixFgmIpZJAT5dgqHn/ffvznIviTTBbGG8
XIU+TaxVnuOYMAHOTJunoZZGxrYdSu7IOE5DcHKpI6frdtxypbQMwRikGjCxYIau4Pg2mlQg
kCuWmjNr2lLPHM70/Vy1EF0xm07TLLVLxHZPaxjp07kW3kpQqxFUpHiVoNWtztBbVezgrTIv
ZTjnIGzJ6GjIUIMUJknVUxmvRcMSk1rS4qUiFjyr38tVp7fF15S8zwwuNctxFE+AW3A7mhFV
STyr+lDM92mqfyN23JeKWU2kgGg07CNhk7NWwlkqGpjXtWa9ubgZjvH3tZZz1chR6XFoN+K+
wSr25AHK3NNy562XZg4C2Nq6dwlTQAkPvZuZkJpNM1SUd3qkcCTt4zmhSO7h+RKNfeq6F0Hv
y8eA1qERbjnXHfRO3JPPTfASYjbP7PaT0VqoRB7p8nZnlxkg5IJlPv0KLAJNnf6Zg9zVG3on
X5FrizPHM4qFKFtpMKAXQPstUmTbEqPkeB4hzqJBwornq9VkqRBrCjN0YKXiHwipMFZP4OEZ
LWR0cR0Q8vMDGQbj6+Dqdjy8mJT6msQjdBpQTDMLG1KLzuiqdUKOtJTxqpAqZvvdY9sDItpg
PHRApLWhoBh1aYUaZ80pdehNvZaXHsLzE9lYbAF93e25+7rw7T10N/nxLRgHV4Tgl0vM+RQ0
+c8eGtwOSeeE/H78RQak1z0tV8HGWNGFO6dXjPqZnm0Yq7IFXvFfpf8HAAD//wMAUEsDBBQA
BgAIAAAAIQBxqhyKwgEAAJQFAAARAAAAd29yZC9lbmRub3Rlcy54bWyklN9PwyAQx99N/B8a
3jeoLsY060x00fjqjz8AKV2J5Y4AXd1/L+3abq7Lou6FUuA+9z2Ou/ndly6jtbROIaQknjIS
SRCYKVil5P3tcXJLIuc5ZLxEkCnZSEfuFpcX8zqRkAF66aKAAJfURqSk8N4klDpRSM3dVCth
0WHupwI1xTxXQtIabUavWMzambEopHPB3wOHNXekw+kxDY2E4CtHq7l3U7Qrqrn9rMwk0A33
6kOVym8Cm930GExJZSHpBE0GQY1JshXUfXoLO4riiN+t5RJFpSX41iO1sgwaEFyhzC6M/9JC
iEUvaX0qiLUu+3O1iWcjf0PIv8nB0vI6pGIHHOGOXEa2NdLl9h6a/O6yekiM2alguow0iEHD
byT89Nkr0VzBgPnf1exfbqiIc973k8XKDHKMOo/2DJ8DqynMPyhjN23l7Yfm/gQYle5rwY0k
kRbJ8wrQ8o8yKKrjWdS8SLLYNYuoTvzGhE0nDbfcoyVhSWUpmcTtORN+QzPKXlLC2PXs6oHd
NyfapaXMeVX6vZ2GbJthwNHFnLZrYTTtvGtTx0QIBK+gaqv29VAQO0fPUfIJbUFt304X3wAA
AP//AwBQSwMEFAAGAAgAAAAhAO4C+u7CAQAAmgUAABIAAAB3b3JkL2Zvb3Rub3Rlcy54bWyk
lN1OwjAUgO9NfIel99AOiTELg0SJxlt/HqB2HWtcz2najsnb2w02kBGicrOfrv3Od3p2Olt8
6TJaS+sUQkriMSORBIGZglVK3t8eR3ckcp5DxksEmZKNdGQxv76a1UmO6AG9dFFggEtqI1JS
eG8SSp0opOZurJWw6DD3Y4GaYp4rIWmNNqMTFrP2yVgU0rkQ8IHDmjuyw+khDY2EECtHq7l3
Y7Qrqrn9rMwo0A336kOVym8Cm912GExJZSHZCY16oWZJshXa3boVdpDFibjblUsUlZbg24jU
yjI4ILhCmX0a/6WFFItOaX0uibUuu3m1iaeDeH3Kv6nB0vI6lGIPHOBObEa2XaTL7T409d1X
9ZgYs3PJ7CrSIHqH3yj8jNmZaK6gx/xvaw43N7TEJf/3k8XK9DpGXUZ7hs+e1XTmH8zYbdt5
h6m5PwEGrftacCNJpEXyvAK0/KMMRnU8jZo/kswPTouoTvzGhK9OGm65R0vCkMpSMorbiSa8
huMoe0kJYzfTyQO7b2a0Q0uZ86r0B18atG0uPY7OZ7QdC1fTPncH1UkNgeAVVG3jvh4rsUuM
TpLP2QXhTtXNvwEAAP//AwBQSwMECgAAAAAAAAAhANuvootDFwAAQxcAABUAAAB3b3JkL21l
ZGlhL2ltYWdlMS5wbmeJUE5HDQoaCgAAAA1JSERSAAAAawAAAHgIAwAAAMIj/AsAAAMAUExU
RaLE2YeVxOzx8oq20sTW37zT3dzm6dXh5ZiEp2SOvKzK2pG61Rs3j/r6+qWyz+pnhfLF0ChE
lpajyeRUdnWlyLHN23eJu/Hz+DhTnml8tPT19sbZ4K1ojsPL4oejxs3d4mqXwe+xwNDe5J3B
2Upgp7jS4+jt71lureTr7ODo6u2Rp4Szz+Tu9N7n6uvv8LO92OLq7FV+tOQmUvKfstjj5tPY
6csqV8ja4fP09cDW37rM2t0NPefX3rbQ3O/y8+br7aS30Ja91/b3+Oc/ZqQMS+MQQPvg5l11
r5qvyy5MmlyFt0NaoTldorPG18rU3+p+l051r9bk6r5GcGMcaOLl8Zm/2ERipt/r8n6Tvs+Z
r8isvazD1rzH2kduq8aAncvc4+Pm7T9lp1Fqqc/g6tgYR5Kvzc7e5r03ZbvF1e/j59nf6rLA
1cnc5cre66m90p6tzMfc6c/a4/Hz86fH2v3w89HX56Ww0/3v8qfJ3ePs72BXmOEAM3+xzg4r
if///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAM25c8QAAACAdFJOU///////////////////////////////////////
////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////8AOAVLZwAAAAFi
S0dEf0i/ceUAAAAMY21QUEpDbXAwNzEyAAAAA0gAc7wAABNNSURBVGhDvZrtQ9rYEsYDCFQg
ahDDiciLQImIICouUgsivTWGRCpdtdytrCu+tFddbXHXyhrCv37nJAESxLb3g3ewQgPyyzMz
Z86ckxAd1bYmtBfP+ERo302ubD0jRf3qLqvz+h353LAeq/NuVn5mWJ+19ebb/40lv5t8Zi/2
dXUm3q48rzAdSx5/+7y5qGN1vj08rxf1rM67h5XnzEUDa2v5Wb1oYMnzD2/+er78MLA6W6cP
88/nRSMLIvbwfEV4gPVt+TteJElvyvzHHlgq5ZVL/7OzB1jyysPD+DAvbmz4b0wMy3Isyzbw
b5q+81/8b7gBVgeEPQwUYZK8WKxFBZY2uYuHn/2Vr5XDz5djbppuCNGa/2/ypyvbIKsz+/Cw
rC8fqQs3y7Omy9WNmLnZNJvNsVgshX9a8UyFbgsCY7qY/jl9j1jf3jzoysfeIsu76Mp0qQDf
D7YxB5ZOx8GSNls8zrGHgUaUOyz8DO0RSwZhWuKX9kxRqs2uNpsqSKUBToEl062Y2SaYCvZX
4GHTxo9d+YjVIUHYW5z4q6YowyB3qbS21lxrNpvw1GwWCqkUprViMf9YwBSouV61bEn7dkNw
7/1I22NWZ2IdQvYt5UZM5VIYu6jcmGo0BwapV3OP+b9mzNPNpj0QRXAqDEtRDfoyvJApNpB7
+vt1YAhLHgcvTtbZSuyzi2KFKMvUgFEsKkzIvQZbKxYFdiwD8pLxMCDRgcmXDG4LDf93HTmE
1dl6C7CZj7TgargvK3+QMjxKJBi8aMYrn9200G7Tl/a5VMtmS28L9hGTgEzBqo9Gte85chir
iYU9/GOihTmyNA0hAoNQNQv4ZXO6VCoIpkM6KnA32dScLdOotWzBbXRwXQ1/FITK09KGsMia
61/AWt6qu0uplFnhrCmGU6NgTk1fCxupZuzQ1EBc0WYuokomDKKo2tHJUY1ffLJ4PWbFuDb1
Hgv7FK02VRRgpsG0RDSTNN2E1Dc3459pJAS+sjVbOFxtXYtMLngyhkzeJxLyEetCaDMjc5D3
Dw/vSbOCmlZICg0rM8ucu4lHdTo9F7PfRAUBhVvBy+0A10Zso4HajdjwfBxkVXjqGurPLOT9
w/pKCVBYU0k1DUbStWYspgzpdKw0d4Pa0Yag5CtPBc4C26wwvIwMsCpUYzU1F2+ZlfRYnyiZ
dagujHSz00q5ipnTOwGucYDaLs5qD56fWAUanqycMNSNRtbfPB1vxePpdPo1zvuH5dekqgpn
PEkqsLXC2ioKm1MF89wlLSDWdP01LNANFDgJZ893qMBVznpVHqrMwLrga7F4Elhzc+Z5zHp4
kyr1URqsWSixtJw6pA8EZiycTKVtczRXdfONS3v2JICsOWsuxwqxxwmiZ8UEJh23KaxWSk2P
h3EcJ1VVV1izQFaQiUVMMW2GymHLZDJ+tJMcYaiaLzgi1M6t1nyeYx9PNDoW2UAZm01lzW14
JxQvPrwraTVDVlil6TWStNdcbfdFszkH9d4GLLuNpW326jYSPlYDQi4HLIdgejSo+yyZdh3G
AZaEcM3NtRbU9ID5RVEkg6kw+YJG3CLLrKUwClgAs40hXzhYzTFU4JVwDaypfIRaHMz8Puuw
TafhrzRWLDVdxNUDbEXHIhWSnyQziEmleqzMV2GsGswenQR4Ttj2AWsqH+BXB0LWY11QVAWf
YdeHqcJXFx5kkPmzWJEiSy6YEFcpkVCnKgKbTCm6wIf2FsPZg9ls1r5z0D67wizHSwYNZH6X
RTIuJm3vs2Ix80bjvRqy0wnMwbhF1PDLJeg6UqlCkkOH5jnoBDArWRSywPL5gjsuqujL56cc
9w6xZhTWZRUFNGbrsj6YF6CJIQNLk6oX3yow+Q8OFUlyrQnlN5WKFVI1nrab4wrLHhaKYYW1
LTDUmU9hnbn+NsA0VgGZDip2jdV6vTIx8fo///n8z2/QwanKQNQdojdkaAhwqccNyEbzsIFM
mZgNs2wcUwUfBnOIPqnxtdyU4/b2fjRqqPkqS65x2w34C+xDWzKdWV4/XQZbP1WdiJUtcOiz
TE7D9K+xNuZgeI1FUe1VJh2v2twH1XP7ybXQyPmyAVfNCiyCQHd6YSprj7cGmDBmASweX1CL
ht5O/6FTslZ8FRdC7YXim0qOsahRu9mpvOKvX21zFJPz5ay+ABXKA+o+ZCgfCktmmBbNgC5F
GIxlm+Y7PW0F+0+bLbELAYWbxLnYKzcnRBFy8dCXFo9GclawABWYIsAO3DphCmuP32kxNHa7
logL0NY/snelkjIva9FSukSchsm07av18yuGtebOgyNQNaBsWGuugIOIEB6ka0AwS4bSaWPo
KjhRg32wqdXQaOMFmM8wCmRBtNSRDG63Z+xhOwQse+Tzaax8fpS33EYi+8d3/eqBWXvo8qha
4+AP+sKUyXLQJl/DTK2herKUjA8H7R/RTo8FQ3lqF+0TkUhI6JdFYMl3bDBbNXHhsAJTym9y
QauGRtzyBHQ7Sr4r0VJcqLFOXqHrI1UWlA2Hw0GgOhHZd6LFXsSAZY6ehbN2d0NjYVg83no9
JD2gXs2bvQva/G9ABY/sjUAQs3CVB9btvZMaJTb3y4yetYpGYBDuIKsCU9Ie5pUhea9onHxt
VpYPBlXhYPCoyjDBETVc4EIYXfc1Soo4JdQrwaCrRtt9vmxQ2Aa3KxFTi31LK1CDQVteWVhQ
Fyp9D4aDR1l7jVV0YVnAgoS/30WbTiffcyLRIaPbENPsCRQZnReT8Q8Tp0PSQ5WmqeoGC6Oy
4cABDC5NFmZFIk5+CVhct9wTHb+Qs0Gn4v16WGo2vbD68cYzMS+e+SdWhtv8BFlKJZNmrT/1
Fppes/kke42U0ZW3LbRarQ+KjYxVCdGV0iJGdIqcbwHPun3bsDeNB4b8b9pmKxkOV32v0A7U
J2veazjuOG53qz0hc4FcTHbjtb368Mtpe0F/oPtG/5l1y2uYVcP7AvjBVuTqiA8RmDVVInvH
Gxfyfd3VncaIvWhxZEFm2z27kdPhgv5A/63eqwawMtMy6h1YxCzhLItbjRLJ94775YAocl0f
rjamrAsyM8jSHRjKamaABcswze7kTG4k6s7ihC+R/eOHcsNVRlrpIPwHVmtML+PuJ3SxcjNj
N+qyj/gO3NDV5B0lsq/XL3MuSfSrwggT47O2jLriwYLMDVHTPySoLL0uO9alsfS6aJdUv9FY
dMiXbxl1xY/M8g3LMhw8GKbv/DZilCMccyMX7IO6crloADc190ZdjXa5TGusRiAHLEO8MAuW
xvgH/pn6ckxKR6ocV1gGXVZg5aBk3Orj5Zfpulg2aazomXVqQJctOOe/S8E6D5qpkkzrWWuF
C/dNjDQX0uGwMV4nGstx6zXEi/DwS6yaHAQq5oFl0GU7OkK0LYiLYzgm1/SsuP3rDaz57Tao
nWsGXSdWK+jCldCYh4QkHjeUKnVBIGLqkS67SQjDl+FSHDPqitvt6bAbaCM2+5phfJ3kgWWF
tpAwxouQlvio0ggsYpYjbtSVHEFuexCzwuGUUdcH3ABV7e4DxHw0xus8bz0IWGHeIryG8UVI
IVdD2WhcBZYDWLq6cSeba4IvCAao4ICu2eoJPgNbGFo1v0HXeT6PtvG8FTHqikiSS1A3NQkU
cdwmjbqyKGDPHik0YBni9Wb8T4AFg+fV8KukIV7nU1N8ceoWWNNGXR4LxWss6sxxO6CLEUZg
PsoeHR0FjzaM8XrzMFk5CcI78AGvMV65InJAajyOV0JEGstVmyIGdEVRLugDGOCyrQFdsIT+
fILPJOvzGnRdB2j+7CzgqbF7uuOHMuFJ1LusdhmzDPGCRbcVpmoFlx7UBZsDv/2JVyS+gkEX
LVKUANsqYn3POL4kYKkNKUEd30YGdF3mBAGUYZjvsS5YSPz7zyuFpa8bV1PcbsRZ3CegRunr
IehaiqpdACG4nIO6qr4RUIZhPt8QXdBxjPuufCPGeH3JR0chWETEOVA3pESvbjDtEFE15qHd
6oMNimvorjDLmIdauzP5+QvM5lHd/JUlUOAWms99YBl0SVLdpPbZBO2qR6rGeEFp811x/Fh4
xDdi1EXCNRDVln/7op9haXnhTG3gnffyhat3DhekU0rsduv8HeKlAV1Q2qwjVzQVgJ45btSV
+b0LW//9g24KcO3Jl8ebkf1N571XDvRQVKxkgdzozl8X4nH9g1EXlBuwKzdFj/iSxjy0+37v
LSrGZX+/LHMl2XwCDXZSlg/7R1n5gyRJQndeXo2GqJfGeJ1PKTDfNTrYWTDqOsl9+a0LO93S
JXdbOFRbtT1T34Ntt/xSkjy8tl1EeBsewW3UdTSVh9Va3urLc/yiUdc5bGx1F+wP72S3vlMQ
aPeNiaV0hxBJWiRLudHto+TarmdsoB5CrcG4fC5XCxh1wb6W9cu1toRZ3vpBa7cof5GkhKil
BtwPsHjg/NOoK3vrwDRFXcao6wifgnVHW1aMy3t6GYPtkEk2Q2Z4+n0vrCo9A3noA5ZKm5qy
GXVdYdZU3jGjpuOKvNd4quFyuWUSJpTEMdVdMsOaiC1XZd1f3Mg5AqYGjAOrGnVlMR/OI6+m
4zpsDtzoGi0dl1mVSwSgRttMd0MFWHfoBPbzXJRmd8AiMO1eZZl678CZ+rRTcNz/W10xjX+T
S4cMr8s94LngQo4s2zYh3yW+vailBr5/Y4F/aVyI5CIqDMTdVgfegm0mxz2cB3F/84sCO53f
go9c3MEFxihYg6Pdfmj55A8OTAIP9ncdgFXiAt4F8/mqF+94XeyZzS8jGIbtlvgC6zFYX8FP
0r/aJHPKKeBFI3F/rVwxgLI/OT8xsGqyvYRIKShUp3ubDnjPoYKkhHOU8mw6N51iiNjfj4Bp
NFUflkiM8mItMgWlXDH4xMeZ7rBef/tmfP5PvLqrfsk59hMKSEpIx7wHaUUD11745xXKiYSl
zktOZ0IMRTY3N/dVXg+oaHREaJ5fOru9h3KumaZM1ffLC6gR8OiaJcQjqXzQ32pT9oiu+YSU
SIh8ArP2nU4dzcC7j3gOqIOQhbgn4Fy2X3zqFmL1ef2TqQeSLNKuqy4l+DHjvk2nhEYBJomi
JYEwC8M290FdRJXXM4jSWRnxx6HEvntmyNJ9/X1A9V5CWqL4kCVR1m3bqPcRyXe84l5elMSQ
02IBmsrDzhywyH1E4tCvv/TKvVHb6UwAohWqU/wofGEC6mk347v3LJEQMYB5EEKYBTQdr89U
2E73zLCNsR7ydIYTqeMQ1mYpi/pNem1fdJGCs8BubIeckCeqKfIMtul+8f4pRX1967/WLGoq
8od9Vb17sWS2blHdSIGXe7RB3OZMd1PW6LmB/52+wF8GEzI3ZL8XFixUCJ8KjHNqFE4K47ry
FI8qD0C/eGozRyfrPQ4ZLoW88Uppd89cDuD0gMmmXKZ2sT8xTidQc6vFeWYYU4/lrb9/AZFS
feQ2XuXoXXcoNbAXLfW6M0SJCgx/XAWqTOUZjvSqxRA/rr83aUUDXNQYuHrTv56yR5Vhwt49
hnQU+VHF4X1TOZqZ1Kr72E5nXvQ+ZCnz3X0oXZ3XXsp+CBlkKZazhIe8kaYHS8Ok/fIealTP
LCHKkINKL9pPStnNe6CGeQBi8fAg7WmaNFCe1j/NvDCcXMLDBx5djNVf1yvRIIpX81Hapeqe
AUcapRkS8sXgiVH9qaSnxnC90sscW8QlLS9CIrX0PUcGDAk5Y4iuhJghl+oNLNhmFpdETU0i
MUqhMtTrp8zyj74mflKrrpq+Yq/HGFI3uoe8LE/1ZiBcrGEGeCJsliVqVF/rT7s5CAOL/onr
yx25wLSXnP1s8uxSYhmX0UFLJJZcoUTCpMvIddWPCQ81VJUhD1VtJRoqYt8dFs8STMaewdAn
ErsUzHlgpvd9T/4CAxkyufbEnQ7GeCmwOxe0BH0d4EkEc4RuLCudBNXN0oSpnySnM9Iu737q
Do7HrA5cqT42pLtFCh1T/G5IgjKlnAMefngYdnNBp+1f/zwawsNzvnv0ghlIiYTFUz7m0e4o
4CB6owNlJSEFtMuo0C++e/JG0CG6sB/HQJoxIyyAE3lK3PV46lTZiSVq5VwpzFLtk3Y5+mF5
4gnacBbMZzS/OzC2EpAyoSWx7WqjpdFRDx4aUPyhT/OEynVRpFy/vtFm0smJoXdMPsXqkH4W
T2TGbE9YQsd8ubwrQmPCg4miCL8RL9Z3RZ67ImfHVdryUEc+yerIXriku+TBaro5kPAc4yqJ
1XhATWh0aakcCoHC0K7ILpbkDklOvFtWxgC0+fqSobx+moUb4kNOEKH3wurgF2RjP4raPIpD
NSqKjL9XKbZmJ5WyvDw7SPsuC2h/wybo7ijExgOjrA6jTDfwICckz2idj5r29KOX/LaliHv7
ZpY0zCs/YIE4smKKHoh8G6IH3Y2uJ5BC5WPxIGq6GHILCojDTeTkrP5+8h+zAGdeLdKsyIvH
u+XyaAjiVF7aPYaMYN03F0/dVLa1Na/cFzdruDb6KIbDDsDNKYdwxyjNNKLRA5ZmTHeHF96S
/L175Uhyax5GQX8A/JSunzqboR/agrx8Oz6hevKZWZ3OX3/Nji+Pz/4FWfLsLCwIMmUesuT/
wgJ1W7Ozf/0XvHEVdKRHia0AAAAASUVORK5CYIJQSwMEFAAGAAgAAAAhAMccbRScBgAAURsA
ABUAAAB3b3JkL3RoZW1lL3RoZW1lMS54bWzsWU1vG0UYviPxH0Z7b2MndhpHdarYsRto00ax
W9TjeD3enXp2ZzUzTuobao9ISIiCeqAS4sIBAZVaCSTKr0kpKkXqX+Cdmd31TrwmSRtBBfUh
8c4+7/fHvDO+eOlOxNA+EZLyuOlVz1c8RGKfD2kcNL0b/e65NQ9JheMhZjwmTW9KpHdp4/33
LuJ1FZKIIKCP5TpueqFSyfrSkvRhGcvzPCExvBtxEWEFjyJYGgp8AHwjtrRcqawuRZjGHopx
BGyvj0bUJ+jZz7+8+OaBt5Fx7zAQESupF3wmepo3cUgMdjiuaoScyjYTaB+zpgeChvygT+4o
DzEsFbxoehXz8ZY2Li7h9ZSIqQW0Bbqu+aR0KcFwvGxkimCQC612a40LWzl/A2BqHtfpdNqd
as7PALDvg6VWlyLPWnet2sp4FkD26zzvdqVeqbn4Av+VOZ0brVar3kh1sUwNyH6tzeHXKqu1
zWUHb0AWX5/D11qb7faqgzcgi1+dw3cvNFZrLt6AQkbj8RxaB7TbTbnnkBFn26XwNYCvVVL4
DAXZkGeXFjHisVqUaxG+zUUXABrIsKIxUtOEjLAPadzG0UBQrAXgdYILb+ySL+eWtCwkfUET
1fQ+TDCUxIzfq6ffv3r6GB3efXJ496fDe/cO7/5oGTlU2zgOilQvv/3sz4cfoz8ef/3y/hfl
eFnE//bDJ89+/bwcCOUzU+f5l49+f/Lo+YNPX3x3vwS+KfCgCO/TiEh0jRygPR6BYcYrruZk
IE5H0Q8xLVJsxoHEMdZSSvh3VOigr00xS6Pj6NEirgdvCmgfZcDLk9uOwr1QTBQtkXwljBzg
DuesxUWpF65oWQU39ydxUC5cTIq4PYz3y2S3cezEtzNJoG9maekY3g6Jo+Yuw7HCAYmJQvod
HxNSYt0tSh2/7lBfcMlHCt2iqIVpqUv6dOBk04xom0YQl2mZzRBvxzc7N1GLszKrt8i+i4Sq
wKxE+T5hjhsv44nCURnLPo5Y0eFXsQrLlOxNhV/EdaSCSAeEcdQZEinLaK4LsLcQ9CsYOlZp
2HfYNHKRQtFxGc+rmPMicouP2yGOkjJsj8ZhEfuBHEOKYrTLVRl8h7sVop8hDjheGO6blDjh
Pr4b3KCBo9IsQfSbidCxhFbtdOCIxn/XjhmFfmxz4OzaMTTA5189LMmst7URb8KeVFYJ20fa
7yLc0abb5mJI3/6eu4Un8S6BNJ/feN613Hct1/vPt9xF9XzSRjvrrdB29dxgh2IzIkcLJ+QR
ZaynpoxclWZIlrBPDLuwqOnM8ZDkJ6YkhK9pX3dwgcCGBgmuPqIq7IU4gQG76mkmgUxZBxIl
XMLBziyX8tZ4GNKVPRbW9YHB9gOJ1Q4f2uUVvZydC3I2ZrcJzOEzE7SiGZxU2MqFlCmY/TrC
qlqpE0urGtVMq3Ok5SZDDOdNg8XcmzCAIBhbwMurcEDXouFgghkZar/bvTcLi4nCWYZIhnhI
0hhpu+djVDVBynLF3ARA7pTESB/yjvFaQVpDs30DaScJUlFcbYG4LHpvEqUsg2dR0nV7pBxZ
XCxOFqODpteoL9c95OOk6Y3gTAtfowSiLvXMh1kAN0O+Ejbtjy1mU+WzaDYyw9wiqMI1hfX7
nMFOH0iEVFtYhjY1zKs0BVisJVn9l+vg1rMywGb6a2ixsgbJ8K9pAX50Q0tGI+KrYrALK9p3
9jFtpXyiiOiFwwM0YBOxhyH8OlXBniGVcDVhOoJ+gHs07W3zym3OadEVb68Mzq5jloQ4bbe6
RLNKtnBTx7kO5qmgHthWqrsx7vSmmJI/I1OKafw/M0XvJ3BTsDLUEfDhHldgpOu16XGhQg5d
KAmp3xUwOJjeAdkCd7HwGpIKbpPNf0H29X9bc5aHKWs48Kk9GiBBYT9SoSBkF9qSyb5jmFXT
vcuyZCkjk1EFdWVi1R6QfcL6ugeu6r3dQyGkuukmaRswuKP55z6nFTQI9JBTrDenh+R7r62B
f3ryscUMRrl92Aw0mf9zFUt2VUtvyLO9t2iIfjEbs2pZVYCwwlbQSMv+NVU45VZrO9acxcv1
TDmI4rzFsJgPRAnc9yD9B/Y/KnxGTBrrDbXP96C3IvihQTODtIGsPmcHD6QbpF0cwOBkF20y
aVbWtenopL2WbdZnPOnmco84W2t2knif0tn5cOaKc2rxLJ2detjxtV1b6GqI7NEShaVRdpAx
gTG/aRV/deKD2xDoLbjfnzAlTTLBb0oCw+jZM3UAxW8lGtKNvwAAAP//AwBQSwMEFAAGAAgA
AAAhAL8Y2RTOJwAAvLoAABEAAAB3b3JkL3NldHRpbmdzLnhtbJydW3PcyLHn3zdiv4OCzysL
QAEFgGHNCVyPZ9f2cVj2OmJfNlpka8QwyWZ0t0aWP/3+wIs1mvnl2WP7xaNOVqEuWVl5+WfW
r//tb3e3r37cH083h/u3F+WviotX+/urw/XN/Q9vL/78p/V1d/HqdN7dX+9uD/f7txdf9qeL
f/vuv/+3X3++PO3PZ/7s9Iou7k+Xd1dvLz6ezw+Xb96crj7u73anXx0e9vcQPxyOd7sz/zz+
8OZud/zrp4fXV4e7h9355v3N7c35y5uqKPLFczeHtxefjveXz128vru5Oh5Ohw/nrcnl4cOH
m6v98/+9tDj+V7771HI+XH2629+fH7/45ri/ZQyH+9PHm4fTS293/2pvTPHjSyc//meT+PHu
9uXvPpfFf/aXz9P9fDhe/6PFf2V4W4OH4+FqfzqxQXe3T9O9293c/6Obsv5FR/9Y6l+x1G+e
vv1m64rmZfH4X19Hfrr9RXvZ7add/O3N++Pu+LTNMMA2irury+9/uD8cd+9vYarPZX3xHRz1
98Ph7tXnyx93dP5+fzqvN+cL/v2wP16xabBn3V282f7w4Xhzf16Pu6tt+3a308fd9t/7419u
rs8fH/9if/d+f/3uy+m8v1sP9+fT44/vmQysPh9+fzi/+3Q8Hj7dX/9mv+O3kLweDvT7SN6+
9uP+L8ebjevfnb/c7hnb7uHh97s75vC7d3953KbPl7e77exc71/Pyzb6H/f314fj9/Pbi377
5/Xt7f9+OW5NWW0/cVqu/vrY4duL4mmC/9y3Phxfr3/8579V/ivf2p9eL+/+7/m4u76Hjf/Z
6f1Ln7w5v/7+T99+K23//HYp2+2nny7l87c4CIcP786787Zdp4f97e2jbLu63e9gxM+XPxx3
d0iltxdPvzxt9fm8o6vrP+3vHpAR+1fHy5vrtxfH76+fOz1t2/+H3f1+fZRt680tXEJnj6yb
1qLcet7d3j7u6gnOfRzcp9P5cPfyE5J245UznP3NT49dn76///MJrnr8o4+w6AvL0dfjb/ef
YHBOwRMjvvx63s7TN71d3xz3V+enUW58+x/3f/x0/zKgXxL/wEFiQR4+xn/y+5cvP8/ql538
aRvFSwfbqh6/fv+50fnwkLaT95MJPC7Rjzenm59PYbet7T0L9Tix7bQ9Tvdxo673H3afbs98
8R1dvmxAk9sn1v745eHjnqZIif/D9fVCr6vmiX69SYLfPP/Rfto9PMmJ6+PuMyP79+PN9W8O
x5u/I0B2t+8edlf8+NJHWT0f1Z/8MQf7fHP1yz/N6flzNyfY6cvXPuevH1q4hL+8dP7S9dPf
v3T7//vrR7H2EXG2Lfe8O+8el+j+8IdP91fnT4+r8L9YSSbxSLh6kZrPM5uY5vFw+zKGx7WZ
uKePXCPPy3l9fPdx97Cfn1b99N2vD5en7YfnbTi9+vFy/zcE9f56k9ynh5vru93f3l60bfe0
4m8+X378RR+fLz8gZO+Rs384bsL95V8MZDt0r5+P3M9+flwi+nv5+aktsvZrR8//+Fk/3/76
0s03DZ+0k20sn077dfnt7svh0/lpzR71lndPmg8d3z/K/qe/f9Zmfne43m9H+9Px5hdXZHjF
bg0eZQc3Ah9iXl/HgG52zVJ/vtz+448s1cvfojUV9TKvT5uzUb9SiqIY0/Mp+DmlnJfnNf05
pWpz9t5SHfWW5jn4Tt2kyXtrqzEYQZvWoLe2q0ftrSy7+vmA/Ww+ZSrS4m1Stc4BZSyftYxf
9DYuvbep0xSMINdj7W3ygNbzyFQ//04eKx91VVTls2j4WRsora9b1dStf6fKxeC8U+Wu9TWo
8lQFbdqp8DVIRb8MOtNUpuwzTXW1Pp6EJ67/CV/X5dj4d+qqXZ1767qqfAR1nRrf0zpX06Sj
rtuxckpTFJOPoCnT08n+xXyaquicE5tUlz62ps6jr1tTD9lPSZPLOmiT6xS0aZuy0TVo2tw4
JZf8T9tAaX2muRxq3+22YH20t7Ycg7G15dT4d9rUDD7Ttunq4Dt5Wpzj27ZvfQ3adg72pyvr
7LzTle3ku91VS7BuXWonn2mXh8Upfdn3fn76qm4jyloGvaU12O2+GUc/c31eg5PVt0vj+zMU
a+ccAiWQykM1Li4TB0btezo06+wzHXI3+G6PRTE774xF3fpuj2XR18rXY70OLkPGtil8PlNR
9r46U1kHM4USnKyp6rNL/ymlQCJNee195+Yy1z7TuZxzQKnyHFHayWc6p6n3tV6KNAQUVAef
6ZLL1k/jktfRR7Bw/fh31qJpfD5rWQW62Frl0Uew5nZwPljb6F5Y29FPfVkUS6vz2SirjqAs
ymHS3S6LenbuLYsGnjeOL4s8+h0MZR2D76BBzt5buxR6TsuymVwqQ1lnvbO4sdZG17qsqrlS
3ikrdMugTdP4XV9WuRl8rVNRJZ9pqtqQMgc7l/Iw+eqktl0WXdHU9lUwgnYdfN3qopqT9lYX
dePrVhd99jWoy6YI2pQIRf9O2U0BJaXV16CuW9dHy7qeWr3NyrqZBl+3uh1GlQfMpn/xZH6r
x5dNVfe+Bk1uXNsoc7m6hC0zLKL3HJS6dB7NTbX46uQmBZIi58o14jK3ZeG8k9uqcbnTbuJF
9xTNrnV50KbOZWLZpingxLZGWfbv5MZts7IrIunSlYHmUHZV7RZy2aVirXUEXeJTAaWtfdRd
M/sdXHY5r86jXQ5sJtqswRr0RXKfQ9kXret8ZV/n1c9P3/ST82ifJ7f0yj4vpfNB386BpBjK
3nX/cijHwcc2VFXlp2RIjVvVWDKl+wKg1Dn4TlNFI8gp2AX0UddQyiEvrtmVQzuuzlXosK5b
YmWtnfPoyBq4VB5TH9yaY924To5VnwPeGfPcuUyciim4t6e6cj2+nHLb+C7MxeS2TIkO25d6
Gueq7FxazlXdBd+pWsKd4vkp56p3j1k51/UcfKepkp+fOVddMOrcBjft3CKUfGxtX7gMQb8u
XJIvGPw+gqVcA05cqibQ7JZqdh9KuSS0Fx31UqcqGBtqSNAmt8HtvOTRPY3lQhPn0ZXF8TO3
pjaY6VpzZ+h81mYN7jlsjyVo01a1cghhdy4g+w7uxMF9KFBm1+OrIq29cnxVtH3SNcCdWc8q
QyriKy4PoLAKOuoy9WvQW1uPwQhw/ejJqqpicOsdyuiexqoqc6enhJukiHpLy6K3WVUx6GBs
6KNZ16Bqiko5scJ326heVaWiGXzdoPi9TZsh4AN8BO7bqFLqJ18dwgtu6VWpmd0XUCU8ms4H
KadZTz1tOr/nqtRy0emKpnZOvqJ11bnfsqrrxjXVqm6aYdbvYEm494stRbXTNpvi4LzTNGEb
PNvOVbmO5pPrvvKznesp+8nKxKacR3PT+52FGdy7HIUypmAEuXSLpcq4R32mbTm4To5NHfhQ
oAyj3o2bHR5IvrYuF1+Dth7cCiUGxzbobkPxuBltplpvWsJCuEG1N2wM19/g6vIlQv6tfQql
DnauYz5+5rpc9H6yujwXvqc9Fre3gQ9de6r6miCLzrTPxeJj61vCL96mTcFa4/WvnA96HP/+
naEsKx/bwG3mHDKkofCTNTRNDr6DJe4cP+Rq8ZkOue1cjo5F5/ZpNRZo8rpuWAWj6lXV2BLj
0DZT0Y3e21Qso49tQot23sF/vfi6TUh/l71TnvpgbHCIn8YZ56Dv3IwDw+X1XLeBHF1KjBld
naVMk49g4Z7xPUUjDvSdBSnma73UhfscqoXP+HyWpgj2dIm81ESzmmjUbetxpi0CFnDiWs2N
nyz069b5YCVcP+pacxZdJ6/WnF0XS5vprHyQCnZOJQU2QXZ9B8rqI0hFnj3KA2XNyjupLHu3
swhH126JQwlwG6lsRr/NEk5I1/ChBN7jVBW5011IVVkHvVXVMuhZSKh2HlVM+BldwkKZPJoE
ZXadIoGacNsZyuh3I17Y3iVFSsUU7DYOQNd3UqoGP9sppdlv9ISrxi3khEa8+i5gnoJjFD9F
qosyGHVdLH6XAOiYCv8OEAzX8DEKhmDnUENcjiacbO6zS3VTu7Wb6rz4vZ3wAwenfmOqRVen
qVa3mVJDKFRvMyiBbZa40B2ZgJGD40NHkBN+UKewDb6nqJbu3U+ZiLTetCk3q1u7CeHvUjm1
dTNUOrY2F66TJ1Bprl9D6T1uhuwvXb9OHS4MvRdSV68eA0sdYBzn3g5DL6BwY6hOkfCTB5zY
F0Mglftydm9e6tH+nRORvPOka92jDPou9GnxuxGealfvDQyGxwHTgKvEeWdoUjDTDYPh8xna
IeD4MQVorTTmKfmNMea19rFNBRJO120q+2A+E4fRvzPVq3tOE/a+e5zT1I7uh01zgWqnYwNP
EdyNMz67oA0SznWXGWyRS5cZw8j5egbx6WsAxb3haQZI5pw4c+pVU6VN79YHvBudhYXbzHd7
BYDn8mDlbPnY1rRmH9tac1J1f0ASBNrTCixNVxQ25E633giwJ7fr6yKV7qeAkh3vQlC+cpup
LrDadKb4CGq3pgjXL67v1ASe/V6A0vtpJFBdrnoa66pErdDVqerSvfs1JpP7+UgKGByLU1fY
zir5oHSOtECBnf1mqtlRl9c1s6nVzgJ8HaBAoLSOca4x2lyO4pycHZmwRSijNgTfVYbg0Jxc
+tdgTl3DhxLE9PCbpso5HjdfwNc5jY2fn1xzmSiH5Hr2O7gGijOrpKgz+ETvrY2QzHVb9n7T
ArZco96IkgbfqVu35wB5j+7D3zAtjjqq0YQqlXxQkt9ZRKZal8pQAlw07szZfd5115SO2oMS
xKqhTJVzIp5Gx+LUHe5jl2Jd7hzHVXdt6ZEUKFNwTnsCZy6rem4Z1f3rvugDTuR3R5Jxx3ST
8yj4Xve648Hv3Jqqe+BAtZ6SHhe6rzXaoFsS9cCl5WMb0GGdr4eqDCQsSAuPLtdDGj1KWg+Y
GC4PiGo2PtOxArmhawDFdRdSOwrXkeoxL67V1FOVgpsJj6bHNespwlPUUz27zwHK4tkdxGuy
W/xQFvdkISs7jzPVICDc7w+FiKOuKNpg7XwwcwGp1lnjOXVfDZQ12FMQEG431uiWwSmZ2z47
hyxF4Mmq8dC6DQgF9UnXYCmDCDttAhsQyhqcuYWAZ/AdEF5+gpd2Seo9rvGpBqd+TYPHdrc9
cNu5xnPqSOZ6BZznY1vbyc/c5m/2PJamqPuka9CU5exrAGWpVVLg+Gn8/EAhcmZ7SrJM6dEK
jKxm0psWyhC2mR0X0JTt4h6mLZnILbAGAes82gBaWPXMQWlfUle/jQNCIcNE14CAvWtpBM36
6DtIHr2dcbIF6PQGndxlL5Q6GgEeWuW3Bm3db9oGY8rzS6As7iVocEb7PQeFDC1dN/yZLhNp
sziKqgHI7Pc2Zjhb59+psZGdkmc/pw2QRsc9NTUWssqQpiYa63u65dzpvUCbwe96Et4CTDDZ
jbNj8zbK5GMDTe4+/KYBkOTnFHdVs+i6sQjuvybpo/PsT8AZjSOmG1DeAY/mlIL54KF1zymg
8ex3ML8HeBcoyW9a0ur73teAPD23cpoW0ac2bdNWfeMcwrUQrA7yqA1GAAJC720iH9m9hlBm
RxgzmSC/EcriiIGmS5N7nKEswcnq4GznN/zKjk4HtsgBUk7c/Mp+M+Hvdexk0xOtcOnf14E1
1fTcdMEImuSIm6Zvg5ziBpSD67BQhkBWQQn4YCjm4AQP1Zh8pkMFtlRXdACx5is6pCn7XQI6
I1jrsUquRXNljm5RNmPNZa9jG0kr8BGQIe0e2gafd8BV5BAGJ3iqRo/+N1MaO79liGYFWtrU
Tu7BaGbifb4LM5aWr8GMi6nS1ZnzGsiduQ08zg3r6RZlsxSEL/U7oJ97H9tSYhZ4G9x5QW9p
GQJKXhz31Kzl4J7gZq0atygbPNtul0CZ3SPTrLn0CDuUAPOTSUz1DKTMgrovGsraqX6Q8Wz7
CKA0bunFFTKI4wc5d3mD4qjmACXQnkhuxz1ouw1ldg8tmAmAkN4G32BAaYAbepsG975TMvdz
QBndK0XYOXn0EkrnVgGUdVKOz8BrnUczeApHXkGZPAZG4LsJeAf92v1IKE8B9mtTq1xHgrJ4
VAR/GW4CXdFUL6tqKEQ+COt5m9x7NlFOeXZ/InpQ6/poJpjj6IyMy9m9hlA6xxaRDli5FIPC
wdf5gEp26Z+buvf7B3UL77r3lqva5QFIj+A7uZrdG4FyC7hIv0MWo9/oGYCke6U4V4vH9Ehv
LGc/C6RjzD7TNiX3OWSwx+41hBJ4fsjxaR13i8c7iHTlrik8npX7goCfrhu+aPfug/wqXN+B
0i2qrRMFDDDoUBa3fwgTkzrlY2uDigXbiXONCwrBd+1tKJIjCqnlA/zY21RdMOqhXh1LkEdS
OHw+4AWCtSYm77UZqCZEQTod20iur0skELnBfMi5C2TvxM2kvo08teSQ6wjwEbv2lGcgaz7q
OUX3D8gEr05EOYml8lM/R5jgPJMRr5odmlgb6AfLZm3qTKF43AyfOyBAbbOWAf46r8RyfK3B
HzhKB7TLGEiklShC0Fs7B1J5bWc/cy3lUEqV1xingc3UFmlylAGKC6UrbHXaol39XiDnfHHL
iIgenKC9lXWQrd9SN8kt/rbEngp6a0fX+VrK/AS9gdz327ml1oRHCMmhx5jR+VRN737LllvO
IxwtlbpKPSVQFj/ByNdAVkFJrsdThml0fQc5kTxuBoUDqTNNLVnsSgFO4VnALXAXx6GQXL84
2pFCE6S86Xeo5+A6EvWz+mAEVHrwzG42tHBtvcU15ximFmiRy+s2o4Y4j+Zqdc8pTjZKmOhM
UeBKlRRbPTDHSkGZepXkUBaPuYJpQSToCEi+cd8ggjeoOAX0ufOMKiij5yJAWTxfBsrqGSFt
VzSuDVL/cvb7pyWW5FonlKASIZTJ7UZqJIL91XVDs6tcUoCN8MxUPHa4db03zB/11ZAl3rk3
vO0Jjvme9mTF+Nj6yEbn+517GqnKRgRIR923w+R8PVAt00/JUJD9or2R0+XWYTtQFCBqMwa7
DfqgUs2hpTae+9/AWAeZtlBW18XwcGEE6ny2zC2XbyNn27mKqg2BTBybwWMs7Zgbxw22IxFp
55CpwpGko4YyqK4MfJVSTN6m6Qpfgwl3YvAdPKdBG6IIPoKZVBrV7CiLEMRPoeBR1FHPwCD9
lMwV9cq8zRYjdArIHufRmTvD5fXMmjqPLgV6tH4HvXvwUS/wta/OUgf1+dplS2fV71BjzX2q
SOvZo+XtWk3ubd00S/ePUg9scuwxlMWlZUclNb81OzRij9gAzRsKPXMbxfP0AO1Vnv/TFRSw
0p3jykLK24p2pGe5ttFR4TMrVwEVplSJ9oZ26xZLhz/RdTEoyGXvjbIRlVNIpQlGAG4woOBh
0jPH5Vw7v23XdrA6IAaC/SFJodJbBtBGUC8NyujeiA4ktUsxKJP7kSgYmlySbxTHcUEhlK5r
TSzWM5Qpptp59AVKUF2SpHOyCPU7VKpMKl1wFY2OPyBRPaid0W15YM7xgIUdOYJahWLjYwNf
5VyFt9VzCFHFBke0cxAoNqTfoZyD2/WAOoNc7I4CGa7VdBk4kMsDqja49b5BaJOfuZwHzzfb
yot5bkXH4rj3uMMA8nuha/MQ7ALO8NbXDa+/I5m7ruxml7Aggl2/7sjJdH8VBkYQlYcyJOcd
ltRtpg58SiDFqMvmfqSOvJPgxuhJgfWZ9imozNP1NPHd7pva/VW0mfwO7oYyu4YPZfQcwo54
fXC2B/LxfGwDgBc/jSMixGXIWJAipmdupE5j1NtSuiQfOVgBhRQ11SABCWHv+gjIRQh6a9BE
vA31q2alUKHdrYJuwuD31QF77GiTbqIsjcuQiWwV5/ipXTyPkhSsyeNm3UwRS99tctTcK9Xh
uw3kDvjeQL5t1cp8PgtqgK81FM/h6BYY0XduIcLtaw0i1/MXurXqA/m2xeude1euTefetV3c
oux56Mm9KyQ2dG7tUg5ycYuSkFHjPuK+LFeX5D11UnwNoAQewL5sSH4xju9LlEHlHShBbmy/
BVL0NEKZPSZO6fR1bHQEFa4N3Z+eYtruC4BCApD2RoS/HANKUMO4J/TuthkFc/pGz2lPYptb
7z2JbS5hoQwBh/A8hvsgEa/T6PsD4tPPDxcT+61r0FSzezD6DZLre9qk3nHRXHNBLTdgi4Ff
ucf48HuBgpjUgtJRE3Z2rwfOLyppehtwOj6fnDuvAksqD6hG7W0LiziPkvTnWNCeirsBx7dp
dOlPGyS2j4BkcJWwFFsCfaxtsE4dHwK0qQu4qiMqH/SWZtc6e6oCBGtAHNJxdj2qqqN0+p5q
zT6Cvkqe9ceDDRR31DXoSRTUu6QfykC/7ocqOZYNSuM3E6CNoFJXP7QALnVs5Fu7ht/jg3T0
DJTFdbEe7KZnt0Mho8lHQJ5pQCEn0uU1CMletaceiueS9iNr4PszFat7nIGVBm/SQOncjwSF
XDSd6UQKx+oU4uguYSfKOAdtqK4SUYI62/1MoDbpCLBKHGnRb75Ol4kLaBOXFEs9eCynJ6IX
yN6lScGNsZAG7DNdiIq47CVe75Z4j3/Wo3098XrP++hXYh++bsTrPYO8p0qV22b92vYetSIp
kzIUtj9QsstR4C6d30xQevcFbBSXYlAWRwMNBUUF9cxBWT2rmeKjwe0MFIe3JnSm5KW6L4Cn
uAhXexuy1PRsY9IGdUFJZsWbpr3hdgn2hwKx7nWnCDkp6d4bmEJfN5A4biEPlEp279cA3N8j
D4SmVn+VYKiJVev9A2UM2vAWllsFlAziNOhMqakUfGdLoFD5Rumo7LryQN1y90YM9OW385BJ
efBdQAkIxrZVTso6H7Jy/F4Y2mrydx6GtqYCnPZGXVD3jw7Yx+6N2Ch+OxNcIBKo3+lAdPha
46p3v9gA1tD9VQM+HJe9A+8VuEUJBS3Jx0YFRz/BVBn1SDHOxOTeiIH6o8EIMAIdi0ObznNF
BmqWerxkIGPVkaVQqoBDMLRcuyU1F7+7rg6mhEdfBiqFOWJtIC/HUVQbxXMEoHBQdQRk7ASn
cagGt9qGAbPEOZ63FByNOiD3gp0bwVc594IadB2Jgr+l3+gU0ezdgzFQccrvbYr8cBh0dUaO
sEuKkRrGk7aZCpSHgDJOfoInKjC4hKUugdtZw5QwNv07uAmCsRHPCsZGko/v6UT+QNBbnj0T
epjA2TnHz3U/BhRy3hadz5x5GC6gzIH0p5aP122lwDRYJe+N29lHQI5P9jYLgSFf0SVFNxO+
1kB3QSN2u3FYmgAHCYVMfp3Pgvvax7biTvQVBafq/niMRjwV+h0wp64n8nzJ5DcTbn9ehrPe
tsf5fARQwjZN5zWiCDYufs8RXqCwh4+gJYFBKTxM57bZWNajnwWew2z9nI64VF1WbRS3t8eq
Gj0CBWVy6xCgeeu+J0RvgIseK7KgVLrgRCJ9QFcnNcviFLyTrtXwcEfjkVUog8tRKNPovIPe
G/BBnYPa9mPNAzd6tgn/UGBFZ1rzoJJzCIq3+1RHClQ4zmGjuPUBBabXEVCvoNEbA1DYGKwo
byO5hTzmoli9N6orr6OOgLKgfmeNRLEd5wClXXytczW674k26+JrwN3seiJA6tbzDqFQcd3n
Q/UZ56rc4EXxNm3hXqkxU3Le21Af3W3akYJ6s681FL8BUV0617jGDTau8hoKcG6dDyn5AR8g
JzwXe8Sr6xr+RvHbDEpQZWcEBuI3+ki03LWnkbBI1IZY6KIzxUPr2ZKwYXCjj+Swu/Y0DkBH
fK3Re13fGUfe+fHdJqva87dH6um5zwFK8K7iiN47qi9txD8a3EwTkB+XB1M1enyba4lXLHWt
eS8uopAHrJr3yOslwf5QkyZYgxmYm99ZczhqfEXulRqxcdw6HKlk4Dnf45yLQHehNqrXnqHN
4li2EcSPe8NH6kqNfjMtFLZyykok31cH/6hbOeNa4pDXPV3LaXBpuYIsjSi9Ywl4tqlyzM9I
LSrX1if2wC2wifKJjqsBaEFRPZsPFMDHTuGNRNWVKUeM48PbIMR03Sbc8T5TKEFd9wnjw6O+
UFZHGUxFdNdDWSqfD0V23IvDA3yF2+iESybHqSJCFsdFT5QKcywBFFK4dUWrInhJ5xGCrnyN
6Ux6ofeGquprwHsFjmqZyF7wHM8pFaPneAJ1R7fTEfD+nftQgPyQXOFtiG/rvY0rAJ9M0CbA
lCCuiQloG5w4jkyglE/vGj7ga6rteW9UWvBRg94cgxFQp9HnA7jWIxwTOV0uLUmADfxvUGbX
ybmy+mC3qStV+54SmXLMAukLi2OCca7wPISuW+btXF8DgmOeF0rAdfQoD4eUKp/6HSiOw5/I
SAlWtG2CN+InXgvwGxBHQPCiLOUkeHdFx9ZRqct5hzxb1/AnMji8Gta0Rf+d33qeQ9Y7i4Qu
DG4dW4+T2qULUBiPL/CYEc9KaW8EztzSo4hzYOlBmZYl6C2osUabwJKYCI+5jQ6Fgnb+nWry
CukTWNDSJSz5R+7RnIa2HIPv8GyEzxQ3TnD/kJMfaA5I6+zfASUayDfe2y2dR0feKVFdeRqb
NdA2MLg9ijChBrjVNoE/qFfdBV4/CL4D6sn1+GlKg0cRoAR1pSaq2rqncZrwBPv+EDXzqidT
iDmdeFXXbVqeDQS4rmswkyHmI8DfG+g7vMfsPsiJ17gCicRrXO53mRbqrzU6Nu6y4JZZovcB
J17WctQeZboo5Kzf4U3b4D6lPqwjLSiNR6Fe7w13kUtL3rR1H9dMsTKXB1AWl4lzUXeLnh8e
tC3cbwlldEk+o6m6rUnS3+QZ5Jj7VJG0NcCgXF2GbBSvXsij1IF1CKXzUzLzfK/7brdizR5J
gaUCPCwUvAE6Hx4X8+oDMy8muCUBzHv0mr8z8GvXVGdgne5lg0KpIR0bNaL81FOArnUUPMVI
escEA2is3Q6eQU24xkX5a95c1LEBBnIkM+WvB4+WQwneRKO4ZetnjiLotUsKCupNnsuDyyEF
e4of1qUlAbXZkXE8+9J5rgiinwtAV4fC5e4BnMkzcmwED5oHPsiZmkqexwIFbJyOgNKbAR/g
L/P4NuF1NB7tjfRPxwnNpHK6zUTaY+/eYyiL3/Uz6Wser4fCbe9jw+mtUhlnfOUeDCioY94b
T984x5Ny4BrXTMqBR8egBPhrSgHzXo2OoKcodEBpAnzizEoH69a3gXdy5l0rj9jMAwJWNTso
g6MDZ14gd8QnbjmqhelMwd16FGGmxoHHAWdm4xGOeaQald9ZI7UznK+nggqkOjaq/CTVLWfc
HsF3JnCDQW+E4Sb/DlHSYGy8wOD3wtSM7r+eJ+pGuEQiJ3/078xVgDHDtR9U5Zzn6H0zVLQp
mA81/IPbDN2y9LVeeC/H142cfLfr5wUpplrnvHJMfX/Irw/k6EptE+eqNUdSGQnvuTwkIfeu
jwIvJhhqHEJB1+B1pKXgLKik4Ilekt60N9yW7r+m7DIZDN6m4eUXp2BJqLTEkCiC3qpidVwA
TlicKPqdqpw8H2Oh8r/bJZRzwKPovaXA4l94wN71ECiL5yIsFWh7XzeSB2r1oJOMh3qpY2PM
bmMsVNf3KlU851c6yhpK4NkGitO532XhGU1HwkAJahlQarZ3iwXjcA5GTdn9ybmKPBqPVmyH
3jHBC2Atv08pikMmv641JYgCTtwer9JTzzPSlccoF1xcfpdAIZqjI2ioY6lSmdTLwHpfiP67
Rkz4dnXPD8kDAL11BJm3SJx7eTPVPfULxb0C3qHUnet8C++OufQHkrV67eeF4meO2+Bh7sB7
TNmVAOe9UEnHPVkL8UG3gxdeCluddzrqoDuHEK/3bMkF7TYaAWA65xAKE7i3deE9MPdFQwlw
KChVVXDLoKkGZ450VvcsLGCP3T8KpfXXlRdSRt2zsKDDuj9+oQKq14SBAu5V+RpkQnBOSR9w
9ObC+Z1UP4BCMTX/TuTjwrkT+PAXqqUF86Gqu0dSlpFYgZ9TdNuIwuuJQRsyDpzf8CIFI0Am
u9ZJIhzPvOnq4FN1vXeZ2s7jC1Bm1yCXuSC3Qb9DlapgRecStIe34Qki31McPI5zWPDDeuR7
wR3hdWQWKiq5b3CjBPxGTr5X2KSIM0WMdT4L1YUjSlC7aeEVNbeMlnV7nFW/Q35LwAdrokCS
tcFBG/D1uj3BpzwKIJdK294bcMc5oPAUh1PwegRtMiUYgjZBrfG1oMazWiwrFV29psXKBRjM
hxQOx0pxAfeuj0IJXj4DutL7mVt5jcsjxSv4Vffhr1VZuhUKJbk/HgqIS11RiuM55oc2wQtR
gGfAuXlv5NM671Alyz1mawW2NRgbkELnN0wM95wSXigWHxv+Xtd7OSSNe7/WVFOpRGea6iDX
d8Wr7HoIaffBW8BQeNtev8PDy45PpERHUD8Eyuz6zlo3gGH8O6h2KqvWDZ7oe8rTZ45bJ8k0
QCrxkHUQXYZCYFHHRkDNrTaeFalcT4SyukaM4l95be51e5pBbyYoi/tUV1C8jiPmYROKVep8
KLLjWJw1t8Fr3it1FhyXBqV1TyOJSQGydAV45QiIlbLDwbqh4Xum0wogyn34K7q/+y1Xcvsi
yvacna4bb2EFkoIMacfQAlLlETHvjeLCzvFbsTD14hBCWF33X3sSbf07ZLx59GUdqF/ldxY4
GPd50ybwhq9DCl6DXAfYWrVoHJCt29tQAu/+ikbsUTgoo6N0oEyOE6JoXuBBX0EZBPf2RKWh
UvcU8Jdb/CuvLnt24Yrv1vNcVwBJ2U/wTNKQ7xwasecuU8xu8ApaUFBWdT5zKhxDuxJwdBt9
pUp9cP8Q1PN48LoFzoL5AH/zs8BLBsFNS837gK9BeniWKYHqIKq4UTyzm5SLxa2CFQdPcGOg
rQd7CprBo/8rCo/n2EDJwf2zUpBF/RQ8y/186t98vtyeRj199+u7y7vd+eMfji//tR7uz6/u
Ln/c3b69mHZ37483u1e/4y82Hrm7fH/863hz/0J/v/9wOO5/Snn36f0L8fXrJ8Lpbnd7ux53
Vy+ER7a+u7y+OT3M+w+P3d7+bnf84Wu/z39x1F+v9x/+5z/6utrfn/fHfz8ePj08fe3zcffw
/f01P798rsTj90S7uT//9ubu5ffTp/fvXlrd745ffkL6dH/9Hz8et0Zvvi7P58vzx/3dfluf
3+7uf3j1+WmN9vev//zugn/td6fzcLrZvb34+8fX0++3n97fXN+8vdgdX797FvZXt8d3V1sv
v9s9PNw8dvL+h/Ltxe3NDx/P5dbkzL+ud8e/Pv7j/Q/VM616pPGvjfb4j93VNnf++vk/tj94
+k/+6vk/vv6WXn5LX3+rX36rv/7WvPzWfP0tv/yWt98+fnnYH29v7v/69uIf/7n9/uFwe3v4
vL/+zVf6L37aVvTz5fXh94fz9/dXt5+u9/DL9eHq9P39u/PufHoknz7uHvYwxu7T7Rn+PFw+
/sCuP/7w6sfL/d/Oby/21zfni1enh5vru93f3l5QKv/JLHj+89vdl8On8zd/vHW1/fXDN7++
ut6d2bJHkf7mm8Zs/uenb38dDIPfX93A0O++3L0/3DLtx3Pyq6eJ3d6czu/2D7vj7nw4vtD+
xyMb0dP+fGbHT9/9PwEAAAD//wMAUEsDBBQABgAIAAAAIQCDBo8Y8wAAAHMBAAAcAAAAd29y
ZC9fcmVscy9zZXR0aW5ncy54bWwucmVsc4TQPWvDMBAG4L3Q/yBuj+V0KCVEDv3GQ5fWpYuX
QzrborIkpLNJ/n21BBoodDyOe96X2x+OsxMrpWyDV7CtahDkdTDWjwo+u5fNHYjM6A264EnB
iTIcmuur/Ts55HKUJxuzKIrPCibmuJMy64lmzFWI5MtmCGlGLmMaZUT9jSPJm7q+lem3Ac2F
KVqjILVmC6I7xZL8vx2GwWp6CnqZyfMfERKZsXQzHc2x1KdiYxqJFQzWUWkuH3d9l3BF6/qv
kEz/gctKr5gM9fd+dGhz3/LCD5it3pyZygQ+U2/BlLLPR6bk0YFs9vLiVc0PAAAA//8DAFBL
AwQUAAYACAAAACEAToOlieYrAACxSgEADwAAAHdvcmQvc3R5bGVzLnhtbOx92W5kSXbYuwH/
Q4ICjBmoqpu5kiyrpsG1q6Qqdg3J8vitcDPzsphdybw5uTS7+mmMeRgtNiABlkYQNIBlz4Mk
QIZhQIBgWPPg/pYeyO4ezC/4xIkT64m4S+ZNFruLDXQx88aSEWffIu7vffT59bjxWTqbj7LJ
463mB9tbjXQyyIajyevHWy8vTh7ubjXmi2QyTMbZJH289Tadb330g3/9r37v5tF88Xaczhsw
wWT+6HrweOtqsZg++vDD+eAqvU7mH2TTdAKNl9nsOlnA19nrD6+T2Zvl9OEgu54mi1F/NB4t
3n7Y2t7ubdE0szKzZJeXo0F6lA2W1+lkgeM/nKVjmDGbzK9G07ma7abMbDfZbDidZYN0PodN
X4/lfNfJaKKnaXbYRNejwSybZ5eLD2AzH8oVfSimguHNbfx0Pd5qXA8ePX09yWZJfwzAu2l2
tn4AkBtmg6P0MlmOF3PxdfZiRl/pG/45ySaLeePmUTIfjEaPty5G1wDs0/SmcZZdJ7C2m0dp
Ml/sz0fJ463n543no8ngKhOPr/Yn8/CAwZzP86H4sXEyeQ0jP0vGj7fSycOX5+70X1w9PDwV
j/qjIcyczB6e72/BwA9x7eqvtYep3pHs5W0YUAWIO5f0A+BIL59lgzfp8HwBDY+3gAbx4cun
L2ajbAY0Yp6dp9ejJ6PhMAVq1f0mV6Nh+qOrdPJyng7N8x+eIOnRg0G2nCweb7V6O4iD8Xx4
/PkgnQqigZ+bJNfwy6diAKDt5tGP1dim2ChAKNT9Kk0EozSalUe0Ko9oVx7RqTyiW3kEMG5F
WO1UHgESqOJv7JUescgGEnvLkaG1drXxiMs1xiNmVxw/SJCAS+/3YrQYp6V7ny/7i2oDFrNs
8rr0/MfX06tkPgJ5ffPIBkALObsUC74YJ4P0KhsP01njIv18IaaaWzICWdOee28vh6FPs8b5
NBkAT/tLKs/iz0avrxaN8ysUDf40ve2cX5cjn43muAt70b08KSSHfTwbDdmvtXJ+7Xk6HC2v
1UI5F/Ta5QczFuh1igeLjQZ+tltyJP/NXvFIAaXAb+6UHMl/c7fkSMbkvTw6PAI7qREihJ08
+jnMxtnscjlWOPXJYSePivTg4M/mEZIeGSLBnTwqclilsT8YgFUQwE7eng3PxMfnbdswT3x8
3uZ9LorPkgcIb5ZWfJbSfBWfIo/BztLPRsIVEKSzuhhFzn6RzJLXs2R65ZNhu7xh8sNltkB1
ZQvDVnn1/HQChuY8bQTnaZfXMoQf3FcOckoLoDhySkui+BSlRVJ8ilKyKTq8kpCKz5LHtlrm
IEpikmMnj3P1FKgTolPksW1QfnEdUU1+8fF5gODyi4/Pg4IneZoKHXyWPEB4s2gW4bNUll98
ijz5FWRUPkVlRuVTVGZUPkVlRuVTVGJUNnwlRuWz5NGn5jKbUfkUeSSqp7AZlU+RR59BRuUm
WTVG5ePzAMEZlY/Pg4LHYppR+Sx5gPBm0YzKZ6nMqHyKyozKp6jMqHyKyozKp6jMqHyKSozK
hq/EqHyWPPrUXGYzKp8ij0T1FDaj8iny6DPIqGgv2hZgSS9a6TI+Pg8QnFH5+DwoeCymGZXP
kgcIbxbNqHyWyozKp6jMqHyKyozKp6jMqHyKyozKp6jEqGz4SozKZ8mjT81lNqPyKfJIVE9h
MyqfIo8+g4yK8eM1GJWPzwMEZ1Q+Pg8KHotpRuWz5AHCm0UzKp+lMqPyKSozKp+iMqPyKSoz
Kp+iMqPyKSoxKhu+EqPyWfLoU3OZzah8ijwS1VPYjMqnyKPPIKNi2mYNRuXj8wDBGZWPz4OC
x2KaUfkseYDwZtGMymepzKh8isqMyqeozKh8isqMyqeozKh8ikqMyoavxKh8ljz61FxmMyqf
Io9E9RQ2o/Ip8uhTJNvGaSOWE2tWj3rGpmqVT2bRos7Sy3QGdSEpi+WWn0rFYuNzoU9fKut3
kGVvGjqXaQuyNvob5SYZ9cejDEPUbwvj3W3MWy+9SoM8qrr45LDxRBYIFM+OyOWzs8Q3VFzY
xROiMgHLcKDj4u0UKhimdtQdCitEkQnU9eAKRL3FU6iPoCoHMViUPcBYLPygx1juQADEz1Ab
NFR9trc7ezs7h7RvKPMQkyySPtaxwF/Vb5xeLsRvTjMoOdnZI4ka69Bs7tGM0R7dXZJE0R57
uyh0AULQBdeTQV3T5Ti7ebGcDBZqZRTjSZaLTKR606PjaMup3zL8dDlfnIn87tOJAYnMAM5l
3hiG9FMoeQJUNCGNjQBcQF56fzx6PRHlSmrOfjJPx6NJKrrAmgmUUAqEOP1CdWspZeRW6Hx8
IKBrCoBk0Y6cCueAKZEwCigE+wiaIEptYm2MTRWmxgX3IpY9/ERUzDCamcA2Q89hl2/Uc/Uz
h1fJTAInTmntVrfVJS1I4HmTptNT+BlcivjyDCA4x2+T5bWEHXx4qpGDZAWw0K0cTW0VTciW
C4GQZ5+N1WoRfww5/fXB3IqCmZRMMh4BoEX5F4L5SevBy9Oj47OzlwdnT/+g0XzYenDVetAC
Ihynn6XjB//nP3z5j30o4htczUaXi4ZobT4gWDcubrIHZzSvhz6FDomKGAIroUhDejQ2gCyB
hlaHuIWjQY1GIliRsNtRiJNOXgkyAdJulyHto+PefotsRCLtINwQa/nk24yTrxq9DtxkwWJI
IJBgCsONgLo5isIfsCGjhL6lHwbjFKQM8FBJLbQNhpHkbTUZp0X1u+vAtBulRSKJMEwJ4JuD
Kf6ADVO+fdVlne33otsnYf+Otq/MB82JigqiJNUkikGTQ8lql+qUaQNgVdNxqKpfXgeqsqo1
xKjkBYahSiDfHFHhD+QTleqyzvZ3o0RFduM72j4CP3/7qss629+Lbp+873e0fQR+/vZVl4Lt
D8BiTAaLFAV6xLGhCnRdeSRK6BlgqFND92pgNzQijSepuBk1gl0LJfs5fqDUGRFzG7heVtxG
1nwh2nM9sgZ2kSYaX6CqZzXVWuEVgvzpj8lf64+l/wLnI7AGSrqOw88T+SPQ8TAdj58nM/Tu
sikAI9JV+HmytbmNddreVP1ssciu4+NnWCyL04cmEFLTWoz8KjYBnyLwBukNljBV8EZgfpqJ
SA+jDKj+xecRUigL6fjaHOd8AL5kdn0unHLfQd+fgDw+zWTttcCBLdax8RWs9d8k19N/25Cd
cMkej9v+fEy+u759NY+Lu1KdXbLhPx0o/hElncCzkkWQxenMCPjJuOi5cXWVJChwYB1JkAfF
6RTwz7C8P52+Es/x1+P7J098VnwMJ3LeRqJEbry+Hc0iOxLP5S+6DvqRDAFpYWdkXWzrNZDv
FE5+DUdxCqb2MkTssAJusCopx/dTmpBmiyAhzRZ3jZBKC5jZguI6nD1gV6otRFC1SJV3JToq
wOc0C4IGHm8MKjnRrXUBBueEZJhsg+J2tggKJ6CnOyWcZouIXoWF3iVlqgNiG1WmpTni/JTH
hvfPTz8gAznH9ogpGh30Vo4x/FVmg5M/6MKRTWS6WIdmE84U5PfY2aaFxuZotXpofzi+vLOM
1m6b4jOxOdqdbYqzRnvsqXM/sR6dbhv94fg6us1tCq/F5gCAqdA1dMFcCBcgqodrlPn2zmG2
nI3gbB0cPBaRNLJ17KdSHOK/k+zFLMsu8bMlaNQvFVhBZUnxMBmPmWzGh3IprgFUi76qJJl1
RHaESSJBQzoHBsaIC+8RrBke1gWaq2QaUFwQkp6CsfWt1Fx9ROoa+qs0WQGQwpoBwff+qQbH
PNaJwuPJcAKHss50RYDvn4LpLzo0QOlTzYCUB/pQLn6NKwVyvCB3K5OmSiXMl1OR4ZqNpgtB
yPUxTQohA0ijcfWmG3DF62g4Ln2Vp+zLCCFjIdUL8QsmM+KOTFkSpw3x7KNuCO3UBUMccSTY
7B1h9NveUntvlWhnjpNPi+PpPd2QsyVS1tW2RJUISpKvj5XjHy/x6hKm03RDaAu2XivcgLIC
LIMhnKZwrA6vS6gEw+tCNRjuLDICBFSAabjOri6LMOYehgF1pm6vBzcwwJ4BtHLh9cN6nL4G
ORWF+Ctq3zzgQ7UxHlBDxTFelxBqXJg2d+HuGRumEEBlFSshodQUOLVZGB/ImZDj12eAk9Hr
5SxlyKDHRTioGg/SFlglo054YwCF5BKimVZpT55vVhdgIrQqwVMbpeZAo1B6bI6IPTrnNV6c
iOXlIYQoKWuU/NChZ+OcNEsGncuqWImVWOyecHabwXtTIRUAVXWi1iAUdjnAtSbHRYHt4Cwi
BsB9eQWNd0MYiDxHRWGg4UaeTH2guxAJRPROAsDDRhnWujvgWx14myC6GOiIV7E5BjsH9kib
a2sjoCss+aNMmmFakmiUY1MiDf5GEqHVJNbNaHEFhSnSy/VdOgIF9bmNKGnNUqsklLSTe5KB
BztjouhSPi4SQuub47etUB2D3Ql6dve6PLTqmpbMXA+ZlioG6Ea/dFgnHDlsqsqg2rTMbL6I
4PZkZNpCCKZh2LQ+goNgdY2dAFidgnZciVXG7n0/ld+dknV8ZCRKnwrVVeVtsE5d/AI5Dhx3
nrAiLDpP61N0EgM/fMHYUja8ghbc4DqBmjtn6sY5c2+bZ0Vcxtzd2aXqL9iWQorbJUBknD7C
vCt0MXC6Kd/AaEoxusNhRYHD/LjiJfXwA4teqfzl4nckGcSZlCKMEI4Y0e2fqHEp7WJ2VLdv
AF4B93Lx4dp0y5EmfXlARxUn3VGAAh14paJvDmhMCIER4TnYKW4qjgWSJsLvNNo+wH+OOmp1
Va2s6mmHG0Ur0LkOoJreVYCQE23ES2F58okeh7AIKVJKPMYhQfSoWVTxWxWtpzEnjnQETBdR
0iHrsCCI4R4ukU2NbDh8QB8hYjd7++DJsfoOTU3rMxwvwdnEkLb1uWN97lqfe/RZzaHG22Ob
qlFMCodXzC/s0Gd79l2rfY8+27/YVD+hp3WmbFHgN0dT+Cc70hlkgWYlaVrRpiV2Xd1+2/Yd
iAG1Ji4pkNxuHuWFsrT3ujnh+EQelewz7U4Nr/oRSYM3NiPrre174SwcQJTQVbJUA6MP/Yv1
XVk/jPY5igJgdOcAsELyWsupp5Nh+jnPuYE4Tz+HO0BDstROecRw7ZVBx4QuoA1XgiaMKMEF
tRE4QOuulufN5GqLpcmaq9Uha0fZ7a51Fgnhz9NmckdUX5IjHzexo25P+Xs1qWtJMBg4CQc2
ZIdX2GPTYQ0uV+jkqZIrcZoMm8wvktfpKVa7M5ExhaaGrIQPctK7qAp+kcwWgdoU8fhu1aaA
KKBYm8qHlVKNOpZhdGSr5uSCgJWopfQNcoShaFhVasbEpBY8OdkhTtetMnCLU/vUvsIgxxgX
uw6zNcJDNlWHiCUucHDNsHFSLqUg5dgbjsddM3mdpYMhvICDkRc8f4UN7xaYyoK9i1a1kRAy
vgKQUmJdo09YSw760G6AblX8vBx++OEynYt4RhCHqjGOSIV9XCVX72XZYn2+hoUE9IQgwjtT
wqg8dIphKAfeR3DN/KlwGICOaoqBSMI0glqpNmJyriaEBpKTEqWx3FoZaz+25tX0VrXja7eg
7xVWT7MA9FRjTmYcsa6y5pylbwHvIWtFoL2qsQJjjAZaB+vfDiWSc2pyBZ+7hM4I4UkTWAxZ
gBTdZFOXGliMsVpkS9gGFFR2N01AfeGQMRpy8N2/JaUShqJCZQ4oAdAWnEN0oIkkxrhxMnA8
3xw6FvIh4BgJIhDPEYaxX9cGmgA1LKUmc+wMzn2I/IjvrMHzVzmJExPOjK+XzA47GiQiynbq
gyLMsJ2aYiliO/gusOB+sAWhXDJmpKBTgBnaKfcxq+nqujE7DdrYZymcLBcOVAgQgkJ1m80l
LEiVC5I4q5R1m2GVAQNSrD1iXsPKVQtfdz5r1bTagPUj1xuzHXHJ79Lwmc6C0mgaNXxgxWII
4t6GMuzTkE1MItQC5hh3T1eS/bBuvZ9NLnse4cT5O+TE8kprHlZasHhFCzHYaaXlH9gMvCd2
/QsqysuWeVC2zO+obIHVBmWLWO+dlS3zsGyZryBbJPdsXOFAWEq8dpRbDvMVZQuCYMPLPhd2
bTbhKUpqeLV6kjLO1GTv3GUvldtiPXVJbWmHBhRWTVY2IYOnZhWWVk/OfsewVO0+iXrDDISM
gG5QaFIWZkn3wQ4OFuKpUvLKPdtRJpOlVfEtRAQJXGF5qmApW1E8VgJn2RD/6tFVk1q9W5mv
c7jlAi639xUUPb4FSHKhuusmCrerVGkJd9fJNNWciDifpoNRMpZ11xxqshWuVcRDFCHo2U2F
7BtQhk5N6B27HgZ0m1qx0YdwD+KVcO6gkVQ85YyEzACusI/8rFZFX9bpuBDHxS5n6Y8Z3rDl
FTYhzuKIcfJdA/HWabUF67RATQoeVyWqQSPrxaYQjdkqwvao7efxLRKWHNWh0Ap/1X5vq6zT
IfjWLj+S43Qo5IjdbsFtSCVuVOrI8vj4AYVmHXcudbtkwFlAd/Za4lYmuIVCBlZic5S4t6m3
i7Vp8d226WYni/0DQt0++ljJtmAivebigQshFiInzbGttoPmgAT/bSH3XBSnq3su0tdUUFWe
PK7GNKlVdrcJ3oBzOsEghmSONU704wRGi1VTSe7pGS5wRK7RGN36jTTGMCnIPAKU69TjwXCb
gmAs4GYrbFuR4zhEior0V4Mdh1Z3DWiR81czwEKhPgkvHV0v6eLVD63KlAWwKVN0n5PmlZsI
ZVUlUOrJqy7uNZR5eVfz3s5z7M1Sdp7ju9++vhKKisetL8TjyNEaO9Jhy1hb9hZK13fIN64F
qa6oiltVhR5SCQeoDveGrpQFyaiAx7WSe/VUpPRUOaQUJqpfGwni4VF2SVPhGDu2kZ9ZlaZq
UBViwfx8k1xw+HwTttFeqi7YCQI7yKjRIhBb6vA4CPI1hQQ8awC3RLu1t0SHDQk7cc62Ij31
7WORDbbZLuBhg4jX24Mtg+w9wAs2C9d/V/NpjmQquJIBAO/GDEUsoCI29EFGBJof5xawJ1Dm
wJ6/e0Ze03jzqNILApWgg7+KT1zp/c4ORzNA+7UVz5Px6+Wk8TEEc0cD4VeZF3C6TTIeKf89
lBfvy9MfI/o2/+JQh31l9nQNhHKxLBAaEcqaaWpCp12ESClGBseRQjQxOEDBe+I77yJ7YTrJ
8/prQIjrAQGhiBb45JBAVxOEuEZXYLDuB/eu9dLqRPOIko0GKvTEAp1+YjrpCxCruPG2tOD6
RoAuom0+OSSYxjUKiTKbbHb0IrER8FzGTbQX2Q2qE7qt3xNpIAFp9SXPimvxa695T752U5H6
Cmvmr0EUgKUo80bWDOEfpJA1Fs3fMigWTRcRbWbRHdd/WgHS/N2AYtGYE4W3ULmvC6iHOpo9
GdyvCOmcyIc0gkyGnhtQskcDu2zorWBVYS+X9BSudAi8h4/WS61FGbxCgcKlrHoxrs22tZfF
4/up0MpmIki+qE22FW3Ptms5qnF0IQScXGVRYNgO3lWrpfeNIq/gtHGQjYfCNgpXncpmCQ78
d6ksgTnceQ9FgvAQyKyKtsrhmqeTy2yYDRhq1HO5DlcCSPDLhGEhzO+cMes4Fk7gSgXyALpq
1ZxnyIKwWQbHCXyq1xJYExXoa6cmQevrJ2/hRQ7ifiWGFtOCiIlDn9xSp/RgG/47OZF42yhR
naWLWQI3x4XFGrW+ouY4hT2V44M7bR3vk41C5pLC2N1zmsBY0wm6Pl0oGaAiUXFgExHVMCgF
qe1dX7rsz6DQyHW1Pvrtr/7qt7/6+Ucf/fa//c/f/uqPLVkjOyNEuVU8BvpVsiadPHx57s76
afLw91/UK31mjMB/82d//c0vfzKTRMplfkjonGx3uvsEUCKGm9EwuzmEd9vOsrHaEfUwib1o
xZEP4YvkKrtOXGCcj67PlxMLstQJQfsmnU3Uz5KnZEEbn1SU4Fo0HGTDtxeQ3uEerWhpiKaI
XxuX2vvNzk6bohsEwBJQ8ndUg0Oao6cO4W65pvhnlf95pB+na4h/1/6nOCzkSumdA6jYoXKb
YnK9y2JtQ5ftRhkV1DKQ9/549HpyDfay4jCroo7gScrvNvj45lGB1Pzi6uHhab1Sk8dqvvnj
X/7mpz/55hf/u/HNT//om1/8U6Pd+N3G937z53/9//7pJ99vfP0//vNvfvrnUnR6zpxQsZ9T
RMK+0LEtWCMkbG3q9cFsYn0HyQJ0iRzvy4liyTeA39YvMs+RCXKRfqi2DCyQ6eXynF3To2zw
Jh0GzI71N8/I5eMDV69ovdsfDUePt5LZw/N9sapiqDkn0Iy+gFcBZtlE6AWmaw9kGyoNuXOP
OmyVkRsKavU6ey1cZxUz5ShbLK8tFRo0TlQNpR3tXOnaYQ2SQ/EWu2zCwAEZQXyOiM+BRMwq
sSmJfsNwUTwB0G12dpX2LcdRfblCHShXglAGCRmJgR23BgE9uXj+7AWU0mRw7H6xSHmRsejQ
cHoUAdAGlD+9gRiPLavXyy8nV6Nh+qOrdPJyHuTT3cN264SiV6QS7pwejbuhe/JS/3iH5m6b
rErL2XE82dZOh7Yf69Hu9ch/ivXodFX5baxHt7NXUPLb6zQLVrrTllcAxne72+oUrBQARjZD
bKXN7e2dgqU2t/f2CtYKVdLbBWBttmC5UpZG19LekfHa+JabnV4XlwtSH6bBYuDNGlvrGVYf
L8ej68Or1FVl9lMKdelHKCJskV42xVfWNgjKFd9UYKIrYhf4k0kExwWUa/Db0sgX8Ml8MAI1
r+ECotxYUfZTH4DQcTC3BhJAtSogIlwbxEZrZtfC6D7T7yz1gZlM4Dp8fE1jA9SF/WJTFxz7
2532yZEEIYHDmIgb0PZy3UEDyFqyYAC5phzNbyuuQzOv0VmxnQIfIyAFzPAD4EleplyWnv2f
86FP7TIAYBYUWTFBfz4aKoLZ3s7FixJqnrMTtl7XsDZoG+fL/qdwuJyZaBbC5tQlZGxYwJI7
tU021hiAEf2+gWMMsdrc7ct1oE1WbKtXxLq9nBjiqU9EgnlwxcVW2pOI7iha2TAx5Hh8CaOI
r//+777+m180vv6Tv/36F/9cyMBcZLdJUMbt8/bRdrt9IKcmYxIi1wALYXEJCgEx3IG0MT15
vLW7Ug45Z9fiR6r8z4D0vV//xc+++oeff7+hP4jpZORLP9IfyrWZXoFPhYhwaa+112kqF4hA
nBPBVRaRZWDdkfKom0ebtdJ4VBbUyDsPiXk6wU8bVAiADezAj7Y8jq+nV8l8NGdkrRtQnHHe
Vv5wnLePdncO91VBzouZkK12FVpFQa5XfA55Bwh/+aKaHuNqK61pM8qFKlzDUTRqhECiYG/J
z7aiVINli8vOR8e9/RaVFpGFJ3dwF1SIKO/kpSHwtPHr//Kz//tf/zIcznergW1zwo6RcRIs
rv/c6XU7TQqd3dVYxebdULpTBCgsfbzVAl9daFP4crYcwwMV4Qfu1Jr38Raq3EvxUsJnOEzF
APIEIkjo5UJM/OwznRjEXAxskaAfcdHc8lVYnvHTWBM5a+5zy0AE382+EqDd657sEd1ZLEKh
BseFo2dc5MLsxdIqHCIG2t9jskrUf1GSKschijGCQNhZCle0AaRx366A+JbRfKn0fXPPrdHU
noGfhXKpIoeQEHAWPSB9r4rko2ywFP7782TKcK3aGqJRkmm84Cc3D9Dc7Z00yaImdppfaR9T
W2lI/cTWAIDL0XgM7Az/rVQTqNXukbg91Fe6+LBoUzE6dsl296C306HIBe3OyCOhJsETaHVt
VwDijgKgSrjAX1ysWCN+gM0H3qmU4wqIJD/bIj4s2mIBS27vbHeVvXRX1RAGQwFkeBWME+/e
a99WvBQoFFZA5+zlF1Jau7tllFaz1SWxWqMxb1QRlaUgMcwnyfQi+3hmBXkkd1syRWsdqx6e
nnEdAxs3v1TBrHfUTgFxv4DUr0hKT0KpJixxET0auksR2bscvLPTbbUOJRSIyt0y0PfItyQa
1pfeGVH2eIvOG6zrXR5k2ZvrZNL4ZDxsnIt3yAkOIeOItyEq7ddccwqELhUVYB658bKgA6J9
z+R5NppTcBh4/Y2SQAdYjySJySWzg1av2Sa38q4KU4CjIvaNBS2MpGyqXKJNZd0eikxtwpMK
RQmra2nNVU55dr3SsNzqMhLLkY0mmKk0NNr9cQ3txCZyqQodZt8MOWhGHGlFcnEK8h2S8I48
ZglH5gEhNdWVIEv4mzR84jGQ7STHN8psKjCnpDVF1KBsLOeh7CQlA86wPg7nVxm8OA3ojUsI
bMK3E5CocLdzfNTa3qXDPoQ3S9uS5nc8OuV9FpBfWR2a8NjGr//7P4aElL1UgrywEc+hVjk9
OlZCDrkDDB7dcuq1GOdI2kF0n474EnbefXYnFOvHGp/2C3dL1+qautwwm9j6xcIMIhMIpyYs
CEIV/7OKVfZA9fT/so7M6hcjUKZIySKj+fkPvT7e1+A8knJKs/P+QXdvj2iGiOo+ki+K6r3C
/xqNfyohqKNI3dMha0Tyy4orLmC/+sOff/Wz/wUy61/+9J/D1pitTAIR18KE3k6zddQ5dpwA
ZQm9VykloErlA1DMAsOoJaOv2kUYwDELUJXLZCxUBxxRQzt+vbTUYTIe9Wcj4S4YMW49JB9C
PcFftKQ51XE5epae2SR+OXt4cibooD7B/+b1mxTeKszJWjfgWkvL085J6+jwwKFVmF5mquDD
Ux1bQ28D9qFbC0lav2TrPSV6fdWf7ZIIqgai096HpvIaBbahaO9gqESzTaGyGrxWCj1Yjsfp
4pSZE+p5Rfrc7RztuyFRTYEOfaJUrkSf7+ySk41l8cN3J64oKQ0VRQ5blPRry2rqo/QyWY55
SZZ6jnTjOkMdThw5xqBxMco7H8nw0+V8cTZ6fbWAiCAwrrklHGiNDFDffyaDSSkPR8cY98FT
MdBL1FuqQbhbJ4kn0hcy2h8qlXJUkeKFjTsbjMnz3YNic8vFb7PXPFG12QRr54R9DrILtdOd
4v54JF1aPEAcxr6HL+QJG6vK94TX5vlILIsw6FAbPeNqxSH8DYTzweS5glvpwSLkl8/YbSGN
Q/UWVERSLj2XQ46wVSMZbh7pmL/3PKy6VCW+bi0kXjgoQFCP2lbNLuSLcOfxLnu7uH+QZOoX
NxSpde9P1BmB27N5+h4iuC3PyReAB5CpSYYaegya7kTHYQEZrw2CWSfi3NRYYrqU9HwGTph/
95emPMekqk6Xd0qoWvoe+cB8P5XfHd2Oj0ysUYnbd065zlF/XbGjyFmdbdo89RKd+RF5jwJL
+50BWapkUFReffeoy871a3fx9qTi5qmG5Bq/TMLIQ4qbeJRDMo8abf3sUdy9zMtuXiwng4Un
44697yVkngrWqdOD30FC5DcbGEKkfHqYEKnxnhAfb6mrvd8Ds/HWBGSHedKGLinfEKZLarzL
dNncbhU6K99qf+a7p7nhfO1YlCT51p56jrrFI0g7a1aolMMOh/JGdet7aRIicL9LuldRjU9N
IOJUU4igqhp6mmocJ1aVv1CritrC3zUrpWF5fUx1BB161bS5jWEREGxDb7tEmmkDuw+a9nL3
YcveghsCp1BW2PtqrnYVcU45HSwn6Q+Cu8Dnm0MgnBKDyQ0Ga0WOSBIHNyUbNrcrDFGYTZnQ
YtStpzwxjFHinmEcwh1+xrQitJDZnw4fb4kS7wsoJ2C6DWu/sQWBAwUCcEZFB8oaX/5yMpwl
wwf0VwbcclQghOhNIS/9psiOlIzUKVBEofaeBENsUtC58rWzG8G8uBUTpgKzFc3/AaC5zPVy
ihSRLHzlqMkRi+gk1URoEnsowrS6e9RJiVRxvOH1LJlenUBdjZw3RKtFdOonPU26OAhcAqXp
tYHKgwvxAlXBwbxEFZvi99ApTBRtmpKQPEwMIROQURRAUfETm3aVrM9PGeurdik5rL+L1HD4
9joVpK8pTyFoUfzPdYd4isQVVuuVzP/7LK4gl/ssrlDIFydMFcMj1MF2VKMyfWGeC6dxkpoq
c0Ii3iSFaikKAa+CZex5CknjnpoEIVAGf/FMiEi5feMDmlfEgpEEAo5dUStEvZhFDFSWET+q
QoUpWqoYaczKUixh42nB8MEP+bs1C6F1a9QlGD01WJmQTgHgSEf35SZKahGxwpkNCeIgTQrW
yqdHRn8IZssOo7jh3Sg3OUv5Wyzg2avfKSSzteSYJj9dVCKhtJxOZ+l8vg9Qhpc2wF2l8iVn
RqCVyPj06W0BsVdf6asFDKaC1l0fl8RsvFUvF85x15V94v9lOkSbK2izeP8UYqwwKHFvwShZ
8Hir/Z7XoSlajNPgPb0J99axw6QQi94gwKwodLDuLWZhMQt6C9LaPZndkxlY/zVZ4fjatOan
gxtGa7LllWhCNvYsbNksm2zTx34uzJScC5zKlYc5V7RQdDASRhat4Hb5UeRSR4A9B2il6+5L
mDStYj3SMnZMEPKVfJvvjDtjTN4Vip6UCUzxAONzqxPhEY9b/KjAQaG3Xce5Wcslougbp0mg
bmOlb6DaXlHnJv8ySSN+zND87X6657B6ygq/FRy2IX7SaUdxc8kBlgvwyLpoa8jGyq9WCyhK
XRAAH8z53SbGUkBa6eb3MsWI9opJzAj54l+vTXdtl7oSJmQ/rKwwjPgOBlk4iUr1U5O5p+S6
DrrGhbF1kcf6QvI+knIfSRFXtynPVtChpkFGlOpB7K8eWYp6jUFhkbR5mP/JGrI+F9wb4/eX
2MwX2TXeYgg19kImaOMBsgyHh08vLhhNi/QDtpRIQlQLabvJhrtsKvCEa0GtRYGa7deqVQNX
weddA2878NVDJAYUMlBqXXruZuziTqsBjnsC3Lq+lY4ckDliBlTwOYGe5F2dmsSxQEdcJcto
HFsa2ITGmx9sElPZYIvTORpKEB4ThU+isM8s3ewVIEPdFv2xvAYHPjzFux9u6Ep4eaPy8PNE
in1oP8hmw3SGr1FbZFOYGg+Dz+FkOm3zC3iFC7I0xLXhvnmMRdEl1fa9DiKgtfpoiFiABFl9
/Excc7H68NEEXveUPll3gn+36gSAOg8V/fFhOh4/T2YiLCwRE8EhAR5am/AGPliBh2MN2sh4
BbrIBHJpejHyq6Au+IQsIBaIH/RPD8AMKlNEqA6HC4OI8Q41NqSpErRSylUFql+RUxSymJCh
sCFzB6orM5A7oABwjVKSsuBZDObLPne5F4NX+DwkUeIQie07jsWyl9/ookx4p4E4eZPyQwWm
S2OYNqhTaP22MIy/BSYQOLjLWp7nDmuK+gLDqXOvJo0NV4SWe0WILkm+tUvqWKWWc2OQxXIU
KHZqZwLB4w3cUXf875kggkdFpBpjLn3N0rfbJDV0Fryqurmz3RJ6Ryeomh39EupIzXDIfHGE
LqU0mKEmJS/gA+RWQfDIEbPaWDvJ4J3fN+kQ6o7SGZiabxi+eY8Q+qtLWm2dOVdjwQvx6M0e
N4+WAETb+iq1zbJiWihZ+3+2b9HoRQ3WJ/z72MB9bCAeG/hsNIeXzXN74ezLv1NNyHvwSnN4
6wV+5Jfaqjef5798x7qOLe5LBWPXll5yTUEjxFY9EKKlEpYXMI6UT0PSx7aT7DIF+7kQbkqg
4EyCwSVH35tWdCsiwtaEHlS6zy17Vy9QN/n1wpp2lWEPvVKtIMSjb2C8hkt+E6FXDZ0FDCjZ
S9KI/Bdfs2sr03bAnFLPVkzMDICUynh4hu6EUzVJrlOHIlHdBJVMXL0yspbj4yaYz+7vBMAG
h6vKipwqnOPJQ3gjwzDF0NQwnV/Dm8ahvprLVdHxy79fpMILw87wYd4Q3b/8WxwQkjWu/xyT
Nlwuq9c7enJ5OQFpnv4Iir5fztMh/mAlcaRzwE6KWDGVbn0PHUIrZJrrBOaeeAhJLHUPQcSY
z2MoX6MC++vLY23RRULLMY3Xe/XjBpzD/fGCFKwvzUxLiINsrRyXUwTd7zzh5pIfuHX5VFbx
AJgx3qRLCicXk4kwyVUcb6WKSG23Scz+KO0z2022NL4Hbd8Parh7osi3wcTrIQFP0iTbh4pF
MtMowUiBL+qF37xOyInrEZuxt4z+Ns9IkJkH4qQzfcMfd+JXru9gkR9s0sxeIRFV1gY7TKYL
8LLQ+vflFrWta4fRNCFL7Hhv50C9vt63xMy27Wva+1KEkkYIRYBW4tkc++lQvFFxlvL8nW4I
SfW8g/f2rkmecS9D371larpEeg1/K+RrFMrGi1naXw6u0kXj+bnrODw/bzwfTQZXGcbp9iHb
BYeX7d4OzMP3tpo0quc8GDR+mjz8/RdiA8XRubJhKwVlOFvM8WMumsDmGrDkVHRVQdnGkZMj
TDaKgP1nL2V95/E5U3J2Ww3A18a7Y9o30X0F+Opmjhfn7RHSX//WIaSsPBf+WIqhXIYP2WRJ
c+/WlSsc2siGQ+zzgL6D+Ju9lU+eHDst0FPmX1VXeCAPclgP2v6Qjv+g6z/o2Q+cX3BmZzM3
nb5iIy32ZAfnlmLUK7goF1WQUJQTuOb6Xq+3u3dALbLCotDAXCNR7MhIbXOKkmudUGUkgAXZ
pjnElbblGXDbyVCJO+U7B939HvqE2liXGky/plDYGmAL8bcXduAok1QPqBWBR3FbmHEXhZRg
C1V753d7u8VfoCCrlBrtxu824F1pX/3Rf3rU2P6g1W38y9/8xyBZCIRDvQvdkytidznHuzrH
O8dtusycVHtOkkPLrNH4s7FyO0jHO1JOwUUP+M77gb4UfyYu9wei6QobRZn38ugbxPyg8ijn
rLYxl2o7+nTTAOuv8fzCNaSMsU/W/4Xdz3cA+mTEOgaVJEEjN+L34G/aM9ifQDRPE7/vG2Br
g5qBmb7367/42Vf/8HPyZl3BuLvbg5eHO4IxUKpmrFAplvBfCxBhF8kXoG+yh39wRlKkIAXs
CNAcB+AoGwDf9VNehWRaiiSpHZfWo9DpwpEuvA477W0VHyUhYkgYC7Jog9RInlMfpgKZWbDr
soaEu0of/bp1XXWqJyLygEo7LQi3bUBYm7TTF61yZJETV1dqZv6D/y8AAAAA//8DAFBLAwQU
AAYACAAAACEAIfGWqcATAAA80AAAEgAAAHdvcmQvbnVtYmVyaW5nLnhtbOxdy47kthXdB8g/
NAooIFlMd+lZ0sBtQ/VyJhgbRjxGFkEW6mpNd2HqBVV1t8er2B+Qj8gmm8S7IJv80/xCLkk9
KJHiQ49u2ZAXrmlRD97Dy8vDey/Jz774fre9eIzi0+awvx4Zl5PRRbRfH243+7vr0XfvVq+8
0cXpHO5vw+1hH12PPkan0Ref//Y3nz293j/sbqIYbryAd+xPr5+O6+vR/fl8fH11dVrfR7vw
dLnbrOPD6fD+fLk+7K4O799v1tHV0yG+vTInxgT/6xgf1tHpBO+Zh/vH8DRKXrdj33Y4Rnv4
1vtDvAvPp8tDfHe1C+MPD8dX8PZjeN7cbLab80d498RNX3O4Hj3E+9dJhV5lFUKPvCYVSn7S
J2JGCs53yZOLw/phF+3P+ItXcbSFOhz2p/vNMRej7ttAxPu0So8iIR532/S+p6NhM9/LRFZp
g0UcPkFT5C9kXscB45Y8tNsSHFD75q1afqMxEQmTtAh6RVYHlSoUv5nWZBdu9tlr6kFDgwtd
ool+fxkfHo5ZdY6bZm97s/+QvQv1TI2aTVzc82jRTlovYLrut/fhMRpd7Nav39ztD3F4s4Ua
PRn2BdLI0edgLcKb0zkO1+evH3YXhb/e3F6PJviW/WlzC2WP4RaukP+M0RV6ePewPW/eRo/R
9t3HY5Teg2zGNsKXyW3n3XGbFiYvmJCS7SMq2MBP+jEwavE5vTn5DFi01S67ePOw3UZn8vzx
2/PHbfbhD3cfSGHyHLz2XfR99uCnn/6bffWP6/Qb2+h9+rJvYiTUGSBJftN7oAIj+PfxAM3h
2jZ6y1V+42aP4EHvIaXwx324vwMUrkeWiyWFu4/k7XHyszrszye4MzytN6Bx337c3RzAXsCj
AeBduLDZw4tvo/choJ18Gr8FXgoS4qpQrShtVKOqUU2Czos06vbwFMVvo/M5ikktmJYNb9ZJ
BUvNOjZ+Tx6B6/WbNW+otP3pZkWlgmat2RJmVUtYL9gSt9F6swu3Fa0QQVfg965fbjNYVc2A
O/oLWTl5h0BN8WvrEWRM4gw4Tm97RBy9325OyRBSMk1/GRt//YXaJqeqU7iilsBjxxYRAnIX
PfL7i8Bb2p6XAQIGVW/kF5um+yhE06Mq65R9tv4YYVu4v1UM/aiUHiPyu/HQn44ReNDORCeD
sZz0KIleZQ0ux3lJfemdKW76CulRKS19frdAejIAtiR9MmiWuuDYAOkvx3lhfQCmZsrleBQB
ldIA5HcLACBDT0sAJMNVBQCX47y8Pgaei99SoQSolMYgv1uAAbH5LWGQjBPVGFyO81vqw2BM
JtiOVeCAi2kgqPsFSBCbq4mEUNTLcWKu4a4G0hqOyPAZqLggbX6/QFoXjzAtS3s5nrZg6A3T
F9k6XFwQOL9fIPC0I4Evx/mY2qCRbVtk3gxUXJA5v18gs9edzJdjv42mdjyRRTNQcUHs/P6C
2GAJdCbhRPk5RDdpyheZhAtIxq+U5ZIuWWgGa26b1iwhTPxmELHcYGXZC2MZZKoJytMay/1D
vynu0+uyd+se+66i8HQOTpsQYQL9pOC8ap0OJxjljJd2AWI2mDVNfWOZs1seFZRw4SqYBC6+
Ikot0OYEpZwWMyj1gDOzQCXe0nebXXS6+Dp6uvjTYRdCKCFzm3JK1uC0LV/G3usb8v85csMS
5zbRjE35b+aOdXgsP3QCn9l2zrl+jjcfMg914va+BZ87e3V/+CY+HN6Xvn7ah8d3hy9jygdP
qvkY7jen+9Ld68P2EGfXsLOd3H06hmuYHWdF5OpT6e8PUbwvXQKn9wZFz0qXTz8wqDykt+wh
JJnUMYrPwXZzlz19E56i7SYtjlDMAUOfPiI2Dy1MlxLFz+dCPMXvwVyJ1X1iS5WNRAvTqgSr
fMJUgVU/5lSNEas1/SrGKRLE8klXNWL9mJo1Bq3WLI4LWj5xE4LWjxleY9xqTQa5uOWTPxlu
/ZgoNoau1pySC10+gVSArh/zzRroaU5NCbyFOZHtrBxrlqDFnxPdf7wBivIVSgio8P/bXuC6
Uy+3jTD2pzMj+Of5uIXMook38+aOw7MqyYPVyQAlT9grQkHEni86yGuXPLjobzJjwTN9Fvlq
NprOeN5BuhVkXOw2kHyxDJNZEAibBPnLtBRKeGwVPSBLAijOEAxEiRNE7YkPPNDCVyAnClKh
HqFKqoEHOtuiBPCnH3/WhdgrOZFUIf4zUFcU3IH0rQy84jU9fLC/soCP0wU+/9HFxzBLiQYv
BRBRF9IliQIRlWpZgf6lDZDrFd2QLwUQ9goWNKgfPcyEUAPuJGkG0ksBRDoUrUH96GKmU9PM
F+0NydIqXtOzQTheWtCgfnQx0++JkZ5ik0xrUD+6mFXOBnupLgY54KVRvh9dzJq+mJHW5Lo+
m+VirxbGIhBm4Mm57tSdBCtzPs+GN2gohut6i8C2UTopStlsFgf9nWL2XSO625SDGn5NjsXk
wpWI6NhUygClhZcQUVAj+AZqF/jJ2o5hjcasiUTEd42d0GWBrMtMc/IgRby5uz+T68mEhJZI
Rh35IrE8b1VTpELwsCyPzZOHybwuiCMhenxxGFbWnc452jono2Z8kRge1ZnSubxGEiudjEzx
RWKZTydKN+XJI1Q6GfXhi8PwlO6UztNWOhlZ4YvEMIvOlM7nNZJY6WT0IhUJfnVSMgzOapdg
Zjs2TKiwkeY7vkTJAEvDsi0nyINN2VBCvtVs0IdgNmeUECp4mbnmqx4qXFzaY34NLrM5vb3b
codBlLvZNxFrBd/FIiqG2unhUZJtyvoqNRuyVqRVKqViXPU5Ba3FvlUEVQyK0rIak9K8CV8Q
uqA1m7VWiFNRWsWA5vMKzAskEItSjCMU2Ku6wIrByILMskTKxn23VmhRS2bFQOLzil0rLKgr
tmIQsCC5V/LIGuhCs16tS204az5nASzH92ekM/CpjdzPMVv6E8eZi2N682kwWXgQ+GO4QTK4
F7uiIOKkHdIznCl2qmqvx+VE5tKYHptNBqyuOqCnaaGfJXJ30CVVpunXw3F+eIg3UYxy9ZBf
IYGpfFXPcc64YSZduD1/+qcuSNbEqAdSMYrQPLLAOnWIVrUbvFNbTU9bQmtq1QOoyer4oguP
cRB1ERjX7l627dQDptyRiO6Ur+p1L8bh1JPu5Rg1bXnb3Yt1X/WjezleTSPdXvdiXGG96F6u
W9MwlztSG92Lca31pHtNrZrGuXn30mWznH0zZiswoUaSqVybzVoLb+GRRd7FYQOnVJBYvQPJ
VP7KVPUb0Gy2mIP4FnYNmOG9bHIfF52G+Olv/1ZhIOkCFPgFgkWS6antaoyJcL8aXIyIWZYu
IpubtLBhTRFbYjxxmH8GMwXTDJY1Q1A01qUIlGKumgxMmDKhNgGFTe+k+Y2BiuuA2bwLFSGl
GPLMXdorb9IJpErpbSlQVfrpiiFFxX2AlOLUi4U/d50pAbldTv2jUkKcBFLQQpGW4uI+QEpx
ccsKlsZk2YmW/tyCFTWTIFBFx8fFfYCU4u5Lc+m58ykBuWUtbaPjm7kXLNVn2pbi4j5ASrF9
w1zNfcMnDK5lSNvo+JZ4eMLFfYCUmiUsg0lg+7NOtLSNjg8BUpEtxcV9gJSaVaxc35ybVtAF
iWqj44MpFUGKi18GUt15CGfjuLnlTa1Fw3mI4S4mgemLsweHlTKcdd1Ib/S8XdTsYzKslFHI
eezEXfGjkmGh+YEs3ZGNoiYT17bnWtTEIFGgLryBahODAkCSBMpnA4ii+b3qYbJ0zGcDiCLt
CUDkSssMU7uLyZI7nw0gioL3qovJ0kWfDSCKUPeqi8mST58NIIoe96qLyVJZOwRIl+wShze9
LNycBI4xh33kce5mbaf7AjJRbOKkLnoxKad7ptVMCkmy3atyComiI5geSdHyrsKERHFdeNtM
Y6CqoLOCzcMor3evOvlAVa9Hwqx0Y6CqYoAGqirRoIGqygAaFnWLu9hAVSUa9AuiquzZBaZj
LKZ+kOzKyqeq+GrF3kWETxirLJQIfDBdz61GSQsLDErJCTUWctkm9hHkaRvwN5VSDkQJvoFq
Bj9ZXVX3/JHUFfbTz3DIVycLR3jHxVPUrLrob2l1a620YqHF2/9r13g6wavVsxqjv6U1rrVq
qqrGY/1F014pjRT9La20aiaTXCvGFizwgnVP2mD7PubuGdjob2m9a61lEoAN9R5zl0ALNduA
JZ6F2SG+IK08ZzEEdyarATpUfqy/5NkwSwd34AvS+tdaYyQFH+o/9rS1x7AN7N/J1AdfkIpQ
a72Qoghj7rJmsSI5TtHiGOgCRwpdxw1RtYLjJjCN6QJywuDtVcdbydf++P4K1jfPkrcAMNk4
QzlubNeZ+14wZ9f+aKv7sMcJbi4AWnHQHfY4IRSNjdB1st2E/nAt83vwWRwTT+tuu4lhjxM4
eVPmW+C3Ehuz6kTp9Ad8WdCKLw4TYepO6YY9TkDpZLPttJXgV2uPE/bAE2uy8qfTYNGMDKxs
P3AcI1/JwCMDU9OwF5YbKJIBUTq/2tqINqI4OoujYPte+vyF8OGMlwJCIwnCFkNYR4zPENaR
HJrD8pshA6ng92IYUxerEmsEloewjsTnLKNeHaZHFD2nLJvrRxeTkblnA4jhhz3pYkNYR9LF
ZESzQw3S5a7swRSWM1sZppmcHMMP68gdWQs4csI25nhRQrHbU46sJKOkVgiluO6XrPn9mvBt
xp+otMFjumCqYk3l1BIdTotKgZ1n3lLY4ZB2M7IN3kJGvVqMTL7Pr5JvWIIO7LFGvKrpffQs
obQBW2l/RNBYaLByWI1HUNUEFnr3uXsAMy7kVIgKVTANOFCiWlxcTCuDksA8wtmCwGoONJnA
nrB9TVSsLTCPQLYgsFqgTCKw7go1pRbmpaS3ILBaeE0isA3rGAUqjYu1W5hH8FoQWM09JxHY
gbFHIDAu1haYR9haEFgteicTGLbPFwmMirUF5qWAtyCwWqBPIrBrC40WLlYQWJdQsacfWMHE
h31gZgj9+pHBleV51twUr19cLl3b9JJNl5tuhPzpf38nVRZHxyTNkJ/jkd5IUwPtNPD6vMle
wl4I9kI1M0PkKFVbOJbKC7+gZ8wmMiiSWE0iJHFGllB2tBKP4mHWbOqtUKdS6+EiANX2AZQA
iFPAqxHsY4a4D4eTBLPVHFnas/5SNCG1bYXp4eipAFNJUjmfy1NMz16YsP07rMKuB4B0MqMW
XJUoFnYhVoMg8zDyQaDYnzU17aUBO9g3AEFwzgmXELK7/8tAQEd6CUCQnPjFB4FihKtZMJlZ
JMmo7a7QCkPEbkABAJLkbz4AFEOEQwzmnjULmmjB2+h8juJslKZ3OhurhXwlWoBdfdUgyDyB
fBAo1riCDXWcmUX0Qt8gYnsg6ApcIqndFbA7TwCC5GSuFAT41QkrQ/dDAy2dY2YHizmco5Uc
TlzXNQdTvcBcOWImqemaowf7omcuePsdcc4tv+Xq6aef/pFdF+RgSfQUuyCqm0jmoZDTqQuS
TFvaRzi5Wt4doxSyhr1Z0CEEUD04kuyHlAsaeINvUArNMHZj9qW0k64E74YOkkq8lTYHRcf5
lm8sN4EYV4rVJorexe4ArbDchp6ZSqTbXkjL81/W4ze0LSm58j+p7Y8tUd6Gvp9KSHWyWsT6
STHmRD8JvPojpADMNuyA08yrVAlluXtzNwlubgcoUt53O9DQnVWJdNt2gKL4GYfoqR2A855E
UxxcDFXPgnolL38lpO3ZAWq60G87MPWFs0VcXAfKZ7ID1Iyk73bAc8V+Q1RcB+nmdkB3fsOe
n+Pa07ltucnJN3XnN8MamusRk//aXWr5cE4wwG2Womd51AOfAQldg5PjwFLmVU1nUAuOYToq
M6yhSRaiM/ywsyNbFZ22dCvJEjn5Ssfys06UTs0FWxCnqUOVjNzdGTo1hyotUmP3aCLSrKZZ
aMk9WhCpI2cne/yI67pLx57h5br1w+aTuWV782nifQMjDNwo3WQC/kmOHxm2/R22/QXfbLw6
7M8n0IruY+kdzjKGbX+31yOB2+uTWvYGbfRkfKjSE9B8UlXMnX4Wv+Cw6CaUadCw7W/bXWxY
dCNbU4K8j7RjpzTFfDYb9Dy+Mv1R7Jez6MZkz7hwfTjiYrpM9m+p6/maL03TWy7FC8aTOUWt
RTelcNzYUFpZQw+lkoRP/px18Gbh7FHu7j6yOR53xQubAkO30eDNgvGfoVrdORbUkhbpFmqc
gtixY2HwZsn4DN/QMfG+7pRu8GZ1tyNMcpAtnbo3db3Atf2G3qyVO5/7EzjZDeeSVXmzJks4
TRcOKVTLFBPFDobt4VKgBamJtGGWLNvg93omG62zKMNABmSuHH4LDWSArF+qxUAHMjCQgSTm
wvgOOrN0ipn/tO2WORBS0wC/pTx+OCgHPDPw/ze3KPUCjbvUHW9uoRBP4NL9ueFOdE/hMRIA
4z4GJJCktvOeI74E7nPYDwC15T1G2AH3MViTU/05skE097k0n533ObJfLvexdI913mNkZz3u
Y2nmHu8xsqkJ9zFLIBtZust9LN3Ng/e1ZLkt9zlsMCuawBBoCtn0r+pBga5kaXjcmgqUxRC1
A5xHVanUIEa1usBbKx8U9QZYHFH5HOAt+KBAZQzhFwVKky3V4IIqUBtThE2ywIerNzCDqJYR
3loJjshUmAK9MUQdI3FYcmsqMhbJPIj7HFRGIKFAbcjZaBVdwxToDUhR/uKb26/CdXCeb6Nw
/3BMzTT9hZso3uzvPv+/AAAAAP//AwBQSwMEFAAGAAgAAAAhAOjWsImFAQAAcgQAABMACAFk
b2NQcm9wcy9jdXN0b20ueG1sIKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAtJRLbtswFEXnBbIHguMopOTYjg3JQSI7s9ZB4GRaMNSzRIQfgaTsCkWB
7qE7zEpCx/lIg05aaMbPwz2HDyTTyx9Koh1YJ4zOcHxGMQLNTSF0meH7zU10gZHzTBdMGg0Z
bsHhy8XJl/TWmhqsF+BQiNAuw5X39ZwQxytQzJ2FbR12tsYq5sPUlsRst4LD0vBGgfYkoXRC
eOO8UVH9EYePefOd/9fIwvCDnXvYtHXQXaRv4S3aKi+KDP9cjvPlckzHUbKa5VFM4+toNppN
I3pBaXKd5Dezq9UvjOpDcYKRZiocPXjrRoW4nZ/Leu+8XeTrrygeoefff1COzpPJ62iVks+K
lLzD/1Nj1NEomIeex5p78wgWJTQeDUI/79CNlUyXPf5Kl1K4ChktW7S2ohSayTl6Wx7EaNwx
epQN1EI/9ZziKRmoGZMOugDne9hBDjvtEFnjK2N7zLwK/UYbkMCNOh3EIHwDx1fw/Rvs72An
YJ+3XPav4d/I5PAcj5/F4gUAAP//AwBQSwMEFAAGAAgAAAAhAHQ/OXrCAAAAKAEAAB4ACAFj
dXN0b21YbWwvX3JlbHMvaXRlbTEueG1sLnJlbHMgogQBKKAAAQAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEz8GKAjEMBuC74DuU3J3OeBCR6XhZFryJuOC1dDIz
xWlTmij69hZPKyzsMQn5/qTdP8Ks7pjZUzTQVDUojI56H0cDP+fv1RYUi429nSmigScy7Lvl
oj3hbKUs8eQTq6JENjCJpJ3W7CYMlitKGMtkoByslDKPOll3tSPqdV1vdP5tQPdhqkNvIB/6
BtT5mUry/zYNg3f4Re4WMMofEdrdWChcwnzMlLjINo8oBrxgeLeaqtwLumv1x3/dCwAA//8D
AFBLAwQUAAYACAAAACEAkak7beIAAABVAQAAGAAoAGN1c3RvbVhtbC9pdGVtUHJvcHMxLnht
bCCiJAAooCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACckE1rwzAMhu+D/gej
u+ukrbusxClZPqDXscKuruMkhtgOtjM2xv77HHbqjjuJR0J6XpSfP/SE3qXzyhoG6TYBJI2w
nTIDg+trizNAPnDT8ckaycBYOBebh7zzp44H7oN18hKkRrGhYr3UDL6qsnpu62qPM5o2+JDW
FD8daYmbx5bSrGzKdn/4BhTVJp7xDMYQ5hMhXoxSc7+1szRx2FuneYjoBmL7XglZW7FoaQLZ
JcmRiCXq9ZueoFjz/G6/yN7f4xptceq/lpu6TcoOjs/jJ5AiJ39UK9+9ovgBAAD//wMAUEsD
BBQABgAIAAAAIQAocU6NzAQAACoXAAASAAAAd29yZC9mb250VGFibGUueG1s1FhNj+NEEL0j
8R8s33diO5nEiTYTJZnNisMsEgni3HE6SWvd7shtTzY3JG6sBAdAID5OnEEIrsv8GtgLoPwF
qtp2PtubODvZhW5Nkim7y93Pr15V98PWM+4btzSUTARN076wTIMGnhixYNI0Pxz0HrimISMS
jIgvAto0F1Sarat333k4b4xFEEkDxgeywb2mOY2iWaNUkt6UciIvxIwGcHEsQk4i+DeclDgJ
n8azB57gMxKxIfNZtCg5llU1UzfhMV7EeMw8ei28mNMgUuNLIfXBowjklM1k5m1+jLe5CEez
UHhUSlgz9xN/nLBg5cau7DnizAuFFOPoAhZTSmZUQlcw3LbUL+6bBvca700CEZKhD9jN7Yp5
lQJnzBsB4WDsL/hQ+Mo+I4GQ1IZLt8RvmtYldNtChzWrCt+XVs0soQNvSkJJo9WNTmIeE878
RWYNBSdBcmHGIm+a2W9JyHA+ySXJJnAhlkMLHpg2M7HYwIdti7N3T3nb4ik/7sYosICflWeY
filhzh4QA8apNJ7QufGBmjnesIuIAyhUrTIgUYE/B35V9IhY94PII5i40+711oh0wVJzK3Zq
WSNSTy1aRNT67cTP8Yj0Ge/HgaIG8aMnQJfsHf758/M/fv8ifbk7rEG+VOGBZfhOuxYjt6rD
iMSRSP0WIk15DZHjuj1c8C5ENoS5oloeRBUYpIA9HqKPIGZRq2ROAOE8tpoWCksbQKdCkS38
DcdPV8QhoyFGkBYMB1SkbNUhalBJHIigIrHDxYiGOjkZs2d0lKC6qSW5kZMR5ayRs6KF4Wix
wPUnygqamvQCxPi/KetN37hhgTcVOilZvvhp+eI34+U3n738/oc08vcUBVW3DoxB5ri5qutq
VfcU5ljOpuZW291a77rX2RMU54CgQGlRV9p9vKDcEH8SB8ZjEU2Zp+WOY3UAhTJggQ0/9XHk
2gma21lZzpmUKczHCWxdPaa9kYOs+nWt1j0BD0zMBQV2JysbHeGPdDTauS+fSEifGgD4JtI3
Ilduu7WUJpuFSJKJ1iKUiXZebgJPRdN3G+osfWGHFKqqcEIxxq6nEORQVe+9LoXerhi3lnff
Lu++brWWP/66vPtUx561Qqn17pZ9+B53WgLMTiGsF6B1Hg9ENAhjOljMaPKc4yIwfXRW8yGN
XOAwtD1Fyix5NFKigaOOV6QBmUI9nCtFyKOkIEZ5PjOPYD/gPNqUZiyHq9blnjQ7h8phqEyL
xlOHwD50oqPPX798+c8nX+VpTlmVw6B8WddzRyvXR3InpwjSEKeeTKYwcdSeqhhxrkUUcy1c
nz//+7uP8+BCacJ2Clybuf6VwfafBOxx7DPendJXxBom49cFZms3ngNEB98A7DxTnoDkVHOS
fvmQ5ABzihZBHSGewuGB8b4/MvrRAs4K9JvxS6AKbsSTbF5MfU4sop37yuZFMekSnw1DloNE
T9UzKpOr0vDMOqzYsanDuHVud1eWdV2TJa28hAR0Lo4EByDyMhLyIclHeFBzbk5gZbO9WUAk
rIoGiUNxcgISg5AOYzjujIybfg4xUE0Rhqyflxi4duuthchgbnRpYNwMFBY7tdl91bJqiXAG
t1bG1JK93zX3M0s+92F7cCCnpqeV8upfAAAA//8DAFBLAwQUAAYACAAAACEAyx9hBhYCAADA
AwAAEQAIAWRvY1Byb3BzL2NvcmUueG1sIKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAnJNNbtswEIX3BXqHgdaRSUqWYwi2AsSuiwINEjQO+rMJaHJs
E5FIlaT/dr1Db9iTlJJt1Q266k7UPH56M280utlXJWzROmX0OGI9GgFqYaTSq3H0NJ/Fwwic
51ry0mgcRwd00U3x9s1I1LkwFh+sqdF6hQ4CSbtc1ONo7X2dE+LEGivuekGhQ3FpbMV9ONoV
qbl44SskCaUDUqHnkntOGmBcd8TohJSiQ9YbW7YAKQiWWKH2jrAeI3+0Hm3l/nmhrVwoK+UP
dejpZPeSLcWx2Kn3TnXC3W7X26WtjeCfkS93Hx/bVmOlm1kJjIqRFLlXvsSimZBxvAS+MBsP
C9S4VN6BWcKtWsE0NA5Kw9deODVTiC1+925EOkCDEha5N7aYrJXmMA+tC1NdtaJzqUnkBQ87
Y6Ur2DVh6YhcvmowEp2wqvYh7GJyfwcshV8/fsIE+smgfXoHMDM2h+c9pVQ+T43YNDOGYAxz
uBfeLNBCQll6UjzyLUpYHODD/CljIc0huwbugfXzLMv7KRgNSUoYDVE3jl6ZaEyX3Pm7sHFL
hfL2UHzCFddX8J4vrMKyxLaLV5rmmsWtara2SFpFdzwjH6zSHmURIhrGNIuT4ZxmeTbMKf3W
Mc+iMJx2O46DDh2FvPPjdpwrn9PJdD6LAo+lMaNxks5ZkmeDI++satMIX+2A1amz/yaeAUVr
+u9/rvgNAAD//wMAUEsDBBQABgAIAAAAIQCpyFyqjAAAANoAAAATACgAY3VzdG9tWG1sL2l0
ZW0xLnhtbCCiJAAooCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACySbIKzi8t
Sk4tVghOzUlNLklNCS6pzEm1VYpxDHDUiwj2UVIAC/gl5gIFgWJKChW5OXnFVkm2ShklJQVW
+vrFyRmpuYnFevkFqXlAubT8otzEEiC3KF0/Py0tMznVJT+5NDc1r0TfyMDATD8pMyknMz+9
KLEgoxJqGFWMsrPRh3vGjpcLAAAA//8DAFBLAwQUAAYACAAAACEA2nBqE6IBAACDAwAAFAAA
AHdvcmQvd2ViU2V0dGluZ3MueG1slFNNbxshEL1X6n9Ycbdh3TiJV15bsqJUldw2apNeI5Zl
bRRgEGBvnV/fMeuvJD3YJ+bzMW8ejKd/jc7W0gcFtiR5n5FMWgG1souSPD3e925JFiK3Nddg
ZUk2MpDp5POncVu0svotY8TKkCGKDYURJVnG6ApKg1hKw0MfnLSYbMAbHtH1C2q4f1m5ngDj
eFSV0ipu6ICxa7KD8eegQNMoIe9ArIy0MfVTLzUigg1L5cIerT0HrQVfOw9ChoB8jO7wDFf2
AJNffQAySngI0MQ+kqHdRHQLhe05S5bRJDOi+Law4HmlcYNtfkUmuL5arcPuzNpC1SUZ5IMv
7IaNRiwVVFBv7tQak2uuURtCt+W4vbls4iE6ZIf4L7VY/jfxCG5ff6yeQYxg3sVxqFntt/fE
Y49F5QkWhteS4PtAw3GBTJItQAMKxlcRukH0yXSXdVZvJrqs159yv6SVJiUS6c6cjLszibP/
C/s1vYRn8Ty8ZnkvH93edITBRWXUq7wHP/PQBumTUPgYNz/tn+/z5HGtoX348RUdhD/5OpN/
AAAA//8DAFBLAwQUAAYACAAAACEAPEBtA8YHAABhPQAAGgAAAHdvcmQvc3R5bGVzV2l0aEVm
ZmVjdHMueG1stJtRc5s4EMffb+a+A8N74thJ42umbidN2mtm2l5aJ3PPMshBE0Ac4Djpp7+V
BDIBA7uGPjXGaH+72tV/lVR69+E5Cp0nnmZCxgt3enziOjz2pC/ih4V7f/f56C/XyXIW+yyU
MV+4LzxzP7z/849324ssfwl55oCBOLvYJt7CDfI8uZhMMi/gEcuOI+GlMpPr/NiT0USu18Lj
k61M/cnsZHqif0pS6fEsA9oVi59Y5hbmoqY1mfAYWGuZRizPjmX6MIlY+rhJjsB6wnKxEqHI
X8D2yXlpRi7cTRpfFA4dWYfUkAvjUPFPOSJtRLGHa0ZeS28T8TjXxEnKQ/BBxlkgkl0Yh1qD
EIPSpaeuIJ6isHxvm0zPGjwbMiYH1ynbQip2Bhvm9kyGbwZFoZkHld9dVusWpyddwRQZUSas
DxgXXjNLTyImYmvmsKmpTi6shyH1/XcqN4l1JxHDrN3Ej9aWWpYEz07O9cqrhpaRDDSW7jJg
CXedyLu4eYhlylYheLSdnjmqIt33IBW+9K75mm3CPFMf09u0+Fh80v98lnGeOdsLlnlC3IGE
gJVIgMEvl3EmXPiGsyy/zASrfvmpeKa+D9SL1S/tSC/LKwY/Cl+4EwXNfsGwJxYu3NmsfHKl
nHj1LGTxQ/mMx0f3y6ozC/dXcHT1XT1agd2Fy9Kj5aUyNtGRlv9WIk5exQ+ftCsJ82DxgRm2
zjnoEAiZMhoKleDZHETNfPi5UfPLNrksINoAwKpm4WNt0kGeQKyWRrThW77+Kr1H7i9z+GLh
ahY8vL+5TYVMQUkX7tu3igkPlzwSX4Tvc9Ujimf3cSB8/m/A4/uM+7vnPz5rhS4senIT5+D+
+VwXQpj5n549niilBNMxU0n+rgaAjEE6Khzt0EbsvDEPalT98L8SOTU53EsJOFNdzdH+d4J0
1JvBoJmKqBqAtkvy9XS4ibPhJt4MN6GLd9hczId7AXuZoRkxtVGpSnxSc+mZ4qvOw+nbjpJV
IxpV1DuiUTS9Ixo10juiURK9IxoV0DuikfDeEY389o5opLNzhMe0cNWr6FTPBmph34k8hFbZ
o3TTgVJXtBrnlqXsIWVJ4KjeWne7SyyXm1WOc1XL6eFiucxTqXacPTMC3Vkt3YM1+VOUBCwT
sDHvAw2c+ju1+3H+TgXsYHtQb0zxNWLSG5O9Lew2ZB4PZOjz1LnjzyajhPHfpbM0u4xe5wam
9at4CHIHNoaq5fbCzlsmvX0mjP2vItNz0NnNz1tC6TOOyuF5S122G//GfbGJyqlB7EbOjZ4T
0lxDaBe7p+hMpai5unqjUAnAhGDaBT0EbR/hv2kudPsqxxj/TSs60D7Cf9O4DrSv66M7v2Sl
uYa/rDio5TUnr90rGcp0vQnLNdArD3PyCrYIXAjkRWzto0RiTl7Br+TTufQ8+M0NU6fkXOx0
lEAhp8NQ9GLDx0JOSk32poSIyAmqsWYE1jCtJYDIovuTPwn1d2BqM9Aqbfeavcv5tGUGoAWh
9tA/NjLv30PPWjQPS7mJ4c8lGXdwtNOWlYelFfVk+h0hx8MaHwE0rAMSQMNaIQHUUh/tex7b
E/GQ4c2RwCLLsu1iuuzQyjwnK7MF0VrASH0Tsf9qWb3ttdDsmwgKOUHNvomgkLNT62W2byJY
o/VNBKula7TnqKqplKDIfbMKsjsBRETjiDcCNI54I0DjiDcCNFy8+yHjiTeCRdYGq6lV8UaA
9CuUX/UtqCreCBBZG4zaFX8zKvuettL9y+0I4o2gkBPUFG8EhZydNvFGsPQrlEqosazUIVjj
iDcCNI54I0DjiDcCNI54I0DjiDcCNFy8+yHjiTeCRdYGq6lV8UaAyPJgQVXxRoD0KxRt2Cve
etX/dvFGUMgJaoo3gkLOTk1Q7SYVwSInqMay4o1g6VcoxVCwdHFTghpHvBERjSPeCNA44o0A
jSPeCNBw8e6HjCfeCBZZG6ymVsUbASLLgwVVxRsBImvDXvHWi/G3izeCQk5QU7wRFHJ2aoJq
dQ7BIieoxrLijWDpehks3giQfuVQECWiccQbEdE44o0AjSPeCNBw8e6HjCfeCBZZG6ymVsUb
ASLLgwVVxRsBImvDXvHWa+S3izeCQk5QU7wRFHJ2aoJqxRvBIieoxrJSh2CNI94IkC7MweKN
AOlXDgDpVURJ0zjijYhoHPFGgIaLdz9kPPFGsMjaYDW1Kt4IEFkeLKgq3ggQWRvUOVs4L4o+
njptKQLsOYPyVAMaOGtJEhZYBPiTr3kKFwt5/+mQgcAyQgKxpTywIX6U8tHBHew+bSkQNEqs
QiH1ke4XfUqnchHhdN5xk+Dunyvni7kA0xinS+r1yRu4PVS9LqSvJ6mLQ+Bn/pLAlZ2kPFmu
rMEFIXW1q7gCpK+F3sCFoOJajxqs7vnAi/pSVfFY/79tQYWfgagHNlFeACwPbkR1oIoD7/YM
kj7uXge3nIrXjuyuZJRuFqfjd3so896rM5qdfufqJHiHz/qkeOccOfoVk9Wmg3A5S7vU5yGk
bBWaK2bww03sQ4Tb4naWSab/zIwp+P6Kh+E3pi+k5TJpfzXk69x8Oz3RHbBmaiXzXEbt41N9
QFx7ss8AlEPVGfNRBdFeJ/EmWvG0OG7eWpKqc+ibaK9L0px1bSkF7EzvfCt/yt7/DwAA//8D
AFBLAwQUAAYACAAAACEA4hSOYUkCAAB5BAAAEAAIAWRvY1Byb3BzL2FwcC54bWwgogQBKKAA
AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACclE1vGjEQhu+V+h+s
PbUHMFDSpsg4aqFVkBolKkuiHifeAax6bdc2KPTXd7wbyKbpqZzma2fenXlYcfFQG7bHELWz
02LYHxQMrXKVtptpsSq/9s4LFhPYCoyzOC0OGIsL+fqVuAnOY0gaI6MWNk6LbUp+wnlUW6wh
9iltKbN2oYZEbthwt15rhXOndjXaxEeDwXuODwlthVXPnxoWbcfJPv1v08qprC/elgdPgqUo
sfYGEspF2qXPELXqHUP9yiXBjx6VugSm1DXKIYVPjriBDUY5Erw1xJ0LVZTj4QfBW1PMthBA
JVqmHI3PzgTvBMQn741WkGjP8kqr4KJbJ3bdbITlBoJ3SwRtaYlqF3Q6yIHgXVd805aknNHk
1iJtATYB/JYmf8wKT65YKjA4o2XINZiIgj8FxCVCPvQNaJIs9mmyR5VcYFH/plOPCnYPEfMK
p8UeggabaJW5rHUa2/iYgix1MtSbcq3fmN2yrq3HebVUS8bzwhxsNVDiubpmQrxe07ulf4gd
dsU2GlqprZwMg4tgWHKswqiCvkfmApFK4pubsICZj4op8HCvjW7I1pb96M+M21W95WL+pfcd
f714yWZlJPcvgVdgCZggF+WqVwp+dMXM1R7sQS4sgWKb2aSrRIPK1fXOPjLCVpZIYW/o8bcE
0uND+fI/48qXbp5hfrzo82AHwzudtksPKnN7Pn7XBbKTEkviFisi7NjwKSAu6frB5KkEs91g
dax5mciI37ZfEjkc9wf0a5g+xojL019c/gEAAP//AwBQSwECLQAUAAYACAAAACEA3d3Bge0B
AABOCQAAEwAAAAAAAAAAAAAAAAAAAAAAW0NvbnRlbnRfVHlwZXNdLnhtbFBLAQItABQABgAI
AAAAIQCZVX4FBAEAAOECAAALAAAAAAAAAAAAAAAAACYEAABfcmVscy8ucmVsc1BLAQItABQA
BgAIAAAAIQALKcFBmAEAAFwHAAAcAAAAAAAAAAAAAAAAAFsHAAB3b3JkL19yZWxzL2RvY3Vt
ZW50LnhtbC5yZWxzUEsBAi0AFAAGAAgAAAAhAO9KHyhxGQAAh7IAABEAAAAAAAAAAAAAAAAA
NQoAAHdvcmQvZG9jdW1lbnQueG1sUEsBAi0AFAAGAAgAAAAhAM9qijiZCgAAam0AABAAAAAA
AAAAAAAAAAAA1SMAAHdvcmQvZm9vdGVyMS54bWxQSwECLQAUAAYACAAAACEAv30vlIwCAADs
CAAAEAAAAAAAAAAAAAAAAACcLgAAd29yZC9oZWFkZXIxLnhtbFBLAQItABQABgAIAAAAIQBx
qhyKwgEAAJQFAAARAAAAAAAAAAAAAAAAAFYxAAB3b3JkL2VuZG5vdGVzLnhtbFBLAQItABQA
BgAIAAAAIQDuAvruwgEAAJoFAAASAAAAAAAAAAAAAAAAAEczAAB3b3JkL2Zvb3Rub3Rlcy54
bWxQSwECLQAKAAAAAAAAACEA26+ii0MXAABDFwAAFQAAAAAAAAAAAAAAAAA5NQAAd29yZC9t
ZWRpYS9pbWFnZTEucG5nUEsBAi0AFAAGAAgAAAAhAMccbRScBgAAURsAABUAAAAAAAAAAAAA
AAAAr0wAAHdvcmQvdGhlbWUvdGhlbWUxLnhtbFBLAQItABQABgAIAAAAIQC/GNkUzicAALy6
AAARAAAAAAAAAAAAAAAAAH5TAAB3b3JkL3NldHRpbmdzLnhtbFBLAQItABQABgAIAAAAIQCD
Bo8Y8wAAAHMBAAAcAAAAAAAAAAAAAAAAAHt7AAB3b3JkL19yZWxzL3NldHRpbmdzLnhtbC5y
ZWxzUEsBAi0AFAAGAAgAAAAhAE6DpYnmKwAAsUoBAA8AAAAAAAAAAAAAAAAAqHwAAHdvcmQv
c3R5bGVzLnhtbFBLAQItABQABgAIAAAAIQAh8ZapwBMAADzQAAASAAAAAAAAAAAAAAAAALuo
AAB3b3JkL251bWJlcmluZy54bWxQSwECLQAUAAYACAAAACEA6NawiYUBAAByBAAAEwAAAAAA
AAAAAAAAAACrvAAAZG9jUHJvcHMvY3VzdG9tLnhtbFBLAQItABQABgAIAAAAIQB0Pzl6wgAA
ACgBAAAeAAAAAAAAAAAAAAAAAGm/AABjdXN0b21YbWwvX3JlbHMvaXRlbTEueG1sLnJlbHNQ
SwECLQAUAAYACAAAACEAkak7beIAAABVAQAAGAAAAAAAAAAAAAAAAABvwQAAY3VzdG9tWG1s
L2l0ZW1Qcm9wczEueG1sUEsBAi0AFAAGAAgAAAAhAChxTo3MBAAAKhcAABIAAAAAAAAAAAAA
AAAAr8IAAHdvcmQvZm9udFRhYmxlLnhtbFBLAQItABQABgAIAAAAIQDLH2EGFgIAAMADAAAR
AAAAAAAAAAAAAAAAAKvHAABkb2NQcm9wcy9jb3JlLnhtbFBLAQItABQABgAIAAAAIQCpyFyq
jAAAANoAAAATAAAAAAAAAAAAAAAAAPjKAABjdXN0b21YbWwvaXRlbTEueG1sUEsBAi0AFAAG
AAgAAAAhANpwahOiAQAAgwMAABQAAAAAAAAAAAAAAAAA3csAAHdvcmQvd2ViU2V0dGluZ3Mu
eG1sUEsBAi0AFAAGAAgAAAAhADxAbQPGBwAAYT0AABoAAAAAAAAAAAAAAAAAsc0AAHdvcmQv
c3R5bGVzV2l0aEVmZmVjdHMueG1sUEsBAi0AFAAGAAgAAAAhAOIUjmFJAgAAeQQAABAAAAAA
AAAAAAAAAAAAr9UAAGRvY1Byb3BzL2FwcC54bWxQSwUGAAAAABcAFwDlBQAALtkAAAAA
--------------030709060406040307040302
Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document;
 name="T13-SG13-C-0427!!MSW-E.docx"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="T13-SG13-C-0427!!MSW-E.docx"

UEsDBBQABgAIAAAAIQDd3cGB7QEAAE4JAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIo
oAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0lk2P0zAQhu9I/IfIV5S4ywEh1HQPsBxh
JYrg6tqTxiL+kD3d3f57xkkbdXezTZbQS6TYmfd9PPZ4srx+ME12ByFqZ0t2VSxYBlY6pe22
ZD/XX/OPLIsorBKNs1CyPUR2vXr7Zrnee4gZRdtYshrRf+I8yhqMiIXzYGmmcsEIpNew5V7I
P2IL/P1i8YFLZxEs5pg02Gr5BSqxazC7eaDhjsTbLcs+d98lq5Jpk+LTOB+MCNDEJyHC+0ZL
gbQ2fmfVE678wFRQZPtNrLWP7wj8BYc085jp1OAQ952SGbSC7FYE/CYMkfN7FxRXTu4Mrbo4
LzPA6apKS+jjk5oPTkKMtEumKfoZI7Q98g9xyF1EZ36bhmsEcxucj1ezcXrRpAcBNfQ5HGJo
c2F3ZgOB6Ge7P0tGL30uES1ExH0D8f8TdLoT7X9prG+qCiTVyfjBMDFP6EVncRI77gaIlO8p
Jo+rNx87ffGgPIpwD5sfF6M4ER8FqZxD6/ASe99Lj0KAVRdiOCqPItQgFIT5N8CzGuyER/1T
si7i3wlP8Le4FpsGJlTeK4uios7VSo9CILVM4O1z/k60MucsqVW01z614PAPyz52zBSdUw+a
cN/3jtQrZ+cZ0g+CAvVa765HzbbvZAbMefs3tPoLAAD//wMAUEsDBBQABgAIAAAAIQCZVX4F
BAEAAOECAAALAAgCX3JlbHMvLnJlbHMgogQCKKAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAArJLPSsNAEMbvgu+wzL2ZtIqINOlFhN5E4gMMu9MkmP3D7lTbt3ctiAZq0oPHnfnmm998
7HpzsIN655h67ypYFiUodtqb3rUVvDZPi3tQScgZGrzjCo6cYFNfX61feCDJQ6nrQ1LZxaUK
OpHwgJh0x5ZS4QO73Nn5aEnyM7YYSL9Ry7gqyzuMvz2gHnmqrakgbs0NqOYY8uZ5b7/b9Zof
vd5bdnJmBfJB2Bk2ixAzW5Q+X6Maii1LBcbr51xOSCEUGRvwPNHqcqK/r0XLQoaEUPvI0zxf
iimg5eVA8xGNFT/pfPhoMEd0ynaK5vY/afQ+ibcz8Zw030g4+pj1JwAAAP//AwBQSwMEFAAG
AAgAAAAhAAspwUGYAQAAXAcAABwACAF3b3JkL19yZWxzL2RvY3VtZW50LnhtbC5yZWxzIKIE
ASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArJVNT8MwDIbv
SPyHKneadcD40DougMQViuCape4a0SRV4gH793grdB0b4ZJLJb9R7bdPY3t686mb5B2cV9bk
LEtHLAEjbanMImfPxf3JJUs8ClOKxhrI2Qo8u5kdH00foRFIL/latT6hLMbnrEZsrzn3sgYt
fGpbMHRSWacFUugWvBXyTSyAj0ejCXfDHGy2kzN5KHPmHkqqX6xaqvx/bltVSsKtlUsNBg+U
4GBKY5E+ISmEWwDm7EdJySfjhy1kpzE9ILGBrYFNyDfPLGQiqgePq2ZIoYtD5S9iIqisxV//
oZdCJrJxXBcGCzFvBj+jst9SyEVUE2ap5+Co27Y3opdCJrKYJOTSo9Wv1AF9X6Qp71WuEHTw
ck5iuvmA+RMgEpNBnw7EIJaoXNaXEtwWShcHSZzHJOH3MPwoQQY0w+ONzBpEOWTQxUEGZ3/U
10o6622FqbSad9N6PaUvdhcB76bRi8L6rqpA4uAa7B2FQFz94ePAWvp/dShNa4sSfu8NDaUS
fCNmaUvtS7uD7+zE2RcAAAD//wMAUEsDBBQABgAIAAAAIQA5PmodpBoAALuwAAARAAAAd29y
ZC9kb2N1bWVudC54bWzsXd1y4kqSvt+IfYcKLjbOiWjbYDDG9JgJG+Mex7rdXtt9JmZuNgoh
jMZCpSMJaPfVvsO+4T7JfllVEpKQQJjf7vaJOG2hn1JW/mdWVuovf/02tNnY9HxLOOelymG5
xEzHED3LeT4vfX26PmiUmB9wp8dt4ZjnpVfTL/219e//9pdJsyeM0dB0AoYhHL85cY3z0iAI
3ObRkW8MzCH3D4eW4Qlf9INDQwyPRL9vGebRRHi9o+NypSyPXE8Ypu/jfW3ujLlf0sMNZ0cT
rungXX3hDXngHwrv+WjIvZeRe4DRXR5YXcu2gleMXa6Hw4jz0shzmhqggwggeqSpANJ/wie8
mVlkvFc9eaUxIN945Jk2YBCOP7Dc6TTeOhqmOAhBGs+bxHhoh/dN3Ept5n3RlIvQ4MrjE5Bi
OuDMcBnI6KmHhrbCA9F3StX0iJXyvMloitAQEQxFQEi+M4RkyC0nGuZtqIkjFxKxCn9/8sTI
jcBxrdVGu3FeorFIMJeArFyXkhefmr/UADOi+zjgrlliQ6N58+wIj3dtQDSp1BhxZKkFZdEV
vVf6G3Rt/efe0wd/Z5Pm5Lx0dnZcLeEweHXxcO8bLx3pG275qxgF0aW+9c3sRRfbpm1/5nIs
2+zTXRjr5DRjJM96HuRfP5KwxUYDpLdCvGDAMbfPS2X8R4P2Lc8PHgReIn/aPP5LXmwLezSE
Mo2uJ0444m+XUKf6siP+CH9htgqGCDGfPKtHKHjGX4yhplapVU7V5BOnofMyzlar9azTtUbW
2UrluJI5Ru2ETivgQpgCD+DAavQeCDVXjXKtfU3okafuoUOjk5KInpqUwZ3g0YWS1uPp04Eh
bzL0zA3NEXKqGDPFEePPpvds4ryki2fCPHlBCKEeww1BiQESnkpAF568Mvt8ZAezt9/HThGU
XfAEWZ1HeiuetiJS8iH49sbxTS+4Fc9CoTLr9gohypG395zRkH4Zwr4mxjovHeuft2As+iWF
IGsUeaMeJSCJ46P8m6VkqZv/+5O45MZL8t6O04vmknjj9EJVPeHhvmwia2J25fOOuPeE6Mtj
/zuekcSq1tUgNneecc7EHC98i5+Xvg8O2nd0DVymx9FWBTh3m5ZjW47JepYfPIEeJXl0GR3d
RkfEjUAgtE6TO8ZAeDcgT6V+fNE4acAnkBfMnhXQ6dPGSeX48rpO+sltmt8C8mWMb7hwWjk5
Pikx4/W81Kg2QtHCPf2+aQQddSd0QuWsfILXgU74Fzx/Jh/r0k+auEsu0r3HiEVAc4X+e8sI
Rp7JcKJn+gaesoLRgbCVRnObxt34k8fdgWVce2AREgkODTA9cyuMF187ScBcSu8vNs/KKDqi
PQARzAvfxZQIPon8+e9f9a2xqVzxgLORN2sEF0/AVRgE2XDUxP8aLBy9AR3J0ZzxvSVVCE4T
KTT1QN4C1AufUSNwAk0RaxbZLDrleWIyMHkPFljRIDnKEf1MQNW1LffasmFGeZOOmdc0h10T
PAZmPyMy8qbvGQ8gqzoOPDMwBnS6j8f0+SPcFF6Q75gOS2/0Xcy8O/ksetBpfBQIYJs3v/W9
If2Fl8YgJ8AKJETyOif5mSM8eF34sAs198kUQ0YHABpwysH5+NaXdgGI07fQuxxBk5UzsR1G
fgIJWerK0ApMj9nWEAJLhlrDRHiFApMPB9yy1TFgsR1omnCe+hA/cRTJGjFo/DeOI0VEx81I
P5HKkmdc+W9ozMhYBGmTdlKpS+2fMmlkyh9djvkpPVnTqjB8fnPmDHQmQLXOnWrqY4nCUBvj
b3jjIvWfNwSQ0bq5e+o83F083Xy5u7hlT53bTvvL589f727a8hzD0Zc76WhITBbGarUKFwWA
JbAKmLeGPvcxeLUjlwRhIcx61/SkFcjAbUOTV2I9httsSiTuJjQCaaxSZf/3P//L2qx2fCqP
Ovl4I0xIKq/utNFIfzO1I61M+knkHWomCgVgGW8OIroVemU5UjViHe1I9XiAOKawPzb1jrT9
bBbQAbVyDZoTmEwGOmkdoP2t3Xq7odQrWnZBJnjAbV/+jUm6dOtAwDRDY5YFfMVFAxLPzyiL
BLvjNet6VdeTkwtaj08Xd1cXD1c3/1TK6bHTfvrykHgtiS5hZGvqechtu83dGfxvQFmTUwU3
gBtwAFwEWaY3NktAyterf7D7zsPNlyuWwAVIkK2+ErARKZH6qx7gn3rieYVLqQRonBwlUqvV
yY1fJDsybJJjKcbdOIH+ZQAoFY+Sckwo/lypSSh2mr+2xTE8FnuWsPrFCARMDiPs5iOWcLIx
U3Cq0gryHaHyV7QMfxUJ7JX4GZdIASItTc93RRDAX9QIplSxLZW0/x0+swyDNZ9KtYpQWiCq
kk4rxpJcEA0mf22aJ7KMjPRPtJERHsW/bzIzoWO4ITPz4+M+lCFF41zxyTRYYI4ieF1CBZEe
i3hvrYwMYbiwrecoYjCQvFAOZ0EWL5zw0hjdvYbrQO4tf8CEY79maLgtmOHd4+ALktiWw+0m
09jIQIRkAKX4Nqbqq8iwa+W6wOuvI129hwZbQx1XEMBbyn/NUuTS/dCKfGiagVwtKxwwxLPG
Ei96pK49Ml2LlnTiQ8lUAeyZygXr5HwI1DT2kAHYki5wOFlyHf5rhBw6Fi5/839v5vMT6bJM
ay4XGdIkLqiFVsvFe3hrdnwRtCqnR/McodzZ1M5qRTxMGZ1tZZL5+hevlxfpr3Z09kXscxbz
0jFuaIa3lqiZavCpwdRiD/Ms3R8VjQKnBZQBiiOi1EFgBcotna7lhP6okl8ZCJEToBaQpvKr
F0VmL+iFvnw2n6PFSLBVtPbp4cvX+yhh9OXu6eHm8ivl4Ch3lC/vxNzv9qOXXv/LdzCLscxZ
jGV8MfKMVL6poM6XseMKOv9Rvvot6r5RpeoaMMf89FUYqWxetPPFA6nSAbwl9mTaJup9PvxM
zE4GbDOhBQm+XrfYeN6EAnd4UGAn3kf8QvF8mC/SghZqxbjnVJGKVbtOUu+GUqMX0cOfCxwn
uVq2ghA9kcrftAz9KoSeI8bZuUgUGLjC5zbjXSoP6pl9y7HIj2Wor2HGgHvcAE+hZsAyfCb6
7NJ6ZnLd2XLSuUvUq4l+xyMYlF7DsrhtS56jOGcejwStfxxiZKwc8APP/DPwE1oGrlnm0LD+
OoDKcN1Cnp+6CKk6kOkFiIKOw1RhVUJiy+XTRu2SlHXMS65cVC4vLqKTsTxA8nZp+PQpwoCW
x6nEdk1UYiI7rP0a7Yt418IJfLxyWtzxmdvPI4d9EgGqGhQ6uxKpM2UgL+LgPx/0hBLuF3QS
8IR/wrngteVa57RTlS5YbHon1cplRxpZeTI2veTtcnr6VGx6yZW8G6cvUMOhYMaansoqWfaY
irFkuldPHtduqIJGnguzz9EDKM+RiUz8De8xUK/jERHAwtB6tYo26LFbqJwtuuOkHgXcerB8
fD9aw8eRMxfRM/U2hGA1Ow9AzeJTyoC+YZbC+o14EvYWi/oh7ZeDAbLXuuiiLAFymxCi4tTv
HJ+eqdW1dVN/IzS0ZNkVEZrECOiTBYS3qHUqIFZxMs9IUi6Bi+MSNVOd6jVB9bPj8gnV6sD4
0ELtakfXpCnWLY5XYKmQjGQrvhlyQRayrd7TwPKZAR3rWd2RtHYJUQEYIcFIRVYb9Xr5tFQI
shzpXYwCkltYOWgyM238toOTtDXfDQqCASoU5zoh8yh1cXrcPqXCJlDwjXq2EKWyuWo/MCj6
8zBUuz6pdTp7iaFtEa8FR/MHRdEymqi4jmxJfz4wjYGDZd9na1YB7UIb5sgYhSXzqLc1LvJf
/cAczgNlGWqtZDf8ZFImZb62hZEcgu0DhrJBgwOAvRcIbpE7IbsThbbcxfYKQ+1D2w9mQ7Dd
t0y7RyH4/iKU3dD6uWMGlDyYB+aOWTJQqczhyNFUTsM6z4HI9HNXEt/DxOuLxxadevniuv0e
WwD5YaycsQkmDMqL43VzMVuUzPilsh8an/OE6ry0vuzHleUbI2yGFs5iubpsn1TrmXm85BWZ
6NKnaB5hmicnyMjUEQUdspBfF8TCma9YRQ1l28jIJiJg7tL6DxlLzmjDk8Vt67vZYwMRMKj9
4WGuqVQFCif12iX2N85jg8xJFcQbBdALPPuzdvXq+g0QrB+t7D/40P3IrpEnycUapR7KF+Vr
JGKXxtkqELeuEnIT8ya3RcdsVqTNbmnItosYz+yjmpYFQrqLUcD0yibIyQ+QUBrZPUhJGkgQ
I54L3rgYZKOPSa8W8grwaZ2F+SYtMQyQcGI+BJlJCX8ViK8COMNc9YGgJR9I/ZDqBdnIx+PU
iWLCsfkyEMJeKlWVKd2rcGrORH/zR6AG9zO5JWiFLSaw6EV46HJk3ORqF7aSvgTCpVYdgVrw
Ohpb/ojUnIwF8uhKgnpcPr44udquoOZMPyRQGtztysrv6dfviRSA+w3u0u7hDzP8EYK4K4K2
/ACLgbtGXGsmm7BVzsnjaiz1GYMPzMeStDkDYUi53VqoGYbaA8RxFDq/QsXvmquyyZqVzdsq
0lqk4fNwszM9wNMQbRcn5NenIdgTCSPXRHovEwuFEKhSgRtim7JZDkPrKJc8lMAamrPByHZR
2N5P/I08D3tc4MpRXJcGcbsY2uMog9xhuITwcTkbirHMD3O0ywmYhz1n9LPvYS8dZ31zwnri
u+lQAMy7rwEeg4Mx5M5rGrvZFUxZxVE70zpumiG2LfOtXK2zM5wka2h2EAu30rYgm5F0KVwM
wF2hLNvQp8Uhqi7YlsfWUtKJcFaaD2k61C7YKBpePg8fK4zbh3xhUl5j6cq8YojMiLx4vi2b
1J1vyG3Z0ITAdZ5GIebcRTaudZkHkeLDXeEswxqHxNwVqrKJWyBvuS1MtqQg+9iDxD1L+Awi
7YgJ7/FXOjbsUQ/NZMwuQ0mD/5E9XN9cfUTOy/GFx7BEiWaXLzjtC8pjz56QY//WG1GaS+bD
9I3yvGeO0Z6Q6sZ+/zBd8wyoexMFNCh2lT1dMXy0IOrL8BVw9cxvcCA+IglhI/9kUkclhvZN
2KiP25EO9oQjhq8fGA+GwncHWJ02mG9Y6CeLhMWziYsoxP7AupZ4NgV1iMUSpi1/U+mGPCYY
UCaMPgbI3EESvxFUR5g2ykpND/3fDAvr28Daqxo5sNBSFkAoGD+yIXWAlVdH6FeBxlHoAmd+
ZGOslQt4RcbAyhOiXdmc1jgPoq0xo84h+gJbqwsYkqS5eEiAGUp+zLroUhJ95RdYjWo95VGU
eOytahr4y6qtXqHmb2Eh6VaDqmydrcpKoeXC+tIZszwPyEVLsysgTwbzc4s9wx0naWYoBHBx
R2ZxBVyhF66fvaQ9UZVmM0stoZoggSifntbK+1nWWQC0Fd3QFiz//O1DUbQhcXVSr9Tm4yoT
oFWo2ypgEpJba7RJSCr+h5hJSN6esxNnYvXEpE2F7rL1cXy3zcK9GNgEour3Y9tpUjtuKme6
n0L+LSeN2U05qVHOGlH3O70tR6CZft8Wk/uRIxtwYmcj2mc+UiOtq44U6+nvO/W796+RHzxQ
36gb2axyIvtuUa4Gu8WjTVb4QU1wz0tV1fOIfjyMqNF22Opo0pxub0fPpIFGAXw72SpG9urX
W5SmjywfX3Ul1GHTtsU6NKwKKV7FVD+rVU82Uh32a1YxaXyuYggU0RcTm0pZ7vXGzITlK0L9
mIpIKo93FfGDqQjdInIxv4TKIZb9UwFFgQr0ZUxdcXVFHIyR41t5YnuHk7u9AfU8odoYgNnO
ctI3zhS4pFjFbXLyyrvAvQtcc2YrdyY/K29gSZ9AVzzK/HXCTKxNDywPUI5QobYsgDqgMlGG
De9YOkODH/QTkXsvw5y8LEhDAsWmtTYZ+YT5q2DAA2YFqgIVmZaeRV9BwqcmKDu3J1O3kbx7
MJHf88zePX82Lz2Tv0gEyo2d9H0mFNCRQyqcA3w2AHlCXX1G64V4QLqWsqiOAUPYwI1PLCDF
qMvUKHjX33hSlXx6f0re7CnSOe1UjmvrK0pbSv3nMEIBcMO4Vpmwt85hedZtLSgpyAN9NVP7
BjgLxJJJQ/Ruon6asFH7hJZkm6U8w534WJxCHjhRysNLSvaGnNOiqCHreSeCVOuheaYzp5nA
NgzQEpPKVrzkjKObD2wuvlczWxkdUkYm16+PqxfttZUyh1Zj5SmQep7u0dyCNl4Z4nAVMq/g
GCZ9qYZJb5WYhI1ZYlYtY+RlVb5nwz1bgrJGy7gM1CgSRh01PKrcMuF9ZvM9UycttSqsCq/h
vX4gz9TxsREGa9SyttjCcjS5s4m9EoeMNA4+joQL8NGlS+9FlTZYoIcTP11c573I17XQLYo+
TQrPF9kDzxrTV9l0vZ1+HS0KYfsKgMEVFSwgdKCzcmsHKkDJswZQ1OMF3zSFQ04w+CYO8WkS
5tMXILA6rjbAkFah2MTHh8JwWwB/mw/FCJ8x03EJBrKRiybPHcv04e4RWejXBWS4VQ5f8l1s
hOuSi0+uvpw6MIMlfgQ9OMf+pJ0kwauCM8Qqvgoxpk+mYVUee1hNPICU9AuzzWfAYWAZnhCB
s5hIFzGQ4aG2VaF7OjACDfuAil6ZJ3hvwl+JRBQg4SlHIdY/LCUUZmZe41Ip/tAWxBKJySvv
eY0fM69RVIeG6cTVmUTzDbmeesfs+4LUvi5I/djZ5nyvN6H3wkhkmX3b0IdZRSOhX7s4CKNI
I9VJMw1UqHNX85jWAWk2IslohVvBf/DsfdKW6WX22nGtXZXNA9Nt+pK3S9NXKZc7p8cyQNJa
zU18uu4Wm0fv4WrID46q9eM5aq/4amq4Sh49gVX3+S0xf9UlfNUSMuoD2caeQTQI1W1Gt7O+
v7o61Ty5trxNIgosprX+oK9w527KUMpq3WAWRhzUarayauaGUBT3pUR9tUksj9NskClYyrMJ
awd6HWaipVgDEZduibA16NeFchn0bQ3qteBcxaVbg3ltmN4axGvB8vwOa3upPiQvy60JBpIB
gdlTKTD6q/d/9xIpGrOXXEOKZb1j2mZtlmd1lT5XOVZOTyqNaY/lbWv01g22f0J/d7GJR9IA
W0HncfxawV0Hx2ebpCIo3wmHtAjZtAEHCS+dokOiS7XeYSgcTX7XLsbaqzHGBjGtc5jYvIPc
HjKVT5cf2D3+7+D/f+buWCNJ1by0GzqoPCTlL7FL2jOTKqVI8kgRRIdTwO977HVeStVG/3jl
0z9F7BUL8Tdf2035oT+wh9EMFqiut0K1OdU1P9TapXbKNmqL4qw1Q1wwyi7gLZCGD1qKSaZB
l/Q7kA6ib1bDFNJXd+S2a3JDCg66FHvnMFKhaWYThLa0wl+SLqsuCSSvtQDwob1YzaqvK8aJ
3OwCkK/LWq+AdlqvLQDprnAsuzKp9qJ5UCZ8h3VhdLmcftLhiTma5Jk1GqfHdfnB8ljvR31S
CnOOPOTNN3fMt+bfluf8ZQOdRShYSvUsD+7bEbwbdlqktPcTnShMgM3BDkzZ9IgKs1EAjYIG
VcXhN1GL440M6rcYlmX46FlwMHN25KROyYSFDC7CKvDUDarEBCsriAa1YQzDQXxCbmShoQHK
RKYQof8p6iNUZ9AJPkxH9SHTq7Kbq/UnvuIsa0WoESPVfaDjE1o8wZwmhf09uvlFN4f+0tFN
jvu37F5WGe+YNjqv/GwBz46Tw3LL3R8as1RiR5kytGqH6kXtmGpSTadklhKX15ksznUVcxbp
5rqfu8ZjRkYXlXywAoRUjTWyedPKO9lUiHvTM4fs72FlIR+jyU+sn3bUFAjleQ72QJFlNMcW
dvd8YBOYLfTOQhSHngU4Riw0hM2imkJpEPWNaB/kMJf7/gHKJEFSS9dWEnWHsMgwwNguNQV2
ees1v/ovlol4L4FQXx/dsy4G74Yq7xuqywV5fyA78fMZqnqj3DhrrH2PxwoZCVkvPi/41SAn
7cxb57F8NNlaxAgUoK8Vxjxva8OrqW9F6TrAxbcZED7KCCy3KfceJH7QDs9D477/FwAAAP//
7FZtT9swEP4rVj5v0JQCLaKVUIENiaGq7A+4ySUxc+zIvrR0v353dlLKy4SmaZ/Gh6b23WP7
fPfcnQ1uhS1ELlEenB9uznDGXzc7p4+gn1f5cpoMBifjwXgyTnrRwu0JGYzisdZnvpEZTJPG
gQe3hmQm/mZPt4h2XFuDnk4G6fHCK/m9gppOqZWx7qqTJYdsxWruw7+WptxbME1+Vp/nd4zh
y8VtcfZVrhXhpNAWeycIZUSuigIcGBRrq9savMgsHVayTqKoVFkJ3wDkQpFZ1mGlwXuhCoEV
6dmXrFEms85Bhgfiph9GZSaNyGTr4ensxtmVhtqLwjphXSmN8hKVNV5Ik5MBxpMlzh8Iur0D
QsGnFzjDFqEVQFAH0RasYGdPZ42QZDRozf+slkbqradLNuBo25o2sSZowkUkbdXf41kwyZMN
+7zpObHHiF4UaZIOBlenwx13LqGQrcbX8MWeKOwcA9Xc41YDbbmWeprcKo8L6WTpZFPFqG9U
bjdzIomzuocNogrlygd6ylWvyTRIx8Y01k+T08loh3wbkaaT9D3I8Xj8HmQyPmYIp1hnk12T
w7XdLFqTYaCtbNHecwpdXr2Y38V5/tB6XBL/8MbkQcQZx9Qk7gdSkAv5bloZypCjNHidJ8tW
k4APiIYqIhXBoKA4jIZhTaGcx1vCzivpyDXPhTwPJz5kvZ9WFrsIIDzihValqTlrukg9HfYv
E5lpyDz5DR2HF1fpjnl91XomfEbHfU1HxyD6Ezr+AGjuyCHBWzxhn8a6ZNo6clrp9Uuqku6G
YxJYnh51ZNmteB3o4aiLSIzl6/AFA2yLHP/bp/M6NndBWQXUmutNFYbv184Pl599uPy/Y7mn
Tr5wlKB7b6L9crF8q7rc0yLuapfjwWh+nXAZqUDm4JYQnhgZ9zXcNlSb89gWE+HOVD5N3E2e
dvldWItvrQgZv4/vMrsp73/StptpQr1rcMrlr6LxybgvGE35TfJN0DYkH6UB4rit8JKjEa+g
4o62flLHVtFr4yWofXatI1i4m5YtksG7jpFZzc+37nHIS0KhQYUaFmUY5zb74lRoSVSsFgoz
svhoeNJVwej7UORXNt+GAS2hF5HB2S8AAAD//wMAUEsDBBQABgAIAAAAIQDEQwDveAoAAGNk
AAAQAAAAd29yZC9mb290ZXIxLnhtbOwd23LiuPJ9q/YfVH7dCWACJFALu4SQ2VTtnEolzJk6
j8KI4I2xXLYIYZ72N87vnS85LckyljGOzSVDst7aGoItd7f6KrXaza+/vcwd9Ez8wKZu1zAr
NQMR16IT233sGl9HN2eXBgoYdifYoS7pGisSGL/1fv7p12VnynwET7tBZ+lZXWPGmNepVgNr
RuY4qMxty6cBnbKKRedVOp3aFqkuqT+p1mtmTfzl+dQiQQCoBth9xoERgptvQqMecQHXlPpz
zIIK9R+rc+w/LbwzgO5hZo9tx2YrgF1rKTC0ayx8txMSdBYRxB/pSILCD/WEvzGLFLzyyWtq
LebEZQJj1ScO0EDdYGZ762nsCg2mOFMkPWdN4nnuqHFLz2xs4IumnEcG1z5egijWADfApTBj
Ih+aO5IPXL5rqSYhmrWsyYQS4SAiGvKQoONUlMyx7UZgdmNNnLlgDPvo92efLryIHM/eD9qt
+xTB4jZZgLJaS1hefGpBIQAbpvswwx4x0Nzq3D661MdjByhamg3ENdLogZ9gYyf8uPPDP76h
ZWfZNdrtc/A3MGLlwUOTF2xU+YC/LLj2jJ2uYYGFEV9eBTB/4hVdsOiBqf1CJtHNAXGcL1hg
cMiUjwIMzYsU+L79ONt+vyoojkHjiCl9UjTV4D8OdGr7AbungER8dXD8m7g5oM5iDl41uq9d
cOkfV+BXw9su/bf6BjyQNETs+uzbE86YR/gEGHJqZsu8lJPXLjfO282Uy+dts5Zy+YJfk9gU
EvDqyw7Eg8k9kFZrD1vNizafr7h0By6yVmsMzZuBqS6OxLX2dfOmfi4F7kvKOV39KQgQnhbi
NCUFS3UReJcmHwu77MEDfy60gfl/kFBgAki91pBg0tSETyXEziyhbFbIRSvUOcE2ICihc8y6
AscDcVA8RD1FMo9ODuj3shN8h/hYF3952AJ9FWK1qENh/njBqGLlGhKnJsTPAW5j6jWZ4oXD
Ntl9xy9dXTd4UON0eXIuAeAHsgDimEBEFKQIVoUz92+oywK4TUAn+4GNRxCSYdTcBgMdhtck
D8fiufEgEJ/Bd3hIMrku7ztY4FGAusb32dngX+FMBTqYY0gWF/OmknC6Q7qykQEgJbneACaA
LdYRqikUFOyaYxJcUHg2GXYv9XN40WjfDLmoBD0fgr9y9vCv0muhqEntFtYP8/7A2p1UUqU3
nEHSPmAFQqdDn+uj5EPgQWx4YNhnUqtFkAiVLTKWme2CCSpNlwO34QLAvQG2NfUE9Kl4h24Y
ow6Bla+QO9z+wZw9nwTEfyZGD+Ui5NAM+A91H4PZws2F/C24gHQ+SIsBsSg/kOIvfqBrSOrW
shM6W+GAbXZ2O+IeTClktuuNedk8cMHbK7MRqgy6j9GIOAS2Rglx7qy1afNJ4P2k4cojr7T1
x/3Rhdg1Huz5w8JNdwr6RIl79vXhrQR3V7mvoAGXXgongZ+ZsUIsCSMfGa2+f+RK6NTCd7Yt
keBsWEDUyg1pOhwz3CgSrU2+gNrloIWbOhi5vqqCNdLuhMGTecJmwkLykZov1O1BfPaSV3jh
PBIGrmK+suUOVUgzS6SpK/FjcrH3y2ULmTXUvGw265fNeoqfyI6QmrYqTTktj5tDn3hskYvD
k1CY3g1+Kc0wf0zNIeH3ZIY1c0czPJ2N7ceLjENIGZex8eArjlOOjRa2V8Hsd4uNfZsfkVQs
fTMrdyThOpp/iABfJkg7rEyQvtME6dFXbqkrXLHU5otkSFkfINcs7TLPuvV0AuahZx96JXBK
6eccZSaYHzwcfS+23qtvnIyAaNL3sH8SW89Ugianpo5fy9gq5Kk2V3RXqYClJBphJr0rTGcL
Pc20jewy15s8ZsteLZe53oyz5tPx4NlCLPO+e5yAl3nf+HF9oeOGfKmRMu+Lj8DVU97bxvO+
Zr2xY8JJr/Q5sZO2HKrPdwpl3lc7Wc55ppG+dE2uW08im/5ezPCyzPvChuzUTLLM+9r/tNjo
EHuckfbd60j8KKfKMuEVpnz4R5mILit1y0pdUQl5cpXQmrG+p/ys3IWbw9Z5f2CklHpcNFrD
fl/dOX5x+taES0aqkjM/XPCfZO73Gy+o1zZj27Kop5T8vV9Qt1C1s7QBmJpSo7L2tmvIPG9Y
KiaVFMrIy9pbsWRKluOvbbxASUJZe7v7W0hlDrbMwaoXsMrkz7Y34YqUBcdrbxMhP8qb8bgY
rquOvl4pRHu93WhqROcJ6WWx8BFOGcpi4X9afip+dvNGSeOYDwr3Twd8y3jrRi63R4pt69SO
QvM1Wb7zGCZZJo3fIGmsJH2yMXIJm3lfLxl+i5qz3FbD67b2rG6WXR1CSWx2ehg7d/7whVtf
sktGo5/okiH6RWR0yYju5+mSITpJgFMArBEB4eL1HXePgPfkZOcSIWHXduQLp2PKGJ2DDPTL
qo1J/CpnSY7+E5pUtVP9dRePw4cBvQT2ifiumlNYTL01TqyTARtVlrHIEAsChVEBGLX5KdJ9
4gMykjOUc1JP3X3YiQqLEQ7sR9RRH9ri+fu4EwJtkJ5kmjG9/cwBhZnDipVpccWSWc8jVDuL
HGIOYqJXkTNcCg+bnzHVdr9Ae2qJdnats0KSWqB9YJK35Gy+kWTiPl4Un4NjSnzAlS0ocvXd
OKDOvfKifMqcCrUxioWRY2DaysdBf3Rf+XJ7O9LPh7jZnIo/TmHt1pgtV6k7Z+SPxPoemCK6
I9RzyP/+/m+A7om3GDu2heh0n0YaaW3MePuzBw8nFzmx9Rmows4v0r37yLEh4MM4Sal2xUpD
97L4VwwgByVbPQJv1qE7g1e2l3qqo7i15iN2z3rLwnEvt0iBkSrn3qq3oE9js60F8bd3pW8g
kPWyKh7YN6zrDSjZqse820Wpx3L7nrP8WtfjdusH63Hpm5M992QGuNTqYlr9iOmS2L9bmPnJ
ZgunFtpksIB/+QvW/COl5tZsmM0adEgH2nnDXO1IIl/ONNZneN212JQwE008Vb4PuuamDeAk
jp0InvyaTI4epiXvbp13223oDwxcSUwruUw+l0nPfMvkBgcY9sNM68err5L1Zr6vP6snXos+
reQlli/FHhZaF29IbB2qs7UEJOCHuRilvPyUJYc+x7PF+nBREBq+MCY2rBLBa+eI6/Wz7GcN
tIlMLHyqSk5FomZfsUW7nu3dBhA0r9dnDFqKQ6f+wt23MqBuSYuMZnaA4H+XMoSR3GaKXwlA
czwhCD9DvyHeLh0xihjsSuWIT2gMLc61cA8MORwHYD8KjW4h944ddDv6ejZC6qcMiuIszhGO
2J2QCaKus0LQuhotAoLGKzH9L2Q+hlbhUPbKSMC340AdMGMVUvlALAYPyFEBgs7pqB8E1LL5
8E/iOzDR9hF0xfVgrP1M+A9XTKfiFrTpBl5De3qAAUJxOUYYCyhgPPx2A9AEvyPwVEG3DAUz
7DhCamOyKSqJCuieAG38ywpRAOYjD5qHwy9AICCSqxizYRZLm814x3ohXt+GW0vf5iqILBgK
w8J5no0qGve57sugs4493GZlJ30tM98fNq4u1r2uNRNRWhNr+qIPP5LJRuTDT4T0/g8AAP//
AwBQSwMEFAAGAAgAAAAhANOxIVuMAgAA7AgAABAAAAB3b3JkL2hlYWRlcjEueG1sxFZNb9pA
EL1X6n9Y7bES2FCURFZMlIJJIzUKIvRQqZfFHmMr3g/tLjjc8h/6D/tLOraxA4WkJCjqxV6N
Pe+9mXm79vnFA8/IErRJpfBpp+1SAiKUUSrmPv0+HbXOKDGWiYhlUoBPV2DoRf/jh/PcSyJN
MFsYL1ehTxNrlec4JkyAM9PmaailkbFth5I7Mo7TEJxc6sjpuh23XCktQzAGqQZMLJmhazi+
iyYVCOSKpebMmrbUc4czfb9QLURXzKazNEvtCrHdkxpG+nShhbcW1GoEFSleJWh9qzP0ThV7
eKvMoQwXHIQtGR0NGWqQwiSpeirjrWhYYlJLWr5UxJJn9Xu56vR2+JqSD5nBULMcR/EEuAO3
pxlRlcSzqg/FfJ+m+jdix32pmPVECohGwyEStjlrJZylooF5W2s2m4ub4Rh/X2m5UI0clR6H
di3uG6xiT75CmXtS7rzN0syrAHa27l3CFFDCQ+96LqRmswwV5Z0eKRxJ+3hOKJJ7eL5EE5+6
7mXQ+3Ia0Do0xi3nusMztzcYNcEhxGyR2d0n441QiTzW5e3OrjJAyCXLfPoVWASaOv1zB7mr
N/ReviLXFmeOZxQLUbbSYEAvgfZbpMi2JUbJ8TxCnEWDhBXP16vpSiHWDObowErFPxBSYaye
wsMzWsj48iog5OcnchNMroLR7eTmclrqaxKP0GlAMc0sbEktOqOr1gk51lLG60KqmO13j20P
iGiL8bUDIq0tBcWoSyvUOBtOqUPv6rW89BCen8jGYgvo627PPdSF7++hu+mPb8EkGBGCXy6x
4DPQ5D97aHB7Qzqfye/HX2RAet3TchVsjRVduHd6xaif6dmWsSpb4BX/Vfp/AAAA//8DAFBL
AwQUAAYACAAAACEAP1H6a8QBAACUBQAAEQAAAHdvcmQvZW5kbm90ZXMueG1spJTBTuMwEIbv
K/EOke+tHVTQKmqKgALiCrsPYBynsYhnLNtp6NvjpElamqoCenEc2/PNPx7PzG8+dBmtpXUK
ISXxlJFIgsBMwSol//89Tv6SyHkOGS8RZEo20pGbxcWfeZ1IyAC9dFFAgEtqI1JSeG8SSp0o
pOZuqpWw6DD3U4GaYp4rIWmNNqOXLGbtzFgU0rng757DmjvS4fSYhkZC8JWj1dy7KdoV1dy+
V2YS6IZ79aZK5TeBza57DKakspB0giaDoMYk2QrqPr2FHUVxxO/Wcomi0hJ865FaWQYNCK5Q
ZhfGb2khxKKXtD4VxFqX/bnaxLORvyHk7+RgaXkdUrEDjnBHLiPbGulyew9NfndZPSTG7FQw
XUYaxKDhOxK++uyVaK5gwPzuavYvN1TEOe/7yWJlBjlGnUd7hveB1RTmD5Sx67by9kNzPwKM
Sve14EaSSIvkeQVo+VsZFNXxLGpeJFnsmkVUJ35jwqaThlvu0ZKwpLKUTOL2nAm/oRllLylh
bHYbX909NCfapaXMeVX6vZ2GbJthwNHFnLZrYTTtvGtTx0QIBK+gaqv29VAQO0fPUfIJbUFt
304XnwAAAP//AwBQSwMEFAAGAAgAAAAhAB+xU87CAQAAmgUAABIAAAB3b3JkL2Zvb3Rub3Rl
cy54bWyklN1OgzAUgO9NfAfS+63FTGPImFGnxlt/HqCWMhrpOU1bhnt7CxtsjmVRd8NPab/z
nR5OpzdfuoyW0jqFkJJ4zEgkQWCmYJGS97fH0TWJnOeQ8RJBpmQlHbmZnZ9N6yRH9IBeuigw
wCW1ESkpvDcJpU4UUnM31kpYdJj7sUBNMc+VkLRGm9ELFrP2yVgU0rkQ8J7DkjuywekhDY2E
ECtHq7l3Y7QLqrn9rMwo0A336kOVyq8Cm111GExJZSHZCI16oWZJshba3LoVdpDFgbjrlXMU
lZbg24jUyjI4ILhCmW0a/6WFFItOaXksiaUuu3m1iSeDeH3Kv6nB3PI6lGILHOAObEa2XqTL
9T409d1WdZ8Ys2PJbCrSIHqH3yj8jNmZaK6gx/xva3Y3N7TEKf/3k8XK9DpGnUZ7hs+e1XTm
H8zYVdt5u6m5PwEGrftacCNJpEXyvAC0/KMMRnU8iZo/ksx2TouoTvzKhK9OGm65R0vCkMpS
MorbiSa8huMoe0kJY5Pb+PLuoZnRDs1lzqvS73xp0La59Dg6m9J2LFxN+9wdVAc1BIJXULWN
+7qvxE4xOkg+ZheEO1U3+wYAAP//AwBQSwMECgAAAAAAAAAhANuvootDFwAAQxcAABUAAAB3
b3JkL21lZGlhL2ltYWdlMS5wbmeJUE5HDQoaCgAAAA1JSERSAAAAawAAAHgIAwAAAMIj/AsA
AAMAUExURaLE2YeVxOzx8oq20sTW37zT3dzm6dXh5ZiEp2SOvKzK2pG61Rs3j/r6+qWyz+pn
hfLF0ChElpajyeRUdnWlyLHN23eJu/Hz+DhTnml8tPT19sbZ4K1ojsPL4oejxs3d4mqXwe+x
wNDe5J3B2Upgp7jS4+jt71lureTr7ODo6u2Rp4Szz+Tu9N7n6uvv8LO92OLq7FV+tOQmUvKf
stjj5tPY6csqV8ja4fP09cDW37rM2t0NPefX3rbQ3O/y8+br7aS30Ja91/b3+Oc/ZqQMS+MQ
QPvg5l11r5qvyy5MmlyFt0NaoTldorPG18rU3+p+l051r9bk6r5GcGMcaOLl8Zm/2ERipt/r
8n6Tvs+Zr8isvazD1rzH2kduq8aAncvc4+Pm7T9lp1Fqqc/g6tgYR5Kvzc7e5r03ZbvF1e/j
59nf6rLA1cnc5cre66m90p6tzMfc6c/a4/Hz86fH2v3w89HX56Ww0/3v8qfJ3ePs72BXmOEA
M3+xzg4rif///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAM25c8QAAACAdFJOU///////////////////////////////
////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////8AOAVL
ZwAAAAFiS0dEf0i/ceUAAAAMY21QUEpDbXAwNzEyAAAAA0gAc7wAABNNSURBVGhDvZrtQ9rY
EsYDCFQgahDDiciLQImIICouUgsivTWGRCpdtdytrCu+tFddbXHXyhrCv37nJAESxLb3g3ew
QgPyyzMzZ86ckxAd1bYmtBfP+ERo302ubD0jRf3qLqvz+h353LAeq/NuVn5mWJ+19ebb/40l
v5t8Zi/2dXUm3q48rzAdSx5/+7y5qGN1vj08rxf1rM67h5XnzEUDa2v5Wb1oYMnzD2/+er78
MLA6W6cP88/nRSMLIvbwfEV4gPVt+TteJElvyvzHHlgq5ZVL/7OzB1jyysPD+DAvbmz4b0wM
y3Isyzbwb5q+81/8b7gBVgeEPQwUYZK8WKxFBZY2uYuHn/2Vr5XDz5djbppuCNGa/2/ypyvb
IKsz+/CwrC8fqQs3y7Omy9WNmLnZNJvNsVgshX9a8UyFbgsCY7qY/jl9j1jf3jzoysfeIsu7
6Mp0qQDfD7YxB5ZOx8GSNls8zrGHgUaUOyz8DO0RSwZhWuKX9kxRqs2uNpsqSKUBToEl062Y
2SaYCvZX4GHTxo9d+YjVIUHYW5z4q6YowyB3qbS21lxrNpvw1GwWCqkUprViMf9YwBSouV61
bEn7dkNw7/1I22NWZ2IdQvYt5UZM5VIYu6jcmGo0BwapV3OP+b9mzNPNpj0QRXAqDEtRDfoy
vJApNpB7+vt1YAhLHgcvTtbZSuyzi2KFKMvUgFEsKkzIvQZbKxYFdiwD8pLxMCDRgcmXDG4L
Df93HTmE1dl6C7CZj7TgargvK3+QMjxKJBi8aMYrn9200G7Tl/a5VMtmS28L9hGTgEzBqo9G
te85chiriYU9/GOihTmyNA0hAoNQNQv4ZXO6VCoIpkM6KnA32dScLdOotWzBbXRwXQ1/FITK
09KGsMia61/AWt6qu0uplFnhrCmGU6NgTk1fCxupZuzQ1EBc0WYuokomDKKo2tHJUY1ffLJ4
PWbFuDb1Hgv7FK02VRRgpsG0RDSTNN2E1Dc3459pJAS+sjVbOFxtXYtMLngyhkzeJxLyEetC
aDMjc5D3Dw/vSbOCmlZICg0rM8ucu4lHdTo9F7PfRAUBhVvBy+0A10Zso4HajdjwfBxkVXjq
GurPLOT9w/pKCVBYU0k1DUbStWYspgzpdKw0d4Pa0Yag5CtPBc4C26wwvIwMsCpUYzU1F2+Z
lfRYnyiZdagujHSz00q5ipnTOwGucYDaLs5qD56fWAUanqycMNSNRtbfPB1vxePpdPo1zvuH
5dekqgpnPEkqsLXC2ioKm1MF89wlLSDWdP01LNANFDgJZ893qMBVznpVHqrMwLrga7F4Elhz
c+Z5zHp4kyr1URqsWSixtJw6pA8EZiycTKVtczRXdfONS3v2JICsOWsuxwqxxwmiZ8UEJh23
KaxWSk2Ph3EcJ1VVV1izQFaQiUVMMW2GymHLZDJ+tJMcYaiaLzgi1M6t1nyeYx9PNDoW2UAZ
m01lzW14JxQvPrwraTVDVlil6TWStNdcbfdFszkH9d4GLLuNpW326jYSPlYDQi4HLIdgejSo
+yyZdh3GAZaEcM3NtRbU9ID5RVEkg6kw+YJG3CLLrKUwClgAs40hXzhYzTFU4JVwDaypfIRa
HMz8PuuwTafhrzRWLDVdxNUDbEXHIhWSnyQziEmleqzMV2GsGswenQR4Ttj2AWsqH+BXB0LW
Y11QVAWfYdeHqcJXFx5kkPmzWJEiSy6YEFcpkVCnKgKbTCm6wIf2FsPZg9ls1r5z0D67wizH
SwYNZH6XRTIuJm3vs2Ix80bjvRqy0wnMwbhF1PDLJeg6UqlCkkOH5jnoBDArWRSywPL5gjsu
qujL56cc9w6xZhTWZRUFNGbrsj6YF6CJIQNLk6oX3yow+Q8OFUlyrQnlN5WKFVI1nrab4wrL
HhaKYYW1LTDUmU9hnbn+NsA0VgGZDip2jdV6vTIx8fo///n8z2/QwanKQNQdojdkaAhwqccN
yEbzsIFMmZgNs2wcUwUfBnOIPqnxtdyU4/b2fjRqqPkqS65x2w34C+xDWzKdWV4/XQZbP1Wd
iJUtcOizTE7D9K+xNuZgeI1FUe1VJh2v2twH1XP7ybXQyPmyAVfNCiyCQHd6YSprj7cGmDBm
ASweX1CLht5O/6FTslZ8FRdC7YXim0qOsahRu9mpvOKvX21zFJPz5ay+ABXKA+o+ZCgfCktm
mBbNgC5FGIxlm+Y7PW0F+0+bLbELAYWbxLnYKzcnRBFy8dCXFo9GclawABWYIsAO3DphCmuP
32kxNHa7logL0NY/snelkjIva9FSukSchsm07av18yuGtebOgyNQNaBsWGuugIOIEB6ka0Aw
S4bSaWPoKjhRg32wqdXQaOMFmM8wCmRBtNSRDG63Z+xhOwQse+Tzaax8fpS33EYi+8d3/eqB
WXvo8qha4+AP+sKUyXLQJl/DTK2herKUjA8H7R/RTo8FQ3lqF+0TkUhI6JdFYMl3bDBbNXHh
sAJTym9yQauGRtzyBHQ7Sr4r0VJcqLFOXqHrI1UWlA2Hw0GgOhHZd6LFXsSAZY6ehbN2d0Nj
YVg83no9JD2gXs2bvQva/G9ABY/sjUAQs3CVB9btvZMaJTb3y4yetYpGYBDuIKsCU9Ie5pUh
ea9onHxtVpYPBlXhYPCoyjDBETVc4EIYXfc1Soo4JdQrwaCrRtt9vmxQ2Aa3KxFTi31LK1CD
QVteWVhQFyp9D4aDR1l7jVV0YVnAgoS/30WbTiffcyLRIaPbENPsCRQZnReT8Q8Tp0PSQ5Wm
qeoGC6Oy4cABDC5NFmZFIk5+CVhct9wTHb+Qs0Gn4v16WGo2vbD68cYzMS+e+SdWhtv8BFlK
JZNmrT/1Fppes/kke42U0ZW3LbRarQ+KjYxVCdGV0iJGdIqcbwHPun3bsDeNB4b8b9pmKxkO
V32v0A7UJ2veazjuOG53qz0hc4FcTHbjtb368Mtpe0F/oPtG/5l1y2uYVcP7AvjBVuTqiA8R
mDVVInvHGxfyfd3VncaIvWhxZEFm2z27kdPhgv5A/63eqwawMtMy6h1YxCzhLItbjRLJ9477
5YAocl0frjamrAsyM8jSHRjKamaABcswze7kTG4k6s7ihC+R/eOHcsNVRlrpIPwHVmtML+Pu
J3SxcjNjN+qyj/gO3NDV5B0lsq/XL3MuSfSrwggT47O2jLriwYLMDVHTPySoLL0uO9alsfS6
aJdUv9FYdMiXbxl1xY/M8g3LMhw8GKbv/DZilCMccyMX7IO6crloADc190ZdjXa5TGusRiAH
LEO8MAuWxvgH/pn6ckxKR6ocV1gGXVZg5aBk3Orj5Zfpulg2aazomXVqQJctOOe/S8E6D5qp
kkzrWWuFC/dNjDQX0uGwMV4nGstx6zXEi/DwS6yaHAQq5oFl0GU7OkK0LYiLYzgm1/SsuP3r
Daz57TaonWsGXSdWK+jCldCYh4QkHjeUKnVBIGLqkS67SQjDl+FSHDPqitvt6bAbaCM2+5ph
fJ3kgWWFtpAwxouQlvio0ggsYpYjbtSVHEFuexCzwuGUUdcH3ABV7e4DxHw0xus8bz0IWGHe
IryG8UVIIVdD2WhcBZYDWLq6cSeba4IvCAao4ICu2eoJPgNbGFo1v0HXeT6PtvG8FTHqikiS
S1A3NQkUcdwmjbqyKGDPHik0YBni9Wb8T4AFg+fV8KukIV7nU1N8ceoWWNNGXR4LxWss6sxx
O6CLEUZgPsoeHR0FjzaM8XrzMFk5CcI78AGvMV65InJAajyOV0JEGstVmyIGdEVRLugDGOCy
rQFdsIT+fILPJOvzGnRdB2j+7CzgqbF7uuOHMuFJ1LusdhmzDPGCRbcVpmoFlx7UBZsDv/2J
VyS+gkEXLVKUANsqYn3POL4kYKkNKUEd30YGdF3mBAGUYZjvsS5YSPz7zyuFpa8bV1PcbsRZ
3CegRunrIehaiqpdACG4nIO6qr4RUIZhPt8QXdBxjPuufCPGeH3JR0chWETEOVA3pESvbjDt
EFE15qHd6oMNimvorjDLmIdauzP5+QvM5lHd/JUlUOAWms99YBl0SVLdpPbZBO2qR6rGeEFp
811x/Fh4xDdi1EXCNRDVln/7op9haXnhTG3gnffyhat3DhekU0rsduv8HeKlAV1Q2qwjVzQV
gJ45btSV+b0LW//9g24KcO3Jl8ebkf1N571XDvRQVKxkgdzozl8X4nH9g1EXlBuwKzdFj/iS
xjy0+37vLSrGZX+/LHMl2XwCDXZSlg/7R1n5gyRJQndeXo2GqJfGeJ1PKTDfNTrYWTDqOsl9
+a0LO93SJXdbOFRbtT1T34Ntt/xSkjy8tl1EeBsewW3UdTSVh9Va3urLc/yiUdc5bGx1F+wP
72S3vlMQaPeNiaV0hxBJWiRLudHto+TarmdsoB5CrcG4fC5XCxh1wb6W9cu1toRZ3vpBa7co
f5GkhKilBtwPsHjg/NOoK3vrwDRFXcao6wifgnVHW1aMy3t6GYPtkEk2Q2Z4+n0vrCo9A3no
A5ZKm5qyGXVdYdZU3jGjpuOKvNd4quFyuWUSJpTEMdVdMsOaiC1XZd1f3Mg5AqYGjAOrGnVl
MR/OI6+m4zpsDtzoGi0dl1mVSwSgRttMd0MFWHfoBPbzXJRmd8AiMO1eZZl678CZ+rRTcNz/
W10xjX+TS4cMr8s94LngQo4s2zYh3yW+vailBr5/Y4F/aVyI5CIqDMTdVgfegm0mxz2cB3F/
84sCO53fgo9c3MEFxihYg6Pdfmj55A8OTAIP9ncdgFXiAt4F8/mqF+94XeyZzS8jGIbtlvgC
6zFYX8FP0r/aJHPKKeBFI3F/rVwxgLI/OT8xsGqyvYRIKShUp3ubDnjPoYKkhHOU8mw6N51i
iNjfj4BpNFUflkiM8mItMgWlXDH4xMeZ7rBef/tmfP5PvLqrfsk59hMKSEpIx7wHaUUD1174
5xXKiYSlzktOZ0IMRTY3N/dVXg+oaHREaJ5fOru9h3KumaZM1ffLC6gR8OiaJcQjqXzQ32pT
9oiu+YSUSIh8ArP2nU4dzcC7j3gOqIOQhbgn4Fy2X3zqFmL1ef2TqQeSLNKuqy4l+DHjvk2n
hEYBJomiJYEwC8M290FdRJXXM4jSWRnxx6HEvntmyNJ9/X1A9V5CWqL4kCVR1m3bqPcRyXe8
4l5elMSQ02IBmsrDzhywyH1E4tCvv/TKvVHb6UwAohWqU/wofGEC6mk347v3LJEQMYB5EEKY
BTQdr89U2E73zLCNsR7ydIYTqeMQ1mYpi/pNem1fdJGCs8BubIeckCeqKfIMtul+8f4pRX19
67/WLGoq8od9Vb17sWS2blHdSIGXe7RB3OZMd1PW6LmB/52+wF8GEzI3ZL8XFixUCJ8KjHNq
FE4K47ryFI8qD0C/eGozRyfrPQ4ZLoW88Uppd89cDuD0gMmmXKZ2sT8xTidQc6vFeWYYU4/l
rb9/AZFSfeQ2XuXoXXcoNbAXLfW6M0SJCgx/XAWqTOUZjvSqxRA/rr83aUUDXNQYuHrTv56y
R5Vhwt49hnQU+VHF4X1TOZqZ1Kr72E5nXvQ+ZCnz3X0oXZ3XXsp+CBlkKZazhIe8kaYHS8Ok
/fIealTPLCHKkINKL9pPStnNe6CGeQBi8fAg7WmaNFCe1j/NvDCcXMLDBx5djNVf1yvRIIpX
81HapeqeAUcapRkS8sXgiVH9qaSnxnC90sscW8QlLS9CIrX0PUcGDAk5Y4iuhJghl+oNLNhm
FpdETU0iMUqhMtTrp8zyj74mflKrrpq+Yq/HGFI3uoe8LE/1ZiBcrGEGeCJsliVqVF/rT7s5
CAOL/onryx25wLSXnP1s8uxSYhmX0UFLJJZcoUTCpMvIddWPCQ81VJUhD1VtJRoqYt8dFs8S
TMaewdAnErsUzHlgpvd9T/4CAxkyufbEnQ7GeCmwOxe0BH0d4EkEc4RuLCudBNXN0oSpnySn
M9Iu737qDo7HrA5cqT42pLtFCh1T/G5IgjKlnAMefngYdnNBp+1f/zwawsNzvnv0ghlIiYTF
Uz7m0e4o4CB6owNlJSEFtMuo0C++e/JG0CG6sB/HQJoxIyyAE3lK3PV46lTZiSVq5VwpzFLt
k3Y5+mF54gnacBbMZzS/OzC2EpAyoSWx7WqjpdFRDx4aUPyhT/OEynVRpFy/vtFm0smJoXdM
PsXqkH4WT2TGbE9YQsd8ubwrQmPCg4miCL8RL9Z3RZ67ImfHVdryUEc+yerIXriku+TBaro5
kPAc4yqJ1XhATWh0aakcCoHC0K7ILpbkDklOvFtWxgC0+fqSobx+moUb4kNOEKH3wurgF2Rj
P4raPIpDNSqKjL9XKbZmJ5WyvDw7SPsuC2h/wybo7ijExgOjrA6jTDfwICckz2idj5r29KOX
/LaliHv7ZpY0zCs/YIE4smKKHoh8G6IH3Y2uJ5BC5WPxIGq6GHILCojDTeTkrP5+8h+zAGde
LdKsyIvHu+XyaAjiVF7aPYaMYN03F0/dVLa1Na/cFzdruDb6KIbDDsDNKYdwxyjNNKLRA5Zm
THeHF96S/L175Uhyax5GQX8A/JSunzqboR/agrx8Oz6hevKZWZ3OX3/Nji+Pz/4FWfLsLCwI
MmUesuT/wgJ1W7Ozf/0XvHEVdKRHia0AAAAASUVORK5CYIJQSwMEFAAGAAgAAAAhAMccbRSc
BgAAURsAABUAAAB3b3JkL3RoZW1lL3RoZW1lMS54bWzsWU1vG0UYviPxH0Z7b2MndhpHdarY
sRto00axW9TjeD3enXp2ZzUzTuobao9ISIiCeqAS4sIBAZVaCSTKr0kpKkXqX+Cdmd31Trwm
SRtBBfUh8c4+7/fHvDO+eOlOxNA+EZLyuOlVz1c8RGKfD2kcNL0b/e65NQ9JheMhZjwmTW9K
pHdp4/33LuJ1FZKIIKCP5TpueqFSyfrSkvRhGcvzPCExvBtxEWEFjyJYGgp8AHwjtrRcqawu
RZjGHopxBGyvj0bUJ+jZz7+8+OaBt5Fx7zAQESupF3wmepo3cUgMdjiuaoScyjYTaB+zpgeC
hvygT+4oDzEsFbxoehXz8ZY2Li7h9ZSIqQW0Bbqu+aR0KcFwvGxkimCQC612a40LWzl/A2Bq
HtfpdNqdas7PALDvg6VWlyLPWnet2sp4FkD26zzvdqVeqbn4Av+VOZ0brVar3kh1sUwNyH6t
zeHXKqu1zWUHb0AWX5/D11qb7faqgzcgi1+dw3cvNFZrLt6AQkbj8RxaB7TbTbnnkBFn26Xw
NYCvVVL4DAXZkGeXFjHisVqUaxG+zUUXABrIsKIxUtOEjLAPadzG0UBQrAXgdYILb+ySL+eW
tCwkfUET1fQ+TDCUxIzfq6ffv3r6GB3efXJ496fDe/cO7/5oGTlU2zgOilQvv/3sz4cfoz8e
f/3y/hfleFnE//bDJ89+/bwcCOUzU+f5l49+f/Lo+YNPX3x3vwS+KfCgCO/TiEh0jRygPR6B
YcYrruZkIE5H0Q8xLVJsxoHEMdZSSvh3VOigr00xS6Pj6NEirgdvCmgfZcDLk9uOwr1QTBQt
kXwljBzgDuesxUWpF65oWQU39ydxUC5cTIq4PYz3y2S3cezEtzNJoG9maekY3g6Jo+Yuw7HC
AYmJQvodHxNSYt0tSh2/7lBfcMlHCt2iqIVpqUv6dOBk04xom0YQl2mZzRBvxzc7N1GLszKr
t8i+i4SqwKxE+T5hjhsv44nCURnLPo5Y0eFXsQrLlOxNhV/EdaSCSAeEcdQZEinLaK4LsLcQ
9CsYOlZp2HfYNHKRQtFxGc+rmPMicouP2yGOkjJsj8ZhEfuBHEOKYrTLVRl8h7sVop8hDjhe
GO6blDjhPr4b3KCBo9IsQfSbidCxhFbtdOCIxn/XjhmFfmxz4OzaMTTA5189LMmst7URb8Ke
VFYJ20fa7yLc0abb5mJI3/6eu4Un8S6BNJ/feN613Hct1/vPt9xF9XzSRjvrrdB29dxgh2Iz
IkcLJ+QRZaynpoxclWZIlrBPDLuwqOnM8ZDkJ6YkhK9pX3dwgcCGBgmuPqIq7IU4gQG76mkm
gUxZBxIlXMLBziyX8tZ4GNKVPRbW9YHB9gOJ1Q4f2uUVvZydC3I2ZrcJzOEzE7SiGZxU2MqF
lCmY/TrCqlqpE0urGtVMq3Ok5SZDDOdNg8XcmzCAIBhbwMurcEDXouFgghkZar/bvTcLi4nC
WYZIhnhI0hhpu+djVDVBynLF3ARA7pTESB/yjvFaQVpDs30DaScJUlFcbYG4LHpvEqUsg2dR
0nV7pBxZXCxOFqODpteoL9c95OOk6Y3gTAtfowSiLvXMh1kAN0O+Ejbtjy1mU+WzaDYyw9wi
qMI1hfX7nMFOH0iEVFtYhjY1zKs0BVisJVn9l+vg1rMywGb6a2ixsgbJ8K9pAX50Q0tGI+Kr
YrALK9p39jFtpXyiiOiFwwM0YBOxhyH8OlXBniGVcDVhOoJ+gHs07W3zym3OadEVb68Mzq5j
loQ4bbe6RLNKtnBTx7kO5qmgHthWqrsx7vSmmJI/I1OKafw/M0XvJ3BTsDLUEfDhHldgpOu1
6XGhQg5dKAmp3xUwOJjeAdkCd7HwGpIKbpPNf0H29X9bc5aHKWs48Kk9GiBBYT9SoSBkF9qS
yb5jmFXTvcuyZCkjk1EFdWVi1R6QfcL6ugeu6r3dQyGkuukmaRswuKP55z6nFTQI9JBTrDen
h+R7r62Bf3ryscUMRrl92Aw0mf9zFUt2VUtvyLO9t2iIfjEbs2pZVYCwwlbQSMv+NVU45VZr
O9acxcv1TDmI4rzFsJgPRAnc9yD9B/Y/KnxGTBrrDbXP96C3IvihQTODtIGsPmcHD6QbpF0c
wOBkF20yaVbWtenopL2WbdZnPOnmco84W2t2knif0tn5cOaKc2rxLJ2detjxtV1b6GqI7NES
haVRdpAxgTG/aRV/deKD2xDoLbjfnzAlTTLBb0oCw+jZM3UAxW8lGtKNvwAAAP//AwBQSwME
FAAGAAgAAAAhABW054SrJwAA7LkAABEAAAB3b3JkL3NldHRpbmdzLnhtbJydXW8cybGm7xfY
/yDwemVVVVZlVRHWHNTn8ezaPoZlr4G9WbTI1ogwySaarZHlX79PNUlrNPPE2WP7xqMOZlZ+
REbGxxuRv/63v93dvvpxf3y8Ody/vSh/VVy82t9fHa5v7n94e/HnP62vu4tXj6fd/fXu9nC/
f3vxZf948W/f/ff/9uvPl4/704k/e3xFF/ePl3dXby8+nk4Pl2/ePF593N/tHn91eNjfQ/xw
ON7tTvzz+MObu93xr58eXl8d7h52p5v3N7c3py9vqqLIF8/dHN5efDreXz538fru5up4eDx8
OG1NLg8fPtxc7Z//76XF8b/y3aeW8+Hq093+/nT+4pvj/pYxHO4fP948PL70dvev9sYUP750
8uN/Nokf725f/u5zWfxnf/k83c+H4/U/WvxXhrc1eDgervaPj2zQ3e3TdO92N/f/6Kasf9HR
P5b6Vyz1m6dvv9m6onlZnP/r68gfb3/RXnb7aRd/e/P+uDs+bTMMsI3i7ury+x/uD8fd+1uY
6nNZX3wHR/39cLh79fnyxx2dv98/ntab0wX/ftgfr9g02LPuLt5sf/hwvLk/rcfd1bZ9u9vp
42777/3xLzfXp4/nv9jfvd9fv/vyeNrfrYf70+P5x/dMBlafD78/nN59Oh4Pn+6vf7Pf8VtI
Xg8H+j2Tt6/9uP/L8Wbj+nenL7d7xrZ7ePj97o45/O7dX87b9Pnydrednev963nZRv/j/v76
cPx+fnvRb/+8vr393y/HrSmr7SdOy9Vfzx2+vSieJvjPfevD8fX6x3/+W+W/8q394+vl3f89
HXfX97DxPzu9f+mTN6fX3//p22+l7Z/fLmW7/fTTpXz+Fgfh8OHdaXfatuvxYX97e5ZtV7f7
HYz4+fKH4+4OqfT24umXp60+nXZ0df2n/d0DMmL/6nh5c/324vj99XOnj9v2/2F3v1/Psm29
uYVL6OzMumktyq3n3e3teVcf4dzz4D49ng53Lz8haTdeOcHZ3/x07vrx+/s/P8JV5z/6CIu+
sBx9nX+7/wSDcwqeGPHl19N2nr7p7frmuL86PY1y49v/uP/jp/uXAf2S+AcOEgvy8DH+k9+/
fPl5Vr/s5E/bKF462Fb1+PX7z41Oh4e0nbyfTOC8RD/ePN78fAq7bW3vWajzxLbTdp7ueaOu
9x92n25PfPEdXb5sQJPbJ9b++OXh456mSIn/w/X1Qq+r5ol+vUmC3zz/0X7aPTzJievj7jMj
+/fjzfVvDsebvyNAdrfvHnZX/PjSR1k9H9Wf/DEH+3Rz9cs/zen5czePsNOXr33OXz+0cAl/
een8peunv3/p9v/312ex9hFxti33vDvtzkt0f/jDp/ur06fzKvwvVpJJnAlXL1LzeWYT0zwe
bl/GcF6biXv6yDXyvJzXx3cfdw/7+WnVH7/79eHycfvheRseX/14uf8bgnp/vUnux4eb67vd
395etGXuzgfnzefLj7/o4/PlB4TsPXL2D8dNuL/8i4Fsh+7185H72c/nJaK/l5+f2iJrv3b0
/I+f9fPtry/dfNPwSTvZxvLpcb8uv919OXw6Pa3ZWW9596T50PH9WfY//f2zNvO7w/V+O9qf
jje/uCLDK3ZrcJYd3Ah8iHl9HQO62TVL/fly+48/slQvf4vWVNTLvD5tzkb9SimKYkzPp+Dn
lHJentf055Sqzdl7S3XUW5rn4Dt1kybvra3GYARtWoPe2q4etbey7OrnA/az+ZSpSIu3SdU6
B5SxfNYyftHbuPTepk5TMIJcj7W3yQNaz5mpfv6dPFY+6qqoymfR8LM2UFpft6qpW/9OlYvB
eafKXetrUOWpCtq0U+FrkIp+GXSmqUzZZ5rqaj2fhCeu/wlf1+XY+Hfqql2de+u6qnwEdZ0a
39M6V9Oko67bsXJKUxSTj6Ap09PJ/sV8mqronBObVJc+tqbOo69bUw/ZT0mTyzpok+sUtGmb
stE1aNrcOCWX/E/bQGl9prkcat/ttmB9tLe2HIOxteXU+Hfa1Aw+U8TO6vNpm64ORpCnxc9C
29aFr3Xb9m3wnXYO9rQr6+z81pXt5BzSVUuw1l1qJ1+dLg+LU/qy7/3M9VXdRpS1DHpLa8Ah
fTOOfk77vAansW+Xxvd0KNbOuQpKIMmHalxcjg6M2nd7aNbZZzrkbvDdHotidq4ai7r13R7L
oq/1LIz1OrjcGdum8PlMRdn76kxlHcwUSnAap6rPfmNMKQVSbMpr7zs3l7n2mc7lnANKleeI
0k4+0zlNva/1UqQhoKBu+EyXXLZ+Gpe8jj6ChSvLv7MWTePzWcsq0N/WKo8+gjW3g/PB2kZ3
ydqOfurLolhanc9GWXUEZVEOk+52WdSzc29ZNPC8cXxZ5NHvbSjrGHwHrXP23tql0HNals3k
UhnKOus9xy23NrrWZVXNlfJOWaGPBm2axvWDssrN4Gudiir5TFPVhpQ52LmUh8lXJ7XtsuiK
pnYdfHXqopqTtqmLuvHVqYs++0zrsimCNiWiz79TdlNAScm1gLKuW9dUoUyt3lll3UyDr07d
DqOeembTv/g4v9Xwy6aqe1+DJjeuU5S5XF2OlhlG0NsMSl06J+amWpwPcpMCeZBz5bpymduy
cB7NbdW4dGk3IaJ7is7X+qlvU+eSr2zTFHBiW6NG+3easvN1QyF2e67siki6dGWgOZRdVbtV
XXapWPVegMKndNTofLXPp2tmv4PLLufVubfLgZ1FmzVYg75I7qco+6J1na/s67z6yeqbfvJd
6HPTOff2eXK7sezzUjrv9O0cSJeh7N2SKIdyHHzUQ1VVPrYhNW6jYxeV7lmAUufgO00VjSCn
YH/QVF13KYe8uM5XDu24Or+h3brWic22ds69I2vgknxMfXCfjnXj2jo+ghxw1ZjnzuXoVEzB
jT7VlWv45ZTbxndhLia3ckq0277UczpXZecSdq7qLvhO1RI8FT9SOVe9+9/Kua7n4DtNlfxk
zbl68uH+3IOBRt4Gt/PcIpR8bG3vFnKJ5l249F9wH/i6LeUacOJSNYHOt1Sze2TKJaHX6KiX
OlXB2HIb3NtLHt07WS40cU5cWQI/WWtqg/msNXeGjnpt1uAGxPZYgjZtVSsfEKrnArLv4IIc
3O8CZXY9virS2itfV0XbJ10DXKD1rJKiIibjpx4Kq6CjLlO/Br219RiMAKeQnp+qKga33qGM
7p2sKqIjetNyXxRRb2lZ9M6qKgYdjA1NNesaVE1RKSdWqWgGXx0ofjvTZgh2G0+AezCqlPrJ
14DAg9tzVWpmt/irhK/TdzvlNOsJpk3nd1aVWi4tXbe66txvWdV14/poVTfNMHtvzeSeLLYH
NU3bbFe980HThG3wbDuH5DqaT677ys9prqfspyQTm3J+y03vtwwmbe8yEcqYghHk0u2SKuPq
9Jm2Ze36TtWWg2veWM6BpwTKMOo9t1nbgXxr63Lx1Wnrwa1QonNskPIBFI+o0Waq9dYkYISz
U3vDknBdDH4vX2Ln39qnUOpgTzvm42euy0XvJ6vLc+G73WNxexs41DWhqq8Jv+hM+1wsPra+
JTDjbdoUrDW+/cr5oG/bQO4MZVn52AbuLOeQIQ2Fn7mhabLPZ8AS97MAZfGZDrl1a7fijglW
dCw6t09pg76uK4ruP6rGVY0tMQ5tMxXd6L1NxTK69J/QlZ2r8F8vvqIT94LL6ylPfTA2eMfP
6Yxz0Pd0xrXhMn6u20D2LiUmi67OUqbJR7BwN/luo/cG+s6CfPO1XurCfQ7Vwmd8PktTBHu6
RF5qollNNOq29TjTFgELOHGt5sbPHPp163ywEuL3m5ZT6jp5tebsuljaDGTlg1SwcypDsAmy
a0JQVh9BKvLsUR4oa1beSWXZuzVFCLt2extKgPVIZTP6PZdwT7qGD6WvfGxVkTvdhVSVddBb
VS2DnoWE0udRxYQH0mUvlMmjSVBm10MSSAu3kKGMfmvin+1dUqRUTMFu4wB0HSmlavCznVKa
/a5POGTcDk7oyqvvAuYp2EfxRqS6KINREyv3WwbVv3ENH8oQ7A9qiEvLhMPM/W+pbmq3aVOd
F7+3E97e4GxvrLPoGjTV6jZTagh46p0FZWom7Y0L3ZEJGDk4MbxNwqfplLqafOdQLd27nzJx
Z71PU25Wt2kTIt5lLz7qZlDdJbW5cJ0cSnb9Gkrv0TEkfOn6depwVKj0T129eqQrdcB0/Cx0
mIABhXtBNYeENzzgxL4YAtnbl7N75lKP9u+ciHydnat6lEHfhT4tfgPCU+3qvYG08DhgGnCI
OO8MTQpmuiEtfD5DOwQcP6YAx5XGPCW/F8a81j62qUCO6fmZyj6Yz8Rh9O9M9epe0IQnwL3H
aWpH96mmmaivr85coNrpqMFTBHfjjM8uaIPsc91lBlvkcmfGZHKOn0GJ+upAcZ93mgGfOY/O
yIPGZ5p7tz7g6uiULNxmzgcroD2XFCunzse2pjX72NaaM6yjBkkQaE8rUDZdURiUO916I/Se
3OKvi1S6BwNKdrwL4frKbaa6wGrTmRKuX1yrqQk8+70ApffTSKC6XPU01lUJglTXoKpLjxDW
GEbu54MyuW5JIsHgWJy6wqpWmQilc6QFCuzsd1bNjrokr5lnrXYWgO0ABQKldUlRY7S5hMWh
OTtmAWhEOamkwNU5ufSvQaO6Hg8liM/hUU1uFdQ4AAPuzWls/JTkmstEOSTXs9/BNYCbWeVB
nUEhem9thHFm2Xq/aYFUrlFvRDyD79StW23Av0f34W+YFscW1WhClco3KMnvLOJPrcteKAFi
Gnfm7N7wumtKx+ZBCeLOUKbKORFPo2Nx6g7HssuqLneO1qq7tvR4CZQpOI094TGXVT13ier+
dV/0ASfyu+PFuEm6yXkUFK/74/Htd25N1T1woFpPSY9z3dcabdAtiXrgavKxDZubQL8zoN06
xw9VGUjYIY0eC60HTAyXB8QuG5/pWIHC0LFBcQ2FpI/CNaF6bKZgRce8uFZTT1UK7iw8mh7X
5MYKUBP1VM/uc4CyeEYIMZ7sFj+UxT1ZSNHOY1M1OAePCEAhw0TXGm2wdj6YAcKo1lnjOXVf
DZQ12G1wDm4h11Dc1oSSg5M1t312rlqKwMdV47t1uxEKipWuzlIGsXfaBHYjlDU4pwtB0uA7
YL/81C/tktSvXONtDSTFmgaPB2+74/Z2jU/VMc71CqDPx7a2k5/TzRPtWTFNUfdJ16Apy9nX
AMpSq3TBWdT4yYJCtM32lNSb0uMYmF/NpLczlCFsMztioCnbxb1SW2qS22YNotd5tAHOsOpp
hNK+JMJ+GzuEQu6JrgFBftfsCLT10XeQSXqj45gLcOsN2rrLayh1NAJ8t8pvDXq8384EzYIc
QiiLexYa3NR+A0Ih30vXDR+oS0vaLI6iagA/+82Egc7W+XdqrGen5NnPaQOk0RFRTY3trDKk
qYng+p5uGXx6Y9BmcCQZ6XMBjphcydmxeRtl8rGBQHfvftMAVfJziourUX2HpI/kPm8oneeS
NuC/A07MKQWjxnfrPlXg5NnvYH4PkDBQkt+0pOL3vc+U3D63fxryxT27o2mrvnE+QPg70pxU
xdQGIwAbobczkY/s/kQos+OImUyQEwllcSxB06XJfdFQluD8dPCvcxUeZ8etA4rmmOg53TzO
fv/gCXaEZNMTx3AZ39eBndX03GfBCJrkKJ2mb4M85Ab8g+uwUIZAIkEJ+GAo5uCcDtWYfKZD
BYJUV3QAy+YrOqQp+40BbiNY67FKrkVzMY5uazZjzZWuYxtJK/ARkFXtHtoGb3jAVeQQBid4
qkaP/jdTGju/S4hzBbrY1E7u22hmIoG+CzM2mK/BjPOp0tWZ8xrInbkNPM4N6+m2ZrMUVaCl
gXHufWxLifKvY+OedY9Ms6RlcHmw5MURUc1aDm5vN2vVuEXZ4Nl26wPK7L6aZs2lR9ihBJif
TGKq5yZlFtR90VDWTrWAjGfbRwClcXsurqpBHD/IucsbFEf1AyiBjkRCPI5D220os3towUwA
nvQ2eA0DSgMQ0ds0uPedkrmfA8ro/ioC0snjmlA61/0z8FrnxAxqwvFVUCaPgRH4bgIOQVd2
bxEqUoDw2pQn14SgLB77wF+Gya/rluplVT2EyAdhPW+Te88MyinP7k9E22ldt8yEbByDkXE5
u9cQSucIItIBK5dVUDjeOh/wyi7jc1P3fsugVOFd994ykRml4MQJvpOr2T0LqLBAiLw3OE6l
cgYg6b4nTs/ikTvSG8vZeyPpYvaZtim5/yCDPXbfIJTAi0O+Tuu4W7COXUSpgkhX7prC41m5
L4AL64ripXa/P8ivwvUdKN2i2jrxwQC3DmVx+4cwMQlSPrY2qFiwnUXXuKAQltfehiI5opD6
PwCTvU3VBaMe6tVRBnkkhcPnA5IgWGti8l6bgQpEFLHTsZElF0jYiVtGvREZr67rO3kGZObf
mVN0Y4Al8BpEFIBYKj/Bc4TizTM57KqLoTu1wY2+bPahrg4Uj4HhJQe2p21WUoqdD1biMr6i
IAYccQNyZQyky4rfP+itnQMJu7azn5KWAialyl7MycDKaYs0OS4AVYNiE7Y6bdGuLuPJH1/c
liE6Bydob2UdZN6TEBLY6C2hKY+9t2U7upYGBXy6jgAUvt+0LdUhPNpHPjzmh/fW9F7JpuXG
8shDSz2uUk8JlMWzYpCIgXSBklzzptjS6LpLm6CprILCgdSZppa8c6UAgPDs3BaAimNKSIdf
HLlI0QjS1/Q71GZwfYcqWX0wAqo2lHq22dDC9esWZ5qjjlrAQH5jtBmVwjk+V6t7NHGLUXRE
Z4oyVqqk2Kp+OboJytSrJIeyePwUFAoiQUdAIo178xC8QY0owMqdZ0dBGT17AMriuS9QVs/h
aLuicc2u7ajv4vMhxuMaZNuBjHNJgW/QLT0qIebk0hJdrHJJAc7Bc0nxseGI1V2gJoDnCJC9
3bmXuu0JWvka9OSx+Nio2uC4J77fuW+QOmpEZnTUfTtMztcDNTH9lAwF+SraG/lZbum1A8n6
UZsx2G2QBJVqDi0V8NxjBl56db0KzxNmm456y6hyKTZygp13qJkQSL6xGTzC0Y658eyodiQe
7HwwVTh4dNRQBr8XJi6goLemK3wNJtx8wXfwaAZt8O77CKgW4Nm5FCUIopdQ8PTpTGeAi34W
5oo6Yt5mi9A5BSyOc+LMzeBSeQaq65y4FGjL+h3iAR5VbNG7B5/PAl+r3tsudVBRr1221FQd
AVXR3AuKtJ49it2u1eT+0U2zdI8mFbwmRwtDWVxadtQ+81uzQyP2GAswu6HQ07hRPLMOAF7l
GTtdQTEq3VOuLKS8rWhHQpVrGx11PLPyG+BeSohob2i3brF0eABdF4OCXPbeKPSgp7EjxcY5
Hsrk/njCc5X7d7ica+e37doOVodIfrA/JBxUessApghqn0EZ3X/QgYp2+QZlcp8Q5Z6Sy/iN
4sgrKIS4dReInnq2MYVRO4+XQAnqQZJATt6ffofakknlDs6d0XEBJJ0H1S66LafLOR7gryM6
UKtQbHxs4J6c4/GcetYfqtjg6HQOAkWA9DsUbXC7HoBmkD3dUezCtZouA9NxeUBtBrfeNzhs
8jOX8+DIuK0gmGdDdCyOe4I7DCC/F7o2D8Eu4Nhufd3w4DsquevKbnYJC7rX9euOLEr3V2Fg
BHF0KIPnCHQsqdtMUPpAilFJzf1IXYfeqzdtRw5JcJf0pLP6GvQpqLLT9TRxPuib2j1ZtJn8
du6GMrvuD2X0TMGO2Htw6gey7nxsA+AVP6cjwsWly1iQCKancaQaY9TbUrqMHzlyAYVENNU6
gfVgCfsIyDgIemvQUbwNtahmpVCh3S2JbsIV4KsDjtiRI91EWRqXLhOZJy5HJ7S+UcdGvTSP
jnUzpSp9t8k3c39Vh1c3kEggcgPJt9UX8/ksKAi+1lA8U6NbYETfuYVota81GFrPUujWqg8k
3xZ7d+5duVCde9d2cVuz56En97uQvtC5HUxpx8WtUMI/jXuP+7JcXcb3VEPxNYAS+Ab7siHF
xbiqL1ETlXegBBmw/RYU0dMIZfb4NmXQ17HREVQ4PXR/egpju5cACmk+2hvR+lLPT59yUI+4
J8Du9hxlcfpGz2lPkppb/D1Jai5hoQwBh/A8hnsnEa/T6PsDRtPPDxcT+62r01Szez36DUTr
e9qk3pHMXHNBXTYgiIHHuccs8XuBZAwqPumosTAcfdYTdnYfCg4zqmJ6b6BxfKY5d17rlVQe
jCPtbQulOPeS9OeIz56Ku8FZaNPo9wJtkOU+ApLBVfZSbAkksbbBonV8CACmLuC3jqh80Fua
XVPtqQoQrAGxS0fT9ai3jsXpe6o1+wh6Erv1RudZBko46hr0JArqLdMPZaCT90OVHLEGpfE7
C9BGUKmrH1pglTo2sqrdKujxaDp6BsriWloPQtNz2KGQt+QjIM80oJAT6ZIcHGTvuwDFc0n7
kTXw/ZmK1b3UgEeD12qgdO57gkIums50Ih1jdQqxd5e9E8WagzZUV4koQZ3tfia4m3QE2CuO
p+g3z6lLyxmEove2gDZxGbLUg0eGeuKDgbxemhTcMgsJwr4GCzEWl8pE/92u7/EDe+ywJ/rv
2R39SiTF14Dov0dSeqpUuT3Xr23vMTDSNSlQYTsHJbuEBe7S+Z0FpXfPwkZx+QZlcTTQUFBu
UE8jlNXznSlLGtzoQHF4a0JnSsaqexZ4vovgt7cB16J8QMoqHjhtg6sm2AXKwLoPn4LipKR7
b2AKfXXA6LjtPFD22D1mqCdshH6Hl2L8VYKhJr6t9w+UMWjDK1luL1AyCJ7XEVBTKfjOliah
8o3SUdm16IEa5O6nGOjLb+chk9jgu4ASEIxtq5yUdT7k3vi9MLTV5O88DDw35XHagbqg7lMd
sJzdT7FR/HYmIEFcUUfdgQLxtca97760oasG93ENeHdcwg68SuC2JhS0JB8bdRr9nFJl1KPL
OCCT+ykG6o8GI8A8dPwObTrPCBmoWeoxloHsU0eWQqkCDsEEc+2WNFt89bo6mBIesRmoFOYo
t4HsG0debRTPBIDCQdURkJcTnMahGtyeGwbMEpdvSLdgf8YtNKQjAE/omhBlfUu/nSmI2bsH
Y6CulN/BFOyB5X0EHFSXByM1jCdtMxUoAgFlnPycTlRTcDlKjQG3poYpYVL6d3ATBGMj0hWM
jYQd37mJLIGgtzx77vIwgcBzvp7rfgwo5K8tOp8588hbQJkDGU9dHq/BShnpwb04uEl4F0e/
sxAY8nVbUnTL4FF19OaADus2IJQABwmFDHsfG05qH9uK09DXDZyqe90xAPE66HfAnLpmx7Mi
k98yOPd5y816257T8xFACds0nVd1IlRAwQ3/TkvKgVJ4MM6tqbGsR+drnrZs/cyNuEdd7mwU
t5DHqho9zgRlcnsOAHjr3iLEaIB+Hiuyk1RS4PYB1q+rk5plcQqeRtdDeFCj8fgplMFlIpRp
dA5BUw12u85Bnfqx5nkZPcGEcih8ojOteejIOQRV2f2jI+UhHM2wUdxeGKkJ4DWvgH6Nwbrx
/pDbp2MuilVvDCgE0nWmlOv0W2YkIu2YBSiAiLy3anSfEG3WxVeU29T1N0DRrWf9QaESuo+A
Ci/OO7nBu+Ft2sK9RWOmFLy3oTq5W5Qjhe5mX2sofmehbHSlz2eDgKvsHRHxruGPJMQHfIA0
8EzoEW+ra94bxW8mKEElmxFIh9/BI/Ft13dGAhlRG6KXqgWMeE49VxE2DG7nkQxy13fGARiI
rzWaqmso48grO77b5DR79vRInTv3BUAJ3jsc0VRH9WSN+C2D+2cCvuPyYKpGj0hz+fCGpJ4S
3mSLKGThqq488t5IsD/UfQnWYAay5jfTHI4aH477hEZsD7faRuoIeMb1OOci0EPm3Ht9F9os
jksbQe+4l3qkdtPo989C8SinrMTefXXwTrpdMq4ljnLd07WcBpeWeG5DSu/Rfx5Nqhy/M1Lv
yT1ZE3vgNtNEWUNHwgCNoNidzQcKEGOn8EKh6r2UCcYh4W0QYrpuE25ynymUoKr6hCHhcVoo
q+MCpiK666Eslc+HQjbuXeGRu8KtasIYk2NOESGLo58nynF59B8KqdW6olURvHBzBporX2Ps
kirovaGQ+hrwWoDjUCYyETzDkrKxY6lSDEA7GpyOgDfm3LcBSIdECW9DRFp1Cox3fCVBmwAF
QlEc3PvahvxX19aBS1O3zttQzcDHBt5y9NUB9OqxgolcK5d8pJ8GPi4os2vRXD99sHPUYap9
f4jxOGKAhIPFsbq4NnhoQVcn8z6t7w9hJs/XJKg5eryEA0e9TP0OFMfHT+SQBCvaNsFr6xMV
+f02w0AP3madOupXOR+Q5eo6+URmhVePmrY4uvNOz8PCev+QToUhrKvT4+51eQDcxD31PP7D
A03aG4EmR15RDjmwzaBMyxL0FlQeo02g+08Emtx2hkKZN/9ONXlF8Qm8Zekykbwg9xpOQ1uO
wXd4gMFninsluDHIYQ/ueuRr9u+AxAxkFa/Qln47j7z4odrtNDZroB9gCLs/fuLidjtrIpJf
q+YNpQ++A7LINe9pSoP746EEdZgmqsC6n2+a8Lb6/hB/8vohU4jrnHhr1q1QnuYDNq6cOJO5
5SMA1xloKLxS7B7AiderHN3E46foXDqChXplTUCJ7pIlemlv4iUqR8ZR1oqSyPod3oAN7kaq
pjoygVJyFLb13nDwuLTkDVj3Pc0U93J5AGVxmTgXdbfoivIAbOH+RCijS/IZ3dKtQ5LxJs/f
xkCntqKtASbg6jJko3i1P55qDuw5KJ2fkpnnbt2nuhU39mgFLBVgTqFgv+t8eIzLc/9nXhhw
3R8o9eiVcGcgzq5bzkAn3S8GhaI9OjaqLfmpp2Bb60hzSoH0jrsFGli75TqDP3C9inLRvF6o
YwM842hhykUPHneGErwhRjHI1s8c5cRr1zopQDd5Jg1OghTsKZ5Tl5YErWbHmPFMSuf5GIh+
LgBdHQp9u89uJsvHUQY88x14DWeqE3muCBRQZjoCSlUGfICHyyPFBKrReLQ3ki8dcTOTSOko
HSi13+ikI/buCYayRG0II6jWOXc1eoCPGge2ymsc65V7I6CgqHlvPCLjZwHAv+tiM4B/j2dB
CdDPlM7l5RcdQU8R5YDSBBjAmZUO1q1vA0/jzNtRHmOZB0Sv6nxQBsfZzbzl7ahKXGxU5NKZ
gm31iMBM7QGP3M3MxqMV80hdJ7/NRmpaOMdPBbU8dWxU30mqdc64MILvTCDwgt4InE3+HeKa
wdh4y8BvjKkZ3Rc9T9RzcFlFFv3o30H8exXLmah8cNdjuwejprJ9cJuhW5a+ogsvz/jqkBHv
1vu8IMVU65xXDqPvAtntgRxdqSzivLPmSCoj4T1fhhTg3vVRgLoEKY0PKIAavCa0FHC8ygOe
tCWxTHvD0egeZ8oSkAvgbRreUHEKloTKRAyJ1aPyOEdxiGhvVTl5/sJC1Xu3PiiZgKfPe0uB
Xb/wFLxrG1AWx+4vFeh0Xx3A9p55QlobSqSOjTG7JbFQWd4rQfH8XenYYyiBxxm4S+felYVn
Jx1tAiWoF0AB1t7tEkzAORg1Jecn5x3yTjyKsB1tx9AuwJ78bqTwDNnyutaU+Qk4cXvsSc82
jytXHjvkcRluR/0OGFrX8EliDKo2kMQY2OgLUXnXewmrru7fAVIPMFrHlnmHw7mXN0bdg75Q
QCvgHcrJuf628E6Xy/hle41LZfxCgTHHU/BcdeAJprRJgIteqGPj/qqFuJ1buwsva63OOx3V
wZ1DiKN73uFCAYRoBADWXFaR/O8+1YX3s9yvDCXAh6AgVcFdgtYZnDkSQ91/sIDVdS8olOBl
+4XkS/cfLOij7ltfqAvqdVeggCBVvgYxEJxT4PaOg1w4v5OfYLzK/lYzbQJPFi4cXhTXsVGR
LJjPiHffTyPaaETh5cCgDTh85yo8Qh59WZC8rieSHsbjZzof/KOuqS5T23msAMrs2uAyFyD+
9TtUggrWbS7BWngbHtlxyYezxlEGCz5VjzsvuBa8IstCbSL3822UgKsQ/16rktLGFPDV+SxU
1o0oQRWkhRfE3JZZ1u1hUv0OWR8BH6yJUkPWBmcrd61TSPMJKACI9JRQHjA58hcKz1D4d/Bg
zAGFkgUBJajAvfKqvEcRVmqjeg2IlWsumA+JDY5U4prtXeuEErztBXCk9zO38t6Ux3ZXMKLu
j1+rsnS7EUpy3zoU8I66ohSgc8QNbYI3kICugDLz3sgydd6h3pR7v9YK/GgwNgB9zm8YEu4F
JVRQLD42fLeu3XJIGvdXrammsofONNVBBuyKh9i1DZLRg3dwofDiu36HR4cdHUhJi6DeBpTZ
tZq1boCi+HdQ4FRWrRs40PeUx708a4kEywAnxCPOQaQYCkFCHRvBMbfNeFKjcm0Qyup6L+p9
5VWu1+3BAr2ZoCzuH13B0DqKl0c9KAip86EojSNh1twGL1mvVB9wVBiU1n2DJPIEuM4V2JNj
FlYK+Abrhh7vmUErcCT3x69o+O5pXMl4iyjbg226brwDFUgKsoMdwQpElAe0vDfK9DrHb2W3
1CNDOGB1DX/tST/175AH5pGUdaDek1pTUAgx6KipWBBRUvDe4TrA1qor4zJs3aqGEvjjV974
8YgalNFxNVAmR/ZQfi7wea8gBoJ7e6IyT6mrA1zL7fqVt4g9527F2+rZnysQouwneCb9xncO
jdgzeikLN3jFKSgoqzqfORWOYF0JHrolvlLvPbh/CNC5v3fdgmDBfICl+VngTYDgpqV6fMDX
oDY895KgcxAh3Cie70zCw+JWwYqDJ7gx0NaDPQWZ4JH8FYXH81ig5OD+WSlTot4IHqt+PvVv
Pl9uj38+fvfru8u73enjH44v/7Ue7k+v7i5/3N2+vZh2d++PN7tXv+MvNh65u3x//Ot4c/9C
f7//cDjuf0p59+n9C/H16yfC493u9nY97q5eCGe2vru8vnl8mPcfzt3e/m53/OFrv89/cdRf
r/cf/uc/+rra35/2x38/Hj49PH3t83H38P39NT+/fK7Er/dEu7k//fbm7uX3x0/v3720ut8d
v/yE9On++j9+PG6N3nxdns+Xp4/7u/22Pr/d3f/w6vPTGu3vX//53QX/2u8eT8Pjze7txd8/
vp5+v/30/ub65u3F7vj63bOwv7o9vrvaevnd7uHh5tzJ+x/Ktxe3Nz98PJVbkxP/ut4d/3r+
x/sfqmdadabxr412/sfuaps7f/38H9sfPP0nf/X8H19/Sy+/pa+/1S+/1V9/a15+a77+ll9+
y9tvH7887I+3N/d/fXvxj//cfv9wuL09fN5f/+Yr/Rc/bSv6+fL68PvD6fv7q9tP13v45fpw
9fj9/bvT7vR4Jj9+3D3sYYzdp9sT/Hm4PP/Arp9/ePXj5f5vp7cX++ub08Wrx4eb67vd395e
8FTlUwnh5z+/3X05fDp988dbV9tfP3zz66vr3YktO4v0N980ZvM/P33762AY/P7qBoZ+9+Xu
/eGWaZ/Pya+eJnZ783h6t3/YHXenw/GF9j/ObERP+9OJHX/87v8JAAAA//8DAFBLAwQUAAYA
CAAAACEAgwaPGPMAAABzAQAAHAAAAHdvcmQvX3JlbHMvc2V0dGluZ3MueG1sLnJlbHOE0D1r
wzAQBuC90P8gbo/ldCglRA79xkOX1qWLl0M626KyJKSzSf59tQQaKHQ8jnvel9sfjrMTK6Vs
g1ewrWoQ5HUw1o8KPruXzR2IzOgNuuBJwYkyHJrrq/07OeRylCcbsyiKzwom5riTMuuJZsxV
iOTLZghpRi5jGmVE/Y0jyZu6vpXptwHNhSlaoyC1ZguiO8WS/L8dhsFqegp6mcnzHxESmbF0
Mx3NsdSnYmMaiRUM1lFpLh93fZdwRev6r5BM/4HLSq+YDPX3fnRoc9/ywg+Yrd6cmcoEPlNv
wZSyz0em5NGBbPby4lXNDwAAAP//AwBQSwMEFAAGAAgAAAAhAHry3pbnKwAAsUoBAA8AAAB3
b3JkL3N0eWxlcy54bWzsfdluZEl22LsB/0OCAowZqKqbuZIsq6bBtaukKnYNyfL4rXAz87KY
Xcm8Obk0u/ppjHkYLTYgAZZGEDSAZc+DJECGYUCAYFjz4P6WHsjuHswv+MSJE+uJuEvmTRa7
iw10MfPGkhFn3yLu7330+fW48Vk6m4+yyeOt5gfbW410MsiGo8nrx1svL04e7m415otkMkzG
2SR9vPU2nW999IN//a9+7+bRfPF2nM4bMMFk/uh68HjrarGYPvrww/ngKr1O5h9k03QCjZfZ
7DpZwNfZ6w+vk9mb5fThILueJotRfzQeLd5+2Nre7m3RNLMys2SXl6NBepQNltfpZIHjP5yl
Y5gxm8yvRtO5mu2mzGw32Ww4nWWDdD6HTV+P5XzXyWiip2l22ETXo8Esm2eXiw9gMx/KFX0o
poLhzW38dD3ealwPHj19PclmSX8MwLtpdrZ+AJAbZoOj9DJZjhdz8XX2YkZf6Rv+Ockmi3nj
5lEyH4xGj7cuRtcA7NP0pnGWXSewtptHaTJf7M9HyeOt5+eN56PJ4CoTj6/2J/PwgMGcz/Oh
+LFxMnkNIz9Lxo+30snDl+fu9F9cPTw8FY/6oyHMnMwenu9vwcAPce3qr7WHqd6R7OVtGFAF
iDuX9APgSC+fZYM36fB8AQ2Pt4AG8eHLpy9mo2wGNGKenafXoyej4TAFatX9JlejYfqjq3Ty
cp4OzfMfniDp0YNBtpwsHm+1ejuIg/F8ePz5IJ0KooGfmyTX8MunYgCg7ebRj9XYptgoQCjU
/SpNBKM0mpVHtCqPaFce0ak8olt5BDBuRVjtVB4BEqjib+yVHrHIBhJ7y5GhtXa18YjLNcYj
ZlccP0iQgEvv92K0GKele58v+4tqAxazbPK69PzH19OrZD4CeX3zyAZACzm7FAu+GCeD9Cob
D9NZ4yL9fCGmmlsyAlnTnntvL4ehT7PG+TQZAE/7SyrP4s9Gr68WjfMrFA3+NL3tnF+XI5+N
5rgLe9G9PCkkh308Gw3Zr7Vyfu15Ohwtr9VCORf02uUHMxbodYoHi40GfrZbciT/zV7xSAGl
wG/ulBzJf3O35EjG5L08OjwCO6kRIoSdPPo5zMbZ7HI5Vjj1yWEnj4r04ODP5hGSHhkiwZ08
KnJYpbE/GIBVEMBO3p4Nz8TH523bME98fN7mfS6Kz5IHCG+WVnyW0nwVnyKPwc7Sz0bCFRCk
s7oYRc5+kcyS17NkeuWTYbu8YfLDZbZAdWULw1Z59fx0AobmPG0E52mX1zKEH9xXDnJKC6A4
ckpLovgUpUVSfIpSsik6vJKQis+Sx7Za5iBKYpJjJ49z9RSoE6JT5LFtUH5xHVFNfvHxeYDg
8ouPz4OCJ3maCh18ljxAeLNoFuGzVJZffIo8+RVkVD5FZUblU1RmVD5FZUblU1RiVDZ8JUbl
s+TRp+Yym1H5FHkkqqewGZVPkUefQUblJlk1RuXj8wDBGZWPz4OCx2KaUfkseYDwZtGMymep
zKh8isqMyqeozKh8isqMyqeozKh8ikqMyoavxKh8ljz61FxmMyqfIo9E9RQ2o/Ip8ugzyKho
L9oWYEkvWukyPj4PEJxR+fg8KHgsphmVz5IHCG8Wzah8lsqMyqeozKh8isqMyqeozKh8isqM
yqeoxKhs+EqMymfJo0/NZTaj8inySFRPYTMqnyKPPoOMivHjNRiVj88DBGdUPj4PCh6LaUbl
s+QBwptFMyqfpTKj8ikqMyqfojKj8ikqMyqfojKj8ikqMSobvhKj8lny6FNzmc2ofIo8EtVT
2IzKp8ijzyCjYtpmDUbl4/MAwRmVj8+DgsdimlH5LHmA8GbRjMpnqcyofIrKjMqnqMyofIrK
jMqnqMyofIpKjMqGr8SofJY8+tRcZjMqnyKPRPUUNqPyKfLoUyTbxmkjlhNrVo96xqZqlU9m
0aLO0st0BnUhKYvllp9KxWLjc6FPXyrrd5Blbxo6l2kLsjb6G+UmGfXHowxD1G8L491tzFsv
vUqDPKq6+OSw8UQWCBTPjsjls7PEN1Rc2MUTojIBy3Cg4+LtFCoYpnbUHQorRJEJ1PXgCkS9
xVOoj6AqBzFYlD3AWCz8oMdY7kAAxM9QGzRUfba3O3s7O4e0byjzEJMskj7WscBf1W+cXi7E
b04zKDnZ2SOJGuvQbO7RjNEe3V2SRNEee7sodAFC0AXXk0Fd0+U4u3mxnAwWamUU40mWi0yk
etOj42jLqd8y/HQ5X5yJ/O7TiQGJzADOZd4YhvRTKHkCVDQhjY0AXEBeen88ej0R5Upqzn4y
T8ejSSq6wJoJlFAKhDj9QnVrKWXkVuh8fCCgawqAZNGOnArngCmRMAooBPsImiBKbWJtjE0V
psYF9yKWPfxEVMwwmpnANkPPYZdv1HP1M4dXyUwCJ05p7Va31SUtSOB5k6bTU/gZXIr48gwg
OMdvk+W1hB18eKqRg2QFsNCtHE1tFU3IlguBkGefjdVqEX8MOf31wdyKgpmUTDIeAaBF+ReC
+UnrwcvTo+Ozs5cHZ0//oNF82Hpw1XrQAiIcp5+l4wf/5z98+Y99KOIbXM1Gl4uGaG0+IFg3
Lm6yB2c0r4c+hQ6JihgCK6FIQ3o0NoAsgYZWh7iFo0GNRiJYkbDbUYiTTl4JMgHSbpch7aPj
3n6LbEQi7SDcEGv55NuMk68avQ7cZMFiSCCQYArDjYC6OYrCH7Aho4S+pR8G4xSkDPBQSS20
DYaR5G01GadF9bvrwLQbpUUiiTBMCeCbgyn+gA1Tvn3VZZ3t96LbJ2H/jravzAfNiYoKoiTV
JIpBk0PJapfqlGkDYFXTcaiqX14HqrKqNcSo5AWGoUog3xxR4Q/kE5Xqss72d6NERXbjO9o+
Aj9/+6rLOtvfi26fvO93tH0Efv72VZeC7Q/AYkwGixQFesSxoQp0XXkkSugZYKhTQ/dqYDc0
Io0nqbgZNYJdCyX7OX6g1BkRcxu4XlbcRtZ8IdpzPbIGdpEmGl+gqmc11VrhFYL86Y/JX+uP
pf8C5yOwBkq6jsPPE/kj0PEwHY+fJzP07rIpACPSVfh5srW5jXXa3lT9bLHIruPjZ1gsi9OH
JhBS01qM/Co2AZ8i8AbpDZYwVfBGYH6aiUgPowyo/sXnEVIoC+n42hznfAC+ZHZ9Lpxy30Hf
n4A8Ps1k7bXAgS3WsfEVrPXfJNfTf9uQnXDJHo/b/nxMvru+fTWPi7tSnV2y4T8dKP4RJZ3A
s5JFkMXpzAj4ybjouXF1lSQocGAdSZAHxekU8M+wvD+dvhLP8dfj+ydPfFZ8DCdy3kaiRG68
vh3NIjsSz+Uvug76kQwBaWFnZF1s6zWQ7xROfg1HcQqm9jJE7LACbrAqKcf3U5qQZosgIc0W
d42QSguY2YLiOpw9YFeqLURQtUiVdyU6KsDnNAuCBh5vDCo50a11AQbnhGSYbIPidrYICieg
pzslnGaLiF6Fhd4lZaoDYhtVpqU54vyUx4b3z08/IAM5x/aIKRod9FaOMfxVZoOTP+jCkU1k
uliHZhPOFOT32NmmhcbmaLV6aH84vryzjNZum+IzsTnanW2Ks0Z77KlzP7EenW4b/eH4OrrN
bQqvxeYAgKnQNXTBXAgXIKqHa5T59s5htpyN4GwdHDwWkTSydeynUhziv5PsxSzLLvGzJWjU
LxVYQWVJ8TAZj5lsxodyKa4BVIu+qiSZdUR2hEkiQUM6BwbGiAvvEawZHtYFmqtkGlBcEJKe
grH1rdRcfUTqGvqrNFkBkMKaAcH3/qkGxzzWicLjyXACh7LOdEWA75+C6S86NEDpU82AlAf6
UC5+jSsFcrwgdyuTpkolzJdTkeGajaYLQcj1MU0KIQNIo3H1phtwxetoOC59lafsywghYyHV
C/ELJjPijkxZEqcN8eyjbgjt1AVDHHEk2OwdYfTb3lJ7b5VoZ46TT4vj6T3dkLMlUtbVtkSV
CEqSr4+V4x8v8eoSptN0Q2gLtl4r3ICyAiyDIZymcKwOr0uoBMPrQjUY7iwyAgRUgGm4zq4u
izDmHoYBdaZurwc3MMCeAbRy4fXDepy+BjkVhfgrat884EO1MR5QQ8UxXpcQalyYNnfh7hkb
phBAZRUrIaHUFDi1WRgfyJmQ49dngJPR6+UsZcigx0U4qBoP0hZYJaNOeGMAheQSoplWaU+e
b1YXYCK0KsFTG6XmQKNQemyOiD065zVenIjl5SGEKClrlPzQoWfjnDRLBp3LqliJlVjsnnB2
m8F7UyEVAFV1otYgFHY5wLUmx0WB7eAsIgbAfXkFjXdDGIg8R0VhoOFGnkx9oLsQCUT0TgLA
w0YZ1ro74FsdeJsguhjoiFexOQY7B/ZIm2trI6ArLPmjTJphWpJolGNTIg3+RhKh1STWzWhx
BYUp0sv1XToCBfW5jShpzVKrJJS0k3uSgQc7Y6LoUj4uEkLrm+O3rVAdg90Jenb3ujy06pqW
zFwPmZYqBuhGv3RYJxw5bKrKoNq0zGy+iOD2ZGTaQgimYdi0PoKDYHWNnQBYnYJ2XIlVxu59
P5XfnZJ1fGQkSp8K1VXlbbBOXfwCOQ4cd56wIiw6T+tTdBIDP3zB2FI2vIIW3OA6gZo7Z+rG
OXNvm2dFXMbc3dml6i/YlkKK2yVAZJw+wrwrdDFwuinfwGhKMbrDYUWBw/y44iX18AOLXqn8
5eJ3JBnEmZQijBCOGNHtn6hxKe1idlS3bwBeAfdy8eHadMuRJn15QEcVJ91RgAIdeKWibw5o
TAiBEeE52CluKo4FkibC7zTaPsB/jjpqdVWtrOpphxtFK9C5DqCa3lWAkBNtxEthefKJHoew
CClSSjzGIUH0qFlU8VsVracxJ450BEwXUdIh67AgiOEeLpFNjWw4fEAfIWI3e/vgybH6Dk1N
6zMcL8HZxJC29bljfe5an3v0Wc2hxttjm6pRTAqHV8wv7NBne/Zdq32PPtu/2FQ/oad1pmxR
4DdHU/gnO9IZZIFmJWla0aYldl3dftv2HYgBtSYuKZDcbh7lhbK097o54fhEHpXsM+1ODa/6
EUmDNzYj663te+EsHECU0FWyVAOjD/2L9V1ZP4z2OYoCYHTnALBC8lrLqaeTYfo5z7mBOE8/
hztAQ7LUTnnEcO2VQceELqANV4ImjCjBBbUROEDrrpbnzeRqi6XJmqvVIWtH2e2udRYJ4c/T
ZnJHVF+SIx83saNuT/l7NalrSTAYOAkHNmSHV9hj02ENLlfo5KmSK3GaDJvML5LX6SlWuzOR
MYWmhqyED3LSu6gKfpHMFoHaFPH4btWmgCigWJvKh5VSjTqWYXRkq+bkgoCVqKX0DXKEoWhY
VWrGxKQWPDnZIU7XrTJwi1P71L7CIMcYF7sOszXCQzZVh4glLnBwzbBxUi6lIOXYG47HXTN5
naWDIbyAg5EXPH+FDe8WmMqCvYtWtZEQMr4CkFJiXaNPWEsO+tBugG5V/LwcfvjhMp2LeEYQ
h6oxjkiFfVwlV+9l2WJ9voaFBPSEIMI7U8KoPHSKYSgH3kdwzfypcBiAjmqKgUjCNIJaqTZi
cq4mhAaSkxKlsdxaGWs/tubV9Fa142u3oO8VVk+zAPRUY05mHLGusuacpW8B7yFrRaC9qrEC
Y4wGWgfr3w4lknNqcgWfu4TOCOFJE1gMWYAU3WRTlxpYjLFaZEvYBhRUdjdNQH3hkDEacvDd
vyWlEoaiQmUOKAHQFpxDdKCJJMa4cTJwPN8cOhbyIeAYCSIQzxGGsV/XBpoANSylJnPsDM59
iPyI76zB81c5iRMTzoyvl8wOOxokIsp26oMizLCdmmIpYjv4LrDgfrAFoVwyZqSgU4AZ2in3
Mavp6roxOw3a2GcpnCwXDlQIEIJCdZvNJSxIlQuSOKuUdZthlQEDUqw9Yl7DylULX3c+a9W0
2oD1I9cbsx1xye/S8JnOgtJoGjV8YMViCOLehjLs05BNTCLUAuYYd09Xkv2wbr2fTS57HuHE
+TvkxPJKax5WWrB4RQsx2Gml5R/YDLwndv0LKsrLlnlQtszvqGyB1QZli1jvnZUt87Bsma8g
WyT3bFzhQFhKvHaUWw7zFWULgmDDyz4Xdm024SlKani1epIyztRk79xlL5XbYj11SW1phwYU
Vk1WNiGDp2YVllZPzn7HsFTtPol6wwyEjIBuUGhSFmZJ98EODhbiqVLyyj3bUSaTpVXxLUQE
CVxheapgKVtRPFYCZ9kQ/+rRVZNavVuZr3O45QIut/cVFD2+BUhyobrrJgq3q1RpCXfXyTTV
nIg4n6aDUTKWddccarIVrlXEQxQh6NlNhewbUIZOTegdux4GdJtasdGHcA/ilXDuoJFUPOWM
hMwArrCP/KxWRV/W6bgQx8UuZ+mPGd6w5RU2Ic7iiHHyXQPx1mm1Beu0QE0KHlclqkEj68Wm
EI3ZKsL2qO3n8S0SlhzVodAKf9V+b6us0yH41i4/kuN0KOSI3W7BbUglblTqyPL4+AGFZh13
LnW7ZMBZQHf2WuJWJriFQgZWYnOUuLept4u1afHdtulmJ4v9A0LdPvpYybZgIr3m4oELIRYi
J82xrbaD5oAE/20h91wUp6t7LtLXVFBVnjyuxjSpVXa3Cd6AczrBIIZkjjVO9OMERotVU0nu
6RkucESu0Rjd+o00xjApyDwClOvU48Fwm4JgLOBmK2xbkeM4RIqK9FeDHYdWdw1okfNXM8BC
oT4JLx1dL+ni1Q+typQFsClTdJ+T5pWbCGVVJVDqyasu7jWUeXlX897Oc+zNUnae47vfvr4S
iorHrS/E48jRGjvSYctYW/YWStd3yDeuBamuqIpbVYUeUgkHqA73hq6UBcmogMe1knv1VKT0
VDmkFCaqXxsJ4uFRdklT4Rg7tpGfWZWmalAVYsH8fJNccPh8E7bRXqou2AkCO8io0SIQW+rw
OAjyNYUEPGsAt0S7tbdEhw0JO3HOtiI99e1jkQ222S7gYYOI19uDLYPsPcALNgvXf1fzaY5k
KriSAQDvxgxFLKAiNvRBRgSaH+cWsCdQ5sCev3tGXtN486jSCwKVoIO/ik9c6f3ODkczQPu1
Fc+T8evlpPExBHNHA+FXmRdwuk0yHin/PZQX78vTHyP6Nv/iUId9ZfZ0DYRysSwQGhHKmmlq
QqddhEgpRgbHkUI0MThAwXviO+8ie2E6yfP6a0CI6wEBoYgW+OSQQFcThLhGV2Cw7gf3rvXS
6kTziJKNBir0xAKdfmI66QsQq7jxtrTg+kaALqJtPjkkmMY1Cokym2x29CKxEfBcxk20F9kN
qhO6rd8TaSABafUlz4pr8WuveU++dlOR+gpr5q9BFIClKPNG1gzhH6SQNRbN3zIoFk0XEW1m
0R3Xf1oB0vzdgGLRmBOFt1C5rwuohzqaPRncrwjpnMiHNIJMhp4bULJHA7ts6K1gVWEvl/QU
rnQIvIeP1kutRRm8QoHCpax6Ma7NtrWXxeP7qdDKZiJIvqhNthVtz7ZrOapxdCEEnFxlUWDY
Dt5Vq6X3jSKv4LRxkI2HwjYKV53KZgkO/HepLIE53HkPRYLwEMisirbK4Zqnk8tsmA0YatRz
uQ5XAkjwy4RhIczvnDHrOBZO4EoF8gC6atWcZ8iCsFkGxwl8qtcSWBMV6GunJkHr6ydv4UUO
4n4lhhbTgoiJQ5/cUqf0YBv+OzmReNsoUZ2li1kCN8eFxRq1vqLmOIU9leODO20d75ONQuaS
wtjdc5rAWNMJuj5dKBmgIlFxYBMR1TAoBantXV+67M+g0Mh1tT767a/+6re/+vlHH/32v/3P
3/7qjy1ZIzsjRLlVPAb6VbImnTx8ee7O+mny8Pdf1Ct9ZozAf/Nnf/3NL38yk0TKZX5I6Jxs
d7r7BFAihpvRMLs5hHfbzrKx2hH1MIm9aMWRD+GL5Cq7TlxgnI+uz5cTC7LUCUH7Jp1N1M+S
p2RBG59UlOBaNBxkw7cXkN7hHq1oaYimiF8bl9r7zc5Om6IbBMASUPJ3VINDmqOnDuFuuab4
Z5X/eaQfp2uIf9f+pzgs5ErpnQOo2KFym2JyvctibUOX7UYZFdQykPf+ePR6cg32suIwq6KO
4EnK7zb4+OZRgdT84urh4Wm9UpPHar7541/+5qc/+eYX/7vxzU//6Jtf/FOj3fjdxvd+8+d/
/f/+6Sffb3z9P/7zb37651J0es6cULGfU0TCvtCxLVgjJGxt6vXBbGJ9B8kCdIkc78uJYsk3
gN/WLzLPkQlykX6otgwskOnl8pxd06Ns8CYdBsyO9TfPyOXjA1evaL3bHw1Hj7eS2cPzfbGq
Yqg5J9CMvoBXAWbZROgFpmsPZBsqDblzjzpslZEbCmr1OnstXGcVM+UoWyyvLRUaNE5UDaUd
7Vzp2mENkkPxFrtswsABGUF8jojPgUTMKrEpiX7DcFE8AdBtdnaV9i3HUX25Qh0oV4JQBgkZ
iYEdtwYBPbl4/uwFlNJkcOx+sUh5kbHo0HB6FAHQBpQ/vYEYjy2r18svJ1ejYfqjq3Tych7k
093DduuEolekEu6cHo27oXvyUv94h+Zum6xKy9lxPNnWToe2H+vR7vXIf4r16HRV+W2sR7ez
V1Dy2+s0C1a605ZXAMZ3u9vqFKwUAEY2Q2ylze3tnYKlNrf39grWClXS2wVgbbZguVKWRtfS
3pHx2viWm51eF5cLUh+mwWLgzRpb6xlWHy/Ho+vDq9RVZfZTCnXpRygibJFeNsVX1jYIyhXf
VGCiK2IX+JNJBMcFlGvw29LIF/DJfDACNa/hAqLcWFH2Ux+A0HEwtwYSQLUqICJcG8RGa2bX
wug+0+8s9YGZTOA6fHxNYwPUhf1iUxcc+9ud9smRBCGBw5iIG9D2ct1BA8hasmAAuaYczW8r
rkMzr9FZsZ0CHyMgBczwA+BJXqZclp79n/OhT+0yAGAWFFkxQX8+GiqC2d7OxYsSap6zE7Ze
17A2aBvny/6ncLicmWgWwubUJWRsWMCSO7VNNtYYgBH9voFjDLHa3O3LdaBNVmyrV8S6vZwY
4qlPRIJ5cMXFVtqTiO4oWtkwMeR4fAmjiK///u++/ptfNL7+k7/9+hf/XMjAXGS3SVDG7fP2
0Xa7fSCnJmMSItcAC2FxCQoBMdyBtDE9eby1u1IOOWfX4keq/M+A9L1f/8XPvvqHn3+/oT+I
6WTkSz/SH8q1mV6BT4WIcGmvtddpKheIQJwTwVUWkWVg3ZHyqJtHm7XSeFQW1Mg7D4l5OsFP
G1QIgA3swI+2PI6vp1fJfDRnZK0bUJxx3lb+cJy3j3Z3DvdVQc6LmZCtdhVaRUGuV3wOeQcI
f/mimh7jaiutaTPKhSpcw1E0aoRAomBvyc+2olSDZYvLzkfHvf0WlRaRhSd3cBdUiCjv5KUh
8LTx6//ys//7X/8yHM53q4Ftc8KOkXESLK7/3Ol1O00Knd3VWMXm3VC6UwQoLH281QJfXWhT
+HK2HMMDFeEH7tSa9/EWqtxL8VLCZzhMxQDyBCJI6OVCTPzsM50YxFwMbJGgH3HR3PJVWJ7x
01gTOWvuc8tABN/NvhKg3eue7BHdWSxCoQbHhaNnXOTC7MXSKhwiBtrfY7JK1H9RkirHIYox
gkDYWQpXtAGkcd+ugPiW0Xyp9H1zz63R1J6Bn4VyqSKHkBBwFj0gfa+K5KNssBT++/NkynCt
2hqiUZJpvOAnNw/Q3O2dNMmiJnaaX2kfU1tpSP3E1gCAy9F4DOwM/61UE6jV7pG4PdRXuviw
aFMxOnbJdvegt9OhyAXtzsgjoSbBE2h1bVcA4o4CoEq4wF9crFgjfoDNB96plOMKiCQ/2yI+
LNpiAUtu72x3lb10V9UQBkMBZHgVjBPv3mvfVrwUKBRWQOfs5RdSWru7ZZRWs9UlsVqjMW9U
EZWlIDHMJ8n0Ivt4ZgV5JHdbMkVrHasenp5xHQMbN79Uwax31E4Bcb+A1K9ISk9CqSYscRE9
GrpLEdm7HLyz0221DiUUiMrdMtD3yLckGtaX3hlR9niLzhus610eZNmb62TS+GQ8bJyLd8gJ
DiHjiLchKu3XXHMKhC4VFWAeufGyoAOifc/keTaaU3AYeP2NkkAHWI8kickls4NWr9kmt/Ku
ClOAoyL2jQUtjKRsqlyiTWXdHopMbcKTCkUJq2tpzVVOeXa90rDc6jISy5GNJpipNDTa/XEN
7cQmcqkKHWbfDDloRhxpRXJxCvIdkvCOPGYJR+YBITXVlSBL+Js0fOIxkO0kxzfKbCowp6Q1
RdSgbCznoewkJQPOsD4O51cZvDgN6I1LCGzCtxOQqHC3c3zU2t6lwz6EN0vbkuZ3PDrlfRaQ
X1kdmvDYxq//+z+GhJS9VIK8sBHPoVY5PTpWQg65Awwe3XLqtRjnSNpBdJ+O+BJ23n12JxTr
xxqf9gt3S9fqmrrcMJvY+sXCDCITCKcmLAhCFf+zilX2QPX0/7KOzOoXI1CmSMkio/n5D70+
3tfgPJJySrPz/kF3b49ohojqPpIviuq9wv8ajX8qIaijSN3TIWtE8suKKy5gv/rDn3/1s/8F
Mutf/vSfw9aYrUwCEdfChN5Os3XUOXacAGUJvVcpJaBK5QNQzALDqCWjr9pFGMAxC1CVy2Qs
VAccUUM7fr201GEyHvVnI+EuGDFuPSQfQj3BX7SkOdVxOXqWntkkfjl7eHIm6KA+wf/m9ZsU
3irMyVo34FpLy9POSevo8MChVZheZqrgw1MdW0NvA/ahWwtJWr9k6z0len3Vn+2SCKoGotPe
h6byGgW2oWjvYKhEs02hshq8Vgo9WI7H6eKUmRPqeUX63O0c7bshUU2BDn2iVK5En+/skpON
ZfHDdyeuKCkNFUUOW5T0a8tq6qP0MlmOeUmWeo504zpDHU4cOcagcTHKOx/J8NPlfHE2en21
gIggMK65JRxojQxQ338mg0kpD0fHGPfBUzHQS9RbqkG4WyeJJ9IXMtofKpVyVJHihY07G4zJ
892DYnPLxW+z1zxRtdkEa+eEfQ6yC7XTneL+eCRdWjxAHMa+hy/kCRuryveE1+b5SCyLMOhQ
Gz3jasUh/A2E88HkuYJb6cEi5JfP2G0hjUP1FlREUi49l0OOsFUjGW4e6Zi/9zysulQlvm4t
JF44KEBQj9pWzS7ki3Dn8S57u7h/kGTqFzcUqXXvT9QZgduzefoeIrgtz8kXgAeQqUmGGnoM
mu5Ex2EBGa8Nglkn4tzUWGK6lPR8Bk6Yf/eXpjzHpKpOl3dKqFr6HvnAfD+V3x3djo9MrFGJ
23dOuc5Rf12xo8hZnW3aPPUSnfkReY8CS/udAVmqZFBUXn33qMvO9Wt38fak4uaphuQav0zC
yEOKm3iUQzKPGm397FHcvczLbl4sJ4OFJ+OOve8lZJ4K1qnTg99BQuQ3GxhCpHx6mBCp8Z4Q
H2+pq73fA7Px1gRkh3nShi4p3xCmS2q8y3TZ3G4VOivfan/mu6e54XztWJQk+daeeo66xSNI
O2tWqJTDDofyRnXre2kSInC/S7pXUY1PTSDiVFOIoKoaeppqHCdWlb9Qq4rawt81K6VheX1M
dQQdetW0uY1hERBsQ2+7RJppA7sPmvZy92HL3oIbAqdQVtj7aq52FXFOOR0sJ+kPgrvA55tD
IJwSg8kNBmtFjkgSBzclGza3KwxRmE2Z0GLUrac8MYxR4p5hHMIdfsa0IrSQ2Z8OH2+JEu8L
KCdgug1rv7EFgQMFAnBGRQfKGl/+cjKcJcMH9FcG3HJUIIToTSEv/abIjpSM1ClQRKH2ngRD
bFLQufK1sxvBvLgVE6YCsxXN/wGgucz1cooUkSx85ajJEYvoJNVEaBJ7KMK0unvUSYlUcbzh
9SyZXp1AXY2cN0SrRXTqJz1NujgIXAKl6bWByoML8QJVwcG8RBWb4vfQKUwUbZqSkDxMDCET
kFEUQFHxE5t2lazPTxnrq3YpOay/i9Rw+PY6FaSvKU8haFH8z3WHeIrEFVbrlcz/+yyuIJf7
LK5QyBcnTBXDI9TBdlSjMn1hnguncZKaKnNCIt4khWopCgGvgmXseQpJ456aBCFQBn/xTIhI
uX3jA5pXxIKRBAKOXVErRL2YRQxUlhE/qkKFKVqqGGnMylIsYeNpwfDBD/m7NQuhdWvUJRg9
NViZkE4B4EhH9+UmSmoRscKZDQniIE0K1sqnR0Z/CGbLDqO44d0oNzlL+Vss4Nmr3ykks7Xk
mCY/XVQiobScTmfpfL4PUIaXNsBdpfIlZ0aglcj49OltAbFXX+mrBQymgtZdH5fEbLxVLxfO
cdeVfeL/ZTpEmytos3j/FGKsMChxb8EoWfB4q/2e16EpWozT4D29CffWscOkEIveIMCsKHSw
7i1mYTELegvS2j2Z3ZMZWP81WeH42rTmp4MbRmuy5ZVoQjb2LGzZLJts08d+LsyUnAucypWH
OVe0UHQwEkYWreB2+VHkUkeAPQdopevuS5g0rWI90jJ2TBDylXyb74w7Y0zeFYqelAlM8QDj
c6sT4RGPW/yowEGht13HuVnLJaLoG6dJoG5jpW+g2l5R5yb/MkkjfszQ/O1+uuewesoKvxUc
tiF+0mlHcXPJAZYL8Mi6aGvIxsqvVgsoSl0QAB/M+d0mxlJAWunm9zLFiPaKScwI+eJfr013
bZe6EiZkP6ysMIz4DgZZOIlK9VOTuafkug66xoWxdZHH+kLyPpJyH0kRV7cpz1bQoaZBRpTq
QeyvHlmKeo1BYZG0eZj/yRqyPhfcG+P3l9jMF9k13mIINfZCJmjjAbIMh4dPLy4YTYv0A7aU
SEJUC2m7yYa7bCrwhGtBrUWBmu3XqlUDV8HnXQNvO/DVQyQGFDJQal167mbs4k6rAY57Aty6
vpWOHJA5YgZU8DmBnuRdnZrEsUBHXCXLaBxbGtiExpsfbBJT2WCL0zkaShAeE4VPorDPLN3s
FSBD3Rb9sbwGBz48xbsfbuhKeHmj8vDzRIp9aD/IZsN0hq9RW2RTmBoPg8/hZDpt8wt4hQuy
NMS14b55jEXRJdX2vQ4ioLX6aIhYgARZffxMXHOx+vDRBF73lD5Zd4J/t+oEgDoPFf3xYToe
P09mIiwsERPBIQEeWpvwBj5YgYdjDdrIeAW6yARyaXox8qugLviELCAWiB/0Tw/ADCpTRKgO
hwuDiPEONTakqRK0UspVBapfkVMUspiQobAhcweqKzOQO6AAcI1SkrLgWQzmyz53uReDV/g8
JFHiEIntO47Fspff6KJMeKeBOHmT8kMFpktjmDaoU2j9tjCMvwUmEDi4y1qe5w5rivoCw6lz
ryaNDVeElntFiC5JvrVL6lillnNjkMVyFCh2amcCweMN3FF3/O+ZIIJHRaQaYy59zdK32yQ1
dBa8qrq5s90SekcnqJod/RLqSM1wyHxxhC6lNJihJiUv4APkVkHwyBGz2lg7yeCd3zfpEOqO
0hmYmm8YvnmPEPqrS1ptnTlXY8EL8ejNHjePlgBE2/oqtc2yYlooWft/tm/R6EUN1if8+9jA
fWwgHhv4bDSHl81ze+Hsy79TTch78EpzeOsFfuSX2qo3n+e/fMe6ji3uSwVj15Zeck1BI8RW
PRCipRKWFzCOlE9D0se2k+wyBfu5EG5KoOBMgsElR9+bVnQrIsLWhB5Uus8te1cvUDf59cKa
dpVhD71SrSDEo29gvIZLfhOhVw2dBQwo2UvSiPwXX7NrK9N2wJxSz1ZMzAyAlMp4eIbuhFM1
Sa5ThyJR3QSVTFy9MrKW4+MmmM/u7wTABoeryoqcKpzjyUN4I8MwxdDUMJ1fw5vGob6ay1XR
8cu/X6TCC8PO8GHeEN2//FscEJI1rv8ckzZcLqvXO3pyeTkBaZ7+CIq+X87TIf5gJXGkc8BO
ilgxlW59Dx1CK2Sa6wTmnngISSx1D0HEmM9jKF+jAvvry2Nt0UVCyzGN13v14wacw/3xghSs
L81MS4iDbK0cl1ME3e884eaSH7h1+VRW8QCYMd6kSwonF5OJMMlVHG+likhtt0nM/ijtM9tN
tjS+B23fD2q4e6LIt8HE6yEBT9Ik24eKRTLTKMFIgS/qhd+8TsiJ6xGbsbeM/jbPSJCZB+Kk
M33DH3fiV67vYJEfbNLMXiERVdYGO0ymC/Cy0Pr35Ra1rWuH0TQhS+x4b+dAvb7et8TMtu1r
2vtShJJGCEWAVuLZHPvpULxRcZby/J1uCEn1vIP39q5JnnEvQ9+9ZWq6RHoNfyvkaxTKxotZ
2l8OrtJF4/m56zg8P288H00GVxnG6fYh2wWHl+3eDszD97aaNKrnPBg0fpo8/P0XYgPF0bmy
YSsFZThbzPFjLprA5hqw5FR0VUHZxpGTI0w2ioD9Zy9lfefxOVNydlsNwNfGu2PaN9F9Bfjq
Zo4X5+0R0l//1iGkrDwX/liKoVyGD9lkSXPv1pUrHNrIhkPs84C+g/ibvZVPnhw7LdBT5l9V
V3ggD3JYD9r+kI7/oOs/6NkPnF9wZmczN52+YiMt9mQH55Zi1Cu4KBdVkFCUE7jm+l6vt7t3
QC2ywqLQwFwjUezISG1zipJrnVBlJIAF2aY5xJW25Rlw28lQiTvlOwfd/R76hNpYlxpMv6ZQ
2BpgC/G3F3bgKJNUD6gVgUdxW5hxF4WUYAtVe+d3e7vFX6Agq5Qa7cbvNuBdaV/90X961Nj+
oNVt/Mvf/McgWQiEQ70L3ZMrYnc5x7s6xzvHbbrMnFR7TpJDy6zR+LOxcjtIxztSTsFFD/jO
+4G+FH8mLvcHoukKG0WZ9/LoG8T8oPIo56y2MZdqO/p00wDrr/H8wjWkjLFP1v+F3c93APpk
xDoGlSRBIzfi9+Bv2jPYn0A0TxO/7xtga4OagZm+9+u/+NlX//Bz8mZdwbi724OXhzuCMVCq
ZqxQKZbwXwsQYRfJF6Bvsod/cEZSpCAF7AjQHAfgKBsA3/VTXoVkWookqR2X1qPQ6cKRLryO
drc7h3RTEAkRQ8JYkEUbpEbynPowFcjMgl2XNSTcVfro163rqlM9EZEHVNppQbhtA8LapJ2+
aJUji5y4ulIz8x/8fwEAAAD//wMAUEsDBBQABgAIAAAAIQA2i+kwTRMAACLIAAASAAAAd29y
ZC9udW1iZXJpbmcueG1s7F3LjuS2Fd0HyD80CiggWUy33iUN3DZUL2eCsWHEY2QRZKGu1nQX
pl5QVXd7vIr9AfmIbLJJvAuyyT/NL+SS1IMSKT706JaN8sI1LerBe3h5eXjvJfnZF99vNxeP
cXJc73fXI/PSGF3Eu9X+dr27ux599275yh9dHE/R7jba7Hfx9ehjfBx98flvf/PZ0+vdw/Ym
TuDGC3jH7vj66bC6Ht2fTofXV1fH1X28jY6X2/Uq2R/370+Xq/32av/+/XoVXz3tk9sryzAN
/K9Dsl/FxyO8ZxbtHqPjKH3dln3b/hDv4Fvv98k2Oh0v98nd1TZKPjwcXsHbD9FpfbPerE8f
4d2Gl71mfz16SHav0wq9yiuEHnlNKpT+ZE8kjBSc75In5/vVwzbenfAXr5J4A3XY747360Mh
RtO3gYj3WZUeRUI8bjfZfU8H02G+l4us0gbzJHqCpiheyLyOA8YteWi7ITig9i1atfpG0xAJ
k7YIekVeB5UqlL+Z1WQbrXf5a5pBQ4MLXaKNfn+Z7B8OeXUO63Zve7P7kL8L9UyNmhke7nm0
aEetFzBd99v76BCPLrar12/udvskutlAjZ5M5wJp5OhzsBbRzfGURKvT1w/bi9Jfb26vRwa+
ZXdc30LZY7SBK+Q/c3SFHt4+bE7rt/FjvHn38RBn9yCbsYnxZXLbaXvYZIXpCwxSsnlEBWv4
yT4GRi05ZTennwGLttzmF28eNpv4RJ4/fHv6uMk//OHuAylMn4PXvou/zx/89NN/86/+cZV9
YxO/z172TYKEOgEk6W92D1RgBP8+7KE5PMdBb7kqblzvEDzoPaQU/riPdneAwvXI9rCkcPeB
vD1Jf5b73ekId0bH1Ro07tuP25s92At4NAS8SxfWO3jxbfw+ArTTT+O3wEtBQlwVqhWljWrW
NapF0HmRRt3sn+LkbXw6xQmpBdOy0c0qrWClWcfm78kjcL15sxYNlbU/3ayoVNCsDVvCqmsJ
+wVb4jZerbfRpqYVYugK/N71y20Gu64ZcEd/ISsn7xCoKX5tPYKMSZwBxx1sj0ji95v1MR1C
KqbpL2Pzr79Q2+TWdQpP1BJ47NggQkDuokf+YB76C8f3c0DAoOqN/GLTdB9HaHpUZ53yzzYf
Ixwb97eaoR+V0mNEcTce+rMxAg/auehkMJaTHiXR66zB5bgoaS69O8FNXyM9KqWlL+4WSE8G
wI6kTwfNShccmyD95bgobA7AxMq4HI8ioFIagOJuAQBk6OkIgHS4qgHgclyUN8fA9/BbapQA
ldIYFHcLMCA2vyMM0nGiHoPLcXFLcxhMw8B2rAYHXEwDQd0vQILYXE0khKJejlNzDXe1kNZ0
RYbPRMUlaYv7BdJ6eITpWNrL8aQDQ29agcjW4eKSwMX9AoEnPQl8OS7G1BaN7Dgi82ai4pLM
xf0Cmf3+ZL4cB100teuLLJqJiktiF/eXxAZLoDMJJ8rPIbppU77IJFxAMn6lLJd0yVIz2DPH
sqcpYeI3g4jlhkvbmZuLMFdNUJ7OWO4fhk1xn15XvVv32HcVR8dTeFxHCBPoJyXnVed0OMWo
YLy0CxCzwbxpmhvLgt3yqKCEC9fBJHDxlVHqgDanKBW0mEFpAJyZBSr1lr5bb+Pjxdfx08Wf
9tsIQgm525RTsgKnbfUy9l7fkP/PkBuWOLeJZqyrfzN3rKJD9aEj+Mw2M871U7L+kHuoU7f3
Lfjc2au7/TfJfv++8vXjLjq823+ZUD54Us3HaLc+3lfuXu03+yS/hp3t5O7jIVrB7DgvIlef
Kn9/iJNd5RI4vdcoela5fPyBQeUhu2UHIcm0jnFyCjfru/zpm+gYb9ZZcYxiDhj67BGxeehg
upQqfjEX4in+AOZKrO4TW6psJDqYVqVYFROmGqyGMadqjVij6Vc5TpEiVky66hEbxtSsNWiN
ZnFc0IqJmxC0YczwWuPWaDLIxa2Y/MlwG8ZEsTV0jeaUXOiKCaQCdMOYbzZAT3NqSuAtzYkc
d+na0xQt/pzo/uMNUJSvUEJAjf/f8UPPm/iFbYSxP5sZwT9Phw1kFhn+1J+5Ls+qpA/WJwNU
PGGvCAURe77oIK9T8eCiv8mMBc/0WeTr2Wg243kH6VaQcbFdQ/LFIkpnQSBsGuSv0lIo4bFV
9IAsCaA8QzARJU4RdYwAeKCNr0BOFKRCPUKVVAMPdLZFBeBPP/6sC7FfcSKpQvxnoK4ouAPp
Wzl45Wt6+GB/ZQkftw98/qOLj2lVEg1eCiCiLqRLEgUiKtWxAv1LGyDPL7shXwog7BUsadAw
epgFoQbcSbIMpJcCiHQoWoOG0cUst6GZL9sbkqVVvqZng3C8tKRBw+hiVjAQIz3BJpnWoGF0
MbuaDfZSXQxywCuj/DC6mD15MSOtyXUDNsvFWc7NeSjMwJNz3YlnhEtrNsuHN2gohuv689Bx
UDopStlsFwf9nWL2XSu625aDmkFDjsXkwlWI6NhSygClhZcQUVAj+AZqF/jJ245hjea0jUTE
d42d0FWB7Mtcc4ogRbK+uz+R6+mEhJZIRh35IrE8b9lQpFLwsCqPw5OHybwuiSMhenxxGFbW
n8652jono2Z8kRge1ZvSebxGEiudjEzxRWKZTy9KN+HJI1Q6GfXhi8PwlP6UztdWOhlZ4YvE
MIvelC7gNZJY6WT0IhMJfnVSMkzOapdw6rgOTKiwkeY7vkTJAAvTdmw3LIJN+VBCvtVu0Idg
NmeUECp4lbkWqx5qXFzaY34DLrM+vr3bcIdBlLs5NBEbBd/FIiqG2unhUZJtyvoqNRuyUaRV
KqViXPU5BW3EvlUEVQyK0rKaRmXehC8IXdCazdooxKkorWJA83kF5gUSiEUpxxFK7FVdYMVg
ZElmWSJl677bKLSoJbNiIPF5xW4UFtQVWzEIWJLcr3hkTXShXa/WpTacNZ/TEJbjB1PSGfjU
Ru7nmC4Cw3Vn4pjebBIacx8Cfww3SAf3clcURJy0Q3qmO8FOVe31uJzIXBbTY7PJgNXVB/Q0
LfSzRO72uqTKsoJmOM72D8k6TlCuHvIrpDBVr+o5zhk3jNGH2/Onf+qCZBtmM5DKUYT2kQXW
qUO0qtvgndpqetoS2hO7GUBtVseXXXiMg6iPwLh293Ictxkw1Y5EdKd6Va97MQ6ngXQv12xo
y7vuXqz7ahjdy/UbGunuuhfjChtE9/K8hoa52pG66F6Ma20g3WtiNzTO7buXLpvl7JsxXYIJ
NdNM5cZs1p77c58s8i4PGzilgsTqXUimCpaWqt+AZrPlHMS3sGvAFO9lU/i46DTET3/7twoD
yRagwC8QLJJMT21XYxrC/WpwMSJmebqIbG7SwYY1ZWyJ8cRh/inMFCwrXDQMQdFYVyJQirlq
MjBhyoTaBBQ2u5PmNyYqbgJm+y5UhpRiyFNv4Sx9oxdIldLbMqDq9NMTQ4qKhwApxann82Dm
uRMCcrec+kelhDgJpKCFIi3FxUOAlOLith0uTGPRi5b+3IEVtdIgUE3Hx8VDgJTi7gtr4Xuz
CQG5Yy3touNbhRcs02faluLiIUBKsX3TWs4CMyAMrmNIu+j4tnh4wsVDgJSaJSxCI3SCaS9a
2kXHhwCpyJbi4iFASs0qll5gzSw77INEddHxwZSKIMXFLwOp7jyEs3HczPYn9rzlPMT05kZo
BeLswfNKGc66bqQ3et4uavZhnFfKKOQ89uKu+FHJsND8QJbuyEZR04lr13MtamKQKlAf3kC1
iUEJIEkC5bMBRNH8QfUwWTrmswFEkfYUIHKlY4ap3cVkyZ3PBhBFwQfVxWTpos8GEEWoB9XF
ZMmnzwYQRY8H1cVkqaw9AqRLdonDm14Wbhmha85gH3mcu9nY6T6HTBSHOKnLXkzK6Z5rNZNC
km73qpxCougIpkdStLyrNCFRXBfeNdM4U1XQWcHmYZTXe1Cd/ExVr0fCrHTzTFXFAJ2pqkSD
zlRVBtB5Ube4i52pqkSDfkFUlT27wHLN+SQI011Z+VQVX63Zu4jwCXOZhxKBD2brudUoaWmB
QSU5ocFCLsfCPoIibQP+plLKgSjBN1DN4Cevq+qeP5K6wn76OQ7F6mThCO96eIqaVxf9La1u
o5VWLLR4+3/tGk8MvFo9rzH6W1rjRqum6mo81l807VfSSNHf0kqrZjLJtWJswwIvWPekDXYQ
YO6eg43+lta70VomAdhQ7zF3CbRQs01Y4lmaHeIL0spzFkNwZ7IaoEPlx/pLnk2rcnAHviCt
f6M1RlLwof5jX1t7TMfE/p1cffAFqQiN1gspijDmLmsWK5Lrli2OiS5wpNB13BBVKzluQsuc
zCEnDN5ed7yVfO1PECxhffM0fQsAk48zlOPG8dxZ4Iczdu2Ptrqf9zjBzQVAKw665z1OCEVj
I3S9bDehP1zL/B58FsfE0/rbbuK8xwmcvCnzLfBbiY1Z9aJ0+gO+LGjFF4eJMPWndOc9TkDp
ZLPtrJXgV2uPE/bAE9tYBpNJOG9HBpZOELquWaxk4JGBiWU6c9sLFcmAKJ1fbW1EF1EcncVR
sH0vff5C9HDCSwGhkQRhi3NYR4zPOawjOTSH5TfnDKSS34thTH2sSmwQWD6HdSQ+Zxn16jE9
ouw5ZdncMLqYjMw9G0AMPxxIFzuHdSRdTEY0e9QgXe7KHkxhu9OlaVnpyTH8sI7ckTWHIycc
c4YXJZS7PeXISjNKGoVQyut+yZrfrwnfZvyJShs8ZgumatZUTmzR4bSoFNh57i2FHQ5pNyPb
4B1k1KvFyOT7/Cr5hiXowB5rxKua3UfPEiobsFX2RwSNhQarhtV4BFVNYKF3n7sHMONCzoSo
UQXLhAMl6sXFxbQyKAnMI5wdCKzmQJMJ7Avb10LF2gLzCGQHAqsFyiQC665QU2phXkp6BwKr
hdckAjuwjlGg0rhYu4V5BK8DgdXccxKBXRh7BALjYm2BeYStA4HVoncygWH7fJHAqFhbYF4K
eAcCqwX6JAJ7jtBo4WIFgXUJFXv6gR0aAewDM0XoN48MLm3ft2eWeP3iYuE5lp9uutx2I+RP
//s7qbI4OiZphuIcj+xGmhpop4E3503OAvZCcOaqmRkiR6nawrFMXvgFPWM2kUGRxHoSIYkz
soSyp5V4FA+zpxN/iTqVWg8XAai2D6AEQJwCXo/gEDPEAzicJJwuZ8jSnvSXogmpbSdMD0dP
BZhKksr5XJ5ies7cgu3fYRV2MwCkkxm14KpEsbALsR4EmYeRDwLF/uyJ5SxM2MG+BQiCc064
hJDd/V8GAjrSSwCC5MQvPggUI1xOQ2NqkySjrrtCJwwRuwEFAEiSv/kAUAwRDjGY+fY0bKMF
b+PTKU7yUZre6WysFvKVaAF29dWDIPME8kGgWOMSNtRxpzbRC32DiO2BoCtwiaR2V8DuPAEI
kpO5MhDgVyesDN0PDbR0jpkTzmdwjlZ6OHFT1xxM9UJr6YqZpKZrjh7sy5658O13xDm3+Jar
p59++kd+XZCDJdFT7IKobyKZh0JOpy5IMm1lH+H0anV3jErIGvZmQYcQQPXgSLIfMi5o4g2+
QSk0w9it2ZfSTroSvFs6SGrxVtocFB3nW72x2gRiXClWmyp6H7sDdMJyW3pmapHueiEtz3/Z
jN/QtqTiyv+ktj+2RHlb+n5qIdXJahHrJ8WYU/0k8OqPkAIwu7ADbjuvUi2U1e7N3SS4vR2g
SPnQ7UBLd1Yt0l3bAYri5xxioHYAznsSTXFwMVQ9D+pVvPy1kHZnB6jpwrDtwCQQzhZxcRMo
n8kOUDOSodsB3xP7DVFxE6Tb2wHd+Q17fo7nTGaO7aUn3zSd35zX0FyPmPzX/lLLz+cEA9xW
JXpWRD3wGZDQNTg5DixlXjZ0BnXgGKajMuc1NOlCdIYf9nZkq6LTlm4lWSInX+lYftaL0qm5
YEvitHWokpG7P0On5lClRWrtHk1FmjY0Cx25R0si9eTsZI8f8Txv4TpTvFy3edjcmNmOP5uk
3jcwwsCNsk0m4J/k+JHztr/nbX/BN5ss97vTEbSi/1h6j7OM87a/m+uRwO31SS17gzZ6Mj5U
6wloP6kq504/i1/wvOgmkmnQedvfrrvYedGNbE0J8j7Sjp3KFPPZbNDz+Mr0R7FfzqIbiz3j
YuL5oecELcnu0pvNAgMOfsGh5jqyayzgsD04w0gtkCxyLZx3j8mAFmQu0ERCktXJn7Ezwere
nBDc1TFsugwt0dnzBVyBoWX9OSHUEhzpFmqdrtizE+Ls+ZJxH75ZYGKD/Snd2fPVavcY2Ecf
iBv8/80tisygcZdKBHxzC4V4dUC2fSfcie4pPUb8Y9zHoN1J5hvvOUI1uM/hfWVAt3iPEXbA
fQxSdus/R/aP5D6XpbvxPke20+M+lm3BynuMbLzDfSwL7PMeI2ueuY/ZAtnIyh7uY9liX97X
0tU43OeynUS5zwk0hewJVNN2UFirYnmUnvtFgbKQY6DrvihSF6GMAn0R9QbInawVEfCu109T
oDJQJnhQoDR5JicXVIHaWCJs0vxfrt7ADKK+qvDWWnBEpsIS6I0p/KBAb0TGIj3vmy+hyDrB
vsy1EpKjU0qK+ub2q2gVnmabONo9HDJrS994Eyfr3d3n/xcAAAD//wMAUEsDBBQABgAIAAAA
IQD2kwRlhQEAAHIEAAATAAgBZG9jUHJvcHMvY3VzdG9tLnhtbCCiBAEooAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALSUS27bMBRF5wG6B4LjKqTkOI4NyUYt
O7PGReFkWjDUs0SUH4Gk7ApFgewhO+xKSsf5SINOEmjGz8M9hw8k08UvJdEerBNGZzg+pxiB
5qYQuszw7fY6usLIeaYLJo2GDLfg8GL+6Sz9Zk0N1gtwKERol+HK+3pGiOMVKObOw7YOOztj
FfNhaktidjvBYWV4o0B7klB6SXjjvFFR/RqHT3mzvX9vZGH40c7dbds66M7T5/AW7ZQXRYZ/
r8b5ajWm4yhZT/MopvEymo6mk4heUZosk/x6+mX9B6P6WJxgpJkKRw/eulEhbu9nsj44b+f5
5iuKR+jvwyPK0UUyeRqtU/JWkZIX+Ac1Rh2NgnnoeWy4N/dgUULj0SD0iw7dWMl02eOvdSmF
q5DRskUbK0qhmZyh5+VBjMYdo3vZQC30z55TPCEDNeOygy7A+R52kMNOOkTW+MrYHjOvQr/R
FiRwoz4PYhC+gdMr+HEDh++wF3DIWy771/B/ZHJ8jqfPYv4PAAD//wMAUEsDBBQABgAIAAAA
IQB0Pzl6wgAAACgBAAAeAAgBY3VzdG9tWG1sL19yZWxzL2l0ZW0xLnhtbC5yZWxzIKIEASig
AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhM/BigIxDAbgu+A7
lNydzngQkel4WRa8ibjgtXQyM8VpU5oo+vYWTyss7DEJ+f6k3T/CrO6Y2VM00FQ1KIyOeh9H
Az/n79UWFIuNvZ0pooEnMuy75aI94WylLPHkE6uiRDYwiaSd1uwmDJYrShjLZKAcrJQyjzpZ
d7Uj6nVdb3T+bUD3YapDbyAf+gbU+ZlK8v82DYN3+EXuFjDKHxHa3VgoXMJ8zJS4yDaPKAa8
YHi3mqrcC7pr9cd/3QsAAP//AwBQSwMEFAAGAAgAAAAhADOdGufhAAAAVQEAABgAKABjdXN0
b21YbWwvaXRlbVByb3BzMS54bWwgoiQAKKAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAnJDBasMwDIbvg72D0d11nK0lKXFKFrfQ69igV9dxEkNsB9sZG6PvPoeduuNO4pOQ
vh9Vh08zoQ/lg3aWAd1kgJSVrtN2YPD+dsIFoBCF7cTkrGJgHRzqx4eqC/tORBGi8+oclUGp
oVM9cwbftGi2tGhbTNsjx8/tcYebhheY5rx8asrtS1nkN0BJbdOZwGCMcd4TEuSojAgbNyub
hr3zRsSEfiCu77VU3MnFKBtJnmU7IpekNxczQb3m+d1+VX24xzXa4vV/LVd9nbQbvJjHLyB1
Rf6oVr57Rf0DAAD//wMAUEsDBBQABgAIAAAAIQAocU6NzAQAACoXAAASAAAAd29yZC9mb250
VGFibGUueG1s1FhNj+NEEL0j8R8s33diO5nEiTYTJZnNisMsEgni3HE6SWvd7shtTzY3JG6s
BAdAID5OnEEIrsv8GtgLoPwFqtp2PtubODvZhW5Nkim7y93Pr15V98PWM+4btzSUTARN076w
TIMGnhixYNI0Pxz0HrimISMSjIgvAto0F1Sarat333k4b4xFEEkDxgeywb2mOY2iWaNUkt6U
ciIvxIwGcHEsQk4i+DeclDgJn8azB57gMxKxIfNZtCg5llU1UzfhMV7EeMw8ei28mNMgUuNL
IfXBowjklM1k5m1+jLe5CEezUHhUSlgz9xN/nLBg5cau7DnizAuFFOPoAhZTSmZUQlcw3LbU
L+6bBvca700CEZKhD9jN7Yp5lQJnzBsB4WDsL/hQ+Mo+I4GQ1IZLt8RvmtYldNtChzWrCt+X
Vs0soQNvSkJJo9WNTmIeE878RWYNBSdBcmHGIm+a2W9JyHA+ySXJJnAhlkMLHpg2M7HYwIdt
i7N3T3nb4ik/7sYosICflWeYfilhzh4QA8apNJ7QufGBmjnesIuIAyhUrTIgUYE/B35V9IhY
94PII5i40+711oh0wVJzK3ZqWSNSTy1aRNT67cTP8Yj0Ge/HgaIG8aMnQJfsHf758/M/fv8i
fbk7rEG+VOGBZfhOuxYjt6rDiMSRSP0WIk15DZHjuj1c8C5ENoS5oloeRBUYpIA9HqKPIGZR
q2ROAOE8tpoWCksbQKdCkS38DcdPV8QhoyFGkBYMB1SkbNUhalBJHIigIrHDxYiGOjkZs2d0
lKC6qSW5kZMR5ayRs6KF4WixwPUnygqamvQCxPi/KetN37hhgTcVOilZvvhp+eI34+U3n738
/oc08vcUBVW3DoxB5ri5qutqVfcU5ljOpuZW291a77rX2RMU54CgQGlRV9p9vKDcEH8SB8Zj
EU2Zp+WOY3UAhTJggQ0/9XHk2gma21lZzpmUKczHCWxdPaa9kYOs+nWt1j0BD0zMBQV2Jysb
HeGPdDTauS+fSEifGgD4JtI3Ilduu7WUJpuFSJKJ1iKUiXZebgJPRdN3G+osfWGHFKqqcEIx
xq6nEORQVe+9LoXerhi3lnffLu++brWWP/66vPtUx561Qqn17pZ9+B53WgLMTiGsF6B1Hg9E
NAhjOljMaPKc4yIwfXRW8yGNXOAwtD1Fyix5NFKigaOOV6QBmUI9nCtFyKOkIEZ5PjOPYD/g
PNqUZiyHq9blnjQ7h8phqEyLxlOHwD50oqPPX798+c8nX+VpTlmVw6B8WddzRyvXR3InpwjS
EKeeTKYwcdSeqhhxrkUUcy1cnz//+7uP8+BCacJ2Clybuf6VwfafBOxx7DPendJXxBom49cF
Zms3ngNEB98A7DxTnoDkVHOSfvmQ5ABzihZBHSGewuGB8b4/MvrRAs4K9JvxS6AKbsSTbF5M
fU4sop37yuZFMekSnw1DloNET9UzKpOr0vDMOqzYsanDuHVud1eWdV2TJa28hAR0Lo4EByDy
MhLyIclHeFBzbk5gZbO9WUAkrIoGiUNxcgISg5AOYzjujIybfg4xUE0Rhqyflxi4duuthchg
bnRpYNwMFBY7tdl91bJqiXAGt1bG1JK93zX3M0s+92F7cCCnpqeV8upfAAAA//8DAFBLAwQU
AAYACAAAACEAD095LSQCAADWAwAAEQAIAWRvY1Byb3BzL2NvcmUueG1sIKIEASigAAEAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnJNNbtswEIX3BXqHgdaRSUpR
bAi2AsRuigINEjQO+rMJaHJsE5FIlWRie9c79IY9SUnZVt2gq+5EzdPHN29G48ttU8MLWqeM
niRsQBNALYxUejVJHubX6SgB57mWvDYaJ8kOXXJZvX0zFm0pjMU7a1q0XqGDQNKuFO0kWXvf
loQ4scaGu0FQ6FBcGttwH452RVounvgKSUbpBWnQc8k9JxGYtj0xOSCl6JHts607gBQEa2xQ
e0fYgJE/Wo+2cf/8oKucKBvld23o6WD3lC3Fvtirt071ws1mM9jknY3gn5EvNx/vu1ZTpWNW
ApNqLEXpla+xigkZx2vgC/PsQeJSaeVD3BBSBbHmlovgTDmvhAOzhCu1glmIA5SGr4Nwitmk
Fr97NyY9Nl4gLHJvbDVdK81hHgIRpjnrRMdSnNMT7jbGSlexIWH5mJy+ihiJTljVRk/V9PYG
WA6/fvyEKZxnw+7pHcC1sSU8biml8nFmxHNMHoIxLOFWeLNACxll+UFxz19QwmIHH+YPBQsz
HrEhcA/svCwuyiKH0H2WE0bDAkRHr0xE0zV3/ibs4VKhvNpVn3DF9Rm85wursK6x6+KVJn5m
8UXFXa6yTtEfj8g7q7RHWYXBjVJapNloTouyGJWUfuuZR1EIp9uZfdCho7AF5X5njpXP+XQ2
v04Cj+Upo2mWz1lWFsM976jqphFu7YHNobP/Jh4BVWf67z+x+g0AAP//AwBQSwMEFAAGAAgA
AAAhAKnIXKqMAAAA2gAAABMAKABjdXN0b21YbWwvaXRlbTEueG1sIKIkACigIAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALJJsgrOLy1KTi1WCE7NSU0uSU0JLqnMSbVVinEM
cNSLCPZRUgAL+CXmAgWBYkoKFbk5ecVWSbZKGSUlBVb6+sXJGam5icV6+QWpeUC5tPyi3MQS
ILcoXT8/LS0zOdUlP7k0NzWvRN/IwMBMPykzKSczP70osSCjEmoYVYyys9GHe8aOlwsAAAD/
/wMAUEsDBBQABgAIAAAAIQCb2sPXvQEAABMFAAAUAAAAd29yZC93ZWJTZXR0aW5ncy54bWzs
VEtv2zAMvg/YfzB0TyxlaR5GnQJB0aJAuw1bt2shy3IiVBIFSYmb/voxctKlawsk953M52eS
H8Xziyejs7X0QYEtCetTkkkroFZ2UZJf91e9CclC5LbmGqwsyUYGcjH7/Om8LVpZ/ZQxYmTI
EMWGwoiSLGN0RZ4HsZSGhz44adHZgDc8ouoXueH+ceV6AozjUVVKq7jJB5SOyA7GH4MCTaOE
vASxMtLGlJ97qRERbFgqF/Zo7TFoLfjaeRAyBOzH6A7PcGVfYNjwDZBRwkOAJvaxmbyrKN9C
YTqjSTKaZEYUNwsLnlcaJ9iyIZnh+Gq1Drtv1haqxulPxsMRY5NdQAX15lKt0bnmGr0k34bj
9G5lE/dW+mL9oRbLd8z34N7GziFGMP/YsaB57bf/iH9zLLJOMDA8lwR3AwXHBXaRZAEakCy+
itCVoQ8qOy2zelXRabn+sPNTUvPEQmq6E1/zMWCDL3RMp1OaCDuKD3b2ASOHjv+cfLxE73DS
mdJj2d+m/eo+hgfxcDairMemk3G3hOCiMupZXoGfe2iD9Onh4HHYfLO/726TxrWG9vvXa1QQ
/uCUzf4AAAD//wMAUEsDBBQABgAIAAAAIQA8QG0DxgcAAGE9AAAaAAAAd29yZC9zdHlsZXNX
aXRoRWZmZWN0cy54bWy0m1FzmzgQx99v5r4Dw3vi2Enja6ZuJ03aa2baXlonc88yyEETQBzg
OOmnv5UEMgEDu4Y+NcZof7va1X+VVHr34TkKnSeeZkLGC3d6fOI6PPakL+KHhXt/9/noL9fJ
chb7LJQxX7gvPHM/vP/zj3fbiyx/CXnmgIE4u9gm3sIN8jy5mEwyL+ARy44j4aUyk+v82JPR
RK7XwuOTrUz9yexkeqJ/SlLp8SwD2hWLn1jmFuaipjWZ8BhYa5lGLM+OZfowiVj6uEmOwHrC
crESochfwPbJeWlGLtxNGl8UDh1Zh9SQC+NQ8U85Im1EsYdrRl5LbxPxONfEScpD8EHGWSCS
XRiHWoMQg9Klp64gnqKwfG+bTM8aPBsyJgfXKdtCKnYGG+b2TIZvBkWhmQeV311W6xanJ13B
FBlRJqwPGBdeM0tPIiZia+awqalOLqyHIfX9dyo3iXUnEcOs3cSP1pZalgTPTs71yquGlpEM
NJbuMmAJd53Iu7h5iGXKViF4tJ2eOaoi3fcgFb70rvmabcI8Ux/T27T4WHzS/3yWcZ452wuW
eULcgYSAlUiAwS+XcSZc+IazLL/MBKt++al4pr4P1IvVL+1IL8srBj8KX7gTBc1+wbAnFi7c
2ax8cqWcePUsZPFD+YzHR/fLqjML91dwdPVdPVqB3YXL0qPlpTI20ZGW/1YiTl7FD5+0Kwnz
YPGBGbbOOegQCJkyGgqV4NkcRM18+LlR88s2uSwg2gDAqmbhY23SQZ5ArJZGtOFbvv4qvUfu
L3P4YuFqFjy8v7lNhUxBSRfu27eKCQ+XPBJfhO9z1SOKZ/dxIHz+b8Dj+4z7u+c/PmuFLix6
chPn4P75XBdCmPmfnj2eKKUE0zFTSf6uBoCMQToqHO3QRuy8MQ9qVP3wvxI5NTncSwk4U13N
0f53gnTUm8GgmYqoGoC2S/L1dLiJs+Em3gw3oYt32FzMh3sBe5mhGTG1UalKfFJz6Zniq87D
6duOklUjGlXUO6JRNL0jGjXSO6JREr0jGhXQO6KR8N4Rjfz2jmiks3OEx7Rw1avoVM8GamHf
iTyEVtmjdNOBUle0GueWpewhZUngqN5ad7tLLJebVY5zVcvp4WK5zFOpdpw9MwLdWS3dgzX5
U5QELBOwMe8DDZz6O7X7cf5OBexge1BvTPE1YtIbk70t7DZkHg9k6PPUuePPJqOE8d+lszS7
jF7nBqb1q3gIcgc2hqrl9sLOWya9fSaM/a8i03PQ2c3PW0LpM47K4XlLXbYb/8Z9sYnKqUHs
Rs6NnhPSXENoF7un6EylqLm6eqNQCcCEYNoFPQRtH+G/aS50+yrHGP9NKzrQPsJ/07gOtK/r
ozu/ZKW5hr+sOKjlNSev3SsZynS9Ccs10CsPc/IKtghcCORFbO2jRGJOXsGv5NO59Dz4zQ1T
p+Rc7HSUQCGnw1D0YsPHQk5KTfamhIjICaqxZgTWMK0lgMii+5M/CfV3YGoz0Cpt95q9y/m0
ZQagBaH20D82Mu/fQ89aNA9LuYnhzyUZd3C005aVh6UV9WT6HSHHwxofATSsAxJAw1ohAdRS
H+17HtsT8ZDhzZHAIsuy7WK67NDKPCcrswXRWsBIfROx/2pZve210OybCAo5Qc2+iaCQs1Pr
ZbZvIlij9U0Eq6VrtOeoqqmUoMh9swqyOwFEROOINwI0jngjQOOINwI0XLz7IeOJN4JF1gar
qVXxRoD0K5Rf9S2oKt4IEFkbjNoVfzMq+5620v3L7QjijaCQE9QUbwSFnJ028Uaw9CuUSqix
rNQhWOOINwI0jngjQOOINwI0jngjQOOINwI0XLz7IeOJN4JF1garqVXxRoDI8mBBVfFGgPQr
FG3YK9561f928UZQyAlqijeCQs5OTVDtJhXBIieoxrLijWDpVyjFULB0cVOCGke8ERGNI94I
0DjijQCNI94I0HDx7oeMJ94IFlkbrKZWxRsBIsuDBVXFGwEia8Ne8daL8beLN4JCTlBTvBEU
cnZqgmp1DsEiJ6jGsuKNYOl6GSzeCJB+5VAQJaJxxBsR0TjijQCNI94I0HDx7oeMJ94IFlkb
rKZWxRsBIsuDBVXFGwEia8Ne8dZr5LeLN4JCTlBTvBEUcnZqgmrFG8EiJ6jGslKHYI0j3giQ
LszB4o0A6VcOAOlVREnTOOKNiGgc8UaAhot3P2Q88UawyNpgNbUq3ggQWR4sqCreCBBZG9Q5
Wzgvij6eOm0pAuw5g/JUAxo4a0kSFlgE+JOveQoXC3n/6ZCBwDJCArGlPLAhfpTy0cEd7D5t
KRA0SqxCIfWR7hd9SqdyEeF03nGT4O6fK+eLuQDTGKdL6vXJG7g9VL0upK8nqYtD4Gf+ksCV
naQ8Wa6swQUhdbWruAKkr4XewIWg4lqPGqzu+cCL+lJV8Vj/v21BhZ+BqAc2UV4ALA9uRHWg
igPv9gySPu5eB7eciteO7K5klG4Wp+N3eyjz3qszmp1+5+okeIfP+qR45xw5+hWT1aaDcDlL
u9TnIaRsFZorZvDDTexDhNvidpZJpv/MjCn4/oqH4TemL6TlMml/NeTr3Hw7PdEdsGZqJfNc
Ru3jU31AXHuyzwCUQ9UZ81EF0V4n8SZa8bQ4bt5akqpz6Jtor0vSnHVtKQXsTO98K3/K3v8P
AAD//wMAUEsDBBQABgAIAAAAIQCSMEvASAIAAHkEAAAQAAgBZG9jUHJvcHMvYXBwLnhtbCCi
BAEooAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxUUW/aMBB+
n7T/YOVpe4CElrEKGVcbbCrSqqIRWu3x6hxgzbE926CyX79zAjRd97Q83X13OX/+7kv49VOt
2R59UNZMskG/yBgaaStlNpNsVX7tXWUsRDAVaGtwkh0wZNfi7Ru+8NahjwoDoxEmTLJtjG6c
50FusYbQp7Khytr6GiKlfpPb9VpJnFm5q9HE/KIoRjk+RTQVVj13Hpi1E8f7+L9DKysTv3Bf
HhwRFrzE2mmIKOZxFz9DULJ3gvqVjTw/ZdRqI+hS1SgGBJ8TvoANBnHB8zbgD9ZXQXwYEdKG
fLoFDzKSmOKyuCp43gH4J+e0khBJZ3GrpLfBriO7axRhaQDPuy2cVFqi3HkVD4JGdVP+TRmi
8pHgNiJuHjYe3JZOHiaG55QvJWickhhiDTogz58BfoOQFr0ARZT5Po73KKP1LKjftOqLjD1C
wCThJNuDV2AiSZna2qSJtQvRi1JFTbOp1uZN2G3rxmqYpKVeCl42JrDlQIWX7JoTwt2a7hb/
QXbQJdtwaKm2dJIZbADNomUVBunVIzLryalEvtkJ85j8UTEJDh6VVo2zlWE/+lNtd1VvOZ99
6X3HX68u2UhGdP8ieAuGDOPFvFz1Sp6fUj61tQNzEHNDRjHN2cSrRI3S1vXOHD3CVoacwt7R
6+/JSMeX0uZ/hpUr7SyZ+bjRl2DHhg8qbpcOJJnlclRcdQ3ZKfEl+RYrcthp4DPAb2j7XqdT
ycxmg9Wp53UhWfy+/ZOIwbBf0NN4+oSRL8+fuPgDAAD//wMAUEsBAi0AFAAGAAgAAAAhAN3d
wYHtAQAATgkAABMAAAAAAAAAAAAAAAAAAAAAAFtDb250ZW50X1R5cGVzXS54bWxQSwECLQAU
AAYACAAAACEAmVV+BQQBAADhAgAACwAAAAAAAAAAAAAAAAAmBAAAX3JlbHMvLnJlbHNQSwEC
LQAUAAYACAAAACEACynBQZgBAABcBwAAHAAAAAAAAAAAAAAAAABbBwAAd29yZC9fcmVscy9k
b2N1bWVudC54bWwucmVsc1BLAQItABQABgAIAAAAIQA5PmodpBoAALuwAAARAAAAAAAAAAAA
AAAAADUKAAB3b3JkL2RvY3VtZW50LnhtbFBLAQItABQABgAIAAAAIQDEQwDveAoAAGNkAAAQ
AAAAAAAAAAAAAAAAAAglAAB3b3JkL2Zvb3RlcjEueG1sUEsBAi0AFAAGAAgAAAAhANOxIVuM
AgAA7AgAABAAAAAAAAAAAAAAAAAAri8AAHdvcmQvaGVhZGVyMS54bWxQSwECLQAUAAYACAAA
ACEAP1H6a8QBAACUBQAAEQAAAAAAAAAAAAAAAABoMgAAd29yZC9lbmRub3Rlcy54bWxQSwEC
LQAUAAYACAAAACEAH7FTzsIBAACaBQAAEgAAAAAAAAAAAAAAAABbNAAAd29yZC9mb290bm90
ZXMueG1sUEsBAi0ACgAAAAAAAAAhANuvootDFwAAQxcAABUAAAAAAAAAAAAAAAAATTYAAHdv
cmQvbWVkaWEvaW1hZ2UxLnBuZ1BLAQItABQABgAIAAAAIQDHHG0UnAYAAFEbAAAVAAAAAAAA
AAAAAAAAAMNNAAB3b3JkL3RoZW1lL3RoZW1lMS54bWxQSwECLQAUAAYACAAAACEAFbTnhKsn
AADsuQAAEQAAAAAAAAAAAAAAAACSVAAAd29yZC9zZXR0aW5ncy54bWxQSwECLQAUAAYACAAA
ACEAgwaPGPMAAABzAQAAHAAAAAAAAAAAAAAAAABsfAAAd29yZC9fcmVscy9zZXR0aW5ncy54
bWwucmVsc1BLAQItABQABgAIAAAAIQB68t6W5ysAALFKAQAPAAAAAAAAAAAAAAAAAJl9AAB3
b3JkL3N0eWxlcy54bWxQSwECLQAUAAYACAAAACEANovpME0TAAAiyAAAEgAAAAAAAAAAAAAA
AACtqQAAd29yZC9udW1iZXJpbmcueG1sUEsBAi0AFAAGAAgAAAAhAPaTBGWFAQAAcgQAABMA
AAAAAAAAAAAAAAAAKr0AAGRvY1Byb3BzL2N1c3RvbS54bWxQSwECLQAUAAYACAAAACEAdD85
esIAAAAoAQAAHgAAAAAAAAAAAAAAAADovwAAY3VzdG9tWG1sL19yZWxzL2l0ZW0xLnhtbC5y
ZWxzUEsBAi0AFAAGAAgAAAAhADOdGufhAAAAVQEAABgAAAAAAAAAAAAAAAAA7sEAAGN1c3Rv
bVhtbC9pdGVtUHJvcHMxLnhtbFBLAQItABQABgAIAAAAIQAocU6NzAQAACoXAAASAAAAAAAA
AAAAAAAAAC3DAAB3b3JkL2ZvbnRUYWJsZS54bWxQSwECLQAUAAYACAAAACEAD095LSQCAADW
AwAAEQAAAAAAAAAAAAAAAAApyAAAZG9jUHJvcHMvY29yZS54bWxQSwECLQAUAAYACAAAACEA
qchcqowAAADaAAAAEwAAAAAAAAAAAAAAAACEywAAY3VzdG9tWG1sL2l0ZW0xLnhtbFBLAQIt
ABQABgAIAAAAIQCb2sPXvQEAABMFAAAUAAAAAAAAAAAAAAAAAGnMAAB3b3JkL3dlYlNldHRp
bmdzLnhtbFBLAQItABQABgAIAAAAIQA8QG0DxgcAAGE9AAAaAAAAAAAAAAAAAAAAAFjOAAB3
b3JkL3N0eWxlc1dpdGhFZmZlY3RzLnhtbFBLAQItABQABgAIAAAAIQCSMEvASAIAAHkEAAAQ
AAAAAAAAAAAAAAAAAFbWAABkb2NQcm9wcy9hcHAueG1sUEsFBgAAAAAXABcA5QUAANTZAAAA
AA==
--------------030709060406040307040302
Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document;
 name="T13-SG13-C-0428!!MSW-E.docx"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="T13-SG13-C-0428!!MSW-E.docx"

UEsDBBQABgAIAAAAIQDd3cGB7QEAAE4JAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIo
oAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0lk2P0zAQhu9I/IfIV5S4ywEh1HQPsBxh
JYrg6tqTxiL+kD3d3f57xkkbdXezTZbQS6TYmfd9PPZ4srx+ME12ByFqZ0t2VSxYBlY6pe22
ZD/XX/OPLIsorBKNs1CyPUR2vXr7Zrnee4gZRdtYshrRf+I8yhqMiIXzYGmmcsEIpNew5V7I
P2IL/P1i8YFLZxEs5pg02Gr5BSqxazC7eaDhjsTbLcs+d98lq5Jpk+LTOB+MCNDEJyHC+0ZL
gbQ2fmfVE678wFRQZPtNrLWP7wj8BYc085jp1OAQ952SGbSC7FYE/CYMkfN7FxRXTu4Mrbo4
LzPA6apKS+jjk5oPTkKMtEumKfoZI7Q98g9xyF1EZ36bhmsEcxucj1ezcXrRpAcBNfQ5HGJo
c2F3ZgOB6Ge7P0tGL30uES1ExH0D8f8TdLoT7X9prG+qCiTVyfjBMDFP6EVncRI77gaIlO8p
Jo+rNx87ffGgPIpwD5sfF6M4ER8FqZxD6/ASe99Lj0KAVRdiOCqPItQgFIT5N8CzGuyER/1T
si7i3wlP8Le4FpsGJlTeK4uios7VSo9CILVM4O1z/k60MucsqVW01z614PAPyz52zBSdUw+a
cN/3jtQrZ+cZ0g+CAvVa765HzbbvZAbMefs3tPoLAAD//wMAUEsDBBQABgAIAAAAIQCZVX4F
BAEAAOECAAALAAgCX3JlbHMvLnJlbHMgogQCKKAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAArJLPSsNAEMbvgu+wzL2ZtIqINOlFhN5E4gMMu9MkmP3D7lTbt3ctiAZq0oPHnfnmm998
7HpzsIN655h67ypYFiUodtqb3rUVvDZPi3tQScgZGrzjCo6cYFNfX61feCDJQ6nrQ1LZxaUK
OpHwgJh0x5ZS4QO73Nn5aEnyM7YYSL9Ry7gqyzuMvz2gHnmqrakgbs0NqOYY8uZ5b7/b9Zof
vd5bdnJmBfJB2Bk2ixAzW5Q+X6Maii1LBcbr51xOSCEUGRvwPNHqcqK/r0XLQoaEUPvI0zxf
iimg5eVA8xGNFT/pfPhoMEd0ynaK5vY/afQ+ibcz8Zw030g4+pj1JwAAAP//AwBQSwMEFAAG
AAgAAAAhAAspwUGYAQAAXAcAABwACAF3b3JkL19yZWxzL2RvY3VtZW50LnhtbC5yZWxzIKIE
ASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArJVNT8MwDIbv
SPyHKneadcD40DougMQViuCape4a0SRV4gH793grdB0b4ZJLJb9R7bdPY3t686mb5B2cV9bk
LEtHLAEjbanMImfPxf3JJUs8ClOKxhrI2Qo8u5kdH00foRFIL/latT6hLMbnrEZsrzn3sgYt
fGpbMHRSWacFUugWvBXyTSyAj0ejCXfDHGy2kzN5KHPmHkqqX6xaqvx/bltVSsKtlUsNBg+U
4GBKY5E+ISmEWwDm7EdJySfjhy1kpzE9ILGBrYFNyDfPLGQiqgePq2ZIoYtD5S9iIqisxV//
oZdCJrJxXBcGCzFvBj+jst9SyEVUE2ap5+Co27Y3opdCJrKYJOTSo9Wv1AF9X6Qp71WuEHTw
ck5iuvmA+RMgEpNBnw7EIJaoXNaXEtwWShcHSZzHJOH3MPwoQQY0w+ONzBpEOWTQxUEGZ3/U
10o6622FqbSad9N6PaUvdhcB76bRi8L6rqpA4uAa7B2FQFz94ePAWvp/dShNa4sSfu8NDaUS
fCNmaUvtS7uD7+zE2RcAAAD//wMAUEsDBBQABgAIAAAAIQCkofumgBkAAEKhAAARAAAAd29y
ZC9kb2N1bWVudC54bWzsXN1S48gVvk9V3qHLF6ndqmGw8Q/gWbxljJmlwgABJqnNTaott7GC
pFYkGcNc5R3yhnmSfKe7JUuyZMSfTXZnqgZLrdbp0+e/Tx/1Tz/fuw67E0FoS++g1vhYrzHh
WXJsezcHta/Xx1t7NRZG3BtzR3rioPYgwtrPvT/+4ad5dyytmSu8iAGEF3bnvnVQm0aR393e
Dq2pcHn40bWtQIZyEn20pLstJxPbEttzGYy3d+qNurryA2mJMMR4A+7d8bBmwLnL0KQvPIw1
kYHLo/CjDG62XR7czvwtQPd5ZI9sx44eALveicHIg9os8LoGoa0EIXqlqxEyP/EbwdIsCsbV
bx4ZCqgRtwPhAAfphVPbX0zjudAwxWmM0t2qSdy5Ttxv7jdaS+MlU67Cg6OAz8GKBcAlcAXE
GOuXXEfTgfi74GoeYqO+ajKGIwQiwaEKCtkxY0xcbnsJmOeRJk1caMRL5PtzIGd+go5vvwza
iXebwCLFfAJm9Y7SvPTUwicBWFLdqyn3RY25VvfkxpMBHznAaN5oMZLIWg/GYiTHD/QbjRzz
cxGYi7+xeXd+UNvf32nWcBk9+Hh5fM9r26bDKX+Qsyh5NLHvxTh5OBCO84UrWI6YUC/Aau8W
QArsm2n5822FWwoaMD2V8hYA77hzUKvjHwGd2EEYXUoMom4dnr5TDwfSmbkwpsnzTIMnfzmE
OTWPPfnX+A6z1TgkhPkc2GMiwQ1+AUNPrdFq7OrJZ5ph8wpam81OUXNrr6i10dhpFMJotalZ
IxfjFAVAB15jfEmkOWzX6wN4CtN0ARuaNComBnpSFveiKx9G2sAzzZGlOllm5paRCDVVwMxJ
xN0XEdwItCu+BALuKYhiDA0MP0YlhUjclMEubjwSEz5zouXuF6kmwnIEmSCvc0Wj4m07YSV3
IbcnXiiC6FTeSE3Kou4NIpSnuo+9mUt3lnSOSbAOajvm9hSCRXdKCYqgqI4GSkQax2flnZVm
6c7/+CwPuXWb7Tv0xslcMiMuHjT1GwH6Kb5nyEiUMcwcqfc9eRFIOVHX4Te8o5jV7GggDvdu
0CYwx35o84Pat+nW4IyeQcoMHONVANnv2p5je4KN7TC6Bj9q6uowuTpNrkgaQUBYnS73rKkM
TsCeVnO/edjZPTQPxNiOqLnRGgzanb6yT35X3EcUy1j3B7Xd3UZ7p11j1sNBba+5F6sW+kwm
woqGuidsQmO/3sZw4BP+Qub31WsjuqWJ+xQiXQSMRAQ81+S/sK1oFgiGhrEILbxlR7Mt6WiL
5nets7vPAfentnUcQERIJTgswKLlVFq3oQmSQLmc3X/cPWun6MnBFEwQ/dDHlAg/RfzV4790
1NRUjnjE2SxYdoKPT8DXFIRbwVUX/w1auHoGObLQvLsLW5kQNBMrDPfA3grci9/REDihppm1
TGyWNAWBnE8FH8MDax5koWzTbQarkWP7x7YDN8q7dM2CrnBHAjIGYd8nNvJuGFiXYKu+jgIR
WVNqnuA1076NTvEDNcYCLI0Y+pj5aP5FjmHT+CySoDbv3k8Cl34RpTHoCagCDVGyzkl/VigP
hotf9mHmPgvpMroA0sBTAed3p6HyCyCc6UJjeZImq2bieIziBFKy3BPXjkTAHNuFwpKjNjgR
XWHA1MsRtx19DVwcD5Ymnqe5xC2uEl0jAU3f4zoxRHTdTewTmSzV4qu/sTMjkxjlXVq70VHW
P+fSyJVf+Rzz03ayZUxh/P7buTPwOWW7F5Z6R5Ewtsb4jTs+Zv7LQIAYvZOz6+HlWf/65Pys
f8quh6fDwfmXL1/PTgaqjeHq/EwFGoqSlanabCJEAWIZqgLntZHPv4oenCQkwbIQbn0kAuUF
Yn+WIsyeYa/ydCnaFnMi05vICKKxRpP999//YQPW2tlTV8NyuhElFJdfHrQRpF+ECaS1S28n
0eELojmo6Fr4VRRItUh0TCA15hHWMZXjsUV0ZPxnt4INaNVbsJygZHahk7cBJt7abLQba722
EiOwCRHwIFS/KYFWYR0YmBdozLJCrPgYQJL5JWOREXcM81pDjQI1uah3dd0/O+pfHp38XRun
q+Hg+vwyMyypLlFkbebZ5Y4z4P4S/d/AWFNQhTCAWwgAfCyyRHAnaiDK16Nf2cXw8uT8iGVo
oZygkYB5NyUbGdyIlUj9Nbfwp5N5X9NSGQEiaexFc0vCVquD1N6juqOWTQqWfv/NGfRPC0jp
9SgZx4zhL9WajGGn+RtfnHID1d4lqp5bkYTLYUTdcsISTd7MFezqtIIaI+ab5mV8V2Vhr9XP
OkQKEGlpen8kowjxoiEwpYodZaTDb4iZ1TLYyKkyq1hKS6yqVNAKWEoKEmDq7q1losjJqPjE
OBkZ0Pr3WW4mDgzfyM38/9M+1iHN41L1KXRYEI4qdH2CCSI7lsjeqwoylKHv2DfJisFC8kIH
nBVFvHLCy1B08xZuCL23wymTnvNQYOHW4IY3T4NzJLFtjztdZqhRQAglANrwvZmpbyLDbozr
I1F/B+nqd+iwDdZpAwG65eLXIkOuwg9jyF0hIrVbVnnBkM4aK7oYSCNnJnybtnTSoFSqAP5M
54JNcj5GarH2UAuwJ4bA8WQpdPjLDDl0bFz+EP7YLZcnsmWF3lxtMuRZXNEKZZLIgKFWC5VN
UxC/kQGjkOw1drdXBUKls2ntt6pEmGp1tpZJlttfDK8e0q8JdN6L2pds5uXXuLEbXluiZmHB
Fw4zWbQ83RioLS+jwpEd6bB0sZcTx6Naf9VCaLGBtNBfsymyrNhmo69czFdYMVJsvVr7fHn+
9SJJGJ2fXV+eHH6lHBzljsr1nYT7u/8Y5/f/ygNMEKyC/9gnE29EJpSzwMrlmyrafLV2fIHN
v1JDP8fc7zWpugbCsTp9Fa9U3l61y9UDqdIpoiV2LRyBep8PvyVhJwf2NksLUnyzb/HmeRNa
uCOCgjjxCdYvtJ6P80VG0WKrmI6cGsqwpu1urDVmEz2+fSRwUrtlL1CiazL5b61DvxdGr1Dj
4lwkCgx8GXKH8RGVB0VTwdIleGwkorkQHrMcORszKhGcUbTOUH3DRvYNQ66fM9vLpzFRuiYn
w4DQ0SYOO+SOo8SPljyrxCXq/frx0L4hwFuB+FcUZgwOorRC0AgEzFqqIIqLxX8RLeRKQhYP
oBVmSaZrrDLKW6/v7rWoAiKdkG/0G4f9ftKYiruz3ZUPNE1EAaOaC+UdCRRlIlFsQhwTlgTH
0otCDLmo8/jCnZuZxz7LCAUOmpwjRdSlipBbufXnSzOhjFvV0S6QiOeCYeut4e6wmS9Aajcb
h0Plb/PLimx3NT3TlJpedlPvxJtIlHNonLG9pxNMtnNHdVkq82smj2cnVEyj2uJEdPICKnVU
ThO/cR8LpTsBMQHSDAPYahjfnupClW1Jj3YnWXsbYOX0vrLdq5m3ktBLpTdEYD27AEil9m8M
PZUOmA7LHDYj4k24Xuzvx7x/Gg7QvV5/hAoFbkUZJarO/eHO7r7eaHtt7r8JD21VgUWMJjUC
+VQt4SnKniqoVZrNS5pUyuDqtOzvtYfNY8Lqt07LaxSug+KujTLWoSlP06Jbna6gUiUdKTZ8
S+yCLhQ7wOupHcKveVFgj+Da5JIrS/SXTGRzr9Op79YqYVaivY+TgPQWXg6WTOSd33pokvfm
GRK0h/XdgVq8pK2abqxEl+oc6z0rHMmYOohRrHBr5V92mZTDor+7M9il+iu0P9MHVJKiYolf
yd11CXgxatBDVEOLgCJM4j3iQEY1ZIz7KHi29JchK/HfLGmXA+GM9BnVeXO+92ahYHKyFLRH
wpp62Nm9sZ9mWArt+YvM28eMklb3ocNOvX88qMUqnQq2XxqNvrd4pJDmFU1nHHxWp+vbxSZJ
0P67ivINPV+i6aOKzKZo4cgOrRm+/5Pe43p1OGg3O4Xr1ewTnbPVnWke8XKmxGG9hrw+EvMV
DvESM1TshBKng8BwRClPle9gVONvc8f+JsZsKpEqEYH7sdQX6c20dqd1ODhe6egLJ/UE1gPb
DM9zocb+oHl0/AwMXp+s7E/c9T+xY6wHSqlGIVq9Xz9GwmGV6hTS7CUY947KaLguPhaLIoU+
eczWS5hATFBAxiKp4rEkgHhgc+Seplg4zRwkAkUeydhBb5Z8OmyEvgJ9lagMBaXSplhYsRCK
zJSGP0hkDSJEm1x/+qwiJ+m6VCLDEEmNGX18Pef43iiS0nnSkuzVJbVYTtgP4Qzc4GGhtES9
OKWLPC/RYcSxslQpXHw9dRtJn75Oj/BdmG2F23d2OCMzp4LtMr6Sou7Ud/rto/Uqasn0Ywbl
0V2vrvyYH/6daAGk3+I+fTD3YUk+YhQ3xdBeGCHpvWnC9ZaW62uVnDKpRkrbmn5g4RS2ZwnD
mHMbNrF51r0DwnHU9j3AxOdRex8Uo52zPGZrJVqPLHweg5g2G7MDPI/RemlCcX0eg5gmG9Yw
Ck1U9DK3seHnMY4wxBHqfAiG01J8ilAi2xXLi5H1knDwPuk3CwKUdSOUo3VdHsX1UugdrzIo
HEZIiBiXM1feqQQsxwkREQvwmQXdTgJ8PsLZRMzZWH5DSQAWwHz0EOE1BBgu9x7y1C3eqS8q
AtiY1fHzArFune+VWp2N0SS7V5zKJ6zLDvbyvqBYkEzJRwrBTZGsJH7buGxp7cRGgHIfynXo
D7+S1fDT8/CplPt7yBdm9dVg9GSrXj3fVszq4T1yWw4sIWhdxnUSzk1k43qHZRhpfd4UzQq8
cczMTZGqmLkV8pbromRPKXKIsnse2DKkwjtPzvmYP9C15czGOD9BjBi2+MJP7PL45OgTC4UX
yoB5KOSTwS2aQ0l57OUGBfuH8YzSXCofZjqq9kDc4UQuqo/48QM7oc/kABAhAA4soQUNirrU
MYYAnzwM1fIVeI3FPQKIT0hCOMg/CTpEBEWGFr5NRXekgwPpSffhA+ORK0N/iu1fi4WWjSMU
kbC4EXiIvNQHlBvKGyHpUETsBDvqnrYy1TXhgHI4fLpLJYqOuCestjFtlE+JAEceWTY2kEG1
Bw05snGKIpDQOH5iLh16qJ7O8Ik2zkrBwUfiE7vDZrREVGRN7TIl2pTP6d2VYbQ2YTQ5xFDi
a8IKjiTrLi4zaMaan/IuphLBPPkd7Eb1rss4SjL2XDMN+hXVEL6gfuTRgqknu9/Xx1GXT8HK
xXVUK93yYyVN0esXIu01dlr7xftyHMbKLts4iCtBy55P+6igKX1YUEz6AkFYSdMVE1w5h+qh
WA/eb3WpeKb4pt7uNFrD9W5X9CqYxWzhijGLOYlMmcVs95Kq67k9lvMBFTWqEy/TldWP1rmg
4FfXaqInFFO9m6uubuybz2jLu7T3lguwc1D295JDj0wJtsQZyhNHzi9mnjp3DR+04NS0Kzo/
5WioBGNxf6bvx/+c4exQOi7kRJ1RhlNTkq9hFgX1mAedfXhQa+qjLujmckbnq8YnXMy7i68a
cVTG1JAA8Y06IUAd0WyIsXilrHivUP8UvrqoIz6r53HdW1nJUy4k2SffheS7kEAD8lXn34VE
W5aNWpL/CQAAAP//7Fzbbtu4Fv0Vwk8tkGTi3BNMAqSOexCgUxjJHMwzJdEWO5KoISk7ztN8
xHk5vzdfctYmJdly7cbxya2tnmzLlE3u69prk1KdXy5+nZzpgXYvH1VmDZucCW7spZH891ik
4ryTykzpfnnN3xG4+4Keca8Jz0Zzt5137uPt3mca+Uv543jN6U/olf4qx3BtZHRz3tndPezv
HveOOtWlgaaL+ydHR7vH9cUrMeRFYr8ePqBLB/3j/v5Jx/2yX8tERmrSw3q0SvDDY55gnJ+7
5YGhkXitvgkTwTX9V67Meef49KAeuXxEt3vafWjI4cnJQ0NOTw5pCIRSzUmNhR4majIostA6
2fLCqtuch+Kqv/D5s/8cfSmMvZGj2F5nkbtkMFw6jQRiqDQ0uEtrS2SGt/vdverDTZHgAv2B
n+iXsFptoGxcTl7c2ctEjrJUZLb6enbLK1tOqXfMyxmTt5yj04P9wx4t0l2cs5zm8BWWk9/a
aSKqpV5nQxWp0AsjK1JvXTIZL1oVvruOqrv2SrXWN1T6XWlz3YPu1+aSiKGtrfLw6Lj81erH
Vgn/vHMr09si85MOnE2s76IQWyW6hjxdhFgRKOp/xJ2xzOCmVQh53BzgCBcDreCFPHFu4SPI
irjRVOfNnKKbwWOFotsQQUH7LYaIR6eVr2y2NIBv2ezS5LbKfteeESyY3aXJGcVgBNdcCyP0
WHQu8HesYdJzc57Laq8y4wstEm6lykws81WTbKTlV5nmcsG+XakGwk6EyFgvUUXEeirNC0t5
mWfRdyfkD3LErrjlZ4szf7OWsBRqfvi4t3+5FBs0QahLGeUlWqEDr5OzNmX8uCljTturgNXS
lOHg1fqVEEEcHxAikUjA/SlLFd4apoZDoZm4C0VOsZgnbJiIOxnIRNrpFhMZDwDhR+z6d2YV
EyhpCm4Fs0gsgTCW8TzXioex+xav342nzmVCn2ReUBVBYVAWGcMK5Ol//v6vYVr8VUCcO+yj
Im3wNE/EFlN6xDN577MkZM4h70QLHk2ZKfJcaXzOGKCv0KS5XMsxKSek0N8q4gF2gHxCZGOp
lS8zQ4iSRxELkHQiJB2IlidTK0NDtg2Dlxqi3o4VlObdBn5htkiHjHuZM4JdMhQGqlBjGQlN
OmRBIZOI8VYja2gkngZaRqU4ncVDlFaEoIhCoS2XGYScGWkRxbyacIU3TX8LErfM8j+hCB6N
eWb5iFTGXPQKUGeDX3Au06pkDZU4ZzCq0GTYgJEU8xMZllGptPQIvsHyAski9MozOw3hLgVG
TfgzX0s3v2mB0XdGt61duZJZlPROk/95wWz8byTjURlxZDbU4Jx1EdpCA+YonwXugXaqtJC6
uEJBiCBQyBH/m/XJOqbegBzVyue4pLXsv0kafpLGDrjmI83zkkf9RuVQk4QPsopHJQFY31Ex
gStpxZ+VypaIjZOzodTGfgK+68Vcg9gvGwAvw3O/nuOtIrE2qFQ+NDLHEwP1DeZTeb4DhEYC
iQAqBoIZdCjkEJkQTQrKixHwN2HBTIiIoQfCxBDfSvQwtp5nRU8n80eyXI3w9WgyxqtgA0WE
ythtCBVwkCTdDNZNvPHEVrO2X62kYhlxsSBmSxyFzFKVcBECt5aArLCasObryvq8qjhe1oCe
YLnPM+ENjMZOc7hokkxJ+qjJCKgmXKMiIJ9NZWQk0rsDuSFcVWizwwbzlbT3d0+UcPAmwAUz
x4bG5m3yeVa9ys9/JDU5eyfAJYn7cI3fOt6idKvhV+UQW2wSS5RyvBjRYIJwNREyc7OJtHGj
LGkVRHssygbpY+znouI2dhDJkAMbhbpy5KFnC1EkUhQDcYV30KejS7LtSKTkb8YqQFTkTmpV
OQ+sQ16rmk1Vk6sJSNyxBA8yV4HP2CjCIhV7MmO1ZAYWBVX8GHp65+BKxTuaGNTiNkJhSkTW
F2Jf3m+RsloVbawiTwgSw0hpntNuGTt1DmCQneAKxuFGETVxTFtM/qT7on7qYnLjCoE6xg7K
pRwtLnk3wwSUfCral5UovOlqb69k+MMhHAdK0dsxiNNqaNHb/1OIvOxIpICfM0a8jc+bxmdn
NDNsGRfAKGOVFKkT+gx+vlOTDAE8mLoW6HyDjjo9I5EJjRZcOUDqaDvnuozzPje3KtpURVVP
zbxn5N0gYBKFLgSEXfl1Mv3n7/8YlbpmjwQpUzZLXYvIdUUBUeuO3w77DU061A3YiITGNkic
+U5Hq6cN9bScSgoEtmhG39w21T/Y2z0+dfupH7UX4vmqY9rl8Dx2sAGPAV5ZTMBjVOwjb/CP
qKJSaV3ZjGq5LoB32CV1se/JzGk1zsInsQCHAf/whIiB0wjUyUI/z1qfTz9vRzmIMDX7gDzQ
KMOczEtqiZIExoqISuCpsSL1LdUwIZqYRcJtH4BCfKL3vSZHObmGUxOwtLVBWxv8fI2mTWuD
5Xnpinb6VNQW44iL1L0BpgBzBViheWjdthHBhlqlNQ7ceTuh50rkIosowKsMEf2vAnmC8oAP
LAjrbVR/UiRTGMdfIqBzLdWWS6sBbYX0+8JWGgbtt28hjj/jt+Sw3urGGbaeBgUSpq1gP1xz
qMIC1TC2ftWb9ECg1Z7M3i0YPWoHNexrOmSEfhDOSJhcJMmtRXHmufCF40cvuP3kkvPbtWbb
z6LXnuv7hYk+kdSeAiFeADQ9z+w2wOpla1f8OIT5/xO9NhBgMH0rulwOG2Zov7HpGk2SBvZ3
23951StzLc41IPzRyd5lv9uBV8wfMG1enNsr1hzu9kqWl+YOkTy4V4w4xc9APE5Z9IGQpT9p
Xe/8emivWHd/ca/Y16eC9w7KDVHfJLhVYXHsQHyanXgtjz6XzEDgpgnSRprYvV3/qOnSqqkp
wxu/v2XhYitynElqRd75rqzcoHk7qNM0RfEFq15m6re4iYZ+ONzd7fknHMQ4dSL0jcBpIZGh
c1/hqMg/IqHD9JmMzjv6OuqW/j1U2Le/5A63P3J+fOnZ+ej2Hj87Oe/gQQf+IQwx3h+dVAEj
H/3GaSVW5bh+0PXPaaBnENAt+wcUMPEMAavS2dd0mH32rV8EnrWw555N4GdYfxwVFhPGuj3K
ChWOR02qM7V0iws0VtpEDEbuPc7o/4tOK/jHHAykDTHj/b1qx6yX/QVlskBFU/cGt6CnkNmL
/wEAAP//AwBQSwMEFAAGAAgAAAAhABHW21HhCgAAKmUAABAAAAB3b3JkL2Zvb3RlcjEueG1s
7F3dcuI4Fr7fqn0HFbfbIUCABGrCDE3onlRtb6UServ2UhgRvDGWyxYh9NW8xr7ePMkc/RnL
GMcmJnGy7uqC4B/p6Pzrk3z8y69PSwc9Ej+wqXtZa9YbNURci85s9/6y9n3y5eSihgKG3Rl2
qEsuaxsS1H4d/P1vv6z7c+YjuNsN+mvPuqwtGPP6p6eBtSBLHNSXtuXTgM5Z3aLLUzqf2xY5
XVN/dtpqNBviL8+nFgkC6GqE3Ucc1FRzy93WqEdc6GtO/SVmQZ3696dL7D+svBNo3cPMntqO
zTbQdqOrm6GXtZXv9hVBJyFB/Ja+JEh96Tv8nVEk9CvvvKLWaklcJno89YkDNFA3WNjedhiH
tgZDXGiSHtMG8bh09HVrr9ne6S8cchYZXPl4DaLYNrjTXAIzZvKmpSP5wOW7lWq8xWYjbTBK
IryJkIYsJJh9akqW2HbDZg5jTZS5YAwv0e+vPl15ITme/bLWrt2HsC1ukzkoa3SF5UWHFuRq
YMd07xbYIzW0tPrX9y718dQBitbNNuIaWRuAn2BTR33d+OqPH2jdX1/Wer0z8DdwxcaDm2ZP
uHbKL/ivBccesXNZs8DCiC+PQjP/xBu6YuENc/uJzMKTI+I437DowSFzfhX00DlPaN+37xf7
z58KiiOt8Y4pfdA0NeAfb3Ru+wG7pdCJ+Ong6C9xckSd1RK8anjeOODS3z+DX1WnXfpv/Qt4
IGkI2fXVt2ecMffwDW3IoTW7zQs5eONw+6zXSTh81ms2Eg6f82OyN90JePV1H+LB7BZIa/TG
3c55j49XHLoBF9lotMfNL6OmPjgRx65aZ1ddJXBfUs7pGs5BgHC3EGdTUrDWB4F3SfKxsMvu
PPDnQhuY/ztRAhONtBpt2UySmvChqN6ZJZTNUly0lM4JtgFBMZ1j1mdwPBAHxU3U0yTz6OSA
fq/7wU+Ijy3xl4ct0FchVos6FMaPV4xqVm5b4tSo/nmD+5h6ReZ45bBddt/wQ5+v2jyocbo8
OZYA+geyoMUpgYgoSBGsUiP3v1CXBXCagE4OAxtPICTDVUsbDHSsjkkeTsV901EgvoOfcJNk
ckued7DoRzd0Wfu5OBn9S41UdAdjVGRxMe8qCadb0ZXeGTSkJTcYwQCwxfpCNYWCgl3zngQX
dD+7DLuV+jk+b/e+jLmoBD0fgr9y9PCp9Vooaly7hfXDuD+wdseVVOsNZ5C0D8hA6Hzsc32U
fAg8iA13DPtMarUIEkrZQmNZ2C6YoNZ0eeG+vqDhwQjbhnpC94n9jl0Vo4rolWfIfW7/YM6e
TwLiP5LaAGUipGgG/Ie698Fi5Wbq/DW4gEw+SIsBsWg/kOAv3tA1xHVr3VfOVjhgm51cT7gH
0wqZ7nojXjZLu+DttdkIVQbdx2hCHAJTo5g4D9bapPHE+v1k9JVFXkn5x+3RhXhZu7OXdys3
2SmYAyXuyfe71xLcTf22jkZcegmcBH6mxgqREoY+Msy+3zITKlv4TrclEpyMc4hauyFDhyOG
G0aircnnULsMtHBTByM3syrIkQ4nDO7MEjZjFpKN1Gyh7gXEp6e8wgtnkTBwFfPMljtUIc00
kSZm4sfk4uAfF13UbKDORafTuui0EvxEeoQ0tFVrSrk8bgZ94rFFJoelUJjBF/xUmWH2mJpB
wu/JDBvNA82wPBPbjxcZxwAZV7Gx8IyjzLHRwvYmWPxmsalv8yWSumVOZuWMROXR/EsE+Aog
7bMKIH2nAOnRM7fEDFek2jxJBsi6AKxZ2mWWvLU8AbPo0SuvBE4peZ2j3Ejw+cXZWQtW6iVC
f+A6RzwHAZYIUJerh0r2jz4X287Vd1ZGQDTJc9hbTE2kEuhNhI6fQ2x154k2l3dWqRtLABph
JANY56UbWA0yMtd9hG/RXj1jjGCvSTLJgiJo8e7lK6oAYM7buFmY6IsElhVeIa0E1jLeGQBc
HreezuwKDH7BsngFBkfX8HOtQWTDSyowGB+Bq2We8EbB4GarbcRynjXx8JG2XFqBwUdQmAoM
/n82w4sKDAZULTJl0zMGw9ckzRm2E5bCQctBBQbbxzdKLWk+N1SAQJqcC5nl5lnWHfiYBouN
ESX1Iq/CFzLttMw7E89F4370GkjVHH5LW4rkQzLFgE+OWfGvCk+vNhxXG47Fhs7Sbeg2jFWa
LP9UkJHeTl9CmFk6u+a4ezYcaYQ5ukfwvN0dD4f6zIHY885mrcToJFY89kJE2wRmBzvmzC8z
hP2DPxcQC4zlx7BvV9TNtWlb2kD6nPgNV9T2ala1hVguLGV9hCnqHswnnopyD7lwg2oL8eEP
U0nv/24WCDIgtZFYUIZ8vkKNjz8zLtc0OIIax0J+OMEUU3iZV5WL9lav3TGIzhLSjemytrmj
x/lcIeId+o1qz3PREob5WARdKR00FfEbrVeCudXcjvsgNX8q8GHp9HQ7y7MiZQvlFcz92jB3
GWPkGibzvrnzuXS+ZD/MLQM6fKaAyqo4hQrluwUrps6NP37iXiNe7KM9jBX7EGUvUop9hOez
FPsQBTE46REC1HPp77gIBmw4kwVYBAzh2o58bnZKGaNLkIF5WFdjiR4V0gwLcohfEg0zNieY
Uo3O4SPFSIoPA+ZO3gfiu3pMak/43jiRG/DL3RWwSukPbOrLXETjIzISOLG7neXjDlTYiHBg
b7EdvGiL548VzwhUc3qQG1X1ssPRzD+DFWvT4oqlnFHxm7bFgkEGYsI9vSkuBcLK4CumxuwX
aE8kerthO/f0vWCSk7fMox8kDtzLh62lJDJwTIsPuLKniyy7x4/qQMzpYcKYclVjShNkAT3t
5eNoOLmtf7u+npjrQ9xsOElHM+EcK3IJrN0bs0Vacvg+7h2qimH9AJYb0Q2hnkP+/ON/Abol
3mrq2Bai85fUA0mqxsaruN15OJ7kFFQm5N1Hjh0B718Izq92+VC+F1n8MwaQgZK9HoHXHDGd
wTPTy2dtpBBiXwid5Y570pNkY6Qu29FtdaHcZKdnBPHXd6WvIJBtWhUN7DvW9QqU7NVjDmBX
eiyn71nQTmCkqce97hvrceWb46UDJQJcaXU+rb7HdE3s3yzM/HjNiLKFNhks4DMFHm22m50G
FHoH2nnd36Tlz2cw00i55G3x5aZsM1aLVON9UPw36QJO6dQJ25M/Q3RWgVvFVBY+rIBwr9c6
46yKDSueJp9J0DNbmtzmDaqynkllhc0s2axJ/Py9JvCa924tL5G+5LtZaF0I43IVLKpAt2xI
tJ8ADGfQ5yhabF4udnypCtdiwio7eG4dcZuSyrLcQJtQVvjWOzkT7SuStJto774GgY2DIWNQ
GR1eOJC7iFhKq3tgkcnCDhD8dylDGMlppnjZAVriGUH4Ecom8arviFHEYFYqr/iEplCp3Qj3
wJDiOADzUajXC9g7dtD15PvJBOk3MuTtMz9HeMfujMwQdZ0NggrcaBUQNN2I4X8jyylUPIfS
DYwEfDoO1AEzNorKO2IxuEFeFSAoAI+GQUAtm1/+SfwGJto+guK+HlxrPxL+/o35XJyCauPA
a6iyD22AUFzeI1wLXcD18AoKoAleh/BQR9cMBQvsOEJqU7IrKtkV0D0D2viPDaLQmI88qIEO
L7JAQCRXMWbDKNY2W/DC+0K8vg2n1r7NVRBZcClcpsZ5Mqkb3Oe6Lx/02D7vwW1WvhDAQIKG
4/bn823J7qQQFDVZ8/IjmWxIPrzpZPAXAAAA//8DAFBLAwQUAAYACAAAACEADAGf6JQCAADs
CAAAEAAAAHdvcmQvaGVhZGVyMS54bWzEVl1v2jAUfZ+0/2D5cRLEMNZVUUNFIXSVVhVR9jBp
LyZxSNT4Q7Yh5W3/Yf9wv2Q3nyWj7UrZtBdiOb7nnnvP8Q1n5/c8RRumTSKFh3tdghETgQwT
sfLwl8W0c4qRsVSENJWCeXjLDD4fvn1zlrlxqBFEC+NmKvBwbK1yHccEMePUdHkSaGlkZLuB
5I6MoiRgTiZ16PRJjxQrpWXAjIFUYyo21OAKju+jScUE5Iqk5tSartQrh1N9t1YdQFfUJssk
TewWsMlJDSM9vNbCrQh1GkJ5iFsSqh51hN6r4pG8ZeREBmvOhC0yOpqlwEEKEyfqoYzXokGJ
cU1p81wRG57W5zLVG+zla0p+iQYTTTOQ4gFwD+6RZoRlEE/LPuT6Pqj6O2KPPFdMpUgO0XB4
CYV2zpoJp4loYF7Xmt3mwmU4xt+XWq5VQ0clx6FdibsGK7+TBzAjJ8XN2y3NHASwd3VvY6oY
Rjxwr1ZCarpMgVHWG6DckXgIc0KhzIX5Es49TMjIH1x89HG9NYMrR8jFB0LGMGiqcxMW0XVq
99/MdrYK5JkuHrd2mzKI3tDUw58YDZnGzvDMgdzlCV1Dt/LlsTafOa5RNADaSjPD9IbhYQfl
0bbAKHI8jRCl4Tim+ftqtdgqwFqyFTiwZPEHhEQYqxfs/gkuaDa69BH69g5d+/NLf3ozvx4t
Cn5N4BE8DVNUU8taVPPO6LJ1Qs60lFFVSLlnh/1j28NE2Mp4qECo02KQS11YocbZcUq91dK+
3vxbXssKD8H8BGAaWQa+7g/IS1347z10u/j62Z/7U4TgyyXWfMk0+s8eGt9co9579PP7DzRG
g/5psfJbsoILa6Fa6uVSP9GzlrFKW8Av/FcZ/gIAAP//AwBQSwMEFAAGAAgAAAAhALnO3afE
AQAAlAUAABEAAAB3b3JkL2VuZG5vdGVzLnhtbKSUwW7bMAyG7wP2DobuieSi6DYjTg9LN/S6
bg+gynIs1CIFSY6Xtx/t2E5WB0HbXGRZEj/+FEWu7v/aOtlpHwxCztKlYIkGhYWBbc7+/P6x
+MqSECUUskbQOdvrwO7Xnz+t2kxDARh1SAgBIWudylkVo8s4D6rSVoalNcpjwDIuFVqOZWmU
5i36gt+IVPQz51HpEMjfdwk7GdiAs3MaOg3kq0RvZQxL9FtupX9p3ILoTkbzbGoT98QWdyMG
c9Z4yAZBi0lQZ5IdBA2f0cLPojjj92C5QdVYDbH3yL2uSQNCqIw7hvFRGoVYjZJ2l4LY2Xo8
17r0duZvCvktOdh42VIqjsAZ7sxlFAcjWx/uocvvMauviam4FMyQkQ4xaXiLhP99jkqsNDBh
PnY1p5dLFXHN+/7psXGTHGeuoz3Cy8TqCvMdysRdX3mnoYV3AWal+1RJp1liVfa4BfTyuSZF
bXqbdC+SrY/NImmzuHe0GbSTXkb0jJZMkbNF2p9z9EvNqPiVMyG+pOLhGzWgYWmjS9nU8WSn
I/tumHB8veL9Go2unw9t6pwIhRANNH3VPr0WJK7Rc5Z8QRupHdvp+h8AAAD//wMAUEsDBBQA
BgAIAAAAIQDMXVTwwwEAAJoFAAASAAAAd29yZC9mb290bm90ZXMueG1spJRRb5swEIDfJ+0/
IL8nNlXVbSikD0s39XXdfoBrTLCK7yzbhOXf7yBAshJFbfNiwODvvvNxXt3/tXWy0z4YhJyl
S8ESDQoLA9uc/fn9Y/GVJSFKKGSNoHO214Hdrz9/WrVZiRgBow4JMSBkrVM5q2J0GedBVdrK
sLRGeQxYxqVCy7EsjdK8RV/wG5GK/s55VDoECvhdwk4GNuDsnIZOA8Uq0VsZwxL9llvpXxq3
ILqT0Tyb2sQ9scXdiMGcNR6yQWgxCXVLsoPQcBlX+FkWZ+IeVm5QNVZD7CNyr2tyQAiVccc0
PkqjFKtRaXcpiZ2tx+9al97O4k0pv6UGGy9bKsUROMOd2YzisMjWh33o6nus6mtiKi4lM1Sk
Q0wOb1H4P+ZoYqWBCfOxrTndXGqJa/7vnx4bN+k4cx3tEV4mVteZ7zATd33nnaYW3gWYte5T
JZ1miVXZ4xbQy+eajNr0Nun+SLY+OS2SNot7R2+DdtLLiJ7RlClytkj7Dx090nFU/MqZEF9S
8fCNjqBhaqNL2dTx5E2H9t0w4fh6xfs5Gl1/Px5UZzUUQjTQ9I379FpJXGN0lnzJjoRH1bD+
BwAA//8DAFBLAwQKAAAAAAAAACEA26+ii0MXAABDFwAAFQAAAHdvcmQvbWVkaWEvaW1hZ2Ux
LnBuZ4lQTkcNChoKAAAADUlIRFIAAABrAAAAeAgDAAAAwiP8CwAAAwBQTFRFosTZh5XE7PHy
irbSxNbfvNPd3Obp1eHlmISnZI68rMrakbrVGzeP+vr6pbLP6meF8sXQKESWlqPJ5FR2daXI
sc3bd4m78fP4OFOeaXy09PX2xtngrWiOw8vih6PGzd3iapfB77HA0N7kncHZSmCnuNLj6O3v
WW6t5Ovs4Ojq7ZGnhLPP5O703ufq6+/ws73Y4ursVX605CZS8p+y2OPm09jpyypXyNrh8/T1
wNbfusza3Q0959fettDc7/Lz5uvtpLfQlr3X9vf45z9mpAxL4xBA++DmXXWvmq/LLkyaXIW3
Q1qhOV2is8bXytTf6n6XTnWv1uTqvkZwYxxo4uXxmb/YRGKm3+vyfpO+z5mvyKy9rMPWvMfa
R26rxoCdy9zj4+btP2WnUWqpz+Dq2BhHkq/Nzt7mvTdlu8XV7+Pn2d/qssDVydzlyt7rqb3S
nq3Mx9zpz9rj8fPzp8fa/fDz0dfnpbDT/e/yp8nd4+zvYFeY4QAzf7HODiuJ////AAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAzblzxAAAAIB0Uk5T////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////wA4BUtnAAAAAWJLR0R/SL9x5QAA
AAxjbVBQSkNtcDA3MTIAAAADSABzvAAAE01JREFUaEO9mu1D2tgSxgMIVCBqEMOJyItAiYgg
Ki5SCyK9NYZEKl213K2sK760V11tcdfKGsK/fuckARLEtveDd7BCA/LLMzNnzpyTEB3Vtia0
F8/4RGjfTa5sPSNF/eouq/P6HfncsB6r825WfmZYn7X15tv/jSW/m3xmL/Z1dSberjyvMB1L
Hn/7vLmoY3W+PTyvF/WszruHlefMRQNra/lZvWhgyfMPb/56vvwwsDpbpw/zz+dFIwsi9vB8
RXiA9W35O14kSW/K/MceWCrllUv/s7MHWPLKw8P4MC9ubPhvTAzLcizLNvBvmr7zX/xvuAFW
B4Q9DBRhkrxYrEUFlja5i4ef/ZWvlcPPl2Numm4I0Zr/b/KnK9sgqzP78LCsLx+pCzfLs6bL
1Y2Yudk0m82xWCyFf1rxTIVuCwJjupj+OX2PWN/ePOjKx94iy7voynSpAN8PtjEHlk7HwZI2
WzzOsYeBRpQ7LPwM7RFLBmFa4pf2TFGqza42mypIpQFOgSXTrZjZJpgK9lfgYdPGj135iNUh
QdhbnPirpijDIHeptLbWXGs2m/DUbBYKqRSmtWIx/1jAFKi5XrVsSft2Q3Dv/UjbY1ZnYh1C
9i3lRkzlUhi7qNyYajQHBqlXc4/5v2bM082mPRBFcCoMS1EN+jK8kCk2kHv6+3VgCEseBy9O
1tlK7LOLYoUoy9SAUSwqTMi9BlsrFgV2LAPykvEwINGByZcMbgsN/3cdOYTV2XoLsJmPtOBq
uC8rf5AyPEokGLxoxiuf3bTQbtOX9rlUy2ZLbwv2EZOATMGqj0a17zlyGKuJhT38Y6KFObI0
DSECg1A1C/hlc7pUKgimQzoqcDfZ1Jwt06i1bMFtdHBdDX8UhMrT0oawyJrrX8Ba3qq7S6mU
WeGsKYZTo2BOTV8LG6lm7NDUQFzRZi6iSiYMoqja0clRjV98sng9ZsW4NvUeC/sUrTZVFGCm
wbRENJM03YTUNzfjn2kkBL6yNVs4XG1di0wueDKGTN4nEvIR60JoMyNzkPcPD+9Js4KaVkgK
DSszy5y7iUd1Oj0Xs99EBQGFW8HL7QDXRmyjgdqN2PB8HGRVeOoa6s8s5P3D+koJUFhTSTUN
RtK1ZiymDOl0rDR3g9rRhqDkK08FzgLbrDC8jAywKlRjNTUXb5mV9FifKJl1qC6MdLPTSrmK
mdM7Aa5xgNouzmoPnp9YBRqerJww1I1G1t88HW/F4+l0+jXO+4fl16SqCmc8SSqwtcLaKgqb
UwXz3CUtINZ0/TUs0A0UOAlnz3eowFXOelUeqszAuuBrsXgSWHNz5nnMeniTKvVRGqxZKLG0
nDqkDwRmLJxMpW1zNFd1841Le/YkgKw5ay7HCrHHCaJnxQQmHbcprFZKTY+HcRwnVVVXWLNA
VpCJRUwxbYbKYctkMn60kxxhqJovOCLUzq3WfJ5jH080OhbZQBmbTWXNbXgnFC8+vCtpNUNW
WKXpNZK011xt90WzOQf13gYsu42lbfbqNhI+VgNCLgcsh2B6NKj7LJl2HcYBloRwzc21FtT0
gPlFUSSDqTD5gkbcIsuspTAKWACzjSFfOFjNMVTglXANrKl8hFoczPw+67BNp+GvNFYsNV3E
1QNsRcciFZKfJDOISaV6rMxXYawazB6dBHhO2PYBayof4FcHQtZjXVBUBZ9h14epwlcXHmSQ
+bNYkSJLLpgQVymRUKcqAptMKbrAh/YWw9mD2WzWvnPQPrvCLMdLBg1kfpdFMi4mbe+zYjHz
RuO9GrLTCczBuEXU8Msl6DpSqUKSQ4fmOegEMCtZFLLA8vmCOy6q6Mvnpxz3DrFmFNZlFQU0
ZuuyPpgXoIkhA0uTqhffKjD5Dw4VSXKtCeU3lYoVUjWetpvjCsseFophhbUtMNSZT2Gduf42
wDRWAZkOKnaN1Xq9MjHx+j//+fzPb9DBqcpA1B2iN2RoCHCpxw3IRvOwgUyZmA2zbBxTBR8G
c4g+qfG13JTj9vZ+NGqo+SpLrnHbDfgL7ENbMp1ZXj9dBls/VZ2IlS1w6LNMTsP0r7E25mB4
jUVR7VUmHa/a3AfVc/vJtdDI+bIBV80KLIJAd3phKmuPtwaYMGYBLB5fUIuG3k7/oVOyVnwV
F0LtheKbSo6xqFG72am84q9fbXMUk/PlrL4AFcoD6j5kKB8KS2aYFs2ALkUYjGWb5js9bQX7
T5stsQsBhZvEudgrNydEEXLx0JcWj0ZyVrAAFZgiwA7cOmEKa4/faTE0druWiAvQ1j+yd6WS
Mi9r0VK6RJyGybTtq/XzK4a15s6DI1A1oGxYa66Ag4gQHqRrQDBLhtJpY+gqOFGDfbCp1dBo
4wWYzzAKZEG01JEMbrdn7GE7BCx75PNprHx+lLfcRiL7x3f96oFZe+jyqFrj4A/6wpTJctAm
X8NMraF6spSMDwftH9FOjwVDeWoX7RORSEjol0VgyXdsMFs1ceGwAlPKb3JBq4ZG3PIEdDtK
vivRUlyosU5eoesjVRaUDYfDQaA6Edl3osVexIBljp6Fs3Z3Q2NhWDzeej0kPaBezZu9C9r8
b0AFj+yNQBCzcJUH1u29kxolNvfLjJ61ikZgEO4gqwJT0h7mlSF5r2icfG1Wlg8GVeFg8KjK
MMERNVzgQhhd9zVKijgl1CvBoKtG232+bFDYBrcrEVOLfUsrUINBW15ZWFAXKn0PhoNHWXuN
VXRhWcCChL/fRZtOJ99zItEho9sQ0+wJFBmdF5PxDxOnQ9JDlaap6gYLo7LhwAEMLk0WZkUi
Tn4JWFy33BMdv5CzQafi/XpYaja9sPrxxjMxL575J1aG2/wEWUolk2atP/UWml6z+SR7jZTR
lbcttFqtD4qNjFUJ0ZXSIkZ0ipxvAc+6fduwN40Hhvxv2mYrGQ5Xfa/QDtQna95rOO44bner
PSFzgVxMduO1vfrwy2l7QX+g+0b/mXXLa5hVw/sC+MFW5OqIDxGYNVUie8cbF/J93dWdxoi9
aHFkQWbbPbuR0+GC/kD/rd6rBrAy0zLqHVjELOEsi1uNEsn3jvvlgChyXR+uNqasCzIzyNId
GMpqZoAFyzDN7uRMbiTqzuKEL5H944dyw1VGWukg/AdWa0wv4+4ndLFyM2M36rKP+A7c0NXk
HSWyr9cvcy5J9KvCCBPjs7aMuuLBgswNUdM/JKgsvS471qWx9Lpol1S/0Vh0yJdvGXXFj8zy
DcsyHDwYpu/8NmKUIxxzIxfsg7pyuWgANzX3Rl2NdrlMa6xGIAcsQ7wwC5bG+Af+mfpyTEpH
qhxXWAZdVmDloGTc6uPll+m6WDZprOiZdWpAly04579LwToPmqmSTOtZa4UL902MNBfS4bAx
Xicay3HrNcSL8PBLrJocBCrmgWXQZTs6QrQtiItjOCbX9Ky4/esNrPntNqidawZdJ1Yr6MKV
0JiHhCQeN5QqdUEgYuqRLrtJCMOX4VIcM+qK2+3psBtoIzb7mmF8neSBZYW2kDDGi5CW+KjS
CCxiliNu1JUcQW57ELPC4ZRR1wfcAFXt7gPEfDTG6zxvPQhYYd4ivIbxRUghV0PZaFwFlgNY
urpxJ5trgi8IBqjggK7Z6gk+A1sYWjW/Qdd5Po+28bwVMeqKSJJLUDc1CRRx3CaNurIoYM8e
KTRgGeL1ZvxPgAWD59Xwq6QhXudTU3xx6hZY00ZdHgvFayzqzHE7oIsRRmA+yh4dHQWPNozx
evMwWTkJwjvwAa8xXrkickBqPI5XQkQay1WbIgZ0RVEu6AMY4LKtAV2whP58gs8k6/MadF0H
aP7sLOCpsXu644cy4UnUu6x2GbMM8YJFtxWmagWXHtQFmwO//YlXJL6CQRctUpQA2ypifc84
viRgqQ0pQR3fRgZ0XeYEAZRhmO+xLlhI/PvPK4WlrxtXU9xuxFncJ6BG6esh6FqKql0AIbic
g7qqvhFQhmE+3xBd0HGM+658I8Z4fclHRyFYRMQ5UDekRK9uMO0QUTXmod3qgw2Ka+iuMMuY
h1q7M/n5C8zmUd38lSVQ4Baaz31gGXRJUt2k9tkE7apHqsZ4QWnzXXH8WHjEN2LURcI1ENWW
f/uin2FpeeFMbeCd9/KFq3cOF6RTSux26/wd4qUBXVDarCNXNBWAnjlu1JX5vQtb//2Dbgpw
7cmXx5uR/U3nvVcO9FBUrGSB3OjOXxficf2DUReUG7ArN0WP+JLGPLT7fu8tKsZlf78scyXZ
fAINdlKWD/tHWfmDJElCd15ejYaol8Z4nU8pMN81OthZMOo6yX35rQs73dIld1s4VFu1PVPf
g223/FKSPLy2XUR4Gx7BbdR1NJWH1Vre6stz/KJR1zlsbHUX7A/vZLe+UxBo942JpXSHEEla
JEu50e2j5NquZ2ygHkKtwbh8LlcLGHXBvpb1y7W2hFne+kFrtyh/kaSEqKUG3A+weOD806gr
e+vANEVdxqjrCJ+CdUdbVozLe3oZg+2QSTZDZnj6fS+sKj0DeegDlkqbmrIZdV1h1lTeMaOm
44q813iq4XK5ZRImlMQx1V0yw5qILVdl3V/cyDkCpgaMA6sadWUxH84jr6bjOmwO3OgaLR2X
WZVLBKBG20x3QwVYd+gE9vNclGZ3wCIw7V5lmXrvwJn6tFNw3P9bXTGNf5NLhwyvyz3gueBC
jizbNiHfJb69qKUGvn9jgX9pXIjkIioMxN1WB96CbSbHPZwHcX/ziwI7nd+Cj1zcwQXGKFiD
o91+aPnkDw5MAg/2dx2AVeIC3gXz+aoX73hd7JnNLyMYhu2W+ALrMVhfwU/Sv9okc8op4EUj
cX+tXDGAsj85PzGwarK9hEgpKFSne5sOeM+hgqSEc5TybDo3nWKI2N+PgGk0VR+WSIzyYi0y
BaVcMfjEx5nusF5/+2Z8/k+8uqt+yTn2EwpISkjHvAdpRQPXXvjnFcqJhKXOS05nQgxFNjc3
91VeD6hodERonl86u72Hcq6ZpkzV98sLqBHw6JolxCOpfNDfalP2iK75hJRIiHwCs/adTh3N
wLuPeA6og5CFuCfgXLZffOoWYvV5/ZOpB5Is0q6rLiX4MeO+TaeERgEmiaIlgTALwzb3QV1E
ldcziNJZGfHHocS+e2bI0n39fUD1XkJaoviQJVHWbduo9xHJd7ziXl6UxJDTYgGaysPOHLDI
fUTi0K+/9Mq9UdvpTACiFapT/Ch8YQLqaTfju/cskRAxgHkQQpgFNB2vz1TYTvfMsI2xHvJ0
hhOp4xDWZimL+k16bV90kYKzwG5sh5yQJ6op8gy26X7x/ilFfX3rv9Ysairyh31VvXuxZLZu
Ud1IgZd7tEHc5kx3U9bouYH/nb7AXwYTMjdkvxcWLFQInwqMc2oUTgrjuvIUjyoPQL94ajNH
J+s9DhkuhbzxSml3z1wO4PSAyaZcpnaxPzFOJ1Bzq8V5ZhhTj+Wtv38BkVJ95DZe5ehddyg1
sBct9bozRIkKDH9cBapM5RmO9KrFED+uvzdpRQNc1Bi4etO/nrJHlWHC3j2GdBT5UcXhfVM5
mpnUqvvYTmde9D5kKfPdfShdnddeyn4IGWQplrOEh7yRpgdLw6T98h5qVM8sIcqQg0ov2k9K
2c17oIZ5AGLx8CDtaZo0UJ7WP828MJxcwsMHHl2M1V/XK9EgilfzUdql6p4BRxqlGRLyxeCJ
Uf2ppKfGcL3SyxxbxCUtL0IitfQ9RwYMCTljiK6EmCGX6g0s2GYWl0RNTSIxSqEy1OunzPKP
viZ+Uquumr5ir8cYUje6h7wsT/VmIFysYQZ4ImyWJWpUX+tPuzkIA4v+ievLHbnAtJec/Wzy
7FJiGZfRQUskllyhRMKky8h11Y8JDzVUlSEPVW0lGipi3x0WzxJMxp7B0CcSuxTMeWCm931P
/gIDGTK59sSdDsZ4KbA7F7QEfR3gSQRzhG4sK50E1c3ShKmfJKcz0i7vfuoOjsesDlypPjak
u0UKHVP8bkiCMqWcAx5+eBh2c0Gn7V//PBrCw3O+e/SCGUiJhMVTPubR7ijgIHqjA2UlIQW0
y6jQL7578kbQIbqwH8dAmjEjLIATeUrc9XjqVNmJJWrlXCnMUu2Tdjn6YXniCdpwFsxnNL87
MLYSkDKhJbHtaqOl0VEPHhpQ/KFP84TKdVGkXL++0WbSyYmhd0w+xeqQfhZPZMZsT1hCx3y5
vCtCY8KDiaIIvxEv1ndFnrsiZ8dV2vJQRz7J6sheuKS75MFqujmQ8BzjKonVeEBNaHRpqRwK
gcLQrsguluQOSU68W1bGALT5+pKhvH6ahRviQ04QoffC6uAXZGM/ito8ikM1KoqMv1cptmYn
lbK8PDtI+y4LaH/DJujuKMTGA6OsDqNMN/AgJyTPaJ2Pmvb0o5f8tqWIe/tmljTMKz9ggTiy
YooeiHwbogfdja4nkELlY/EgaroYcgsKiMNN5OSs/n7yH7MAZ14t0qzIi8e75fJoCOJUXto9
hoxg3TcXT91UtrU1r9wXN2u4NvoohsMOwM0ph3DHKM00otEDlmZMd4cX3pL8vXvlSHJrHkZB
fwD8lK6fOpuhH9qCvHw7PqF68plZnc5ff82OL4/P/gVZ8uwsLAgyZR6y5P/CAnVbs7N//Re8
cRV0pEeJrQAAAABJRU5ErkJgglBLAwQUAAYACAAAACEAxxxtFJwGAABRGwAAFQAAAHdvcmQv
dGhlbWUvdGhlbWUxLnhtbOxZTW8bRRi+I/EfRntvYyd2Gkd1qtixG2jTRrFb1ON4Pd6denZn
NTNO6htqj0hIiIJ6oBLiwgEBlVoJJMqvSSkqRepf4J2Z3fVOvCZJG0EF9SHxzj7v98e8M754
6U7E0D4RkvK46VXPVzxEYp8PaRw0vRv97rk1D0mF4yFmPCZNb0qkd2nj/fcu4nUVkoggoI/l
Om56oVLJ+tKS9GEZy/M8ITG8G3ERYQWPIlgaCnwAfCO2tFyprC5FmMYeinEEbK+PRtQn6NnP
v7z45oG3kXHvMBARK6kXfCZ6mjdxSAx2OK5qhJzKNhNoH7OmB4KG/KBP7igPMSwVvGh6FfPx
ljYuLuH1lIipBbQFuq75pHQpwXC8bGSKYJALrXZrjQtbOX8DYGoe1+l02p1qzs8AsO+DpVaX
Is9ad63ayngWQPbrPO92pV6pufgC/5U5nRutVqveSHWxTA3Ifq3N4dcqq7XNZQdvQBZfn8PX
Wpvt9qqDNyCLX53Ddy80Vmsu3oBCRuPxHFoHtNtNueeQEWfbpfA1gK9VUvgMBdmQZ5cWMeKx
WpRrEb7NRRcAGsiwojFS04SMsA9p3MbRQFCsBeB1ggtv7JIv55a0LCR9QRPV9D5MMJTEjN+r
p9+/evoYHd59cnj3p8N79w7v/mgZOVTbOA6KVC+//ezPhx+jPx5//fL+F+V4WcT/9sMnz379
vBwI5TNT5/mXj35/8uj5g09ffHe/BL4p8KAI79OISHSNHKA9HoFhxiuu5mQgTkfRDzEtUmzG
gcQx1lJK+HdU6KCvTTFLo+Po0SKuB28KaB9lwMuT247CvVBMFC2RfCWMHOAO56zFRakXrmhZ
BTf3J3FQLlxMirg9jPfLZLdx7MS3M0mgb2Zp6RjeDomj5i7DscIBiYlC+h0fE1Ji3S1KHb/u
UF9wyUcK3aKohWmpS/p04GTTjGibRhCXaZnNEG/HNzs3UYuzMqu3yL6LhKrArET5PmGOGy/j
icJRGcs+jljR4VexCsuU7E2FX8R1pIJIB4Rx1BkSKctorguwtxD0Kxg6VmnYd9g0cpFC0XEZ
z6uY8yJyi4/bIY6SMmyPxmER+4EcQ4pitMtVGXyHuxWinyEOOF4Y7puUOOE+vhvcoIGj0ixB
9JuJ0LGEVu104IjGf9eOGYV+bHPg7NoxNMDnXz0syay3tRFvwp5UVgnbR9rvItzRptvmYkjf
/p67hSfxLoE0n9943rXcdy3X+8+33EX1fNJGO+ut0Hb13GCHYjMiRwsn5BFlrKemjFyVZkiW
sE8Mu7Co6czxkOQnpiSEr2lfd3CBwIYGCa4+oirshTiBAbvqaSaBTFkHEiVcwsHOLJfy1ngY
0pU9Ftb1gcH2A4nVDh/a5RW9nJ0LcjZmtwnM4TMTtKIZnFTYyoWUKZj9OsKqWqkTS6sa1Uyr
c6TlJkMM502DxdybMIAgGFvAy6twQNei4WCCGRlqv9u9NwuLicJZhkiGeEjSGGm752NUNUHK
csXcBEDulMRIH/KO8VpBWkOzfQNpJwlSUVxtgbgsem8SpSyDZ1HSdXukHFlcLE4Wo4Om16gv
1z3k46TpjeBMC1+jBKIu9cyHWQA3Q74SNu2PLWZT5bNoNjLD3CKowjWF9fucwU4fSIRUW1iG
NjXMqzQFWKwlWf2X6+DWszLAZvpraLGyBsnwr2kBfnRDS0Yj4qtisAsr2nf2MW2lfKKI6IXD
AzRgE7GHIfw6VcGeIZVwNWE6gn6AezTtbfPKbc5p0RVvrwzOrmOWhDhtt7pEs0q2cFPHuQ7m
qaAe2FaquzHu9KaYkj8jU4pp/D8zRe8ncFOwMtQR8OEeV2Ck67XpcaFCDl0oCanfFTA4mN4B
2QJ3sfAakgpuk81/Qfb1f1tzlocpazjwqT0aIEFhP1KhIGQX2pLJvmOYVdO9y7JkKSOTUQV1
ZWLVHpB9wvq6B67qvd1DIaS66SZpGzC4o/nnPqcVNAj0kFOsN6eH5HuvrYF/evKxxQxGuX3Y
DDSZ/3MVS3ZVS2/Is723aIh+MRuzallVgLDCVtBIy/41VTjlVms71pzFy/VMOYjivMWwmA9E
Cdz3IP0H9j8qfEZMGusNtc/3oLci+KFBM4O0gaw+ZwcPpBukXRzA4GQXbTJpVta16eikvZZt
1mc86eZyjzhba3aSeJ/S2flw5opzavEsnZ162PG1XVvoaojs0RKFpVF2kDGBMb9pFX914oPb
EOgtuN+fMCVNMsFvSgLD6NkzdQDFbyUa0o2/AAAA//8DAFBLAwQUAAYACAAAACEAzFhe47kn
AAAgugAAEQAAAHdvcmQvc2V0dGluZ3MueG1snJ1bc9zIseffN2K/g4LPKwtAAQWAYc0JXI9n
1/ZxWPY6Yl82WmRrxDDJZnS3RpY//f7AizWa+eXZY/vFo05WoS5ZWXn5Z9av/+1vd7evftwf
TzeH+7cX5a+Ki1f7+6vD9c39D28v/vyn9XV38ep03t1f724P9/u3F1/2p4t/++6//7dff748
7c9n/uz0ii7uT5d3V28vPp7PD5dv3pyuPu7vdqdfHR729xA/HI53uzP/PP7w5m53/Ounh9dX
h7uH3fnm/c3tzfnLm6oo8sVzN4e3F5+O95fPXby+u7k6Hk6HD+etyeXhw4ebq/3z/720OP5X
vvvUcj5cfbrb358fv/jmuL9lDIf708ebh9NLb3f/am9M8eNLJz/+Z5P48e725e8+l8V/9pfP
0/18OF7/o8V/ZXhbg4fj4Wp/OrFBd7dP073b3dz/o5uy/kVH/1jqX7HUb56+/WbriuZl8fhf
X0d+uv1Fe9ntp1387c374+74tM0wwDaKu6vL73+4Pxx3729hqs9lffEdHPX3w+Hu1efLH3d0
/n5/Oq835wv+/bA/XrFpsGfdXbzZ/vDheHN/Xo+7q237drfTx9323/vjX26uzx8f/2J/935/
/e7L6by/Ww/359Pjj++ZDKw+H35/OL/7dDwePt1f/2a/47eQvB4O9PtI3r724/4vx5uN69+d
v9zuGdvu4eH3uzvm8Lt3f3ncps+Xt7vt7FzvX8/LNvof9/fXh+P389uLfvvn9e3t/345bk1Z
bT9xWq7++tjh24viaYL/3Lc+HF+vf/znv1X+K9/an14v7/7v+bi7voeN/9np/UufvDm//v5P
334rbf/8dinb7aefLuXztzgIhw/vzrvztl2nh/3t7aNsu7rd72DEz5c/HHd3SKW3F0+/PG31
+byjq+s/7e8ekBH7V8fLm+u3F8fvr587PW3b/4fd/X59lG3rzS1cQmePrJvWotx63t3ePu7q
Cc59HNyn0/lw9/ITknbjlTOc/c1Pj12fvr//8wmuevyjj7DoC8vR1+Nv959gcE7BEyO+/Hre
ztM3vV3fHPdX56dRbnz7H/d//HT/MqBfEv/AQWJBHj7Gf/L7ly8/z+qXnfxpG8VLB9uqHr9+
/7nR+fCQtpP3kwk8LtGPN6ebn09ht63tPQv1OLHttD1O93Gjrvcfdp9uz3zxHV2+bECT2yfW
/vjl4eOepkiJ/8P19UKvq+aJfr1Jgt88/9F+2j08yYnr4+4zI/v34831bw7Hm78jQHa37x52
V/z40kdZPR/Vn/wxB/t8c/XLP83p+XM3J9jpy9c+568fWriEv7x0/tL109+/dPv/++tHsfYR
cbYt97w77x6X6P7wh0/3V+dPj6vwv1hJJvFIuHqRms8zm5jm8XD7MobHtZm4p49cI8/LeX18
93H3sJ+fVv303a8Pl6fth+dtOL368XL/NwT1/nqT3KeHm+u73d/eXrRt97Tibz5ffvxFH58v
PyBk75Gzfzhuwv3lXwxkO3Svn4/cz35+XCL6e/n5qS2y9mtHz//4WT/f/vrSzTcNn7STbSyf
Tvt1+e3uy+HT+WnNHvWWd0+aDx3fP8r+p79/1mZ+d7jeb0f70/HmF1dkeMVuDR5lBzcCH2Je
X8eAbnbNUn++3P7jjyzVy9+iNRX1Mq9Pm7NRv1KKohjT8yn4OaWcl+c1/TmlanP23lId9Zbm
OfhO3aTJe2urMRhBm9agt7arR+2tLLv6+YD9bD5lKtLibVK1zgFlLJ+1jF/0Ni69t6nTFIwg
12PtbfKA1vPIVD//Th4rH3VVVOWzaPhZGyitr1vV1K1/p8rF4LxT5a71NajyVAVt2qnwNUhF
vww601Sm7DNNdbU+noQnrv8JX9fl2Ph36qpdnXvruqp8BHWdGt/TOlfTpKOu27FySlMUk4+g
KdPTyf7FfJqq6JwTm1SXPramzqOvW1MP2U9Jk8s6aJPrFLRpm7LRNWja3Dgll/xP20Bpfaa5
HGrf7bZgfbS3thyDsbXl1Ph32tQMPlPEzurzaZuuDkaQp8XPQtv2bdBbOwc715V1dq7qynZy
PuiqJVjRLrWTr0GXh8Upfdn3frL6qm4jyloGvaU14IO+GUc/jX1egzPXt0vjOzcUa+e8AyWQ
10M1Li4tB0btezo06+wzHXI3+G6PRTE774xF3fpuj2XR18rxY70OLl3Gtil8PlNR9r46U1kH
M4USnLmp6rPfC1NKgaya8tr7zs1lrn2mcznngFLlOaK0k890TlPva70UaQgoKBU+0yWXrZ/G
Ja+jj2DhYvLvrEXT+HzWsgq0tLXKo49gze3gfLC20Y2xtqOf+rIollbns1FWHUFZlMOku10W
9ezcWxYNPG8cXxZ59NsZyjoG30G3nL23din0nJZlM7lUhrLOeptxl62NrnVZVXOlvFNWaJ1B
m6ZxLaCscjP4WqeiSj7TVLUhZQ52LuVh8tVJbbssuqKpXQdfnbqo5qRt6qJufHXqos8+07ps
iqBNiejz75TdFFBS8ru+rOvW9VEoU6t3Vlk30+CrU7fDqKee2fQvnsxv9fiyqere16DJjesU
ZS5Xl6NlhhH0NoNSl86JuakW54PcpEAe5Fy5RlzmtiycR3NbNS5d2k2I6J6i2bV+6tvUueQr
2zQFnNjWKMv+ndy4bVZ2RSRDujLQD8quqt1CLrtUrCr9ofApHRuaXe2j7prZb9qyy3l1Hu1y
YDPRZg3WoC+S+xzKvmhdsyv7Oq9+fvqmn5xH+9x0zqN9ntwGLPu8lM4hfTsHMmQoe7cKyqEc
Bx/1UFWVj21Ijdvb2Dilewmg1Dn4TlNFI8gp2B/0UddQyiEvrtmVQzuuzm/osK5bYn+tnXPv
yBq4vB5TH9yaY924To69nwOuGvPcubSciim4t6e6cj2+nHLb+C7MxeS2TIkO25d6Tueq7FyO
zlXdBd+pWgKh4hMq56p3X1o51/UcfKepkp+sOVddMOrcBnfw3CKUfGxtX7h0Qb8uXMYvuAJ8
BEu5Bpy4VE2g2S3V7N6VckloLzrqpU5VMLbcBrfzkkf3NJYLTZwTV5bAT9aa2mA+a82doaNe
mzW457AwlqBNW9XKB4TduYDsO7gTB/ehQJldW6+KtPbK11XR9knXAHdmPaukqIiv+KmHwiro
qMvUr0FvbT0GI8DBo+enqorBbXQoo3saq6rMnZ4F7osi6i0ti95ZVcWgg7Ghj2Zdg6opKuXE
KhXN4KsDxW9n2gzBbmPvu5+iSqmffA0IIrjVVqVmdru+SvgtfbdTTrOeYNp0fmdVqeXS0nWr
q859kFVdN651VnXTDLP31kzur2J7UNO0zXbVOx80TdgGL7VzSK6j+eS6r/yc5nrKfkoycSbn
t9z0fstguPYuE6GMKRhBLt36qDIOTZ9pWw6uX2MFB14PKMOot9lmOQdSrK3LxdegrQe3KImn
sQ2621A8Bkabqda7kRAPjkvtDXvBNS64unyJdn9ra0Kpg53rmI+frC4XvZ+fLs+F72mP9ext
4EPXd6q+JmCiM+1zsfjY+pZQirdpU7DW+Okr54O+bQPpMpRl5WMbuJmcQ4Y0FH6yhqbJPp8B
q9o5HsriMx1y27m0HIvObc1qLNC9dd3Q40fVnqqxJSqhbaaiG723qVhGH9uE3uu8g8d58XWb
kPEue6c89cHY4BA/jTPuPN+5GWeEy+u5bgM5upSYH7o6S5kmH8HCPeN7ig4b6C4LUszXeqkL
9x9UC5/x+SxNEezpEvmViT810ajb1iNDW8wq4MS1mhs/WejKrfPBSujdb03OouvX1Zqz61Vp
M3aVD1LBzqmkQL/PrtVAWX0Eqcizx2WgrFl5J5Vl75YRoeXabWcoAQYjlc3ot1nCoejaOpS+
8rFVRe50F1JV1kFvVbUMehYSCpzHARM+Q5ewUCaP/0CZXadIICDc2oUy+t2IR7V3SZFSMQW7
jTPP9Z2UqsHPdkpp9hs94Vxxmzah966+C5iaYBLFs5DqogxGXReL3yWo8Y1r61CGYH9QNlxa
Jpxf7ktLdVO7fZrqvPjtnPDcBmd7Y51F16CpVrd/UkOIUu8sKFMzaW9c244YwGDBIeFtEv5J
p9TV5DuHAun++JSJFOt9mnKzun2aEPEue/E3N4NqKKnNhWveULJr0VB6j2ch4UvXolOH00Gl
f+rq1WNTqQM+42ehw5wLKNwLqjkkPNsBJ/bFEMjevpzdy5Z6dHznROTr7FzVo/L5LvRp8RsQ
nmpX7w1shEfu0oBzw3lnaFIw0w0b4fMZ2iHg+DEF+Ko05in5vTDmtfaxTQVyTM/PVPbBfCYO
o39nqlf3aCasevcEp6kd3T+a5gIFTscGziG4AWe8bEEbJJxrKDOYH5cuM+aP8/UMRtPXAIp7
qdMM9Ms5cebUqz5Km95tDHg3OgsLd5bv9gpkzuXBytnysa1pzT62teak6v4Q4Q90pBUgma4o
bMjNbb0REk9uvddFKt0bASU7DoUweuWWUV1gm+lMCaMvrrvUBIRd+kPp/cwRQC5XPXN1VYLf
1DWo6tJjejXmj3vmAOsPjoSpK+xglW9QOsc5oIzOfv/U7JtL5ZrZ1GozAYoOMBhQWsce1xhg
Li1xNM6OGACYUE4qD3BBTi7JaxCfrpNDCeJmeDqTa/g1jrmAR3MaGz8LueZiUD7I9ez3aQ3c
ZdZTX2cwgN5bG+GIWbbeb00AjWvUG5HI4Dt16xYYEOvRfesbosSRPTVaTaVSDEry+4e4UOsS
FkqASsYBObuXuu6a0pFxUIJ4MJSpck7EN+hImLrD4esSqcudY6Xqri09jgFlCk5jT9jKJVLP
jaF6fN0XfcCJ/O5oLe6LbnIeBUPrfnJ87p1bRnUPGKfWU9Lj9Pa1RrNzq6AeuIB8bAP6qPP1
UJWBHB3S6JHIesAo8FNP5LDx+YwVGAidKRTXNkifKFyrqce8uB5ST1UKbhk8jR47rKcImVBP
9ey+ACiLZ1AQR8luiUNZ3MOEROw8/lODJXB/PBQyMnRF0d9q3+0ZsInqiTUeTfehQFmDPQVL
4JZejTYYnIW57bNzyFIEHqYaz6lbbVBQeHQNljKIYtMmsNqgrMHJWgg3Bt8BReXndGmXpF7d
Gl9ncLbXNHhkddsDt3ZrPJqOCa5XAHA+trWd/MxtfmDPFWmKuk+6Bk1Zzr4GUJZaJQWumsbP
DxQiWranJKSUHkXALGomvU+hDGGb2WPvTdku7hPaEnbcZmoQo86jDcCAVc8clPYlPfTb+BwU
cjV0DQiXuy5GMKuPvoPk0TsYt1iA827Qr132QqmjEeA5VX5r0Lz9Pm0wfzxTA8ridn2Dk9hv
MyhkQem64YF0mUibxfFIDWBhv50xnNk6/06NVeuUPPs5bQAHOraoqbFpVYY0NVFS39Mtr03v
BdoMjskiqSzA3ZJBODvKbaNMPjYQ2+5bbxpAP35OcTA1i64bi+AeZ9InOs+wbMBLB5yYUwpG
jefUPZrAr7PftPweYEqgJL9PSVDve58pGW9usTQtAk6t0Kat+sb5AOHvyGwS+FIbjAD8gd7O
xB2ye/OgzI7IZTJBpiCUxeP1TZcm9wRDWYLz08G/zlX4ex3nDbyYY6L8tvl7/f7BD+tYw6Yn
iuAyvq8Dy6jpuc+CETTJ8S5N3wbZuQ0YA9dUoQyBRIIS8MFQzME5Haox+UyHCiymrugAKsxX
dEhT9hsDbESw1mOVXFfmYhzdOmzGmitdxzYC0PcRkGvsntMGX3TAVeTcBSd4qkaPvTdTGju/
S4gyBbrY1E7ujWhm4nC+CzP2lK/BjLuo0tWZ8xrInbkNPMEN6+l2Y7MUVaClgRbufWwL0Elf
naXELNBRcwO7d6VZ0jK4pFjy4nikZi0H9902a9W4Rdngi3a7BMrsfpdmzaVHvqEEWJxMiqdn
+WSW2r3HUNZO9YOML9pHAKVxSy+uQkF8PcheyxtERjUHKIH2RAI5TkDbbSize1vBMgBQ9DZ4
AANKAwzQ2zQ45J2SubkDyui+JwLFyeONUDq3CqAMvZ7tDLjVeTSDc3BEFJTJo1aEqpuAd9Cv
3VuEWhVgsjaFy7UnKIvHMfCK4SbQFU31sqruQhSDQJy3yb3n5eSUZ/caoiG1ro9mwi+Omsg4
lt03CKVzzA8pd5VLMSgcfJ0PaGG/F3JT934zoYjhQ/feclW7PACbEXwnV7N7I1B7Af3od8gU
9Ls+A1x0rxTnavEoHCmE5azSH0o9+0zblNznkMEEu9cQSuD5IVumdTwsfu0gapW7pvDYVO4L
wLq6bnic3YcPIqtwTQhKt6geT0QvwIZDWdwyIrBLEpKPrQ1y/7cT57oYFMLl2ttQJEf6US8H
WLC3qbpg1EO9evQ/j6RJ+HyI8AdrTRTdqxxQsYeibzq2sSnct5HJUQsk7MT9ox6MjL/XdaQ8
AwvzEcwpukvABXg1H4osLJWf4DnC3eaZPHHV39Cq2uCuXzabUtcNike68J8DtNM2axlgnPNK
9MVXlOi/Y2TAmoyBdFmJCAS9tXMgYdd29vPTUiSkVNmLCRpYRm2RJo/xo4RQ0MFWpy3a1WU8
OdqL2z8bxeUb0Tl4RL9T1kHee0sFIrf42xJ7KuitHV2zaymLE/QGbt7v4JbaDB7tIxsdY0bn
UzW9n+CWu8zjGC01r0o9P1AWz85FigYSCUpybZ2CRqNrNW2CpvINCkdVZ5pa8sGVAgDCs2Zb
YCiOHCFNfXEUIiUbSCvT71AZwTUhKlH1wQiomeCZ0Gxo4Tp5i2vOsUUtkB+/ZdqMsuE8mqvV
/aM42Sj5oTNFTStVhmyVtRzDBGXqVcZDWTyyCgoFYaEjIPXFfYOI5KBCE8DjzvOZoIyeCQBl
8WwVKKvnY7Rd0bjORyXJ2W+mloiR65ZQAHTrGnQg41QPoc3kdiN1CHNyCYtmV7kMAQHh2Z/4
8nD4+tgwf9TSI9+6c2942xMc893uyVbxsVFnwRFRfL9zHyT1zYgA6aj7dpic4wcqUvr5GQqy
UrQ3cq3cOmwH0uujNmPAB6APAj6g/px75kBFr66L4eHC1NNRb3lTLt9GzrbzDlUOApk4NoNH
UtoxN54D1Y7EnZ0Ppgp3kY4ayuA3xsTVFPTWdIWvwYQ7MfgOntOgDVEEHwH5/Z5PSxmBIEoK
BY+iznQGuOhnYa6o7+VttkigU0DpOCfO3Bkur2egui6RlgINW7+DRj74qBe4VzXidqmDenbt
siWT6neoSeaeU6T17DHxdq0m96luOqd7QamfNTkmGMriMrGj8pjfmh26skdsgNkNhZ65jeJZ
cgDwKs++6QpKQenOcWUhy21FO5KjXNvoqJWZlas6crrc0gPcS9EP/Q56r1s5Hf5E19KgIJe9
N0oz6GmkmDMhQm8DOjCg4GHS08i1XTsnbhd6sG4gBoKdI62g0lsG0EZQkwzK6N6IDlS0yzco
k/uRKNCUXMZvFMdxQSGUritKlNYzhylL2nlcBkpQp5FkcLL79DvUfEwqd3AVjY4/IIE8qE/R
bZlbfhaABDtyBLUKxcbHBr7KuQpvq+f2oYoNjk7nIFC2R79DmQX3BQDdDHKkO8pTuFbTZeBA
LimopuAW/waUTX7mch48Q2wr4eXZEB2L497jDtPIb4yuzUOwCzjDW183vP6OV+66sptd9oL7
df26I1cykHxbxQK9ATFKhuS8w5K6NdWBTwmkGLXP3PfUkSkS3CU9qak+0z4F1W+6nia+231T
u4+LNpPfzt1QZtfwoYye9dcRyQ/O9kAGnY9tAArjp3FEhLgMGQuSuvTMjdRCjHpbSpfkIwcr
oJBUprolICEsYR8BGQdBbw06irehRtSsFKqgu73QTbgCfHXAHgd8PVEuxmXIROaJc/yE1jfq
2Khj5nGzbqZQpO82WWXur+rw9wZyB3xvIN+2ul8+nwU1wNcaimdqdAuM6Du3EOH2tQaR61kK
3Vr1gXzb4vXOvSvXpnPv2i5uUfY8puR+F9IXOrd2Kbm4uK1JyKhxv3JflqtL8p76Jb4GUALf
YF82pLgYV/UlyqDyDpQgm7XfAil6GqHMHhOnCPk6NjqCCteG7k9PWWr3BUAhzUd7I8Jf6vnp
Uw6qAfeE3t1qo5BN3+g57UlSc7u+J0nNJSyUIeAQnqBw7yTidRp9f0B8+vnhYmK/dXWaanbf
Rr9Bcn1Pm9Q7Lpo2s3uLuACDSmpAHQNfdI9Z4jcGRSep3qTzwcJwlFtPqNp9KDjMqGPpvYHt
8TXIufPqrCT5gJHU3rYgi/M16YCOLO2phBuckjaNfmPQBinvIyDlW6UyhZNALGsbbF3HlACH
6gJO7IjkB72l2TXVntz/YA2Idzpqr0e9dWRP31NF2UfQV8nzAXkugaKLugY9KYR6//RDGejk
/VAlR8ZBafw2A+gRVN3qhxb4po6NrGq3Cno8mo64gbK4/taDBPUcdihkQfkIyEANKGRLuowH
b+m4px6KZ5n2I2vg+zMVayB3Juq3+z034XH2PZ1K8td0phNpH6tTiNe7VJ4orxy0oYZKRAnq
X/czAeGkI8CScXRGv3lOXVouIFRcUiz14JGhnvhgIJWXJgW3zEKCsM90IZLishdcgFvvPd5e
jx324AI8V6RfiZf4uoEL8HhJT8Upt+f6te09Bka6JsUmbH+gZJejQGSIaHkbLAnlKtr0LsWg
LI4gGgoKBKqVA2X1fGfKhQb3NvAdXnrQUZOx6v4Dnsgi+O1tQLwoH5DMip9N2+CQCXaB8qzu
qafQNynp3htoQ18d0DtuOw+UI3a/GEoIG6Hf4Z0WfxNgqIlvq0SCMgZteInK7QXK/8DzOgLq
IwXf2ZIunN+2tBjfbWqDu59ioC+/g4dMmoTvAld9MLatClLW+ZDJ49J/aKvJX1kY2pqabdob
lTzdczpgObufYqP4HUxAguihfqcDBeJrjRPfPWYDKET3ZA14d1zCDrwW4LYmFHQhHxs1F/2c
UhfUY8i4GZP7KQYqhgYjwDx0/A5tOs8vGagy6jGWgVxWx5xCqQIOwQRzHZakXTzyujoYDB6X
Gaj65fi3gVwex2RtFM8egMJB1RGQ5ROcxqEa3J4bBowP53ikW7A/I8gr51GQhq7vUIi39NuZ
4pa9ezAGakT5HUxZHlhe12DkoLo8GKktPGmbqUARCCjj5Od0os6Cy1HqErjNNEwJw9G/g5sg
GBvxrGBspP/4zk3kDwS95dkzoYcJBJ7z9Vz3Y0AhG27R+cyZJ9YCyhzIeOryeD1VCj8P7sXB
TQLWXL+zEP7xdVtSdMvgUXVc54AO65YelAAHCYV8fR8bTmof24rT0NcNBKt73THz8C3od0Cj
umbHcx+T3zI493lJzXrbHrPzEUAJ2zSdV3UiVECRDv9OSzKCUniuzW0mwNyj4/nGsh6d43lY
svXTOOI4dYm0UdxCHqtq9DgTlMntOeDkrXuLELABYnqsyHVSGYLbhyQBXbfULItT8EG6hsIT
GI3HT6EMLi2hTKPzDjpswAd1DirLjzUPwujZJshDGRWdac3TRM47KNHuOQW6z2HQ3ihQ4TiH
EYrbGCNVCbxOFqCwMVhR3hJym3bMRbHqLQOFELuOmnKdfjONxKodzQClXXytczW6t4g26+Jr
zQ3sOh9A6tazC6FQ79znQ40Z56rc4PfwNm3hfqQxU/Dd21Cd3K3QkRJ4s681FL/nUFAA9+jY
Nti48xvXglsFKDVLwAfICc/FHvHDura+Ufw2gxLU0hkBe/i9PQK18Fj1SLTctSeENSAmXR3i
KH7Xj3hbPVsSBg3u+pHsdteexgHoiO8Ceq/rO+PIWzrOB+Rbe2b3SNU89yxACd4uHNF7R/WL
jfg6gztrAvLjkmKqRo9vc2HxHqTuAi+vRRTygFXzHnlVJNgfatIEazADc/PbbA5HjUfIPUwj
lozbgCM1Djzne5xzEWg1VDP12jO0WRzLNoL4cc/2SF2p0e+shcJWTlmJ5Pvq4Ot0K2dcS5zr
uqdrOQ0uR1cwpxGldywBTyNVjvkZqUXlfrGJPXALbKJIouNqAFpQOs/mAwVYslN4h1C1aAoI
497wNog3XbcJ17rPFEpQb33CLPGoL5TVUQZTEWkBUJbK50ORHffV8JRd4TY6oY/JEayIkMUR
0xOlwhxLAIUUbl3RqgheuHkEpytfYzqTkui9ocT6GvCOgKNaJrIXPMdzSsVYqhQDBI9upyPg
JTn3lAD5IbnC2xDF1nsOVwCel6BNgCmhYA/BAm1DBq5r+ICvqannbain4GMDozn66gCU9cjD
ROaWSz7SXAOPGZTZ9Wuunz7YOWpE1b4/RIwcf0CSwuL4XhwlPMGgq5N5a9b3h6CV54USCB09
+sKBoy6nfgeKo+0n8k6CFW2b4OX0iVr9fpth7gcvsE4dtbWcD8imdW19IhvDK1tNW+zdeafn
kWC9ZUjBwnjW1elxHrs8ALzifn+eBeKBJu2NsJXjuCiuHFhtUKZlCXoLqqLRJrAKJsJWbm9D
oQSdf6eavAr5BHqzdJlILpH7IKehLcfgOzzN4DPFWRPcGDhegrse+Zr9O+A6A1nFW7Ol384j
b4GodjuNzRroB5jI7t2fuLjdApuI/teqeUPpg++ARnLNe5rS4N59KEGNqIk6tO41nCZ8t74/
RLO8TskUokQnXpR1+5QH+ICaKyfOZHv5CECJBhoKGoXHpiZeKXZP48SLV46V4vFTtDEd28Jn
moAS3TJL9AbfxOtVjsCjGBell/U7vAEb3JrUenUEBAXwKLrrveEUcjnKG7DuyZopSeaSAsri
0nIu6m7RFeUB2MK9k1BGl/EzWqfbjaT2TZ4njulORUhbA4zD1aXLRvEahTzVHFh6UDo/PzPP
3bqHdiu87FER0pODOxhmC1CvULD5daY87eXVB2beOHB7ATD36JV9Z0DWro/OgDfdywaFgkI6
NipBuaSgAF3rWHfKlPSO/AWCWLu1O4OAcF2MIte8eKhjA77jeGWKXA8e+YYSvEhGccvWTyOl
zmvXVCmoN3nGDo6FFOwpfliXsITNZsey8RxL5142rgsuDV0dypO7B3Amm8hxDjwAHvggZyon
ebYKFNBsOgJKbwZ8gFfMY9WEytGStDfSPx3zM5PK6Tghkht79x5DWVw/mElS89g7FDQEHxtO
b5XXOOMr91NAQYXz3niSxjmexALX0mYSCzxuBiXAUlPwl3dkdAQ9pZ8DShMgCmdWOli3vg18
kDPvTXnEZh4QvaoNQhkczzfzlrdjNHG+URNMZwpS1qMIM5UMPA44MxuPcMwjNaf8NhupneF8
PYFO9/MzFdQm1VFTGSippjrj9ghGMIEBDHojQDf5d4ifBqPmBQa/MaZmdP/1PFE3wmUV2fqj
fwfx77U3Z3ABgRaAvR+Mmkr9wW2G1ln6ii68feOrQ06+W/zzghRTfXReOaa+C+TXB3J0pYKJ
c9WaI6mMhPeMHVKNe9dUAQQT8jQ+oKBr8J7RUnAWVFLwQG7n8R8ok3upKbtMzoGOAEPCszIx
v4AMaJuqWD36j0MVJ4q3KSfPk1io4u92CUUb8A56bynwBSw8Eu/aBpTFcwSWChS8rw6gfs9w
IbEOJVLHxpjdxliolO+1qHhMr3T0M5TASw3gpnOPzMIjlo53gRLUJaBsbO8WC8bhHIyaEvqT
3s4UVOL1aV0dkv7cytkOveN7FyBZfp9S+oZ8ff9OTgGPArjxrDKe2gjeLuR558pjlDyjw12r
IwD561YBqZdBRQlSLwNfwAIuwHVlwrer+5FIBADOrWPLvEXiHM8rp+6pXyj7FfAb5fFcG1x4
XczvhWV7Q0zvhYWyaI7o4MHswONMQZYAzb1QY8f9YgvxQbedF94DW52rOiqk642xEMn3bEko
FHPTXQAtHMg3ChO473bh1S/3X0MJECqoW1Vw/6DDBueUdNbgnIIwdm/rAsLYXz1eSBl1b8SC
dus+/IUKqF4tBgq4V11RkAnBOSVJwNGbC+d38hOM99pfi6ZN4BfDIcSb5jo2qqUF8xmJIvhp
RLeNKLx3GLQhe8BvTfxLHuVZkNauW5K6xpNtOh/8sK7dLlPbeUwCyuwa5DIX5Cnod6hSFazb
XILp8DY8NOSSDwePoxkWfLce315wR3i1mIWKSu413CgBVyH+vcImpZopVazzWaghHFGC2k0L
b6W5ZbSs26Op+h1yVQI+WBNlkKwNrltuYaeQnBRQACrpKaGoYXK8MhSe4vDv4PWYAwqFFgJK
UFF85V17j1asVHR1i3LlmgvmQzqGI6K4ZnvXVKEE75sBUOn9zK28ueUx5BX8qnv316os3daE
ktxTDwXEpa4oxfEc2UOb4B0oIDKg2bw3MmCdd6iF5R6ztQLbGowNSKHzG8aHe04JPBSLjw1/
r2vEHJLGvV9rqqlHojNNdZCdu+JVdm2DRPng9V4ovDmv3+FBZMcnUogjqBICZXatZq0bIC/+
HRQ4lVXrBkL0PeWBM9fjeWai8EgXCaMBUomnp4NYNRTClDpqwnNu6fGsSOV6IpTVNWIU/8rr
ea/b0wx6Z0FZ3Nu6gu91hDEPm1DGUudDkR3H4qy5Dd7fXqmZ4Lg0KK37IElMCpClK8ArR02s
FCQO1g0N3zOdVgBR7t1f0f3do7mSwRdRtufsdN14JSuQIWQ7O4YWkCrPi3lvlB32s7AVC1P/
DsGF1XX/tSed1r9DXpvHZdaB+lVqZ0EhYKGjps5CREnBa5DrAFurFo0DsnVLHErg9195Acnj
c1BGR/ZAmRxbRNG8wLe+glkIbvSJSkOlrg6AMbf4V95W9hzCFd+tZ7OugJiyn+CZDArfOXRl
z1CmmN3gFbSgoMbqfOZUOIZ2JRTpNvpK/frgZiLc597jdQupBfMBGOdngdcPgjuYavgBX+O4
9FxSgttBvHGjeP42yRiL2wsrrp/gxkCPD/YUBIQjBlZUIc++gZKD+2eluIr6KXh8+/nUv/l8
uT2Nevru13eXd7vzxz8cX/5rPdyfX91d/ri7fXsx7e7eH292r37HX2w8cnf5/vjX8eb+hf5+
/+Fw3P+U8u7T+xfi69dPhNPd7vZ2Pe6uXgiPbH13eX1zepj3Hx67vf3d7vjD136f/+Kov17v
P/zPf/R1tb8/74//fjx8enj62ufj7uH7+2t+fvlciS/wiXZzf/7tzd3L76dP79+9tLrfHb/8
hPTp/vo/fjxujd58XZ7Pl+eP+7v9tj6/3d3/8Orz0xrt71//+d0F/9rvTufhdLN7e/H3j6+n
328/vb+5vnl7sTu+fvcs7K9uj++utl5+t3t4uHns5P0P5duL25sfPp7LrcmZf13vjn99/Mf7
H6pnWvVI418b7fEfu6tt7vz1839sf/D0n/zV8398/S29/Ja+/la//FZ//a15+a35+lt++S1v
v3388rA/3t7c//XtxT/+c/v9w+H29vB5f/2br/Rf/LSt6OfL68PvD+fv769uP13v4Zfrw9Xp
+/t359359Eg+fdw97GGM3afbM/x5uHz8gV1//OHVj5f7v53fXuyvb84Xr04PN9d3u7+9vaCI
/pPB8Pznt7svh0/nb/5462r764dvfn11vTuzZY8i/c03jdn8z0/f/joYBr+/uoGh3325e3+4
ZdqP5+RXTxO7vTmd3+0fdsfd+XB8of2PRzaip/35zI6fvvt/AgAAAP//AwBQSwMEFAAGAAgA
AAAhAIMGjxjzAAAAcwEAABwAAAB3b3JkL19yZWxzL3NldHRpbmdzLnhtbC5yZWxzhNA9a8Mw
EAbgvdD/IG6P5XQoJUQO/cZDl9ali5dDOtuisiSks0n+fbUEGih0PI573pfbH46zEyulbINX
sK1qEOR1MNaPCj67l80diMzoDbrgScGJMhya66v9OznkcpQnG7Mois8KJua4kzLriWbMVYjk
y2YIaUYuYxplRP2NI8mbur6V6bcBzYUpWqMgtWYLojvFkvy/HYbBanoKepnJ8x8REpmxdDMd
zbHUp2JjGokVDNZRaS4fd32XcEXr+q+QTP+By0qvmAz19350aHPf8sIPmK3enJnKBD5Tb8GU
ss9HpuTRgWz28uJVzQ8AAAD//wMAUEsDBBQABgAIAAAAIQAS40Ij5CsAALFKAQAPAAAAd29y
ZC9zdHlsZXMueG1s7H3ZblxJduC7gfmHBA0MumGplDtJjdkFriXZEktNUtPzJuRyKWYpmTc7
l2Kpntroh/YyA9jA2G0YbsD29INtwIPBAAYMw+6HqW+phsdVjf4FnzhxYj0Rd8m8SbFKLKDE
zBtLRpx9i7i//eFn1+Pap8lsPkone1uND+pbtWQySIejyeu9rZcXJw93tmrzRW8y7I3TSbK3
9TaZb334vf/0G79983i+eDtO5jWYYDJ/fD3Y27paLKaPHz2aD66S6978g3SaTKDxMp1d9xbw
dfb60XVv9mY5fThIr6e9xag/Go8Wbx816/XuFk0zKzJLenk5GiRH6WB5nUwWOP7RLBnDjOlk
fjWaztVsN0Vmu0lnw+ksHSTzOWz6eiznu+6NJnqaRptNdD0azNJ5ern4ADbzSK7okZgKhjfq
+Ol6vFW7Hjx++nqSznr9MQDvptHe+h5AbpgOjpLL3nK8mIuvsxcz+krf8M9JOlnMazePe/PB
aLS3dTG6BmCfJje1s/S6B2u7eZz05ov9+ai3t/X8vPZ8NBlcpeLx1f5kHh4wmPN5HokfG/cm
r2Hkp73x3lYyefjy3J3+86uHh6fiUX80hJl7s4fn+1sw8BGuXf219jDVO5K9vA0DqgBx55J+
ABzJ5bN08CYZni+gYW8LaBAfvnz6YjZKZ0Aj5tl5cj16MhoOE6BW3W9yNRomP7hKJi/nydA8
//4Jkh49GKTLyWJvq9ndRhyM58PjzwbJVBAN/Nykdw2/fCoGANpuHv9QjW2IjQKEQt2vkp5g
lFqj9Ihm6RGt0iPapUd0So8Axi0Jq+3SI0AClfyN3cIjFulAYm85MrTWKjcecbnGeMTsiuMH
PSTgwvu9GC3GSeHe58v+otyAxSydvC48//H19Ko3H4G8vnlsA6CJnF2IBV+Me4PkKh0Pk1nt
IvlsIaaaWzICWdOee3c3g6FP09r5tDcAnvaXVJzFn41eXy1q51coGvxpuvWMX5cjn43muAt7
0d0sKSSHfTQbDdmvNTN+7XkyHC2v1UI5F3RbxQczFui28weLjQZ+tlNwJP/Nbv5IAaXAb24X
HMl/c6fgSMbk3Sw6PAI7qRYihO0s+jlMx+nscjlWOPXJYTuLivTg4M9mEZIeGSLB7Swqclil
tj8YgFUQwE7Wng3PxMdnbdswT3x81uZ9LorPkgUIb5ZmfJbCfBWfIovBzpJPR8IVEKSzuhhF
zn7Rm/Vez3rTK58MW8UNk+8v0wWqK1sYNour56cTMDTnSS04T6u4liH84L4ykFNYAMWRU1gS
xacoLJLiUxSSTdHhpYRUfJYsttUyB1ESkxzbWZyrp0CdEJ0ii22D8ovriHLyi4/PAgSXX3x8
FhQ8ydNQ6OCzZAHCm0WzCJ+ltPziU2TJryCj8ilKMyqfojSj8ilKMyqfohSjsuErMSqfJYs+
NZfZjMqnyCJRPYXNqHyKLPoMMio3ycoxKh+fBQjOqHx8FhQ8FtOMymfJAoQ3i2ZUPktpRuVT
lGZUPkVpRuVTlGZUPkVpRuVTlGJUNnwlRuWzZNGn5jKbUfkUWSSqp7AZlU+RRZ9BRkV70bYA
C3rRSpfx8VmA4IzKx2dBwWMxzah8lixAeLNoRuWzlGZUPkVpRuVTlGZUPkVpRuVTlGZUPkUp
RmXDV2JUPksWfWousxmVT5FFonoKm1H5FFn0GWRUjB+vwah8fBYgOKPy8VlQ8FhMMyqfJQsQ
3iyaUfkspRmVT1GaUfkUpRmVT1GaUfkUpRmVT1GKUdnwlRiVz5JFn5rLbEblU2SRqJ7CZlQ+
RRZ9BhkV0zZrMCofnwUIzqh8fBYUPBbTjMpnyQKEN4tmVD5LaUblU5RmVD5FaUblU5RmVD5F
aUblU5RiVDZ8JUbls2TRp+Yym1H5FFkkqqewGZVPkUWfItk2TmqxnFijfNQzNlWzeDKLFnWW
XCYzqAtJWCy3+FQqFhufC336Qlm/gzR9U9O5TFuQtdDfKDbJqD8epRiifpsb725h3nrpVRpk
UdXFx4e1J7JAIH92RC6fnSW+oeLCLp4QlQlYhgMdF2+nUMEwtaPuUFghikygrgdXIOotnkJ9
BFU5iMGi7AHGYuEHPcZyBwIgfobaoKHqU6+3d7e3D2nfUOYhJln0+ljHAn9Vv3FyuRC/OU2h
5GR7lyRqrEOjsUszRnt0dkgSRXvs7qDQBQhBF1xPCnVNl+P05sVyMliolVGMp7dcpCLVmxwd
R1tO/ZbhJ8v54kzkd59ODEhkBnAu88YwpJ9AyROgogFpbATgAvLS++PR64koV1Jz9nvzZDya
JKILrJlACaVAiNPPVbemUkZuhc5HBwK6pgBIFu3IqXAOmBIJI4dCsI+gCaLUBtbG2FRhalxw
L2LZw49FxQyjmQlsM/QcdvlGPVc/c3jVm0ngxCmt1ew0O6QFCTxvkmR6Cj+DSxFfngEE5/ht
sryWsIMPTzVykKwAFrqVo6mlognpciEQ8uzTsVot4o8hp78+mJtRMJOS6Y1HAGhR/oVgftJ8
8PL06Pjs7OXB2dPfrTUeNh9cNR80gQjHyafJ+MH/+70v/rEPRXyDq9noclETrY0HBOvaxU36
4Izm9dCn0CFREUNgKRRpSI/GBpAF0NBsE7dwNKjRSAQrEnYrCnHSyStBJkDarSKkfXTc3W+S
jUikHYQbYi2bfBtx8lWj14GbLFgMCQQSTGG4EVA3R1H4AzZklNC39MNgnICUAR4qqIXqYBhJ
3laTcVpUv7sOTDtRWiSSCMOUAL45mOIP2DDl21dd1tl+N7p9EvbvaPvKfNCcqKggSlINohg0
OZSsdqlOmTYAVjUdh6r65XWgKqtaQ4xKXmAYqgTyzREV/kA2Uaku62x/J0pUZDe+o+0j8LO3
r7qss/3d6PbJ+35H20fgZ29fdcnZ/gAsxt5gkaBAjzg2VIGuK49ECT0DDHWq6V417IZGpPEk
FTejRrBroWQ/xw+UOiNibgPXy4rbyJovRHumR1bDLtJE4wtU9aymWiu8QpA//TH5a/2x9F/g
fATWQEnXcfhZT/4IdDxMxuPnvRl6d+kUgBHpKvw82dqoY522N1U/XSzS6/j4GRbL4vShCYTU
tBYjv4pNwKcIvEF6gyVMFbwRmJ+mItLDKAOqf/F5hBSKQjq+Nsc5H4AvmV6fC6fcd9D3JyCP
T1NZey1wYIt1bHwFa/3Pvevpf6nJTrhkj8dtfz4m313fvpzHxV2p9g7Z8J8MFP+Ikk7gWcki
yOJ0ZgT8ZFz03Li6ShLkOLCOJMiC4nQK+GdY3p9OX4nn+Ovx/ZMnPss/hhM5byNRIjde3Y5m
kR2J5/IXXQf9SIaAtLAzsi629QrIdwonv4ajOAVTexEidlgBN1iWlOP7KUxIs0WQkGaLu0ZI
hQXMbEFxHc4esCvVFiKoSqTKuxIdJeBzmgZBA483BpWM6Na6AINzQjJMtkFxO1sEhRPQ050S
TrNFRK/CQu+SMtUBsY0q08IccX7KY8P756cfkIGcYXvEFI0OeivHGP4qs8HJH3TgyCYyXaxD
owFnCrJ7bNdpobE5ms0u2h+OL+8so7nTovhMbI5Wu05x1miPXXXuJ9aj3WmhPxxfR6dRp/Ba
bA4AmApdQxfMhXABonq4Rplv7xymy9kIztbBwWMRSSNbx34qxSH+O0lfzNL0Ej9bgkb9Uo4V
VJQUD3vjMZPN+FAuxTWAKtFXpSSzjsiOMEkkaEjnwMAYceE9gjXDw6pAc9WbBhQXhKSnYGx9
IzVXH5G6hv4qTFYApLBmQPC9f6rBMY91ovB4MpzAoawzXRHg+6dg+osONVD6VDMg5YE+lItf
40qBHC/I3cqkqVIJ8+VUZLhmo+lCEHJ1TJNAyADSaFy96QZc8Toajktf5Sn7MkLIWEj1QvyC
yYy4I1OUxGlDPPuoG0I7dcEQRxwJNntHGP22t9TaXSXameHk0+J4ek83ZGyJlHW5LVElgpLk
62Pl+IdLvLqE6TTdENqCrddyN6CsAMtgCKcpHKvD6xIqwfC6UA2GO4uMAAEVYBquvaPLIoy5
h2FAnanb7cINDLBnAK1cePWwHievQU5FIf6K2jcP+FBtjAfUUHGM1yWEGhemjR24e8aGKQRQ
WcVKSCg1BE5tFsYHcibk+PUZ4GT0ejlLGDLocR4OysaDtAVWyqgT3hhAoXcJ0UyrtCfLN6sK
MBFaleCpjFIzoJErPTZHxB6d8xovTsTy8hBClJQ1Sn7o0LNxThoFg85FVazESix2Tzi7zeC9
qZAKgKo8UWsQCrsc4FqR46LAdnAWEQPgvryCxrshDESeo6Qw0HAjT6Y60F2IBCJ6JwHgYaMM
a90d8K0OvE0QXQx0xKvYHIOdA3ukzbW1EdAVlvxRJs0wLUk0yrEpkQZ/I4nQchLrZrS4gsIU
6eX6Lh2BgvrcRpS0YqlVEErayT1JwYOdMVF0KR/nCaH1zfHbVqiOwe4EPTu7HR5adU1LZq6H
TEsVA3SjXzqsE44cNlRlUGVaZjZfRHB7MjJtIQTTMGxaH8FBsLrGTgCsTkE7rsQqY/e+n8rv
Tsk6PjISpU+F6qryNlinLn6BHAeOO09YERadp9UpOomB779gbCkbXkELbnCdQM2dM3XjnLlb
51kRlzF3tneo+gu2pZDidgkQGaePMO8KXQycbso3MJqSj+5wWFHgMDuueEk9/MCiVyp/ufhN
SQZxJqUII4QjRnT7J2pcSruYHVXtG4BXwL1cfLg23XKkSV8e0FHGSXcUoEAHXqnomwMaE0Jg
RHgOdoqbimOBpInwO422D/Cfo46aHVUrq3ra4UbRCnSuA6imdxkgZEQb8VJYnnyixyEsQoqU
Eo9xSBA9ahZV/FZG62nMiSMdAdNFlHTIOiwIYriHS2RTLR0OH9BHiNjN3j54cqy+Q1PD+gzH
S3A2MaRlfW5bnzvW5y59VnOo8fbYhmoUk8LhFfML2/TZnn3Hat+lz/YvNtRP6GmdKZsU+M3Q
FP7JjmQGWaBZQZpWtGmJXVe337Z9B2JArYlLCiS3m8dZoSztvW5OOD6RRyX7TLtTw6t+RNLg
jc3Iemv7XjgLBxAldJUs1cDoQ/98fVfUD6N9jqIAGN05AKyQvNZy6ulkmHzGc24gzpPP4A7Q
kCy1Ux4xXHtl0DGhC2jDlaAJI0pwQW0EDtC6q+V5M7nafGmy5mp1yNpRdjtrnUVC+PO0mdwR
1ZdkyMdN7KjTVf5eRepaEgwGTsKBDdnhFfbYdFiDyxU6earkSpwmwybzi97r5BSr3ZnImEJT
TVbCBznpXVQFv+jNFoHaFPH4btWmgCigWJvKhxVSjTqWYXRks+LkgoCVqKX0DXKEoWhYVWrG
xKQWPBnZIU7XzSJwi1P71L7CIMMYF7sOszXCQzaVh4glLnBwxbBxUi6FIOXYG47HXTF5nSWD
IbyAg5EXPH+FDe8WmMqCvYtWtZEQMr4CkFJiXaNPWEsO+tBugG5l/LwMfvj+MpmLeEYQh6ox
jkiFfVwlV+9F2WJ9voaFBPSEIMI7U8KoPHSKYSgH3kdwxfypcBiAjmqKgUjCNIJaqTZicq4i
hAaSkxKlsdxaEWs/tubV9Fa542u3oO8VVk/TAPRUY0ZmHLGusuacpW8B7yFrRaC9rLECY4wG
Wgfr3wwlknFqcgWfu4DOCOFJE1gMWYAU3WRTlxqYj7FKZEvYBhRUdjdNQH3hkDEaMvDdvyWl
EoaiQmUGKAHQFpxDdKCJJMa4cTJwPN8MOhbyIeAYCSIQzxGGsV/XBpoANSylInPsDM59iPyI
76zB81cZiRMTzoyvl8wOOxokIsp26oMizLCdimIpYjv4LrDgfrAFoVwwZqSgk4MZ2in3Mcvp
6qoxOw3a2GcJnCwXDlQIEIJCdZvNJSxIlQmSOKsUdZthlQEDUqw9Yl7DylULX3c2a1W02oD1
I9cbsx1xye/S8JnOgtJoGjV8YMViCOLehjLs05BNTCJUAuYYd09Xkv2wbr2fTS57HuHE+Tvk
xOJKax5WWrB4RQsx2Gml5R/YDLwndv0LKorLlnlQtszvqGyB1QZli1jvnZUt87Bsma8gWyT3
bFzhQFhKvHaUWw7zFWULgmDDyz4Xdm064SlKani1epIyztRk79xlL5XbYl11SW1hhwYUVkVW
NiGDp2YVllZPzn7LsFTuPolqwwyEjIBuUGhSFmZB98EODubiqVTyyj3bUSSTpVXxLUQECVxh
eapgKVtRPJYCZ9EQ/+rRVZNavVuZr3O45QIut/cVFD2+BUhyobrjJgrrZaq0hLvrZJoqTkSc
T5PBqDeWddccarIVrlXEQxQh6NlNuewbUIZOTegdux4GdJtasdGHcA/ilXDuoJFUPOWMhMwA
rrCP/KxWRV/U6bgQx8UuZ8kPGd6w5RU2Ic7iiHHyXQPx1mm1Beu0QEUKHlclqkEj68WmEI3Z
KsL2qO3n8S0SlhzVodAKf9V+b6us0yH45g4/kuN0yOWInU7ObUgFblRqy/L4+AGFRhV3LnU6
ZMBZQHf2WuBWJriFQgZWYnMUuLepu4O1afHdtuhmJ4v9A0LdPvpYyrZgIr3i4oELIRYiJ82x
rbKD5oAE/20h91wUp6t7LtLXVFBVnjyuxjSpVXa3Cd6AczrBIIZkjjVO9OMERouVU0nu6Rku
cESu0Rjd+o00xjDJyTwClKvU48Fwm4JgLOBmK2xbkeM4RIqK9JeDHYdWZw1okfNXMcBCoT4J
Lx1dL+jiVQ+t0pQFsClSdJ+R5pWbCGVVJVCqyasu7jWUeXlX497Oc+zNQnae47vfvr4SiorH
rS/E48jRGjvSYctYW/bmStd3yDeuBamuqIpbVbkeUgEHqAr3hq6UBcmogMe1knv1VKT0VDmk
FCaqXhsJ4uFRdklT4Rg7tpGfWZamKlAVYsH8fJNccPh8E7bRXsou2AkCO8io0CIQW2rzOAjy
NYUEPGsAt0S7tbdEhw0JO3HOtiI91e1jkQ7qbBfwsEbE6+3BlkH2HuAFm7nrv6v5NEcy5VzJ
AIB3Y4YiFlASG/ogIwLNj3ML2BMoM2DP3z0jr2m8eVzqBYFK0MFfxSeu9H5nh6MZoP3aiue9
8evlpPYRBHNHA+FXmRdwuk0yHin/PZQX78vTHyP6Nv/8UId9ZfZ0DYRysSwQGhHKmmkqQqdd
hEgpRgbHkUI0MThAwXviO+8ie2E6yfP6a0CI6wEBoYgW+PiQQFcRhLhGV2Cw7gf3rvXS6kTz
iJKNBir0xAKdfmI66QsQy7jxtrTg+kaALqJtPj4kmMY1Cokym2y29SKxEfBcxE20F9kJqhO6
rd8TaSABafUFz4pr8WuveVe+dlOR+gpr5q9BFIClKPNG1gzhH6SQNRbN3zIoFk0XEW1m0W3X
f1oB0vzdgGLRmBOFt1C5rwuohjoaXRncLwnpjMiHNIJMhp4bULJHDbts6K1gZWEvl/QUrnQI
vIeP1kuteRm8XIHCpax6Ma7NtpWXxeP7qdDKZiJIvqhNtuVtz7ZrOapxdC4EnFxlXmDYDt6V
q6X3jSKv4LR2kI6HwjYKV53KZgkO/HepLIE53HkPRYLwEMisjLbK4Jqnk8t0mA4YatRzuQ5X
Akjwy4RhLszvnDHrOBZO4EoF8gC6atWcZ8iCsFkGxwl8qtcSWBPl6GunJkHr6ydv4UUO4n4l
hhbTgoiJQ5/cUqf0oA7/nZxIvG2UqM6SxawHN8eFxRq1vqLmOIU9leODO20e75ONQuaSwtjd
c5rAWNMJuj5dKBmgIlFxYBMR1TAoBantXV+67M+g0Mh1tT789S/+4te/+OmHH/76f/3fX//i
Dy1ZIzsjRLlVPAb6VbImmTx8ee7O+knv4e+8qFb6zBiB/+pP/vLrn/9oJomUy/yQ0Dmptzv7
BFAihpvRML05hHfbztKx2hH1MIm9aMWRD+GL3lV63XOBcT66Pl9OLMhSJwTtm2Q2UT9LnpIF
bXxSUoJr0XCQDt9eQHqHe7SipSaaIn5tXGrvN9rbLYpuEAALQMnfUQUOaYaeOoS75Rrin1X+
55F+nK4m/l37n/ywkCultw+gYofKbfLJ9S6LtQ1dthtlVFDLQN7749HryTXYy4rDrIo6gicp
v9vg45vHOVLz86uHh6fVSk0eq/n6D3/+qx//6Ouf/Uvt6x//wdc/+6daq/Zbte/86k//8t//
6UffrX31f/7nr378p1J0es6cULGfUUTCvtCxJVgjJGxt6vXBbGJ9B70F6BI53pcT+ZJvAL+t
X2SeIRPkIv1QbRFYINPL5Tm7pkfp4E0yDJgd62+ekctHB65e0Xq3PxqO9rZ6s4fn+2JV+VBz
TqAZfQGvAkzTidALTNceyDZUGnLnHnXYKiMzFNTstnebuM4yZspRulheWyo0aJyoGko72rnS
tcMaJIfiLXbphIEDMoL4HBGfAYmYVWJTEv2G4aJ4AqDTaO8o7VuMo/pyhTpQrgShDBIyEgM7
bg0CenLx/NkLKKVJ4dj9YpHwImPRoeb0yAOgDSh/egMxHltWr5dfTq5Gw+QHV8nk5TzIpzuH
reYJRa9IJdw5PRp3Q3flpf7xDo2dFlmVlrPjeLLN7TZtP9aj1e2S/xTr0e6o8ttYj057N6fk
t9tu5Kx0uyWvAIzvdqfZzlkpAIxshthKG/X6ds5SG/Xd3Zy1QpV0PQesjSYsV8rS6Fpa2zJe
G99yo93t4HJB6sM0WAy8WWNrPcPqo+V4dH14lbiqzH5KoS79CEWELdKLpviK2gZBueKbCkx0
RewCfzKJ4LiAcg1+Wxr5Ar43H4xAzWu4gCg3VpT91AcgdBzMrYEEUK0KiAjXBrHRmum1MLrP
9DtLfWD2JnAdPr6msQbqwn6xqQuO/Xq7dXIkQUjgMCbiBrS9XHfQALKWLBhArilD89uK69DM
a3RWbKfAxwhIATP8AHiSlykXpWf/53zoU7sMAJgFRVZM0J+Phopg6vVMvCih5jk7Yet1DWuD
tnG+7H8Ch8uZiWYhbE5dQsaGBSy5U9tkY40BGNHvGzjGEKvN3b5cB9pk+bZ6Sazby4khnvpE
JJgHV1xsqT2J6I6ilQ0TQ4bH12MU8dXf/91Xf/2z2ld/9Ldf/exfcxmYi+wWCcq4fd46qrda
B3JqMiYhcg2wEBaXoBAQw21IG9OTva2dlXLIGbsWP1Lmfwak7/zyz37y5T/89Ls1/UFMJyNf
+pH+UKzN9Ap8ykWES3vN3XZDuUAE4owIrrKILAPrjpRH3TzerJXGo7KgRt55SMzTCX7aoEQA
bGAHfrTlcXw9verNR3NG1roBxRnnbeUPx3n7aGf7cF8V5LyYCdlqV6GVFOR6xeeQd4Dwly+q
6TGuttSaNqNcqMI1HEWjRggkCvaW/GwrSjVYtrjsfHTc3W9SaRFZeHIHd0GFiPJOXhoCT2u/
/Kuf/P+/+fNwON+tBrbNCTtGxkkwv/5zu9tpNyh0dldjFZt3Q+lOEaCwZG+rCb660Kbw5Ww5
hgcqwg/cqTXv3haq3EvxUsJnOEzFALIEIkjo5UJM/OxTnRjEXAxskaAfcdHc8lVYnvHTWBM5
a+5zy0AE382+EqDV7ZzsEt1ZLEKhBseFo2dc5MLs+dIqHCIG2t9lskrUf1GSKsMhijGCQNhZ
Ale0AaRx366A+IbRfKH0fWPXrdHUnoGfhXKpIoOQEHAWPSB9r4rko3SwFP77896U4Vq11USj
JNN4wU9mHqCx0z1pkEVN7DS/0j6mttKQ+omtAQCXo/EY2Bn+W6kmUKvdI3F7qK908WHepmJ0
7JLtzkF3u02RC9qdkUdCTYIn0OzYrgDEHQVAlXCBv7hYsUb8AJsPvFMpwxUQSX62RXyYt8Uc
lqxv1zvKXrqragiDoQAyvArGiXfvtm4rXgoUCiugc/byCymtnZ0iSqvR7JBYrdCYN6qIylKQ
GOaT3vQi/WhmBXkkd1syRWsdqx6ennEdAxs3v1TCrHfUTg5xv4DUr0hKT0KpJixxET1qukse
2bscvL3daTYPJRSIyt0y0PfItyQa1pfeGVG2t0XnDdb1Lg/S9M11b1L7eDysnYt3yAkOIeOI
tyEq7ddccwqELiUVYBa58bKgA6J9z+R5NppTcBh4/Y2SQAdYjySJySWzg2a30SK38q4KU4Cj
IvaNBS2MpGyoXKJNZZ0uikxtwpMKRQmra2nNVU5Zdr3SsNzqMhLLkY0mmKk0NNr9cQ3txCYy
qQodZt8MOWhEHGlFcnEK8h2S8I48ZglH5gEhFdWVIEv4mzR84jGQ7STHN8psKjCnpDVF1KBs
LOeh7CQlA86wPg7nVym8OA3ojUsIbMK3E5CocLdzfNSs79BhH8KbpW1J8zsenfI+c8ivqA7t
8djGL//3P4aElL1UgrywEc+hVjk5OlZCDrkDDB7dcuq1GOdI2kF0n474EnbefXYnFOvHGp/2
C3cL1+qautwwm9j6xcIMIhMIpyIsCEIV/7OKVfZA9fT/so7M6hcjUKZIySKj+dkPvT7e1+A8
knIKs/P+QWd3l2iGiOo+ki+K6r3C/wqNfyohqKJI3dMha0Tyi4orLmC//P2ffvmTfwaZ9W9/
/K9ha8xWJoGIa25Cb7vRPGofO06AsoTeq5QSUKXyAShmgWHUgtFX7SIM4JgFqMplbyxUBxxR
Qzt+vbTUYW886s9Gwl0wYtx6SD6EeoK/aElzquNy9Cw9s0n8cvbw5EzQQXWC/83rNwm8VZiT
tW7AtRaWp+2T5tHhgUOrML3MVMGHpzq2ht4G7EO35pK0fsnWe0r0+qo/2yURVA1Ep70PTeUV
CmxD0d7BUIlmm0JlNXilFHqwHI+TxSkzJ9TzkvS50z7ad0OimgId+kSpXIo+39klJxvL4ofv
TlxRUhoqihy2KOjXFtXUR8llbznmJVnqOdKN6wy1OXFkGIPGxSjufPSGnyzni7PR66sFRASB
cc0t4UBrZID6/jMZTEp5ODrGuA+eioFeot5SDcLdOkk8kb6Q0f5QqZSjihQvbNzZYEye7R7k
m1sufhvdxomqzSZYOyfsM5Cdq53uFPfHI+nS4gHiMPY9fCFP2FhVvie8Ns9HYlmEQYfa6BlX
Kw7hbyCcDybPFdxKDxYhv3zGbgtpHKq3oCKSYum5DHKErRrJcPNYx/y952HVpSrxdWsu8cJB
AYJ61LZqdCBfhDuPd9ndwf2DJFO/uKFIrXt/os4I3J7N0/cQwW15Tr4APIBMRTLU0GPQdCc6
DgvIeG0QzDoR56bGEtOFpOczcML8u7805TkmVXm6vFNC1dL3yAfm+6n87uh2fGRijUrcvnPK
dY7664odRc7qbNPmqZfozI/IexRY2O8MyFIlg6Ly6ttHXXauX7uLtycVN081JNf4ZRJGHlLc
xKMcknnUaOtnj+LuZV5682I5GSw8GXfsfS8g81SwTp0e/BYSIr/ZwBAi5dPDhEiN94S4t6Wu
9n4PzMZbE5Bt5kkbuqR8Q5guqfEu02Wj3sx1Vr7R/sy3T3PD+dqxKEnyrT31HHWLR5B21ixX
KYcdDuWN6tb30iRE4H6bdK+iGp+aQMSpphBBlTX0NNU4Tqwqf6FWFbWFv2tWSsPy+pjqCDr0
qmlzG8MiINiG3naBNNMGdh807eXuw5a9BTcETq6ssPfVWO0q4oxyOlhOrz8I7gKfbw6BcEoM
JjcYrBQ5Ikkc3JRs2NyuMERhNmVCi1G3nvLEMEaJe4ZxCHf4GdOS0EJmfzrc2xIl3hdQTsB0
G9Z+YwsCBwoE4IyKDpTVvvj5ZDjrDR/QXxlwy1CBEKI3hbz0myI7UjBSp0ARhdp7EgyxSUHn
ytfObgTz4lZMmArMVjT/B4DmItfLKVJEsvCVoyZHLKKTVBOhSeyhCNPq7lEnJVLF8YbXs970
6gTqauS8IVrNo1M/6WnSxUHgEihNrw1UHlyIF6gKDuYlqtgUv4dOYSJv05SE5GFiCJmAjKIA
ioqf2LSrZH12ylhftUvJYf1dpIbDt9epIH1FeQpBi+J/rjvEUySusFovZf7fZ3EFudxncYVC
vjhhqhgeoQ62oxql6QvzXDiNk9RUmRMS8SYpVElRCHgVLGPPU0ga99QkCIEy+ItnQkTK7Rsf
0LwiFowkEHDsiloh6sUsYqCyjPhRFSpM0VLFSGNWlmIJG08Lhg9+yN+tWAitW6MuweipwdKE
dAoARzq6LzdRUouIFc5sSBAHaVKwVjY9MvpDMFt2GMUN70a5yVnC32IBz179Zi6ZrSXHNPnp
ohIJpeV0Okvm832AMry0Ae4qlS85MwKtQManT28LiL36Sl8tYDAVtO76uCRm4616uXCGu67s
E/8v0yHaXEGbxfsnF2O5QYl7C0bJgr2t1nteh6ZoMU6D9/Qm3FvHDpNCLHqDALOi0MG6t5iF
xSzoLUhr92R2T2Zg/VdkheNr0xqfDG4YrcmWV6IJ2dizsGWzbLJNH/u5MFMyLnAqVh7mXNFC
0cFIGFm0gtvlR5ELHQH2HKCVrrsvYNI08/VI09gxQciX8m2+Ne6MMXlXKHpSJjDFA4zPrU6E
Rzxu8aMCB7nedhXnZi2XiKJvnCaBuo2VvoFqe0Wdm/zLJI34MUPzt/vpnsOqKSv8RnDYhvhJ
px3FzSUHWC7AI+uirSYbS79aLaAodUEAfDDndxsYSwFppZvfyxQj2ismMSPki3+9Nt21XehK
mJD9sLLCMOI7GGThJCrVT0XmnpLrOugaF8bWRR7rC8n7SMp9JEVc3aY8W0GHmgYZUaoHsb96
ZCHqNQaFRdLmYfYna8j6XHBvjN9fYjNfpNd4iyHU2AuZoI0HyDIcHj69uGA0LdIP2FIgCVEu
pO0mG+6yqcATrjm1Fjlqtl+pVg1cBZ91DbztwJcPkRhQyECpdem5m7GLO60GOO4JcOv6Vjpy
QOaIGVDC5wR6knd1ahLHAh1xlSyjcWypYRMab36wSUxlgy1O52goQXhMFD6Jwj6zdLNXgAx1
W/TH8hoc+PAU7364oSvh5Y3Kw896UuxD+0E6GyYzfI3aIp3C1HgYfA4n02mbn8MrXJClIa4N
981jLIouqbbvdRABrdVHQ8QCJMjq42fimovVh48m8Lqn5Mm6E/zXVScA1Hmo6I8Pk/H4eW8m
wsISMREcEuChtQFv4IMVeDjWoI2MV6CLTCCXphcjvwrqgk/IAmKB+EH/9ADMoCJFhOpwuDCI
GO9QY02aKkErpVhVoPoVOUUuiwkZChsyd6C6MgO5AwoA1yglKQqexWC+7HOXezF4hc9DEiUO
kdi+41gsevmNLsqEdxqIkzcJP1RgutSGSY06hdZvC8P4W2ACgYO7rOV57rCiqC8wnDr3atLY
cEVosVeE6JLkW7ukjlVqOTcGWSxHgWKndiYQPN7AHXXH/40JIniUR6ox5tLXLH2zTVJDZ8Gr
qhvb9abQOzpB1Wjrl1BHaoZD5osjdCmlwQw1KXkBHyC3coJHjpjVxtpJCu/8vkmGUHeUzMDU
fMPwzXuE0F9e0mrrzLkaC16IR2/2uHm8BCDa1lehbRYV00LJ2v+zfYtGL2qwPuHfxwbuYwPx
2MCnozm8bJ7bC2df/J1qQt6DV5rDWy/wI7/UVr35PPvlO9Z1bHFfKhi7tvSSawoaIbbqgRAt
lbC8gHGkfBqSPradZJcp2M+FcFMCBWcSDC45+t60olsREbYm9KDSfW7Zu3qBusmv59a0qwx7
6JVqOSEefQPjNVzy2xN61dBZwICSvSSNyH/xNbu2Mm0FzCn1bMXEzABIqYiHZ+hOOFWT3nXi
UCSqm6CSiatXRtZyfNwE89n9nQDY4HBVWZFRhXM8eQhvZBgmGJoaJvNreNM41FdzuSo6fvH3
i0R4YdgZPsxrovsXf4sDQrLG9Z9j0obLZfV6R08uLycgzZMfQNH3y3kyxB8sJY50DthJESum
0q3voUNohUwzncDMEw8hiaXuIYgY81kM5WtUYH99eawtukhoOabxeq9+3IBzuD9ekIL1pZlp
CXGQrZXjcoqg+60n3EzyA7cum8pKHgAzxpt0SeHkYm8iTHIVx1upIlLbbRKzP0j6zHaTLbXv
QNt3gxruniiybTDxekjAkzTJ9qFikcw0SjBS4It64TevE3LiesRm7C2jv80zEmTmgTjpTN/w
x534les7WOQHmzSzl0hEFbXBDnvTBXhZaP37cova1rXDaJqQJXa8u32gXl/vW2Jm2/Y17X0p
QkkjhCJAK/Fshv10KN6oOEt4/k43hKR61sF7e9ckz7iXoe/eMjVdIr2GvxXyNXJl48Us6S8H
V8mi9vzcdRyen9eejyaDqxTjdPuQ7YLDy3ZvB+bhe1tNGtVzHgwaP+k9/J0XYgP50bmiYSsF
ZThbzPFjLprA5gqw5FR0lUHZxpGTIUw2ioD9Zy9lfefxOVNydlsFwNfGu2PaN9B9BfjqZo4X
5+0R0l//xiGkqDwX/liCoVyGD9lkSXPv1pUrHFpLh0Ps84C+g/ibvZVPnhw7LdBT5l9VV3gg
D3JYD1r+kLb/oOM/6NoPnF9wZmczN5y+YiNN9mQb55Zi1Cu4KBZVkFCUE7jm+m63u7N7QC2y
wiLXwFwjUezISG1zipJrnVBlJIAF2aY5xJW25Rlw28lQiTvl2wed/S76hNpYlxpMv6ZQ2Bpg
C/G3F7bhKJNUD6gVgUdxW5hxF4WUYAuVe+d3q97kL1CQVUq1Vu23avCutC//4H88rtU/aHZq
//bX/z1IFgLhUO9C9+SK2F3G8a728fZxiy4zJ9WekeTQMms0/nSs3A7S8Y6UU3DRA771fqAv
xZ+Jy/2BaDrCRlHmvTz6BjE/qDzKOKttzKXKjj7d1MD6qz2/cA0pY+yT9X9h9/MdgD4ZsY5B
JUnQyI34Pfib9gz2JxDN08Tv+wbYWqNmYKbv/PLPfvLlP/yUvFlXMO7sdOHl4Y5gDJSqGStU
iiX81wJE2EXyBeib9OHvnpEUyUkBOwI0wwE4SgfAd/2EVyGZljxJasel9Sh0unCkC6+DTr1+
6AoRQ8JYkEUbdIMhfZgKZGbOrosaEu4qffTr1nXVqZ6IyAMq7bQgrNuAIPdQbNJOXzSLkUVG
XF2pmfn3/kMAAAAA//8DAFBLAwQUAAYACAAAACEASU5Mj+8TAAAG0wAAEgAAAHdvcmQvbnVt
YmVyaW5nLnhtbOxdyY4ktxG9G/A/NAoowD5Md+6VNVBLyNrkMUaC4BnBB8OH7Ors7sLUhqzq
bo1Olj7AH+GLL7Zuhi/+p/kFB8lcmEkml1yqc4TSQTWdzIXxGEE+RgTJL776YbO+eIriw2q3
vR6Yl8bgItoud7er7f314Pv3i1f+4OJwDLe34Xq3ja4HH6PD4Ksvf/ubL55fbx83N1EMN17A
O7aH18/75fXg4Xjcv766Oiwfok14uNyslvHusLs7Xi53m6vd3d1qGV097+LbK8swDfyvfbxb
RocDvGcabp/CwyB53YZ9224fbeFbd7t4Ex4Pl7v4/moTxh8e96/g7fvwuLpZrVfHj/Buw0tf
s7sePMbb10mFXmUVQo+8JhVKftInYkYKznfJk7Pd8nETbY/4i1dxtIY67LaHh9U+F6Pu20DE
h7RKTyIhnjbr9L7nvekw38tEVmmDWRw+Q1PkL2RexwHjljy0WRMcUPvmrVp+o2mIhElaBL0i
q4NKFYrfTGuyCVfb7DX1oKHBBZNoot9fx7vHfVad/arZ295sP2TvQpapUTPDw5ZHi3bQegFj
uu8ewn00uNgsX7+53+7i8GYNNXo2nQukkYMvobcIbw7HOFwev33cXBT+enN7PTDwLdvD6hbK
nsI1XCH/mYMr9PDmcX1cvY2eovX7j/sovQf1GesIXya3HTf7dVqYvMAgJesnVLCCn/Rj0KnF
x/Tm5DPQoy022cWbx/U6OpLn9++OH9fZhz/cfyCFyXPw2vfRD9mDn37+b/bVPy7Tb6yju/Rl
38VIqCNAkvym90AFBvDv/Q6aw3Mc9Jar/MbVFsGD3kNK4Y+HcHsPKFwPbA9LCnfvydvj5Gex
2x4PcGd4WK5A49593NzsoL+ARwPAu3BhtYUX30Z3IaCdfBq/BV4KEuKqUK0obVSzqlEtgs6L
NOp69xzFb6PjMYpJLZiWDW+WSQVLzTo0f08egev1mzVvqLT96WZFpYJmrdkSVlVL2C/YErfR
crUJ1xWtEIEp8K3r820Gu6oZsKG/UC8nNwjUFL82iyBjEmfAcXtrEXF0t14dkiGk1DX9ZWj+
9TPtm9wqo/BELYHHjjUiBOQueuQfzwJ/7vh+Bgh0qHojv7hreohCND2q6p2yz9YfIxwb21vF
0I9K6TEivxsP/ekYgQftTHQyGMtJj5LoVb3B5TAvqS+9O8JNXyE9KqWlz+8WSE8GwJakTwbN
kgkOTZD+cpgX1gdgZKVcjkcRUCkNQH63AAAy9LQEQDJcVQBwOczL62Pge/gtFUqASmkM8rsF
GJA+vyUMknGiGoPLYX5LfRhMw8D9WAUOuJgGgrpfgATpczWREIp6OUy6a7irgbSmK+r4TFRc
kDa/XyCth0eYlqW9HI5a6OhNayzq63BxQeD8foHAo44EvhzmY2qDRnYcUfdmouKCzPn9Apn9
7mS+HI7baGrXF/VoJiouiJ3fXxAbegKdSThRfg7RTZryRSbhApLxK2W5xCQLzWBPHcueJISJ
3wwilhssbGdmzoNMNUF5WmO5f+g3xX1+XfZuPWDfVRQejsFhFSJMwE4KzqvW6XCCUc54aRcg
ZoNZ09TvLHN2y6OCEi5cBZPAxVdEqQXanKCU02IGpR5wZhaoxFv6frWJDhffRs8Xf9ptQggl
ZG5TTskSnLbly9h7fUP+P0VuWOLcJpqxKv/N3LEM9+WHDuAzW08514/x6kPmoU7c3rfgc2ev
bnffxbvdXenrh224f7/7OqZ88KSaT+F2dXgo3b3crXdxdg0728ndh324hNlxVkSuPpf+/hDF
29IlcHqvUPSsdPnwI4PKY3rLFkKSSR2j+BisV/fZ0zfhIVqv0uIIxRww9Okj4u6hhelSovj5
XIin+D2YK7G6T/pS5U6ihWlVglU+YarAqh9zqsaI1Zp+FeMUCWL5pKsasX5MzRqDVmsWxwUt
n7gJQevHDK8xbrUmg1zc8smfDLd+TBQbQ1drTsmFLp9AKkDXj/lmDfQ0p6YE3sKcyHEXrj1J
0OLPiR4+3gBF+QYlBFT4/x0/8LyRn/eNMPanMyP453G/hswiw5/4U9fl9SrJg9XJACVP2CtC
QcSeLzrI65Q8uOhvMmPBM30W+Wo2ms543kO6FWRcbFaQfDEPk1kQCJsE+cu0FEp4bBU9IEsC
KM4QTESJE0QdYww80MZXICcKUqGeoEqqgQc626IE8KefftGF2C85kVQh/jNQVxTcgfStDLzi
NT18sL+ygI/bBT7/0cXHtEqJBi8FEFEXYpJEgYhKtaxA/9IGyPOLbsiXAgh7BQsa1A8LsyDU
gI0kzUB6KYCIQdEa1A8Ts9ya3XyxvyFZWsVren0QjpcWNKgfJmaNe9JJj3CXTGtQP0zMLmeD
vZSJQQ54aZTvh4nZoxfrpDW57pjNcnEWM3MWCDPw5Fx35BnBwppOs+ENGorhuv4scByUTopS
NpvFQX+nmH3XiO425aDmuCbHYnLhSkR0aCllgNLCS4goqBF8A7UL/GRtx7BGc9JEIuK7xk7o
skD2ZaY5eZAiXt0/HMn1ZEJCSySjjnyRWJ63qClSIXhYlsfhycNkXhfEkRA9vjgMK+tO51xt
nZNRM75IDI/qTOk8XiOJlU5GpvgiscynE6Ub8eQRKp2M+vDFYXhKd0rnayudjKzwRWKYRWdK
N+Y1kljpZPQiFQl+dVIyTM5ql2DiuA5MqHAnzXd8iZIB5qbt2G6QB5uyoYR8q9mgD8Fszigh
VPAyc81XPVS4uLTH/BpcZnV4e7/mDoMod7NvItYKvotFVAy108OjJNuU9VVqNmStSKtUSsW4
6ikFrcW+VQRVDIrSsppGad6ELwhd0JrNWivEqSitYkDztALzAgmkRynGEQrsVV1gxWBkQWZZ
ImVj260VWtSSWTGQeFqxa4UFdcVWDAIWJPdLHlkTXWhm1brUhrPmcxLAcvzxhBgDn9rI/RyT
+dhw3ak4pjcdBcbMh8Afww2Swb1oioKIk3ZIz3RH2KmqvR6XE5lLY3psNhmwuuqAnmYPfZLI
3U6XVFnWuB6O091jvIpilKuH/AoJTOWreo5zxg1jdOH2/PmfuiDZhlkPpGIUoXlkgXXqEK1q
N3intpqe7gntkV0PoCar44suPMZB1EVgXNu8HMetB0zZkIjulK/qmRfjcOqJeblmzb68bfNi
3Vf9MC/Xr9lJt2dejCusF+bleTU75rIhtWFejGutJ+Y1smt2zs3NS5fNcvbNmCygCzWTTOXa
bNae+TOfLPIuDhs4pYLE6l1IphovLFW/Ac1mizmIb2HXgAneyyb3cdFpiJ/+9m8VBpIuQIFf
IFgkmZ7arsY0hPvV4GJEzLJ0EdncpIUNa4rYks4Th/knMFOwrGBeMwRFY12KQCnmqsnAhCkT
ahNQ2PROmt+YqLgOmM1NqAgpxZAn3txZ+EYnkCqlt6VAVemnJ4YUFfcBUopTz2bjqeeOCMjt
cuqflBLiJJCCFoq0FBf3AVKKi9t2MDeNeSda+ksLvaiVBIEqDB8X9wFSirvPrbnvTUcE5Ja1
tA3Dt3IvWKrPdF+Ki/sAKcX2TWsxHZtjwuBahrQNw7fFwxMu7gOk1CxhHhiBM550oqVtGD4E
SEV9KS7uA6TUrGLhja2pZQddkKg2DB+6UhGkuPhlINWdh3A2jpva/sieNZyHmN7MCKyxOHvw
vFKGs64b6Y2et4uafRjnlTIKOY+duCt+UupYaH4gS3dko6jJxLXtuRY1MUgUqAtvoNrEoACQ
JIHyZABRNL9XFiZLxzwZQBRpTwAiV1pmmNomJkvuPBlAFAXvlYnJ0kVPBhBFqHtlYrLk05MB
RNHjXpmYLJW1Q4B0yS5xeNPLwi0jcM0p7COPczdrO91nkIniECd10YtJOd0zrWZSSJLtXpVT
SBQdwfRIipZ3FSYkiuvC22YaZ6oKOivYPIzyevfKyM9U9XogzEo3z1RVDNCZqko06ExVZQCd
F3WLTexMVSUa9BlRVfbsAss1Z6NxkOzKyqeq+GrF3kWET5iLLJQIfDBdz61GSQsLDErJCTUW
cjkW9hHkaRvwN5VSDkQJvoFqBj9ZXVX3/JHUFfbTz3DIVycLR3jXw1PUrLrob2l1a620YqHF
2/9r13hk4NXqWY3R39Ia11o1VVXjof6iab+URor+llZaNZNJrhVDGxZ4wbonbbDHY8zdM7DR
39J611rLJAAb6j3kLoEWarYJSzwLs0N8QVp5zmII7kxWA3So/FB/ybNplQ7uwBek9a+1xkgK
PtR/6Gtrj+mY2L+TqQ++IBWh1nohRRGG3GXNYkVy3WKPY6ILHCl0HTdE1QqOm8AyRzPICYO3
Vx1vJV/7Mx4vYH3zJHkLAJONM5TjxvHc6dgPpuzaH211P+9xgpsLgFYcdM97nBCKxkboOtlu
Qn+4lvk9+CyOiad1t93EeY8TOHlT5lvgtxIbs+pE6fQHfFnQii8OE2HqTunOe5yA0slm22kr
wa/WHifsgSe2sRiPRsGsGRlYOOPAdc18JQOPDIws05nZXqBIBkTp/GprI9qI4ugsjoLte+nz
F8LHI14KCI0kCFucwzpifM5hHcmhOSy/OWcgFfxeDGPqYlVijcDyOawj8TnLqFeH6RFFzynL
5vphYjIydzKAGH7YExM7h3UkJiYjmh1qkC53ZQ+msN3JwrSs5OQYflhH7siawZETjjnFixKK
Zk85spKMklohlOK6X7Lm91vCtxl/otIGj+mCqYo1lSNbdDgtKgV2nnlLYYdD2s3INngLGfVq
MTL5Pr9KvmEJOrDHGvGqpvfRs4TSBmyl/RFBY6HBymE1HkFVE1jo3efuAcy4kFMhKlTBMuFA
iWpxcTGtDEoC8whnCwKrOdBkAvvC9rVQsbbAPALZgsBqgTKJwLor1JRamJeS3oLAauE1icAO
rGMUqDQu1m5hHsFrQWA195xEYBfGHoHAuFhbYB5ha0FgteidTGDYPl8kMCrWFpiXAt6CwGqB
PonAniPstHCxgsC6hIo9/cAOjDHsAzNB6NePDC5s37enlnj94nzuOZafbLrcdCPkT//7O6my
ODomaYb8HI/0RpoaaKeB1+dNzhz2QnBmqpkZIkep2sKxVF74BT1jNpFBkcRqEiGJM7KEsqOV
eBQPsycjf4GMSs3CRQCq7QMoARCngFcj2McM8TEcThJMFlPU0x71l6IJqW0rTA9HTwWYSpLK
+VyeYnrOzILt32EVdj0ApJMZteCqRLGwC7EaBJmHkQ8Cxf7skeXMTdjBvgEIgnNOuISQ3f1f
BgI60ksAguTELz4IFCNcTAJjYpMko7ZNoRWGiN2AAgAkyd98ACiGCIcYTH17EjTRgrfR8RjF
2ShN73Q2VAv5SrQAu/qqQZB5AvkgUKxxARvquBOb6IV+h4j7A4EpcImktilgd54ABMnJXCkI
8KsTVgbzQwMtnWPmBH7gzBc4g60+kwStC2bBTJxjlrjmVJNvRYO9/omm2qywI/JzjiKDzgqi
7BQ5TPSlH4vs+0j9Ml93vUFfaGBK+1zR0y5ZktzJphcUNcx6nA4A+iUbIhXTPGUc72QAUbSx
VyZ2jiJLYoDnKLIEIBl3PJmJUXS0Vyb2+USRLfYoFCeYTeHIVxwzrU9VISoRWAtX7PTMRlZ9
v1QxiBy8/X6C946ev8vGC3pK9ennf2TXBeOIZEqFo2XVswlZME1uFheYliWngmT7ZSRXyxu5
lbIrYRtBdF4WVA9Oz/0RRmLstjTxWTRiLsjjyvoNUgrdKx36IMG7YSyvEm+lfeyXsJ9e+cZy
E4hxPQ3HbsUh2zCIWIl0psPIVVLWa3xND1JeqL190ql2lItEeRuGKSsh1UnAFuvnSRh8G/2A
2ywAWgll2by551k07wdOMxFopR9oGHmtRLrtfoDyRmccoqf9ABxNKvLG42LUOaYnTpQSUioh
ba8foDzbCZikm9V36gpcHW30A6OxMLCBi+tAeaJ+4DSzlVb6Ad8Th7hRcR2km/cDMKRpueLZ
w3E8ZzR1bC85pLFulux5uff1gJk4dLcK0lJKBKYdpZI0DNAjldzVzg5656azsvEtWiKZb5wv
EkuZFzXjli3kMBTEaZqRQAar7nROLSOBFknme+a3EMMPO1M6xfyCgkhNswUSStGJ0qllCxTE
aRr771rp1GL/tEgybyxf6Rgy0pnSKUbyCyJ1FJdnT6jwPG/uOpOGcXljajv+dJR432BcAW6U
7ocG/yQn5Z1PqDifUAG+2Xix2x4PoBUdZT6cxut4PqFifT0QTHc/qSUa053eObIvCTvK2FWl
q6T5rLO4DpIhbD05BOYc2ZdpkIT9nUyDTuJyq7EFg4xLngwghp72xMQ+o8g+e0LFyPMDzxk3
JLsLbzodG3BGIQ41V5FdYw7nQsNxm2qBZJFr4bzRYQq0IHOBJhJnz9d5o0OYX5D8D2KlxfNg
WlqLQ+ucjJvxnRAMkerMCXH2fMmyGvktxBCV7tytZ89Xo40OwcTB6OH/b25RZAaNu1Sg7M1t
2iOkO83DneiewmMkWMZ9DNqdZL7xniN+Ne5zeAtE0C3eY4QdcB+D1WXVnyNbnXOfS9PdeJ8j
Oz9zH0tPC+A9RvaI5D6WBvZ5j5HtebiP2QLZyCJ07mPpvjS8ryULx7nPpZvec58TaArZvrKi
7aCwUsUgqbS68UyBspiidoCT1Sq/aAq/KNAXkTVA7mT1B0VNbwpUBsoE2AiUJsvk5DajQG0s
kQkmS9W4emOJFC5JHOY+KOoqoDbVoIoMwxLojaizACkqPwjvrG4MOEKk8kFyyl+FaVgCvckS
WPJWfHP7TbgMjtN1FG4f92k3TX/hJopX2/sv/y8AAAAA//8DAFBLAwQUAAYACAAAACEAm3P8
h4UBAAByBAAAEwAIAWRvY1Byb3BzL2N1c3RvbS54bWwgogQBKKAAAQAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0lElu2zAUhvcFcgeC6yik5DgeIDlIZGfXOgic
bAuGepaIcBBIyq5QFOgdesOcJHScQVp000I7Dg//9/GBZHr5Q0m0A+uE0RmOzyhGoLkphC4z
fL+5iaYYOc90waTRkOEWHL5cnHxJb62pwXoBDoUI7TJceV/PCXG8AsXcWdjWYWdrrGI+TG1J
zHYrOCwNbxRoTxJKLwhvnDcqqj/i8DFvvvP/GlkYfrBzD5u2DrqL9C28RVvlRZHhn8txvlyO
6ThKVrM8iml8Hc1Gs0lEp5Qm10l+M7ta/cKoPhQnGGmmwtGDt25UiNv5uaz3zttFvv6K4hF6
/v0H5eg8mb6OVin5rEjJO/w/NUYdjYJ56HmsuTePYFFC49Eg9PMO3VjJdNnjr3QphauQ0bJF
aytKoZmco7flQYzGHaNH2UAt9FPPKZ6QgZpx0UEX4HwPO8hhJx0ia3xlbI+ZV6HfaAMSuFGn
gxiEb+D4Cr5/g/0d7ATs85bL/jX8G5kcnuPxs1i8AAAA//8DAFBLAwQUAAYACAAAACEAdD85
esIAAAAoAQAAHgAIAWN1c3RvbVhtbC9fcmVscy9pdGVtMS54bWwucmVscyCiBAEooAABAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAITPwYoCMQwG4LvgO5Tcnc54
EJHpeFkWvIm44LV0MjPFaVOaKPr2Fk8rLOwxCfn+pN0/wqzumNlTNNBUNSiMjnofRwM/5+/V
FhSLjb2dKaKBJzLsu+WiPeFspSzx5BOrokQ2MImkndbsJgyWK0oYy2SgHKyUMo86WXe1I+p1
XW90/m1A92GqQ28gH/oG1PmZSvL/Ng2Dd/hF7hYwyh8R2t1YKFzCfMyUuMg2jygGvGB4t5qq
3Au6a/XHf90LAAD//wMAUEsDBBQABgAIAAAAIQDnhzjW4QAAAFUBAAAYACgAY3VzdG9tWG1s
L2l0ZW1Qcm9wczEueG1sIKIkACigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AJyQwWrDMAyG74O9Q9DdtZM0aVfilFJT6HVssKvrKIkhtoPtjI2xd5/DTt1xJ/FJSN+PmuOH
mbJ39EE7yyHfMMjQKtdpO3B4fbmQPWQhStvJyVnkYB0c28eHpguHTkYZovN4jWiy1NCpXgWH
LyHKfcHOBSmf6pxsT9WFnOqdINuqFCwv63NV7L4hS2qbzgQOY4zzgdKgRjQybNyMNg17542M
Cf1AXd9rhcKpxaCNtGCspmpJevNmJmjXPL/bz9iHe1yjLV7/13LTt0m7wct5/ATaNvSPauW7
V7Q/AAAA//8DAFBLAwQUAAYACAAAACEAKHFOjcwEAAAqFwAAEgAAAHdvcmQvZm9udFRhYmxl
LnhtbNRYTY/jRBC9I/EfLN93YjuZxIk2EyWZzYrDLBIJ4txxOklr3e7IbU82NyRurAQHQCA+
TpxBCK7L/BrYC6D8Baradj7bmzg72YVuTZIpu8vdz69eVffD1jPuG7c0lEwETdO+sEyDBp4Y
sWDSND8c9B64piEjEoyILwLaNBdUmq2rd995OG+MRRBJA8YHssG9pjmNolmjVJLelHIiL8SM
BnBxLEJOIvg3nJQ4CZ/Gswee4DMSsSHzWbQoOZZVNVM34TFexHjMPHotvJjTIFLjSyH1waMI
5JTNZOZtfoy3uQhHs1B4VEpYM/cTf5ywYOXGruw54swLhRTj6AIWU0pmVEJXMNy21C/umwb3
Gu9NAhGSoQ/Yze2KeZUCZ8wbAeFg7C/4UPjKPiOBkNSGS7fEb5rWJXTbQoc1qwrfl1bNLKED
b0pCSaPVjU5iHhPO/EVmDQUnQXJhxiJvmtlvSchwPsklySZwIZZDCx6YNjOx2MCHbYuzd095
2+IpP+7GKLCAn5VnmH4pYc4eEAPGqTSe0LnxgZo53rCLiAMoVK0yIFGBPwd+VfSIWPeDyCOY
uNPu9daIdMFScyt2alkjUk8tWkTU+u3Ez/GI9Bnvx4GiBvGjJ0CX7B3++fPzP37/In25O6xB
vlThgWX4TrsWI7eqw4jEkUj9FiJNeQ2R47o9XPAuRDaEuaJaHkQVGKSAPR6ijyBmUatkTgDh
PLaaFgpLG0CnQpEt/A3HT1fEIaMhRpAWDAdUpGzVIWpQSRyIoCKxw8WIhjo5GbNndJSguqkl
uZGTEeWskbOiheFoscD1J8oKmpr0AsT4vynrTd+4YYE3FTopWb74afniN+PlN5+9/P6HNPL3
FAVVtw6MQea4uarralX3FOZYzqbmVtvdWu+619kTFOeAoEBpUVfafbyg3BB/EgfGYxFNmafl
jmN1AIUyYIENP/Vx5NoJmttZWc6ZlCnMxwlsXT2mvZGDrPp1rdY9AQ9MzAUFdicrGx3hj3Q0
2rkvn0hInxoA+CbSNyJXbru1lCabhUiSidYilIl2Xm4CT0XTdxvqLH1hhxSqqnBCMcaupxDk
UFXvvS6F3q4Yt5Z33y7vvm61lj/+urz7VMeetUKp9e6Wffged1oCzE4hrBegdR4PRDQIYzpY
zGjynOMiMH10VvMhjVzgMLQ9RcoseTRSooGjjlekAZlCPZwrRcijpCBGeT4zj2A/4DzalGYs
h6vW5Z40O4fKYahMi8ZTh8A+dKKjz1+/fPnPJ1/laU5ZlcOgfFnXc0cr10dyJ6cI0hCnnkym
MHHUnqoYca5FFHMtXJ8///u7j/PgQmnCdgpcm7n+lcH2nwTscewz3p3SV8QaJuPXBWZrN54D
RAffAOw8U56A5FRzkn75kOQAc4oWQR0hnsLhgfG+PzL60QLOCvSb8UugCm7Ek2xeTH1OLKKd
+8rmRTHpEp8NQ5aDRE/VMyqTq9LwzDqs2LGpw7h1bndXlnVdkyWtvIQEdC6OBAcg8jIS8iHJ
R3hQc25OYGWzvVlAJKyKBolDcXICEoOQDmM47oyMm34OMVBNEYasn5cYuHbrrYXIYG50aWDc
DBQWO7XZfdWyaolwBrdWxtSSvd819zNLPvdhe3Agp6anlfLqXwAAAP//AwBQSwMEFAAGAAgA
AAAhADeEopclAgAA4QMAABEACAFkb2NQcm9wcy9jb3JlLnhtbCCiBAEooAABAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJyTTW7bMBCF9wV6h4HWkUlKcWMItgLE
qYsCDRI0CvqzCWhyYhORSJWk/3a5Q2/Yk5SUbdUNuupO1Dx9fPNmNL7cNjWs0Tpl9CRhA5oA
amGk0otJ8lDN0lECznMteW00TpIduuSyfPtmLNpCGIt31rRovUIHgaRdIdpJsvS+LQhxYokN
d4Og0KH4ZGzDfTjaBWm5eOYLJBml70iDnkvuOYnAtO2JyQEpRY9sV7buAFIQrLFB7R1hA0b+
aD3axv3zg65yomyU37Whp4PdU7YU+2Kv3jrVCzebzWCTdzaCf0a+3ny671pNlY5ZCUzKsRSF
V77GMiZkHK+Bz83Kg18iWKy5D4G7pWphjn6DqEHUZiVBmKZd+ZA+hMxhrhYQkwGl4dvgSi3i
IbX4w7sx6W+IdwmL3BtbTpdKc6hCNoF01omOpTiyZ9xtjJWuZBeE5WNy+ipiJDphVRvNldPb
G2A5/Hr5CVM4z0bd03uAmbEFPG4ppfLx2ohVHEJ0iQXcCm/maCGjLD8o7vkaQyM7+Fg9DFkY
94hdAPfAzovhqKBDMBqynDAadiE6emUimq658zdhJZ8Uyqtd+RkXXJ/BBz63Cusauy5eaeJn
FtcqrnWZdYr+eETeWaU9yjLMcJTSYZqNKjrsTNHvPfMoCuF067MPOnQUFqLYr8+x8iWfXlez
JPBYnjKaZnnFsp53VHXTCLf2wObQ2X8Tj4CyM/33T1n+BgAA//8DAFBLAwQUAAYACAAAACEA
qchcqowAAADaAAAAEwAoAGN1c3RvbVhtbC9pdGVtMS54bWwgoiQAKKAgAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAskmyCs4vLUpOLVYITs1JTS5JTQkuqcxJtVWKcQxw1IsI
9lFSAAv4JeYCBYFiSgoVuTl5xVZJtkoZJSUFVvr6xckZqbmJxXr5Bal5QLm0/KLcxBIgtyhd
Pz8tLTM51SU/uTQ3Na9E38jAwEw/KTMpJzM/vSixIKMSahhVjLKz0Yd7xo6XCwAAAP//AwBQ
SwMEFAAGAAgAAAAhAAKR+ha7AQAAEgUAABQAAAB3b3JkL3dlYlNldHRpbmdzLnhtbOxUS2/b
MAy+D9h/MHRPJHlt2hh1CgRFhwHdA1u3ayHLciJUEgVJiZf++jFy06VrCyT3ncznZ5IfxYvL
39YUaxWiBlcTPmakUE5Cq92iJj9vr0fnpIhJuFYYcKomGxXJ5ez9u4u+6lXzQ6WEkbFAFBcr
K2uyTMlXlEa5VFbEMXjl0NlBsCKhGhbUinC/8iMJ1oukG2102tCSsQl5hAmHoEDXaamuQK6s
cinn06AMIoKLS+3jDq0/BK2H0PoAUsWI/Vgz4Fmh3RMMP3kBZLUMEKFLY2yGDhXRLRSmc5Yl
a0hhZfVp4SCIxuAEe35CZji+Vq/j47foK93i9MuST3jJptnfQLu50mv0rYVBJ6HbaBzejerS
zsqerN/1YvmK+Rb8y9g5pAT2HzvWM2/D9h/pb45D0gkGxoea4Gqg4IXEJrIswQByJVYJhjLM
XmXHZTbPKjouN+x3fkwqzSTkpgfxOR0lLz+wMzadssP54KdvMLLv+M/J20v0CieDKb+V3Wna
re59vJN3pxPGR3x6fjYsIfikrX5Q1xDmAfqoQn44eBs2X92vzzdZE8ZA/+3LR1QQfu+Szf4A
AAD//wMAUEsDBBQABgAIAAAAIQA8QG0DxgcAAGE9AAAaAAAAd29yZC9zdHlsZXNXaXRoRWZm
ZWN0cy54bWy0m1FzmzgQx99v5r4Dw3vi2Enja6ZuJ03aa2baXlonc88yyEETQBzgOOmnv5UE
MgEDu4Y+NcZof7va1X+VVHr34TkKnSeeZkLGC3d6fOI6PPakL+KHhXt/9/noL9fJchb7LJQx
X7gvPHM/vP/zj3fbiyx/CXnmgIE4u9gm3sIN8jy5mEwyL+ARy44j4aUyk+v82JPRRK7XwuOT
rUz9yexkeqJ/SlLp8SwD2hWLn1jmFuaipjWZ8BhYa5lGLM+OZfowiVj6uEmOwHrCcrESochf
wPbJeWlGLtxNGl8UDh1Zh9SQC+NQ8U85Im1EsYdrRl5LbxPxONfEScpD8EHGWSCSXRiHWoMQ
g9Klp64gnqKwfG+bTM8aPBsyJgfXKdtCKnYGG+b2TIZvBkWhmQeV311W6xanJ13BFBlRJqwP
GBdeM0tPIiZia+awqalOLqyHIfX9dyo3iXUnEcOs3cSP1pZalgTPTs71yquGlpEMNJbuMmAJ
d53Iu7h5iGXKViF4tJ2eOaoi3fcgFb70rvmabcI8Ux/T27T4WHzS/3yWcZ452wuWeULcgYSA
lUiAwS+XcSZc+IazLL/MBKt++al4pr4P1IvVL+1IL8srBj8KX7gTBc1+wbAnFi7c2ax8cqWc
ePUsZPFD+YzHR/fLqjML91dwdPVdPVqB3YXL0qPlpTI20ZGW/1YiTl7FD5+0KwnzYPGBGbbO
OegQCJkyGgqV4NkcRM18+LlR88s2uSwg2gDAqmbhY23SQZ5ArJZGtOFbvv4qvUfuL3P4YuFq
Fjy8v7lNhUxBSRfu27eKCQ+XPBJfhO9z1SOKZ/dxIHz+b8Dj+4z7u+c/PmuFLix6chPn4P75
XBdCmPmfnj2eKKUE0zFTSf6uBoCMQToqHO3QRuy8MQ9qVP3wvxI5NTncSwk4U13N0f53gnTU
m8GgmYqoGoC2S/L1dLiJs+Em3gw3oYt32FzMh3sBe5mhGTG1UalKfFJz6Zniq87D6duOklUj
GlXUO6JRNL0jGjXSO6JREr0jGhXQO6KR8N4Rjfz2jmiks3OEx7Rw1avoVM8GamHfiTyEVtmj
dNOBUle0GueWpewhZUngqN5ad7tLLJebVY5zVcvp4WK5zFOpdpw9MwLdWS3dgzX5U5QELBOw
Me8DDZz6O7X7cf5OBexge1BvTPE1YtIbk70t7DZkHg9k6PPUuePPJqOE8d+lszS7jF7nBqb1
q3gIcgc2hqrl9sLOWya9fSaM/a8i03PQ2c3PW0LpM47K4XlLXbYb/8Z9sYnKqUHsRs6NnhPS
XENoF7un6EylqLm6eqNQCcCEYNoFPQRtH+G/aS50+yrHGP9NKzrQPsJ/07gOtK/rozu/ZKW5
hr+sOKjlNSev3SsZynS9Ccs10CsPc/IKtghcCORFbO2jRGJOXsGv5NO59Dz4zQ1Tp+Rc7HSU
QCGnw1D0YsPHQk5KTfamhIjICaqxZgTWMK0lgMii+5M/CfV3YGoz0Cpt95q9y/m0ZQagBaH2
0D82Mu/fQ89aNA9LuYnhzyUZd3C005aVh6UV9WT6HSHHwxofATSsAxJAw1ohAdRSH+17HtsT
8ZDhzZHAIsuy7WK67NDKPCcrswXRWsBIfROx/2pZve210OybCAo5Qc2+iaCQs1PrZbZvIlij
9U0Eq6VrtOeoqqmUoMh9swqyOwFEROOINwI0jngjQOOINwI0XLz7IeOJN4JF1garqVXxRoD0
K5Rf9S2oKt4IEFkbjNoVfzMq+5620v3L7QjijaCQE9QUbwSFnJ028Uaw9CuUSqixrNQhWOOI
NwI0jngjQOOINwI0jngjQOOINwI0XLz7IeOJN4JF1garqVXxRoDI8mBBVfFGgPQrFG3YK956
1f928UZQyAlqijeCQs5OTVDtJhXBIieoxrLijWDpVyjFULB0cVOCGke8ERGNI94I0DjijQCN
I94I0HDx7oeMJ94IFlkbrKZWxRsBIsuDBVXFGwEia8Ne8daL8beLN4JCTlBTvBEUcnZqgmp1
DsEiJ6jGsuKNYOl6GSzeCJB+5VAQJaJxxBsR0TjijQCNI94I0HDx7oeMJ94IFlkbrKZWxRsB
IsuDBVXFGwEia8Ne8dZr5LeLN4JCTlBTvBEUcnZqgmrFG8EiJ6jGslKHYI0j3giQLszB4o0A
6VcOAOlVREnTOOKNiGgc8UaAhot3P2Q88UawyNpgNbUq3ggQWR4sqCreCBBZG9Q5Wzgvij6e
Om0pAuw5g/JUAxo4a0kSFlgE+JOveQoXC3n/6ZCBwDJCArGlPLAhfpTy0cEd7D5tKRA0SqxC
IfWR7hd9SqdyEeF03nGT4O6fK+eLuQDTGKdL6vXJG7g9VL0upK8nqYtD4Gf+ksCVnaQ8Wa6s
wQUhdbWruAKkr4XewIWg4lqPGqzu+cCL+lJV8Vj/v21BhZ+BqAc2UV4ALA9uRHWgigPv9gyS
Pu5eB7eciteO7K5klG4Wp+N3eyjz3qszmp1+5+okeIfP+qR45xw5+hWT1aaDcDlLu9TnIaRs
FZorZvDDTexDhNvidpZJpv/MjCn4/oqH4TemL6TlMml/NeTr3Hw7PdEdsGZqJfNcRu3jU31A
XHuyzwCUQ9UZ81EF0V4n8SZa8bQ4bt5akqpz6Jtor0vSnHVtKQXsTO98K3/K3v8PAAD//wMA
UEsDBBQABgAIAAAAIQAe/ETuSQIAAHkEAAAQAAgBZG9jUHJvcHMvYXBwLnhtbCCiBAEooAAB
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJyUTW8aMRCG75X6H6w9
tQdYvpK2kXHUQqsgNUpUlkQ9Dt4BrHpt1zYo5Nd3vAtkaXrqnuZrx49n3l1+/VRptkMflDXj
rN/tZQyNtKUy63G2KL51PmYsRDAlaGtwnO0xZNfi7Rt+761DHxUGRi1MGGebGN1Vnge5wQpC
l9KGMivrK4jk+nVuVyslcWrltkIT80Gvd5njU0RTYtlxp4ZZ0/FqF/+3aWll4gsPxd4RsOAF
Vk5DRDGL2/gFgpKdY6hb2sjzo0elNoIuVIWiR+GTw+9hjUEMeN4Y/NH6MoiL4SXPG5NPNuBB
RhqmGPZGVNkK8M/OaSUh0pzFrZLeBruK7K6eCEsNeN4u4TSlOcqtV3GfQNou/64MoVx+4nlj
EZuHtQe3oZP7ifDk8rkEjRMahliBDsjzlwC/QUiLvgdFyHwXr3Yoo/UsqGda9SBjSwiYRjjO
duAVmEijTGWNU9vahehFoaKm3pRr/Npsl7VtNRIESbVknBemYMNAiXO6+oRwt6K7xX/A9tuw
NUOD2uAkMdgAmkXLSgzSqyUy60mpBF/vhHlM+iiZBAdLpVWtbGXYz+5E223Zmc+mXzs/8Per
S9YjI9y/AG/BkGC8mBWLTsHzo8sntnJg9mJmSCimPpu4CtQobVVtzUEjbGFIKewdvf6ehHR4
KW3+V1i4wk6TmA8bPQ+2ZPio4mbuQJJYhhejD21BtlJ8TrrFkhR2bPgS4De0fa/TqSRms8by
WPM6kST+0PxJRH/U7dFTa/oYI12ePnHxBwAA//8DAFBLAQItABQABgAIAAAAIQDd3cGB7QEA
AE4JAAATAAAAAAAAAAAAAAAAAAAAAABbQ29udGVudF9UeXBlc10ueG1sUEsBAi0AFAAGAAgA
AAAhAJlVfgUEAQAA4QIAAAsAAAAAAAAAAAAAAAAAJgQAAF9yZWxzLy5yZWxzUEsBAi0AFAAG
AAgAAAAhAAspwUGYAQAAXAcAABwAAAAAAAAAAAAAAAAAWwcAAHdvcmQvX3JlbHMvZG9jdW1l
bnQueG1sLnJlbHNQSwECLQAUAAYACAAAACEApKH7poAZAABCoQAAEQAAAAAAAAAAAAAAAAA1
CgAAd29yZC9kb2N1bWVudC54bWxQSwECLQAUAAYACAAAACEAEdbbUeEKAAAqZQAAEAAAAAAA
AAAAAAAAAADkIwAAd29yZC9mb290ZXIxLnhtbFBLAQItABQABgAIAAAAIQAMAZ/olAIAAOwI
AAAQAAAAAAAAAAAAAAAAAPMuAAB3b3JkL2hlYWRlcjEueG1sUEsBAi0AFAAGAAgAAAAhALnO
3afEAQAAlAUAABEAAAAAAAAAAAAAAAAAtTEAAHdvcmQvZW5kbm90ZXMueG1sUEsBAi0AFAAG
AAgAAAAhAMxdVPDDAQAAmgUAABIAAAAAAAAAAAAAAAAAqDMAAHdvcmQvZm9vdG5vdGVzLnht
bFBLAQItAAoAAAAAAAAAIQDbr6KLQxcAAEMXAAAVAAAAAAAAAAAAAAAAAJs1AAB3b3JkL21l
ZGlhL2ltYWdlMS5wbmdQSwECLQAUAAYACAAAACEAxxxtFJwGAABRGwAAFQAAAAAAAAAAAAAA
AAARTQAAd29yZC90aGVtZS90aGVtZTEueG1sUEsBAi0AFAAGAAgAAAAhAMxYXuO5JwAAILoA
ABEAAAAAAAAAAAAAAAAA4FMAAHdvcmQvc2V0dGluZ3MueG1sUEsBAi0AFAAGAAgAAAAhAIMG
jxjzAAAAcwEAABwAAAAAAAAAAAAAAAAAyHsAAHdvcmQvX3JlbHMvc2V0dGluZ3MueG1sLnJl
bHNQSwECLQAUAAYACAAAACEAEuNCI+QrAACxSgEADwAAAAAAAAAAAAAAAAD1fAAAd29yZC9z
dHlsZXMueG1sUEsBAi0AFAAGAAgAAAAhAElOTI/vEwAABtMAABIAAAAAAAAAAAAAAAAABqkA
AHdvcmQvbnVtYmVyaW5nLnhtbFBLAQItABQABgAIAAAAIQCbc/yHhQEAAHIEAAATAAAAAAAA
AAAAAAAAACW9AABkb2NQcm9wcy9jdXN0b20ueG1sUEsBAi0AFAAGAAgAAAAhAHQ/OXrCAAAA
KAEAAB4AAAAAAAAAAAAAAAAA478AAGN1c3RvbVhtbC9fcmVscy9pdGVtMS54bWwucmVsc1BL
AQItABQABgAIAAAAIQDnhzjW4QAAAFUBAAAYAAAAAAAAAAAAAAAAAOnBAABjdXN0b21YbWwv
aXRlbVByb3BzMS54bWxQSwECLQAUAAYACAAAACEAKHFOjcwEAAAqFwAAEgAAAAAAAAAAAAAA
AAAowwAAd29yZC9mb250VGFibGUueG1sUEsBAi0AFAAGAAgAAAAhADeEopclAgAA4QMAABEA
AAAAAAAAAAAAAAAAJMgAAGRvY1Byb3BzL2NvcmUueG1sUEsBAi0AFAAGAAgAAAAhAKnIXKqM
AAAA2gAAABMAAAAAAAAAAAAAAAAAgMsAAGN1c3RvbVhtbC9pdGVtMS54bWxQSwECLQAUAAYA
CAAAACEAApH6FrsBAAASBQAAFAAAAAAAAAAAAAAAAABlzAAAd29yZC93ZWJTZXR0aW5ncy54
bWxQSwECLQAUAAYACAAAACEAPEBtA8YHAABhPQAAGgAAAAAAAAAAAAAAAABSzgAAd29yZC9z
dHlsZXNXaXRoRWZmZWN0cy54bWxQSwECLQAUAAYACAAAACEAHvxE7kkCAAB5BAAAEAAAAAAA
AAAAAAAAAABQ1gAAZG9jUHJvcHMvYXBwLnhtbFBLBQYAAAAAFwAXAOUFAADP2QAAAAA=
--------------030709060406040307040302
Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document;
 name="T13-SG13-C-0430!!MSW-E.docx"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="T13-SG13-C-0430!!MSW-E.docx"

UEsDBBQABgAIAAAAIQBmyZXD8AEAAM4JAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIo
oAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0lk2P0zAQhu9I/IfIV5S4uweEUNM9wHKE
lSiCq2tPGov4Q/Z0d/vvGSdt1N0NTZbQS6TEnvd9PPZkvLx5NE12DyFqZ0t2VSxYBlY6pe22
ZD/WX/IPLIsorBKNs1CyPUR2s3r7Zrnee4gZRdtYshrRf+Q8yhqMiIXzYGmkcsEIpNew5V7I
32IL/HqxeM+lswgWc0wabLX8DJXYNZjdPtLnjsTbLcs+dfOSVcm0SfHpOx+MCNDEZyHC+0ZL
gbQ2fm/VM678wFRQZDsn1trHdwT+F4c08pTp1OAQ942SGbSC7E4E/CoMkfMHFxRXTu4Mrbo4
LzPA6apKS+jjk5oPTkKMtEumKfoRI7Q98g9xyF1EZ36ZhmsEcxecj1ezcXrRpAcBNfQ5HGJo
c2F3ZgOB6Ge7v0hGL30uES1ExH0D8f8TdLoT7X9qrG+rCiTVyfjBMDFP6EVncRI77gaIlO8p
Jk+rNx87ffGgPIrwAJvvF6M4ER8FqZxD6/ASe99Lj0KAVRdiOCqPItQgFIT5f4AXNdgJj/qn
ZF3EvxOe6H89oe5eWRKT/S2uxaaBSxAcpEeTgNSygbfP+SehlTlnSa2qbTt0BQj/sOxjx07R
OfXACf2md6RePTvPkC4oCtRrvbseOdu+kxkw5+1tbPUHAAD//wMAUEsDBBQABgAIAAAAIQCZ
VX4FBAEAAOECAAALAAgCX3JlbHMvLnJlbHMgogQCKKAAAgAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAArJLPSsNAEMbvgu+wzL2ZtIqINOlFhN5E4gMMu9MkmP3D7lTbt3ctiAZq0oPHnfnm
m9987HpzsIN655h67ypYFiUodtqb3rUVvDZPi3tQScgZGrzjCo6cYFNfX61feCDJQ6nrQ1LZ
xaUKOpHwgJh0x5ZS4QO73Nn5aEnyM7YYSL9Ry7gqyzuMvz2gHnmqrakgbs0NqOYY8uZ5b7/b
9Zofvd5bdnJmBfJB2Bk2ixAzW5Q+X6Maii1LBcbr51xOSCEUGRvwPNHqcqK/r0XLQoaEUPvI
0zxfiimg5eVA8xGNFT/pfPhoMEd0ynaK5vY/afQ+ibcz8Zw030g4+pj1JwAAAP//AwBQSwME
FAAGAAgAAAAhAESG3i8CAgAAvwgAABwACAF3b3JkL19yZWxzL2RvY3VtZW50LnhtbC5yZWxz
IKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArFaxbtsw
EN0L9B8EDt1ESnLrJG1kL0mLDAWKREW60tLJIiKSAknX8d/3bFW2XNsMUHARcI/S3ePj8Z5u
56+yjX6DsUKrnKQ0IRGoUldCLXPys/gaX5PIOq4q3moFOdmAJfPZ+3e3j9Byhx/ZRnQ2wizK
5qRxrvvMmC0bkNxS3YHClVobyR2GZsk6Xr7wJbAsSabMjHOQ2VHO6KHKiXmosH6x6bDy27l1
XYsS7nS5kqDcmRIMVKW0wy1EBTdLcDkZEIo8CTtPIZ2E5FBrZGAODPo48xEIWt+6TTtWoI99
5a9Cb/+fM9gqsIN8JNIsNIvTQ0h9BILWVyu5AIOX7NAHe8hHIg0pQrmyTstf2Pj760Ap26NM
OJBeSaYh2axh8QTOoSaj6zkCvbIE1aUBXo2bo4+9SnwKqYQ9kWFAvBoE5eBwgsOhL3Yh2z29
OqToH+HGdYOD37RCvRyI/HWB9XpNhVtRgXNeVkwCbBun0iXltpu3HN0L1Acuuy8dN2gGeZFO
4qdv+EgnyTS7jou7+PlHFifJzcch+Xddoc3cv+J0VvyiGWxfP+dHUpRGW107WmrJeivaWtDV
scuxftw+C9fc1zWUbtTsJ0u+4765wOOM577ti0KiJw865ERCJTjbgSntcEhdMsZLYvwXiVor
V/BFOyKyhwYl2NFvx+wPAAAA//8DAFBLAwQUAAYACAAAACEAd69Xja8bAAAooAAAEQAAAHdv
cmQvZG9jdW1lbnQueG1s7F1bb+NIdn4PkP9A6KkHaNuSJcuysNZCvvV643Y7bncWkyAYUFTJ
4pgiubzY7Xma/5CXBEj+3PySfOdUFcWiSFp2S7J7dhazbYki63LqXL5zqeKf/vx15ln3Iord
wD9stLabDUv4TjB2/dvDxpebs61ew4oT2x/bXuCLw8ajiBt/HvzzP/3poT8OnHQm/MRCE37c
fwidw8Y0ScL+zk7sTMXMjrdnrhMFcTBJtp1gthNMJq4jdh6CaLyz22w1+VMYBY6IY/R3bPv3
dtxQzc0WWwtC4aOvSRDN7CTeDqLbnZkd3aXhFloP7cQduZ6bPKLtZlc3Exw20sjvqwFtZQOi
R/pyQOqPfiJamEVJv/LJE0UB7nEnEh7GEPjx1A3n03hpa5jiVA/pvm4S9zNP3/cQtjoL/WVT
XmYNTiL7AUsxb3ChuRJijOVDM0/SgdZ3vqrFFlvNusmoFaEmsjEsMwSzTz2Sme36WTMvI02e
uJCIb+HvD1GQhtlwQvfbWjv377K2SDCfMbJmlyUvP7X4WQ0siO7nqR2KhjVz+ue3fhDZIw8j
emh1LOLIxgDKYhSMH+lvMvLUn6tIffib9dB/OGwcHOy2G/iYPIZ4ePzVbuyoGy7sxyBNsp8m
7lcxzn48Fp730ea2PDGhu9DW3n5JS5F7O63+fYfHlmsNI70Igjs0eG97h40m/keNTtwoTq4D
dMJfPTv/jX88Drx0BmWa/W5c8IO/HEGdqp/94N/0N8xWjiEjzIfIHRMJbvEXbciptTqtfTl5
4zJ0XsnVdrtbdrnTK7vaau22Stvo7NFlOTg9piTCcGA1xtdEmr1O9/iI58uXrqBDs4u8iJGc
lGP7yecQSlq1py4nDt/kqJk7iiN4quimwBH3H0V0K3Cd1yUSME9Rokeo2giXHZ2+70RM7NRL
cuNWv1zlLtEoR+AJsjqfqVfc42ZLac/Atz/dBM7u/kGzu9/tdSQ1y55oESv5+SdarWZPr2HZ
E7slT7Sau4oXyp5gaTL76HQ6bV7M8nl0Fvpodw7292ue2Ft8Yq/ZPagZFSxzfubt5l6vt9vb
262mFcvyfB7t1l6n09yHsmD9UDZzYBajjy7ARmuvXdPHwfyJTxenP12cX/5LTfstZnU5JH17
3WLnVvvcj0WUXAS3QfXwW7m1HvvpjMbmBN4ZaZ7DBv+IrxfQPPStkgqtHAOME9LJdmrefeqP
0TRxcEtJfoTv5SKsRHXE3fnBVRQEE/4c/4JnWBTbXdm8Z/u3uCYwwGHs2oeNX6Zbx5f0G3SI
akdhBkhU2Hd9z/WFNXbj5AbS1uBPR9mni+wT6RoQAzalb/vONIjOMfRmb7dzfNQivqIfxNhN
+HK3d3bcO2mS9Qn74mtCSNX5etjY32/t7YJvncfDRq/d04oT90wmwklO5Z3Q+K2D5h66A5Hx
LzTaAT82oq808ZAA8FVkMfkaluSGK9dJ0khYWPGxiB085SbpVuBJexX2ncv7D5EdTl3nLIL0
k8Kzod/nVy4C5y5WEBiUK1j1p8GXhDx+cDzFIohhHGJKmIokfn3/39prbiondmJbabQIcZ6e
QCgpiGXDpz7+r4aFTy8gh9maf3/lsoHAZVoKtXpY3iVWTz8jW7BpaHKxFoltZZeiKHiYCnsM
fCXXwGxlh74aoxp5bnjmegBJdp8+W1FfzEYCfA5mP6BltPtx5FxjWeXnJBKJM6XLEzymru/g
Jv0D9zFvlnqMQ8x89PAxGMNi2WkSgNp2/+skmtFfYHALcgKqQEKY122SnxrhQXf64RA66oMI
ZhZ9wKAxTm7cvr+I2eqDcOoW6ssPaLI8E8+3CAWSkBV+mbmJiCzPnUFgCYapMRFdocH44cR2
PfkZY/F8aBo9T/URX/EpkzVi0Px3fM4UEX3uZ/qJVBZfCflfDVUICiRFwLLX6rKqLwAWAmqf
Qxvzk3qSTQXBqbWDFawzDVTp3Lmm3mUSam2Mv/rGp9R/VROYzOD88ub0+nJ4c/7pcnhh3Zxe
nB5/+vjxy+X5MV+z8OnTJcNIpuTSVG23AUAxMIOqmyRf+Dl59DLACacfNnkkIrYCJbTtSWUr
f8nRtnwljLuJjCCa1Wpbv/36X9ax1Wk3+dNpNd2IErzK3w7JqaW/COUmSZO+l2H/b8DqENGN
rFcZFoT/Cd6R+n08thO4qUujqRw+YpxFi/m0Fug0O9CdBX6VXlxeCyh8+brejJZ7qSdGWCh4
Bscx/83JOgM7zJ55gKig9ApmuQRafKpB4voFdWEwPLpZVVejiCeXDD7fDC9Phtcn5/8u1dPn
0+ObT9dGt3K9MV3dOexhra+r71vam9SElPSMZ7bnHdvhAv3XoK4JVvXj0HYAAUI40SK6Fw0Q
5cvJj9bV6fX5pxPLoAWWoFyBGWOjpURot72Ff7rG80vKTqfLDqKh6xdlR0vjxizozw6WVsYb
SD0aqr9SagzVnpOaHB2Xe5ao+slJAhgdi6hbTVj0sj5jsC/DRtyHZFiNhvS3ZQI3UvycI4R4
kXZghRMkCRCjIjClAjzW0vEvQM3s7io+ZbUK1zeAX8WwFW3RaOaN8Tc5mvUJbamZYYiizEwQ
kQv8MkOjweGaDM33T31TZVYKUKnJAnssQ9dnKCGD+yiqtjJWhjgMPfc28xocBDAk6FySyZ9r
hF5fx51C8t14agW+91ii4zZgiF+fBp+QpnB92+tbiholhGAGkKpvjcifg7jU1RPIv4uEBJT3
WzPZatR5BYHJFBBsqSrPhajHMyESTogu7TTkEwOSMsoqjLxUhC6l7fJtccAgC+eqMKweVs4B
UUH4Z+FgPV8szuBfUyRKkJ1+F//Qr2YpUmdkkjWwSnQuhjNJxVVmPly3ta2ecTJo7RtTURg1
GezUYaTKOXYOOsuAT3bcNjJ1ZepKlBK65x/pb+aR0pheXx9U5HGLQTBtnzWnrQ+uLVBxbkmV
PoDdZlwkHVWQcRktkUsyjRM3kZB1nqbRWFWmadhJmifdcnKtciYlEq+SaNX8X6PhwAnKl/tw
/enLVRZQ+nR5c31+9IVidBRbMqTnDfIS4qm/M9uSSzSO4yCNnEI8allzwL4lGBUqeekIjGZs
Zg7u+yWWoNem6iq0YdZpFOVb+zEbkO8IqcjTiEghx4Skl+exGW6wWFcTCXEn4Ym7YJb67p3t
/GwbAgHdWto0pPfJhsvDK8WQSnn7Sw79KvDiu2eN+DuXcKzv3NNfqa8FwmyATyVSolgGECW4
1Z7AoaMQhw6hKUulbUEeSeIePKGQJJsbrSlUWYD+Ku1NNY7kHOI3KI4bMnXr1hv/KCtdp5mG
EQoorGBiOV6Qji0qcU3JFbHiNAwD1B6hDtYaubcWkhqmFigTc+JwWXqnuSuHQQqlLvNfJGcW
/O7h7n5nn8NyOcvT7LVaPbYLfDEXezBv53IqdYkcDcXyCspEZ4GfxGD0ee3IjTsTsXUpHqzr
YGb7UvFKuKbqTDgsK/ytL5/pR0y0gN4KRFYjzQVhV9grqDxobVvDEdLvtpMY5kQuSxkIVDJZ
sjIKNxrg2CTotSy2exb9e8P9s91h4+X03zTla/sDzcut7c0URUURtKyFsohghlp1iApc4KIV
zhiE0juKNuDBRe5+Ac+4jEBeNv5r8ffUjQTV2McWakYtxw5trnF3IRIk/kXVMLJjMc6UQuU8
DZZ5waSems7gncH4VTiqGue8XEafHNqP24WxrXP1nxzNkXtLpShbkfh7EhcGVg4Oq8Dn+khW
Llw/WPZtJMBtdoJaH3HvBmlsff6AygUVMrNc3/priro+ylhZPm4Fz6ZRMkUSayzuhReExNnv
LUFFai4yn49WJG7tiPaeWLgNJg8Rb+J9GEH6jno73nCybd1M3Zh/jtwRjCJEGsQKgxhiQTdi
J4a4R6mxlYaU8Uc8mS9DOvAYGkM1OWxp1p41iZB+4rHqsVPX2DyA6WEWhXWZwvGJULF4h9os
Kv5DYZYsCMWgkiBC0VRLqtai84A6v1kZz69B7UgDqRPvnDKDRmNLSQVUZ2fSjqb6okq6LaWs
Bv9hHXQKNFngVZrrIqt+bzPd+tvVrvWfxlxhxTMGYNW5KkvxpK4wFZdGEyuGBpuFZhrxGJ4O
ezLS09HF1Sr4XXp7rlha365jiwiN/oFdpaRLhfAkj+1uWydu7KTYkBf4Rb5ncuo1yDkJlc7m
rqpON3i0PcQuBA6DLQIsLUtrdh9qyUCCJT31DBmsGy+VW9iT7wK6Dr4Zpb4cLK7BnCyH1wc/
bq8Cub3e+H8wZHshHLRpMGnZjoN6IAZ+gUVbOILot1//J0YhfQJMJ8FjJCZAZIQZrSSA6yPs
CJCRt1m4I7GIGKumuAaq1yqUSv/UhLQBiDB1AYwxE2BqF//JmQOEYr7ZPHXIx0J0yLYS4Ux9
VETduo7tWeFU+AEoFPgKIyd2fEftjF3ae40Nbu+tkXDsNBZzLxE/15Gq29s96VWEe9bhO5qx
rBxrvpl1s26FLyKQG+HbmQVaspdAJBYRcedM2D6x8lhgwzoztXJAbgPby7yZOpoXojnrtj8D
bKXHkH+R0RFiv7rBbZghyo2j9QD/Dt5eQPSHsLy3YiR9SGoQFtERUjcpcRVJGBjhKGcRbmPs
YnOcFCUWI5tCr+8t7NzBVq5ijAV7WLMOtCyuHpqbRF5N1LRWS70C7BncQAMqp1x66GplyKGH
VvqAHbYQNDYEY1L+Lrn6ZbmHAso3ifdkhNS8nWmtLrH/oMCg+rNkhPrN0fq3X/8XkIWTBYiP
QFOx8FC05J72q4v31r0duSJ55EgjhWccnKVB0RKEslPe1YhYD4KQqZ+7QLkHK0QuWcZscMLB
7RTmOsF5DNjG6PqQT4QG6ICPAB3S4xQisbF9GyEgHAYCKaODRZANc5OpNuHqOBLuO3Wmcszc
1ihFoAKNWfaYnuYYKDSuiMLIRfDnt1//z5TEebDd8DBzG2N/+hAc2c6dcpLU3u6cb9OmX0p9
7fbu7llz2NAui6Gj9cWcH9NqdjrD7PZ6JlsV89S2UwlLSCrZsmntRrKorRwxTIw9rfKkk7mO
tKFECYHEj3EiZmzkEHXysP2POIMWvmBSFiJGT2TtFyHpU7Mb2CijfKTI1lJdL0arjCXNQZ2n
Oq6wWCQrgF8cok/jlAOeUHT62BgQj+6g30kqYHkAfmFpCLi5BCvGKdYFwBdJAC2askm5cdm9
ByqBaEBi1cTxObJkwuCRnsQmTkpKQSzlETpQptvWOTZ2wqIBQGMjZkppqwR4ZoQHsNIOBsNr
rNQzSTuY4Ra7WmlZJ9jhLaL3dCsr7KXoXBYBfSml1RKL8VI9r26FB0jxYXUolC2+2rMQ6EER
kRUix5NjKFCsqVaGIGNhkFl4gYDtyUm7e/I0yn6K9QakRqcp9KvW5hQ7R8BaK1+lyou5hmws
L12Jcp7fto6Y3cHmm5g8FgRgkJh2Q/ObO1Fa75GrmsvV5y0exC6CwKgV2AA9yteElbEd4hQW
RyrxqpGslhVIjbgw5lW9rVIIoDyrulntpFilIiSBOMTEE1/JjdiunWEdaHiGhRkcmzUhG5qt
ZPKqzmgFVzS/Cs4lHYvTCaB168awKlWqvMi6rtY73XyBjwZW7zcydYSWoEvNPTiFSMx6p04r
TSjDDAxiTHwVNg5mjU2tApkyBEO/Z6D1aWZdEaNUMCupfhoQWwTyg0REsAt4j6s6xnL8Gqpt
gMsGpm9U6tSYrvAfnvNDnw94QxgPoaDxFRzXI8SG7jhPngwycJNQPUJKN8V0ViZhYzBoxooP
8JkExXXJY/U8CZ45yES3FQNMSu8sEefoHbX2ztiZXSqVZi5uhQtqHnZxgZKGKxsOOx1RJJ1k
HH4hQyGud+/B0ZVFBdlv53SkFF/Ljo3LnuDCPOiR7zSGUi7o5wasYw9NOr5ZuEPU6uy9o/bB
8Lg8jpCDBCshWqXPT6xapYKqINN6R0TavV85Js4FtHA4HW+7XuT+jRGudoRIdQ/lZomNjHCQ
KRztjSjrKD1CexakCCMoy1m12s9AcetlAOudDExWpip5pJulcLkGIH+PVD7HMKc4H8JCLAuI
5J2Oov5AaQjofjrAz6IkEAVRKJSjFAUZBkYz2l2kjAYHNycpHyeH6Nu2VcD8ChFy4EGCYpsG
MlJVa3lfU46sbsWXhEKrWvGBigJrp1AFT3CAMvaoIowIf4pP7BuDinOLSWQiUCjhH30zWfp9
3Qx7b0Jb0AKriBCFzZDnpakj6ObHXNNPk5pD2nkwCddd5LV401YWuNehdITqpSe/yCMqZugi
VeZMYccdxOtg0l0H32XUjyMBIDPYMaZgO2WM633YOtSxBr3LWaI5E9BBNRT6x5TFbYCMRTYT
14fCuBdjEzgV3JbNDj47bGhLyrdeMU7dq5nUMW2ru3vW3hg2KIyWItGyyGCJkb4aXc2o2tsf
r5L+6oGuwi8zlR0jfbVAJKChxO9PIv3vHK4PhvmioqKX5dtkWTl3IWXzAfkPSoOwNpXxhOPP
V3DXldYlWwV9TcUdSKygfJxcNyRMUG8TUQX8jDKQpotd0D2bleaKTTGU8JE6n+1InfbZNCjI
V6EgBcbx4rrxvQ16onRNhAnjlQgJR8k/VMEA/pBmm8y4yRilMl6nQksSyqbfyDKuLj1HxjPf
/B/Omx8c1fFW3WKsA+SU7ePMqY/X8cFlIpnQ4hsiVbkP1rfIooZQ6VxhoiJwDKBvkRmnSlKk
RHECDwFdQtn8U/CA+qJqtPs6VL/B6FTRDOkQSjCj9An+Zd0i7J/sHuEQfa0n1j3ywTStGs3a
u0ZyW/p9XOsg1xE1D4sZb6x0incZoZzImrrjMWoU8JIgOEA+jEvq3/lYfThbkS7AkClymdWH
wz1J4abPKyXgslfNmINRNaHYNeiLciHgXEPVKNe+LgtVGFlRwdshEFjit1//G7v7wBRJpUCt
m1Tlq1cXg30FCg5YssrK7lCQ+WpMZuKonIXkaGBNSd7mhPCEqqTmQRyq5BoJ0t84DF/AFhWq
xWUtVrE+h0q3jErLd6qg5wflh8g9EQiQURkH2qS3rD1QX0mAc2FUcIl9mpKyLxVblJtxdQqy
lrTDve7J8cYiEVW+SxXb0eKfdVrDV8+jXIsYmyzYMHE0DX7hlqavsdOZcvvG+rK0AcKU146p
YB3FjyT/oKaL6y35MVr3KfZfI2xsJKPiamhDFNvwmlIgz1/cFEEzkG54tm2bKcaBYF32wPWQ
mCDHKRVDVzHD62jvojH59vrW1QXbH30gXux9X7DQ5YNcvk5yVUMsN4gUeyFpqlroV5D6ASpz
YysrQ4d1xK4TF/uBEJFWSbeq0b4OW9ZrgA3rzGLZWi53pc1XFfVord9IvIeqylk51Y11w5St
ECDGAjK1I8+MyjLE2ihRpbdMnBBCIce4LtVSm1rZ7JRzyQrNO9Ux9QJOfLWRkq17Vlrl1Uaq
TTBwKf5D+RJn3eo4frPSmVt+7Iy9S4KweqCl0da64eooSn77jpGJ42irauE50dbvPKNSrmX4
MB6qZqNoFYFQSoyY9cn5jAPpmEKknxPh44A3vNC+TtZYBHVZIWU6C0fxUFUAR9lVJjW23qlU
jMrAwD3CiUC8O5RaKTBsOd55zo6UVSGeQRAmLqWMlhrhm0Fk0kuR+6pi5MKSaTCWrquxCcl0
JUvlz0xfPFlpat7+R7ajeCLiUxuDykX3SO8ILXChEbmr05RriKoM8gYHYX1zs2q295DCILQ9
G1UseW1CBeNIx3Fuk874Im3zMA2wQStTIxKnA/UsaCnh37tR4NMREyYHF/BDt908e/3KQ6l3
qZwYUQO1+4Tr5WezAHI6T0EuTB2Kkeiij9XwOICEi/NyKqVe3+tiJV29jteuEslpJ7BEwbEF
wecNig7vMaxjpE2faoAIPr0Ts25Ib2MlBRUuyQhh7sRHmT8mixqZ3FiqT+tmUoJnzNtZn6pL
OTzzncMVswCEON4eIRsE3sfBhRRRgqYxsEodp7S73dNhRa39GrRgub6uPgBYRtDmvpvj0SEv
MkPG50gV5rY8EiLPe8OTX+HxShseefmy6VpLZaiKJYql8lw38BJ5Nm//fcpzBXG3rO52u8De
GYBZd9TNHqm9QNcoXiabG0/x0uYRTsAQCHYvuEGwnBqHGCP+gwXkBqKXwVhryyBmDq1VLf8L
+3luNyvzFrvbxRNXN8/hRzhfYkKV5IbNlCaJglp/sHacDGPXPmyUnln/Qpb73bP2wiu8tHWr
kt1VCVVOdZuou6i1n8vc335A/yZP4S01PXud7vERv3KEd67lAqHql5yXgJA2v8YVf7F0vPWT
D2ds4BsOVzts7B90pHavvKPVOlCHyFbfstdT7zyqvuWgxwcFY0a4h8dExV8TeMhXKARL2FLT
e2PxGm5HnJwWvl/K7+OfUdR9TW/5PffHfGn+xpaRQN4eL0xWr2VIEI7kd3TyoZRq7vrFtLBC
zzsyTCKJWjVBa6UafYHPsUQHODCLDIt8j1KI7c60cOgVr5Ur5ZPvi9WXAAbLKpelaFm3d7y9
bV3xmfW2GaB4q2Reli83pb1RTYJNlHROP94BUIXLXsN3Lb6PgM515R0CFICoDD1Ue/YcbkOK
1sWLDNR0uQsOcWanwo4F3leAw0UR1aR+FgIBZuZWM9niYd7VLyokTTA/Tw8ZCaw0vf5AnfG9
2FS76gllDRafYO1d1kflSxLVOxIXm1K2wjx5vCaEo9k2Z+n2j7oH84Nv2aVWXnbO+D1Txy8r
RYZ2/38BAAAA///sVt9vmzAQ/lcsv6eFwEgWjUjtfmkPmxDZnieDD+IJMLNNWffX74yhS1Ql
ayWqVdPy5Jy/O5+/+/CdbIwm/QaYNldasJh+FjVo8gl6ksqaNfRy+6rfVKwpEXXDqphCs/iy
s+bLfqMSZbcN+VFXG92yHGLaKtCgboBuiYUYB7QwhSGUFjyNqecFUfT2KqCTKVHW6K19fx3R
AexCq3fzZLhdkOgieEYJsWxg1mxTqJgRstF70ZIMTA/QkLySHSe5rNvOCOSeNZxkoiScGXZ0
CWS4tXS1E5F/4nbCvYGCdZW5D08OTEPksRAz1sMmPYab0nnq+p9Q6OKIzAOJnspn5i/h1DGz
yT66CB97xbnOvlP4NTRQCHxnZHFP2BnT8F/aT/H4/vPSXv11YafwvRMKarBN9JmKW2DnwAYO
BT71oee5fv4tR9vQzXPMHZSzjt387BP3iKf7bBw7GHw9+h1Vc2prGnKTPHhuGJvJDp1sE3sR
Rq+vvWGa2APjoFIoQEGTAwLNbYvDCnddkBK1ETym6gP3fUdGISUS8yCP5XmPQihtDk8IHN5m
MJVBcp6wEtxGW+5+4kYfU99/6a3sjLTHdbQOx/K15UdmSTGyRXvoDxAlyj1e2/eD0Hpk0hhZ
/952Cph2HR8xXS09C3aXvftbdgbvjhS6fHJZ2RlxnO+sixtdhKkgKYc1l/l7JQaliQYSYXLM
OFhGFom1dGUclpnkt8MCXTr75Wx/AQAA//8DAFBLAwQUAAYACAAAACEAHu4+4+cBAACpBQAA
EAAAAHdvcmQvZm9vdGVyMS54bWyklE1P4zAQhu8r8R8i3/MFpVpFpEibLksPKyoot15M4jQW
tseynWS7v36dz5ZNhaBc7GjseeYdT2Zubv9w5lREaQoiRqEXIIeIFDIqdjF63ty535GjDRYZ
ZiBIjPZEo9vFxbebOsqNcqy30FEt0xgVxsjI93VaEI61x2mqQENuvBS4D3lOU+LXoDL/MgiD
9ksqSInWNlSCRYU16nF8SgNJhI2Vg+LYaA/UzudYvZbStXSJDX2hjJq9ZQfzAQMxKpWIekHu
KKhxiTpB/TZ4qEkWJ+J2nktIS06EaSP6ijCrAYQuqDykcS7NplgMkqr3kqg4G+7VMpxN4o0p
f6QGS4VrW4oDcII78RhZ58RZ9w5NfQ9V/Z8YBu8l01ekQYwaPiLhbcxBCcdUjJjznub4cW0z
fOX//qWglKMcSb9GW4nXkdX05CeUBfO2845T058CTFr3qcCSIIen0WonQOEXZhXV4cxp/ki0
sHNCOnVk50v2GKMguJ7Nkx92yPSmtW25iXFJclwyMz1ZH5la8lq125PZM2KRFWYxugMwRCG/
OVHdBf13OAzn3QHDYjfYcuUm943Z7x3sLjtHdVLn+eQ6MovV5tndbJOH390aXm2T7ewq+Okt
H5JGgumEtKtsVztoF/8AAAD//wMAUEsDBBQABgAIAAAAIQA6+7d1rQIAAIYJAAAQAAAAd29y
ZC9oZWFkZXIxLnhtbNSWS27bMBCG9wV6B4LLArbkxA0KIXLQOE4aoEEMx10U6IaWKEuI+ABJ
WXFXvUNv2JN0SD1iV87TKIpuLIIU//lm5ifl45M7lqMVVToTPMSDvo8R5ZGIM74M8Zf5ee8D
RtoQHpNccBriNdX4ZPT2zXEZpLFCsJvroJRRiFNjZOB5OkopI7rPskgJLRLTjwTzRJJkEfVK
oWLvwB/4biSViKjWEGpM+IpoXMuxrpqQlEOsRChGjO4LtfQYUbeF7IG6JCZbZHlm1qDtHzUy
IsSF4kEN1GuB7JagAqofzQ7VyWJH3GrnmYgKRrlxET1Fc2AQXKeZvE/jtWqQYtogrR5LYsXy
5r1SDoadeG3Kz+nBmSIltOJesCO3oxhxtYnlVR1sf++7+qfiwH8smbojVqJleA7CdsyGhJGM
tzKvK81mceEw7OPvCyUK2eLIbD+1S37batkz+QIy/8idvM3U9IsEOkf3JiWSYsSi4HLJhSKL
HIjKwRBZR+IR3BMSlQHcL/EsxL7/fng0PoVLpp6awpHrTJ7RhBS56a5MN6ac8lS5x41Z5xQk
VyQP8SdKYqqw51ZOY/fGQhgjWPMGh5vMEujvoOcGkkRA7caRyAVAkcIIq+EBvxOxgyqc2glv
wxl7gQW6UpOKaqpWFI96yMoYJ+ZwHlZI8nicErtej+ZrCWQLugQ7VzhPKGRcGzWndw+woOnH
iwlC396hq8nsYnJ+Pbv6OHd87cY9ODWVRBFDt1BtZVRVOi6mSoikTqSaM6PDfctDebwV8aUN
Qr0tAttq555GZ8N2zdT/Y1zwORgSbnZAJ4mhYO6Dod94+ylL/31D3sy/fp7MJucIwTeVF2xB
FfrHhhxfX6HBIfr14ycao+Gh70aTLY+ApXdawfrmgZptubTyGPzCv6jRbwAAAP//AwBQSwME
FAAGAAgAAAAhAMk5PzHsAQAACgYAABEAAAB3b3JkL2VuZG5vdGVzLnhtbLRUyW7jMAy9DzD/
YOieWG6DdmDEKTANMuit6PIBiizHQi1RkOS4+fvSi5zOOAi6YC5eKPLxPVLk8uZVVdFeWCdB
ZySZUxIJzSGXepeR56fN7BeJnGc6ZxVokZGDcORm9fPHskmFzjV44SKE0C5tDM9I6b1J49jx
Uijm5kpyCw4KP+egYigKyUXcgM3jC5rQ7stY4MI5zHfL9J45MsCpKRoYoTFXAVYx7+Zgd7Fi
9qU2M0Q3zMutrKQ/IDa9CjCQkdrqdCA0Gwm1IWlPaHiFCDtRcSJvH7kGXiuhfZcxtqJCDqBd
Kc1RxlfRUGIZKO3PidirKvg1JllM8o2SP9KDtWUNtuIIOIE7UYy8D1JVX4e2v8eu/ouY0HNi
ho60ECOHj1D4O2dgopjUI8zXSvO+uDgR37nffyzUZqRj5PfQ7vTLiNUO5ieY0atu8t5Lc58C
mIzuY8mMIJHi6d1Og2XbChk1ySJqbyRZHZdF1KT+YPDQCcMs82AJmmSekVnS+Rn8xWWUP2SE
0tvf14vL69ajM61FwerKT0/uW9Nic3G53vQg97bN6QzjeJkxfCtwaWBWSuLVMm5S0zv0XoFJ
f4S21qF7DhvuFH8O2ktddwP/GBCCFtqzCLynhB/+j5STpM7IQqFhia/eAAAA//8DAFBLAwQU
AAYACAAAACEAqLbKc/8GAAD9NQAAEAAAAHdvcmQvZm9vdGVyMi54bWzsG11v2zbwfcD+A6HX
1Z9xnMao07Vp0mZrByN2t2dKomPOFCmQtBXn1+9IUbJsKa6dpknQKQggiyLv+4534unN29uI
oSWRigo+9DrNtocID0RI+c3Q+zq5bLz2kNKYh5gJTobeiijv7dmvv7xJBlMtEazmapDEwdCb
aR0PWi0VzEiEVTOigRRKTHUzEFFLTKc0IK1EyLDVbXfa9lcsRUCUAlTnmC+x8hy4qAxNxIQD
rqmQEdaqKeRNK8JyvogbAD3GmvqUUb0C2O1+BkYMvYXkA0dQIyfILBmkBLlLtkKWuKjAm678
IIJFRLi2GFuSMKBBcDWj8ZqNh0IDFmcZSctdTCwjls1L4k6vhC9neR8dfJA4AVWsAZbAVQgj
TBdFLJWD0e9aq9sQO+1dzDiNGBA5DfuQsIkzoyTClOdgHiaaonDBGb7Hvj9KsYhzcmL6fdCu
+DyHZXzyAMrafet5RdbUQQBKrjue4Zh4KAoGVzdcSOwzoCjp9JCxSO8M4oT2mbuMpPvxD0oG
ydA7Pe0eefBTr2JYFN5ir2Um/BvA2BKzoReAhxGZjgKYz3glFjpfMKW3JMwfnhPGvmCLgZGp
mQUYjk8q4Et6M7v/ectSXIBmEAsxz2hqw58BOqVS6WsBSOwtw8U7+/BcsEUEUTV/vjHAxaf3
EFfdYy7+zu5ABikNubg+ShoawdzAFWCkrHX6nZOU+Y3h3tFpr2L46LTTNcMp5AwgRPBkALE/
vAYy2se9/vl7S6wdGkE43B6cFMesMmVKZYC5HscQg60GtfxEnJCtHrttR1OVag1JDooOLMzA
cR44O7GsAqVbdqKD9xAsYO+yi0QMMyw2s6MwsMlkoO5gT+vaXzEOwMYsd4FgAvjACy0ykawh
GWocfgPwEOFcfyBTvGC6LLZRYcgQG6cMKiAKaAU0PoGtzdJn5efEIS8F1woeEzCud4rioTeh
EVHoL5KgaxFhnmrat4v8c2Wv6g5WpGK3Kk8GDFskdozwxtexY9uiAYYdOT5YudlVxxpL4x8U
jLPbM9LjODIOGgA5ONAOadXs463Z4L8dMwQivzT+Aupwt5+BJXOX8gtTyjZnJPWUkgDNn52n
LA6so1h3gYhiRJS6jrPPSiu1ngeM1FZabaW77TJmjdHnaruUj2UdB1Jg7OEPzBewbERJcEck
nlfYBRhHRmDBzbOhqij6bIHiQAGsQ8NzqmBCGJmLaMHpHAf/YjQSTM1xrYiCsT0gUh5oCsYX
QPCQsFQI3u6ZaUysjIw2+agj4737925d7Nixn8gtSxQYawC3HKDfeq8b3W6jf3raOO72Typs
46eJjiUhPHl0LFFg1HCJb6uSlVrsJnncM38+0P+M2C/gBQPYf5oeNPP04HeogPkNMe9bKnzB
xUlzSSvh3H8LsXxX4lCXX1V1Qiaxn7H8greZG+UXFFS2nv1GQZWVchc8hPWukEurRFe2FZ4c
10XY/+ZVwe5Q90KLsIuEMMoxGt9BETYXQZ39b1SVT5P912WY2dHdq7J8434GRdRlmHlLbYz+
kV+j7o6Npez7ya2hREFlGXbUO6pIPet64MfWA3UZFl7/2FhYaf2uDHMJQnOdINSF2NCrz8Ee
8RzMHiQXzsGgEDOl2Z512MaRGrTUbNd09hh8T1iFyq1fV2515WaPdV9q5RZRhv4UCWbB3ao+
PNvunjjwdHt3gloyAZce1odnWaHwjFWbaW0cmH4P6KOIJVFELonnTtRQRb7uXhWDCqtbYuoj
td0tMbtdpZRLvtBa7uSoXWEbdS1X13I/ofVntRykDM08ZTisjqs49nA9khVPXqfJ8yP0QPps
JC9ubeuDzwqdo+s+1E7bJv1brWGFRtSqCWYPKMBLb3NMLnfYbLx8WH/lPX24pq90HGMO1YrN
MY+cwNbNkkDgfW2Xtm/QbXhVXZfQlZh26VrQm6Xqt9f6QmsRZYQdujqT+wNQ23252HYaPFbP
cQrIwk+7Q5+9q2y9h3asrwBt1ujguu9rcP+eztRNgCZRfac1lNTwDcVmNwOgBC3v7A29j0yA
Wp11ocmMKgT/XGiEUbzwGQ3s9xsowiFBeAln+6aRHWmB9Iy4Ga+QD83nG/vxHtTtLwFwNGra
3Tlm6GrytTFB2Ucmh+I8XCIGMQ9JiARnKwS9yGihCPJXlv0vJPKJRPAOQ0PvsZga6kAYK0fl
mAQaFqSzFIIWMfROKRFQM/2VvQchUokg7Y1hLl0S80nRdGofwUsPkDW0TQAMUAo3GGEuoID5
8FUN0ARfeMyb6EojNcOMWa35pKyqFBXQHQJt5maFBACTKIYWcfg2BwGRxsQ0BS4SqmfmWwKr
XknhUSKpMUEETc4Kpjk+G5PmhvSN7eetwMZZ0/Zg943Di3fZnHz4eOvsPwAAAP//AwBQSwME
FAAGAAgAAAAhAIN4xkHtAQAAEAYAABIAAAB3b3JkL2Zvb3Rub3Rlcy54bWy0lNtu4yAQhu9X
6jtY3CfGbdSurDiV2ihV76oeHoBgHKMaBgGON2+/Yzs42XUU9aDe5AAz3/w/wzC//aOqaCus
k6AzkkwpiYTmkEu9ycjb62rym0TOM52zCrTIyE44cru4+DVv0gLAa/DCRcjQLm0Mz0jpvUnj
2PFSKOamSnILDgo/5aBiKArJRdyAzeNLmtDul7HAhXNY8J7pLXNkj1NjGhihsVYBVjHvpmA3
sWL2vTYTpBvm5VpW0u+QTa8DBjJSW53uBU0GQW1K2gvaf4UMO3Jxom6fuQReK6F9VzG2okIN
oF0pzcHGV2losQyStudMbFUV4hqTzEb1Bssf6cHSsgZbcQCOcCcOI++TVNWfQ9vfQ1f/Jyb0
nJl9R1rEoOEjEv6tGZQoJvWA+drRHB8ujsR37veDhdoMcoz8Hu1Rvw+sdjI/oYxed5N3bM19
CjAa3ZeSGUEixdPHjQbL1hUqapJZ1N5Isjh6LaIm9TuDu04YZpkHS3BJ5hmZJF2gwb/4HOXP
GaH0/u5mdnXTRnRLS1GwuvLjnad2aba6vFquesiTbYs6wzjeZkxfC3w1sCol8WIeN6npA/qo
oKTfwrU2oPsMb9xJBxy0l7ruZv4lMIIb2usIyseSn3/GzElR54yh1+DSLf4CAAD//wMAUEsD
BAoAAAAAAAAAIQDbr6KLQxcAAEMXAAAVAAAAd29yZC9tZWRpYS9pbWFnZTEucG5niVBORw0K
GgoAAAANSUhEUgAAAGsAAAB4CAMAAADCI/wLAAADAFBMVEWixNmHlcTs8fKKttLE1t+8093c
5unV4eWYhKdkjrysytqRutUbN4/6+vqlss/qZ4XyxdAoRJaWo8nkVHZ1pcixzdt3ibvx8/g4
U55pfLT09fbG2eCtaI7Dy+KHo8bN3eJql8HvscDQ3uSdwdlKYKe40uPo7e9Zbq3k6+zg6Ort
kaeEs8/k7vTe5+rr7/Czvdji6uxVfrTkJlLyn7LY4+bT2OnLKlfI2uHz9PXA1t+6zNrdDT3n
19620Nzv8vPm6+2kt9CWvdf29/jnP2akDEvjEED74OZdda+ar8suTJpchbdDWqE5XaKzxtfK
1N/qfpdOda/W5Oq+RnBjHGji5fGZv9hEYqbf6/J+k77Pma/IrL2sw9a8x9pHbqvGgJ3L3OPj
5u0/ZadRaqnP4OrYGEeSr83O3ua9N2W7xdXv4+fZ3+qywNXJ3OXK3uupvdKerczH3OnP2uPx
8/Onx9r98PPR1+elsNP97/Knyd3j7O9gV5jhADN/sc4OK4n///8AAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNuXPEAAAA
gHRSTlP/////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////
////////////////////////////////ADgFS2cAAAABYktHRH9Iv3HlAAAADGNtUFBKQ21w
MDcxMgAAAANIAHO8AAATTUlEQVRoQ72a7UPa2BLGAwhUIGoQw4nIi0CJiCAqLlILIr01hkQq
XbXcrawrvrRXXW1x18oawr9+5yQBEsS294N3sEID8sszM2fOnJMQHdW2JrQXz/hEaN9Nrmw9
I0X96i6r8/od+dywHqvzblZ+ZliftfXm2/+NJb+bfGYv9nV1Jt6uPK8wHUsef/u8uahjdb49
PK8X9azOu4eV58xFA2tr+Vm9aGDJ8w9v/nq+/DCwOlunD/PP50UjCyL28HxFeID1bfk7XiRJ
b8r8xx5YKuWVS/+zswdY8srDw/gwL25s+G9MDMtyLMs28G+avvNf/G+4AVYHhD0MFGGSvFis
RQWWNrmLh5/9la+Vw8+XY26abgjRmv9v8qcr2yCrM/vwsKwvH6kLN8uzpsvVjZi52TSbzbFY
LIV/WvFMhW4LAmO6mP45fY9Y39486MrH3iLLu+jKdKkA3w+2MQeWTsfBkjZbPM6xh4FGlDss
/AztEUsGYVril/ZMUarNrjabKkilAU6BJdOtmNkmmAr2V+Bh08aPXfmI1SFB2Fuc+KumKMMg
d6m0ttZcazab8NRsFgqpFKa1YjH/WMAUqLletWxJ+3ZDcO/9SNtjVmdiHUL2LeVGTOVSGLuo
3JhqNAcGqVdzj/m/ZszTzaY9EEVwKgxLUQ36MryQKTaQe/r7dWAISx4HL07W2Urss4tihSjL
1IBRLCpMyL0GWysWBXYsA/KS8TAg0YHJlwxuCw3/dx05hNXZeguwmY+04Gq4Lyt/kDI8SiQY
vGjGK5/dtNBu05f2uVTLZktvC/YRk4BMwaqPRrXvOXIYq4mFPfxjooU5sjQNIQKDUDUL+GVz
ulQqCKZDOipwN9nUnC3TqLVswW10cF0NfxSEytPShrDImutfwFreqrtLqZRZ4awphlOjYE5N
XwsbqWbs0NRAXNFmLqJKJgyiqNrRyVGNX3yyeD1mxbg29R4L+xStNlUUYKbBtEQ0kzTdhNQ3
N+OfaSQEvrI1WzhcbV2LTC54MoZM3icS8hHrQmgzI3OQ9w8P70mzgppWSAoNKzPLnLuJR3U6
PRez30QFAYVbwcvtANdGbKOB2o3Y8HwcZFV46hrqzyzk/cP6SglQWFNJNQ1G0rVmLKYM6XSs
NHeD2tGGoOQrTwXOAtusMLyMDLAqVGM1NRdvmZX0WJ8omXWoLox0s9NKuYqZ0zsBrnGA2i7O
ag+en1gFGp6snDDUjUbW3zwdb8Xj6XT6Nc77h+XXpKoKZzxJKrC1wtoqCptTBfPcJS0g1nT9
NSzQDRQ4CWfPd6jAVc56VR6qzMC64GuxeBJYc3Pmecx6eJMq9VEarFkosbScOqQPBGYsnEyl
bXM0V3XzjUt79iSArDlrLscKsccJomfFBCYdtymsVkpNj4dxHCdVVVdYs0BWkIlFTDFthsph
y2QyfrSTHGGomi84ItTOrdZ8nmMfTzQ6FtlAGZtNZc1teCcULz68K2k1Q1ZYpek1krTXXG33
RbM5B/XeBiy7jaVt9uo2Ej5WA0IuByyHYHo0qPssmXYdxgGWhHDNzbUW1PSA+UVRJIOpMPmC
Rtwiy6ylMApYALONIV84WM0xVOCVcA2sqXyEWhzM/D7rsE2n4a80Viw1XcTVA2xFxyIVkp8k
M4hJpXqszFdhrBrMHp0EeE7Y9gFrKh/gVwdC1mNdUFQFn2HXh6nCVxceZJD5s1iRIksumBBX
KZFQpyoCm0wpusCH9hbD2YPZbNa+c9A+u8Isx0sGDWR+l0UyLiZt77NiMfNG470astMJzMG4
RdTwyyXoOlKpQpJDh+Y56AQwK1kUssDy+YI7Lqroy+enHPcOsWYU1mUVBTRm67I+mBegiSED
S5OqF98qMPkPDhVJcq0J5TeVihVSNZ62m+MKyx4WimGFtS0w1JlPYZ25/jbANFYBmQ4qdo3V
er0yMfH6P//5/M9v0MGpykDUHaI3ZGgIcKnHDchG87CBTJmYDbNsHFMFHwZziD6p8bXclOP2
9n40aqj5KkuucdsN+AvsQ1synVleP10GWz9VnYiVLXDos0xOw/SvsTbmYHiNRVHtVSYdr9rc
B9Vz+8m10Mj5sgFXzQosgkB3emEqa4+3BpgwZgEsHl9Qi4beTv+hU7JWfBUXQu2F4ptKjrGo
UbvZqbzir19tcxST8+WsvgAVygPqPmQoHwpLZpgWzYAuRRiMZZvmOz1tBftPmy2xCwGFm8S5
2Cs3J0QRcvHQlxaPRnJWsAAVmCLADtw6YQprj99pMTR2u5aIC9DWP7J3pZIyL2vRUrpEnIbJ
tO2r9fMrhrXmzoMjUDWgbFhrroCDiBAepGtAMEuG0mlj6Co4UYN9sKnV0GjjBZjPMApkQbTU
kQxut2fsYTsELHvk82msfH6Ut9xGIvvHd/3qgVl76PKoWuPgD/rClMly0CZfw0ytoXqylIwP
B+0f0U6PBUN5ahftE5FISOiXRWDJd2wwWzVx4bACU8pvckGrhkbc8gR0O0q+K9FSXKixTl6h
6yNVFpQNh8NBoDoR2XeixV7EgGWOnoWzdndDY2FYPN56PSQ9oF7Nm70L2vxvQAWP7I1AELNw
lQfW7b2TGiU298uMnrWKRmAQ7iCrAlPSHuaVIXmvaJx8bVaWDwZV4WDwqMowwRE1XOBCGF33
NUqKOCXUK8Ggq0bbfb5sUNgGtysRU4t9SytQg0FbXllYUBcqfQ+Gg0dZe41VdGFZwIKEv99F
m04n33Mi0SGj2xDT7AkUGZ0Xk/EPE6dD0kOVpqnqBgujsuHAAQwuTRZmRSJOfglYXLfcEx2/
kLNBp+L9elhqNr2w+vHGMzEvnvknVobb/ARZSiWTZq0/9RaaXrP5JHuNlNGVty20Wq0Pio2M
VQnRldIiRnSKnG8Bz7p927A3jQeG/G/aZisZDld9r9AO1Cdr3ms47jhud6s9IXOBXEx247W9
+vDLaXtBf6D7Rv+ZdctrmFXD+wL4wVbk6ogPEZg1VSJ7xxsX8n3d1Z3GiL1ocWRBZts9u5HT
4YL+QP+t3qsGsDLTMuodWMQs4SyLW40SyfeO++WAKHJdH642pqwLMjPI0h0YympmgAXLMM3u
5ExuJOrO4oQvkf3jh3LDVUZa6SD8B1ZrTC/j7id0sXIzYzfqso/4DtzQ1eQdJbKv1y9zLkn0
q8IIE+Oztoy64sGCzA1R0z8kqCy9LjvWpbH0umiXVL/RWHTIl28ZdcWPzPINyzIcPBim7/w2
YpQjHHMjF+yDunK5aAA3NfdGXY12uUxrrEYgByxDvDALlsb4B/6Z+nJMSkeqHFdYBl1WYOWg
ZNzq4+WX6bpYNmms6Jl1akCXLTjnv0vBOg+aqZJM61lrhQv3TYw0F9LhsDFeJxrLces1xIvw
8EusmhwEKuaBZdBlOzpCtC2Ii2M4Jtf0rLj96w2s+e02qJ1rBl0nVivowpXQmIeEJB43lCp1
QSBi6pEuu0kIw5fhUhwz6orb7emwG2gjNvuaYXyd5IFlhbaQMMaLkJb4qNIILGKWI27UlRxB
bnsQs8LhlFHXB9wAVe3uA8R8NMbrPG89CFhh3iK8hvFFSCFXQ9loXAWWA1i6unEnm2uCLwgG
qOCArtnqCT4DWxhaNb9B13k+j7bxvBUx6opIkktQNzUJFHHcJo26sihgzx4pNGAZ4vVm/E+A
BYPn1fCrpCFe51NTfHHqFljTRl0eC8VrLOrMcTugixFGYD7KHh0dBY82jPF68zBZOQnCO/AB
rzFeuSJyQGo8jldCRBrLVZsiBnRFUS7oAxjgsq0BXbCE/nyCzyTr8xp0XQdo/uws4Kmxe7rj
hzLhSdS7rHYZswzxgkW3FaZqBZce1AWbA7/9iVckvoJBFy1SlADbKmJ9zzi+JGCpDSlBHd9G
BnRd5gQBlGGY77EuWEj8+88rhaWvG1dT3G7EWdwnoEbp6yHoWoqqXQAhuJyDuqq+EVCGYT7f
EF3QcYz7rnwjxnh9yUdHIVhExDlQN6REr24w7RBRNeah3eqDDYpr6K4wy5iHWrsz+fkLzOZR
3fyVJVDgFprPfWAZdElS3aT22QTtqkeqxnhBafNdcfxYeMQ3YtRFwjUQ1ZZ/+6KfYWl54Uxt
4J338oWrdw4XpFNK7Hbr/B3ipQFdUNqsI1c0FYCeOW7Ulfm9C1v//YNuCnDtyZfHm5H9Tee9
Vw70UFSsZIHc6M5fF+Jx/YNRF5QbsCs3RY/4ksY8tPt+7y0qxmV/vyxzJdl8Ag12UpYP+0dZ
+YMkSUJ3Xl6NhqiXxnidTykw3zU62Fkw6jrJffmtCzvd0iV3WzhUW7U9U9+Dbbf8UpI8vLZd
RHgbHsFt1HU0lYfVWt7qy3P8olHXOWxsdRfsD+9kt75TEGj3jYmldIcQSVokS7nR7aPk2q5n
bKAeQq3BuHwuVwsYdcG+lvXLtbaEWd76QWu3KH+RpISopQbcD7B44PzTqCt768A0RV3GqOsI
n4J1R1tWjMt7ehmD7ZBJNkNmePp9L6wqPQN56AOWSpuashl1XWHWVN4xo6bjirzXeKrhcrll
EiaUxDHVXTLDmogtV2XdX9zIOQKmBowDqxp1ZTEfziOvpuM6bA7c6BotHZdZlUsEoEbbTHdD
BVh36AT281yUZnfAIjDtXmWZeu/Amfq0U3Dc/1tdMY1/k0uHDK/LPeC54EKOLNs2Id8lvr2o
pQa+f2OBf2lciOQiKgzE3VYH3oJtJsc9nAdxf/OLAjud34KPXNzBBcYoWIOj3X5o+eQPDkwC
D/Z3HYBV4gLeBfP5qhfveF3smc0vIxiG7Zb4AusxWF/BT9K/2iRzyingRSNxf61cMYCyPzk/
MbBqsr2ESCkoVKd7mw54z6GCpIRzlPJsOjedYojY34+AaTRVH5ZIjPJiLTIFpVwx+MTHme6w
Xn/7Znz+T7y6q37JOfYTCkhKSMe8B2lFA9de+OcVyomEpc5LTmdCDEU2Nzf3VV4PqGh0RGie
Xzq7vYdyrpmmTNX3ywuoEfDomiXEI6l80N9qU/aIrvmElEiIfAKz9p1OHc3Au494DqiDkIW4
J+Bctl986hZi9Xn9k6kHkizSrqsuJfgx475Np4RGASaJoiWBMAvDNvdBXUSV1zOI0lkZ8ceh
xL57ZsjSff19QPVeQlqi+JAlUdZt26j3Ecl3vOJeXpTEkNNiAZrKw84csMh9ROLQr7/0yr1R
2+lMAKIVqlP8KHxhAuppN+O79yyREDGAeRBCmAU0Ha/PVNhO98ywjbEe8nSGE6njENZmKYv6
TXptX3SRgrPAbmyHnJAnqinyDLbpfvH+KUV9feu/1ixqKvKHfVW9e7Fktm5R3UiBl3u0Qdzm
THdT1ui5gf+dvsBfBhMyN2S/FxYsVAifCoxzahROCuO68hSPKg9Av3hqM0cn6z0OGS6FvPFK
aXfPXA7g9IDJplymdrE/MU4nUHOrxXlmGFOP5a2/fwGRUn3kNl7l6F13KDWwFy31ujNEiQoM
f1wFqkzlGY70qsUQP66/N2lFA1zUGLh607+eskeVYcLePYZ0FPlRxeF9UzmamdSq+9hOZ170
PmQp8919KF2d117KfggZZCmWs4SHvJGmB0vDpP3yHmpUzywhypCDSi/aT0rZzXughnkAYvHw
IO1pmjRQntY/zbwwnFzCwwceXYzVX9cr0SCKV/NR2qXqngFHGqUZEvLF4IlR/amkp8ZwvdLL
HFvEJS0vQiK19D1HBgwJOWOIroSYIZfqDSzYZhaXRE1NIjFKoTLU66fM8o++Jn5Sq66avmKv
xxhSN7qHvCxP9WYgXKxhBngibJYlalRf60+7OQgDi/6J68sducC0l5z9bPLsUmIZl9FBSySW
XKFEwqTLyHXVjwkPNVSVIQ9VbSUaKmLfHRbPEkzGnsHQJxK7FMx5YKb3fU/+AgMZMrn2xJ0O
xngpsDsXtAR9HeBJBHOEbiwrnQTVzdKEqZ8kpzPSLu9+6g6Ox6wOXKk+NqS7RQodU/xuSIIy
pZwDHn54GHZzQaftX/88GsLDc7579IIZSImExVM+5tHuKOAgeqMDZSUhBbTLqNAvvnvyRtAh
urAfx0CaMSMsgBN5Stz1eOpU2YklauVcKcxS7ZN2OfpheeIJ2nAWzGc0vzswthKQMqElse1q
o6XRUQ8eGlD8oU/zhMp1UaRcv77RZtLJiaF3TD7F6pB+Fk9kxmxPWELHfLm8K0JjwoOJogi/
ES/Wd0WeuyJnx1Xa8lBHPsnqyF64pLvkwWq6OZDwHOMqidV4QE1odGmpHAqBwtCuyC6W5A5J
TrxbVsYAtPn6kqG8fpqFG+JDThCh98Lq4BdkYz+K2jyKQzUqioy/Vym2ZieVsrw8O0j7Lgto
f8Mm6O4oxMYDo6wOo0w38CAnJM9onY+a9vSjl/y2pYh7+2aWNMwrP2CBOLJiih6IfBuiB92N
rieQQuVj8SBquhhyCwqIw03k5Kz+fvIfswBnXi3SrMiLx7vl8mgI4lRe2j2GjGDdNxdP3VS2
tTWv3Bc3a7g2+iiGww7AzSmHcMcozTSi0QOWZkx3hxfekvy9e+VIcmseRkF/APyUrp86m6Ef
2oK8fDs+oXrymVmdzl9/zY4vj8/+BVny7CwsCDJlHrLk/8ICdVuzs3/9F7xxFXSkR4mtAAAA
AElFTkSuQmCCUEsDBBQABgAIAAAAIQDpbE6NtAYAAKsbAAAVAAAAd29yZC90aGVtZS90aGVt
ZTEueG1s7FlPbxNHFL9X6ncY7R1iJ3aIIxwUOzZpIRDFhorjeD3eHTK7s5oZJ/iG4IhUqSqt
OBSp6qWHqi0SSK1U+mUaSkWpxFfom5nd9U68bhKIKGqJEIlnf/P+v9+8WZ+/cCtiaI8ISXnc
9KpnKx4isc+HNA6a3rV+98yKh6TC8RAzHpOmNyHSu7D24Qfn8aoKSUQQ7I/lKm56oVLJ6sKC
9GEZy7M8ITE8G3ERYQUfRbAwFHgf5EZsYbFSWV6IMI09FOMIxF4djahP0LOff3nxzYPfbt+D
f95apqPDQFGspF7wmehpDcTZaLDD3apGyIlsM4H2MGt6oG7I9/vklvIQw1LBg6ZXMT/ewtr5
BbyabmJqzt7Cvq75SfelG4a7i0anCAa50mq31ji3kcs3AKZmcZ1Op92p5vIMAPs+eGptKcqs
dVeqrUxmAWT/nJXdrtQrNRdfkL80Y3Oj1WrVG6ktVqgB2T9rM/iVynJtfdHBG5DF12fwtdZ6
u73s4A3I4pdn8N1zjeWaizegkNF4dwatE9rtptJzyIizzVL4CsBXKil8ioJqyKtLqxjxWM2r
tQjf5KILAA1kWNEYqUlCRtiHYm7jaCAo1grwKsGFJ3bJlzNLWheSvqCJanofJxgaYyrv1dPv
Xz19jA7uPDm489PB3bsHd360gpxdmzgOirtefvvZXw9voz8ff/3y/hfleFnE//7DvWe/fl4O
hPaZmvP8y0d/PHn0/MGnL767XwJfF3hQhPdpRCS6QvbRDo/AMRMV13IyECfb0Q8xLe5YjwOJ
Y6y1lMjvqNBBX5lglmbHsaNF3AheF0AfZcCL45uOwb1QjBUt0XwpjBzgFuesxUVpFC5pXYUw
98dxUK5cjIu4HYz3ynS3cezktzNOgDezsnQcb4fEMXOb4VjhgMREIf2M7xJS4t0NSp24blFf
cMlHCt2gqIVpaUj6dOBU03TTJo0gL5MynyHfTmy2rqMWZ2Veb5A9FwldgVmJ8X3CnDBexGOF
ozKRfRyxYsAvYxWWGdmbCL+I60gFmQ4I46gzJFKW7bkqwN9C0i9hYKzStG+xSeQihaK7ZTIv
Y86LyA2+2w5xlJRhezQOi9iP5C6UKEbbXJXBt7jbIfoz5AHHc9N9nRIn3UezwTUaOCZNC0Q/
GYuSXF4k3Knf3oSNMDFUA6TucHVE438ibkaBua2G0yNuoMrnXz0ssftdpex1OL3KembzEFHP
wx2m5zYXQ/rus/MGHsfbBBpi9oh6T87vydn7z5PzvH4+fUqesjAQtJ5F7KBtxu5o7tQ9ooz1
1ISRy9IM3hLOnmEXFvU+c/Ek+S0sCeFP3cmgwMEFAps9SHD1CVVhL8QJDO1VTwsJZCo6kCjh
Ei6LZrlUtsbD4K/sVbOuLyGWOSRWW3xol5f0cnbXyMUYqwJzoc0ULWkBx1W2dC4VCr69jrKq
NurY2qrGNEOKjrbcZR1icymHkOeuwWIeTRhqEIxCEOVluPpr1XDZwYwMddxtjrK0mCycZopk
iIckzZH2ezZHVZOkrFZmHNF+2GLQF8cjolbQ1tBi30DbcZJUVFeboy7L3ptkKavgaZZA2uF2
ZHGxOVmM9pteo75Y95CPk6Y3gnsy/BklkHWp50jMAnjn5Cthy/7IZjZdPs1mI3PMbYIqvPqw
cZ9x2OGBREi1gWVoS8M8SkuAxVqTtX+xDmE9LQdK2Oh4ViytQDH8a1ZAHN3UktGI+KqY7MKK
jp39mFIpHysieuFwHw3YWOxgSL8uVfBnSCW87jCMoD/AuzkdbfPIJee06YpvxAzOrmOWhDil
W92iWSdbuCGk3AbzqWAe+FZqu3Hu5K6Ylj8lV4pl/D9zRZ8n8PZhaagz4MMbYoGR7pSmx4UK
ObBQElK/K2BwMNwB1QLvd+ExFBW8pza/BdnTv23PWRmmreESqXZogASF80iFgpBtoCVTfUcI
q6ZnlxXJUkGmogrmysSaPSB7hPU1By7rs91DIZS6YZOUBgzucP25n9MOGgR6yCn2m8Nk+dlr
e+BtTz62mcEpl4fNQJPFPzcxHw+mp6rdb7ZnZ2/REf1gOmbVsq4AZYWjoJG2/WuacMKj1jLW
jMeL9cw4yOKsx7CYD0QJvENC+j84/6jwGTFlrA/UPt8BbkXw5YUWBmUDVX3GDh5IE6RdHMDg
ZBdtMWlRNrTp6KSjlh3Wpzzp5noPBVtbdpx8nzDY+XDmqnN68TSDnUbYibVdmxtqyOzhFoWl
UXaRMYkx35YVv8nig5uQ6A34zmDMlDTFBN9TCQwzdM/0ATS/1Wi2rv0NAAD//wMAUEsDBBQA
BgAIAAAAIQC7JcOWIAoAALMkAAARAAAAd29yZC9zZXR0aW5ncy54bWy0Wt+P2zYSfj/g/oeF
n2+z/E3K6KagRPHSImmLOr0D7k22tWtdZMmQ5HU2f/2NLDtuNp+DosXty8ocznA4/GY45PC7
7z9u65unsuurtrmf8VdsdlM2q3ZdNY/3s9/ex1s3u+mHolkXdduU97Pnsp99//rvf/vuMO/L
YaBu/Q2JaPr5dnU/2wzDbn5316825bboX7W7siHiQ9tti4F+do9326L7sN/drtrtrhiqZVVX
w/OdYMzMTmLa+9m+a+YnEbfbatW1ffswjCzz9uGhWpWnf2eO7o+MO3GGdrXfls1wHPGuK2vS
oW36TbXrz9K2f1YaTXFzFvL0rUk8betzvwNn3+p5mu6h7dafOf6IeiPDrmtXZd/TAm3rabrb
omo+i+HqK0GfTf2KTH03jX03iiJ2zo5fF837+it+sNrTKr6tll3RTctMABi12K7mPzw2bVcs
awLVgavZa0LUp7bd3hzmu7Jb0SLdz1wyuxvbl6QEQTS0P7XDYt917b5ZvykLartKjm07nMhk
ifZhMRRDSbL7XVnXR3Cv6rIgTQ7zx67YEizvZ1PLUeS6fCj29fC+WC6GdkedngqasBJsUmjz
vNuUzRE8/yG3uND1RF93xYEG+WdXrf9VdkO1KurFrlhR07kr1+bUtep3dfH8pu2qT20zFHW4
8ObkmM9njtPQ66n/Wey13mKSvtoUXbEiS5yGz2iIrq3PMkc37Aglv+yb1bA/zuc0wXW32BS7
Mkx26F9/1877seFkmP7maV5+pCUq19VAEWJXrbfFR7IQS+wo4e4w33wl4jB/oFVpaGF+6cZl
Pf8ibar1/eyWT2O/aD7Om+SdmyfesllfBJ1+vJDzZetZzBeMUxgadelpecrYdr+9nSBV1EWz
Khe0YnWZPg9laPcE1fHr39V62EwgGfH4tiyeyrRYfejrot/4MUoeifv6fVdUx2WfGtZj7/zj
jmLpYlM9DL+WAwW6Y99i/d99P7ytmvJNWT1uhh8aAl59ktOXMX9bPLf74dh3UnkxxV6acVNs
yYOm1lM8fdeuyxHY+676ykmvOvnIcAQ5+eI3BmoJkoTq8qjgYniuyWjNsKg+lb5Z/0izqChC
T0D68xp8SwFyOzLNz7SzvH/elbEsyIq0J/1/BjuuWayr3buKok73Q7OmuPRXByMsX3BHG++a
vOswHz9+Jfc4LwNjzlpv5WSLkXqhMG5CPIWaFxQhgwqQRynJMkzRzHhIcZy7U5x6MU7Gg3GQ
J5fCYN2i0v4Uxb6Uxml/YRFJ40wpD3UjSoxwppwZxqAGnP7CMT5N9r5YlEvDcqyBZirHWmtu
NbQBNyJKaGtuhdU5nKmTLMXSEplpbIPEJCnWOjF5OMXTF7b2hmXYboEnCZ5p0ExjablgGaZE
kcXT/v1Cg6gyBmcqpNEaaiCkTQJcU6GElimyKFHSANErlDV4TYVWMYfWEdokGcSOMDINCmpg
lLgiLWEmgdYRibQpRIhIrPZ4HG+8hjgQmWAJpkSepXDlCLtCYltHmQeoteQ8SaF1pODRQotK
ISLzyG5SyVRAraUxuYcxUVopcXSRVkeDpTlpcmgDmUiRQ1tLr5TCNvDK0znmuHl+iXjpbRAQ
ozLlXl+haCawBqnVGCEyMpbAlVNSmgh9TimTODiOMjxT0DrKslTDNVWOcQXRq5xhHuuWmZDg
cYKOGKMq56mAOFCRtkC42ipKjbGjos4d1E0zmxiom+ZMBKiBFrQ1YWmS6wCto6Xx0SPsECXL
sDQlZIZ5lMlSGEe1Jq+D6NVaeY5nqnVgV3iMkld4bGB4poYbCfGmDU/xzqStcQnmsSYoGHe0
Y05i63hhDdyddSoTjymZDgH6KdnGG+gLOursCqqi8amAqx0pxkNUGSZlAj3YMGUcXAUzugKM
SEYyGglpYCSPONswxnq8lxhro4QIMU4EB2dqEuawDYxX6RWtA60qtLWhPMRj60SR4mzDMsYx
3qygqUK8ESXDUcxKm2fQ56xSmYCrYK1NBdTaOiYTzEPZoIEWtd5kCcSoTSnGY57AzBVptGNp
zJNTSMK65YoSaYQqG62y0LOI4jIYKRxXlPEgaY6SMQGlOcmVh/HAUR6P8wOnKXeBPucMFwF6
ljOSkA11syLLsLSr5znnjMde75xlV7R2lo5AUIOEXYlVzksbsa29jQJGS5dyHfF8chvx6cNF
kUfoCwlX2kBpCdfOwhiSCCFx3EkUS/H+kyjKniAOknHloM8lhmI8xFtiBaV9yNZJzgM+M3mh
Aj4Z0fajLPQsTwfkDFO0SvDJ1WsTsgzp5o1W+EzrrcizFPI4RnkApnCOT+LeicxBW3uvlYR4
I8qVvNenJjeYJxNZjsfJNLtit8A9zkN85BGfWHxUqY/IBikTKY6wKWc2h3ZLuaAUG0oTPOUQ
8akg60Akpko6C62TEqbwjQyF8VxgHkoDPMRBSojnEFXpeM6CHpzS3pxhuzmZazxTT/k1pqTC
B6hBxiSTcJyMG4V3zUzykEOvz6Tk2G6ZUkzBKJZpY3Pop0RJ8akgI4vi3Syzmjs8juNGQ8Rn
jhIRzJNYhdc0o93UwZXLUjqKQ4RkKc0Uj5NaJbFumUyvWDQwh+NOFoTB8S3QRSjOewO3HMf4
INmVE2VQUji4bwfNI55pMFwZ6CWB9noLfTtQIoLvAkgxh3OKkMjc4nG8DA76QvB0FMeUjA6o
MIaEIE2A6KVLZX1lHDoh47uAnKngoNa5pL0EakBXxBLfRuR09YN3zVzpFJ9pcy0kxkFuWGph
pMgNzwXM7HJDJ2SI65zubvHtSk7XiR5GsdwxuulD0T+newWPNfDM4tsiuvoy+GYup9QB52J5
rrWFuQulaIpDr8+jotwbaR254fjOji4NA84cSJjHp+qoKfRCG0QtnIXxOo4RFlo0JoxhhEQv
c3yXFoPS+IY20p6J/TTmZGq418eo1ZQJUY1nvAKkys52Pj4MGIuW09dYLrvZTqW2rNguu6q4
eTc+HaB7w+182X1Iq+ZMX5b0dKL8PWWxX56Jt7cTod8WdR2pynsmHMP1dj4Wiql8exRbvyu6
x4vcU48OtlKF98fPssY6fNn9kyruu2m0Q1fspjLYeThO2+REqxqqYW7P7f1+uThzNVT+/x1p
36x/fupGpruLeQ7zgV6NHMuJb4tLobxsbn9bjOW9sugH31fF/ezT5jb7aWxaVmuqcBbd7eK0
HKu6W4xvT8p3xW43VduXj/x+Vo9VVT6yDPRrTW9Qjj+Wj+JEE0ca/Rppxx/Fapw79T59jB2m
T+p1+ri0yXObvLTRC4upn7q06XObvrSZcxu9gaGyOVU1O3qh8IFKt+fPsf2hrev2UK7fnBvv
Z181jRalUvZfKdyfyvz0IoEKzl8U+ccnAGOVf/dF6826GGhJjk589wXz8RHAC10O83W5qgiw
i+ft8vIM4dWkeF31w6Lc0YuFoe1oysdy9D+OMLm8Nnr9PwAAAP//AwBQSwMEFAAGAAgAAAAh
AC9ojQ2/IgAAniABAA8AAAB3b3JkL3N0eWxlcy54bWzsXc1z20h2v6cq/wOLqUolldJYpERK
cla7JcnW2Imt9Uia3aMKJCERaxDgAKBl+5ZDdiuHXHcPSQ5720M2l1ySvye1Tv6MvH79gQa6
G+gmmjLtUU3VyEQD/fE+fu/1637dP/nZ+0XcexdmeZQmx/3BN7v9XphM01mU3B33v78+3zns
9/IiSGZBnCbhcf9DmPd/9tM//7Of3D/Niw9xmPeggiR/upge9+dFsXz65Ek+nYeLIP8mXYYJ
FN6m2SIo4Gd292QRZG9Xy51pulgGRTSJ4qj48GS4uzvus2oym1rS29toGj5Lp6tFmBT4/ZMs
jKHGNMnn0TLntd3b1HafZrNllk7DPIdBL2Ja3yKIElHNYF+paBFNszRPb4tvYDBPaI+ekKrg
88Eu/msR93uL6dOXd0maBZMYiHc/2O//FCg3S6fPwttgFRc5+Zm9ydhP9gv/nKdJkffunwb5
NIqugaRQwSKCul6cJHnUh5IwyIuTPArkwufsGSmfkxflQvHlNC+kCk+jWdR/Qhp9G2YJfPgu
iI/7Q/oo/ygeDPiTM9Iv+hJ7Kw6SO/4sTHa+v5L7d9z/ON85uyCPJtDUcT/Idq5OSGVPcPD8
r0SEpSAJfatGMeA1cP6KCiDQM7x9lU7fhrOrAgqO+yDE+PD7l2+yKM1AyI77R0fs4VW4iF5E
s1lI5J2/mMyjWfjLeZh8n4ez8vl35yi8rMZpukoKIMz4ALkY57Pn76fhkogdtJcEhEMX5ANg
PKiH1A52aBWVvaEPaq3iwx94k4za2lbmYUA0tIf9f4iGhmREygCc+rrXvYr97lWMulcBYNWV
FgfdqwBc7toL1Ij1mBols/A9Fb9qBQgjWpmln2gEqe0TjeCYPynSqdqtvSOKXNp+kS+UXrV+
oXSq9QtFeFu/0Mhq88A1ktn8gUYOmz/QSF3zBxoZM39wm6ZFkhZhrwjfF6p8mz8MEvgM7b/z
pwRKw8ylMdJLty+mARqJeiN7yGArEBWUycLbMAMPLaxXttsg4hJ51vo+TGbIlrU+vo6KGHvb
aKcGHS0i8x16b4IsuMuC5bxH/Kc6kZps6tVqUth1Fa3uam3jfZ7GcXofzl58WIZZHCVv671s
YuVVkaXJHfmikZxDimhr9/H5YjkP8ihvb6gj304DIAb4T9eOGn9NPOret1k0a+2ioYdmNHkT
B9NwnsaAC2W/FFKav79Ie1fLYAoOWmvfOorSq+huXvSu5ugNtjY2dqYErf9VlKMmNUrc2DAU
M5lo5VYsHBvE2Vz563AWrRacNBaO8phadAc215rALjaTaJ+wSAWO1lEQBtgMgToM7kPA+i36
T/0L9/oJj236T92RNeu36D/1XtasH+Wjmb/U2XGo/xnEQ3pW6nXgrLtnaZxmt6uY60ArPBw4
a7Bowm4Izkos6rcCiQNnDa7AZ+9kOoWggo2cOvOixFGHVpzZUQKqQyvOTKnB3sChLWcG1doa
OrTVDWsdGnIG3cvwXUTCra7GAFFa+Let6rxnoACYIKspx3crmOa0tjI0YJ5tKy8TiOTlYc+u
tT2D5tm2xuSJ2jsHHnczfA4NdbOADg11M4UODRnkw+zzCJto30h34+jQljMsCyuGYmdtZQ6c
kVk0hP6WfUPOsKy1mxb+l0F7zbKg2k2LVpwZpNpNi1acuVOzZcJuWrTlzKBaW8JuWrRlsBpm
HsmY6jIoZ7spN+QyIj/gbUE6P+Bt0ZAf8LZoqDt4tzfiD7wt2nLGBoGpMnhbNISvuEz1RUMy
eFs05IwNWvDGWpontx7A26IVZwap4G3RijN3aoAqcM6iLXzFRRJqbQmos2jLD3hbNOQHvC0a
8gPeFg35AW+LhvyAt0VD3cG7vRF/4G3RljM2CEyVwduiIWd4EA3J4G3REL7igg1a8Eat3zh4
W7TizCAVvC1aceZODVAFeFu05cygWlsCvC3awldchIG1hcLtMig/4G0xIj/gbdGQH/C2aMgP
eFs01B282xvxB94WbTljg8BUGbwtGnKGB9GQDN4WDTljgxa8URk3Dt4WrTgzSAVvi1acuVMD
VIFzFm05M6jWlgBvi7ZQXjqDt0VD+Mq6DbmMyA94W4zID3hbNOQHvC0a6g7e7Y34A2+Ltpyx
QWCqDN4WDTnDg2hIBm+LhpyxQQveqCMbB2+LVpwZpIK3RSvO3KkBqgBvi7acGVRrS0CdRVt+
wNuiIRTMzuBt0RC+skZDqEUubPID3hYj8gPeFg11B+/2RvyBt0VbztggMFUGb4uGnOFBNCSD
t0VDzthA9vbCdlHrXa0DgxDY7jPguxqsGxwamGTbIBvgpbw7vNEu7XVskI/QoUWDeNgO8TRN
3/bsNpPvGQTEuqloEkcpbiP/gLt0pMytvYOGjfbXPz/rvaC5Wcp3KFLVnTeQ/iZnspEMPEyq
hH4WsDn8uL/ku9lJbZDlRlIGWXYavvgSctVYxhn5mKSgwYuYmcce47otaxX/DZmeM/7O7u7+
+XDv2TkdEeTckUqKYIJZifCXvxeHtwXpwTLNj/sHR/v0fdMLg8ER22dvfGN0eNhSx9HhiLwB
FOL9SSFL9RY2zr9ZJdOC94xtlQ9WRUq2XIfPnhtLLuols1+t8uKS7KB+mZQkof3K6f5t+GQS
QgIrsGIwZG2R3JSTOLpLSPIpr3MS5CFs5Q9ZnxkpIbGTUDSrpHIe96+jBeTNXoT3vct0EeA+
MJ7Kedx/HcR3q6T3bVrMoykhOmZxaj+aAjfqdSGP5TRO1mspjZOxL/8opXHylINqGue3p6QD
Zd9oZidlC44N2INy2CK5QlaZbgwwf1KW1jKhEQdAyDn7uUhFlWU5AfJzqsvPSSIFf86bOZsH
GeWnkwa8DcPlBTTDaBkuXwFnc/zFhVGS7GkcQivQtFE7qm9o1aP2ik4/aq8wBUH94OOu6Onh
CLVQ0iBVqPcgJQDHBcl5UAn5/ri/P0Q3dQ6ygFng5De+lK4KIuOv3sW8QfwaWjDIeyk5r696
r6NkOk9pTROoDz7rIkNDowyxlOSaDHGZoB1wkKLhmlKUrBZU/aO4JBhniShsFSgbNg73u7GR
96rKxkmdy13YtWdk1x4TiarKr82uPRt2nR7s7Z2whtmgBUdkdqEogaCKQi/sGrRrHRkEoPvg
AOdXNqrIu4rDgS6vg8v0dAIdLjOb4Uun9m2YpPFNBB9kJiEf12GSGTsHu+CQc8DnalBB19HR
qO6grImhvPtdGDcyaheDbj3jGFcdwHDkk3HYvBPjtHypGkbOmAbmDkGrqAHi6rwm6/gAurBu
bGTduAkY3Vk3XpN1nEbwl2tCleKcKcBJ/q5MzwFxZuBLAWL4wOBQcJ3qQlF6OocOxdjUTa8M
jNwOynCwKYpyGZYoqvpe2F94owupDo3Cx+Znvkh1+FlJxdW9C6mOjKRih0v4ItXRZyUV8r1d
qqbgnwRTdgyCITDBUvJFxhIm5NfDFIa8fYSH8mQRDjzMKJeRLfpeJeOSIrvB/QGAoocRGPp8
TcobIyo9fIVCs9pBOGUIu9TWQ4DKScziLZP4Jc6+4LQq3GNLQz+z9wGtCl48C+P4dZBhdCZd
AjEMrxIPhZYOdhFza1VN0qJIF+bvM0wnx+p1FRA4kjpDf5JBwL8M9AaHbRJmLBPeQPOLlMSZ
FfWCLHp8bhAFW0qb+1YJrlVCFHC6R11OSYACHmNnapreFIUIs1Kbq8sxWFNrMG55OkO2C85h
bI8cVMbO1Ph43KcBcxL9YqHBKcn8hVO2IChGOgwU4NVw+wx/uUqRnFd6mgnGL/YHIzYvkt5B
uSA2HF853IPz2mi9vL48CZbXKUbxWfiRTUh/Na21w/rDAmP0TxmbGjCzI8em6DMYRMv0swJJ
UwjtpYsrckBYPV5KZpaMLXUm06JeybIap7WIhoysR5+4qJgZjKMBvRHHq3UZu16Uz+lBNfVR
svNrsN+1AZpEmdZU0mUdUeayIsnVJmWPSP1nlDKJYnX606KuUkZroYD0QFLmomGAUAOUl/ro
WWCnN+hKAFYRcwlaSeAWhBfhSoCvNQLwE1SuLQjDO7KMxjpNLBt6YhkL0G4Xy748ZtFIp4lZ
e56YxbyBKrPk+CkzZI/69bTF6QBIpHFPE8v2PbGMxYaqLJOjqY8s41PXdpbRiKeJZSNPLGNh
2keWgcNOaI3TMbC9dALraMVopNPEsrEnlrF44SPLfLCMhlJNLDvwxDIW/31kmQ+W0ZCuiWWH
nljGAgKPLPPBMhpaNrHsyBPLWAj0kWWdWHayXEK8VIlDwuMb8hwnmD5IvObs1l88DkaUGQZK
njsO1LAnzmN3s0LLl6z42viSFVq+wEC3kS80dBncQjAbj3HWBp/oSzf41g2+JmGeHMOt1+Yq
huXOt/oGTXBqDTIqB4OHbA5Xu1ejw4ZMWx/6Mpzq5BseryPfxqGSCJk/pbwMc32n83U6jTeu
qFtr1w8F+hvoNVmfvM3CHxTDgCU3WOQHMmHrM1aEq0kwdlx5ktaUPC3HnCSw44LFctU9nVjK
t9T3hr2/+vTb3/zpj7/7a6qPtdULHhFG1ce+yypdaYgtT/kwoKWql5tc1xcVoPoZ3Wr8BQUk
ZdKqGz2rPNyr8dDEIjjq01GOdYzAKqgclyttluD6Nt35+0vSCX/qu7jfmcPyI4w5VBRYLnMc
uQFl/fU7WC7jEK7tSiAHowhnO2QnuToC/VuNY4EuGnYO2Nor2ihWQrqVKHRVXthwh8hNBuEZ
pATU51lY0CMl2ANZ8LHIVd6ZmXoRxu/CIpoGvdFIl1ByFS2uVphkwlx9zQe0Q0ryBzz2J0M0
RY1nxKkpILUcPdt1vchrJ/NC7Rh5hgSytxYbV0h2bQaRG62jK1+rYXBxpSpch8ckT0lVkhDY
kMWkfGKglOwLmzdGkPS5yr1zD+Afn6ULkvhlpDwrx4tDDJSXqrCk/IaGiahJcgjVK2nq4KW+
YacSFe/xcHd395DZ9RV3KdlmJnc1Fr1n9LwUya/1zgfl9VAwdWX3J9n1v/QaBizgX9mbhM8c
MVL0+zm9Vsncb/XeJbtOi7VYo3YRO45JjIILK7iMKJ9m0bIgMrnukMiuFHJVlHlMt/yOL1dO
tA8KdqdF7DJGnKwIhvFBrrWVTLCrvK+pLl9lCfLHvC201YJU1AW0Zff8nELEWupS2RbWsNSJ
HvpFSq+/qg8OC29gN+ZfBovl3/boSzjO2vRL3jxm2kVvJgDbrNWQe6mmL+5zMLHaZjjBTpcK
PeR7nVtmstZUXMKFt7PovZGQrNyGlhWOYL9dKWr2rK3HkxUXqeLFnkD8Dx5/iQIA1/DRqfUG
ZSCDi3XpbVyKHgHheNnGqLf1OpIVBpQB6mwTtIiU2q2AljO4JU/RRHy4MUlyAmJtRis7KAKA
qLoR127GZo1SVxfqlO3k6uIbNmlrMFKtxki3ZXlLs/1HcCk1yoK0vbqSsDoYwIVAzW8c7DKa
meoYDsdsPd74xiFcatrYyt7+Ltv/aapj72jMlpBNb+yP9phvZ3pjNNhV0xgq9ACC4UwExBMq
wRNPVPDkb1QFWHiibB58lq6yCO6KhBM9MNGRXLt+3JefUi3F/0u2h82EapM7/d3p8G27T26r
MxAyWGpMO3n8pdr2CRL3ASw8IZLehCH5Hm2YKe8mhFywOHynrvGIAqol1XMgWGFrBI5paCXx
mJxDRFZi+EEme0frJII2zJtE5+q+nijQDUmeJ7WaIBWT+JxHHioxtfJIa6a3+1yADUhd3BEF
upGywtb9/jrmsSNwuPfQfQjn0d0qUxct2GNd92VGuU6/hNPj5EcRrxP4iPsTpCOnmnzQ7oR5
/sMKr05XHExR0EacVinmFlYy19UzBHSHilXf2OCxSfU0tENx1FeZJllNgTwa76GLAsSnQ/Mn
ppzocXgH0QQjT25Y+VfOmirZB4cD9GEF2WGZQDmoTYePA3JalgyQ+ABo549vFEcu0tNLhWe0
CDyrGyhsY9jDAA2JnDkCDUvAhe1LNIwCpPMUOKP0MQg8I54vcW+A460DqUYxB4wqGUgBiwuz
4FQ517CNfNvOILi06z1hIfAPFzN+JY7oUxFhDasqSEjmFf4k/Zps30KaaWACC2kQbHuAQpYy
cQRmkz+yIcpRkTKRjgkcFptoV6E9onBnqAUFxIUmNpEvJY85cGx9gusl/MXFJDJbwH/A95pz
XhsmHOdRlhcs87s+55DL2ozMl+ewAe04PlcOgsWRSse/1n5f0N+Vo17xUcmrCTvglZ+hWMCe
CuV8V2nfYzUWJEGs5VqwG8TeR8Uczn5qxFn2zkPEzz3DbHeNgMU2dU6HD5HNXaK/qohQ19Kj
OuMBHd+9UT1GLLiBks6j4FoDfzlcVSdWn3XqVQnJHu2qMezqBODw4FANDVdfUaZmujmCPq5L
Y4ilRg8xcAHs9uXnptkiUNdxzuljHadhHaM18oWdg23DnLt8bJ46rWRC1O0OfUHOqWgVWpPh
lbdE1tuF6GpGK241XqrisnOOueYKH6Uayb+ehws4LmgRJWn2ggTxiYdd7mnTZHLgjkr1M2Sl
vH+bRcDkrUO+hYttfp8oWMIKbiZrs6WV4JVJlUp9tjqoUJ/omz/tYuOMjASIto4AfldC3wTa
DRvk8Xat6oBWMQeZx2qsJhQPsLhDaAX70hQRQhqSAh1IU6SiRSZkc1Mhok+NnpYN3UCzOs42
yKj1jifSgxa5UwR5L33smTaVEPrQhlLCHBBAAqqJI9l87xAjuXWBxl/F5DpS8HmJuXWuIogw
71OJENTdA0op9oTAaYV9nv2371ZhTvaXannIC2+wVMdIzn0sU4HCVi266zXvqmYLAC8yGQwY
A9/8p46Aiq9Jnbv3mzZe9z+J8vA+NUz3XLu73gIed76rQYIHwBXtwgMljSkg9vB2y22/7gPY
ey7uWurxwoaFG5RIvqjjKmFeFELnrRC2uzor8E0JXCYVttEJDthbE28AMvM+lUaELfmarAh8
42n6zIVIxydeZmQWMEXwUZYu/mE7x7zImN4HJFImeXFO0Gtr62wETp1viluNrPi9aXDmzNJT
kZc2kBIILdFZJwdCSEyK60MMllq35zKE82hMrmsFVOSO14M7m/cc4FyQ9+oZ45fh7Q0W6Pw1
2T6aCCsE9EF3Y0G39dKE44ngqktKUEudJNUR6iARWkeq6pubWSf65g9fQf40biyRSoNPCDLJ
S1SJbCaBFy3Suhq0vyZHDbv8Ob0M7QFNpM+ZISQCPRZFMpXhmxIsTJLmhcwm/ViuBbTQbzGe
TXY7N2AsHGPzBWBsrtXEfEs1EXqr2YQBJwlts7+fEzFUZ8D5GppIZa0R831oIkRMiD3S9Vny
amqWCvBDKqwiCJJgw92+Iu2niUaeWYlJpmWfQe62/NwEIMKXqCyntMWCqzv5nMKdDzDBZuRS
M7Q4HduztNYmI5/1beNMVHWixvxUIutJiz8nijFDTc3gXGLrlzUtlYX6R8Ilt7RQv+t7jBl6
POWckmDTiVubnZFXQWq7FmWuiX1SRR8f9/SCj2UMuVwFv7tNvYJ0Q83pW+wxWsbNsl4Fr8Pq
otsuhsHvn1pDWWXVxvOxDFfLcBoFsWHXJCvtseI26rXa7q0zOhj95HuDKtutvpiUYbgOU01d
XnfXlyyVcKvanEz5QSerCzblEjA99cefqb2mFwxSmK47xVgIruXa2+axAnLIRHMgQwzXydMk
YdVy68bn3AxeDlNPwZICTkC4DtEKljsOf7mSbev2yuGhqkVugMDuojdDisUhA/v8ODeJYpVe
DHwcQzAaMcttamXYflABZBxSiTDVYXGUwfiw5aACftgBIAw0YziGAGZ1peI5TfEmaNBKOPO9
6/CawJkhcwvLfiR5ihUJflS024IILN4W+kUoGs5+jvs0BaTBG9iI+mjjkFR53FNG8Tv0LviC
QavLWnECVN9+1MHse08VxeHpYqCUXiJIb2n3/VNLRmorFwmkreM2TTYbVVwhMq/t6eNr8lzR
dQIrnMfiy3F9tmyq02jsq9mqhg1l3NdkE+3N6Jl2yZwqWrle3KBprcjzBUnQo03/0mz6pMzr
LJ3nB7fweJAnS02BLP06SGNxeb8FnW/UVIp9zZBczpGqVG45e5U3qhBYBNqIA5IETJaBO2OI
hF5TAUjmaaMcXUw4jYPpW4VKtKz3Nz1a/PUF6SSDsKHsZmYoCG4bk5vvn0KmMchX+OpdXDEw
0L1qfEzkzZmz49jE8yznNfH1rZbj7n4V7PzdGyLL/kRLVhO4VqRZB9mxgTUdlKugh23cP5Ud
J125SVO1NyrL1/MyWsN5afQC+ygu+cFTGsrCZAYUJvPP475Bn83swwMM1fxFggkk/1FbMs0L
KU/yNJrxvLqS1UzYrDIgxRn+pSg5XLyyDLLgLguWc4JjDQcnyPzZb5EAFiVrkID2u2maWIj8
B54IFra6Qa1xt6ODQy4YvDILnOdyAX87TkHe3r2FqVcc5eoWS6no68NtcyS0zDjWMYSF0oXh
Ld9uxdnToIDzDP0C5LPwNljFKu/4c2Rcqzd/H83S+7M0KbK0aj4g3XNVpFfkzqBnz7k5YBhR
llzUSyqHdlQKueCKxD1hj9iJrCcZrPgRSChBxZS9fdwXL5PbEugPHLByFj9f1pRxjQ1DirAy
+KjkerNnzPSVndqAsbv++ZlwGOuWDsq4r6mPC4gvkQCygZP3erRKwoZ8GLaLgHgox/3hwZgw
mPy4XMXwgB/Rcv9Uhj6Mx9ySY3Ne4WeMX85+EC4FtMpd9XobinfsOreKNO2NR+dwOCm+IIkO
O1y5IjrsWYvXtAGT+QrQHPJ8qXlV90eQ4p5UTgdbPbzVSWg4TsJfruyfdyUNuM37tCGBloOF
Q0AXJs/Wwn3AXdFGcW6VWjhIPppktdMulGvD+Ft1oWULbRWhZc9ahPbjfOfswq8luwzfRTns
3FQ3HJYlOAAzhrHzVOomRWM/Shyv6j2wkV21pvnIeCWPu1VhWFajcoc7sGy96Qo0qKSuQoPe
0jxCQ3Q3L14mM6pOyimmj9DgHxqmZ2cvr6+V2R9sNr/Bkpu/oBa5NvNzEtXKYlp17zY3Jtto
4NRlPwQXxXRMQFzhoaeYHz9FFFew1MCMOEYUy1t5o7qra21qJX4iuyZI0crq2ozV+p46RynN
BrOxCAF+KXsNcT416YI+xebAb37L3Sx8LO4lNVtGNjdVZUVDCGPcuG5XNbeRQr8UGpU2VfMB
HZFyFaRXWT1L4zS7XcXEuO2cTEkC+UA1ffytHtrAnR59sQdvUiZ38I/prEZMZch5aDBfZW6j
eAybGKhTqKhuxUHDCak/RT5NZx8UXMWHnYfdEFXYOkA1h4M4mvIue5lQrOn1K7qFPJLdz6r7
Xr6/AYf9dTiLVguiLUOmVfuqVtGXqE4Ne0Kr4M3O4iXHCth06kE1J1DU5v9+/4c//fof//c/
fvPp337/6V/+63/+4Z+7j5KL3da4HmZNKeGLd1pmESklpoBf6VK+jcYJWNcxkr1U3RB41FnM
+Fi2hgFAKd4nL1iUJ8HyOv02i8hqlHwotleQUm2YWD7CNsNk5wGuz3qZ3KazdKpoLn/+9UmL
WV0HbD+3JE+qf8gUSFZk/E7WZF4RNNW0Rq2As/AnSzP1+qr3Okqmc7ylFD5wma0gfJArsYlJ
EuFNhdXo3pXFbRxXbwTml/H9gKf/FlhBq+ctE9BkrDT0KKcZ6xIDFg4OFBoU6bTHDmxumDGr
szKKpq2D/ZIcP0n6/aCpMvNUVIj5/2MWNsb1/8EQ9uqiKKkbeNbWK37JIUx4VtkHYn11mkZU
md17yF7Efmi8Smm9Q6yAlFsHNrxLRKg3SLS6D4BItH71X44BmSRao+QsgaRV1rkp3kb3oAQd
JnJ7ssjVYAgUwcYBE2x4mczC9+riErQZvjck39qwopXg5aBgCn3Id2S4+JBiCCBJh1psZCt3
j9jo2dO0xsYDWVAH+/S+V13+5yM2ElgXEo1KqV71SJWS7V7bhFTLSjka8+tU1lVKFVUIvLPQ
xhrd/7HA+0DWGnbeBcD6umw40mIjM4xrsKEV2h/9xjtQZr773eQ3HspcHozVpFIewH/ERhUb
1Qglxcb2eKTJdzRJtas/Bc7ISKtw7Fb2R4X7XM7Ivqxw5LyUx3kaOhyAVZo78IQvcpYuFjCh
vCbnk9a3MwZJkhZ4dXGPxIxao7TymqdUr83NQtpNQdrt8XxyLBc+D/LiJI8CDF07b6x3n0Oj
kwPQ0RL4msISYjAtwoz0q2HzPCGQCnmf/um/P/3nHz799jd/+uPvevQVFOkaxLA9xCJWdg4b
hCmnVIfqiLkFebiIXkSzWZhgjSZwVJfWWaxCs+2Ks+W4/zXu1RLqAvivcor4veubJpVN9O5r
oH4uRft3NRksWxfWAKwpd5dWzmwQZxhLL4gjhmI4USfMjvuztDzX4Gg85HuC6TA7+MjqXIuw
bP2Z1tfEMiArF6Nyfkjgptz8QJOfGAc7sGGsWBjCBnaASw3WvEShHqcqNlOVkew5DXZHj64T
i9W0uE6nQRynaaJ1nVhZDwt1ZluWb9lvkiolSkgteashMCwJcl01GnKTra4+x/43ekn8zCl5
/dj2SvSpi5ek7h5gbtLvfw2e0qd//fdHT0m6X83MFmVZ39euduEpkQMfYfoQatXjlhU2zSv4
dW2ydsiVOqjHlu8TNntNwxHGFbQ2GhZWoBQwSmzWKd9uCSbaqpxC7voMkb+AOIeqp50kmuco
Jua24Z52vnjc/zFMTCrME+p2BVmhkLZaZxB7jAiueq30uK37p3abJBjNJ9ScYdodCGbLHLiS
8iJ6e4HZqpGmw3A45xVdgKIioHaazbTMfR6NB2O+/QMVofRwpclHZXaiu6O78gKcVcjaNVUx
GB2yBUnjG0eHdW2ubGYAVZY3dpWZu15yeoEIun0/xO0GJcQLbVrdhWb1EruCCCbRvQqaD7Y5
Pws4B1cpQPeFoF6TJ2TXnaJZWNLDIp1/h8Wyk1f14cYHB+dimk9PoRAbi8xBFu9UZa6+7LaJ
3e1M3YtJTPsH/3iJZ2HcH/dxkygNK87eB1RTofw0zWAej4dsFumSy3MOes7I+hG2zyN9QcUh
pRirwcRdOb2YKN6638KqSpEu1v0aAxLrfhzBgR6z8EW3z3+x3ufEQaiSfxKfhXH8OsiIRaDM
MPCNkRtKB7uHhDk1vgqSGr7nRDNUQLsmOkN/EomCf6GakQ7iP0TTeptxFizJnSGKIsLZbPhc
p4WyApqWhlQLs8cWc1bJHDj6y3mYfJ+HNJHQbHWG54OzU2YjmNXRzcpgkOwwTJJZAn0GMrDX
mcLRW3YjXVr74Hz/6OAZ8ogcEYPJMMd9guts2b3c+2V2/aHBFpstYLAhZv0mDqIEQU4NrmFZ
jwKkPsimoKPKhH32ZRU3ZSrLyHRVfIjDy/T+NEhmV9HHkKsRN9qTGN8AipnfaEM3IcNbqlCI
ATjMN5nQJUxcAsKg2jAJkz04WJgIliQdj4sF1vImQ20qpgz6pxKyCzxAZ8UO3A/OyX86wR2I
h9dRAkcs0YVy6ExRtom/GGQA09kQEdjELzHgGNaCvI5XsmRJFDOVXbd3yA6QQn/s4PC7vdzw
OlzZOejOjgnAxeAXYUbXPhFQKoKfz0W6hTgrY0oSFZm/AlJ3G8Xxcf98SP4TsnyODydw1t5d
lq6gjUrJ1RyWO8g3QphshRv7+yLNPqL8bH9/k5CApqGzkg5BOEpy+rrzNbm3bbeiPk4NAyrl
xOq0+C8NNvRZOoUzyiawPkzqSIKFMFtlCYpjw9qIHEARX5lCY6P98dkp8/mZ01FuZEdKMIms
eiQTyTyYR12JS9iMGntpHHnXaJIgBhlSfS1VJgQzihbTL79r3ISq90/lsLqYjXHvhW/WV+dn
XeK3nIX5T/9fAAAAAP//AwBQSwMEFAAGAAgAAAAhACsy6Ye7HwAA8qIBABIAAAB3b3JkL251
bWJlcmluZy54bWzsXcuOI7mV3Q8w/1AQIMBedFa8H4XONiSlZPSg2zPoqoEXg1moMlVVgvVI
SMpKt1fTPT8xfzAbjxcGDH9W/cJckhEhMoLBVzAkZjt60VkSI0JxL+8lD+/z69/8cbt59Xl1
OK73u9uRf+ONXq129/uH9e7j7ejf3y2+ykavjqfl7mG52e9Wt6MfV8fRb77553/6+vnN7mn7
fnWAC1/BM3bHN8+P97ejT6fT45vXr4/3n1bb5fFmu74/7I/7D6eb+/329f7Dh/X96vXz/vDw
OvB8D//r8bC/Xx2P8JzZcvd5eRwVj9s2n7Z/XO3gtz7sD9vl6XizP3x8vV0e/vD0+BU8/XF5
Wr9fb9anH+HZXlI+Zn87ejrs3hQv9FX1QuiWN+SFij/lHYcGFZzfJXfe7e+ftqvdCf/i68Nq
A++w3x0/rR/PZJg+DUj8VL7SZxERn7eb8rrnRz9q/F5Fssoc3B2WzzAV5wc2HsdhxgO5absh
fEDze57V+hN9T0RMMSPoEdU7qLwC+5vlm2yX6131GDPW0MwFlegi37897J8eq9d5XHd72re7
P1TPQpqp8WZegjWPJu2o9YCG6r79tHxcjV5t7998+3G3Pyzfb+CNnv3oFZLI0TewWizfH0+H
5f3pd0/bV8ynbx9uRx6+ZHdcP8DY5+XmdrQg/01Hr9HN26fNaf3d6vNq8+7Hx1V5Df52g74l
V522j5tybD5JZjMvmJORzWc0sIY/5W/BmnY4lRf75CpY0Bbb6suH1f16uyweDXe+W/2xGhsX
d8DX/3JfPmWz+nAiD3r8twN66xPQXPwtr4GfGMG/H/fA7ygM0OWvzxeud4h+9BwyCh8+LXcf
8Vp8vrp4+oH8yGGx352O6Mr1Dm57WH1YArOKB+Nr4AfgPdGLwB+4kLDBxyzvyoabMaYBP9qc
E3GaCDiBRmlOnK+2w4nAFiduxiGZ/05ikQaegBlolGbG+Wo7zAgtMuNmHFngR5bgp7SoCRql
+XG+2g4/yOJlQU1AOIAfN+PYAkt8z8sEMoKHaaZQ19vhSmxXSoArN2O8BHRcSHw/Fq2peJhh
zPl6O4xJ+mDMzTi1ITRBLlplfTTM8OZ8vR3epD3x5maMlaGr6ESRaN310TDDnvP1dtiT9cee
m3FuQ4DiTLQS+2iY4dD5elMOwaJP4UYEYaiP8FvUJwQjCaahYaRH/itAij6MZO+n8ROBrOzG
UCxhLI58/7TZrDAgwxJKw8ivVGaFBoX13T9MSplt4fDyeL+Gc8a79XZ1fPW71fOrH/bbJRyJ
nt+slsfT5Lhe3o7errdvn/B3nybAO+7V94BXOQ/pCXMKWLbXZVlDcVV5Nts/HdarA+IaFmvC
m9q3iC+1rzR5ooo+BTz58vP/6nIl8EFyaGVV5crv4TCCjENg34AjB+EJ+53eMUQVbwrJ/7s2
+VlmRv7bH7fv92BuqWinvtAjXBVYCgjX1gWYZDOy6yLeky6owkoBTwx0AU7WZlxh5b67LqiC
RyH52roQezVko7oUUKJPaKe+0NMFVWQoIFxbF8CKYDbrF9IFVTgo4ImBLiSR4cLYXRc0sR7Z
NzlYr7DBGGO9sw0HVvlWk2GBKPuDelHOimdUmYU6QL3v3776fr27/7SndjAnYN2X//4f3T08
980Y1F1SMY6vhMMKgPurLvV+GLpBvg0A99OftclPYzfItwDjDGQ/8FM3yLeC2LSFP4gNF0fb
um8DsekLfwiuc+bwpro32CbfAm4zEP4wcmTpswLRtIU/zK629GlCNLI1cCBa4RYyhmjF/RJz
XP8QrXZuVFVDDuI6W+N+SRAtq50sVRlke526EkQLaifMa5F/JYiW1I6S1yL/WhCtZmu7FvnX
gmiGi6Nt3b8ORAtyR5a+K0E0ZENERvIqeknRemF79q8E0dKrLX2aEI2sjRyIVrjUjSHa2SVf
GUp4HlNy7metaE+Pj6vDd6vTaXWozAK013Ts31Tfm8ecZTGO4QN+lWF6tKM1CuKa/OK4Hbi6
xfpGvH4ljEPvB9e+kPA7MSviJGVYgT4T8iyxQhWdiQMyIRLRTvydmBuplzPcQJ+tckMVrKlw
w04AXp5m+CjVoip4mF7rzwy0JCCqAE6RJXZi8M5U8taPPA8YMUGfrYqJKqpT5wlE4NlYV30/
FEYJoWFaWqjrLYmLKuLTY804tcKdQBjq7KNhhjvn6y1xRxUQanNnnFlhUORj6NCy2PhomGHQ
+XpLDFKFjCYMGudWeBTH5abDW3t8NMzw6Hy9MY9gPqhgO2kkHlmeOLiyCEQ0xpXnQEagkPbO
shhS6BXXDpHIojoaVAu7owIiOkZIqGZriOj+6S9oC5KFydIo2A8SM8JtH+NUIaKQ/L9pk59k
bpCvigmF5Gv7WAPfc4N8VfwnJF9b+IO4cQZU03rbwq8K9YTkaws/WLDcmH1VOCckX1v4w9CR
pU8VrwnJ1xb+MHVk6VNFY0LytYUfbPXXEn5NoEW0gwO0JmS3MwZaxf0SH2uRB8uCLwkyVtmG
S1wLfwHn4Yxg+A2EanHqrPjw/Q9lvIvyBEcsthyYoiRlDwO/dPNdnovYgQSHPhr9A5jv4jwu
bdelVtEYHw/TLDnrlvFhkQ2QVIVvkmUD23ftpdAGaWnG5nGlYWcYDHhFXQJsr6PlZTDgUVUb
BgMe1hxi6lZSLOp6S+uNKmRUX2+QaRzsv2Dh/Icx4JFjBwdXTjviyuJ+E1wpwPjambRRPToH
PgsdNEUm7W+fNmuMQ0tX7+2o+qpIh6w+C5Nmy/uLX7XgKhaw54u+7S8zZJBt68eVTH9QQowB
ikheVOTDNvnXMf1BdrAb5KtiR7uyD5PvBvlXMv2ZLo62hf86pr/AlaXvSqY/V5Y+VRwn1H1t
018jR/5yK7+m6Y/wpwnR/KIMCd/0hwptbla4lh5BcnTVPFLupHyACUYTger/GPv/SX4Tnmwe
uXfOT+cdMOqRp+erW44XxihNc7pyXN+HM10dQy1JvARrclENtRSpzs/abvI0ZUN7pKwvMPXl
3eQiKQU7kwUhhSAMYRgUGqatKNLsgO5lZXAEGi7bq1rl8pwKb66tQRKJglXwMM2INC+tlS36
qskIGwBaXxWCvBbmdnldsACdtYtqgNOUFWtVspWKamjOvA3wrF9ZKQoNV0EXwbO+4MdebiYB
9jYBC7BZW/DjDMoc08vYNQXfBnDWF/wkNlzyugu+JhKD7HkUB8dAsWji+Xfzwp3NR86ffnx/
WD98j0pRtxWdTvNoEs+46ckgHKfHzT3Un468HHD2VLHcowii6RdN8QP/WoENLELFbliGISHS
nxMU04ca+p+heviVQh6T0A0G4fwBhkH4vWwzSPt8DJExbjCIyAutUkSmLEuQduRYEKVuMAhv
SIwEuaFiQQYQn94rpWef4pzYfaNg1yCiULQEkW8sS5C2ioWhI4s0zkVhJMgNFQtTRxZpnBnJ
MMgNFYvA/OCEiuFkHYZBbqhYFF9tkdYFq5yi1gsvCieZMJVGDlbz+cybxpPCKsTaeiuwOom8
eTwHbxgGzEx/FAEw1fbG91DX+h00oAIUuV1DO5p5UesaqwTJxOHU4BEagjX6qlTM80ANAen3
sCRon0/dr4Jd51of64T+odahOtl1BvWxFevbewIXKmnXWeOCxoEBiI0hsGoR6l53nuhXAX7x
OuWGxjlUjbsuVm5onBP1uuuscUHj3K/oXeeaGxr3cmp++yQYkDbc+mk6T6d512wnHNzHWgcu
50MvwxjgL0hII9npbB4pL6TzN9Ao3KVdaUvH3/L85n6/2R/Kl1s+nTAAhZOMhbDV5fpptV9A
k5zfrx+g42mZok5XfPrVOPh1NWDuikblKNsj0yXFKoFYOCMV+fPACVJ7QDU6tQg4mO/uN/vj
6mG2PtxvVhVJNK1WeghC4r6IVDwsEBo+raqedGFwRWQluAKVlmyfSV9SeZJPnqq/XEleYxvy
Cgn4IjLxsPYsqnrFNSTWRuc+yLYX0oqGtWlVjR8VSqyVuj+4HmS7xMrKRfIlVtXRrSSxmQ2J
hax50SziYe1ZVHVna0hsYTrrFoaIijy2Tylk0CtJLEytTmEdn6zCDASazGPPD4VhhHJz4N1s
6nmpxHcdJwsvy+AitA+yve/IZsYmgts0EZriHKaedpl0cztivi4Sd9jvcAuj8oZiooVwBwSb
sXRP0YJl2V+r7/GXwJoCwsGfso90T862pj/7rgf+/PxXIodizabxswwLXYxB5AhNeyP7sDfo
d5uQoamLMajpz3ZDw2Q47GIMYkx6OMjIDRXD2E6w7V+MQa76s2Xw72IMavqz3VAxGXC8GIOa
/mw3VEyGNntkkC6AJeCRBrCBD+BuQsrYPL8xDb4MozSLUFNHwOR1S14dmtmILVTzlZUmuxbb
Hko1bD9DmCYi6tj2YPq0UK2qFUiA/RWz0SWs81GeYjvv8DCz6VSXtySWXAz4qppghCxUiiqT
sRD5KAUsrLswL5cKySowDxp3PoF+UYPCEhbiVPF2FuJhF6SwCZ57cNnZUezgLGYl8+kDGx52
gaVNuN2HP+8nG4qOU9oFUmq60diOyHUJoJeyB39B2hpeOWgaLlo78bALUtqE9M4qPg6ZaZfS
RkTNeZ247I7ePAQ4q/jAIpGU4uHrSKnusYGAJubYEEdeeBcWBaX4xwb8bUu2Vu7783yRF3Zz
NgC2O7r4r/+rDiICjzW9sV0ifb5XT77QjeZCVj3InJoP/0WmyvOps3FeUzvq0rI85L9/hDor
t6OzP1S8RSnlv9sJULdx+tQPpB7S4vEJrArTUhUMe6Yc1WgBgdVBO+2g37R4O/qgGl4g4MsX
fX14QdnyzRLzQQ55Q7N5EUWhj7zicBoli2kH5CWEGlb6Q6KUpPazSD1h6Xw1Xuf5W7Gq1VlI
nB0cFQlDIRvZQkrkacZCVvCYjX60ER+Is3baJ6+R1KNEniqQEs6elfBHnHMjIK+ekqNEnmpM
j5C82Mbs6ZoBlMhTRT1C8qw0SMQJLu2z18h/USLPnUhHnJ7STl4je0WJPFXsIpw9K/0JcZKJ
gDzkgKQNKkrkqUIQIXlWWgviXJB28hqpIi3k6Rp3yPwyxp27fAJViHGPBnOf8NRfREkezKu9
BqambBoI/2TC9VR3ZyEO1K6ZmAdsd+XLnwtIlBkdd9aDgVj75OAnkRljlE7SmpXkmrGLfRh8
9Q8RQZiYMcm234ZIDC1DfcQu6puhQi8zY5C9Y/dFHK/a6hVmsLTS+5TqutOHel3GkaqvXlFs
uDjbVq/LuEX11SuGWldGUmRPvfDvM/u4C7tXnBsuzH2o12XclfrqlSSGi3N39dLFpwSg0/g0
jJJZPPUWBFnyTWDypBs/zIMgS2dCfOov5vN4BsU1uzsl1VRcEvnwEmMWEdi3WtZNe8dt2NSu
ueM6C2jhyGe0oXRfEuQRh9Zl6IuaOjJ+1bptT1WK7O24jgLaeqyqKmP62HGdBbQQleaEejkL
aKE4sxGD7KmXo4C2bte8pno5C2ijWsq3KpO67166gLbZjCZM/Lsgjora5aaANpj5mZfNuJ7d
yuCaTtJsNk2t+CzUfL30FoomRcvyoWksbNhTfdyA2wB+bvbPq8N3q9NpdagOCIyzVK0qDk28
JBuc77duoEXfNCsQU/TDfrvc8QkKef7Dw/rjpxO5vgiioimS5W/zSWoaLBdIKAwmSeiTUXP3
MuQY1q6plIu0F+hP5tQq29AkyfKj+TPUwFC9CR3XqysWOllGM5+kJurpRejUCtYwM5TXYM+5
5JggnKWBVPoTOrXiNDRJsoxh/gw1kEVvQsf11oqFTpbjW5IEf3UqysCRABmWGONW6s+SWVa4
TU2xwDTyvTid4jAq9nSNN2BitM39PJmCFUzRuCVabX819pVqGNFiol1VZgADeJ+kXH29qcgA
BmSlV0qNZ7WrYaDpb10ewMDpdjSAgc3taAADJEW06CDG1kGTHXscAgPNbhNh5gdRNit8VKZg
IAAwML+DfR6Cy9jligIDySLIppN4TgDJ0G0CMQvWeNX6HEO3iQ9L6M4n5xpj0HCo9n0jMP1y
BkRWJxnzCGaQG/FcQ7cJtHpyrGAgKJpWzaLajZL7a+g20Xt5TMY25JDGNeL1VZeknjxizuxx
Q7cJQP0miY8vxkkWNLtNhFNvGoGLi6BYUyzszaaTTNZ5bZFPMuimPusZC2sbwIp9g9M/rayV
fDt6u96+fdphL9slu63hkqc9hH8qlrWi7YoSP1uP5RhZIMcgXcyfPjIX1GpU0fyRee0uxiAG
6WIG9YF01UrNMQyS+AEvxqCGNbGPfoYGGibzKl6MQQ1HpeeGisnMkhdjEANtHVIxh6suu7GJ
yXyoF5OghlvWERWTeWR7ZJCuk5dUL2CcvLNJDIc5Yfk0eQbD4OS9HQ0RX7g6ppHrY3DyDk7e
IiW/AaR6iywYIr5k2IcfWTA4eX8ZTt5mC4ZwHsTxdCas6CUHA6mXQGC3JPp7ulgE0V1GDFtM
DzFu1U1BuY2vKmeyYoVVZLvWCv0ejF1F5evN6kN7CPZg7BoJ+TMYu24lDBqMXWIGDcYuiQQN
xi4ZgyQh/j2aKliPRANDOmJPHoxdEgl6QcauZq+AcJ6G3gLK+eDwQ1PH7eQunS1iqMQhCmIk
CVje5crJycp1xKJCthmM0pBYtaeGvfCOhvUMFoTulU5++ks1SYLDgYR1fiDkHR42YV73fF92
TeV5eS2w0EbnIT8RsxANu8BCnh/YAgv/bEEKA0/IQjzsAgt5nmILLLShyEEkZiEadoGFDRMo
OLossNCGIgdopyDx6OWqSccr4GEXWMjzNltgoQ1FDsXbCR52gYU8iG6BhTYUORRvJ3jYBRby
PNYWWGhDkSPxdoKHr8NCXZ92szFFFCSJF02EVfkw+G9pCeZ7/iz250m1awMjynrRatMnSlAe
Fx5S6EFljkmjIBYsw2iUmbzq6iJpAOcSwWF/sd+djnBlu4X7U2voZiMH+vnN8U/wLOwFDorT
0fFPM/R86jtZJpMNBt+Mzxlm5jyOoXpn+1aHRmken692ncc2suzHPvD4ZhxWKmLO5tTD/iaQ
Cx6iQKM0m89Xt7CZiGUZhUze7z2ZRkEGnephU6zYhCc347NpwJwtWYzXiRa2oFGaLeerldki
VkTVOqOKDLkZW2kKkpPU0RamoFGaKeerLTFFFYZrMGXMjUJoOJJK1YC/QGGjDa3vE3NUC2Pw
MM0Z6npLrLFUxgsvKqBASF6ANWO1KjYy7gRQZax9JffRMMOd8/WWuGOlc0mx5DLcGVtpZ+JH
JJmlTXzQMMOg8/WWGGSl90kLg8bcxHptFYtj0T7lo2GGR+frjXkE86FVw6fZQCWaTIJkSs7s
bQ1URFA4nE6SyWLBrd7THamZ1OrRjt5o4FTgqgAJqFrspWu8CjSibSd+VOszALmFxaqFBQhe
W61tLTcCU/q6imCOfmPU9ocW+ZY2QKyV+gpIi37nLMEGyqoDJ/pMtgYBk+2DIW3h8LzaEoy+
kL54L4BF+939mMVlPvpC+u59IQrt1w/yOjyAL6Sv3+OWr00B6vNIKyquQi+loN89WZuIOGM1
10dfcIjQ3TSbXR2i6XwRB7PiFGfqJvZSL0rm8fksCDNQWpHgn6TwHZPfy4RBaq/iJpupdt6v
9mZaUVo4xE1zmpytgmuchCQrB3XFnAjT5FchyLhaFVzj0CKpzF2t8F1vQse1RogLksqC7vi4
leegQ2uFfnsWodCp2Q9ogGgpJ6I/obtaFdzehI57PhcLnSwMrRQ6XTDQrIgfzaaLdL5YELzC
BwOiE/T8LvMWs3lPJ2iww+sCKScP0Ovjdx83AObwWZGpbo+MOrokpjnr/0KfKaTYjHJtwJrn
N+/JDQJLgZEfRUyoySH8IrQandqltCp6SujlufvUwpIgmFSjo74KoWDR1hVj36t1EsFf6Amy
mFoj+4AitWC/d49gI6OCOsHgsNCmWXY4V1itxJNsZInQovlmfG71IvB40nrcaIRXt0l0JtvI
fKFL9s24SJYUR3MwlKPOiQB1KxMk9MopY+qEnoKHVWthU02YEzaL/cd+4IferGNofJrGXr7I
JpUSAJ0Nm4fF0Hj9ikraFo8iNMZ2sDYv3t3s/CNIjTUoqDRkcYpz8IYsTkmCkKyQRXNd70nD
eIHoLmjYkMUpkSCZQeliEmTPRiVco5WCymkEITNRXYxBvBBxF1RsyOKUqJjMfNajBOlC1WYr
itiP5+HdvHCQ8S1y8iols3SeJOF8LoSq8dyPJtMCLl/ePafdbrVhxxKfDBsg1LhH0NPjo6RJ
pbad0g9q56RaUiqQxo2HQQuQq42p6vX5lUhqJiUu0PnRtqtE3z8HE8SeZJXIaeCy/oROLeaY
2VoRCcDc6nCuRFIjYc+pmmV1e4MSSU3s04vQ6fvnoHm5wQw1kEp/QqcWkUsLHXhkDEhqJJf1
JnQG/jmQMSWSdNFAsxh/HARRCgHMZB83RQNeDtGXcXL2NMEa0DBczed3k8kEXHndI1+d9NvV
d86hYzVwBOdaOByr08uyrI8FZGYfPlqzhwXcjdXpbVm+YqxOL0KnjwVkhhC+0NnDAlKhu1qs
Tm9CZ4AFZMaGcpZ0sQCJSaCLmcfTJAzzsGOTSj9OoziccCN2qi1ycncXzPy7Ini4tyaV2sE6
7ZncZUrsu0+r7ep2tF3v9of58niaHNdLfORpzfRGjd84nX46GRtmABBNY4EF1tR9Zc5R9UPX
YywQx4UhFgWHL9Qyjy3qhLhGDpv6cZICrhk08MJOa9CG6qCsyjfbjlTWOoIYZBq9LGTQ33UF
q+HFUGWQvZpqLLpyRePCoJaNosqYC2kca8xxR+PC3LButW2NY01D7mhcVK8frCpY9jSOhZau
aFxcN2qqMuZCGsdastzRuARcEIwxWJVv3TVOFws3a/nHs3Dhx0nHWv7BFNK/86nYLuZl02wW
x7zYyiIEdNcbQK7nIKtOEQfPlgD5ep0rXVkwGsGZqly90ILhKih2s3O7584W7VrndswaF46h
oGBmW82FNM5VUByBO/BKWzRb1sJVUOxa53ZnNO5FdW7HXHPD8JO8mM7tIcluog3ESXrnxTkY
x8HC11YOSR46FoXT2TyZyLIc/Bgbo9ScxXaNT6ao2N5JmAktw5xwYZt9UcAWc80NpXcT2BYK
hnwyls3h+tberJaqqXpisqdxjLXXGY17UcDWIY1zE9g6pHGuAVtnNO5FAVuHNO4FAVtiaWWA
bTbP4kV61w3YhhBIGc/5tUqqyIchfXfDafbeRzDDkL4LnBYdjH76m65XfkjflWSGyeI4e8wM
Yw1qDJz18n7ChQw0bEjflUhQI/AFlVxQiajq7jVlJYg1ySIJ6iMySL8EhSxq9WIqxkYruKNi
Q/quRMVkEbU9SpBuYEKzJH0yyybBLOgYpDuNfC9Op+Ig3dzPk2kIXUHUbLCiSpIvorqucVKb
NJA9+LUu0pIUkimDvtklm3Xsw4rUWxz7Favr9pI8MWTsnG5HMmzGFzrWt92n0A0ZOzLsw5+h
BlDpb6EbMnZAj2T4opwl+KvTnyZsltpPFmDojhLj6rrhXTzxgqQAE1APAsxUZd6u2qaPK1f8
sN8ud9UOV6s/W30vSCmRdKCy3K6RZN6U8Yrk/Ybei1+DOLYUUGzPirpwf0sbUPQl9V6EKREU
2zWqKgxKXlPQsmmcBUU991EsNZou1DB0XYTlHi2rNFOGrosg5DxpGbou4uj/Nu4MXRfPXRS5
4jN0XQQ/27mLIpdHDnRdDJs9I5JFFobTRccwQ28OsDHNlcIMFxZMXAY1abTjDLvkjKNYgf4O
foF+gbp65fZazBcsfLICdZikKQpgN4hg66EoTSPOD9K8EaoCUgTtEZkUbBzR4YiJS5Zuwp8h
xvPYr9DpF6iTxdPxSWJMXL0KnYGJqxHqpiR0jHevP6HTL0ojC0zjzxBj4upX6PQL1MlCyvgk
MWm9vQqdQVGaRrRXi9ABaTomLihtgM5HdGhWOr9b+EkZVGVaoC6Zp148nYrL1QZQtSaMvHkT
DPSeh4v2PtjGtMuBCPNwOYPt9pqhSg0I3mGx352OMBFDlZoPYMgeqtRIIgkawTo1DNsaSdBT
3oIz6YFDlRqIvTSoCzVUqZFo3FClBgGkwk9D25GHKjVmGudUlRoo9ALgA/7/7QMKkkdTTcHn
bx9gEBfULTu3w5UYL9O3ER8Z9zbcZg4gOe824kzi3ubj+jUt95HSOdz7Svs17+dIcjH3NtxE
reXXSOoG9zZcqqflNhJGx70Nt5VsuY043Lm3hYVdh0cbsWhybxNx0ieHH+59uD53y1v6AkGB
mAFif+K9J8xrq4T5IgJhsPXGQEiiQFpCkVD7AnkpTWxcEgUC4wt/UCAygUhmfIHQwJhgNgRi
44t0AuLDW2fDF+lgIBAcciM2wf7r59XhsH5YweLTiA2hxvDCVMopWG7LIfRu1MfqKeTHcVeY
8tJyedN4ChUR0OEplCe9w1Oo5rcdnkIkvStfiNx3fQrV+7QDRUQj1N+lZZ2DlUUi53xBoxoO
dCBiEFc+dwdxbRNXwSY5rK4FkNVY6YfVla+AtlZXATQLhPBDAM0CESgPBNgsECEleJ3WjSAU
vqoAm4Ui3Ap0tP5ilZ7Hw59F7zsupgdnRzsaDAXYDB4quFGwSwLHBTeK1iuMePnyh1+GP9T7
nlnOGYUv2+AmPs/wXxOfA/hDAroLnxD10xW0xTLIf6BIruEE1CplcAASTJ1IBcslliueAhWE
+l+CXxSoIJxHBTcKVDAQnTmLOCGuJoWiGwufIvfGQHQEhKZYrdMB6tlOYyRQQYjAEdwoUMFQ
pLuRSHJEq0UkkBzgOPWqBOW8Xx3Wu4/f/L8AAAAA//8DAFBLAwQUAAYACAAAACEAcVEyoS8C
AABaBwAAEwAIAWRvY1Byb3BzL2N1c3RvbS54bWwgogQBKKAAAQAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0lc2O2jAUhfeV+g5XWTfkDyYEAdMZYDTTqoA6abeV
cQx48E9kO9BMVanv0Dfsk9QQGhGp3bTNzomjcz7f3Hs8vP7MGeyJ0lSKkRN0fAeIwDKjYjNy
PqR3bt8BbZDIEJOCjJySaOd6/PLFcKlkTpShRIOVEHrkbI3JB56n8ZZwpDt2W9idtVQcGfuo
Np5crykmU4kLToTxQt+/8nChjeRuXss5ld5gb/5WMpP4SKc/pmVuccfDs3gJa25oNnK+THuT
6bTn99xwlkzcwA9u3SRKYtfv+354G07ukpvZVwfy48ehAwJxe/RPN9m9xO/JnpLDpMSMPEyt
9t4MaHfs9uPEj+I4SIZe9Wbo/XL9R/+o9p+Tw4V75c3ygzZqfHKt1//JuVs7zzii7LFYPRFs
Gr7pErAURtFVYWwHaTAS3iKeI4ZaQerVSDeF2Up1AmsQvUGi0M+dJSX4mSi0ey0VEhvSwZK3
QnT1O6Ip1TlD5dz2TQOupoIKE1y4L5SBdNkKW1yzVX1jhzqVkunHrTyIhcBNuFYQbHxU02On
XhS8UY3J4h0EEfz49h0m0I3802rWCkZygZEh0zz4Ahu5IgpCP4hacQ9sqtZVkIrZhmwUYiY2
jOotSMFKWCi6oQKxAZxft4MUXCCtWEFyKnYNqCBux7jOU9sRGdHNPDlnxyvoukEP5nJPeLt/
pk5XS4NOkdIoQkoY2UleCLpD+AnB0k7P7o/R5h2vnepSHP8EAAD//wMAUEsDBBQABgAIAAAA
IQB0Pzl6wgAAACgBAAAeAAgBY3VzdG9tWG1sL19yZWxzL2l0ZW0xLnhtbC5yZWxzIKIEASig
AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhM/BigIxDAbgu+A7
lNydzngQkel4WRa8ibjgtXQyM8VpU5oo+vYWTyss7DEJ+f6k3T/CrO6Y2VM00FQ1KIyOeh9H
Az/n79UWFIuNvZ0pooEnMuy75aI94WylLPHkE6uiRDYwiaSd1uwmDJYrShjLZKAcrJQyjzpZ
d7Uj6nVdb3T+bUD3YapDbyAf+gbU+ZlK8v82DYN3+EXuFjDKHxHa3VgoXMJ8zJS4yDaPKAa8
YHi3mqrcC7pr9cd/3QsAAP//AwBQSwMEFAAGAAgAAAAhAE/LSwHhAAAAVQEAABgAKABjdXN0
b21YbWwvaXRlbVByb3BzMS54bWwgoiQAKKAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAnJDBasMwDIbvg76D0d21kwWTlThlaVLodWywq+s4iSG2g+2UjbF3n8NO3XEn8UlI
34+q44eZ0U35oJ3lkO0pIGWl67UdOby9nnEJKERhezE7qzhYB8d691D14dCLKEJ0Xl2iMig1
dKqXlsNX2XUFyxqGadYUuOhohp9OjydcsOcmb5u2POfsG1BS23QmcJhiXA6EBDkpI8LeLcqm
4eC8ETGhH4kbBi1V6+RqlI0kp5QRuSa9eTcz1Fue3+0XNYR73KKtXv/XctXXWbvRi2X6BFJX
5I9q47tX1D8AAAD//wMAUEsDBBQABgAIAAAAIQCpyFyqjAAAANoAAAATACgAY3VzdG9tWG1s
L2l0ZW0xLnhtbCCiJAAooCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACySbIK
zi8tSk4tVghOzUlNLklNCS6pzEm1VYpxDHDUiwj2UVIAC/gl5gIFgWJKChW5OXnFVkm2Shkl
JQVW+vrFyRmpuYnFevkFqXlAubT8otzEEiC3KF0/Py0tMznVJT+5NDc1r0TfyMDATD8pMykn
Mz+9KLEgoxJqGFWMsrPRh3vGjpcLAAAA//8DAFBLAwQUAAYACAAAACEAGakWDgsCAACiAwAA
EQAIAWRvY1Byb3BzL2NvcmUueG1sIKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAnFPLbtswELwX6D8sdI5N0rITV7AVtE5TFKmboHHQopeAJtcOa0kk
SMqPW/+hf9gvKSnbqhP01JtWOzuYnVmOLrdlAWu0TulqnLAuTQAroaWqluPkYXbdGSbgPK8k
L3SF42SHLrnMX78aCZMJbfHOaoPWK3QQmCqXCTNOnrw3GSFOPGHJXTcgqtBcaFtyH0q7JIaL
FV8i6VF6Tkr0XHLPSSTsmJYxOVBK0VKa2hYNgRQECyyx8o6wLiN/sR5t6f450HROkKXyOxN2
Osg95ZZi32zRW6da4Gaz6W7SRkbQz8i36af7ZtWOqqJXApN8JEXmlS8wf2uRO9ALEIWuJQhd
mtoHe8HVxmjrIfgCc7WEaMGItHORQYRZr20+C7uudFlXasXFDw53unCrPfgIiYGscLfRVrqc
XYzIaR25JDphlfEh6HxyOwWWwu+fv2AC/ZQ2X+8BrrXN4IaXhhf8DPodNoDPeo3lHC30KEsf
t5RS+XilRR2tj5Ixg1vh9QvEPV+jhPkOPs4eBiyEPGQXwD3QN9lgmLFz0BX0+oTRcAEsbbY+
1ReXKbjz03CIC4Xy3S7/gktencEHPrcKiwKbBV9g4pjFtYrHnPcaRFsGC5r8954GcSHRbJ//
sfM1nVzNrpM8Suow2un1Z3SY0TSj9HuU+Gw+Jrz/UR5E/jfjkSBvFD9/VfkfAAAA//8DAFBL
AwQUAAYACAAAACEAMfYI4vcDAACPEAAAEgAAAHdvcmQvZm9udFRhYmxlLnhtbNRXTW/jRBi+
I/EfLN+3HrtO40SbrtK0WTh0D7SI88SZJCM8M9aM3WzOHJG4ABIHuHIDIQG38m9gD6zQ/gXe
mbGTNBlv45ZdiVhN0teeN+PHz8fM02cvWebdEKmo4AM/PEK+R3gqppTPB/6n1+Mnie+pAvMp
zgQnA39FlP/s9MMPni77M8EL5cF4rvosHfiLosj7QaDSBWFYHYmccDg5E5LhAv6V84Bh+XmZ
P0kFy3FBJzSjxSqIEDrxqzbykC5iNqMpORdpyQgvzPhAkgw6Cq4WNFd1t+Uh3ZZCTnMpUqIU
3DPLbD+GKV+3CeO9RoymUigxK47gZgI7o0C3guEhMt9Y5nss7X8850LiSQbYLcPYP62A85Z9
jhkUrykjyntBlt4ngmFuLsgxF4qEcM0NzgY+iuA4Qceog2L4i+Bb7Ae6U7rAUpFifSGy5Rlm
NFvVVWn6mutzWqSLun6DJdUTs2MUncOJUk3QwL9ACEXD8di3lXDgj6DSTeKwqkQwKfvqVZXj
dQUYBBMzfcwloe0DFehTjTLzDCyF9hC5ouyqtEDgrHgBKNUz/uvnL//842s7332MQsAIATZh
fTgxSk5cGOGyEFXfwyCqbuR4A1GUJGNd3YUoBHYbYJsgimGQAfZwiEailJRITZsGwnQBiJ4h
jiZM3IowTEyJ5A44ZvQlmdr6QXSp0XmndPkMZKvtSjmR6FQPauvD3sCudCJbviudh9KiJgEw
Pqx+eZcWa6I4aZFsjTqcFlcrNhFZAw4dkIU2py7IJAIb6bbAob2F1Hhv9PE+gbi88i4pTxfC
YLHjIm9uf3pz+6v36ruvXn3/gwVh30y04fZANxqppNFwE6fhPkQ/KNq225PhqDs+H5/tkiaM
7vESCNOese3DSfO8zChz4fT377+9/vG2CaAz47bgXPXhpFMS2vJdWW3RiYviWpbkepWT/YRq
8JuKW3UY6Vjp2dns4VUL0Sky6GN0pkcdjtcIZ3QiqVNlERqbgNaBHQNr4N0JC4jf3O1dWNSS
KmVPtAjqu8zRYTIcrbm0cd4arSYk4Em2Zc4Q1g9ut4mQpodWT328exycC5b3kkCXOJuX3Hsu
igVNG3hxBrzQfNAv/e7Gwy2X9rzomZ8Zbi3gUO+82x09wFG0QlquTj4i2Q0paIq9TmdrVbuT
uBcX/40GjITh4VfaBzfQmQ/KG+66wdsjV0PW3j3PMGyO5i77fP3LN/988W0l570F/fEj7HOz
Kvkfuids2Uq5alBJbFyjA1p51DbnrbA0b3ssA1DtGdvbFbuC37jpfbmiW7VUzQgziBXciIz2
D70B1BvBdrmyFbePyhUUO3LlfiTuz5VqJ6hO/wUAAP//AwBQSwMEFAAGAAgAAAAhABegFk4C
AQAArAEAABQAAAB3b3JkL3dlYlNldHRpbmdzLnhtbIzQwUoDMRAG4LvgOyy5t9mVIrJ0tyBS
8SKC+gBpdnYbzGTCTGqsT2/aqiBeesskmY+Zf7n6QF+9A4uj0KlmXqsKgqXBhalTry/r2Y2q
JJkwGE8BOrUHUav+8mKZ2wybZ0ip/JSqKEFatJ3aphRbrcVuAY3MKUIojyMxmlRKnjQaftvF
mSWMJrmN8y7t9VVdX6tvhs9RaBydhTuyO4SQjv2awReRgmxdlB8tn6Nl4iEyWRAp+6A/eWhc
+GWaxT8InWUSGtO8LKNPE+kDVdqb+nhCryq07cMUiM3GlwRzs1B9iY9icug+YU18y5QFWB+u
jfeUnx7vS6H/ZNx/AQAA//8DAFBLAwQUAAYACAAAACEAaorkSkgjAACPIwEAGgAAAHdvcmQv
c3R5bGVzV2l0aEVmZmVjdHMueG1s7F1Lc9tKdt6nKv+BxVSlkkrpWqRE6pHRTFmyde3E1vhK
ujNLFUhCIsYgwAuAlu1dFpmpLLKdWSRZzG4WmWyySX5Papz8jJw+/UAD3Q10E02Z9lXdqisT
DfTjPL5z+nSf7p/87P0i7r0LszxKk5P+4Jvdfi9MpuksSu5O+t9fn+8c9nt5ESSzIE6T8KT/
Icz7P/vpn//ZT+6P8+JDHOY9qCDJj++X05P+vCiWx0+e5NN5uAjybxbRNEvz9Lb4ZpounqS3
t9E0fHKfZrMnw93BLv5rmaXTMM+htbMgeRfkfVbdQq0tXYYJtHWbZougyL9Js7sniyB7u1ru
QO3LoIgmURwVH6Du3TGvJj3pr7LkmHVoR3SIfHJMO8T+8C8yZRSadumXz9LpahEmBbb4JAtj
6EOa5PNoWQ5j3dpgiHPepXdNg3i3iPl798vBvtKeGLIND55lwT2woqxQqU5DjBn9aBFTOhD+
llyt1zjYbRoM4wipQvTBpgvVNnlPFkGUiGrWI41MXNCHLvL9bZaulqI7y6hbbS+Tt6IuopYO
Pdsdo+bJQ8udKlBU92oeLMN+bzE9fnmXpFkwiaFH94P9HpHI/k8BKmbp9Fl4G6ziIic/szcZ
+8l+4Z/zNCny3v1xkE+j6BogBGpZRFDhi6dJHvWhJAzy4mkeBXLhc/aMlM/Ji3Kh+HKaF1KF
p9Es6j8hjb4NswQ+fBfEJ/0hfZR/FA8G/MkZ6Rd9ib0VB8kdfxYmO99fyf076X+c75xdkEcT
aOqkH2Q7V09JZU9w8PyvRISlIAl9q0YxwBZAmiuKuEDP8PZVOn0bzq4KKDjpA2rjw+9fvsmi
NAMYPOkfHbGHV+EiehHNZiEBeP5iMo9m4S/nYfJ9Hs7K59+dI7yyGqfpKimAMOMD5GKcz56/
n4ZLAnPQXhIQDl2QDwCDwB5I7WCHVlHZG/qg1io+/IE3yaitbWUeBsQk9bD/D9HQkIxIGYBT
X/e6V7HfvYpR9yrAnHalxUH3KsAR6doL1Ij1mBols/A9Fb9qBQgjWpmln2gEqe0TjeCYPynS
qdqtvSOKXNp+kS+UXrV+oXSq9QtFeFu/0Mhq88A1ktn8gUYOmz/QSF3zBxoZM39wm6ZFkhZh
rwjfF6p8mz8MEvgM/U3nTwmUhplLY6SXbl9MAzQS9Ub2kMFWICook4W3YQZTEnAw6upvRZ61
vg+TGbJlrY+voyLG3jbaqUFHi8h8h96bIAvusmA57xH/qU6kJpt6tZoUdl1Fq7ta23ifp3Gc
3oezFx+WYRZHxHW1Z+VVkaVkStLiXwwpoq3dx+eL5TzIo7y9oY58Ow2AGOA/XTtq/DVxq3vf
ZtGstYuGHprV5U0cTMN5GgMulP1SSGn+/iLtXS2DKU4dW/jUUZReRXfzogcTDuINthJi7EwJ
Wv+rKEdNalTgsWEoZjLRyq1YODaIs7ny1+EsWi04aSwc5TG16A5srjWBXWwm0T5hkQocraMg
DLAZAnUY3IeA9Vv0n/oX7vUTHtv0n7oja9Zv0X/qvaxZP8pHM3+ps+NQ/zOI2PWs1OvAWXfP
0jjNblcx14FWeDhw1mDRhN0QnJVY1G8FEgfOGlyBz97T6RSCCjZy6syLEkcdWnFmRwmoDq04
M6UGewOHtpwZVGtr6NBWN6x1aMgZdC/DdxFZX3A1BojSwr9tVec9AwXABFlNOb5bwTSntZWh
AfNsW3mZQCQvD3t2re0ZNM+2NSZP1N458Lib4XNoqJsFdGiomyl0aMggH2afR9hE+0a6G0eH
tpxhWVgxFDtrK3PgjMyiIfS37BtyhmWt3bTwvwzaa5YF1W5atOLMINVuWrTizJ2aLRN206It
ZwbV2hJ206Itg9Uw80jGVJdBOdtNuSGXEfkBbwvS+QFvi4b8gLdFQ93Bu70Rf+Bt0ZYzNghM
lcHboiF8xWWqLxqSwduiIWds0II31tI8ufUA3hatODNIBW+LVpy5UwNUgXMWbeErLpJQa0tA
nUVbfsDboiE/4G3RkB/wtmjID3hbNOQHvC0a6g7e7Y34A2+LtpyxQWCqDN4WDTnDg2hIBm+L
hvAVF2zQgjdq/cbB26IVZwap4G3RijN3aoAqwNuiLWcG1doS4G3RFr7iIgysLRRul0H5AW+L
EfkBb4uG/IC3RUN+wNuioe7g3d6IP/C2aMsZGwSmyuBt0ZAzPIiGZPC2aMgZG7Tgjcq4cfC2
aMWZQSp4W7TizJ0aoAqcs2jLmUG1tgR4W7SF8tIZvC0awlfWbchlRH7A22JEfsDboiE/4G3R
UHfwbm/EH3hbtOWMDQJTZfC2aMgZHkRDMnhbNOSMDVrwRh3ZOHhbtOLMIBW8LVpx5k4NUAV4
W7TlzKBaWwLqLNryA94WDaFgdgZvi4bwlTUaQi1yYZMf8LYYkR/wtmioO3i3N+IPvC3acsYG
gakyeFs05AwPoiEZvC0acsYGsrcXtota72odGITAdp8B39Vg3eDQwCTbBtkAL+Xd4Y12aa9j
g3yEDi0axMN2iKdp+rZnt5l8zyAg1k1FkzhKcRv5B9ylI2Vu7R005JJc//ys94LmZinfoUhV
d95A+pucyUYy8DCLGPpZwObwk/6S72YntUGWG0kZZNlp+OJLyFVjGWfkY5KCBi9iZh57jOu2
rFX8N6Q2z/g7u7v758O9Z+d0RJBzRyopgglmJcJf/l4c3hakB8sUUiMPjvbp+6YXBoMjts/e
+Mbo8LCljqPDEXkDKMT7k0Ja9i1snH+zSqYF79kurSZYFSnZch0+e24suaiXzH61yotLsoP6
ZVKShFaY0/3b8MkkhBRrYMVgyNoiuSlP4+guIcnOvM5JkIewlT9kfWakhMROQtGsksp50r+O
FpAofhHe9y7TRYD7wHgq50n/dRDfrZLet2kxj6aE6JjFqf1oCtyo14U8ltM4Wa+lNE7Gvvyj
lMbJ3qqlcX57SjpQ9o1mdlK24NiAPSiHLZIrZJXpxgDzJ2VpLRMacQCEnLOfi1RUWZYTID+n
uvycJFLw57yZs3mQUX46acDbMFxeQDOMluHyFXA2x19cGCXJnsYhtAJNG7Wj+oZWPWqv6PSj
9gpTENQPPu6Knh6OUAslDVKFeg9SAnBckJwHlZDvT/r7Q3RT55DSC1kF9De+lK4KIuOv3sW8
QfwaWjDIeyk5r696r6NkOk9pcxOoDz7rIkNDowyxlOSaDHGZoB1wkKLhmlKUrBZU/aO4JBhn
iShsFSgbNg73u7GR96rKxkmdy13YtWdk1x4TiarKr82uPRt2nR7s7T1lDbNBC47I7EJRAkEV
hV7YNWjXOjIIQPfBAc6vbFSRdxWHA11eB5fp6QQ6XGY2w5dO7dswSeObCD7ITEI+rsMkM3YO
dsEh54DP1aCCrqOjUd1BWRNDefe7MG5k1C7sJHgxWu1iXHUAw5FPxmHzTozT8qVqGDljGpg7
BK2iBoir85qs4wPowrqxkXXjJmB0Z914TdZxGsFfrglVinOmACf5uzI9B8SZgS8FiOEDg0PB
daoLRenpHDoUY1M3vTIwcjsow8GmKMplWKKo6nthf+GNLqQ6NAofm5/5ItXhZyUVV/cupDoy
koodLuGLVEeflVTI93apmoJ/EkzZMQiGwARLyRcZS5iQXw9TGPL2ER7Kk0U48DCjXEa26HuV
jEuK7Ab3BwCKHkZg6PM1KW+MqPTwFQrNagfhlCHsUlsPASonMYu3TOKXOPu6Z8cM0dDP7H1A
q4IXz8I4fh1kGJ1Jl0AMw6vEQ6Glg13E3FpVk7Qo0oX5+wzTybF6XQUEjqTO0J9kEPAvA73B
YZuEGUtON9D8IiVxZkW9IIsenxtEwZbS5r5VgmuVEAWc7lGXUxKggMfYmZqmN0UhwqzU5upy
DNbUGoxbns6Q7YJzGNsjBwSyMzU+nvRpwJxEv1hocEoyf+GULQiKkQ4DBXg13D7DX65SJOeV
nmaC8Yv9wYjNi6R3UC6IDcdXDvfgREFaL68vT4LldYpRfBZ+ZBPSX01r7bD+sMAY/VPGpgbM
7MixKfoMBtEy/axA0hRCe+niihwQVo+XkpklY0udybSoV7KsxmktoiEj69EnLipmBuNoQG/E
8Wpdxq4X5XN6UE19lOz8Gux3bYAmUaY1lXRZR5S5rEhytUnZI1L/GaVMolid/rSoq5TRWigg
PZCUuWgYINQA5aU+ehbY6Q26EoBVxFyCVhK4BeFFuBLga40A/ASVawvC8I4so7FOE8uGnljG
ArTbxbIvj1k00mli1p4nZjFvoMosOX7KDNmjfh23OB0AiTTuaWLZvieWsdhQlWVyNPWRZXzq
2s4yGvE0sWzkiWUsTPvIMnDYCa1xOga2l05gHa0YjXSaWDb2xDIWL3xkmQ+W0VCqiWUHnljG
4r+PLPPBMhrSNbHs0BPLWEDgkWU+WEZDyyaWHXliGQuBPrKsE8ueLpcQL1XikPD4hjzHCaYP
Eq85u/UXj4MRZYaBkueOAzXsifPY3azQ8iUrvja+ZIWWLzDQbeQLDV0GtxDMxmOctcEn+tIN
vnWDr0mYJ8dw67W5imG5862+QROcWoOMysHgIZvD+duQaetDX4ZTnXzD43Xk2zhUEiHzp5SX
Ya7vdL5Op/HGFXVr7fqhQH8DvSbrk7dZ+INiGLDkBov8QCZsGsKKcDUJxo4rT9KakqflmKcJ
7LhgsVx1TyeW8i31vWHvrz799jd/+uPv/prqY231gkeEUfWx77JKVxpiy1M+DGip6uUm1/VF
Bah+Rrcaf0EBSZm06kbPKg/3ajw0sQiO+nSUYx0jsAoqx+VKmyW4vk13/v6SdMKf+i7ud+aw
/AhjDhUFlsscR25AWX/9DpbLOIRb4hLIwSjC2Q7ZSa6OQP9W41igi4adA7b2ijaKlZBuJQpd
lRc23CFyk0F4BikB9XkWFvRICfZAFnwscpV3ZqZehPG7sIimQW800iWUXEWLqxUmmTBXX/MB
7VD1Di9I/oDH/mSIpqjxjDg1BaSWo2e7rhd57WReqB0jz5BA9tZi4wrJrs0gcqN1dOVrNQwu
rlSF6/CY5CmpShICG7KYlE8MlJJ9YfPGCJI+V7l3rkPCki3enKULkvhlpDwrx4tDDJSXqrCk
/IaGiahJcgjVK2nq4KW+YacSFe/xcHd395DZ9RV3KdlmJnc1Fr1n9LwUya/1zgfl9VAwdWX3
J9n1v/QaBizgX9mbhM8cMVL0+zm9Vsncb/XeJbtOi7VYo3YRO45JjIILK7iMKJ9m0bJYA/bF
kMiuFHJVlHlMt/yOL1dOtA8KdqdF7DJGnKwIhvFBrrWVTIytvK+pLl9lCfLHvC201YJU1AW0
Zff8nELEWupS2RbWsNSJHvpFSq+/qg8OC29gN+ZfBovl3/boSzjO2vRL3jxm2kVvJgDbrNWQ
e6mmL+5zMLHaZjjBTpcKPeR7nVtmstZUXMKVzLPovZGQrNyGlhWOYL9dKWr2rK3HkxUXqeLF
PoX4Hzz+EgUAruGjU+sNykAGF+vS27gUPQLC8bKNUW/rdSQrDCgD1NkmaBEptVsBLWdwS56i
ifhwY5LkBMTajFZ2UAQAUXUjrt2MzRqlri7UKdvTq4tv2KStwUi1GiPdluUtzfYfwaXUKAvS
9upKwupgABcCNb9xsMtoZqpjOByz9XjjG4dwqWljK3v7u2z/p6mOvaMxW0I2vbE/2mO+nemN
0WBXTWOo0AMIhjMREE+oBE88UcGTv1EVYOGJsnnwWbrKIrgrEk70wERHcu36SV9+SrUU/y/Z
HjYTqk3u9Henw7ft0wxbnYGQwVJj2snjL9W2T5C4D2DhCZH0JgzJ92jDTHk3IeSCxeE7dY1H
FFAtqWaqs8LWCBzT0EriMTmHiKzE8INM9o7WSQRtmDeJztV9PVGgG5I8T2o1QSom8TmPPFRi
auWR1kxv97kAG5C6uCMKdCNlhQzvW8cqj4gniXPvofsQzqO7VaYuWrDHuu7LjHKdfgmnx8mP
Il4n8BH3J0hHTjX5oN0J8/yHFV6drjiYoqCNOK2c5RZWMtfVMwR0h4pV39jgsUn1NLRDcdRX
mSZZTYE8Gu+hiwLEp0PzJ6ac6HF4B9EEI09uWPlXzpoq2QeHA/RhBdlhmUA5qE2HjwNyWpYM
kPgAaOePbxRHLtLTS4VntAg8qxsobGPYwwANiZw5Ag1LwIXtSzSMAqTzFDij9DEIPCOeL3Fv
gOOtA6lGMQeMKhlIAYsLs+BUOdewjXzbziC4tOs9YSHwDxczfiWO6FMRYQ2rKkhI5hX+JP2a
bN9CmmlgAgtpEGx7gEKWMnEEZpM/siHKUZEykY4JHBabaFehPaJwZ6gFBcSFJjaRLyWPOXBs
fYLrJfzFxSQyW8B/wPeac14bJhznUZYXLPO7PueQy9qMzJfnsAHtOD5XDoLFkUrHv9Z+X9Df
laNe8VHJqwk74JWfoVjAngrlfFdp32M1FiRBrOVasBvE3kfFHM5+asRZ9s5DxM89w2x3jYDF
NnVOhw+RzV2iv6qIUNfSozrjAR3fvVE9Riy4gZLOo+BaA385XFUnVp916lUJyR7tqjHs6gTg
8OBQDQ1XX1GmZro5gj6uS2OIpUYPMXAB7Pbl56bZIlDXcc7pYx2nYR2jNfKFnYNtw5y7fGye
Oq1kQtTtDn1BzqloFVqT4ZW3RNbbhehqRituNV6q4rJzjrnmCh+lGsm/nocLOC5oESVp9oIE
8YmHXe5p02Ry4I5K9TNkpbx/m0XA5K1DvoWLbX6fKFjCCm4ma7OlleCVSZVKfbY6qFCf6Js/
7WLjjIwEiLaOAH5XQt8E2g0b5PF2reqAVjEHmcdqrCYUD7C4Q2gF+9IUEUIakgIdSFOkokUm
ZHNTIaJPjZ6WDd1AszrONsio9Y4n0oMWuVMEeS997Jk2lRD60IZSwhwQQAKqiSPZfO8QI7l1
gcZfxeQ6UvB5ibl1riKIMO9TiRDU3QNKKfaEwGmFfZ79t+9WYU72l2p5yAtvsFTHSM59LFOB
wlYtuus176pmCwAvMhkMGAPf/KeOgIqvSZ2795s2Xvc/ifLwPjVM91y7u94CHne+q0GCB8AV
7cIDJY0pIPbwdsttv+4D2Hsu7lrq8cKGhRuUSL6o4yphXhRC560Qtrs6K/BNCVwmFbbRCQ7Y
WxNvADLzPpVGhC35mqwIfONp+syFSMcnXmZkFjBF8FGWLv5hO8e8yJjeByRSJnlxTtBra+ts
BE6db4pbjaz4vWlw5szSU5GXNpASCC3RWScHQkhMiutDDJZat+cyhPNoTK5rBVTkjteDO5v3
HOBckPfqGeOX4e0NFuj8Ndk+mggrBFTeu7Tx3VjQbb004XgiuOqSEtRSJ0l1hDpIhNaRqvrm
ZtaJvvnDV5A/jRtLpNLgE4JM8hJVIptJ4EWLtK4G7a/JUcMuf04vQ3tAE+lzZgiJQI9FkUxl
+KYEC5OkeSGzST+WawEt9FuMZ5Pdzg0YC8fYfAEYm2s1Md9STYTeajZhwElC2+zv50QM1Rlw
voYmUllrxHwfmggRE2KPdH2WvJqapQL8kAqrCIIk2HC3r0j7aaKRZ1ZikmnZZ5C7LT83AYjw
JSrLKW2x4OpOPqdw5wNMsBm51AwtTsf2LK21ychnfds4E1WdqDE/lch60uLPiWLMUFMzOJfY
+mVNS2Wh/pFwyS0t1O/6HmOGHk85pyTYdOLWZmfkVZDarkWZa2KfVNHHxz294GMZQy5Xwe9u
U68g3VBz+hZ7jJZxs6xXweuwuui2i2Hw+2NrKKus2ng+luFqGU6jIDbsmmSlPVbcRr1W2711
Rgejn3xvUGW71ReTMgzXYaqpy+vu+pKlEm5Vm5MpP+hkdcGmXAKmp/74M7XX9IJBCtN1pxgL
wbVce9s8VkAOmWgOZIjhOnmaJKxabt34nJvBy2HqKVhSwAkI1yFawXLH4S9Xsm3dXjk8VLXI
DRDYXfRmSLE4ZGCfH+cmUazSi4GPYwhGI2a5Ta0M2w8qgIxDKhGmOiyOMhgfthxUwA87AISB
ZgzHEMCsrlQ8pyneBA1aCWe+dx1eEzgzZG5h2Y8kT7EiwY+KdlsQgcXbQr8IRcPZz0mfpoA0
eAMbUR9tHJIqj3vKKH6H3gVfMGh1WStOgOrbjzqYfe+pojg8XQyU0ksE6S3tvn9qyUht5SKB
tHXcpslmo4orROa1PX18TZ4ruk5ghfNYfDmuz5ZNdRqNfTVb1bChjPuabKK9GT3TLplTRSvX
ixs0rRV5viAJerTpX5pNn5R5naXz/OAWHg/yZKkpkKVfB2ksLu+3oPONmkqxrxmSyzlSlcot
Z6/yRhUCi0AbcUCSgMkycGcMkdBrKgDJPG2Uo4sJp3EwfatQiZb1/qZHi7++IJ1kEDaU3cwM
BcFtY3Lz/TFkGoN8ha/exRUDA92rxsdE3pw5O45NPM9yXhNf32o57u5Xwc7fvSGy7E+0ZDWB
a0WadZAdG1jTQbkKetjG/bHsOOnKTZqqvVFZvp6X0RrOS6MX2EdxyQ+e0lAWJjOgMJl/nvQN
+mxmHx5gqOYvEkwg+Y/akmleSHmSp9GM59WVrGbCZpUBKc7wL0XJ4eKVZZAFd1mwnBMcazg4
QebPfosEsChZgwS0303TxELkP/BEsLDVDWqNux0dHHLB4JVZ4DyXC/jbcQry9u4tTL3iKFe3
WEpFXx9umyOhZcaxjiEslC4Mb/l2K86eBgWcZ+gXIJ+Ft8EqVnnHnyPjWr35+2iW3p+lSZGl
VfMB6Z6rIr0idwY9e87NAcOIsuSiXlI5tKNSyAVXJO4Je8ROZH2awYofgYQSVEzZ2yd98TK5
LYH+wAErZ/HzZU0Z19gwpAgrg49Krjd7xkxf2akNGLvrn58Jh7Fu6aCM+5r6uID4EgkgGzh5
r0erJGzIh2G7CIiHctIfHowJg8mPy1UMD/gRLffHMvRhPOaWHJvzCj9j/HL2g3ApoFXuqtfb
ULxj17lVpGlvPDqHw0nxBUl02OHKFdFhz1q8pg2YzFeA5pDnS82ruj+CFPekcjrY6uGtTkLD
cRL+cmX/vCtpwG3epw0JtBwsHAK6MHm2Fu4D7oo2inOr1MJB8tEkq512oVwbxt+qCy1baKsI
LXvWIrQf5ztnF34t2WX4Lsph56a64bAswQGYMYydp1I3KRr7UeJ4Ve+BjeyqNc1Hxit53K0K
w7IalTvcgWXrTVegQSV1FRr0luYRGqK7efEymVF1Uk4xfYQG/9AwPTt7eX2tzP5gs/kNltz8
BbXItZmfk6hWFtOqe7e5MdlGA6cu+yG4KKZjAuIKDz3F/PgporiCpQZmxDGiWN7KG9VdXWtT
K/ET2TVBilZW12as1vfUOUppNpiNRQjwS9lriPOpSRf0KTYHfvNb7mbhY3EvqdkysrmpKisa
QhjjxnW7qrmNFPql0Ki0qZoP6IiUqyC9yupZGqfZ7Somxm3n6ZQkkA9U08ff6qEN3OnRF3vw
JmVyB/+YzmrEVIachwbzVeY2isewiYE6hYrqVhw0nJD6U+TTdPZBwVV82HnYDVGFrQNUcziI
oynvspcJxZpev6JbyCPZ/ay67+X7G3DYX4ezaLUg2jJkWrWvahV9ierUsCe0Ct7sLF5yrIBN
px5UcwJFbf7v93/406//8X//4zef/u33n/7lv/7nH/65+yi52G2N62HWlBK+eKdlFpFSYgr4
lS7l22icgHUdI9lL1Q2BR53FjI9laxgAlOJ98oJFeRIsr9Nvs4isRsmHYnsFKdWGieUjbDNM
dh7g+qyXyW06S6eK5vLnX5+0mNV1wPZzS/Kk+odMgWRFxu9kTeYVQVNNa9QKOAt/sjRTr696
r6NkOsdbSuEDl9kKwge5EpuYJBHeVFiN7l1Z3MZx9UZgfhnfD3j6b4EVtHreMgFNxkpDj3Ka
sS4xYOHgQKFBkU577MDmhhmzOiujaNo62C/J8ZOk3w+aKjNPRYWY/z9mYWNc/x8MYa8uipK6
gWdtveKXHMKEZ5V9INZXp2lEldm9h+xF7IfGq5TWO8QKSLl1YMO7RIR6g0Sr+wCIROtX/+UY
kEmiNUrOEkhaZZ2b4m10D0rQYSK3J4tcDYZAEWwcMMGGl8ksfK8uLkGb4XtD8q0NK1oJXg4K
ptCHfEeGiw8phgCSdKjFRrZy94iNnj1Na2w8kAV1sE/ve9Xlfz5iI4F1IdGolOpVj1Qp2e61
TUi1rJSjMb9OZV2lVFGFwDsLbazR/R8LvA9krWHnXQCsr8uGIy02MsO4Bhtaof3Rb7wDZea7
301+46HM5cFYTSrlAfxHbFSxUY1QUmxsj0eafEeTVLv6U+CMjLQKx25lf1S4z+WM7MsKR85L
eZynocMBWKW5A0/4ImfpYgETymtyPml9O2OQJGmBVxf3SMyoNUorr3lK9drcLKTdFKTdHs8n
x3Lh8yAvnuZRgKFr54317nNodHIAOloCX1NYQgymRZiRfjVsnicEUiHv0z/996f//MOn3/7m
T3/8XY++giJdgxi2h1jEys5hgzDllOpQHTG3IA8X0YtoNgsTrNEEjurSOotVaLZdcbac9L/G
vVpCXQD/VU4Rv3d906Syid59DdTPpWj/riaDZevCGoA15e7SypkN4gxj6QVxxFAMJ+qE2Ul/
lpbnGhyNh3xPMB1mBx9ZnWsRlq0/0/qaWAZk5WJUzg8J3JSbH2jyE+NgBzaMFQtD2MAOcKnB
mpco1ONUxWaqMpI9p8Hu6NF1YrGaFtfpNIjjNE20rhMr62GhzmzL8i37TVKlRAmpJW81BIYl
Qa6rRkNustXV59j/Ri+Jnzklrx/bXok+dfGS1N0DzE36/a/BU/r0r//+6ClJ96uZ2aIs6/va
1S48JXLgI0wfQq163LLCpnkFv65N1g65Ugf12PJ9wmavaTjCuILWRsPCCpQCRonNOuXbLcFE
W5VTyF2fIfIXEOdQ9bSTRPMcxcTcNtzTzhdP+j+GiUmFeULdriArFNJW6wxijxHBVa+VHrd1
f2y3SYLRfELNGabdgWC2zIErKS+itxeYrRppOgyHc17RBSgqAmqn2UzL3OfReDDm2z9QEUoP
V5p8VGYnuju6Ky/AWYWsXVMVg9EhW5A0vnF0WNfmymYGUGV5Y1eZueslpxeIoNv3Q9xuUEK8
0KbVXWhWL7EriGAS3aug+WCb87OAc3CVAnRfCOo1eUJ23SmahSU9LNL5d1gsO3lVH258cHAu
pvn0FAqxscgcZPFOVebqy26b2N3O1L2YxLR/8I+XeBbG/UkfN4nSsOLsfUA1FcpP0wzm8XjI
ZpEuuTznoOeMrB9h+zzSF1QcUoqxGkzcldOLieKt+y2sqhTpYt2vMSCx7scRHOgxC190+/wX
631OHIQq+SfxWRjHr4OMWATKDAPfGLmhdLB7SJhT46sgqeF7TjRDBbRrojP0J5Eo+BeqGekg
/kM0rbcZZ8GS3BmiKCKczYbPdVooK6BpaUi1MHtsMWeVzIGjv5yHyfd5SBMJzVZneD44O2U2
glkd3awMBskOwySZJdBnIAN7nSkcvWU30qW1D873jw6eIY/IETGYDHPSJ7jOlt3LvV9m1x8a
bLHZAgYbYtZv4iBKEOTU4BqW9ShA6oNsCjqqTNhnX1ZxU6ayjExXxYc4vEzvT4NkdhV9DLka
caM9ifENoJj5jTZ0EzK8pQqFGIDDfJMJXcLEJSAMqg2TMNmDg4WJYEnS8bhYYC1vMtSmYsqg
fyohu8ADdFbswP3gnPynE9yBeHgdJXDEEl0oh84UZZv4i0EGMJ0NEYFN/BIDjmEtyOt4JUuW
RDFT2XV7h+wAKfTHDg6/28sNr8OVnYPu7JgAXAx+EWZ07RMBpSL4+VykW4izMqYkUZH5KyB1
t1Ecn/TPh+Q/Icvn+HACZ+3dZekK2qiUXM1huYN8I4TJVrixvy/S7CPKz/b3NwkJaBo6K+kQ
hKMkp687X5N723Yr6uPUMKBSTqxOi//SYEOfpVM4o2wC68OkjiRYCLNVlqA4NqyNyAEU8ZUp
NDbaH5+dMp+fOR3lRnakBJPIqkcykcyDedSVuITNqLGXxpF3jSYJYpAh1ddSZUIwo2gx/fK7
xk2oen8sh9XFbIx7L3yzvjo/6xK/5SzMf/r/AgAAAP//AwBQSwMEFAAGAAgAAAAhAOlEnCwk
AgAAlQQAABAACAFkb2NQcm9wcy9hcHAueG1sIKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAApFTLbtswELwX6D8IOrUHm3YiG4mxZlA4KBKgaQxYTs4s
tbKJUiRB0kbcY/+t/9WVZCtyW/TQ6rQvzQ6HI8HNS6WTPfqgrJmn4+EoTdBIWyizmafr/OPg
Kk1CFKYQ2hqcpwcM6Q1/+waW3jr0UWFICMKEebqN0c0YC3KLlQhDahvqlNZXIlLqN8yWpZJ4
a+WuQhPZxWg0ZfgS0RRYDFwHmLaIs338V9DCyppfeMoPjghzyLFyWkTkn2s6eljYWAHrqpDb
KHSuKuQjKncJLMUGA78E1gbwbH0R+NV0AqwNYbEVXshICvJsenkNrFeAD85pJUUkcfmDkt4G
W8bksZEhqQGA9UeApFmh3HkVDzwD1k/hkzJE5XoKrI2ImxcbL9yWNhOfXgorKTQuSAFeCh0Q
2GsB7lDUt7sUiijDPs72KKP1SVDf6H6zNPkiAta6zdO98EqYSPrVY23SxNqF6HmuoiZs6rV5
E/bH+rHK+LgZoOCvg0fsQ9z9+P7/4DW79oC09fzoDf3wWJJw8Q9KXPSVaEi1OvTOegzPBej1
u8W/rHoQhnzl+X2+HuTATiksbOWEOfB7Q34yjW2ETnLUKG1V7czRSsnakKGSd/T6e/Lb8aXa
IF/D2uX2tjb68eLPiz23Pqu4XTkhyVOTbHLm214LVmRvLMiIJ8DXAtyRSbyut5LnzQaL08zv
jfpLeGr/MnycDUf0NNY/1ci+3efPfwIAAP//AwBQSwECLQAUAAYACAAAACEAZsmVw/ABAADO
CQAAEwAAAAAAAAAAAAAAAAAAAAAAW0NvbnRlbnRfVHlwZXNdLnhtbFBLAQItABQABgAIAAAA
IQCZVX4FBAEAAOECAAALAAAAAAAAAAAAAAAAACkEAABfcmVscy8ucmVsc1BLAQItABQABgAI
AAAAIQBEht4vAgIAAL8IAAAcAAAAAAAAAAAAAAAAAF4HAAB3b3JkL19yZWxzL2RvY3VtZW50
LnhtbC5yZWxzUEsBAi0AFAAGAAgAAAAhAHevV42vGwAAKKAAABEAAAAAAAAAAAAAAAAAogoA
AHdvcmQvZG9jdW1lbnQueG1sUEsBAi0AFAAGAAgAAAAhAB7uPuPnAQAAqQUAABAAAAAAAAAA
AAAAAAAAgCYAAHdvcmQvZm9vdGVyMS54bWxQSwECLQAUAAYACAAAACEAOvu3da0CAACGCQAA
EAAAAAAAAAAAAAAAAACVKAAAd29yZC9oZWFkZXIxLnhtbFBLAQItABQABgAIAAAAIQDJOT8x
7AEAAAoGAAARAAAAAAAAAAAAAAAAAHArAAB3b3JkL2VuZG5vdGVzLnhtbFBLAQItABQABgAI
AAAAIQCotspz/wYAAP01AAAQAAAAAAAAAAAAAAAAAIstAAB3b3JkL2Zvb3RlcjIueG1sUEsB
Ai0AFAAGAAgAAAAhAIN4xkHtAQAAEAYAABIAAAAAAAAAAAAAAAAAuDQAAHdvcmQvZm9vdG5v
dGVzLnhtbFBLAQItAAoAAAAAAAAAIQDbr6KLQxcAAEMXAAAVAAAAAAAAAAAAAAAAANU2AAB3
b3JkL21lZGlhL2ltYWdlMS5wbmdQSwECLQAUAAYACAAAACEA6WxOjbQGAACrGwAAFQAAAAAA
AAAAAAAAAABLTgAAd29yZC90aGVtZS90aGVtZTEueG1sUEsBAi0AFAAGAAgAAAAhALslw5Yg
CgAAsyQAABEAAAAAAAAAAAAAAAAAMlUAAHdvcmQvc2V0dGluZ3MueG1sUEsBAi0AFAAGAAgA
AAAhAC9ojQ2/IgAAniABAA8AAAAAAAAAAAAAAAAAgV8AAHdvcmQvc3R5bGVzLnhtbFBLAQIt
ABQABgAIAAAAIQArMumHux8AAPKiAQASAAAAAAAAAAAAAAAAAG2CAAB3b3JkL251bWJlcmlu
Zy54bWxQSwECLQAUAAYACAAAACEAcVEyoS8CAABaBwAAEwAAAAAAAAAAAAAAAABYogAAZG9j
UHJvcHMvY3VzdG9tLnhtbFBLAQItABQABgAIAAAAIQB0Pzl6wgAAACgBAAAeAAAAAAAAAAAA
AAAAAMClAABjdXN0b21YbWwvX3JlbHMvaXRlbTEueG1sLnJlbHNQSwECLQAUAAYACAAAACEA
T8tLAeEAAABVAQAAGAAAAAAAAAAAAAAAAADGpwAAY3VzdG9tWG1sL2l0ZW1Qcm9wczEueG1s
UEsBAi0AFAAGAAgAAAAhAKnIXKqMAAAA2gAAABMAAAAAAAAAAAAAAAAABakAAGN1c3RvbVht
bC9pdGVtMS54bWxQSwECLQAUAAYACAAAACEAGakWDgsCAACiAwAAEQAAAAAAAAAAAAAAAADq
qQAAZG9jUHJvcHMvY29yZS54bWxQSwECLQAUAAYACAAAACEAMfYI4vcDAACPEAAAEgAAAAAA
AAAAAAAAAAAsrQAAd29yZC9mb250VGFibGUueG1sUEsBAi0AFAAGAAgAAAAhABegFk4CAQAA
rAEAABQAAAAAAAAAAAAAAAAAU7EAAHdvcmQvd2ViU2V0dGluZ3MueG1sUEsBAi0AFAAGAAgA
AAAhAGqK5EpIIwAAjyMBABoAAAAAAAAAAAAAAAAAh7IAAHdvcmQvc3R5bGVzV2l0aEVmZmVj
dHMueG1sUEsBAi0AFAAGAAgAAAAhAOlEnCwkAgAAlQQAABAAAAAAAAAAAAAAAAAAB9YAAGRv
Y1Byb3BzL2FwcC54bWxQSwUGAAAAABcAFwDZBQAAYdkAAAAA
--------------030709060406040307040302--

From kathleen.moriarty@emc.com  Fri Oct 25 07:47:51 2013
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 421A211E81A1 for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 07:47:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.724
X-Spam-Level: 
X-Spam-Status: No, score=-2.724 tagged_above=-999 required=5 tests=[AWL=-0.125, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USxcg6IHa8y3 for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 07:47:47 -0700 (PDT)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id 09F1F11E81B0 for <perpass@ietf.org>; Fri, 25 Oct 2013 07:47:42 -0700 (PDT)
Received: from maildlpprd01.lss.emc.com (maildlpprd01.lss.emc.com [10.253.24.33]) by mailuogwprd01.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9PElIIr005010 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 25 Oct 2013 10:47:19 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd01.lss.emc.com r9PElIIr005010
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1382712439; bh=2gI6LVcfBX27CPYbXiQhkXkc2wM=; h=From:To:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=R44oq/lqkIkSzxvR0qVbWWzy7YfVe4BZPdPoWobGM7bNrlGRXSfaPCREWJA4Ph6hi pFLwPY6bMK8jj3rdepdewiZYi2+zzFAP9sA+NhyWzhNy0sadb/rTIgFVCWRD6Gp8AB Le6em3M8csmhkBkfe1JiZ9DsxQzvCzRnfMqtFqJo=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd01.lss.emc.com r9PElIIr005010
Received: from mailusrhubprd54.lss.emc.com (mailusrhubprd54.lss.emc.com [10.106.48.19]) by maildlpprd01.lss.emc.com (RSA Interceptor); Fri, 25 Oct 2013 10:47:04 -0400
Received: from mxhub05.corp.emc.com (mxhub05.corp.emc.com [128.222.70.202]) by mailusrhubprd54.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id r9PEkjlO007544 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 25 Oct 2013 10:47:04 -0400
Received: from mx15a.corp.emc.com ([169.254.1.46]) by mxhub05.corp.emc.com ([128.222.70.202]) with mapi; Fri, 25 Oct 2013 10:46:49 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Joseph Lorenzo Hall <joe@cdt.org>, Stephen Kent <kent@bbn.com>, perpass <perpass@ietf.org>
Date: Fri, 25 Oct 2013 10:46:48 -0400
Thread-Topic: [perpass] Standards in the age of pervasive suspicion
Thread-Index: Ac7Rjs4JDr2pSjtFSOW7qjwCBTt7NwAATs0w
Message-ID: <F5063677821E3B4F81ACFB7905573F24049EA32D16@MX15A.corp.emc.com>
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com> <5265FB71.1020408@cisco.com>	<526617D2.5060903@gmx.net> <6.2.5.6.2.20131021232826.0dbc9530@resistor.net>	<5267E076.5010700@bbn.com> <21D6C0EE-0C10-4DC9-ADD6-A6CFA212D163@icsi	<526815F0.8020100@cdt.org> <526A24AD.8000107@gmx.net> <F5063677821E3B4F81ACFB7905573F24049EA32CF5@MX15A.corp.emc.com> <526A80AA.3080504@gmx.net>
In-Reply-To: <526A80AA.3080504@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd54.lss.emc.com
X-RSA-Classifications: public
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 14:47:51 -0000

Hi Hannes,

Good point, the comments as an expert reviewer were not published, nor was =
the response.  However in the development of the framework from the Cyber S=
ecurity Executive order, NIST did publish all of the contributions.  I was =
heavily involved in that for EMC, although I did not have time to attend th=
e workshops that followed.

Responses, I believe, just go directly to the submitter.  We, as a company,=
 have had comments rejected (different document) and have submitted them ag=
ain for subsequent revisions of the documents.  The explanations were reaso=
nable, although we didn't necessarily agree and the instance I am referring=
 to is not something that would cause a security concern.

The IETF's level of transparency exceeds many other standards development o=
rganizations.

Thanks,
Kathleen

-----Original Message-----
From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]=20
Sent: Friday, October 25, 2013 10:31 AM
To: Moriarty, Kathleen; Joseph Lorenzo Hall; Stephen Kent; perpass
Subject: Re: [perpass] Standards in the age of pervasive suspicion

Hi Kathleen,

in my mail below I had shared one example of how the process in other parts=
 of the world look like and actually defended NIST to a certain extend.

However, I had some experience with NIST myself, for example with the NSTIC=
 work. I am sure there are other on the list who have had experience with o=
ther initiatives, such as the SmartGrid.

Take your experience described below and compare it with the IETF. Have you=
r comments been published somewhere and are they accessible to the public? =
What is the decision process for incorporating comments from different sour=
ces? What is the dispute resolution process?

Ciao
Hannes

On 10/25/2013 03:51 PM, Moriarty, Kathleen wrote:
> As the final expert reviewer on a fairly recent NIST publication=20
> (about 1 year ago), I will attest to their good practices.  They do=20
> work on standards collaboratively, take open calls for feedback and=20
> then provide responses to those who comment.
>
> I wound up reading the document 5 different times, providing feedback=20
> in each instance that was typically accepted and all responses were=20
> reasonable.  They do make an effort to find an expert in the area of=20
> the standard publication as well.
>
> I did not read the full thread, so sorry if any of this was=20
> out-of-context, but I thought the first-hand experience and their use=20
> of a final external reviewer might be helpful for some to understand.
>
> Best regards, Kathleen
>
> -----Original Message----- From: perpass-bounces@ietf.org=20
> [mailto:perpass-bounces@ietf.org] On Behalf Of Hannes Tschofenig
> Sent: Friday, October 25, 2013 3:59 AM To: Joseph Lorenzo Hall;=20
> Stephen Kent; perpass Subject: Re: [perpass] Standards in the age of=20
> pervasive suspicion
>
> On 10/23/2013 08:31 PM, Joseph Lorenzo Hall wrote:
>> NIST appears to have learned from this that the standardization=20
>> process has to be equally as transparent as the=20
>> competition/cryptanalysis process. That's a very good thing.
>
> There is still something to learn for NIST when it comes to good=20
> standardization principles, such as those outlined by OpenStand=20
> http://open-stand.org/principles/
>
> I am sure you have seen the related post from the IAB on this topic:
> http://www.iab.org/2013/10/23/comments-from-the-iab-on-nist-sp-800-90a
> -proceeding/
>
>  But it would be unfair to just complain about NIST when many other=20
> government bodies aren't any better. I will share one story I=20
> experienced recently with the European Commission (EC) created Network=20
> and Information Security (NIS) platform. This group was created in=20
> response to the proposed regulation on CyberSecurity by the EC.
>
> The responsible persons from the EC decided to organize a f2f meeting=20
> early June to get their work started. Around 150 persons from all=20
> sectors in the industry showed up to the meeting (mostly from bigger=20
> cooperations who have public policy people in Brussels) since the=20
> meeting was announced short notice.
>
> The meeting was lead by Giuseppe Abbamonte and he ran the meeting in=20
> the style expressed at their webpage: "the Commission will select the=20
> platform participants, with a view to ensuring a balanced and=20
> manageable representation of the different stakeholders."
>
> At the end of the meeting he came up with the idea that there should=20
> be 3 groups with maximum 20 persons each and he will nominate the=20
> persons for those groups.
>
> I dared to suggest to follow a model like in the IETF with open=20
> participation. He shouted at me and said that this will never happen.=20
> The argument was that this has never worked in the EC so far.
>
> Of course the folks in the participating people in the room quickly=20
> noticed that 3x20 by no means leads to 150 and so more than half of=20
> the participants of the f2f meeting wouldn't be allowed to participate=20
> in the work. (I ignore those who weren't able to show up at the f2f=20
> meeting or smaller enterprises who don't have the budget to fly to=20
> Brussels just to chat.) I am sure most of them had no expectation that=20
> it would lead to something useful but they at least wanted to follow=20
> it and jump it when it completely goes into the wrong direction.
>
> An hour later the model was changed and larger groups were allowed;=20
> that's still far away from an IETF type of participation style.
>
> These are the types of groups who are supposed to develop solutions to=20
> improve the security of the Internet.
>
> Ciao Hannes
>
>
> _______________________________________________ perpass mailing list=20
> perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
>
> _______________________________________________ perpass mailing list=20
> perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
>



From hannes.tschofenig@gmx.net  Fri Oct 25 07:56:45 2013
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDBBC11E81A1 for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 07:56:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.622
X-Spam-Level: 
X-Spam-Status: No, score=-102.622 tagged_above=-999 required=5 tests=[AWL=-0.023, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bdxncKvH0XvK for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 07:56:38 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id AD66811E82FC for <perpass@ietf.org>; Fri, 25 Oct 2013 07:56:32 -0700 (PDT)
Received: from [172.16.254.200] ([80.92.115.161]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MPqtK-1VdaQP2r1G-0053BQ for <perpass@ietf.org>; Fri, 25 Oct 2013 16:56:31 +0200
Message-ID: <526A86B6.8070605@gmx.net>
Date: Fri, 25 Oct 2013 16:56:54 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>,  Joseph Lorenzo Hall <joe@cdt.org>, Stephen Kent <kent@bbn.com>, perpass <perpass@ietf.org>
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com>	<5265FB71.1020408@cisco.com>	<526617D2.5060903@gmx.net>	<6.2.5.6.2.20131021232826.0dbc9530@resistor.net>	<5267E076.5010700@bbn.com>	<21D6C0EE-0C10-4DC9-ADD6-A6CFA212D163@icsi	<526815F0.8020100@cdt.org>	<526A24AD.8000107@gmx.net> <F5063677821E3B4F81ACFB7905573F24049EA32CF5@MX15A.corp.emc.com> <526A80AA.3080504@gmx.net> <F5063677821E3B4F81ACFB7905573F24049EA32D16@MX15A.corp.emc.com>
In-Reply-To: <F5063677821E3B4F81ACFB7905573F24049EA32D16@MX15A.corp.emc.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:WS5HARrwHo4PbFQ2cIlo+wjsavbftriiU4yTXG85uCrxwA1rrUo akM2u0TfMFMeUxuT+t3N8vmiWf8mU81u0ULJvMpqpD/fx32k6DFxU0hPb/FKrG1dUxnsArD WehIOogNLGBtoi/ZtdB9OyXoCABWXjyD3GSf8yzGe4i+2k3Vy40hL/wVs9q5Q6pqHqIw7zd WWmum7GuCJvGUD4TNoOjQ==
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 14:56:45 -0000

Hi Kathleen,

as you mentioned, the process used by NIST far exceeds what other 
organizations do today. They also employ a lot of great technical people 
(and we got to know some of them better) and so there is less risk that 
the work goes into a wrong direction. This is the reason why we trusted 
their recommendations.

While there is still room for improvement many other organizations even 
have to get to that level.

I think the OpenStand document is a good template. While it is written 
with a focus on traditional standardization in mind I believe it has 
much broader applicability.

Ciao
Hannes

On 10/25/2013 04:46 PM, Moriarty, Kathleen wrote:
> Hi Hannes,
>
> Good point, the comments as an expert reviewer were not published,
> nor was the response.  However in the development of the framework
> from the Cyber Security Executive order, NIST did publish all of the
> contributions.  I was heavily involved in that for EMC, although I
> did not have time to attend the workshops that followed.
>
> Responses, I believe, just go directly to the submitter.  We, as a
> company, have had comments rejected (different document) and have
> submitted them again for subsequent revisions of the documents.  The
> explanations were reasonable, although we didn't necessarily agree
> and the instance I am referring to is not something that would cause
> a security concern.
>
> The IETF's level of transparency exceeds many other standards
> development organizations.
>
> Thanks, Kathleen
>
> -----Original Message----- From: Hannes Tschofenig
> [mailto:hannes.tschofenig@gmx.net] Sent: Friday, October 25, 2013
> 10:31 AM To: Moriarty, Kathleen; Joseph Lorenzo Hall; Stephen Kent;
> perpass Subject: Re: [perpass] Standards in the age of pervasive
> suspicion
>
> Hi Kathleen,
>
> in my mail below I had shared one example of how the process in other
> parts of the world look like and actually defended NIST to a certain
> extend.
>
> However, I had some experience with NIST myself, for example with the
> NSTIC work. I am sure there are other on the list who have had
> experience with other initiatives, such as the SmartGrid.
>
> Take your experience described below and compare it with the IETF.
> Have your comments been published somewhere and are they accessible
> to the public? What is the decision process for incorporating
> comments from different sources? What is the dispute resolution
> process?
>
> Ciao Hannes
>
> On 10/25/2013 03:51 PM, Moriarty, Kathleen wrote:
>> As the final expert reviewer on a fairly recent NIST publication
>> (about 1 year ago), I will attest to their good practices.  They
>> do work on standards collaboratively, take open calls for feedback
>> and then provide responses to those who comment.
>>
>> I wound up reading the document 5 different times, providing
>> feedback in each instance that was typically accepted and all
>> responses were reasonable.  They do make an effort to find an
>> expert in the area of the standard publication as well.
>>
>> I did not read the full thread, so sorry if any of this was
>> out-of-context, but I thought the first-hand experience and their
>> use of a final external reviewer might be helpful for some to
>> understand.
>>
>> Best regards, Kathleen
>>
>> -----Original Message----- From: perpass-bounces@ietf.org
>> [mailto:perpass-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>> Sent: Friday, October 25, 2013 3:59 AM To: Joseph Lorenzo Hall;
>> Stephen Kent; perpass Subject: Re: [perpass] Standards in the age
>> of pervasive suspicion
>>
>> On 10/23/2013 08:31 PM, Joseph Lorenzo Hall wrote:
>>> NIST appears to have learned from this that the standardization
>>> process has to be equally as transparent as the
>>> competition/cryptanalysis process. That's a very good thing.
>>
>> There is still something to learn for NIST when it comes to good
>> standardization principles, such as those outlined by OpenStand
>> http://open-stand.org/principles/
>>
>> I am sure you have seen the related post from the IAB on this
>> topic:
>> http://www.iab.org/2013/10/23/comments-from-the-iab-on-nist-sp-800-90a
>>
>>
-proceeding/
>>
>> But it would be unfair to just complain about NIST when many other
>> government bodies aren't any better. I will share one story I
>> experienced recently with the European Commission (EC) created
>> Network and Information Security (NIS) platform. This group was
>> created in response to the proposed regulation on CyberSecurity by
>> the EC.
>>
>> The responsible persons from the EC decided to organize a f2f
>> meeting early June to get their work started. Around 150 persons
>> from all sectors in the industry showed up to the meeting (mostly
>> from bigger cooperations who have public policy people in Brussels)
>> since the meeting was announced short notice.
>>
>> The meeting was lead by Giuseppe Abbamonte and he ran the meeting
>> in the style expressed at their webpage: "the Commission will
>> select the platform participants, with a view to ensuring a
>> balanced and manageable representation of the different
>> stakeholders."
>>
>> At the end of the meeting he came up with the idea that there
>> should be 3 groups with maximum 20 persons each and he will
>> nominate the persons for those groups.
>>
>> I dared to suggest to follow a model like in the IETF with open
>> participation. He shouted at me and said that this will never
>> happen. The argument was that this has never worked in the EC so
>> far.
>>
>> Of course the folks in the participating people in the room
>> quickly noticed that 3x20 by no means leads to 150 and so more than
>> half of the participants of the f2f meeting wouldn't be allowed to
>> participate in the work. (I ignore those who weren't able to show
>> up at the f2f meeting or smaller enterprises who don't have the
>> budget to fly to Brussels just to chat.) I am sure most of them had
>> no expectation that it would lead to something useful but they at
>> least wanted to follow it and jump it when it completely goes into
>> the wrong direction.
>>
>> An hour later the model was changed and larger groups were
>> allowed; that's still far away from an IETF type of participation
>> style.
>>
>> These are the types of groups who are supposed to develop solutions
>> to improve the security of the Internet.
>>
>> Ciao Hannes
>>
>>
>> _______________________________________________ perpass mailing
>> list perpass@ietf.org
>> https://www.ietf.org/mailman/listinfo/perpass
>>
>> _______________________________________________ perpass mailing
>> list perpass@ietf.org
>> https://www.ietf.org/mailman/listinfo/perpass
>>
>
>


From hallam@gmail.com  Fri Oct 25 08:49:30 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AB9211E830E for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 08:49:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.155
X-Spam-Level: 
X-Spam-Status: No, score=-2.155 tagged_above=-999 required=5 tests=[AWL=-0.155, BAYES_00=-2.599, J_CHICKENPOX_21=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Avsq07rccpdx for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 08:49:29 -0700 (PDT)
Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com [IPv6:2a00:1450:4010:c04::22d]) by ietfa.amsl.com (Postfix) with ESMTP id DFB2F11E821D for <perpass@ietf.org>; Fri, 25 Oct 2013 08:49:28 -0700 (PDT)
Received: by mail-lb0-f173.google.com with SMTP id w7so895014lbi.18 for <perpass@ietf.org>; Fri, 25 Oct 2013 08:49:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:in-reply-to:mime-version:from:date:message-id:subject:to :cc:content-type; bh=7stlEuf1erxubwrfP+EveFe8eAbvmeRiVJxQFs1mlto=; b=yjhM9gH5Y3+0Wm6nErtLWFLC5gWssuj0XBnOkmXkcKpNJ1Dm0fi4WS3bMX70vKVZgc lhTfcxPjS2+rI4GSQhrb3O2sfZgc0G2JwJFZNG3bNtZdtymlbLQgVC2FOMu87kJfDwWk XyJ2kG0SR0vx/H8rsgTgqvwM82KmpREjxHJHopJy9ktk8qpI6tPeRXfO6ZmdtLXEa6nS BwV1euTe6Jxw9TAIpfDscus8h4IAyDjgEMeZFMs/zHiNyk6BQCuwoE6c6igJoAr3wiIL LgsadBCCKSstP5TP0P+k90f7vyRpuzCMdwkZ9KDMYurIXLp1RPFaDyhlyl/iWHgx6vFs gFVg==
X-Received: by 10.152.22.131 with SMTP id d3mr2464412laf.35.1382716162505; Fri, 25 Oct 2013 08:49:22 -0700 (PDT)
References: <CAMm+LwiDGDDOpWGq=2GePUjwE00U_HgFzakdPOgQKGYN3=qGpA@mail.gmail.com> <5265FB71.1020408@cisco.com> <526617D2.5060903@gmx.net> <6.2.5.6.2.20131021232826.0dbc9530@resistor.net> <5267E076.5010700@bbn.com> <21D6C0EE-0C10-4DC9-ADD6-A6CFA212D163@icsi.berkeley.edu> <5267EBEB.5030701@bbn.com> <526815F0.8020100@cdt.org>
In-Reply-To: <526815F0.8020100@cdt.org>
Mime-Version: 1.0 (1.0)
From: Phillip Hallam-Baker <hallam@gmail.com>
Date: Fri, 25 Oct 2013 11:49:19 -0400
Message-ID: <2102380417021584473@unknownmsgid>
To: Joseph Lorenzo Hall <joe@cdt.org>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>
Subject: Re: [perpass] Standards in the age of pervasive suspicion
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 15:49:30 -0000

The problem created here is likely limited to perception. But that is
still a big problem if the result is we end up having to contend with
multiple national standards.

We need to think about protocol design in a different way and instead
of asking if something is 'sufficient' look at multiple layers of
protection that provide sufficient strength even with compromises of
some components.

Sent from my difference engine


> On Oct 23, 2013, at 2:31 PM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>
>
>> On 10/23/13 11:31 AM, Stephen Kent wrote:
>>
>>
>> I read Bruces's post at the cited URL. The developers of the alg
>> replied:
>>
>> That does not seem consistent with "mysteriously changed."
>
> It is consistent... the process from a winning cryptographic algorithm
> to NIST FIPS standardization is pretty murky, and if you follow the
> hash-forum list at NIST, you'd see a lot of hue and cry about the
> reduction in capacity of Keccak. Of course, now that the Keccak team
> has weighed in, it appears that the eventual SHA-3 FIPS standard will
> include one or more high-security modes.
>
> NIST appears to have learned from this that the standardization
> process has to be equally as transparent as the
> competition/cryptanalysis process. That's a very good thing.
>
> best, Joe
>
> - --
> Joseph Lorenzo Hall
> Chief Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> joe@cdt.org
> PGP: https://josephhall.org/gpg-key
> fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (Darwin)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEAREIAAYFAlJoFfAACgkQwOJtkPJXd/gbPgCeJfMqOD+LE6JyxEiv5T1Pzr3J
> sv8AoIKcHCx6Ph3YAdUnYIkGBI0i4Kl0
> =Xecl
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass

From scott.brim@gmail.com  Fri Oct 25 09:08:54 2013
Return-Path: <scott.brim@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 379EC11E834C for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 09:08:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.59
X-Spam-Level: 
X-Spam-Status: No, score=-102.59 tagged_above=-999 required=5 tests=[AWL=0.009, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MRmA1r9LChJD for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 09:08:49 -0700 (PDT)
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 16CA111E833E for <perpass@ietf.org>; Fri, 25 Oct 2013 09:08:39 -0700 (PDT)
Received: by mail-ob0-f177.google.com with SMTP id vb8so1117154obc.8 for <perpass@ietf.org>; Fri, 25 Oct 2013 09:08:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=bfIV6EDFE3aMMuQTu/am+nsCbbIjeDMo5lTAjrAmC30=; b=KSIO0mTiHmo7s84qBfotzXaP2AFgmbgBIZ3cF5TwRaSXkKa9iU4s5k5gBYKrimiopa 53mmNd0qs7QjWZBEDEDhguPptFECJ+MrNV45wTbwGfJHMO2OdI0yC8cP5cPea4MUD6dU ZOKtmmQcddZW5rrk6DnQKCj6jnBTrq7oeozDtAgBDl7m+2Bvb1U3lOUfQd790IQBbcqZ O1V9zHgdal56TAWRwGPZJpQxpYxRafKmhVOQsMcS+b1YV8p+4jH7U1W5sAsAifoiCmiC GrCwrfumJBeaNNEK/XIa34bJFu4JVdb6mr5aDfCMQpiDlrhg3i+PG4o+5jbmt5dejfHP EF1Q==
X-Received: by 10.60.144.133 with SMTP id sm5mr6658oeb.103.1382717317714; Fri, 25 Oct 2013 09:08:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.2.134 with HTTP; Fri, 25 Oct 2013 09:08:17 -0700 (PDT)
In-Reply-To: <526A81A8.8010507@gmail.com>
References: <52654CB3.1050507@cs.tcd.ie> <C5E08FE080ACFD4DAE31E4BDBF944EB123CD0F2D@xmb-aln-x02.cisco.com> <5268E1C1.8070307@cs.tcd.ie> <C5E08FE080ACFD4DAE31E4BDBF944EB123CD2370@xmb-aln-x02.cisco.com> <5269304D.8040101@cs.tcd.ie> <526A66AA.1020009@gmail.com> <526A72FC.5020802@dcrocker.net> <526A81A8.8010507@gmail.com>
From: Scott Brim <scott.brim@gmail.com>
Date: Fri, 25 Oct 2013 12:08:17 -0400
Message-ID: <CAPv4CP-K16UHh3Cb8dOZrBsQ8ndpi3wSWmLnitTVoupx=_P59g@mail.gmail.com>
To: rutkowski.tony@gmail.com
Content-Type: multipart/alternative; boundary=047d7b4725da8c1bcf04e992f6aa
Cc: perpass <perpass@ietf.org>, Crocker Dave <dcrocker@bbiw.net>
Subject: Re: [perpass] ITU-T 's anti-perpass work
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 16:08:56 -0000

--047d7b4725da8c1bcf04e992f6aa
Content-Type: text/plain; charset=ISO-8859-1

Tony, I no longer have a TIES account so I can't look at the base document,
but I don't see any great harm in the little ones you posted. They describe
various aspects of "big data" (which is a big topic), and while they are
clearly considering the possibility of capturing business intelligence,
they don't seem to give particular stress to it versus other aspects.
 Unless you have more evidence I will probably continue to ignore ITU big
data.  Lots of people have plans to hoover up all possible data already,
with or without ITU.


On Fri, Oct 25, 2013 at 10:35 AM, Tony Rutkowski
<rutkowski.tony@gmail.com>wrote:

> On 10/25/2013 9:32 AM, Dave Crocker wrote:
>
>> Please provide some detail, to explain how these contributions are
>> anti-perpass.
>>
>
> Hi Dave,
>
> The term "anti-perpass" was used to
> described a significant initiative
> begun in the ITU-T last year to
> develop a set of Recommendations in
> its Study Group 13 (essentially Internet
> and Cloud Computing) to Hoover up,
> store, and analyze everything passing
> through the networks.
>
> The proponents (China Unicom, the China
> Information Ministry, ZTE, and ETRI)
> argued argued that "Over the Top"
> providers were capturing and
> using information about "their"
> telco customer to their detriment
> and instituted a Big Data project.
> The work included coupling to the
> many new DPI standards being developed
> in the same Study Group.
>
> The ITU-T today is predominantly a forum
> for China, Korea ETRI, and Japan.  However
> some governments intervened to suggest this
> work was not a good thing.  An exacerbating
> factor is that 89 nations last year signed
> an ITU treaty obligating themselves to
> implement ITU-T Recommendations.  The work
> was temporarily halted early this year
> because of the interventions, but with the
> Kampala meeting, it is now scaling up again
> with these documents.
>
> The IETF could perhaps help here by offering
> critical comment that having global ITU
> Recommendations that promote if not mandate
> pervasive surveillance and analysis of
> individual users is not a good thing.
> The attached documents are exemplary.
>
> --tony
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>
>

--047d7b4725da8c1bcf04e992f6aa
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Tony, I no longer have a TIES account so I can&#39;t look =
at the base document, but I don&#39;t see any great harm in the little ones=
 you posted. They describe various aspects of &quot;big data&quot; (which i=
s a big topic), and while they are clearly considering the possibility of c=
apturing business intelligence, they=A0don&#39;t seem to give particular st=
ress to it versus other aspects. =A0Unless you have more evidence I will pr=
obably continue to ignore ITU big data. =A0Lots of people have plans to hoo=
ver up all possible data already, with or without ITU.</div>

<div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Fri, Oct 2=
5, 2013 at 10:35 AM, Tony Rutkowski <span dir=3D"ltr">&lt;<a href=3D"mailto=
:rutkowski.tony@gmail.com" target=3D"_blank">rutkowski.tony@gmail.com</a>&g=
t;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On 10/25/2013 9:32 AM, Dav=
e Crocker wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
Please provide some detail, to explain how these contributions are anti-per=
pass. <br>
</blockquote>
<br></div>
Hi Dave,<br>
<br>
The term &quot;anti-perpass&quot; was used to<br>
described a significant initiative<br>
begun in the ITU-T last year to<br>
develop a set of Recommendations in<br>
its Study Group 13 (essentially Internet<br>
and Cloud Computing) to Hoover up,<br>
store, and analyze everything passing<br>
through the networks.<br>
<br>
The proponents (China Unicom, the China<br>
Information Ministry, ZTE, and ETRI)<br>
argued argued that &quot;Over the Top&quot;<br>
providers were capturing and<br>
using information about &quot;their&quot;<br>
telco customer to their detriment<br>
and instituted a Big Data project.<br>
The work included coupling to the<br>
many new DPI standards being developed<br>
in the same Study Group.<br>
<br>
The ITU-T today is predominantly a forum<br>
for China, Korea ETRI, and Japan. =A0However<br>
some governments intervened to suggest this<br>
work was not a good thing. =A0An exacerbating<br>
factor is that 89 nations last year signed<br>
an ITU treaty obligating themselves to<br>
implement ITU-T Recommendations. =A0The work<br>
was temporarily halted early this year<br>
because of the interventions, but with the<br>
Kampala meeting, it is now scaling up again<br>
with these documents.<br>
<br>
The IETF could perhaps help here by offering<br>
critical comment that having global ITU<br>
Recommendations that promote if not mandate<br>
pervasive surveillance and analysis of<br>
individual users is not a good thing.<br>
The attached documents are exemplary.<span class=3D"HOEnZb"><font color=3D"=
#888888"><br>
<br>
--tony<br>
</font></span><br>_______________________________________________<br>
perpass mailing list<br>
<a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_blank"=
>https://www.ietf.org/mailman/listinfo/perpass</a><br>
<br></blockquote></div><br></div>

--047d7b4725da8c1bcf04e992f6aa--

From paul@cypherpunks.ca  Fri Oct 25 11:08:38 2013
Return-Path: <paul@cypherpunks.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B9C711E81E2 for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 11:08:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.583
X-Spam-Level: 
X-Spam-Status: No, score=-2.583 tagged_above=-999 required=5 tests=[AWL=0.016,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pNuhG1KuLwVs for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 11:08:32 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id 30E2511E81B2 for <perpass@ietf.org>; Fri, 25 Oct 2013 11:08:32 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3d5tbr4wzgz58t; Fri, 25 Oct 2013 14:08:24 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id x-Ko6hz1sHaH; Fri, 25 Oct 2013 14:08:23 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Fri, 25 Oct 2013 14:08:23 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 79FDC807CA; Fri, 25 Oct 2013 14:08:24 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 6D5CF805BD; Fri, 25 Oct 2013 14:08:24 -0400 (EDT)
Date: Fri, 25 Oct 2013 14:08:24 -0400 (EDT)
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: Noel Torres <envite@rolamasao.org>
In-Reply-To: <52696123.9000209@rolamasao.org>
Message-ID: <alpine.LFD.2.10.1310251405160.17704@bofh.nohats.ca>
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com> <52683DDF.9030407@rolamasao.org> <20131023213555.GE94140@funkthat.com> <526841F3.4040505@rolamasao.org> <47EC7968-F4DD-42D9-BEAA-9435A010CECB@emc.com> <52696123.9000209@rolamasao.org>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: perpass@ietf.org
Subject: Re: [perpass] OpenPGP Server-side Signed E-mail [Was: e-mail security idea: server2server PGP]
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 18:08:38 -0000

On Thu, 24 Oct 2013, Noel Torres wrote:

> The promised rough draft:

> Initial Draft about OpenPGP Server-side Signed E-mail (OPSS e-mail)

I don't understand how this adds anything to STARTTLS with TLSA/DNSSEC,
apart from being able to get a remote server key from a HKP server,
which in itself is completely untrusted without web-of-trust
verification by a human.

In fact, TLS with DHE would be more secure agaisnt a pervasive monitor
that obtains access to a mailserver's private openpgp key.

What would doing openpgp encryption within TLS add security wise?

Paul

From hallam@gmail.com  Fri Oct 25 17:36:18 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0555C11E81F2 for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 17:36:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.454
X-Spam-Level: 
X-Spam-Status: No, score=-2.454 tagged_above=-999 required=5 tests=[AWL=0.145,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RlJ+Xm6Plwsq for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 17:36:14 -0700 (PDT)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 6099411E818F for <perpass@ietf.org>; Fri, 25 Oct 2013 17:36:10 -0700 (PDT)
Received: by mail-lb0-f175.google.com with SMTP id z5so1262975lbh.20 for <perpass@ietf.org>; Fri, 25 Oct 2013 17:36:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XTurz6twqv+43JHobToZuf7byysN42sSF75y+YxtHSY=; b=fg3AtckRMKor/zkAWNuVAnvKYvYOpMwv5ksSJ6LNTCnzKlmg8kh1N/I0Z2UNu6aY64 52viEiXVXKWgQM89EwbufnB6HJ9aHbl7qm8gTkMc9tdVnYnySNC8whydSoVnwZMJPnNA OzL0leK6aPePvDtofq97tEvncEyDNZAvVL/lBWRwBnT/FaKYgQwuzm/1qzqJ7zQFUS2d NkYmii5zDqdQ9mmCWMqLxGYwD+HUlZV3Caav2WmEUYY3jH7Tjcfnbv0LHqlx9MHlG573 K5Am3w+27tKIUwzd0UpMxKc3tjwGAp++vHxwlDZ5/SbyeAWPJfwfHpR1KsCuCOn62mBT SrvA==
MIME-Version: 1.0
X-Received: by 10.112.138.164 with SMTP id qr4mr200269lbb.49.1382747767788; Fri, 25 Oct 2013 17:36:07 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Fri, 25 Oct 2013 17:36:07 -0700 (PDT)
In-Reply-To: <CAB5WduDqcgVsrE97zcLaDODaTT8BCCBdu8YAC=mkFYF=csQtng@mail.gmail.com>
References: <CAB5WduAHhQg2a5Lc4CTTe0pxYt7V3n0XsRqtuY3Acg117AatMg@mail.gmail.com> <CAMm+Lwi9SBRpz0kdojiwpzkruSMi3PNZ98wMp_yL4uCT+pZdKw@mail.gmail.com> <CAB5WduBbSO9iD2JY7Q0sbSKMBpes12BDAfKfwd=siiZ=ncrPhg@mail.gmail.com> <CAB5WduDidbABUCK1_uPT9yhsBqmEQN9bHKf33pYb_KoEi2QWuQ@mail.gmail.com> <5266D2E6.8040403@gmail.com> <CAB5WduDqLSUCexHac_kHa69sjqSyjDSDu5E6eowbnKwgoNK9SA@mail.gmail.com> <CAMm+LwjqMYGTi3qy-8yVNPyF72_z9-QaCYN2a3+k59kqcaXvWQ@mail.gmail.com> <CAB5WduDqcgVsrE97zcLaDODaTT8BCCBdu8YAC=mkFYF=csQtng@mail.gmail.com>
Date: Fri, 25 Oct 2013 20:36:07 -0400
Message-ID: <CAMm+LwicsJscFc4_WyD4t=c8i7GdEZxR9ODPH1Ng1Waw3_k2Jw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: DataPacRat <datapacrat@gmail.com>
Content-Type: multipart/alternative; boundary=089e0118293a835ab004e99a0d98
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Web-of-trust CAs
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 00:36:18 -0000

--089e0118293a835ab004e99a0d98
Content-Type: text/plain; charset=ISO-8859-1

On Tue, Oct 22, 2013 at 5:53 PM, DataPacRat <datapacrat@gmail.com> wrote:

> On Tue, Oct 22, 2013 at 5:02 PM, Phillip Hallam-Baker <hallam@gmail.com>
> wrote:
> > On Tue, Oct 22, 2013 at 4:14 PM, DataPacRat <datapacrat@gmail.com>
> wrote:
>
> >> I could suggest that the values be interpreted in terms of LaPlace's
> >> Sunrise formula - eg, "there's been 10 reports of the key being used
> >> falsely and 500,000 that it's been used successfully: Do you wish to
> >> continue?".
> >
> > This is why I would not attempt to use Bayesian logic.
> >
> > You have no way to measure probability reliably. An attacker can simulate
> > any behavior before they defect. The only measure that is useful is the
> cost
> > of simulating that behavior. If it is prohibitively high then we can
> decide
> > to trust them.
> >
> > Remember that Bernie Madoff paid out 100% of every redemption request
> right
> > up to the point where the money ran out.
>
> One thing using Bayesian/LaPlacian numbers /can/ do is indicate how
> much effort would need to have been exerted in order to simulate the
> behaviour. If implemented correctly, then put simply, you can't get to
> 40 decibans of confidence without having had 10,000 successful tests
> for every failed test.


 Like many powerful theory tools, Bayesian inference is perfect in theory
but useless for many of the purposes people try to use it for.

The problem with any analysis based on probability is that the confidence
can only diminish as the distance between the nodes increases. The problem
with Web of trust is that the generation loss between keysignings limits
the diameter of the trust graph and the amount of effort users will bear
limits the degree.

Taken together these give a maximum size to given by the Moore bound on the
number of nodes in the graph.


-- 
Website: http://hallambaker.com/

--089e0118293a835ab004e99a0d98
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Tue, Oct 22, 2013 at 5:53 PM, DataPacRat <span dir=3D"l=
tr">&lt;<a href=3D"mailto:datapacrat@gmail.com" target=3D"_blank">datapacra=
t@gmail.com</a>&gt;</span> wrote:<br><div class=3D"gmail_extra"><div class=
=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On Tue, Oct 22, 2013 at 5:=
02 PM, Phillip Hallam-Baker &lt;<a href=3D"mailto:hallam@gmail.com">hallam@=
gmail.com</a>&gt; wrote:<br>

&gt; On Tue, Oct 22, 2013 at 4:14 PM, DataPacRat &lt;<a href=3D"mailto:data=
pacrat@gmail.com">datapacrat@gmail.com</a>&gt; wrote:<br>
<br>
</div><div class=3D"im">&gt;&gt; I could suggest that the values be interpr=
eted in terms of LaPlace&#39;s<br>
&gt;&gt; Sunrise formula - eg, &quot;there&#39;s been 10 reports of the key=
 being used<br>
&gt;&gt; falsely and 500,000 that it&#39;s been used successfully: Do you w=
ish to<br>
&gt;&gt; continue?&quot;.<br>
&gt;<br>
&gt; This is why I would not attempt to use Bayesian logic.<br>
&gt;<br>
&gt; You have no way to measure probability reliably. An attacker can simul=
ate<br>
&gt; any behavior before they defect. The only measure that is useful is th=
e cost<br>
&gt; of simulating that behavior. If it is prohibitively high then we can d=
ecide<br>
&gt; to trust them.<br>
&gt;<br>
&gt; Remember that Bernie Madoff paid out 100% of every redemption request =
right<br>
&gt; up to the point where the money ran out.<br>
<br>
</div>One thing using Bayesian/LaPlacian numbers /can/ do is indicate how<b=
r>
much effort would need to have been exerted in order to simulate the<br>
behaviour. If implemented correctly, then put simply, you can&#39;t get to<=
br>
40 decibans of confidence without having had 10,000 successful tests<br>
for every failed test.</blockquote><div><br></div><div>=A0Like many powerfu=
l theory tools, Bayesian inference is perfect in theory but useless for man=
y of the purposes people try to use it for.</div><div><br></div><div>The pr=
oblem with any analysis based on probability is that the confidence can onl=
y diminish as the distance between the nodes increases. The problem with We=
b of trust is that the generation loss between keysignings limits the diame=
ter of the trust graph and the amount of effort users will bear limits the =
degree.=A0</div>
<div><br></div><div>Taken together these give a maximum size to given by th=
e Moore bound on the number of nodes in the graph.</div></div><br clear=3D"=
all"><div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/">htt=
p://hallambaker.com/</a><br>

</div></div>

--089e0118293a835ab004e99a0d98--

From doug.mtview@gmail.com  Fri Oct 25 17:42:47 2013
Return-Path: <doug.mtview@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7357311E81F2 for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 17:42:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level: 
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UTXn3a5FkMoW for <perpass@ietfa.amsl.com>; Fri, 25 Oct 2013 17:42:46 -0700 (PDT)
Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id B489211E818F for <perpass@ietf.org>; Fri, 25 Oct 2013 17:42:46 -0700 (PDT)
Received: by mail-ie0-f180.google.com with SMTP id e14so7682746iej.11 for <perpass@ietf.org>; Fri, 25 Oct 2013 17:42:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:message-id:date:to:mime-version; bh=ZTJF0LH7LF8pM9kcajjXGvaAV2SuZSifmzML+MPD3nQ=; b=TEi9XBUarR8M9x52JRWyEQTGqyWY8dWmQDluUqXzVsU/iBWjxavN/JLeH4PhGKdMDo R3UD+/IsS9uxKAXSZ2tHsUZn3zW+dUAkvsUKIBG+W0D+1aVzC4yB0tS+r3ktkPCsfWIs HqCsh+CE3ZpWdoggLlENs9eqOvCWQcwPVXVMyg4ZbcL6A9Jgm03SZ5uglcMDDpN3OLcv yUbHzs/NoCmYkkVTzonUkut01SoM35mEx46LaClUe/idLs8rgnFsOMWI9Kf32vhv+2bW B25f3fbkCe4+oYZeOCdVq7/EuxSJM4nOZRmdb1PG9GDc4HdZlubXrOIjtQ6d3Wjp4f7Y PUYA==
X-Received: by 10.50.119.4 with SMTP id kq4mr688768igb.40.1382748151574; Fri, 25 Oct 2013 17:42:31 -0700 (PDT)
Received: from [192.168.0.54] (107-0-5-6-ip-static.hfc.comcastbusiness.net. [107.0.5.6]) by mx.google.com with ESMTPSA id p7sm5468255iga.3.2013.10.25.17.42.30 for <perpass@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 25 Oct 2013 17:42:30 -0700 (PDT)
From: Douglas Otis <doug.mtview@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C83FD9DA-4876-4ED0-8B45-9FBB01EBA30F"
Message-Id: <D36649A3-E39F-4B17-83B2-B4B6AA6C82BB@gmail.com>
Date: Fri, 25 Oct 2013 17:42:29 -0700
To: "perpass@ietf.org" <perpass@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
X-Mailer: Apple Mail (2.1510)
Subject: [perpass] Possible talking points
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 00:42:47 -0000

--Apple-Mail=_C83FD9DA-4876-4ED0-8B45-9FBB01EBA30F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Dear Perpass WG,

Can networks ever be assumed secure carrying data in the clear?

"Veracity" is an interesting term defined in T13-C-0427 offered by Tony =
Rutkowski.

When dealing with powerful adversaries (state or organized crime) is it =
safe to assume the veracity of:
 a) the routing system ?
 b) DNS ?
 c) the reputation of an identifier ?

http://tools.ietf.org/html/rfc6545#section-9.3
 Can email be treated "as if" each message were RID messages ?

What are reasonable source compliance requirements for encrypted =
messages ?
 (such as certificates verifying the entity initiating the message.)=20

What is the market value of guidelines permitting domain use as a basis =
for acceptance ?
 a) IP address independence
 b) Provider independence
 c) Justification for improved security

Can comparative overheads be extrapolated among various suggested =
strategies ?

Is DANE still on the table, since any strategy should have long term =
perspectives ?

For example, will CA issued certificates:
 a) cost impair wide adoption
 b) leak sensitive information
 c) prove untrustworthy facing geopolitical pressure
 d) prove difficult maintaining revocations

Transitioning to DNSSEC, can CA issued certificates offer temporary =
fallback strategies for DANE ?

Does a certified provider of an encrypted message place individuals at =
risk ?

When most email is encrypted, can provider certificates who initiate =
messages serve to protect services from excessive overhead caused by =
pervasive abuse?

As a note, the public domain Judy array library can list all domains in =
current use at more than 5 million transactions per second needing about =
15% greater memory overhead than that of a flat list. =20

Regards,
Douglas Otis

--Apple-Mail=_C83FD9DA-4876-4ED0-8B45-9FBB01EBA30F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
"><div>Dear Perpass WG,</div><div><br></div><div>Can networks ever be =
assumed secure carrying data in the =
clear?</div><div><br></div><div>"Veracity" is an interesting term =
defined in T13-C-0427 offered by Tony =
Rutkowski.</div><div><br></div><div>When dealing with powerful =
adversaries (state or organized crime) is it safe to assume the veracity =
of:</div><div>&nbsp;a) the routing system ?</div><div>&nbsp;b) DNS =
?</div><div>&nbsp;c) the reputation of an identifier =
?</div><div><br></div><div><a =
href=3D"http://tools.ietf.org/html/rfc6545#section-9.3">http://tools.ietf.=
org/html/rfc6545#section-9.3</a></div><div>&nbsp;Can email be treated =
"as if" each message were RID messages ?</div><div><br></div><div>What =
are reasonable source compliance requirements for encrypted messages =
?</div><div>&nbsp;(such as&nbsp;certificates verifying the entity =
initiating the message.)&nbsp;</div><div><br></div><div>What is the =
market value of guidelines permitting domain use as a basis for =
acceptance ?</div><div>&nbsp;a) IP address =
independence</div><div>&nbsp;b) Provider independence</div><div>&nbsp;c) =
Justification for improved security</div><div><br></div><div>Can =
comparative overheads be extrapolated among various suggested strategies =
?</div><div><br></div><div>Is DANE still on the table, since any =
strategy should have long term perspectives =
?</div><div><br></div><div>For example, will CA issued =
certificates:</div><div>&nbsp;a) cost impair wide =
adoption</div><div>&nbsp;b) leak sensitive =
information</div><div>&nbsp;c) prove untrustworthy facing geopolitical =
pressure</div><div>&nbsp;d) prove difficult maintaining =
revocations</div><div><br></div><div>Transitioning to DNSSEC, can CA =
issued certificates offer temporary fallback strategies for DANE =
?</div><div><br></div><div>Does a certified provider of an encrypted =
message place individuals at risk ?</div><div><br></div><div>When most =
email is encrypted, can provider certificates who initiate messages =
serve to protect services from excessive overhead caused by pervasive =
abuse?</div><div><br></div><div>As a note, the public domain Judy array =
library can list all domains in current use at more than 5 million =
transactions per second needing about 15% greater memory overhead than =
that of a flat list. &nbsp;</div><div><br></div><div =
apple-content-edited=3D"true">
Regards,<br>Douglas Otis<br></div></body></html>=

--Apple-Mail=_C83FD9DA-4876-4ED0-8B45-9FBB01EBA30F--

From hannes.tschofenig@gmx.net  Sat Oct 26 02:02:32 2013
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8E7D11E813B for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 02:02:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.621
X-Spam-Level: 
X-Spam-Status: No, score=-102.621 tagged_above=-999 required=5 tests=[AWL=-0.022, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AyIu1nvlpNES for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 02:02:29 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by ietfa.amsl.com (Postfix) with ESMTP id 3E4DC11E8163 for <perpass@ietf.org>; Sat, 26 Oct 2013 02:02:11 -0700 (PDT)
Received: from [172.16.254.200] ([80.92.115.161]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0M7TQZ-1VwDMz3rTL-00xNm3 for <perpass@ietf.org>; Sat, 26 Oct 2013 11:02:11 +0200
Message-ID: <526B8529.7020801@gmx.net>
Date: Sat, 26 Oct 2013 11:02:33 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Linus Nordberg <linus@nordberg.se>
References: <52661D34.5000405@gmx.net> <87ob6gwhb4.fsf@nordberg.se>
In-Reply-To: <87ob6gwhb4.fsf@nordberg.se>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:hhJOvzYVp0vTjJ4b0XaED0hn4FD7YcDe9dCWcYzw5ngG2HctFNj TIVy2z8bQ7DF6ssYOubIo0QxUCU07wzY3ffvwkJyB+6qFgZMEL6vz70otXTR5TiHSAZYDw4 jrBDkcuXgzZK9SY4whg0Rp51KI1rrdPOY7O4fnBsgsqdEuGB+jxwNbKqXQ75KpO/i3ykzc4 ymFbI39RMYCW8xFYSdfZA==
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] draft-tschofenig-perpass-surveillance-00.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 09:02:33 -0000

Hi Linus,

thanks for your review. I have taken your comments into account and have 
updated the document accordingly. Here is the new version:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/surveillance/draft-tschofenig-perpass-surveillance-01.txt

Regarding the question about meta-data vs. actual content I believe that 
is subject of a separate document, namely the one that Brian Trammell 
wrote.

The other thing is that I wanted to keep it at a high level since the 
document is only supposed to provide an introduction to the plenary.

Ciao
Hannes

On 10/23/2013 09:57 AM, Linus Nordberg wrote:
> Hi Hannes,
>
> Thanks for writing draft-tschofenig-perpass-surveillance-00. I wish I
> could muster the powers needed to make text.
>
> Generally, I lack information about what's often called meta-data or
> traffic data and the key issue here -- linkability. I don't really know
> what I want to say here. I started a private thread with Stephen about a
> month ago but then dropped the ball. It's quite broad and I don't know
> how to tackle it really.
>
> Should 2.2 mention IPv4? Widely (heh) deployed protocol leaking
> meta-data by design. I think it should be touched upon even if we don't
> expect changes to it. Maybe that's exactly why we must mention it
> somewhere -- some people do not grasp it while others might be hesitant
> to touch the issue. IPv6 is another one. I bet there are more.
>
>
> Typos and other minor things.
>
> - Is the expire date 2014-04-24 correct?
>
> - 2.1. s/a a/a/1
>
> - 2.1. s/'crypto-aglity'/'crypto-agility'/1
>
> - 2.2. s/exploided/exploited/1
>
> - 2.4. last sentence "With the juridiction [...]" needs some love.
>
> - 3. copied from another document
>
> - 6. [10] and [11], swap Nadia and IETF
>
>
> Http vs https. (Flogging a dead horse?)
>
> - 6. the following urls could and should be https rather than http:
>    http://packetstormsecurity.com/files/105499/Browser-Exploit-Against-SSL-TLS.html
>    http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
>    http://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters
>
> - 6. (and other places) the following urls should be https even if they
>    redirect to https, both for educational reasons and for security/privacy
>    (not leaking the full url, not having to trust that a hijacker doesn't
>    eat the redirect):
>    http://www.ietf.org/mail-archive/web/perpass/current/maillist.html
>    http://datatracker.ietf.org/drafts/current/
>
> - 6. (and other places) the following urls should have a warning about
>    not being https or perhaps have their content mirrored on a site
>    providing https (with a proper certificate):
>    http://boingboing.net/2013/08/05/anti-tor-malware-reported-back.html
>    http://fileperms.org/whatsapp-is-broken-really-broken/ (bad certificate)
>    http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/ (bad certificate)
>    http://www.tschofenig.priv.at (bad certificate)
>    http://trustee.ietf.org/license-info (404)
>


From jacob@appelbaum.net  Sat Oct 26 02:29:05 2013
Return-Path: <jacob@appelbaum.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D680F11E8149 for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 02:29:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bxs-Q2ravtpf for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 02:28:56 -0700 (PDT)
Received: from mail-ee0-f53.google.com (mail-ee0-f53.google.com [74.125.83.53]) by ietfa.amsl.com (Postfix) with ESMTP id 9AEE511E8171 for <perpass@ietf.org>; Sat, 26 Oct 2013 02:28:52 -0700 (PDT)
Received: by mail-ee0-f53.google.com with SMTP id e51so495853eek.12 for <perpass@ietf.org>; Sat, 26 Oct 2013 02:28:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:mime-version:to:subject :references:in-reply-to:openpgp:content-type :content-transfer-encoding; bh=uiZV7W/Pts3Hcz1Pxawk02JiFdR/IPGeybchRQY8qno=; b=AhDpeiJf/DbfS7JpYzDOTctuj16jIikAsDw4TWmcmOAHmbdgkcd8ZV5ujxCE1HVKSG AdsnjtEJhLdlMdCsebCDES9h7/Ll33Fi4yTwqp6UKd/PZoub8H19iR38kGS8321vltGT 42/Dow03JAhfhmGFsPba15fUBc01HnKBdcFj0AMJEX761x7TZvtrKwcQWGvqbvHsG5fH fMbUAjAbEKG/74oSnbmxSq+fqrVP7CNYmhwEXCfv6K2cdZaWdVBZKd0+f98gQ5S7c2T2 8fGYYXFVqkf2IvCR+WqJTQof5VvZj8k2oX23u0AniUEHQGhUvJirBGBJMA5+N+haGS63 nlNg==
X-Gm-Message-State: ALoCoQlMFVwAHYhiH/ElxwMRNaWqtanuWcpq5Sql10g0eNrcX8/jsSAKzneH9DKT77K3Yw8Omgj+
X-Received: by 10.15.101.130 with SMTP id bp2mr2043019eeb.86.1382779731358; Sat, 26 Oct 2013 02:28:51 -0700 (PDT)
Received: from 127.0.0.1 (lumumba.torservers.net. [77.247.181.163]) by mx.google.com with ESMTPSA id e13sm28649577eeu.4.2013.10.26.02.28.48 for <perpass@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 26 Oct 2013 02:28:50 -0700 (PDT)
Message-ID: <526B8A36.2090707@appelbaum.net>
Date: Sat, 26 Oct 2013 09:24:06 +0000
From: Jacob Appelbaum <jacob@appelbaum.net>
MIME-Version: 1.0
To: perpass@ietf.org
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com> <52683DDF.9030407@rolamasao.org> <20131023213555.GE94140@funkthat.com> <526841F3.4040505@rolamasao.org> <47EC7968-F4DD-42D9-BEAA-9435A010CECB@emc.com> <52696123.9000209@rolamasao.org> <alpine.LFD.2.10.1310251405160.17704@bofh.nohats.ca>
In-Reply-To: <alpine.LFD.2.10.1310251405160.17704@bofh.nohats.ca>
OpenPGP: id=4193A197
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] OpenPGP Server-side Signed E-mail [Was: e-mail security idea: server2server PGP]
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 09:29:06 -0000

Paul Wouters:
> On Thu, 24 Oct 2013, Noel Torres wrote:
> 
>> The promised rough draft:
> 
>> Initial Draft about OpenPGP Server-side Signed E-mail (OPSS e-mail)
> 
> I don't understand how this adds anything to STARTTLS with TLSA/DNSSEC,
> apart from being able to get a remote server key from a HKP server,
> which in itself is completely untrusted without web-of-trust
> verification by a human.
> 
> In fact, TLS with DHE would be more secure agaisnt a pervasive monitor
> that obtains access to a mailserver's private openpgp key.
> 
> What would doing openpgp encryption within TLS add security wise?
> 

Defense in depth. If the StartTLS server uses RC4, for example, I'd want
a different layer for actual protection.

All the best,
Jacob

From yaronf.ietf@gmail.com  Sat Oct 26 05:06:44 2013
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8493C21F9FD6 for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 05:06:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wy3f0Le3ne10 for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 05:06:40 -0700 (PDT)
Received: from mail-wg0-x22c.google.com (mail-wg0-x22c.google.com [IPv6:2a00:1450:400c:c00::22c]) by ietfa.amsl.com (Postfix) with ESMTP id BF9B011E812D for <perpass@ietf.org>; Sat, 26 Oct 2013 05:06:33 -0700 (PDT)
Received: by mail-wg0-f44.google.com with SMTP id n12so4867991wgh.23 for <perpass@ietf.org>; Sat, 26 Oct 2013 05:06:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=Bgrx87r9XGY03XQcoGCjwKpNWQRJnWh34E7yfjYyVUQ=; b=M+NPtOPNnVwRL9mLFt+dgD47Xj8A1PUhNJXYsFUCsJKFfEssSiWeL5WfjiDNO4jw4B f3SlvIYkf/GPe45pdqJcclnIIvCXKXECkK8bHE7RsU0/4lPrXKlTaiJBRVnPblU0OveV Rota5IIIyg9nrHL7H79Wr8P1HKIfzLN8zrbV6bQqsMQF5tUyqRbOkcstHCadcuUIh9QA xCXQo8YTgvd3dl8F5zM0CN2hfleErGyW02v85QQa3yNtvsaNjV+dsopsDL8V2tYVlUIa R9xhF9MPDJ2o20C0CNczLYN0CdIB03ztS+YOiw33etd2FV0tYoqgdf59ge5MFftYQMPy 9OmQ==
X-Received: by 10.180.20.13 with SMTP id j13mr2267635wie.6.1382789182578; Sat, 26 Oct 2013 05:06:22 -0700 (PDT)
Received: from [10.0.0.4] (bzq-79-177-145-22.red.bezeqint.net. [79.177.145.22]) by mx.google.com with ESMTPSA id i8sm15598099wiy.6.2013.10.26.05.06.20 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 26 Oct 2013 05:06:21 -0700 (PDT)
Message-ID: <526BB03A.4010003@gmail.com>
Date: Sat, 26 Oct 2013 15:06:18 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Peter Saint-Andre <stpeter@stpeter.im>,  Stephen Farrell <stephen.farrell@cs.tcd.ie>, Alexey Melnikov <alexey.melnikov@isode.com>
References: <CAPik8yaKaXRm3t3sepRHAFADCnOmdPjQC5-be3a8Xsr29965BQ@mail.gmail.com>	<5266AC02.80506@cs.tcd.ie>	<5267B862.6000105@isode.com>	<5267BAD9.8070702@cs.tcd.ie> <526960FF.3050902@stpeter.im>
In-Reply-To: <526960FF.3050902@stpeter.im>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Cc: Salvatore Loreto <salvatore.loreto@ericsson.com>, perpass@ietf.org
Subject: Re: [perpass] Hasty PRISM proofing considered harmful
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 12:06:44 -0000

Hi Peter,

I understand the need for multiple BCPs, I just want to minimize=20
conflicts between them, and we will need a lot of communication to do tha=
t.

There's a bunch of process questions that we'll need to discuss over=20
time (Informational vs. PS etc.), but let's postpone this stuff.

Lastly, my view of the TLS BCP document is as an interim measure, until=20
TLS 1.3 comes around and until the industry adopts it. Yes, this could=20
be 2-3 years or possibly more. App-level BCPs should IMHO anticipate=20
this migration from TLS 1.2 augmented by the BCP (essentially a profile) =

into TLS 1.3.

Thanks,
     Yaron

On 2013-10-24 21:03, Peter Saint-Andre wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/23/13 6:02 AM, Stephen Farrell wrote:
>>
>> On 10/23/2013 12:52 PM, Alexey Melnikov wrote:
>>> Hi Stephen,
>>>
>>> On 22/10/2013 17:46, Stephen Farrell wrote:
>>>> Yep, that's a useful post - we shouldn't rush too much, but we
>>>> do want to get things done so that developers and deployers
>>>> have something to use.
>>>>
>>>> I wonder what's the best way to proceed with this kind of
>>>> stuff. I guess we want a BCP of some sort, but the question is
>>>> how to handle the various different cases of foo-with-tls.
>>>>
>>>> - Yaron did a generic TLS BCP draft. [1] - PSA did an XMPP TLS
>>>> BCP draft [2] - This sounds like we might want an SMTP TLS BCP
>>>> draft or perhaps to add text to [3], but that's aiming for
>>>> experimental and is just about using DANE.
>>> I think some generic fallback rules can be protocol independent.
>>> But needs of different protocols might be different. For example
>>> backward compatibility with deployed TLS ciphers might be
>>> different for XMPP and SMTP.
>> Sounds reasonable. I guess even if they have the same libraries the
>> update cycles might differ. (Anyone know?)
> I expect that the update cycles are indeed different.
>
> I don't particularly *want* to have different BCPs for different
> protocols, and personally I'd like to see as much commonality as
> possible (with everyone pointing to Yaron's generic document).
> However, there are some application-level differences (e.g., with
> regard to session resumption) and each community (email, IM, web,
> etc.) has had a different experience with the use of TLS, including
> varying release schedules or willingness to release more often, use of
> STARTTLS vs. separate ports, bigger or smaller networks, more or less
> diverse developer community (e.g., with no one dominant implementation
> or small set of implementations), client-to-server only communications
> vs. also server-to-server federation, varying user expectations, etc.
>
>>> I think SMTP TLS BCP would be a good idea. I think it should be
>>> independent of DANE, because of the status of the DANE document.
>>> I would be happy to work on it (and would be happy to collaborate
>>> with PSA to discuss similarities and differences).
>> Great. Let's talk in YVR about how to get that done so its a real
>> BCP that gets followed in the wild. If someone else is up for
>> helping I guess contact Alexey.
> Before this thread emerged, I suggested the idea of having a chat
> about this topic during the AppsArea session on Monday morning (and
> BTW there are no SEC area sessions opposite). That might be a good
> place to start.
>
> Peter
>
> - --=20
> Peter Saint-Andre
> https://stpeter.im/
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJSaWD/AAoJEOoGpJErxa2p9/0P/1BVxsw8CBDfzv+hlT4Gg8vo
> Jh3lPmEDuLnolqulFFUnFWos83egKabC/aGZ02i4YoAOzKhA48OIgKgjxaqA99H1
> qzt/84s/C0m2z4iXG/AUCxI6TuLh2VoZkjJTVG//wFHVkde0Ooa8kv09g6yeOsmO
> DD6iPEft4tSrvZM6F9dQTZuciBza/nFpq5pJ8EZHwnMKQgmPp2W9gtd7+ua/BDwL
> w2CbxeJ8pGiDVXu9wjLenYVrapHs0Ul5zCNfmX0fK3qSijdlz4iUAC9+vrZF+Jnv
> ufvvGhNZwMlmmMLguQnyFoFAmf7uleHiufuIyAVn27Aa9tUWUQtNNS2CBx3NFxs2
> iozYIyYOdjRC8D3fXNe+kmauVhTZtYx6yjKIvZdWpFLtBYo2MzWBUyJ/zzx+7dx4
> 5Y2oqphKedZzSkW2dRlqCqCJ52Wiv2mCwDtuUfx3XEeVxDezcSMLtrLc7sTvQ8wK
> 22YoU42+maHk0V7Ggzdb0avrK9/SSRQ7rJnvVANUWzMlYYLZSMgHsUXEwhetYYyO
> vAIwLvEkdckMLaLLN672rHHzY7WyJWhQUmDxb16FEWeLayAOOjAAWNcdGu86ehpF
> /T/WXIIrD4msirRCJEvpVe0lihIWoQHAX6ZyJcsjGGU5rrrM5JwdPJS+PpkxvG00
> 8EU5HwKYOSngShp+vzu3
> =3D4/i5
> -----END PGP SIGNATURE-----
>


From jmg@h2.funkthat.com  Sat Oct 26 05:13:11 2013
Return-Path: <jmg@h2.funkthat.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52CED11E8150 for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 05:13:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pqmndiTOIa7I for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 05:13:06 -0700 (PDT)
Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) by ietfa.amsl.com (Postfix) with ESMTP id 294D011E8126 for <perpass@ietf.org>; Sat, 26 Oct 2013 05:13:06 -0700 (PDT)
Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id r9QCD43n053418 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 26 Oct 2013 05:13:04 -0700 (PDT) (envelope-from jmg@h2.funkthat.com)
Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id r9QCD4WF053417; Sat, 26 Oct 2013 05:13:04 -0700 (PDT) (envelope-from jmg)
Date: Sat, 26 Oct 2013 05:13:04 -0700
From: John-Mark Gurney <jmg@funkthat.com>
To: Jacob Appelbaum <jacob@appelbaum.net>
Message-ID: <20131026121304.GS94140@funkthat.com>
References: <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com> <52683DDF.9030407@rolamasao.org> <20131023213555.GE94140@funkthat.com> <526841F3.4040505@rolamasao.org> <47EC7968-F4DD-42D9-BEAA-9435A010CECB@emc.com> <52696123.9000209@rolamasao.org> <alpine.LFD.2.10.1310251405160.17704@bofh.nohats.ca> <526B8A36.2090707@appelbaum.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <526B8A36.2090707@appelbaum.net>
User-Agent: Mutt/1.4.2.3i
X-Operating-System: FreeBSD 7.2-RELEASE i386
X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88  9322 9CB1 8F74 6D3F A396
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html
X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger?
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Sat, 26 Oct 2013 05:13:04 -0700 (PDT)
Cc: perpass@ietf.org
Subject: Re: [perpass] OpenPGP Server-side Signed E-mail [Was: e-mail security idea: server2server PGP]
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 12:13:11 -0000

Jacob Appelbaum wrote this message on Sat, Oct 26, 2013 at 09:24 +0000:
> Paul Wouters:
> > On Thu, 24 Oct 2013, Noel Torres wrote:
> > 
> >> The promised rough draft:
> > 
> >> Initial Draft about OpenPGP Server-side Signed E-mail (OPSS e-mail)
> > 
> > I don't understand how this adds anything to STARTTLS with TLSA/DNSSEC,
> > apart from being able to get a remote server key from a HKP server,
> > which in itself is completely untrusted without web-of-trust
> > verification by a human.
> > 
> > In fact, TLS with DHE would be more secure agaisnt a pervasive monitor
> > that obtains access to a mailserver's private openpgp key.
> > 
> > What would doing openpgp encryption within TLS add security wise?
> > 
> 
> Defense in depth. If the StartTLS server uses RC4, for example, I'd want
> a different layer for actual protection.

If the admin spent the time to configure OPSS, why not configure TLS
properly in the first place?

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

From rutkowski.tony@gmail.com  Sat Oct 26 05:33:49 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93E9411E817F for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 05:33:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jLMJzQbru-XX for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 05:33:49 -0700 (PDT)
Received: from mail-qe0-x229.google.com (mail-qe0-x229.google.com [IPv6:2607:f8b0:400d:c02::229]) by ietfa.amsl.com (Postfix) with ESMTP id 389F211E8199 for <perpass@ietf.org>; Sat, 26 Oct 2013 05:33:48 -0700 (PDT)
Received: by mail-qe0-f41.google.com with SMTP id x7so3034360qeu.14 for <perpass@ietf.org>; Sat, 26 Oct 2013 05:33:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=9bq+N+2a7e2yDJb8O/QSXh4SbUM6+Feo1V9IkJ/jcS8=; b=uJcxouHUbs5aF4h6ujbHkuJwn/drBQ2IBA5ZRUIhQZlWvAcEDk1RYfJrB7TaFOnPUr uJexnfni703UtKU3NWl5zaQzffMv7k4cqGNtyLUWbktIJnFbLEVZBXT3b+vQGtiXc7oX f21cEbDLwtl7Uk29YbQ9k3oekhZyf+oQgxEb68IaOoI1erKa4u0g3OcX6R/ZRiSnbKE6 HXyNTrxx1bVzIqtaG7tKIpN9H/kXknbxr9XqUKfc06DF+gru+Qk/U7GbAwISVNfc36KL Khxcg5aTH3SmFtrCGHKv/jPzsovJ7jtmR0afaizBzM3ABrPb3lBafbh+Fb8n60pJ8Ut1 W5Ig==
X-Received: by 10.49.99.98 with SMTP id ep2mr17128542qeb.9.1382790827690; Sat, 26 Oct 2013 05:33:47 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id l5sm30450945qac.12.2013.10.26.05.33.46 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 26 Oct 2013 05:33:47 -0700 (PDT)
Message-ID: <526BB6A9.8020208@gmail.com>
Date: Sat, 26 Oct 2013 08:33:45 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Douglas Otis <doug.mtview@gmail.com>,  "perpass@ietf.org" <perpass@ietf.org>
References: <D36649A3-E39F-4B17-83B2-B4B6AA6C82BB@gmail.com>
In-Reply-To: <D36649A3-E39F-4B17-83B2-B4B6AA6C82BB@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Possible talking points
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 12:33:49 -0000

Just to clarify, that was "offered" by China Telecom
and the China MIIT, not me. -t

On 10/25/2013 8:42 PM, Douglas Otis wrote:
> "Veracity" is an interesting term defined in T13-C-0427 offered by 
> Tony Rutkowski.
>


From ned+perpass@mrochek.com  Sat Oct 26 08:17:11 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2334511E8179 for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 08:17:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.115
X-Spam-Level: 
X-Spam-Status: No, score=-2.115 tagged_above=-999 required=5 tests=[AWL=0.484,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2VQEI3sfl-p1 for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 08:17:06 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 6AADF11E815E for <perpass@ietf.org>; Sat, 26 Oct 2013 08:17:04 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P016V22KG0007212@mauve.mrochek.com> for perpass@ietf.org; Sat, 26 Oct 2013 08:11:58 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZQXEDTQ3400004R@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Sat, 26 Oct 2013 08:11:51 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01P016UZ4CJS00004R@mauve.mrochek.com>
Date: Sat, 26 Oct 2013 07:48:59 -0700 (PDT)
In-reply-to: "Your message dated Mon, 21 Oct 2013 23:25:59 -0700" <076e01ceceef$93ad3230$bb079690$@huitema.net>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <52644423.1090800@cs.tcd.ie> <076e01ceceef$93ad3230$bb079690$@huitema.net>
To: Christian Huitema <huitema@huitema.net>
Cc: 'Ted Hardie' <ted.ietf@gmail.com>, perpass@ietf.org, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] Some personal thoughts on the impact of	pervasive	monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 15:17:11 -0000

> > Thanks for the draft. As you might guess from earlier discussion
> > on here, I think the more-than-MTI approach espoused is maybe the
> > right one, if we can figure out how to state the requirement well.
> > Have you any ideas on that, or on how we could get towards a
> > situation where that gained consensus?

> Networking standards are promoted by consensus and by network effects. In
> the absence of some forcing function, "fallback to clear text" gets promoted
> by network effects, because it is de facto forced by the sites that don't
> bother deploying the more secure options. The best way to break that is to
> provide "air cover" for security, e.g. a text in the protocol description
> RFC that says "nodes requiring a modicum of security SHOULD refuse to use
> clear text connections."  That would effectively turn the tables.

Exactly! The only thing I would add is that "cover" should include a
clear presentation of the tradeoffs and consequences.

Unfortunately this is surprisingly hard to do well. It's much easier to start
throwing MUSTs around.

This also is effectively what happened in the IMAP case: Large sites like gmail
and Apple only deployed imaps, with the result that a fully standards-compliant
client actually won't work with their service!

> Suppose for example that a large enough mail service starts to require TLS
> for SMTP connections. Many sites who are accustomed to send mail in clear
> text will initially protest when their mail gets bounced. But if the
> standard says that yes, they have all right to do that, then the big site
> has "air cover." "I am not breaking you, I am just following best practice."
> At this point, you will see more and more sites opting to turn on TLS, and
> pretty soon the network effects will work in favor of encryption.

This, OTOH, is a little trickier. You first have to distinguish between
SMTP SUBMIT and SMTP relay. I haven't surveyed the former extensively,
but the odds are good it's in roughtly the same situation as IMAP.

The latter is a problem due to the need for every client to work with every
server, as opposed to saying "use a client with these capabilities if you want
to use our service". It's a very different dynamic. Moreover, lots of people
have tried to shift to SSL/TLS in this space and it has not worked well at all.

But this doesn't mean there's no way to make the transition. One possibility is
an SMTP extension to require SSL/TLS on a per-message basis. (A draft has
already been written and is being discussed.) Another one, which I like a lot
better, is to opportunistic SSL/TLS use plus latching. Chris Newman is
working on a draft on that.

And this is actually a case where often-derided "bilateral agreement" idea in
X.400 could go a long way. The distribution of email usage is such that an
agreement to require SSL/TLS between the top-tier MSPs and ISPs would protect a
significant percentage of traffic. And think of the incentive that would
represent to other providers.

> Of course, to be practical, this requires that sites can easily get a
> certificate of some kind, PKI or DANE, to actually use TLS...

Require? Not necessarily - see above. But it would definitely improve the
situation if this stuff were easier to deploy.

				Ned

From lear@cisco.com  Sat Oct 26 09:32:38 2013
Return-Path: <lear@cisco.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C8F721F9ED4 for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 09:32:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.423
X-Spam-Level: 
X-Spam-Status: No, score=-110.423 tagged_above=-999 required=5 tests=[AWL=0.176, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uFOxpdMqJYdU for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 09:32:33 -0700 (PDT)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id D8C5121F9EA8 for <perpass@ietf.org>; Sat, 26 Oct 2013 09:32:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1387; q=dns/txt; s=iport; t=1382805152; x=1384014752; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=80zPvzbSQ9AWkslNFyX8FQp6l7XAT9xsDhZER3vhLZk=; b=d8Q12koTMiitBIEwR5TdkYwHN+Y53h8XDlsOcm4iQVa0TozNQGXO1MSy M07M1ZGGF2C+GGjQMlAagHkNfMZbhV1er3dyec+tHJxfEtk9pgvq6Hr5V Wrn26mrYRrqaSehULPfOgE7Koxf8G5PFE7jrlm7izyS8yXaKwZzg8PJZr A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgsFAKLta1KQ/khM/2dsb2JhbABZgweEH7swCoEgFnSCJQEBAQQjVhALGAICBSECAg8CRgYBDAEFAgEBiAOlU5IqgSmOLAeCaoFCA5gKkgeDKDo
X-IronPort-AV: E=Sophos;i="4.93,577,1378857600"; d="scan'208";a="87685214"
Received: from ams-core-3.cisco.com ([144.254.72.76]) by ams-iport-2.cisco.com with ESMTP; 26 Oct 2013 16:32:31 +0000
Received: from ams3-vpn-dhcp1125.cisco.com (ams3-vpn-dhcp1125.cisco.com [10.61.68.101]) by ams-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id r9QGWQBj008713 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 26 Oct 2013 16:32:28 GMT
Message-ID: <526BEE9A.10505@cisco.com>
Date: Sat, 26 Oct 2013 18:32:26 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: ned+perpass@mrochek.com, Christian Huitema <huitema@huitema.net>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>	<52644423.1090800@cs.tcd.ie>	<076e01ceceef$93ad3230$bb079690$@huitema.net> <01P016UZ4CJS00004R@mauve.mrochek.com>
In-Reply-To: <01P016UZ4CJS00004R@mauve.mrochek.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: 'Ted Hardie' <ted.ietf@gmail.com>, perpass@ietf.org, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] Some personal thoughts on the impact of	pervasive	monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 16:32:38 -0000

Hi Ned,

On 10/26/13 4:48 PM, ned+perpass@mrochek.com wrote:
>> Networking standards are promoted by consensus and by network effects. In
>> the absence of some forcing function, "fallback to clear text" gets promoted
>> by network effects, because it is de facto forced by the sites that don't
>> bother deploying the more secure options. The best way to break that is to
>> provide "air cover" for security, e.g. a text in the protocol description
>> RFC that says "nodes requiring a modicum of security SHOULD refuse to use
>> clear text connections."  That would effectively turn the tables.
> Exactly! The only thing I would add is that "cover" should include a
> clear presentation of the tradeoffs and consequences.
>
> Unfortunately this is surprisingly hard to do well. It's much easier to start
> throwing MUSTs around.
>
> This also is effectively what happened in the IMAP case: Large sites like gmail
> and Apple only deployed imaps, with the result that a fully standards-compliant
> client actually won't work with their service!

And maybe that's a good thing, by the way.  But my main point is that
the IAB is reviewing this exact topic at a workshop that will take place
in December on Internet Tecnology Adoption and Transition.  It's not the
first time it's been considered, mind you.  See RFC 5218 by Dave Thaler
and Bernard Aboba.

Eliot

From hallam@gmail.com  Sat Oct 26 10:31:04 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37A9421F9B0D for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 10:31:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.457
X-Spam-Level: 
X-Spam-Status: No, score=-2.457 tagged_above=-999 required=5 tests=[AWL=0.142,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HtqARzZIlUbB for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 10:31:03 -0700 (PDT)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id A1F5621E805F for <perpass@ietf.org>; Sat, 26 Oct 2013 10:31:01 -0700 (PDT)
Received: by mail-la0-f42.google.com with SMTP id ea20so4091068lab.1 for <perpass@ietf.org>; Sat, 26 Oct 2013 10:31:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=0ieHTs5ppGfD0KK7MVmxKt8UK2LiS78rXMbKdoHW44w=; b=SYB9SKiocV9rNYJzej06VlmxHmjZ2IWsV8n7HXL+F9uDpyl0W0RAgvqsqlFrZhCv+1 t2HEPWOaBrqM00DsUCmWiJszODujMU1VPQSkxvqAnQ3sYtCZK/CPpQ9Nk3BlCNj44NXd S81BWla2TkjI8GgUFo0fLeQqYJ3E9RwdJVLEjcmkI8vaKqXI3Xr2PS5bTZ2Ydj5zV+1L lK2RCMwI9Sg/0QMPg7IAEhvvg7ZnVT/c5Wcm3dCjaP2grdqhQ0hUH8b9z41OgqOAfd8t sqq+fxAMA+55ZTdl+G1Zr7o0LrAnimrTJIciazqqz33Mqzerb7Sm6LIeK9ry/152btqO 2ciA==
MIME-Version: 1.0
X-Received: by 10.112.159.166 with SMTP id xd6mr5878797lbb.22.1382808660351; Sat, 26 Oct 2013 10:31:00 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Sat, 26 Oct 2013 10:31:00 -0700 (PDT)
In-Reply-To: <526B8A36.2090707@appelbaum.net>
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com> <52683DDF.9030407@rolamasao.org> <20131023213555.GE94140@funkthat.com> <526841F3.4040505@rolamasao.org> <47EC7968-F4DD-42D9-BEAA-9435A010CECB@emc.com> <52696123.9000209@rolamasao.org> <alpine.LFD.2.10.1310251405160.17704@bofh.nohats.ca> <526B8A36.2090707@appelbaum.net>
Date: Sat, 26 Oct 2013 13:31:00 -0400
Message-ID: <CAMm+LwiA+eaZ4xRQ8Rn0gDBqgOeiHWAtUH0jqVob4G-db4nGhg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Jacob Appelbaum <jacob@appelbaum.net>
Content-Type: multipart/alternative; boundary=001a11c3db74fe225804e9a83ae0
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] OpenPGP Server-side Signed E-mail [Was: e-mail security idea: server2server PGP]
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 17:31:04 -0000

--001a11c3db74fe225804e9a83ae0
Content-Type: text/plain; charset=ISO-8859-1

I can't see much point in applying and removing PGP and/or S/MIME at the
start and end of the TLS tunnel. If you are worried about the encryption
strength then fix that. If you are worried about the downgrade attack then
hook a policy layer in.

Message layer security will always cover less than transport on an
individual hop because the message layer encryption can't cover the routing
data.


The advantage of going to message layer security is when the start and/or
end point might be different.

So for example, right now almost nobody is equipped to accept encrypted
email as conveniently as unencrypted. I can only receive encrypted email on
one machine. I don't enable all my machines because it is a hassle and the
keys expire etc.

Sending me a message TLS encrypted, I can only decrypt at the inbound mail
server. A PGP or S/MIME message could be decrypted at the inbound mail
server OR at the mail client depending on what gives the best balance of
performance / security / spam control / compliance and convenience.


The other advantage to using message layer security is that it is possible
to force use of encryption. So for example, let us imagine that I have an
outbound mail server that knows how to resolve key identifiers to public
keys using some protocol (Vcard, WebFinger, WKS, wev). I can poke the
outbound mail server to automatically encrypt messages if the email address
has a particular escape code in it. At the moment I am using a question
mark.


Let us imagine I want to send an email message to Jacob that I want to be
sent encrypted or not at all. I would use the address
?jacob@appelbaum.net which
tells my outbound mail server 'use whatever resolution services are
available to find a key and if a trustworthy key can be found use it to
send the message, otherwise report a delivery failure.


If I really want to be sure that the key is correct then I would explicitly
specify the key fingerprint:

228F-AD20-3DE9-AE7D-84E2-5265-CF9A-6F91-4193-A197?jacob@appelbaum.net


The nice thing about this approach is that I can use it with all my
unmodified mail accounts and mail clients. All that I do is to redirect the
outbound mail service through my trusted outbound mail gateway (which is on
127.0.0.1 on most of my machines). I could even send messages through my
Gmail account (but would have to use a non Webmail client to compose and
send).

Receiving mail requires me to either use a mail client with my S/MIME cert
loaded or an S/MIME viewer for WebMail.


At the moment this is a crazy hybrid of S/MIME and PGP approaches. But the
fact is that S/MIME has pervasive deployment while PGP has a userbase. Plug
ins are a hack for testing purposes only, any security scheme that depends
on typical users deploying a plug in is going to fail. It is painful enough
dealing with the vagaries of the platform and application update mechanisms
changing stuff on a daily basis without a layer of plug ins to cope with on
top.

--001a11c3db74fe225804e9a83ae0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I can&#39;t see much point in applying and removing PGP an=
d/or S/MIME at the start and end of the TLS tunnel. If you are worried abou=
t the encryption strength then fix that. If you are worried about the downg=
rade attack then hook a policy layer in.<div>
<br></div><div>Message layer security will always cover less than transport=
 on an individual hop because the message layer encryption can&#39;t cover =
the routing data.</div><div><br><div><br></div><div>The advantage of going =
to message layer security is when the start and/or end point might be diffe=
rent.</div>
</div><div><br></div><div>So for example, right now almost nobody is equipp=
ed to accept encrypted email as conveniently as unencrypted. I can only rec=
eive encrypted email on one machine. I don&#39;t enable all my machines bec=
ause it is a hassle and the keys expire etc.</div>
<div><br></div><div>Sending me a message TLS encrypted, I can only decrypt =
at the inbound mail server. A PGP or S/MIME message could be decrypted at t=
he inbound mail server OR at the mail client depending on what gives the be=
st balance of performance / security / spam control / compliance and conven=
ience.</div>
<div><br></div><div><br></div><div>The other advantage to using message lay=
er security is that it is possible to force use of encryption. So for examp=
le, let us imagine that I have an outbound mail server that knows how to re=
solve key identifiers to public keys using some protocol (Vcard, WebFinger,=
 WKS, wev). I can poke the outbound mail server to automatically encrypt me=
ssages if the email address has a particular escape code in it. At the mome=
nt I am using a question mark.</div>
<div><br></div><div><br></div><div>Let us imagine I want to send an email m=
essage to Jacob that I want to be sent encrypted or not at all. I would use=
 the address ?<span style=3D"color:rgb(119,119,119);font-family:&#39;normal=
 arial&#39;,sans-serif;font-size:11.818181991577148px">jacob</span><span st=
yle=3D"color:rgb(119,119,119);font-family:&#39;normal arial&#39;,sans-serif=
;font-size:11.818181991577148px">@<a href=3D"http://appelbaum.net">appelbau=
m.net</a></span>=A0which tells my outbound mail server &#39;use whatever re=
solution services are available to find a key and if a trustworthy key can =
be found use it to send the message, otherwise report a delivery failure.</=
div>
<div><br></div><div><br></div><div>If I really want to be sure that the key=
 is correct then I would explicitly specify the key fingerprint:</div><div>=
<pre style=3D"white-space:pre-wrap;color:rgb(0,0,0)">228F-AD20-3DE9-AE7D-84=
E2-5265-CF9A-6F91-4193-A197<span style=3D"font-family:arial;color:rgb(34,34=
,34)">?</span><span style=3D"color:rgb(119,119,119);font-family:&#39;normal=
 arial&#39;,sans-serif;font-size:11.818181991577148px">jacob</span><span st=
yle=3D"color:rgb(119,119,119);font-family:&#39;normal arial&#39;,sans-serif=
;font-size:11.818181991577148px">@<a href=3D"http://appelbaum.net">appelbau=
m.net</a></span></pre>
</div><div><br></div><div>The nice thing about this approach is that I can =
use it with all my unmodified mail accounts and mail clients. All that I do=
 is to redirect the outbound mail service through my trusted outbound mail =
gateway (which is on 127.0.0.1 on most of my machines). I could even send m=
essages through my Gmail account (but would have to use a non Webmail clien=
t to compose and send).</div>
<div><br></div><div>Receiving mail requires me to either use a mail client =
with my S/MIME cert loaded or an S/MIME viewer for WebMail.</div><div><br><=
/div><div><br></div><div>At the moment this is a crazy hybrid of S/MIME and=
 PGP approaches. But the fact is that S/MIME has pervasive deployment while=
 PGP has a userbase. Plug ins are a hack for testing purposes only, any sec=
urity scheme that depends on typical users deploying a plug in is going to =
fail. It is painful enough dealing with the vagaries of the platform and ap=
plication update mechanisms changing stuff on a daily basis without a layer=
 of plug ins to cope with on top.=A0</div>
<div><br></div><div><br></div></div>

--001a11c3db74fe225804e9a83ae0--

From paul@cypherpunks.ca  Sat Oct 26 11:38:03 2013
Return-Path: <paul@cypherpunks.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FE9911E81C9 for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 11:38:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.584
X-Spam-Level: 
X-Spam-Status: No, score=-2.584 tagged_above=-999 required=5 tests=[AWL=0.015,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3k3LAwMCu2+6 for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 11:37:57 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id CAA9311E81AF for <perpass@ietf.org>; Sat, 26 Oct 2013 11:37:52 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3d6WCK48cXz53h; Sat, 26 Oct 2013 14:37:49 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id L-6K0T4zRREN; Sat, 26 Oct 2013 14:37:48 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Sat, 26 Oct 2013 14:37:48 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id B2B55807CA; Sat, 26 Oct 2013 14:37:47 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id A2526800A9; Sat, 26 Oct 2013 14:37:47 -0400 (EDT)
Date: Sat, 26 Oct 2013 14:37:47 -0400 (EDT)
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: Phillip Hallam-Baker <hallam@gmail.com>
In-Reply-To: <CAMm+LwiA+eaZ4xRQ8Rn0gDBqgOeiHWAtUH0jqVob4G-db4nGhg@mail.gmail.com>
Message-ID: <alpine.LFD.2.10.1310261436140.13053@bofh.nohats.ca>
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com> <52683DDF.9030407@rolamasao.org> <20131023213555.GE94140@funkthat.com> <526841F3.4040505@rolamasao.org> <47EC7968-F4DD-42D9-BEAA-9435A010CECB@emc.com> <52696123.9000209@rolamasao.org> <alpine.LFD.2.10.1310251405160.17704@bofh.nohats.ca> <526B8A36.2090707@appelbaum.net> <CAMm+LwiA+eaZ4xRQ8Rn0gDBqgOeiHWAtUH0jqVob4G-db4nGhg@mail.gmail.com>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: perpass <perpass@ietf.org>, Jacob Appelbaum <jacob@appelbaum.net>
Subject: Re: [perpass] OpenPGP Server-side Signed E-mail [Was: e-mail security idea: server2server PGP]
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 18:38:03 -0000

On Sat, 26 Oct 2013, Phillip Hallam-Baker wrote:

> I can't see much point in applying and removing PGP and/or S/MIME at the start and end of the TLS tunnel.

Exactly. If you do that, you should encrypt it to the _recipients_
private key, not some random mailserver's private key.

which brings us back to draft-wouters-dane-openpgp-01

Paul


From datapacrat@gmail.com  Sat Oct 26 11:48:43 2013
Return-Path: <datapacrat@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B520021F9E89 for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 11:48:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.616
X-Spam-Level: 
X-Spam-Status: No, score=-2.616 tagged_above=-999 required=5 tests=[AWL=-0.016, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sbh6FTHe8nZ1 for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 11:48:43 -0700 (PDT)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) by ietfa.amsl.com (Postfix) with ESMTP id EF4CD21F9E96 for <perpass@ietf.org>; Sat, 26 Oct 2013 11:48:42 -0700 (PDT)
Received: by mail-wi0-f182.google.com with SMTP id ez12so2418063wid.3 for <perpass@ietf.org>; Sat, 26 Oct 2013 11:48:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=hW6G8xqVRq5pPPEeNjCUEDQMCjbTw+8Rfm6ZloviydY=; b=YCN5FlZdYEMPq2PT2zFiGkZhDDHCzTpOqWFW1QO4UgGUvEcawJ0Qb8eprAsviRvvxd lD0XP/v90SJR4dUL+/aXti2JQ4rEnO1W7zQA+IgIzlS/YqlLMdva6IeSGS7eoyURRhZ1 pexQ61wAF5eIebjOss4xC31muF+TOiN3Mgih/T8RovC4xBWTiNugg9drSPhW7F3XDVbJ AWY1Xv7/ry4TDhsjaccdFUnz/hZ6gzntb/O9SJ6BH/x/Y/r6uHQItX69WJ1+LkuoePGD c/7GJcQEYRy7/+4eJdY6/dhCQbmJjEx3e8Y6S+sGpoCeH0vSqkQLWViHguVhcXo6Rg+b w28g==
MIME-Version: 1.0
X-Received: by 10.180.93.166 with SMTP id cv6mr3079261wib.37.1382813322094; Sat, 26 Oct 2013 11:48:42 -0700 (PDT)
Received: by 10.194.165.170 with HTTP; Sat, 26 Oct 2013 11:48:42 -0700 (PDT)
Date: Sat, 26 Oct 2013 14:48:42 -0400
Message-ID: <CAB5WduBixWndDQFfSnUYxKS-DjnmNq+FhtJpU8mekWuaoyCy5g@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: perpass <perpass@ietf.org>, Jacob Appelbaum <jacob@appelbaum.net>
Subject: Re: [perpass] Multiple key sources (was: OpenPGP Server-side Signed E-mail)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 18:48:43 -0000

On Sat, Oct 26, 2013 at 1:31 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote:

> The other advantage to using message layer security is that it is possible
> to force use of encryption. So for example, let us imagine that I have an
> outbound mail server that knows how to resolve key identifiers to public
> keys using some protocol (Vcard, WebFinger, WKS, wev). I can poke the
> outbound mail server to automatically encrypt messages if the email address
> has a particular escape code in it. At the moment I am using a question
> mark.

Would it be worthwhile to try to include as many ways of turning
identifiers into keys as possible, to compare and contrast, to make it
as difficult as feasible for any particular MITM to subvert all of
them? Or should the server simply go through a list of possible key
sources until it finds one; or should a particular form of key
retrieval be set as the only method?



Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."

From hallam@gmail.com  Sat Oct 26 13:32:11 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97B4911E8176 for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 13:32:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.46
X-Spam-Level: 
X-Spam-Status: No, score=-2.46 tagged_above=-999 required=5 tests=[AWL=0.139,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vWx--DbPvHpJ for <perpass@ietfa.amsl.com>; Sat, 26 Oct 2013 13:32:10 -0700 (PDT)
Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id A77B411E81E8 for <perpass@ietf.org>; Sat, 26 Oct 2013 13:32:07 -0700 (PDT)
Received: by mail-la0-f47.google.com with SMTP id ep20so4057659lab.20 for <perpass@ietf.org>; Sat, 26 Oct 2013 13:32:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=iZ3ZdedbfwVYX6O2HW2JBQBH8k6kfJudorOHNwXLTGA=; b=W67coU/itPAjMJ1hsursTuSyaSYnpeJFdADxmvySJpruHlLQM0F5JX1FOnl1Tnel+f PcpNweMLewJlHEA/TV7WgOvalxwVbIgeuKBa7FE/SnQOH3CAL4KOglfRrIFiW0YFKjZz 3eBB41D7JNggv+lZ8kqFrri6l5rUmWhDrjuBZwa+ntFYoaqz2wWiPr1NJZo0QF3v/+qJ 29SsV0IkZeaHpPqjy19cVunP7JiISYGKNzW1O782kqoSsivjaHHQsakkS+xGpajpc4Vm 1F9pJaMzS3YXmNYTzmUmAK9p02nsPrylp8pvl6EoYDQoN6QX4rTiUy9UET+hk5qg7o5v 912A==
MIME-Version: 1.0
X-Received: by 10.152.88.20 with SMTP id bc20mr767200lab.37.1382819526228; Sat, 26 Oct 2013 13:32:06 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Sat, 26 Oct 2013 13:32:06 -0700 (PDT)
In-Reply-To: <alpine.LFD.2.10.1310261436140.13053@bofh.nohats.ca>
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com> <52683DDF.9030407@rolamasao.org> <20131023213555.GE94140@funkthat.com> <526841F3.4040505@rolamasao.org> <47EC7968-F4DD-42D9-BEAA-9435A010CECB@emc.com> <52696123.9000209@rolamasao.org> <alpine.LFD.2.10.1310251405160.17704@bofh.nohats.ca> <526B8A36.2090707@appelbaum.net> <CAMm+LwiA+eaZ4xRQ8Rn0gDBqgOeiHWAtUH0jqVob4G-db4nGhg@mail.gmail.com> <alpine.LFD.2.10.1310261436140.13053@bofh.nohats.ca>
Date: Sat, 26 Oct 2013 16:32:06 -0400
Message-ID: <CAMm+Lwg1taJcOaPtT_VQT924LF0EnCW=Fy3gaXo8YwVqEF+zog@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Paul Wouters <paul@cypherpunks.ca>
Content-Type: multipart/alternative; boundary=001a11c32e88a6407704e9aac2ca
Cc: perpass <perpass@ietf.org>, Jacob Appelbaum <jacob@appelbaum.net>
Subject: Re: [perpass] OpenPGP Server-side Signed E-mail [Was: e-mail security idea: server2server PGP]
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 20:32:11 -0000

--001a11c32e88a6407704e9aac2ca
Content-Type: text/plain; charset=ISO-8859-1

On Sat, Oct 26, 2013 at 2:37 PM, Paul Wouters <paul@cypherpunks.ca> wrote:

> On Sat, 26 Oct 2013, Phillip Hallam-Baker wrote:
>
>  I can't see much point in applying and removing PGP and/or S/MIME at the
>> start and end of the TLS tunnel.
>>
>
> Exactly. If you do that, you should encrypt it to the _recipients_
> private key, not some random mailserver's private key.
>
> which brings us back to draft-wouters-dane-openpgp-01


I don't see much point in trying to couple DANE to PGP.

I don't care about sending mail to  cypherpunks.ca <paul@cypherpunks.ca>, I
care about sending it to Paul Wouters.

Except in very rare instances where an individual controls the domain or if
I am sending to an enterprise, the domain is going to be pretty much
irrelevant to authenticating the key.


Locking down the mailserver key with DANE makes prefect sense. In fact that
is the only reason I can see to do DNSSEC right now.



-- 
Website: http://hallambaker.com/

--001a11c32e88a6407704e9aac2ca
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Sat, Oct 26, 2013 at 2:37 PM, Paul Wouters <span dir=3D"ltr">&lt=
;<a href=3D"mailto:paul@cypherpunks.ca" target=3D"_blank">paul@cypherpunks.=
ca</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div class=3D"im">On Sat, 26 Oct 2013, Phillip Hallam-Bake=
r wrote:<br>

<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">
I can&#39;t see much point in applying and removing PGP and/or S/MIME at th=
e start and end of the TLS tunnel.<br>
</blockquote>
<br></div>
Exactly. If you do that, you should encrypt it to the _recipients_<br>
private key, not some random mailserver&#39;s private key.<br>
<br>
which brings us back to draft-wouters-dane-openpgp-01</blockquote><div><br>=
</div><div>I don&#39;t see much point in trying to couple DANE to PGP.</div=
><div><br></div><div>I don&#39;t care about sending mail to =A0<a href=3D"m=
ailto:paul@cypherpunks.ca" target=3D"_blank">cypherpunks.ca</a>, I care abo=
ut sending it to Paul Wouters.</div>
<div><br></div><div>Except in very rare instances where an individual contr=
ols the domain or if I am sending to an enterprise, the domain is going to =
be pretty much irrelevant to authenticating the key.=A0</div><div><br></div=
>
</div><div><br></div><div>Locking down the mailserver key with DANE makes p=
refect sense. In fact that is the only reason I can see to do DNSSEC right =
now.=A0</div><div><br></div><div><br></div><div><br></div>-- <br>Website: <=
a href=3D"http://hallambaker.com/">http://hallambaker.com/</a><br>

</div></div>

--001a11c32e88a6407704e9aac2ca--

From avri@acm.org  Sun Oct 27 07:43:28 2013
Return-Path: <avri@acm.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3BE911E8192 for <perpass@ietfa.amsl.com>; Sun, 27 Oct 2013 07:43:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -108.783
X-Spam-Level: 
X-Spam-Status: No, score=-108.783 tagged_above=-999 required=5 tests=[AWL=-1.505, BAYES_00=-2.599, HOST_MISMATCH_COM=0.311, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_DNSWL_HI=-8, SARE_TOWRITE=1.05, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yY5rRP4+lbwe for <perpass@ietfa.amsl.com>; Sun, 27 Oct 2013 07:43:24 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id A7F3C11E8240 for <perpass@ietf.org>; Sun, 27 Oct 2013 07:43:23 -0700 (PDT)
Received: from psg.com ([147.28.0.62] helo=[127.0.0.1]) by psg.com with esmtp (Exim 4.80.1 (FreeBSD)) (envelope-from <avri@acm.org>) id 1VaRYp-000GDb-1a for perpass@ietf.org; Sun, 27 Oct 2013 14:43:23 +0000
From: Avri Doria <avri@acm.org>
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: multipart/signed; boundary="Apple-Mail=_852D2130-8FB8-4417-88A6-404F256B3BEE"; protocol="application/pgp-signature"; micalg=pgp-sha1
Date: Sun, 27 Oct 2013 10:43:23 -0400
In-Reply-To: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
To: perpass <perpass@ietf.org>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com>
Message-Id: <17C712DB-0422-4884-9020-501B9A5E05E6@acm.org>
X-Mailer: Apple Mail (2.1283)
Subject: Re: [perpass] Some personal thoughts on the impact of pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Oct 2013 14:43:28 -0000

--Apple-Mail=_852D2130-8FB8-4417-88A6-404F256B3BEE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1

Hi

>  "Can a gay kid in Uganda use this safely?"

(though Uganda can be substituted by many other place names.)

I can think of few better touchstones.  I have been working with some =
people in Uganda and elswhere and I think you hit the nail on the head.

There is a real problem with any privacy measure that singles out =
someone as using it in a country where they can bust down your door just =
because you made them curious.

avri


On 19 Oct 2013, at 21:21, Ted Hardie wrote:

> Like most folks involved in this list, I have a personal response to =
the current situation and some thoughts on how it will impact my or our =
work in the future.  Since I expect we will pretty short of mic time in =
Vancouver for thoughts like these, I decided to write them out.
>=20
> http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00
>=20
> is the result.  It's quite short but a quick summary is this:
>=20
> Pervasive monitoring induces self-censoring which harms the Internet =
and its users.  At the scale of the modern Internet, that means it harms =
humanity.
>=20
> We can and should change our approach to Internet engineering and =
system design to deal with this.  There will be costs for that, but we =
should pay them.
>=20
> It helps me, personally, to focus on a single user when asking whether =
a system or protocol is appropriate in the current environment.  The =
draft lays out why.
>=20
> regards,
>=20
> Ted Hardie
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass


--Apple-Mail=_852D2130-8FB8-4417-88A6-404F256B3BEE
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJSbSaMAAoJEOo+L8tCe36HnqIIALT28+U+ABrS+NvxLE6wYvzw
UiZdAePjhrIr2Jv28InCYu90LCD1ekqGnSQXmMNCz/DDRYQqu6L7Xjnh+UBBKqFr
AFLf50WprtpAoAEVwQmzMfcuWVBFqfRnQuX2d6eYKNivSzeEYvVuDYQ7biB5X7Ra
GaW3AL73cbQ7HS1ELuEXblMCdEMP+6y0OfRX41yCw/32mtCTlTmjO1Ay3VvHbThl
Zyo8r/T5VysYnTrGurKMi0DBE26AwcFgL4+VVwlCBbAlm3rZ6Xgqt6GFHNCFiEP9
Ru3ycZAQZrCDAWxGYZfXmGtAaZCPwKFK/vc+epKwEoLCi6YwLI/i0wOgTVjr1u0=
=eiDP
-----END PGP SIGNATURE-----

--Apple-Mail=_852D2130-8FB8-4417-88A6-404F256B3BEE--

From tobias.gondrom@gondrom.org  Sun Oct 27 13:47:52 2013
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9722B11E82B3 for <perpass@ietfa.amsl.com>; Sun, 27 Oct 2013 13:47:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -94.444
X-Spam-Level: 
X-Spam-Status: No, score=-94.444 tagged_above=-999 required=5 tests=[AWL=-0.571, BAYES_05=-1.11, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tjn9-Tr6mqJd for <perpass@ietfa.amsl.com>; Sun, 27 Oct 2013 13:47:44 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id D4DDE11E8178 for <perpass@ietf.org>; Sun, 27 Oct 2013 13:47:42 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1;  q=dns; c=nofws; s=default; d=gondrom.org; b=WIfEYVzHHRwJUDECNP/JwL2eY/W9tkWd06rqmPPyCRt8KyGzSj0ZH/lkYuVBvbEyvX1qgE6WPzlc5jDqjPn0aRNg2Kz2BpB8tjYA9os5Om+8lRlFNLD/R8Ak4Zh/gK5S; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding;
Received: (qmail 24202 invoked from network); 27 Oct 2013 21:47:16 +0100
Received: from 188-222-103-191.zone13.bethere.co.uk (HELO ?192.168.1.100?) (188.222.103.191) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 27 Oct 2013 21:47:14 +0100
Message-ID: <526D7BD2.7070908@gondrom.org>
Date: Sun, 27 Oct 2013 20:47:14 +0000
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: perpass@ietf.org
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Oct 2013 20:47:52 -0000

First, I like Mike's idea in principle.

I still see one interesting problem with this (and have no idea how to
solve it):
The widespread use case of zero-footprint clients, aka webmail:
if you have no client / your client is a browser window for webmail, you
have to upload your private key to the server (and must store it there).
I.e. you would upload your private key to Google and other mail
providers. And a part of PRISM was/is to deploy direct access points on
these servers in the first place. With the access to all webmail servers
and through this to all private keys there, PRISM would at the same time
also retain full access to emails received on full-clients. So while
this might help us against spam, we might in the end not be much better
off against pervasive state-driven surveillance. Or am I missing something?

Best regards, Tobias




Re: [perpass] A proposal for developing PRISM-Proof email (default deny)


> That is handled by the underlying program you are using to encrypt
> your mail, and so has nothng to do with this proposal directly - it's
> implementation dependent. Out of scope.

I agree that this problem is out of scope, but it is very important
nonetheless. Every time someone hits upon a bright idea to make encrypted
communication easier to use they run up against the problem of improving key
management.

[RS> ]  +1  Thank you for pointing that out.  It's the one of the core
problems usabiligy and implementation. "We have met the enemy and it is us."




These schemes, however, only work if the user has access everywhere to their
list of trusted keys. Essentially, the authenticity problem gets transformed
into an availability problem, and the availability problem is perhaps even
harder.

Three different free software projects try to securely tackle the
availability problem and could form the basis for an agnostic protocol for
portable and secure data sync:

(1) Firefox Sync https://www.mozilla.org/en-US/mobile/sync/
(2) SpiderOak's Crypton https://crypton.io/
(3) LEAP's Soledad https://leap.se/en/soledad

All of these are overkill for the narrow problem of key management.
Instead, they try to tackle the general question of secure data
synchronization and backup. I think this is probably the proper approach.

Our hope with the next version of Soledad is to add federation, so that two
or more users on different providers could share a synchronized, searchable,
client encrypted database. This could be useful for all kinds of things.

-elijah
_______________________________________________
perpass mailing list
perpass at ietf.org
https://www.ietf.org/mailman/listinfo/perpass



From derhoermi@gmx.net  Sun Oct 27 17:16:06 2013
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41FB011E82DF for <perpass@ietfa.amsl.com>; Sun, 27 Oct 2013 17:16:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.114
X-Spam-Level: 
X-Spam-Status: No, score=-1.114 tagged_above=-999 required=5 tests=[AWL=-1.115, BAYES_50=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PnJHCbdxpGHY for <perpass@ietfa.amsl.com>; Sun, 27 Oct 2013 17:16:01 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id 3C7BE11E82E1 for <perpass@ietf.org>; Sun, 27 Oct 2013 17:16:01 -0700 (PDT)
Received: from netb.Speedport_W_700V ([91.35.61.172]) by mail.gmx.com (mrgmx101) with ESMTPA (Nemesis) id 0LoaCE-1WCPLi3wS2-00gXsv for <perpass@ietf.org>; Mon, 28 Oct 2013 01:15:57 +0100
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Tobias Gondrom <tobias.gondrom@gondrom.org>
Date: Mon, 28 Oct 2013 01:15:56 +0100
Message-ID: <38ar69tvk7rf8c5iomubv47lobbhn0d413@hive.bjoern.hoehrmann.de>
References: <526D7BD2.7070908@gondrom.org>
In-Reply-To: <526D7BD2.7070908@gondrom.org>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:TXvxfPol5MDaSx/aFTouumbaNabaA75HnTNP/lTCYUlTI+aBktq DtgCsnjYvrz7Z884pobeQK1VhC4Ch9UeFHccYROHTJl+ncaQIsJQef/A7iCID+dwDllI8lE G7hsHPLlLuukOd0tKMGIZavvqhGOwIqOnowFwrWei5q/I10TXCuJ/hBduT5FZRxPeijJBPP OT0An7fSH/J+AvEjlhGmA==
Cc: perpass@ietf.org
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 00:16:07 -0000

* Tobias Gondrom wrote:
>The widespread use case of zero-footprint clients, aka webmail:
>if you have no client / your client is a browser window for webmail, you
>have to upload your private key to the server (and must store it there).
>I.e. you would upload your private key to Google and other mail
>providers. And a part of PRISM was/is to deploy direct access points on
>these servers in the first place. With the access to all webmail servers
>and through this to all private keys there, PRISM would at the same time
>also retain full access to emails received on full-clients. So while
>this might help us against spam, we might in the end not be much better
>off against pervasive state-driven surveillance. Or am I missing something?

It is of course possible to keep the keys on the client and it would
also be possible to develop new web browser features to keep certain
data unknowable to the site you are visiting, with some limitations. 

Acme Inc would of course still take your keys to help you synchronise
them across devices, or as backup, or to use them as another factor
in new multi-factor authentication schemes, or simply because they've
been ordered to do so. Perhaps through the DRM system where it would
be hard to notice, or the surveillance software that ostensibly makes
sure we are unable to cheat in browser games (that's coming, right?)
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

From stpeter@stpeter.im  Sun Oct 27 20:32:13 2013
Return-Path: <stpeter@stpeter.im>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B639C11E830E for <perpass@ietfa.amsl.com>; Sun, 27 Oct 2013 20:32:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.263
X-Spam-Level: 
X-Spam-Status: No, score=-102.263 tagged_above=-999 required=5 tests=[AWL=0.336, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x2AkJ0sHJYze for <perpass@ietfa.amsl.com>; Sun, 27 Oct 2013 20:32:09 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 0734F11E830D for <perpass@ietf.org>; Sun, 27 Oct 2013 20:32:04 -0700 (PDT)
Received: from [192.168.1.5] (unknown [71.237.13.154]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 6B45A4010C; Sun, 27 Oct 2013 21:31:59 -0600 (MDT)
Message-ID: <526DDAAE.5060405@stpeter.im>
Date: Sun, 27 Oct 2013 21:31:58 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: perpass@ietf.org
References: <526DD89C.1040909@stpeter.im>
In-Reply-To: <526DD89C.1040909@stpeter.im>
X-Enigmail-Version: 1.6
X-Forwarded-Message-Id: <526DD89C.1040909@stpeter.im>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [perpass] Fwd: [jdev] TLS Everywhere
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 03:32:13 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just FYI...


- -------- Original Message --------
Subject: [jdev] TLS Everywhere
Date: Sun, 27 Oct 2013 21:23:08 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
Reply-To: Jabber/XMPP software development list <jdev@jabber.org>
To: jdev@jabber.org

Almost 15 years have passed since my friend Jeremie Miller released
the initial version of the jabberd IM server, launching the Jabber
open-source community and the technology we know today as XMPP. Yet,
all that time, hop-by-hop encryption using SSL/TLS has been optional
on the XMPP network. A number of server operators and software
developers in the XMPP community have decided that needs to change for
the better. Based on discussions at the XMPP Summit last week in
Portland, Oregon, I have drafted a plan for upgrading the XMPP network
to always-on, mandatory, ubiquitous encryption. You can find it here:

https://github.com/stpeter/manifesto

In short: we owe it to those who use XMPP technologies to improve the
security of the network (and thanks to Thijs Alkemade, we now have
better ways to test such security, using the newly-launched "IM
Observatory" at xmpp.net). Although we know that channel encryption is
not the complete answer, it's the right thing to do because it will
help to protect people's communications from prying eyes.

If you or your organization develop XMPP-compatible software or run a
service that's connected to the XMPP network, I encourage you to sign
the statement by following the instructions in the README at the URL
shown above.

Thanks!

Peter
_______________________________________________
JDev mailing list
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe@jabber.org
_______________________________________________


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSbdquAAoJEOoGpJErxa2pQIoP/0rVJta9ImRbDD2QIlgsFg8G
mY7l6beel/z24DtpXeK8vN6nrUMrhiYuh0K/ZLCuD36gmFV1LW9b8x08FXMIvmoC
u3DzBimbd7EiL0GQzoTaIxVHOox/9OszgA2T8YzQT48ldl75DhYKTAAiRG0lbwSc
VJuN3/aUbTDD2fzX2VEe4y3HTy8oSCWwuFSM/v/KqY5ltWKZ/H77AZUT/Iz8Rqhp
frkS4Jr9iJHZZfB/KtOmPHtarW/mYvUxiaPuHzy/6+l1pdEhwcddmFfM8Rim6usw
0TPnnNAACzTWxsJ1bykxgx84nbNCjqtmapkbEilkCMifSuN2v2IWAq0UExt3FPJl
ZLMyWOMXNK8KUUv2f428i/JnTmH9DAVTxzwgPA1SNqHk7OILB5ukQaWjWTHOUwvM
nJ6GUqJud0p5LjNCAqa7JR1UyVrCaaGsuvofPSAaGoOgwSp2F52oRtQlq/xnA5O3
LGzQp0Kxnd82u3Vm3JNleWl4awoQn9CpXXLzXOcR9FC7j2PlVra7uX1z7cURpkxB
rKSS/P25pbwB2TIEDANeZKC6YcHjjs3YtbWFnbsLVpiqBA5HoluO4sTdH8K7sbBs
NZUpA06Ed6gpntpgH/OOgNyqQg8CD4lkbzTJKAdnCRGvI/Rgm/9HAIP5tN1F4Vwm
FV9a/6gWxT+ynCAdEs3R
=GDN3
-----END PGP SIGNATURE-----

From ned+perpass@mrochek.com  Sun Oct 27 22:53:47 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8C2411E8100 for <perpass@ietfa.amsl.com>; Sun, 27 Oct 2013 22:53:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.163
X-Spam-Level: 
X-Spam-Status: No, score=-2.163 tagged_above=-999 required=5 tests=[AWL=0.436,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xr678xapnf-Q for <perpass@ietfa.amsl.com>; Sun, 27 Oct 2013 22:53:42 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id BC60F11E812B for <perpass@ietf.org>; Sun, 27 Oct 2013 22:53:38 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P03FRC576O007GRJ@mauve.mrochek.com> for perpass@ietf.org; Sun, 27 Oct 2013 22:48:38 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZQXEDTQ3400004R@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Sun, 27 Oct 2013 22:48:32 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01P03FR9LR6A00004R@mauve.mrochek.com>
Date: Sun, 27 Oct 2013 22:42:25 -0700 (PDT)
In-reply-to: "Your message dated Sat, 26 Oct 2013 05:13:04 -0700" <20131026121304.GS94140@funkthat.com>
References: <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com> <52683DDF.9030407@rolamasao.org> <20131023213555.GE94140@funkthat.com> <526841F3.4040505@rolamasao.org> <47EC7968-F4DD-42D9-BEAA-9435A010CECB@emc.com> <52696123.9000209@rolamasao.org> <alpine.LFD.2.10.1310251405160.17704@bofh.nohats.ca> <526B8A36.2090707@appelbaum.net> <20131026121304.GS94140@funkthat.com>
To: John-Mark Gurney <jmg@funkthat.com>
Cc: perpass@ietf.org, Jacob Appelbaum <jacob@appelbaum.net>
Subject: Re: [perpass] OpenPGP Server-side Signed E-mail [Was: e-mail	security idea: server2server PGP]
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 05:53:48 -0000

> Jacob Appelbaum wrote this message on Sat, Oct 26, 2013 at 09:24 +0000:
> > Paul Wouters:
> > > On Thu, 24 Oct 2013, Noel Torres wrote:
> > >
> > >> The promised rough draft:
> > >
> > >> Initial Draft about OpenPGP Server-side Signed E-mail (OPSS e-mail)
> > >
> > > I don't understand how this adds anything to STARTTLS with TLSA/DNSSEC,
> > > apart from being able to get a remote server key from a HKP server,
> > > which in itself is completely untrusted without web-of-trust
> > > verification by a human.
> > >
> > > In fact, TLS with DHE would be more secure agaisnt a pervasive monitor
> > > that obtains access to a mailserver's private openpgp key.
> > >
> > > What would doing openpgp encryption within TLS add security wise?
> > >
> >
> > Defense in depth. If the StartTLS server uses RC4, for example, I'd want
> > a different layer for actual protection.

> If the admin spent the time to configure OPSS, why not configure TLS
> properly in the first place?

To be fair, that's a bit of a problem right now. The issue is you don't  really
want to flat-out disable RC4 ciphersuites because there may be some clients
that don't have anything else, and RC4 is better than nothing.

But at the same time you don't want to use an RC4 ciphersuite unless there's no
alternative - and there usually is. The problem here is that specifying a
preference order for ciphersuite use is a problem with some implementation
currently. As I noted previously, you want to prefer something with DHE when
possible and AES to RC4.

That said, in terms of standardization, I think the priority should be to
get the SSL/TLS stuff done. And then folks can start beating up on the
implementors to get a better grade of SSL/TLS in place.

				Ned

From huitema@huitema.net  Sun Oct 27 23:37:57 2013
Return-Path: <huitema@huitema.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A6A021E8099 for <perpass@ietfa.amsl.com>; Sun, 27 Oct 2013 23:37:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.989
X-Spam-Level: 
X-Spam-Status: No, score=-0.989 tagged_above=-999 required=5 tests=[AWL=-0.990, BAYES_50=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fXrL02BZa08a for <perpass@ietfa.amsl.com>; Sun, 27 Oct 2013 23:37:44 -0700 (PDT)
Received: from xsmtp03.mail2web.com (xsmtp23.mail2web.com [168.144.250.186]) by ietfa.amsl.com (Postfix) with ESMTP id 82E9A11E8105 for <perpass@ietf.org>; Sun, 27 Oct 2013 23:37:44 -0700 (PDT)
Received: from [10.5.2.52] (helo=xmail12.myhosting.com) by xsmtp03.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1VagSM-0000ZF-RJ for perpass@ietf.org; Mon, 28 Oct 2013 02:37:43 -0400
Received: (qmail 3722 invoked from network); 28 Oct 2013 06:37:42 -0000
Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail12.myhosting.com (qmail-ldap-1.03) with ESMTPA for <perpass@ietf.org>; 28 Oct 2013 06:37:41 -0000
From: "Christian Huitema" <huitema@huitema.net>
To: "'perpass'" <perpass@ietf.org>
Date: Sun, 27 Oct 2013 23:37:39 -0700
Message-ID: <0d7401ced3a8$3307d1c0$99177540$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Content-Language: en-us
Thread-Index: Ac7Tp1e1yG8ZykcnRESkFoJbbKnubA==
Subject: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 06:37:57 -0000

A few weeks ago, we had a brief exchange on this list about traffic
analysis, specifically the collection and analysis of IP packet headers. I
wanted to write a draft describing the issue and proposing solutions, but
the day job interfered and I was delayed. With that, I missed the cutoff
date by many days. But the good news is that I finally wrote a first cut of
this draft, and put it on a personal web server:



              Passive Traffic Analysis Threats and Defense
                draft-huitema-perpass-analthreat-00.txt

Abstract

   Traffic analysis is used by various entities to derive "meta data"
   about Internet communications, such as who communicates with whom or
   what, and when.  We analyze how meta-data can be extracted by
   monitoring IP headers, DNS traffic, and clear-text headers of
   commonly used protocols.  We then propose a series of actions that
   would make traffic analysis more difficult.

Available for now at:
http://huitema.net/papers/draft-huitema-perpass-analthreat-00.txt

I am sure that this draft could be much improved with feedback from this
list!

-- Christian Huitema



 


From mdietf@demmers.org  Mon Oct 28 02:51:28 2013
Return-Path: <mdietf@demmers.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8890311E8125 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 02:51:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.256
X-Spam-Level: 
X-Spam-Status: No, score=-1.256 tagged_above=-999 required=5 tests=[AWL=0.421,  BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rAK4xfqbxvzR for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 02:51:19 -0700 (PDT)
Received: from remote.demmers.org (mdemmers.virt.spiritone.com [216.99.193.151]) by ietfa.amsl.com (Postfix) with ESMTP id 90FBB11E8166 for <perpass@ietf.org>; Mon, 28 Oct 2013 02:51:05 -0700 (PDT)
Received: from cicero.demmers.org ([50.45.173.24]) by remote.demmers.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id r9S9owCR009755; Mon, 28 Oct 2013 02:50:59 -0700
Date: Mon, 28 Oct 2013 02:50:55 -0700
From: Mike Demmers <mdietf@demmers.org>
To: perpass@ietf.org
Message-ID: <20131028025055.5008a197@cicero.demmers.org>
In-Reply-To: <526D7BD2.7070908@gondrom.org>
References: <526D7BD2.7070908@gondrom.org>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] A proposal for developing PRISM-Proof email (default deny)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 09:51:28 -0000

On Sun, 27 Oct 2013 20:47:14 +0000
Tobias Gondrom <tobias.gondrom@gondrom.org> wrote:

The draft I am working on does not really cover this. It is very specifically about making encrypted email practical in a general sense concerning solving the 'encrypted email cannot be spam filtered' and similar problems, regardless of the underlying methods.

The webmail problem may not be such a big problem, I am not sure about this but my impression, despite the high webmail use for these large services, is that very large numbers of emails, perhaps the majority, are still not from webmail. That many or most people may have a webmail account, but it is not their _only_ account, they still typically have mail service through their isp using a more traditional MUA - and that is likely what would be used for emails where privacy is desired. I'd like to see the real numbers on this ratio. 

Even when webmail is used, however, the browser is running on your own computer. So it seems likely to me that something like a browser plugin could encode/decode the body of your emails in the browser input area or viewing area before it is sent or after it is received. The keys could then still be on the local machine. And the remote service (and associated spy agency) would see only an encrypted email body.

-Mike


> First, I like Mike's idea in principle.
> 
> I still see one interesting problem with this (and have no idea how to
> solve it):
> The widespread use case of zero-footprint clients, aka webmail:
> if you have no client / your client is a browser window for webmail, you
> have to upload your private key to the server (and must store it there).
> I.e. you would upload your private key to Google and other mail
> providers. And a part of PRISM was/is to deploy direct access points on
> these servers in the first place. With the access to all webmail servers
> and through this to all private keys there, PRISM would at the same time
> also retain full access to emails received on full-clients. So while
> this might help us against spam, we might in the end not be much better
> off against pervasive state-driven surveillance. Or am I missing something?
> 
> Best regards, Tobias


From stephen.farrell@cs.tcd.ie  Mon Oct 28 08:58:31 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E08E11E8160 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 08:58:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.449
X-Spam-Level: 
X-Spam-Status: No, score=-102.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qhb21H6n5Fky for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 08:58:27 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id D2A9121E80A7 for <perpass@ietf.org>; Mon, 28 Oct 2013 08:58:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 0E213BEDF; Mon, 28 Oct 2013 15:58:17 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UjrnRwfpqurf; Mon, 28 Oct 2013 15:58:14 +0000 (GMT)
Received: from [10.87.48.9] (unknown [86.42.16.82]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C0329BEDC; Mon, 28 Oct 2013 15:58:14 +0000 (GMT)
Message-ID: <526E8996.4010706@cs.tcd.ie>
Date: Mon, 28 Oct 2013 15:58:14 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Peter Saint-Andre <stpeter@stpeter.im>, perpass@ietf.org
References: <526DD89C.1040909@stpeter.im> <526DDAAE.5060405@stpeter.im>
In-Reply-To: <526DDAAE.5060405@stpeter.im>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Fwd: [jdev] TLS Everywhere
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 15:58:31 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 10/28/2013 03:31 AM, Peter Saint-Andre wrote:
> Just FYI...

Good stuff. I wonder if there are other communities that could
make similar plans? Be good if so. Or if some already have be
great to hear about 'em.

Why May 19 2014? (Just curious.)

S.

> 
> 
> -------- Original Message -------- Subject: [jdev] TLS Everywhere 
> Date: Sun, 27 Oct 2013 21:23:08 -0600 From: Peter Saint-Andre
> <stpeter@stpeter.im> Reply-To: Jabber/XMPP software development
> list <jdev@jabber.org> To: jdev@jabber.org
> 
> Almost 15 years have passed since my friend Jeremie Miller
> released the initial version of the jabberd IM server, launching
> the Jabber open-source community and the technology we know today
> as XMPP. Yet, all that time, hop-by-hop encryption using SSL/TLS
> has been optional on the XMPP network. A number of server operators
> and software developers in the XMPP community have decided that
> needs to change for the better. Based on discussions at the XMPP
> Summit last week in Portland, Oregon, I have drafted a plan for
> upgrading the XMPP network to always-on, mandatory, ubiquitous
> encryption. You can find it here:
> 
> https://github.com/stpeter/manifesto
> 
> In short: we owe it to those who use XMPP technologies to improve
> the security of the network (and thanks to Thijs Alkemade, we now
> have better ways to test such security, using the newly-launched
> "IM Observatory" at xmpp.net). Although we know that channel
> encryption is not the complete answer, it's the right thing to do
> because it will help to protect people's communications from prying
> eyes.
> 
> If you or your organization develop XMPP-compatible software or run
> a service that's connected to the XMPP network, I encourage you to
> sign the statement by following the instructions in the README at
> the URL shown above.
> 
> Thanks!
> 
> Peter _______________________________________________ JDev mailing
> list Info: http://mail.jabber.org/mailman/listinfo/jdev 
> Unsubscribe: JDev-unsubscribe@jabber.org 
> _______________________________________________
> 
> 
> _______________________________________________ perpass mailing
> list perpass@ietf.org 
> https://www.ietf.org/mailman/listinfo/perpass
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBAgAGBQJSbomOAAoJEC88hzaAX42im78H/RXf7XyQ/cEVNHVhGPZXLc1l
0G5hlD6CbyDEsnJTo2mt5ob+v1jb/gWtBMytJqKkQgW7KMwiYBXPJh5orZiHog2O
JSRztsBSYhUfYX9qwIJuUZdUCAA8xaEheKsRYRe1YBD/zMbXxzvcGy9gqFks727e
SH5kfVj+Bry/02pcqC/CVJZr0Qr7JNAg3uKL7BNu8BdpUn0x/7QLEjjhhvKOiMQL
KU4s1rLeJHudqG3YnJ5TvrTJLMSTaJJug6Gj6W5bCzoiqyEz6kwWws8nILSYMV/V
kV24mezZ5W8uU/GTlDMOI4mCmqawlY1bz/2tWD1yctufYJJVllGEv1BV11BgNb4=
=KTpv
-----END PGP SIGNATURE-----

From stephen.farrell@cs.tcd.ie  Mon Oct 28 09:04:34 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12C0021F9248 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 09:04:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.524
X-Spam-Level: 
X-Spam-Status: No, score=-102.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pUlN+PTX49+4 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 09:04:28 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id A4CEA11E8248 for <perpass@ietf.org>; Mon, 28 Oct 2013 09:04:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id DBCD7BEE7; Mon, 28 Oct 2013 16:04:25 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sScQ9hN4WX36; Mon, 28 Oct 2013 16:04:20 +0000 (GMT)
Received: from [10.87.48.9] (unknown [86.42.16.82]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 03D5DBEE1; Mon, 28 Oct 2013 16:04:19 +0000 (GMT)
Message-ID: <526E8B03.50801@cs.tcd.ie>
Date: Mon, 28 Oct 2013 16:04:19 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Christian Huitema <huitema@huitema.net>, 'perpass' <perpass@ietf.org>
References: <0d7401ced3a8$3307d1c0$99177540$@huitema.net>
In-Reply-To: <0d7401ced3a8$3307d1c0$99177540$@huitema.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 16:04:34 -0000

Thanks Christian,

Now that we seem to be getting a bit of a handle on the TLS
related crypto parts of all this, (which are maybe easier
or more tractable), I think it'd be timely to see some list
discussion on traffic analysis before Vancouver.

I'd be interested in any less obvious ways in which IETF
protocols might be making traffic analysis easier than it
ought be. And of course in countermeasures, but those are
maybe quite difficult.

S.

On 10/28/2013 06:37 AM, Christian Huitema wrote:
> A few weeks ago, we had a brief exchange on this list about traffic
> analysis, specifically the collection and analysis of IP packet headers. I
> wanted to write a draft describing the issue and proposing solutions, but
> the day job interfered and I was delayed. With that, I missed the cutoff
> date by many days. But the good news is that I finally wrote a first cut of
> this draft, and put it on a personal web server:
> 
> 
> 
>               Passive Traffic Analysis Threats and Defense
>                 draft-huitema-perpass-analthreat-00.txt
> 
> Abstract
> 
>    Traffic analysis is used by various entities to derive "meta data"
>    about Internet communications, such as who communicates with whom or
>    what, and when.  We analyze how meta-data can be extracted by
>    monitoring IP headers, DNS traffic, and clear-text headers of
>    commonly used protocols.  We then propose a series of actions that
>    would make traffic analysis more difficult.
> 
> Available for now at:
> http://huitema.net/papers/draft-huitema-perpass-analthreat-00.txt
> 
> I am sure that this draft could be much improved with feedback from this
> list!
> 
> -- Christian Huitema
> 
> 
> 
>  
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 

From benl@google.com  Mon Oct 28 10:00:07 2013
Return-Path: <benl@google.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3F7921F9E39 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 10:00:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level: 
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qfe2CcmhBF2n for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 10:00:07 -0700 (PDT)
Received: from mail-vb0-x22f.google.com (mail-vb0-x22f.google.com [IPv6:2607:f8b0:400c:c02::22f]) by ietfa.amsl.com (Postfix) with ESMTP id A3D9411E8260 for <perpass@ietf.org>; Mon, 28 Oct 2013 10:00:02 -0700 (PDT)
Received: by mail-vb0-f47.google.com with SMTP id m10so4687633vbh.20 for <perpass@ietf.org>; Mon, 28 Oct 2013 10:00:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=fQdtAheW30d6aeOKRtT+rzgNIwSxI4O3WqfYt6oFup8=; b=TYR+ZAKzYuwPDVqR/AJTUs+XGXi9TozsKzYrXIHUcjAMYHHoXgahRResdO8kVQRUZa TbYs1PcZ/NcZwcfsIWW4RNI1FCLOLszPgkAxTPN4OMsAC2dwIHq2yGmwnG1RjahofTmU KxAV+o4JBmNo3aCGSRu1azAhSvgM9bezkBaxCVMFJ5z58PW7omUFC8zZfw7Fmyd3Aon5 eMePcvM8p2MwD7VIyZr/iX+P3H2nh0OmzzgsSNZcJS+inm2FzatlwdtfmeG2e06Nhjbr VVYf6lLwpCFb9Uuc5zEnD4VgBANjRMolfG3UElv300hjjeMUS4dXgoWTMrAUD7oKfbv2 cGtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=fQdtAheW30d6aeOKRtT+rzgNIwSxI4O3WqfYt6oFup8=; b=BR1t/7LRVgHfBLvl0C7Y4UKpvYXl+dD1uZNIe2a2eSxmE5uyjWq3t6XNA6x8sM2Ujx x9iyCRpU/J4hp0SFQConYiYdggwcnTVt1f7WYJZeDMkHwv7ia1NanufcAigKRUkB+vsH 73CvqcGbmDV8bVBD9Lg/fUy05aS2jOdhR95u3EIwMvT9zR0piyYggi750FsXR/6PlY5I O0UnrrVkw/cg8aRlVCiGzKYBOXgoH9bFv5vBhsn8pfIqhCrCkx3ad+aaga1QYKk+3NGw qGSC7CJ0xr3IxwZbYASUXYjG+cI6IjOE/D3RtAPQQy3W3/YZEI3zGw75kVMP875mhqIS 9Ltw==
X-Gm-Message-State: ALoCoQlePz53ww2LEGbOg1eND+tgGV8zfIvwBsRAHuzi61Mwe8JWHBnjhQHZaHP4hdI8lQr/m4rNKF4jk/EL74up7Lt4AXO9vCCypLajjbWdSCLJF8qKx10q11mVhv7aYBW3acy0Bhr/PppBABx53QlBNNpJ2gCQeINpkc0VoF6JzXsmLL/ivP4aBcVE/kr1OKj/3CfaTX3E
MIME-Version: 1.0
X-Received: by 10.220.164.202 with SMTP id f10mr2375153vcy.25.1382979602052; Mon, 28 Oct 2013 10:00:02 -0700 (PDT)
Received: by 10.52.183.65 with HTTP; Mon, 28 Oct 2013 10:00:01 -0700 (PDT)
In-Reply-To: <0d7401ced3a8$3307d1c0$99177540$@huitema.net>
References: <0d7401ced3a8$3307d1c0$99177540$@huitema.net>
Date: Mon, 28 Oct 2013 17:00:01 +0000
Message-ID: <CABrd9STpnkYc=giOsKV4qs9q7Pdz0Br064AJtH1xBoCEc3o03w@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Christian Huitema <huitema@huitema.net>
Content-Type: multipart/alternative; boundary=001a11c1e980e9a00504e9d007a0
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 17:00:07 -0000

--001a11c1e980e9a00504e9d007a0
Content-Type: text/plain; charset=ISO-8859-1

On 28 October 2013 06:37, Christian Huitema <huitema@huitema.net> wrote:

> A few weeks ago, we had a brief exchange on this list about traffic
> analysis, specifically the collection and analysis of IP packet headers. I
> wanted to write a draft describing the issue and proposing solutions, but
> the day job interfered and I was delayed. With that, I missed the cutoff
> date by many days. But the good news is that I finally wrote a first cut of
> this draft, and put it on a personal web server:
>
>
>
>               Passive Traffic Analysis Threats and Defense
>                 draft-huitema-perpass-analthreat-00.txt
>
> Abstract
>
>    Traffic analysis is used by various entities to derive "meta data"
>    about Internet communications, such as who communicates with whom or
>    what, and when.  We analyze how meta-data can be extracted by
>    monitoring IP headers, DNS traffic, and clear-text headers of
>    commonly used protocols.  We then propose a series of actions that
>    would make traffic analysis more difficult.
>
> Available for now at:
> http://huitema.net/papers/draft-huitema-perpass-analthreat-00.txt
>
> I am sure that this draft could be much improved with feedback from this
> list!


You might want to look at the cleartext portions of the TLS handshake.

--001a11c1e980e9a00504e9d007a0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On 28 October 2013 06:37, Christian Huitema <span dir=3D"ltr">&lt;<=
a href=3D"mailto:huitema@huitema.net" target=3D"_blank">huitema@huitema.net=
</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">A few weeks ago, we had a brief exchange on =
this list about traffic<br>
analysis, specifically the collection and analysis of IP packet headers. I<=
br>
wanted to write a draft describing the issue and proposing solutions, but<b=
r>
the day job interfered and I was delayed. With that, I missed the cutoff<br=
>
date by many days. But the good news is that I finally wrote a first cut of=
<br>
this draft, and put it on a personal web server:<br>
<br>
<br>
<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 Passive Traffic Analysis Threats and Defense<br=
>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 draft-huitema-perpass-analthreat-00.txt<br>
<br>
Abstract<br>
<br>
=A0 =A0Traffic analysis is used by various entities to derive &quot;meta da=
ta&quot;<br>
=A0 =A0about Internet communications, such as who communicates with whom or=
<br>
=A0 =A0what, and when. =A0We analyze how meta-data can be extracted by<br>
=A0 =A0monitoring IP headers, DNS traffic, and clear-text headers of<br>
=A0 =A0commonly used protocols. =A0We then propose a series of actions that=
<br>
=A0 =A0would make traffic analysis more difficult.<br>
<br>
Available for now at:<br>
<a href=3D"http://huitema.net/papers/draft-huitema-perpass-analthreat-00.tx=
t" target=3D"_blank">http://huitema.net/papers/draft-huitema-perpass-analth=
reat-00.txt</a><br>
<br>
I am sure that this draft could be much improved with feedback from this<br=
>
list!</blockquote><div><br></div><div>You might want to look at the clearte=
xt portions of the TLS handshake.</div><div><br></div></div></div></div>

--001a11c1e980e9a00504e9d007a0--

From hannes.tschofenig@gmx.net  Mon Oct 28 10:10:36 2013
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E9C111E8287 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 10:10:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.621
X-Spam-Level: 
X-Spam-Status: No, score=-102.621 tagged_above=-999 required=5 tests=[AWL=-0.022, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qp8Hg6HcCFBn for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 10:10:32 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ietfa.amsl.com (Postfix) with ESMTP id 59F3611E8260 for <perpass@ietf.org>; Mon, 28 Oct 2013 10:10:03 -0700 (PDT)
Received: from [172.16.254.200] ([80.92.116.222]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0LuP19-1ViEiz0gDP-011iac for <perpass@ietf.org>; Mon, 28 Oct 2013 18:10:02 +0100
Message-ID: <526E9A80.7070103@gmx.net>
Date: Mon, 28 Oct 2013 18:10:24 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:QB/7+W/WgDwk7mEjgvXmNo/qpG0q03CqwxRtFXeECNS7fEXuHpC KoivqRqGnIvS5Nh/7AzOQZfFGHeHdKM2NcLKyOex3iss9l9SAm7yf38BzIkKK9rI3I8xNZD BSQfE9Ft4GY2IdDq33KK7nFgtYaMEfNIwFJaE6fnmiAb0MxLiELpYJniUNuvH6q80/Vq8rC I91+I8kBKcUsednjFpCKw==
Cc: hannes.tschofenig@gmx.net
Subject: [perpass] draft-tschofenig-perpass-surveillance-01.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 17:10:36 -0000

Hi all,

I have submitted a document for the cutoff-date that tries to provide 
background material for the IAB technical plenary. The document does not 
suggest what actions to take but contains my view about the bigger picture.

Based on the received feedback I have produced a new version, which can 
be found here:
https://raw.github.com/hannestschofenig/tschofenig-ids/master/surveillance/draft-tschofenig-perpass-surveillance-01.txt

or

https://goo.gl/a35BY2

Ciao
Hannes

From stephen.farrell@cs.tcd.ie  Mon Oct 28 10:14:47 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21C2911E828B for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 10:14:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.569
X-Spam-Level: 
X-Spam-Status: No, score=-102.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WbevWkiaIfqt for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 10:14:41 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id A2AEB11E822E for <perpass@ietf.org>; Mon, 28 Oct 2013 10:14:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 0C198BEEE; Mon, 28 Oct 2013 17:14:40 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BoIVLqL31Ysv; Mon, 28 Oct 2013 17:14:38 +0000 (GMT)
Received: from [10.87.48.9] (unknown [86.42.16.82]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 27F3FBEE1; Mon, 28 Oct 2013 17:14:37 +0000 (GMT)
Message-ID: <526E9B7C.3010301@cs.tcd.ie>
Date: Mon, 28 Oct 2013 17:14:36 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Ben Laurie <benl@google.com>, Christian Huitema <huitema@huitema.net>
References: <0d7401ced3a8$3307d1c0$99177540$@huitema.net> <CABrd9STpnkYc=giOsKV4qs9q7Pdz0Br064AJtH1xBoCEc3o03w@mail.gmail.com>
In-Reply-To: <CABrd9STpnkYc=giOsKV4qs9q7Pdz0Br064AJtH1xBoCEc3o03w@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 17:14:47 -0000

On 10/28/2013 05:00 PM, Ben Laurie wrote:
> You might want to look at the cleartext portions of the TLS handshake.

Actually, I'd like to suggest we don't shift the discussion here
back to better use of crypto.

Let's assume that we do get better/wider deployment of TLS 1.3
with a PFS ciphesuite for all the various protocols where that's
tractable. And assume TLS 1.3 hides a lot more of the handshake
as planned.

After that's done, *then* what do we want/need to do about
traffic analysis?

That's a question I'd like to see discussed and Christian's
text is helpful there (as are Brian's and Hannes' drafts).

Cheers,
S.


From lear@cisco.com  Mon Oct 28 10:23:30 2013
Return-Path: <lear@cisco.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E496011E8293 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 10:23:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.436
X-Spam-Level: 
X-Spam-Status: No, score=-110.436 tagged_above=-999 required=5 tests=[AWL=0.163, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C5arc5+25+1J for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 10:23:25 -0700 (PDT)
Received: from ams-iport-4.cisco.com (ams-iport-4.cisco.com [144.254.224.147]) by ietfa.amsl.com (Postfix) with ESMTP id 87DB111E828D for <perpass@ietf.org>; Mon, 28 Oct 2013 10:23:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=523; q=dns/txt; s=iport; t=1382981005; x=1384190605; h=message-id:date:from:mime-version:to:subject:references: in-reply-to:content-transfer-encoding; bh=zQn/2PmTxXPwO75Iy9rgP83ikgLLJA9GKVyp8MFAkOU=; b=DiZQrUWx+RiYzz4InGdrevHpP7PSnr3RPbWj0KNHM6FXuZ7tpJRLg7tX EpywBjIuC0v1iQLtvN4/ZbhEpXdsHTTA9hOSjpHOZagCPsnbf3fWu8J99 y+Obs79+mvxefHmP0dqynO2XshnpdMCz69FMeeJPZXDxJKLlRCRe2zflz 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhUFALScblKQ/khL/2dsb2JhbABZgweEH7hSgn+BJxZ0giUBAQEEI1URCxgCAgUWCwICCQMCAQIBRQYBDAgBAYgDpgySSYEpjHOBQIJqgUIDmAqSB4FogT87gTU
X-IronPort-AV: E=Sophos;i="4.93,587,1378857600"; d="scan'208";a="19074355"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-4.cisco.com with ESMTP; 28 Oct 2013 17:23:24 +0000
Received: from ams3-vpn-dhcp7726.cisco.com (ams3-vpn-dhcp7726.cisco.com [10.61.94.45]) by ams-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r9SHNI6e026118 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 28 Oct 2013 17:23:21 GMT
Message-ID: <526E9D86.3000609@cisco.com>
Date: Mon, 28 Oct 2013 18:23:18 +0100
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Jacob Appelbaum <jacob@appelbaum.net>, perpass@ietf.org
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net>	<526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net>	<7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com>	<20131023200227.GB94140@funkthat.com>	<63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com>	<52683DDF.9030407@rolamasao.org>	<20131023213555.GE94140@funkthat.com>	<526841F3.4040505@rolamasao.org>	<47EC7968-F4DD-42D9-BEAA-9435A010CECB@emc.com>	<52696123.9000209@rolamasao.org>	<alpine.LFD.2.10.1310251405160.17704@bofh.nohats.ca> <526B8A36.2090707@appelbaum.net>
In-Reply-To: <526B8A36.2090707@appelbaum.net>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] OpenPGP Server-side Signed E-mail [Was: e-mail security idea: server2server PGP]
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 17:23:31 -0000

On 10/26/13 11:24 AM, Jacob Appelbaum wrote:
> Defense in depth. If the StartTLS server uses RC4, for example, I'd want
> a different layer for actual protection.
>
>
Let's be careful about that argument.  Defense in depth should actually
add real depth.  Otherwise it's just extra work to send a message.  If
you suggest a new mechanism just to get rid of a bad algorithm, whatever
you replace it with will likely someday be found to have a bad algorithm
as well.  To what depths shall we sink, then?

Eliot

From joe@oregon.uoregon.edu  Mon Oct 28 10:37:34 2013
Return-Path: <joe@oregon.uoregon.edu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22E5521F9CF3 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 10:37:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.111
X-Spam-Level: 
X-Spam-Status: No, score=-1.111 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, FB_INCREASE_VOL=3.629, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJE6LfQ0cQ4t for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 10:37:19 -0700 (PDT)
Received: from grey.uoregon.edu (grey.uoregon.edu [128.223.214.89]) by ietfa.amsl.com (Postfix) with SMTP id 66DD921F9CF1 for <perpass@ietf.org>; Mon, 28 Oct 2013 10:36:58 -0700 (PDT)
Date: Mon, 28 Oct 2013 09:11:30 -0700 (PDT)
Message-Id: <13102809113001_8A24@oregon.uoregon.edu>
From: "Joe St Sauver" <joe@oregon.uoregon.edu>
To: stephen.farrell@cs.tcd.ie
X-VMS-To: SMTP%"stephen.farrell@cs.tcd.ie"
X-VMS-Cc: SMTP%"perpass@ietf.org",SMTP%"huitema@huitema.net"
Cc: perpass@ietf.org, huitema@huitema.net
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 17:37:35 -0000

Hi,

Stephen Farrell <stephen.farrell@cs.tcd.ie> commented:

#Now that we seem to be getting a bit of a handle on the TLS
#related crypto parts of all this, (which are maybe easier
#or more tractable), I think it'd be timely to see some list
#discussion on traffic analysis before Vancouver.
#
#I'd be interested in any less obvious ways in which IETF
#protocols might be making traffic analysis easier than it
#ought be. And of course in countermeasures, but those are
#maybe quite difficult.

Just to quickly summarize a few traffic analytic approaches 
(e.g., analyses that do not consider the contents of traffic) 
at the 10,000 ft level:

-- Sometimes merely knowing that a communication is happening
   between two particular parties conveys significant 
   information.

   A classic example: a government official in a sensitive 
   role begins exchanging non-official messages with a known 
   agent of a foreign power (or an investigative journalist).
   If that was noted, a big red flag might well go up.

-- Sometimes the frequency/volume of communications conveys 
   information that may signal something's afoot.

   For instance, normal traffic volume might be sporadic and 
   brief, but in a crisis period, message count and total 
   message volume might ramp up dramatically. (this is the
   classic "increased volume of chatter" comment sometimes
   mentioned in the press)

   Conversely, if "radio silence" suddenly descends, and
   communications that normally take place suddenly cease,
   that may also be a signal that something's happening.

-- Sequencing can also sometimes be important. Imagine a 
   situation where a report from party A is received by "HQ."

   Shortly thereafter, communications fan out from "HQ" to 
   parties B through Z, perhaps coincidentally, perhaps not.

   If that pattern repeats itself multiple times, we might
   infer that party A is at least somehow "related to" the 
   activities of parties B through Z, in an extreme case, 
   perhaps going so far as to direct the activities of those 
   entities.

How might we hypothetically counter those traffic analytic approaches?
At a very simple level:

-- If the worry is that person-to-person messages unduly
   expose relationships or contacts that might be red flags:

   -- avoid phone calls, emails, IM, and other person-to-person 
   communication channels, 

   -- use one-to-many communications instead (post to Usenet
   News, comment on a web page, send a twitter message, etc.)

-- If communication volume ("chatter") is the issue, send a 
   constant stream of traffic, regardless of whether things
   are sleepy and routine or the exact opposite.

   (FWIW, obviously most IETF protocols are NOT designed to send 
   a constant stream of traffic...)

-- If sequencing is the issue, decouple cause and effect in 
   time or space. If "A" contacts "HQ" and "HQ" then normally
   contacts "B" through "Z", maybe always have HQ send messages 
   to B through Z (and AA-ZZ!) regardless of whether or not A 
   sends a message to HQ or not

Is that the sort of thing you wanted to begin discussing?

Regards,

Joe

From stephen.farrell@cs.tcd.ie  Mon Oct 28 10:47:42 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09A4411E82BF for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 10:47:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.574
X-Spam-Level: 
X-Spam-Status: No, score=-102.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xjPzY-UNGnPr for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 10:47:31 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 9F12D11E8191 for <perpass@ietf.org>; Mon, 28 Oct 2013 10:47:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5B405BEEE; Mon, 28 Oct 2013 17:47:17 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5fcEqCZuk5Rz; Mon, 28 Oct 2013 17:47:15 +0000 (GMT)
Received: from [10.87.48.9] (unknown [86.42.16.82]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AA70ABEE1; Mon, 28 Oct 2013 17:47:15 +0000 (GMT)
Message-ID: <526EA323.1000309@cs.tcd.ie>
Date: Mon, 28 Oct 2013 17:47:15 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Joe St Sauver <joe@oregon.uoregon.edu>
References: <13102809113001_8A24@oregon.uoregon.edu>
In-Reply-To: <13102809113001_8A24@oregon.uoregon.edu>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org, huitema@huitema.net
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 17:47:45 -0000

Hiya,

On 10/28/2013 04:11 PM, Joe St Sauver wrote:
> Hi,
> 
> Stephen Farrell <stephen.farrell@cs.tcd.ie> commented:
> 
> #Now that we seem to be getting a bit of a handle on the TLS
> #related crypto parts of all this, (which are maybe easier
> #or more tractable), I think it'd be timely to see some list
> #discussion on traffic analysis before Vancouver.
> #
> #I'd be interested in any less obvious ways in which IETF
> #protocols might be making traffic analysis easier than it
> #ought be. And of course in countermeasures, but those are
> #maybe quite difficult.
> 
> Just to quickly summarize a few traffic analytic approaches 
> (e.g., analyses that do not consider the contents of traffic) 
> at the 10,000 ft level:
> 
[...reasonable text elided...]
> 
> Is that the sort of thing you wanted to begin discussing?

Yep. But not at the 10,000ft level:-)

Not quite sure, but I think we might get some benefit at the
moment from considering how specific fields in real protocols
undermine privacy (e.g. as Christian's draft does with the
Received header fields in mail messages) even if/when TLS or
other existing security mechanisms are properly used.

That's not to say that we should immediately try change all
those protocols, since there will likely be (or were once)
good reasons why stuff is done as it is, but there may be
cases where we find that there are specific concrete things
the IETF could be doing and finding those is the goal of our
session in Vancouver.

S.

> 
> Regards,
> 
> Joe
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From joe@oregon.uoregon.edu  Mon Oct 28 11:23:17 2013
Return-Path: <joe@oregon.uoregon.edu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56DB911E81A0 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 11:23:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.855
X-Spam-Level: 
X-Spam-Status: No, score=-3.855 tagged_above=-999 required=5 tests=[AWL=2.744,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2wEZnHu+siIg for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 11:23:13 -0700 (PDT)
Received: from grey.uoregon.edu (grey.uoregon.edu [128.223.214.89]) by ietfa.amsl.com (Postfix) with SMTP id 484CF21F9D30 for <perpass@ietf.org>; Mon, 28 Oct 2013 11:23:13 -0700 (PDT)
Date: Mon, 28 Oct 2013 10:49:45 -0700 (PDT)
Message-Id: <13102810494583_8A24@oregon.uoregon.edu>
From: "Joe St Sauver" <joe@oregon.uoregon.edu>
To: stephen.farrell@cs.tcd.ie
X-VMS-To: SMTP%"stephen.farrell@cs.tcd.ie"
X-VMS-Cc: SMTP%"perpass@ietf.org",SMTP%"huitema@huitema.net"
Cc: perpass@ietf.org, huitema@huitema.net
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 18:23:17 -0000

Hi,

Stephen Farrell <stephen.farrell@cs.tcd.ie>:

#Not quite sure, but I think we might get some benefit at the
#moment from considering how specific fields in real protocols
#undermine privacy (e.g. as Christian's draft does with the
#Received header fields in mail messages) even if/when TLS or
#other existing security mechanisms are properly used.

My concern is that many traffic analytic approaches tend to be 
exceedingly robust to "protocol improvements." Protocol tweaks 
may accomplish little when it comes to practically improving 
privacy if the underlying protocol's architecture and operational 
practice goes unchanged. 

For example, when it comes to email, shouldn't section 6 of
http://huitema.net/papers/draft-huitema-perpass-analthreat-00.txt
basically say, "if you want to avoid traffic analytic approaches
in the case of email, deploy and use Mixmaster anonymous remailers"? 
( https://en.wikipedia.org/wiki/Anonymous_remailers#Untraceable_remailers )

And if we *are* talking about that sort of approach, then I think
inevitably we also need to talk about how we simultaneously manage to
allow *wanted* private traffic while simultaneously preventing or 
managing *unwanted traffic* (e.g., spam). 

An awful lot of current anti-spam technology depends upon either 
reputation (which is obviously not present in the case of 
anonymous/non-attributable traffic), or content analysis (which 
is also obviously problematic, at least if we presume use of 
end-to-end encryption (at least until the content is decrypted 
on the end-user's device)).

I also think that if you're serious about email privacy, you 
really can't keep the discussion just at the level of sanitizing 
headers. You need to get into the format of the content that's
allowed as well. For example, it's well known that non-plain 
text email content (e.g., HTML-formatted email) is potentially a 
serious threat to privacy due to potential use of things like 
tracking gifs included in HTML-formatted email.

Regards,

Joe

From stephen.farrell@cs.tcd.ie  Mon Oct 28 12:03:57 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C18621E80F3 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 12:03:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.582
X-Spam-Level: 
X-Spam-Status: No, score=-102.582 tagged_above=-999 required=5 tests=[AWL=0.017, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nF5WjU1hUPWn for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 12:03:52 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 1380C21E80D4 for <perpass@ietf.org>; Mon, 28 Oct 2013 12:03:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 4A852BEDB; Mon, 28 Oct 2013 19:03:43 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OUXMb090Pw1N; Mon, 28 Oct 2013 19:03:41 +0000 (GMT)
Received: from [10.87.48.9] (unknown [86.42.16.82]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 664C3BEDA; Mon, 28 Oct 2013 19:03:41 +0000 (GMT)
Message-ID: <526EB50D.70008@cs.tcd.ie>
Date: Mon, 28 Oct 2013 19:03:41 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Joe St Sauver <joe@oregon.uoregon.edu>
References: <13102810494583_8A24@oregon.uoregon.edu>
In-Reply-To: <13102810494583_8A24@oregon.uoregon.edu>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org, huitema@huitema.net
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 19:03:57 -0000

Hiya,

On 10/28/2013 05:49 PM, Joe St Sauver wrote:
> Hi,
> 
> Stephen Farrell <stephen.farrell@cs.tcd.ie>:
> 
> #Not quite sure, but I think we might get some benefit at the
> #moment from considering how specific fields in real protocols
> #undermine privacy (e.g. as Christian's draft does with the
> #Received header fields in mail messages) even if/when TLS or
> #other existing security mechanisms are properly used.
> 
> My concern is that many traffic analytic approaches tend to be 
> exceedingly robust to "protocol improvements." Protocol tweaks 

Not all changes need be tweaks. Some might be though.

> may accomplish little when it comes to practically improving 
> privacy if the underlying protocol's architecture and operational 
> practice goes unchanged. 
> 
> For example, when it comes to email, 

To be honest, I don't see how we can "fix" mail myself so
that its not vulnerable to pervasive monitoring. I think
we can make such monitoring somewhat harder via better use
of TLS, and that's worth doing, but beyond that, I don't
see much that can be done without changes that I don't
think are likely to happen. I'd be delighted to be proven
wrong on that, so I'm happy to see it discussed but I'm
not hopeful.

Meanwhile, there are plenty of other protocols that are
also worth a look and might be more easily improved in
this respect, so even if mail isn't tractable, other things
may well be.

S.

> shouldn't section 6 of
> http://huitema.net/papers/draft-huitema-perpass-analthreat-00.txt
> basically say, "if you want to avoid traffic analytic approaches
> in the case of email, deploy and use Mixmaster anonymous remailers"? 
> ( https://en.wikipedia.org/wiki/Anonymous_remailers#Untraceable_remailers )
> 
> And if we *are* talking about that sort of approach, then I think
> inevitably we also need to talk about how we simultaneously manage to
> allow *wanted* private traffic while simultaneously preventing or 
> managing *unwanted traffic* (e.g., spam). 
> 
> An awful lot of current anti-spam technology depends upon either 
> reputation (which is obviously not present in the case of 
> anonymous/non-attributable traffic), or content analysis (which 
> is also obviously problematic, at least if we presume use of 
> end-to-end encryption (at least until the content is decrypted 
> on the end-user's device)).
> 
> I also think that if you're serious about email privacy, you 
> really can't keep the discussion just at the level of sanitizing 
> headers. You need to get into the format of the content that's
> allowed as well. For example, it's well known that non-plain 
> text email content (e.g., HTML-formatted email) is potentially a 
> serious threat to privacy due to potential use of things like 
> tracking gifs included in HTML-formatted email.
> 
> Regards,
> 
> Joe
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> 

From stephen.farrell@cs.tcd.ie  Mon Oct 28 12:18:04 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04F8521E80C1 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 12:18:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.584
X-Spam-Level: 
X-Spam-Status: No, score=-102.584 tagged_above=-999 required=5 tests=[AWL=0.015, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WZNJKVEgiDKE for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 12:17:59 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id EDD0B21E80B2 for <perpass@ietf.org>; Mon, 28 Oct 2013 12:17:56 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 4D28BBEFA for <perpass@ietf.org>; Mon, 28 Oct 2013 19:17:56 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tEE6zNCj21Sa for <perpass@ietf.org>; Mon, 28 Oct 2013 19:17:54 +0000 (GMT)
Received: from [10.87.48.9] (unknown [86.42.16.82]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 229C1BEE7 for <perpass@ietf.org>; Mon, 28 Oct 2013 19:17:54 +0000 (GMT)
Message-ID: <526EB861.8080007@cs.tcd.ie>
Date: Mon, 28 Oct 2013 19:17:53 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
References: <526E86E5.6010604@meetecho.com>
In-Reply-To: <526E86E5.6010604@meetecho.com>
X-Enigmail-Version: 1.6
X-Forwarded-Message-Id: <526E86E5.6010604@meetecho.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [perpass] Fwd: Meetecho support at IETF-88
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 19:18:04 -0000

FYI. We don't plan on having remote presenters or to take audio
input, (since it doesn't work well), but this gives another
option for remote folks in addition to the usual audio streaming
and jabber.

Out of interest: if you know already that you'll be remote and
plan to listen in and/or join us via jabber, feel free to let
me know offlist. I guess that might be useful to the scribes as
well. But nobody has to ask anyone to listen in of course:-)

S.


-------- Original Message --------
Subject: Meetecho support at IETF-88
Date: Mon, 28 Oct 2013 16:46:45 +0100
From: Meetecho IETF support <ietf@meetecho.com>
To: ietf@meetecho.com

Dear chair(s),

this email is to confirm Meetecho support for your WG/BOF meeting
session at IETF-88.

The agenda of supported sessions is available at:
	http://ietf88.conf.meetecho.com.

If you plan to have remote presenters, you're kindly requested to inform
us in proper advance, since this needs special set-up and a preliminary
test with the remote speaker.

*The deadline for requesting remote presentation support is November 1.*

Thanks,
the Meetecho team

-- 
Meetecho s.r.l.
www.meetecho.com



From mdietf@demmers.org  Mon Oct 28 13:12:26 2013
Return-Path: <mdietf@demmers.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C03521E805D for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 13:12:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.303
X-Spam-Level: 
X-Spam-Status: No, score=-1.303 tagged_above=-999 required=5 tests=[AWL=0.374,  BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pX53J587XEwm for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 13:12:21 -0700 (PDT)
Received: from remote.demmers.org (mdemmers.virt.spiritone.com [216.99.193.151]) by ietfa.amsl.com (Postfix) with ESMTP id AEBC211E81BB for <perpass@ietf.org>; Mon, 28 Oct 2013 13:12:20 -0700 (PDT)
Received: from cicero.demmers.org ([50.45.173.24]) by remote.demmers.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id r9SKCD3O016304; Mon, 28 Oct 2013 13:12:14 -0700
Date: Mon, 28 Oct 2013 13:12:10 -0700
From: Mike Demmers <mdietf@demmers.org>
To: "'perpass'" <perpass@ietf.org>
Message-ID: <20131028131210.07984f85@cicero.demmers.org>
In-Reply-To: <0d7401ced3a8$3307d1c0$99177540$@huitema.net>
References: <0d7401ced3a8$3307d1c0$99177540$@huitema.net>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 20:12:26 -0000

On Sun, 27 Oct 2013 23:37:39 -0700
"Christian Huitema" <huitema@huitema.net> wrote:

> Abstract
> 
>    Traffic analysis is used by various entities to derive "meta data"
>    about Internet communications, such as who communicates with whom or
>    what, and when.  We analyze how meta-data can be extracted by
>    monitoring IP headers, DNS traffic, and clear-text headers of
>    commonly used protocols.  We then propose a series of actions that
>    would make traffic analysis more difficult.
> 
> Available for now at:
> http://huitema.net/papers/draft-huitema-perpass-analthreat-00.txt

This is the best summary of the metadata problem I have seen.

I agree with this recommendation:

"Use encryption.  In particular, never send a user identity in clear text."

After that...problems.

Obfuscating sources may provide less metadata to spies, but it is also data that system administrators use every single day to protect their systems from viruses, spammers, and hackers. Remove too much of that and you have simply exchanged one problem for another, larger one.

There needs to be a section for all these proposals that deals with the practical real world barriers to implementing the proposed solutions. That way the proposals that might actually be possible to implement should be more identifiable.

The problem with the proposals I see for fixing the metadata problem through technical means is that in the end, to actually be effective, they all seem to boil down to 'We had to destroy the internet, in order to save it'.

I think there are small technical changes around the edges that can help, but I really see the solutions for the metadata problem as more political and social than technical. Concentrating on making encryption really, really easy to use would go a lot further at this time than messing with deep changes, because people are not even using what is already available.

-MD

From nvidya@google.com  Mon Oct 28 13:19:25 2013
Return-Path: <nvidya@google.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CBFE21F9BC2 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 13:19:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level: 
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d2JHGo7uqhfK for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 13:19:24 -0700 (PDT)
Received: from mail-qe0-x232.google.com (mail-qe0-x232.google.com [IPv6:2607:f8b0:400d:c02::232]) by ietfa.amsl.com (Postfix) with ESMTP id 0AB6921F9D3B for <perpass@ietf.org>; Mon, 28 Oct 2013 13:19:21 -0700 (PDT)
Received: by mail-qe0-f50.google.com with SMTP id 1so4351963qee.37 for <perpass@ietf.org>; Mon, 28 Oct 2013 13:19:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=wJyB+MY5/dNn+hs7NSdUjEdE2WDNoZHvyGFSgmMZnjM=; b=oZymRwdyoYhbMzgX2R4CrRyoC89vrvHZafKi8TkBFV389jn5PBY6QlKqfL5h0AbrlP O0d8PdfyG5OzLzgVbHKWs8oEyjMC6CwFLwc2/Tvuh8mSAD00Qp1ZawoF+LnyaHIcanuo oXS7g6+dgE2Op6ktMAuNKR0ArmRWbujI4Jql0dsEcBLWrvz6fUXQ5UMUcSPsENSyXc6F 3cXwFH9bIwDYx3VC2NcAfnOjxLx4N60Js/XMDNadVBPdYFIZeOZnJAq3AsXju6tceSxk jqqLyfpAXctdpPSOdREjLD2I8sxI7FqDgJc2egH8bK1mnMZCKuiQ3wfJVpY+Xo4peFpM 9UTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=wJyB+MY5/dNn+hs7NSdUjEdE2WDNoZHvyGFSgmMZnjM=; b=EYcesCH0Td+Njl3vxiWnqGdTBd/2MWekL8BAjwKV1dmXVHrSXN35kjRjQ/NLn/JC/x FAlurKYpx3d8rzyj3dgjaxtNuyht50j8RPkdYrhVZnsVSIXnvOdJxlAAF80f64dZk8EV 1aGlzAlISqLs8TTrVgC8icT7JYlI4pqxg0fqqE40dTEy314bfqAgii9bPL6ieC6vuYEF VjqZcvUMDB7F11EhOHbXea3qqFsrUABY9/Np1LWQVgrK97umMFN+nLNkSFK6jPXSrnjD 8tsMGMVufmvmAZm5/60zqXYyassVR9+UcNU94Uuohp4MBj/WM0SWApaODmu8aDu7cBEu 3JSQ==
X-Gm-Message-State: ALoCoQk9Xle1SzHf1BBUoGlayd+X8WsKPz+kCRkOSGV75ArOrY266zmXYTAhW8c8oCdRNjawm8DRuW3h8QRkPAYFasRM4Myz1R7kepSV+ZQzEPoG+z4sJFEMdYTmsE9c2imfJ9XKU3tCrNZdGzYgZu+BLRTjD0tUViv1ctNUMR3CeOyzpCXjuRz3IQx122OWL7n940ZW8ouS
MIME-Version: 1.0
X-Received: by 10.224.171.67 with SMTP id g3mr32291834qaz.13.1382991561482; Mon, 28 Oct 2013 13:19:21 -0700 (PDT)
Received: by 10.224.44.70 with HTTP; Mon, 28 Oct 2013 13:19:21 -0700 (PDT)
Date: Mon, 28 Oct 2013 13:19:21 -0700
Message-ID: <CAO+OM=qyRVgy6qHrmC5uv3BRCGn+f4B9setcKcm+=nhgkVd9wg@mail.gmail.com>
From: Vidya Narayanan <vn@google.com>
To: perpass@ietf.org
Content-Type: multipart/alternative; boundary=047d7b677688bffd3d04e9d2d071
Subject: [perpass] Explicit proxying in HTTP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 20:23:58 -0000

--047d7b677688bffd3d04e9d2d071
Content-Type: text/plain; charset=ISO-8859-1

All,
http://tools.ietf.org/id/draft-vidya-httpbis-explicit-proxy-ps-00.txt is a
problem statement on the need for explicit proxying in HTTP.  This is an
FYI for this group at the moment and it is a topic expected to be discussed
in the HTTPbis working group.  However, since it also relates to the
mission of the perpass list, I am sending a pointer.  I will not be at
Vancouver - however, my colleague, Ted Hardie has kindly volunteered to be
engaged in discussions on this topic, should there be any questions.

Abstract

   This document describes the issues with HTTP proxies for TLS
   protected traffic and motivates the need for explicit proxying
   capability in HTTP.  It also presents the goals that such a solution
   would need to satisfy and some example solution directions.


Best,
Vidya

--047d7b677688bffd3d04e9d2d071
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">All,<div><a href=3D"http://tools.ietf.org/id/draft-vidya-h=
ttpbis-explicit-proxy-ps-00.txt">http://tools.ietf.org/id/draft-vidya-httpb=
is-explicit-proxy-ps-00.txt</a> is a problem statement on the need for expl=
icit proxying in HTTP. =A0This is an FYI for this group at the moment and i=
t is a topic expected to be discussed in the HTTPbis working group. =A0Howe=
ver, since it also relates to the mission of the perpass list, I am sending=
 a pointer. =A0I will not be at Vancouver - however, my colleague, Ted Hard=
ie has kindly volunteered to be engaged in discussions on this topic, shoul=
d there be any questions.=A0</div>
<div><br></div><div><pre style=3D"color:rgb(0,0,0);word-wrap:break-word;whi=
te-space:pre-wrap">Abstract

   This document describes the issues with HTTP proxies for TLS
   protected traffic and motivates the need for explicit proxying
   capability in HTTP.  It also presents the goals that such a solution
   would need to satisfy and some example solution directions.</pre></div><=
div><br></div><div>Best,<br>Vidya=A0</div><div><br></div></div>

--047d7b677688bffd3d04e9d2d071--

From ned+perpass@mrochek.com  Mon Oct 28 13:28:51 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8BB911E81DF for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 13:28:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.203
X-Spam-Level: 
X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[AWL=0.396,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rLXzEQX0erLr for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 13:28:47 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 5BB1511E829B for <perpass@ietf.org>; Mon, 28 Oct 2013 13:28:24 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P04ABUEEWW007DJC@mauve.mrochek.com> for perpass@ietf.org; Mon, 28 Oct 2013 13:23:23 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OZQXEDTQ3400004R@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Mon, 28 Oct 2013 13:23:18 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01P04ABSOR0E00004R@mauve.mrochek.com>
Date: Mon, 28 Oct 2013 11:30:28 -0700 (PDT)
In-reply-to: "Your message dated Mon, 28 Oct 2013 10:49:45 -0700 (PDT)" <13102810494583_8A24@oregon.uoregon.edu>
References: <13102810494583_8A24@oregon.uoregon.edu>
To: Joe St Sauver <joe@oregon.uoregon.edu>
Cc: perpass@ietf.org, huitema@huitema.net, stephen.farrell@cs.tcd.ie
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 20:28:52 -0000

> Hi,

> Stephen Farrell <stephen.farrell@cs.tcd.ie>:

> #Not quite sure, but I think we might get some benefit at the
> #moment from considering how specific fields in real protocols
> #undermine privacy (e.g. as Christian's draft does with the
> #Received header fields in mail messages) even if/when TLS or
> #other existing security mechanisms are properly used.

> My concern is that many traffic analytic approaches tend to be
> exceedingly robust to "protocol improvements." Protocol tweaks
> may accomplish little when it comes to practically improving
> privacy if the underlying protocol's architecture and operational
> practice goes unchanged.

> For example, when it comes to email, shouldn't section 6 of
> http://huitema.net/papers/draft-huitema-perpass-analthreat-00.txt
> basically say, "if you want to avoid traffic analytic approaches
> in the case of email, deploy and use Mixmaster anonymous remailers"?
> ( https://en.wikipedia.org/wiki/Anonymous_remailers#Untraceable_remailers )

And good luck with that, at least on any kind of scale.

But your underlying point is very well taken: The section on email in this
draft focuses on irrelevancies and fails to take note of the real issues.

I hate to sound like a broken record, but folks really need to have some
familiarity with present-day email as it is actually deployed before making
these sorts of asssessments.

Again, present day email usage is increasingly concentrated to a fairly small
number of large ISPs and MSPs. (Small ISPs and enterprise setups are shifting
to using cloud services, and while the Snowden revelations may have slowed this
trend, they haven't stopped it.)

In regards to traffic analysis, this is in some ways a good thing. If the
connections from user clients to the ISP/MSP servers are secured at the
transport layer - and I have demonstrated that a lot of them are - then we
gain a lot by securing the streams between the large providers at the
transport level.

But the elephant in the corner is logging. Service providers maintain very
extensive logs of email traffic, if for no other reason than as a support
tool. These logs provide every possible detail needed for traffic analysis.

Of course one of the earliest Snowden revelations was that the NSA is
collecting these logs from US providers on a massive scale. And hopefully
everyone is aware of Smith v. Maryland, which essentialls says that metadata
is not constitutionally protected.

But before Eupopeans and others get all smug about this, speaking as someone
who has seen quite a few RFPs for mail systems, the only substantive difference
I see between the US and elsewhere is the US approaches this in a less
organized and systematic way and generally has fewer auditing and data
protection requirements. The data is still being collected, and most likely
shareed.

And as for practical and deployable measures that can be undertaken to address
this, I'm at something of a loss to suggest anything. Shifting back to a more
decentralized model sounds nice, but seems a bit outside the purview of a
standards process to try and make that happen.

And even if it a completely decentralized model was practical, in a
peer-to-peer world the metadata that would accrue from watching the connections
themselves would be a fair substitute.

As for mixed models, look at what happened to Lavabit.

> And if we *are* talking about that sort of approach, then I think
> inevitably we also need to talk about how we simultaneously manage to
> allow *wanted* private traffic while simultaneously preventing or
> managing *unwanted traffic* (e.g., spam).

Yep. It's a daunting problem. And it is far from the only one.

> An awful lot of current anti-spam technology depends upon either
> reputation (which is obviously not present in the case of
> anonymous/non-attributable traffic), or content analysis (which
> is also obviously problematic, at least if we presume use of
> end-to-end encryption (at least until the content is decrypted
> on the end-user's device)).

You basically have to push the content checks to the client. This has
not proven to be a terrific solution in practice.

> I also think that if you're serious about email privacy, you
> really can't keep the discussion just at the level of sanitizing
> headers. You need to get into the format of the content that's
> allowed as well. For example, it's well known that non-plain
> text email content (e.g., HTML-formatted email) is potentially a
> serious threat to privacy due to potential use of things like
> tracking gifs included in HTML-formatted email.

I think we can do a lot to make it harder to snoop on email content, although
ironically what we're likely to be able to accomplish under the "prism-proof"
rubric is unlikely to much of anything about the data collection the actual
Prism program performs.

But traffic analysis... unless the fact that those logs are likely to only be
accessible to state entities offers some consolation, I don't think there's
going to be much happiness here.

				Ned

From d.nix@comcast.net  Mon Oct 28 13:42:12 2013
Return-Path: <d.nix@comcast.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B56911E8295 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 13:42:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.437
X-Spam-Level: 
X-Spam-Status: No, score=-0.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611,  RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1+BVFJBdPmQG for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 13:42:06 -0700 (PDT)
Received: from qmta07.emeryville.ca.mail.comcast.net (qmta07.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:43:76:96:30:64]) by ietfa.amsl.com (Postfix) with ESMTP id 4C92C21E80D0 for <perpass@ietf.org>; Mon, 28 Oct 2013 13:42:06 -0700 (PDT)
Received: from omta06.emeryville.ca.mail.comcast.net ([76.96.30.51]) by qmta07.emeryville.ca.mail.comcast.net with comcast id ik7y1m00516AWCUA7ki6lE; Mon, 28 Oct 2013 20:42:06 +0000
Received: from [192.168.0.103] ([24.4.240.47]) by omta06.emeryville.ca.mail.comcast.net with comcast id iki51m008123RE08Ski5t4; Mon, 28 Oct 2013 20:42:05 +0000
Message-ID: <526ECC25.3060106@comcast.net>
Date: Mon, 28 Oct 2013 13:42:13 -0700
From: "d.nix" <d.nix@comcast.net>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: perpass@ietf.org
References: <13102810494583_8A24@oregon.uoregon.edu> <526EB50D.70008@cs.tcd.ie>
In-Reply-To: <526EB50D.70008@cs.tcd.ie>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1382992926; bh=4rIZn7i/sMOjwoqpRU6KsSXLYJq0cpmetPcbikb99jA=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=ZOgyC2i2Y1HttMArYkfHDepyCBmBH308F9P/BDSvhN2BBhoHFwnUirqRhlV+WM8Eg 0weaXiJB04VpIKSP/RUCkv8YjXgoaYpENwvw8BwsDUmEucWK0dTu6MmpFDrN3ZdxQ1 WPG/R8n9fyOR+2xdk77EK+VmCsHOJ7J/mcUvtJ8K84MM6BChqTN1wvrNwL7/Q2U/rh Sx952Pg9caADQ073nzLK1B+OoU7CUuEhNW8jXW89IVyBzaS9vWAObPaF77WlR8XwNw E4qm8GWckFTXbJtJ5dS+wFcKPyAcI1l+lm/UvMtTtW2U8NLeBXUQ+O36mgp6J5fbPX wqcvoPCBiwjnQ==
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 20:42:12 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Steven, (others),

>> For example, when it comes to email,
> 
> To be honest, I don't see how we can "fix" mail myself so that its
> not vulnerable to pervasive monitoring. I think we can make such
> monitoring somewhat harder via better use of TLS, and that's worth
> doing, but beyond that, I don't see much that can be done without
> changes that I don't think are likely to happen. I'd be delighted
> to be proven wrong on that, so I'm happy to see it discussed but
> I'm not hopeful.

Is it within the purview of this list to discuss alternatives to, or
replacements for email as we currently know it? Or would that better
be proposed / discussed elsewhere so at to not dilute the topic at hand?

I also believe email as we generally know it is vulnerable to traffic
analysis even if we can encrypt the contents; there's just too much
observable metadata. Currently it seems to my somewhat limited
understanding that some combination of anonymous remailer systems and
properly configured VPN tunnels (and/or Tor perhaps...) are really the
only effective way to obscure your email traffic paths with our
existing systems. Traffic timing analysis is still an issue unless you
have either cover traffic (noise) or introduce a latency (delay) or
both (ala Mixminion / Pynchons Gate).

For the majority of average users, that still leaves you at the mercy
of the remailer operator and the VPN provider, and there are many
possible points of failure in using a VPN even without a Mallory or
Eve behind the scenes subverting your traffic.

That said, I'd still like to see the effort made in making existing
email as resistant as possible by default. Anything less is is a
disservice to the security of the user in general.

Regards,

Dave Nix

- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)

iQEcBAEBAgAGBQJSbswlAAoJEDMbeBxcUNAe75MH/3s95WacpbFQtJJjgBc0kwNR
hDqlN3slQnWnu31g5nfZQxtJ0E0K2u4oRMEviCPG1zSsBjNZSk66ivBxipV5oA4A
3XvjnKPj7p2Sh/73lBQuql3+iy2X3XFEP3xdRRLLlF9uCEKW2wkgCiaJ8gS/XMQv
bJMH5ltfupXaCJQnl4ddGYvxf1vFjCp3oQ8gBicP0dYtgWqiXvbvg6cZSwXsxWz/
wXH37ViRPgWC3+3keuVbHiHoAdp5HUVHMnltR8pc/JWc5ZcE4485PgftgvzHumMm
7a+IDON8TazoKuYO08qcu1uZoONvgCst/EC1YykHL3ZthPnbDuq56F7+Q7r/670=
=CJcQ
-----END PGP SIGNATURE-----

From stephen.farrell@cs.tcd.ie  Mon Oct 28 14:01:50 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7192111E826B for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 14:01:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.209
X-Spam-Level: 
X-Spam-Status: No, score=-102.209 tagged_above=-999 required=5 tests=[AWL=-0.210, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z0dNL8klzBT0 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 14:01:44 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 9D05411E81AC for <perpass@ietf.org>; Mon, 28 Oct 2013 14:01:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7ACCABEFE; Mon, 28 Oct 2013 21:01:40 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K5Lckoo2yqsi; Mon, 28 Oct 2013 21:01:39 +0000 (GMT)
Received: from [10.87.48.9] (unknown [86.45.54.43]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 1FB88BED8; Mon, 28 Oct 2013 21:01:39 +0000 (GMT)
Message-ID: <526ED0B2.1050006@cs.tcd.ie>
Date: Mon, 28 Oct 2013 21:01:38 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: "d.nix" <d.nix@comcast.net>, perpass@ietf.org
References: <13102810494583_8A24@oregon.uoregon.edu> <526EB50D.70008@cs.tcd.ie> <526ECC25.3060106@comcast.net>
In-Reply-To: <526ECC25.3060106@comcast.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 21:01:50 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hiya,

On 10/28/2013 08:42 PM, d.nix wrote:
> Is it within the purview of this list to discuss alternatives to,
> or replacements for email as we currently know it?

We've not been strict on this list to date. (That's
a secondary thing to talk about in Vancouver - should
we be more strict/focused on this list?)

My take fwiw, is that some discussion of how such things
might or might not be more resistant to pervasive
monitoring is ok. Doing detailed design of a more privacy
friendly alternative to mail on this list would be pointless
though - when would you be finished? So, if someone has
such a proposal then writing it up as an I-D that's
handled as usual is the thing to do... as usual:-)

Cheers,
S.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBAgAGBQJSbtCyAAoJEC88hzaAX42iOMEH/i09L63CihuKqMWNu9mkWqLN
w0qP6lduLAKEh6mVIn2KNUrjhCf7rFaeLnZcRCUONgDvyuISGE0U69qgPXCPN6XV
p275LCdcAwrGMLh9hpJAbJpdqxeQwopmerQb7mzXz2YxMcRAVaNQm5DzOiRULCGd
7pyDswJrkTVz+QRTxSEsCihfNFjAuCmyZK/p8o2FAeo/iplOF8CVNd2PTqw/GkHO
tgte3Ra5I61Kc+jrBwOunXKKoEA4r/Jbji7BQdWrERP5E/oDaSCa8vkIwejFxgVS
h3IdROKn7rCaLUgBxjvAQ9sAKk+YlDDSu49MZKTpmI65JYpn62lwUpoR6rQRrWc=
=Z26r
-----END PGP SIGNATURE-----

From rutkowski.tony@gmail.com  Mon Oct 28 14:33:18 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5249A11E81AB for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 14:33:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7MloOUrhtpZD for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 14:33:17 -0700 (PDT)
Received: from mail-yh0-x230.google.com (mail-yh0-x230.google.com [IPv6:2607:f8b0:4002:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id E65FF11E81B9 for <perpass@ietf.org>; Mon, 28 Oct 2013 14:33:16 -0700 (PDT)
Received: by mail-yh0-f48.google.com with SMTP id f64so3041439yha.35 for <perpass@ietf.org>; Mon, 28 Oct 2013 14:33:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=yj7d00+LYvRERMlz9x+n6e0lHlYIljClqA48q7HiU54=; b=T1ZNVsvfufQdlys3cs775HnjWpZpN64hPbBJnfd6V80qUJuK4x0FF5D7BEb6HOJ10v 4RWledS2ww6Golk2WmPWVZHvbt8+S8E1GucBgxryYUzM7UtWSL8NUpQKaQ82P8aTenyF baqAVCWh6fqm1GVEP+4bM04FYZDHhBGnE5aOtSkVnBs/szrCYgdHeH0+AWc9VxBCShgs k5ov46syQGvCarYxpsN8loopFO9/3xJwKmdmm16arr0rwLIhdBBZQ0mflzYvL1fdoWXf ez0P0q2SsT4ikzWKd0ZlGLr+/xHRmCLMBSOzA2aJgfsnrzeREHEuFBZFAf3TL/hTshjk IrFg==
X-Received: by 10.236.133.193 with SMTP id q41mr17118403yhi.51.1382995996374;  Mon, 28 Oct 2013 14:33:16 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id e39sm35560843yhq.15.2013.10.28.14.33.15 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 28 Oct 2013 14:33:15 -0700 (PDT)
Message-ID: <526ED81A.2050200@gmail.com>
Date: Mon, 28 Oct 2013 17:33:14 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Mike Demmers <mdietf@demmers.org>, 'perpass' <perpass@ietf.org>
References: <0d7401ced3a8$3307d1c0$99177540$@huitema.net> <20131028131210.07984f85@cicero.demmers.org>
In-Reply-To: <20131028131210.07984f85@cicero.demmers.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 21:33:18 -0000

+1

It is ironic that until the mid-90s, analysis of metadata
on the backbones was the norm.  Furthermore, it will be
network operators, pursuant to their operational needs
and national legal obligations, that make metadata analysis
decisions

One gets the feel that much of the vetting on the list
is essentially prepassturbating.  Feels good intellectually
for some, but is otherwise not productive.

--tony

On 10/28/2013 4:12 PM, Mike Demmers wrote:
> The problem with the proposals I see for fixing the metadata problem through technical means is that in the end, to actually be effective, they all seem to boil down to 'We had to destroy the internet, in order to save it'.
>
> I think there are small technical changes around the edges that can help, but I really see the solutions for the metadata problem as more political and social than technical. Concentrating on making encryption really, really easy to use would go a lot further at this time than messing with deep changes, because people are not even using what is already available.


From eburger@standardstrack.com  Mon Oct 28 14:51:34 2013
Return-Path: <eburger@standardstrack.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E7A411E834D for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 14:51:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.598
X-Spam-Level: 
X-Spam-Status: No, score=-102.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dWT8FNTFRHqc for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 14:51:30 -0700 (PDT)
Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [74.124.215.15]) by ietfa.amsl.com (Postfix) with ESMTP id 55D6111E8347 for <perpass@ietf.org>; Mon, 28 Oct 2013 14:51:15 -0700 (PDT)
Received: from 53.sub-70-192-226.myvzw.com ([70.192.226.53]:4114 helo=[10.189.192.126]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:RC4-MD5:128) (Exim 4.80) (envelope-from <eburger@standardstrack.com>) id 1VauiN-00034x-Fw; Mon, 28 Oct 2013 14:51:13 -0700
Date: Mon, 28 Oct 2013 17:51:10 -0400
Message-ID: <xyihee6pnhoiqqexhnxqahpe.1382997070075@email.android.com>
Importance: normal
From: Eric Burger <eburger@standardstrack.com>
To: Tony Rutkowski <rutkowski.tony@gmail.com>, Mike Demmers <mdietf@demmers.org>, 'perpass' <perpass@ietf.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--_com.android.email_1041918765156430"
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Eric Burger <eburger@standardstrack.com>
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 21:51:34 -0000

----_com.android.email_1041918765156430
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64

SXQgbWlnaHQgYmUgc2hvY2tpbmcgdG8gc29tZSwgYnV0IEkgYWdyZWUgMTAwJSB3aXRoIFRvbnku
wqAKCgpTZW50IGZyb20gbXkgbW9iaWxlIGRldmljZS4gVGhhbmtzIGJlIHRvIExFTU9OQURFOiBo
dHRwOi8vd3d3LnN0YW5kYXJkc3RyYWNrLmNvbS9pZXRmL2xlbW9uYWRlClMyRVJDOiBodHRwOi8v
czJlcmMuZ2VvcmdldG93bi5lZHUvCkdDU0M6IGh0dHA6Ly9nY3NjLmdlb3JnZXRvd24uZWR1LwpN
ZTogaHR0cDovL3d3dy5jcy5nZW9yZ2V0b3duLmVkdS9+IGVidXJnZXIKCi0tLS0tLS0tIE9yaWdp
bmFsIG1lc3NhZ2UgLS0tLS0tLS0KRnJvbTogVG9ueSBSdXRrb3dza2kgPHJ1dGtvd3NraS50b255
QGdtYWlsLmNvbT4gCkRhdGU6IDEwLzI4LzIwMTMgIDU6MzMgUE0gIChHTVQtMDU6MDApIApUbzog
TWlrZSBEZW1tZXJzIDxtZGlldGZAZGVtbWVycy5vcmc+LCdwZXJwYXNzJyA8cGVycGFzc0BpZXRm
Lm9yZz4gClN1YmplY3Q6IFJlOiBbcGVycGFzc10gVHJhZmZpYyBhbmFseXNpcyAKIAorMQoKSXQg
aXMgaXJvbmljIHRoYXQgdW50aWwgdGhlIG1pZC05MHMsIGFuYWx5c2lzIG9mIG1ldGFkYXRhCm9u
IHRoZSBiYWNrYm9uZXMgd2FzIHRoZSBub3JtLsKgIEZ1cnRoZXJtb3JlLCBpdCB3aWxsIGJlCm5l
dHdvcmsgb3BlcmF0b3JzLCBwdXJzdWFudCB0byB0aGVpciBvcGVyYXRpb25hbCBuZWVkcwphbmQg
bmF0aW9uYWwgbGVnYWwgb2JsaWdhdGlvbnMsIHRoYXQgbWFrZSBtZXRhZGF0YSBhbmFseXNpcwpk
ZWNpc2lvbnMKCk9uZSBnZXRzIHRoZSBmZWVsIHRoYXQgbXVjaCBvZiB0aGUgdmV0dGluZyBvbiB0
aGUgbGlzdAppcyBlc3NlbnRpYWxseSBwcmVwYXNzdHVyYmF0aW5nLsKgIEZlZWxzIGdvb2QgaW50
ZWxsZWN0dWFsbHkKZm9yIHNvbWUsIGJ1dCBpcyBvdGhlcndpc2Ugbm90IHByb2R1Y3RpdmUuCgot
LXRvbnkKCk9uIDEwLzI4LzIwMTMgNDoxMiBQTSwgTWlrZSBEZW1tZXJzIHdyb3RlOgo+IFRoZSBw
cm9ibGVtIHdpdGggdGhlIHByb3Bvc2FscyBJIHNlZSBmb3IgZml4aW5nIHRoZSBtZXRhZGF0YSBw
cm9ibGVtIHRocm91Z2ggdGVjaG5pY2FsIG1lYW5zIGlzIHRoYXQgaW4gdGhlIGVuZCwgdG8gYWN0
dWFsbHkgYmUgZWZmZWN0aXZlLCB0aGV5IGFsbCBzZWVtIHRvIGJvaWwgZG93biB0byAnV2UgaGFk
IHRvIGRlc3Ryb3kgdGhlIGludGVybmV0LCBpbiBvcmRlciB0byBzYXZlIGl0Jy4KPgo+IEkgdGhp
bmsgdGhlcmUgYXJlIHNtYWxsIHRlY2huaWNhbCBjaGFuZ2VzIGFyb3VuZCB0aGUgZWRnZXMgdGhh
dCBjYW4gaGVscCwgYnV0IEkgcmVhbGx5IHNlZSB0aGUgc29sdXRpb25zIGZvciB0aGUgbWV0YWRh
dGEgcHJvYmxlbSBhcyBtb3JlIHBvbGl0aWNhbCBhbmQgc29jaWFsIHRoYW4gdGVjaG5pY2FsLiBD
b25jZW50cmF0aW5nIG9uIG1ha2luZyBlbmNyeXB0aW9uIHJlYWxseSwgcmVhbGx5IGVhc3kgdG8g
dXNlIHdvdWxkIGdvIGEgbG90IGZ1cnRoZXIgYXQgdGhpcyB0aW1lIHRoYW4gbWVzc2luZyB3aXRo
IGRlZXAgY2hhbmdlcywgYmVjYXVzZSBwZW9wbGUgYXJlIG5vdCBldmVuIHVzaW5nIHdoYXQgaXMg
YWxyZWFkeSBhdmFpbGFibGUuCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fXwpwZXJwYXNzIG1haWxpbmcgbGlzdApwZXJwYXNzQGlldGYub3JnCmh0dHBzOi8v
d3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vcGVycGFzcwo=

----_com.android.email_1041918765156430
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64

PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0
L2h0bWw7IGNoYXJzZXQ9VVRGLTgiPjwvaGVhZD48Ym9keSA+PGRpdj5JdCBtaWdodCBiZSBzaG9j
a2luZyB0byBzb21lLCBidXQgSSBhZ3JlZSAxMDAlIHdpdGggVG9ueS4mbmJzcDs8L2Rpdj48ZGl2
Pjxicj48L2Rpdj48ZGl2Pjxicj48L2Rpdj5TZW50IGZyb20gbXkgbW9iaWxlIGRldmljZS4gVGhh
bmtzIGJlIHRvIExFTU9OQURFOiBodHRwOi8vd3d3LnN0YW5kYXJkc3RyYWNrLmNvbS9pZXRmL2xl
bW9uYWRlPGRpdj5TMkVSQzogaHR0cDovL3MyZXJjLmdlb3JnZXRvd24uZWR1LzwvZGl2PjxkaXY+
R0NTQzogaHR0cDovL2djc2MuZ2VvcmdldG93bi5lZHUvPC9kaXY+PGRpdj5NZTogaHR0cDovL3d3
dy5jcy5nZW9yZ2V0b3duLmVkdS9+IGVidXJnZXI8L2Rpdj48YnI+PGJyPjxicj4tLS0tLS0tLSBP
cmlnaW5hbCBtZXNzYWdlIC0tLS0tLS0tPGJyPkZyb206IFRvbnkgUnV0a293c2tpICZsdDtydXRr
b3dza2kudG9ueUBnbWFpbC5jb20mZ3Q7IDxicj5EYXRlOiAxMC8yOC8yMDEzICA1OjMzIFBNICAo
R01ULTA1OjAwKSA8YnI+VG86IE1pa2UgRGVtbWVycyAmbHQ7bWRpZXRmQGRlbW1lcnMub3JnJmd0
OywncGVycGFzcycgJmx0O3BlcnBhc3NAaWV0Zi5vcmcmZ3Q7IDxicj5TdWJqZWN0OiBSZTogW3Bl
cnBhc3NdIFRyYWZmaWMgYW5hbHlzaXMgPGJyPiA8YnI+PGJyPisxPGJyPjxicj5JdCBpcyBpcm9u
aWMgdGhhdCB1bnRpbCB0aGUgbWlkLTkwcywgYW5hbHlzaXMgb2YgbWV0YWRhdGE8YnI+b24gdGhl
IGJhY2tib25lcyB3YXMgdGhlIG5vcm0uJm5ic3A7IEZ1cnRoZXJtb3JlLCBpdCB3aWxsIGJlPGJy
Pm5ldHdvcmsgb3BlcmF0b3JzLCBwdXJzdWFudCB0byB0aGVpciBvcGVyYXRpb25hbCBuZWVkczxi
cj5hbmQgbmF0aW9uYWwgbGVnYWwgb2JsaWdhdGlvbnMsIHRoYXQgbWFrZSBtZXRhZGF0YSBhbmFs
eXNpczxicj5kZWNpc2lvbnM8YnI+PGJyPk9uZSBnZXRzIHRoZSBmZWVsIHRoYXQgbXVjaCBvZiB0
aGUgdmV0dGluZyBvbiB0aGUgbGlzdDxicj5pcyBlc3NlbnRpYWxseSBwcmVwYXNzdHVyYmF0aW5n
LiZuYnNwOyBGZWVscyBnb29kIGludGVsbGVjdHVhbGx5PGJyPmZvciBzb21lLCBidXQgaXMgb3Ro
ZXJ3aXNlIG5vdCBwcm9kdWN0aXZlLjxicj48YnI+LS10b255PGJyPjxicj5PbiAxMC8yOC8yMDEz
IDQ6MTIgUE0sIE1pa2UgRGVtbWVycyB3cm90ZTo8YnI+Jmd0OyBUaGUgcHJvYmxlbSB3aXRoIHRo
ZSBwcm9wb3NhbHMgSSBzZWUgZm9yIGZpeGluZyB0aGUgbWV0YWRhdGEgcHJvYmxlbSB0aHJvdWdo
IHRlY2huaWNhbCBtZWFucyBpcyB0aGF0IGluIHRoZSBlbmQsIHRvIGFjdHVhbGx5IGJlIGVmZmVj
dGl2ZSwgdGhleSBhbGwgc2VlbSB0byBib2lsIGRvd24gdG8gJ1dlIGhhZCB0byBkZXN0cm95IHRo
ZSBpbnRlcm5ldCwgaW4gb3JkZXIgdG8gc2F2ZSBpdCcuPGJyPiZndDs8YnI+Jmd0OyBJIHRoaW5r
IHRoZXJlIGFyZSBzbWFsbCB0ZWNobmljYWwgY2hhbmdlcyBhcm91bmQgdGhlIGVkZ2VzIHRoYXQg
Y2FuIGhlbHAsIGJ1dCBJIHJlYWxseSBzZWUgdGhlIHNvbHV0aW9ucyBmb3IgdGhlIG1ldGFkYXRh
IHByb2JsZW0gYXMgbW9yZSBwb2xpdGljYWwgYW5kIHNvY2lhbCB0aGFuIHRlY2huaWNhbC4gQ29u
Y2VudHJhdGluZyBvbiBtYWtpbmcgZW5jcnlwdGlvbiByZWFsbHksIHJlYWxseSBlYXN5IHRvIHVz
ZSB3b3VsZCBnbyBhIGxvdCBmdXJ0aGVyIGF0IHRoaXMgdGltZSB0aGFuIG1lc3Npbmcgd2l0aCBk
ZWVwIGNoYW5nZXMsIGJlY2F1c2UgcGVvcGxlIGFyZSBub3QgZXZlbiB1c2luZyB3aGF0IGlzIGFs
cmVhZHkgYXZhaWxhYmxlLjxicj48YnI+X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX188YnI+cGVycGFzcyBtYWlsaW5nIGxpc3Q8YnI+cGVycGFzc0BpZXRmLm9y
Zzxicj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3BlcnBhc3M8YnI+PC9i
b2R5Pg==

----_com.android.email_1041918765156430--



From doug.mtview@gmail.com  Mon Oct 28 16:12:13 2013
Return-Path: <doug.mtview@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4534C11E81CB for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 16:12:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level: 
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ce8NCBDmQs-w for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 16:12:11 -0700 (PDT)
Received: from mail-pd0-x22f.google.com (mail-pd0-x22f.google.com [IPv6:2607:f8b0:400e:c02::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 3EBF921F9DBA for <perpass@ietf.org>; Mon, 28 Oct 2013 16:11:33 -0700 (PDT)
Received: by mail-pd0-f175.google.com with SMTP id g10so7787960pdj.34 for <perpass@ietf.org>; Mon, 28 Oct 2013 16:11:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=DxZZNWQ44ZURsd/rcstI7MmEKDMDAA32Gf6BuxvQ22k=; b=Tt1H7azTZPZi04WdMeRid5mzzxYeJKl9qYXFARQwyMWy9Cu4ORLM73cH5huzBJ3v1M cNasbJOryl+4V2F0SAa3q52lAewl2/bax94KiFAT+S/BgNubXpVuJFmtXOvDFqpJVGUz X/An8/ks055RSOx2auaToR0v+hfZPAJkLXIKweJO4xSjVSrwNBRkzYeM2ex6e1srjjJv CZ1N4td/ZmieUSVStEH3H54vkiDRxawtTmj/D1jPFcc19/frn7Q2ALvISZ3duJYVZeCW JV1BetjeWTTg7UisYi4qLEBFIz3lVgHbmsFn7B3BpsW2lqogwPWbdGmBGijvUHLe52bU Mf8w==
X-Received: by 10.68.103.67 with SMTP id fu3mr4575301pbb.169.1383001891848; Mon, 28 Oct 2013 16:11:31 -0700 (PDT)
Received: from [192.168.0.54] (107-0-5-6-ip-static.hfc.comcastbusiness.net. [107.0.5.6]) by mx.google.com with ESMTPSA id lm2sm37979513pab.2.2013.10.28.16.11.29 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 28 Oct 2013 16:11:30 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_3FFFD56E-9021-479C-A141-962547D96610"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <CAMm+Lwg1taJcOaPtT_VQT924LF0EnCW=Fy3gaXo8YwVqEF+zog@mail.gmail.com>
Date: Mon, 28 Oct 2013 16:11:28 -0700
Message-Id: <EBC685DD-E3E3-4B8E-996A-CC767F1CC842@gmail.com>
References: <526811D1.3000802@rolamasao.org> <52681300.7020701@dcrocker.net> <526816B6.4080301@rolamasao.org> <526818F6.9000006@dcrocker.net> <7B180BF5-47CB-4821-82DA-773A1C38D548@gmail.com> <20131023200227.GB94140@funkthat.com> <63250A53-FE97-4530-B75D-60A1192D7C5D@gmail.com> <52683DDF.9030407@rolamasao.org> <20131023213555.GE94140@funkthat.com> <526841F3.4040505@rolamasao.org> <47EC7968-F4DD-42D9-BEAA-9435A010CECB@emc.com> <52696123.9000209@rolamasao.org> <alpine.LFD.2.10.1310251405160.17704@bofh.nohats.ca> <526B8A36.2090707@appelbaum.net> <CAMm+LwiA+eaZ4xRQ8Rn0gDBqgOeiHWAtUH0jqVob4G-db4nGhg@mail.gmail.com> <alpine.LFD.2.10.1310261436140.13053@bofh.nohats.ca> <CAMm+Lwg1taJcOaPtT_VQT924LF0EnCW=Fy3gaXo8YwVqEF+zog@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
X-Mailer: Apple Mail (2.1510)
Cc: perpass <perpass@ietf.org>, Paul Wouters <paul@cypherpunks.ca>, Jacob Appelbaum <jacob@appelbaum.net>
Subject: Re: [perpass] OpenPGP Server-side Signed E-mail [Was: e-mail security idea: server2server PGP]
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 23:12:13 -0000

--Apple-Mail=_3FFFD56E-9021-479C-A141-962547D96610
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1


On Oct 26, 2013, at 1:32 PM, Phillip Hallam-Baker <hallam@gmail.com> =
wrote:

> I don't see much point in trying to couple DANE to PGP.
>=20
> I don't care about sending mail to  cypherpunks.ca, I care about =
sending it to Paul Wouters.
>=20
> Except in very rare instances where an individual controls the domain =
or if I am sending to an enterprise, the domain is going to be pretty =
much irrelevant to authenticating the key.=20
>=20
> Locking down the mailserver key with DANE makes prefect sense. In fact =
that is the only reason I can see to do DNSSEC right now.=20

Dear Phillip,

Agreed.  Allow me to expand.  Who is communicating with whom should be =
considered private, but knowing which domain is sending data does not =
cause the same level of exposure when contained entities can be =
associated with different domains.  While the actual entity sending a =
message might be encrypted, knowing the domain facilitating the exchange =
is the bare minimum needed to defend the services.  No service can be =
allowed to issue messages anonymously.  XMPP offers clues about how this =
is deployable at scale in DNS where dial-back techniques should be =
disabled:

_xmpp-client._tcp.example.com. 36000 IN SRV 0 3 5222 xmpp.example.com.
_xmpp-server._tcp.example.com. 36000 IN SRV 0 3 5269 xmpp.example.com.

Unfortunately, major providers fail to ensure use of valid certificates =
and may only offer self-signed certificates where explicit exceptions =
need to be quietly made. Could this explain why a widely used IM client =
popular in Europe is likely obtained using HTTP?

Things like DANE offer hope.  Being unable to trust DNS or routing, it =
seems DANE offers a conceivable solution. I also agree with Albert Lunde =
about not embedding Turning-complete interpreters.  It is amazing this =
is not seen as harmful from a security perspective.  Perhaps the IETF =
could offer buttons and stickers for sale along with DNSSEC and DANE, or =
would that upset those not wanting to see anything change?  :^)

Regards,
Douglas Otis

There was of course no way of knowing whether you were being watched at =
any given moment. How often, or on what system, the Thought Police =
plugged in on any individual wire was guesswork. It was even conceivable =
that they watched everybody all the time. But at any rate they could =
plug in your wire whenever they wanted to. You had to live-did live, =
from habit that became instinct-in the assumption that every sound you =
made was overheard, and, except in darkness, every movement scrutinized.

Excerpt from Chapter One of George Orwell's book _Nineteen_Eighty_Four_=20=


--Apple-Mail=_3FFFD56E-9021-479C-A141-962547D96610
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=iso-8859-1

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Diso-8859-1"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
"><br><div><div>On Oct 26, 2013, at 1:32 PM, Phillip Hallam-Baker &lt;<a =
href=3D"mailto:hallam@gmail.com">hallam@gmail.com</a>&gt; =
wrote:</div><br><blockquote type=3D"cite"><div dir=3D"ltr"><div =
class=3D"gmail_extra"><div class=3D"gmail_quote"><div>I don't see much =
point in trying to couple DANE to PGP.</div><div><br></div><div>I don't =
care about sending mail to &nbsp;<a href=3D"mailto:paul@cypherpunks.ca" =
target=3D"_blank">cypherpunks.ca</a>, I care about sending it to Paul =
Wouters.</div>
<div><br></div><div>Except in very rare instances where an individual =
controls the domain or if I am sending to an enterprise, the domain is =
going to be pretty much irrelevant to authenticating the =
key.&nbsp;</div><div><br></div></div><div>Locking down the mailserver =
key with DANE makes prefect sense. In fact that is the only reason I can =
see to do DNSSEC right =
now.&nbsp;</div></div></div></blockquote></div><br><div>Dear =
Phillip,</div><div><br></div><div>Agreed. &nbsp;Allow me to expand. =
&nbsp;Who is communicating with whom should be considered private, but =
knowing which domain is sending data does not cause the same level of =
exposure when contained entities can be associated with different =
domains. &nbsp;While the actual entity sending a message might be =
encrypted, knowing the domain facilitating the exchange is the bare =
minimum needed to defend the services. &nbsp;No service can be allowed =
to issue messages anonymously. &nbsp;XMPP offers clues about how this is =
deployable at scale in DNS where dial-back techniques should be =
disabled:</div><div><br></div><div>_xmpp-client._tcp.<a =
href=3D"http://example.com">example.com</a>.&nbsp;36000&nbsp;IN =
SRV&nbsp;0&nbsp;3&nbsp;5222&nbsp;xmpp.example.com.<br>_xmpp-server._tcp.ex=
ample.com.&nbsp;36000&nbsp;IN =
SRV&nbsp;0&nbsp;3&nbsp;5269&nbsp;xmpp.example.com.</div><div><br></div><di=
v>Unfortunately, major providers fail to ensure use of valid =
certificates and may only offer self-signed certificates where explicit =
exceptions need to be quietly made. Could this explain why a widely used =
IM client popular in Europe is likely obtained using =
HTTP?</div><div><br></div><div>Things like DANE offer hope. &nbsp;Being =
unable to trust DNS or routing, it seems DANE offers a conceivable =
solution. I also agree with&nbsp;Albert Lunde about not =
embedding&nbsp;Turning-complete interpreters. &nbsp;It is amazing this =
is not seen as harmful from a security perspective. &nbsp;Perhaps the =
IETF could offer buttons and stickers for sale along with DNSSEC and =
DANE, or would that upset those not wanting to see anything change? =
&nbsp;:^)</div><div><br></div><div><div =
apple-content-edited=3D"true">Regards,<br>Douglas Otis<br><br></div><div =
apple-content-edited=3D"true"><div style=3D"margin: 0px; "><i>There was =
of course no way of knowing whether you were being watched at any given =
moment. How often, or on what system, the Thought Police plugged in on =
any individual wire was guesswork. It was even conceivable that they =
watched everybody all the time. But at any rate they could plug in your =
wire whenever they wanted to. You had to live-did live, from habit that =
became instinct-in the assumption that every sound you made was =
overheard, and, except in darkness, every movement =
scrutinized.</i></div><div apple-content-edited=3D"true"><br></div>Excerpt=
 from Chapter One of George Orwell's book =
_Nineteen_Eighty_Four_&nbsp;<br></div></div></body></html>=

--Apple-Mail=_3FFFD56E-9021-479C-A141-962547D96610--

From hallam@gmail.com  Mon Oct 28 19:43:50 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7B1D11E81A3 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 19:43:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.463
X-Spam-Level: 
X-Spam-Status: No, score=-2.463 tagged_above=-999 required=5 tests=[AWL=0.136,  BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D2NdUWlajDoe for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 19:43:46 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 6FEEF11E81F3 for <perpass@ietf.org>; Mon, 28 Oct 2013 19:43:44 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id ea20so5809826lab.24 for <perpass@ietf.org>; Mon, 28 Oct 2013 19:43:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=pz0R+B0xHhR20Afn6lf32jkZ0QzDIfIw4I32fYLCBhA=; b=VLX2D+O79KpjuAkkyf39m+izlB/a0DiQ9PC+K59e41OyfZBAWcFPX1x6R/1Tk2fVVI Frn0//0nif8OR2IfTQaaT38H/AKm/xpRCsgkOJW2CaPYiAQX9DCnauMo99UdtEbvUR/i Z9O3ygIlXjgcxven+LJykO3n99hsBAwrPyeEup6wJyeyrtLQqbqwm8f9oYIy84tTonms 18fi34hgJunOQfZM0H+FkitqQZQO8NBxb6UU+4+ALj09+jQL9KCn3vgJqdxd2cC4Wn2p QOcxwX4QWf1hv/zfl4VxE0NhXVg5orVPxbp/WDT36Sud0ucM3t+r4bsqArjoMiX7k8oi uCjA==
MIME-Version: 1.0
X-Received: by 10.152.29.103 with SMTP id j7mr16611133lah.7.1383014622297; Mon, 28 Oct 2013 19:43:42 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Mon, 28 Oct 2013 19:43:42 -0700 (PDT)
Date: Mon, 28 Oct 2013 22:43:42 -0400
Message-ID: <CAMm+LwjqdYJr=J2gZcaX=M8iYrh6Xg_zYfZtKF2ie4UK0FT_fA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: perpass <perpass@ietf.org>
Content-Type: multipart/alternative; boundary=089e0160b8284806d604e9d82fbe
Subject: [perpass] Metrics and Work Factor
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 02:43:52 -0000

--089e0160b8284806d604e9d82fbe
Content-Type: text/plain; charset=ISO-8859-1

I am at a workshop on Cyber Metrics at MIT.

When we are talking about protection against targeted surveillance then we
look for the cost of a single attack to be prohibitive and we accept a
certain set of costs to the user.

But for stopping pervasive surveillance we can't always bear those costs.
Significantly increasing the per message work factor is still a benefit
even if the work factor is not prohibitive for single messages.

-- 
Website: http://hallambaker.com/

--089e0160b8284806d604e9d82fbe
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I am at a workshop on Cyber Metrics at MIT.<div><br></div>=
<div>When we are talking about protection against targeted surveillance the=
n we look for the cost of a single attack to be prohibitive and we accept a=
 certain set of costs to the user.</div>
<div><br></div><div>But for stopping pervasive surveillance we can&#39;t al=
ways bear those costs. Significantly increasing the per message work factor=
 is still a benefit even if the work factor is not prohibitive for single m=
essages.=A0<br clear=3D"all">
<div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/">http://h=
allambaker.com/</a><br>
</div></div>

--089e0160b8284806d604e9d82fbe--

From huitema@huitema.net  Mon Oct 28 21:43:41 2013
Return-Path: <huitema@huitema.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BED9911E8164 for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 21:43:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.742
X-Spam-Level: 
X-Spam-Status: No, score=-1.742 tagged_above=-999 required=5 tests=[AWL=0.257,  BAYES_00=-2.599, J_CHICKENPOX_31=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VBH46XkpUwoK for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 21:43:37 -0700 (PDT)
Received: from xsmtp11.mail2web.com (xsmtp31.mail2web.com [168.144.250.234]) by ietfa.amsl.com (Postfix) with ESMTP id 0B34911E80E4 for <perpass@ietf.org>; Mon, 28 Oct 2013 21:43:37 -0700 (PDT)
Received: from [10.5.2.11] (helo=xmail01.myhosting.com) by xsmtp11.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1Vb19T-0003G2-Hl for perpass@ietf.org; Tue, 29 Oct 2013 00:43:36 -0400
Received: (qmail 25921 invoked from network); 29 Oct 2013 04:43:34 -0000
Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail01.myhosting.com (qmail-ldap-1.03) with ESMTPA for <perpass@ietf.org>; 29 Oct 2013 04:43:34 -0000
From: "Christian Huitema" <huitema@huitema.net>
To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, <perpass@ietf.org>
References: <13102810494583_8A24@oregon.uoregon.edu>	<526EB50D.70008@cs.tcd.ie> <526ECC25.3060106@comcast.net> <526ED0B2.1050006@cs.tcd.ie>
In-Reply-To: <526ED0B2.1050006@cs.tcd.ie>
Date: Mon, 28 Oct 2013 21:43:31 -0700
Message-ID: <0e3701ced461$6c245640$446d02c0$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Content-Language: en-us
Thread-Index: AQJbINlGk4dbslrbCasP2HTDqkp5+gDwOk3tAg0oDywC2thNyZjDvTHw
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 04:43:41 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just placed a new copy of my draft on line as:

http://huitema.net/papers/draft-huitema-perpass-trafficanalysis-00.txt

The name changes following feedback, and to avoid unnecessary =
distractions. Thanks to Linus Nordberg for check proofing the previous =
version. I tried to add a couple of paragraphs to reflect the comments =
received on this list and in private, e.g., discussion of IPv6 =
addresses, or discussion of input-output correlation attacks against VPN =
servers or web proxies.

I did not add a complete discussion of e-mail monitoring. I am concerned =
that such addition would greatly increase the size of a draft centered =
on IP headers. E-mail monitoring may well deserve its own draft...

- -- Christian Huitema
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
Comment: Using gpg4o v3.1.107.3564 - http://www.gpg4o.de/
Charset: utf-8

iQEcBAEBAgAGBQJSbzzxAAoJELba05IUOHVQK2MH/2tvF9out7Lz3H/lFSytGSgb
NWnxIXOn6Sc9yUtEIfx9KohKH4urqow4KnvP1HUlfze1ZTM1hbv0IYMeVQ2cMTlq
5OFW3rTUO0SyiJCUpAI+lxf5NhgHA6ug65j0NgRTUPWWMbOtg6a1Y39lkqcUzpwQ
DuT+WAJYZL6WvOMke0SDKlRVA2DV9B8vjs419FsQ3bTxKbc9u8pTDnywy+6L2791
JJHDA7CJh69sZFMvkf5hBGn16xydtdnlk/XBPMJhBuwSkMOl9f+e1833nJVJkqlm
O3Vb3xs3QHU/x5sTZRhfL+udB8s8EvwXSqpC2aY6nhfLGRHJoUde2Mnl1t8GO3U=3D
=3D7p/v
-----END PGP SIGNATURE-----


From ynir@checkpoint.com  Mon Oct 28 23:43:05 2013
Return-Path: <ynir@checkpoint.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33E3321E809E for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 23:43:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.474
X-Spam-Level: 
X-Spam-Status: No, score=-10.474 tagged_above=-999 required=5 tests=[AWL=0.125, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aqT+27+tQIRH for <perpass@ietfa.amsl.com>; Mon, 28 Oct 2013 23:42:59 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id DEA5B11E80F5 for <perpass@ietf.org>; Mon, 28 Oct 2013 23:42:58 -0700 (PDT)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r9T6gpBm031460; Tue, 29 Oct 2013 08:42:51 +0200
X-CheckPoint: {526F57F8-A-1B221DC2-1FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.106]) by DAG-EX10.ad.checkpoint.com ([169.254.3.213]) with mapi id 14.03.0123.003; Tue, 29 Oct 2013 08:42:50 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Thread-Topic: [perpass] Metrics and Work Factor
Thread-Index: AQHO1FDH0ZjN3itSdke0r7AuzneN8ZoLGgUA
Date: Tue, 29 Oct 2013 06:42:49 +0000
Message-ID: <C35B9AE9-A3CF-4C45-A1BC-5A817B166B78@checkpoint.com>
References: <CAMm+LwjqdYJr=J2gZcaX=M8iYrh6Xg_zYfZtKF2ie4UK0FT_fA@mail.gmail.com>
In-Reply-To: <CAMm+LwjqdYJr=J2gZcaX=M8iYrh6Xg_zYfZtKF2ie4UK0FT_fA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [172.31.21.23]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <6A1D9253CE1A1B4A8BAE2307A6110F2C@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Metrics and Work Factor
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 06:43:05 -0000

On Oct 29, 2013, at 4:43 AM, Phillip Hallam-Baker <hallam@gmail.com>
 wrote:

> I am at a workshop on Cyber Metrics at MIT.
>=20
> When we are talking about protection against targeted surveillance then w=
e look for the cost of a single attack to be prohibitive and we accept a ce=
rtain set of costs to the user.
>=20
> But for stopping pervasive surveillance we can't always bear those costs.=
 Significantly increasing the per message work factor is still a benefit ev=
en if the work factor is not prohibitive for single messages.=20

Absolutely. If we can get the cost of surveillance to be such that the NSA =
can only afford to spy on 10,000 people, it's likely that most of us will n=
ot be under surveillance. I believe that I don't rank anywhere on the list =
of 10,000 most dangerous terrorists or criminals. That doesn't necessarily =
have to be measured in bits. If reading my email required breaking into my =
home and stealing the private key off of my computer, that would severely l=
imit the scale.

If we can ever get there, we've made significant progress in terms of priva=
cy. That would still leave the issue of activists and whistleblowers treate=
d as terrorists (or more correctly, wasting tax-payer money to fight politi=
cal opponents), but it would still be progress

Yoav



From derhoermi@gmx.net  Tue Oct 29 06:52:17 2013
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 281B311E825D for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 06:52:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.378
X-Spam-Level: 
X-Spam-Status: No, score=-2.378 tagged_above=-999 required=5 tests=[AWL=0.221,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GO22ZaK9QHHW for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 06:52:13 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by ietfa.amsl.com (Postfix) with ESMTP id E2E9C11E812D for <perpass@ietf.org>; Tue, 29 Oct 2013 06:51:57 -0700 (PDT)
Received: from netb.Speedport_W_700V ([91.35.13.88]) by mail.gmx.com (mrgmx103) with ESMTPA (Nemesis) id 0MTjMy-1VAn7c3mVs-00QSp9 for <perpass@ietf.org>; Tue, 29 Oct 2013 14:51:57 +0100
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Vidya Narayanan <vn@google.com>
Date: Tue, 29 Oct 2013 14:51:58 +0100
Message-ID: <p6cv69lod3c3kdlh0v3mfjo0ic7ta2mrnc@hive.bjoern.hoehrmann.de>
References: <CAO+OM=qyRVgy6qHrmC5uv3BRCGn+f4B9setcKcm+=nhgkVd9wg@mail.gmail.com>
In-Reply-To: <CAO+OM=qyRVgy6qHrmC5uv3BRCGn+f4B9setcKcm+=nhgkVd9wg@mail.gmail.com>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:gmgput2ikChjXso6JVaS0Hp17WW8gZD/aqPnzrkPPoOseMmc4vw bZQdBmrzgh8iRazx1IV4Yw5wsOGAQ97P42zHtxLnnM1dQCr2kEKtUT8lRmoN1Te1yTQM4DX 29w/njG0q+IO3mQQD+z3dVjXWOI1x6RR4vvPOHRTGs7Djcj4jOtNX7Sn1JgnZcACVOPVNz4 2uyeT6IxNB7YyTUEkz6VA==
Cc: perpass@ietf.org
Subject: Re: [perpass] Explicit proxying in HTTP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 13:52:17 -0000

* Vidya Narayanan wrote:
>All,
>http://tools.ietf.org/id/draft-vidya-httpbis-explicit-proxy-ps-00.txt is a
>problem statement on the need for explicit proxying in HTTP.

I have a suggestion. From the document:

   The use of proxies leads to a number of privacy issues.  To
   summarize:

   ...

   o  The server has no knowledge of the presence of the proxy and
      hence, cannot refuse to serve sensitive content over a proxied
      connection.

   o  The weakened security model, when certificate pinning is disabled
      at a general level, allows inspection of content ...

   ...

   With privacy becoming more and more important, it is important for us
   to support solutions that allow awareness of a privacy breach to both
   users and the servers, when that happens.  To this effect, it is
   important that proxies be explicitly supported and detected.

   ...

   o  Content providers may not wish to serve certain content in
      anything less than an end-to-end secure fashion.

How about including in the Goals section that users must be able to
verify the behavior of untrusted user agents without interference on
part of the server, which requires the user being able to inspect any
content without the server knowing, possibly by use of a proxy?

I also note that allowing servers to be aware when my "privacy" has
been "breached" in all likelyhood makes that breach worse, not better.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

From rutkowski.tony@gmail.com  Tue Oct 29 07:13:32 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0E6E21E812C for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 07:13:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.298
X-Spam-Level: 
X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_21=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cFEIcvWcP9xS for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 07:13:31 -0700 (PDT)
Received: from mail-qa0-x22b.google.com (mail-qa0-x22b.google.com [IPv6:2607:f8b0:400d:c00::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 642A211E823E for <perpass@ietf.org>; Tue, 29 Oct 2013 07:13:31 -0700 (PDT)
Received: by mail-qa0-f43.google.com with SMTP id i13so2920471qae.16 for <perpass@ietf.org>; Tue, 29 Oct 2013 07:13:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:content-type; bh=5arVAgLa5Zk+dtyJXl5UYBMgwIVZfF9G3Stq7U9wdVA=; b=Yicy3gj8Z6zZBb2qQ0gYjI5Opo461sPI44p6/9XI086upqDaUyhB8KXlwkRzRTLsK5 rfXDDEiDYoYxlhcGM4ThoYTNQdF0vu6zuC8UkAWmB2r5JqVjogMdoanyHwUVxaVXQjsN z7OLa60sjj/r8wq8xmCCq2V7nNE/3oVG1X9QyHILZpyiqFUhtIeX3pe3mZG6j/oFkVMq MwNPe+R1WUnVLVWXg27VoYUIHzAbF+JKh/kurP4GKBpCxrovTLFy+s+QwVfySna1TbVc E7y4cUfvzjzXfZ4Xbgo4eo2zsgtNmdcWexsTc7xxy4bpdMtzmdXbAwdeONxsBJdJfPIE S4vw==
X-Received: by 10.49.58.8 with SMTP id m8mr35718073qeq.71.1383056010846; Tue, 29 Oct 2013 07:13:30 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id 4sm65533881qak.11.2013.10.29.07.13.29 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 29 Oct 2013 07:13:30 -0700 (PDT)
Message-ID: <526FC288.5060203@gmail.com>
Date: Tue, 29 Oct 2013 10:13:28 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: perpass@ietf.org
References: <13102810494583_8A24@oregon.uoregon.edu>	<526EB50D.70008@cs.tcd.ie> <526ECC25.3060106@comcast.net> <526ED0B2.1050006@cs.tcd.ie>
In-Reply-To: <526ED0B2.1050006@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="------------070405000907050904010408"
Subject: [perpass] Perpassturbating metrics
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 14:13:32 -0000

This is a multi-part message in MIME format.
--------------070405000907050904010408
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

The metrics below are useful in
analyzing the dynamics of the group.
It certainly gets a gold star for diversity.

For those considering ID definitions,
the one below is available for use.

perpassturbating: usually, a paranoid
person stroking their keyboard to send
message on perpass email list beating
up on NSA and offering some mitigating
scheme in an attempt to prevent traffic
analysis.

-t


	
	Posts
Stephen 	Farrell 	106
Phillip 	Hallam-Baker 	53
Stephen 	Kent 	40
Karl 	Malbrain 	36
Hannes 	Tschofenig 	27
Randy 	Bush 	20
Brian 	Trammell 	18
Paul 	Wouters 	17
Scott 	Brim 	16
Ben 	Laurie 	16
Yoav 	Nir 	16
Tony 	Rutkowski 	16
Dave 	Crocker 	15

	SM 	14
Mike 	Demmers 	13
ned 	perpass 	13
Bjoern 	Hoehrmann 	12
Dean 	Willis 	12

	DataPacRat 	11
Kathleen 	Moriarty 	11
Jim 	Fenton 	9
Christian 	Huitema 	9
Hosnieh 	Rafiee 	9
Mark 	Handley 	8
Leif 	Johansson 	8
Douglas 	Otis 	8
Patrick 	Pelletier 	8
Peter 	Saint-Andre 	8
Richard 	Shockey 	8
Richard 	Barnes 	7
John-Mark 	Gurney 	7
joel 	jaeggli 	7
Brian 	Carpenter 	6
Ted 	Hardie 	6
Eliot 	Lear 	6
Yakov 	Shafranovich 	6
Yaron 	Sheffer 	6
Noel 	Torres 	6
Nicholas 	Weaver 	6
Jon 	Peterson 	5
Warren 	Kumari 	5
bill 	manning 	5
Russ 	White 	5
Jacob 	Appelbaum 	4
Stephane 	Bortzmeyer 	4
Alissa 	Cooper 	4
Joseph 	Hall 	4
Russ 	Housley 	4
Cullen 	Jennings 	4
Ralf Skyper 	Kaiser 	4
Nick 	Mathewson 	4
Nick 	Thomas 	4
Carl 	Wallace 	4
Benoit 	Claise 	3
Avri 	Doria 	3
Peter 	Gutmann 	3
Cullen 	Jennings 	3
Lucy 	Lynch 	3
Brian 	Rosen 	3
Theodore 	Ts'o 	3
Leo 	Vegoda 	3
Moritz 	Bartl 	2
Norbert 	Bollow 	2
Tim 	Bray 	2
Jon 	Callas 	2
James 	Cloos 	2
Elwyn 	Davies 	2
Karl 	Dubost 	2
Paul 	Hoffman 	2
Olle E. 	Johansson 	2
Simon 	Josefsson 	2
Paul 	Kyzivat 	2
Watson 	Ladd 	2
Albert 	Lunde 	2
Nicolas 	Mailhot 	2
George 	Michaelson 	2
d 	nix 	2
Linus 	Nordberg 	2
Marc 	Petit-Huguenin 	2
Martin 	Rex 	2
Joe 	St Sauver 	2
Eitan 	Adler 	1
Jari 	Arkko 	1
Mark 	Atwood 	1
Paul 	Bakker 	1
Marc 	Blanchet 	1
Dickson, 	Brian 	1
Richard Guy 	Briggs 	1
Eric 	Burger 	1
Adam 	Caudill 	1
William 	Chan 	1
Spencer 	Dawkins 	1
Nick 	Doty 	1
Roy 	Fielding 	1
Oliver 	Gasser 	1
Tobias 	Gondrom 	1
Harry 	Halpin 	1
Ryan 	Hurst 	1
Benjamin 	Kaduk 	1
Poul-Henning 	Kamp 	1
Hadriel 	Kaplan 	1
Phil 	Karn 	1
Adam 	Langley 	1
Eggert, 	Lars 	1
David 	Lloyd-Jones 	1
karl 	m 	1
Nikos 	Mavrogiannopoulos 	1
Alexey 	Melnikov 	1
David 	Morris 	1
Vidya 	Narayanan 	1
Trevor 	Perrin 	1
Alfredo 	Pironti 	1
Marsh 	Ray 	1
Eric 	Rescorla 	1
Michael 	Richardson 	1
Dan 	Schlitt 	1
Ross 	Schulman 	1
IETF 	Secretariat 	1
David 	Singer 	1
Ross 	Snider 	1
Elijah 	Sparrow 	1
Rene 	Struik 	1
Eduardo A. 	SuÃrez 	1
Andrew 	Sullivan 	1
Martin 	Thomson 	1
Mark 	Townsley 	1
Andy 	Wilson 	1
Robin 	Wilton 	1
Dan 	Wing 	1
Xiaoyong 	Wu 	1
Dan 	York 	1



--------------070405000907050904010408
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    The metrics below are useful in<br>
    analyzing the dynamics of the group.<br>
    It certainly gets a gold star for diversity.<br>
    <br>
    For those considering ID definitions,<br>
    the one below is available for use.<br>
    <p class="MsoNormal"><tt><span>perpassturbating: usually, a paranoid
          <br>
          person stroking </span></tt><span><tt>their keyboard to send
          <br>
          message on </tt><tt>perpass email list beating <br>
          up on NSA </tt><tt>and offering some mitigating <br>
          scheme in an </tt><tt>attempt to prevent traffic<br>
          analysis.<br>
        </tt></span></p>
    <p class="MsoNormal"><span><tt>-t<br>
          <br>
        </tt></span></p>
    <p class="MsoNormal"> </p>
    <table style="border-collapse: collapse;width:178pt" cellpadding="0"
      cellspacing="0" border="0" width="237">
      <colgroup><col style="width:48pt" width="64"> <col
          style="mso-width-source:userset;mso-width-alt:3986;width:82pt"
          width="109"> <col style="width:48pt" width="64"> </colgroup><tbody>
        <tr style="height:15.0pt" height="20">
          <td class="xl64" style="height:15.0pt;width:48pt" height="20"
            width="64"><br>
          </td>
          <td class="xl64" style="width:82pt" width="109"><br>
          </td>
          <td class="xl64" style="width:48pt" width="64">Posts</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Stephen</td>
          <td class="xl63">Farrell</td>
          <td class="xl63" align="right">106</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Phillip</td>
          <td class="xl63">Hallam-Baker</td>
          <td class="xl63" align="right">53</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Stephen</td>
          <td class="xl63">Kent</td>
          <td class="xl63" align="right">40</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Karl</td>
          <td class="xl63">Malbrain</td>
          <td class="xl63" align="right">36</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Hannes</td>
          <td class="xl63">Tschofenig</td>
          <td class="xl63" align="right">27</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Randy</td>
          <td class="xl63">Bush</td>
          <td class="xl63" align="right">20</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Brian</td>
          <td class="xl63">Trammell</td>
          <td class="xl63" align="right">18</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Paul</td>
          <td class="xl63">Wouters</td>
          <td class="xl63" align="right">17</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Scott</td>
          <td class="xl63">Brim</td>
          <td class="xl63" align="right">16</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Ben</td>
          <td class="xl63">Laurie</td>
          <td class="xl63" align="right">16</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Yoav</td>
          <td class="xl63">Nir</td>
          <td class="xl63" align="right">16</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Tony</td>
          <td class="xl63">Rutkowski</td>
          <td class="xl63" align="right">16</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Dave</td>
          <td class="xl63">Crocker</td>
          <td class="xl63" align="right">15</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20"><br>
          </td>
          <td class="xl63">SM</td>
          <td class="xl63" align="right">14</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Mike</td>
          <td class="xl63">Demmers</td>
          <td class="xl63" align="right">13</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">ned</td>
          <td class="xl63">perpass</td>
          <td class="xl63" align="right">13</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Bjoern</td>
          <td class="xl63">Hoehrmann</td>
          <td class="xl63" align="right">12</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Dean</td>
          <td class="xl63">Willis</td>
          <td class="xl63" align="right">12</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20"><br>
          </td>
          <td class="xl63">DataPacRat</td>
          <td class="xl63" align="right">11</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Kathleen</td>
          <td class="xl63">Moriarty</td>
          <td class="xl63" align="right">11</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Jim</td>
          <td class="xl63">Fenton</td>
          <td class="xl63" align="right">9</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Christian</td>
          <td class="xl63">Huitema</td>
          <td class="xl63" align="right">9</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Hosnieh</td>
          <td class="xl63">Rafiee</td>
          <td class="xl63" align="right">9</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Mark</td>
          <td class="xl63">Handley</td>
          <td class="xl63" align="right">8</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Leif</td>
          <td class="xl63">Johansson</td>
          <td class="xl63" align="right">8</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Douglas</td>
          <td class="xl63">Otis</td>
          <td class="xl63" align="right">8</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Patrick</td>
          <td class="xl63">Pelletier</td>
          <td class="xl63" align="right">8</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Peter</td>
          <td class="xl63">Saint-Andre</td>
          <td class="xl63" align="right">8</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Richard</td>
          <td class="xl63">Shockey</td>
          <td class="xl63" align="right">8</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Richard</td>
          <td class="xl63">Barnes</td>
          <td class="xl63" align="right">7</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">John-Mark</td>
          <td class="xl63">Gurney</td>
          <td class="xl63" align="right">7</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">joel</td>
          <td class="xl63">jaeggli</td>
          <td class="xl63" align="right">7</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Brian</td>
          <td class="xl63">Carpenter</td>
          <td class="xl63" align="right">6</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Ted</td>
          <td class="xl63">Hardie</td>
          <td class="xl63" align="right">6</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Eliot</td>
          <td class="xl63">Lear</td>
          <td class="xl63" align="right">6</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Yakov</td>
          <td class="xl63">Shafranovich</td>
          <td class="xl63" align="right">6</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Yaron</td>
          <td class="xl63">Sheffer</td>
          <td class="xl63" align="right">6</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Noel</td>
          <td class="xl63">Torres</td>
          <td class="xl63" align="right">6</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Nicholas</td>
          <td class="xl63">Weaver</td>
          <td class="xl63" align="right">6</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Jon</td>
          <td class="xl63">Peterson</td>
          <td class="xl63" align="right">5</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Warren</td>
          <td class="xl63">Kumari</td>
          <td class="xl63" align="right">5</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">bill</td>
          <td class="xl63">manning</td>
          <td class="xl63" align="right">5</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Russ</td>
          <td class="xl63">White</td>
          <td class="xl63" align="right">5</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Jacob</td>
          <td class="xl63">Appelbaum</td>
          <td class="xl63" align="right">4</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Stephane</td>
          <td class="xl63">Bortzmeyer</td>
          <td class="xl63" align="right">4</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Alissa</td>
          <td class="xl63">Cooper</td>
          <td class="xl63" align="right">4</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Joseph</td>
          <td class="xl63">Hall</td>
          <td class="xl63" align="right">4</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Russ</td>
          <td class="xl63">Housley</td>
          <td class="xl63" align="right">4</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Cullen</td>
          <td class="xl63">Jennings</td>
          <td class="xl63" align="right">4</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Ralf Skyper</td>
          <td class="xl63">Kaiser</td>
          <td class="xl63" align="right">4</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Nick</td>
          <td class="xl63">Mathewson</td>
          <td class="xl63" align="right">4</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Nick</td>
          <td class="xl63">Thomas</td>
          <td class="xl63" align="right">4</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Carl</td>
          <td class="xl63">Wallace</td>
          <td class="xl63" align="right">4</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Benoit</td>
          <td class="xl63">Claise</td>
          <td class="xl63" align="right">3</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Avri</td>
          <td class="xl63">Doria</td>
          <td class="xl63" align="right">3</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Peter</td>
          <td class="xl63">Gutmann</td>
          <td class="xl63" align="right">3</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Cullen</td>
          <td class="xl63">Jennings</td>
          <td class="xl63" align="right">3</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Lucy</td>
          <td class="xl63">Lynch</td>
          <td class="xl63" align="right">3</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Brian</td>
          <td class="xl63">Rosen</td>
          <td class="xl63" align="right">3</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Theodore</td>
          <td class="xl63">Ts'o</td>
          <td class="xl63" align="right">3</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Leo</td>
          <td class="xl63">Vegoda</td>
          <td class="xl63" align="right">3</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Moritz</td>
          <td class="xl63">Bartl</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Norbert</td>
          <td class="xl63">Bollow</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Tim</td>
          <td class="xl63">Bray</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Jon</td>
          <td class="xl63">Callas</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">James</td>
          <td class="xl63">Cloos</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Elwyn</td>
          <td class="xl63">Davies</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Karl</td>
          <td class="xl63">Dubost</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Paul</td>
          <td class="xl63">Hoffman</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Olle E.</td>
          <td class="xl63">Johansson</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Simon</td>
          <td class="xl63">Josefsson</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Paul</td>
          <td class="xl63">Kyzivat</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Watson</td>
          <td class="xl63">Ladd</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Albert</td>
          <td class="xl63">Lunde</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Nicolas</td>
          <td class="xl63">Mailhot</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">George</td>
          <td class="xl63">Michaelson</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">d</td>
          <td class="xl63">nix</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Linus</td>
          <td class="xl63">Nordberg</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Marc</td>
          <td class="xl63">Petit-Huguenin</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Martin</td>
          <td class="xl63">Rex</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Joe</td>
          <td class="xl63">St Sauver</td>
          <td class="xl63" align="right">2</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Eitan</td>
          <td class="xl63">Adler</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Jari</td>
          <td class="xl63">Arkko</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Mark</td>
          <td class="xl63">Atwood</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Paul</td>
          <td class="xl63">Bakker</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Marc</td>
          <td class="xl63">Blanchet</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Dickson,</td>
          <td class="xl63">Brian</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Richard Guy</td>
          <td class="xl63">Briggs</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Eric</td>
          <td class="xl63">Burger</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Adam</td>
          <td class="xl63">Caudill</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">William</td>
          <td class="xl63">Chan</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Spencer</td>
          <td class="xl63">Dawkins</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Nick</td>
          <td class="xl63">Doty</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Roy</td>
          <td class="xl63">Fielding</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Oliver</td>
          <td class="xl63">Gasser</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Tobias</td>
          <td class="xl63">Gondrom</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Harry</td>
          <td class="xl63">Halpin</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Ryan</td>
          <td class="xl63">Hurst</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Benjamin</td>
          <td class="xl63">Kaduk</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Poul-Henning</td>
          <td class="xl63">Kamp</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Hadriel</td>
          <td class="xl63">Kaplan</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Phil</td>
          <td class="xl63">Karn</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Adam</td>
          <td class="xl63">Langley</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Eggert,</td>
          <td class="xl63">Lars</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">David</td>
          <td class="xl63">Lloyd-Jones</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">karl</td>
          <td class="xl63">m</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Nikos</td>
          <td class="xl63">Mavrogiannopoulos</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Alexey</td>
          <td class="xl63">Melnikov</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">David</td>
          <td class="xl63">Morris</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Vidya</td>
          <td class="xl63">Narayanan</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Trevor</td>
          <td class="xl63">Perrin</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Alfredo</td>
          <td class="xl63">Pironti</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Marsh</td>
          <td class="xl63">Ray</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Eric</td>
          <td class="xl63">Rescorla</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Michael</td>
          <td class="xl63">Richardson</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Dan</td>
          <td class="xl63">Schlitt</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Ross</td>
          <td class="xl63">Schulman</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">IETF</td>
          <td class="xl63">Secretariat</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">David</td>
          <td class="xl63">Singer</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Ross</td>
          <td class="xl63">Snider</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Elijah</td>
          <td class="xl63">Sparrow</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Rene</td>
          <td class="xl63">Struik</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Eduardo A.</td>
          <td class="xl63">Su&Atilde;rez</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Andrew</td>
          <td class="xl63">Sullivan</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Martin</td>
          <td class="xl63">Thomson</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Mark</td>
          <td class="xl63">Townsley</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Andy</td>
          <td class="xl63">Wilson</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Robin</td>
          <td class="xl63">Wilton</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Dan</td>
          <td class="xl63">Wing</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Xiaoyong</td>
          <td class="xl63">Wu</td>
          <td class="xl63" align="right">1</td>
        </tr>
        <tr style="height:15.0pt" height="20">
          <td class="xl63" style="height:15.0pt" height="20">Dan</td>
          <td class="xl63">York</td>
          <td class="xl63" align="right">1</td>
        </tr>
      </tbody>
    </table>
    <br>
  </body>
</html>

--------------070405000907050904010408--

From dhc@dcrocker.net  Tue Oct 29 07:35:30 2013
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77C9511E8298 for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 07:35:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.086
X-Spam-Level: 
X-Spam-Status: No, score=-6.086 tagged_above=-999 required=5 tests=[AWL=0.513,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pgKvBqEnHeqb for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 07:35:12 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 16F4011E82A5 for <perpass@ietf.org>; Tue, 29 Oct 2013 07:35:12 -0700 (PDT)
Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net [76.218.9.215]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r9TEYwtV008349 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 29 Oct 2013 07:35:02 -0700
Message-ID: <526FC786.4000300@dcrocker.net>
Date: Tue, 29 Oct 2013 07:34:46 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: rutkowski.tony@gmail.com, perpass@ietf.org
References: <13102810494583_8A24@oregon.uoregon.edu>	<526EB50D.70008@cs.tcd.ie>	<526ECC25.3060106@comcast.net> <526ED0B2.1050006@cs.tcd.ie> <526FC288.5060203@gmail.com>
In-Reply-To: <526FC288.5060203@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Tue, 29 Oct 2013 07:35:02 -0700 (PDT)
Subject: Re: [perpass] Perpassturbating metrics
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 14:35:30 -0000

On 10/29/2013 7:13 AM, Tony Rutkowski wrote:
> perpassturbating: usually, a paranoid
> person stroking their keyboard to send
> message on perpass email list beating
> up on NSA and offering some mitigating
> scheme in an attempt to prevent traffic
> analysis.


Gosh, Tony, that's so clever.

However I can't understand how I fit into the count, since I've tried to 
be careful to say nothing against NSA, explicitly or implicitly, since I 
consider it out of scope for this list.  And I think that's true of 
number of others you cite.

I thought the purpose of this list was technical discussion, not 
discussion of government agencies, per se.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

From stephen.farrell@cs.tcd.ie  Tue Oct 29 08:12:18 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D31AE11E82C2 for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 08:12:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x1KIWMq-Ak98 for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 08:12:12 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 9239321F9991 for <perpass@ietf.org>; Tue, 29 Oct 2013 08:11:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id CDF8ABE53 for <perpass@ietf.org>; Tue, 29 Oct 2013 15:11:51 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E9uMdIjju7fk for <perpass@ietf.org>; Tue, 29 Oct 2013 15:11:51 +0000 (GMT)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AC9AFBE33 for <perpass@ietf.org>; Tue, 29 Oct 2013 15:11:51 +0000 (GMT)
Message-ID: <526FD02E.9020501@cs.tcd.ie>
Date: Tue, 29 Oct 2013 15:11:42 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: perpass <perpass@ietf.org>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [perpass] Various IETF-88 sessions discussing pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 15:12:18 -0000

Hiya,

Aside from the tech plenary and the BoF slot, a few other
sessions will discuss relevant topics. I'm keeping a list
here. [1]

And for anyone coming late to the list, I've also got a
list of what I think are relevant drafts and threads. [2]
Note that that latter list doesn't imply any status for
any draft, its just I found it useful to keep track of
the more useful material. (I guess it might also help
folks skip over the sillier noise on the list;-)

Additions/corrections to either are welcome, just send
me a mail offlist.

Cheers,
S.

[1] http://down.dsg.cs.tcd.ie/misc/perpass-sessions.txt
[2] http://down.dsg.cs.tcd.ie/misc/perpass.txt

From rutkowski.tony@gmail.com  Tue Oct 29 08:13:12 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6473511E8291 for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 08:13:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.576
X-Spam-Level: 
X-Spam-Status: No, score=-2.576 tagged_above=-999 required=5 tests=[AWL=0.023,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hl2epxHhDlv1 for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 08:13:12 -0700 (PDT)
Received: from mail-yh0-x22d.google.com (mail-yh0-x22d.google.com [IPv6:2607:f8b0:4002:c01::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 2496421F9991 for <perpass@ietf.org>; Tue, 29 Oct 2013 08:13:10 -0700 (PDT)
Received: by mail-yh0-f45.google.com with SMTP id i57so3466304yha.4 for <perpass@ietf.org>; Tue, 29 Oct 2013 08:13:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=1SBXLidwcAhKj/y5DsS8fJzBJIeZNlV2mQfYVRKE0SA=; b=dtrpjhSXMJDe4UglaVKnm9+NqKVfeimTfKlym9MovV2N8Wp3LEaMSTKHcGkdNt5dD1 ROnSxAnHwInflCOWW24qaFtKtOBnWgLDbX9lttlN9Z4rLS+cju3yHi+RZtxiCw4inA9H 7YIHh47xcYbCxE/FMgO0/fgtZhr5Wif4LLXSFOxg1dugmLzi24+7IPq8tJIg+pwK8UyP Q7JrgBOFkgDAhKWPYt+kz7UzcGyZQfp9sZk48vjV+Y7I0h9H3wv3VduDWYFsRUFk3zMy Q34Ji9cdrYX8RDpp6PGj7TdRnJp+G4Wzi4h6WGcN8I/tVJ101ZCB/uncZNa4l2tTjbna 0zkw==
X-Received: by 10.236.86.236 with SMTP id w72mr293782yhe.207.1383059590336; Tue, 29 Oct 2013 08:13:10 -0700 (PDT)
Received: from [192.168.0.18] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id v45sm40521800yha.2.2013.10.29.08.13.09 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 29 Oct 2013 08:13:09 -0700 (PDT)
Message-ID: <526FD084.3040608@gmail.com>
Date: Tue, 29 Oct 2013 11:13:08 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: dcrocker@bbiw.net, perpass@ietf.org
References: <13102810494583_8A24@oregon.uoregon.edu>	<526EB50D.70008@cs.tcd.ie>	<526ECC25.3060106@comcast.net> <526ED0B2.1050006@cs.tcd.ie> <526FC288.5060203@gmail.com> <526FC786.4000300@dcrocker.net>
In-Reply-To: <526FC786.4000300@dcrocker.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Perpassturbating metrics
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 15:13:12 -0000

Hi Dave,

Good point.  Hence the word "generally."  I obviously
don't fit that definition either...nor frankly do most others,
as the discussion has largely been focussed on technical
matters.  The definition was intended to apply to those on
the list who seem to get pleasure from the government if
not private sector surveillance bashing and are motivated
by it.  So apologies for the over reaching comedic definition.

The metrics are, however, themselves interesting, and
indicative of who shapes the discussions, who are
especially motivated. and the  surprisingly large number
of people participating.  With 131 people posting, the
views are diverse, and among those participating above
the norm, the platforms are interesting albeit mostly
well tread and unlikely to be pursued except in small
communities of users that have the motivation and
money to pursue them.

best,
--tony


On 10/29/2013 10:34 AM, Dave Crocker wrote:
> I thought the purpose of this list was technical discussion, not 
> discussion of government agencies, per se.


From dhc@dcrocker.net  Tue Oct 29 08:27:43 2013
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2098011E82EF for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 08:27:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.15
X-Spam-Level: 
X-Spam-Status: No, score=-6.15 tagged_above=-999 required=5 tests=[AWL=0.449,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ok+hN37uhOUM for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 08:27:38 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 1440B21E8142 for <perpass@ietf.org>; Tue, 29 Oct 2013 08:27:34 -0700 (PDT)
Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net [76.218.9.215]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r9TFRSAP009859 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 29 Oct 2013 08:27:31 -0700
Message-ID: <526FD3D3.3010504@dcrocker.net>
Date: Tue, 29 Oct 2013 08:27:15 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: rutkowski.tony@gmail.com, dcrocker@bbiw.net, perpass@ietf.org
References: <13102810494583_8A24@oregon.uoregon.edu>	<526EB50D.70008@cs.tcd.ie>	<526ECC25.3060106@comcast.net>	<526ED0B2.1050006@cs.tcd.ie> <526FC288.5060203@gmail.com>	<526FC786.4000300@dcrocker.net> <526FD084.3040608@gmail.com>
In-Reply-To: <526FD084.3040608@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Tue, 29 Oct 2013 08:27:31 -0700 (PDT)
Subject: Re: [perpass] Perpassturbating metrics
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 15:27:43 -0000

On 10/29/2013 8:13 AM, Tony Rutkowski wrote:
> Hi Dave,
>
> Good point.  Hence the word "generally."  I obviously


Tony,

The word you used was 'usually'.  Either way it's wrong.  Your asserting 
paranoia as the basis for the comments is entirely inappropriate here, 
both for scope and justification.

And the topic of the NSA has not dominated the list, which makes 
'generally' or 'usually' statistically wrong, also.

As for 'shaping' the discussion, your simplistic model implies that a 
single, cogent posting doesn't affect the shape as much as raw number of 
postings, or that we haven't had such postings.  It doesn't take a human 
communications masters degree to know that that's wrong, too.  While 
knowing posting rate can be informative, it's not nearly as substantive 
as you've just asserted.

So as comedic attempts go, you should try to develop better material, 
but my personal request is that you please not here.  Invoking NSA here 
is mostly likely (or will 'usually') create distractions.

Surely that's not your intent?[*]

d/

[*]  That's what is called a rhetorical question.

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

From acooper@cdt.org  Tue Oct 29 08:28:48 2013
Return-Path: <acooper@cdt.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E693921E817C for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 08:28:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.416
X-Spam-Level: 
X-Spam-Status: No, score=-101.416 tagged_above=-999 required=5 tests=[AWL=-1.276, BAYES_20=-0.74, J_CHICKENPOX_21=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5KMLSEJArB9u for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 08:28:34 -0700 (PDT)
Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id 9A41521E814E for <perpass@ietf.org>; Tue, 29 Oct 2013 08:28:11 -0700 (PDT)
X-Footer: Y2R0Lm9yZw==
Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Tue, 29 Oct 2013 11:28:09 -0400
Content-Type: multipart/signed; boundary="Apple-Mail=_2542D944-12F0-4008-8D43-0519B721CACB"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Alissa Cooper <acooper@cdt.org>
In-Reply-To: <526FC288.5060203@gmail.com>
Date: Tue, 29 Oct 2013 08:28:07 -0700
Message-Id: <2ECDB3A3-39BB-483F-952A-FE4F1E163543@cdt.org>
References: <13102810494583_8A24@oregon.uoregon.edu>	<526EB50D.70008@cs.tcd.ie> <526ECC25.3060106@comcast.net> <526ED0B2.1050006@cs.tcd.ie> <526FC288.5060203@gmail.com>
To: rutkowski.tony@gmail.com
X-Mailer: Apple Mail (2.1499)
Cc: perpass@ietf.org
Subject: Re: [perpass] Perpassturbating metrics
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 15:28:48 -0000

--Apple-Mail=_2542D944-12F0-4008-8D43-0519B721CACB
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1

I find this offensive and juvenile. Let's stick to the topics that this =
mailing list was designed for.

Alissa

On Oct 29, 2013, at 7:13 AM, Tony Rutkowski <rutkowski.tony@gmail.com> =
wrote:

> The metrics below are useful in
> analyzing the dynamics of the group.
> It certainly gets a gold star for diversity.
>=20
> For those considering ID definitions,
> the one below is available for use.
> perpassturbating: usually, a paranoid=20
> person stroking their keyboard to send=20
> message on perpass email list beating=20
> up on NSA and offering some mitigating=20
> scheme in an attempt to prevent traffic
> analysis.
>=20
> -t
>=20
>=20
>=20
>=20
>=20
> Posts
> Stephen	Farrell	106
> Phillip	Hallam-Baker	53
> Stephen	Kent	40
> Karl	Malbrain	36
> Hannes	Tschofenig	27
> Randy	Bush	20
> Brian	Trammell	18
> Paul	Wouters	17
> Scott	Brim	16
> Ben	Laurie	16
> Yoav	Nir	16
> Tony	Rutkowski	16
> Dave	Crocker	15
>=20
> SM	14
> Mike	Demmers	13
> ned	perpass	13
> Bjoern	Hoehrmann	12
> Dean	Willis	12
>=20
> DataPacRat	11
> Kathleen	Moriarty	11
> Jim	Fenton	9
> Christian	Huitema	9
> Hosnieh	Rafiee	9
> Mark	Handley	8
> Leif	Johansson	8
> Douglas	Otis	8
> Patrick	Pelletier	8
> Peter	Saint-Andre	8
> Richard	Shockey	8
> Richard	Barnes	7
> John-Mark	Gurney	7
> joel	jaeggli	7
> Brian	Carpenter	6
> Ted	Hardie	6
> Eliot	Lear	6
> Yakov	Shafranovich	6
> Yaron	Sheffer	6
> Noel	Torres	6
> Nicholas	Weaver	6
> Jon	Peterson	5
> Warren	Kumari	5
> bill	manning	5
> Russ	White	5
> Jacob	Appelbaum	4
> Stephane	Bortzmeyer	4
> Alissa	Cooper	4
> Joseph	Hall	4
> Russ	Housley	4
> Cullen	Jennings	4
> Ralf Skyper	Kaiser	4
> Nick	Mathewson	4
> Nick	Thomas	4
> Carl	Wallace	4
> Benoit	Claise	3
> Avri	Doria	3
> Peter	Gutmann	3
> Cullen	Jennings	3
> Lucy	Lynch	3
> Brian	Rosen	3
> Theodore	Ts'o	3
> Leo	Vegoda	3
> Moritz	Bartl	2
> Norbert	Bollow	2
> Tim	Bray	2
> Jon	Callas	2
> James	Cloos	2
> Elwyn	Davies	2
> Karl	Dubost	2
> Paul	Hoffman	2
> Olle E.	Johansson	2
> Simon	Josefsson	2
> Paul	Kyzivat	2
> Watson	Ladd	2
> Albert	Lunde	2
> Nicolas	Mailhot	2
> George	Michaelson	2
> d	nix	2
> Linus	Nordberg	2
> Marc	Petit-Huguenin	2
> Martin	Rex	2
> Joe	St Sauver	2
> Eitan	Adler	1
> Jari	Arkko	1
> Mark	Atwood	1
> Paul	Bakker	1
> Marc	Blanchet	1
> Dickson,	Brian	1
> Richard Guy	Briggs	1
> Eric	Burger	1
> Adam	Caudill	1
> William	Chan	1
> Spencer	Dawkins	1
> Nick	Doty	1
> Roy	Fielding	1
> Oliver	Gasser	1
> Tobias	Gondrom	1
> Harry	Halpin	1
> Ryan	Hurst	1
> Benjamin	Kaduk	1
> Poul-Henning	Kamp	1
> Hadriel	Kaplan	1
> Phil	Karn	1
> Adam	Langley	1
> Eggert,	Lars	1
> David	Lloyd-Jones	1
> karl	m	1
> Nikos	Mavrogiannopoulos	1
> Alexey	Melnikov	1
> David	Morris	1
> Vidya	Narayanan	1
> Trevor	Perrin	1
> Alfredo	Pironti	1
> Marsh	Ray	1
> Eric	Rescorla	1
> Michael	Richardson	1
> Dan	Schlitt	1
> Ross	Schulman	1
> IETF	Secretariat	1
> David	Singer	1
> Ross	Snider	1
> Elijah	Sparrow	1
> Rene	Struik	1
> Eduardo A.	Su=C3rez	1
> Andrew	Sullivan	1
> Martin	Thomson	1
> Mark	Townsley	1
> Andy	Wilson	1
> Robin	Wilton	1
> Dan	Wing	1
> Xiaoyong	Wu	1
> Dan	York	1
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass


--Apple-Mail=_2542D944-12F0-4008-8D43-0519B721CACB
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJSb9QHAAoJEIXyHQftqgBQ3ZoH/AtmbpqDSbg63/Ft/KyKoBt7
8zeyQNdfF41f2dor7uwc/BwOP45HwJX/i/XJKsb8NsRG+EB1atBq3iah2Y5I6gNU
YvFGfgBx3dLAxVt54l9A5e/xVcu3KkTZrlhvJz4aFszB1kp/aWcYRXSf82XMWhlA
Zne/OnrULrywGIkTAP+ayAs9/cGFDWaGhEsfxOR7ks8UqzI7ad8Ag3wdOfoVq8HY
6f3O5uAMGTHY3TaqEHF/xTqzi/g7EIgPNbv0U50FQhjFB6QWrKcHZuII1753ykM0
FxbPpsTYlxrj8HqMK2hGJ3YtI/FGN02dFcOhZhuYjTP1MWJAOkOfV75yXqhjrN8=
=z3lp
-----END PGP SIGNATURE-----

--Apple-Mail=_2542D944-12F0-4008-8D43-0519B721CACB--


From stpeter@stpeter.im  Tue Oct 29 08:46:22 2013
Return-Path: <stpeter@stpeter.im>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED6D811E8240 for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 08:46:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.382
X-Spam-Level: 
X-Spam-Status: No, score=-102.382 tagged_above=-999 required=5 tests=[AWL=0.217, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jV9p4nGAZylz for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 08:46:13 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 7D75911E817F for <perpass@ietf.org>; Tue, 29 Oct 2013 08:46:12 -0700 (PDT)
Received: from sjc-vpn1-1253.cisco.com (unknown [128.107.239.233]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 24C554010C; Tue, 29 Oct 2013 09:46:12 -0600 (MDT)
Message-ID: <526FD842.4010406@stpeter.im>
Date: Tue, 29 Oct 2013 09:46:10 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Alissa Cooper <acooper@cdt.org>, rutkowski.tony@gmail.com
References: <13102810494583_8A24@oregon.uoregon.edu>	<526EB50D.70008@cs.tcd.ie>	<526ECC25.3060106@comcast.net> <526ED0B2.1050006@cs.tcd.ie>	<526FC288.5060203@gmail.com> <2ECDB3A3-39BB-483F-952A-FE4F1E163543@cdt.org>
In-Reply-To: <2ECDB3A3-39BB-483F-952A-FE4F1E163543@cdt.org>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] Perpassturbating metrics
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 15:46:22 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/29/13 9:28 AM, Alissa Cooper wrote:
> I find this offensive and juvenile. Let's stick to the topics that
> this mailing list was designed for.

Yes, please!!!

Peter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSb9hCAAoJEOoGpJErxa2pmrgP/jULSJf4HCP24daFnhG59vk1
F/QSL/a4VUiNSDGUPbDldckDZF+njUHzVc3KIIFsApyGd0O0lpI/l0MW1R1rLXKi
99mQTZDVRaQplVCDi81ObDOkwM8RGuTnUULHnc6vrII57dwQdGu8cef4m/GKYcwJ
1/adA/rZUTanjN0sLwsVe9SsT5wTx94gr4q7Xb6hgJLhGa82r3TW7rLUpCbw/Z7N
5qpOErbYHlwdyHyKlHhw8agfBy45II3Sa+0TMgsuW7eU1YXHFJJ2S6Y/XNUx6xEM
vNXCJkcOsS+MVt/YRTIIcFW4nWia4RUggtNvbLtM1LVpImXOtGQvUBcvc/VqKDut
dvBfPRrQe8fSh+aIe7pceBm0jO94S7oaInoEGUP0koHu3FrrRPWPN/n4gVwsFnCR
UX5NSu+zbh4zmJF0vPuwn+9YGuDKNLTdOi5RXR+X5CIjrQpmeWmuGMGtP5iE6AbM
39cB0v7ievZmp0ZOQ+J/IWNdnio5JqXr+AhHMnLYGkiRDN1MeFS9YfHmin3sjlDZ
XL/4hMqfHSikSdkkfhea59DuZ/O9CsFJsmK/gU40lCqvoQKhOSpvSNsAILgbEysH
gIjBy7lFQ/hpnhmgd40chzthA/tCBsfMU9Lp1+V1yYjojYmr8Xr6eKwj9tomZVHZ
/EJbd2c6xaDHjx/M3rBe
=wqpo
-----END PGP SIGNATURE-----

From trammell@tik.ee.ethz.ch  Tue Oct 29 08:49:00 2013
Return-Path: <trammell@tik.ee.ethz.ch>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03D9B11E82BE for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 08:48:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.767
X-Spam-Level: 
X-Spam-Status: No, score=-5.767 tagged_above=-999 required=5 tests=[AWL=0.232,  BAYES_00=-2.599, J_CHICKENPOX_21=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V169z6rWMf8t for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 08:48:41 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) by ietfa.amsl.com (Postfix) with ESMTP id 78ADE11E819D for <perpass@ietf.org>; Tue, 29 Oct 2013 08:48:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id CD040D9305; Tue, 29 Oct 2013 16:48:34 +0100 (MET)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id s7bvMKxNk3fJ; Tue, 29 Oct 2013 16:48:34 +0100 (MET)
Received: from pb-10243.ethz.ch (pb-10243.ethz.ch [82.130.102.152]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: briant) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id 9B13ED9303; Tue, 29 Oct 2013 16:48:34 +0100 (MET)
Message-ID: <526FD8D0.8040003@tik.ee.ethz.ch>
Date: Tue, 29 Oct 2013 16:48:32 +0100
From: Brian Trammell <trammell@tik.ee.ethz.ch>
User-Agent: Postbox 3.0.8 (Macintosh/20130427)
MIME-Version: 1.0
To: Alissa Cooper <acooper@cdt.org>
References: <13102810494583_8A24@oregon.uoregon.edu>	<526EB50D.70008@cs.tcd.ie> <526ECC25.3060106@comcast.net> <526ED0B2.1050006@cs.tcd.ie> <526FC288.5060203@gmail.com> <2ECDB3A3-39BB-483F-952A-FE4F1E163543@cdt.org>
In-Reply-To: <2ECDB3A3-39BB-483F-952A-FE4F1E163543@cdt.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Cc: perpass@ietf.org, rutkowski.tony@gmail.com
Subject: Re: [perpass] Perpassturbating metrics
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 15:49:00 -0000

Not a big fan of +1s. But sometimes there's nothing else to be said.

+1,

Brian

Alissa Cooper wrote:
> I find this offensive and juvenile. Let's stick to the topics that this mailing list was designed for.
>
> Alissa
>
> On Oct 29, 2013, at 7:13 AM, Tony Rutkowski<rutkowski.tony@gmail.com>  wrote:
>
>> The metrics below are useful in
>> analyzing the dynamics of the group.
>> It certainly gets a gold star for diversity.
>>
>> For those considering ID definitions,
>> the one below is available for use.
>> perpassturbating: usually, a paranoid
>> person stroking their keyboard to send
>> message on perpass email list beating
>> up on NSA and offering some mitigating
>> scheme in an attempt to prevent traffic
>> analysis.
>>
>> -t
>>
>>
>>
>>
>>
>> Posts
>> Stephen	Farrell	106
>> Phillip	Hallam-Baker	53
>> Stephen	Kent	40
>> Karl	Malbrain	36
>> Hannes	Tschofenig	27
>> Randy	Bush	20
>> Brian	Trammell	18
>> Paul	Wouters	17
>> Scott	Brim	16
>> Ben	Laurie	16
>> Yoav	Nir	16
>> Tony	Rutkowski	16
>> Dave	Crocker	15
>>
>> SM	14
>> Mike	Demmers	13
>> ned	perpass	13
>> Bjoern	Hoehrmann	12
>> Dean	Willis	12
>>
>> DataPacRat	11
>> Kathleen	Moriarty	11
>> Jim	Fenton	9
>> Christian	Huitema	9
>> Hosnieh	Rafiee	9
>> Mark	Handley	8
>> Leif	Johansson	8
>> Douglas	Otis	8
>> Patrick	Pelletier	8
>> Peter	Saint-Andre	8
>> Richard	Shockey	8
>> Richard	Barnes	7
>> John-Mark	Gurney	7
>> joel	jaeggli	7
>> Brian	Carpenter	6
>> Ted	Hardie	6
>> Eliot	Lear	6
>> Yakov	Shafranovich	6
>> Yaron	Sheffer	6
>> Noel	Torres	6
>> Nicholas	Weaver	6
>> Jon	Peterson	5
>> Warren	Kumari	5
>> bill	manning	5
>> Russ	White	5
>> Jacob	Appelbaum	4
>> Stephane	Bortzmeyer	4
>> Alissa	Cooper	4
>> Joseph	Hall	4
>> Russ	Housley	4
>> Cullen	Jennings	4
>> Ralf Skyper	Kaiser	4
>> Nick	Mathewson	4
>> Nick	Thomas	4
>> Carl	Wallace	4
>> Benoit	Claise	3
>> Avri	Doria	3
>> Peter	Gutmann	3
>> Cullen	Jennings	3
>> Lucy	Lynch	3
>> Brian	Rosen	3
>> Theodore	Ts'o	3
>> Leo	Vegoda	3
>> Moritz	Bartl	2
>> Norbert	Bollow	2
>> Tim	Bray	2
>> Jon	Callas	2
>> James	Cloos	2
>> Elwyn	Davies	2
>> Karl	Dubost	2
>> Paul	Hoffman	2
>> Olle E.	Johansson	2
>> Simon	Josefsson	2
>> Paul	Kyzivat	2
>> Watson	Ladd	2
>> Albert	Lunde	2
>> Nicolas	Mailhot	2
>> George	Michaelson	2
>> d	nix	2
>> Linus	Nordberg	2
>> Marc	Petit-Huguenin	2
>> Martin	Rex	2
>> Joe	St Sauver	2
>> Eitan	Adler	1
>> Jari	Arkko	1
>> Mark	Atwood	1
>> Paul	Bakker	1
>> Marc	Blanchet	1
>> Dickson,	Brian	1
>> Richard Guy	Briggs	1
>> Eric	Burger	1
>> Adam	Caudill	1
>> William	Chan	1
>> Spencer	Dawkins	1
>> Nick	Doty	1
>> Roy	Fielding	1
>> Oliver	Gasser	1
>> Tobias	Gondrom	1
>> Harry	Halpin	1
>> Ryan	Hurst	1
>> Benjamin	Kaduk	1
>> Poul-Henning	Kamp	1
>> Hadriel	Kaplan	1
>> Phil	Karn	1
>> Adam	Langley	1
>> Eggert,	Lars	1
>> David	Lloyd-Jones	1
>> karl	m	1
>> Nikos	Mavrogiannopoulos	1
>> Alexey	Melnikov	1
>> David	Morris	1
>> Vidya	Narayanan	1
>> Trevor	Perrin	1
>> Alfredo	Pironti	1
>> Marsh	Ray	1
>> Eric	Rescorla	1
>> Michael	Richardson	1
>> Dan	Schlitt	1
>> Ross	Schulman	1
>> IETF	Secretariat	1
>> David	Singer	1
>> Ross	Snider	1
>> Elijah	Sparrow	1
>> Rene	Struik	1
>> Eduardo A.	SuÃrez	1
>> Andrew	Sullivan	1
>> Martin	Thomson	1
>> Mark	Townsley	1
>> Andy	Wilson	1
>> Robin	Wilton	1
>> Dan	Wing	1
>> Xiaoyong	Wu	1
>> Dan	York	1
>> _______________________________________________
>> perpass mailing list
>> perpass@ietf.org
>> https://www.ietf.org/mailman/listinfo/perpass
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass

From davieseb@scss.tcd.ie  Tue Oct 29 11:14:06 2013
Return-Path: <davieseb@scss.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A402E21E8063 for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 11:14:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uDcUlPv4E6BY for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 11:14:05 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 5301711E81BC for <perpass@ietf.org>; Tue, 29 Oct 2013 11:13:59 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id F29DFBE5B for <perpass@ietf.org>; Tue, 29 Oct 2013 18:13:57 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JInbQs30iie8; Tue, 29 Oct 2013 18:13:54 +0000 (GMT)
Received: from [81.187.254.250] (mightyatom.folly.org.uk [81.187.254.250]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 2B43CBE55; Tue, 29 Oct 2013 18:13:45 +0000 (GMT)
From: Elwyn Davies <davieseb@scss.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <526FD02E.9020501@cs.tcd.ie>
References: <526FD02E.9020501@cs.tcd.ie>
Content-Type: multipart/mixed; boundary="=-R59e+cga56IpbuvkwhK+"
Organization: School of Computer Science and Statistics,  TCD
Date: Tue, 29 Oct 2013 18:16:10 +0000
Message-Id: <1383070570.13764.19082.camel@mightyatom>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.3 
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Various IETF-88 sessions discussing pervasive monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 18:14:06 -0000

--=-R59e+cga56IpbuvkwhK+
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Attached is a handy archive of the various drafts plus the two files
[1,2] below.

/Elwyn

On Tue, 2013-10-29 at 15:11 +0000, Stephen Farrell wrote:
> Hiya,
> 
> Aside from the tech plenary and the BoF slot, a few other
> sessions will discuss relevant topics. I'm keeping a list
> here. [1]
> 
> And for anyone coming late to the list, I've also got a
> list of what I think are relevant drafts and threads. [2]
> Note that that latter list doesn't imply any status for
> any draft, its just I found it useful to keep track of
> the more useful material. (I guess it might also help
> folks skip over the sillier noise on the list;-)
> 
> Additions/corrections to either are welcome, just send
> me a mail offlist.
> 
> Cheers,
> S.
> 
> [1] http://down.dsg.cs.tcd.ie/misc/perpass-sessions.txt
> [2] http://down.dsg.cs.tcd.ie/misc/perpass.txt
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass

--=-R59e+cga56IpbuvkwhK+
Content-Disposition: attachment; filename="perpass-drafts.tgz"
Content-Type: application/x-compressed-tar; name="perpass-drafts.tgz"
Content-Transfer-Encoding: base64

H4sIANn5b1IAA+z9BVRV3do+DluAIC0hDQLSsDtIQTqlU5HYdJe0gpQiKCkooSAtIF2CUiIhCEhL
KyElIRIC30bUx8ct6HnOec/7+3/j3WM49nauueYd8553zLWYl7WBjbkJytGJ18nV6dD/0AeA/sAg
kN1vIBwK+PF79wMCAqCHgCAQGAyHg+EA+CEAEAwAQQ4xAv6nGPrx4+zoZODAyHgIZXXZzcZ4/36/
u/7/0Y+MjZGVszHKmJ+R0czJyY6fj8/J1tbKkdcc5WTCa+tgymdnbMJn7GBg4sTjaGBu42RgY+yA
4nG1trPjcbJyxPtXbjdDmZigHHZv4zE0svtXbnVyMLC2RllZ8dihHOwMHB157OwMeACAf2UIIwMH
O5SNE5q+nYO5o7WBk7kRjwPKxApl5GRua/MvCWJka4vmg2f3yu5gLgZGbuih7J3NHVDWaBL/0lhm
BlZWBtaGBpbfGLNzsLU1+VdGsLF1cjK3MTUzsObZ7QriQdkYObjZ7Ur1LzFia2JibWCDVrXbvziv
ZgYOxuao71PjZOtsZOboZGuD+sUgly9f/msIc+OvI1igbGzQIjh+H8MRZeSMtjIHA3MeIytbZ2P0
XPOiCf5LJuNohBYJZWNu+teozg4uKHO0vm2MUL+wHkf0cA4Gl3lNzZ3MnA15jWyt+cwMbGzQvvH7
UHw/jGpu7MhnbeCItii+Hwf+U/LAXYf7C4HMnM2dUNYGvDYoJz47A/S9jt/UvHfhLz2jW03MjQxs
DKzcHM0dd1X06xGNbS/b8Bo7mvIaOfI6GRmjlcVnbe5oxPeXsh0dd5fAP7v9y13/207s/z7/+HPZ
FOXE62j2P0pjN8jDodB94z8YAv8W/yEwKAwd/4FwOOz/4v9/48PMxGdobsNnaOBohrdrC4x6eP8g
D/iTu/4e/v/gjn2i/h/c+Ztg/ycj/CbG/8EQvw7tPMaoP5F9n5stUW7//GY0///8ZicH9EL5g9sP
SEf+hPjfspA/4naf5OOve/+9nONP7PS3qcbXQf4XMoy/2P83E4u/BvpX8ok/vutLGrHriI1c3E0Y
vw31hUH0NVN3Rusf6lTGr0GLcU8ATsZfkv5hZMb/y1D2+/yRw/y6Fv4pjYPrfzg62oN34z8Q/QsG
A4MPAUDodOH/6v//yof1vLgkD5AXgsfaMHsrCQ/KCGC0NbTAExTkk0fZmDqZMcLQLSp8kuZWaOtg
5JO0MnBCiaOMbI1RwsJ4jk4OKANrPNe4Ik052wEEcdWmJr67OV7djYvFs0NLFiSMF4xPLpjn4ehQ
N1qxKLNysAmnPvU0ZV+PdWpPGup9TKYcNwkfxn/qs4A1spz2NLVrZFbYpwb/yMgtXmzmK2MSnbji
yfPUSuMvTjBRKa0n2d8mijtWuvNm+FWq7bX7FQt85liUYFKhFJyhF4mSgGac+KZDpBtnHlAqpAKy
sNkS8yR5ZNfqn54g4vW3eVycrjTKvyzcUkXo+4oGR7ixki7uzQfZEBfXFAmbKzrz+kV67vcdELad
DSqv+wI/xT/ir8W/SV4MZRhNbY3K8YvK3M6bJurVejSRzhSTIDaFQ9Jc7m3zUDJ8UWLK6bDB22hD
nRuktqQSDwq2A1cHzc217PE+xdyJyccNgC2Ue5eyjR/H73QuDXip8/y8LQrfK7HOj5kPv/bFdWQi
TZaERZ9FuMMtDuvA1Pg7D4UizvBEmUMdHotrG/pol/lif1Q5VSZ+v4i1KdwwZkkg11rP9Li0XEJE
iz/gvEpktm8kC/V9xmt2E9WeWC4+do5Cm28Pt1B0ONl8fD5aAOm+qswaTsJ9NmqWapBCmkaG8HW2
HHbsALvR2yd1F0uZ2g15pnEbU24IpmDlS3QXOnKcSFG3jOvhmWO9NlUBO87JJKdNeT6cZEiUjIHW
WCsLlfz0Uoq7Quv1ozEdJztbucyt0wRsm8M9p0ee+3iGu1Tf0A8saLfgCHEMjGzf+Gj1YfJ+VlmV
1jV93m7GWNdqp2PJ7CvhD7N6g5sFpM/o2dIQPBXFMQCsfrbLTzucPn9Jqdq2lPj5dTh15WjNihmv
vGRoqwsUIUwdIDqrEUAjbuzxaiHf5izxREKktzExitOa6oqQiZ0uW48zk6W4gi1dPl2tTIzU2kOI
z1t/5fX492+JUO0+NJFcvr7n35yqmbkh283+vKDLYUhHL3knimSMOPl5FwP/44Lr5lnQk7UT2RfV
FqiZ7r5mIAj1gT9wfT6ecccvL3ilpn9ivE/7TPqroBx6ZQ9S63mOC3HIGwDTyuumDbKu8kJhwApL
yTsfgvhpcj/L18TbC4RdvKFiQjepHJCA6tKg1WdOfKBSdCEGHt7qX9MXx1xI4H+oQNWiQ4FDpYpZ
2aI17oWVGH6/zyW2kuhjjzY8tbWZUlafh91+JHHOTyxeDOBLVoitL2AgranoKVP3+sSDYrG1hwnS
mbH+KbUMGpUWvoYvB4aArTHD0lKig69cFwjNlnE+r4kT+L9I0GUHf/AmQr0XKlN7KdtsaED12cGo
d3VRbmMQOh5abloO7fYPkwspv2NwJIoKflVPpdfP7Z5Nj/Kx9n7/Dj3ySeN7ndX2wNfHgQKz2JYl
sAqBmp3+okyjKBkEvYc9qZj0OV3AtoiWwNL13s/tCQEKZCU+XrYjFCeUXYxPSdi02Z1szIHNF4fM
0MvdlQu6wk6h2NRFnWV7aeeddPvd0IrPfuN195438mZouRyxl2OHbFyytmPPYGbgiTaow56d3mmt
93FrLZ1iI8ixSUjWY5d6MOBwqskG4eg4bTKmdS7kkLtm0n3+7tLItTqx6cRZkdPyzMxLx/L555ov
YVHdjeTHrpEtcg9xURRkStCREVEq4/BPgJRSMXAkB07oZeJPp1mYdRjy15jCbVXa3+mob+aek4id
kmjk59Ht32DMSp3NXBkbxbOpeHOVFWm10K8Gl6bD5bI/e65cJDXDPwDvqdF2oI1vwJrZHOt1c8M+
zTFrB4bNMF2hFiGjh0ZgTYcKVP36aOi4pLhwg523mpwTZyFFUYr5SPbKAtbt+qd0dhOlQKg4fb7r
5ISeiyvh9C1hnEdb74OWP8WzE/teKebgmvqkPwhZm0XZGH91rOhfu84Y9tUpA8FQ5Lc2IBLDU4MA
f+Kq66MVbOMAxAEL2+SOcqeLeIsPDzRYU6tH9XMO2mW5MwKI+7FgAXMNT3MJ7l1gK1G46dtOHfux
ecYNG/yJWBk7zHKzyqyxosjPnRFfDwyVOS3hr8EYXnbLmZsdJ9aih4qF3B5M9Uhknm/2oUfNGe3e
yxInFsBc2XOHFE7zMGa9+CyN3ZEQrvoAYsyDDAyeZStregEHtQ3OSLZ1KECiVBTKE8tJFALHB4jO
5Ep+CLXsxLcWhmE9yuu/BIR5wV0/2doJGHoEY7vW+RWwsaiL2b0QjljmfjrIuEKut7qKO4jQiyNJ
ON9aFjOve1jAQevViSMpkC5u9dvvI2XTbDTrxSSaLRSjvezxLiWbbDjA649dTXhD3+dR3X8y1Swz
QmpV/Jm8jLo81bgjthhgAMc4QZAotOVkyQsbF+eQ2rg6/SVSpXoK2lhTPsLr8iCBFopzE404zYVH
QUpvmGoNTe8uJg6cC0gVj2hbu0gQa6oUIG4icppo4PORutD31Uuzh2bT51zqu3q6HLV5amamFP3r
yAe6mt+5ui3J2F1KKGUt5vR23kokiIYWzzNvvb+XZMrHDmIyu5tZf9ttydzOOGFNzV2t0t65z9bJ
n4p6Fk/wsB66sfL+C0Sy8mmG29ku4xdsW7G1olKqR9/KXzCeTpCgyxfWzBFMHPZtfmPV3jX14W3p
RoW1FaMVj9ENgZGxEK7a8bQd34Uet5BnV1xXLTY3GY4Q3svAsLwvJrX7AwoBfWsDIzAsD4z8oyRB
S8FxHEZaOaN531NGhVWV9GP8gPGYVSpnbIu7XlStmgXe6Xtk3SzPDt0no4vQT+hRUIkWRM5ZbLE2
H6MezNV/arN2GapgYtGUuGWpcevMLUv1gHb5xTQ+qebpM7G2cIuq2YuUA/WCMl3uRe8olZIN6wRM
3y/qb/H1rmyanTFR3wnvel/BFjM0RtToUB6flWb4mg6paumZ3Wlc1ZeZ5r5StDExLZIcmNb+VGpw
aGh+5Wl+xZszMx8lZ6sKwp6kuO5U9kioUTIwPMEtCj2jektNLVJi3KrUdTvsrvTH0CeyaQXrUR47
Rr3T3H280WNDsyYGuRHrTmVPQAns/h8qm3VxQ2+V6y/m1+sMpjWzKKj2vjhcdQSbqi/9rovmYRIl
nEynwKChMlgm0a0F4W1BDXslWU3yqMisgM+iOI6MMEG5iC6rG3rbLBMgzY+3Oa0dPWfek8mfzzl/
TlJNXBIvIiQqT7tr4nn0+/uV9tbn/Zed1ya4gP48UAk6R7qPWuZKnh8uwkW1KdXNvK6JL01MjSSc
eBjqEXgctJZBP7S99qGTb8FDdRZP6nFnn+P0hWbb+A2/tBJpa3794ytcr+Xb3jcwDLUW36vPDo/L
KWl0KigVHIXjvu/MnkIqKQ9fqnfGnzZxLzg1wQVwjrpYfyhpeyp0JI7hEz5ZTupAFHelSETW+PsC
54YbS+G35V+SvViVvWaFc5IA68Fx1dq+9w+pKX371F8gpd+AS/i3jhrdOpP2yrWjrH/m0LYWv+/b
2AKqKf7I6tgnI4M+8urmghNkK/hHKYn4BezfSWBVUWbjjH4uM+EPvKBww2pCKURNGoHFrkBMOaJr
2qia4RXKM3aTsPU93RhuOSPC9exZcYr5rpDLRbhaa5Mhrk9iXpI+PkV3KU9LxncVCBsdaHwbQF35
hjfi5ZNODnEPrm2b4kaX4n69WBH6WzIvVqPx149dVXCJ4mLrN/Uw04x5XK6UOoC7tNKHvdXn1yZw
KGHW6MIg50h9puo7uZJtWb+3y3Nq9JUUb+Gyx/Bl04eEBLcYj+FoxtwLX9eZZLz4hMphWeJuy4Ru
kZ6SMuWy41CYCzbxVCTPcfNCcnxbGSz2aqe728Ppdgb0CT1mjmfIEtKbPe+bgC4oyuJ8zPv8wVtq
Sp6taeElQOAqxacHyAeNb24SD9iIlznljNeeHnwR0ZP0Kd72AYTBgz7raujx7JNCZQJiH47jjVAT
H3UnptuwPdW8eeU2vyqc3D79QuBCd7z6VIIuy2XldJp07OeiAU+IwzwmN2/ZvoJ4hOHNET6uFzAX
e8Ajh5d3+UYPnv1Cb9GzEAoLE1BpNj6F9gbzqoZFkqvNCPHL9Fow2cr1Kw13ivGGNkhvuFE3yyC7
XMu8HaJfvmI8Izv/IdBRxtn+crjVI87z8j3hLUNV0Sty9v55mowXpz69srOwLn33mKe0XSPM9E4c
Hr0fY6907MvDZw5Jgak/d3UwuL5oL0Y16CgJO01aLhA87SOpPfqYbirm6F39TywD8p/x5NoezLzH
IpotjquKc7kaB6+cxA62JscqvfQqMGjZy4Z3Jbznjd8jgilpzdgWPd3DnjgFQIdc7Mi4plfnTfAU
raXSCqhq1+ikuQE8m9eJq1e9HFq2is4OnFN431QXUffSWdPde/LGUMfMgzAgwH6Ylcjm9fOJQad+
Zy95f0HcMRYDtdbanZFIO5LlB8tmOU3FoHEjVNrjI8cEO4Ru6btnsweeO2I3QuUQe5dEfAVbJspH
2+zNOY1Y4tGZwXsFcwK97cVgYe+8OoHz9O1uxiuXptjb4wKSwpF1Jy2kPlFGraEssFU3Yl0tzAop
sR1uhLaKgBWRRKs5Bvy4HeGM3vBDgr2MxwlAOpWyOZGsPgsBDbaNkVdrRAsexbV6Y1F/oOAuk5Sd
vP2Q7gy3GS6pyY0jqVazN6iNNGbxXji/ifbCv2IrHf6MCwfluxCHmlitKLfvtRk/FHNJbaZTbhs7
D3hYt2pOInQQ79q4fIKoKngwetM1noK/fc2wO+LzferSFSEDJ/wWLGDn85umgmfIp+blrFFiM82y
FofAD+jEZ6gufRi7GdUcUBy4Tp779n1n/BFd9rEci9aTRpZ9qvTHUN2DBjeQp3K8hLk3uvNXJ658
JB7L9FOv9eyHP38I/5j1VksfeZ8zfKZDjnj8MCfJXbF51ZFT+IRalqrAslI8NRE7Vv33S51l4mF0
kl4NR9yJX7h+pti5dWZcMIngY+SwlbjUOkJJ/70jW1NmRmlvqRtVsYfDIPmr1eOXy6J4Hd/SkRLr
s7f1KAVnsV/Dv4XX5pVMSukx+Ny9WWktP/gk/61jR2NanA4ZhB6lroGScnyi3LFnf2V4qEjvMVXc
yzMyPTNFdYsamwGdc11ZtwJFqI9ypidSqb8RbPisdKN+Rv19J06Ibsfnkjv3RK8nXjl6j53NFyO4
gr+lcEA4EvytEQrEiK5Q0J9E12zNb9F1BWUJ06VgVRkuCzEVvJ716Ea3CmdR1N2j4mKnNVieHT7b
zB96Zb0K21xmlRPJkpQWQIYLK9d/6j34WXKLPVV4p2iycHaFnq3QOT5mrc1GIHkbQt2SCjkFnRy1
QgSR3r1p6pmfXzD94R5QaPv1xZEU23hETMpqZLRThe80lY148rbV2SyFtD5QKu62QrgZIL49c/Zz
hLfWVoljyfvPFZ1PBvrndlgrkrUhsfLXBj3mUro6Lovo5i06uXA/ckj5wJkiVcZh/D6qfX52XUXj
YrSlOcd0wzX4/NbLxxGIuwRS1ZVvLQyUkkSvQNyNBMWIP7pwXTjZr2ccXjIT6jZtJzZoTMYqc0SA
ivSscZB3RKTsjH9HvU9hJJXbuaTMDzM6x1kitF8nEpoL0kidHKJNEPZeP5YZkhPwnDFWItl4w4To
/uJWN+eD6YjHUcYXnxxDkNrFUV4eZ6Fu2Oqjos3SQ3JGLq9s6Yw2RJiTtUlCEgiTEYq+lmWfum5V
Dnk/vbVSnaVSzg5FKeXdOlLnGS40cSlXZOajVGX/xxwt7nGZmwP2qn6jpToPX92evvTBJFCH8swg
R+WchoYQLl/F8cJHRbISjOaRm/ml1CcCZMiITGxpXZlSOpNaHzKL+i8aw5yulGyIeRhdJqB7fHfY
XQmHVpgygdOy2zDENz3+4XrDzrP7yyrGVubry3xPhT1TQ/LeynOYsxFFTkimvGCnEbnr6Qpd33qg
SLRi98p8e6k2UHOIx2N5c53OxzOJnWCqZDL+05JWuGJqURSL3AM84k24982uFAfCkbH8Iv+jfnfu
heBD8AhRTSkTMv1HyyB3Um7ezYc7h4W9yD8j++AeQ4lKorxQUD/nenU7m5lfv10HS/ajVzmkGhbH
anLfHaHBHWGpFHnVHXMzjpLifGIsaaHrE/3WBzXYpf6I0HlxZT9/KXt+wyJIiG1KXehLVkbcgcPh
LgMwMduuchPZ6o6d5JyV53iPMlTbAOX8L3U9yl47AaA6bygkGbdDJN6Z84iquxHOnozDPlkzL8Zw
M9p1GD3Am0QU3u3HEoefxp8cwF6IiPU66jmKPxfVrOQ747jOdlZz5MGlkpeNZDZuLPxPyvKhn9u0
aqwkT4zkPlsPgbKeNgh9KNmvZgLHD+B8Uk/R10h26qadAXFkOJXexSAntuLPp3U1UeqMmv2B+aj3
5q9VUmEfing/E1yP4GA7F1Xd7Wh3OHVhkoHSh6tZ33byE1c4PyV/1KjGGVWPdDFiNhoeJ15DBWzt
E/6VjRny2PAT64+eQUtHWYjHzt8936c5tGYHUg/EW095bWH9UrFfZIIm87Sl2zsWPEmyYyv+RtFX
oZs9SRz1hFyvNQLlq/nChOwR86c/ORSYGolcfAPyfhAl79hd6ytazK4W0Afk0SBqDsi0qwbRLLKM
X4pbOkShVtXiwmK2iJKxJAt4c/wh24gVCnc8SGyWXZ1czOGOgfRFs2kF8piWiuvU6RbDsjAAQKA1
q+PwXOHtGpDYmkGsJONzidwPn5+55l9oO93UaJzXwbSjJ1TUnY9AzW8ulFbJmtbchtTdhjw7LxB6
z2C6ahPZJKEc5BDi1M/7yRinO89PL4OBtQBB3TZks/mR1aJcsYOobajNGIHNtyIhhGOn/9Fr5ZZk
Du3SWHo4Nvkr0k0v09t3NhUvfRxLkzBio3wj4DThoCjN3pJ6lC7RJJ+zxSfjxS0lpDZNYiC3+9F3
J/gtFF4mvXCmd9c0y82+dQnYP0FA/uqY8lmgUjRC+Er6kWX9NJeLVgPbxyweG/ESQUtwg463qQ6e
1qynUvAm1J4dcqDW5wVtMAdnR4TnSLK34Kt6NrLEIM40vj39gHN7KL100Dn7s0sRlSmt1Fb72stW
fV3Zlxuj7f5lqzkZwIkTlu3Vk57md/GGuB524k1VWXLejXjR94jpkwtXmZLeWzUO2mOlxUqk68fd
vc/cqD+csZE+sChWZvJQuYrKobWDrTt1da4fWnXB9XA/zsNuwxEVmlPP6FJrqSE9DxrHnK5tpg5N
sJ0rw3NQl+UDjWIdW9ANeUUrQ154na2w55n2CzwsKqkY4RVto61GtSyZJ3icOkFH60gHKE2UFNNn
S3EK7FuzNTr1yKlfblqlV5i2feRdIXC91a1C3dz5LFxKYp279FZZs9eovuvMNYJaxdsjgLou0Xgt
V+1H7Nc3DG4I3VhonAk+8kaD9Dy3slYNTfMFh9eBkCUclm46kcipQftPelgsJFycwlRvPsCXPmxx
bnj5JCjU5qZxDozt7BwuEgoIxgh8XwLal8AHQ34vK2FgzK1nyJ/tPes6jheTe/fkImxl+Cmsw7p5
OlMLSgpbjWl6ultcysdxgo5xPDp79fBZjqZ7W82bdLfLe5UvqjQMhRVSuOYMr1ddS5zmpGon31ld
cBMqfXJP5R0O85i+JsFzzQKWe23sNJcXepZnuGXM+WOX70Vcc3imFDo1z7CFI7iyfInspcpOdM+K
y+FOx89MVPovwTqR11rfBaWuwRUirGBpEkJrd6u0Pak8tfC3haYS5uYubjFVjLuB4luTBmlOPgSD
8IcFlLH518ucm3pOp8fNG2eg6COh2283PfqOafOlJK9YRNq79kFiUdqywQwktp/XT/hHPZQsl3RV
0lk/yzXKcbwyGut6ivXRotTbrTgGeChOnaarV80qwhW9l7suRZ6JaO/6XGd8XfXxZCSu50U3Uuzc
qqhCdQMJOAPFsOq41eOyLvozHfbhqear3Jk6s9HhavezrZ0Pp5GphVDKHa+zv00Dm6eJ9VgyDISI
I2hCM2l4LM19p96rlrxob8z/GP5I0oSyMMpQQUyzm6lq45NYv2yTEcA/pZ//eqHf0HqM/uFgGtYS
2pE8vQthpTWmzME2NMH8zmfwysL6YbRcfal5vIWSWKyLPI/wAwE2Mnhpl/MIDXGyKjOI6RaBRiEP
Gxj8VFeeZ/esZogYX7eZkrvjQUgE8KUns261PvPUF95/+kofzGuA6lQ+96J/A1jnmHYconCNPgNn
4NCVbrXoAabytMKr93ondJqOH7FMH2pXGXg/kEzgyd/SvAMMZJbnP68wTnVGoDL0XAHeg/XVJYeK
wTPVk1y6ssmZx2LesJzWs7nX/BR+5V5bQQ91n5VnvHxD22npIPodjpuinygCjyf0jgLqgXH09MTK
swIrJ91LyPMqU87l0t4Y6upzvGIl43+S/MVVzxmYijmPPK+SSV3+teHTL2VsIPbD8a/e9yDwHsrP
didcqjKMe8d1lpEoO0J6RFE965C4NV8CU/aJxbcyx0a6E+agilcDRvAeM/HC2e6fpaVRLxTbPHlO
zLK/r5tEjFPuanp+OvmrhkM2aicDhehLy55KAOC0l67KsELY3G9KQyjfklP6Xqu5QhOgR9itnfC2
BbEwguvBonD4XqJtk2mskFM6jzWhC/upoi35/OqjqHYj+IeL5dJig56fNPBTmz1GXdbISnmNdSYu
7ZBVcDqkqI9kkuFdO0WYRs1RHdPVTuzqwpWC1JU48zw02CIvFKJdsp5pxLouxxyiSbNupWU54Kte
aBdFu6Fn5sZeMXZm4jZegN9x0beWbSNeqkF3t1FwQy8xpuAXYHm3EdgJrubuZ8Cr0+d0o8OYlS8D
WDbf9o5gt/tVVhidp0adrnh7+kaKSengqXx5Y/y0mgXrruLzrOMEXaPIIJ5CSREjEVT3TXKdo4+E
vHAtbuM9u24mQK+x6GiceeI+9WN/E6crQv353NYwCq2zdrKmM37hLEguvAWnh0YaxBosAIA5zWSk
vwzTsE2HYeAnlutAUUnW06BJ8hOQVtKW6uyHNp6PWP3uG56yejZbLMFkPOSbc7nQvChMkZtK89WN
tzFNvtePvssFaMZJtX3eNJsSYbAdZ8S/Rjc2Z7ak/AHAQODlzZNKHxKhDMO5oHi+UaZkCH+YDRok
X24AUypgdV+UfRiXWmC8VDNQq/o2/uh1Z7P3Mw4lrp+ma3UhDUafhfhOhOVIjZsXLofnUnEH6LQJ
eT1dW/R2vVJSylpdkBctcH84iJOXHmdCmn7h2puljaXuOT9cJdNe6nOrMknkh+XXHKACLm9zcwfD
SGwb+0QFvPgSZANAeTnlj/w7XkyF155PLbzjpZebet8xaG3WjXHYuf6NdKek6PXBFx3mgq6pNMQ4
ynMlYvTCvJ5GQqcKOvm7lW8fcXxJw5mX7XMp2WbxUKJmK6IrN2BnRgYUK89RT2fsB71y64qd0QW5
7EAv5UAF5ovWeHafkB8/vSI5YcHKnEfWManIE1teg1d3spycNT4hC1Cq9b71EC/9+g0F2smGPA0X
3VUJPbPxas+ncUHL5DmPUMAQzxcVLXh3NXUq54uHHDc8EoJFPpLpiU3j9WsRVF9Lfc4ybhiMH+zq
PzYo/mrgcongU64Bnrntz6GhoZHcna7Y12iQpH3zp5ROrQcrOjjq9oThsajuuKQwXr91+9jNG918
xu8zhrsJ/XhDqfs7VcQtTbGEvbPiAm9suJSFEXqsY6kTezoS44jrehQHOUxHZ8yCSs67eSLacUyS
A5q3Ku20PnycVmeSRc7TzGitztvIJJE2XSraSa9p2Mq8ekM8sRJvXrM9+U4o407zmxf+CzLRc9LK
djdx5uXXmjh3BPuoDOSe0jM0zAdfYMKzDOB9q1tGu/1ebNnCCB7L0tM5G9sWWKphgEpjcG8b9LoE
YWgoqJ0+tQKIrffxYKNdRVSZP11b/yB37WV7p9TFbo6XvGsuV7aWyLyq/DderY2yPMDL3Tl6f2TG
C/M5AuRb3EUAvz9IgEMw4i4c+idxN15TQZUGSVy5qbkSQoA6s/3s8KpkFWxoxA8rzaG3X7bRKEQq
T9KBJSS+j+bzkhdPyDiTTzP1jcMhK+WbH2dsFkOw+25jf+4SXs789HnipkYVnGXbIWvI2C4hhK/V
XFCmrTO40x6WVEBJ+dkuX3Nl7e1tm22zK9UPbCsN/FJWwzRXHAinTnAbR1TXx0xI8MXSdlBVtUn2
rX32nVBfgLvDdvo9wAtbXXKmum+qd2ri9YxNTSdJLlv4OkkGRPQokvnwJ1qmebL6Nk1LUuhMiGqP
CyzYvjvzwoKJLgS7FlgBF25ubRgneZk7whfGeleFPUq7UzE8zEGmOvwOzaj4bVdmjpIzOPh9vg+1
E455+OJ4v7xQYODRFupeq7xqiCjtvTamitANS7cfeiZQvWkWKCKNdUijoyBWCTDntwjALj3DvMFt
zlGpAzQLXjF/39hLl+gSHq/XeLZJvMeCbzAsTexteF1Nt0+0Rqx6A1Kl/jBeoKPBTYILbSq3KURo
3YqOESfN2FVPzGqUH5Vnl7iaq3oun1T2k1sJ6OI6sb6y0Yw+ASI2K6SmI0yE8V0HlvpDhRPavWT3
X1EvgvBajiIu+bgZNSCQoqV2z3obLDS2So3GjX3OG1KsH3KoWPKoceDxT6YOnX6b9d61oFDydA6y
WzRTUwdOouymc5wIZnWEZKhH3RBuKHhbLDjlCRKvsIA30loxNLnLiNDu5bqalTG5fnWP/80JbRoa
nmuvXx5uDj5yhc1ZMPPViEXilHaXlkTRWf3bXAyQjstiTwaiOPnCbtoWHelroCaej7kfd1I3jvvU
kQxFDlHBTzINVkaaOjwVj/hSenUaTO7f/hDx3iI1692T84RD1hDxG6fmc0gGD09KuicvffSq8HX4
bGYsq3P6sqllpbG7bAZcIhtJE8RQbDVXJzs/c5XOLfuGWGPE0Q2BDGfW+6rHuuqONLE3j9SztWFP
aJYUqr54NXP5eucTbI6SgnVnqaTuGC99n+nsV0VaZo239fQeyXFvui+SV5xCweLbpP0Yl4pu3Zi9
3Z1gcEfkzUXhK5sOTVgyrMu8U+fe6pk58SCSxM5pXoKZU0nxC5vrFryao/j4PuY1ciphk3lgdJE0
ZrObItbYrc/4yZisahf2kp/OKjS8/6hTDEK41xFUbcc1Fnq/+Elnj12UwG3bRXy8UtlsXmjyhUeP
FbPPlC1vqjV1iPOOqpBfI7MM8Nko0nmgfjuoTrXkcfQUs7AJM/a75kphC/YOYKRDXOHIo9D6lgsn
t8iL5/Jpwj/g53Pde/Fi5eVnniW0g6pHVKfcEu60a+8xUKLZgN4+xvP+lchZpvdr3QsF0eW3+288
ub4pxBPVZrmTfCZmiJQv2kt4ij82W7w279SJQ4TCOPUCj3ziIJSImeoJjYXxEvfml+pTR48XX+1q
krIu2MwzAi3n3VXVKG8ce1aaJ9ji3r9k1Pqw7JmphC6hyBBt+O2OWJDb2Rt9E6OB3qUmIhTsofF2
cm39W53RAUOW13EN+Te2aLP056uR7Pel3JOoqdgauVO11oftXSCNksntpeAgJbNUX53rp0Q0hWjf
nA1gcnlxZDnYcttmY9Exzki/4+rnI7IGM9dHt4tCkwmf6LZ0FFnNJwK2crQRRW9Zuq7nV2hxZOh7
QB7ThpSHlx55SGrorULoDW2KODytelEYNadxKlr/YpNgvmOgBnOvEDdugW9G/4sFmhWOstcKT8/N
iwlbOCQqECctsb1staB7Lcnw/PxFnRU/gZwTDO+TpGVRIb4qZoQ8Lz8N2DiS0Re9yb/CGMtGwEWe
cZn46MqbV1nNaXp3Lwsy4a7zFS6h6nlY3et1TuQF92VmKgjMjRS0aPQlE9YDfdZLVz9lDFxsbBK+
zXWtSJ2YRov20isdggG3rNelHx5fvZw/MFBad1iYdsUcIfMpFgGRPGph57jIokEBdQymYWmGKyyX
JpMNEJLmYHsmDhgIrxFcpp5fncK9xBjQP0mPTa8y/K5gJdcpuhk584bCJrEttQAuSKgmIE7yNtWg
k2HmfvYFKcpJlFXViYepSnds+dIWYmMaGQWEhOLFSfVxS8I8g9MShW2rbO1IFiEnCcNuPveqSk/c
fhK8XTWhvDPG8Kx4R//Rh2WRMmfsVxgxCP7tDSMgFA791ogAYMQgBPCPNj01FhxpoMRb808NDQI4
8KdHGezpwPjyMmKNr4zFrAIM+LcYh+fi/Z071Dv6FhtW+Saz50krWD0PxxW6tHbMD5TYJq6EBvQF
BSx1Pp38OHKvgkrdAHB6fbHrEr9g85ll8F35ik+d69MsNJ2z9XpDgkRNPrO07YNZ20dhlTQ3VbTe
Dy/d9dY7vUJLlD9tJ/wAhZxSCTULGO5D3It7aa5NVPUwN/oKIe+da/o4g0PC8x/06+NbC/pmuesr
88Mq3619rskCdbTPdM+cz0p3LB/vsKMvKhid2sSCh82Qe1ATSZ30gceiTCMaY6JzfeCV3vpZ0gI9
d33H7nJAMlPvG2WxnMqOuTkEmA6fqOV7EVVX1HHmVajQlY9WAGpTPsnadWXBNnXLSLiHeAY3ZaHK
ekBhSrun8I7PFBEh20MrUcqnehdUc6x0pKCB9zlx+xq0y8QcGWdcyOKbD5GNdOOynZWASQ7coHYJ
MVDh6pHsANZuL0JobjVEMEs/xbLSmjnLVIySyfno8zK61tSVpPJp97pO3gMBt08Sdqu1w1yO4prR
tOxLl05kKZJe0LzTnPgCRHmYXcb/VXe4HDuKM86LwpyZdfbD1PkBRRpmZZgavxI+qP+ZMIvOY6Ux
GYTMc61qregSH4v1qVkmxfELhEN+QV3C9bibV0NxljiZsEg9gohIh/XTeTqRq9a9V6aYnYvstcVE
2ZwWlybC1+j1evEI7Ciw1mHiD/mehTNqwEh8XDULNRRqpWKuetRLLhdPimpxqoUMkb7eyPGPPkJV
cpLeWa+z/qWhvZui/mU3rA/Kj4reavhT8HCeS+SqSFu+IwOl1ktejCy4Vf667MYbo4FrrkEr7KHq
0CuKPkYDxpEopay3qGDBDCxCLOWr8g7SoWXzFklNSGJa8qXrS3HFQGX3bCtXBzIbAHvlXfe7dzqU
+zkK+RuCqOSvh/PCeO8Lko3rhIGfWzU8wb1VwCz+eRsPQQjNe7lVdfiSNC5t1P1DlbJcRaeeL2++
i7+PtWC7cTw3l6IknKf8TWxJH1P3Jk1ga0Iu1D0jdGRoUWOZN6X3QwL+AB7dclxFeUCm2iRcTDsb
1mFr59+Xq9V/nnYscCo++/zsuEaLsx+7v7T5KeyBBpxKb03+T5X4n3Xuka0Qv3C85i+NS6H8Qjab
mOz9bJFLwVRh3tIjGEvGsyBQ1PJ5HTpFQp+rmg4nuKSiqO7Ll4tXZ5w+LsYtehuZLrst3K3+Imo0
rctpzvgQLXFyngpAOO3wuydYd4VoRR8yNqbEXIWc2sjWeJjwWuUBMCHBWh5VpHGMD3vw0qvqLh4P
fMOplo3VrrnO+/OlFFpFN5XYrutQ+q+Z3jx/F3/zqCURaPocL0XuU+2qi8ZEvZINBnfGstfU1cyx
/Dqoaj/imhy36dWFcPe8gEvcS/bJuCCjZ9iCI4kCpRuT695eujjw5hJnezr1qgb8+dyoTh+T0TWD
SHNRk+LZqPUXNFh+ngOUZQ6f3pjOtxAUGapwC9r6dzLj4tAnLbQfv0BfBr1seNwX9+Ecahoc+0Qx
/w30I/CNyHExsWfkW/TkyaeHxxDViUT3UsIM2e7oRndfklGqZLkqI5yBR1WZtTwzwIxlthg6rzd3
pPkTW9Ibxe5HVg2iDU2LPlwrDyWYygPwelU6CRoPt8x9XIKbAd8e8SJ6hZDip/zcnk2Y591dfMnj
NKflk6Eb8OYiUXppKVG7pe0ALwKGwFARYylT5dk6v9h0BiISwcO0+CIP+TqTxfJvH9fIbunW0bS8
dmXRqFZaypyfQkewJI+B5tC2tnXE5iVHecnPr8Sla2sIsEbC7vY2T6+NlIPcfNOPcQHFdHVR/U5y
4TbOJcdiXTS98SeZXDNt58TIAi3fAsjw7uRI0hhVUZzwfiK9XXLivRms7WLL8+nTyPVh3vQCK1Cc
ogheQqNzwadiR9oT1Dl9dMThH9dP9NnzJ0/eilBmUaGIs7HVfb595wyijCZcd7Q8f872vkch3kMs
nQDPOdnictk0EC/S6jVFwHK28ZrxWHnt0QjG+RtGp2PtOcZyOiJ7r51keJSjpsObs6ATb9tCrxBD
WNDZ2WmO554jOI8FWkp8wrtAM+ezoLPuqTDeeP1NsZLIBQlbm3fcCZVCK8U1O1cOFxp2hmOEIwTw
ezhCwL43wjHDEeJPwlGlpq5jv+Qpr0lNz4g7ELB0F/mr5HFECDglJUZ+wPjz43CK89zmUYNRQC85
b7e2HGMcO3lT6jM11x4Xbl5oXbfZvC7Yw9bmueGhQeCdcMs8BVs49pYegaHtWECjX01phZQMWfnh
EKnrZTLCWoQtiokTT1dEHk93PisxzHiKIq/UO+vki2Mzy8rEE31NMUXJ6HPIUXgcS2E6tkh7cH1D
db3hh4b7AwPNH7fvvEHYN4xfj/LQtuS1zInXDOeBzumBtdNvTJ9ORupHC3b6p3e1bnINmV1M0VMZ
WX8A5KOtiADgmy1yzbL22zVJbOmd5IJbZUnbXwyjUMujUXR/KUORVZRqxXPjJpes23OdrkqOm+p6
5h/H1p8RvQlbYP2kUh9uE8stnpVuQDpBTpBVdPoMsktM9SWTvIFEmf+YofryG9byR+b1lrzaSL8L
ty3EB2kil3Uv3gjQIqi/YcojPuiQMQJIeFc3NcJkdanypiQeD0hZrKHCneOhjWWqWxndqjftrJ59
TDmHw6Or/alkugmfwm+eOVtsUvKkgCVCkK+jQzAcOZ009lzrLLPEkAnd+c2xC0F4hvDjvh/oeRGt
S08Ab2MHXZRqCwy1jVuE3xx3M1oxSeJ5gLrwGl6n0m6hE0xQLGhy1iE6u/HRFFaqymNaezsGuTrw
g2K89sNTHWLXdELgV6fwLi7mHtPSlzssfXVKJRKON68ddocyuMepr0HJlOwtWdNpVagYR/BNk/ep
d6Jq6LkzrORltjN4rsql0deAmYwvvu5G9QJLsiwQpXk2aZ99XkUR61fzauvWarJ+4Hs4VXQ+QO0Z
rkzJcR0UXaZfx2u79shPCT7kjZYE0QPUr9ite6GhXXGTduouLeTulgiPFzMLWZT2ZMmn1mG5yRFd
wXk07vZP2N6wvO6zNXUKvXFVK5pCAwXhZy7gp45YJg4swzLOw3Yre9GP91jLW9792hHD4vzz5UWg
QaGKp0S3zHw3qEIfNS5mLPaSEwq25tP4qTYuk8PptylPBSXFFeRY9An2HD/xcJCn5BAty6KwK82s
ZTn1bdXg43p9L8qzms7ygv2y2adrrydxLnlRVgVUCUyXJT4VJpIUdeBEJCNcpAzy08Y2IkWJz4TN
1F8ooInnP+7iP8B7rSXHyhygcJIHv2vUld2z1OlimaVG9CPZdsqUgu5y5alLL65bFizfX5vXs53l
nUzpgz2MFXhoaksRTEVdMKigqlHAS51IsJlf6BjPftazhfSwyXXi5bYXt7hJy6hY49jiHAR31Lj9
mIeLuGenUtuKHzwIYZTQiGF6fecBK6O0YEWv2yGIiJ9xU7FL9LoGnvBYBnCcxCko5ZqFy1apAr2p
Bezpk7v84AIGP+fskfsJ24e6fXGH6htPPpqrmHIdagyiYbMBEa6+FpHRC1Ie4BYWe7PNvsHixVBf
rkHNxO5cPJqxfOv1S/uxoVWBACfsjiFK9fqwYefBMFebxyrn3C295VpYzumMsOlsGY0Nla+UXIJb
Y80P993d8g7Vq79p3xVid2XJqQqxQxLnQcJpXVq7XmKHZB1QHtlgX6y4kajYmWdLyWCw+ehCUUxJ
qMoFctT144QRjPInnOPeZlwQeJhhafohVk4TX7XYUWMy/FpOMP/lQju75OHOW4jjQqlTR2o3ivMc
b8bOyQtUlXY+mU99nYG8/Qh/UkP4CdRrNC9S+0r0/bYrCqYFfG0BaUnCz0Q7aNc+H2Iivnk5fbih
cdE34qMzQ6Ao35Dq+ln3Oz3tL3LsDNtCktiL5RPBfXaON+9fmxnLqT6bez6ZFXuJkZZ6O7lWfcUg
IFoqYoYOrrG2TUnFheON6aMRf73/Cvz+/isA80UJIODP3pRQb7YZQJANznDx5pufkKa98bogq/+6
qvErfMHiGxQ8+ZdYdbrFc1UiBS4W6wvfyZ+tU7xX/zrcoP+t13ScY27VEVbe8463LHW0r3CLvRBo
xnLMerNkLu5Ke/jT5SxKjzjA8Wu93LI6XM2u5Y9dBbbPpuVGC/j528twxZw5xf+cYKwz5lx+vgvH
heOLJ0E1yafCm9xxc8OvPNI23LKe82woXblS/9GINKCd+FNqt0qXioCm7COIYPlE5hTng2AyCgf1
JjVKhUEhfv0mjeb3wWrP0psV3ARZSCbxwy9rLbR3ZZ7RzJ/x7v1gqi83LtqYRUmxjGt0c0FIeBih
Kc6lrJ7PHa+RqeEU31k8Rmh9QfLIneci1xNu0sPkrxNQNurU6GWSR+M74p+3YpHPD1GLPz/QA/Ax
zn746tQSS6t1RCOpRsiRECYTGuXVGkEohEs8uV2hP5JuxTmg7SYurMbPm9qkLyuEu0nldcaTx4cJ
CJ9sBdDHtMmQlRLfH5NUMA4ATZq6IiMT5PjoiaSDyISaTgw/hb6nv9H/1s51hAi71ef+LNXGLfVz
8n6qJNw5fIOIpflDNmdUaWxMmktgenhdsslddI1JrSN3n6m9uRd/AkJbfHOuQEXbwmcaSMyYfcdi
wOKRfKGlmtvpTufBSIUqOjEq3Nl74zXeTUuxZs55lFSrSQybvYLbV/mOHML2cVR+wb4qYCSFtIpZ
cRs2lyfDOUoQ2pxc3YIkDqc7bnA4OOy2RKcMjY3CHa/z/rzvaR+jKg4DCmsmplqGGgYuS67dat4h
CBKkzY5kEmeS0Fk/fFq1s08t1HHgxLoyocfZeiMrhJvkUK30Odpx/cZYCafIZdEUycKCt9QTCtoP
dZOfE/mH6xTyHHGtyshbuJgIpl1fPOqi1d73OFhsDHtUOZREAH5KMaF6XsNKOTEyvJPyxcOeGcnK
KTsnUxMXQS9deXWm94HVh4ZRGlOSW678h3KMuSKHirbweO9lzoXUgnhYWqfySoZ7/N2kyNwtb57x
cr91UpCGaFI1yP5S/fjwVkbI0ws9RuOr+ks0nuGGKwIclzWuJ3kS6Mt3iYc76X+694b2dmHGTSV5
3I9b1ZOjjYo5fU95LFLOzaqVYz+3BstVqnKtCVKW+a3Ni8oivXdwNlLIbDCW7N5K/LJ4od+f8P6w
0azmZofiO29giuJTQBmbG4jZujLq7u4BQJFQRgQEdAGPT8XWCb14GQHoXg4oGyfG3afDKuhmlKOt
s4MRyhE9yHkHWyNVlJMu33lxSUY+NZSrE/o+CVcnKdUvtwJhe7dI2qJvB8K//AftBvhEbWxsnRx1
gV/elscDAve+QHtfe2SAkL2vL/vgF/jOoUf48ke/0G+DfBMT8d8VCQz9QSQw7GeRQHuygPZkAe2N
D9qTBbR3K2jvJtCeOkCIva8vr2/jgfc0At4bBbw3CnhvFDDkJ1UAkT/pAgz/7+oCgvhBFxDkz7qA
7AkD2RMGsicMZI8MZE8lkD2VQPZUAoH/JCEY8ZOEUMB/V0IY4AcJYcCfJYTujQjdEwa6Jwx0Txjo
3vxC90SAIn+2Y+BPosFA/13R4MAfRIODfhYNticMbE8Y2J4wsD1hYHtTDQf8JBMM/JNMcPB/WSb4
jzIhfpYJDvuJYTjkZ4aR/12GEZAfGEZAf2YYsTctCPBPfCMAP/GNgP13+Ub+uPKRGCsfsdeC3GMT
uWdpyD1hkHvUkHuSI/dkRu6ZGfJnB4CA/yQoEPBf9gBAwI+iAgEYsgIBXwMW4GvEAkC/fsO+fv8s
1F7e/DfH/V0mxi9CMX6RypGRT87c2JFRF+/ryHucgL86lj3lwva0Ct9jAr7HHuIb6b0+FxjRxJ13
Z+pHTf5dj+guBk4GVram32h/VZX47tEIjF91oIByMjBGd2MEAn8W4efQ812DeHxK5xUYgcLC32fw
p55f9Lg7J0ZOjLpAOIwXjnakUDCAFwgFMYKAcF4I2u1AIUBeOHB3SsVsHYzRlcWXiQag/y+KHkdd
RYZ9/yMiDI3s4AgOPD7V3X67M6fqbOi0S1ne3MbyL76AB/EFgsB4geh05jtfCBgvAh20/12+kL/n
6+e48JO+ALwQdOiFwOC8APTygUAgX/QFgSN4YVD47/nanU4nBwMjS5TDX9ztHfrAZ+TssLtq+H7P
489+/u+6g0F5AehcBoQE8ELRaQAYAOWFo0M+GADiRWep/5Nz+nO++ze+kBBeOAKdqe3yh2YPDILw
wtDLCYQ2QQTiD7jaPY4FhfqLLytzI5SNI4rH3MbE9vesQQ9iDQKE8YLRsRcEhPAi0GELAofyItFO
EgSC8ULAsF8wt7tO+YCg/aj9EB9U4F8Wq8oPruCHxauCxEP+/SrowIUBQ/KiEx44+guO1h3a6uCQ
3f8jgGiV/mpqv/C5H5ugA20dgeCFwNGZCAw9cQC0i0fCd+cLwghH2xMMuq9SIPsRO9BooWjHA0I7
om/EoLua/y0t8H60DjTE74KhtQZBpwTfBIMhwbwACHQ/YrD9iB1oWt8F+0rsq2C/oQXdj9bPicev
BYMh0GYM/kswBNprgSH7mjFgP2o/R5lfS/aV2jfJDiaG3I/Wz4XlryWDwnhBsB8kQ/thBAj8Ly9Q
0M+J568l+0rtm2S/IQbchxj4wBD8XTQIGG3qoL9Eg0J5Qb8MdXvU9rN98IH+47toX6l9E+03xPYV
7c88CBiINnbgX6JBQLwwAHBfavu5EPCfuZCv1L6J9hti+4p2oA/5TgyIlvEvCwEh0XFjX1L72T4Y
elC4AMMOCheQA43rH4WL/SwL8ieRCYjkBaMD3HdS6AQOAf9VeD8wWEAOtCsQGMwLBfy1PkFolwNF
x5f9F+jvMxwHEyMgEgH5bSIBOdAGwSB0foquH79xBt71jQDQv8sZWsA/4OxAg4UAAbzoEgmGDqgI
4G4CC+YFo8MRDG3HYPivTPZHxhy/HirnaGRmgzJHp667B7kZoqsXPgMHIzNzF5QjHwgABPMBkHxO
Zih9G0cDfXNHfUMHlAGvmZO11e9ZPzCEfnMjUHTMBKHrwz3e0dMPQGeUsN+ljv/jvB8YksEQAC8M
XbFD0QaARNeJUCB4r5CBo5cL5FeJzU8Gscs6mi9T591j/wxsvnCP/rd7JKO5o4kDCrXHvSPKjg8A
5TO1dUE52Oxe5DFEoesMN5QxOj92QrehnHjQovE42rmZ25j+XqgDI//3CUFHDTAcnawBgOjoga4a
YTBeJPhXSc3/G0IhDnKzEORBbhZ64LL/R252vxwPeuA6/kdudr/UFXrgugPB0fEa7e++5eRgNBEk
utjdPyn/I2cGhkJBv50r6IGr6tu2xbekGoK2SBgAfkBW/QsDtHFzMrdGOX4xvi/mZGDkhHYH370B
2vKcHfmcbaxsjSzR5rV3KKoTimfXUJ1tzI0MvhwU+GdOAnrgegIC0E4YCf6eSYPRyRnaQRyQSv9v
i3Ngsg4EoUMNAMK46/uQCAQjCD0rQHSOA4aC0D5vXyMF7rsgDkzWv23JgNDUAGhPC4aBeCG7tTsU
iLbS/ZOx/dYEDHCQl4ABD/ISsAPX0z/yEvD92Dx4gXy1KOhuZoSEo1UP40VHfSgSxAv8k22qLw76
+3GrvLu2wmvgxHfZjk/ETgiJBP/WQmAHGzw6Cu5GRTAUbejobxDaswDgu3MHRfO3/5wh9qN2sD1+
owaEojUPY4QAAGiNo/8PQisJ9Ds/5vjzgbrWBuZW1gY2fFbmjk67e0/fDnT9vU4OtmMIugRDV9x7
23YQ9Ddyt6TY27Xbt5wG7Ve7ww/e9/2qEiB6kaDzUkbQbnoCBDEC99LCfSdgP2uEAw9aNHDQQYsG
fqAl/6NFs5+dwOEHsok4iE3EgSXJP2Jzv3oQ8QfJBhAdnAG7O2RfSQG/hMB9N5T23eNBQA5SCQJ6
oEoONOh/pJJ9y3HkH9S5UHSpD4f9pRMoFIKmtb8177c7hPyDQheCTuDh6GLkGy0IEp0D/7IYOXi7
BnmgWX2t2iAgJHpwdJ4DhX/xkxB0rEP8UrA/KydhoN8/CEH+gRGC0UKjE8TvOkD7KiTyX9/XQR6Y
8aIDFi8CjPiaTsC+B/i9dOIPgtkfHfz+xdXvHabNAwD+XjsHRvpvLO9m0EgwkBG8m6cCdx9joX36
LxX0T1j++0H3PADA77k+OGn4xjV6GkHoVOZbGgr6UrP+s3z/69HztmY2u2fU8zg4GV1GGfK4OzjZ
/RG/B2YRIDjalaD5BYJgX7IICLooAqHLcSAYsU8W8af8WptbWaEVDEaCwIa758H/vl5BHlhbIg+s
Lfceaf+H/eh+sWXvufn+OkUvKggI+H0DC7KrS9i/t7V2ILbF75/cAf5oqe1tDqHTJyAQzTDoDzeH
/r29wL13DvZ33hAgLxSB+Lr3A0WHCAg6yQJ/3fv5gyr13/Dee69B7M8aGJ1sotOMb8/XvxXQ/87z
9T/dp9x7xWPftbL3zse+i+WHi2IGjqjd10R237ZwMEc57Mm524LHJ2FjZGuMLnMZgXtvPX5nZbcP
8AdqGO9HfLuTT9x8F70FZWOEctTFA4KQfHa7L7VYoUyc9n45mJuaOV34IRv6ayAAWsO7VBn5tLR1
GHkgu6/HMNo4W1mhFQk84BoIbc+Iv12EI6C8gG+XwYy6e2+j/PoyBPMyGMILRTuLrx2gjLp7r7H8
+n4Y5uW/3w9HOyPQ/vcjGHX33ov59WUk+jJy/8voifj5OhBdrqKtFPCX7tDK23vZZp8xQBjXoVAE
7y7gIvi7FOgV+HOnLysTAoNBod87QTA7AWC8MBgCCfmrExSj05dI//eRYJidgAh0dQ6E/SAYHKMT
aHdzFQyDIODfOyEwOgHRrgQGB0DQ9de3Tsjd6v+AWQYBftEBgETTAsMh3zsBMTvBwOiaEQaHg76L
BgJh9oIi0H4YBEZ3/t4L/Ite6GIXjASgtbXX64fXgn7Ovb+9BPWXN9FSkP/+9w9oXyos/PVNbEER
V7vdN2ucGA1RpuY2QmwLFU/ZGM2Nhdg0oQoABbtzKDNzaXcHlKq7opqRu6UR0phNRBh9lwGaMorH
1cCOx+TLn1E4MqIcjYROn1ORlzy928GV39XazhrNBqOrtZWNI7+rENuXW/jRv3eb+dgYv3RxshRi
01I4z7jrGy3NnRjRyTAvkAcI5mY0Qcc+1GVbB0tGIC+MDT2kg7EJv4q45NcB0f8TYvth5+Uy+ItT
BSKRSD4ACK1mHnQPHkc3GycDVx4bR2a2r/eZa32/zcaR9wtPe9t/WnxAXgDfN0LohMDIwXwPkGj3
/waGts5OQmzGUAMYHAkG8UANIBAeIBC1i9sDAPAgTKBQoDHACJ1ewb5RsvuBw7+R2nX86EQETUsQ
/ZP/vIOtsbMRykFY6rw8o5SZ7S7Ozy5pRiQvACTI97cueF/ukEO5oRVj7CjMzrF3/XsDniDfT9z/
5+RBz9av5UFbwVfdCaL78CugQ4GJm7iBE0p4dx+VB4DkAQHUQEB+IIAfCOcCgPgBAEG+n3rifbn1
HNomnVB/cusPPX+41dZBDW1Hwrv7sSA7R0YXtF3uCoxmDm3eTgbwH+792vV/Ul8GdgoKB2vM2np3
Hez24xe3NXLefVwjI/6HVPj+c5waG31n087ZwWrv/TojPpTVHooZmlUgmk9jI34TWwdrA/TgBnZ2
Vl93v3ftDz3x6ItO5k5WKOEvPIlaOe39sDLfJcFvZWBjKsTmymOMMjFwtnJiE/5TPCFGHsbz3y4x
qvx1aW/arMy/zt8Xenx/8YD+ZbQ3yXtsqKLsv/HzZc387eYvF/l+vAX92/gHi/gXhvjbbb8wLb6v
Tmz353cXKYzH+B/6/OcG+isuoIOMENvlXa+Pee7/X2Hnm4di/5UTQ6e3X9YcWge7K5ZdnH93dQOQ
6KIZnUt+WdhsAAAbuhvaI/ymx9fFy77vGkf3EXV2MkN3Qf/65hh3f6NDoQXafHZ/qu2aCfu/a4Qc
3yOwK/oGPAA6bwbhAb5/dl8QAkMZTRj32oBQyO5m6ZcrNl/bQDDY7qPwv7UBoeDdhPHvbWDI7l/S
/K3tS9ef24CQ3TcafhoPuvsk7e90IbsFzE9tYCTyZ/7Q9/6iDb6b8f7UhgRg8AwDwDBkg+0+8v65
DbybAf/UBkFgtkGBGG1oVWHoBQiB/ayDXagwTLpQCCYNGKZsMDj0ZxpAGAL2s06BMCQcQ144AIEx
H3AgErMNjKk/+O7u189t0N1XXX9qg4Ex2+AQDDnQGS1mGxJTNsQv5g0BQGK0gRHIn3WA1jOGvQDA
SBiGnhFAECYNEBizHxhTDgQEU38IGARjfhEI8M/rA4g2UwwaSBAYgxfk7tNRjDY4Rht6in4eDy0v
xpwDoHBM/pBQACYNGBCTF/gveEbAMdY0ANPW0O4T+bNtgAAQAGYbFPiLNgiGXUHAkJ9tEi0bDGMN
wmGwn+cNPR4ckwYM0ycCEGBM2ZAQjDZ02fOzXkBAEAjDrwHB4F+0YfpYCBSKMW9wGOJnngHopAqD
ZyAYiUkDgvxZLyC028W0ITjG+kXTwLQ/dD2IqQMoxvoFoZ3YzzYE2nUIGG0IAMY6giAxYgqaLoa8
QBAEijGXu4sVow2JYS8gtCFg2AZaEAydgsCYNokOXJj9oBh+CASCY6xVEAgJ/Vk2NAnQL9ow+gGh
QMz1C4LAMeM0GMP/ocdDYNIAYfiwXXxrDHnRZooxl2A4hk2iYzeGD0O3YcQoEASA6TcgSMQPunJy
MDC3Qjl8+TsvVXN31G5Sw8inYmvrxAjc246QsTGxZdz7ky4+GXFGXUHQOcA5hOS5c0igOFQcICEh
BkNCQYhz58QlEecQIFGY8O97XMD7cvSCgYPTl1QKBEMCgXisrBJKkv+Hyfr/wufP4K530YT/OQDs
rgXuj/8KQ8c34Bf8d3TQhYLh0ENo7wKAQf8P//W/8flP4b8qOA4g8Cs3NS+5mwucBHcHPnWXiyuM
iLW5pyBYEBgv9IrUqiBKPOph3Frv9hIWe39efOG9QdeIm++kWQ4JCwqeHb7Pdnpq0bbUBDW5YnL8
xMD1q1deJnUuhIiD6EU7bHOnEQri+LXVMXzYAsuhJYfgDDWU/SvZJ4uGa1m5Rj1lUxuczq14jB9L
XVacAfkybREYhd18DuARsBV+UNE5wfVZlCFT5xlO8j3qhC3HM5eSnEMm5lbk2G7UM74PG7wVD9eM
Oqf6YObiKeTlNnjpJ3BZTJXXYH+mQ0s1/zT1JmFrO38M5PmldyP9L1oy8K+YvNV45iEjF+xrfWGo
p4mxD5EVwsmoqMQ4LzHN5xtDrc5RkupIgcVLzHtX+wFn8UcGpaKTvYVMN1uarS9cUGxVHMlsqpOz
8mqNS3jgg1i6z2LMRXVDObxOOCWwOTdEp9GKAL6WzSQvJxvgXwYje7kiJNSlaFr+2Bh155THGYcz
UvBl/PecTss2g9Rzd+mSBy+yvKlkPmevX2cf53rOFDyD+Dhap0kYiVUi/sIJlZcfgiX0Ce4paMNB
N/X8bCUuvslxpE5RepCOokioak5hE5P4Ma6UE9NkVGn1Q7xDAmcuZWerFxzBskfJAN/yWyLmiU/Z
q5MazZLySKffDWdKfQGz9zvFqGthCMzO8/hMqAHjtiUxWXA2egHO52Bg18y1zn+neH/sUL6uvsiT
WpwNmmj+mE87DK+5B/NePlJrJRHO9HVTJcPnxTrfdANvXrGMNXDpFJJ/QFb7FjkyefJOZ+tCvMZV
XweJHZ2ypFFp8XFhy6RTaUf59CcjLE+FankW01+8H2IPIa50LZw8bBxVm3CNkpZJMTBp+MrY8fFk
OoPXn/qrZkQfL9rQpmzLXG4OesITV/no5A4+CuZ0jSCKQZaDO6DZ4gGneMfz+gcr4PiHW3gLRUzh
npPvN0WLFmUE8NWlo/G5Szu12N9RGxtA3954r/2SOtAn4ta124G0RVUTxOlPaANj/BMeXyCX908m
SW7cap86dZ2EOf6VM63bwzutXQuKSo4y/pJYm+Qhl9RP9nMrVnb3dRKPTeeRJnRcHUFWnJS898Gv
X1DETbHGy05AOtdYtKNBhZnj3KdMK9nnPZke7M7vol3urbD3NbGS45lGGBdl4B5pUTIzzDgRuwgH
pZhqUL6wAOnikM6+7Q7zcX5xR5W12TxrOjMcios3/dgY29yMW1jYj1XfkcWsgOCKrI6iB56LQgXo
3Xogyk5B7ZHrAJfIzu2qsFtYIdgaT/hvv0ycGo8/LSQuonQ1hxAbbziIrfwiTZEW/5mn/dirdpse
q7WX+4slFBSM4gPbZwSom49kOtRIvSSvPjPX6VAhSmI8Ht1vpx6nbDWEM27Y/gggMott9yrXd+RK
dQvwohRnhCuAeBoQUKpUE/mZITN+RbrXfUuISJeM4aqX9Sgzr3H7DYPwNaFBnnA3s4KB587X3kjI
XDl+wvadYW0X27GFzbBX1ET9n+twK1leaZUzc4YS+awxsmMBb5yJz0kK9YRwj/sd7V3euRZ8dNJx
AmsxTvnd+zNCZg9mG7ybmSKhbY2xDOL983nnoKennH3C3/eOyI7S0aRcWdJnjAuTXzyWL4yLejxR
zZEc6vN4ooz3cfxJpZtpGuFFtXcTVaYUQwa029tsN0flnUJXlLvLlxzEC+iU9NScHJObt96dVznj
y6GOkjina6uuTWkdlTB88VkDDD7ygrChAreLSEVqTJa63W6I5jwzdXD1q7T3FFsPmIR0LlOlQh7P
rhMPtKRV1onMrnqcVuisavPc5Hc9AmF+ITbbsjH6cibx4pPtJ9Er4eRbRY6+WF7bBKODGyYHAMHC
EP8+EKy2tuMAjNi7J7e3pBgMa9p0zYoojW8x7n/drvuciBhXxozd9/DZxu1Pg1hEynmpEdfidKg6
Sarr5z/N4Xpj31ofaU97ShHYlUvEMdvShLMxNci5CqKYoPKzvxyyxG58+KGMIiWPxgC50HRtLcMW
w9qryaiFOrErHIQfLEKSHD/71l+kr3GveF+8wlR/xfxZDXfgR4OP4M/526bOTy9uVb5PmHvnPswK
b9W+a6I4P9CPd+GEx6bkcjbW1U869G6L+ERjjlxFiKB+6l5OAtuFnqfjF1DqDzivcY3m1mSGvCJ2
9ZZ+78/RXAO4+lHgNeWzeaxHzpbcT04KXGwvkDJ/mEnwofxYDhZkRZ1DFiFToZntf7Lnbs8qVen6
u7Qohsd1n5ZEL3HIP3iHfae5X2aHkUiBtYT0qdvHUYInEf7pIZfWjIkLGI+LfXp715bzsMWJXHLq
4IkRL9LAOySvGBg5m7Xn2ahYpvC026JFKHXdOvqA5K2HbkOzm4ofB505tPmcSI+/k6iXfpNKbmlN
rPKSpJLC6UKROeZLwkVSTWfGTFU9HlqdpgXqn/C6XZT5en79Hq6uXz6rFVtTzW1WmeJTqJOLo7OR
Cn7ME0RJ53Hkr7KW8FpuLUTyGAgoU6y1BHfWs98LumWStjvE0ytjWqTimgbziXdv9HyeiXh75Eu3
gC0pMtZgZRgJQ5tinzjCcFuULDtaaylPkMYKewUuMfCllwrFJLBYalElUqGezVEVRq441zCYeHlY
qgcUyWMooBxtAGcQ3x0jsfXLGN6anpldGaTvcmyndyZ1YOq2Gk0qRKYBdkC0RAV9HPeOX1YQDr2A
g5+b/EzDmKsw/cRiVx3P2T7xSm2O2tHqZV+f/AoKKVFrb9+K/Nc1MblwN9FONk7+TttkdufLNg0y
BXH2s3KqFO7AeRps7pc5Cl6K1/00JKZTSM22qU2N4DkLZT6yXRW6RnlM4R8J2Wy0KTuKpF3aeGKK
zSOfc914PmDC/rxj7kP9oaGVThGFMQfNy0aCWi/lpu9yx+W1S6lnrecMzBiWvSpNex9o2yyCe3c0
JCaTxTLrKiV7UrHZh4ZYyRXAC21aY2LU4RO1OYUin7f72wr63PMBKUOClb1jJKXF+WZcNhLThNyh
KnG0jg8oS9+VMNegrpj4xjEGbJTZB8m+NxalD2K+qFtHNCp+87iOshZb4XndR7VFUU9OT7xexXOE
vCgs4i439BqPcfR4cC2muPeaOGVvVjGnAbMkqbKlXi/4+S09jXl2f0RmJtU67mc/tzolstFKuxEc
+7jswydIb63XtRkHS70aZNJkOGH2eqog4GyuXraT37rW4c9cfl4kcMLI2HClkXfcBEeCxBJRboAk
0oaClzOitPnci3zFrrSK7/BndbQduPmfwZ0QJZpsY1VTNE/p7zyTcfVpRobpKdBUPlIh5zHwvKg/
G1UHmuwYJJdKaH4XcJfGDVeu4/AA47JJ83Hvt3m3HwstfHAdP9KdYuLD4aYqU5DGeE1SPf9+r79O
H4mBfNKFhDYZlbUjb09u5LxTONeoodRmSeJUcl1uU+/OBEWE0+L07KCVXzfRHV9Yiyftw/zDAyxK
pgKFpx7H2ywe953w0qbBWfLpaTvflD1zj70NGsNHwPRmhe0N78QJ+VyaxUR2x0jl89jDgrV2et5d
afrPCdzXLqq9JBcRvlPnM6ucO2+na4Hg2JpurrXSHMzjvOnDnPAovbnVZJElhNW0N70DGeHoK+NV
X4n3OvHz+/rpjVM+ZhNaJdK9XE7qroMWgeMeK8xyh98P4X5IDj+nK1r+KWWMXb3rlr9f89T7Qgcz
xNRitSG32OdHZ9QfKyrmbmN1tBTBKa1rCdKb1DnT66cn9BoCarog5JWnEXMSgyeYJOzmkPTlN4K4
Cqe6KdWmLzZRvxCzNz47EKk1EK8Z0qtkOIvlbJudNRWl7PUuJyRdYebYzdjqdRTzShiNxZZC1i0x
jShHdrd3RcfdASXRNbpdd1q9cqZYW4mglWajAjeILWgLLS5vKg8MVdGP37n7NCzVLGS6QnBG71Ul
MEkEsFB6KC9eW6V3zjr3he0KQ+oKeeC5W4+tUuOuGfkxSMWcmBB+NU+zmPGhufZzs6RgSF52MrOO
PF1ulBiF7dnzpqKqjR8cd16Xpo4TAjMZg2ymCHSO6W97et6iO3Xs1kldl7VNfWzbCpz9kaSBMDDw
V39l9g3s8o9iV7am3G7sqprRnF3rcJE0lFAhyoLD7XXbevNm2DunjR2uSkuLnTuCd0hW2baRb6Hk
EIe2g7u5tamY7DHK4IW8im3xWpYUpp3inqT5rTVEStRMSt1Tly4aIr4ITxeZdcRFqQLlBGNIfMua
Icq2bxyu6v65qLJaLtHd/LjcXEr69CRSrO2DBIi+1eEun4d9c2TqGvxl+GcHyeXyT0JbgJ2sy0IL
W0PBC8X2gTsc867R8ml3mOZDVjsspnFys7XcT7s/tuC6ISTUpBSSnx/dL6BDLQfvWdb/8NpVNabJ
gHWQcoj7YYpVzETcRWEF3mXB5HWeJda7uaxekR79VLr85aUen1y8229pujsyzDPkXrlyedl16+7C
8LaLs4dH6XUu77WcOyaNLHSt5fdd3Xfmi718FkIfXBwcHrzw1I0ueVSXf/P9/HslPT9eEqhf+ZWY
4TdPy8orGVMac6OSO8gIEmP8ot4S8LDQH74fEnUxmuWxWHlNJpYw++Bzt1szPrE71WtW4cba0Z1v
HSIfmlNMuX1+px6dWnDntAgdQYRneILVIhOuGrKP9F29VJwXTxSrtRXPk37ZzJRXsrm0VBd82ouM
n71NWKaWN6EFp1X7ZIJGak4dQeAIHtWrK6zycC319nT+uMo/ernAXtBBan7LxOiRbaHDRXIWZ4NP
NLk3sc/hb6lMv6hZxJ2L1L+HfXNaaAHmyktlkP0q676xA412OqvhNT3aq7AjDRA5B49J1Nztd91q
ulZLEmeyHioFC0EJcWwzKFZ0eO7IEnpHqKufUFhyzJsY0T88psuhL39i3S7ybS1QIR9CFZoWTyHp
Fl0ZSbHUjgJRo/0P02PQi9TOD2Z2I2yg/u6AahIJc8sUBZSGh4mZ0UuNqLDZT2xu2wzsqW6gWHlz
QZrkJzcF2M8UmG+rnL+popYz+tb4RHH9FumRvNuGqrg0txulIh4v6c1oaDhwOTElP06IJn1T0HGK
s7xXeuYmBXlUTfB2/UkFx7VlnYa7Gu5UF45nG1G+mSK3PbLIcYFzZJDxjY11+jNNvceys3guxn22
6rpJoZT0VRLkk5fH0t76TqXqWtKVpWoVlNjQS0eyes6wmPIK4tgwP2A4bqd7au6SsnB8X9JhV3U5
QnoNBpLgkqDTcWB/0ovYJQmmXazcFFGCyPk7vKw+IfbSPGOwVl0OL9PGmJkerfyeDtljt4H1pIlN
xaGJjIlPbiu0y7evR/Sx90/WH8Pdqd4ajxh5NZ7MLU+gHHWYgTKLL7cu3DG3lerGoRsdnidyYNaW
JU1eTj54LlYDbUcvJ2W2hCp/DqB2s1SbOM35OJlihL/taiLnPUGLnHFDb9dX7fT01yQUrQfUdPrP
Ch6hSl0g7uOOKxy4v/pRew2mNtW/dP5acxrHEfpDLqZxaTZ1SA/P46Sc3pFXzqYSwTk8L4lInNVK
HDSnDMmU9S3XBL3NJ/4gQ3Mi5G2G99GHU4zS+S6k90qnzlJM6ofwEm5xJXzGPctkJn0fiuN+D0Lz
zG8xxbr19JM2nuA2RtqS6fhege5Vbf34y8VTl72UvAnnvQzf3sZZlVBfEBfFTm9IrsuYlicxu3p6
tUtY/CrrkeXaQy2UDOOFrqk5hO/vh+ggA19IvVU8tT29zqQyEWEq5USrnvW0giml+m0NXdy6wMlR
++7mD0u8iDFjXEpTyiWisB5foLglA+37pZJWBVEYsfqzwPrmUhyuZ/eAEcSVdKrEplSZRnFnoPzG
9yj87+qkh4iR6r/psbX71KCj3kJ5S3xWIAvSrSlKr05+JJmeWtAh3+zR0qZwxitntZfbJ/tFRA6r
dD1vlm7um7GvM4rCJpF8jfiULPRJSeeIbJbZh2Oc/nl2rztGeMRN33ERDV67d1YgbSCKkf1oadds
e5k5czb1VGAdHh12Dk9fh5ncfViM9YjdRbfjjE8CW0bUTS2o/M5cY+DXZMbicCMjiQIfTompUq0y
b651fJRb2vWY7UMJUem1C4eUbuuqJptsNdtRFxWYRS3TzirKxflFV5iFXNNn33h3KQoQwuzl8Xlz
hmwu/rzgfRfuBxuNt7FZLrAHP7h2jpKtxbn66Qye+rh6vdqC/DXDgPv5vilOI7ewWNu7WMfufM52
sKSfjk47xNjhGsRBYnQ6cTnKALwi43BSZmrNccvtmhGi/IgjOSpZeKcMkbSc+ImInTXyCgI2Qb69
g5MoenMWE6vyr7gFgn9vxIxbsD+LWxoKu3GrEh23sl/erHvfmR+qMAZLMNeBa6QFyhMS48pKS+8C
VaLr8Ce2h28niZj0m3N5sPcdoXcZ9qgIboO8NIG8S1xJ6ElmGMo2X5AEjzFUMGSn9vQZOioEq3vq
20QHWynOZBE81UZySj1xlFzwVmR4PL1sRnGJo/IdtPLNEfdrV4yzpk1EBxzIbsW1Uz+dcSsuHXpV
TO+lxFfMIAUfaF9ILoWPKu6Qz1tEZPf0HP6k4WFetBLRoxGZEDT/iP/GZ/mFt5Ma2tpyc3RR6KT6
5Sqbp+WTRoV3j8O9myv7ZOSWp62qR3m6+z4aAtPm+ILuSL9/k4B23akRheF42pw8wTenNMdZ1699
qIWGQKXUpaUk5UhzwsrYVKvWbCD3TDULplOvWatc1VrIw9ZteCjBkwV+J3nn6quL12XXwYrlXWo0
kxyUhC+aOmXUyedYLlFZsgl1sNlOZaXHrUt6PuJscwKwbdsaIO5eP2omqo8qbnt+fDwhrlDK/GSQ
2ZZPW4vEi3OIOuUeSeb73QaJHS/Ufa8Nwo/ccp7RVR5trhbWZnl0guH4dtvRzmLw9tlU85sfszUI
Z2SmDIl7Di2bi695P8s7dFFeudGQlv2mRdXWuLecvKiUZWAhpey1pzVxK0M3jjS58i0phT6GsE85
ZPirP2/n8NsMInhHGh7izcno343ddCLtbI2iCk+hRT9nXSZEyza+YzOQQ+QBTlrGZ+J3kJQ7d8P0
KjZfFB/GPssmq0Tc/FBDQvmjj+nVu7n5655VU7TOeczRAkjBesKsq33X6gWTaofPjyAdb8Q5mm62
+6nhJljIhBS2mikrMz05ZPZq51Aao0rovdFLEU/CkxzJ78RNkcueqCe8PpJ8mHGNGoftBXP+Dk1x
JPOZSmArx6WbSNVenzgc38f+91zFt83t6DuVT/U1NlQYHb5cFHYzXMPhYkZxDHMgApER4eu2dbjh
qafzHdZHPJlMThGPRxlDmdKOFPs9PXvN8oHVIy1XvLB+YUXyR9VSZx4Jj8S/Pk7EaZ/tfCHE8miY
SPK67oM2YJAcyVnyh8/rcNrFFJuayyMaj/Fec3ku3EVvTpmpX33X4Sgnw3WizcvhbOQfpBtXjgeh
TM8Gm919/1l+5VNegFFImeIjRhUe1AfgO4o8XVZStXS7lOVMrEb9xODhJlKsR47rBMWn11My/EIl
rGSP25u8dryMX6JjZGliwm4r8mB74K2uYm5+lvOp88071h+yC+qdiqgNzyXe40uy4USEcE1PhIMT
+cvG6JqhCu4bwcaXjGfHPuCiaD+fDjxP5/U8oT3Yl5g81GNnOzvPoWXqVu+tjscVHnRvSvk4lO3S
GmTSrz6RIBm/5AbpUi6frQ1Mw3bbmuiio/QiBvnVnybckLHqPhWkmF/d/u7VUaL0x2r9gjcSdY4t
P7LKMp2Y3aouJD/CwqO0+EGLm9bj7mZt5kv/Ijx5IfYQOeTDeWJGhpJAh/N8GRPIovNHUj+yZawG
9h6jHjcK2opialAfibXYyMhaqyK/mUFqavbc6DhJ7Jl8nEbd5vjKtDyVRJbh48+VysqfXqmdm1wl
rCjPpKS7xmZPT7zl9ypymMZRzLHEaKPXEHvBmPdxvETzUahAH3zFSXu6wsUCS4ztIWTww6XJYlb3
wLHtm9ZurGqDXQVX5+ihc8+U4MpJd57bq/bcmC6q2QrmU8GVoKiteuZTMjXhiZqmoWvIXevAGeYq
TrP+iIVDkGXEW361c7TR94R4nH4SjXyl/7i1n5QU072mOD7wwFKt43DHyXVWxVRXuPE9RFzsY19O
/IKIOF3PpcLQHt6HyRb0Bb5sNB4fIwMuMLlp4agE+CU3Bt7wRhw+1GlhD8kkZiInF8clDa7GvSDv
2XqufOcBvM9RkGAj6G3tjHz6XbmZi+hpz8qauTSsGWB7yqiGHdc668qDc4ZPkxmY9CSW38Xw7ci5
f3a/wrYaHs3Ae9Lg1qS+HBiugrkJ9z0iQGDfK5kf/wD9W0SA/1kl8z0ivHx5M2k3Ily/V5gwLX9B
qgQdEEojR24fOno1v0t3s3mTgvGjweTr56ta9KSuvV4VCzyfQ54n44a8q9h8/XFkMpDVuvaS2NJc
ybX6NROI7uArqzCRyax1K0jKu4+ywl/Aq+Je1eYOMvSuWANkHr/2mro7lHu4suZau+GTu+3ltG+Z
2Qrr2hz47w4+MrtA5J0En2moDvw40iY6NDAaunNy3hCqw2tLOh8fMsvTUPLUVV3ydPknk9wVH/o1
XUvBHiuj+x1u5ZuPt4NKePnnMq9GrQSG2tQmpI43ytfc45GCF/RFdj9lvph0q5dM7+XrlXsBajSW
Fst38nRvCKTCAGXh1KvV2urKD5JOG33K6Xd0dYTGyEv1RCxmSj16DF/14FJ1gDgfAWDVQFIOtwZN
tYZr+BwVmusFc3is0t/3fVtWp3ODt7LIv+9eksShK8wmrIdFGFQ6KG0DyXQqmckfG0+KzT7GG6IJ
AbAMgIQ5aM2tgpostk1jzjm7nEgYU6wvOK/Sf+bqRVQwoZxGD+Hx/geANldT7g4AovuSLfHzG6Pm
VPQWdVqc1pwn1d8SSgkslKm0I7imyCo79P2RTM2nC/ifygWXEp8+tnzzuqq8AG3w22esHHSLwtQU
d22FstRCwKuOoQJFk3rc86IbFlj9tM+0Mvo5x1aSumg72kNOVFuxBJ/DzsirgXRlePGzMNNx+SDu
jXXk5OhaFjYp+YUSMOCetaF5OMR2Su2lVJyw5tslKqJb7zcYMuO5bSUjunxzRomW153De2sbdHtr
30rhuvL7c7VMUEp5koTfxpfjIxHJ0gk6NyPdmoSV4XF7Ox1x7PrbOWOgDMD2FjUXKU8meb61eXF2
m5Bv9uVPmzPygvwhfG/PXOqsP6780j3WG2S25bTS/SAi/LgCqa4FvsSC7YJjSNGAXGd6ZtPq6UyO
SL6q5K3X1WxcD9hYNPKWukRlbS6wqJPR97FCyKm7z9+KkYMVPpgq4/JSIq47Rs7JEAJTkKUgXfCV
clLKycZzoJC6n/xK8YkmzER/6rYYTxpT5vN1Zu3wRuArEo2qkUkiri2OXkb+q/KJnspxwJV5F/Pr
hz2D7Y5tQKFsKuHQ6+UkjxlxhTeFVAYcXUgfOttlH6qRjFMI8Vl2j7qh7B8zw3iIsc1C2QCUFNxy
f+xSMcWYdhoeZei1yvcKQECPyqLCkn4sq4e6DIV59vkY5kf4Z453CBIpmr9UoN1ilDEceTnpKJjA
msHt3ct4IdRkvH7sCK2xp+GgOzBvIKe47074RA6qwVPG9hZBGLSEIpgnzgbVr/K+QeOJXCYVQjZk
SE7bRjeGWuMN287JSbLTFdh3Tl60kDxVT2YQe8iMM2NY/dlJeTomkZW8hKab+EMSsopCs7J9o2lI
hzfKXIJm1McfZ+XHEDAbsdExJT89qX0rCS/Ds0Oj2LBt7M1xngp5ENer20+qP1JiCVecWRnVYx9v
PHslar2JeLoaAGElvOyddzanpi/W9COJ/0ihDPNYY93g+oeTRsSc9MZnvSbzw4Gbog6wbeON2VIL
6frjT8OlDO7UHPFdHNShun+9tVNw7jG9biQV5/wkv+sj12DymB5P/Bn4pzpAK9PoZXgt04f3r3wK
YaUmbNBujgpV7syaFl7CeKIG3vSaY/L6seuFmkOAJg9jAf5F8uvnNBW95kpLX7Asvu7Kn8zk0ue0
Dlx5n8DmOXFKMeFI8LvMe6PRchH6C12L+epZUneoie34Yn2uIUpVmOfmL5aqS0Nd5nBxaluePSEy
fg8RJFkPS8+KkFQ8ZqUrn8p8mLJeCfIEtqE0cj+cxD84N7Pj5fnMecNyuZRa45yolHaOSR6HVY7U
qvM02/MshYcvc3FY38MOGBA07Cd5/Y5Igf7cdt10n1HnnY+PhOim4x199O+Q1LtVM/HaPF+tTTKp
VO324+8cp471Kb0uMxzPkNnJqsP84Pa7R6t4hW8rhjKQHSnMeRmZszK8DuUT1xme5HyUQKJIRX0R
nE3+h+ytNzVm8SE9QNaPOkQdN9o/ak36zjWruvcQdSUPBXsWKc6ATKRn+OOe8M+fvxwp2z/uDqup
03ooNsTfw4LLTF/mQ/9UWBC+9pTrlcCajUTn+vntp3c7m3PbPlk0F6453A3X/bxNCaZ+SIUZm779
nSMQivz3EX4rtb7HpqlwkwBJXN9EKS+kMylbzsNYWhDyGRnLg6RDWA/fTvVuL/Ge1Um1apgulOe4
JRPcfMFweKDkxBWsxPMf5tKQkwNDuZ3HNFC3fLdi1PmWVGvyybTUEmu5jVmusrTONgYN5ZsmPgR4
deqNnNP3eF3mPxGJTuKleqi8RU+LGAH0V9/fJiP9LHOkpgN/YmCI74P7tpQtaGFrKCvR+vPGTpNt
ZBiLTPwwlzpusrgzEOapffhZSBhOAoMBZ9V8Conug0zS6P5nXcbe1y87pzheiDTDZViWHcY76qPU
1zez1YDCiTQ2eHuRb96qD9fAmyweyXZI8xrR0VPm6k3+gCfhrijmi3Xd/PIjp4OkiY9NWficOtTS
k+/n3/oJxufKJHu+XOzZhfyrk61Yb+jjTTsMNMb8wjeKInIcl0aowaAXcNlhcsO8zLwdUf7S/sjz
5undR7RVyDYUM6PGm6vImr0Olw3xi9TpBHdojzLreh+D1EQQnD1KqsoQuz1UVsTxjov52JtGiznP
SerrmZxLG+oLK4RFi7o2LPgtJslCp07fKdN+NqIx7EBkUpbDeYq6rKgkMpr8Jh6v3Gg1TqztpUdZ
yYH0DP6Jc35NYT1G3iVhmSuXVKQ9kz/50hBNGPpo6ma/2irCuXZUksGSGUiLPYY3WNZyKnSGF48o
dUODc40lGC+xuoJukUns3aLX+0tyFSbiA2XZpP5XbfIECY84G3DcfNnW3LImWEnbzk3wtJeaxj2d
vgBOf7O0+k3S2KX8IBw9npHwZ7dtZ+FeECd97QFTrXZ+E/JcWiFRrlOx4zkdXLWXLWOZhdd1psVy
Q1vvvGutfP6xEjuuu52EkYwVelYm5LOfuPIYaSDVoXu+Oc9wPSPnGBHBPsfe5K6i/H3yextfYqEy
wB6EYVc78EmoqKvOw96Bjz3YUaQdVbwn4aZffNVTwkizR9OCyVF+tdm18C4WRYMoGWp4hrNIVFIm
ToL4uct6C48Hovxwv7ah9u0wdum2066volwKAIyRKNMhHig3RXw24wnpyHwprtKJM/q6JixQ8KlV
YcuP3GCVpxldqWqbzk97/OsMzuoeBieNVdA1eTyteOv3ujgBgL9I6CVNUCWvmYE7Xj5aYtT7mnYm
0riqwsN+bHUMWHJ0+NOFbfqPdPegz8eOF8Cae/LZrUQri7CgWTefn0GcXB968b5MOZPkYVp2mrP8
a1lOpptzaY4XbUZU7ulpTaueGBhXTNa6nEKR3yuD0yw2BsczkuNJjX8QxojXe6mfhN9Y9S4xdYPp
EEkKoZRptAppgL1QeCI8PLTbblimP4z7ZbnOMQUSH/BCGr2vPNFdejEqaqG0k9w3fPk0PjTr3TsS
mIBr7+UiPRIPw+lpGJ61v8t7+wl0QMSARIsULu2ZuOi4+BK6ojoaRzQxuBjHerPO3rfjpunGK5Xw
++AEgQuWmwu334lKs6eYDmVb6Jjx53YWkD8ZpCyyChB2LNGPVlgV6sPXHpFmWYZyapubTs/clTTy
fS22ZOXvpLZROmCuOhfFzRW7c5bXUQDntLKdX56TpZL3JdO4Rjh+msaR7Sfu8PWsc13yXuHPXc4b
pAv3KZ2nmw2MmV+5cj7ehSVYpSSzc3W+Wuutoe7OzrNb3g8FDChUHrbg2NjRBFUAZguMaomOXDbt
NGEDnsMF5etxhWJvTeyc4uNqfUvjzjUYPcgZNaBBlsRt8Fjr1OWhAfqsaIeiXPXjpuNp94Ky7p17
M/os2P9kx7EjE0bxgWkbxRxTVnwkeXcLsk+V0hFXvD8mA4Z0QOyi23xITXHPnZfUWbAqIiQOcovN
/ajCXrY0Av9c0Xd9YHAo5JmhU32oakdzqZ7lNenu8de2elE1HOIEy5HPrLiynE+Ms12Ng4cWxM6k
tSgozpmHh60ZzJhGdH4kHsBrVxm/AqnrSLO4+faipWpVuamAzbT+R8OA5JOyFdBSHIqC5yccNOAC
tGZ5gi6SFMR+CQTENePjywRSZSFPBR+6+T/dwcaeGKo4AJAXgoR8/7tyzHIG+WfljKrcrU4AcdWk
ZguBBksOg9vq6w6cG37RHdirVxGuqiVQ2Yic8Y65p6ZLZpqZWoRX6VCf79o+H/b0PiJ76lXqJ9iw
wDXUsYF+g1dOBc5HqE+G1TH6tm5c5zseyC5PbRRZYE+thN1MtHUoPoG2u0bMdknoSRsxfzUW6Svx
s8X25bfxT38+rSged7b48lDNhdXaWFSradrynP20/ig27vWk0noFuSz5jEdwqIPR4UsGK0qxiQYZ
CaH96ZWc1gT3ms7yN0+U6vZx5t6gVqpJe6Nxq+lQmjxk+npQnZjdC2HDqkPjYj1FfjLqdJFlHuMA
RTHJiOZV47ujhmDDBx8MXDQe5x+bZ9DToitSf3YqZes6jvaCU1mR+nSN05FTYR2Phzfzaw4THZ/U
03tMWZGpds61QVCxjPLGC7kxitkzgX0X3xseB9k60r6zlOMsqDzE18lEHXfBbSfQHTR6kvoYsUMA
zKJxWNvjFCF2Wuf1lQc4O3ktojd13nqzMZx16DJIk42RM1JThvjY9L64yVskZFR/Q8yaXP7WLX9e
D1g5rspwm+qxsHcbzvMSjIIT9TJT9iRruQ76l83DFO50s+def9kjzrVSSvJatpE0n7npI9xB1jQi
74R5bISwaPtjzyuF/vzjgyEqq5yPslwmVO6FeLqMzpyyfZ5xSVM5ZOc+J6myqFioUmK9pjrQ3hE8
YKJzq7CJtTHLy5HpBlttulBv5QnKSCxtYlfzgsmjwk+on+MknxipGhAEMNgMlPjXUUsM66+U1e/w
TafT0WHY5vcTT37Aiv4/FKl/GznpR5EgGCL9j6NI4X2FsfoKYPUVUuQr3BJ4b5Q/hm86CJIK8l9W
LPRHxUIxFPsVdQm6J8yv4Jt+EAbyszAYp0z+T6NPgX8QBgb5WZiveFR7J2D8aNw/841xCuT/MrTU
b1CkYD+x/99GkUL+qHYkhtr3UKTwvmJNfUWZ+ga8s7dmEHsK+Bt8E95XrKevKE9fIXq+AhztYRvj
HYCbdBBqFcbZX//jmEiAHz3yX3BG31T0FR4K+TPoGfLnqf2XgI++ws19RVT7ClD2FfjoK47Ud6Qj
+H8M6QiAAWr2k7L/TaQjCBLECwYi/0I6AoB5Eb89AP1/HunoO1/fkI7+Tb7+Y0hH344e/IZ09KdH
D/43kY6gIF44APkd6QjNL5rn/9E5/TOkIxDaxtAu5zvUERjJC/ijEwv/C1hHeweIgr9jHe0dILov
usl+R6r+/xfU0ZdT70A/wcv8y0AZfwh19JXY39Bl/nXB/gzq6AvcC/AncJl9T+rcF8Ppz6COvhL7
G7bMvrT2FezPoI6+gL38HVnmXz0F/w9hjvYo/Ygq86+e7P+HGEe7kDLoCPBdpgNBZfZbl3+IcPSV
1h/h1+x3+PMf4ht9QR5B/CXWvsgjBx9Y/If4Rl+pfRPsYGL7AvP8kdf4dvTkd8n2PXry4GOH/wze
6Bu1b5L9htg/gzf6LtrX8+O/ibb/AfK/AaX6I8fxjdpX0X5HbF/R/shzfENk+S7avogsvwGl+iPv
8R3/5atovyG2r2gHepDvxL7hsnwlti8sy2+I/cHx3t8OEP1+5PaXA0T3zSL2hZY60IWAQQheAALx
/cxttGy8uwec7n/m9n8Q7+ng7B0I+XLE6+5Rrwi0xkEw4JdzVCFQ8D7AkX8GkQKGQX/P2cEYWQAE
LwhdEX/L378cJ4kuHffy9398+OwfgbccjJH1LTuGoD3XbgIK3NXdLmdA6D4J6H8LI+sbZ2C0NaNV
940xMBLAC0b8s1O70YzBkPDf42UcjID19cj/L2ANf621PbCGfTPGfbHVDszYIQdm7ND/fMa+L+rL
geb9bar2EICg3+fqjxGA9jEiIPD3hfPBWFC7gB0IdH31FRkQDEHyIhAHpFZ/xBcErcDf83WgcYPh
oC/4It/yh2+npf+bB2X/kXUfjDP1FVBhdwPkh0Cyu//xrwNaHWjb0ANtG/aft+19wXv+AEvkm3v8
Dq6wr3s8sA6AgQ/SCAxyoEYOzDb+o5Anv8HG+Yb39RW9EAQC88Lh4D9EL9x/VSEhv0d6OBhI5+tc
fQn/sL/mat/wf3Bt8/8YjM6+mSH8wJz3H0HU7VsVwf/ACL8Bp32jtQectj9S735pKPxPMt4vyfVf
tPay6/1BZvYLw4iDt6u/wRqgvQAShPwOawAFolP6f2zwf5TxIg7OeNHJ0G6NAUEXNLsHKX4DBYSg
9fFPQQENjeyAf8DXgU7zG9Dmd752QQtB4H+Lrz9NCA7Ga/qG4fPFR0C+o5fu+Yh/juHzJ+ku4sCM
YA8EAvQNxefbRvAeis8/nUjY7z0q4uD9aQSUF47OU75yBQXAv2D7/htc/WlBhfgjdJwvxQE6BgHR
fCIhe8XBPw9Bf8bYge72W2L3DR8JAgR9YewLPNI/XpDw3+ebiAM9MwQE4oWhA9p3tr6YF/Tf4utP
C9CDgcl2txF2MW72kPaA3+Fr96D2/jH4yR/l6AfDmP0dN+qbif07qFF/zNfBTh+tISQ66O890IJ9
30z48wda/zz/+iOAtL2HWaDvsNZ7D7P+8VT+UVGDPDCzRh6YWSP/85k1aF+EuYNTazB6mQK/l6vf
ZvZPy9VduAojY6cvyvsD5B/AQSrbe7Nhf539dfHPkH8AX97k2Bf5B/CzYf2/jfzz0+WvCCoIAOIH
+J+f+gB3cyF0zQgA/4AABDmADAzj8pfwC0X8gAAEPeB+BMblL7sMCCDgL/gdJNq+ofsPsQsD9NP1
XdRDIBAC+ouNXRygg6CGdnGAfr7+dyijXRCgn3rAEBA0GeDu6dE/gAD91AkKR6eZ6JwQjPgRBOjn
Trtzg0DunuP9AwjQT532MIegu0iGP4AA/dzpi+ggMAD6IwjQz512dQxH2wL4RxCgnzqBd0skMAQJ
/hEH6Oc+X3CJfrQpEKaiv0DF/g3hCISp7d23a6AAEPQvhKNdFCDkvvP+g4v4OZf+Df4PEvF/+D//
DP/HwAhgDADAEDxwkInJD6gqRkgDAwRarwBjCPD/S/g//4o8/xT/BwjgAYHUAAh+EIIfCPyX8H/2
v/V/Cf/nX9LXP8b/+SMqv8H/+Vc4/V/D//n9edJ72Cu7VxhVfrjCiOaEUUZCTRJ91dbJ1gidkP4f
JNCvkXz+YwP9FyCBgLvoAAh07gPcDxLoVz3+85BA/0m7xEQJAkAOQAkCATHRJcAAjBP/gSAACAOB
BgABYiCy/BolCIqBKAICYaJLAKAYKBm76CGYSAigX6Ej7BYuP7VBMVCHgLs4ZBhtCBjGeGAABlID
2howECfQbRjoP0AADENXX2A3MJBbgJgIPuBfoPWAwRgIKrsITRjygqGYaEdgTF6AYDgmUg26Isek
gcREi4IAMFBLgBAgDBO5BYSBLgGEgH+BaANBYLb9AgUKAse0AwgCw/6AECSmvFAAJuIOFAjBRN0A
YdoLFALAvBeKgTYDhMKBmEhYv7ArGAATUQmGuQbRbRgIJUAAEgMBBG1DmKhIaJViImEBEZg0QEgM
HcB+gUQEg2HaHwyOiVoCQ2DqBYZAYrQBgRioIAAIEtOXwCC/QMdCgjDa4L/wTfBfrFX4L9YqeoFg
oOHAMJFR0B4RA1lmP2QtTHQsCKau4FBMlCo4FInRBsT0YWheMO7dNQ2MeYPDMJGc4JjoP0A4Aox5
LyYCEhABwJQDAcJclwgwph0goJjrAwHDRDVD/GJNo80ZE7kKiIG8BEQvfUzkKgimbSChmPENCcdE
A0MiEL9AvcJACEO3wTFtHNOfoucI054BYEw0IQAQI5aBAJh6BgHAGP4Z3fYLpC4Iphy7jvwgFB4A
5DcoPGKiUJgkAv1PHCwJkITDoaIAyXNApCQQKgaRAEhAhH/f42cUnt0HLf+HwvN/n2/4P2YGVlYG
1oYGlt/AMu0cbG1N0FWdHbq2/DeQf/Y+u7a/L/4PCO3coeBd/J/dSIJeVaBDu/4UBv4//J//xuc/
hf8z4DAmSew1yVW+NPbQIqwd6+hmMSWbfZdNU966j6jFJRfWEBcT43sNg3xt02G3D6tmPBxbO3MT
4oX02nBaDjmjLH9yfT7XDVr+5F778xDDcNsKKgW2ZfYLLRzxLj1WYSnKYgVZ/nrct7qTL/nMe8/o
j7wqUX5TOc/nJrFwB1D5jKbdKV/avIzemdfo7qhptPi0p2izxcqywlxf9+x0+dDU3b737ufk3lV1
5D6fkB+2zbnzdPt+be5ANq/c4KuFTG51qHduVf4Wah1FxtauLujTp9Rm0sCQreOxEajPII/CO/dU
uxPmpDrZzkcZn1E+4jtfuZTtwdVTfr7YrrCQc8d96LUQPCGLXFf2jO0HmjTDmY2M9miD8YL89ehw
7jdNdlzxEssQBbEPbKk2CzbzIrdss4GW5TmRvNPM8JQ+dT2P8nFbHvkmSxxw4Kkn+JnEgOcDVwdk
L9HANSoySTrHfe8tGh+haYTIhrMQwIay46TCL/oG+rzTEOCUH8Iexqp4855cwIJbxKyTf+xjv9bC
8eNhw/nFrmZBRW9Dmi7zJc8yYFcmODL1MknkvHR0sRmMrmNybnCzLBoOy+nRYCqFfcp+l070gc5a
7ei1zDdIvxuJATzy6unDQyE4Fbf9vV+pqF/wuLb2MvNt02hV/2Qmd2eAZfFVS6myDLqEEsSo/Drj
RBO5pVKIvWLuB3HKyleaJ5JcH8LrlIL6LFUDj4fqKae4FIa3wBkjTzm7zmn1ksRHGl5l8BHIw+aX
5q8UdQgRe+rnxIt9h7J6sn5ool7uA83rE0RJxihz+vrP7iEQ5ZyQQp+TcCwRO/OrLEmwhzeOrJ63
jLLdJINSPwzjzRC6TXznffWUb3+5SUZivgBnf+rrsiWvKTrV02otBctZh3kyPBb4bkveZHIB6p5a
eU2SfCTg+Lnxq4yZF2zr7ZOtJuUYZ67rxBn2FxX6nby/1RKFNN64fmOErieHc85rhMAnKoX43FqK
xdWd9C0NCwdsFPFpNR5E7dbMu6k25bSgysjnOzqy432CNyhVm/LxP4XfT1sQedNhxeuAcF0jMoyv
02xniWVwO06OdPjAoCKdrw2JT5AxWLTgaEkz6KV1D6pbQ1wvsDMVBCQdL+LPKT8h9sFsVtN8rnK1
zOtT/D39tFrpKSf+9tNJIjcnQ6uxo2erhsVJ1abx+UmWUjWzJxMi+K6dT6N1Djt/J6NOG5fEkMrd
zTUT3pWGLVm7ldUODJ14Bo5vUI5+eaRDd+FeyZ07/mLJjY+NacxXZ170vkTFSM7nEy0uFeElGBiR
tNIHtJML1g8xXd6WqT5nhyMtkk7q3k2QIis0nZl9TD8tMR1UNFwOlrgjOY1VZX3oMKXt/XkF3Pjn
XDEgrhZSCqj2nDsp7WuNQtuenuaZG8r99xjFyjUIjmEV6OJewy8K1T/DFMHC7lY1qeTfYJ9K1oOI
mnkmcjO0FZqu1ZyX6GeaZPshjyTlljd/2Eui1D7tyj730cf0syJPt4R2SFzoSXOMFCziGZ7n3iRp
F+XpFMt1hn9szZx4bJ7ebRtC7vD02ltshsH7hUR8Elv1CR3Tq5StlQ+3ZK2UcnKSrKLPhxvGhxbs
iHp24q6Yg4SWAPfX8Gf9k5W0GJoUOzsgcVRE0i5kT70SRC7rGQLEJK9KPF6yVyoDk21vy5rx5JRv
sLwwr5ImLKqWI21pK7/K42PZYGTlOtH1WF4Fd+TFDtEoopt4FGv1mKj6XTLrQVGkQk2YKvs9F+fS
hrVzmRJOuvkO+a+EzLzJ7q2lrdFcdQwKmSWpgHtRzgZY+7ukFnnkyw2KuuL7PdHtqcnxuUxNX+xI
tsJylyj10rpaZwy/GZ6IvzU9T0lxKr/3Xc7XBr2TS/n17R6P8lE9yQsLIh1pOaDe3oQnfgKz6r5v
uYCswYsyZg4Si5Brnm3nUuaRLAp9WS+DqKJ9pvMizNI9YTK1g51NJ87x85wguNyrZvCu6M2cW/4L
OTf5mWll7SwLz4vKk5lXjt2PESFyXbk5h31l5wgpm43o/gBEEOT3w7D/MQCRl2Iz3hEg/pNJrol0
xiKlgYtYiyxTHfdctZpsJKYMZnauZQ8mx+DGMrFEcI/IX4U/ogXP4QSvnPEJCH9h1xB5+XxqwaoO
ENfjQ0iTONiLDhCnqXyHgvRCLhk49IHOZv+lAA9/gKoIxyVL6rZHzsdjYWuUd/Lq2B4OiTo8uBL6
JtfoLiP9wIck1fu6W5xdG4dt3/DADwCtgHwXF4R5mh7oj07Tq7874DCAwA9Y+EhWainQ6SCh3NBs
FTFnvPpW4c1QM+mcWfK1cxw4C5187M0wUMQgC8+pnnj28eveVz8fIz3kfLTq9shAmxMP9UJa8DGN
SrZq75am4M9q6dxY5Na5BhScJGdJTVcNC0tWZuNJeavkn44owBNoUQblZASfBaWm8Z8ShyVyxPBV
Zsvg4m4rHXnQgT8R8oleuGVntXViSH9odUimZ4d3kP2kTHho+eTcfYWsQKW0M/qEj7fgFYinn7c6
W5wGSVvvPskcVcudsemccvnEduiOu9CUyQOCY1Vq3ZWMpKLE94uGn3xa9lS2fLYpctnsAd0G0YId
8SHXvltjOCZsL8XPjJORipyU9R8/z9JDhlp0oVXTOzSiFpvzhCcg01L0ycZyzAjRTaHwjKCCqTCP
G4uLQfafr9f33qy72uZ4XTmC8+MLXzKrN8a3g1jcH4Z2ekffK69Jg9jKITzSNx5YaNoNx86UsEkK
GbFGB4g1XZK62Tx34bby+lWBF+kIxXX/qrLsm8VcCkTNrfIzbSm8NgpQq5GXYSSfTisaX6/LTWlm
ZKY4ss3I/B4xl1iR2p6avkRdtbqBlLW5TtJmqGhY2rUAM4I/I8Q+Uk1hKnARxz5uOderKt2CRklq
uD7I6FGhmJ4+aVppEFZLZ6kbiXPcxwgBPazLLaH4N12j7UhVZevs34efyiMOun3vlDKDZp2LdlRp
yOhdswd9K+MP2Z2Gn27RSwoasVJIj0pdlzOsE2PsXR2mAyZVvVz42DSrPUioGX3RPvLRNddoe9Ja
N4LaXlagIROxFddG6CnlBvMdddtLLhXpWadLJPqkENkbSRWdJsv2xq7Cz4dVP6+h+Udcl9D2W6ZG
skjyHPO19ooJUnauuBWl0GVIYELcGx8QmzGfqZPrtDMr/BzHakDtQahMYoRW5uN83AvkRmoJPNO9
6C/PpvcVFBPlDBTlfj2s9IS3SRZYdEWNwlirgljnXNmZ7D+nrTlFF1+4qnv4kUJJuvPRLX4+CPeK
Xa7ziY3DXJ15zMaUtMke8ffG8IrnHwznrRTkMcGw+JQ2LRkqYgQ3t4v51WehR9Ub+mIUTtppQ2fK
dRSD5+Xo8VZxfBBn+iStGfwApJyO2lGqJ25UWtx/L21ls1Ssf9kE4T1F2sBiOsOlUmpaxk0ddLj+
IpjYvuLN23OET51SGwNNg481lBJ6yxQDdXV8+NCLCeGjoOoO8HlyavOicgDKVvajteO6/WWHbgPe
cp+CQNESId5QpTTobCEh72LH0kkSCV4P9te+hrkL6RtqPJ7t2bB176fFH8UGP5ZI7izgNRLeRJxB
VjQZUNzglo/HPlXk07LGfJM65nGIKdy6L9ZbkOq+xHDnm9Lryokspokg+farDn3nHlCQeUgodrFp
bZ72rFvlyc1awoo9LQAcO8WXhzgpQ1wRAjQ8GosMAhoeytvqK+yqcerppwVO3xeWaRVGnWIVa3rB
AzSsJR3PqnepCzp8z1WQTNOtomN8k9wN+OxdKk+OfI/Gztuddd8j6CFP8uUB6nLjP55PF9StKZx5
cN7+3muGobj11NzMpO7cprm+MJIF1zAOjg555DnJt32gVCHQad6R261GVh/Vkaw3+Z4/D73pyqaq
aEx6J/p1nyWzWoL10SFm5rHiXD29kkGv7Oau1ZdhmuIxJ43rBC4ae3OPifPvjkMRiB5HuGq64LVk
Sf0J9x1b35uuDTfkDaZHKgQdmLFJVz95BiFAm0ZWin0RNGIL7KVB+k8KVThqXqHarulI93qsqnkJ
dl70ZgO5XKoDNrqJZRoK5G4mBAqVLLRU0Cs2dfSW8IQ+LTxPdNT9dWlN4s4RKWa9UUyn/f1AOzDs
+xmoP76U/NVr7x2J8/98kGL4MUjN8SAw5P3+WvMPQerHl1G/iYv8E3GzNRVu7R75uqn5OA12ViOP
5cpqN4tinhllr41e4dnbR3lCuGHh6awcHoPnfFbvfCLgcOupaE0p+nQuX4LQdMhjedQDGGoInEjc
vtuVDL/smFeUrPXhVl9o6rhEJC/l6fiAGWOkTLJ4i6lc1SlqcuYhquAKhk0aq3KG+qFHU3zaPEM5
Bu7XiZKmXWNvOAPxpJ4bhg67kaYEp2ihk566rI8MyV3uK83ss3NzoTsRg9Ogu22UQ/PO4y8gb3OG
aLQRJBdLLvcw2ObYhHT7a3WpqI8JFUUJv36NL+e3Jp2d7H5OkmUcIWS/cCUgXjFp2mliMJiPYlVQ
tqFz+vqiNKN78jKvoyzcs6PrpqbCxBhnrKRM+DNxwll/LW02eFR+ikWx2A2b5HmBd06m/hZ4zNlg
QAcVqT/M9+7npmkuvV6TOPECV3yKK6vRoEEyTpzbshpNdBdrryZnV2ffVuA1npT1jlnEuZoo+Dml
0PDc60uNWbaVsTnAY0evqPAW62g8WXEv2mbkRsXDJbH07LsFHl6+1DhX9IIjAtkn/UgO5SFX1sqv
xC30QgdqjCX4rIl5lNwaNRFffVQuCVqoSlv+KbtkaexNpQPr7X6O/hNpEsfLEADvTRVUihkrX9a7
w2EfJY1zHmTQ3r5kei2EaSPZ+l6Umiog+957xhG+miznHLwomTbDx3Vs3dmiI8dPDKyHNcDjLmTo
IJ8O4Z16gTtADl0rEPOtJ0A+lLA9cVO71HYkRvRzhzHKT0rK/9hFKuU4xqxr9QQULlEFTKRr7RYn
wmNO9AnesgDg3WsrHHtRTkCgqHvEuOPjMay1IxxtElOy0+6TOOPGj17YFQfGDNbAUMf0AC1AwSyh
nHJHNtcbNVPu93HCl5mwrqh1Tl3Q8guiSYpzeBg5fjnFZhS+yeRQpIrsDD3pce6Qsaoy3Ztn78VO
510yyc3E67smz8ygkZ1tJEpCSibvQpzIi93XEcoZZ4gQH4zFLx2hc3VmkmKgdK18ddQmPh+/OwP3
oiJR6DPQTDWb/DkhOcTJOGsqZrMmF+sTzidwRRhqqQDCpCHGURSLlkTLYZLdDDelh3I+KWVQhfev
IuhKngiqGpNHvrc6VBIpgBfF9Cw6UXmCDiVcedn73vDhVvOFkwSgBuUW8aASqEVDX2uVg03xLGr8
ooWqGJVxWOBQRY4Bq8BgD4HgS8jSLVlJZ6k2luFAj8x+6SdzvnfEsNQrSH0dH9n3lTx8FE6hPRHX
UiVogbvxPiJJNL1b9lrT/TIXZ+hmHclpXeyqc3knUO+hR4QWWpVFnj04KgZqM2CjVXUaqXlhItdA
uvUEP8nM2OxRtJGyMOvIi4CreELT9C3d/uUm5UHJjSyQj4hyrWE97mSUoG5czK06Wer0V65Rj+gj
P3KU9EwE2yYtnp51GxLvudoK57AxZQyz0J87LD9TAYjnCPVqlDqj/dEuNZ7+XlgraPrk2uYdqmfM
Crkz6qqygIhgGuGJhYGulyJjnfqUSUyj1wET1wEfzw56uVIqhQfbhymGsyveYZPyXA1iW+4VKeNP
iiDycZzNuseksCQV1D7f8kAIJplVHLJS02bMBb8ReDJv+g1VS60lESnNnGdS8gm7l6v+qxMbJqwW
irU8QtlZVRftkXSZF1zJy0+g7Gs/0jck2zKDWR0iB91BgYxdCFJP38YmzZ6T55z4kwa3nba0/FPO
6ugO96XjJdg1d2yePGF3bAiZjXOlPPVsw/ir1kh1ep/htUsiXo5MW3UF5pALD0/LLHYxJxBQ321N
o+w8D3o+m8jCJnWMoH66RgSZ+0BYLbFMO+M8zXKa6oeTd1/JPiO8RaRFajHew7LSq8cjx2M3FvDg
2PKF4c0a6TUaa8/uBDsKzsBa6c2sREJsKYJqaO04Ldfop2b7SN6TdhASYE7jWMxkpzGwikwqwgn7
TEcEs3DwzQZKkeiwSS5/Ldcut6rIIrpLA3Zc3p+O9sc9Du03MHtcRb/WHxydjRdTX/peioHesur5
HYFCxJVTN6hFRPyarGsF7YaxhkCvbeRff5572MXr2YdMUci63Y51/N3EzotWip0drBg6dwHMyPKt
sgNCwX8dDYtZ7n09ku3/9VB6/2/13jYPEkPgv17J/iGW7j6gwZT4j0q+bM0LtgMICq9PuaWbr+kY
lXm0t2uEnQdaGGOMz9DQTJ1rx9FJMoSRZoSHX3iKD1huntS7oTLreSj4ApvEnPTY6Bbi04cpgZDk
mOefaYQLLFa2vRWJbMhO7vQHtjs9CTrTjKWQOmhaLs+mLLbcFy7yiJac+SJV5xbf6AkKL4Z6+uga
KY32pz1XL46JQej42Ap5JQejgS8XbRPEI+rDu7umElc6NwamLIQ22tJ1aewadk7OO1G9nDxxyyOb
xrzIildEWxnyeuvNoH6uDd/CIyDWBXWxqBWZ7hSkmsqnW8TZxoMvLJh5WMdda0ZZO9llSGddrrlu
tS0Uvb789E37HRFv909kWzvKUa70UicijYVlktHxVrV0Z90oPHXckZz9umk7QjvOajGqmm/c6f2C
3nMZSHCDmfwQ20bkjAaCtE+jMb4lYzB9IdtCfiZdhf+yrgGrdX+AuDZVz21YoWYZN9FNkftDtA+K
CQEdnw7p81zHmffhwDOnM29Pj2fp6S7KU4BECujZsW+cVCmoj0gKj7yuY6WWQc1KkpnctTkwM8DF
QFH8jHWDG97r213s/BI3IN3S8jYdNID+nY9LkhrSF3B3Vdd/Jl9NWg1ydXSrUHzFP29lsdYc8CS2
IwTqdm9U+85haZHbr9JjZ5IEiI2g9IMSWlvhFxO9K6tS+HYQlCWpMoVxbBA5U2WQ/uqbuwoTBY72
XBdbkxGhSsXH38iabLfOvFm6nrQicLs+rP3d4QuZD1+FCjDpvNaBc54b3HKePHvyyqTCRWSGY46r
zTOeuROJNJcsT/a+2+y5PNZ3hs/1XUbZMHWA9eco4eMrwnUKse1Ywj5Mp1aOvY2JyP2EziPsnl4c
ftTau7B++sYd1butDeyvHi58YqFqa0tlxSXbBWkk2RAK2Yrv2RRiyQKE3tUomREIF6HOoLulU0BO
IMMDQ50CRz69p0nsi7PzMmc46Ch1Ubi2ZVm2KRfqSLZeKjsrmUP+zU0VxYgVq+Rr9tefB68YB+eS
eA1lqiS85gpi8DN1vC9rlpt9B5fQ6uK2e6X66PUFaBkIqSi+FH5CZ4GxkFIP9RrBoFgN8PPpt+2m
+UQT6+ZFRhQDfnYi09+ReyDJXHz1BV6LUItsfUEn0eh0EJ1FywVtQl+uClaNAHuHN958H4Qvnbot
n0nXBudNOLte6Nq/Ph3+qUG2zlg26oEeaAAvW0+iqJBYXxj/vJj0RznGqEkUG2jQPFDKsaCHSOOt
l41t+mrgcE5rbv90ZAqUTs2jWC9Ot+hWyVqu2r2TdGq6tOolAtyiGmTFxbKmmby11XpL7E9l0kPe
prqrPotqu4xXiK/WhfQ4wkc4FlNVqes6VG1glhDpf709cZrOjT2iWFnicvGl5hDNe59XAJS0RNFX
NqyLyjdcJbVlxtljVfgTJArchvucBGPjFNQoVBce33JZo3Z2J0nbbn33bDin4Cml6Alj5cf15VN+
95fPUw6KvlSnvVFBLkhdTUzoFRLog8gPUlqqiVo1qvq0NFEy9XIwrxrf+vgpnNTOETCzTrKXRnnx
ykunEHYDlsNNx1PsuMMC1pmOyPOCW+a5zm0+8OnMFZA9ddbXOfNBZd6tS3zbYh9mpcvTYu62iA6l
HDrhFdn2wop1TMJsJHwyz0M8ldS/6NilFv+Aq9Vne8+VjKZ0VAxpj4hOs3KLD/KRaRUuXPtQYcuy
/WG7tuu8wWR8uiU4IHRKpzburdX/j73/juf6+//H8SIpRUiZoSKbxx5C2ZnJHtl775FoGRUZmcnK
JgnZO2SXjGwqSUi2EI3v3Wq4I+/n6/V+vj+/y+Xnn8fDeZz7uZ3bObdzu11vt3M7524nebZipCD0
+22OsBd50vnHxqDakIpXi7tNnaeyZTGlLx58zSM7SmqBe9TwdbfSi4N5CVfHpq1RlwUnaBVUbI7a
q09nTDVOfG/D/vDmz9B+7qqmqRjEcVr3y6wV+/vneLeN0Ak2ahNp2k9Zs00bshotCcvx3K8Fc7Jj
tHse8fded+rzrpFjelPr2aV88NrLmIrm2a5OWNLLT3uwyohLOYWX/EguhT2/UOhYpmFb7fK4bLdf
UKf9CV095dgDor0yCoy2VRFvznEcGMRPPdpetmg3UJ3AT4/71aND7wqDqURz3kwYpUHlEZzZb0Mn
n+h0HD/bUpiTU477iXmyisXI+Rr0+Ste07nol2PI7r3d03d9meHatvNKr7A5A6jZuI+TJu7D197Y
EV2Dcks4fdpX5EGjve9jp9qubh1ozz1ifaEzAxe+CMrbP8V6NYlT4BS/1WZ/1MxK7ZQF93rTn2/M
d8ak8ybBGd59B7lPFUMyjYzPoAv8Dmvz+35138Nx9emPq7hH8t/QbmLTfvrDKCT8ZykUfMM7FLqj
K97/z8347x6x1SEObjDLPy9a/N2M/36/4jrHq5dc/w/e2vjixR2p0conj3RPi8GjTsl1yCYVCLyX
FZLCObhLVX/5VcNqk5U28dKG3d2+g/5PK8d78iynwhLr7iRO911NbHu/aC18+UzYXZeib3rYEomj
o6dV2Ytehn9+cSKs9aMDB50v0xchh8bhKdcf+CjXqOcn2D/TGQufMdtdUu2mh1XnMgo/X3jSMLvi
pUkU+3h7dtqpN83hYxOBjj11XIEWln6nvynlN9g/Ue0T7r18uJOSSMkysh7XXvOQ33y4n9Khxu6I
1wriobMhoy25R8K19zd7jj5t8z32IinLwz1PmdHRuyoil46Yq3m+2hMnPTqfkRNr0e45ecclMPET
7+6rWV+sSr5lHB8boFaMmlp4UaWHOm9h2Pr5WkiJ0KRw2J0bjMKMZ61wfpBMfiU1jSrIzmFfvN/U
Tkqdw0apdcOqH2seQTSGp+L2omzKt5jIpcvjlXO8YDDM5NC5yohLWIYshktGWUn1hbvZyOr9+/A8
3BmozF1k9G+XjQTKXPk22fqNSbwLL3JUHk86w7pU8sPMF53aYVHzjISSO7uQRQJttIZOGfJt7Xj6
N4qP7XsogddIfHCMKhTqi05iFybY3XHtKMRqtuweCd7nZzgxLQ/4K2JkytUyPpw1oSTo+eR9XDAC
V9EddgVPgrahnoR1WJ6g3brzcK+gUaDYePulh5Gu7ZSGzA0lMa/uvw0SrbqvbN598WrxjwUi15mC
Zl/h/axnCUaIJXkcHyzda6+N1K3Eb7meUTdVyhJc2dX0OYv126D/eTVd/IW9ZxtYn+C+6Bflx7t8
ePfxx3d7Oy7OMVPzELM8aDST7YjFgz18IHDrA8ZlXKAxRxC79HQqWxQr/SBJ+h2Sfh99ymP7oCzS
bp1oIT5ik5iLikSzzrXx792vjGFcnH5YncIJytzNWUGc+D76wktnLqayZycjd7mnmbpgTr6KJpQj
qlLuwJNNuXNTw1vvjocoVQFZO9KYuO+99YGG3UmqHgQ8iP6m2LTZEoOOz23QbCx+XXNg9lVjkWTG
mnBiNUV9yqruzhI5+2aB2su7jmVnQ2NfxIQQkLK7vLzi16qQauGQIM2v33W52Z+/5XI//xflqzJe
waVvzV4tpZ5zvHOr8PWXlutXqgIMgxRVD+V/E5us4Sev4ZdI8w2woYl4cXxayZvgSOSkVp9c9Jva
/aI3mg39FSXl7/NayCToBu/nSElTpqr3Cvh+LXJcoTvqxYc77HuvXuXwYUpOT33JDDwYCIsUnJGi
FGrPGPwY4Xq9c7gh7oHzlATfaSMGjwh+nJbbx14vUdQ7x+73/Y7bYSzf9bkipokx+umhdqFvLAnJ
6dT8uP6S+49rRZT9MH/MZaWUH8kx8DXyh6WtazB7YsMg26Q77WlB/9vDuqN2pK8PivhUplvoD7zw
ely9aKDuGsdJQ36Hz/WDZeqiTzebE36Ef3+FzImDFSxZhti34VRxduPMDyUAHZgFF5dPwhNi6L6T
lPrA8Z31fM1cneyXbuM3fhbDPDW3h9kUxPV0hR05jp89QDfyQjUbZzamL+MQIYXOEE2RsvlU/pg7
WvWhe/KLRlRL6F2vPmL/mvcQzPl9j82HT5TzD/JHTkRIG/PHLT3LTWhbInHSQjuzER+3z6SWuVAn
REpdG5caPddYZRXsrTNPbrO7Xp76PJXmkV1ZsPGhOsIxOxWCk9Yle5qTZh6pG71LDgrnl6A/Eul5
+7qE10Sh1FnNWPdvbwUexHEQiR6TsgiytNp7kTeW3MnIy28Guz/6mf5lf8mlB4QEwSEPi5DtZv3K
T0QoPo6frNHaPa5O3j55zaDP6sCzcAQmUjzmcmKj/LClPa3wdecBIrUGDqnE7DTroVvvvCxLvgee
Hz1MzUCFjA2xVsr9NpbwynrPQwuzMndapqcS2YauXQM37n+Vy4/z1C2NyzSeYRAO/N6jFparxfn6
Ofa0TRHvlR94ZQ9OtoAtwM8bbqEIxC+jBwOHRaGwHcVF/6+NntbvvqsVPQfYWYf+vOP0d6MHB8e9
ofAdBb7TFMttVowe21xI4uGsELIuRUvjQDFeKSaLT9KNxPlBMod34V6bG55YOrqHpU7a2eikIbso
Dp3Dm1LXIs3h4vutBV+DHM0Nz7gWxptHvBC7UuGQy132MGSUTfWx53zHaEeDCX8ouemlAzymBtPv
I/hKuK6+jeHKuuSZMJ3I8c0GfxjJl6w4NMrYh8zqr8eqv3szGKuqkTbS2HjlQajj1Zev+158jyB8
ebR35od7kapSaKgS5Xw3I5Fva1fPg/tClaMfWj+P0Rmiy5c8X6voqzo3qI/Oh/Q5uQ+HFD1zqLx+
dGgmATB6Ct5VOHmuZ4uFLM9dNi05aaojOy+p2CZZ3a9LLvWiPJ8jebEl/OkNmjoh8dPByQf4HB7J
uXzRQWnKk8/MfN7XvXD283GKI9eMrL9fN+3+tFtpfpHSYvqpfvdbBDFeNZWhmSXbYjGcY0DtYhr3
W+YSwQi8W9ZtuHmlDY7GdIwiF7tFNK08de/efz2iVyyXJnZZ9nEjuQNfP3+cqrOM+UvSmw95jQ6Q
oJeIa6x0YOan41/exJxtG2h8e+hL9gejXF9SNolj+JNa1jwUOfo4NRiYjvWJV2Pu1wgHePa9TbOW
HsYKuMz2X3m/uy5M2SqoPTmjO/srwe1nRqixqLM3BS9+1ZpGCxa82sOogomuhSXhuDFVfMdQEdQL
yTfkDzD7w5zu5It76D0dvnuu+po7t5Wk9dBSbuLlIboD/Ex10v2vaDG6mCMyUftmpR+jLyzRnMBQ
26WrHbkeENAyb+1ejV8rRfgkKOtjAequ4HR3nuwQoeDXt0zM5HcD3ptHWCwt7l9inPB6jH+u3PhC
ot4jcZcK6vcXklOXrK5h92VrxXjF1S/dI96fY/QUd4BJr01j/kt/zBMpvmaKfQVCyg9OcSqo3+wn
1bazif8xZJc6GMvqmZ384U3Dx8ftbc5XrO3vaDSnTzIQqd6f5pqle8wdrkk41HjK9RV2yM83oaVi
n2TTdcyRmHr+2bw8OqOkE1W0rhU58h66hqRDM++OOCm+jb4V76c7wjfz4cP8qNlRutMO6AlLmBZu
GV43v+C36gdadfPWxbGv9Cpx2vZ8MPN2fV/Hz1hIZC+gfz3hyY/3nm1yi3jPHCMPpTi+U/Pr2lOt
ZSInUVXWjBl4WwuVwG+OdZaixlzLZtbZD01K7KWtML3hxTLL/bnrRrQV6RKNux4ut+Mtpag3zAxB
HPowmustrrWD13JYk/Af6io8uYRO6ayZVogiIUCkfGoqcBQbutIvqeqE7Bx3oHZKPeVgu7886Zhs
vZTmUq6CzuuOlgKc5JvOdCqxblQ2vCe80PaIQvldd6iN/M+6H/MhqoLSfJik1wppS864IIp1I6nt
hSvXvrtG/fbcg8iud2OnHQZs7K/bpIuf5ix1PE1bqWQkgNd81vVHt1ds/tEx/GgTKuWMS1oye1lu
mUFZZSdbv84+fs749U3dwt0THW1KzlM+JxtHX+yxfyjfQuBsTf/1EpuAXkFwDdTx6V0cKbnKS09g
ziQoMk7rAp3dMNO+2WsLo0rc5jr4bDgG+IdMHku1UvTlibnLhOx2fp/ral8bH+3k+tpCVKZrzpFV
q0Wxs7OlFE7V3hndW0TOSi1JQMnH1FAdGqV7NOtFn06CT7DEQLV+8Ch1cMFBwQFtEW1d8TOtlhSv
MfqZFL4zkbEmBbFqmdcGKJY6dRfGo4XoMw2uVnPTP7fJwDtXHGNXZIZ7k8PsI6oAebQoVSWcJ5jO
MWJJ7H7qG78Dr5t0CyzSyIeqeU8kl+PqqfAfD4p46/9Nqf9WapexceuN6ROLc9c19XSpb+MdzjjA
pjZqsW/XO8HjCh+y9r/+wF71QMjsZoyvQw3s4aKZldXTt6UnaIqvMLjfekE9h2cVPD9ebXazT7tF
TCVx+sYV1vahCkqNMG9ddmGVr51qareYbkZ3eLw3zflhYJanNTJs7J0g4NBFet74AQuDyhzkaN6A
0HdFq91tn+7kXyY6zCTF/EIFFXoyrvfd/BkUh7wj2ErAf9st/Lk7CkVs4hshduQbuUpLHaiAHCwZ
UiqOu/HqyuNRBeLzN3xfP6ukULuZUfnhB75cT9w98mna45fqCFjI9EQGtWN0h+6+jvfPZLR5cuRU
NuRxBmH7PsI37pI95w67HmtSf/g2IVi+OdgTL6m2/Tp1RZ0WMRMr0xGepAMVS0etY459r8p540nZ
Tfsg4ckZUdo8Ph+jqKWFWNv401eD86/ssoJy8IB5RvwCA5hfhZs4wIidveMMcAdPoIlLXqYPqz1h
uVxxE2pl166WkuaVSkMdnWtDHLBX7+Wd6oC9FWUvTY33VnK+19W1umTmH6XhWHYlTYnqvSDVZNHl
etalL9ribNGEt99YBEvtzXLhiW52CohSmkm15osd+RxBJ20oXH365uyk6Tw+qsSgcp9En6DibANO
k62L//m9M1AOL/Zj2HiWK4lxLjzhrbH1V+IPeQ99aj2xxCtx+XRvuWO/9Icvdtze+dGjD9TTKgfT
Dgs/mC28uvDVyfHSxCOOYTlGSbG8Qpaxxy32Ze7DF9D8ShJjRggK37DXRgF+Iicj5qgXqjvOCzkW
96Wbq7Gqmkyr5kq32oiKk8dyVOJ55FQzWUqYSOS0e934NimIohnsqCz/uuswlwrVF4EbIeb7cqsF
pg0UAu3jTUccpLQkH2bP6yTYPojQcxBMw18qSqrBo2MLSTBIruBO+cImMHssqpylJ+cxvyTsYU9k
3CnfxtJrZPHGB4ekXnkFCaNMWT+LhBpe4sj4MT7i+bAd3ySijyLhpFF8EVJbqpSD4OTJRyn8+aR3
3325g+yegnlCfW9McpWyCRd4P1+0dZf1zBQSW3yZSGYvtPcTdbv1CcydEs4f0a/Tm+WVlAKTJZh/
lJCdCR+a6f/8aR9fUjihO0tIIkK7hkmdyNC4a7CUmXVvJJUWB4/QCXMPsjb3pruX3RiOCIjsCyFU
CGFLNMdljHl+YZ9iTNnCtfSPT3Iey2MLmefcfG9SvLzv9l3F1f/ELlYY3hlHBmH1nrOZOsmfZcOd
29oSQh/7Xwx6XLu/Ze7qPqYOg7hvxl2uX2xuaiDor1xKRe+FXI0IbDksPxyIOVT4YXj4cd1AgUfW
EdncgdrJsbsB8twPvdPticSE7aQPBKPCVUPSBB7UnhRPmD9N33Uy/qGuH953xk5PmZREj5xIn/lT
gwOaniw5B06EIJCAy6oc8gyPhcOr7aal3F7f/ISvjr5vC078kPe+fMCt51sNwR5CgRH2W3JTAWPd
tfYT2osY3TpkYe8BeQmvUwIx0jSEkoeMDU3PlmUJJwX7tHrwHaGjuPb8+yPcm0O37iY7Irym3lOJ
jfq8+1ji846YL8kvl/Ptncy+gmYsIzqz96oldUXwXpXDu+We7L9AXVI3p3DjPaV1w8z5KckMQhi+
x36CxJaki24loa4J0T3ZHtD9IZfb2g96TjPi1w/Qi32fye1deOwg4Y2dbqtGEXjjkiX4yY6XhRo/
lVcNy/VSbypfyDV+JMEd63ONgW3KTB2/tign0CzoTuET6oxbefuOu3VptUSY3fAzzLPX/cKMa5qp
HSWqsJhrvyDeL/fjSXfwFHH+wbpoCi6Ot7PYLJLrxy5ejzW5602TZL8bXYF3skc2H7OPtZR85BXy
plDMF7e3YeQw2bGmkyWGDZ1ak2TlrV01d01PJvtUHvthIyFuxnPVI4VS9bTMnOseS0WGOc8MNB2t
2k1O+xbNxQcBZP5db5+2C1AZJ5f3l4XqMDpMHe3kjM65IxmhcTzs0ePH3NJluXuP4CxlzZcJXqjY
7+E1k4s2Vre8k5VJxJP9hcggsuXju9pc7sOK0Np9x1uCd9HWVtLEN5UmzhHeexeB+0O1f16zL+kO
OG8T+vMiYygU80sHIjfZ2ULuaGfr/9wf+iMIKMDBC2b55zW7v/tDyE12L1E72r0sUZSy7BEhLplR
ev5CjAS6eOtkahK3DwnFrQMdiudFiARtmM0lx1uKJFJ5csuK4Q3BUnUBB+LPsggGhRZNvCj+8g73
Tuv+O4OHJy5FFpeFVdYzHvb3U2dMGsiyy8W4dRlf/ZGxAJFIgvzI9w9PiJd8/36PRekzOpfh42F7
lG/lFXuel/DUmBRw5tZ4rqVyindwz4ev6OjErCw89tH3hMXqV85zhtRNiF1FvfO9um/e7m7jkOHu
ednLT+5/Hc6qahG8qv7m4msNn8dpUMaLr5JZFySl9AvvzzoceMqBjPp4h12yJjDsHppXKqmVJctV
/3Ll58NPC/aS+lazisro4t9P3mVJX0lgL/22I96sTJVqaY4hTLLVL3BK51qlkoVdCoGnrDLLm92P
ZYyHBowr0Qd8p9vrBQNdk3pTRW1YLpp4ulQbNzkH5x1RfRDwpfhArvypMvwOLcLkA6is7gcJQedp
7VmH350jFyhGmSs8LUFRdz5ioajUlAm0zSfgfFIV4otlgoinny04dqYKdn3kB9cRtningThW1StG
Zi6lA5ranRBCKtMbOSmdhbga7B3PyrUeRrhNaFWJ8986z8AupRDmo6w3EqMQwjA9PnTOztFxiqy5
+VJUVuAbBzPMGS28VxyibCefPiLgeT6eloKj2fAqkSeRaKTXwUdJRNaYA3v4uTaHFvUeOo4h+eGU
QzfHx8dRe8xmw0l4bcmaLGuc5uNoeBY6KCzdCuJq/fBQi0/cZp21rvalkn5oq8YVSER0E9F2Z0SN
L1Rrj2iYPKW2XfT4/qwwhfmF1LGPz/TOS/QiBXhtJXXdOwntoJcEcmnYowY7eobEX9Ra3kJEHOi5
7ZZ6plEQz2te0KJ18Xl2IeZo6rC3Kw9zA9uzmluet3Saoe/6L10QGvm+cDVnkFGxaTCwTroXqqZc
HOeuBJVi++QZ+YQwzKcpm1JUS9lkPqKxxtSGi+Q7U7sSpSMDsvDjg8zqGRor/s5vuyuyOEIeu904
5OHVp/v5aI6p07k9Y8G7ch7XiFiZ13EIiX37pGt5OZxVO8v8JdaEJTgp7Y7HlaeTeosiCsGf3icq
X5vled6hM2abNG8q0QuZoTlm+sHTvHb/u5MK1wqQj69mR05lZjQdepDbZyrh1dtI/ZK3cJTwxIj9
/aW9ObJ9/cO2PrO3KWNQycV3DtI+lGGOSuDTLDuML5DUI6FfFjisQ2Ep1CfM3qjXEV6//1COapor
121i988VwELN2GcYiTZjeZIvlcemMDtxVoVGTKqR0qLy0UkBjge9h6kkHl0PPF5APhxKmWVy9+TH
2zcOVn6hx5JUK7Y7i+0dabhrFp4su+sbW1N4pwq7xDGNg4j0Du2L5ZpOL3Pv1ly4TvvjA5op7GlL
XwF/w26qhTM8RrQDtV76NfWWd0pCleJLBSB3tPNdr9pfsidxL/lu88337jvvIa+yH7s16/VkwKoI
9TOtAIL6pX1R4MNWUNSOjlv9X2vft39Eo+Q4+DZhGbWJ9v399uh1jlff17gDzL2ifUeVnqcRamUt
ZnCkJBXeIqEQ29VB0iTYVOlF4xXuX/R8vMXX2fTKpTefAgIYGziaRFCSYb2RrvCJEsorMdaomMyv
sx3FlN/sziT50Emdu9JrYIfV0MsavGEQOuKcWXxPX+6+JsfgOyd5X70h9/E3s5oZIw1GpJWyV+uo
F+09miR6azlrGijT6i9w2wjYfm1M6jLLjFeAL97VSOPzsVCMeyNibEnn+DX6nQZn1hcXkoHX9582
WmGujslTMruOj1ueKT5TZtseYtfKrN5qamFaZN55UOIWnxV1vkpW3IgT7LBTa4MZd+S7bMenEmSs
ib33Zck7ExXSKkOyk57YOr2bTDaONM8eutHek999FO9IhGl6WoyW5jfIfcms1DqnggMjQVM+RK8y
5k0q3xd9ZmrEbevOYBpMSQsWEdcU9OwTvTauwIORr98HOaQlHU5Ie5Ven8D5Db5rUq7yB+xEhBZR
SPtXGu+3Q/RLChxIef4zGWfiRB88NFMij59+Wc3XfpE+MV6Jlb5q5Ho7Sv4Ws7a8N2tyMemC7wh/
W6RqB83uqpwlJzObHmyb6CgPgWK1TMCoNPWP87ZK5EpddlEI9AvOstCPRxvMsAWqNO4vzz3Lu40M
MUs/HY+X8D7/+FDU+aPGrV98a06EfJoX70jZi3fZJza4nVdOFQ/6KEzqIn4fGfdZhYeJFdeZmPBp
SFgv7D1NLNo1gXjKGLX3/FXr3LrhRuunL9DtRxce08mXfnMQ8U+Y401NsHmlfDb1s+HjvNtijBFY
51fIE476tyeCbQj7L+51cTqe1L2YrNuGb/OpiHtfM3Gas+xx2eNntZj0Sh++hdFYCIXnYd7xew3e
w+9Y2MPE9xZf4em1FyEuqVSsOUZf3KdOXHl/OP8xo0XlyGsOyuorTnvOXUDvCWDwMQlwVxv8Fmcv
3D5k69N7mOK2InfbEXUOc/0+vCmcOKvb1TQXjQUPdXtItyUfd8sdK2VPW6AdIiijRh3jfnrhxnT8
2MUDH3Y1Z11/4ypO/cOdL0iadHeTHO9ANX7nhSVWqmMFwrYmuO/58jkPqaefuVJIvDu6Y/IaL/F9
hly3RycnCknyCfDufqRsHMzE7XF7ssDwwNB1btdbx0+HyLPEcpWlF79bfS5ZqmydpCwZ5Oizr0Up
6byGO6e5WgjvNczkyYMOXB05yuZ/2Ww0rWY4wCs9+A5dj8SuVvoO8z4J6thRjsuxKrc+ltSe1/PQ
rzxbcUzfLALOzedn4+Z401OHgBg9+52GsCSJSkJfVYjeOI2VoLbXW/594h3kSQ37e/5pIh8o1cPL
iTPlCE/7ve+y46vlLIIuvuTDcu0NPn6r/VYtU9BVQivppxXOhEMU97vRxuew31tiJuZwWZU+DNHi
8dGd4dP+5DfEeS6a+rD+ZR8Pl6Othx2V8V3wFHI95eKESx/uddG7lyNL3xkRSVB8Rsprn1/D9dmw
vLQWzpxITud4y91TmQviTInHTubeO/qe9lnF5dooJoT3Yf3bLON2Czo3JhSKDF21YFKHGMV+TDPk
WF5ABsF3hcgWCMoUHd17ov2iWtZtjlP2pa5pztBj7R8WkkNJqSJmYdqCPTE1XksdzFcIvgjf+3Hw
FgFbycv40Lhsy9o0Bc548kqhGv54vZtyBwkLnvkScLyFSWqHyWo924fE1BIIhKnVDzZ5mR8PRA6x
1r1LJrIuxpX61Gq98GDY0dIycD9NHmntnjJ4qqD4Haf+zKuEI1NqJy1TSe5zNCwcO/xEhPObHZnb
F8gCn2MPqtNHzvzIm8C5Ehe3squ45T4vz4J18c+L9KFwGPJX6SabIeh/tBlycd38hPR5NVW2/8Av
cvDTOaXn6S8JEyTAK9AaPN5aOnPOUlZZhhRL6d6/a4BKLVfEaAGXS17k/vDotfFir0JEoIlzwvEB
ilRkh6dVAOE7obH4G+kjyk50xHDzSS5OV8qoJgd8juBvWJuyOeM9Z3KnhJPO5S0qPPyMa6XHcWYT
ljfbDNnkEAB0Z6cAchR7ljdDXDuUPqmFU4YHvw8PAsB/uHM35nEaIqxudveJUFIdUq1dMl6Ln3kP
+Mu7iNF1izQKUZFiLs85OJxpxoQ3KX8vnCim/WZlK8J25r7/14K2YT2eBt8PcG5usTc1MwNxZuKG
SbZfbHhYRW1sBdDphXT5s8aI2xmvXAeRJcq7nH3xu+qcrgh52wRJSg8f/NGY2NVsJu3tPMvLq+ZC
o84uUubX0kfk+DXd6vyHrq4u9ncaK8bHZWTZ+Dy25LTUpNM4bSpRmBz8eJgRHdzXZrZ4Uiivd8/j
0E9G3FE0+0tGxFCR0tpj6EnGlkS7evyODzH2kt1yL3xTjyEb94b3eAWxJCtqRzbr7zY65hDEpmv2
gPHMkgUizCApcKq4xvZiNpaczGyPF9oaopSG73ytxCcN9SlFu0eeptnnYZfhU+en5hn4ijrnKZ80
+EXgl2jj6NM32PN/zm5PRRrlJbY4Vpx5pODkFWU4OI00t8friDjMjGc03f3oadJbWepjHMl7oTIY
Nhmdijxuq90y/DfcCIilRqlG+/0gd/H5veF2uGUk9heRT5/b73Z6dtwsjDAKpv7D+Uup2+KIi6WE
1vvP4Z4vPqeaOtdICNwgf/z5eq7klQ5Eu4eTiICXowR1+7EA+3d1jSeHcEcvIk1UqgJLfUJPHrm4
mOSffoQ1Ju1GCMORyTonc0Kaok47Iif1hqJG1XI+R2fKyhn6D2wcXxyozBJYnWX6wm2+prT5JlhY
32kQhx300olv0r8Ng8XYWr0U+rqfNHjIr+TpUOXNGZ68tP03SySu8hmE8B3o1A4sUj+8S9Kx+HCU
eWxPCb3vsQ8JeTfGauP9Hto1npk2ZOyvtVG76vESedrS52Ep3nFuclJN6NfqtKDmqyy7l6o/zNOr
jY4z3E4u9yajKkR84Zd82EeVvXd6Xrgp/ij+4FdLLxcXRJ3BjJh8o7HD3FXjabOoF0xJWZcnKSPJ
kbM4OA9jDS4KythVsc3pzFnBJByJbhaTQUUsJT+J7hdJ44s1ZZvT8Cq8wU1ZmzTu/OiFbTFLDwEh
6tblQpa9tO8nIu0V+CeaVC6gd92oRRGk3eQ5IaVKJWkpP2js/f3oASMd5huwAuKPsH2UWWpiUdfo
Jxob9GsvPhCpwfafJurm16iQ6/6G+mj1pN3YfV8yc0SSpgNhUaUSfnI0sVqJ+QM1HY50u9kmXk7p
yc4HZgdtr++i7GHzWzyBa5U1AqfX2WffGKM3XaQVav89MlzdzltRWvvJ0WlF6kGH2bmP0yW9SwOf
zbmhD/hFzb3f3rDW6+EndDntrCJpbrpgi3sE1873kcAbDB4F1O3EfKyn6DnBM+eFHi+dreq0v3Dj
o64vp3mRKj5rYAXuxVDuiaTzEVRve/jrYkifmeurlUXLuM6WPY/R42rHeWcI3eXo1ui8MPrKy5ud
oELm/KnaUitiLpZ72tLxD1mPZRvsUql3AezbO2O52EwLZaUkyS75gRu9SnGS+jTw5C+uWGe1LGSE
VkjwnLJwYxXG5SnkNrlE8E0yAb3nIoHT+bJp11txXx3B97tUa5eAck7Aka5IEcdLrHO54gJ55pJG
MCUd8/qBGVEwgUeRruOZMQG1048kivmPj+HmjF2cMXokUCAgQMMRQy5YRmgv06mxOEDau2c06pBy
xXuNalV/H+PAeEeXm4/EdN2ZuqcMnbolHF5zUxbtuxAUGo+6fAk7rFoa4qN7uztg8HhjMT5hFyOu
dQBJZpu2uZp8skO+YSh/DNtd68nUnNC7PjqZ9klUKU2XSwo6yilLjARNyDhURHLcEZzEdOx0qlRD
9JzuRKffyL0W/9Sey9qCFOZKt0jJsHrzTP1w1UfzXiuGjyRCsSSm1Acmui3oTocbOdK/9aCIgXNO
vMh45pjyXP2+7TTb/ZE2nVslIR5Rrre4X2Z+iEkPcCEsCPp2mo8/x8j3HZt6cHvkt4iL/T/KdicM
7n8ENga/nZBC/sxjh2I3cUawO3JGtnS/1u1fFmD/SGGC5wxW7N97L8EY16G7b+Iz9F681yM+tZei
o0nE1N3zzDO8j+cOux5pilSqEIWnVCtREPjeTjh5yD2wmV7qFfsRnlDviqVr8kZuV61HRifdc08b
pXxK91nKeXmyhyd3RDhJCP2d1fbHLhskhyiY559X2P++54HdxOPE7sjjTFNssAH8r+IZtg+J+fU3
vkAYM21u66ZcFK/KPQEddGO7yQihR+M4xLj665Ty8RbtSgvlui12hJ+k8/VIWFRUSZw1NCazeMm0
y/f1xeiWbr9TDJZ5tC9qDKvMrEWyLpWWqhdHHpHj5lWprZpKpq2r369+dbhMq7nPKEArpSyI41vh
nlmcM2QzUzoiDc5BeRFNLN+lk6o+mfE3OMweLlH9zluo7PudYjCHd3zhTH8jedXIiEpFCeJ6ZL+V
y7j8Meayx4+5LPloNbGmpoVGwRbDEUXV42qoypNC6F48C6Vl+/ecoXik+J50UueY4zMJee7HGWdT
q+WOhPOmUKDaR67mx7ZFVXgaJzznGHlbkHKg8NHMj956jeff25qNYBzSpwaqdqmYymnHzJGxp93L
ZknretLcOZRDP54i7xlrKCs/UmjAdFzpKMNBFXyh69bF7bTF+h4Oeo6JTyOZ+gc+fx6NjuqbKqJ4
lDn2PX1o92CH/gPUIj2JffvlEpN7JqPD6nES0ta870szpTxKzPtEAzXFo755TBzptL3QrcjsYN1m
VLY7bDYtXg1C9p5wl7xKt1HFyaDIahT0rUZT+0Hj8S+pD9v2PoskaHf1m/qSFD4w377HMHxi2lXU
yeQs8qG+2PET4mKdyRyG9Wx9wxnktPp7g6LpPJZkTnQv3fq0r+hiCO0bNxm5z1V9yt7dOJlP/K4V
H+G7+X3hqitaVM6vpvUVXRZdu2NSlRlP9BkcruESc7VXxnV8j/IDSnzPvy/IS7JzSZYOvqWBfW1C
zWvtQ+PxCueIZUHmMf4ZwZNxrvHavKHNYnM5KZECL3QpY3W7+sXE5EqoRGZEB8yzhAm5DY/3t7cS
yHaby5+1Ts4hIuxw6FQLm/UmK/AZTEwXiuulOgGBhuE8Gth1eE+swmVjf1VjfK6zB1iVtLkGWSa6
4z6haIT6YpXcH1HZNFOYtxNfwIu5zR3hM0rYpRDtt/S0WnC89MEgvTcrZQjDKf0bS9k8jSJEzzNF
5RZef64XuXSedY/Ca6LjU/QVCq8WhMplZR3a+xbJIPVvYRQtsayl3qx6BzKsIZGchdLPUu/Qx5OZ
5XRYMX0qQ+UHcWcSCz07KtVA2qv+yrfq0rfrVAyBhflMMqKhsqemzu36dv+jx9EfZvE4+hmu+ZNh
RKU4zNGuObYmfQ93pV449jGp/oWMsea7K0u9pIo0Ds89LV67FH91ujvsOt550TUfh4RjtOoSa+TB
/fc/H7vVfjnFqPNYvf2kyatqb+U7qkztNzGdZZ5ii7jXHiWGlNS48RKQ+nZORfSSpgY9qxf55kMW
0euGSdC7LFOtbuHSqHeo9ePnU2Ffjt8d5qzbTcsWPBRxqDSUUkf8aDY7uhZ7W/5Qwo2JS4RZQ6xL
EJx0WZ6UPVyv8Jfs6o9/I+lzz+7ijBfSto5+E2Ud23LeTfLF/OG2mRmq42NiNDmVF43bOJjPOt1U
YaxEsKjdfeMmH14Vc796vPiVzpuZci37Oiea0Ef91G8n5jD48q5XhaNJWVPEOHpq9eYqlammTS9Y
kBwju9BEvifE5kTmfg9+XtzW69r6JLmZMcPaIS2ncuy/yjoTGZePEfllBp7o7E26yUs7eqpLffyG
JdKpJfIm854cM51gR78rTfTPIMST2n7vaV37g78WkmnTJdw3h35KlfxRI5U2cnCorY7nfJrOdNyH
9q5YZUnpRtpycrvHeSp1AqXzlxCJAuiDV57OQ16/mj2hcI+d7abK8ZMWNiHQaF+MvB2Fxztu7OeW
0yglBrVbTnfNYXavZe+ger4emDGHXLl2bvSA/48wX6L+YwkLvp67/HZFDb45pASN0SY+d6hu9+E7
EiH0hFTRPhHaWsO3blZB9L3JndU6jcNaPlci9kcKXowNJF8gHOob8iHUFX7LF5185PYri05z66Ag
CjcOczdBEbs6VaVzaRQ8jZ76KH/LIWgl9iWfA6z/eo6b9V05g8iDj03l/VFTNh88PyXMldpxf5Hz
KzdIjUQaK/J/XSgUUTTJyeEMl5uDN+E8iH1jwXfV2dbVOuu5T4vbQsn+j9/5NR9NfeEqusm6SVI1
9mdEDwn7mVIHg4B9KhjkH5ysHqnMVeLn2V84e4o2RD/vxGzG5x/lj9ejmM/9bxwnf8Sj1+1INCJ1
B4/xbrDG8NsYc93Dd44SjBMfZT0pNWt/1lFDWP3+7XAN41pMtckxE0FlSgTgRjJUtmXzY4ZI1t1I
GQN8xq6v9/M1lxA3vmT6cHELF7aly6bR2YhwnNvk/g8E2IquXA8IYnlnp6t/cyPvSz/7qKMi+8Ym
vD3sYoRyZGLrCO6eG6RUpA92y3jRtnJNqFwLYlRptGupDZNJvF7VxTv06V3I3i7/vV9b+fTblkYq
gxRL0QzfrVNf60EaqmcofZhGLkHLKAxP3tdo/NIvnz481XjcdSHh2w2pvBLtgxJjgoqzZtebbItr
T7l9uXdUmGs5e+C7lGiXEypJuG3pOi3X9/GSi7Ov51teo8bfhr+T/tBlx+1tnS4p05jcdLVfiARw
I89c7Cse0TxtesBZZb96ywGFUAclllaO44UX7GXaZLFUhJ66nugog6wpJyHvjqcS2cpszkqUJXZz
hxW/PQ7pHECpsrZE2Qx+rk+OuJEgnnJW2ydPpN8HtSDMe+UVte+Thn6t13hBR7XO4OM8rBqlJj01
ZC9/mvpRNmOaR1KC7AfmXMuP3YXXjGhOdGh0+9icJpJlG1wsn/tSV+4TwK/mRi91q/wOYTZuNgWC
mU4+6niTUYCPSJw1/ii96IvL9pTJVrmxGTn71NraH1h8F9uz9PFDXw8gDEnwCcPFwbYZvx9N9qGd
0cqZQ9+vGplg6PSyyt05Y7oVlZS+kXepBiUkh+BQzuaVcjybb+lZ0AlRv0gT+YXcvEP18X68Iw2y
SznTkqeiO+mkkqwvXdW8y6MYTyryyOnYJUbqpHMI5qT9qgQZNk9pawl6askfcki8CDB3iybrymO3
4+Z+O+VaSVqQ+sM4WBXZ9c2Xk1H7qyL2fN6+B8Fn4o5CLrNe3ecUZ7srJhhWfzuA4Lh9SiVRvhA9
C4bNxGXaE1K05IW1I2d635HLYvv61MdCoeCQhNg0IqdjtR3iHwUkHpo1nic5QG4WHlJrm1TMVNX+
MtbPUpd/TloQpy7+qCWdQ0+UlrmipqMa4qphAW6R/S1VL/c3lAUO7Z17JYS1jj+tJWFmeCI49Jnw
U41Cve2LKeGuaquPuc3S1ocGUOX+hRb+Zt94aTzHuSkls+oY7JUOuk0MxnXxhB/iMhTth4cw30ob
FlHSKoiDcRtjJKgXL+8+xdRnhOsTHxAzDAkUFKs/5tWualoXcRTHwwVHCkYiYRCaYOSNM82nmxiA
58a4l6cI51UADNuapnyHJnTwzoxLk34dytPghFZrCh7L0313HzAUHo1jiZgsR8JaXpzYD4mJqUAR
nU24tmviWSoqt5e5PZZo6ZMVa7eQiNJu2qdTNNeK0zKklawzyRrHujMDp1X2F5zmpTmg4vnI6dYp
Yf3dDvvfub9yukP62Mf9i+ruA0MaSCOSYGH69wTh9PPyikEcjAf8ioxUc9mk5aIZTQo/yiQImw3k
t4hOXRWpQioR+uCec8Xw902feK+aKkV+mx+GdPHs59OWL8erXFK3a5E9Rnma9KrFQpjyLqKhoMlP
Q/dIyt5GvadmgbaS7CEkxXJMjqWxZk7eTfIz+njJtizsSG3A5T4x9q74Cen09mGvo/NHh+CL9pn5
ib0PX/GcaMI9EVkxwcOsY98UbXpdkz/NJ1Um9YEiJxHJoZazMjxw7U9BxsUfLITUbh0SON8Pc957
VivZzGb81HCaRkId3XEF4g+7/QtzWB8G1/SQTZS/MDXtY1KdOKtT3Lsr7uDd769msxv2++MmiqHt
MZW1XhyuJnMpU1kHkm8tiuiwXRhIh0QIW9bI2eoGx36crCUdoSW/11qZbxWSg2NHet9TsCBn0TbL
7Hoq9emUEo+q2bmFVtekDH3jPJrndDnMNO8bL07tSVf88nL+ZcWQaGxS3XHLK0UqNN17BuKbUp04
IEXtjGOf5h2iB8Iyw/h4tGJe0yj6WyjBW1mqnyhcXIpK0jv9yNZ5ZtbPQTUHTyr6tFwkS6dS4GTx
ZzL+oMNv3dgpqNF1N22SJUgIvBUr701kfLs57DVRKYq1yyw97mY1cbDYUFa5coRvRmvvi++we6US
i+4Gs2f5hOVCmp9ds/RtzlLb88P+pHikrTdfv3/ltPlHrY/pkz/Kjjuf0d/ELvwKL6J+RlRhm5yp
gv0/f6ZKauWWkfe61Bp2BHapmgmqZ2yUOMTALG92pgq2yZkq2A7PVCk12AygiItH2U4l6cmxeR66
4BenGZ7P+lqWnVEhJY33LAPD8YbQ3U253/l46Vnu5kYItj9pCGB8YNjU2orL6z+B937m/FLE+zjN
ccNseNy1BdEJkcwz87FVEbH5l6LYT90lbzErfMvEIdpDMnFw+HvHHB6K9w4OvsSYXEDrIFXTgeL+
qu8nYj87vHI/aOT5RmVYeAYvbab5/Kz2t5fDBryLuq8+mVt/++FBzVXcZTZuZXmAzf742IKqd1rC
h8ziMvU+n9BC9jy7wAPBzTmPnkz7N8SqCWQHBAd/ETEh+Eb/bjY2DO0X699edlJzfiFs2FZsuqu+
IvkJRE/iyWWxluunwnSedu8StKZVu3uOVPXG05uqxmHOdFdoPDLJPbURQuq48S2DpwKxx+v2nn/1
lPORuLswRNbTqyXgnByHz10WHSurs3tj0IRfhQ+RHmLz6dMKhsTbaJ2ZHj2uEx4Ss8fwQsornP27
JvYEhKZ0OzTcpaCb+wTlXZQ3IT0rwF5geIX2pkwK4rZi2y5jLq9jFW9aRHBmL8CiqcU8JK0EYg7R
1Z0T+6K9K5ulwdI3IztbSXUwYFwoJhdjIaZ5Rfm7A+Xi96+j4fKabIHXDrrSX4ifZYYFR/kmmepi
OTy6X6t/fVEnj9FKsQ0rFbZjzFY40UC0Z2/UHGOZiTjuw3puRo5J1QHCC/7sLZkcNU7cgW+FA866
P+ycMjhZ98Cq6+5VwVq356Wvjla1Ye2U68hyzhE9EOC2L27MTIOe/MBRUuFhHH+9dTD2rbMA7nNu
/GkZkr3n2Vmesaotht0hZaMnFRGos1HYd+CLt96btln9xukwt4JX1Jkw2VNn4bEznnHSbLfIzmL2
6cUfSUXEXaSobHqEsvV8oi93rKYrxSmoVOH94R/JdzNl489efaF6lXJo4EETgVpKGJsewSmyk86W
8U1Rs0H7ntiIi32UHN7bRjDjo6/dVxYmgrp1Al5w+CKtFbvqPZFz1OXmh07RHrmDd4257/plskhT
Rr2avtC6IdQhb4Ysm6R7F1pxCkjb9ivdN1ZX/5Yj9Iwm+Mkd7eEDR2ldv5z+yjfNpPG+BhFWEVHZ
GTbzLSm1029g/sl3I9j8qUDtfbO8TTX9Zh/4qOgGAwoH3qjWt1lYjogZUGKVzMIrctgWzEebQ54F
fVKrp4xrzci480OAI0yPN5xU8RW59nkHGVX97nOigpT5Qh26Mp8yK1wHzsoWK8Y9f4Swk2ifoyg8
YmGq+oY4VzhA2v7H3ZeQ0Kh3BelpIzlsDBfFQhpGD0NV9rfoqvUHXZMPby9v6q4rlTmU8+mV4ceH
N1y1mxNHJDXwzvK/Izl8PrvR5j7s9ekUkjx35igBAh/xE1zOXCSN5K9P3GvEn6RNy2E+SNeWAr2H
NtV4OJVPcOS8ibKGoHhjpSXTecsntAxq+00Onn9sQjjf/7hax1rEz+14r8YpX62HnSa1Ch2306Dk
kPMf2e3TrlHv8kzty2qaeayXvGjNtsSkxltj/t5ePCelret2UaEa15mWjy8binpyei5fdsx0h1Ud
1Y2VOKt3/p1W51Dmpapo1CunpK5DyWxJBK3mJp/f76k8fZe9sOZjwGk9q45Lpk5DAVzH69/7BBVh
P7qcZpMaOMD1WOqtYMPri2a0ZlVmk/nZD8RVIh3U39YPCr35jGT4nq1EP80wu5tM7TyXXublwG5y
F7POStYOkRIL8xkt1XSGU/7UjY+ZXr4xtDq5x6g13kIDYRwtdsNS2yJkpjhE9fZ4AEH55INn56iy
i10sXD7aD8ew8haWLrjMWGQxHxx6jagQDdyFXlRBeye2Vn0tMaN/5kj9najl0FROCdNZWf3jl2UH
+G1YpeEZX5+O0dFdEvOb4R45kjb0uCNaKTU8tb1/nsBxV+SnQ/RpV+MntMxJ92hI8uefrUs6Znj4
jDN6NOKZtVyIxq10WvX23qZ6jEbsl2dpl+q8daS/1PPSh7zweGNsgCmFxSBVWbjlRv1yO3L3i+K+
4LGSyCWZvMNXESpy+atJE7Xo6a/fyG/GXboOthi/ncHCQn+WwjcxGfAdppr/HxvJV78bSSMOcTDL
cNgmRhK+CSyA7zDTXN22G0PmOqTUm9c3TobfQzHgKiHRXfepRR830iGxFV9b0031ZEHAwcE3EyVP
Is8Ol2afPcUgwj0/GnHS1e0CccWtN32GpdS9PPEZmW7EC+YoNz0E4TszAuuWK75Z1jRC/tKw7xAM
M34x3P1mXh9d9kgP/WxGk+v70045J4bv0O6pY/bWViDq9j8ePxsows/zQiuH+isRl6LmXsfU8jI3
B8ubpxdZehkOtNh9tJ4IFoxrIjQUCSLq7njXfwVLx3mnnbF3zP2Rlqd9gt9p+W+k1xjbiRxNEcQ+
FfdavVu1qGpIHn1PdNn9YcKSozPN4iFO+76C5KpCAfrnqqyMbZ5HOY+LDuix2PY3CZg3yR6MJ6wh
LyOsYL7nHvcI/2LpVWSZ5nUZvN6XluRazZ/0pXv4mrtrXn8VeBnHQJR42KSJ+cA7p16UEeaAFVfQ
sfbY7hjKK1UDGWxvVeGUNXFaNImG1mdsI2m0KFrzF3r6dU8TvCFKeQSXGs8PtJDwMe9VRb+iOQO1
IHpRbdz0kFsg5QX/PZw9n5pUM2MGv+a83fey+7lc5j20Z7W/pYesMl5Gd4ueE1+BUcSrehzWM9Ll
tokLFeWKyrFXfG388KTcM3l87UST7RlnTg5K3v6056SVOJ+lGK4SHp5thVkTr0QZLkx5f/d4/oMs
nSKPm2nP87I/7xO3PXW5np3JotPBzcpVoBCK3at04uBtY1KPcmaxb8/fablwiEtm0R9gaoUv7DKo
2O80cNqIF11hXGRGwchPJmz90kcffeaNhFjlYmNgb9PhFK1L8LLoN/yn9yu+NG4sa/LB+LjVMXgw
SNTuI42eqQzvELvvriQnfo4Wfj/CY0FSEK+ZSNWlShE+cFtz/iI8lp7l9PkfLTPJk9XVnicfXe1E
MqUzUN4lpBjLzIvkM1IrbXvPwzSK5eOdqGqbOxpk5UNyZCRd4EJnVLFPlYTjyUd+Fyf4SlW+2v/I
FOWZqqG178O8tAGwhrae/adOqaCOxEnPJpHpc+9JQ/QSDpDCOFwUG29ysC4kieQ4FU2+LswPr9xN
GGAMl71++ZEd0CDz1NkSzmPY/QKMHZ46cSXsVRNHL7+LyttXX4WyT/NxU6VoeEBjyMWqkq04KX9Z
qXYk5eyHuAOkuTNHhZjcQzPwpE90FEUq2jMaUdzpqprimXgw15Jf/fIaAVQ04Bk5LCqisDn0gx+y
wqr3zS6NM1Xj9Kjkpuww7jS2pYAxT4Is55v4DqVePokvqpIYWWP1jImjT7U6Dni1w4my6O/PNR6+
KKXXz0xAisNXfqjw8tMn8zPCo0OOb+qKOKLx0z4JdN9LJHd4FsBirzCCe6iMGhkmm9e1NHf//I1i
E6/2ePfYw4kULUbMvYekU+TUicsJsgvuupc/Eg0O133B/nQcgj3joTo2L9/qiVEwHbQ/6XXje9aZ
prqk83A7dwPtzyZzT3xm5HexSVpd/34gFisciGeoKc7XPZsgbuZTwF4Uf05USIO7grvrjMPojP6p
2UU3Z5Nh2XfCn82Yr1bgXjFl6PlB2KuIb50tb337e7k+VZ+5b/Inhq6OVlmn9FJWV5kfoU85wqQE
68Mcoxw7HCJ7mplahMuw18uuOz6qfPyFo0Wy9d6rI9ec3RN6nUarNJ+/Z7LiczKcZDCqU2wu6IEo
j1tWuGtQnyh8lCpagdvHQsdV1aLeeO5JEbPolcs8tg7a02l295bIRg5UANyVx2JKTCIvXtt387GP
fPyY34kQN0WnE3lw68yjMf5RRxDmGm386px80DzCb98PcR2pK9xEB/90VODQ327t3UQJ7+y4z/+5
2Zn93exc4pAAs4zYzDdDbmJokf/D+y7MzhtzQ83FQhgHQ7iNqwOdAsQ/ZsPDaOhJ42UCd+Fec+gK
/9awdJT+c79ymDS1+Elxsrmx+Z5vAoZ1/o0LbX2tJlaF92T79wq+C+XYG5ilAot6acRze37myxcM
ZfOsTiOaDf/LNcab2U49rtebQsshT2UdJdgWL+ENY2kZArO+3FP8Qv+QpoVsYoSZ8uWH7Id7z7TM
tEW7oVPL092Ye/qjvjH11vGESRvunhe/bJwzy5SeVstbNTrwzuSS63QzVWBruHhygEZDIcKc0f6q
uxGLKVdqTjaCm9r30POlaAu/l4F170/cQ0ufetMw1cUTdojLAH9yf0kgR0mwqmp/cDODnUh6sITE
ABWbyuc6q6OD0iKBegiq3XBB7lt8RmK3/N6cK9xdG0mGVuVmOsZyLCrRJ2efcpfs0VgmuGqUhqZ6
mXZnP3MBRdTxvAncey0FRxp7Tn1ukqjfze/08M5MJHFCAs59Qevdd6US3gzeb2/vxb5/Gj70EkeW
JHK/SIG7IrVWf58R/iF1TllLs4ZTigKVJs2Fof69i0dflH8+zK8oay5FkE4hQH3+NcGYSfkVRrvB
pRpjFrwe4q8WWofo6S5RpL89QsQiYZ/FqeCsqmbfE6Z2gGfvO1VWdbNjdUZ9ey/m93yhSE8bPWYg
kXGgW4XiRvhC6HgVl2ZVYH2BSCFuvD+HcUm9AoFPXR5ORQGnA55cHRl3UGrnZLfTHpHbpJSF5uJ8
2Zz6z18E9i8UGhG/eS4fH96kctnrkXFxy/FCFeZW8Wx86Vq1/Zr9t1L8s8ULKLDX8fMmfTqlOSRI
X3vPeo5biiMyWB4lo8cqL4SeGYZ5TgwUpZ7x/15trWDw9HrZ4xRT3buxeoZi5IklVi2RrBLy7Ne0
NM4V9TzFBHk/kFTpCtZ7nTCinGFibKvLRu4bVnjgOTqwKqHWM4S0d69rSnMBa36lDqHGj7mPr3kn
/errphULyRl8H05wHye7YDEYegqFvup2uPyRVzBzovws5dc56vzOz5VELDRnmepL6ef7idnk6C30
zz1ROd1UK3ekQGD2yXMR7/jA96hzeAF+0452VR/aq+1ZaY9wnKz8nM47NnDYL03wXu0Bx0pJpnMN
p6fNjzmdf2VfN1LFv8cHSUNKjBvxJET0wet7T7hoxuXb/akxrjc1jwm9Hg46RJeUqMT+NtfO1iuK
pJff8yKHXHCe+g39exqySblpbovdTz/OKftOCNfdWbgRkRKvdITcXUS366aup10W7siP+y9v7X/R
nHRewjLhPDo6LynltP1zog8WBnv4L05dfz15IU6h/lTgOJmYYvAiteqh8NPY5Cz9O08GiD2Cdjcl
UhuJ7I0vUUj5ZJL9wSTTi8P2RKjwSbO5WycIlYJE06tdDO4OB1kuHc+fWCiR9NJLP/VuEEVv5Bhh
ehTmNPB2jk+ZCNVDSYtr8xR9QIV5SAXSSTJNbAg7HWpec2litkGd1tdhaZD2KodCTIE8eW/827Kl
hsF31/m+7eqayJy+wzRUZycQ10921adS48nCoA0iWt0lvQ2f2gRWeaIg/Z3tE3I8dlv9K6TtkVNG
VI1RZpUBY6FkArs/vtZ1POoMCw/l7bDhK8e92NSoixJ4/UxbaT+Dwsy1Zx3UXR0s37mlK/xy8YLs
7lOF7+8jh+OKkso0kS19Y/mu93rkksHVu0vor8H3E5/ZuVZIfpg78ZhjwSR/iEK3z+pQjYKkxJGQ
wxyXovbd4TN3KJPvQhNSqXvgneiqht1vomx4Nn9QUFlHwIquQprrxzTPvlh7mdf8YYgjRLHDdBqH
v5Zf0fO/jnmWX7t04dllnHnMaBa/idI4Ht+P3Z8N+t5vcj/xTycBjsT+Kt3kGv2dnUz6PzdQz383
UF4ckmCWUZtdpI/a5CZ91M7uVVzeRxM56Nqh9PbFizsvhklVWuJ6nLgtRl/lBCe6XrxLX4Cs03cQ
q6tXmx7k7WS0z+qpy56SguVgdhFdy1o4V2kkJPhlXGPAZnLxikgY9Z1zpeaoe0RDzXrQpDpEcalK
cZiQ7n11zvdV0/THbg3eGr/66fXT4QGt99opl29LLF7ZP4xHK9TaryPQYEd80dfIM7oLc/85eTY7
/pvm1EFNt9HBt3n8GWNWN3/sdyy8ZZBVUFOSQpV7BE1umSZOTaDpOI8+lEfu2H4v6LFEwgHnBnvt
XEalbySx+I+pOZXMjHlopBiKpxBUfjWTcwfeMcKOyAWmepJyKgRjZKVwd5mzFuOKqqgxS6jiKKdW
CKc3FncpCOdNpDMrYj5EOBCepaAw5ZR80U5yw8Y8Qk5Xst8oJ6FQ/Uj3YGH9LiiVaGhcf+yhijaa
Ufka8a+FfLTkaiU69S/2MpOFs7apmHZdlrVXtxuqU37raJ3y7BWhi7+pv8+T29+fie07owA9LW59
P/rdRQVKCX+cRDYeDtxOw+KxjAWxYPvj3x8ZZ/XSfXuQ+swsgtgtfkwxYv4u3jV5cqs4tm6rC3bn
/IK75OXv8fHTXP4x/uGQKsvNYfEjbkcdNN17A6ddaneLqr7zLxQ3IBUxlzJ/htJvu3Z4/7Bu6qBP
rBe65g4fE03vgm6m2ELvSYs7rp/4z96b6ZdTY2Q+ZXLPKVBGNynroQR7o89RxSP1ssOy6AzhtGxb
jpu0nYo+ziesAuPwL3QSmGcGvHtWPJqAQTHLBx9Ru41XaqorqC/oSuXwglUI73GkiGT5+YeLFKeZ
sZFZpBDoByZfNT87il3KOvoDPLFseq1aNpiRT35GMyxFTbgCQQui6kWnQm3O7S2y/nEVBnOFe4j4
fM0/H2uMWFSUhVH5xo04XXlPHxt9abS1SOS02tBl73E9gSLf6zPedfs8syjVPznDphj6amsZKxL5
oaYsITVL6ke4pz4MvZesg5kmBPWT0E2/vnstevbkqSbW53LUEugDza5sItlCUvN0YgqHHjRqICxp
yI3P7k8Iua6i7e7SmKd0tULH3AtZdg0vZVr9mp5Qm5l3WYaGRAd28dFJ32F8kauLKO1Ck/Be5T6j
g5PYtudzsZYitsd/0C4S232VgNXrNPe7vg1myCUz1GSoJoqB+TxZlEuSfHmRK+3hRZ+u1HdjEu+s
Px9idapN5zqBK7RL36VTk9E6BpeRyUM8jaUy0y3ed8RvmN+dzi3X0Wnpu7YY27iCYBtB2z5H9wm6
MKUrOP3TH+LVpd+Wq/i6f9F6x0Z0Se9i5kvBY82zu0pIey/HPz9WrnnkwtPXPAd2lZn3n3fitop3
62JpmFFlt02nxT9yS827HlnVzqbsRb3rhe9lBcbbITdSb1xxXvjcN7pkelvewmto0L/60tMXj/y8
FwntjWERIlmX0iVC34gHf/A2ghZG0JXjKzinqpu1m7nxjSGrJFqMaJ9LM468OVguzuGRUuH7JNC9
MwiZS8dD1PH8wBMyg/J+0vJrlpdJbg83TquGt8cYZn4yMhadlQqJKSocG3xbOpJ+dKINTejgCXdx
2RvMXvHZ/QMhuSaTHPXbwUQOqx+QMwHGl+1ZE6beC3yUinypWCDa/Z5K5RjPTdLHxCQnZuaf5H82
5E4uzHkiuOc6IbdjbBzfYSHGXVd49uAcR9HMzzS/9Ht09nYylRG+nBbZbIh5Ts+IYq/ZvVQL12GU
0KPsJ46fKLpneu8pz4lgbu59RxNyEJ/lWUZE4qzClJMv/atphnGcg1VjjvzsPIXXTbRbHtbcsnBQ
OuBVLNL7oH5EoZmrgVtKJVHp6AXTjKe7z3ot4Pi4DgY9u0LGd3DuLJTd2nivTvyFzEtWtz7gIbEk
Y994k8zevCwy6DadszgWoDv0cvC9/I/9N4xzNFkPBXsGs89R9fO/r/wi+zHw9r4xL5YZA71yHTWB
3qbLnwxP5PYUQsMUkPdJBKIbOJkFJhaj3tQ9eTON/RRF1WJWeKqmsxDXp2Fy3tK8z3J6E1vx69wu
5tfeGhoGNhbL76D8f/qGirJTyzdUyLywpdO087UbSiftOGQTziEF5hkN3yTPBI3ehGXM//TCQikm
nXNi2Y9eT/cbt1Zbmxhzj+jZXKtNuHV/D8Wu7EffF8dxHkhio2hVJWglcK7nRU9wlPLf1/OfPn3l
6Nj7thekDg4Bu8teWAQkkde52O+e4XHhVPS+BHMb/OJ15qD0w/3Rz99+GFrwIHIN16M9+k60uSKc
kD/d6HhdaxsNqo3h3nMtsasNKrAy5fLEyK+7uFBXpTjRgW+Y+s2eSf04bFEqHtJwwG9JA4sg6JuN
JAl2m1y0m7niivyml/347ZMjT647diIXm2Kpcnc9yrTttGh+yv7iA9P4t5cZhipPVN+/LrlkE6X3
8ohzSGOAi4O1Dv31UcW6tOY8o85Gu6jmqEHSxCyesBcGe2Rk53ajkL65AobZrR4WZ1WJJ0cXFwdS
wxs+7310GrHvjTPi5k3ex0d9UbArKInGrCCTxfK4EKNBae390m4yDudr7dq5U4Lx6ktPpgajOCK+
xc5rmfahGcl83gu4eHKMuVh/uE6QRnbU15r9/mkV+q+XQpoqdSnK34a+CHc0y4HYeNPSTuBFml7Y
4x07et9Nvsg641NEicf9i1b3IXR42heC3/M+sDzyWvIgs95QCdl3SlEDXVp5lgP9xM7eMvu8j5pp
voISaWvu5Ul5YOoeP1fsaL1fQZvolR3j7EOGvHeW9Ue+euIvRLgw+huaVLgEM5HPVGXuN3zZ566L
u//ia/IcmdPuearYxzWLD7y6jRh/HKV5W5b7IZj9Tu794ct9RSKjauPFp8UUEsWza2tbcntFZcTV
hk9bSLPaJyuRsPO1RVTsf0iKdtOqbTxnd6PR4jJ+AqdzO+7D6syXZTxy38mNo/RSaWxkOxAvXHwf
t7d2jObRoS2jU4m9Zx7g6J7UDPQfVvhI55q++9mc4rjJEPyTWv5HapPuCVLzpceAII5T9d5+R6yy
FLTPSfUZbsYV+8/fP8ISKYIcBKFh2pL4cvtP5BmG2T/j1BanrstiRN3loe9Kw6mh/ehqxxUDsStL
FePtLLLyZBZSJdZmZrU1uFl9TURVh16iSvCWKpKM5GRPp0hI3biCmZaNClU27giLoA//Bdp7nXeQ
IjddfVhVMxSJCY3O4BLJCF25LH6Ln+bkHUJMGmZPR0S+cPuherIx3kUGBX3/PSEXE/LrajUKuwf8
U10HdKQJLrwKIjs5fLt/FxmH8AkhhopM+1eXvO5nZx9J6DA5y30sEOZemclzvLrDq/cATjW+G16N
lGKMVQl/5+XyN4vOEz7xXs6nXtNFkem8ocV7MTjpM/1uqPZoH63ujYFPb+9Mv4wbn2w6OzMd4/CJ
YIyhXm2iNzlVR8qj3+myAtF+/xDcc2/thUYQHGYpVO93FVTGVRlJN2JY1W69VfnEfYeW93nOBdeC
EPmH6m/2HWYbHjpQnhdpWRbTX+msQnsAZVAlGMz8FFcmvNcmX1V72uWwnrRNZKJtOpu3YVEJR+Cl
+0NMb+sWHObw258YNTU8n41Ac0VRUFTUNOBiWm55fcxVLtU7tZg4z1I40XTO8wih0dUhliUdClE/
5/RRwrZwZ7f9p140MQRgB3usRe0EokYv2vVVXybs4vJ7XSPb50GhnHwwwPIm0dhItbb3BL8JicSi
UcbXkctezaOi1/ziKRk6FNKLl2LvNh4gScmlux5F1uyMmXL+6h4U/0YqwTn7JDFUIy9gYdJYLj6R
kKB1MoGYDeGJnG/0PkBkT3wS7hdAHXCV7tQEc7kQt1Q28xQRdd+X51rCl+zFZnVlUg9b2il49FCk
HjoUqTEFa/MYV6UIvj7iBLM8EXSGZ1guv3Dq6wEtjfp9TIWY0pgvMZ3NOf4YiphY7hYfPx8VXxtD
uzdfdJYSSI45zv6gK1r62ruJ6sb89ObQsJ+lmE10N2ZHuvv/3Jv79Ls394hDGszyz7fL/O7NYTcx
0NgdGegcpfWbBh1sjOG6x0+wiOtZZg4gGl/dNmFpbdRzvnZWRkCS9OAucUXLsVBHcgb9OkVbI/k6
3W6GjCWHNz3qk2x3lHedXHRQukCk0SelrY+/u6nj0d4pZu0L98+S5XVYc/sq72sVEyc/if/lmsNe
q3nbeXyLRe59xSrDnLHuDXj3paf2eosa7/F2aSo8qOV1ptVfWIzA22byZPFFF8qLXHvLiLpLIvua
rz6hTjLjliruC68XkxNDu+g6jT/49nzc4kNeZVgz983RgFSc17WFTUWyit9IrxU8imQPbTmLIThx
g7ya/aDgLODM4eUPthF9tbjA3GvMP4TlHJIhf2GSzEpc/EFCgTkPN+8DkUkcmjXwqNMFk9HJRJcv
lfT7uhgoEkpUGiT2h12kZGmmf+/hIhNJYhHzTtqcYV+k2N5Qn1HXGCnB6tqK0GruYLZSdof8jCfD
LbUHnfCkcoI9moa1Xvx4fwp3z8jdi3L3TeLMLHHJ23zk2gj0ci6IKCX4+Stli1LUcfAJLikGEk63
BFEs9b9rJL0hkoTn5ujMhs6vHtZv3eunrZrzkFlyMf28mgUET818nKvw4N2w78ePKx/W0+jwIL1H
5AP151eo87Hh+3iR3OO1gGcKjO1ZS1dt09UY0/O2L/q6YfkfdAilIq2Zyo0PDRTY+6aImnic9qjJ
fXnhAFX0/W+4L/Of7Gvg1iCD6ebP3Ha/Aq8fWrgAs1CK68HRhUybxh28jWd9OohS1klzhEND6cl5
yrqJAndV3kX5MW2qTEUiQaM7vYKtwYYZQdLBw7VazpiCCwovI4lbVHPY/Vk5qMQjztfdluFTOeQV
WEvX9BBBzchwqZxa4iXB7tyHjw7c3t9Iy2ZxskOcjElcu8vpngcrifPehnYht1ySEwSooeHjlqz8
9/K5SHpe5aD8UovOZng+emmn+TCIOh0bF3m0MCP7ijem/btDKP+Ex4GLZQoWfV0fc3k/SeuVz++5
9IrM6XpbwNhd7bcVn0y42J+HPvp69VaHZUsw5i7+tLJY7I3wvpjrlwtOB1CMT+hdN1PqPG4RoTT0
5KWb+fTF/XTUtxU+dDv15cU3K/blJ1hATpuTtR+Oxzy3JM9Smjkfmof21qBh4GLgDyfN9ktLYW6I
PeRFzBrg3rTX4+Ioqym1+I/sCWSLTBmpvBtO0StSsc/EzgF3yB7OASiCnZAxZ3jXiQVXuyU9UviS
9rSroAlNPLskzhnJd1mEKSzeItYuehH9z0h8jpNo2kv1dNxnTKrcb05xXjuf/OIHwdLdGidSS5Pv
nr+PUxrbRfJqQoIfIaZMKsVTX1cgZ2UUUW7anJfv4O7CNlt1X2k+d6KbUUGDA+lA/kjXB5eohoFA
AO2ZnlzMsJB4Z1AgLiFc7/1bscw2mjbm+zfC2x+fwe0s7X99ket1xadFizlnvppqvT6NeCUG3hJY
scYEN2/AWbGpbN/ynmq0Jo1YiNEYh8F3rScKyUZ+YQNCqJZDbwUKNbpfP/sif+yU02kLP41WWzln
oEfHFNhJj49RMlJWQ71jjb2j8Ya86MVUqCQDTs4c5NO6aeqnXpN50C1e/bt8WLThBGdlM/MX3LfH
HFg1iLi+lCDIIUXXyA+8u1jE5gYP/eBRb03zMXrYSUg16rR6tMxgedKZlhvoqXc4SyKXnOR5oSF8
bw6+yci5+YSBQVBd0cQY8f0S6YCoi8sIXeUjan8uzqiXCYcfFNrOhQVRVZNInFqQhkl1xSdUhjZM
2rFXNnd1tzpFxOJU34zior8+L5U580q09dkZunG5AF4psYaqmXlPQz0zjqho69KiwIvF0Ve/XiPL
q0lJdehHpyyMfmubuEo3OXfG+rAUDsqLidgdU1lRV+ZvW91RSH9Pq9Z6qdBpFquku3+yCvqMvEbw
/GUbz7ipghv746ASNVN3ozXU/Z6M8KRNzp+hzZRyBSt97C8XBQ5ZL4VDwCfK4JD/1+8wWbVzvb/b
uRKO8yCWVxnZYOfgUPCxQTh0Z3eYKEvZvlu+QYqtMEIwgBWaSum65Lk7vWTvTfq2UwopNAZVu7w8
nvm6Z9GMaUZF3WV3Jx94+CijoeLc/fbZ0flFpGY5A5nkZzm6AamJyl43hea4B1fePxy6x5eJQ8ee
xN193ZxkbxR1shtZif75PjHt75lX3NCuYxdK2F/ddMJVIuE89hb/GRT3QKx+OoFYeaWmH0nDIfru
2SvXNeOuOg8kz19OL8zT6PiqOcq9e4pHM/1yeLCAQewnPwbNEJkSg5keq+7oOh7NCqfKQDIRnfAP
Sz61Gpy791XlkoVzCeDAUxJo/bDuUM/mUwvFu65KVX6np3ktWlm2+2A+xVXvDh61/RTP9KeZK1yP
alZAXorThkIkL13Y5ck+gznPdUfz6vgFkYsme7kacjRiOrN1Dxcv2H/68tkfr9T77sS8MMuMz245
nd4pBAstKe7jfXxNnywoKs6/epZE/EQyROx5A8NLLc7ScaELUVfdefnm0fvyTvD1LqjUChxjmeI8
+HSJ+umVB8TswHKqefrZXIClNbl//Kx5empsBkdg56vTXtpPXb8nBz6KneVgp7IXK6ure2cvfc/4
/nv5471zokI804+GLS8Vkjz5QT/3zTxAXyxXwL36Y9BuQd3Elw8d9zWOS9x/ZsU0Z2h9TyH16YIa
Cyzyqz5n/ykvg1tPU9+N7yPusbldQ0zccOKxWrNRDM5sKq9DrXzoBR1ujYRdoulx9GcyKL0yYK9u
OMRP8H8MN1Aq0tnNaPGWBg9xrVsqh0VcTl3EtVrS1byMJVm40qInm/1R5HWyLhxvQ+k75Y+ZhQNG
5g9zevO0RkTHZtwq2X1S5/mMAAUxqWDadwcp9Tvjgq/uOTEF2qR7nfvgrf6IsjHLI+SmEAGjp7Aj
Im/smnIIoa/fMSHznMSCbkNDxCHWfsuapoLhnucdho0Zl+v1ixVpHKVtaKLbcngY8wXDag55Vd+b
omZwP0tz4tVr9eKjAT+KOpK1Amw/sVNOF2EkJnvwPlAyKrJP7s84zOszbpH0kvhU6p3Q0yxke7QR
Fe09x8iQ5ce8tWVv7CXIKWt8MMkroD7BLEKIZ/85DC5Dk6OxeJSGaEYKTzTK0hQh4HtD2UiHfv/j
gqATUp+XUi9+Ev48JVXKJsvwXEXeXyeLxxXy9hDeoHdjRbRJtJW/BcNLWZtPZefonhGEuuQ0xkwR
vEib+2E7da/Dxz6AjJGHcChwaCL07MsMSdnmY4ehfvdv57oRN+MeVuA7LcfvZ1yao0vPtaBB8jy9
7WX8EabzydEDWLLMyBmpzCaK2JjbDreuv6Ko8AjhmtIulGjQKwpUky9NPBaldObFk8TIo5NkV+69
lq556VN0gcjRS/+ZEtMuXpjQMZ139++T5Y7ovOSVkR2MYZNk//o8YZbZc3e0U+6AbL/ACypytqaO
yAq8iRmS0HCXgl6r960HxcjTW11Trn2Jv3a7HSejbDbd6XoAqjPYNMHSPnKoYaazd4bwNaKaul6I
HhFXzotzWEy+y5xT4t4kr5dAa2FUrJjTfWi3vqaOu1UT4znOzOYUVV/v29ZEhbfFRogYQvcYCfZA
D0oOEISXVdxqo+jyLf3E4HgvrfsVM8l0TFOaMacXJpQFrfUVp1kNy+vnJ+0U+Kad5yl3BL6ZSPIR
rVOvhutUp/Uc2yOt1N8tzF24oxiiSVYvcCiJ83SwvnfYa7ZTD1il4igTZflOZTrpd7GV47jicfNf
4mu2LG/Vvq9yVmZqt3A0ppHf+lUpt4Qtb3eOLoUVR2mtqs3zhxFFnYekDz+3zsgs4L4jqqxUNGl9
mGzowdy0kP33ixb592czA7nwFmeVyQrNMpJnCZnqjLmJQl7kkAmEStlBGOrtJC8VDlISTeLqZN+R
GhB+DZ17OGv1JCU7bwzJN4NQkafqzZhnobkSxesIuAZzRw53VSTfHKLSbO7Pr5UMX0Cq+zm+/pzf
6RtPP2py+FXebdts7nds78izTJ2DJx/on0iqETDo6Z6dRgx6WBTE8QiqZX/ABFJA+Hu8T6Y9TKS2
kzRlpC3MePsuL63WgM5w4l5c/fzTnMdj42pMzjQRXodM4nJb7UfNajAudbiIfV/nw5lywmBRhyV1
zI0MYJfeT9Gq190/WfXZ0V28KTxGK8KLQnSY/fYbdFQoZID5Y16oVGKNCvt8j8ECH0qSqUSK/ejn
i51HMCiUFT7zh5cJ+Gpxss2f806MUaRJX+tUHpPOqCj7sbvJ7bQb2IxBfx4FRyF+We5N8jDh/ywP
81+8/gVpXTZn7P6uBlU6TDaiWCaec2WXTSMH+MY1OHyTK3/hmyRiwneWiBnp32DjRk/mOc9T1cWo
cm63bpB64KlA7tbG+GryDK/Qo88eqMyOXS62OzVqQ3Fl7/cfAza4ItiMzKMvCC+JCyQ7V2izK929
JvwqlGSh/JFaweeUa1ZMotZeQXqSNucaG/YIoiuY2NkDqDHxt0Lyz+Kecj0nAaOrO/6MluCjKKms
YHuGWFktCyOdXiPnxTkuC3pjCpHDaAv8QVWkk2hoMO7zsYBnHY4T7x5x9Os9Eam8YN/9naLtu8qu
xw+pg77IE+0Z+O7ESyJzfE/UnEj70pKMWt5HbU0y6c/fDDwsz9r0GfXZTd43jqSc8Hdlu6l2semY
oY147GgVlZoy5vTlCXoLW68QUYxqIaX8maHA0NgHxl8eENRoEluZXdtkzNdjHjD0L7iEAIcF4Igd
xu13cMvCKT0B2sDn/gL8nMqXmLMneKbDyY6+kpTeq61zzdrHPBsQM8GLyb6IZqXdfZeknIxPtU0H
e97Q1RmpxevXQ5w7nBNIENUn3O96ljW7/EzRrL2TQM+xbPm5jmffuofuFvmZOzezNPuU1dOcsRHd
5HjoKiMbAOJvm9ryl6z0uWS0DfW5pPT1jLUFLJ3o1ZbRIxKLpMcgYOoEXLKWdgDv9BCglo2+hR39
ysAAxfq2lvY2uvq2QCMyNpa6cvp2alwyQiL0XPL6TnbAc8JOdqJyK4+unDkCHhGxBB5fPWxEAIwi
F7+FhaWdrdoKWpUlWAWoBFDY6scqGShi9WNly12dSxBoAeiDLT1yvZGf92f8uyzBoL+xtHqaaIWl
nx2EYjf0EAb/d3uIgfzWQwx046DDVucEtjobKy8dAT5WOw1ffRS++tCqwiWAr3Zh9cUcBPDVCYCv
trKqoAjgq63AV1tBrLaCWG1l9aZ2gtVlRYBYbQWx2gpitZXVVEcCxGoriNVWkKutIFdbWc0NJECu
toJcbWX1NmAC5GoryNVWkKutIFdbWU1SIUCttoJabQW12gpqtZXVrA6C1cstCVCrraBWW0GttoJe
bWX1NkgC9Gorqxt8BOjVVtCrraBXW0GvtrK6IUawenHZb0IMQ2yQEcxviuhfkRHk7zKCAksxBr6x
h+h/t4fY31UHFqQ6sKszsnolDgF2dUZWI7oE2NXRxW5UHash7t94wv7LugMK+V15QCGbaA/sRu0B
hfzL6gO6poDXOglFbBx66GoIBegZeu0Ts/aJXVPn62p9Ta+vKvbfJmL1pbV/cAlF/ttcYv7gEgue
CigUtbGXMMi/3EvY7+sUCkOB5gK2Zi1XNcrvYwyDgnr/Ly9hKPx3SwSFQzcZY9jGNQmF/8uqEAr/
QxLgWNAYr5k86JrNg64avd/HGr5RW0IR/7akIP5YtQjEJmONAEkE4t9edcg/FCASBhrrNQwAXQMB
0FUU8PtYI0CrEvlva0jkH7AWid5krJEgDYf8t43NGthZ6yUKDhrrVVD0+9giQdYH9a97DOg/eo3Z
ZGxRIB8Ahf2Xe4n+Qy+jwXp5DSNC10AiFA3Sz2uY8jcu0P+2fv7DU4BiNtPPaJB+/rehKhTzh0T8
AnE/x3oNzEJXcezvYwxCsVDMvy0p2D9WIRa+yRhjQZKA/ZdXHQzyuyTAICCnEbqGwKHYNf2M3ejS
rF7f+IffC/mXJQUGQf7BxSZuzeqNYH/28l9edbA/8DUMjK9ha/gZtoafYSD8DINsXJWwfxs/w/7A
z7DN8DMMhJ9h/zZ+hsH+6CUMhO1ga/gZtuaRw9YAN2w9SgLbiPVgIFwNg//bXMH/kCD4JlgPBgf3
8t+WkD8QKQwBlvM14A1bg9ywtbgRbA2nwhAguYeDJOrfRrAwxB8ShdhM7kEIFYb8tyXkD4QKQ4LC
J7C1QBpsDafCkBuDJTAkSIL+bQQLQ/0Ra0VtEi6BgRArDPUvewOwtRjhWi9/wbpfAdc1XbIGbWGr
oPb3sUZt9BZgaOi/zMVaGHOdC+QmY42GgXqJ+pd7ifmjlxgkaKzRa7pkDdrC1kAtDANb+4RvHHs0
eiNXmH+dqz8k6Bcc/K2XGFAvsf+yhMAhvyNZOATkT8LW4q6wNSQIWwvhwtawIwy7vtewvtmwttsA
2eiHwrAbJQ0O+ZcRMRyC/oPbTfxQOGQj4oVD/mXvAv4HvoGD8Q18bVMNvgY64WtwEw5d28ZZw2jw
tc05+Bqsg68BOjhsbY5g61tCa+2t4Sb4Gm6Cr+Em+BpugoNwExy60cuB/9u4Cf4HboJvhpvgINwE
/7dxExz+uzaAI0D2BA7faD/gIFwER/zb2gGB+KPXm9gPOAK0qn/2kX6lk/QrvbSl55Iw1rOlVyNY
2wJeh4krH2uKfE0frruja9oIuibW0DWxha7tckLXtjKha6MJXesfdA0GQdc2DaFrhhi6ZtOha8YB
ukYVuqapoeuqbk0nwta0BQy67j6smR/4+uda+Rpd2NrmJmyNLmwtOgdb22GErUWUYJh1Fbq2/NY2
TuBrWy3w9Q3b9V3ZNeisTg8Muz0wEQjI72GFP0UCqKNtp21mabg+7GuzLqRvu7xZtvqPlL6dth5Q
DZi9jRZoo9/8UxgIuM7LSNFD+fh+bmFtqLkiyMvipWtHrwZFozjRAPxEIKCcGAB3wKBoTgQAkRBI
OCcCjgSkTMDSRk/fZlVmIcD//EA7CrJizEZ2dlbcXFx2lpZmtpzG+nYGnJY2hlxWegZcOrpWaAwL
AZfccr1lIZSz17FbpixpbGH6q18b18gf/QJgPOfyFtDPfmFQnBhAw/6n/cL+vV8b4yYbxgvCiQD8
DjgaA/QH6B5iZbjgWAgnHPP3Xi1Ppp2Ntq6pvs2vvunZaBvY2XLp2tssL3+uv/dwI8b+c+RQSE4I
sOIA55kTASxUwFByogGnCHD0OCEI9P/mjG5ECX/0C4vgRGMAAwasWs7lg7yA8eJEAV4FDAoHRnIn
M2pjb2unr/+rZ2bGuvoWtvocxhYGln/v3EZD8kfnEFAUJxzwFKBIQNwAa4tAIzmxAIKCouDAvEI3
6dzyOuWCY7ei9huIlUWvLFbZ32PNv/2KJcD++evvF+eCn4XBtn12I3j+g0sUlhNwTdHABxoYeECC
0Yjl/zFQTgBZbMUjbAsWQfuZf5DCYDgRaMDlQkMA/QJB0WPRy5ONoEdDMcDso7YihtiK2Ebn9w9i
SEBpLfvQ68SQMBSwSP9GC74VrY0w8k8FAEFzwrFwehQgzxDAhENhWE4ArqGBVYZCbkkLuQUtEAjb
lK91Wut8bU9rK77g2yrc9QlDAdKAABy99QlDYeGA2thsea4Qw2xFbFst+pOxNWJrjP2FFnorWtvq
w58ThgI0Nhq+PmEoDKDI4YitaEEhWxHbVsn9ZGyN2Dpj2xPbSouAwO/mjCFRnMsQZp0xFBpQYfAt
GYNuRWxb1fGTsTVi64xtT2xLxrbVHT8ZQ8ABOYf9ZAyJ5IRBt9RT0C3lfke6Y53YOmN/IbaVVoTv
THnAoYCgQ39yhoBxoiBbWhnoVloRlOawOWdrxNY5+wuxrTgD+TSbcwboXMQvWQQ+sNgtSW21oBE7
Ux6rpNbZ2p4UaitSO9MdgMbFAPysswX0AI7emthWShGxM92xRmydsb8Q25KzHSkPJKBylze01jmD
ACgNtRmQXcUCW2lFxF+UB4QTC4DmdWLrnG1PDLqV9kDsCHkgAZ2LxKJ/GjIkFsYJRW6Gf1dZ21Lu
/6I+1lhbo7bG2t+IbaWEETtSH0hAOcHRP7EHEoXixG7qE60S2wp8gPZFNudsjdg6Z38htpWuQu5I
fSAB5YRGIX5yhkQA0HRLuwnbSoEg/6JA1jhbI7bO2V+IbbXQQAlQm3MGh3AuBzzWOQP8WjR0S8MJ
20r2kX9RIWucrRFb5+wvxLbSV8jtVQjQOIApl9UWMJKAqwQBiCwvboBByJaWE76VCkHuTIWsUVvn
bHtiW3O2IwCCBBQUFv7TTCMBJxGB3doZ3EqDgHbuNudsjdg6Z38htpUGQW6vQVbnDAGoJ/hvUwYB
XPBtvNyt1jRqRwpkjdg6X3+htRWKQ+1IfyDQgG8L+WmogQHkhG2pheFbKUbUjtTHOq01xv5Ca0u+
ttcea/MFwGwIFvNzwhCA745CbokJ4FvpRVA+4eaMrVFbZ+wvxLbSi6idaA8EoHQRmN84A8wLBLEl
JoBvtaBRO9Ie69TWOfsLsS052xEAWQ1d/gIgq6HLrSVkK5WP2pH6WKe2ztpfiG3J2rbq4ydrwPJa
3lj/yRoCAriBW0d1tlJW6J0pkDVq66z9hdhWBga0qb85a4DeBZy/X6zBMIAjuCXeQWyl9NE70yFr
1NZZ+wuxLVnbVon8ZA2wMBDEr9AOAooEPMEtAQ9iK5WF3pkWWaO2ztpfiG3J2o7cGDigfBHwn+gK
AYEBzuCWgAexlUEDZVRsytk6sXXO/kJsS852hEFWNxp+BkFWNxq2BDzIrZQIekdKZJ3YGmd/IYbY
Shmjt1UiP4kB2nc5y3KdGBrNiUZvCQxQW0kj5jcdAg6XY34PpoPC5Rjkts+itnsWu63u+keh9q1Y
BCWbbEYKDuXEwrC/SCEAA4DZ0mpvtQKw26qtVVKrUgKlB5YBHAnolVUx2XLmtkJZ2O23sbCoFVqA
2kAv7xYB7CABuYLDgGWxo90i8C6WjYEuFAGD/nWrCJT//efCRCE4l8/7rO6vYegBEeZcPu2xur+2
2YDvqGdINHIHPdtWGS7rpeWeQTHY5f0BegQcw7l88gQGAZApdDODubOewTCQv/ds2w0v7LYbXqsH
M7d8GArZdssLCvnv73lthY6goHT1TTeH19fi+mb61mtxRxMAAxDP3/c3Idtq+OWNTSTghf2MqWMx
nEgkdJs49466hoKjUTvo2vY+6VoKAqBKOLGAzoXB4IAhAMwr4F8hEf9YbOEwCHoHSQjbanEYHNA6
EOTPSBFsOcoHg28TKtrhikLsYNS2T5BYn9BVlwb9c0JXfZp/ts2/PKEo7E5SN7a1EsuaELC7qwAQ
/it1YwUBboaTdtQzBAQO30HP4Nuqkt9TFDZRJb9fZ7HZ09htnwZdNfGfK6KtHPnVE8d/s9OAo4QF
LNQ6LTgSBiyoLd3drdDc6jHorUcFti1Mgv6+xb3J0/BtARp0+y3QfzSmW+ZsbL8DukprPbK6jn3+
ElrdchsZuv0W6NoEAk48Eov5BbRQSID41hsmW7nZUPj2cg3fXq4R268pxPZravv9k380g1vuUUK3
3z9ZJba6v/ZrVFc32LYe1a1QOXT7/ZPfpxC94yncCpdDkdtjJOT2GAm5fT4Scnt8tn3s9Z9N4VZe
AfT34OsmXf09XrpZV9HbP43Z9untgzb/jNEtseT2QZs1WV2Ba79crVW4tvXm/Zb2YvuYzSqx1Tgb
4iex1UDb1ikyWxoM9PYGA729wdjeoYdu79FDMf99g7HlRjQUdFblPx/VLbfYoZjtRRuzvWhjt19W
2O2XFXYH1up/mle4pbUCXQy0mR1e2ZVG/CS2ui299ahuaTGwO7AY667++hSuuvpbZ0lsmVkI2Va0
YZBtRRsG2XZZwSDbLivY9p7OP5vCLdM1/+K7YLAr2bbryWRwBOAwYP6aTYbYSrvBtvdH1iRmbX/1
J3LbfoN1y6wJ2PYuBmx7FwO2vYsB297FgP0vuBhb5jXAtvcx4BAYJwaYxNXdQvTPSVzdLvzHDijg
biP/6ubBYDvQ8v9D9LxlMgls+6TqZeWwrEUAFA2Y5uWjnJzLkwygQ070/64bDts+BRsBhXACOmF5
oxWJXd77BOYJvdxPDDAM/zgYtSM3HAbbXsph20s5fPsVBt9+hW2f7/nP1shWUAe2fb4nDPC4EYBQ
rCamA7YfDuXEAGB7NTN9y91Z5FamEbZ9xucaZlzNi/wJGbdNjNwy0Qi2fb4nHA3jXJa/1ZS+5W1T
QPoRqG1y+v57UXDY9vmha7BrZWcVTg+FwDmxyweaVrZWt7QtW6Ylwbb3fmHbe78wxPYLAbH9Qtg+
teyf7TFtKVvbp5b9ucu0Llx/2WXaMiUKtn1q2bLqBkw1YEs5MYC3gIBAOJeP18KWdwrh/zgiDMNi
/h52hW3vKsO2d5VhqO0P76D+cnrnv7+VsWXiEWz7LJY10LQS+P61ilYD31uvoi0B4fZJLGsGGyCy
fHXbT4MNTD8auiWm3zJ9C/Z7Essmk/B71skmk/C7q7zZ08jtn96BP/E/ncItERpmB+YADWjm5QPm
61OIhgP+59bhri1zx2CYHUSB1s3BOrFVc7B1GtKWdhV0z9mf0AZofmXLaM0LRKwc00P+zQtEbGns
MDtQtHDAgiwnQv8MpwOAD7upNto+n2v1Go2tBQyzvYBhthdu7PbCvf3e9j8Szy0TXGDbb1f/bqd/
OfKrdnrrKdzSfGF3oDtXUk4gv5IkVnJOUFsnSWxpvnYSD4EBjWPhv4YRmDnA4dx6GLc+j7gD3bmM
NJeTUX+GKFCIbbJRt0yAgm0fDlnHs1CAteWtPcSKk4NYvhfwH2/trZx+5jDSNjPTNtfRNtW34bA0
tzDWsbFc/gr5u8GGQ7ZVgnAklhMF/c0NWj/Z+x+4QeAuO9rqWlpYAAQ5IIgd9PgvO7toTgzgxECh
8JXtOxgcBSi35TMRyC227/6FHm8bPYRDto0ewiHbRi7hkG0jl/CdBHf+pypry2Or25+tX858Wsmi
WDu3uu7PbX1w9b8HTOHbH69HwJGcy1Zz9bQfPXLlVP3a0cL/QGT0HbQtbDmstM3MAZkx1b/EYWVs
YWFsYcgB+XtKCnz7M/frcr7iry6je2AQofBtTvL9O33e1owgEECfARu6etxrOagIXYn2rJ73+see
yY6CKnDo9uGeNQFY3aGG0SNWdPL6DvX/boYPHPQekA0hMgByLp/OWMlVQf2Mka3mqvzvJqbBoX+x
aIDGgK3nRsMAnwPGCVlOo1lJVvnHo7ajOAYcdCHnphd5rMcxgUEGbPt2ccz/XmgRDts++oOAcKIA
Y7qanbmcKAyMHgzxn2Zn7igvCg7b1h4so3TIstVcQV9QeviyqgZMyCr62izc/9/LJoPvJDy/KVLb
GoNumdEN3z48v7zdgUIgfsZQ1rKs/8MQyo6i8/Dto/Pren/9IhgoBkBkiP/BPTD/Sc+2D+Wvrbjl
FF/E8spbW3HQFcz4j5XBjvI34dsH89dy6n5iwjVb+Z9gwp2mQ8O3D+bDtw/mw7cP5sO3D+bD/xeC
+VueJIDDt3Wt4b8H3zfpKmJbtx6O2Nat/42ygLat/vI9bsuXiNkY69us8r1cQsAlbKFrqQdAGXr4
6jW3PxlZrgP9ndpGQV9/kkvI2MBA30bfQlffVo0ACsNyWS3fOmemb2C3+s3G2NDITv23UxC/GoIA
KGOZKj2XsooqPQdi+f46egt7MzNgaKHb/AZblt8/fkQDax6y/jOcXm31QrnNf0aAfwZQ2HKmz1oF
JKjCij1CYpcz19bqoJZP1GzTB/TyiUTI1r9jwL/Dl3evYUgs8iefWKDS6l13mzcChYArIBFITjgW
unxH3XotKLgWfPk+GcDwQ38yDZg0tbWL9LYgBgdXQMEA5wCJggPIdb0WAlxrlRgSDRiY9VrIZbWN
2YbY8viuXtu3RQU0uAIKwF4YDBaFwPyshQHXWr5iDQmBLWdnrtdaHmfMNuMMg4ArgJuBLY8zFrFN
MzBwBSQaQD5QGAoN/VkLDq4FWw6bw1DLsHi9FjDOa/cUbkEMCa6ABHAzFAX4Gz9lA7BfarDt5BSw
IqAKa8Kz/E6i9VqY5RW5jfAAOh1UAQWHc6IAz/eXvMMh4ForLjEWsPE/iQEgTG3tysUt1j9skwp/
LnHAiKitXdO4RRsIcAUkIF8QyPItkuuVkOBKKzYe+4ul5QFevf9xC0LoTSrAAdlC/hQsOAZcBQUB
nFzA//m18uBYcK3lU04oKBwD/zl4iOUhXr1/cgvtCAVXWJuD5QD8ei0YuNYKMkaglw+srNeCg2ut
IA00BAr5KYMIxCa1ls9uIADD+6sWcpNaK8sCmJafg4BAbVILQK4YLAB4frWFBteCLvuSCAzsl5UB
1Ija2tWcWwwVdpMKG0wJZJMqECwngGLQP7Uh4B6CKoF1GbBMwLVAUoCEg2utyS38l/VCIjapBUED
QoeG/eQfiQRXAms9QExBtVbN5a+eozepApJM5CbDvXLXJAaC+jVUmwz5mqz8JneoTUZ9TVZ+sYfa
ZNShWMCFwPzsEmqTIV+VE/SyC7Rea3nIt1Z+v930thGRr1/H+gs/KktJrr+6ForEIvj41t4Cy3PG
yWr5lk87eh19Q2MLXqaJojImemM9XiYlpBREykpQ38j4nLONvpyztLyus6kuVo/pDB/wlDZAWZ/D
SduKw2DlDbi29Pq2urwnBGUlRU4sV3DidjK3Mge6Qe9kbmZhy+3Ey7TyCDfwfbmYi4l+pYqdKS+T
spQM/TLsNzW2o4dxYjmhHFA4O72Bjba5vqOljSk9lBPFBDRpo2fALSskstYg8B8v05rP4OjoyOkI
X/EXoFgslgsCA0wiB1CDw/aShZ22E4eF7UmmteeMlX8+ZmHLudInTl1Lcy5jZS4AcnCtEwIAuK6N
sZWdsaUF/fL/2jqW9na8THBdtD7SAKXDgdRGwjigUH19Dgjwx6Grh9SB6iANdAyg0HVKVr/18A9S
yz4NAPwBWjzAV24ZG0s9e119Gz5RGUl6USNLW7tV0vRYTgiMh+uPKgQrT0joXwIGRs+Wj5ll9fef
BQQ8XBt6/9/jB5itzfkBpGBt7HiAOtxSAHw3uCSkbafPBwOUAwcEywGDyMNg3AgUNxTOBoFxQyA8
XBtqEqw8KgjIpJ3+Th79reZvj1rayANyxGdkZ24Gs7KldwDkcplhoHOAeNtpo397dq3q/+Z4aVtJ
SW0/Yubmy+tguR63kKWuvbm+hZ2Y0A6pcP33eqqn+7ObVvY2Zqt3/epy6ZvpL/fIFugqFOinni63
gaWNuTbQuLaVlZmxrvYyzWX5AyYe+NHO2M5Mn2+lT/xmdqtfzIyXSXCbaVsY8jI5cejpG2jbm9kx
8YG3eaxsjG3NrWwsLQ2AWlZAX+k56GVkxeSkOGSWC+mFzbWNzeiF9K3MLC8t94peVt/a3thmtYer
s2hmvDadK+S5fnUJ+Ka7OuervZLTt17v3soS+uPhlR+5fn8E+K73m4D8D5r447FNJI1rTactf/2p
MfkI6P9Lf/+9hn6ZCcDm8DI5LhsB/Y2vEv8t3LmusJg302ksBFwrSxAYg+UFzCzEvbzYIVgYBAZD
oFbWORMEwgRUAxTEX2qsrWXmLZc8UIff3s4IqAJ8W9eTy98By2iir2u3/FV+WUyY/8syyfLTPjvZ
6BsQQABkgiGA/PxbPiED2HYD+tUyBGxla2LlF4u1MhQSuxxr+6MMAcUuH7D6owyOgC6Htv4oA/6W
N7X+LAM8Y9jG9gD4upEGCqAB6gsUs3yp/IZnEfCN9RAw5HJix4YyNAJMFwtuD0BlKFDZShr7hrKV
+PXGMuTGMgAKwkHjAkVBNvYFAl2+JALUHgZMAwHqCxyBhGx8FmgPASqDw8BjD0cgwDSQSND4wVHI
jXwg4MsX5WwsW76AfmMZFswHAoIF9QWxcuZjQ9kKRt1QhoCC6CKQMNC8IVBw0PwCWBrcFwwS3Bcs
CjQfgBcB6h9y5cULG8pWspY2lC3fT7OxDAmSAwQSBQXTRcPAdDFwcBkWJGsIFAQBWh+olTOMG8pW
8ik3lMHBc4lCgHkDRAPEGwoN5g2FAfOGwoJ5Ax4F8YFeOQS8oWzlJRUbysBrEJhy8FyikeC5BMQZ
TBeNAY0fGgPSVwgMBAIuW3kv94YyGFhOMSse1oYyBJg3DBIJGnsMCgUuW74RYmMZBrz2MVgsaFyw
UPAaxMLAaxALthVAGUjW4EgIAqT/4Cs5MBvKlr1XUHtoMA0EBEwDBpIroBCk7yFIKHgtYDexH1gk
eOyxKLCOwKLBOhEY0o31kIDp2jjnwMoHyT1QBtK7y2yAxgq5EvbdUAbHbCwD2sOAacBBYwWoe8xG
2YUgEdCNz0I2WYNAe6BxRi5rSlAZCrJxTAF1igLXw4IwAxIK1rtI6Mqxpg1lcND6BaYcxAcciQHZ
D4A30FxC0HDw+EERILsKlKE3jgEcCbZ5EDQCbKcxWNA6QkKRoPUBTDlo3gDTAwXziwbLEAoK0gcA
XQRofrFQkJ4E2sOAyzAgGYejNsE5WChI5wBTCdJ1QHsgm4zcBGMiYRCwvMDAawHQJCAdBsAXkOwC
fQHZQSgEC5Yh2Mo7SjeWocBjgAbNGxQKAfUFusmzQHsgG4qEIUA2FAlDguUAaA48LigwRkdhQfIH
9AVkz6EwJHitwlCguUTC0GAsioaAMCHQHsjmQeEoFEjuAYy+sS8AlALZc6AM1Gc4GgayM9BlhkFl
2E3GbxOdA8MiNvYZjkaA6gHtwUEyjoRvIi9YEE5EwiEYkF2Ar7ydekMZHOSnAGWgdQTAcdB8AH0B
jR8UiURv0h7YRsHBfhkcjQatD6A9UJ8B1QSyW0jAVIDmHA5el0g4CjT2QBlo/ABtD1r7AF2Q7Qa0
H0gmAaogHAGUgXQYHAMFjTPQHggTQjFYDHje0GC7BfhHIP0Cx4LaQyIgoLEHTDJo/AAPEQ6aXywY
i0KxMBCmBtoD2TygDLRm4BgEFjTOWDBWgUHQYAyCgIH8WiQCDvJdkIhN7CoC7IcCZSB7BMegQGMF
g4B9DRgUAlqrSMA12KQMZI+AGUdtLAPaA60tQLWD7TngDIHWG+BEgNYHAHhBzwJgCiQHSLB9Ww7k
gGgg4SCZhGMhoHUE9BmEBQCzAMYCgHCA1iUwcaB1iYWBxg9oD2Q/YAgYCJcglwcGVAbGp0gkCguu
hwHbLSQWjBlQEDBmQIH9HjgWAcIHQJ9Bug7wQsHjgoKCbQAKCsYMWBRITwLtgXQiDIkF6xIUFIwZ
UHAwZkAhwDYPhUSBxgq1nKW9sX/guBTQF1DsBoAgINuDRKFAsUOgDBTXg2OxoPkF2gPFbmCA6dmE
BljnAG48SDYAKADqCxoCnjc0eL0BqB20jmAr2/cbyjAQsC1DQ8DyjIaC/WnAYwCNMwYCGitA+sBY
AA0FrV/kJngICUBvcF8QYNsIwGJwPRR4DaLR4BgABCxXQJ9B+A+AQ2C9hkZv0mc0yAdDAD4EaKyw
aBCehENhIL8M4Ay8FtDgGBSgSsD2EgMF62cMDMwHBo4ErS0AxoLmDYMG2x4MBmR/kRgsODYMAWMf
gF8sCBdDkWBsi8GCYhlAGThGCwVjH6A9OEhHwMFYAAm4GiB+sZtgQiwMLGtYBCgGD2gmEF1AJYLi
V4BqAmFHFAQK8ntQEBiIBgoC1pOoZQ0DKkOD5gMFAcdjURAsyE8BvHiQDAEIBKTXUFCwXQXKwPEw
KAKkc4D5AMcj4AiQbKCgSJAeAspAugSw+iC/FvA+QHIFh2PAY7WS3LaxDAVa0ygAuINkHIoG4xcA
iIH4RUBBWB5oDxSXAspAeANAayC5RyFgv69fOxttYzN9G4LlVz/LGTsvv0AaQ88la2lpR7+WZSVm
YWBJv/bKeTEhejUemDBaWFAEg4KJYISwCEEYnF8AzQ8RQgEeH0oYLSLM9/ca6suvL7a107axW9m6
A0wpBE3AyCh8XoRg1///7/+9v213bpfP1UEgnFZ6Bv8RjVXhRCx/Lof5fv9cRo2ABwXdBYXB4ID7
B0EjkLuW0zkh6F30kP8Sj9v+2S8LKz39Ln0zx0sWelvX+9vv/z/6xygjJMIB5UQQMNZ88osl+O38
wlrK2+oRBJGVTDV6LhGz5dQhfV1LPf2Vdb6Sw+AUkaMkZdt9jrhkhq3QZiqRtXYYF7eg63agvfmT
0ZwCS8KWXYclqPQN3NN0pxvmP5+rvdaVZuaBF4rXIun4crQjPTwdQSBANVVUlFj19quFANvpfbff
GCAp/BL5ecJleSzS69hvu906RQ4vpcAqExXjFS51uj5NTHfL+Nar3nLj8QcIb6WPFs/9KoQmkWro
calJ9O0bTtxxl6ALg4l2LUEtzfYFsglBIsFs9w8snaXLFmN0LSqIurogXZTek1Nvq9CcfuKlMLSY
9FBLcdRVSvcLViS+WnOtWV39l0+G+F6Z/CxNzt062zxcGBsOI9SIzkmslzSwm3BPHVMrDQmDhCUU
kIxUnqFcOmnvfJzQIxBN5lNxz1z9jEL9uc78R3fqrXvOiE8yR+1pxfi6TF6+WVJU8ONrR1qzs1iH
x9PEN3qCdPosPlbioe7Kw7ka71k/v9E2Ib8Zqq1/sNZqLFMNYiforuPtxXuQTg9O46N1kgr/AlnV
6+rBCm6aV1O7tbRKFUNgke0e7Mf0WxJFOOIT6mt9WnIYCy6aDDzye56WAFOWHyycGrUtIDWegdVb
QJnncvYKFbeTfvKnV0tKyXZQGWLgxVFMzLnw+LgCp89ZK/uPJifdOJ9KqN4m2Cv8Wtndq0yc6h6r
f2UaNb5nP5lJHCbroR3V1Kgw5wHvIZ3LitoMaTztl17LPJTw/rz39KNGtBmn5rnB5Jb2h3iK2c1w
jyMnvRgjj39xv7fkMlYQK4DIfhuYfpYVZTLVJa7dYm/l70V7ZY9FF5Vyec3IwYC0PSbVdEOPHC99
cI0yN48q2VMmUJpBzNJg+632Q6gEzeERVWsWZYfAOp/nSH+hV/eFQsppbTha7B2FPE6k5MuK4zN0
JnQaBV9QDwmYYZIUVFE3v12PUkvcU3svsJ3DORszEXnmPBXKs7PLLJFNfo4zjsdzn6A27smHZoZV
9eJ2whX+9kIviKDmDfcrp5quhHi81l+8HvDWN43cw6ZxxvNpfcTt8q+kjE+vylu8wGJvwPb1Z32I
7P/y2WVy6IFClbR05Q/2pH49KvcsKKPYDcO7Ha9SHfMQYU8Y5mivCGTETZ6gEG7lPcR38jLRlXf7
LsD2Vw+cFL0X+Wlfa6YlpogWB8V3p+LZGcq5O7Uuj+eyLEqIeUxmniaUtPEVpZXq8n7KOA6NJCpS
PTtb5PBEP8OTMSsNHbLnrpqPuHtxivCYXk1dKP8tQd/uaylsLDUaRCQ6I6YFmm1hH333ilR+qxum
2Cv3lvJ8Jb3YKdqRHNu2npkZyQdN+drih5lHQq6jUm3f+Hy6RP7uSwpplJaJduO4Z/MpnupP5eev
MPTz5R+LR5+4GZUjlUJ8/mHygeqOh0ysdiPtc+daCmS4r6eznaXPQsvMs96UHjgsOYLnfFsPqYI4
tt/BpqG7w+6LzUP/c2M+5McVvAhu3HjNcY//vgmbJu2N07eVpu0aonEaMpkMOzqDWV+eyfZtRyYr
T+cqPYe3oxeUM1vw04n0ZiIfU8UpmtbQKJZ8G+p50zJxZfz4B26RhO7C0m821NrH5Hs5XsnmqE8k
m8wFeib3qVKfmmdk6Fgyok7oKib7TG4rntqjqfdxoZNJ57KdNQlD4K1YipP2974eekft9+B83FTU
TdoqQ62X7K4VC/5594/WXHmZIfokYWHM9kdBIJbqpN4eZSe2ibyg0/8fc+8BjnX7/o+XMrIVMqMi
lHHvYZW99yZ77z0iSmYZSZGIki2y90wiWWVmVnZkJUqi/y03De778Xu+39/z+3+Oz3Ho4Xq/z+u8
rvN6nft9Cb+3ZxO2dns9wVZ3L7XAQoOegUn4pblu7R1mmXNBMQufm3JDjUgN2n+4TyAayCdwJw6L
R4VQmg4JI8O/R4uwP570rbDF4VMlmoLdrft0oUTp0y3bEZkVngNp5PQJp2PhulSQ9ULhsCet0R/v
u5OfIDlp2wg9b/1OnnXtA8MRgeCJ+DaWH/kZLh+gYoKrlidYSyDlb/TlcD+9ane21DOeERDvq8x+
/Xjty+eMVuIzxWyN71ecqU5fOpXKctKHJIybnYEtYj6jvavqc1DqmImA0TVDg8p5linwg1CjH58B
Sy0R6s2Xn85SRzFdCrOZ5D8xhhQod/vMHkrB6pMTbNz39lBEKxM+v0eDW8CPK4eUne2jd9WrbXee
oUxx2K8PyO5SHltNKv+kPbzlnxLWAYirJs8NKwlZVRQXI88GazBWXcen1bmHcFj+8bRlln2C9dJJ
Fh7axCjfhFwH8Kti0hf2oBhF0CXGqHGCGXO3j1mZ5G78SpYZSTk4053KLzokzZ4ct8JjiJQsgNzp
tbnFG6tAd9ix/ax/MOQV4Q+bH2fXj0UNS9J8cR7zrJ6kniiWJ+M9U/5CQ+sTvuNrrgu7y/O2uwJR
rsyv77rtZhe6H3Zb4wacBmDkgfPLlKVWkSEPD3scuFXBwE+r0Hkmbx0n9HBGFmvHScs0nzVu9shv
UYtd6vkRp0wfiYL7130VKi5yauiLsUQFf3f2iLc3q9GnybMyl/5qXhCbosRtHBeCGKo+A7ueQn2m
YCPFsWC85Yry9ZAvz85PieibZ8LPBd5dFa8sO9UZPRxhaWLsWHTfVves4dTN16C27NL+loSQ4xo/
WtqemD0wH2gndUtiyo/TtpQdHhDI4e1VfeK1+oQjOn7hpsKDNr3r5werPObP9lLqammMwBc/rDSX
37f/AecXbKv4FmLtH676cfyDqlV200BQ39Ljkeb+654cwz1jidP9x9stKIRfNRfeePAmflD6cf7F
mBcvEfLfUtifcOX3uTFaXOyohkCzLU9zVzxypte+Tf7p6qTg0weaXplO9/pcFPRavi6/sFhvMB78
XH/4gZOY0u3GxQR81r5SDttkqS9ZncVXHB4b+fC0PTZVKdR15pu3o3enM0oPjdJMkEz5LBkqs0Jj
YqHnjE9Ll8b1g3ueslv4Pg97z8vxO5fDQ4jH8k6Bbwyrn/Qj5rfYYD40Uzh7V1dF43HCcHAIN3Ha
EZBig3Qo9/Loc4/LuUB6mOvktWAgKImoOpVI8M1bIN8A5bh2pR4nXW/xEwHeJ/Gp/rfVhVefv4lY
xD1RaNIcMqpxMOtLkcQlCTUJJgP7G6vLs3IP6Lwdu7tminSCieA58xedf3j7jOHjvQTJGzlyFnCS
0Ru884vBDQY4XPC6ot4atxYXvsBcmxREEwy6X18YqWRVd/QQUwKN/v2w+tqnilcuDmc1PznHAU/I
LJRQQrIBX+pKRQa03HjnK58zqEWRdeUuVfsGFww+k0a1cjLYF0UjQ85Sv/MhMFAwmPaKuii+SCij
Jisec+AjzevjwHibyNz62iC2hgSq10+fjTdyBPuyN0u1iIJUVJ75rX0Nneg7OuJxWXz0hOrblAHx
Nz7PRqWEGiRsBspEXW9wZXuYuFgFnyIRErcM6fnRAxV5XHu92UltNeRrwJrnTL/8xg/qXB5Gyk/c
AlKmNt3DHUXn28qWP6Xog9XicklucvK96BA6Od9hzCV3ItfzID7QaxGnwTuZt/xzvFpIuSWZzZmC
0f4PIykppzNkc7PKC9p64DGR020rd1RKWhtlegejltjMOi+Uuo1QmjeyhIXKdkYwHvsckevO8ppX
iS/n5RPOnvUU8iMJB2gIjFmj34j2s5BRGVoIjpMCIfKF3IOZydqmIVO5SRcJTNLl87KHTjc3Cdng
4NF6Svb5EWd/Wc++dirEKktYdS7OY/LbmMdRI2ZZR1hZZIt0UoGBEN5EX3mGSoTvouCLQOrF9wep
D9Omj4pF02Wo0oFe1Io0MJkYVDW6aZwfH56kCPYFPO8DS0X6D8tfw6WNMV97JCeE1/DFcl0yJu/0
IdfKF0aszvRO0ocFaDYlUUThqIIxGwtencd1jnOuJ2ykD7cWNCVcIw794toY3kVjmiaKN+1xS+xe
SyhhIHFLAVSVzcTgfoT3oOr4TLGr3JfUjJwHgytkgcRdHG1mTrISQexjjDAHg76CUzRsZjp6QeqM
Jx18ufW0yyKljrpl4nu/ITcWmDLg6y2YXa2J7VdjO4AX63HdVJC4Lvz6QzKF0PUVOt43bDC5UH5e
9jp5YsiH4Nua0zkEho2ir1Ai01vBdN330KmVNOsBI7HKYg6n0ucuH2kOyVXWR2qanSWSIb7sYWQT
9vo6DcIjWNNLRWP2tOlpPuCrZOR8Ub2LRfCjCC6yzwZ9jYyvvz1RWT5HeYI59G7MpxoGQr43foI2
wY4SLleBsAX6zhHH675n9IyUzsqdcMvdnPJo+NQ7ISMRbf6zwFf10rIDmmeP5UsEnOBcqz+gzaQd
0osP5RWmEDGMneWbvj7+2S3Vr4HmW+7JBsbXT31CL/mkZVApHePJa5GMy9yUfBLgXDDpiVNuN7Qp
oItHZVRo8St6cXqoBu6JimmnerZ7nF+E1di+nBv+QZzKdfyZPR7TGq4KQI/PtrL0KFdY8VMP30vV
izlHaDS/kDxfdVW7olPx/GXJ3APpszRA8sYQzvBk5ad4zq8qR5oDToNyh48zyvSWWs316z9aOOAY
u9Qbr03ryTdmQOqpeN88D3FLKXauj83uSndr4Kf38SLX2ITwylF7fb3F9oUO15SQ44kGcRODGiat
ixs0EDeThzLO8pxnZSpiFORu9pYMvXVdymK84v2diIVGtbTkM9X6OtO00wGJ3cpt2+kDwmDQX/fg
AHept60rgf5P1fkTt9/UueamOu/aVuf3Hkb5cmuWyhTaCozEERM6saTRm5b5uoJ7L+qoPZ0vVZyz
fJiD07+pzkVR6nz6KKlQshbdS8tigkOtbCSVpcbj3n4RFgFXiq+ML16XtmeRXd9U540num0ZT7gQ
u9zKeTRG5jjCJbSL4193G/2mz4G/fxVoh2P4fjjOVte93Q+j9J7UGExLvddUThON+y36zD0XNv0B
zvgxtRf5Sj3RDFKBX4Gr4wIaxatvAN4WB/H8uOLXXOfKvkmPsqQAa9YeZ4nXeN9XeS/BsThAldTn
cUv2LlFsW/nM8ifPWFkLn4KxEJWky/V8Kt++lv/wldOXsPRP2Th17psx7hSrHUvBopP048td92Qt
w9svR8oel9FWS9L/8GG6earb6nNv+sDAaPiPY3M291omQ4K9rK85iQc8vis/5vvV1f3LtLtnkrZn
dqjTKQvrqePl1j0p0UM1G8tCeBXq4WdGXTxHUHLu5RnfYgZ/XfXZyLD99gcPGN9Bham2PteMs+Vk
p9Kl79VOPLHz+LB8/8mZAhPQvQNsIgctHpCpRDzknfA7oapDNCsZQ2zKUyjBe8mX9I6ORJjGGLyY
A6x9jpD+OV6HlNPtcKXeEoqe2HzWcykL93Uuu9FzwQG+reGF+HO94nxRSrlXX0341vfDfN8Xen1j
uSbZ2/OUWr7rjaxeU8OHV2c+n5D/TGpwCf+Igk8gcc+Kotqhmf4FbwVlvj5VQYLTVBwkxHcNhgTB
ugTnZF4SJEdy5iwQz1ApP5J1IQ5UZXXpu6fSXXCyPHPRV/TASFKyav9UZkb6lNOT3GBp1tx+Olfu
1SiP4COCnj2NKjrHtc4VLzDz9l3ypTl02d++Q13NWBEUZwy1w+N6SXPASMoiIH9ZUV4qLFJdmkZh
pphHrYVSUNiusP+sW+o4p4x1JR7eHEE/wd1lgPwlVgZYD+OPo57cKa60wYfOikL0nykLQu5flVDu
fXEo4SG/l3uW6jD4bc+NGuvx2nLClYR6nLqADljfsW9PjkXlPotiL/z+lHYGCBpP6bQ+QPQtuccl
Z1C9mRvJfTzy9o3BLxSJFi20H6sUC9qfmJO/KrReGTOardY80/zZzBHnwSsdNYK+juwmxpgxOlq6
43yfzuq6zDCVfLfCBxV2PbqY0JfoNHaXlqgsPenoVZl7mTIDbnJpno/s/fH1E9NHZBvJKoNNOPnS
Dgy/FxU0S+9JCzN7AqKXT3il/dU3wsPMhvnq9aNdi2GkIirGjxfIPjPikA88uls+xCw+HP3Q6uZp
6TTRng2DIRyzXtfQUnWC7uc+dlZzyeyWDtGWpV9maq0HEIpHvQ/2FAxFd8GDTyUGwUMLKMxenPB7
Qk9i/wr8xJT2rOfDwb4btTIUYxOhg5evHvbQjXnDfAYQtMiTSlWe2nKhv7KQ763vc8gNOi3yLLsN
8+e+8FMFDjOr617EPg817V6wjyrV1z98co/g2sdvIZFPz4skvci/fu6ZHpuHZzXonqugfJTPYnVv
flWlGfX0DaogK+dhf/qrZw1XoBH0j5ElLZQrBvOGcK+z709cSI92KpqpO1/78c1tc1Ut1REX5Qsr
zfiM/EvGRHSzzS2GvQbriewPypqLVSIJPelSrosdKg55dvGyo4f4l4snB9deQBefMl2XJ7bOJVgO
eGJH6WnkZaX/Kvw4wvDGi7Kklx+Rvb0ny+6zyKkIdso9MpPl9t5A4CmceJCPuFdCe/OB0CqPR1bs
O4vYtop0btTRmjoSrtL2aIFhiDzc6UdmQXv7/HWR7txKEvipvC8/LlkYOvjpm6uuOJA/9GGHVfNV
rLb18LXIHzQzLT9wnsM+NNQ0d8DC4vxnMoQFgRKHXUM2u9C0s0SifI7zfX3e3O9KsovJDpCDgNvZ
o8doKzscDB63WRxrPvP461DcQHvj1LpSXqhw471P1R/GYk1jK7IUFI4Txk2xhr2+fCwOf4Mx5b4U
e2xu3uWr/Je6/NLtfb2oKO4f+YEbW9bF+VIC9Lpi/MNGO9mVGm9abz4d+3oH8XtrBa9o+0Jv1d/n
r0NG+uG8/XFgjJnOZg8M3+7cBYIRwD0vKtsGcdC+QByb2vrphXbNbastlBfaplkaZzHgWQ+nNUmW
lIe/dDo0Q7ilthAq0ztqSza1i8j12C+1FXUbT28w71O1UMxPtZXyh9paKSYl48VDeaFKKC90iUt4
N8s7nw/6XW2B91DU4H0p6mz1pyhHlLJy6Zwejxw4W/PoUa6zYAFE0YxHZKiaVqtsWuehw4LSwVJX
D17I4D2jP4wfEWkqJh/Xc6exUNIg741u5SRZRD0Hy0bnWzHGdQT9sw5xjq83tcS1IhufSZE+y6q4
eSbJsMXgMmwR7qdEu3qPo+XJt/MWHUHsJLmv3oqS8EweFkjEd4yWDQTwJNk1UTZ8BpstAh7UVoZX
+00ufXk9zv8NOj2xUtp0pa71zKLHffxB6/FX7C5+RM9k8Ddi5Xn0a60H66jOQgalst/pxBSHSN+Y
07kyRJB23OIq64dXncZaLTRJ3cPk+ledc9ssiog1e3HPsslIPWOsESHSPjl1dJDwqS3kTnnmZ/GO
KeW4/mqPDU6DV65DJJmKXENW8HECZe3amlKH7ugXV6lJ48OOnDJd1IqVdQstt/ZxEtRw6HwYqydn
KEA4L2PklwpURpJXHrV9zkj9pX5qhNrGr86Pkpnq+yJJ1XDF5/OD5kkQM9r740kIOS0Hq5Xm9iR+
hYSz+JztwqWkd792+pFp8hLa43mdDxmKtpf0KrhFvV4r8ZwrJY+UWifIy9XGITtCJhleqW11eijz
zOuQBaP5jUOuAnV+1631ijze4U4VtR8jKS29f/BsYshpP7uB516UT4h47nlmS8/6OVJ2r54MOuRj
KPQyUCi//2XKtI3bOULZRDEdlWukj2L5qcsGNCYPwV5Implrs+K4p500RXKaHO8+Le6Son+94c0U
kcVH69f5BTwPSX7Q2ooQTvfMKmbY3R9mbeaw6DP2ABda9Ihef4lTSF31neFlT9GY1JC6PKnwqzmB
22vG68xH1LNyG1SGrS2In1gePXjcMyk68PjhKYbj7j5lrdI3onLIhk4/KNVjl8ZT7de43v7hfBbg
vP8d6W4PIZevyklFl8va3aQiEkuVC4MVRO4NiN3LlD3epkh9c6pGCH/ewPfg0h3C9YxFiVkj+Nx7
R6SRz3SL/4e3KkJf3O0DolxVXmt1CRFQfRc4OacUv35E72mj+2GXxYy39GruH74nUBHyBPd5ekse
GKB1GuTjP/ZI7ytnRCZP2fP31y2CWlcLZF9A8oPfV7InszWdYy/Vfdr4lI38nF269cO8hZXv7jyk
PDfIfyQw2nYohiUGthFVR0S5DDysH3hrN+mDUDssJ6iUcopVkrxJ4ENqn+tLB8+ER0yKvWZN7G1s
luxdnPKjnzN4hWJzEUnSLqUXiEt056uzyrIqPcaCxejp6gEpi6OL5iTX5I+y3lOxkdR3qrWh15eV
vFeuxicm3+ed9hnv6/WEDn/iuvj5hvLHnwPppE+LIL5N5F35FFoOvNHjcZdO7lhJXs7HqrusSLnR
MoVuAQIlisqTbe9rKDzDnWadnRWY/HACUlvdL0jz8VZedDWoN0BRrbmWuCSX0mDjlY7Tq2wQ9D5E
583oySlx9ajGxbLjOPTuoaUD91+7BskeTcdpFVqI/rxmX6B3GLEbnMA7NjUA8SsmCN4dFPxZ9fMv
ooICv7sRSz+etqxs4zFzwLWLimXNhbaMHXGU1C3Xsz4L45PZEsUZFFq8czNMLEvzrSa0UCh6l3Jd
NeOcK23Qiw5f+rqXDynwz7JRMVSQ1CFvxlhu4nHr6LGwQQf2pU08TjsxURxOxitevqBxfQnf6TCX
yG6WIXuEBf+4KnGH430FBrPVbe0HYOQbT/Qdl4rLZ89qz+cTUsYPpGbkPXQ9RkWraELP9RpGJOUi
6Xkv7+7b6tOsfHmdRg1W/QDbpTL4sLN7Od7Nr+/uaZQcLwIjFAyfMDC1yLTFv6GPBNAL05R43RE7
eYRZDlQgNdHCcPrDs1XLL7gBTxjfZgbYnbPyuJU0TfyDOe9uQET7/Z5kMo7qzqv+z4g/9V8iuPlJ
oU1qrtJdu08+50vN5wZaqc7Ebj47yG2SzrlzUuZ0LbGy8gl1CjYkaVmGkVbcdB4HbncXjoitPdaZ
J+RKlRV+t5royBMsRX7YYpZ4HZfGdwSak+6fQtl5o9tBhKrF4ql0qVYunvoNuPMLVtsuZUkSc5ew
fm7NvMiLOUzLjOeZr8+b0gcwLebMUl1+3m0mNWNO95UlxMiLbDJHv0HoDsNM9PqL04Yj8zGl1+if
HF84085G81JXRJ+CCE+4DtB/k1Xye9LzoyxHrncMzZSfWjAiYY17rZbyoJY17tSHHA1ZS1xVkGLW
64bqGfM8KreSMk5b7la14ChxUgA5uL5Eii2CKOaIVm6rlI/b4uHP154GLQG7iFOkNS2qVGuj8nIb
Ke6c9YXnZkWYiw8bKM1cs7WtVWa+3ctOlsUh2kfocobAyeZm43FtwjGOxxw5V6NTTKSBxAWZ9SSv
Uvlqg2VMcqjjlR8ret9qpmeiS3ovWbmi8oA4T5/lzZ3yYl9VGrynr2PeGY4SXKvAC28dc2hfexcz
p3NqvvQKbkD6Xaq0sGE5gK/xc6qApo0URvg5JbpbiHD3/GtRTfRmRPVhla8S5u8+PGnBNCMmLGLd
g9/pJ+fe+Kgvv7yCBBCmQ1P3OO3Bh89445ms58qfLmQNnFN69VJX+eNsFZOXImFX32BOAF8u46Ky
xV0rpWcHnmgIF3SoacfeAh4Aqs1l02QW2lmsBAUOFL0G88ZV0ia+erz4AREkFLTRMe3dKWIzPzB8
5XRNwYt5sguCuS82Dr5opF59dlCy9xQ+PvMDrbGlQxE1mmM5+MxXCl6cJ7uwYXrrCtPV72klrSxm
6239Jp9Gm3vvHtd4d95OZWjjo0mxzWply8SboahB4080a4up7x+8IaQponrV9tBIiJVr4fqRb+1r
ZlffUdyuKYisTQcdsq0uVbCvememmThyo7VsAspLVsheTxgXziEAxr1Tq8s5u0Tdr26dohWm3kpZ
L9QbGNyuRCQ4Xh6vidBmAXs/Hku1i+IYlBm+o5msWcvaJWz5dcHtO1iWQ/65fKMA/Zjbt5bFJf3o
xNDwPZBgO4aCBCN/3bi5O5u+dUnn//9t0bnfbFEnKi7R3RzvXKHyO/bBALs5/nlbyj9yXKVueXsE
Rr4+p//a8HYVCPaG89BwZkbrR6VjZyugJnU+cqc+wtiNZUI5wc0TX2cHInGNnzGMpdMQGs4sz6TN
qetovCISnrp3k/523YwesaGe58mYm7FefsPsU42np8imF8W+P2ISBfCHtz581cxvTFv3/N6aiLiG
noXlUxKpgzlpooydfgavQtYArZX9pgQi30iTHp6/YajtofC+7zN8fqhr7fVjW0b7eaZF0hEDBIPW
cN6r9MNWP7KN7uE5y52Z16sjKw0EU6bHTCjXGseoFtxnW46vaDvGZZ7OPB3gfZqH7rAS5a2SL8nH
DcovGFhm5nImXiRqFTzIkxjB0Y5IrZV+YZLQPPNpvICtp/bqutP166PnHY25j0WvyaRCXKpnLpwl
asDt81dyYFgZCavByzJNkJ4FcxFN1amxQlN9MqiOO0/x1nzRdVL/RjLCHZFNufStT7ykQaHcsMDx
8jefT+sc9yoZH4SlkXnOXO4+aTOpNGk41ku92vrzZI4dGHMO+b5yINn+1tChCDZ8A59imxqGq9+7
T105f2A1SGzj0oFPOeEikE4rM/mrIXfOyRZekdJJJMqmP2nJ0hx/o6YwwCE/zuNY/roTK96DNPbC
PtIbWXWTPT4PilMOT3/rz5ur9Ozuo/5WnVO8zkjMhWNsqtEXHJ3X7zvLLpBdwhfNDH5V+AOccSN6
IymV+ozypD/HoEarnL322S6vIaPGWfEZQTFvb2Y5G/lMaW1uC8sUW+3OoJvn5QwDr55SmklZVLt+
B6dO9LHHYKHlFfFcPYCtZXDHQxXlDELuF0cWj8Wrq2XkpHSEuDo8HolDDLJ6XWx0sOTLWbaKNR4S
MLfmM+///PXM9S79+Sjvw8/fEoqFZJKG6C6p4zniOci3d0F5FvVWqHuHhGqgr4ikzztT+PEatbKm
Kkdp0tx1t6yEHmot/14jk6Z3q8z7gk9IE5epF+lX98kQBxr8Rkis8wVK0R/dR4wp8R09+K1e4wOU
LovxSOvk5Wg5aXHNrlw5jes6zJ/2RtfglEZ6j3gQU7jV0StxxYVzgAiOykx2zVU6Yv67hUsqNyYn
22VTUudVUy6Vwa/JV9T5qy5+ipwgWbfzMol9vfj0vgp1/stOzwHk0zMSd4xje5ipXtjmtUva+3Kf
jzI41+AMawZeVTFUEn16tLWVPqCNn1Yh82LF5+NdDMTWDUeP6hMNuugms6lasBNrJRVHhAuUzXAT
0marvbKUTjSkdPHr8lfnf1pLER9SD73p5PuBIkpnPdJZNGwY5eENXM0B6FeoKTkOd/Xd96k54LIx
Kr4bIXauSULCwHve3buDEIh/g4kzTqrkObyex8hAxY+2MHH5d0xkH1QonOUfiSMGKbOk6ZiWBbgS
/cRE+H0OEkiHxsGhPMp8yG2taeF1f29yy+hAp1iuOslmqUM8c5qX3p6SLaw7P1DVsb6NiU7lzw+2
ujKecCFwid4MKzud4RLbg2PEHpj4+33D2xz/vBb4n+1Bjbeb9qDPF33H2quuuFatkd9lvGR0Ss7l
G2mNGNLc4H9Faet4SzIq+aPnlfU5Sem8Y/OmMvdFi0VPzFevzVUsacSwcMhOUeVU0q57VFyNZ0y5
wFNA33qmmYUnOqK9zlVbdonF73nlwxCKpNlgt1SHNWD1Uzl9iQw40WIdvUeFeCfusKTZ7VNBy26U
4bKGvjUhnE13cbPiXpMteK73WhSdWIcReiUNNV3J5zsX+dzow6yPsjwN6+DXKkMd/M/OzgXfjjx5
TiFIyErsrHzu6wm7cjmuS18pr/iMy9v7+9pETozpwWTyOZ91+ghdOahtmKWehZdUdKgK15x3Zvjq
48MftYaOlLuns+Q8NJSIuEH/lHN4KEmOjf5Wpc84STYNd+J6VG0j44bjRXOKiZx4yNeGafFa9bhA
9SLxuXvHFq5S2NBcmdI2yBRVsYxu6ZR6XWF+OO12+CsCPSCr7e1apqgs3DfhF6fntdPf6D1cyrpD
KfDYGsLpf2PYMTuLM4CCFRFGtgCJkNMJEWc/vjASFc0gp9riW/iQT4KPnzx6Rl1UZopf5EtR58Ve
A52n4zDhjUCbu3SnWe/zGjumzMJ6gOMsQpyzfm+Z5LpbPh5Of5L4/d06yTkePtNjX5MfmjZIDb/n
nr9zVDDGQoa9WEiVnOekzgPJ1wCtQ/0W5f1ShYQpb27nNd556DWl0yRrmXSPZCLrcI/RVcEHeKJh
GfX0AjmcuDUSJtJvGBLvDHA9ymT4GHC26MMsg4mun7A4RdcYzanT1Ur5boIfoi2W/G+czGkp8DQt
e42frNgMy4+ee/PAavRaiS/kJhG/KQ8FwQc/CgPxJkaTEsl305+JvQrlIYUGkzLXYzo5xm64aj9g
tqko7m4QUAZFrIe+xP9wloWUcbws+cGT4OKzuqMHVTVE6oEPp8IUuJGDBL56Gk4v6BxHcTw0XiV0
VVMFKpM8yNlg+C6IPOxMWgIkFj70uPtV/+TCyR+Fy76KYiqAH0Z4xfEj7z866L2TUFiOm2zTJRjp
XOnibwgNihYKIRgK5CheOnAgh1X38MvXea4rlBOTQq/0HigpeCR1kxra0b0PHds4iWt0q+apPOTG
wTsteTH1NI24Ecc0R89kSPbXHQoQs+ASUXSwT24+RuZVwhJ1jDDVSeieRVR7oOoUZ69ccylR5oeA
60dvsLoCOsqEBqW9FU/ipUm996Re8VQx9GWKEVoWE5sizjiceJIiiMAWwkI1OlZefyPlM3H2xx9F
LypjztzWsrilFcn6QaaoySWStcDmktsFnMcnr8DzFiJUXcYQCo6rRgdHfd1NDSZHebuOO0v7tq0A
hi7WVKzZHTnZWmuTs14qeRb0w99VX4+g1ujE5Vbzz2YTfpXrC3bRctE8gaMukWNLnz8Gr9WLwHim
pDaI86FSHVpfQi4Or8i51XK2vmtOW1xLfi1uRMQXPoBv12nzIJznYfTwA2bZM1aBsnAThuscl0+L
+Zpp4ry5s3Dwic9Hh5MSN5dNvbUA1tC7oR1NuCuK83m5iY8Q8jiaSkJrD9J7WKWiBhq/VTMb9k7y
BnAlFy+sfqlYfvgsrz4DkKPuHjwzCG+sLZ0cce3gdyCuZTRHeFmeBFtOZHzInncQPd0S2GQUQ/Gd
1ucJ4lPsmYOBM5bHrr2rvBGwSKoEiF8apQu8/GriYNEhfKlOBS+NtEMHrx8VczF6a6zAe7hIkU9D
q1KbnvRRMLxjOakOIP/VRVToxhJDyMB619jCoQJSdtX+K2W+n1vrXtYItLG+Nz03LcnmS3rOSGPZ
sgZx4f7h59OMym/U5CykzuvX/ADoeVtfNxL58uxIAH3Z4qMFo6MAXdnbtI+iuW+YhF/rl6l10qu8
c7ilwxTEY2YuMeiFGyN/fKPJ48AZ9gs27Yb5S8zk7AgDjrmZYOYGc2CVo8ksvfHDiYBvacCvTnb4
jj42MQSLA48r1BKUol2kpNeVIyZXObUmVFh0fPU4PV+kLX0IybALVzwe8h21c4qQchJ9I+Heupy8
wjlLnKxa+8PEIR11jxfP1dHV8DP3i1qpN+QhLilnJos6pTnIlx7YuP5chDW4haK7+qxC4DXGjR/4
Ss0RfLt1zM6N8kAo5FfYG7GHkkHsS8n8HWZJFfjn4iuzMTitLPu9StKXDQdmzN1ea6n5ujs+6lCW
0MftSkuJSLnVcpGnixjBciu8Q1FPIqTr9eWOq8+9VVsOWj6k2ujbUPvGdrbqFmBu8sXy5Xaur78V
XznBufYwJHYubvtdrSL2MCQQ+zIkWtV1nOPEabx7cxAKcuBjSnPHawrrXZXhjllnElw+ldaees0c
zUku8aPa/PjYmydLkZ6pYnQG7jUzq3aXr814OLTaX4pe61awP2YTFIW/1DmgNpYqH5FC8GiV1szw
3VfJkRb+wovd5559eD/bPB4g+0A9gSpkXGlu8fuNR2A7xK043NJMjQJpsiM/rs8ftgx8vD4twV/1
zdrVreibMXSJ22loPpLeVD4yWX3uElx6qMlx/TH1MoGzLcyczYOVzIODL+P5m3TS8wZgKluVtsfj
5ZwSapIkb5ev8U2sy5R4tzfVvYid5PsuED2TMMN368Gw0jtNhbfLtuBwuRJoZo+vRD7L0/6bDG+/
cCQZHTDg4BFlK3biqaBIUp69GvL9UGDGfNREm7wRHYsqie/N5BPhTsA7fE63Gi0WLrOtXMRbKYo6
16+ua/w4xYBTMdOuKzPgW0sAxSNTy2EyUj12klWxj2vqgnxnO9/AB4a+fr5OZUoVm2Q2YVuu5JiR
IsrzGfGunNYdIt+soJJ0/LzbtRJrqArnNf/oKROOIKGpQ63F6i7P0tOcVm53MHYMX4BURMY9M7uQ
E2uXeqyzNKmPD6hoy+NJd5FhoedM25L65Ttc7+chMeqP/GIboCnDhyS7ZxLeKI74PaTulJQIyngS
l593Akpt1c951rh+pDOrKuo0hUZ8fZGdON0bNQviZCKaSEKTvi6ZfD6EOaTCz9AifKpQ2huC1/XZ
RtFL6kHZowZpgbjFSnUVncTck5lpPReWJccpWLmfHon+RHDiMaKjpakSUXV6+Kk4/MH1Srn1AuSS
zXWPD7LeNaJOKwQzS7mqtSvWZMBlI4B2cXIT/oAqsSEP3ew7Kzam9JsBNz5wEBR1HUoKYyRKNLq/
8gja5Cl81a9eyq/2fL5uupVV2kHEqrl44mfyxnSWi0x57YLhVw2f3CL4Ksjv9XJdsvZchLrMIIUD
xVMiitu+jVQjRzvEKBLPXli9nFN2rC6Ewl+imDOQnYKKgdxBoIBFLOLhjQjqQPCnk0eP6RpNR0kU
QwLZyMETGUg3XFA7e463Ku1LwpMKRMEEHRIUgxZESmYORCJ3F/ToC4xH4mNNlZKSb1M2vlx8nyZR
XAdd8e8ZZRc5E2qbGKJ4yjUsOFM4Eij0TgLy9YV4/VEcA8fTMR8fqx496kep5Y84TRwYtn5nTnT5
Vpgmrn9wxl26AH6zvDv+eaJUFwj9CL98KHC4daKvrfozp2jPh6YwhjMA8BuvShwixEvjR5WUMaMC
K9/Lsg0Szk9SeRs13/o2d6C8aSru4OeoT4dXLX18onP0L1b3jaXNsJ8P06950ZtT9/1zSeey1sba
g1V7+555+KpYTI4Cz3mbT83La/xwujlXWz4/zdIazmfPObo3fGPzevmafDi+PMorupzl3rlhojEt
Yi9TlWGro8YYV+F9XrxZr4RALgQg5xKt4oQDILKC3uojiClp/ZgrYPCmaTqcpTPbXMeu6SNVGamH
k5dMs7YV12M2AGPcUtGA9Hrt95HlpR+kN8wVXVT14d8LX3X4WA4eTyr6Fsj39hbL2093m5aYET+E
nN7QNs+H3mACjksKqWZ9duARkGzyvWKd3PySwJu8PYeGO6V6fN0+4AzX0h5ouONkAJG/Yk3IPfKe
yH+V99xVfft3uQ6j5YBHMpyWckxUHt8UWVt+z/pJduY794vs7l2dGgdbLTlMLE+Be4mKTpMqbcWa
ggW2y3UuMPyMs4+//xVrSiN9vxVnf6EhhVIAkly7C5SAyD3yniDA7rwnCLC/vKdacyTKr6qcOfeN
slGNQuTA5avViMJKn/pwjWI1qXGCa7WxizfucDyJFzijn3Bi+tbQDQUp9ij2azEJ9+bwFo5YPop4
OenxZeD5l3npi7PHCT/R5lBfsjqmohXz3aE9s4WFzlSpyZY4pDRCMsC9/eYVms+WiWaaDPY+IWz0
whoMkp8KQW/qn59MEW6yzzhmfM6mOMR+0WFpYMSowKMCUX/CsfNKQJyGlFY/7RfT8wF5ZJ2fPkyN
HC7rmQmR8KCyW+T/bOiiAv/8FW8mbqJ8KSht1PVDWuKR0y6ZoXfMX9bTJeVdavWcfKzXzcMzPV7Q
DJ/xLGqZUVv8plV1Oar78fHH42LrozzLIfDmB73LClpVF3U3yp/w3CVj4rwjTxil7u7gsX6x9yYT
XzS5D0FNxewcL4vPG6eVtyrDQdVib8rn6Dqvak+MmL1d1iCoYrJ3d57V9R8tTKypFvheg+9oPiIB
Ig9aDB7VvXnG4V3g0058eOLA6M1ier8HwZDQLwbl1bN177sf1NsEOTJpA+7YyDHhrFS8q3jjGKpV
/aw2b1GmhMylzY4mzUtTlqHBkeZYeALJwttQNZrblM+fHijUfPSDxzlDla2s+MtRFs2bQ+bwgD4V
hfs/PApuX5ZJQpRw5nVdelR0RpGvpOqkUIVxcPCFe+4iTN+OiPCnLxqcr3mIY6cg9SQniGdNQt/x
HZ3HZ6rzYofiRMzZ6VWRskRsISQpQc0Ri68f5UmqxFztuN9lAcmkTr3w5LUnJW2h8DuDG5VXF19Q
9Qs7qLRDHQlP5xJaUH0hhNBWRlEYDeCoHTyuRGlBQGFAacQfkMFw8lScvgNMZZz2jpjNq+Jg3Erx
UaGNVYmixtwS52fgq/YRBYfCYk5CLJzu0NqcLdMkPgjCnUn5djbfV4XGWDWAU/IKhH/RmBA+aRSS
KGyQHBV+7p4bofFVYHolpFHwbBhnkPEV+W+wqAj6bP5I79sP6tJFXvLo62iyRUX4RFOGkuvmClPP
s+o5VyIDBQQIvaZuRzhHDt6IjR2JuK1u4erf9govHYeLNs2T7ZEibikh7EZHfdvprGvc5OcQNwv9
uSYlzt16Gl/HDgjhlM7Di7KkWyTVeaFjUac0iMMhw2Wayht3taqo7MWFBGHyY4V3lGWKZE9YUrAF
RlAzxE53TTIiZU5/u+cEsz0nl8c4m6x8LMBLXfplmEgb53RWSNSBFX3VDmPqAO2eFyax02fzrMXY
JG6pxA81znksvCJiHRL2GjtF2BxawPiG594E6NUgGaUUwjrxvXZixLcS0tjblcmPxF1OhJgfuEsj
1prxOuPF3fXJWpJPT9yPSLu/LlKaejkx3kTBzfeE6/zSjIrWeYbeb5TiI4eeW5lmRN5RlcENoChf
veEa4UJ9x7RDxa0YJ8rSXMiyruWI3ODR0suSKvIKsHwmRaY58+iiO+b4FBl3zGY/Mr5UgtQ9shbl
4CYv973cKZdAH2765lKS13p3WPha3+J3JBM16WmFx4bNpxtmvwyptcPXBmZhssaTrFMPBgbe1+vU
aFeV4MALL1c6u11c/MKzZkGes0djwU7WFAhB/PotYg9sQ/6vFF+2LP+G5glK28WXZmPozAH1k7Li
zGtvF2XRWVOUOX+9RfmP4ksubMWXl3WC8BkP6Y49Zl895KTFJbkHy8g90Pz3Ozm3Of55GeY/chwf
LWXPIkbpP79+bvj6OECOu2h8UFP89OGjh76SmYyPAI0+Pl25iqjjmQwprLgwctXftuzx4xlbisVT
a8edze3la9pzxoc+FDCpV/ggLnXOry9bug0gU1tHvn/mTeFI8MuW6Wj25lu+fapqfeHb6rWH+vI+
yUWTdz+1VZeech1puOTG0a92XiDqc/GnkkDnwUjdKj5vowd66y6erq7fNj5Trt3vXc+pdObNmYF9
8vFeezNnPzAakjPnfAWyXnlpaTrFu9OnpHe2eGiyMa5CZ+3F8OU3V6o5FOYTrlSfu+nuVVHy7rKq
l6OAPRCv4lu0z+r1tmID7jfFH2KJ4HGjRuWD7j1JyzYyhQLe3xabgpZGdHlBX42g/SM2CZwudCWR
XKwzrakG1ToGWVaJmgrFGqDQXI4Buiy5YvPHfZIxlWdTnq90r8iRfQw5ePDB3PjR6GutqhbqDG8G
tFUjYmyVRk1VlyoCLC7l5V+su5yrl8VldbqdWmqwVeV+4o3W1+oOL4qhRVUrSdr55TE5SSJnPsLm
YRTHxDOsbOG9alxUseX+ZfFCrtZL1DS8lglFVjGIxz+q++txU9ys546KZ/Rwhb2D9n20tS9WVRK5
uvB2+ULfHcfhm2eUjkmeaT7cou6X32NFFAGafnINeG4UT0CiiFQ3ROxqILuZMx2xJGzhYT+njUze
C9diatLhTM1U+FWnQy5nF9hxYtTj4M4+kDLNL9FkkmdAVERxHccPOOBk8EzffsJL20TPaX/KW7Du
IUiuDqAxUwAgkDNQzqZaJKUZzHKovd9oQ0+oycW2KG6X3CX18fnTjhTn/oOTmt11IP26/II3nLI4
8ZPsauYHI9ji/FJjCza8clZLPhztiVA4Nif4AYejQeoZgC30mZOVNDxsXJ9M7lGV8jI7TSEnje5t
aS0czUU5p9aL+LbqK/gsWmJdF6AaLErfbM7RcwtGnMd9jX/I/hwjo4uXWqc8H/TZ3LJuu5JhHFXD
wMXCOeZ7S6zE7y/MzNXfNG6T0pmEzcqYnp24H4VjR26uTcaSdALHM/1xxapa7Ec/vLO5FcHcYckc
cecJal0N3MIeBeTXdy4If38UhT/MIHr0zcNlhh9P6RkDswg52d8wc+c2rS2EsGcffXZi0m756mGn
SJiw11WdekM31xcaOJpRjnTl95KjTtu8/mRMX4rLpBI0Yulx+IsS9VztyASn/n0yHks1UrZJWmtS
Ge0VLdjrx3J+kZYxJFrTefY+6tKSk8EPdVxK5XAOHRdZ87kqyiMpQe12oSPo3HFOAxtKvJaXebqU
QnCERjyCHGoe2cfgctu1W/VzRllQwGdH7lq+572caQsiRwby7CNk6KJd56er8Z+Gge6ewdF0oD6q
Or1QMw5w7icyXhq9YE8nLyvnH3g8v3cJVGlDAVwSOtDQIBn6lPAQ4/o703HLznwbvPvPEOIMjT2+
LB5jakmdNGJTjWRfolMF2o90N83QvItIl4AOzx/r6FHuOWU2fl6Xy8El0b4NQCmjZzJEOjkie0Fa
SCZRBSco2ZAxmIDLyuCrf9OLasIAvxK17CRZQKju0pjhzcExwEGW7zjZHWDFxpr4c022C2aVdGeY
ybOUuJrDFa/mETsWAcfeBqa5XjRRY3hk1433LrmW6AC/NEW4aQv+D//2UsbDh1P8L8IO8L9MtvxQ
5gH0vftezANs0axE6njLkjYt9cLNEbp2HWpLq8WzAw1aKkNfcZyCm8t+fB99DXgg8jBsModVw/7D
zMS6TvW374sL1VFxPs9whgf7TzNVrk40M8ErBq5YjS8qVFzKbddf/3qqpfmSf1U7GVnN0FDvlSu9
q9Af3xM5mo6vJlYdyHbTmZtunYUi9T59XXKvsd74gXvhitzp3Si+c1Px5oUxv367Rw/gfpsA5Yh+
Ki6NyqRrXW62ts476R2Q47vpH/jgkqSYnC8EUnriFqYP2fRzaS108DfjUHrbTYAuW02AQpYZSfO4
XWkBm02AE0SQQ6RS8ttNgKwk1/zNqYRF6X4qrqiNTcUVtgZ1FHjrfA5U4ur5CvharPql8nmXs1yK
u1neswtwrzbA/fUBzqrruCdtpndyYtKKB1Q0Dy0GfJaqrneDyVt8tCmI68Sn9c/mZj51XW5Q/y1F
XTi8aeJzoQ/nChAP8ja02p57UGRg+aGtYCuyTWc+xytXnYusReKJTrzbW5I6wcOMXoJHFHB6g/Tg
ELYmbctmTU8HAcuNh6+9mx8bJiKfI4mjCRhHSEo6SQ9ppnLNdPid8PGqpv8sojmR/eDd0Kf2Ho++
b9mmtvSDKzV1s/52Ob05juYBZvkG/bRSsVYACcowhfeHBur8qWSVW8UOnr+gmg06MfB4ovRGkSbw
iM8AkayHUPssvi9ZM1Hoccd05TzJNxyy3k6vWds8HDeuh8Y7g0oZWq+DWf0vhp+pqV7L05urIpM3
9BBPZbruDKtZjb/IS3FvuE3wmPmFF13n6UeF290r9PgGyxbC5CAsSmTHw/DvmkxfjHg/9fE+QsNi
adVt8Cq+2XuLC3gUgUBd0hcvaCObJK69W6K9J7pcJ1D1Q67Yjrx06EkKHBFrIwC3cOd9e7UijL1I
s+BUlKql1vPyyJZS1/KGsWT88LeO3m8lKpPPGJcZKkpTOz9nNi9UzO2vexbYSP9QUfsFD0ET1eUU
WoV0s+tawsC8Ai6eHrz1e0dZo8qLyaPU+Q0fvj7yUh9EzqH37pjao+bCppO9h7MN5AWf3oCeEnBO
ZZUr1ZIB04AysrkOKX8Ii2AYOnL9hbLqDMkd4mNKIXgZ1UZip5KNkOcKtaRCuOpP6S/WnXFkpG5Y
Zb5Y2K9iUgJ+NgnKOHky7Sb/5JU+rhRar7FzCbRfLGeZ5pulLd8p4EiugNSOpX6lm5FaN7p4rZ86
VhCk5veQhjBJ1IxsquTm2a7gl4wimWdlTt5KjBWM6bz2ZBaviPzeteefpyeMCnXwziXC03jgQfir
ga9xxc3u6xes3eBYB3l4tXygft4vFgI6iaQMrM8NSYjgqniu8TVL92x0ipsUzuLttfmykCwmNefL
MdG4nmJ2TpcvQF+qxHwssc1633SikNOdS+ZgmLG6lSTiTHVb8dzi9Hry0PPIQltehypjtcvnXUTI
zq2TD3vLwEq4PXPsWxOOr9MHrlVeFzO8RAXrFYu+HsR7LkXyUoN8WNDdlxs2OtJDAUdvN3I0Xox5
yxl9Rjc2X6LV8tbHeeVaZQqCsBs+PAe/nvjY7S9c4u5+i5I+SyKsVcRJiSNYsMXu5GNCOufUDUTC
S0F5N/uc/Cs2UWTvdTUNUhBEOhz4dVXZucBrd8V/PF4j61r2fC9EwmRrNd8l4N+YYZva+dWStypj
+pMloZlOxRWldzWRTfeNP8Qe9E36KOUAHlg5/alIiuu5xpigZQN1dTKtSuepRSpmYwe1/FOxojme
QOciy7ygTle4v5y7enFJ6QTUCR5sQ2QPsDi0YEMdp2XKW0wJGYY4K4EyZQ0QfMZNGjTglY2Ke53M
oYMkkcJLVOt1ySrST5wgxzNU5j8y8/V8XYMfi4YZ7wFOO11cv5VfgsB7oBN4X+j0pyNR8MRNALMj
QSXSzj7I2l9MuigXSouM7A4DVfvmEfVWwzKvDazec1I45E31KkH6pMyxRbQjUQW50z3MTFx43wTh
OBPlTCL8aDMvENW4mRd49623fvnyTYEY+5mFh8YPQy5TsV454MLHpbSbZ/AOz7/5TntUnIL2V3Ea
ry5zcwBGXj2jQexkQc+sxNXUPlh5E0+8U9ecayyfHUebTkqWteNkRuHGF8aX+b3aSkWv8wznIsHP
7PXur5KePn/11nqhtfKlGsFW5l69AytJTvag2LXXRqSvx3LDj4++IDOE6b4RS7x7SR10Ne3mLBPL
5yEiuqJX3FK4cGCG3qtAJjk2ivp77qWgq7Te5onn7wWSawzzLMA2JoYah83nmQemGdd5qlTyOUPp
qs4ZKh6BzM9TNhNraufMn6+dLw26ya4IfJZy9YGBrr1MAsOG9Qcg0CmEsE6JXMvjdcvNa0fer4t6
HDQ6wqd6T5Uquz7wVJS0cUBd5SEVZpN8zvG3F8ciQM8u0KuxpaoTXBTJBq4vrJjzMKwt9bl4dl3S
AWW/3xA7lnc48Xz4xOtbKYlfzZwbDgtMJ9yOvD0WOHlNi7IZdPdG3KNp6YRiDQ6pT6FJTje+zH98
RQL3fFF5AnE3QF/xQ4EmcSSJw/Dz0o7yhs+PWOor6xLuP2rxAFY9U1i9GqbGM5xe8hYAFLgl1BYS
I+ho+87X1beorrnjze2DidydZV/Xz+MFuKZWj8wdW1L8PHhkhPD9hcDlKUfXL/59yBGoiskhtTnc
epk8pmt9vE8DZsiyinOEZ5JJ6DTpkr4Ww2jm3b8GREFJvz1//iFLl7fmclkzV1jPOZYmLnqc058E
expF6Kpfsif4yC089okX4v68MiWsSmcV+WGhLjqbN22gnLPt7jvpxzdddCQTXAjfSSrUDLU9e6Ur
wq3NxcZ2fuVO/JPbHMIL+gyPrSSyA+iPtw89mzjL3ytyJMd/ZI7fvHv+xvOT3njDEg7jH7mqDnRp
NMvgDUtqnTomz2TYMN1RGxcaRfe2VPOEe7FjwafvH9tgQ+emPmvWfHqxtOQHkYy/T2uQwmESf1xx
9im58guygkNRdU5LF5wpb4imFnfHXSvn87bknlpzkAgrGHwmn1f5SOl0otQNyzXu5lDYONlwuqRF
UGaQ6py3Ju1jOclDVGWNr2azwy4eOOb1CjdpUvTsixhum2ddgde79BQaJ8HXq5IO3mWP/l50u9EF
EkMpHA16u3alo8fjffuZ18nHXNm43G/chdBXFSy9fvN8sdIMGSVu0V2cpCtf8wPno5Ldrd3nc6c+
GgH+ZSJCdldFgiD7qoqMV5dzRp3PqhmNjxl2ZpTqTI4m4xMQWvhtk6wz0nEnTh6lvBVxgOSquous
z6W33BzXC/njZT+QXWdemZ0bKCEafs1yr8P/Snl7Id36iqHQACD26I+vs1NOTlEtdzUgNTbnH3A9
aL1Ny5XAs/psRknQqJnDu/RDde2UHYRKc1qw44bek4NV9cJOSK02y/ib2ndVtN+5A2UmNGS0NZL0
PzR9a55a9vw8mV4068D2g+iL0z1Oao1raw3is9nhCvqXoiRGrIs8168NTwsMWTyuutGg9S1AvTUV
YunVq1ti6UI/awm714asXD1VFttuXugT5HH9SdM0Y8BUHASmd/uIic1nbmvleCUXythyN8EbOb0w
Z8Ep6QHJBa0DMOqXgmU0cuZNSx9MLl1QA05nhjfY0dbNpMm9epP5AZzmeT7tbdHNM5OK0PE2jbN1
XLBUO+sw/3mnWlCPBqJHoDGg3Hyw5fC7tLzBUesE6/b2XLE+i44LZe5UkUfCBE9mD1evyn5ocpZs
uyvpe9iWBe7xXB/i+PYgMYz3bU2aATlyhG5E/8GlqYe1BRvqXow4R9OrzrU0iAK4He0hp30LQpsS
w0Jwu8NydA1a4NEZHydVy2TvGr8Ma32jSIIjQ4RrpYQnlu5kwPYyFddBbupCljxF8Ccv/ibFRYbU
wFX/KFIlIdXEiG9H6kg92UMDjpQGHDnWfbLIZXmdaUTgWMRhLoVKbhJh4RTODFJ25lvKD6h+rC+f
Nwiao1PDYcqwWcFJLL44eYJHICnvo2SYQhxhU+2teq4Riwd9qSPU78XiPtAVA2aushhnJq7Iq+rW
e5mVq5/ou8aqR9w6ESKf5PDiS0qxTjHvtMLjQvLkw0QFzSawuFYyxqXhpzJxB6fTm0PXFOd6eM6v
WPIVnaVLtM18eNZ72C9NT/Eaq3SfUJ9RUk1K+RydHPUGThJtb9tCbpmG6fHPTwDBdE7L5dxqno/4
Y6WZLl1mSYKuXHiXITSjQXe28IyqzeCplceELhQVve5hQgqKwx5ztUvJIO8cGY0CqliiU6AeVbnu
6DyyS59oCHvvvLqsVa6rwFw2ist9qp1JSfTtCWhAW/jt5xea+kKWWByrhOvTPXPEJw1LepdrD5WQ
ps3yXHsxmDul2ZUgpdzTRDzChjt2tYh7YYW3S5f8aAQJKfJW0CXJ/sQl/yw85rRhdVVrpvtqrGqE
4Eeuoe+5nztSi0wjwuUZijXg9+QT7qnGyFygtJI8kHR19pB3ELvcde+MtyHfG55dHeO4qfz8KBPZ
gGYjZHXRgkSdjuKHKq5/ICmUIISs9O71Hicer5rzsiXWS0wdk5L8MSRvLLkozemfJaaVZ7M7zDDP
MTEnkt0RNeTXUnWWTVnNNM13yv+s5PZGSOz8huPah6HHJyMcBovHxQPUCc25FhlFHmZ/oolXL0sP
GhNpeBRD2UklchV/PGauyB7/EvxsMek59QVQkO8NHkOC29SpLYSTXzmfnYxc1xiyq7SefsAxmC3Q
4v6EcOKGNLA/+doN/SO1GinrKw5X3eaZ3ssuqOmWC2TbqXNai1e8+9RMU/PuZF9bKlcQq5rJkcNm
YV7WB9SgFEERU5UCq0y0vqUbDbWtlZFCfsIbopkI7tWvYyJeDmZhTQztNZ2+YciimYsRldeXIwVW
pU3ovLIVL79ueHK8RySe/xSg9OM3GmL3yQ62gfPRr0DpQZ8PNwbDC/KbThCEfvlcxBKUTNTollFV
NgmnduA9cT+98XjUysuIqjoIL8djr8nhkR81QSeaefZA3p3qbDDgl68K3SNlBv0f9/T/Xy5Itx7Z
DCs3DPe8F2q8cHz1rPTGARddLpU9PmMA2sMahO7Oi4Kg+2zqH3AahRF7f9F42Hkvla/gtXY1n71l
bJVLyRDEMW3W5dsFmYjWMFErqZfhTAM8PBc6bsSzD9yDOTU4sYwcwEccXqT9JkXovVHvpb6sp6tg
aOrFsdCY5Tm6wUnbZg5gCFqzEKQ7cyhGfuIy+M05T5t7dctxX/1CBb8okxEtRqstDF17OPmZmfbL
pIgmZdU7UADHuhx+kwMsSKx7jVqPU3CZ+3jVA6+nsJGVH8fmPBJk08A31+SREMKhD1/EKUm/lpeX
8/t9KfWDp78iYCu6Zv8uUysaRPTj+YzxxOejJMTfPiywV/6Q8kJIN4xeJ7P/bFOY1pR7/gSTL5tE
st0rG5PAjwsudSESKgjG0NtPDS5IIqMOGOQ1cNNHUB/+7rC0mKbRexdO9JXq7uxj5Y+vDEg9Re55
VmhezPNziZDtEFRb8QtyFWfXsR49iuAZ0oY/hiKc1JhK8ylyxFUsVG6J4OYbnU4cDDl281hv5eEP
CJYUxoAiuEtqXjiO1hy/m0j7U+nn9j00B8sZnuCe9n0BKqS+b5etwNklbucvUspa9D3AnbZnTTEZ
R/VeX/fHyEMbcThtJ3tpRvKdUqaaSJ3eHxYiZMoTyiMDjOQm+fuUBHxdsA94RSh0XFC6pJuS4Egl
OSU/52tbCjXJbADDtJ+wKF+WP2fiqWqjgDvBWcCO2eBsvWjNotd2eZyJSki6mcI2gad+FyOD1lJA
jU4S39Xrxu5QSI8efV//UMwwf1kK/zk9J3BpzEhV9/nq4nd3vLO3Vp4Y55cNvqikSFEYNL7Wp11w
D8YSevGYHK60qqqJ7lESMnPrFpM8okSmb5CvZUIzNmMSds6W7PUXJERF7rnixtbyfG4GUVG8lYiJ
mBFgMgwOrRy/SDERncxooWXJqBa9xEwylW11j1I/Ys6NS6bOP0WxpOXS8zhFNcn0F/nMq9rEolLj
FOyN5V18p1jjlxP6v8mo0RhaMpk+AepZKwTQJfLnqxeeSqK+wJ3CzuX8xjddSi7uQkxJj88D0UB1
3o+RAuNlnMvUK3Xv7+fDNPXvJGrrnJNK6nK9f/tJ0y24UTg9pytXNyGlHVNInXsg/sePzUmhnkfo
QnUP+6dQrh2vLBJ7fMTMOC62IlLjOSEHQuR12fJGGVvTuhFH/kDqSlygan1UHytFoBu8e/zWscDz
Xvfv5GoQliZGC+vxvEl/V+uoABW4KNOLvFh15Qs9VXSWTe7LuWxNWJ9nTZEF0/j9etnHCmGf6EHi
tNztYZ7AYaUh5HPVPpit3oHEStjE7TKmg4rDAgJ6PN23hRYfkYq9cr3wZvKqXymp17Jj9vwxB8cl
KON9fYDZy49RTLfyf3y98SphNJhJzqzJgPiZYeznNZErR/VrqmlazG9P8n5stKS5T6r7/d7X294Q
6fXHnTCeVSU9UrG3Jxj1iO7c4ILa1wzx5vc4ZgWdK259dZqMpJ2ed9rb+D3XyWxbwGcJHnnV1Vuy
pV6vOg5JuTz2xS+RibI2vkU/1EnokRtR1Nh1jSbD/E3LC9NX1ToqOc2uPQt1Y/dMLtweNpA87cZL
elsvUlBj1XzJJEHeTGLhSKVK5FrOpDeA10MtucDgNXSeqsNh2YRKgfDL5ykKT9zljGv+nW1SjC81
A5roLtkkR7cIJFLnW7+6JNdRy6fUzRrmOsnK9+jkNe3W6iWJTmrQ2+P5sNJb5Xk3qcgXhWdGNmTN
M1LK0v3UcOyBhTPS7HSBlcoWbziSYOccQ3woBb60flP8yCDiRV6Q9pBbsNqj4mNjffFq/NCMldjb
HwfStdeO7gHCv7rygb9QGLaHzQ/7N51Q/2UX6KbiSTvxcrBnUahR8vjGWUeU4rHjUt3NMwy2h+KB
726FAsH31QoVryynMAggr1rTaDlCePYMk7+NpxCuOgFVxsCQJIMimZ55JA3rypNZxdka8/uHi17R
j74YDX3rtWRziYzi5klC47Z888kZBrpGI4JnMM4Qan4u6ggzlWp2buWECz5a/ia3ujkBxppvW4lO
zWrxv6y7b0LWyyp1XPWdlmqyYo+NFa2IvH7CgovShb4CHgdlwQLTJp+863wz4g86WgkTJkOUvuh5
ofynvmyqoiDyx92f6L/XHhpMFD9XCaILN4Da8LGm1SB9pO2LLU5eH4G8kQElsBxx9WKuMb6Pc4er
rkEnKU5pqVp4Vi37VQLDlQtcRYVB8Y2E6upVBDd9F0iXGWFvus3puy2Ehx6SSI8dOf9o41Aoq9iJ
nlKmV6vu/iT9x1kp7jwJm007rT6VrDZwYXGMxCuR1wHswJY1dYu7zRfOQsX2HRR+4wqpfJ4YDUPZ
185HZ1KfXFO/2XYdj9G2SkrGmKs8/t4B46SaOXb/O2avEp51dho/NpHJkXEZOnjROvAJoe3C7Eh1
m5j3R7/P76fhHK03UxNXqc4WPZfZvefwbVMKAoD++uUexgb8/+8fn0DbV0O/21dXuNT2YBm+h5gj
9jApEfurworWKch8SXH1bW9Obo+Ik7wa5OKYWwLoIu5BIe5rGZTP5Q6PkZ5K/fTWz9o4/0vGbdWz
TQ9JXwm8lf3yRmAo6yFJ5TW93o6g541MN+vPfhB81z1jdZuM+BScXeyJ4kedmpTiKTwtCsTydP/X
0U+LdEdywuucwGRWgu94Plp9qDMSiwPHxurbAIKFNSbGRwfuLNyIOX84X0jKypSa6Xy2D6yArO37
q/PVYbqlr648f55OIhShfzHv42hx6Bp04Ntdn2Wr2Ib1/P7GTung5tLltcKzGjU6liIOMs/sFWT4
/L2p6mcJfQ0+B42v3zRLGiAJfK/f/GzD3uwYPWVdLtO7uG6gfMcTfZuxEz5Kb0d6Q62/p1Sxqlsf
HmAmACU9ukSmvnTVLLhiI8XvKP1RsVtRHFekNr4tzZ83MPF7Rr7sU6Ttfe1JyIAP7fJq890ehZA1
QXOmEKWLKx9Ywwa0vpYR+HYB7PyKJKVz22bFSzQsG2nTLoTfcmMpSeyz5BpWfXDl64mGKEO+bm+G
1i59uc9VqtadFW8b394ZPnb20YtkTgMLRgepfPxkDfNni5bllT436yY+jo+IdSXaMdauOQAcWDjC
WSaSDvUy5/VHEJ2pQQY5Hr/1uu/4VEQlYWeix0XTozJpcdqR6hL8LYo2pHplgs80uvD5qab8s5oc
066/Wco1oME5ciypNpCxUs0WX6CfJk/Nz0uoNobKwDtTrC93pf7pic+O7E+8WSimMnLJcgMauaHc
NDccS8zkZ749U7SpP/PApsvGecpOtxjHdiW5WYw7WMD3M1DMWHnc8SCo+3Qsvojl6QejuKcNPIf0
Psra5Rw5iftI5lY2q5vpsaIERwWmu8eQscoSSs85XncYM8n6Z49I+F0d4DMnGrzW98j/JKL0IQjE
tOTBcOHCTW05NbVCZOhhKcHbNNZ3moadN8bPpGfdIXtz+PDrhrwimoTjxLSniMnTLeUo+7rfUGQT
9J957M5Ilveam1KEqplV3w+fs40mLOuWhGjWPAcN8qJ7W1SVgYWvj/Lqc5kbc58rqS3FRnsJzRvW
q0g5q1ToZEFVMzCrjIFiUSElc68Dz1WvJFjlFfBaPRUdim35JPqBpeuKcKeLvXan1mmJIuK5ttxi
GZKeusGwhDsWcS7G0QsJXrDwF17WkVy0bk89Ms9Q5T+OXJu5Q5tuej+CHRYf//Qb2ejH0IehoV/x
WiSTr39CeCgohIYcszMZMBTWrNAB3BYS01Y9R32nwCExweglflvGhfyl+HyIisv0jRYSJlPCviy2
MZvDRrWPGoMGDF1iBZNwbxcHOiumLTNn3TrJteQgfPCWVaOAmyXPqZaFe8LjOuuOIH7VswVSz2Ir
4KuQSFoxltsL1yyFdZatNUVLSbvcahnwVx2qk69pavOlpFmtMguFeg/O51tbHf/6fviDVtZHZn5T
eaigFFED9YsEMbWlq/cdv6hG+5D5JHlvzAZdrG1BmsufdS4On2T/sfTFsLqdBu9+CfErscBOrexc
TRIGnATprtOSRWfMy5UOniLTrG1dN54z9vE/8fK2F360UTkZ66Gkuk8bnJ7Vojk5sQdFDVn1D34j
AJGyPzLwTqz1bXMBnLFrY+HGp27xIDRSDM4NVCn1GCf6oo57D7lQaSDX9uHeZyU22yLzNvOGjHGv
w/f9LqbIg3Dmmxfu+BNNeGbnpHmXtt+c8PdfGG6ML3wme32Rpc5rRaSAvpKDhEw3NjxXDTfN+fQM
AykpZWjfbVvOmFITB+CtrzSe6iUqpM/lORHG4ewuR0UPP03K7GG+aad/nQUscexAOe7UXSUh6Jzv
pzZdvoFYXaLSoXSJH4Z0TONKTcOj1KF3fO+nnlRUVe6ndtef6/pqcuTQ3SCJD4PL/lfMH/Q2Gl58
G3cm74CkmTuYt5nRcM31B6lzOT3uMQSh7eJVt5tzH5Qqgkna2pbpEC7usFzOCw9vMVLNWuMej0w6
ZlrMffgIkfz8kkX+KZ3jH/os1A4OvZhaojR+0cnL9vHBuwMnXuq0nVviNRMRX9Duvm/h+1CVCK9f
YQbgEjaUgXwpVBj1NV+Ei+/9NQB5lnne8EnKZimSy/mBnz39X019CmVcl3/NLVwbVWLgMv+GpJKG
YTC2oofOiZz/Y3jBrcsxx7i5XfooM0T7m6jq338v9x4rDiS6KyWlRUGkM11mYLAoiTsD9So+cUJk
2gsxKH0SYPPwbOLkij88SrRt4uOk/oaaxfqS6g/BOos+k6mz96oWbxIYTQ2UPIuSuzhFRX003ayd
/bLvGeXM2Bmv+zcanU+uzoPNiSh6RxdTB9/ZneM7eKyARbziVfalw0qn7gNWjNJU7bvY9WdFe91n
C02s2k6tKUNvvF8RdO73g374wrEiecriSX18lnQx1WP5oi84F79yiDIdXTnx3M2j4KUng/ItJG/V
NRm37Dm7Kb46u2RIY/G5h4vfKATkKudxUg0hEexL0c45qnk0jQdjvRzkVLrz5y5+7Cx7TnnEk4na
0ohKCcEya/qyVVnNadXXifVSnimrxbFYemboJ6aEPgYnyi+RWfdTOYUYfCmA/fC3H5AD3YCXEUps
4u9ZbxSRh/W/JB8T8jqr5m6XcJsQ/mn5mtjgc1prSqmpvJuMrXoVDCl6w+JFnO4rcydvuKxBRSkQ
bfiWP/x9igbEB4c7F85d39BUrJLO7PMt0aAYb3d1/J72VWe59MjjkaC6jzIayyHHxwrOffNcsocW
FU8/zv2G46U/rXdlxkckx0r/B38oi96jFGH5ibc1h7I8MnZ/xwu007oEAkAAv367RwUk4t9UQBZb
e/3qE95KXM795jHcz3N4YDmATIZztLCjPYZzPz2GfoAKrUVyDk75qPJCh2hmD9Ey7dq2xyCR+YfH
4BW1tu0xOJWnHMysejLqR3qr7bvayPeDLhFc6nvwjNzDlELuUQKJ3FcJZLbagN2AOLn3pAbx5wjI
hZbgZJYbPpkqRJbKSWomVLZMNwzESJ9nN+lauVs+J/g+H/9eLJoriV1b5RqHp3nbYBvDnMFHfMCE
whWFc/NDZwOzl3He3ezz7FwcvBmJFO2cE5Q6c4tJmF/mq9mrZoEVYoPlxB9C8nw8FoaJNSlUlfrH
XIR/LKSNslxznXM9eSj4A32QD0TBQPfS26dxy/rDRrPeK7xvT7h/f+CQdp2pcYn6S5KTBWV5gcxp
J/zLXHdDnL8emX936CykTir7HRVnnBxH51xGjY9U/PBDXwcG0ft65N8KDGRX9ZSqyXotvF0FePHN
6SqvrE0sv+4rkVAwKUv352xyY2Gn9rmpL6Z2dyqtnK7K22qtID1CzpTV6gcT111xvvhp6q8h2Rdn
rzimeDfI00vApI7GMzBGLUyuC8QHqpwnfmaR7hpQ3PPyVLxo3vmbjxwQ7+kU6MDludRh9JUE33RC
PGkWfpxug5xQqU1nXOgi07vBu1SvcK3vO0UlGRFrMK0VEQ7l3Puj9pYuDJ84Y9xXzIPMTG3Xj/Nf
tODUzvWQoTx38valcLwov6zlkneQ7FsvHjJfO9mJ4/+ylprAa+hOH/jyuXGS/AE8X1DdIZzMrsFu
0gLSRhyg5h3WKYaLvlFkM8L9Pu/w3MMgDNXk4TcTYZ/UEf702gTC0S95nc4AhIVuUQu0RLjf7Cx3
zo8apCZduXY26XK62Y87/LrnrZLsTcUTlXi5Y4UuEWnEWFl1MHIGFGW0kRcm6g2caTc9m2GadlhF
7rmX1D1grevJllev7kyJc8qv9eOJ8o6aZ+a11xyVtsmrg9nqXrO8M0JLJube7TQT+JL2QtG6yMyJ
/r7JYfiH0nv88jdyVDg8YIVkXKGqZTC1x+BJnhKK28yLz+QXzXhSk/OYwtI6jW1+GGqHyN/qF4vJ
e88iqOWv1stVvKqR+drvi10WnQQv9JHWlRYLI9BdC02UpReiUMG08UZOjn20+W3zpyoOwfXS0g1b
54DEvna2D/3crTZpEjyJ1kHEDwgGjr0xbXY9Q1kwcu/1s4Tod3dAphlfVoIzFY4iXmWPc97Shshr
fJSrbB8v/vDWTIDekr7Vmi9dJnY6VfeM+KmkoBS8ppUO4ZOc7LOS+MHT99RZIKwyLUNgmfXHjC9H
W8juqcVQC0vpOHoWZ1h7ThZStxGYDqSRlAvgIrjsI8TPXdfiH39CpSzFJiVieXsgom74Ao9eRnH4
Y9OyN/dJirrDh++Z6gi+66UjySBQk2o9X5gyU3NVOYbrxIcm46jbN8Iu3X57y36Yu2b6peV06De7
9SCq4Y63NQd/ONxO2A0YyO06DiR8BzDAe3TAgPfXAfP/8Iv7m+7mJPWZwZ4PQo2iKHdTBuVuJnJp
7GIZDNgjnA8G7PawwYD9hfM3MRKwGc4n93qDawHVj3wzpxPk+iz34Ez+96tnwdcHJJ1YkTrAj28l
Xsp3NAMMdD7WOh3+FMHLn2x/koo2+fLNxx1NM5eOnHtgUluiw9pZeFRMVwjI2CMlwCFKOp418dww
X/YN2G91bTHgvt1tzrq6UnYSe+rDup2BMamuB0NMQf4tD5P174U8yjRMvH13wcox/iJnJE/TO76R
1B/+fNliWuoUX/yOTBEHdpbIcx9acL10yRGPaZF0OEmITcSahD+oecOqM/P9Ww9v9ad6iX78rYTy
PA9u8Ldz9LO9PP5Ol8kzKFdssqnJT1dY8/RXUrWKQSHLS/j5eboHjshVXHwkIjKvO5mlOqPBE8l5
vIAz2/3h0zqSlAlFLZxqv57aEtfHPVdNSEnsdAKC5EDLzBxHnCqEhY2De74yw+ltDnwIkB/vnUJ+
f1fZfDOer6+cInOZWIYN9MrLRpyzLso7VxsvNGh08NrtBvce3IOTjiJaScFjUwowkm9upjGkb4/l
MiRWaieJSxdAzzXMMtidPr5AMk5CbmEMjdEDjz9OhPQcdLQgCW+6qSi9IvhIsbCtSKeN26yBU5E3
9k03V7xwxDM91R9sPX0mZz45kc/ImjRGWquF8Mapkb3DbXG0xj/oeL8ziy5U/guhzSky/d7itxAF
C2ZSWE/QbaHw9W5oZm0cydk79YTk2cPKXJy0iPAFSX8RwyzlqtPEtJLhqSfvzbMacIoBzp29IyER
cDLq/RG1DsZPJ0JOsHO0opR/XvqdA92xsMsKVNdyOCP9Rp8+LyBHjgU/Tx5kvje8wvIxOK85qKOg
jcwX4smjQSAzI1ls3qhSe8fMMHYiT3T8dYMaxw0XXu8DPjUbDou603Z+Svjg4vg7Ci4AJnbDuEeU
akpjFdIbHryGBxJIZMP12tveNbY/MPliUdl6K3bQw+xHzgX8HIHpWy94MmVlzxT4fh8teevtQXGe
9Di+1Hoe/tvX6b6vphF+lwR8l0jatcIkj4ZzNTxgoAa7vkrvrzIZvfhDjki85rigvMdBoo7VMrar
AOqwgeuNEPwU0l7bYJVIOh2dbwwLB4bbFyRIRuaL6m8k1BxwEwD47nEStwM/COBOxzkYuDukCwb+
i5BuwZPivzvOf2s4pBI5zjkYXmjL0BFHg4u81a13753hxxbX9LDMd26JinPpaTk4sT+/D86Pbjj0
g9zpfsq8AnlggnCkv+N8wjH5Z2VZ0K/KMgXGN2+3QrqrZ6VQ4JPPpbmbZeAeIV0waHdIFwzaV0g3
W13LeQRB7jOp4TJu6J5q9fpbrcYwMSLi2RENyfsZXXfyApSu2UaMkedDf3izDty7FpEdOySWSh5d
fn550TUEyi6JKya4zJASdl6CmiUr8dpliw4AJf2HcJJypVautJTTJJydt449D7skYpUJmO4+799R
nhidq6igRDh7/apbPQ6IUiKoqVKJMeMaq2B0oMuAr1T/Vxx9NgUS+w4a2NkhOo1VhdJAP85mbsd2
cLhl4KUCmWdIfCTeoXlK7kVqT8QzyBhL+zs4DWUB6/XMEs9BUf4HhoSxj6a9JtYVSpapQcQFkHbB
2AHqDqpnbw5JvDN1lKeVd2x46kXS2X20+VBcKqWd1qsu4mTL2As3xAgPiHvoGjSkhNqd1OmFxlyM
4rvivV6VaPVClWrS+8i7elNiFT3r+PvRyvrTU/EfGbiLq+O7vDYuvV3wcmtkLP8ydP3LhMJg7wyb
xlLF0wYN55zzH/2lPLX85fVsVEcNaYobkjTs79m5Vhfjw6GybwvKzZyr7EqoStwf6Cv31yjGWtec
b8y75OPc43htvjVDoELnHhnHasJUnE6v/Xn7tuHBjLcr7VY0JYzE17pOPhsupBrMiNOaLyaABJUE
zTXI2emWdFtXDDN7d7cNpdmU0XHYT6vWQLp8vhUS4lQFXtc4ztOi8j1auzTH765YdBW0JN5rVDAm
KPzKopsP1RnCMyq8cmfA7dOya63sdK7HxLniL93pAmjAb20I5z3RHRyyihcloUzND+hfmuc+o+BW
AkdU0EFD4nyC4sty3O+uePcSZz33KLv0kGiI75xVzKKDz92ct5dP8LvjmB97wL/x9WSxz5m1THmY
zjjtM6NJfdaKjsi+DeLuAHMlbY8gj2r6WuJD58w43jM01jq/I6rUcDS91/aM4JmNl4dHjK0hlXI1
bqRY86kzWsqnAJHBhIH31e2ffzwiwXBk/bSalYzGrdl0UyCy8UmXrsNhuKV45oESy43QDxRrcjLA
W5bqtj1C03nfcxnH0lOr8G8+/JRoA8rUPcIAu+cPuGV3S51AxrHpQKDYhH8/Pq+cqNE52XeQFk2a
qA5/oaeHo2BEnBdYxtVPJjpdkmcfJVdiUFflMznmfV4/8syzuE/ciJu4ak33Db7hhy46kRo3ZdPw
dlSWJXNQrzS4+s4+kRaSelFOJM3R5KBdo/xdOAaCfHBI3hwRvsgn/QLJWnDN+EwpPZcoQPq2A11k
SrCEquIp9pqXYlE2rw1T1p0t6libH3/9SHtq6Mk8n2HowjcAjE8gjjEvAvLsQrldtcqCB4sqFQlt
bJX7gWvANLF6ohsKYtwfiK5n6ihQ3k/UCipJ+FwRuppByWdx2YlA9N6oPaHw9GniehlR9ff5PUSj
MUYNLHFLwXfqB8irI/oGy8jF6pLYeUA+MdKr5iIEne5gQcsapqwFMYXLh+Hh11smJWQWeAY+Hcmp
LyVV+S5jFmzgktPYEQ46cE19/uCPpnjRyz9Iqq4UD+5GKtC2EQgE/GoH/3lR/d9QBd4XVP0/bCDc
ykQE/lH3+4xLazfPO5+8/h2dwXsoJPC+FFK2+rxzvzj5+pMaI754yzjatUymqyxXZBjgo1KD5A/j
2zy+v49QH7FyDJqXd5vSfyAgdbVLOK6YAO9guXeF59pKfEKt+cGvc93xBUVfRjkDOzwOlt7lrsp7
kMsux0xXMqnEe0OTYJHFlS1M733ZiwNm8+U8lJ/HcEk4XdJsNi3E+A4mm49pFJyEOXK0F2TnESZK
kXVGs+sHcqhrvOBE87d7G9xKN67UMaZxht/G+6Ku3XV0dlynlYhoLkbe/sk7Abv3jNJdg4Ss7/li
epqlTWZz5r7GaBWJkiQyiT6pdGipAyTbMKUPU0ufewxSe9r9eL6K2eR2rYLX3Q8xOlwmR74IGj89
1GJeI5z4OVbnzUdhsfCOG0Z3vZLyyB/QvmeUSisUiH85ZCU17lZmlzbrqZXz4Uz4CJdgi8KzKqVM
Ye4vDriauqO4XXhCVHJZAJaANG2Llpsj7cDHRbkDOanmJT5J6cd1Xrw20bZh4Dmcq9H4Q2UIcfJI
BUiKkYNI04N7HNfnRYMhSLJ2kLHnXjZU72lYy2c3YyDbYlnyXaULBx2J73pNf2KErxWpcCWUiaX1
njvuUqkh7FQVsPYw0fHbhueGrdPVq6RJFAJwA1jMrXdT1xwqTxjM1SCPtT59Yf7avzRcOLberc78
vO5NkfNI+oGm4DD8Iyc0RazIRV3eE6SAWQToK9WRPrhR2acqaCyuJVxSS4rTf1eky8G14dA/5DIm
qKyyZmLV0gU+eoeeAtIDgIvgz80SPn3oQ01bN8SzhPv9u6OQddzlQ8wl5F+qPqb4aatbyBY8lBEu
ov1EIUJLvHBQtnhELSC/XibMLCm5D5/iAO1R7/cmvmZit24qV6nG3G1NPvb9QHr7Eb63F8Ov3Qlo
8uFMcr5pSvbgKeNig0xsU2+gp4E5F8UVvjtgzoDE1sMvjl06Nv6x/6FAPrTSbSM8MJTxTpbFVG2E
aqYbjj3fM7Z06Nu6juXEALfZlCsVxd+7wWUtQmdLXPmJRvNvH8xBcnSeTfe/7PLpvTwLfhOXemHg
cJSH6Nn6zCdRMsqTdEJGEzHMUdVZisLcN669fJgvpcfCHFb46vp92fP2d64oIl9etPSz1vYWKtGQ
nrs4Z8SmppHw2L2VvgNWNMzuN/G1QbzwsyayipXEJvy+mpLllUddtjmq1rMEbMO9tkn4OG1iH1T1
u0DWL12M+4lfD8TdO/fAJd69/RBXOScl57kogRM51fMzaSFMWdMfx/3FjtkmA6KO9LYIfRjsCCzL
muU4lRPPGWd+5Ls5XUYgH3eJ3bPS9Wwmq/sP8corD0Q2p9LxDobkPgbP0TrWHvWkIx65IzfyLPrW
10mna4AYwAPOh3ffJ7LytQeo4OQM2lBdw4Oe9iuMJbL0WjOtqAltIHk5njBQ2dh0441RIxO112F3
nyUe7S77j9zaL5bymFLGIpsIrkVcBN3/OEXWaeLE/U3itf/zesnzz0W+IFo8paS/fcdh4hfaw4AE
w37BMmjnt5A93FfIPhPE+2iPuzsWcPnmq5cXFDRLt7vj2O9Vhr908l8G87mpqxHwJaQXdr12PzTd
efTFK0mz8J8Oe5aZFHtO3ylXyAMIwaMENQKKza80NW19pYkCPKfRuHy5PVvVfubzQ+NHIZejnqNQ
mX+PbowtRv5qjwPvUXII3l/JYba6zGa1d/WShg2PK9g46fKNZPviGRNIdmNm9n2Q4KsxZWE5HNAB
6dc189fI7uV3nbE9fEn2yGBjyRt790VC7qXaogcb93rbcsiAnIWjvuvpAcfKjhB1HL6W7hVoSQNg
GpGyYiKM78iLPcF/ebomouPxaJFZ4pUx6MX2Jhdpek6nzgMTKZ1ln5lTa96YC0XWVbr5+JIt1dwf
KFtK6/yw4jb0wxQurcXAlj2UAUg/HBvyVlWdLtcaVlHl/9aR6IHiw5fEd3F8ArWWLi5WrnXnrA2+
MFd9V6Fn8H6VYsn7QeW6kMeA6znCDEgPO/FFH4Qz/wM5fjij1KvyiVMqOl9HQG53r8+qzHglZ5zs
fKgRsxRpfPDiVS0nuZ5hWUqQfRZ70pAI5c30Hv7GK+IAgkohGjcnjsMTtq8u3lHuHjr4Co6TYtoG
9nt+gnLI0gqPSYqgxmw5s865lneUSnb+idnCOJvym5RP+OxHRU+GnI4hx/eK5r9ceeRULx+VRnAf
58nO02QKk4CKB7iw4LzbTMGn7ntwkrwNoigT8sgEnHKvG2QZJHrWX03gl+7tmGcsBnxpcobQ4/tl
b3j8A4D225T+Je8Y/2MTjRUOz17JKVA9YcLlvOfhxZ3A3OzcpwjMUxETDjMZ8WoJG+kRecnvlh96
6Un7qfN9zrXvSIvaqD2OaMRmtvA/1JNKzJMzfXdLmOHZ8yffK1RJhQ1YWLuouSz7j6qXvuv/PCv3
3tqvP/e0ro3Vw7bihdBXFpxxL+nqcs7JkBaIdjD05Zwts3Q/3kUNSzYdM2zW4iibwJ1bPjY0JjMw
7kT0pNCWGuqQHffkbVh8xGr128ojN4WvTjZo0h4dXrjxyk6DRUltQP3qucNc1oUkWXhaK9E9Ws9D
2mSPayTZ1hLKiRQkMpvo3OKJosx/3R0dn+79vBhkTD1LMPbghqDUS2X7yI/3zEUDLj5RKnJZjJQf
ieDOJja5c+biEmw44Wz6FIvimFXFowSF+dXYjsM8kCxpvde3zmqV9J1cm1cebvd/9h7CpVP+xhfO
ZeHTdySNud0/osHsYXIk19UJAiml6VK8k0fkA+4VF2TUinhWhbGeuqpVvHLzkaC9vhIuQfzyMTua
zLJCkZD6Kemr2c6EShRleKdApSXBsEGnyOGVgyuhr09HWt2mNbr9nNAcLmN06gYuqdolN/+hwuck
7Zm+r6sSE999ujEwUD802YikmiAyZJmHpIbo4kY0tUaqCDke+syX5BWSem1qVnG1KTKdjEfY7iwn
tcUVl5Tvbk+om+coh+M7j6wyiXY9Wrd4d56vb+wE3dSbp+m+K5ArUwpf39JbuGdmqvT1d35T6HbM
yug41XaT/Udrc2JjzJfP1Yo21JbmUY7dek3lhTcj5oZabOga1Zptb48aAcnxQ0Z7Gxmta2YIZdjt
eW9M8AlM58gNON8smD8wHnO9Eah7pGo1wXjmwHLH26vAzH67qqDXx5yFfvzAM/Zw99oNUr+KhAFI
yM5vYbtTL2DYvlIv/w8vO9syl6PKsp/5hftyf1K78/2gixyX8m6eYZA9zGXY7gQbGLavBFu2upJz
3M9ghs2kWazbRJaIAfFYtpxzPApdnoyWyDOZVDZYHWCN/Ci7sZ59uDhvVA+skXuM2KJGd9ZnjYuM
HESauOYy+Yh0IyZFMfaq39oUSLIu9PklPMeOhMZVhBlF8u3BeAje41otpxjvjz4Rr0VqBVC28qPA
L87X2j7gydTxB66etdB1kvwQJ87Z5hTT+5Teg+/HiYvtfjxC1gPvA38QwZu0Ys1OfEnNS6cvTCLT
zuIsNeatqvZX+HqYKU+IK0uVpDLwg5lS06Oq6fD2ADWiLvIAfkHC+eMljDe1ImUveyBDNCFdPZdo
8lhehjMAvtKHUbDq1RETFYkJiDjn0Pm1zbBPmNxKBdw4Si1G8ZQrg/rA7CNWTdxrL2dJHkw1PsML
M21zsV+4Cy/V8tU9baAyleYVIlPa63SOs46RVZsmiZBjcFbCstcnpaxR+AnL0CPlyioCj/oz/C1f
PGRssryeGHIRB6fiCz9WqOx0rFrit2WswNEXbLS9+SWfovBBzknj7/Sy53WHNqIZyR/6LbCcnAxS
NBUJxo/JyZlyIlBfcHwxciRIql7rjZrdyqTa0YA+g7EXwZQSpNWrvOGImx+echycKtUOyaxLFX15
muuy0Cl7pWMKD9/Q24kVCWlyyLkoWuF+rrLuMg6Q8UxXl2hySX6lmQggCNA+xacz4a6WAXFM33B0
tM+OlisL+eDHeT2fecXtfGiDmAPla0vIoeXzlhzNjRUbN4POOkQX3FfIP+0hHlap5m6bs5Sl66Bt
lXPZbJbe+zHvkazXNyiKGKzckQ+/hTXWP4uYd2v/+mq6190h2YebokD9qc8j7xT9LgX8PBFya4dz
3Q2q8kdkLC3yI854+J7OYGnja/Dw9RzmDpAZe0lCA/FBwmRSSHpYnCeIu38oJZ934+Lkf2I6Hv+5
zjLXYa0jUvjkgZPnnOls1QTmyXqNflC90Eo801vj3irVauvGdYoE8rI4oouFePhp4BucIovTVSIv
Ndtp72hHPFIx7gAxGeKPFU94fgLw5qaSrB7oClxRGHQxg9xoG4m0DRprvJE+cM95rO09vRaMb2Gp
X9jpLT3fecYTgzMhcRQC5/pjKkSecueGuF8aplfTpP7aQes6ID6fm+OFqxIyr/lGJI9b++5xCd4z
nBwjRsZeIu4XkCEe0iVJ3iJkG7yd7g6pifrfYSL8U4iuIqkfrmYPTRakpJeKvJfH3ht0nCj5PpUE
ji1+Hijef+zi6+GxfK8oaHaPeyhvaz1JMF2LOJ/tyWUcoSvi3W/ahaR+/MCl06D32QMXtrPQSOhO
ex4YsUfkALHPyMHvJqpPVjHyz1Jdv3sDSi0yn4Ql9UAXzh0SMHyfik4qAcw+8Z5tpGhrv+g4fkfs
zaKosQyjN5Xig2jhaDyQc5WiioPkqdYORb0CkWkLQUvyeoHH5KeUEzfjutAVBc2qW4DunOszqwk6
ml46afiMx3THHnOuHnLR26NHBIzYK3KA2CNygNhf5EDT1n5EnHyjLYdmPLmYrU9n/hvuWjWFsB73
yVIa3XNq6+9icC/a8GjFjU2VjN11dyOpH0PIW82K5j2doZ0Ht/ODb0vkEuDKrNu0Sw2vug4GXOpL
fOgzVjmqLZh3iMmmRJDP1/gYni6PIlsTX0G4Z2TdVysvXzIBt3QY0YBK5LPVw3L4X3Eds2sDm7JU
KpJfPX/LfbqYqZZlHuWUsF1xx7vdZh//rS9bd+Z8n+uhjtlv/XNySo5aCy8rIxazcFz93787NviJ
5OLiteZSabGD54VKfV50JG8UCohLsZ4oPWymtPZueWOy2Dao9Ema/s2O4pXZgfokdQeD+As8WtQj
yNHOS20hmaptsi+no844HzEmzpaluHK16RR3NKsqTiZuED83LHfEKMrRQ49As16BweNWcFHo5GVC
ZFBhbZTlkXZh7pPcqV8DnHILzpd1mmnkZXWYxD/PL252ri88DOxksse7LUOAP5p7XCwixTSFJIPP
u0xLzYh7tNtoadHc9uzNTk6uCU9G32bXomiGhFd0eLb2jpmH1u+baa23Acdw7rKeasxWvWwtHVc7
E200jTxhOBT78k4RY2eqK46x4OjR00+bqaU+AKWzGDloLcOifTWcsywf1FZFIFPpxCcdwF7S1ZMT
D0abq5svz/BcrSY/x01SyixOaex2N4WdODjYkVamqUBW/wFR9fvl3l4jXbPLxgyJZqM0x05T9nVc
fXv9oDlf99XzXYHF/Q+ho6kxTaVZY7xKYwORGY6fkfneqf7+1mfg52+u3n5ztiXe6JvMlctfvmVf
V7yhFbsIPqQ9woYjZTNw8Pjzwfz08IMjRwhfFY+0KDZHTcC8aQCh8PQETZnpd9qqOUjqi9RfT+B9
8fF7c4PhAUuDbahUuSwJQuPkEfs1issPe9LwkgmbgFcuLuXzMg5ZqKguagSr81/y+iTDxXCVp/tE
jxucWejuyWJNXYErN4v69XU0+YrFGPoFFgwN5AUsLbsVBzRxuiOr3tgn2jHQHJdpNGUKq/CG2PQ+
Otttov2kQ1ji0O0RHxDNW7IzAAZRpXmrA1U+TDnMDDfPJG1Mkcp+BdFIwJO86j+t5TmwXHnEFTlQ
Z9ROg0jg5fOq7abWPl2SdnXuxFfFsegm4acWvZ9TfR5qMCaVjGoexPEM+FYf0qHo5Pz4CWXpA6pS
kS5g1mPybKZPhV2V949cF+z4+BG/o/toBCXHMwAfY9zR8x4qR5answ+WEak/CzpYFSULxk0uwe1Y
Wc5MEqvNZzwMkr41I2x16QJnUCV5AC3H83kOCNsbfH8cVjfIM5dJaeVzt4I/QiJ43rMX6r8unqZ8
WNJg9yjdzSqxnn+kSTu1G29uhGQlgEeJh/fMu/kEhk+H+R4Xtuio0lKTq9rnekszNHqpuIimZWvO
3sn6cKipvK0w2X1GsS991uo1PLEcyPPiVFs+4krw3YuxNCMgfamTZmeo2/PraPRmBibKyu0vpEN8
Lh8jUcut/+iSfOblYeLnd4zdaitO1HCFMtr4fTzQnklUsLzham/pY67PJQ+ATQSZ5nmCeGVXorWr
dYvhAh9qY9S9BJ7CBuIEiR8OPzVYHr1jLmgseRfIEwJ5SsrFP/XKre5Sho50lBHXyTFF6Yu5XHdd
6E0Z3qYUgeaUjiLwuYu1NdPUDT4MpMkg1vWOuH8v11G/yOV6q4wct60iBKHldGguV19+canhqrVN
8vHFgrl0R7zBdBtROQGt+nbxc3r+Gu8pvg4oI3Rsj8TMGM1/S3Ww0pnlYDCDUX9MvVkiOH1hPEbP
4/LZvMv1q7oFmfh4KiTErUDqR4TNkpxprD10H8313/v9+FDYEQDyrut7Oth2YnnQX2wcn5GLD1yd
LcMFJ2xxyg0uaEAYrtrKSHQ2rjmO3DFDJCQ9+qR153IxE/lM9Tt+buQysXfxvUSiivIVhtLgx19d
EHhip1ItgTw6Nga2EpPI4nDESXx72UauQry0+ekfhVBvGhLaYVe9UF7PIaVHawlWhvam3+9/L9Cy
GqKRVEpPlZH5tJzbC2cib+IgrlYHyZ89lgfF19fw4CV5bPQFt1dV43vVxePXqz3KqqtKL9sqqTn8
KA6ibNi4DvwSVl5a0mMS73bd/hK+oFtXynJ9kSu4seYHztS7leI9FNFOfAj6q6IDskd5A2R/5Q3/
7/2Qqt/9EPs9+mQggD0aCCB73DMN2d8909lRcs79APLA+Q0qPgFIa2iW5id3+Va2ZN8eXAWeeycY
Ttc+1xSNBi/mrY/r9skejSwMoo4TErbQt3ygYf3WV4QWMTFcvNrPG+ufm86FN6FO1Ox+arqBotTn
rWfepDKpIXmc+BFru3uSeLefFvsJuVPPmBgOjFkj5JR4Gw5O8+URfRicvmtCPsI21hVmJNnbg4+Q
vaJ5PGO5e9q4pLzt/IdvQJJn6Z1VmYWKUa9Wyl5O0LVEsRxvdODSpgmWTpc9nn/tSwSkxPTWl5ri
3rsXm3USr/K1DPUNX0md9ez64mfnFapSndMyetWpbYjRm1Cj+2ImdMKVx+DUhPD1s8eLtDonfJgW
3kiZWxyubY3ylu9VprrXkV2lNQ4d/dJi9vZgw4ASTu+Ys441a+/hBpamrsx0Ky2KmEgplUkZI/Xa
jzgTD58myX/pcxVOLevqr6+rGPtmQxj6TIAvUJT9TtPLNO8kpuNkq6DH1CML71LaCrNdVhbCa4ke
OE4IDjo5choQX3uRROxuEdHWgrNC72ETNNsszUPIQVQX73rEoaag1VjoS9p6sPvK0WaEymo+X0mX
P/+3gTUHcBn/6EGiV+3NwncKHmmTxyiCyLVLoL4Kd0LHH3FUDKcIxw1Q+Z4MN3M1RByrXzO3l7gT
KhooceCotHzYucxiCWFySY5yARu4sOXiw5NqWmqj1/1FpbictapXeosNY1KbKJKI5YZvPx4kyrtw
mQCRFM7k5kJxhObMmlPEqMhSmWC+zdmDnOHG/ceZyPSPn5irm0wATlSSW6m5vzjzqC3lLBjneKB+
OaVAWZgqnbhWyIG0U/aqiQM1x4faXSDrywT01Yk8qeU042vGM573QXC883XHA5psmnuSi3iK7Voy
mC7xWZMjLKnlshdfjT5+fPrjKR+wbdAnqaS7yoxdDqA4DqVe+zsS+Zwv89/UAs4129g+MDuXqMf0
FVwWDT5yiDWORNDb6YaKHoGtZ+J4Y2WcTN6lR5W1828ZN56u7j5EO1eXwyE7cWUIaI9DBPpXlWC7
031/VYLFWQ4cTt4MLF+vfBI1TtfT/vGNltrJjx6POpQU9HEhO5//N2N4tFUJRuG1XQlGB+z8WQn2
7FclWBppVEX2qF/4LRRuRKJw4+oejUdbnPyNG78YVr3kYMqjaGhuyiNnamJpKGzvwayz6cRAkVBm
BASkS8ijbO+CYp4ZgBrlZGrnwvzzYgTUr02d7V2djE2dUS9RdLI3VjF10eFRFBVn5lE19XBBPSfm
4SKh8vPRrcoWQh5xe9TjW5fCE6KWkUfIzs7exVkH+PP7QoQ/sQz1A7T1Y4vM1ldMCX/Wyyjr8oig
3oCagzMzdPslOx/2/m9Z2qpcQbO0JSw/WdqZ4M9v+f0+QxD4P170n5/B3Vl1APLvZQdt7crW/c6E
oK3RoK1h4K0t2Up6E25diEwI3poEeGtLtj6ERbiVJCYEb70FvPUW8NZbtj4chTp1Wz+23gLZegtk
6y1bd3sSbn3ChnArm0MI2XoLZOst0K23QLfespX+IIRuvQW69Rbo1lu2rgck3PpCASF06y3QrbfA
tt6ydZ8eIWzrLbCtt2wFKwlhW2/Zaq0lhG29Zet6LcKt4B4hfOstW62ohPCtt2zdR4WClK0fW2+B
b71lq4GREL71FvjWWxBbb9kKDBBuNfwRbl04QojYegti6y1bjjQhYustWzd0EG5V8hMit96C3HoL
custyK23bFW+EyK33oLcesvWF+0JkVtvQW69BQhAnz4A+vgB0OcPgD6AAPQJBEDRP2Hon/C/jiQI
8veZBP4WDflPRB4NGmiRB+5M6LdjiUaZ32cJ/Y9nCfpjlr+WbQcPgQg0IKK3CITeItA2QoL+Wnog
GmF/4wr0n3P1B9yAkHusPWjXLMH/tYSA/1BF4N26CA1yQDTKAcF/ax4geJcEgf9j5QOE/K59gJC9
1A/4b/0DhPzXCggN1ehZohH797VGoz4QDftANO4D0cAPRCM/cAv6f98DyC6sgf7XNg1ay2xzh9hj
D6C7rBQo8j+eJVq1oWcJg+7aA7QmBG6pwt/XGK0xf5s9DPZfzx75++zhgD3WGAb/e5Zw4H88S/gf
s0QAdq0x2jIAok0DINo2AKKNA+CWdfD72sNBf3OF+K+5QvwhOQjoHmuP2D3L/1pCkH/oUuRuXYo2
loBoawmINpeAyF06FLFLkpD/tQ5F/qFDkXvpUOTfOhQE+I91KAhtCaJ9HwDs7zUHoU1H0Jbp+LuJ
CPhbd4IA8P949mhvEz37X+bg77NE/D1LIOi/niXsj1nuslNAuzxiEBC8a9b/tVP8l1e8h10C2u0X
/9eOMQj8xyzBoF1ru+0Zb7vG274x2qgFbXnHv6/9Lt8HBP7PufpDYn6zbH/NErx7lv+1hEB+twlB
kF02IQjyt60H2mXJgiD/sa0HgiD+mPXuUApktzP8t+0Hgv7XOA39XTeCoHt4wyDoLjyG/sc6DwT7
QyJguyUCbVqD0IEcENouBcF2SQp0l26E/deSAoP/wc0eXgEItksyYP+xVwCC/yEZ8F1WEwj+t3UE
gv/tDYDg/7WkwP84hfA9rCMQfJcEIP7rU4f4wzpC7LaO0IE+EGKXdYTYdRoR/7V1hPzDOkLuZR0h
dllHyP/aOvrDTgYhd+MxOvAJQlvLIOQufEb+bS2B/2s7Ggz4/RSCAXvgM3iXvQwG/MenDgz8HZ/B
wF34DEZby2B0hgEM3M4d/I3PYMDfpxMM/I/xGQyE/8HNHvi81Zv95yz/Y3wGg/6YJQixa83RpjUY
HUoGo+1PMAidlNmyYH9fe9Df+A0G/ddcgf+QJDB4j7UH75ol+L+WEMgfpxKySzeCt1Nd27kutH0K
Rme7wOjgLBjytw4Fg3dJFuS/Ps1/WLJgyB46FAzZdUr/a8sVDPtdC4FhwF17gDZtwdDtXCRa7tEW
IBgdnAWjbUfwlu34+17ssnzBsP9Yi4Fh0D+4hO2xF7BdWgr2H1sEYPgfWATfjUVoyxCMToqC0bFL
MNrIBKPNSzA6+gmG78Im2N8WBRj+X2MT4g9sQuyFTYhd2IT4j7EJ8ofFAAHsxibEdhoeLffo6CcY
bdaB0QYdGJ0tBqOtIDA6cApG201gtN0ERqeMwcjtvP52Yh+d2UfbJxDALqxD/I11kP/acoH8UQAB
AeyBdZBdFgnkv85ZQ4B/zBK4y5aFoE0uCDqdDUHbJxB0iBAC/Nu2hezKcUNA/zVXf+S4IaA9bFsI
aBcC78yR+eckmX/O0pmZR8bSxJlZhxCdRUGHA9B52p3iIXRuBW0BAdGWBBC8nVNEj4duFxSh8wKw
7VwMOi+A2P6J/v22J4GW+K14tTI6IqyMjrEqo6OYyui4nzI6sqaMjlUpo6M/yuj4ijI6MqGM9v2V
0d60MtpfVUZ7fspo30oZ7Z0oo+1/ZbTlrIy2TZXR1pwy2l5SRlsWymjdrYzWbspo/aGMRlhlNIYp
o0+nMlr+ldESo0yoy4zaMdfNPYT/nhn5U5pQYwxdDG3szbd3DL35oqbOqI1Gy7ecqYuhCWoYauP/
PnR/q7QdOSLkUVCUYwYKCm7T/VuMf56RTck0dmHWAcJh3HDU+kIgQG4Eaj1BQDg3BKVbIFAwNwQM
RQmosL2TianTlrgDUP8thHqPmrIUu4WLiwMvD4+Lvb2NM7elqYsZt72TOY+DiRmPkbEDHMFByKOy
OW5TflVcjVw2Kcta2ln/mtffybk/5gWCwLg3KzR25oWAcSNQ+/U/nRfyn+f1t0nz13oBuCEoExCl
1FHzQU0P8nO5UMqCG4z451ltbqaLk6GxtanTr7mZOBmauTjzGLs6bSIHzz/P8O8w+Z8rB4NyA1Bu
AwiE2knUiUBJPzccZZ+CwEhuAAT+f3NH/1btf8wLCeGGI1A+GAgA4t6M56H8L24Y6oSBgGDUSu5n
R51cnV1MTX/NzMbS2NTO2ZTL0s7M/p8n97cm/WNyKMXAvWlNAqEocUOBLAQO5UaiFDoQBkbtK3CP
yW2eUx4wABO133K6yvCfh1X593T7b39FEiL//OvvpbW7nwWBsD77dy75Dy5hSG6UsQ9H/YCjFh4l
wXDI5n8jgNwo5xgTjyAMLIL+RqA/SCEQ3BA4CjfhABS+oCwGJHxzsyHMcCACtfswTMQgmIj9nXP5
gxgUBVqbSmKbGBQEQx3Sf6IFxkTrbzv6TwAAwLk3TUAYSp4BKEUHBCG5UfoEjjplMChGWlAMtHbV
cu3J1zatbb6w08LEFxgr4G5vGAwlDRCUgtveMBgSjIKNvY7nT2IwTMSwougOY2hiaMb+gRZGxrDi
4c6GwVCIjfKv0BsGQ6CAHAzBRAuOiRZWjNvhC01rmy/stDDyhRWygKh3o7YUJQjcmxkgIAzAjRJ4
FGk4CsHAmGghMdHCChw7fKGJbfOFnRYCEy2syLGzXxAwSspBO/sFhXKjDEhMtICYYGpXtnZvxtDE
thn7B2JATMSwQwd6x8BAlJQDf+0YBMQNA2DUMUBMmAjZH3agqW1z9g/EMMkiBCt4bHOGAlzIb6KI
2jkkEiMpTNAB2R90bNHaZgs7KUzwu6u8c29JROEtAiWC25KImgHKFcBIDBN07MrA780Xmtg2Y/9A
DCNn+8EOKApvNwt3djYMgLLRYHuZsVvEMB1oyL7AY5vaNmf/QAwjZ9jRA80ZCnGhSPgOZ1AkiBsI
3cv43bJxMNlxkH2hxzY1NGf/QAyICYMhWNFjW0FDUaCLRPyyqKBwlFUHwWgNgDCd6F0B6r9YA3Aj
URPaprbN2j8Qw4TCUKzwsUMMBbubIc9tYjAYN3JPX+8fiP0DgKCJoZAQDtuxPaBQCMoKxqijMRPb
F4RAwQDuzWpuNIRAUV4tHIhRcYIwQeOugu29OUMT2+bsH4hh5AwrhOyII+oMoJbylzhucgjAqDox
ekzQf8AQNGtoatusYScGwnTSoPuyQKAohEKiwGR701A+IgSJ2RfEZBRA/wFD0JyhiW1zhp0YZs72
hSEQFEKBf9szAMoFx+LlYrJAYPuCEDSxbcb+gRYmaYRhN0DQWwZB4RMcsKOqUSvIDcIIxGBMx2xX
VmtvvtC00Iz9Ay1M6gyGFT92NgwFwwAkYmfHICjnHQbFaBaAMdkgu2q79uYMTW2bs38ghpE17DbI
9pahgBeCQOxsGQr0ARCMZgEYk+Dv6rPYmzM0sW3O/oEYJoNnV0Jx7037GbuE/9q0n7FLjCICwQSN
sH0ByDa1bdawE8PM2r6iHxDUZm3eQrq9aRAAyhHEHNXBBI3w/QEImtg2Z9iJYeRsV4/L3puGAl6U
+/dr00AIlCuI0QiBYDKv4PvDEDS1bdawE8PM2v5ABKViAJBfoR0IEIryBTGaPBBMsA/fH4igqW2z
9g/EMOH+rorJPeURjAJfCHjHvoIAQCh3EKPJA8GEWPB9gcg2sW3O/oEYRs7248hs5RlAO47MVqIB
o8UDwaTS4PvCkG1qaM7+iRhGzvYTBgGjsHezlWSHMzicGw7HaBhAMMn+rmLVvTlDU9vm7B+IYdKf
uzrK9uQMBb2wX3zBoNxAzNCISZ8h9oUfW6S2mcJOCSNP2D0YNE8o0EUikL+4goJQhjhGmwCKCfF3
lX/szRaa2jZj/0AMk+JE7A87UKC7WaODxg4wGIkyxDHaBFBMQr+rjW9vztDEtjn7B2IYOdsXdqAg
dxP3d/YMhGIYs4kKxaTKEPvDDjS1bc7+gRhGzvaFHSgnAgj97YwBIaifmLMvmPAeuT/sQFPb5uwf
iGHiDLkvDwaEwlwoZCevBEYpFyAAMzFMeL+rvHxPzraJbXP2D8QwGQTI/SAICAW5SDBkZ89ACCTK
w8Vo60AxwRVyXwiyTQ3N2T8Rw8jZfsKomxn3zariHc7gMJSLi9HUgWLSZMh9Icg2tW3O/oEYRs72
5cKAUMgLB6JYQx0BJMoPAcEgKCcXo60DxaTNkPuCkG1q26z9AzGMrO0rBgJC6ZjND7fssAYFbprF
mKjBMGk04K4eiL15Q5Pb5g07NYy8AQH78mJ+Fn+gAGeHuc3iDyhGeweGSakBAfvDETS5beb+gRrG
qgnAvoKpIBQAbwYMwNDNM40ivkkUIzFMWm3rIz3/zNoWsW3OsNPCzNi+LJGt0hjkL85+lsZgtHvg
mMAfCNgfkqDJbfP2D9QwKVHgrnb0PakBURAMg/5aSQAQZZBjtHywUPsNSvYorQH8dvh318cAf6+d
2uPp30uY9noaK4z9q/IajOK5q4FmL1pgIDcShPxFCwLmhiAwbiFGUNlV6roHra18CZgZ5fyCoZt2
3s+ECWZ0xkgLK4Bt0dqyJaE7fG0Zk//HRShAEFb02qK1ZQP94mvLCMLIFyazBAjCLlkg7JIFwi7V
IOxSjb0C5l/JJSYjBYi9AmYT+lFO8nZhz3bZJubKnn8uPnQyM4YgEIB9lEViBVn0bv/EPMgvxfgT
9DAiOiZ7BgjGXuAHxlrhB4RgLfEDQrDW+AGxp9v/1W4DMWou7On27aJOOBDJvdkZCNwMQqNMFDgY
wI2A76Mgdu/9hoIgsH2Um2JFYxAINQUkZGdqoM1MNhD0P50aCAbcz9Swe7HoIuLtcioQEMi9+VEp
zPVU+5oaaiP2UQaLFeq3Fg38a2boRfsfzgy0v6lh1QwQlFGEes/O1LZLdP+TRQNhPa+/1wDscV5/
zzbv9TQC69PYk5H/7rRj9GWwZyO3iAFRrvXPNAJaYQJRTgeWyD7Gyjzg78nIPdbl9/ThXuuCxPr0
76mlPZ7GnsP4d6uK0ZTDnsNAmzw/kwq/PLatrML/eVUgEHsOYxuwNwPHUOQvwP4ZO4b+DwAbsI/+
AOwZDwgc/LPlY1u+UO/k3tTpmOVrf1NDwPbR9IE9PwIGQ346aJsBH9jm7TTcmx1mQDBi73j7/mwa
GGQ/S4ZdyhHYpRyB/YQhsJ8w7KHYf3dGMLoF2EOxaGI/VTl854xgVuXYK0yB2EOxaH/nZ+Ub9Je/
87P0DaMPgrHsE4g9FIs+/T8THr8428p4YC4hxGidI7F7IUjsXggSuxeCxOqFgLBHb/6dvGAywEHY
ozdbxHYqrdGr+g/FzxirQEG/h2/2aMn5PdyyVz8PAOvTvzfC7fX0PpTH/2lLDyb9D8LetwT6h8al
f+pcwt669H+jdwlj8xL27qXfxWeH1k/pwUgJYzcR9talLUpbtRLAHazZKpbAzBbGNinsvUu/BzxA
fwU8MBPDBNkg7M1LvxuLwL+MRczEMEE2CIxdtsDYZQu7uw7C7q6DsDc//JJMJJx5q1QOtCWYcMx8
YtIWIAhWVwMEwepqgLB76//uDGHSNSAIVm0BgmDXFlCsmgoExaqpQNiLav8doxh1Dfai2n8VisVY
Bw3CXlS7WbGIAKLLCFBGylbMHl1H8K9tURAS8c9BDRD2Elw0uPzsOkbsnPetrmPMFZYYNREM+zmA
YT8HMKwuNwiG1eUGYa/d+3dhfsxttNjPARz7OYBjP4Nw7GcQe+nPv2MUoyLEXvrz704RRkWIwG6x
IbBbbL87I3s8jcRusWEvGvh3q4pRCWMvGvjdlYH95cpgrqDFqISxFw2gbZmfJa3gHc62alox5lMw
lqqDsDsjIOzOCBiA9ViBAViPFRjwfyHRh7EdFrAP9bLdoLq9hf/QoYqxTB6M/XMgaHn52Yf1y/Ld
asTCXLuLSZeBsX/jA+36btacApG/zNHNolPMHY8Ya8nBQKwaAwzEqjHAQKwaAwzEqjHA+0k0/h/K
C8bqWvCuj3//L2SGMfagg/aB2lsF+r/kZatC//+8sBy86wKe/7mvhLHWG7wff/NnRdJmP9Hv9U8w
zMuI+XMI2MULhF28wNhFG4xdtLH32/874cT4fQTs/fZofPnZLwvbWdWthlnMlcsYkfMf+u3BCNQZ
AKL7IUGbF3JwI7f7Ifdi7X8v1A3G3pz/u6b8VYH2D5oSY6k4+B+a89HZxi1XHLzziactV/xfJ86g
oH3k5MHYm/k3kx6bXxnbjKtvZiMgPyPq6Mj6nh1n/3vuDBiC3UKAYLcQsDu/YOzOLxh71/C/OpIY
647B2LuGNzNBv31HBAJAqd/Nio3/WVoVDAUA/3kLsLcYQ2AomAD89tURAJwbCgL/T6cGBYAh+5ga
Vu2AwoCtZDTaLANtWkwAIBazbH85IQjgn3NVYOzdy2h7cfPzGKBfigv7BzIwtmuA9xNn2Wpd/uVd
/GxdxkgKo1mznyjLVtrytzwJxrQl9pYG8O9Rlj2OLwyrhweGYfUuwTCs3iUYe9fjvzv8GE0q7F2P
fxqLO3k17MYixnYKMPbAybY+3pHNLX38UzT3pPa/qI+xd0ii9fFmozrwV+zqZ6s6Zk8EY+8FeD/F
BVvtur8K0bb6dTHX8WM0uPZTXPCziBk1cMeM3azBxfxlDYwdCmDsxQXokD/KRt6sZEDtLgC62eD3
s1AHY9YNY88AGI7dZoZjt5kR2G1mBHabGXuD1b86oxirw8HYG6z+PKPbq/oPZxRjuwJ4P1n9LbX2
awu31Nr/efsAeD9Z/W042GpLBmHBA+wF/WDsWf3t0rbt4AYIDtksQMcS3PhfNIOx1wBshkCgm5/I
+Pl1EyDKDEZhAxSO/rzJXsv+v2gGY2/e2jZ0tj4JAUc5wECU0wBHfxPi331NdN/mIfZWLyAUZQaC
Eejow68qSszRh/9FGwx7jHczPQNAIHZiW1sVQyAssa3/RcsVe0R4s9IEhtxusYX92WL77xJIP79f
y2VhaGNjaGtkaG3qxOXgZOls6+Bkb2/G9fOrrVyA/ZwR7D2t6N3eynxBd3Z7K/P17yrL/7cmjhW+
IUAANwCGbiJF+Vc/vygLRXeR/t+tqAVj74QDg4CbxYA7QS7UsnJvNvNgDnL97xXrQ7B3zW3v9na5
/vZu7/9jwf/eVoRgb7EDgcE/vdJtM2e7xWHLzPn3rt9+ygEh2NvxNr2hTQN7J5wCRCEjBIYOp/z7
4s79VFBCsCdcINgTLhDsXV0Q7F1dEOxfxP5X1hrGBjQI9s9c/2mtbds0/2CtYezkg2Cv/gIDUAYC
/Fe7DeRnSA/+P2q32QJFW3snS0Mnl0tcDtbGzkCQG5ALyLUPlQ0BYg+boL/qvm3ygZBIrF/v/N/r
yIAAsWqXba24HZkGb35xGQTBEpn+3+tjgQCxyz4Qu+xj7zuDYO87++3VwobOpps3T2zeXeBkaeq0
tUqbvyHkEbMztjextDNH2Vo/rzzYYWRzDPB3an+L6/aTPKKWZmamTqZ2xqbOOpv9bDwOm/dk2Jia
uWz9y8nS3MJF99erflsTAEqJblJl5tHU0mbmgmzeuMFs52pjg9oGIJa/gTbB+o8/wjcdmu0/g1Fq
ZusGjL3/Dtnj7xA49+bt6egR0N0joFCU5QfYrHRHj4HtHgPerCsEgDdT9+hB8D0GbX62H4Fy2HcG
ITYjKADM80Xu/vtmqB8KAKH+v7NeqMVE3+ux91tQ3p4O+qIPDANAuwcAUccEZZFAUb7E9qjN1d26
HwTDayC7B0AAMBRcImEoz3571OYSb10rguE1sD0GgCHcUOjOugHhu4dAEWBuEAgMA/+aMGL3KPBm
4BkE3eR2exRy0yXCsgkgwO4BMBTqgeBIAHSHGEpH66BvQ8Hwmk3ZxSa8qL/tGrBFBwFD7Agf6vDv
GvXTKIAjEb9EFHVod436KX5/joLtHvVz3+FIJODXKPjmoUNgmThiUw1AsAzYXGIolnMJBuwx4M+D
CQbuHgLa7F8GwQDAnV0Aby4yDIuogzcXGYFlt8GQPQb8NZXNxUVi2WowbPeALfGE7AyB7x7yM0aA
RNnJwJ1RiE2DANvCIXcPgKHwCrEj3hDA7hFQOEo1oizKX4QgwN2jfipMKBwG3GEchcM66Jt2MOAr
eI8Bfy4eSk52Ddm8cgUFaMBfwAiB7jFql5Sj7OBdo362N0LgqLftjIL/7PbBMmvE7gFQJBTlrUB+
nzhy96itHQMgADvoBt1cbigW+YICdw9AYRYKJOFw1KndHgXaPepn8xTKLITuID8UvHsUePOeAjAU
/kvUoJsrvnXfEYYpQfcY8JdahO0e8jN3B4UhfqME3z0KgnL7gEDQpnBtj0LsHgXazOcDwSiPaWcU
cvcoIByJWicEErLzLtjmciOw7C0MuMeAP3mDgXYP+XmGEEiUA7czCrzHqK1928yobY+C7DEKgLKM
IVAA7Nco6O5RUAiUG7xzamGw3SMgqPOIYh0B29l/GHyPUVvr/dvZhiH2GLV1ln5jD7l7EFqUNgtd
to2aPZYbjDL8wUgg6NcGw/dYc9CmFQ5Fnd4dqIbvsexbgA6BI3dYhO+x7FumCeCXrMD3WHXg5mdh
IfDNKontUdCfkRvMsgKH7THgT1lBYc/uISCUYwjZhJydUYjdo3ZLFBy5x6gtWYFs25G/PIpdpU3b
F4n9ckE05WR5ZE3tzF0sNr9bhbLhnV2cTA1tCfnPezhs3k/lwmxkam5pJ8A2X1HDxmxpIsCmAZUD
yDmImFpYSno6map4yqsae1obI03YzguinjJEUTbl8jB04DKztHExdXJmNnU2FjgloiwrfmpzgAev
h62DLWoazB62NnbOvB4CbD8f4UX9e/PXPGzMP4e4WAuwacopMm86VNaWLswgbpSLywUEczKbORna
mrrbO1kzA7lhbKhXOpmY8SqLiqNfiPovATa0N+bu7s7tDv7piQGRSCQPAISyqLhQI7icL9m5GHpw
2TmfZkM/Z6m585idM/fPOXEb29vyWGryoMx0nm1CKD/d2MnSwcXS3o55878NjexdXQTYzIAQIyMz
mBEXzAxpxgUEmppyAVD/40IpHhgMYIQAmoFMtik5/DbDP0hteotAbjCKFj/qn7yKTvYmrsamToIS
irLMEhb2zi5bpJmRKJ+Un+ePIYQ/n5AxvYRaGBNnQXaOrb/v/IKQn+ev2f/v8YParb35QUkBeu34
UWN45VAeoNklUUMXU0EQyvziAgK4gAhVAJAXBOUFgc4BQLwAAD/PXyMJfz4qgpJJF9P9PPrbyN8e
tXdSRcmRoIWLrQ3IwZnZDSWXmwyjJocSbxdD+G/Poof+31wvQwc5OewrZmu7eQ42x/GK2hu72pra
uUiJ7pMKz//eTE2Md6bp4Opks3VLnTGPqY3p5oycUVMFouZpYsxrZu9ka4h6uaGDg42lseEmzU35
Q2086o8uli42poI/5yRk47L1DxvLTRK8NoZ25gJsHlwmpmaGrjYubIJYQ/HWppdQc2XmYlZUllKR
01fc/CWzmK3h/0fetcfVlL77MMy05d5QEptEpFrXd63VVaWbmCi3VBRtuXTTvQwzIbmUQoQQIpdR
lDqkoqgwaRrXKIncEoZxyYR03rWHmbGe/fvNOZ8z54/zOfuf9ufbWs/7PO/73N93rT3PX44VXe6g
CFSEKMeW+wT6yieEz/rEy++L6T/v46oquTD5kzP8bfbvS/87c26KhZ+4VFrSZzcr/2ny11vwd9+/
6Ml/g8Rnt6lQOJOPrk38+ofjtJTJ/6HPP0foz2iBQ4/F8EgxFuBvH2PJp6P6fwajT37LQJVrGyEz
UVoingPRjg3GmIo2TxIkT5AUqzT34QQxHF+G/cTfXPHRpA3+peXja6zDw+biS/C3T+5S/I4D5HzF
7DDx6yRRTQz+d1RzxB/ROipEMUdGyBmKkxF/fMQtd1w6zpH/juFMTuysKv8T+BHjWOUPpH6GMaxy
y/0zjEZiJ/NzDH/EftPnGMmKO+gSerwgvY4jkApM3LeW3ivQUp4ZJG6LSjGKAXIg5VaHBGNZqRwM
Tl3BuEj8BUeAsVKMRhQN5oVEgB7WLhryx/NwDAHcSyPldqyUHlg3ApcFHKQH55QjGDB/nPINMxJM
/IlNKaY8BSXBGCgHxwIdYjgkwHF5AqwvJ5BgjXiCAmvJk3BOeUo8zy3BaCgvz0B5eRYBXngE5eU5
Ho7L83BcAcorKN90KMEoYJeMoHyOQYIxQNcYgWUgJj46JcXEbSspxnNg3TDLUtlYggCysYTyRQ4S
TPnIkwRTbppIMJaSyouLVVoqLy73GakcLAFtkCUEFvBCEghiyje0SDAK2AxLQntjSRboKYvtHPBM
csBPstj2gRykAGXDFa10jViKBOuGYxRYN5ai4bpRDFw3igU6yVIc0EmWgrGCpQSgkyxN0IAXWvnq
Ogkm7iFLMeXZbQkmdmSkGAtskKURD+aF5kDsEUMZmBeGIMC8MMr3ckow5RseJBgN4hG2QAbIwcA4
wzIIATkYDsqGnQmQDRsmwFgSxDcWKwygxyqf9pJgDA3vZUEMZVkE7U1s0QIM+hIWhwDpGDRHqohb
CPgNghaPQwB60I5YAegLjlBAdzE9OC6rbEBL6YG8hEXKdwpLMArEaRYpW8MSjIE6hFjo6xCMPTTH
gvhGKJtjUowF8Q3TE+C4iJJeR+OYDOYKL7pUDgJxcD0Qgn4XiW+OlmICyKVYjoD0cFII8k5OfP0i
4AXoJPb2HNBnjoD+gCNBHoE9JxgX0xOka07wBIwBHAliLctR0GdzKuIgx6rgmYOxkYN5IssTUIew
HECHeAr4EiwH1CGegjrEE1CHeBLqEM+AezE9qEMCDeePJ6EO8cp3K0gw5UluCcYAv0HziAa8CCps
RlBhMzwDckeMcUAneZ4AOilAmyFJ5bvTJPRYAq4lIoHfxe4U8iKe9Zdgggo7EkioL4Jyq/hzOQQC
xDySpMAakaQKHyZQMH8RKMAfLcA5wPTA3JMUB32EoMI/CwyoDViBhfFNQDC+CRyohTAGbJAWYP2L
+QPykhSMPTi7grFC4EHeTgvi4QJAj5fKi6ce5mYCD+oyHLbA3CNshVJeEEGC+aPxrYAXhgJ6RYp7
SpAeyH0wxgE/JAhA/zA9kDNgbwD8CyLgHCACxniMMaC2wpYJ9A8rDFhfRAJeEEGDegERDMgdGYIC
8QPTA/kaydEgv8f0QM6FxGwPYAjkyojggP7hTArkk4gQQAzAHgfkiYxYyUOeVWAsyBkwPVCHYowD
NSyBgLykcsdfgvEsqKMQSQLfhEgK6DPGgE7iSAHiPh4DXIerWhB/MT2gz4ikga0ikoF1PEmAWIHH
AP6PIkgQZ5BoIBADOolLF3AvpgdyH4pkoT/A6TjQNay8QO9xXQt5gXkJVnvgOxFFwF4aSYM5xaUu
8PcUycNxVdTJGAOyMaT4hjpAD849BfMDMb0HekVRIM5gDPYTVfQA8J0qxmXhmlMU1CsK+jqG5ME8
Y3pwzXH6ooIe1CuKAfEIUSyIMxgDto9DFOg94HHBnFKMAP0aTpUhL+JPfEjHgP0DTA/qPYJ9QkwP
9EGQeK4HYAKMMzQB4wxNwDhDMcD/YV5AzkAh2FPF9GCcoUkYZyiYJ2J6PJgXTkUso0kYZ2gKrgdN
g7lHNANqOkSz0CfSCPY2VfSRMH8gNuL0CtobDXN5jIE8m6FgfBPTNeBLeNhnQDRHwHnhoU8UE1kp
xsA6CjEk6A8hBsYjsS0A7IgmgW1hnkEPgOJ56P8YGuouQ4P5E9tXYK54mDPQYsoG6YG5RwyMR4iB
+xCIgbk3YmBPBrEE9FcsCfIrjMF9Jqy6ILcVQxLAYE2MWAr6DZaCfXSaAzzTBA1yfmxu0AZZCvCH
WBr0GcQtKjB/YsMEYDzYw0DYPYP5w2YJ7kWwRkQI1oi4Iga+HcsGeKaxy4HjwhoRYyCfZBgS+HZM
D9gRjtKgf4oQrBERUuFLEKwRkXgCEmAc8KfiAUAwBgfzOnEbEYzBkXB/hoG5D5YN6i4N+02YHsip
EQdrdvFIF6hraeivRNcObJqjQP8ecTRYI8QxsCbhWFiTcHAPDU8zrPOUh/UkGE/CGMBT0GZU9KAQ
D3sA4pYrkI0XoK3ichXIi0tTeB0D/b0A8zAkILh/yfBAN3BmBvpDNCNA3VWxx4cxoEO4Ygc5A6YH
x8XhHPhYQYVNCzysywTYl8dSgBjKEbAvyqnYH+QIuJYMS4FxMc9gPXAKAnwxJ+4oA4wF88KJVYQU
o9m/6kZYiM88f0WIzNxcbuI2L0YhHriQm7gGBYXJPz6F4hQ4J0iuPGUvM3EaI/cwF2ywf6OQnR32
I9Ysacfhr7wdJ9gRFI1seDvLv7/CS2ZpKQsN8wkJUx7z4FiW5mT6+nYu9jK1/5+ff3ucJkSx0Igg
jIN95/yPxlCqNsOIf7HPJf76lxAPDOEQoEZSlFj044KAVBMf2CIoNTnxD8n4bz/hojrI5WoK/8jo
QN9/fd3f/f//6Ed/whh7I9KYkemffZK0W/aXBwY/HkdWPoNlYq88RSw3sfcXj3UqZgf5KpSWpDxY
FrUtf2pdYJ19z8U1UzXeru+ycu6tsEqPJ/yB2D3BAa87TbnnWrv5HlXoXB4z7mSR36YrV23WDTkY
sJk6v71yC+1XMXOExhBZa+GpOVdvN/vYOJutXHmqKoSQ7bOm0lyp5uxHo8Yv3TzsrvbMhAGanYJi
B1q2DApueixvtnyTemj3Y2FcdbCeVtzR5Q/Kd4ZqX/zCagPvmElvnbqs4dn84eONdOuvOU92njep
eE/BEZdX1mnjLr0prGuNHxT2KvyUq+JA/7e2KXv3r6hpdNpa89JkmUH3iolfFaa3RMQ/SzQY0Pak
JjE7LPtRxsUA28jwvkVLrt44GLrlckaf7Pyg1ukPT9/b9MDe1+XheIsfK87PH9zN7qLO6jMGPh7H
qhOp3siy64Ysg/6tDiMG6m/w3jo0J+nD3vx38YVnq88sygjvUOm+IKVOXlt70LP/HU3L0orBHU0C
7mmUB9+f6EHMPVNh4MH6h829V+OjddreXNbIf1OUGNn1cfKuu+eOWSfnym0um6o1MkZD1X8c65M1
UjOwrc3RubhLy8ZDugUbg/c05xvXvBj3vfap8yY7p2k/t+m//IvON/rusHuaYqD+K1vrn27kXFxS
FbD43bmeion7R+1sld25b7qg+J1n7QWD5U1T1j/p+x/jarS7e0RZq39hNq3/xNeZCROmTB+Zd0PY
dW3sbHU7K6oxwTggdZY+Slh+aKtrkO/JxLFue7dNl9XYqeWl8/H2W/OPzDd6s8VtWP+cCfozUhOe
9X41cm9+sf6A3BPlaaVOcaZjX4Smt/q5P/qwsv3dnm6aD4tGj/M0n+x2cZO+31Jfww4TmtJCDLu/
VhxQuzTd/YG22ZmXda23D1vXXC7WGtPurrH7PLNyjl7/uA3ezNYou+MnC/adT3kX/fBOv3vD1lZY
a7kkmf9mM1D4LU6zMaVbupNPRI5mpp5JavzAjsgyIeOKlfYvWuveTdedqlvG7j+EXA5l1d16rvB1
3eF2241VmG6fHzL61b6Wsi7t7Cjt6bn+0xs0dudtDencOqGro131+VTrlW5ra78/YHigzL17r6dz
jm+MDHqd+fZKydzjp7R0M7xl5peZ8qPX9YpDsqMXhW/syvRfU8zErs/+Ks99RrR1/tTFK6emjoxa
vaVym4VGhmHU0vPnXZZk3rY83mlPze5JBalsrMzih4NZRYf2+x3cqTBclNl006A4L7+bPLlV59oH
V9/36pmvTje75m4dhSzUu89/7O199KrNZKeUlp/WJB+0O5MbmJJqX9XxHaV+rdSmY61/ZbrssM4O
9eBEty3Ny/ObvZatZge9S4yuePtgo+7I/u8jhqRxJ25o5XsKD47U3mho+LCj7Tmdtvmx1sus8IHd
ftE6d0yhW9ZUvvyFm8v1lwcL0sbsDjcM2Hzzmbzg1pf74gtyN7Ue2B90dVHkictPTajQbS1x1wcm
nbU2XTWiIrBfol/7st+GDX41YoBu9PVdx79s2bjXRStKsW+eU2O1RqRjhOaphur0L91n3Y1NUOsa
dL9tU4ifwfs2m7lVFV6LG38dunnvBtuA4G3LUxZ5GZTur/1x12nvYq1NC093GNDaXjog1a60qCSi
bH/Iht1ZZgYOOVYhMsVl4567rgdO+iV5fof6VNedOomehq2JAY1J72eq/SRHRQ7+t155Hblx2Evn
ySiP3NB66yiN5RcO/1CfHWuWeNNos0GTE8OZphZt5E60bB2S3mazepNhQvbahkxZeJPRAVNDjwGL
J007f2Jg8ZJvXdJP/Ji8TLd7pM6BhhXGZSnM6WGD1ubEeM+IP3BYc0pEj8iYHG2y1F9L10w9YqPL
mTIriyxzes9lqiE4fnz5/Ts5d96Yf/CLr8zwcGhYTl4vIy9VT27/ajT6buBz76SnvU+1dyjo1H4O
HNr99AQJSSPqzx8AAs5a+cuxf+utFd+Uyk4TGsUPDW9NtF5QmB1R3H2MydK1t8pstb3sas40ty/L
qnN6aXNLb7DJlpItaibTjiflPWZOp30hc5WX6wwb3+nAnOzxRu6di7m49ftiT3ZvWrvmnHOfVe4m
VxzykEfaTe/VOupmP3/rOvrhpBXz6kvsp2+/yZ84HlBfOfx9xY29HzrsQvuP72+v0A/s18+8bHFA
etiRsKqZcZ5W09UILXhc+dObSUiW//PHLKDk7H9F8vI0r9BGpLniWZth2LFC2j1L0fqS6lxbxWwZ
32n7DDP7nvkVcxTrjNpeW5zW+qY2TyfXwfmc97A+P70b22P92rXlfn1DSm3eXJ/5w+Tnd4xnVxr3
vGBxgXI8va1yiB/16PDCXs4Dc0YZ3Szf793reKQs4s3lD52LHoXKI3xufHDNut6D/sqrZFBU777r
q/pam4yY1uWUe5lixpEbI6Mqb1Ut6THs6O3Und89swz87eBxp9KjoxrKi+cfohJzn53N9JwW8Vtr
1dwf0vQLY6x+uZ4ZamL1U2B2UntJ5vyAq80ztPvG2Zgumng6w6Bj/uPbTw8VHf56QT//K0ttZhdG
Bu3slVB6/+fVQU3bi27HOYZuiuucSt1i7SaET1zX8rSkVJgd2fzSXic/JMvn/b2zbksbfm4Zc8/c
aP3wlqF3zurFtfh1v3twuL3votErzjhcORcc3PTCeUFlcw80xTlD08yK8k/SdB8YOnh3B+3BbIc+
Xsb3+8St3NCN7aUwd94xJj6woVrb/1DhwcDCxGjSLGbWOe0ROeNK0uNcZjkObvTVC5Cv2G17rMHA
I3ehukvqePcgs/rtSVohfd16L9u7ZFpCm5qZrOSES9VjrQFvv+2yps1m6vAzL2Ifz01ImaJhaPPg
636uK/ktb2L7re5ebDkl0XhBqsv4jdFXNprqEfcSUjanmI8PTS9LtinrM3+WgWnYu6x5AR75bNr7
gmyPgGqhLJnOnWI2a91tn/XRzpoTo3IfPU822H07fkyvFiojxOvW4/7IqvnQ0SG5Dqs1VtgM2Gf5
pbZr8qtVQ1b/0sX9RvjbiTkub3THrdl7NSAUYan0c/Y47pzZJ6nsyNKhLpoLw7ifRz7+vj4vtJv6
OfdVPn57ykKayg1anDRGOL6Y1MshMo086lUX4qg501Tv7eAV2/amlOUm77N5O3SF5tDo3JUZtsfa
PX/ID0jN9LTydzGM+bmP7U+Oq0qzB2ssLF3Wu/bk1HVdCD3PyvUdqab3q0qym3/dn6DIiM+dN6me
rD9S+Oh+5PAV49b1XtPHuOudVK1LwWVN13JjtXpH7bj+JCamNHNQYHbgsH5PmiNMtdtCv7jUxzbT
cdX5lX4FM70d1M+uCdTXidK9a5W04IRXVgp7YpZe8ZIJDxq6DrDIztiXsH6KZsi61r3hKcF5TVNy
Yq+RH17mDcvopRNw4e53QVVN83Qt1l2S0TuGxs30dDzz627DKI2iZLWwtsNVmXX1r+sUCSYXrJpi
B7ullDUOeWD35Kh53NdDo6NlDvGBp4xPjUJsXf2HLLmX+eysTmZ6+pscPH+8MJzcIxdu1Jr1tL24
q25f2qLNPc2O+QR2u7C2JOBNzEVbzwMFxlVHJxv+rld5t91TYrZ/ndOFyKhuzvnecKJFycmCkQsi
PFITLeq0bDNDxs5yqohzfN/btv9aregpSZ13PovXI+M9jI5lLr7y8uF6W6wsI1xnkb4dfZ4o5+3c
y5hRt795kKczuqXx6wv9SN/VKZs1zU32zJzleKaXXvXT/6Tuy+Oh+v7/E1K2NhXZW5BlzF1ms5Us
KUuyL8m+74MsqZQkiULabNlS1iwRpYWksiQJEdpUopQkbfrdMUNyzeTz/n6+78fv658ZZ849r9fz
nNd5vl6vc869t3DO8M+M08WdRgTxl4JKh0T1M26xwHJfzJOqKAJ2HmU9CHqltFR7fLV1fmW55dOl
8phkXlBti7RW4JmveTrWXJuOYCwFDokybeIsvf9Te3kNhjCSipO9nLN5K+fptDVi1m2Lvmkviznw
Qu1EH/dV3eCTPZ1Fp6svvm0XL5bm/9n2/lX7l9thCsuOl5BvvhjVHTyrJBlSHSdjUb2NSSB4L/FB
yWfX6DnfRQ8OxKzS7BJrc7zJLKXbvePx0R08lbWlIWHZhRW5l7qS43nJ6lukvVNMruOscpnq35Td
N7nhnhJvev5ekbA589fbAiN28dseGd877Hvjm6yV1dZVGWuWV1etChaqvcl+nHBrJGUeT9dNF1cL
d1mRzlOudVYkHzbtBA+uCJtPv+rvRIjaltyyqlt0cA+HkAnzqUBeW42nIVFJOw1CEnmHVDW1Lhc4
BYodhAWAoSXLlntlnd/JPHCrPnT8N2mtgBPfZbZROumqahjrt6VfaiM+uN06Jq5ns020/A732uw9
ZV/P2Z78VL6ty1XP/u052/C5W89rBozx20CH29AuBDfpQgBg8lkrBJQPGX9y2P8p75n9vUOpz6rv
zHX28j1zzBZj+VDYJ5+GBuBIk4HD1OdWTdx1Ov7AqL+CzzPS9OnEL7rWbzwg06BV/8batBmISjKA
tvWb3XvJuV+TffEC7ByJTb+uXZkjHPtuuEmu0WRV5eBgZ+1CXvGlvJ+2fl+X8+B7OCuPB8w0Vljj
pLRDrPjREodPo4GVFclr9U2e5I5WP5cQLnzFIqRUZqnRV+u0pH7jd1Gp0d2bzhkPrzp91Bhq701/
Q57L8e36KbHiXvadj94QAq58V6rojBoTUutqfT+6/nFSQWyNDd9A/qVNOQ8su8xidr35tbv4npTF
jW9vW5VfjPYLX2k4qTyn1GRXrl4JVnCrw4pnP++XOLbdDd6ztCrhqllHpB0++b7sEfEPIetX2hdu
fCe4q6LC+kI/63bt13d95dYu5Xsk9HTMurIrhMzi3hVQf4NfYzHLHT1iFlmt4JpHKnZTtlgC8/UV
QseVzgwdujlid+aJ1u0Dr05abSuS0NT9uTZej49LTDwyf3PSig6pbRvdtd3dvpSlwesqB0R2fRfj
HWLZnm83t2ckW3UoMuOgHollnUtMduwx1dp5NsurVsHfzjakO/S1cpZL5p4n1vJohtWesktQfs16
oPHsRtl88BmrYsTQS42wHf7PvLoFVFNOcwhpvw1rthve9nX3oqdV3udix06VdShfqNJaUAfs6iTm
7wx6WzwvY/7K8Na1F91fjl3YslYnT8b2K1PJM8m6oruLWjt3feHWE1144cF2cR8DvtNBbLuWCliv
NSBdFZbevebifId1ClXhtwejuAy1NdKytrCMfLqx7xrLSY2W24CfwL2DuYk3JP2fmqUwfT8gLWop
ogUrvO8zjsITEmFj9Q06p/tzFZI+FqQzO4NDzI2yt3zZ/bastpPrf+z+IDDHTtPfeaVR5VsvddcL
8/PZj589HHjc2sbpZvDa5J1fK20Hb805t+D4QdV5pYdKHvDFCI6ostpuFcixNZBlP7GKX8w03HRu
ysq6eVIq+LD3nMvO964r8pQ1WXs8IttZrU4klW3JIyNB1rsch79q5JtLcX+8kS9h8YPPyibt+dbY
G3ce8lp0SudLbcccl5Hv3pwuWBx+9cTbEBZN6df2sBZxnlPIwFrw3R3Fh/zdB7orK8puv/S8fHw7
x9wjczPY0jZ1Pj8do41V10n5JKEinnc4tM7AMP1004HlZeefSB28WNjeiKl9nt20eM8qZsN9Zqkp
K7Q2LUyT3lfOe3W9oIujgOZGjAH/5r4Kk1juK9Kr+xMXLmR/36b5CpiXfy7mNvOb/bzehz4D5Qdr
TCJtIjK8tRuWwq0KjevfOpSOvh5h3sulXXPfsiwvvli0scVI4ca9IvcR4w7v4kd+YHLtI6Xd7wT9
PRT2Lex+eDXUXFr6+XVMed4Frxt6qooHM2waB8PW6kFC7sX69x+o+ls/Wjz/SZysTMVOhaYN9goV
ysr8efr+suW9t7NvpWYd4h4JbT/Nw57VNJbmWXTsY/mDG/0XjwxFR6wx/KQOxLB01Qd1yyn6vIDD
zNo33CxWaq6RAu0qMtoEVWKNr4SeyLHDlZvuOLX1afqzu4PPjEimKzdBIovsi45UbY1ojnCsDDi1
vFrfPP1wxZl5UFtjeFJJtOGJqmccWtZnfa/sl3/0Wr1P6VvjgFTfmafzln/juXF5u0/SHpeih7Kj
hdc6d7NfSeva4ij15kH7RbZTyyS+dBw/N/+Lxtax1yzlR65onzYqvtAYp1Goa1b8zoutq8d9Y6jb
WIdHuWH4s7fPFwcuP7cXzosbIz/9tC79mq/MpRcigiO6OrsktsdKCwg0r7XLPnPnzAlmpSeGVeFS
0TYNPh0WL3+EdKnnvGmUuphy6Di39uuSCIvt+moHnlwP4HDv8WxNuHLW99dXJQ9NF7vug47m4KVX
G1SI0sUBCs3aqj6nPQ7NfxO3xd/aErtvt69azzCbS3vrdvnu9OyN3RvvcYnLGoomXlXQcNq2MOFQ
UejIsfjbrGSS8pU4o0WhteIvV6/Y4zS6f88v5qNFeo0o1gcmH/8HwNDvhHHqC4AmeJ/63KP/S07v
5dSUcRV2JRr95LuHpuSMwNRn4U2CJ8zK6VFWN4mLdn8xru/02GfSr4kZsT08PK8k0mO1yH1YzVxr
jd7adVfGviuqbCtKPBdZ4/H8BtnOBePYmHg6OMsUn8V3vdmwNW79ta6mxq2vbsmWJWxvMHpMrkzr
NfSv3G6JKWbt2l7w9XmLnfwz8dfD71S+hYRf2/rqgXRmZG6fO/dD1yd38h361/Z2bn5N1iGMVpra
1T06MxQ0JF95V1h8cOiuZdz7x3b+IykDO/KKExIMS77fZek9wv5QXrx038EUtqxQvPw3uPJTS9DY
KPBr6KtvyHvDpQaV26KXF3+NrTbfbh9ZM7dbafWOVc796iyVD+K5awcaPLM+/BKXLvYr3b7j9ocV
j59fCjHNK/78I8jPQSldVnJ+xdKAK7g0uaB3j3t8r73l3hqeGHnqU9/lkYyG1oqVi0xUUnlSr4jn
lOqyKh2zOvS21elxknMil1HHYcX6FY8/B5e+L3z5UC1VXn95K0+yWp+WyGeVE1UDBt7KgYFDT1+I
FmjtY1+gP2cv/uVxg6Cj5js5fl0a2jHQoqbA7xu1NWz+4fv6F1iEPrPoN6cetpqTsnFznV3kL63l
53m8JJKPP9P9GplsYsBhIcpd1qbnF6DzTGUN/6rULVHkS9xCBI0DIi+X2qiey4s5UR111+SCmho2
6OL7CMjpAIfZV1EhK+nE54tKdXZ78iX7HFoodzzjgPTdqjRbIyXbd8ZZIwHRD2VKTsZ/lpGuMu7a
1GjvlvslSJ+ppPnxTmM93SJ4JYZ0yrHmk8yPBep6PAbEztH5F3ECi4WONuLdNdj4P8xZnLa/4qCw
were8MMDRzNKzWUugUPz60N2ENVd5Zpds46Q07KjtRYWbNugm+ftEnkF2J7gZrjSKWu/Oufmw2JC
1ibxtq/IJlm54VucXzCDgUxXEvvHMHu3fvn6rkzhV/BC8v50pUIjNcnhMIeevKNjo3ZHBvi8NJoF
EzZ8sRwq4BHRvaPw8bt06RGljlCbM2tCQ/c2FYnX3tx/+Gir34VNcqNHul1fxzFniN1h65cbY94X
6lXTFJ8utrLenDnja0jsuvSWhclbOrUIteswfBlLHkmM7hJzFI5xS2J+aHXTpJVdPNgrj7OeQGSz
mKtiX9Fo65KAaWrRunuky6NcO/xUcCfcylpUuHckrbkwM90uhKvefVugGOst0RChhBfnU5KyY7R9
940cWlZ55ecnQcWzL4jHFj51rdZNSlufUaD7MvlCCEu9WsGquW+Wb/9M5tlHNHy6rLaqNzhJxshZ
Utpyl+SRXOZ41Zq9uCXfVOrrHIMWpoaqB31Yorg9UDN+yVZHWxU3kYWy9aEqF0SX7e4vehWlldDF
uq5HwkizRXxBEU8hQS/sxwMNjZOFecK879kyq1QXrCgpszIdCFM8futay4cF84F7H9sEfYt6vphH
pa8vU7xqHA9eOaVRv6003kvr0hLmeRxqNQ2dEWQXwrC6s/mKVLcDg7vcQk1TDdg2tP1c6PLw7rHi
xPjQeVfDhjfqt6y7tifbm6f6cuS59ACupdl1c2qbpIOF3F0a7U1+bhBssi/QGK5hLytojeg7WdAw
XPj1yPvjz07XnTlj8Drl8hhu/z2bY6oAOUA8wG7D/SD9zTd4L+zRYZaUSJRh/7WkM9Cldl8De7MN
TjG2S6HoZ+VGpvV8LUxCV7ndxQecBZLFLLNF+7PfGC0xde5eeFb39sHLEknLV73nu5Dk5ip8IMbq
tqiLv8EHO8lojqzd21VhT/kl/IDrSoNiRUu7U3L8sBph//evcnd6t4pkiYs25D4uzFwdVsgv8YyY
dvn66biePZUqCrLDfSoXVgV5d3c2NYRcPitv3u/hsPF0mVxU+PyL/I/6XosJyiwLq1qlF1C02en2
jVQituGXlkaAQgq5kifznP4y9rcXO30bF54yw+gUS441nJM51n8AyC9QeB0bs40zVGzAQONOjeC7
/ZtjJL1Ll8Qc43ymG/1a44j387UqnDeOXHuWtzi5/YFsPdba5OXHy918XF083utZtTwU5vsH/OJv
UPU8P4OHIEz6RwJushREb3+NH174j/1j6RT/aD6zf4wsceWi+scGVzF3rguORkabjW4OuKe2PNxg
yVZSq/YyM+JW7oq3q1aezHP3wDbkHeB3UlpnRXapO3Lh2ao8nT0Cu5/gxx5R/GPWe6ZUwvnLuntf
LCmLXKjYsvtdsq8XzT9CWH40+skHEk31j1PfHz0Bfvw1z7Pxj+ROPE9wm3FiGR5alhNpb3rUOa70
PTEusqsPYtm/xGaJ1Rzd6LFru7iVt+xM0sm69G7B2iWO3pgrHK84Gg6TGkYJln7Q148Pz+z0BsXH
uK7cddlpKE0wLtn+uS2yoabIpOkbufqkldijA6tfD/e1/WBSthTz2ZcZ/IDrpy/bGy4PnpzHDpv9
H2X0kHVcf+StqBlyUfFveLkryO9L4NCIx5B3c63Dk8d7qyzcD3/+tsWrwAK8eRrevdQg3unHV6jd
ris6P8tzlV/M+rGdX96/Kgnx0E7QKsbtQ/zj0LagX8UDNVfbt+euqVQrDLpQVYCvcdgT+Hn+tbML
b4oX7Nb2vF56qSzCP6Gx4Fvmw5psE+nlIesApjT/e4IXGhbHGGB937g47u9oPRgrHh/b/OWybge/
nru5eV7s52gXPzj1rGXwU8FXkc/JStV2nixtwYbadfPnv00TtXww+Pash99F91X9SvwyIq2fVXTz
MzqPErLEC64tTdzz3eRp/6nA69WuXnr84Vf3K2NDDt6M617d5VR102XpXfX8dFxqoR7L2eQ1ndnH
ckvzyOvAY2kWHyw6X4jg35fLXvL7Mtee/xIzJmtg3wpydoft3peh2S/xagla0sS8p3U60LPjZ60W
3vByJZ8DkiVb2X8etuMWE+B7mCp8bo2F+brW9AEeaSGOOdXPnLEP/JUThL2KI1UG33asv5OP+bJ4
s2J7iXjmA94L9lqrAno+RDWrvyssUygfw26It386/8ji87tbTp0puX/nyA4NWamAJrfSRRtlLevF
WmvIpWaKc2XffG46lWKYU1pauv2wxqvYk5a5v8ROm/fwZgc7fdtptztE5GlZ3qauDcZbxI9GD8p4
LFiranX/PGtljVbmaYF71h/7MoJid15if1GinN8mbalAeqWsCHXHSd9gvhOiz7a4h9fRsGHtk5Et
dzM5N8RectpRQa5fFfuGxTEvVz0mW0ldamWOzPCjFccWfJRY2yy2htX70dl8t8jjQsGX7z9Wyvmg
vlud+SZcwlaYlnd7E35RS4Z124DouY16F1bIDfmpFwWov1IZ+Z5qtCQ765vGYveT0aSUDd5PjtuX
xz65t103jOmjcd0FnPbrotUjI3fnPHgTvYApfJGiH1P0TVEuw5sEvtrgsKEnOvWLcUalB6oCxVq9
k/ebNnWGepe8ULCwbT+75OWZxblE7hPKxzc9zh75mKDPn7D89LWWnak1b621NOZyYG8VlX0pGlST
K5U4+ox5nvhdex4XrY7vSyTfNKS9fRuUm+tf5eL08HTpjiaxEzmai86t/3Ki5kfm0Uc+AQI57Biu
tt3Xe+PUgoZldVrrUyrlgn2k3eeNiFu9Fwi/7Xg1zfPt2eT93fL1rxKF6+UuswT47f4uevitVHpa
l43F9doNdvFthsp91p2QW8fOdSkq1YJX1wls0E9+47UD121aSmpSv9sdSppTkHJtr5d44af9lVwv
LngfNGD9lKmyIDYrIMyqyMZq1c0WNxc+ibE5sXf7ubgviy49sdKuJPTJQbLkLcWQayZHVwvW997I
SPHjn1/VUust9HjVSHbZMkOhD3tE5EYcl+/fYZWQ1/cwAMxpJotXmDW+a16TeLKZqXNDoMJiJsgt
SSczWfRnXH1sXEu8vH7yy4z31pzueSWkGOg6JmLxu5/MCz1hB/nh0/6kYt6xPTxn7MJ8DmrxlvIw
v/W6eIrYETq//YtXh6qUbKCcQOdLf+VLu+oFDd8n1ayx1Hv7qc4PuFK/xfJqSfP9Ju8Ml/yY7kAt
Wfnv69kVC9Z77n7BvHCIiX3QJeZBgL+bW+zJrP1jx8peOB7Y4+8j5c7mvsBHII7P4HBZ97or6wPS
Qu86bjqgqn3Lsd5N/shdicra3C3Vm+wGTsVV19mttyLeXNrq02ii0Lj3lh7xeFdLxTq9U88vSvQD
Yjs7D/nKfbU0CtteH2jjaNf+rOf6HLbmHUVo1oeA3znh5DIoAM9A+/CsaP//p5ywZWpOqIoVQKOf
fCvjVJ8Hz+Dw4Vk5/DxjbZ8OjUWVn6S+ndA2zNWw4hQg3wkv1nRP7MIZfFXQWH0qAF59/8jF8pdl
g/0xqjcuF5lf4V1R5TT8rf9z/whz5mb1ddcrXHdwdXfrOL1j4/tYl8f2wvfMEQf9lVGd/b0D5OOc
zmTci8i4UPKNrQ6+312/MC1U5Cyar9m1tuBN9ZImKDjmyMPHh070nsWdfsByPc4aPNPoZMq1J7Wt
zjO0v/dpgfJ3t/CEMfEnH6VPa51b7O+x31f9YORWneP7Rtb767Dat8LXR19e+PjjY1lvw0lhNifR
fpGceF9Yq3jxFcKZNQ8fOGnUyX44+Wa3UItR7Hzll1+SJQvT41lOSEuYSNqtU3u6/u6Jl/bdxESZ
Z1zx975++PZIhF/M2FSu/yPZNYRHo+VS8aoeja058/bOY+ePuKKEjY1bGEUeKHjeRA64kPtMnizV
xX3xSG9CfK2y81yh3Ozb57d/KGf5Ev7CjigQHVTsz5+59irhCoanT8GdZZVtsU1mCbt89PkT+SX5
q7Ztd3PTeY798dAp98GcDD0lPZntukPCG1JSgQNxOD0JjnkgK5/rsXnWGkqPlgQ+X2M+dELIsH3O
Q/MuloiskrecVxe926X6rUGuOVtPueQCVNu6OTAgoqTaICXG6aSKHJev8M0FWnyhXFV59lZNu2yF
ue4d5PQIu6vMWSte4XTF51KckP2nI479HRUhz73z29M3db7ZL8V+0IC9paovryhKXDg3To3Nz4B8
37Tdv/VXfzvwUkQ7vLBY/e6b7YrySWuLB1yCWFKaNpXlhGI3Dl4dcnu7KqH0NWZETcbmKkGre291
0Y9F4M62jjRXrbAjxWGvBcvXCxlws7fIrDHvq0j6zim+f8lKaQv5VznytlWpV+4ODGVrjvaWL90z
P6VpcKWNTZtOS0LX1k+7A45FRA1/U+eR3pIYkK+qJb+kZMUFo2Wm3KLs52s4+g4erDny5U7MUGHs
7hVkNm+fexZud5YN7U5pyuNZyWUxkrQmRdXQlWdByJdN+We2E9TqohcqzPnxKmTOGm0PfvHWQ+mD
dyWuShQ4P92b1dumnielbG1cZ7tX6lApKN15RWhPz7GOlee05ee8z1Xh71mw6VPgcXzpQ/YrR5Jv
3cn0espzi3tl07MbhvdlGjyC42+GxsZeO5xnxjG898BbNiGL9Y9Wnnma1nlyXZ7B0ef+hmtDmTMH
e98nDmErzthsfP/4jN3r564nuOM+egXZzZl7M5Nj2Hv1kZiO4qJuTPemV9FgYoqWzqnvbOoaBvtf
txzi63H1rbPg9Cow4o1ONH5SbRez6P3J43MX1hecTEmtxZsYdH4KXLC8Q9A/zKr2fJFaeuojaY1G
D8OblcdqRYKSS1LXnLd5eWBfzlP8+oHCRQaxQjfLoy5t+2bIqv7owZXw0egtv0Q8anaSUz+pqxy/
0ySfLbzkW1OJ4qMXpuFdveahvRsDzro2+PRvey94uLQ+51BPR3Nrt8+SZ8HDTLcN+98b9UpyS9m1
XQ0y/3TynIrN8pFrQqTbC0+wr9I0T01otxZLDXvO9HVDT88ljV1DJ4z6jVh0saM1bEu+CXTxnTup
/yowpY/wDvM5Q5J3o6y988rvN/xN9hsX5emaecWTMs5v3WN5YreyzooItThPnUZFy7m44QX8W5Zt
UlRnYVuxrPmCzHY5C7GmY11GIfGF8YnzS06oyzWeYF8g4122SHm49ay5tMpHO+HHrdlz5Z1upLXk
7XZ8+9EN1MwX+75cOPlKzcIPlgMfek/W8JtdrTzds/166teUyP6j691HWUcUuFIVTbIXut6q45W9
5pd3xW9Br2T1amg16Lb6B8e7RslU+0JEscKvOCsvY2OMbd1dD559Eh8SePY67Dt6okLP0KXS+dfW
84F3WCWTzj+XeDdaPco5mn7Q9eovLlb5uSkz8PnvIzEkaLIUNwOh4/5JBpffHyR4aAeLYGVEOFjK
bbEw59fCUg/xBo7Aoweu2s1znKtg24tpSn30wXPJnUPJPAWnYVyG2WU4047V1x6sSZ73Te6sYt4q
mYY1yyv1VjS127nrha7zWDOwoW4zU5Ie3zk/Ln4nn50PX1Zd8y5Qek7AYHauPtCR+jTtB//ry5ZJ
g9sUS0c2b9IsG47f+pnZzBAriIaPw8+wr4efwZfj/4MUjnKAc8A84fSpRzVFGbVGm83vE5Nad4rd
X7Tg8PnNIfM2uLYXDJrOaWnQgR5KNGoUzR9Irkws7ndc6bh05aetQfcTHmz9wtFR8eDAaK3Hpk8f
wYS8E3BC7Zf+R5+lE5qfO9R4GkXfW9yT2PTTs48Zo3hU7KZ0ZtnVVEsh66Aw2aKvAbj0WjKPhY7T
vl+Rznjz/DeFfD81BoV+Ce0OFviJO+wf1/XxV5G8pX1kDdhe+WiHmczPR2xSW7Z+32uZO7TFs2/k
bWh648faHuH1XYLcTaFulW745mZfhdNJN743XnRsexy8Z+nThqJ+t50XmsRfOONTMFsF7Erwss1B
ZsYbXU3l9c4IfTsX052d2Jqdl+F35KkL/ua7mv355z65ySVV+e6rWPRTy7BnpeXmAvK2h+c+tfS1
VuWeayVm4bONron3zg+XIHQEdvbu4NM+t+bmbfGHAw6g+oXB/ZvL2I6xzSnRv7ZKmT9m/bLb7UeE
KgQsnZZ0v5AvtWDX5H/Mb3ExwX89i0q5k5pXQYatI+eNkjlGkqYr+C7ubTCUcl/nkzLAGe3sWFFx
CJDoCYyIM3t/Hi61/u5edsH67eaR453XPju4qpl/buGV3+DSwH3uykoT3uvv+zYnJIl5nl+0w2FY
6klJktrbVa+yzIQ4DS9HBa01vye+gX9zvpRmvNQFxXTSluXm+YahxQKKKj55d9Z+//IhRatGddUe
GXtRjmsvMy7eKSrI7Std5i5dy9F5mSMnPmCf/sOnK9oFF7FuWtWCb99kTTTNPrZcPdPnRlbTWvv5
Qw129lg/UckG409upITBC767nSUF5QPitgi3uZr5j6jtCVWRW/PxyqnheUdZ3mUEyIWcbeINHOWt
S/cJ1Sl2UvB/AtpnhZpib2Xem7cjsbimMlzwRoSFU69PlrRPlR//azXpSxI7DrxK5jOLKszqeLEo
SHJx8eKAGs35O0z23lXnlRUJjNy9ul62e/4mbvBbrrw4/lLG522WezVVH5Vm74pdWxcdFLNLm/Ts
V/L7p46rk+2aKtrC1j9f6ljuz2soIrXssFpajmLP4Pa3c93x59o7o5PeaGcbMYliV0jX4PQubtfW
W4cxOtQraa7tcUL8FVSxVP5EB7bXJwNosSo6sum+6zHunGfYT1oDdcf4g3fluiYZ3beQuHUisIBf
o9NcoL6yMBqvuKzIwEzNbPexTB7r6jvabA1YvOTLmyTM/DXXY07Bgdk1NxczY5McrbmeeJNum61Z
kswjNli1zpK1DzPP8y63TaxLzgWlo6f4OMO5Kx+l110e+L6mxuuaQXY0Zv36xGeP7xe2rnJivZeS
JUySqjpP9GxT4cbGHGN9XbGoQdj6+AZuoTUGkZcGdYJ4OUKBDb21Vh3YwfCbAp6Vh8yWXf48Bm+K
Psn2RnL0wdlb3NbXNbaFDy/Ul3v78JjGCqtHi/SlV7bCa+Zqe6eH6X4ke8NvQl7bPTe/ccBuqA/7
SYV5bQNHaPdQ+vpBT2ElrvPXzgR8lMtihZc+vWxzOErTtnzn04qoRTVGEhlh/lFtF7YSN3LARbpV
ZPgSWSljtYK0tkWCICEnzrnD6UQAT8+FylxbN06BiK86L0TwaaLFH2/EuLxTFcA6HwJupF/S9rcu
fHUxOOWbWXveS7kMq52LSt/6gTY9YlB0Qs8mSMEyo2nfoY/57No5Z0q5F9mbsK2uuPHeTPFuhbDD
CdKGPb08H7QimQQvR21u+O6Q385XQAq/2LxU6J2eCmeV9vClXk4+I4cI1gJ1jnIO9vcvHWKiwteL
e2Dyyja1BkoJB+2/Yq0oIZZ2VbGv4NfxZ/qrv8bEFItxDV3t+fBd+VRP89MK4A1ft6KMy8qylpKX
B7nWHPZ1mhPpmCt42yPM6Ncti+Xul4x5MXK/+rwPOFgJlbPbiY0puXnGW0kGLny+vz2fdVfANs2u
x72kne7nDCss+INf1W161PP8s2XEt8QeNPvjp6Ryv+mfMMP2HuH/3Pbe8NRUzgErhEZPmGl7jzDD
9h5hdtt7RhaenXie3W0Flz1N9x28ZCdfJFx2zoTDzuQE7xto7YPljocNNO4lj/T7y6o9Jsf5Vb8i
HhKIUPjyInHXrRWnCnkchiPaijYrKfRe9NnMPlx4xY5kXvg1iPVTr5dF7gqfE8p7ys5FLruLT01a
p/BT4PrTcyfXcF1cJGvPvN59UVAUoZ1cmlztkMApqn/nI+F+e/Clg9pxP+YM4q+Lp+Dvet69SHje
OLb0PblhKHiZ13Un2dzlYyPdQ3nhD+8bS1W2yI+Sdw2e9Rn+/OnVyfBPcwOW563QFpW2K/bdE9P9
S1pe83FQIWdfw2NBzQLDILm6dtDcgsXqg8kXnRPbb6Y/79DP7Qw83D8k4FG8tq6IU1nSbo6VPgcv
/7xmpi+6XuIhKs7Hl2SeVA99vLFGMfy2wHnXVyGCcluknuyq0oF2nmw89jA8xMlM2ObkVd25TH6s
J4ybQ2KDBnmDq7oU3aLc5xvrDTQ7RaXeaAvWeN6lHeIiI8t2Ud3rndNuGX+cw/mc9NzgqM147Szv
zXeWlgnJZYZlNj3VPsBnI1JWclCfl+ld+6qaXdZ8P94oyn7h3ZgirO0TqWt01deEiNFXHHEqaNgW
4SIucclW5sOCffLlD+O4n1q4yslmNx0pvDz3hbI7S/WvrRmcMreWOwf0HbuSzyR7z6zuJHeMJHNH
wI3gAz5PttSnXrqzWS34nZyHd/jZ7YuG+I0SJeRb9t5/6ipTSMqX6l/nW71LYuPI7cNNPiyDvtas
Pfp8g30PNOraRYLPv0wJbtG44VtZzUc+FHUpiNlcda4xf3/hXW770NykVA8xUY+nxjJWq/mZjl5l
Z8r6mrhlflP0xcjF6j8W93E5e8r0WEd5wjurhsLmm52Ja2JODd15Lca0LimO7WNFnriz6GMZ2YyN
kRFpnlzv12EFld1ijy18brOs13/tXuWC2x+vy3/V3Om+9/Q8K8fqgOUjIpovXXVT/Xo+n7neMw9X
++pDrK/2rR3HVBpuWWyy/eLZrn2q52Zyle/jdrtlDuASttvRnB+U55rc+vRikX/LsU+XNStWvi7J
JelUku30L6sbHw4e3CdclrTy3vzEOP6npfs8Lf0xG72jcgl5oKJOegtbOvd8yW2sQWmnLu/yqly9
yXBn9wPplNrq+HNcfqMdZ9e9uDgoXftM7oyOIVwgYefL8tZ+w80k0GhlmNOm88331J8Hb9/m98nw
3vLIHxkVXy8ZErhuPI1QaNljbC2sHaroksGh/SL0XceHLQ9OzuX9tqzrobK1mP6YmZ2yafVImXgy
1yvj5BebVNzDMo2Tzqu3DWZFzi2eK7n4trWUu88apvQ3z5dKhmSI41JZsirF9iHmbNwXcaPm0YJE
lhuE9Ts/PrizlxiznRwwxDn848RI8g7Dq7mZZ8uHcDsXvDNzEXcLXlF507r6UfuTZpGwyx9C+9lt
cTgiMfq5UqJmmvTAMvMkGfCE4+ulT4c68pLnWX14MJInXuzkalrl6JGj+/36p75dyq2P5gevVefr
Hojn/fgtIXJ1hNcbadZmkcuG5FP3PeWEF2q/f7nNe543GMlRdrv4RFnAwJEDiYmuZhzWl0QJK7c4
lioZ3F64PTtggEP0zeiD8n3VbUVpy05e/tyerrFHLd/6wwZQQDFS6fnoykFCgMIH/cU6x4uqr+9l
CrvdsXgGdpzc2gKB31tbRPRxR4D4j847ls5mawtH8w1cca0bsk+7mmsaKQ/S29qqoW5tnfWRrCvB
e8UYia+PVvLg//V26Z4XA/pfQnT5Dba30La26qdubfljhdHoicQZfANphvOOpFmdd7w0mRc9zWvQ
qj8c67fLN0Er4XTGSZMkBZWXsarac+E596qDd9/fL7L28RZhs7ahUzwRlcldxf2bgK16wOutVx0a
BsLv82+rMJUcta177HJN+8SVPJP8g/3v3u88LX3LofJFZKYpYHvXIHiM1L3hjfeJeZdW7ShS/3E5
/K2g0Jqcrx7rRmrcsKcPc+0hRNqVd0Xshr7vuPr4F27X9ZSfAL9devfX681XOtYmNODf/DyraKo9
9iopPmzFw/srcq42Z456fWqMaPz4Tvb7VuGtbLcULyWfYTYtPJVVx/FlzLa9rtPukhnblxN35Uyv
G73pC47JXd7JwRwxGpFrHHYvQ9y77es9r5cv2980gGE3HFZ7LM+xKzTZYM4tcavMTtW1YVvvmo73
ujlaCrqyoCbJucDu3QHCcwnXeBVpx599q0yzfOb8AJx6X8Rf8CnCLLaUNIy7o8WcFEVeoyX60rC6
UlfHLkA0Pv87oYfVIs9bR9AlSCo4rG003uxOfc7qBX2V9UIfRGo1Kz4s+jKQeH6zkLOBWmnMSnEW
by85jmsXX56VuFluvH/P7is6yxO6WH6+upS6nnDs0K6jAhoJ8h8TZDKNLDON1X9Bw/4dIr5SuX0h
yta5dy7kafd47T92sn4kj5AZ7/4oUvzho3LiotUFvtv8Eyul7viAXS85pd7NuyVbcndliL89boPc
G3yIgkhG8IFIP7W+8DPqzgbpWbnNbwtVkr5tCRKVWcCyNHKZi1BJYPORVzxDtZHHREVC9edtM2lQ
W8azjenobolBdSWvNa0hso27w5sdRf110hRSbxw8hom7k3RM6uTp1Y+TIce1x3eeHnwKFb2Q6L88
lGWzaY5sI27JuwOg+tiCxv1v4Gop1wNn9GV2tZQXblO72Gpqqpd8SNFfLfP8Kc6IjdlyvMKSezO0
byXW7alXbckcXrN8x6L6ZUU5u51Iw3rC8rWsnAcVeGPWJfg1LN6hrmg8ROzVPCxg9cx6bH3Js3fL
Qx3L2S3I311CHeOkX+c8CiNfLHhwqEgoyKNB3MNy5ImQdfYC+cDkxS24+c0J9S2JA4mJkrgQNSWZ
90lsRSfAvZl9q7iU1llyub3a3lbi5iDRv60g4Rr3k+ha3UO2i8VM9wdY39E0XxInfvJMQ1NQk0Wb
k7ljvsZRsvgJxS21wwoR4QNEjcc3NG3flZ8Ak5mehEssllAePP08LLlJcaw+IfGMctVWHq8tyWIB
0epHXe7pmC3YbBPGqnDtOelWwS0BsODZcBnzC521fK8eLqv4qr3VvZV3uDausPQ1qyr5pWir9zdd
iFd17wNsw44l2tprHTBBi22u7x3z+hWxWvkdbOsz1z85e+nA6J5n7+4smmdqe43T2Ti5z3K/SEaD
pOqP9nV1OmBkSPWxIAOb3tNaVrV+9psbr0SkWx9y/xW0t9ZDNUHCQyTj6oIzugOOCqGfjwDCB0dU
cfVreQU0WCDHW7BKQTBrL27gxoa7W8Jloiqrm5yihOcpcQrdBo6evok9OKIXtbHgWedinRy95CKf
DfjPZz0Kr+KlLuveKSTEDZrYnNH51Fz1EOeVPGge7Pj92fnmarH9l6p38C2rEFtxcf8aT/DOijl1
FWZm6um63nutj2c9y6hZ2p665LSv7aH74lZ2hxxdFx85m4+NCuB5ImrTwnfQMrIoxnSZYdLWnabr
73aHpUZ+bXwCZ7pexDIJuF+N2rJB69ytjptO4S8a4Vsn3uoXnVI4+DbtvPbQvNsOoZ22opzMvcvC
N1Q8Xuu6vXqRRnPbSuZOiyLNtk6Oz/veNG7jfCjSxS2esjX0S5bAJqPe2Mt6bAomuiwwz8n+hINX
DR/Hb/Oax18g5OI0fHGh97nAu5GdGryt4WNuP9cmHFqftYT57q1CwV9sl091nxyb90sdE7WMvCCL
6Kt0ecgmcP3nW4G7Ck09uFZGiA2s14PX+D3VVj17eM/5srqG6+/cImUwV6uKViav2J3RMj844vpe
5nJS4jq0OyD9PgeJw/++pQztD8DZnX///ylRqp+aKB3Cisxw6xyEdobjT4BEgZ9VJJBnpE05/F/Z
bzzQ0HCk4XDsZz/fhHMNWnLatg3DnPuOHTrD4jSn5J7t97rvy0XWmpLJTvaPxdTmfv848s5c4SGx
zrk+ZUyy/8EXy+Uln9ITR1/sTH8ccFrbWPNMY/PnPX7rG8RKThWMPm9xkn+eRNr9tfz6zXOvtwk1
6O2Nwf28eLBvmZBd8UeXLf3vJMrrnff11KxJwBiX5G/qeXDlc0p6Smt6zyZnT0//HykDjUaPbQqP
7Fx/5mzitmfvK5d2bghPWZ/I3THw5kXXrq15rzstW6/vkcOc3fSIxdDzePpdYgo5IM4Uf1rr6bul
z9e6UI4DDnQ1AB9+LbgTEK+d9QX48F36/pDrvtij4o/dioJ7RdLv33OP5xy+WVHpxQqe0LkbndSt
7eNmIv3m/THfxXFjDRJF5uyZaWZOKvH5fouUzV98LW/z01/n0qGduVbxQnSLZRGPQ9adOr1H9+JG
BkRS7D4FX115kTNz/hr3LqK5q7DFfJV7PKMccr4GIqX51usfZOtfy5t75HSchQRL5/NKw/iNBt2R
gomSS8ty0gr8htlULNlEHzcns9wsLcQduniJ2zI0NvPB/bwtRh90q5irlonO/3rA72byq1VB5jv2
AavmCGZZjt6LuLj5c9r2L+y5R1ozHc4v8oi0k1tS1GJiPFyKF8TNf1Ih51BcZhChU24SWnZDuMjo
wAD7bQODsUMrrr/pq7/Jf6nYZN8iUmdFoc4w03tNGc1ojhvhrXy8887dHDnHHtZiAL++UmF0U3TR
0VWcfpF1JMen+mXqdaqC71OL33/bYtEouSqYvDPY2S2kEArqgu92NMh8bS41jAGV5vbKH1UNd9PY
dKhUULZfX+XBkRYuq/SotKjirfeexHIPFDdvzX67RLD9w+LipSt2WRiqfOapLInfpuPWJF2/XCwL
m/ZW4fVr54Lsw5tDwtJcbNcHj31of71CkIsliklgKF07YcenyKqIlaP3NERUB49/kGQSy1t44W6Q
fMQVgboFMQUS7l80nX76dmt2vjSrKt1unxN8LdheSNGdKchfc6E7Ey+LARLgfLQi+or0mV/T4r//
OUq0gC+xNaSe1Sy/iEtjX95+poc/FazvXYqOX3Bs2RNJOVFzpnICS3Sh0ntnmxBsqV8VW9uW4djD
+4oWeM+XTzyYxL5WbTW+olml4FspU9vl7rbc1oDkhtc5qWZtwqpZ3AeDdvu8V9geYiwhm9R9PnRu
RlnzmaduvforDkm4dvGz9vUuPdynmyjjKt40kOKwwsdDKqT88dpn8oeqvCrmKJ69z8tZGN0hnGml
+0hvw4ooRdmvyqSPAnsCNRVHFbeOqmalY/20trw3PM+VYh+k6Tw6/DxbRD71JSnkoRZPd/vPVVHt
wsv2d57zuzCvvqK7Meekjsb8BUMBty7W8hJOVTov9+LM3YzbKhFyUGmdSevBCCt7/pPXRT8uXJFw
0EBReN1BoKttkcpuWbn1PJrbsxUcUvM7z0i+7whYSRJ5M8ABd33iMo6ojWlPzXcarnrf0BixsVKv
Sgr/0O5w6E4lefjho1ueTuf02UyXVHp+0WtZcZHnNTdnOcfZz8+2Gzpb290XjYqt9X6lKaCC4X97
JJ9P0WZjimKvjlVVgKH7YFp94afrhqV184YjV7yyUMjnbL5d8jkqtv42LCnD3hqypzDZKK3rlyiH
Q+iKS2+i9fEVIUEvLq/psHoB30pdlLay95HPgfY5Y4plK73j3XefOrStjz+ruQ+fb6xw5EXb0qCB
D78sAft+9GoclT2pGRfxN88CM/As8D+9w4yWcZ2mOJkdGnd28YmG7U+86JXg1GZyi7BO607MkdwD
O5eVnC73zVzOOtCtfVz+bV9OyKvLcDAce+Z7WMeBjuKSF/uwzc6jyQ6arHXOiRdL928tkQuznu9s
Hm588iP/62OdbMcfnz2W/cPc5wlGdKebj+V3cUEFi685dz4zbzfFSqDhAzPcYjb+DLjp6MHZ3WIW
q+2ZiF10cHBsmY+mz41ntqZPW7X110pl6iWI9A6wFve3WhZqS43trg3Ba3fomx/hrav/Xt9fmCKa
yZfhnVuo//Jt6v50cb5bz6IztFzNYBxP7xJCw7mzJINOsXm1dzekgaHhnX770xxjG0xMVLKeVqj5
hnKUaCXM7dgnvRY6/yGPbNbCVXL4amjdiNTX9lhZuwf5T4YLLtur5GQnl+8SvPxQYQ0hmoup8X7c
UuU3qwfi+BemH314ZeThT825CmT+y3JebIFnlhUM/HxRGsklU/fOzVOlkPWXa7/pmYdggeWys01y
5yrto/s9DsfHrqrOzd6/RtY5+fWhN4W/5sh/uMpfKLvUZLUaYd+HRY1v59jMWbyhcAG3QHt75I3v
l/zV6/iSe30TMgMyvkDN0Wwsdxe0+4utkdfg3rjw9rrlBx4MD+1PVJTenzQvNdd7n7Wig0z2awNs
tazRctfwBSfVhbUPBdw7/GU/6aaiTc/o/HlB0etuzE2+EBXb6NXWYFf2w0h9l/Ri4oGl1c9l+XLm
F8Z8rj5SdFRwQ3q0H5PgvTL5x1HP7J6EhVv0yL//KfkzeIkeO4e/1pZzsa4jUVd6GvZg7w3P80ji
kxnw+xKOf8zqG9TTUM7DLJbn/+ZQT4o2G4sF2mrAidgEJgC/C2d4pAH0D55pUDzDnEmaCMz4RFlV
dEwuR5W4clYl8C7VE5GRSnVjzXTEuF9QZSouW5oZHfRN7iwJs0o26lbxjvNR5y1KS8tFS0rY87O+
rql+2WLEq39TzSzpB3b0ct7PHM1RxD+9Y84lSKw5ufeFQFnkQsFTg65fMkLTXcckX35j2u6CRcel
IIRFz5kpDzUYf0uorrUj5VWhds7WGz0DRMwpV+BIOBEiDFqwy+p5+iL9IIJFapHtPXxFIOqDsvTs
fTz9yLb2PtS3u9nq2/uay+qqqovIGtgH+CLXqQX4btIfv3T8fhjkEnVP5HLqjTCUp2PJKnt4ePr6
mFPfbso+fssQ8kF9EBdAFQPA1I/xZy5YyKogLVBeRCiCm2hkcjXm34UEAlMggeAkpEkFqS+cnqLh
pBX+SxqS4CkaknDTO5162JwdpI4GSKR+UJWmzgN26pFsdoiKDqKqQH23NTtEbRCitgJRW6G+/p0d
orYCU1uhnvBjh6mtwNRWqO+BZ4eprVDPwbHD1FZgaiswtRXqi6vZcdRWcNRWcNRWcNRWqO97Z6ce
vmDHUVvBUVvBUVvBU1uhnlBgx1NbwVNbwVNbwVNbwVNbob5Tmh1PbYX6rnh2ArUVArUV6n4XO4Ha
CoHaCoHaCoHaCnVXiJ1AbYVAbYX62nh2IrUVIrUVIrUV6uuJ2YnUVojUVojUVqhrqOxEaiskaisk
aivUd8SzU1cap0wTEJ5mhaTpLwj+37ZC0tSpj8WiJwqJME1FAAv8uzoC1Jx0UsnJmfuboGgshMXR
PvG0T8K0/qbe7/4HGgD7L6OhMScNDQCjuxygUe1ULXH/spY0zqRpSY3X/uhzagCLaEaiuQWal6Ay
79Q+p7mXKWjAf9vB0Wh0Ag1xhj4HUS5ragjyr2gJ/aElRET1OTThe2nOl0b2AI3tASrdT+17CDsd
FfRvo4L/sCQYmqHvYZSW8L9tIbg/tMSh7Z3m/QCa+wNo/g+gOUAAh7J7GGVRuH8d1R8WhZvJ7nFo
Lf9tC8H/we94NL/TAgKAFhEAtJAAoMUEAC0oAPAovsejLIvwb/M94Q++J8zE9wQU3xP+bb4nTg1H
ASIqHgVoQRJAi5IAWpgE0OIkgBYoAcTpMQ5AQPE/8V+OcgDiH2EOaYYwByCi4hzSvx3n/BGMgVOC
sYkxoOUMAC1dGH+1wfgnjZuojy2a2vek6fEO+G9HbyAW/gMVDt33ICoqG3/4+r+bL/6hJYDOx2hh
J0jLhkFajAbS8mEQQMX22OkWBQL/Oqo/LAqcwe5BAKUl+G9bCIj/Q0vUAgRIS5NAcPoyAwiiLAf8
t1caoD+WGqAZ1hpAcPpiw++1BpFxJUXGtfQRkdV0tvMRMWenzXNa1k9VamKyY2mEO7ksQyMDWicB
NGEALc0H4IklmolPWjktWwZoKTFAnCATmmFjJz5pKxG0MB6kLa2AtCjaQgQB6jc+cFPJ889BQOpY
+1q7eTpOAKX1s6q9D9I/NPevbe9rbYdUEwGh6Wkx4c/mfnc/u+xWXW0RQElpMjmdVnPchCgDausr
gjgxPIaABDw4LIxBcnHE9jEwEnzgADwGJiGjutGTbGdPptoIFvlfGWnFUG+zhJOvr5ecrKyvp6eb
D8bZ3tcB40l2lPWyc5C1sfUiENexy+pT6lEGXd/PxpciV8vZw/W3VtNn1B9agTAeQ0mSJrQi4jGU
F/X+D7Ui/V0rkHFfYTEwEuTCMIAhIjYCw/B4Z8E4CANDuL/rRRlKX7K1ras9+bd24w+Z95G19SNT
ppvs33Wcvir3Z8/hcRgsMuNAEhZDeTcHhMVhKO9dhLAgBkn1/zdHdHok/4deJBhDoLwbj6Ifoh4E
whg8EsOCiPkRibPQiuzn42tv/1svN2dbew8fexlnDwfPv6s2PXT8QzUYsSoIiZcRh4cMK14EJuAw
JIRaEBJGhhU/g3KUOSoL4elJm+LS9AjjE1Vvahw75VcSO+nPX6c6GvS1U/eNZrh2uiv9AyWehMHh
RQjIBwHpdwIRsQrK/0QAGY6ZzGIcI0gHIjidff4QRSRiYMr7mQlYhFsQriQRKGMNixAAIgbE0+1Q
mJ6w6e7rD2E4hLFAhMAmhOEoo/ZXWRA9WdMTvRmB4RFrxiIOcxIYMsnwOLrCcHSEQQyZeQLYhLAJ
YIxl0QMGMeRbAEvAUN4QhUfMAUbyHsRjYpBACU+CMFh4JmIbl0VvAkAMWXQSF00WDddfZNHFxZAN
J3HhiRjK28cmcBERIodgerKI9GQxZLhJXDRZE7gYyyLQk8WQsiZx4fCIlf/GhScgfhKiJ4tETxZD
4pjERZM1gYuxLLq4GDLHJC4YQowcnMSFw2GQrIKeLABLT9ismGNC2AQwxsLoAmPIHJPAIACxcmAS
GAxi8FiALjB6/AvPjjlowiaA/UUYQE8YQ+qY5ESEcGFokhLxCEDSTKEaVRa96QzPjjqosiZwMRZF
F9bsmAOhWyIyUhMDhmgAEegLo+fDUIu3M+OiCZsA9hdhdJHNijtwCOFSTudMIENCbQJ+plCMKoye
E4NnRR4TwiaQ/UUYXWSzYg8cQrk4EmECGY6EhL44Al1h9GY0PCv2mBBGQ/Y3YfR8Jjwr+sAhpEtC
stIJZAQkqIPpxgIAPUeGmxV9TAibQPYXYfSQ4RhHHkjjSGyCQ0gXQlIqAI/FIKEbIhuPJH50owGA
nivDzYo/JqRNIPuLMLrIGDMIDRnCupQXqE8iw8FIxE03HgDp+TLURsnMyGjSJpAxFkYfGWMGoSGD
sBjKttAkMiQtJgB0IwKQnjPDzY5BaNImkP1FGD0GwTFmEBoyRCYleZ5ERpluMybPVGH0vBludgxC
kzaB7C/C6CJjzCA0ZOMLKsBvZOMrKnRjApCeP8PPjkFo0iaQ/UUYPWT4WeUuMMK80GTIiMNCGCKR
vix67gw/KwKhyZrA9RdZdHHNKgKBEd4lYCcjEKQDMSBd/wLSm9H4WdHHhCwasL/IootrNuwBI94F
SyJOWiJMICJRON1gB6Tny/CzYo8JaRPA/iKMXkiAnw17wAjpwsQpyBD3goXpBjsgPV+GnxV7TEib
QPYXYXSRzYY9qAufhN/Ixhc+6RoIRM+XoTacZ0ZGkzaBjLEwusgIs4k/YGRygYgpTSKDsUh2S3+V
hZ7pE2ZHHzRpE8gYC6OPbDbxB2V1E0lpfyMDiUh6S3+dhZ6XJsyOQGjSJpAxFkYf2awYBPEuWPh3
ZAUDOCS/pRvsQPR8GWF2DEKTNoGMsTD6yGbDIBDCuzD0O7KCsSCS4dINdiB6zowwKwaZkDaB7C/C
6AU7hFktnUII81L2ASbWCSASFgMR6UY7dBfZibOikAlpNGh/E0YPGnFWAQiEUC9lD5zmqCECAUMg
0I0KIHoWQpwVhUwIm0D2F2F0kc2GQiCEeX9TI4THYQD6zEjPmxH/wh9YDAnJgamiJkAxlkQvIiDO
avkDQkiXRJwMqyAciAThdCMCmJ4rQ53bmRkWTdgEMMbC6CObFXkgnIvY/e/xgkhIEE43IoDpuTLi
X8iDhowmbQIZY2H0kc0m/IAQzqVwyCQyEBlK+vEpTM+Vkf7CHTRkNGkTyBgLo4sMdWRqRmRIBkF5
auEkMgBGPunvlNFzZaS/cAcNGU3aBDLGwugjY8gdE8KoG9GTEQF1H5o+MnpERZpCH+iNUdKUKY/e
GCWRGF1LPeJP92LqSXq6MP/Rtio9kNTT+n+TBQEYEkj6LQtG4mIifeaiK2sW28XU0OA3LmpsQBcX
vTgEwDIkLqosEHFhJEQWIhLCIfMOJJIwMH1ZdHffsUTGo01iONpTT1fMcPXUQw4zXc2QM/+RrdAL
EwCAIWXSZE3swNP69C+74vRmOgAyZEyqLGroD03Kosb+//FmJIA6a/c/txW6G4TAHycq0MM99Q64
GYZ76jGIma4mMrya8Tb5PzIWuhsnAON9cpowgIQ4I8Jva4GQvJRAf5eGnn8FGG+UU4VR1+DhSWTU
RXj6S9V0OZPxTjmNx5CwEkciTiIbjyxx9JHRJU3GW+VUYQAeHifNCWHA+HkiuhOB7s4aADE2L4ix
ecGMTRtmbNqMd9r+mXHSpWzGO21/2stEr/7NXujyJuOdNhqXUdZ3EYKdFEZZ4WWwE0uXOBnvtNGM
k5LKUTZiESEkPJGayzHYHKXLnIx32mjGiTSORcZ+QhiAJOZ4LP19FLrMiWNsXjjG5oVjbNo4xqbN
eJH+n510o8ucjFfp/4zJJnr1LzEZ3a0wgPEyPW0mjO+lEyaF/WUzne7uFMB4nZ4mjHoCd0IW3RO4
jLeLAMar9LRJN74q+nuGU5dF6S+x0eVNxqv0/4ik6e6rAHjG4SaecbhJYBxuEhiHm4zX9/7ZPKDL
m4zX9/6MICbnAeMIgu6mDsB4ee9Pkp60TcYkTXefBWC8vEcj6fGVxN8cPb6S+B9vfACMF/doosbT
c/i3rPH8nP66Nl3mYry4R4ukkUk2vg1HEwbiACSKp4+MLnMRGSboAJFhhg4QGafoU1dsZria9L+Q
otNlTdJ/kKPP0h/Q3ZoAUA8/mEEY9fwi8NsfjB9gpL8WTJc3SbPgTeoOMfH3igBli5i+86F/SJ40
C+6aCFYmSXo8WKE/E+hyF+MVIJDxChCIZWjaIJahaYPY2fDmf2ic9HgTZHyzz5+LApPG+Zej8vR4
E2R8D8+f9jLp1BnbC911dpDxrTk0YeN7dL9ZmrpJR7cb6S59g4zvsaExJ0igbvNPMCdEYrTzTnc1
GgQYmxfA2LwAxqYNMjZt1GMn/ufGSXcJFwT/+8xJdyUcBBnehQP+sXSD7heI8X04EMMbcaaMyEZr
H3vKXZCUGwLJzvZkKm5KCbusmoetp52zhyNiOdRnv00AodQBpkqbbo0TV8qqOjs42JPtPWztfcwp
tznKelHu2XSzd/ClfiM7Ozr5WvxuagrnYkXMx28pFJE1MTUTkYEpd3+KePi5uSFdCzD4DRQxp959
OfkjgYjDYCd+hig7bAD93+EZfocJGErMTquBQ9eAEcbCE7BYJBymVcKjK4FIWgQQsDjspKoEpBL1
VtCZdSHO8DuImB8ME343QkJXghEbJZKQHBaY7DAsuhZNH8qa/kQtgLLhQ6KvEMJx6AoQjMEhE2Oi
CoSugiNgMXgAxE/RB0bXgij3pUB4yvrqRC0cuhYS5lO6moi454lalL6GYQZaE9AVZlCJOEMtLAHB
RgB/Gx4JXQmi3CcE4ymnSiZMEIuuBSDJAEgEKOcYJmpRehvHoLdBcIYKf9oiCKGr4LFERB8cEf97
SsDoWjgQizRExCFZ00QtHLoW5Q5SxGApy4oTtfDoWugxASldTmBg2iBxhgp/WhJIQlehDQgemOwB
CIuuBVHuSMMRYWBycCFghlpIWAGRJjsJAtFVQMqaHoSHib/FUTqcxIA/IHiGCn8OGoRDV0FSGgyR
SEJETdbCo2vBCDASjAdxk4MGEdC1aKZGIP2uhfQ27aZwOlqTZqiAohoYi65FU2mK9cPADLWQvBsk
YkF40vphEF0LpBwOB/FY4HctpLtpd6/ToWt4hgpTu/u3w0Ut+k/cvP7bQ5toa/1+8SCRqKREe/Cj
wvoAL8pd0b4iNvaOzh6K4oNXrouLONspihvjtLHaXir2Ts4aQWR7/SAdA9sgV1uSnfh6JeQqa0Sy
vUyAtZeMw/gDMH1E7H1sFVep6Gmpr6JUCJALcPdyR9QQCXB38/CRC1AUH79EDvlOKZYVFxmv4uuq
KG6irStCuffZ1dlXBMSQMIAMAEmLOJCt3e39PcmuIkhaLI40SbZzkNNTVac1iPynKE67Rdnf3x/j
D43fnIzkGyRZLIgwjAxSQ8Yn0MPXOkDGw2e1OO06Z5PJyzx8MOM6YWw93WWdTWQBDFZ2QhAS4tiS
nb18nT09RCj/W9t4+vkqimNBAmBDtIFkcBBMkgEAe3sZLPInQwIgyA6wtSHZQvgJSV5TNPxDFOXG
biSOQ2QpIF/ldMmedn629mSlTbpaIpucPH18qaJFkKAWVJD9owr7+BWa9oFIx9j5KEmso/4+WcCu
IDtN+/8eHmS0ZsaDWAGt7xSQOnLaSIDkEKhq7WuvBCIGL4OlNGwAQnI4UA4CpbCgHBarIDutJvv4
pSqITfraz+bSKTWnXOpJNkDsSMnJ190N9PIR2YnYJQUwohxi3r7WhCnX0qr+b/aXtZe2NuMec3en
zANKPTlVT1s/d3sP382qs5Qi+9/T1M52Uk0vP7Ib9dkItrL2bvYUjXwQVQFETztbOQdPsrs10ri1
l5ebs601RSbF/pCBR370dfZ1s1ca10nZzZf6xc2ZIkLOzdrDUVE8QMbO3sHaz81XXGn8yQsyTtZu
btbuNtau9mQZL7Kzj7sX2dPTQYZs743oKiIjoqu3WV9bRpdSKKJvb4uE8b6BIiqeHj7OSDoyLt2H
On5uzrSBHBcs+1sZ5JstdbSp+ujbe08oNj55/rh4/EfZqZcg3+2mmMZ/0MQfl81gY7I0NqN8neRK
JXaR/9Lff6+h3w4C8TaK4v4U+rdHPTf4t/+ZoCqJmdhsHbvs+ORD+oAydSVU5SjTHEsCABDCgeMz
XByLFUeqIdTwlxq0WSxBd7IjdZT9fJ2QKsi3CYakfEd8oguS91K+GlDMROK/Zo3rJn1yANnegR2L
5Jc4duzkH2V9EAmRHESoZUiqS3kkxfgvHrQyGEukbC38UQaCRMrpsj/KACJESXr+KKMUo8qQaH26
DEQuZXHzjzKIgCNOvxYiwJRkfNq1IIRuDyKiy3Az1CNg0e0RKfuVf5bBWCyqD+DxEz7Ty+DpZQAR
B87QB/jpumABPAmlHwyg+x4GUboARDwKLxYgoMYSC0GU5c3p7UFoGRA8XWcQyXNgVBkOP90OQJiS
6E0vI1B2jKaVEdFjBJNIKLk4AIsaD9z4euO0Msr+z/QyGETJQCx+uq2BODyMwoYjoO1gPNObXkYi
oPoUjyWg5OLHHyE1rQxE48XDWJQueByA0gWPB1G64Ano+YEnwmj9KKcxp5URsDiUHRAAlJ2CBJCA
wkGAUHMVJMAkFA4CHj2WBAKAwkEggigcBBKEwkHEQigcRADNL0TKMfnpZRAepQsRRtsuEUdEy8UT
0XIJJFT/EUlYlC4kLIDqPxKA4giQNJ5FTSuDYJTOJBiH6j8SDo/CQcKj7ZQ0w7wkEYkoHEgOMx0H
hAVQ2CAsiMIGYSEUNggLo7BBWBzKTiEsHka3R0CNJYQl4tHtkQjT+woCsMTpfYW4PNL0voIANE9C
AIyd3leIx0P5AAjAozgHKcNNLwNIEDRdP4SfUXaPhXCo8UXaQ3EnNAPfA8g0n95/SHuE6e1hcViU
n0HaQ/kyCHFmqPFAXDeq70EsSgaCDDWPIBDN4wCJsgoyXT8ANR5YHAShZYDwDGUoOwBIRPx0bEh7
KL7H4kkoXZBwA8XPEOKo0fVwIBovHkT1KaIeaiwRokTNwfElb5R+IKqMAKDHCKQsUE0vI6L5lBLp
oNtD+TJkuqHnEUKKqHkEon0jEoKgOAeCABTnQJSLUWUwFoUNoUQUx2LRsQoSxqLGDUskoWIBpD1U
3yNlqP4DsXjU+CLtoec5FkaNEYSYGrpf8ChfBkEzzEHE1aL7hYRH4YCxBBRPwgCq/5BoEsXFiM4o
3kWuRI8bDKBtFwbQtgtgUfMX8R7oMhBExTlIe2jbhSFUDAzBMIr/kCgWRPcLHsW7EExA8wZMxKHs
GYlZUb4WAFFxGFIETe97AETH/IhZzYCXhI5FAQg1PwBKAD29DCKg5irSHtoOcFgiyiZx4++AnFYG
ofkPN4MfxM3gB3Ez+EEcHh1jAngAZQcQmq8Q94uKbZH2UHEYxb2heA2hMJQ9w1iUXwVwODSvIXkA
Wi4Rj5q/OBIepQt+Br+KB9C+G8kDUHaKh9C5CzIVUH2Fw6N4DcAR0byGh1B9j5Sh41gQ7T+Q9tC8
RgBR+RaEh9E+D48D0fXwqJwTwhNQcTuEnyHewJPwKHvGk1D9B1KSe7TOMCreQMSi5gISgqB0mSk/
AtG5JNIeKqdDIh90bEvZxEOVAagcAiJA6DibAKFzdiQxQ+lCxKJ8MkAEUXkZ0h7adgkwip8hZCqg
ykjg1NjHl2zt7GZPZqc8ulnfOYjyAGiciKyep6evCG3naLOHg6cI7XUSm1VFzBWwGwHE5JC4QB3x
WCpI5EjEwWo4mLgRUkaSZghW+nsNC/b/R907RlmCbluiYdu2bdu2bdvOcGbYtm0zw7Zt25GhjFd1
zj1Vp29ld9e7943Rr/efGOOLHVh77/HNNddac81/WJwZOrn8o8zF8tvTmaBISUXlxaAA/j96/C9L
cv9YSUvLwEDnYGL23/gbv7+IbCwsAP/4GLEy/PvXfxacGJkAfocb9t/eG1bm357H9DsNAyBg+P8q
yP/Vw/X315eAAMDUxt3TzuR//rz/3ff/L32QKoiI0TLSsUCRDl/E5EP92/jSf3Qx/9Ff/d+57zWp
/+EMfLBnRpYvqlRfuIEzLMkrq7WsWGIeGywyQNILkGuLe6m/1QLwaLh6Woi8PBUcLtD54fXmdh8l
pihD/PMyx5OXozt9bgzOaE+/AUtGrIEia5oiK/jYg0+uILiY3NkPg1MDjgdI1/eCf2euRRCH7zmm
s9gdWmD6VpQFc1JZiwa810RG+T2NTJErYz4f791plsMS6/SkU7NMTKogHZU2uKsYfu0g/op+Ch0f
72R22rSsXKrpoaKUShF+O8zaUo++G26PhCtMvOejsR+3m93o9ET8y5RLFbQsftSVVrvF3cmjYo8V
lOYMOrmO+fZdA2UwJQ1t5EjNd/An8SsXMthBcnsKzEFK46ztpjEJg8xmMVWU6Y9ZDPFTlvQiy72u
T7y9w8XBlGkXy0a9PhdzXN+lkEoHb/4n8mWoqd7ah9MxDm1hjBbXcQ7hYY7+WQiCURKpeJJHgpI0
V4ipunl/jcQxJWqtYOJrDtzk7sT82cm4Ih32NhvcXkpB8ZY1nXkk9iZOohJINTsVQkkW+c2FVfU0
blfisuQ+NzGmUGpSOkCBw3wi6vspipahUSUsFELtfiiBrClX0bUHuHIzSxCdK6dhjpBGq0URCgtj
w8358IBx14pbmBXvaiWyShovms0ebbGF4lBRy6zykHVnOXOiCpLDfNS08kTludcTx2lOBiG7znbV
6sLqNrsH26CnunbgsksycrQ4k7mAMga1HtISg/YWIxNSDlZeJKGESSgLji0x/PxGD/ziF6Xq82Zn
vGMCvq6LgB9NMISKDlQcOLgq2+o68YttXD2KFw+CTTwhN/HUs31shXuWdc4q8mzRgElNuEgVBtl0
XzogRo8bv2JUHitR2rVacTkD1YLmPBJeELYhVbVTQQ5eQ4EA9+hgdQtWqUUZY5dmR57Qd9y6J8yW
9OYJP1SRehKX22lHMu+UkaqLz1keS12etk6j4/MvboQ/wTYpMMr7+G190jKvuZwLf8LlmDkZD5Eb
1XCoLcTvl5F2oL0IQSQ628Z5a9cHlbYQU94xARCpnvRJhcNeMq2OFDmVDsC+AQGQdREiYBkC89UE
NwU0Zg0KLtV9Qhi5zwi/GAdo7Xv2X6L/OOtAsBlXaZBVASP+KgIVf8rcA3WnueSlrwhnkg58Ua/V
Foui5aY6eNcXRUHAlJcjBMnbsUer6yut6bEXtfvuw/jDGcFMjr9y75Oncu+UJvwYWcrckQVP/mPA
y91Nch5zOqMqJAfjq6QPUlT8KjF0qZtgDMy7CMSoB5Ys2XQww5c6BDNk/qlnWhEYPpm9On5MO0zF
H1q81e2PD0bVzh3oXNdWLC2b38adsft2G825cK9gEGevsWjPvUlnvgwabyrRCmyNWVGhqKgGvGFL
epwFcxyURgWyqFGVohQjB69ebp3lvc5o0G2OzzJGm2WeprY0DJi3u1T7evvoQLCk3xaQK83REtuq
Dftdre9vDe6nUP3A4M47vsjGztuhZOPme4kL9D5+YoJlVAlRp5hAdyw5qz5613IFN7XSscyh5GKH
Ukc2WmsClT7FnphsRuL8sleWoqkrib4UKhDYtWakxXIedfdKKIiuF0xgRQsCqo0UwbeARfWDBQJa
uzNBINULYQsJBh71klygmufTZDPjyRhrWe8lrZ947AS1GQi7iyt2knmzOkorKZqzsvlHR831Pfh3
ZSTnrm1QTmw//rihejgqfpIUqFnojpr0DhC7eME+eDayZ0qS5fWdm8AT/g5cAtn1dcEWz5T9Wv1v
l6OjkizZZBo5JbMWTJ/4A+y4gjliCeJozZobpGjUV+RtSKozjSyP7qHrMmDh+ldH00nbGx67C4CH
H6FO0wo/fobUs/JDPoYNz3xzaa6B9eONcyqBRsVY1OA8gH0edEorvOghfoOfcAzrwu08Sekgupgl
TEoY0OeUMV03XSww9YixQtQ1mq7rxNum8BxP/SF+Sw85RcjWKV65/aBbe9TE+fVKWssYfzs26xyu
z5jgYCrlt3f5R3HSzy+CvvFqP97wY37qLPylH/mvAVRGVkbmX5l+/msShvPvgMhfbI95uRB4z05k
eRLrkk6hqn/yr7RnsdAf8CLdxUNmQt5EhqwLdIj1f5ckIPZS6jSaU4m1OppLjEed8U6gdFuYXwac
tES0tCRiPA9Z818js07AknEkNvROl4c6SRxjqKJeEahowBZHb27ydkP87ugxaBjMgI2ik/gPC9d7
3AFfW3yXRhdZ/RcVft2oXzi4/jGT/BuJ+JWZ6L/ca1n+TuRVcb1O6wQIodc8g1+snRlASTAdZedP
TYbSipv1BOJiZYeBwHeLfd/oms8WsrLXgPqhZvw+p75PI+gIHXAO25lcL2Gth0keYLZUIrHSy0Tl
cw3PJYKqz0gnCDfaGHAqG304/swtNCeT15jIw3ZcR1ibAa0JppyBuaChzLO0HIxYy8Vc1d5g0V/5
GuprdryRRv0zXBuz2tV3b+vNpKDF0hF9nXCXCW/5OQOcZwgBjOWWg5QneOvq9vzHQtGNCXFirCid
vKoOpagVdTm6BKDlMdlDHnf0Enn0c3CuLQ+I/DHkk3a4bYpNDGHo7at9JInXfajkYIpSao7CccdH
HAU2O96TnUOid0db/5jrkjxaWKxFmFEJXTu5lyueSBvHMzwuZdFRk4YQ9aisZtbF+gpd247iz5qn
xPYDVVfaPtq+WFC0Igq5mogI6o/Vs6ysjsb6dbect6dFWZWV4KVni4JBQv1Hk5EI6Q4HGQ9LYxvf
Vzk30yd7Pn3M1NsvbJnfvTqKPsBbIKfd/9pq/9es129c8g8DF4a/vMH/9IH5v+mjHf62xndicZre
fVfmB6CbzUD1l9D/mAz/N3Ni5r9mhsx/KzUczPhHahh6/Y7aSsqJQgjhh4e7bstahquuVNI1h0JS
lywBCpJA9b0bOh5JPa0xKSPE1FMmamjNPUA8QpemNGbiOPDliVEnourZLb1WdR/SDN/rUNRvzDSZ
CfNxmQGaFF4DyfwpP6nl4YIbNOMnC08Au++DiHkybIrR+NZkrwsY/c3INEkGfZeeUi2IX4L/OIvx
fdVzelfa5+nmVJd+18+uIN3PL6tRTNkklubuSphF1KZ+rbMvc7X70/0uTB3G8O3VKTbV60O1HV55
bDCfPhQyH6Us0D6EVd6CA0EEAE36ncv3744FGJ0v7WAhYyz2er0EGEHjjijbjNyWQ8yIJTS3zHSm
K7CiCrKKaM/7PUOcxt+XX8M+UvtzWY3fV2OUA7cZnyQKeabykZ+F+mLEYfblaYZsxSNnPekIrJQo
5VFAyPfJAoPJZ8NcU5/OvTqsZe3G2sfYyRH0MzGeIhM1sJwIgVIGYgN3AFkZTXCLP44/qtmsTcf2
qA3QCUJ5IijCSIH00L5hkDYaqsWBMRBHMo/gAx7A0wA4f3aX86tftJyN6mVIV4WvlKXGY5i8CtO5
gdok1nae5F/0WDfCI38pSC63QqGm9mhnPofexfKVorAMie1HHm6NDT0kHfUkBEx97VhqrCWQU9Wk
tdYtpU1URQcIzZSiDJMc3edwlYax1DAy4fwhAQPZszF9V8TkjW34fIlGdXiU2R6XjeEUnqhB0IpP
SlcBV0gAsW/9g4XgXDcLIiOTmVp4eSDWHJOUMXWZIVIXSRgqkKEbzGikHbamnSJHm/AJnsvgA+7D
ZMXEFQ0hoh7iiJULoeDurdZ36Gh0LKr/CRMbXOu+qf4jeDhqba2757LEZ76vulIL9iMEXSy0C9lE
OkI0WQrjywnDSC2QqeY2OGYz3ApN/XvdRmLsyJ1Vb7HpvYteahyycPQskrQPHnQKLHylgOYK/ECs
KwGb6le/Yed1lYOBWOPA+l3E3ureZ102nt9+jyU/gvCS7ens2UYpaMblnVCWKgkXcSgOciJsDEVk
60SwtJFEQH0j/jfCc7a01cTHtiWzLvN7p4opczE5GE4xaRkwHsksVbwC1/odLjS8AtsO26lPqpZD
dG0LnwIDlsdd/IWWcwQnvQLnxlagHOiUDEYSgtOI6NkfhO0GrCqibTTTG2zc+ayvpBQdYXE5NxRO
6zl9WAKR3Z8RoDaf6perJnlU9zgWBz2x8oUDfTQHmifN/CGsNIx3cAxotdgWTZr1mm3luU+tamuB
1LkIL89bvKyMFwm5F4BfKSEkUqSJ1GIPTHmb/XRQatKHAssroOnCVxi1jByHEgjcsI0lhNs5UPuB
mpvx98N1m8x0rTsSsllk31xn2khCffJJ0Uh1vo3QMhYS6mZGGAYQxqyKIlIN3a5Kt5TUygfWg+OE
EnbitJOGshRGJDDSAAxUo0FHjAR2VKE12b02MJZe4m/J//SgNBoh1zJSumFxXs3ug4rvXA2owr9f
yWLilDNDHzUeqfO3Ua0bAPGRme+xjSSENTgiiCEMqK74UUb3Wp1vCzwtY7cWqlujegtSx87nLA3z
IiI9EeOZ2dqFD26tYfTgCQMJUPe2dtD+PsfcoVH1zYeIlMxwfaeDFjUu+FA0ezD2w053osIsxVoV
9S1iV4hudk4KFL5/whCu/7f/5COiCrgC3qyKpWPt0iUL/fy48WI0gHDYImzQTW/zibsWjKFg2lCj
Z+vOjT9jUy9ncgyR8UBZwDOSknj9U24DSRgrGcMT7rcXTxgUlMd73Iy9YRTU+Pd/kCaRBy06AWOu
duCkAQMJwMgXfOVitaOzDheuazvNq+h+0+tzGmQ0jDDHIqw3ufc5azMmaDKhqLa/DoPtZ86xEWni
iy9om3mCVdn90EkzQ5VadSzhNdCYN2hhrf6s01eYNHLuaW4i4aEObZQKo3m2zdC2DnRx2/Y3MC4H
dA30OHfAQ83iB+LswmE81W0238UVvhi1yTZ9Wgcul4Pd0Rn1m2d71gCR5r8Cx5/5IAPjn+uI2P6a
EP7TJe//Jtg8+PeMsIaB+q8Z4R8boP4tJWT8dwHhv4L/p3ng/zYpVNP9HTh9lmta2dlxMxa/Pj6u
sEkOM8smcKWPCpekBQjEisgAMQGsqfn5PgPE15Oacs0P1YumEaG5t3h7t5Y4suUxfm+vsBHj36Qr
eyiAvB1PKnjxSJpcok6fnH/08uUdL27UqXzZWyjFuB2D3Py55NuT/zZL0qfkHgf7UQ/4gMVe/+LB
WyDLKKUtZxG2fciSUbXUaCnGP1MxmTKbMXkyrai1vhv9iXzlk0WbUvHN2zjQSSykYlkOJSA0B76F
HX97FtzcVhB7+VXg2qbayuvnvR5Yh2p08f7ohajHJ/PlqitbDr2RR8J18hNTRtTxPfoOpm/9VfQW
1MGuR0EFKL9LV2HFKU+GXInAiKJXvjZpEmQh3s1VGRJ8OJWuGuvPwDFLa2HRPCUTlJ/UlcQdyqE+
CGTodM+NqHqHnf0m6bRkxgqv3gOPUs1yX3kvM2HV1taQk0VKsx717F0nt0Olgj2Y1fVSQnvC7E0f
z4gCcZbYjHIC16m29AjoFMt5CmCXpNZZqiQdqkqEJA4pedbgRNm5zxEcviEetFM02pwL1CO5VsmU
vZOirglC9D45Qgh3+XElEhLaQpH7OFTBVClTAmujjHkORARaU571z+ejrP1INQYnsd7lJacSQrib
KijBSyxV9cPc75eyvvP6Mjq7sx/EFm+NJhAL5nRepwzOqgIfIqTaG6sYMwyo1pdQl1eRaedCq9N1
3YBFFYYdxIIUorNGCB+d8r4FvhhbY6N9vECxWwcoUi+P8pR0WALoXvgtsZqN9DQ2Cxg9hOhS3uC3
z0Se3SvUWc90WUlWfKXiwmgAKwqnbQDSLZ3AAHD7THjEGI6iQj3Ta7cq33muXH+s3XfoZhcjdUvJ
fDra7or0AAlB9yG+dD/6TWdHHDaRNusgiDWsWrIqecSdjMY7m964JbkLA54zSJ+CLj61Pg3nXU1I
pUuh8Nu9uI6Ob5u+vS9Bn+BZwGuZS5t233PlsLrmQ1aGHWdOZiyCwfjj5ePdUkz0QVqBAoNxWaYT
JzB9yQs69XqGS+5NElfdG8YWubTl0SrQbzA/XgPLjPczK+fSjfdNDnsIsNp/HL1CJ1uee4flR7/n
lTxEWgpZFck5hdnkzI54I79guziWrMTxrDeViDe+7kBOsyBxniUxYtZ2k7pirntXtA5WSnYnzE57
bjWh0rFmajQYwskVGlHofYm67eXPE2fr850v3dHbuZ6pdtzQUG54xZrQ336juZgSLKkFcl4QLvff
EcIRsjRCsUBccFkHG7PtqFp9BM/wzfb7TnKq0sbs6muOu04B019h0T0cKqYd7JpCdRPVl/WE94M+
SREuyOzLHgLOrip63j4Jczsl1/U3u1nTfJkNetuuKlqdY8R1RDNe55vXSfGt49N68EGtUVCfsMCF
iyCnyLkEVCrz9XojlWWwQdP4MwObBxH+uYd7H8TNVw+YfKJOZnl0GCWZ2UwM/leWRmLQ4C8SR5R8
GgMB6yWuCOpd/P0jJVLLZyKjENQcceeFYceqIXqt+L7m9iUmqc27zLjdQ5hkaBsGd+x9F8h5QP7e
kdfmxoE3BkFY7OV11TlpvuIFghyJVzouF8+T1WryFChY5hhocpst6ZQnscU56MsKwgqMJ42SVgYk
C2OFxw2O7gocXq4f5gl8vYcm7eHtsV7qpMNh67kOgaZDz1ZvpTpMmOYewjidEzMcMy6P14AiG4sc
3mbBEw+DhkRPrlTW4+B4aOA5lzNqeEbJiEcw118+AhrkyoGUterorEVwHqdRDBf03cb6aJxSJfLI
s+y2bLaymXK0V9l8Jg7DQDfENijhavRBnxHXtd7C5RXY4kaGh3Y5vgZp8gN6LhNlMWAdIkoW/fBP
xrEk18FJD2mQfTgxmeM1e3o2FEn2+ATncKfH++sl/4dGm5GFkeXPU86/3vL/9F39fwlxzX9AHMpq
eHtgxSd8sx35JLRnTHCnCYg5UKfBkXahrDXCFolCLJClHrOltQRvXb1UPZSZNXRRtNcrVy7vBBF9
FAkZ7zxtvuPq2hHY/IZUa3ZxAhBZSfNEKhbd3N7J195h1/0c3T77C71TPoEVVCq6he3WgcMDYXBX
3XbwS9yse3XCZXjdHgaav0b/h9T63yHu3wXWfwTP+jchzn6dDcX3uabVXjdApCERfr2fK/d0GapS
YxljRBtcKt+EDqksXkWJn+67z7FUIg25FX7zqiCJ9MFu13Gm9yh9Y6SR1h27ToPX7X4JapIdIvIX
27ZWjeqChsn0KbrX85ejdxopC9e23YikCKNeZuPXB7oNg7kU0Y1epVYTVl1bwK7eoBOjNs4C27qT
lEjLkO+qSFlV7I1V6Pwz95f6Eezrg/gRfnY9uj+pNyJkG7WquDee16Qrivh9bUV3Ld993h9+vgL7
Ng6hNDZV3T/0HtTnnx4/T2SoaEkl32J+TdERkYw3aNpGoJ91Iz9NKstYgq6JREPdxPCWtgct1qx/
j7Xb+vkS/tPvRUBDTMHsOYq9CHVSznQ6h3aPpD0yJQNQQaWobuzaystTaCxuGChN0CJ14rls4KOK
7Tk9+Jmoo0hns0znKPFquNfftJLhEKCsM0EVcfdx5O6L8rWTL96g41wdjvjoZ9G2F7Lt3vgjoo/I
9yvsIJ/OsWjLI1X5fVf+QxcUimsOA9EqPrOPnm8FS5LtSd7DJoOj6UoOIrHVbGgTp5m9+JILGqeF
TzN32UEUxVrApC8THPkoUsLlC816SoY2ZEEGiDIFOrEW4QBNISVSUDLSfDVId+XJ0W7lG73+fuQs
XX7Ok4KCB1ixeoWLfACy4nUnyjt0pY/xMsQdFKzrUNKGvUpWPBViqSpqUlu9sls72SJWWtu7quVq
2TlmVU26T7pM0ZMPpWR2buVGVxJ+kybzKaJNJd6aqidYU407RPD3iE60TwMmiPnCSk0zaZllEe/R
+g4HS42H1chwYYt9nK7kZYiZYPnuj5B3bqUeY1RBrwJjqWoROqE42EGUlEIigyBSLqMLHWjf5aid
5fWWNiPQbp+CC7hT051OVcpM8WKZTBvQQjlPKeqR9lkxYXNtxPMtKxFX4SAItE4nxrAGejsA8Bqh
BO6sjVn0qBQnEV5vBWDKsErdcePPS4WXIDROgPNospL2kjfwWHr2n2tfYQrE8RwVcGH6XkvRl5m1
rQ61JUl73he0ZTPUdK+NML5OkQ+rGfuKqNfCDM9Th068nSHX9m4FhGOpPVaycUtF5v/g+8JRVMFL
poVa6uoxOdY5uSIB8zSyyezjqGxXWR6yWaDUKOx94csvM+0mZupUjI/P1a/crcGs6WAxIpjRTfMq
l4l7CaCsBTonKtgvHmQukhxg7IbjgsXtJU/pxG91aUnBR6JIAGmWAM1O8Gjf3XTn8h3CQXf2+aKE
8AGwHN60doY9Ih18tEbDn2n2m4rqGPWp2KOzxwjjORBNU7v2LghOCsUqWEF2fDkLN/YlACrBpYGl
dVshaIvGkvwat8k38hHQ8mg3ZbZg/TJtyKtiRtFeULJL/Mu3C0To8uGz15m+nYssjFfHap0h4FbB
KCaYrvfDjHPlq0sd+e2Tn4Chz/6HAWe9wQJN9WdOgq0b9ad+B4+OlUH6QwzdDTRusMevQLJ8+tkN
wnED2TNYR42JFiYhcx/tHafNXKD0WpvouHAM3/cAnIUmgV1leJHqGDaCNuQfuntW7PAzwuLXLea7
FpBXg/KHyZNL6k/D2nLR9sBDLLZekP3M2JZq/RQcnfr2HhEYQkF+HijWA56BZk/WelS9evFwJTy6
8ogEm7wNx5ydF2qDRvAcMvnl5uhHig+9bBWzKBPGgHotgfrePxFeCH/MOu6w5zhxLa8H53CzybSl
48mbQa76TctU8uFXha60TSlirgx2NIA9M7JErVZzL8E8YeHwSn0/54JDuiNjVl1JVLy9ZhCD50dk
rPF0DQwartXtp/5wWzz0Zk29rS26O4qSiRDEx/iZsvON+ifgMh7cNOnPT2BDUaKxX1zj/yrmMTJz
/AlizL+gKsx/i6r8/4mnLfw7T5tloP1r9H9stvh3EGP+BUll/lsktUrtj943ray42SOitpq9ZFZj
NpstFvW+MTgRIRIi5AwARZRXxBfPbSAC2tWpPFuSmBdCA/4t744I7nQT5fQbdt17s4f+YdAkOxbS
n2tOLnxtE0fj0uk5w+cVhxWebAWDg/H0atFsxFucRTH8Jdg27diyQZpSKZ157NSpenuibnyaU5ZN
mKIpylo79ozjRynSWqwF1yeHZ/cnl1YPxxRXsm7kn6NXL0zaNHRBm9aXRYtzObqadbcsPnw+nd2e
8viVjNhaq1OeXvZQmvO3xzEbGU2NLBkyxzhbFzwZk2Y3T9h7pEiusrZPd6IerVWFxRsWJVCWSXSS
CtZR7G1loxpKXsYh983jvuakqHNlSvN6SnQsL+XODMxZpujzo/XsNVgYK6PGwufAkofUll8G7sRn
d+55Z5umqlCigVt9n5fp9fVi1r3XCADMsSQvMeoK/fdfqT3rf4KybXR3DMcHhH+K3w7apMtO0QOh
ztsky35HnZwfpeHO0c3mGDlRt31K5zul1cd948qQr7Ory20ArCE6+JRctqIO4OVgkF333E2azS/u
qtNeg3CwH949PpvB0ukak/9ieh/DQR3pUhhlPuamABSg2/CTxrmmxwS4MM1XIvqSK81d7QU4m31u
LPAUNSyLIjZSTWPZrZnVbuWpyUGC8y5U1fKpk0ETawBZVmhKYwATmvo7llheX9eTpXp9krrY4Zyp
/OKwo9ducy3Fe5lmmXQR6TuRTC5yAcx3sk/wY9N7lU9s63QF4z7vOHvcyziXwVtj5U+456iER7hQ
zpwe7mVtdNIZ9eOmaBF3NpIk6J4ynmEk9+DSXlUWauDkNovBdrOVhDhWKlNsqXVlWCpfmnIRaTv4
qt8SCNsipwFdLBN9VgkNZXD386kGpvgqXjTV4QoOL8AZZ3gwGRkl6C8kKRjr6O6fMO/bAhPyN/iN
kc0Qj2v+8nRQqzdbrwJqhF7zbYwo7dW38b5GqoJt4YAPo1jnFf3IL94Oiq/hOYNxO6I7IbjU1163
zyKvX/ThpyjRSVdT+iSjGFe5NpnbPvKPVfxQ19lw4M/wkpVJe4y60MG/vngsU9KRPnmpuMsLXpEP
5fIkc5KjL5RYHarGswHHP0BfFNgEPPpLD0utYyYKAXJ4dwj2htBUwXgYwmCu1/ZpFSFrjwqtSh5j
dEeaa1I0bvToTl35k73HKPO1OXWi72iNdsH6Cp4otfOhIS/pfvg53z+VfP0ZtKxU4rG2hoNVLSLA
nyHzQ2RX44eHiP4di4S4ABnQZcCyk3dhBt6P5VKxdiUcAwp0OgO3oTkKJRGVcN1tcOoQOyFrxRkx
oRkDrCkqi8ILn4sGfVQlaltgWjxJh9zP1jK2XYCAjA45ixo2cCfccJ1dkL3OuTyzpRMe3j0Fs+VG
HXI6Fdk1+HsmFiCmV8cguOme8grDWp4sVPlDLoMQGmK2OTHmumOhUiJXlYXmuZC+ibNYnmeEggBP
ikDx+K4qlU13+ZGNgmoYq8iwywz+53oCzfojAO+lb32iH+CzzhUoAAc7KjIfD7DswV+nMAREbLv8
vIWVZXwWkQEZ72dDcMdx5fQzFtj6Z69oagLow4CyxiEjqLDIpeHtOUZMIioq1AzSIpaCQ6Mo8Pru
Nub3Jzy76RthRAzEB7uGkoUqvmtGgOMQTTtVYHEWi50A2+aCZVETJHzzCGdCCZolx65GyUQefJr1
P8WM7MMXwzfSf+a8bNcqgesh/mzTwWu+Jt24DGidE//6NYHOhemrv6GYPcO8Q/VleKk1mk3Pynjn
3Fk1tlZgUpRC7AtcLEcrhadPcNxxfDzW1rDLnWDvirK8ItfpisbeJ/9QOYT+Ly7wPwptzOx/3uAs
f+2+/scGlf+38HXu5ULgtTCb4UFhTH32K/jqEOhQ+xd8mc0t/Au+kkZRvLFOzv2fWr81ssSlPgrp
ChgnNEnCFrfG1QJPkoO6SJmmLrHa5C6ORhVArw/xvn3bXvm+5/sHfC033POWr6/xnRicxv+zO7fH
QPfX8P8wWv239tz/sF/4j+j/Vtv9NxKWsPYbCTtW30iRSZiqhjaDjG0xiXdjmpeZg81io8+KO7RW
WG7GkQyN1d92Ns2YlsVbA2qgIdiMcZ7inTPHIkfGGm/4srx4UvLGWfVhIXTncj5r0ylRPA4qa775
tnlnl17I8qU7kX24wIiEm9zlU/oTns0XT9ZI42zbRbRGDaJrAH3UpjNzrhzDlZKcZdg6m2x+MF5t
8YSSV/uD16sB64Pt7OnJcfiT6sombeI4AuPZFndlEcdOn1sVhIuHb+P7x49oPg5raK22JXAvc2e6
04dbPfCMugIXnjQpz1MayXmUVT/RLhFY7u3yTErlR2DLgVrU7nyD0YxyyudGNu3iWsN9CcvJrQS3
TGfcSCrTzQZ8sQQWTz5M+q+pGjJUIEX4K6Q/XogOM2iXTaCUdD9a2lUguGxyo/rAqVDO3Ir1nvln
7IwfwAoXOcc6psrODPOqTn/uj6+7+LTkBiaxa46ymwBhDtBSQyeydOTKRB0duB/Q0KQLz5QAl6aI
AsLZVgytjnmwiPtdA6sveJXdxE4tmMx2nhNfLmyRPzAb3aOD0ngKaLNBSgi2sYIDed+NttiNF9Oo
VmkiNWe/CaxdZhgsy7ECBDhtYd0IcCOzUQyWcbWgLtqSstS0mZUA4AqVC5BWgH+xkOVOGNSbxshP
aaJ61v+az2OtfVxfGT/mpYL7xS5q37hyAwU0KFrAcNtBh9KQR+GqFKn1Hkeb5zgwcoDORnMNl+lR
MJYaAyE0pQUrMD/LFZ73hSirn+GjhTCLluH2VBenWDKe7PSTtTTBMX1iblAzMFjPuZfVJbBa3xmZ
Lf7Sjat37CXTDn4/VhxGraeovtdGNZhoP6oMtHbHZussANUhH9FqZsxs+9tc4Gx54gn6vEOg0UGA
VATHO+grM82dEMb0Rgy6uuw3ZP2yryNfzmVWnlEE73utIhRrKo2d2JBzRve2MiOQYAK3beBDLNa5
8IvOsZeGmrtjANNaUAv3dpnywbSfeVVlsY3Wlyf0U4dGUTYhMLYONk41KuBO5VzDH4aMeBQMVxgj
wRrClaS7myPzFCHBa6UhOIbv3iX06A7i4DEo9K5BR6uvCfmP6aupB/fFV+yQV31eAv2emVgPsezQ
2FA/MMEVFC4bcx4wsmy9WW2QI5mU3ediMbnDkMd5fX6SONZkXOANuzhg5qJ07S6AlCKpFbm+xwpq
9Rkd7eDVX2jk9yxpbms+IRvFdDscaZkTYmF0sOUi4QopG0w0cACUyYUWsyW9YMnjOg3xD0yBho8t
mQdAmY4tjb4fvH+z2ELbXtYsJHLznpMEvyCv9Y0ye10m0d1w0bYpHCvAfJoFG+RWHTSHzDQJ6U82
NF5/LKb3M8D0Rb2t3Qwz8r6PSo8ER5tS92bZ2ieSvJFoMSLpL3SFWb5xUN1LDTr0irN/f+pY1H9+
t30wcu6ThR/P9RxFoYefQa29yEgOioO+je3ngleQSh0mCADhNbCf6mbMO18002aMT71DgJDV4Oyi
d+zE2Rwmrdt3BlZ8QctIWpem/vCvENtdI9DvYTqkiFTD7PgudoIVPcgRLpFv/MCUlKYUeWSzd5Cd
gF1zqRZp4jDWz3pUGMzxtc7fOmkslSk6j3yOhZpXQkbn9igOiO5Yj9iY/bjkgnDL4etqajx+jLPb
IZdCwGZcxmhCRr9ub4arLVSmKkJ6nPZCsmhhzMy9uIw7RLHjF8dDvx31LNE+yJVNIXljoFB77i6A
wNep5OdDtKoJSH8KQ542HfmYbveLDQO4AnRY9HFAwDpGnPWNkY/G88rvepW3z/ikxGfAv7ib/xgL
Ymb5swPG+tfhiX+oEf7vYlYP/86s7hno/xo9K9svmBXbX4dmGNn+1tRMlVqv0z+YFfXTktmQmeho
faUxs6XSNItsuQVZlysBUiFCgj+Qv2JixsehL7Q/Cm0Hb2MdczGREbr9c1dLj3m6GafsCztvhNvd
vJdkU8bBwPfmbJpi9lUfV+F7UR+9quqj1cjkZWo/Dc4yMpy0+VfZV//c6QSewqIHCi2vNsEz1O4R
tPnFTLZFEru0eaTP5AYbv4Z8We6XOD0bPlm/VZmfqQMrie6vOXd0aqtOnsh3W1b0Vck/75JQk0p2
jz9en/q1veyjyiyMuY9PqyhNhfdz3EPYtS0t2SaPY3Y+puuP1VeNHHF3DjG1brqkpksabBg7PBsF
xey5t8NCl5ROx1aEmpW8t26dso0fnSRTGkTZMiZjy0HgRTKyCpXUlLglpfb3t64lLp6XvgHhU5lQ
4kI6lS+VK4XMZKtELOsL2Q04vPok6x4rx75pS5yZzGoexjRe8kB+UPRcg+TjAEFjdwPqUL/DVQ1T
f+x9jRX028SOSoGyB6xYgaSGis2YFQf1t6WZjx4vBFbv44iTKOapEilVqyZdzstubSNTTB6jDkoC
k+RzH6PSdcaAvBZ1HDaAsa1CceclsAM/6LeGmhdzIUlfy53RPafry1BSPVFczn1oZDsSbqMjhXKF
Jh+H0YcxGejuYkNLinDbHoG+yM+iEtYmcc0FxwTtij8RqlCIVwetCqGTlf7uTlsY4WPO0xmnld8y
0t7tDu+yQoliWHRdCZeZ71QWEfsSYcF12tf+/S7iR6aiqWyGA3OUFqhQZiJpm/mNPVyo1i3kG6AP
oSd6kbExEeMKxY3Ccw9A/9jAMuaPLkc5W9UCI+YWKYM6OuKvmcw9EK2WEZ9palcTAVgOZJ5JrLpd
573ILfGmhU022YI/5wRUgS2GFvKXtDwKlVDLHfTC4x1dqlPCT9/xXofcEfqV34WjFEKSQuyjFYkR
b7m+u78Af7zYyZ6vdmXw1pL3OEEmFx4+69gEfs8GlZDqz0b6ksuDnbYc8CL+IRKBg+HCWGySd9JX
IrPRYJ4GzDCk5KoxPrSStx6JNrQpjU25on1a+NH3OHzZ5AIXBZ/IY9tTKl5adWVgOGF+NMRgaICo
Y4hmXKICyyeJKiboIg/EWx4NmuZSKbRmW4Il/8yj33MjibtBJ75G4DsGtNxMUYlUfpqqnwkAj9n1
G0Ho9qeFiqTAhpIlQCrPZSZB9kUGX0mVIuWXT6eIFE1gwJX6eUQCaFPZSew8g+m1+djvL+zHe0XI
B8ndrwVufA1Qt4Mh0+y3YZNkNo6b18cGM82h0JbU1fdmB2b+Tc0o9gdDvhgeD/Y96NCMsx6E8NtI
gXSzN79MXzdtSbkWnxSrDPjA586e31w+G15G1PuYn9qatrIbKNUK3rDQqtSVNjWO94+egp8kQXLb
hvS8d7oQJjKYH5XyBdhfUZD1V/a3oC983tF64vhTnUVhA92N3VmHI+0q+I42dMlFemV7zTTmAgqO
OOScb1O7NzlnKaXztWFDhY1D77JBig7N1U7gU0y+mWt8tCpHmeyy7DbCBIra7qc58YkKuaqBrVuX
qvMUPc82EWTZ7PawKYjR7xgqP2HG7Kmx9vE5z7EjwaGwwm97DRv1XOUrbnvRWmiyl6tpozjNLY5u
dbXPXfDjpgtCFjcbxbgZkizNwcLihct5xrcTvI6IJMJRx2ujhbK7P3Prwt8fUnUMNXzH0/O9Pt/1
CIrk+yYF9lZEHfS23LFLyyO6Fd7b299F1zpGOriHtNuXFhBdTJwY8s05supl4lEhsnK0JdVCJ7os
N0eAPhEYer+5JcGrFZIRsB8WsU+1unYmfohyEll0j+ibo+q3LonlUI43kc5PfbQoBzpbN0anWwjm
mCh5ngWkHx7nlKhTyXRytc3zCt4ULeinEv61hXvMmdddG+kuPF+HIoV0eYq1HE2iYoDk+8pvn+2z
noQu/goBfxhZ/0ZT/iwtsv2CnbD9l4aCm/9Gf6wC8R/9MUq71EYwJVmdda16KK//WX9M+T/6Y1wl
9TLWwOiWjg/9O/vtt9N0u+xuNS74BBdQqOiP/9Efc/63/pgeCAPDL6L/xVTw/2CA8K/g2f/eXLDa
+u8A6LusfpGRET15ZqSttDXXasmTIKMjndXtCkaUQmSFZAAwQ/fZbS6ohD4+JbOmhJeQ79+V6eyG
rm+ZKWNBk/MzW60g5+q48bEAcnTYVlx9X5RJm87CbXGTPiWlwUTq/rxoAyfmLu4ic+aj5gOYzRdX
Nl/zzN5SlL/G0CsMfXTRg7PAle9MR84i+vsLSxptcmO1GP9MxqN+gf5SwbbY5tbW1Q/91S4tsvsX
orUu1oCsXQfHfRU8C/fNze1qvvmsBraSJmuf3Gm2/Xi4GnrLWmw3Flx5M6StB6o0uZKbJ8hbpMOl
uPwqPxPh8vooSBDjzH1fia3MQVZz9wsnuX5M39orybZItUwuOe257ERCbXDbKCpKc1Ss4YOM9iG/
KQns9q5+K410mYTzUQ9ODjWy/n2qvOcoZ5iW9nLp6pvCgfQUhhtuO07pb5aGrmONuzcDNlt9Ow0y
Dh8SLgWIGrngdmGfctCmzTLyXCi1NyabwIdQHhxjrWYJYdrWFCg+WPruplzTrmuJeUkebNGLQWza
7fpdwLkpEddhRC2mljn+o8WiDK7gZTv4iI+4+TWDt7xtOOCbziu65JAiWHZ8QkHz4wcsGdtdNGgZ
ZVVnxQVgIvjt6kWsQi9u43weNGqEVwJiSyYlkC+NAJMqFPJFcHkmSqsFQJcjU3yB1quZ1uCs/dwU
/I7bJS4YICNtcZVpfE6aagimDdC+Qa0nvSvkuf2Whg/LobyynzqR4MIhdPoOzgcCZybg6cmXyAeg
/ho+7lBI2jU37eQKd2ojNtYsEkpZN7vCI/cXAD0BpOex4aXdkImaIrY0S9ipKtnybcULTa4K37oe
176PmMM8NxF4OwKGRLEhgmrSWoqnifjLQ+IibINqcL+VMvPJIl8bh0hrrwirNTYNtvibDqcy9wXg
uUQ/poWOgkFTPeEpAX6zYwDI8vzhnEnaCEY2DHi9d18FrzMYlZi85LxqBJEI5VvOTpLRmZRcLKRw
KoxCfBD5o2NuVVpAr6y+PlZtjI7C1oC2+tR2dExD9WQ0uqD2e1V1N5SojlokLoTKHpToflGvVxcl
dzEXQlygFPQupC5gmtJWLqaJo/xQKnYS2xvIW2O3PlbcBm6d2IrIV3S9unxHrs6ZdjYbjmXAx5Bd
JcECLNyf33qIz35+M4WYZSGyhM1KtMV/juC8lJSyVTYzojb9KGUDRqZw358u6zHjuOmiRUyW6VBY
Geo3ymQB/nGyopRNS+0uB4FrwoGqqkFkw1IJvgWKWuRYmkQXOeVaNM4UXTelQT7x3FyfVkR/re4+
3AT3DZGTIYwrba54XTYEzohQ2bYGMOyr9TDeyQOXIrAYnNaZtJqLYbrUEV83a7ZxfMViiaEIDHn4
AeZ1UFXKyrWUdi23HLd7MxBt3bPEtKqZQKkanYSzkp0BrxtTSaPIAqsOPjyO0g6fa3t8d/+P8Bul
6n5BQBi8Sk/BLgF0KyCuIKyiQReIHy0uGdCH1UlQlVhBYsgBc4qzqZCEcofKgN/VYJBeKnSpY4g9
BQrkd1Cft1lANOAUBmM3mzqEqQXVeZO9+2LUBjhruRN/tvRfmXTLVDumCJ+SpH3oD28OMmnKVaOL
HzkyoNj6fNP4VhAxmq/tWrfPF+HRea+YjHUY6YSAy7rl7ObHAwtqp1hLgHpOpqEd76XSLjJscHsT
+eHAAokECcp1al7YgM1pL47udq6ie4LicnjC4dNNXRNQJ7dSNPzwxcQo08UWWtt8qxirsmE1P68O
eNocgW4oUYjfZznrmn5OyfOzMkA5JNm/PdkoYnEWsnKckqwsS0BRG/6NgzFRFm1aWGMn5hV9rDhM
nGjUnfpjeACxC5E/LXNSQWjM8tsEOwZLObI2xcxRn56m9vsneKoq/+Ffb/g/7GoYWRj/JHgcv+A4
HP81ZQDnf+AbzF/wLRgFisn4SDtX1nh3uzAWkRdTE3IStTGt9UApAshtPM1InNcXdwbHLC5ZTCkh
+xRNocNksoww0gR2ed5FqbeYhaayageINvqSodFQt2Wabu83fPPAz/UIESq/s8/cd7LyBe+m2wx6
ip46pc45A9dDZWD8a/QcjL/AN45fsFuOv8Vus9T/wDftDEz1pgOOZj2u/ULJfbmE4uRXQGokFMQE
gKAI1Ufal7tsUIFRdE+uqgNGU0SODu+nC8CPELkSZq4k9za1j4PhDOi1H6ORB5dsCffz46ere/FT
U/ePh3uHqy5y6DVoTo5WczImx5F2fpT4tafjJskGZTrl2Xo1AF096PP384OYVemScJwF0O86EyXm
KdBajwnXp4Nn9weXVnfDJNe0rSWf0M8+jF2trTKty2QU5io/ds2HZXM/zucnH++AfZ2W2BqdZsFf
DawXZz+Wr1VrrQ8t/Li4Ex6OjudffKItvhPqE11cLIRy39mU51bdDmAvgWkIIqjKauU/ly9dNN7N
o28XRanrWthuNA4QOrhWZJaEw9aVWVZ0ROerF14lrivWNvdTQVXNRVtdgp+3cQNO2fD5snLrRrZR
VK91thuR130rqx8REei6VG0/nW2jV+QO8R461+LUcw9v7RYGLTdhd7GJZMO+iJUpdsGV8F5VpPRN
YQtmOxZRt085ADaqrbD8di73hmZa4w56vv/oRModNBOYuETR0rxkCjJa0aSt1L0HuA6i+IGKotSh
zEJxCBWp7K5lW/LAJSXIfYe4WF5cRzezNFRdnFxXcKgVL5ezbIUMa4t6slDck8hV5NgAKtJlmyQp
aP9gnuh/pe5lMXtD623VCOz7lj60RbuPlXV70tyjYscO0uHI09hOhAfmhpM/DQl0wOuxyvRDr5yK
C1dML7dpJU9Sf5ue/4d9meT4of2AahEXC6mGRP4uFHXnleswHSsNxwzGe2I1xBuUyjQ3SsTbx45N
jW9+johcE8mYwizXkR3ukgJ9uLwIaLfq0cyrVClwHdVlqSBPNyKfFxsiZcgJAiDuw9hol8hEQe8P
1Z7VEg/G2kgwd9ELBcBabhVUp2JKxry4Ogt0l0eVDUHVqll9opNWVjfrwlGhVY15wlDlLTHyzlvc
oBYSNWpoccjEMO6AH1Qf9Jqj77mjd5z0CaWgFLQ7AdQsj7tEh9EK9X2X7IHPcCiBXez6/expVA+S
L7necFYimP1wY3nwXTJEGSWFiZEiX+1sMJFBIKAKKIrRZGDrWYrxd6NNHulk8wMDNotvENZnLClP
g3PVS2SaCixcRt5FENVZaqP6TvYTO2M+CKpG7icx+AL4XYpW5LN20i3YuF7kz0y3bkrlPWGk4n3J
hs2JKZjZQh8skSKVRoGXrOxxCxZ3hzhuIOg2EowbJEPw+2xdLSg97asywKhlKSQoXcZUX7uXsuD2
TjGG0LyDuudP1odWOQzKPOLrdrOtowumeZ34iDZBbBA5UbrUp89eskH46WrmPMyZ8ILFz6lz63Sa
KozoxWgV5J3r7frFPrNADmz8iZjhZRhy5MyjHvNrK+l5GXwgXM5cMCJ1MlbGHSH5SGlBaVezhAQc
utSyhuKSvYC7hDFuaG4/qx66FNfNS44opS/taiGwkIS1z+1EiUeZVg8fM0mSp/eIzU0xOb6ktu7j
3XlUno4l8kv1vmjgLCaZgK9hD/KdarGLLr1t8X5rVD/BqGmWZE4Fwgl/1iEHRudHwCxgP6EaF2Bz
HOj1tT1PZCH7qck2uy6TYrJ9qt2UdL/DaG0kg8XEKBi9F1dHDI+3bGSCAHRATrzomQFrPvnzZLW2
5IbCU0EftwIFualYuTI2ZzRxdNDQZcDLaSG2+dBFyYyftORj2lPEmT7B16SSpYiHL7+iT0hi+LBA
qh4umx//J8tcOLj4QB4SGQQQSiXtBDuzNBt/2wgsvpJ2TCxRfz67rRZjtuqhJ6F0yfqoMLQYMyqd
X5d7XwJRxSyYaC4XuC8VDEFoldJRdtwR8KOaa0eQMaFdvVoNuxh7qj4yg4ouveox+FYUR+4pILz6
JNsqdWgbcRcTAOhvP+1GJu6xz0EmlHqFIeGRPlAaRq0VdAKXtqO0/qDgAwGQefc5BPb9ExA9m5fn
F5jwR9GPhe1PROT8xTAJ539vmORfjM/sH4hISHht6o8C5TQw0SKSMUTULWkoEm1iQtpYkTs5UETd
RGHQYle4oSSuD8rytW23IGBhYdpFupRXmhsPgjgr9NqiXqU2cwjSmvqHSITxyVvskqtHM+b3Ou9D
b/hDNYpCqs8lnBTlb7TrOik/Bb3lzX9SOX0A6B8xcP5CB8r0i24c5y+mSTj/5jTJnzXP4v3aeBvx
ubosNlz5BEsrazJzBB2pb5KBYALUZ8vPtABKTjbPM2p3qUQQV92bvm9o8Cz0aCwp9t1nbk/7l+Fu
fs0EL+2bF17ddHTs1u2dcssVk4umdYWLHVE6ONNnaZ1tuevbd/CdDwzaIg2J9O1FOS0MXb1Cjrzb
OnPN2aS/oeCufRMN3TL2WnPD9enk0/jF8uXFtKYX+3rWJ3XHcoZRk5Z4B7uuwbKjx1uEsmvu6f3p
09EV8W9ouNToGgT/MKu2MfNyDI9rMxqdfD9Y1KOthz5+iLTFB0A/q8fLFMKbcMri3rsj54qK+7Qx
O8XXZxthKp9EeuVmRY4taWnD0ltLzn/ykXFtFmF6a8e4HamWRG4LLqjL/OTKTaXqvr3qz9635dH6
qMLko9JsXF5VsBTurMm7Vh0oWTdfb3ymCR8FNeQGmvy999PTHotPmGqlMsJjF070iXdCsZZRomat
QYLXgW+YjyyjkbnqVGWfPtskH88A3ixAfM4xGdoETI7J5SfUBmEfWaI4oBQGjt+w7JAhOwJIneaM
vDzRimNJzKqMKY60SOk3UYUbIsPHKbUguZCKFWP5pEvgkJKhDWfnxNxxxOj9bsX0CnSlH3hLLxVW
b6H0SruDFwWKRZYyHFCvHR3wcWh3O8wpD6fPGRosOxD+X4E+hfG8XWXSuEW0XLZUaPyV20tZUWnZ
MjjnaFqefQq/AqYJ7jG5ecK33iwM0j7OsDCAtAOn0wYxZSnIKF4uKMDCZhJ67X/0EMexdBhYFaga
cK3kCYJ+tzpCUaRCtbNK7JgXYzWu21m8PXBuJM2OM73xz4JfEvMKUJ1UKJokZhvm3o8LCa5u7OiV
Z9Ox1zUZBvUqtZH9ZosEbfUYi0RGqf5NVc0W5nOg2YbiQnUEMQnmK7wwSRDikCcFkFOBlIsEdgjh
kg2N+EQyiTsLqQtgA7Aeg98nlToKCAFI0fU9dqsjIvp43wOKhexEAsITdC5PicRwepf6FUaAoTtT
6gotGDJpoOByMg5cZluYF7gK5T4f69yA4jD4Yfkp21PQqnSRAqpEcitpyFx+x6VFsahoYGASlyXE
2h1KWSGnOXr+sIVa7cEIlBLxpi5vIIdxTd58+4gEyLYQflnY1dRcYwqN7BC8d5Cs8We5HdCCk2lw
nYSEbR/0IQegzaKi0jKVwo22+yEF2Y93gqgyXGr+OdmR14MXWuK3/XlJGv1tpqZpOBNvX+xACnHJ
sFMfLlc4MJEYFLWoF2urDXTC72Lf0EtvMl1OE+ppKbOOHr9wg9PUJA9aeeIeP+a3vn6XAzqXrdPs
1OZn1J/JiqJ6XG339sJfpfq5Rbdkeb8eRqaavJdAQ+pEzFvO6YXA8lgaqNGsCKeIkXTI2gRxtDkl
IDTQ32LM96x+lKvWNedplJksCj5DgkvS1iuAmp84zALsHDVturzem8dNOpA8rfDtW6SEhT38XAA6
y22V+ow7J9mIzmShcrC2zImdxSEAiAKvNkxbqVKsP9/ISO3K3hAYZ2pti3A+2bIHmgBzHeiz2DBh
BinBk6v15soEJdtpp80YvO/2gMpIQO/3mU72u/RmW/5CY6C96bBgwXVnLPgyxvyRDg2+eQkABWeX
KG+560o7UNv9i/DXiB5DXpI0VOigfZ+ZeOBcEIoKpS/cvctM+NA4tRzhMC2+6QpGk48W+IrFPM73
ZaEOTmF9K/AYhK97C7rc75/Y95z5qL+4bP+Y/GDi/KO6yMTwC909w39h8qPhr1jj9gf78keB4TT6
vbpojLA1gBEHZKkJaUpNwetoKU0KlVqFS9m0MLsMOGmI5mlJkP0g0/JtzdQ6A1tIumKHK12OSUbO
NoQRVadwcPa5K+Z8jX89eHula64LfB0VavRwm2P48EAY+uh8jtfi+iTzO1SbH4D+MwPXXyXpDL+Y
/PjH2uy/RP+3aqtZarL22Oy/Ty5OVMHulCbjDC/ViSYsCGS1JvvjQIePLzJtkS6TqJc7WX/x3IZp
Sy4vFVAcnyHn9Lk/msTmmz90EUt5p6hpz3i/8RDO4EhD5O8zc/L15O7S2phbdPXzbfBwZs2an1wH
/Q7CXEbe6SwWgz+GbeOVPUFCk4S+OStPHay3E3H6G0kLV3skwecswH7fnihRb4HWcv2NfS2ejR9s
Wt2t/8a+HOk/1TfOBx+OjtT2ttpMAplPH6cFF8P0fuLhXSc/PyB01liihqaebKkXF+1/l+d6aYJk
+Z6py9j58ujCl7PfqB+QMmIju5IgNeriS1QlVEsWn2+wj0xY+VLw7AgRul0yFOs4uqe8EHU6kcjH
PtT1aseUIb89RYduPIM01Q5LKt8F2QSPS9lCfumoR1SUsLnW+B1juoYqo9K9/HBx1lkGrtGaZ1Vi
SVWvxCBLqriPHMSUZq1jZT33AW/71EAFxOUlT1GO+QDJTMYofJr8paaW56VQK0OldkxRhgPE0s4W
hACnZWsefL9/aKakltk2osGiudW3v6fT+nm7OKY/X7cldEmsgpAofQ52rkaqGavNj5XOXKy4OgqM
dKEi9inRmboHHlMOtAxSKry3LvBUu0gRNGVo7wEKSWABUSCMqW+HdHsBdTzLdprB+ViDmbl9v6l3
AILOX1w4DAYJiZEmJDzfcQn8TGaYi1qBj+7LezKGg/b9NNUoFnskNwI74fiBMIjWkixxXsxCwbPG
W7sJyiIWq7Akj59aZeaIDwDpSg8fqIIXhIKGXOrL2UWx5De5SpQlszDQvQ+4rzBVM1k2WJFBhW5s
jrMadmAByMvhihWToau163FbU2a3PqgE8XDGUbzlwgLLBOIHFxA/FIyn4DDjZOOolLHRRVNwLDkr
CzzxWvOTotqToETVdoifHfKL7jugxiwXlmbQ8qsKieECOW2ow4azB5MikCY1ejyKt665KCatFpst
xpX6oMkA1tTtJuCqQtRKmbh9byB3i6ZB+yy7YFvBkjj8+qOuRSpPDgO2B6DXyiSClDeoKVxLepqo
WFK6SGsy/UPGeNTzz30loOpMUL9t9H69Y3NZKu0Vfk6kCMBWPFDMwCVd3fs6cnYSdb3+hRnissPO
oZJs1mo5LZfWG9VaLRL6MLT6yfcuI/d1yKo0xJS6MIuUrAJ5E507SVY0t+YryH0vZler5nDxqcqT
WKbJXuLV7SYF72mbh4THQBmBfxN+5kpKVaT9R6g1tbQN0qugJ6SzyrDN9/iMzfqGfKGZnp1scIBS
2pVzn55rv4+QFptpx1BPVB9WC7hSi6oH5UPNWzmf/ZRDXpfF33LEw2hIY3xj3w1xmBjm4rVyEjGE
GUK2b/P94vUFZgtFpk1i3mj4vqtsWF/xgeRDCQoODSApAmTQHJsB+0tvNOvCPsHtxbiKoEubjaww
vmA5El4GssDxVqgtRQL7slgwNIZ+g2u7NTBER7a98PEwWl4Li1F1a9ht8LCcDsHZ3O9ulDfrklkj
vrs1LenOJHxLLMzCX7MaEIJVAaEfqiwffXmYY8rn2vcfrAVZLReMX2z+Sp4kUZQSU8q1bSBN//GQ
huxL7+zP9/3T98X8NYIbpDWKqzvYgg0w7YqcKEA2yBE7Y0IQV2E882VWF9A60CQmv/aLUnoyXcrp
y5yWkwnrkQOG2sY9j4PekQYauMSlLNUAnkk8o4sPJ7Z4ms1BxdLPCdHzd5ItDI1IqwbGHENr80Hh
O9JvrQ+JNuS9chReHKGcSoXaph2RHQcPJ4a8wdqZkBCfiNMHrct6dipsYwe3SWs5EGJGBhTNfUhK
QUkjKna1w+MfTrz1/ehYbCZt0xcGYQyHEQnFYgVsDoTEkmUB2kv3HeQ/WqgcZ0w70ZrGeu4ViZkw
Uz5RTjTURvXP+Kd2mA+kEJrDlkr9h4L12dxsxZ+p2X/CZn+CdWFhyvwCDP7oNbGw/omFjH8VY/3T
XvP/Kiykq5Z+zu0qcP5JdfAKaADBwP3X8P/wDP13LPyFDo/p7+nwqtTG3X7jXZvn1GYpRzhps8TN
labxXJZrJG62WQl2gkhIigkAwP75bS7dne4ACnHG5BHNfpJoAWnczM9TE+jpps7pt+5etOmjEeeo
lxsmcu+27gnzq57NOjnzdyzd3TrfdcygtbKqXgbHRt362I9dPui6eovoEzwZpE+LLE4ewYqXfxBw
Z1WlNK7K5Y9zVt00aJmM37Papo/SP/jcPx8YMb84I12TdTR8MX12yapSO+698v7HFP+71eDS/O75
2evHpHh7/ZCN5e/DJgWUprLD+ikh7G2NjamTKTD2jum0aNAebwCdIhlSc1GUiaWnDXUtD2o7naQY
NkW2RS191F3Ey6iokGtas0kHspRgSlcvDaM+cVmT5uezWtayRU6Hi3pyo/0uhgBSpzd6rFE0STfx
CMGNUTeoby8kVZ5DzSv+DnD8Uv0Vsz63F5le84ukqkb0lClK/cVu5YlqB48CTadFkyfORVajevG4
qwB8ewb7C9DiZNvU85wbM0PIdNyaRDjzCkU4RHg/6kElvjJktYhdx1O6kTed3+T2lrjUYWvVBJMZ
Rkilr10Y9Oy23xzIEPsOQgob4DQwL5FzJ1lol5GWxLBlob82I8mWIM4vrfhnSR1CNaQABJ33hBTI
yr0IfE/TW2HC9CKmmUvZ/Q68+BM7ZDp5/OKCRsn29ruiRxKteUkJfKR5gN2Otd54qHHnSkR7BAz0
u+kxubnP7WG4HJwKLbxKV/0YK3ncLXqUAqvnqU90JdS1ogtdcF4VhUoVjzJtoeqVqe2a2NnODvcU
lO6eiHZGADwDlaDWUy5Chn3VWoSRgZm3JomaEFiuhPoPuJDxryopSpeqo3m102ygZSw3wfAKrOIU
rI9JgalEmyB+9k2nj4lemsvE3lngbUkVCMtda2BjVpoS3/qpFDA2toAm1GcqrjASoBV5HBJkfK8j
ZR+hxqitKGlskpwqUpPCvWGQyHExTr3RsNbvuySTA03NNpFxSdhyKuByIyg2p5lKsC2fyyXSXz+O
7uYjziMyZD0O5ojVJvfZ9tqbWdm+QSHiah7uLbCOcktEM0dxYKM3ogHkukqMgyMfvFXwb32yFkmf
XJ1tLiba6fm+37AWtFAIIZS0Jvl4rocIcS023hS+M8iieLjeU2aQa8OafyEPkqbIgk67yObgz33Z
GAsopItyZUKAVAwCqdoV25/AsDTAETL45BfC95YscEsSpy11zuPpCXYoFTyfhLe9qm7qCTnWUZ73
lGnqc/HvYbJoX6tAm5HaBa1FLcZJIFOQqtapv79/tYQEl8HxR0SkGU7Mztd2jvpY6asqEx7FTBEr
qDwnBENJDEncIPyOpoEpPVYuDWzWqOhA1BwpSpRPn+WiuJLJ2qhYuBgqqCR1JCjgc9390z8zJUqt
jbUFIzBG48WXAbA0l8D3YDN6IxOfBojWHRKbOA8oCOCHhx9Gz24bGCfpKqemC5qP0BV1AA0j/RDC
tSL8eMKAwJvcJQKoBAfpaQRMX3XfzH5wimkmpkNw4WFx0JzympiyIwOmGudIpXCGFxNuTUzix316
zMcBhSeluPyIKmmZGoZSaUoCDxY8bax52ikwoaYDj0zQxYro9MsRIcNQoLJtFJ0IWb7PPVSIE66S
wwAkuyg0CBHfRE3sFsU3e6ABQurnYgz1MAlvv+lo43qOax5uscM24zQxwFC9exGqGtmpl/1sxA1c
LJUL9TzcYKCMLFRb1tozWfx7F4rnfR2mTvFaDgUFwAxAJAS8nW0sVvh5sAWBQGsbEctzDho6tCaL
KLhy/h8wI30QM6XKEhUC9/hMXlE/EV1Lv1cZQwLeb5yke08bAhrrMYV5PViBlDaX6WvbbdFQwRnj
iHRO4uAeYZWmwtpk4i5NgxPyAOrhsjGBMAy+I5VLWqPDs+kxcVfgT8jZyEXV3TmmNZic7lWjvjI0
1Pk0BaSd5CZKRB6ZkSYPQqi6y+IxJhefRB9GoohOPjtOaWnCl60WP0XLplOC90wIfG1yfcB+XW8p
A4XmvRGfvG8rULX/+v0TQD6CtPevePJv0mYmxj9P/1rI+6ev8n+9sfcrOP1HGVMiY4ioU9JQBMrE
hJRFfcZsL16aFmqFNiZR6+zk3P+IIaKTJTb9P+B0CtaQxLo1ujgBiq3E0NAW9PfBFd/r/fanabZ/
DK5c5/3R2LvLC5lbLvKe2Zrl/ILq9AFggMnw1yrun2bR/w6nv1AEMv09RWCV2rrdutjvnb2JDGwC
Q9oXMt4hWQUQi9kFVoVce2onCTuZqzHvulw/3+kLOkpOt/uZITmZjDVOZ25zM/zTTq25Np8Uc146
v86OvCn6ZJLtam2drJqKiMl0uuq7eydnT8WqkyMvYvjhCDfCZOn2t7Z3oILhQaZeJc8F4s0tYK8g
9MXFl6PAq3VRt7ZC7PcOTVX0c9jNmAj8k8mPlMHht8HrCBtth+lP5KvF4vY2TfINebJaZpwtX4dy
WJYvvt1vD8M1D6ua63NdEXwzNc27AXLf/SqCNusLFl/u9jR/314SMX52dsYV0lKevE19+1i8RlOz
PL1DPepQ0ew1syswxuJS8hHk4dOic7x/raa+aNUEpBJEh9AFHzCsO1NcYGCYH9q/LZM3/IVyfqt9
xrp/C5mqZOR8ykF4zNtNUFt4LRYJfFzVtYtH3PmLZC1vAfzYYlf1IsBBFq6NOwH+Od7QQ9sy8EfR
cNxm6URaCb+ntLM1mFrU19mMhuCiAemKKDgYKje43h5n0WtwXeYoqFoawgqBFjfoWnA+BXh6bTNl
IjqFdeCPwkzcrTlw7A6VvJhJvbbQZkYAIe+7rihh4SUY8LMHZHm7yn0gJW2R+dpebRP6Ii+lILvC
A4ndpXSkQDvAoQeDi63jm/jrAy85WzgBzmIxb5d8uB7bhwS7fCyfkALnaSdH+YzIb6iByHT9nPx1
kINpAFwctcRSIXQhuWdfXfC+6TdBU75orX+D3908qnQbC1l4HMVYi/UHjCtP6EWsaKlyUhbjW5UD
oxi0CEpUfDWxEQDHLxCzoNo954IbU9zUpqy3hR5LqA7CG+XC4nxoLjtJGD0oSzLn/6o+EdOWdZg7
BSV3jmDAZdMkOcpjuTXO3ETrPVqVEj6pukYOB/LI8OjDTmHZUkJWDyE6oV2mysQziTFhLTVlj9jF
pBeuZnBhBy4oqvByI6V/7Z1dvqj1XHkFe73C4mcH25HuWC2IfNOSwDBHTq8dQSBIrFBhW6SVVqg9
fCbIAi+Kz0MGAIVjsaCLn4t15yaSjMXfvIEXVtOT4AhuWpAoLnYASOQ1WatZk33+jc78QYdUBd4A
lLqtxzEmkosNAw2YoulQsKGQ1KBWjgB1c0jHmGQ8LG7UUxDoIhcfY4kh0AtEJfrKJchdzSQ9HRf8
1ilxEg9rCDCupAwq2SU3mAZY5Ef7oZYQrgkInjiRf07hRensujF8sRDqN16ChVp1cPnZzDUy1BBN
CaRsCoSx2LK9GC4JV+67SvVcsSg1943OvpxnS68SxZ/292+rmVF8ij0IxheRbc30kIk/3Jgczcom
uA2OZM9VbPYI3me6CxGi1AW9Jfu4Th2qiF4LjiX990juesDF8MZBJGHWJOdpVzkUwTJEDujo7kEE
wOEeMJIgkZaz50egrxhomY9FpJCqBOSQIgFHalSvV8kype9cX0v1+qsC4+MlNIui1KRu673q8UvK
vyZcJjv7da8JuK3aINnpcY0aUJG4aXsqPkm8EONW7QCDMiFhr2XlDyGFuaaTGezLDekISrEwKaRC
iIKVB89xYjPTPnM9KOVcu3xq6m6rZIy7tn1Wdj9/HKN053OLOSOLdvueB9SL1ldJp0MjEHp1NuAV
gGMPn7bL7NhDnCVpx0jY5AdOn1tEH1+wtNY3M5aZSPRN7GYnvzLaQwELjdRL9G1S0gMJ7ze61jg8
g2geJUtApo1EbkZotdlyMgO6DIwghgp4CIpWjt/EN0abynptYMtFm+4GFdV7kLzj1ZMji7cxEw9N
rZnV84x9cqQz4ivd1rp1yTElDEashun7TunWD4lh1UFH94BaCKHFQyfimXRaF1iNgAklGXT0XoFy
5MiqRw+4tkGgpXbNz7TFZRDwFI0W7raKWSvSkqvDvYyMbJTrbgwK2okKwZVgIsPYFRNOeyS0G7cq
l7UrR+5pGPG8phfvlNGvTLWQvfZReY5hq33dOCJKhOP/BPSRFvvr8AvTn8ppFvZ/23r6C9LF8t9b
fvKHuqHtX+oGxEzIG0ho9ji3JkGPhJ5gFIn7eEltobO0JNV4VAZvbkWrsoIa4LN5ors5CaMlaFbE
pPElNvbUI7U+V5YcFAbOJtOhRIc4NXN+GD476k8bZL/9G6kPAEN2ilaFf6gb4GmD22s2g6Kjq18q
Ys/BDagYeH+xEZThFxjJ8gvCzfI3t5+MO+2zIXSeUx81r1JlzPYv7bd62owl2VTtqy5mCzqREJFB
YgFULfr5egEo1JOSfh1olk6UzDdn2JwPIscyR8Yat29HmzwZ/gpqu2khdGfdUrB+y5RRlczSEbWc
sThJkzFn1B0fcThrRkJN/nCj/RooKl8g6V/kQon1agl7gmpn0rK/GLmUoQjDmQf6E23epllnth3z
Q+B6+UuUn27MT5zBJkj39xwHe/VVozqYVvcq8/X67z8Hy6NK+qc/+jdT5F3so1Zn1p6m5smVnWTp
v/Chbx3YWHJlT5B0ndqyZckhXsIfSD/0TFVslS8VEEynu0e7DfEpTYWc4SbUrDBZioe7Ya14OyXV
63R/YU+XaXgx6cSKfW02ga5tXrhMjp2tVsrGehyp97CWkRza066WCsbKN2vEI2oEyw08cCmwNlUu
dDY4EJHvKm/aHv8e3s5X4yoY0ykPMe2h8VtyK53FCsot/l61M5VgBSOgMxwyxD3FPWcLsGFRPQ5z
Dv/+wa87gY68kQ3yMze2RWnIKamK7P6Q+keknxgtr9RjkfJK5UB7Ns1+xDJ437hCujv8xiPfEpl6
9Lj7wdOU836p0jTNoxeYUlEL6sjRZCh0jaO+ZwDvbidDVUtxdQiGXWK15GF+euezkooPdu1hNVFt
O+xGE198yo+94nk19HKy2mIBScXngMsoVljV4kNfcx+o3RU+YQT13EZjaClt1essN0hpFMT4G4tk
WBPA3WCRNt5u6a3YejY7GCeexAFUsL0JpKUsdMNwHhVEPPJHVCX70tWIAV/79R/xqh2GwIH0GVsP
rn1WGm14UuDBi1eI9NL2kCIoBv2g3aFEpdVB2YsIioqKzM2Z/ipdrGpv5XE08muevjbLM46l7tsj
Q3Hy0Ri/XZ1xrWhbY92xWBX9bkZrx1W+n2+45ZQ/50C+hD2UK+CYfIHIdwoi7xjLdZXVTwHxQ6iK
+4AdhQfp3PAzdasb6e+XQECSA3hPzgpjjK2yOypjtt9qZ9bvM59N3i3tXpvXYn+v6YJ8Kvy8S8fe
9bWWxZeVD79Pcub6wQN1IEMbVc4OHtM9k3uGiVsAAJGsvZ+0mXDmS/q6Cq2YJxsK40otBnmS+VxM
i2yM1s5q20PRJFzgIJazLoRQQJYoLA5WpSa15IQtfHotQT/ccxJhZfBJE1axIg/GsYLTusWEZ/ya
GrpZYV49HWWrGBVMOi03S+cy8LW2IH73bUo8pfLWsiaQFBD96PFbBt6BwQhLVkSoYZTz8nFVrBua
NzMMsgm6PdE2x2VjCVxFUyIME5rGBLl6yBJUGXxdKOyJmzHq3Dk0PRohagQs2Ic7jeWwmOwjJ8P9
gnUral3fW3xT68BPCCwrl8Aoo9xmBc0CXZsKZ2hONqM77uGAQOTukIuq5HG/VkrNbPTLiDhLaf1D
g1tEOaopSyAGau0CB3rRBU1fH7qk+Flk9s4KFrbwu6tEbiuZaAQJVTB0OQpFFqbVUoW4XQ3Q1qwd
8lIGDSI9B7toIu9Dod2TniJv4eu0KXSGrx7l3g3MvUZxk0MtLTU9zK+F3bs4j7oUbTqfD0Di0pBD
LOi5GYNpjL6xRjseFl5fhQHDdTSynDEzWs5tzaOTuhFoVl5A3Z18l3s9+pj8zy5vW8niy60bsDfg
gTcEr2D2IctpWOXI0ITJb9OSjZ20gux2DP1HuEr79BJfl6H0UNWHfoYDfdlkVB/Vd0Qj/XFQMVJi
d95Fhadrs5k8qCqXkBuDZb66X8cFQUcThCWc2pgHZE/8LZEJRmQZWE6M/ahoo8UJbfgWDJwyTzRT
yOYVqivcwbSLf+2AX7QdRzgagPYULDOwIzjwC7EfExFMiBfESz5v84937NRyAslfXOd/bkHhZPrj
lPUXzUTW/5KM/P8k42P6HxgfNwPfX8Nn/VUzkfUXzUTWvycj/9MCZHIycvKMuL7QmMuWOZsFmf02
T/0bCOUASQ9Arilewu8OIBJSzQnC2KPEloWDV+ubz2679CzTaCzH5l7TGas1+OwqbauBPywrVr26
J9U6aKuWbj8erx6ptOeOvIbt1abGMHN0ZoZbToHhfNNoA7Wl7D2Fv2/2PsLpm5y/2Im6H9KE6syA
fckwbV67OqlO+xCqueKb/tma8cEbYZ6w/fLlrmPLNGOS7UfXrJ4W7cfitVpi9tDw5XCG/PXpEpby
XNZlZslzcSxrFh/fwdZFUdGhT52Rx7hrsw4d4iX9Dmk7t8RYlNudNLkrHW5v0rD7TwsJD/o7b/E+
Ka/Y5hKhpKJGpTdpq5BHqmsrw/Ofi4M2dRPV6PebO48e/piQTzrlQOCJpUnXkqdzUMe2KW9wYGN1
olNtqJibJ0JjgYklYqrg8DUXVvi3vRGDMSEuY+G+sP6hACsuaipMeYpVM1u39G1JfcD+dKXOTJ5U
qldJ6sXOC1LnkWi9zU1HgFuGNi7bDGNzGtUB9SQOQL0BGf5z0EUJNTqrndaZ6DoNkVsWSrLWmcOj
+70KoNLDL8DOE3wcqAS4fEMnQeR5mMQlkwY3yuT+Q2Pt6u3haXm0Pwl8gJIyik8bx0QHQq9gquXK
J2lnfHLhL4WBSON3G0ZaFOGaDs4cXI4xUdh9yxd7gAypT+lxdhqz4AGZNTonCOnxefGDx0dwrmpK
syCbBB8bp8HWmdVS7ziDOLysF4FbbiX7GIPnQoS2uQSOGX70tckVb4UF8JKrZV4pCFgXWUeZwcDM
WrzwmviY0FzHGDJoztSF8dZbWs8Le//2irwQvlhGwnI2NfmYLCVQQB0VmQE5bO23BXkYxBDCkPkH
94iD5UfpDX372TEyzah/p/5t81u2KWl8iZYaxLZDEfmAMk8qGIKkC7wU3tdv2ecpszlDZOp3ig5a
KRNmJFWTcVRlRaiusHhHbTa81DrAgVe7efNb0Rd2uTkHJUyp7O0Bb4BIkVDAX7Mj+goG7yJ3WICl
nUrROqMb48Aw4snVjBUE1YdxAA8sLnwtlEusT3XOlswbSurnBW8RpHUbLuJuFMhoK1nFcdzbLONC
fA5c4omG8j4/k0fPrWE+DrlgPlSbf2iem3SMu0WcX6a90dhGyldNqJYxuHOsLRphy9aIRaETvrEf
BLVhTwSdlca9CFocpq/0jfTEa1OVXj41jZ3iDaaEpw0DZo90KqCRiCl+H6sccxgZbe90Ku8TgyBG
nxLQe4mKhNXyNvop9xQ093XmaV2a+AzHZ8Nyojg1ySHauK7yOQsfZO42EadllKEArWC+xDwIiQxW
oBlfq8x+e8vo8URKiwE1mC7ShdCF+Ao8uR6rVqYTJhHdez7EUP4I4jZY0llLNpSDE79lHYWoE4j7
G43BZaJZ+nEfmqXa2DDaFMFcJ1o5Zoq0E2tiGQfsayGZnFGmEeA6n4QWm9CipR8vfpcWC6JsKrb/
LTJpQ3pNw6Qbp8TRcZgZo77Z+eETjcBQcEFGnJUicwUoDHuGefruVAHiEoouXYRhvxN3Wy45rLB8
H0p+l4MFQgyZRicB+gTOSFVfs5dw3kNxfT5vrmhIuYcO/7d26edyMGxsxeG6bzNPfbDrxlY27SSo
9EYCEdDGugeHyzjKiKHPBScapZ04Kja05JFdsxS2VsqP9FBx9qgMeREJ7/QMC5rIOE2A+lBh+PtS
ODzfO16OX0gJEV1XRt4K03fwOXEYkRmowca0wsapv+zUHeJcRVFGqHQ0MrW1uGnZK/qSF1AUyEO1
8K0QibS2tcXd6rj676p6DoxgR8w5No5DbnBGYFhjz4waYUDQvR4jKEzrqeJua3tiY/+QbaF9Fgpw
zNkxGjTY6LVkkLtAODX2Y0BgunwzwLVT0Mk7ThrCBfokWCho+WlDNDg+n1BoFNyAjQIOkbIW5gvA
HIWdrXLLRcz1hQENHZOja5b06jXmJFR5v4lz88gPJVGn5TPS1RGPGMkqnR9V7xO0gd398Rfw8afU
jeHP9iPbL+qlbP+leumfS1gK/mMJy3/igu5xblVi/+SCt+mSysLladLKUmoC6mb5B2UlNcBr+//B
BV0RoyaXyNhT98T6nn7jgjOcSYZay7VxauTsMHR22M8PkN/rvhS9ARiyUbRSfA5xVpuj84i4aq+D
49Lo3v2u9DOQYeD/a/hsv6qXsv+iXsr+N+ulir+hJ4zfc02P9lKHSNMBVzN+V/XyuGtXsZzbJTWt
IBJ2mIoEVdlz88cdIMnhSF3HuW2Yc5w8YQA8vj9861fL+L5E/tu0loTlDFAVt3igLzKsafIpozZN
was8PNuVWxPxMGgp1H4YmYnI3Wl9R77vQilX5GXs0LdxLTfntGl6sxEmfLqTO82ZICmUNCfucaQN
h1B266P0N2dP6weblwf3JBtRbiWfo1c+STRo0vbPUpwsUJuD9mKJcE/8yxkVGTEOto10u0sPS73i
ugbA+znybfPaLLGy85j940eSyaYHl+590AZvl+wTm+AbuqilmTSkWYPXcElJWqQ1U+9l9E02CCA6
X1pfoVzQxL4WgRbhznpuSweBcsA2eQg4sAa6ilWERxZqOqXJqQctV6mEqKDmHBq3sYHZlvSPV2+z
MX3ldtq32hWg+LGQ1+73Bdbpmg2ImmXNGWgJU5dpQOdZltEActmZxYcUHY52Bc5Z82qHhoB73yC/
rCSWJnGtEUXKHjPGf+OCq4SauD3dv8miqhQBSpNQUW7DGQbQtXFwhdtQJCKRY5yGr+BjqOOLWBGo
YG6azHECZaXphZbmylN010UuKvcKEWH/XqpafgNKm01hgQFwAxio9g1FDrZr06yvqnejmlp4ICmd
MYRMLwJ2uRB2BC1g0cm9FoWldvj2Ea8mNYRCAf4XPqloQRY1+AAGO/mcKkEqNxosMFecnVTEesVg
ovI6U+RAjfxgRTcC9GIA25NF9I0+VlPqgAy+mtWsKMDm+nJcYY/8yhVlJQPKJJxUZNxFdXOShtfh
o3Cqev/pDAvykuR7G8hj5q7rz88S6vvIxEumh08ayYSLokbSLLNRHm08DgK3Wsrd0HB/CQ/uM4wn
L0bp0yEjQPS3d7Q8UxUb/bmS625kCYKpD+7yN7QpsS73ISHFPCHidDPwLqpSlMwlUG+OauMgUkto
c9Ve9WhDGmjihrxhTflSbwHFYUc3vXNBgpPX3Gwd+tCK/uWxhLaD03VHyBr4zMErYUlCJ1dNs0mw
paFjn9MuXeWRZv7F0oIGkS4Vz5MlcdurVhzcTXIm4XsvUCNx9N5ZBTdid5peDdb6+HWwacn5sjl4
k5qeZK8hTD6ZoisJyqLw0FbfkXdgsKTTb0RXzvTbhhyZq4wvIQ6BdsilCg98wLNogKOu64hWQEAx
IsiKxW4sCoWwcS66/amtIfJ1tv1F5uGOP+lVhm+JW5vGuzkJw7/WD88UNeTio6YSAKI8SqjFqLoY
vJs3JtZCEH9Ggk9qcCFriEvzUxwS66IslRhSVz4wh8lteKIVZCkWvG4dftpaPN1q3Iny8dVe6VZF
uXSgo5RFspW5ILKeDaJYtUmpVcoQn0tu2C95D3UxFI073AUzhOWK7lF8DhDWq2nI1eBbGlX0e4Ro
sZNI693Jj8xJMIGd3kMrnqfQSaltzeMV4IxqB+gWuGcKqf7QyY6BkqTm6p00lk+M3wZs/fk1OHpx
JcO7BAzWQxx2zw2c/GkkNInSvx+chRts75lV3yQuLY8kyi8Wh9ubo9xu6GA8hyj/5ynCZMg8+nuh
Xh3rvpvXBjmG+XVtWrfBbFGEqlMbfTuJ72kvR31O5hVB6137z/sgpw9g7i9dup+XyEgUz9DfChdD
3MTRW/T5hS7CrAofE1DKORG84jHGCn0M6Pt/1H0tyH1ooLRv9MUibbf1HvSg0AbLyNrugwyMHHct
fcPHMOkt/hnWbOHFQXxP8CUPKUcTR1VI9Msn4Jchkr/uAfvn1fofqyvZ/zj9hRaP6b+pxfs/QODq
/wcCp8sg8NfwOX5h08P0CzEe098V4/X+PgHTeU79lHzUFVx3wNEcHb1/9FJkpyMuO0UAKVUr6Q8o
MHtW9XE3BUQgOigF3/RBIw0C1tHQ0HDjzjV65NK3fdpkYWZ/NW15aea8Z9+RnZWlY1IyDs3FG1Fj
n2Iv3wCa9V37LiKpwWqI+9jlk/EjQHbb/B7gHyMwH1Az0j6xWVk08paqk3txzlzD0y9E3F0ac+W/
MTh6dfiG88WLGM2NDAf5n+hXq0zc/N8hWtl/X8b85aM3fGz+h6v7l/vD5KtKRtQqm2OezXSlJZaP
Vx2PBGnpiIQXyq8tHONoEaByb7C3SJsWd9iS2yZy7jl2eorWk2pJc1xAZF/Stee5/ehdJG1pfUxt
GvSf7gZtuke2JuWTgfNtnDTBFPCFkNpXUr8dm9BCx5TYpiyX51JbdpWrEHYWjk8Zp91JMZEBU17K
9iDaat8TmbJAihdViqi/gfCLxRuuw4/62hVFrTu0cnhtwA3byHYlRfvE7LtVHSjklKhesJu7cPpK
j8WpQCzsRZ4ey1U1zZ0nTj2E9SrJIkVKXXJ+A36wx1YFXmR2sM5U5txS6yQXxJUHsVkckqSKfFpa
YDxGAeYdw3WNhjYGOOd64aF6pqr9GESRWniYXBF/VRXgZcu8bDcS7vNW5OGiQvClK0M89A9islGJ
vrM17SqI0rKPXtiPr6aDD/zOTHERTV3O4vGpzQJWl95TtE1g9yz/zZLaSjVUCo8SJj5FDZIGha9y
iFCQSWCC1CiFI1eBdJ7B5ItGGQ2po8YSG1iJhqOMMQn9KSxAW2mebRizD73pSUHwPlEIr7KGKJQ2
Na4VLmOPnkk8aYFxAwqYkVzg93YZgX7h5UP4k8xItd3T8+c6yjYGXeFleTwloIflOLLMr86qjGwJ
EDQy8xC3BFFVjXUGw31HBsqFwEr4Cy+9LEKn/cjA+dgiwzRW8IwLxeKlwn6c5dwzKA3hS0x4ziLs
mY+P6lruBN1wUr2zVQJl4dVoT/zxGYUPOpzC0ZXYRdDUIcCNKAjt6lE8NAnP9ZbClaf9gizPTlU4
1LFJFW2xzayjbrm41LtpddSZLUA8DUFPfcnDAAO7bpmiXSuDCHGLbAg2XrDZbOUhD08/gW6ATo8h
bGcUdTDyEfJK0mdgystTOUYsnVyEVl3aG+th3HTDsNyUNH+MslQCQCQ42nQQHbuJs00gNjRgRw6y
WJgJteGV4DpBLEgEbNcBLCI+IamV6RjmzmtsZmbQiw0OqWjOJulOPtpx27gFxQmCZHupLuOMz6RL
xAxiRM6hNt9LXdd/6A/zVCDCX3QdojmhWY9OkKRw4gD1qmn9AIaWaJuNcZtOIrdiAa2HsFUfa0pC
ZJNpTCUKBG8Zs411sZi9zqLCE3TLKe5XcLul0J2Z1EDAPITORCQRBBcMKOK4+ardb4BI+ZTDYnDy
PBfuV84Qe8PjaDe1E9/rqCw3LanQrqKxIGiaF4uxNGXhQn20QKDhUCouG9zWZkZ4AnYoZ/gVckwP
/xJKVysja8DbzivaIFOvfyyyupgo+I2kNIb4CQ91GRgzjbkNHDQSgl4KGXIwTU6hsUfAjIVHQQdr
K949Ooq6zAhZ6zB3SO116mznhk2HslFSgWybar6tMXCCBelpTawOHIwScqEvNA+EnZoTfCbs/Ssh
rynH9TuHOqakPNRdnyyA0Hf+4IrMdXb3znhCh0KmAEhavlUsOsKEYjhIOD3ga0YFN6tSfv7Za0NY
oE7KrxGIlaCL2jW9i91FfgbfsrAbHR5ztGQSP1QNKIRmCoDZhjmiath1YedxyJ97D/rao3lRDaoR
mt4lzSNlZ4LX2dHZzTuCThj8dRcXe8LZ4z8+zn+QOiOtBiRr9us06t02fYv4LXm0eFRvRz1nkvCh
mAYJNS+ghNoFqnNtB2XK9tn7pBJ4Msg4jWZHeRnPWM9YtwYhVMma9R4h5eFf4J5p2n2SUI/Fx8bU
OMXPZ/X7hNYg8bf4BUL8Kc1jZ/3j9BfSPKb/mjSv+e/06/6Dozn2F7L+vo0s+fdtZP+zft3eP/t1
v3E0Uy3sVomKBnww/JakL82Q3x09ivz8a//YRgZPG9z27/06OwbBv4b/K2ke0y+keUx/V5r3x4jo
8VFm6iJxdOVFPJ9SDs/F0JlkCwEnimIcAKy/UmrNNW5sIsbwZmOTs1AaEJj71UZbEHg6OXT6+PXN
xNlqTM5S430D6GjN+mT10fKolbNsRcXPF6N7oyQayw8nYvjhBiMybvSH08sbwAw8swiM5FBxtfkM
WiH7G6K2dHu1Rlqzjzhorf1tr7TKavbGKnP+mYZL/Qb95oZt848twqt3/cGuNZLzR9dIb2Mg7v7d
O/OScIGSnA559mf8kylN7ZmlJr4Z8Axn0fmcdZqVRFza44ikHm090vFDpJIucD0iUyelaEqXqCkV
VdedQ4PnzPk6E2Ed9qRLK7aAlQM+TzfHqWv+O7ZtkorFiFT8sTiaT/ortHtTp6bOn0f+wVuO4s9e
5o2rWfyjcSkVoMk1yy6eRmQxExsYUKTztv1HV5e4i3GafLXnFjEIRVVOM+W8lFBxb0OrQcnufZY6
FLfo4weHRt2YL8lVTWcUpla8GnBuG+wikEUNl9WF0Jqn3pnokLbjhoBUBI5w5VZpCs+jTGNtcVRx
rP7uhZX12cZI0RVyaCxjIXIM+xqd+Eajbm6QXdG9QmVAmwplcBtfEpQ3PauhVtUpwMk2/A8tdCn2
4ZiDlch5VpLdfnQ4YKWCnCrniCrEoFCmba3LVITzabeU6KOiXJgoG27K1SuENo6ySljXWUgBIKg9
fUuN0ZBfF0izrdDxoH9A95+nqKl+GWAvnwVmZqNYhsSOZkbkg0tFQLW00Q1aOCT+lhgLQMHDbqt1
SiMkVMk+VmYj31JWjop7+INQ7mDppnqOO0sNpi73J5lFJjdKMyuqN/3cyHplydx6epVheN/ZPgxo
czCPP4CPFroo64FJAOSjkem7xiZjiMahUtQ3JbGG4YlHdZARbfIIKcXw2EKRw++U7gp05Phaguvm
wVnEGNadI/pFDHHDWJ75UzW+hRPMImWBoWbKcOK9t11GRQV7e6UqNBMCoZ/dU0lO3JZjDHSCaczD
Y8QoCocXTTsRmZx+FqwKS7aoLspRlgKadRGhYznW1UKnCV+UyOGkmyx+lgpzPgUSJnlpNwUUVKlx
4W2eQ3t2BE39WPg4gbi0kgpYjMgOJaDxUuhaEIPmYP9u3xDP53x2GPNjs6JBWeQIcOyNUC2x5SAY
eUoy0EPDVyU8E6BPJPzrSJwDOhEb9YAbuYLGhD7TUeZbH89mLSy3TaXxdDRhtkIfvu8568QV04q0
p5+1dfJHcInwtLH9CK+yIliEssAToHQjvTdiAXLic5WyhKzSmXdVOAu0mD1sbQRgD/kQSgmhCj7J
cdb+Fqnc7oDjA57Fgl+l4hh5ip+/oOXJM18DYBJXft7TZsUWlZF1//Ui3qqodAPdsphok4paoOiX
emGaRCBCK9SZDMCfLsgHN0pcSEl3AGTZ8Ft04lty0erUhHaZODEnyJdLF0YfPb0YGN9W2GlqAkrq
NDRya6bGFnYI4hlNUSReqYGllXy/wtPj1HqV6kcScWjHhYSHaih6+PKwc9V1cn+NRvOfpFqMm13p
cVJMm6gbPfPwVDwCIZviQaMM3C4pnqLNVD0ENw1c650exEGASjPHwiaS35cVcJjf7MjgN1a4VbTE
49zzFgbay2GQoIHA55XJ6KOMgZtUGMVLtaEfYKR3YDBe+2LCy3YQq73fupSdQ2y0XWLAWKFVs19Z
4/SZyUcxH1apUKyxi7It9dwQA2x+9mBZUbHyolgz69TTKhqIwVwVVN1F26dIF3obSIEnvE96r8Js
gicK6cdkoXQVE4s1pMaPaaM4YkphK1s9YI6VllbVK/RkrinsG8V0J1Wp7BHSkEsJXO+bL4dfhU0R
tGrcCrSQSg6G7FX2PSXs9lmWlfQt7NVgwDumTN11tkYclEQRIQjK1N+gNcsKdxUhF+EhUbW1ToR6
7SyOKXhYq5yZUvIda7HcNtXKA+Hz48N7LDgYqBIsW6/T/cenfbckTvkvIIL9T4Rk+9Pm9a89QOa/
Kygc/w0hETqv1ScUBY3nWIo5tRB4rUZleUAsg9b8oz7h7WzluTouYN7wCEICcWyPtPNljRG3Cxm0
fqVd34a1gGvYyQtYKDRvJ13IVueW+6d2navMYDUKeUntJgxteOaZsOr8xobZ79+062OR45QDydzV
0p+5XSXMX1A5/QAMvjAI/dWu79/0hBx/Hv61Bcj89/SEVWrS7ljsKFv31FfVsvDZNxC9LimFcmcJ
PwZYM4u1GZ0BSZmR4liG3t/81JEY2OTQbXufMMSeb3ldWLctFWAsCa59aDO2xjsoq3ztJe7czrdM
HDQjzVNYsgvPK1YrHBnzT8/TdHCe1XjDcOY2v77DB3Y/hzLSHkqvzqyDKk3fiDJiTgw1ajwqjRLK
3jLjou6PY9Kmb00/GN02uTedfMxK13Fe7+gfZk2Enz4wHXWx/b6q7DZDuUJgePly8/E91C6riVqr
dQm8vQ51ecHXly5It75g1oDDb2HrSzCvn6oMWY2xt0EDxqf+zNcgRUZMXT4qhZmM8jkzWXxPefXi
+innfjKFWpe321f6Ml9GPCI7rqKI2UKMKDEJLUHEfPclD926hB+1hunrShXp3RrPUVvUtfsW5yvE
uOqNG8rfRKiuV0GjNObE7uDFB893Abi+hGuSJiSSmVK9dpo6v+0mp4/wveUmNz1hP6ksVeLQrt5I
gdN/0NmudP6gPFJYr2ooH2gPrHaYvJUmIdge8xJN0qtagVyaY5O1dllBh+A3ktn0YfOZIBNFwfSD
aBTTLQEJeaDi5dbTHG5ssIWtpbHusmt+xOPMITABRsEJaM6GRDOmxRwp2A8VhK69LrKpGtcozB0U
C6KXHwKDnOAgzjX2xu7Y9y5U1MCEeN8IIi/ri5pj9aTTBk9coHiOEqZJuO88zLVb6B/n/5KDzMGW
5JRUggsBh41qERQpbUb8bEWCzBuQrLKpwYLgxnZc1qqSFPuz2zWwVJ4KxK6ZUGsgv54N8LvuxTc+
y7h7f2V6gHKKSqYFrH5S75oNPN+U6KQYHsF220n4aetnMuuC/AFpWyZc8yuuVVDYvLiLaudDFdca
AANa6BDLOpyewHAxlHWuVrz4RRLY8H7j26xq6/riraABmJkWWJUZPJFw11eiVLR4wRTkCQbMgv7S
raCnuJ5WQuVONuoSHjYVTK2UiSW7lqWQ1rhjL1sSADhU7bwwCtyr6kxbrp+cdvR5bpNEVAugHO4I
ckrCiiTBjx9b+9JaVKfr6a2YbpyoGXNDkvFO34w5rVSWbJMm9G6bm73TQKkk+b94Ovs6J12kzSc2
hcL6fD+PLVUH3/P5STlGLu2GIYCnLKb6dZ0z7gczGFkKixqdhYl2BQHtqzmM8/LueZ0joiJR8qou
iDfhsrhIyS2Q/brzdKZkqtozsrcLCqOgH9fXpmmPnZkq1K2mAIhyqpNxMeNwkn0QOnaxTPAEw7Rl
x56VEYNKTS4f7x2No2spMWifShO0V7ewn0LYHLdg0i47RVNWehVOn/BkItijlKM4SEGa21Bht8Ru
gVK+LtwcB3dfCVObXXa48DG4LdpXI0i53bXm29RnXL+WzuMF4k2p0QZLq6hTldrIt11y5MhJgrfO
GNwP8Vo70WHylfjuYLw4rPFo0tcXCB2RH28DTjh24kV9ptaZ43j4znDOuQMgQA6IKchfzqYwiy2P
FRVQWt8P+OPWGw7Eg8IM/Hjs5NL7PrLCw05oqusYXsJEMg/5fMBzinKSkyJPz9myUMB7f4XyCINY
lnR+8Bj8obfYHu+lhbd2U5YzpWsJj63Wb50ry864SQl+pHC2NZgHWPHlkGmGvTFw1bAQPO0HVBjO
F/smYJlqYgdOOD8QiQdOz+/clrYsPHABHP1dPKfvvyFOH3mxMnZfkgGLKp85NUtIsimzMMBXWACg
Lwsax3W7be3T/NeDzk8ebMWOoYZG7t3c3+6Rl+YB0fHPjSKn59HMbb3ses/eT9qHtr8DGjhMof/i
Sv5zgTTzH0MpzIy/cN9m/O8tkP5P21Ri/qhp/i+3qYD/vk2l6F/bVLT/tU3lN0Ti/AsiGT+PPeON
VSlIqP4c/cc2lYrloi8zW/Np38N1+PV//ELg/s+Y/jMgMf3CdZ3p7y2Q/rf9YumYX5tIxpvxNtkm
PeJldNbTnlCJBJEYJRgALDRfXrN1Y9tX0uVKmrLCbJBWxjk7zJe3T1ky5ii/wOd4Mr+8PAWWM6Qh
fXmzqufo+oc1D/3c8eqdTfbkyZ7PKL6e/Bjkdubc5dddcJ1XvrRwTSy+u1C/tq+npHgmEfOHmVfj
kk6cRdDvHamm9+Okm+wJOSeXHy2jb2+j+Aku7rXerzkXdMmrg4NFK112BU9V0dd+9+WRjR/tbV3d
bzLsW23xV774RL5uIc2Nn4+kMXZFvJNyJfdBNz/N1+4bbOo4Um78zdimi2uS3l3aR4rvDwMiIu1Y
4j220abAN0/Y6lvczc19nKSuzSJs2DJ6ZQDRvvGdwZ5ualothCbCRqulv+ZCh9v5yMN7IUMAuDkg
ML02sKkpV7Jyp07V359SjnyQmC2OaSCz+2CBW3jJYVfxcGrPJLG2mTVQTXvX5Ddje6ksofxQhHP/
gBLf6kYULpjG4gzTZwrofuYS2ddqqn8VueoRqHnJzF8SPZyE14VBe2pgtr1qgsIiwzdkSBcz52ge
JAH9EhErox1nPXgYAGqqWzGLuO29b0i2RCUF4Nc6TxnTqI6lliN4R9ZCd8KeyakPUWzVNH1ivWMd
7rRcKVPBQTu1v0xNguWFEGuNL2vp1IMcmqiiDeHoTQIuYraJha+SUV6841RAU5X1JVcpr56XO7kV
JBEBMBuSFedEfFMpDBhKkwWOxqX6vCo4ftZV5hs2D31AFuDRqQu3GHLBGH4jRylLvBFRb1D0Hu4o
QD0yXKU9NPzXVho+VNYhLY9VR9paBgIfAMmqV441GYYkvUdR+7Tw2QCH2A42qnk7xMDTkhVvXgNO
tBXCTKCDfkNwkHJUPRi3dL4aUIXCZySl6ix1pbBBn2RYrGQRo6c1orpjwgJu2/EvVYhOP3KjWieE
SkDhF4T6KfBdIPFPZqoozJCjT4JESUXrjwI68F3nS8FVUIPBoxAFZY2EUm39/UAobwK7GRHiHjUY
BIUFCZgxRUiXqsU3h9e+ibjQFSqxVjVqR1fjU4u+6bRPwJspJCPE0NncrWmq57HRuJ5c9Tz2t7ll
sbZz5KOoV8bpifyWh+cASMqka1aIR53Vzbq4JTaSmAlrkwOWx0CIXnmprZNkjSynI13204Kbn7BB
fZtfRR6wNSAB8Ef200mtX8gexfHqPK1crzVxSrv/GICoDyJ0cRMS408jmHS9/y1NsjKhsQqpdz80
gCgRe1SPlNA+gbPpV34y8rNRlfAPs2MIyPRgcnYvsF8eXVkbSBcHgru7JudWlerqhnWvUveeHfmB
RgVdGuy6mZ1eIOme7iMCPEmBMFHzFEMQ2It5LFRnDhmvDC1afpj+EKh4qgv8fktXI56KSd2W9zQY
MiHxGNf+kkV6IxlAwJABtvf0g5lZu9tSF9sj0IS5edd0M/cMRP9RZw7McbuPkmucNyAzL5BnNG8I
aShW+dCjmfO1Xd3Qx5gBywTnekyeBirDUoac37t8CoPfKdlH0PShqGisIh9dFR9Rw3JCAM30NRTO
H3DBlA2jrT8B59qJDFjxGzHsEhsuO041qOrtGwtYKpVL9rteOlHUT13WeeHzJTX0RQJIbbBCK5RS
Gfmlpv3ToSa9Ee5skIInEiWOBl4CDrPJRxLAdiQSJ8jqSOFu3S7PwTDGDOO8HLonsaH3JvGh7oiL
lyFB9g1krvf9k9b8DHh2p3s7jAtLQSNV2/lYcCU1EmTaMWli9C6/sVk31IiduN1eMumVue57MGei
AnkMEiGFnGBk4s7ocqmx5VK0iFKWBkuu44I1KZIxYgF5pwksBbYT0QLoAjm45ji6Iqq7r2J3CMia
Roo8QaSz3hdZFHJOGloIIMP19ETUvOlYy0bHsqatxKKuMXb5bcIg/PF4eMQG/Q1smn6c8Z7evmXI
b2O5pl/h1jNgIF4HS3hdJtv9ZzMrI26i84ehn3tDvzV5g5CJ9rAzJAArM7AgEmO4RxTE8S8NSDnR
7lN/OAIgxtGk8z0FmeDSWFaydeiV33xuoxhG/nVi5Z+Y8U9wYWb58/Sv6gVm5v+CeuH/qGA+IrDm
3wXzkL8QzP8zqP9UDWVm/qt6gZn576kX1BXtf8NWv+eaVl5bULXF+MsVv4u1aog1Oj2sXNBw3hkk
U8c8kZRCHAv7Ufpt90KbCrklwAxb8nrTO4/nTfftrO9zHJKWE9M/05cL0Jed11oVpd4bM353DiIb
B5U1u+XSlSOXFLuPINWvxEki3kqbe1z/Ccvmi1vUS/OY0lmsb2fgFYb9u3HQjCxnuHjx78ZBpAmD
8XZns/IPF0fTsxkZs9cFrS0t3D/l3czHTfj0QTpSolKa436+WFNLyX8dPnu92wfX0jSWaq/73bwV
RWn+xjHJuyE5ud6Ry/C5XjPeFFPOG/5L2IHcWnRkTa0JdaV621r40HxXrtRJvFVRExNst/LSx43A
+VJC33icTWe9kvu0H06RplNcdIp3hja1EwZSeifhaaeG9SEV0sGd1FK8irB70phjyakM8W3vjJiX
+I2QZnuSDTPHMsoQl+ZMO7F5bYOldfShHllGsFRTAnzwzPdmoQolw03u1dmM1lGu9qDrriKpi4PZ
d/ZQR/fWGjGdRiAkXQ1KHw1/WEgZXKe3Tw5nRnlHbti2LJIE5zqzOpnk08E97PvRbIw5aK9T/whx
Llz8Fx7dgcdp+EwKIA35KwLDAIMfYjj2r1AAi3tqSHMXwB4abWxVx8hyHoiablb7kbX5WyXzq3hL
JLzotacc0marexnASO3J3AnQ0YAidCfEABa4XeUmfhXpk7e6PV6BiSb3L8SVNaRjhbAupsTJ/OH5
alFOW1DwYmIe1j5Di4qWsrJ6eRgKOj6y2QJepotwpwZgwwOWwBNRosmRybDfgwRxtEke6gUdXeFG
I1ZpYOQsI6+pza0n5VCRFrXHO5FuKoqR3m5bFLmD3V1g82fYtDaFUFbamnhSV84BqXIqKEU8zSvh
RF3zJYA17vEE58rVFPENiMwPBTkb0Pu847adMKGrJnFrBvOH41EA+pdD2owHV5ra49Qqk9S6n1mz
ASVPfCdCEjpVHgQT1RpFKzRxnczswvz9a52qkyLNe+QIloDvIsXzdOwI6mrPZe0tfdPhFiwGrb13
OEUIDgINBJ+dUGfbi5A4jNBZWtlVR1qZhBqQ26P42HkZzBcqT13C11fzWuud0Zdv/IP9mPU0HtV3
et2hLVpjCVG7fHATIwANfb/TpLJbILPNkJ4hGDyqPouAsto0mye9lYj0OFEEjbQrm547mxiNKw7v
E29XKtDNBM4XpSN5qljD2uWSngtcAYkIvSRb/Oyi5SvCBLuIaiuqQmvzyY/nU5UaRyijQKH/+uar
07Smkt3lcLlm0GhwOBs4DtU0nn1ydSzwgawB1aT404Ls6zlDvPAQos9WSox1WwswiToofhtT84QH
yIAXhjEieCR8mpCeVb9tsRGYMuV1KRMtCYP/LGgIJ5GrmJP8UENhTlPquvn5iLcd/IWzMFpUfyVp
RucbXZM+rItZa5ihQREjACsBnG34jxa2xpC35/wmKOWIL+WcEFk8JA+H49anThVLdzHDE5pNhibG
RuAB1KHpx3BAqNDA0ZXwSlgqtZ4yOCdxlS0ysQSFhmzGZzAg8W85NWvK9/jGm75Cm48TL6xq+hcp
ohnjCVMOYkaF4zSjaG+Stl5XkrYWfHkVDPhdG0AKAUvP9MJYRD8nQvUrt3T94Ax0bE0bvDq4CEVw
AFprGCSKZ+VHN0+TY4cZWGpIj0KAl/c6NwYNa9nFtVYmu5e5Gz1fRnRwnvvb/ULdabIdr3bxEVEa
YVinuhzsrWNffKfSqOrSlvONfzZ2hUrZ+elQCN3bFxGYgpg8EXXiTlQQ0oEddCf8DPBvCjxiIoc+
bc7V6zUDp1nb+dxOqaTM+8WN/adAgY35j1OWX3BBlr/JBWWh/wFY6p0FgUt+lf9Zbvel1pnbUm/E
m+SAlJgDeQcZzY7o0irohiwAkjL2iFS5OXiOGb1ZQabv4lKkrCi6G65UPmJEmjhMk35BRIVOe33D
IF0bdHnWR6nnYCEZU7lPVCvrg+FHa9V7g+yPqH7qR+DgTQEnxfco5w06vsbYu243eC6u9qMaoWp8
A6xfSNL/GdR/BizWX5BB1r/pJvSHQEF2MnLipL++UhuZ+9LjrLG6SMYrREJBRASIBWBN0e7j2Bc6
EOmwlbOxmTdZBND++1b3JvjvNnf39j6yFb3rb6C2mwZC79YtQS8/mNJo6S3Z7PWnU44bTKQiIki/
a3COgPs4Cz1/H2JvfWBIBdEIp7cUvV7219sTZMKnN2+cAq8ahaS9aUklaxgnrarolX8w+zC9MeT9
4TyzFdW6/xnMrU8WMWja8095wmoTaltJ//Tmx+QZ8aamsZPW+pDnqwWTptLnccxCRlTj72YK5Fcf
07Xmx6M+fogbGaTHowdNQjmRJaM+Xp5GBHnn2+oV8Oo2+zZsvc8RoFmyx6MuXIOHMGnk7arcku7f
N99Zw0skOdcgyJmZ0kFQpbQM54WK8knw61Udm5FeC6U3TG9GWdpSIxUn1gFecCZPnOTLSgeLE4Mz
1Y1KHpIz0fXUlLzFjYyxptklIqTaDyYdHBwaBnXQ49XIVB32Guq4X0VzBZJnm24dGhyZ7HdyGd9j
gtEOf2ZcIDH4XOU7yGnVRIpVMqG2ynbHqjX7Q6wB8gZnUraeOMQbOh5BjHJIHatxFJI+RiVJOjCT
nI5q6FPQZu1/E02JCtIdM6F1HRoNU/h5WPGOIfNoYoUCpBfVV/B4yarlCM1/iTdr9s4AtNj3yssH
LS9n2wSzrWhVmVTNxrW/4Vz+HRM2xj4QcoDeBtzhIdCwkMycgz7S6eaLSzy9olMJZA3eLclxfKdC
33QI1SEjntsrgiB6ZoEQAPA0TKeMrKrkuOhnd6BUSS4cTDOMgCNTWkTxA7EJdzfo/FMpvYM/0p2B
bAOtUar2PURJmj8Ik6OsVsoYr/m3hlKTB3BCqk21yBh1JX+OLZFcGaJXKNT9lZgh6ABmo6/vi0US
pOYHSSomfCE++jp4Kiava1Rz7LEzULC/oY1rV/tLXiLDCyEKk/g8RwwJ2xhq5ngjAhplcjJ+ycQZ
ACYHaHIofN6tPgLyDBNK6+z/w9yZh0P1vg08CpkiChWRSAuVOefMzJmJ7MmSpZN9SUi2QqjsklRI
JBRJSLIvyRIhoaisbUqbrVRCaNP2U+fU18yZ93q/1++P875/jYuZ233uuZfPfZ/neU5W6V7O63cF
ta/QbpJzzd44kHXANoeIoGZ73+ScN8hAWk6AiVLEJcG0F09sVDtThMqtPleOc9+02TW2xZVhUVfV
SZ7xKXxU4PJ6OofS+iKuOClzXmPNrJQuQzjl8cz+j/zlBvfgfVb1p3ukY/cOjccUi97pVaieeOJz
a/OuOVr5OzZ1Le/XjavKKq3ff0FnoH1vUGJL21iuSvqOgwVinc+dXh88E6YUWFkZuW6nrH0a101r
C5VKy0C7ix8/uI75lyka3BiXrnUsbBmp4Vh+7IyFKvT8SIPNo8B3LQ8iKrt+xowc8d9d1/lsw7rw
1Ce3jnA7kn8oxh6H6lMQfnPVmpUBLhPSfaLHyDln+N5oKFwJ5i6so8eLhEhVq686KuR80aPgUUD4
cmGeeBd/sru3n1OImqzYoJCQ4QFqanpUhWBkh+VJlW7ncSHu9FmvP9oeDzhgvuKITMl7NeeFtq65
EsCrL0Eat/KzLWqjQ2VLkc/0bP08nqrSGYZ9djM3nR7uEvxp46gvQ2njWOs1cD7dffkkdS1Xpr8m
gxbefmIlV6Cta5arq8Cro89L7aXWcYWthvg3KIe/GLQgL6vkeOrvJilNu9MeGnyg391Ca2iG1vvw
av4VA9rJ9tocRk3Zqbn75ftfbKLwqQkGfHYb5Xr/KCvW/fCWT2sW7048t4DcwMsPr3HbHWJuae75
OSPBqt/NYyzgiEfY7M9Cg44++U6JQLpeBVcN14XyxZNZLirQs6zKUu0d0Wr+xfEx12L3Z/7Y1snv
8jH7VF5MD9/dtj1KcUpvNQwH3eLXu9F4fIqM4hwWvW+fKEyLSnucWefS0bpMM8rQyT9XLeu74vsb
3Q1hRadKiqq85RqgEyNeYVFFWTzDU2StHhpODqKrbQ05G6+2ecPqZ70/lUOyoE/4RE/955lBwD9j
Pyqbxoz232wr/59mntPWcf5vM0/z0U4Vl07o6XyXtgfHxa5rXexRSNKXNdPvO1QqHJDeCEwEar1d
r9h9bKoxG6s+4iknhMQH2x+/vbpBJKxm3ffQjymt34x/NWZybLaVQzR2jRmNTWNG+5fbynVPilEF
ar6aTqzNkFX4XLytMHrW7F3GImq9sq2XNCGRlBMrYndWt/IFMWx0RWsfqAgXFZrfRnKrajd9haIi
eaO+KCg7KExO9h10UU4SCK7yoyx9vrBkYEPLy9e+VVfPCm+1eLL2S8+9LNH3zbyB35b9DFU/t+nk
ooQx9bKJfWHtumuExt97aua6xBUkt3MqRzoDVTadOeKBGwtNa6NqbKKCFl8oYQx/tmk8Kx/Z2Kt0
I5Csyjh/vWW/vlEIv81SJaUAv4x5rY8jTAo+hUjszhZd/33SnLvK5HhmX/Oxu2daI3+B9DNpm/T7
mice7n7olF2fIqAlu9D7woXZEf2aTuoG6R0XZj8WnZ+5fKnG4IZnWz1z9fQeXw2iJm2OrGr2YRwK
XBXPu2Q0fzQnw/1pzZyyfendQ9r+pIr7q5/DIe79pqrNUcVR+Z8umxyNiFlyEbZ7+sJat2Zk/VtO
948RsmFLBEKSrx2szyEDrT1R46s0tQeqPb5y6vIc+iE2tj+SN2GlYFr3T74vGwGxtleOdXP8hNoq
79tUdJ/Lu5eeZpPf3anA4SE+Q1JV+dGBscE6I/3PL/yad7/Icxum97476MbffopnsNECnrtA1Eo2
Ju++5h5optThplUfZi1v1nmkwLP8Yc4l/ldSeir8NT2cX1tdklUQ1XKSwWshrRiVT6u/ijvaXBjK
nbD02nNVZtvpkJndCyp6FF1U5wkvKi5rnXtzc87S/k7u5aOiV33rR/oNH07emOi4YxA378eSeUjo
GtGXt8KsgoSONzaAnw8JtO8QuMfoNueXPrwGudGaUH3sdqGZHnetfLynVLmp1TO38wOH466dW3Ln
Y9rbmY6We8jnkChd7vClupQ3jFRo2eq588MK8g24bM/TJPbzbbE/Y77C9qJQZWWJlpkl3LC+u/Su
bSjFiW9VufrNgS33LGKdXN4W5V9IsdwiLhUuccaWG1zfFJ8SdHI3t75HkKtc19yszrbZ9FHnaoOq
WNHO1lPWekLcW/zvhpRZHB6Uzosb014UTl/l6DrU2tB7oEPzodjR1H06y+KTA3YyhOZnVywoWDMo
XnE+hWvz1kbN1JDunQZRfF0HJyZFlrzf8ZSXdqk4ZYFmdI/GjkfGHW4HMpQ+5V0zqcgn/dAJNrtI
35kxrPKiM/ypRdNaaQuF7jNjahzFiRKrGn4ojvcLtNzmH5DYlHPUKZcHmiEgWerRvDAl7u59pUSK
AudlMVoR74iX86O6aE4rL5MhYVMDvq9n7ZSXbntppl6j7jfzFCISfHOZQGK1mneMeOSROSWXBQ08
hNoGXdtWwdfvy6rHba8ZjNR8cxZUrD2Q/U5oxVxPreStSjrKOhK3Dtff6M8oOeK2vW9Zxz0Lh4Bk
rfdhxTzJkn2I8cEj291Fh+dG7PualrunYKDa95y81OICs8QNpeq2lzQPm61RoWg9pnWPKm88Gj73
1PleDvFjCT6qd1XWSdyskDaWqtz3aqz6ICLEv5PDJjOlSvN0VyasuOuFsupSuQeOXnOdttkW+XZu
u9csFrs7YoGIrLjC7KZ8jfzQxDGd3IP08StyV2qUUyKKFPYG7HEZUSSVXOnLnJS9eMlWRp8+W+LY
xJNhkyMxh9IXPLI+TNe3vKMQMPHGYGgQeWm18luLvWuSnUifmEyZ4vkrt87Yc3DADzd8Vm7Qubs4
vU4mJch0o/WoU0hHlTJdhPPmoza3+qU/NwfadVwSrBSntyU1UXceHEgM+35qcYeNo/fml/37ykZ8
vggfk2jrqz7QlPSSvNaIdvb2y1oN12rlC3dSffNWaKcIb2nv/haipXO/UeIs8JZzAk4M4HH+IDNz
aYvpmGbwcCbDyH9JJUNg/6ovtzpqFreLmVl3yzxW4VQVeZJgy71Myei29UBEBtfNHfQvGlZ9I+cG
qpU72ST1aZvL/6lpbDaIQf9ug9j/p6NSSHttqnjExa1/PwhvuyKbzeUQzGbpJQTjl15C8L9bemn0
q3cTujpuetUyKTEpXuN2nNveTv03iRl7xVv654ZEL58/P5WjffGPr+tUButNPLVlzbk1OCIbh2s+
aUUGaEeO6p8fKnkuoeNiVZYxWqZXtm3XmF1Vmt2G6Ifdb6VstviW8IUO5LVeb5XZcFV3wS6/OwmC
CZ2S/n4lMydE5o19sLNsL2h9KX3KqLfQaqBxp26V0tewbSNKjsHDl4JLfN2vW38TGPY7c2pgRe8z
5zaTktrJ+ojHd9/v/enx6f3Mp5b2Lo8fdfhObpcdHvz2IXpiZ1uCSaSD4KCwQ83qCOF3z0LlOwoc
PC8NuAydngGRH/hB0Y99jOVWXwWTNNy91Tf4C6bMye064dnfVRsUv9b0S4tn8YbUyi1l/ZY9q9em
SH7qa9reFRlRz6Fm0KMYPa4gvXE/595d5yo4nVQmcyqPa1iXTOzJX/ydPFl08tyiopVKCx5MmoSs
4kuQO7yjunNTakg+aKyIfEjue+1yttAktzfrEEe5/ObzkWoNckvS4gvyPZ4d74xOCG6cl1ClrRqj
aqZ8YlfUnqF18QdmiduvXNzS1kTiA/3l4/bteWafUMNhKWop4zs/uOKa6NLYXSflTpd3qb5c7SPi
JvxuAuB9fdHctt0rb0EnI3LbZtuQzMCrPsLJHEk5F53aQ3K9egwPzbjF2bTU+Gnb27nkIS95C67v
nIpmKiUjyTHb17Vm579e1mAOZjIMVN1k7h/orpp9duyrnq57c7bmpuLLPBwtpWMlK7QKFnG7zjKz
kyiemdCVq1/XLn1bV9cmNsrhgPtsTWEkW7slpzZ66KeSvXueS5yI9f4K+iKj8w1Ko7FNvOuMoy24
zQ7JXbTMUB5uEEySUVhY5GLfdtL2sqnfrKOqTa/s9Gqqmn2H6x1Sf4RIpc6fwXfD28xf8Jjh4fEV
8IMYg7pxt3T9rhUihQ7WdR7wcBSfBq/p+p4ZV+YJh37NClwYxaA1nnMteyhG6e5dQWv88PPBrttX
zfIetl3z8nO9PKS58Dvfhy/XxEHTjpX2tYdOFrpdL3gbW3A8Lbf33Yhi6XUu8fCzQupHFTP4q43G
6hYBkzS/GLtXx4yabj2c9UNqT6nKgk2B2ZkfOpptB4U8NjqJ8NntLl44bC5zvnRZUiuXjf5qX+SI
UyinRUadVViAlJKboUlT+GPn2fFDcf7mm8tPjMhtKjcOE3kxfzAw8mMe9+ScH5E/3vBNXqxec7o8
E45P2//g2Mynzl+idMR3pn7cv/jhy0X62c6jP5XLxuzxi67RgP71EwP8Z2ZFZ7Ogjv7fHarxf8ny
V6azvB6bbcHoRbHkvWkkb+Tr4SBvaOvoIK/nsMPZVs3dR9LyF/1TGVRJOgW0Jskj7t5TdpAkT73L
08HNW/KX4ZCpXzt4ue/1tHfwmhJi6Oluv9XB21LeUENTUt7Iwcd76nMbfbw3bf39UfS0Z5K8pvvU
x9FFIqQpi8qrurm5e3tZAr9bKBIAoC8g+oL+m9+HRyPW8upTH536516S1D+f/vv4O2KvBT27GbsW
dM3H72v5qyBAZ9EQBAnWEJ6uIZ3V2iBqwd/HiE43LAix6s0gVm/0GE9MbwjCWxa9BzpNQ4hoPyZD
0x0ZXX873bYQanoINfrvU+gQEnrwHImC+goFvUoKKomCikBPZyOhM3MSBZVCQaVQUClUVAo6WCZR
USlUVAp6GBCJikqholKoqBQqKgU9MYeETitI6MPuSTRUCg2VQkOloC09iYZKQU9KINFQKegDkkkw
KgVGpaC0SIJRKehjhEkwKgVGpaBIRYJRKTAqhY5KQTfCkuioFDoqBc3EJDoqBd0tSqKjUuioFDoq
hYFKYaBS0E1DJAYqhYFKYaBSGKgUdGcNiYFKYaBSADKWg8hYEiKDLOEB4RIPedpdD2K8j87kfQw2
uYdMY9USIBOsJZbfMS0BGJft/2R2NLVPvVJZTA0AAO4q6ARfBZbZsasAQTa2BhisWoIQ0VoyeQTI
wNkazfJTmsGsNgYprNpDRHsKxJRNIQobG0M4T4CIjjrK9IIPUACcjbFsD6DpfrqNIVw0UghmAYDC
hF4UGhsbU1gLP0AhmKkA6vTSD1AhnI2x6geg5W+6jSmsuAVQCadbmEl7OhsbU3HVg0owXQE0ZgjH
UzhGAwCGAwCNFb0BGiuAATSiPQVmikaYHX/TcB4BEx11MJNHwDgGBzA8AmBWCgdgXDTCRHsKnSka
6WxIHKDjPIFOdNTRmWofHV/76LiaR8dFIYPomsdgqnkMdjWPgat5DIJrHkhmanLJ+JqH0TPAwNU8
BmvNA8lE979kKpP2bGoeSMY1u2Si5wjAdMIEAZDVxiA6FpneoZNxowWAYOIEmegenEb3/2gJsJIl
SDS9g+D0KANBXJ8OYngPgqxtHoijehAkOvqYqB4E2fR5IIiLMqLpHYSYPAHC9XkghvcgBvYgxNrn
gTi6ByGiPYXCFIUUNn0eCOE8gkJ01FGZ8jEVl49BDOxBbHQEYlQMUljzM0jBRSeV6PxMZcrPVHb5
mYrLz1Si8zONKYfQ8DkEo2EQG6aBNFwuoeLyNY3oXEJjyiU0drmEhsslMNG5hImXQTwvgxgVg9h0
EcT4GcTxMwjjcgrR/Awy8TPIjp9BHD+DRPMzyMTPIJ6fQRw/gzh+BonmZ5CJn0F2/Azi+Bkkmp8h
Jn6G8PwMYvwM4vgZxPEzRDQ/Q0z8DLHjZwjHzxDR/AwBTLeLANzMCMJuK0IA68wIwnE0BBAcfRAA
M2nPZmYEAazRBgGE35GbzngQiGM8CBuMQxhwQxhqQyAr60Eg7uYdSDDrQdB01oMgNqwHgaysB0EE
sx5EYfJrCt6vMfCG/txs/HO3EeNUCBtYQxSc30Os7AdRiPZ7CpPfU9j5PQXn9xSi/Z7K5PdUvN9j
A2sI41QIuwMLUXF+T8X5PZVov6cx+T2Nnd9TcX5PI9rvmUgVouF4BMI4FaKxcglEw/k10QQLwdO5
BILZcAmEI1MIJppL6ExcQsdxCYShNwSzcgkE47iETjSX0Jm4hM6OS+g4Lvmro+RvJSV/a+klKa/r
vMNL0pKE3YPG2mYQozIsgaJ/w3AI+LtMCZt9YjUPwJalANgKAQBL4ACW6gAsNwBYjAHYkgoAWzcB
YMshAGzNA4CtaACwZQvo/BTBJpQINvNDsKkags2nEGwChGAzFASbUiBYf49gHTSC9aAI1uUhWH+E
YB0IgjE9glEzgvEnghEegrESgtEIgtVxBKuUCFZTECxrI1i+Q7CMgmCxiWDej2B+hJCsJae+x71T
3yyVPH32zexjU++x9bbd5e7453vE3EjDwWvq68cyiJ6Dt+2OqbdNuQMr6LFC6l/vIskbGOpJAkpK
f1d3sLzzd4T88ld7b0lLAKatg//D3tXHyHVd9RRBWjZBaggCCVRpEmTWAebN/f5Y2Vs5sd2Y2sHY
pg1YQRrvzmYHz+5sZ2exY4HaRBEIBSmiRW2jIlARIITSCvFZKagpVVSkqoIikCJaoUKpClIoUaBS
CoSPc9+8Nx/v9+6d543zRyX2D+/6zn333HPuOb9zzr3n3SGsJ3vJaPqC20wRfknPMulIae8fjjZ7
o4kJMPr/CRrlxy+cObo9Hu+tdTrj4XCwn/V7461sOHq0s7e51bmysWfdfSudi6Ff0OmLB1fGge7Z
/u7V2ax4alZCmSyUX5SzcoZ++dc7K798VlUgqMiKZYp0geLZzJLuKaUmwhI2ozhx+bzCUo5H3Y2r
vdFsdpuj7tZ4v7NxMApo0lk+x6o7W5Sc0RmjgJAbmhv9phQos8q0uNWZ9+KNXNFqALYwL68y6wiV
uPSZ4CQylRny31yzzNoGsxod7I97vdm8Bv2N3u5+r93f3Roun9qcd7pgc9O5MH/0O/epX/GLn85f
kIXPCp58tuoVF0RifEbRmaVfliRBmm5V+L/jpEx1CxWQoSMiLM5/lzqSUtxkIeqw3GchRVO5NtD/
JcucrbOonJh2MWo2KRSXEooUqWfnk5SaZ6uo9/oFKiMswv79AinnMmXJ/VlG8MlMy9ugzooE7DJh
TFSgMWLVtGCBmCZQDlvNJTEtDOHQMloqQkul/QEjLPOyZchgGflNLnxG7tESjBgdpWVitJIoX/JV
0ir5StOK8pXG7pIv0gZF8UHBl/EyY6oOunNaMf2HY5N6vgpaBV9LaNkYrSSuchpb8pYx5CgpcueG
8JQM3DhyVVLFaHEWI5ZErCljBbWSsTQxH6OVhKySMW2ycIAxZcxYCgVklLEYPkIhWD1jBbWSsSXE
eIxYEjtKzpQkNRczzrQmzxjFKR7V+0bYUVIrOVtCLIaKOg0eBWeSk6LzGWdKZIbxKLEYKupm6FFQ
KzlbQizKWTP4IMwl4y/Rg355HyUVs2jdDD0mpEq20qRiAAwVhPVcEeI64qdki2ZAeXM0BImBh14C
HizzpKwlsZKxNDEeQw+dRI/SP2vC3FBsUvpnwygONdGAR0S1Ywl8TFgrqZWsLSEWwyrYVqtdNE2o
q70tF017kXFdF0pPiEWNbAl8FJwVxArOlhGLcWbS8FFyRrDrnZlyZimuU9F4QMR03yyBj4KzgljJ
2RJiMRQ2jeBDE+yG3YKSM2MyL6MRgYiFH7CjWc9ZQazkbAmxGFqZRhCiCXatmcZVWisKuqMhgYhZ
NVQV1HNWECs5W0IsylkzCKEcKRRylxCiFSevFg0KZAwdocC4nrWCWslamlictWYQQthLspwuWvjF
4plS1KqbQUhBrORsCbFYbAX74XURiCbk9XIWgWjKf5WPBgUyBvu2GYQU1ErOlhCLcpaGkAlnipBX
zoJGzWTmXJxWDPVtIwQpiJV8LaEVg0bbCEAUAa9l0xiEBJiJqIORMcyHc4h6vgpaBWNLaEX5apK/
KHIvzLvpginrKA6PhjsyZtC2EXqU1ErGlhCLctYkf1GEusrNcUb+halotKNiuAhFTfWcFdRKztLE
ZMy/uCbooQh0HQl8ypmWFIlHFUTFcNE1Qo+SWslZmlics0YBiCLrCmVypZUpRglufKslFoC4ZvBR
ECs5W0IspvpQT1a7ZgS6lNTO1kw4SnCj0Y6KirEZgBTUSs6WEIty1ghByLswIjLljGtKcKPRjo7Z
mWuGIAW1krM0sThnTRBEEu4qOdvbUUxQjhsNdnTMcbpGCFJSKzlLE4tyBnWCtXY2ObiaRlaTg6to
sKNjCOIbIUhJrOBsCbE4Z03iD0nAG174KNdMWptZGw0KdMzF+EYIUlIrOVtCLBbG+SYIIgl4zYwv
ozMe38ePxVVQn1nPVk6qZCpNKcpTE+yQBLmezGPKlRYUg0cDAh0Lq3wj7CiplYwtIRblrNHJiyTM
DUUeZVompacg/OaPsnwz8CiolawtIRYzscnlDMt5yw+Y7Yy3/IA5GhOYGORP7oBYzlxBrmQuTU3H
XCeH8t56apRGcD1Tf65INeP6H6c2f1KIh7pszubxIJHPfxFf3dM++XT6DP5Q55AxoOTpc/WCluSZ
F35GS1EQ6eKmF6XV4MB6kmOQchI7mrRmkmTElTNKyyRXYP42pJoVWDh4x6fnbyqqezoJnodav6jJ
iwZn1uVJYSnTQx5LcpHWapHWapm2KJm2qPSB+aFkGrX99Hl5IdNwfkIcE1Bk3rjJCUrcJqJHonz+
wLxGLCpZAsJVuvZEJYtPePq87VBCjZ5a8vR524TY9NShkOqSk4DoeSzXyTIQrpN1IFwnC1C4Tlag
8PRm/eGkGotmeHqzfhG/S6kuwe/oWTBPb9ZPiHGKovOEsiDGKexI5HjR41lulpRVpVXbps3Kps0q
vdF3uCWMuqr0Tt+iVEsIXybVqL+wadW2adV2abNyabNK7xEcTqpRZ+XSzsqlnZVPOyufdlbpHONw
jEa9VTrFmBATlDuFndtSfYTmFFXFz45j3kqwpFkJli5YZEmTntxAEX86XWp8uHrHmLcSPBkBCp6M
AEU6+hTp6FOIBp7yZhmNVnbCrZt1wU5RBFMSW1IFE61zECJpVpMLKBJySZq0SMefAl5QuwVSjXlK
ATduJtxyaZRL3HK0xkLAVW91CGB0Fr5GcYoA1qSO26JlD5PrLOKLINOqrdJmpdJmla7pO9wSxjyl
SNf0FYZRlCpOM6t0rWK05EKka/qK1Dicl/KZvuQnpolCqpjHEOmavkV9KcW4RF+idQlCpz2GXlLi
nvYYOu0x0gVBhyvojnqMdEHQ/O6Gq+xuxA8a4/X4DVB7shU2i8Qne2HRtD9apiBMGrVNGrVNGrVN
GrXTpQSHW8IoaqdrCYoUNS804bMUNa80ufkaCdEkxxCe5VUtpb5IJpJlLVHUbp5jyErmFi9FiiJn
OscQ6RxDpHMMkc4xxBuQY8goaqdzDJHOMUQ6xxDpHEO8ATlG9PRfNMkxyvdHprsMS14giXkMmc4x
ZDrHkOkcQ6ZzDPkG5Bgq5jFk+i3FQ+3dRKtFJE+/GMXTb0bxpElLvuSdrFu/I6aib1bB5dIpqXKT
aeuXSjXmMaRo4jHyoksxJbak6lJFX+Nq8sKfEHZSN1UQE9In66ZiHkOKZJwvRTLOn1whEn9aJuN8
KW99nB+tS5BN3vq7yTg/WtkkmxxjTF5hcLOjhfwdhvgSxlBbNjnHmNSH6SmxSYFYNEiM1v/I9It/
8xGprESkN1+SI9Nv/hXhjPMUW8+2TAXjmeDxyqYocqo0cqo0cqo0cqo0cqbfGzqUJUQrI2T6zaFD
+aNohY5Mvzt0qFg7Wjcj0+8OFcqZV3DNiE1KuOLEosip08ip08hp0shp0siZfungcPoSRc70OweL
yDndOkwjZ7SQRqbTSJlOI6VNxtrSJmNtma5YPpxUo6idrlguULsoMS+J5TXmJmqF0RIeOV+xXCMX
l461XTrWdslYe47N+7v7vXBZTbjYZNTvjSZ8h5aVzqndjeFmf/fRlpzcszhlJPTh89TgzpLiyc7J
/tZWb9Tb3ejtXw5lCp29cLXOoLc1nvw16j+6PX5kNtTcarPW5fyWllbn4Z/4yVZbhUt6WrsHgwGJ
lic+E63Lk0typh9apzNWfixbl6WKf6xal4tbdOo/1zWfK5uFG3OKHgZ7KCcySehDIWvRyYZKPhkn
4/Bz4ynJE5SE+7KTp06TG33qB6FZQAcjZWZmk6U86HJxC1BkDIEdtKcoSSpPeFn2IqkWlwdFhlE1
HRblxjV24V5kwgmKrKe9gnhtYn25xQ7FMJrS/rJXELBL6AEPwvUJ4QqGHUR4MU8a5abTFSTf4lak
yDBBXSfXJEU6SOxglMmE9UxP+SHNulzcrhQZRtd0WFwASjugiwhVIbTes042XOKT0FzhsINxKuOc
h5chyl4ee2lGIYe2FHNPbZVhr2JG3E5tSQYZ64SMpcAOE5M0eo6YxF6UXWfSC4q8pr2CoG1C0FJj
By1FZq2ngLPsZLBTfqGPY2bGl8VOE03mody97BXkndJkGUSd0mTFajoIijWVsmwKqxQLXpYpTSYE
xg6LGqYC+PIETChV06EyhsYuWpHdeebYVMDKYC8RXi4VJuyYlL1IwsWdYJH5OOyAyqx8TS8SINNG
ejP1HAx7KU28ccnMdEqaY6+JFnIzWwwtsJdgKnOe+7mxcl+XELdWNR0Wxa01dgF11gY7KWbI0Xg5
c8w6SNskpK0ddkBp6yBtm9Bnw7CD8or02TJdzGYuDKsGmOXVbLO47eFzZ8vvX+XauvX14utLj739
+l6482vcutJ7tL97fPXl555fbfU3j6++W59j5/Ye6G33H7wx6l288dCljRtXN/zm6tvX6akuUe61
r3f32lv517jut3r7G8fvfeDC2dP3hg7X167v7O3QNFrXdwa7+2vXj6/mj6zR36G5s9rKu4yvHl99
+Nz5VrjZ62p/3KKkKeNtLn+4tTXq7vSuDUdXWzwzqzTkaHNr7cLJ08WA9L/jq8UFXNeuXcuuyfzq
Le697zBBPqlNPdr7j+2Ou9fbu/vfv1o81394+tjufpbPKdsY7nT6D3dI2zslIQp8N0b9vXF/uNsK
/+9eGR6Mj69eMVtdZoRtmy1p2pz3em1GP23mDGP2iuOGs5LS3twMF0iFa8souidax+jPtfOj4ebB
Rm+0/o7zZ1vv2B7ujyekWz5j4lhnoctK/sQ7e4+RYDb314/eN/l82rByrFOZ/a3jh1arnh/SgkJ2
x6jP2jkKm7ceO9kd99YF47LNWZvbS1ysabHG7A8x+pcd61R6ruSPPkA6Oe41eXSu59yjw9El0qP1
7fHOQOztt36G9DIwTJMj9R537dyzRdc3Ul7dvXPn0hLb2Ql2EPqtnRxuHOz0dsdnTjak0rl1M93c
mE5z72A0mNz8t9HpDXphRvs0VU7z3NxY2xqOdro0eHdvb9Df6AaaQf9o4enDcX886K3nczoxGE/+
GPQDibVBd/fR46vX25u9re7BYLy6nt8r2N7uDgbdnSvdq71Re2/U39/ZGw2HW+38Pj2abavdOn/h
zMVzrfOhuXUpNLdIZ3qDyaoN+sXy5eQ6synQXxuTNZ7M4mLvPeV0cpNZeDj/sDP/CP29OacQNzHE
wmM1mtUpMCz8OUXI9ZXWLfq5dQPN3AL5mOOr1wLo96rfeT23l1QC1NE6DLtvpZObHMkgGOzRk2vB
uDnjlgstcrteZWyVutHiLulR2O7RqIlTnxMH423qQn+VuBj+Jk/4072NcfjzUlCTo69TB++b+t/r
o97WCmtJ51fY9CfcYkVx9FZr0qaFDcFF/slu0WZVfp640KZFfkK50KaE09U2+gnvwyy2UerpYDwn
qm2WKQdzYVJWx6NnTbWfpulhG6/pl8d2lTblgAalmgzbbLWNRBW2fCv8Gl7ljVFGDDKQliENK5FG
XnlZHc8ADZFfYF8dzyANF/Y4K23eQptirNqmpII5E13QISa0A7qKyRoaMBclddgProxnkK7Kvy6x
Op5HGoJV10ir/Gy40qZEVZ8p/UGZKlPDh1WgQ6RWSMMDb5qyc5CVzi+GrrTlpRmVNon80oBgv9qA
Xep816za5iTIQHsJdA1TQNeEVxSrbfkXDFXa8hSi0hZe5aq2hV2lalvIm6ttjsOcjRcgU3oUZGo5
8mYF8mbzE45Km0LerEberEHeKMkD3qxH3hzjwIfjgC/a5V8KV2nLv/Kh0qYU0HVaI11jQKaUKeJc
HOqp86invsYuvUA99RL11CvUU68Rx71RwIe34KPIGyEmeg++IgSkVT4My9/3qLTlX9tTaVOwloZp
huOFPblqm4W1NMxJbPOAORQ9gw0azkFPDc+L5yptEvFe5W9iLLQR7nrweYSdNeOBbVEbyJk00kDM
oBTYYFAO5Bf9EcEQypl8Ms4P8Y/adJWGUtpUdY3lG7eVNsMhfqHxHNJ1sObELWATpUlg+8wa8Pum
JrYw3KMeiLADCm0e+fUQSxFdj3PxAnRccNQDwUFWipYI1tx6wCbmJcyPxgN8MaLGBoVi+KwCOyIX
D5hNpgVrxLzRoGtCQfxCbRDvKgouIFb2xlbbOGeoLwJjEHKraFsUy+NcLGBYUGeky8FmOJcQAxvh
GM7FQT9Fzqw6FxoPfAoX6D9oPJCLER7iSSMZ2pvkIHsjBchPEeBX15wLDzkOZXvgZ2g88B/U5iE/
CqCD40G+wCmeRD4k2pZUsG5GalwjClVwLhL8INHF+VEKhvwa9GXSgFxUfuRTHc9z4NcoyBdoPMQm
aSG+J62HWJ7YAB9FNNC2KHZEGg59CuVHgBHGgY+i8QS0kXnUzBlsgbJLiH2M4hD7UJuCuVgGPopc
CjzLnUS/oDjkeRQ1ge2TO4JciMYD303WVsObQH1WdXORYPuURrGq/CgCAX8kGIeYldQK/CW1Ae4q
q4EPGg90TXCLvjY4amjTDuxSob8klQSZKms1zIVSv+qzQjABekWM4FysA7skP13VDRpPVW1BSI0+
VDmwX6M8zkWHL1CptnGQfYCIaj8iAeMJiXsoQuJ+k9EC9IXaIO9RToCvoPFgLkLXxKxagO0bnVdX
VdoUyN5Q8oxyseBnqA3kRxkx+CiaH/geoTFPpvEgZqU2iNtVTZ4nKJEH3bC8hg8HehVSdpCLYRDX
EVXUXcNRd51D+7CiZn6YLxiD/cLVUBDvUtoNcrYKbF/UzIXGwzzKSIhtybuB7A0JBuViOcrFgvyC
CcK6OQc4RFFJjQws6q5xECsrj3tLNB74y3DGXjMe5qumJl81HuRHWg9+gTJT8JcyJAfV8SzuWVIb
2LTyuF9H44FtSaHRp9BUkC7HvQIrcK/ASsA15TGvJbqAB1JYjJEs7r1SG+69Mg6YQ+OBnkrK7QGb
rIL9NUOuB+ViME+hfBXngrGyVAL2YyX5btAXykNxLhZiZR0yEBwP4jpCU7QF8slgl5TGg11SigNz
cQzzFFezL+AE7k8G5MD5gU+WBvf5aTz0jS5/67BCw8GzNB7ktRR6o+463DMny8c8xWnMUxyepxiH
Z0+GMBbsyHnMsZ3HMyXOQAbSYr4aUgiYs8e9YWpD3eUCchwaD9fNa4jRaTzUXZ9fPlJpk5hjewW4
YbwWIBeii3JREF/R/CAPkN4h1nmNuusN6i7HfjQe6IHiEn2eN6i7Hs+tjMdzP8r8QH4UYmJewSX4
eMVRVjQe6q6vObPh6MtoPKQrNMYH3kO8RhEh5NiWCcBdasM9boE+meiC71bCwdkijQd5D7lLyJMp
c4Y4woqF/bDxqNsf9EYr4btWL/ZvhG9s9a3OheFw3OKTgrEzu1vDVvH91mdOti4fU6fcaSNOqfu9
IhCyJ9wD9/NTJ8lTndLMnxB2fXmPR8LXe+6Pu6NxftxNXt2ylSNHTv3o6ZXb/v/nm/CnLH8YbfZ7
7b3eaK+7v98eDw82tvfHw91QLZTtbW69Phq5FSoVfnOr2fxv+pGU2/HbuBAyHA9S2HBb+NSw21rs
1rCY/jkI2txq3dYbXHtsdzPeb9nn36Q/R86fPN3mmVo58uf/8vRvrMy9i1PUieZf/Nw5nZd3tjqn
B6Herrcx3OzlQJAXAl3/1Y+9653DL7q3fvKld995o3/HC79/5D/uefWDv33Gfsp85Nx3fP33/vnx
D24/831nLj342V98+mudLz1z13+ffWLrr154/MjFv7Ff+tl///Lb7vz0W27/+isvPrvyn/buo4O3
vunnzt71S7f3P3z24oOn/+7Ave0Hund+4JVfyU7f/tT77vr7r/7B83/2oX994neee/VDzz7xtHzy
1758v/ves3d/uP3EX2x+692v/foL3fc/1H3Xt7388d987sWvfvcn/+FDv3vHNwbjL37qqf/duue1
e85+/Cv/9bfPn/iuX/jH7fd94r23v5xdXT3XfuTlD9x1x6v/s/MnF/5JvPmlJ69+7c2fePZ7vnDp
0/c98tS/PXb3e3sP/eVvPb5941teaf3IW1567aM/dvrez/Q3Ln37ez739M9/4+gzT/bf/8Ln3vTQ
R3/5M+JP/3rnj//woRe/8/M/+JXPbn3sj7a/8MRPff7/2PsSeCi7Nu42lJL2TWUKRTFmX5CyJans
ypIaDCbDMDP2NkoqSdnaaLEVohCtSgtFpVBZW2jRIimV0vade5kxDNLzPs/7fN/3e/W+j5q57+tc
1znXubZzzv/kx55co3RkdNyJ2KzYSkklnbvrrh9cvTc6vEDpzV095Ssv3474LLnJyVG53tzmhs8D
6xxf021k53O+uvf9I0tVki/gzoXcbKuRWPvh266Mhtjr8WWtHkkvMp327Pd1mHNeP/t96OJnOXYl
peStsaYpe/eMeTEmdpdXyvIc3WCj5UO2SyYrpc7wjnEolP88u414TlXFeKp2CT+Xkr5CY0GF9fKo
zfyXcVK1HTpl92svmx/OCh29V4qucJJDrLS9Pl8Td1QnJuXi48Mv7dUsZ9XPspzAfMh488AmtMWj
4aKGWdOkYcOrFrpW1N4dvM7Cc9t5nTtGTK7uvY2l9XlbJY5FHM9sJvnd+fr2yPSgS3dKDp6UDrus
9KupIkiBJ/vR/fPsG4SwqcHLlQe+Niwq1VCW/LxgujbRfNcZ9cuxsvvYK1qypOeNuWK+jv/qSvqm
k4r3bxdNVhrb4jdJ1y5qzfYL12PN7xnMld527W5yTenmEwlVEsyZBjOmh3pPnR2ffZQXjqspfs0g
f1l88taqU5OobQ9aFu/rCHsWsXCCJd/k/susRL/YW7YzXesm3BifYTT1tMSEW35Yk6UPQtNTnrUT
V1qpJWYaSTobzZRbvLHY7ShxZY7E+fwbsptcrMzkNX/GHpCX2LXu58y5BScuM+qG2Ge/vWC+03ih
32X9oPB81W0DwrLKcGq489t+LNyqXCPN+LjYQ26a9vxDEhukHqq26il2PNZT3J/MIE3TiVrY4EVr
MPrwvnnKLJXbwZmhjydZeJNGSnkHrg6+Pw/XKoe9dtWINmVew5WP9+0XGWq5tKttHvIoPGnG/Fce
RIWmFdMWyrdV8iVMzu5551LYiDFJu0aZHKgVqpK5uSB0uAfOaL1px/drxetTppGlGs4FFqXu0HvM
TbryM4Wl4XtVv6N+7RLdqU3pnwYPzng4uug4ecsa/vmbegFVuNzy7xkpTuNSk/n6R1P3xjpoVK19
2c4LlghLeGG939To9NA8lQ6tkx6PLZovWReG+Vs/jX+YVC6hdXnsxHkBRoX76g9WzDVLjz8fXTh0
3rH0TP+R6VJrPDxZh4ZqjJc2GOuqW/eMNHbZSRtKyo2XI498rH9tbr5834l1Y5qLHswodDlFszIa
8VaJqmAVLiknPf3csR9Oemsy1zZvNrAbvq3C5cMX1btLdy3x/smIbl7SllxY9ajV7NSbo6FHGn68
OLZOu3L2u/Gf9UrCdAu3+fjPeTa2sMbXwenD3FmUyaFP39OY9S2jvl2rKTtEisTIe3xrmnJdXv+x
37CVT9o3aH/weSq2pVFw5BBkH5SermAWbKGn9sc23rYx49QtHLG+/cQTu+UYM3ZJ3PGCEUZ1HhLn
1IxlmhnVV20Sk92VEgL9ct5c/7wnUqskv9lHIq70RiPGN1lz+td1igYV8qtf315deuLnvLRZVNnR
z1wIg9e/WpuzF1uAcdA9+fJR03ut1rVbr+x9TFqWM+xd/OWrJj+kaj8yCDzHIxuM55yx2/1yL9Y/
nDW1cM4BvmEZJvHxjfYQ5oiMNR+maa0qOHDBdun6Q/ygoLOVhiUrrzmMU0uor8ozWJlUsD7NwIXx
hRdZe8w25qS5h/mkjDVaZ2UvKVlnmm2anyBx3GFUwE1MK+PTlo8S/kf2J8QFMBosPtSohVSdsJ5/
ZfHp4pBjFicldJ8uw2MsjmfeUkzFjHgc8JNNaCvwokS0D7KIPTU+c1B5rS7r6cD6OKUzxBHBnqYc
3Ce3pEutax/LfpZbHkq6/vBjzak3fntXnJR2+zTwAefwTVk9zvSvo7BNj9gvNNnvHOr1Tk0NP7Na
oz3kVeOzzYO3G64+NNl/01nlr9Xu84fWH3wzOCpt8DOHjAhSlPeGQvMVNk07QqM/5FwvObmZKKkd
sdl6qu/3zeO0CzZNfEB5/Lh+Rf7A8mg3osmr76kxwx5InmAmpJUf/jhYe4P/d9dd5NVx2cuP1TL2
S4cfzhl5I/Sdb/zgmlPu5rsGJM+bk+Qx2FCh/YK62STFqvpF9TmmHbN/SF/cdndvHvPs+debVkup
7Ne/Sb6yLC/w3Zslml/P3ydk7yzKPCWxirVoQ+NW5uhDR1/HFxUtPm6cH9kYwx3wpvKt3LZGZnNR
rtewcLfFsyRHPqtZMaTlh6ty/JNU51SrWo0lAy78+hJSOfWbTL66i7H6jomzX39VmNUq8fUtv/bo
xvf3tE0po+bvr5UqlbwyrG1VTKzce9oVrG6NEtu19MXwOeNcJiaxMdqTEnKCva58j9Q9E6astJd8
NHfKBn/bUixD02LCF4dVSitDspM+fn25eRqTF3GvaoVlSY2TUvvmtdPy5GKxh15/wl2ctGrw+/Dy
YXJDZ9947FixhuX33Y1iOcm9fN7zQzuygwOTzCkRWovPwE1NhZrCzvPcULBu6sqJiezDj9y+hion
LawKbypPUZbbHlmcylaOb3P8cNG6bkxlfexTE4fAEfflYnNS3kno+ONLJRsN3X1lY2Q2j30hu/dI
sYZO269jE8JeRyy2mRS0+1K1he+bF9Pu1TxOVSEHROJ+DkqVteSnrrrTtPs8b91LQuVou4vKjUaS
CZqHKgvU89cuC9+1x2xcgpvO50v5pqYmBcX6VtXtb0+aDFiUSRifZ2VnW2O63P78iGUSFlmUY282
uFcNz9bBLTIe8qn5IW7h80Xrzkse5+12KnWSmHOJcmWRrV2arW1KQH1izsXHj0yebByXUXvu0KxW
rzeehmrzaopvvlc4/fnHptD9nxda1MU0Yyw6lpR9sp2k0a5fa0WVxmU+OqxqrDN6yLZ7RnY+V0N/
FN6+jbFMKG2Jz08Nm8wevm/c3SlzZjKMz8/QU9Xx3UTaPUNZJpF1amaCv7Ojlfq2/DM60ip5Vh0F
VbKNO55bzT5XnUjGzLnPnZ56Ufce5vj4km8O5vN312zNKfIsC5EKenhs8ylvU5+4ZhOtEfzPK5Je
qh1ZsWZzPmF3xOAbmvJjpBNOL5vUrrHyPG/B1ibV78mrbkaFnyKu2xtgo6ARFzTBbbxN0Vi5FM1V
dbKskbmmxSaTNcxHZPBD4sqODZ1mfGCfh4ObVeJiqsTror0J2StGj9AqMdq2zsHf9IZioj4n+eyy
a7llW6db3twd9Ez7YtgVkxeDV0W0nNbjlKrcG+FW0nJUWftm837XrYsP6FKmLt+7tYAzfUHUKmkv
Q52FMaZbLY43TPhgnqmiHq8/0Tt6XN4cK2y5PT07Z821u+93qjy59o7FkTc8uviDTPn7B2dXz+Dn
yd8d76EUbzzMN87jyFb7kb8sPZ1rpbkjzkna3Y97FTBUQ2vKuG9n0occ3bvYNCrd9qZjS4xaPWk3
NtvO3DRKzu/rLnbdN+Lk2uehDqZ++xtvnWbWl/ya4/vIPiNTk3nbwnQuvzZF31ZZxdD6GI+/4KXe
5zTlgXbJ/DXOJe3mEw8MsU+ccn1L7uOz51LtrZyoLdHxdSrPAulpx+w7Vr7ryM5YFDi2ek7J2YON
JaznIRXrPEapXcAlR22p+bWPH+u6yv/MoeXyckYHnsRVrBx2cUPRKo9bv7Kb7wRpyH+/tJOxp/Lx
pYHnnEwsxZyWEF0JTyGQBR+K4oqgXgu+rPv3Ef3ypbw6yqiCN8tXr2URFXI7Tqpm7NlRmZzpun/W
0vuvjlQOHqJmYKm4YPDhcZ+q2tUW3M1JeHG3uGxzx4AJ5zmPg4Y/DjfCjx/78+2h9Mnr2hgqvutJ
47+/8U0qepa694TntbW7Dy7PyAjAj735Zvz8qRGlo9/Fb5ed/1H95Kv1pAiGwS/TCP+8hS/HaytP
iL5vf/ymmQZ3TtyX0/Hj2w7ErqAmnSgK/7QqifqmXD3p1OlIza8m3hMzHM9e2Ob9bgnGVdn+om/O
iMbvTfPonIjjRbW+6R8uTwn8WOB/NOThrrG5JfyfygW/bD6zbY9nTcAXfJ04N8jm1uzwoqQnoaMu
LScMfWtw0lHPMXzMqg/b9lRd6FijgnUNd6QcmHFvwrxRjit339i1LbVN59ji/dO8BxhezHO5qW7H
lXr1KVjfKWLkA1Zu+NHdCjvnJ4yvqhym8c1iR62G3PGcvImx1w4+eWYtdbu6anb5otzY4FETXd+k
ZqbNGKu4QZ2tQsqpoU9bpn5xiuPu7Y8dk0wfxASGy9g+WKFIWTmqeIuhWd7YhKPeWgPUR+VFhi6I
LW+fZrAxOZ3kHTieYaa6Xq+UophcvcgkT1LnpVN4pZOvgfxzNfzCWiq+NI42z8z2tIJfo3RMkrbO
oSRuQtn0XdMrmq+y0zLfbsvf4bRBa3ubctlApqGukSHz+i7vhlcKDk8GJz61ePYwLDFHf6T25bAl
+ze7LOWql9+8bXTh59eqSUWO0U8NlnU80RivYXg2S5Z/l7/j5tSV5z6OnDF5YeEg7BN7+UvtsxWD
OyJjrWMxClSfsuesTf5f71a2eWpL1mPclz0bzvLMjt+4u005PEM982zbk5eP1G4q0I0nxT/PTQ8y
OKp8fNEF0xrP5SktoTy6dou5+pLIR/V+YKpubolyG0yUqNMK2zpj9Fu3h+tVWwb4TzOaH6/rInUw
acBxx6/VFyPNzo65YD3NnGizBNs0bDdzgle4vGIkMdNpjOwRLbMJ5zdbdmjUjL8Rl9Lk92RYlOcz
7ck3M4NbFYMGDzcm7bNvZsd+ftz4dgBrzo9GzWGbRmkGjAm6vWPspbfVYxIHtk5vYBp9evXcQP41
ljkjYn6x/XusTVPRtu9FtCuZA6hNKQ3q+rfWPZl79v4TzVLprZ+SJY7/ujPnMEc+6KD6wdQj6w49
DM2eWFKYb1maNbJA7tuIrbTX51xcG249135xZveaQ3NK/A2Wb9dczbKXsEi69t6oKJY99pHfDuqU
kGKWwsrPDikJr6fIzxzj1Gz0GZ/MPbWy4LliMu3k1+DjD5pbN47lBbuWhS9e8/DlqLP84zeSU4e4
uw94EKZzIr+o7dHFuqmn3q5dt32r14fdcyV9HQuq6ocPkJkffPnbrpUqhuseKdTkjxoo925l4tn0
43cmv88c0MxKCW9R3Dd/XuycYZLObnNG5B5LWBk3MZl/dwDGev2ObYM+DFRYUCHpoP3ySuO6pF/T
Pw67HrZgr6LbCg+rRNkoeqlFVinrUlj1R530sRO9sh5cHDHt4PjCHLeSnIOTNIeVbpxktj3bxuZY
Aidv+6ZJO4womTVpbw4HqGPIl1mOjRfztJN3nlwXEaQsxefOapq8YK/9FonBl7WdAtJJCQ0z22+5
kE5frp436sCiZWk5a+R1WqbU3/7yzGeztc67AzoyW95pDozbcocedfuV7GrZ4qGzrKdVR5ssZ61Y
+NVQUsve++SQtR1DFDjzVmn4x3Nw96+zDrls+HJNedJsKTBmKo+sfoZGlyWecFtYMTd9Y1WhoY2/
f5t++IqKO883r16VsmNA1bizD4N+rLD8vPWo3NGZbWoK3Pf1cW0R7meav5ZNG5rQQDx7IRNrnFkd
cXDMjtCHj3W5swr3V+Wmlo+QSimudAzc9z70y8Gm4a5X2s+3fd2X2HqtwdZKbV28FmuId9vc9Lr1
Ws+3bzF+pmdjs+Y57sje+P0JD18Mk4z8FOjaalqroPuReWwy3+/MfJkh2x++DBt3khH5Si+Y4896
eqyhxC3yff4Z+3FVVVXU7OvzF/u/iZ5Pa7xzIFJtRE24Hf/ShNyavb9+ngnMb45sXxt74NdXL8Pa
hl8bBtAuGamI+RCSAMIGT8bjBR+KouuiPgRGlPq9D7Gq21mJG7XuzvJbdTlj3Lms/VtmSx9frXRN
t0T2TIkifmlz1ttTc1bdqTbag9XFqLHSqyPmNTmXxXvLY5xHb27ZX5wj6+BBcFsyKvg8f2xyw3al
r9JR/KkTv85k4J1v1stM2aThtXs0W3vJWOnAoTNlh1eafm7Nx7yMn36SdGus8uvVyTswSZwJuc6x
euVS6k/OfZleP+Fy1eodCV5XXRtS6TdzYq8XRE/I0w9qc2irvfK8afiaJMV3h031aqZkKGrbhH2r
SFdbs/WqcsCHwF/7fKdmr93dUWXsaqzpZLQ31aRwciFVVUqtedgjFZZ+6H47HeL1wFz+6PARno0x
Rd5LvMbfH3jYLTR4caxeZMUgqmQeebWd55GmnEbrV2NXSCQ+9nvZvpc4XMI2ZWrguFzmOHOP+QG3
FD5M8yLsrBk771zrvNeDqY0bV0uuW1DuYx/3ZczWQZtDC6yDmF6KFy9+UE6JIivNyHySkNRml1YY
Mfvo0PCUm7L5K9IPrrAdksY30a03m5VgNnbX5P2St+lzT3vcnDfPoFYh8btCbGJEoK5p0NzA904x
YxUdn5sf9RqjN5y8t0W/Ji769YrLn58FlK1fe+vYO6lXw0a84rGtwnY8cMmpjar1z14RSFVtyq9V
OmPh/yPgx9oDn9Ya5sVt1w+atJZl+XaGK/tCzMhc3I7vw115Gd7Dlq05fjPB8vrIjOKUdnWlUV9W
26UkyD8vq4k6Lpv32u3iWOd5MWvcbJtwEVLBhguyShhSGlfKdH898FY8VGDpv3B5+aGBCXinhuW8
N/7Dlml4nkz9fKTse/hm9xMPY4N9rMqHPfXTzopcM+5esPzZrCHLIvzqeOUFvnf2LbC7xKrnLHz7
xTh1S8v8geETKjXEtFuIg0YhCZWbIq7clH4pN3Pn/OFXFowoal+7nTrnRsCGukfHTPn3uAdoMYHz
5kyofdN4vX3NeXLw9+kzAkqGlg35Ej/3wMGdVjtxuwvj8bsaJCzyNxKG593fbvRsX8LoeXkf/Rb4
2BjYTjFSDTSofNoclbdUxuWMlZea2mwJbrDqxFuFn06df/D+fgA76fvIlR/HLtNr1t71YUBJ6KMd
8zx9Wu/eKQiyePXy4HrptJ8Dfr7E2YpXNAjCiU0XTvZucAGmDFcIM8CZxdDl+CPgT2Q6GQIkWimt
bs7hg27A4MBTXKYnH0NE1pXMmTyOD9eJyUNOfzpZMPl26qb6CzHqlkx/PnjPwJ9vaAG/ikdfgRCZ
MPCNYebQYhKCTMWzQ4CGpGE4U/ALHoOV6nrgYejwMYYseF4Q7XYHY/uHuSfhRLgn4cW4pyFsw8gR
0gTkYQLyGILhJI2AIEkTEMkJiEAwQCb4RUV+IVQICBUEwEaaiFAhIlQQqAxpBPhJGoFEkiYiVIgI
FSJCBQZuFO1CPKVbH4piEv5X+pAm2of07n1IQoQhIWwiSE0i7CPoOSLsi1089Q+zTxZlnyzGPhmh
SEZGhowIQ0aEIXcXhozvJowYyvw/LAxFdDZSOmejkENKdw47M0kMzCEGZpGHUTdmOfMwdtIIDTw6
iIi2khEVpiC/VmIgbDao80Qncle5wSMMPoPNcRWQR/mEIOh4GHQEBMAmGEp3lRaDbxMILK1uYroU
gxe5mxHTB0AenkrBQieTkGtrMQQ8FQttUESure0BIE8HULEyN1JG4RMgGBMelsXku8AgChDSh6OT
F5UGnT+HnoM6upcbB/viikCiYKE7CQVc0ShYaHvRf8gV/fdc9X3rLhWHJQmv6CRjSCQS0lnwHZ09
gcB24wsaST4XwhngdnIHr0vz1J18uJCCq/+ex77vWur7qqW/H5mx1zvl+sRlhO7LgDZ2C+5ahIG0
gD3s/a7Fv0vxCH1OBzoJS4Vub6aQKVjoIgcigQTd+gqmHxVoYE/Qu935ggATmMxOztgsJ6Ynj6nG
8nTh/J65PmeF4EZaMmCGTiMLb6QlU8HA9X5BZe/XC/XVGAQmC90nImgMvSH2N231egNHn1i5QsEg
LD4qqVMwCgVL7wM3utcbW/olGNqYQLC+2+pVsD6hcoWCQTBmQJ2EgpFJYE71iuTc670UfcLVCgVD
GxMI1ndbvV+40S/BULB2oWB9g7X3egdGn3ZJKBjamECwvtvqVbA+DZNQMBRLWSgYjKX8x5ejEvu0
NkLB0MYEgvXdVq+wzf0zHjgS0PNOufCgyd5hm3u9iJXYP+OBNCaQq++2ekeB749c8HVPIooI3fbU
Kwh8r9eu9n0RmUAstC2BWH021atU/TIcAuRigVi/QS7u9YbXvq8IEMqFtoYK9pvGepXsN/fTo22h
dzsJ2ur7aqde2+rPRWAoZr8Q/RnG7O/1ppVe8d7//mvAenNgfV9y3Pcdx6Q+9eqvgW/3xmZ/0NPx
dCx0HYqwKWDDab3fztCb5+vP7XJIpEIRNoWEKr2Oc2++qMsVA+Kd3ydwer+uBPizzu9N8/tzIcAf
dn5vTqw/1wEIbuEQAtfDt3D8+QXf5H7olCByEw5036Fbr8ae3A+lQm4R7JTrN7cI9mqAyX1qFblP
rer7Qrm+75P7U9h4+BrpXlHjKd014V8Gjcf3ASlLFPsaRe6ldWKgk8SeEQPPJgMO+oAup4h/TSQB
CkIIYarYA2QaEUvohJWnAZ+I670BuvjXXRuAEOO7PYECGdM6G4Ew47s9RKbisBQ8tBddFDe++0Mw
vncnJaE+i92c0TcEL+DofxC8fw2Cl+ZIgwDfCGpUPN5ZBNiURsURcDiGC9OJ6fj/EgTvn8jzn0Dw
0i0JBA0yRYNM/2MI3p5f/ZcgeP+ov/4yBG+/WvkNBO+fcPrvQfD2fv4Ho4bRwYBveBxPBhvT+RUG
8IBxZvGcfHjQ2PIwHBfoMV8Gj+XLxEB0oN8eHE8WGGLgDP+H1tszyO7fRui/g9ZLJxAgpMg+0HrF
nvgH0Hr/eXUVA/alUJFzmMgJzK64vtCBdTE8IKI4RhoEwCCGI0umiJ0rxvWI6yuOCQwd9BbD78Hj
xc6X43Hi57ehA9JiuILUHvB1qeJ4rjgqURwPl0rsQTZaD1i6RDFcHhwQTZweSQyzGEcli529xVEp
YmfncVSaGN4OjkoXwxnA0XBieCw4Gl4MdxNHI4jhTeBoRPF2e8CQgaDWxXihieOO4Gg08X6h0cVx
Cuni+Bo4Ol7sfDSOThCXl04Uw1TB0Uli57xxPZxXx9Ep4hiCdKoYTg2OThPHsKT3IAcEJimuB2IY
IzgSRQzzANATkwMPzS6xz8RxpvA4ghhmBB5HFMd+pBDFzqYDXsQxE8lEMexH6BireBvimDl4HFkc
nw5CuRH7TBwLFg+USAxDECiH+Dwni2HDwEDV4nZIDMsF0BPTNTykCGI2BydGD98Vh1zsvDqF+pvj
6gSigZ4+gUrBGSyk6lH18Xo6uIU0CCqNTiTp0wzo2r9/ottxdTyRgiP+77i66A/qUDkuLh4MTzU+
N4DP5qnh8P/5oW+RH1gJez3/TSKDEYPOfxOoEBQ5Hj8A+D4Sify/89//jZ+/5/x3nvC0SPOzKOdZ
iQbmp5Lr468ZEZ+eyco8FbZMdtQwo61GIQMX3NSovXSBM/D11Rxi9DJ7G4XFiiflOY8vhl6qxGxn
FW54SD4RaLhHwbbaYcl31wkFbNzOipK9Far2YdGMKUokjYOtRTceXWhSu/v8aMtwyrp3RQ1BfiVz
A6mhr4Z56tesjqrgPxqOdZrSMG9xIl/rCOt+kA/24eID7h3D5dMd7s5Oqtuy/rPP6HJOoPYJ/R+B
HZkTZ5d7a218mPso405edGpc1q/LW89+Y23y/xHgveydj0eed3qmw6UR+a91JzgneGWuM16+7F4o
LjQlbfTXT5GqPw5qzove0tgso7SJxrQ7ejqCMIaybErS4u3Xf5aPiqwwIy2rvGZ4yTXJO938QVr8
sjf1x99bVN2zLV4T6GuwfI1ZeNSGtP315hVhbXMn1YU1GjaM37Fkw+TWN5q5vilvZR2bl+UoG0Xd
e6e9zyZMcZpU5NJV+gWpMmecU87uLh7DxtyxJ5qWGeZUbPbI8xigkOPhPjlxT9GB6w0Dl9ZqH43l
GpepzdTQScVdsF0zJgCbGRt3POvZg9hVc1++eW4z8ZCd9MjDpme9Vlxo2tPCPuCUnTLRuGn/afWW
NPPwlKTiRTsfsWwxSqur99V+qbbZm7dTWs3jR0X5EqeUx7HqBgW7pq+9dtmP8vM0XiXcOfVM4T7P
U+OVtuXcm3t+E0F9fHwN9d7QUeocY0YpOfMZe+xS/5bs9CHHnu4eHX5y2LLhq6/dP2r+xv3jKE8b
leCEEcHY5+eI4yviTkfceki5eXZL3rymU/ceZI82s11KNGqUdCg6HjMgb1dq7vjXH++3ZScdohbR
xz4a76Q98cHXUfpLr9BtgotWqPv7uUrF5t1ir7o0CrNV3WgwlzI7S6lCsv2w7ILCyfdXzNpPCT2h
65pqSqmiXt5z4vnOmLg1b31t9KW0Ln0okJkVprFu9/3i1F/rDs8+41RnkzK1chDjVl2O8/JF08xe
EEYRvV5tbF5dGNFoX0DUmp/w+edLCe9mS/LPO+lTIovNtErc9kYk0qYHsta1/wxZ6DShODNs1d23
ito7JUu+BEuZFEuNXD8j1Jm2Pad527hZd+Ku0Np4ro/1rhV/M9L6aNJht3DcRWvZjJ0viMfY1DTp
hNOxHKOY3fvyPZ5XBh5ZoyJjPW2nUmr0yaqPZnK7nrW0vfr4dF5Hk73mZGU5S+Zli1G3FR4c+bHA
HTf9Q+7umOs6W/VAq7stHdXD9p4u9lJgL/dJPXev0O3MBopGcfkk/9RoBulG8XSW+jlDw9AFSe/v
xcwyr7it4DHBcP24miTstaSmOV9GhU180bx+0pEnKjsx35+5SrdsqtPrkGzLf/kxZ8zp9DVzi6vS
7dIxFONv+uWb1pywMayTHLV6RCPpfszMJg4uxdV6T4XsPh/DkIJa3dOvIwJzVRNPHSoYmmZL0jLf
MeYW5rZFg/eYuO9br2LqWo9e4TarFOQ7bla5M9/GJ2uTuZN5R+7kjzLaE2j51S+Lgtk/F8gvlw5U
/mETdvi1rKymasGJR29cPC6Ubfq+Rq665fPK9e9Mll5bGrLJ2j0hbLdd5uUjmyQsxxca3h6/Wu+U
SelbSYMxmXZrrq70Dqm+IFtcJM/YfpV10sj9vObQn9SDewvf7KtVpGvv3JI0pFb6lVzyr01rjg4e
WocJesIIbxxZvSeu7JlujM6IynvvXnF2jyjwzpaz35Mzbv3mwcM5z69uyTDx+tWy7+7+qWEd16IV
Fxe/v3iMtky3NOFwzGpLD+Yqxsz5cnFGpQO1WjfcuT3Du0NCnU/byPPTkx0UY9N4eqpuzancKJOt
axvfVzpFrsG8NFCR6Ki+Iae0nD1u/vZ1m3N1SFNHEiO92mXvPm1b136iWKdtnu3ndomRu8f9ys2o
GHTo1yDv603Pez+xTqSTetrWJqg40/tjzYts6rjAmq+rWt78Ren2jlsf5mwP4GE9CE8Vs1K0+YT1
Gxct0l06ZsQA2/LHfhMxSqWf+PWb96+YvlLZMZsmRQsqX95aMGBtIP9EAPnrJ0poxMEhC2Tz9in+
rA/PoetvC4rIpX3QXeQ6uUBZ28bEzXnA6Ut+HK+7VUarb+u2Ry1vDdyWSrzwRGn9hMvced4Wkrsa
N0wJLNfaxCR/lXDA/jp4wW7Zz71nshNW/jrfPGvfnlSee7uex5n0s2fXZlTXFra+e3tUQvXExJOj
DuyPTXxUmHTpztndc7MwHzdtrQ8350w3mDFSd8NAbuqXc2o3f4zbK5n7PEj5TFnsCu/qm9bBYw5k
lhe+HjS6cuG2+qE27tXDclPmyty5fXNiNOajS/ChTy4R+na6ejPa8hvz3g94dCPkqcX9G1PU3Z48
3uF4tkHieOzxZZyw9PvOsUu2aajbTT03yspie17hwBMTOQ22zy48mDqidkZV0InhUwfQPi64KntX
Tmpo3PxNNpS2ClyOveoZiQGN2Wd2VlYbR1UaaY3kLh1rX7ze+VKB1gB72sbTU+OkzULcLzKU6pW/
Yk4xtxzTtT5yxFhikK5lyYPCnSpFa3INz9z4rFC6bIBim8nglhn5jMbQGWe3K+xhW0WdXqTWYq6Y
n+ShKP1i3x6JXPqtK4Vt0fcSx+6QmDfTswpP2qk5PvJAlMEbf8l3G7SfWEqsX/3WCNfuYsNtdKAl
XrtlKv/U/0Wyu9Zp2RiZW5EvPgfnBHtfW2t0veGzuvkVuyyz09ydHG7a9qZR/pKlki0GCuZxzsNK
/bjY0i0vDHnnj7LdpuJXtUoXLXq2/9rVEV+DRno8tfCNyxvL5N2iXPnChmhOiB4ZI7OjbpQDecmw
iJytA38So1KVW0nmuea/NltQ+BzLUnN5PSc+pVTyRXS5itykoyt8P73arptbvGQBfs+5H7dWgGdO
vV0cw9j57ltDjbLc3kMRy2oKz4wvvmA1qPLUu8S3I2Jk6uVic2iXc1RpcszBba9eQu3t8FazCtWa
Z1qb/WJ7Fb3qzu1pdxbUFBaYqYTrnsgwKn+TMeGN9Cfdq1Zmq5W+NH866PPcUHbs8gVFaT8aP5ie
GqdgPYr12mB9SGWHShyr7eicoW+KdniGV1qoe30dfjXmSHpCzZyfN1d4DdkXGes+6L3Wx8Qbz4+c
vlRgdMWf9Ek6qfpmY6VKy4Kn2odzSk4GaQ1YaHmBM6062d5Exzh8ES68ufV6qJr7yZe3NEuuhuRs
tJ2ymCo97MoCuz2nKo+93ZjCKiuNKq0JcjjcQHmsvbK2Jf/Cws12EV+ljzpITyjxyianlp/ALphz
ZtT43He/LhS0pG/TbTneca7Z8iMz8/CsYcQz0vY2j/cMTKqeUuC9yuoePnj89TRuHufY1ezdF6h3
H1y/+X3gjykaTVtacOotUgojIud6agTs2jMiuCx4g9OKFPkLyYnyb95v/+588ulcV7/TsfmVmyYu
z5n30T1k0+X1lNptU+boEvw+aa0rHmIyfE7btsU6BYcq8vcfu5nLoR15oH4nPzTQ7ejJNRErtR6+
/s6q3hI9v1YmN0HauTzibKsGcXhIVdY2z2R8x9a5WS8Hlru/CfkyjiKTd1WT8K1G0+7ZVYf8oQt+
XOFrusrO3bZTWv/ilvabkVW+O4/uwqb55dToKuUFbzEeJLc7653sLmLIuevTng6otXv0xGx6mlSs
4iPVUsz2QTuumG2IuhqAszUNJ1atmbrMm+rzenLZ2+WRJioH9Zd83V35aX+T5FlGIt9OhpHccnDe
MP8jTU0v2m77v55geHGilIr+QLLv1enRmPCc7PPcqyotXn4/XC1arl7PGL188ua0PbM2Bg9WsL2r
Tlj8vTxx+S7JR2sPJizxbpKhzKvYIXchk2djlfWyMv6qgcKBYM+L57xCWr49qHYyfRlj4r3p3jcL
j6O3g+0Gp5SmK6ucTTgXo1kxIehGbN0ik0UaSd/qZ6Q+umxqZZS889CNrQl3fCafehs+Zd/NDxib
HLXhpxOoyeYp1175sSNvPsRbvTxCsx7zPH15EOtbckKs9gSttAcRiirjj187Y5aff6La74ZUyNIp
rD1FC4Zv6qgybYnEyX3VD0tIcjsoaazBLVhTJ6u4TNaf4BHuO7R8Rnxs48E9QVRilnzRJ9oT//Pj
fW6ZKOd6F+y/fC1ByXK5dPmIi/kzL4Wtvfl+371dH/aXHVPOPr5Pm+I16nNZVJH/KMeYu+2+O16k
etgvK5+cnx345byO0/nRF14uOXvqsiOjqvDwC81vB0reqhlksar4+6e/v8JPumi/7VxhjeylBeOe
zVlW88P8suZ6X/KcA5sKxhnWKCi7+VWWvn92hvlxOt3PTN392GSm4ZlqheHuOreDNCumDThvPkI9
ZtYLjxJL16OPr516OMby6iQLldrJ754HRri+fX9iwYB3F8khYzZmLDxiKdWm8mPmuF9v8tWp4w5d
Pe/0sfZJ23yWR0KG+OF6wY4BPJVO6WlTkeBwff/gspbXeT4FDrZ9+YjvUdjVuQ9u53fEPUx+OECH
4lMf5pg91G1fXM2iRF1z3xzOqz1+W85d2+Nsdip/8M2dtKv7iE23TCNxjtN3vHxoH32hvY09KO1V
wAJOwufE8hiJ9+NCjl3c4j0JJz/r6V6s7UfreTkfV3+2a5OImB50kDf8tlJJw9OpK69/kZ0Q0Tjg
RYZDQYrU2O8HvqjuLcbdCZp/OezrqoKbAe/aHTzqvkz7MfuS2a1Z0WltQVYrjgxnhE3cf0K1+SLW
s2X1+nVSfgQ1/1nh40Y6rBqTMUF30/wPIQWtP11rL15vxHEbvs42DroSYjbuLd11QFvexq/NJot5
s3ak82e2Gid+jKJM31miHF94N3Lvu28vvbelVBMrM/f5uqw+ZIzf+NZ28kC5g1aDkoO/Xh/OGbCP
9GCjQZ05y1jOX1suSOF4ax4vQ5oUUzKFFmNvt89ycpXlpoYQuewhCh8XNlqfXVI1YcIg6/Q5cV/S
ymfGypmtpfF2+tu4EBqsE6+bz80YE4u/UJXi/TDFzHFQ4slPth9jeOGjf1XQzhmaSNyRuLpWdV1w
xgEKTyHqiPGz47z88yfsflRw5n38Vbxxm35k7N0x0TorVDeMOpNmTS9etVUtUGPBs9ffX0zdvXQ0
/Uf9PeMJFYsP3n85Zc88xuIDky68Wn9qVmGeW+Obxycy1b4N/m4+5xx3c9YGdZ7D58eXJYnH+SvV
lNPjz/yMalW9+vKbx+e9E12uXPa8b6pkvcLeE1cYQStbmFhtfoR1eixLacrSFeOWTk3YZOHOrKI7
bpjNdcCoyByLHXx2bNmlCuPiaKmcZydKvUMub/f+kiWtyt7ZfHnKh1AzG6bB5xGhOe6KMgrv3kVN
HP9+y2Pb8ZoatUqz0z5mdqiygjG7E0fgDN8+O1AiJV08p2KqH0F/zr1rV30yr0jKVPKtxl3j30v1
+mCQVbOsXS063sF9cdX55pSHZxbPzRrNn/E6Ycnz/XpjN/onbiFspIxcPnb2knPrXKbIb1sw1BqL
ry5VTVI8nrXDYIq66YyiNuziYXGHT06qup9uFpXh+Tb94XvcnmU+qZah3jVTsQ0RTcXRNhlz7HRD
w0dbH1S8co+y1HONhV771axP6xvm32k63Wp+lblz+Mr2QfkPPff5Ny7SvDwmNjqmffLqcZ9xTcas
faVXSD8CblM97I7sXalyxH33SOeD+/Zj5bDEizeuuS82VDm19959j4oVc3YM+vq4yDJs89ujMsVW
B9cfMFe0bCi+I5/7ZtZ6G0WbPEXjKYYJNjcHhX36EHv03ca36Q5h6dtS3g18bLCkleaw7f5ixc+T
NlgenulzOW7+ed+cmFkz1i6i1OV5tWt8fb/zPul7fNaBJY+t24d9y5B/MuPu8JXDR5g8XOWXoKCi
nTa1bfeW2ugQ9ZGb7DK94jF71tc7nN6+ZuPrkB9tUx90WEoRN2i5NFy7ftXhRmr2uxCHiul6x88U
ncsM0Fa0+qr3LGw9Nm3MUV3V+M20bcVBByq/+x7bnFT4cKqvYoYZ3epF5d6iR/7SDs3EDa8LDn3V
3T/jTvNddpSFUsv16XLXyx89GjyFpjRsf5KnKWO/9KEkt3tRe6OfppUOfPpNwXXt0B2qr3nTZXQV
eEYfdDTPBx3zCWkJrBowYbzPWPbgerJHW/Gr2KtT3l1cNriKWre7daH72aQXttKhD6sSdpB8rwVu
XRn/2D7qxR0GJclIZpVJ8svVOyrknhLtX2azTA+xXS6tnxL59FXJsdcBqrV1T+R2Hs7fpmBnzwoZ
pRYp/TSQ0mCy9MQBuYdaSS2X6j7UBhMH6LRJvVmV4s6Vj1gxqUJv5KAfNpnW/p6aa30Hn1k7R8la
qsxYjdiaOjhw5/DIuHUFz9M2PqlzlzD//l1q+AslTfGz7J05EUVoskU3twnOstP6Z7I9eLULR/0s
O1H9fg9lmuldzY5FOKP6jszD+ZUlzhphtMv3G5edjV7yxe3Xh5ZHw0KmRbrWDpqucPlRy9vcO7lB
HYP07oTNKDh/x7EySNOYwQzUvmt3IvC917PQmqFXqtcttBkXODDZaKH8/vbS6ZkfGZ+PnC80WBV4
0Wf4Q8PsYD/6ubLW4erTXWY8Y94J/Tij6BKp9YqZ5NfUdoULJb9alrY9OjHvdH6b5neT9U9vGVfu
/hQ0Qy5LiSPZtD9WZuqlshNNu1aVMbDWUVa6WU9q3qS63QtxH7pl/aK64RaccVsGYq/8GERyZyzY
9cu2bQtZ16iQk7zmsMu5gVaJw6Qs2nRjEk9KTi80GJZ4Kvzx97ttg9Xfh9U8eh7nPjIiREIq3/6D
0spo2foX1Rqvz9fVHDr1PkXZOEsmxtYjftuul5VvI8hSxKKHWYp+08uDMq2uhku+m6g5yFE74cmD
Dz7uHW4mK06WWTQlm7/OylS5tNTu+BFnybZU3Ji94W9V7940zHvebj/fz7k28UlxjIcPW9bOzMrU
2/dG3rEhe2ROliqvyA16c0Xy4TfWqai50ll2vAWTFUpTmQ+ok3bo3V/RGpK3Rf58ildC0rohF8PO
tN1wzrae0rJ7rPHCUWT3zNr7tfvpx+OZTUdXEGfMuzDMUX1oiNeqW9lDykhb7rfGhK5b8HRw1a+w
LSFDlOKTdx22TVLO3rzKfPNl29jnW0qCG6YY41cQiW5zeHMiDBiNKTqtiliCxfCb6tsJQ6Or948Y
OWKVxsl7LjOSN9V71TsqSOeqO14n3x6esmdFejEDGxe/e9gm7LTtrUvoi14G6WxPs1LaPi1mxeUo
q/sh4/3iao5JDZexrsfgaR98Lz8zN6rY+LRER3MqNvVrUO2b1NjEmgYrO7XMLa2aGaaz/Aqt97fJ
ZEufzV/Jsz+27cWbwU3tmtXv1oRnTz4eYzuoRZZ+pCiROyxwduOQz5doIy5k/Sia7Z6RNnHk0y/V
1E857z9NmrV4yq0FdZKudMqiG7TFDK9dmzN+msw/Mu7k1giPi7k2uRmjl15MmztuyvG0b2YNGtOr
ZxWbls5lYTb4tQQ9Cx6kZTHlXILbMuwkylm1MW5KJ5fSJnwvem1LOD4FO2/yNbP4wIvytlOjLJzW
Nk+1ONiWeP/alQ0D+Z7Z4+I87BujpFXc9BVajHwT5u98mnTyWV7Mu8BxeJsrC1k/Q25NiRlVRvhw
i3nEj/zZkCO/k6W5YgLb7G3hLtMvVSFVvqezztfta9pPsw5PrjRUUjuUmX423Wx8XV5I5viDDE1D
ybpXD7Nks5q1Et+uv3l3Z0ou9n3uRNu2gdPTdqneGjWE/yllfMfdLQ4HYpy+/mh1WbrJ/PqEBXLX
3y99Mv+N22bVh37Xh/je0S86NnhqhBI152SVlWNecWpRyur7C2Lz94SH+Hl3nHRL862fURmgtT/a
LmWpVGjChh0t98YcqT+35q1hY3HxjLPVRjvVli2+NSkjXz6Ge5qpeaujoWFg1lDW8eQLudEBR2pT
NYdNDio8udZ/7VqthAeDtHgdaVZ6gWvSpn1N9Z2VzWDvfX53x9MaaXrZqom1R2u+bTsUWuO6MWPa
9OKO1tz2y7nJFz9wZV1KW7XjH87RWlG/i0+rn5lkeWTOpMJ3Z0K8fjq4GZ5oPS7b9n2q3btXI0cy
njFHp8pfd5h0buDObQOY3DlbN5mxTdqv4zu8Qr+35aq+V00Plrc5sMdUZuH67cd+5hTnV4Ttu8pv
uaxUV3sOk37p/tzbcdf07s0xa5fVubU5MmD9t88+puvuzNecHL9+oYycxWeL72pahUYq8SPKhq67
XhI9aWTZatpUDdoPUjZF/fLkYj35hng3xpoZ3ilhAxzsmyprPpHCMl6t1f6JC33vHLLcS/N8CWcW
dY9++Sv2em/eD439u1+0z75GnOTyufXl0X17kqVoKqHRl2umJUTqjto/xXVY42Rf/50E949jDnqP
UtraRJ/+7p3pp7NPm8aNvyND+bZ9xgV6AoscnWrt/+ysczVmZOV3nwXyu25HPtYwqJq9K+/yK9OR
SYVtet9VPrw/+1nuVkxN2uqRuYXhhuXRk9ZNOj038K7uYcORL3GtmTWYYfPYN7MlOpKCtgT8tByJ
+2H7dC8Fl5V3rFD+06th8zrKmivV7Ly3ass/z7ny69eAZjnnheKQE4IaHJ5MFTohqjjmBLV/gCrm
S3m1OMEyi6Sl8ZW4+xZGh1dFHxmiVeDMNY1g118es9sgdWr0qkfjd0VG2dXFXn+T/ejiyoKjmouU
Nylm6WHtPnjOOtIydNOZtUsrFI/qPsdUrJt+LPjwVOdUxw9bLBWtCXvXaaxdXT6NoWlLS84JDR+U
Nv7nYVbikHHja047Y97vjt9ur1MeRaSpr4/y1skqufi58MD38Zz0YzFfd7aHyxTbje1QOJEx4IQT
aZ+eNzkswMKuYA1bxvB95oiWsPeFY2c1+utW2A/daUBTL7zd/JQZl/Z9wpPcjHTruulLVNzObzwx
7sVzbl7Ro3k0lbhZlDerXpaprj4zzNhJz+L1XVrQ+sWTjk42vjf2bYbX+CX8cLLTtbBifituyrLi
SFN/j/N5bQOzPk6YHX+A+/TAyVAprbsK3OmjlxYMz+JntL8vvBo9HfPMpnkDbrfr5GmLRu4rPfbM
8SgtfZBZ3C/msdWTrZb8LE8Km/PgAFbfnRaR0LF2V8vqdQfNyxQ8dcoSH5Qd8sXZq154dW7r2keP
b867f+B+9AbO7S/aCYUpudMWP2Tb1s9Pn376nI5V1SLdPUFRsu3uduZN7vpHl1Qo3vZ9qRf51HjL
1EsPZEZKXc3jWBd+cNC6/0Sm2SXdffCrt+E+5IsbBncsb/wopjxUwWYtEg33b4F2IMf5UdAO4Wn7
vkA7pFGgDwTioy8Ij+4HDf5p+AmCiCydaBICWf4vAu2QRtFGEJwRUQgPWrc+JP2X9QFFt0AxMMjd
+xAB7ZBGgT5QiA8UBAKFvCCjyBDEbqKRuquH2JmXfxoRQxTegyIO74F8gkJZoOgYCFSQNAqmgcJo
IIdFpFFsCooY9Ae1m6DU/zL0B1V0TlPF5jQVoUjtPn2pfxEQBFUJFBYFaY76TwGCULtPkL8ZEIRE
JmFJNIoQEYREoWBxJOq/Dgki5AvFBPlP+frbQEHoeCx0jaoAFISEI2DpPR52/qdBQXpH2yDgSVga
mAcCtA0CdPa2x5Owf9uY9nlKUYC2gafRsRRgcAVoGwQcHgt4/afRNkSRtXpAUhGxyuLn6vqGEflb
kVT6BgUh4SlYIgVCTiFhoSu9SFQy0DvQGBhjCvmPT7/2DQoiOJZOwYO/EDqPpVMIdNDoHwOQ9Km0
goPigrbQg+J9N9VrH/aph0Kx0EOsQrH6PsTaK8JEn+dlhXKhjQnk6rutXrFO+jwvKwR9oBOxBBy1
UzAcmHmUPz6F3TcmiBD0AW1MIFjfbfUqWJ8n+4WCQcc16Z2CkekELEhA/1jr+zzbLxQMbUyA+9B3
W70J1jckSFeMH0o3jJ9ep3Ov+CN92o6uGD+Urhg/vbbVKxZDv0wHcnib3A3jp1dAod4BSPplPASt
dQH56bWxXiXrl/VAcHdI3UB+/vxYet/IIF1RfkhdUX56baxXyfqHKAQD7xD7CbyD78189A0Mgp7t
hxFjOhE0foMZ0ytYR5/WA4o3IJ+J4J3QMAQi8KE0AeDJXwOY47o4kUGM+tugo28YESi6xdNBNEmg
YaGDC2Q4EqJhiETg9f5ipAY4I9Dw1N9yRurTMJEAR3QqtRP8Do0z+g1+1zNneDrx9xE4qU8rhgda
CTSGiCMCJSVh8FQiFrrHlAiCXWq/gsgeGSOCrv89YyImrwesEFHcBnGgln7Mhj+MIHvFk+kP7N+f
YYX0ignTD5QceI6DEeo6x/80GBEDRe0JjwcoJ4nWKRQBTKOek8U+wwNy35mpILsCGR+BQhLODAKe
CDLUvzYzkMMqoBE+y9PVjeGhBj1KUGN6OnED4OO6v1VNcr+8sSDzIoCYDbrss/+ZVz95dmTx1Bhs
vhrP1+n3LPfp0omgm+kgF8KDMSTgQOKPBwk2mO5kHJb619J/MMuhU6q/54vU1ywXRcfpARGoH/Ph
b0IEEgPW7aqlZECdIMhxQPcRaVg8hGzZa97R3xEXHKniMbm+TK6aG4OnxmfzfturlD4nFWop0MBD
aCn6jjx6i4Ipfc4FFOgHrSsJUcLgulKvQXCvcSmlHxBQBDpIJEidA04ElqMPwL9eI0VKn3EpgUjE
knFgTpMJMKqboGIGbFQvsG5/n8cWAwrq6rHpZCyFihfWowgkGmIx/4N6VH+jHDHgmq59hqNhocvN
8VQqGH0i6Cs8FjosigcGk4LrD/7rXw8mKH0GBEQSDksBkaHA/BGheg/hP7V//QpZKX1iV1H6xK6i
/v2IaL3mF9S+p4MAchgtlBHxIMQmU/solP19HoTaZ6WR2mel8U8RvKjIXY29IHhRxZYJ/mUEL2qX
L8UQvLp+TSYAf0ChQVekdyJ4kUi9kyCLf90VPYsi9gDSBpVKIItCeHV9hgAl38CuEkRBvCi9s0EX
+5pMImOJdDyBSO6C49X1IRI0MQgkIp3SBcer60NwMZ+Go5C6wHh1fQZBNaOBrFjwDFH8me4y4Uni
z4DInUbHQ8fiBQ+RxR7CQ8ieZBqVKsRQw4NepvaBcQZGWex70WHqnEfdE5m+UcfIdOL/UMf+GuoY
mcmkOuOc8GoUJokpguWEIzNJeCID5+JEcvp/CXXsT+T5T1DHKJY4ugaOpkGm/DHqWM+v/kuoY3/U
X38ZdaxfrfwGdexPOP3XUMe6o05g1DAmQBIPFo/PcsIYCNN6jA8P8uGWSywwFixXTwYb+hfLE8N3
Y2L0l1n8D1msZ0Cwv43QfwdZjAKB18DTvDdkMbEn/n5ksb9JJcXQw6j0PtDDaERxlB0KvScUKrIY
IhEVRxND/OkRPYxEFUNWopHE0LnwJApVDH2IRCaI80Iii6NfgQESR7rqAWGLThBHksL1gDhFIIoh
Z9GhYmL3PiDQxdrAk8RRqIhESg9t0MXbIIkjrdHJ4ghRdIo4ahmd2oNstB7koJPEUZ5wYuMLtL4H
pCuCOAITThzRCY8jiaPS4UD4J44uhRP/jIYX54UuhlCGB8yI8QfBCYt9RhBDKAOPiY0RHk8WQy3D
46niyFR4GkUMEQtPo4uNEVA/sfEA001s3Eg0gjiCFV1M7/EEnBhaH56AFxtfPIEgjgAG1Fn8XXIP
9Kg4MV4INLJYnxJo4nJQe9A1Ek2sXZAZiSHVgfRWTJ/xRJyYPuOJBJyYbESi+BgRSWJ9jyeSCWLj
C6al+Ls0MfQ1oC7i+kzqQdeAWRNH68OJz30KWRydEHR9D/TEkA3xJKL4GJFI4jpJIonpJLCn4vTI
RNE+FUNLA8a7b7Q0mi6FhqeR9fUItIVUIllnob6ung5ZR4dG0MfRDcg62r9/ojtaGkiy6f9DS/v/
+wcNe3xYfKYHoxNRFXzqAiJ8ENcE8FggDsJh+f78v9oGYm56wX+DnB6FBOG/Ae9MBE4WfE4AXg/3
P/y3/8aPjDT0ZxmTD5daloP/QIGsIZfj49Xv/EAPi1mEKJCMtJEnn8n1ZPLV9CHF6tfrS1lOXA6P
A57W43C9OFw4NUAoeToznTFggPg+PA0MZPKg/JMFI/v2+mPixAd5NhdDoKtCC7dEGWkDfy8Wlwko
LGUEYHAE+GMSInjXV01RFGBLRP0xOqj+YyzdoESDh2F4OmP0mS7QZtru7/7JRIJa1nHkQfub+SgX
giYFT2LA/3x4QHrHAIwvg8vi+PBA8gUyWhaTh+FzMM5MLsTpTLjGBtX6ZsJk4OwfIxgEjBPHw8PH
E03VeaoYno+TG4bBw/i5cUS+AxT9WHw36FMPDIcLE/JzY/BVYXn93JieWAxmORPhDfgiN44fBmpX
Dd5yD4QDuRaG6Q+LA3MMU+iEUsYYmWLcmAzAMmABJEcYtFcQ+k5sJoOrxgfvCx7CcFxgChCHHE92
ANIRXlwOn+MELTbAzIBEyxP6zIvDA5xheKA/mDCoM2ACxnfmAwkQUTg+bGeMB8OdKWi4s5c9OFwm
xpkFfejD5mOhwbCA1Q2iZOkGnljK9OAIxgj6dzcFB5/wfBw9WHxIcpD/ufiw2YBxRFU9nZhIzwJm
YQqAX1+WEH5aV88UOrAAdQL8VzoWbahrG0DtAJN+6NR0RgtFMAUo2xQOtoGnK8uTyYR6HGGXwXPH
LORwARPKRgaWC1VAxy3j8Jlwz2A44F0uxhWa6KAbwMRgsHkcCCCbz2U5+vCZaNd1b5TRvQeg4bAE
bLDBmxBL6Ob8zqdgQqggoLdA03+wxb+vHoEfFWHNFyThzjDMNwMI5M/y8PGAGOKx/CFd5LvxkBni
6QyLC1TWxwuwwHRWxXCZXmyGE/Q38DLHkcdhMxFFRntJRHw+IIDoN5/lwQSyG8E6wPJkeEHKyGVB
J2zA/AQqK840D7SEriYhUwQ8DN5gQ82Cd5xY8OAwPdBmwTh5Qi/NhG0zC1Z3V2DIeNiZfWikHwto
IBM2eRiOZxebB/emHscrAF61gpSBBXECk+r8WNlJBTacGEhpgGECHhLuNUjZEGB1IK8zZIxcWKCX
GDyhegv6CcOAay6QaugAZmCykOzwXghnLGJ6e/qDupEerDpqw7uII/6UHXRECINfKSM9orsr+hPb
LuJEYAci2ttCGZGZDxWRoLETmcvwpBR23WweZgnTlcGGKZh2zn9zJpsBbQmCXoafFlSAETXt31kO
SCmYLi4QDxyk9gRptMB+evk4Csq0iLEQYR8MjSkwvEBWLtOXxfSDXgb/cO7ChBOYZpBBC1BFRzkA
g9Q0weQJ4PhwBSMLSQ0GB1gO1PbCRg984sV0QmwwELJ783ocZyb4j4cXxxOeWp0OxIUL/FCXxzEe
oBdgQixPJ7YPeNGC5eHFRhRQ10IfswTpFQzsRgCvAjZhm2zBhNnCkLDCroG6CtFseHBEBwYSBjIv
sK2G4g9IGMir+jG4XIYnH1hKpHe6tAER7JknWN0tGY5sqHGM4DgdqlJ4LGzb4HopzCMG+4d/MBgC
TImA7YxfOnWbwXVlgr7tJyUiTIkITVsBBcByp/fuL3cYDAmmRAJ/hVb80RiA4ewMWS8kgAEGkoua
ETim6Y0SGQ20SFior5Z2BhWmJqZEVYzRUh1TyHxaAPpObBasSZALQA1UgMAZCn6gZgVSdfLTP6E6
WYE625wJ9B3Mne6ywdrrAdJ3Ya+JU6IIKUGdbQk5QYgOSgR2HkhExnQEwQTHvbcOwmCoQkqkPil5
ohG+K5fh5dbDQIpSIoN/QlEQsJJGpr4UoN7AkLoAB9lp9nuQqpMSTUiJAlPycXEBkmDcGEA1PTnA
XILpBDkaDvg8AAQuv6ME8YNaZjA9XRksTzBvhVopGmj+nicyrEZ6sKZgkL15mM79o79XcFFKBJgS
k+GpBpIlA7U+x7wnSnQhJUgLLODzu8KR4zi6+PBQ4/0HlCAtEGRzAlLArnry2Aip31DC44SUoF6H
hx8ENb4MpwARFe+PdCKUIC1YyGV6+8ChAcoUiIJ8PBzhaLVvehg8XkiJCpkAEKizQKbS13j/nhIN
/NOaxeX7wMYfCAjcJtpv/ZBPlBIdzkccIX/h37sh6w8lPA6LMfGEF3KBv4GnMfBFPDcwf4Dz8PyN
IcfgCZ2UgJLrIKEI8GSCPKf/PCGUKLCVg7IwkIgjKeQfS4dQgsYNeGEfLgu4T+ACecCQcP+IooAS
NG5GOst0/hoVUUrQuOk4uXty/NhMZ1ckvP9T6RCHCY2buSCw77eT7IkSTAsP52lwpQMYTBHCf0yJ
AEcXLn+NloASsn4KwlgddOb+Bengakv3WEcYVTOBu+x+/RLItPjAlyFpPOQ9oIFCyxs8JkiRQAjh
wgDJBXBOHDSk4zKZGKic4cqBagEacErK9ERjbChAc0KCLzhN7VIZAVT+3hSE8A+lILApZ0GVGScw
ivAStIhQInkqoOTFAG6S6e8EskgINwFKXWEaiNdDii9ISQfuIpQpqF9Z8Nt8iHdeD50FXkQDYGiV
H8PjOEE5rLAlQc5uAiexID3hcCGOBM4IjMPMzpEBxg4IAK3bI8RnogOvKmwFqjYBprxAngKJCefH
cEgD2zQQ6jkyIU5FvDhSkQBfQmE8j+OBJKeuHI4zFMAwkACRCzEPCw4Y4rJ47kjtqFuv8iAG0Q5D
Og+toPFQNUVbBSG/+Bs8uJ7A9ASxvyAM7ayvOMMPsaC5yOMgWo7EplA9zckNqmqh4QmbI+h4YUkL
TsXgYYI7AWLbiw+lGEB0A7Q90bAGrgnABR4uMmaCjN2J4cVwZLEhswz6GE3BMKzOSqsgGWNimEiA
AySCUlNBoIMVyYzh8oML0EEoRgCvMuDKGpOLhFp8JAeFNV0Vpig629HBZojmHYLClila+RMGVyKs
wgVQuP4pGBphfgd6GhgaHy6cd6FKioa/UL0FPAHt64B0UPg1rGJCBRaRCjh3JybTmQfVhDrnjAuL
y4M1skuPwWMp6GARGYWpDkgcoeIMkILh5O0D/RUpGzD4IrGWLweuzIpUMNksdyYyEzh8kNEiWs7r
0o3wZmxY7Zn+UO4NtAy8AAU1MB1I7x05YOqAuI6EsTNfqIej0vEr4ebhUA/6iECi4FYiNVYvqGSD
zDnPTomY0Dxn8Ty65IYiXCCWBb1qD7G7wO8D68GGWAdK6gHTgaYbD+53fj/yQ5GiL1qwEBoztO4r
5Av1GR5wMQsq8/GQbvAAhFyhOE/IdLcRgse9rzwa1QszHyYPGmmo+AU7JMg0sUUGH9IbHtOJy+R3
TnI/yCB1toVoO5iVcFXNDbqgEHQQW1jV9eJ4+UA1SdCZwM95QOV/NtLRzpCDgOoSbiwPHpON1DOA
WvIYAYg5Awx4clQhn+nM8ZzNR90g1ANwzUakMfghD8AYGylpgt6BTHbnogJ2JlzgBJMIcgQ+fLRn
BV93XU8AFJnOwsUDDJ/JZiJtIYE+4m/46JcsDzguBVMYRODsAGjnFrTQwfaBrZhIaIDOMXgA4M7p
YaEE6jB4ZiPOytMTKvj4AqOGcAOcBQuyRq5gTD3RnkX9hJGLILYQzFs/DkaUa2QCuqDZC2AUEhPD
ZAC54SIt3IWQyQYWACnZ8jujbgbQDDa6nAUNEsgvmMhMwoAG0UIEUnhDW4MyJchn+DM8vNhg8Fku
gLAvpG6ucAgndOCwTkFzjAO5CIbAXcMdAOuRoDHAGgcYD1cmaA/MQDijELhEoA9AY9gM5wBVxKWI
CgLZEFhznFADCo2YaJkbJiEQEJn0sP1EBtQFXniARwZtmg95H+CZgMnjuUFzBCaAaDXPjeUFRgaE
Nsi4WADLzGZwocojCx4i2Nl1EVMwJqgf6yIzhucBDZPA6XTTRJ7YoCGyiMvLh2yImjuYtIICCjRA
Plx4mgg1EKIEWyZIls5yJ+hAWKG7OAUeEpWs8UEdhwcT5kgw7XkM0CqY7yx0RqKOCv6Y5wUHUnwm
wwNZqPAUBrVcBpg9gEmIE7inOptDDA1Uz+SwUSvM8RLUXDlcV2AyA9EwCDInQNdg4h6MAEdovDFc
6F0nBg91RXC3iDANGvQB1ogLLSRBi3lcyKXCKxowZWSe/f0lfuI/VuLvxZLAa0aQ8JDlAoMArSbC
NosHFX3h22U90NmL6hI6g6GyMl8QZ0L1PB4LrtADJXVkeEI+RLSr0KUpNNSEpIALVUCfIPPnwma4
uiJLLlBsxePB/hE2/tCwMHxAmMSF63ZcpivEp6ghBQ6JA2nGby2pwKoEiDyEMgReRdQDNmFe8IRl
QsvKzs7QtHPkCWaPgDbQRThtEDgmxGl7Mbh8aMGVgS5AYtyARK7QBOWx2MjqgJFL9xCxGzOQzwUR
LbQgwIXWMZzhhV94qDrNQPeGVNFeANOla7iJLmILQgWOI58BdB8OrkVDO3TKoS0hgYcw3oRbgKMy
Br+znc424CAcNAIvBQjSLOHSmfCcmQj7iCGAwjAgCBwmYxxZwPg4AyWBTS0UHYiYBUGKyIJTK2Ql
VKQLQBrnxeSzUHONdj26Yg7UFBDxYgOVFEYnIiYDjjl56I6AHmyDKDmBDUAMhoAkoqKeTBd0MwNo
VKidqLJAg8Dxgko6UBdzOSB69ICKfdD88oDgELstTIhEMl1UQpi6Cnqym/F3hGoIiIPprgGI4NDx
BkQRRKNSbA+7NByh8hgT4tMJTUgFMQyyWoUu0QupCBRNEPmiy0tQXwuurGbCaZawDMwVxjCiD4lK
hEUzFScOV+CN4eADSvcYnfNdoBxdBOg+BJ0bIwQ7ApBORdIldDVJkJB2TlPIP8F04Kgd9B+TgaRp
qAkVOERhSgdnlXD8CCfcyAKlkSnS/cI0AMyjzgxSmAaLJY/CeAjqXKQoIZyUkO1lwu4R9rBoli0Q
eyFqytCYmovSFgjak5FERhwywR6CnQBgMKGngYyOTEF2xnSGq10wORcOm83xQ9JchAocgMD2AE6X
MWiA6McI4CFd5QdmbTdD3JtnUu1MYxFuhJ/Du2tElEIwHURWceCO6H3Br9vuC2FvoFqMjgGyVYIP
hh1O5AQPg1DPHfEW6I4gaN0GTFboIbGcFVgT4YtQ9RuJhU0gUX24PDgNguoy6LyCSGNg84Z8iL6C
gXcLoQu3PLSaA+fZ0HFCp86FcLQixOY4AtXuLh1odxHHjwnXyERLFII8BlBwA3GhsH7iBPkcWFg4
cBJ9Aw1AUYEwyC4TSK2hvV984KMRX9ZZ4emRd7hyxYPiCdQPinEsmMVwV8J1Aj1Id2bzoDWNhUD5
4MyeSCeTVkJJJ1RJdQY6w4LZ4CBTFa1FIJ4eWv2DTrzw0Ax3Jg8OthHnjpwFQlf5YbOO7NSCt2Mx
uZBfROcfVNFgwEUALrTkB/UhujblzISmLJRfwvVfDo8vIMLrtFad9ASxyUwXKMDj+wCXMBOJ0pFF
M6jgAGVJnoimC02IqoAOUkCCzsKqojlQjy/CvlRYWensBmEU3XVPGuRiBRIxO7dfIS7GCa7aOAEB
gENmC8M64YvIJh8vHy60hY2H/XsDZNI/FCAvYUI7WgAdHw+mYK8VxwMpEjH4Xas4qJUQmCDYoyLq
5cV0YkEMCC03ICT8EC6DdjNJsJNBVVAYdHXqITCkQHmd3EEvo/7Kz40FPDJSUYUXwZGgDGkOrX0D
94aWKzqfBaMIdR+02QqMpRqfowb9FhpcuJbKR3N/lFNklUSUWbR7oX2b6LyGs3S46NEt0nRm8gV7
ZHqKZANE4ze4OdigohtOoNALnpAoq0ivdOW3xwgZLYmgu/8ABYEkMtJ/sGdD6B2EO2yIqsKFfkRF
nPujFp0RThcd6Fr9Q0Ic5FVnKPgB/As2xkJ+swcbCKkC8B3wllM2h+MOwtNuvc9F9nAwBcf2MJ4g
kOEJypNoFR9x5C6g81Qhd4NWNTrl6XwSA+1YRuMAb2gaC4wpFPHDVgd+XfA0ZE8Q5+zLBJrLhgw+
8DFMLiQTvPkPHXE/QbHeE63rIr3KhsIUDA8EwD2HQyCQ9ITzGKhW58jgdc4clIPZYiMMpIRWA6AI
HK7toR3EYEPOGK1cQaqPrMwAkZCASdDTaC8LFEqENouHyMfqXI7sKVtmiJAQ6WXBrlKB3QXzwiMA
44ZkFHxhfRtwC1cqGfA4CmhADWJmOqn5+/uL/h/rxnPGY/0Y0IlsMJH4WEBpJrwQKDQJsNUJ8HCE
NGpmt9dnIgoMsi9kyLvF+RCbgspsN1YFyiwysyG/BAcK4hrrzEEVEto5gxo3ONuAd+XArstVNEcV
ieidWcheeTZS3oPTOScmnGxDhTio9CASdVkgaoNshXMWVD6VjSxMVdBVB+hjYfDoJMyIGYgdcgxA
fzM6bTZMYiZc65yJ1DyEM7yzrwT9gRZMGVCG4whGGlJ1Z5agwgevwPCQtTtUEJHKKJwWQE635zmB
agcc4PCQMo4bEoZCSyWCMkuPZQd0NkGTD506TtCSElJ5+z/UfQdYlNcSthUTomI0lljiuhZQl6VK
VREBBVFQiooGuQu7wMqyu26hqFgxtsSuiZVERUXF3nvXiIhiw46JokbsNYj6nznlKwsmufePz/P/
3CcX3HL6mXln5p35iLXKw0oJWi3qSgUDiroRTJgejRArBeBE2hPhlk5UERccJTiJc+ckY7VJiMps
CUgoBLVPrw4vEPDX0BCIRoQDA38AQk7nBkv5YIJ1soxTkamokRIxG9EIsARCsyBXAm+xxRLx+gAL
hRQVdfWmw+kgmhIWXKfkhHQAOOLV3JLhQ47Hy41Sxi8QdgvEQwgDiVWypHyWgSCAnagSIPgB1L5i
YSi6DVrghxqptoLIcnifCGp1om0IjIjoi7vTqBRJFWN6BONbXHRy9cVbSg8DZ2n+79xFIV+R8jp4
ofqp+NOdPhF2hFljQwSKpdGoIywBtk06OUIg0lCJbsb+EI5VKdRfMjiUoFoJ1CIkCNhR3GQnF2fU
JMujQS2SRA10Fo1GeJIEY43gG4c74RU+GCV4bEIghfYuAQwFFRcUJ2oZbx3BlEiQg78MHX2cR0n9
NlpMiIdNpVKTcSW4e8X5K0hjWNqC1jQZ+VOFQ8/GVBW1LcGwgnIGEtSURoNwKxc2o0KMs3rUQK5G
YoumqOCEG8yUln3Mi0LkNrLopZzwYidduFIyMYDCoA1rXsadZhqQnxmF3sz9BUELliFjqT5xmB+D
J7VRsEDchoic29ArYY7wCUl0yowxiinaqA+2LjJy8JzdIF9AwjnrBFBfGLCDb0b6cgR/+CflZ1CJ
ZWTYgV9fwQgpGwV8RsQPomUHUbT2VKGAFE6hUTh2DanxCO+REJzKBG4tYVpUEMRjmPgxqir/HLM1
gEZvFGZfYW5Rsppzx3Fbyk6gjIWYqCULHh+yTQwc4HwVGtO3WD9RS3yehMjlR4Xlf8WuFhwCfPO5
U8+QBhkKLxA4GIBlOkRyGbEHuyJTaDsAzDHnFVCJNEwVp0JvKaWM7iC8DBZUGBWz6fmNYMQVNeGu
aIlBYEYADTMXoBHh6ss4jYSOQ6JCTzL+1Bjr4eApW1iDKgHjR+IyBgNDr0gG/xULQGspRiBkGY7L
wyfagf1O5CFqLI5AbAOdrFjMSWlOoxT3BhsDxAIvuv5sgbzIlyyx9nBksTm5yCnOh0QWiV1gQO9Q
iY8TPC/AzQNpSCdHR5/2RMnZwXcE/9GXkSTRpOiN6enp9oL/uFYBxWJhEgA7GO5L2/IPDLAPC/e1
9w0Id+7kZh8e6MuztmRCyaxStvcm33F2Bw1GsqCcnbxc3b2QtuwIucr4/T5kxeyD/L0knTs5u/m7
d/eHaqLuUJ+mm2CSXfHHoYiNlyTcrJWJG3bkGnakDfdAa4c+CTAuFJm4nQHQydHSWbQp5CdRxxih
SVQ8p1gmJqo4E4VtNhHKhNyAv8ofespBYFQkgshltBeVRolDHOj+YKQXy/CsQqvTpierh2PHN0Jf
IFcQxFIZVFwwmus8VSHMmkRDkYYzSgKathRgIwcg3GUsWAB1hFB/iYQJEOIbIbETHZ72Eo4fR9SH
WKVILc4U8z0KYZ4Bgi9arCY5hUMHTRSXmnlm1XCDQSNDfhsSNHq1MCeTuysEWwvuC3XfKFVk4iCu
KzE2CJpXkRAIpGmRaeFwl07PAUw6tH/Zdej2ieBfD7F3nHfGGYk5y28DahYTJPQaMJ+QxlGmE+FK
ITS6vxi0UUoiH6NRAqUFqygqGcFhQIwnjr5GwxRMhIq0C95irVKNlJlZgVWq0FLhbAXWIZxjgSj5
mOWI/cBIeOOjkgAcEwPzhFJRCzY03VeStCc6M9SdxQ6VTMrUJzJUdAncQaU3Ht9RztKiRBrL5VWk
oPaxFlLz8IZpBQ4WUX38j3OUaJ994FQzqoORBGXoMnHUHIt4DLI2sQKkydvUp0q5WgaO9gMLTpNr
wVYLx+YSRqg6hKOEk+T5w3idzDhJXErGKcXhDg6C8uE5SzBER8P7JxmQseVhOc5kJBlaAPBwzNQi
cZ9CnBQIZRhxTT0e8KGRMM81M/u4Xsh5xCgT03P4cUhZIBjkrVTcNpzacLhRcYJh8b4mSixC7ceb
Nexkf2RwqQotiWsmqVR6iYkdATY+Gm4UB+qNJJ7LSJgK7LEThHFFEXV6YHyNosFizqmFoaL4iE9G
EmtWo9tFeCXMz0m5JmyH+dYrRvSDLCP0BB5D+BzJNWW6INNZxpw+qClmZIBlxCtXAcaNpxLLN95E
aYEyttjYVqHNsFA5dqNpVamCgciowyKV2HQVKATqZMyJMIGfxZJOQMw/lT1EFwzJoNFEDgp6r/+b
jEGRJcNpfmLPEJGFgSPEz7D6BAsnDttEAl8q8dtRMaxVJJCVYzwYwokkmFSK0C6C0CChpJI4lYYy
HriYuo4SeEwUAiUqDGh/YlVxCjPxTxH8qwXYbAD/GBG8Ymcd7s/WKF4aiaS72USS7eH6AwMX8wiE
3ijMfkHn2YBRBnYg8M4o6v0ULx8njs16bBlwkAj2nJs3Pl/cZCWYR49NLoTL0N5o0pnawCTURJzX
ZcIkVPg71iD8B1xKEB/Y04zLDsBowWGsMEMaM1Oo5Cvcd7nv8Z/kBAiHbkRzo4VH6HVBlpdGRcuA
gPWSorBI7KE4igRUwNhGitFkBsYPxZEaHAw2a9XDzMAHS9AqGIffZOE15zU1RAuJHBXLASO6XMBQ
Rj2m6JDCk1kusVpYyqCiQwHIrgrs9SSsnY8SgyKxuFbqcACDi1+j+4CwEaEAYuHDKUWZyOEkkyRg
gif7F3UQkIsichLgt1WmOC5EzdqmgSeiy0ikkdGgyE6TOhUISuJMD3UytEnPoTpezBMTalsj3HIA
4EI7XSL1lWIwqlRQmgkn19h3CWZnH+8u5byvdINISEIrIR6V7kg0qLUcTQi3BMIUHHxwXYC5hgke
GBYm6DCR8N/EvO6fCPPC9ebDHL7UT48nK+NVBq1HIiiqgTET0DyJ6Y297oR+gtBfrNlEo24KTQXB
FK8GGj5OUdLpcPkQFec2FahQXL0CWzIIBmCjxKjWi64pRwJmUQUiefiYB9Ui/yhbXHCz0M3pT8u0
urGcQhiRL7qpagiGw20HCOrqDLkpRnNCAn7UL145aTyNGIIAxClpRhN/EWXgWFXpcYY5E7ICPyys
Waxaq6CZBkQRIdNbRnxseMxB/ka5XI53BGs51AdOTkN3FSF0Fa6GRIsvUf8I2SL+cyZdEvqInUqe
IEcNBwQESDwcnSWuHvaxSJT38fWDhcUvB0QG2bu5ilcJDiR63c01uj1X5GUAdIlZxoDOgK3DbjnI
Q4MoQZccqqAgf6HApgAC7Q27kIy2qKAcKDCTiMBFA4JxcsxCgf3DN4Mt8WTsocYEJTjljMPEjyCV
GDzJ2IbTEZEmMuMqcPfMbNMo8SedUAgpT0A0Beq+j1VpdNoEQYonFh0wPiaXzMYKUoUe3H9UnEBw
cCEDEdMNjCwggDNrlCJmGEklYUQ+6ngTIgw1c2JaUkspkkFqE6GWZJUCJ1qiFhIRpOFSP6BHUXoj
Ty+idCId+CYghq+G+xDPJ5NUEuajtuYAtX0PNQMsRKpxWF+YpWWRxgJnWWw6C6cksyDDoYZE5pA4
IMKOAd6af1zvgSegYLVOK08ZTaQGjsh7LiMcTzADaYMiYYjbwVRLQJLyCi57tqG81SjyG2DxwplE
AiwZQb0NaDSxagE3Uq/WE1JELE6bELrQ0drr6G5DSi9kYYnc4eJMRkJgA7GJ38MMfZ7TTTOggHwO
mIfSfojrSKGl/l/8VrwZ55RVNLIIIObBNheqhRZ4HMvNTECDY3nD6B4bE8EJglshKhz0KmbLMwFD
MnKgYaNJpyd9CUYDCACqcgGXQUCH4Y8/ru+GJBfsH00205A6Exp15TllrFg4Q5ZqNgWW8omTH0FI
stpmeh1k+KppMSclO6Ik54+3ieAzOuJF5ChKNA6NnRv0skOrbHtg3vxV532N4E2A9/SoFUiiJO5V
guVI4h7VP6AGMPKmMxLKJKpCqWMF7tdf1UCpTOJxhg3ax1Q6YXQBKssg4RlEouifiMvMGMnGj3vh
eELavwfyPD4RyBNUhWdGHF5b+uw3PvRGKQkqvcGi2AGXRQJLTJipuvhKWT2JKkFCiQI8G1oop0Ap
pdio4Luz43kGMuy9bM95xeIJ70DOj544dowqwffVNPsfGNhgIpBDyNnIZNDAZFcQ7A6AFK4iS7TF
lAy8jFiUoSOg0WGsx4FWas8yXEKds4QfT2QG7znUpguIvHACkV2Mk3+p80fwIIzKopfyirsFKA9u
l0KD5TsvYwC26GhUm9eo3HDpzgnJAfxCqpTcvcA5Y9jvC0l6gIOYTSYuJiDQ0pL+oUFi1gESQkpS
KUElCYvoi8OGOub6J+E9fK+cHSU4A20A6CJ0wWJ1mO3DDDI+9eBjzB1qhYjSk2AF7TnOFpdYQ5UI
X/yAcSoIvkOoSonZK/htHVZV8HWSGoEJ2lQJkxUQiA/IEAf2F0Ua6TpmXGL0XaGKHRFnf1GISXBv
VJzJjcljGGoh21mlAWlpwD4qkiuDncoVE2UklOWL2UaQ8Yz9lCQCoSPFU1m9VAGPn7RMEwEgc5rz
UMhwDhf5vCCaY7TlS0ngTH62yExvpHKqlC0W1qngOVYIizDAMLGyBcIJFygRimsmDPiNwam3hOIq
LL8nKOpQecY/VclYvpHQDbbnCYiSIOGSznL/JTwXXKwUwJXKTrRQLUBasTAlSpzVqEZjADgkiHyS
ICVqUSUuycXERSX+XgzIeT8l/aIoTCmA6EAgQAYkScwk4zXoFEqwRZl73DLKZMGC5nwmlWHGAZzo
g+IGSP1i9h6pdiShLDelCuwTLr+NhGo51gBmFnB1PQhEA9WsIq40BZRk4bxdvjznUtA0CVrFYkmA
AYgZ03Asg6o6PntaqcOWnpB5yzaHLSItOgNULGyVY2cit3GcgVMpI4iFPHm3mWipEknGDvVRCBYL
u05SaRyaQT+qmDHjVArcXCnHaMIOJ3IriHUkGAONtRPfIIVBQq4fQmZKFeHb0gtBRydeQaCdqMFa
q+BwJDuB0Tf5IngcsRVcUfvR9jj9ByYbyVznmSx0ngIathZzyhhjBbuksH+HuKSoaSY4PXQcGK8j
JUksFXzaqOz969J1dIK9kODwM+hS4wxQ5pviUWI5q4mjSAE5WqpUZHJDOESRoENHRUNscZJmQs4Y
F0YiK+VF0RKhzrOydyJHUniIbzSuPgay7t9Ek56fCE2Ksqu0Oi5TiUWFWJSbFLTGeoNUwCG0cA2T
aSTCh6ZuJ8iioyEo+jQnQkcClafANZApT5z0KAJmWlz8hmQ28FqfwgC9Il2D5J+8vVAuw5aCkQMq
VZNOYjYqnExMy4rjc0XJWNjPj8larJ4DLVqF63bwlkwqalYDRWj1Gl26sCa4jDLa8DOZ/PrSs/k3
xRCF4WohQZ8EwbgoRyXflErsQnwj2pNIuaOzMyEQglxLxEFglpaI6+zwTjcirY0gqBQazqlt5GPV
BGsCe5R+huVCAdtFHF5GK4MvrgrOH7qSVGixKXBhFvwh4uFBks4E6eImI3BfwhlZnKTrQMOxqgSz
luk0WAPUrYxiGVhZqZ5USpSKk0ZI/B4JeVIP18ApaBg1BtW0yjxWXgpSaqtyHMEieBXqBPAWAgap
eJ2V3JJy0We2XkG8x1IgvLFX3eKrIHRomg0psJQorm9B8AFJxIevEvKt8Lh8lEXL4zMzq8PBxAES
T4nY4WqskIbER7WEZgDZT7SgHFQHnYJzcAnDSkuSK2Bm5mS9IDWbjlmvI0xgEBJE08LNNNBZs0pE
gk0krl2IMZuT0XkeTpMbLJIqmCdZcIE16dQJQ2/hxwuJMv8dKaFuQC3HUbzBkaCg3jyOKiRTSrRU
dB3xM3jj0qXM1YDtNgbCQGgR5VHxBmMuKz70IEeNls5R8XSQrlGzeuyphE4CH0K7QU1h6K2vAIQF
pCH8TmgQ2NAGdwjWUayGoi+U6tBp49UJZhqThgRoVoLL1dOVcpJJsi4hg5B0evwVKHSdDI/KQNBZ
7BXHVZqw/4d49im+V8Wr06CwVYVSrtjDqaL2O8uMI3mdSPUbSKUmggt4bjs4qAXHjosCYvIGo91q
sKCGhWR8fm3FkluQLUTzkMTTEJwgCT9uFb+uJEJGap9jBhCw5IT7RkMZolQkYSdyQepxZV+jkQuz
lnRCLQDSDo2SkHXFapRbG9ixOGbgMLYTJylIVIiWLiM6AmEcoyoRajThVSeimklq4uyDjC3UlwnK
0JhZXhoruSDMFtEjFGzAcUOtSPfw4oApNXA0JZP6mXQww1VcRBL7Oi2PiowYdpyQpJ/DKoKWNiFH
FjsmBbIIH6fKxH2lDwL4vwRn9AkAjp8CnP19JWNxQEIJTiWw+nVKZPfSlScUCD6izXAQ4wESElCK
q0h34XpjpGaaiWkFnnbEZglwnniygHsPJmksAxZChxLOTDNwOoQFHizFP8afehU8xoTl4LFMVkHY
CqMIIp/0inQS8OJYebiyp1bN6gYoKmlEXOTBsgNJAmwMVBPj81JpykDlp4ksPimJBTHAVEa/FBEe
cCCYrQ/dHhxKtWfuEPIwAFKrgZHscXwgRaFhxVjYTvHQHE2bvMfF/kVRV04Mh5OaCfzisNJAGi5w
iUBshY3DMR0IMsTrqDUrLKKN22DZd7GsOhuXQIPlF1fXotIvi5Qe7Z2Bt7/FblTZW1ToZhBbULOb
GtGMXkWShXEyJgNxgjlT2QRvoWOIfSFEluEUcIhcycj3aONkHmjMZJNZwRTRUuIMeMwW5RNocQY5
FH4UVBRARyhFpSGJOJzhSZYV6nmg/baIAZI95D5qUas8jn8M0ceOsBg3/VWJcrqu7G2Ky3kDxq5/
35D2lugBnJBmPbg8TGa0FBrK3CIETlEQD6suaQppXSpMiaLUFeyVw3oR567z1wZHMHHGNQg+fvoC
x6JKfKihZhLpiMAMNHK6VhieVWw1/i8EMIhAI+dbl5HGFJw/llhD6Etqwk8URpc5C6OCREGN2Bo5
U5U+FEUihm+EqWtCyyuoVQxppKCO6AEUamphbAfhClVcIvPqGGg9Lx1LNWa5GBD9w+3gMp6imsyU
EgR4mRXUhL6NEnssk3RYuHJ1F1TIuqeEUK2JVXiCQeGGuYdzYVezwUhhHsJ8YLTgMtIaDT2iFrXv
GcmRRixwOi3eLMLfIZmWqfTz6cT9Rp1KiUwFkQlQtCYIhhGJhdtiOYQ0esCaEAirinvYB/tGALug
3ZRxg+Bo27jwp0oJlFScVSkXplHisXIC0YAOtJHRgU0Gs4omhrJRWhRJYsadknFfDCodJ4NJ48zZ
SipLaeERVKBp+AuHy9fSoBPDsjAFYf2ffxdAfapnKH00wZ5YzGTmKvE6Ur1BLpmOkhF0/O5gpouJ
1S81G/naIjjIR1LP8RIqTDjTJI7qJomENZmgwxXzkLgUcnF0sST8Tf1caB9TwJ0tdinTkkksZ8WJ
RB0Fw0vnLA1uzpQaRSurcXURWX4UxXXkcIiYlL44KMEyBggPjGYSiUKCXKYfaQPkOW2hO0/YrIRR
jwdGqqIqLPCH5UCEbcpFeTK8vw73zrxJBr4UzcdLuPEhU0EokrlPaKEzYS6LsMYZ+E4QqGZ7Cn8K
4pKY9+CI65j81SM2OBlGB4RlRgSWwVyOKzsXTCNVqlD+AqWSB3RUfEJHhXRhAb1Fh0u4Uv4Jxz2R
0agVeegbMrzQ6VGaOe8MY16YjSKmCw4S4pFU8ogPIU+Gy4wxWDwGBMtMLWQXqpL1JpJcn5ysMICb
iI/6czeMMgLIhrFgL3UeW7LqWEapDrOqxWX9g7QCn6AM7RdgMwiQo+MvTjCmZq2ksnRsHYCEJIkU
h6XwykhJ+iMNl+ACoCSEoao8DMXaJhxlmCG2pDSY9YqzBywSg1m/IbjGBUczSDVAWEwLREO5HH/s
L56UIsz6ZM8+pFwsNX2sBsknEKWE00+xUu6WVdPZYzZwUQKSYSz0quMcZPKQTSPL7jaQhxdwYpjf
XDLTjzyi5S+Gz6AVOOLxNxV8gv+n8Q98kudzVPJEGVGk2ojGRx+qgPU4txBxuOoziFcBTYxdkL4k
64/6ffmsQGZHMtQBWWuUEcQ9YgIOIpWAwkIlOMiKdIY/WIsh6jSZpDuUz4CJo0tOMsnJK34Kgx5H
GDBXVqUH52cPBYhb5lmkD8lLMKuVRAAS1gggZCHvDJfFpVUkequ16L6HIJSF1i+BoyPFJariklCD
unjmwOXlFBbc/ONr6Esfe1IOXXX8NANHZ7doCZqNQqmFuxoul0mkEUJbJxwJbiWyu4xQ+QiXGLK3
R20RDwC76OzHRSrDj3r0lElQ4xJoXcadBCdPTzc22o8/ekcwOPL0BUlfZPWrkCHbC8ZW4akXqMfw
CH9JJ9Ij+gb6t0pvwiEKy+E5eXo4yQUdkEIrkj7pOL7RS453p49cEqYDHSyFjiWhcNZV/EM27Dl6
PpqsZQd4JC5kKNC4DN82buJs0eEREsDhpdUQw0nHYXJJIKQ+ayubpozPCrDs1A68KO0l4cKCDlK6
AagnGeooDi8HDMRDOBAcm0OjNqiNyJIyIoOwLxlKMEIsCaoUBYxOKiiVBaI+RFBRTPDDXPcRNIiA
Tqyd8JsQEKSjgm7Rciu0ZlZoWvDj7Ogo2iOcaSvBW6KF+0DOQXhcolkzHC2fFm1UIHrBTwHqFelj
maQn+mcvXSKCGaxUhHCY6M2+kPaHk/ZxU0hlQkAwDP0diCavUaWjbZMT4R4gr7DFcYk6nQbuijQ8
qK8XOmwEPARhMgcWX4KjiaeLZlBhHL3MWhXM1Vk0V1zlR+KH9kOv1pJRSINCIgLCQgIiJH0CwsN9
ewZIfP380F+SvmGhEaF+ob3hRAaEhQeFhlj24YqwgxMbBGoaTiPke6FuXUTd4sKnEj+NQg3nvjv0
igukSsLT0dVL5sukcrAPKROIftAzadmxJ+sUNSwTaAJHV2G3JIGFO/Nh5Oihy8BdDOlHkmEqbKqA
0kC7hsZlkh6qWAMcMuhbdAVxCAlJR4SWoO8INGV/8GfRc0AHEow2IlGrgAspDF8Jfv6nSJZlI3B/
2bDRuAQCDMbtLv+3tfunejoAX0RGEqyBZaE3TBpOHgLQB0Aflg9gQFncEvhihVsiODq84ALKCnmb
48wIhXd3RYLWDHJAij7oRck3eE8+JrnEp4fdTI8Ko+lMHzqcmpoqj9PIESyRK+Lk5iSHUUMVcc7O
DiaFJsnoYNQq5Hq9qSser+XT4egc/BINACYRgqA7SnwfavA1AgXITwduLj6nBKqd8O8OoLXtwlRK
ZDkpZZIBvujOeTh2crZ3c/EkD7uMlIfLfTlOLwAjL0ki6asb/S3Xkvydf+N//87BhKq8dayr/D/0
gyGW/VAVrtFvtKclJuyJ69HeoFDbx2l0ZqW9o6Ncr4z/3/qA8jZurq7w28m9k6PwN1orV/hVxcnZ
2cXJsRPU0Kni6Ozk6N6pisTx351q5T9moCJKJFVUmtR0rfLjn/u79/8//Wnb17+HvZPcxbrtkTvP
7jxY+fznM0eOWbtKHJEJPNS6c2eJQ2+VNsGUKOmEXgqTOPRQayBq6dAD/C0Id8FDvLt2tTaakAxN
tk6r+kN4Xshhx3p73nYsuRfounXxAGPy0ezGmRvOV/+tSqvsgKC+C60m709IPq5dZd3dU7nFpqB0
bcaBLnXrvQjaWs9uzoGNx6xalKwZsvSPVmcHzHGb/+rb8x52Z4pKrLy3TZhkLO2zzPDDs5v5Y/+T
9GJDmLRj8GHbxl98MbngQJu8yTML65bWNs3t8Wyu008D4gyHpsUGfBO44PNTy32WDt143s7QeMXo
KdIJWqdLg47dtjk3uPM4h4kZmfMnNUz7/WCS/+ZwiXLXdqdxk74/2TtkcI1RzcsmXf7j3POBL+rX
XZ1zo6R/qxdOPaxCfwv+Zt/whbHlEdtrZP18accF5c9ROU/t6jRq6jHILvIPmenAoHsd3EtXT1D8
MnpQ4jR9o3YnowI/fBV0qF2jQ1E7mh4yVT2/OCupxdhHTdfvflQYcuz6kWL3L086yw/m3O/8uiD7
/VI7B3XOKQdzhOmue9TiPbXbrmiT0r7XCeXJ1D9NRX/eL2pcr/bCz2b3KhnW3rBr2431T0+2Nd35
rXbQsJzpo+uvGdUy9W2dX94et7JWaZV0M9BfsIed6F66eLixl5wF2xsBpWcdsHhC/4+5lS5kq8NU
xPtuRNAEv8CeXS5xJf/uA/UnuuvSJIMd0QtOzh6OEndnx2hrdB5oR26CjsC6CkeAfzD6078H6hgM
1mhoVaMzIIyKbBD4mJ/RSeJO+zM6Szzwn127ohOHekefsHaIiHCSO0o82Rt8b05OFY+tkzNpK0Ti
JHHwhbOLCzg6+OP68z0NSGj/7ZmeENlH0yyy3jcJl+quPjSl+pbIjnNt3w8KUG/5/Kv6HX5et9hL
Lb2UbzMjrGHypYKnFxdeV6U+dOsXunNGg4hqrdZJModXH7tq0KjzJYVDpqyKqBlxomZOYG6Vz6uu
9qjy28KXV6Im+l0c/up1Sf6phX/GHws+n3H2SefdwfXyvX+J+enU6X2dR/Q23fxZXrhq4pMm8cWq
4OzPj017EPj+4chHGcHt5127lrfPq8Dtenaes+Mv5pp59rVKOvfrZXvyxfwlLeubW04cec90z2lU
szcHr7xQ1n3TeUOjq9UK/WreD7zpHHDQvZH/r6kd5y3+3rzZ+GrjfRfdJc/+o1IUL2tszRlW/kpa
4hI52lT/TVTx6z5xSusdNmn5X9hsau4V/fpCksvlFXuSNvzWcsHkO7aN1pxzqOpTZbGqY/OFVo9q
jbrkGdW5/oOY3J2/lyZ4396/0PdRkydx/ifnrW7++5XPit9vOjW9Smur7IG50zeNftNv3vhjX+V9
HTNwbcmUAzuCd2ac9Pi22g3r8pWPQ55FT6+XM3h5dPHu4piHzw/Vz5s4Jnha9O3dM6buko23O97l
QFbmhftnB354eyYrfvCr57qjXq5Wtb8pPLR52TfDm6YdWh9q0IRWcfj6fWDVJqMK72a7HN7jtK+f
27NTD8MPjD47tf34NjtN9W+283xh86zOiaU9Mjs/G9b/4I0V1Vyby7LWnn8XMb5332d7VAn9Gtq2
Km2+1urriClrFwypMXdjA9fjo/QNWr8aYXtlYTOT8cywxC+7+o/8cH1gQeT2nF1lbS6OMnfPCGkR
NjFolcOqWufvXui8/PAf708cm/iw2p51dw+635hwacXKS6uWfH/32rSybwpG3P2h7YfIvPKS/Jte
susp14yT1uxMMlZ7da1NzxO5jR58+Gpzq9kjo73f3nnlnxkbuTetPL5g62ZTm6ipq7zu/LA18GbI
zaD1v73tP9z+fut3fsPrZA2eE7C3dNLldOXx5icnPaiW5jhj2JhJf6zq2HP/9tbHGxZNOLPxfs9F
O2dGjrEur5M36EjEppLJS+6d+NGY0LLF1wMWGb07Pz4y8dSakXvT1gcGZ5QdL3Moq1WWWra+bPX7
b84UtDi7pWz5hbb9XrfXtc9qH9P+xzkFcx+0mdPx5BRD1M7VI5ePHHt95Yx1dj8WTzAP7nKpdGPK
4zGb4xsvGDbayebaRt8jzZNcdLLkAL11woP5wbe3Pf3u9CjtzewW51OGTh+a/lDxcFhy9wcXXqlr
bUm+Irk4xm31w2O/nk65WTSsU/q2WV2SzmqOxG+e1TyyYXnZpMIDCV3kS8KnxtfbHrCytdW4VXXr
xhd/OHfSOGFn4N5xN7aej/5jjFejgn79r08Mavr4p5xWS7acCmyX9eusEy/iv3OpPv/w919mGE/6
x7uHTHzapfD0pCin2V4t0n/N/MZ4RTkiY8ibmMkjJu91HZNcqrQrKF4cMMe4t+bNBWu+i+17KevL
qD3S7CbGU++7Koq2TZpW7VZet7I6UY9sR33Y1OJsy57LXg8d+sC8+ZH7Aude2fvaldlIh076o6JE
dmLy18nRw4O96E5fQ+IxyM+vO6bFYYEWJonmvuhSiYBzZQLOpRIBF9az+z+Rbzd1VyO+6jpZF7a8
kY9kYM+JU46ujwwfvLNZ09xjVkGzsx/2apR9v6hDm9te7pNzmtW6en/b6tARY92tyqt2u1zdJrBz
qzpWsSMuvzqwJSh8YofVQYEj7h2xadXuYc3IW7tTYm3Dj3z7sizP86bnXe+7Q676d4lRb13wdeSk
eWvWLS5oM3f2ykZzlvSZUrj5fHD182vuh9jPzMuvLz/Y8PXpB7daTPks7+HMR+9DXrXeP3zqtbOT
paEHtA1bZHz9pna/U+eTtgV/tb/W2zfq7VbXnjd/cs6tRrU11X7MWFQ/7exx2y4hrXw+n3amw4OG
uZ/tseq8pyjeYbsipnqTE7NvRWqb7ZLGz9ycO0thKLjlMH3YdqcPNvKF5hel0eMHvl2UvTNuh83k
Gx1fReyb7HNp64vmT4I3xKzfGaQYXfPN9LLCkdXSWvZ7kTMrw3Tjbs+YmNyvbljdqDnirH7lF33e
DjU7jWjeZOPZl20f/HSitcclc0L9zcsbj3nc/82Worh7M1edCFcXK4oP9spYPT9mwbD+JZnX8zYP
mn+qWuvpyv0r82+PqTXGZ0vunlU18wu93F2WNnoWPCBJuy7H98q6BVH9vnjnPN97yPQT7ZN3zz00
p2Ve3V0pv3yd16jXsbP3243OjR+e8OWVopq7lzS+MiPremGpyapJepHPHi+HEqvmV6PPh8VuW3ag
5z1//9YhjexjL+T08l7ed4nznCN7e7h1but8InPC4TyFkzS0sL7merrn9N+PZ36/qfFe+6X9sr2P
r9fv/3XjQJ/wy1XLW8ZuLnVsltBg+Qb3ooWlnwUf9DpYt6a1IdmrYYdzGXYvn+8JNUc08grp+6y8
W4bdpH6nLz9uWpY//f13CzYEd3zROvSMk+vghw0ktRokmt0Lu65MSvIprdv5pNXuN6cf7ktKMpUP
e/7D9anJx902aI9tO/SmaP1G+/LksGre/xk+Zd4vJ5+kHPo8rXWLLt9WPde2zgNdcdSZK2FXNi7L
/uPPsWdatzvoc6LrqcKdt86sfr/0fY52Vcyqxudveg/N/Np7RZuMDhkd39ll2GY4vOs9xRS1S/qu
TfTcfTPlNT13P96b1bZoxPoYRYPrU6ITLyRldbINDzk54nbjO3PK95Rv6txsw1c7Y76ZvfL23iel
n7/Kr/2uxd4mJuvNQ/tsHWH/tEYTV5u2VoutLh2LOJq5xtQo6mrW7BVhbieOFb1ovTLl20V35k1J
81oyxTZw8uOpoUeO/+ZSbfuSPW+GvGm3YUX1l+9nN3D08ipOlvVue8Llt8Vew/oHvLA2LTyTHz3K
6mbdpUFrUi66nWw44PL61evbfz7y5A7n6As9JzbMd21YcMfOLXXH3kNTl7XZN1467Z7vjbf7AlKu
105+NNh/4odD3g/6Jw5e1SDjYb2X+5te+e5JyMgSl6VTa73ctfe3u8sCb1vNDPfacPNti/vBv103
bT+bNuZ1ZIGtv3dL96Yf1rk39Y6Rfmh0VvXcJ6rKsLRKxJYrJ7Zc3dmLHpWJLRcLseVWidhy/4f2
xDSnuoccv/J7veS3xWPKs5ZuO7XBtKyBy5Swfu2rLjjwLmjw5/1vH531TllQ+1TgzCshibkzOjd+
9FNc/297/LruSHD90dkbolqt1Rf3/+HEOsWgbrvHlrmXt2jilJC1aPS+G5f6ZucsevDH8OuJg/KG
eBRLV0w/eb/faZuWY5vJ3CuZPpPQyFTlXuv0XyJpJw8LKO3kJsbS1mIsLUS3Hn8BpoOSUbfd6W8/
+jvob+G1NQ+vB4bGDgUuNXwoKNlJ4lQZwPasuJHOjqQ1MnvWikO4ORY/1IKMROIwQK0EI9LFWeIQ
qMJPZnZ19kTv4uwVHWy+NabSCMdL1yq8D9AOnSmQ7642GfuqDH66ZPIQU/Spyg6RtfAQle4dYYq8
sNN9T88Hxblh9vZ2Dh1ajvzea1qLTt0GH1/zclXL/keCk5bWKFDXOR++1XrIqh/DPV7e+3JNk43+
9RJ75ZxtfKZah15zC6f8XL9G9TaZ3wbuaNMm0G37jExZYMqsPhffL/G8eyWpYGuJS2rJ6dMNs172
3PTq2+c735Uk5++8WJYfmFm3+5h6khqfVf2vfk0qarVm342hn7+ubrdg2oCSu3cazjm/KOhE1NUO
V6JGOmviut/yu9O251q30vrZX1bLrNKq22fFn418etFl7L2nN9e89ppfembXhM0+qz0m553IKfFU
5YQs3h6RWzN0/9xZhnN+eaHLfh+TvDftwoZE19MfgoKtH86+euv4tGMpR9Zed/x91hdZebkB8qNB
m3JLY4aU7dfOH6C7+qXH/rurD5x5+9ptWdejZ7v/iAd578fPFt3Ybu11wd1gk9n94g2H/rJBe69+
frjuXsfYgSkH709b5lxweeO6uoaBAZfH5pVsPZJv3rJr6SavHcZ8l7G3XILXJK3u0KFo0dKcJ8dv
7vxlbcPHVx+Mu2Db/U3b3PZXB5meZ1e5fnPN1Yezszb3GxrYQx03rteWK/eroanWq5bRtOqae1sP
tD03/XD+ZtP5xrnlNzxjJj56Un7293WhXz8pKowuXdpi0PPy6LWza9f4rs+iyCEF/mcWpZxbkrO9
czvtodC5ub1GpM2997Cj4cd3D3ZW/6n8wLCkjgvajH9/bnyMh+fEFQn9B17bvqIwx6fs1k8dfxqw
rOf0fb3cH08aWn9Zb422MCIt78+7IQu7zo9qOetpkKnrhb7bnu3a6L78xp8PbPLiXGStfZKTbhyZ
Otr07tJKe3vZYJfxOS3mdDg27comm3O1MhrU35dy58UeyRebNfkfNtQee2B0eYn7mAMTZpe0SIrz
baXo8W7lB7yjL1Q1roSOrLv3svuoGU8n+uzfm72nx46hE/1WNu2oaGub9Pu++FdtMn0+2+g3YeHz
aQPzHSft+bC7X+uWo2yWeBR7LrR28NG9kO/rFvFjQbz1DyMVtdo5T9+Xd/HItP6l11poLh6sJj94
Yqv+9316Y/Lp8YcnXt89y+fKZ4PnRT6Niv/P7bV/HDtm1XF5g8b3X+7+Kfpm0cx9xefmbStThff8
fvHeAGX1D7leje5nWYd4WCfnnQi9umDEy6NfXNqXUWAzWn/UJszY//TYql8eq3urfNwPtboNfr9w
eo0eqkNLL84bMLrs3cpLA7T548y573pOtbXZ/WX/AleF15AzPvjol3lUy305N+nmoCf3bje7dezN
q8sPFiec2aM7JU+cscjm8a/R7+7d9j62csX1ro+uGbX5KcPjO9nGSOrH9Sx9f3PbvN5N646PuNhM
p7tp7B32wEd1OP/J/NgOpqHuCxu1mBYytbz1uBjXV1ezNuc8WfDFMU1uXIH3uIVL6nzbuk7Ha6PT
Sx2fzfYZmJ70+pf974+fOGD2vJCdd6To4CKbGtreeYHBwbu9zZr/dLOu3cAxpffAiCuG/0QWXyl1
mam/mHt/RhPbUwObmHqgc5nZLavnz9rjHfVxI8c4rDzwPCbtXvnwYZq2tltGN3yR+fj2w6QNax2G
7He4+K6D59HDE66XH3zadWDBMO+hV6/MfVuw6M/Qbo/LjkwJa/HN2vAWnlO7jJ/mX1Tk9OK9w4Tg
Df4lC/vci1jlmX3r1Poj7iljQhr4pJ933LbEc8jOx2nNns8u8M58Hmn+4fjlfjYDDw6sHXc8dJN1
6wRr22/d11+ouzctzz+h9Exmjs3UdfVAXpyxrecR/fJ+oc2z0O8Obah/tEfmzM2LElqmJN7v0rqd
/Frh0ImHR/46xbwz1utMSpN5ZdnpE30Slm99Nnaq1d5ZI9rEuh9YOnv2uboPO+YUh899MiWn9fEC
c/8fIr463fxdbasf5x61PZBtdohusMP+eIbHo8evIm8lTvFZGV86pliaYv/9rOfPp/lLTxcumpk1
slSf0PHlk6LEYo+fhm5tPsjm9PoOXa2nHVgw+P02g/7G196DusT1XOS4zPfMaHJA7KqtfLXevCTG
70d3/bXdNdeea9DTsSD9P4s3JnovL8qfG/rD/nqGgzPfT3Ua/3jKuqiDHWa4275Y0HL/8PUnPO88
yhr5dl1zN2XRxZbnLk8NKm0ya+NOrxubn41LXfp/qPvHIE23bWsUrbRt21alUWmj0q60bdu2bdu2
bdu2M0/VnHPttfa3v3u+uH/uOTciI554IzPeHKOPMfrovfXe2lMFAzcyDNUozL17F2mm57hh/+Af
gXPpDkb7NgibI+gY8taAfahqq4vN+2J+0ABopOVYas7ORYUmX/GBhWpjcD5VbDKG/3gR5sWjo6OT
33C9uKZ7B2stjlaICVvwt7nBELzR7HdCmu/yiSq9rrtfFcCiSnBcnIc9IQuZNvvW4b80ajb7SaoC
Kl8MLsksp2BZFpeC4q8XxjuwCk/h/v6OP37v/28efHT4v9SFOMNkAlcC90YReBS0bPtN5WcpcvSA
/+s+szeVKL8U4dFqyZtxSJIo8nMTpzyTjfupW7sIE0qkoVrNzsrKanXkWTI8LThSVcnDcl1XJuVY
xePnK9FM6cot/XO9LNyTAPyau23jQ3FgJJ8k4HHkwrozrwYHySTZZiRg6mCRMGmXjAVl0/azpbKC
bS2DiaV65qV3BU+RDat3UDl9XpFJwJzVzgYam/XLT/Mna6z3TWJpQ/aeOgUFK3d9utVb5q9kR6MY
1keG30MUV0iS5ZoRVNBhvrlj/2J0fEw8ppvwWmglJUoNRw5KnYLt+HgXMJc5GjtkWZ1Rp2CWS7jI
RSbibRtWgiuRg5IuIQhRHCAecCM/r5sYnzkNHT3dnmSZAg6coq6oLCkt/mUH2cnurGpWX+PsVwml
lAW+k9SO0dF1Lkt/jE5ZWgq5+N2Nzs1rJQdNGHqMlu1C6iJQ2zBw+fCkz+iSF3X9fdH8+CvL3cmK
TKMmtDYHyjSGZKK8DTFDcDPh6to/6Y1HqiVv1jNpOnhaUEGTucb65oJ1cgP3o+DjqqlyIliDLxRo
ZCA2dcw2ezt9hycVTCpc63z069DTsWDBcvGAjq0hsP/C932ThOJSWaQLiY9vfkrlbNvO32SOrM7t
ggAjS/DqC2tUSYv1MXCe0+tDx8VcWDamLXwjuYfBen01tPBZySPwvJA7Sqb5riRFXl/gQYiqy2ly
ieDg35c1v5HFStCJXyfEiXabrasWvWlxif2qPwWdPs8kM7ToS3U7xAIEpoJNBgEL8HdHQbeo3ycN
t5nUFa1UJQhjLvXoSncSGLCPdJKy6sjPXP5kHu/DehyFungmT0R74AjncLEnizhGeQxcNtV1TM8t
LcWtaFSpgLs9FMa0fZ3MMJ/hKmgzC808oL6W5avPExTw6yZti++HNpvJZs130oJWf2F/Ut9mNexo
lc8oakMTPsj3lGb6zeUctaUEzuIHPBWbbW/rkdZ3lZO20mnBJ9Pz/Ivt3aE5VVmf7g26L811duz3
XhNGgTkmKmpQ0kuuQzJ9pYEU9gLKXZCgBZl1juP+dBGoSHZ8PKkCOC3ugmraRmu51yUMOFodkFJU
bC0BZs1oc8F0MmLL/XZTv5/34MMeRGMDULQePUU0Fg9jhZHWynDn1sOlZf4sZbwo6dbxK6iS8LgH
TzsiVI6XsIMZUoKExTmcn9sMwErSLIxUqlhPLOoPD0ro5g1Zz9ig8SBYcN0uf1/Pi2EswJenTkUH
7qpbztnOdghs3fLuHHI289FISU9Z540gZ8pAQwnfa0npzF3K13J6J1xEyg3RBTe/Nopj4LqG0Jp7
Ew0U3RMx0NnLWmtqeiB9ilscYlruhvMM5hWcX1zynG4MxGZgalkwwFofKhobdD4tdIPXb09lur7u
X0crVOlTz3nVuFyWI3QZ5CugjQWNCdWwaYKWUzdrffMqHEjmgmAieR2LF/Mm3U4RqYj2f2/ZfgS+
5nKN10pG5pkOTG6IqmQOROG10tfDw9bRJ2Ur3zUmhLfeiLfeiQZ2OFg8xytxJYFqcawQfM/dXTkY
W8V+KNiKLMwzjqMYQ3SY5RcrdbuqzueCdSKENUjcRvxokrhA3pZWxMpSkKBFeIDgVZCXc/AAUyef
0LwGaUVRCgiCbStwqYAlDXpDqi4LcEtX1Nfo5Xj/JUiXc2+1mwg8ff2Om8dH7iEOZlPTYPURWmNr
lNpPGvhmBhoiGpqLy/kaa7NTrsidylCe6ZFw9ioUZegL5z0ExyhynDHHzPgNVL0gPbkGXIj/GfDk
xCWwVVIubjjHxEkTWamLYtywACAImTMuK4AzhUkNLV/ojvk8/Qr2h54GkfpfopQaMB2eJD7oCFEx
wbC83yHK5f6k8cSoEQ6VE/CgcWwXmyyfs2GivCXga3/x5bFX5NHt7jF2ClndctAU1+SVu/SFJ431
yH2f+/xiA1tWVjObsVJpbuF29WsIf5EdrkXgTPDG1xrqO7QSDpyVx3d68obanN3fwYKHRl9hzfk1
igazkOUVIXY71C4Hl1c8ZOBvO07mBXkSR3pXeQLe8n5OwuTq3Wj3jnooX/LaHfICbFwgUYnvYUU5
yBNmTcJ7BX/9DqIMwhPehlX/DnG2fqlOApmJ+empidtkLIVSBa6WqznTEuHBEKwtAJGWLk58kxFc
S/JBXBR4U+5pfpTe5Lm+Dlu6invDVg3ZK9XdEBP5IvFrt3gZC86rT6tSvVBn6ruJeyJYe+Huw0gG
gRZF+B/hU/+z3lCYMkwcVGRArn8IahCXo7n2uCsucqBKLhx8+bpeSgKTl022tzVFot0+tVEm1oIf
qTCd8BdrQu8bgVUilZ6IAhYWZ+DmF0k5wGnG0wtFNtJkf39Pdv6P5KAaARq2dk/xWgY71z/bMWL5
A84VdIPZ7lIPaQeWmOntKU94XF8gn80dBCxEHCamL6Rl3/QpIznktw2LQjxJQ7277KdbgUmwYUXO
1Y6xD49wfFzI63SDHhMUrtXNvnNHvT0ip3lfbXUvWsCyfFcram4ehC/WdJ0KDoFqqvcVy6w5mHZF
T1NCwQNJo1+Z2lK65LJPZGaTk6Cw1FCzGYjO63+LOsFIUJ1bd8f3YllPkVH9WbyKSEFd1Fxmzsll
tTuAM8H5ruM6MehJEsClJlyRYE31DKmuaOydgDQk0+nIYEERZjmE9RQCO3fiq/ahB7aLGJzjTBli
bFOdIo1/jcDFaMabzq6jImKmJK7YP8odmG17uAhzBAkJ3gV69d7teuJ2QLbKb14jh22se69734Xj
i7F1IFOpX9XWxLJvRRUo7nZ4bAR/OLqL5L3QmlQJsZ5IlMl8crno/vug/5KF1E4WgYKtyoo1H8c+
5FKznjHu+EoTX5kbkUtJcFMWaFfm6lDS+F7xvVhCC6pGWxwkbsaaSLz7JdmU4+wbAGgVF9UTynqD
+85A42eyJ4UC0JMK7B0gu43o4KHpFE3iEOVVksaKgo1yCOaubg/XkYvuIOHRp91XoFDl8++AML0B
v7LH5RX/3MR+dzcm2HR47/sXgpuIE99oupMTWx+qxs/ytb8iVtnnlL8C1ttKVQhiEiDSRW58u4UQ
gqgkuec95SsUT+mWN7KtTqqgHYrVNlEDOtxqF7x2LPp/RZr5LkHlcw4hQwHC+aS6Awib9cs2EAqf
sbxqCdmx0nJnqbZJ/VxF5ZNuoUBAgqLLOTBheIZysOIocTaJ4aSu1NV4FUOQWc029CLk1iNV6eLq
15NMhCBaggh0xM9vHCMMA1PghLCJ8aXBvy8jXpbpnEk9kCJ/GIj28GUYvjcdZ9eH3UE6VdL67eb6
rkBjjV2XGN7A3cJJIlTyEnV48IBlootJj4foZAHH4ppOHuRd+Zh+YpdL4oEIml7oM4Vz1AUV6pvw
w+E89h1Ff3n05G+3J5O66XzwKjbNViLE2UVntaffxGYBq+Bw+SwW9U85N/RjkWWKPUsn+5pTFJgk
ESeIB94a7sQGpXf/DyHptBgwNPoU9sQhO+eJuHsNccvhr4ul3ay3gSZdz4YIusChzOE0Ccf4uXA9
+KXZB51akq/Jqpc9rZ+Uf7JwJ2CFQSZNwUN2B8xYUdbdVDNKZHvya9dxp0GZLY0Ld+fZzeajFs6g
UCfD7QW6z1oSLxY5YhhxD6M1ggyzcwu7E+8mffY1recwVs8zYjhxA7pyx5MZgKFfcIEn7S3I4OlO
doc/PlPEkkDFR8EB+LPxiLaNuOaCdDPlq/LilPuPQnHW9++iDnnIOazLW/V7gNA4rxxv0baBlCco
q8wsuZRuk4TMNNSivjydlm5Sua3elxSvEQu3w39m1Ak0oJwX82jIAwJTTxYxvOtpDb78YqX2Mgdu
X1jx0SvdbKbAca/akNeppZsH9ClwEbk49KuzxMR8qstuvpkW+gPvkACjw6xK7ZHZvXJuo6+7cLUy
BPFXgMKWEpu/LRpEojG7ptuazirCne8IylDuYQSXhbtHBx8qwJwcr8pmkCeWSj+n/yggFzQYGLvz
/dXo2ld3PYAEjeTrRTFYj0/scnTlrrLR30nh1pXX4pe98uLGomcOr52OwsKgBH985JPnJyNMX4RI
0MB0gL5Pt/DEl3x5pAa/3MkS1dsktEpfM00R8TsfdMUDCAKNmNmqSLNTP+c0zqSVL8shNt+lUu7x
rj+LyOoTqd2N4064geaB4ldFWkgvJjju8NnsGbIunivJDT3rbz5UUE3srYDS0m7WybxhHeyZ5EG3
F0PQZMi007okuKa5qtiCFCd/InQF3LIe+BXUQeDJimhIZaflCglNY8dOpiim97MNmA3UjVKyUYvM
OZ0QQclCw1CCRVKcABjcpzPEW9BvUAmR7QPnLr5oqDM3QlDFTZl9/Xz6K4NZdzb25zalT5UIhl2h
27OKmawwT8xKGhIr8QtGnlF43pyDX9Y2xwvJC+4yFfHH7uKXquOxSvWu30uXryccWzCXf6ul1kkM
gPfLUcTbOtWzGOceqE1na4AL2Bf1x5D8UcfbY5ZOubv1iNLHkV5hviOjTPxIqiKcP8T+pqz69siM
xBT3MO4ldBbGfvslm2C8+B9EDR5gkwrylXNreQfxHLxK9anMtlmIcKjRsNdjL3MWxbrJne8SoJ0I
UD6X8RZiYTO9mQBP5Ic9K0yFdA77K9rSSBVmJI534C/Y8HQKkFF5dEWZBBqwRr4fDxgNe+Oyn8lo
B8VRmt1TkZaj8TZ6H+8kcyAzhGuaxqLCBYfstewlGVyO9t0Mwz8ufegxUC1g1Fk9q783Fd/voem5
szkWl7Y352vQ5+8Ey/11ICGAnxkDsrvGvO54amKnsONeTXeKEv0j4oZ7JvRW15dJc8D3MEaHwfZC
equCsWLfQx4eMTMoq5ulM+kKpVDs5J/B30wWxLbLh93eMIxKRi2/qYk6d5RWTgSCbanz0GxfqTJg
3i3tlrO0cOz4z70Ny4SuOPc/f9vhrqTP23GAcDOg8JxcVxJDY4hH3EY/L6EnaBVIWPiG1l4MigS/
fKjSDxbl9o27Z6tMUBLij+dJgt/WA1Nn9dbbbl5G3WlHu7WGFmYmNo8ZTgT5gr34IPqsTxoIZMwc
CaE1y00f1vxF7VVMoF1VPMvUysFyvAttq8tJGeIKm5SonAta0NmQYvEDRMRNs2TM/mgWolctLph/
P+ROmSskeAdU9SLQyfPKnBM8uvMzRE9UMRa8JINh6NdUgInBhjsD3XX319NWmS7cKAjGXjS09oB8
XxHynzNuAJwt00kOk0ixHdk60LcY+JZADIE1Ohykxsg6j8Mhl2Qfwoe65OIqLEnhjgUeNLLWkl4E
K5+TTzLFsLygE5hGI2GeU8wm8ddUlxC8FQGbP8IuDueWPki+/oGzX78BXtvX5q6uQOXBNQvQ/j+O
TPyfHsQhfHM3o+/t7b6xqUxilKd5uztAA5xlp2v0V71BoxKRKsck1G02qyfbmbGjHHvnH4x6ZGUR
FigX1DwYjW8G4x69J5el9eLW3IaiNet0iPvcRkAALlfm/R6c9ZY758ud9aKRtOKMTAra96nLTciO
YxlfPZWTD+80imY/Rpp+/rR0NW6piwpJeaCFbHhbWF5k6guanCoTol6BYaJtuW7ROEeM5fTJnzp6
H1teqfk4Q4o+vy3fkE8VbfjBrVxO1ram5mVZjVBTVD1nDORjdjjQiCU8I4DUVjH7WvGQTNC143m7
Bgvi15NhlgkBnaWqoIhSbhF51ITjqtNffe47d3NrP8LCJPDQVttz8THkm7aVCvNwM+L05NjbrBiP
02yeaeSnzHSWUb3ASdjI8nQa9qVgDdighVbOg3D66rbdO9C0xebEaVpThNRWxBxj6gdaqBakmdll
J6BqZsRwNQXzvRess2hrRU5eUxNA5OFmcuPKQb5AEap6CLqk8E0i1Bj88tLHcS5ziGz9ZX6c4hxU
R3SQDIWMIPo1N2GL8+gs2vrz2GapCNrZ/IQWQfO/AQbVIxAt/xMxSFG0ySAQqbuPisBJmkCytNJ+
v1u2CNfl1g1a5PJCsyOFR/9uo+TCbdUiVSDvdd/HoFydLRyF64GS5XRcrrxP+7ZkB0b/4rO3qCTY
F59uIy0nYC3lABGmuQDm+1eqXrnRofB3qr5x20OHnRT4p2ow0ynKoq9OpwVC5AkUbK72fu3CagS6
pnIYWJuwFNFB8DCp7aUyOYoGq4mR8EUUBsKDf/DKoGdYsUzDmOe1kR7tsctvdN79Yc7Z/HxjX/gd
vvntoKtvGWaxaPN2edPwcK2kVtEErsq3v5bli+j2fcjKE+j5D1DBcNmuZiF7FEcjhaxfvpptvL3o
8sVu8aqPqlxv49OMiVAqT/w4BwqlB4a8e6src/cDCrbX/ixW42yciiaULDW4UcpOoDjLZvSSuo3Y
qZeaWavj6rnvH4ABPgzOkc2+tAYxka32+6VZ4+lZBb2+Oe8NOzQ51Hdc77t3VjyI8NHyJheyQRZ3
J7XJpIcIsFBWNJA0uYxiNtNglwLs2jXUcm0YbOXV4hrLIEjWI5yaVB14ly+nPGGed9yuHYj/XnMA
RrU+awRBqhR5aT80HpjcgI+87IZhjx71zq4hUnsp3/lXjk4Ycx0r1peloUnRj2a5jmZZOeFi/Vzt
pszRZE15634+PMJ7/XRk5WeyiguAEDVfqgeCmRb762DT057b3lbiDraB5TKFx/x6Ygbhh0PDAbz6
h7qSdX1DJbBtaI3AnpHzwHwMPbzCAivrkmJnlytSG4AxZft7+0wb5gq5atLUJeSvH3pjZbwfn3Nn
VE2GIIGbXV/GN/s6rJfG5kM5fekytcwOk2ULwkJAP63P1qfuQTIHA0T8KQ9CbCeMIAZrzGBsYGw/
BB1yd52Ti++kAnZ5kCwXtjOl1it2ApkbYM0xFNXKtfkznGbu+jdhKoAG9qhFFcp2WdDCV0avHPzS
MgPeXo79vjW+Elz+EpovjwADZC00yC8o2MjgQLWUyjEJ2/0Gk4tnfW1CqeBgOuASRIG1ejNI9EuU
J/GCi6KNZhB2iLDpoOZ/hy6QqdYiDikOcNyvTet57YFhqFq1d3hMMZBhfcroidqIYbXlOq75ZvW8
Tu1UTIGCFih9V+CynsmOMlNLeb5OGXoR9TB9MvORKMSLjFz13Lc4izpJYjwGzQ9mjFC9pjHKMajf
Q3GyTXq6fbBRyj3NT79MRbkkc/yC8ACnPgz+aXdVpnOeXF1cf9Bd2t2wYkS4U64+l+O7M60zWSca
Ry617gKL99NCt1rcqNRhXIaLUCziat4KZ25EEPlMTUDDr2jkF0fDbihBVt+kDA9/T6oivQpMmRKY
3wM1DgvxAolXxV7jPhZuX6TQWTtmm/VSvyw2b0by1K2XpbzDbrxaTVHiLefyUlgGCezweKjefnlp
6+DeebFVNfXT5dIF2O7x/H9CDOqPFaYb0NeC9wW2dMTlQY9Vvpl3Ge0e2ztoVVtoWDA6NNJqz7Ya
iuV19v9V1cF77w/9SVZ0K2Mm6qsAbqKnbO8b5GeZyv5UE0JfMzr++VGMwKSTDL+rmzg0GJnz5DWC
Zje/3HNXnkY3mVxneuOXBNtJtXZn/9MEx7KkpXqYyLcLxU0zwc5Se3yQsznybUXBdezlqFP1UrUN
PvPq0EzpbXEc3gD4f1cDkjXL8K8+47KjD5ntzziSc5O8Rn6PMsW5m2tnBKfy6OrZNb52A20B0lmR
5du9HyFNQD1LqseXgHVe/86APCQTVVl3C6betNLlU7GGbWpeL12TQF7PrNqKo/YPnrC6Qz+1bBtM
Y1xOyQOJpnND7KXecjetSgNLMWDhpGYzAF9XiS05VTyeengI9FKmg+MwGstPFqYvkV+dvkvbcXHd
HoLmxHx1HQThc/WntoTSuIx4ZMFcQTBAYnEunjy5RpHHSPVUCVpf5exKo89ud8/Epq3qDuiu/jTL
4rNmWz98d0lV1EwyqwVhl1jfMnkmIxuI0IaKGzA+xQlYMDQuLt1qYF8YiHIT6pvnaHfgpemS84Ys
4FB30O0WfUfkjD7vyWbXSx+D9DQH28N1eUumXKusuIZ52+RjFyNKZXeF0six9K3MOjc8vSZvgclx
+/feZCJbaNXXSG2+47JFw/uU+BJpiHwJEfE3uxiCQaVEX2ca/wTTvq8M8tsy1fU+Ns3QKRC6EUTC
GIwFot0PDLT3bHWdPETSSp3eH4ih3IyI6da32F9dhpShn3LhSasZdkFs9erLLbb/NV9vMKkGv7TN
5QF//Q+aIEoTsMzZCvTzsL2t74SLIEsX57WjaFCb/F3yawC9+eOxXFUMAJLK8+yyFq74T6Fr1a2P
2qWQJb8ZmL91mcTjPV7dSNPmdwYfef07gxcK9HXKtInGi41BM3fIVxCYvYhzrrPfOcyzZr2k1heC
smKXJGMxUHhsQstr0ZXp/pCu3dqRCrtysPuM5Z0OUpifWtQLkFlnU9Hv3FfOXfXn9VxAyLJ9kun0
UIaNR2gHZPiPqth0CF+RDS6jU+tvFynQWqXJF3p5rb70HCLob3o+BbPYAmVbNpytsChk/O2HqSZh
AuoAkpRCW9ilCY6xjecB0oWsnocHef+VJieAcOzuIKpOoEMoN9zVPgJkjTKw5CalZLesbc3aeIEr
UhIHBtPvOz4lZtjIrjLirl0g2XorL5rm9H2fz6UUJjiLsVx05IeRVirH0cG3tkOulmDEawIxAbHQ
NPZU2Yo+xVzP3JDmdjlTtGcT/SBGBMAPGIDPyBUXPfkdHCDn7dsWzp4TK5vorg8In8+fZ69hWR8l
5yNLdWAAznI6Xi42P37YOLkLOT92C8bYUwB+FCw+oPG21VuLYvwXIEEF3r+zcobixUH/ujLGG9ER
ufBjc1LLkjL9umuOq2rUSUk+K/pM87Jzs2GTDDLbLANcGdV8cmJiYq2lixM3jgI7eeMH2fGCGEu+
GVVwzvfPx8K3RT+2lP3OE9NcYtipTJn1p8j+bhvurTZAGBx3kK4D5/itvrfR0LvDCv4lwwYmaThg
Eg/BK24GysmnJZ5fHM8rChwG1yB8xIQ8mjpViTAj8P04zdn8nUFGcwWUuyE2TxS7HJzOrYSZyQ4a
FAXi4Ms5TVlewTVn11OPBVCadqdH3cz5SAqj3JmsWhkhC9H+0AN2vpVCkUrKCkqcGsEFCyyKKCgh
DLYSV16O3qRTL+NbuczGCT3LVA04oo4rB7VNV1EeYABqcmrsPNnPx6vW8fcINWhsG3AdcXZbPCfT
bPoegNo638rQ87RCWM9L990g2LND75TJpVreFG4y6zOjK6qsDw9rsZOoss10rF+ANRqE7X0hlLCi
pLV4nzBsJUiNhyN8pe3Bn3nlF+BfCdy93Q9zb88JAtPp5t+x29nkMsWPwTBRHrlE+0Ym4O/O33Tx
FV4uwBI6wz6X5VqhafemSkKCDyw2gNq5r4ZyJO/ZEY7I8MY67z74tktVr1FaJNcK+IPirjDy/MPs
wN7XPVRgegZYclI4otSWhPyVsMYB0rtgkZQ/BNmxMHK2pPbIjPJ73pFFfzjhOjUK/kiFPoSTfgn2
0eggOBvVPgC3/dZclex+gpN1uune1x9g8xjgEC+okJ/tWVqj11nHjCYDvvXhqlCA5J9eSmDR0BMK
NDNiNiwYyVVNFQyXMc04iyGeDTcz8IUi/eRFHIb4muPunful4PwIT20BxXMcWArCbHyt7A5LujwS
Dv5BCO6WmbgOzQCnJwJkrnej9iNcVmj/dihytuGm/DNdRTDSgEf6gwGuiFukY470tsZ8ZZFuu6z7
xQXmPDJGnid3Oqfc/pA8Z/f6ANkd6nzv0o8ibZQmJEzPJ4Xz99SF+zUfYlZLHhvOI0PZTsma822/
Q/L+jitfldbUWI++BzV/s2AsFYgBF38J9nO35SxnC1mL7bjiwrQ6gaAi0tGoGKFcIMPlPOQa9YHA
QNjkh4a3aJALBVoaqYPYZx3vmiCYGxwFZ8mvkFDJjy8k3K6SILfDHwU7rnwp43LjYWrn9Nixaou0
wa3vG/JBTIzDwUB81ZkDcHzzZ2R4lQzLugjiTq+Z4fpcdlG8n2u4Gf9rtkqeFMJLqA0LKV9c1tme
HPWWHPVhoZp/ukB0RXL2Cg0wR/plf/bnKCu0HG4j2aar/0QZ0v3uhNtQGSEqYnr08ONw45benmK3
OWvWabqmpNgfcY8Z6SzUOO6Gg8gzJz6KI/rrZd6J7u3CtRnN95WLSpzR22QhPuaZfJOEDUTsd0zj
OB4eXuQ1MboETy8gSaJmEb9rHf5mfwtae4LuFjyiYgN8a4yhE1jvMMIg/MXB171EZQrxocDTzfZ7
wmmzp4luASjroo3IQBQ48K865y782Dq69jDDZOsADm/tKndoKX9PVYInPru37U132HG5RfMMr+hc
VtHFRqwFf+DWKOop7a2vUOICzOfypBMjzkcKLRm7ftqmSv+L0yeWGrajSTwavSjwGymuDfV3uyO5
s9VgYmWGOunU9aWXQVjWnzEoT3HqNzbfQxksOYsyIyNwsoUsGJONyA/yYPUXBWDFP473eIfA6Rky
OGyGx0xt6zfYc0OznM+TCTBkkoDmFM+2nCQZ+m0pExJJTsXlMTi3N4XxvUAdAdCjezNBcw38MWYX
SQ4BcHCIts9QVmQS2OENovcCKn8fY1IX6a2K5kQz6Yrv6H/v56nY7ABhp0t4dms1dv/KCKOnHGLK
djrCnCSbQDjxhK1A36Yfy2M0ubphkoFeGTV+NF6KFW6oh6q659P8RdFXJIGxhLSsOmgA7YHeYaVs
qIUtd8UOFoKmDT8qzpZxUGzWZcLrEN79TZksKPT2xr3ueLKP9aOIp0n9WvbDcbRGRbiHF82eoINC
4b8s7CrY4hG9dq47bpEsCCZn/F5ChiLZo2x/8Qv7S8Mz9SvkLghTwGoU+b9Hsl7aDQrWh9MLrLb2
r+fm6QGrsMQdVrPlZLVxgTQsHgDFXwLocrkV/6AocschGUXiDgwSR8jkJTp3QSfLLN9wgzVLm3YL
U0d2DFjiWMS6IxoFUqVsLLL5CaKJtbQnADEI+8WtOI9dTvnsdIZa9Qk7cg2CkjD9dYRUudQfWfN7
wUdQu9FYO9jsKR/wRrGLWY17N4KW4Cvn6CoZ9E/b533o3/PKEwrzHTHPwKdw9/cb3UH8X0Ksv7ue
znbb4N1UfM8J7Acn2/htAf+fPIMALYZ9dbJxelZpehx7wQLaHTo3feW/DW/gdILJW7PMIEEOVlge
10Qi3EhB5grwozRCDbu2uUzesyTTQo4S11jXoN9DGWbHAQImHnECng/iYxxjfzy8WgPCZqLk3AXf
arK/2aCnKyxNwO4JcXJFgc3mWV8bLb4akckHOFsCmIRpD6E+EH2UvxE4XSSBFEGO/92hOMtzUvj4
mFbcjwFnVp1rPzKGOA0aknFc3ttoeZ/GSQE7AOkBKQIHRYSdfia9mIDZiD9kGiL9kfCKLo/tNLZY
wqZ+loTfG56tDP4Y9LO1v1NWAlTqs4J83b4qvvGXhDDeCOLfyBE64fTDu8M1raBQQxtFeA5Wxoih
+jXA1c7r4eRwLPR/Ak0f6D5sGsFao7WVYXI76mccC/kl2gTT9u2MvHRV2fmFnMYfiAKEqsKdbMgB
GwuR89/e4DNL7eJtEwngg6BmJFQXA2zeXhZbZR1yS11j1CbeYlXSaeZVJbkPi1Jylg17gIYmvn4p
H7l63mht/QtSUtE35J7hf9w/qkq9c3LX9fLmYV45wrEhh4RZk5utIXJ2JbzC4oXuO5+qyLP6tvGh
dbwlD7KG+3uAdwNfF6ZLJtIq8nQ/y3IEI1u/uY7LMAnszvn9gxBpXsddXS6w45Jpus+fuCwNj7ti
Z5AmWetKfvKXUOjlD4ZH5k4X45DgcPoWDU5tSn6HruNtitz0X1p3lD/xU5ah2Mfrg8yZ7Zp0th5x
ZBsymVZwZPTEKrQlKI03CKe27M2QmUjvtVwK1Hcn1PKO6leZr8RjMlwM3bBxF3lZtOZFWRSMx4Ih
y+5zfpQ9cpg3pVzDwo0PLJ1USKd68EDOis5iA0n/2V8sTV8ZevZNrs9ITyQ+DI7HwpotGP93yGwo
aZbZJbG+C5fGVtaeKQfP1/h3x2cn7AlflONfQBCZf9FpKe1AUPtzZ98UekhOvjz4yTnWETk1Ydpq
JL5mhCgapymUCSN6ZjG1BLOZBnWRWmqqYANtzu8f+p74qnDE2ZI/LSSnv+9r59xJJjuPl+26wCTb
qG5Wzp4+PnoULUaT57gyqgZmY3fS451UpK0EKo1gcBjMpI49uKzG+gW6NA5+d44igwJ5PoGXRWZP
wvKQ6XrFTw5nsc83maqq9VSQddi3KFQZXMe9yEHHdCwYO9wCJSBiRTV2EsxM758LKWF2OLZk44jh
H/194abXyAyFSChDADuer5/DlmPj3b1eUQ7IBeBEwMXP1Eg8hJWW5ubVy0MzzQ/AN/cvGEdF2IBj
g3K3DMK55CTZcWAGC4quzxbVwde/T3EvSYAHcg9SXCDz3OBAPztp5mw/ok18tZoRLmkdbbHyfs2y
CtklorECUa997m4IxxTR8ZxXI83zSoRdE97mK7W7jtqKLEC4GN5Sfe0bXryRjAGZXde9Qgu8x5gq
oqqG9VzdLpNjCsRQH3X+L9Ij+6Vya172kKHbXdIo2M58/MYO6yvhX3/wgvibII00D1LEyVYWnEHY
QvkD5f50o1eXcMYb/Pzu57d/92Jw8Tx7/VJwgAhmcjCFC7xBJfTc1fEVbgiuWW7YhcTn3HQWHMdc
7/pX/0UdUYippkhr8SDsJNUiEgVsYNELQVB3PiK/mF7gSfwxTrpGp2N+GYHpeTJK+8h1+mcwvQ04
UrGDJCZanLA4klj/GWIg2ZwJKulYySK8XkazRLZcBPhcCYpyuog62FMH3rsPJNNxYYodXhr4e1zK
Shcei+6hjvpUHdlDt7S5TTO8h4NWrINZCRdhchQO7RYmVR55gXq4OIKelD8/WConnleGAKF9oXWv
w53axXRYk6T9YGRM3ft7aPIdNADPxa38V465lbjm9O/VD4HyuGQ7LmZ9lOc7gkOqF8X8C8vw7k5C
/nE1A1+7AfntT7eENz9yG2HpYgN5CTfQ8c/yOnhZLk4pqRHmWgFYn49Eazs6EzldwOEe4LwHdseV
pchtQFwEvcN75YFk1CNoK8b33LNGQmISdFZaUiIdRPkc4l1ysRWuyBwh7LlL9rOiij4kAe1PguVf
wgZKl5owToHKXB2o6Quz2WIgp/39YT8P+AWNp4lVmxjTZ2pmKYJz3M2as9DNdIH3hO0GYekAcCYj
Atmn3BXY1+1/T0oQGligV0wokWxbMJIWqRyKcaz8OSQIgr1AtAVFJrRMnqoS3Tbe+YuBO4/RLDUN
br8q8G0Zvej3URcJMbPLCDlRqjALzbubj5fT8zyLPbokoRGXI+n88gzlJ2+yRmdL0ZFNzgJrE7Yd
hJESNEV4iw/Lco7bWdJokvtBNtNsU/OOSMqQIU4YGRs/sZes1s+wcKvKa4lji+7xmk7HUVPRuQrX
d8lPJ9wE1G0y7ezjmpyan5aLjpbbFo2iWfSL2bhzFJ6koU/1BH64Nw11C2sB7ZnEKxuuRZaXYVHQ
HwuGJBsoA5w1ddBl+LxIKU7vqbbjRbe35DR8AEAG39IBIASR3fVlNg+fyDNXh5+nIZilhoj8BvzD
+7n3kFfv6hhWNOXuMnK57WeoAzZJDjAoPgWfzpCVZpBRUQlF3k41rJSWtjh8QTHm1dfvW6U9H6kQ
6b4UrWuaFChJRRAysxSwb3AAOGF2noTQQcyPzPgajUG+FPujxYG8574L2A6zXl9XIjgB9kB97mVE
dZtr35h7MMJw8jHwj4Mh8+OKk4oFpBWz0buSiw8viDMgYmb1PzoHjY8tJ2gl9XuLKiBdaKYPGFES
UjCKDRFD1YjdFePwWgy7SxKexEpzfWu22/EZO2rNSJpyxSbn+5sE4SMIf+yq1CpYLq/1P8gRxyLg
9kBhalNy3S7W0onzk3nlY173FrjDbP3JYoQx5gbHga8pKoIjyBpVnFkqxfFvZT585xFJnYPiRqIA
RlqShtSmaj85FbClmJ0oUuuuI97mLban+yNd8Cc0GacwHur8vmyCGTijz49rdQymBef7qL0yqNlg
QIPvUulZIFUYT3+mv284U1TeeQxPWfpvU8tNaI1j8dRZ1c5iyHWnJPkRhGF6scMTNAgMzAjaJQlK
u4jYKqNK+Uv/urnoBto+5Jce//1vQpJ7YvPRGmvGxAowFEGlBHexapbTusXYZ2Osi6Ck89BttJAK
hQHaqdQhq+w41TfNmB7mA9gmnyh43SCjPs1EPi8Lr6pnMX5271TrnbtAwMfcsPZ55DsWs6UON89Y
YvKyE8FsDn2tJsw54VrZpdcLlGW2mt37p7ilsadl7b9WspIwdhu30iHs+DDDzXGRqSi/nNHbHBb2
hpDxnCmFMChqsZFWYuqWDPsogSqSqWH/EjKQEjS/JvYnhp9l4N3YlYXg4qRlUyCDZDzkwiUVjj4O
PLETo2Errpe3cpGcH5c3KJvF1ToIr1M5J8c3tckm9uE4Cijz5N34dpwvQ4gfheMRlADr3CdJvm0t
yPDYDhw8/Ly8Q/SXvW5GNnG8VLZM1c8O1x0nK1ZmKkjQDQR/8YUKrO+3braSeUyzfiU79Ur9ItsU
jAdD3AyiW0936jcNjHvyYjXd77vqoUVvljhk72GG2+rTDgrZS3f21e+WCA+57a1BVxSgRmHHJ9c2
4HPYrdErDwmOEBU8VhAFRODdQ3BORcZOVtZb8obOkiOWeDl2gKBjC6eIz8l/DSHJHSDQ91gvSmXU
LXR3yCSbyeKJ8OZwvEdR4tgCDI4EhP2Btofub66RE9QEH2NwMRAtHS1WxkFiMzjAbJ3OqcKMC6ZV
tNeZEFfbdAXmGCm8xoRxQzJarj2bmuCSfMieca2Zxc6fzDYacuTZT4Ogx9hImKCOeF9ab7uO/jmk
jlHPsbC7fbovHnmG9n5k+J5la/MsujwOCRuBA6R61I5Z2OnwrAG4/EaakrMlo8ku55r1g89SqaNP
vMivd02zWoMcJJ2w0mCKSV/uLoagGXuyuDl1uK3/wl0CeWt5BhUyA5Kh8Xp5Rovd4Bqk6htYpzt5
iK3RwS1fapBJZpwLQQBdeu/Ay+x92oFWrW44OpJRax80gx1HKL+VwfSpQpjfEL6ybaY3OiLH2Qs+
7t6C/zokvq2N8yBsna8eLDmHTXRLVfId+gXBKgdy0q8BiEyPZ6jItz09SKEPQaSb3Wjde3/vxJhT
MpVZRVBYqI8TB2CVmkdKKpxQPkBk61CuMNGD32YNpDZd5cD7F7rsa0c7F1IaJ3NXREMD7PditYmW
Jn/tqZgZyBfoYYar6CK/8HtXzHJJ3qVDS1C4P8pPY5c456Y7t6tfI+jtSjplKzMAm5AL5aj9ZdZf
COTpTckENGLZu0WR3XPV28kCodIWGDqTRCyqAtHFrcC11SLdBzKVXBiNRBYwL2uhK4Lo/x68/szA
ZU+0o/9zSAJCnbRI1g/8x0hLq5rZEtlmCTy5wq5nZGseEJvlO2jVeS6FekRObMpLmX29oL3n3xmT
UJOIv5j8Ix1dAAySnmTsBZhOE3KS+2wIoFQ4Plf0oU7qkT7PNSmeHWKqtd2B/B4dMkLBl+74dls6
GRs4WSYzZzCCXmocLeNZwfX9kB+iGoY9B4ugS/lV7GhMUAn67LVpqbc3G/+2iYb1OkdeOTMABiPR
ZJnOKHkLdHqzBEL+NiG4PPlpES0DBaNARJaowa/Dk+Mq8Htaqgx2EI1YT8dO5+yrDnKYwq/utuVd
aRl6hwWszIgLdYQJb9LQMHK4/D/bNq/T+fOs38V1nS0g9XI74Aw0I5DY53L8ro59KVS5EImGDa55
Bo8jOm+J8/nKDMdGA1DItIekGzmUY3ZlN/iKzDQUEcKnDg7goijASLtYeyU4uPuOSv0emY1g2gO8
G6gz1PSoY/2yjj/VDQWA8Ppc8XmE7f/xvoD/j0yHIXBmnKrxqTEq8hL2OZtNrUkbjuai/NpKO2li
PEPGRc4jOyuJACqo70eHh4cX61XzEdc5t7FESmmnOQTiI2hBpq1FP+trnsKBRn4sjU264ddW5GYM
mH9tfToPu+WDAu4dWYag+eOoNVk7muMtOKvGtRkakjfqXHbb3PEuF9RbEuH1XxZviYu1nOQcTHZi
GS5G1Ds5FP7dIGAzJqpXI9F7Xu8QIS9G/CSJsfIHtj3WnsL5tmbBuroJask63rzfe2RrtoAuKcsf
KqA4byR/X/PkPTbCvxQ2SZXQ6GWFYhTk2/MvrsJfTIQhKg/O+95gnRWQor2Dk1gzw8Blpcn/IiIs
y779q2MAhlsgjNrEUDPxuOaud6ApTEoaqWGZRMdx1TV30zG9C2ysuIUazDS4NUtZs/pVcJgz27pL
6vco8vaS32RhNc+5t3Vvpx9S70wLAmhK/3QRUP0Mc/02QstAENpngfPvRoFpArDf2eFPG8Tyf/EA
/e9Eotp4DLr1JJwg5hoM8ArhXknzvS5GT1x6SIeyCmdNkArbo1/Y5ujxD/puSRX+tOQ7BGJPzPJ+
dxTEengc4IXTQOpgVygXOZ/+b+SCgAUFjgcRXmw7ECjT++MZ5RuXoElXoUtGxy+IoT8Ewlwd8Um2
omKC5sJW/4HKUySKg69h3UKw/O6s386Lc0Uho/hBsFcQh68C770XQN/Y1TAApeLdAgyNN3NSAwb4
0vPlip5QoEWm46CmY4K673/W+ou1/iIlJP6ogDZuEKsNf6wYw57a+BZ2QcaTZb8A5IZp0R5ozXZ6
q7cQTiaI+R+UDHYzzF0+uVCt+E+9AYAkG64FwkTmAekZ2yjNyIydYb3doqeupw2dLtpyMzAdvvN3
iDrf9vD5ZbkMiAS3cd4TaABBoAxiZE4hrPLTdtrx5NxjDExSDYUPyezZW4OsPzSQQ/gLkx9kp+7z
MZ0P2pf+KUZcuZyf1yYS6h+1JUT9hCE4sBmm5f4urouDHhNKHh0ogeHT97/4VKtvvqUfdb2I/lIw
7EhetYPZyki8M/DY89mdEOoxVCCjjMTU1aIIOm9UvMe8Py2YhujOUWv6h+w4LfQP2TGKzjqAZqz0
mZqJ3lbJQU/PDwVQbp1jK/dVjqeKXa3GjtU/j9NaIFjC+Lx4MVHALMeQhoptVU2Z0WP5l8k5efvB
ux03/t5iRF//eN5iwB0U6yUU69IhF5v7cgcVSCZVYaS/T3ZpZ0tL5e3HQtryhqj8zsFRxObCcCv+
DETf7tS/GY2Q0B1eXzO7I32W6zPLkUC6GihEgwb2h8dG3keFeuMFmlbvXNbqsHdIQZEEhMpMj2nK
iGWRDQG8KOnwFOTiu7G3aBSwMJmiDXL1N8Add53v5Lety7xuL0XWvEo/mwG3Xek4xPmBbgYiz5hp
nbKCdotA4YE5FDSUMRSOfmDDyCuGBYa8mWiZuEzeg2RmKh21n/7UFr1piizsNaNFr0vYsgVm5YZ6
GEqJXV5cL6ObpDW29jDs+IFvracmrKa2ulGitzOIzgHgmGAGzx0Yh/EnT/2LkEBPjPd/4CP8q2Mg
/jBWrK/rxi+8nHVzs/MoOQ7mq4ghvzk/QlNOvWkPxcn1QBVOzl44FlqeAQai2OHw/U+/gEdvyUYV
CG2KJ/pkGqQOYk37MifFXp2tHO3lPWrqjr9QAQ2YEkjlBA8ShNFGKuwCKBhw2ffxCf3RYdiPLTEi
UhqKiOUGetSueDf/oQoKNgbHZilvIwcc6yFYZBLWKtfdMge2TPxA5JpS6J/1k2+2ecNmAxfw6xz8
eWOv+9EicGBbEThLJhqXuBMzeGp81TlclMQfUXO/OiaZMDSTY3nYhPr6P5ir6o0n2SbdNE+hutaF
L9iIEtqKYtcWw5Rh3DrYvssYTUekKyouOafjPMAkHnBVJzL3z/yxXYNqw7WGMA8mf+O5+kIrxnbI
8UT2QA9lLpdtwGOVr83FfzQLzJQWqxgRLC9WrnsdjnsBps4iUYlnZMd7qQmESqwuo2TYdtV73Ezp
TnEiZ6id/Y4MVNEmw9hJ/2YSUBszJ/RyHU/Y6p8vTyyVP1akEEQHGT7HlfcOp/RCLE2YNQjQbTLO
YHDOtxIPkKOxIgdVUTIOTYyCM+KupULY7XMXUP3K2f6mHXryrTWmLh2iISyqCWo2MSZty203RGh8
OJdU19k3GLlT2edIGfuI+8UZrJiwCqXJ7EiqHZ3y3avzrOJ6c3lmFjkzLb5tSuAGqerXeyoch0I6
ySml35JLpjxSoTILJullkYIprtWCeNmUyeyaM875i7Y5ZrMXkHoT+/yycYYulZxtxMMg7n/vHzDm
VqhQHBD5AZ5Id9uUwAmXQSKZHp2PrFyktP6I9b/k95ybFBKQiuqEAQfITyMWQTns9sxXsuVrOR4k
KO6liIEGKWxWeSYwYjtQSfU1bnr+2jRgm0DRvL5B1BdBTGTQcUvl7gL5ixw8juQ6lIUOiwO1U6O7
SNZTjZcFZr9WghLacHxXVv7wDa6wG//wDQxDKhLgNJiPUZqbmrB+OUjgXzH3KU0t+wAR7gzmhvFs
Aqp3loJTBBr05+5rAZSazKBB7fGB0fV1957/zWNQRIIt/qQ38ukx88QdV1WRmE5EmKr6vOlHDNl2
9k1G7iztlwrZa08TSc8eNuvvK8PFe7los/UF4wHM/qydUM2Q1xNxSE36Y215KHC1OEWU1NFsDriB
oMCSUsHf+zVefEJ+2rRAyM40XVnz9AC5cxvUQQC7xO7FTkVbcGlQydnXZRJpNlxoEmntAwtVqAAo
r5DGbtG3GfToxC9YNg8JLUpQQYBStsbJHix/3MUpiMn8B89A64bGy/wzVEDWSRc603OlimC5dcG3
AJQuh7VXvdcC6WQBxu/KblYVJFP1gchJfKJobfky6YGsNJ1LIC9JEutGB+auJH7lDbRqGkE6lIEu
gJYd2xlGGny3vhX89Q8qO0issKgnSe/iCoHXQ1UckzItb2TTaD9gfNCwSKmpw+tRN13VzTcBMOH5
mBdAGZ1aw/3L1FHfOSWFeEsduaKAcMLFsVB5x30x40dJ62wNtnNojZhssEl0JD7KFjmQZRpIy0rx
STLvtACQXRTSpRCDNqc2CYMFS1kNevr6LYbUZn7fcd+CXVrcPOw9d7yNTWu1/TSELf0SkPJAgoJO
lIc8zXrD8T1TldWYi86LzrgOZ1eiDYMwz84ECHhQTgS5xEKx1P0xFimOJmdUhEfR/+pB6CQU6462
Ob98g4gVeTYBXLQBEaU03TD0ni/ztgbjSgDol8FQgtPjg6cjQrhj5B+I84cVgmDxJz29FmQqCxHj
yMpvPoXLJ5a9THaP9SZWxaCPuq4n/hBMeEy+K3YQJ/6/FY7o5ABHr+1wIMHv+IG5iKPjGDQZaR0p
cLwUU9zzsBkMbke1gjlbRk5yxgUKnro4EfgqbsCnV9TP4+0Nsaa+1LpCla+DE1QSneaA7jDEwakQ
YxzI5u8ZUtp7+8QvmIw1shjtL3t6aiuz6AINn1j4vKIZmAt7HzPqPYj7wBDyBZkpdvwaGuraaXmJ
Af08Zv7mmshcvkevaFsXOX2sYiSCyeGkKXK8xG5Rq2AlRPzWPdmWG5icO39wsIky+Qbgs1WatS77
FHP1kPD7CyO/xf+KDTXyhZwsPUeHwRw9AJHDqu3YyddJzjmFUVX+pBSpVl8jgyLTdh0qmqEDece/
u5IlNcyveaoN2rzylM2uPXoBebGKT4kIcJl7HtEgg2e/5Lo8H/D2D2Gv0tsX0OS3z408RWSQ5lqI
piWcHuXxduAt99tSERxv5jcENyklEJVkJEz4Eak61Kt/MuoTbGYKLk4VFGyH5BlfvdxWsM5whGSM
g06Ed0nGmh97lSNkroVtbND9Q4kSffX7DQ8wFazSUUSI+sxotgJtu8O2M2FvM9upEb9QeOrphGC8
UIQyPR5aLvsalrt3CePGD6OCWoReaMxOMK+sudlLjyO54/X3NuLmaTbaCquGCpg7KyBTqOGQuqMW
wluIwXFQp9LuHJshvORJBztLpCyuPZ3cSaw4gV0OgycOrqPK0fog53MVQf6mozcl0V5C36sWBUaB
edlYhB1o2+0ERFJIaFragctF+OdEGEeY6xiV3d31WDgSZsd4GqSJlG/iyXeHFUAR4A/y+OdEWwIZ
Rs7JKGCYpKeIaj3d4tp6Y4LqYJFkaj9mBg+Qa4Iep9uD5Tg7MoJrinWgNRn1ZN5TKMJxKOdwFLDi
I66zZDyearcqwXohf5FkNNxI0GCmG8lYZzF+BvnsbUNpOyYFMzKUqj0rbAwNgyUsFrjrx/Pwk0lz
BXPCacZBsOez25fuSUM6KRoe9+oNESJiqlQdE9z3EfYOQ8sJiAn325cqhG4X/54OOG3kAjw5fkI/
ItpRojt5Tk1duKbWZfFdTLDO2bRw/jPFkkvSoQJWoY7NLylQJ4iyX9uxEhV7iGc5HuC/b6WjjeBp
Rn4qIDrHB7hFjmpbZRIXSNLKm7nqYJZAVyaMoh9x4nMdSHFtUHBEWbudAu+7Bq19MBCE2T9K8Dze
jYJkZGYOia33m+xMt5i6xXjwBzA4FR65FICihofGSVdjpkMicSyTOY5yvr+iv6g8KGmEAmmio1dU
RL+aNPKClwj2k8zDY8YMT40yjDaCUTgLoqcQmJKPBPtL8yYQNhf4U6Q/fQwM1GD2AqNIc2mkr13n
+A/S2pOqXq6n3ovscbVJMRrjrAbHv1IQYZutqhQYTGKgBjH/joD+mmZvaJVFrge4FnZsnKXguAuL
Y6ZxL0NwE2yGtOG43fYuJi9M2LJettX7L+MyYh+V5ENzK+kWt5RLa4FvvhYdjlPWyTz9ydBy+s/h
Vqs/Bx2b9yLeBFmD645ydn/vegU1lTpEjrutdjhjFB0caBj5q/asGDgHiIWR9XqaQfnRI87ipRrB
EkFBQlPwCNH9oJUayeMgEf8YjNzA2HBwo2ggkQR6PXBRo+ZmhVRLGJ8BsAR8BLSjV4+/Vg+yBCdV
PiwWOcwulGMKGqMB1kIwNIuxtxz2WuRX8d04Q90uX1+/Zi9lMrsZ4WXRfj4Wgp1WBE4ZNHWR7XYF
UG0JB4qqaPdAgycmCoNhUdKcLCZzyyQ9NjYst3wjazwzNGt/XtXKNfU4USP2EZbX8bUxJUobUu3v
G4qIPwgMV2eqjwV/3ByeNBxHkgAbaEjoSUekN3zvz/RI7ucQDiBm636U7BZCOWnk34aSzeHyMyJy
4iIo7/z+pdDv+ekGxkaC60QDsdbQg3zr7ApmUxNgrrcNbqbfFoKYhY92mcwf3UCDfhfMOFoJVxMB
/u2IPu4ffsm5SnJJzu3ypUKji/wYpESf/T7DA2xP6GlK6Dv+yTirABoZdxRV6YDPwW07CaehcVWk
g6BX6Mo7kQ5KI9bIOg8/Lu+txTLoi4UGh6/JdZGzoscKFCgZ7mn4nXwibDZ7K/AetUqaWXLeZV11
nESQLKu3jxOiGTFOIYvAQ7CYUVOQayMseApeOUlfUIxx+KR/AdN3dvSkHyG7ejnGPNr/QFC2N0C1
9LTd5UwUn3AeYNyFmSg1OLDETqziF/7m0jKjQwUQjLYUMxorne7CqDJrQYn96DbUdqVXQX2WQlQO
ABTyr9WV4+qhcvFANVOej6Y0L6JG/8RYTi/XR6F5F+pJwBEtCxwjAM8PfGDKXWm0WAtFRQXsyiWr
rw2TCVJfx+LS3NUN90XB3Koj9jfC07NgpyKvjjWOVibG2Qt8PiFJRZ9/3X3W8OB4lHTsuuza6k+s
CrH2PGI3m0Jl2pxbbdMPVmdSQ1R3d7eQ4qYcnmdtVyCrVRlXbtaPwSIcvnSfHZt2LQ3cu/76gp6q
5PDBFrCVd/KIERmkJ+6xuwy8rnvj0y/+1wp7oj81FJP1QytXs03dxl2YBGo24sAi0/6LurHzsvGv
QjuimSGOUHEQEsKR2zIQ4xIE8D2wtkPPKRJBo45NFK4jOTr0pcYdtLvzzz/kiwgemJm3kNak/Dux
0DzaB5XcmDuI3RMnHjGbrtZ8r7NSmNLmoXRWJuJO8GUv6uaXipXpL96XS635s+eQ3TzzqbdQw8W9
souUsuA7br3kcntUAJweZYGV0bPBzWjXo6oNOorxlRGOszCRSQMy+BIOXm7GGbzSO+uBeFAaRLkB
OVwmZwK7iTunHxJBesv9qgcP5tEG7CieQswx7GFyXyXQthAhZZN5nqfX/ew3yVWZAmSVHFcIYZ/e
wYV/sRECl/9GKBC5cdWEA2khNjpN+7KZSEf7YCgM/E+Bz0qbYQvIoWu+zM+DGRV7i2B8KyM0lcrz
CiBWCj+Pg/QqnzkUBv6RaOA4Ix9mUF5nKnftE5K3mXeBJpl3iVa60a8s8f7F7mCgL/0wYj6DgPZ7
emj56g4J3QwPRb5I/ADt/uWM2Kaq87uYLC3kTaTDVXdIigUccFtHpenOxeXVB2Ga7kLHREH+SuW1
nMJ2rs8oN4LV/UmqCoF9AVhPAWlmdrjYPOebCeYvvkZ3Nt8Zj1BsRPt0Rd4Fb5jpJth2PY9S8kZ9
ZrZyDPQvY6t3yr7LHbcD2w8SJ0oWQdbKY+NmFGeRi0OiUv9wXKN0helUcOgEUqzIa6BFDKyCoOQZ
A+4M+JvQwGFzdggDwKJPC4tLPplHDjCXcdpOWlQjXR4uSypcQaBEbW/v7y2eTErs3MrlWAwdFK4z
GB1RTUTnvnSwuK8x+3ISh8zbMSnQlW+7m2NbS8PqaAxCa5bb37QIsIeR14DgThTrTI1AfWPP25cj
jmhMHclZpZMDLCkZjN1AnrNbelfcfh9hYV7onSCXizKubUF8nO/rF7nA5lgQPj2a/SDPUL8XIbIs
qcjxL3ZAkVLxokPBCY73fmq05jQ8FTD0/rLiFIZSBxL8koKVlBMB0Tct4xuFbz12uQeRDAy7u7jY
x0G4AL/da+2d6dVjFv3Vs5iSTv+Y9XC0cvFXMsnzdHZ7c3577py2TH8r8pJNRpYl6Ev/GVdbrvXu
yMrHEY9NSZUdVUvkDbQwBl5X7rHFe8ivnz+psOGdX8UAXQToEZxyrzmi3iBUUbgaCk6OHz7ngt8y
niDZu5y3eV45HcUo8vo1QgXfF4T5l2nYdIb9x6MP4pmrs6xFKSqlK7IgxS2UaLgm46ICoy9OAR4U
zwz50jgs747CY2ks1QV0R6pGxAUNG4JVWwFr41be6KQbGHKQ9EeRjxrIKYCyvhflSFOoQ6OGh8iZ
DYeBfvQidIN3nluz6S7xv6VmOQEfuuIfh+NoBQqkZ0CXkm0lC1Rv7ArvFdSyn3/CmAN6FtfMcKCQ
DHW/Cy4UT/apFP5ev9ro4GA9xZgFsXDhnwfK/sL+xL4kYhXWoEbRTKgiGUMf+qoRwdgBesPaQthO
uDHh2fdOxhgnlOiFKGXfEXtreID9UY4aAolhIuUoBhb+IA06mXcsZXIpLBMTYLfKfZHfGbRkRxLh
5xMLZz9q30sd9gK9sRhRjRZR/sxn0swO8zS+tsUA2Lh7t+8/Cxs7FGmL8FDekZEIwSKYg2RLY2Ey
pN3SoKAgTWvR0Hge2kOV9KohufTwohltGwm3byda0TL6g3XFd9ZVD0P3EhkOvgQYaWVp+hBTLelz
KE+KQpP4RXpcAs8oB8G6+WHSe7c//OmHU8L0Jvc8b5MVuRAq2eE4MvFK2XbbRXo/fKa3TkaH50kw
SJpWf4GQpctmDMHYwGQyzh73DygK86ABnRA/Rl56x7NfXQZ3UBWoRMmnlseF22K1tn7ojLIQWwp0
w2CEMYEhHxFIBcWecmXOyRYVhtP/PlgStIH2sxHgxEO5ixGRLop56c6b1BBft0yZPwoUX1BmBDso
eP00fHeLdbuyjEljkjVMXjOWsPhPrq4ZxSdJOqBGE4hhSCgqm/MkRLOZGVDYhlWk56Nb2ApjJwKh
RyTaSMiozdUSs5xm1km4iMVJgGOFvhkQCSJN0JBQWFoG2/7TEXYPC0iORZBqfKkdu3sYSE72v9QP
rBPxf/HPoVVSL6enpaU12XkdBXu8flMg1SE9KvzDKDS0Cr8fndFbdBuPZg9vbKhqTrZ5qGeJT1B4
diJkWtobweCRba8r3Ux3qn+jSh7q6LzJU4++wsrJeNAilqkw5J8zCtr0/CRwlkdQwfwFdHMJwvIS
LPs1Tx/HnB/8dCwQjVu3qRc4/ZNJAnhf5+jp3Hduom0lqOa2KMMQslqj8WH8OufuLtxFZAEy0IR7
bLYV5KUOOo8HS1pZtgxj5l6IcMKAnbZPhnV3BgUh5/KlT3I2mnJyi5/a7OKwRrF/8c+o4dUMA0Pe
DbbTd+fKQ1v3CQJrW803p9gdWvbtvUDiqjIqjjZ83ldCFZ+GApiwdZmNOUxZ7EYZBVJ5EJjfNplG
YdHAQNPd4Ygk5ROOCXsdSm+jZx2tb/ZOduti2rQ/25xptGHkjcCDpBn8w+4cmS1e9Q09/mIMBqSX
ItHpDoSKyurJzHLIp0naZOvoPshLeBUJh4YI0Aokdi1vWMnZb84ovG4vyO93+El8cez1kJy3EaPI
HEZCgn+9a0QH/Rd3r94JxBSEKSrjQKGZwyaJeTLpiyhMsQWAYikKg8lswJIUKggTQVgOHEMuekaw
cukO7MemXYbnPTkgeR9Bu1JF7XvOvKkaKcPmvkEibzAk8zM7KIMA4efyUrYrl7+DvztcXWVpCBJC
rnxClL+yJI7LTr6L4sPEhEPCVdUmMbjKPP0eulr1zTfySa+7mO5iyZ7DnNUfAwNo8SdQHIb7fWEq
LEgh2c6kJhkrYrls0/QzrxS2ry+UNfQ2NnaJvGurmrLW/bUXshYzk7aPwyFTmFqj3IBkPX2o1/Td
T2MylZWCN/0AO3oi0p8+XbxeWNEo5ybzsNj4lUrVwLpHBjq9ZSEcW5723OFY/0GYg8rbuqAUou7/
WMACwZDqh5L+gTshHMLt+82emrKPQOGTu6UML8N96Hm+fm0ow+2vEr5+7K9opJ3no0NMAd+87VSX
m5Pq5XVgki158Ll6FVsv/Vq2CmlFEOGKw/3bIAiYTXSOBfh88t1pzeL78HGXADNp+f5gDItzMRUj
w1hyWGbJdk9db/wftcTliyT9t0XHG43bRqyTG57OZ3U+P0oSYFD+wHN7qUo0mZT4l0+rQD8bFxuo
ThOAtX8vouboCoTaZCtOVXMZgAudNhwBZyYFQo4iQikDv1goKSWCPL+2wDcO1IQdelgYtSOMfcH9
TY4qFuI/3VX2Tbv8GGVZM1xFjl2o6K5fSbqFU1kg6Nz9CsWn9RwLsX3FC+kam/SquYOyipp7No7z
rCpK7UmjyDbHCl7vGViC4ZfYUmxXcyGoNZgw+cZ6Mr0cTMQtoasRJKkYvWUR+gMgxIWqHH0DBH4Y
Ytn5FI6QqGD/KMBAiBo+XolEJLssNzY4i1dyUJpTnR2GMR2Wq71vF/hdjV4+oyBog8QhD0Zphg+Q
tqcW39kMwjZ9Dw2eLh2mzcHfCxm5LeFYnu26/NF9otIOHVT+WkLtVb4esXKXP3rOUWkLbQrjQ/H5
fexvfJIJ8H469kpnUQ7GVFAto5RLuAK0ZZ4+pfh3Sk4gqXEZvXEJSOIoEIbOkhuhabO5zsEUL2gz
XGuZ7NwQU97MPkNvc+Ov8qnQ4dttoWB4sLlA/9C2e9IQLRRWtF+aFwKXys43ufQ3N0tdAcoS8mcP
ccCNHhhXXM4Bl3zfYrkSMjZIY9lX621vyGxqgtU5XxlhPaB/LLLUPvc3txVbvtAZqeww2Ix75D+n
S9pvUPNWvuxkeMLZ4JF+uKXOttj9/ZvnAFtgdqqFyjv9GBs5i/RBz8iTwpkr10KwdUYyqL8aDJR8
cGmgdSPrOHz+y4DHhlA8sMzC70UZFBVEcyuqYBIYQQZDJdWyqE43Tm5u1rC2EQOUy7DmhNFPK6ez
4IWGA9Rafy4YDtwrASScIOqf3IBixYvQE63Hv0FbjfHyj1ACFQTC48S+kZ62FSY08HKbabjE4uS6
wLnAkP3tHqy5MXgUiW3FT9mBf6em6+62kroQ6L3jaXFXOrPOavwcCKYsGlSJqdj2ycLfhxgOUvv2
kUJx5KLTHQRzSClGTP1CycZug1pSqTOTJyeLeqoLbB1OF0omg3ScQD3dvx+tLt/BZoCWM2bj54Vw
VMRL/8M0igPv/kk/junIjMkVKbKxeyWYwfodRSvHh4wzC0x9RiNe9J+7SIkgmrmK9Nytuau9Odu7
rjZdcVqW/v8dJfb/9WHdSPSPuKAF9eTf1XQsx5BZDr7sE2cDTy2tH2JS7RUjnNM7bedUkdYGPYfr
6+vtGW8kSMa5MjJon/ct8wGpbhIJdLn91+aN5a+uY0ccqcdjSEdklJZBAtU5CQqXNsjTJPz47MDP
tCOXsLG7+rOxvc5Y/ct/k/DXV/1hxtI0QQH39i6HoTm3KtTZ3vJC4yDUxRS6x2U9Zsxgxf9pwU4t
Wpa4/1tO8L0ePXGifChsRBnb8fjiCE+3jUv7e9VMJOyHsS5XwYjmXUt8ei1tzGbrM8/y42ve6aSl
wn7YMPpUYqrMHJiH/Hy6DpKRokq7YL9SKdfDO0TdI7Nw2Ai1goYRsW278cHT5AuHMU5qJoa5nX1m
+UrL9o29qP7brGtUlPYH6/LESpNEOSvUByHwLoH1/06B1/eqSGMxdOm09ddDCLwnRSYJJzI0R2Bo
aalvw8QNU9ffar7OLq37qTiMDApdVFjXK//ko4h/yQ6GqwutTBc0DccaLhpAPGjQRB7WYtPvQ8vI
ATAzuNaEfZXROtT4+M+vNEx9ZuXIms4lJpISkxkpETH21HUaHwhM0W1hlZuVr/AYXIOw9lkeVhNY
3+3AfI1/1HbW3KhAnJvTIhqo30zJZcQ8+v327sa3vTQ7hbHqk7xOu70049MjF/SpGo5PH9G3aj0Q
qhcltQffwCNwGEntN9mBBZtQzyyesXVW70fKfWFGnoldv7b+m1pvEwNKy9hyBC020FBFhXHolfdU
9Eb90Q2EEw+LXag5uFpQsx+H133zmTwoV6N90rSq+mNOc9jbasLcna+cgFTBHKmkC8GdTaEO32jQ
gVSx9HR26Bl0CUF1DdEq1h/BgW6WmTbXAY7x5H8kB7zVJ25deYa/J0h/zMANafRYQon8LTmQrGZF
6XF9ShHgUCPF/3dAUo7GHwY0e3art9lakx1yqfgkKHRy//nUyXm+1Ovjcca4o4RhaYYxzBqRlR4D
ivDD5pzrslxnl7aEXGdg53Wbk/05QL5nO1JtvfUsdJmM3LMR2xnu9Jpz7IuTnlJ+fMB+UoSe9yaY
GT8PNrjfAsrzscJL/bDFLliQx+ultaZOlXerpW/BpdQcpZ6necXs0K+XvcmwrnF9UVbhJ1KIP9r7
8yzviJ7I2w/0us9aT6nX6azz0/vDuoy75PxJDuD9zhiQoaHIe5B/Wth7KzbNfzRUIi6W6yrGXGm/
k3fB8arV2DnRX5oTIv6A2bgBiyKoti2NUR1Zba5KoUEJ6sl7RMrq8679tQfANuV1h3AMdjqQCu30
0DZnuy18yXdzSGjtXfRsn7tbTIDaaTtsqV7tyWKdzrSiXPG/1Sashtf8bxoDkhVrfyrhnhRPov2N
vkE6K1zt+rPXZMrKkDCfu9uZY5utOX8sbuObC5zE4/ZSRK+RiFzpHbPLbbO27d3eudC4ONEycVLu
LBssASnOIcDjtV003PLfxJR3QlBqKKl+/ir/Ouyqgr5Ju5YZ+FzFPApQk9GcFcpf1M9wyYTNQ1l/
fH8EUjI9N+Zsvi4hKzR6h7+Ot+rrF+rrqpVWaiYywjErDVwZ8pp0/TY42jExkwDQSYtjVh0z/Kfv
4Iur9rtt4f3QVovPIKxAPUUaLIDX0KyC8wSIXuOt28Z2oVHOVrCUmLMyalloI4jmHxXpmIfBtbUn
7LkTpzkpGBuqFRCYSvw2C9h/SxxTSzI4BquTXpYWQfyaNBtAEeDcdAaGHhmqzSAzaBpY3lFRqBDp
dbNV5uV4ibwpMWmK4ly6UCCAVw1BStLdiFDm8Vkbwzqy5G1/UFXRLzYv9v7c2Us9nu2oYmtGZyJG
S+GRawQ8co3nt4YCSNb3sB1GiOGDvTBi7aghlNX8KTuLectOrIHJc8fWJcPW8PZH3huur0V/Q5vX
A/M80CgQzuO5qgChDVUaV60HDYvEJuouNCuSkYVQLhVymGdvcuqxr9r48Yun/qepIMwa78u+lRWd
91rOEe9yhMSAzMOp/tReZepD0pFl4Fp73FviW+jeQFlgCwyqYYxsmGPf8KwauB4YZ44fvCgggFfT
YJZT8Ga3l5iFSGMD1VMW+12Wd+dBCAoONcXbYnk2krWVJ1fg88Ts2SwQz+Ja+H91AVy+EceCgn37
Jzv/dx9AGZikQkUaQGbwpuSjtoqRx4x3vNPto0+Qdrtn1nrQmDi2MsqZdOsTHjhsq8nh+hApf1Z0
ysebHJFh7ac8tqlNsKXFPrWRFqriQDlVyEzYpBe3eMMdqRb0wVvWlfBYklPd2stGQNEbiFSpxM8Q
cAk1AZ6g/mUEh7QIHIGrL0RcYAlIBAUSEiPTxbAHGRsm+mfazuQ8O62fVCfdhLPe5zGIvKtwr2Cw
FHMxMFOtVCbR2IZ04gEcnkgCMyftYz1gK4bO5aiaGXqFzjbNTTrV4qCy3b0l34ANySehV2EVE9CS
4pX7QdlGZDhIgO3Bn7Gy54P3JRzZoJ+srLGYeK/A5+0LJ2AvqBAeaNp1T4ebrWRqHNI+sJZbJ3IG
hc+Q0ZbQARskrjAAot7Veoj/qv3PPyoOiPSQUmvvW1E5JUaSwEjb/ww9a1fSYNgnv/nUcxU2WGRm
xRvWhoFzKqSmULAIQU6UXydrwgn8bMxzCeKVrFo5prsxnCweH+0oA/CnytSiosUf6KELDsq/Ssgy
hqoZYLDJ/suKMOI7ilFR74+a7D1AeD4PXeZ7MpovtVP1BdBB76xXdpxU6yQlgv4kEQRZnOdHKXlZ
PjMJA2TZ4uVuJ6ndFuzl6yQBlghEvTHDl02XYFv99K6ueFiLTdhWYDbO7uUcdGUODTsIPwaOwn7x
RGtS2OiyKvd233RZpjgV17TU4Fo6q9gw41CttNedMs+fHfZV8X7nUhIwD4OZvoWeLIr8EnQQVltJ
Rc/SYvGOveLt0ApuVFssEf7uPPE5xMNA2aD6sHt5tvwZRctrdS/yJhOcA9mrI0MDlt9/GJXsIE4E
7A5eDUou0+1hcafm2WSo7iXZhYxZ61aN9rXf/wesyYuq9gDdJrOqrjQ/1XisV7asGAfTCR4DvUsn
y8cIc54U1f8vFUMs4svSI0WBeZcMZ+JczN1Hbi/d/yIbIMkMcDBf/JfswJFwEtUdCDl0sgoavox/
k/0qXJ/8JBqr54i+wX5Lx7JbsqNx326Q6mr2vIqyNykkWX4X5fDb4rh3m8cNpclDIfXxeiOO2UP8
YbfN5No8RxJyfHe2qehtr53a9SQToEyz2GQYT/W1pHKB6V5MfYUQqzYm1vEaXJ9A/deLCMkll2ip
5ymh7zio8+KBiPbFIUCwTq/LkJg/8/2nShxCY79vLBn0FJwC2T64J0LDg5chBx1QX14EyNclH9iX
e6pLdQ0LlY3XrrQA1/cTMIJpTXB//vMYxyG7i/2LNYJmL6iAZ4V8pNVYZNZGcKZy+Rp1T70antgZ
YJJjF1pxv0wwLUPjE3MTviczldTvZb8eNJV6Wvtf8iGpsH2/67nwoptTBqzAt+/NmAxgF+CaBGY4
xgBDAPBvl0V8o7bpzii/a+X38su14oDD+/hYm+iK0R68tGqO7for4rX3/8alVlF8WTWl+NZwh5MA
rUn2/+3LJP5/9Ng25//WOONjQdLGm/t3VK7OJdCoWF/3rM/WWuTYXr7hNNE9dckknQrxF4vjDrye
9dLlcjJH105sOZylkcjUydmStXswY+pgcXCmYkMdrDFdi21tJUuBbOsveYKjjXSXdUMBuLVzB9HB
TcMP+vw5k+2iSRDxvyyyfS7SDUuTwsxlvVB+23o4qEfipVpfGPPUuoHm/KfBVHQrxU+nE8VWtSx2
6F9vqGDrXCGD+vNOhsGecplIvu/fHaGx0dbs1RPmz86XZRSx/lZev17gyz6YVjs24a00eQhwuw4z
+HK9/NbMzMxd16u70fwnXkwblJkU9euv0mT3OLJpvFT4m80fvAP6ejGStHljEl1mSpnxXWcUKiVK
4LDbOx5uLA3f7t+lGl5q3pNUqi+RxGG7j2SGOqVzwxOpgOq72/qTONXX6HAZSpXD/40KlrLfkf+Y
59EbADrM2e+MV1dPxIToTjtCtAjpgelvqGy8gG/7MumL1tCowQAvNAfy2whULfrJ36tV5u3dzITW
UYZl9RYylZOn1Wyj3dzy/ahnp+9S0wW08sbyJZK33KqhwsHOkvNo0XyZCXkx6VewS5evQ5rblguz
9QqX0Wovk9d/aj4R+OHAqjokVBv+qc/0Kr3NPEyj0E1wzi82G71W97DSrU/Otpi/+sqor54mSeEw
OD6iEriVxowYWqwvmffUpVRPb3+tKYB/Uq+9ghinZS1NayQSDcIyE16DLZS8YoT8D4AMuAYqA+o7
7je82y13YnpKJGGqLt77tL/YQ3UIAC+T6xFVtLyc9O6FzvrW/0gTBWrV/PP6B7Mg85yPsvWGbC+e
h40xzzaeXjz48dXngjx/I2HUMHOzywW0Nj2RjUjlX80Ib0pHHe4fEXYZNX0syOv35tuYZAL+Y4Zo
zM2ehGTu58517SfTrSf4KjVmKeic18F8WkVzZ2T9sAKzt7pT474n0P8ZYFU5MjNaH/+9BOUi2wor
tsf3/cHboGOuAzHmE2A//37hw1p6jV4bo2M9tjMdPflDXtTXuT6S2jNTmHQUzh+1ZP5GT+VGzmY+
3q9dxT4tusgKpxbYIWlnsi+1nhHRtx4wWkz7rfCRbazx0t+jkSya43WM72XEhBZjEIgJnlb9V8vi
gKGR/d8bXJGv29IbFkOrqtSs7kL2IlEG6hfJ1/jM1Hakq8FNCHh74P1f+jrLtzza4qmN9fDSfxoA
Eo3TDyjWXC8yd6K9RhEdR9ira/pgg4gcaZLTssDgaldy51IwGw0bcreLNzRetJW12BhaDQswOPl/
3/YMNjuJSrL5qrWISP5Lz6kqC61GP1r+mK4bCGum5BViZTvCdyxLY2QT29JseEsJ2rseW/evV0OY
/rKh81JvcQbfxef7W2GQrQzBuIrKY/f3CU6DAe70UI5U+UHpfIQRAyhTdpc+tHWO0BjHZp3+Xmk+
EWikc1t70Fyv2zcEO6WH/Ff/WiTbV1P6FP7o52NuWnAUzlItGNUu+CG7zDUT6s0CTYNG6jLwj3Ac
+gfvG/D3rYmtGSHC3V3PDExe9SiUVnLN2zKD3oIPLNSWyb7ns9eSVyGKv3x2egK4yrXBr2E7Vqug
7RR7D3Mc0EC/sNlsvECRBZrM8Biaqk9k0IzJDYc2+eCpQ40zrqvj7+4fCCSW4LIcB0IQhcTXqgVw
rf0occB/QR5GZIDPZG7v6lzNT1oYXwz+sIhrvjLf/0Wdy3k80vXNG5M8+Re5HBaAU0FR7kI7saai
NDS07+EcZX0Sx0Lp4vN219d3F5YH/TzdMZbw//n74v/ukS0P3v0pUu2iUCSIhAj5V3G/YSCu5i9u
hN3yfuSU1meJEZqmgrr8jv9XRqD5WKSBZeMvOpoxpwHYoF+8Jcug6p1jszIKGq3SRTj41n8zMvwk
O8c0FZLc1d5OZSz2TqHtb3z7YVj+Rd6ISQXKlC9qK/uYX4mZ7VJjEYRsp5Jew3ricjqSrXmgPG9b
bdkAksKpwTLUsN2xa2mwud1zU/D5dt7Rad3YrmjpTvLHPWdq2rO0bLnpzk/opjlIgYpalrwwe0yz
ggj2kU6WVqfbXDjPiFcDngjMMflZSO+OpGZA4coECdaQ0c2tKpyGZvHqLGYKf1QPP8WjBW5fPbeo
u++ez7LclTtCOUY41YXEiVVvtFt1bfjsXevMLAYz6Y3ghMTL5SbyZN3R6RnZ8dnHhjpYaM6aHC+d
vA4uMNgbb0NmStOOy0osqBUH/UMSqZHyrU4vpohZFuPdM77X/En4aroAj4cp9lkvIEEKA6fBUtZe
2XKjMqKNWmFS/8CtHtvY/Pv6bPXTzH1WOjGoCMVyBH8kH6dls9gVWll7ArNkWhVq8lR23I49CdoT
1tSuv805SrqCWWRZNM9ifAY0Kjfhfe4W8iOlW0e0pPThXiSj1d/AVBBCl6Jte/tcrjyLXnZ37uO1
6yq3AvYvgsPCtiquFej5ZX2UagTYZ4SqqAhi9pKp4c7n8pqBw7KwgGKtgBf01pq3gJKwID05e4q5
3B02cfiXs+a9azKeHM2+lP6Gxvrju2em4Ch5J+mD6c7uGufyvEpDZZlE6WMdodBSM0cgLIz2AFOq
FIs+igEYbVrRIiuLkQLYbVecJ2Eqs5ipoHYNZm5PAdMITdDyRu8QSwXPjp829R81yG6S5jzUppU/
1BOrvziWiF2OB/cZQyut8g+B5VReCUSBWG/6O/sSV88K5pxrChwWvfFojHhB4z4AFHiJrD/+mwqk
5yyL8mcUdczR3wKQE7Muyn8kGxN5iPfiIBMxXK1sgrz+46oHsu1tm97ylD1pmXe0ZsiC9V5s0/50
K49tuvQR63lDGReI01vzzfI421o+P1dYoVw2RBtsPqw9yL5LV69buVBSF5ATkyJG1Lrek/hSsOZX
fH4ZW3KwvsMOCTZEb3Mxo/SvVdEKdz6eGiFDZh8Q7qN6PkQLIi7Yzl7/W3nye7zA8J9Wj2nFfQ4W
YD6VsRmJ7PC/2TEHWODdXJXtmRRGKOZ/qzX8zDuAPbGE8dkPecUgtMQpk8iuazwXYEDyT01HE/QO
4LLOdsCdtbEB4RguyQUO+fJy28LTUrQ5yjBaC2patEhSqqCjpOvkuqjbKAKxOKur1zyTSNiNUqr2
Vm/6pV52NhWqpGxhUWGvLvXxI8dYs55wAA+qmFxtiZIfBT5cFDxQlJ4YPgAfAGl8YD8W+NKji8nu
kp3p7mN8Yn2dGJjxKWp/nf3u4yHlajyd6Wj8aHcyQDdoN9/H69aJFofjkksQdw/CzcZs4UD75VZM
G5l1m0gkEjuh7cqb1uYMOcwIaW4USAYL8UkQQkRBI/A6EJ2NZMKKR9Sja1RDiP36s4xZdquuvLDO
4il9LBD25QawxpviB89VJclFyvydU3peoHjreKGOFEy7Fa8Ni6azYBNN7a1RVbIA2po6pXLnCn5l
1kCeTyGHWl0o2AIQZ5Js5wTV2uJMLUULflItklFHe1Xey85YUElMov5TI/jKyZjpar9e0KS7RfyK
3di0Hh61jCE55viRtucuQ5yhuYWlmVmpm+vMrb5+ItIE3lg325SULF0eg8iE+G7gQb9JRMWD/dMN
3hxtwY40TDW/eOSOTXJu/l6Gm2Wn5ek+nXz76zyFdE3U9HsLRkhQBYppdl6kGDfzZRqx0dJ4vqEk
m7SDzqvbuxAcmXgyCr60UPuOGhXP102M6UWZSYW1JHPNe8ZrWZZ7GrHjYqUb1VJnp0W8mHI5tRvd
gnBezxwvnueuoowJhGF9W2ujS7O7kVtcs8EYk9M29I+W/Fm3xVqa/fdVEa+fjO31Kw5LFAMV6U6h
dsfw4i6cSQicwCnugXibLfj2yy/kkn0cg0gPuqca98NVjwk/T2EfaGjcbKOkWiSmOe6RBkVXAGdB
faAHbASFDMHrmekh5Y0v4QX6p9McR2AbnirA8kgyFkOrvG7zF6TAwJPvDW1GKgbj0Cw/z48sVWIT
oNLmEjuwekip/AYc2WWH/EznsLqiwEZqOWXClIiZBWDGrAoOPoy/xdc+JVydtBrAnk8bkctteZxU
LrroJt1S8FbvLXrxPH5ptfC9EBVuyM193p8xmTi+ZR/GoMPn+EzhpHCbfT42GeFmCcXdWmUmNClb
SjyG48+lLZZjYp6aLJxmBB6qzFdSELxeMJ1hGSzgtJ2TvdVkc1QPlMSzpreXKEulrBfp/6yff6mh
k8rkebphScNEaui0mG8xGcgtK0pnNVx/thPBQ9iozXFcYso/A4GxxDnNv6elYNd737/ZG/LyWh+x
134XDhs2vZ7p30tH6wD6y8iajpXERzFs1oy0sTtDKdA5fZNmOqSLYjRD8iuMMCWM0RLsMCES4BzH
RbMjn7n1FOAkuAihOHn97RjbIG4mHQbT4CxE/bLgx9LphbSD/es25yRXs36/IG4xvzudr90qjGzb
0HXaeylImcyApqtUsNHXSctgeVw+rxZ1lYBSEREceL/LFniy6hxLdw6nMo3Vk91WKN5/25VrsU9U
kBdJ2XgU1FuK3oJrz5PBViA+hH0dFmuMQHULSiKNCnUOPbTvbLpXyjOs1PjKgp4pVZB2p7cGwiul
BnpK1SowVE+HdOkbiW3aT1Wc2MV6KHH/CEU7HG+PpG+29Ey4VWD/phlBOeyli43LvBtSm8pdMm8G
p4l9Mi85FHmCUWv46NTqukmwCUBfLpDB2NH0veEcMcvw9ocbnagTU6pYRbpyB1CwWSMiTUp8QGyZ
XYvtJqIM8x2R01HoHwNmDg1DPVTiGmH+jET3rbEylDLe6AqxWRXl9ZDbRchZzsmykdzB58evC2rF
6tBamI8ZyXeqcm1JV6p7unIPAPUHSbiak9q963pzvZ9W1frQYqjyBV7icbVh/Gb4E+7TmnyBVSt4
QY04kGNuJWXinNSOaWwz702DcqtLs1x1gm4rxaTsbYViSJAKMbU8Jjrlvh0PNk9k9iKf/CoWxUTr
IchKhIpgtN2dZPtuiQ6+6tPxXPXN1eC9XW8rMYD5iWRMqqZtFaBFBGnoi8NssDHxu2sKeytVEpx4
5esVZetRbkIu3bttSKyxTMFjY3DIYWPX4rTZFDNtw3dLlRbLs6B9h7XIoEocTE1Ds9cGAZu3LpeS
5o+txdnYVaq9+OG47zUqZDwjKkbbAmr6S8F0d8wNz9OoRWqYzzGSbjg0ox+eA27IpDS/hCeNZlmw
TA8+klSgwzfBiAC6viM6LkRYDMH60nZebe8VNTNSULjEZBZhL8txOIpmslDt0DRVBiCBtVmlDbcG
JHCK+SoZLHVq4ZD5yeZ6yU5yDrCox8D6/16pm2UKbOjaS53LZCdacBxHrTsuYTHyQ+efGGcDoyAC
sqg3qb9difxJ/eduPQUwCfzvvf5qwo7UiQgIllpayblHfip1/zL/YjfvK/mC1FSMqDZIF4brpTxd
4KbgvG/8oblyYU/Dbex/w19ujrDHEPrwanyJshgxtY57Ep7lr1bhUuoOSpNWmkPtysP5ssnyshap
pDRC4jBQbNrIqtSvcwoHaDxRMRa0JGV2QCM8OeN8beVMo/w5xTpAd1mZ+tChMYCYmnAcqrm+PpCl
R6eqeuXOJiHgBGgrNtLcZpC8StXJP7Ftw1Cdyzpg5opc5JKShEfIYRYmj2DVbH4k4fVcY/vVe5WF
axC8mSois0h0a0KUGmaFaxc+y36zJc1x6r7S37zBmTQVWS7/gcc1LdS2tlgzeX5Y8ER5dp9Em54r
JBeZtImtNqlnA5sBRLLcEt4icNAukN4mdvE5FELWjzDj486LLQCW7pQtGGjOVUOwEzNMUlHGoeE7
rMfrksxmYZ80rrCPWdwfOYzAyQdRChVwPwqjSVgUUfYiqaZxSNp0B3xrNDgnKqrc9RYeukuYFYh8
NKCu5bynHqx8ydYQhhLS7voshtm3oBnrGdq7Xha0osagcxzvTL5o5oorER+LBdCkYMRB44jQSvXb
884fg1rOqkKKdkFQMn9bQdXi1+zC2SkYLI8Xm6PJT7gzhGGP47DNrPzVhpp0ii/ueFQLQ7aV42zb
WkYEndF0p1lyteiij/MWMt9XT4FIoi+y7ujynQEVroAd+Jo0dZFy9YpviR3KHVdgX4Hk64ATEY/X
BZubvsBooqoUK33fng0SHFsS2HoSTzLK98K7myCYj7SjoXGzs20q31h5NdKwJaBCncEh39GqspKa
rupct+9XUzxYjjefHHh3Op24HjwsODAwICCAjzcfHz4+PPwwLjBhrV/YK4GA36KqcqftQCiKwdl3
sqis2upqWT7u4lNYjHjIiA1Vr24HYDLEHUG+bigfLTLCu1t+Jd14g8/cyVRJoy7NCS3uN11XsfOB
V2w5SdKPZ6tKZGSGm0YPSERUDj+n9OvsUrvc/mv7Zbb70Dc5Ebb7bihcOEHg1s2mNaNi69HaXSm7
jNsHLr5WlfYKXWZ9x7lNeNeP7VCXFhinn+prg+w3uO8q3NThU6/Y9lKKR/wheyd6V7LFc1EcvTnf
lK9tugm/hQyzaaZ1B81AIHYhkY2uNT8rnyre4WnawWjSIIUp5O2THTEbg8RU+4DyrxtPF/gaT1uf
b0o6dU/xh/YrleSR8d4M08VuJP3UOHdYEKtcD+jGtMX9uTAwMs1tKi6jxLFDYBtiBK7oz6EjVVl3
+DLLwH4rvHrLZDJfEPoNL3SoRv7RsQYCgQ87FBAQCApAVLCQfMycVlCULDj41rgNzKK2Up07Q0X8
+1V5OuM+9C6UL7OxKdW6i5PL7wEF+qwbDxfwm0yrnO8qeq02GFVzusZVA0xtCJkZal8/balHJ2pc
IlDUlFM/atW0AKECbqy71PxoLiqhgAL0b/FnAj7pZ6EwL5S32NXaJD8uXZzq8EZHPBb6QQ7LCcjH
iAzye60RATIkSTsV0ZKag6EQ6H3M2hj1UElTOQc31UmaeaQ7rLwa7V5XkEwu4TnY/bAJCZE8Rz5m
cNslg7FgWvwdCM/YHGOTEmAch3xFl/3BcPFGvlG7SDsioVwn3IHIVbx6c29b6zlXdt5kcVZJp71N
P+hPnwzowo7TBt9C/nuAhIVxmZAfLrPVYnDwVuOWuTsfOAxl+nWyGlHcl+CggTsSv/diNkG2E0YY
fYQNASHHD3ZZdUEXZqd0ng7Cti7dc1bDeqPZpiwWglRO6XRDpmGTvXYbiAmKMeasPYHxiEANREIN
slpaUNRJILFdtYNlgFkI0WVjeT6Hg0BToaf4+Qd2Ql+6ByYS0xk6wrPoWMCsdL0aShX0LCnY7Dv7
VatL+mPGXTe8yCIF8G9i79ORyRKQLpwC0dJGUoVx+VjKSbOnW4WlL/WIzUKVGfw2ywj+bUL1hfBw
Wd7dOqHfiAn77C2ipeERDoTsRNoYnH65MlTUpdkFoV3kwO/Euw6TzLimL8OoDtXENSuxj4KAQWB1
JBNvhmAy9zaLhei3Pj8t6iVN8xUZXsCZAa+YjyMKm5qouZS+fkTa39bdVsMvb08i4YbPV6qYioPh
d+NR6tLuQP/gsJHKl09OfOGzu3F+AOq8h+r9vbKOwLG0hSwBD9cQ4NiN4L8IGfmWhDvgpyEAc7nU
avDcZIQaO3bP7WLfYHvhpsNMgIKTwZlpWdJqoXeiWmbwnbKQmxw4yvuWF1SM6LVbRJeRHXZm4iJG
h73aqONan8aREDl0X6iIu17NLpfgmE4K6qoQn4j8hkjqEKnrH4SBGnaiLtvbR+S6KrWQWQoq6ySU
OCA6dxDH4YOkoyWQWWbFBnwzfnodYWCO7kbCfyy6s6rFNfGT/x6oIzgfISOaZpoUWfJELBvZaB/+
A2AH+r4wVTfJfjGVo1aTsuhyc0onJUVmaq0Kn2zgr4xiQwA2gt+LADmNUQr6lycDCObLLsT2jsDl
/9u3CRHBF1OEBdKTg/93V/f/zo/HSeD6P60qy96zmfzSz9aVOnY6FMA4DtQfdfoKYRykOhve5Dpw
gzvCjG8JuwpsNxp3o696Xa0yLU0spQtitcdoNhVEOBbW19urnIUkBZxumbT7GICACrPzDjIWqDSJ
xLbypv/t1q+u3PaCUgYkTx/lBPbpIkm9SLllf3TNSG5tGbN/6504b7l51vPs0GVlO9C8P8X5cr61
KGsvezIckHx9cbN0q3kEosPiRnDzFOgIaPdK/mRxIa5AQQL76hjNl4lKaa3l4X/gGyvU9npSUeR5
Dw0aMK7yTFRGgcF96j9ba2ZUnK1/5FGU+Pg4Xnlq0D+OLbxraGEVPPAb6lBZO0W80nJZehmRHV2y
5pGuV0p/CCHaFR0qzlJaksu1086K4fDmNFf6MtAqddk/3lcOcTiL/KxUPjlkABI8MXHde9qHdSTt
KpA8vazCfdI+uDqqUlxekXy92dJ4oROBpnxZh04RChALWkUF5DwzOzvFWqTpLNA/llJ8WGtaXAx1
g3xpm8Ja2/EQaSzJ+fxg5jGgcPKoSPa4xHCqssm4mLuVfG3qC1xX/swpmtnVu+qNFuwc9HkH48R8
tIdz+aL/MLsVVaPq/ByJy/Swk9D7CFRNwkX7eHUn/ejOzyHJK1RkbWhgtnye6wgTakoQOKDL1Ogy
eyts4cVStL3fb1qzFjaYbTMbKPIceoSxn4nFUqAyBk5uMJf4XncUYxaE4xWTHtXMu0FzwsHLLu7S
JrkUqT8LAyPH6m53thi4YcEvmHs/Rra5rKVNx7AspDzW3Dca85hoZMtyhqnRpKfSbvbVWtoDEIP4
B1tASnkou9c8iT06YF7qswtSWG+0gZ3Awdu1v7OlUZhFEO1wyfIpklylKpRGQOMXkflUv6x1nxoE
2WJ7SdvrfLvyKpGmnTdT5qIutH3FZn9taVf2XvDKoC2FwfzhRbqONIFz1Y4agsdZU/89wWwm0snw
yz63WOPn7QfnVxAHf6HD3IGRZplwcgcWWmSXKQGKpcY7leKRyJKGAA82k4mwXtB0tdue9jzI9VYG
Y0P5D4342GeZIc+nwzRa5Ac7BJaulu0snlcEyuf+4ZmiCHT7i/YHDtJFm5gau/hfgqbNyfQu7dd3
yxKjmKsJWGd4bT7p2B6D+jguuIXF49l3cHOKSE0xIPAeC6SdrwVNidB0BSa6W41H5PFJjSI+gvwV
utdexT8N5c4wTQOK7gxhxXCcvxRLH3kf+OE09+du0ip2O5MHX9yTYlLud7fS6bqpKTAYddQc6kTh
kqEVYO/iRivghEdmDKyxVDHttF1YieNxS4CdFB2l2GcnS+47gGsHRnwWS6kGtZ7XZrMg80EjniUc
qCanzBONGEEFQQeuOJudaV3vuvQuvZ0HYZxWxcik0r4SZf1XNTHgnWp1Lul7aA/V71yRZFYQSCdd
XbRF7vqS4MKWkhgzThTkcTQ/SZaAbtEqqzxvLWo76xw31GFuXSFacgejg8acGlktkjn2yVmcigF2
Mg1YMizajjS+2w9HoQ07DE++JGWJIvUsHjY2FrYWodGgoUFUoGR9PYs63JWpZQ0WKHo9P6J5tuRb
PthjGrL+HbmoGclzDAiZfG97nMmaBl9Mb5vmvqIlIoQ0sgoDN3qtTf2uxinjQDiUV6urW0QC0tpW
I8ePUNKy196WWG/0U8IoU2AM+fQwdfHxqbH9D8ykt2+TrPotwyu5ujAvAl6B0WJeUJJoOmIquLxb
ObP2MBxlDTyldsjSurLGWHhxvNMbtTx3TEjN/fklxB7GeujKklQA7kh1ZTifSimxI8k0r2f/JAuO
96a0SNBX7EyJsft9/pwsCJ6kYO6UMfK7uIKqSDtWqUR2DJFI5v1AVHjrbcyz6UplithEsjX2jx8s
J3QbwQMsNEinZTTSBYhxU1oMRxuHiTQJVFv5kdB3SAa/10rtVPSCXFv5Q2e9JprtPhrRL3Fuz1zZ
AT8TzJE2J/ooweLMeEUQaCzlNBe5sW0eUHcI1/8nHbA518Fu3ympjeZS9bsSZk+sQv0iAROFWszz
chKpTNbbc6pUhEt4CFX0uj1eFUSw6q9jqbZ+SEfHK3W4RGxehyDso56DxPZCRTsR9wVBu6Flt7JH
C1XRMaK3uoy5qUxRuyA1At7/AGEQSHDXmwljd9aVO8mijkZKLgelcQCy/QkJeSkeDyIAXzzUMxlB
FedaqSS/4ZzcwsUt9FvEe+fiiEVrLzdX1OQ8rqSgyZl1rv2Iip4pDXjU99dt91KNKATBwS1uu2fy
s9J+rORIMilrcxln0G5zH4yL2pKJgqB1+9XwNmN0VIgSVplpu5lsszeF4yHI/Jat7/0SohFjAE2S
/Ks5Il28rh3rp3294cK0rEyZ0hUz81Cuo9TJlFWW6hZ52eVyQqhZL5B6OqWYZDgYEj2vDmkcGxgw
pmPI3ajx75NxCqPseGTSMmA9fzkbGqyJN918IvsTHNCR1sRELytWTFcDTv/nmXI7vdGhA/ObNmvX
qIGS1S5LXVdeqgpxX8hcv4dPKmdkh78wVqtHIe2dcYNLGa2mq0Rl6BJ1p1wDzwROkUzV8GUV+lsE
xkXK/YWRVPBhJFKRhYXpCgnPhNtPCoeSlwYZL3kHGCLClNyZ3ZCxh+b2thooEGwS5JjTXrP98o4s
JTfQCNHWupU0ZHtqSeCMemllGy0dRj5rrIHkYzA1wZUPxftzv/StthuEUH7NIGKHA8VLvDH3LP9L
DS1xJwz1fV9iCoQW+3cFhxGCxKqoTI0jZ43Yzfbocl45JQGT61UBNBE/UHGr5KyQvkUEgRDMSDJ0
SyKJhEeWTvLQ0fsE7gpMHEx2ya0C3s4kPo10ZuNPkcL6xXC3dLYBJlXUV7LkKWsAIt/fZkSbwmne
MPgF2LqeTATVm5ULXy0vJ0H8oVBYx5S2IiXGWHfO7boklDyeb/Z9frQNsUYNkXtUsDO47DgW8UZ8
3AenQC+omKXsg1M7pxck4Sou88jr6SHW7jDYyP325PSoShtfC/Fyue7xQVxumbaSy6trl9uVS7xM
/RSQMZVzNaJFb+u7DVxbtS0ZxMzP5dWlsoBmIsJalqugPtL1utIM3bCr8hKeN2QkTmEIIUHP2XaX
gXbI2q/B9bAIYtYjWGxS/0h7l6ARs93vus/BgC4Xr7eLcMYA1ec36seB/FzEE+c5/jlLZakcjPfb
bgtjB6Xsx5/HPVxmUq2eL4gxmWq6PIgtglESHAPh1rvMLFHH/Kcq+lWtNRfLP8o4bjzA8I50PG0D
5CCGkEh+27a8nilB3EJLTbzG3MxE7CKhhTxup7FrFETRFadFVQtEzKZDORSQibUapGIetUg+9UtO
KDmr8nMSYGacJIj2Jl/4UlSrKKF0QB+hzRkDa7fFq+346m7MaXbjeEqaXRiGunmjwPKh+rzk9Ilz
lvtl0HnyCuBJm69ia8gkhFg6g3IppeLpm4Q4bo5RhuvvQFx5MY0VCjQ6Y8zoK1lN1cPzmu++vP09
RD03N49sKCpwDYvqD36kmKnefuF+AhfzHLDF+yF/NJUDEbbYPbQpH2NRxfaWvt/pZ26p5WqVX5fv
L0zD0NATnO8GYzDT9zry1Kr9MdsXXwoVpokmIwuIgEFXFSqSOMIJAdzwsEgIHneo8i0jeI5KEgy/
OkJf8y6qE5HFeV2PaoCI7BXbuDRUXZ4lvbUBGd3VfT4uGO1A/rbY1XAK6QuDG6BoLTToExVjd3T+
NFE8MOTLcVbuaExycMT7Lu5MgeR7pgqZuFCxnDSSzWykvBWB2tUxLC5aV7W+k0oi1rSohnHYHMSJ
V7n2ouBLCJOqQhNADOU5r+WNO8seLljb9w6mu/ELBnvTy+6LSnP9WQkjbZJTONyk9fm1w74nHn58
GkcTEjQhl/JekVmMlpEwOtW5hOXNehsmvl2lkDklUqm0mdnC5jpbBLJ3vSAWTYSYuxEk4YPMdtj6
IXWRZOxWQn7k3Mrvt8oStA/mdtNvQPcITgyaHsSYmoqxv/eJq9hhyb5xHhfixxHyuEzyyCcPGoV0
i7HDhfPIdgKn9AT3Ffzlc1Nb112OId+2LH92w2lvHg9FZXzgJnEmWIDMn8ifCH9r4/V5ZO9YE1yN
1IPlSc3NnQcbGBiUFjCF+WIl/8PmMWO4W4hYEBdeFP5Y9GJTQ1NVS0t1P/NAUI8N8t85xDa8QHcW
+3SXIR7fNJG/yQdlLs83muQ/SQYoOuBrG7aL6gnk4MBff9EjLQg4YRXaxLFgdI7ytDC0T6ah88Pf
BBaSzZWhwXlQtI8liSAvdi/sBVYmErGU8pAGuRp5qq6oMZoqOAqb+27l4f0ALMirQ0MD2r7jXE0W
D57NHyEaKAyOSpNV994I9r5qBYZVVLA9nu2+sKmRdbECRUEZgTVAPYlOJ9UPMBL5yVrQUuAS39bo
NdRIxqe9pUbnQK9pBtu2Q790hN3m+hMNaKPnjkMF9s+bcu87yjiocPaE8/jYyLQm7gr0iGkIMkga
U8TyaDcE13pqVb0O+VTisGxvllx+lpWgrS68pSvafUnN3MdkRatFjA7ALmL7QXoULAGyF2SGAUaK
7NviWjdD6D0OGQTn6UuYbu1kHmQerCDhH/HlVbDa0+UNN1dnhdchxF49IG4UGK0aPwf0/bZttyDf
ptM3JQ7VSru8H9JcDScqN3QVWW4AFtDK48qCUYcjqcNm/AL1TiHfNdTfHeo1Ya2hU29KrG48hhYj
qEIgT9K6NPkPotVoSrKwQIUgcpXs5LpvgrPvkvukUli/+AXQSeRlvwrhznO5mqKqwFwe7ZEYIhL6
ZLpXRGkfEDYKnFaPvwXu/RkGHz5rYHCAaUZCpE1eiITNpHqy2NdfYIoCgjJEjMpnJJvAblTDEgsc
TKoqEhb/uwOz07fInmWAC77qlsR495cviES5XN5VR751bAgBEpLvZrnxiH3ZnTM8Z9lKcZlAuARM
hJgoIesju4n+XFypY4cETP5yjAH3Vq/dtKMHGut1XG6tECxO052a50Xtaw1XrvUVKzeaP6umNV2L
ImB/sf1Ju6GB99EBVU7qI8tPw37gDxGQslmhWOl8X2tujU/0/q44sbRy6h/M4jmKKOlnuNgfyOx1
zxBa/itj9GRdmwUtmKXskSN1z/Pe6Ad6AfSKve9PwfkpEAkQaVOWyRCygYvlmLuASRzUJWxhMVUR
r70ZNo6SKsXUBxjnk3jWqUza5ocXLJQJ5Me77DnN14IICMln1N9ZtjH4MANw9axJX0bpxX5/nAaG
PQCv1odsYfnFFPawma5AKu8I+oFURaHg/K3bnlmXMrNHtJoUiBlCIYSNdImIIgIIdlQw7S37C+6+
tfxij7YheB4wcUlxlPMjsHifRFNTg4VqW3AxLJ07n+T0sszwSvDwk2vA5SynBX16DvPvvB4feB8l
eyKWeHTA2sg2z0Az3bnM0COK/ASxkSPjRpIasUUVSWeCmlEfpis9k2EHHfiCMrDBGUb8J8DcVK08
tygZ+b5Ubz3XvOl3EOxwcI4otnXvsxbCNXhBCuWVZzorGgPOYN6OoboiVNCAiB9El863EckmkIUw
u+bA+24d/E4lTXKb9Qy/oLX/eAlCePJYpKks0Imt6C5pbNY8pb4FVx+1iYGdQ1vvpLe8foO32v6D
Iv0yTjb7pIFCKe1eNHOQv9wLuk/3DqoAAuw/rqYb6/fnQxjFYvT/DmJYJ+Nfj2ZsKdENBjszlrAu
KYZmucNkWRLKUqPpnlW2NhgYHGA1PtFQKeDiDusSnZJGv/RDWo9ATS2G1ny5tT9ZjaD84taGP2Q/
JqNmPnjdasrEEuAxX67PqTzJFnQWJdxqEi1R/ql8wZE9PqvsqnoYkXhstguVn+AXEBJ+JTewHnYC
JraXZBefLLcsEAgd5CpAhnG9z2+vstX0wN77hScc/ryYEFXs8Ro4xf1BAsAOB5dvJMh9oc7jsUn7
svcy79A31T70MdfXyrq56JDzPjQto5KsLWO7GPNLLCCTQzcwXU90B1W7Yw9PptNCkYfdkFvb4MpO
iODK4kC2qvnmRiJYmhij6YCzAGttxQPsz6gCCAm1URqbUlQCuHWHbctZ7cWRtDSCYc9M8bRnsROn
uN8WANnTHG74XIXm6zodCibmSLy4BtrWh2Q2YnRSorhu6iMFbTDukVB1XbRORem1apYRLYdZApEt
S3QfW17pRgBB1jmKFazl5IbRzC+mkaPXWq2cG2lvtC7Bm3VPkW8qP2fivpTeADJ8w92rZWW/PMzG
40f2xF6vpFNaLZVF8tnjtJzvXoiGNu8d0zZYl3hTZY8GLI8DpqOLR9iwCApwFffvnWgzovERUAcr
T8HSoWImbW3MOxpOb6vcX/LpPP2ziQpL5FyuOOmH8IH8y48INOd/KMkFZ2xzJCX5rTCODUPrJNPi
im5iy2q09H/ZRtcQgGWiczDOdYYYJ2ZVWhygPiBqn7WGO47H+cyi13NSC7YQ29cddkMUtuTg2fLR
Z7ZKXqJj8euBi3kv27mWf9nM/tROzrYEhcohfmDt1xua0HlB60QETOFuguZ+7LFl+CGIt3L5Hx0N
WMLDw2BQKMqzLk40JlP5mV176VGZHtr114QrNMZ7yR351JzlE2G6qLoC+5X2ikfm+Yi/z7qMNZsZ
4TwEBKKODiz1G29JgzN+Dlt95aP3UudPcX/cP40AP03U3S7b/PTgv8VG2c8Aq56gLm0ervcQEfL+
r10Stqa66Ia0GOEavhM+A3Y3al8+EoxI5o2SLUWbvXMQOCvRS3KOlGqNJahmutikSPmAIsm6V10H
ZJKgSWxWsCK+AFn0+Ogy+JEwOQz9O1zTLVZpKo0ef9oa5kAJEUKPIkMTDK4KVo3PLud48So9xQDU
nlj99URMgNqhhcAcp+FQPpRf3iAQg9tk0hO4xwo/9wJSm3/5ctjac6nWn5saGy8bVAwGo9TtFITS
Ez8CINsKKKivhj5A2VggNbWeITMlhX1GniArb4T/tfy+QCXfA+cpJsupFN3vD0n9paWlxB7Q8V2C
674NnzZJ73I/1+gwEdbylxOhphDAyksEBh40Cbe9ydnx3bAefvqnCnxxtdM6xfRp7PrHwcuQ2Sv8
X+z8Y5QmQfMvirZt27Zt2z1tTdu2bductrunbdu2bbvPzKuz8b/r7H2/nLvu2p8qKlY+mU9UZURF
ZMQv1ucwQ6fhKzMYZOgWSYFLOC0TgagxCaRqOYPsT4s2DdLVMBCuw2oJSWKyTb8U/HMa1zKS6UnN
AUO0P8MIYzdwbozvXPRNVq9AIKxfWJXQlb5vhdLZLDMGCl0sr04kSp6LJy1PgZ3R8R5Ht89BOkjA
oFsJy8tasV7ppbcSxn+yRtoulEogWBLNU9ZfDZijCRLRoBwxnVYtJmOXW16Srx317KHJa8CEUoEA
O6oOwFBmTzoY65YUH/idbNZeTM0n/DKEqD9jwoIvqreFL7+jHC1cHFqDg1O2JCCmGxKDGDSHhtGx
PsnlPd0IKIGsx2sxCIMFkjsRCbxqqikseFnltz1PIYFRXqzbCAlWx2ENRTA9rXLS9GUkqA5pCFpU
s4EINzyOF+I1X574ipHS9JWaA4IZ/YJ7Q5TGPjChGEfaz7pV9ijdBJWJiodHH1tfpD6C7Cv9Haub
taFspDQ/zSPXDZsPxRpZs4RpGSwkTthU3VpuFE75PDcNg5aoaDKdNR4iRm1C98aNhkgiERRsFKNL
lj9ua4ka40jYNmAvQmHeSjjBKMHHKKBdFIngjrrA7/1ALK/aLY/cGZAkLpKD/P75j9Du4J+hXVvq
gIHFF4khsQUcTTWPvq+/9EwciszFWI3cCUUQLbQ0WOz+9D7NO6hGs9F9kPlrGUiVEE1MhnBYw0NT
lqIeI4ENjz/SPwT257IIKzkxuRf1uHHSFz9dIbSYlBLYFZc8s4UYptOpjxO3CWGqA5MGzmtTRrBT
v6wOAyeVy4qPjbgU4nQVOYcRj/FR5LNAn0tf8Obn8MfrIkeJBN/Kt/96Mr6W2mzlr1XIaYRVzHdi
VaQoB5TiZfocDicXoUt/cNUm//sQHmRkP86a8eJtJNaUeRLVs4TJ+1EkKwzoxloI0dGJAEjab9PX
C1f2h2Ns4sx7NLjeqRR9bzjqME7CIOIxiWwk06Tb5Ko4tSkkVRr529xgmFhIgjly4nLiz7rs7k3b
3XCTqFDNdO65uZyCRz9JAHUhBg0c4zjkba/gkwEENtyEYJsIQzmc8CgvtPneh+3nvnYAb/ecAJOK
3M3k0hkR2iv7400L8gUIBLRbzuTywXfyGl8n3DRZLaRZr5nDrqw2H6VtVbvv8nL9gj1Acw2ZOtmt
1+n8vuCQSPqE8G1VsokG4wnRh/NUUxPpniBGjIITMecW5uc2skx2tOhm1TZwtvb+eP6kAG1LEZDC
JWnLhKBlNEUO8QZcA4KObtygALcptJUF/e7VQR72jmNXg0xiuujJbthn7Svxmfk0YnngzaCDXP2C
z4gQRZGbw3QSf9Mw3mEAvCtVVc34+M/5n/pjQgRxdJp+QTX/Q9bjEx1QxmZp+MK9U0gAnPGaDBbr
j0d3AngMT0SPI1L2DH1Pon6NfY0JzTtzpcORQH/ehnD5dOqfGrEZYpEHvVeC0TmQc0zEfg4KxLVS
3cViNiEflVA/izzlOgkNvn8aLYTmWSe20G50tpnRu5/j5p2pkEbeG/F7We2Od/YqpAbm1UvDVOLp
ILWfE9UTqSSP2gO7KQSZ5AnMMydzo3IY8kR//m0uz57/sCLcT0wpg3LL3TqW1qkDHtr9QhQrtcbl
e2/0sb3JNuO9QfHhyLFjuk90Wr2olw+ZvmsTVo3zzr1hKu6ylT7UkeoJRyq0jqzXbcgNuuzmrqFa
ldf1eih4v0aTQl3EaDmHABNOOqazqDKfN0T0Yo+lFYVDI6t04mTtpNzh1nZKTS1DmEymwgZNK4Tx
d0ZgfOx92qtjSzwt3ZV8YMinyjuRLJYkEwigv5efSrovAD2OUw4J5kgtKzvdV3LA598D9XXs8PTy
OmG/acwDghwOlytXQdKE44N8KUnOubaQJ/KhrCCe3pZchtQRPhDMsHZt0Y0E7Y6/Oe3yTImh8r/x
1QLRTdClTWTzD52nRWhqEvjAu4KzbtsOmSuzHTmDA1wNU+yEswiQAwVJUQyyYeYkJ3zAdGc2W8Ii
5AULumx3OHvvARiVn8jRnK4A9RwDOeKfm4kbUUAHXIyxGgclkl2hAH17WyxmcUGyk7Vo0SROOU1p
9h5iB2SXy2AddnTHnOR4rQOjhOGSO9Dd2krNHlw6YFZbGpzGI5gPjrRSx5XGWiPRv2O/giAAQdSA
+5CH4Tqf6ZNCTCpXxEaSeF0Cp/j1STGekA+RQDAj2z+SdE+NMhW0reV1tyjc3P7mxn1mBTpNT6Q0
gQ+Ay9q7PTauQZCFyg3EI9ia53I+z9HNO5YybDHcT4uSnWemiQA5jZRm2x3NZ0L6gRBn/ljhK0pr
eTMhcgp6aNVrhChArP78k7XNn9OFNvX/XZ1cPvOVki0Qjg1ZeFwLzqGXn6YI5CueEGjkeMaSfnCR
cfrD8A1zrPO8+9kgi4jXhXRiybS312SxWAkkOD2OC54iytzO99/TxlnRoSrJfxz5goAOlz1fTrvI
8XsSTeIKke/7k9hPMI4YTiMHTpctQdVJ6nnH4Hh/12eoj0gxXJBPkILUC/M0meCN3DjXy9Lk/CdY
JEa77YoIJ/hKu4Qb1Mslpch0qexKfrpbviwjrQ9ObSJ/fqwrPvEjjl2DwArQCLVc+zHomm1CpduA
tFeK7dA00SUtunBFkafwAwSI6dxqS4hzbcUpQHPy04m0UrEssnqT9onH16GBQmgL1tEFmU/AunSC
HzQs63hvTsmnF8SGH4rjpIPCyMsv3ORS4rqW8a+sDnv5S0Wt+w+nqKufqIbdjIW8iV2flZCzG71u
BI9fNj19huiInCOEv+2yQu/2MO9ytSCLfza/UN0fzL2h0k+ku+PKSi1P1hCdK/DEqt1OVJy1DPxN
12evFZe/PhSZRGoDRDkVFP3OKgEA9z0vbq/JFkg1+vX8eXxjwH74/kkZwzPmnprLc57FikkRqkJF
dKWMpkhxwgdU37/WERwnp1DxOrQRua+YKjNvibf552EbBuC3ptfOrUqiO4vwcDdE0Z2BKAMeMQp/
QuwFDhqrGsYF9ZXPxALFnDkcm6dVreZBuA3aGkS1rr9WZMShw3HDc94qWIr9s0gAjBM9h8clHTIL
hwneZ4jSfd7o26Wo0oAU4wH5GAkIMwI75+SP06pap6y9J8O84FZF6d5uaP8Ys3oz19aMHh9C/3XH
uQn6nkZcw4lZQsemgkMQKkNVwGCN0f9MhBjHHKBJnmeZg2NLWIC8oJePw7JHv9iaq0gA3jaeowbQ
ikmSR53RX+WGxUL/95Xolt4CFjyBdNipwP4JM28FLKvTvXtXPKnqL1FNcxM3XOPkBFRNo6WxJAtx
uUeJp8RQEKkS2WUjuOb4rEkx7pCPE4CNEIqtmZ51Qmzj//j84SgxV8N6ldO07KdLxviOSIZjGQG0
Tz1wmnf1q4KOXQPf1ge41iAfCzpz9XALUdGY4KESVFx9LEKQehEifvVTvVoQpyCjWIyb3mb3iag7
ICWW1H4bMKuUCcOVEvYHioDGafAIlH7/sBQj1UsgxR2YB35WemiE/AZ0BnHxboBX+Nr2vuLxuaJA
DqVFRHDz+G0KzPRA4MZqirqxfaP/zrk/Q4Bs9flsi/T2/hdJeXggPKeAuFM4tKM6xzi5RyZAnVy7
yXQW704cxdzGRExEllXbvotEshCEHiH4kzxtFfUiN75FvGOeyudMl2cIUwG12wLkIBnX2ps8w9Vj
ECfvXlbTuQdcOPjuiTD9JY5+I1mYQc/a2uXMlrwwnjzkunYnj4hnAq82Kpvs11MrVx15fk6TqWfk
7rchWD0uQfDkn92F3eeOQG1u2zY1TamC8+R6j0FOqZ1nwtNU7EQB5cZpfjUJ7Iwo1619urZ7QMRn
WFwRm1Xz0h3HMw0sq0utudUuzSiPoTUbr187qM/+dceKHnYRQoTHw9DgpyCExLl3olaWrKe1pRtU
lXpcn0mRRxRgVRPgqMpyHNfG0VGKp6PPy4jx5Aaa8SBOoJzwrUcfkpcc6AV+oKw4eaeJmd4cm6SN
U7MuwaOQ5Nmjfh8HIVBhFJnRtzyXRYnFk77SY//I5VczvFLZI3OXovhLU/QSRJOMDtHN5sDXlRBP
gwMCZQaa1lMTbRsR1KyM7MxBOkDaO7cB7E4BS2xExW9wPSlf2rCt42IoiYoS0PcZgTQUobJl8Y/I
qcGvQdaVpZupNLM1/2Zd5O00a92xC2x0OMgH6ZbW5Vh7kK1Z/Ru+eU6fa2k+Fc0RcQyMlATEuPaV
19TGXbGb99cT/fB+D68wrw5Px3CmPGaMGslkqJIA4vI9vrebxLxwF/kT1IpXSebVhhQyyc2XlFP+
nEi7QlI+I8wzSJP6+O/SqRepX3YeYvlIr+Eyuxk8BcDcqTMvPDVWWuLjZGuOrsVYpb9QIzkR2BnB
MN1BkGWwuK7pAlOQ2RjnKMYxCFo443I5iObGnJQwQ2M8GPExtblaWyo2zZeaAOyNmAJFlNoFhiRs
cN/D17LTR1EZkj7il99n/0IAzN5q3QgJjnnO2b8JPfGKkolTed13jeyeoghsMWjF+IIDSkdLUdx3
odl9nxzZaUbHgifNx7doEQRF2tQRDDQZQZxWK0vuufQUOvIIbXo5RAmd8JrJzFogeBMtwtdSycwi
r5C0XPOm+1H2wijoycIjTjGDpVL04bivMkxEuHKMXXPEvALrkhcT7jf0xw9kYQSH+PJBEnfVQ5xS
98iGqMqSAAMy+w/JYyFOoyozZ8qM3IrqF59gz4qkiv8IB1hTPO6+bseGb1hkrhPmwK/oyEDcGvAz
bhlmEKShZVcbN4U7974C/1P8wl1Ok9P6Q40QQoDDM4cH/BguU4+xOn2fJCoecc8kf2cOk+dqMPWK
fO3GlbW6dWrKiSoZTa3hKpaZiJ9NKL+FA4gr9T5l/K3n5yye5oX7GGnkYWwK8Unb1azF0rZGv6hL
FR65oy6i4ZBTqnvGikNO1x1DcsuOw7QJbZdUHAwdfyupmiwzEa6891WYKR2xtDtyok43TC9kMScm
9pxORGbaMHqyGZZKeANnXi4DUTFzvbHQ8QRpaaJK2p77mo6OwJAfxPnM60jVAX44Byax7LkUuf22
KD94oZOZP/YSMvRa/A+NZDS/jqXYqNZA+ORquHMgDcebHXyiJx5AmiIKI7efXayYyZtcYfHywfKW
uGjJRMmBfTJnvfhwv6hvoPFLJezG/4GeIA+SlzMX5ygIgJiPIMxDviU4ZoVfJDzI6CcQPla0hJqs
3C2Nmn9QZL0l0M/xYy9uH1gKVnowMPg5JabGRMAfj7kd9mSLbvnjftwVaX1xWo6TzKMlT4OxPomd
EQSTMwgZBjNANkpljEk2sDzwH680rJEhWwUsoTdZWoIcffiyOl0uzpWzBmjpmwuDuNWZcOAzaMn5
863uhwYq+l/hlvg8GOuo54HapbN8wnbvl+lf8pgTL/8RR95Sez7sTlXc+TylNhwbaHI6aO2djkKT
OwjvTxYezqd+3RiejTy03ryX+J59nAzbg2BEnU6ptnifVg2wNlukvgRnnxRKTIPFKqPXtSq988eU
CvQ1XiHPSLr63TdlPuA6TgKWc4Xed7AGI27ZtbVYoQjOH+e1gyz5HysiwiPbs3El+L+fMg1Y9oXV
r0ZPb9DtI/vebOQbl20OtMlFc8ZxByPLcKVrm4iH2CE7ZhcEhaaLeiXb8F+G5cnp8MiFWKEdK7FZ
njuFBbqE+p3suQsWQ9fyy/H0mkQtDLIeUyqsy5vp5EXxDRLQH8OdSoeLMURiTeEbHRjyU+5fuMf9
gPOMfFnSnwTCeI3jYQydL0KWnSwP6DgtLLEtbdMBIz5D7WMBgbDbcmF4g2s9MgshRRtzWsvLd+Kc
1po3gEIHbpM2woXqZyA0NYwfBai675MruErNVbviYPXY6qU+pLX3nwjWD7i1UAnIxPgRHFzK+fEZ
RKUTPHiAZOVqVpqaFdoUQfUgmHOEC95LczF4IM9IgI46JYBgU9V2Uyo/p9Il8JnjTHfgva73tcxc
M+t7zulazP/pyrGdq30BqfdmkHYHWhSbyxPjk5xQDaBHe9J5leNHcoLhBzHjwR2t8mBoAczw9IXh
QPb7d5OLuKOW70OVdC6c+XF7FF31DH3/xb9zWa8+mjw18Ll+AjXECBAmnrh7+v/3l5gT5M4+xl0h
5XCh5euZGYwzNVM0eR4Z3ON2RVmU0Q/FaGQ+V6EKA4RHaz7QrBGDHqc+35LbDzNvUPTOhvHWa9w7
q77SbsYzW3BqmxStvbu04sg/Rbb766rujDR6V43HqgNjJ+4Uj2CT4aB2e3ywE4DpqYUdBrV6voS1
M0zMPi44ielYeJkOhK+7DcaIv+5LsUJii5aOTs8WWNuRSTvzz9wwbVvRWi1TNlI3K+1lFORkeuX0
mKxVbWVVv+z7c690LoQ753AF2owpjo23v67t43SunkPy+5zfGov5Z0upf9Q4XHmdrOn2oCqFB2qH
PQhWRkr2I8RiOiFFVlQxRjlGKafEy9FjsZhjM43Y5/Aqptq3CN51Rkf6/qK79nWaZB0YFCzSjXZo
5yqhCcSx4XA5tWj+pqgvTG1q1sLST0NAuOr4JeX9yA6i6FDXac9P6HQA/Iy85OR/kcu2MROamft2
Eeerdn20yKP3Fl43j8XFRCfsx4kwiwelorHU6uSQKoHVVKxg6a1ZQfc9lir/tidO4Sweg8N5NiYO
AojrjeCKbwu3kpEC+ojKjd/WBIk2kMj0+ifI9W6XdaC00ub4Kg+2ePQjpwVbZZm17RacY5gwDPnp
t9eYH95ErqXtSDJJOW7WMG0bCtv6Ntp8ejG15mzLyqFXGADjAMcPGIr9J/h7NiPv+1fpERHnakeD
w1gc88lvLhkNMuJ6jg27CwjS7/ojdvwiNcmqzVSGCR6/lcrwkY5uwrAEi5+DGWZ/ZF4TlvNVoxnZ
Mg+ENW744/lYFyisKzDmiu2UlPMTBGVVUWbqHn8XqT38q3IosMSX72OgIifBi4PgPE/uBMlKdsFG
JSRMrCztFXIerJmsHiQbXmc9AGo/XAybY8kgjhb787WiKKC1xkv+olDfZvfD+db83C9cOQBwiJnU
eHbKbT7vlEbgVpb3CXkuctTTOjI8fs37olP1vYmm6PP6P6U7M6Ph4DqItyu0dlAfGUKO4DDzkBCu
eK87thAFRex1vSv982CCf8T4MgfWSgQYLcLv8sJgfXjotpbe8a+i/FRLT6wIN4c/XVoM5UQYgtNi
NoX7kIfg3UuckE9ja2E1JF0CBAf5bULCQtDONoQczcbiivA5MtzF4v62MbxsZSETd0RAfvz2ibi/
iaSRuk8o83Kubc9gj6XOsIxjXoskk7IS5DMSt9X6E4zzgrwIPZFO48Bz4ep/rpOBE9A4CgsbpiOS
sq2q3lDQwaYly7PTNvZk5xMqoo5wZ60G7p8AhtCXjXI+hPuAFUxa2MhXR45uDSyBlQJDjb8kL6f8
GCQo6ZgTM6m3ljjZoDWbkZL62h8txyGBE85QKy8OfJrpFRrNCq3rX5LBMRS3uwrjzi6H+/tW5vFR
GY7BPZZNBAx4Zs2IRQgPicHTNU67QaNcoe/TWoH096pBgJOM/x42CMK9Q3JuILzqLlxdDm34U443
Ag6cNPG4SCG8KhOzgKahV9C9TNxN4BF9F/2jfiT94UqVPnVeihIGGSggm51WZLvjz18vDTdcGki7
hH2DTAR8P4Wv912zQtYOg6Z2VVp4ACay1KtJoZ7Ohvb1IIpfZ7Fyj5/6On18dkwrOv60Wwny/PFb
uXhogf6PSBkSAFMoUA0xIOohPSsGlmK6+b5iSOVQE/IrOC2s8ZCKQ1mhVZRUSLrpm0ltzONbxEXJ
VpNgzq8kP+6HNjqlUArgo3C55L8Ajnr4LtY2vKPIHcKzhv3s4lrTfbR/JoYYN/gNT1x201b/qpNw
EAUEpxx/6PtgMYNLEDgh37MDPvC0NNFjeMqJsPIcXD0mecZFIc37CkSUFLhYKVNghMLjXfWw2h2a
5nDMKztrY44pYIzmYzQkgUJWPgM8hn0cRZcXxiDldKUgd25i3ykB5topKSRztwrUFljzW6rU8CLm
3V1bIMIzXqLPlfvq3sLozNLHLsCao+6kZLw0ICxyIXAR9yCvMsYj3aSiM/WZw9zC+btRL3rAQJri
t3CYyEFqinXdVpysQ2KB5RnWDgAHwNI1OA+gPtwnImAmc8FgmUZaPw4efoLGXRMONRD100hkZTWb
wRv8sXltfbuV4XTnOSFW9ljCOFa2M/Ja2t70A/LVvfzWUEBB2AGkTO09mDnOeUio+Sv2lj/dt+eA
MvrVjAEfP9Yhhq4ccgI34NvZnEbx44AU4FSBgULhgF6fwnC5FEHkgf8ZF+bJI0JY2XpDuTKg/bfh
4k6tYN46SnC28yG1WqW6YpON45cezHL8nZHnvOhCnfa3zGXktn+4xUPIvTo5UV4/a+t9eVGJoevq
LQ39hLv8L+ASzWatBoSwCbaxYbGThbPjEvORMphcuwdZ7dX2RorUjqqHH6Is2g8pVYHFzX/WSX/Y
725NcBFN9rIJgb9PgJoJvYwWvl0zbBahf0pK+vgZvxKB5+3R716EjDyTn8E53fNN99O2Ko3j5Vo1
LReP2dm4c+VOBh+vfQWjmk88Juf14s0LmX1buTBpbhsoO/bQ4zxPQreFaBA6tjxyiUabMI5hvdRT
PqPjgwUWUH5DlId/03kWU60fdReJCTm58yHUlxaTR87XlU7+0Ca3r1+0efHRsPcnBdQ621R+a78v
tXYH4wZ+LLwl2pwEp+sgmofi7uXy0Xb7Ca1OE3vWMZcOiFNH8VWm84bohcP2VYOtjXnlNsP53P7C
+SSDy+9xfUfD/rFhG2Kj6tQOupSqk4oNrwe9w1YdGJNfAVnsop67WvEddqIR6HgK6FUaLUIUBo3x
XtJNxZ2123V3D/MMIDqCwQz8iqKu6e27bccJ60o/LiJ+yV9P41bvEsXahm5QyilCaJyKaEddyoJS
u9RaOIZGQsHUdwrqcsTk78xw+JxVR20at9zTudTn+vwjiUpp+XWVVHbu4jxARnNclnVeRIsd5we3
IELjW4Q8hPceh2NGLPw5pyUdkjq3iROls40rRp+OzJ143zXN6CpwbIB8z+ZgDGHqWTjT4oZU43Kw
F7y/FxyPaUFWIAyeTuiUI60MaSV7Rb44wGXAL2QUkhd9MJUByZRoniqlcaXmlO98Qh4Vhu3Ayoge
+iq5mCfN06t9OaVDlJ21Obstv/vq71oMx3kmL40mz/P08KHlWncvFPy5S9caAq11N/Mt56VdVtyG
HctP1sqS/Gqu+D3roriGL2XUoJW5vpZxlqPbyNM1OzPM6A9eABRoZRuHDkckxWpuHLWif9X2fau6
uL7PteG+djqKCTdKOjrSXMSbGNH6noS07l4nmQK4R5C3z2ogwvDEAbIv8PYaHl8oj80YVtyKnYso
7cjgsmktIZdc6jyBu+G+MsBQgJNDf31uRvazNNE2sT0EUZQQTT5LOmYkt5OWCL6EviJ8+8k1HF3A
JE19BFeQSfjAS67nBV4L+T3cmest3soj0AmxuCBlVNo0p7AaM8/5pAQx/AmURNhoxOqnLAkfyXmH
rVCqfkCvC/nhBumv+VAr5qdJrrze3e+Pg9aLL6rI7sHyI7utctKun6k4/aBx/DARlaT2I25gnGDG
Fz9x3tuaTH5Z86my27CMn0Tx3uI2thw9718Rc19OOk/zsp2fUZrGjbQ200r+eJE9puTl6CeMdmbk
NZzoLlqbdNFNzuBKzFi7TKYquixw9X1scVsLRuxdIbY/z324D45ex8K2yM12R9y06KQ233W/8Lqy
0xXnPIIzWHXKUdgL8mEgwp3+mz+til3Zqm1Bdf5QfTOcd+iDuSVnjkomBw+bQODMlTATr2W1T1Mg
B9IoTZWFx0L8PXs3BExCuMITgyNL9BdcGhmIyyRsnyqZkQZZBpSTO0Oapi8EbPk8EnOaMHMq3oQZ
nvl94pKcUg5SptOeV6J84WKSfILtgqc6SDea4QEvWhAqnb4qtjBw25FFAMAJZpjkQOJWIBChNRDo
QaZlFOJXTkdfLbRYl2oVH1heasaFzziRBhNabqi54T0WBqHg+s9HwOcIXqgUVEed/aQHy9XGVTBl
CUtmfyHZ/mez5XbHC+1Ae8Q7cLqeADv8XIBCZq07waUhyiIsSq3rNLgdAL6XaHtDYNQ84JOz92Xq
zyp/4SdjLpqfeFUX4ferOn1KtGcjigv2qZo/Pap8WGJ2/246RrHGaoT7ZGHR0rswEgj0I+3rGnqF
1CkYxGn79G1sW0wxvMRTZdBR4so87HPumy3fLXaFWhdhez/L3s4bl3ubRX6j5mO0RCCmH5xyjF6l
cZFcmriGUXI5SQbEY17BiQuTCZG+9vmYF+e/U3l8xzV/RV4Pg4JhyvljJcJ2QrX0cp4v1uDnRFpT
fC7zI/fzE7jxJ3HJ+gkfOaY2S2BWp+YR+sI3jVRzYDrIoiCG4PpViPvHtfjzRDPrh20Vuw8BDdGn
YOg3t5aajC+J2jRabvyhKuOkjMFpVKEFJ/cKfcJDuOVXHKo5MeL5ZkhrCZrYaa7ukm/7OAegCZmN
moL6/+wK5UVG+5WMFXkQCBANjFkuHSvkxviUUdsJVFz/ISUz3DdMyya4PEI7QPPw0RoG/nzpqRWN
9sSfV0hkEgt20kqIr6vxFlukfJPRmXpFevfu9vfvFpcBYgBnglzulC54pwN/9sVrtuAY3G+m7HqZ
qaGA4QkLOFGTExPPwiR1rncqQl63rA45MRV9uCb2AWhwho32V87ZrjPHgxPycVBmqugI3yw3IRWK
7/j7tGyZpxb1j8G1g7GlPxOrwIUbjQju1ssdUhBNaJUuYPn+dnWCnBj+YZPfwPB0gLv5j6ImWFZc
jPI9egYi9ROznwiIEwg6JWK+4AOG2yuAx/+0nkzIaRMzuzyJxUAbGRvyxPysAghqpiyuGPQxZ3SH
c9w/11TKeMwG9A7g1eLle9r65REQ2Yy2XE/Sbcv9Xk/tKCMNp+VdMYdjVnB1ApNPC19lTWzrTYJH
pBFzihM22OU4yqZW+kWrvwS+psNHCLDioGh8wCzCCHQ5CoWupJ/TByi0cDa8OTd53/BFgwyf2dY/
VzplB1AFkQvD9t7eAJ/mtbTVknHQKXMopGKMokbVnIOymy3Dr/94ebl02QBGRiOqYk6p+JqZRvHO
FyXS5oiHHDIHSJiUZC7ogj8Ru7hFcKfu17yPkZpxpTww/a8uS8+MSwLe/n2GvQ0BctX1tcnX2/4/
nGH7hwk0vyzBWea1Cb+uzPu93Pe9Ll+Y49+f3RsejFcU4Gc7BVzgF/vKojXPeygxP+yBRNotcEMw
ENUX5MCNqP0uZM9w+CY7dA9c4Cc7Ikdj3YYcdoaifSzxUrm2Ku0Bj/Xce7QOznBYej4Ovq85ZVmi
Ju/AePUYdKCncA78x7zcADbZjzEFHnX1w05rNg+J16ERuZ8g1XhOgcjxo64rbGgjzWiejQ1dTdVd
Bpt7Wie0b+Vvl1qWltvSpB+K9r8D4FtyFYKzOvait2qlnqE6KfAPx3u63Rw+qy8zj76sUC75PTKf
6p5mhnPRp7pN4FuPfpEdId+Ub15Ttwo8wc93k4H3N015itt3qqsfcLXif+YfKNw28OsvOvLpEzH9
/jY7Q7F/9Xo46D50EX65D4wPZMSW3KMx9HSsI3P4E+qYFmhyO0zgzrym0Vw1JsplsOk53HOF3Y34
rQiPPSdbpgzmG2WFuYg1R9Amyi+P6TTSuJSPayxY5NDjOi4K/dYILHUgi25zUo5M8yCgxxEfVU3E
dmAcEcwuWvoiSNLmMoyjzCTbaBj6georzjUoCYJrNamu7EWgHYCTJkEuXpZ35GcgxG8wuXJ8kvf7
rL5GV32WpEV8oeRv+vUC0B9PHmyDG6czLRSynXAp3ZHs9fquIW4JRDZqwCBAkP88VY7/sIAzApfl
XnAwCXnKk1McK92tOiaOkGt/HdHKGfiEm4woUYPdPkUw8GgavngHeJ3ql2bgJWwd2VxM+TYctsNv
EtRtjfarqhA2pbDPINjgI7iTD/9saTOWTLWmqkJj5DrLnLIQVokkclj/sBZgpiFM6iZFFOPYzbyT
EBFaNG4jReV1FVSt2bdW9KQsZnFEOYc/NhJpdZc1n/AwVtY1PO6YMAIpLCFqdk4DgBh/QbIJZ2ZS
k4xNrtr7gbyxW/dWBWK4Uv4Aab/H6aTR7ekjEzgEsgFuqbEDTe9w7vz6R4c4OCy3UiNhfNOHXnep
XJaBdnaL6wiGAX1TH0mQee7vn92K6BIsZz+zNxRTc7eqKFXqj27kGU5K1qiq6da3fPbOvLrpQD4f
riFw4gBVibS2d7jn0oANsVjiVeKSp/xRMcw51zM7qn5IZm6UCIBx1vd9BhXPbgBmL0P6jl3xXEa1
L5IyEo0lhoiIcB0SN1bbwvA7PHyOWxRo0rjsIpG7jBd985ivFIGX16dvsmSH5xN/jdwk/uZAl1LZ
rgyHzScjE8TKC6t0+2fsHUVbCByENFcWuLGIBDsn2fTH+SsrbTWy0xfKFmUBh2kYrxyHHzlv6BLm
bDV8rBpgUGgueZqbhvEx9/RcQDNBjhTa4m5cidad6A/aRDiLmsD+xvF5ayqeGcwIPBqTpUbT4T3s
YNwfyuV+C4vN8c5tCRNChLTH82R775vM/dyAlV6oyZTVeqouDeEfUQDEBaTGpfjlULsIeVIazZEc
fQKRhTwdjZjF/fN3fBaLUR1ZhHJccsw7ZNW4xZBKWiFNgwT64xfeNK5cQYfVD5EBDWRa/APUBfzx
FXha8zgqyOAS2YuUSbZqul/Qp7Kq9+a/GXY9k9JOgjqFIEXCF/8W/kalOJyiPCXAi0GeLgjGcDIg
i64hLkmisvwu9wAsoxDH7vE/nVm9/KcmyMKGHMStGd8027S9r0E6PWt6bPvC4bvMx7w8W85s2L+X
EuZ0rsApFwC251cx39JxBvi8NRcrDGQAR1ouVhYd+kBx1fTu63qd+uzJqhothA+vIbKJoH5wBRSb
C+A5EDEtiH196EOJFNqrxhezAWH9UYRLKpNf+z59RwmbYwVfgVPX23RLlUep1yQBhbnZDlGaEeg2
jgU85mE2QbBj4mY6fNducd8S+JGbowVkjITDQ9u0vijC6UcPUXBJET/jHE8O/H8mNWLsLz2bHvRz
jTYV/3AH0krkppQ6UPEZ5BFEaX2ajVy0NS9zOGcqHvmXwLtI36WuTyGpS52dYXe7kd1ecqq7sjRj
7tczdpGZwH81f6GMp/aLiP9TS5liXlu1ra7lB22MxMJxXWTfQiA/jlTLYSGkKnpQR7enK8jhpcCX
JfKMhnVSoeD9MTgxg+i+JjWPUlXvU4poZTgXc+YQgTiXNb9B5uleEhcpacAmYuKgMTufY3sl0Vdp
KzDyIaUw2yExE71GcbLoPksY7/lPRS3Wc8+Bs9ef3vUCvZT4ZZYkwYxSHvkwMu5AML1kS4OG2WIY
s+hRSAunkyOhzgmCINm2VGOtxBZ7xOLkf22cgGTI+SJODEN8bpoUYg9NpnDRoT9uo597u6bb7LqE
5U+kZk9wG7g051JsqVCr7B5pRillKk0ftIWMjvC6FmIihPYHR+7Pu6M8xAoX0mtsu+c6QtyDDlx/
ahhSOZCO194srBXIAst16YOzI3DlinRnqK+hrOuic/dX98MYZcdp7gFXiaQSi6eLbSKNhQ/FO/aD
mnl8Ul8xPt9sp9+SXn7mKZxiwLNmyhDgxfxSIckb6Dhkd8jLE6enl98MMiuwkQ9FfksiKREoJbmG
LwuvjneKMsdRQsJfuIQlZB/4DBAjzZR8PnccHhji0mM1bVt72AxuOD7+Tz1fLf3wSf4IipaLweLe
CTbjaGbdxGwIe3CMT5hAuGWbmRXU4+PU2/LPK3BdfI58GGdY/j3+q6xioYbRMhFNJNdmaDXPofL/
bRUVgj9R2upHISPnRpvo8tHfI4NtQfUGLR/NjAMiR4vcT/2SdZ+jfNMBLi3XxSpaaurtWp3PhWIn
+OVGntjuN0J8NXk4nDpy1DZnlbT7TSbEoL9eQzXiCR+z1nKbI6sMXPMVrbjnqznWWPrz+3TpYttx
ic3F72Gb8K0nSsrXwYLmROXNJ2Z4XuK5Vttzx4Me/iiM2ypqfEXPxWD4UpM9bO4zIHdrvYOSYRkd
DfzPWvpY3tfeDWLxaS+XTrZUxkQvYmHtXwLHhq12fwV6oAF6dW19SqIN7JftclJTJjgtKMkNyQ/o
OF6wmJu2SRT2UW+IG7pspW6aycS27Wb73hJN4KA+Vnr+LNLj2+QAV7Kyz7ZY5/M9DlqeeAX9cvXv
2Ah7vsjUwjpnn2h74Hhcv2JweXz6OhoKSY7dFBvRpn819eOlEqIBtJ8MyIr91Sf458HOEEMImLCN
7Ia89nJtpX/Oh58VvL27fsmzcBFWc07tFjfZyKbx6Ibhe0pqXMmS/3GqIRF3QggisZKCFyzGpqnb
pOHSPe57E/ZLriLYQY9hHPn/VmMJ3Ykva9/Ti8NwmcxFDcVEJc7AzzI7ZIuwuL6qdXnNofMLZfw9
Vqdy3Qa0MGkQJazRgVyYr3jslw5Hgxyqtr3QZH4HWgMvMjt36DH7xnUEd+KLVIoXP5ACS9vS1nak
wwH7CxWKS4d1aJlFJSihIFlL/wvpFd74D6Q3dkmYoxVTR4gJjp2VLNc1Na9ci+sehzVE4HxGXq2h
FRbzIkYBR6mCkp+wKgueGF9UBBnwVmTT+Xu/orx52KU190Hs7V/H8BmS/0QAR7Frwp1Q8PoOcyI2
xy4UwPdJ0S5LWovU1PyjUJrqn4XSapM/41Ojv/51CnBU9p9TAMZWHM61DcZynCTfP+LAJJYQRVGE
lqTDUHTWtRzpcMBAwKiDOLlku4kK3dzYVXOOwJNRcuCVJbHsc4X5bcjkNKXU/GopiEbVhhWPIdMV
+fMWyrAbY9Pz/9F0LWGW6yi4QXTvWmlJf0CIxGpmWj3UeWZL+3nDsKE6xwEM0PPKWjoB1Wde/h+N
T37bjgtp3qzmXmb5PImwug5MQb/hhifM0YMZWN7zZTM4k7Fy+ndoIIupANwh/UJns7G0KvV2ORJ1
qvjlFuT2J3RX8EpDM9urMLxSKIEJoE+KYCDK4P7Jk2gkcBo96J+aT0HAsIMwIx6SVi7nhCnhOfLa
SwI6XLiof1X7EkBkNNkr9fhTVLXZd91RhABhEneC64FZz5JRuI7/rSeYdeR2LPHH1J7aANRvJcSR
ulQSktDi3P+iE0oON0B+bmTO7EJZ1H7pZEbtJrSAbrUGpVTnxRcVVm4VJmGMjqvJ+T27Uv0taCcE
8yraEA9eoDmXvLSjqfceBDWqgUiSMwemuoehvYNfU7SKmk1ptewWV1gnFPifCMIfwMgkEMdmQQ9A
1IBMtnIzt9unFzw73Wo453eN2lGOK8kmMxiSXYu5irPtRKd63YLQ+Z8H3uAMALu725egosf5GwvL
Oi9XYfvfAXIYL3GizyUhYjEWVWvu7MaszTQuCxWQED9WPwYv8XKZ9lzoOYXUUA0EMRWAuzvv990S
fNhmwcWt1oIUSpQOB3OHk6fWesrvSDNWenyt7CwCGhPpO/ygcCVEsaBjuKQtde0+OZsKadyVvXwG
AgYAhJ4JK7/+yV74pS11+01M8VklGO+Y7pPdF3fw6MUhoiY6OmroDL7P5U7wv1D8hx/ktVc7GcCw
QbCkjukYLQ4XMQLaaKsodksb8cjiPkDJnuz85CFYj5wOD4mH3KKkB+S8HHj/7qYS9Q7358XfBs3I
U0jSZ3snc7C6ZbWMiHMlC7ssxGRQEGURSlXdqnmKp364W/16sSbD8LyLucpDdOV5BfN9p1aE/gwK
XqWREUVAtJL9Z2Q7ypncLC7PxsRjz4UDCgIGBZSWDmvf0vrSS5Ke1nk5ic9H9Pt9JkFsqS73y8Sj
8M/Xac1eEJwaO5hlCVXoxHTEZR86olTioB3fc/crUEUEUXBwRd7WvpQZ5Z+dUgIDBG65keEj1nvN
/vU5wZEBAcrf7hXhX4H7/412KP/v3eIcQXz4AkMytEEZ2xg5OjkYG1j/pWx/WkAx/dlWBH8JFk42
Fob/cJn+xeXhIaCXMbYxdTIjYGL+w1MioFdxtzMmoFeX/2lhbOhEQK/s/NPpHxxJawPTPxc1c6M/
g1mZmQjoJYzNTc2cCFiYOAnohW2tbB2U7QwMjaHoRYxdzA2NxR0M3P/8ysbJ2MHO1srAyZjAycH5
zwRC5k6OCsYOwrbWdrY2xjZOBBwE9GLmVn+G/bn+HSdibGhrZEzAxwf1L1HcAC9nGAEBAAD68r7K
TGHhwwQMevwAgcFgMBj0/w/xf4j/Q/z/HeG/7Q+I9sgT/F8YNOZ/mS5GBkbO/zBZ/wt7xvZPe/b/
ZFuqfsg6zjMgdJ6rXczm5JcZc4dPwmLQZZ0sMONgwFVV7AhZKQ373wW+5Fbyba0RSlL+ShQ2Mv+9
9rxl8dvVSdA16Ua+RFRonCV/awb87ORj8odyJ6nsekbqpRQ3VtUnQ/7v9Y5isSqKdNqTJRuZT7HP
k0mHnrGhQinZcZH1eyfFFsJc09BIp17yu3p8FpcTWusRcX0KEcNlJPBBUPfh/NVwZlh0Z+ka6jFo
/slvzknHck2uGipeQx+V3wWxKDpXa09UJpWUot4ypuac1BRvmPPk5Vuz6xGA6lLWUZKQEC4YBEaY
VbQC7/Jwfs3cgAInXggA7Qp4PULTR9CxvfDKsq8/ixOZZIEzFgoIxZA/I8re9gy3yI0eUkFNP7pH
KLTkMOv40uKfibHN+agp39DIqpcn4JF/Ec0rpb3vllC0Deqb1f4Af5/tvyKzChxl+xHjzqz0rcOz
aII9oTekksKGcsH8/BM0c5ftBxtXRNs0eImbt3wWUAk2HFBYshwFlrDgRvGw/cpD8nNLEqNJIOdB
4veP+LgFPymDodrJNHPw8vjpAO/FlOCMA3uFS4/lxT6eGA1CooHYETAY3QGL3FXGHwZuD+MDmror
nYWh+fepp+1LTsBFPPAH+0GCU+Xi1XBmlQZb/o35jAYyirACfZkwMrwABxYFueg8RWURK6vIYUtt
H/s+FF34I36+I2TyqQhnizuWLL92rzXsKtGKNM4iBEfChhcDCjWSi1chfrQG/BzfnxFO7639MF1b
Hg7EpgyAGGOLSvOmODC2S30wEutb2rDNa2PwQR4DtQJT1xeiiV1GTtstppY0Dsey57TOKZZMeQX6
/M4wOi0SiCRD1eveSBZWZs8WoVOTKALQ/jGztTyJZ1UC1FiVWZYnH6SDMp0UsergcA3ydOiozaEw
B8DJBAY9UhqjQWPqaANayySpOz8oNW2akRumABzseLG9ErDPkRJBJRUtX3R6lpNbNeNkBRb40G/i
RaytJYMfd5xfTSifxfO9zXqAqRZaFw8FP0Md1AH8q3h4Yea+yPcUnhCKtmcsNnwCVog/YZmPn1zP
FKcFSO+3G1KwERmPjHZu0WzPFzHG0HCkbeK8rlBiv9XwnkEAMEeQJHicOscVm0Sl1TnnpZW1rXsl
6UjqCZiOLTZJ/FBTO5RBPjPT06AYxLLJDs5j8GZULB0Ra0+ki4RoNTP2/M0eu45OZvh/oeZs/9Jo
Tgam//BY/hst/6ebovAPn0TBwOGvI/EvB0bJ2NHW2cHQ2JGAif2fHGHbP16IjdMfBus/GbLGRuYG
QrZuUFp/3SNGJg4GAnYmBp2/duHfa7H/N2spONgaKhs7EWj9IUXE/qxt7OZEoPPfOj0Ef4cJOzIS
/HtFR6Y/fs1fko/vj+n5s/6fEVD0KiqMdAwEnP9ytFSY/tww/WfY/704M+P/bM6Ymf7XzFly4qTN
OgPM8LUHFJ6xvj3pqv0FrhYMtgu1iX6oQeiCcgpc071BSQ+eWc1vU0zKcKXAYlEwfJkwlFfi12XA
q10AKH5rC1Dqwh2zXeooO0d28xOyGQbnE7LpuAAPW6qTzUO8pp/AVDU78XRYvop63pxoKwixZiyV
ScUebdXZ4Y8jlTLBqLOX0bTpfAlx9I2EaSFeY7/3CODDxMChJynbAG20rAQpjfMu8yq9Ab6k1VNm
4PaKrZ1jEgNcgO/2bTblMRu7d4QjZ1jE9pRgDRMxayP7lNv5BaHxn6GccHYzZ5IKsEGE1Lj0fuQs
ZYoJaxxqsoJpYQK0yh58JaZNh/q9BuELISbsdlPlqQfj1D3bEvBfMmUlA7r3YXIUTuvvwmT66x5p
jmwjaLsOi7tMsa2e7/jkCs4fwErEdP+2ekUgxFdycZmU6QHnF+LiXrc56ld325ePowJOqj9YLyEO
dfFigYFIWl5Zx6hxheEeLtQh0+4mlvdDtmZsUj8iHSHXo266178MU9zO/7xQddwE+/EYDEuy8Yk4
nsTSsyLoh5KwSiN/fHlHQeEBmgryK3KIUuojNk+oy1HwVOiXT5CnbGkpfclnzmtdPigtZTUjTMKn
PThuxKRo1z0WkqKwPGMId7MbNvU4QsYBGvE+2THrNRsSTIr4qO+PAfmlTU6pMf5gI8W6RnoQ9y7k
kiJqC7tqdNkP71chjKSHk7uSEnYPM0JHn7Tp6KLpd9/x36LJ/7PKMf87KGBlZfkPj+F/U+WYmf8H
lfvHXv5fUjlm5v83VY7tv1A59v81lbvMnqw3GrZPe/5EkVWqp4O4LfieOp2XhnbhGICgRxEIQg9B
XzIjCAMhQAIoy9serjk0vX02Nlksm98EMBHgEoKGFpzsdK+oL6+/429o8+3+Dv28fgb/4s5J6f/y
4Lrodm//tn2vecb3/ri0/z5a/7T/vsT+utDr0gT3TufHe9IbOqB/1rvg28bXPf7s7hhf4Tu6V/9y
2dCDF5/FTx3Ed817Hn51MwL8yuL32o3lnMP1ma6Wv1rrxl15pXt+8Iwh3FEbDtmbVHvvfnfy1UCa
6E799FrzfVv8KpTn5+0Sivksyb3+fv86TLzues3Ft6ufvzpsb/7+AMSwqRn/OpTHv/ge/prXu/6+
L8kSQKpvMG91CEn/vpbXG5Jv3uj+HrgynLjScdVD2bzSRWl9f33hmnT3+7h12tA7Wt7fdeH6ow8l
Lkmp35+9X/PbBz7d8NutcbfXjRfTy8k47WIxsd1BIAqG33c1gsmf4/hfZT4ry925HZ8hjCUE8/jf
v2B979m+uzxfm4Y6vdd9LJixx2o0Dp64BA+fUpv1ujXiv05dtzsnRV3pYdSvdzennHWWHB8tv0rg
d1Dkkl07fV+rP2dcZny+375abLu/9H2zdGPfU/l9asUldLd8XnttpAu2F1ef6bNx9HyvEA2KXI5s
uyyovZbBD7dd6Ctv9kO9hmCG75E2FMBDMO+ItnMxY0rWcRddIIZ9LzZmfM0e3oTbN5q3G3PXcrt2
io5PH+uVrPQWvjfxv+qIz1Tc7hUZJ667Tmv5XX46z32hnYGLbvvUjr+vjJw83w4p19M2izXhnu1M
x+UTc/0+T6ITyfWZdeWNO7W9On14jl7c8um8G3AlRW5Pjc5CPfeeN9toPT0Xo3RSs3uhcB5U5UZd
KSVQQ21QhSRHkeGXS82+ZhuW5PToeHTt6kwo5vfWkpmNWYC7I/DvFmbNoqtpRigmRmqxyJbrBVyN
jZzbzMe/CKj8zlJd1wU3sRo2932rlvQCctEBFhATPRxufo4yni5Rrr3QE7jEnz7HdU35FNQNwrq2
A8Whcy9ULNA5wed47dm1xfpopyMlntxKNZ2eN+aVP151gZR8uOxqk3FxvndGzml6jJ0f6rWsMPrK
XWuJEcJ+fpVIReiuWctVsvB5aXJtodAy4dkuJi95zb+sFW1q4MaDqzFlYRuwMdVbPHXl11DVJZPB
/xrKnXZNHe/IqbzfHLZu0PMFj2VZe4xsVUuX/wi63PwyTN+80uhwZ+GgcYpl10CS3kCB4n7drZhv
39DdBO2uop726TEK1I/2KX+2g3ui12Pf54SS3LH09G5/zMYL44j7jZO6+3LtOXbK0qL2mSR/RVql
uD7Rzcpfh7zbTr+2HSDiHn1d5RyaCCKbkO1Cn8t+ILvqxHYTqjEdhXjt/fL6I4AhBKEftXkxR2r3
m6qGLcWkuT21OvyKJvDJQ5fOTfH9NKRh6nup1HrsJbT0svBbCOJ5evvt2ny4u3s7V7dm/pJlk8js
pBulHIpqz/ZeN9g+3Wb58/LDo2ti+eg7Wy/WvYqe//2V/uus5rsf44dT1JDmZ2rJiW2L+vBpi55J
3bQoW5wr6id7bqfXk2Asic/r7rbPU31nfFdP4qLLen8WJPnRvXssP082fLTwuwV991vriR6/x3I/
T0G3TnjqFIjRsfC8IfVb7udH/7Qu3DAqd+/jRsD5pjNn99bUsrsvZ7ae/P2uGEqr35mHgKHTSirw
hZ2PTsq8jELrFC1G/j36O0zF5/opQBu0b7+gn0bKMrXHUwf/bb99Rmy0NVzNsPHaN7bgjW+y1tQg
q3hrSKfuM75vX+fLNjk+ODengIumTdy99gVLbuy8gUXWKGwWfc38oYyZb0dt32M9/1TN/G1jd1fO
8T1cymdRwfG1wdFQN/DvtzN4lDXv5AWCeEalS49M3RrylWcgSUa1kL3xwxcuPfnUIFoEoyKbTaCk
j2ehYUhnJlmFWyhfWhyVvhz6Zi3gOl91Tz6gtBE3AjW9q5JxamKSrjyOfbTpr/FNdN8l2A3l+GjJ
1dMgCO2YkuVXlkxwDVspPF58OWz1/Vfy5rvrU7CrsFHFX9eDVgu3DiFzOY3z6DbDlzgA9vZAVzcd
27hxL4yEx75lW/Jjuw4CqTnyqZvBLc9chCMb/bc9segtuitRE4Lb+/H2VuorhxJDUiunjx1xoms9
UzXLh26gehTHWdydOTZF+0hNQSiUk2pwVxv9IlYUXYesKnJ+6npxY65cpG2nWCdyocuHHnJWZ3WH
Tl6dmxKv4edO6UJExtHY4aHcK49tE/4w3cpE9OSl3NnyUe21HLqpDEB9/YufARiv6GhOSsgQ7Tf9
UMD4awacQxv9US5pvyAZwtD3j5b7ZcwWDMYNAuYNh+MemfxzsumPmUuT2EduwVZAmcFDxg12vT7k
mAAnx6/VIPykun5C1Jh+LRDa+qUPGHqDT6bOX0XA8slpp5W2Vu660vaidmEYLC/PI57PzNoBNu+/
ghEs/wwVkCNn+tVaCO0rkzbsF8Y8dNGnSoceZYJzgVMRqFHABYuWQQ4PXWeUB1qOK4fAxXHg1AFi
dGRFPeA+WgHaDsLMc1OTgY5IdNPFLIkVwCCalo/Pxq9pdnAXxKQkRG81d0FDoN4FAI0OvePCGUwm
WiJ3Bxk4HbcgCbhy2x+wiYAg5Jgelz5QLsFg6LGIww1QDilg54A6ktFNX6SC3B+kK5yYix0yCri8
zJn8m8Mm4VDo6iph/cSP2Qh1tK87qqXszhVIqIxp30Oiomd01JxZBElbSjK7JZJ7BhALmKtzj9jv
dWKxnTsBcpw2DCioEJgDZ4VAWO6FCkOOBALueZl66SjaL9xKLSDGCj4yto8w1XdBZmQ7Lw1I9ONL
LNK5sxZG3c+O95i6QEEi3/I7mbqP26PhHAAkuhDm3vSD7PAXPeHOUdPKoL9OLRhBunKhW6LZRjr5
PkFYRneO/hvHCOyyZo/gVjDKMk8rJZlPcEadqa+x2636RsBSEwRP/WaqgXHs+/YHxHTG0rFcrHi4
C5yjrsyGDYNTfPPA6y/swIfrliBhOreh3blPg1Q8qH4RSj+dGOKDJ1i4cEj9cQqZttPiRY3Y0oMa
l6gMuNFEO53sZArC4MDHoWQFbyNqdY+2I1q9hYsZmBrb0FT3WTfW7AHZ3Uz81MQhaNpRXDs4A3K5
0rZ0HUVQN+6GVEAgTxyFhLIkCxTEDdQYTcb8Wzug6X4PQE76C3FRd/uKgCPSx8s+eAEBlk06GEF7
kiB8G7fWMnvooeICp0WEQY0bgLVTl08nWwXryf4vA1i0jVoHFq8I432oWjaGeibhGQL3325Qe30B
n2phAXp47Lm+5PKBe+cNqktuMNQ+gHIC5SmktjpxSqUPlPDiMZu+qhTJqSA9tVYAzqwyroH54D9a
nyFsIRQe3tXgBDR0b+WdMek3KmI+YKUdoXgTa/1AounFrXYR+6/T4AjhZjNgGVi+Ht2GnFxkzC6B
CzsuNWsIpubTLPVAcUViEnip0V9Q7qOubBDo9Hf8+CJkcSH61US8t71/B8Dg1L7bw8XlhKmG3Q1i
UeZf3GYhhToBA/XYKxnqJ98tpymgo/iC+70gBsDe19lSnHUJfUVkiJ4g8JHLuPF8ePAVMSIA49QB
cSFH5aWvGeSF8Q6iNYee4NzcNmcaiVKASN59Ska092BD1+vT/IIrPmC8+WLefwv54onsOoxfbvl6
WA55xMebtjT6TmyS34X6qPrYuFU2aUkDGt0boqdyfh2H10C9sZmUiz4FoTpmKFVki+eD0q4JlYGG
y8Uz9q+sYZ8xF1OlUZv44mrQp3hJkdmx3Yic4vNtz4JgKqauBox4Nmfy7+jfrW2/31qy+wJHgkKe
6i8jRbEztQNh4t5ZFKeQVslnHfYV5x6Pk3hhwa/tvM5QXLGGCCGK4CiXCCDCggCnld1gixO541JR
G3AoUrARbEnHAPckPQnBunzQif9t1ceNMDch0QixEwxKeL250w1AaGqjAx6Di6+wHt1IHUR804zZ
fDYiK4wN7/wrrEcekLF4Dff6ZoSBn7HMsDpc3Vxawh19RlRZYPLFg6yVGUlNjDcU3tPXc7qGlJnr
2g7c0OTiG5V5WzGxAYhzkiPXyArOUaFjVi2E/G7vAlaJfRh3Y9e9hnulCOVhTAqF5Vw9ETojC2Eh
CcgiuH12GAJjth0dUIYPiS2b6DroAwthnzqGICoXD62fHtm/RFlxTX0CZFCjH5J9yOTI/ucjhqiX
JAoiQ/am363rMki6xiaAwaHTCpAJCjx/XE9XG9mQpDAaw1x5yAn2SngpWwme86chzqy/ILQRRDse
Q32pQBh0ddCnUIDEAVGQaFeJP0YImfpN5k+MKVA+oz6CHz0KROwsYlHKCLEfInJARuoaEJh+DxOM
Nm05tkGnphywzfB7gDO4SWgteWqNTGfh2My1lBA+jAwbWM9XBMCdxId70C4ZN3yiXqAECm/JjBVg
u6Q5sephMaGZ4wSl9GQHC08STXP7UMxZjvPgvwvpzkHxeWLAyiArByfSODJ6G96HMLYkBgZKhwg8
6ABIjHQ64tLQoqBWF5AQfRmvYtypcxk2G6Wexx4IS26I0cIwepXjz5n1VezrDYiH/EAMzTQnmQDC
P3rsj7I4C767cMjfVGQkMx0JxEWGACLR4nYcCLS5EehpSUxCFGWBwUleUCS02xqOEqlsyWIC+yAh
BsASWp8AOV0gqPhn7ORxA2S4wv3oQwTMmACrBwYPszCvvyVkRmiBd8LejgEhYvAAmHW7hOO4jbYI
71/3jvzUTSXC2lk00iQO3C5kOBzDmIp2HABlcsiQsG3izC6KKtrjzBMRRCjcHl49a4GlEMU7CQpE
XHYw1GDOlmpypMmOg2CBfnOms9EjyHhw29SlhG3D6v5ErjcV6MBnk5zZuz5O66UkQV0oWqSRt4de
KJL4uazgDx3NPTcNx3UIq/OyKVvF4xKOcwYRf37FBMU/Uce8RsmWpJpzsNLCMyLgUFidCALvibh3
VEY2Ev2B9bRVoU3AEwXLyasCF4f/cyeaNe36OsG7HxfGFD7auSasR81eTEc3VYEUVTpdFDpM4g2v
GuTjiyuZB2GpIRRNpHh/ZhGvtQgZzwiDprHoTAiBsIHKpU9DYXBPPcAxeGcCD/5YIcUbJZQVurd0
QDhMunrD3JqRUG2Bg1xlWKlOeByyPWsxhcISRHbRKTO5BbUgZbBnuINtjEaXZplhsEsV2bvTz66F
MGQia+7ZwU8jaGpgZDLoA6K3Ov5dwYFMEtgeXh3iGt6hqtsRXeVmwxQbUGu6yBNauPYTZc0IFSUb
xFR/D4gdMw/BFq60MUIQXxeczAfeIOkBdo8u7IY7ZOXwxxYnuKUVM6Q9+Mu2QVwJ6NsYyBD1ETEr
Xp+f3SoWVkFoYYQnAMLxkDl3WNLBo8ctFFZG8EaGxRi0KeMNCgkd8qNBG79+K0YJzD49WcPvIXhI
zHT94OwWujp2mfOmdQ9If33XsiJ8AyAH1KCRCHQhQvi4WUgN9B5RTRQpf57ZSOYvuVlGOidcQRvz
7FhcwomHJgf/l84rxzkgu/1QCJKRSmHc5tqdEe7CT7wzN2BGtRMIhtrWlYc2kY+16+/pKWIcyuR9
VjePu05yN2puZz8ly0LkD+O3wY/EdeAfF2SzcnZPvE85Em7HLhHtIiNtIFnDSPy8qQiTFxA7Vp1f
QDpwxdiMiePGIeuKwOTKPVXbRUKKWgxWGd+XWEIK4f2U9uVsor9s5SH5WDR9heJ3e4ItCSeGlKjc
KKac2OGM/CiHLsm0xbP2GBT7JFwVn4dMC+5BIwUnYlviIwSaFDGC5UrOYaIuhtMzo+zf0vWJlf3O
YSA4l9edyM34xowBheMGaS6kYmj10SzitiFJfdiQj7XHHEm0ekN/Lg+ihtS3t/Fqr0FbkOpzXd20
MrzTARXDCsKQZ+0KDyhgqJh5absEUNAO1DsRKAeOGySx/QwXvYacsx3aRSyTAXOCPgPcBGlzXgxO
A2rCZj+e1BzHhq/Dkc1sOLNbEdVwdgVWrFZ3bxcX29OhtJvS7pUw0m8Bijl3FZRLuMSt3jl3FfPB
pAdCZtyoYoCCRupq8KsFtgQ6r3RoRyrb7FifUgQUysD8kTX8eVD7KVIe7SYCL4WAwUm7lGVNJpNp
13XJECFmYI9eKZURmq0PNFU+kmVZJoVAmYATkvnLleDCBYofK4bAjXSajksoTxvoCxR2v7ZXqvyE
Bhm9kh76GYdBPrOKgg/ZgXFKVFKHAXO/7QACDQdZ/yUrlQJuy29y6SwoW/K1loZgXjUv8L7lAUzY
gDkqslvUa2YI1Kp4Pm9Ix1Sbb9iAPkD4OI5enR6KUl1puecqfT6vSViUve98fSI2bNfJqIPDASNq
ov7ggeIGBaIG2Ehzq4h8xIwdCVPNoMIAb09MlUt/AcaB+PIjijuNaMLeBsNrg1vK1I8R3aRI5Udt
EW66r4r8VfV+IKat+zYSvJD/dBz1hpk2F7H2s/iLACTrTTqOwrHoMiBegSfho/1dl/8u8CEHlskU
8kAhjtyy8FWwJ6R/UR7LdpzM0Z6Wnrz4lLSrnzOW4Mx93oVGIP2g6A6TTjLz2StFsfqPyFjqKY4Y
xWHRhmmm7yAPXlyiOvt+CKTwnrETNRXXDXa2Dy/kbMpynuCpfGNrqvIfMA7U6kfIhFUMTCiMi3n6
cxkbQuIthrAw2t3ITovWdOoYuPooZAEAmwiAhSnbIYystbhOx6R+0VgvGzN4ZMIYSGIrkkuBc7it
12w2+WTotdRfPlGRD7ElfkjaNr0KFEbZfrJObCATcHB3qn5vKv04U7gMsPHjP9UppEBg/uxqzstD
JtC2LtQwhx3NDaZq1/qqhLIaKc4zr3Ha9UvfWkMSKZUyoSDFLRB849nwyJ86+sydRIw2ddUN/vkW
HTNBnKn2P9aJPYekktyqXyaJJy5gk2DSwF1t6i7ByAaroBnYuU9bnIHdmk0F9LKilgrvkwxW1ttY
ScIOMoZpDS+QoJr6CVaRJLkFMawbUSpd84gQuAXlp1tS+sLaAseihFMQWPS1jaCwBFcLYsBNpIZQ
8zDJUJ1M7PrMzWr1X1aLtGKkNcQYbvyRllJ1goONFyt2AiPEkqeCtyCGcM3IDiBWerOC+vOCO3Ft
REsIBFUQZzwC4u5AaJmH8cR73eypmn60SADRt0hEaRpjY7iC0bWkrQgbqaHEUJIbLKeDiPaFyQAH
DckTB++AjzBZ5HSaBMDS/gywCYTlyqSXxHCnVuthUqaEUl+r8lwZkAPSQ46gzrzLEBMFg3mVW0FU
o71h9QzvEz48xjJX6w09yjzDCCJBx9bzp5Ue4zbBR921r+M7It1kznKDC7DRf6G9kqdWNe3nmI3H
frEhCTW8WhwoPA6Wjxy2czhpuas3vl1jxrrg2YcWSJWjxtgpt8dxC21lkaRS4HAoucOcM+/Db07A
whTGpZzggDTE4VuwpMDXr0M3UBm4G3rXtsK5+OGZwwi3Q0wfeK3B8IzzosDBaDOLUCr8iFZTBu7f
yzHQ8mFHjOJS7ds0vA83hKjgsa99xZ4EVUsMpz4hum75WrYdwNHUR2muLvoMoFn5sx0kZA/otXQo
ndycIUNaJ4W6/pxl2DktmgiyDbPesKBtIFAO44TGouixmvQnDmVJU/sa1FvGVstkjG1IPiXuxCKn
+LE5/qxMtaVy6mdIz82uI/2FymiAcuNgqzFLnZgYxsZsTAh82agAfJJCPRgmzCOpoMUPFiwNIBel
+ehjYxyosuxAjOAkbgYmrnxITi5ZnQyYahbmbnZ9kdUMUuzOOWKoek4Y+YDPQSROGCcJ5GKL9guL
ziXazEaB5eMnhk7z2YxHKiVQPhZVCE6GPUGMQFab4T2gTzOX4Owh5lE7GLJe0kQas707ufRzjpvb
YUpccH0MYslp+LJX7R+majOHGU/5Nkz6k65gZOh+MZCkaj1FZlH9JRJII/pXNqwOCNc4qEz6LwDR
N6nUvNiav45kGOUwygm2dEh+WVQzlC4ftQURIC2NKjtj9kkB/p40Z4Zro5B81jc2oGgiw8JUBmq/
EyEaIl2v516JcvCdTMYVVtzFZEVTJQJGw2uxRJE216XQLWEBVxQIReQo0rARQVzCUdRXuRUNxTfx
NS4YZ8BQb/gRhYzmkWTH21Qwk96NYw1Xm1ksiOvV9osMApD4nbSyjolhy6Y0VfUqGD6fm3DlzKfg
oQVmaFWJNQPYKIipStpJrUNAX/hyj98NSh+FWwdVimSfUucJNWqqq6t4l3+X8UsaJUKGOg6c2Wx3
qhIvDK4QDRMuAAbFBUmAFw4ey00BHEZu1menHpjYvaFoBLj/SX8hZAdshcmSBDIAK14NA8ttqhRg
BadGAmJ9JrsONUX0SSCUYQZ+oynUFJhrP00FXYIQChWj9yey4oH/pGmUlAF7c1QCaaywgMVH0iJP
Io+99n1xKMS85IeA+6ipwTzeh8SdyBREmhbcUqQX8mXMjvAL2hTG/k4rI71x50Zc6I6OTjSwFDvp
KpUbWBnxGm4yBOTohacYMstzukIkfrNcxendnWhmWtOIQKuFSWDfDhPmQd8OuVMnCI0tzpY+rZZN
0Og3WBSbkGYr6hKQNEaqkUZfnzfclSUVsh4KN9X+HncRWc/1wijMFbEnoppkKqikCAr0hqtcLCjC
m9qR8LI+wU9FOlQSw52IVMlNAjIkNXB4EXEgrKF0EEE5FJBIkvoxL8B+5UTLRVtz7eEykg0gHWuS
p3VgKJbJ07wVl3wLc9B2+vA3w/aRRjKOgbosypMfjL1ntYj1M+8lFTDCtKdpAvdhfh3gDneS21Ed
PaFZ6c43eCp8IEVni5xaftEji/Q7Wr85WdEffoRwG4SlQZ9jxFkymBHAQvUb2OmCqTTOksPgq9dd
bpyqsFgF9dqJDPr53RQ18uMxWkfXQlGan0BQBi7PRpnjZCJ673zHRVBzQupZSfChtVKg9kwNLeIe
HRZg59vc6Mx7aGOB5UnoZSCskMDbVAP3u0JtwhaWh5KYMxnuVOCAE1xzF7O5ZkGXqAnSWnBW/FTB
/mGBc0bkvk4inBYlqIQ0pC0CRk6QcumYn+sNafOr3yg+YjRdejfjMj8H/UEzZn+pcRu42YmzoUN5
Qwgjr0l5L9MwNAwLG6yLD24cuawaUa8462c0X7V4Z+Wsko6Zj5TCDvbSyRrQfTlEu2kBt4rZBWg4
3FHpDq++DjHjoQBzlfZ2fTiG42W8TOx2XNFcWqDxgywCETQ44HmvZz7ziF416sHSht9r0czlIlam
EYAH09td+rqDnCWXEXDkRLpjeMadGWkpMcwvmcZq5ZYjAr/0DME1BdrVKVPNYRS5qEI+lGNrqE17
2mXQKKlWlwEA4uhqhgT/ncRjKteUWoxh/P2Oc+2XXgRorEqGlYc4e1CGh/hVysLxhyQFjvRsTe/D
OUEaQvYSa8CQelXwql7jU9IZWAbQXwEzZElG8LfyDjahzsa/3z5+PKYMXlYxoAxw8pKeRAtfzUJc
1BlJseQItBX6jYRZps2Erl4fMdS7lmnZ9QTYzwq+mFK+sBiC/sJzUrVg4EYX2mhRcc0DA+Y0hlxJ
l6a9bxa7eNs9Vflttmbvhp0fPopiVPYTukLGn4tKFRLTG4fAtcXf+Ch3ftONE13ET30NTX7D4MXZ
hJk1chIxyK/FYAc4xMNKM+FZvE9htOShcnb/QdhERamLjKDNGIbUXlLaK3i2FhQfxgZmfK2IsFJD
Y2h2r4IxwMRoOZDUEfLG3dY+wsaIAwRNrov1NAJUia06fTzYlyYl2OVGNqtQ3yLH2A6Zdx2U3YG0
DJ/yiYUwjOdcbDtEHqipl3BPYfcSNoeHy2jIH/aNLUYTlzxo5gGMmzAyFVL0ZH0TDoYtJduTQFnd
I+8Vw5Apd2eGLaMlJCXSaim4QrC/OBfAvvZH3ny5WHdeCF0VFoOH7NrvvZaz2JquDjBGA7PXORNO
VCfh7ILCeXq55uwycz3na/hbi2HjeTYtfMr+oP1gbHAunRG73H5T7hDs0BKVHIr+MOV4zaF4/qhx
3U+OjaoJdhQIp4yjMZHHshDp5OjAjdYgybgr16Wr2s7Jusfykw2cwgibr3Aqu8o5mGOOAgAgPT0x
j+bDBiALf7D1/hv9XkiWlhwUaxpMSpRioWekuquLmXFhPi75dWibEZsfaapKZHS94nY/yjAjPRAh
EIuyRjpak6vR/G656JrAoyY44FAdL1ud08q4VEoJEh7t63V7G0kL1MgaxMYYKuXg+m1rfRfKwtyo
MA0VEyRZ5jH3ip9kSUc4mmKGIo0RTyiybAxSUHFCeqcN7DC9zQU75ChaYLr0cSas3Q4pd+opkOFF
irO82PB3P5MqAeq54NoefUpFCrd3mfTd1OtoGCwstuDVLCPRpSH6V8Ga6gEYaKLWictHurTfrglc
QaJeAFSrQNBicvfdRuNeqFopM+NVoscZ1CSReNRjWXQDd9Eb6PZLcwbtKesT4fzvtDAkOWOgo+Bx
Rhx74ET6sX80mV1vtqcWolJNh1gpIW/mwLKiOv+E1pU0Dt09GbKeKY9XFgylM7WILbSl6S38OVt1
MZkyeibFN51GRekJKlBCK5cTABTf1Bm4e364MIQhWiYQGgAdEzoGzXnQs/wCg5F68vTDByRk1t7T
rKX8zg/+nuC+qkPbExCfgUpXkNKnsdMAujwRVjkf4PRAm4gZUin4bHLzCSveXqG+YqA9D8TZVTOJ
KBo7L1DpFWXTXkLkDJUoZiPbXk+CREwOfaD9stbfFpvPLRhH+M7QilT9FygvjaA1ZAEMZyqi2CWp
RqNcLwONW3VGCQCuoEQZVjFRjSb9GZxqddmFeY+mPx4GpX2r52/QYinI+N7mDDT9+KIlml2IEiP9
V5lkKEtSJmW/BRL/qlXKhhSyw+DdDTLqhsURHriluM44SdbOWi6+c84ZoiOnX0zptHzf0F4csskZ
Jz8BoiIcYiwTuDmCwgB15higa49IejylvDlidD7s5Atjh1pD2+yjIlh/HD8tMKzXT1BXuveY8UXZ
cnnMoh/lZAbgPJtm9/pgZyeWk7FuUpXOkZxotRmT4IegedJC+mU7vRhaYKPrZhTpze7WpFUDzbEF
pF6YwkMUSKWMTBQYeAwxM1id64euX46mzGxzED197boAE9v1fRMKDotjF6EGmPFR/843rv6ZoLXk
kNkILN5i2jNjbXe6Mtc/eENAoenrdhu3BL+H5GW0rLBEETniV4CRRqX+jG5pY4gE2rKTvGCv329g
LppYLOY/a5S0n4EzAz9Ijk4a6xAR9un/C+lS8tAg6RNU7feqXzRC+AMdCu6P30YG26O1nDzW2m6x
bTm9Owtf82ZxY52ATN5QELKJKL2WB18XrxgUwy3Y/lDsgMHUfiBomsGRadXunJVj+1S4yA9irHyi
OAhjVs4WYeg7P2lnyhM41cmSFWNkwxNayFDU5Gt+lJH3+SMWhvSBmMTivPzQAwowEcPzMnIW4gQq
5A7ebxMbfDH6vD3ZZLYILjLWrlIq3efNiC9O8GMFx31MLAdTv29rKwdsspBhwiMra+XBvy0qno2q
pTleSkcmS2GoZki/xgtKH4FGstJHkwfGdz85Ck2yZdqxxApilSgoOWpLbUjqolk3oXQlZK94SJbD
ku7q6aOGUk+HOLEajs/7QUs3TD2j8yEAD58gh3ab3VZmkUeqekRavNS4IsNbRozzK2v8t5KBWDSR
3qJO/w8nZAXaMe2mSYFKJ8YmhsamclQSDy1JFVUGQMqmqAmTnpeGy4y6bpMwT9ZMCZV6kroMSrJZ
NEi+cNGkbpFLX9lyZ2xppSrScQKlNusezdpyf0j6QFxdd3u8dsntSGR4FX1kp9EBSSoqUwv/luCH
32pWwv7VnHFkWRVag9lBw+CVGvbqNB/i4wGqyHsIaqYYQc1dmOobCSwH0IeY75eqFixav3cZooo7
o04yG6NrU1ANwxFiGanBaJp+jvkVmRRKhkUx4AQaeVaCEiWdhvgDvVTFd5WCEZNQd1gwo3Zaac2R
RUG0rj7aAbFHxTsKNpsMEujSRsapQdptMlkpWmf0GEE3gWupTP/o7Slp0BT9ujtgE31wYkmHRv9B
c3l4lgBNXGDeVWkKnItV0yjWetpX6vILV8h2EJlPH2KSDMg+64kiOU5QMu++1aXXonyxhKZOQCln
Uh0S3wOVSxKyaOq3VT3Fiz7Bx9feVRyQJ6VHrIhH7qzD7jl5s1IH+L2+z5iy1DXyYkGzYlsjj1I7
1wtH2EKmwsIVmIER7p3ZIQR0YUsqCkWsvPo1hGDiKmT9KdltwS+ezAJWxkWlQgoGod/a7J09Ct5G
fg6wFy3yuirxnZh5RzYLavdKinpVxQc/GGUpgFZrCyoEAW8ldSQrAH+ogkckbQb2bDex+RXXm0W1
Dcgi5xuBOTA5lyNvTkB+oOYkMQg92xhb+86FHwU7QsjcbEAqi3hUcM72vBhhAIP0XY1djZKsVN6g
a4UkjJeghIAth1rVUwufFOw+uIRyGpQSzEUlTxtXo73hpUTDkdGfhTA1Aei44YxOoGlKFqkPC+6T
V2JZBBFCRxfMRiEzQKDgmFczzsVycKgCJ/TC4OMsr4EhxCCkTW6YjOoU7gqjKN5e2KovzxUHA7f8
coyrN4wHkLPsYrWhmkSE7Ncw26qERGmxPZTg2b1JC1Z9QkUwBk3FOKjJnydrKk7TTrlEvGRPDuk2
WpiMCT9QgvuhcF5l6MhjIUH03O9iFabwuM4YI2OGVKMndjlAqslWc+nWIaF/OuXYqnpP3OS3q68o
wDu5DYS1WtIWkJYxSj4O9rRJCNZThBw6KM8+HF8rIwG4n5MAfkYXQiUSi4EhtkeHKsil528jgfYr
kc0KNPdXn2DTBhIfJtsQIxc1+bsf/FN1H4vVEDEAj4d+VQ8QzT0GcWU7ZKCZU66+DjtN4CadBG/r
UIu2vks7CMwxyYiSEj6DlqFwZFF3NJl6/71zNfYlLiuzPE5ae8hTFPd7uGpfBnjQUC02uBdF/5iM
pZATsiylQpzkry0WwFop0v7FZModM9VkHWbQDZvEjQW4POK04HWhvt0UMws/bM2zGHxidWbelX32
to3HHvscNzwl5gZccxgZDztA9saUZJcVQmpIwBmrvH0/vnk16v3Yt972eJwHww0lZeWu2w+MbiY6
M9utSC65FHl2MVx5Q4RG4YB6LwgKw9F6kN3RveSbVwwwwlLTCesV8GqLJmtIjMOjHeNOdBQfnObD
EcGwFCYEPeRqb8RRpVWxDjJuH4zQcSEW/OORK7wbA5MRYXCY31ZQRHsMfLbE+gfR3nxWOEsJB29Z
KUtRjLejg+iE1KTGN/mQbuS5DNirOMOHR1pUQ4gAUhWsjdGtLlPvIhCxHfmRy3o4t3HhhD+qVjBt
KqdkPsS2UIUpHYAkbLYUUNXZCT2VktSzshvVftrvyqDaGrtjZwIKc4IqOklVElsP/Z7RFwhFYtyf
aCG8BshFbLRtKpkM60CwLVtjnElfgITMcWdfjIGeWDI8YivQt5JkkphOdlkSbcB2l4AGYD5Edp0t
wFOpeP1uYabZ/vFbc2UH+L7Dtsm0j/yqXREF45e1seEkKoL0XY9yl/74IHUPk46J1XZCLe8qP4k2
5yynA6gwWLuQzmvdInkY/a7+srojvI4asOWleE8UfWCq/ZoSai2o5dKU9SDRUDAyReUhrZ9qBo76
+IAjyViWf80oNBevcuSIqjwo2yY9zTpYGycAShalJPE8LNui25IC8sDRD0JcUxfvpQ/UoceIiAfd
iR/A98AgOvn4E1pl+t3I+szswPZHS45MxWI4XatSkeeYSxHTG8G3vlaYbPLMG5GM/QbMvIjrliy7
NW3fCZ2JzJ3Vfr8bw47DH4jZM6XKozy0RX6jjeXtZoZXMUs5Guh3pCyG7lbEgdpTTEuQ66dbGWvX
lLFugxxdJfcmibuYNsgmPxP9hoIQ9hnVBncwwUq+NMe/p/JbLUHYf5FobME7WFLCY2hM0hBqFjKa
aiDTh3DutCqU702F2hFWr3gKexxRS8FjVK1XfuXInIF5OB9SBYgEhyDDxsZOHSlUDeOZkSXdkuRt
RIHPVuoXvC69yJscCSl5YUEHk11RijTrO5kOIVVwXn0Izpbvh4liF5i0Mjm/YIC7Fx0OWrMaLEn1
ZCVnr5TWBVyEK1v6DHYPK+/3iGEgPrvd7ejZocdem0kTTfV71bdQSAeMvGOlSozViGcG0uuQOuKC
CGIhAez3GnxcUgXav/BotgO70p2J4FUbcz7kg0FeUIiuPgu9n9Ol6lo0dGf49rqYpN8fHy1KCaoV
TPve7N4cGj0Uhn/tYJuAdLohfbZ9P64cPxn9+AEdZcSU7KsXJ5BSXzvOcE7ltRV5Z+wNbBqSqJmP
vITyrg5uDuVZmeokjtVEoIXw0kbMG5Qom87UvGxOUmqspF/VW3KouSG9rWcC/dO3k09lNZQRpLo0
2164s4w0soIO9Z25zkAKr6R1uabtOaK+is6qcznUQ/1Zt8Hmx8ver4HiLjB2noVdpQx1dHDgn6DZ
75wIpkwB/vTnvlGG95Zs3HoFNmNBnX0cKsjcE3LXQqnKip6PAhF5LJYFhrANh0x2glqZYCibCyLQ
uFLqz6jIm0pNsNt50bBeuQs/G+hytoTyKoIydUXpefazeFT8Mj3miMtCwm2U5yUhnTZb4GPGG94e
Grhc5iOMqYH02KP6nzK2h1t0+Y9F5M8uMj28dqCnAfbyOTRXu3KtbqKpDlsY3WldaXY/R0wGUUD3
hdGHWYkBaMJ53LA8Lp95oWgpp7zXxxFOmHiC72+ezxUBRHwuos0Sxlu21GaLuvT9axSh1OEvMiLB
K59tnJqFNpc8edg6Cfzha8avQxhkiEKXWRYbthJMeSkydZN7Unlpd7SIB6sJ/ZO5553P89b8rbnM
RdSO2G0KOancwOGjOTkQ5d9cx8Il+KCdNsMxvNCdRoS3EebE+wKMb001fRG5Gn5yrMcBZf8qMNP1
39VsRtK86CqDbMeljQ+BsLyeLxanmqlTTHSpXusTeas4E4YDm45ojxZzUu96NtmFjuHV9o9tr1X2
acyV1+wDWDUYqs13lHHE+XWiolNwvq/fMDTWg8e1ZMboeWIF/GPS8YSfa8fCc4QrxX2dUq02B1Sj
5OwsSO12Jlft5I4VTBNJyQxqaZOwqgoWly6y+j3fOdB+MSqNM4PLurdl/Y4dM/Q+gF/Qx9RajAbh
rMZClppLdROJrLD5woDVE57E3qnDCzjkHbuLdN+ukRQqVbvPYdkDsz0wKv4Dl5tlVumWpeOVWglA
nLt8PTDRbhsT68VOpAAyXNuYGuS2o5+rPv3z6S4E7CLUZ+G9S3VW1ZPaEVKLCcZ9CSQSYat5bO8j
jrieRQyIRaFspEVOsOoUDf1R0vaqAW9LtsY2v4Ecw6k04Df5S5dzGrXXCUPXtQgarnXCbZzIcfki
sJml14WVWOe8JIAgx8oaYLaFf3udJ9dNvNKTcSac9nWpzW5k7VK0bAHLtq6t/uMTV/ZAzzIR5RFb
aC1RtXrhb2NAz6UdJI+UwvQKeif5NmMmVdrlR7Ts4aXMKKxdS+XwJDySrc5AXJ/3qrWTVqKi2SQ0
n+c3tlJ9pvSjlBTm4d+VjFHPK10146JII/a0+x8PnAJG8tboetBF07roB8QgM6oxE1V5Qve3wGOm
3pUEME4oP0LEYV8MJhb1q2Lxsay8SOJf9FMfGYNzawD5qjvGFCvfL+zFvLvA+jQn16M83S4Ua5qB
9Kgt7/MObm8hUgZz6JYv4eVvfuPhFYrkVh4YKl8i09zsylxAE/tjx+echbKzQmrh9/J40uxrQ4Ge
5HvcrOMNbfB2QXo1YTSyc0nou2DUyp/pG0DfjcKf3JSvJeZW464mPhxRzabxEQpxyegfOr4/ArPN
vF+WISZItcJ49WRY9ya7ubUNXB4P68Hshwnh5QgR+se5RsbOUDA97StTtCx0DB1JApSleL0FZ2jk
WkAC525kdRJiJLBwmL3+4MEwqJICvVhVrrfaK8Gbz80qK/pJH6L3WCceJs5TYqSt2qBQPI3X9koQ
c5kfuv4+cCQDUTFmylu73wJc+crfM0ITPK0Zqw+0DeDpRRPof8vMOLgcUbt9/zLEzrUzfwGyz+c5
dp9XIRQ8WouODO2TDq+R+GJu6iCYKiIWmVGf6xtkA3xgOa8Q3W85HypeNkpwwaPaivWwiqy2ia+N
Mq2m2rcIqcBtIoogKURuETfXBs52MlayCxAYXa5cuHUKpCUKaY2U+1A48BuNAuXw5ULN6WRveLk3
hLOJJA/lnfonyN3ub8acRE715MqaBGB8PLQadmA0sWXWjG6B6FbeO5CHA9rSmNoM3COI63lXrpy6
qryLmh9gPjb0CrN3z/Cq7YKSsNiZ0vuA2bW2IXBbcJCp7891j0ax9iHjj0wJuO+7BHObz0326FJM
QXc+mvCgzxJQK/aWybiLDy9T6IW2lzURnf7V0lRaU32iptwvZZ0emjrPUu72UPqHCZksYoUkE+yT
o/XnmUcO78Ml06cJmXDjDne434FRKrhOYyI4/FXhLTnx159kZDszBS7ktm1Q9dIG87Q9LcN8qaaf
DMmQ6w+T6smH63Zsn6xxH5L4ck5x3DYny5RpihbX53XPMF6a91vfhlIG82Qqp4Gy7MKqHew64mCZ
duG1W9kPHZGUGew47E7cogEzYmX51OWuUlWTyqyo+91P6qryq8Xo1EyYBee8WulmBp5moUvrqpRl
svDqxi1BiCeNcmVnzOsPSZDA+GrdTzmqWrg/57C4EJKs8u/PKgzLmGgLpcFN3eBuEOWbikdJKMcE
oLc8T86sXtYuiZWowg9alhJSxwPgyiw3+T9bMG6WdtUgiYcf5QS8ILAsNFycT3dI22F7Q4uWPNcD
BluOygErpuc1NqsQxdhbuMIWVG+2iq/rDqtnVGlNSKU/ZsRWldTWbaTvw9JE0/w6h5EGCxEvVEM1
wZ1zK0vyFb068dEcyNiY1C2HTwxNzaFIsKwfNznUa6Ve9A4T7X0SKy7kLtPll6CHtEWMrJnGTVF6
QkwaA6qg0H8owvSQO3vYXnkja5vVkqPxj0Gqv1s7h8rnP6FGqea9aM/pgkp1bai4UmAkJNclBLKZ
q5IuMiyG/diE9Ib5FjHwqLpSx/GsNOGt8Ph9Uw+1508faVYUJKAtymLJ9fybzbv+PUM7kkPSReMG
0ulF4bbRWWt/nAavsj4FqGpH/KtCDSY+wG3IgCyGPdRZkzouCrvejTaFhfxHstRdzGqSsUVLp7LF
AvFt2HHy6cePqjIWO4bHRKGzeYfzYqrzq5aGsfonK/I8u+bJ2seAp3tNu6cA5qkDkbx+zjBTth5N
eqjHI3JSsyQc7d7a/DGdX2+VZuhc1NucNlVehWBQS1s4cMavupK26U8bknlagsIafJmtQ/1wK5qC
7TCt2E3oedZwzfGTBlxWeXFZHOW7OIDnr25XK2ILI7PL65BDqID16uovEXLaPWvzCg8iTWvHGb9B
3kYAqljAK5mh1guOA5xD2/oatqJ+nBluzPTXnT6GfRrLQ7yEzEFNxYmjL3mIexQMgDg8plWm28/5
PBSE1Zjae40rMdLVDm+lHPMyGFbI5Eu743BZxJWFTmFTZcbiclXJKWbz2G/U5xgCx5Od5zOXmk/k
B1JwjwtxrpmRcH34X9xgYYVpyplYEcz94H9gz/9xB4u4lvOT86WA5pL792MjoIdZuVAankdNE68m
bCY+PNODw+vq+jOvXh+eZ/+Vx8heI4YDBDifUOGS5VMlOexq2PCPwK6Wa3vqM8SUtm7W823Ktsv0
9aclSXccCK/EtAoHCK/aDeE6PF/2bUVnUBySTuovYMuHczZi/dhJkGKtKpU0UltZcBNgv6pP7QlR
Be8QdVkYd3y7U+EGYDSinOiqSdwW0+dJ5JxlMuibX5h0b7xshrWdLx0N+eb7Wx+F8zfoF2C1OWIy
Agp780SdAWe3kOre+sYNZH1rhktzMoB9C0EpE+h8/tW6L2ZhI/obnSBUlvX2Ppms/hb940SRNVrT
Jag24ralGowG55FkaVCXPB4eF+kDPhybn8EqyXjR8ppY+SNIuzqdLR54+FcjvwTWrEvKWUjSkRhL
LrpdGvnMvXDXDTsVAho8urHzvZ6QMGpF9YDxZM6bLr1hhdWumtzZXwIh3rqGUwPXoGVWopbMO3tc
4ilDDacZngwvaOG8GGSe6C2lPeEdumA3nqhcV2bmO0696bwGQKoji6vxTnfqJLjsGpf6N3VeWQHV
CFHYsz7XBLtM9qB/NHHjQuvTjoZmT8EjICzlsLPgg6edg3UdMQNahtO0FOYgFRIY1KgXctoaTnM1
xk5rjhxkn7RBVhWFKfsfYmuHVmXfTXOdzYNXVYHwcexLhnZFfwimSHnXi3QoxCkdSNZ3wLWLw9Vu
gQ6YZ1ZAweRb75+hZLqCTW8RI9DUU8X4ZR/dMUmWAsHGYkNhP28KHa1JmgV6UM+6bNQjiHaQy9MX
cFp45efb7vQG/U7F6fmpYVAVAUJDhIGq7os5l3VO2AxagfIeR2VGL8tEEjkPFTnP59kKFAUdY6/j
AK4+DD5c1qwpR3uTPt7hqzHf2O8Wz4HovJmdmEkUp8ow7x8zU2Q8oDWGyapaW7kISq5VxJgpF15p
jDSDkfkstteP6uGVavQ1OH2Js01PKBiHkzbGzk19vS0Myvfw3d9OCWyt3Gv2C+bUU97LtiOWXP21
NTsoLlSfR4z3fM/34mnYhqcDqgdPpb8rFvystAzHWeksUZ5AktcJj0vmilawGLWwMLbxfYqLNlfd
X7ZgGUBJRLaOHQ2mit7nK0qPHHfL9fxEAPjoWStOfS8ycAODdasiN95PeKtQzQFOcW9R8juHLnaG
y1UHzx8ufaKm3q2bLrZH/LfBxR2C3ni9UNOTNvBMrIt7WHVsBV2s0HNiG4+FZyZdLAcdFAB5zrpb
zR8mu4u7lWtohHlyyw+HN3+6WK7L4vHCm13BMeqg0k/iEigRhhfeP9PLhS43pZ/dQThVnTz5/LmP
8VpaOUQ88fmZKr4jjBj1h3Nd4uwedlU9LmzF/2ucWMH8cpkuViB45CvpzyLNp3cUXvwLh4j4fgoF
ibm0oY3rTJAXup5+cvg5Mx7nwDu+P/m+u+Fv0B8AxfCreCVBmm5nO3T0X1cpjd3219ZMSyAs6cmu
r2mqE2oGp+iNtr3fybrUbt67wzavUT/a5Z8dV1IwY4Y9h349S++aAWN2+Vihb+cOqaV/03T99vqu
mDf4dvi4Cfx8ezzk/8g+daW+9U9d4r+DPtO2SNUrDtnW0Vt8anD9ZHvynOCz8wnALFRJ+37y+Lg4
JP9J7hYTG0E6kyL0+xz1uebrrOVjrwGeTY/Md+M7I9m34Vg35XM4Nwn3+2AfvxW7G3vq8EUAt2t2
6ppo1xCka+0dllHdCM6RcB0lX9kruHhk20trpNWtbfDW4yNPHs9PgZgrsXx4lJRvOLKgwIhqwyxz
S6YPMzLOq2pzYnkM6H3Pno3aF+5O7757+8Lno/y0kDg4dtmnI2h6sGsVrgbvFoZGpS4M1108YPCF
aOVDoYv+g+ut3R2vWvFGfHlzN+KOkbNSmsyCCO35/exDxYyqabhz2mivN4rjlQCPyeag8QSQBHzQ
9FAAP2KuBBsQOpkPWSMl1H3AOvy4raQKLZeiXGTmePRCLte1RR1umlnuWcRwajEu3TuBvs9wyLJ9
7sk4F94bVgzKRAiy9+LkVaje2tShJuf4iBtrDB1EFhOij/cWUXaD4nLgRfr0LQHhgLXPXD4qDB2z
FzNXMi7Rtf9g2vcAJSJ72oAQuVnGZaCGISTogPx1hhkHJtetbEICUM/7ToKO6qyg8onjctNWo27H
coETBhLxjV4dWZBji6T41JlIRRJdLWq6/5lfVhs3B84j+nIXQulX+6U7wSUJriPXNiKJJiLQ0Cd4
9u7I++i1Yy8UeTan5uIKYvvBcNc4Kb8BjsHOeLLlcQO/26Cr43mAbzc5+NCtmduNdeyeYx7DRGpz
KUKMNsVVFy4Wwklh9/dZ47f8N9Z0yMmDf6/fsCv3WU1/f16+JxioQEaWHYpsSsOUvCnjCggzyfE3
xOmnlPyJBLE+rcvrrrn3b7aqH5k5coEahrHnPxMkZ0d4pzgrJnCyJa4tjyiUCgI5eBKuTeefrm9l
qJ99tpHOisGQz9T87hWHdsSqcsKJue9Mln2+dk3pQ/ctfLd0Wl8vf3d9CPlMHvROPVzMbuaP7UjP
RZz3T0SlAFgKEsjHJ8vZT3s/RWZSCvcBkLNkL86aXepj0Hn0hEk18L5CV38YPFlAPnVv9ybWivFy
nHcvaLGa7Td3rnVh2JhaaQjbrb8jTpT7usjCHGj549pT6AQSAj03CPEjsCCbCWuajY+L83OCDho2
wjwXPkmQZIgG8qiz89kFkiDwWbNA2MeQN2yLDt+mS2UU4QoyoENdPjWaJFLtVjioesxmylNOh5IL
RFUryy/z6FvrnnKkXbBf52nF08H1UnnlmvlIRfH1rK4P6Q4+t3rV97NYKLwu+NCxlwvc6jz5zF7J
AIl2Dpuunzwxw6VFwKu7pHg0uyYqsl6XHxx4uopswz+LEVOqUYJ09ky2DKeTcJ4lhzDjxK+4dLQa
r4aaX5d8vQ79KtVUZBB+BMXuESyOD7TeY2YHLtQlgxkkJyr6itNjEFaXfHuqBe6oTNYpRRHVo99S
bCIFWd6W91brK103c4GGBq2aVnEBiQO7Z3usLHSXgUf6daGGmpltOvrOqXvN/6HnJYS4+l+gvP/d
2ICRlZWR/T9c1v9dnDfH/4jzZvtfxnlz/D/hvP/Za0roX1fhf10l/0v8979A31B/SHYCln+jzx05
CFjY/k2zEjBz/pv+b+DibAQsTP/Bi4u6OYkrO/3tUvUXNC7+ZxzrvyQU/7MEK+e/aRYCNoZ/08wE
bIz/I+D8L8acmY6RgIXxn//q/zP8/M8dy9+BrP+Z4t89t/7OImnNQsD6L+i8pDUrASvzP+eTtGYj
YGX9N5+JgIX93zQzAQvn/4xrZ/0vWkmwMv1vdPpi5/hPoy8Olv+uzxfbv6b5/6qhl+aznvJq0zf7
VTZ7YZQSKCrq+AqgeQQQ0FzkA14GiiIICgglJIgEgT8JCWHRjDA9ZZCcEKR+zf7CeZLWVrvj+3sO
jsix4/bxZEdCa7eRd5eN2tOq6eWnjmdVcmL/1zC/zM87v1FgMvg0Hv3/PaKnewKY/+Omv/ub5zX2
u+oD5973Yx//+y61G2Ma2vdtPjeHx/3uZLbwHcz9ZgfQaWS/OaBCfjvR1PbwNRZU2Gfj9uOyx3Td
tR/loGp3OO1wtz80DZFZWPB7Wc/3c7n7a1HCiP/9omFycjKVXq/L4/HusSS3y+fz1DS38+sukr7r
7W68pusNSbn7ddK2y/3+KNN2y+v9snnb93nzedv3W2unGcTnuX0bc23b53nT9c8UPeReZH6+IYAD
oIF/BrLXAijH1XSH7NIzDqLreX2tlhR19AHtgLyAsEUPoOR4PZ6hblTozAKPW2JTW2Zanj8/ZsKz
XfGved28fBWSw+Pxe768vBaW0OPxe78eDI6X0OsCTuv6vH0MloAdLiaWTJcco+V0ekVPmdLr8fqK
UgV9PbxWkE/r8vmErOfyewBxyxvY3e8aYizb8mmvd3Q3dbUWbG+0+OKzIILdhN2mdbnd7n0dmVA2
MIeSTdYkos6027A8oDB6XjeOSGsdurYCowbslj8pWgxzyHJJJlJZ/irnSi+vVpZFRc4LX3y4Ml/a
8brv0Z7voVGGm2B48zMXo4eELVTrP5llcZKflXQqO9WpzSu/VFH6FaG5ehBngccHrlHIJOpTVXNO
fwwdaywlbzIup3fuNHHpQnnxSId/Q4d9U4EDWZ0dZaYiWldsqGWyz3EPooluyCm9G/UaNhSM0UTX
afio+QwWt9gqJ9CUIykgL9AmRyTclkNImC+PbutPNKs88Bb1lPxUJ2p0Qd/jJFwDT4PCffTYon1t
3z17rrhyrMFj98uDJIkNTyyzZa00yjJd7mDqF1TKXFOetLlWjLmu1MGZA9cy9Nu13nVr7nZn8MaV
LMH0TALXrIs14L5j0RsOpr9VGZ90m49sxxJjV1CBkUrxyMzxdG5VTQ04Wnh2z4NY7Ho0XyzRa/Ae
4Hd5/M1b+A2XKIpw9gxX4lwTQAZKPptOXiFESmJr28AP3CVt/Z2XGETJWkviZk/imkiBK7aiN207
lp4exdzFuhTSOdPmGid9eXw+AQBseg/JYuzztzyicGWfmvFo3WahgDLT2zzbQTOjTqZ6QczBBRK7
IwFmHQmGXxDOKLsOULac0h0py97ftMPPGM5Vxy6n2/mJBC2TjNL1KZQ64yfq0uj+ZGuLMP7V3igy
+AUfWLGUF4V71vrykaQxoN507O8b0IfHkWD0KTDvSbFiM8mzshlpZLBCqfprcDFtTl9SIXaHGSKx
OsIUuucL3YGEZDWdmxw/30nerIAsNXArBIrdkok0ZZGrin7Tl9wC6jDJpw5pWeBrEHQrbXe4Gxat
Qb+H6SaUIaehPbVuJ+TS4z3QYD7RYcNWKA/VmvzUYA7fcIdiW+hJIlIXjDh0rjYlnjWSaGS1SgSs
SEcCHgAhBsoDC/vhBzML1VvnzanRkiWDsFBslwoQIZBKOxdBHsYr+oCVfnofDftTHrJ4ZV7LIbag
F5q0P9UmFkw5eXZy/rbKERKHYRFJ5rVN5lZK8Nqk2AiW9JnXb4QboZ1MUw58LZUSbMewXiF1YJn0
phEy65fRlRKWXuZqdTuZxlTiKQlUARGhR/TEw+dJcvsmzg0FVpsCj0Od24MUaQKKzDEyBzTlxy8V
IsnUe88lx/bHssu2xmfChV+QzmW28UQLxRBOlEDWUHqRU0lPxnZRx3SDjmjItcnWIl2mzif1pG1W
ZXTi9QuMdX7iwjyUWLllfHkSHmTd278ErhwcZy6PasVnS01vS+VfjUT6nWjSHFIT3KQpvXRSnB49
vsFEA5ItE0G+QZyArEGQ1lKQ3CNHgawd2tn8u1GGdaJ2aQb8iwWkT2d+RTphEpF8Ef3yJhTmWOdj
e44Uoa8rARStZ351OAZ6bQ0QTM3sv2IXF3j6eWqkvqmC4skWH2pMryjS9rEVnYXnTeRL6d+cNtMk
0QjgCn27IQpQtMcBfSIDYpnPltMNEjNbBV1nl6oP2Rs315XWpydxOF3SOEl+f6zkhrV7Qt+fNKL8
rVWv7O4w/AF4HNDrCCp8bBPVghaTQ48FXyQryjb583bUy9rlWdPnWyzEirXJGVB7bwYLYZ7rG472
fvaiVZ0B1Qx57be9tfRsVnDpUjDGlZA2dgswNKQ1RMIqyJQMz0y5pJniXaiJT/zJ5k8PJjUfNtsd
qy8/w684x94wx97S8yr7bSlUxJ6sQafRseje6I2uR6N8tHacwRzmRgWfIIklbRiqNH1KxaJoay2Q
YYorIZQRB0E0+QS3nKxo8+xwY3lRYBpnlcQ7i34MtWrCNKxOIkSZTyjjYceDEsfDEkE22xFG3xVG
34XXoTS1VqYWOeRNrtg8Wpwu3ypx/EUu9FmWez0/TtyprK6xHGkk80QuJ/uPwYosUCREWkdEO4lx
KxZProhfrWMZbWtFEfoUfdiovc6GvQv5S12UhsyD8AY8u4Gnh0Kr5Kt3ypwgcscwOVO4XNncXmy+
B33WwfyquOM6E5fbAMoRTpxRjLhDM0EJZgtBbBZCWBAgy/L+PvUSqVQ6MZbbBZi9GhCG08Es0yFs
kyL1LIiyyrsyqhDCiEJ2ON1KzHtanAe+tn6bFWDKhT65XYYeyh4sFd8iTRt+vcirIHI62A60GS3a
hUJzh2PsUCFshq3Qgk7ODN5QtOEAbVx5crgKFXA2CyRQjZibFZBE1ii2hAHM8EG1psDpzP4wshCO
VFGMqHOlMBYKYHOoahbD3lewnpu4HeohejKfk7xUHf4voGk2NlZu23FcRk/442f8KZTfJJEDPbeV
gMPYhqnmZ0a3UE8s7eL4C6W3Narvy+USL4qqfvSqoMX2HYNR1apWZpX6jAnc+EPp8D8nwRhMPrBY
vh7PesCcBTqp/KpvapRflMjpVGH0Wph3fNq3L126TSX1lFOR5HeGTN72Xu8nJ2FrzhOAT71DmSFw
Rk/4ZeLxix+4i55z6TDa5xiyaTRGr+aHIRu7WH7LRycI/J5bB6ih+gWvirnKJB5fpcClVpsf3xFs
N4Vjpgs46REtf5kEnyWs9r5ECXidMXpv3G9D6rBc4JOq5X1s89iK+szAjdqNMB8dLf2a8GnuHUrR
GTpT/Igrc8kbN+dJUPU8MVmXV7xaFHOIchrhu9+Irupdp9QaDPXLNBjIg8GQq044lUxH7mxG7B69
H4blE5OZzyka3XossfyugJJ+GanKdDHo/FLwuM+nJNPbb39yq4HdI8vWhXUMZUWh8IpyaxzzyWmT
Wf5n6pxhrpS+r8Nz18FVZ/jmzPRmOoxVRrj1MhjrtPtSKb3S4vE15cY4OeRG9gOF2suS+c9X6FEi
2tvfROoROxOg9SaC85HVrRKZXHpVfHq/OiSUAa9QkeVEA0ug3uRRH7LpTnh1ZrzPPJ7Dz3VKoLmw
SSKGxaaUGQabMbaq3Q6cVkhcVkmd10hHrPaN2eyZKjBW/Z1aPYPXagyGcjldu5QOdcvuSlVak6mz
rmU4NjFd25h3RZXFHY4FGHRrUeabMKbSRWfemEzoZkt4S7GaqX6P8yZb/lor1LxUZ/IgqvlW180F
5B2+a4s9dMYdT8SdvOZJp69Gjo2n17+9m5HoXruBQpF5rKi4WiUa50iX7VjgErPAJG4KO6ttoeLL
4HaqFnKPL7fvLHHoquBxVQPkSKWaQonO7WIFG6Moj89qpdjSJjFlqzRmK3VfqrF/U8oe6hTbd5C/
1M7n0ap2oFLO6uB04KjYJmw/tnOZjr+4KlzdHK7njj0aiTmSijFq8k3orUCF2/1NP4KVTCnVOzY2
1urUW30CN34Cd19BdA8xO7wrNE4xGo69byqNGuOKYhoxvJ1v9iHSe7OqRYxenqSGtdArI0vhyBWW
D2mW1abN7xxe7lLzgzOVejqFctrP8LZI+GkHEAop/x3g17mCR4lw2wSh8FkcnX0eBHzRDRypY0xx
fdmHfzRsB1SnLU9xLbx8dSUNd7GdqxjEJPFLe9+rSb61SS/PelD1PruY/BYOt4/3gQgggxdOC58X
Dz4GlxaLR5fXRonJXG5xi4zqywJFh4WCHcqK2fDcKDNpIrk0WSxK1KX8dbN00iqpxDOp1KVy0dPo
HPDo5Tvyy/se5xOkwLj/QErhaGUGG+eWMWHPDd2mxKy0h1KJDlfmwpsiwzRNkCXawCpmzytHmKn8
KbeL9Y3dU0+8JZiAe+S+208aHAdavC4FLod8q4VCp4VCq4lOq4nDqZXVvTrl5iG+VkYPBk87W6Vm
Wa8S2agVNjEjbNrG6L113cM1Xevf7Wv17MWDfE2DfHj6+HI/Ve3fl5Z+RI+h5ATR0NJmRxt6u/0a
vIDyDOU/LxyfTNn9AEbxGn/AkQJta/bHC33IMVz1Jq955Dx63lfLmX8ELAHi0Yfh2sLhUmbwIrI9
kZia+VrI4a1TyjSrUw2aIUqzxFuxwBtpgjHQCq237ld3ib/wVrR6x3jyx2jypjm383JUtcRnkqhZ
xraVN8Cpb2Hw5Yq49ZefjxmPgu/EnvTKtCpceyYbeRqWvkSGuADPw+bDk7riSZpzT5p7lfQ4vp24
2k/nLWHylDd+zJm46k9sAP7lSj+mGTTCJKOPudG0Hmvskt66Hmu+u22EOlIPa7weXPcsWv8sXn9Z
E0A5zpdxiLCs0ns2e+rk8bmmpudtXHSio6UVyHx8dCQntvD9ptQfmnrm6rZ4DaW/LgJlXQN1uSVO
cmtvq/L+ZRbvHXWinzVCWN1PKOjFIehFoujAIenCUnav3zHAVrDJFGZp/2twI9Z6d3jtcPH/Iu6f
g8UJmnZB8Ji/Y9u2bdu2bdu2bdu2bdu2fc6+3+zeO3djvpiJ3ZiI6ai/Mio7Irsrs/N5qrKzfSvL
4GKs+dVsE4x1A5TtBsamFc6qNQ5EHZww65ooE7sw/WRGJ5yqerhc+mA6I+MCiaBZz2P59r6a5anw
7tVIC/ypWqhjtYD7Cj7XBT4sWIbeTY48bniXfrfXPn+GN9EOjwLkNaR1A6RZ85NV652euhsLkKpO
1KnOk+rO82rqpdX3XxfVdE/A9I+A9Jd+qU85oEH0T8G/MAhRjSJrAwMDD48Nd2k1NbUD6RhRJ8L6
zzVbFi665UyP1ZtXE81PNi0M/Ys164s14wup/sm6jck4kf4+0HWk+Uay+hHa/JFbySlc7ZFdDxZ1
bUv6PnG2t2ItHUJ9jwBTnwjbGx27KyW7M7W+ubrdX8kgH/0iH/yFWzjjazhLdnRFvU18Ee2Bs3ev
ooRCNOmzs7MVypMHf6+/U02bU12bUwGmN1t6NutIjgYKmNPhQxga5MIwC0B3ppoejFXdf1VRMKpn
V9XcljRt/C3P+PouuZYhqzmWNxJbRxJNL4UbHmubHmtbOqVBjPVrAFx/n8CAz1sthxcWMapVLLhK
xaPX19WKFewHeg8BTiezTm+uHUpuXotuevj6vr2x/mI0AU/OT9AvWvf5WV7zNDsWqLUsp7Qqp7Qr
p7Vb5c3OLP01i4s1i5M9k5s9k2D31QTvuoUbCfelGx/w9T3aXXttrcGUmZmZmtraw3txMc1l4jDB
t+/v7wx7j3o5NH/jHdvTOZE2Oye2/lg2aPu6XVM9tmlY8la3kkxuJZldACtdOFRuHKlZdgWD25Dk
e4FOIRwRTm/UOpXV2lXik6u4KiCzalpeq+vui9a0i9X822GeVZLlypQIOqImlYoVomJhcjq0rFxK
5gfahieapje+a5sntS1bOlhtjlhtXqu2KKvy2reJ606106fbNlhliFhlhlhlhELQIwBnhljAr+xo
W7YFw6/aETVSETlTNlxrW623bq/oACOzPcuo9+Qtb9Q9KgMZ6eh5WVn/24M8Pj4+PyfPoSgvhC6P
uXGRSfRMbW4oyZq4sTh9aXz/oQHiEGMfR4F54BTdHCYCmoDQ46ZMjm2ZasW/zMZf2OWQdT2slGek
hId74gp1J9zmGkeY1Pr4qW7lRW3LmrgwbR7HVEfklNKeQl7ADMFJxB1eeX5+Psvzsy0+F7GMjo7+
BwcXFxcX0KhZI0hP5KTwdABizNBr/wAfkoYIh8s97JBUJhfhhOY+EcoEzA4GJFKUMdgTOTGRkYHx
bzQDXluA7zc4LAE9Tg/+PSNwTJa7MB/g0nmq/PXpySkdtKNCkUJCzQjGsgWTTDp6GDmafmR/Pz/g
mj0RdMlgpvzDHihdsF7wexLfj++wBUBiqR9ZTFa3EDxtvKo9+IngPBgIUEObhX5EIlJmXUCjXw2S
OojUFd6JAjmyoaGBIAg/TrfP14a4NL2hqqqqrQ1NGmHIvGFEHl7KnAAJCUn93wWgNSBIVqzIIFZ7
GnI7KJSmYkBsFbpQrBg0FD0QwUwgJsjohH0gYdqUl2c4ACvY0t7f75s9eyrgmKuzc3Fp6ejIyMjo
6OjwMAg4uJiwsLCYGDgYWGhYWJKkuDgEcvP5QLoNCTMzMzX1P7ZEKFqBgHgjempKSiiainw/LYKb
/f8oDk9OSl5TagffiyoMetT/peWMdLAMoy/CN4DMpSUnr29t+X0/jPWxhsfEzNTqdE3/MzQwaHA6
m43j/YTIi8XmAPIZi8Uxlwi5FoND3hakPCZprne63x+A4/uGVzMYW1x8DILjXe/xYrNYWl1d3dzM
zEY2er3eAH6TJEYcZgXp8Oej+9WDXQsggnVJ2Aj7FyIQLKOhsXGz1bZhzUouZGFjU6JYgYKCEhMT
M29laVlZVXV1eQmvc88Ngle1C1WbSFmxT8mBK+nk1KROTUtHNwZwDhQAAJUje+bYYW5lZZWVmYn+
D8x0WH+djobGxspqSI0yFbzRPGGf/fWe7+RrCI4PH9Se6xK3EZK5QF+O4Ny77zQ/On9Tf0kBbELJ
7n0mHOOAUJhLl/MHm0FZR+jE5xEE7GEHENrdkwwmUeycHpo24QUqBcMhKoWfH4kkSpsYCG7r4elj
kPeSrzxhD58eSMn4eZD3YzPg+4gLihQVIE/fph3aaoianSF8ye98D/UfMIy3cMbO7bbqeKWUbzBs
wJI+oOt9JgRrQkQ9XO+xSqNn0giG9ERPP+HEJBjo9oEucmqetK50QIJiBfJCYL1wNj+82vzdTldY
vuA4QTa8YHhVaCjYPyFzgmN1atRCTIbo+CN7dnMCblw4Ts1kE2Up5UTfIHyE/CIklBTsCFSiNlBX
fXigKWlSpKbltTUj0WmpooXx4v5EKCioxKQkJkbGeJnzMZ3yDHvo2O1f4qW+nxu7cNdj9u7gjbvd
Hi119fS8vLykpKSMjIzc3NzUVLCj+ORk5GYJMAGJ4T9zAkhIyIc/4rs44rAEtkI/L+pLjoohoNFu
O4zP1+jyb2Qo0OvGpqYGyngaWtpQ8H1BYTrY8EPm6/9a3nnGkQzoH2F834ADQSDDv7Z+WUcf4AEx
6KHoja9iMIOhyMGcIA6gAsdEMwqcv14D6NHEdgR2flbSb0Uc/0KAmowwyNHESYIZPE4BG2LwxdaL
xvWbfBNJOfyJo3JATSCQx/P+vs0UCVy8v9Emv6gCZGuTtC/nyj6YegwwTf+Lnu0rBv9Fwgt8efw/
bmmw/M8f17JyMP1PIdN/Q3wz/z9PfGd7WCOv4YwBv4+ib62/q+NdvXRc8fTo7q3P24tHaIKS+LEk
gxRL2gQtl/u1yETGL5YnOJbTQI68r+vsvQGCIF3vvChCQqkgsQRAAIMhEeIPXJGjxYMk+u59u+rl
ma2NOlqMpnwuLV3bjXZxPWXc3f3s2u3Ovnfdodrt+X7dzFxcpK6ypk0paeoaVZU/tT12LjZqVqwk
b1pWt14iMlu1jGhq6Oq2iDTOZLVZ7zaWtLbOGrdaRs2IcCoVzKrLG5OTL56hIJtVPSkuNSoqMSUp
Ma0Sl9TKKHBobXZ6fe1yPf3+J5FrCSf6PYyiQ32g+E3ocrvL5fP75TdK2jqioalCFYdsWtUkZZAs
RrVSkbB4GcJqs956XU7ayv18aL2Rs936HcKzoWlRQblgr8AtztSuoWQSI5aRlLCyujq/wWN3er0+
FP9goJsFvPhPhPwFjqF9Y1emoqkzqT/xnV5k7MtMXbSUskARn1mlTGoZ1G9FyZL8T56Ss1u4olW/
jKLVXvoR4tlSii+TQkNmc3eulNssQFgDlLncns9CbW7TL7wN1IQIUywqxaEPQ5o1YG7UDRalij8z
s2ZqelJaalZWaloCUphmsQkr8zWXrSC9FIVGt8rGHNvBLV8zDMZ8fn5X8HsLqUiFhBxNKsVBj0FB
L8PaE60c5Vs5t4DcOA9DarJQhU5hUrwaK2uOiV8SOxFvEohYMaFtajwDpvFCatVQEDxCv7SsXc5C
iGZielZmVq6kcnm8XF18HF1sjMKYeJhZ6Cb35W2Dg5NYmjJO0/pouRqfMz9ZlVBabaJSvVFZDb+j
GWsqQGUwY91QkEFdQhq1Yk7LgE4johlE2kYvppS/elyxkmndfI39vNFScTEuvjNp4fmfkGG1Vsu1
uSWm8ay6Wq3VZ7Ekuj6UeBDCYvECDl3/crW2trysrKqqqqycDP6vdkBfWmruPyH87lbkmdYxWUN7
8iTv8zTLblZG+npLj4+T1ZS2olynL2B0cv/kFHQ9FAZrtUZLjUZdRQVlVZpUSdPTVIpKnCGXMjVh
nVxpDz8hta5KC040wSLJ+BD1vVmhNfi0paVFGJLfdmVFBXCx9Ta3hP+SUWPScnXFQRYDIizFxqyh
14GIVfE8MJlpUIDYyEI/0zQfMUk8JUJXlyM6tkNAU0eJDDjDLAXdQiIwMjoYUjF9gL8YuWcyvjBP
tt6y3sN5miihFhjTgtiImLA3QTWhrT/8VkNNjUwJSSLiMTE5QdrCAqPGpvpWhZKI4G33/ZyorAnl
qGLBsKoSjEKg3v94tMN/1Cc3GqFNXFhbPnycgQLwCmZ0uTkala+CEQNSYv3sycX1pX1Ht2hCU0Vn
SOKnPwAtMW4pAZjFINmOQjsiYRnEVEMDI3VkxJPPAo9ZJdrZ0xOzmDZuTZ+y4l98pPb9B2VBhBRi
8tU4BmRSUmkxo4zXJ3IVmEYMMv4KlhQlVRUHclpcez0lMAiRgaCMRjuQPHNOLTt/ZXrpeZlana5L
c3NB3uW/6GTgyXl2UkBC0AQCBAWzY6mEBdMmg5SE0nqFUIvK7ZeLDqezeK8xbVvkS5QUlaYSI29+
aP2VCF7WwjCwMCoyUFIM8SSlRU2tLZQ+RL55Yzwnr2ZPJxETkvnTw8OtDiKoScADEHibkpKS+xZO
HX9neQEZBZhA5+UTWkrWFDVlKCDHfA1YSV50VsAkaMxoSFFGPovGwczGSQPDwt6Gj/X0KnGrxhSV
6cLKKiLyTXKCRtBA1FDvKSTqhEhFMH4SmZbO4+Pl1NTWXV6Ss4TZvL75eeFi0awabeIT8+0BEQyM
R5qxY/9j+1E/K8oEQ9t6tY7oYI6wOL7f9pqmJJG6VfOWFAdyRyDjJl2ENnhnXByTehFNGmaX1mZK
8cu6BM+v2JgO6BYwwhwRFSVgWkZrsjAQlJLkggeVKmNhSzfJ4shVcZwdnjFRnRARz6oV1itBzv5x
vQEIvIjz3nR+akh1AwME5hYuzWIovQVL+OIx0SeoF5L0DlgTgGNRhymJDu9tyPsGtaiRQJP/IDtF
xcidg3PDNcbIpNiTkyvqdwHCcXYi7Mk2AiY4cREcyCRxaCj+zlVbN/KaCjglwDHRnUxvGmR4AZNo
b/WDxwShnAQJcnT0DhRkZPHiWVuTOhNv3uQiI9s2Ujkr02LCvD1woujL4C9DR/4mY/WZOTpxaUlB
vhvACkEXuq7Uhw/PL3CdXIfpnqwZkmEwWnbEPD+BdHQNdgoJCtHq6ARxBh2wxeBhYjNocfBdlVhk
tUMfYKHbBwcX2YANawJ++4jROqVhe5gJCHWgYcRo0SIFwhnwCuAji77B4h+hIdw4NqkcM8aA5BV3
ghhozMQEYEdRfUQLW1tdQSBmlVxn/XN4caaVDrAkDeNiSgipzfGhFHGP6sQhCUh5bcQK4JSgxUxY
GLzHaC+mJhbPHgR5bHln+DaCEmQGCm2OIgHG6tPT09ExMkNdWEiBDV9O5/N6s+92SiqxurUo5+08
6KQrciNidcIRxaIJHZw8gMVeEn5O2MVp7BxhyRDAsWCmtMxlkgAKopNodhfECtP/ZBSJBC+lVY7O
nKUUdc/uNMIoAesMEjP6ouUS6frET0m1YBZTivPIP8w6JagSIw5KxsF8fcmAwn9WDg4OsaJIY+I5
7YhqzXmz9b6XD6VlZgaD4ImR0YaZKC7IQyrRKghI0caX2dkqDg+vJEKZiakVK5fwDcl+/eRDxeoo
GB7VQKrGwXj5xnUbG5frKg+uYYeZn+JK29gqysUpYEgcRHBqGoonlpHF2QpkGcKZOFhdmMWSakHI
PWMMChrq5aDF61QdsdqSCbFfxORmwcCSNcbCnYysthPxnkmrgc3inZ6vTYikF+iKM/r8hsQsEci+
qqqvk+vrJfye8Sqwu8XHytKw8pYpIVdADJDxVRLF6qampiPVIBVCB9tcTE7391m4dW4yilCk4PyT
RKzE+HeJhtWOFBw4HCLnH9HMTPyV5izsTE7n9whtb+6Hmcnf3tqFn3Wt/hNdBefB0eqEKAwD4qdk
MRoUFpXMF1lE5V5ISGunJyjTSR7GRuAWlK4StUb+iT2RxT4+UEm4YBVv7oKGjrVgaeXXjxrICYMq
qFXNlJEQeiDHvAmiYmP8SiFVAxkYhDFy6kFRsKMY+CX8OVTaaIES3RgYGIgVSh6LRERHu32HiIxi
SV3w0hquJ48hzvFzwMU06aMKjbciop5PEOJqQcxiwIoKk/u9FIahwkdYA+EfcoQxkbGj2/p//fNe
ULPpEh1u217eKt6CsrKwL5P74SXTQwwcs9qw6BPoFZL/BWmg+vr85CUU8bDkMCy0uWk5BU/xYNnV
NhE8JCYBzAGdVSqUExJ8FUmK1uQuY3RaNGtMkagbmbvspTGIwlLEiRRgBJdIBDCxylSrOEqptc/U
mIiNeo33T4qhznRLLwyE7aT/A+rEweCSDY3BvvSJj6AShdLVDVloYBa6iJlxREPgFtPXr6+t4yOB
Tegz2018RWGz/hMKmcV9hsDhOsZ6Fhga2rsRJUTIM/DkE2OICh04HR8fH/ftFbnpisz5XmACl49E
MIKmqBKVR0lqwZgmz9mJ6DkshIWLd26V72epOucM9N/zp24iImMVTAwpKZw/oNb/4wYcfKfWimJw
uTXy9Y73H5/gYTq0csrKzZIsZBQGs0jljBQkPCIyRJkPWe2Fb4GSfZSwR70D4+Xn09Ip63Ieloig
MKKn7wQvI3oLckSEhJnXrhcUiCe3Tv12hz9BRrRq7sbLmy0U5BAMlZGhBeAcGszEtdHR0ss3jEPt
GIur1RpIqKi769Z3ircbUK9Z781wZZ7W0yiosc0Bktq268GatIyMkuYJCAkJ7m3z+JvZqKiordYb
jKKbO1XLT4y+i7gRzNTeG40nbyzdZiORKP8JzwcHB1NpdQCDQuZwBTNmUqHNcHJgNelpyGcA0YsV
AKboOfH19/byUul/SMVLOTs80czc2Jf0hJaIaAsPJAABoSQXYW1RVU/hkW6sDb6V1s+BzV/r5EvI
l/blG7CtUq3eHM7RERESCdYnkynEt9zR39n+zUILvpFkh1tbXaKisYVPB+VA4k26GnLJnET3CJ3/
iSERiQMa+BS7rvv9Aa+xtW7/yR2PORwoiGTYWLjAwcCHhoiKn+QuSI4fCbDpLV+Cg0GiSS8uLvpF
ngdvqyh2n8b4bmxcm8nFPy/K8liZN77AwP4D7oLET0DG29CFFAjkWwDAj6gN1X9781/e39/Zfhvx
TBa/zmYPRB2yD+72eP++n1JbZxOKxB681eYBJ9nwS5MSE3F9nhfGcL2sr1Zr4rgfIaB6Q8wjv9o7
O72ya2rwvO1fvsyKeXY7fbZOHvd3R3rq+gjAoVtwUVuBngb+8519R5LjDqhILy8vl79LtPP6/diD
gYUp6P+v0ypvcpFaSwbu9E+TKVR+vj57EUl+Xq8begIsHwpgNWFhYSPDwkTARaPQn0XewL33FWV5
vJ+r5LlW7C6fzzdcbuZ9fyS6n46ahx1kjPSFU/hIhVWvsP9YmVl/fvDu/gOF/w4zdLhcb7PrbtY7
jMZmy0pIsj02mbpcb+rq+Bwel/fn6X/zhlaq1Bq4rpFR2SO9DhtoYPW+wWJFnfX8flhe3b9eb+j6
vh1NTU+H4Pi4PR6Ppeh6to/tu59m+chotdvZPSweF08mptLodHIFu7hJWqnSyk6tlZTUglldDBwf
d5jMxGJ7Xz6xvuiN5WRkDhYh/wRAu0YB9+n9o4UCFxAix7r5LR+IsJH0pKLdbrcHeuvH5Hg/jj9f
rtyNR29c/zzudvN+r8/m7nab3PZ+Q0dPQ0W9hIqKCiYW5q/Nm7mwcMxpZmZVuUHGNKv6OLS2tDY5
5zW3Fjg1rq5t/zPErm4tWrn8/sLSXH8eN9L0PE7Gx8c3mszqdLpCnaKYw4H9I7rh4FH1QprEupuJ
+g37ICrb9ny97O3vR9D0tnt9uBLtPURAb1sL9baHMfQtLJHf6CFg2pjFa9CRRhaX+b5Ap8yHxxzM
7ktnsvwafb5yebw6Oztl83hlMh2nwQsryHvK6bw5XYRjfAT0rjHlZvb3ErM5XSzNzcsrKi5a1nSB
WWLvO85yv2z6fYk26oQwfiJ2w+Oud3u+QtB03V9W1LCwsB5CyGSz+/2uOxyORs3yfEJ3EPD5/m0c
RIj9AvhsQrtCFRQwxoLEFRH2x8fQ6XQ6CzBiEw9m/YNjnTUJaMtPY8rKzg4OfKf8R/W+qdVmCwjP
VcjDyx8s4ocSISsA+/03rF7Y4eV2kQ+ah8TZCt7y7/f3z67jDuMd7V2z/eW/YQz+RycpJg4W9v8p
/G+ayLGw/v/HGDCw/N/HGPyf9r7sAwZGlK6A/W9MZP2fJv4PETPb/9FAZvb/HwzkoP+fBrKy/t9I
iVhY64ihjAEuyE9SpsLJ5yeXQBAs0+E3JIuEK8I3i5f/8CtFyIAKqmtqQhVbZDYDlsnmkBZYZK7E
IG05HJE4dI9odd999f7XcH1PCJhwv/VZe8qtk6FkwdRwOpt1PPUzm/2e43hyvNnM+tsV3i8Vyrcw
P/T2uOKrU+XOUW88kpzYq0sOjx7/oylIP05TzdheZuJk8luSuEvkvylSAm+szIuk82Xp6+30c/b0
XSgwshe3vgZrIDuK5K+otFsueMS6UjmaZ0/iTNXjo2e5Cjpmgo4ig8LEjaJo197qaGw8FIJjk0ta
EomhjhgpOXmJSl5efwo7/w6cHXhxa/ngoaamKUKa9Azdwfk82d6cf0R1+9oO3tWdqLrCzNoND0C8
7FJomppim6rNyNYKr7uDorUSwKpHyJWi4EvWCdpNWrpDz+HUna9HkA/nvQIf+3Pu2Dc2AJYy8RNF
AaLX9h3DlzQ9AlvxtMXIZU/XeUp7JxTt29yOqrTDyRBmIxSae3eWVJrrc7TkwPvLlP++Kt8uMUFz
DiH1/2Tvax822OHh5WFkYuuqX+bmRlDZ+fW2/DhiCBEvXHXm4WPp6+enBhBlu/AuKrBPBVRnn+RY
yqn6eH01dAHPeXrxsfr1s2Bpax9mhB2vNt1oJwfIJGitnRqBZWuiUn2cHV4srCVQA+PR2owGQtNB
cYUdKIdRGlsPrVbcIwXFH1py6m1JqWEnIqzaHCG67zVzG9dyBckoBhdaHKLaMuarNdMUJZXyCoVB
8vT1NEDY6cXFjcIUtomMWH6O81m+C4SEXf5Y/h0/z5y1w5azxwFZMDjaHz6D1WZGPr0dSoOus0vq
jgXkrZ0j7FHdXmZllHgaqNiYXv11KqEJpagpuUvNOWOFgDGfboslQxccMOxdnP/JKtcGBAqeYWNW
V/69UCm08bTKOzgv1OQ3hcmI4S/ys3wdmb6sw45hkj5QuWn70vH/CI/gn/N2QtDXLm57rjCfJ1vn
LAMPVBwwOJonv8NxQOX3ucpTmICM4kaMyX4FhAXCSwUvo5SWK3yQ+AvHy5FAyNs9uLOjO+31OduI
ESLqbA1aUAC11wlr/lH89XoLbtRyK0uuMOc/9VHCifeLIOAKifP96sXSfLaRA+dB0ApPeKwKz4bj
9dM9fApaSxywEVpoH+IDEhv7yoN2EcfbQvuVVqxAgUHGf+afneJ2Yq7TVUU1D2c6KYh/VgqJIdlh
i3bGRku3Sw6KiBzF+SJ6K07uysKFnXInpn7CmctOek/yeLuNx8uV+FhMQG+5XxjP1nIDtbICToxf
WaU7M8kd0CCjkmK29WJ1t17dVYh4KS54eDF6aIqSqjdEU3JXwcp6qFnjgEv3vll51ws2K5IOLr+H
eh5VixtVOEhD2LjzZBUWCrqB00l7YpxTX+Dn6NM9SJB3APP5EK/uZGU9lBawE2f+de/oX3KOH0aN
GeJga+0ra9X8eL/+TtjmfM2hRrM6yrJqoIjfY2aWN4QJOlIUpAkKsIganRtqAg1avNzibYTef2Kn
tUcuRwHBdPsUY9/i7W+xMB9edq1EtPyI6ABNjXcp2y84nD4RmjpStCLHc0j/5miN9zWOmBbveVh6
wmiUn6pXQvdZmvcnswIqj+u4AW61Elq+yMo+cHa91zTaczA8nFP4SvaICJ2Xza58VzzWGiQMEIk5
p5WJsi3fdT+r1Q+7sI/nyA84nvdCjcgOTN3I0jzYlwWJuQMn3evgU8Q1aLvm9rqrIAY4xlfyGI+b
K/Udvgvcx4LVlMXa+VZYKXQ/ghyVGKTmHLDDVlt7CQlKy17IZ+xcWC0WkQpWaeYMB8HMvuhKmsLX
xLvP7gdUFpimqzmsBUY7IH6yHZZXHuAHRpLOrj9ciiezBR0aVjYOxPMj0E4OGrX54zJwIK3KCec+
NNlygMOeneWVntcPl+tDnzDs57umaEAHoRuBu7f01RHXqCqrMUuZqQdhrl9jLiQprfshgQBF20nR
BjOhufigI1gQHSioSbmHKF4VbCnOdzonG7h4Ay/BLI3cPeg/LO0CKqw2l1/kYDVJv8+lqSaVyh8w
7Cep1TRr9aj2nd/XZk9XIfrGuowW3o0cXXyEOuC2kmkB8dRb4MrcYjBPr2V+7baTOzejMe8HhjNZ
a7yQRqyNSO+s3Z1Q8bWYn1/1HyIyT36LDlZt5rVnVcmJnS5yYn7DHxAQb6nWz5owvzFzPb1I6fYM
5o5XaaoeVho3YuCAqOt5lKo75r/LUA8R3RpXttY5qygUTRL+ZmusvGECVHgDJd2YrXIzFCUy8qYD
aKihhg7ZnS92cedOVHuTt9+cv7T3llSikzpc1TmTRrRdSWu0LK8rSNhiuBfWTvAg/AzKrofmQGMB
pllYHd3WlJ/f1mK+h7O6qrFzZO2oWMtaHqKuNndvUTonwK/6T3xayDWUJjChwbQwsGEH1wstM3vi
BP9oPK1wMC/01U9BGPiBMR6iCnT82r0gloOEBa4pPJ0YFFWbZ8/U06tkx1sOEcjlItCE3AJRaBF8
SegChDhVCcwaWamLFIVkrvdfH9zjdRhR+pydEAbaZm4TMfovwvPdUbbG4xI7y1U/Rbh5JSNRT1Mj
YMEi5DGhfiTsLdQDFDSFAQXOWHVKdtx/NOw1lAc9u9QlpA92thTV97ckqhrvP+b4DjF3S/7nFRe3
bXa5rROBkKgQiOTOGdAgk9RLqignceuxtvZC+1VvkpnzXxe8FYJ7l9Uj2PYKFH+ImZwfktUuiWe7
12NSYfIcMZ0yIFOc+QRMbFKmKB4MNK2QkevKZIST6hwtAUAfvVCeuMGmOl/5WqDAoAJPSkqWmPq6
UcwhYV47cIgN/eOm6Sw9UpQJ4wweBxaRl2hqyU7sDGDQKlvdX8YWIKlbHDpjUmhVgu6kqS4EdGlG
CRIcrhcJGnf0FnITVulSg0R076h1WnXsAMXa/jhF5wq3oswNZqYb6/Rj7G131Ze2IlxYx0yt6FHE
22AfpqjmAp37y01uvMuV3UzTtchtt17is3ACVYABLy+a4jaEbxaRSUgI6TU5P8BTo1LM8lo5RYQx
Y8I7esg1glRlpleXpyai3SnWQYIhFstyaN9nrt9huVyWfnz3W46hWOD344QHAPJezQn8SthqskI0
RaoQxrnV3/9iqa7znILJWlcdOqunq1F0VybGJOfnhoMwWjlLb3N3Y2EGisLCyVZuParVCH9k6Bue
ahll4WKu7sfhyCaw10GB8SCsh6UQW7lXG4byKCkUGD4ODsHHgL2Rv5F2SHoqsW2hAa/9bJ/1/jv+
p4VrK2d8aYbWSIycy/iGHfV3WGAeeKHsTl1q77rwcxUbjDASuVLKyms7NFERXaZT1ZEr1v5QpMAx
DUtWWWMmSkMcLCCjjnfrFq40de9HG9/+Ncc62uxytXqz1aYFPjju8rNqNeRSNbPkWZ96xGk0hLi1
Ym1Q1cybvE5ZSKPV2tyyIYZYgFdtjwf2uGxs7hmbB1du1c8hdw9RxkzeEQu2qQXjJx7QZrNF+qQZ
evQPLoLst1qF1WM49R+NHYscvZw7CytOAFzS78wVP6s1kbmOTlW0bY3QLH5rfU3rgmUmt6OleluQ
0ERGoukuIgbDxXY3rNTyJQarNewAqfLBlgiFDQTe/P1cuWOCA6THPh/sLayM6RURMyT/chfVKicp
yfWqlxxJZtn1a8CAi57rCsgRLm+3FNXza8LMYIaU9pYx9BajLuatOLUPZcE698HOoITg8aCWBc/K
GKIek/VxRU0LNtjgivA30zfAMCs9eN0o64Bwiy4YfKwVOI2BTwiHUHH//RisqkUL4u3MYcAa1Nof
BCk1KzoLGKgYsSzTrO2vYB8HfId3+C0os0v+ZK/CwXuL7EZBcEszU8Wya0lFTl3GGRZBmWeYzQxp
rwq/sipjs7AR6bcmoF7GORIfXi39/QMlqLEKGdubpa6bXYhxRC6VzajMwSrQkyqARp54Tzs1uGHc
GDL3o2ep2sXbgscwvrHdLAYqsS+lOCZaHjvIBjLIBqCBmmJFU9BUhxbaXmNB/fKwRPDT2JXxtf1g
YL+eJL4/PlEqRSy0rwpIhb0Dba0zKJC7F34z+4P2xfwmpC/6Hi2YVtdmNiIr3SgaGYIasjY2ggp/
HqwBPtqYYw8VMtcZ7Bj8VsaW1bVtHiQfJRC2rnidcwhBF69SHScIiO8LMA0gKiuCX0jnUbrplFEK
v2k7uvY2SzAQ8TGIyeDdDBU1qQIG1ZDOXpTao52siXzn7x0mWSOLzewf4b2dtsULyP8RLjH/j6I0
Jgb2/x0wcfw3iJD+/3lEmLwltySPPYb3ImAEkeZiZESltWazs2pb0kUPqjefft7E8AvdbXGYV4AQ
dg9khJU24WITsgJABFZErtuKsJB2oNsvHljforXd7j7JPzQMQZcDx/VRfMHBQdb39OPTx+HlZYJ+
c3OjpaVlQk7tIZF7RlKnQaF+wV8CnAKbXQjMxcX1gScGps4x4gHZZurU8fGRhmRgyi0dhvGqLD0v
ne/Xv7WxcvDiyg3kvOt3X7+Gl56b+9Ha+/snvru7K0uaJCQneqrXramjJWXmTpDFhaFBAA3PFsSE
kQtuxoTx8OXj5OTycjV4xRZUcBAyIiIAT8x8866Yf6CnWIGbx4cq5x0+UkqIkGmC8XoBOP0LN8Qo
VoDxCh9aCgexNG036Bx8dBgx/Fg2V3Bw0Ha3e+bYcWSHv0JZn08HHy3cnrDQ0Fq1xhAtzJC1qwwi
9k8VpOVSPgq1gZkQvRoU/UC0CEx0hb5wEZ+yRbUiEEUSvXKNH4oFhGVZoDKT00SmpruyMha/4vb2
9nzbKY8vXbLE1c2tJFFFs0yefBhJandM5/r4uGSVNfCZfTsN51YV4MSyJJtGJhZ18aBBCdcraUyU
FakYq62jmrUMtAwgPWWYmhXJlCndftl4BYvaM0ijjM0KAalaBOUl8wmtkoX+8OkFJliwaaHDmVPH
E7jitBs/Wia4jHDudrsn7CC2sB84Y4zK5YD/tC/5Ej5JsyhlAsvSZJLJbG6n2yXriD3e4B5CvKS6
GdbcUc5uz5rZ82QzhvSsIIW/qErkuLwMZCM6iTYbIBSVh+TvsmKW/BRDcUVQMt7gX1N0bAz4Z1gi
FdUJ1P3oKJh7VPsFhlkTedOwzCTgoteDmufI+WHyhiUaEjQ9kigTYK9fKZqt8Ilji7WehQsMsVr5
96++vT59wzND3lxa6xeI033mD4jC3lLSf8NQ/I/ewqwcLP9T9r/Whv6/Xex/r8ykU5LBp6elZ/xf
yxs5/s/my8nL4DP8L7NZ/4/djP/XuwvgmxpYO5n8rwoM/xcKzo4u/1/z/5tDJ6z/n0MnsvhM+HQC
/+XZtv+btrCJq4WRiaKY4P+1wxd3mdhrSTzR0q4uAF5gS4hNT5tDU28lbjBuMTbhyGbDcExPS2OZ
hk0YbNMzLYGxdh9Yp79+/vzc9e3SvQ3VdCqxsPDo8OiUnXmne+beksJj8hETk5XGywMViFXtdaIV
k1BKTk2iPPNB4gcI80NCATXUqsTVBv/x+F49amX96f3efV5gBrzn7Zhc+Xn/qP35kShoudzsrht6
5JtYarZdLFSa+Cwzdr3ZXm8WkqW2jm9/yv4RsX2LydqTcGo+C2n2tnsZZfH+cUjRNzNSasOWaSXM
d0r5YIkU28WNsuZ4kQ/2tTQi/LbN/aU/PHU+m0c3X+4WWBURUiTmj1/tltiEhf4JCf8x/Pph/HUM
/d1984X8ObEJ7378Xf5edThtia75uRozriIu+r38Ef3kvRan9gm+v+39zf41KCPYDyoK0gmCTQi9
C6dLZchkyxEvtSVsIoUJEY2XECNcoZUQXaDTFtDix6HuFO+UHpPHAmoox/niHMHOmKwJHF0Q1EFT
AF4GmalDRmdc4NU737sKIJUBuqrx4iPDmyKwB4sOcg6yDkIOAiump4s6K67C6yGdzccluSYJz1s/
Yi6SIhddk6gdsl5iRSo/B9oWcKtug6DKz13+Adg0I7nyOYf57mQFVoP1gtw1lAal0uNkQbvQrY9s
wOVVfoeREwwECxtyS0i4C2fLUpK+EDRIyCRnFesYo/4geRB7MDpHL4ovFAhckk+SdEe2ZnHqUBf6
laZQAYp6eRb+sryDhje1hakxNnbzpMfon8Ej1YSmBhdt2OyXgcp1GKUPUKJQhCESRxO4lCAjzhQX
JTcU/xwbT8pUZn8HZkIMK7jKww3Qt0SohsYW3hQrPZw8oz0bHXKGIqSXT4OeMXpiFuojrc/0AnZA
wrzemrIMSAmKrCMfS7oDmLFKYTccdC3gquCMv51LDhpBJdwSxJYiL3AljCRXPfMsAy7/+oOlC0kB
pw7hnOuKAvhABGPIeYCMAtinuOO1Q18WakNnHSAOKRvDITrwV8dOc+LhPdWHhrA6IZ+/3stox/2E
R5+ZOUJVxSrKBVJFjCyj7fMeomnCe8vl8n8BSxb3FrYFrDLy928cXqAKQeINQwmwLWas4VhONUtY
3zuekqUERzTdYkpUo5zLjAFUw3udYg0p2KNDUmIfj5oY3zN4ux+H0We6dW1C06eXRbQBMj0BWuDT
p48U6ffTqWppuo1CrXqMGtdjZUYt87ucG12TbgNnTX4FMzdAE2ulw3EQriA2x0sxxo7iOvlxRmRf
cK/H7bd4Ww1K+obm0x510+u1N9qXt5ed713y7HPPmivC2eOZAWKE0c+STFqaQ6mJgBvQuWGXi42z
h3uL/g6k1Xc1lHdb/xIvj5lJMjXkfldZ8n1F6OdJzN7QbJ9kDy1Fxn6p3e9F5ZGBhbgVL067HoY1
qooIYuj0lpEG/oPXJpJKCAlEOwYe5xMEZRm8pr2W3JtEhLILTFOPEzGZJjlXWdCKRfcizKW7dxJO
pLwgs41QLvINzosfKE36ZuTYl0RcROlO115AKaF7sJvwVRFCJeWqtKXlrHYvBbXyLegxAT1uOsfW
8JJUe06xBoyJdkntAdJs4ngkNEf/yv3GpMpz0l3o55jxyUeGyH1qn8xqJPUNsIwwDd2v96zuqCMv
xDj4FBNclI37UPOUbWOxqPUu+9VYFTjBE9VygHsRWirfhMley6xJ7tBWdkrEHLOp+RDp6vcpnjFg
f3DYxLGnrVM/EzH5Vt7huL0LVPThO3A9cBfi3xVyXhRfXJU0jPbTUiwpk5bbBj/2mcEDMkumUNV1
1GrZQZ3NLX5ZJ0sLfj6JLXP5+ciajir3eU+b1rIwDJj9zu4VqB88BNcYpJ5SHKZEVFc5h2PQ3wl5
Swy3thFmKt5wzSHUY539lUSj+7ttt1whJ2OnE6ZRHmu/HaldWCyCoKDodFtQ4IAJpcv1LWFsGvaq
6JXu3opZ3Iy4a3dxDh2+qAVAFWftWAvsKyZRwC4VLo3NDOiJbyqS6WaFknlmebA3iTBrZSzPvKhZ
1WJh1quMKco5kYvOLZeLmIjKMjIG7yzrlOEzzHKkqj5uTzMJ10GTtk2p5Qdi9tQK4cEHQ488COAe
BSKhqEf/rNDGmdKPUOExGmvUK98apnivYek5mhUPtVgbllMGdZELCgGrKqBGtjpDzyN750aaaUJS
OvJra5W1zDttPSOem6JyQy3hJg/b8Vn6rllilpEI8tfNRJJYwhCsIb4AaZfl4tPwx+8cPi4o15iT
JnDsvfAr+aY1Zy6smFi0KC1mruRc4ya+iWaYfeT1qRIywULdPc65sze9hqt1/J3uzss99s2cmbhD
/+EsqxY8NDqztVUyxM5YiWKYame0Ajpn853jhMhheJkbTVdtYuyiS7XwTflBQdP4nc4gzDbwScKi
smqtcvSz7GS3fIxNr8xGe1rjQNpxAa3y9ipaGH+dh5zLGcQ6UO01GrEfaE9vIgFNaWi4k1xrvrHR
UnmG4jblUpEO3Nw6GdF9D/MxeDBXTSEqeafpykOiupicskeQvCgksnW9QP3QU6gwidkMWRiaAj6F
zIVDsVRz2wuX7Pgzie6azLwnSZXPyWKgub3LNEjYGXBrIavEROx4iXSlgqyBVABhNEAmCJoXbpdB
l44kSEWaVTpNDBem8yG7oHYgYw7tTksOQqQ4E9+z54gR3iXqFIJTDKWSBcwqx3nJ6oevqdkB6Slg
8yxK6Omv3gdVRTpS/jSz5glGrT7V9t9S4yW0JssmvYdgg3iD7ApHJZSdJKwlai2oJkOBn1uQSzIp
xjanDZHwDHasgHpE3haJkn8UsTtXqhAcyfuHGFPOByJb9FM/NgAJcCxjRvhP6p7gikkdC6xBT15p
QLcW6lflI4M9GZmwGD4tIRJiLjxP4kj8R6JHvI3cbVzREfEH64Pjg9450TFJMZZUQU/ewh1HR5SH
NhUQpVlCMtwhdVfqD7YSqHOLi4DeKLyN7QmsnXlYFE5Abcj3VUJY8T7wK3JDvYTIpuAZXxpfpySa
ZHNcdNJ3keCRkjKpsvRY0QuQoDL9E0PUAt6GkDOWtuTrIYUf9yerncWI0F5cA+DXsJrhfX9iH8qL
iQl283InLvB+RZ7iNWACAu7A2+xEVJubo7OxMiBR2C4icDF0N4I9tzGrN5266PPCriKo4i1AUR/Q
Bsce2DZ/zshZIA/gSoAhbrAdbhcBL9h4nvFE1J2Re5c+iEJMlCu92mk6gxeBNa6FqDmGCdEHoTdI
Tp+LKOkdi8OoSnaxeh/HEIMGzVvsW0AL9mJc6dyyHO2F5gfZOW4AxHSA5T4vOuFerBokO4b65CVY
lkFLQhuin7ECebqXfEtcCAP9ED3wxljK+4iDiMMBkrMbuk1LlLUPrZfosc4eNk8FB9jZFCHcLWCC
OpsZ2X18Mt8eo0bdyYJHAEzSVBq8rnAowfOcnHT4tn+twajbTjqeR7IxKGV0QqGG382BZ9Thmv7W
WZFDz52ALxLvYI2k+sQOfnq6nXibtFuHXdBb6br2F/g7rSlsGVrRkTYxRF6ONqYR9nOcppTonvsW
Lx/DIgw8wW4a8ZuyK2ElgC2ZDyZnTi751JANNJ8zNonC3U7RwQ5aj+PsaTTC910NMpJkcZhYQTwz
b0MhkTRLhzjBJbGvgkIAF0KgMVEClXI8LINkkNAS8qnTHtSHzCo/fANRQp05ogPoKYoFG4NLyVsA
fgqDOIPyZ3KHiEaJ70TDBLK06dvnUV0ts14gAUMJ/5UCC1FPQqVyREO7Q+Gn+DydUQtLT0rYbko0
ia6Qz+SJgqceaEMEE6eLXA3oZsPn+Cg/IdsYdJzysBMliuPsHtmkdZ+kLg4qoebUTk1nZRr1cuVr
GliEi5lLJ4/EpmUM2DhD643aIkDQMt4YR8Ei+mWkh9midKclqwM00yw5ZFt0hs4y3EvxqlRnYKll
CEPhHesGut2/TWzNv/Ld6pn4lntA9wfsgPZASwjNg65h5XyhNZWaeYIagzFL45iX8G/JECJbrbbB
lNhNea4eZjK3MseMTzGxeO8ueRkG0X4mrQIYBPeJKVOafpawhA1aQMosnmjbuCOUXRi4egRdYFvf
J+Qt5V/jDMJMqm1rGhWUSR2OpE5h4epEPWaync5yecmliK3stadNWfl5srOPgvNXNu2o5NyoYolH
eJyuHkVCl5I5DgnkrSMnYcZF7j/qBMedN/xCZzllTiVaLBwXIC+iOxydGas69CvAkaJkL56yFInK
ut0Lz7LSorq+mLqf2zsUHpU+TlPjbW+jOn6lyjVtLC+qts1NWl2F0M0x8K/mSWVn6OF5LspS8EcA
9Qdq+sQG9Q1aexTSyvQGB+qMS9Vr31erl4l2QV+vmRv3QOPkWAw/+ZTyOahYFvZ/X4I6N9xKroJB
ZpEfYoZ97x+rSBJPS9yvp8fQHiuzOxXdjss/Zpt2NUzN+opM83JWEpwD8eZhpD8gbBcQExsQpVoZ
3TAtF17F7ux9/14ozEB8omMqfIqZZKiWvi+Bno6cAxmMaWT9Tuc3coPxPNC4TE274WqdVswclpSK
GhuXnvyehB1JVci9exzzminYeOc0h9KtAhth/RtKN6vj5kGXeq6RS5e4Kb2AU40oxhsOGK0EZxEO
rLWI26qss3yUc5WWdhyI76oqVlFy/vozLnk17cfc8DsZHgmdN7PkQcK2PmdGCgIjANUmyif1tRUu
dlp/rsUbELkt2tC8CsC+7g/BgvfxUe5MVjhV08zXg7J5pFTvG3VsJIELj253S+RO4opWk2sWaWN8
NXdHuEe0VBUOL0+8dDEe+mIydFTS7nlaXV7uozUeOFi4CL8ERVr4qjqJX2voLNtC1XceB/tp2p//
GRA9QCWISxKLhH8kmxTbDes8Bx0bEfMxhzTmOAOCVpCNA9sD33CRyD6j3ytQREpFryynfebI/7vJ
2AHlK/J7HGVqYwAZwDonpKeS1mcTWILK7Cjb76PSQ2BDbIJwPBQx5DnAlxDLlqEkrMHnLbEmM0t4
PE+jAFoENcdIkbWNkrQQhMKCm28iTxPJC3BY9ogci75rPvhcolG3i+cBjQAk9XzScB4N3Yd+xnlX
Sx/6BcKCij00NBY/6Sv2LRYKxl70XnQZ1FrUYpTGFLiVrC3mLr2fEANEPCEgAe0U7hHuCDJdwFUY
28cB4KWhXmWIPC9PhMYt8lvwC4oKgHsVJUUh9girpxW8jIfYAk4LRuIIiwcFxbsnm45TYX3knBQb
/PfIQSn8rKi8DH+BbELhArUiLVPmCzjITFsDR52vdE7tjNlfdDfAxjDYD+BgZs9MJKEB6AM4EwrP
CLa49Vbfbd/8hi4qKinocq02/XDAsA1XHZWA3gvApPpSPLpQh7SrYHVOF7FUoQVAoiHnBLhTbmTO
FqDVD/UJJcqxjZQ+4R7Wa1ANgnavf4+qTMML+WRQ4wjOCCbwD1pdkHRoQCyu6Z2XxQvsEu7mCHYQ
czDOg2hDi7AJtKpDfkWkE7eSdHVpSB4OMaUXQFPkFyeeX69cL2DIHidoLv0fn3+ef1DCrjoNc0rF
KUxgHD2eBJA0oVXOZP9l7Cw9IwMj6wZDaE9GzzxbEFf4k1hgzFrul5xoQz70nB5EeOlTmSoZw2Zj
KEIe42i9adIo469xToH4gKSyIBZIwkJCtMe8R3Skc+Cb0VP92DioK2beNKETwASeOdBZoCXP6vSO
RfasxHAbO8It1y5BX3xb3h+9QZR+Snyeg1azgrIKu4KjRHfNJ/tzCJYY5r+odoRGxNtBHKENsL7T
3fyn+Ax3CGemq/sgaUaqOLVB3PDVp4nvjnXpXwQLyK9G/UDOkCxqa+aMB6pC2lmU74NDgd+ZQe6J
wmFph+hnR1M4i0Bt9eKUNlXnqgqDXURZfKwMvmCpCTP1j8GrZcxV0IRcX4Abmsx/uyOJw+ROPFsk
tofnHBOJQAJQbW3JREQHW8VtK3YfnBsESyoDrh++arXlMYfS0iHDJd457xKkClWNxVAtpT4LHiqV
r/w04TopTONsDXOOGCYAXEq4BQ3rZcdT/rXZtlDomcMxStL6KgeqJZFOOWjKuUjex25qMqks0KyV
UsxRIlAy89yK3RpYR59qmkXQ4PgdInsMFRITTNTTnFWpmHgocKuk6UZWbkcam7HJpN9sN/qW6HzF
O5JdQ1LzCugO3Wads/agflW3KJaI1Gtx+7RotmzswWHCczB3x0EknEeyNkHOrRYNJfy29HNueQra
TdWQ2/I0TbkStwUZ5mTGcysz9sWpxhiunGirMaiEqYSXEAU7iwmlaLH11IV3qAk0dvwN5jEtyA9R
Xhp2+v7FMTXQvNKbW7SoNKk1DXsKyhN5HKkXjMkmsw+qYZcdVs7LmDN3txkNWy42ha7Fx1iORX+z
F0aUr5ySMqm9vQwvNsVAbwyacBbRX7A5ZDnIIYBVJtPlnBDJNjGcI8zjYcJm+nkoOkV3T50UYR6k
4WRVrR5NKRqXb7zad2utrz/NEy5433qFZ+ipoOcOVNI6hjAVAlIa2ia2XFo234uMBUbC91pVgiZj
/bqecCfB/SQAarzhJUyqVZZGUvryMnE/QSVqerHQjXxWsGM6R24ruhF4pBnF4IESldJCkhDM7zFb
Qnc3jk6Wg1Zz2FNjw3gPUzZhiSYWAmOdyYHdrbU0FX1p0IW1JT02OAsKiUX+Bpw6jukFKy9SuCC3
yz4yvGEQL1FK3eVr8/GNQVJMqqWnEKHpvlI/pDrmuomtYjoGHVm80+itJ6FcnNavXxg2PVU5SYxY
QVo7KBpNi05FSo1yJ2+PpieFKGB+a92vNpoZuKZa6FIzydfC9CPaqTtYnQa9CT7ZF23/ZhuMSFan
s2XaZ1HHZVBoW81OetNu3P5NbBVe3G2n7e0tD9hQmZ9MR3wSKd5wHVxor3M4j6ApMVNsk4gqeZfr
q1Z3IJdLx83RVNlwbQtQ6YLpOqJHugny4ABH6hH4H4lJYFcFOWlIIHk1V0lVxKpd19LukHXCr7RU
B327PDc6JrnWnAl8cD3d9QZGZtUK/PZR1n32gZSq8kgXD6usyDOhgi1Z/iQYQXK4BFV9ErvU9e3a
Ql9gNuAJiH8KZkuvS80S4hKcJMoltSfLJN8WBzw7LbsvypkDzojmBjxeEEhCxIF5ykcUvkXLLCNF
esVHtkr4IduW1jWBZ7j029qRWppsQ/KaPhGooh9M7h8G8rlHjIdO2hn7QB9ZE4RJcA5yPAoqglbk
EpLUlGCXYhM4XbxVKI0z5cs0DyAjWRbKlWgPLfkXLW8YQokXrpDvCvGcW3xiQWCIN6PRZ2F87Fo6
06/zvIfsAFpCUbXrHKSBprkvZUyo0H/weCAXBA6SzBF9Fzvj6+HLlHAXkZPfVSRRGAGi1gRO+t8u
MJVHLaRKlZoc9KAnXYSvw+SW6ClQHrjr1wXEZhtd18OZwIDEeZDpY8wvxecihYQPcbj7a6AR3Fdp
dFUCKcO4oBlAsqR4xqZL50gRJdUuCTdDrIhxiW9BIy+RLRoZ0ND7+2LoDKeD/Bt9CwDHIHDgO9eL
r7WOcwbdQ2/UADkP+QHpRPi97Jm+nUMO8z1qNTgJNXvEnM9IYB5AvlZZod9k1cc9QLvhrI9oT7cF
w00qOrdCX1jO4Oc1Ipifjg9kdEcP99+ax4vHrjyCPABSJ+kNlQ7No4qrhxgXGcJ0pnyqFhqCbbT9
wtZG/8HgDPEz5Bq8++Dj6CGcEpG87ajs6idUl7gGwg7uIY4OGII5RonGuNfFhPmHrxmKWUhEte+X
PzcNsIphQJ/3n/TBSKOK2KK611xNhfkTiIolcuNnA2FMujZB6U4r0O8QVg7i/u6Ii1ETMu/RF/UQ
UVxeOQd8V0QpHA8fSFMgExSlQImc9BzKM48V9zYuBKMqnvmaeDHswmBN/07jAjt8TvDLaVZ8Vr+r
nUm5i4PU29+BwY2trk1p+Kof72QNkjswBRJcGOrgJtoMsUddg10tleBCywf0IhJJAinegj3PWij3
UCNZaLr13bszM+SeXD/cJYktMaKQ7N3wlf0a9Y/djwQcITqh9dQUymkF9F03Ye34yCxiZ9Z0wE0i
0K/vPLhZxbCiWIOVyyncOu17jjDtMJaxsxSQBv4kgce8qJzmg9RTkTlu07+kzX7PrIHtEOI9sEfM
O6Mjq0l0MQFpZIfqBBLqnm3xihF1j1Kr/JdCnRzP5FPKWOmfk0rkn7JshAWdTpGlLOGUWXmecUby
U3NqIdflTydCi7ds6/e/D8iyqG+6SfVZA9A80gNSyk1A4I45FLR8j3dWE9wqIruQR8gzBL8wy8x4
4nctnIQfgkWr4cyXQw7NRo/M5fKfk1CTtRdx/nx123oSGwUZxlWzncVp5hrK3PwtE4Jl3DOchQ1y
LXc5Z4llQ9/oWrgbDr+0WxAiIfkqt8GbENQf02WqRPTFjqwR1iHwAw+JHIcs70DnAgv/1jpslrbW
ZXJULcsdNpWO1T2gOBbDreRjAs7KH/tXSeBr4+TkDOzaz06MwgRVApdK85IV0SjEn/rWQjy0tzZb
QBjEFJnAYkndrVOj9me5Lqw8ai+jPjLNOnkOVCpOSqucG2eSyqhabavs0tkchBahMNGUEdzVP4wd
upJN9+0mArPij+w3oYq1z9k8lT0dVhJLbJvwag5LBh2aMhEd0NYpMRErgt5BRJ4EjJr3Q4NGikmz
3JNugUq7Xe4H75iVMIqp5hxvtpeKTq5fYNaoAgJTO+ckCWx2nDVrX8wvRpYpTwbdhC3zPgRrrVKn
X4gbO5UyT3SuYF5hmZgcyPJlk4Yy9K0VtkNhejkmdlt2KsksDLlTeeeA947vAJp3KhXGOXpiYbUU
zLeQWQzFmdbgG9eok7hhU7mkGqfFgPeZ2PTjvsVG7Uxl7jqxZI6aRu2rCZm9zU5VPvwPaHqNPnpQ
g/bnOyXEgaJQW4ol+ByF+EccGVZeyZu5k/Ta4gZQpBm5xVepNc2Qi6CVG5uRA2Wjhh/h0BkE+1TT
zO6tnWZqvXv95ZPrx2fJud7siI8hHzFHOjXhMe6ptuYLy4px36l1c4x0IWBoajQnoHkjK91Zd9PK
F6dZPnWrrYNt0W2bvURwqDWu2FObtBxX34m7GoyjWNpwtpdIy8jzbBRcu4JJt5Wv9nEEz307WloI
OIhpOgyVempbjYuMycL9B0eZLYpZAZKbfq/ZERLg/ILZOJIshO0VdUnjF8coKa5Gs/a81N8ZKxSX
Guvy87lzsxPVD7e69u8W17C6asMsj5A/5ROgtXd+j5VsdEvsIk8TQlS/llPj0c35gE28hKmIsSuk
KlHSvx1L2y7gZKHiXxCkEwQLqAPqFTlOycqSW+Kj5KBmzEf8T57OjG/oTYBwciZ54CFBmX6lAU1M
CWlbjw1Zyl1C6U/TH5ZTQf0cHrgZ0+sH1UaR/Zx9MlpQ0SFG3GBkNG349XSsSnzKNhIbNLGXeJdg
r2WHYyhFOExxXakOwS3pg8W9BXBFU37wALBKDBh6MIW6o5J90807w+6QkmqFxARNfJm/7I/UBGO7
lcDHxx6d9Zx8XAKwNghbKC6PlPGpwLBAgupjSooXXBPkggDR4mkyRguR5KjikuYqZZIU6Ts5HHBy
f2ZMiB4Td4uoBVj99NyQuFAwgHB2jF1QbZXOdNNR3iD/FvBti7xQl+BYLzR77vumeDg1epIDzN5c
FbyB4Izz20pqTtEtGfPSLouzCJHnBWeoCwz+IjTFoX7PT958nCI6eHCvfth+FGek5TwGED5wOwCk
4aMENPj866nK4F3MygW1e+gvmFfu46w3hDYeKWzMaSp+pyGZQEZr02Jl5vifSkvO+mCGvHEgWCZW
JDYmkGiyY+RR63khG6CjAZF+A4jg43vnc6pmGCF4iNqjjPSHcMnvZBaADy0PFJ+RbuP1Idxxzqvw
U815rl6Qb6pXJuesv/ijaXzov9PXWOsk/PePSrZ9d2ERbKBasW5iFGFBzPGtgoJxXUw8VvqWaPJ3
YCdQQQHcRsMGgem4arPuj3IEHRqKkU1DHZWK66trxaKQrVilc/PDh/aXXtNfIW9hwdR7ajsx0aJ3
qD+1AtlPDXVtHfC8UUUJ5XcUVQHNCGJ9JXLAY3zXPNa8jVgc02vDDq33zYbyTKUpUqMF7fQ6/baz
3JTvCYtBs3LZI+9dgCPTXUlfvDINeWr0k7dI5UEVSDSS+nPXUTUMsUJK7ap7yS8VPlOVB/Fi0OoB
bl6O8c5pK4En82C2PNwQ3xOlAe9rcj9ipYld0vj6M4dYaNl7N8c+yDFJr8fuQm4Xql/Lhjlk1E8S
2zODBSaLwr9u46pqFUPwDcGP6+mKSJRIvqhEZTKVBRbgDQEHXo4YHTJbqd+sHhnuOM54JBpfgb6p
DhoKED97NclaermjppIcdoruFcbefJS/2OtQaQLkSTSL9MKHyIVSP2LDE3o1swuKleX03keNy1Pi
WsfwUwlVfh5NMwrPEp0qPAWr/p/IpuM595BDuklt76REuabH60nXfuJdlhNQcxy/Csq4FT16lZfk
J4V2aR6dcQSdNeRJWvF2zQbTPufiWGtd0jGXv86SSCIwYn1lGZbNpFjzz6zLJt3z0Aw1NDr66npE
KzsI1oubZKJAqU9jS64C3b20V5n1Yr6JcngTLG17vYb5+ehSKQAjzrd4ZeNv/G66KQabJLr4ODa4
5Vil7/rmBmcVmfrVzr9VEGsdoDxnfx/JR+Qfr7GE65zROtr64iKRw9o6LYILWyTFNEnT9etm5Akm
LatPGAuvLdV5OqPNEvGI61QfwNKkPMf2h5FIrlivwh/KVKeGwj7OrRXdNd2mvRyzmYUTYRPRnPm/
aNq4HkPui4u8xZHukS4Gs1SXtjsji84fW2nXH/uR/vOH5opIkYWoC9sRvgW1gKPJW1waY3lInqT0
isoxXVIsNb2X2n2ZVe6Xk6i1K2Hf1sai3mE/JT1DdgSneVQzSujrqF2DgrHcWC7rHsQ3xpbJXr7y
cZwLbkxLrVMXPrn1vcquU+9t+U/kma52DX+tLEy3TAdtL2bdf1cuMA9E6hSeevGDAzCf+9q/xEV8
yaQaZpbiAMo401aIs1iS1YfDOK/sW5vFpnOwYh6PA+9CtDqTehYqCuqYdHbBYvG6GrcPoINaWm5M
rXIfUNSssVImjInRb4pJ/Vall8sX4WvSMj8BqBl0pTD7ltTgixuBIatSF18lXjfL9/ouemKKopkN
OU5WpTsJJ7KzjB5xIj9JN3C6j9jjFHJ311pJXBR+otOn3VQoFQ1qUNQ2oZuLjrsMsOucx4v9qq0/
HYDnSTy0btxNw7/kb8CrSw0UdQhyrrSTYcFfOllPbuO37XgozwvTEaoigaULuRchnmZBcjrFrzwP
epSuobvgqCnIwWSjMTQ4KvUs7CXX0iZbwTQoma1S2zmSW0F2O0hS4IJL23CSWQg6yjYYESycmbqr
ET3cn44b0LpFZ/Yf8gtWdytQVUCvwCh1LWSGipRtWW3grso0zjNxUlW5SENRf8pNlAoonMpejEZ2
h52deQliE1qaJCozkj27nrpdUc4UHlgE4nCJcgi482VJfyQvIOzJ2pMs+mgmZD94o+KVcJz/Xotz
hY7yF5p93Tm6s3DhnxLoADQkTFwAdM/18vUw5K5t1qv643Ztt0XT0QLdV8RF12nMh7IV79WZU1+q
JWXvBCeIkZv3qzUHwT+NJqUX0fNdoJfesgEVnAAwjzhfsJ1huGWtgk4F2S7QdzECLtKGSU3R04uQ
612ZQi/9DDL2+b3wXtXMu93Y39C7aYmPbARvw5RAuNQ7A+cKt87zKdH2y3Dx/wFSlq+FW+ojwRDe
6K9rwaPnOcS4ooeDpS0mGVAyp/hC44DQAYsePCVcRTM7YERBNyZbnIvfNw1Mjha8vaZkE0EsbEXL
mVQKbnz/Vh/aF9mjc/IVItX18yqvMHAu8MHHth13oA/HRvf5ozZDrQImla/AA3iDgfGrofccSL/T
h+eLJVTt034TQPt/RqAVVdgXOhK2AjNgeNovpmt+Ud2SqSa/Ud3RayJnEqjHxcDcIdiY5MU5p2qf
XVapBvD1VwnDEAPrwccJ7BCAdmB7wrmU3Ab4hdkCscWv2mN0R2pA9A0kV7eOc+vC5wxVI//11zYw
T/ZxXJBbt/f3BCzgYHQvWOfWicMfuAvZiThsy2J4SzD2cjgqrubOlZf2y6WnDGdA9F+LPhKmTJM+
WhzDPiHNDGKPVhoEa3BUe4XDx4h5GSw1cEuPbA3jxvIkO59iG9cpqOzTzjIbAd3BuyUaxeVj8e65
aSOPbeXJky087ZlEp2wE7w76F/Izd3SSSY3hLiriJc/mSmxOZc7xikwIjWAj2DB5hjNlO8BmDZMQ
QW8EtTtteM8ic6fgzfBMF0ntPkF0O1V+fdt+34wa0ZgXbWAg2iDi3ptJgkX+SroTWpENMCGM2C1G
DvIpLxlrVfYZcH00FJ+iZqfI0RpvvReRz61ffaydG8gW4EO0nlCC+NHzsFNSm9odVwgT/2r4JpzX
O2frZ7pnd8aFU1/YVqLOxbu67saTToK9401qPIJGBCHroaAxqZVDUvoqRKgW3SoyxXCJMeZqT+wQ
aUj/hhQlVi1bvBtXpP7CzRHlgBR4J0ZPdM/50WnNUqAlnnwE8hLWBdJEIbJR2loqJ45NBpnyr0q1
rLFIFyjkxWYUe5d5ZBjL761SND42+11soSb9Ux763WT//YeSA/SfNUScHAMknyInhRytRAOYColj
Cc9J/l2AO5ZJ6FlhQTA40sdsFgJWocQl8aq+KqJW3EHcVxfHdKfsyvK+Q9uynY4avtZN7yLeWdBl
mZsnQ7/d8K2ybU26bmipF0EgBD4p07BCH76px71cHzKbCB9jLKo2IWkEzK2wOfSOWJPYwghzpJv2
xrwVjIdcNW13nJUiR83VHLVMsiqSmpBZ1tpx6+fSdF1lRCDUc6T8CKWU+qT2qiE1nKPNuL7KZem7
Q7uh4RXcWQRq5pKfMpF0DX1Rdxx2XTeALQIuxrAogXHTHguqrGlm5p21eYUYSWvB2WlLQWql1pl2
CXYJqnBUXfOvqkhM9MeC8mE63Md2wb2t5F8bg8+c0yrnPbqXRcoUHroOn5bLjlPyavHnZYeInNqZ
u0Y/zouGHQxymcVzrn6qlVCvc6uE2dvOEc0a2ftYFBwmplFjclD0DGBs70A1rHcbinrrsG8kr1FV
XNnojv16UOfyLa1BObebbTKhgYNGKhnFg1SVgqfSN+4nlI/qNyi+Th+7uMk263iQiH31gbo9X9U2
Ow3yHENmaEjtfVqGGfG/BOxmbDlpeZhGhUT0UDCvumK3V28ymo+Ss2Yrq8m39ysFoSViix2enMWn
x9P3zjCzFLPR6Un3Hc/kD/tMrHVT3+zUWfKW9yWwQDrqrsVZQo3VTGe4zQVT2b3Zl62RA+oB1DCW
bxHPBY2sBimeiRZ8p/IGP2SqqqAiWk8FV6s7GztZ2bh9pT5yN9HPegCSO+HfS/Zyfw0FhGaxzdaM
E/VMM1NtmwmnkP5dWQFdOXTH31y35I39yLk2g6Nt/V+w7umfGnwRdw5MWncyrzNI0UyWqx5gqK/M
0w9dtBWOsNF/lLXPPnEtqc6S+WM+NDnwuoje6q75+8aDeyjNk78T05OXrVtFcak0IeULclOu/FQ8
DSZ0Cf5mch7UVr1tvd6gXmlzqgUnMS9SVK/hEwyvk65QIvkqKQJfZteHlW2nSw/qLzBrp/uJmVMM
p8Hdm32IPRKLno6jI8ieVHbHVphNL/2VLQZmWVU3uEy48i3BiPHSMPC9ASTLtcUR+yyXgJNW5vgz
AP326a2YnTHvFwLN4RkSfgFv+jBAqxE457iicCXRNoBU/4xnecuHeeHvQNoeYk++4hcIYuRHtpFm
kbEUDAfkLFhVVU+AdZZ7gmP1CV4IEQDVlsyLR+IDVKVJBM8s/AAc3XF5IHpERxfqCm8yngIK3stT
N1uEHRBD/fMXB3BBetnu26XPU3ygeuF+D3Lm8MaSQ7kHRVV92zW38XJwBEqgG9hUMvblOpPowROX
lCICUHEb+S64n+F+mFcA50AL/a2LaepRUhmj0DPOrVW5Rs28qTjRtiluQ3f8wais2A3acwhCvJAs
TP6C2EI3Zrw05cczcS2JIsXiQsgkFdfticmv+i10VtBamTSRbgc+on2HDe6hRkUZ60J8vtI2oTlg
WoFN6c2C5vZXqxfm8Z/lnGGtB/uMzPbRDnOw4S1UWR2+mM4wSe/xV6nBY/qwdG6HgovqjQpcDmuv
7Q6mFne35Y2LvXF/vVYAjwGyJaNFfgOpwt0ycN2hOricsLzzPDNUIoID3MoBOSDx+kGmNalDbQwH
uhVlUa6qg6dyomblE9zhWfvvo/nydsYU6Kb3ox9/SE+d1EgAFAl9yYYIwN8rx/Uko/L1WpJbQl1S
23NdQl/QKOBU8r0fhZwRNmNTo0sK0dBfrFlTw9g5iK8hW1OnTOSOcoaX2BEmyHchatVXxv/Ck2JM
BhXe6cZMHJDxHnaSEEFbg30b0QY/o0ki3wpVQhBY5ATLc4N5zrqJOtbh00Q7J2tPwMhvNt7ajyzI
OIra8dDlOkDdiRpx5PYDrMHpBrdm5w7iDt9SBQOJAvMvo8g1y9l2UfBQKrJLFkUblvY0c/EpxN9L
mKXETC6XaTcyBrE2CUNKQ4du6NTFOEd08NmFbfd70bxLEe9tB5k9ceTwt0FgD3kQOdI5vqcKja6R
AscOb7/JCAOGaXQoaVO91eQSsNN4mV8SU8ZvOfcozR/VfvEmpyRND6lfeFUMT31vEF7SC2s/yzK/
WKw+VBbvjkV/9TH+k5/UjStWWIEibFADIHon/QRGDxo9DkzTFdpAZS/peGs7yNOLPMpwSKfSPFUw
MgN+WLZMVct/sqiuca8w2VhLJ5lm1VJSCLSJ87FU9RRM2PeoG3NaNK6hRkiu+JBjKvC9CE86LHC8
EGiGsGsNgb2G85l/CrGRgDPvaVQVZzUrdVBuEOhk0xP/lX+RfFU4X8RZ6JanYrCm01kWRlftZGz2
SXMBj3zGnGZJ3EU7VYu39nevo1LwmvAY6mmJpeSy7RZ3J/Uy9RbMxpekMzv3XIdXJDCI7k44g9sq
us+kmMuV7H7DvcVM2mkQCy7DrGp+UMxYZul2KZG1NlFDP1vhyCPvqZ8ij1bOcKrhe/ShuLhN+Fqf
idlQZdz8c4/vlJqkiCVafpo0HZPRdEPZmQApr1SYtayv2bzkjo2W93MpMUCYYVrT+a5+zfLKPg/Z
xUypUDc5R55ZnWHcjfg1vbGzvfeO/DRH+SJ3EN5i6qM16T1SlNaYNVib6S9czFXgM+Rbs1ucfRJZ
erV6+2C8cOGcZgN5z8+67AJAuejx5WsKC7jeG5Fl/kZKmtqyKhz1Rttj/ALySmmi4TESOxfTzBtl
Wefc9Bpri/I9Xgb1Gulx6YGbkcXBcyE7cLZtOjNAVF3dlJO7nbdMeFAZl96zMwxB9NdUupKnGwVf
GppnaB/nph0YvbSlkF3vl2guJS29f1uXRNyTsN0cI2OpMuWQJX5jibb/ULq8xtkhU6rijiv8KnaJ
9DuSkchLZ521g8Ob3sK+N16c0hpJMVlp1jXHyun9x26lldMbtbDyyvTDItwABzFGVINzaY/EOf1A
KjRGY787tU7GfuOZtiHwyS2ZZKLIJrJm0sM0e6892XtxfmaV4rTyRQA25YP+zWbPlpfJy3YrHMD3
p3/vbWwvEhfsB1XXtrFvm8UX9zDJw+nHxD7iQ/YHWR1RSX5PLyacBIVqIFU0J3Lszjb3O856AH33
McjJMSRHq2gROxIc+ctqA2NN23ucjZSm7rg6F+On5UkmgLup9srUzeVgEtK0L/AYOrmbsqREp5Jj
5zXL1hoII+FjRfVvHnCvD0VFfJiv3ZDHyiq6FtFML9JDjyOpjfg+f5IQdexXyUXoIG5NZW7BF6q1
toKFD0qnRsYtR9paKQ07KXm6hk58WqZjr5Lh6K5ZqUYNxfAgykZXDWf2e522ZYcOpDiH9JmfuvlL
GJcxODZJlehvcUtewBTpB3s+cQDcMX/OnOce4iaUhbH0MGmDagDIAfUMgVj588Ew3Tz+KbdZWW4W
YdpYcBelkDOVBDnRuLDlwLURqJqCUPnZ8K+SUpjy3CVYYZzfk64QsENYT2pzarrMr0wyQ89/lf/f
FcQ9BNgCTfTvOcQ1eflYWmNf4NzwijZcs0JGSF2wGZa2Nx3jTq/sfXDHcJdSc4gLuzK+hr8v1FsS
jdmYKHXkUTaGik0G5z6mARYTjrsEtQGtPrkEnTqiKJsl6hX9Eeo8YM6/1CFfa/h31J3BXKCZMTp7
2CGVwwh2hAXKr6dOJgShHP9hoOu2kCyF3rcKd/hTaJiUVjO2YLWpLvtMIpRJC3Z1liQVqIDgu2rf
+Oz2eBdYSuKueWxzDhfMTwRRf5l1AXdC7vQeyIV8PS1LQdr79+246YpDKm62KmWP8D5sGAxVqKJ6
fyESz/HZew0SLI4cQTJjp/aoQTvkqIexBJJKou/2Sq5zp2OSBuSgdOFDturQCwK5wVtGMYW9ejHG
PXp9Wd4qaO+wLH/FBkPuQNvTl/2YwU4p7O+ha/QUafQRBQyKwiLtCqP4YnDbh5ikEPcNSMyQCD5m
IqkTZOy470XkiOMV3leTaq4H4i8i1szlfkgjr4k/R9l6A02aNuguMiN4XH0/4UYP01mQa3a+2Ksj
HlTnE98UapTaMbhy0qiTbpXR3MSY75NYtkZKgaa7rkHi7kR6pRGUJaZXi+HE7EHazvzmCk+Y2VGz
BMd7cm+aCxpe1D45jAFgd9hNo13RXez44bs5NMI0EJyPrHWNQcBASV+xBdEC5UqkPkReRaeSlUKm
UbvGtUOkWdERoAmWP3gVsYs04YRSedtZ6WUV8k40X/p/irmVDQ9pUVDicu9jwjfjRiCGC96VwvRq
z4m88un4tEBnkfAPKqZiC3ASwF8JwRQoEOGLIBcyF74b+huGL5wfWh/oS8wn8CP2aNWtVGUjEMx8
ylqIWS5yy3JMdhi6FjUiSNPltsYzDAvkH4iPyAuUH66RWs9Kv4Ge0tz8CADPiC2GHMmEHkXL9e2L
XZM82RKNbZWugS5QLZv4V/nVSn0LyeW0FrVZRiwvm1K1N5zSb/in8b+1AcnKJtwGz8Yx9HlsMOSv
6ntZdcuuSbArkhQEF4w1UY/ynxpbsatSq1JdwO20aZfI82IfTjuGqwgjMj1pWHXeBX7k1cpT/6ZO
BGVCGpJSa3msItP1LqumO25dRccVUc5tOw1wsqPVYTcym4qsyW70ovLYdTmerpIj6U4HlIUpGOfy
bRV/TXkl5BR7GyEwplSYqIf2hS41qSBzKieafmOFNj21GsfLsyzKJvPO6TbmLOvQk3C2qLuk1bKz
CrdTD2r5DINatd9+jrVg/ZjZws6hPCalWoVbXlnXelavHV3ye+e3XWFKZRY5tbUAS1yLsoBgl1C6
uIiiXijfqKqjAKMwY/nYKotuDDsr2D9rDsM9Qs3KajckX2hbZ1tnnmeiRrEnflkcFNFQnThNyr68
9veyvXAVtSUvlPNYfQV+MIYQ/mw2aYaQ/rQ++Y2ko1MDMN3GnoM7MyyNbhnJsmgCLF1bRBDfx7sM
WkZoEfwaV0ZWqNrW0UawXqJyzOGbYhxpYAlwBZVtA9lxX8ORjJTUPssldJzmRvontqZChzkVM2pe
1T8g0S7aqnuDyfoBroaFGcI394dl7dm2UoepqiVeByRCsi3F0or7PtZyhBLNpHhb9WsRVZq+dCq3
69k7eWNs8U4+yHKOSd5TgxvwkZ+0QqlqKFqZm2x2N94zq11OgoSGnMhr3LjYTIIDzmalMFaiIWl1
Rp3FDzQTHuAxDmcnpwXRRCEZ5+y5xIA1XgLLcBVYlURfTM3y1PAeY6YybLaP/3K51hmY6Anq8uBi
oibwsBDBL0CtFtvCdkVuT/8y3kvElRg4RBS582co5o7FgcbvrWORg666l8fd2c9xEDpmtK+Z0EiN
vnzyoOP2kX7koiiFn9PrRpw7WFcVvQWf1LTDEidKoR/aJL242kI4U17ut5BCToSQgCTkKFND60q0
y7tV75luPFuKHY3evWSMtvqAZ1K4CPz2JU80zmWrGyKDnSN0VFT6O+HTtFrCfjh1tXH2b6ADV9BG
duOLTfMLyQnaWHXHZLPVxZj+sp6rbluuHCaLP88YWCwcanqJXaGYNiGYKjDwNk3RNJt627J0XejU
Vn9FvBA4kdRF00NvAVwRihgg3GU4I2LMhpVirNGKIMWN/oBe6OOeoLbDZA9+oV362e616yW2I/ZQ
fOuokbj5bTEPRXbS1W66iKFWie4QLqSiMSsT9Iy+hoqS/RzBxLwxCd88VeCeKYhC64GM6B0jLtRR
jEAuWF3DHEIwp3BhRwFPsrXt8ayPwQogOv/Nhf2OwD2K9oMPB72DJzBMghVkbazE03FOXxrz0VyE
vj7ppo0YPQnuoIC9ftxjp+REiTGyIHQ7rZBXY2yLtwfqgMXBezXB7KsxjutChlTksHPIM9GnUgXq
2FPADpItSHEzLCL5Tc2ZeA5fgSKl86U4hfBpxMEIDSfNg7/aLapfx8SRmtnXzxuO8G0f30OusHl7
F+epjnqpt8T8wP9GkZ/KH9AN+2Q7DkvOnm0LgylmdQjFj/V7cEdtoOoOQ9P76QP5slqhzBGhB7rC
/xFtx3GkwA27ts7baz+Ch12Jx/+Mqnw1IgNyczwrl5y8TOhbUn//JAB3ahPUXXK1JawggrqhXqFK
DP9gmSSsHeEsYGImhRWOYaDu4lDD/M7yBe2MeELdNo49lEbRy5YSy2VPmVQdkoC370VbauD+TjTw
/9LlHWrVcNPMkxBXtUFOMXFavEWiokm+vI3oVUp5rGRLHzLtwsvSWHDfQZmRiozSHXOXwpz6nZ3S
o0LEOs0RwAzeuGNdR5yDwB0pDe95pBGDl/j+Yq+IbmAOyB/9E4m2908q8abFvEOraItYI7Feok3c
nmsvsku8gCLDkJsAV8lDpj52I3BBxd6Pwy8SpPVDM8mw7/QXKAs3BNkRSEkndY/rRvJDjDVwSwQq
NP9V1+B/lsikvCPaLYtV5E6rpodU+SmOylliAdsQ/SO8EfsIGUb/4SEhaZp9F05RGG7wvyxh4TAM
GxYujYQmJnikdEgqJmPBX5CMXTyTmhW32be9uFuEmW5oZGg0htXgVXtVzVfOTrFL3VUJiOy9ZLr8
neRcMqWprnTOcOlayTHsDl3IhIxIk95pBmfs0/w8txCxsnmCWWGRM7Y20Xsk1Uh2ZCzhZxX1CP4U
llVzCGD+AFvhL28pzLsko5LcUODJadJl4UdCzla1W0Y0NmKmayFj7nFW6ZQ5lfyx+tFcYznyHrpN
Bz+FHd2SAK5GYKKyyujZVlTWPsY21tHjEoG84lWwTGHlESahCLsQatagTPSFutdo0fxDOa30wvxs
xLXQxNLYprShO9I18NuxXOLvkPtbzq5ewZCiQYW29jRd6RLTMN3iDqhoVX1NNI4i2mLg5TqkdNal
LhB9ccC6Esw8WEWsFGka3Mzw1H2a6Uzeldxa+8x1UC+rTxmCc6azaVuQ+dx6tW2fuJ8kQCnJQo7t
gqrs2OwQ/Io76bYqPCmtGeVhpTzUF52JrXHdjdxN+V7xGX6iFEPw2Tyj7Tj2OcLTi0NXLES0yC/Q
UYa06TGQWwbBH0BHcgHXNvSGzwn8NtDE80HOstbdrzgGTI3R5a9u+j3hqXA3T/sqPaflLH3/Undr
T2aIWZB9++ivb18//2iYUqr1EhvRmfs4yUNPTrGFsoZ9qfQzmICxLvFpcYbOLp5rw4b+NmSvpmjg
mEe+mlrHmYZpzXHQfeX/mmxv6p6L1XnwIWl/MqEX9ZiwgUp4Bi88DfltrblPR8L1Qt7VisA7nPlN
mXC/bOhfTra/rWrfUyJLo4G6lfDavEw1sli0/FQbSyjm8/eQFVgEn7/95uHAyD2MlNMd07wDU6rO
Dri1owj7yCs6WKZVrCVLP5XXeYYV/zJ8H3rj/Mn1EZnOv7ep417NfHCbx35jgZbkwvROx5n2Srl3
mx1/FJmY3ubT2ouGNabAiD6vpKYzsnk+rQYjP3cwvRFB9bI1tpr32T3ZoGpH8llyAhLM9BOZVcog
PRW9pXwJUtfVRTv6aF/4IIm1EfAVGDaDw4laDjFELEOBlevL5M43F/uNWz4Y4aNiLa6jprF84hZV
JgaJYWgQcb13nk4uXLWXAaDZnOSGX9elHvmNxlHtBtDDW+sZplkciSPvIJODvSXXqSYJ5U1uYeuR
sNbKPevOfK4gXMrLaixs5C7grtFS+bsfsxd5GQ0nbuo9NTrpuFZw2bhBH2i/pJC3qC/thPzE3db0
wcpAdlxL17ATbLMsdYoPLtWkvZM9rN5kOTwsTnEZiRw93nrxzmFSkfdbI5TD2rpMz0JEbeFFZmI/
Es6CjjhqNG31yauYwdjWVUtPYasUElqpC1zBiWt+cwraBxlEtcVpD1Yf3gHTJeIZK8LHYQHug5EB
23xQHaRen8qDqeNng1QlAn3nOMAhFePWpTbeVXxNiTbCYVweHz7n/ZL5kLiOfmtwRP1SMa/3hFDD
sF2MHd0SkXyx8vBTljmTDVAONto2HZeyjlsqAFuE80ZuTtMcaWpdfno58glR68f4NhOn9lS/h/EI
5YPXyKgagR7JUddJQSJ2m1cUctMAVjX3q4BvuurJS5ljJxJcWk5r5xrsamZ7yEuQ/cT7Pqwk7QbK
lXn3hwteQzI7QjvoGzfV5T0sjD3zETgFrPoQSzdsj9OHdmL61HVvLkEFQPERMDlsQoT7FO4Q60Tk
MlOnfmuU4xyOJMvG4s2pzPhicZZnyjOD4VuiOXoLn2bBRsuu7ZzMWl8cwtq3Md4l+91QRIlN6noI
a9qUp4OMrnbq1xoQYwb/FXpvLwlbo/vcXhzSImRoeb53LLlhF0RRcE2SYuZWcd7/tV+uAOEeX9P4
CbeTyLeag7Rkuv6sGiwdBz5SW6izjOAPrSH7pYUwCBNnCMRYN3vkIAjLEW2CdGtiY2gULmKHFSa8
HeEInUmOPnA9s0m4HdhJrG2ke3dTaSkEvitg0PiI8Vtr0OuRvJ90U9xSGpY2r6lDIDONZmtNiaaI
ZopL2q27JQKyZ4sgYDy4KG4pFHjnl5R/RuKT0qLWnX2if5XofGwlQipp+bZmlVnN+UupS6iDv07l
lv8mwa7krIsM50Rvq8CL2GK/2bRIxP1F94lxNh1UMVJ3ZTwK45AboNzWt1FurfKllUBKjSeV4ITA
Goed8D1AnESwyL7H0aHyIaYERzLJEm5Lt/4gdGB7dR8xjUju0/wQd1TbVK1JrJVHsyydIs00dLb8
UD9T/fmjvKTeKqLvqpVhzJAgnSDOGG/v+s+llSjB6OBG3a50PLpTwO/gFtnVhdwGBBqJ7ObuztfD
Z4C3FuZTbZVjdRMVnDHpMx0ynFPK7vXvosOL3A1RBPtHRFHhT203tCt2CljeQc/hX7+DN4AaGPVI
3lCNzI7MeUxYyR5+5j1To2pCMIgtboY1qbYYOkVPhFM9X7mWeMrxmTPlxkTn+LpkQzh3Naaluso4
wqJn5u79/DMKbrH/sDsGD0ljozUK/iGtI8o+9wNrB1UJl4SwLjBQAmtiX8lKUhR5CwYROfJk0TUE
Sxwn/h11jKQR/m8J2kLuoSq96TybvGm9IkbTOvA6U4aSCF4766qhCyNfms84t9x9zNOCk3r24NKo
p9TF9wUKFvkWuptiqHwtwy6QhDJsEuCmqM7MNXDokuD0VwYiZ6xKRtLguKHPJN4wcX0a4VnDYLam
N4IXYppQi0OS+wc2rB0Un1i3tD78/nKWMHzBwCGCH/LL/WvyL/yfhrhSfHFHCso/2j2AZ8bvb/J7
FCNIP+tLe9IIP+DveA9B/VDihlJo2BNt/ThkVLR2DiYRfGXgt+Jz8oBJORS5/BPIT3FPJ96o/kVZ
CbgH1w34Gf0LiI871eJuGYcRM+VXxQLovUqzKi9lhw06E2r4rCQiJv9Ze0uTnkVKDjgTsUU4xz+y
M4HbR6iTq/yrD9YQ0FFkZIpfoa3gPyVbYiBhMmUfizoSSheSN7oLCZkKZvK7KpvVVAqbTofVOMsA
3z68uhQsARG0ZwelQs6gPw0uOhQSfiu20lvUZiu8IOBANU6NUdED553B6qZCSR5etwD28j2wMKlK
GBX0CufQBGlvoi5jb9G+svpM2sdYyrr0ucl/lwipWpxtrPo/tl7VahshgOEL5+eUu2a1LrlVv4QO
WmXFBCQ1qycWXSTgNW2LP4pFMUkdAp/DrDxf1dZRPfh2vd4RPixAteuX5IOSKXI54otYLDMecQ5y
TEsu2X7CYm54iVcvajxoL7ZHiHdaX0ZP7nw8EA2y0M2jbxtt4HHL3grcjyVBGZPKeLjekhqHUcbJ
VHbvqYKvVaGfBBxuy7p/798tmDb+0cVWPwFP7FW26vaIJBp9dMrD3ibIwTCBVKXACC2DdhZxnf/6
9GPVm456glTb6YNdHKJwU7KfQI42O51vCgaPncteFQi4f/RyKueTONTbmux1V3l8RBDu0aBHKTA1
7EfDKUbzr0ltHxy8YzoYeUMlm6nJIeubbDZKoA68vgoZIxp3LqTSo392zh8t1QLQ1BmYql/MVHdp
fVCO1aSuMkr9KD9Nn1mCqEiNC2dMUMLwr2baqJ4cHamJKMGPHWoCJu3q71h9VpCd7bzqNeXST9EV
fpJQnXGrOUYXukZarkaU5wo6VSpDem9fuGSqgDpDsWytwheSUSwi7rOIILWptxtLC9AZmJ/s26zC
STLWkj6JeAUaATTGacWB1mMHBWJLYsR4phrNUgvrzHYmOiI/2LysB7iwacdidsPpQk4R0RBn+fvo
ReMnHfee/BQZn5SQL/pcoVbuwX/gq9c9Mj0Qe+m5w3+AHhqsyQ4RiXdv9Ia9xMUWQYqRHsH9w7kB
PeCwQy3nKKW0glXNdmatx+qbvE65RyydIOqVtcVmfZ4NvjnPoQ5JCXndEI1ILXx22QGTE8fzivoX
1UG7YLjQP+r/st00zIOpuTOKxGTJuWK04114IUO2817ILdgo+bBAIfJLTdkA2QpVNtIWZw35OQ6m
QdPhOOQKILQxnTmlQ9XORuftIHwe7Ye9hs0+8EcVHPsCiQMCJv1PyLmb3+wLDhiOaAtXU0Y8o7Vx
dudkxIAnewtnhQAlUsrZ5IUZAWyCPAGZFsTynwLyfH9UAvpB1UVu7TLi7KO5qZkD1E5y/GHwm0/j
RsgjqqACiTkxYJQYCZJZ7Cv0kWli6alK6c/HMYnSQEVmHEXYIZ5zIMLLBiYRRaVFdouKedINPPQS
qXwfcL37tayp/ejJA39y/0C2cdwK8wENh+/I3yF3RNghtWC6ZL9h7Qam8asQDBftJzGJMzfEl/L1
A/su/gorItWmcdCzHKi9GFrzrIjcSGz9ijP9Mv3Fqfs79mcmuLWhvc0fQbcB31uTMbsBAYFwBv6C
zIH/ZNaj3V+mZrSisTOmCGwEIA9oH/nK2daVKVF6kp5zWYGfuJ7AgkJz6KLp6/ZVqajWox7MovU6
jsIlbBH9KCdwO6i3RXXVc2XQo3LTuzPqwX7A8UWvQ3sTHpPZQYYkXRLM0ykuYIrZ1rupOT4AXU1u
RSe5tJF9Y0XHhuqPzlnet459o6uCiaodVXEe/O85y/ydZT/CvfK+N5mD/SIlXejQdItZxKJG8M7D
JssSGEDY+mVWESgB6CaUIJYChCg6gsUq4Mi5wnujbZcRhps0zsx5JFo8ZD/tjMkLcxuSvBHEDHzz
p0v5N2CWC6rjsuWaAwpldx0//5SBQXnQrWYgFDCecsXoKgyWCutMijiCKNmX8ZY5/N+YgVx8Jqk1
5S6F4MNeY0klsMTyhLLyGiIVxMZM34xGz7Uedxsx0VHEyb1ok8K5pjpGvQU3ZpwaZpvQnuzq5aIY
BhmysSw72Sd/THnJV54+csscs/LVrGsbJdxLDymPkLBSG6MjDJ38YU25uhCdoz4SexCqTWTO8JmO
riVnr7FRyfpRjukOVB3sCODuS59Oj8Af6B6symkEo/qHICNooXEOlxIPCtM/6TT4t8cWdQoSqx9m
VTFK7KB2MjE7qh7ZZLvq4eq5zBrtucv9n9Td6V1I2lSTs2BPTSI/hc7/A6HqOPDex4aVoDhB1kg4
l0EQhB+T9lG7isUsJCdoNzhpZU9T65KnU/0UruepVXCVdNsuV7BW4PVyXMNItYPn95Zra6GggyMt
5fnhVZ8Be1Co1aplsEiKqXrL/oi4i6qngCJNqfCE6KLGysH6vRM7LME6RTxVf5LHk83MWRcPIgM2
N7btKMNtM5ulerT6hLmkuTbt10NX3Nh8H7WifWY6C+FOP1IxVgQjRP04VOgkzvNKeeOtGff7e4oF
hbRGVS5YhvQ07oylYkI6wo6XoukONEcYl7ClIx47O4KD5YeoicHEmSYzZ7/UwuoDjFs+i169dcoc
KoVM55jhnFnBhlcRamFG4q6puC1YQEZAviaYewyDfmw3fUwiifh60hyDi0ifKiNv2JN+VF8WLma4
in9T2EXNWfK0k+odcLZwiIdeYnBBkMzbD25G/9aWj38o61rwfy4+Za+KALYSDPjQqOEic9SE/Ibx
OvqC+9YOW579Ia/XOIFD9tc2QQMcMIhc1vtpxo12DvJRoObloHAn+ozRsSlFPKOThizaSZcO7iGh
dhKxM4Yp61/DXxG8W4ANeZB7sLOgwjBC28HQaBwKeWJG/EKke2MRrSe6+pcXdV28kcrVU3ZtDZG/
mPJLA0aIGP/ofah6s2GY6SKsnCZSX99zA9tWhSVAVgyvyG9C8az0FD39Ld226bBmUjsFI2ARNn/y
u0U4drg6CvMcEvgUOOZKYDkrZ0OqBn8zAxu/zd82Wz37clRaGIwCdpRcmJfM9ZRfUBw3Aupcz8Rx
xKrajkNylCyJ7ROt1GconrnfmjdpB/NyjVygNNPoSm7Jylb3un7xGqggLN3zObE3F983nXkZmznW
drCtbBtESpFd7HDS6ofNmnms0aNJjJ0SE+tLrY0WFa+jr3cBOGrxv8jtUW3dYP/UTg2f65SXxAXz
9Gz/5A7Vz7HQU5vJ3Jg+wT6kdPkOGSydfFGMaG60BDL8Z9VBrRTCNXTuH0KbsiWHAc+8dIEpWbq1
6WF1dF8BtjJ86CnwuFi+6opt1sk4MgDQannLkNsx81KciG/Yf8GWMzmi7IE8r9ZsuzO4MEnxzU44
FuYocr+xD2Euc7/lon+c7Qa4AiIfYHKr6xtk8clDvbJnxgXVMO/klgPv8wK3zuFM7uwxy7knoqX4
eyTi7LPyhwB8HgjPRfZhvl+0XTbFBvE6uhjjEMpOQAtEFxu77+pBPjx/df9lQtG9x4CUxoS2MOgy
wN+LChA9oRfGFaJ5UTq2MmRxwbuMkpzF9R+H5EGp6WchGXtr6Toton8XdxNMYH8Pddf4/wRneuOH
80vP2QFfhas96QniFxeBEhUUja/pC67jLf9bx5JGmQHck4Ca/xP+nk1m1Bn3CISpnitfidTJJjpf
GkW342nNssrXx5pFPYiy3UcjzoTgM9gtHhMmrKb0YG5AszaFCn2HfYUzx7eg5QbIFaoNywtjVoBC
cJkPWxY1puWOYIXzgGxK88VhSWsOvRCEM5M12Bn+h2jqOKo/RoXQjW6b45DU7++330nQiISR4JBo
uhg/rLCodFxyLOgI9ijxiObIAZXFmOsNvgLlKYER0ZmZKwFTaBSfxUz0KWKbjDs6Hfqm/x0aYwQ6
LcROiDGVuj9ADXAGAUiOPX4lMK0Ui4AuroikMUzI1rmDSGDic9xFLSlFoyaPsR430VZOq02qD+9C
MAsxXXJgn6TkNR+731ssVyg3+jZVqf+PgN/Jjr4M/rWfryEWHtygzR6AmMqDoY0sYwpzRq6AXmQi
cEa5g1KKOVjVWpPAojDOLS/NhZFWJIyitGH9pOvCL5EV2HPRLiG2rB9dcNFtn3IUrJGNJkhDfDd1
QD+BorFa7lp7MqP7Fhuqhc6QsC2+dNDDfelCAjkFQNhvkhTCjB434jS8Zrqt0mRR27V3A/9r1MEd
MxngNhhd8qcKoYBwMHNMXHag4ZVxnwJ83eMfHPlg7mB6WmtKkTEQE61DwHTCRlTHnXq69z+8Yc5Y
Zcjka4b2uEFaWf9H8efgKv285OeDiBFUjBw7RfBjO9CVU7+UthCmno5LscKthqFO5ojmQzI3Ujf5
SY1b2VtlfTK4QZ7czEGsMSF/qw/D3fnpg++87+Ls+H0UP9VfC4XE/kBv0lSIgPeTRNkDi0vnC+AF
VFk+D7gHsAcvEoVGtSWZF0XPOUY1J5ncM57yrqpwtFdmoOQsyjXopuE3f6cQoAeveFl2wUHJHnwg
8c+SKOEqYj8hoMPdRUtyXUWyH216rU2x1n8tOq2aunLnFH6F+wuUKSOS6Gu1nqWBkrDmphWQmUyd
mjELm/r3Vl4f/wG+nToiolJ8QrorABMcKxLyehNWKz3K0cultOJadDyFtTPjCS3lc6YPx1AxcJ86
AmvcwS4UKZsS5xeVqDrx6Ip1i0QXYDSb8cNFl6pYvRJomIel/24skXamGzao5aVC+lZC62mpRrmW
W/FWHEZgkkhbBB5mkKWn5MGk+wLQyOeyak2/lV9Yr5oaLJM89G6dYsYRg9YsaFaNpyF00l7gJ8r3
DLGm9jEsXm+/vZdYxbKsA0tWOfjZxkidaeqlsM3fQvgroo5Dxpq4WfW8YpSmHCIWMZt503Cya3UO
MeN7+cUcc2a/K7gOUk/1n5d2tJ5ysUTducM1j/7NkV3bL0ncyTYOJF5iDR5rfL1jgXy8NvO3eAca
edV3+bZaCZtXCh1aQONBp757ihCQxPdXq9vUDLkzN0Ntm3gjbqbFMloI3jGuZriG0GhonFbea5KP
DUbZP/VpOiQIjeuyCjQDs63o4iApAsWKNMhR50BrusuJu9LRdlao78Mg8zFVPxtJMWan6ltW8C5j
z1JiaUTGRCK2XUVaS0mhls0149Bs5BY0FknlmuU2zFGsGD9hjy7yOfLIimOghLr60m3FZN7OSjLv
s3lJn0hbhrnZf/hdB9/1RVoROumbn5ic5ML3XQY8CL9rwfSrIPloU8H91d2L7PQz2nCX/Ur64L09
aBqPMrw1aeqaJompacF83G5odXGQHdTUDB3D3ENenQ7s+Ar2QPgQ41f2Sb1zqW/Vh7eSNxc35DLx
Ju4do72F09q4Vugih2pFyuRFPdT8bCtJ9dtcEXZNOm7ukWhOkeTkhqIQgzzrI6YVB+pKcYplxkMD
Kic1OU75h01oOcaV7pT9m2gysS12Pd4JbLQYehQbyn6uAZX9F/8ABkbSa7LSz8tU27Q3sAc5uE0i
7l+YvRdbiM4LHbUgQlvYDtSE7y3BCfRFAEjAcoJKhiH+N2Uj5cnfmdYFMp+lnfuF+o4GmqyW+Rrr
yHCnempwOfCNK49zowiIqzooTtMeJkBPU39CDG9F5U14xDEWik5VftQr9Guo+AEu74fJFFK1QKeD
+EBaTfyt7onCRiuAL/U4S9qSZOQBl1RwvPIh3o+HrOpLBCHcEe8HKF06Swdh2lsSQ+UOZFNA5y8T
FGOi7S/G4KrKCiSU2BiGr5RubgtbmaXPaYfHKdUgTg9LRF8p0tPAUks5wb9dKd5rjUDAcVC2PJCY
2KooOrQ/IZK8RQ+3r2dJYY07LgTcH7BPusnxLh6e2IsWEGprmi2GHaSjDxhfxIC0Lqrsz+zfBFmj
r/oojd6wT/rHslr8LtYOrmaDTaobkHehSaEj145DkaBHLIHEVI6H4Ed2thgfPjehZV4jrhsZ9IrN
AdGcyIvyge6drBBbGTat/6mw5+SknnKeYk/rhVkK+RTtBEhFqHOU4SB+qvtL4h0gT/A94kxFY4i3
YNlNpBL/2SngyOOhZxzWmAkl112wN8ZMAmcGQB8EqCxKYCo1KTuqt56sjOyE38qiM+toqGdc0pjS
jtAhxGHbDdAbzwXxh6k1uCWyLuAK1T4sQt1rD2dRa1/SHtIt2aFSmZ/N+HFCfCnnlpYo0SaaYUln
5OvBEsWfDiBulAEhBVClzgS55s/JGj0urjO+K5Sd3ZvFFAoygzl2I6SZAH4YQyIGb/yrKwn4mrtP
dYL6UV0e4pneIvId0yo3nFRbmqdSceyDXiedlqJC3fiV1Zmwg65ThjPGIf8b3BRxCUR9qF2aWpbe
Ln3JvK9yC3U5xMwxJ/dkKvxuvplhHYmfo5vTxh9uYEzkGgEU/dTOe/gwrZHMOQG3Ct8qxhqwo+es
XHASraKjXOKklqW1fOfuxrPUrAe6nD7jjwRbjT6YN5qZc3hoZ1Qj5UEwrv8Dg0mIPoVatoMGtfHE
6AvV50S/YSYyx5H1iHOItw3SKEt5fPBgrMF1h2cZ+437h/0V1Chkr7hdMApdVwVunhvVq77fWYWY
q2bWTnOD8TW3LePamUiTSU4u/kG4Sa4PeBYVEPioHOBerM/j3hhMI2xcm+aNPDuJQfwjNjz3R/xF
3RkRSMF+6PEuNSkqwfLif1m6PKNRapG6QQyCI4m7Yv8ch9JDMxZ9llLVTTfjV/FLpW38U+mgvJsc
YNwTMGb8b4Ndvsja/5r/0m2DjYOZh0CP+g4cI988yS+gMwVypDiQqBK2BOylzTPikcsg4TT3EsKm
m7ZYd+qmwC9fg8DDILt6p/bDmnZJp0m2ZRMmo1fHNY9Befny2lZTpUXQQ1oL8lPoQ3kr5VL+otlq
0bby1bzPxHyZpTOzul003yt9ahnx+cdAylkQGMeHX8/KXRDbWN1aW86O9STD9DHwlOS0YlFpNf7E
7UbPtfslvmYJstXnec71jL15xLZunaPnk+1GZKpk2WLTLZXMgjFnKRI0bxmnrdW08eVmtWoDNmgT
dUoIXaP17J6CNMaH1TSoY0dB2rKh2gURwwFrFvQU6/pqm6KRL8ckl3tHgW2JqkHN/ckbJmDBt9lP
RxtlGVSAhUdGee6huYK06wxW3TTzakaKz0LUo4qA+gnw7gI7zKR7LgmuDfaZh1+6VeZZrr+2De/f
+wRNbJ4AO9PtJcQvMjq3RAHdI1/PFZH+D8KfP/mUAkJ1FElg0WBNiJRU8sKEyJ6l1+arKMw+SavX
gnrnDG3EL91Rp4/Us2nqJEKcRr6IrOa1PeAOKFU0kZ8bUyR/u09uYqFRMuCuxgiShszvs3vaPF66
0qKOA+ExNY5lOyIFudb1dfivtDbMDDWQir5kjoOqyVwnwu0HpMknwVtvMF3RbFIaeu7HBhOJAwXX
rUqqlePXu/9Jl4Hr3lck/CU/fssh+K+tvEpHHCfdsgpLJA/rd3GnzjLujdZSsbemeN2Nlbfec61t
rJXit+zPxv3roljMh0nMyX5p6mdJwM/LFdMuGO4y3kQ2bvKa34QhWBtLu+No6CQm6xkNHBPWyH0t
ROEDyKdL8spyVDoOlVXqgizKrM3vwIZG9sajejc9b91LL6bGpe3XnLQMPmf+rQ/KRM7qOJ/K/u2f
1HTtwfN71wFiD4GfsiKFj/VvdzHec9cHGqASegQQ4j0Nkjr9K9qZE2BqrkdcC94rF/NsL8TbYGc7
vjCq6CATUW28+DfNOM80cwFoixK99DOqjzSDQCPe0/J4fM2ggQ7giKi3C7GGS0Y9VUHBn4a/jGXZ
3ufJID9GYCBYP140DCgXP74pQTQEadN4/R7TXqPTgaM5dBjQHxZrqla4emTDUymRlrgiIASKQWEI
07zvgHMDSpL8N22IITjWSmNd+0wtpQnjrxOxngwRGJLvqPj6cjFo9Ek9ygTYqNq6Tb+JqR87GrEJ
wgFTP8EqNMg/QcO935SZzCmPEOrQm+MEeXJpO1+OS94KUXtAn8ALRBXDWAhYKcf6NOSz4jb7u2iZ
xyKQUKvGx38NNIaqfaQ4Mv8MbcWwZTzHu2PbU7gjR0QEleSrWcYl5f1c0T2AuLOCxDgIYLatl3nO
gXEReGB3Y/AG3Bm8QJIaPopXCo2v2U6JH5S3yQw6l8UBKAweqQmH2hUeIpQvO0s/JXSxMapIlHqJ
Y+tvzlEmRF2JPOUe9657ztkodLBpRkE6Rz3CNWB853b8TYRi71EN4U4v37EcbO4VB4S48aKQE+7x
xisOK4K5ptEUGR9C63VdE56FN3Qa4hNtA8tH5VtsI0wRbdyPG2yZflQ5EqiGn5LYHIbcofEHdQLu
sh6DxcbyxF0eZxGFL1y+OYJlNBgH0AuJ3ILsaR9wvqPPsS2oXKuJk7jjt8U44xWnJMcJlqEOWEZs
NbseCyz/+SRaxJeCH9V7ZdTiUfFoGqfP1VLmDd4RhwE6/io7Au9z/uE9eutX5ed+E75UwwtGlPxR
dct2ZLZIOQduJpKh7BUTwBNYoN5w0mqdFvzJ/tLuDaEPfWpdmMTCp1T0NpRWYrKMbWhNA+yQziLB
TdUnjUXtsu6c/qkCogGia/g7EVIGJS5SXE6RgwGK5GFQLV0OQ2fMRx8kmp4mX9c3B4+Mc9FYmeiI
cifRGcqN0ahtHyQrlFZ9a0N39X3SzuF71uX0v1V1XRwFwj5pF4m0LzvNX6PyRL00t0pJo1yRxLWb
UPiUVGzj8kc3B3cBNet6Jn1BZhNhTVaNH0/0dH9t7KFo+qr5pi3S4ROVVYX+eGbEe+bZs6jUoUT+
v1g7h1hhuCA8f9e2bdu2bdu2bdu2bdu2bdu+t3+bppt22c3Jm5N5ZzHJzGRWT6ljeSfQYcRhSCjs
hPeLZZJo55xhy7yxXU8Na62gRrgbcEoS1dFjVyEWfymhxDOkuyYCkpIvxCbVYe7+zyTA4VaGmzKs
hMasZov2Y6t/rYMkWmH1ZkAjpGDjrRxH0Odkv+qxfS26GwUTsa9TEmQJRcPkiuUUGJfC0u0QJ8Zm
TcjZti1PMaUOjlJlAN6yTzLAPPULxsk4c+xoUXcir+6TaklQ9eKt0k3I61KNmhjU7sWbVeJ8R6hb
ZlBwE2mBK7RNm0dDbVLXOuVimyRD61for2aoUY5D70u+VepF4F2GWQGILvOc2/ymrotKHP08f9oL
ZRBnS5tvYAFQtu044/WcOas1A2OTKFYYutopaganNOi6yBP9ktOzX2rNacswy2pbau4zxyumFYVd
+FFOjfjnSMuwbhmQxyZOkXWU98iszu9RAKSbokPfPLicwwsq0wYv00v8hqVelqpVro3fv19rAXbh
DIcp3rHta9qrv+xz7q6aPieib3+f7ipop7GGvRiiGRdfNz7TaIc2j9nHLR6+HjJjOR8rnzXnO6Cf
77wbJCEWAVt9r2KOZaJd9Cx0XpWm4d2pvyq4Fd6lPnRtK7/bvtTfiQXsfKHInI4ACQ6dWa6BbO+s
K2l7DsO+L1vy6J6jGZizpLNPwIOsaYZfoAShwFZ9+k65X+ZtGlfRP1rH0vsUI0NrLwaO9hpzu+6G
YgLfvmP+G0Q5VQR47wUicsGSt8do6kezUg+lSFRTFk81tDIBsY/OSDG04W8XB+5H73y5b+RbE3uZ
CfbJy/m6XoHVa/FuaRpsZJ/UeCpelFnaNkylyCvKyxwoKcAUJyGxKciq27RXiju1ouotbHeFB54f
GfouRjojz/rSRQAD4L/a7BQeUubWSq3bR/tqS/Jqt2FNGLEfNJpqXuHxyJgaDAEeFffu1aFdherq
pHDUYbnlJ5XwRV4YTiQSAxtqt5uafTYZGL7aRBY9uiwVpW3K6j7kINaXaeKRYRkjRrgxUZabGUpK
YBazk2tq7a3tFLeWcrsnsffGw9FUCHTBbr+qyHIajbXPlNeS573WoGyyiMZXlcOmEzrO1AqclCfO
tnSiFZiduk691VDPUjGDl5EewIijGCCvOnPp09P+L1KZ/ch9pESQ7b39MIAwD3xh3vBJrSD0f6wP
X/i9Ao4gMOMV8w6DvuQ81iXmNJ1YpbLf0D7RyAmphqtMKo1n6yuBNJEd7TmRP5We3zJG2kjEpl2h
F5HiC+HD9P7drAujNYLGZD+zOLH5pFkda/AO/XrdgsOU8YFvQBlgsY9yhGWC5YF8CtLngAcUyyjr
tgtyz9DSehGgSfgrUmuGNtJ12mFMkLEUuUdAkVGVOcGyRlWmEA9wa8w7lIt9CFkH1CPZ6JNH+GKk
OUcf8U6JXU+p+HMl/u/EyL9qag8Qy+b34APOzpjE1NgBuuA8RJkBDkO/KHn9poaq4koNaeJMxj72
XelAyBbvN4FwkzfBRJPEL+CHRkfcNlgYJ5zFdyIV4c+Ms4W34tb7ZPNciQbfBOdNE1wfavT+yHH4
gRBBq5C9hq4BchBxBivxHIU261EdH4dH7QL2CcdUunEeJEqI/MVajyrBadNBkigPGfJFnpKfxc7m
rYryo2CdIsp5XDv12aw0jVvOib/cDw9oPbxkHWHwkVpw5PCrh7il1ci8g1KKSyJ/Q3NyZVFQEOrj
YhE59SRtQprS1f5y8TFECA22HxCLSI2KFaR5ZgcqZeRlIU0sP+VsyVIurJtsSbv4+vc7LqQcTWrI
BhQGOTRwUbVJ4RNwInoSjP12hnwVGOGIeUQ3kjd0FyKlxXOJmBNSTZjGgpGUbwHb0h7QfxXnMjqx
OzXb0lZkdYpKFyHVEpk10fHkOmpD1coD0ICr9EugSJE9Mz4zgsfeUbEtGh4Jj0OKwDOQ5smV5g/J
0BfCm8L7ghqoN7aabBuqnURAVHiSfLkvggsT4scrFGEMSwhEylvpZfaiL1qrypB6WkO3c7TzPUfP
qDLM1AexyjMMLvepGSWp7H+hZcuqFMTDjdhEwj6U2Y8q17YUEo9LfdglJJCEX2nnytSGczJZJc1O
/zC0VDyyETaIVv7RUt6FkeZ5IUcscLoX2a+5EH34TjL8gAVE96y+Z8kTl2aVFOohbmdS1zLmNfCk
Td93O3Wn7EbSOA0dJ0Z+VToA+k1arnAK0MxXgYKf+t9WhUHkBshgltIna9R60HUnD63xIrOc1i37
wKPhx2GkH1a9H4x6Tnhbll1kOhOXzS/iY1H26gdNkVXabeFRsmp2ZpulxHVD7agtXw/mvyWZup/8
NRcVlwWQbKYsfvXjbd4xql8a7/Br4LzH5FJzgU0s9CV+Od1i3k7ioSBj6VGRFnVOI5uE4zcoV8oz
F74kcmZkWdap+qVBu5xaMrEc6bg5a1PtOGnrXTx9zWKkopGA7GL6qVpA8zFrww+Jz6fzk8XwsOhY
QBxxzTQ8+5RyaAIcp3bIdgF0jiIubRgwWwXd0mxaZ1XtCV6b9pmey3ldOGNUdaTpsEmfKOaZRXeo
YL2J0CDV3AF6XhHwkRo3BUXNimZip6xYpPqYClOOO+5Ny+gYpGRU9WNeqT6VRn+0KkJxXslxDTGy
uVUDGaAMKGVLX+FAL6iYaol3H+Ua1RXlvZqye3fL9HrIpkUj2XdEOkfCb++suTIkHmtc/SFKPfXS
6CoNv3ZV4XHJdo4W97pxu9FIZ10wd9KWNeV87SRPO9R6vr1fp9g2gCWurQk9Ugf0vUh2+1rH1u2m
CXEe/Q25xTRQgT/dnf3haqKuk4iJFQ4keXpGo3+u+eaTEwXCcceciVgdOUmZNPCwqHWvz+83u+n6
mGO6l7pZnhuDTqVhiQr+nm1h4KY2LfIxJmbvkc1TMWI9kLJTWo6cBP9GB4ybDeIZmaV3FcKEaIFE
GeZFsVLKi0xFvWGYP+Q+fMUClUQsBu4nCdtoSExkRzJEzLSoBW4d4i0pBa5JMi6lhbGTjEqrmMtM
HFd3HMhPoJ3Pgtc26w2cm6tiIKdgEyXfDCBBDkUIJG+JJE3WVCc9HEPW2gtNJEuWJqqYVidimZzE
XxqefUTGsRwJ5VX6LutS6qhIVZqt8UTK1PmmCETY1AGYYtNMlysIHIYYWY2a3lEirnZP9Kg+97SC
WYs8RHHSZyL/abSl6JOjrLyV+lJZ2c035JHcsiwKn1FxZoVTqqH0auhHqvDZQXT+VvVscjIGlvft
uFZeGyspgnUAqDcWtdAyKToWtfidhin6XoVWN5RcbXaefGuh2lhNy0nBb+UO1qWcNcMNBFOK42Ab
epk0H4HkKLG0OEGhqSQt+uQWa9004zYt/1zO8KRl+FlNX7hsC5l/Ln5pLS9kLo8lvy/KXnCVKRCG
5puS4CA+KVglWY0MKcD9yyP51wyOnFYtPAfiJuFlMA/fVY3aBNGptxsi039Lrnpwn94xSdY+Vsxw
afitYdp1SnEQvF9hi/qQeZhTEPq8wb5wXGSvs0WtYBknHlRDd6NsGNGOPSPVSYgbyUr2hqAn8CYx
kSw8PyZAk1iHTuBe/YxuSkRMuxXrwk83Iae/N6BL1XvQarhakfwOUOxxqRKMeUpfk6lO8F7qJWmp
VIrZmkCGgZaFqgDbIaueurRI9GNTdq4SYYNIamrhGDkcs5HRrd0I/sQoQjJi5JLfsVi0frKf00jB
zmnc7E1uK2fbaEjZiyArj0tUT9+2QhHMVqyUqTuMNQ3DiX8RGV+yJ+hbnowRphgwCnVqmrn4MrGZ
w8veOMmb86B2mNAM/KbWqMUJ/8b9EfJMmJvOqIw67BaIO857YOfvNwmHdBjvFDkTvNYhe4Jw6O3e
c4lEEUBiZWxMiVGpIxtAz3d5ssxsUHbAAFOLbb4prZa+n/oRjdq225rcQfG46RCdozubykP2m3mY
psgFZT9RJe6fzPUIVmxfKcuQ2czVo4xBYNW4Tgn1YXiLd4luQv8dbwqtEodTyCMpRdJ2gdKsVh1+
wP6TcV9dEfWg4bFjaFogzWOj3TrHs0ZwIB3lqSOyfXZShKJW4flP8SECE+Ra0bPcKMD3xOIyZhmm
8pZZ6ROjJdaV3qo3VIxuNsgCBhpfsPBqgD3Sp2ZvHFuu14q4wbMhNp21gUvEU4rErH7S5MjRj43H
sd9DjTuDNvsfzs4VA4RXsp/qUPqK/4clSJNcpABPbAesu0bSwHcu6YK14YpJcHOQelyTRCfra393
xycBNqlhmQHTGUZt2wPfregkHWMkW9ZNY/eBHBpOKw0itUKOUzNkXHqWdkjhXO5EbrAwHtNXqISZ
KvRi7f6BUvFmErfEJAtO7Bq45cLM2Y00V03bvQTGHDTH98gGV8wO8KR3A4XaPTgGs1bI1L1Gqp6N
fLLdatsh+VeATzAxOa1LZPHJpeea3Aa81CPdqWFU2sWX3AOJK1N6HaTKILTRsA3FG3TVyFDAUPTO
MJeiwehAIrN9WgTpxXS2qSeRR46SkS8+To7f2KMqqYBvy4LJ3QPXNcvjzrJJLFVkSbZDLecJIcR4
Up1m2cTLrlpeU/VD3iJgd1oQmsvs4N7g3Uuf2i1bnDw3kCwjndI3cMS0XnLiclGq7yTChTOVwAeg
YQOvWovgk03bMgUI0jXdCpZ8VY6wDFnBgEqtyrzh7RMnoNpRzbwR8db3Bmjqqf5+6YIRDQwOA8xD
THg2Kx5N4shv02Elp7XeC658Bk5VHfBPs9ulWbFMS98qn6zfWbrJvZlADkuo0/xXbX0DLKrbWqbj
gg93k3RauOKdyhM254ZdG/RRAJCfBphkWJhvU8ySbHjwtZUfyocF9ttPAGFTlG42dp0bXO1q5+v6
cYXlmk4W2UurljUW5K2zXaPOePs5RWtVo65HxSuf09sHJDZA+6Kcm/fQMKDDGa6irn2pFTERRfap
7ckPUsaNRbzK6PUurY6VQq9dKk/Le9ifs78aJPQp6p4UvZAMi/kew10kc+pdhZvcpkXf7Bdpz2Df
mNkkN3z5Q81sLxLy+4bHlaD7nwAwDzV0s0FNQiZ+Xja2DvZ3/3sdPZ1zmF+LucR7KDc8nEjuuZTk
Q4PzVxhwuzzWsOoxMkxcXhUi2l61DFxRIVT/dD1pJ4Y3JzfFJ3ERdyKOEv+rWOuI71wHEo6q+LQe
1pVuO5AEHbaCclATqg1dqWJi1B4Kn1kvZUWUHqo2xY+8o+yBHDVNjxF5xTn118W7vIoiLayBVSXl
Z2p21VfNo6CO58EpMLWOhjvJgGyfxrC0snErWo209Tin3jWdmKDe8MJJE9RrsrEyuPyjovUIjXcz
tTxHHqSMdHmlwQ/1n8YNAm9ltrqRWqralaXR6OnmcyctWv2tzs8lfduB1dDVYtfMO6kZT6OzpI+q
qMNFqqfj6Fpj8yfh+HDjwgtV45/UPWa+R/xwWuhE/dbJHCbG+WCkXUwaBE/Vu8ySxeBl6qkibO+p
bJQIdLWVFUs5KJv+lnfpHwuvzZ29UhadC3WEu5adMy/N18ZvUViDgEZHi5HxafpkH+cp/7pKdqyT
xlelqtthQfCl/Nm5tw1MrRcmoCLURS/8kxZOb1hWezPvNlOS7gZ9xRlJbR9FxRptRLOH453N5UtN
aC3RKd8WgQ+uVyEO3ldBIVDn37mewuyVCHZ9UYOCRqxP/LMIB/IXhUfvI2RsFqGyiD2QQJKKnkPc
wNXK2L1LvEDmzbvdvNwmUjCKffotVgOC00Q+MYQEWHTVuPipY1NmIh2xZq7ihGSsDdaMIfepuvDd
keeF5uw6lsYxx0ggiS0l2/4nqVAymgNSIlv5ebsQhekKozeuecVmFN4/3nKBwz4BUqslcCUnJmfy
QtzZZS+JHfo4mD8iHCIdVl+iOrNb5riiasTIGstL2ZLdXNEug+4D96FxR7IOXiaihBldaCuZw5JK
vl+TRlGWvH/ivVWeMvKlzmpuiKP+tBb7wWv7a5l9ETnxP5tSxc3aKbcIFlDd4/74b4Oo6EbIMBwb
ztGSBrwNyIvgg5RY4bNKrRt0jL4FgrM70wi2AV/wV8bHAW94sBXYVbpfUn3QanlEEwDKMBnLiY1K
TcHNXCglLokVF446AB9x1co88YWzOIb+Sr8BdPSd5VT1JKUKzbCNS98ZusOHWmP0g4MpriBNkh0r
GYOYto9duo1tXV5eu069Yhi+xHSaujUrCn4yBTRlhABDzVrlvPoBstI68ZtabkGgknmleqJYKSo2
6QJjp7ustGV5/n4sO8bRI7f1+OkCj4xX6KmJL3xckTQoADhjHKYoyyw5WlaaRxjTWTe9x18xfmyc
jPWS5HR7dWb0o4CAnmhGBPs1vgBHjPbJAFPFxb9G7NPYeQDMsoYCjbRZofWppx/TSusAwlEn4GCR
RpuJHGvk9l5wt76rbGaQdmnlUy0Rfoos00zq93UYV1bIBzyp/GHtrJ8EzDKNZYLm1WfVQNoMsQfY
khdG3UMfwJP0KQ44FjSnyLej0Q2nT9wGrg0meHfuuyRXIL5yw1ZekfyRWmf0EL0KpxxsUHiNYZ0z
hV2Fdblsh2mXynu6Fq0eDvol09ccCJv4eEhXeB3F7XoNM98a68mLlgJQYEBO1DiDNPkkqWqFyPaR
LqHlLEnGVYg94742cJFhZ2xclSTex+hn0BN+7llXjc5gKocNk6gO8btUjx2HFb8IkSqXIQP+j8ki
KKpVvp5URaQxLfR19apcfYtmXRRbAMLrvVOzgH/NYCf+ynk/gdzQunfnRHs5HpsWCuaOpx3DkVEg
ILZVjvCS1xdFi0d/T7ZKZYp37xeXatlDATeZZog65bJfGkfR4c/kU0Poo/tPJsgJMUuQb8M3pWcp
edlqLIr7DmdkMVDLx4/moGW/9jmL2VJ0bm5rlPhA3Jw3sOVjU0sfULHv0J115X0/PM9dEFGAWNBD
FkiCwkZMbWbuSRWyj4yaBrclH9rjLdP1slShWnKfrin71xwiNSakYkIrkHVrzEDMM1u2mkmUb7iM
O3JcJ0wZIRjWe0pP19RlflUgKVHQ3wYb/7IQt21pROzAeZoMImoQOm8Qeog5p3xDzaiNOWOl3FB+
Tr6lvJh7l18mVDU4B4Ye4mSl31zpVFWun3Oqb1GmHWFlbnCR2c1KUYDFOOWC1EIVtdOl7c1brIRZ
ebZPZCd+0Cuc5kLchL/cr9MhGlZ2mRO77ivesIU0sN9szo6O5r6zTJqkzMBgz1NJLwP9tl5QAui5
5dVU0CmiiCw/RdpWg4vG+7eaJ8s500FlI2ShLZfMRhqDjpj4RlpB+Y77IcNCPc94KC+hzQgno8LC
3PTBRttEPhNVSOyKREmLqllHkY1JdtEUj4uoUlEjXpSqOCOJYHVluHk50WuqqDm0EjfpG6NVrSht
aT0Ba6lx9Z6JcOS/89WzGZh0NbixHyuIa971zAUmTtylfosWhUgmxh8bqUiu7IEmlyS3KCYhtTKy
Req2c/uhCFZeHZMNlWfCIEsNLHcKJNOStupbLeXJN5tLPu0tLKf0WtI5jQDVNRJ2M/LVXmfHpZ7r
tHM6uB9KHq1cNT/uVFY6liNXK8NA7qimKr8KNis3rczfHVairH4LOK1uV2vNpq4AXZhE1j+/XpSS
mbDIWL9ttRe1N93nS2xaWHzA15q9tJhN6mdnVy1eBir7siKZSNWAsjYZR1YeSknijVbWsnZP6S1D
mdNONax4Ztr2QVwuU2/PIV52VbENZIbmV7uaR0d7bKY4Qma+XyMMbaZ6Yxsqb2xscppkwLiWd/6c
01zKXt0xMBaSlqQS419e33DX5jfiN4+0T39BTePE4i9DA3gUNPCwet+sA1FZaS88GPrUlLzq6AcX
tXevKEztpMzuLoa1aqS6DJ83bOA+99uLOAd9BBJTZ/u+SCr+LhhK/GI/ZOqG/xWYeacZ6ds4S+n9
5a+cuPxwhf7DPPv5s8r4u3M8/QNYL3Wx+7+Zjf8LZvg/BSM7Gwfz/+Gksv7vXy18OgkhIUEDJxNj
/P/FQlTE1/k/Vpb/BxuR9f8LGxFL46usxlS5LX+EeiPVGIMYg6SJJsNoKn49FuOQnmkoOIPJIJ2e
6cl4cBo7zCMRQppdg+fPbc+z9zqsRrOj0/lTuaomtdL57a63dujo5T3+UOIlEBC3zsunzDYEo+Jz
sTHV8xo27jiAG0BuDsjyqsvt4OdOrGw2R/Pn7+iP988rBezb7E7x3G/2Ze/jrwpBca9EC+4vAexH
i1+o6vbl90zst0brDlfn+4m/wm96peUvzyHsL1opu8L17xv+j+t2tUgl76871ayi7TLHVSyYt6TA
SYfKR2HvlkfT5bp27lIZb/Rr7+x7zoBR7+yWJ/Kyq+VmUShPNbnwzeVqe7116O8g8tfp/m/qiC/v
4O/t823k72nj36LTX87XXQYX66v9rxlcYPCv1Ofd91/0r9xX/p/Wwc/ny96NXyzyA7guCV1kGWhx
N0C3sT3zHUQdXDdI+dHN8CE/ev7Ewr5KPp0TBCeUNwpfcF3AEMpHOXLjJa3+UX7aqawwsPc0LYkf
wZYO0Aey5zLSgGdD31Md5B9+NQpCN7guSNyph0eNu823Xw8AkB2QHS47jvw97QCYP8a/MBN/Bn4s
R07hf2rpXvT/WNH+YuL3eUQ4MkFi5ncGXocwTn2FiQwbsSjIKB1jDsgMReUQt8DmZv3wuyWh68SP
Z0CHuZHsYPIPYE5zQAYD1PkBkYOs/Af62d8p72HYQ1QCngRwOkAvoWPNfkO0hLxhRTr5m5B35mHs
u2+BcP/9McsRyBKx3dBeuj0HWyH4UbguLQX2SPl/6Ak/GHuLQOWjsEer/XsGHXtaBXLqB+G32ud9
J3MHmgboIwR3h3Y0OiponRd+BMUG8zECigd3/4cWMUpUboiwiqdRxXZgtxB7GnR8p57aA7PjP9Y5
y6gTTj1nP2DZWDVHOFrOgjI0oHFPuUttT9Kd8YbLDfMHUh00fO8kDgYjDC3O+gxSMUI76BRvkwx7
EY654WpO9QxXi7cKAaXCPbBmgPZiI07EuxMoTxZO++rynWHckmWUJp/DQxbSdqHRG5sd5ddwSPyM
0/SQO+BNDXk/CEsN9A7xNsDJr7MPto43rl0M6RWeFa/nDr0C0hNOZ/KmTxbOf4vsG7GeH00gYuz0
Q2tJTNKSfD9U7vaqN8322duVAn/U91Q5TFG92KbXyC+vXSE4G68TIHiMu4G37h94DFwPkyliG2pb
qDV+Rh4YoqTqDegagCm+M/yXrwsOGNHh7CWB3JH8W64tzXM8x5D+XiIdcoI/ZWSEYwNcBmL6xrEA
Y1DtFixMXElRP94ZfqYc2x+UQdNvw527ATV6uDKtcY/nzfGEa4sPbE3PGYE+10pmbIzu5W+b7x4I
PwB62aRfc/wPD1m0ylq68b7VAKdLhnkvk6Ya+c2pG0mro9XBJNFcYs9ZdVWks12/6TD6WhVFyhf+
DhhMofwd3j2qMZJOYKmC9nAOXHLneJCBbCfwSvq6kM/J71HhVyJCSL0fO9U6cbWxrNihkklQ0XMv
nQ6TWsvQZybjJCibifgOJeewd8KXAqzETrFTeQoqq8qsIquS9eFPYbwAHlQZPZ9BOp4QUdaEk3Iy
vmaaZcS4OoJGMZtMqwkvBeDbJtBokmJQbxCIMiEaBUdtRuntjN4l8qHM2B8UMpeKyeJWpHhiz3Ju
tE7Rd21nqnxVGGueUJxtJl1Rhwa7AgvuB/63NgugDfl2pUZ4mFDeDRSH4LI87CGm8MwTDoUKt+ov
B2NABR1+wUOiwaC4WkLTBNnc0eQpekvaDEVQyU4L7KTWv1BcloeQnqUgz9VS3qBUx29zu+48ccJy
Q9Uo7ZqZat8tMcmUKJHMwyZWmMGiuAP6ikpHP1eaOoliBu1cfkNXCn9LjneBUcVbmGGRMlVPVbZx
dqm0fBa0DPS7QqJpgIBlM621lFy7j+hY29DsKGHeSyMAgG+w4fDo1NFL0sbfUf/dE1lJFnovgJWc
LSxvmHmS7sDvKEn55RXfMe4ytychrxTXcI8mvZrCMb0ja9N6THIESqdhqYJqQc5JF6rbYJjINOyV
0Sb8GqMGBht+JZ55m5uzU6x1y5PdVPepi6Bz3crFdscSDS5q8cYFYV15hycNc24BrEMx3OdzopZ3
mQnoZnPCmaHabWnQZ5Tgtldxe3nsR4UEDh2VTZuP+16/eyU6s+hQL5SmZVuCHTUJq5vSwevxNP5G
QsxpM7hH5rcr2JFZqmW1DSI7sRU+D76d2Ibkl/vefNPWUAI+xzUuEfjlVfxjQuCOh+Ta4cl5DrNh
ePE8ZcqyWmV345J2wGYxJnSrFeVijEaloDK64WBv8HfaOvpniJejyoPyIjtth/JN/3glG6LkhQGh
YwwTdrP3VEuCPnjSLXGF4OBDVxJ3kaqPhoe1mMIPoYmnmfCvl57hOYwuEgvNdbZN2JfkWz1A4mnd
t0A/p2Kegpy6WTcWXXeYo1M0BLnHhaqwD3lPCutaMLNvIipSijIhZUc8XU1zHf2EW2E3N/O4W2M3
yPPkW4M3URf1gEZvaJyQNZkPvlh0kzK6MCmhjMpTwkQBihKX4qrQTJX1vHOEuvKba9/2uqfyohXT
TcHF6Wyu3Y4ltv0EYszqRZfzwjGH6M+eUklPdXdyqddA82qoGz13U2+t0T2gm1IXTBca/8zmQMXf
6CdFH7MbJn2mK5jE38E/AxvqIQBjGgUdgORwDByKVhk5fwa/7hbRFV10Rifc9R6oKztSlLYd9Glp
HiyX3BVf9lQPbZeYG0Wh27V7l7u3jxf2JQ71sRSA1C9lG2L2n3c32z3BPjN8rElAjv/eeIY8432q
RaDRQO1hmzjlu4xCBGwA6sWtAd4B59M/Q95Ec7j8zcKCWodvXfVCsoydcLZTPsSHCBGUie4n/vY/
Ttx/Dd0F/wCNgWzx0c6ha4FagaYOrvKR3CNX/NMG2B1xmrG1J7xD0fhVYYVU+bNQeObJ7Ctu9bqx
FTLLEuAf63hiOcN4XWkO9kZ5PSVBEAWT/mSWc6gryAFOA6DcRfo97UHsiOwBtmGaQU72de5R2aET
8cnfkSwDZIJRBaomtOzZ1EdBCW729zrMm7kMlakHWInGngGCMXCMeKVzhzQ3thacHgzXPExJFvYx
KNrlYt80RiSWGyIT9jXe6Xat6yF4p77ABeyR6nEnReHH/9mIHCZor8dC99MOoSU8JQNoRJI24sx7
nPva/muFnlLmHsIz8LvaSjB5B4USBRpm/wL9xWjs05rczR/1kI0afkbVM6ul+nMZsWAHnNrv8e9J
hxv339J/wYfb9Y8J7CSAvP7HiJcR8DMItIDeHX4ZivAu4IoHC0+xjRFILEuhY4y6IdIXtinHQVPy
LZrpcK9O9jO0o5k+ft+D6YDHOukm7ygyX6IYNHgMnI+eksgUEFMepQ3RKhQWb5a/dQ4FKcpQnfB4
mGSfnSmzM2q3WN4vrV0sJmE4vuUd8AinObFnC34sZ/ipDtvEYN1QlAOPWNxBFw4ySHhHLtFa7idQ
bx3irnVC3h3LAbU90sW0xs/GG+UB0Dt2V0+9LW7ceHGOfAjOlSgfX7Oe5UyEQjQOb104BDJGAvZB
a1BAmXxB9G283t+LeNN4ClkWZcbOG27VceBwkhibiHEhuAF50RtYI6n+WiHJvzGc1k+gHPjO6h5W
idAXYKpIxc4QuCRICxaVT2Z/FM7zbX+Li2f2T6K2PvyDkIOoBo1/EXGFwyDyuauBv1mnde8ztCpx
zmE2EZRqdPgnfozcrMxOwVUFh9K6gLfqV7clpIGcsIB+tEbcf5QhJdJ7fYha5Zm/tSnaEMY1D6fK
XaQVJZg86WMLhC/lStj/Xk+lXJr8s2SzAHecpJIqpo9Yi3lz/6PRcaYNvG6w2gehTxSl4CtToerC
nB51oFNpNPJS88B3R/I87T7bFkmbwLvuCykhfLvT7Jx8QbEHdo969cqKvO093peKKTLLlj6cVnIU
A3UKV9wM3SaTe8PkCGTJQyTVorIm6dGG/0y8wlNPX2Xw301EvmyGLJBxrobziLIRh95RcjeD2OBd
iT8HwoME0DRvcnwr29vwp1Rd5hoilTHIqZpz+3UPSQYO/t9Uo6y3csMcJmlfJbfpToWMEtFACoCf
xeeGM4ELZ9GNFnLFH9exiCHaUdu8nYZAgMJB6WHSacXr5Cb+yep9EnkBN6YvhI0yL5xf9IWyK1eE
nMJMQ1m814ril3yvWM+Srwi9CNNqwujOKqzTd4V7CdaZdSnVSp5zL1y3hXTkOubm2DOzo2Mzr73U
8n5xwinQQlLTUY2eoSurHSRFhI8aWl3XnaIRQ+dbLb91pu5p5EDWBZUOyjDAj8Ma82XIwFHntDMT
t6tWMFg01zZTcbGFULZwCfQ6Sps8H+O9UvdadBYXcb7BVLX24FC66YBMBFpSW2i3rGf8Eu12tmDq
Pc6QEs/LDWBc2c0oGciuOFdgH/R3gmuKOuaxxJfoROCqV/a3slN9GZbXovekkzJ1E/W96PhlNVOP
1opOEFopGebt5m0pX+NyMKoJNdQfwiuLk/k141dDNW1F85Pi6/z2kMJ3tkpJjeHmCa81O/Lh+Fu8
vbimL64G1mK6nhCF0OpJXP5Y2OTjGyOXYNmJHxppiMiH9/a7/XSbnC/Nt5pA4WkFEB27LaWjKbJr
o27Euhby7Tmuip50hwrD62GdhZDOA015d3q7LgmCSRsibYqrdXTEfkpccalw+CSZQh1R4WTaPBUh
aDKeCTKC3KQfJHeCC0pE4ZKC/YhyBeGl5QididDzxiRBJy7DWuW4P2las2VQzSxPbWfVk5q3sExT
OwpEn+VRjzSjSlqWH/GK1l5Rd4uZxFDoqpj7lIcId3LbUF7KpXube84/FP1jGSAywCMPsgMdfNh4
dch2yHJCMkEg/6VpmHaudCrfUGjgOsrMIq8CgE6rdiBZ+jf8WiLIrkzNUMTavfcs+pCxkd5hpUe7
KMaIX5SGbqzuF26COxC7sj8++u4kfwzzWS+gWVDYfwL3er+UG+EngW0BO8fW5kDmprgDv5REv/7W
wdmRmM8wzjJv8HVhZllh8ciLS7YFtUUwtRHfYupycWL5I2dnfEgvZLUq7v7E+QlmAN78Zrvg+WD0
0OLAr/+mBmL08e3BemFoQVvUgZIhXYnYBhDvcZ9gCgowYx/JJtEiedWd3BNvqXwBKejnCLsKC16J
ORGUulIZNtzDy7Tps8ln/0g65WSrycEo7iHrgJWD3Dy0+o3v8fKJ2CEf8+C+wSxD4+XFzAFZUUzz
v4552iFmjYISru45ZmN4+SeRpxyAHpXsCEzzwWb8FCDWub3EeCPinHRMS4a159QL4r6X0Ch1xX6q
0aFGhvY8nvK5gQ98HtRQMOoxNiOGhQDqIS5i3/dDxlWvOROjDZXxKQW9GnMYEH/GYUY5rOsPURTC
wS65EsbuyVAjb6W/LfYGhxOydiQFSF3WnWSZo30PrmZ3jAApZweiGgS6+w5o1snxsXojZwAIhINu
wjwJihr8EkbIg8WOVJ0xeFMvQ15G+RrC7meF8W4BF9KAUyCOYR1Dfv/hCLa0KN/TLemCTdMeinVu
Qa0x4NYJfCff7HMRvoCrKl8u3B4j5CPjCOQCtBZSTZDWE32GBhaQVkdHClFcQ7L8ywt9K51VkhFG
zcGvT6B49o3Imjw1o1SbN3qvg1H9lTMNOiHvisY5Oye+Jj0/6yXEJca+wiHboNjUhidNC9dTix2Z
awK3x/Prb9QnDKgHvUdKmCodsom4ueZ3Br0wfkPAfGzkF28rSoUChWhdhALuIxZ7pwo2UoY9jSCf
rheRp/W0eonAf7AYM3vgsJXTTjlOPXbmJEsT50O+VnZNC1NxWMaOBQ5TsmJnWBfOOQrM52hOnhIw
9wRng44q6HMKiwD6/kCkyDPtFPdFSq2vKalvbsmvci68TLQvoh5c18Ym/zL3GctJ1bOfTZhVxY4G
O55KPltyI7+r4EVrXR62Iqx0pWdCuSEga1JcAMocz1aNDmbSSDCEaczCKXf35zHtI5cxFhvANrH7
tTUAOyFCILSUb0mUGM5R9qsKc7RaWZKJX863QOgWdxW8ih5Xnp7HOGQrTz3HwahhboMxEWnfNclW
3ZFELuwCEyoU3mFq11Su+oocF6F64XTOVi+2C7BDk1ueK0Tk6PolYZIFxJQUUSPRg1kzkTOOb5BV
IpdjOSidisQpRWqtrbz0P0mAjKGxFx2E17Geb5w2F1J7yijEKnVSrSbV1DSxhfNLdGV4E44sWZou
ku99LvWgYVU/ZeAjVp2C1ZRuVtI1u5iBVRXWxI2QoxSqrjlmU1FYZdt0donbxwAYY5mzoRHEdEkS
ylaILmBcjl8fWmadzkDBfv9v1Bwyoeb6eNrUT5qDyfdSLsoW3iiXuLKYKtLUl+0zLQf3wHnI82z3
RuVVQDjOB2JkzsX6aie91hxVHdbcVjm11w7CYyFgu6+10x6amP/5nyaMFcoIhJbjSBjRGCyMNSYF
bQ13W/zSH9OltdBq3DmhGDh8cqqBsErxDa5AvF3IdZUi+GEW6pBV9MFk7SAvTalf16L+WkA65qUy
Amy2a6eQzmO7qfCxljP4+mew7kmKQ2uZ/NAoYCjpT8kRJrqFppJROXKGzIlLUCBw7pa91t2hI+e8
wvGykDPdYP2SlveEyVVDb147KEo2bS6l5tn+7jRF8lg5ePmGq6hubsmuUqK/9iq/NTNc8MDACToy
KaeGzgthtN3wu29N5zRUYStoUCluhC9f53T4icCMW1DaYDkVZTQe1MWHfACJcxsr/YI3qoz/d3Ak
syqn9KXlYnMS/vE0kUHfi4AvDf7exxyShr09+8TvNbpRn1d4XJzr3E8pH26rtk97EjG2ly8sUF0a
OlRqYTXldxDZBFvJRC13t7ePkdxM3pKWptLaREedK/fGZSIwFH+Tv8gN452wna8g0E360WeOH0aS
C5gef0TmFj4p7FDKirMs5E6am2Slv0/idO42XKhQAMRpD1XlrmPu6FWqifI/RFmFjtVIXKtv7VBJ
3qq9af0+LNe8WE1ueYXAyGniAfke4Rw+BFx0J3W79svu2vQDfwP+swddRw0PgQuMC+hVJ2VGZBea
9Z/iZ1sKfu/fOWwzlxovKu83FaJzdoPg7R7l9t8OjW4Fmx+a361tmBa2TibTsMfei/+TxxbnrhN/
LSNgkQPABgp05wlI+5XVS+fDUPm8muTW5/TGTARKazA0RzMnQBs66seYpjpmE6f8jZX1R6XY1C87
cN6BIsQYmC4aNxsX8mLvgek5z5zAHsT1dATZA6f8i2lPflY9DrTcZ5yDDQV0c0fqB9yniYf9hXXc
lwUHdjoIm8e3517FXQ2QOZZd13NQB/eAzTkZPvdqV2ZAdxvke/7XgM2hr8t/UuB0c+GNwrraEsty
5MT9Mqh5WA+Hckfmp7wcNJfPrIvyDjJ5chPALM8yD1QZFhokl980jysMbCa0V89xL8We5x15HfTW
COuMldhf8t40wzDi+Q22KWBH1mVgcMrUjEh2w/Mhd09Xq3XtlXgvjRCiCOsXiCflVp4OSBXv2l1S
D3MB+8+elxFwHWaOX1WIAByuIy4Z/0eByBVuJb+nHP4Z5jP+JoZn5LJD4Z1v3WrEixE7r/ROgoYk
U0v4W3vRYG9mkqJnCx+6+CbX6tDSt6Iuz5iOqeUQkxHca+QrXHqU95PLV8seuzi+zp2cGd6mHyte
xRypF7nNaOh+bpm/O918BJfMMYJs26URZEPkoqBUCfGHgVdAp4mZPuuc5lcvPOCb5Na2sGHatC6E
a3D3OScVIzhREuq0KJufRVVqBMCrAUEZdx2JS8YlKPdwYdlSOdiuVHffKZyQM8FTEnTBClhWcggu
oXjR9Nf1xNOXSMm2nqlNPeakWh/9a2RBKpnO/bR3JgWKz6tM0iz8BUTh0U3b40TZEGcLx10WWx8s
UPcQgAviW0Rzo8ZezRHzCzFHrAEQC4HfBhG6tGuxD0IX4vXxC4pLUpZpKCRPueE6r/AjdGdQ3SGl
RXh5uAOnr70F0Uq7yLlsOac2tS9pBQVb/uP4qXLZ2a4Wjj0WdwYGKG/BquNi3vCTpw0K4Ymqo00d
8S90WBbb6FMi9ImjNeMYzyCln+iG9IZ4OslXbQdRJp6GVdXRv3v3U6VRMuFYm/CqBDpqDGVIWeLi
S8VrpQbqqhly5rDyx9ptBGZ8JFae29+0sQoZ78D7NUYxABuxWfmzfi2wapLCWM7A7sTo10AhtVJe
OEpJOc3YklZMpwKXCKMIQCb5uexU/F7yw/GmEDyvMctW8dv1Rf9nMBp2UyfUSAQwaBlY1Q0e6dOU
nkL1Qqu/ZiTikzVcl1uQDyCH0reIL/DubBMLnlJnkC2ZYYn4DVpMxK14LRqjca2R9MhDRipkdnnK
WYuDB391VQ0Hb1wEs9kdPpleko4higkp2iO1vfALwKqGxwrR2OE0655Oo/aDQJH2yvA33LERB5WE
VdK2Hhk+6+SJRsm8jXDhMR2nBFkzahhNpf0l8btXE1m7YmYJeT3f/2mzqJWIAOcFRwhVRCL6dl4i
AghwcQjVhCMoNBiPrtew4+ifFU6l3usseRnq5le+zkrCa4N6fWefDxCv3M/6bzB3bYVL+gcvzfE5
XXpdz6H7KM9KjkOrgveinlPvEgs6CUIfGC9DTAw11A/NPAYKjg3UJwZOOvOK5Iiwidl6d0PKjF4o
rcNM5RR9cCesQUUo8ZqEdUHBrAsWHUu1I9CwRNE6jpQPs6zjmwloJvYt02ASgHy2FiXEO2qbGAo6
8JjXi9K0xQPdtOHUbHCLQVagFaLYWHJIMPGLLC88ahY3ZVlZj9ZkKGLIk/bl02euaUMZaJ4R7HPz
CF8GE89PRMypRK5I8sL3iFPM3vTiEpVRnbrJ7qth0UvHW2i10f3PM+ML/1bUc1joWcFqNEPqqwEU
Y9NNOw8PFblrkVIyjUSKyKVjoOOccNrpaYprxM6utfNQxjzAB504q7Phr1ej0DkpniBIqO8ryFLT
4KV3y3SegZuPVDDHgZA3XsfeTQjIyyNY7HVgWKbb7OFgbOlleIWI4dUPefV5o5H8c+ihzG3++u8M
WkmMW5xtAwMdy6/9xEsjmUQno4KRpbFsSEwmmoYGgoRPBLZigoBdLLfqQgBEuKPyN8F4nKbag7wz
DWcfoygmvFG5duU1dlU55DKMa0YlK3C385oq2hbnqE5Ngqg8RJDl7oiNxGRtz51KcfJyzxRfGmuJ
gMLuzpdb1eHqWX/T7zchWNb3RwkZMIBQAD35Vp4eqoDWz8cJs/XbWZrheyFfH7Vo6udT1N/bv0oE
v6HUjycprO8Evr5u/KnvDxNkmPcnKfa/aL6+aX27/2Ss+PUcnV177e93IhBAv4HuP2JQ2YdQwYV+
nH4YGGABe5pnZOeBtX3PejzVGzNJs4mWcRby2I/g3KBXe3RXnFfKTiTG95JbIg5cDatcUbFCo2vb
0LAXBxrU+XdzuQjynPX0vxQtyd5y8gDNIB8PB3k9vrZPnMyzOzVUfriBnf08e6Z7vHcYb0BH/Z74
13nwRzlmAM8xRnXk7Zylw4h7uBF1Q/xG4TmyvQKY05VnbOoN3XHmw4PanEBb4cayJHOajU2yxPjl
xEhZe+Dn6DXYV8E7d7EDVnpo6FC2ftV7nEJ/K3gYRiDdYBoho324Y65ofssNYGx+XPsO4AhX+WvC
JvoC3tjNOB1GvTO2Q6xrIXWyhv4X5XRx2/tptLeC2o9EErX3wUgPcarkExt+zyJHf9HTfNZ9umPe
TLiRfI5z8mJcnlDcIV19GwYUlKAxg6INA2FgWXulCXfvzEOylbzwFbiSPUQ9Gk1TVI8VX+V5/p8T
WASXgjp3XPuqDz5vIhN0LK2HfzwRcgD/nlF50cqF/Q6u+ClSY/WCRY2wIAA3IsPgNdy5fUPT5WII
UBOIvSKyRWKPcBWjKCIWxdgUvJ7RMgw9/UuYvnL0LuMh5OgxbgUOqawr2AQnIUPfaye4wN3URPed
Kqz4ubxxVoCxh+aU7gYIgqNThe7CC5x5K0l855PuT44FPwleci8n3yAQz1u/oRJNv22lOxzZmiJO
MA5BBK4NpmAONAYAx+QfsA+A35QmIBcA77w1kt7rApFNCoPVOPK+qeX/4ZEr6gNDlcsLEAsr8gCb
3P+7rNVn7Ay0pWjnD17aCwF4/vercaA8wHBaLk7cMZqLNqNUAoHhUHlAt2CHbVxzZq2dlJTonZgd
dUUZVvK2ODMpzKFqL8mjlqBocoqXaj6g8T2FyPSe+ydxGLjKGJFIKTxWnTzd37jxbwLlkNBL2fLk
CrhPygxyC4Jsynixt3CjcaSS7PDqEdoIS4IJBDdanI8Sl2NtAo6CbsRpsqlS7IKMJT2U9rrcqkSm
jpOAPR8b2AMELbkofyQQbpLD1xalbDsuG4FW6TfKBxVDeeEYfiGvsuGb6RCjUo6Qg01gR8w0YXrZ
//JikSoThbSCW2uL1T3qEC+HrVC7RQ8Pw0/daXF/4rwoLAYnUnlUcynyclfb6YdLfZLlsm9gp70B
FLTB4QxG1jmAeHYelo9gw0BdBkVcCoYvA6RR38hrwalj4V3yVQPB8LLEosQaLZ+RR2UHqt0IqxYD
pZ2KUVgNuZnRILNgtJuJaYp5bFH5mfJeqb6SVIl3kRGd4KRPS5So5sSL2km+B7AZu7+UklP9l+SV
IlfDyLzOsdoFm0tFxeCHureIFvaWyK+mojlgk/GGe2vSX8vTQHwrnjdUp+BCwXMpvL58WCFAaahH
A+JU6TV2RGZAdSxyE1gmNkjoJRMyDBQnH+Ow3kgh0yjW0Ltk9QBdTHex1in7NO3qMdtzQLJngCPA
yy5ejF5y3Dz6XWdtQxkrA/5drn9lXK8AKQhUdCcyttVYLE86E2+b8NTUVWHcGG39e69+7Ta4k9AI
z41odZp9dQdDy0b7DDd0DYuvPQ1JTVrltotZvxOjzGQUGDr8irQbMx3NTa4STjKuTmFjpvcd7fMj
NQIiabpTn7wB37rORkbRXFrI/M7Y5XHi/oCCgEMI+0spSgqQUMUi6TJMvbIHvHd6cWQKPt+kU03u
umH70bNCvmqNy1/PlOd4Z4wVZK0EaqSgdfxZoJGXgOCCb6VIqIhJFIs3+GUauukZ0i/3Y3WWo9Q4
J3YHSyGlh2wFfYX2TPn2Jb2k404KrD2gez70ymDMJ0lcZR1m7874rh6vdyWZZ/uIS+wPobf3n8ns
ZhAUYzDNdRnkqaMf+yna4WNfDhPkmLmvKDU1YsamyC7NpoUPio769hwD6anVE6pt2JU6lN3mnUOa
ZObZCcmjFFjqT9J2rbWYke5ydeTTcmR5CgqbBful8wiVp15zu+J4sBhc9TRysphfBTaNJzpT2WPr
Mu5WA6XUxtyKvIsi2+pORSf7vtJ252Vday9EaCYPwuIwUkvT4SvZXDXWBYy4jiIf1V/pmetQwKMA
Rq2qnuZeMBQ/Ex14LdBNt8G9OD1KeNCcf82Aizh0+7/eAGuAO4MWc4Zj4jUjU3OEJ5C1QU9YMup7
SxG5RpbDJZ9C2wLBJ+dfu3MrL+6rodv2X3jV/Toek8OMYuK/rmOeFD0FSLg3NVQw7iE7YennNwq0
fxjgc3bC14KbAXoHYuNIfQgLADgnbISuBjQ/osDRaO8x4LHkb1gIQuMcvkSAxRh9CA3hfTt2wsaN
fR8x4S+DEr5EhQLeg3bC+ov4/3n/9flvd0u/Z/FR0Qg5y0PlQ1oEfwacJTzNk75zZUL1DIUW1R04
PwK6/tsdrLzHESc2I4Il+ELpU+Ju1q0r9tIPOMWJxgS7Xrl2+q65ojsQSzy7mAtRQs2T5cytrTuP
s37zQutJMPK9O0R8XLzTiRbDuXe6R+Ocu9MBNnLsc2vA2AqxJvI7OPreFWF9yNrrMpeQvfdCE6tY
8r0jTMqLlmPjM8396ImCCLQxbrkKOo/f61Kf8XnyQpsxLvG9M2T5ROaZ24ryFbD7Bykd1AtMa/iS
/u9R36wBuhgqNyZmlPeIrmErOW09zKwhadzmHcKWwMWfXHHxGe4wypdwKWbbpgEieZn6i+QAybN4
i8R3Lu/CgwjG5PWrdGKsMY9qd79DmKB/X0W4o28SmoQzgPSbnQElU4I9ImmcwJBH4lCjOK660FRR
9BHZK09VsWNby/efi4rGxPLCz8vbutU38NS/A33RA3D4s/p2r+xiZfy30vFSyCSfOGQ74R+qJAma
H675MOgyNKC0CUJPKvaAbCG9MA/kaTMFLJbgu6G2edBfxUwxP/3gQOxfKdPKYpKnBBWqOAjCDaFQ
6gPKAbtUMsO8+k0GhUKEkw6+yepDyjtMER62Rnw5F3nHckeWHT17IOBziMAwfZQehXuExIW8YEl3
6D5VdX/boz0EWQLE9IHBsWf1Vn5l8nbqcUSdRG5E1EgqFZBCCmzz9uGCbQQrtAnPCcIy7VU5Tgrb
eMNiawXP4sv8b/cBlxpVCFWRRt0JHXuKLcFH5MOGH2K9Ap1rggpYCIT1Ypp6xAHIC+nDXHqlz0A8
QsUJyeCeEcINlwtyWZo6pZ60ZCp6I7kLj5EI/YTuNscMp7bFokxcO/mv5anFOosxS1m01yW+FQOV
NWGKSuJyeeXiyeDVKM8qzUEb4S/loIQswyhLrtjwtEreBCT2Os4wPyVCpTtkEEmNGClUEiVz2Cq0
KalmG2nSEQsd+3sBFTgezAXRpOo/dD/Ztelw42j6aMYQVA3pOEBNtbh4bSbrAJnEs9Cee30KG/ao
Ycko6LsFlkWfUf3vymkTazmVCVsMOHqr4ytpgkI/lClpq5NyRx/+5tKsS5d+myUwGZ19wC1kHIxl
usWSPkvbrPrx9/lFtiaR/M3O9vOoDr37mkxUycHM4PFkSSvURaEMcxoxoRSiaqH6kEm2VZxhCRWv
K7JOeRmws3qolbdAt0g989oN7ce6TdKtvE3RHtpim36moef5/fiE0nZ6ZkpqeLivdPad6Y2Famur
XKLq9xabmCYZm9bX6CNIzMqes/ao2IWA2Db1TNopioG2i1ZOpwlSn3YnwL6Y38AmifqZezHh3GCz
bCwHVQp6mijqFRhwd/QPpnszeYvlgPkOVN3n7nPmq4t0B4kqGzbDM9O14Agdv1b/a51tvktL6b3D
aXWPf3yzsTfg9WMlhzqAnmMtpLig23Fa/EwBKQ5v6RkBvqFE3ujOBL4JzNPehAJ1kvXa0uo1ejjU
0s8ZQtZEScIGZIJDib+xF5ivLB+yjy5gmY+cZobCjpnFwwgt/Ul6fAOee19ovRufu16x+kElu1/D
D/uTzsmOYHhScvtsm4uLYI1+W7hlevBjIdfj4skx4DvxDvw8RNN+b/rAQ3wmvQ3Qbs7jm+ZswvYb
R0Zywqwnz3Iwcb45XLxvDVPb1lYX6e0HHn5s3K1maO/iUT2F+dHYtnja87mSzXg06dJ2zutQsQxt
2FZQDAY9THX12VvoBXTcBH+oFHSTi4oKon0tS1ydpe11eWi6Freu084w1gQuZKMmKfgWU4iayZJP
k0mkaSSpP9IeO41yRh7RhY6QLTSjqhxhqKPHKrVFcqPT5d3jxMPflYTANoZfaiYRu53MKk8lELVs
K8WOzV8WL+w71e1+lsQB9oLuM7Zb48MlLUCE0hMdLiUOZYonLxi6ZWT1BcR/Gp4uVQMnR4xvrLe2
P8t2/zA9GMw5jI9khMAEIvhpP9GUwXD7Bws27qGsYZyRrkLZgobGgYJhc6cSi6EVnCQl46jVoour
FrB5ZvuiH2am1gHWnbyYDEh9d1pUtKW5n5qTpIuBeXuvSXKUFmBx/sEclhQiFSh0h5yTmrfmJXqH
vgaRNXCeE33TuaLFjoIeCO03HFMUwv8OS45bF7OhiaMU+BtS8qDoFJyhQ1sZ7Q7b9ve8Mhr4ES66
8HNHPrt7SsIq4HhDdqTq6i4g+fwTe9AsxNsX3nWVBkX7l9NA2Y7mjscFWyf03g7mGzPTn4dPcQxk
SNaYC0PAVnigzd0CtVOiLuI3WvnMWkpUy4aHJn5/90o7+DUstcbyYPXYZRa4LA32fv148F0Z+bDu
aUxh19wn1J77hu4Vjg2M+m5XgycE6M1ZKXoIDqAZ8CNhLcimCOjIXmowVQGwDljLwwPYRl77ELdv
9mxSHZVu/Ks2L9zaRgdfU6TZiWCLtrPbJPaZyzejVnLPYEb5ui+zTrGr4Rd2zwgvLV5f1i9UCFiW
jzqswA2DIVl62HcA/AHfJ9qS34qE68rQE/setTW+J3BKxTLddwz2IyjAZdlFoktcWLaJF3H3ENbp
REyXQaHLjzt++0ijAovkXX6coNuIkf/kBi7l/2vM10iDLoH7jDSPkhzzDdUhXpMP302SI5GiQPUu
eUn+FYuwgIEYr7KElpwDfPK9+9k26CRdbRLYzjbFUUiMC3CcS/YEwWFXYFhNvvum8KK8XdUYn/pY
BmBkDuXHe58+e2D3D21e6SPNgOAnp2De3RePFIxvkDwjpDneY2QxEPIVgUtgUeBeE19JFy0E/BVT
MxINCkyDV6JRmAYH6uebjApWBb09dben0nGiPtByhvZid7JH2u0ARX44Gn4XhIuJKsSOAOpJlDjg
rN6kUPuZ3EuEOWAc6Rl1p+wMsmnYI3CsEPlBY0LMgVWtsvJo1J4PJo6YjwSsWshkquQpW1WEbaO9
faJy4LHjQndGdiQPZO5F8SSOso5ewBNpm3Q6jTdYeNB2MW6e4oA2A1ECPsMYRB1rQXAD+bCGXeQ1
Pa8/4kRkcAFR0lfisytZSbnSQCPh79av+Lv9UbxeYkOkZdxDEqcuF/lu2dQStYRvCW4Jlw7bzHox
SGWOvW0TZuWLK9hiXqC2qRNkO22r9jauO/l8Jcuhwjj3E6eDPzNf4qwvGYJZS3jBURqLQkoNvOVr
JSuFV6eHQtFFGA/dW2Bp4J/w80oHtN1RFrQuEp1RqYW9f8k4ijtXfa9n6XW2Aw82RZfdNoBc6tBo
kngr99g7W6da7w5yMJ8Ku3SMstkIyZKtaZ2jhr9GdMUpWHXy1DIVYE7mHnMcUB0IfmeqQJONFHR+
h5lx60N1CYGBUj+NVdz0qqnEfbfh4uaMa01pCyZ4rBC1pUM9GEZBLKxtAGklGOjbGGtlHqgdqa3V
ZdDe0ovmcOqA7bJukw2K31IOVISy/OcVwVdLT0zjfKh/XemDgQBBEyDR0EA5MRPdd96wieomgHHK
1mLO6qFegRTRpdXUi1jO2YLwf00Ayqn2N/MBScVaLAp+XxTagpBxzCcqNWzuq3cUEb4VWFTakaCB
aNDfPJ4kKbT/XW64E5y/paAXqB5F5yl3znl1lq6xMGPjNxIrvYnkOcDC1FWV43hnN8CxNexTcYX5
zrsb7gIueGiz/oAv5U3Iy1zu5I3zQHAu+o2taWaL65ekYfCbDE/6rc+RQK+WacyTXK56ApYnrV27
hyRIfJKOJAhG8jRkGwpGwheHYeqX5sjz0fGkdtmUHaLQgCsgYTktbSf7I7gV8yz0jrA19ZwUzBss
0yezDW6RCyDPQQDGZPjRI3TE9NnYJ3hnnI1wFmoz7jxlGlo3vl2ka7uXfMIQiWPXqKtuKsxsXNfC
VXSevdDAVlR39iorE+Gzba18W8ausxu6yAEB9JjH9n0lTTNNoPMLa8DAsbRRVr9AR3VLhy2GF1mP
imuqK0JNFRjMQ7gUJdkupPBYSATJqSl/vVJplDxyJl1kJJX1Bk6qY6YpzKU6+kKN0OEDQVHCv/la
3M1ooBuWvECjQ7PRPHayg8XVHqyCVF70C3sgvXk+Wa4psecoU845dNzBqzYU2HuLu4LLAE9W8auT
ifbWDKowG9unxqTYRnngUYMvn2hcu2OblcJdV+smXLznSRHZdYPAXOy5tMhSE/nYZ5zK/EqXl9bT
8tK6qnePZa+ly/QNsh3Tlqm/f8DPowBdB1gHD7ZPGiw2SgBqzeyBdSGhW7BKBKfO04Ndc3T9HXNO
NcJ9CsOqUoeyfDRy2kMYWb+FNbwmkXNVfIyAcotxWEdNwpvUyOcnOQIf+IrlZhI8ardtQ6T4PapD
ZpjcF+Se537GdmvemLTXniXbMO7xyOuyZ7cdMs/2XwD2X8Feu9YE5n+yXp+0d8BbOvmc7ZbTiXhj
zkWF8gnL7egExPeIdntOTlctmqiTEMhdJ3wvHqF7aRjy2E2f+AFzA8qXVCoBLjyiO1rU0Ko899z8
kSknwNd46V1Cna42fGLQIxLomtw7g1fkPsfcppdKU7J0Q8xRh7zsqsUZP+fyQ6g3aG82rfYw3QTF
Lx7iXGoXkBHvp/9L1HWMXr+KTyCUX0D5n2ocsiJUA189ljPkawTkYdQDaCuV0EFcR0F18Hm1Ow05
IYcP2oHDY2UI3a2gTatd0vBS1A6lBqpf0lngIdtpaF1ZpUS/inY+JxLhLpEleQFg4k8wFfK7ZA8x
ZAGss5MhNGNUL3/2sMv3bXHqZb/7hMM1LGtAYYdRILRlKKMge2Dskh2ST4mfOmQHyTfWa92i7LSD
W003n9cOlZIt0qN3FwthQpeiqF5pKZDCM5IlL/2KXDtrIIc3ngvI5tiezNI4E2nm7EgX/dqFyDKv
K0seXT+I1DsSieMBpmgtNq3nwDVTvjYL13qjciTEJE5Ho9Sg9ZupSFL59pZoDTwcVX5zT4dPik36
ybSMPkFTkAe4t5ktw1/gljpRVfDMtXsrPA3y/rXyd6k+ylcwKxQYeCTwjvAOSBrJ0DBQiMpkX0cP
4fi8iCXaj4mJ8dpIFM4WylT7hIPlCukE4Z3IjNTFQ2DupzSHsocCeMRKvgo5Algg0XcwFagkMiyq
Wn9W8NzI0vxWoeqhlHAQ+tH0M+kDjG3oPpebAGHCYmJWYkglL2PIstU7ZR65UE1TskIj2CwxC3kf
fJv2FDlusdo5k4rxAN0RY0tZpaC3aC2YXMTdZBABFNjkUcGXdmo3KsVh67jfGKjU4MmahLKjLsIg
XSKtwjQqbfyMAmXJ1YlUitSK5IiQSqpDb6WwDEjXSt+yXA5ccxmL2hHTy1qL3JJfprBnq72EvpmQ
6orcBcSMfHndc6optfN/9T8dSjLWnSFAjreZ9x4QOmGtidom5SvK2Xd7QLPsi3RMaXL+MUGpHPEU
9hH0kevbTC6iYXUG9y39sp2OTrdmt42M+FtzJsEnMrKBx1rvGDe7gG/u9Kxp3HxGmFV1ZfkJVnuH
SIOvUNiFDBekq+wGwLnHqxQCuCpHuPzk9+8oj4C8Jl41FwLaGxdyWRDwYWl64ZnZ/JdyENIx0TrF
vNLI1shaP9lJepDeoXOfOx2wWtIaNhIKT6+sxSTPNcIKLbFI2xAjdPoJsebdrD7WhjMae+m51Qt/
53wntO3M9/McD3HNIHQVb5c9ro6yqWdA3wIh1IwEpBpcA4EMXDHIFVzN9GcxF21pm3MdLrNtlXU2
PX2J6slSKOUUwUPo6GKjpvQkjqFpbYlTIcb2AZGGZGXWCa8RuAcbHpUtfgDARTj3QAaWKpIB7BZo
rZBEYtpEoZkf3RAsOrdA09IaJwELCWkbCSL0B42B48XW6aPecCW9COJV8yX7Sn627V4cQvPoJKi4
Qz5lB2HTYJB6AbFT7+U7yAL4t/NIZYAioblFyrygsDoWAWqqd18+nEu4qJr6zr/JXYxfobtC2Wyy
aPUTUr8xoTQj4kpawn6NN9aq7DV9HW5g0Xmsp4DEc8CxZRjrJSUpuRNwoXTVFtIyM/yQZfDDFCLc
nGefEd5mEMfEVNF5/z098A1xUMYIB0n8Gqth6JBDRGFVbp3DRIolfxclPotr1iwKO+ugvirsM+5h
NhedkebF+lpTJdP0U0HiwPM0y3pEVj331+ZsxKijbzcS163OnDId563MnKZ9RaZ9Va6q4CGCdmGl
wBUFgRoZSz2LGhvVq9nt34Xb1MhRQj9Ka8kre+VcY0nAQOPMZ9VAtg6vp8HY38CHQEHjxEaqQz4l
zZXj2GZisUsfV+0tPpX/nIvShRU2QlPbK7wTu6XoE+Y6olPjK9QXtbZsLy30XZ6JPVAMXG6arZ5a
X32a20zQ4GZT6yikeLbJ1Ak04XMpCWhDwXXZu7VaErJ8Fzf+oG2bjvTG66NQxbDbOO0S4+Rt/Zq0
GjbFxvbU/LEbWnJLSOdeU8E27rWLoBld2M/fSWIJtDcvNs8pPCInmqbvd39X9Jdol1GjznNlumYY
1249wNqdZBh2D0Sw2jVsE0F1WoUI0DHBK+4ZpnnsSewna/c8rZDxvuYTkUlQ3T6YR7rgrOu2GX76
NLt0YZ7zN+sNyIn4Leon+EYk8H17LmfNM2QQcsx2SuHqL2N2dzChDTXA9F18WD8u7bzqNfwkHvbR
SxxzuDU2DrzstqYVkinnlVqlSZ/QSz2D2uo04tjJ9pnEloobY9Bd9qwpDUBduGcUER+uF/EijPjO
Vm+zrifNl50vbM3UzaZFcb+f1x47yG1YfhhqDmixmuaE/zH9LdIYyWmoR30lYudgFGnwTZTrU9kz
TaUXo0oAXrk+JjfE9ej6EPWg6x+8B4YHk32C178mMBGN4hfsrJ+KELAOxppzLlQCjjyM5Notz8/q
6CQi+ViDiJamwPRi1MHkHDFCfTMRV5+XVMZI6tbMGBdz360Yh5r8RWqBB2Wm3G3smbjkzpeRcMyd
n60hY/uP45TGAwPzYs4VuTGiR/Rkn1YAz5KARTFdZukaRKFy77GXbvZkKnmm3eG759MpUW8aX0ps
A7K1RKjwnGDc8U0NBqH1mZO5S2TIW+2Z8WFXEswriA7kcSPNG6detf8RR59KwMkX6jxzH98PEBLi
6MPswWGQKzqhk3azXxoRfYRKXfXwmLWhKQWKxA5YAjSoWmC86VptfpArVtTPkfOGt8aXuvcGp3RJ
Yj8Qf+ifheEJ/QGmAEi9VLvcPGQyZBZwz4ATYZM+bjZhJmF7sCvyU4jhd5F7UD1LziQMii5CdNoz
CkvadBIs0o4SQqPQIUKoQ6Q57Y6lwm4KOs7ZSlXJYLv5jWvGwpfkn2quDv3GsjRD9yNKmNPTALPs
xEcFbVr/TeBk+8E2zjvyW1uw0F9KcxIzGehH1SrlZ/JzrTJl8mStpJlE0PGbMeiKcomq6/J4RemE
mBab1SEyzGwqp7QGstt8f8XlkldGZsUYCiXgmnms6kuirjI1QJ44HsUqfwWjdAPcJ+mUEjc/56Qr
Jcq6tUdxI4nFvdfh1UcOMpUK5QHtCeEK94XDCqVLPqfkj7TPZLuQVkUGvHa1WLNNzh4MmnPJw0sp
1ycrRiR+hoHjga4U3NGEZcdhNmxwKVWmM/OzKsRV8z2lSSwtjApV28XnAQZlmC2bh6yLwhy95Yui
j5+C1Qz3j5sG3Y3jkPiL0I6RUXhFSsH0+yZo5r+liPAVADMgV1LwIFvQ3HF205PAXwpLsyvLBhW8
FWbg10As5h7AsP4w5iagMsIfZpkArnm1zev+PoiOV3N59BbxNVJz9CfNO1hPolgG9hmdb2O63W+V
ppXluUZ6fM79mJZVVwpzVXtBYz+pHhriAwH7tPjgaQ2CKiEtlLEQIwMoK1MM01BB8QwDE/IYa6Zs
yJWCnJjCeebrXgd+c79EVl/YHSE5thkIo40vAJxBUHuCABgDPuQHAZwhMQu1zLVNIcCgGtCvPYKx
QDl2WVEX2IyD7RR3FmuH4Yjqh1ethD9muLjwGNgKHLxlxku3Zif5sPKR84r8CQWthgMBtSLb95vw
ZPOAvah1tJujulZlEToU78ZNo+DEZX2paWWTgBmMqtUbuAtEL3JyjueGq7Z5rgOk7ZUFImwTBw+J
OkLMo6qmNGEaSfSNQawnogf5HcOt82G0de6t7GG4dbStXmLkPWxAso1x/3hZCZdmumORRcRTz/P3
Yj+RAAOViZfF2QOaRLwK0K0qJc4LPQ7U4siZHMLhCrXBinEeiyzDVuG4R2pJhWHZJ9tJjjPeJN+i
Yq9AGiVtv9kFCivo3wEGYitKhf13IisMCU5d45x8UPaoJoBfyLOPa2QBd+G2a4xDgIRcbHlXakre
M7aXlvNn7V4GGlP3W9MpvQa9zJf6tS60sw9tZe+x7+Ll2ogf74+Z6QktKM+0XGkkVFtbk9iOVW3p
1iiPXW0Z3JiSrDClIKOoTLSFO8M3NrwzO/muzDxEWqcdy4Kj3Y61FvQ68XAt1cG101E78gyTzZT7
TmZedtqK2ueyI09IDdclHuIXyykkCzkeuCm745m5eWVAmqSmT5URtlkpbd2t7E82BzMbFJ1k965W
qDxZxtVZfVASmXIeGvWc6LWHkdnjFZeWxQEKoMtZSrni1/K5pR1xLGU/HvqdpjaD+Bv3ziIVReGq
aKyYS3ff1cbV5Dav2VNWyryWjapWixMzb40b0NaGRl+tcLZsmAHSp8x172s4fVYuJC5YBUDcV6gI
BOj+pHogQRremMIQOwjcLcHnaPRJlsi9hOTDxGFZ22W2NNqizoy9iawFj1cOSRC+AZjyoHTT3JtN
zNayuhLfPH2jEddWjNd4toiaVyyHunWDdTp9DC9ANgFGAeBdRAkU6/4zQ7IQkHcsSVJGBBTrHHWR
7YNOhwBjqxEdCR6RK6vitYqm07xHgmfLL0cTWr/WLNU0hirusJaldahe1d9ZVB2H9J3AuQMas7/B
NED4L+g92GuU4KO2fPoBa8HgZmTJcMHrAHuwhmxItBiCEWu9B3nHzr405thFyt+U7PzY869xxAsE
1IhviL7VXrmOjIcOmUsg65qz0Nco/Wi7/IKQ+7lIrMAB4omnOi6CEX+h+hRoYF3w3oQN+ZJ6FA5k
DJpuOdxBkMI9cggVClvZn9Ha48wF+DalxcDcfOj42X2x87QpiV8wqUxDJqfdX0WWcJ5z2uVopOy3
w06iwbleFtGidY0IKLYFV36K7yRXgJ4fZSq05ijBi9p5xAVqTxJHVerSvAOa4a33h2W8bfJfytcW
Y3qk6Z/4WNNWyq2J2AaTT7VI94BJRtEP8fuJA3k7ZF6HucVbFJ9H1qW/KQufv/RIEpOUmWHFP8kD
WEOoJjR22tmHOmRcytzJ7jDe8L4vNcirdl5rL+8Q4YnbMl5x3Q81SDIJvP/eswldqKIUL2SC35RB
iMmRwo/UrEvq/7IYaEKsrf5o28U/v9Ayp/7nLwO9Ttyp1O7nQfEFqHXUE8Y/Ty4XwX5XVKRzHEhJ
bCqkPUe3SDUnIkjuRR5yTrHOa6/SL/HOes8xLjv8x8aPUv5NwICpWt4lgavJo1ny7H+Uchth7ZOd
tzcOV4wEUBBZBmIVNFoJrdI+TeUStNKIushsX5dn2eLvOQkr+TUgd8J6QSpNrUfgIzatYDy5eGEm
WWIdNV+BOEFUUmHZ4t1n2VOqrWDnbD5HAVRj9tKj4t+UtlDkieXG1V92UCIHg1nVgiyqlXt5WVVK
icHXAJjiyddQqVj6EZEizbEqVz1KyVfearSlrPM9TClA84hU1XApdpkzSJW5lal+YXSDxNdAOQ9m
voVOh2H6FaGCphSZpz4B9OFryLJe/YxURW7VQNF832mTlKcuYvGrpmC2gR6y0mIlynR7e0uL4RYj
Y3p4K4soaO9GfjuyUzBA047mZx92KF89f+j56MvJZ3jX8+oyJfiY6s/atNHtoq+cVtmC5p3NE+uG
Z2nSd6RksJKN6st7SII2teff4IgHbh6s0J0V6LGc8R0mSHCVFk/HTYJN8KnDLDCR0D7iMorEGEy8
VqIqX+KSIFbZbi35qj4j+jHxKNZtokjoDmxXlQzTu1ViaUHQ97SxmE3M7pftTLhN/E9iDv8NQnWy
Xb29Ps8akUFsmVJsqXLk58RpHY24C1lWIVW65L3iW8xXw2OKWaxD2WXyRekn7FPVueu1AjU9yQ78
PBtlSziNWYrARziO5Qo/rVO5xmc+4jD91HcRzqEsNTReQnoTcNl0guUGbx1vsYWTk4JSqzJLji6+
bi2KfQx57qVs2EClwqDwsgHUsJpNblGX+aTjb2WPaa2kmmUhsey4lOStIbtSmyrPiEGIbHJNY3ve
TKdSldAiI9D8AoqMMlSdM952BG3K6hniBLAKTk65RZ0tcWq5hZWmSGXJ8up4d9F1fYqYxDMgqOzX
kP3mPbd7+rnrqQQttXv7hebF/yVWLF3tot5rqhLWPNZrjMTFstajbGhcp3IVct2jZs0L8WDF9v5X
kOWqmBfutOe22I50oCzv7k40wzj9AG9AW18bnf/RoHQrYGYRYiJjwLVm+ZECuel7zpX6+pGEi1bY
0KJuO9x877ti9zN5ZoVOBmuR2D7bwi8TdXexxPIDAbGJuQaWY42bx4bhU52R8waXlsdDqTOAfY6R
0AfiJcGFHzTuJc/GeNRTIOTHnlrpdT4jO2INxmlnxtsmyXN17O6d7MuVVNcEGNCuSQJkbhCDI6MF
AIzCjsmwWihxLcL9XHyCK0r7PD31DTXGwXsmzcBmtvcD5n2IVvOXl3H0pZBf9u5TC7X6jNlTFzUz
WM0ncjAr0vsvsRDk821A3IHva5C+oZgWPNJR6muUUwlqChUtpfiOuk9j7cJL+cUuLeRVaIVNOY5W
BSom9WOqCib941dpJaYdKUD+xdOQ+r76k8xEoL6plOvIwlxKJi2NrrusNa6d8rEktsI7e1HTbYyd
MEZx7yK5jM9aHSsT1WupnQtXdjzzFu0vh6c0YwGe0Dvs7ao1MjwADuxfBOg7dL+uod87bXzmO/gv
qKI4pZh5Em58F4EoAcuxVHjb+m/y0jjrot0y1XjdM5wzoCVFHZ4RdqeiqKEFg+0O7ytb9Sbt/oB9
7T5MAJ4eFh61pqC6omNQeYjebWvIedAegH54yz2bP18EFrxwfIzwhWK/ZWe3C1KibkJMuJc4Fkig
9FBs6Td/LslMIUnBI/rOOcGy2674KO6zL0aaSkhG2VdS0cCv6do9drvHwFgg7/vQg0OhVLAdSVxE
EwJSZw5xrcA0cHiEGXwVwJu4+7CFfDYzOkQwNKGP4KcB/mM3bZlg9iIOyCBtvmqRaBLrvOY8OmhK
L0BPDFvcxNBzgoY6WQPEjl62Bnsdz7BWaBxYH4Qt0ucYWlTNsA3JnnjKON0Ob4Jngb+/9eIdOSO8
SGdUY1BoIlF5bvzLcVE5DT1QCSqMAGyR5rzOh3Am6g/eBelOKMYgONOnAUh30rTa+lij5iv1NgFP
plbAnvHdjB0BNjRFsFX43OEZsX5jvrJsbsQBQPaxCjqHPu4H8SjAdKE+A0q+UTJAOke8HzkePZv+
T7lTPeUxgyaRKy6sVN3wwoS2qNs25KjwKac3JN7MKXx8I0w2UrDZp/Uu9CGLV5k+xIVFedg5KUgS
vmRSxcIibvJc+4n/hDKwLdA+iEoM1z9tgZsYL2BSpbsDDHm8GnA9YC6Rr9i98ML5OaT0dshRiEFB
R6wnP2GII1osIe4hurNoQplUnzOKiZjPlG+5ZEAwQeBS1lBYCe1miwjMDcDPjEWh5qXhM3+55q1h
t37sTTpE9ODSMHHGe/pPU0UQZyAhEU1INsbZhN2iUKa0eCqHMg2ncbiJtvUp8plp8DNelDm+kakC
3dS1h74lVgz6QaXnkdjdw6roGIMQ6KnuVPY6c9OjKWRpChlY7IHmxeh+r2lETXDmsI7AVeCApvlm
EwnSVfdNoHfe1kBb0aENvvOpB47sN2iCktCtFExT3f2u9I1A6gFVVIlfVeVxT6t0qoT6P8fvZAx2
u6EtlBluTdXeS2S+KmuuLxwtIEQHf2sqc3axQVmQLfaZa9x4mOyr6xWJtY6N67Jwx1uvWJwfsDtg
Mxm11M9/aqIhkLKObY2eEfnd3gNgD/i8OgxClMd+9Jsmf+C4XGkUvVB8wo8rE4auq2o30hK+Hrh3
LfqU54h3afq06kNo4Kz+eQ9YIH9BqA90UAX1DIHSBsARqN1ItP3IEHGR+sEqhT2FD8s3h0eGhFl0
IBFuUGrjn1KglD2Qucxz79ofkqiOJpV9405F8DkKDMReNQaZjm4g6sySsIB0aDOpRf19wl0n2OO2
C3Qe+BIEtslwwWcReeNvhHcSoxT16iXN8gzp62Kp8t/5MQloFGMNfyrTShXCPSroK1gouj1KPpvL
FTgVF85Pz0rNZYVqMWQud46gxFLQk5FVjTidFvEcjUidHvF/xnTOWPk4jj23gNFUevlygsWU5Z/g
l4mGbb4AsVXZ+v5JmcpEMEcXQCtJ0cKzSjMYRmXtAmcMMMpCz3PTHqewR6/H8WHGvMYTUhw2H5Y4
mVuGc203tdw1uPpIQlzLSDaZxO2eRTNZzsI/A6pQbFaTNlAJKJlbrV3nZ5sErjy71VPNdKRwa2LY
2KPKQtsNqV877CsYSdAsQTrqMEwfcGtVx0Wrv7dbuiE+0Wcmlz5nAHgMdslhJ3Pln1P1o3t0F6kG
bX7s04btR3kAXlbIn24EldFJP3byStL3/qhSDDVw0YTKWWHAu4qciV5gXoxvWqGgfQ8oqz8FJYt8
16H2KawjDkyHrd1ONbGVPh+5NRS1zs13KpY2v6n6kpuJmM0ujqAgtvW0E/uDZZpxxucICljcRHAd
Y6tURoyfETd50U7tqF/P6HntYwo4WZJB7FFMDdaNVaROufrBXiLbRGAeFhG2nSa9QhFcrcn9xdVN
vzIFHRtujJZEaY4DIfXKOrldras/DfoUhjVgqvWwGy951OtR23cWdO1xqx63yIoNI7uBg4DfRHdr
gzDGOXfWCDm8437V5rhmgvvaDfLvFMGUvCXo8LgKjAP8EZNSVzdgirzJJyAjF/6Pnes36UWGkgvz
792TSS5tgmNWuPnSBVcsdPJLQnpWvvlKQ72aAKZ67kI2BLcewppcceuoHCpfmY18nfm14RnJjE23
rHGZnfW9qtycN65AgiAz/51ELLXhPrbaV9JReFaZSJuJLg1fm+4+tIUfghCMfQUoC/JyPzAdbVsc
l9zHDP7ZnXgeMPfhoKK+QCeLmgqg4/abUMpc0KJ54ZwB0ybJhTHrJdPaz66LpqocozP6DWhGuE+o
ThDrKoxgdnC2wbcJ+ti9M7mUmRLoCJekHGLaaHoEavG4Ka5FtyIKnTvFuSIOAKaXWskA96Gp0ZNg
KvOpBaX8pAsb5U/0iD//NP2rjaWF5EZs9X9DBxJeG031T5mMr6PU4ex42IKBxgm719q7Ov2Ave7N
bjwKa4GlwCluRAOH2SakJnIViWPiOPduaGb8O2HFy04KfkEFzaEW0OX9PBE5gTUE8EJwoZRcW163
BV/NvIeF68Uy7OjJJNI08hogQsOMBnwPcU5t+10mJ9833jc8y+PF0G3sEKrCmwQFLXAs9L6Dv8k/
jCr8XyGPAO3N+RgM+vE7/ymBMy9g0QvxV12kMWwRoGFkpMPVC45qWUM6sjyBu5K94ljBzQqC1scd
wDJptvN749zh6fIFSrNq9JMEvpgeSB36vYIczhnLkxMwySc/vEVWLG8uAgcFVQEs0zu3o/YTiLLa
otv/M+K1JTlHQQrsgilxbRAgtYaQ8r8L8B7xjOuLaqrXQ5CcQJgVG2QaZc2NYM+wO60jGjFOC4Zo
FOSTny6dv4ErhqwkZBbTFZqSXE8Ju0iSPKMXQ8gFdKU3Q/oFQEzviuDfxzilKwS+NmRBnMqH0bG2
Z7im8cJ+0EuOWmJZ2Pc9IhV/m3DyGDkmJU3niws8iUMxJEc7EVyQtQz7jTYmtikYws+S/CN61naI
dCBhUKAxMJDKa3KioMRP0xFjAAJrIJMnxGf6IizB6A49yq/21z28LuQORXOAKlddxsxN7IR8o9Pj
T5L3B0SxQWpSWc/JnfKj+owSSJFLjTb6NqOfckyHw4FCQan2G9Ko/MAWPQw6RWIro47qSlkA1B7j
GT2HCrTPYxgNgr1njo6B57GjPZJQlEDDQh7Ce3JjBMt/CdxLl3sIChnSeEmOKHyodpueO0y63gMB
KqGVDQik9BpkwYClbL0Plo2w5NtD7i36ICafxSydQ/jVddWiT9+ClUSSPoUFrEGxPpAFUIPkdWoT
pIWqaqdL9IW8e0AObyg06C44nzqk3pUCFEsctCu1LN74jqv+aMQIBBFMBaSkVrlWsEXeiFa5FDDM
eCp2zR7GxKjko64ZP81ibwQ5ERr5EUkT0BtGEnbr9ziEXcACV/3WlQ6OjU+OUjLwc24YiBBPcq5/
p5sG15BOlGWngpOaVbwjP1zkdlXmEPnUcdeESbxRYzVnHT/Lsu/0jXyo7Q1dmPRQSLnwv7R/BYFS
+qkRJBkjJ9pfcsxlhE2YBJqkHPf5AD5pL6b+8DoBeIcXyXpEgywkLm9s0JgcqxQaFqnksqSrEfoR
9skUWotktikE6fTQ7Jk0vb+gLwUjbb4N40qcps8v4qveEHWaVfxCVYqLxLOsO2A89uc0aIcyqfxC
/w3QVbhjStQ3iBlODzVfo2aTFfZZAY32OyDkjKTIYdaJY80pomOSn/nQjmaY+9bhnnEm/fDXzNm2
zbDrtXxRH/PCfmXe+k52m2V4Jepo2oHD2aPaw+iPFT1HARpZyC1mW8cuStJFD+VaHZCCpsN+S+hz
aRDABbUK5PA6kpJuy4absJpO01aJ1plw065zF6Qa4hFq3GRdSaqBYKfWtXmUQhsfeyDlZu9jpZlI
wxyf24JXR8rWzTFmAH4b9E/Vv0ev3lbE6wYt02AF7SMgVbcgALIMc1EtR1s1kYL9kUjXDwuRSa6K
tT24mSaTdR+ekWsvTBhbnLr9WVDZZLWzmRSnmqmTu7nAQnUuiRFnC/sqqZvqQ+hJfCgfvS40QR2M
0o6ctnyXVRM1xROGW6ue/hgPq83LQGM4p2UNH5t5rT9sGQ7LZXuQYm55syDMunn+SWqnUkebN45J
pgqiagzqTDpoxs6toZGcGfmsK4t8dMdIWpJ6KgrpXN8NTGhJAiSKxCX4RUvXeMasgLym/gzxRnxf
MOmbhltFQzMSc20YAAEWNpd+4Dv+tveVgPDxIG46pjWzas5v1h2WyFAKVaWWEUrJYWtfakura+OL
galLR5OOk6vVzoOY5lRwqTB3qS0HVYGTjlmLUiCpUHnBVDa7TPfE6+R5sfahOXXQdPwh5Ga1sfrR
Ocx+zgblOXEILTZgUMI6Ynb0yJW2OOJ8CHXXUZIukd2+jWXKncVd+Ulp4mFr+nA9N/WVmJp6Xx7c
84KXgh75axnBLG1sNTTc6W2MNXgE8Kg2SxfFj60ZkAaIMZ4bwQ5zthdXJ5+e3oigEY49/g39QfKK
ZcNGI9g5ibubbCwGlz38epgN1wauqhb4DhZfPCrWEtf34vvwZaQoVvUtZD9CY+5Y7i2xXEWa5vwX
/FIRpafSgJF+xE/ahfgEyJzhAzoV5uxIuC6ZHvfE5grmCOlGJ+vfM7AVqiXgObsXpsbkCLJ3n+ax
JmITrNG4i4jZIDOXyEuasiU2sZe4JaiaEsjI5ivGFOtZsTwpO6QKuH6taI2kz5+GywZsrv8XoQOq
ObJgZMdPa89p76wOwIa0Fqg9cnRka7D3ePFuuEgX8O8veIG6mlh6vwdBh6h0ilQyNNHYs4g6Rbpl
Tu1Yobig3RKThek375TFRtCCNCyy65/40bg9G4AVx0W7Wr/krDQ3rHPGExBeyPcxbP8fKNaU0eEd
Pt2TLpKiPfYv0qBFo+h9aPpQOp0iUt+9xuFJcU8jzyLyI7ZPSrYghhVfBbK8HxyMSto8LPH7puxn
2mLBNvIgWb+zLUID1j6Lm7nawI7lrUMhiPSZRUTNPL4dkAPSNTVfDrDgAoi2IlatqDhBD8kb6sM4
EMbbyAkybp+kY8Yj/6sUa7gnf58oQokLO30l9ufvPMMM8miScM8tSZSWZ3RbAve/+3i3eG7E8wMe
wjlQ39OpiZx90l/qR65za4DYwrAmEC1yI3mZQYVkPwcu4aDynvGxEaNyvnTPCYZNx1/WjBRdorip
O6buz7lJ2NJVhdpbY49B4xu/689hW6Hspu5oanRRLnBpNOmyHOBaFOuyHVAViN4F34A6cKuLiXm9
QbBn33uHQoVnpnKqQ+1QlLkUY3pOCk0LXKZ+bfysGW9afSr46pdHnsma64ZQyhd5Wbwxihvg2/R7
+h8GXbHUfuJ9Pjos0s6hW9BuUs8hUX9oQ+4sEE8KWv0vfJNDoutfiSMS21dbYF3HvCDBNIk2R9D9
tYlVp15F16k2J7Gm4Ug/D8cBTBWeuxLC8oHHP+buxV3Ua2fTqzyov2jnAZYFPg0/Yrik8SmDxRVA
8PI+57Z/QJ2UPTT7QWXjwIH0zVnWifrg0hRhEK9ErRNrUA/ptpEDgwXBzCZ2B3SWDZbia1YfZZ55
6kTSC5cjdihzzmwkZjFKMFXFXjl40lrGZkRYiXqTf1OxG4rJmY8wkSiLnPXCDTqbQNySDkKchVPI
Yym1obbKsWm7ITvKAsbYxiWWLdU4TQo8/K9oB1GlMroCQVZgk3+mbwsulKWQfBjMk8GOrQ+VkjaO
GWlVGrUoqTGYKs3zr9pZST87GIsyFeTL6itt/XnMFZdi8dgyVZ9AyDUbtQbEMEuOLBDvnjfeM9DJ
AmfL3COwS0bNG8NLoOWvjDepCGVUJ8EyDDzizoveyn7aKmYXtuqmo+vUoxa3u7H5FhaRgyzL3oxn
2WetIOoV9MwZV/h0MEEzNvPlBhEexoj998vdoKtT6Gx7QtQMuTKn+SWlq8eu2nZNbB90iwHGVSWB
vruHTd37nNVDNUvDXzZ41hAuCUYJOjnQziyc6rmgcnhlnClHW8eTMzyIwl1lqg7UmmtvxP4jV6HE
KRqW28roK40DN8FxbYk7PfFc1Us7WwyyWQNJwXh2YF6f8XXrfV689LhcBbsG3e1Ux0hStB1cPnIs
NruSfwpQM3UQ1i+wMJtBYovSB7sFaB5shWhEhZZJTcSIQRY5NQne68Jnz+JE3MfdCBmB6yePYrFF
uJ2wwgXrpG4izeH1U0bhvxIgnigUCKgDZtId43iXdnI3ZFeo7qmmS7SQMjJkWkIJh9D1d3HJoegU
PZQ2GqVN/xIfqHbbSifv5LoD457OiHkH8T6+zAbgoX7AGpfJrflzVYIawFRNaoZxIEKbeJPqCTRd
aWrIo6d8J22j6R03gdcKQTqQPQQmO7avOuEsfB5bN1BN3h/TwPozGgJtMLwQ+1B2aalnfBWla2+i
fxU24R54Ovuc2RvpP/OdQSPjCWl2QnBzGIueYVyVKEulheqLbSmxJHBzWAuvaX78LoAmt9j9TKIp
/yglo3Bq1SvZ0eRqq5md5barHDnCN66qVAYAOrostTM2v91aWkTSogxdpC5bMoIw3YpGzWQtuaM9
Ezs6HiA9JU7HRunUvbsbJcLcRu9YWxDiSEJZcYoOmw53XqYTr83farpPs6tNy95Fb5tPwSoLvcWn
II/KAmNXDWZJRIC8mkMLSIy2QkffUnAuOzqrRGN2fvMN8vBDy4CSAyG74ell6SHtQD1Byh5E8m0E
kXw5j3PtmX4Jq2WTReCJ2iJEgjHW8xBRE8RHxUeGRaIDGjEV/d90fJOgU2eUYvH31r6WMZL/NtYs
oSrehEw+M5zVAfW9x+7TUiFE97/+JYIwPQgBMIFwPSx13TbjvefkAw16fluNQx0QBWKu0mIKoQdw
k8+SdQ8MkGQM4xp3Nvu/hzCosoY1p8Mp5Y+jNKpM3iCX8QrxZFc22y3JFnIIxnwiPV8CbxIbUtPa
IHMTlQMwDKAJMur3xIuEA1aFrASjzqsccAxKkvMnC7oDYtF5SjQT1EW8IakdvSfiEENokPHwb06r
E38JzB45odwgV1rnRQp41NUp8JXwNuYt/Ep90TEP5hvSIxEuuZvaXtgfsB4K9usfOBxS9sscOB3S
7kMnpLqDQaPOXF0CLEROFGOv0z7QLmoiqzPmSo+aSIrF+5GlTZHKt0czPSolH31Dl2Rxyr4KviSr
1uQVbEjONfot4Ogrh7Bi8DKRETdOd1QblWQJy42LAYgJ402YBWAzFFEVOetoSwAEKI2Ykbua40kE
M8K/Cj1mO+KmUO5IueybTrUqviWoTb4tDEp3H2LdoPiVVsbsEqxZlEc/fGJtjk3/wsb90lh5nwdJ
DOwmpmdxxz41PvcQp6ACIpKMNKPXhxmj1yASJ2XnxwDQxV+af+WTFfvN+/YbNUJ7Arbwz5bg9fOo
yGPgPoqR5DlEapRU6rc+4lXV1Ts/ImwOWCcL1MoZ+DlJM506JhzUe1DOpb9vPUbuaaKmMmQgBQgZ
W55S78toZHdgMguxhnmAAiYAqfcT53iDU/3bq9lvPM0niHSzpuet/c7iyVQs+EwLMshdOefYAmG4
sbTV+5DyiU4zSbcwvveJrTOtwEfYta6Ahx2fbMWBt6Haqj6f44GSVJTe1wVRoeLs1ExRj3zjZjaO
bIxGk94s6h7BirmvAn2yzS+rNPqG/y0lneYT+NDCQhvW8OikCIQLxAKNt08rjHMIMi9NsLklw73A
tsGgyUBo2IAVfzPecWE0wZu0sew7JzTP4RRzhoJWeUPqAcVTxoM/KvCMkc4GpFqoRo4T414NHXFj
8MSRSZRErx6TmJUnwzhf1F41Mwp4rrLPv8i2zkvM3BbjXXOfv1SKdpK4xpjkSOCadagM2hjallvW
m7o754YEYtdDU2Pv33LpQcGIR93RFeF6putRb4CNnadT6uafpX9PoZ3WE210BFIwEKxIZu7KKNwc
0M3JrqJFnaAuY6E+cdCSm0FTihqq8bntPJRc8YmVvY9mvXdc7gUbLYyEGKXqXIHPeKiwRTJuhijg
gnbJOuwsk8iS8XqxfrdpEtGLrGTdm7cbsJXVtdtH7NNIxUqdT1jli3aU5duCOvoT1sM+KbWo3NOR
ODVt2vLh6BjumfTaW8xWxNZXNzv5hn5pyqmjbhWsASWfkmzizAeqhrWintDHsbgB0bLwMdGJa9e3
qu/lP9tCYGWzLfmJtQG6wBtD6Yr8nfJY603a2plxRI7acy/l2riM4M16kmpk+OfA8zYNhbCtp8hE
ZKHre+tHceU9opIxy7TLlwQ9y7UbJaGks9Mdp6+gNgwWdOdg8+ARL7dtuUcvHfXVfcfoG2eWsScV
4H72Ccc00XsSwLwL/hfUz0VBno61XamB+omQaSgRkQ0L92Ar2YGakaiaFRt1Ox02oqm4q7r2yVvG
qI/iK1wJ3zpXJ8sy9PXuVYZKkPt1VyIrhgQkUoHWAAW4tzQcfDbwZMFUMTof4UxIBd8b3xveRxE5
AT7+TFFkqH/zwWxy3dti91k2DdXblbH//vOcAeGGWo3P4SXQ2mdqelyXvXO/k9DGEYZQTE5xBnmo
3Ux+BjWJxJNbNeQs93DSevAr5ZHuFX0ss5NbViYj/kVkR+Xl+znrXUZPceTzC/TxPj0aiOIpAajH
Pu3Ke2WrYNWf/VTorj465a0wkTlIEUIkibfcGy5C9S3uUl1PiMNBwFpcCI0SjlODHrKbUFGxHtST
19F7SFVAkKuKQXQnXk/1xthpktDlSeywsV2JVDjAYbKyg8LnRLdSDgP1BLY6iDMwKH5ztv95eO3p
bipycQzqw1D+LWL09hmpbflkvpyrrfFkzEzC1uNB8enXwZQZZ/DTwZfZd6T1CNrMHoH3iEGzVP77
rUbDl54EhdsGe0JD6b0ERBqAVuXlXE6aSm11ZZCYUvIs7aRbnt+8NZRKKVC3/H6Vmbh7Q7J0yfnl
zNydakNS8q/SeExcwz+o0axYU9+vI5QZ91mQN80ZXVIhfvzfuuGIrCPtY8kj2yNCtgZLNiJ+2PIR
xRm6FgtZxY130qwI0wTtZd68wyfAKM2z3mvfNFj6+rz1FFkqiUHTWeOWlNlUbrwqgKZJnjgWgNkx
9CLBvrkHyQXEedE3dAbICRXhseI658jeMc143GQPMuxs2aaohrRs+ZuCSfRPpt3yk3dcbQyrjOsY
fxHblRgWHlPkDd3MXfqO0FQ15Oq08Pwv1pf2BaMHZgcwfWkU7SoA7mRY0hcQ2vgfMR1gEYrnI0q5
yoIAwQAsBRMFDHlzpFxHJJX8UoXHMWiMv2eeg4iWBNbQ3JJOkZjxHYwQhuCPoBJl0v4/0rOm4IKd
VYvrZuGIHxgz6QtbkBRH0HodgjJtkEPki2SzfqXIDGXk9Yp3ARj+qxSg8iL9v/L05SvysksWmnCs
Ml9BLtlfnafQ3Angi+VnuG+Gz5PoHMcAhhSOoikXEYMY+3MawNfoeSYtCDM5w0AjuDefCyUTyBu9
fjQThhssejmO5FgAg5SxC9B78JTUXeAbeZv8urCsZYznvHKEzD+loVnLimi1Yy5O3CY6pko6M4YP
M2g1dbcTmNKBa1kgWo5Jjatzq5mDW9iqayX3NyS07DrgacYUS6ImNnoVl3gO5HbRl3AOGOUCVXo3
f7oKMwY9AT9Le2oU72pTKiv2y0ZX5iuW3BqsaduS8hej9byMJ5gx9igQ6qQYLdo75r0zDuiUVNje
QYfFVQr74DD2XyRVs4cdh4XCRoJMg2ye/pvMi2wj/G5TrjPM8+ZTrDOs4YqaE8xEzGa49pv7tk6F
bSTzNN40s+E4JuP7VqVT9KcPW9R15qw/cXpWDAL1EnjNVkgx9Nn10MjNbM8x4Yfwe6Y1h4nO6gjd
gGeFDaYdnAG3eK03UXAAmnm3kbZ+jk/AAiRHQT/ldaqLnAGi7Vh0/Xa6wAI59LbIT/j70pdCOOVe
jy53dCvHxz7EBnirmjRuFef1hsWiUe0xmw3VM901p48Ecbk6/gfCrGO8UsSUN+baVAB+uOguE/D6
KXetUUA/ZghjXvMii8RqPutUDNKtGOOMtSmF9NHjgceA4JvU3ce65aJVgsgF6xybPEWC7ct5Kj1K
phw2FT9Mvg61CreOyW4tFj9RiV+1Tb9GtxDF50dIw0dIFxJ3y0dYF6R3k0eYF/hxSSi1Hu4IS4y6
Xog3LQJMzsdml5hSEKkWmPltQtUNL8soCx4coBa59bfsnE6IQsg20bza74MO0/gM1Y9UrC5rqYAY
Uo1n8fMODqYyVkzZXHmHdVsm3RDldaWYN/yv65pRt3neVxxSyUUmsLXkAHxO1HTSIlT2nFKw9TPa
aA5Rxs6C07+FH1xtRwKzJDamjzL1Oy5LjmJOvHNbHfNbrMZN0s470cBXEAompVDO2FPSsh3X3+rs
A1tHZQGn7SCcnYKsHSlsof+WsBzOlIEbt8OYjHHiWXVSQO6ljUvr4e179+yWccXeJaWBOqDvGtJt
5L79m3AE+/NAUgEvosZxChlbCfOneW6Uhc9P47IDRhbQA7cINk62PAttPoy3pCXke+BOoiywZaDw
en1/aD7Ir1089nWAIVgZGJuBakg0AfzvHj3xsqhDiF/wLgNT4fw9vq6ZJPlgEqfimzCupW2xmgic
eugYMwXOrpmD1+Vvs4hGz1LusZcTrel9JZqIFKOivlNhDYZG/dsCBkbLfex5TDSEuK0k/hE9J80J
P7R/T7YmwhTJ4yJ0A9FyqbOIqT8L/VCyR+wf9SquXRqLKa9UuvP88DJ1touRq8MqHR9FGwFYli+n
n0dtSX7LvZqu18yFOv4fx3eeuuwvl7BntR8AOEQEDnV8wafJJNQkwxSTGgr1CNXhQeBbsS+EpwHJ
jThq7T3BlyJrUXnXfI6SenQa3iSPmreGXupemXESjuY5nQ62OW1sik00hKQfVZ+qe+G3BEmtbPyT
mAtXI6uZ3wv+8UE22IqSPJCTyYrWQp2TmfJfTNGJgSVycIlHlmVoot5ZXLXHRD0qdLnNqSiU2Iov
sg0dp2Ibf4a2YQUdizZtz5q+EzTl3jw5FG/19orxTLbWT62XSEMR7Wp3vq/sQz7ulsJdJNnLelws
it3tA5+04kMZ7l0DkCTlVvK7ConbVmfSconQFqwiWCqJZ2XG2GQRD5e7GmXjJg2i3snza1dl0cq8
bpQMCgtOD1invgvQF3OoFtboK046PAvOZVv3sTFU11+OaIIryQu+foQr2QvxftYr6QurfVis2BVo
6iXpPPU8NU/yKpyrVF+qKygJC3SxlsPNqKsnmUexBTxRv7vR7pD7rF2TecbVifmVy6r6D+wXpCse
2FRHBBOp88QPWxvRwhjaAQ9dT3GPrBHgqtVfaURnqB3yDCB38VQpShBM508zxjxjT4wrxquyXxat
CAYMzrNGO8GoCjSjR6MFkRHEUdUHC9M4nnWFocCJM1bgi7zfum+MzwKBE+8xN/jOS737/TD4Hr9v
/bPtmpcnhL1wmkQX0PH5poWd/5pLjjMhuwpdcZng13naPFm/L7r3s1e5MlFCQmiWjSDjbKJapsQ0
NykvR9ZHDt+SY2KLXm1TS8PZhR17dvYeNq5aMlfdFXLMMY7s9MvOmR+VT10Y07d/mycpEUx6gRuT
pID8D/qouL3fD1+07DmkkNsoWvtiuKlp/ifWn+HtCA6LjhnHeNrMm8ZYBi5U2k6O3zpnVFFi2laO
djrBBMSRr2tzu4S3uvp5DIRzBNIvzGApY8HAgOU/UqxFDZ4AJmib6oV85iHaVc57AKI8F7zPNgeE
LLA7C8cmryLY9IdrMJ0BRPSySME2ePa6dKNqiFtngcQbYDqt3sWFwTXMRR1XgLKqEGrq5VAsnyER
D43yfp2H50bRI8VZqX32I9RZr32jIxVa5Obx4UNKAvUldVuVxB3o41p/PIa6fV9ho6SvR8t7kVTU
XSPJpBa8vhSPmVYlfkRkduTAqke4WanBmlCRW5JCE9l6tyB3Kfe4v4hjU1WLcTqi1BuGN+TzgLvp
ImBX+VCPFnycbGNfmnMIjPhsOvWsZsaPxn0OQZMLIudCMHWiQZd3I9Y4cYEOw7jI1qbuWIdDwgGE
MzcIJYVbXYoPY+nHVok8Tq0fIeM8wsJ9WRC2qzlwCQ112sbstOYgUI1bKdCAWi2BRIp9i1XlCVXy
8U6dRzZpoyUJlPCcVqnFAvR4n5JnEoJTdXKr0lROtSneRtku3Ck08CWekEjFkT1e/0XT7Fu+skQO
PjC7ipqEGITEUkKuhEWlrvzuIV61Dbjp1jo1WDC45jylWX90HOIT2nPKMfkTrHWQMbUUVI197XLM
EI0TS5Uekm6XtYot8x1unmW9jZndmMySQTbfglZJDgp70TPWDEGnZ8u173HIICpMuQ6r6plfuh0D
TUUEt5lVHbA8h5pVHv9x7TKXPwHc9gdPTcVWr3heJN7lHwk+FJCX6RW+QVOvLqzD4ZFeyiGRTVG/
pob0IXBregBhKCHuJYQUnu8yj4YLA2fVR2M3ZpcKE4dns0+aq4hskwxUr7bIPN4QEpjG+bPmY8He
d0rql/ma3pVUCfoEPDuOyPFnudZA+TUgTCteWeRrUx7RS4Rva6iFsJCA1j8HXdHu193D1HNYsUbM
DM1L4vS20imdf3A8qdekxd90u6cNZ61mOU+vtd965cM+QJw0y5e+/3xwMndPFPRwOg8KBiwM+shi
oUPh3EsL5kQpueMenssHsvDVysi709B7FGN6EW9/ml35+BVTfqf9lH+oWFnqiT1kutnZR6JmLcFp
ZHkym6i9Cet479SQ5V2YU/AsJDRzLMOfQwIUnwiPDL4U0URYCZktJBLIygebFRQYTgU6yTn98yX+
kH0kMeIfSEtyOXhfOU5w7oS2Ez+7mvUMhTQDUrNzcmwbr+dOTMB9Br1VptNdm+ppm9j9xB8W3u9W
2JiMHoLqqTJQHpTsdU7L323eo6aXImzHE9spDATiouxkn4cMkDQimIYTqRVSUzpJs1JWJjZTiCZg
wYM7WDbmTKoebU+r1z6gRI9jW3rJJ8evjuSSkU/iZsQps1TqG/R9RroGz1okOk4PGYMp2bS1495p
2irc8RfTujrcGSy9cJveMU/rujlIkL19eluKI5p7/ik45rxWwatr9g8gF0jiQYKhlKXGJP2Rc6jn
FubpqeoRtH5RSacU93dS2qWQq+oy1XP2gKu79Zhq62g8HHaejZuMZF3uEvih6tWCFbmmzF+ZoHtM
nH9G1vpI7lymId4m01b5ySWkvViWGz/T3u3ex3N1FsoZNZ3bnLySdjf2aK46b4RXdcz7JBm57RSe
jhDIDnWmxmSoZeK26FLd7h3aDK3pVVhelPBbVYa+Mv4P1v4xVrigaduEr23btm3btm3btm3btm3b
tm3vPffLvDPzJPP9+NZKVndXKl1ZSVed1b+OQjJlmjuUQeCq39uV4B2NnB0rjF+Blz9PHmKW1eYX
2dLb6pc33QHA5Y0v8I/3T/082In4UAWfJpU+TL4XogxUV73Fuxyq9cXtP193obhfoF1SSi9bHGEq
kLdR2FnL6mb/jBn/PmpkU738JUOjX9BvfYzZ639rWrr0eEJm6lfqhOxDoEYvYitbtg25+62bdA1X
42LYbut2GZhoQU9cfk1elGx6uE+a7qI/YnzhdPbJwA6ARunwsiioZK7Ca+GmaQjUqKcS/VJSkE+E
9IYWprygLk3WRgMDPdXWqWid65xxLNi0DRzqavI91+atcG79AAZ4BHluhhwX0l1UQU+xfXM+wV0y
uuc2hzIs/74nvgtiQ/X56UmmIeAQbqWxY3cRe6iMtFAbQoECUmWqH/oZp0hWAeFnJM1wAOXqYw19
Am/rfw21Dmi3GF+Jl4G96F7RtlXE3Gb/PSKZ4dGGZ9jbHNUe6b2Ou8s8st6B+A7zP9EhE3OFgqxB
dN2rvyeUszgQjVDpapm2sjb+AVxWB63nBSTVRHGAy69/BheB3LWaOF7mx9mYsVvtz7yizrIplw0N
2fQHZaPe7iEXTk1ZmcG6wR0tAfPPef3SfCDuCQ7IChHP42ufnIO/INyAq4mxRt6ZkpQUFi83Wm4B
4mKsr60OHAHSbdHeP+dLuFqqWV3JfYHvHhN3/IDdYXtHGUHkxX1eXE/kBco5sEDWJwu6denjPrWb
Rc0Thb8TF9o+jv0+FXKFSgx8HDLpZAysJHIduCx8MdqremZq3dJqnZ2TpkN9LwnAUwNFYJsOsM7r
jOkPwIiXHlXAZzHPa5BEE/nT1tuTcC65yASPzbnloc3kV79pozWpI+OJeKvTr/EpMEomYDNLTsG8
CfYZM5jRRyanhfSVhiIbNaGW1cnjUn5ddpP3gi1y4UXkBZS25x/S7YdTCQ0GOHe6Sjkm4XbFJO4h
zNxWJaKdy85hWvACXOsQ9siSfKxOUGoM/cwdSwjq1wv7KjYwQ6tWM4oSoSU3ZWMp3VaqilouVlw2
bUg07Gqae8SIVe0Hvnp2Q2KkX1ZcGDqg8VyhoMz7p1WnA1m9yKppi3k/YyRLSvfDqc6SSD/4qS1U
RAXJr0CyEiIrioUkDeZgBivi1ixzs+hKr5jXdVZfuO4kjWep2wFxenl+FzJo/o6+aVABpn0iaLK4
x+nVvAh6fnhZWeXLfb81Qx288ye8wjrq7nfJhnlgctdpCS+HyJ5zMNu9B/rSdBFFMhiHN1MURauf
bDCXPJRUuH2SLdGs1UjXf4g4aw7aEBynN6KpM1GWgvClj/LHFxAvIYsLiRtoQp6EeWbGks1A77D6
hOFBn2XplIu/R3lguqoeR3+QPeg+mz/Kb2YlN6Gil7HDWGyQd2bxbm8KsdCTNpVkgGTc3cC+2Wn8
E9OM5Bq7vU55orerrSpaxMkx/wPsQNI5/ydosyAEi/i8l0wcBqOatLi0EJqe+rjZgCEjk3MIfGS5
SJlzUyxzATLrdwHGVKkd1DG5ztjG380g68CnWEby6gWb+TeVu79zTjH9s+NGj5LlN/BH7aaVwDle
N1h69xQXoCvNd5eXWCz7t9ZHfWERuuIHqJveMPgHxME5CtFOX75e0O/sbXAa3S/3OPkevE8/2jpc
DZ89NtWJvEmukYsE0WbB3fEnvJiUd3IXw9ndMJhEcWGxj6hvWdfNYnJigVUlEIFgEV1cFpFhQaiO
38BEg/HK80BUg76QqZLHCsTCd6WwSVKN7yXdGTxPRMbnQ1rCxMYUNMydohbfkJ6XzUeGmnxLK2wi
2NwhssWEp+6bDB2nd6+SJiPJLV6mlj0eenZXh3oCbHnukeWouV/cLcThc8DzhHv2HSp/TOXIGQ/1
ZHbGLfqn4T+HcsAI1Xr6SkZLjZ3zlfxZbW6vi3Ol9LDe3RZ4mXj00TeVm7wB+ehSNImHjGkzORkj
Avj3fMkzMhotfvOVeBiIBhOxuNGSkLhxIi7sNJHpiHhoPHHhSOFoTNHLjfPS6yz/QU7d9qz0ofCd
2eiBorz49XiLUnSRG3kpCU7W1NjhWGlvtxJKmTSoMlT1Wd6n8mX2QvI1/qnBEgbkx0Zb04Ostfij
urNG6FdVMqDcVnxptmR9HGSpvYSY3LW53gzyUuGpv8QibfRydGu+fZ0ZeYsh7EpT/8UoqXSTYgpt
5LWzcVqxbfSipnVu6ENUceLvqLX0vnow6t7UKxZx5DQV19osr4HVbSaRvYxrjqfT3fW2qAuGKR5z
9qkr1sb6u/LG+ymNVH/nl74gQ/FTvh4ns/U5Av59u+mrJHHVqXf9Fv7Z4CHyxz611pj/J+Jb6HLi
bzjxixsH6qrk5YkKzW3YuVW1lT9Sy9AzB5uL7bvxNhovEmECBC4UlwYK1gJzt9p+/2c39d03k/EH
NzmmzfdfgAlZ/zeYkJWV6X9bGf8rMCHL/wNMyPZfgAnZ/xeYkOG/ABOKORp4/H+TCY309W8dnB0c
TRD19cnJKSkc4Ryjo8OjFfX7pvpH+ofx+/P7+9PTtbX7/4F4fHhU0LMG/rrGBCAMd1VDMUIRyCJH
sWCYM8ifAOCrSkjQyIIuyvm3l3cX/yOfRQcwjiI2CdrgwHd1FY9nku8OCAiIKCNuASxOEyDSUBoY
759XH2Ag4aNQIWhvbCdmaVMfYKLTiAOwJBXPcOf3dZCwd1QwFYgIdKovEuRX8NU0hUXFC0BWAuQ3
AF/44wDGZo02PEMwBE9KkoqaxOe2/0dIHK8uPc0fDqqerq4eAA+5rr6+HgAPzb7Ozj4QHxQVFIUF
6NHu7i4QH5cWhwcM8g4SDAwMAhwCHCIcHBwSLBIsMiw8PCwcIC8oLSioLSgpKCmpKCkqCQp+bHzs
z68gCwCenMLPrwICvLyyvKLMwhwgrwUF7szfzw8HDg0NAw0tHe3fP7w8PDy9Pb09uDi4ODk4uTm5
Obo6ujo7MLs7MDGwMDEyMTIyMzIzMzQzNDQ1NDW1NjU2tjc2RzdPh4/PTs5OzkzMTMxNzQ2dTkhU
WFRoZGhkeHR4lIiYiKiYqKi4qLi4yLjYyNTY6Njk6PjoBPkECRUJFRklKTUpNTlFOUVJVVl1WWlp
hXl5eZmJmZmVmaWpxbm5ucXJ5dnZ2fXpSfosk05vMZgsoVQqncXotBmN0WQ6ncNiNvvtAXVGo1Hv
vrBIQpVKrdfqOJKpcqVao9VksFMKk8VqvdFsMzVrw9V6s9vgtvbL8/WGs+323t8gJBaHzed6uZ6B
dCabw+V0sD3ipEan3ev8Mhlj1Wa73eFwttrDBXfL43v/vPAkNpfb7f36ObKlhrfr7fn2MHQGt8f7
8/54tbWH5+f78zV1n/fx5/cvUPpS8r9IGvb/efJZWdj/l42J479KGbb/R8pw/L9Tho3+/x8sT2si
qbVaG9vmnVBWJqbRBhxndliy/7xwTqEZ//3BYJxuCsN4vQ7gmSab+8qRm8t7OhIvK1Gs0dRUqaxN
7bzUVWMLmL8xEnQ0hIQggu9cdbOmFpdSTk5NofLvAk7nJ9QHBglQ19prYTrw08PhcrF++Nv6q+HT
I4P/W+o0/JlT/3v509NY/pyN2ckkgmNBkxGKqn2ZeUk6XVxv0joz5Wto3jhdbfnC6/rxuwZWKyza
4Cv3GI3Z0Xz+lNMLLNgtt+fIthURFCrrRI2Uv6vd0XQ+rwR3rW5D+H1L/4M4OnO53KRR3lsvdWIT
USQXSFhbrzDJev0L4/qUu/+beslj+f779CP/zmsheKT9XnvbS+Bqvj79lIuSNmXZW/T7+TP6ydss
Pi0TfH866zvxI1QBzq4Png+KF4gk9iadLp0mniVC9LcpXh0OGKd3pIiY+haxkOL0j6p4mvgRZrPw
U0BEGRuQrtTtQ+2USdpqGUfvv3aZjxrQ90Zi+vci+5eWAnpHpT5qEWWY8gYOEpwBDFuAZYBjwHWA
fABAIS5NtElhFW4XzhSQVMxDjJ0hoSujGWSQ3HMsuC3qI3QQ/gtKnZwVmbXvfen7A7AuuWXwRtAW
MLRL/El57/vNc4qMDqWo0RQfGIiT7XMeOfkmDAFBQgx/JC45iHSorMhQgRYhoynbIbEpUwqUNzE0
YZRwlGyLDIIqhyPAERRm0VVRNCK4z0QjBsFf86/tF++dyryhTViNX9eOqIhKG9k8l5uR8Nx0ragM
MtdRjJHYAIQiDBE/mtClFBlBpvgomaEY6Nh4kqYy+5uN5d+ovKsiXCG5C0gNPJbslshXDB3IL+hr
lBU+ELtwBsxcqCbGdjlCbUNd2Z7wpocbQ1pBERDBKvBnrj7erPPoXDzGXsxJiFbiHZDlIBIkwj2C
mGKkP6wxwglmfdxm2iaaclCT+X+al2aW/ZDudSJ6cJ7hP/6ffZFDn3vb4hBHGEtBJmikC6/zCNjw
jdCEoyENXNOvftFY7Cy07tgr9TehoneBWC7vYE9MXSnqwl8YPELfEpD9uOOG5iBxxBeWeUQNKIF8
JJbCNnwST3+Vf10XNR45CanQPcORtCbdqhEY2qcmRAEd0FxH50OQDbVfoU7H13EQkNiHloyL7+i7
jM8y56c3FY5B8EeED3Tz0+6Sl2CwxpAU6O9hG5mrGJqz3eAy/l36Hc/0ilE8pjv8WBpI7nnnUxsa
iTPRY9iplgSq4x+G2LOegz5X70MZkX/3Q+4seun10XjIwEyZwR6DDSE/Izoib1WuA04cRxI6+z/Z
JMa0g4fb+dXCpE4u/8I9O44MaHKii57lnuHeDV3FSFPSJvDCPt7rmccvZ/vyXxvzIFoziLdxB19m
MbhrzNP8GP563j0No+9bk1M16HyJoVAPGCu9fV1oe/r2cTWk9cjf+Xfl/vCXlZ4wdEJ4/GmkC+5x
vQM+lJFNqYdrI3adgKvPDjsCxWPFFWl/+mkSJlfgHpQYKy+A+5Rfp1DgASHJKZWcRSrkvEk36ign
CqdiK8zQcJS5176VfmCuSKqI2QycjHXIcerZGk+YCauCronUp04nqRICrsEe+9I5sqEiZbOVtsMk
C/Yx4qq6KbQG6eRn1qQRsVXgGN7gQ5h9dO6IhW/Cy/EWnzpNJJZOup7XGl8p4NA/RnBW4qRvLFWd
di1hFU0dNTKrlPnaQlALc454F1IFWb2rX/EzJ6gWRgwMfTNvId0y85X39NpF2Ffhie6IOW2ILalI
FEbNUoUvMJZ83ng97J6qzpMmkanStctat7w3iloSXntJFD4Zx0I2b79nTl2Wbb+pToeYe/ntfqGr
Earri/vD6bcaY22RIWpMr6vQm3EHsUgItbQWhC1ad/LHE2Ma+hZEJvw4a9VPJh1mS8M3LsnXYtJP
NPt/KEh033aLZiws3hE3OpX1Ub3eVlDC3zpRmj0fdNrA8iW1b1n3rSdM32jfs5qZBQf2p5gRoDTm
jrHjstSK5j1vI8HIpYjOKIqUl3paPINCT6WaGJqZfh5yEz6Ty6fXK0RVnbOUqy7Epq+3BakoXl0x
Zmqj2tbIyNEXAPNVD8JbA5FH6s81zUsTEXswPiq1kYj0H5V5DE0b8yq1RjXfVzJ1G9ZIfpqtjkor
vjvRHkxAewqo4e3EYuiQuhOIppsQkw5L1bESLZeoX7OPJzwIzBQmUxwru9QyCwh0mxgtINc1nDgt
UIYXJhNv+6lanpJmnPnTsrlRli4bkFHPin7lJiEFxIioWOQ4V5OzR5XLssDKdFhENX9l9m7gt0JB
29zLuLIxvo7QuPzMdmXjXPnmRJ+uuO0cHSnbeV1vE1E7RhM0jgokRlc0pAzSHtRWYY6DK/RaYwuY
qprI6hNn7Jzks4060prU2Xc/admUWldrZ4NYarBZPNCkRWanPrayF247A196b3Cpm6nsyR9tD170
O+6EGeTp2S+1JeoXcZ56nX2nYltZRv55z7u2qgcub6aMfJyTfRUeikwTimlC9N9eHidH75N0ipcY
LvCytT23f9eFNzcabGLkGpwIPNWPy6Gwqmnt3Uvm/DkoC6+n3LOGyqekMXC+qrzkz5e+v7GIDblE
uOP0rXgLAhEE8pNG4xvDq8LbIoHGF4afBDslcxATLgBdE+YQ2YqIJr4lLDIQnnBf6GmLEiWyRdkC
OSTjRi7ti1qG+AJhy1E1Y8Wz8bewBfaCXeP55XZAb8b/RrSg+qrVJzoByNR6C68LmBPeg7NBwIF3
RaASpiWLaItZ51eTocBn+ZM2RicHTBfQi78x0KoI4MZwWRBIZp7D0EdIqm0HhC/7vYQdTDSrvZoz
//N+LWWQD8f6i//AkIUNrNYbDw/k0Qbx7HokcqCnCIgX1JakJOUm8yWIIXghecHfKdwmkJqA6Gd7
lHokOGY+QS2BlyruLfwesPpH4dKnDqk6H0pucE49r/kHWwFsdW1zQb+8u5XjAISL1F8/NJ6bn+YD
+aNxn/jFRkRXTWpT4kwWTaJTFE2wOS46CbBo8EhJmVNZeKzYFQRQmf6JYLKov0luzYwPoP0OSY/m
TlcbNhrElfxxb2eeS4CY80+uyc5wGD+q++s/ugFPbuqT3wfxeuZtxCnomouMhWorJAEoCU5HTuMP
O8yQzNNv2Bh9CbarACaP51+yz73Jec+5CZsO1TKUG3hlkC0WituvNgKGQMGo1YGb4w9LL20yfsGD
43zKMQqf588S1kFeH8KE3IXcHRJn4CRo9IHFXjNIZs76ztuQnArmR/ybTyMUfRzhj3kh4gOVLXAr
5GwPqhmyGxBahKc+ci/96a3LdgxdpHiYDyRdIjl6HrMQjQw9+Mv+2eTaaLBnPksfSyAQ43acamp8
33XgJMQX0uRuV9WtD0Ya4o6WPY6cCBool86BDKs8ly13BTqEDpIJrTcWumiVcEQNcEX3DHoFfkcF
ZAqXam1W6qCoItWgo93kgMyFs8YukU3H3ZUXi3diRlZ9WIcGPd6Ov03Krcyu7i00XbMJ9XeATeAi
lpyNZcy7GBQlv0qY137yL3D2CDcg5nnV3f83RSFQz4iNcese9JHM4OndYZF6lQZAA2dkAr6bnqLd
DwKP0+xJNEr3Kw0qktjesJtcFzNnQzGR8kqPOL4lRa8SdgEPcsMYI4h6OQmOSTIkZZlwFOZAU5/L
yT8cRm+AUTgJQ0rdtyGWyMAskg6ykB2IGKkkr8OrJOSSjDtq2o5zaI/OrSMx+Aa5QaHDsK6R8KFE
uQIzK2QC5vJJRCxZQ1Plhe461hrxg/tVqzV7MUQF/ytK1EAnFWsA9Vr3UWIcXrYxcIJ6X5Q81SHz
Xtkkdp+krg0ypWb/Tl5nVRrpcoVrpkeEiwVLB4+YpsWryHdKu1NLogkFESjZRbyE1RSFzVJRJspy
1UEoMy6ZY/tWMxxziqcopkRnOGjTIR7Jr+wn/PTx9RKTAcOvBnd/FvF6zQ7VFq2XyTmVLbJGNK5V
tLGfuLF43No09iv/u1YEdadY2yZGwrYg1/IqnkeWa6y3gVi2b0+i9oakfwauvAdY98ksU5x+1RCQ
FRxByi6dYtvaQ7wt/FOrqgHvEHY1zt1t4t8W4ILyBaqXegKZ15X8hSEKi2x/pWqvEwLhaRVaZ0K6
yqYrwmiysE9CGXdZTQOjo27FOvf8V22teqE92qKmJOKOzT95xqGef9lkIzt//X3FX4SQGIQb5eFU
1WqPurmr3Z4j5+Kt7vWOesckJtmXXW6hu9UWZ1dWRhZ+710eo5dqYjDROQbXCDx8Kxa1ERxpWpY2
KGEpA68MDzAvE5Gj59T5IYaazjTg5Lqic/6nlFpifCK+lekMG9IFl67SSF8ln9LWMH2yTmSwqdCL
DEeyVYYvGg9I0KRDv/xqXKaTEuZ4HKPfTA1m285XF8UXFrBfqcdIHiSzOxX6HOe9Waob8cUiSbKB
O82txVzwclzEGEFr5+ETK87CbZQfxKbzblISJ94szMXbqM4MrnI4tDnmmimpxbOMfFJgMb5WEp9Y
Yduv3O/TXFsMREd77ya1ndTUPLyEVFzxe4yMyUzFgXdXCV5FIgEPd9VE88pIPFeg1wwrpkTjFktD
146hE9yMX+BUM4iTEv0fq8XZVoMSrYPbAo0wrwoeDpmusUcfxkoVVIx/JUyzPoX7BXZpZV7nef0K
doIIiNWPWVFFUKFiXZKfap5GUZJ0LdeGZqhj/WLXs4fexQO83e7snysCFL2T1E7VNBEGb/av1BtD
Ui4t1DMoOM5vlD+kfVgNrdZprrFnJh5+T+J2HiI5VUF3KiYhfx7L1fZTwX5GmsowU+h4aVo9PM00
8spPJNuMDW46plUiw5SDsoCb1VJziKzwdYgQxcKK4elSGpKfstsQ2IR5+CKESeRbEmb04Z6J2zBr
S71K24Vk+XGPKg4QmjI9ZXsR7xZrN7LPHPfjWEProAiHdvpQ+mKfdq+MxQ36SG/InoWPKA5EDFn4
ZLqEqwiwSc7DGcWEi46HTJOwjqgUWO2CCPGzhFIV/zpQk+aDkYHjABvJzYT1+heWIyLJ5t002X4y
TGvWBnKl34J6ujukKZmJflFeUXkRjBv4iuQHELTF4dR+CV8IcEiMk04TbBF3E3YTLooNjmePJSeR
IOO8kYkVcBUQE6SWp5Kx1ElvIFzod0GPlwANaZTB5VOw39nvJf9gaADxtrAwkM9j3P49EQaCAlfz
mEvT5zql89bv8/wGO5BYE9QVeRNIE+WVFQ6LR0Zm8nMKaQjmCLMoLVXo9Ttjpq0CofxD/jdAGsSt
z9WLABmoM3JzgBCvpxHqHWAS6v4pHmy2NxMtrLJrRI3IA19u2mfqDBu776tvC+PxwY0Kb1s8CuiH
sKtQFdA2XLFck59ZXdTRL3opvklzT2ePUY9NKdQVsJTvV882D+lOChdgRzByqESOh0LlNi+2EBHa
IQ3wkwU0JktfwUviRVkKe33yahYSGOcutLEktARMxUE3dAbAoyhVDRIoDocIkh5XTTIHTDLudql2
T64JdTAv/AzwiYwrfjdbKUjKcNzte64wyhORJ2BMq3KREbNOTjRJ2ADKJVrP1jT2Qer05bRKrO5e
097GJBgYy21BoMKcsVdCiWs5gi3hDRpjOksUE3jLSKdIbE9CWvYiNL4ubg7rGCBS0max6uWkHneB
tjHhTZg0TSD1agQwS7GiuYp663lkLEvYOxhhv/fA+uXR/fMNBZEFTBUcHI1V+FI4PLiQKHWIoTIW
b7dtrOinPE1DRDUvu/2QXHOOdYvjL5UXSzYkK0rj2+yx69GN6IpXHSt3OGcoc4aXiNpQBx5aldQ+
MehKCuSronynPYhHeHusRzedEi0njfZV8sXEJXFk4heZ/OgpUt4Z6KDFHlNt9o1YS5pnegp1pzA0
HUVIZf/viiITds+UJIIjusU6zR1FbEgiFRkcsYOnhPoCz7vrufMTr1e2dc1Zo16odyaFxFIeO5oy
gT3FDekvJWIlmrpAsGKCylKxxDxtRV5j7dj6EWYVrSN3MSuHpK54YUPmsUUfTLYoMCb6ZJSClGnK
oUpxrGMySk0X+XvKTlkm2QbeWhnN8jQCGbPPI9w9afXkk6JmdUQUyLGpl9CiAZEteoqzJBV9Du1t
AXS6MvPGvbUVzIRiV4ErNTMQbwW3eOeQ5BJdHvmupBZMc3Cv9iv4AmTquagjKpgLGmEQqDAt1O/E
h4TzSNbG6oJ6yVsqdls/95a3pN1WA9tHpGXZk76jyDT7xubVeUc5rIl4pX6Jo9u1Pt6gogwWkZO6
x9zywH6KUz8s3PAD4EnEqubFOa497AUhitDC4ioALv61kUrYKUvu5w2l5BEt1qRT2STDKXql2vMC
E7FBm2mKh8C0qZbAUEeylGDMiaxsQfk4JcWSusc7xkVFseCLsyaJefMHU1+CTJS8/4TRVJgsmHIL
1yGoIBXuFbnhV8X5ofuwRQ02JpsUt2jzAIZCaQXPG9AnuHXgbYp00efZ71WahTqGdJSW2SUyoeyT
xqTBo4OlNbOdwsR6bP7d7GVj8nUBzR92EmJBjl/6g1z0H43KymizIIUl/SmgUkkvZtaMbx0H6lf4
nqwXjW22cTJu9JxyCboiUPqAzTbGuzVa+hLirrBsg7fkN25bvyuxRvypU7WUxFyVq40MjtJsZHuu
ax2BkpgNb+7b0kVSFX5Hrd2jsnvVrdgjEadYHztJOAcMjqKsA8SovaX6/NgyBUz8LDOdBFcBbfO2
HJ6VdPMJCBfX8ysYhk13VA4SU9dInZuasYyE3FOxMd7E3fnMZIkq+XfO46SmcnquMZnQ03TzNSP7
rHYCD0CH9S/VF+2QCUZ20vRkk+kJ9shJa/q24oG1lyyuROsSA/tdfWnVE/8vuFLNlu78bAaqA/3y
Phf2RkO90n41XaW5d71Jcqm738A7uhNFASMvbVl1vQkemLr3P1vH9Mg6fBxsIMl/nAsPXcXpGlfa
qo7+PPMrHcypaUe1FD3EnCgL6qtqv9NN3dySXcSPCh94T8R65YcVVWF/Dic6f1vnFAdpEHyGVZUB
0RcPFyy7873B25u7B7ESMS5nmjWkOmSvJOASehFJ4F4TGsNHxdqOSBFSG8IWxC8gswpH4nsJH8xU
HoSjQIcUvtyA1sXeKD1hrApvVLcEkpuIPwzOTPRruGPloGruQekgnKh/wTNBfKAItcAvqNdHIOdG
VH3xL8SsA4Kwic/BT8cgxZCKOCKSmkIckhyipkBw5UnjSQkxzQHINKbApEq0+xb7DJfADBiki4KR
b+JE+2t7+Un8ZTx5DRiRL6qGPweR73PXquPr+dFbCDxq9gFsIQXQQ8d+E0XgJ8i0HrwHaCUsH4gW
iCcgIgIecjn8GCCMFifKmI5w4/mzI5IDkpqQuziZ4PLDtO/U9poV/EYDMKCUP9jNi7zxG3C7hzhT
kmK0oM3YaDno04M/0cWBe9+Sp9P1cZUFt0TUpaWKdAhJ5U7myoswmeGq4i8LsAuvASL97PiQK4E/
/lDrgOaA61h7YHih3oe743bnaY0kPUjf4/Ej70HbrXn9rPlz3WnrPujJ/F62QEtI2ZNWYS/QJFCk
9ZmDQBZbAyDBes1Y+6qHhP3QvfhdASzxaZww02Go/lkEFNQiYEPO7lCvOAkEKdwAmXGRI2vnM1+x
j+RJ/Hy26iEyhtj25esO00u8VGgDuWCyB3nr3/tav3KyHuYN4rM78L0wtMIuw7H7BsyZwQLsmxHd
0JmxuPkKB+adsIoE/3w4PukeQw7MWoqCosm6F6LRTxElKJvYViVPRnUbGmMEXfFcI40o18Yn3mj6
+Ry4SN4/3h5CMFgGzbrDQqwhiP/TpQ+8NUgf9oEjVBHIiEXWXyATOaJ4CWLFvJqYCFJdWFQzPeNG
i7uyXOEw5QA9YKjrzVJMYKzS3rqv0MZC2DHT7t8etLg8etR88HxbBojR0xj0idNypz4IF6IAhTAZ
C0iIrJB4omETxxTIjZQYQ/1w6PJzDJtH0IEmS3PCBR+lt7kTYUBfI+sN4k58RvkF9mULoUGnrTow
hWBcanvnjds+3jcNg56JDrhFbPWJOStm5qkTb1BjZW/ItSr5Vo+XttcgK7eNChYyOgKv6iwneONw
0WgK2kxJovWAZarbjZjcQ73qPsiM0s5iSnjFJnXJTaIdH9qVrBmT71FmFf2SquPjGXfSNVJ4dkwO
uyUPFWIWV6lIIf6Nl1XSmV0kN7VsF2Zd/nSusljLtn6DfkCUJX2zmACfpQsKIDkkIef0826rRWKN
U3uHNaZvRLZpf0Q+xfcpscjci91L4iTeoFywAM5YPlDP2D0JVwh8bcBM2p5LLGiPKAYRWgRZdjPQ
XWWaZlpIPojv0D41ZRJ1H3WST5LuOunQtvjj1WCJeo3uFXUBlkBYviiYB81X7sWIhBOHYt96Nszc
q6wTV7DcJscl0tK/LLmmGZ1qSoUYJpRs+8ikGNkg/PAvZY9J3hYVrbeZ0DHgx86RECTtpChwCTAP
VpbFotU0js5jF+qt0vYrOPBdEagTKWw9PwtPaG1Bokp5zuHGxKX0NPGh1CiW40wh0ySzzLJ2xl8m
Uo1dLi13LhG2nteHB6YDfXLlzlKUjCIlRDmCZs554KVx1tx973a6Nk4gOFn4mGgRsQIwcsA/AG8T
4l1E8K9DVpnRDhW8o1IY/ij0Rm+vV2v6uU8NMzGz4ulhLLY+7ayQnd++x60/h74qeHFHSR+eIzVc
Tc8Z5RaXatKNODhxrduNoqVN5PABWl1NqcgZlgL6LDenq+Qr6+A6oW0W96JYCWhkCjQoZbjaqGJn
/WihIbUl7knl4eTRZdiiI/crg4wCBViF+m/k1o/VtmBLb2N2zK8SXPBva4opP+Y0I6eRosxY4RnI
TtGkiZwW09mYz+6W0vcvfIZQWI4X/qUrAuIxO8toCKihi1RAU8++M7tgp9l2ppYiRzPzyVkl0jZF
Lo6VW9mQDGgb1f4oh44hHFDPNHuytQdQ+33nhlNtkFyEJHw5iZ6+veBM8egYxHjm0tksTCpmAAlU
UQM5GtuXnkjKAjjuacY3pSPY/aRCNQy2GnUQOUT5aOUKtw86EN4FX6c/af3az+C7GQuEVhgNT8bv
aKBf0DC/z3rkoYgA2360IaMBd4nOUWEo0pO5Wlw0TFa/I50EphLlBEmG9rNlS0maEvpk50nNLl7U
4pYYmoq1FTuDe2V/iWAkqCE4NFmHnmeeqXjw/9apaf6KdS2o6TpMc+/tKXdsshB3EnYP/zGh1mrm
gY/q1NlOqiOyKz8ROXM+GOtot9s9Vv2nnWpVio3/RJJOJiumCG5S5rsArgjtjIpWgl2qnPgJ8PLP
+Aba+BdJnkTPY1wgekBhz/KSlR48XYQj312yFFDyaRX9sc/tRZsKUvOc2gRy//Aup434yEF+IOCs
N8AREMJAC63YYQxLkIopwQp/qzQWP1Rcy9yusaRdYFNo7//GzzeJfAy/nls5Vpj/uyzlTtGdwSox
bTOriEoh8WxJL/kX+IDquHWVqaKb3QbURaOI8a895Lw9P0ZNoE/+np/evwI2quKNogjixlx4EpAw
SFW4Q1pTuktSRUGCX+/SXB6gdIH/mAZZIiuuJWApgNkbeBGtODJpfkc/aXGCXiALmvsU1z3FB7GK
pXGGK+5IgA6M0IEjCBn6qWX6GF4Jfdg0LOhfVGtePYj9Ei0SVEDCv5hnwGIAkWX8dtx1uNZgzyCG
cjBbGN1BVkKf/N53Dmeea7S4gj+YP9VXY1VCOWiDaxbPMd8gnrDfwa/wrUgJqOejE6OEAZNARNU6
+YRyui9rd8R2dE1hY3+xgpthmfh/nhKyoaaDvJeO7LC6wLgC+sKhsgK9BFoa4DgCQ9xERLG0CHxG
ryV8yroDukyy6K5NXwxwnNvaTK6jaGF+Bj3Q24d8x+BM4INo25HzqBCRdtB9oWOLL8MB956e0BIR
8ec641sJA89CzLiW+ucEbJ8JDYGypXymok2fDLwMeY+n+qDWGcXBK4EroinTvbOzDJntNewWsSbc
2Vr7W+N+wW6y4/CsD6gmzgh6p3y0yhJ8UD0qBs0RKSKERX/1l+JU5xDVGMh8P/RXFDawRShcWJsj
zk1Z50QMLGWhMsYe7fR6o7YzPDQdMxqxcvI5ox7dtaMw3Sjfr7JB+eLzS3gEipBlZNlp+IVIGHnG
1hDq7YoHCaqqPMahHvQWtE74crKxJronIeRp9fB2EPuDvU8G7Gku2XyRBGZ2aOIbTexkIGQfXO17
IUTFOh66CqWdoX2S18wlkD6IRU/x5x3LR3aJ1ikhiFqTp1NhprFq1ErYdJFKOcoQVV5NRyMnx8iu
Ne1IHxxeYe4YLXRjRL//tg+2E5KH9tqriNvQyx4yFmOzhXctM/jlh/qIugiSIEMePTDVmUUZ1p9l
CRVfHVpSclVh4i5p82p1M4MpwCxrjT1WiJy7C9E2Vz5bWSy5JR2SvhHqlL+FMiLsFCvNTXOFNkCw
p7pquyOqT+kUUui9IErLdZ1+UWhV5uAZRdiYRRqbEGtVizeIcGp/jHTJx1z0dgRHGIA4NKsyjZVJ
cZafGU7MeJZgWOWock3UTT0UnDTqNfCEOKjbC+fKVqFePg+a6QZTPqvkK8i34INc0aBgvBqMIYyn
T3DjI2P2gt2MOUp1HjUeG05/NxEi81I9pbxW2K1CvjJIN1cpP3tg6+HkcKv87tZze1beVz5KigcI
Xc1WaZOdWzAqoIiXbByagSektIjsVTY3XdFfx9NdiXr4Xbd6E0sS2TgM7zsiuWLNCncoS506CsM4
t1ZU1/I59mdbQF04EC4QxF74eArSn0aXEmIobKa1eqQcSTXe3nOTSTfvRD8uPylA3U8XRilQPViB
XEfE5pjuwxutisEUqoQTntAhKs10GbCU9J5sD2MWuN9SotQuhX0LGgX0LvvK6OizYzktnzInC988
WLX805MavmrUjPJKU9fhhp8cwdjjQCSnsG/RIK4utyxpR2XBRi1/Y3SANpstGt7yhzaRHFSVS67g
2XIw6t7GnNilgwh8UfyaGSjl8TUMLuP7FVey1oi12Y61RiK8bhJaWyS2CNk4JpPgRm9cLhRvS1HE
9C2iu38Tvp+7HbvoONurC2IabCiRso2w0yoDDGPgFKf2o0ovl1WcyzJSR4cdZ9KWSO1NUokuLAeo
r1KenRZvXDXtqzsXErIT7KodbOeinYvblRqtd4MQ8BqLDrMI4U6SS9vuayZwUvhoLZ10lUS0p1cA
PaJ0W/VpoW9aW6ZShlJagzpCxrW8tG8VRXN/LHCnL8/Xs9kw41xoZ9Mg3Dpbj/MSdVz4aNALMq4V
whqlgYjKUDhzYHhlEhbc5vw61pHcUXrqiZGxUbk6nc0HNt8lTMgohyC0qIRpzDq5kmGD9NrJUmdF
Rzvx0nKLpggvJ4mnA3DLrdG9es80OSLWeB/VP6QXmO5eIoFBNuBUEJvDChWp4rLYhO8g61xkYmTq
NDFF4r60exgU0Nk1nWiNrA4/N/UK+hLbVsfCxkp2zdM3L4HxSe6IhwEejp2Cw/qVIROWcYyVHsnX
+neSdfrBzNlZEDkA3cpYDRjGwTXdurF3YITDPZ7p+tlIQjYwu8v8QnxCbNevNqj2xXZlt2vJCf49
DDqbzROY6zvTuBNjTnBjpALiUHAEe+sjluTeI7hLZkhgQrDK5yro8oOzgBULsJWfxVvdQ2jipEZt
A8t38+AAzIbHRDvbFybObcO4rP0Zm/TjXPOs6yXs7hJsG51P+we3BfgyphOvzwZD8kbYGqgYcJ2X
4RJBA1KVt4VT2iPFyG4CbFikKPM657hCR/ujAUmQg2RAb/d/FkkNDLxrf7qQ49OaOOpXMoJggf7Z
0Dd1jBt9Oc4qPNe4IfEmCMAZP3oxGQXFDAqs98eLdie7kGiDtAD1IsoyO9FyNsA8w0vj/wRbDUgs
0wP66w30jqOUk2UG4IYgXKP/YHbj+I0DJ9gegqhDXqrFGt3kT8HosFdA9/7Y3ZKVbn6FuKFLgUuj
Vpu4QNwi2hjYwbSkaB8BHpjcy73TFWImDNyFjyWICgvRCu0S6VR4zWuM29yD9gDQCKnRQy6wUYM0
gfig0sFmjZAj+JnpmEkm07FboC/Y53oBfd2Kn8GYKfkQCACI4byLIQ/RTO9LJt5jFCA1pnarqQg/
YxTFstdomL0QiyxSYVyNm527ofOZk47Cm+Ikz04b8BY/NbBXg1kxUsWV7NsYw5nsJDUfYRvSKaUc
yM6aG3Hf0bvVG6XlM/HuukkjD2llyZMsPNiZQadphDQK1hHKLauvjC83iCUCTzu/ci/qnnK/kkjC
kp6Sm2M1EGUnzGusAtPG8Mbt5HGlxTiRHlJ4s72BxxF6jBHdy1bdPnTds6HHQUYEpsyqL4geoPp1
FuedGw4aaUhBECCpNv+no7xVkkmcqf6c3hyRI7WxXNU4OQZsjeELeIzuyfVDEz9BhlTcB60VtE8+
GGUwoPDikaMgfMh6DykcWkwIpDhEuLwlbCzOqRDkVtnc7yaViXd55ItnOj5C+iLvpYQ1plX9UUCI
FNRM6az3BHSLNebsyO6Sawz9RhojfqtIuo9QxLqPRaPIiaV/J8ZIc0j7q7NmKRMWTw0D3hFJgGyd
prgtbS9IkMqlfMuoaLyttKkFgGz5lF9GP+Ga6SGO+aTDIaJS+pLP03ue4megrnt4KKtgRy7PcMIg
vwIOp5SOQotWqAFCg8ixhG3Ue5fiCeHQfdYsOlsc7mNJC8asUOJSeJVfVVAr7sDvq4tjtFNyZW3f
Zm2ZRke7Wfu2qZTurOyyxE17GbLfcixw77mIk9F50o7G9FSsZbmqdljWPSQIFfpHSICZIe81QWkk
5xzdnPWApEpaxRZzoJvgxiYGvkehmsE3vkaVp+FqcVYpVf1EE8Q8Z8O0veeydBNlZB7KOTZwLFJK
fdZ1nZQK2FZV3FYjNhy+WdPo9Op5qbqh5WWnmcC90YvrTsFn+QdhRr7JiXlek5wQK0ZdJ3l1/R+B
9dKRXPCQ0VoDGlG/kXxz1KHrwTeMbpmsn2RiPiytIHYUnDaK2uyiNfGPue3KatoeiElMQ+3yXtC5
Iq2yFd3Np1H1ifOGIa5y6pG8D/3sbmM6XHJ+2tVHtgDqNWxVPbv/mdHKl3uWQ7tjco6jVH5ltY1A
vdTKWFnos9FIrWHQ4yazdnEoXpeC1eombOmRgh+fysEkkEvXTEXMSH/v9s3fxXYDUC+ei/UCJL1E
G4MquAIV8bZatmLH8AvQMM/GHD8wlxYCivt4mllCHJV61ZQlNa3w3CiXoBaC8oornnuVJqP5sDl2
WHtNvnNAIwItg1jcFGmVgjuVeWABHUslE5GZa9+j7/empgHaNvdNVYU50SpcKh2Uo/FaxF1Qqmm5
wFDvmcn0zbxqlQo0GOAMowFKznVYNc2Wj3OmGce2ukYdmL48JH+jnrY96rmcmbjA9dujm8zJ3CXL
THRj9nOgVuSvAR/ZEjShGeVKPS3hP8MZe5o8oJVV2AVOPszOcUtbGEQZlzOAcSj6GLsHfIsLVDRI
CsMlnNIVBRUMY6Hq/oESSy/92EVucXuNxZTf3v+CN6K5wH7H+apxFrR3/T5qBAIJQ9RVgafESrpI
CaFZ85BNxfH389BN1RFBFR1NDXJ2O/59RDxltvP5EHg1zeshTGVbp6trp/7EPam+LoMXZgsualkz
RFVDmBY7XFeR06k6TFPei1IkOV7rlm4mlbjyj1ai4O+he2aNWZgn62Y/t3boXbE5B1gRJw+QWGYf
ZGsP3kxhxu2V5RH0CHouwxAAhllUJWi74MVHpTI2/jf3IGrqZx+yHnsTsElBYs2UbYbv8Eoo4MXX
TaN5jjMRV8wGmiwIYiRBT77KlIfqnWba+G0Ad12IS9gcAlWxFk7eHQmagEoAqkmR4p9dhgNoco6N
D/sRxgvaHthiOA30dTSUgZaP7gAIFRIhydXF973t73Qx7vMF7I332eYm+1SBCSkMjpXxqx/SzrbK
Jpw2a6QDXjbU5y8+SC0Ma4xYlFDbz7/ocay3z70SOwtKNGDtCWWPRWmALCBgDdpE8gywFzkT2hbO
1WSLz5Oiku3cvBg/3CNB13h3FqO/7C4HJTgNEOCpQN3KwC6aOO2JF5nQclgc7JXvWg5zwJsJB0MM
K5ompDXBrrPU7ctzLmOvZU9pRPoNWGMUy/9p5FavUY77N2spmBfhZo//qXnCaIs3SjyEjjuNfZN/
72aw5C19YL+a2m/pQPZ6tE9i4VbLyizMi3WHsyvHF26KUHQBt6B5qCNKzBm0HdKA4yPZM11dbBZg
xwDUA8Ezfshkqc7bmgDxFMmRMr2ECOvGyiogsj9QXRtq9t1x/Z9zZBC/tLQmO30kK5cv8bs/xlTt
iIkHvaOWCZyiIniKeapyyHmqcSqlCFvaX3wsti5YzUMTkRKpE2K5bq0afrsPrzGnUdWB/Yq8K8Gd
kkSGMYo1OqKi857XzhdNMnjwDjZG0pD1NuYmJgkvjuQ5qQvRxIRKvhtBinpa2XE4pmKkTsexJw7L
OmgSX1tv1S6RnHr9tU3RnJSNsG03r2QLsBvVCyO3v7DBqhvelpQ3gTdwRwsCIgayUDlXCF4w6K7l
LU1sjyrRFcnyq+nRTcxwELZIbjOtXIHTeBOi1kIAojyz/4pyjZ9zOIvGnLDl+IeCSN73QDuonZ9J
Bn/r//WQG84dTf2LsoDx6jCg5MD2a5TAf5hKi4gm0Vs5JiUrfpfZORlpspbzR17+GPZbNykVyReh
tOKl8jrNs0l0OVro+mmWibRC9W6AwW97DJcsQa79q6KB65KCT6wFLhh45/hvAUJuXIyeN6qVSjhb
9jAp8ijwIfFusqAROkMtpfZhUq3CxrRisW6hw7Qy10pHQYpZy8VDoqHz41NAAybUJJRopP0iOUIt
iYxSBa6MXMRn2Yl8TPhs5cyC5BA7Bnmb5LccI1Y7DXtRMX2qJKu5qd1xA0GnkF70V0Iu2Uep85mM
eU5FCuZq2ozF9ojRrfI1wULJOcA36MN70eqIeurOOtajgEbee9tzmLfmNO458AHkJOa55wHNJZF6
5RiQufGodGCe3sNrCco5YtDKNsRF4XKGr8Ov6jsVhVB8Z3dT0Fe7adN00XYl4lp6yvoHEwx9gCGV
g4OBsWn1RHrXxKTTquluywNhSpKU6ye3rsUsJQlnrVxmsiZWrTmWsp8CLKIyYTbWPmfzslsUr/z3
lNL4xFK3U/ewrJlvW0lk7rk1PPAU25wLTo9tw33saWlzaJv3UWmYq2pdLPzDwOs2rWTaXjtycmLj
rhODp6NZaTguvcylquXJW2DT9gZAD0W+wuir1N/OJckHLoG7Zw7P2JlZ/rtsvSE0TsFgVxaJBRNe
j+WrMI6KTMtzOHoBrpk37sbaqv4t2uqm42x51C3K5+STjZ7ERX04J5iow4oIj0xhctBX01HjR/oo
ix+wfioYJHIAUimqX/085kJin455jZuVIGBjVzHRPhzJSEaG+tCuLYX0N0G7IU6GMz/zmD2Fe5m+
/0TOwqbOLU+iJqb76iJllfc2hI3ER3pTvo+mncxOppnsSM3DxFpD1XcIeqv82WdfYivzWUpea+sO
H+XX5A6PuliNg3nAR51vrCua3Lb0SWAUZMBh7Wt6d1EMIZM6z7OgjPYqzcH7OOVaLFZUz2fW5u6K
3PX26b1u4e2x4kLJUA7F/dFtTA/8pdo87d7OQCnq5Fb1g6vA7Hbhw+xg4bYLBFgZEYF23OT5LR7K
tfHUkzaY231rPKiAaZBsNypk51iYr2S8hgM+Rf55pZnWU+pB5+x4fTjxypf41udiCNhX328jb/90
OAUlNjBrAosSi2qsWBcyz9xjmq11MGC/9wWFYpyWr6EQjmeJr/yQ2UknuXdxgBfppcCRyM71uci+
MR3pieFb9CB8Sa1m7Rdpr7BzwZvLvqd02IW8wcRGV1mZsa2WkIHlxMDnLhrMQgamCipgvwS1bqiL
ia8FsvmTP8wcDULnwnRTiVAWDxhcourCz39VObwBsB2cFcmbHu0jeiUwrmG2unYe2Fuw6XQS0cwe
l4i6BI5OuBfduJvsXOtLekD5E+5OUYFFCT08BbhBv14gdQwT65Cis+Eu7OkChV9q0N7TL59ugb8P
2JrwxuQYyK8ccRStHgV9hBuSV4TAmmoZDGuSE9bqXuS67t7IIf1KQJWC6QHl3D2oyMMP20CPyH0y
/XqHYHN6G308aXoEF9hrMrVehaDokL1MrD23AOgOvpWFqv1t2HCUW1zMcwRZaKciY5poHqeehRWg
lt+nGuCey5rJi5ARrK+fIzA1YuwAuFN6I2stRIBVGSo8Ou9VazAGfd+H8HZsERRUUqsxKpDqGIe9
SbBkUmJ77YBiWhGYyNvsVaB5+GP6SZxjI8KEqKoiqSGOHNTWGEeQrBBoHesC89rqiY3gLMvJBg/j
aCTNg9Y04BHej+KUhRqtUwM2TPs5HueGSYrVfhJwzKSpvSioDgXqvqkApJLIW+Qd9TXwN0B9MBAD
/wGrKhNBCHeucwxdymcId/b9H0G2tynRJxqbP0C1YPe/rWmrYxgzl8T1d7F1BMqI+RkEDIlCI+3W
orxihLQP0clDdwYIyZCAPV6i8kYo1uBeK0FCxZQwn5CVNPfInwiWiOVUJGMcor/TbEMnc5Vt2ete
eT7uzJ+Y3AkmB1LmsyPDdt5dIwGyW7QJwQNO7zzLbvVRLetryo3+vCN3mipk6jcfFfQQMaTS8vXC
OIwuFkEJYwMunWpn6RXI7Bg6QpMDhHfXRS1v5t9ExmCwR+/mse6YbhH6gL0wujI95OYTOxOwkB9g
A98q0xmSBMvhuhC4FWsLdefFd5HXuPf8pijD3OKJPbkVzU/GhDqKeCimI2eTyMhBt1DfyZgV0l9G
hfTnYD/BZXFcAvgoVXmRQI7COX48g0B26DnEhRE39BphPhKddTgS6Ir0P7FM/B6SHSosfK1yXRo/
KjzTzHLs8vOzwGXWk3Ly2tMuS5FD0B2kl5dpq9C+lsDCBNPSWqEXhAXwD9BH4AXKDwVJppMEvwJc
pDel4sCZZLEGAItSbkmopoxHcjinTIq4yhx9l6ZTxon/TD9rSjMezWszfzI1bzjUmE4WdqItS7k/
5yRmksfK5/4zLWUdkb3yevrNfF0c0GQiUe1UzuL3wP8pvJG9oryq4AHVTZFyQT3u+S6xhXmqP0zl
zcUq+db6U1SvTMVQnXCQCWkISq3msaKk75tXy2TacREdVsTeGXAe2qTBaMZupZlr3ZLdyEPjc/6+
ia5FoerNJFMkKBnvju6U3ZjwRgpX621AzxepvEiNOAdwiUkJiFk71kg79G+dTaVZZLaiFf6V99vw
lfAaSD9eN9gw7Tzchjdogna4iYhoPGm3I9VzeefWf4VT8zYWnfgM57wb3DzL5Kn1XT7L5KqdaF7Q
DLtiJ1+xdXQ6AOg0dOP71O6Z/Alame2PTQ/mY6jkUTBMrBh+UnGY56Zx7LPNSbnUscwxzLrNuhLA
mfhNafBGQ3XhNon68nouy9ZKGFa3u0DPI7W13nEYcvjj2mQZeiKnnJ9CxzkJgz/KLVcQ91KyWeYa
NW9i6STqmiaMIHii1bJhuBq5s25puEm5uoE6yv7skKXONcM61kTW9+wVOyYOPyxPOBT2uyTEY6mQ
uZ0gZ/aw0bhD95rM+6xR9R2E2q9cybuHujbIiT8PNsDicYDfnG2leQBxSvaRV6SSrShSWoT7JTnb
Pz5JbKu1oYCpdLl9qxAdspbTwVzipX8U4oT/mGljH48oE3aZti+liaaYqJ7hQlBLaWnuNtMXf00L
pZmdwXDZNzpLic6dt0/jNcIhdK4Zfxe4O5qdrR4yFQVnwnPU8sivxg0ESyi0DnluY+P66vWss7Oe
ZTyi/JvbXoiFWDh6DH3vXy//fgCQ5ZavZ/UR2vc5l/1tGa4TaYxMoDg8HEUNIyILGaSncJQqR9C9
LQlRLeS9C583G7XOK6Gf3jz40nQHwzvwU1gWeSe71GpQp41pQP0r+aBqtZkQXKpo3yoZyr4Cupn8
/HqJKHxUgKgtNkOhCjxTpFXdJX9Pdy2SVO8gfO/pFJoCW9iitMOfPb9KqUuoYiitD9ylNHVpZ3pS
ttZ9B/2yyC6uTG/jwa341LKGEq8qo2pEfLQU5CR3EKzp/ya5kLuxW8tJjnDJK4pcMsQSj2gRaA8h
PDIbHUv1CLmsvqspDa47mdTks5sZLg2yAleqz9kXMASGAuCLl20Y5Y9QJtqCqAFQ2ujTN3qyA6o7
AFoXvrUrZunNPRN2OWT9jj3fm0QcAPokEaouZzpq9ikTHu0+5SH8wfqCL0/WM6kKEkpp46ARxH3B
u821N7vGQManNgqQZ2CIQQkdjbdtuuVvK1+4LrAHVB+dCIArBLXFVgynGXiK33sX2JV37mvH+4P3
CW+smZ8wNxlHwjFdXZeT4jS66V4zZqheCJCFxPGSsw+dnPzAkFw7PvA4KKieuYcdRFlFaY9YD6oR
AzcO70GcKGk9MSbi6k/QJrgUkLIH5wnSOYy42Lln+8YO1epWpU99UOHQek/yWKPn54btsv2jjDHl
eU44+fclpx9wyLOGwF37GckW6mk50o10MHM9dk5VGC4k8gf/5jB5jnDMPUvzKX9Jesv/SXXPnTth
HjR7JsLk2/T+TX1KmStGD25F4ku3PddIfhdlY5160H78D8x1eIrT3kEvdDCuC0hO2VLXB7SQ4UEt
+PWqEWRvSK9jJ/0snKedKT1OHPCWKlpMN6xtQHPxnBuaCyzD3U1d49zNF+mKoKpqn9aL2q4R/AiY
hOMQm1YJhYZj/MdcedLxYS2241Gvu64XZZIJUFcw0DOLnqWoxTXOXLlA3k/Ou60yXm2EgpD3DOaw
mSTmVOeEOl/8g2CWrxng+26b0Lx2H/gNsqfGHmw380XYOXHsNGl4zyONGKyY9xd6hXPDUkDvCDlE
b30mgjIvCvTz49Lm8AMiqwWK+IzJ9iJtqn6QYVTpMbTyKPDjm7fYNTDoO8I4NH6KT1KDOptSH4hY
ITkfrhp+CXjv3G4kL/how6bYf3wKjyAK0SeVdMIr8q0yJxItcYQ0t7LNudUpUZRO6zav7IecLxO9
oq/qPR6DlVfBIzIdVZ6nk5PcVbzbuLGdP1FEl1aXAEP6Rao5Maofe0KjAm2XIodkZwCdAoti6hj+
uMkkD5hxROND9cIGpfi8hrfktqqa0WaesNIwTaBNSwfthDV6HlqS2+yyeCf5Y2JR6K3APMQmlqDm
syC6BltEly5KfrbseFKUgk4BbwogBVA61U4+RtASZeY470K+VWHupFrhZaUYXLaCzZyi0SCzr6WM
Jaaz3jaoQ/kvzrfkqtGh1kBqWcfJ6mikOHcVkInBqqBnOVE5++zaLEeDSTXisiJZskSGrvRbAXbl
bLG0XPwTZB9sxRIIxqSiCyOUAc8cM1rQtqNVzKm3pcy2xSKcW/BvOrtUBUOKGhVK39N2pRNMy3Qd
e+HIxmXmj/gCRyM2YIOjNv7JHoKgMAyrLmYRuqW1AJNlqgaoXCbzbrWGv6W1LQYYZ5nC2ma+q3Ot
FW2d88fGy0/b7H2sAI0kCzm2DDKQ41q7yseI4y7TuMOyyjUuctx1nqh0JJnDzqOV2M8eL8Y7megx
+8FCatZz791rDSA0OdwQc2aeshDHJsXAbliQfhQd5wE11877nKL0jqHmTdsohmEuznqKSIvVs8Ow
5CXhrfEwV+c2q8TKUfrxrc3WlaKw02v6FmohyIiIx8kItVT7ETauJ/5phY82V6WT1NMo32QHSUr3
GWNTTMro2Ue/9EQYGoxRQ8noMr5hdY3BDL3KpstwaaPnusrw7vHX5ToCi8KA8y9CTiXXJQsw3Fdu
eLvfa2tQ3GlwSrzgrW5YzkHzL9JY9nLgXIJComPO0KwUli4LpY/sRvXHZGyxmKgfbOyhGGvfuYwe
IyBmVmPi5BxdzfsR4VSSLTGx/+LiN9cx5m82qBQ2kZHwaOlQWWb398J4yHYv6zntFUQBKBCuJxBd
apTv4XLdTkN8M+B9bGPBQw5J9/SZLi9Deq5n2X4CKQkFKCGTL2oyLNWr1TiG3zuhttrqeSOBrcmo
AWfXZMOrg8h7yfER2O+byrF3qlihzdGt6i/y4ASGPjcSJ0PvTh1vjq78+QKITLAGsHaYImRoaY7k
jWoz4Y/BxfxhLRLlgkqySZM7HBHNw8BE2VoB1Zva0nFBv5k4U8U5oYHK06whzYXH1PwB1tvDei1R
OoHb1n2CzEP6u3bRJtMuQM6kR2YOSStVjWOO1KeW/KGslLquWopc/AoRF9kbp7p8E/vQeFXFr5w7
l6ebteYk7/29ckZc19tmBeJY6Pu18u4ZAUDOBfTJY9/1xRSWxMAkJsiNxcF0xsFBdrFyUzbSdaLt
qppTqLL+NigkjbX0t/RKTH7ZnqHSa/QC1Q0RzEzG7oNHKZupvqWCnsFOOAv2IA6kagvX1uZodGAJ
XKud5d7SkMANyzvtGTCOn3oZ/xeNEcZ6QivAcV78F9qZpFWhPjI3Lg9p11T/kMEQ4CizscyY2amO
gBrJUOuG7bhMHawnLnlp3Q3oZwWo/Xmf8caem025WG9ECzP3P1fkdPCxDq14d0Oq7FBnop/+MCKx
ChRuKEtAr6fewqoF518nT2zX4o+YV0A//EZ61ciziC3GLaoxcVujj9DZRtdq6C+qkHid459i79EL
zPTy3nEdzO2Cnlg+qJZVvzOx//ytUpdIMJw7nzOXA6gvhI8I6+Pjue8l+i7aJ6E9yh+5UOwrsrWB
9dAuVBxDlTv0Apo0pW2isH5cclfJlAYZDNRxwrUQbMAhRNlEmYLNaS809vz0AUSQnEvUR0pBRuhR
oMyBVLdDdNUw+S7oqNQhDm8GBZHbKZyBa74uInqG2gBboJw6OA++d2CPvodInoaSuwgiEZfeYGrr
8X2ynzEbOx+0HEpNOx72CiXu79ia6k84nUy++RxkIxP1J9WgREHXKF0hmQpgQHJLErsQ/Byn1CNE
aSPEcZMgLFeaKcqt6V0wo/AQR4JzQjvXGbRVpTFxG5ZdkzPcbapzss9AXyUlco3HWzTEZN33VWzP
ZUqgWC/SZi2hoGANL7WrcTQjqzgmVNE0UQlZZWfEP+5Y4PBo9/BmTeZ/eCIRKD+DdvOo4WkPhwU9
ibLdP88Ni5a+AFmEV4N/E2oTaRCvkrdUuJBgFbOVkMI00VrLccMqslGujcUxe1VwUmKk2qylE64m
3kxn431otQ2uCqfKPCnFEFjiRiQ2wT0TrBO+B56TBhbV92T5ibyoLP0AG6ILRKBKvfLbSTyaDRKF
x3XyvKnc8atVKYsnl94zyBvoSsWyJHiX28V9xenne2bZddp56tb/abn0RHJUlLHM11qhAvjxARL5
g9u7urqwFLj57cM+m3M6u9wuaZXc2iq8uJTeXmu6unx+4n6XztzrXqp97qz0vkrP5HbdKQko4a3z
XarMh/VGkv4hf7N1Y9unw/ezlaAizR66Fd8Qv+LHM9ImSQeDaExNEBYiyxarh7cpeFrKLWpvs22S
OgY+pguUsG+YpWdViDYk6cg8VQ5pA/RMfCfGmU4/nkJETGMtFBlCaalnCG+KXABnk+4UR4tbkEWR
d/n/ewS1FPWEKYnfZHGCTxH0ycEpHrAY2ic7Z+7895KuIPzX0zKdPbounDMNyvh3+HwqbSaD2Hey
se60zAcsPys7pTdot22265NozEu3SlAEAapSW2hr0it5IdYzKClBMt9OjWKPZINiRQwuC9egGyAC
zd1FUwaFNAhw/GqAwG41z7ROYAtFMJgxjrQw3U3MGzi1L4doLIUKCTPoPYPJoF7czEmMNxLTy7rh
NlEpWJhI/qOiMnkMMVhBa8o/H/8Z3aFOT2bzL4raHbRziJMWOsivvgzib4pjBIO0cqrJqSyq4IOl
++iwSbgQX4YxJZfkmuZmyIdONs0lpVWideLL6i8eRmG6YQClZlLJN6ayi7PqvsM0lDRB3153Ioaf
E40yDjDOyeqkaHGq/e1EjfH1fpQ8Ot7qW3CE91wyQAdDVD5YZBIPPck82pLtoew93RP+p0O5puLs
h4qroCbeA7nHZaYzfbIUz8Sr6ADLFVieM+NBawFCqIFDPofwvXArO5Vq+Dy2zAbJ9dzXf3tQzdPu
lHLB+ee0+ugwWAD6SwqRGVtksHhlVLaan3WHmJgnLY/NR19bSXNm7f1LGY3m7IRyBv6KpkcGrd6n
bY+1HLsbMH/i3Jpu17bCAafal+plU7VsqMSm1W+xTRJunde43di0C6Vb8XW9l/Mr3bspCCivQP1w
PSyQso0Ty8F7BQkt6VtayK1HX3dl1j4P7XqFiZsMRXKI5M4kaKV5/G3AYYqRlR+qdLMUeTnN2ska
5rbSo8h7/08GvGrxG3PeQCWjj6hJ3GWnD65RiIedf66j+gEs9ZR26RJy2byQVt4er24JDpa21Jvl
GoqlHjcr2CDvvvkjL1znor5VLGi0XgfLyq3XfhHyLMxxZ7vwLwX3ATV5/KrzHBYtkVG6UyzkMfrL
U8aAqT3N1+xgtpoqtJIQ8bkoQa0Z/64eQot6ii39Y6QNwiS1MtGDudlF14KFbCZX6RSZx42anK3i
Uvu3fW15JajC3DHIhyKlaTCR33RlphFMQKClPFffV5uDq2koUaEDF7pNWXk3jLppuzLxuFgjTGUm
dMl6QJj3sGcnXT3Kwim4MirCKHvIMt657Ip/BqZ2m6iCB3/AHW71Rlnuya2Gz1BXPd+u/W4hOF2m
I0FYeB476mx0kIYK67tcYJ9Jh7YINeiO5EXAJxAfAN5ZTlzHUosX1pHUx/o3iZqu/ZmNx5vtjPDV
4jW9u81dOxarKVYecIZ0hiQ3sNcMljRtQBe8V4lpPy/lonnKQ/yIcNQ3eMgl2wWZg3I77Qnapckb
6pJPXCatrPwtni9xtEAnvuUf4Sf6sdhl/vdrdeazB7rLKo89VmrODtcZgmyWkGjx4ZbTrSEsvKpQ
WsJqkn09w7TFMct9waC1pcYtsAlvTkbbaHsIhNC2845+kcLwvXst6k7PN7qn7WoLMbOn3mpVsc7H
vTUlfjwfSZfWpWc05Zfmp4W1pSyDO+yr0KwUOWAe6A8UAUm5AcM0liEde6pz1DM7W4RH+CLXW5S8
nBG+YgrtJxfxiHucBxKKq1njXVFZmNvT4mNeqt8kH9SMZOW4H1AJMZmR9bxgP/O0wfnjcty6qToq
eKxS/2jA3QGGPWNzdn5wnuAzQetx7CiluN8ZyDizJK/g6GR+rfBjsNDFCHmKI2FSKC1zw8bGB9G2
AC2gEzfgfpX9ezusFoRfUjMUFztaOvaY7qQK0O5hYUeRP8H22zZbPux3Q7dreEA9TALgjgB3rPpX
ls5XrPWIbEG5guEj/iUlc6SK2NrxGfgdfa5+/eRZdY16iwW7GUDtRE9oG3QfpyIBu8A1Yl6IG5EX
mdMDzbjDhNnDVwKYIiIwECQkt7h7+CVMp9T2exfhahJqwdjg+rHMh2Nx0CP9HxBtiOjINXFfidzQ
rJmO6aK9X0Rg9dP7SKXjLOAgX6lc98IwG263PqIGJgfZpjSGRoIAdkhGVndAO2QTBDypywC3pIcw
pn9KGceE83V3tOajFjarlGhH1NY/LSmfMDqR3MIliI92hWjLQRtJuVOQQwJXjK7UZjHnCCgyPKWd
k50CbuY3JOwyAp4okbPzkYXwYx4jmRFgyFR1SHvF52HYfqZJ48PE5V9l8gedTZtLV0WLUbhN+cWW
aqVn22PW9hyG6EBBFaY2JdqjiGq4ZY5lalkeG/ovnDeknrj2lL5kBu2fsHoqpwgQWloTnfvKEghY
wk9t3uwtZYmyn+IawO4SJIsvpdKFriXefxnPbs5XdrSeqD4qp46mOEE5O0koJtdBfaZrTFgL8LPU
qEh+gV4ZL4GdOXeGf2MZVO2THBQCkaL2dBbkieB3PSZx0nT5nndU1YOf684qQeZqJxynZrBUJghU
eUVyLY2bHDv+aup0HGD8lK/MtFDYR8qOasfzHSDcOrfeuoFv4D1hfDF90fNi93n5Gap0jeBQ7bwP
HglSjsqc6tgL32RvUp2aWimSF4R7yi0Cr/nzpTLkyipAHTeFDhU22xKFIvzkbwXnipuIujXpqQmT
YFFjAuPfVIj2s1oDChOB3aYHKhVcfsno1EAIN4hp19A6lDsUe9NCUzyRK4sUkXSTN5selUOVUqwp
pjmg53XLNiucUfqhVp0cEHXyxddAz5BDkxD9aYMnk0EXQSLQKNRHfoVLlbwaOsNMKnkFZiRFy0fw
tBfWMYBKdFxFH+KF5IwtXejyJnw7gLtkLOp8SqsFGybqlVdlWAbc5mLonDJ3gJxKdlHV5ykmrS7K
LFqVLN3iSlJHo8fNWIsxoiDlQqSssHPfaq4j74RXJd4RFSCtagwr2cHK5GkZagZFlVWppIzSQfWQ
6H3NRNYd32CexTiEdfTYDvnPMqUTsh1EK4tzKnr9LTAOfzreSw3TT0WgJdn77um1irb23lJ9tZIu
kIybKkI5PwNmK9hnQ9dol3K1mO+2M0JraMnaXxs96GgLTtwQkrEFC1P6v8y6TwEgbzMyv8oi25GQ
374tPOT7XACxTQOR+FsuDM31x6FnUu9CNIpj1OXAHC63gbj5ZZ0eIFRMX1cPIHr4bS9hgSkcezBI
QW1OcphgoZ1FNqUTBty9m97s3kmS9aRiqA0ErbYLCINusPzW/o0rHQ320Q1tXX4Le7TpbQXvluI3
dnQjqbxU6dqrCmJsZShppstZGiM4GfhPeSNSA04zfJF7Zj/N1LQUIQbVNyRrj7kblJJbT1bXOSbm
g/pjiY1TzEFPth/asGs4kXCoQ9x/VedFmFdZyhzbzETyui3DNLCciGiDIwZ+MI3cRJsaW9p2TvaI
aExlXN4RZfolRgYsuI6TEpW2Mwcccap6wV06SpaD495v8Zlj6RS5FS1JEVjdYleBz6x+ljyBWpjn
Gn86hpCAWLtVbiGtzC4MeBHQlqNelEYzNL/j44W1NUhHlYkWNm9YnUfgG5HFtOxKrWwWCLaar/j+
2HlZPrQuoL5qsYQ+TAbCs6r38oZy5WRnYBbEz0CAQrsgW9Edgh+Af0HO6avJWGa1hX4zVMiL6VTw
ECXxO0Ac8+6JWgGb+55TdSJ9UHSosYPsk3YHnI1zxAMOSU13JDYDPJMCgNrvndmdy30Q8dlMF2IQ
agW8986HDXsf6rAXmNbUgXIB/TvpZcputqwXkDZqt2CnuqFkdyHyE9+R74XN9XH58aNZ2y/mYVwh
fTR+yu5V95ynph9Y3aCWMowHUwUjEm8PWAVH/3rACc9jlqmCp+itPsUODdcF7g0Wkd0Jlvl1M7OC
yYu0J3biRJYeH0MTls6HEGamz6SBGzXVxzijLdVcT6QF45gCPHye3tpJAgfS9Q7ACkva7bPvvURX
uSyIDQbt9hCy7OF+4fTpGjjZwMTxAxy9gpqLozrwCDKOhzyM8ofI0xAYhw01QQ95WhNv+W/xv9C3
FJ40EFOReITaQ38o/Bocud7wT/GUwvtAv0Z3xNox6CLsh9MgiA5dhvPCE4u/iAkLeTzYK7gMJSR5
L3AOcerpPFAbkZ/RSmA9UBb5Ywo2890sXsyRD9F8UD8ZXdmOJH+xH/eo0UzhrQC/KFvjwIdxArBK
J0/E7qNkroI9B0HeSBpigsOjk1njsw7BxuMW/qRiFRnn8xL5FA4/spMZkrU+fALmKoSe/tIAClH0
K/HVLkSnxdTDEYZp+V3pww4O2XGv/uVKTpyJg+O7ot0KGCaWw/VRQRRiki4ncZgWpktQvLAXA15u
j5t5hL+2CgoaHS4l1i1uu1Pn49ng8qZnyowdoBW7zMMhLDKOMpH+khJOZgCFo6+brBIfGhx7vRIs
ym+D2iJuiGTMXYkeNIVB/lMOPS+zH7IjJBTaztPV1yW00Yd+zk5uY4AT/VOWNSWiamVwTYQD4MRg
G19T3JcmIKFy4XDCKeHmyUEpwp4tbphQlloFg032BNkdLZkHLRp9NHRG2h3Jm/yneDKoPMoEq8oc
46HHrWNo0KNIl3xij49a802ldlej6nIAE31iWf4NlQLwim2qCxnakzYhuzEUwHDUj2+G6GTzKVqb
mJLmkZo2mJnJk/cWOzMpAqG4cbbgWJDIBPEnu5ykJd5D5Du85Bgr7vVQgliUTUpvyR3ZNth+UnAZ
at4NV9hB9svWqgaXvEjZd1/6VFqcvW9zViNucyLkzraY+G70gS2fwj+YB4iL/07if/IeQgcy5RQX
0QUedA6GGEGeVS++SdDJn0XeRbU7cVNwnmyd3K2IUOLFsrc8Z8JWvdSchqy/Z/sjU9JXP5NcrKnc
IphM8pHOKUScHBhAuSBfwXDTjI6fEz+AVpfsG+hOzGPCk/+xqOkhuqusQfdx+h3zmBJpO8w6QlSS
qFtKqXrgbvqCxCLYqcUlJLSIu7JmDtNKWSS3doBnEnvOhlpR0xPTLwx3ofHCo+92gfVyxlw8/bu1
06zoqr5Ex6S0W9iRNqJM3gJxbkYi9AWxUKF4gWpIWq71nEJcd2oHFFOweoLF9A78I4nEz7qkbj27
SMOwRK3dNZBpQwO3vIHQ+jFCXjb5W8tZ3G1KKy1F3peltaikAnIakt+nfDZdx9RX7qUJ2ZSA2XSC
eF2gam0jqnpZ3cp9nfep2wpl3GLQ5EOaZFHI8QmFf0ozm/uIsIq5pv+D3DXf0z/gdOo1iyK8TYzX
DXze8nllFc2ZyxWvWwLVbsVP0Tlym4HB9Gz8ZnRv9uMgh082Rz/jBPrbzz6tFVNJL/MmYP8zPeZT
Rk5plemHGGVwhXNOAcy1CLWJMpSjFeQDnbQjJOjH0bG7et+gv77Hk6mRqUlPpKpgRY8DkfPPJR03
zNasf6aTntspw8ONPSHFtAI2z3+x+juc6q0HBq8jwrYJqojo3gh7hYFr5UJbPn0itasgxE4YfW6w
kGzSojfwEG40BMCaYrsEAnCKukAYXZG3mpqNMlqv5mkrLRV3Nl2fT9OTRum6P9UkAI7LNC3FbCnn
tHGIvoqqajvSv8s3WW8C72wiFo60+jmTSrrZc89fEp/s0k/nQ7uaFl3dRa+Fg1i8m/UGzq9qwjFN
GG/5cigIMm8Nhjot2XhNr9zuBbtuxez2hbsKJqiqO3QzIf5t16clzamwd5MTqDtLT7kNzAI2/lIo
fQck8fNuuGqgM1Tn+aJgJAaoQ4ioQ6YlcfQ88bT9U9egvWThuzJ9nnOQqRJ5uZWnsZe77MeKW4Hg
4pltmoCo4CyR3RjlWWAR45FdnRdfAGAIUwlOnnVgtmSvANYfrP/K/Ob+Sx7VR//WPTiogWIuCoR+
D1+/mO0a+BDpifGM5jGl3r/t34uMBqn5jBgWXyQkAy2bLOJYLExeCszgToRZPJb+i4Tno7l6X3HX
8Vb9i/9tMvu12qWIJWU37w/Oi9470D3A5u82rzzNTx83ZWF6RqYbXJR+BgLVOMW1zLjDNJk2lWV7
feYbKo/EBu16Vt8sMGJN/7YDFMmV/fH9n/HZA8+ReiSwL1FFCmJIn8RsafV0CRCqkkYHjz/FslMH
mwDx5nW34j3WZ3r32jzpqPYw9bD4KYcxw+poaP69MUMZH2a/4EPj/F5I0ocXvcVkx6CCeqYExW1o
VAdVsc+9n0j+Y0fwmQNcC2pCUnMEJ6CAVKxCHZHkPznzkvC+AFtPREawZX6+mOx/CvSv+eXzMNNN
5UzhTNfGz+zX6LEEfMK/QV24RfojH6LV8u4i95BlCrtoN4NoWZ9SqYiiXWmTqkhyIpAoZhPD78Sb
Ystdx9ickDm53Qm7gasl6xdz80YBUxhJC3f8YekP37XxFNR8pDCgBmr6rPgc2RPrrtdEtxzZ0d4J
doNnTa4QvyT9wowL/wh1TZLdJTSXWDKytw8lFM/JrwizlFOY+b9JjmBb7R7xTRldCf0How3gSqyN
dAcHluKrfdt7+3qYZbfTqpFjEflwV/OuSMkTnNz9EHkPIt+5IrooXAnCmuNnUG4I5xBpUpgVUitY
x4+XhUzjAsW97i4qDemPFSpHZ7B1FAZIEdH+KW6YHqL2Q746HyYpw5DFFUtnDW3IaMY3BHElSo9j
jlyJ7ALLncYVDisID9hSoropvad4pjkqbktzTerSfYjukZlO/ZpmK08h82TITZ8pp1g3nyWVxiph
/mixZXbVHuK6EdVg06d5BayyjPQbLaaW5Z7RlPlIp93/PD9O5+Pn+RJlkU/rOw+aRdBLQ1t2rc91
h97RYkxlysmI+9WHOWY/OmTzjYAlY96Kv1i4cNpllOg+pfpNcOm+iYTHYsSoK1iZ6A0ov24id+lT
felPIhmAfiHdyx2Qx/L8lIqPa2R9yDznTM3wEvjO/pCtUX4MWImSGQvyZvmntT3oLfRHbgVGZbdV
uh5YSDSBknVWXpT4UP4ah1zSiWPwljx0VjO8Ln8r9ZZFkuLSHZd6I9ehZSqaSSqG8Cy2JxYMCuU7
KMaGQ/3+jIWrnj4n8CBjOe5N8EXlHQulYE9ADmKoBDWntGr5qKAe0i6zTvAoRuOWhFtchIJN3q76
SZspS/nE0aCtxEGabfSas6igHfN/BC8DOZZ6Q9Sr7sr5stw0fWcFZihUqxen/7sosVYyFbipdDw5
7P65dE2h+ys1TcCUzi7pKfpN41XEW7Y+acG8tVyTwMsgPXe13NOYfFazPrJ2Ner0axqyekRe6eCc
fkKCUhZz+fGHUpZzTlqctuy5Ff8kecH10S0VVCq6S0NZgHzZ01fGGaBHYFCjY6xk6IJmGZ0r3h0N
Ke2J1mSa7k6/a6BunE7FaQWpmXI5w2bfMvBKopr5JaDfSDpRRtXyNlxbv/zt/KuuWxq92t1SXBLx
TJMB4SzmM8WCKMXYtK5rmhFt6cGBZWrA+XeM3rTaAPrVVrKzIVjbVOsakY7ANRuDXI5txb3xKFPL
SCfatzb0XIE9wpve16Cv/w9HXYUQ1hLKd6U53WJ37OJoGvYOLr6fe4tskt184g0mUJ7m7x33LL36
6PulQ34r7/eufOH1IcCkHSXWD9KSvGVWTwCV6vgW3AQqZZf2gHlEdK8TfLuebJ6N0hEVxMpIZQDg
IHVwpGTwPLhwrmXmtWcB2Dz2R7bZLXSXIKp29nuugeOTRuqQOkZFCEo7en2HuxBLYR2JZ2mImvCw
zUMqylap6+uXUnewFtJfUjQCG4RJCozqD4JjahRDTsRxSq3jsojviE3wKEqR6sEkFNFUZa2TN7fj
4TFaJ9fnwTbDwc7Wm+M9xk3y28h1vKw2fGjzpz8SCzzoT8jE7Pc1sJkS+kBRXsclhpVkmYohj4n8
u92zvJ12s+tUbiVHUPRGfKmp0M1lantIynZVD7aOomsvnLauXNzKsiZP417u52S6DOTtMi9oDBQF
ppja0F5LSGw2X95jyOS9m76KIdQ6Kh8rzwBXhENmSbyiwd0p2Dff3hXqP1mLvv2oxFhjLHslJuOa
UcazkYgn5grPo0WZxAlFyIZ4oVM2PLZm38ljyT5aPpeToPy4xdjEeQF2ZHqL0y9s6pGL/wIDFc8G
lDzCGcXvb9fwRqAqGMX+R1gUjtuNjIxNdZolrzYuPCD6rKtaOZ7dp8LO/w3qxM+h2QnmNSacRDd2
1t4z2RIs/172qXfY2J7YQBSXtjzZnmsmO2sK+egJgMq0dooDUFpfCI4bPkxKoBq0Z58vjtQcISXK
KxR9LKJA1cD6i+zMpUEtPRFXL19YgZ5n3zgcTaM4m2Jy5JmZ/Ej3fnILqYI2mASuLERwcYh7Kj98
WMwxbRJ+M/G5p7MF1e9XzRevmR8sI0wLilKfVzQOD3jGaYnlTPoG0gnZECM3TWbYBTH5hBdfFWzG
QKYO6wDymn+PRwHsJuoh6Qrzt61cxi483DlWIRtPSQg6I/VY6o63irp8UvzXQFuUSwZn5LRQjIzs
hdIJ9A5GFtwLnTk7cjaG78It/st0bsMLwATzIAQ/KFrPFYJkb/4I6YC2LbfKPkH8TaaQOc0vrTqA
rI+40Cz6EaC935v/K5uBiFFLpIg38uZ0nZ4z4SkLdGr9qDOLS41fwqUWBQNA53hn4Ba4+7B6qBwP
9O3RvkRfo8/Ty9ao7h6HP0YwLDzIJhlpjPhAexURLdxJWZmaR8Qn30J1Jg9gGu/JLnOIYDm24CX8
W6Y3x64bcAIBUXrs0g1fAA9/SEMWLeHRX4ZUW7LxURZxGo05IH34Sx1hT0wBqUWUKfIZwk3AK7Mb
hUUwkw9d8Bz/UsJaL4Wc0Uy5AHIi6xl1GevJbtTcEdca1DHVJL8X9UKEyTp7Ckw1CsFJ/vKvQp+x
BG8/cZ/AxMcyqT72keqmGFy6Zs6dulPQJ71Fxjt6FYw2UbtISQEAI9gXDi61C4OKXA+5K/1oo00F
d9XeoeGTyquxU9QruGn3W6kv12tMis32KKkobWYNmIfK4NCYFMVeUdqkUnFzuCejpp/4wew09znY
GDcqk0N+c1gzGyc+pT7l/ugR9fVPHg7liQPqPiqFrb1lWcISb27ooqJjoi1c72oUEvDyLpTQoMqk
c4I682rHyCHCbmzThkbR4mRv8av7loLHmH/3XDm5OrkNrV3SNQYOIOAE6IOnnzok7Y/26z+lAD1j
S+YELXIBaSUo2A6cd0Z3QTVTlAx+7hTx5YtYiaQp2mbxI9PEtMU6bsW8ZFLv8/IGu6Qe/ua5KlQ1
BKVtxE7JYpJYwvNSwUS5UIZKRTc+GuBG9SWlG0hPhas4h8PPCplRH1fjKrlmju3yc3ILgu+ZC1lx
U4lIK+I0l+lGeaDYVioIsyxm0xgz5iUlKN/mgUjHeWdz0Ag3jYADYH5YuWGZLXO30nRfeYZi5ds5
dLXKM4VB8UsVJ4h65UZFL/h1vm6F+aSH+Xrt1LB/1G3zL3xsRnAH+pN1SvAnr5uDNaEgDNqgzwi7
mIhDLet0y7WrLGvu887jTLNAZOn7y8Ylogk0eQGQ20geK2qRE+YoxkigQjT8wdO0xqFpIpFlmHne
+R8qY1uWUbhSqkAq8TTSlekU7yLjltaV/KiyWEtNxN7Yx2xufI8TnXPzha/HVrbRDdOPSO1OwA+I
w9vcYW3BwK78CybUSAONTdzIJXuKrkHGxTWgp5kIB9B+uEuek5ZrmU20FCjb5le7LL4b52hnl1Ed
+5sH8bFF7V3u3PRALuudjEDQW9ndoh2jSctf7a/IAF6AXixCgbC8ej3tIvqlpiIGFhqvItPWAlE9
rU+bkeg+PPmtO+579sPqhva+f7B2faALB05tloBv7YAPp/u/liEnruXAruugEI5kil/+dxYreX2/
48R6XnV4nqJ2pE+ULlN3XA6N9w0O7taSdAxtpeau4ormwmPXi91Njd1rQtTzYjXl4jnzF1iqS1DZ
xxJknPHKxxpKUwGwdy+UuvEnsEtJ53MjkB4p3AM8ULUU2iJaSB4KK1O56ORktHBP0bxRncm1ED8V
4ei9SCuqrs7SFNBK1DDXNDEkuMlNyt9yhZUfnfvGyMwH5nSlkklsrOoKyyD4oLfKV2M4yBhZeYOn
wYZhQ2GrYdWaaT9kmupfPAYW1k5Tghv+g4ZNztlOQ5UcMe6aY/celRyd1SoC/dk4LSytnSyqDxmn
ITbExVOukyPLSM2SlzHD+VIPfWfpxWaIbirWxgsF1Xz6Go3cpl57myfu94tCXhr24+zD0dQYdWGJ
vVXGxGZnGy3eH5eNptatba2HxtehRCEUOs5X82eVJq44Le0VGB08j9sV0C6iIowXEZ7Ioy6srxft
pfuItBDsJOZUMmHadx5t3NBucPZ+OQGFAORfO1c4Y+RnQTN+x2CX8495hcLdD9phxwdKac5W0Ud0
p0zsZBQjtkbkx7L2lEGYyb57rZSuFZZgqFLBmrzkw9u6uEQchIAHuMlrd6Q6RBHZzDmsaEXiLPc0
+Rn/qG90SzL50b9Y0qDBQKNzEPhGe69eaE4xZ8I/VsOydzBT3NYy5Zga0rVx1YNs6jbBIDYIOIo8
xO7JpsuaYVKlIlcAi1avQl+OD9Nha24BlJG/Y6d5pkTZJ59zlgmc75DzLgr/PV1WgnpRe+Y/unn9
g+S9rU2BBfhpynOJB2Vr5Ad1R+S0KB1KqREdErmEt+E7kxdVQIitYDsVrXCwZD6WIHE3ab+LTAr5
N14hNUv2RYtMUS1cPRLysW9XZwhQ/VtSO5TssdOS9hACaxj7lHuoV+Tz9HP6WZgMgt3ALpggydh9
MQKQRTpgstcObYHg+DpKVfi9xteK5GIzwpRPgo+iycod4RmWncW5kg1u/iPEz/Bx1ieF0Zd3rQOo
781jWAXWX/x/pJUDfrIapJ1i9sUlEWJIq6byJAyEcI+6lkS4/i2TkBI04wyPC8awsxXskr4yCRXJ
yVHW0Z/sL9Hmma1oN5WWAbuSf8ar6B7SoWQGqY2ZhR2rhK+7kH3vkBq53mrfKdcA0AnvE0CKCYlL
x0wWPSU7FI/RFoxEJlKqNdr8LgO2FNLLbuN3k7fNMe04lTHPuskmmJBF2TyqXREYKEAvKtWULMvj
ZnD0daxF7FfcZzXut1nn8l0ZdlXrb15PZcjyVEoLXIqLJkcXUopmUwTPbxZ7J1kYJRkfkQHRVhpy
yTfTru4tlvBQMZjlu9Od0WsWu/VnihydwGb0ZGJ/qVti3Jvt8WzaPDvbk3qGCJpQIGjdIa/t4AhA
HGARWVQ0kX0c5P1wIxKwdCa9ieMS/0gmP7JhLpRUXGkpnYIwR3MSeMSTho8G+ywPuqXMk2dn80L7
yvEIyQtw6bvRMNmppIeEJSE2CBG0mLmv6CRSTtJ/IpwT31KeWq4FrQPI1Aaqu2txiaylNWp1ia7z
LheJodgA7SxBIxL5PWmUlsFpV3rReGYPzm8jvk5oF/zi5xfAoqUngAb/KdU4k9SMeEuwJmA1rk6J
ScpuPCErsaTh/CnZNru65Cj/zLEtPeWFap6/+iy/1mKWYtF6JWMu1cT7yP0UftGilcYsvSXB/euh
jz+Jw88ITYvczLYa1Yqs80BYsjpJ/JaFElGROdaiWpHmXH2tI41KOy5fBCzx0eHgTHcN/grVNSfy
iEOn/JH9szgqHKwDqZPBQ1I8gqvBEmdAaEbpHyq93ay4GCl12/TC4JppcrYdN5HKuWV3zmCpjCMK
b/UU4hS1yzNhl/y+bLfGlvK7dszk9DDbVpuWYSxzCy4Jo72G0ypb10U+twYD8iCoAlJ3Jla8o66Q
bbxtIl/sVL/T7LaIsmGcwo/fbh1xpHUK7VmuHN+81ldvGwzlTGCFOwyLMvnyH2mfus6SUONmwvGj
j31nzHb4pfyjVivIVt13JHselM81y/8xfk9z89m3gT73UusuDkexV95zzLWvk/S68L7dzeOdMHHu
m8vvfPWg3je45ZyrvB7BbUiDubsk8XojzPsi7hXFHtc7M4uPA059z2NiA3sC/IMwDU1FzZbvJzrY
JwEiEP2eibojnwyXh7pN5i9yIUmaKm7IYSnzbp8/fEbj9THnMi+0kzwXIR2Bg7IiEPrhGoxyQgUN
FRnvyAHZIdqSnwscKlJ5f56PRQ9wZP9mePVvodiUdxd8V7t2WgAgqTbXeMAg6i3WmnA6e21sZLS+
d+3u7C50VjwJfy/dTBqoKXGff9tPUZQY/YZva8alhq2h3clkIcGmHBJiE743cXoEFW2aFDmvYxD8
cAFspMfOE+mRZ35wu3TIJ65YpNTU5ayQLCNMwUKSRaoD1NY549T8aDAVPTc5FLtZaQRpGfbU3WlZ
b8Z0JiVtrQnN62ijbyIFgECNrdiI72kQV44KzaH6VOACYuh7F8FBC6L9UHGLIKdDWpMr6qGysyM/
2I7Zs2AOj1N2ZaZYGQUu2DB8VeWzqnDkq+5Z5+QArOhbcC3w1juqgzX9SVvEqUkauF28qpkaoPMV
c2FrBE2tsTk63qaJa5UJ/YtM2iwYZ0LhuJmqn5V0FAOoaKXczJjBJyt11t0/WS523iH4kOdq2RKV
8erp+MKV2hu9xl3r8ZDR8zQRbanR8fw6otui8KO2NJZkfFIju0m7f/yTqE2Fnv0DfyeWGVz3D1lE
SV/Jx228VYcdpqwbvQ27VXnuZyGopVLb11jvU4a7p5sYYmEY9FBteiV4KL4P8MW8aHyMaYj8HmAe
vS5Y3MaqIdAUKh7dTerl4pVTjG0gzkmD7kcmeUvOHouWAZAYSr/qJ71AqwZhVnRF/4Irlu8FQQv6
rWKPvAt0r/iO3AvTKVGFD000s1SFx9L4cZFUFHzX+AvfrpRksC2MZphhmiu5dcVrpS34iX5uxDMJ
PsQqlr5+PTauwPIi9YhwxqXlEKEYOgjsz2gUasfJr3mMcAcxbjfE/0V+TnNELCBDLOMUTjaos0iM
0JsQa9kRb9Owev73iIIwVB/gKEfC+lJGkiGrhXlu+OalxVXkZVxhxPik/h1bDfzHvUFxJSYu60vK
JRZf9pwGBj7k33aCB0HHz4cMFj4TrzQJU0xL33WJb0HSqPmTsB1OZFmCzEsi1ZYMadbDNG6ur1D1
gItT8TnUnUvANFTTlO6C2+IDYCVy3PEE/+UFovOb7MzqcXEne8PbX1BOWKRUS3Ubj7XIPIlw3IQx
Ukk/kjeinEXxph/FjHDJfux7A56JtibnFg5bwoxh/Bx3DXiEMEq1AOHkdqq2IlKVEMPYtrWBXWbW
qTSMg+TSWdS9hSKUjGYR4s99QqYJpd81KaQVf6mSk98jqVVzW4xmmj1/fp7WaGrZEU3Krl1mdloY
/Cl76rENNaS5qpd8RUrYxfeF9+QpK9ewiXkGq7p1g70L+IRjRvuXzTYTgzBYyNUNqqAz4iVDW4Wn
nyo6m5lcuBJtgCPLUzajf1YS1Yy1/sP40+l7bbfh7gNlRugdWsCnFrNpuN3/E31n6TmxJVVTr3yP
5mS9qha4cejz6jF4cok0S7pgIFXDRfi7j3NFk0Jp6Onnt7E+udtp4q0Sqe4WfSfXkT/2EPYP69np
/a8Ej0kduHI6bNR64PWaZjRPUK+2P5voO/hVg7qwBjjeJb+d7iXpJqY40WmJQVyTOqIjuBFTZvBH
h3f9cefr3u1T6KFP3jdcB1pwpbYS+0h84jz5ajQl8aPiJ6aP+GxJv/RXkbG8KoMUBybX3JcI6ERZ
/Xb89FS3pTeFax7vhhkkvn4iQT67mMY5V812H9ZNreo31fVhcFmrWX+PZsbjqrGfAaffjdNd1Y4K
G97XLF2jZYlROCWXc7RROQTokUZPeaDZr9qvHNU43gbYhXNY36sUF3amVW9N/1GUU9cc9ozOCaFF
KGLl1jEnCvc5ewHK3VFvuz++Fo4/GvGmNrCqNJ8GldMc9/iPyXHQsV4c3stAiBTzRg9mpl8QbJUe
/n1lwWI9kXf2YTM98WGRY2g9G8SVJFquYG2HYOmf8LKSkalBp6dZOl4ScC9UKgu0dr9pzrQcbbs5
FtEVGqZlXi0WBoW9dWuSkeXZj3/V+LEpsg9VxcNzTWqH21bUovGt1utq8xRugw9C+UbTwi/pU3Lb
uELyy7CYi3aozdsZp1b84b+ZkH5UZOQu2kSCgYtbjei6A+a5f78549B2dh4S07dYhXU0gR9om34o
fnDfWv3kQMBOUXXDFwWhmO1/5XfKnCN/w25sP/b8Z3NT5LDXr2v+bqjKX3ImerCQgLjvj/C89l9s
UKTU6DFLYpVBso9t54PwwR/t8KieZOxKzeTf0gfUFOHejMFT9g3cY1PumgU06WoQFJgKjswElL26
WciiYnAB4wYyz5Tn8u6G1FRN5Ik4VGHX4dYxOJMdyDja5hM6qFfU3YGkyLAUmNFrKDY0rIq9qH1U
AI24KavJ3Ei5tF/ynnIX4XS0XibQKq7DBLNoEYeQOuRtpY2O+hcHnQUqaJedyLaRWIzCIWhHCdFP
ItXv4vY+C5HvJ9VGIwGQQM8CEKWGcrupi9OT8rx90FofOfs0cMo3hQGHR4hAG3hUvqprkbbKMXUR
VYYrm5uiSio05bbBV147XZ83BpJDa6F1JmiZDjK/n9eNEy+X04GNMy8B020nFy9C+ENTYqt/aT/k
s3byQ0qHelitRLTK3DbPBt4pe5h8CFlI36U1zqYuUk56trozM6mSD22dq6uGLnGg1loxHvpHR68D
uNJPfjhZhKerVTl4k3ttfnenlvtqNjfrwLjyLiVH6MHJ+67f45uJ6isXIYSVQjlZjiQs77WGyPmo
iy/krXo4BVpkFqo+5V3xCuv0DV9guS0UFWMsFF0einNPmSQ1obpt1FebAz19Xjs4eF/2RTk6fW82
dfnP+K9c6+q1lGM+Ep/VmP5zkrklnHFtxfcrBN/G+8AvaN9o85YzBoJ24nw3poTAnwJuwe0wEGt+
BC/DuUyU45iPuEuQkAkt64XFhSLsV0KYKiPNdoVZMmA5Thg6O3I7URlahE7dYhv57yQrmt/Dx9Ir
HN+LxyyWmL+WkRI9wf3AtIvu4EgCX83ihqzG3bDvWX3ia0XivMQ/bRCY0T1m2BK/ad6zzyGNMS0r
jJGdssTNFBZdyphikD+VF4VPJEjHvwe//Y/Cq5/z1x8PZJd84f3GKZ6sCEneQj+Z6OIX881IZwBz
Fk/i/PNSNzqL8uO4O33GzNIFfWK84dHoCMkD7OUU0i7xfhlwP6SZd1pEzpnktmD0wZWkYxqm/dmH
mwOY+wfur01/EdvPO0e/vLYlGiKqZHDL2aRg/4xpIriJTapcCT76mItnBRTMxF/sJ1+rkYH8L4N+
LKaLfAVnWTkstBxETg2ee5GzToiKEmcaYMxQo1I5jasxVzzVEL3qN458RzeOLy59pn7gf2pKT7oo
DzlpYLK8hdDKIv4BOWNZuFTQ94S3ktRk/ULiZDEs1AfzclUtsqcQBOuw0JhoC/ky6hnMDtu0Eqo7
TBJugbeG8AwGHJuPSMwOaYdhXudOV7HQvb0e/eXyfYWB1wqDoVIjOVC5Yp5Pk/zLG5jYBnA3SR/y
TuAcDjexWLrFgqtPNSbNGG2i0PjL/GpqG9hJhcgGrhzwjJcaXrrWaYcrpxcjuyP+aqKK8JPfXunR
tVf9KWvLuw8BOalDOuoODVSVEHmWMS90ViIZUx7jgX2fY070oirpugCFg5VmS3tEvIBJNd59mD5I
ZfI2c13uDPND8l11VaUHfBlMoG4++nPFFM5YxqiFKVzL5uMhfUB6ELujmvCSafRrgzbNUKqXtn3F
ha5RhY56Cc9W0q3RtvugxsxdNJ9Bm5EF0doSPvN/qqEbBpZH21J+sKef1aWQmPE9ABc3PVnlqCpW
fZZfU8bw13f8I+MSRXKneWTZ1t7zGGGceO/HPwGdmc7Xc1mlhKFi0fEuUehZ1QankD4vVeO4XjtO
Uzp4vXs8q9DCBoE0zJxyUF2A1by4rmiH5r1kpDLiYNo2PFnqxo4TYaHJu7upgEXK/WC1km+mAsg8
JXOzG0C9EatgVK6RW9UkFARa8KRKtaO+L0NNkE6CaktRn4Gr2m2nNS+qANPBa5Hp12wT46K7ifoK
fhURbShTQgt5frx0Rst3xVPbi2/bq2Prf7QD4YT5QzRDqWaRLYuDRpD+cbc5cDm9XRRbaDfJf9Uh
2OKcY61lX3Md7etAPhqnqKRiY7dChPLRfXLdB9bL+nDOHHfrT8z2XbdrBGa6+B1LvdFI7TetAgSl
U7fmCUHH2ja8itDA8LROS7gkYv5SEyXmHHLIqqM1Zq8bZ0XTcd5ZuqHSOJZoTEuOeYgECjpM8tmJ
GknR+hmr1AqCX1tsTs3vb2Hi4WJffoFsJge2vxrwn5d8W7RWbC8Lg/TCqXi55mcV8fKoaiAypPIx
bmy5T7hDUNLWPuYj4U/lhsVOlaPMUrCX5WPTxfG+kFf+HHwPdCdErKCcqLhA2VE8ii0MPH9OLOcc
l/tDwMGTNpaONAFhC9wbZg2b59gIARLyG7BDcQn2KC88HDiYas8l0SJcIj9cbFtQRG3o5jRFBjy6
g0yJBEiJiqwOZYhoPQxOUlVSZuQ4r6ki75F/bDKw56hSVdnWhgZBQYujKg3qRdujoZ3JllfU6EZ8
7GSuAYacoeTRY2R4M90YWNzbdvgIWWx6v0WxMDmqKJTU8kiXKd/EVItUrLxBITT5y3xL0Tw67/Sr
lNReDlWJWCCQWxq9XCrh06RdTbxEfkiubMCAcfBcGZyedt+rjNr3eKiDsFytiwyJaKDXNpFyMd19
qmy8/PhwiWjFRDMQfxncdM5sOFW9sYDto5Vvk4Cu69Ppk2SpdfAeYl2aPk0cjbKVqGrhYNFevLVw
SA7i2tI0W9tCessUNY4tl7XJBDJVS2POCbqu6d2UHh9Yg7bGBVhb9dRSTMhwyUzVSDd46VWlcnAY
6mf911PoILfFUFuXsderSmixsdUg3dNZ0+JU5OEVVnnFIVdOVeKVNo63s8Ez7SArpzd3AeMCY7HT
5d/GWt95JhCJ9Xt9O+u5cF/0JV1e5+AQR9sxI3PDA5q/PIPC49SQpcXpdUvys9VZvJYX/WDj5pXl
8cMp6EdfrJLzdyW0rH3HWkE39lgu5sGX5iZPN5bnJ6z2fXDX11VYbHfGz3/U/OdH8/SnM/vNh+0f
mv3/hiL+d47h/yCJsrFz/C8rM9N/hUXk+L9jEZn/D9yokom9gaOBs4WdLT6dvICsspysCBEjPRM9
A8t/BiFVFfz/vqMiPhvD/30PNqb/Aq3I/D/Qiv9f/MQatR3XLWH43r2ydK5iQeUbyVQTW09JCGz2
guYIOG15WkyCNQtrFofk1+C3gxZ3VFO/3gTkqYojR8eDGFdX19MsO9/XTN0llpLvMpmMxeXi5ooL
N8vziygsmRUYi84K963baq6CFL3SZscwtWZlKMmkQNprgSO4yx64KRAoq7hMi8zSzd2yqUWaD94u
aukBtsdWPeqbRSnNJLFt+frR25JZFLNjlixTPmyL8vLV553sx0W/071sUo6ZtWdn3jWIo6JTqM+g
wg9HJKQghBU7o9d1+eXd4WeyGb/SIw4tu4dm0FKmdbu0gV9qp1Oqt6vqN0euajRqvOZcFXI7n4Ik
iQOce6kiCjrEnNloiFr0K8gGqgU+hpk9r6wwc+fPxvxov6joRgs82Kqgg3kJ6SYNxqJwQGy+Uedj
+w/4JFmVZ4b+FotVF6MGx6x4U4K3Pw8odjr73gvVu+zkRC7bgtJd/gU9AYTlcF5wauttR6uLMPUO
rrX1y+aHHdPUZGSf5KkqTEM1HpjrTCTFXbVtXTtQ43XAVMCZdAUP/UytU44UDcaMzESPU/Y2vfxA
XqTkBzuN+eZrwBLteg75PmDv4TpVVVydSGDODQHnTDufZB3g5gz1zbk0QGhYSN4VReVml5VdQhP/
YxFse6t7EAJ1gs9C/vwQ8FjqdVIsymCl8voaI5pNzjqsdhgfs7rbBmhbFZWYrrfIW3XMS+vLx/v4
c9ileKgXcXcZPjiEAiR/D1C8A0UgZQ8huUVhpeetqnhUOiCl2zyMQfrxQ7J+sGCNNSnYqJkEufoD
iOeeiPsKQ91g764uSwdUxzP9mS39dRJXfAqEvuNlV+3yGq7VLK5xSAzBHtUFkmgfpDeoNyNHFTmn
tOowYaf0qs70GGEkAv8imu4L/AcTpe6jEeqM8D3JRAwysJEpELl/dfYx5kMF8ayUgMbvPSb5Xblv
6OfRry63UwVMF+qE383+D1rXk+mxe9t2anS+/7DkOpw08pKvjuIeLQyxcQSJv0q0bq4bikq2jo1k
UHkZ3N7IOF2E9xw7BSUlfk6YV3iD/uFRAo8H3CkKeuv1WXWsFmUWFfNuheEYmTBK/bQ7gnOFmixO
e4pLok1/miyaDEAMwvWx2hfyDqKq09VLFIpDdQ86jB+qccKd4u+v28IHj/Sh8NqWGbqprLzQDhcj
ZKfkcH0x1eBQu8Fhadw23U9hZJn0UD8XkchhjcGY5V1acn1/YUL1rzxrNyi96KxV/qHa8wXoS2Fb
9QH2ypNHFquurobq+lVkLISduKn+6n3kyHhVb0ek2ov2QzylZTW6ub0Z2VeH9TzvmcScAox3ilLv
G0hNBkCrLXpnbQJeOIqhaoGc8iiKkbrARuV1ntynyGftMFskOjzn4ewmOQ3V4eHmw1HgDOVmXxkW
k/GhxbNf3SqpuH/on3P/6wPEikj9N2DpCAcMaGCEikuD+6SlDIBiI1Ovw9/Bg6eB1bH9AQYZmel9
HiIdoMCAckvbcN9MdlL3xsQoAgqFjuleSiiQr2N49/wO7Fp/Of2ScbZn9MZE4Hduw3WiEYfXRqRy
nWC31X0eov3IaNYcGqf1mqnHx63HaMIB0gpG9PCrHUhpco1NLQDJ3OMWcgZKj8CymB/wdjEV781d
8z7vSOKtjwx1f0JENxuxq7HKC7VHb0R6oa7BVTXyIqMGxrm2GxL5r6yDwDNx4mq4SHqhMy45bYDg
OQDFM/gcbDJI4eXFT3j5UOa/qO3M/7O4MjBysP1vI+P/UXGVPexN/lOwDcz++9fRxNYZ/3/UaTpF
Eyc7F0cjEyd8tv8BkKYTsrN1/o/Dfwz/00XGxNjiPxcbd0it/6YhDIzs9PhsjPQ6/61G/69YLP9H
LHlHOyMlE2f8/6iFvLDof2KbuDvj6/y3fa3tHJXsDYxM8P+bm5ATAz7b/4zoxIj/P8jUvLz/kYH/
xP+PBySdsjIDLT3+/xCj/ywY/7Ng/N9u/0dw9v9CWjj+f5OWEhWZuCV6+J4vtejXY+zMmB1mmVh/
+HAgwxJx7Hlc1QESKBvzpWvC/4u4dwDWJWgSRI9t27Zt27rHtm3btm3btm2fc4+te/juPzP/Pxuz
E/F2N/bF64gvurKqujKrMjsrs7/ObF+En6T7MafN0hq0Ajye52meuL1HGVdnce7JtzLnjAUls2Xs
dxncnd4NasuXYvO9+i1PNqP5zSzMGp2HTM2GQhraswUyy7xy3WwceI0NT5ES8wxKr1wqabMHj1Ua
5wHyxi3sGlafYto/06wglQ290zojqB1Hi1ejMoCFG/OXmQ+Ldo+ZS0RlnsJtLjVKp+LL1O9CjbYf
wekwFnhIvQ1knFdBggZfGKt5EPphk43Ocg8r6lZQE1FToGgE9Vhw7WXvwD01GYhVCT3OagHIVp5y
w943lA5VRsNjOvokF04piKEIuQlCJVGDSYeyNRT0SimqmuCezSVh6Xh/yAveu+r+pB8g2uH1u9Oe
sujhKVkzph++xkHO4PDuAcnSltvwlAm56lv6Q2PLT5/LqFtIPnBSoN6vAsSOChNtS+oYAYBsqK37
z7/FJbHZg7AQEl9ZlEeYyM3nAZh5zkIVQlP/OUBuydRFK6aihyKig0K6iwWlrGIO9HZkgrDQs8pV
I3GIGGARJmkL0mz/nBeTcxAfXxuuRoaTJMI25xWnuGmz8QZhbNMiHYSM8XynmNBA88b1b0B8/jrR
C4mn1YaIIS/w5QiV3OA3pHnc31OB4QuBBV9cCDDqkk/uW4y0TOA8/+lDVZ3l5Yntmo/S9ewk6bnz
4UrwFZorZobDGxtlyBlLJuwbygdJYy89+l0vsbK+g4jFYjcDC8pTDEx/MequDgFfk/C4PzcEPpDh
IVepXRpVQhfy+8KkiX7/HGDU6hcDEhiFETS7gMdbz1A409BbKPknXr1bbDzBlATEWddoWFbQPWoc
/S510M8Pl+6XG12sOiHhiIgmhwK1HIsPDRQ6FLPysEEDrlFuwNInmNKbZfwxkyc3uNj57TcQyfqG
73+jCP75AWt2hn99LJ6d/X9TD3Aw/Fc9wPG/qgc4GP5/1AMc/42JyfG/aGJe50wtGo85pL9+ocgq
FP4QRuD7vLvK0ZNqFiAQdysgIOpi6I7fCRAj+bsDVuwD/2n5pPnuna7mcun08gcsB0VHEw7IyK6s
rqzuNls937v+8fjp+gr4kR07qc+LC/u63bv5+fi+/CLvextq/vmE/7D4CZv7Y/ZzUuUyn/ZnbOh7
Kv3z5HvnJurr4Lnzpw0ec2vMG3Fqr/TLO12EnzbKbztgl1+3LAL07ffnEPdPOvHOgZerj/Pa91ZA
zq2jfN8RBhBfLlbkXN/mz1fZx2Oi/rfXrl7ch3zfpt/DedkS9fG63/vIt9+VHp/PkCT9R9rezz28
nYDrdp/3o+kP/2vet+MPfF6jR8VYKd3U9EvdGOf3k8nnuWdNz8feumds5967Lemb6aXo7PWqaIJW
n1xdmtUN34979svvy0vndty4Lp6xhpyjk5/uDb/3y+37j7scKMyfHpqPpe5FwzXzeze93g0/HJa3
tpewub2bvXrFCaKQizjYl5vr2y38n3O/Mf4b3V3fL9m8r5m8Lf6fl1e7l7HHS5ufh1uEz3q/P8r4
yciv9HaYju68t3rpR6BXh0B8VxyPjXhletfsNKhae2sz3+LcqnofWW6XYNx38j+LsxvwP9iufl46
68dZO84eOS/0udYmSa/XDxukcmWktgm4t/qjfftIZUc2vK59I/J7zzY/gcDkKz+1OU15jTqmH2Fx
u6yOPl+tUYPi13p73NdZbjmaNld5hGjs2/NfiA9+7CWtV5wzYc/GX0L8P2md43VbSnvd1zRbP/Pf
NXZ/osDH2SE3ep4YY7Cu+/yCwWI8HvpeyxIfPxpcb438rxtiz7rEUZ86sn8aSIQdXSn9f9KaTjv3
nrZw3jh/KmwaFN+r2q7l9ZgpWzak8tk6jz70/JLhvmDMOxUjajPPbmDSSn3FWN9hKwnqeor88m26
Quu26LbwurQdTx8PnpMXUzTNcLt4nchH7fBvGm3dfh5Gyp2BdtTxHfd3dgLsysjTVpvVtvT4r9d+
Og2yd6YICPGFrs2ojpw5Qybf5Oc/fj96pv8FH+nEr439rMVtXtcwKdfZlok2uzHcWDH0+kSXwmo/
lR3E2NFiROz6LNpHvf4IGHDRpj1T6IjDZHKp7fV8emgcbXlc2PzeadPz68W7mev7OrVpso0BiyHT
kfozRCXpCbv26OA30jBwu/+TBX8Xx6Hz8x5m3wvXdWeUzMlTL/99Dy/+c+LZ0btbG3b57Z2rm/an
eq9B30sOmqxrqFfbYOrTs1NXHppPNW9L/yB9v00wx/6xdOj53ZPrXAJHrwy0qmLKLVPXjCcL7sNx
zWDqybN3tg1UxOcGwKvth0hhDDL15MWzfdeeXu7x8tp19aBr53TthAffDTe0S73+y6OzZ/f0BOKB
z82f9MH58UXh8JnpACGn9vPAkeN2/Y8BV49uHDWN66/6o/Px1Tr0hLYOYJljz/7O/q7179sX8VbP
boLr2o2fxFcNvl+fSy78OXppUzCKdnXItvqVzho90Mtxu/WK3Sdpcb6f7H4fST8PG1Nmdr7vG1NZ
XyefXLd6vi+PcXp+gZN5tVNApV9Tjwd5OHxeTaw5Psp7HUNbT57d2qdfMMi4dTPcWG0cuN+ruLJN
W91b/eNTe1JpO6l0Uw+eHAeyl4fZ8mGllipAM2Pb1SQ6vtNssZIZO1PyfO9vT0vwuj0ek9dqcO1x
aVvdfTkdqR69KZ3DFrMner4oa4zvk3tBhdvPzhn7ZAl6ePHI0sO8VpPC5N9PZvxp/VVqb3zJPDt3
3ykq3/adMk5OT6tN3p8Jb3r8f/qXtndQzO0eIdHEZPr9PIZ/iuJ8XzamDDQXqOnAGBg43y35jmb0
0t34aOrKjs4Dm+cE3eny/8FN8nTgIajiGRkIT2kDFZN3+iVYW17BYw/O6zrw4FwOxEDd1CNHG8sn
/4fOq5+g9Ju+Cg75AiXFmi6lmrIvel/USIvNnwt0nRapny1HDuTv4s9pEGWQgoJyg2PkzBPv7h0E
O23sFy6dX9/t6gO50Ye+qoAHbpUv4Y+BMrI1/PFgX6jBHLhy2I46+nVDiBhRc2vKFGNDmBZc6Feu
amW8hx8PdUHh6BJunOCIHbdbMU5Sa0uYUvK/ARp8noZcAueje2XIASjExDhk5+9pzvCSoh/QtQHZ
+0iJtZBdh2Fy6yXLLg3ZCpXZ1pGFefzBen2HX9YcAd2Sj5OR0MUNhbrlGH5CmxE8HqJfl9Gc4869
dPopk6RPPJw50+Hr2iw6b2YpLqO6o3GmxYe1GBFYvF4Dbd+RBmPNlPAH26us4C7zp6j/FDKv17sx
mo7eJJxB9ge8rXtEnZnRYfZ4wz5NAdKZaATOc8AM1XU0Fg2zHjRBcvfgwX065Vsx1ECr7dXg1grO
eXT099q/gbma0HXQGbDnqN43BIWgzJ23lu876sBCfa+dh44pLOKqZMpDduk+vinZ8l3jhCnBeKuD
WGY43gSHOsdQdz7i8Fy3v304d3msQsPBBZll92Pv4qXT1ZUxX8C7+IYkmrE5dx4oi2beTOLLbY+e
h5KzGk2bCSGj+AjWPq54nFUxbwGlfaMx8U6xoSvL6PPnEjwACF7V4Ux5sF54EwA26jNzlTIzdUyn
TXXqCqDFwDO4jrhTzJSfTHpefXaCXMvX3c2gQvzmxjGloLcd5YCnyuPIY4/wdURx5iLRz0wI+GU4
q4EdBhJsQd0FRewe2A8aNQWHpvbAKInzPEsSMgKjHIz5zvZY5MKXp79DuXwcQnuRBXy4XiADOjHj
b2tSvM95BgvRkFvHCoWAhjrvCOniearL+OjffnmiUGRKRyjAEXYGSgcFDwywANhdWArWnF4GGly1
VVZBNXsmhWBBLqqbT33BTY5UwxVJs9ZxDRXfTnAXPD4i4k0hvrOI0H6g0BcdsGYI44iGnUbHCR3u
BFWfRQLWioQwHdYc9UshmmlwQocsnJFBNDrdDh2GBjgJz/HT4bWDQIe2Id+XA2MiHBSfEDAtyhIU
Jw2OwHM+eWY7Wrmb0DDvjwhBPx8dsxC634keJz5V+AFsPvna78FsMX1q146UBVsAVCbBh4n6GPto
4g6s3QBIA7iAiIc6W+ZYe61ZALpP4B84RC6r6XAegHVuBns3explsV7hXqwQcbVPJpjb5p9nN6cG
W8dEGEh6Mt3b2+zucM2RUWnUKySvzPvAQztwki1aXU7mC7yqfrA1P3GZDdusqT+t3QMa2yfUm6wU
/iYShJ35MCSQnd1y4tkKRgrWPoBiCIYP6hx8DDIM078dXGHWf7E3UQqi4HFmIA8x6o8Wv1dBBn1T
pR0hQeFcO7MgaBFSDIDa0aUkFg0eT7+X4CZdXKdbtifbCmXO6tgG/wLkIhA3l07ntS5q+GS65RKR
XnKxjVFi1oO3hbrGTTc8mpTn1sU9cRSlCU+eGvtmQzVlYGNgcAtVAg/eDW5BhX+AeNBzX9Xe5nEI
fFEfBj7Bcsv5gfsR6uXDpg0ewb6D5mjiFAnn99cDQBK9AByA/R4Te+2j8oV+4/Z/Vvz2ae3qsocP
cu/6mZs6uWqDH5j/2WVBj9bw/ECniJbSNRAJ49Bkl2V96mm8BzOACaJ1cPhghVqHZexHvUh3xiwl
Nn4M1KbPDvfnmCtSSsYSszhXxAiANMIwgmLS9out1Bl5Ri/1zWzd9UyF7/GlTV+m2QqW5MIhhHM4
NSYJYYBmyDzZhkobSOXGA5iSRF0VIGyQWI8EhgZrgq8iIUjfd7QVo/JGo4GVohDF6eozUgJ2VsMQ
BPElstWwbHv9HYDrKkZA6ySCk1HRpQC7h7W3d0Ll/HM3EQiDJsIcUiwbLjIx9Rp9sxeEa9unH4hf
jz/RgVOaJ1vG2vlDmMV/UKdn98jryURoxqSuevtxn+VTIqyhcpeJYIEJOguDWQY8Uc8s5ENGHjCr
4CaP7LfKfs5APQbLxghnEidl56SIgSumZmCmFuAnvN7CjPyC61D8HaFw8MY3Q43jsAn/GrsddoIm
xwynPUWrLZGutG47EXIuVML1CYJke5Vx9x3uh3AQqTiol6pLkWmOm+Qq4iOJHC0VBJoDgWd/ZY/Q
08UwGsw6j/GMXI9tWr3k3r9WuNWXncmdbCEf6CddeqpVURHlN8xIFK1hf8ppM49+Twlhti8/aoHM
9YRmgK8qiqOwmCQ0+EUSD+3WYCpKd0EvwcgTv2gV3x2WpRtKGKx44anlWDW7CGG1TX91Y7quZzr5
LWVLeD5BS8LLSRNP3PzCZoso5AZ1NHho61hOOxFiXXfyoQPkm8xL821XXngWiCRzeVs4+RzeA3H8
I4JCCUPOYQeEAVhIgBTkgag9Sbu9iAiW2XTmTKR8Eg9LxoKkw5HqpE107kwHi8E4kkKwLZ1dT73t
1W+KI2UgDsuDWOlEHg8Cc7tLNAcWSl+pB84HtJE5lSfbbat/A88e4DT9KXxIDOT0q4kasaSBhpE4
8nn6oXgr2jRKyRzSYNSK2hp9JV3L+AgjrJbrPDGBS7e2IwWYEtpwPvhAnzFSQkQ+RnGNeZcRYdz5
sBxNerYcj+Ur2M0rhST+r9+Cl/i4LA9WqDvMCABETckGGJDWjFAqIdEDfhUJDiwijuQD9gKcxiXA
wb4gVr0m7vB9Usq/yIj7PKZhqiMPQR5uI8QV7ovmzOwaHYPthttQzXEpFF4EQw7M6iA2HQQhLhkX
5DgQZIBSYTyD8Rp0Chl+rA3ISOveqh+FyIysrnHncIJFR8KBN7Ns1HvgI6XiFlPNr6VgUpgvUUtu
vJoFJ6HNaGRrn2CxoTUJLvknSfivpgWgKVClJBXxZ02g4DpAiDpNhoEP/pSa1iTiIdcyDKkkqMCw
H0yD3gz+hfjHaLtkAU2fdWUEnQ4WCNETFysTLuBFrnBHCCuRoBODhFmSnZcc8QdggIz4SyAQhQgs
cQyHwGw9oJDCFjhBOZqzLAXEkHDwl9lFeiwHgvy7G3JNAToo8dUZUC2GqAdn7p01pfk+lcJ8M08Y
dnnWlaQBjuP3H7cgJ1jlerPo/bp67lq//OWo8b4mdopZVK6CGIH8YY1HwMuoJ9TD24GTm4D2zYg1
Zoc2L5hDgc/0AMe4PuoCrjOHag46JLRqAMz4UwLOw8RgrjFRPOJwLE5ZCeK3SS83yFA7E62bJBKY
KY0SyJndWygIKZIF7KsxDGbYbRh02g1nUMcwaO5gF+Gm6h++JGaXPk7ejYNc3nzALPMrKzgAFRAH
QZTsaZWzm8kpk7yBghZQGLiEeK32ZBFtgxDWKX1E6A69lr1rECOrPrjjZCXCRKBj2xWqY6cVHwY2
alb/SrtfMhY1+RIEoVDSNGcszioAlpSEpaHpLgT2vOssmPWQsSNBEc5FXNeODxrUxirNrJO0BUbg
MuX3W5Dc/bE3sS8Ihr23LzGOXMBZ5xn0XBoMNKC/EbAe8gU3hCGQL93T0EpSQESC46W/bRCWvRiU
CPah5K01bygoo/uyyhUjbRelJD5pi1FQkU1ov1l/dIUgSsEMoIsZ3z/Xm/30TrbjX/hmAGyepUv6
njGTicae5KZb2dIRJq8OfvUrN+E0CHUnNWbYIDxEO75SYRMhFzVLAFhMoZJo+PNmBg7MEExMHsCn
QjdfC4TrIOShMjUKYI+U1l5IN5CX8ky36+LeejUCyPFP0hWjs1JDx28ExoIGfJ+OojLdhU3q/sjZ
cNo6h+j/gMOktzCYNoClP9xOAKf1k5J07IsE/4bIhH2jp9P46qk4RA2sB1EnAWuWSw+75uRCV9Gb
fB2n21Z9JSfahaQ0VH5vbD7c/o1Ox9/7Pb8agNohecqsdobnIU8/f9zYSuonXTXi1SYvFYqqWeco
H+ftFWpwxjbzYtOYQ8JBaRIfziBN4jZNvo3AkyZcHHGz2WQNX29xwT5auZDqUpQAFvYjk4PiwOQh
44RcH3QouwLGz4gTgd0w7ThyqG1f9ltZBGpw1kzmEtRC11Rpm0UQkBvnvpD+7GJEhYLhBRxcx//g
QEsFQa2WnNXBCpFLil1pgsSLfn/odfkMQjhwDkWXTpxHtiWR4SZMjVL/LVP6CUn/y76Ro7M+awc2
tglACHwD1CZuZ7xnP/gcUuesp1/uWLcY8Bx5a4EunaXU8Mh06X7QPsEI4yJlxTY/aJcMDScsyWHE
Aio9hMiAIpJaypIZzkQYyTYKfizItKV/bY2UWg6Xc7Tl2mAaHsv/HiM5KTDxyCFCxOwMvDeFZlXZ
1lhB/GFgl+R3XL8ak5YIQR6QdQ+cU9ajCdCep03CnumyZ0cqVbVMjIyA+9zNcCsTdH1G44OtMZX+
/Uv+Pd5wlcEd3goHzyCQ4hqoCObtaA90keYgfxBsrnyfyHrG+rkQOnZTEHC/K2E5FAajjTZmh9ug
WPsCmVyUYOHQ4II6aXimXG2/rAYrouthpiGGkEAmu76PajBASdtGuODdCc7Zpkpj3xOpUKLByhJk
V1MfAtSG8xgbAM65Iky8JZ0g2DJcoYRufBDbnVDQYkyyDz4KwjG5HImtj6v4xkhy0fiX02S4e0Ek
wyQj+8jU2+qkyKBpleMbQl27H6xYCqqlRi5f6VsTiNDtrshgqxNspld+fL1RJdxoTl0D2G4QnVts
VNHQr8ySwHqD+oDVdMeQANjBef15fSTZVcEguPb2etIUaGopInuLMGJxe+Iv516qgHYLs05tQzI8
Gq2iztBkLSJ0bMZY9JBaQUhRszVZHYOa6+gwB9bfIxzEJs+IrG6a8kn884rL7oAHahklbhhCxZFc
yPNFukflUvBQaM7DjqbgOODgePoPj7DquyrIDMu3jv4yZpvUJPkE3VZZCApmp95BUmTYzlqzzmmI
5yDkhFQsnAjz9Gfy0KqzJm7qUWX9s1fk+mdASXiD44SkfMtArFx3BulvfVhpraGx8SGrG14YkkFg
TnRv8ZmYrwMuBSieoN7ZC6dpwTMPTQw0qkEGfMGCgTQWnroX1PEo64mg7gbqjrv7wl3HjWQkZ5k7
MisF4ptIYr3Jqqru7NyE2s8oHjwGGOXbOluQr+EAxzexro2c6NeV9KE6gc3bKoMQ4hA6/gke8BcW
fjQSwELqoIAwbPqioRs3eD1dHAOwYsaCd4pn6ZMMKYwNSdT9wWdI87AMhgjEagbF2so3WGu2Bmvj
0FBFYOR87V69OiW4mXLgVAbpk9c5hLQ0BxaMBBYRgA4agsMK5vfpk4R1x1UhOQ3yoMSNaRSbxNrQ
aQrwRwXjrRISCqAYAzqDcsoVUA+jHAz7j7G/+H9DGdlKGAyhD9JcbaeVm3TV54OplOkPZZrpiqJW
LUJZ45rKchFgtC53Ht8X8gxNLzUki24DKEFfjfevY6/+joxFYIsuMqTOmb+ExT+OCD4k2EFpIGDE
NXpiEfc8BzMmEw2EE0gRbSUT2OQTLHugx0llKA8ZiI45XlagPAvcn0XFbRVwTU0/OHHwXkaEVWeM
TYw4vcBzHW73lz/J0VxZnMR0xVbFZLiYqdg9W4UvBUBTW3TAyG4XgaleRfF+6jQnWIdm6NweCYM4
EyG9EguS70fzXvcfMB5Fj71kaJV3Ut4XhgXDv8zSYHHYDonnOQ21eOhex1vps0rnGjxy9vOZC4f4
FcRhV4R6ZNvMb60x0lFwCB5Bzx/xXaBQ6gG3yqsfoDB9xYl0WhuVYUz/AjrI1oLuU+2v2AF9aprd
NkChdOMh3GFUj1iUIkt0PLoFiL3LWrGHwKufDROJhZi/rz1AkuN7g3vluJoL64SJLmvIdbcxVEzM
vSUnqFDAj6cFKFZHeOZfAHeI0K8BliNOXqS5rtrAus4bSqllrH2j/2Ta5pCks/97413H+DyHGsY5
IcRuqlMkemgGPlezLTCG+foMy2eKgpJGd+BpbCBM2sKq7UifFD50XYGOBmJUEgNOWRKhqP+MUkGc
7NoJlAW3OUtRfPXbaoV0tAALZSZ4JbajvDOSB+NsHkadSRvuaNsZFJKoIp5aAiqJpP+MYBqVYW5h
xSysTIyoLBc2qNk0sz6QE45UNFsYRLm+mLHetKNY+QpjfXArCcPMTvvuw7IzUC6ANoXN7/dElJXh
JA1fF7zHTjEWw+BpN3jW9qAvwhtOIXBtDDA2sn5fJjSrai8BG4Wk97FTO6R+0yBhtSGVAQsma2sS
KjC+Fcyx8YUlVsFfW85F0h8x3hPmDIDQEJIG10N9vsYW5SiYMXb+KXF2nwtd2s5t7pRqOvv1sqKq
P4zyY1TbFtu58kDlPScqoCHpeNZXs9tXVVMpRIMxOnJYMnM8Qr/JUdXBKpKoEzasXy56W/sBmSFX
KQZbbO8cYbmcZEK/kKfXpkcTf3eD3RrxHk4s0iBQAOzImBV0ZAKyY21gFoNfGQVm3TBlqsfD/Evl
idmT3a1QP8XWzjPbHcdXase3B20BsXXkvde1wBrgKN7QHVHDaQB69EXfHqdKA73AGOZoHndjePqS
ZdEPUKvHW1+igS1SmsTqStuSTwEqL7r8IH74cWODdpqAKCoPayiejY4eCI6ElC7BgR21ImCC9SNz
RomAMtTkXduilQZhA8N6X3iVdN0nhBAtbdIUA8zIBXYFTZnNFp6lHvitPXW5fLXYuoj5AThZS1DI
YwYMZkdNkDgCNZ39SD7aY5tdEpML3uOcbYDSOW0YSabBViI3xEqS2J9SEByR9UEhRoJXQgGyEMLT
ARMbJg/U+U5t1ltC8MQMPNzWYwLYTRioW/lBaVi4qSRLMSDeYJ83AcrOPr6gMWZHyuZRJWKofF7f
HKGJrMCKY75HQpn8GE6JLvbkpAweDj7frMmyGt9n+Tm1r0xrlLObvdocyS90F51SVc7pDi+S2UBD
coW0GpxieD+5l5Sh3ObXcEV5KQS4fo+wybi7t7geT1kMjIduPPxDOFHGFN8UJ4DYpnjDYamj4lv2
oIsAHcm1IWgUoVm3TUNK4qgFjxg+Vz2xPLLhNkNa63T76KbkVXvI8NWbZ/CjWAHRAMIEiMGTxG+L
muXgvKjU0I5IBUxYmFgskVLwxal9IfkMDgKUuf2wKYI4dChiYbrWxovuaTRH/rNRSPBh0nbbM1uO
eionJS2GtlZoqoc4RriljmBe4sDmy4EOin59senkmaZA+2o5Y2rsIKBAwQg0Qia1FlC/fohwE00T
VhcKhofETcDjbiTefjjzLoG1aoqEGzEwIYbGuPilwpkrKwEGAFyKgTqGl8CyuNN5Yd0WvDQxDKUj
KWSgIL7GSXvMU0YecIbDle58Y/G7mswWumyHKjAwsWQCbsfHdq1EKI1Qyf72JmOJmgYdh/7OZpLo
DnfYc+YaZULUgys0XCALNzs6h24LgoOojGa1gcIub33UeYebZvO0B3iThbspzDUjmp1VgVVx0LJ8
ATHrDDMoDfw1IZ3RBMBZ2KVwgWDkt3coHa1+zXb6hgOGphu4JqO6WPAlAeIhgwppYsBHlDuo01Fy
1GhhhrO1+Fd9rJ32YFoRfEArKfkZ0TzoekLj27d436brrA4VxAbaLVawkchd9dCU/FSLC854WIol
Exitp2MdIqV3Thf/hAlF+UuvZgNTI45rgqKMlggD9FwkEC5OlkZuK19pVHl60WhupPwVDplQ36Jv
99M2DPJoh8+A+vyDqQ77z+yORFR8rmoVQgZd46wHRoqZLBA1yIoVebDSbwPYa+Vq/3URXXMJ/BIh
oA2w0Afo8IP0ZOIwH4i2jWrPsJJIzR5vleUQuH2BVR6/JyApPbyhKcJKZFzEj4RVbn2IXlET/bPk
aN8FwGJpbBjJhLgCJVcSjhshuuyOeMGTNCfaHygoVFTPKCRgStACU7maT+V1A/o3tKIN5sHZs+3U
Jpmep/GMrwRT6COT5joVa4IUZH95Bi4Hpge48kEM9sFDXhAnizTIZ0E6Q6JVNB1gwfKQTpYsLR1+
fQ3rWoWuzQdDR8YMFOSp9qAGThR2SSVQO1grGZNEjEOmVQQxjVJ2YXpQbGBuMWGs6nUl535r0Hju
uY1ZM7RlUgHyKLNYxxZqKzZ0vP362ZDcbvx4qvq5BF9R/X1SLWqIFtEECGcrV+gjiZqZpUFxHv5o
B9qqSE8rTzQH8rKh+hV0IjsLXIBDQf/JkXwPhnTH3X5FHehCxUZAxTxKZg+Eji7s1Pzog+cOE9WO
6i608vzUnjBT5M29qX1M4VjqKqJof0JOzhoUOaYVf2cZRlhPesbnzYcEwa0a+DkOfA1mOEKSBVSt
iQ5sfN+RsBNL0nSm6vdndCUAxrboRoZFQIuZRT9gfNfyFMVJaGRXpkdiyHyezxldgibOxuAQcPLq
NMvFKmB871NCdifU6WVCDuADUq5YGZ/Yyw8j5TUZRXs2a6STNsJ8ALTQPf/A18iCTiucj6EjyZI5
pINaKEtGsLH8fknCDIyg0c5uwmH9RiBpcisOYtuOTxyDcNNEKORyEqyo/LVAmpQKEPxMto+HZQfr
DQdzi14eIshpqUrcYAPNo/b+s9rmG3B2ddFgJiL5i2q2QHh6ttNKjwyiaBQf//5Aa9Dwc4euckqp
AjrEHb+K5Gk3zQugUL34MyVUJrjayuM+rCX2RzcGJTfbuNo+Jybmo/rPRDtS1BA964SjO3wlXU9a
93wm1iOKag/s5a8lrHgUYtDxk1p2kZ6M+Y1M/fZ2ztl2iEfS6DHZipSAPxcuxkCniR+MBCWmJj/l
yWu0cRLIwxYshWHj0GbpdiWOKsfMQTMQfSEJZcEUhkO+ORh59ZeIqBTVJY8KNKPPWgglsyAzqnqN
5ElSz6EJAQ6+VtHm4p05RqC1aOjc+jEdFplEa/G/xfUNx/oh2M05/UeX25DQIgCKTlgDTWHxjMfR
LlMW7IPQpqpIp2eSJgqgsI7kUN1VSl/ggmHlDCy0FYMjSWtTmIJGjaVonOG1QwH5CZ2wbZffyJfk
VEeAcX8t44hhWzE43oBYKzG2wIeNg4XSVsO1TvqDaCj4z9pQgkDKi9k1dckZu06vIyh2rTwR8Ijy
00Kp9tDnMK0JaS6ikKxDEPvg0xWZxxS6zgJWgFsbVO0ahvSD8Qt24KS24WYLuTl02XAJHSfnWhqY
giPWBuc/MTNEa1+6g80j+v1xHNn51S+AW+7jUY/hWUCqHtJiyMOg1NX4YQkpQZzZDbpn+UszcW16
0VC+2MoYTAkBV7eD9xFh9yU+2VDjeD+kpZLrjGivfMYakrbVkEhL4dFnk5Jl5emG/H4+a1v3Tcni
ORPg7F0VFnoVMgG3R1D/irhn5RS/30WKe1wNHlHjaRyCGD6VauVT/y1823CFf0F0mTrmEOw2zRkg
Iqm/7a5ciom156x9E+8C+cIkt+TEKFNqBd+6FooBSyhaRBEfkxVgsKu6ApU1v7kImrw01QbE9H1G
9EOsuRINwn+GD8TeiYsFcRgubD4cftelc9tad09ey5Xtaf73Kuo+qGTzhIpH6pegh0mWbAkRsMiA
XElJFGBcV+1uVG5cb1mPIeRQcKGiTFj8Jy0GLhtFI4zyIgl5QgAhQcqyOLYiiTBhUvbjwl//SIxQ
bbBP4sX6Isk+QTeXBUgWyF8UdLfik1GrwZ5UEhuUixa5wngrb5Njsa19G8GkXzww+ZMCBGO1pCia
ZMXU7Vh8IXQBYWVWwG+zW+D1vjqFCbR1EWQ9hR0VexOw6Amez9y7fbgJ1WtfpXYXJOKeAFd6f13C
dVwlRvYKxEzsucOTuXdV7DXQVnWM14KnXB5C4L1HOyh1YaQy80Ptl5qXfEt/yDcNfKHJwUqjhAkV
rXsAR2BGOD1+GVSjk0beAcSRtHmFO8cR5cN4ECKFyXCohfaEgewEgFWtmjJTkHhpYkFT2AwivXJU
tOqSN4isJ29wU6O8JPsv6nj5dr/Eci0MdNEEFGesGKqZwl4Jdrt51ueDRp5ou+we1EYUXuXJULNk
B3jHxsI1lEWNTVrxcQcRuvMXFae8el0UOTPquwWg7dFzDUWK4NaUaUsmE6ZA05Hkhca7UYdjDGwY
6KLURSPKDtlbAiDOaCPdumsbtUkM9n6pNYlWGcJkIDJfkkjKUkN6EnJDL5QtJRfSX/6ovwI1tO3T
T8brs+aDNPrLuy2Y9qsmixwuDbTHPtPlhL0nTSGUspwO2iuQIkzs+9uQADGEgnXxHsyJq1ucnb1N
k7R45QijtqG4wKS1cczFzYZXoHmQ6h9wYlocJJRpHdjvK3ANH1aJhjxq+IUFAgmX5BotB4lc7UJg
9DVYX6OlqkQ2Iaw26skIY612dBfl6dmY9ERuW8xy6PTPvsmCg5UeIhhEiF6z8ayOsTXZEQtR8Foo
Y3QrZCOQQXwcIxytxXfLK/KFZ5UfPgq3pURVLkMnXramkkUSGNdxaiVZzQT9jdEmjzQmC7vosmUN
e/R1oYgir02/RtRi2xl0vUveJ40IrUToZuCtzADEDujqwmR/1W81g7OQhzpoxGkTGwTEqePKQq9o
2ziLHc8HWzK/+FlLUzgCGXpHGjvSntXjjyEtkYE+ySBAn7ZHyl8VcRgYRVFNeDxV5kNilzhzD4Qp
3h/hJZZoK36wo/EJKdZfLhQTM8DYJFZKkjDUNl7T5/Q0vAY9JdYAZrUiqgDkJUFgYDaLVRJBh0uq
j3SeAzfyVzufeDwhE4WBVz8vCvRmc1dWPsmPQSF1B05F4gn4T7COQOn8SGxeAZusq5GHlF7MBoX8
AtZhSbkFsbFu9b18pSbAJ1idpz+VemSrplt6wqxlujbw0ASy1sA9keIIRIrs6Q9T6dzY2+dD5shr
N/cR7XVBGbor+yQKzVdLLz2VU8iYteHQ1y2+yZpw+hxLlaPFcOq4kzoCWuKxM/BsXFWcOWod7PCF
1ONlaliDvk8oY/CKtJ20S6rs3Bf2+SXShFXnL8oMiHaoNikO0e6PYlckUfgKrHCLiHHTIk9DjKcM
jTmagQa7UCN9eG3oMW8MfOu8l4tG9o4YuBeQsDuvZgCXtHPvapMTdq2mZh3bWJ/Eh4nimj1XjNJE
5ombs1pPVdVCs0WcFTmF45Sg3w5Dhdii6sZwxFXdNpdBAA2mYdF2OGRmQevisMU06YnsQ9+vWVBz
i6nRJap/MMHd1iJXLTiZuW2mDcqMEUZlARxlnZQttEpsDJAuCPpbdCUez7z5gXNQA7bWCaQaFd8f
MxFwiOLkw/4Y+P6UWn/wbVnmXfekCNLK65ew4GCxJSYYGiTRmIucHBqUdw1UDBThhWKgxJjqgXKN
taYpsFXsUHgdJ0j/e2fp0BN/RNxXdhxQBqFkeSgUW5dWTKv/ryW+ZKx1kJMhFRj1C8Akq9OSdcWo
36QoFmwGLFHkXI9uSVJQprXB2ET4esPMMf5oEjs6lgIa0njIGqq+AIPsS2uPwI6yXNNWnQEo9BPD
HDYV8bKttaCWp8Bf27kqgq7x5C9hQeahZAYIuwjOMZKa+ozFZBaElUdSuTLCQopsFw609cmJ6mNi
mvCARUIXSBQmSlilfBzEgQr1dxOjOBxH1sBA+A9KlRcDKCzAgraKrHMrRdwt8Jk/43X26r/KAYfR
QXbw17I9HARIWGUu+pdcv7p60CqBrDBHLW8hKxUgID9Ej83o5YMtedSgRgmEjnmrAMl3oxPK3tox
ds2Bhs6prGT7PQ6QhfoVMFuTOGOnQUsRvQkqclnwrX/RtDj8Ng2gG1vgNbtqIwPBCKthSg5tXYGd
xHqul7ajXuqx2o8uHROG9pYo8xAZsodK9IiVGBmYMWrPRSFFYPfZqVujNsOJWsmKYyUV8Bx1FXmJ
RoyMHZppf7BhfxvUjYJHq20GpoIIMbvQ38G3hLtx8bvkVMhyXyvFXX0EahpKd6DWKbc6nPTCp/7y
F91xkYFSGSS/Map1AmA+x38V6yFYMcik0U8nx6e2112h/oOn7y7P8QRa1OOTRblvPeyo5UuZMqUN
oTuhrp9xAK6WoXbII+WWoWobcYl2ydWSYhcNjuovS9SN5DboPo4/JqCFrQfG/Xif65xizadei7Em
JTIDiYMK4mvAQBKgJ91H3YW4BUwdIFgmrrmQgdqZcqr+qUlY/AvYoNhjSdVYm+Q4QBHCXM7qtBuc
0cTWFNOf1cG0r32N8rB4WWmihDgrM9/71nX5ehmiQ5hbRdq+aLueCmX2s7d+ud8f5km4Tp/VSFE/
Y1NfgxujvnK8GmS/lnFI90qKS9/zlwciUx3PaqVwdNfxmshJF8PBrI1PUP/TaD87g2gHzSAWvwvb
6NMDF2vqfHwwI4al6XmEvy3FV8lZA29Qz3JruNTKtP1NqvUbQCqIqIpmF1G9ubiCt3tLcrGQjsJf
Y9zRYmDwyJDep7GIioQdy3sBD5+i1Rud8TeSCKVxkH3QOrkGFWCzE2EUOugF1GeJc1Km9VbLOtNa
jOsZnu7H6LJaRwNAnDRptQc1HxrtHlpM2FzRqpDzl3vv0CJYUUEhRxqDDP3snikOWviWyxBuzujo
Q/tkY00k0+9cb89N9rDZsgIdn7ZcwC2EudyxppfehRSSXqn9iqFQx/7yh8pRGa/iFPDU20hG5Wcg
uxalS9RVuUBZ9zlE9aZTFe41AwaPjmyLhVIDibxF6oqf1k7SeBFo/N4QtFz6tU8WvsfcPRGvOXqj
/MW3E4A+m6D1Q4N3hA/2a+SbLgiiRcZaocDzwUaaLKgAMHhQM461C6Qd9VN492RvrNI/k4zV7H+a
r4iVtThBYp4U2ADVehtfpTO4Oi4aYJJ+xWgUPVe/WE928gqYAmOUAiOOa9oaRNsTU4TNWpd7muem
Zi1eG+NYpo/lBtR2lQ1HrCjDem2Z9d1HMtvDatCHFoBYp1iJNgmsSUEbOdRIzmsEVylbR7rUMPwS
7eGyUY1gH+kzEx2Es4I3oAooerSeaJjnVSGjVkakM2PVJXhM6IFwakXjOpINxdoIPAu3Ve019s1F
VX+EgbHyBXjF8hB+boWFDoB1+11QrnWQBNWxFrMUHpp4E3Jk2gFbRLE16SIvNZte8THJQjBbqcWY
HiplYue6xsPlug11SHNfbZ/LB1JZkLL9EYqM1nUJfoSv1cGHK9naiMUBgSp5sIAgZLwFgpHmK6Uz
0uQaKLFuW9uq5DPo6SU0msvAxOUP9rO5Z9QlPHG1jqp42Au6YYi4bt2AgC3iaz4CoGY7vN5wP7+G
iCZm7Q7X7AfSeiqCRYo6daHBZ0F+8Fnhl4UegmzgBfXWyEt6l6IJ42pnQ7MTpcE7mloW3lVem25q
dTkJpOOGsQoGjBtKPsPBBeOwMymAcXLDQMIOxicUFEZGAHQfZlrQrokL/a3AK+qYLEvmXx0G2mkf
1axSr2ilmCgcgRXyrFZqRivPlfaef0gMgoJvowpPqyKvVWP/iKfZ2OgC7S150v9aPQLN9GGVvqtw
CZI0qWSnH9hiYG1yvNpiG7+LPV8f46oULfi+CVNml+Yr5zW7z4G9Z+jFECWPM4ozxoU+soF1/o5l
lQXqFRGGOtvCWBeLrfOsiYhTZT+Dga4o30TjCGZWBTbECt40OI+0jASEn3ohGWQwoJD0nG6eEwVR
BxslqoyC/SdXe1XMKzbqW2sLH3+LhNF7gy5OuwIgh/rocLq1daof3G70wxbG89JDI683nt/SJru8
9cNVvltiS2igzGfy6EJsELRUYEsaq3vcu5OfLeOCa4+9KHO/0aYtU21nt2lXTYeOid8I+qpJ7Rfu
89VmDDaEPNR60uyWGWznHJaHzZvJr0Fv49mdGmkBf89biDoeFgR+GxY2LGKdVaXvQ6/FNmtlo2Sx
UN3T1TOMr5kaVqzbwb0w83oBs2Gk+F1T2LzfRxAcfS26Q5TwtJuY3IzoIf3Qpf1qjKkMHy3bt4+r
KRBzOGzN7QRwATUfzaFoAxRkTkyAIXx+1tUVEopMNV/s96jZd8WQAes4fF307tZxvwMR+PjP/Zdg
P3icF472eVi2lLnyNfWT+HSY8Fx9JEGqueIhfPDeP0qWXhABSCbs1AkAxl0JiHdmk4DQ7hIXFQhR
npMDwl18PBUYCpeeIwZPKYUPqNPhnP0e7q4shpvIUe471wsbRk76wTM/BcAqd48kAD63xtKwed73
scI0WQ97PSCQziBMD5vNt981IOd+4eWlnAUNI6M3y/gEBDo8D4OyDjKjLqw8YqSKLq05pZrN6a52
2Ev1bPb4iTWNjBk+b4N5x8057uMeQrajDUmDYGOhxFHzMw7xK0FBeR9gYgwfyLbGcWmMkThxt3Iv
m1kjreJR7/AKQ3mPlytNKdkkI0kx2TQFZoepbkc/zqjLPTPqECibHyG4Y14KV3r2iXLp+9irMlRv
vDNQy8iqnLy1INwKBYy9l99rPUOuN/3WN2jHYefBhg6ijG5WGwLfYUW3SqnE3GoQAr7aaGqdeWxb
z1sBFvGrhmHdI9f/c67vU9xFThvIRq8HlENz4SUUKVDTPNk+fgZlRW+R29suWBdD7zT8ml8o5IRJ
JTgtQRbvOsEvKhRQzfwb8n1f7gMLJQfs6n6FYvP4wMXid/zywUDfaSdPnKLrSxGvz9Lmhne76WfM
B3tjab4MyVTwNS0t1sH9TM0W81yASR18d7q4p/tAFPLH3SK63dm3KMPq98EJQ+nbjUPJLbtPEKZl
W9/AsN5JjSkLG6wda17POYmQZNb8rq+jFx8irHevwYvQUK8/7MceXiJSN283+4yZ/jQOijU77tvo
MyNQci0Wmnep3WWOlYVyM8ImaWK0eUuYepM5g96aIypCg+7aKrtHeUQtqXPz/JHVzg21JUTjQWlH
USNUgoSxjfosMbYG/izQqh6R20+DtiOss5+LtWRvJt775XH21Hc46Rb1qeNEiInviyCYlHmu8b7r
gkPnOYmgvqaH/hUWwMt6RiARPrdGssbg11+nKgMYm9tQIesldkt2idus/blhiOyuxRrzKFQu2xyl
73LdY3UDmTJkFVDlY8q3o0AngNcMf3td8an4HiKK4YUctFMuVRYfOcN6PRevvGCvYkghuMZWiUQV
smxu/WFtFve9unEGRuN2rFJmqtQOeo5ac+MzHepLR7Q3jI3BnRt7PDyh8ld1kH0uohHpc+9rdbh6
jINC9XN5wYS3WiGzxjoVs/PaLVrP2QqaenFVhITyx6wkN1qOW89ULfsoIlrNjrvH8sVmVZFYo/nS
DvjrPDm2Z7EbYKGEFrjBLRqOvisqWO/vnTD75DcGxBrpBIL7gizEm1m5oStPmkNeV3G1Q6kvVmdF
MTRG581NmwycSY4uJmi9MNY2GLlYN1Y3ndwI+BAO5yDbTjHsLyEi8NcYHsuHyFnVSyFW15h89+dQ
zV5VE0vwXwtzbYhuMaawyyq2a9TDfcJB16VdsNbD1HuGz2NC7Kg35tJemi+Ss9GN8pfelhtLBdnK
LlyW7D3ZwvupJ6cF2cK404uqyR1e5xeSIdSBk11MGt4VVso0QYsoK+WLGEuIvwkDae40vJegMlmx
opxRzaGwIz3u7YkSja0W5jq9Sfo8HeZP7NNlwp9fg+aiYhbgTC3b0EkjOM+UjG3riFwWYTH19eNK
5mkyHLcLjN+7my0hU0n1dyt1k9x8aFZM6dguxoUlX3+dr0ExbhDc9Hg6V0KgEMgWTMLv0UrdwVTB
qwBMQnXnWyoAokVj/erR7fGlcTRj5GFbK8usrw7Wv7QRROOypqnVYnCKcGUYA4T2Fm747i3OC/mB
Pd++M/LzNwvPMpfH31SkruBUIKmHlYX8Y6I72nIaIpUM3qn7Wru4pYGmny2LPMBd460PxaMrD/dZ
bFF8OVNRb746yFgFX4PFodHs7E93SU7I56n6WoN/QKtYIariGSWRZGO53ZNSjMR6j1DSks1jJTtA
XQAN4C2c8vGrKgqup5C9dXh/hrd51jhKViVRCzp+GuM5vAC1jPJddip261URpvKqFpSCRdcOcPKm
foajsnOj2IRlsZcyhm1BEUPLvxxpq7B5Y29Jjay13yyF7bfPJtZIylAC9nuNqDVEc6vmRuLI1yFI
cyqNEiV8jdYwdLN7AP3jx8PAklq9NSa06w2tUfGAtRCui2xLfkg5KyPoS7XqTGwrwlJL0bXk3pbO
9facHm/q+sI9fIm7cyNuW1Ctj+Y6OwRECg8LQH49gdR87TMkAsJfO8R91TVerwWrEzmXlZHHyrW/
fvtVhMcqpz+i/bI+3+u+APFIciiUclqNhVkpwkzwBdZ4De6GvTLfR7lRJrTe21RkTtAKAmC1j8Wi
/dpLWv/eWpIapuYm954gYYNdoc5ncEcyKaAvqERTD5S3Gw9IR4MgSWTmABAtVSq9LmEYnGays4ga
nEYX5uLX65qsqt52dyDTzH6aKkeosQXcchIEglaYFM6HDCwAYrc+W/TsfCyWXkcU1+lmKxbuA5r8
h5EzS06eWrM2a/OAYTaLoXBXNWZKFL1rWOum2XVb/gu6Mi3nM5tODzinp/XvFSUF3R6rD58zuNWb
Nx9gTYqrKOgtMLc3l54u0yP3MAJrc6kbJ63bRjLpLmZnDvY8X+vgWQjmzBqHvaHoZ4U4B+Gm5yaw
K/MSZr9V7JYmy56RtXRHDfTQCKQWp4PS6vlSyRBFQm8rEnl02ruBnITOEZsq3aznKg4UnMrEejI+
/4Mv06b3+TNbYe99bKxDfOzfXopGS/p2xHwfWsrZtdL4zG+hoT7IJL2/AFaVqq44eZQMrilHPeGW
594V+sFB94VlW1+R5/DxnsYghoBDCqFtE7FVNZzoE0gv4fEc5yAKXHsrj2LU3OApCl8tvM0X7gCt
bhk3XQCwcm14+G4p6DWRntLIT/xjx3CB68SADMmYqkatR5tXqMrCkOOfY6S8mhv5jA78HfvrSWKB
xGj0r8k0w7qPNpugVWKoSDhKpMUqAvYVePEpPnPFubdbLx2vn2tIRv9AQHg3OrcMXUZv86MlyrjZ
RUrBWufiVWScjyCHmkRM+b4kQ2IcXU0S8FzQ5+YTImxHvtBFeuV3+sdW/lbGqfa8xGR/Wr0s/eCF
djHyCQt1gO9515Dyeh9oe3lSv+V3Ctv9WY7pX/bNofgjganxgSCbAdRNHv3LvtXB7euW3XhxwfUT
TfEqBT7y99grSscbGDyKTR77wGSp5AC0VhfbhRv5vh6TGyGbZ879PdZ6N2gF4jZGcaKwBX5Jx+Ux
xId5PJOzY3ic0hD8xTGCnk8weXff6s86U8VizUI4z62biyNIJx/MaZVdbGAtF6kC7LWyEEXY7cVx
+bXqWuisQUnayTP+/ATim1CSVft88iV5qq8CuXhOWyd3YxJxLbD6fpizI0pvQ1LR/Fe+XKyA29rf
rr765GFvN9ycw2ZglFBPDE4+yM/CXJxAOzrk4vnCCDd9Si+AOTiFWls0h2BEedBX/xihU5Y8rEsr
zV2eXNzE8uDPxc14XH34rWCMMT8QZ+uFPYWZgJlu2P0PNzAX1z3SI/8AJoUfLY3t63Muv/4w+spT
XYv26Si5Atu3sa7WfhU9gSFra1/Jt49vaPZJuM5nCL8KSt6t9wP3Mf9kHs7Pm/t6nww/tp/XpxZ6
5w8vEw3JM46fA516pR6PcPSfhHr5vvW+zzPw7/mMiTny8PsM6Pu53+dNafih2Q+Gf516xoW3p8mv
uWafT/alh6O5XWtfMN/Nn8QUv55HNbgPvc9Kmfc63wH4ig+6yLwtDtDqH9KuP39MxNaGXhzwj028
N19XckEg8J0K9AL12OrB4Xz266zIHX3bOHnBfNsy6IfiqUtI5/UITzm7Tt5CqB5ZL3qKBymwOLMG
c3/hfnpxnb/ZgHiV7PLmfIGO+038/Lxzs/cOIZPE7I8q0jiPdjks03w9f9LlCyHQW9lXmUNAx7Pt
7nRv7cmfuGHx6ivec6ftas0UFAzjqxdD4JIQiw3AprslY0wYjYRFi0wou3fjtOcEcsUYJe/mx+sA
gRk0b5zLYLUsVEY6Br+zDAor4Xdd5c8nbeDLEfqRx2EBf1O0qPqlQwAZ0EtM0XkZplotA34FwmUB
Ct0EcAUcWzy++OSKE+rdQE9OxYZGT684olyIMcu7v5CwfopFBZDi8otcuI+qHNj/FC7f187twjf1
rfuwux3a9EdoN9K52JNr/HkLZ6+knw0kMX4LkVlHxd+1vXAvf+e4/dhm4McVkiignl5jSxiD3MT0
WsxvuLq22eenRHGmEUJdpmDFdWTLfqn6uirj3v/D+02bfCi6nubFRz58ug8s4L02TzXM7R+XxH/n
u+Ii1ttMvdPNzQ4WbIzo1d0hfm7KYyRvGHSfpdlwtzN9+LPnsCmRGRLcxE6XSu/v2ADmySf+AK6l
8Zbk9265+7PmF0aZLkSDKV+8AjXOtxa3f0+UZr5tK7eMIdkZ9WGyuVgGS/3869KQtQqt6/nXkaFI
+5t88+TryL71B3WqJozqOhtn9WrZ88pmsyZsQLXFOKOqp8Zk07PHJ18Q1XOn3eOm4xibnTCyjwjG
UJ4HbWZ8oyDeBBKpbLh9Xs3a75rLle7W3Y6Zrerf8s6PpHCipatF8wI8cAWWPdJ54pEbrhvtnWyw
veKoBXSbza3bLbJb8SX0a20bpy0nu0NUCgl6fgdjcltsinIKJU1QUo+Yv0rZ6urWTlued4do1yEq
OYCtHOWYII3lk2g4sBt24V+tSUDJNfRh+iScOl6tdXvn5to8M/t+nP1ipgbCBiiWbGBtF+N4Rn37
v/4ZmZYTC99iyt3oSsGSSqBSPH5++0D0C90GZON6nvBiVvxRfgBt9DCGQBKrqdbpc5cRaogKVZAc
Bf53AH5I0Jx7nlxJHLc6ZY9RS9cEDc9Zr86rivHsd9pN61tXzzcZJ1HD3RBVKdXnijaRR3NlKN8L
rhxKTsoVJHXaJZ8czKVpFgbGy6ctnvUAOb59zDjj/c+8NrN842he0m/2aZtWYDG0qEEbjSzypL43
OXagQS2cxfgD7Hi4QwiInjztyD2YNfUCnfVjIoAHWItNPLMvy1deb3QVsllo6bfLYn1TRdvfxz5H
BKJ+rhpSSO9kWoMOGV8W2mBKqb+vxupdjt9juCnFDk4VQ1a+75HjzvUBYza4d3IzebVvPPNuO7Rd
g1dbSKPhtS28PX4Kgjqc4qB91mutd+paceMi9ivCPPCtn1SBuj9Ghp3waU5vhQEW4BL+PKVVPDp4
EAyPNR+HOhS5C7SOJngXw6YFyOkHh21n04r1cwDKQecJGr/e1yhg/ji8gC+SsUkeoallL2bRatbK
tEQGPerBsKlFuNBm/VFeq1f3booUvTW95hnj/+FHwcIK+Z/D3Dn+le+ClZ2d5V+1/7sJLzj+a8IL
jv/lhBcc/68JL+glbf4iF/qPs/B/nCX/2wD4/4h6h/pHLDwTASfTP6PhGRkIONj+BTAScPwrTv5/
CJlnZCbgZP5X0Lyou7O4srOBs8m/USb+tyPrf0Tvi/9Fw8r5zzILARvDP8vMBGyM/zXq/h+B9qx0
f1Fy/jtl/yUGn+1vEyfjPyH2f0Cs/318Pr2GvKGlidG/jylpw8gCxcj4H5j/QswEjAwc/4L+rjUD
0z8hdgJOtn+1cBAwMv5nP/a/ENu/0yVpw/QPDv3rqr/1jIws/4JY/0L/2cb0d/x/jcn5F/hPQhih
GBn+dRkHAed/Ivvbj4nhf8428O+z+C/pBhgZ/7km/yZ+/5w6vbKLofO/1fybEBDQq1sY/+3N9Hf6
9BImFmbmzgRM7P+jXEAxMv3HcgpZODspmDgK29nY29n+Q4o5/heSGWTpyGiLooyJewgh44ffFzXY
9L8rLslW2o1S0Pees/0lErsPifRdf9kSC1kWBkyx4pxMzGJRJQtNL7gYAkWrl8qZsETilwCRjhZV
hzWjbYGVq1YXNEi536lzaNdr1I6JW8ZKjkxoBiez2Wz2x1ZGR88SNrtt6MnJycjIiDsPXoyYmalp
4IA+AQIGHt7LH2/dvLSZJtbCrJpgwF2a4cdkdwxixY75u4D4wlCRcghmtalLSeDQx8fCtNdFdzzI
ZkLv3HWNoxSJYpQdRElOLGXGJYtra+Iq28Yo0g9fzzqnq7H+vDAxlr3lq7GyWUh58s9raN3zt6OH
q+eO1ijC2/7h3e/HitGL3r2pvtuemtP03cSX/eRe83H0teZuzMrJfK3J5sbOzs7T09Pc3NyBgYH7
ewfZJaECBRKkiBFDaGhoaWlpyCU21NWovDBmANMzyqB+NxDUJ3RYEgB/KTB0IxftJ9o6pn1wsgr1
oqv+dfhuaCpjoyAUHYJCAOnjdswZjqMw8m/PKj8ibxsuLOx0uKxPnyagetFDaNijJTsc/I0l1hfD
pQ11rdCn+5RUQh/vDo/wQ+kZYRT8j9otAfRIuDfA5aCkL62jEkznqdGjtIuknln1bnMq63xoDSFL
zlTBi9M7E5vzIFirQ3AGV7fYAzebsVy0ju8I+ju1rbOvFtysPlvh7hVfTlbmUwWjsL2c3SPx0o/W
aZuGl4ISo6Tyaf7PxHSVdzqsqffFNBjfNhV2Xj/n/Er2+nZjwX29tUONe1c8nnMBxU0i6U+pPgt+
744q414Sn7FNnhYgX0i6mv031c3qJDY+mfl4kSxWdf5+p7G0mrnlPN8+Kxjw7ion6GYY3chRuDdy
B6bt1j5im/5s7sx7ryeF3wHUsiOPIxVyzBkvoJ9qPcURJXaeR/fEEnjre3+sfX6sar7jOsf2bPF3
VuxPI4jLbr4ugpmFLhOw7rw6D377+OHTZdJrPish9dUdY6PfSd+ppjcky6VY8EYZq/EDC7Wt4VBP
zp/P5m8oLB/95lx4NDC2C/RbzKwLCgXyhZudSKSA/YSJN66juPdqq2s7vLih8RCopN0n10loij58
Oxgp8zx+qvXTHQ8Qhno76Z8IJWyM0ltRVLvHrKqWtwvh8aDU8DqYPmogh2Uzq9Dop5eOdVHoIn8/
Rx8YpRnJmeMNYS+X5ZZaWvqRfhocctrCjZ6rNj+6L/I7RaXPmR7RMELT5bmXM/CwHo0CA7KuTz41
OtEZTPnl6zcXPpY8FJf9e4YC/kkVrgKTfFDeV42NfbwrswvUV1ntUdWaq3I/LI/KR5ZYZV+o65kK
FjxR7l3A+ux7T+vrBvHNAvQzsfe+MCzms6wOkHl/+KaoJoBiqlAQmzJYbpm4HTkP5QKR9llh7FnD
sIxN+Tlr3CdadlOeUNmoRiuOqirPe3tn0AtgaO5Ro8Ue0B+otlp/0uczMjmqBgdlpztcikW4v4Tm
HPk9ECyEJLFNezaCWrUYmTJZgZ5/TfJ5PeEeUmO1aNE6Akc6Z9rHUA095P5i3bRRBPUTAKBQuh3O
rVafSj8eUAlk/gRV1TxaAjBlvZfSvJseowhBrvuInfBCEN2zwyNh1teXcPDsYREdd78EQrY8Ktcp
SV3dD6gD3QatqV/Gid8zkrgyMO8OExiSo3KB5li4rMpN40lMlLsjeWIFqVvVkVLJmdz3bDXvm68y
rC3hTh9bFEDxTEh7ASiKKAdDMmgDqUO7qETJgToPMfExEtP0hFT1rujDPZQZlde5bjZGH3jAHjOu
9dR1lIVOFIiDMthDj9e3mRh5zh6CQsj+0ZSkMJappGE6VYNTGRJOOuQcMGdPpUUN9TMcOShtGj5H
zmFXZKwwfH6c+qQ0AkuyAo+f3U5GiyoU+pGIKoFckZr/4Y9HZFOe7+MzWaxVvVqCIWYeIpI1eGS6
sZ1Y7gF4mhIAHgtlx/yCVSDPZkGGsUwc/r1Fxx/PdsvNLklOsYHTWB4mCI+APTZbqsS94ChzOqlS
j1B8bwhHivYRz5DCYUhYqnaMdMmwy/uhVuogcXOK3zHPZ0LHh9fhozyDt4KMvH826b7ydcng75Ls
iBa9mkGh2es+wYkohULVJOpJqCt4VyUrAQPeebE8eYSCxcFQTAAmisPumLWIwhTIH+Prv9UZKV2s
mX813r9lyGiOjP4CiRxkw2utclOjKHHHDwAb8opPpsrdoLvDbnCIlXr5zehL1cG4kScDZ+0rss+u
3U8fEWfL6U70U0XoCvEZCvWGejfFCUwXsLeRDZ/zPsdzPfOqR+GbWPs/m3f/vov+W4mdkelftQz/
TZ4vRgbO/50N9+8W///JhrtICBckgCFysNucdkHJMdDZCCTdCBdANGDNAAI84UpZ6IKaFOtjjDz9
eTrFPTenbkVbcvXRW2s165FZaoDx3hvHyJd7fe3ygNAOcmNjnUkWPO+iI2WBM+aRm2ay0XrNEUtd
YKfA/80iJhQJEEMpZY0DiOX01K4KYi6jaHgEMZ9eNFZDJGAUiYQt7j+Kw2uLCoilnLzOAcRyeuZQ
9be5cHgUMZ9RPE5L1H8UhZQtFiCG03ObCoillKLBAcR8euFI7W+zaEQMsYBRLF7b/zGKt6IG9sKo
+/D/hqEM/8xLxcT+P/CT6b/jJ/P/IT9ZWf4v8jPHzxp7Bbcfn4rB18WagGXYV3KJzcJ8gs3ibs6X
IiM9FGFICKiSNoAxmCa0lVQYomRLwEq0YmlQojK1dZ7GqFgAufCTQDaTxeLw095mmyWiImvYwXf+
0xF3TDYba0xy+8rrdseLb8st1ge9q9dxNcnF93any+2V7/XLd6/r9rW7F+87WKhAn+Hs8Q8P3tzT
U/PSefOGdZl8Ht/2UpDQpabUKdRbPJwD/hELFFi8FcJ5U0depzA2++FtSvWGXzg1leVWe0JyzFoT
b+nm5ubLi2vVimXb1tjoqKmZWY9u3d4tuDtAAYO8oZbQaGlpKQ6cuJ5e3oQx1/KKD6q8VE5YafQv
H+8fSDzOEuw8uDkNTvWlW2HogDs6aNPYBiYtjjF8ge+Vu7nkghG4exl1N1lZWSurqhFDwFExcfG/
hp9/w1Qa/ZRpdVnZb311dO7g1oR1VP1oj453PPLJIcfqfLruj0EQJpTCauvkpKhGx4QCqD8NjQTR
gNKc7ujr89cieECJ8M9bb5YvXMkjiGM+jg8JFlzbjlSSXpvrv3R0YKMzZkwVnPoxynkwo2dmZmTl
5AJxuL1erNXV17Rycs7Pf1idUSYxAPolBDbMAzJxauVgwL+Bpt/k+R78rwY7E6cmxEA9NVXCA531
4AoAiEjfr8sJ8qqahrJzq8CjVVVV//qTQYHKg+lb1732B4Pz8wgMpixYr21uxWU/a/OKGEbR+DDS
qXgdAkSMQrEPx2/k7oJl4BZiGNTHJyuDBJMDH1g7gZfCW/QDbX1+WLJKJdlShGC4AKNU1NSQRsDA
wCKxM3Nz9LS0AbXaWlrITYNv3dTqtQIh/2Y5i8YwDphDlYgfbiUDmsYFdJKY+u0qomT2D9Ky06wC
RIPSbDRGeowGNwUFuX8rLGIvVCWNpPO8TYrGzIYXqhi+hMERM7geDkMyFPozpmME1gZLFo5qbIb6
44Uzhl4zMp3FOsZGZgtTcITfz4syhV7/qb42R5xqgMUMYhvjToidnGiUAFIOzRjFwD0cBpWLtFQa
lQluUD3GPG4hZADrZIJXVlMZuZzMx0Y9dvzV6agb67Biv0c20y26Rr8cCqjya4xYsytni5E6APPS
1L+MMdUh2mEI/w+jQZNld+ypKTEv22bHXoc5jz9a+UxekbCHcQpsQffDuPLjwz4qykNhtPIAZace
UaYqsRE8uBqcN1ublzubbeYGb7YMVuYGLXtK7HQszXtfqXO3d3dxIcmBpCGjI4QKOQRFY77gxVnU
vbM+LujA9xhTzLXWIsrQHBXV0GHU8gTl8b7K5m+I1GJNZXQj9rBVN70HfhdDgB7NJMLzD3BNOdmZ
vkXeZlbao5GYo0B4j27Dy/KqbSAaFFGaXyIG9ZPXdNrFsj5tqsMaL1Ll1psfOV8zmELozkcD8J3Y
oztu3bt3H6FNbSW+9cUgoqG/qwIbLoUu/e5pf4a4PL9qN6cBq/Ovlxw/jmHrHHQm7a6WMJKEeB8x
u7ibfd1nXx8jb6YLoD0f1H6Gp3iHqqXlWZ/3KicYI6jjD6IDPPQu0nt8bsesWereR1PVrS7G6Gyr
blFfjs9PAWMYVyYYDXf5MyRPeQVcfl+ODQz21W1TgMC05lk07BA5oEvr/KGX8zWdbMCvCY6VMUn1
gCf4Os5RrknKtbvmRgTF+PRufVaOYazoIgPGnBJ4xKPw7N5UOnK22SGubXm2+S1wJ6VzTO/uW8r4
Mr6ZUotJTwNhrHnRvr/RKO2oeNPh2jWavlyTbBFtUqPjQTBUGi/CrBY7PVopkfroPfYnK3mSsXMW
/z4+YVKsoKxqEXiBTdid13VJ02hGzM48mlHu0G7Y7GpudEBWP5rHohkKD48RAMLoqoJ9Sr1RMRTf
E2qnPqWZrOeWtX89xh2VhY9wUvqI+WWttpmB7Gk3AU+ZMidEiO8YwZ0WaZQKzOJrXInzWlyaYbHR
E/NjNyA1jO/Mo/N7Wrrmd27F7dfzws1HbPOeYbl6bJI59D0m9RXee+KiYEEvr6IjDJ6gUDj4fXW4
Icxg2v5B0duSpLsrZjjNg2PvquL3yl+7zLBEai5cXC4m2mZH+SfrtUuPw8IKx2HGDw+kbntfs9zu
ZTF2dqDsYnb7j1gQBQkU818yhebuTplPzaE/kJHMIhiMbI31fT8gGOmjoLI7ijhwEBVCc14GGIM6
P+0Jyfdf7F4LIoVqVe27Ymh3WmKoocKq3tzjtjU5d5ssjWXcpmE4aiJHTlxkps/j8r48LZKECg3d
4ubWo8jGYqRu3yU4R7tHHJ/Ki9PDYtrGzq4A2hmvjh02A4gp4JX6mL7k6AIjvP2JApE/g83JcuAC
sjKI/cP52cJn1pWckPvoVYIeL8Zu2u05wuUlv1lUx9bj9iw+tKJghSCLgWB3cd+uhpyS+jzrLnMT
yST0drAJV288j97YX1l3mrtiFZ1/X8LWV3v2PHWCVGDmNaRNE2dNYjx6lgTYCWKzn4nEbkyEL0Eg
8tMBARAERjC4xnMpJuUNV+3FBnnAQwHRSlIqzjSUkGrcOfhGV82zvUZEwklgsK0wvhhfZwxw5n08
PNSbSUI1pXHPAgf3nqBKdHWG+XpdOb9s2exR2Lxv+MUIO/EpVPtV35Iyh9zimXNyujqY0D6Zl2Ay
dH3MjIpXTbt9fXAQx9sMm1WPH3YTHljREUIFO0aLEJ6EnoD1uQb0VEha0+O5DqDHJhKv16/AKyXV
E26T6aAyoWlNjnGZEAPfW0fDkEqcGq+MrNuMPOuHrsDP4dzg1mFm0rVwiDICy0L9Oa3409gbATZG
QzHf6uDWtASKfY1sm5hrdeV1SDz1Y41cNrqjsMnk6dC34lFs1+1ydQh4af6yVSP0C7x4xOzqNi/a
lsoouE37uLBT0vxRq0FkklLsSI6ODz3RB4GTjMM5ZL1fnpDTOCuivXyyoUQhQMMt+Ajpz0D6hSFM
8iY17m9IIQHErXAimz3yWWlAWzqAw9kb3WYZjwB2iXrBRfIl3cTqv7/ZaW3DCrdTpOTvJwluZENs
ppc5ZqO1oXwKKSHO1kgo+yeFhPRaZ5yRoVph185EsIFEVBdtexOc0eqSbV0E/UEXJLJi/TiDo5iz
yXWlcjTnxY4gGelobQQXRteogtp6j3yT5edSD5Cr2ra5WPEFUd9ETMGkpedQj+J1lmxroOiBC2D8
3GFM5nW+rUIIBgw3QqM7OiA01Nyoh4cEuK7LR7YfKqrCeyv9niQiJEW6YbB34mSjpOXouSEn+SDO
wIZ1pRvn7m5SsBTU7JxOjCDBuboWuHY0OnB1HWlAxf5+JGCv6b7Gd81XBIrVMb5GHserZoYADzIZ
eD/zSKlXPEvURdHWo7PJPdaXvjNlPD9Bs6jpzId1BUAth/5CahzLY2FS500IUgat6n6MZANfDRSG
DHgm7j5XcltQP1W4h8r4cUYBikoUx3Cl0HnyX0uSoSUXGB8HBauBpwEt8cfdjn0uKDRVH1NctnuP
jMUUTVRouSBOxRgfymN/zOjpmy4zVmEbwaCtaiKgMddHiFusoScVNaROKgXPq6RVxjAI7ucXbq7L
Zn16iR5ygysflRnuu4lBp+oLo23aOPA/eNKHEcjhhlTrJuriKVAN7R2Wx9dlQzv1erf+CEVd826B
jn0iUYjXX2eJ06O15Hh9Ek/VjFB6ZKOMrLvUrV616rgTxK+ie5Qgmr5DpeFKhaRLYRJvwp6mw/fu
fYm0nPwZ/bZZSdXrtvocGEBDIk3Of5euzIxn5JjsPcj4CLKywHGu719KJ5OU6dS/FxlYWKEYSzQ0
aqJiHrVlW8bFc9vrwpK6zKfGMPz1NVxrkvXUKRrTAEJIEu1jYjfkR/a7r8dVdLW/RBGhJGvCvayU
MZXD6K64YrvFXp0MNo9KYQ1DOr7B1Z2J9fdHI5jGgzrBEkYXeXPv5eFhHxP9Ch0oilf4iDJFZbzE
A1eGRfQEd5SVIX3n6cTqYZNzudp+ZFI3AGIXzaIDESWk9IEtdQxjQ0A7FRB5KCNQFlAYeIJyFDJ5
YmQ9ireeeXQEzPCpRLSxIGn0efvaqgN8xHZ5NE9C8m07qaPlggNRoByUzjLbM9S/dSzVPQjeKotu
QH8IG95lhvGJggNDtE+UmBtyIHIWzzCgjHgRMaIxADsLJ2GKdbxQGB3XCxOAFru6F80ujwAXFcVm
Qoj7slaJkGVVRn1NlbvrGp8U6xQyHsyN9AUyo8ssjuu8Wj+B+UYLG4mIx5uEkE64iHiitIo2wTDa
F4OgM+C6wJEICgonxzArAJQe9mkARUzzGgfubwx/BtN9XZ8wA39hP/qJjOLzDrbXQSMHkhiHlkY8
nwDzeyv5h3WlqNF+VsDE5f05fuGhTqdM/t4MpT4tpoaVajXMtx4PPSBSy6Yd2UP2Fhb35yAfadZM
xlZDylo+fT8FwQTLCHMUw501aAaeUok1KQFVDEz1EFMwOawS8IMld9ivVdTbhPAp0RjpD5prcgp2
KtIWMmTzesgKhlHaoaWdgheN9SM0QxTuL6R5wmK40UzzOU3rlPvDqHDRCzA002gcuf1fCfr/wMUy
ytYJpI5NC6aUGH2fQNxRnnchRR1BKjgux2NEeBcMAFZHkM/FPp2+XY/y16hBGJk3xJZkAgNDjcJZ
EFSAjCGitITaY4WzbGqANE1n7DCgxDKqNIPROm0wExRje+eVA1QhhAAO2I+VwiKcbfOH9eKFzQ+S
KTT4lR0eXY9yn1vPLWos3DQ26OZzNV5JDA7E270N7S3iBX1ZpbgEvmCplME0qGSYuYiBjJ+ZDl2i
muQDaszw4sf3q/T7v3Ne/5lXmJmVg/Gftf/238R/cV452f83fFdGFvZ/+a4cjP83fVdwbeU19LE8
tctdivwrQmXB4QD/6WFV9ZXCwuZVy6qXupqaw93Iw1xVRIRwohvNjAACKE1jSurC/EIiImW28ucf
aHV8FEZZocDo7rmP4bTXmy6P7Fvu37lON3c73OdkKf4qQEqQEqQE/15gMYD8VG7pSbE1TARIKDvW
hViWz32aCbt2WVGj3BH5W4fHF8ERYU1ozIhUvEeTqeLh4fErpqa5uVmkE5IGMLwq9G7S/IqAgs67
ORXRGBXVIuVEbp16sjUlzXZEV60R1Mvi3rQxDcUm8cabRKBYJFgMJFw+l2EKKAAJJCLbQhZR9sNS
qaq8XGCm/GfHSqozSgcI1YQfHR0dWTa4PCCuHhkWpwM9BWFovClsxNfQz9QiJF7A4j7w71FYSDQY
W55rfhXeubCs36fX46n6dkFfkU1KGHA4iO/k5PT4+AgNDW11nlN/AzVZVAPiqSEhREtPT89/20iC
p6X5u+oTn4mZWa/XG9JVAQECR02OJQiSl/QiFB1ANUBTTU3tZepRiVBaCMiD0wmP11OkKWj3nicS
/grE7jw8h+QCbChqDYB+yMkaczfR3doiZ+MX3Ovtnt/nG+O6iZmZ8L4C16GZUBBIW+qwXCCHIrtK
CJTidZIzfUX8X/qmozMgISHh8XjcH44hRWA/wKjFk+Uo7JtzguOg3hkSyxlYWVlpV2SR4mhrHn91
6jg7OyspIQV/Pp0rL64v0ObsY4HbD8sNrgfy7QJq7B8fH39Q0s0IjKOSqjgba6UV4abRnb/kCMdV
6L1mcxSsOXfl8s/c9lr4pEmjb/L7PIkC/2Scw5ftdnsw09Hd7PZ4nZ+fi5xLSIMj9BPqM4clkhyK
2QNyR7gBaMLoyEnxLPb7Jbj73Qz00OOkuazMxzM3YM9uc64NG6XxTemMXAZ2j61809wK6orXaKtt
cckt4hfYWNEe+VQCI0S9AvKpam0GSRYUFCgqKip0/pWZ6Ojo7GwcQ9oQ0DAwuEqpK5LdgOTk5PX1
9eA34bz3czFfPvaqlcQfF+U1RUNbJ4WH7uIbl9VNk5TryInSpmkwRrCLDHPYDI51w1xUp7FsRLwu
z/amAedhGWXiIT6+Mm6W/jzXn923/f19rTbbnR4vdF2ohtR5rDeMeYICFrh9CeDXw5GoMHj8QbnR
4eHhkRsr/z6hK34H6k9p4SA+tqnR1/s7/IOGpeUBHBF9cnkvl3afquujZfpGZi0n5C1t6G/H25tZ
1yXPSitqRvY5lZdOc0/HsNn5773Zm3uqtpT1vErTkNfEsT9//oSEhQlzt2vTfQqE57ylEvkLE/jb
4wkC9JOSkYmJiY2K3Fb8cZI9XH+V8mKN6TUlz3n30G3Q0LeyXcWuWb9k8mVj4L2OWqHuqrSg3MRx
urrBs2bc29xUAuOi7uhLy2J5mUyhXqvVCYoCwg0QF+wXdBMBCBtFTEV7QauV8/bmQeG8eKGb4O0m
sYzt2FHTEcZblQ87WdkT8PnapDMR/Yxf8Q5dL28lDn0VS1pboXU+1p6C1HuupEF92s18hnDMxuC/
WCyRxoED3wTEDSgV0NtHA8KRyasvTfT3ernCrKbDwWvnTfDjhn7AiCmWmahSGwp7buXslElyEZsS
mHl2FzfAhyFD0Y18pjfq7HCCqX5us7uksYYFSpVvn+p2vyfKmgl1FRDPpwQAdwIvUvezR0RE9Nvb
JNxPYgk1xF5zCbC52vcccu9eWJ3REfEqTpvTujyf3MTRY/Q/Ka1eRJctMH++66M+gHvc7nAKCAiY
h3sjBwD3CehAxsSJAM13MGex225fCO5HRW9eXI7H7Xc0wdG2tt3s4ov9Knm8Vm1J5urSadIe1n7R
Yv+GEOnC8gs7ODpCRkAgoLOHOEhgFlSBsDcwMEA82BLxqg/tu9zOgLt71MLt4w1n3F9PkHv28Gc/
We4H9KHRZu+fWL6g/2gV+qTd2eHQ8n98fQ0zilCLWOVoVgvMkkosFymEAdRfAm2zFFU/7bRDaHxO
SfN7qO/NiN/zvTbt8ja0iwNYJouYB9ifzeYUDhLuDEqX8geGeKqDTHy2xNs/nT2f5agfX7+sr4zc
5k95Xkngh3NjyrAF+lJVUx6fNNfB/6p51KXk0KQJz7SJpWN/tl9dSiiRj/TeP991GAchvnBHMYxE
nyvev6iC8Bb4bGzHdnr1Jq4rYrAN8XiOyTlIHmS2uPUEbjkxW2trjcPXqnRolnG9PosuxyxUW1Ax
BW8umotyZbAwpN8ilgZviB24G1RHrEHic5McyDF18R/Dw1mHw2X/Qnmf9HxjXPUx4i8Cxy/4+l2S
XMw2WfkVzygc6Nnq01P5vmzXYmyvEMxa1TmYnID7y4RUlDMcq4eNCkuqYEBPyNyePkFS7AVJ408Z
tQXkUIOgOq5TFO8uoInLSD2CLq/hnhYNR/AWXJMngjFeGfucK4ZsLCrKB5F0BIL1XT4fGrGJeTUH
Rv7e77MDOVDOnwX9690NzHuCQrusvb53U0v5BmJi1FYZe0x5d0zR+vllBY83mptrfjtkJseNBr5Z
cFwWFhTCF13yoPQPtML+/gDLLLeZda8r8FMMYKAGPT3O/fZ3s484YbDy41NYHbD0cwKMZr5WIXUt
NH4SUHI6yOGxVkzjdXAUGpqYh6hG6r3uCM9s5OTP7CvC7eQWrTK4LCaZU+P8lCksXmHWuinqDQcz
h90xv6RCQ71A+Dw2NaYDgxVTBrrO6/WFnnmnsFmHdtJNzUYO4lqz7/bc1FIHQPWtiqoJoauXJnHU
NPQ0FZXQMtOF5XFA7j8Tvmke76Vcwrzw/QP1uu+ok8JHHNvpS341pPvJKe+quOMDDLmv5wxOnvA7
Bl81cXVAtll7Y/C4i9h1Y2OLaEcZaKCxJwuAoXBAen0eun8uI7sTH+aTpzWXz+p6Ef0wMCuCMumm
hgwBkd06cr5iklDE+nX0uQUZJxpSC7jebz1zjYUXEGzpPyu6SIDaNOe1UDi67DyFlktNwex2eyco
6Yyc9rLEsdRqguaPLyupoILh+ICLegILfx1Tc69ih/TQ1RHpIVpZnVXKZC02ld5Xk1re+9oo7gd+
biFy9o37qKjo/oJWztHjhAT0ip112eSmZthMGophb5sXhTUagw/kJD1pu24gdzFMj3RfuKurEQ0I
oqChdZ89juWN2uv5IOfq2SSvSNKsSfoN1IYk1sv+k0/v0A7Z2UnFETca21c+4tVSEjDEQEv0+XmY
fVXIpPkdiOO/AMFss217q4+V/JncO/Jnvo1jwng8HB32Z1MTqx15jAvJ3i0xiEq3D/K7zjS2VBgO
yLYrYQsRaz6NLtR6TLKdtwQInvoQXjS+ihYqu+vSy/KmWpYUFRWxgt7iANq33uVVRl9JWXmfBCyx
65NYHiHTA+kM9A1lGA0UToc2/m69gQyicwh/GW4PxBh9sMfMoiTOk0wWd1DON7gLAUslIAmZIeMP
JZpQjp3iPsMFBhIb26roNi1BKVcU6LZrHRGp38OnI8r6sXVYnUQxBOkfTzRbzn0paMrpxoDg5yeW
S2C4jroUbDJEezPvNad2N1bWlDuXtKblKhQ/conZqNWj0afKxFbtySItUFJQwu1irpaIn4n5YwgN
ieWieflvoXpkKLvtAWV2VlVOSRiag6IUWsEjpJtmTMNt7ENWpsXZaZ909adBFGRbMdhjkrfHMZVL
KvIBt/QItIuFBUUxntgqhpS3SNyeBu9gmgjpGbzsnxVXBfBx18XjhJAS0PMMyC+XZRqdNYNQFB5h
/J8YwQnMFoAQR+IDCsf2Bda5oORUNPp5Nua1AH7MQdli2FO4iBjm38LdHkHcjuXIE1Q/N+Z6ar/Q
XH5TJfYP8bxuccgFjwBH1ZFh1GwwgcYashaZ0/Py4hFcQbS13Wa5nLz7HstIhM0unw9xbFOg9KJ0
ZiVb7JfGiG1oDwwwj8WrEGmpxz2j1lH70N0wYtmUjz0w5DE73tsVCbdrj+OP46zJARDYD/MtKtXV
8cjzLkQYWVdL2pbx+7ngSBOXCvvHdSlbbEg95f8KHCrO+sW8By/d/t0mP3IZGaOFrg+CXh6wMzu0
Fzr8g4oyNBhbffQWEWTBctw/uclR105x5UtGTnk8V8+r5TrjX4j7/J6Rky2H8lfsteqDAwbPNpMo
cPlS2Pnt5/JaxTYRlFRVzrLeWTqLu9d9VzFGNy3S62p4NY6WU1bOcipEpcS12EjKd5rGahIQiEtd
fveSptc4M9PiRmJOy5YkAOJw3+CcE/vbGkJA4f8lV4kZ2I29lBYz1V//WnS3aHtwGrEUDOPU0sMw
JzY3cq+mKJ4nx+7z4ONG2u+81dFjDXz7IgMojb6ZXIO58Vac/I2S6nXojpBBSSl5DT8fai74ad4A
yGj4Gex6rOIZi4Xc3tevx42gpiYm4dPvk0dXWs+meIus9DGbUPg9bPhHEkZHoZpdUPk3Fno6ikyt
6UnZXjjPlAZziMP+b9K+uNBHyBVo2U6xWrD3Fbdha1qEQV8btn1z6telwTrGdBKmG/mdA00wGnSt
sQhkMuwi/ifLYYNgnfDMNRsv/mMAaQNvmtrjYDYQWV1FNYCxlIYBuG11u/dMM5IkfHzHrwRt0byr
sVe24wxTALimObbqI5O4hi4P22F9pNtH7oZU0FBxQ4uoEGmM+vh6x2KAr/MrFbdQqovb1mKYwN5H
9RemtmlD6+xYPMBgFzgn8URp6FM3eno0P09xihtZXBwcCZpn4WNIUMo6mr36P+Icn/mm4xjhFDAd
IkKwkvoy6tlMHeRkR9kPn8aFwMBxkjYKWt1gMr9vC5ow1Dt2LbA4+1xd1AtIaAoGZbG0yXAktHKB
IX8TEoYoa6uxLPmiGM2oCNcdcQmz8NLX+PtAR/QJgfg+hgr0ivjbcSv1Vjd6zwXoLfT/osUL0gAo
AGw0bi8uoIuKAEMaJHRvkUXHwSKORgojcXFZYW7EP+725PMeFhgtIDW92Wp+Up0vRFQnSf/QP7Pf
dQ9SlMEUNJ2Z1yU1fFm57BuL5iQZk8vVC93k2OZmNo0TUKWadETSGRJB8JZFwTE1flo7jrGqcSRo
wjfZPq8rs3R15EYBwYQPXjH7ZHPXdXbm7AEpmpRkAhFTiqcBXz0SalnX6/MB5h9bdOFF83x40VF/
xjImaJOsNbQAFRym7mCSRcQ5lh80DuM0WkDaiewotqkGBE/ssCADmw0h21t30GdDpP+KkIwCqi0U
gLfr93Nl9IgkJSuHyzGH0UMxejylbSZDpXqymj8gdVm0c9x3bKJgR5cS7uE2hqi7Xe7ADRLHvmjk
aeCb+BRdxbElUjnKv/TWHukEtyXnMqQFhdMKJ4N0anOoS02lGr3NSIfBOXSZn3cFeJjuq8UIe7Sk
cnw8deW//JLcK5UjlD40RgYK674P6FGJu0FpXa2h3ODrBos1JhiAc7Ich0Dw5/ZOZF8Ao82HQCIe
wp6egQWU+/ULcCqXAO+pxwOEt6wcWV20XBmpjQXVHrA3OZYNHnNjs60sOcX9u3jlcKE+iacuDjtK
gZqFkoXiFEXyitlaBBPksDkFHUmuqWmAwQXHvEGuypKSGJfXspqwN5YlbSDQWuNVEokmuLLpPkha
snA05g9A9YUerEskroCBB4vEg3JXSkm0udMSQmnBrGhU2WDVcEDl2l+vvmOfG329wYxBPfZzO12x
JxipkQSK3dQelHN5Ua+81aaywuVaiJNbcXhGgB7ANJqoIS6iUEMGiTlLRtbzCMaUhu67I2vcalBf
UWp+wDl3MZIJp9wrZ4icyZQEJ/05B7P3sCYeBLrgwjp7H8Eel1voObVCbLUT9XnoVUUtdBhZln/2
qIMXPJaGnop6GDB1YcjM3BEDXptoa7LUUuREpGJ0BTBwaFRIY2XcnmUxOzKqsqhYoa7cP0QSvrrs
dTXwUJtAGDtMHkZdAERcjF5goEGi2r9FslajaLG9GeXiUvJHqLRQJufZlsBYZFwjD6SY7gNvknJa
5DI0m7x3MWhaULa5VPkKBBuyvdDbsoR45WbK0jKHS0mLTSmwbpaKbiL+2OzORf5pyHABRjgVut8A
4erl6zbo/Yf2YvVO/vle73VjgBD20DcwMalGbDWy0HRLGfMcttK82Xj/wH95Jj1KvqkdgoUBFmep
Z6HfoC7TbxJbytl+zwy7QYD/929QdN8YJjztGBjxoTDFBMQ8cMyEiAEBXW38NJy3u180jmTjflgY
lcj2bzgsErjqr7cWHfu5PMWm61/QGUL8kSeCkIngpXtckjjxC03bzfZXQ2Uwookbg1J5/sKHUW/k
b/T8JPdLQisbd1jqD1ANzCsFPqysOHU6sgfdCvJ0EYMQwvkK60lKQ/nOpnu/1nG0YhPgMWyE2hyQ
R1/fr3SA37awMbYp5aEyVZ2assRKynx8jY9Z+y0fz8hJr+q9YfsL8iCC7kdlGSq5KMMwXWE5IWPn
pjb09233imVC10jEYNkKbYPZ0Iybw+vrYQztRUFzkQN1zoccMTXWtct1wTqFIHFZANp/y5fbmSnf
oZ7D8pF0mvJ5OY2KF4+XEW7BaIDgB3JnHyj3HtBLomgrKMx//omezTE37JaYccBUTV87Q6mRmzha
GUQAna6perz4zUuJ1f4DzAbfyfc/PwXk/OdX1Fg4mVn/80Wl/+6VJMb/01eSGFmZ/28+B3RTSZ54
/93x2ubl+9f1/u4yu73pcesWQ1GRKTriMCQL8odIFwgkIiIQTCQRVJjg/L0dTCYeACcgvDRvLKqo
oKDCEDOrbVZ7dPV6jb6FhhOGaZuXs1r5yEv/vKr1rHK/HFZ2Qav5+ed3xtPpTNZanV6f5/PFn8ff
cXi8nV6vN8+Xa11dXRvWrs7M0jdleRHh4PuAyGhZA/rLq6utra0vLy+x0dHbXW52np7vI1Ho/J93
wAie0MvgvUijEEKP9wAG1ny6RC5oh4CD60Ld4puzY8DBDX/cI5Z/hYNDGEHf41lw48MjjJ4ekSqZ
EeIRRNMOexVfe/MIYGTFpUnkhLj7M7Qi3Ca0/v8/EEFXtA12z5G9z9vVPKtm7FqY2YTFGxjtb2z2
ES43JxElOuI2ErsE9DWRUFu+KRofabcL++vOgxktP78Ha77ab+vLcQojqCR47vd3u50OLydna+Mr
OKa229g42e0uLz8krDxv+9uDoo+40vyJinPwpbiCsLi8ec+nY0qm9kIE2XhEaW3wuHmEwhgZHneI
rOb7hXvIJ9Kbzp9R2Vettp+1Nnp+rWDfZ+w0xdHYbYwOp99w3yP36+vrwzsNXshut/LR/O389/YP
u0XgScrw+DL8nm/uFwtH5xXkcWV5vL6fVxtJv+dy+fxerrZ+z+nyiJ9SMsmXlnmG6BQ6dgZ3Knm+
H1M+YdiU6Rt7XhwsD02IJyUx8HnYfX6/vQ2/7dx3GbmNidnt9bp8vFwva7WtyfB+q6r7taIaJzM+
YrMLrrVYrSU6TREvShUxTxk2Uhk2UR86USdBVSZBWypFWS5JYzFJYTNNYTVRa3Amr3eoXnVbysmR
spchqcvZsrbV97aUF6Cqi+lQF/WGKK4pKUzRlhcEZyZXcnSolk/P1vpnNuU/lE4/jD41VjHsLi/C
zTKL2daQR3895OXGK45Oi0TDPr3i343vXvSv3wyvn2u3j4VUnOpUulUo0ecvEpSfSogEWcBM8SQY
ZSx6MtXMUMWYpewapIzy46358rTu8BQM0am7x3ICcKK+cqO+CsaKKtCXDPIlxJ+7GE+fWQvObXgn
QHleQXniOHY5XnLbwcAHNbgEN8gnNwwE+ArXBeLWTvPeTPvglVTqmmTyqYIRuoQNYsWG6rHGmPwi
a8uVsuNP2rDIIs1P3vAhEzbPpeBI2D4ZP3ul6DvV9ZyJ4SRWP52n6WAI05YKnY041uY50+bZ1xaZ
aCjfa7Df1xbU+1YdiMFmhzDC3wMbN8fh5vM2cn5iO0xPcBugUz/VBXDt1Z7pEhpqmyRov9EwPmoI
J2vimJ1Ybl3K8N6yDtCRS9NhI+HJWbDJWD/RmL9UdJ2pecq0Op+P9kcWXc6ndkJYe1XhOVNisa+t
z0MSVe9DLppj9OunrCPvE2Tg8ea9HpVFGuMLzJBhZuNg0L+aWT9Ra3313uCrc2TNk5LduwBWv5Ap
zJIt+mXqoF0dZ9bIde0oEn3ivHUCIV/iljdzLfhWOF/Y7olflgiYlgionhDvQIlnX7BAdeUGph7i
AxfN99HNN9bNB05Rxl3X6+TuzvF1CmFwtWQ0/fTOoHtWr4b1h8nVPfn2mUb9uVLhsWKxW6HIrQLO
Hzfud+ZYm35BcaCGLbtx3o4wZVmY2KX2RD93QMkh4DAFOiShJWfUvCPVmRPKBB28//PmbwFe11+8
rRmB2Vx8GMI4yp4sX4jkfqdxxiyxAYzVKeFG+tboM+luJZ12Lashm18Bz2OFGmiSNWgR69Eu66cQ
VwMYgRpqcxvdeG2Jgvkn0bK+invcqC+cgjCQC9onz1zHzxzHr5snz5unz+vHUDZNwevLG8VuOVLo
66XQDxBGfd0r6D/GE0xGRUFBdpiPVOqgRnwrmb4tH/Sr+JDgRjbkSu5qFrgvnDooRhs7L5xC8Kf7
HYe+1W7MfyeQv2yVR1/QrZsvMcXXNkYXlyjbOs8lbZ6z4UJVg+ycM4HAcQq5E9WFSXM1Vt6SOMzI
qOjE3DidboxTpfBcqfRYsXBXs9Q7r48yySRv3iI1IikalmNeI3LnQHXzTIHfOHfpId/BCxCBFstk
7eRlXVGFYAf+sqFhULFukrPiwyRsz1SzRCWrn0RoP37tSofUifLajuKKyqJohn5uXPNpzpLkMeoN
5daufsWr1zHXJLXSJbZTJrfU9t2fYrq0voqsT9Pz6Fy67+yK3s6lx3essejF1bVFJq6kw8apU06Q
6qKWxpppDGXt2CX/2zlvGilb4rJZ5oTYm5AklxaBC82Z+9SN+xga5+HNQ5173Nfadj9Tlego+hn7
HYWqS/Xqvnzbq9czz6wm062nU75HTmCp4QwtKvlFGRNonKxqKmTjVpMRwFrOBErOBLL8EucXoYYJ
hD+pKJnlqXPO9BmL/ElW2Z08IcYptM1j59zxIW3LEl3Xo4xcmI2alq0wt4E1mqKTnUkGoyW/63yZ
eZfWCd1r5Q7eitfc2s1jtfJz7dqTFQ/OAG/uMDCb/nTuwpEu4/HwFXfG7h85ixzyxTdDQiVBtArc
cv2cNR+msimmniWaliGclUaQVc7AJc6c1V85qxnXq5g841Q9M1w5WTpjxFYn2uWmKeNcRmC7onvt
KjfOVZsnuj1TPaZt4ju5j89UfOqwQhylDTb7xzK2bVoj/lYj+ToB8zwluCiEvQuDNRqmlN1Hktep
559LKPpAUc2zR5S4p+feUdFyUzDfEzLfEzC7ESx4cC7yxa25EgeaJA60yFnMlZoUo+O5P0k7cYoO
MNE2vOodOyVKGy2WZVozdK+dO3jPXrzYznX1sWJtmWXOHGlPHiu63Oq7cSG37kQCiQpEcywNsEwD
rLlmGbu2Qwi509dMY7csytzTi39MLXJKKXHRKnimVHI9pLJ+Ia3hSBnjy1vzoW050xTS1QR6HYEZ
XKl/E4NhxhiRrdXGxSpFn3uh2riUYmzdKLXslIhttJiGWe3IvXrWAKQacKzxtAyVGAJEGxSASIwd
au1R1j6fRWvCjTVr7sM2t49R1UE3TLHUADtnFN/HkdzHkgHWtB5JaieJhNsggXdmwosTya1igqmX
JTshjI1jXlWPOKzWVDOX/v7VPlJhmOVE+hTj9Mw+yxrfaFWTaZfkS/EhEtpf4njnfR0vq/taYH6T
kJ4qzKgttZAcXdQulsxhOnENN727BFPgQbbH0jPEUvNobvlxQJLr4L118KaWBHKzwPFyoLFakG46
VF4aZADrqW7pDFT1TKdOltIIadQUnulFvRQNCwt35olm61j+NllxSD02WSOnSqTqd63SM3VZaQux
xSV/psR4psYaTGCKMZGwPAAxO2AfK8jxYe6dJexQp+NwG4EDCMAs+Rtf1oJd6Kt9NYhR+0hj9oCj
VRHlrLAYX7MOVaPmQK/iQL3CpYEnYWJUU/JwXbuWRNo4raFhYaGgYOALLwR7Vs3aNb8ZdK0ppTmZ
FwtOpHWdwbM/XUfxNgAi1pdDiz9aVJo+uQR7chN/kCnydJ3Jc5bJqwa6c6YJYfhNXGkL9mgLbrT1
QtzhuZAjVDE7SNE6SCLVV6TJViKoU69lMiTSpxfVy2dqxVv6KOrXmzW8gUxieYfHhqm1vcJWTIGx
eu9CrzdxrSvqPNjWw7PryZ77slEJ98yZA8W1uPYm/uwCpOnCIpyhBTirlY7BeUiT/ImrAXZozXeE
NiDReoIKHgA3wlInf2IV7uwqaGqC9Q7E6jdE6mlKqA9filc3tatX2u0L1d5JiLwnw1Fklt1utyRG
1lSKcQQMMxtbKEfpyaiGT6l1js2551bjs9nk6ibDmmZabRPlzrnTCkeCG1XfFk+XNLZ/iANLHYuV
Nhpl/a8vJAYjfPQeic1jN60TyFizO/iyOxjkTWcjTReidk0D7RiEVlcMafLsGtxZJehq9ZfqdYde
HKUXCuUXfdtX/RsuPSRlEYyPlDSpfrKiaFzszlC/+oBXKVj00EMLsnlNp8yOU5WIwwrDkCRSKbPJ
Fx1D3Gg75im0M5HmcvAmVmGOyrSsV1A2QS/gTBV6Vmzyu2pHkDJHUA5Y5qmzYiIMgCiblVjzBZij
ShCn5UCNzAOcGYWXG2gXvS51axfqn01cw0iVhxStCfYbUcVoMss5fu+gTzltJvuZySk6o7cxLOAv
H8vfDydm81SaLoUKu432HaIH700pleoc4IabzkVbKnRNKnX1BT4BM12f2G7vOiOq9JFePEVDTF2P
Iq5lv8B+zKngs7x31tlqxtVS5lN9BrJ30jY+AjssB67sui3bONLsONV7R0ANlRxpN640QWycqMOn
q/p8vzQv7mJa4MtMOVO3I3kJ/q4LLs6gWHldm/oIo1uGScEn5CgU9CjTY2BJ6R/pOHTvE7W2DyRp
3uQu6vw/NZmu7+yUXuzeR6p1riUbFL0rKOAfFjxJKrsHx2xFwWxf6Woz4WgpCHRnmy4RLUdIXmMj
pTN0K5fXU2xcybbOxraB2VKtHKh2fOpPJU4DaWZNreuloWbq8LCwpHpdchjIyKzsxF3RByG1ZWVm
bTqr/NMPaRkntKwzOo40bgsLV6in0XW82MlfmSk+WG0fLAoPuQtqr5u4uy6aBTRBEq0OOOhM0Qd4
0adXcfvmwY2qtfWuYGzUesaUeta7Fzvlxlq9q6UikFzK3bO95kU+B6NNIdhXUGzrxlS/ymq4Uxo3
yDhpqizt7RkszrAMrOk0D5EwTa7G+wm+9c7xDF7lsp768Kd0HWke8cWZ+ziyG8Y5fFpYnarEeZ9S
rK7VXjtrbFv0/u4KWs9ye54r/aFfgjHvBbJchLJcA7KbA7IXf0UJjO36zm77ZuutxW6JLI1rZKlE
wwO1BiM+kVX43DkgUXU2E/k8Eo3SikY5uVqJYlSOPMRYBQ7miRwOrsbjTuJKKTHjBPAvSfY/AGgV
tXQBDxXJfZhlPn/vXeiiZVFw5R+D7IbZXsMmo5PRppMsHBEhUzFULZ2qZN7K17flSr1y1Q6Ftrk2
uROhnki9L7o8T5Pb97qeiz7nOh0rrdYLkYZuUKOT+25V0w6o0l9VMotqeNI6HjSSAyweLR6RiSaT
nciUUuRJbDlSUFLUt5eXMbf4BNEzh1IPaq6Y2BgYCM6uVFpk3ysEf6CDivsuyb9l2Q1KLF40tUoX
zxNd2GQS4hFr3Mqk2TbTbPm0OlcanMOkMxqlN+DWoLzvZDZ6pDZ6PLusntXpWLNwqO/lqOw06xdZ
/EYWpkdCKaNgE9GwSWiYpZL5E6vt/5Jj0bh4b0wadeyCJimVKpklRwJWkmzQE3t5SR4tKcRKTf9X
pC8u/5J49MjdmjX6LUr+ffth9FOJ3CTBLzhAo3cPYhQjYUWLOY8FLSVFjnlZDV1AbwPVto5m00D9
PVl7bOV1uvZSojWXattAr2c3pG2S2XZo/vIwhDkVvfjdwO+78L1O+n5PDYN0HJOIEktCiSerxCSp
BGRaKnk5nZg8ncSmSaItZ+jq5jby8lKT680x1XCsdvWXcdPtbfIUKK1tj718aM/oNWd9lqI+Bbgt
wwwmJZCprTQhbpMqHKkV+pkdmyxmMRY3m0cdUqYdl9NOa7+O69qm98x/1S9ENpwbH2g28fwRPp+C
UU67IBWackZGuxym2cHvOhT4lApyFy0CGRGGtIojocKVVeFKLTdObJ8lEZwgMTi6f+t/S5yV822u
D2MgI7O0FXPFvLy4sLSx2XGluPKrCvUpQLyHzzkjBUc6iVk6hi+ZxJcqYhKrSAbIddicFGZW4shu
fZfgaj41f880+mUVZ0yFUVoDoM7lMOVsmHY+LEBtvxKbuIcPS4kXrsoSrmOD0jZK4VvjsL0pfG8F
P1bHi9T2Yn8VWtQA2CCKi4uruCM0uK7dPEzKNJmuKG9nZmYGnda1QnFG/yHUOw+hV4zYq8Jum6E7
6PgVfOIJGS465XyUdh035tJhOxj9lJh6SVrDA0BKjUFCfUZWPR+hUwBbWJhmIUq3Eu2vZi54MLUy
dNJCdPwqTnUVp7Qco+tE4FkjOL0ZxGgFK8oUqWOE0fRtn+znTBi3hraxUuP+E7BeQsI8BfyXloJ6
cMDgEctdz7vJH1AjqoGo5cFUwwBk0MKSTUbplqI0S1H6lejCWgRVpDYZEg8be9QeIV7vDsv1Dyid
WqxOIVpn0NpKQuqVITWL0JpFKPV5SPVt/IJ2fiVFdiFFesfnAAoJRX6pCYZJep66khLSbmUBjKyR
lOOaK6bVv8f29lPLwMlP0+MkuhcdvRqsVjVmhwZupEYhWq8IrWGE5RuS6jFxWrk4bUkJVoMKq3eH
1Hoir6D0q/avyEtdCg3nnkbvOomPWpowlcBj1SB1oQvCKhZhdYsQyvlFOOV5SOV1/F4pcu8Y33Q7
c7y0IcjrfertrOQnqglpTwExTO51WhGADs8Wgyjdfr1k4O9eavsEqXUi/VKixd76kY9B9CoBxKhX
QQPpl8hmcueJm/wRbiD0WwiNRmL7iVjpZZcyjbTUG8+qnbS0W0DHgalXUHp1WF1BaVoRXV7nErEz
qZl61EyDSC6D3YGN8BLCa9xgRsly0xOTtIbT09POzk0fMV8oKj6pC9/LFiA2c3DbeZjtfB+LotkU
WS7Bdtvljm7Jy0SJgCxWYDaLNzul163im5+S0Y/Fpx+lpTzPyoO2jNTSH1OJKT/o4uu+X1t+SS8j
sssrfk2zI7JEPiVu90IKWBzwlkeIo6YOpB7UfxUEgjMrG9vq2lpaampKSoq6ioqq+trqygori7aN
rWnDhjVc2Nbi4ubqqJXd7f7jvS/B2cUFGpSD4WZUMP14lG0FkiKmKh2KkNCyyFcsHF/cGhy0ti10
dYNG9ejoaWho6OZmZ2ZmZmSk1JOWqmpM4hRtTRXZjbRnyjHpPzbcc9c7QRUbGxsj4nzLU0fO9dwD
WgEChHCGiwE7wLspsk9ALm+eo9VxiO9x+G9fmkWOb8O7YZBvXcZMFpZldla2Q4Divr6f7y8vij6v
V7rvjiSKHTFhks+JX+uCoPXkKIE9sy8vriwH9utn6sHa16JoXidvvJJ1id3F4MbJjDlwfIGSqqqo
DEMiRp2IXfXCR/fu3nz44mYAQA4RZLB9vGNhLHcezJ8TTCTxYJHxgoQUQn9g1AoHtdr8jyG+BwHO
Bs2oBNDzr29uwHr0MV46tKlKWVlZC/YsFR+sTCeQR33/5N1P4hj5fZ///vm8f+5V05WUlLSwsPDw
8DAxIa11LnzU4KOu9zYkraoFi3QeRq4phtXQTaif1UUlzRcyUwAyvQuHkxVAh7QxAHTVj2mNgNlB
ZJKgMGbK+I1dO7mH+VNXt/d5nvZF88fpq+PEJLyBv8f3Me/nXdLgfeLPQAETG/gACSvr83qDERgY
GDgcTr+qrKyslpaWvLy8qqqqtLS0np6eqKiosjIyJk9miqK6+tr8vIAwVxDXOAFhkKOxs4uLmYk+
pph+xs3s+vr60hLyOGtLK6kz9LP47efJyevPiR7/xF+MHYpP97fqZBgfcWt237+r8Nf4PU69nIoj
1mJFEaYKw8LGMlmt1Go0WySS2azX/bX+Tl5UdOT5cq1Ou8Nxo9EECgrK6+VKsMBYs8EQNPcwMhjK
ObTW/yEGm52KmpoevcTlcnVgOZFUWh/zRfH3FH2fCKhzAF8anU6kY31OUlJQSYfOfMrqktfZ7nFh
2t5PG77eEfnhUe6Pd+7/w947B/fWLYuisW3btm1zxXayYtu2bXPFWrGTFdu2bb58+7v7nrPf3VWv
zq3z6v3xbipVvzlnz+7Ro0ePxpgDn72Yb3dn7F97w0uVOTx3GL8X5il7fhguRWcjpdSOjIwMDIjQ
xFBSUkKYU1BSUIxMTg4BRbDCvby/v+/uGlrN9AKMOopCuntNjI0ljhPEIiURB7YGbeiYmpLZ1GER
wSvXBpqgLPX1CVXFHgPx9pEF9oZFRgqLL1cYrIV4E9RUcpvoK/jufurp+cSyZlflPCu+EjM/bvl6
de6utDQTt1DZvfccGeHZD25iK4f/4mg++G6lyJhUkQ7azXbXq95AcGVl5bm5uakcXs/P95exVPru
t0tulNmrBDfrIuSfsyfWvQNrQKfUVP0EeBvdvl9/EskZbncHoTFE8IbiycjJb1AWri/9ALcHAWvA
IH5hoPJKRCVu9MaenC1hdYcuIL81TpEbe19zfxAzl3D6xFKeW1hZ/OqOoOVyOYh2cx+wxI2BO34S
vw5h5wNB6OA3LBi8inWTByHnCBPo+wOMR3g/A5nLVahHbg9a7CSU0wXa5sTaGCCLEkCKkb8lbFGg
AAh2MgdjJ5prur0PYlSoh8kw/xpSqaZx3vYI133WT53r/SY45csX7Gs8xMbvbeN7VG1hkW5hlVX8
Nah8xGu9zns+6bnq6SEIp7spx9d1RPf8W/va8eHO9a77GBHh2P2kfumAOk5eodbWbiQ4TuGr1u7Y
0E1EQGR/sPba7zosqq/AScxASc7GyxQtKS45mgdK+fb2Q7hfATyZsHuaAQJNf/RNCsH60Wub9D6g
a5py/9yzd2ZtuHcNfI/TxrLU1mP9OKnpxV0+cpoh8R6mki1n5wPc9+1z4ShwDrx7jp/JiBl4yHdt
iZ1A7QcROi61K+ex/Ceg7+1D4t19wh0H/dEh3ZGXjZjcpEOMXBIODmW2c56xr+rkpO7kolwV/8qK
cn3Tm59IrOnPAlRa9TzZXjJrfLV70aezXaqjS0LXTeXJsaMpH/SvPYfpXOKC/Vnmgwx1B9ehA92P
Z8FcX5tgX/Oh2sSXm6b1yKv969y4Xf7Ovu4P/2tJWq8RQLMcV/Iy96Chy8nFY1xOzZbhfZvoSfP9
Zhynu8WasOoQVXNpaStrG/Fj3H6/63YSGJjc1iGImy9BGf54z08hOEQYcczcj/wV/AzGcTiGfpaZ
ULmRuQxnarqvr7R0bhKP5Vxe/WfEt0JmsUOJR14BDGLL9Mbvn8Tm0HDvPgwDgVU8gijJtf4BPoMo
BgJreIShogsDw1wGMYy4ZnAIo9lHhjp5DGIYiTXgIEYLz7Rl8ihEsKILwL60Rl6Zc+QhCODZRwAD
mVU8skdIoyBAC08/BjJreOS3IMY+v/+fFvOpE/VtsKNjY+Hh4V1dXR05sszRpFeJyR9NBoHxjc9v
9obp9bred0LxfV5PSnP5MxQAF7o+Htc0ogZrV+p3AZnkLDx7kiYoaWiqKiu/PVtnZ2eLzUab69Vm
Irk8Wp+6paUlTSjxRTzy2/fLDKo/fsxPTxOYnn9+vHXH1oWHh2ey20IFCzGgDR+MRoCPcBRfADLb
SEtK/lmoVOPm4vp2KQjD5kNdb5ftLzXJ9LodPbcRABBDCDBrq6tImprFvA6Geqo8+puzmpqaq+vr
40d34ODgtltdvJyc4RyPbxjABR8fHz1NUYNcY1eNho4yZ6fRo6POmMFYnJxUJ5jtCQktw4O2keEb
SJi/SYkcHN1A4qs8Ae7CVtaxcD9krdZjggY2KCkrMNM1f7u/ig6GUleOY1WHJCerqKrWq1dVV1fn
5+fX1dWBw+O9ww3l8HlDcfhTREGAAAloKSrGZ2Zi4+PjY2F53OwO3h1NcXNyrqysaHz/qaunpaen
p6XhEEs+8vq5izCxs/O73+6fzJVeXFzoaGt3dHYCAwMTExMrKylhwIh9t460NPQkjt2t3dFkdig8
PlDay3Advu87YvIMCOzM+2qTJQNoIENkS/j8/Py3C93e1vf19f12v/c+j+ca354Y5nC+XHk7uki+
B/g75E1TAEEQFxdnZ2cHQENAQEBDS4mLi0tOHjRmGsT+xGa32Y46mykUn8rl//p8uwKc8pqkU4BN
zuX1DAkxhyP29vZ2CzS3shqgilJIycrCwcWFHZ+uiY2NbW/nlnB0cRlyk3gF4dne3vZDPV3/7fgt
IQjirq6ub0fat4uKjp6akxNDoKqiQroZNQOO/u15WIy+Xpe6Nzvc72b26nIBCTHejvi/wsnMw6z5
O7UNDwYlaYQwdSkcHBwQGGaM3NzcFBQQhCgMV4Oh0QXa0SVzg8AZktMUZKiPhRh6kcJ5kQDGpqbo
qakra2qGFYXl5eHRpKyGjmH5J3/4T3hhAAeVPZ4uUHdoGv4e0L283GiHMHFrt7K1tf35E8gUIvkY
mpcoz59lgEVE0S6mN+7ewg2gIZwTVDNNezoYFilFQoQBIKRQTQTbasb+JyMTkxB90r0pzPJ4Yt1S
jV4hU7PxvUN4YezMjOL5aA+tqgzIn9XV1dvb293d3Y6OjvNzq54QRr8WkgQ+Qnh9obnZWSZm5jor
VBQU/Y++dhIiDID+eFBDuM41cYR+RvQAjM4dcJ7uNtUCoIqZMVKsWW7f2ggT9LQdHrQjjGPQIv+j
7yTSL7o2RFmvA87PMYEPFl6fjbEUgnjZf48HMBKd7YWjqkfSwsyM/PEIACYeXIvSahUx8lqLxCM/
C95o+ZeBdEiGuVAok0IEKnJa7+F3kGSAX5NOALvxHYT3hLgC4rwE2A2w/002vgfVRTzNkC41khRm
B1oQLLR6mdsgVQ44xIjRHiFzSkiyG246H6YbJW4AhjB+COYRcdqOIfLymgigok6+H8AP59GfxBsL
r8fKUC6e4XeaoQgqTUyakwzvoz7HTAJIFJyh+psPtdH9JH6awV2sPoS2vXZIJ6YuIML0NGIBqQfI
wjEW5A1s/7NsuJqT4GXhH+bct0wYnw4HV3Z8/kj8mrsxeXd0F8MqLFFH2Ou7cnJuegV8QXWFXZ3p
Zz/uFFsuBEUWfv73NTEhb+z7RkOjWA0xIateH0jbeAhWCI5ndbhHRQ6vNNDlGpuhgWGsewfJq1E/
zPMeLKtdFuCifGj9qK4eZjfhZZGrvMuWkk2qbvjnHwUjDVVnLavvEh9MU7y1F2qLb/Fc3e9lT0wL
HvIz64uBJlxu9YO2vUYXD4VteQnvMgVXZZXSPmv0sRcXib5rEqYwhqbxDINp5jLsfMT+5cNgMGvk
PX7bwsAhpPCIFjncjIxGeYpRmJuMJ6LKONMCWAxgVsul+cog7FwGMN38sKplCl0/yjG8LI3OrQ+3
7pNRK0Lh6HQ6H9rPN6CKh0qVmHlKH35hjVaPFm+ZqfWt15ZBc25h1UGTDdk4ky5bBbtzdh7rtXzZ
Yv8BMYTgLU3TIxlnNcWBHMM87gODYfCDIvEIB9EHMP0UhCnKZ8qeRguLAMbaBPKja8vrx2oTLs3T
zPLbupJBlgVLol7IGCKB4cEIq2evgy/HOTbWLLdO1DIZxDyBrGOvuzWVCbPkRUgG6aBNx5CArl1t
jpBb0y5MS+oEB4asVgVbU1XktWK2i67wIvjJxziNoh+7ay0Bprops+lcp2LscYokM38tIjvRQ/Wr
mi4Ia+utv9ByjnjrMCMb17BWdv6OLRABTP7ejmRtbXRgIIdTwFUimbdV9+hnsC2h1i02qgpepFIh
GMY0C1Gbt+dJVIFUC2iYdA27ifJm3iwVK7BaiNsyPvYfLcu7Z6ocWWOGQac+H8i7GJC2a0uC6eDv
phCz7QeI4hCbYL5LYTqlCCSDJUSUBLnin4GewI5DJr//fJtDWYpzyCBzVeobIlFLpEIpvZAlLki4
UBsabDrmYiZlf0c5GY1Ya7HNtTDFYOdb+MzJvkA8Ns7Cflqs3pUh5uSEP0SwbqU+uF8rTdCD3cLG
03E23WdeGChpflvodGNMNhFLthRrjBxeQyV/FZuoLxs87GTBJMcyEXlLErlx8wdXqThWlETvwl52
kZ1oyeZEu1eS52dDgky8m4wwQ8Mc50DifesRkEFfzlNMJ1dzrJwghZ0myodGtGdGJ+icvo8yk5kI
QbPV7JuVIRyNvuPoLNybqzlG+nXs2kQiVQI6kwR7EGcfH526hxMv+1vz9JOUXAQaHhhLvDyUPnRS
QeVgkoQtQoZ3j2QWdKhzSrczo0qlJNf02u7JwYNiwK2pbPtjJ9yjN46i/fhRZojiZ7cH5cgdEmoV
Hb435x/I/NtK4GPCTg9WPAIm3L7MIi1p7VJkC+HKpmtONCpMy5nOPlqg0dt2f/dk+PBLvVumybDX
2Z9BnbExIj++WnRIStVhUGH9MH6BAokRkw9FTeqvfOgXBGwIzUp/GoxqrL6XIqmaQh1AhehNJM2S
rtZd/ZRM4jkIDcfxSaPseFOa3z2xJoRzByMrxzagWRBOKwss7VNXtKW0vdh9qUSxrqBRfXYiCK74
vRrzYkMhryUKv4WP9+FmGufSf/Wzm6q2SCb4plS3G6u5sP4ZTVfJe9004lLbtruSZpK3GJygguFt
V5NApDPd/6V2wFq324cSq6rs2y2KFEzwNOBnHWvwbLvYmGdo3X4BrOjq4Py7Pab+uSURJwsH+388
/TfLOhkZ/yvrOv/zpo6M7P+tCzuhtZMPMHv0ekw3SQnpiBy68QQ41hXjZw/rq6qsLTQrO3ZpGccO
UrSWZJUtM0tMqXTtNLGINpFE6n0sx1FmEptTmNrLrKidIU/lrac48afAgXTxeobRn7y6r8j1yD9y
Qo9eur+e2rMdfZ7zPX673ey+3B1VVlTI5fBoKCra74/EA4PDnW92tre2uqne0Dir/hnV9AdR6Ty3
AkyGp4D/zrMnJyZoqaioKCm/vdrBwcFwDC63/a6IicnBb8cjOu1WvzzWd+Vro+Kzin5OyBtqtPcB
n3OYIgIf0fP8Gi6W0w/Qulzdy4olAgeP8rAtl1758+FJAfmBGj9eFu/zsI8Rj3z0dFYR24Er779B
+AO21J7mrz0ob3UV4ZvfWJhhW6b/APVkh22JPU7f95I+Ep8F6xovInwgdMMG5C7HZvu3I3TzfIP8
KR+NVJA7BffvX4l9fv8PEGK383n+SaD0ufgidOdIFSEYgY8lKH8dPjfwE5HPVW1oCbxMHX5lxjEs
Uakr/m6L5jXyWx2zHf/uk9m/FBaI0I3zNx+BYVtS/1IYntC7KoSPIb8LmE/IM60RvCy+tiF/ve6x
qCnsDcNuy49/UGQAudHqw8vgYxj0qfpZwB6WtUkctrX2N48GYVta/8IjnvA72v+g6P88YfZNMc2Q
X5V1BltE7gpywDZnm/zRyEyfY/eJ/F94JEbo5of6B5oYoY/tv1SNHewmk/g5/GMZc0Tk3bThG0RX
h69Bf0/UEIIR+txJ9g9Qmt/zhP5/LsyWaPfJ8+9akwxcqfxLYYmI3al/y1EZoTt1WXgOvGQ5VkX2
Hix+zhPsxlPw71qj3rzBfrfnNtJb/IMQPZNl2BFC99HfaHMI3XoN/5nHJ+oBeDaMPlbaoO1S31hz
zL4sSxoGaPZo2BBfumdGlHTWAaeBq9SAXJxvwtdaA1caj9NOKxEf6gsitgicneiI/K2f4wjVFoQg
/B+eImMINi4YY3MBuTJd5zAdAc8mdaElmQrn4o7QnX3rb1+4u09J/5AiAN4dM5rbtfxbL9HjXLd4
I4wZkc/e3ww2IHTXfTdLPerbzLpQDcPT585H8hCQrfscn1av/BfeDJMX7g027fOf/bHJHnyE7vh/
fTcxOAqUz1LizQr0H+zY0e0+FW2TJ9JzA9sS+cR+V3xM9Z/c6Pk995ae/8z99Xe96UTe8VDfjW9N
zPQRd9mTeFl0mg35M7SOUQ83vwwH4Lv0xP5JFKFrfEQdDNqH6aWeOS76+SPrX951GLgq/VvBUMPw
vepqHgNFz/9RwCGBz3XTYUDuI+r0XzVWI/SBh/gHjVqsm/bcbxqsTC+zf1djicAH+G9pXBH5PH2r
VKxsHX5L9jFvgUkr3E271j9a+Rpv9wn5WzniSR8LfwfrGlx+1Ii/+9D8Q6eW/Z4f/uoSmYb8Ntwz
3zwz4N+cUf8NCnre6P3uEvUDPiwt09TjnV+0YXr4f6ub6gB99reJsIr4aL0QuUKk7bcO06P/20QQ
7qYO/QvWRZhexd89Anw3dfwbxDbos+5S8BSWsgMeplfwD9C28AC9/zdB4/APc5t8tTTPL3xCH9W/
y9JD6Fb/5r6O8nGvGbnzWyBfEc+Df3c/KYRu83+p2JXQO83fMt0I0wP51uxllDf7tfBNYs0QT4Ru
u785pNxF/1cOmQboRf4hqVr4G2jT/yyN6ZBn0L+7LByBz+e3BhFL/1Mr+MOeXyD/AfqMeX6p/8+i
f4YfmBL/21BB3JyN/ktZ/WG5qX9XOTcsF/xfONQj8rn8m/kaBH72f6mXb+Dzxt9GgCPk2flfWLzm
2F2S/Lud6QdqgL8pjiD9U8u/Ap+bkP9h8r0in5tM/gUNZNe18m9GUHafiP+ltC/0m3bRv/nHunE0
+M9otVA3jkjfFNkDAEHihi4e8NBhL/T+UtsRTCifdld0dPQpKrS3DYi33sZv64DIvo/jrYvydjIX
aToGIscVBSonDMLfSZ3nHoiVqEs9cPVtvZ6gWEq6M+ApWretaOwgNa9+mNwudAhGS8LbtGBCr/sh
v99X+x3C/pTxsEbovgLh36CeTvv8yZe3rUht5B9acy+nQqY3gT2fdr8tqGzkLy4P+j/Jiw/UCF3P
dQJFn9QcAkNtGhvTXDcTdyon/1G7A2Ml43WLLK7ryaSzFXuPwef/BKZDp9fl8f30UlFZ+JNITk1F
FYPD6bDd47/hMBf960pUqrNmHq2YjbJJsRxWKn3YJzJZs3D+Z7EqZXLhPFQxSzvSMsQbLp8XBwcH
xsmb4HV7bwimX3X7qfxH10//CD0NjfTUVPT3goAt2JLJRurnC6xU9KbMSMnni/XfDY5Hp3uavfLo
79u/gZ4st+HxAl8KQPdSU1OXSmQfHu7lsrkgfdq2wbGynGCfN/JxPRV6LBu3EkiltbUrcvdu7u/X
211rtksRfQ7RLXQAhTlgGY8srdmqQbsxmU3TulUVFKbzhUNlHvWF5XgbzS0DVgpC2FapQG35l0K4
mBOp91wfz1eqqmjunsKjo395/xn0U7hmjnQnZj/M0PlpvoeIuxLooAPYrVwqB4vLNf9uwsTEtD2q
a30F6cOe0MJFFbjWfhhIZzo1Hj1BC9NdKB77eLW1JeM7nSdoNplVPoXX8W21QfsITdvpNvxiW5ce
ZPFhV6+2ewPDw8MPrxgc9keg0elYRnK2S6E9CYRbn2a2mUSVH1g5Xnzeb4bz8/MPrxitVxvH/M06
6B7ngnuYpV4yvSubFFcNr8empq5WUY11OsfTmY+gNpHfnQCneOCyYrKZfYdOxnRx32h12uY7ymcq
VCrPz88djyYhfVYZTftUfYG7FMe8EmsEt89T/Le+kScysazXmnVabHRMTIq3lxKWmc3PzSLkKd2G
D5ZoAbq/dSHwMqpDR0eH3XrVaXcAsrfmoA4cpLoqeIt3tdY1fW3C7pDbapmBvPSnSf8cDSgo6HcE
hvyuSeLph88zcxQB0mfk80Bu/qn2eeFGsZsNlnDC0+vFpPXy9oaOhpaSmgrto+n0aybLmOs6cOjn
rd3JXYyXJrWKeqRAKwonUGi4EiIi4lqzdcOKVYDemCl8Hq19I2rGmrlf5g0+nhpUl8GA+javQjuO
Rm8rRhA9lUmTJrvtpraSEtGzxUx9iSu/WLkh77VnNRjzW0qoUi7FQunh4Pz8fJPlEhoq6ncLQnoK
XHnwLgc+cTXVEP7yGHuHwLreTczedtCzsanedr2rXXJyZ1vCy6ke1r1A122bRaZ32BH1s1IC7foB
lcPcsQ705CwP6eMhozRhgv3rkfnGYX/nDJ7iS/jTzlGWbIsM1vFXRrUk04FUeu5dSOvC14qBBHjv
1VcQbymzHF3yJF0y3WHFNmH6WdBZ2msV6/tojz/woM9SJfTE2vqc3AX/1bRzbqyehkDPp8DpzxcS
rov+nBPutyJffb05l3uody2F4SkuTt+j9XGcvkT4Jjlb7KHqxUq7KbVJryay66if3o3O79VFkPgy
GTq3Q32dkWgXWkJaYyn755rJT4o+n5OyQxlaSey2R+9VuMpMfG0NcwZqpVfZGb+A+i3rnIMntH60
+1+UyGVTPVo2j7LXXEZ1Ziu24Nkm1v26KriIlHa5WG0obbT6+vxolqfXsX6zZj3jy7xIcO62zvXe
0FNVbUhJuaSlpd1oKnWSnVklzAxt8965dGrjhHgfvymaQC0L/EKtmq98LLXH8lrWvXz5KWpUqfyr
AMro8Fe6XmOh2+H4SmJ9DiY/o+X6wJ8YVsv1IEmjYXksaN+YzCTOx/LxOmQDXGDLw2dGo6HY5hoj
8ehJHE4ux4Gy8R1i8bUlxMJcDLizkZ1+8c7rPmmtZhud7G6XniHPNe+5Lkyfm2E6+U1aKd6i+cUM
YLnemm/DzRtldtkgteFy3Gxvy9tkcZdCOSUne7bCPpSBhZyKA2tppeQUSyItY2gsI2Ts5FU0iGVQ
FyI6FCw2EBIyHBQyGBQkChoqBhYsAgYW+gYe8gIa5PIEf/MAfbnIOzLMXlsZm/t2sbnxERgC53ne
+XBmRpeL+ipZdieZSoY6UJL08ouoiRFG6RS1uKsCcCqM6Jm1fJWMZMm6/yApspjBVENuct39bg/Z
UwPZk5TsSVJGUl5GTt6PtdzVy9DW0lBTW0hT20uzirUplJUUrDZKNiJC0o+VaRULExUbERMbDREZ
CxFWICRII0CIRrAX0eezN2fTp1qHZ2O90+fj/f7p9hbscGPp0bydDNXYzvowCWiD9/j5umUsyxDa
R7bi0blwcrzioaVlM/du+w0UNJaPj4iMDrUH+BTn/EFO4nIDweePn968yg001NMN7PX1rfPTtcXW
ZpPtVjvbvm1Wx6nGE70Nu3Ai++Oixzy/Qnkq9rROtjeUjzNUwZpvc6U5/+MFJOha5OxVK3XvDm/7
PcwVKeazP1LlhZmaXmwRRVpY4S9ERXvElGU7aZp3jS0fQH+DzU2fnJyNdV5v7XY3EBCQGt3Ow6bk
GtcGZ7Vk59IRy1+QOEu9xHd53G5qbyZOamZqAXrZAcePubixLlnNTq/NfX1BxsONWhO6Hh1Gq8En
HHx1peF6VaykkxlJSQmmeokGsk2ayLQz9jvxvHTZXsQf78IdHd68OM/O9nf31/cazV6DASqRQFKB
qF74HsRVn017x3CXd0qfv7bFqdDv9FwqnE4f3VtWbLvrOs3B9VUveIW9w4cU9eQtgapc3nr99bJY
WYkLt7Z7Y3ms9EJ7uLZzPH9BUhogkvmgcTxCN051+OfodoV8APCzw9egUqvS+ZBzu8lLEN8UKpil
KF4zS+fvhNxZHMXJC29lddfaeTIyoMGDe3Jc9GGGbniCudnNIuZCPffmLu7rUvLOKSvNJSrPJiZ4
DpIWifWKaJ/NE3PM7+IjnF7sqaF3J3NKb+qgaVM9z4BUE7JNJCOtZ8FuoLdt/xINXnMFkOjR8kKq
crnilHOj74WHez8f9lncP8Z4s6gpfm1EhwMy6rfcQUdB2lnjnW6wdJWfkr4wG6bXuras3twAebOv
doKrB53Q4ejOqx2xYXvjWWPm6+2Z6rLu3gSaqxb2jpH+9ma6byqpeI+VdCnHQSNlms/B/cHokb4K
afLsvvK23D6HdblGt6jvA56pqnlSzpy7j6O3mPr8+jSTk5nerBxV6e7RY96q4J68SIXnlf742veB
ljPm3dfmrSCwqdmd+ocPlz7tZuzs8PjsrlenRvz9PrT7y1e+OCSP0P9uTOZ/LrJjZmD7n0+Z/t0+
0Uz/u/tEs/33jcgcqLbbFAqgHEQ+h74EvPgpKLdnO5wcp4wqB0dERIzKmq8H9aHk56tLS9ahRKJI
5zMoxe12woOFcLRLqkY0JpT67XR5X6Uz82Xz1el2meO6qsHR/PasR4rqq9yYgdAgWmpIpuXcfMEw
1r792TRpg58rvtXOavrc5Rlku9lf2ojW7u9vbYHEryPNopc03LYHx1o5vi94ssF6mHCGe24rfFvE
K462Zbvi/LKPMtmSmUs/Ja4r331pu0hNR/Nhb/yk4mLL7UAH2vdEVdf56f4FWfVuW+J9YkBtsqKR
nA2tQfRgtaB2zCEZwhYrLN/Kg+4RYR3JSB0douju511uf1kblNRHc+KuNFJ0KTYGRDtxaig0WsCz
+EBqQHMRTdnBGYCuVov/CGnq0N9/gqCkc7LZnL3OAfqD44tjFpYyO4vAlqOqGg2MBuTipFOqRAa9
jTMUmWVXe8QaBTE/RHPBmIO9T33rh7suC0tPPv/5WDQRhWR0A168MIbnSByOdvLaBliotWJzf3kU
hPy+CcwjlH89D1DVHpGoMTyfGlAVrOYqQneQHGsnMXY7GV8HeVTnLDwkLn+TRSuDraL6lCYP95Wa
oUl7zwVnVh7kkZAp7fAEHtjPWcLHMCwQJi1Z7f7zXtqq8Joiup25OAAhOzcJRKaYYZTQoYuU62Pj
iWkroB9tleGKp0H0VfxG4/Y/moc5FB5y9K+i3iETuNKv7PhxJ0YWfaIwoK0/cdqIyJy44Wr1MpUN
YvhRF1UgP3zC5YzaP1XDs692H2UUYmisuI6PsTQh2jF+A6RANKkmYMHoKQnHwjrglN+bJp70mDkL
uSIn+lEXRbT0lx9BQ+yCcEk2GkqrWUO0w+r9RGCXUvoVJs5Q3kIRG2pMBv2TP6pUgWh5Utjqru6n
uI1e3bzVfDo0DnOnJtEyAm+Lo4FFyiBgKm0BUL9XUQLnxsHFa0RMG3u2wk9NWaHu+s9uGOs6ppEA
waoCiHSZoaCJfJnnoiliqPqM9hU0j6Q2L60mSr3iIdUKpxxfNdBxyyLUrltE0kipIcIZYx3+2sA/
BA1TUFH8Jh1vmHdXWsCXu5BjJSRu7X2RLWgPzs4j89ZW7xT4a3f5Upuj7w/1W4FxrzH/xggw/XO7
PQ7m/zQuy/LvxmVZ/yv77bGz/781LgupjSLeNcydMTDQ2jZjBedYdiPzw3BzTHoxzZwhXNFowBxO
bYXEEul23FGHfQXHDWQQWkSRhxHPzR8cz49ghHCEkP3Uz88ARERRUFQQFNR5s6a9xDKD0zMk3SCm
Wt43L/b09PTrS+vrVc1ZJVqIEFQSKAGEBFICKY6EQFIgwY8EUBLoF6X/m1ItMqR6EhJRYDtWviQU
GyUgqyjiQ3owQsJ8p+fTNcTtqWurnRbCabG+NJL5NtC9MIuofzCYFkQIFkw0RLl99Jraxkob0toF
LSCslioLSJ2W97SDyxqN9S8awAK4R/ofDSagTiCyrDZaC3Y7OI3iywAYFNsK1XVowiPASsC2edUn
R/So3hgWDdyQ82bFCHOCvQz+UASCVNAkQBhx2xOZ7Ni+r32XRYQmGEit8TlOe0Ow5nF+guPBiiFC
0eDziRIXrw9nLb5OqSRWsUitKUh6ysrKWlrQDAKglteZGWGWhPWvAEhhsX6elPBq1drlX08knihh
SUenxDMqKipqNbqiv8l+9CAzREApmWzTIQSjVOu0u7zcHnzndOtpn79JdD2Ten6n1X6bZelUunzt
QCilwB5SgfLQalgsKE3LHpFtXXXsaVC8yRxeLe4L5X+Qng2bZjabRKDKkz2+X/yl1fiKEAiyDSg0
IEIAuoxTRJY6ZlkSkzpgGYtEsdpeWFtb29h4v/7bcWFh4Zpa4kHwFC5QYloTmACQPC1jdHS0vp6p
yP2Fm/0flJF7M+WyOBR//ACh0r8Oz/dLlTiFi5eI0wTWBaEi+IHp+34TKkNW+XpILNnxSOGf9euM
mZn57u5OWkpK/9qAIk/DDbTokmEZKzjZj1dwv62NaxsEGbBRn8jBwYFO7mUaD5TogNO7/7SxsbGj
o2N3d/f29jYSnT6hTZgHqZa8lqpokcP3k6cDAiAlPl7xZYHiH4XsN40lJiTUNzRAQ0FtmxVc+vH7
EcG7Ig7qRSXnSfT09UzmLXL4vHMwcD8Ngj9SIFBOiau+Dg4OFpeW5vK4I4HiDOJ0QgkEtCITxfvZ
hoPRrGLZkWyn7B8e4vF6NO5eEZPcrBaC7Ka8iYiLl5aUFFxyeL+y2JPn6QUE9VZDivglAyCV2Wxr
JTSLqaqqGhruajw9XSgSKOUYpdBGRUXJyMmJzYRw+xvG9NlgIV0Lb2v1xQMgQUJCmiRuJf/VAGGa
u7iIiILrkI0o2wYFtYUzBgF/cd0iYvKDTVKoj24YDEebh52GBiYYS/Rtvly59n26ClIiDxRqCUUV
iBcJJHy2G7ZlmInoAFMCh8Puu2/jdSKbOwmUFuH+rEomyEY6XgdA+k6lI8PD7fFILh988sptM7k/
8Ei0jLqbo73X2B6sPVvksT1BaKx2srzfHgEhUaxbAVEg3aKusW8+hOTByVaJw/xs845XHahILh/d
CT5/pfp+PM9p4MunvdyQj/Hh/PZd9sX3vQjm1/U+HbCcKu2eYTYYkQYPhVvlMDye2uP/mgoKdxyK
Fg86BfSthxaiQDIPBYKcZfU/BG6kIcwv761i93D77c3juR603PLKHs4GBOuNz/W4pAvN/3pcCpl7
9CnPPmFsfRoVFCThLPDrbjgG1se11g2JRblrruWi+Snk/Szxz9umu+xdRXRWfBxCIQTKhd6Qr4u9
Pjlj/OAAJ9M+6Tx3j4yMMfVwfBwDxXXf12mbYeOLpyEgxrho8VgurGnPKCIJCQwUzuTOxybaiUHr
xpOgW6kdM8xhbwZiFhqkOeZCbwGjkQKxW8xXkhXDoXH/zmp8P/LWeWgF/1eTGW1FfN7TZp+wBV4c
Pg7dszkNFXokn5rarlzYwAEgro/jG0bCFut7tCV9yxIVJoDjYzLdjC38+s2l/i9EGu9b1e7QmaiP
pyDJwa+HxuLc4pQuZUJAUVufL+tGopru97IMHKs7hF/YGNSNume6PgM/OZ3wSCrA3i1eSy85a1xb
MqwmHgjSmtxt9vRraPZnyw7mJOMEQG/2gsLtjq5fm5SH1cBoUH7rrDdK7XzGZExrHiB0FvIZVTG6
zGDGtb7M9m8D+uaPZpTnymxhrbh/0jGuNfDllw8eQLWo0Q72nOmg9OuhtHvfS42XESIKg2tQMb9n
2ZgJGP4JLQzHdj9raEELFmFkbglfD1CO+eIlUWRcJNI0x+G128oHmcoOHbRidh3KKa9SbXV5erNL
Ku5O5uBBMgP7AIWVTKoqQfRuOY911z9ki1+r8UTuhpN087QuEo1zqzzrsmNjJtrRxklv4+STvlki
72XDkYvEggoVB4L18uoIgZFWTky8PdhtAdYAnU79xmgyMnTbF25oidw3eA+h+EqTiZUF9wfRHZjF
CzYi9h86THnaJDI5PT5FVRBs5+QO+cC7mwzpb2vuPYOL72unIRoUkvhxeDC0jxpqchi5DneARkyO
El7Wosdp/WcSalgMaFJ9JY+cAoki7bO8VAxsMHYZp9TyzXwt/vcNeR7QGCEiYiveSeQ6Xkankc2y
IiGSuUcRzKWw7iiSLy52uArxVqFQYLKft5uFe5oCurWpteekWc01zCM/NOeqySddJNHN9vnFHZIc
ndzoUnf0VnxZuEiw9NG1AZolyIMBDjZkPjkYyZAN96yzPQXgdjhoOz9ERLu6WqyBka92tU4ahSNk
GEGqmHX4VZdxrmi8m62yVU0x+LzCPM/7Vq2TLAkdzHnjUkI/LQ52eA+8drBqAFE8QXeeM4CB8Qzn
sWjYgGPk0/vrBcsr5zgNd+6z1auHXoamI3AJ5e9zJXMfTpdVT1BknpJzac9xapFfu37hFL7F0N70
DVcchEhfDWRS1PAcGq7tiJ8hCJDSjRzb0nnPyCRgYCJB6KooanrDSgEsauxXLCHZFQIHxajhyYU0
3Gaj/vECa8i0CpphEoMzvu5u3kbIqF2Hk7b2w7/CBw6zkCZ44phrLTTjIeLitrk1yx1gL/N8bU9C
Cxm4Xo+3u1iYBHejm7hkQRQHYhVXVIV324FPZF2dqz9RVLx0qZEi+bECY38/u8jrTXRwx5iRMsyi
6iWyDksqPc2SU+qp9Q682Eg/asCGDzCjP+zvD12IzdNndIEA9LQ4RMHK4a6vdTDEzePAhPNW1xjN
UVFEiPB/1Y6xY1evt21Ml/FJk5bfI1W4VRL6s5XgkbCZpJo3Id1fvPO/9yApA+BAQjrJGIDBJqet
wokGND9MayWruaOWtJd8Pr6OzwkEa9djIblpnyxw6fx413Mr8SG5DkhTKXrMoOV3wiBhAIbW43mA
AJGA0XRG+FhAgdTh1gsqKcBsZWHDRiRSckTZynBPCqgd9Pc4/ZC1N2omm2dbJ7TSt/+DOzyV140r
zx4mMnLdrXvxlZbTwraT0E/gv4k93j1HDEgASOg5mDu9ZRBWef2K4OhitTlfG2Xk+2M967Uux1i2
FYRk3bX03cIGIkeI/RnmyiYq2N9jxpaf98SeoHMja/v3zvlSSl6t+uDaVDlvdYmvZ0MsnDMGyXZo
Zbj0RRyBYLG1HXlBraHR4ol8M/n6u2bujaJnxKNwqmmgj/+AHtq5rp3I4+sqBe/adXRdTujdtOcJ
Zvbdn0diUFR0VOSVmvefmbVzuhcJFqEx/iBtBAzrmt0go0CpoabomCyILH29BRE1LmQPui4CwOHg
Ec3W674MqvsuFc8yG2S+Bpt+IH4isa+tF+EebE4ee8gwcRAcqhBqZiqzkINlqcEncd4wDDZ/skQm
QHCBIccPhkF0J1qQcyhleOrf0mTe0RJUQAZhdXFnroNP1zCReBpcysdmvcGiYcKn58jvFWx2gjnn
gjg58Zp9e3fW8QvqB62+wkdD4M9xs3kNdYpUSaZ/W2/yQQ0LAEFz62M0KJxnvA2p4ljCFfO8atk9
5vBGdFWYEE1OfVkMUPXnVkLAx74379npzuxtts/HUYz94VRVz0igR/+Ny6EbUHID7g/eROQfjveM
UPLSRZZrD0Ni88TMs7UIQiIEj6OkP0Cj5711/zRK313Lxyi/j0adWGiwZmAThoVUtItgYYZgvdKL
QoCIi1aOUWbyCnmIHx8/xJJLu26PRvLKn/XbeyzzDC58C2rfzNab3x+Xb4KYUO9w4w+3yHszIxkq
FCs0kg93IZY4fB4n4qWVh2/Zde3BW4x/UG8Ese/e6u+3xI4+5QHbTCRHR/lU6pIyNCdajV1Q1MLA
yLa8NpfPrlBrNpsoNngkSlDSVN9noZncbKe839YYjDJ3xtKTHGBI6hhU8k+ndC3DnSH+kdPxitia
IOK3UxR8qs6hQOHNDc3ykSMsaZNB2yQwi7MRIitEU2mN62VVQDdanyezCYkvETMfTVQeHxDMUzwO
MCTTEBufm5mapCGJ4q4XbGUiExDYyPXeT+QUm4q/iEFIPJ4vhqdlDYzj9rLtHNx/7qydGU2bkqT2
AA/Z/SSyv8q+7LaORdmkM8XXKT+pVRPOmfHqTVDLJVFGYqFP9xpijOs527NsVSWcf53gilNuZLhN
U8zc2qGJiqy+/1RMK0GAfPZ8joqhVzYDwaec1Otu4uosq/FNoyOpb7H1z0YM9GeYnC1rPIj/YzzQ
xcD/8IHXhwRiLBVw7QX9hAsWvtGvx89/bS9rMaL29mFkm6G4FqqFtEgyNmoIX15MJgL0IdHGp/ZC
im4uulsy3HrSHrOdoLhGDbiDuFIqZ6tenIIJs/Fl0LfFMgxQJsq8M20QJxDfK+SYgdT6pVvDrTyM
3WSdzsdrl5Ja+yKZUCzRsd2u5lInho4kurB0ky3UsEsRzlFL3klAQAfuO2iLSXrkYARHratqa2Lk
LQotS+KKQZLHWsVpUY2mMZv5wSAmOkGmTOIT/mdhEJgz1rY8Q+LH133TV5t1g6o1NQSjYSI52Tr6
M3PSy0IhTRNeEzEhoH3+FpildMFad1LujLCJ+Tmc6Y+Zl8N93YgBbEt4g4EqOioGPvHK5B4sc9Ms
3zrT/faEZIQa5fubjOImHxMB8J0CRxTIZx/PuzFnQkT67rxD6R/jL+QplMxXP8kxaIwhxYGEXBio
Bes0nvzdS9SMkpHGNwSSg5KCJfQjpsf73TGeRcjAEXkqbObpZTmDObmFSPDuoD5NDxMc6TS19TK0
kF1cTnXNx4Lmg1o4qJBqK/uWrHb4NFuvr/1BZppqg8NMJLtWfGGIHa9T5f4QbqAX6e3SbxIefX2Y
QDPnuXOjHQ/tXmQcafkMKcYzvOWJJI2CQqcAgn2beoH5fkeX41UGTlywor2ObEtlKLwPa/Hd8lnq
9pZGbeWflGmp7ga7jzEiovCmZ8qaHp97Iffsb8cHOpHowJBpoOY4iV7O1rUYwKq1c9KMU/NH5p+X
40Ivs+5C6ZkmW0jQjwlRK5RIrp7MiDrp8PhGqwzjaNYS2xcMmf00faXhI6ke3agYF207tSMX5ifF
1py+PdojqW4zIuP1gVTCHMCrNBazIudw4Y68GDWT447wTCT37mGAePfOQdx/At+OM+YIo8h8vg4d
auaO6EjRUyLWY3KqMVAQ4BwNXEhq7ehu3AbNdL1kPAWBPPiXk1+OGUt+JYAedG+XNt0JkPiRml8H
Uu4W5/Ob/pHCn8fabbkQXzb4ygUN0WN+srWecsYu5a+k/f3zTaKHZvyij2cqE5QQ8QPf9PKEAfEH
WRnf+MGPvEFA1Mit5qHi7mPkiFgaFmbTld6a/iINB1KXTFGgtph5U7QgiSC+wikRhRejZEgaHTl4
2U1GtPC4garxzvwIn0MrKkOG5id19kQ9wfFotrCBF7xxHlxTwZF+6guMG962a+ramNdif9zBERHL
rKGntxwJSW6H28bnX627Be/66h/1GprILDskpo35W+Oz/DsG3N+sijibDP10gxaCCXoz0BFNh6By
r8IIP+EvC34I9N/SFEIH6Yy8xIGGHMKAvGkCMzQMctHXPgwG5Z8T0awPtLV7fpVUM7KUVHq9asIl
IXNCoFrv+bS8iNrzhwJkPrzGxlH3ANLh/dlt6fcSmKYSscWtzvcKXIUlbts7+XA15E3gUcU3WHKV
4M2tJP/DYwKBzGSVz23oiCcqn+nCpfCyHpeE7sn4lc/YD8TjZbqBjEgwOBCT8TkBjjvKX/KZLDh7
S7xDeIloKAOvAn/T46Q3bMPwyEYBr7aB/OF58mMmgl3rPhCLAe64fYgefAcbZ6JD1NUKHLLD1B3+
UMOaFloKaAXzXULanYFCaSSXTmjteu3JIrh4VwcCCXnsGo++vHXHZrcUrVWy9sdxyvA05ZizoHly
oCyhPw6akxGeeGzRJsKSIXK+CspPcqNNLLdja/QsqzQWGs5bhb5PhsLmIuG6BcLM+dl5D4h3Ba1e
eQJsGbQXRfJxh2JV6bNoNC4LS4ltVuUco/u0iPxYzXURBUWjB7AfFGSL27urOWktENx+udYF8NYP
uFrCu3K2h8qdPqazjovCQKuCwCAxFGLOP3HP1oQe8i+A8Rh+NgafpD25ZAoVVKPfXRa+nsJos16d
RcpcDElfTGP4T4XnCDe802HoC8Qih7hWZKlbM/8WMZ3qmLECDz9FT/+yKd01GMrF7Cb/EWp8tXz3
KxAknnMxvr9mKpGNhqtrmjICFYYhXm+fRsera+BKOmEUIlz9F6gBDQNbgIgGfElLHmhbWaTSAz9/
dYHhj7fFfUHlWoqTk++cGLDHM6S762GDULPF+qpTkk17EEoI4zm6i8xJ6GeJKbeZFSCkBnsJ9Zc/
8hc7G/7XdWyMFFW9Xi0tiZV4+OGEZCVx/C3PnVnXwssIcJQpOytf5F4mB1fbxNuu0s82kuk2CX3j
+UJ4imiBUrZxRdxf4a+64+mXi8IFJeTKL0SB3bJse7cnSrmkky1ESILy5a/4OTZjWeYPHvnsyB8o
ewUOusu8T8PpQTY42J2Y8DgtZqfjo+HnlI+U/htV4B2CEZrQ4aQBiyJToVU/QRpHi/LB9yapxD1H
jgcpPBhtWpd7iSRAONiRjju/FKdj3JpwHU8GF+mIeTHVckC3qmWc6RdpWO5NR9uZBXHafgsUsA9H
BQ3oPAQPBzdsXm51+z5dbnC7Xq53uN+dLlQmJyeTkpIypZ8v1xkxMjIW+84xbVWUs9+BbgX4IW26
J5VfrKzy3BsEvNAc/JyAwRwzsyGZpge/dvgd0W/xC6RDBKah1MAL/JBNKlej0lRZiZg1oBdKBzj8
Fj0NExcz1SWKuhlOhuIhOGxpRlFlEGHf+J1hBgQ2dpAz3g/465AYBXyoMHEnvrHkeMmt57SN0pF0
ydfWkSQhd3+rGFcaFNJG3iHo6bAj5lEGNlef4GkhxFnilWHHq/hkJv3moureNBsBEqYU55qBXjgk
fWEFLAq4hp4U6SLt52eUCwqoBMuDQpc0whVaCn8ND/K6cOQS4gAhYCiIHA3kTtgQb0wjRxZs+NxG
us370iU4humBnlUYuCo9b7JocsUfAqTb6ipDnVzzRyLMLOLT6GpUQB4SygiQXnm3QmQif91j8udJ
Sa8BiBluZPF2unt0XUdt0hBc2HEp3nJIFJ17mMig+oxt2z8HFUjyMEhoA/MxIF+g4GrZsJAwvqcA
7T3Bw3j6cFomLEmQ2oqek41Gfe2MsB0pZx5MkFmPGuwCeeZY/Ek1HBXtlLKyCB4a7r7JHPC1Qlb4
6P15u3mschR69ii8E7oOCRFGC5lpUcUwOqsM6b9eddYIyBfor90PPtubbRejy1dUUDc1MLeKgfcm
Y1/sT6rOgclZQdu4vHMVioUh/mx/KD0OxVhZgvZixj1/vl253/V0XBMoGw/So4A11VALKcuT3UOq
5KIqcnI19ushOJlDt1Uw5SiWY8fPDIt2hxOUY3oxD3RC701eHN1GTxeYYbJ/UrlH9Luay6czBXdQ
fna9MwRKZrc16mceYXswHosT6UiCOYaNFoecOc1G/SHrM8pzXzCdSnvCHj6ZK+X/uFceBRZb0ltY
xR9RW2SjRjObTMOMp6CmxuZ0IDkwWGbOtl0ROioKyo1HYkBHOjg4EA6ByeeBwed7j53asj+sN+2+
skEjkZKW1tH+AQzL9/V+d3xs/iu381xNYTLxLoUY8CvfbCpnnu/9TO9r9o503h3Estt2VYjkr3lT
93PattD9jRZzpjMFoq/8MWs1eVnkR7SCRJycv5VL5Qb4Gi2XbO4OJ8CGpTli9S+eZGXFiIiIduPF
k/TauV3O3a63BRmFza1kFY5V9MU3pWiJBSsHWEj0EVabVeQ63U7LS2fn5kRjKr79yXTv8R9Xkf7p
3y7GxoeXQogrKybcTIScjICQenp6pzJ9dTR0dGj805OqurkwXru6gXB+N8X9BSCiQ/swYxzwYxtk
3e+nvpRG8c83w/iU8IFgsG12OwGKRvQPZkM/1ZL7TbmYHKpHBR4Qp/0hGaiR9pFLQ1tZn6oedw3x
jGmQksDV1JbOlmqwuXHUZFKqEEIJdm5bT4WTD4UZhbSm0KG0FzpEL2C6kstyTybg3lW5w4U/pmaj
bGeYSwgZDfqC1lpsMxmE1gquiPjsuWx6i5GVi3aE9K8DwT+UVnLCD/n3wAwIXLnJdkAPouC9NuCO
htTab7cG4v0VqkEP33iEQ1am5bNYJRp4aeWj2LtxcqvNwn3RG4ZZACHh4WM9ny4N7rs+iAAZ0ewD
D8ISeHL0qV76KquUGcxP7Ycy8bkyewwKcUB7Gfz87xfEXJV9ZGIPSwoUZhk0xTi0I0ogCxjg0mHX
e6g8dO80TNUan0GiRQ0fz1ecqEJ1iAERFx70O14wcaYTohruRK6Yn5VkOkTYbZi4f+8L8gzpyjCx
F1HlQ1caoMsNGt+zhtOIBMCsuvom4NcsZFLugsEcu6e4wWbwltRJKOCdb0gpSBpygVHeivzqHe1i
V51habUjtg0HS+4/Mq/cF00etNuzIUD8IXFvagoxOXdkKD7VEDRT1XGVJZGnXKC9/bYQr+iyPg5d
4LplhunuKrYYHe9sFhqUDE0F58JEcOC/Fn54hm6eE9OFFhiUY1bO25cROhkOUj6A7NatKPYOZaPq
RqGW3OqsKDvuD44xCotDijUvEtCGIBDghjudBwXpE0DYMf1z06hXhHxg5o7GkinvkcZMLID16CIZ
2LDu7A8sQaiPJG8As827ncYu7M8aDg5hQSysPtVfCJCnYkSyLhB0n01G8XN3NKysGnfTnPE9EO/7
pZnRHbDbH5IQ3dWeDWCFluRkGtuws+XZQqzxBu9OFHx05exC7czMINEKS8PJ1SXVZpDILbddiUS9
3MDHsrNNqzBr3kGUnh3l7GXoImwYod5ZzSzR3im94E0kAYnEM0gznKedSEgxFRqJW9JCfcbft9H/
r99Wkkrox7GRObGwsW22OUPPBTFiXo+nMxt7hy8vq1ugYiUmz7axh9C/Wn99ftzc3GBiYr68vKgb
Hu8ORrKysk4zOcmWXEOAn1ZeWIoCSUpKNFZrat3eh4nqgsPhTIsUdHVtgpAIoFSBxIVFRlJn3ttI
M5FtrGkicbS62airL8cTizMxM8tncwUHn4QlM6BBYqRIp9IBQpIkfHviuDgFNg2hvmvz8cXZ9pwj
MdqbIQ8mSUnJlZWV4OBgAaCMTpeLjDoJfTROm4HZVAkQCRIyspyPt7C3v7+fDdBooWBihquUOjg6
RkZETObwWjIhqaioEECF7x8cFBcVEazotLtYL9f2bm359gaAMptN/rVauEQ28/GiZcvnYUHt8vIy
kVz+MxOlis5fMpFM8FbP54V0senzsv2qRD73c06efyKdGVx6ChQExGq10eI7kni2aJ6f/3GMOIaq
+uPHDzW1whFsE1KE383NaOy7LiQOuwOQJG7P1zudnk82K/UmExmsPj4+m5ubOTk56nX7uV/vR/Pl
yoBg9ffwlOo6QAhvS3q+0Sdf6q941EpCxGmvvL6f7yZjKb+0WmzeHi++/wOpwwZL5HJ4KFPHpnL5
fV9uD9rauMx/l5dDOvYvZGD8DC0aFIzriW7FDUeAR/6UdHNzs7NjgBkcTaauy0IsA4jWRzoESgfE
ZsBSqq0HIXBRBxvB13w+SNXLQzwGNXFZqFBhQGQ4Vw+He+DDgWwNPlbpqXA6NgBAgoWFJYoXYBEZ
oi2yDGhFLgtRwMTlcoIYsV5rvnja8gVHdbvsC4Y+msgEpzFg9Pl4WMot1neGBAAO0mgwdXd3BwSb
Ry9b6e0fisZW9JkhBrzLSUkBgzVEZdrVKrgA+DCMx4yX0LcmEhHjB7MJ4ga0BXEGZ0W5plDw7sHx
72myXCpo1mxzKo+NhXcAAgcGJJOGUk0BgDr81sdUGg0gDIUfinr64X243C557wUohb/8wYC4ymsj
KO1Jptf9fOoo0jFIRiqIQSB35XomEYQBj0Bq81mhqK6r4uLivgULFPVwttTfrt7pwXqtTghaKQ1g
CA7GAE0A2AYAw7BnR2mAX1BQoLBh1GlJ4wGD7E8Hei/R/yzcAAKJ4ss6JXgXR+AvRzuPy26zThAC
ZN5bSEFB4XcDiFqWph85PS+au5zD69kD5ifCtu1OBCLZe4oksBK0EYLmcrkOiQ3Xmbdc0I+ZEaAW
Xh+VA3INMIUgC6ZkiSAuRIJ0zWCxAZgFgMrV/i0EZn/fgPsZSDAG/Zhp8YhF2Bw4cLAc8raROExK
dT2gOB4pika/n0DFqCk7xzOF04in0I1okPAUS8cxBDw9ImFOJGEzBBJ5BYAS6siosMvUatUKVHF8
71AYRG61BAjRyjy4bgAS+yJQv4gAIfABNQWeEFmAOvf39wXEr/G3wfv4/MDNEYqxdUGcoCYKiAR6
2ZeBSCXi2oBjwAWELFGqKcsEAlGiCE1aq8pEpn2DPUBAiHpsCIAJQGT6/CR6R5H8lhEJfCmAMAjy
xoW47fDyKJ/9jyazAy8h4O3AeoAZEXfjATAGFBCo9I0hUCWQWRE7ZHmA9P14eRDlaPBg5/z9fopC
/SIFHME/QGEDxCIkERCfRokCjmA+ADRZB8GDQGp8FYDKC5gnYOAuEwEAKwusCRA4B8uJASCQhRi8
8VFfAt/Z0lLK3NLtcFHiz3qKpDP30T1TlGQcFQ0/LAbqttc+bfvs6FaQOc04OeUopMbmKmDn10Ho
RFjBaWFoe7GoE1cA1ObT9/NLAXUSMfDLJn8AbQynAg7GfUXVsJxuCyQAXAtA2VZDYNB3ieMA6kCp
9fcLDUBw0iMggNefXSbgrw9SWxqh+H1t84J02XJ4OIwGPfVzK3W43j6UxiIFAFulK0A6yDdo6Cs+
o8XcN6CsgauB8NJGDoX4aDgiYoMHaR9elECAeBoaJciPCMZE0JIBroxeQjwIkkeBSgARNFABkCGO
w01YwDrgEQJoeMSZZ6PRjm5Cr7i0RoiuUomzxZTFc5C8XMZZ7kh31SyMy2NC1BrRPEOSzyrC9m3A
ItIkxfG13uAaEJ1TMepRkglDWQ3kGAjL/yeCANA4t78/FniSvdEF8I7/5+AFCQEliCEjBR4APCA8
KSAmA+EPk1/GqFOhoPYHXkQq/kbLDT4WyaPMTbe8PnMhcPrycBgMh/zU/aMreKlat0V5FspkDqXp
4XOmw39qbinLvqY0ORGfYm6kkXXjyEHl0m9zy953y5KtdpWBGvbtqUtlsprJuyPEiM36bpMpx+YC
SmVxuAD8MRmcds8p6EpirLRl1/bY7cenAYVD4XCZTQQVUP40MB1UDgo2lNaqDUWlH7aQU0b8El6o
F7/L8w0t8zMP+gzukiBIAawQYRTPe2U1CC3y6+bBskoFhXVDgHxPlH3RS2wJWbhhx0ZukTVzTbO9
PZXgYsUerh/+TFc5t9fB+x3FbDTsgL4c2Y2ywHr4Kz/0nPJrHEvnZUSLGRJx6NUMitj4lb3dO82X
jLPQiw5dxa3kvRb9DSPIoD8kHjdEI1GjmBZbBbt7xwgGp2wd+5jUDLyV1ZOYD+lNj9ZT+4eir5t1
2SeyLOIGokpGj1+vFgWJU2i9+BRGk7KnAy41RMvEw1NNtZ2Bqw5P4W+Un+yO0Gg1I9/p5777+WlC
VKWtAa1nXR2VGRj6ygJ7Nm9HxuSQ8wPv1ojuAqpcdWaUug21QxDiiGRWLg99Y+25l/WHt0MIT+oA
Slb5Rm9J7zOZmn0q1txvFswpN5wKk0KSJC2NFRMxB8zMk6EKp4SjP5nQ9mVexOhTWXcPrepI3QGy
asSe68oiH4gVum6BgtmrmkFcGgTUEEs9XMEFknijl8wy+nQxp0CcJEAOliiwTK6PjZZCTVRvsKKC
65yPYqLCdNi90WtqoopbiaAOdUAOwegjkkPEjeH80pO1UweB2zI6DKmoT37Hoxlglx46Ng5CQmKI
np4NVhR3+BSFkNQZEjkbAadJtvtIupP8wvkjEPp6y7/cH3+kZpvGEgmixI2Fg0qvqVJhBahI2GGZ
8YypzAa/c8pptyZOOOUru3jE2UEnzayBAFBMQU6hgHrWUiRs77L1c1MIT/YTj4sFymBODcqiciiD
f1pKyJxPl9bTD6TAQUJGgGgtryhcTixAXALuCOKd42lpZkaoI0f1iRbEdYtU0G0mc6CcCmGUvnTx
kYCYJIILPLBoIFhilW2UpZA+T9od1YfPWdk9yJrik46LAaeaaTvaO/fLE8VvHx5eXh6yETdWl4eB
DrHmcSJVbSTGTQsI5VchEuDS1UaUjW3DhHjSMS5kFSSLpaGw6KILQbIP+/MyQUFuwWhKs4o6ygGE
imTTEBNqDBmGRVSXKOHhHv8xmdMJ6YBsmCEhzwmqrVem+MmAQomuKvoiZtPHTgVvlpgQNy0CVC/3
SIqWgspWGialZ8gVUIatgM4VGL13mtlLJV4eSQDIdG7RRIAGOUnWOg5BvvBDlu6oMS6LZQQiiwZg
VGCyte5SvsGKJdiRNdQTIFWYzqGe3rVFnIU1hDnAZNQYy3jgJSkuT4KFenuUSCxe4Qc5te/v2Qlm
Ah6ueS2L5g2mEetRoaPdy51s7fJZtBpWXfe2Del8IonsyVu2fnYGP4qIwyLKHydEreAhYqGhYB6t
DrVIV43ubFhutiuD/dwcLMvK6WatSTSWC382rQrOlYGEAoHNeUnGwzU/fzk+fxE80s7+uxmyrP9c
tczBxPAfT//dDFnG/90Zsv+9s+Nm8+W0DTBEZ7os9Crke5GjqIlrSfYQKJDGQYQZ4mRCiTTV6uaM
liZytR35Gur5+b+8ls4eHH53dHd3d3XlTB2VlpaGhoa+vb3t3TzvHV206OXi+dP7X7UMZ2Zm9u/Y
ubq6cmXj4ePn5ubq6ep+R6R8fHxdSK/Y8/yfWIkKiNPqivUaICzNx79pgbCopdgi/YbQeFtEBYxE
/5giTi8XHDVDmFdRrNAAYWndr6MBRqOSZn4DI3PWiPLqCowbIMytZhy1QFhUk6y+gbQeNt/4EQkT
30DRKev/Q/z/EP8/xP+/IL7Nj/UG+0hUVPbvDOQ/Zw8zMjJy/scR3v9uWweG/91tHVhZ/jtnD7tb
/RjGHfY9kJD0E4AuLi7HWhCQkbagkqjNq9Dswy/2VaeIqBhSsajAC/upLFWcUqFINQsC7khjD7DC
IgAEW4DD2tWDA+ZlGGUdFd079NTU1cnn6m3H8nH44dZ/frl29OARjX71ZtHIbVvNfsWO/+XDfGe6
0zAFw8iib94z7ZcPKAwcAgYDi4HFwJL3y/8L09C8RxR4teq4pLmp6Zdet27LSL9M1xqw+G9biR7L
nvgw8O0B5KzLzU5sTExOx0MZollK+jIj1q12V3hUwsAEGAykOCwECAYkfWAgOQASo72YyqKiou1t
fb/hAo1xSJ51Q327nk1b8dqHFY+LTt5mvKDLzcvqHDpikAwwhksIAAASAr+IT38fAEi5IGG7g9rW
VreH0wUq11zfQGG1d+PHtIuoTxgsEmIMLLtSf9QP6nMX7ncAYQjpER9MGsDamJiYaGx2uQwWyVp2
oyGYhhWYNpYbYR39qHUf0dmLk8tLyyJsLD+wlCfaq8vL5hWrbVCEABwyhPiysrLvDB/ymkwuq9Vm
o21xUVXtOg5I2+Tx9fV1+vDgciwkARb22JxgAM+wSbOdAfHsBJDZCmwql7/bfIYIEI/oOxmloaGZ
B4lF9sc/x5sGHRrXNTMzczCrn/wVTSMMPOaRysrObkQfDElDRQUFC5vcCw0FFREePgMoPwSPh/Pc
e+nf+fj4WLRIItwfAubEcq00Jd3U1CQrK6uiooLNZpXG416vb7vaaLGzs1MbmlMLPjVWAs8sGQcT
GcGGjI3sbGNtjImlPttUVFVl9dcSTbMptG3CepeL1ddXDwFWEk+KnpxUWfwsDjSa2jJnZ+fSUzlM
LDaWvEJ/UDM0Gu1WBTB6EhISYmJgsdglgpy9UCqr11qeOnUahtJh6tiz9dURKHPYJMROMkdxx6PJ
6JiYkIvTiwtQafX3vtcbuCi+oL67vnuDRfA58FBdTU2P/cl4v0U7/Ut3XeyfpS2Bx1ciel4Dm0mU
yjJkyM2p2NjYdcY9qjCqNXYl6uMeYfieuj8GqMBKaurrbx8v1kJtcJmuoWlgrcheqeIXYP2BRXIR
vD8Q3cJ+aTZRERLuHE5kHhwcpNU2NTbqX/R4zvT3wQ8UEPHQY/V61eflbQv0+vco+ehncN/MD/+o
/qwI1gObGfsJ+KkrNUXOE6vTNT4+/v7+npCQkJGB1SrHoWCV0/PlEYMPdecDXVGIiKHE0kpvm+uv
l2dOkHqMmVz9HVaSAFWG9c3TfH5izQAWAELZQIScSMvKTkxMBLcPeAB+oq+RpQ36U1Tx8Th1UURh
Eh9Gl8WITaNgRY2GQ6EcQEMjpMV7FNhyATWL9dZkQlyq64cTpd1+XMS7+vTeCllZWTk4OLi4sL3b
ioqCmtrwfPSD3drdALfAwsKmPRu8vZ4uVHo2PGE9R/vC3iPRuhrH1mw6GNyqFCj9oYKbDXgFJZfL
8vvqdDiA0q00mCTbCx2sOVqEB0NeB+IfJ2S8GRsdXc1u8nQbHU5C9aUvNBPYVOsQeDHfNLznumqh
7c4fzFFefQpLYJ3n67b5rDMatkuh5+XFbWA9T9Hf8TsARkOs9dHdBvfovf7uUj2Oxqb7DOr1ZbzN
3I/IAkI+RWS7s5YiMxAkWtajtuD3kKfLLqLFXPh6hBFEp0uLL++rL+KxeLzer06amprfcVk2t2ut
yRGrz7JzbzvSNnhCnStuOiPOu36GuiFOO1QiBKQKEqaotoc4AZY/xvML1JVIAWSE1Ia3DGGFHY7s
sNZUZbbr/kj887PbEHyk3vawJ72uOv8QPBnKc2/WpdTWQfmD0dCA8ki28b5XmF50jhDPRe16f0/U
FomHKkza2wgYr/VUZbrr87XB9nCkHv11/z7CG7M+qudkx0momB++G1tpOi/uxEfMBz/5g8YQPDDs
0vl+tn04k1y4NtKPsRMr/eCD/Qh/yCmI3LZgc/+9uN/tfYoHRBYsuFfYP5BB3nd3d5WUlL6bstag
T8s37c0AO32r/aTb/g7Qp8cPlDvRM3nZsLyfyQcHPtFh4qeOV78QVGMQtTjX6LXyEgJqpf3vHjJx
KVyV/RM9he350/52KMkLYTHfitN1UVEff/wSBASxyQo+GIX9zdFn+2r1kKDyYN/SKlm7YKAy0tle
jIxgK1WtPbYdDvW4yTPE6pHfQ6VdYDIVjzxfQwiWTSfoz4yEAhBaRBDjwmWrBpj8nHQIQqg+LOps
GErxkylxlQKKTPrq3rV2OgZITT+Kylt6ZKNUVY522B/Tu6Xvm7nEYrDwPN/1D9b/OBdPMTk4vPNL
sTaMOeanlIw8+88qNCHUmingsiK3+p0c7yAhHjpwBRRfRorUIHdKOyUcoyHyNL2BDePxDwHAnKcK
pd0GPYtMmezvt3K/L9f3BvXVA4qCLAvLvrmozxaqyEtzQcHkVSkRhRL/EVEOT0H6SKDIOk66zVma
+Mzhpo1m9OlT5IruEgUFXh4Z+WOviO7nrwTCAtQQQkVD0XNSBjp7/Sf1GSTd0L5TnZK2JKMgCjGe
FWCjmkBT7B5MEUSRB3EyEk6CKhnaEwff6L2WEmSl6gElM4lGXZSHg+QHJfHwTZSBFNpRAUAQ5W5b
axDsvtOAolqZqLrEJYADaOU/qPl1W77Mit/UDcTKYoZ0iZ3NxI3M5nn5E/Ewqe1wWPZUoe3ZCsZn
danX+dQP6evMhCGcP4789kH48vlK4I2G1KrcC4G60ar0RrKj/6WQXKsCZaYJDecy9KKgZhSeWyOG
6Zs2ETMUrSXWtjBzxLWByFC4e/yu48krhgxG/l581tniwEQePDyTov4FeWWKeklNs6JwMcactQfI
T16Wsz+W558XOIGu+0my4lu2l5NFUfm8V4wzILvQxSNitn3UlH7rPrh1bxVGMepFRtRbs/w2Ozkw
9vBQgyO7o5te8fR83Qv77lUmU5OZwcxB3kZ7SU5O94Lqdjw+C5yqfEor6DkVHpP+E+b93aZ4m9Wt
rHXo8Y73IF1v010Tpi5XxCc5zbuiwOP1UeQ3f0kGvPhtrZwz7NlRUdywO6e3XdvK6wl9At4rq3vS
MI/NZGcTc415wNjq8A/LbXa8qi34i5rzmonnoVCz4SyWUjiZdSRsPY2HsyKaUqculgW4I4gbhTGB
/ldeOcfhJ4+f1+WuXK7d6SmPoOhrBZy7scz2l+CS5WjSI4QtDQrKG+B882n+ufDJJwbKqVacfx6a
GJMPfDAcMlZz5lhHSjxi5WvhTV7zquuG6WXcn+x0xnLbuvaut8NDTAE8Z/gshtfEHpsHeeQC2ao8
sysrF+htvyUD0g7+iun5/nyArtvX9phy0++ptURTo2xXDRYgX6OFYT9Ijs0v7bcDzifOscsBTKyp
/24HIFY08pvInoVYnsOHG7/cZkDzVvkMvD0UgB7Svi92a7/NUzFSU06Dg3nPqQBsAqrz92FElWKk
W8xWlo6ZqncGogfNWUv4S03u6MtN9xz619nu/UXhs6ax+dFa7V78o1gVUXc/fDNExx+iPfIvvpEq
pYFSsd5lwyasN1U7ioxdmqzQnb7rh+rfV5QLB/hgQHISUR6FiJaZ4JPI72Shw3TcabdH+30bnKgr
aJUfl51oaz3Boym+Jalpk2hRmy4T08+sNvgtz8nU/dHw40/jVDyGl+glh1wffmG+OKEy00TPIPoy
WLO9umWzZMuHfRm/03++ncfUVKZOGPnhw2wMQbOvXQRW8zOPW56/f5y8b5dBv1qCXDnw9tiutQ7G
Aq4VwbHDoIDs95z32NX1dO4i5dKoJlPYm8YCMks3iaBRQb2LZDrQ/RTsS2prpQ9aEzTYCib8tdVS
mLjFozXte9VF7ZmVsDX/m7jyfCFxhdmVjA8XMXYbBHszSXbjcLuwVIyE5+z5dbwcSg8uWm/ueTA2
O7uWbRyDoWdaT03f7qO2QiQfALmPdEKJNsaxOipXO8ERdKEvQnPB9LcfPV/ogK21to2cMPinb3kM
H+zZMEhXoipQrPaKAfXPE7lyi+BSuBcO56GYgZVDZv7I36qzi47F1bwcpzu9tNdedW3Ftb/PBmP5
tuR96G7P4eGKeX85Nw4BvxN5Pace6zl2K4DSR3LtYnhAIDEe26UicBhyHJ/F8BMkhAtJ7guNI/nU
eydCO0pyoi8Ej6FFPwNxuo/c3wTuvM699I23PT4xS/OP1mwmKpdbACdWas7+XAO74g+jtPDjpmt5
XHRa6TUQ0/F0LoXNr5hzKa9wnriprMke71qcBlSg5rJaolmcsBjE3yoTe7nQKN4Kl3PxqKyMxded
e8+n1PZJQRz6gOb/PAguuRv0ihLFKQ0tBqJ6Tgp36IvNh012S4FuPyzg4vk0fNDtg3tLEvB+72o6
el+jbPmK1xyft/7Typx3EFyHBJj+TE4GsDBYkaJMCjtsq8WRRdFsx6FhtXO9ZRgJ0ZMMXEHg+udz
rB59cRgevHaJ3RqT0MHBuebmjZ/Qwlfm3+RxDP9cCs7M/J/OW2Vg+Hd5HON/ZRkoy38sA2X67xzn
ShOUIJZEEegOLOXl2P3TjsfO6YGMpM1D5nlNcpO2LSiy3F8bKnpdy+gWJ4gADxzAlAeCQwwd708g
hQYm2E8mAUS23YpVJA7rAteJNPOh0l3RhsyNxGRN0G4hpKSj8qLyoPeh97U0p7xw9/z8fH2tjzG0
sZFdYnF0dPRb28bAIL+7G59maopv5Gi7fPaFI8+/W4nf2spqYO/GmCldqlhOXp6ejq66psZZRxwh
DDj/h2C9ZzlgS3s7NwuLMSFYNT7hzYr/ikseNSwHdLUChYyMjJOzM+VP263P2g4Q+C+nMs4qwNKe
fPeQ/p2cHLzgqvZ2z+/olf0zc5UkOyAQyw5kfXJycns7Tygk+DtH+fXr18fHB39iNzfHWgxFsf8V
iKuDAxMX10/REJClxUUGDk4+vks/ZQ+XjmmW1szMzPJyyvvQCE1b26v3d6869aKyetBtm0i7F1Qb
1rJGAiXWZfXUwZSohR6HDOCWxsb5paXSuE73O1MHB6R+RUuu64htmDD6QC3YKWh/C4kinLmfxTAe
KzDkdE80/b+3pWesHNaTsFCWcTgqJ8XExGZP7u94LpN7MEEh1ENr6HwpOfNn6zGIJlZUoAxhrjjc
yo+BOwELzREEHTe6wNd7enoeH9nIXFjd16nbRgt+4AoYIzciMTMWwphhqsMyZ+OxQsvR+5XIyASM
3WbcMyXivPa0iECa8mzjgf/SsNMIrSbIAA418CVB+t3dXerUYbLNF8OMu+tYtKKRoqhj4acLVFii
RIWTnf+zTZYxHVz1OGQFC7Z+ccSgyY4ydAXapVmCGNqQ9Sf5yCS+4nxVNM65xcN49LK+43Z1dXUV
OwUtkBoQvzJhVZHVom7DMgW7wCauUGRfwwnO9DjXgPHZOlnWhSL9C64xV1Zvi/1jjUpu1VG3BrD5
XRz6oKBRpCk4++ZJMuHHHydo80yLVXiwDrUC7XP6SsxmKFpQws/RCh6Eo2RWyzpva7isZM0xbdJy
3KXUVOzvQF/9NxWsIx2MTzUa+9aRFBDUjSNrm68/Zjl7TazK65a/IPdAf8+gWbrYyl7ANIu2VJJT
WoX/uyCEm3pNYDdok4DCLnSAov85l6VJbGT07oMAC/hPvk+LtMwSUwkWtJdG5FbhuuvUKXRiYpY4
UnmVEISanj15yggeaz5Isw749AXEh2EdQbOsKIEylfQXKPKY2XmB8IBrAE04G+nrMw7jP6NSWdng
Ni9yhZ+fJnM6cfvpsoqJnz1kPy8UbM0MvbH9Paki0njIUE3a6UTFrxP5zYnn93VYVMSRwoIx41UD
CxefbqOQk6TjtowLcqWF08UQd88QCLRSsP3EnrTEzMQ3G4Zxq7NzLpjWILVBJUK3jejGXDjVyxMN
PAh0/JwivOsxe9ThPjYdF+IRBoVGqsDEf0UHcm8rUgCFT98cIaORi/ma2sfzE+TuKA+6m26f8x9R
KVaKydkooA/ArawIVixGxm2HQmhGnyIrg3unX/jeRzz0/HJLU3cIcesxiBpWErWgfOihVMOUDbf4
MV3Wbf90jPQC9CffPQL3AHlOrBTrwKzOVzVusEm/Cmmjsp18sGu30oY+0khamom0ElzevcUDkMAV
3Ze8Yh0P4poYcotxtQacTvCD8X27CxoYBq1Lyq65OgFM6QRyKJFFYb8Bwpv4rFboBgx9rGC6xrAi
baTQyyk8bbXyzxtjO/nSz1R69XjF3xc9O43UWPqN9HSMJKwdtxGkE9Q1raRSwwI2NhtOyYBSxcVN
TLxJ+nK3g5Mrtjw58dvHJAXHuNzKJOWz/hX+AAWYEiPawBYRkm0EU3N/zsk5dQAiJO9hgnhMi9kh
wOlztkVgu9cQszJ42lhl6m6MfP+MI9vJjP74SoUmuTjge/wF1n7cLNffcbovq/LVp2Fh6iIvSwNY
46um8OD6e2sVK+si4pM8ecL/DR3UrzHu3zkaxn8OGLKwcPzH03+33wDDf2m/gf/kaP5bBwy135SV
1fD4fccnL100n+sauBXWnFZtSgs3N1ZdrPKZdXSMqNHsKw0rVKCrMaqEvAQ0KyiJZ6RUQfWcFAQQ
WHiIEOLzOgJ4ZAkJIOqGRn0mOZ8213lGgJXVrCY5/nQe5dx95Ny9eOk9JZydV6l9x703heKx2nRL
nZ5POHDD33k8FxdXtV63ro6Ojlq75aKs4VdBjIDlHTb/57ORhoaGtbW1o6OjmdnRt+U8Pj7e3ycJ
A8AlGIwsEiBn3C2YlJbwZ9wVErq3ggtDfLK6RXJQ+b/dToHbJ+4NfHBX6uQC71LNQma8DiBvOKl3
lwrdw8qTiJyQdTfR0rrt4oiIEpZOfILImU0UIjkpEsVkCt4+KTIDF0te7wXLZQUDygmSizjSMeVZ
4ebczJBODr2rec8T65WP5Qa739NY7ZZIMB1F+Q7F99ZmT7ZGxF3g6XPav5qu7mUQ0aUeKT2XtaEi
6+zhQfK19aFjGO8HkFWfgRDTxHAMhffANangtVqJW6AfAUHIsM0ps/alRh6nzBqt7h6H7oDtDECe
kKQ/5DHTyiteRyEroykOIi5YkvDFFJkgviWVhUXKcktJNZRRNEYhi/yI7jkrpWZOjFEs9ghS1kSk
k/NUxQuif5kNIJMTdqURk5CG43aP5iAtvQv3wTEgFBdJjokh7lMaDS4XJoHzvqkM+w5YmQ0MR7GR
fgXoJpsP1q0I5h8arthRRcdIohcbcJnFPY62VUdIrowANfFkSye6Q7rX2oU7JinzTEfBDmwKWs2W
a+uPi+Iw2G/kIQfzxMbf9c7jY17xSPqbZGWkifspgMfmKot8IWbLqSKmBnBA79VVpnAVKjV10zG3
1MWWzWFiLGkrStQnAaPR2bctYXh84kv/IQHWC8drpvHMmmIUD4RP2auIHFSJMQO7q8cSnczANdPt
V6JCrzREGeuhUqF+iAAumq/6g6SzVoVCJwqjodkTCCqVhWPQ6D5w3XlPLz8AyAmdqVIQqjxzi9lH
lOaDR+5ZCW6NLmnUvBNMK19uP3B5Ww+OaVD801cH4xAyf8R1s2hMKACfRmE3ika9vJ6nLsa2wZRb
OB2U0aeUQJwQmnrm5cQYGLs5aYhLxinmrf6ccFJWROdEqcwJ0ajCrM2hCKYJ3d6n7ZgBfUbipD5k
UN3dJg0cOp7Dlb0/Oi6CUG/X9E2kVLizl3BQwZlr5roqqGNoQgur5DUMDe9GozfM0TmSiZDKPfmo
tSrzJ7xkVgeJBnqp2FR9ZvcF7/CAvafYDdr1izGmJ9AQJNNYy5G9yFgWowZUbPMc0duzFLegF567
Pdd+7yVfAqFi7E2FygDRShSHUsVPjvOcNcDDGb42io11WMj03HbBPqH7VgZrJRw20UMvqzCYg7Bt
XeyneTnw9KTLbSKtkBY6XZnJtQ0f9IFgtSLRob7EP/smSDyum5doxJcWt6Rnu+whVIPA7C9Kz+BT
vmVeTFcQ+H8YxIl0btHy6iOMyxl3+0B4IvrjqI/SKVDHh8IiiYjllX9EtZaGu6A4i2a35vp+fscy
X4u/tJ5JHWVlJ5oq2wtbV9MoMAHTW9va2lJS0F5Sx5WVlXe+EjC7bT4flvTwedz8tvipw9sdDiJe
MlQXUbnDiIAIqltbn0tzfXYHnJ2db3LzAjkQALmAPvZ5BHLh7Vtst0KGBU2jWikSilFMrN3njJmS
U1P1Oj0WfjYFtPb29tbV1bkjhz7BEQDmQH8Fj2PYSzUWunkVPvxSLpXzb7Vcqt5otS9sb3+TDAPe
IMBF0gdgAB6xKttCHlwYEvkD0ajx5fJ6fzI6Ovr6+trc3JyTk5OfT1g6Bwnl83KQKiFMSg73jRIH
lq6icoBOh0NJt2nLYIzLdb/AvmU1Mi6zUm9yMASLX1pM++V18Wa52PF2Uuqr16kZ9nEnuN0w9Qlo
p8T/pf/xCs9e6nu7oFbpcqkNDXB324yK9jMyEj6X07GkoqKivLy8sxN3ABYePjY2Vl5efiqWIw4O
Mg7YIs795fbA8WgSl9ulKi+PgJ3ddalaZ63Zeq3RYq7N+WyxSqNQtVKtWvu34WCEvOEEPGAPkJ1q
jW6ny8Xqw9lSaWkpcNtGu+uZUxux+Db0IDqdds+YfRmpFZuWnt7WyAhEWGZ6engSR9Qwzfi3Rafb
394Q67ALfQVJnvqTSA4NDX13+9cw/PDvtQ73O3Q9L8DX2oqkJJQ4DEs+CAA0v8SUlGaDfrBosQaj
YTiB1MTExNxcvR8/gkBcb3ZFSQoXF1WTAtzSUWqS5GRkxjM5OpIiuIGSSiQcJTLCUsL6zaZyBs8S
wQIBpfK5qKmpiYmBHxtMxtAwkHDsjKpeCAHUAeAIgBT8qLm5sQmla5aAxVrXXu6OECcQ5uIS3CQh
lwE/ecI8n68JfTMxHiBntW1t6QuKBw17N3AichMSEvaGY4VPWrZ82n2/Pr+r9rNJM03B1JRM9cH5
f9COwkkiVAJsvOp6g/OHpvM7dzmZJUW5CEsMs3Jpx7VHkozoFj93ae93j03bmv9ji7zV7Ys/g+Sw
3dFK6TfHysKybWIHImMHrszpcX+80x8qiE905A8Mri963at+Jw4wQpANSBRE+QOi1r1wBgJAWloa
kWQHzq4lk922AG6gkGpAUjdd5H4ZZN1+1y0jsH/XBo4Uigk3x5sQglh/9wZ9njC3IGwwm7gD3h/r
MfAhj3BtKAMeyO8gFN/HLxuYwg1TANgEAIGhgMzCyipIuYcVgClPLClxzzjN9pKaN0Zceh3Fz3sZ
AD7t2mR9ThBRG9vgd0EB0JcagJQsCV9cWMgs6eI7osALoB1CCQAKE5YQWl7gxx0E5OI2Sharbsq2
GMAlGJQdMrpi2b5cKLjJSKx+bmpqmVLcucJjT7micV/7hCnzOg50Dy/EKdrAzzSFKlARABlAIgDQ
1uM74Ybf5eXVUHhmNiBFEtZ2sHgk8RsA3D2h7aIiWTi0v+f8ve1CncK1gCFCIy5tzugeA1lu4Hs+
9SJnqevqKZra2k5HR097+iqg0QXfCn7dKaOLOOx0l2/z02wJEz7aDN23nMQQrxDfSvcnG10ZLlbq
7drAxiLY/sDmfyZGFZZoa6qR/5NxboM4KGnSKCIJvLnTwOTKAAmy4++v5bm5K3X07OWtxfvOL3Ux
cLiUb7oWLkCUKUcz1JTasjAhrYbwx3lowsq2Btt7QbWEoQfdLCdCwkzL+2Ys7rmU/syarVX9zyJ7
2jt/d/vgMjdPlBCQAWx4eEMIkBHe5dBfQid15dnqfeDwdg0JQeBRtNNdFtR4P3uccxsKaKM4/cWD
ze9Eyk3fCB637hOi6+lolmcJGPLmBJq4rvMiH3JuFoJ1UPU4irP4kVoAZuIaZkQQuLg4Oz8/Czag
wKW7Kf5B3/4ToMXKL6khBOKPMrb+0SWaT8Ae3lE/LgwAECHaox8EDO108C64lODuAe+VAaytWUo/
5uDiVlbmq/1PF8k71sTXC5DbgLb6QkbuB6OHRaNaOguYsz9JHh6Z0EwLkPTXKbWMS/PB9h8T7tgL
Y0i6eeqkNGtpWrP0E2jdnmOpM9LY0NANqaS1K5Bj9bE6N0qIChYSf/r7D9JpSOjGiqnjV93rmGNt
i1p+8zCjQssIaJVs/mybJYOD8RNw7F2Mzqz/WnNtuTr/vLgineWNd+V7eVW4mYlipVa1ojjL9/UW
9gAygQ8569ItlZtLkRv1CvIGqHYPxMEAwILPzOJb3/UX3OfjSS9fewLU6bscy1KwO+1QfoDTSr2P
V7cx4g3X4L1nsvSKWp7r2hPlexwcEOkiFdrkX2b+cUZKbr+Fa9H8zPvjoasIeKsARgjJNasUuONH
LaaDvMQfCJpfw2nnAwlrBWylDc68Z7O11TkVgQm36CYLWMqV4k1OmNRty/YvqFld9e2uHfyheJIX
xVUByfduf3rJYpgBut05wl3KZS9rX5Tgkso8o1bFSuA3hzH3+SDwsOFoQhMGPU97SpbFLC3Qrcci
K6pdH2PWj3gjnYlnEUymJDpjYnQaS1N1so9/7c5Nzd2FV/CyxJqkuI4q84IXNt1jlZTgnOAUB55F
NtfHpMq5ylGohCl3pCD+YMpmyDOaVUPReLmf8eBF7irAayOrojwnEdWbZGPVLD7CHavZO82COHcF
qE//c2qbov/oS/cAMB5P7Vle1LrRH+uG6a429okOnD1YXkQ8a0TqLQX223377pXwVeu9+O20t3z5
Mp2/SJpweO0En8x8j1caLuZG+SqHkVmL8+W6aNAndgLjrHHbdJhLQJ4GvLy203Tqh0YIRUpRs2db
SexXZMWmJR5kNUuQMVnt3T4Z1dlCIPF5o8NbJUfkmm54AyO0Ywsp6CzcDLuOwAoBOK3RbF8Hgj4D
rgOfF8R0xt2xhlw/Rww+b2tTzCRxySRm3kVzaj1zNK9SxSEGPTMFvp94Y4rX6ZKQDTF/ce5c9PhC
IlZpMd8m8b68BO4uxibzRoGp5QG+0Gzbe0Jl4b18WKP9y+/owvf5M8e2eDTyM6miOiueSGYhn8JU
KL4JT8xekrsbZBm+cOqT4RdrONsZ2TZqvlQb7Znn1xMlYcLpUYExa6w9fd25WW8ID+jaltNE+6rZ
9KNtg88NJvt3vxrBEevb+ykWxt2gEk8l/CvE24OYYeZfUbblRzsb0uKNkhVuXa6P5RW/pUvfzhUT
RrrMMo5D5mTmlYqHhslxLbxxpCwY/hQ0hppYOElKimYzX7w4qdxoNpcNy778YM6QQvihhJyQAJKs
MO8j/0P2UERAdcLCzhWzvMrtl+NiuQlGWpv2nRlFR/q6EAhuE1rdb5p58zD9+Eqi1OBL5WJHCWFT
cOkTIFDekFawX6ioh4LNSi1jKyaUcww/QDpR+3+/9wDmUiudGPNi6OXnYwqBbwgmh8TR/HKc7bvN
yJupYy2PZvMZ1JXSs41e+iEBfMKeomvUzKGgBCLkZ9j3GBnvk+lQ21Eym3nv9EC1gVzMfpBxyAcX
y0FdyNQ1PwlNWkqYjpkSgWTGrJCTAJtEtmnlsVoIg+thSQCNckOYMUvHN7MweO5f9lOfqFpfijGn
hqfW2J7wuf7uCxHoDDAPNeHg9wXZYqIM6s1hmcGhmBT4RjwyuyWzx2zwKomNONJHphc4gU3CCzri
OJ58GkutFKTn0ukDln9dSDa0R1oKCBAiy2t9vZJ3SIYeW72dwYwiz65KwJDCnhae9ICBn6Ylwymr
VwFVYYg1a5oSDASZBiDqFkEx5UpRLV6qpIhmcj77aMUeq4lT/CfEdQ4nr43LoiIhkUhQRum27bze
MViChjpyy1l9HW95su6uS5pGWx5AXvGJ0/wRCPDeojWj6bXPC3PhDxgpOGb6PsEcPQCDgcFKZjfz
A8dgmClvS4Xihl4S6rBMXJq9uJ+8m4P03DJSg8vRQyRCl7F+Y1KM8eHM0xDGtR402IB9A7CqOqeW
uaOD774xOo/VdO3e05yY5hZ0obC+JuINq1lQYyXUzrK7tn10rnkau2LrcJ7oPhZGrhT520sB1LCU
Gj8YlpaK+mP4nVfazuG2RKdYjap9UuOLE3tW1m1nvwDGYMA9/90AyD+nlLIwsv3PKaWcHP/r+Acn
5//mhNL/1nH2dFlbJEUMsaPSF/hXYDtrw90CaHQbbZXK8PAZjES6KLoobPQNCSJo7SQCTGmBLmRz
YFqFLosXvJLmXcqa7B/CfY0WA81XE0XYadCOlzvulzLkyLhSApAUgKR5IEl+SApAaoE9Uycci/aB
kGHAqZfUc1DzhXM3RlxwzusYQPW7pWe+JHzaERaTVwvxP3nwtMyGzFmwTlsXQdR3maFt/tRIeSHw
huVF/jk0Th1XrbsofSQcTqzr/BnNiRdLEyPeH49DHZiPtxTlV1VF00jD5WtPwDSBaezYB7syabmq
0Wu1JrZXa4I5jMybBACiG1vVq0+wQ1aik8d1gEKTbEpC2w0bEqEGCeGvFmjQsnbx9KZUGGN6ia0s
NI4Y1QmG7HPhklyLhAA0xZ2tWulsZ+dneiyYJ2mBJEvH2s9ogx+X6Cha+/HxEe2iBUkNSHhdtVCt
WjlhqsxCPHHMzSKMndrOZJWEsKeNBNN7+vCa6qHz11u1mpWokYNSxbPmLCLMu2He3Kut4UylFJyR
3rjMDPANL6MmpFUgQT1S7raWltIshSyQRD/s8U2UkjgoCcXwEiK4ublzoUD/8Uq/F2GylLWtbaHG
L9XCE49OvL7abgfl1O9XyQjFpFOkSE21pg6S/uIfvv63BEnCH+PbF6/f2iUnXNkxIumewxRS4wPy
QlUKFAxrwzJif/Fmx58NGSx048aTOXF5ecmlSObM6bomH/MHl9RUKSkIYyJThox/YE9K/VtgB25E
CBAIJidOGRRG7ZfzpGs+7DGKSTz1+i3yioaU1WKFM08zV1LP3QRxb1ZuNtj0QNDvTE8Fit1bthmm
RPH6+KI6SOJBCVZ/Djc1b8HMmMXADClFw+ts2dnR3RTV7go9Q4afjdxSoqdzKi0xxeTktD3Y9yZ2
mhJTbTqzbma7X822NuyWj+5AA3vVacicKeEZJw8wpmzXLtgww4zWBfXPsee0t0V1JmIvMaXJud55
2bDu6I9ajCyZNzG1OoxcZebOHqR0kASTcJPFbxR9rRpND5fpoWO4OP/Xzsz5z0Ot2DmY/mND1X/3
0Yzpv/LR7F/OtGJl/m890+oHinjb8FgLEgrLs4DXDQLIt3HGEq1fOf99VGVwdZnjWe3JaXZ12Zm6
YdwQ0vGwX4X1AwQV1YgIy97tJ0xX4QxF/5hVX0ZeSFDcRppEWBlhPIEkyY3718aWk+Lcnb5fOuLw
q1xuSVtpW8VbJf5XTUUbmM0W28pfKxHXW2dmZx0ORpNDQkLa2v46y1y5VC45Obk4tbghN22da88f
EN0rwbWKgilFJoPJ8XZ+JbHUIJPVnYqNlddZdXw+nVHZdEhmiM1od/8E2bBENq3IBrlUTD4NidWA
qflmhnGPmFxURA4GFpufjMFp/jguvjBALAoD2Y9Wf17hCzEwFG5qaqvO23VyeS7/nPuJVUPBWkFO
bvLz401aSuqvQ7d0dHS0tDxPZotLSkoq1Wp0210uDicyscwXfaXeuYTVsJc+R8Cy8RuJ6FV6bU/H
VxqOhgYHJzLR0bEjPzrc6+zrlstDHY2OJrKxqW0cD4eo1nBWDyfTmV0fzznnSqbSeEykZGCa0yQT
k2DR2OgM077C3t8DqoS20cluLAsVLzFFL3ya3tJih63WX29viPaK0jDhBybfgk3h+d9rE4o+6H1u
7prP80PxgNocD8fTeT0faSZMJ0FmG8hk0rb5vURsdAUXz5D4nyh9l0I73uA3hCv72WzdH9wUZwbS
MB2PBssHAHkTEZ1W41ckcWP531amDI2M8N22ARH59ct22JnY6fkt1VzCfnR7iq2v7ncPL+Dl4yP6
iN0fI0gSuhpztTXOwZ9NCt/rc0CeNBjDn4IDFaI87D3/6cpFEUgE99NbFjdI19LjtaEB82k4Gjg9
rneU2J7JKZIv9dSPpaGKANcryx2Q3yXffjJQP6zUGI4mhfKBHwe0LTLluoZg9klQBr/WxyhRr2cX
ZkUo2z7iJ4IXjl0yuU4+b/LI05Jm/5oCXsRkihoknUksmcyAfQ+jIc1x2KtN5/M8JiyAewPH94oT
w1k1N0KjxKtj9369x2QuEa94Pqh4/hOeyuYp8qQQgp9u22k7GjO/u8sksxv+bD/L4QmSCcdTG4oI
LplLuTiZ9Wclk80aCyIqKmpgQNrGx0fVoHngCq9gzF8wZQo0N5lbORrKh7HBlF/gdBhTGOh5hhAS
120Ok0zLaRuQXwH8EaL7Zk/22Tr1mXOa6Aklly/VS/Vc24SGMjIiJp3Tkk0C2LQA0YqDWKlURqqS
zfVSO0hnWzyCPED82YDf5/05vx/lIfF5Q9m86aOW1kpiI26B8yxqsBixx/bQSvpa5DRusVXZZ1YE
3ww+Ylg0djmTy5kKCRFxLxRusJH5OpF+Q5N707olplSatCR7WDV2Yr0Zln6DiIh8Io1zTHsf5V5k
08kCql0kG47nm9MRP/zNl8MDVAyXo9Gu3KIYT7/Dj2ZTTIZbWLWbhinsYfg28P6wwIJfMbzR7eXK
JTKCXNq9U3qD9LbnmJxX5KDT+4Ax+CXZ/cPyWXxGJSpNxMvPeB+8RTcxwAapRbFCtPCtAnDb8eXP
ojB4Ms8HUu/PV10yaddrzR/q8fbaz0EWc2ZKsTGJZGQCuJiGdDDEcNwFpTOlFXoc19gpmZm2FEnP
kieWDwCvPgYLo9LsqN3HFnOm6geyezZ0KLEw54TnEQ7kYNqTeEgRr+XPBxTPBxIPiQVLp/5oLr7Z
epq9miBb9jsziaVye0WKQv0T5+RtXigugzfBYVl0vHQ8OKepiZnkN5YPHaWxP3G9lGS4a9y8HxiN
7NXdUHbMQjLa/KA6eu1ykEi8tS/jpm+G4MkrxZ5NjiTeNfdiAn/t3awkteDVFONx28BAx2bxuFfU
a843A/J4SRik7g0bICNvy2kcV2mqL3OU6bm4VDNd0Ih3KT2BwKddc7vwkNAwkZlWqNwLZJs/GlVD
bJI4N3mrqy9v9wrDrqyo3xAdffDoTq8++EldB7/iUkNBRqehMK8g8SPyePQKtpH/xJU/WyZ+FxLu
f39HeW++SHj+82x5CLidWm/JGmB7vWxnnhyWC8djCJ9Ii8PGSBgQGgd93RocEvL6AstofGSVKA0X
1DpHl3w9P86H7qUMrbZXrBUHyY/IpYy1Ha9hMoXmhqwCHGQ0HAJ3e8essCVf7ZICAoV3/RvifRFL
Wgo4cEg2C0W4B5CNhOVYht9igJAKb5bIU/sSgqdL7Rp7PzUxMZQUvBeJv/clp8Iihh/9WqvTTMee
8ho6m8M+gdTZL7Z7GXWlAQoPYn9eEWirHofb5bxH0GclzWUzG/tbRt+IwF3o3kvnOnpKSmxcDE59
INtLUNidUweeMG6Q/JXbJ2X9hD2RMTFDfCQivfLpLinPkDmu2kQ8HOTXWu22wNfYnGQcHn0kdE55
MZvlBvIgDifE725lxUFh+P5/9cvt7Th/4I8kC7Pw3IGpdeAeem9fMUmLlZEZwXjFGSJnHH4ShhVD
lXuaFeLT2lgl2PDt7W1/YPD8K7PlbPLAGnBpDXA82Odf3LV1RY08+k76xsZJYTjya4byP3jwrJ2f
/QW3j/Yqt1Npb5i/Nq4EPN2Xvy0bOHsKUHe8P2J8PInTdnRDKEhf9clH+ksQ3rB8VLP2EwBe116I
twLCNTbFzR2DQ9YtB073DqA/IuKv55lK2HNOT0MzeRD48/DnckI1wFiZQfqR4WF2cnK1ilzljPFE
qJlr6rkdcWBYqHYiN4mz5TlRrej2xVx/wSC9GBwPNyROOXe0vm/zudMvHiouoh/XK94qERaoLYeL
VORG4kHiutwCRF50TTvW09PzydcVkoVT5ZIiDF/amDGMsutpT/Dqk+aGyeZFkkKq3EgK9KuePKD0
7BBymlLST5yNjGG6vZt+80XqnQcM24wXYth2ZNrPfq/P4oQi16gOpqkj89s6ITUvA/sXisfePD7G
P3NW/uEpx1G+pqXEZnLiuN7bnqlAxbOTvC/LLAWWR3dhncDGr86I2Dp+6wAH6L5geh4NR3eENz9V
u2QfwB9LGGxSMsSfqjheUewIC4MIzyX/kxSZA/r8S3yrplGmf+qwR/X8JDxi+CAGCYenD/4tnlh8
yzWXPSVT6sFRkXizcxCoG9a2o2j7iB1lLMHd7Fv2bWnUETkjOaRuewiTqO9iHuXPf/KHN8bCIy/X
nxIi9DReCGD58cyc509CMP4hW2A3YyyfJ8EPmODb7JoVJUf0phOdHzTXYxz3DpDX2CwkJCCW1Ukq
So+9yOQqNMDVQ9mcPrpQPt8d9y7mSWcgPNIG9dm6MSSXo+NgZlFwEBmSpfzbCwaYTQDj8G8J+vQK
9hZ5p5yf9DQgW4s+xoH5EItFnS9NWbYTinfdOceHrHcOUj3j+vxuPA+quSKgkRVcPjhfQeKVfuxJ
i+G6sRsIQ+yB12NNeN7ozGo9npT8gOCvgt1+XjGArw0nSyiR3oM+ZIjRm8x5R3jRgbdkHBGNXnuI
BPXBDGVLTkmGv8ZFwcAAOWkAxnOasr++ftDF2Flq0eOn4Yx7dvbGW/cKZbkCf399ezW0BtgxW5lD
LhfWLHVoEyYQP6d8Dg6JgYA4nhMf/MtUzJpdAsJ2139+eA9HKV43TOXEsGzkQ+CRMwj01nzryqHE
+3j2lWn5ScCC/XvH21vUt2/uP9cICK156gPIj9DD3yYPxdNB8OP2lMbyOdjc/BB9d5pZ9OlpMoaf
19glX7iabHZGr9IZtCXe9HBzfxru41Hij+fVcVvA1QSNbRA/PbqK3a78Di5qoIHszGwhzz7MByNT
U5+OZwr99chXiGeQnz4/P5G6uddGdZpdTH6f+Eftztb76G6qY5LuliJz3dTKznxb1usn1qGYg2eT
sW4HglC8QzwAn5OemiIUerJapogBeRLZ1GYQeRSuHDA34yC9q01vmJCsi+caMYfVlfUvHdXUdUej
HnjfPdCvhTJb/hq/+Ofm+AlOXunrAT48cHhIWN6DUj+9x8eNW9+2P6BqpngKnz2rmw9iRpJbXR9A
QFa7Zn9yRrDlI7cVNftrnlyAP5uZr7HHupjbAVM/U0AXwHZMxv6fQtSWi9X/h/i6/f7wKrjv5OoN
FTPS8+mC3cEYQDVaU0yrljxDZaYBJHaP3Wq5drPT0wwTpodeZPfb8m0DPsSelaBjRne+3g9uEYg+
wVODiEBDYDB6ufXY9b5/hMJjH8KXObHNh7y8vj6er1iuufQ364QgvCzJgh5tQb+afmH6b1XoWEZE
RHV6PFwubrTteLXY7C5GO58NpbUyvi3+0mIH7V4i8bk8c1u2faK7pfys/6jQqfTXi8Xr7FHPDOHh
9bgXYbhYqJSPxePtSQ4p4AUg9dEp+t2+aj3Nr8qh+2O+MJX3vRXA5SomaqRcfSqH1/P+vPxP3oA8
lVY7L8D7tXwTBP9xWgCmtenMIop7frSA3EQw8y9Ni1ieB2bjyQRv/pWzhmu/gK1JleEYdMJnoeGe
pCbYIxVgn29+r7bwiVGW/QCBAUiEaomfrcdWu1QeP2jetxYK8jOvzAQ6p+o7km27XsgUi+xNH5VP
NsqNYOMgH+4UYfc03kX4EJbJfEYS03+bOG4ubjM7bNZsII5OSLQ2tH2ig9GMeuw89PGqowrYK52N
hQNrSTErzNfodb9ddeNHIotFYx0cHYX6EPhZIfPXdhISG3kvluQxE37rWvbF2uBZ25Xl1XAzX5fn
Fd/4g8Z26TAUsO6AtoyskQnQI8M4raen59mdBg48Hg+H49liUlUjIn60odrG0xn9loeT/fur9uWb
xGdNTIczzadad33e0Gi4YCDYRC7/F/8PYSIKCoibJSm+O2V4vufts/YnkgO+C1ebWm5cohvH0hZu
BbXYQzzEYsXf3C6H+4ePF2tLWVjU4hhoocHR3iJ1bh1TziS3RFWlxcUXKw1XW3Dvs2cBauA29f2p
Eu9c51ypes/ERsuaaU+cV+J6Hu8bEYnUaiVu7hvgmgjG2YYUo2NjZ+WluXR0lFrx6VyHnXk2W87K
VIOHKYx5A1O8PjaFaD/tV1soRijX4GUwQVkaLvWc4bkw6neL55VL+Tmeh3aSVMqlU+h06p3S62mZ
11LotJqdyi36S3msWf1hysstwOFx+bwPA8+X7oxcJ888q/ErlKlEF44BZ63Dng6tyEh9rP12rEJb
VMnZqFlZNHGwMz49h6rL1kyG6JgeKc80Npm5TPpuYcuvOrRuTsxyFxaza7hrrPRyQheotXi36HJq
lpqh0aegtT6CI5fpzL9/oHOXFrvU3Klc1QTf23yvvhYBHiGNHqK8Cxdi1gjgdEIKBmqSwZfiTTXq
VR4heFRuUN67TM6ph04x3uLqjKreSi4/w4m/HA367qT11OvfB0n/LCfIrt0eSKfWqDcbDtYnJdOX
VMnISUrqmqym1Gg2EbGiro2yWFmMNpvKjmawVi5WS+p0Pw7Oo/q6PX71faGseDrju6TVzUV59y6T
DmGxAtkz4wihh+UPXE1ugxPQQoq8OTwItwf2kA1hYVSq9HIMLIMNfabWhWJmTi6LDA0xo1Xb7GEU
0kYxamGb5L23MmjSgoh+wBtZRF2YnHsP8al9h1plmiDyFbnFfm7jmPHCRZLGHBEDhMYICDkGVWl1
3lEHTM3JdbJUcWeYhda4RsuztGxcUw3+O9FRJkwphUqhQPLl24L3GY0x+E5pWyGXj1mnLuU+rjIf
OBbim/d+gIIIBfNlpzuiTYkuOXX0C8dRANGw9nOLYpjmsdK1+bGugrRQG9IokX2E9h1c4pcTmO4k
PjpY/JWy44T2Un0/US+5KG/a364d0bFtrqMGpmDlUlSWb/0GplLM9t3Z3QR2j8DIx6is3AV2zcaY
bzuweQhuHAMTTVCbvy8aDjDdN2Hx4p5/9/6ph9L6vli5lUHnikVHrs48e0urAz315FpSMWg3Ds+F
1lpsXltTPHE8TTjMRgPZjaatEuLeMhBRBKJRpR6mfDq3I0TqdonbrlXLViVLAbSbW4h5AGPou1Jh
je6kiyUOTT5tQuIX93KuOSAc+iGwjH3opLELznvu5wvBb24FXn1xT6r0cRm2hluBAq0oEslELjIA
j6EOpqcdIysOoapESP74zgNnoM15E3+gwtPQgIzUvRhi12zLrcX06smgIB5EEN3k/k727V4/eqSa
6Et1f50/mqsVXysfGsHuk+8PwEwLxyvp1ij/hQfmXGGUrUDTK8TIrsOL4GlO5GOIRRMvWi5dGK9b
sdsiwA0/dI3IP5XbJjXm914G4aKxl3Jk7yK0ewQil7VBMUqLu6Dfsw3kSLxLqEJORF6CXoZeYrkv
sMhnElUoShXKmw6BAetvj/eiCEpVHKH9O/Uv2eKWB9yL9xc9HHlFQyFy5oi1kiD/BuJPXnXfkGfE
rhbdMX4Wg/Q/lXrcRgvXE1+2sy9snAWqZqDIi8YAxotjWgcQl5NZ64tNgpUQXvEjYkMxVNkqw5ZE
iLBrO4z/9hqI3aA/7woTSyyd7kf148gQOXUyqlHB4VJ/zM5Lyx7vIoVhSyCTwhkTDewRWyn+vERe
Jcx26tXdLbU1ROf47a0CAMzklSjhyty0Ko5AV3ka+q7AZgM9j6Le5w4gCQabVVNMD61iF6xd5i3F
VNkOXoon9X4ve/7jyaXIbheqUb0TuYBCZ4FOH8g0Tpb9BshqoJrYrqDADrWF4oGqDmqaL9e3apfW
5zSjcWDKg7p9aM3m11n9IAwzHlS2cBa6UfWl5A1iAGv9yWT7ocLuER7/mGaVx7emLtDeFnn+pamx
uSa0qrzfmnqK5j7L+5emDk/Vo1V+X2g4R/Kc4MFLvK/vmWlEqnxfVLUVj2UPGOvQGqVhNjObHGWU
c6a2fbeb0hNX/rXUXSqiG70/O5bbBCBBb+alN3h2hydH0jOnP8ISq2vbNZpMahEo5G6mHk2Uv8FV
25u9yx+k7uo1da8T7pRW/WhA3SAD4ffB1yMK66YOUp/p/kmBAFB4m6grpG45VlUzrNXPpuSM5RUl
Zg9a6t1QINpAevX6YGSpaW+RZE00wy9V7pvygZrI3dTqXfZuWkrkm7kH4F6lpCGGtshGj78Sc5/y
a0QUVIgdT5kCQQfu3uTAJal3HKek9oaZgnZea0aCXfKSXjzM0Z2zJz/MHXH8YstArJ7wO/0Eqy6P
zcUI+lImyhtHdjU4NvwBcDKfhtnTYCIHQyyI3ufcwzzF/4u1f4oVtgnCRNFlfMu2bdu2bdu2bdu2
bdu2bVvnn5k9e2efTHJuzs3blU53dafersrTSVU/kIz23/WV/0Afh6YuCXRCklSvHAckIvK2tHd6
I801KPQoLKsuRI6HmReqGNc7h9RD3YFNu/kFZYfjFrmDqP6Xp5XkbelA0fiAc7aCzDueExyKyRtE
R9PqlXSKBYLreU/ipTrqoi7/v8ZzKULdNZVUUcVfvOLr4TsFtESgIfAZ+xt4D+BVKpJs9H4WIEEI
yWqfoEKQ+NbADGtVXhEPo2OSRMMCRJw0N4Xjld6108zTgsS8PhSFx0WW664hkT9cLb4foAEOoH2H
g8UMygeOwh4aR6WPhnTSYQeQ01tE4KHIFhvw6VVRSM5EO2p3SHxrX+qWocBa94OxEm+OAOuI44iA
0xVHYk9vd1gj9r22mJ5101wt/hcYy5zCuZ3LwP9Da8+t1VJngBF5swSP8zn/47QtbTXS5oBnh+zF
8f2ub29/v6zp+X2cpP19n/HJ5XCq6Or21nrn1HJ6kPPge+K3s7KTkZ31BwCXlJTc9bzpysjMoOl5
P6yo6bGwsLQ0N2v/B2j/Q4ZtW41ZbHaah26HwxEvZKtRLhPNz/6z/13e6ejg3v9DtBxQfX4/V3ry
fPttB8NgOi6P8p78z/z3aAMfHx/Be/8hqT2Jl6/TLLvZPD6479lsjqe3vj+foa3/wu8s4p7RUySB
XvD1dsfT/cHQeaWKqqrv4wQZRC8MDAwORO+ez9vOyVTa1dXVf4hSS0XlZZbrztrbrCi8U1oK7pwb
XhGt0WqtlkgstvvndSueOhqT3rUf4nAyherm5svhm/fruimO9/Mc7+99bOGwSCvWVmIvJzc7qdv8
qTDkAuov+bGMj/pr6A7177Zt7vt1Te73M6GP93FqzI+Cbe4VQBPD5ierzC/I9e8ncY+sVvr7arOP
923SSaqVbuN+M3Sny63vZVXrrvfrFhzP27894jwCfZPhGxMLi063+/3jLM/v+2EM4gR9FpvT2Xws
Fker1VqjzVZHUnJy7/e17SzX6zaCLNf9eUEMCQnpvw3y/bYxy739z0XP+P48DgZD5rifpqHouuu9
Px6fn5+np6WjuV7v9uyYMQlU8XzfCYKhFpKO3H4+XcbEevm+74fa9nyjFJgG2QLZY3hjcXn+dcOA
DVHVdQdi/o90OeeLRZEoVJ6XZSX/+4cxPL/rhjH/Qma5F4DNNzq/D6jNzwmyPO/fj7MCPn27mUyW
LFabzV4fLsK7LLteiSFd8dUOpzN8PXgG6UMD2hGHb9/Pi7L/LjyFY+JKfnm+nxT6oYWoaGh43O7w
QOGd/PjM9iuVKnS974S2wPCCkHk+rxrfouJPynD5PgI4m5g0vdYbjML/40HA3udFqa1Wm6F0tEW3
63WGaEUEj4WHqpqaHucLROHr/w4OuC+b7ba9/I8/3mckxIb8LBQarfz3iDrYEl34tdfbLQkQm91u
dkJCABZAsPzg8bHxdiLz//xvkWmZmZH3bQZDYOXyqqqo60LqxBdcHo/EYFDoDYVH4B+B4QSJgeTg
D8CF8xL7YQvg86D9Li4u8PzRfgqMnv4QA/vfLWu6UzMzIdCFVOFe/XUAtmCe5DNBPPW+P57NjMxn
J2l6omZw+wcs4OL+hAE9iYmJkZH/xPE8reJ5hXWlc/EfA0n2w9YwYsvxHgGUy0nyS96jHOHHGKLC
F5gnwQPm1aGF/kexvz0cCUjYxsbGOdKhb/7QIvcKsLleM+N/Bop1FbsC7mbbdQeOBHmd5+Hy+WT2
9IFIi+f13BFNQLPb3gzBG9FD5J/GLmROhgQaYGWGf8CBR0VBMUgExxaEDjj87/KV3x+yyL32fytU
ANDEEwS5p18A1yF8hXdl2AnLlwiCFceL4fLX07rzkskjIkPjfwZQgBUHC5jnd6ZA2FBAKDXk57oE
DWsHhG4TOHKwyL0F/L82N6YOAM0f2w/8aRreMU9uCGeAVpAklReEw3cYd0gHiR+iTwi/xB5+kT4n
ILKyshI+Uo4mhNitN8rj72fxFghOXxN2Gvqb/4IAw0AFhEs/Ac2arzDPYwhXkOTpgy7Jju4h8m2P
YoxEYg+EELIAB7ILQjBKBDFGnw8hMWyzr8afaeYFUAMt5FS0E8EprHXv/0BBKgFPUqD8P1R856+B
X1ih+frDfxhk85eTh9KjQwBbR5cCElwCXZYjPy1CTNJD0AUr/C8dwHb0zDzNEAwIkeD3AGAQAnYw
zfJpdUbXgHzDevvgtgpA0CUGhJlCEIMMJOGX+WHlaMyJARIWuHeAzSzuRMcAAOL55lD3+J7hKfA8
z9v+MBe4/IXll++47w5ABQHkkZ2BIASWAeiFnOPU/mGA4tvAr4vcW8DmJpbmzDzQ0P4g6MUR/UX+
UKbsXgATDvfOHCno1ZP4YfHsxDwgMfTLUi1GdDNNPP6tpzMyNXIOqchw1uxQ3LMFlMGS1KRCH8aS
yqjQKlJdYtz4zF2JxLjt2wFIhqFEyx8gKOS3LLhcL00X0qmvYeLVf9vfu2w5lf3Xh3n3hGfgJz9y
YtUX06bbh342vEYeDxkzD+/mTxmkU3GczqdlP3L7c437dZA0nGa+Pi6/SOw56XoxSysfEZIls89x
HiaweBHK+Dse69uqgk4qpYdmW6kKG+fNWRa1yuQRU9a38hHOVQ8YKalqaiak+fplO5ZGHtmn8DoZ
ygg7QiahiVQ1gx6/Dd71XpfSRiGB4FF2L+cuZ7x+KYIS3QUlQiWt5X0UrvdT1ZfqA59dHFr545kT
ibDhvPAPXT49GMBzpg9GPhKP7Ty45hXK9/oPKYHcK2roiEhoWHOrmExJh4UahQWVvdxMDAQX/Rur
0s6n4xpKV2tqqKQkwyJD6s7ago0KMxp6CvHJ6fA1rJaCio4ePCa2FdzxCfB4aDhoaGh56ar61vBa
TSWt+BwKH8S8vBRH/CEMQh0cW5dt7fv8p4aV7JwGDqYxlFIzKiES7v7TjgX7Vyihx8PDxYOZq2Lw
28p5pdsmzqIGpZUBDyiCtAh9oZGDxyMTo5oxH6mbg83C3E2ODtqCmgHuOTtjyJe9ZUmr91XT8igK
DpWGDhgpzqLRkocZnkaMJ8b7o8mGGSkxKhmmJ8bk4WyY7dPyTQR+zo40AYuKKcU6tL/NQXkUWHSR
I2ls27b/2Sk3rm6ZvmOnMJLeKGTzLmr9nIYFjMTPWfPoxvSQ7oKfZu4/KMb7cnNK+Uvu8E6jQuP5
gPCicM1LSqdJWn0gBhvGhZQIZWV5laVlu4SBwHcg7RRAmW9h7j5Sq1bew9i6Xo4tbx8nVaWmdWJd
MKnmrOhRU0i3hkWZuOwqRb+8X8+tEcLm6VBSmLQ2V7kYtlUfpactYNKjqZDiynJpo/xlTr0h3ubc
1UAoU0BEu2RZNtOu3hERDHSCO4taKQ3JIfIdXGbbs0WpQolFCXNZRD5p8cegEMWcBH69n6Y+HpR2
7topz240SEdwJO5DNCHjZNKxoK5QpC17MrY0X5RxTN8Uieb9xUkh112wQSy/EHi/XSvvsg7rWyit
U0dzHJ0BQM8z+AJMeWJ4qgpgbh98C77jFcWpGiibibzxXCX2Nv+5/G178SZJcfuZMCL/BWL00/aK
29RyyJXx6TfaVCL8f+Jm/d/FUuz0HP93VS7H/359TgufTsnE3sDRwNnCzhafTl5AVllOVoSIkZ6J
noHlv0ZIVQWf43+9SsfAyPo/W53/RzXb/ylLgf1/5RbI4jPh0wn8j1wCWwNnE3w6YRNXCyMTRTHB
/98pBsVdJvZYGl9lNabKbfkj1BupxhjEGCRNNBlGU/HrsRiH9ExDwRlMBun0TE/Gg9PYYR6JkNLs
Gjx/bnuevddhNZodnc6fylU1qZXOb3e9tUNHL+/xhxIvgUC4dV4+ZbYhGBWfi42pntewcccB3IBy
c0nLq253g197cbI5XC2ff2N/Pr9vlHDvc7sl83/ZV31Pf2pExb1Sbbi/RHCfbf6hqjtXP3Nx31pt
uzyd72cBin/pVVZ/fEewfxhl7Eo3vx8Ev27bNWJVvH8eNHOKditcN7EQPpJCZ52qn4W9O17Nl+s6
eSsVvNFvfXMfeUPGvbM7XsgrblZbJWG8NeQid1erHQ02YX9DKD9n+39pY368Q393L3dRf2dNgMVn
v1xve0xu1tcH33O4IJA/ac97H38YP3mvAn9tg18vV31bf9gUhwjdkrrIcjDiHsDuE/vmu0i6eO5Q
8mNbESMB9PxJRQNV/HqniM6o75S+EHrAYVSPChTGKzr9owJ0MznhEO/pOpK/gq1dYI8Uz+VkgS+G
fmd6KL8C6lSE7gjd/3Bnnh41Hzbf/zyBwXbBdrntOfP3dQLhAJgAYKcAjPxZj53DAWrp3/QBrGl/
sQgGvCIdmaEwC7qCbsKYpn/CRYeN2RRllY8xh+SGo3OJW+Fyc/743VPQdRPGs2DCPUh3MfmHsKa5
oIKBG/xByMHWAIICHO5V9rHs/1UBnQVxOsIsY2DPfUO1hb5jRzoHmFJ0FmDtu++AcwP8WuQKZova
buos351DrhH+Kl6XloF6pQE89YUfTrxHovJT2aPXAZzDxJ7VgJ/6Q/mv9vvcy92DpQP7isDfox+P
jgrZFEQcw7DDfo6C4SPcA9AixojJjxBW8zWq2g3uFeLMgE/sNVB7YXUCxrnkmHTCa+QeBK4Yq+WJ
RCtYUYYGNe2rdGvsS7oz3fG4Y/5CqYNHHJzFw2KGo8dbn0MpRukEn+FvkeMsIrA03syrnuNp81Uj
oVa6B9YN0V5uxYt6d4IWyMLrXF+9M01Yso3RFnB6yf6zW2ryxuFA+zMckTjnMj3iCfpQR94PwVEH
u0e6DXLx7+yHq+eL7xBHeYVnI+i7R6+E8kTQm7wdkIUP2Kb4RmwQwBCKHD/91FkWl7SkOAhTuLvu
S7d79nGjIhj1O1OJUFIvseszDshvVwzJJugCChnnaeSrBwSdgNTHYo7aht4RboufUwCBKqt+B7kG
YonvjPgT6IEHQXS6eE0kd6T4UehI9xzPM6J/kMr4NyWQOjbKuQkhCzV961SINah+BxEhrqykn+CC
MFeBHQDOpOW/5c7dhBY9UpXRtM/37njKs80Psa7vjMiQayM3Pk7/CrDD/wBCEAizbDagOQHISx6t
upFufGAzxOmaZd7LoqVOcXvmTtbqaHM0SbyQ2HtRXR3l7DBgOoKxUUOZ+o2/CwlbKP9AcI9qgqIX
WKqkM5yHkNw5EWIk2wm6lrEu4nf6e1z0nYQYVu/PQb1BXGMiJ3GkbBZc/NzLoMes3jr8mck0Bc5h
Jr5LxTnik/SjCCu5V+xckYrGqjanyKZic/hXFC9EAF1Oz2+Uji9CnD3prJxMoJVhFTmhjqRVzC7X
aspHCfy+BTKWrBTcFwyuTIhBxVmbWXY7Z3CJfCQ3AQCDzK1murgdJZ7Ut5Ibo1fyXduVplATwZov
Em+byVDSqcmuyIb7SfCtwwZsS7FdpRURLpJ/C80puKwAd4QlMveCS6nKrfrHxRRYRY9f+JRoOCSu
kdQ8ST5/PHmK0ZYxSxlcutsKO6kDKJKQ7SmsbynId7OcPyjd9dvcobdAkrTSWDNKu2Gh2n9HTDYj
Siz3uIkdYbgo7oSxqtbZz52hTqqUSTdf0NiTyt+a511oUvkeblisQt1XnW2cUyajkAMjC/OulGQa
JGTZTGcjo9DuKzbeMTw7SlTw1ggE7BtsNDI2c/KavAlw0n//Ql6ajd4LbCNvC8sXYZGsN/g3SlZx
eSNwjLvC40XEJ8Mz3KtFr6F0TO/E1rIRmxKJ1mlYpqRWmHfajeo+FC42DXtjsgm/waSJxY5fSWDR
7uHsHGfd9mI/3X3qJuTcsHa53blCi4tasnVFWF/R6UXLklsE51gC//WcpONTbga22ZJ0Yah+Vxry
FS207VPSXhH3VSWJS09t2+7rvj/gXoXBIjbSB61l2ZFkT03K5q5y+Ho8Q7CVFHvaDOmV9e0GeWKe
alljh8ROYkPAS2AvsSn57bG/0LwznIjPeYNLAnl5k/CYFLTrJbl+dHqRy2IYUbJAlbaiXtXdtKIT
uFWMBdNmQ7UYp1UpqIJhNNQX8pOxgf4V5uOo+qS8yEHXpXI7MF7FgSR5ZUToGMeC3ewz05aoD5Fy
R1wlNPjUk8xdrOar5WktrvRLaOplLvLrY2B4DqeHzEZ7nW0X8S353gCUdNrwIzjAqVSgJK9u3oPN
0B3u5Bzzj8LzSlXYj6I3jXU9hNkvCQ0lTZmQqiuBvq65nmHSo7Cbh2XCo6kb/GXyo8mbuId6UKs3
NEHEmtwPXzymWQVdhIxITu05cbIQVZlbcVVkrtp63iVKQ/nDrX9n3UtlyYbltvDydDbPYc8S22EK
KXbtssd58YRT7PdAubS3ujulzGeoeTXMg4G7pa/W5AHIQ6Ubthudf3ZrsApg7JNqgNkdiz7LDVIK
4AiAiQP1EJgpnYoeSHI4DgFVu5ycP0tAd4fkmj46swv+Zh/clQMlRtse5rSsAI5b4Zo/e7qPtlvC
nbLQ/ca9x8Pbzwf7Eo/mWAZY+peyAykb8N3dbl+o3wIfewqIC7AvganAeJ9mCWQsUGfELkH5PqsQ
EQeIZnFniHfQ5RRw2Jt4AZe/RURI5+i9p15YjrELwW7aj/gQKYoy0eMswP7PhRvA0EMIEGQcbJuf
dh5DG9waPHVoTYDsHrkKkC7I4ZjTnKM98QOazr8aO7Tan5XKM19uX3Gnz52jkFmOiOBYzwvbBdbn
WnOwL8bnOfkfcTDpX1Y5l4aiAtA0MNp9pP/L/r9d0X2gdixzqMmBrn0ae3RiAfl7smWgLAiaQNWk
tn3b+mgYwc2BPqcFc7fhcvVAG9HYC2AIJs5R73TusJbGtqKzw5Hap2nJwgEmRfs87LumyKRyIxSi
gaZ7ve4NfSTv1DeEwH1SfZ7kGPx4wM3IYaKOehwMf51QOsIzCuBGZBljrvyn+Z9tAGuM1Ar3UL7B
39U2oql7GNRosHCHV5hvJmO/tuQegZinbNSIC5reWW2136vIJXuQ1AEvQC8GvHjAtoFLAdxuQCxQ
FyHkdUBjXkbgrxDwQgZ3hBUYovuga15sfMV2JhCJbMXOcerGKF+4ljxHTcmPGOaj/QbZz7CuFvqE
Ay+WQ17r5Lv848h8qRKwkAlIfgZKEjMgLAW0DkTrMFiCOf62BTTkaEN1opMRsgN2lqzOmL1ihYCM
dvG4xOH4tg+gE7zmxL4d+PG84ecGbFOjdUMxLgJicSc9eKhgkV2FRGuFv0D9jX8PrZMK7jhOqO1R
bma1AbbeqE9A3nF7BhrtCePGSwsUwwiuxAX4Wg1sF6KUovEE68JhULFSsI86g4Iq5Eti7xP1AT4k
myYzKLJoc/be8GuOQ0eTJDgkTIshjSiLPqBaKfXXSin+jRF0AULlIA8297AqRL7AM8Wq9oYgZSHa
sKgCcvujCF7vB9s8vLMAidoGCE8ijqKadP7FJJVOg8gXbkYB5l3WfS8waiR5R9kkMKrREV8EcQqz
snuF15WcyuuCPqo/PZZQRgrCggbRWgkAMUaUKB/1YRqV5wHWZhgjmNe8XKoPkdZUEAqkT21QvpRr
EQAHfZXyGfLPUi1CPPFSymqYfhKt5s0DTyYnmXYIuiEaX4S+MZSCbyxFqksL+tSBLmXRKCstgz+d
KfN0Bxw7pO2C77pvZIQIHS5z8wqFJZ44vRrVa2vytg8EP6qmyGw7+vA6ydFM1Kk88bP0m8wejVOj
UKVPkdRLylpkJ1v+swmKL739lcGAm0gCOYw5YOPcTeeRFaOOvaMUHkaxwXtSgE6Eh0lg6T7kBDZ2
txEvabosdSSq4/+m687tN7ykGLn4f9NMct7LDfNYpH1VPKY7lbJKRQOpgH8Xn5suBC+dRbfayBX/
3MajhmlH7Qr2GgOBigZlRshmlG5SWgQmaw7IFAQ9mL8RN8u9cX/RlyquXRHzCjON5AjeKkteC7zj
PMt+IvUjTauJYrpqcE7flR4k2WY3pNUq+S688dyX0pEbWJrjLiyOj8199lPLBySIZsALyczGtPqG
r613kRURv2ppdd32SkYNne90AtaZe6ZRgtiW1Dopw4E/j2otlqGCxlwyLkzdr1sh4NDd2s3EJZZC
2SMkMeqpbAt8jffL3Osw2NzE+YdSNTqCwxhmArMQ6UjtYDxynvHLdNo5QqgPuELLPC+3QHHltmLk
/nUnuIL4YbwT3VA2MI8nvcYkgta8sX9UnOrLsb0WfySflaubauzHxK9omHm2VXaB0UnLMW+37Mj4
GVdA0kyqo/4SXVudzq+bvBpp6ChanJVcF3SEFb1zVElqjTRP+azbkw8n3BEcxDd/czeyFjP0hSqG
Vk/hCcTBpZzcmbgGy0790Ur/i3r8aH84SLfL+9Z8rwsUnlEC17XfVj6eJr827kFsaCPfXuCp7E13
rDK8HtFbCu081JL3YHDokSSctCXRprxZR0caoMKTkImAT5Er1BUTTqErUBOGJuebJCfMTf5Ddie8
okQUKSvaj6xQFFleidSbDD1vShFy5jGsVUkAlKG1WAHTyvHSdlE7q3sPzzR1oEL0XRn1yjCupGX7
E69s6xXzsJpLDIWpibtPfYp0J7cL46NaebB94ASk7B/PApMFGX2SHezix8ZvQLZHkReRDQYDKMvA
snejV/uGxoDQVWEWexMEdl6zB8/WvxXQFkN2ZWmBJtHue2Az+BcX5RNRdryHaoL4Q2XoweZ+5SG4
C7Ur++en704GyDSf/QaWDYMNELjf963SiDAFagfcNbExDzY/zR34oyL6DbgBwYHCco51nnlLoAs3
xwpHQFFctiOoI4aljfQRV5+LG8cfNTfnR3opp111DyDBTzQH9O4/243AD6ePHg9xDZgahDXAvw/r
jaUNbdkARo5yLWobSLLPc4olKMSCfSKXTIfsU396T7yj9g2iqJ8r4ioidCPhTFjqSmPU+AAv16HP
rpD9J+Wcl62uAKu4j6ILWQ5299jqP7HPxy9mj3zMh/cOtwxNUBA7D2JNOc3/NuFlj5Q9Bka0duCU
jeXjn0yRegR2XLYrOM0Pl/lXiFjv8RrrjYh31jktGdGR2yCI91FGp9wd+6nBgBoZ1vd0KuABMfh1
WEfJqM/UjBQRBqSPtIjzMACVULPuQowxUs6vHPxqzGVE/JmAFe20rj9CVQgPt+xGGHcgR428k/G+
1BsSQcTWlRIofVl/lm2O/jO4ltM1BqKcHYRmFOTuN6RVr8DP6o2SBSwYDrYF9yIoavRHGKUAETda
c87oTb0CdRXjZwh3kBPBuw1aSAdJiTSOc/zvB5Az2NKqYl+vtAc2XWc4zrkNrdaIWzfonWJrwE34
EqG6fLloZ4KIn4IzkBvYWkQtUUZf7BkGVEhGHQMlTHEdxRKAF+ZOJqcsM5yaU0CfSOn8B5EtZWZO
uTZ/7F4Pq/o7bxpsSsEVg2t2QWJdZn7OR4RbnH2VS7ZRqbkDX5oWoa8WOyrPDGGf99ffZEAYyABm
n4wwTSZsC3FrI+AcenHiloj52CQg3laMBg0a0boEDcJXIvZeDWKsHHsaSSHdICpf+3n1EkngcCl2
7tBpO7edcoJm4sJZljbBl3y94poWruqwnAMbErZs1d6wPoJzDFTAyZwiLWj+Gd4WHVXI7wwWCfz9
iUSRd8Y54ZuU2kBLysDCSkDtQniF5EBUI7ihg13+deEzloumbz+bKKeGHR1uPI1iruxOflfJh9a6
ImJNWPlG35RyU0jWtKQQnDmBowYd0qyRcATTmI1L/gHAa9pXIXM8NpBjcvd7ZxB2UoxQeDnfkiQp
nKviVxXuZLWyLAu/QmCJ0D3hOngVI6EivYBp2E6eZoGLUdPCFmsy0r5nir2mM4Vc2A0uVDii08y+
pVz1DSUhSvXS5Zy9QXwPaI82tzxPhMTR9UfKNBuEOTmyVrIXs3YqdxzfKKdUPtdyUCYNhUuazFpH
ZQVwiggFU2s/Opigcz3fJGMhtPaUSYRN+qxaXaa5eXIb95f4xvA2AlmqLEOswPtC5knTun7ayFe8
OhWnOd28rHt2MQunOryZGzFPOVRda8KusrDarvniEneACSjWKndLM5j5kjSMvQhdyKScoCGswiad
iYr9/r9QM2JGzf31vKmfsgCb761SnCO8VSF5YzldrKkvN2BWDumF95jv2e6DxqeEdJwPysSch/PT
TnqjNaY2orWjdmavE0LASsh+X+ugMzw1/ws4QxQnkhUIrcCVOKo5WBhnQgbeFuGx9G0wrkdrpdO4
e0Y5ePjsUvvPOtU3uArpdinPVYbol1m4S1bRD4u1i6I0rWFdh+Z7CfmYl8YEqNmhg1Imn+O20tda
3ugbgMmmNyUevXXyU6uQsbQ/NU+Y+A6aRk712PlfXkKiIqFzt9yN3h4DOecNnrelvOkm27eMvBdc
njpG88ZRcbJpSxkN3853lxmK1+rh6zd8VXVzW061Cv21T8WthdGiFyZu8LFpOTVMQRij7VbAfWsG
l5EaR2GjanEjQsUGl9NfJGb8kvIm66kok8mQHgHUE3i8+3jpN4JxVfzURxO5TTmlHx0Ph7Pwr5ep
HPp+FHxpyM8B1ogM7N3FF36fyZ36vNLT4kLXflrFcEeNfcaLqLG9QlGR2vLIoXIbq6mAk9gmxFom
aoWHg0Oc1GbKjow0jc4mOtpChTceC5Gh+IfCZV4436TdfBWRbvKfPnPCCIpC4PT4EwqPyFlRp0p2
vGUhT8rCJCvDQwqXc4/RUpUiEG5HqBpPA0tnn3JdtP8h2hp0nFbSekNrl1rydt1t2/dRhdbVWnLb
2z+s3GZesO9RruEj4CUPMo8b/5zuLX/Id1CAfeh6GngoPBA8YJ8GaXNi+9BswLQA21LIh4CuEbuF
1HgxhYCZUN3zW0Rv9xgPgA4YDBu4/LCCHh2jjIh1crnGffZegr8C9nh33YRrOSHLXCB2MJAHTyC6
n5xeej/Gyue1FI9+53dmYnBao5F52nlB2tCxAKZ0tXG7eOVvnBwAGsXmAdmhi040YcbADLGEufiw
V3tPLM8FliSOYJ7n43+9CMq/WA4UFzXjoCv9Jrk40KC396T+oP1a+DjfOMf9OfAQp4NwBQL77tU8
1cBZ4zn1fYf18I/YnFMRC2/2FYb0t8F+54CGHI793f6TQmebSx+U1tVWOFajZ+6XIS3DBniUu3K/
5eXgeQIW3ZT3UMlTW8AW+Zb54MpwMOB5/GYFPOEQs6G9Bk77afa8H8gb4HcmOOesxAFSD2ZZRpEv
73DNQbuyrkOD02bmJLKbXo95+3rabetvxAcZhP9KsH9B+FJv5RlAVfFv3KUMsBZxAPa9jUHqsXID
qkMF4XEd8SgEPotEr3ErBbwUCM6xngm2sLwiV5yK7v3q1yLfjNl5ZfaSNCWZ28LfO4qHerNSlDzb
BNDFt3jWhle+FfX4JnRNLUdYjOFfI98QMqJ9nt2+W/fZxQn0HuTN8Tf92fCr5km9KWzHQg/yKgLc
GRYieWSPEeXar4yhGqMWhWTKiD+NvAM7TS30WRe0vvvggT+ktneEjTJmdKHcgnsuuGiYIEhSUKfF
OAIsq1MjgV8Nicq568lcMy/BeEaKKlbKIfake/rP4EWcCV+SoQvXILKTQ/EIJUpmvm8mX75FS7f1
zWwbMKc0Buhfo4rSyPXup32yqNB8X2VTZuGvoAqP79ofJyuGOVu57rPZ+2FBeoaBXRHfo5obtQ5q
j5lfSTjjDEFZCf03idGl3Ur8kLoRr0/e0FyTs01DofgqDDf4RJ5gukIaDimtIsojnLh8HaxIVttF
L2QruHRo/MiqqNjzHyfOVCoudrXx7LF5MrHAeIvWHJcKRp69bNEIT9Uc7RqIf2EicthHn5Ogz5ys
mSb4BikDxDZlNiXSyX5qO0ky8bWsq48BPHpeqoxTCCc6hFelMFDjqEIrEhffql4rtdBWLVAyR1S+
Nm4jseKjcArcAWaM1Sh4Bz+usUqAOIjNK54N6kDVUpTGcwd3J8e+hwqpVQrCUcvKaSeWtWM7FXlE
GUWBM8kv5GYS9lMeTzZFEHhN2HaK328uBz5DMHCau6DHIkHAKiCrb/FJn2f0FasX2/y1opBebOB7
3IN9gThVvkX9QPbmWtjwlTuD7ciNSiVuMWIjb8XrMJiM60xkRp8yU//lVKRdtDp68lfX1HHyxkcx
mz/gkxsk6xqimpGiP1E7iLwBr2p6rRKPH06zHeg1aj8JFWuvjnwjnBhzUUtaJ2/rU+CzTp1plc7b
ihSeMHBJUjSjRtBV2l+RfPi0kLcrZpVR1AsAnrWI2YgJcl5yhVJHJqLvFCQhgoMUh9FMOoLBQPLp
eo84jgGucir3XecoyNI0vwl0VRLdGDXou/h9gXnnfjb8QHpoK13RP/loji/o0et5jTxEe1VyHVkX
vRf3nXqXWdFLEvrCeRtiYmmgfmrlM1FybqI+M3HSW1SmREZMztZ7GFFl9UHrHGaqpBlAuOAMKsJI
1CatCwrlXLHqWqqfgIUniTZwpX6aZx/fTkEzc2ybBZMB57O3KSPe09jGUdJDxL5dlqUvHeqlj6Tm
QFoNsYKuEcfGUkBBSlzmeONTs3ooy8p5tSXDkPw761g+e+GZMZSD4R3DPreI8mM08/xEwppJ4o4i
L/qIOsPsyygpUxvVbZjsvhkRvXK6g9EY2/+6MLkMaEW7gIOZE6rBMKK+GUI1Nt1y8PJUlb8WLSPX
SqSMWj4BOcmNoJ2ZobpB7OrZOA9lKgB+1Iu3Ph/+fjMOm5fhDf4H/XMNVWoWsvJhmcE3dPuZCuE0
GPbO69i3BQV1eQKHvQEKx3KXPRKCI7OCoBQ1vPqloL5gMpZ/DjOStS3Q8JNFJ4l1h7tjaKRr+X2Q
eGUil+hsUji6PJ79D4uFrrGRMPETkaOYMGgX26O6EBgJ/qT8XSger6X2sOBc09nXJJoZf1S+Q3mD
Q1UBpRzrmlHFBsL9oraGttUlukuTKCYfEWylO2orMVnHa69KnKLCK82P1kYyqLC76+1OdaRmLsDs
50MElvXjSUoOAigUyEC+la+POrD182nKYv12jm7kXsTPVyOa+uUM7e8OUJnoN5Tm6SyN9Z3Iz9dD
IPXjaYoc8/4szf4Xw883Y2D3PxE7YT1Pb9de5+eDBBzIf6gbQBw6+xAmpDCAyx8LEyJwX/Oc4jyw
buBFn696cy55NtEqwUoe+wmSB/zmgP6a81rFmcz4XmpHzJG7cZU7JlZ4bH0HGu7qSJM6/2EhF1GB
s4Hhj6ot2VtBAagF7OvxML/X1/aFi3lur47aHzewa4DvwHSf7x7rHeS435PgpgDhOM8c6DnWpJ68
natsBOkAL7JhmN84IleuVwhruuqCQ72xJ95ieEiHC3Qn3FiObEGzsUWOmKCCBCVnH+Icow7nOmT3
IXbQRh8dHdrOv2afSxhwDR/TGKwbQit0tB9v3A09YLkRkt2fe98REvEmf13E1EDQB7sFr8u4d9Zu
mG09rF7WMOCqgj5hez+D7lZI54lEqvY+BOUpXpV8asv/WfQEIGZawKZfb9yHGS9SwGleQZzHE5on
tKd/05CSEixuSLRpKBwie7808eGdeUSukg+hCk+yj6RXs3ma+rHypzw/4HMKh/BSUO+Be1/1ye9d
dJKetfUQ0BMxDwjgnMabVj7id3AtQJEapw8iZpQVEaQRBY6g8d79G5ohD1OImlDiFZEjCnuMpxhV
CbEkzrbw9ZyOceQZQMrslatvmQApV59xO2hYbV3RLjgZBfpBJ8kN/rY2uv9Mcc3f9Z2zEpI9NK9s
N0gIAoMmbBdB6MJbWeo7n+xgaiLkWeiSZyXlDol43uYDjXjmfSfd8cTWFGmKaRgqcH0oFWuwKRA0
tuCQYxDytiwRpRB096OR9EEPlGJSGLLOkfdDIx+AV764HwJVviBQPLzYE2JyH3BZZ8DYGXRH0T4A
oqwPCvgc8LtpsCLQaFohQdwxhocus0wSifFQeUivcI99XHNuo52UjOSDmANtTQVW6q4kKyXCsXo/
2bOWsGRymo96IbDpPY3E9J7nL2kYtMYEkUQlPFaDIiPApAkwkWpY5LV8eXIN0jdtFrkVSTZ1othH
pMkkSkVueO0EY5Q10fQfN3qCrzK3Y20SnqJu5FmymUrcopwlPYzOusKaZJaui6A9PwfE4z9acjGB
KFC8ZKfvbUrZDjwOIu3Sb7QvasbywgmCQj4Vow+zYSblPGFH28DOuGnCjArAlaUSNWYqaUWP1lab
e9QRPk474Q7LPl7G3/rT4oGkBTE4LC7kiuiWUpSVno7TT7f6ZKtlv6AuByMYaMOjWazscyCJ7AIc
X8HGofpMyvhUTF9GKOOB0dfCM8eih5TrJsLhZaklyQ1afhPPyk40+zFWbSZKezXj8Fpyc5NBZqEY
DzPTVIvYkopzlf0yfRWZUu9iE3rBSb+2aFHNqTf103xPUHMOfxkV5/pvqWsl7qbRed0T9St218rK
wU8NbzEd7G2xX00lC+AWk02P1hTAtufB+FYCH+guwaWi51IEA4WIIqCyUK8mxOmya5yorMCaWJQW
yExs8LBLFhRYGE5+pmGDsULmMeyRd8maIYbY7mKdM/YZurUTjpfAFM8gJ6C3Xfw4/eT4BfSHrtqm
ClZGgvs8/6qEPkEyMJjoThQcm4lY3gxmvnaR6ZnrwvgJ2vqPPoO6HUgXkVHeW9HqDIfqLqbWzfZZ
Hug6Nl97OrLa9MptN4t+ZybZqWhIdPg1GXcWerrbXGW8ZFy9osYsnwe65ycaJCTSDJcBeUOBdd2t
zOL59ND53YnL46SDISVBx1D21zLUNBDhykXSFbgGZS8E74ySqDQC/innutx1o46TF8UC1To3gL5p
z/GuOJt/tVJokUI2CRdBxj6Cgot+lWJhombRrN4QVxkYphcov9xPNTlO0hOcOF1shZRecpUMlTqz
FdtXDFJOe2mw9sAeBTBrQ7FfpAmV9Vi9exO7BnzeVRRe7WNusb9E3j6Ak9kt4GjGEFrrcijTJ7/2
03TDJ35cZsixC9/R6urEjC1R3VrNS5+UnfXteUbS02unNNuwaw2ou817R7QpzHNTUsdpsNRfZB06
G7Gj3eUaKGcVKApUVLaL9ssXkWrPveYOJfGQcbjqGRTkcb+KHJrP9KayJzYVPK1GKqmNeVUFl8W2
1V1KLg79Ze0uK3o2PkjQLF6ExRFklmYjN3K5GmyLWPGdxb6qvzJzN6HAJ0GM2jW9zb2QaP6muvDa
4JseQ/sJ+pTw4HmAWkFX8ej2gN7AG0C7Q5YLhuMStWPT84SnULUhL9iy6vsrkbnGVsNlX8I7giGn
F99782uv7qthOw4/BNX9el6Tw0wSEr9uE16UfYXIuLd11LDuoXvh6ed3SrQAjPC5e+HrIc3AfYNx
8WS+RIXAnJN2wteDmp8xEOh091gI2Aq3bISh8U7foiDiTL5Ehgh+XXvh48Z+T1gIVyFJ36LCQe/B
e+H9xQL/zQX0BezwyLhn81PVDD3PR+VHWYR4AZ4jOiuQuXdjRvMMgxHTG7o4Br0G6A5ROeCKF58V
xRZ8pfItczfv0ZV46wea4UJngV2v2jh711rTG4wjnlvKgyqj5s1x5tbRW8DbuH2j9SQa+94dITku
2etCj+PcP9unc87d64IYPfa9M2RqhdoQ/R0c++iJsj5k63NbSMzef6ONVSz72RUh5cPIs/Wd5n7y
QkMC2Rq3XANfIOhza8j8On2jzZyQ/NkdsXym8MxtQ/sJ3AVATgfzgdQevmQAPB6YNcQQR+PGworx
GdUzbKOga4CbMyRL2LpH2ha8BFAoLr7AG0b7ES7F6tgyRCKv0HiVGiR7Fm+T+s7lW3oSxZy8fpNJ
ijPhU+secIoQ9B+oCnf0S8GQdAaSeXcwpGROskckSxAa9kwcbhLH0xCZKY4+pnjlrSl27Gj7Bris
bEysKPq6umtYe4dMBRwciB5EwJ81cHhjl6jgv5VJkEEh/cKl2A3/VCNN0vx0y4fDkKUDo00SeVa1
B+II64V9Ik+fK2S1hNgLsyuA+S5hjvvthwDl+E6bVpaQOiWqUsVFEm4Mg9YYVAnco5Yb5jVoMSoU
Jpp08kvWGFHZZYn0tDUWyL3MP5Y/sezs2weDmEcCgRug9CzaJyIu4oNMuUf3rakH2BntI8oWJKYP
Com7aLAOKJe314gn6ST2IKZGVqv8J6zEPm8fIdRBtEqb+JIoIttRneesuI0/Ir5R+Cy+IvDxEHil
WYNYHWnck9i1r9gackwxbPQl0SvYtS6kiINIWC+hpU8SiLKYMcxjUPoMyidcnJgC4RUl0ni1qJCt
qVvmSUehpj+au/gUiTRA6GF3wnhmWyLGwrOb/1qRVqK3FLuSTXtd5lc5VFkboagsIV9QLp4CWYP2
otoSvBX+WgFGxDaCuuKKjUCn4kNIZq/rAvtXKly6S/EvuREzjVqydB5blS41zXwrXTpyqXN/P6gS
15O5MIZU44/hN7s2A2EC3QDd5B9NYzouaHMtLkGH6TpQFvEcjNfBgOKmPWpECirGbpFV8Vf0wLtK
xtR6bmXiDiOu/ur4Woag8B9lasbqpMLJp7+5DNvKlf9WKVxmZz9oKwUnY7lesZTfyjarQcJDQYmd
aRR/i4vDAppT374WC01yMAtkAkXKKnVxGOOCZmwopZh6mD5Uil01V3hS5euqnHNBJuysAVrlHegd
ct+8dlPHsV6LTCtfS4ynjviWv1noRcEAAZGMg4G5sjo+7iuDQ2dGU5HGxiq3mPqD1RamWdam9Q3G
GAqzstecAxpOETCOXQOzTqpSoN2Sjctposyn/RmIL9YPqFmSftZBXDg35Bw722G1or4mqkYlFvw9
/aPZ/lz+YjlwgRNN97nHgsXqEsNRouqW7fDsTC0kUtevNeBGV7vf8kp670hGwyOAbzbOFoJ+nNRI
F8hzrJUMN3Q7Xpu/KRDV0S0DE/APtNg7/bngN6FF+odwoG6Kfkd6vWYfp3r6OVPYuihpxKBscCjJ
D84Sy7XVY87xFSzzicvscPgxs0QEkWUAWZ9v4EvvG51300vPG/YAmFTPW8TRQMoF+Qksb2puv11z
SQmc8V8rj2wffizURkICORZCJ8GRv6do+t/tAESo36S3EcbteXzLgm34fuPYWG649eRFHibuD6eb
961RWsfG6iKDw9DTr6279RztfQKql4gABsc2b3s+T4o5nyZ9xu55PRq2kS3HKqrhoKeZrgFHG4Og
nrvgL42ibnJJSWG0r1WZm7OMgx4fXffi9k36Bea64KVs9BSlwGIqSTN5ymkKmQytFPVXxmOnSd7o
I7rICbKlVnSNIyxN9ESVtlhedIaCR4JE+IeKCMTm8GvdJGKPi0XlqRSStl2lxIn529KlQ6eGw9+y
ONBB8H3mTmtChJQVuHB6otOV5JFsyeQVU7esnL6QxG/T86Vq0NSYya3N9s5nxR4A86PhvOP4aFYo
bCBigPYzXTkst3+IUNMB2jrmOekqjB1YWAI4BA53GokERuFpcjKuRi26hFoRh2e2H8ZRVloDcP3Z
q+mg9HenVVV7uvupBVmGOKS394YUZ1khDicA5rCUCJlgkTvUgsy8NR/JB/QNuJyhy7zYu941LXYM
zGBYv9GEkjDBd0RK/Ia4HW08pSDgiLInZafgHAP66mh3xI6/143J4K9w8ZW/O/LFw3MydiHnO7Ij
TU93IdknQOxhizBff0T3TTo0LQCnkYo93T2vK7Zu2L0D3DdmVgCfgOI4+LCsMQ+WoK3wUIe7JVqn
VEPkb7TKhY20mLYdL238/t6NTvBbRFqt1eHasdscSEUG7P3GydCHCspRw8u44q65X5g9zx3DKzwH
BPX9niZfKMi7s3LMMAJQM9BX0nqwbTHIsb30UKoScD2otpcniK2C9hHewNz5lDoaw8R3XX6EtZ0e
vqZYizPRNm1nj1ncM49fZp3kgdGs8vVAVr1Sd9Mv7IEJfnq8vlxAmDCorABNeJE7JmOy9IjfEOQj
gW+MpYANGfe1oSfOA1pbQl/QtJplut8E3GdIoOuyq1S3uLBcCx/i3hGcy5m4LqNStz93/M6JViU2
6bv8BFGPMRP/2R18KsDPhK+xFn0i9zlZPhU51geaY4KmAIG7FGcSZZHqfcqywisOUSETMX5VKR05
F+TkR8+LXchZuvoUiINdqpOwBDfQOI/cKZLjruCIukL3XdFlRbuaCQHNiRzw6Dzqr/c+Q87QHgBt
ftkj3ZDgJ5dQwcM3rzSsb7ACI5QFwVNkCSjKNZFrYHHQfgt/aTftP4RrlmZkOlTYRu9E4whNTtTP
DzlV7Ep6e5oeL5WTRAPQlUydxZ4Ur4zbQar8cAyCbihXU9V/e4KopzHiQHMGU8Id5wqvkeZACWTn
NJ1ycyimEU8gcSIUh02JcYfWtcoqYzEHvpi4Er6SsOphk6lSZxw1kbaNDg5JKkEnTks9mTmRfFC5
VyWTeCq6BoHPpO0y6XQ+EBHBO8V4BUqDOowkifiME//qWQtDGimGtRwirxn4ApCmooKLSJK/E5/d
KMrKlYcaCf92/sQ/HE4S9JMaoywTnpI5dXkoditmlqkl/UrxSnl02WfXi8Grch1sW7Aq39wglvKD
tM1coNrp2nR28DwoFqrYjhQnuF+4HAOYBZJm/SiQzFvDC0/SWRVTa+Et36rYqHw6PZWKL8N56d8D
S4MAw8+rnDB2R9kwukl1R6WX9gGkEqjuXfV9XqQ3OI482RVd99qBc6nDYsgSrD1iH+yc67y7KCD8
Ku3TMStmI6VKd6Z1TxoBmtCVZuDUKdIq1EA4WfoscMF1ofidaYJMt1LR+Z3mxq2PNKSEBkv9tVZx
M2pmEvc9Ropbsm40ZaxY4LHD1JcP9eEYBXFwtoFklOGgb+NslPlgdqW3V5fB+8quWsJpgnbKe0y3
KH9LudAQK/Kf14RerbywTApgAPVkjoYCBU1BRUODFCRMdd/5Iqaqm4HHKdtKuGpG+gTTRJfXUq/i
OOeKIv5zAhjn2t+sJxRVa/EY+H0xGCsixgm/6NTwhe/eUSSENlAxGSeiJuJBf4sEspTQ/g+FkU5I
gbaiXpAGVL3n3HmX1TmGpsKsrd9InIxmsudAK1NXNa6T3b1Ap9aIL8U1lnufboQr+ODhrfojgdR3
YW9z+bN3zkOh+Zh3jubZbe5f0qbBbwoC6fcBR0KDWuYJT3KFmkk43ox27T6yYPFJBrJgWMnTsB1o
OElfXKbpX9oTz0ens7plMw6oIkOewMTl9Izd7M+QVqyLsHui1rQLMkgfiCzfrHaERW7gfEdBWNPh
R6+wUbNnE7+Q3Ql2olmYrfiL1BlovYQOsZ7tXoopI2SuXeOe+ulw83FdKzfRBY4iIztRvbmbnEzE
r/aN8m05h85umBInRLBjPrv3tQzNdKHOb5xBQ8fSJjmDIj3VbT32WF5kAxru6e5IdVUQSC/hUrQU
+7DCYxExZOfm/PUqlTHyqLkM0bFU1jsE6c7Z5nDX6ugrDULHL0RFyYDmGwkPk8FuWIoirU7NRou4
qS42V3vIKlJ5sR+cwYzmhRSFlsTek0x5l9AJJ5/aUFCfHZ5KHkN8WcWfLma6WwuYwmwcvzrTYluV
wSdNgXziCe2uHVYqD12du3DxvhdFZLctInPxl9ISK02UE78JaotrPV46L6srm5q+fbb91m7Td6h2
LDuWgf6hAM9CdF1QXQLYfhmIuGgh6HXzR9bFpG7BGjHcek9PDs2xjQ+sBbVIj2ks60pdqvKxqBkv
EWSDNrbwuiTONYkJIsptpmE9DUlvUhO/3+RIApAbtttJiJi99i3R4veYLtlhcj/wB96HWbvtBWOy
Pge2HMOEp2Ofy969dqgCu/8GsP8K9Tm0JbL8J+oPSHsHfaSTL9htu5yKN+ZdVSqfst2OTkF9j+q0
5+V116KLOYuA3XfC9xEQuZdFoIzf9YsfsjSifUunEuLBI3lgxAyvyvMsLBybcQL/jJc+JNXraiMk
hTwhg68rvDP6RO5zLWx6qzUnSzfFHXfKy65ZXfBzrjyFeYP35dDpjDBMUf7iI82ndYMa834GvMVc
xxr0q/oFQgcElgNU41IUoxr66bOdI18joQyjHcFYq4UO4jkJaUAuaDxoygs7ftIOHh2rQOlth2xa
75FGlKF1qTRS/5LOgY7YTcPoyakk+Ve187uQCneLLcsLghJ/QaqR36d4SiAL4pyfDqMbo/oEsEdc
ve9I0KwEPCQereNYA4k4jYFgLEObBNuD4JTtkX5K/tUjO0q9s13rleSkH91qevi9dqqVbpMef7ha
CRO6lUT3SsuAF56TLXvrV+bZ24A4vfNe/muO68sqTTCTZs6JcjOoXYoq97m25NXzh0q9J5M8HmSJ
1ubQfg7cMOPvsHStN6lARkrmcjRJC964nYkkVehoi9EkwFXlt/By+qLcop/KyOoXNAV/gn+f3Tb8
BW1rEFWFzNp4sCbQJO/fqHiXGaB8hbRBhYVHhuyM6ISilQqNAP9Xlezn5CUSXxC1TPs5NTleG4XG
1UqV6pB0tFwpkyiyG5WZtngEyvOS4Vj+WAiPWCVQJU8ICyL2DqkGnUyOTV3rzwaZF1VW0CZSM5wW
DsYwmnEhc4i1DT3gdhsoTFhCwkYCpeJj/K9i7V6FVyFU04yiyBguW8JS3pfAtiNVgVu8bt6scjxQ
b9TEUk4l5D1aGy4XcS8FXAgVNnlM6K2D2oNGcdgm4S8WJjV4qi6p/LibMFiPWKcwnUYbP6tIWXJt
Ko0yrTIlMqyS+shbJSLzn2uVX0UeJ565nFXtqNllnVVe6R9zxLP1QWL/bGh1Zd4iUmaBvN4FzYz6
+X/2nwkjm+jOFCLH38r/CAybtNFE65DxFeUauDukW/ZFOaE0u/icolSOegn/DP7M9W2hENOyPof/
ln7bScdg2LDfRkb6q7uQ5Bcd3cRnrXdKmFskMHd50TRpuSDKrrm2/ISsu0eiJVAs6kaBD9FV9gDm
3OdTDgNaVSBafgkAcFJAQlmXqF4IBetNCLssDPq0NL3yymwBpByCckqySbOoNLEzttFPcZEZZHDq
2ufJAK6RsoGLgiHQL281zXeNtEFPLNYxxAqbfkGq/TBviLXjisZZeWn1Idi92A1rv/D9vCBAWjcK
XSXYY09ooGzuG9S3RAo1JwOrhtBCIodQDHGD0DD7XcrFWNnm3EDIal9jncvIWKF5thROO0X0Ej6+
3KwtPU1gbF5f5lSMs31EoiVbnXUmaATpw4FH40gYBHYVzj2Sg6WOYoS8BdkoJJWaNlVq5scwgozJ
LdKytMFLwkZG3kaGCv3FYOR8tXX+qjdcyyiGetV8y7lWmO14EIfSOj4LLu5USN1D3DQcol5C6jR4
+w62AvntOlEbpExsbpUxLyyqjkOCme7dV4jgESmuoX4IaPYQF1DsqVQxnype+4QyaEoqy4y6lpZ0
WOeLtal4Td9AGFp0nugrJPUcdGodwX5LTU7uBF4qW7WDssqKOGIb+jT7F2HOd8CIYDeEa2aq6HLw
kRH0gTQoZ4KLLH6N0zR8yCmmuCq/wWkmzZq/i5aQzTNrHoOdfVRfHfEZ/zSbi8FE92Z9raWWZfql
JHXoeZpjMyqnnvdndzFq3Nm/G4nn0WBOmYH3UW5O27Eq176qUFP4GEm7uFboiopEjYyjkU2DjebT
4g7oxmNq4iRpEK2z7J29eqG5Imioee67aihXT9DbaOxv5EeoqHlqK90pn5rhynliO7XYbYCr8RGf
KnDBQ+XKBhulpe0T0YnTVvIJexPZpfkT6otWV3GQHvquwMIRKAEpP8PeQG2gMcNjIWR4t6l9Elo8
22LmDJ74tZwCsqnouuzTViMFVbGHl3DUsU1PduvzWahq1G2ScYV59r5+TVYDl2Zne2rx1AMjtSOi
e6+pZBf/1k3UjC4SEOAstQzWWxCX7xIemRdNO/C7vyf2R7LHqNXguTpTO4LrsBFo4042AnsALljt
FrGFqDatRgLkmOQT/wzbMv4i/pu9e55RxPhQ94XIIqTuEMInU3jRfduMMHOWU7a0wPmX8wHiTPwe
8xt8Kxb4vrOQt+4ZOvRvwm5a6Roga3Z3KKkDNdDsXWLEICHjvPot/CwB9slHAnOkLS4Bsvyutu0f
S94rtVqLPqGPRiaN9VnkibPdM5kdNQ/mkLvcRUs6kLpw3xgiAUIf4lUE8b2d/lZ9X7ovu0DEuqm7
Xavi/gCfA06Ix7D8CMwCyGI13Rn/Y8ZHlDGKy3Cv+mrU7uEo8tC7GPeXsleGWi9mjSC8ckNcXqjb
8c0h2lEPAGQfHC8m+xSff11QIgbVL8RFPzURUAOcNedCmCQCeTjZtXuBv/XxaWTysRYJLW2R6eWY
o9k5YpTGZhKeAR+ZnIn0rbkJLtaBRwkuDfmbzCIv6my5+8QzcdmDLyPRhAc/R1PmNoDjtNYjI/Ni
3g25MZJXzOSATiDvsqBlMX1W6QZUoXLfiY9e9lQaRZbD0bvXyxlxX7pAamwjirVUmPCCUPzJbR0m
ofWFi7lrVOhH7bnJYU8K7CuY3r/jJroPTv0a/xOuftXA02/UeZYBgV8QZMTRp7nDo2A3dCIXneaA
DGL6SLX66uEJG0MzKjTJXYhEaDCNoHizjbr8EDfsmN9j500fzR917y0u6bKkflCBUMDF4UmDQZbA
f/pp9nn5KOQorJCeQWfCpgPc7CLMIvaQN+SnUCPvYg9gBlacKViU3YTodBdUlrQZZDiknWWExmHD
RNBHyAvanSuF3VQMnLNValIhDgubN4xFbym/Ndxd+o0VGYbuJ1SwZ6dBFtmJT0o6tAFboCkOQx1c
9xS3dpBhv1QWZBay0I9qNSrPFBc6FcrkKTops4lgE3cT0JUVkjXX5QlKMklxrbarwxSY2TQu6Y3k
t/kBSitlb4wsSnFUyiC1C9g1lyQ95epAvAm8itUBiibphnjPMqll7v7OyTfKlPUbj+ImUov7b8Nr
T1wUqpXKgzqTIpUei0eVKpf8LsmfGZ/JDmGtikwE7epx5lucfVi055JHVzJuzzaMyAKMQ8eDPam4
o0krjiMcOBAyaswX5uc1iKsWByqT2DqYlaq2Sy9DTMqwO7aP2ZeFuQbLlyWfv4WrmR6fd426myeh
CZdhnWOj8EpUQhkPLTDMgKVICFXAs2DX0vBgO9DcCQ7Tk6A/SsuzqyuGVbyVFhDXoGzmnqCwAXAW
puCyIp8WmUBu+XXNGwF+SI43C/n0lgm1MvP0py27OM+i2Eb2mV3vE7rdH1WmVRV5Jgb8zv1YVjU3
ivPV+8Hjv6meWuKDQfu0BJAZTYKqYa2UsVBjg6ir04zT0CHxjEOT8pgbpuwolUJcWCIFFus+R/7z
v8Q239idYbm2mUijjW/AnMEw+4JAWIO+5IdBnKFxi7XMdS1hIGBaMK99QrGgefbZ0ZfYjEMdVA+W
64fhSBpHN22Efxa4uAhYOIpcvOUmy3fmZ/mwClELSgJJRa2GQ0G1ojv3WwgUC0B9aA10m2N6NhWR
upTvxi1jECQVA6npFZNAWUyqNVt4iySv8vKO50ZrdgVug2TtVUVi7JOHj4m6IsyjamZ0EZrJ9I0h
bKdihwWdI60LEXT1Hq0cEXj1dK0+EuS9HCCyjQmABDmJl+Z641HFJNMv8w8Sf5FAQ5WJVyU5Q1rE
fIowrWplzot9jtTiKFlcIuFKdcFKCV6LrCPWEbgnGsmF4TmnO8lOsz6kP6ISbyBape2/2UVKq+jf
QUbiq8qF/Q9iq4yJzt3jnAIw9qhmwN8os08bFIH34bYbTMPAhDwc+dfqyt6zdpdWCxcd3kaa0/fb
M6l9hn3MVwZ1bnSzTx3l77EfEhU6SF8fj1kZSW2oz7Q8GaTU29uT2E41HenWaE/dHZncmFJscGVg
Y6gsdIV7I7d2vLN7+a4sfCTap50rgmM9TnVWDLoJ8G3VwXUzMXvyjFPNVAcuFt722oo6F3JjL8iN
16Ve4pcrqWSLuZ64qXvjWXkFFSCapGYvVZF22Wnt3a0cL3aHs5uUneQPrjZovDnG1TkD0JKZ8l6a
9ZwYdUdRORNVV5YlQUpgyzkqueI3CnllXQms5b+e+p1mdkP4Ww/OYlXF4aoYbJgrD9/VJjUUdm/Z
MzbKvFZNajZLk3PvjZsw1kYmP63wduxYgTKnLA0f63j91q6krtiFINzXaIhE6P5kBuDBmt6YIlB7
iNytIecYDMlWyH1EFCMkETnb5Xa0OqIuTH1JbEVP107J/3wDseTBGWa4t1pYrOX0pH54B0Yjb6yZ
rgnsELVu2A51G4bq9foZX0FsA40DIbpJEinX/edGZP9B3bMlSxsTUq5zNkS2D7kcAU2sRnYlekau
ronXKZnN8J0Ina+8nkxq/1qz1dAaqXrAWpU1oHnXfOfQdB7Sd4HmDWnN/obQgeK/YvTirFNBjNkJ
GARuBENYUCTDh6wDH8AacqDQYgpFbvQeFhw7+9FZYJeofFNxCOAsvCWQLBJRI34g+db45DkyHTll
LYOva87B3KANoO/xC0Ed5KGwgQRJJJ7puQlGAobpU2FAdMN7EzUVSBpQOZIzarrncQdDCfcpIFYq
bmd/xuhMsBQR2JYVg/IIYODnDMTN06UlfcOlMo+Ynnb/lFjCe83rlGOQsd+NuIgF5/lYRYs2NCGi
2Rbe+Cu+k90AeX5VqNKao4Us6hSQFGo8Sx5Xq0vzDWmFtz0cVfC1K3yrXFtN6JOmfxHgzFirtCbh
GE091yE/AKWYRD8m7CcNFeySex/mluxQfR7blP6lLX3+MqBITVJmRZT8pgziDKOa0tlrZx/pUXAr
c6d4wPnA+73VIa86+Ky/vv+LSNyR84nvfqxDlk3k/e87m9SDKkr1Ri74TRWClBwl8kTDtqLxn5ah
ZsTamq+OXfyLKx1z6v/my8Ksk3SpdPh7UX4DaZ/0hvPPUyhEsd+XFOseB1KRmInozDMsUi+ICpL7
UIReUG7wOqgNSH6wPnBNyI4A2vpTyn8IGTJXy7slcTd7NkteAI5R7SBtfLLz9SXgiZMBCaLIQa2C
xahgVNpnqF2CVZnQFFvs6/KtWAK+JOMkvwblTdosyqSr9wp+xqYXjSeXLM0lS26gFiiRJIpJKq1Y
fviueMp0FO6ez+cqgWnOXXpVAZjRFYm9sN66+ssNSeVhMqtaUUS3cq+sqMmoMPoaglK++BqqlEg/
IVFlOFbnqceo+MrbjLVWdL5HqARqHpOpGq3ELXOFqDG3sTQsjm2S/Tc4H26+lUGXcfoVqYq2FJmv
IRH88WfYsl7jgkxVYdVQyfzAZYuUryFy8buucLaR4V+V1Vq06fbOjg7jLWbW9PBODnHw/q38dlSX
UJCWPd3vPuxIgXrByMvxj7Pv8K7XzVVqyDENoI1pk8dVfzmtihXdO7sX9h3v8qTvWNlgJQfNt/ew
FG1qH6DRCS/8PESROxvoUznTB1yI4CodgZ67JLvgc5d5YCKRQ9RVNJkxhEStVE2+5BVhnLLDRvJ1
Q2bMY9JJnPtUsfA9xK4qBZZ3m9TKoqDvWVMJh4T9L/uFcLsEQGKuwC1SdbJDg70B3waxYWy5Smyp
StTX1Fk9nbgrRXYhdYbkg9JH3HfjY6pFrGPFZfJV2SfcS825640SDT3ZHvw8B1VrBK1FquBnOK7V
qgCtS4XmVz7SCMPMTzHeoSwNDEFSejNo+Uyi1SZfPV+xlYuzonKrMlueLr5eHZpDLEXulVzEUKXi
kPCKEcywul1ucY/5pNNfVZ9ZrZSGVSGJ3ISM1K0Rh0qHKu+YYahscl1Te8Fcp3KN8CIj6MIimqwy
dIMz/k4kXeraOdIkqCpebrllgy1xWoWVjaZoVenK6kRPyU19moTkMxC43M+I/eYDj0fGhduZFB21
R8eV1iXgFU4cfd2iwVuqCs489lus1OWy9pNsWEKXcg1K/ZNm3RvxYNXO/k+I5aqED+60147EnnSg
HN/eXgzjBP0QX2BHfzu9//GQdBtwVglSIlPQjWbFiRK56Ufejfr6iZSrdvjwom4HwkLvh1LPC0VW
lV4ma7HEPvvSLzNNd4nUyiMRsamFJo5jrYfnpuFzg7HzJo+252OpM7BDronwJ+Il0ZU/NO4V39Z4
9Evgv68D9dLrAiYOpDqs086sj03Sl+q4vQe51xvp7kkIkF3TpH+5IUyOjFbAsIq7psPqYcR1SA/z
CYluqB3zDDR3NJhH75l0Q5vZPk9Y92E6zd8+xtFXIgHZuy9t1OpzFs/d1MyQdZ/IIWwoH78kIlDP
d0EJh76vIQaGEjrwyCeprzEupaipNLSUEnsavk21S2/ll3u0UDdhlXbluDqVqJg0T2lqWPRPP2WV
WA5kQAWXL8Pq+xovcpOB+mYybqNL86mZtHR67nI2eA4qx1I4Sh/sJS23sQ7CmCW9SxRyfuv1rMw0
r6UObtzZ8Sw7dL9cXtJMRQTC77B3azYoCMB4sACIMPcY/j3Dv/c6+CwPCN8wxfHKsfOkPPhuQtGC
luNp8HYNPxRlCTbFe+Vq8XoXeOcgy4q6fKPsziXRw4uG250+13bqLTr9QQfaA1hAfL2svOrNwfXF
x2AKUH3bNlAL4H3A/fBWB3YAfohs+OH4WBGLJf4rzh5XpMQ9hFgIb/Gs/0AyQnFkPgK4pTJFpARP
GDoXhMrvuhOiec5/GGmr/jHJvZGJBf3M1B5w2D8FxoH63IcdHQmnQexJ4iKZEZE6c0loB6VDwiPN
4asC3ybchy/ls1vQI0JgCH8GPw/xH3voyIawl3D9C9bhrxGNIbXJb8lngKb0AfbEssNNCrsgaqqX
NUTq7GNvstf1Cm+DxoPzRdomfY6jQ9WK2JLsTaBM0Ov0IXwRBATcKN5TMMaPdEYzAYchEZPnIbia
EFPQ0geTpMEMxBZtye96jGCm+eRblOmEYQpGMH0e+udOllFXH2fScq3RLuTJ3AbUN7GbtSfIjq4I
sQafNzIn0W8sUJHNjTQEzD5RRe/Yz/0oEQ2cLjJgSMk/Rg5M74T/J8+rb9v/qXCmrzJu1Cx6zY2d
qhtRlNQRfduOEh0x7fKOzJs5Q4BvgsVOBjH3vNGNMWz1KjuAuLgkD7cg849UIJlUqaiEhzzPYQow
qQJiG6wfqhLTDaA9cBPrDUK6dHeIKZ9XE6EXwjXyFacPQaQgj4zeASUaKTjkmPX0LxxxVIc11D1U
bxZDJJP6a1YpEeuF6iOPHBQ2GELaBhonsd18CZGlEfSZqSTMvCxiDjDPvC3izp+jWY+YHkIGLsF4
3+B5pvjfOVhoZDOyrXE2UY8YjBktgdqhbNNpPF6iXUOaQmYGwqwPZa5fZJpQD3XdkV+ZDaN+cNl5
FE7PiBoG1tA/jFQPGgfdhenRNIp0xUxs9kCLEoyAt3SSZnhzWCfQGkggswKLqUTp6odm8Hsfa9Cd
6NAmv/m0Iyf2OwxBSZg2Kpbp7n43hiZQjcAa6sTvmvL4l1V6NUKDv5N3Cib73dA2qkyP5mrvFQpf
1Q3XV65WMOJDgA3VefvY4Jx/rQ6ZGzz4WOxrG1VJtU5NG3IIJ9tv2FyfcLuQs5m11C+AtdH/ULKP
bU1eEAU8PgLhDgW8Ow1Dlcf/9JunfhG4XWmVvNF8w4+rkkauq+s2MxK/H7l3rQaU50l26Qa060Pp
4K0B+I7Y/v2C0xzqoQoaGIFkDEIg0riTaftTIOKiDEBUCXuJHFVsjYyNCLPq/UO8Q62Nf0mDVvZE
4bbIfeh4TKE+nlT2SzgTJeAsMhR/1RxiPrn9V2+ejA2iS5tJIxbgF+E6xRG/U6j3yJ8ouE2OBzGH
xJdwJ7KbFK2k3yBpUWBI3xBHXfAugEVEpxhr9FeVXqYY4VlFX8lG2e1Z9tlcocSluHRxelFmLidS
hyl3uXsCLZ6KnoyiZsLlvITvZEzm/IT/N6F7zsrPdey5A4qu1sufFyyuIv+CsEwyYvsDhK3GMQBA
xlIhijm6BF5JhhGRXZbJNCrrEDRrhFkeep6X8TSNM3ozQQA34T2emOa4+bjCydw2kmu3peOhydNP
GupaTrbJLGH/IprFdhH+GVSDaruavIVKSMXcZuO2MNcidO3ZrZFmoSeNWxvHzh5dEdpuRPPW5VDJ
RIphCdZVj2n6iFerNiFW87PT1vPvC31uavlrFpjXcJccbipP4SXNIKZPb5FmyPbPPn3EfowP+HWV
/PlOUBmD7GsvvzR9H5Am1VATD12knBUOsrvEmfgN9tX4tg0axveIqvpLSKrEbx3mgNIm8sh02Mbj
TBNH5euRR0tJ+8J8r2p585tmILmZhMX86hj637a+TuJAiFwL7sQ8USGruyiuY1yN2qjxM9IWH8aZ
Pc3rBQOvQ1wRJ2sKmAOqmeGGsZrMKfcAxFtkuxjs4yLijvOUdxiimzVFgISG2U+WoFPTnfGyKO1J
IJRBRSe3m03Nl9GA4rAmXLU+TuMVn0Y9Wsfekq49Xs3TNkWxYVQPaAjou9huXQjWOOfeBiGnT/yf
+gL3bHB/h2HBvRKEirckAz53oXFgAGJK2uoWXLE3+RRU5BLgiUvDFoPYSHJhwYNHCtmVbUjsGjd/
huCalW5+aVjv6jd/WahPC9B0733opuD2U3izK24DjWPlK4uJn7OADgIThYnpjg0ui4uBT4278+YN
WPC/TAQ7ditthK/t9tUMVL5VZrJmkivDt5aHT23hpxBEY18hqsKC3E8sR7s2p2WPcSMADhe+R8x9
BJjob7DJkpZC6PiDZrRyV/RoXgQXoIwpchGsBqmMjvOb4plqx+isAUO6Ue5TmlPE+ipj2F3cbYgd
ogF27yweFeYkesJlGcfYdtpewVp8Hsob0Z2oQucuCZ6oQ6Dp5TZy4H0YGowUuMp8GiGZAOnCJoUz
A+JPwGYAjYn00NzInf5vmCCiG5OZ/mmz8XW0BtxdT1sI8HgR9zoHN5c/iNf9uc0nYR3IVHjFzRiQ
CLvEtESeEnFMPJfeLa1MQBeceNkpoR+Y4HnUQob832diZ4jGQN5/PKil15Y3HSHXc+/hEfpxjHv6
som0TbxGSNBwY4E/w1zTO/5XySkPTQ9NL/IEcfSbu4SqCGYhwYuci73vkB8Kj2OKgDcoo6D7876G
g/4CzoCl8OaFbPqh/qpLdEatQrSMjAx4+iHRbevIx5anCNey11yruNkh0Pp4QzimzfYB75y7fN2+
IBnWjf5SIFczg2nDf9dQw3kT+fKCpvnkR3coShUtJZBg4GrA5Qbn9jT+QtHW2/T7AKPe25LzVKQg
bliSN4ZB0uuIqQB7wB+RL7h+aGYGfYTJiUTZccFm0TbcSA6Me9N6YpETtJBIxiG++ekyBVt44ijK
Iuax3aGpKfVUcEtkKbMGsYTcoNf6s6TfwMT0bkgB/UzTesKQ6yOWxKkCWJ3r+4brWq/sh33kaGVW
hQM/ozLxt0lnj5ETMtL0frigU3hUw/K0kyGFOcuwPxgT4puCYQKsKb9i5x2HyEeShoWag4OpvGZn
isr8tF2xhmCwhnL5wvymryKSTO4wYwIagD3DGyIe0HSHqPI15SzcJC4ot3q9/qQFAKCUm6SmVfVc
PGl/qs9oQZR51Bhj73P6qSf0eJyolJTqf6FNyk8c0cPgM2S2shqoblRFoO2xXtELaCAHvEbR4Dj7
FuhYBJ672qNJxYm0rOShfKd3xrD8V6B9DHmH4FBhTZcUSCJHGnfpeSNkG31QYJI62UCgKq/BVozY
ytYHkDmIK769FN5iTxLy2SzSeUTfPdet+vRtOMmk6dM4IJpU64M5QLXI3qe2Idqoqg56xD/Iu0cU
8EYiQ+5CC2kjGt1pILHEIXvSK+JNH3gaTyZMIFDB1KDK6pXrRdvkjRhVy0HDjGcSN+wRLIzKfuqa
CTNsDsZQk2GRX1G0Qb3hZOG3/k/DOIVs8NXvPekQOAQUaGWDv+eGQUgJpBf6D3rpCI3pxDn2qrip
2SW7CsMlHtfljpHPXffNmMRbddbz1vFzbAfOP8hHOj4wRSlPhZRLgCsH11CopZ9aIZKxCqL9ZSfc
JtiEKeDJKvFfj5CTDhIaj2+TwPcEkawndMjCEvImRk3JcSph4VHKbsu6mmGfEZ/MYbUoFpvCUM5P
zZ4pM/tLBtJw0uY7cG7EGQb8Yn7qTTGn2SWvNKW4KHzLukMm44Aug/Zok8pvDN/APYW7ZsQDg5gR
DDALtRq22eGflTDof4MizshKnBaduDacYnqm+ZlPHehGuR9d7pkX0o+ALZwdO4x73iuXDbFv7NcW
rR8Ud9lG12KOZl14nL1qvUz+ODHzVGCRRTwSdvUcomQ99NBu1UFp6Lrst0R+V4ZB3NCrIE6vo2np
thx4iWvpdB2V6F2Jd+26D8GqoV6hxi02lWRaSPbq3ZvHabTxcUcy7va+NpqJdCzxeW0E9aTsPZwT
hhC3IYA0A/sM6h0lvO4wsk3W0L5C0vWLgmDLsFfV8nTVU6nYn0n0A7BQWeRqODuDWxly2ffhWXn2
IkRxJWk7X0VVzTa7m8kJqpl6eZtLbNTnklgJtrBvUnppfkSeJEcKMRsiU9TBaB3IGSv3ObXR07zh
uLUaGU8JcDp8THSG8zrW8HFZNwYjVhFwPHaHaeaWd0vCrFsXX2QOavW0+ROYFGpgasbgLmRDFhzc
WlrJmVEvenIoJw+MpGVpp2JQLg09oERWZKCiyDyC33T0TecsiijrGs9QH8T3RVO+GXjVdLSjsdeG
QVAQ4fPph37jHwffiYifj+KmEzqzq+YCFj3hSYxl0DXqmaGUXHb2ZXZ0enZ+mFi6DHTpuHnaHbxI
6S6Fl4oLl9oKMJW46Zh1aEWSilWXLOWzywwvvM5elxufmtNHzcefIu7Wm6ufXcMcFxwwnpNH0BJD
hqWsoxbHj9wZi6MuhzAPnaXpkjntOzhm3Dk8lV9UZl62pk838zPfialpDxUhfW/4qeiRf1ZRLNIm
NiPDnT4mOEPHwI/qc/Qx/NhaQRlAmBO5URywF/vx9fLpGU1IWuHYEz8wX2Sv2HbstIKdU3h7KSYS
CNnDb0c5CB0QqhpB75AJxWMSbfH9r76PP8aK4jXfwg6jdOaOFT5SK9Vk6S4AEFdKaH2Vhkz0YwHS
riSnoOaMX9CpcBfHwvUp9Hhndtewx8i3utkAXkFtMG2Bz9l9cHWmx/96D+ieaqM2IZqMe0iYDbNy
SXykKdviEvtI2kKqKUFNbL9jTbFfFCtSckJrQOo3StZJ+/1peWwh5vt/kbqgmyOLxnb9tfed98/r
gWxJa0E7IsfGdgZ7T5YeRor1gAB/IYs01CXS+72IOkWl02SSoUkmnkU1KDMs8+rGi8SFHFaYLU2/
+WasNoMXpWFR3ADjRxMObIFWHRcd6vxTsjPcsc8Zz8B5/31M4Pj/wbCmjg3vCeie9pAW77N/kwUv
GcfswzCEMegVk/oeNA1PSXiZeBVTHHN8UnKEMK76KlLk/+JiVtIW4Ijft+Q805UIdVAEy/lfbBMa
svVb3c7XBnatbB8JQ6XPLiFqFQjsgh2Srmv4ckIGF0K1F7Nqx8QLekrd0hwmgDPeRk1RcPumHDOe
BFynWcO/+PvGEEpe2esrczz/FBhlUkSTRXjuSKG2PaPbEXkA7BPc4XsQzw95CefCfE+nJXENyHxr
HLvNbwBhi8CZQbXKj+ZnBheR/x26hoMpeCXERY3J+9G/JBo1n3zbMFL1iOKm7Zm5v+Sl4EjXFGnv
TDwGT2z+rb9E7ISym3lgaNBHu8Kn06bLckFqU63LdsFUInoX/QDpIawuJhX0BcOd/+wfCRedm8mr
DXdAU+VSTeg7KzYvcpv6d/CzZn1o96viq1+deCVrbRjBqFwWZPPGKm1CbjMcGHwadcdSB0j0++my
SjuH7cC4yzyHxgBgDLuzQj0rave/CkwOi63/JI1KbV/vQHQf84KH0CbZnkD31yXVnHmXXKfancWa
RqD8PR4HslR67kqJyAed/Fm4l/TQrF9Mr/Kh/WJcBFoV+jX+iuOSJqQNFVeBwsv7XdgCgjmreGr1
g8slQIIYmLNtEA/ApyvCIl2LWSfVoR0y7CAHhQhBWkzuDuotG67E1649yr3wNoimF65E7VHmXthK
zmKWYapKvHHypbeOz4qyEvcl/6XhNJWQs5xgIVMVu+hHGHY1g7snH4Y6C6dRxFLpwOyUY9P1QHVV
BI6zj0uuWGpwmRZ5+l/TDaLJZHUHgq3BJv/N3BZdKUuj+DKaJ0OeWB+ppGweM9KpNWlTUWOxVJoX
3HSwkn11MRVnKSqUN1TaBfBZKK7E4XNkqr6Ak2s26QyJY5aeWCLev2x+ZGKQB81WeETilI6ZN0WU
wcjfmGzSEMmqTUJmGXrGnxd/lP+2V84u7tRPRzdoRC9t9+AILC0ih1iVfxjPcszZQNUrGpgzrgno
YoJlbeUrDCE+jRP7H1R4wFSnMdj2hqkbcmdNC0jJ1EzctO+a2j3qFQNPqEqB/nSPmHkMuKiHaZVF
vG3xriNeEo4RdnFinFs613PD5PLKulCOtU2kZHkRh7vK1RyqN9feSQBErcFIUDYtt1fQV5oEbUHi
2ZF0eRG4qZd1tRllswaRQfLtwr4+E+g1+L1563O7CvYMuTuojZOlaju6feZabnan/BahZuohrV/i
YDaDxxVnDPYI0T3aCtOJCq+QmkkQgy1xahF91EfMXiSIuo97EDGCNkydxGGL8TjjhAs2yNxGmiMY
pI3B/yT9e6ZUJKQOnEt3TOBb3svdlFuluaeeKdVBzsyUbQ0lHMHQ38OjgGFQ9FTZbJQ2AyQ+Uuu2
k0nZy3MHxTubk/AO5nt8mwskQP2EM65QWPfnrgIzgque1IzgQoQ28yE1EGq+1tRUQE/7Sd5BNzhu
hqwVgXKkeAxMdupYc8Fb/Dy2aaKZvD+hg/NnMgLdYnwl9qXq1lHP/ClO197C+Clqxjv0cva7sDc2
eBa4gEYmENHshOLhNBG9wLouVZbOCNWX2FFmTeTmtBHe0Pr8WwRPbnP4nURX+VVJRuXSblB2oM3V
1rA4z21XO3GEb1pTqwoEdnRbaWds+biztIqiRRu5TF22YgJnuRWNmctedkd/IXZyOkJ5TpyOi9Gr
f3c3SYK9i96zsSTClYK24RQdMRvpusog2Vi41fKY4dCYkX2I2baYgVMW+YhPRRmVA8WpGcqWigR7
NYcRkhpthYm5o+JadnJRi8Hs+hEY4hWAlgMnB0VxJ9DP1kfehX7+J3sUxb8VTPrtPM5zYPotop5D
HoUvaosUBcFUz0dCTZgQnRAZEYUObMJSDHDX9U2KQZ1Vhi3QW/dWwUT+11S3gqp4Fzb5zHRRD9L/
HntAR4MU3f8GSAxlehgGZPrP9bDMbceC755LADz45X0tHm1QDISlWoc5lB7IQz5bzj0oSIoxgmfc
2QLwAcqo2hrWggGvlD+ByrgqeYtC1ifUk13FYq80R9gpGPOF7HwFslliWF17k9xdVB7YMJAu2Ljf
kyAKHlQVqgqSJr9q0Ck4Rd6fPOQehFX3OdFcSBfpjqx29IGESxyxUdbTvzmjQfw1KHvsjHKTQnmD
FyXoUVevyFfSx5iv6CftVc88WGBEn1S49GF6e/Fg0GY4xH9g8GhYxT9r8GxYpx+DkOYBFp06c20F
uBAlSYKjXudQp7iFvN6YOyN6KjkW/0+WNk0m3x7D7LiMfOwDQ5LNJfs65JKiRpNPqCkl1+SvkKu/
/J8No7eprLhxhpPGmCRbRG58HFBsOG/iHBCHoaia6EVneyIQUFnknPz1PG8ihAn+ddgxxwk3pUpn
2mX/TKpNyS1RXfJdUUiG+wjbJtWvtApWj1DtkjzG0Qtbc1zGDw7uj9bq+zx4UmAPCQObB/aZyYWX
BCUNCLFkpAWDPtwEvSaJOCmHABawLv7KwquAnPhf/o//mDHGM4hlQLYUn79XZT4j93GcJO8RcpOk
yoD1CZ+qnsHFMVFz0AZ5kHbe4O9puun0CeGQwZNyLsND2wlKXws1tREjGVDY+PK0Rn9WI7sTi3mo
NewTNAgheL2/BOcHvCpAr9aAyYyAEPLdur639gebF3OJ4Asd+BB31YJTK5Th5sp272PaJzrdFP3S
+P4Xtt6MogBh94YiAXZ8ig0X/qZqq8ZCnhdqcnF6f8+/SlVn5xbKBuQ7D/NxZBMMuvRmMY8oNswD
NZjTHX45lbF3gm8ZmXS/wMc2VtrwpkdnJRA8EDZo/ANaEbwjsAVpoq1tOe5Fjk1GTUYiwyac+NuJ
zivjSd7krWXfBZF5TpfYc1T0ylsyTxjecl78UaEXzAx2UNVCDQrcOPdqmKg7w2fOTOIUevW4pOwC
Wcb5ko7quVGgC7UD/iWODV4Slo4479qH/JUy9LPEdaZkJ0K37CNl8KawjrzyvtS9BQ9kMPte2lp7
/7YrTypGfJrOnkjXcz3PBkMc7AK9UveAbIN7Kp30vmjjE7DCwWBFCgtXJpGWoB5ODjUd6kQNWSv1
yaPW3Ey6UtQwra9tl5GUyi/snH0Mm/2Tch+4aBEUpGg15yoCxiOlHdJxcyRBN/RL1hEXuSTWrNfL
jfst06heZBWb3oK9wJ3s7t1+Et8majbqAqIaP/STbN9WtNG/iF72SZkl5b6uxOkZ07YvR8cIr5S3
3hKOEvb++tnJD4xLMy49DesQTRj51BRTF35wdZxV9cQBzsVNqNbFz8lOXIeBVX2fgNk2Imvbbckv
nC2wRb5YKleUn7SnWh+ytq6sE3LUvgdpt8YVJB/WszRjI4BDz9sMNML2vmJT0cXu7+0/xdWPyCrG
HLNuP1KMbLdutKTSzk4PvIHC2nA4sL2jzcMn/Lz2lV6DdNQ3jz2Tb9w5xr40oIfZFzzTRJ8pYItu
hF/wADdFeXq2dpUm6mci5pFERA4c3MOdZEcaRpIaVhy0nQy4qJbi7praFx9Zk37K73BlAus8vRzL
0LeHN1kaQe63PamcWFKwSEU6QzSQ3rIIyLmgsyVTxZgCpAthVXxvAh8EPyXkJIT4CyXRkf7NJ4vJ
dR+rvWe5DDRvN6aBh68LJqRbanUBx9dAa7+Z6XE9jq6DLiI7J1gicQXFWZThDnOFWbRkMk9utbCL
3MMpm6GftEf6N/SJrE4eObms+FexXdXX7+ecD1kDxdGvb/DHh4wYUKrnRJBe+/Qb79WdwlV/jjOR
h/rotI/CRJYQpX9iybzlPghRqu8Jl+oGIpyOgtbiIhiU8FyaDP96iJSUGsC9+Jx8RtQEhbhrGEV3
E/TVbk2cpwjdXsQPGztUyISDnCYru6h8T3UrFbBQT+GqQ7gCQxI25wZeRjZe7qcjFydgPg3lP6JG
b19QOpZPF8p5OhpPJ8wlbT2fFJ//HM2Y8YY+nfyY/cbajmHMHRD5jpk0SxV+Puo0fenJ0LhtcSa1
lN9LwaWB6FTfzuVlqDVWV4eIqaQuMk675QUs2sJoVAJ1Kx7WWEh6tqRKV1xeL8zdabYkJQGVJ2IT
GgHATebEW/p/HWEsuM9DvGkv6JML8RMA60cic461j6VO7I6J2Jss2Un4YSvGlGYZWi1lFbc+SHOi
TBN1lvkKjp6Bo7XO+679MuDoGwo2UuWopQZN50za0mZTeQhqgJoneRNYgWbHMYqF+hceJReR5sU+
MBihJtWEx0vqXSL7JrTi8VK8KLCz5VpiGtOz5e+KJtG/WPbKzz5wdbBsMq9jA0TtVuNYeU2Rt/Qy
9xi6wlI1UKozIvJ/2F47Fk0emR0h9aXRdKqBuZPhyN7AaeP/JHRBRKmej6nkqwqDBANxFE0VMeXN
UfIcUdTyS5WexmEwAV94jyJbE1lD88q6ROPGd7FCGYM/Q0qVSQcApWfNIIW6apbWLSIQv7Bm0xd3
/lGeQOt3Ccp2/BumWKSY8y9DZqogr1d6CML0X6UClxcb+FVgqFhTkF2x0oRnk/0Jds3+7jqF4UmC
XKy4wHs3ep7C4DoBMqJ0Ek27ihzEPJjXArnGKDBrRZzNHQYZw739WiybRN7s86ebNNxk0891JMcB
HqSMW4LZR6Ck6YHcLNjk14Njq2A651MgYv4rC81ZUcSoG3dz5jbVM1XWmzV8nEOvrb+dxJIO2sgB
03ZMblpdWMsc2sFR3Si7vyWjZdeDTDehXBE1tdOvvMR3IrePuURwwiwXrNG/BdBTnDPsDfxd3len
fFefUV21Xza5MV+14tZiS9+RVLgaq+djOsOKdUCFUifFatPeteidc0KnpMHxDjkqrlHah4Bz+Car
nj3sOioUMRFiHmL38t9iWeIY43efcZ1lmbeYYZtlC1fSmmIhZjHHs986sHMpaiebp/WhnQvHMxvf
tymbZjh92qGut2D9S9C3ZhSslyRotkaJpc9ugEFp4XiJjThEODCrPUp00UDqAbooajTr5Aq8w2+7
jYEH0sy/i7QLcHoGFSQ7Dv4tr1db5AoSa8dh6LfXAxHKo7dFeSHYl7kSwSv3fnJ9oF89PvYjMSRY
1aTzqDyvNyoRi+mI3Wqsme2pPXskSsjVDTgUYZ3gkyahvLPQpgH2x0V3m4LXT3tojQb9NUcc954X
XSLW8FunZpJuxZpgrEsroo+ZCDoBhtyi6TnRqxCrEUIu2uDc4i0RbF8pUOtVNuW0q/xl9nWsU7xz
TPFos/yNTvyua/4zvvtXcn6CMnyMcil5v3yMc0l6P3WMdUkQn4Ja6+mBuMKo64N02ybI7HxscYUp
A5VqiZXfIVLd+LaMuuTJCWaZV3/HweWCJIxiG8Or8zHkNIPPVPNIw+a6kQqEJdN4njDv5GQqa8Oc
zV1wWL9j2v2vor4M807gdUMr5i7f55pLOrnYDLaWAljAmZpeRpTGnlMGrn5OB90p2thZaOav6Iun
/VhwltTO9FGuYddt2VHchXd+p3N+m824RcZ5LwbkBkrRtBTaBXtGRrbr5luDY2jnuDzwtB2cq1OI
rSuNPZSYpSOPM3Xo1v0wNmuceE6DDJhnZevSemTnwSOnbUKxb0VlsB7ku5ZsG2Xg4DYC0eE8iEzI
h7hxnErOVtLieYEbbenz06TiiJEV/NAjkp2TvcBSmx/rPXkZ+R60iyQHYhkkot4gAEYA6nsPn2Md
eARWFs52sPofhhD+d5+BeHnM4b8/iB4jU+GCA4Hu2WT5YDKX4tsI7uVt8bpI3HroOAtFzu65w9fl
H4uoRs8ynom3U+3pfRW6yFTj4v5TYS2mRv27IiZGywOcBSwMpPjtZP5RA2fNyQB0AC+OFsJUqeMS
DEOxcpmLyGkAK/1QiifsP41qnl1aq2nvVPqL/IgKDfar0evDaj1fRVshWNYf599HbSkBq4O67tfM
pQb+X6d3vobsb7fwZ/U/IHhERC51fKGXqWS0ZKNUs1pK9Ui14SHQO4kfxOdByc0Eau0DodcSa1EF
twKusnp0Or5kr9r3xl7qPrkJUq7meb1O9nltbKotdKTkX1XfmnvhjyRJ7Rz8s7hLV2Ob2d9LgfEh
DrjKsnyw08nKtkK9s9nyXyyxqaFlcgipJ9YVaJK+WTyNp0QDGnT5rekY1NjKH/JNXedi2wDGjmFF
Pct2bc+6gVN05d4CBVRv9Y6qiUyOtk+dt0hDMZ1qD4Gf7EMBntaiXRS5ywY8HKrd7SO/9OJDOZ5d
I/Bk5VaKhyrJ21YXsgqpsFacYlhqqWdlprgUMS/X+1pl4xYt4t7Jixs3FbGqgh7ULEpLTk8454FL
sFcL6DbW6BsuegJLzmU7j4kJVNc/rhjCG8lLgX7EG9lLiX62G5lLm31YnLhVGOoVmXyNfA1P8hq8
61RfmhtoSUt08bbDzZibZ9lH8SV8Uf+H0e6wh+w90wXGtamF1avqhk+cV5RrXthUJyQz6fPELztb
scI4ukEvXU8Jr5xRkOq1XxkkF5g98kxQd/E0GSowLOcvC6Z8E0+sG8bril9WnUhGTM7zJnuh6Cp0
40fjJdFRxFG1JyvTeL51xZHAyQtWkKuC3/ofzK9CoVPvcQ/4ziuDh/0IhN6Ab/2Lndq3Z8T9cNok
V/DxhZalXYC6K84LYftKXXG5kNcFugI5/x/69/M3+QpRQiIYtq1g42ySOuakdA9pb0fWJy6/0hNi
qz5tMyujuaU9e3aOPg7uWnI33TUKzAmu7PSrrrk/1U9dOLN3QLsXaVFMeqE70+TA/E+G6IT9308/
9Jx5lNDbaDr7EoSZaf4Xtt+R7Sguy85Zx3i6rLumWCYeVNourr96F1QxEro2rg56oUSk0Z9rc4ek
9/r6eSykc0Syb6xgGRPBoKAVAGnW4iZPIDP0TfUiAYtQnWqXfWBR3iveZ7sjQla43aVj0zdRHPqj
DbjOQBJ6WZQQWwJ7XYYxdaTti0DiLUjdVu+SopA6luKuayBZNSgN9XIYts/QqMdG+YCuwwuTmNGS
7LR+h1Ga7Lf+sdEqbXLzhIgRFcH60obtSuIujHEdQD5D3YGf8FHSt5OV/Shqmu6xZFIrPl+qp0yb
Mn9icntyELUTvOy0YC2YqG0p4als/Tuwh9R73D+kiZnqxXg9Ueoto1uKeeC9DDHI63zoJ0sBTvaJ
b815JEZ8Dr16VguTR5MBp+DJRbFzYbh60eCr+zFr3IRAxxFcFBszD5yjYZFAotk7xNLC7R7Fx4n0
Y5skXpfWz7BxXhHhgZx/tqt5CImN9drGHHQW4DCN22nQQDptgcRK/UvVFYk18vEuXcd26aOlSf9B
Q5u0YiEG/C/JCynB6Qb5VWkal9pUH+McV55UOvhSr38oJZF9PgAlM+w7frIkTr6wu4paRFhExDIi
roQlZa4CHmE+tY146TZ6ddiwuOZ8ZdmADJzikzrzKrEFk2z1ULF1lDSN/R3yLP+aJlcqPaXcr2qV
2hY6PTzL+xqzerBYpELsvgVtUhwV96NnbRhDTs9Xaj8SUMDUmHMd19SzfvQ6h5qLCW8za7pgeY80
a7wAEjpkr36DuO2PXpqLrd/wfUi9y7+SfCn/XWZU+QXPvLqyDUdE+aiERjXH/JoaMYQhrOsDhaOG
upcSUXq9yz0ZLg2dVx9P3JpfKk4dns89a60icUwx0rzaovD5/JPCNC6Ys5gI8X5QUb8s0PKpoknS
J+TbdUROuMizBi2oBWde9c4mX5/xjF4met9ALYSDArb5O+qOdr/pGaFZwIk1ZmFsWZagt5NJ6wLA
9aTekBH/0OueMZqzmeM8u9H56JOP+AJz1ixf+QH45GTumSrq5XQeEgpaGvSVw8aAxruXFsqLUXbH
PbpQCGITqJVVcKdj8CzB9CHZ/rK48fUvpvzJ+Cv/VLO21Jd4zHR3sI9Ey1mB18z2ZDbTeBfW9dmt
I8+/NKfkW0xs5lyBv4ACLjkVGR16LaGNtBY2X0wklJMPsSgqNJwOclZwBhBI+qX4TGbEP5KR5HHy
vnaa5NoNayd5cbPoGw5tBqLh4OLaMd7Im5qC/wz+qExnuDE10DF1+I0/LHrYq7IzHT0EN1BjpDos
2++cVnjYukfLKEPaiSdxUBoMxEXbyz4PGyJtRDQLJ9EopKZykWGlqkpqoRJLxIGHcLJqzJtSPdmZ
1qh7Qosex7HyUUhOWBvLI6eYxMtKUGat0jca+Ix0C5mzSnKcGTGBULFtb8d90LJVeuAvpnNzejBc
fuU2fWCZ1vNwkiR///S2kkCy8AIsPOa8USOob/YPohBM4UWGpZSlwSL7U3Cs5xbh66vuFbR+U0un
lAhwUdmlVKjuNtV38USov/Wcae9sPBxxmUuYimRb6RH6pe7VhhO9oSxYm6J/TFx4QdH5Su5coSPZ
ptBR/cslpLtakZ8419ntOSBwcxbJGzVd2Jq8kXE38WqpvmhEUHMq+CIdu+0UmYkSyg51ocFiqmPm
sexR3e4b2Qqt61NcWZQKWFWGuTERlivX3KUKhlT92amC7Gri7Fpj/A66/HvxFLestrjKkd7RuLrr
CQQtb3pDeHx4GeDFSSSAKfo0rfJl8b0UY6S57i3e41KrL+n4+7kPxf0B75ZRft3mDFf9dxuDk72i
bgHIlAXop0E+3ctfNjL6DfM+wJi9AVjb1q3PGzpbv9ogbB8KM3oZV9m2Y8gzYNOiZ7iWEMd+W7/H
yEILdub2a/qmbNvLfdpyH/0Z5wuvt08OeQgySk+QTUktex1eizBDS6ROPZ3kn5aKfCqiP7w47Q19
aboxGhjkpbFBTefc4IJrxa5t6FRfm++5sWCNd+sPPMgryHs37LiY4aoGdobjl/cF4ZbVPb81nGUJ
8J70IYQDM+CvL5mOhEu4ncGO3UPiqTbaSm0IAw5Ek6V+FGCSKlUNip+ZMssJkquPM/IJsmPwM9I6
qNNqci1RDvmqe03XXhV7mw14TDbLqw3PdLA5qjPWd53wkHlsswv1HR5wqkcu7goNVYvketBwT6Rg
dSgaqdbdOm1tY/wHvKwB3sAHTKaF5gSfX/8CKQa1azN1vCyAtzVrv9qfdUOTbVcuGxa25Q/OQbPd
RyGclrY2i32LO1oG6Z/79q31SNIbEpgTKp4v0D65gHBJtIlQG2uNvDcjKSkiUWGy0grKzVhfVxM0
BqrbqrN/IZB0vVy7upr3itA9IeH4BbfL8Y46hsiL97K0kcQHmndoiaxPEXLrOsB96jCHWiAG/yAh
vHMc93Mm4gadFPg0YtbJGFRF4jZ4Vfhmsl/9zNy2rdM6uyBDj/ZeFoSvDobIMR1ok98VOxCIFS89
pkTAapHfJIkuBqCjfyDpXHqVCRGXd8dLlymgcddBa9pAzhv5Xq9f61donEzIYZ6cinUb4jthOKuP
TEEH5ScDQzFqSiOrV8Ct/LrioeANV+zGi8gHLOMgMKLXj6AWGgx84XyTekzK44pF0keUuaNGQjef
k8uy6A203iXsmSP5WJOk0hj6lTeRFNyvH/FdbGiBXq1uEi1KS27GwVa6rVITvVystGLWlGTY0zL/
iBmnOgB68+KOwki/orQ0ckjruUpFmQ9Ip8EAvnqZU9se+37ORJ6S7o9XnS2VfvhXW6iEBl5QiWIt
TF4c+48shIsFooRbs8LDsju9ckHXRWPpppMsga1hF8z59fldxKj5O+auSRWE9oWo2fIet0/zKuT5
8W11lT/v/c4CbfAhgPAG57i73y0H9onZXbctvBwqZ97JfPce9EfTVQzZaBzeQkkUo2GyyULySErp
7lmuVKtWK0P/Keq8OXhLcJzBhK7eVFkaypc+JgBfSKKUIj40frAZeRLuhRlHLhOj0+YTlg99lq1L
PuEe7Yn5unoc40nusOd84bigmY3CjIZe1gFzsVHBmc2nvSXMUl/aVIoJinFvC+d2rxEgthnZLXZn
g+rMYFdbTayEi3PhF9SRrHMeMHizMAyb+LyPQgIWq5q0pKwIhoHmpMWIKTOTcwRydKVYhXNLImsR
KvtvEc5UuQPMKaXBxDbA3Sj70LdYVur6DZv5L41noGtBKf2r606fkvUv8E/jtpXQJV4vRGbvDA+4
J913l49EIue3zk9jcQm66g+km94o5A/c0Tkayd5AvkEo4OJ9cBojIO845QFywCDaJkKDgD0uzYWi
WaGRmwzRdsnd8S+imIxvag/Lxd0ohExpcamfpH9Z18NqcnKJVTUIkWgRXUIOiWlJuJ7f0EyT8drr
UEyToZClitcGzNJ3tahZSl3gNd0ZskBM1vdTWtLM1hQswoOyDt+IgY/DT5aafEcnfDLY3Cmq1Yy3
/pscA7dvv4o2K9k9XraOPQFmbk+PZhJyef6J9aS5X8IjzPFz0OuUZ/YDpmBc7dgZH+10btYj+rcJ
II9q0ATVeuZGTludnfON4kVjYb+bc7XssMHDDnSFZOzJL42Hognl+Eo0hY+ceTM5BSsK5PdixSsy
BiNh841kBJQOE7GkyYqIpGkqIfw0keWEeHgicelE8Xhc0duD89LnIv9RQd32ouyx6J3F5ImyvPjt
ZIdKdIkHZSUFXtbUxOlE+WC3EkaFNKQqVO1Fwa/qde5S6jXhpckSFvzXVlvTi6K1+Kums07kV1Uq
qMJWYmWudGMcfKW9lITcraXBAupS6aW/1Cp99HJsZ6F9gwVlhyn8WlP/zSS5dJNqBn30tbNpRqlj
7LKudX7kU1RxCvCktfShZijmwdQnDnHsLBXPxqKgkdV9LpG9gmeet9Pd7a6kB5Y5HnPupSfW1ua7
6s7nOYNUf++PvihL8VOhAS+r9SUK4X2n5ac0cdWlb/0O4cXoKfLXIbXOROAv6lv4ahJwJPGHBxfm
uvT1mRrdfdi5Ta1NIErHyDMPh5vju/EuhiAKcQoMPhSXDgbWEmu3xuHgby/1wy+L6Q/vqlBb6f9E
Xcj+f/ELMrKzsjL9P90s/w95oYSQkKCBk4kx/v8iI/x/sRNy/B/YCZno/zc7IcP/gZ1QzNHA4/83
PaGRvv6tg7ODowmivj45OSWFI5xjdHR4tKJ+31T/SP8wfn9+P35murZ2PwCox4dHBT1r4K9rTADC
cFc1FCMUgSxyFAuGOYP8CSC+qoQEjSzYopx/e3l3MQD5LDqgcRSxSdAGB76rq3g8k3x3QEBARBlx
C1BxmgCRhtLAeP+8+gADCR+FCkF7YzsxS5v6ABOdRhygJal4hju/r4OEvaOCqUBEoFN9kSC/gq+m
KSwqXgCyEhC/AcTCHwcINmu04RmCIURSklTUJD63PQAhcby69DR/OJh6urp6APy/dfX19QB4aPZ1
dvaB+KCooCgsII92d3eB+Li0ODwQ0HfQYBAQUJAQkBDh4OCQYJFgkWHh4WHhAHlBaUFBbUFJQUlJ
RUlRSTCIY+Njf34FWUCI5BR+fhVQkOWV5RVlFuYAeS0oCGf+fn44CGhoGGho6Wj//uHl4eHp7ent
wcXBxcnByc3JzdHV0dXZgdndgYmBhYmRiZGRmZGZmaGZoaGpoamptamxsb2xObp5Onx8dnJ2cmZi
ZmJuam7odEKiwqJCI0Mjw6PDo0TERETFREXFRcXFRcbFRqbGRscmR8dHp39P/6AioSKjJKUmpSan
KKcoqSqrListrTAvLy8zMTOzMrM0tTg3N7c4uTw7O7s+PUmfZdLpLQaTJZRKpbMYnTajMZpMp3NY
zGa/PaDOaDTq3RcWSahSqfVaHUcyVa5Ua7SaDHZKYbJYrTeabaZmbbhab3Yb3NZ+eb7ecLbd3vsb
hMTisPlcL9czkM5kc7icDrZHnNTotHudXyZjrNpstzsczlZ7uOBueXzvnxeexOZyu71fP0e21PB2
vT3fHobO4PZ4f94fr7b28Px8f76m7vM+/vwARv0vdf8PnvM/j/n/kFhZ2P93Jzvb/9FtOP6/3IaJ
4f/kNoz/fyH11JJ4oqVdXQC8wJYQm542h6LeStxg3GJswpHNhuGYnpbGMg2bMNimZ1oCY+0+sE5/
/fz5uevbpXsbqulUYmHh0eHRKTvzTvfMvSWFx+QjJiYrjZcHKhCr2utEKyahlJyaRHnmg8QPEOaH
/Aeku1Yppjb4h9vn8lEz80f35/bjHMP/PXfb+MLX+1v115dYXtPpamfdwD3PyFKz9Wy+0shrmbHj
xeZqs4AkpWVs61P2l4D1S0TWjohD80lAo7fd0yCT95dNgq6JgUIbtlQjbr5T0htDuNgmZpQ1y4N8
sKe5AfG3deY3/e6h48ksqulyN9+ikIAsIX/scrfYKjT0R1D4h/7XF/23ffDn9ps3+NeBRXj37efy
97LdYVN0xcfFiGEFedH3+ZfwK+elOKVH8P1153f2p14JwW5AUYBGEHRM4E04XTJNOkuWeLElfhMx
VIBwrJgY/hK1mOAMnSaPFi8WZbtoq+SIPOZPXSnWF+sQdtp4lf/wHL8WkgzwMsBUDTI6/Qynzune
lR+xBNBFhQf/D6IJAluQyADHAOsA5ACQQlqaiJPCKrwuwul8TKJLgtCc1QPGAilS4TWRygHrBUaE
0lOgTR6XyhYIqtzsxc+fdROyC69TqO9WRkAVWC/wTX1JQCo9diakE+368DpMTuVXKDleX5CQIbeY
mJtQlgwl6TN+vZh0UmaRljHqN4I7kRuDU9Si+Hwe3wX5BFFXZEsmhxZ1gW9pMgWgiIdH4Q/zG2h4
Y2uICkNjF3datN4pPEJVSGpw4Zr1fimwbJthWj8lMlkIEnE0vlPxX4TposKk+qKvI+MJqYqsr4AM
yCE5V3mYfvqmMJWQ2ILrYsW74yfUJ4MDzhCEtPJpoBMGD4xCPeS16Z7/djCYl1tT5j5JAaH1P0cS
bn+mLJLY9fsd87hK2GMvZ5IDhhDxN3gxpcjznHHDSZVP3EsASz9+4OmCEsCpA1hnOiJ/XpDB6DJu
ICOAdsluuG1QF4X/D2v30CuMFixoeNu2v23btm3btm3btm3btm3b3n1yB510codd6y+spN4aPbUh
M/YRBpSN4BHs+KpipjlxcR7qQ4JZHFDOXu+ktWO+wqNPTBwhKmIVZAMpw4aX0Pb/HqBpIHrJ5PJ/
AEkU9Ra2+K0w8fetH5yjCoLhDUPysS+mr+BaTDaJWd05npIkB4c13GKIV6GeS40AVMN5nmIOyNmj
QVDhHI8YGd8xeLkfhTBmunRuQDGml4a3/DM+/JkRMKYPFej30atoariMQK+4jRjXYWdELPM5nxlc
kW8DZE58BDPXQRNppsNwEiwhNcdJMMWM4jr4coRnnfGuxe41e1kMSPiE5NMcdNPptDXYlbeVnu1e
8OzxzJgrwNvjmvyjhTDOkExYmEOqCoPq07jglomMcYR5if72pdZ31JV1Wf2QLo+YSjLU5X5VWvJ+
hOvniM9e0W4dZw8sRMZ+qN7vRuaQgwa5FC1MuR6ENKoIC6Jp95SQBcAgahNKxgUHoB8Bj/8VBGIZ
uKK7ltiZQIawDUhVjxUyniI9V57TiEXzIM6hv3MQSqQ8I7cJVyrwDcqN6y9J+Gbg2JNAXkDpStee
Ry6mvbcZ91USQCfhqrCh46pyLwWy9M3vNgI9ajjHVvOUUH1KtvqLjnJO6QLWbOB4IDJH+8j5xqTM
cdSZ72ef8spDgcx5aJ/IaCD38bcIMwnZq/OsbquhLETb/xARWJSNfVPxlG1lMqv1Kv1RX+U/whfV
tId9Flgo34DNWs2oTmrTVnJIxBy1rn4X6uzzLp7SZ7+z38Cxp6lVPxUy+lbe4ry5CVT05tl32XcT
4N8RcFoQW1iRMIz20VQsKpWS3QI/9p7CBzBNolDRddRs2kKbyS16XidJCX46ji11/n7LnIos835L
ndYwN/Cb+cru4asbPARRG6SaUBiiQlZTPodh1N8OekkIt7IWYi5ad8km0GGb+ZVEpfm5abdYJiNn
oxeiVRppvxmumV8oBCej7HSdl2eDDaHL9SlmaBz2KOuR7t6IWtwMu21zcgodOqsBQBNnbVsN6C0m
ksMpESqJzfTrjm8skOpih5B+Zrq3Nw4zaWEqzzyrXtVgZdKtjC7MPpKJyi2XDR+PzDA0Au8o7ZT+
a5DpQFV13J5iHK6FJm2TVMMHxOqpGcRDAIYZuefHMwpIRFGH+VGujTWpH67MbTDaoFu2OUT5Xs3c
dTAjHmq2OiSrDOwsGxAMWpFHi2xxip5D9s6NON2IqHjo09Iia5Fz2nJKPDtJ4YpSxEseuu21+F21
yCwtFuCnm4kovoApUE10BtIuy8mj5kfQMXyUX642K0Xg2HvuU/RFZ8ZaWDa+YFZSxFLJscJLdB3F
MPPI610paISFtnucdWNnegVX4/Az3ZWTc+SbOT12i/bNUVIleGhwYmujYIidvhxJN9HOYAF8xu4z
ww2eTf80M5Ku0sjYQZ9i7pv8jYyi9juVRpyt752ISWHZUungY9HBYfEQk1aZjfq4yo647QxU6e1Z
MDf2Og8+kz2IsafaazBs19ee3kgMnFxfdyux2nxtraH0BMVryqEkFbi5eTSk+x7qrXdnrppMUPxO
3ZmLSHE+MWmHKHFeQGTrco76ritfbhS9GTw/OAF8ApkLg2qp6rITLtn+YxzVMZF5R5Iqn51JR3tz
m6kfv93v2kRWgY3Y9hTpSgleDSYHyqCPjBcwJ9wmhSEdQZiCPKNwkhAuTOtNck5tR8YS2pWaFIhI
diq2a88WJbxD3CkApxhCLfOXWY79lNEPX121Ddydx+5ZGNfVV70HqopwoPxhasUThFZ1ou2/ofqH
2Iosi+wejB38FawjDI1IZoK4hrglv5oEFX52XjbBqAjHnDZIzCPYoQzqAXVbKEL+Ucj2XKFccCgH
FiG6/A+obMF3/WgfBOCxlAkxlOQ9/gWzGjZona68Qp9ODfSv8lsaRxIKUTF8Slwk2Gx4rtih+LdY
t1grmcuYgiPiN+Y72xuDU6JDgkIsqZyunLk7lrYID33KH2qTmGSYXequxA9cBXDnJgchnWF4K8sD
WBvLsCgsv8qA74uYkMJ9wGfEunoxoVXeE4E0vlZxFMnGmMiE7wLBAzVFQkXJsaLHH0FF+gemiDmc
FRFXLG3x510SP+5XZjuTAZG9mBrAj2EVw/ve2D6kJwMT3OblVkzg3bIc5avfODjMvrfJkYg2F0dH
Y4VforBNWMBC6E4YR25DRk86VeHnuW15YPmLn6LevxWuHZBt/oyhM1/O/yU/XcxgG/wuHF6Q0TzD
kYgbE88ufSCZqAhXepXjVDoPImtsE3FzFDOiF2JvgKw+J0HiOya7QYXMQvUeriE6FbqX6DefJsz5
mMKZZTnqM9UXqnNMH6hpH+tdblT8nUgVaFY09dFTsCy9hpgWRD9DGcpUL9mmuAAGxgFmwLWRpPch
OyG7HQR3N2SLhihrD3oP8UONPWyuMhaQswliuKvfGE0WC4rb2ES+PVq1uqM5Fx+YhKk0SG3hQJzH
GQXZ0G3/ap1hl410HI9kY0Dy6LhcNb+rHe+I3RXDjbMim647/t9I3P0V0uojG4SpqTaSLfIuLQ5B
L4Wr2h/g79SG0CUoBQf6hGA5WZqoBrjPMdoSojveG/x8dPNQ0DibKaRvys74ZT/2ZF7o7BmZpFND
FpA87tgESjdbRXtbSF32k8eRMN93FcgIkoVhIjnxzNw1uUTSDG3iOOfE3nIyPnwwvsYEMTTq8dA0
kgFiS7CHTntgbxKL/LB1BDF15rB2wMcIVmx0DkUvfvgJTKJ0iu/JbUJqRd5jdSPIksYvr0c1lcx6
/ng0BcJXMmxEXTHlyiF17Xa5r6KzdEZNTB1JYZtJ0QT6Ql7jRzKeesA1YUysTjJVwOs176PDvLhs
I5AxqsNO5Ei2k3sko9Z94ppYyLjqU1tVraUp9Mulz2lAIW5mTu1cYuvmEWDjdI1XajM/AYt4Y2w5
8+jnoW4m89Lt5sw20AzTpKBt0Sk6yzBPhctS7f7F5kE0+XfMK6h2/1aRFb/KN4snkluufp1vkH3a
fU1BVHfauuWzuZYUWqZxKkzGDLXjv4Q/CwaQWao1daZErkqzdTATuZXZpn8UEot3bpKXYJDtp1PL
gEBxH5gypBhmCYtZIfklTOOIto3aQjiFgKuG0fi29b2DX5JgG6fhplJsW1OoIY1rcCW0CgpXxuqw
k220lsuKL4RsZK49rUrKzpKdveSdPrLoRiVmRhWL3MNidXXJ4zsUzbGJIG4cuAnTznJgqeIdt14I
Cp1klDkUaTGxnAE9CW+xtactatEv/ocKkz25S5PEK2p3zj1KSwtre6Nrvm9vkbmVerhMjLa9DWr5
FCtWtTE9KVo2Nuh15EI3R0E+miaUnaCG57ioS8AeANXuaBgT6tXW6O1QyCrT6+yp0i5UrnxfLZ/G
2gR9Paeu3AKMkmPRfOWSy2agY1g4oT4Fta65FFwFA0wj30QNet/eVxHFHxZ4Xk6PId2WZ7fKuhyX
v0w3bauYmvQVmOdlLcQ5+uLNQkm+gVnOwcfWIEs10ruhm888itzZeqGfyUyBvKOjy7yLGaUpFr4u
AR8OnAMYjWhlfE7n1nKDcd1RuExMu+BrHZdN7RcVChobFx99HoQcSZQovbodcpvJ2HlmNQbTLAIa
4P3qSjarYueBF7quUEsWeCk9gFMNKMfr9hksBGfh9q00iVsqrTO8lHMVF7fsiW8ryleRs3770i7/
aNqPuBB2MDwQOW9kyAOHbH5OD+UHhv2rjJVN6GvLn223fF2L1SFzm7eieuSDfNwdgAXt4yPfGi1x
q6SYrwVmc0mo3DdqWUsAFxzc7hbLHscUrCZVLdJE+WjuDHMPaarIHV4eeeqi3/dGp2srpd7xtjo9
3Uer37MzcRN8Cgo381R0kL5W0Vu0hKptPQz20bQ9Q+sT3EPEiUkSCYe9JxkX2Q5pPwUeGRL/ZQpu
yHb6By4jHwO2B7zmIJF5wryXo4yQjFpeSv3Ikoe+Tt8G5i3weRxlbGEE7sM6I6ajktZn5VuAzmwr
3e+l1IVjR2iAcDwQNuTaxxcTzZKiJqgi5Cm2JjWJezxPoQBeADVHS5K1iZQwE4TEgJ9rJE8VzvWz
X3KPGI26bdr/XKBVs43nBg4DIPd8UHMaCd2DfsJ9U00b+AXAgoo5MDAWP+op8i0SCMJZ8F5wHtBc
0GCSxuC7kagp4im9HxcBRDzGJwLpFOoWbgs0mceVG93DAeShoV1hiDgrT4DGLfSd9w2M9IN7ESVB
JXYLqaMTuIgH3wRIDUZkC40HBsK/I5+OUWJ74J4QGYB94KASelJQWoY7RzYmc4ZYlpYq9QEYYKWt
gqPNUzijccLuL7ztZ2EY6Pu3M7FnJhRX+/f6mwpBYAJf3Hip67JvesEQEZEUcL5Snb7fY9yCr46I
w+j5Y1Z5Kh6dr0HelbM8pw1fLNP4J1aXdfjbLjM0Z/XT6IP6gBbh3EJOG3cL7dGrBkK707tDV6Ll
BX/Uq3YAYwbhh4JSEyQd7BeNaXjnZfIAv4S9OoAbwB6MdSdc0yRsBK5ol18S6sCrIF9dGJSDR0jq
AdQQ/sGJ59Mt1/UbtMcOmEmH/uuX6x8Qt6tGy5xUfgIbEEuPIwYkTWiRNdF3ETPDyMDAzLrGGNqd
1j3PGsAd/iAaGLWa+yErUp8POaMDEV76UKpKwrDRGAqXwzRSb5IwwvRrnJUv1iehLIANHD8XH+U+
5xYV4Rz4avBYNzoG4oqRM03g8D+GZw5wEmjBszq9ZZY9Iz7UyoZ4w72L1xvfmvNLrxeplxyfa6fZ
JK+kzCbvIN5V9cH5HIwhgg0V2YbQgHQ7iC2wDtJzspv3GJfmBunMcHkXIM1IGaMygBe++jD+1bYm
/QtvDvbRoBfIGZRBY82cfkdVQD+D+rV/wP8zNcg1VjAsZRf15GgKYxagpV6c1KLqXFmmt4Mki4+Z
/jdYcsxU7X3gYgl7FSgux+f/iiYDdmcoYZjckXuDxObwnG0sEYAfsqU1mZBwb7O4ddnmnXMdf1Gp
3+XdR6W2LOpAWip4qNgr+02cVK6ioRiiudR73k2p4pWPNlw7iXmctW7WEc3on0MRN69+rfRowq8m
ywYKI3M4SkFaX2lfpTjSMQtNOQfJ+9hVRTqVCYq9QpI5QhhCao5HsVsd4/BDVbMQAhy/XXiXvlx8
jIlmmqMiFRMXCW6FPN3Q0vVAbSMmifyb5UrPEv1v0bZk54DknDyafZdJx6w9sE/lDYoFMvVKzD4N
ug0bZ1Co8CzU7XEAKcehrFWAc6t5XRGfLf2sa468VmMVxLY8VWOO+G1euhm58ezSlF1RqhGGKwf6
ShQaUQrRJXje9kJ8CVpMHW3BLWo8lS1fvXlUM/J9pKeajZ5/cXQV9B/pjQ16FNrU6vodeeXxHM6U
M+Yk45l7ldDLNgunZcyp29v0+k0nqwKX4iNsx4Lf2TMDqhduCamU3l76J6tiwBdGTRjzqE/YbJJs
5KD/CqOpMi7IZKtojiHWsVAhU/1cZO3Cm8dO8hA38nCSylb3xiT1i9e/2jcrrS/fzeNO+F+6BSeY
KaDndtRS2obQ5fwS6lrGtpwaVl+LjHkGwvcalYJGI326njBHwX0kf6p/w4uYVSotDST05aVjvwOL
VXRjoBt5LGFHtQ9dlnXD8EnSi8ADxCqlBCQgWN+jNwVvrh0cLActZrEnRodx7yetQhONzflGOpIC
ulprqct7U6AKa4u7rbHn5BMK/fQ5tBzT85efJPBAbpe9pHlCwZ8jFLrLVubiGwMlmFRKTiBC0n0l
vkm0zHQSW0W19dsy/0xhthyHcHFZv36iW3dXZiUyYgZqbiOrNS46Fig2yh69PJocF6CC+qx0v1hr
pOGbaKJLTCVdCdMNaaduYXfo98Z5Z5+1wM7WG5CsTGdJtc2gj0uh0LeaHPemXrlCj20Wnt1up+7s
LvdbUZsdT4V/ECtec+6daa9xOg+jKDJRbpGKKHiV6alWtaGUS8fOUldacW/zUemA6ThgRrgKcmMB
R+oQ+h+KiGNXBjqqiyN4NldKlMeoXNXSbpF1wi81VwV+OT01OiS6Vp/yv3M+3PQERmTW8P/0UtR+
9ICUqvBIFQ8rLcsxoYMsWn7HG4KzOwdUfBI71/Ts2kKcY9bj8Il9CGRJr0nMEOPiHSfKJLQnSSXd
Fvk/OSy5L8ia/U2J5vg/nhFIgsWAecqFF7xGSS8hR3jERbaK+aDYltY2gqY59dvYkFsYb0H+NX0g
UEXbm9g7DPzrFjYWOmFr7A1xaI0fIsY9wPEgqAhUlktIXFWEU4qN73j+WqY4xpwn3dSPhGRZKFOs
PbDoV7i0ZgAlXrBEuSvAe2b+gQ2GId6ETp+J9rZj4cS4xvsevAVgCUHdrr2fCpTqvpg+pkz/zuWO
lBc4SDxD9FXkjKeLL1XMVUBJflueSG4AiFIVMOF/O8dcHjGfIllqvNeNnnAWvgabW6wjT7Hnrl/j
F5tlcF0PawQLHOtGroc5txCfixAcPsDh7q+OQnhfqdZRAawM7YyqD86U5BGTLp0tSZBYsyDUDL4s
wi2+AY28QL5oqEfD4O+LpjWUBgI7+uoPio5v//dMJ67WKtYZaAezQQ30POgLtAPh96Jr+mYWKdTn
sFXvOMTkAXs+LZ6pD/VaaYlhg00fdx/lirsurC3NBhw3ofDMEm1+KY2f14BgbiougMkNI9xvcw4v
DrfyEGwPWI2kJ0Q6NJcipg5yXGgAy5nisVpgAK7R5gNHG/0LkzPI14B78Padl62bcEJI8qa9oqOP
WE3sCgg3qIs02n8A9gg1CuNOFwMGhkAjBLuQgHrPN29mCnAVTZ8u918+NFSrJDKr6jVXUWL5BKRg
jVz/Xocbka6NV7zRDPA5hJGBvL894GLWBMt58EE7QBKTV84C3xVSDMMjANbgzwRGzlOgIDuD9shh
w7+NDUariGO5Il0MPddb1b9VO8MNmxX8cJgRm9XrbGNW7uAg8/a3p3dlrW1RHLrsxz1egeANTAYD
E4bcu44yRehWU2dTTcU/1/QGOo9EFEOOM2fLtRLIPVBPEphqefPqzAi6o9APd05gTwgvIHszeOG4
Rvll9yUGQYyKazkxhXRcAnnXjVs9PjQN25o17XcRD/TpOQtuUjYoL1Jn5XAIt0r9miVIOYhh6iz5
o4U/juM1KyyneiPzUGSK2fQvarXfNa1jO4B4D+wS9U5vz2gQXYxHHN6mPIKAvmNfuGBG2aXQKP+h
UCfHMf6QNFKEdlCO+FGWDTen1SqwkCWcMC3LNUpPemhKLeC++O6Ea/KSafmGfgcvifyim1Cf1QfK
Jdkjo974B2yfRULPc3tnMcatJLQJfgQ/hfcJsciII33XxI7/IlywGM54PuDQbHDLWC7/Og41XnkS
48tTs60ntpaTYl412VqYZqqiys3fNCJYxj3Fnlsn03STdRJbMvCJroW9ZvdJuQUmEJSvcB28Ckb5
Ml2iSsBcbM8YZh0E3XcXz7bL8Ap0zjPzb6nFZmppWaJE0bTcZlVqX9kFjGE12Eg+IuCu+LJ7lQC6
MkpOSsOp+ezALIhXxXOqNC9aFolE+KprLcRFfWm1+YNFTJIKKJLU2TwxaH+W7cTIpfY07CHXqJXj
RKHiprTMunYirYio1bLIKp3Nhm8WCBVNGsJf/UXfpinacN9uxDMtes9+FSxb+ZzNVd7RZiGxxLIK
r+K0pNemLhXWAm2dFBW2IOgZROSOR6t6P9BvoJwwzTnu4q+w2eW6945eDiWbbMr2Zn0q7+D+AWaN
zCM0sXVOEMNlx1qx8sX4ZGSa9GDUjds070G00ixx+AW/tlUq8UTjCv4rLB2dBVG+bFxXir65xHYg
TC/DxGHLRi2ZiSZzIu/k/9b+7Uf7TqHMMMNAKqySjPkSPIOpMNUadO0aeRQzbCqbWOW44P82FZN+
1LPQoJWhzF0jmsxW1ah9OS61s9Gp+hf/DZperZceSK/9+UYRsa8g1JZsET5LLv4RS4r9r+T1zFFa
bXE9MOKUzOKrxKpm8Hng8rX10L6yYd2XcOgUgl2KSWb3xlYzlc6d/tLR1cOzxExvdvj7oJeoI42q
0Cj3RGvTuUXZuM/EuhlmuiAANDWKA/C8gYXOjJtp5ZPj7F91y429LdFtq90EcMgVrthT65QsV9/x
22q0gxj6cJanCIuI8yxUXJv8Sdelj/YxBM89Gzp6MDjIaVo0pTpaW/WztInCvXtH6Q3KWX6i6z7P
2WEi4Lz82VjiDMStJTVJo2fHSAnuBtO2nNTfaUtkpyqr8rPZc5Nj1XeXmvavZteQmmrDTPegX6Vj
gJV3frelLAxLrEIPI2JUn6YTo5HNOf9N3PjJ8NFLhApR0p8tS9sO4CSBol9gxGM4c4h96iUZLsmK
oluiw6SAJqwHwg/ejvQvqA2AcDJmeYBBAel+hT5NDDFpW7c1GaodIqlP0y+WE0H9bG6YKdOrO9UG
4b3sPXIaUJEBJrxgJDQthPU0rApCylZia1SR5zjnIM8luyNoBTgscV2JdoFNqf3F3TkwBVN+ED/w
SjQYRlD52oOiPdONG8PuoOIq+YQ4TXyp36z3lHhjm6WAx8cu7bWsfBxCkBYIW0hOt+SxyYDQAIKq
Y0qyZxxj5Dw/keIpckYz4aTIouKmSmWiZOlbWSwwCj8WbPAuY3fziDk4vfTcoJgQMIBwNswdUC2l
jjSTUZ5A/ybwbbPcEKfgWA80O967xngYVXqiPazeXGWc/qC0s5sKGm7RDSnz0k7z0zDhpzlnyDNM
/gJ0hYE+j8+/+dgF9PAgHn3wfahOyMs5jMC8IDZ/yMOHcWgI+VcTFUE72JVzqveQHzAvvMeZr/Ct
XBI42FPU/I4DUgFMViZFSqxxXxUWXPXBdDljwDDMrIgsTKBRZEcoI9bzAtaAh33CfXoQQUd3zmfU
zVACCJC1B+lpd2ES30ks/++a7sheQ13GawN44xwXYSeac1w9oF/UL8zOGb9xB9P4ED8nL7FWCYRv
7xVse+5CQjjANSLdRChCAtjjm3l5Y7oYeOx0TVGU74AOoAJ8eI2GdfxTsVWmXe/l8NrUZEObhtpK
5VcX14qFQZsxCmfmB/dtTz2mPwJeQgIp99Q2oiIF75C/KnmyH2rq2togOaMKYspvqCr8GmGkeopk
AEeELrmsOesxOCbXhm0a7xt15ZkKk6QGc9pptfotpznJ32PmAyblMgdeO38HJjuSvrglanK06Ecv
EcqDyuAoJHVnrqOqaCIF1FoV95Kfyn9Nle7Ei0Cr+nh5OMY6py35HsyDWXJxgn2PFfq8rsl8iRXG
dsji60/sY6Bk71wde8FGJTweugq5nah+LetmUNA/SG1P9ecZzAt+uo0qq5QNQdYF3q6nyiNQI3ki
EpVJleeZAdf57HnZo7XIbSR/M7ukuWK44xFoffl7J9upKIF87VQkaullDxuLstkou5aYevORfmKu
QqUIUCdRzNIL7iPmS3xIDY7pVU3PyZaW0nof1C5OSGocwk/EVPl4NU0oPYu1K3HlLPu+IxqPZt2C
D+gmtL0SE2UaHq4mXPpId5mPQM2xfcopY5d06ZWekx/k2qW5tMfhtVZQJujE2jXqTXqcimKsdElH
nX47iiOIwEj0laVYNxJizD8yLxp0zkPTVVHoGKrqES1sIFnPrpOIAyQ+jC058nV3Ul+k1ot5xsrh
jbC07XXq5uaiSyT+DDle4pSMvgi7aSfprRPo42NZ4JZjFL7qm+qdlaTqVjt+VkCttAFynP28JB6R
vz1H4q+yR2ro6osLhA5razXxzm2QFVIkTNaumpHHGTUsP6HNPTZU52kMN4rFwq5TvQBLE3Ic2++G
I7hjPAu+qFMd6gt6OTeWdVZ1G3ezTafnjoWMRbLnfqJpY7oMuc/PcheGu4c76UxTnVtvDcw7vmyk
Xb7thvrP7pvKI4XnI85th3nnVf0OJm5xaIzlwbkS08orRnRJMVV1nmr3pFa5n48jVy6EfFobCnqH
fRV0DNnhHOZRTCmgryJ39fNGcmO4rboRXhmaJnv/lI9jnfFgW2ieOvPIru1WdJx4bcl9Ik91tqn7
a2RiuGbYa3mw6EJfOkPfEatReujED/bBfOxp/RIX/kkmVTOxEANUwp2yQJ7Bkqg6HMJ5ZdvYKDaZ
hRVxf+h/E6TRntQ1V5JTx6SxDRKJ11G/vQMd1NR0YW6VeYOiYY+VMGJKjHpVSOyzKLlcOg9blZb+
8kdNoy+B2bOkAl9YDwhelTz/LPa4WrrXd9YRURDNrM92sCzdjjuSmWV0jxX+TryC03nAHSeXub3W
TOQk8xGZOu2mRC6vU4GmsgrZWHDcYYBb4zpa6FNt/W4DPE/gpXHlahj6JX8BXl2sJ6+Fk3GhnwgN
/tTOfHAZu23HQX2anwpXEQosmc89C/Y0DZTRKn7lvtOhcgndAUdJQg0iH42mxlKuY2UrupY22gym
QslskdzKltwMtN1GlAAXWNyCl8yE01a2Rg9j4crQXQ3r4vl0XIPWLTi1e5eft7xZhqgAfgVErm0i
M1CkbM1sAXNVonWejpWozEUcjPhVaqSUQ+FW8mQ0sDno7MyNFx3T1CRWmpbo2vHU7Yh0JnfHIBSD
T5RBwJ8vTfwlegLhSNKeYNVHNSb9whsRr4DjgnkpzhU4zJtr8nXj7MrAh3+Mo/tXFzdyAtA9083X
RZO9sl6r7IvZsdkSTUMLdFsSE12jNRvIUrhTY015qpKUuRUYI0Fp2qvSHAD/MJiQWsDMd4ZceM36
l3MAxDjkeMJ1guGVtQg4FWQ5w9xF9z9LGSIzwUwrQKl3YQq99NVL2+f3wH9RMe9yZXvB6KInPrAS
vA1RBOJS6wyYLdg4y6dA3yvBI4QCoC5bCbPUR4AluNJf00BEz7WLcsEIB0ldTNCjZkr2hcAFpgEW
3X+Mu4hmtkePgGpMMjsTv2/omxzNe31JziIGn9uMljGqFFj7+qk6tCuww+T8W4hQ0/9XeYmRc/4P
YkzrURvGUGxUjx9aE/TKX2LZEgKAFxg4nyp6157UG0N4vmhcxR79Nx6U/2c4akGZXYEDcSsgHYaH
3UK65gf1DZlq8ivFDYMGagahemw09C28tXFOjFOq1ulFpar/375KIVhiAF34WP5tfKA2XE9Yp+Jb
f58QWwC2uFU7jO4IdfCevqSqljEeXfisgWqkn/6aOtbJXrYzCqv2/m7/eSzMrjnrnBpxuH13QVsh
u20ZTC8x5h4OB4XVnJmy0j7ZtOShNIi+K5FHgqQp8gezY9hHhKkBnNEK/WA1ziqPcPhoUU/9hTpe
6aGNIfwYniSnE1zjWjmlPbpZJkOAWzjXRIPYPGzeHRdt5NGNXHnS+ccd4+iktaCdAb8Cfqb2TlKJ
EbxFBbyk2RzxjcmMWV7hcYFhbHgrJs8w5ix7mMxhYkLItcB2hzWvGVTuZNwp3ukCyZ0HyC7Hio8v
26/rUQNa88I1TAQrJPw7EwmwiB8Jd0JL0n5G+CGbhcjBv0qLRpqVvfqcb3VFJ+jZSTL0RptvhWSz
65dvq2f6MnkEkC1H1EC+dDwcVLQmtkdlQqQ/6j5xZ3VOWXoZbtkdMeFUZzaVKDNxLi47cWQT4G/4
E+qPwGGByLrIqAyqZRDUvnLhKgW3iozRHCJMudrj2wRq0r9BhQmVS2bvRmWpv7CzBNlAeV6JUePd
s740mrNk6IlHb4F/CWoDqSIR2KhsLJQTRicCTPhXJZtXWKXz5XJj0oq9S93SjOV2VygaHpt9zzZR
EmCVBn42OH6hkbIB//0hpElRwPLJMhKo0YpUgKlgOBYIXJRf+TgjGcSe5WaEg0O9zCbBoOWKHGIv
6qtCqkXtxL21sQw3yi6sb9s0TVtp6GEr3XRO4p15HZa5OVKMW/VfSltWZGuGlrrh+ALgk9J1Swzh
Gzo8y3VBM4lwUcaiKuOSBsBc8hsD7wjVCc2MUIe6Ka9Mm0H4SJVTtseZSbJU3E2RS6QrwinxGaUt
7be+To3XlYb4gl0HSo8QiqkPqq9qkkNZWkzrK1yWPtu062oewZ2FwCbO+cljideQZ7VHodc1/djC
oCKMi+JoV+0xIMqaJqZemRsXSJE0ZlydNpSkFqodKRfgl8Byh1XV0JUFoqJf5hR302HeNvPuLcXQ
rfTeMw4rXPfonubJE/jo2ryazlsOSStFn5ftwrIqp27q/djP6jawyCVmTzn6qRYCPc6t4qav24fU
K+TvoxFw2BgGjUmB0VMAsT19VfDeLShqLUM+kbyGlTGlI1v2awEdS7c0euVcLjbJhPp26qmk5PeS
FfIeCl94nxBeql+g+Fo9nGJGW+zjAUL2VXvq9jwV22y0yDMMmSFBtfepaSakUHE4zVgy0nKwDXIJ
GKGgHrVFLq/epNTvRafNFpYTr++X8gKLxObbXNkLDw8n752hpkkmI1OTblueSW/2GVhrJj5ZKbNk
zW8L4AH0VB0LswRqK5lO8BtzpjK7s8+bQ/tU/aghrF/CnvPqmfWS3GPNeI7ldb7IlJUBBfQe8q6W
t1Y2sjKx+wq9ZC4iH3X/RDdCPxcc5f7qcohNIputaUfqGSam2tbjDkF9uzL8OjIYDr85rklr+5Gz
rXoHW3o/YN3TX9V4wm4cWPTupJ4nEKKZzJddwBAfmSfvuqjLbCEjMFS1z94xTSlOkvmj3lRZCDpI
XmoueXvGgzsoTZM/Y1MTl62bBbGpVMHl8zITrvyU3PXGNPH+pjLuVJY9Lb3ewJ4ps6r5x9HPElSv
4WMMLxOuEML5ysn8HyZXhxWtpwv36s9QKyd7iZkTDCdB3Ru9iF1iCx6OI0OonhS2R5aYDU/9lc36
ppkV1zhM+HJNQUjxUjCIvX4kS7VF4XusF4ATFuZ4UwB9dmkt2B3R72d8zeHp4r5+r3owwKthOGf4
ojDF0VZ/VDBGs3/Khv/C3QK33McefcbP40XLDW8hzSJjyBv2y5ixqaoeA2gvdQXF6uM9E8L9qyyY
Fw3H+alKkQqemvkAOLjj8IJ1iY7O1RZepz/65b2VpW40C9khhfjlL/Thgfaw3bVJnyd5QffA/+5n
z+KMJIXwDIio+LRpbuNmY/MXQ9azKqXvyXYk0oEnLiqG+aHhN/Kc8T7DfDMv/c+AFPhZF9HWoaQy
RKKlnVmrcI+YelFzoG9R3IZs+YNSWLLpt2fjB3simhv/BrCHrk95aMiNZeBbEEeKxgaRSSis2ZGS
Xfabay+htzBrIN/2vUX5DundQY2IMtYGe3+kbkKywbYAmdKbBszsrVbNzRE+yTjBWQ/2GpjuoR9k
4cKZqbLafzKcYJHdEaxSg0b3YmjfDAYV1hvmOR3UXtvuTSzsbMkZFXnh/3ouARwBZElGCf0GUIe7
pOG5Q7ZzOmB75XqmK4UH+7mW/bOD4fWBTGnQhlgb9HUpyiJdVAdPZkXMysW5IbD13Ufz5m6PytFN
7UU/fJGfOqqQACgQ+5IO4oG9VY7pSkTm6zQnNYc4pbTnOIc+o5LDKOV5Pwg6IWzEpEYVF6CjPVmx
p4SycZBeQbSmThrLHmQPLbLDjVHsQNSqLY/9hidGGQ/Iv9OOGtkj495vJSKAtAT5NqANfEaRRrwW
KgfDM8kIlOUGc512E7Stw6WIdEzWHIGTX6+9th+ak7IVtuGjy7aBuhE3Ysnu+VuD0A9szs7uxR68
pAgGEAXkX0RQaJax7yLjIpVnFS2K1i/saOTiUYi/FTNLihhdLNOupQ9gbRIElYYOXtGriXIOaRFw
CNns96B5lSDd2QywemLJEGyBwB/wInCmcX5NFhheIQeMHNx+kRP4D1NpUdGleqvKxGOl/mV6Tkga
u+XYoTJ/UP3Bn5iQMDmkeuZRMjj1vYZ7Siuo/SjN/GS2fFNeuDkS+dXD/NcnasYVyy2B4dZoAJC9
E74CogcMH/qn6AusoLMXtLy17OTphB+lOKRTqR/KmJn+3i2bJqrkP1hVVrmXGayspRJNMmopyfla
xXmZK7vzxu261Iw5zBtWUcIll7woMeV5noQn7efZnwg1gtk1BsBew/+YfwqyEoEz76pVFmU2K7RT
ruNpZTES/ZZ/En+UO5/HmOmUp2Cwp9FZFEZXbqVv9EpzAgx/RJ9mit1GOVSJtfR1raNQ8hrxGupq
iiTnsO0UdyX2MPfkzcYVpbE6dV2Hl8cxiO6MO4HZKLpPJZvLFO1+w75ET9qokQguwaxqvpNNW2Tq
diqQtzRSQT9b4Mgj7aidoIxWTHOo4rv3Iju7jPlan4paU6ZdwbjFd0hOUMYQLz1Mmo5Ia7oib42B
lFfIzVjWVW1c8MREy/s6F+vDTzOuaH1Vv2Z4ZJ8F7WImlasZnSNNr0wx74T9ml7Z2Nx5RXyaI32S
2QtvMvTSGPccKEqpz+qvTPUVLObK/zXkXbFZnH0UWny1fHlnPHPinmIDec/LvOj4Rz7r9uVtDPG/
3hmSYf1GTJzcsCgY9UbZZfgE9ExupOY2ED0T1cgdYVnj3vQcbYnwOV4G9hzudu6GmZbFxnUm2XO2
bTzRQ1JZ3ZSRuZm3jL9TGpfesTUIQvLXVLiUox8FXRicY2gb46XpG7m0oZBZ7xNrKiErvXtZk0Tc
EbPdHCVlqjThkCV+YYm2f1O4vMbeJlWo5Iot+CxyjvQ9lBbLSWOftYXBn9rAuTNenNQcTjZaatI1
x8jqgWW31MjujZxbfmX8YhWugwcfJazCubRD4p66JxUcobHfmVwjZ7v2TF3j++CVTDBWZBVeNe5i
mrnTmuw5Pz+1THZc/iAEnfDC/GK3Z8nJ5GG7Ffbn+dG78zK2F4oN8oWsbVnbt83kjbmf4OX0YWYf
9ib9gawKq6C4pxMVSoBG1ZcsnBE6dmeZ+Rln3Ye8eRvkZB+QoVcwjxkKivhltYKxous5zkZIUXNc
nY320fQk4cPfUH1h7ua0Nw5q3ON7CJncTV5UpFXOtvGcYWsNhBb3tqCCnfvf7UVSEh/+027IbWER
VYtoohvprsue0EJylzdBjDL6q+gsuB+7qjwz5wPVWlvO/BdSu1raJUvaWiEVKyF5uopOfFq6bbeS
/uC2WbFaBdVwP8JaVwVn5mudtnmLDrQoi+yJj7bpQwiPKTgmUZXgd2FTjt8U4QtnPrEPzDFv1ozn
Huw6hIWp9DBxnaIfwB71BIFE+ePOIM087iGnWUl2BmHKSHAHpYA7hQQlwbiwac+lAbiKgkjp2eCn
gkqI+sw5SG6M34O+4K9dWEdyY3K61KdUMk3Hb4Uf6gLiDhJ0jibq5wziirJ8JLWhN2B2aFkLvlk+
Pag22ARL24ueYatH5j6ofbhDsTnIiUMZT83PF/I1kdpkRIQ24jAbXdkqjWsfUx+TAddNnEqPTp9c
jE4NWYTNEuWS7gB97i8LNmXAxwrhHWVrIBdweoTOHnZA+SCcHW6e8uOxkxFeIMtvCPi6NThDvvel
zA3xFBIqudWEPVh1osM+kwB1woxTnTlBGcI/6KbKJy6rPc4JjpqoYw7XnM0J+wNB1E96jc+NiDe9
G2w+X0fDQoDu7n0rdqr8gJqbpVLJPawXGwpDFaKg3l+AxGNs9l6dGJMtW4DcyLEtcsAWOfJ+NI60
guirvYL7zPGYqB4pIE34gK069BxPZuCWUVRut06UYYdBT5a3Ato7JMNfoc6AJ8D25HkvarBDAvdr
4BotSRp9WB6NsqBQu8wgvgjc9j46Idh9DRIzOPwvM6HEESpWzNciUvjR8t8X42qOe+IPIraM5X5w
Q8+xHwfZOn1N6lbIThIDBHw9H+EGN5MZkGv2v7GXBzzoTsc+yVSotSNw5aQRx11KI7kJ0V/HMWyN
lPyNNx0DJF2J9IrDyAvML2ZDCVkDdB35TeUeMLOjJnEOd5Te1Ge0f1F7ZdH7gNzgNwx2RHZw4odv
Z9AJUoGx3zLX1AcAAiR9ReZF8pQrEXqQ/yo6Fi0XMI/YNqweIM2KDAOOM/3CK4uepQrFlcjZzEgv
KVF2oPkwwCjkVtbfp0RAi8m+jQpdjxmAGsx5VQjTqTwl/pFLI6AHOImEv1M2FZ2HFQf8iA8mQ4EI
WwQ+lzr3WddbN3jmfNd4R1tkOoYbtkOrbqUsGYJk/qukiZjpJLssy2iDqWteLYQ0VWZrPE03T/aG
9Ig0T/HmGqH5pPAT4CHFy4cA8IzQbMCRTOhWsFTXvtA5wZsl3tBS4RrgDNG0iXeRX63YM5dUTmNe
m2nI9LwhWXPFLfVCcBL3W+OXrGTMpfdsFE2fywJD8aq+m1Gz7JIIsyxJjnfOWBXxIP+pthG7Irkq
2QHUTpNygTov+u6wZbgKPyzdnYpR653nQ1GtNAk9cSwoHVyXkFrLZRGZpntROdV24yIyroByZtup
h5MVpQ6zntlQaE16rRuRw6nL/nCRHEF/0qcsRMkwk2ej8GPKKyaj0NMIjj6pxEw1uCdwqUkJll05
1vAbI7DpodEwXp5pVjqRe067NmtRi56ItUnVKaWalVGwnbJf+9cgoFX75ftIE8aXmSXkHMJ9QqJV
qOmVdaVr5drBKa9nbtsFtkRqgVtb46/YtSADGHYRuZOTMOKZ8oW6OuIvAjuWh72y4Mqwo4zzo+ow
zD3UpLRmXeKJrmW2Zfp5KmIUa/yXyV4BHcWR07j0w3NvN8sDT0Fb4lwph92X/xt9EP7HepN6EPFH
45PPQCo6xR/TZeQpuCPdwuCWkTSTys/StUkI6X28U79pmBbOt3F5eJmidR11GPM5IsscviHagRaG
AE9AySaAA+81HNFQQeWzXFzbcWa4f3xjImSIWzGt6lX9HRz1rKWqN4is7+9iWIghbGNvSNaeZSN1
iLpK/LVfLCjbUiS1uPd9NUsw0UTyT4teLaJy44dWxVYdRydPtC3u8TtJ9hHJW2pQHSHyg2YoZRVF
K3OD9c7aW2a183Gg4IAjebUrJ4txsN/prCTachQkjdaIs9i+Ztw9HMbBzMS0ALoIJMOsPacooNpz
QCmOPIuiyLOpaa4K/mP0ZJrV9tFvDvc6HTM9fm0ubHTkOA42Iug5kOViS+iO0O3pT/pbsbgiPZuQ
Am/+NNnMkRjQ2J1VLHLARdfSmBvnOTZ825T2NQM6qeGndy5E7D7it0wEldBzes2wUxvbioK34IOq
VmjCeCnkXaukJ2dLMGfS8/0mYvCxADKgmAxVamhNkVZZl+o9w7VHU7GD4buntOFmL+B0Mieez77k
kdqZbFVdRLBzuLaSUl8nfKpmc8gXl64W7v4VdOAyytBOXJFJXiE5Xgu7zohMtroo40/mU+Vt84Xd
RPHnKT2zuV1VD4krBNMmOGM5Gt6mCbpGY29Lpq4zjcrqr7AHIgeSmkhayA2gK3wBA6SbNGd4lOmw
QrQ1agGkuMEvwDN9zAP0VqjM/i+Ecx/bnXad+Hb4DqpPLRUSD58N9qHQdrrqVQcJ9CrhLfyZRBR2
Zbyu4edAYZKPI4iIFzbBq6cS/DMZUUg9gAGjY9i5OpIh0Bm7a6hdMMYEHvzI31GWth2e1TFIHkQn
9Ezo7xDcg2gf+FDgO2gcwyRofubachwd19SlMS/VWejLo27qsMGj4BYK+MvbPXZydoQoIxNit8MS
ZRXGllh7gDZILLxnA+yeCtO4LnhwWTYbpxwTYwp1gLYdBfwg6ZwkF+Miou/kjJHn8CUQcjpvsmMw
r3oslOBQ4hz4i82C+nVULImJXd284fCfreN78CU2L++iHNURT/XmqC/EnwiKU/k9+iGvLIchyZmT
LSFwxcw2wbjRPnfuiDU03SFoOh89IF9WS+QZIowAV/gf4u1Y9iS4IZeWOTvtR9CQC/G471Glj0Yk
QC6OZ+Xi46cxPQva7+84oE5tvNpLzta4ZUQgV5RLFPHhb0zj+NVDrDlszITQwhEM9B1cKpjfWd7A
rSEPqNvGkfuSCAaZUiLZ7EmjykMi8LadaAs1/N+xOv5fmtxDjWou2jlS4spW8AlmTrOXSBR0yefX
Id1KSbelLOkDph1EWSpzrlsIUxLhEboj3hLYU5+TEwY0yFjHWTzYgWs37Kuwc2DYA8XhXbdUYpAi
n1+sZZF1jH65QyihKHv/hCIvesxb1PLW8BVSqwW6xK3Z9gLbhHNIUnTZcVClHBTaY1c8JzTcvVi8
AkFaX1SjNLtOf76SMEPgbb6kNHK32G4EH+RYPZcEoAKzXzU1/iexTMob4p2SGEWulGp6cKXv4sjs
BVaQdZFfwmvRt6Bh9G9uYqKGmXfhJPmhOv/LYiZOg5AhodIIaCKCR0q7xGISVrw5idjFE4lZMat9
27PbBdip+gaGBmMYdR6VF5U85ewkm9RdJb+I3gumi59JjkUTmqpK53TnzqUsg+6Q+UzwsFSp7SZw
hh6Nz3NzYUvrR+hlJhljayOdRxK1JEeGIj52EbegD2FZVTt/pneQJf6y5oLcSxJqyXV57qxGHVY+
JJRsFZslZCNDZtomcqZuJ+UOqVPJb4tvzVWmQ6+B2zSwE/jRTTHganhGSsu0ri0FJa0jXGNtXU5h
sEseeYtkFl5hYvLQM8EmNaoEH+h7tWbNH5TTCg+sj0Ycc00MtW1Ka5pDXX2fbYtF/naZn6Xs6mV0
CVoUKCtP0+VOEXWTTW6/shaVl0TjSMINRh6uAyonXap80Wd7jAvBjL0V5EqhhsGNNE/dh6mOpF3J
jZXPHHu10vrkAXhnWuvWOemPjRfbtrH7SXzkogzUmA7oivaNdsHPmOMuy4LjkuoRHjaqA32R6Zgq
l53IneTvJe+hR0pROO+NU5r2Y+9DXJ0YDIVCBPP8PG1lcOtuPZklULx+dEQnMC0Db7iswC99TRxv
pAwr3b3yI8CUKB3+qsbfY64yd/OUj5IzOq7St081l/Zk+qh52Ze3vrq29fP3+gnFWk/RYe3Z96Mc
zKQkGyhrmOdKX/0xWOtir2YnqOzimVYsqC8DzmryOo555IvJNdwp2NYsO51Xvo/Jtsau2Vjtey/S
9gcjRlH3MWuI+CewwpOg35aq+zRkHA/UXc0w/IPp36Qx94u6vqUk+5vK9l1F0hQa6Fsxj43LVAOz
BctP1ZH44r9+7jL8C2Bzt9/cbBg5hxGyOqMatyAK1Vn+t7bkoe+5BXtLdIo1ZGmnclpP8GIfhu8D
rxzfuV5CU/n3VjU8q5l3LvPYr0zQElxY3mm40x7Jdy4z449CY9PbvBo7UfDGZBhRZ5XUtAZWTydV
YJRn9qZXwigetkaWc967x2vU7YjeCw5Agpk+wrMKaWQnIreUTwFqurqoB+/t82+ksVb8PvzDprBY
kUtBhoglqLAyPRk8+WaiP7HL+8M8VOxFtVS0Fg88IkqkwNH0dUIud05TSQWrdlJ/NBsTPAhrulRD
v1E4Kl3/urgr3UO0i0Ox5O0kMnC3ZNpVJKF/k5tZu8StNHNOujKfygkXczIaChq58rmrNZV+70bt
hZ5Gwokaek8Nj9qv5Z3XrtH62i8o5czqSjsgPvC2Nb0x0lAdVtPVbAVaLEsc4oJKNGluZA6qN1gO
DouTnYYiRo83nr2zGZTlfVYJZTE2LtMykFGa/yIxsx0KZ0KGHTSYtnrnlk9hbOuopiexVwoKLtUG
LmPFNr86BOyBDKDb4LQFqQ9tgesSco8U4mMzA/ZCSYFv3KkM0K5P5kLV8rNAqhKAvrPv4ZKI8OjQ
GO0oviRHG+AwLY0NnfN+Sr+JXUe/1DmifiiZ1XmCq2DYLMSObghLPlu6+SpLncr4KQcZbJmOSVrH
LuSBL8B5oTalag41tC4/Ph96B6n2YX6ZiNF4qN9DuYf+hVdPrxyGHMpW105CJnKZVxR0VQNSNfcp
h2+87M5NmmUjFlhcSm3jHuhsZr3PiZP9wPs6qCDrAs6ReveDD15FND1E3esZM9H9c1AYe+rFf/Jf
+SaSZtgWqw/pwPSh495UhPaP7M1nfNCIAPcp3CbSichhok712iDDNRxBnoXNk12Z/sHiLM+YawrN
u0h98BI+xYqFllXTOZGxvjiAvWdlvEP+s66AGpvYeR/SsClPAxFd5div2SfKBP4j8N5eHLpC97G9
OKBJSNf0dO9YdMUpiCTvmiDByqXktPdjv1QGwju+qvYdbiOebzkDacF0/VExUDoOeKg6V2sRxh9a
RfZDD64XKsYYgLlm+siOH5It2gju2sjC0ChUwAEnRHw7xBkylRy173pqFX/bt5VQ20D/7qrUXAh4
m0+v/h7tu1qv0yVxP+GquKEwJG1eXQtHZhrF3pIcRRnNGJO4U3tDBGzPGkbIuHde1FzA98YnIf+M
yCuhQaM788D4Itbx2EqIWNT0Zc0ivZr9m1wbV4NwlcIj/0WCU8lRExHGjd5ajhu2yXa9YZaA94vu
FeVkOqhkoObKeBjKLtNHta1npdxS4UsrhpQSTyLGDYY1DjPus4c8CWeWfY+tTeFFSgmKaJQp1JJu
9U5ox/bqNmwSntSr8SbuoLKpUpVQK4dmWTJBlmHgbPGudqr69UN1Sb1RSNdZI82YJk4yTpQ23t75
b2gmiDPaudC2KRyPbuXz27lGdnQitQKARCK5uLvzdvPq466GeFdbZlteRQalT3hPBQ9llbJ5Qp+3
eZK5Ighjfwkryv+o7IZ0xk4Ay9vr2MH22Xn9qYBTD+cOVktvSZ9HhxbtEGTeMTWqxAWB2OKkWZFr
iaKTd4c51v8t0xRLPjpxplwb6xhbl6gL46nCslRTHkNY8MjYuZt/QsEr8ht2R+ciaWi0QiE4oHdA
2ee6Z22nLOYQE9YBBohjT+wtXk6IJG9GI6JAnSi4BmeK4ca7pYqWMCD8LUaZyzlQYTCdY5MzqVdE
a1wDXmdMVxTC/1ewDZwZeVO8xrlk76Mf5xzUsgcWRj0lzr/PkbDJNtFcFELkaxh2AcSUYRMANkW1
pq+AQxYEpz/SkLhjldMSBsYNvCfwhkjrUglP6gayNL3hPBFTBZvtEt3ecGFsIXlEuqT0EPaXMoTh
8/oP4XyRnu5ekn7hf9TFFOKL25NQYGl2AJ6Yvr4o75ENwXysLuxJw32AvuPcBPRCiepLoGGOtPVi
UFHQ29kZhAiVAV6Kzsn8J2WRZPOPID7EPRx5IvoWZcVh7l3W4ab1zsHfblSKu6Xth0yUXhXzIXYr
TSs8le3XaYxo4TMTCZj8ZuwtjboWKdlhjUQX4B1/SU/4bh4hjy7zL95Zg0BGUJEofwU2g38UbEiA
hciVvc1rSCmdiV9pz8WlyljJbyusVlPJrDvsV2It/H17cWuTMfmF0J/tFAo5A3/VOWmRSPkt2Epu
0JstcQOAA1Q51EZF9p22BqsaCiV4eV38OMt2QUMkK6GU0cqcQ+KkvQk6jLxFe0rqMugeYilq02Ym
YC8QUzQ5Wtj1vm08q1XXgwDD5s7OqHdMa5xzKn4J7TVKi/GJqlePzTuJQataF74VC6MT2/g+hlm5
PqqtI7rxbHq9w71YgGrWLigGJZNlssQXMZmn3WPtZRkXnLN8hUVd8BMvn1W5UZ5tDhFvNT8NHt15
eMHqZaCaR1/XW0Filr3keB+LA9ImlfDwvCXUDyKMkyls3lIEXypCP/HZXJZ1ft6/mjGs/KKLLb/9
HtkqbNTsEYnVe+iUhr2MUINgA6hLAeGaB23NYjqhevRi1RsPuwJU2hiDne0icZKzHoEONjqdr/IG
jp1KX+UIub91sirnEzjVWxrsdFe5vYUQ71GgRygx1OxGwyhG8q7Ibe/svaPamP+ESDTRkkHWN1qv
FUPue3wUMoQ3bp9JpEd/bZ09Wqr6oavTMVc/majs0nqhHqtKXqSX+FB9mD4zB1CRGRdOGyOF4l9O
t1I8ODhSEVOAH9tX+U/Y1t2yei2hOtt41GvIpJ2iy38loDnhV3GOzncON18MK8/kdyhXBPXePnNK
VQB1hmDbWIbNJyObhd9nEkBo0Ww1luSjMTI92rdYhhOnryR+EPPwNfypjdGJAa3FDvDHFkeLck02
mKQW1ppuj7VHvrN4Wvdx4dKORO2G0wSdIqAhzfL1MIjETTruPvgoMj4oIp/1uEIs34N8IVSvuWe4
IfUw8IZ9A97VW5EdIJHuXukOeYqJLIAWIT+A+YVz/bvB4YRazFJKaASrmmzNWo3WN3iccg1bOEDU
KWuJzng/6X1xnUEdkBHzuCIYkpp57bIBJCWO5xT0LaoDd0Jxo73X/Wa7qJkF0XKnF4jIknNEacc5
84IFb+c8k5uxU/JigEDklZqy/LEXKq+lLMwY8rPtT4Gmw7LL5EFoYTlxSYeqnIzO2YJ5PdgPeQ6b
vBGOyDv0BBL7+U36HVHwNr3a5+/THdAVriYNeURr4e7OSosATfQUzgr8iyWXsckJMf1bBXr8M86J
5j/65fp+K/n3gaoJ39qmxdhF8dAy+6seZfvBEDSfxgyTh1VABZByokMpMhAmsdqV6SPRxNJRlTCc
jWMSpgILTTsIcUA+ZUGGl/RNIIlKCe8UFvGm67vpJlD73OF592lYU/kwUAZ85/yAbmO5FOYBGA7d
UL6Dbwmzg2tCdch8w9r0TeNXIBgs2E1gkWasiy3k6Qf2nv0WlEeoTuGiZ9hTezC25loSupDa+BRn
+GT4idH2te9PjfFqQXmZP4BuAby1JGF3/QECYvf/BJoD/kitRbs/T05pRGOnT+Jb84Pt0T/+LWNb
U6ZE7kp4ymUFfOR4BAkMzaKLpqvZV6WgXo+8M43WbTsME7NF8KUYx2mj2RLRUc+RRovISe9Kqwf9
AiMQuQrtiXtI4gQalHSKM08nP4MtYlvrpmZ/A3QxuhGd4NJC8YkVHRmsOzxjfds48o2qDCKqclTF
uvO75yjxc5Z5D/fI+dpgDfKJlHSmQdMtZhaNHMI/C50sjWMEYu+TXkGg+qcdUwRf9Bckaw8WLYMn
4wrribJdQhxuVDs15xZvcpP9sDGiKMytS/SGF9HzyZsq5V+DXcqvis2SbfIrkNlx/PhVBgTiRbeY
BpdHe8wVpS3XWyysNS5kC6DiXMJf4vR7YQV08pqg1ZC9EIQLeYklFccUzRXMzKmPlBcZNX0xGD3T
eNhpwEZDESfzpEkM55xoG/EWXJ92qJ9tRH2wrZeNYBxgzMKy6OCc+DL9S7788J5T6pCZp2JV2yDm
VnJIeYiAldIYFW7g4AdvytGB7BzxntiFWG0sdYrPcHAlMXOFi0Leh3pMs69qb4sHd1/yeHoIek97
Z1lGKxDZPwgWTguBe7CYsFeQ/kmjxr81uqiVl1h1N6uKXmQLsZWJ2Vb5wC7TWQdfz2HSYMdT7veg
5k7vTNSimpQBf2IU+SFw/u+EWsuG/zY6pADFDbxCwrUMhCD8kLCP0lksYi4xTrPGRSdzmlKTNJ3q
I3c1T6WMo6jTermMsQyvk+0SQqYVPLezVFMLARUUYSHHh6D69N+FSqVaLY1BWkTdW/pDzFVYNQEU
aUqJK0gbMVIG1ued0GYB3iHkqfKVNJ5kYsa+sB/hv7G+ZUMVZpPZLNmt0SvELcW1YbceuuzC5vug
Ge011VkAf/KeirYsEC7qy65MI36WU/onzoppv6+rWFBAc1T5nHlQV+3WWDI6uC30aDGaZl9jmGEB
VyrssaMtKFhugIYEXIxpInP2UyW0zt+o+aPg1Vu7xL5C0GSWCc6JDWx4BbEWeij2iprbjBVoGPhj
nKnbMODLdtPLOJKQtyvFMaiQ5KEy4po94Vv1ef58iqv4J4lD1JwpVyux3h57A5d48CkKHwjJvH3v
evRnZfnom7KmGf/r7FP2ouB/M16fB50KPjJbVcB3GLetN7hn9aDp2Q/yapUTIHhvdRPY3x6dwGm9
j3bccGs/DwV6TgYad6zHCAOXQsgzOnHArJ10Yf8OEmIrESttiKruJfwF0bsJ2IAXqRsrEzIEI6Qd
FJXKvpA7etgnSKonBtl6rKNvaVHH2QupXC1px8YQ+YMpv9R/iJjhl96LqjcLlpk23NJhLOXlLTeg
ZVVIHGjZ4JLsOhTXQkfBw9/CdZsWYyqlUyAcBnHjK79bmH2bo70w1z6eV559pgiOq3I2qGLgJyOg
4dvsZaPVszdbuZne0H9bwZlp0UxX+QnVcd2v1uVUHFu0ovU4OEvBgsQ+wVJ9iuKZ66Vpg34gN9fA
CVozlab4lqR0dafzF7eOCsLCLY8LZ2PhbcP5D3Mz+8o2lqVtnVApsrMtVkr9kGkTjxVmFKmRQ0JC
XamVwYLCVdTVzh9HLd4HhR26jSvsj8qJ4VOt0oK4YI6u7Y/MgfoZFkZqM6kL0yfom6Tu3wNGC0df
ZEPqa02+NL9ZdWAL+XA17bv7kIYsyaH/E08dYAqWLi1GGC2dl//NNG96clxO5o/aIut1Ura0P7Ra
nhKUdszcJEeiK44fsOVMtgg7YM+LFdvuNC4scnzTY/b5GYqcL9wDmIvcL9mob2fbfg7/yDuYnOq6
OhkCyhDPrKlxAVXMG5mlwLvcgM1zWKMbO6xyrvEoSf5usVi7zLyBf6874jPhPdivZy3nDdFB3LZO
xlj40mOgPJGFxq6beqA3jx8dmEwI+rco0JLo0CZGHQaEe1F+ggfMgthCFA8qx1b6DG4451Hik5j+
46BcCFX9DCRjL00dhwWMr+JuvDHcr8Guar+voAwvgjB+6VlbgMtw1QcdAcLiQmDCvMKxFT3BNbwl
2DVsaeSp/x0x6Lkfoa+ZZAbtMfcA2KrZsuUI7Szis4VRdBve1gyLfD2sWdS9CNs9NJJMcB693aIR
IaJqCnfmOjQrE6iQN/gXOHM8MzoewBzB2tCcUCZ5SDjnuZAlESN6rnBWWHfwhlRfbKaU5pBzQRhT
Wb2tIRgkE4dR/VEKhC5M22y7hH4/n/0OwkZE9Di7BJOF+CH5BcWjoiMBB/AH8Qd0B06IDKZcb5Al
aE9xtLCOzFwx2ALDuEwm4g8hmyS8kemQF73v0GgD0CkBTkK0idS9Ppq/UzAACtzxC/4pxRgEDHFF
BLVhAvaObUR8I++jDlpJSSpVOcz12LGWMjotMn14J4IZyOmifftEBY+5mL3eItkC2dGXiQp9KEJ+
B1u6EoTXfp66WHhQvRY7QGJKd/pW0rRJzGmZfHqh8YBppXYKCZYgFWtNPPPCWNfcFCdmWuEQypL6
9ePOM59EFiDPRZv4mJI+DMEFlz2qEfBGVuoANbHdlH79OIrGKpkr7Ym0rhtcyCY6Q4KWuNIBd/fF
M3GkJEAhnwlyMBNGnLDTsOqp1gqjBS3XnnW8zxE7N6wkgJsgTMnvSrg8osGMEXHZvroX5n0y8DV3
KDiKgZzBtNTWpAJjAGZaO//p+PXIthu1NG8ovCGuWCWI5CvGtpgBOhm/B7HnoEq9nOTn/bBhVPQs
WwXwY1ug5VPf5NZgxq72C9HCzbqBTqaw5kMSVxIX+Qm1G5kbZX0S+AGenMxBzBFBf4s3g535qf2v
nK+irPh9JB/VXzO5hL4AL7JUMP+3o0TZPbNL53OAOXRZXneYe9B7TyL5RtVFqSdFj1lGVQfp3BPe
8o7KMLQXFuCkTMpViMahV3+HYMA7jzgZDoFBiS4CIPHPokihSmIfAaCDnQULCl1Fki9tOs0NkVbo
Jq0WTR3ZczKfwr15yqQhSbSVGo+SAAk4c9MyyAymTs2ouQ39e0uP93+H704tYVFJHkGdpf9x9iVx
ed1xy6UupailEnpxTRqewprp8bjmslmTu2PIKPhPbb4V3mBnsuQN8bOzShStOEyF2kWCcxCajfih
gksV7F4xNKyDUqhrS4Tt6bo1WnnJ4J6lkHoa6hGu5VbcZfthqETSZv67KVSpCTlw6V4/dPKZjBqT
b6Vn1suGestEN91bh6hxxMBVM5oVo2lw7ZRnuPGyXUOMyX00s5ebb69FVpEM64DiFU5+lhFyJ9o6
CVzzl2D+ssjj4JEGXlZdz2jFSbuwBaxm3hSc7BqtA6y4Xj5Rh6zZ73KOvZQT/efFbY3HHCwRN55w
jUPoGbJr+0WxG9mGvsQLrMFjtc83bKC3l2a+Ju9AA8+6Dt8WCyHzCsFDc0gcqJR3T2E8kri+anXr
qgE3liboLSMv5I2UWAZzgRvmlXTXYGo1tZOKO02y0YFI+4deTfs4gTFdFv5mQJZlXSwkBeBY4TpZ
6iwoTTcZcRc6+o4y9T1YZB6m6mcDCaasFH2L8j9LOLOUGOoRUZGILReR1hKSqCWzzdhU6zn5jQWS
Oaa59bNky0YPOKOLfx14ZMXRUEJcfWk3ojJuZiRY91k8pY6kLUNc7d98roNveiMsCRz0zY+NjnLh
ei/97oTfNWD7lRG8tSlhf2rvhbb6Gay5Sn4lvXFf7jSMR+lfGjR0TRNFVTWh3m/XNTvZSferqwaP
YO/BLk/7tnwFusG8SAgreyTfuNU26sJaKJqL6nOY/ybsHqO8hNNYu5TpoIZoRkrnRt5XfW8rSPZb
XRJ0TDhu7pBqThJl5YagkIA86SOkFAXqSHKIZMZDAConNDpM+oeOaTrElm6VQo83GNkUuR5tBTaa
DT6KDGQ/V4HIwMbdgYOQ9hot9fMw1zbu9u9ADG6RiPkVZu3EFGDyQkbOCdEVtAM0EHqJcQN+4v3j
Mx2jkmCK/05aSXjwd6Z0gM5laOd8oL+jgCapZLzEOtLdqJ7oX/R94ctjXSsA4KkMitG2h/DT0dYd
kcJbUHkTHrKNhKJRlx32CPwYKr6By/liMgZXztNoI9yRVZF8qXsisdPw40k8zJI2Jxq6wybkHy+9
iffhoaj6EEEKtcf7AEiVztBBmPYWR1G5A1rn0ftLB0YZafuLMLiosAMIJDaE4imkmdnAV2Toc9rg
c0rUiTHCEDFWCnfXsdRSjPFtVYj1WsPjs++VLvUlJLQoigzujwknbdLB7+laUFjhjwsA9/ntkW9w
vImFJfai+IXYmGaJYgdo6wHGF9IhrYko+bH6N4JV6ak8SKPV7ZP+sKwUv4m2g6pY4ZDr+ueca5Jr
ybZjk8fpEosjMJfjwvuSnCzEh8+OaZpVielGBLxicUA0JfIivWF4J8nFVoRM6X/K7zo4qiWfJdnT
eGCXgj1GO/xRE2ofptmJnej+kHr5yxF+DTtT0BrizFl2EyjFfXbwO3K76RqFNGRCyHbn74wyE8OY
ANIHACiLEJpITMiO6KwlKSM5ELYyac04GugaFTckt8O3C3DYdAH0xnGD/WJoDm4Ir/G5QLUPCdH0
2sOY1doVtwV1S7YpVeRlM74dkV7KuqQmirWKpFvSGPq6M0XwpQGKG6SDSfxVqjOCrfhxsUWNi2mN
7whkZfdmMIUCTWOOXglqxoEfRhOJIBj96EoAvOTuUxyjvFWXBXmmNwl/RbfIDiXUluYqlR95o9VK
pyYp0TZ+ZHbGbaNrl2KPcMj9BjeEXQDRHGiVppSktUldsO4p3UBfDDKzz8o8mAi9mW+kWUXiZetm
tfCH6RsRu4QBRz20/z24n1JL5hyDW0FsEWX139JxVs47jlbSVi52VM3QXLp1d+VabNYBWU6b9kOC
q8IcyBnNyDo8tDWslnQjGNf/gsEiRptELd1Ch1x7YPKF7HGkXzcVnmXLfMA9wNsCaZChPt67N1bn
vMGziPnG+cX+CGwQsFPcyh+FrK0AM8+J6FHb76hAzlUxbae+Rv+Y3ZJy6UygyaCgFHsj2qDU+z+N
8At4VPJzK9bjcWsMohEyrknxQpmdwCT+Eh2e+SX6oO0ID6DgPHB/k5gUFWd68rsoXZ5SLzFPWSMF
wpHEWbJ/jkXuphqNPk2q7Kad9in/odI2+q6wU9pN8jfu9hsxhlrjlCuw8rviv3RdZ+Fk5sbTpb4F
wcg3T/Tx70wGGyoOIKqEKQZ9avUIf+TUizvJuQSz6qIr1p28zvPNV8d308uu2q55s6Zd1GqUad6E
Su/Rds1hUFq6uLLVVGoWcJfWgPwUeFfeSLqUO2+yWLCpeDXvMTJfYunIqGoTzfNMm1hCfv7Wk3AW
BMTy5texcBPAMVKz1paxZT1KM3kIPCE9KV9QWI0/dr3Sce16jq9egGzxfpp1OeFsGrapXWfr/mS9
Fp4oXjLfcE0lMWfMWowEyl3GamkxbXy6Xq1YhwnYRJ0QRFNvOb2jJI3yYjcNbN+Sk7aor3JGRLfD
ngE9wb663KJs5M0yyuXelmddpKxTdXv0hvab82320dZCXQbmZ+aSVp65byon7TiBUzPNvJyW5DEX
da8gpH74vznHDjHunk2EaYF/4uGTbpF+kumvbcGDfR+jjc3hZ2O6uYD4QcHkFs+jf+TtviDW/4b7
8SeflEOsjiANKBysDpaQTJ4fF9q18Nh4FYHdI231mFPvmKYJ/6U57PSSeDJJnYSPUc8TktG4tvvf
BqKOJvR1YYrgb/PKSSwwTALcVR9GVJP6eXZLncNPU1zUsiM6psKxaEegJNO4ugr7kdaGmqIFUNKX
zLJXNZrtQLx9BzP+xHvpDaYpnE1Iwcx9X2cktifjvlFOsXT4ePc/7tB33fmIQLjgx2s+APuxlVdu
i+WgX1ZijeBh+yru0FrGvdZYKPLSFK+9svTSeaqxjbFQ+Jb9Wrt7XRSNfjeOOtorSf0s9v9+vmDa
AcNfxhnLwk9e9RkzBG1haXMYCZnAZj2lhmXEGLqrgSy4A/1wTlpeikzHprBMmZdBnbH+7V9Tz1p7
UOti5K156sVQu7T9mJWSIuDKv/VGHstaHedR2r/9kZiu2Xt+79hH7MbzUVYk87L66S7Cf+58R/lT
RAsDQr6nQlJjfEU9dQBIzXWPbcJ/4WKZ6QV7GehoIxBCEx1kIKqJE/+iHeOZZs4HblJgkHpG8Zam
42/EeVgaj6se1Nf6GxL1ciZWd0qvp8zP/1H3k7Ys2f04GuTDCAgA78OPhgbi4iM0IYiCJGkYr99l
2G102HM0hwgF/MFiT9EIU4+seywl0BBXAARH0i8MYpr36XeuR0qQ+6YJNgTFWG6obZuqpTBi/nEk
1pUiBkHyGRFbWy4CjTquRxoDH1Fds+4zNvFlQyc2ht9j7iNcgQKBETTY/U2azpx0C6INuT6Kk6OU
svXhuOQpE7X78w44R1AyiIGEkXCsS0U6LWq1u42SfigADbFoeISuozFU6SXFkoIxtBHFkvIY64pt
S+KNHBIWUJCvYhmTlPNxRXMD5s4MFGXHg9myXuI9A8aF44Hfjcbpd6fzBE6sey9aKjC+YjslulPe
JtHrWBL7J9N7oCUYbJe/C1O66Cj9ENPFRq8kUughia27PkcaE3Uh9pB92L3qPmcl08aiGQHpHHEP
V4P1ndn2NxKIuUM3gDu5fMe0s7pX7BPkxolEir/DHys/KA/inkJTZLgLqdN1iXsWXteqi0uwCSgb
lWu2CTNFsHI/qrdl+FZlj6MefkxktRt0gyIc1Pa/yXgMFh3JFXN6mEEWPnP+4gyWUmfowywkdAmw
p73D+Yo6xzajcqkmSuCJ3xLhileYkBwjWIbcZxqy1eh8yLOE8k4wiy8FOaz3SK/FpeDRME6bqaXI
HbglDgFw+FF2ANrn/MF78NaryMv5JniqQhQML/6h6pZpz2yScArYTCRF2i0ihMczR7niptE8zfuR
+aXdGUQb/NQ8M4qFTyrvqSupxGQeXdOY+tsin0WEmaxPHInYZdk++VX5RwFEU/dzIKYISFygvJig
BPkXzkWnWLgchkibj9pLMDlJuqprDhoe56S2NNIS5U6gN5QdpVLd2k+SL6n41obs6PmkmSH0rMnu
f63sPDsIhHnULhBqX3KYu0bljnhqbpGURr4kim03JvcuKtvC44tqDuoAatL1TPyAzCbAnqgYPx7r
7v5c30HR9FH1SV2gxycsqQz59kiL98i1Z1auQYkocSjvAD4IPwgKhRn3erZIEO2YNWiaN7btqmKr
FVAPcwVOTqQ4fOgswOIrJRB7gnLXhEdQ9IHcoDrI3fueADzcTHNRhhVTm9Vo0npo8a+xl0ArqN7w
a4ASaLyVZQv4mOhTObKrRXclYyL1dUiELCarn1i2nATllFu8GeTA3KwOOtm24Smm1MZSrPTDX/JO
ApinfkY7GmOJHSnoSvyr86haFFC1eKt4Ffy6WK0qAr17/mKRONce4poRGNRIkucKbd3qVl+b0LFG
vdAqwdjyEfKjGWqYZd/znGeZch54m26aB6LLPOMyt6nrrBTDMM+f8kwRyNnU4huYB5RlM8Z8NWPG
bsXI0CiKEYqmcoqSxiUFvi70SL/g+OSbUn3SPMS60pKS+8TximlJZht+mFUl/jnUNKxbCuC+iVVo
Fek1PKP9e+AP4apo1zMPLmv3jMqwzsvwHLduqZOpYplr5QPwa8XHKZxuN8kzsnVNe/GTdc7dWd3r
QPTt591VCe04Wr8bTTjl7Ov6xzTavsVt9nGTm7eL3FjW29Jr1fkW4Ps79xpRkInPVs+ziHOJaBct
A5NXqWF4d/K3EmaZd6EHU9vC96Yn9XdsDjdPMDK73V+cTXuWoy/bO+NC2o7TsOfDhjK6+3Aa+jTh
5BNwL3OK8RcwTiCgRY+xQ+aHdYvGVeSHzqH0PsnA0NqTjrOt2sy2q76I0KfnmO8aQVYFAdF7johS
sOjlIYr2wbTUTSEC3YTVUxW1lF/krTNSBG3428mO58E7T+YL9cbYXmqMY+JyrraHb+VKrFuKBhfJ
KzWOmgdllqYVQzHigvoyG0ISMNlRUGQSovIm9ZX8VqWwagPXXf6e+0uarpORxsCjrnThTx/opzY7
iYeMpbVC4+bBrsqCssplWBNa9BuFpvqP0HhkdDU6P5eSW/fK4I5cdVVCGPqQ7PKDUtgiDywnIrGe
NbXrVfU+qzT0n9pEZl3aTCWFLeqqXqRAlqdpouFhKUNGmFFR5qspKmpgZpOjK1qtze1kl+Zy2weR
t4aD0RQIDMFun4rIcmq11Y/kl+Kn3ZbAbJKwxhflw8YjOu7UcuykR47WdMJl6K3aDp2VEM9SUf3n
oW7A8MNoQI8aM6mT075PEqm9yD3kBNCt3f2Q/xA3AuE/4ZMaARiArHcfhD38jkCwY+VzdgO+ZLxW
xWa0HVglMt9QXtFIcSmGqwzKDadrywG0Ee1t2RFfFZ7fUoZaSKQmnSFnkWJzYUMMft0s8yNVgsYk
3zM4MfmkmW2rcPZ9Ol0CQ1Txga+AaWCxD7IEJQLlgTxyUueAe5RLKOu2czJPsNI64SCJ+MsSqwbW
UrXaIUzQMZS5B8ARkRVZwbIGlabg9zCrTFvUi73wGftUQ1mYE4d4oqTZB+9xjokdD6n4M0V+bySo
v6qqdxBLZvdgfU5OWCS0WH664FzEmf52g79IOX0mBqriinWpYsxG3nadacBI5m/XAfAT10FEk0RP
kIcGh9zWmGhH3MW3QmVhT0wzBTdi1nvkc9wJ+l+E543jnG8qDP5IMYSBYAErUD2Grv6y4LF6y3Gc
BdbrkW3vB4dt/HbxR9S6se5ECkj8RZoPykGpU4GSyHfpcgUeEh9FTmYtCvIj4B3CyrkcW3XZLLQN
G04Jv9z39yjdvKRtIYiRGnAUCCsHeCVVqH8HJBUXhX8HZ2VLIyEg1MdFw7LriVsENKSq/WTjownh
6m3fIBeQGhXKSXNN95VKyUuDG5m+y9iTJZzYN1kSdgj077ecSdkbVJH1yfWzqWEiaxLDx2GFdcSY
+2wNecswwhFzCa4lr2nPhEqLZhIxxyUasIwEIilf/Lal3KF/ys+ltGO3qralLUlqFRXPgqvEM6qi
4sm1VQaqlfpggFbpFkGQI7unvaYEjr0iY5vV3eIfBhSBpqDMkirN7pKhzoQ2hPYF1FH/lXSWNdVO
QkAKfMm/Oc+Cc2Pix8vkofSLcMRKm2kl9qJPGivKkLoagzcz9PNdB88oUqxUe7HK03RO96lpRals
vyElyyoUJEONWMRCXlTZD0rXtmTijwu92EUk0IQfKWdKtIaz0hnFTQ7/6JpK7tnw6wRLAPSUN6Gk
OZ7IYXPcboX2q84Eb76T9N8g/lFdq28ZcqSlGcUFOkhbGTS1jLn1XClT912OXUm7kdQOA0eJEZ8V
9gA+kxbLnHy0cxVgECf+t5UhkLl+UlgljEnqtW503ckDq3+RWE9ql7zh0PFjMNIPKt/2Rj3GvC1L
zjKciUrmFvGwqHr1AyfIK2038KjYNDqzTZNiuyG3VJauBvNfEkzdj36bCotL/Ug3khc++/A3bpjU
Lo22+dVw36JyqTlBx+d6Ez8cbrBuJ3FQkTF1qEkKOqaRjMLx6pQq5FgLnhI50zItalV9UqGcTi0Z
mQ+1XJy1KbcctXXPHz5nMFNRiUB2MXxVzKH/sGjDDYjNpfOTRnMza5uDH3JO1T95l3BqAByntMt2
AHSMIi6u6TNbBN7QbFpnVuwIXJv0mJ7Lepw7o1e2p2qxSx0r5phGtytjvgpTI1bdAHte4v8hN24M
iJgRycROXjJP8TIRohp32J2W1tZPTqvox7hUeSiNemtVgOa8lOUYZGRxrQbUR+5TyJa+wIWeUzbR
EO86zDWsLch5MeHw7pLucZdJjUK2a4twikDc3lp1YUg8Vr/4RZR47KHVURh+7azE4ZLpGCnuceV2
oZXOOGPppC1tzP7YSp6yq/V4eb9Ktq0DT1xdEXik9u95kujysY6p3U0R5Dz8HXSNrqMGf7w9+cHT
QF8nFhEt7Evw8IjC/FjxyScjDoDnjj4Vtjx0lDSu52ZS6Vqb229y1fEyw3IvcbE4MwadTMESEfw9
3cDAT2lc/MOUmL1DPkfNiHFHxkFtOXQU9BvlP2Y6iGtgmtZZCB2sCRRpmBPBRi0vPBn5gml2n3v3
GQtYFLYQuJcobK0uNpYdSR8+3aQasHmIu6AYsCLJuJgSykYyKqVsLjV2XN22Lz+GdjYDUdus03dm
roKJlIxFnHzdhww5GMafvCmUOFFdnXB3BFVrLzCWJFGaoGRSnYhpdBR3aXjyHhnLfCiQU+GzpEup
rSRZabrCGylV65vMH25dA2CKRTNdLsd/GGxgMWpyQ4W02j3WpfrU3QJuLXwXwcWQifyr3pKkT468
9FLqS2lhO1+fQ3rDsih8Qs2REU6pgtqjph+pzGsD0flb0bXBxRRY3rPlUnFtpKgI2gag3ljQTMOk
6FjY5HsSouhzEVpdX3Sx2XH8pYlqZTktIwm3kTtYm3TaDNMXRC2Gg2voYdx8CJytyNzsCImqlLjg
lVuscdWM07j0fTnNnZruYzl95rwlYPa5+KG5NJe5NJL0tih7zlkiRxSSb0qEi/gob5loOTwoB/ef
QwLQBImUUi08C+wq7qE3D9dRjdoA2aG7GyTVd0Opsnef1j5B3jZaxHBh+KVu0nlKthe8V2aLcpd5
mJUX+rTONn9UaK+1SSVvESseWE1zpWwQ1o49JdFBhBfJSvoKr8v/KjaWJDw/ykebUItG4Fb1hGlC
REqzGePMTzsmq7/Tr0Pds9diuFKW/AZY5H6hFIR1SleVqUbwXuIhaaFQgt0aT4qOkokiD9Mmo56y
uEj4bVV6rhxmhURuYuYQORy9ltal1Qj2yChMPGzgnNe+ULh2vJfdQMHBZdTkRWkjY9NgQN2DICOP
Q1RP37pEGcRepJChO4Q9BcONdxYZX7Qj4FOejBaq4D8CdWKSufg0vpH9h6Nhkjf7TvUgrhn4RbVB
gxvulfst6IkoJ41JCX3IJQBvnHfP1s93EgbpMM4xYjp4pV32COHA2637EpHcn8jCyJgCs0Jbxp/+
78XRMrN+6T4dTA2O2aaUStp+yls0SstOa3IbxeOGfVSWzmwqF9lP5kGqIge0/ViFmH8S9wNYkV2l
DENmM0e3MjqeRcM6JcSb4Q3eJZoRw1ecKbRyDG4Br6QkcesZapNKddg++1fafXV55L2625ahSb40
l5V26yz3Kt6+VKSnlvD26XEhskqZB6DiXTgGyJWCZ7mBv++R+UX0EkzFLZPiJ1pTjCudRW+oCP1s
oBkMDIFg4UUfZ6R31c44lmyPJVG9R11MOms9h7CnJJFJ/aTRoaMvC49jv5sqVxpd1j/29iU9mGeS
r8pg2rLfuyVwg2wkH29MG7y7ekLfVy7JnLXhklFwU6B6bINYB9tLf1f7BwEOuWGpPuMJZm3r/Z8b
0Qk65kjWjKvG7n1ZFNwWGmRq+SyHZojYtEyt4ILZnLGcYGFchs9QMRMVmIXa/T2F4o1ELvFJJtyY
FUjL+emTa2nOqtZ7cbRZKM7v4XXOqC2QSe96MpV7MExmzaDJO/VUHSv5JNuVlkPyTz+vIBJKGqfI
oqNLz1WZdTjJB7pTw8jU80/ZO1IX5rRaCKVBKMNha7JX6MrhQb/BqO0hbgX9kb4EVvuUcJKzqSxT
T0L3bAUDX3zsbJ+RB1USft/meePbO+4r1oftJeMY6ojiLLtajmMCyPGEWs3Ssedd1ZzG6rucBeDu
1EAUp9mB3cHb5x7VW5YYeS4gWUYahW+g8CmdpMSlghTfSbhzZ0q+N2CDel6VZsFHq9ZlciDka9ol
bPmKbGFp0vw+5RqlOcObB25A1YPqOUOiza81sJQTvf3SeUNqaGx66LuosGxWHNqE4Z+Ggwpua50n
fPl07IpaoO8m1wvTYumm3tW/sj6nacb3pvxZrCGOcx+1dXXwqC4rmY5z3lyNUinhirdKD7ic6zat
0If+gL5q4JIhob6NUQsyYcHXlr7Ib+bYr1/+hA0ROtnYtS5wNSsdL+tH5Zar2pkkzy2aVlhQt062
DVpj7WeULRWNum7lr7yOL2/QWADtizKuXgPDgHYneAo69iWWxAQUWae2x9+I6VfmcUojV7u02hby
PbapXM3vIT/OfipQMKeoO5L0glKs5rt0NxGsqbflLrKbZr0znyTdg70jJhM8iOV3VbM9SKjv624X
gu4//EA8NLDN+lVxmXg52VhaOF/9b7V09M6hPs1mYm8hvPAwQrlnkpJ39c4fISDtclhDKsfI0LE5
lYgou9XSMIUFUH1TdeQdGF7cXBSfRAW8iVgK/C+iLcO+s+0IOCri07oYF7rtgGL0WPLKAY2oVnQl
iomRu8g8Jr2U5RE66NpkX3KOsnuy1NRdhmRl59QfZ+9ySgr0sHoWFVQfqdmVH1WPAtoeeyeg1Frq
7kT9sj1qQ1JKxq0oVVJW4xy61zSiArrD88cNUC9JRkoQcg+K1kM0Xk208my5EFJS5ZV639S/6leI
fyqy1Q1UU1UuLQxGTjaeOmnQ6m+1vi7pW/ctBy4XO6beSU14GpwlvFRF7c5SPBxHVhqaPojGhhvn
n6gbfyTusPPc4odSQ8brN49mMTDOBiNto1PBuSrfpRfMBi5SThTgek5lI4Rgqy0tWMpB2PU2vEt/
WHmtbu0VM2mcqcLdNWyceak/1n8LQ+v51dubDIxO0id6uE7415SyYx3VPipVXA/ygi7lTs69rWBr
PLCAFSHOeuEfNXB7QzLamv9uMyTqrNOXn5DW9pKXrdKEN7k73lhfPlWF1hCf8m7ieeN4FmLjfuQX
AHf8nuvIz14I4dYX1supx3jFPwtxIn+SufU8QMdkECsJ2wPyJyrr2sf2Xy6N3jnH8Wdcv9nOyW4g
B6HYpd9i1sM7jOUTg4uBR1WMiZ06NGQm0JFo5CqMScZaY0wZ8JyoC98cepxpzK5jqB+zDQeQ2FKw
7X2SCCaj2iEnsJWdtwtQmiwxeeGblW9G4AH+LeM/7OEntVgEV3RgcqIowJtd9hTbpo+F/iXEJtBi
9yWsMblljimoQo6osriUKdrJFe3Q79p3Gxh3JGnnZSSMm9KFtpA+KK78+2PUKMqUAyDeU+khJVfq
rOKCNOJPY7YftLq3mtkblh33vSFR1KyVfAtvBtU15o/3MoCOZogMzbbmFC2hz1OHsgAxSIEVPqPY
ukbH7JMnOLM9hWjr9wl3YXzs/4IPU45Vqfsp0Qutmks4BqgMlbaU2KjQENzMiVzknFh27qj1/xZT
rcQTVziDY+in+OtHx9BZRl1HWiLXBN+w+JWmM3yoMcIwOJDsCtQo2b6UNoBl+9Ch29ja6eG549gr
guFLRKepW70s7yudT1VK8DfYpFH+V89PVkorflPTJQBcIrdEVxQzWck6nW/kZIedtiTX35dpyzhq
6KaOMI3vkeECIzXxmYc7khrpH3uE0wR1mTlbw1LzAHM646r3+DPah42LqU6SnHa3xoRhBAjYE9WA
cK/a5++AyT7pb6Ko+MeAYxo7B4BF1oCvkSYjpC715H1KcQ1QOOIYDDzCYDORbYXS3gPuxneVxRTS
JrV8sjnMV4F1ikn9vhb9whJ5jyeVL6SN/YOQSbqhRMC86rQKWIsxZg9X8sywe+ANZJI+2R7bjOYE
5WY0qv7kkUvftd4Y58Z9l/gC1Ed22MIjgj9S45QOskf+lJ0VAr8htGO6oLOgNof9IOVSaVfHvNXN
Xq9o+poNYRMfF/ESp624Xbdu+kttLWnRkh8SFMCRCneANo80RaUAxT7CKbScKdGoEqFr3NcKPjL0
lIW7gsTrGO0UeszXPeOi0RlE+aBuEsUufof6of2g/AcxQvkyqM/vMVkIVaXC15OikDSqma6mXpWj
d9G0k3wDQGi9Z2IW4LcZ5MhfOecrgAdW5/accDfLfdNMzszxpG04MhII1KbCAUHy+qxw8fDn0Vah
VOH27fxCNXvQ7zrDFEGrXPZT7SAq7Jl8YgBjdP/BGDk+ahHidei69DQpN1uFRXHf/pQ0Cmrp6MEc
pOTXLmsxW5LW1WWFGg+Il+MKvnx0cvENKuYNtqO2vPeL97kTLBIAG3rQDElQ2JCxxdQ9oUzmgVlD
/7boTXusaapehjpUQ+bTJWn/ml24yphUVGAZsmaVCZh5asNWI5HiBZ9xW5bzmDE9CNN6V+HhmrrU
txI4KQL2W2/tLwNp25ZayBacu1E/vAqx8xqui5RjwjfEhMaIO1bSFfnr+FvCg6V3+WlcRZ2zf/Au
Rlbq1YVeRen6Kav6BmXKEVbqCg+VzbQEFUiUUzZAJURBK03K3rzJQpiFd+tYduwbvdxxNshV6MPt
Oh28bmmHNaHzvuwVW0Ad+9X69PBg9jvTuFHSBAzuLIXsMtB38xnJj4FXXkUZnTyCyPJTqGU1qGC8
b6NpoowrDVwmTAbWctFkuDHwkJFnqBX0z1E/REio5wkP1SWUCfFkZGiIqx74aIvQZ6IysU2BKElB
FdsIqhHpDpricQFVKmr4s0IFdwQRvI4U7x9u9KpKajaNhA2GhmgVCyobOg+gGloc3WcCHLmvPPVs
OmYdNR7ch3Ki6jddc/6xYzfJn8JFQaKxscdGSqJLO+CJRckNiklIjfRsoZqt3H5IvKUXhyRD5akQ
6BJ9y618ydSEjboWCzmKzaaiTztzy0mdpnQOA2B1tfid9DyVl9kxyada7ax27rviBwtXzfdb5aW2
pYjVylDgW4rJyo+8jcoNC/N3++UIy598Doub1VrTiUtAZwah9c/PJ8VkRgwyti8brQWtDff5Yutm
Jm+w1WYPTSajupnZVfOn/sqezAhmUlWAjE3G4aX7EtJ4w+WVjJ0TBotQptRTdUvuqdZ9IKeLlNtz
sKcdVWx9qYH5lY6m0dFu60n2oKnvl3BDq4nemPrKa2vr7EZpEO7lrV/nVKeSV3d09PnEBYnEuOeX
V5zVubX4jQOtkx9w0xiRuMtQf255dRzsnherADR22nN3+l5VRY8ahoEF7d0LSlNbSdOb82HNaokO
w+d1K7iP/bYC7kEvvoTU2d5P4vLfc/oi39h3qZqh/zxT7xRDPWtnSZ3f/OVj5y+uEEDM0+9fy/Sf
G8fTH8BHgEvQ/6YjMv5fV5SNg/n/+ois/5uP+D8c4v/jIzL9bz4i8/8PH9GaSGqt1sa2eSeUlYlp
tAHXmR2O7L8H7xSa8T+DyTjdFIb5eh3AM00295UjN5f3dCReVqJYo6mpUlmb2nmpq8YWMH9jJOho
CAVJhNC56mZNLS6lnJyaQuXfBZLOT6gPAgpYV3O3mXHfVxebw9n6/nfzt5pXhxz+Z6HT8GtW/ff5
V0dt6XM2ajuTEJYZVVogsvZ5+inhZHG9UePUlKe+ae10tfkTt/PL5xpItbBw/W+Z+2jUlsbzp4xu
QN5OuR1Hto2woEBJB1qk3G3NlobTWQWEa3UL4s9r+i/44YnT5Qat0s56qSOLkCI5f9zqerlR5utv
CPeH7P3v5HMO69fvhw/ld24TwQP99+rrbhxX09Xpp0yEtCnT7qLv96/hV85G8UmJ4Pvjae+RL4ES
SFZd8FxgHF8EiRfZVMkU6QwRsp9V0eqQ3xijI3nY5LewmQS3f2T549i3MKu5jzwi8kifVKVOD3qn
dOJG0xhG/5XzfESfvjcC09+z7G9KMugNlfqoWaRh0isYaFAaKGw+pj62Psc+8t4fhbgU8SaZZZht
OKNfYhEPKXaauI60ZoB+UteRwLaot8Be2A8YbVJmRMae16XvF8C65Kb+K36r38AOyQfVne8Xzwkq
GrSiWkNcYABultdZ5MSrMDgYCSncgZjkANKBsiJ9OWqYlKZsm/iGdClg7vjguGHcQZItEiiqLDY/
e2CoeWd5wZDgPiO1CCRf1V/rD/4btXldq5AKv64tYQGVFopZDg8T0bnpakEJVK6DCDOxPjBZCBJB
NIFTKTKcdNFhEmMR0JHxBE1F9jcLC8CInKsCXCG5M1A1HLbspvBnNA3ID/hrhCUeEKdwOtRMqAbG
dhlibX1tyY7wprsrfWp+IQDBCshHrh7ejPPIbDz6bvRxkGbiDZDlADIE4j2ciEKEH7wx3BF2XexG
6gb6v/puZraH3MS6F9S9RsQIxjv0y/e9J3zgdWdbFOwAYynADI145nkWBh+2Hhp/OKCGb/LRJxKL
nYHWHXOp/ipQ+MYfw+UV5IGtI0FT+AuFR+xbBLoXe1TfFCCO+MQyj6gOwZ+PwFrQikfi6af033le
7Z4VlwrVNRRJY9StGoahfWpM6NcOzXF4NghRX/MZ4nB8HQMBhXNgwbTwhrHD/CR1fnpV7hAId0h4
Rzc35SZ5AQZnDEGB+R6ylrmCoTHTDSbt16nX9sSoGMFrss2PqYbslns+uaaeMB01gpNqQaA69maA
M+M56HX5PpAe8Xs36M6kk1YfhYcKxJQZ5D5YH/w9rC38Uuna78h+KKa9951FYkQ3cLCVVyVM6uAE
EO7ZfqhPlR1V+CT7BPdm6CJKmpw6jhvy9lbHMnY505P32pgD2ZJGsoU/8DyDyVVtnupL/9P15mEQ
ddeSnKpG50sEjbLHVOHt40zb1bOPoy6lQ/HGvyvzQ7is+IiuHcTrRyuVd4fv7femhGJCM1wTvuMA
WnV60BYgFiOmSPPdTxU/uQx7p8BccQ7Uo/w6gYIABEVJoegsXCbjTbpWSzFeMBlbboqCo8y1+q34
DX1JVEnMqudopE2GW8fecMRKWBF4Raw2cTpJGed/Bf7Qm8aZBRUhm6W4FSqRv48eU9lNpjlALz+1
IoWMrQxL9woXzOytdUMqdBVehr/w2GksvnjU+bTS+EoGj/4+jL0UK3VlqeKwYwGnYOqgnlGpzNsS
hF6YdcgzlyLA5lX1Qpg5Tjk/pGfgk3EL4ZKRr7yj2ybEsQpPcEPKYUVqSUkkP2KSKnyOvuj1yutu
+1B5ljCJRJWuVdqy6b1e2BT32ksk98k4ErRx+zV94rRk+0V9MsDSy2fzA1uFUFVX1BdOt9EQY4sM
VmV6VYHRhD+IQUqoqTEvZN6ylTeeGF3fOy885sNVq3Y8YTdTGrZ2Sb4SnXak2f9NRqrzuls4bWb2
jrDWoaSP6vm6hBr22oHS7Hmv3QKWJ6F1w7ZvNW7yQv+W0cQq0L83yQwPqTZzjB2bqVIw53EbAU4u
SXhKVqi82NXsERB6KtnA2Mz4dZ8T95FUNr1WJqLqlKlceSYydbUtSEHx6oo2XRvZukJGiTYHlK+y
F9YSiDRUd6ZhVpKI2I32VqmNQKT3qMRjYNqQW6Exovm2lKlbv0r03WxxWFL23Yl6ZwzalUcLbysa
TYPcHUc81YiQcFCqhpVosUDzkn087o5vIj+R5FjZoZqZR6jTyGAGva7myGmGOjQ3kXDbT9n8mDDl
zJeSzY20eFGHinpS+CMzCckvSkjJJMO1kpQ1qlyaCVqqxSKi+Su9cw23EQrS6l7CnY3+eYjK6WOy
KxPryjMr+nDJZePgQNX+x+UmEaV9NF79ME98dFldUj/1TnUF5ji4TKc1Np+xsoGsPnHaxkE+27A9
pUGNY+eTlkWhZaV2NpCpGpvZDV1KeHbybTNr7qYz4LnnCo+2icqO4tF271m/7VaIQY6B41JLrH4R
66HH2WcitpVpCMBrzqVFLWB5M3no/Zzko/BAaJpAVAOi7+biKCl6j6RTrNhgnpel5an9qyasuUF/
AzNX/5jvoX5cBpVVVWPnXjL7x05JeC3pji1UPjmFgftV6SlvrvT9lVl00CncHbtnyVsQgCCAjyyK
wAhBBdEGCSyuMOw4yDGJg5RwDuiaMIvYRkg08SV+gZHgmPtMR1uEOJEl0hbALgk/YmFP1CLYBxhb
hroJO46dv4ktsAf8Gsc3pw1mI/43rAndR6U+0eFPqsZLeI3PjOgenBUMHrwjDJ0gNUlYS8T6Pyqi
DD+yhugk/6k8RvEXRlolftxoTjMCicwzWLpwCdUtv/Bl3+fQvfEmlRczFgCv1xIG+XCM3/g3DBm4
wCqdsfAAXi1Qj85HAnt6Mr84AS0JKnIucl/8aPxnome8rcJtfMkxyD72B8kHgmOmY5RiOIminsLv
Pot/cqceNSiVuVAyvTOaeY1fmHIgy2urM4bl3c1sO2AcpP66gbHc/BRvyC+1+8RPVgK6alKrYify
aGKtwiiCjTHRCcAFvQdqiqyKgmPFzgCAivRPOKMFvQ0KK1Y8AK03aDp0N/qa0NEA7qT3OxvzHEKE
rH/ZBhuDYbzIrs9/ewMCpYl3fg/ky6mXAZeASy4SFrqtgBiQJBg9GY0f/BBjEk+fQUP0BfiuHLgc
vl/RHs8G1x3XBnw6ZNNAbuCFfpZICH6/6jAoHCWjRjtOlh8co5Tx+DkXjvMJxyhcrj9zSBtlfRAz
Ugdqd3CsnqOg4Rs2W/UAmRnbO09dciqID8lvPpVA9FGYP+a5sBd0Fv+NgJMduEbwjn9oAb7a0J3U
h7cO2zFUgcJhHrBUkcToedRcFArMwA/nR4Nro96O2QxjLD5/lMtRionxfee+oyBvUKO7TUW3HjhJ
sBta1hhKAniAbBoHCrzSbLbMJcggGkgmtM5I6KJl3CHV/wXdM8gl+C0FsAlcqpVpib2ismSdtnaD
PTIn1iqbeBY9d0duLO6xCVn1YQ0azFgbwRYZjxKHupfgVPUm5M8+Nr6TSHIWlvHfxYAIuVWC3LYj
gMCZQ1y/qKcVN//fJPlAXQN2ho078EdSvcc3uwXaVap/deyhMYRuOsp2XzB8TpNHkUjdzxSoCBI7
gy4KXcysNYVEygsd0vjmJJ1K2Dl8iHVjtADa5UQYZsmgpCXiUag9TX0OB/9waJ0+ZuFENAl1n/pY
Qj3TCDqoQjZgYsTi3HbPouALcq7IKVvOwV1al7bEoGvkerl2g5pGwrtipXLMzOAx2MtHIdEkdU3l
J7qrGGuEN94XjZbsxSBl/I9IUT3tVIw+tCvdB7ExBJnGgDGaPRHKFLuMeyWj2H3imlbIpOq9Wzmt
VSnky2XO6W5hTmZMLXxi6maPQp8J7U5N8QZUBOAkZ7EidlMkNktFqQjLVTvBjNgkjq0bjXDMSe7C
6CLtocAN+3hE35KvsJOHl0tMenSfKry9GeTrFRt0G/QeJucU9ohqkZgWkYY+koaiMSvTmI+87xph
lK1ibesocZu8XIvLOF5ZjtGeOlLZ3h3x2ivS/in4si5Q3QeTDDGGFQMgdnB4Cds0im0rd7GW8E/N
yjq8A/iVWHeXsb9NgHmlcxRP9XhSj0u5c0MkFpm+CtVeBwTi0wr0jvg0pU0XhJFkYe+4Uu7Sqjom
R52yNd65j5oatUI7tAUNScQtKwB5xoEuwGzS4a3fvt6iD2IITIK18jDqKpUHnZyVbo+hM7EWt3oH
3WMio+zLDpeQ3Wrz00tLQzPf9w630UtVEdjoLP1reG7eJfPacPYUTUtr5NCk/lf6e+insYiRM9q8
IANNJxoICl2RGb9TSk1RHiGfynS6dam8C1dpxI+iD2lrqF5ZBzK4FNhFukOZSsNn9TskWJKBX34V
LtMJcXMcjtFvxjqTbeeL8+Izc5iP1GNEN9LZrXI9jvOeTJW1+GKhBNmArabWIm54GW5i9ICV8/Cx
JWehVoo3EtN5V0mxYy8WlqItdCdGVxlcmixzjaSUollGXkmQaF8L8U+MkK0Xnvdpzk16woPdN6Oa
Dloq3r+EFNxxO0zMSUzFgbeX8Z6Fwv53t1VE88qIXBfg13TLJsTj5gsDV44hY7wMn+AUU8gT4n1v
K8VZlgNiLYNb/A2wr/JudhmusQfvxopl1Iy/RcwzXoX7+bapJZ5nuf1ytgIISNWPmZEF0KEiHZIf
qp4GkZI0TdcGpiijfSJXMwfeRf1/utw4P5f5KHomqRyrqcP1XuxeqdcHJZ2aqaeRcJ1eKb5JezHq
Wq1SXGNPjd19HsVt3YWzKwNvlY2Df9yWqu0mg30MNJWhJtFxUzW7eJto5JUfSLYZ6120TSuEhqgG
ZIA2qyVmkNjhahEgioQUwtMl1CQ+ZLcgcAly8YQJEsk3xUwYwjwSt6FXFnsUtgvI82Ifle0gNaW7
S3fC381XrmSfOO7HMQbWQRAPbPWg9UQ/bF6Yi+r1EV5QPAofke0J6TLxyHSIVxBhEpyH0oqIFhwP
mCbgHFHJsNoFEOJmCSXK/tpREuaCUIFigBrJTIV0++aXwiPI51w1Wb/STatX+nKlXwO6u9qkqJmI
f1Be0HkQjet5CuX7ELTFYVR+CZ/xsUiNEk/ibJB34nfjzov0jmaOJCeQIWK8UInkceQR4ySXJpOw
1EmvwZwYdsCPFoANaJQg5ZJw3jjuJX+haAFxNzEwUM+jXP4eiALAQKt4zKQYcxzS/9Tv8fwG25Fa
49cUehFKE+aUFAyJRURk8HMKqAtkCzMrLpbp9DljpK4CoACg/PWTBPDqcfcgQAdqD1/vIcbrqIV6
+xmFuH2IB5vuTEULKe8Y0CLwIJSb9Jg4wcXs+ejbQru98aAh2BSNAvog7spX+rUOlS9V5WVWF7T1
iVyIb9De0dth1OFSCnb6Leb51rHNQbmTwvrb4g0fKJLjIlO4zovOhYe0S/1/ZwKMyNKV8xJ5UJXA
Xx2/mgQHxLoLri8KLAJTstMOnvzxKkhWgQSKwSOApsVWE80CkY65XqjcUWpC7M0JPwF8oOCL3cxU
CJIwHHX5nsmPcofn8BnTKp+nRa2TEU0S1INwidazNo68kzp+OKyQqLtVt7cwCQTEcpvjKTOn7xRR
4VsMY4l5g0SZzhJEBdwy0CmQ2pGSlj4JjK2JmcE7+gsXt5ivejiqx56jro15EyRO40m+GgDOki1p
rKDdehwYyRD1DoTb79yzfrh3fX9DgmUCUQUFR2EXPBUMD8wnSB6iK43G2WwZK/goT1MTUM3Jbt0n
VZ9h3+D6S+TGkgzIitD4NrnvuHUhu+BVx8gezBpKn+AlotbVQIZWJLaNDbiSAPsoK91oD+AR3R7r
0E8lR8lKo34WfzJyih8a+UQkPXoIlXUG2mmyRVeZfCHVkuSYnkLeyg1ORRJQ2f1fUGTC7JoSh3FG
NVuluiOLDoiloEAitnMVU5/he3U8dX7g9ci2rDqp1wn2TieRWMjhRFPEsye7Iv4mhy1FU+ULlo9R
WSoUm6csy6utHFk/wK6itOUuZmYT1RbPr0k/NOuByxQGREcdj1CSMk7aVSqOtE9GqOigfk/YKkkn
WSFYK6FZnoShYva4hbslrhx/klWvDIsAOzT0EprVI7BHTXIUpaLPor7MgU1VZly5tbaCGlHuynGl
ZAbiLOEXbR+QXGDII98U14BpDuzWfAafA00+F7ZFBnFDIQ4AF6SG+h57/0dFbHFOteglEbOll3PL
U9Ruo47tLdS05EnfVmCafWX16rStHNJItFy/wNHlUh+vX1YCh8RN1WVusW83wa0XEm749v8obFn1
7BTbHvoMF0lobn7pBxf32kAt7Jgp+/2KVPyAHmPUqWyc5hi1VO1xho1Qr804+T/E/VOwLk23oA2v
adu2bdu2bdu2bdu2bdtc07Y9/6exe3d0vxHf+/fJPqmoGjGiMiPuu65xZebByIVv0liDb6AlWYo/
7EhaMqd8mJRkSdXtHe2krJj3yVmVwLz2hakvRiJC3nPEYCpEEkyxiWsfkJ8C84pU/6XsdNe936QK
E5VFilO4vgtNrriA4w3gFdza+zRBOuf94PMqxUwVRTJCy+QcGVf6Tm1c797G1JLZTmZsNTL/avqw
Nvk8g+IHOw4+I8Mv9UYm8k+ttDTSLEBmQXcKqFDUi5kx7VvDjvIZtivrQWWTZZSEGzWrVISuAJje
Y72B9m6FmraAsCMsU+cl8Y3T0udKpBZ/5FgtKT5V6WotjaUwE9GW61qLryhixZv7PH+aUInXXmPz
oOxWeSV6R8gp0stGHM4OhaUoawc2YmehPjO6SAYVN8tMK86RR9O8KYtjId18CMzB8fwMimbdHZmN
yNg5WOuiaiwtLvNQbIw7cnsyPVakQv6R9TChoZSWa0wq8DDVdMXANqsdz/XXZv1N8Unbb4SelTA9
1mhyjD1w1JK2rbBv5SGLI946R892U19a8cD3C65YtaEzP5WOYke3vMOJvVJfp7BfRVNh5l1nlFTq
7tP3ju5IlsfAS1NSXW+MA6Lm/cPGIT2iFg8bC0DyJ+fsTUdxutqFloqjH/fsQhtzasphLVkXMSfS
nPqSyu9EQxe3RAfxvfwrziORTvl+eWXot/2h9tfmKfluKhivQWWFf/Tp7QnTzlxP0Nbm1n6seLTT
qUY1qRbpEzG4uG5YIrjniPrAQZG2I2K4xLqQOfED8LTcofh23DszhRvhEOAemQ8XgFWxN3JXKKv8
E+UVnsQm4ge9EyPdKs5IOYiqW2AaECfKb/BkAC8IXC3QE+rlHvCpIUVv3BMxS58ATMJz0OMBUBGk
IpaQpKYAuwSbqCkAbFniaGJcdJM/EpUJMIkC7Y75Dt0lMB0ayYJgxKsY4e7Sbl4ifyl3bh16xJOq
4cde5MvMlcrYWn70OjyXqr0/a1A+1OCh70gh2BEyjTvvLmox0zuCOeIhsDC/u0w2Pxowo9mREqYD
zFj+1LBEn4QG5BZWBpjcEM0blb1GOb9hDxQoxRdW0wJv/ArM7j7WpIQIDUgzNkoW2nTfV1RxwM6X
xMl0XWxF/hUBVUmpIi1cYpmDmfIcVEaYqvjDPMz8s59QHxs+xHLAtx/EGoAZ4CrmNghOiNfB7ojt
SWojcRfC13jc8EvAdktOH2vebFfqihdaMp+nLeAcQva4ZcgzNBEESV1mP6D5eg9wkG4Txp7KAUEf
VC9+px9zXCoH9EQIqn8mHjm1MMiAsxvkM3Y8XjL3z4zYyIHV04mPmEeyRD4eW/UgKQMsu/IV+4lF
XkqU/hxQ2Z2cte8dzS9ZGXezOvGpLfhfULRCTkOxO3pMmUF87GthXVAZMbj5cntmHbAKeP9e7G+0
98G7ps0FgVGkXXNRaKcI4pQNLKsSR6M69Q1Rgi44rhGGFKujo0/Uvbz2HMSvr8+3wWjMfabdIcFW
YET3ysa9T3XSe73g8JX4UiKRdedIhI5InoIY0c9GxoKUJ+ZVDE84UeKuzOfYjNmAN+hqutPkI2gr
NLduS7SxYDZMNPvXu03O9+7VL1zfln6i9NR6PWI03Cl3woXIgEGMxvziwgvEHijYxNH5sgPFxpAf
bLp8bMPmYTQgSdIcsEGHaa3uBGhQ10g6gzjj7xG+Ab3ZAqhQqcv2jEFoF9peOWM2jzcNwyCnor2u
4eu/RJwUM3LUidapMLNXZFsUfKrGStuqkJVaRgQKGByAl7QX4r2xOag0Ba0mJVG7QDLVbQeMbyBe
dW+kRmhmMcU8YxM7ZMdQjvdti1aMyXYpMwp+SNTxcIw7aBvIPdomB1yTBgowiyuVJBF+R0oraU3O
kxuatgsyz746l5isZFq+QV/BSxI/mYyBTtIF+RHtEpGy+ng3VCMwxqi9QhrT1iNatd4jHuN/KzJJ
34jcS2AnXiKfMANMW9xTT9o8Cpfzv69ATdieis1rDSsEEpoFWHbT01xkmGaYS9yLbdPeNWYQdh10
kE2Qbjto0zT741ZhingObxd0AhaBWz7ImwXMV25HCYURhWDdetZN3yitE5cx3SbFJNDSPyy6phic
akoEG8YVb3pLJxtaw33zLWaNSF4XFK62GtPQ4cdOE+MnbibLc/AxDVaUxqJUNYzMYRforND2ytvz
nuGrE8ptPD0Lj2psQKJIesziRscmdzfyIlUplmNNIlEnMc2wdMRdJlKMni0sdywQtJzVhQWmAb5x
5E6TFQ8jxkU4gGZOu+OkclbdfO10uDaOwjuaextrELL+ZGCHuwPaJsQ9CeNbh6wwpe3Le0chN/yQ
64naWqvW8HWbHGBgZsXVQVtsvd9cIDm7fYlZewp9lvPkipA6PEWsu5ycMsgpKtWkHbR34FyxHUZN
Hc3iBbQ8H1eSMSgF8FpqTlPKV9LGdUDZKP6NbMmnnslfr5DuYqWKnfmpiYrQmrgtmYudS5Nmg4bU
rwQ8DOhnEeq3lls3WtOEJbWN0Ta/jHfGt60honyX1YyUSoo8aYmjLztOnSJ0WkxjZTazU0LfM/8e
RGYxXvCTpgiAw+wsrc6nii5UBkU1887kjJVi05FSghTNzCtjkUjTEDk3Wm5pTdSvZVjzpRw6DLdP
NdXswdrmT+XzlRtOuUp8Ghz/5iB6/PyIPc6trRflmUtrNTepmA7IV0kF4GBkX3IkKfvTYUczrjEd
3uY7FaJusNWwndA+0ksjR6i9z57gJug6/U7j124az9WIP7TMYGgyfkMd/YSK6X3aPRdJCNj2pRUJ
FahTdJoCTZGO1NX8pG6i+hXhKDCVMCtAIrSHNUtCwpTAOztHYnburBanyNBUpKXIGcwz+10YPV4V
3q7BKuQ881jJjf+7RkXzW7RzRlXHbpp7a1epfY2JqIOge/CLAaVWIwd8WKvGZkINgV35jsCZ495I
S7vN9q7yj05tUYiJf0OQTiItIg9qVOY5ByoL7YiMUoRZrBz99PP0S/8EWP8RSZZIx22UL7pDbs/8
kJEWPFmAJd9dPO9X/GYZ9bbP5UGbClT1nNoAfHP/IqOFeMdOvsPvrNvL7h9ERwOt0GYMg5eKIcYC
f60wGjdQVMPcrraonWdVYO/3ysczgXQEt5ZbMVKQ97sg6Ubelc4iPmE1o4hKJvZkQS/xG3CH6rh2
maGkm90K2EGtgP6zLeisPT9ala9H7o6P3q8cNrL8mbwQ7MpMaAKQIEBVqE1KU6pTUllOnE/nwlz+
Z8kc/wE1snhmbLP/nB+TF/AcSnFE4sy2XuLcOD1fBhTXCa57kjdiBXPjJGfsPj8NKKE9WwAy9F3T
1DGcAtqwaUjAX2RLbh2w3SItIqRf3F/UE2DRn9ASXhvuCkxLsGcAfRmoDZTOACuBV17vC7sT9yVq
bP431I/Ki5EqgSyU/gWzx6hvIFfIb99n2GakGOTj/qFhfI9RAKJKrVx8Oc2HlRtCG5qGkLG/aN71
gFT8Tw8xmRCTAZ4LBzYYHWAcPj2hUBn+3/ga6uDYfIPcBASxtPA8hs9FPMo6/ToMMuiuje90MBzb
Wgyuw6ihvnpdUNt7PMdgDOB9KFsR8yjgEbZQvSGjc88DfncentBiYfEn2qPrcf0PAkw4FvqneKzv
cXUBsiU8piKNb/S8dDkPJ3qgVmnFQcsByyJJUz2zU3SZbdVs5jFG3FmaO5sjvkEuMmPwLPcoxs5w
ukc8tMrivJDdSvrN4UnChAU/dZdilCfgVejIPN/052TWsIXIHJhrw84NmaeE9EylIdJGbu10OqO2
k9zU7RPqMbJy2UNuXbVD0F1IX68yAXnis/M4eIqQJaRZKfiFiGg5xlZgau2KO3GqKlzGIe505jSO
eDKyMca6B8FkKfXwNmB7g7/v9NlTnLN4I/FNbVDFVxrZSYFJXzjbt4MIi7XcdeRKOkN6JK6ZiiG8
EQse4k/aF/dsEq2TghE0Jo/HQkxjVKkUsWgjFbKVwSs9G/cHjo6QXarbEV/ZPULd0Ztphwh+f27s
b8Qn9+22VRK1opfepC3EZAntWqTxy/f/JuzES4QIvnPDUGMWoVt7kiFQfLZvSspVhYq5pMmp0ckM
JgOxqDV2XyBw6i5AXVv6bGGy4Ja0S/yEq1H+FEwPs1GoMDPNFVwBxh7rqO0Kqz6mlUum9wArKddx
/EKmVZqBZxRiZRJuaECoUS1eJcCu/TDQJR921tkWHKQHYNeoyDBSJsFafqQ/NOWeg2aVocwxUjd1
l3dQr1fHFWCjai+cKl2GeH7bb6LtS36rlCsn24QLdEWFhPaoNwIznjjCiY+M2g1yNWIv0b5Tv6s7
+V2Dj8hJ9ZT0WGa3DH5LI9lYoXzrgq2HkcWt9LlZz+1afl18KS7qI3QxWaFJdm5GL4MknreyawYe
ldQgtFPa2HBBexlLdyXo4nfZ6E0oTmRhM7xpj+CMMS3Yoix1aC8I5VxbVlnNY9ufagZ1Zoc/hRd9
5OXKT3scno+PJrOe1OyScCRVe3nLSSJduxV5u3wjA3E/mh8iR3FnAXQdFJ1iuAtvsCwGlasUjntE
A68w1aXHVNR5sN2Pmud+To5QuRD2yW/k0z3/XUJDlxXDafGQMVn45M6i4Z+eWP9erWqQU5K6Ajvw
6ADKHgMsMYF9jQp2ebZhQTMqAzJi+R2tBbDZbF73mje4jmCnqlx0Cc+ajV77POTALh2A74vk20RH
IY+vpncR16+4mLFCrMV6qDkY7nkR39ostknIwj6eADt86XSmcFuKJKpnFtX9Fff11O3YQcPRXp0f
XWdNgZhliJVa4W8YBaswuRNRcrmg7FySljIy7DiZskBqZ5xKcG7RT32W/OA4d+WiYVfdOROfHWdb
ZW8zE+VU3KbQYL0dCIfbULiXSQhzlFzSels9ip3EQ2vhqKsgpD2xDOgWodOiRwt13do8ntyX3BrY
Fjyq4aF1oyCa+2GGM3Vxtp7FihnjRDudCubS0XqQm6jtzEONnpd+KRfSKA1IWILMmQXNKx0/6zrt
076C6I7UVUeEhI3C0eFs1rf5Km5EStkPrkEpTGXawZEMG6DbRpIyIzLaiZOaWzBBcDFBPOGHU2aN
5vnrVJM9bIXnUe1depbx6ikSGHgVRgmxKaRQkTI2g1XoFrLWWTpaqkYTUzjmU7ubTg6NXcOR1sDi
4HNdN683oXV5OHSoaMcsbeMCGJ/ohnjg7/7AMSikTxkifgHbSOGRbLVnO0m7B8ScjRmBHdCllFWP
bgxcw6UbewNKOMz9gbaXlThoDbO71DfYK8h29XyFckdkR2arlgzv727QyXQGz0zficqNGGOcCy0V
EJuMLchLH6Eo9wbOXTJNHAOMRT5HTocfnAm0mI+17DTO8gZcAzslYgtIvpsb+8dsWFSUk11hwuwm
tPPSr5FxD/YF96pO3O4W/obB2ZR/cIufD0Ma0dpMECRPuK2+sh7nSSkOATQAZVlLGKU9QpTs2v+q
WZISr1OWC1S0PyqAODlQGtRW/3uhZE/fm/abExk+jZGDXiUjECbolzV9Q/uowYfjlPxjtQsibzwf
jPG9J6NhQHQf31pfnEh3shOxNnATQA+CLJMDLWcd1BOcNN53sGWP2BIdoL9OX+8Ichlphj9uENw1
2hdmN5bPOFCc7R6QGuSZaqzBdf44lDZbGfTvD9srktL19yBXNAkwKdRqYyewW0RrfVvopmStQ8Ad
4xvZF5pCzPie2/ChOFEhQRrBbULtMs8Z9RGre9Cuf2oBFXrIGVZq4EYgbxRa2IxhcnhfUy0TySRa
NnO0OftcT4CPW/FjaFNFb3y+fxHsF1HkPqqpPYnEW/Q8hIbUbhUl4Ue0glj2anWTZyLheUq0yxHT
E1c0HjOSEXgTrKTZCT3e4rs69moQS0bKmOIda2NY443EpgNsQ1rFpD2ZWTNDrls613qD1DwG3i0X
aeR+jUx54tlbG1PoVLWgRoFaAplltaXxxTqRBKAppxeuBZ0T7iciCRiSE3JzzDrCrPgZtRVgmmje
2M1cztQoB9I9cm+WV7BYQvchgnuZyuubzhtWtFiI8ICkWbV5kX0Un86inDPDfkN1SXA8BNWmVBLk
awXphKmqj+n1AVkSK8tltaMjwNZoHr/HqO5cH1SxIyQIhT2QGgH7pP1hen1yT24ZcsKbzJfggsG5
+ADyPbiLG4LG4qwyQS6ljb1uEuk45zveOMbDfYQPsh4KGCNa1U85uAhBjaSOOk8AlxhjjvbsDpmG
0E+EUeLnssSbcAWM+1hUsqwYundi9FT71K9aa6YSIfGUUOBNoTiI1gmym9L2/DiJXMrntLKG2wrr
2p8QTR9yy+iHnBPdRNHvtNiElAqf8jm6D5N89NS1t7clZWzI5ekO6GQXQGGU0hGo0fLVgKhgWRaw
DbqvktxBbDrPmgUni4O/mVKCMcsVOeRe5JflVIva8X/XxDLaKLiwtG2zNE2jo16sflhVSHVWdFji
pj4M2m065Lt3n8ZKaz1oRWF4KNYyXVbZLenu4YcI/iTAx0iX9xinNJBxim7OvEFQJa1kjdrXjXdl
EQXfIldN4x1dpsxRdzU7rZCsvqcKZJ62Ytzcdp6/jDAwC+Uc6j8QKqU+6rxISAVsqSxurRIZCl+r
bnB48bhUXdX0sNWI51rrwXUn47X8BjMh2+DAPKlOio8RpaqVuLwMs1X00JacdZfWXAYYVruWeHXU
punCM4xqmqgfY2A6LCkjchCcNIhc66Qx9ou+7sxo3OyJTkhF6fSe1bokqbAR2c2jVvWK9YImrnTo
krgL+exuYdxbdHrY0Uc2A+gxaFU5vf2c0MyTfZRFvWJ0iqFQemG1CUM910xfnP1tpZ5aTafLRWrt
ZFe8Igmj0U3Y3CUBPzqWjYknk6aRipCW9tblk7eL7fpDvWg2xgOA9Bx1GDLvEkTYy3LBkh3d10/N
LAtzZM9cWhAw9vV+YgFxSOJFQ4bUpNxjvUycWhDSI7Zo5lWalPrF+tBu5TX52h6FELQEbHFNuFUC
9lj6hhlkNJVUWGq2bYeuz5uaCmDLzCdVFfpAs2ChtF+WymMRd1axuvkEXb1rKsM347JFMlCvnzOU
CiA5x27FJFsu1olqHMviGqVv6uKQ7IVq2nav+3xy5BzXd4t2LCtziyQzwZXZx45Kka8afGBT0Ih6
iCP1qJj/GHvocWyPVkZuByjpMDvbNWW+D3lUVh/avvBl5B7wKSZQUT8hBJdgQkcEVDCUibL7E0Ik
veRtF7nJ5SUGQ2575xPekOoM+xX7rcpJwM7147ARECgEUUcJnhIz8TQ5mHrJTTYF29/HTTdVSwhF
ZDQl0Mnl6OcB4ZTZ1vuF79U0p4swhXWVpqaN6hPnqPqiBF6INbiwacUQVQV+QuRwVVlWq3IvVXkr
UoH4YKVLqplU7MI/WoGcv4vmmTVqfoaki+3cyv73gvXJ35I4uZ/YEnsfS1vwWhITTq8Mt6Bb4GMp
Gj8Q1KIqfssZDz4KhZHR/9SdqImvXdB67IX/OhmxFWOWKZ7dKyG/B28XleYp9khsEQtIsiCwgRgd
+TJDDqpXiknjpx7MVQEOYXMwZNlKGFlXJEg8Ch6oJlmSf3YJNoDRGRY+7EsID0h7QJPhJOD7fn8a
Sj6aPSBkULgkZwfP17a/w/mo1wewF+57i6vsXRkGhDA4RtqvXnAb6xKrUOq0gTZ4aV+Pn9gAlRCM
MWJBXE0f/5z7gc4+11LMLChBn7UHpB0mhT4yH581aAPxw99uxHRIazhHgy0+d5JSllPTQvxgtxht
4/VRlN6yuwyE4MSfv4ccdQsdm0jCtAduZFzTQXGQR55rOdQebyYMFBGsaKqgxji71kK3D/eJtJ2G
PYUByTdglUEM/7uBa51aOc7PjKVgbpiLHd6nxhGjDc4o0QAazjTWVf6tq96Ct9Se3UpKv6Ud6dPh
LrGZSw0LkzAv5hX2tgxPuCl84SnMnOaelggxR+BmcD2Wt0TXVHWxqb8tPWA3GNf4HoOFGm9rPNhj
JFvyn48ijAsrK5/wTl9VbYjpR9vVSyyGfvz83IrsxKGMbJ7Y7+4QQ5UjBi70hkomcJKSwAnmkdIB
55H6kYQCTElf8YHImmA1N3VYcqRWkMWalUrYzT68+rR6RRvWC/KWOHdyIgn6EObwoJL2S24bbxRx
3/4r6DBxfebzsIuIBLwYgsekLngDAwr5VhgJymlF+/6wkqE6LduOGAxrn1FcbZ1lm1hS6sXnBnlT
Yhb8hu2Mou3PrcjfULK7M2ssuuGtibmjuD23tMDAokDzFTOFYHmDbhpeUkT2qGKdEUy/Gm7dxPQ7
IYtkVtPKZdiNl8GqzXjASlP7T0jXeFmHU6jMcZuOX0iI5L/uaAa08jNI4G793+5ywriiqL+RZ9Cf
7XsV7Vi/DeL4DlJoEVHEeiuHJGTFbjI6JiONl7N+yMrvQr9qxyQjecMVFz2UXie41wguRgpc30wz
ERcoX/XQ+GwPYJPEyLS/ldRxnZLwiTTABANuHP5nwWRHROh5IlsohLJk9xIjDgPuE27H8hqh01WS
a+7HVcusTcrna2faTCpzLbXlJJk1nd3F6jve3/nVoEOMQwmG286Tw1UTSCmVYUrJhbwXHMlGhY8X
j82IDrGikDeIfsvQYrVSsBYU08eLMpsa2h1X4bQK6ES/xWSTvRQ6H0iZp5UloS4nTZhtDhlcKp/j
zRSd/H0D3rznLQ6px26sY93zqOS8tjyGeaqPYp4Db4EPoh+7b1GcEqmWjgCYGw5L+ubp3T3nIJ3C
+yxtg53kzyd5230qvlOQCMW2djYEfLUaNkwWbRfCrqUmrb4xQNF76FPZ2egZGpeOpLeNjDstG6/X
3eEmJEk5vnNrm02TE7FWy6THqmNUmmIoe8lBwiviZmLtsjYuukVwyn5OKI2OLHQ6dPdKm3g3FYVm
nlrCAk6wzTlhdVnW3YfvFtcGtnjvFAc5KldEw1/1PK9TiqbstCLHR1duO9G52psUB2LTS50rmx69
+DZtL/51kOXLDT5K/W2dE71h4rm7p3CMnJjkP0pX6kNj5fR2ZRGYMOF1mT4LYylJNDyGo2dgmnlj
rq0s616jLS/bTpaHXSO9jt9Y6Ymc1AeygwnbLQlxSeQmBnw0HdW+pfcy+ADrJoOAI/ohFSL61E+j
T8R3aJlWuFnx/dZ2FBLswxENpaSo921bkki/4rXrY6Q48jKO2ZK4luh7D2XNrWtdc8WrorvPT5JW
eK+DWYm8pDblf1G3k9pIN5Puq7oZW6mp+gxCbZQ/eO+KbWQ+SMprrt3iIX8bX+FQF6uwM/d4q/MO
dUSR2Zbe8Q8D99ovfUztzovAZVLleuaV0p6n2HkfJF+IxIrqeE9bX12QuV49vtbOvN6XnygayiC5
37sO6YI9VZul3trqK0Yc3aq+cuaZXs++mu7MX3cAASkjwNGOGD+8xkG4NJx40ARxu22OBuYx9pFu
RwZtHQvzFI9WscMlyT8sNdF6St5qnRytDSdc+BBfe58MAPnq+67k7J0OJiHFBmaOYFJiUowU6ULk
mrlPsLT2+e3/fkQiG6flqS+E5Z7jKTtkdtBK6p3r50V8yHcksHF9KLBrTEe8o/sW2Q+fV61a/UbY
KeyY9+K06yodcCavN7LSUVJmaKklpGc+1Pe6jQY1l4auhPDfKUat7e9k5GmCaPrkCzVHBdc6M11T
IJTBAQYXrzzx8VtRDqsDaANnQfCmR3mPWg6MqZupqpkD8hZoOJlEMLHHIaQuhqER6kEz7iI91fiU
6lN+h7lVlGdSQA9LBqrTr+NPGcXA3CPvrL8OvT9B5pMYsPfwzaeZ5+sBsia8MD4E8ClDHEKtQ0Yb
4oLkFcK3olwEwZjghLG8Eb6ovTWwTz/jVyVnvEE6dw8sdPPF1tchcJtIv9zA25jaQh9JnBjCBfKY
SK1Xxis4ZC8Rac/NB7iBb2WibHsZMhjhFhP1GEYW3CxLnyCcwa5jZv1Ry+dd/fOG05rBg5ARpLeH
LTA1fGgPqFN6NXM5iI9VCSI8KvdJsy8KfceL8GpkAQRUQrMhMoDyAJutUaB4THxzeYdsShGI0Mv0
ia954H3iUZx9NdyYsLI8sS6GDMTWCFuAtABwFeMM89LynhX/ONPRGhd9fzDFjdbE7xHeh/yImQq1
Qx0mROs5HvuSQYLFbhJw2KixvTCwFgnytjEPuILQS+gN5SXwy09tMAAd/xajMhNOEGe2YxRd0msA
Z+btDy/L24TwHYXV/0eVQNff5oTlIbSJU8L6i+gKPEX47CQ8mniBgXZrQW4xfMqbyMShOx24ZLDf
Lg9BeQMES/AvCwFCxeRQ7+CFFPfIz3CmsOUURGNsgp+TbANHM6UtmateOR7uzI/o3FEGO1LmowOD
Nt5tQz7Sa5RxgT1OrxyLLvUhDatrivXenEN3qgpk6mcvZfRgEYSSsvXCWPQOZgFxY30OrSpnqSXI
7ChaQuMduDfXOQ0vpp8ExiCQB++m0a7oLmF6/+1Q2hId5OZDW2PQoG8gfZ9K00miOMvB2mCYZSsz
NafFF+GnmPf8hgiD3OLRbZkljU/G+BryeEiGQyejiMg+lxDf8aglkl8GubTnIB+BJXEcfLgIVTnh
APaCWX4cvQB2qFnE2QFXtGphXiLtVRhiqPL0L5FM/G7iTQpMPI1yXWpfChyTjDKs8pOTgGWWozKy
2qNOC6FD0E3Eh+cJy9BfTYEFcSaltYKPcPNgbyCPQPOUL/KSjIfxPvm4iE8KxQHTyaJ1f2Yl3JKQ
DWmP5DCOmWSxFdn6Tg2nDON/br9Vl6Q9mNVmfGVqXrKrMh7ObEVZlHC/T4tNJ42Wzf65VcoyLHvu
8fCT8TrXr8lApNKplMnnjvddcC1zSXlexgWqmyzhhHrQ/VFsC/VQd5DCm4tR/Knxo6BWmYKuOmov
HVwXkFrNZUFJ1zujmsm44SQypIi90e80uE6F1oTdSjXbsim7movC4/xxFV2LRNGbQaqIVzTWFdUp
uzLuhRim+qsOPU+44jwl/OTfOTrZP2r1UC3lwK9lNoVqkcmCRuhX3mfdV9yjL+14VW/NpONgG16v
Edr+Miy84bjNllTH6Y1L/xlGxctYZOwjnONmcO00g6vGd+E0g7NmvGleM+SCnWzJ1tFx90enoQvP
p1b3+GfA0kxfTHowD30ll5xhQvngvZLdPBe1Q69tVvKZtkW2QeZ15jk/1vh3Ur0XKoozt3Hkm+dD
abZG3LC6zTlaDomt9aZ9v/0X5zpz3wMZ5cwkOvZBKNxBbpm8uKeC9QLHqHkDcydBxzRhON4jraY1
/fnArXVz/WXy+SXEQfZbmwx1rgnGkQaSnucvkSOisMOyuEMhn0tCXOYy6asxcmZ3a7VbNM+x3Lcq
Fd8+iP3KhdwbyEu9rLjzYH1MLju4jdlW6lsgxyQveQVK2fICxTnYb6KT/YPjhNZaazLoCufrp3KR
QWsZbYwFHvo7AU7414kW9tGwUiGnKfsS6miy8epJTnjVpKbmLhM98afUEOrpSTTnXcOjpKicebtU
XgMsQqeq8Vf+q4OZ2aoBE1FwBlxHDbe8KtxAkLhCq+DHVlaOj17PGhurWYZDyq/ZjflY8JmDh5C3
vrXyz9sfMlxy9axegjteZ7JfzYM1Qo2RcWQHB6OooYQkQYN05A6SZXC610VBKoU8N+EzJqPWOUV0
0+s7H5ruoLi7PvILwi+k5xp16rRR9ajfxS+UrVbjgnPl7etFg9nnAFeT7+8PYYX3cmC1xaZIlAEn
CjQqO2Rv6S4FkmpthC/dnYLjoDObFDZ4s6fnybXxFXQldQE7lCbO7QwPSlY676BvZllFlekt3Djl
b5pWkOKVJRQNCA8WApxk9gJV/Z/Ep7KXtkvZyeHOOYURiwaY4uFN/G3BhHumQ6OpbkGX1VdVpcE1
R5OavDZTw6UBlmCKddk7fIbAEH888TJ1o3zhyoTr4FX/iiu9+ob3toC1OwBrwle2RUy9OadCTgcs
X7EnO5OIPYDvRALV5QyHzV4lQiPdR9yEnxgfcOXJusaVgYLJrWxUgrgPODe5dqYXaEj41Ab+8vT0
UUghI/E2Dbd8rWXzF3l2AOrDo34wBSA2WIrh1D2PcbsvfDvyTr3tOL9wXuEN1TPjZsajCFgmq6sy
kpwG112rRvTVM36ykNgeMnYhk+Mv6BKrh7vuO/lVU3ewfchLyG3hq4FVImDGYd2II8Utx8YEnD3x
WvjnfBL24NwB2vvhJ9s3LF/YIRpdKvSpt8psmq+Jbit0fNwwnTa/FNEm3I9xR/9vsnr++9xLcFw1
nxEsIZ4Ww92IO9MXoycUheGCQr/wT3aTJ3BH3FNUH3IXJDf8bxR33DnjZoHTx0KMPg1vX1QnlDki
9OAWxD60GzON5NcRVtYpe21HfyCuAxOc9nY6of2xnQAySpY6XqCF9DcqwU+XjcDb/bpt22mnYdxt
jGkxYoBXlFGiuqEtfRoLZ9zQnCDpbq5q6ieuvojn+BUV+zSeVDaNYIfARGwH2LSKyFTsI19mSpOO
N6sx7Xe6XbW/kMcYAHQEAj0y6ZkLml1izJXy5X1kvVoq41UHyAh5j6AOm4mij7WOqPLFX/CneJt/
ftxsEZjV7AO9QnZV24HsZjwJOSeMHiX+e19EIEU8v1DLHOuW/DqHyEG6qxPhlDkRoG/vZ9b7r+CZ
TZDER4y2pykT9X30QwoPoRWHAW9fPEWuAYEfYUah8WO8EmpUWZR6gERyyXkw1XCLQLuntgO5wfsr
VkX+o+O4eJEIXqmkI54RrxXZEagJQyS5FS3OLQ6JojSa17kl32Q8mejlvyre49BYeeXcItJQ5bg6
OMhcxLqMGtr4E4R0aHXx0KUfJJoTIvqxR9XLULfJs4k3+tHJMckmjuAPG41ygBkH1d5VT62Qik+q
eYqvKqoZrOYIKg1T+Vs1tVGOWKLmoCS5TC6LtpNfxucFn/LNg6xj8arf8qOqsYR1aSLkp0qOJkXJ
aeVxx/6SAKRTbOWiBC2Rpg9zzuRb5aeOq+UflorAZctYzcgb9DN/N5cyRXXU2wa0K3/F+hZdNtjX
6kkuajta7g0V5awCMtJb5nUtJShnnV6aZqsxqoSflSVLFkvRlH7Iwy6cLJSUib8B74IsWwJCG5d3
oIfS4ZhhRAnatLeKOP5uKrVtMgvjFviZyi5VRpOgRoHQ87RZ7gTRMFnHnt23dp74JT7FUo/1X2Gr
jXu0B8MvDMWsiVqEam7Jx2QerwIsk864Xarma25tiQbCXiC3sp7p7FhtQVnn/LT28NUyfR3ORyXK
QI4pgQxgu9au9DZku8k0areodImJGHOdISwZTma3cWsl8rXHifJOInjMvjWTmPXYffVc/hGSFGaI
MTVHWYhtnaxnMyRAN4qOdYeaY+N9Ql56TV/1qm0YTT8Vaz1OoMHq0W5Y/Bj30nCYo32dWWThIH3/
1GLrQlbY4TF9DTkbaEjI7WCAUqL1CBvTHX+/wEObo9RB6mGYb7yJIKH7gL4uKmH44KVfciQMBcqo
rmBwGVe/vExnil5p1Wk4v9J9UWlw8/jlfBmOSabP+R0uo5zrlAEQ7iMztN3rsTEo5tg3KZ7/VDso
Y6/xE2Eke9Z/Kk4u3jZrYFIKS5uJ/JvkWvXTaGSxiLAXdOi+CGPfqZQe3S96Wn3k6BxNxfsO7lSC
JSGx9+TsJ9cx6ncqoAQmgZFwb+FQSWr369xo0HYr8yH1GVgOMBCmKxBNcpjn7nLVRk18zf91eHXW
XQZB5/SRNiddeqpr2X4UMREZID6TJ3IsNMWj1SiK3yuutsrycTWetdGwDnvbeNWzjdBrweERyPeD
wvHXZLFcq6NrxW/k7gEUXW4kdrrOrTruFE354ykAqUAVQO0geXD//DTxE+V6/Deds/nNaiTyCaVE
gwZXOCKqu56RspUciheVpcOcXhNxhrJzfB2lp2l9qhOXqdkdrJe71UqiVByXrfsoiZvUV+2cdaat
v6xxt/Q0gmaqKtssiVct+U1JKVVtlQS52AUCDrIXVlXZBtaB8bKSTxl3Dlc3a/VBztt7xZSYrrf1
AviBwNdrxe0j3L+MM+id277Lkykssb5xdKArk73ppJ2dzELFhkyk62jLRTWHQEX9dWBQCkvJb+mZ
iNyyHX2F59A5iisiqKm07SuXYhZjfVM5PZ2tUCbsbixwxQaurdXhcM8imGYb052lIb4LplfKM0AM
H9US/hcqA7T1qIafw5zYD7QTcYtcXWRubA7Cjon+Hr3B30FmQ4kxs2MNPhWioeYF60GpOmhXbNLi
qivg5wJA29M+w5U9F4tyse6ABkbuQFZQOvhwm0acuwFFVqgzwXdvKKFoGTIXhCWgx0NvYcWc85eD
B5Zr8UvUK4APXgOdauRx2CbjOsWIuK3BW8hMg0s19DtFcJz2wVeR99AZRlpZ74gW5mZedywvRPOy
77FoUCqrYodwEKwbrzOHHagvuJcQy8PDmc8F+hbKB6E90i+ZQMwLspW+1eA2ZCxdhTv0DIoUhU2C
sF5scmfxuDopFORB/IUgjP8+eOloqZzVSQ8U1vzkLnigrHPka3JeeshhoPSOZJd9VMUQ2Q7okOQe
Nm86OYHrMYyeS54OInq6ag9rgIw6GBeed0C3vrtwrpqimzAiIYfOQErL0X2SrxErGy+0LFJ1Gy7W
EgXu99Cqync4jVS+2QxkAwP1G2W/eF7nEG0hiTKAf3JTIpsg3CyH5B1YaQP4QYMgLEeqCdKtyU0Q
o3A/W7xTfDvHKZRFhTFxK6ZNoxPMTYpzsndPTwUlcrXbaxT4WO3HZUz3WXKA6C+EjRoCQYEqHioX
oygGFnFMiMJJwiKSyo7wH1wxQGFRbmFNGkz/uMLhSN99NnOo4Sn3+3ldCbJd3w91C5Y+f5kEl/3f
o6qjKWAvklcUuJAgZTMVkELUUZoLsQPKMhEujcXR25WwEiIkWqwl4y7G3gyno79Qa+pd5E6VuZKL
wTDFDYmsg7vGWcZ99jzH9cyqb0jyEnhRmHv+1kVnCEEUeuQ3E7g168QKD2rkeFK44pcrkueOLr2m
kdbRFIpliXAutot6itJPt0yzarVy1Kz/KFdd4SxlJUyz1VYIP378Hwl8wf/WJzGGHBe/XchnU3Zn
h8slraJra7knp8Lrc3Vnp/dH7PfcqXvNc7X3taXOZ+mRzI47BR4FnHW+U4X5oO5A4g/kD5YuLLs0
+F6WYhSE2T3XoiuiF7w4RpoE6WBg9bExggIkmSL18BY5TwuZBe0Nlg0Sh4DHdL5i9hXT9Ixy0fpE
banHikGt/66x74QYk6nHY7DwScyZQkMITbU04XWhM6Bskq2iaHFzkkiyDv8fDyAWop5QRfHrTI5w
yYLeWdjFvWaDOyRnTB1/z2nywt9dTVNZI+tCWVOgDD8HT6fSJtKIvw/WVxwXeIDkZmXHdPtsN0y3
vBKMeWiX8QvAQZRqCm2MeiVPRboGJcWI5tqpkO0RrZEsiMBlYep1/YSguTupSyEQ+38cP+vBs1nO
MK7g20Lg96WPIsxNdRHxBkzuyCAaSaBCQA16TWPQqRU1cRLjDkT1sq66jFUIFCSSfyopTR6A95XR
mPDNxX1GtanTk1j9RVC5gXYMcNBCB/jWl4J/j7MPoJFWjjc6lkbmvzB3He41CBXiSTMk5xBfUl/2
e9HKpjolt4i3jr5b/MZDyU/W9yJVjyn6RFd0clTetJmEksTp2euORPFzoFLEAsY6Wh4Uzk22Px+o
MLzcjZBFx1l8CwzxnEv6a6GJyAcJj+GiJZhFW7LelLylecJ/tCtXlx9/UnLmVce5I3c7TXWkTZbi
GnsW7mC4AMlzpt9qzoIL1rHLZRG8F2xkp1AMnceWWiG4nPn4bfepeticUsw7fZ1WHRwG8UO/SSAw
YwkNFi2NyFTxs2wRE3On5rJ46Wspak6svnwqo1IfHVNMw59Td0uh1nu37LCUYXUB5o2dW9Hs2pbb
YVX7Ujxtqpb2F1m3+M61SsCs8Ri1GZt2IHUpvKz1cnykezcGAubkqR2uhARStHJi2HsvIqIkfEsL
unTp6yzN2uegXi4wcpMgS/YTXxsHLDWPPvfaTTCw8kGUbJQgL6RaOVpB3Va6FXjvfkmDVSx8Yc7q
K6f/JmgUd978BdsowMXOP9VefQOSckqzcAGxZFZAI2+PWzsHA0NT6sV8CcFUj5MZrJdz3/ySG651
Vt8qEjBar41p4dJjtwh5FOqwtV34lYxzh5I8ctFxDoOSwCDdKRL0GPXpKa3H2Jbqa7I3W0URUkGA
+FgYp9KMd1sPpkk9xpr+OtgKZpRSmeDG3OSsa85MMp2jcIrM5UJNzlJ2ofXbtrq4GFBm7hjoTZ7U
MJDAb7ow3QjKz9dUlqPnq83O2TCYKNeGC9WipLwVStWwVZFwXKweqjQdsmjVJ8S737WVrh5p5hBc
GRlmmDVgEe9ccsk/AVW7SVjGjdfvBrt0rSx771rFY6CjnmfbfjUXnC7dFickNI8dcTLaT02B8V3G
v8ugTVOIGnhN/MjnFYj/A95JVkzbQoMHxpHEy/orkYqm/ZGF25vlhPDJ7CW9q8VNOxajIUYeYJp0
gign8JcJLGlKnw74bwXG3dyk8+Yxd7EDghHf4D7nLGckNsrNlEdop0YvyDNecemU0rLXOJ7E4Tzt
uOYfBB/oByIXeV8vVZkP7mjOS9x2mKnZm5xH8LIZAiLF+2sONwYw8KqCKfFLCfZ19BPmB8w3eQPW
Fmq3QMa82Wkto+3BYALbTtv6BXJDd261qBtdX2getktNRMweukuVxVpvd1YU+PG8xB0aFx7RFB+a
b2ZWljJ0brBPglMS5AC5oJ+QeMTlevQTmAY0bKlOEc/srGFu4fOcT5HyMgb4Ckm0b5xEw+6x7gjI
LqaN14WloS4Pi3e5Kb7jvBBTEpWjvgDFxCQGVnMCfcwTemePCzFrJmoo4DEK/cP+1ztodgxNWflB
OYIPeC1HMSOU4r5HQGNMEjwCIxN5NUKPwYInw2RJjgQJIbTM9aurL4QbfLQADlyAOxV2b+2wmuA+
ic0QnGwo6VgjuuNKADuHhW2FfvgbrxssebAfdV2uYf71UPGAG3xcservmVofsVbDMvllcgYPeBcU
zJHKIqsHp2A3dDl69WOnVdXqTebspj9rR7pDWqF6OBXw2fiuEXODXQk9SR1vqEftR01v3+NAFBCB
ACAguMTcws+gOyS2XzoIlxJR80YG1g+l3hyLAh7pvwBpgkWGrol/F8sMTptomSza+4QFVj2+DFU4
zAD28ZbIds0PsOB06SOoY7KRbEqjq8fxYwenZXb5tUM2gMGTOvVxS7gJYfonl7KNOV11RWneaWCz
SIq2R2z8a0p6h9II5RbOg723yUVZ9llLyB4B7+G7onWkNok6h0OS4ipuHm7kcTM/IWKX4nNHCp2e
DsyFH3IbSg0BQaSoQdgpPA3B9jBMGB0kLP0ok99or1lduCqYD8FsyM81Vyk82RyxtmfRRQUKKjO2
KNLuhVfBLrAtUctyWdO/Yz8jdsW2J/Um0Wt/hNZTOoYB0dIaad1XFoHBEHxo8WZtKouXfBdVAXYX
I5q/KZbOdizw/KU/uDqf2dB4onopnTiaYgdmbyYiGV8G9JouM2LMwc1QoyL4BnqmPQV2Zt0afg+n
UbSPs5PxRYja05iRJYJfdxvFStHke15RVA18rDsrBZqrHrAfmcJSGsNT5hbKNDWus237qarTsoHw
Ubww00BiHSg7qBzPtgFzad146Qa8gneH8kb1RM+I3uTmpavQNIJBtPPeusdJOChxqGPNf5I+SXRq
aiRLnBPsKjfxveTNl0iRKysDtl0X2pdZb4gXCPGTP+WdKWwg6lSlp8SPg0YO8Y1/UCDYT2v2yo0F
dJvuKpdz+CShUwPCXSOkXENpU26S7U4KjnFHLM+RR9COXa+5VwxWSLIkm2SBntQuWi1zROiHWHay
g9XIFV8APEMMjoH3pPYdjweeBghDIVPv+RYsVPKqaQ8yKufmmxIVLhzA05xbRQMq0nIWvIkVkDM2
daDLG/NsAW6TMKvzKC7nrxipV56XYuhxm4mgc0rdAHIq2kRUnyYZtzgrM2lWMHWLK0ocjBw3Yc5F
iwCXCZCwwsx+qLoMvROeFXuHlwG3qtItZQUpk6emq+oVVlSkkDBKBdRBovU2EVq1f4B4FmET1NBj
2eU/SJeMy7YTLM9PK+n2NkPbf2l7z9VP3hWCFGXtuaXVKNjYe0v01Eo4QTCuKwtmf/aaLGMfDV6g
nsnUYLzbTgouoSRrv690o6POOHKBScbmz0zo/TDr3vsDP09I/SoJbUVAfPs2cZHvcv6MbeiLxF93
omuqOw49knwVoFYYoSoHZnO6CcDNK+10B6ZkfD+/BdLFb30IDUxm34ZGDGx1kMUACe0ssC4d0ePq
2fBi90qQqCcRRa3Da7Wdge9zgeGz8m9cbKuzj65v7fSd2aFNb8l7sxS/tKUZSuWhSNNelhdlLUVK
MV3MVB/ESse/zx2U7HWc4I3cNvlqoqYlD9KvviRaecxZo5Rcv7O8zDIyG9QbSWyYZA54tHnThl3C
joBFGeT+qjwpxDzLVGLbZiKQ12keoILhREDtH9T3gWrkIlxX29S2cbBHRGUs4fQOK9UvNtRjwnEc
E6u0ndxli1XRDe7UUrAYGPd6ic8YTSPPLW9ODMPsFrkIeGbxteAO0MA8Vf/SMoAEwNyudAlqZXam
xwmDshzypDScoPoZGyusrUY4qEw0t37C7DgEW4soomVTbGU1g7PReMHzx87N8KZxAvVRiSX0ZtAT
mlG5kzeQLSc9BjEjfgAEENwG2oxqF3gH/ApwSltNxjCpLfSdoEBaTKOEByuO3wRgm3NP1PDb2Pcc
rxX+DUGDEjPAPm6zx9kwS9xrn9h4TWzdwz3GB6D11pHVufgLLD6b8VQUXCWP5855v37rTR3mDMOK
OlDGv2c7rVTJxZblHNJK9QrkRDeU9CpYbuwr4q2guS4mL34oc+PZPJQz+DeVj7JbxR3HqekLRheo
hTTj7nj+oPjzLWbewV8XGOFJ9AJl0CSd5ZvIgeEK/43eArIb3hKfbkZGMFmh9uhmrNDCw2No3OJp
P9z0xIkUUIOm2ghHtIWqy5G0YCyjv7v33WsbcUB/uu4OaEFRm132jYfoMoc5kX6/7TZcph3sF6w+
TT0nC4g4nr+jR0BzcWQ7Ll76Yb+bYd4geQocw5CBBugeV0vCDd8t3if6uvydGmIqIpdAe+gnuU+9
I8cL/jGOYlgvyOfwhmg7Ok2Y/WAqGOGe80BOWGLRBxFhIZc7exmngZgk7wn2HnY9jRtKA/IjSjGs
G9Iif1TeZr6r2ZMZ8j6KF8oHoyvLgcQP9t0uFYopnCXAB2VLDPggth9G6fiB6G2k1EWQZz/wM3Fd
VFBYVBJrXOYe6Gjs7JdEjALjTG4ij/zeW3YSfbLmq7f/dLng/XfqzwIkvUp8lTPRCRH1MLghGj5X
+pC9A3acyx+5kiMnYmD4LqhXfAaJ5bC/KcAKMEgXE9hMCtPFyZ7YigAutkdN3MJeWgQFDPcWE2oW
ttyo83GscHjSM6WHd1CLnGdh4BYYhxhIfkgIx9MAwtBXjFaI9/QPPJ/wFuS2QGwRV4XTpy5FdxtC
IH8ohZ6U2vfZEBIIbuTo6OkSWOlBPWUnt9LBivwoyZoSULbQuSbC/uREYx1ZUdiXxiemdGZ3xCrm
5s5GKsCaLa4bV5JcAoFJ9gDaHSqaBykYeTB0QtweyJn8qXA0oDzEAKPKHO2my6VtqNetQJt0ZIeP
Uv1JqXpVreq8Ax11ZFH+CZn84wXLRAcytDtlXHa135/uoB/PFNHB6kOkNjE5xT0lZSAzkzvnNWZ6
XAhccfVo3iE/kRHsR3YxQVO8i8B3YMEhVtzzphihIIuEzoI7omWw/SDvIsS8C7awjfSLtVUFJmmR
oue+5KGkKHvX+qha3PpA0I1lIfHV4A1bLom/LwcAB/+F2O/4NZgWeNwxNqwTLPAEFCGcLKNOfA2v
ky+TvINye/Qi7yzJKqlbEb7Yk2l3cdqItWqxKQVZb9f2U7qot24qqUhTqUkwmegtnUOAKDnAn2Je
vpzuqgkdLzu+F6UmySfAnZjbiDvvbVHDTWRXWZ3m7fQj+i4pwmaYdZCgKEGnhFJlz930EYFJsFOT
U0BgEXdh1QyqlbJQdnkXxyj2hBW1vLorql8Y9lT9gVvf9RTz4YSpaPp7batJwVV9npZBYbewPWVI
mbwJ/NSUWPAdfKZc4QzFgLRM8yGZqPbYFjAqf/kQg+Ed6FsCgZ9lQc1qdp6aboFau6M/05oKdnEF
vvVlmKxk4qeGo6jLhFZKkvx3hua8ohLwUXBer9LpZC1Db5mHJmRDPGbDEeJFnqqVlYjKRVUL90XO
h24LpHGzfoM3aYJ5AfsbBP4R1UzuHdwqxqreN1LnTHdvj+OR5xSS0DYRThfwSfP7mUUUZw5HvG4R
ZJslH3nH8HU6GsOz8ZPhremnnSw+ySz9hAPITx/7pEZUJb30E7/d9+SwVwk5hWWGL2Kk/hn2CTkQ
5xzkOnJ/tmaAN3TihqCgL1vbzupNnf7qFneGWoYmHaGqnCU9NljWn1M6TqiNac9UBz23Y7qbK3tc
skk5TI7fQtV3OOVzNzRuW7htI2QB4Y0h9iI958KZlnzaeGpnfpCNMNrMYAHpmFlP4B7scPBPK/LN
InCASao8ITQFnmoqFspo3er7tZQUnJl0PR5NTyqFq/5UY38YTtPUZNO5rNOGQfpKioqtSL8O32Td
Udyj8RgYkqrnDAqpZo8dP0k80nNfrTetKhp0dWfdJjYisW7WS1jfinGHVCGc5fO+QMjcJWiqlGTj
Jd1ym2fs2gXTq2fuSuiAiq7Qtfi4123v5hSHgp5NDsDuDF3lVhAzmPgzwfQNoMS328GKvs4Q7cfT
/MFowHZBwnappoSRs4STtk8d/faiua+KtDnOPoYKpOUWroZe7tIPS255vPMH1kl8wryTBHYj5Af+
ObQHNjVefL6/QUwFGHmW/unirTxYP9CeS7Prmw95FC+9G/fgwHry6Qhguh08/SKWK+B9hEfGI+q7
pHq/lv9HKTVS80lRDJ5ICHoaFlmE0Vjo3CTo/s0w0zhM/Qcxjwdztd6izoPNuie/myT2C9UzIQuK
bt5P7AfdF8DbHxs/W7zy1B89XBSFaemZrjCR+ulwlCPkF9Ij9hOkWhQWbfUZr6jcYmu0qxk9M8AI
Vf2b9pBEF3bHN7/Gx7dcB2oRwL6EZcmIwb/EZkqqJ4sAURXV27j9yBcd21n4iDauuhRvMD7Su1bm
SEa0hqiGxI/YjehWRkLy7o3pS3gw+gXuGme3gxNfPOnMx9r75NQzxchuQyPbKIu8b32E8u/ag4/t
YZpR4xKbwjgB+SRj5WsIJP5kzYrDf/nZeCAygCzz80Rl/cnRveSVz0BPNJYxhjFcGT2xXaHH4vEI
fwd04hTqD7yJVMm7Cd1Dlshvo1z3o2S+SaQginakTKoiyghDIpuMDb0Rr4kudBxhcUJk5XbF7QQu
Fa+ezM4a+o+jJ87c8oWm3X3VxpFT8ZJAg+qp6LHisWeNrbleEF6xZUV7x9n2HzW6gH8R9QkzzP8g
1DFKdhPXnGdKy9reE1M4J7skyFRKYuL/JDqAbbF5wDNhcCHwG4zWhym2MtDt71mIq/Jp//2ri0l2
I6UKKRaBB3c554KUPM7RzQeRZy/ylTO8g9wVL6Q5fhLpmmAWkSqZST6ljGXseEHQJCZQ3PPqrMKA
/kCucmgaW1uujxQB9afCmskBSh/Ei/NeojI0SUyxdGb/ipRmfH0AR4LUOObgmdAukOxRTOGAvFCf
DSWqi+JLskeKg8K2FMekLs276BapycSPSbbSJDJ3muzEqVKSdfNRQmmMIuanBmtGR80hritBFTZ9
qof/MtNwj8FiSmnuMXWJt1TqzdfTw1Q+Xq4vQQbZlJ5zv0kYnRS0RefKTHfILS3aZKaMtJhvXYhD
9p19Nu8ASBLGrfijmTOnbVqxzmOq7win7pNQeCxatLq8pbFOn9LLJlKnPsWH/jiCPugb4q3MHnks
11eJ+Kh65ov0Y/bYNA+e7/QnySrla4+lCImRIE+mf2rrrc5cf8RmQGRWS6XrrrlYIwhJZ+VpkRfF
r1HwGa0YOm/RXWcV3cvyh+KvkghSHJqjEm/kGpRMBRNJxSCuhfaE/D7BPDuF2DDI74+RMJXTxzhu
JEzH7VHeiNxDgWSsMch+dKXApuRWTS8llAOaZdYRLoVonOJws/MQkInbJV8pU2VJ71hq1IVYSJO1
XnNmJZRjvrfgBQCHUi+wOtUtWV/mi8aPzMA0uSq1orT/k2IrRVO+q0qHo8Our0vXZJqfUpM4DOns
4q7CrxReBZxl64MmjFvLZXGcNJIzV8sttckHVasDaxfDTt/GPotH5IU2zsl7BEhlUadvP0glWaeE
hWmLrhvxd6JnHC+dUkHFwutUpHnIhx19Zax+enh6FRrGSrpOKOahmaLdoeCSrmgNhqnu9Ks6qobp
FOxW4OpxpxNs9nV9z0SK6S98+tWEI2UUDW+DlbWL347f6prFocutTcU5Yc9UKSDOIl5TDPAStE3r
2oZp0eYubFjGOuwfx2iNS/Wg763FG2uCNQ21LuHpcJxTUUjlWJZc63dStQy0or+XBh/KsYZ403/V
6en9YaspEcBaQPosNaeZbw+fHEzDXsHE9XOvkUywm48+QQXKU/2845ykVx1+PrTLr+V+3ZbNP9/6
Gbchx/hAWJI1T+vwo1Ac3YIbQyTt0uwzDYvsdIBt15HOsFA4ogJbGir3/O2l9g8UDZwFF043TT93
zQGZx3zJNrmEbuNF1Mx+Ttexv1NJHFJHKwtAaEWvbHEXYsivInLPDVAR7re6S0TaKnZ8/FDoDNRA
+EmKhGMDM0qCUn6Ds00Oo8sIO46rtJ8X8u6xCu5FKlLeGIUgmiqtdPDmtt09Rmnnet3bptvZ2Hqx
v0a5SH4YuI6U1IYNrn31R2CCB34LGpn8vAQ0UULtKcprO0WzEC9S0ucwkH21eZS10a51HssuZAmK
XIvPNRa6Ok1u9knYLunC1pJ37ITT1JSLWVpW56jfyn4cT5YCvZ7nBoyCIkEVURnaawqIzOTLu/cZ
vXXTV9CFWkXmY+bo4wqzSy2Kl9W7OQT55Nm7QP75aqFt3ykyVBnLnotIu6aXcq0n4oi4wnNpUiRy
QBKwIp5qlQ4Ordh3cFmwjZZPZ8Up320yNHKeghyYXmH1CZu45eI/QkHGswAmDXNE8Pvb1j/hqQpE
sv0SFIThdCEhY1EeZcqpjAv1iTzpqFSMZ/9SYuP7BnHkY9PsBPUYFU6kHTpt6x5rCpJ/KX3TOWho
T6wnjElZmmjPMZGZMYF49PyJyrB6jP2jpK4ADCdsmARfNWDHLl8MsTlMQpRHIPpQWJ6ijuUH2ZlD
jVp6JKZOvqAcLceuYTiKSnE62ejAIyP5jvbl6BZSCbUvAVxZEO/sAOdEbuiwiH3COPxi/H1bew2y
x7eKJ04jP0hKiBYEuT6nYAwe4ITTAsOZ9AmoE7I+SnaC1LADfPwON64y2JSORB3WDugl/xaHHMhV
xE3SFepnW6mETWi4c6hMJo6CEHRC4qHUDWcFdeG4+KuepjCXFNbQYa4IGdkDuQPwFYQkqAcqc3rw
aBTPiUv8i/HEmuefEfpGAG5AtJ4zCMHO7BHSDnVDZpVtjPiTRC5jik9apQ9JH2GuWfTFT2uvJ+9X
Jh0BvYZQEXfwyeE6PWvMUwbgxPpOawaHGr+YUzUS6o/W8VrPJXDrbuVAOQ7ww71tka5aj/sXS4O6
Wyz+EN6QcB+LRIQxwj3tWViUUAdFZWouAa98M8Wp/A+TOE826T14y+EZD+HvUp0Zdl3/QzCw0gOn
brg8OPh9KtJoMffeEsTa4tXXkrCTaIw+qYNfqjB7InJIDcIM4bdgLnwe6e1ITLypfKi85/iHItY6
SaS0ZspZoCNZj4iLGE82w+a22NbA9rFG+e3IBwIMlplTIMohME6yp78yfcYinL3EXXwjb4uEuth7
iqsicOmqGTeqTgHv9CYpr+glEJpE7UJFuT+0YF8Y2NRONEoyXaTO9P3VFiWcVXu7+ncKj4ZOEc+g
ht1Phd5cz2EJVtv9xMLUiVVgbgq9A2MSJDtFKaMKhc3B7rSqfuIbk5OcpyBjnMgMNrmNIc0s7Ljk
uuSbgwfUp195WOR7NsjbyCTWtuYFcUvc6f7T8vaR1nCdixEIwLObUEL9CuOOMerM801D+3Cb0XUr
akXzg925j+5rMi4jvp0zpaTq5BaUNknXaJh//0PAF65+6uCUX9q3SAVK9PR16QPUyFnEhcAgG3Ce
aZ05lUwRUriZU8SHT2JFosYo67n3DGOTZuuYZbPiMZ3Ps2usonq464eKUNVg5NZBWwWzSSIxz3M5
I+VCaQolnfiov2vVh+RuQF0lzuJsdh8LJAZ9XLXL5OoplovP8XUw3gcOJMV1RUKNsNNchmulvmJb
iUDMkqgNY8zox6TAfOtbAm2nrc0+Q9xUfPYfc8NK9QssGTsVJvvKk2RLX06hS5WeSfQKn6pYgdSL
l0o6Qa+zNcvMB13MFysnBv1Drmu/4UPTAltQnyyTgh+5Xeys8Xmh0Pq/DLCLCdlVMo82XTtLM2bf
r91ONfOFFj/frZ3DGkCT5gC5DOUxIhY5ofejDfnKRMPuPE2r7RvGE5iGmOacf6AytmYYhimm8KUQ
TyJcmkzwLDKua1zIjSqLNleHbw+9zeTGdzvQODed+7ptZhteMn4I1276fwLbP80c1ub17co9Y0IO
1lNbxwxdsiXr6qedXQF6mgqzAeyHO+c6aLqWWEdJgrCufbTJ4rlwjHZ2GtSyP7kRH5jX3ObMTvTl
sl5L8wc+l9zO2TIaN/3Ufgv34vrpxsLlCcmp1dEsoF1oKqJjoPAqMq7PENTTercYiOzBkd244bxn
3S+tae35BWnVBzqzYddm8PnW9nhxuP039ztwLAd0XgYGsSeR/fC/MlnI6/kcJdTxqMNzFbYhviN1
mLjjsqm/rrBxtxSnoWspNnUWlTUVHLuc7a6p7VwRoJwXqSgXzZo9w1BcgMjeFSNhjVXeVVGa8oG+
eiLVjt6BXEg4nxoCd0ni7uCCqiTTFNBCcpNZmshEJSehhHmK5A5pjy8H+ygJR+1GWlJ0dJYkgVSi
hLqmiiLATGxQ/JbLL35o3TVEZtwxpysUTWJhVpVbBMIHvFS8GsFCRMnK6z321Q0ZClkMq1RP+CJR
VX/j0jGxdJriXfPv1G1wzHQaKmeJclUdu3crZ2kvV+DpT8dqYmpuZlK+Sjv2sSAsHnMeHFhEahY/
jBjMl7jpOUktNoF3UbA2nsip5NNXqec09NpbPXC/nBXyULEdZR2MpkSpC4vtrDAkNDtbafJ+Oq80
tmxuatw1Pg0mCiLRcLyYPyo3csZoai9Ca+O4Xy2DdhIWoj8KcUfud2K+PWst3oanBGMlMKeQCNG+
cGnhhHSBsffK8sv5IX/ZusAYIT0LmPA5BjmfvM/IFW690Qw73FFIcbSIPKI5ZGAnIxuwNCDflbYl
90GP9d5qJncuMAdBlApW5SQdXtfEJmLD+9/ATFy7I9QiCMlmTmFEKRJluqXKTftFfKFbkMgP/cSS
BAwGGJ4AwTXaefRAc4g4E/ywGpS+gJjgtpQqR1WTrIyr7GVTtQoGsoLDkuUgdI81nlUNkyoUuvyZ
t3gU+rK9mQxZc/MjD/weOM4wJMreeZ8yj2B/BJ92kPvt6LLg1YnYM3/RzOvtJ29trvPNwU1Rnord
KVkj3ak5IqdGaFNKDmoTy8a9Dl4bPakCgm0G2ypphoEm8zIFirlK+5xnkMu98gqoWLDPmWWKaOLq
EJONfLk6gYHo3ZLaIGeNHhW3B+FbQdsl30C8IJ2lndFPQ6fh7QZ2QgVIxO6K4gHP0QKRPrVr8QXH
1VCowu00PpUlF5kSJL/jvxRMVmwLTzJtz08XrXHzHSB8hI2z3skPPb9q7kB8bRzDyLH84P8grezx
lVEj7RCxLy4OF0FYMZUnoieAedC1IMD1a5qEFKMeob+bM4KdKmOT9JWOK0tOirCK+mR7ijLLbEW5
qrTw25X4MVpFc5MOJdFLacgsaFsheNmF6HmHUMv1Uv1IvvwJFf86AqgQn7B4yGjeXbxB9hhlzkho
JKlSpc3v1G9DJr3gOnIzcdsU3YZdEfWkm2SECVGYxa3aGY6ODPigVE3BtDxqAktXy1LIdsl9VOV+
lXEu35luU7n67HlXgixPqTjDoThvvH8iqWg6hv/4bL59mIlenPYe4R9tqSabdDXl6tZkCQ8RhVG2
M9UZvWS2W3eqwNYJZEpPKvKbuibCtdEex6rNtbU9pmsArwkJhNoV9NIODg/IDhqeSUEd+YuNvBd2
QByWxqgncUTsj3jsPRv6VEHJhZbSIQBzODuOWyxx4LCv12K/S8IsaXYqN6S3DIeQLA+HvgsFk41S
akBYEmydEE6DmfucVjzpOP0jzDnxOfmu6UrQ2p9Upa+qqxaHwFpKrVaH8CLnYpEYghXAxhIkLIHf
k0phCZxm+TcK99Te+XX42zHtjE/87AxItPQIwMC/QrUzcdWwlzhrHEbj8piIpOzKI7Iicyr2l4JN
s6tTtvLnNOv8XU6IxvmT19JLDWYJJo1HMuZcdby3zHfBJw1qafT8cwLMXxd9/EEsXnpISsRmluWQ
ZmStO/y8xVHCtyyksJL0oSbFkhTH6lMtaUTKUdkiYLG3FhtHmmvQR4iuOaFbDDrFt+y32UFhfy1w
rTQOouI+bBWmOB18E3LPQMntevnJcInruic650SDk+2osUTWDbtzGnNlDEFYq4cAp6htjhGbxNdF
mzW2hM+VQyanm+mG6oQ0Y4lrcFEI7SWsRsmaDtK5NSigO34FgJoTscItVZlM41UD2UKn2o1mt3mE
NcMEXtx2y5AjjWNI11LF2MaVvlrLQChHPAvsfmik0affcNvkZaaYKjcjlg9dzBtjlt0vxS+1Sl6W
yr4DydOAfI5p3pfxa6qL944V9KmHSldxGJK90o5Drl2tpMeZ1+1WLu+IsfOvmbzOJzfqHb1bjpnK
i2Hc+lSo23Nij1fCnA+iHhHsUd0j07gYoNTXXEZWkEfALzCTkBSULPlegv1dYgA80c/JiBuyiXA5
iJtk/kJn4oTJ4vpsphKvtrnDB1QebzMO8wIbyRNh0kFYSEt8wQ/O/ggHFNAQ4dH2bOBNgk252cD+
AqW3p7lYND8H9g+6V/8msg05N8EX1UvHmT+ianP1WzSC3mLNUYeTl4YGBqs7l66OrgJnhaOwt9L1
xN6qIveZ151kBbGRb7iWJhxqmGqa7UwmImzKfgEW4VsjhwdQkcYx4dMaesEXJ4AGeuxcoS555hvX
M7t8orIFCg1djnKJUsJkDERZhBpAba0TTs2XOhPRE+N90YvlRqCmIU/djaa1JgwnEtKW6tDctla6
RpI/MNTYsvX4rjpxpcjQLMp3eU5Aut5XYWyUQNpXZZdwclrEZdnCbkobW7L9zegtM+awGCVXZrKl
UeC8NYNXVV6Lcgfeqq51DnbA8l/zLvneuns1sKYfqfPY1Ql9t/Pn1eM9tL6iTiwNoKnVVgfHm1Sx
LdIhvxGJa/mjjMjsFxN1M5KOIn9lLZTradN4JCVOujtHS8XOm3jv8pxNm6LSnt1tn7gSOyPXuMvd
7lK6HsZ/JIW25/s+7TqZD5WFkSTjvSrpRcr9/ZdYTQr01A/YO5HUwLpf8Bxy2lIeTsONGswwRc3o
VeiV0nMvE34theqO+kqvEuwt7Wg/E32fu0rjM95d8Y2fL8ZZ431UXeRHH9PoRd7iJmYVvoZA0ehW
4i9OHhnFmHrirBSofmSil+Ss0Wipf7HBtIt+0hPUKiAmBVf0N5gi+d/AKIFfFewRN4FuZd+R26Fa
RSpwoQkmFqrwmOofThIKgq9qP2FblRJ0NoXR9JOMU0W3LjittHlfUc+NOEbBexhFUlcvx8blGJ6k
bmFOuLTswuR9e4E96Q2Cbdh51XfhbkBGbQZ4P8gPKY6IeaQIJRzCyfo15onhuqOiTdvirWoWzz/v
keEG6/wdZYhZH0uJ0mU0MM4Nnz01OQs8jcsMGR7UvmKqgX65V8nPRMRkfEk5RONKH1NAwQb9Ww9x
wWj5eJFAw6bjFMegimjpOi7xzYgaNT/itsMILYqQeYklWpIhTbsYxsz15SvucbHK3wa6c/EZ+6sa
05xxm73+LYQP2x7h3z2BtH6SnFndT25lrnh78soJCxRrKG7jMBaYx+APG9GGKukHc4aVM8le9SKZ
4C7Yjn2uwDNRl2VcwmGKmdCMH2KuAffghylnwR1cj1UXhSvjohlb19axS0w7FAexEZw7CrvXkQST
Uc2C/LkPSDUg9TrHBTTiz5Wy87olNapui1BMsubOT1IaTC3aokjYtUtMTgqCPmSP3DchBjSXdJMu
SAk7ed9xHjxlZeo2MU5gVdeusHYB77FMaX6zWSej4AYLOLpB5bUHPaRpK3D0UkRmMpILlqP1sGW5
S6b1j4simzBXvhm+OnwvbdbdvSFMCLxD83lVojYMtnu+o24sPUfXJarqlG9RHKyXVAPW97yf3PuO
zxBmSWf1Jas4CH53sc+pkigMPX191tYmdjuMvZQi1Vyjr2Xa84dvQv4wHxxfv4txGNSAKidCRq36
Xi+oh3IFdGr6swi+gp/UqAuqgOOc8ttpHxMvoooTHefoxDSpw9qCGjGk+z+0eNbvNz5vXN8Fb3rk
fMO0oAWWaiqxDsXGzpMuh5ITX8s/o3qJjxb0Sn4UGMsr0kmxoHLMfQkBjpTUbsZOTnWafydxzuJc
MwHF14/EyWUXUTnnqNjsw7qqVPykutwNLmg0629TT7pdNPbSYfe4cLir2lBgwfuYpqs3LTAKJeVw
jDQqBwHeU+kq9Tf5VvmUoRjHWQM5cQzreZTgwky36qzoPYhw6JjDHtM6wjcLhi3dOmZF4Dxnz0C4
O+hs9cXXwPBFI1zVBlSU5lGhcJjhHn4xOAw41InDe+oJkGJe6kJN9QuArNDBvy7OmK0l8E7dbaQn
3M+zDaxnAbsQR8vmL2/iLf4QXlQwNNHr9DBNx0kA/gWZwgSl1W+SPSFD026OSXiGgmmRW4uJRmZn
3ZpgaHn07VcxdmSK7E1Zdv9QndruuhaxYHyl8bLaNIlb7wVfvtow90vymNQ6Ip/0PCjipB1q/XTK
oRF38D8R1IeCjNRBm4jfc36lHl2zzzT78ytrHNrW1k1s+gqzsIY68AV13RfZB/ZDo58MENgxonbw
JC8Es+237EaZc+B30JXly57/eGqCDOb6adXPBVX5XdZIBwYCAOftAY7X/p0FgoQaPXpOtCJA9q7l
bAA+6K0NDtWDlE2hiexbap+KLMyLMWjSrp57aMJdM486XRWMHEPOkQmPolcnA1lUFMZ/VE/qieJM
zs2QmqKBPBGbIuQq3DoKe6wdCUvbfEQb5YKqK4AEGYYMM3oZ2YqKRaEX9Tflj0acpJVkLoRcmg95
T5nzMFpaD2MoJdcB/GmUsEMIbbKWkgZH/ZP9znwllIsOJNsIDEbhYNS9+Og7oao3cXuvuciX42rD
AX8IwEc+sFIDmZ2UhakJeZ5eaM2X7F0qWKXrAv+9Q0TAVRwKX5WVCFvl6NqwSoOljU1RRSWqMtvg
c8+NzvcLfcm+1dBaI9RMO6mfj+vGkaeLqcDGyQf/ydbD0wdB/P4x0eXvlC/yKVv5PsV9HcwWAhpl
LusHfe+kXUxe+AyE75IqZ1NnSQcdW92JqVTJm5aOlVVDpxhQa80od/29w6c+XOl7X6wMgtPlyizc
8e1Wn5sTy11Vq6s1IFx556IDtKCkPZevsY1E9cWTIMJKwaxMRyKmtxoDpDzUuSfyVl3sfE0ScxXv
ss44uXX6+jfQ3Gby8mFm8g53xanHTKKqUJ1Wqsv13u7fnpvYOJ/2hdnav5+tavKe8J841tRqKYe9
xD6qMP1mJHOKOWNaim8X8L6M9oEfUD9Q5i0n9AVsxXmuTAiA3/lcgtuhwZd98Z6GcxgoxjAecRYg
IeOa1gqKC4TZzwQxlYabbAszpUGzHdG1N2U3I9M0CRy7RdbyX4mWNL6GjqUX2L4WD5gsMH4sI8W6
gvqAaBbcwRH5PprEDFiMumBfM3rFlwrEeIk/W8Awo7tMscS/UrxmH4Ibo5uWGCI6ZIibyc06lDFE
Ib4rzgvviRCOv/Z++h6EVj7mL19vSM94wvqNkjxZ4RK9Bb4y0MXO5psRj/6nzR7E+GclL7QW5MZx
N3qMmKXzf4nwhEWjwSf1sZeRSznH+6bDfJFmXmsQOGWQ24DQBVWSDqmZ9GUdrvVh7uy5Pzd+hW0/
bhz88NoWqwmrksAsZZOA/jSmCuMmNqp0xX/pYSqe5pczFXuym3ipRgLwPw/8MJ8o8BGYZWU317QT
PtJ76kXOPCQoTJyshzJFiUjhMKrGWPZQRfCsXznwHVo/OD/3HvuG/6guPeigOOSkhsr0FkQtCfsD
dMY0dyqn6wpvJa7K+IXEzqSbqwvm5ahYZE/CD9ZmpjLWEvBl1NGbHbBqIVSzmyTYAG8N4u7zOzYf
EJ8a1ArBuMqdrGSmeX3e+83lfQsBqxUCQaVGtKNwwTifIPrP7Rnf/OlmnDboFccxHG5stniNAVOX
YkySPtxIrvab+d7Y2rOdApYFXNHnGSc5sHih3QZTTi9Kckv83kgZ5iO/udClY6/6WdqSexsMfFiL
cNAVEqgqJvwgZVborEg0qjzEBfsyw5zoSVnccQ4CAyvNkvKIeAKVYrx1P7Gfwuhl4rLcGeqD4LPi
okIP8NwXR9289+OCKZS+gF4DXbCazcNNeot4K3pNOeoh3ejTAm2aplAnZfOCC1WlCh3xFJ6lqFOt
bfNGhZGzaD6JMi0LrLEpdOp/X0UzBCyPsql0Z0c3q0suNu2zByZucrzMVlGk8iy3qoTmp+/4TcIp
guhGfce0rb3tNsww9taPdwwyNZ2v47RKCU3JpO1dLNe1og1GJnVeqsJ+sXqYqrD/dHt/XKaJBQRh
mDlmrzIHq3F+UdYGxXPJSGnIxrBteLDQjR0rzEyde31RDoOY885iId9M+SPzmNTVph/1UqSMUblK
ZkWDUBBg3oMyxYb6phQlXjoRsiVZfRKmYqeN1rywHFQbt0mqX7NVlJP2MuIj+ElYtL5UESXo6eHS
CSXfFVdlN751u4al/94GmBPqF9EEuYpZtiQWCl7q2916x+nkdl5kvs0o/1kbb5NjhqWWbcV1+Fc7
0uEIeSUFK5slIoS3zoPLPrBuxptT5ohLX0KW74pNIzDD+ddo6oVaSr9JBSAIjbo1VzAaxrbhebga
mqd1SvwZIfObiggxZ799Rg2NMVvNOCuKtvPm/CWF+oF4Q2py1H0kQOB+ovdm5GCy5sdopUYg3MpC
U0p+bzMjFwf7whNEExmw/Vmf37zEy4KVYntJKKQndtnTFT+rsKd7ZR2hIYWXcUPzbfw1nIKW9iEP
EV8KFwx2iixlhpy9LA+rDrbXmZzSx8BbgBshQjnlaPkp0rbCQUxBwNlTQhnnqOw3PBaOlJF0pDEQ
a8DOMEvoLPtqMKCgb68tknOQW1nhfu/ORHsukSbBAtnhfMucIkpdF4cJMuDeLURyxH9SRER1KF1Y
y2FQooqCMgP7aVUlWZf8fYO+PVulitKWNjQwMmoMZUngb9QtapqpLHkFtS6Eh06mKmCIaUouXUa6
V9OV/rndTfuX4LmG92tkc+O9skJJDfc0qbJNDJUIxcoLZEKj38ynZI2D8w6fCgmt5VDl8Fl8mYXR
8/kiHg2alYRLpLvkynp0KHuPpYGpabfdishd99saMMul2sjgsDp6bWMJJ9Oth4rG89dXp7BWTBR9
saeBDeeMulPVC3OYHlr5FnHo2t9avRLMNfZegywLUyeJQ5G24pXNbExai9dm9smBHJuapsvrCC8Z
IkYx5TLWGYCmKqnMWYEXVT0b0qM9K1DWOH8rqx6aivFpTpkp6ul6T72qlPZ2A30sf92F9rJr9LW1
aTs9qoTmq2v1Ut2d1c2Ohe4eoZXnbLLllMUeqaO4myvcE/aysrrTp9DO0OYbnX4tLPWdR/wRGD9X
N7Me87cFH9LltfZ2sbTtk9IXXCD5i5PI3I71GZocntfEHxudxUu50bfWrp6Zbl+cAj70xcrZ32cC
y1q3rOU0I4/lou68Ka7ytMM5vkKqn7vXvzoKi21O+PkOm799qe+/tGY/eDxaofX/qjUi83+2RmTn
+I8wB9O/bI3I9H+2RmT7V60R2f9Ha8T/r/6HNWoTsUv88D2vassNRAwYbWnDvY3Y/Nrx1A78Tvij
BEARGRLY83d8X2QrU1RcsUkT/eRhzds6Kyp1ujQ+cnhnuYQ/Gexx5rhizTXnRCzO35Zm5ZsJBToj
W65mSzianybCVmTdpSmaisw5CzUo0T35HerqtOqaXsoG5rgYXnkTTm1Hn1eOqHNvorsvUSk6H0mr
RwhsyNUNXglOIxgec6UbcGqglJUwPdQUM99mP3IUUhXb8y4amRSHRZMkPoTfpRWtSJ2RURayH/u1
NX3S6/fpzCG/a3lDhSOAXHW+wTmlNVmuhbbl3mJ2kq4boAOeKCj2m7RBSxIHPq6/syZ+tmeNF4Sn
gParJlWDXdxMS9YnPS9T6/KcWZnl4UbH33E1v8M/l3xIlH0eWXAEV08kAhi/c4iSJzihk+f16IAZ
liDWN7YYymFGOitv4N2pb/L7UULxpJMS1BcswSa/Vv6eaD8FBSMQ3v4U8qACsI7ZslCL8Ot/79HQ
ns+DIwdtBcYS+CTzFIAqUGpxN8OxsEAHvdifsjgvtFFDPWYN5PMbYUjCAm4ZEM71/tRVbJyPscQh
jBKHGE3/Io0SL4AbyZKlADvr1cQ6OgwkOHpA4m+lxFdxEs74pk8OTgyBU+jEIQf4AdfSz4Fo48b9
UXvBRtXdeABChdVByDt+oo2HR/ybAMbySJaFSRsU9hYP2mSDyDAE7OSWwanE/TpPbMo8Tqz9F2p/
x7chl1yPVTh/cADqKjiutX/9jUIthk6qgl2Ws9vH4yg78NQwrR7aNCLqGXXWEGrw0xVkqnWArsQP
r0GrHM6jH4ZHiLeNaoG1+6N+8MsKI/zxKWMde64JVscC264E6Q+e6RBCNE9wgDSIOKZyIAzzH2KC
+QcAxUC0cwJdXUmJ7pKNPnTWMFy9AuFawLasOYKxTR5DcCxR9egak3LbO+NLtmReo1eD7AIJaEOo
uvnN3Ez4iAwXgqTgsxU0Fk46iU8EIs0MSM/1Dm04okGaxB/t2iG2fKJlABRBU8pvaQpJWhGfodFj
MQrKXcIGiTZF3LiD0qvwe3cjjGhtDbuTRHb7vR4L37du/kv1PDmZH2mI3Ic/lEstxO7v6l2Iifhp
/k9F3ELrWMTcxAUSylKqjiM80KcSOFE95SisMBctF6A0HRVGnMxRzdT6pnRorUjHm5XZCbJfSJ7a
QX6UTovUkEDZXvfBDA5KUg5BNP7wbc9w4yUXyng4RKqmX9jI7AzuDtwldGYKdrCIH31j8VQtQAZp
EmfGBegWY0YdvIuusYt4Kzj9AOOX/M1NxwCC4YMRbEll1clc9Rrir0zQJtuQ31PP1nLy36tkDcev
lr8APhfPaSU9GBKJ3kBi7dceUPqH+Cbir6DufozuBczxhwqq3FYlTkTtLyJIozLtOJ3EFn95U7jv
jIvSLA7n6ZVC4chGH0QnnH7oJIAza/8Vwdj/J4QY6Nk4/jPK8r+hSdnD3gSfTt7A7L9fHU1snf/B
FOv/wJSiiZOdi6ORidM/IY7/ERKys3X+J+e/Rdj+R0TGxNjCQNDOHVKL/p8AAyM7PT4bI73Of+PZ
/xqQ438bUN7RzkjJxBn/H3zKC4v+MwETd2d8nf/2Zms7RyV7AyMT/P+WJuTEgP8/RxByYsT/H+Dk
5f2Hmf/M4J8MSDplZQZaevz/OS9lZcZ/Hhj/V9r/Njoz478gMTPTv0viKdstfujuW7W71RWCSFVF
68t1VI7iswIAaGSRJKGicRfMKQdrDhHe8r4UO4pXhmTrDVtcEVhdc7eOI2gO45vz7BuKfb6kWETM
Uggaqg9JJ86fdkbl2vH5yiObLqW2MFPfjPlpndwFZRnyCDBnI7rSn0KPFxMPfcNvhZACA8MrL1Nm
RynfOVqwc3+9I5u+9M0SPgudXYTQQDZXOocCdrLbDZbP/fF+YY2lMIZjot8MPyfOCQvtpXt3a8NR
sRiyp5ynDZfhgNLiKg8npIUELbY45F5fiL6p8EVuWvG/IsaIi3COL5yKPz+IbrTMV+EO6R3h9SNh
dBZfEbJj0AkkM4XxyJT+w1KiowHJJrhEr5f4jVktRi5gwvjSOMHjmXfwMNLejHfk7yaW5HjDpBSL
zHspoxGMw+7nfAgxfh55bAR21yYD6L+wjJOhOtM1MbeSfkbQj8SssDJgu5jrMn7CyTnDHETT4Uzz
KK6Yors5KXBTz5T6f/e2ivqCi6z2i4XWfDtTdLEPOLSPiEgddscQUEJkILl/Ma52Qcb2xmu6+X47
UEDBrpxgRT0lgsgd/JlaNGlTDR1RqJXV7wZY2zy5KeY+SeWGFOLIFkm8sw7PjzVTkWB5cSm04Gf9
Ajor0ZpQwUgZZsXBDDtpO7UeACfB6a75B/qCgKR5wQcgta7a6iQcWg/ZvlJ48MSzohDFmWos9fUk
xMelfJ/+jINFThmHVNEej4RHRY1cqoyYNBabzKiRU21S0NOU/SkOWumyqRf+Za+Rs5ZpbKagCypB
xpOuxUiKlZUMZOYxFOqgrIjBLbCvVVsvj5ec5Hyrc27Zdu1TAoO7a0Tos9OAY5fSEIXPUXGdynIc
3KKKFepGGb1fjSy8K9UljTQFNnHJGa8odCYsWaD+M+8kXAE29WEJiilCLqm+DTDVGkCjusl5Cl1P
3E37usT9KdeRZ5pjS9vRxzYRj/kruceqV5fd2+AI0CxrhSjsZamruo0ba314YEGYvKBUJq1vXXeW
j02g1PKqff4isx5Pp0iGv8C1j9hHpFbg5WlhTFRXXK+fsrfvP8V/T/0M+i4pFoTz0JImGNyDxmkv
LfDNVRnWBYgRPwiqf4tD3pHSFUAXTeTKX28EQdvvz02K6tkRgNomQnOd7xqrbpnAuJ35hpZyInjF
oyvxiMi2Z67WtuNN9VSVVq6fCifQh1PSdsZXXZlFJJZ6ncnB2pkmpxLxB3MX9q9NmKV/OvPFlkws
Bj0/+PpLqebt0RK27B+fdU2p+4khQB7seKJ2ZHbiHvcqaTvUoMVBvr30T28UFCGna9hOWfRVqPYp
Al3KL6tGOrbWdmxUG4rP1vEkcSOSpBimJ3/tyeK/ExjYWuZ9DFyz+3Jm0y8QDWltaS6StVZsWb1i
QzxBaTw/QZBJqYPAsQWgKaNhOP2D1jorajbbShNJIKXJ8BVWgoq5zj9otqu8cf8CysxM/wvKHPT/
GWX4/x/KzMz/J5T/O+v+PSgzM/+XQvlf6THzv6nHJSozjkv80L23SmftuQU3N5wu10YT9v77/GBz
9mf25jFBUBL5M6CkcMNW99TiVFZrsot4+t71pn7EPn/JLG73EG/698x0TPa2Mdpv94Cq9517G+Zt
+wdLR2w2NUqEpFhhqIeOSZ4sAUjp9lNpOXvN83w4QNXleStb7W2pR5pUUKSjxUzPJaPDt6yfjB8k
JN/BoUk25nMh5AUT3dIxabLVHRZq90yAmiLT7vmCmjCYqdhtMLOI+Co1+lHOPNzyBiAaC75pMEnd
8v3a1jAKxabc4gNYSOn49ax9fm3U++LMvmmV8Ao8gOowhyWvkLCVoDQZwZpFBvSH+PSPnT7VVRKp
6X/JVR0H1KWy8lKg02TMDFRPVpdnKUBvwNnx7b+pgk6gTrmPad+pQM3e6KDIZ5E8KN/4H3YhcDDa
NXSDRH2pFd+JFh8t2BdsQIPenM2GbR5T31U/eGhBO4/j/9KIQCHiX7XIgY+4pYw+SsSF1eMcVtam
VwGQOY6w/+ZWVcpqM/xVu8DrgJz/Z7U4HbLYWI/iSfRX9ywSWHLCVxYwul3Vc+vFcez1gL0zIYSF
Mnrw5o2Md00i51IapE0oNn+r16ov8jSP0AyPScYALkUlCTW5Et5sAcTkvXjVUnOslR7swD+2/9Wo
hR0H3H1MmDwbfPDdKXCoQbCpBSbl5VfGgiqtf7jWuwe+1BsPJLMIcLsIrbErLKZ0pzwiMJOt8Bfc
eZ192ZqTNWQMLaPSKhMa8WlBMp18yoE44DmgDIE9YrVl6944NV2xVklX1OizgIGBBuc0cvhlfi0f
jF9ybIygVZdY72ErYr8rhRjtb+Y6B5t7XFZFyrTa3wpYk2FQU9UEagfOWmlVuyicwVxR4338fAya
2pC99BZi1z2+j8Qqx0TEEwKaWdvCtvbjsrbk1MQL7zXPalmrewq/3bfdpZJsmBpkXFfPv3c2DxbL
+AIW0to/ACgJpzP/ihL/oW5sjEz/GWT9f4DE/2VuzP++uTH/l5oby78yN5Z/09xKVP+XuZEDxBSm
WGv0spoHNKeRoswLLQhV/iNuWg7WJCJ85b8aN0btjSZUAIB4zbtgadkYiZ/iak/iFL/OqqXMU4qb
rE8xmpx96xaVbsUWao+NGhphMlRs0hYmcHXmFajJpCA7GUEZXOV6Pv+sodH9lrWXqFdOeHVSXcdf
MwwSULyJ6LoGFqF3ZA8fEuiRuxmsKmBGON/HazMimGCQnjN31Zgpdpj9yJhz5FtKHysXIQ6LKkF8
ys6cpEUyj5BZGM4tCik+pBjCchWcaZTmGBh0F4L0yu2+8ruizqNfKTUsjT4EVsg+5B2OQqFizTVn
aVbPp2FhVrmpJfE63zfHr3ldCB33DZgdjQZFdM+MNdv3duiXmCkQc2abpDnQGYGAGKAX+tIr/86e
+hAH9WxjHdolKPFCyVNaBRV026rCwkZy00ZfzAqByAcYREXYbui7e2BRRXkvAWpEcu4fRrG1mLCS
Tmw/FGSkmnVcr96at3LZQZQOqEfRqLfD5+1vLO2n1s2wqpptcFN8uq0cuMYkvdlm0txAOTT3AUOg
GYdd24NgZcaaBUbqjo1XP1VrOmCpZiRc/8HYDulCSz9buNtrQDKGBegwA6TGTMQPLUKIW7GQufC2
FTl/fuKU8fT6zFz2wBQ+D56B15YMzgdGsPOPjcxtWIWoGDNqvtAeNi4CC9VS7+aA30Ea/juOSgAs
xU5FqGnX3SukoAEny5J/hPPJyNbxh6txJXy802vsoCVoiGqGJ5t3RjQcFLplPSyBj9x54AfRij3k
t2Z8MA9y9/tpvkF3OVzXG4Zrz200hHTZjs6hSitNXptXe9iOCo8S0pmgWWDjrGTKHMQhNwNSkAhF
mJ+nWBx1U6T6RaQN156ZnDwwLCW5YNONFkWjoG/6DxSZzFJ0ZebLxDizXCD0+R+4Kq2D4X1h5+vk
rHNzHfRzlQ3qNpf96x5KKk8fPe3v8WtcmWHTsOJy+5tFoc04Y/Othn71/hf1tmFfifZcVnlC4iF+
CMcRLJWEYh930+hinlgpmMPZo6+7Zc2/opbpwI/OiyzKTZ2ppLAesJWwYdb31NaVcWcX5sezSxbw
Sco3C92MEbWFaQ+Qy/23XnurReNqMLMfbHyc2S6m+uUQqIEeleIC1vuKd+CzkbHpRGUMdOxq2x8a
vIBPC4iZcpFEdcDM2Q1gKNtXa65/VeubbTmD/SnKcR6DYApSOsVJIOL4yRN3goTgUxQ3HIwEbSW5
bj9t8q4KyGCcwvFyHO94VcV2OVl72Cf5+1f8xEZG9P4FEVn+w5s4WP9Tm1j+H7SJ5f/SJpZ/X5tY
/ku1ieVfaRPLv7urqCpj9992FW/r0g81C2vXZLPfwBEE+0MixbHhwSyxF1kZbC6Qn8Hu2z600r/d
mxwOSEUEeYy7uLiYbmey7ncXQHYURv1I80yZJ5g2mZ9CNDnzdrAqbyfmfWbGXoxxYlR9MxYmdXQX
FGnIpaQ6G9Gc/Ba63xqB1de9lU3MEzGw5qTLbCfurxqnpWLHx3wbmqXsLJRw/QviY3imsJHTjnDK
TNlmobWXrTyZyhaW7R5vw0eJMuvOvXnZKB6LTqA+JD+MBE1SUYuzgqfZWYrxKAzOOM436urNu6qC
Z7d1s+RTZCXsTMq8pJfZMv3y25xArc7b3Bsh7a8Z+2kg41a/Oet3bfGqI1mclvFArHTc60skxkrG
LtM6ChQyMqsnnY4TTlE5GBy/yQreW+Y65HSf1IDNvrRQlaUJvSbf9V92A9Dkn3nkWwcBxpF7b4JC
+OQxf4eGOgdSpkS7ndeDfl/E5mAasI4hm0P6tkStM2FqD+sr2rAmypMi3XZ7Ftkc13+2oYKh4/uB
WDfts5hr6RHzkOtp4sdkBDuWFORcFESFSBSqT30lSJfUEfVUaSVi9MWUq5irUkszUrwmI2sXI5kd
kzIhweCybUZxFgeFxVunPcP7FOw7SEaSQGqnQtdBeZNTD/SG8oYRYZbDXi+x3m5SsWZdk1Ulg8Jp
LhqCF0qARxFkgUErOy3qEFE88UblF6p8LuzvwkXWqjceZXU6nA6yPWtXoitAIaOiAT+GZgFCUfsP
1z0t4xGi92am1M9b5Af9h+qHcmyBLmFr2dgvhy5jDELLcvOkRyfjxJT4PxonkL+et/ql3bFHBmzH
sF4HrHBXVFsaOkDWMjfuKnfMgH7hxKstRPzNv0utLm6Sq/ZV3ZosITSJMnhrNGWNv5jBI5HR9qWI
UQYAsguZSgIwb6CTOkr55GvtifCt3iB06prXm8EaXpV76YLuAi7SaNjeKDtuHci12pIR7ugiqGB8
22UTzbOv2gwo43MgQ03u8UUdEZ7Iffjj7AGM4nFCAjmtP0kbZGi+zXwvxvZa8lNWAy9pN8FgqL6t
ccEviCdwXUVn7RmWdRlGR/jhJtqMdw7nIthgoZ37b6I5MPJCdalCMDoy7vB0qTbYDxJOJxcy8LvF
QGa9Z9Rp55MX5RbRc5Zty/WM5D7XjgTm8vlKSsX3epCd5CfzBoOK68xZys3bg9mPCZih9BDW4H72
g8uz184vnleUoifHW7uFeZm8LtIP3MJTnYtp3E5s9LUtPPzDV+7IHf1DySLMjsTJcvT71sAN4oNf
AcCd52bE90f04iumLv8VHv9DGDnY/lMYWf4fhJHl/xJGln9fGFn+S4WR9V8JI+u/KYw5qhOJS/Tw
PZdUH+Z4Bw1HOUQGtNr64VYn/A74ogNCI6RRQ/1g91reUDuJmq7hGZDKsDeJy1NePSZwbvVh6H6K
KQzIlKFBoWBn+6YeyfPYAoMNA1ad56NiWlSj9SyTWuYjoAfkYWKKyqoKujVXONbkuAoS5IYSP8Ya
mAjfCelV2DwHLSiaiNdSkB6goXvmZ7Ss8tLxXtAxsKiJMsw43dUENNcMvkrjiuVc7RVWGAR8hbv9
XuC7ofmN4oL5zwCCw9X46L2cAXAnuDVPBMEhlYWKwH9xFZgrY3hD7wAu1uy1iFwnQQeiqETlCoXy
iFG73zGv3Ck4k2oxrniR5gzJPlG9aIuo2+5qyomLPYgPJSkMIuSFgfERBubgL+hYT5xoxbwimEL/
cgcUo08gj4ImvodarEN3mj2Eqjatn8vFasitjzFViszfBazpeT3v79ElmAy9kgJP/zGFSzIA/jK0
ADsTTwe7+hhk4LMOpakwhf/aa7Pi4Q7BrzEANJSR8WcuN0K6CTjz3cufn1UHRHOGzMp14oxyLF4q
BT4fxv+xZ2zWziwLGPqILiA07L0DeHZ3EB0QzqjTDLWu10gnYmX1MHwgNK6MpARXv6YsdgohT5pU
LhTy0SGYZSRLcg/t9CIkKe01hc9NA72cIHxeGX6Dj52OXu3xm3XLhGFwraIJzNW7GymW1W2ICgDx
bbZ+L75tqSLd93jerYAihiXPloQjSA717vE1E6b+9Jx4Wc9kO6ZK1rN3yXXlCg3kqc+3HdB0TKp7
zh3jIDWPlDm9ZEc6UaxaPLKrQPllNVJ2ZG2wkDdQ2/ZtUxeZv+YW/z7YyHUiYhiZyOuM0R9mBtlO
UlAtf/ATLXQcvdM6yY+0rhbmQ9oyWDewb02ww577Os5+M9yrODrdTAiDe8ltWTinUMaYoJQqDiTr
wkulCqILXXlgtFrmJ50nlHTM2JdV9MAt4ag1VGlvoqme3syUewO+F2ZxOsoYuVgchu9olo1OYSWe
K+lYRFU/NivxaYjt2PeuYbRCa9IGnruBjr1eUxdL2pOOP6SFf0MboCtx4KveGM8sFLfgNPRaEH45
zLK5CEqRzovDOrhha+gH+VeHDqz/4Wns/9vKlfX/wdNY/y9PY/3/8DQ6AVtbu/+eyPo/6fCfE/gv
9TbW/+Cw1j9z+x+vZGBl/z+OjNno/wW92Bj+7SNjxa1/5G5O7clBGSVYtNXkPV0ee5zCX4mj2PEP
wRhxK4CWNV7yr/Tcg6exFHt8Mbs5t9ScV13bfqzseSzjD5NHxgL7nLnOEprmwv7CqHwLgVBWZNr1
JKOt5puBKJSbu4ATSxE1zdkm7vS3wOPFkOPA9IECktDh9PqntEYnwV+zMBHdu5juKzAnricumiNc
TEjzK82TcvZ4N+gZWWz09PLUJwPJoUW5RzfxIgKZNGf2nMzkZ4UlDB8SH1094mlmsh5ZcrxSpMUV
7gI75m/xMaVQO5AW8CYI8HUDfHp09q9JHxzvvluQN8IT3TdrQY+3EAmxELO9sI4Cg4RM68TTACnb
DninhT7EzJ+79Lbj8BfQAXS/KACYURueapjVw+9Ik3FxPqX4kg7Zs36I5urv7MUZ7EKWRhtcVQk8
GvsD0vX2PkigK946jesg78RUSb5xkJT0N9yXtRnT06NK2fFoRaEPhLZ+c5ckcjDnleWqEx3BpAgX
stRjzAFvKlqz/FAJMXK1AeUer1/WZ3RSnImJLnutB4cKTQJ0YrNtXkAc234b+igIcdoLWsRjnCAc
macBCGQzEkIHB0u8R31p2Fq3ijn1hWZiGH2rba+4HBf2IuEnm45sN0p4jf1uF6AqugxwcF8ftu3d
yg6GJPTTyWPIMY++M39SzKBLSASI6Th4vkquMcxq8IE5M0N4L9ftqqcSYL5YIRXvgJJEqoamiiJj
XhBiDmM7ojtNg0UFg7h2L8tECia15J8e0gwGLnLU83iCMXxNiIjrP3ANW+L+fpAULXRDPosriKME
9CmofRHuVGdafBFAXSz2ajK3kWhLpq5/t4meDFB6U7XBgZHdSK4C0NejPASsoLbzcDp0MhyDYg86
jeB12W92SRiKn641aX3/NIsGvpOdtlZhKrblcbV6648VEhhG5TM+pml/Ylrw4n6V5c9E1aSJzNO2
CiyERTkQ3xYVacHYXbqQGafuwQTcb2UpNbhK9o+5JzxQs3OuRO9goKakeq/LNtyBu/tEUtDoGsmT
HiIKdC6lkMSLvzo5+QxYrRyM9vglw+o4/UU67+Fxj4/xzLRXqku7kwEjjpfA8P9C28/w/4tYvz2Z
d5SzkIkCSX6yiF6c1WbZUSefVnAr6QCEvd05LAxU5sTP3YFrt0Vpvk9l8Ada8ZYTaZZL92vOjKy9
bqdrt/qn/kwBb6cFdUbTAWDbAYHdDPkpriO0hEdu9oWLjpcDh0+u5XRh8Z9/Ewq1iiz+INKl8H4e
hCpNpPMHFjna4r8CKNt/sJKDhfk/CcLx/z9A2Rj/T4D+d8T8eybHxvhfCUw2ln/FQtZ/c+tPfSt2
ixXe51QN+qUEub4KxeX+uAHmYx4QJHPZXIHZQxy5Y3dVtbu1e8ZX/qdpaApDMrXHVfMqqOPAnp3b
7MS+WMxTJi75Pm/CDEPmMdoV5luUZqdvE6vy1dhc77E5Z0O4qAXPtNk1aq1ZUWpyEYJnPaRDz7xW
lxqL2obb0tY8E6MrL2NmO/61aUiCdx/HYxNO1fWMxmacLLYAPiZnaltBOz4OO9PH3myvcHfeDYrS
7IfhN1U5pXl9/tvQQHFUjCb1Cexc70fijFbKaREO3fm58j397v6dgMS4kZpG3M+rn4nhi1h0EuPv
1K9xJTVLsR+KFrXtAWHfEBW3eRrEzFLG4gwtQakYmw3N1BYfkqdYFN75J4iQpURruYmTv2UYgDLT
c3pmhSFu0Q6GeMgeGoHJ76QQJ4MFy335h4FteXYxadapRz9b2xviYVUfcfPb1Bh3MfkHVSDTTw6y
svQntgbe9IIcgBo+ifqN5klYgdqHD71HBHGcWxyx2GaS/tUO48/6GBeZzqFAfngFhxCC4+j3DVIe
6twnvPaaNX3wJYy2UaHWFnW5ON8QsMFA43cplqwDO2IB/9CEtdNZas/MUoeUMdryCYEC71++11ND
2xh3wrnP+LJz6odi7LVpJDLqwGR2eMs2S3pu0Wy0h8bAIhkkluiXMFV7C34G7SEcrxPCGusOCNOd
T//vv9qS2srdInPYQ1j14+le0sNLSK5WXViQvayFkImM9YFiEai5BvNEuj40q6PTROu99ejW5SDw
fyPiDeRiB4YcARtgCEcda4nzanBy+wvHsLmhdBnRMah6QljG9h0bkNYLayMUtgC42gcfXozCoZEa
LYhC+hkmI9iHgLLyGgZlvb6VZfnmjt8obJiYVB1R25A2S2cttyYyGZRok90BQBy6PJaqFRLNFueg
0siymd829p3/UJrnRbJhSBtE/KbpICUnPYlCSlnCnIxsZJfrE2r3t4DbA/ECSUgeDqi6Rq90HE5M
uThE5nWP4/BNCnnt7Dgl5nHTEfIRWsbmpR3vA/JVuwk4KoQXYYGe6YhEL1JJONhCZVfX8YMHg+kP
NcG7hJu8USCnHg1amOBqW961DYcSwknG0TGxdk5f3JlOkJnkL7ZYFEjaV3dalJzFBPvn3/kjrQ0F
Ur1pT3YU7eD+TVCnESPq2SGZfDbuTznk33kGeN7S/dM8vvxmGMqWynULrADu5C05lFZ81s0mj7mO
z5xPAAWWjCcCbnTyWEVXSlhlODA+cgRXaH15tSeiTu1EXtSZVOVsTPL0QuQUW1qPo6PQcZawTXZK
l7M7g0yX85QpzEPCNzL82vur5xtZufYZ+dUtYX6CmT4yJ+bRIDj6R7+fCGIQlKSvi5wGh1xaFHzV
/sTeCUuSqSVxGIoRlE6QvBzxPiyE3IcG8LjIBNG41g1KP+ds637DWFASOgc3FTev9y8KpHGiMY1g
m9wuRbd+jhV8qKLKtJdO/RGf2wA1qlvvtfdurpyLdcx4l4M7maUFPgDg2AJXVRWaxehnHY3uyKbm
h4GBLnzIH5yxMGSIZiqarzGkcC10P3061qOyO1kopQIKbIHz2ZMMqK+98fi2nctx8ijdNOrjpaS7
dNOzKLo0EM25UIpj0tW1EdXGstPvyDSgk6G2dZo2vTWchiOueug8+u166vcs0RTVJe8XPWQyuNk3
N1YDOY1lu4CrmlDZ31n+4xsu0HXtf36cFG4lZYuNrlT5+Oj0LoYB9vWUWQBZN3NDWKxRE/X7ap1d
GFW8PdvstnX6Ex5vly6hGX+vp0Pn/IHjbTDhIJYiLEiEYM7zEj5T4R9NC999GIW/AFrce5z02apf
KwByxL1By2iUjsaENF3gAcbVPjzt214wSIWToIGovAkcApcmfVcmfJIcd/BqaFhL+wMqV5rGLm7O
JHdcnt09A6Jk9cEPJvnF3g3Xi4x6m3XY+oS90JAxjXTafTIfOHOXfgAjK2qp/6oo/odBMzCzsfxn
lPn/oSqy/V9VkeXfr4ps/5VVkZ3hX1RFdsZ/ryrGqMzYLvHD994qTTvQKKxZkcl6CxYKCopjw6ey
48PWOIgTsFocIH/wd5M1cX3G4CSqKsBt3EzP+vIxXYJ9iMP9Uw+n0jBoHqJdaXxKc2vtXmIzeTg2
2bBfEmylN8cZi2TYuwtaNBRSU51v4U4c53W81enUPbhLHZvHs/vmaNIMJl7fTTLSvInCTBpepCae
4ufm6fkPjTTyEfl56Zn7HI7lC8/PZGSaSqwfb6NPmCq5Omut0hp5S3UX0BpdBpdPjd3CfAajnRqH
fATVDFb84rSQ/fi+I6NW7rAk2iIgJrqC1ZW2SJ9SLl6fWk0vdqHnaKv4d+mI3gvhb/bZ5E/zzwO1
zMqrEOgUX59DPM8XPSiuTDK4MlMqpiq52QqFblzwVwd+ZMp/CNLjSrAvURrQf1NBUKIUpJAs61Px
CjnlJVBCfHEI/xqadl0idJkQMRq1bcEkq+Bhxn6bwUA+twOZrGZrTS9lNMQtwAvLG3salXuiy8NU
hNH8mSQwAnt5nvz8pCyolKRqHB/ZwGHFJPGHp29F9jo+EtSHko90WjPv+/+x9xfAeSRLAjBoMTNZ
jJZkMTMzMzMzsyxmZmaWLGZmspiZmZll4W8PvJndNzs7u3EXG3fxx6dWd1VXZ1V1J3ZlZheT9aaO
RLQ7pViH7R2muUx0QHDp+zx8bRV0dWAWgdUyvgJWh7TAVSX48JTqXX2sPhg+y67ErBnr0fOtSmkq
ekSqyfVYBIZrym3lC71W9DcOboKKrz3hAilUmDEqFy4CWM8srtYv6dXzzPDfs6t4JVgwoQxzePOE
FwMm/YH4gm14GHgpK73bxEtJj4gYs76DWqksmeSgqSZ+wQHpRUZfIVObRYgpAKkKIjuuizRm96Fq
ik/QCpn5WuiHkcpzeXeGK831xfwFiN3je5ZbxarvxtersygtiQENHhiyvqFgsnWrkyB8EfD8DMRv
pBGOQpYDQbwzK55dDt6vTkVTwu7qQirc349p8NlApEkvMVDWaSkGrIO50BE3haFdYlyHDUzSQjq2
gJxKKreoT2wrD6i486gx0G8i3xPwGoVnsYMD60ETkpbPOr++fzACnR34C87B8rsiy8zwx/sI5v9O
nWah+TfGwUL/nxkHC+0/Zhws9P+njIPprxgH8z9Up5Ul7Wd4oNsvKienWGfvliPjsHy2egAOGeix
PsL2OYqIW2gMfJ7B7dvw7fS93zFdm206o+FcvDIrKCI5OrtPpDpMRHybOaLLEUyVUZ4iMTt8GeOV
d8WTDIpNGhPDDr8/Z8xpX2sryliWQ0RzsGQqtMrzvDeCqGJ0mRWbIZgiztSiOiMfoK8UVLMR0HKi
Zr85poDZjWFAnkyu7yvU412nY7jZkugVVJ05YdwTf0jJYh2zV1tw6NA6Sf4ue/KDVR3uhN9IfGbD
eRmJfBlxe3/Zynq9Cx8vO7u4PhliRuku0eXWNnmNXK9gdZaHidOq4bvfnzPOMqRyfa5rvsktsWwW
sksSk9i3emldhcL+oap1uEky7gmWxSmmkgkLmAXjERM8MebdRfS+RI9sUt+MP6oaxFMCpgw/JRPV
AnDLUyDWfqXohQmt0i+sdU2Xd2AmPF/62jNcSLZVmxj1NWyjkqBYda2nZYcOQ7r948Pl0nbcog5I
V8OjTO+aEN/pFC6o1KGPsDuZclaQO1Wij7Qy0n7clonQcsO2mu93VAVZPORgCSg1VJ+7dXkS1/vW
UM4JfckpzvBhq0KK7s1srz4yCRAYiVZrrlwL1kc+wJmYH+aMi6DsZyYVJKkoyTkaaKoJMi26uobK
ijJ9FPy63Q0LY4PyzYJSHyN/hPF5l/yU1K9hWWlBjlNfGOWSuVfhCum4Za+9oRQ+2HYC9RAmOskF
YzZqg3yP+WQAxD2oTEZSrTv1JbL8I7qDs+/w1ODMTMY9qCeuOAKXgBDMUqdULEve4Vw2UpbJNQSC
WO1syeR7mEyqUQ5LLl+Sj+2RArzNcEIMFrs+f0U6qGiWL9wpyrYrfmPbIPyVTvcwlH/oGz68E5+6
z/LgN59d0VeMBTZdWG9R/xrOQJa9ZtyBBiQ450WfaqUpZxxRdr5pOeKoJFgRtd2O6HsVxiII8iTS
4g+HPOGTjaUSvXZZYseJXANcB4T9SLif3MP5G+NDr7I9zgALpaFtcsGDOIlRdAMJKleXqLOBGZCe
/UVuVAl5NcFROBFN+2BN+KhhVvoE6NmOxQtOOXem0OlLDFXp4HboOAwouMcSFiwMqBuxfOpi8vda
dlGWt6utOEJyFKUZsc9PIJf9SNSQE65BuxWtjXoFfZI+R1+qM2op+tE9fYsrtPiET+hHneFDQS1k
tLnkjJM0nU24Co6nTDXae4PVWTrVSxffw7qp1QsaHbgxnaBDpsHgUrnAJJ2wgmRWfXVw4X8/lX/v
kfw9pgWYQha0m5GFQxKC5JjuS/Fwop96CYO7vOiMGB511X3oJgaFBK781TYACf1mRfiglVlXEN/O
+xALCkbHUTcQR6DtaaQkfeKId3VYJ4H+8f1fsdPfNSBaGjraP2r/O5/yv+KnLP/GT5n+OT9l+b/k
p6x/pYix/lNFTHZEqpcGvu2ZfD8Z63hZKo1YmEcE3Ja3pg/AlgcfX1BSNs1m0++RsiNAk30lHhL+
WneB/Tl1Cduq2i/HWFO3yg70GcN5Uc9zSl2Bk+IpVEeo5bMpkqafJOl6tiJM+Hj1Ph8a1FlnGBwQ
xrpwAiq5vmsmZejmNIeTfdKMgG/eTA0mvesergnpUiAt0lf/T851GGBGSmoK2OOcqILQcZo6zd4X
NA/rZtPC30EfRMYz5VT8/MOnYIe4QETjZl8f0cKuvOqlaKFS5KqlFKEtsgawhj28O78VkDy5wxuZ
iCF4r8l6U4S9+Bk+ke2/8r3bhHMf2YeVyAtwN35JEQbJPaFAbW4odLCa7alGxaOMjUJ++3T+oil1
XJSbvrQYbpGJr459MsQpIr2BA8yWYAWsYAdZFxX36FR85gCTkUvhGCKw24lwd5Ijrdjkx2MXtXAE
CYC7rCZnhk6E2QZFMBbYWBizeKA1DQqJrXkL5TNTt/wXCMz6uz5Az8T0RyXN/xx/Wf9NH2D95/oA
6/+pPsD6V/oA6z/VBxR+96wbLZ/uHj4/1j3CyIO7VWgEBGQ4zJHZG44oG67xJcCdfadwVtb4VIJE
ROkOz2snOg59RNjAwjctfaShV/4pEEP50Kaa9bMCCWk6GWTaoK6UWcbnqeUBSoxqv3C60zH+M5wS
Y+57GCcjHFnSsgK6V4VM9bgndPoZdMf8KnoM/RYJ+mv0j75FtLSmOYv4UQyptmXISV9hmyhidscl
N4BNfa+9w2oUEK4Ih7ErEOLxeaURoBuLouHNgXe4+obV1h6GAo5a0Unzw0iFbRaiuPndeb/jVIpX
17dh4tXopH9Lt/lW7WfaiVowwu4nJ6GnOp4lYCrGEp8SOj0K4FioJFIjMsRnvoVnDoQOzPqInfvC
S78SclHLtBBWpHc7ptd3ksKkaw5vedEhFQ9PSBaB7GsNVQHNmShIHIV0bEag8sjMePCid4xZwW03
WNrDZqvDMA1Bgt2urIRjZQUSR2SGRCAV0eb8YtXfvji1AFSPEjr9bBg3hjn+9phI6al8VYbtltri
KEpwOMRsOYQUniVfNZjhi/Scn63/vge531+WveJrjqDR7r1t5uuXbVQGpL8W1KM5Eltj5koB1+Bz
chnyPeOyvG0zL2m0NbHdfXNyYjgM5XUIhND5eJTsNQ2ZLEEp7J2bOGES5CorurMQDr+Ok6DVh6XV
R9/+XQxVfb0G3N2gTEp54VTN7lubzXGRemX3obrH/iFVX2/vF4rNu9at0t3Rq4uInSWVuvOETmft
AWlHfool9BcHT4PYJXbq4g2Km3u4HV6Hkb+izt/FCyMLyx+V/wvpwvpv0oX1n0sX1v9L6UJH8xfS
hY7mn0qXOE7pH9Il0Pk9VDkjPafbaZpBlRdbB0hVjwcaXg7SjK/zax/ctpddgz0sJUgOtPO1x+P6
QTpjRXVgrnSanK4ZMhOM1dTWqV6prHVOdfnnU4Kz6Droip5pNOpqePuvdV1h5Aw5Mu+tLFo0zjfB
Yvolda3SSQXOR1wHqIXZmJ+x0gPs+Qsxv/tDd880JV/LvUSbY4xhhzM2flVPV981ZCFO04/tbWCp
VSrqE15kPcez5JsmiU57sOQLhdk9/9S96LZm7+W/vs5xK/Uwy269DrnkBLMQ1x7U3jMa69IIWySt
SLHR3P5CAXXcfrf9mVStsxJpe4fsDfniCewqQIpEcBJXIy8GrVgpgZYgmiYSONj/RUJHu3c0iCbI
U3Uj3CIGPw2WIeCCl4EaEG4w0vSUoAZbfhf+oMMaMZmjHO8ENOTykJXpIFdRYntyJ/Zhtm41tvYZ
BXIJO4OnodTaURLtAHN+HI0FxjZum5msiFTZMHsViS2X4mXksXwDf68GgzRIEmFvKdP782DgLIgG
VKFE/C3RXPQLT9oYHGDM0GFswTKC87JHmQnElnQwZ9MR1xuGo/t5PBb+1hNUtcFN0r9Tw68P/ecR
AwPDH5X/c1lFR/OfZdWvSPaPqOHXi//vqOEvZBUdzT+UVREKklE/nXqelUdhhJcld/Il48gpEG14
yQlsebBkmD4JWi4Wnue+8r5If8OdkBJFzcGhuxttS3G1PkVamwmheytuGzZJM2Zwuk0BVWtnJTeb
yD9crVlxiaQ93BwNh2X6ztO+KJuYWMcc0iyu8J6BBXkqwZ2rVDcWX1xUMpyqMZFsqGUn6MSex1wY
xkBJHY4/GXFl6IS8shuiTg/WCAl/FqPFXFexSuu1UKcqb5+vOPM1/jvCWGRHtAUijge/XVs6UiYL
SfEDxJqa+eN51KAXd8+N6Z70ukdtYDThjoWc4HW3myf+vKBNgH+ywxL+XQX/sPzXRad4cPVnK+gg
aS7bXdhOuRufdSaJUoRlmqQ5vPnkzMXcqjbI5/q6liY0ExiC9zilQPjIebmCtGnak1GNqRYJRaWD
5gMWZiwkewovktkXG07tEeQrSLhvGzXZeuxzQzpVUhfO8FtLU1czN+62B3wNeF9cChBKSWoCazNF
neSEOa0RS07qiCHeAJy8w7t5aiJZVLBv62a0PPB9gO5isOcJB8vcHiVOlxmAOB5Q5KSXHZA+eHYt
AwBFTjrRaAD79b/FvPQISTVYFeLVC3ejnal1W9Zn44VSUDdoPqUJ8IAwr38Azc1l6c4esApmRh0H
oJMKnPXI/uJUjQvEjrbq6t4K5kUoS5NrEu9n7sooCnrrQbA6A3jLdc9lXgLyQuNwxrcaX/5IRfHZ
ILPHPCC+5D1W5PITFDUMtYdWEcqQcfi8fo4RHDYBsUUTyaltw0DqAQ/LZRfwm/CXtfJtQcFQWMnk
PJbrV1wEVqu/8MD7FSd/HjHR0P9R+T8XXXQ0/1l0/UoD/5BY/09FF+1fiS7afyq6Yrmte2jg+529
QhvnEkOv0LdZzN8psMkUVY5lHHkQkMmyfSdzcL9u1Drb8n0M9adbnVnb21uXXtoBcWPxHBQOmmbH
QnXph915DpRhxmNgjDKswU5kUmWzWE5iVin+lA6jol3rtqzakFUJXkBYXfRRkKwBDT34EYhjXO8T
nfVwAFrFvV39KJZ2xbWkWyR+BMId6h2qM8RM8opGETiOaZitmAE62DSi9eSQzTTg0+XaR6abyYH6
7q+KrXC9Kc0BFVwcznrfMpzzSTiIpUiDv18TJKbTPsohCyOj8KHJmKVRW2umSSeXMj5nHSCFpVNH
U/JFJheQSPh9Uv7OVXbRe6ydN23c8Ri7kU+/oyYgMezlPdahBiqGC02GmYK1c13+RBs8jnhLGUWm
DrN57Apm5Wx/qosD0nyp+OWwXOryxqJKx/5N8I7PaWLyHSBeMg39L/CT9l+GD/0fwoT2fyFMaP9N
mND+c2FC+38qTGj/SpjQ/lPDJ3HEboYGOfDhS2htHZrjp6WrABgggMAe6Ml5IKjCsHmW/E8QllQZ
EBe95lcUWJqRpyx2qflxggwtqgfs798LwFiCwDYfkegOokVhbzA6uqGlgqAA5gCBKciwlAhnjKb7
GFglbrchwpfAXeJ7ytVIx/iqH/QefGLY4MiBDTS+XoRwLEi+ZJoV0vVTb1eZhivOjCoI3/t3HzKY
hZ/I3OLjXpqU7AhMos4hayVF7xZiviN9JJKR2qqjEPR3V2H1vYDXoKrkD1fgo3nWxZylheOFJgAA
gFkNtMktesv5LL7S77tRB7X4jeRZe6FOg7Ei++WDtXhfLmIBwQGIj+wYxIzO9qLN1DtGWMqCX/+n
4oiAtW20ZZVZVFQoRBEK9DUJxGBBhkEDKgrC4o8AdJBvgWVt9MbnK9LLY5fc0gBxy9tl9zzj2gjE
BzE6vJzOWO+KmtFVMLGDkcEU5Sn+o/n6fK456Pyn0aIKPJehLSUYM66+JXCJUGnoGHas+QBP2s2z
W7PE9h7IiHBz4Zglo/Cm8gG9Xwv9AslmUnhLjPPLqTOS11m+IUsEYIEEvn/0zdWxQZYd970Lgw/l
myIgqFsxBnT7/raHA5wc5b0ZILQ5pcgNYOTQUkzuk7qGmgjnI6cWPqRNOXAHbT57vEtaD5PRki5l
M8Fp4p0kFOtskqyhl3A3U6W4khPTh41RJgwv4FfzRcgUR3c9r+1zMyuMRCW/EUeM2RlJ8xKyX5Gp
esLRSD8K4QB7vpVApiOLKbOesM2wYVBcDSFHcUh0to5EkH2L9lq6GQ1Fk7XGWczjS4/cjLd5i+i8
SkRrhH+x+og+kVwhF95w5nPADiXh56GdK/pvOw+IsFCZqLApkpItvDOMQhoR6jG1/Pl4M92Rgykd
Es/3KxToKXZRyFyBLhDkrV/5jc6f7wLEkx3F5Z6QYKdJB4PFAVYyrF5FrvLZ9yFAxi77r8Pd+FEF
kepaWdR4V4THUxXY83US7JfBJkbZ+ofvKGy5zLcZpb/W5vVK6mGf31QOsYxzbnX0As5eAIRaRqIa
j7fdYR3aCro3/TAYAyc/tXdoN2iDLVOa3qSxbyspq6+wmxeUpjVJmz8gF+A7C5mdzsdROmd59DUT
cRajXXp+uV4WTjeE0THG7YWhA/bla/16dacrpheKNqjkIqVYZ9OwFXfwDhC3UvT2V1zsdynLwvIn
Lva/kLK0/yZlaf+5lKX9P5WydH/h505H9w/93BPkR6R2aJDXnsnHIVmno5el0r6JQ4JDMECpEaJ2
6RHHIWZDHPuhX/G+kCw4WRH08YfXXA55ZNmfMY7/YiLy/TQRUaim9Bya5kgbJxcTd+8zjcDVBL9W
QQ6Rz+pBJOw33YQQEx9bkzzAJHri6DIWij17tpAC5nvi7BMXRe5GZt/TCD3FcGfju2BcyPuIfbST
zHPt7dhHNPRL6W0KNmIbSA7fwghPn/l8RLiKqBwNtsf/nMxDPugFca9ohqcMXcINUcyTuHJuUeLU
KGkD5ByqL7zbtqoUpqFaeKArTD1C0GoDakd7jmTHa8bL/hSbTo0wtMeWsRuj7S+kn16kpqofXIxX
+I0ehDaBGmLVI/17uQp/exm5kHHmD9vQLETGb5atJNhDZjeSUc9UrUqIyBh86Y7Wy6s6BBmle2iq
E2mxztvdqDd3IvXhUK973XzIQ5oAPnZljvtrvCQlERi12bn6/VdXtLvatLPqtHDn8eaX9z6JrKY3
HD/0iUmlO8cevxjnJtKskLcpRMsp6iltZTU9ja536uqqXsQdwSbE6Tu9Org2KaMafWILFq6T3ZRO
pMh7wm0/9N21SfnUfIxYxR02+kT7mSd2BnD7N0jiwKfUvyARut9FLAMT4x+V/42gp6Oj/TcSofvP
Hti/Yt4/IxG6/0uPa/q/nKz9n2bL9PvUHH8UWfCoxU0N7H8M79f50f7qEfLb/Ol/YR6Q9L9W/uZV
+ZsbyW/eF/8x381fR938g95pf+vj13QQP/dMv43nl/JvAT0/ncd/O8/065341RHmPw2D5a+f+D8Z
BvNvYFl+Gw4rzW/7X8q/vYL4cX9ofrtPtL+Vf7tv/xEP/tr1/78cBu0fz4KO5i/A/Zc393ecxPvP
UQG/wqVj/BfgXznl785BvwkHyN8p4D92x/xv3fHrOuhaWBv/3u+/hq9kaGdvam2FR01LxfDn5/Av
QlD/HVuoVVTV8H4Z3Y///woAYP4jSID579rRMtL8q+HvCPLXLf/lL6T+O7r+dTs6mj+G+Puz/a/6
Zvyjb0bav2n5r1DVH7eb8e8gMvwJIsPfQaSj/VPXfweR5Y/Z/I7J/0VL5j+S+f1OSn/dkv4PkPR/
e39YWf+AyPp3o6Sj/dM9p/07mHS0rH9q+bcw/9SQ4e9G+QcC/S2iMfwJ0f7+IbL8adosfztEmj+N
keZvW9L9gRi/c4L/onemP42T8e8Igpb1T6jB+rcwmVn+aMn8tzeT6U8IzPR3CPxryM/vzETeUc/h
F34iYWpljkfN+2OSv2mkcob6PyTlT19Denr6H9TD8mNj0vyd/fwS44RHzWdtZ2Bo96NPml9+/5Fp
/bkfRTnRH6B/l5i/gtB3+IVRyf969s9X/v50SE0cHGzYqKntTX4waSNDewcqS8PPf0yE+W8n8juJ
/GkidCy/ToSe/n8yEXqa/+VEaOn+ytCn/+3pSP/s8aegEbT6RT3+2TcdI8NPhUTI0eoXmL/Ap/kx
OlMHexlDO3ldSxsLQ8gfIvI3jfrnJbT/2n5cKGBtqWtq9Vv9j7KcrpXxXzSTN/3ys5aOkRFS87/X
1QFeAQFf39/f397eX9/eXl7fnl9fn15evz+/Pj6/PDy93D89331/vv3+fPP4dP3wdPXw/fL++8X9
9/O7x7Pbx9Pbh5Obh+Obh6Pr+8Or+4Oru/3Lu73L292L252L2+3zm62zm82z643T6/XT67WTq9Xj
q5Xjy+Wjy6Wjy8XDi4WDi/mD87n9n3+ze2cze2fTu6dTO6eTO6cT2yfj2ydjW8ejm8cjm8fDG0dD
G0eD64cDa4ff1g77Vw/6Vg96V/Z7Vva7l/e7lvY6l/Y6FnfbF3fbFnZb53da5nea57ab5rYbZ7cb
ZrbqZ7bqpjdrpzdrpjaqpzaqJjcqJ9YrJtbLx9fKxtdKx9ZKRleLR1e/jqwUjawUDq8UDC3nDy3n
DS7lDi7lDCxlDyxmfVvM7F/I6F9I71tI65tP7Z1P6ZlL7plL6p5L7J5N6JqN75yJ65yJ7ZiJ6ZiO
bp+Oap+KbJuKaJ0Kb50Ma5kMbZkIaZ4IbpoIahoPbBwPaBzzbxjzqx/zrR/1qRvxrh3xqh32rBn2
qB52rx5yqxr6UjXoWjnoUjHoXDHgVD7gWP7Noeybfek3u9J+25J+m5I+6+I+q+I+y6+9FkW95kU9
ZoU9poU9JgXdxvndRvldhnldBnld+rmdejmdujkdOtkd2tkdWlntmlntGplt6hltahltqumtKumt
ymktSqktiqktCinN8inNcslNsklNMklN0omNUomNkgkNEgkN4vH1YnH1onH1IrF1wrF1QjG1gtG1
AtG1/FE1fFE1vJHVPBHV3BHVXOFVnOFVHGGV7GGVbKGVrCEVLCEVzMHlTMHljEHlDIFl9IFldAGl
tAGlNP6l1H4lVH4llL7FP/4ofIrJfb6SeX/97FVE6lVE4llE7Fn4yaOQyL2A0L2AwK0A3y0f70s+
rmsejmsetksulksupnMuhnMOulPOR8dsNMdsVIdsFIcsZPssJLtMRLtMBNtMeNsMOJsMWOt0GOt0
aKt0KKs0SMs0CMtUcItUMPNUUPMUELMUYLNkINPknJW3yL8wceh/1wWYmf/lxMH8V++e6en+X5L/
f0n+/yX5/z8gebp/J/l/9+L+5UXBHyqJgp2j4a8nfibq/vUkL5+iqqwkubCphYW8rpX9r9cIGNrr
25naOFjb/ejptzdpv7AKU6sflp6krr7cD2K3+qNGyNTO3oH/h3L0Q7X5wW10fyv8fPdCrWxq4GDy
w86EpPtFiaT/JWfQzx/TD5X2p+ci/Y9WPzcGWmY8xh/Wyk8N/2f5557uh9HG+MMG+08bJOMvdtmv
/2nwfrUJfv3R/zJeph86GSMTPR4zDQseM+OvLRl+2DTMDD/10B9wGWl+2ZgYmSAZfqi+zD/6+bmx
/OiX8ReDgOmHFcjwQ0f7uf8J5eeeluaXlJI/D5l+MTX/+DH8MI1/DoyBnuUXAAzMv3byW/2vk/mx
/VL/Y8/M/NvEGOl+mwY9KxMe/Q9r4ecEfofE/KPlL0P/cczwy7ve/8UP8n911f8XIf3+AP+jcvvv
L6n+Iyb+WpbStTT8K6S10DW2/wX5fjbi++W9ByXjDwuD8qdwpKVhpsFjpWPShKQWddC1MNXntTK2
+EW68drr/3zpwkr7i2D7tUD5U9Gm5te1ETE0NTZxwGNiYf5BQw6Glkp4rD+aqfxaDcnw4+n+Ui2C
x/oTkpPxL5iOx/hDuf9BIi6/lmhpfmD4L4P6IeoM6X6I4F+tpz/P/M+vBv8lqX8zBn8t/5gCEw0z
038vL+fc3NwV5urf15859jnt91MkiIdGafw/xEVH46MD+mDxI2YCXtOFhAODD6Zdolpg6IVPZevl
CwhQyQmGiRnmgwOUB/ii1Md3lHm85rebvS5lyZoVWwawvnQ8S/CcnrU3dk4cvN1g1kwsHaR7jGu5
ldcvPFXUM58sWKkIlBmQIwS32Oy9GOW+Y8HB8zlTrjZxxXegYtq+BvWPOZdJaI8ggdPur1fr3Wzf
1tcmRfuGfgrbZy6oHEJJH0ncFHpKjexy3YxNOLmQ0F5J2nQDUi7TWnxfZYV/6Ky2e8t4fY3b2Gar
M3sbFjy614fb5KhyvWu5OzqhTbLhmm5zkvVyUxMOxttZH7JWgoZ75yMS2Ib5PCxAF/dRhBEBghDy
M8EEQg8shj2tVgm3cNrRhDRp5sHXRyiYj9/Vd7+z09/dqAMNcLq6+iVar1p9aO/LbzyQvozMkcKE
xsHqviH8draQdXixRVOddBp2H5v59Uv+lfuN67xLxXcsea4CaXe+MG7WWwhCj7pH/pI2acyN3BXp
qW35GWnGLMT4uLorgxtRpVu7vZEZLdRB2z0WeywoHH0vsyhg6gY3X9w6NDCvKLuW9s9Nea1ETbVF
BI8CEzmZF3fgGWefumHjo5YDweDqd0E3TCwhOyKvj50tu6EsP3UzzaqrifuelS917yuV1BGrSzdA
zqibnmd0pEt2nEZ0dIFqz3/J8sqoXFowJzIzGg+d6wg/RSmlByRXek6qvAZJrDTTTKsf7cXVGlNt
m90Z02qbxVRpm+00CSGpMhEdSC0b+OaB4IlsCCbGPOxHuiJzLnwkcMRjKmzKbypoyvvZ1aKC9tGk
5+NqSA3QnVU8mDUjaGPOatS0qjG0U3ZdXt1WC0oBiOGWu74NgJjoNpO+DZXYGpb+pVL899qIbqH4
2BWbZD/EYDf6kbZ1uUpz/wWEGzXxtsItreZFcmTXIRpr3hx9k1kul2B9mQ4PnUx9nj4cSHY7v3se
p0jKmSzDmyc6C6rGgX2ZdKXSMSvGFEolRmWmj+W+pKoQhvNdJvqTtMMfkYcjeOmmP6bj5IkuGNC5
KilOS9pmqiaEC5L4WdPHfpoaEnV9snSklnuS4TwnXvJojx8VC324o0vX2MGwKj0p8HxrIvQeadnx
ny7HhgN9mri7m0o3mNlNcRzaT38ygKjkSJeXzn0fixK6I2ZI5RKWPXp/rVXudA8VGpJYl1Rs+R5G
zOVdiK6IOV/Zeg+SXjm3sNWI8/5oDQS5vwW63ezUxsTawQHV+ijPV+H5shezUIf/8sh9s2PPxln5
btzxQO21x6GWKehjOTsS8r47pmz7zvJD+4IC4Xj2etQkWEUs9GodsqJDe1e7tIZM6UmsPhBlf+b7
SrwyJLvY3mwAxxpw4SUwX21k5zue0zs4cXkBsJ5JVxNFgX+yxFuTlDWEeg9rSlwZczAUZwGQNnya
H9QhDLczhqOL0pqFres4+m3UhVw0EDE3kgwXnZocG4EcXUuDoawKj81hcPOF1xWIEKgnR8dKyglv
JCtl6+bLKlXRdtVKGWrtkEn0J1mdeORJg/2mFrTXQBM8LNgFtHttY487ts+7n7MC4vruEoR8Kpm+
0D7jVti/bbE9PN3NEl0RmRPulHwP0iaq9xJBdI79Euv/wLfGnFfkKWaWmiholkj8upOKgXkl5CgA
8cmcGvUuLhfpJbefg4rOKqa5yrvNpCHbjBfGMk07v16/WEu3njFPy6DPhJxCpIXm4sbMRTVRoZEx
F7H42+RV3+te3HopCW7TFUK3+ZEQ8NgthuTwTixo+8bkdD4bt2hDgBYFy9IdTyUfKoNQuWRM4Xf7
k9ged5o7QYLdOYqUAPLb8OkmonjkqUpP8E2pr0aiX6EW2lQJI2PM2u6kL3YaTDU0jR/zrXLYzGPH
Tew41rE69169JxXjmhn6qFtb2PiHPBpn1x4ZRldmFxaMUVH9W8wIDr+2VGUbqaKwZKj2LVHub1nr
yecXmh69yNid+Bpuwrztc3eh457LxdZn+UnG10YmFX4zTF83NCHfRj5ebhDBnQBie03PqzOC8Gd+
7zSfm1PsZc/Y6BPtThr4NKf6FDJqtkkBNefdPnf32viEuRnyldu0rCKIw8U6zng2oncmdfDF7PDz
wt6JM8bzxabQWH0QvtRBX/5yMjQl9Keh8BZwLZwhuDCh2IoAwuaKHfq6Kp3rW+oNMTFXMaLZO7TY
/IiYjijWfu31lA0v4XH5N77H3mURS31lZUsihZW5RcbOh+N5kJhoxKMvtte7FfupQrds7VSitu99
DTw19z5P+dNN/pG+7k2Js+NfS6H9Mz4KP9k91YsD1vtd847RYtkAeCE9S0eDpCiiwUaIxy453gHQ
1EQuGOdkctkb+tlF+ePc1kbcmCDgUrBt372ZsYwyuqhXiqEio/rHqVsXi2sHDfp26eaiCuJHCb3t
7taTrC+9DM2bS1d0rn/0sYk8pBlLY4BteTuQcT9P/ZQXO/ugzaEV75npEFWKBBguDTmrwrPJaI88
n02QgiDoYVMHpffdlqhYIE5ubYhH0EPEtkfM5mgsXKKjIIdKYcZRE2ra+Ul4WFHqu+0uDOQIUGs+
kWmAFNJcBOIjI+1ng/C+Xj7vYd+h9j4GThj8L0dzketmsfZYlwrJzuw43GrwkHMU5YFmm3rKAFbQ
MHn3KrxfmSgnRTy+ks8yVheTK2Cq0XVCyM1MTLYLat4Jwq+PsknoUPXkq+E2aWkqaHNDbiyNdfop
T7aV4mirzL+DpN+pC35m+NKmQ8fgNnnLNvpWPifjc/wFHI3MAbHFCXFYWztKya1CHjJUPdHofubF
Ott1QoZjI+0NEm9cyT23ozTMC0nZAp5ofQ7lsEfklj2GhkbhPUIrt9FH9rDg+JbtTSTCv3l4TqAn
hubwa+W3xixvkQpJUp279y45OQ8g8U7XDJm270SDz4Xj00VvQSot79q6RzPviOJZzVJHyipPlJMv
0MZHPl7j04Ne3ZMnWErvEEGNhaxtd1k2j0uYLKMIHz+VYVUvrOw69RnlmWKa6nB2kXD2UY/iI1zh
qYpLxxQ3Zfrc6CmJEvnbJhDkuNlWCJoKD/Gohk/7MzXWHogEMQTBV0ecJmYSSoJ/eNhcstpCXiL0
kEgUsY5bg3742LxMpRjL2TNg0Kgh+kXmfojToOIQf6W/cYhri5UO6gC8Y8qXnvbaeptCkHeFDnGA
mRnK0oBsmRncOk71sRDqAUEuFnWy2iez5Yn1vDFnHV94yMhTW0OocLONNzgWDARunXd16GKHvcZB
rBJpFuLb+AAyjy3AtwJ9Od9gjULNJtiYuCawhpzLLO8oEQEhAfM+f2YkKLXl4AwW+BW2O+qmOye2
knlzLSwPIj8DRO4hAoBYSTsRKojtEV06b4FBntggVD8RLnSJwA9DgraKPJB3zpXYgfhWVMS9ohAh
MQj58fExLOiiw0OkdKkK0bQmTIkKiAmrAiWDLH3LjPn3y6XvWVkDcRBP4KG0b2zDJqgZPI00cKVG
pYtrFrhu8oMoQpDP/TnbX64WYoVT8c5iqYagdpWha3KGq9YvK6YMKejHGe8xvHQxdNX02EynR80p
lxKrE8sTcdUwyyZUvHTNG+6WPe5Bn8lhS3fghnkKeJdK3fcV0h9YtB1DKj5XtK4BrYmvSrdwX62e
fe9jn1859ZhJEvdOiwnwJuMhgSYat4chaQqMGYh2hk9AaqI8cuTF1/boukS07ovf3tI1XkwJAupv
p24Q26XjRlLItm2ECloiPgLm0sdfKhnjKRaFpzyIEDriIBdLQL6LGQ5Vke2/1HMWII1wLfacVYLj
FrZXguUmwSp8k+ae49oVHufzCe/4IvuiYeY9j8LnfF98Y1bmoLbe1jbn2nNLUwB0gxzgXwvUOzzk
fX2NS3bpC3nlWiyXiQbfvqTLJkPU3LwO0IdyxtQk7OAGUpAODqTRq25kMD26mogHYQR5/IENb30b
YxNjVY/qOKw/9CkUEf2peuJomJQkweNReYuMuieAPo9jyhQX9SxebXwxgf7RcTkhNJSegRcxZKt/
y32J94yBTkfmKLhGTA314EAFQu8j2Bhp2ICBX8g3EL/Tu0e9T4aAcJ6ggqCX4ls3JO20TG8k9q0b
GosUCigXr287reMaNVkpeZkZlyww+ZGoHcqNxlf+MXBSqTVlHS1mUnel690Wt2UX6406F9C6LvO1
UdbcL3wH1dbqnl5uzyGEatQwcDnXiwXkQhNyS3U1Q1ADo8lyONY7HAVVwkGmHVSEe6QFg8J1dFRJ
KlOMxS+WkvhoAc/UXlMrjeay8wSOPWqPCrW0PAIiimbV9rZK0cPDW/0MxGnFyjkxL7oMuIROtCep
iYx7DF6S56kJho0deI6Zk2+FnO8Cx5pn5q4P7VVna++vtJyJhf1R1q2XlnDvDaJEAEjvDdd7jWsx
NRRqbD0SN/rozfHCfqDs7Z3fzxUNEyhHUv3GHt/qXiTVbqEdp684qSfVUhcyFq56gC48Xy64Va8J
M97AwyB6C26Cra2Vd5r9gr7VZDTQKeIpKi3hhiArfX9FUazh4K1irRWcya9JZlOgqLj7LlFoM5cv
6qpY31/fvycoE5b7oP9CrdRXz7cAPTvz8IhywC8q1Ka9Gi6Pkd88exJDCBT6FWurThg0PvJrvt81
TBOYUI4axgFWrzivEip1D2OubpuodkxbpJ8hP6Bf4ZMnYSguKlvtda3YtzsXTn6Jufpr8EbjjV1e
n27n9hBjGP5a+kBQLZun6zE5y3rJ9OM1XMxY9TNaiVrV8n11j3388XBdlzvj7wWOEQDvWSnPmDug
YCWBs2TfwllzatJ18S88mdnRxi7HMmLs5dWozEWzWMQ4QlU18o3EYnndZyU+06ZA7wsLDn+sXz7M
S5EN1y4WUYxHRpi9Hb7c5jBuYjgNZ+1dr4qTtYRZe8Naqyg/yovC2jwAWiar8JOvXD6iMPNHG1Y8
E4kjFkQrqCFVgxsS9Eg23RNMdtIgpBcbmKY2jllVYJFRYao2GJ0tz9oTtM7AsiBLa9CbPwZqSTee
JF5cdFeBWUHISaPJAXe44y3mHYZ+SjEy/l7kuhFWqZUPswv4bZ9FLLZGncVg+ykLQwvrgJ6RMrUG
qhpiR7jPzJx69ptYSam43iq7LIHmq/+e+ENOFEJJGB3vI0rOZVrVdTy41bTb3bZsoTcvIAugIjor
4k0J3fznbr269G4Tk3Cx25ig+jkq0we0MNZK9OK2pxQbDPsuQC92wYio/IJhUu0IhiE8QdNMulmS
plbDxvK04I5EoRxVFxURSG5UKsjrKJBbURBeU1XL3MJc4Md6I0tAQp/23FWMKUQiKRWDD/ZkFdDp
bTjKZX2KbL60O0MjSRMdd81O420VN5l3JxeWcWz1Cctpyw/19bdaaoID02eVZrju98xncAwntdwz
8If5DtTBmuGr6Tx0immbBIDmHirZ/Xg5JjAXSo3A4+BrbvdldVthli/Y5zMBSB/Tshy+GsbF92dS
BsI0jKUgXj174YXhoBOgYcFKCNTw20g6j9paOlydnLNrzH5C7KQIRpbNStWX37b5RFnj7OucqXz5
BTv3ox0yu8KAQ9AhqZiO1DcHUIEMdFq5lEPyz2IK9wnxmxW16Svmi8hVWcTX2VAFV3TKnVuM8YVF
pRkYh/Sj9ns+qpUeDG/rc7WZLUfF1rgnmGv2u7Ofn3vEHeahapmttBezHTW+GM4/vL3BfpvzvMud
JFqTvh7KK9mr6NoBmDfQwtHZXy/tVDhYpNvx6WZih5UybtPdvPZZ0ZBeEUwi71zhvbpR51/qX1qp
DTg9XbXqVGeUZGZMBR4ttyJfO8zDxJ41GAatGkFdwY60aZ0oMtAeNVpyj4e3zUL6FhzFBMB70iuw
FgIRd0j+oN/ThYTfnCrS9bEAzNUyvAYfDePD2Tj13niRA3CZI0KBednZg3OZylL13pY82v4ql/7w
pDhJ5uO39Yyw89A9qdVTREjl1RgV7dd2WmsctXlOgvgm4+lqaeu3ux52tHEsTAh2lh6DrhABFxg6
JiDF+dJPWiuwNQPEEoByS3ooZUwrcKN9+kxItQbL3RZMejaqISb06hGzi2QhuUQpuhw6Ik9k8ZAk
/milfTo6EsPfyxAcm2OA+13Saa370H1ch+zl7sfDOd2kirQMZuouxDKUqbiK+g+bWWsPpSybK5zD
aIuWs0s97Yq+hDEvGIWtkGfz11Iy5KknlvflLHPYBvUuWTpCsQfT9Mmfy1L2WCDd1SV/JGeSZKD0
FfFXAklu/EjqyHadSjdZ25vD8lGZpcJKg0Asiwo8OLeAlH5470NY3oh3GjbJrPjtlz7qFC5Sui6b
zPJJYlcPa1lV8dfDZo8orpe7A2mLFeQEJqz5TB2v13Vzr4yrPBD2xMr1YiA7sdRsc1x9CsQy/il4
NakRQQmob1poAlF4eJjHqLTAxHI5mVS7iSLgov2xZJJJAp8lP58Ww+rrLWRDBTjaBJlywTBDPBSw
wdHHfoG0v68Y2tbUwR2wrYqBgt9RwVuzmNsSU0OxIsNW7MG3Tig+fJ19bkn5XjLksKHDtREimQyP
yZXjlO6Jo/287q8iamkpagHohl1/tSO78+qg0T5opINjiFdCqvSKKs6CbvPcUnxohdAvIR+0liku
sp+jUfE9vVHGfa0LwE0H2Hat3Y4lgRYaL6cMV7q5cskGrzLyngRuta5QswJHc5bmwKj+cdt/OvZ4
ORZhpx/Nk5D7uf5o4/t9Wq3lUrc6yXzFl8uOwGokam7U0mIqdFpb91Q4FjH7fNRsQ/rvLWxvF8TH
JFxqVhp6yIJ5Q0TJn1QDr1D8mYQ4L8P6iEYsQbdpPwbX8TOm+TwEDwIvbeYCuqFg3JoN6lTpIKu+
KbiyvokYGQoKgvDQCiXNLVyQsgUZ2nlNFStkpxdvbiKKoQCpwUIhmOWUnfM27K+GzEIN2fONXHgR
1LtPST2YQS06PAWA2sBBtWNObWMdhgOlY/MofY1DVWdSWzQiZPzuLGEvG3QSHdasMdvsB6HK/nVE
oDyWtyFR1bz8rruge6yDslvKb2hhmwYYRhC0Wwe8QcUNrKVG7UgcYe9GISC3W5TkqWlt6u5DH8n8
LQAgAAhczrgNBFq4D+5pvFB6SzPCoytFH0N4jaMal+bd2QW153N1klJ7uSbXYnXljTR1Z4NX7+OQ
5nRgn/yIl0LWzev4HlhiSFF9s/p+Z8wXqdKQ8o+lVJjdHpD7fgwo99+E90sVN66ngWDJZiFmly1r
WVvcxuJTBJclgxufP2rEqdvNNR3DiMOkacSiQFnjl0wf1aWc59E51sv0VkPv3SB6EPdm2nVOKbNK
c3/aP6KaJQ8CgzYoCKYTI6Impr76IlImkPqkfubsNSvVJtbJT+4lbun1fUfwjAH7u3GE0vv9uPJh
fpwDy1rjeQZYXVbbO9hZ0uQNp7/oMx4cO8ERH6PwEi/IAew2naHUcDohdeIWAr367np2bUJbfKn7
Otib3Y0WhDqicyB/7siJbjAsgmqT7oduwYqj772LOE+wYzny42UmaqusZ5lI36hJj1yN7qqsTzGW
PJjj5jkrsVlvuhTpOj+j3oYWUb2biuxVZcJ5vsuY1kfd2DLjTZtnD/GZzX3VFZbJnxE4hocLkUCm
XCXDcFbRQLwUq3ZtYTVFHfWtnrNwHYIMLCBz6O3hVTPMonqpf+URH/Cocm8NGFWIVcwfrwpQXt9P
tBx3risOyklDbsPjA3tijGnCYDo1QS0mTXXxIk4i+hw90Tto0pOKrl589Ommfn1SuaUUkz30VBe3
gKrK5hgQb0DXcmRrFtTBhyuRRxiVRxjQIIFNi7F43OzCM+6REpfzgwPqos+SboPjyhnkAlrt4EvH
uT5e7xmzzJDmjhUNBb2FDWG244rFm5ITw8CaHktiRqI4K3zAuXvOpz3TiKlyTzVNRIZTZEL87V3I
nZFHOX0yWnJ/sKMVDE9p85sjqLovOxNZL9s3cHW4k7Je7TfqVmcTFCliTDMZ8WmPHtXHuE7mxhvP
As+mGoUIHhLJM9MmmlqEc1V1+qnNc6NY+/xGoPT8EYD0H2J9VNJErRhtPl+ZpvL5g57EZmatBtqA
hQK6U1Wwu90PFxlPQEpFzqvoQz6lLGclwlnycQN+lqkNwWtSOXHwydw1udHVxZ08EOVFBKboxYff
vvG0xHhuvjrjXMjBzVFeqcd/cj4l4q9PboUBEFnsUztbTbTX7fEeSKeB5+CYpuzNrJ2J1baHGwkb
ay5HZnhdKd4p3UPiT8KWmCFS9CWmb1bPIEs5snXS0MvlwUXKIrT2lRNSxQxCl6CxdxuhEskV1kMW
CCWwoL629/UPGLiJV2MFRlJntWGyF1Jlydsc25paINIJ0J38IOByxFC4456uG4lwaT/QEUg0P5kc
Elg8Loj/XfBY9N74LE4hHY6zngLFKEheXnanmylLX8AFzEGcSLy+GhtRgOgDszj10GQh5mKX8ahq
w9awqWnvXlpkoWMT2DVXsHP5Lo7jMjz5JyVzTNzEOYIQ1FlDPzARIaa60HJQI8ZgX8FMkvLEj/Ao
hYjV4LEW9RjBi2IqtPKqhOaGiPqo/KVHnzC/UG/BF/ZBTH4Ms6WOn4+FFKiB4LKLTL6LKcqhx/u4
gI0xNSDZPyHVljM2OFOY6RHw5n8SpZLyJctQmysgxgt3Zx1sWfvDGTGdHAwBCFEDuiRO3hSw8iGB
kB9ecnYxat4i2Q16JtkWSDgYAkrGazXiRWVnbVglTtv05XAcYEdwpl7ShI+4cReR0L5WO2kUqOcm
i2GN2hMlGqdOAMkhCERu6XOyhGHjLo2bOVZcm73/lxk93eKhQ8sr3qd2T+Ew3IpnlcJrV0BQtPVw
9g8vR07cnAF3ebPWt6JH4AQS2XO30U6197FOQq0RONnyVGbWUzVRbyIj9QsFz/X9y+qPjVi1LixG
V+fK9VletxfLE6ZDzxfTBFIXTpn9CUw+WszoBbA1FzRpn22XNmE1KGsYxJMJKeFRRc0LpD5/RscX
YcfyLdLmd9z0Qw8K8TsaqU7MECpGwuF9qFw5GjHmXrq+wXXfefm+YdEsvHw7kqeulZLxRc5dMq3N
6jv7ISYdgm6oLhJYzJyZY63PE1YklFPtgBUz+yhXtxXJosTOg182FjzDWpOIGQOkUO0EPvJK8RqO
Kb5cDIO6GUBFfI0dr+ob43C2GHo14pqhLeAISoUQ1uji806Fpy+CH14QkkChiUwMTbhmHlcE5P3U
itfbA6X5gKUmd7XONIk+sPzboq3+RXKzjoBgf7ymOZm5egEM9+t4Yi8ISGtHa3GuaYVBBLUWq7Gt
rlnWYyKTZ9+0reIIVDbS4kegtjbgBm4JLqWgdv6jPN0WKIReOp6qmArtlo8jlLLxj3AZNt26qFZ3
LJw4UfTytKnboH0XxzoKkd2ZpwbShJHMNRJOJK1RIUKoTLu7btuZkjg+Oe1z/l23wZohafC3mgo7
RuaNvH1EytuqgV2NgAOAfDwQuw7GLb0URF/SI4EKtWZU+5Bz5ru1jiMMWNX6W8A/3SAKehjHOyN5
GCNWcdJ8xZJ5dTfY1qiruTiLOXARkOWK2im7XvER2f+UK8vFfUop8+6KhSz0uRPqIC47+OBWIvbc
0UWKVgTBbRX+ckq8tcH6bXMxRxjHQ7d74WD96uOnTm67t2aSjY72AMlUt5Pa0sy3Kd+HFmtM7eaS
XN2FATDP5ZIMdTZLchXIzB6gkKCcRtDYvOVPSTqbCGBI6jEYfKegDJEvoiCIH75MAqEhITSavzHX
VdUdXe5NbZs/MattxoVle6kafE1lBGcvJcbYoAG0BV+3ykurm85bEivdKeBZHrMzkM3J0zongLZj
AW6Sh+zcGwqoDebX7+u3Rp6L58jTnObyaMkvvIwIXE/sHcsTFsGscH8ceyXPW8ElU2l+UMXfGQ6q
PJMiEjt3Uyvy0XjlywKiUy1WstJziG6TNWp5iIaoQQBmkjdDAoGbRhS5x2swC4RAWE37vEakRzsM
vnGlKRrdiemr3hy4/Yy4twcOSE+uD2HVSdYBue16mgp68eEy9/Vudqtnlt568pXGEHtaU/lxGuIR
qiW81kH9nbzespbHWn8EvVQgHuxkQyglSM6I9+uCUb1LWdW7UVyzZDxPARGm5Dcmv3Bv/nWDgrFC
I3J6VUGASHj+rcgJPabedQxDIK0eTyEylbJ+GjdivzkyMgaBsGKeYoLAPr1z8jDoBFAjb+bbPANU
XpJXtnXbxKSHUhKzL6O+ZczOcSw2UTGPx9mVIDRHLIFBICIiVx++AYMBXqDnBYJpS7ejzG2rUaSy
PYBa5p1Vynn3ULP17Y/A+VHr+88oPxIgHEh2rtHFss/a6TFobeYkTnV9ndIhCoSqAe4WRaSHpIsN
VtmIBqFg/ggPJrvp/tLUmWDw9XMUDpJ5tPAH351x0NuHtM87yhnYhzsdVEIBD1zimqxJLdfoa+AD
DWQJvev6USbgoqyano8sqllIBWaR4d5tkrGchyGtrug3/EILOsTAsv57wJm7k1t23EW3H7CssgKN
g4Ur6qAok9b4ThKQpgtH8uBuIHpFsJwsEPUuaeYXYo/3h1QbDSknWsjN1RN3YYV8y7pkt5K3k08e
dcet7XcbKaxhmiyaOXgcVLCAvD/4B73OXkxEnqrtL23ronHO7gw1qIKK1JAqwKwZltQ003+pQYkq
MOMBS8jvObt1u5UnAz4CyeSWeXl7uTcd5ihQdOVDQOkC5uxsQF2Wyc/n+pB/WioAikdYuNMJvPhU
nytQSB8IDS7QHjjCxpuBIyFPLez8nYaXY0AT4sb/FEy62XCXrjvERkgbTLeIf2u5Oi7I4rLC2np1
ueY8z9iJq+n0LgOmub/hwkJ0lcN2ttwiuKHZ5PG4m9UeUw3Tut3r8nZr4tSz3bDEa19iTDpD0DVO
OPFE3CrcAnTiC22UxWBBpCwYZSyTCHZs1yk6Zy5fcO3Aadpu8QONdKtedqA80/5hFfaDPXVh/nw+
f8WwAkTDD6FV9RlccFOQx6NjJWU8BR9w1d1hpz1ofe7tyerVPC+SGNXC0+KZzUBQvjMr7/XspXV5
A2yvCiaV81nn4BWrUQqEk3ZwUngem0TJgO4MRzt9/0ubbe41kLRVZA37jsIYeJ8PimXJGHrjksR6
hu9K9Uy+Q6wUpnRq8SBRrDKduUat5sju2PVrza5ZkrbQ6XKSDFdIons5KT02NV9vXtslrt2VVhVO
FYjphgNFrJYLot5D47tc61M/3EBlylL9VUX7hDO1x4FIeKyzp+CYT9vFgsfzOliWzxujd2b75qcB
pQKzr0opeRRoF4iCaf0xU4RNWJzEVbN6ZzpFLJTesh6fcawuoyfRw2xxAHsCwGja36G5QS5cCkHv
0zxcJFpPgrw6nvyayY02vmwwmwetdwQQsg97BqSreJL5RUTheN7mpAUF0ExU9aI0t1ldTgLtTuer
xWsEEVKVallr7K9intt8MyzjPrPrKv8y9paBmfHAFnOF6mwlZHKQRklRS6/dOkDYGbtTnnt2n4Qw
ULCuzCDwtPABdzaVnFZ608fUplh3beBweMSDbCLV7aanN3ukZjJj2cKl5GywQlW6cv1uOFVai/P+
RAGK01qlU4cXymMvk3MsSBjV6/UMzFMMRnmI3V7JajW5AUXkoGbFR7TNoIJtuu8Fegmtv31GCAvU
z7RIxFIluLHU+5PTnEXIyhmocVDpks3gJSeRNgconG2GQAcxtj0JstVArizIPRQ9gj3cpqZzh8wy
5gceWMkDccICzo32Inez7s09+ocL7i9RVeRv55WaQQn1UX0PRWWn057wpDoPFgpN2OzmN1V62rwp
bBZ5D0cfSmGoYKkq4Vf91s5ZaGLpzzFOHQZQikr9LautbWqy7evURzFMyDd9q1o0rnwzMAE6y/nS
D7pHNM5d3I2VeM7R87eXsjN8fXdTPqOmo1t8fO0iZdGI+3zuEIUqBIKtu9KFH6swa0UXcdz+ZO8I
/YQxJ0Xnjg5nfDryqBUYHxOzY+LF0gbnTSlxTuWRH5/QID2ylHkjMJ6DRUtiPBp9r7drgu7qOnpf
zZCjIXaoCkH0dTo3wD3vyz3WOpQQVGmTLJd2rszcV6pXE4pvax+ZtZNZaXSsyoYC2mMcIMW1q860
PSUw6T1EybiCj80bjyRau050OY+4djKQbiuQDPmN686advYFJ8YnKp8Ob83fD3qbZ761Cx5IqNW4
HI85UyxxOAN9SmOHrQrEnuBGtv7IqLtClKVvYBJMbW3iqSj/nOnVerBXM5UHScyCeThduHwV4rpD
wqD1fWyWFi6iU7QdhC4vH8TXfODFIc6OcdsA7LTdyegCASJGMIsFfF2DtlVzH3YGojLOsSnqRBcY
UZwDP/qrwHrqSnNdQi/p1sVtgYkf/bSdw1mtPS66l8MWJcrIbB6N5YRl2vNux+wnpY7DimokuccL
rHC8Mb4iEYBFULDPsr125vDArBpKQZNmdEsrENO7+AMXWGjYiHJnHPqRKAScjuoQstkrmHT9gNtt
UAElaiwKimFROAmA+lBQs2m5/NbTahUUvNrK3Au5dWIXI/xkcz7jOJ/WMhCr2JBBzI6OLmbzXPhw
fLqW7pyDXLeDXHyUXRqHn99z9KPwcUWuz/gcR6tM5iRBhN3YyUlEfYZ9dfXnAKW69uC4NBe31Bll
G/ktv5x+03dFUi1VIlghF9s2BQYKPmT156BE2MUCDqnqFFXpT/zwEZsnXsSq+eMWBGU3geg32Bnb
G21KrMebj+mV6lcBfDxAsMIu0OfUqUmbzUEO47zCckKcDx9WkXPS1U8ztE3TDiupTKuVo3BQnEz1
u7IbAzyeYjH7JgGWLjlieEC/oqsUEZZlgIfCI3oGKfKHgJd4F0yZkztxmM8AVPS+2GUsQ0vYq7AE
r3E9FMPYgimxtFtR9y63RG9lp9yzsacZFHka2VrWzEgSmwln8jLsKgxxZpa4G8wj9x9fOhvY8SdC
hM3xukZk1i2OYgtBjTXKjFxtYufcbiJBuKyJTyl8LyCVxhsT/yCnc0cV84FuBmmIo4TXoTdnkXGu
DxFeGI60wxyDvIydSd/2exutcJTVCcvs4yDSg+fz4Zmj+WKmAhJhlCWObIIZopPl+v2oD711vudE
z0lD/lk1l/OmvIbKAMw0TlDvPCEUly58DX3oiK5DiwT2NyScXAeWqFZHFxvBLOYEiI4gEC7fuKu9
su582+nHxIED9539PHvUesZ0eCfLwzKvF55jeiMPG3t1M0YKckL5qqRPFKfnD0VAaHEFdLXnRKHm
RafkjuHTcci12DBaSytUbdvOdWkOWV84UUbzghEzPec12Yaaum+rrrPksu6DtNMX3kRerRtwWRZd
L26CAtaWs8bbK14z1MY7RC2f4ZxWb8qNL0y5BweivkO5wZHxhkkPiG6DVvMjnxoVgOWodM3zY8et
3lntWylHf+ASPE2EtcMy2RFK98+gWx1ojQnlSYYouXYlI4CJC5yCqbumni3W9Gi3clVfKWtWz2pp
5g8TI6d+3W+7d+3YR5AuWg/H8czOKaWjjALTHYHEh7OSBOQHMbMHyOqmJYMdKKdjwhiS0jupwlVm
gUimu9Fp//5khaBtLyVDveEYozsJAIomWP890+3cxCrdWVxzhVZ3YSK+MenUnKVKCkqva9J2F2zR
9BYFv1O2HfMFm5WCnfykrn+3WkVCF2ze8u6TcadiyDOyl0s0HZGG0Ej8tU053dIrMCN5uzK3socT
Qx4mpQO9XvEpRdjXYE7dxrTnbrIkknOlmI82re2coXqXHyoM0ib79m3kG1NTQopsgqwYsYSQ+NmH
PBgeildxD0ITmhepYsXpVywfR50n2z0jBbaZXNw6qD9bzm1mzduAffPgxsH7PL5DreBq9UF87ZW8
8EoOVu8R8ZJ7COrW2j7Z8YZ5Z49e7CSWPKuj9SaH5IK03fQ2P+3tcrsBXb10PD4CM4W7qc6guwF9
5DzDzoBXV8tkNrqt9aHiSIjsgyyqiwtPOhAHvRKM7HGMEwGKJdN5XXNe5FTkEOwoYS2rnyi2VeVC
xKTwVH/gZZg8THaABQAYVW9YxmwYHik2RVf9Ma8n8PsYUe5r5T0IeZJnuaHRvHe4R3BBYWeLNmZt
43HzFJLH1RMqpKgdW7Q8/DKeEjN6pCLKMUOIp20waTKWFZpGDibSokeP+RGN3UUQEe5AkUdCQgjk
+XNPAQcbQNeOKsihJZbx/fzXjDirNdrvh6OfnDecHPgNz8rZO8ewirmdK80No2yc/bkMb5vRPYYN
ItQCFKLJx50HMqSEjzh8bNgyeDaLgRA+EzG/eBOxEQFsNa4OEk4f2eWNVj3wBpgFC04t3um0pgsv
cKCoqwIkX8PxMu5tItMyRDQvxSzUGerXfVt4Jz5tkSPBEmlPSQxxgHRQHRI+juy/pf0mlCykohwq
MtcKv9Erqlopb1qt9lTMQJjmvGwAikp/o9Fz5ECVk3KASDpB9HFzygC625fBlzCDu4u8ZornlsLX
b4fToilDCvPo4lCwDBX/hk3TAtmLRAv5U8+CkxImF6MGSORcLeRg9UMRyvyHtHJeOZ8DlNu8TKVJ
NH7yt/p03w7ybO4i+A/KAmd1DWUazwqtDGrq7k/SXqcvwfZB9QVq3TlZNbrFWcfXvbxEm3EBp0oH
BFoDX2GIwUPVRlH1UDebtkZByAg1LauTY65za9zZ2gvD+kK/14kC136ohKaRMIrza3UCvCiBnKlm
B3tLgDQqgx75SNPj6aEIQJJp7R30PnAa3a2i61+rTBYu0vCAO/HxuxjQw/2TdngNOa4pdt0B4Znv
/RFYnab5d2+2rXth8wCHWKf4t/COwoyt6yDJA/tunvlSZnxc/1N4b85rxCKfEOBTwEAaWsQOf7wQ
UASZTx8ME7EIBCQwjrhwnqSDllAmKTJqDxfEM2lF4bx3kDgrVyBEfAWEvqRg6E9+3ge2X+NIWr5E
vd5yG+dn71zsdqrNKniDfXrkiqFl87hy6Nh18OowILn+xF7sNySDAxBKYCsCPJ5DzaVZWR7qlUIb
AkkF/Iar9Z3RQxqT6lSsOVM/i6fk0hzgthrCVgnUrLG4HyBpF5CLKAVWdTFkDTMzg+n4dFCuRsLY
oAyJlnYyxhCR3YBfKZG320FSWMWdHHLDyO9R7CjPhvnLfsaACsdWzoV9C456/23wSBLC1lTODOGV
YFig/UHkutd7GjU3KBFKstp3VE3ny+wqN+lQWkvp84Awt/MsFqXnlO2W6c53KHBJE5AxLgMh469T
El3iMuJYqrG97TNSGeMUVxjNb+/xGvDz0lRgbZtqIBIU8J8WiDxWJPKR8yMDxA+l4U5GyOk9r+N6
4TgV2htVsTkJnOcsHZAuDbhzAjip3cfuwtvvbL+ogCW6V8J5KqMhZZzezsEIR8Z8v9/yauhdjVhc
C7u6wt5TVQHAzb7A67R9Z9ng9NyJvMJ8CLtZ2z563XI3vhOgC5H4pjWeNqRAB0O7QWkA+tZ4b0EX
tCp2LMJZg9q45UVJPCj60iloVa7pbrRJAqQenVZitLBhZ+/wMo1CbjSu3f++svsOskIEkPxXgRa/
x7PS0jKy/JFAguUvvdX/m1gLeXlZeX7pv4u1YPqfxFr8jLX9I9jil9K/gi3of4nm+rOX+b9nCviv
/ev/faD/v+Nfz/xv/vV/8ZloOnqW/+hfT8/KxPJPvivoZoHVj/5uNMGVhb3S6Ln6vbrBOSripsX+
dBH/IzNZ0SqhQOFmH6hTnMz5aauN8emuGFYqgaqTgSqx+QzyJyeRVL5sHlze4Y+CNqJqx19L1Pxl
oktK3hVKSuTIiERMQV6B1KY3TjOoISR9xE7XrDsORt1vxhpLU6qFYYmK04mHeLtzplwCT4vkJr/l
CA/UpWsgE+pdnA5xMKTGZTgjNqvhYHwfz0zXcIW+dSBDl941eEI7LERGZk2xBNZMwcBmT44jl8+u
iPHgd3XbwzI4MHnR8fR8AjKwtHZnSLlxvgDVTFlq9KKgDruaN8AR3X9N4d212bdYqIduE3hV4NMl
AySRZ39FLknSoFSh7oUbIThmtzce8Dsfw6XtN3Tmsq9aL7Qug+Z8GPKRVm6NjA92Ebf00uXNQtyZ
YVTpYV2caI5EpnDiZpBLlHqurduEywzTHNdI1LM2Wo/f7aw2rqiKJDeuFLnlOnkkj9swqmZejBEv
25HbKBj9FNTWpyee8qn4dRsb7aL5MPvm2nXoteSp5Pbhs+arTonS64hC0BPJZpI8xN1hXMbxS4/R
XUpALVSnis2ohGPJTFdrENNX4wH12QUSxONKnwVPrZy3K5miL+AvjwJFbIxT+UbEyRzdJInEWB5I
ZXvZjd9X1guF24cBrHeSG3U7mXfGWkhVNjhqJtQXGGoqpdCXFi4vtSqvL9dDhDGCzAOuzG4yHcqL
TKWX805FmYnk68XoGF/LvyHlRHkM+OR1xXUhdVHYfEwGKPT5vAlPAxAOlEHi1Dq7A9c067pJ+kji
Q3LuXFzbpavzzaZ4pgvZBvwamAYWul/zGG/yexdVUgsmzbl98QPQlZumGfThasA+F0/zmHzn0E7z
nHz71M75dbzzFzFml3RsHOHWoHk3QMtzx7dhRvO1UiXlCgvHjVxlMy7nMLViBkblWWYGJZc2R5Q5
xnoUq+aStrbcmrY6C0HXqn7VbTJnZJQkpLjhhMpmBecoccfVc7nilYJ7R1qtNfF2IHUXGKCzjZ7W
l/bBFdj1o4u98Q7NbwT6G4w5e9M7qkJAbYdXZcBy2MvNI4M1oLqZSngYByHVQ0ck8RyMkl700rf3
mBwzFtdS3e6VS0TvaByj1q00XpFP3btZaY7tRgFIlWgzFkPN1ImhIEROFqw0DV6uwJOGntyZtC99
9h/wyLh46kfOrkdsI9gyEZVySy80zUEejtSmPBmjXIrsL+6U6deTcPboOLyADG6aLrm/dIC+um66
foHkGX+LOuB/qtr0iJWatnr5dtUadh4bWEDP8MnjFHwG4QvIRvuaQyiV7ouzaWd8DtQpV0OmZ9hG
+qUxYkYhcoQo9dSM77T+9MVn/s5c+tt0BtI1SsVpwGd6N3RONCy3gt5p1qFosny62+26SNJFe7cH
yzSrtcW55pw8Dw/1rk6rs9S5UjXl48ZHhvqCZlFTi6+VN1/MzEtKDZwNBb+H1sgph9Q2DeLTQtJo
4dKhYoq9hE4c0K9c2+1E0DnXDb9f2pZ0dIs2T5lWH9Hb3RjvJvq6Mxep4czx69JeEghubCn0qlKS
0EKVfgc1GhZGFIU+iWGwBv+kR3sLflLzLQ+37oC/GkhLQxZ1mn+opuEDZWL5h1ZALHf6MIonRyN6
OYbpWtKY0lzKrtKr9UYh4EBXGyZQITj9o6pZjVqDSqoxTWsChxFWhFWLSFvj4KTFGzNTnHD71DlU
IPF5DaXC7uROjhyS7VaY82DC4rBdk4h8UDxdI7zEaReE/XpMEAzK2GmKwR7KQCW4vAXJO5mkwHD0
jdjXgNSQSzLujdBMdVw3dVuVmKc6YoGR1KnHo7Nvd0pZl7SStR2U2aoI2EgBK4AxW5SDDh6tIs6y
5G8riF+IYiLN3e1sPjZ3c3ORIF7UGuC8kkz3CRwDI1brIlzQuIfxMJgzmVYaj0dqG8QLyi22PaK5
qir9UN2kg2Vo7ILBwCz4gNgFh+vApzGZbkragCgEGz6hMlXj6jWsYwuBzwfjwOVJCVKiMVS3gYYO
1sgi2VrtdH9cCGSQYofGzmgVjDslNv+qPssWqGvps95h3u5iW1pmPi/cpyrh9c6JcMUoyVFp2zCM
G0MjdGcyWpPbglqvp8Th5mgns2CwpnZ6Vk8X89HojJ7F762nrCfPnjhJ//O83yuCIuKa7mrOY0lV
ZPpiIwXiMGx/EN2AXTTIS+MexL0vKHQW6rZDpS6ZSD7+I8AlK1koTP9aBNtgkeQu6WfUsBDgLGMP
Ltnu2iU8mAYQd3e71pg4RgwFrUKdVtxnBKTEAsOwAy3dFI0G5JYBB4tx1ufk/a0KxYBO9ft5ATnO
dFfugfTRJVfJQRvSWJfPXaKh/DaGnu4wTDds3I+MnlAr14njhtzUTInxY4XEylvk+E6V2hdrHTOT
BEo5kHapL2KCQ0PWR5X07q6XmrGsKxYDfadRiNf1EezHLboWvTl0k2kF0x2rCAQjFVLGvbPuOAPy
A34b/t9deGYIjmjEgHrkAUjnv3dlgJtMrQYeFxqZzjf4FwjWK3D4aNZ+NqM2TTlbbPMEoq5a5MNh
SABMYxj7gXxy4X5UNo0S4TTpuACzSvXvmFIbcLe5Ncp36C7PJL2kPlUhY4IQlDnziTIvhRCV8gEi
CFcuLVy4N3DwN8WOVdwZmCDC6aLQumqJH5Fi6yDZrVRDAxIWMdaC6BW0Yj6tgOEGUEDdo/cgz3rk
7hK0SD/gw9KHV2d1J1J0yrCUviuLfXbXFMuiBA7NnMBvMz6Lf7skFzu60SYuoHYvju9QCb4NjH8D
p+0klXvaSStSeE/3R6XDahMNJLFHz/yx87LTDOyHCI+5ZUd8GFhtD7M5cQAUoEZmEMCeBYMZB27S
7Q5XV4NYIz6XRbPxIWTzYVeMcQc41ktzHnTI4+Uj2SIawsZ0V+woUWKAbokiCTtC4oWA3sc05I6T
i6Qozy5RFhPHrpkRPdM8cxBWfg6MTI1Ia2GzVbA9bizDyJCGwU2TLtovgDr6rt979B1EwCct/1Vj
jf/7s7UUVV0Pl754eAltmkv6LvHxxcY6bstAJyMn3TTuBnnkl3cAiNm6279Sh39XfOnoWFj/lVnp
fxV5LCQjIqwkQS5iaOFk6GCqr/sX6vDv6U2sFa1Mf1HG6Bh+S6byp4hj+j8pwYy0f+jAeEy0tL9G
0zIy/RJv+jMA+cfxL9u/jml+DRb+mcvt5/Z7+ec55h/lX879aPsfdOl/ZQL6s0b5e7am/06H1Iwd
MeulgRd8eIKknBGsOm3r/sgn1hXG9XUFrqrAFn62Jjoh4L3DOZ4hgGp82wTHhGFY6s7+zCJ+ye2j
I7/s/XwKz4wLTKqBMNqJgJaIvmObOtsM/4lg4LZRJgFM/YmwaiLf8CnQJ3noWg2sscUppKx2EP7u
ljAN94xUh2mN9vdCH414MYUEhtm8NfET7RUfg0SxpHre1W+uISWd4RNLcX0RMjEbFfnC/HHWjAHz
miLxYop73zUg7Pa1STc2yFreMtV2FYdI61WVcykgSWXMlKsqsj+06GryM4sql6n/qEjLZSf1LlRy
I5UpkUl39wYUkD9Ahfyhy0zBQsarHZRhQEaXqcIg88jT8QIwaOYFAc7aHaAEGsOfqdJi+ZFW67GA
3lj9PDQgXT950H08cumPSjg0B18UegIzlW37cHJ4pfhy2My7DaaFVwT/F/jJ8Hvaix8P/g+k/Wv8
/Gvb5y/Q8hfjh+E/2D6sPzCNkoHlh+3DwMCIR0tLR/dfGj/MP4yj/9L4Yab9l/FD84ftw/TDZvmT
jfMTKf9s4zDQ/Wcbh+GvcmAy0P9HG4eFlYXhv8fPdlU3F4W5em3zrINRoriUoba4oVGalJS2LHjE
YANw1ysRaDha3lwIeHDw0I9+i1DMBMjBg/y7+DLIpRyCgTy20T0FyGENDYIncV/qUesaGLMe7nMb
AVOaT9J9kF+sXh97Kw9G193OHpY76++XT06PNC5l2A+zMVlIk7kqLbm+StNJDwUfaWZkumgNftjc
H0/nNtfioOYGyXYcS201MeLIkniNTXSsaxwLPtgiK/iErQA/saMjNsO+78iFNZEWKbPM8vB2tHAc
V0qaxVh5tmV+0xsU/7C6wFTJue45+Uls5oDapFMpSrJvwrr4ND6n6XISDoEnmLmNtdCOpjcu28eN
FxAU9Iv6h/yJeqpNgCPFLO6Ou9EAt9jhTsC8sv2LYu3Sws5l96OUzkZtmOP5kQ0Zn/0vbp9Q6PNS
PkCI3Hm03AExmnGHjiIkJ2P7TCGTkULnRGdwTsOuNUHNy7okAoLVXtmqCOiiBBR9vgSa1RrG7h1w
c2W9haQCJImEOHJ5IKrttVw4XrUWlOGo6X31ee2xdeAhcPeNXBeYDJ/drn2EHv3A3PHB0x34GA+o
EWc8/cSqoKSdJouPGUQqAuHhvhClWVoP9tE1nwtAZOfq67N0QPO5NBQhtNtakR9CZmxWgSxV/C7X
3vLWG9wCxYMo5POO4jNdcb/sg9aCxkNgHbjVmSP3USjenSquNI6d7ELeuWtK2io95NyTbRqBhVdl
a/gxSZDDeaxcpVvwSS4798eYmOvmCtvzsh7t1pliQsabyey36KmM4+VNHCFF04rjTRrIAVtcKz+K
1fkT3B3PABG1862plII0gke/Xkf0gDdwLkSy4pHFeFW0W+NI+2d6c1/eXJJOYsq481ghMUG5hnh8
EKLKeIIUwziL6Ds737IEQ9XQzbB2FKsrlvMgSF/Dd13V+ADwDoGAF1uObFQcF9V9Q2I/i8i+N57h
cCLbVa++bBkBLBRFsfBNn96rXCB85rPPwFrlNDQBhcF6OqT0H4F03QkIeuzMlQPaexh6VJTk7yZy
ler3v6S/TuCyt/SkfZOygLywZwwKQybYN+tYX/XMeCwyPeBXmNNKyeB06snt1bw5GC2zelBsfCpZ
+VwXiHtxXBXUWuTKEbQ/qkzGoUs1yWb5JSi2oT7o4Hm5tMfeXTGTX9Os01pxQqGk1V0xSMfoLr+Q
n57/TLFdM6fCTFtd8WbLNAFKzSrVfK5LA4rsPauZLKEbldReUv7Zw7wCteBLKp1y2M+/hbpJBkcq
w6u5WhIlrkXR5aPiTM55pPHkjzicnmLyizPzGijdmgoqd/DgRV146d7QOZjp7lxNAHq4MiyV+VPs
elkQxt3wGWjP1lYsEHfJiCp1uVhS3UhVMLC+4G7B496tulBtkfYm1tIBhJdUhbw4DjMdUV0sLkD6
1cy6xBzSZ+xbDBb+/NE8Hvs+AWYL2dz34Hv8AtJ+htUHeNhiW0E2gMMms4yTaCuY7BL1SJuwi2DP
xe+VkwOwV0PVSXpovIFXDPt0Ja70TFRO8BLRQAmTIgUjm0RPzTfVsFW9NttW7BxA7FvGlyBU/YTV
kSrKpxqnSHKK7Pk9Al/QdhBe/NkH32kaOO+TVOKjB70pUutRmLqiTF/8bjMJZtQiHvRIrLoiKPoS
awhf7LpRz0iw6HIS19macJUQAQc2oV9gOrqpUzLobTJWS6vxq99zbkwoyuVURdkdplp91xnrCndI
9QAie4Q0wqW3hF6wR/Scq4gbojlHuXYwmopXCc6dX/zcK6vUFgmOc7X7IwfGv60DYDZtUql8EDdx
LNrC0vAdGZxSKT4c2FIJcZ5ZiVhZpF0NGVAhzOyxt8D1DEe7FG/rAU7soqBIc6yBseBmH/PsHdtn
spO2x7XXviIEJj5F5kJ5nb7Im8ktze0MgYnyQHxmT1FBbyNKETPxdsuOUGLHBe3tnCGDnXSLzncC
1QpYmHsALOTDfcmQ+cCQgxRWlbkO2oZtvG2x6lM56Sa3t2cu5KuDYWTAlDhMXGNqgXNidFFlRRUw
sv3NRr7J77bjW/uI5lbFJWDWqPqjmidD2f7BlfrRWv/Fltv3DUjDHvAc3mQKB6hS/7lVhy3JLU3b
kCahU5RO5Pew0W2WI09TRtEDx+mlrBiq950t2owmat9nHTalLYZFgenFEMtJ/mVGIGVErRt8wvke
yi0zVQDTXtFHANMTJRXo0qbiKvp7rka4dULJFHF+p16rDkSNHqPYcTlSPMqW+0C6Wjp6XwCvFuvo
BX5ibsb+o58R5vY1QyYiEpOmjDVEkBwD8HYlHozlmTbZjKNg7o6OzWLrC0IglszIddNK9/7mVlZI
96Svy1+PCxPxzVhv1Cn5rxJzfBJNLuP5Xa0ii5YPIN5bhg9CNuOvJAW4ZffM7/2fFVq0ChaKHQim
tKgdLxVW2Es4dC3uFILMW9i+lKiX2tlfqgRvTu7vkwYSArMZbtKEm6lLgKIKfaYs6ZXSVnRc3CJM
PWbxclwJt9l5LDwuQa5sTBn+asKHNBaTRs8u4d6zA0HvTo8T5a+jVspXL2kJaW85pjtfEm44Crvi
rqi7Qpi1/B7TLqVY2ZFDN/rCaHnGybglc7IDXBFrqWhnWfqZ2Sk3KNBwJC2tp+kFAwkyyj5YPmDt
MWXTOmMHwtw9oSMyk7UcmErC5NgxML3kCoZfX76ScFeGvpl14FQ80M30bsBOeD9SYXpL6znW5alo
YHvPOkNO7jmW3ivb4dQf4IMMbxdz6iO0W2Fp3GPwktwnM+qAzKMCfyTOMZGRdMmXcEj6afRxXNSX
vJWeNaTK2ilZFOMKxx+j/balAJczbGS2saz/USg29x40q+iAnK1c3cNDe1Vj2qlc4BazA7BADuHW
u8K/+oxtrQAr0VPNMWhtIWewUTzh857H/TEmJGklT94lFtMMwPriLoxbarF321B6NcIkAxM2n8YM
VvfiNbhCc2RM1PCaPbPiAWkJU2vofpGEFSyKgWvI8MjV7OQoY2iFyxcOzjzjWxczDux8iTZtyeLc
9iLWLPj0RQGWbqJU2tl0Op4GZma4PNvrBNuvUIwXpoUI+xqYPnL1pJ1ZGCi7k7rDIBhp35gDWkvl
enJKjGIBiy+KvxVefp5e3TcyU2Tp+mzb5tLwijEh2GevizqHNiCMv1GQFmhyfiT7LX1x9yZQ+u42
/5b0mTIzCs+9Fc+hHA9QDAnkGtyJWU5bzH0dWRFUKytp0UyJBluCzEMzb9D43cpfHPSxMJM/ZAUR
ZWv6AmKrRp3XZZESn8PdeyYNnookM4gcfOO+kt+lTxJc2Z25JwegI2Qops9SRLDp2o3PZbYcT8NR
HFwZzuYLUg9jn329r81ZJ+xWSxo8zusaeBT6ZloylvhqpCwCzgMnvoYXOTjzKmJP4y+tI/puziB7
dt4dwaWbILZCNiIu83/CZg9eESXriesk8b9oQ/FPs4LY2geQsuZzgbxaLcNzX/jQkxNPs2oS1Npp
6LTlxjwqb+2dzvGpGzihLHx6KFpIl97DzfKA2jvpsPvFb1IQd7n3M2WBjPCZ3BUFRV5V6HXvEpcY
75l1njvzFCrG9ZOmDKBHDrLMOtSQQ0G8wIYoKI2vUvtzzNfwKUtxwO/3WIdHpZL51AmP9Mltz/K7
CNb9Cyre5TsSq4gdkV6h3GPayIWQEyHi/Y35WEcMjEa3kh9eWJ8Sdw+lSgg8pYkOZnSleJkEPozL
ylwL2OMKeRd9EBDH7SGfBdKxuydnCOUx5dWtnjKHlvu6uyBQ8SbLYuuq4F/ZyecMy/AFA98Bc6w3
2As7HY5xXhfJCa8xdmXUeup8TogBoTw5RzBaACGlbEomH0S0a27wCqdW6YRZNkUV/oXYLHsGIl1o
JAzw+KNd1zQRq+8YPkzzVq7QCET8ChLdJ+JlCyldsPNJNkRE5y/KG5KN0JGB4vdPb57C/I5uc8aM
ik5fqxKU4xcekh6SMEfIJk3IyPOyqim8BLXu9XpVrlEf5T/rvknchHI81wNGQjbRjy0tLFfQxCeJ
I0NCVRWAqMkEDfUf7rSlwzUz4j5Qvvurjlufcr+NYlpgp/Uo3VHvFmrjBMSYZIQ+GfUEkIiJx054
F+RMfw6RD7dfTO9j/Sa8yFfJwFY9PqhRwx7iTIIUyMs69s3BlDeFWiIlQ+HQ3siU4g26lJCe3PcB
695pLP8Tk4bc/IzOY0vHhRyuwq3ybcrw9fNIfD0KargaMt1Shu/pZRjA0Lhx3mZ8LUJNTAUOjke8
krcgv3ggNCyou9YODNHBHekGRyyp6o4pcQ29uNm521c701thl829wJ76HVRh3CdW9WALrcP70Scw
sSJm6ijP2U4f81sYzdYKUka1eW7D8a9umdj7550ERNbt5ls7Y9+7T2Pn281x3GPq9Ni3ogVZTMBD
KqJdSRNDJfgwQatR05Lx8PURVlFrYm4/EQ9hFQeRmrOWowqm2IqtSQOvp2QfdjdEKwHBavbUrld8
/0Fu2bmDZRS4ZGQihwLXRHsoYdqUFHjN9dGL4f1CuNPWz9pLxiRc59JsQ4EQJBUSW86aOP2dNntU
29JLGVrL9JVIlN2b0Uj9DNEfqc1FFjYhd14AvQQdBkNrGD9SzWkT9Lfkk6XRfbblMdO7wvAQuoB/
u/t6lSSbZ7O9udcJ8eTHwBAh6TzDBxFB2bMsM8fmjqoKToJfS8BF4R5ogbqBX7bLKgx6k8YSCWbI
DE5KI5WviXdZI6FxGb6C/+EcHnsaY7uH1yJ6OClhirriPv92L/++kE5DVvqEpL+QvV4GcJqEQjip
clBAN6Bt0UYoArk+MBEMRyVbN38+GHQ1gJ37/P3F+dWL2ETjJWAkT0FFJFCzOsql0ybVQgFjFG7v
LNapqCNpGCY2bvrjWvCKhq/BbGGzA5u9jNOXdNdAjlHgvN4z1S3OKTtNGTTqklAoFA+UW/ppKQXH
eauaULVSE9hsUfEYwRoQGtU41Owwi+lVYVyQ2ExbYFS0lHCjfUxkaGDKDofpHW/raBPalbJ+TbAg
7o2nZWbtLC8DOdklKib71ycSTxsKGTc1lrX3haerqY7DAhMGjlXlTrOrA5IHT4fbsTFnXAJXmmxM
5HOsjQ9SIj5rOS9rsKt6G4QXtfb6BjtM9AMpgknyYg4pjp/lxELH4Bnw0QyEisQx61jljtRU2U41
q1Q0NTxwy8vaOirLJJai8mE8jr8x3BZDYUHDLmXpTIHyZFlkK2LEQcf62QHaaAl8s2cz1/sQK4Fs
eqr3wRW5fThzTIi/OYeDnR3HGAmeiKp0LCmogxeRck1NQ4GuTkWalanvQz+i24PvWbZudyzaAHKZ
u92bfqSf6bvjS/mIyRf2BGvwTubXas6bzLXvWyUBF22h/VlTdxM0PjSkERkHTyIVbDbdPTJTMh7l
b1KvVp7WoZtJYxRDhh+W9mJj60cNZyBch1wDJfKGjuZBMiIZHiAvfIcxkza8rrYbDU/qiszqvE0W
ppblPgOCQXkzCcJOAioeTZdIDPNVDCFZKKXVyAeRjvji+0n2a3M321+Na0aVrYZxIkFZsV9q9Ic9
4EZqvV0Tth3cPGi9z01MvMbCYKczJTZTRS2ytEPYU7+DXOTTF1M5ZTpPRyiQrWk90eLXmdS+1Nk3
piHdUojSqN8WEoWxxsPTjaRIYZWyD2f0a9sYy68ncU+2nXhuPDSf2Wedl12VhUgmgFh/mVYqJW+X
iCcqXUggM9VUytBeTm9hvzNcBmrbSN2VRsFaBh76Ckfc7OtLn5xJAoIdyXNpeVHRdL3wMKD4fuZ5
BywHl/uSCMCJz6532GrVY941AIWl+ZDTFXbuPaVDR4Q5CqolcQknJgrnDaYBIGFvaiH3wQHV4wPS
HVdRUihwqAH7kWKuD8EyZwng52N+BSWn+bxHHigOnoOPKa50t+sMy3L8iiAEM9SIy0JyBNCTVzQi
RGnuu2vTiHFbx0k9LWPSEmQ0uLFW1OlVJrv+C7levM+4U+UjH+03N+7BD3fML9r1X1ZpJ14f5xJj
l7dObjDkYQzED7MHhk02c1ILgtxkvsdFnGqTWbKlXaKuxc4H1XxK+upom2xAVUscSlzuF57GNZVs
Si9aSNSuPnGrPAbbulPiPB/bFHrXGJ8xpOzdMrWpdNsuqT7KUJffNGhWS/rMV4es7m7g68EfGvTS
p2zbl2wl7nhI7PIl6tZqlVQBNnN48Qb6wsV0bA599Z7RTYG9KjwZUypQ6ipOjK94uoiDltxOrf90
ho3uUyRTlVGWs5rGysjJxG1SFrpOXm6mCh7UHv306IhWYdBEy3WFzTaM41ipiUU/8zYevcAbbhGK
iQwGEgsY9SoNEfZx6AIfGQKuxVwMYWicoL6NQRHXZrtBEeKh1SrACV+/+q5kYFE59aXbrmZg+3zw
S+oLznvx28S+v27NYY04BFXcOD4rFiqqhF2hiS9qEP0nX4wapYU62Wqlu/cqhZKYYQBM3MlP5iL2
4RTesRGk+DGk5az4H0yyRRpibbdvkYtbCgRCZcWYi7kC9MLL+4mnCfYLMkox8rkpqD8+DEOlMb0m
v3k3YbxuvIdrCc5k9UlJLNcfnRdV3J93DmZEefLuN3M/IRppC3IGHtoA9YRzDi1Mq9q7kcLvAobw
N6tlLoyAFi58ZITgVY3mYTAzNKYjuwfHKtwFV8K9lworhczoq1tBJj0hH7/Nkl31bfLKxyJC3cND
n0TJs57zHLl5gHRKwu+vuh4idH+rjrUMZx+q9oN6avzK5XDKeU7KnfjGOTTQNrksN4aqG3dkeoM6
kkhBS7iGS3E172I+Y+4XN3MBPS6RhaISX0VqG9MxspCyfnQBfSq2Ehc3OsWEYve9zcBGTc6i2Em8
gpWaUJRZHfZR/GWUm1R2xJhkxSvmWCzRRXl93kKzI38KMxn4+7p70YpVPZglIR2gHE2v6ldnMBhC
vOQDUtJT7CpKj6SnEWSf+yT04FA3XmTMkWFkIH4ShBRU9SWgkvgBXSoolZdxb+WLe9/At0QBqqB0
HPww0qSQYblRJ+ovsaCu3ewiWaRg9VrQj4xqo3vtt9oMgqbfFKjZypCLiYU402dF5kJPxHIeNQwM
FXpxoHfJjQwHdZYLmUp3w9I+7h065R3bxV5BAF+JL2nXG39LXPGFq9BkrLl5GHhzuiBtkAYPd/my
f3ocHhhQRG7sdTmVZPzJHR2zCHnV9UBz7sggAcwwwtNhRHpB4qip/GsDvkLcnojT3oECd/39KthE
jbVIkkU1dYpQMh+7cY804k1d0e3H7tDorMbEJRbZSkY2U/ZpboYUnSn1WBbmgaZSpaBeUaeD5aE3
ytY43IfbJ+hXtLmIEhXMfrCcuMVcLFUf/NCjJXuH9zfvAhrasVMcFA06w9cvumK3GTCvcwVDbAbm
DNd5tYulmAorM9itXR4CB/ERLG3sDBR6nmOjDEM1SzGnNMbBUM0PRKKgvJUgtLLkkx0N4k7szVCu
y6PAGTMhKZC11pqNEgur0W9hRG9NaHKyFaQCq2DfWPJuIbKxqvgV06TlaJ+qZ1UvF6VLX4TvaTc2
VTG5MpLDwFyfSpJpmhwn4nFpXxOYnVcTGY+OIEoXn6UMpVVy85onQoz7MV7pHLSjDAs8GjPiBNJU
zEroGVOMRKGaA6bNblCf9Nb1lizWLFaA3MoC2T6aF9e3W22V+muDWwRUQTltWelGSYpMwJ+ipiVY
VHziTdqNvQu9qimMNhjEwKpTPQVDmlcbCmzH5oY+pK98y30lLmLu0FgGEIx0dxN0bd5+z9t+TKVA
rVI7SLFgavVmmQDWKZoA7N2mNyOQD6Wso8eRedGhQGUlplVEDyIN0h+aRGBBDovZaTMGipIsXV1v
54xOScwyJB1mBie8nRpnnoxwfys7fDpEoxY0xkHYO0ASrNT0JMuwbmoJUBcDJIZhkJXBiem4zCms
rnC6bjptuW/WPMuoLWoEeMEdh30X/qvFht9zljKy0v7r81sM//6Fl3+wGMavxifPL/U3rmEMDP++
Fsb492thTH9aC/uZwvZn3llGRrpf1sJ+5qj9ua71M8Xtz5y0P7PP/swy+0uO2h/7n+tevyTnZWH8
ZU3s5zraL/lsf8tv+zO57i9Zan/Lb/sf18cY/2o1gukfr49Z+f1cH3MPSDoi6NHBC/GPzlWIUbnN
mfb8sMjvrxBuOOjbeYFNIllANb7tgjOqM1D01NzQS7DtzH0UiDoFN++SWlS6QMTWAs0kJqcL2r5K
mX5U7Sgbvm2UgYZhviKdS0GIvw0XPxqm3b9vUhiZ+Xg6hnnt1x48tlAMQTI212yNMUTFJ6T4CfrO
5GG6ZcGJCCFo2tISHjfRMeznEtlcTJfAVxErwqOhyVM1yY56tFCxz6XX7hUENfvapGNWKJpe0pJx
JQb5owooCaaQIHKoqYq8AHXGY9k8w5rjqfwAuejmACByhbGOYCBy+zk3OJDRWGZwMt5Kn0kaZT5Q
qrCT8lz7KPIDMNTRyXinIEUiIm+2ss/jQE6GxqG8gfip6fVXQOdy1PZUQKtdBSE7GcLDhGoqLjIf
RPw4jh6lJz8dzraXOS3p6QCRLqgi9zvkWu27oD4Q3xq4abLwuMN5wNJScQF0r/crGCB0iNsphX75
EJDd7PFXyP27wyA98x9ujwwM/4OVtH/H6b9YSPv/kBMh8+/egv9xHY2G4e98BRn+zVeQ4a98BRn+
k68gMzPdP/EVVIVQUVho5x5pd0ZNbnZW+giajC5kg26jI4RFq2C1GK4HbZvBSwILDmrTC0JYiEyK
3ydr/hUk6SmcNo22oblQydYVtdR0GsM8bd74KTWJSXvm1rwzeplpyFzi4/r7KB6xh6vlxsPd+MvF
0ttB+vv31yT78dH9iHIYUghHgtBr5YpyS94r4XcMooey1ZqlFFJ7BP/L1lI1HI00UqgHvPxxdxvJ
lRIBVf+aNzt9fkuP3HCuAIcvhApEwy4Y+UgYC1brqaQnmPjl2rWeeyqtJoHXdfX16gP7wtZ8S80V
Tpb8vtz06NMQlJiY35Zt4fHJsE7T7V9o08LR4bJ0XkZbYQjn9fihYiATCGERiPCp2QLhWSvG/e+I
l32CcB6tNyCrH/ktlAeeO6sYGTO1UmScduPmFwXurFDilJFwo+p5cBVpmCBoWCDOSOZaB9S3XzcN
MQWCOP1MugizwjXMm4UIlNUrEI+iHkMebN+eqTukJ2nG37ET17tjyF0eBNO9qp/0RgTJYLYGZUbg
rzLJWZ03WEPHRYyDXZZtU1+KV86aliydXhrYN66YJgvOvwxkcmXleWUvXvV1hQFtYGa3r3EJw01e
tEJiUTcYs3kuyl64gBz2dJ5gdR5fs7bgbaxv2Ts457OrsVXN5jhAO04ew6Y3z6VeRTN6hM2tm0mu
WNRb1jSogM2JSI2p1K6nxnYYeYR6jH1ZOXZUej52xMacSR0rs2XQV4xbiu0oGdLTnjMwN2FYwcRw
Y8o/o27dW4aqA/sKZ4I2CZt9xtPOw8mzxqPJg81zxtPxOjIX2a5bn4drArf77O1Eqcju9MES7Bim
BPuXRjLnH8zA1FRLnWYBvveMzEbu8XR/MhuQy17uNxMGHmyE1hL3PgUQP3YIK5jUSzdCeE00yBKU
10G4ppw155WnbHbdRo7ynDagNc715GtI3ptn19Qr5LeWnpgsWJ52QDUPHTehOxEYik4vmyExrxMd
sivMliORj5QWSiZauZBj70sxA6OUY5+Ers9bjkLRRylRU/ihWORDiaN0FkHaqGc/ciiGyrRTuADu
VAZkK+FHwejViWzhYBJFfxwxSwQBq45gfFjM+cjhR3N+umSIK86PLx0op11P87XOwB8Zd4QjE4Ev
0+tSRzodxA2xGIxOfwLNsX0GUkKMLK2QoduTrxdVpjO7zvGmcIWQ5wt7J0Tm2KWuNDn8oyE54IZU
mzX7QEb8uX45eESH88GYXfXQ6Wula7I0ycuTNv06N+cw46Y7iolN+PgbLic1zyt6dtEUF17X6fuV
uzfXxwMub9jsvUvToAkOhiiGODQZ5mbBkSkrB8jtdTsHeE3/K68ophhUB1Tqbvmpic3auCt9X9g8
oboULOEgldCGGMyvIO3hWjzCItgp0rcmH95BO4E5wQ7ZajLSiXhzCdUOC7I/gw/RhxkBF6JJ3TxD
XrfL39hxyhNLpybHcXZn7Nmx0dFPn5k2zCKX9lvQYRDJVopLTZvNkvkckHaTopEXG3YjMSUMnNs1
87nq79VNJKGkUr4uFeDtHCSfZhmzxbwx74V3fjaOTDogHyxTaBkZXuoikdlrhaT7vFiGxwTFtAZF
HyEqJ7txWmEiZ2F4FwN+S+osLlVwXegsEd/URRJbZ3heA2qpRcWWI+lrgbjr3bgHXJEesIMup0p7
A8xrpqlVoQfcOVGhM1s2yE4QbZvUO53T71BkaONgcmCcBu8gToOvE3ZQRRD/ueSxbZxYsEJxEvYg
ZDXncJwXYk6QY+ju/Gl5jzdgHvArCfxYhYkG8KdkdNLpQwWWZOa3Gv6I2twp9AA6/bCuFU3Y9o4q
nBJGw26tBRkOvjslUtAoOswv4+v3kRlC5HJp6WUfI+7ZEnofwLhXjvU4cmRIGakX0MttegX2XJtR
xgq8HUqSuscMe52l2ltzO4rnix3mGYGYLsvXhrydBT8VXBN6Q9AffpwTTk1pG+sa4d0OPzcJrjQ2
1vAMJK0wAd6beyOsMKnzlVRTnxDwiRlBdpXl4A0z+2gwDundyMGgxPjtA6VG2yc5HECPqqUSVOCR
7PoeTXVYp2EL1zZiOiUgFJRGzAyJcdZQLNl08gxINXgH/gP00zkaIEHlcZ0G2N7NttWSY/Z2ZC51
O/Y8XAIQ4dXeC9qQi9nZyDnwpemgYEalFnLCKZOCFVX0CAFzMGH2k1WpIWxOWUUUy+LgrrI5XhD+
1yVspwI7Y5EYgggX4sMgVdE9X52QNUNvR6LQucYw8FHYcLhRrEQg0i7ncRXAFp4wXyrjFF9UMH6n
D3SD12F4WSIp1T62Ex/YP/pF6M52oUIhVb+ozO/pobbpywg5ujZTFdy86eSeCjjeJ0Wf3nlzEZQZ
HjqFGdKaH7Wt0a1zboPupYfjzlCEshm/kIspyQvuSICov0vZ8+dq0iaAFGfQFHljVcsnznzBw0Am
/4wzKH0twEvJbUseK7zlx3+/HS1PxxOvs6x+WNHSSXxYFhypzptrZFEwupuf1eQVjH/NoxGLrIGV
BDHgh7jJKJzzmT6bFg42oVnRT0Q+g4UPensqs9su3hY0ssihH2iyjXnhqMyEDGzGu6dD42vytu/q
m4axIV/OeTT9cfh4cRQbeUZE/V12vQtkwwI8jCuvK5TfZpdEQChWTZQxJl9OCs04ABOsA8C9CbiQ
CQ4mwLRLgjNwckeKOkhihjw28MUFBRgSKZyPXbd/YNd8YNcjP/4mGwvVZ5HV9Xg24ptOn1GwIp7n
nD5Sm74jf3y+KVJMJDEiMAaciOW8qliXiBUQ46/VobzIBz7ZNMF7x3jmsWtURnYoVkkrIHb+w7qn
JDyfGrEhx4/foeQU3tBFsrDQkL/gAFxlhvM/zXaCTxe9/6j7XoTn4aQxPcH7hDX4QuF3e4jGf/zG
7h1JSOEF0JMB4c/e+WHrgNuPht1HVyAUvkfza6C2L/xCAOzlgAwn7yGesVDrEW1dMFPehyAZzDO+
m5yKQC3hsOzVSOpcpWycxIPUKY5j3tav6JQENkn6jl3UH6pJbIv4SdEhTIjjNUlRKgIR6QjIZ3Xh
+YMkSEFCbA4KbAgZCIFqPliTrSKw5oOQTA8MDAl/P8S5ZWDaZny0fdGvScAwhcHOz7KDswFrXmhO
e0HuCPBSahJe/PzCY6gwh88y0FUOH+hrq0jade5pnOJgwr0KxHpEoXBzxZEweYAJ7qAnITBMbYOu
EWjhovu1dW4oT1olFA+oZmEy6VLgjUJ94nP41vkUb1vv174LykHmZtOcjesFGFdln4HbrSAayg9Q
B+ef3NlF8gS1Y4y9yrqZDPoFj4UYB4oZMUr2QHj9GOOdECyI8TqF4FsUBsvk8D2jyuZKGD7a+kOS
ERbu+nozoKWTKcZ2X0jWRiCjdKMVJCKjoSUhP0cIrtdtaXmWFDW+2v2gVBcCFO3zBCq0HRpItF19
bid5NMcdIgnf1sHAUmPhjnKNgjPr93jrzrkIuP5jEcYOFKDLD4VA2XOfbPTheaVVTSI4nBWnE4mm
C79hrGQ+h6swdJgQCREyneIzWMIxmdnQVSLGFpEoEwdhSUYynTAJV4rpW6IpwiYoCyqSCbtdbwLr
q4G9Vag/meSrhMKgufb26vpVgydAJ0H7XW7B9AqCfCfFygyHodImbkhWPC0YWLS8fN5UEFdlg0KT
SgsdKlwUaDtX39B29Hh3XtCM8rBrO7C5yBpvf3E4OS0h3cDwNLuL4kffuND0qEtpRVbvKL8PIhzQ
Q3ljrN3dN5UIustj/v7dnVpFv1zjKR0EF4UWRi59tWgmxMNPTaIO65x/cNo5Vc9sOwLlW3SJ6F10
jDToiaMeuvIOqvtHqMXFSMUi+fwo9971qg1MoU9bulnOTQaCHBCV4PSTlL7k5oCf46NHBtTtVlUH
9YQ8cbnfxxYr3+HZ3QC8wJLaQhxx37aMThEzr5I+UnnZn7hyOIOjbfamWZ2Gv95mOOtbe4+C8V5+
mQQTbLZjy50VYSv5jJP7cWrgSLdkEn9YHlLYlZoHUsUKOI8CIO0WcxVM2yPBur3eL4XARx38Eegd
3iUTYize/tatTi08vIUzGWMFxBNBs2dhCtSTcGOEvC31oP4J9laTfuZjGVwgFpXPVBDU9Ws2QZPI
YTUYpoT+01LERPvTW0PW+ybmQsWr3QrhC791+rKT59UgwvmeylzhHLMOTJiQ9bRQ11rAelzRepdL
JdQFvc40dCFn72NgTLREFhGIFr2OmQ2CctCSDlMaTHGsGpIMTOR6PAnvPkN3fhYHP7hinEJNAocQ
C6NtMR1xKtB+0Gj8B68a0EhGkjs5njzDdsDlXS6UJOKTfJ7U4bf017qM5U9uQtolQ4Lp6Ut4OHPQ
ZlpzMhG1+rEg6qumemBoDvp1BKfYHRTtKDgdWEyoKABfR2W8uAjd5+Tp3D2+KcKVqnafNh4CTN6G
Vg3MQFUUWXeGZ5MfrvmpUi7yfJROhxRiX7sQ131CozAqBbJHrd0cT1UxiVBnetPZOG/YyPS8OnHr
1HxI2IM7Hzg8i1uIxG5+42FPaXU/ujnJ/G67Zv2UOEalqqxRe9GeV+ncV8G0tpAyafyBJgPKdiWA
QyRmpWQ6saBcyo3FUhjD2q4Jm0iZAvUgZKR/gW59FL6CSHPoiegojkJKArEWfGJmwHLRSNz5wpzJ
mj4uzciCqegktsbFJ69A/t5UzLEw3sdhKF0hdc7Plcua+Q3njbAQ9oVcgibRoiFk7UGUPB/2CCIk
rovtRQtcHBOAspLhekXPiPwivC1uO2pF32Vx872GOd3sstFNvnuE2Z+W/5vO/TMgKico6YdILJ5i
4Gw742JIdI0UfwyFL8EA3ojNuw6K4yWpq2ZLq9hHFhu3z8bPzoyd09pxKZXP4w2X7fZGVJ/i9C3X
fe/i6BIXHAQSrbIUNC9PfZSXD1ZQqcKXqrrTNBnzDjOBjSy9l/AeY2Gd0qmHWGHcyTd65XOl0TeJ
/KGB1E407AclRtdiIUupjoMX89j1w4TLY2B6N/d6P30i5GrS26FpQgM3A04CPSJJhYZw9E1ckbJ0
ve1v1Ht/VTrcSynqcbR8drZW62+MbGsnul8wt+7nGh/CK6f1eLpaPxvopt734/CczEGxZPOLFQ4y
aF/C6EoxEv8wdApyTzExiwmoIlUNhsdyYpCBnz1jSvE6S3Rvnq81W0rIhh0LE/iBLUtNV8PCAnXZ
/wzQ+hR1nNcdA1b8ws1d+77wWwCYogtn+KJ8dJYlwKHsFkPehjF2o0xn1FOjcycCZvvd8ikMVJ46
Dtctn/ZMRJxnuNULoPnZ0gac58mU5gQfRzGAKyxAomiVNPLwuJhpSF2qW/KOg6je8AfGUCAMb4bP
zUEaBjX5vhSEhDqYFPuYL56B+IEqsYLbN0WLNDpgOLGxIa+7zkX6cJ33SVO4FNq1Lkf60kpSrjqY
UPrJL9uQqMSR+dFLmUn3nmfrxVIyZC9mzE/Gy2AfU2Ow50ZE5QpJQYGX9CDAodsBp+DhgSnXSXzD
1Osa3igDhWH68GxfLdXK6qkKx77onTGlBdygJ8qtlnMnwR57CofyMkQJO4KfUpT4Dup0QDPYWKMN
shi1jXYCcOV9WmFEsVDN9iC0LClqkTpXvx198jhgbvPauvWKrNsxLxlzdDx7fCEEU9dKjXlPOGHX
HiiRddAfWqZUT9bUewQBn7LqmvYPNWj0wZqDOw7x/BBJDWi8Z8cyLKoWJ7uSx2pOG40zk+KiEhiB
nICc5C+ev0VTO+Qv2PPN1AazkJZGEdT5uThigvr96VSe/ILaKlHaBx1npfplcCsGTkS2t7f2HN2n
EwncDARg/8ppMi/YvUb80MabJ5dWNR8bI6IDMyT2ENmLch3ZlWiYAKEdM7m3VhJUx8d0yeqDU59G
ck/mTSmH6ngawcj3Iqmre1XX5uu1zM/OA8vclgYnpz4LmlftFOJSOULJHZiyIWxHlUeSw4Rk8nxL
jzvsKnDhiBvd32gAOTGnGJZ8wARkmfFkyMdy4sWEZC1pzL7MGo+JHNOm0/Zr3s+wcH3aQpj8dDgG
+PYFDPvDgDfQSkfzLuZDptr0pKJ94rn5GYzHzeFgluh1RUNFzN3lCinvjZC1HdUXndFvJGV8koCi
58Kx1dpVqKH0lCjbGiN61d8IVFqOXNMWy0NWWE2It6wsmC+rLbnPjUg/dYD07XjCfv6Cra5/8TZQ
v4hbdSa8Jhz1wPXUI37LcyqtrB3iER6n9Yowz+nRdhBzkOmV/+zSI+TkE7Hb/ZSSeCpPOo+OL2T6
xCqKnARpo4MCLbKQx01YXe8XVfkBQSzQg4s6HaRrjgJAxTOU7NzA4mhvWRjHtepTzfabzoJpy4Xx
9N23XkZh5n6sKotJpNOFXcTRPaHOeMryhkzo2MxEp8+i+lJi000CGVzeKdZLsQXeijXNdvlDFUcu
LQq7JfElEtI65QwsTzEWc0CY67H+K5vxaZmJfaKr3iMGetjiEfveooERywY10CKxw9BUaRUAqBkm
PcSsjChqEUIuzRpducdCKW70WcMvosTKsSFLJPXqYL3uYIVRRVbOPGC0losXD8ThSLkroPxiMWCA
TFBONoMSnyF7Wcd6781eFaRbHVIymIECRmO23FNuQJ5vkxWpWx6GeKZ8e7Jr7lMqf1DdoF+A8wbj
w7mz9KnKpOoX1y9L4SFxkB6O7KgM3GwXBppaDfb7u6eVOMuTB0YfCbouSRuBz5lrDUi+GXVkBauV
t2gbXwc7hygSLJYrpfE94sT1610/6Z4YmIXhEgepVn32iUMDPvd1B2pooqjoC4SIZLIl+8zQtHWg
73za2XIyz+TR7KGrpjSsS7Z5DCU90OHw9XZR077MR4YdVJKOdVk36giwPlXGJx1f1y+w1jaOtQRB
Ugicltjm44yquFxUqmCC7udvegwW9lt6qPIaARZBgXjGl5iLWlje8RopS9zOR5kl8lCYnS2nCuai
e9Nv1gi2u9QeaWyDCylpvemAo0ug9pAmfhqQwvT63ms1VLp635JltDapbWdHbesEuwDBhNmQBLAy
kVwhvZAgEaCl6+ERgvFs6JJBD+4eLW3Gpe6+wRmccoAuZMbqsWj7c3uddVPw9BqCPUvu7o5U71P3
E1S+JJw/M4hERb4EHxHth+jn8KXttSqS+ey4QF4j0jgZFCL7iJDxNvXZG2UeKGBJf8VG7Q1LD5VB
9onjxvIq6T4jrZJdT9t+iBzaA9N5wUNtjerupqFKwLDSf1l0lNAsA43TzzXdrtHENm33DdMDq/Rx
aLyPBto1JsQdiKGn+7yF0DUhqyp51FPzPXNJ0nyeokxz4C31EVcR3ffrX72O/j3wiJGBnuVfXzxk
/N+stYhIisvJKf/dWsu/xx0x/n3cEf2fPnT47+shjH8VL8T4T+OFotut+vDg/d0y9UbEbXs6MPD/
H/bOA6yKZFn8LIgBBJUkWRTJICcHRDAQJeckIDlIlEMWUBEQEFRAchIEUVCCkjMKSA4KCEiQoCTJ
ghLkzdFd153h7u69u/e9+97/f/SDzzrV0z3dVd1VM/1rJQ8mjB0RDwrfVZWjLbNwtbtovn/Xdafb
qjbVzZdgWWXUSmR+exdDUtngvvvGGHuKciWjHaiPrlEWnV9ytI7Vl6fJqxqtMD+3c/FABA3JYjnH
hXdsijePKX5SztdyeXHFHOdlUJ9+Q++sYRGH2cS17uH2qOlEBQ845VWbCXeH2n3u4genhBdyea51
ZuzfVOJiYXvcoG16BknR5aw7YKfLUezT/ZP8FxkDj0dTnx5M633peWC5OVIeNhAtF1cQoPmUYfe1
VY206Clf24qfQpod3LcZaDT8O2H2K8GD+mcIHuj4/vveO+DgmO3eO8ARv/feAQ3hd9Db8TtoEL+D
gqH+BL/zSOuCDWsXvZirS7nB8QLX7kF98bqVZvOR/XnTWSY81bJCZS1iVQjlUcZohdO9zi7P+nAN
kbhbRySJhxSYvKTrwB11dr+jqnvEMeTI66P8zq80hSQPyGxMJJ3N4E87XROh2X5INMzb1eXDURQ5
Pxw5dKLNc674fSLTAFP51kl/zXZcb4ZtT6J6aFbm2XZ//X03rMl7E48az822DpTe5zhux30RM3R8
cXOAvHhKOsczL0a9hOOlRXJcnjKdacFPBA2Xtonqq+fukDuHzvRrPNVqOekyI8sm2Krk45/1QeFD
A92Gfpvv48aBJL6+mFOmTnQ2ljHDKxHNIavxHkViNrJcp7lwgQUqfJIN1Irp+zdpHqq1mmdF6bh8
urQ+sJpYWt/1Ea4Wn3Kw3CGnNSU7O0h0afJKcA/+ZmSQW5Mg8agC1dERZsG3qJn7CdJRQpriKNXE
RIoxK8x+sYRLnKv+EWW3Sjkats4reVf1ibktkAUy6PQPxWxQy1W0hiZa2L5fb33f2j9GHnnuhZDM
XaeB9xVOrVIWY8iwafqP9JNJtCVrb69Jb/ZLxK0dHMbSWn3Mle7vMnmiPxX+RLj1i0c3Bt3xWJF0
js0gu8ItQ8fLVvDRF3a3j1p3pvoD+rueDe8Lyc+kNQmxtrvRYHLJxqi5G1sXu28tln0ZLTasRv2J
Wcrr47oX3nBQ9m1J+m2vir662175jS8q1tZX1iLWV0IHhmAzB+rkFEoDRAfrBs4YmK0qe3FPqyB6
G+bQ8dcvjYhTi+4UpRAllSeTvsx3niaahJrMpOpw8uZzxfseG3b3Pfa67d1IreJ0xXdZDe+GmeG6
ZM+T4va678XtmDmL7zqVvDnLpujMc/7NpPocqaorrutoewVZS8Lli76FduE9pR165dXTU/OaTz2b
uj3ZbA30XshNl1Vr9vSd7Iqd1s/MztTtGtF9oGXlrfVENw2F0ejuwqp7eOXf6UInno2aeZyRkfWQ
V8BQ5YCdS4SIgM1KGIWxqt+i0P2pvhF127gEfmeRrgrqukzPB67nBbKNkvsLFkNPCi92t/WTlb/p
KHwWbTGza49l8bJDYgdJoXh81MmHnP2ujO6aws3hFBKje+EYsc/XVe8FSiQH3vcsZBLtiRj+cPWz
kdpVUkPH3MvjNaTkzCRqZY+7PubRK5Ypyj/JHxYz5Ga4NTvkcZ6w1bk7WW7D+1xqUa0zCQc//mRi
msvkeJG87U1KgY60VeHCq6Vu5ZaVMXJlL/1W1+KY5i7cXNwpukUyFoxbF/eooNhkGtbxYCWeVTDN
uWbZu3404V5C0b63FX52t/3TDlqeXnvOkJa6jKjwPG4V2mqysWpZGZH6ZEaxIHSw5gTnRoyEkkqk
VJra8rXk5VvLPI0dcxPkHlLMEXbhDy0jN++UX0t8UlDeeWDyqanMHVW8h6OuHN1gXvGSvwILlvA0
257y0QWqnd0Gle9KuoQyl+94K9jaWaszT01bexkoKeTruWhoaGbxCjtFipydwQSq3FoouQ43NGRW
3vD2ScnnxZ4TctIL3hAWvz+VGR+RmfCOpZID63XKziDSfnTsreMJGnqyNrUNfUV0vDsuUEe75VH0
A0ZZwRNZ9f5uXkcT5FOk1aPQ7Fsw9b21FG7eku4SN00b9XxRhhWkMxQO8y0tTz6FNBvfc7NpKpNo
bezmyK7zHKKhZXz3dvIo44mgtGeqTr1hlU9hTmmB7Y+GJRye4OrYDhhYt2RSLTgEvXyKOXQOZrGI
oOImo7c6kdBn5aBHIZvAoycneJxkD5KsIavuQ3SPNZ3lU21N5GHKwqO6J4IMel6d0WeAp29Qdh+0
5q8b+Mmb1mNwuf14UMuNLiqr06gWvhBx51LHtC7hSzSBEvoXlJEmItxBBTtNnundniy5JVNYTq6k
pHszLUCV+dAhVim7+XvmEiOb6c2jW1Kx0TIJJ0XwgiNs/tlsEsj7yG4P86xPklI6gsEtcl53oqzq
nt978HQ3Oae0m1vVEVSO/j354MPlHRIqGoTLtXY6YR07Vs40d/fbS5wPmXzAO6X+ajGPW+fVyQN6
COsjrezsihdto+oeDLV3FKuhYhQRrs5BuvWwLPTrftfig8JWt51bNqJxclPBc8HXhS+oSoakSn6J
vgZ/XB+eztSTXxSDUvssN+pbwj397pJ9dkwwF/xCUjXTssV9evYkWQd8jJlejnjK2ZFNqcIRVxM2
8lx72aMRbEH7zELHOSjdPIJ2eJ4i8zcMdih5JsP77agC8q9HFQSK8KYrjPFyEo8qMDTd9FapfvkZ
RlWwc/PShksqxwVURpnEW2WS9dt0kX5cwavURkyGeYKuSlOv4192w1uaEjKjDkXNZAaaFTq8W6dx
Sj//Hn3gWbrMSBoJDx+m+s6uefTESP5P8xdIuQvGFRKafjIwFuTV36PgMipw2MU+btBz3eVMcEyT
hnI7nRb/WUVvNZ+Qt02+c2HNOlH0tE/Ezr7Q2lfY5VLzOuiMWQ5WyczLj1MiUT+2WfrB5N7Q+wWe
FZRLC8nptf4pvFS7b+66qz29y/VIRi0ly0MelBrSszOdoSfvAcqlJSWj/EbMbqOlAia3K7UMiw6n
dcyRgc8Zfj6rAEvLaFSEI81Io/Civn9ol6dKb+b63rLNUZWIk6grxLMKkrsZlDcCd5S9i+SUfB7g
PxUE39oBb3vktxlYw4sbuWFy/ZpVEPywbGbuaPqDaO3AtI5N3Bl6eve8S/MqL544JB2WNxoQPnss
fd1ZfERGAr4S/jos7SCFxcets3yS2TKTL5uupLxH7p6zEkgT3/RXXZvpkZ1sq9A8m6QXuvww4gsr
XJxHdW0jX+2hj+zpKCRrhZR/PSUTe6WUv4+jJPGwgrcHb9DFa1Js6UvQj5Fc32hiTsEg7lbHkPho
w0aFH0XY7d9SsZC0F7niw196iWGKJriwgZD/7awC2+lNu8pScirf2fAFmjV1ZVJf8VPPjTxzTIOs
qz/sLuTr4uqyKwyYOkfdn4u46B6qgVg19X2jvKK3q5er4bE8JqKXhy2Niiotzxd/2tWVcO30onFU
2cQga1ipjIHpbGj7EWdhF1evwa4PjwdZp2YNhuq0A7RcRwdf5zo+Sw91MXxUETopMJAYRl3YWmBY
NL94m9NH1HWEq59vvGC2p/eL2n0bnvdiUfeCnVrsfXCu997XBds3dCXR++Qxaegdgm3whQdPvNPz
XF+fo3iDQiHyhPK1WFm2yMZG2zq2C1N/2fuFQOJh3/d+/Uv5iKbq6dNn5H8nH0FD936hf3/v1x/k
I9vtz0L/2f1Z/6/lI5ht8hH0P7MPCjq+/2n5CGQfFHq7fVBo3L+Wj/jYsHSxbVU8GcVZ0STR9n92
lJ1tRqe9UkwQsZUtva69sE/TL7fd/6JdU45aKe6w7YnY0wHqXBp0fgadztfR7Y9HexhNUmmENcjt
MnPV+5/C1a88P7RuQRNbF31rtwmtDY14n9dgr6xe90/hRaVt618uzXkNrXrNLdstf9nU0ZUaNU0N
TSh96Z73mPlUnIsY7CG9mWfQ9fInAj5zsykzn7hvP/k4eHvuA38jWvzaQHhTOlIyRoxcP8k3hfdJ
fnKTU6n0PrrxWNYMJ9O51rBy8515Jq5rJ62812hNbZU8XAsm5jzYCe5fvtg0tO49EpdqqWfzjD6Y
FV7trKmtniKkrgjPC5dA+E0clOjksxDobhI8finpS6H3GrvWqrS8o+6ZMofk6pRsoZtiSw1f5LAi
NyOD3YJH91CuRbBEaRrvsTgvPipqHWL6kQ+teiWRgs4Ssx8f7nFiqySiJLqSt8HHQqmiTWTQZ8Er
kEG7fih6AyNXXhdqcJ7t4JrwmPDrMffI2LY2ubtLJ95Xeg1KWYw/CZs2+2g2eQjIRKqBTGRaImDN
YriHluljh3TNVG6v3ceG3oMWPugLcbG7M8OrSgO6M4TZbTQM2ZoyKskMPpvlr3XfzfHYvVGdmyMC
7856Vx8tWlf/rt5m0yTr4+Xs8VOGS2RiZpXZVq96itqiVunj6awsmXqnM+3Ze/Wyb8zYltnfVCq2
b3u9qfCM3ajsTd6FF6O2g+gxDRcqtLkTO1dc3Ibdy4WJ+i/1l6WvSF/mrEI5MEaTcl/ZM7wftpN1
R009kFTUz7o8BL6uFidlLW56oEgWcIXv2QNFUtqqwy9Mqk6dt+h7QE36trTweBfb5dyuB4Pk9+YI
D/k4ythaNE8W9/bnDE7rv3+kP+3s7JFZMxiENpAO6GFY7LS2zxnI51d+ssjdE8RyIbKw2K79Aqoy
U+ORSqzeQxbmuIflFWtTfSJK+XIuWhoaPeoa6scyg56KNCZoYDx16OEPzn72V3O2JTwsoFK8UxJv
7cMzmu/1CtveNM04EWkwyDRxZhCz5JB88/haIYvTDS/xPUJR7MdgzMMrAZQ0MraEfpfUKmY/d9Ur
lvFcdXU8N3m5YuV36rql2wdXLwnJsjM079MNo/sUFkwueJCBt5MkutO5/LFWlsMIlXHsYMr6OT/t
k+ZOc186vII5Lx9bXHcIGWHo8b6cYSPuztCfaXjriL3nOe3AY5WuafRv0uIk1j+eG0k4VtFj2OZm
6B7R8/azZ7JyTfFWxxL9RBtpW+coycUVn3OHOgPkBnkmdnyo8tq/akuIQwmWn6TtrC9gZEuLmh/o
P8UzSVrnE7Ui6y5SX5DXtcw9y/S27ahH0EUUf0IKz460gHviqonecsLtyM5kQqn6mSczwjMoj9a+
FZmANGTYYQ25OxO1VvQqpqP+j+N6svX6mQxeHtAdYN+bVWI1HiLQFzmN/YTOz0/TsbK2yVh1P+Gc
b9eroaafn5VXozPL+6T/qNSpOpaUunMm7icX1jcbVsLeEB4129ouim/GW2c7qj52jr3wJf7NIr7Y
WbYiITyAZ9lSfq+odCBgPI7v3h41N3IeqpFPkxmJMToh9pwlNUad4oRxSdbC8113VXk1q5ya+FM9
UHq97PeKG83OR13xtfcO5bIzYuDkGmF5f/SiZuEud6HB9YKiKthN+ftVE3BBtsgSgcia8c8xmQrX
7CR5rsbVwmevL168YGB7XbozPj2/eLgMr3bLCkaf0TgRs0zt298pM8Xa2zdS/JNMNJPMOMquvkwz
9WRqrVPsHp2itPYp+HLJY/apoAz4eFJhhbKa4yz1vF7HUnfAoKaNeZmRDG2KlaLVxoPjNzIfeb8N
l+dm6fONZeqBq2SdYDw0K5nOcvrIwApGNA7hIYqM6P70aRh20ZfnBCfNHNYs8dPBr2emIR58PTPt
A0csPiG/G2lSK4xoHMHbGKw1lckjj3ErWEjwMuIbOckY7l6xPWKmyzoZwiX3MIxM0KUpLIiLeGZa
RYsUXXdRYuhdRUkhYStVLiq6BclU7pE3zzn5Hn94hbPFEAizNAoFwc0J+ind8L0X9q18NJysbeoz
1UeKH2lVXavxPDIiEEuQHbUMFz9iJD8RGGHFTRAySm8mvF38lPy4oQTf02PxbpSvuc/eYedmsZUf
j3nYOcXx11IzNzPCnpunSi+U5oamvK7k/fXMNNG4sz8nIhdLXsr8fGaa5NdExE+ENw1IRAS+JiLG
XxMRv91UBbuARIQ6lRdIROLTZXgvb8rsadpIqfW8n3NDWDey5D7BppVpOvrdeCu93E25la5aJxb8
ktcVvN7TpZIMI7WjC6qXw+nihvnJPjETltZIPt35ibZ/0b91nEQY+e7O7D3u0oU7+0sLJedKTeLu
1rak8fNanxWg5+KpvFvZOD9e7Sr7Lqs/KFDnENfYBdrCLtfq16FAIpJ9kn6zllPiin6i4POMccGv
iQjZkskpheB9tcrM+9n3nc5t3DfrpixHh1VXsk43t2uM1j3dlIZ8jQ5OWckzR1xr6TceJmfQe8Ep
axbYwh3OAm/dA6cuqRqQN772tnN3ciT/MlO8N93MGbPsCez8ys16ZdLco5iDXKibunHSCzzh8yLF
dHxHxHCvlIM+11//PMb/Ook39CpnK85fJjadeGoa6XG72KDAO9rMAzeR6rIqHE27DvmRBi+z1NB1
bKaMjZQYrnKGmu41EQ8U0rl010FzKztCdeZhhFg5Ha+HmO98YoHqWng2X1qb952IL8sCacvFaTLZ
QE6yf8npSFqboXja2sGjBL5nt6dN3cqi3y5Mm356r2WmHV/F6F0tU22V9mlIUl2S+vKLynuHpzho
meP3zAeQI790Nk6aLxxyVlxOH/10P6/pffKxJ25x8j3MRwk0imFvcuvmVkr722ETYuzCqUo7uGCf
aCVYC3Y1pWewvwHmIlU9zWkXz4zq8Ry2TI6o99poJyVMgwJ9peMt/bCZRlM1P69OlcFX6seOR3MS
XC0seI8KE5ooZ6kOF8eNkb+b3Suk3HZaadVi4MRsH9XdxEQ02w1nD2fsrHPCdPfjub3rUx+75Cur
P/BNE6Zt+muDhdnENgKW6pX6FfkKV8vqVhJEzI47LiJlSwh5Hx/tU2QfJDSlYcf7lOTEe29YP9rH
+CWiQfKps5O9/XJB1aMznJx6nZ7PcxfEHZ2bnbeLT7+fyIbEfQ9Q8f8ShCIjq3ta+vfOJ0ZDX4xg
/uBAtv8xCAWz3UsXzJ8/pO3/Qyj/ARAK5vtxbj9AKOh/6mUQxKb/wyAUDORlEGa7l0EY0MugvwVC
OQfzL2pNpt21g6zIiO5vg1B26bEo00xJ0I1n62r1Xx25+QUt8y6r71cIRY9dO4qX0mm/qoVYToGt
c4rgaR2f4ty7BWIqUkmnRcoP8NOYiVJ17gmZxtgrRHwMudWdPZBjnaWPOuPeV9L3yGQpFXt35pxh
6ePD1UkxeyevRe76FULx/AFCUQ3QDqYSOs2vHoqTuHWtbILx9FiRCG138OiHKjUHx89Zd4wXAl4/
Dl31MbpgLVqOuDvzgudRbuDUAD93Nndrm27yTX7GuB2M8ddWwqcGRoUWvOfzqFKeJZ5CDd9Wknqc
f47zdqaQVuCy9MbzddzW5sEhHkvG91vUcnPDL+jL1o+0Vmp75Y4fuePvYJphdt2t7U586SqrpMU9
pIToB5zCl1cfXN7MYI579yfMubFMqLqWmygltXWIK8+4GQ/XXpmjah+0S0rdNbGqTx56sB/JJj6T
4VpGSng75Bxq6PyZVf+W/dw8vuR4J5sQm/aUsoi/iKXzrtY31i1uL2Iraq3t89NtC/owOnpZvtZH
75tnDZxXkDUsPVxb4eJr2+KR6dWyFrrrZwrFmUihlDQYGw58p1DS/4BCEXj1GwpFbTsKReNnCqUr
lP5kdZp1PSK5j+srhcJqIHflv5NCOUekUILPfqNQMr5RKKI/Uija3ymUXf+IQuH9JyiUnH8fhUJP
pFAuoZJ+S6FQ/IZCqf0DCkXn5K8Uisd/N4VykHd7CoXsf5xCof+BQtn7lykU8j+gUOz+HgrFUfRU
8IV/RKHs/AcUSjGRQsmMp9Bl/JVCafm3USg1/4BCmf1KofgSKZTIHT9TKIf/BIVSsQ2FsufvpVDG
Hpdk/yGFovV7FMr45h9QKI+gFErw1f/zFEoQhEKJ/oVCoUz+SqHc/YFCufSNQuH+KxSKJbUHM8uC
7gbuC7z3bMhTf+pOpeL1Yt83028UvCmGasQFmg+4UIgrM2k4726FOwhcu3v+HD1FTumQDjdb377V
k4oilF2XRJW4lj/vJE1gpL29SHluZ9RhFgPGKTvnxQnayCMvLs+gl7lEb4s3dTtRmBR5EvbPwfgX
PCkXFex0Jwo3nE0GNYbhXp8Oy1NW1RR78g1Rd1p2aI31HrqQQ6XjeLtEpcXROsTf2v1U+3mqNP0d
cXteZB+4dowekal+fYjzQj4/lRTr3auN1/mKOThayO+fvWM67/nShlNScl7yAVdtbS1XrbfJbaxt
UVTS1KRt5ZvjaHSiTG2UZ1pTLe5GDfnn1zcHXkkO4PaEDx/LW5jqvW0voGW13i8+3m/vPHomV0Q1
xL6WRPTyJImlM98bRol2NQZdgTa9hKdcgU8f5NYVvDfgZAgRZg7suE7luVuh3zeEOb4589rYZMOd
hsPS4aktJS0dmZ3a/ZJ3zoxrqNxp7EgUxVVHd1+pnI4UY+aLNH4mOTjv8Pq84GmuZ1zPOC65jTqo
nBKjCOAx8W2KChQyp/echLuwbIjhulQjW2v8XqYb5/FhDmRvda9qGQ5tDXzsMUlincO/Wb/vJCw+
IFLK31jon6S7NKpct+rZw2r77litpk3m5tsXudp+Ph8Ei92ZXxptTih4/zRE2a0tECVmUS0tKe9L
x7M6STAeSmagFQpY35+3nJAeHetm4ge/Z616wnQsvNojQbuuq4j8UB0ppsCka5JuknMoBzuz6q8i
6/b6PdsxHSalGoFnewnBw42xJym4xhYXIlldGfKibw/VC7shV6bFn7caVA1Vc9kbDwT4FDGVXrPY
4PJvGnrjwd7GUkP+aT6d5biJuNf7gdcsHEun9pexL59SeRwfyosOC7UOCuCVWnb0iOYnXF+MqFEZ
pLxFGrnvqkrkZYU1qlnf7IrGwsG+avnbVUI7Nq747BZtu2beiF87oSskJTXALh/ygbQy+tj4tCXZ
FsdfoVAafqZQ0EQKRfo/jUJB/D6F0jBTOOHdvtz4VygU+n0zv1Ao3j7HYwqNe5emk75RKG3HdAx/
oFD6v1Eou36lUO4/kv0thRIs8PzvplDOCqT9QKHsI9U1sBorrG3WHGRy56k9VFg/n1O9ZWaP6xq2
X02/GmW/18T/RvXMKrmgx15lElb8ZdU9J8dbVekRRYg96Izl/WQkXBcbJh/Ga6CLu/KKj3f2Vkyu
tq3MWXunVXIjDVcTbN96vms9J8Vd31dGzsJtlpUxeV2wX+xByXAvWfZT4RwhXbonRr7YUmupjvjf
p1BEt6FQQv5pCqWFSKGgtqFQGC7/VQrF+F+lUEKCU/4shfLgqf9foVCytEtNe4kUSrEPlEJJ/Fcp
lLt/kULZaPb3eo+t+AMKZbLkb6RQdiUZLnzsva85oPVGMIkUKVpgUnv7GeehWyn+ARYt3ymUpT9B
ocT851Aoyyyr8bp921AoVF8pFOnvFIoUiEIRbaL5b6JQ9vyWQtnxDymUZK68xYr/RRSK1J+mUCre
N5zsqKlJzpv9RqGQESmUua8UyuvfUCgYcZGtHyiU179QKHR/I4WC9ir2UoFQKI/+JgrFvjfxoVow
c2XJBpFCydueQkn9v0yhdMQXo9OezH1sttMtdVH54LHS83yL5CjDVantHkh/P/ILhYL9Kv1lOxCv
gpEJh5IahzYHHHYMdwzNoeJsdJHgwaEsIXXG3o5g5kbg+7XQL7uweE85ONiYcciZudvZE8w40MeQ
Pyj9svuIV0IEAYMj4TDgJx6NQMJ1YTAe4O931R/f+ChftDd1NjG7yPGtZaocwmeAuyA+Gf9W6y8C
K3s7CSMC8S3Oz5u/FOxNfxRQ/PpU2u2imTkFDPgCSwH7/uHAoNFINIc5x1cZCvgDA/rn6zd2HL/o
oWHw38qQaCyeiMSA9GAIBESGwkFlGBgGLIPjEXiwDAlHgvSQGAQMAWkL/uubIlAdWPg2dcBwUBmx
O8H1wqEyJB5SBxKOhdwbEomF6qHwkHqBOwHfLxqJwuDB94bDI8HXA/TwcLAMhYWB24JGY8F9RdRD
gMcX0AOPLyDDgduHxKIw4Psl9j0C0j4M8X0J+Hp4NESGQeOgMiwcWgcMUhaLQKEh94vBEf+jULAe
pP+wCDTYXuAoDBw6vl//9du24FDEN5W/LYtFw7E4qAwF7tPtrodHwdEgPTgcg0aBbRcH2Br43nAY
NBI8loAM0lc4LAriC1gEHgG2cSwOi4PKcBBfBSwDCb43QAYZD6DNaBx4LHE4FNgXgPaB/Zwog9gG
DouGjCUgw+LBY4lGYiHtw2Ig4wb0MwIFleGQ0OuhoHWgwHMJ0YbAvg/IENvZCxzsWxg4DA4ui8Vg
UBAZGgG2DaIe+HqADAvuZ6DvMSgEWA8L8WmgLA4L7gNADzy+gAyLA9szGoeF9CkeiQXbLlAWcGqo
Hhoqw4FtEgnDQ+ZOBGCl4Lnz2wc8h2HRkHlyOz08FgmeIxBoGB7SFiQOOodtez0YHgkqiyDOxgiw
DI0Bjy8CBSwz4LIoYBUH6wGLMtgvEUgsErxOAyseMMLQtoDncWJZsG0Q2wKODxBIYAmAyIA1BWyT
eAwSvC4Q24IC2wYehcRDyyLAcQQCCcOB52ygLXAcuA8QRO+HloX0ARzwc4gMj0OAyxIXOCy0LEQP
GCM8WAbYEAbcV0AdkHqBNoN9gei/4HUagQXKQvTweHC8gUDDIWsosSw4XiPKwPZM9C1I+3AwLAzU
B0S/BK8VRBm4r4g+gwHHcEg8DhpjApWgIGUx4DYDZbHgNQCQ4eHgskCsArYrJAqOAK8pSBQxDobq
ged7QIZEISFtBj5gPQQCHK8BZaGxHqAHXj8AGQrsM0Q7APsC0BA0Dno9yHpJ1APbPSCDxI7E+4CM
JQqFh8xrKCQOAbkeCgcZDxSQQkD6Co+C2AYKMCFIX6HhSMj1MNuMETSGA+pA48H1ojBIcDwE6OEg
uQYacFWwb6GwKGi/AGqQOrBIyFqBAhZ+SHyPh0HiXRQ0pgbKYiB+DmQBYD8HZEhwTEjsA3CMCSwK
yG38DQGes4HrodCQNhPdHyJDQf0Nh4fYMxqOgYwvGpiattGDjDkQZkPmA2B0wXE2EkitwTkdUBZq
u4AeCnI9BAocyxP7D9IvwHQP8Wk0ApL3EPWgfYDcxqeBAAEiQ8HAcRhQFurTgB44NgNkcBzEnoFl
EFIH4JfQepHQHAyFh/gRYFXg2JY4HuD4GdDDQNuCRkB8BtCDjhsQ3kN9BvpcAI2B5PZAWUiOQ5z9
cJA2Y7d7pgDJ6QA9LBzqM9vYEBYOjmkAGQY6N2Fx4FiZOCdC24xDgXN2QAZYEaQsFuozeCweOkZ4
iL9hgNgWkpMgYBCfAbIoSF8B0Tg43yI+KwDnTEhiSgeRAa4FkQGKkLgdB4f4ApBVQHwf0IP4AhYH
iSeJeTw4/wAmbDhkrsOhMJB5HNBDgm0DGA6I3QMuDVnzgKgEMpZ4OBwyFwN6kDUZD8dA7AoPBCbg
NgPLKsQOgJgaDi2LgYPvA4/CgeNTYi4EuV8gXMND2ofd5npADAe5Nxxk/UURexoHlYHnTkCGB/cf
UfZjrka4aGRlY3bx61NUNSsP4pNQLIewqr09geNrLk58SCprZ27P8fNGclkJDj0OUTza2MwYbmKC
wJkamQC2Zow0wpsYG6NxRmY4NAoLF6P4Y5Vvu9edCEYXCV+ftRKfpuJxFFxckkpSFKYXjcwJQnb2
BIKVnYWlka2QJYHggBAyszO56O5AfIwrBIMfczA1J/kLH2IXYFAo4m844Fk//iY+2yAmgyRwBNAL
QBiIxMBJiHkfFk7CAfsrlf7ZjzOxYzg4SMxsXN3tTP+x3h99/7/0w6UsISUEP4ai4KqfuZlC8Su/
/cv+8K+P67fbDv7DbvD4fC0Fp36pveXTWucvBiJpH306HKRqpzhzL9FRtUf1foDiPgGaMAx3cfNs
Z0Foq7Bwzj1Tr6IEQspZ9jDuYhKGubc/re28svvwsL1ra+PgMMYv7YNfleGTGa5q7efh8OeynuyK
/rnXOdgUPpnmFE64UzqsPyhNlhzyMPIcSMijGWx7sXzN7vrR6OcwvWXdqMP3lqOkjrArnddcaa1I
9mx/R/0l2fdh5HzDRLr/obVLDPOSx6UzNfMuIdf7KDnhFGR5ngPHSx+yxlLob9W88FuH+258Rjt5
hO6sGROSOMVY6T7Q9/Bic7XIJPM6dbqiZjGq2C/mdi9bpdNnbQHf5ZkyzMPLDjNR+yZV4oMcWaXF
Hpq4Oj8KucBvltA4nNfYXOJyViunfad3TIvd8Gq/gJymy6oLq3Nr3IxWv82yVmuXyqHClbVTMlIp
EhIqdJ6c752med3qq8P9es/qvHDujtDGZ4Q8zpekpGEfY47fqWB+9lCaYBCaEOl13VdmR7v24iXW
9zMeJZX0jvvrXt2nWyZllZ5nkitn6fjpBqEes6SKl7bkbVRVo7s1GXQuIq9xP3uE3m0u0dBrBYRs
wbSa46nvo54M2pdHhrPFPNuSfwdjC3YIO3l6/L+Ye/N4KL/+f7xd9qWyb5HsY67Zx77vlH1XlrFk
zZIlWpSUpRBKaCFKdkmECqGQJaUkSaVSUkKE6neNmVFvVzO57+/7cz9+/plx5lzntZzXeb6Wc67r
4lhzwX1yjhWbeDz9hB2rignMBMehhno+seKO8pPAzxvsjh7J103mqoTj+zibj8lNO7BGJUzn+L87
N3k9/q6S5dzlDYzMm/vp7xzJEXD3n0NYdJpaHD1yLPT8OkNxz08vcjCayZcK2vpaPq2yVk701qU7
I8NjXT5jLXHsS3kpb4BIrclEs1PLvVfCrzfrFO18L7KxIk2jndel6mKlX3DejSL2nHvf773jjgWG
T5rbGR4RPedpGRVySA2W32Vd2LU+2ndzhQ1LrfcTNa6XL8wPsOa7w91DGj1WntD79u3eiRVjh/rv
TdbJmI81aXKon7jird9RYnFi+/vWolHG84EX4GcCD+flbdz5I+2MtcPd+JK7KWftHIQL7kUMJO2k
s9NZ1yvguGW/bpdjGLtpaqGNaEJyu7DRl5iWjNLXXgdTnno3nkt2vIReW5Nnkf5lvrE80Mi8MLRP
epBDb/BuS/KN2E0lLK4TQpPjakmC2X5aqkaut7jKJs9Gdk09vTzcCnx7hCl927+tL2Rw5kDc4Vk7
l6xtoqdsE5rLD1zJ/JLDGftAu/umxPV+SxG+6w+OFLzMdJ5Qxslx3ld6EzPw4jL7taifm5At3+RN
0jVzkrjz2O9sZsX/jNnVspLeLnE07InbOL6sRNb+lSlnEXdz2Y6eQbfyooSMt83BcdGvWTqrP1vC
MPaRB+e2ibf2uj58uaF7PffxrTXZL0M3HO2MMmXLkYqL1BL45lod78yys/NnCIzFXuY0153ADikr
7IhaRuuWLwYsZjbYwNjtsyu9kLu9L2uvqZPcbirAV2s1c1t75Nz8DkRmkuH4mvJ9/an1vAEVPMFM
h6/5th/5yKQInLXVe6N4fJ/+BQW071s59Ul4Jqu8jnzKteJa/qEcoSeX33Fqn5or0dDTDcozT93E
LJt1pRz2VCpSpe7AB04+f9eYVwOH39Plb9hN4H5QyhfvcfmoJq+YYIHkrEPjZ9ePYgIP7pR/0vQu
E1pXtj/8qFLgRQvkjoAaQtOMf8u4qEjnt/gTvrrGuUB5AIq5ds1Px1V982307gl8J7RS8vJ3fJvP
GN559NM+df7LX7sLf75NsBc5vF9Jo/Liq8Gz8HIMZPuWspkKIDCYxX1TPARMEfDloGlT+mBghjZb
y+A36T1fkl3zbvq3fBI/IVOj5yZf/AreE2MstD5zy641M6rHpgbd1RCFs103OhyZBDcnfhsTFNrT
ZzdWv4njmZOS70TRxBgmKvitLrfl1T2rsJyOHIe4+Cv3vdyrrrZxa2Ozh/swk7t+VeT++SjxAYWA
lOhXWwcbtGIf0AuyHcwITSzOPKRHz/5DSz9096qR3rDVfj23sgoefnvN36H0/kbnA2YOdq3xy3Nl
Y9fyg/fv8Sy3YG0Znq70MbxV0FYsFziTmIf1t3jrNviVYNY4uSNsMKJ7XYp0Xb2SHEfZW0nd/YHP
L/ad0te4GkU4xPn+5t65pyYHt+uHvfoUKi+Yvm5yNZeUsaZII3fDlo3d54/nJNtbMaJ1TuVXrbhd
4HbG+ZQQLGZm8MOxvSrwr6rNIoZRG6YVmxXE4iM358o/O9jYMFwVlLrePMJZlQHjbao3NFd/TNF5
76CrBZ2Nw+1gs3MCXx2ZeHYnbLLZMl5acTSeO1G9TFT0y9HRGyNXN7eW77q7ZQdw8oXxdMVpFx1t
exetI6xJLajOFq/WuKvyfIWSsh1PXSxlWvk9H3nNFE5kSc4pPTud9yhPLpiOoDQ6ZfTc/HMZt26x
vs96gz2OV0MKqyL4I1Os4+HOqja6sZqC+bl8zCWYyMErV2++74gvLqdzqD1j8719vWjxt8y7itsO
O3nL3jmq2J+FaeJm17E3c3WSH21VzxhNZN8xitd+xohLGhp4vy6pSUJ0nSKjifZr9n7CRJFjRmFX
6bs5mVt75eGMd496Fd71N309d+GahOgX73tOsQiR41W+U/p8Dm9nj+UeCXa9U5fIbpO4BufOOKrF
g34xocOTKlSgdbUpYsZCZbUwFvGeV7r8SaNd73VQNZ+/MUZIqXAmFLhrkJTBWS2Scrboju4wl09B
GdP+A2v5rqse22IqbpnYL3KrIMMvFdYbrjAZ4ijVetSKXRyRqVBVXH4k/u62u7AnSezSrzRkdUw/
XxidbR5tUb67Nk3Eq2f084dODe1aZ603dA0GF9GumvvUK111tAuFy3ck3BzcXLGLNW7MmOuz56Wa
n7CZviT2Emdj17McJt7jJpgPcrIbha7KZ8/mFEq9wxLo+keND52dG7aLr/Bmqi4XzBj5lOLfWb+1
pA9pad+66cHLlPh34BWCV2etpdSVUXmWGm36Gje7cZIKLfzpFo9+zA9+YN1jf9W9sOqZ7pqDTdqb
0KUbvbNO0HMnCa3yvhqTjT9sXR3FFCL49mEf7tK6+Qtequ4CqyoM46vS4CITG3ZsudkUr8sss7Yf
NcvOk6oiMpfoRBgcwSA1MgX647qU93C1VW+I8N3EEwwaXuHht1qVrSxSKqkCp54R6K4hDFsrfdBp
Uy6B7Mqv9kwfxvMoIF5uki6Hsyed4bWIc7jl2f6BhVPLKWi6MI11rutYXKbGCWcZpuMlAiUZ+0Jt
rt6r9L9hr1Qh5rjeuiKvULX5FlPJTOTM2y9vjSp7z/8QGSsan1CYVHzADj10QrmTFQB+vWbut5sE
F2NA5HJgq8jayK8fx1Y3Z8UU0Se7UzrN1eDrmGT/RZ8DEejdLHEidLa8fd5bTMQkLz23m2sLOZIs
oABs32llzHaPA89/M2zC7bQf/EsE9/i2vUaxz+85MBn0TBzcP1mO5TGq88dE+z+wb7m6+91aNh3k
TY9RgtLZkcaBlq9HtkZ++NYhU3Hq4oFbb1zDtVlr73lwNih+QBvMsvX48YcOBa2byJ5WqM3Y/zGr
c++5vfef9Y69U+nLaq/FnZWv4crVcsgWOOuZZOOhgrXIrSgy8Cw0fNETsY/xLSEbm5p65fDA5TtX
1u5ar70v9MXzn8/2vNh7dfxO9duQyo9PGHVO3ju4m/VAZYmFrXitnOMu7vHS3UyNO1+uVVPFmK46
R6cuZWTK17h+PSPX2wnWntAVDxquwrd7Wkgeknyyqa5C+vDFXl4DxrWxDw60PqkVCk1SyT7qKJ/D
mFtYZmueKnPqgNz6tvKV39tqBuXV0PwJYTvYjFrOfqIzeh3jflYzg9mq15LR80iqikwXd9kW9xtR
kYoJSiqxrJz7Dl84FD6qMzbgH6O/OtiHm/lIaafws+mhobFVhuUNq5zW39F/6X0Pd0xx8LZpcXfV
0Lop3in2TMkAmPJTo/L1qeFbn3O0SnJ8Z7T5EtspvUU6XIVFZVS/ILxa5Fyien2lubblJ4W4eBXB
MKfXGqjjtcK+Ad/HGuckuHUcmm6Lj4rTMSr+WOMZui3/rcjQ3OaEUKNv32LX5UrlM+YBCb7bYeM8
syLufTsleILSz49owDCHHWO3dgeopQu3iV54x3Dd5uEMbxLbiZbu49255WlR1RxNxx+//tBVeLL4
BVPehkutc9IqURYVE5qPLI6z5Cq1utlumm9XE5hxwc7JjrBrpqtntxrCvGT5fx71Dk7P7sDGrAJW
ZN8MfxOzara2W8XYeFbnhRv27rW16g6y13RtzqfYxesV3rUeQp1F3svpGpXoMlQxMqs2qlhpo7dm
mw9HCrPHvKWB0R02+kHc/q+YoZsnH1kZF2nBPNlM5d0qKppWcmup5loP72r0Rm4/yuya7J3+9JEI
Rss0ozU+72H11NOgTLNm5zxUXyldxKZqEzsLTHxys31ES0UnK1LPSUTP17u0NXPN8/Ub78X0n9ow
bt6t+bJnzylV06K7Cdpuqg839iSXBbJ7+qQzbLgunbb1S5vTd5mP78UM+Te+Ck6hA7xkrtE7aWgO
fih0NnZ/3n4ij+5NvvM+88OFcV+uScWM2eVs7nGbsduklqh1MN/1mvWD0F5BEafNZ0vzA+LpNm7U
6NplwtfW0I5PObbmBFeH/nYBR1EjqVyL9quir+tKTj7yvVhquWXb6yq3k+YqR+f3KnWcq31xRMTI
JKcWac0r8oN3MNkqbeOjbL3OtfJHSqLbm6K4H81mvZZAqU1d6LXfHpuW5XrOcjCV/avThVRdOvuw
u7LZ7WeLzK3rdcWkOoGylCrUzfMDL87bXEdvkcBjf3Z5HUoV7rudFlKxyT7uwZhCxJqLjG1x8Dat
DfzJmY2a2duPoXK3vJVxNzxQaHfhlLl8z/WZCtWr6n2pBVk2Pl4dgqmPRzVP9l/UPSalKxvGfOHE
sc6EgmaDFqzN1rAskfNwfhXnh3uuMK7pGddSWgcben6jOfjmzh+bNn08vDHJzfKygKKYyUe6pk/0
3WgXGAF/+v6sX8VL9xh6fk1g6uLujNtqj+lr/c5ahxXxdq0/On3FHpv1sCRw5ti7ucKgXef3T/mr
fGI9I20/WDVXM9HJyhXy1j1i/8+RyS8BIT3xuOQ7k7Nvhsqz6kPkKp8P2jtk7TiHflNs/DOPMaZq
f6DCrapq5bpRbP5WI75Urkfi2eip4xmaDp5bJbfvvzmYFvTYsnOVH0JA40XLJOwZxu/gp055r/ON
d+MkOeYMFMMFzlbOh77RYsbLuzz/WnrNvT/rmqmVjGTNWJKxzgPfF2kMqOmVdyU7BgtF6g/FpXim
6z18Y3UJwRHqy/j0ZPpudYMt1ibtXLrJ1Xc40LsdZNAvLbtQYyw8OkfDwsP23ndQfxX37NsDHr8o
vXdGor4/Iv14m2NagAyzNluL4ow9xilPBnYXEnp+NJwott8+vls3pvtOQujAueQNra3aPoyGllHv
3Zwq6Sws7xwsENlRvc+McVhCnsckpj3Gp2Eq/PHpxqG383uHbe/26Ldlskiv/rG/gdtx/81nsWLq
MzMcUWLfv3N1DhZOQUNsygFJAAMsxthYLMRZYXHLcVZ1Vv2+oLOKnLZi+vJAdiey937amUuO19c+
wGTgrGVileEcslcTtSwu8s6VfU/e974jMVmmxbfsSfhj4+wnIp3tmel4jcgjkhM79T99PVOs8/Zx
4N2pu6vDH3+TONMso+u8XiSE+SR8p3K7O73DLsD2uMcluse3rv98kdcp2tmgvlfv8Wfvg130++qz
PTluO+MDtiqdftX5zF0t87az0iyzoJxygiNMe3/8s+ecIbMl/jmH778ta4o04zU51WDo+DDC83xk
XYmURUZeytO7Gx3lOK0+lxt+8CFclLqwI5U3WHzX50uOqmNrAznpDrLGGUxy7SxL5kWkYrxMeC/v
spCURZknAOXtB93Tt+AcD8icuuIYyAgzyLldeIc3Pnze4/U37zdGJ1nM3I6KnbKzXZnAeT5NeM/Z
3czT2RLvzlwJkJzI23O5qr2wSk1Vve8jd06doXn2Fvvr+rc/TvF1Sd4Q/gyzcarqPHH601w9rEr7
RDf3s4IvSQc3/RR5YZbDnrNxY4FJvpR8iFjyYXZbkc5IjECjgwvLIeT0+4axW6fc1ta2z7JeARqP
cp3CMr3YJBLLvMMqmrtnAFOVK8UQvI3pU6GXdVsE4YXxTp83py1M4pi2RMfhX26Sb+/ZpDvg/NnQ
Qtt1G8sryxXSLlKsW7+Gj5UxX5bjHnz57ZGT5sD7Y5KTQ8fbMvZJRzSlWMz8pFsz0jbP9VR8UpFT
LUXTOjmpaPKDVef3J3HbHuk4bSyzSRxNn5lJ6BJX439qd/JsgvfdI4PAEGt1Y0LLvYmY199+iodN
SM5umL/0mtlwXuPL0QQ9WYab9Qw/8NK2RyP75jfpR/FkzClrSsz05Psp3WTP38R1LuySyNYzHU9Q
LNPtOMcG4fKQrZEa8o7PpQbouWJXl4xfv7y2s3K7/6HvO7w3bzCwEbEL6T+4yiZh8yOcjGKZXnRP
j4KafMDtuVA6ye1e2+OeS4oWNozRmzz1eMsbG9+zn2PvfHHFrrymMzmquTc2PD+40+H8j+BddUP5
K+tkmQetea71rHTSj3aJfoyJ8Dx+dPKq7L0aw2oB3Nwq/QfGg/w9u4wZYm+ESnh4bvbcnghailnu
UIWUVnH867SDShtej/KUTb+en49vZjgidsrH+vjKuAtpBg/enXWXfptVlHKqqvi2beCaEJYTdvw+
R1chdByTpnLsJ3l4e4LaLza/9uBdJZapi57nETztFri+7Mg4YjTxRZAAxwx93HyoR9OD6Ohbb+zO
+NueaTaO9OFrabHMZjbeXntz902GtBNlQeccHevm1k1zHnQ/zSKKTo2z9CrzknGNlGRUvLkzRsCT
x+Ylm2zpgzGGZ+Y9b0fjHk6OD13UbgByXK/J8Wev98rlu1nsFmSFqmqqKq537M1+mBy/c6CvnIfJ
uvVWwYXiOwz3jVPsFTHrDsaceX1n9nAyl7jMuNu4oGLO6jR/xVHJTh77a8N+gR+afD9pmNSWReY6
NL5rPuvms01A45nkgR6Gx1t1kuNX9AsWffA7m6fupU83FSJX0PGg77NM33aba+kjQad3ielUN6/u
Szr7sSF0brLkJqqp8+V5jmuOj9QL8rQ7WcTaBWAKP81lAwt1376MZhz/+PH+qud1O5i8ndcqH448
mqtQKnpwvprDeqouO79c06n0opM0f1w016S1erXwsZR8bqEwTniHWbJi+5GYbV4KmJZKvtk52UG+
ypybzENvpub627gu8jHf27wrx3JMLwqhOLpdj3XTw8ZQhLaAexTziQH36xaOE4aqzW3mmcFVmqLO
r0biBXdrfhUNsDUezZzdLC3AVbkmNEl00O2ab+6rlQq19Vooh5DGkixMepen7CfjK9/VVC+9YFM0
dx8MKZ+/oITad3gPU4TKEPd6d2AiR2lvYnFoOmPkUEfSvUxOw2xJxkZ4eesBZOJd63H06C1HX6lj
15i3FdhyvmhyCc9jHhr60Lipc+1hITq11zPTfitaCHsgDgBLeR4RgEItZis4aJEFv7wiixWYregy
gdkK280gRusrYnY/PLb1GdXIdmEGNOudTV7D0zy8dunldMS/nH3y40sy8osOhwur3eoPG00EOhNP
vH4l+n3TEac1Gj9Gzto82rtbKTp1ROu2SvgjgyNX/VHn6iXGO8cjFBlcThu/me96Yvd1xm3N4/17
fl4w2LE3Cck4IFrwYjrFsHOE1QmReULY4Wtt2/q8ST/emJw+/gdXpvkUt92adLxUdyv8h697yMy5
0a0T/vJZ+JpPu+JuaPPZ7yqr6KorPqPt2d/7wDq9vh/1fU3JB0M/PmkL5jmzdAvGh2ysOeyNfEaN
fR4bNWbPfl71ZNVmabFezoDodbsIF5qZEtht0+yquHLbo7USe1WPPG3NbZ/5bup52y/hYX/9hHud
BIt4t//Nq7YSLl4mm80b3NZ2mSTk7rTPS2S2Xruq99rTh6yGsb2c+gY10Z8aEk0qt8h6m9u9KU2q
PLCvKEis9Wbc1zc6ujEvt8S/Cq2YmLf0+Sw49QJXysr1U/XQGTYr4S/2CBYTdcudlRjV6gB3VtWz
zaLvM9VtNmjeBU4e2SDD1FLvuRvv/IRxi9D6oqSpVh70ZXrDJ00BxwxsFD6dT9tp29puhotiutx7
Y0P6rohsn80h9ADzSn/cyNNja55hXJ9Xb84QsbrfIdR/QLtAm8eEBVc2eVbqaHpTpvIm89Dh7VlH
f9K3J8gYxIacsmrXOFCh+hHxGT53HSsZUauvMF+kNu15q7Ty2Gq7Mweqx5knlHPsWjnwJelXjh3p
Ncl1/YpUw2UlV/WlP2W737X7422HbTiuhLj05Pxh/V5DyXX9Dt8NOyNzfkStaBdX/kav1+7PPefL
DNOIcj62JvryquOBm41Unda8UVY4pXnn6p2RjrK3NUKrPT4kn5lGlT0JYdNxCQGePMaFSOLNk08o
OT9KEC0/mHHd6vonuWkt1LNXLbKGBORFHfOQByxaVrdbY7+dN07Uf1Pq7WNwuMUvKLqmFXdDztbm
TXFMkEHT8Nir0HessbXvlViNu34GhgeHTSXfSLFN0G1eMVdyPsVri6phopJ3Ul/a1UBVoQYHnRO3
GCevfD58sd2kAGERMM1WJLFhdZWYqn9Z9uX7wIBQk/SHZ+L30DFvsdNu9frlGhbJ4anF3wCvLM4H
l+IbaiPGszWmBRotnuTHH9iXX45e284zoqCnSFfmuSrhzSv/0zP0KPl+14wjOU7JinBBxK0bHj93
rhq+/L009MUUV056u8dnowiUU1BxqNuEv6CRG2u7meIpVL+l7ev1XL0Mu1Qeh3e3C7F8vThVFKI2
e01B7lkYm/Rmr1cjtq/0bU6xPRYYmePbKjRSlRTHQec9y/4owLt0D3MPZiDCZdj9yknjPQ3v2vX9
rjcUslXomYvbvk/ImMzedZdLb9/WPQP71WL3BJ5TO7jGvtHUOV0l93t1Libvo+yZH6z6e1/PsGj2
nO8yXjVfmBNSLO9bbFLy9aeFt1/JYPoAE+bjSwPsexaUtbfC1tL3N3Y3xx20nhmZUXtYf6y8TV4Y
Xk+X/lZsD7qSL/exTsBE7OaJXuctVikSzVdUhJM+PiS87d07sJ7zmk6s1nqUZRSzQMwO0ZGcK20f
fS3Kzpyq22DYfUWE8UiVp/GV0PDaAv4jNbawkcqdb0/7TWewe3j2DnWPiX9EBqrvl35+SlKwedub
Lp13caoFrGKt7HZdlk933a9hRGbdyC3qlus9HXKh2qeGcZ8kQlEmKOXCnAPXOYaPCedCa14wmQdY
WN88YPFqOkvxsWID64WsbT05ocYetYYJnUUjLc35/I91H2XfucB1i16Id9tm3SNDoYrG9tIRz0Lk
FCPq3pRwmn+NO3LziCqK7zPXaUBxX+SPLZbr7w2YSEjPft+gcHXqDAS+8YvFJiR28T07ABwOwe+F
YwfLiOCtHQIzcBsjp0uqXp0a6DgQe3jm6fWLZXYhJ1FeyJqekdcHd/bl1asezkwQOrnjppUq/6sn
He1p9B1r+IqDuvHTr44qlK5fa7D/TGDtaCT/Xrjc3o2TOh17jw9vUPhcv+c9krXKiDvU9/w200k3
JaXkhpnAibV0A1MeaFnUpVD6S5uNBV6sfWl9kHmo0Krm4ouhcy1HP9Kxwfbeaoz57O7H9vXH+0cu
GWFFP9ElG9g6JwrCdNI5EBtaFU92G6oFRkjH2l+xSEuROjZkwO1YLxw3fGO73tn6ZinLbwmJt2V2
XRf8xHXqvgR9lZmSoHhFQfTcSvrLH67nia84VW2vLVXNBedEbtbijDOtQeXv6M9o3xwPZHrFolbM
c6e7b2Hf5QZLkfJNLpe/6qV0FPHSlJFHocTw+nGzpDRGp9trgRf6r9NXusxzwr4Q8ve/azPBRG9Y
xSVyP7l//vnM5/6xLd/lPqjrigluPIxo1Y9wrEqubn2lGL13s8F9FlHL/Z3WtQ/Wqmx0iXEareKe
MfIwDn59uoQdkL0uPebNyRZzrbbh1a3q2ugth9TfBEq2frl3OdTFI8fnPjNPj4OMseWERf6VKrHw
9iNDEwJHLGzPmJhc7La9q74669g3tEjY6bcXDO+g0DuzwzoYL7Lj0S8UW9/kWz9WQXVvWHWIkBwb
KWP17P2aO07vuLeKON7TLBoCFM8p1tMrb+fQsZDqXdcJfA4vNgA6LUz7WQRT7gYdnUwozq5v9oLl
vpix/so9yBwT+Tk9bcBJMlDx+4o9AuxFLttCKxh61V5etc/fkiGXPbw1M8c8fTgyIvNb2/0q+aw5
iz5FveDIhBRVzuHIqKZhgeQepyc3nn0cVayV6CmXbzNlNShssR1jzctPEDDnE9LrwY7wsqoA+oe8
ZEoQZ9zUe8Me/zQrXDlgbHB6mMMyt+tHd9Wa1EaJjPej7Dr3+ONqLESaTF1PH34pGBcSote4Sv/Z
7ZVjznxuwaLy34PWpoQ4wK4rcXdZxFXiRR+y2F4VrTqf/8577UpRa/M9lv7s90JXotYrmrawVQb4
TF3R+nD7c/7+omMyr+zzklYeMjLe12h5LHPbrIDzS/+Xm3MzX8l+XUWvrGmV6N+2GeUx15VYCKjI
FKy88yb1vrIqf7PDmtcy7F8qNUfUriijhO3YphqjD2gMvK26mW/Xox0/P3CUXd86ZuAN/rPMqSqj
yG6JD6nBfKG1w42h7EzWFfLmNyq30b91zAmyeawfsjfc/EaO99cPttfPv+GIC0W1+H458lpgq0hW
dnraDYvCyCIXn93S8TmmX4P3RzwMm0vimJ2ke+/yUXBuRN6sWwM9jtsxMvaVJetRXvitFpaR5z5B
hr0OStPeTNolw991XQip40nN8uzRHG3YVDbbd0ZtbsEEwEHosapcTeYZrgejwbMnC65+4ts3eFD8
De5OZZ3s2a+yeQYfex7m+bTEXJcQLIo/sR21ERuwSc/hWfe7xJlx2eNikUEBtvVKvIbKor05arg7
dXRj7L0HxGaEHgIMFqGpwg5D7T5cc+UJSoONeyMKhmyytJSmlVKSHNt0EoQu+Qa/Xb+v6GYVnXz/
HoHDvhxyyahHDeMFaXQbxCa8f5QPPU0+eC0tYp9DAIpxHc+bW2wc7DFwKT+n023cjGnqySL4gddq
MWfK3xxama0uI/7EQ//61cfizzT6hnCyrMx8aQ4D+AZtK6UJfJ1kq2zHd6MnnpgaW4mrUbytskL9
DOc7tE8+3Ueo3Lar+trDM5oqOeWG741+5re/snuWfX6S92VnXAS7k5OilyNdhHj4/lBRfQun99bv
bG/lNDwJ77NqMD6ttJE7QyxzI0Lv4OyR4k38e04IWd2wu/FYLgnT8vPnylNt3U0Q/CbBMhnAsYut
iD8AOGK5AO7Xj1kA8HcG2Nt5U7J7udfhjJ5eNFCQw8gzRQt5HEvuu3tR33TP96ofXxxMY93Fbei8
GzKFTdVHHL9kBt76wqP48pD7rRtelQLxn0wlpm7TzeW2qo0a6eKyVLmvP/bgjd5yAJX+NM75kPPO
wcmhMaOQQ3KRgjMdMkGnvBm5DFBKTSqJTzKOlMqsKzIQMp03Xs1hnFf6jOXmoU+nzq2zaqsvOfR1
oKN4umS02Sw5b4P7tDZ33hpkjoEW4+qBt6dupLWiorwakVWOsLf+Yojgy8ynVh3fRtAuTo+6PaFR
UwcXOwln2hkWN6c0Vztzu5u/aGfxzHHeddevTpfu3NWCXLc/4vQg7GZU/7HC9Gwvx92BB5SwGZ92
sMwf2HITG9n8vkCbr7qJ2X5Y7ExY8NQm2MaWvd+d18+8YS/+qarBvfYO66XEcDOOI0mNo2NT0rpR
EiNxyf68iaEcWd+4G/q14YxF2wrPmXDPjF0wYTspvL5LdezzzNEavTzPKnXFi9F+65GIw7kdmPKd
Uac0qpoH3b2q8zSqbvfjNc5f2/guiqno4y2dmSzzWK9pYXuzCzw3J1k+5d8dOn7bOW4j81C0C1pB
+PUJnmT1CX7Jaze6t+uuZY3SkNQVRdpM6Voe3tmUuNNwj8mr0+r+s85S+hGIhA57Jrs9eWftuAXK
2oVcxivzWWDm/Od0OO3aVTjtgTqnQsdIsy9cCfkyTVa6DXGPWT8JR3k84VMWe9FyNnHqJPcjLnXF
BKDZJeRLAjDF+mr31sDKPf0i6c+On6DjmeYU1NNvuKMy8d2Mb2M9arfBtih1vqbTfbsrd0TaDalI
33BZJ7bPk93Bl7t9TVNhwAqb23ySbbF1Dz/zCdW9KWWrlaiSONcQca8XVWDdpgEfZf4qrKebso5N
B0jj+bnx6/d9274eDR7bjuVrkggodXn0xNdptKlu6MQmUZbVDzbFTxw6921GbrYheeP5mA06uav3
V7xdK7TJBvPSuaWUPxV2alK82ENdhOnZhhbWp/pm179o2u0Y61NzNy3bn9jLl3L+SY+UUAOfdPF0
HA+3pPTti1Zl7R6hktwWpzclYoLhfCmcXZde7kKlVdkjmK33MkulhEhOEgqul6rURZ+8081mVDqx
/qRZ3dTlPIn6H6JHf9Lhs8LLVx56l8psgb/UEH3f8YrU9ZUbjqugH+Em9yq5ZXIMnvhxwuVsKMeZ
4/GFOmcIDP03bO+Zdn/UjY1lxLTmX6iLNuZN3qLXWXu9rKelT+aAsmBJwj0bB2TShBz8g9f0Pm52
uePbstgO2OyRe33T+Ymmbzr8KSFqS8U25ftr2pg3TfO68L55KHF2oLFmVGATs+XJgliD1de5n2tY
c1v6nT7w2FzS0uI085nV7YQfx6R2hxav3Bs6VHkPj7G3ih1snNPI955GXzJa+7hcotK8CuOd1iP7
zPRg9ZcXvDIPcVYOnJLcbWWIgRrxYLM0zCFnce3wVi5dU+7ZOxMNgWmwWbeRh4wPgloQrnTFu5WT
3r8wDjnYIpPqrfnDqGNffR6vdI1RDr6nduN2fdtrRSPO+74pRIwa3L7AldTVWLQXsEyr3DMYD7u3
576Ud6I2pqS4WnBEXmWy91wzoOdvi5+qjlLyCeY3Frk+W6U3jHsKXPH5Vla1s66MrezWupvFY/PN
vU9m3fmOT0nFoCt1s+UVc3YMVI2P1zsOoGeFy9pXNn0RX5Om4vUENuTj5RNWozq598yaZPr6WiFD
f0nljlW7T2jYjV5v/JYfZ9GP10z6lHb2DWOxLI91+1o+kdHtZoQjpW48186/Cs2tHlKwGzI5Yfd4
5PbdL2Z95tujEt/w1Moyb7/HwSyShNdep6OXM9C84rnu5YFaHemI+JrhlzuLskJHvjQJTWRklMAy
E51rlFwUmH2GVa/GeybUXIjNklhn1Bv70YPwquyRnntbPuF+oWhloO/AsST/67diKi99/xTlfI6v
3ag0F3/13kh3KAq5rtEup7ycWfjAni82TzbnYOvXHNOJkHFT7nhZv8U/SFAn/blU3rnE/P1jrmvD
Rae5V85sYDO7uP5ggMVauwFmMx9k7OoDkRO738mrGj8qvx6dc+28wl0fppf+zgZJBM7qQG/+7ght
k5b6S14WDhwS59kdTG9/fGrcoC2ro8GI9Ym87cnoaJKrsHJSi7kj1JhxH7+TxnPtpzsmHPxS8z7k
GtcVnvdIGV4RaoF+d/LpSTvFTY+nbyR8pXc7gzI6pznH3PvWvhfGfKM16sa1kmLA117TZujEIUFG
Y2zrzMqzW3RPrI1BmvEXJNStq0vN0Hu67v6xlkddwytO0ZmM7QnbuLcKeJau9aYOxZnMvEf27bkC
uWsJ2NOPYq1ebHvmvaH+VWcLXpbnYsFJZMrMxLaPz5WcoZ4Tseg5sejFytXCndhLPScKsayddmLt
Sput7oMVU4Teat143fdIpTWe7yvWncHs3via7XXpVp2XvRtP9TnY9gI/hiOvXnS9xx7uocWTbRgw
2N5RG4ac126UyLsQcSOwcqyu6uyD1inn5BMOU82NNikd7inH+yc8lPVzDuedrM6UmU5TsuHpmfIb
YJWZ7Y1bLRN8ydvolswKpZZoD8XMSxXWX21PAkbjWKPsIMylphvTG5R2zA/U2E8qTz69JjD2WWXo
+NvuIHnGKqtUd7syofldjx6YhcxbPG6ezXvQ8SF+3w6Z5z2E1D6fj9fyPX6av7nPbKd/ZLfUWG6P
R1oeveyPA7c2pg146JxLqHv0KHbf1bx8vSKZQOPU8dfMRY9kX307MWMy3MpXk1oQ7nCq9k2ryv7e
uJMeHKxvFbo+fZp/tJpnb+353TIhykqJxXdRaeXqNt6F2/A1tnu3WnQ/Gn4pu2JtLia3o6H16RcO
u89re5qYFbYdv9q865ZY8KWgfF/9m+flrCtPfP9511N+W/a4t+bJb1vObPXUvT3Vj/WU5zknXZdT
Ea2MGkdzTK4sPGxwyJVf7Ngz0IlwrrXLS4iQvGFmidzjl7azLCAvoALFIfRxNqgn1JaPPtnRIjwf
afEtoJ9rUtyTIUVtLOm04orCjMLbtk8+rw3YPP7Vcth2fa7+jTK3V4e3pAc806n8AjOb11W4Te8l
1XVptQVB8vgqpm8xklzsdWYHvU98kBcu1fBYPduljb+YLt1Qna8f2UZ4EeVVblgV1pjOoX2tq6Ib
HyKMf5zbx4Acdnvy+tIHaa6hr8qXHVa0H/l0+MATi+aGwHGGvdMr7lUccolU01FlCG4ppd8fICNp
JDszpvM+pmlo6IWjYKYCDOYt8hjmlfkhKjvL68mFdynFjj/eEeIP1HXUchqahRUkObk4rD9iE5jB
mdJyUzhV8+E1R9x8y7cT+x50WFWdl5Vqf230RuDl0SC9dWKVHDVc9Dx31uPflTfVFLatjJHqiFIK
DbvGxL9F8/IXZqZDx59eP33ZqZqXIzgxe3Uh7OQmvzsCfgizByECuzeqInpSwqbaRellnbBPuax3
8gvtHJ3e3N5/6Yc7YtMT0Z/7mbgEs32NRBwNGuwz7Nuy8zf7HE3wGhVoDBMbfbKbflOZpkVSjNQN
jZ7c5Euq1veOtt4jXHl99Z4pIl0zx1M9h2fWSJ7+zO79bXanLjh2ihl6JjNMHY+P0DqqzHXjdaJA
t3sr83UCDFhfnhp/stS/9JLNTdb4ZNdCiz4uz4PxD5vXaiVZ+1QQSt7zPuqOubGyOrdo1e6ifMvh
r4d975n4S/Ju3+X4QEu3N2GlEOKq49X7qHb+hyPHbWuUw4Ud6uszb9Hb1QtGXuoKOKz4lM6pwsFB
fZvaGseV1jnr+LrXlQ7bHWLmL995Saum46LBAENwjRCDmKul5aNo/6NXsxG5Nj5yLPAOrXTcsZxu
D8OcUEGxq6GP7yX3+QfBGu54WD2QYTVa78QpstohVH3dlos1n1/2lpdlF4RqWlWlHjsfY876RnRF
VPil05PDdz8Garrhjm3tcdi5dcIz/OttRdt38vP7Dm2Tn/eCM4/7G430m6rSJQsypMcEZfOsLfLN
iGa7As941VxTkhI6KB+13fnprmhFXo73mlKhmISOO4DhFU9encYhidHxYIfA1A97wwMrVfNyPHCC
QjYr658zVFtv5Vszxlkzf4CTd7arGieiwOfM/cH6+9bYzmu5fYpnWk72sdceLay416XSeDsysb8F
mBU+VbIq46VN3FSK0X71rGCFBnwx/6czSl3dopvr2coTKh5a+qkVF9sGzgrKF8hvrv2kHGmvOOrk
xWbebLB7/I7/lA1T8dSVxK9SFe8YCf1hBjXF9Wczd2gGEdxwgIPezjsz5a/3Dhz78Kpj57osLqTM
5Kae9LsRVtqmWh7WWXctaxGOcS8/NR/ezl/ud2ikz3yu7Isw/QHHbMYb53130V1zs/iIaTzNeWeK
zTL9wAnHk8aNLF9FUc+dXbWfpdN7iXHmuUkXY5wmnyvsRb3ILDvz6h6K11i+Vfxt3vzK8C1bcuOL
/GwOj1S+GO2ty/ZqVmj8OvjNIXSH+OodNw4Omw4ECrpVsfUPc2zwnPM9rDAUOUwnqttMv2/H+vdt
XHIwDzbHHNc79I/tQ0ycjTJWHcquZTm0+/JaD5nKL0Ct2gspBCCYXX2+Zr3U+67GaPWikZmq2hJC
0PnH72LFmq7erL1w4t3I+HCdLXD/pvLW0OhP+1ds/3nZBerOUIjFnXjUr0TwtzeXLboz0svk/urO
LB22fdBmi+ws4R5XL0k5jTPWDZjb3u34MC5IS/Lie41HMU2O/XajDoMD6BctbXKf0q8djDhvuQtY
f/JOoNubdvzVb/o9EnmSP5mmKwSz7OXy/XNOz7Rw5jQFbRL7sEks7ofyjs6THtptPejBQv5h0ePx
I7Nvh4TWRAo0rUw7Ymfbc4JPtWRcu+J08Yanr3OUCYYG8zB3k3LbnjzBSB0hzP6EDmzODp3I0QMK
37dVxQVX2BevGov++mDXiPi5wrtKzI/ljFwK/a4FOOZOhl2tzg7Melo83uoRHiY19cbS9ozRq8Nt
BmndUnpuFd+iwo+l9LScTcnr1WtNELugIC9V56d8NpO/2+8x1/Hae5rYrTv0pdlVn7LFXmjF6Wz9
6a8Y697tqeig4iKfXmkZdnh9Vvehi+rCB5HXLjZf2Zu0J8XOzEw002w6+fC0SF0ge6JbnAcmQ6xT
N4NjZNducYHn1ZsvMWQVmHvsCA41wW7inTiC6DPPYxxW8PyUGzwYeE2AXpq1bcP11NcSY9bC51vF
mWSQ+rlTsRtCv2kD7jZ5p21NLDyMwvKyV9Ltut128VT+pzl+2+x+FvkCQgK9hAN/75ftDLey0gAT
q+YNanSGSZdytD0TPouqH7ppjslANcyy+Mcf3DfnIVhzT+MZiyu372SDW0xMAJv4u5U/c/wFOw8M
16JvvGC1u+1xi86rUCo05eBrFx2pV+5nxR0OnV3FQ1fYrviuIXY0NcEv+0uuZxzHuQtC25u+n+lV
eVXzEFW+/8IzRsOnvboTd0TDgMc/kR9X8TnJZ60N/L5R7BOh/5G8bculAoHQzz/29l2I69qQz1/7
Cdkoc4BR0n569WPEMSulrtdaUX0v6CqFzROAhksaFQa5nJY8bDI5IrzTvJt7j0YFwktTxFnCDXqq
xDv8hRsPZMzKKhxBPQ1tNeHyimj/UtBfcfHpixzDYTZru2/7r7UKwubj2Pfmj1iy5CX1ccuZ1qe5
vhLkFZNdG3Tsu1OtnlF0XikHzxOP0w4HVDZixhz2tzmuvm9ZXbNPba2A5GXG8o/PTXQmvvH7qXzw
+PFc/ukRoaBJmwN64oBdZWVqauidytBcMW6ElfXBn4UXGd+VNkzUavQ51L85HeYkdmKFXX5wu0iJ
w/OCvTpRl0sVnvHpX8ldYbjiyaCGp+Q5QjBq476NXz12PZVyAfyfwIsGGtfJHrk6cm0CK79O49z9
Q3eOtvTPHcr5xsS469A625jvs8d5dT/nvkSdjdmchU54mB5+cdsnsWhcuk5Pk7M4I2/dk3S+gRfP
j+w2NN6wb99u+GcDDVyqrPrXGMHdz84elGsY2SqUsbNj39krO9oMlY4rmYxvEEEa+fsVF07USRtp
sF65wqIU0SadZ36aLW8gUtGeD5CvUdNPDak7lMWk09h3qqANiz6ueZOJt65l1Z3pVSGnU0v8GvED
FxoqdiG1zzHxRvBOSzzRzx56vmLNQQuJq+EDghFOVvQWa8X0URzMQvdF3K5b8gb5WhURnGrf05kb
OO5sfbQ9uzR68lA2XUNlMpP0fOGXkxlzKP7w8VFU7CscKshT0V1Sy6jm8TeXHJnK7zzvSyQcE77x
DWZ+LVEpXtP7brbT6jvXzBw21AmjAUXBxXddAsCv93QCi6eUfkNB0qPS/oqCJveMG+FsdXPSb3ot
V7UYcNaIxx49z2GQ306/e73nmXVnco8XNAy6XPK0OX7A55vN2TA/bT+MKnztyz0nPI/Vhq0Ji5Oo
KgrcyHaweuPtQ0qzD96eVtuoTyevYfD69MY3p743JmOO7inv0rBtqC5/8GDfiwO6LLuOfRWT1Pyq
yRS4WS3VY73oVJRz9Fj32f4PyTtG1nHoJL0LupR6Lyg1vYcxS4Z58kOx5y6fSovuMyLR0rlubFb5
+/wMTaz82/WNvmd67jwc8FjwROmLzIM3tBvv9RbuUvJwKrd+V+ijs/rOqnbuVw5Pyv04vjNcvwZo
pZYkP9haNVhlGDvF3XoF4z7WUInly2aKSbm7etpJWcCu9GCO2P7SMwFCJ4UPdLGYTe4rifdsPnu9
/+PnC8yfVHSEn63xsHrfs3rm5svreaXP6y92N/Fexu02nlNJfrE77XW67MRkbt2z50IVQ9nQPShg
8Xl6SBSw+G7VXzNGfOeL3HYnd4KcEcHV02nhHS7E+iYajxbGoRAODHKmfkHEx9jBwV4BxDe1LJyM
BpsJgX7BAS6EQHCQ7QF+LmaEIDu57ZrawnLmhNAg8Dqt0CAds4VLAdID8EivTQKwlKfhyan5+voF
BdoBC6cXGACA9IEgfZDIACjSx4JXdZBbePCfb1CgMHrJI/UA3P9WJNLbm8gikd7b9LtIpHIwA4Ik
C4I0PoIkC4LEO4KkFNKNsAwIHOmDNCySNCCSNAqSNAqSNAqSNAqSNAqSNAqSNAqSNAqSNAqKNAqK
NAopz2ZAkUZBkUZBkUZBkUZBkUZBkUZBkUZBk0ZBk0ZBk0ZBk0YhvUyXgRTzMJDeestAegMqA+kN
p79NGYBfMmeY36oB/4s5w6J+mzPsogVR5oyEWQykhzoykB/aiCEJgyGpBEMSAUtSCZakEixJJVjk
EnlJLyP6TV4s5n8rL+73ZYeDLDssSRgcSRgcSRgciWkciRqOpBLc0tWHxS4RDfc/Xn547G+i4XFL
RcOThMGThMGTxseThMGT5hePWSITbql54vH/W5kA4HehAAAiFQAnQyOcjI1wMjjC0eRPDPkTS/7E
kT/xZIClAC0ZaSlQS8FaCtgC5PGApToinV34B+4C/2stkTGOrCUkHqIlMugCZNQFyLALkHEXIAMv
QEZegAy9ABl7ATL4AmT0BZAUh0QejwzAABmBATIEAyQM/l1bCIi2UPD/sbbIsE3WFhoB0RaK4mfJ
UpE9AkB2CQDZJwBkpwCQvQJAcgu/S0v2M79Ji0b+j6UlO2KytBgAIi3ZRQFkHwWgyVKR3Pnv0pBd
22/S/H6X2P9Gmn/gAQaKB2RXBWAg65R0+9pv3P+aCcpr/ojcBwrLGXi6BgrbMZBnn+zmyI6NpCwc
qRFPARHyJzm6AMihAEB2dw7CIBvBRIbhvyvvn6ojvugvyMnbz53CBlk7moRAIhKT/jEiBDm5gt2E
AezSdYRdMhOLSmOQ27bdSBhQVl7cwV/Sc0F1xGlwCRK2A7AYGPFJl2g0GoYEowMEgIWhQD2jMRgY
HokCZ0PdL8AVTGAW5hYO/q8GjmNhqidBfGSIvJxckJ+fdyDMkxDkBvMLcJfzd3WTc3bxx+IkGeTM
iP2Ik0V+S6icoaev1y++loY+/+ALgcLAiOC7yBcOAyM+Bfj/lS/83/laauNL9AWHoUAAQOERMCTx
vaIoFElfcCQMh8X/nS/idAYFOLl4EQJ+cbfwPJZAOZfgAOJCkfs7j0tR5Z+6w6BhcBCykQAaRnzK
FhIOfoJghkRgYUjE/+mcLs2q/sEXHgXDEp/yiMDDYcSnjYK8wDDgmkHCETDQsS+Dr4DgwCAC4Rdn
3p4uBN9Agqynr5vf35lD02IOBWBgSBBFECg4DI4nvkAWDcODERICDcAwaNwfmCOuVDkASY3ab5Gu
KXZhuZr+Bga/LV9TPAP+n78iaC4NDB4GYjgW/MCCysPiwLkl/o8DwMn9kxIX+ERQYRNB09pxOBgK
C2IwBpw6OIjreCxxwlDCWNCiMGgMNWIoasRomi0ahB4ECEUUYmgEBlxqf6NFTf8ImqYIwAEY8c2p
GFBrxIc7gxETjPiwUQweCYOj0NSIoakRo2lai4KRiZEF+wstqoItTaH+LBgGByM+OXlRMByIW3/E
zQViGGrElrqZPwtGJkYRjDYtqoItTaD+bIpoDIz42gSKKWIwWNAxIKkRw1IjtjRm/7NgZGIUwWjT
oiYYkrYHpswYCgkjPtd6ccZAz4cAqC5oPDViNLFjUTAyMYpgtGnhqNFaHnggQQHByHhxxlAIGAYO
UEVUgBq15aEHmRpFsr8Qg1Mjtjz4AEAZf1tkCDzoM6jSoobByOWhB4kWRS7apKiKRRM8FmcMhFwc
GNwszhjIAvKPwQ1tH4hcHnqQqVEk+wsxas4FSRM+KDOGBkGX+PTkxSmDg0EJhrp7p4b4yGXhB4Ua
RbS/EKMmGiRl/rNoIOyi8dhF0dBgiApmeVQjAmrmiFoWglCokUX7CzHqoi0LQtAg8OJxGGJKCkOB
AToaC8ZAKOoxATWDRC0LQijUKKLRJoagho4omhCyKNpCgoP+JdpCgkM9KqCqyGWBCIUaRTTaxKiL
tiwYAWP8hfxjUTTw88/5B0k0akEIalkwQqFGEe0vxKgtbNTyYAQJhxHT/sW1hgJgWIB6ZEAtDEEt
D0bI1Cii/YUYNdHQy4MRkCgxO1sUDfQ0f87OSNSo2Qh6eTBCpkYR7S/EqIpGO2mniAbiL/F1MYui
gTkfCk81OEBR86KQot6fRSNTo4hGmxiSWkCHXlYkslCP+G3SiOUIHHXJqMVY6GWhCJkYRTDatKgL
tiwQQYHoS3x9BwVEQBXCEFT9DIqaU0MvC0MoxMiS0aZFXTCaELJIC/QyxEIDhRaYyGPQVMMe6sR+
QxBonQHz25KH1hkwNE3rv6ozUPO8GJqGRSYF4GHEJ0MvkgJhD4elGi5R84QYmnZFLDbhwC6UZBwF
GhoGjv1bNo6gKhhNwwKQOBgeAfxK7nBoGJ5WvvX3SlyAmwsYk2P+Wu7C0LRCSi2OFHzjFuurf4u+
qaE9hqYjI80vaXXhhMFVhUQTlzZxeVEPh6lhPZamGyORIpZAQYSiUEJgQemoEqIWd2BpejAkODhx
6wgBoGDEd/qgwKkmbjogiOsZ+adwcVlziwCAv9eosTTdHUkFABbEF9SvhQssGPp/XCjB0i41oxEw
FGjfABIPI76wg6IEAA2HYalnA1SJoWiBGRZNC8ywy7DA/xDMqBk7jqYFogA4DI4h536glaPBeQCZ
o578Lc8uwFX6V7vA0bRYCmPk9IbCGPX85l9kjKbBopAgHOIQv7ITOBgUIpB/S0+ouUTcX0wWnHwE
OC/gfBDXBxL0MngQLFEAGlwfVG2BavUGtwwnikTgQMEwi3iEBJcL/o8YQVswmk4UiQQzHjwxJ8GA
mTm4FkHaICwTXRDwx8Bi2dMrGggSIL4VAAkD/j7VNDc+cDQ3PvD//sYH1VIYnqZJUvwjxST/uf9I
1SSp+kc8TZskWwloHigwYaBIhgJDFTz1jIFqoRS/HIsE5SAC9qJFgt4C1Ox/bP14mia5dMePokXq
O35/0SLN0I7s98jmv+j3qNo/7eIlHkvLjvE4WnZMOqb0LxsytXiXdBZqmbE1Zb7/EltTrXuSDlxR
j3dBn4JD4hY3TijgSn3n5O8gRHpZCbFp4TUlzp6B5NeVwP8eBJPOhdFIBvAwAAzzll3M/I+4DfIO
lHXy9/d2CiME+Af4Bfn5Etxl4chlME17i4+sY1LpBBBGEjMZYnmNau1kuVwveSEMUdNO3kGygXtc
ZOHwZbBNMxUiYsCvvBf7y+8uJL7/nbKdXfwB1DIYo5kKIVFw0E/ifzFG3H8Go4//F8aWG8iTziVS
Zw2NBFetMAoFgIsVVB0cAyO+BhAFNqP+6IT+vYgNoH1uaFFplChqQWkoGlHUslhDLyezBWgfHSI7
OHD2cL8yQCRofUiqcEd1LwT4y2kg8lJcPGmDRcOIy4B00ua/m6A/wJ0/IOtDCAx0cgcXpyxiGQZP
+3wQhWti8kasdiFRSBjxzdUIDOrP5a7lMu3jTPAO9CAs8h3o7xq2LOSgfW6IlB78lmmTSzb/r5k2
Dr4cVdI+NUTOXABQdSgkYvHUELDw+d8tAxDUMH8PswFgWU4CQIPQASboIBrBiOcTweQcXAd/iimX
pTMkEoNeBms0QycAoB070T6S9N+dfqIWUAK0jyRRUA4LAi/xHcMUlMMCODC8+a9dw7LqdwDtE0zk
ZJ4SaKEW5pXWEZXlcYbHLiM+oX3cibgWiIUxSgEESTwdBAeWXwAh3iPnHBzkTQiAufj5yLl5BhBA
VCH4L+NcJO3DUZSDkaStQuQ/twqXobOQkBBYCMiN6wJfQR4BBCeQyz0EbzkEHEDIwdFy7n5+7t4E
2RBPN09ZNxcXWU/fPaD9ebo7EdPn5fBPu5pMifwW9gNBp4vC/2X38X8vAO1QC4daEIBSCQazXRgO
TasS/AcBgjwI7sFOAa6eTr4LYoT4BXi7EgVAyu0K9pZDAnK+gU6yQX7+soEElwBCkCwYe7sHgDGt
n6+3py9BlngCdxmC0AzMKDNBiRlRcDC8AC9Zdsz4vxPkL6fPKIIQt9dwmMUIBoXBgHHd/78EWUbU
RzzFiyHuy4N+GQX6YRQCBGoaW+VUT+/SPtr2z6oehdhfqnpUj24AtE+2UXaskHAkjHhPBqVuiwTD
ISxA9YQDgjo52o4FnHkcGDBgsaAwIFYCyIWSDQKHB4X8Pw7saZ+Eo1RuAZAVDKgIJOiFkSB6gIYG
TjL1IzPUKoAA7dNwlOIVJYQCMHBQ3zhyCEV9B5RaWQ6gfRwOiQKnFY7+Vb4lR7l/q19R270Cfj8Q
94co7PcTbH+Iwmgflfrv9oapFpVoH5Wi7LSRDob/2mmjfjL8X4xlaZ+rokQUlIMDlFsaSA6N+m4+
1XyT9skqAAEGfXAUGeZQxPujSKWKBZj77+7sWHYmRPsY1iJrCwUB5C/WFgoC/8cBKe1DW/8dWlNd
V7TPbJGJkbF6sfxAG6upng8DaJ/ZIle8ycknhRgp+aTu9KgmQ78f2foDYvx+yOoPiEH7PM9/hxjU
dsIA2ud5SMQo945R9EL93jHax70A2gd6yJEHuUa3eLiBao2O9gksAL0c8wLz0oXzsBRbRiNg6D9G
a7RPRQH/OB8EnfHfH0/whxlf1qGe/2zGUdTvp6KNjEgEDANQ8mGEMAIDkI71LOTDywhbiHGsDzgg
zJewnBvwMLRLHBiaJY7fZljdKZBAvLmVeMdogCchgCQasYVBTssXzIQ9fd3BBb4wwCIrxD7A79SW
mgzlSjlNTzc3QgDB14UQaEfMaeT8ibfiehPcgkjfAjzdPYKIZiAX6O/kQnD4baP215BwMCgk0heW
s7axFZZFEW/vFfYN9vYGtQjQ+A0BTgvuHz9icaC7pPyMBE0EoP4zCvozEgVDgyZE7oCGdECBAQIe
jF/RaEofDKQPgrjVgyamPOQuWEgXAI+AIcAQmNwBJ2xHug34z3ziIT8T66kYAIUAQ1WKluDEA43U
xwAAyO8LtX4MCFe/VI2AdFrY+kGBcdCvTkhIJ4CITEgsYlFiAFQt6VZmKtygob//U/XgQoP0gONh
SCQRbil9sJA+GCSoGAwWi1icH9A+lnYCJwcMJADsL+XhIX2gE42AQzuBeRIAJjuYRZbAIB7SiViB
wIPBy6+REJBOC2U/9KL+wKgG0oNY4wJzEcQvWlAlI/BgUAAGNPBfI0E1jSDWdsAw8LeRoMomWygK
TBwpnaDahsw7+M2OfO/6nyceTPMgHTB4DJh0IXBgukBZt/A/9ILMLJitQ3qByw6GQCAxv9hGIv7Q
C4wkQQAl7khQeiGhvcgTh8YurlMwrYX0gi5FMMW0I9+4TwWWMNAO5GF+mxQwl4P2IuajeAQS/0sJ
OGgvAEwVMKAN4BfnBUlUO+kZAlSgEA7tgMbCQZYQmF/yowBoL/IagGMWiaEQ0F5IotNEgDnMIoyg
iBonPc7gTyz98oOQw5iURxb8cpzWRoa/Hg2JRygrk5/OpagS6k+8Dz5I2Jng7umrJP6p5pa4sKer
krgV2ghu5K9B8PDUDQ8gmIUbm7uEe7ngXcVVlMGrnEDKBNlQJ39Zt4VnqwUKEwJdlEQ0TA21RYgd
QuVDffx9QDaEQ328fQPlQ5XEFy6RB78Tm+XEhRe6BHkpiVsbbRcmJh5enkHCCBgeBsgCSBlhtwAn
H0KIX4CXMBhEiINDBri6yZtqapMHBP9TEv+9oopcyFgAPB4vB0eAACIL9pANDPMNcgqV9Q0UFSdf
52m9eJlvIGyBp4Vymae1HACDy1EIgXGQS4CnP7HgKkz838nZLzhISRyOBFxRWGc3WQwBRZAFAAJB
Fg7+ycJRbkg0CIauaDc0hZL/bxz+gxQxqwLjL5CWIvhVfnuAn2uwCyFAWWe7obCOh19gEIm0MB7M
3RTl/tGFYeEKA0IYqBjXQGUJSdLviw0MinJLuP/35AFn68/ygFZA1p0i2EfeCIx63MI0nYIIysTq
oywAlwUw5nC8PBwjj0BIwxHycLii3JKeDAuXahBr4YTlXPpbz98u9QswB+1I2SPIxxvhHyi8B7RL
osAgc6B5Bzlhf7uW3PX/Ul9O/kZGtDXm40NcB8R+8pp+LsE+BN8gPc1lUpH79zh1dVlk0z84wJv0
NAwXOYI3gchRIMgqAPLp6iLv5hfg4wQOTjxQ4+lC2o4A7Q+cePDHIM8gb4LyAk9q3kGkL96eRBLy
3k6+7kriobKuBDenYO8gceU/HnVByIIxckDYgiiycEBYVnibv79fQFCwr2dgkKeLsNbir8IgI8K6
5ubbhcH8IJA0h96e5MlcIC73iyHwmwtpxkk8mRF2U5hbWED/uHjhR7nfLwG/u/5mHv/BEP+47A92
JkdGNOLXRbxUZhD+l/7+vYF+OQnQ4yiJhxBdAAHyRvtfPogCVxJ/QjQwrVtYgKAOiMtXQlOeuNQB
OJj/4OGYhVUuDoeLg91AePhLD/JKlqC64ME+asFBHmAX8BsFJYnfQb+4C8xZiV/NiWYi8a9apOSi
bw4NILgxwMF4A2CAL/4Rbz0BQyA3YVIbmMcSyzYLv/iS25BoYt3un21g9k3cEPtnGwqOW9qP2Ixe
2gYgiYWlJePhkEv7IcGYfykNJICBjAdei13KMxiHEHcel7QBxIP6S9qQxFrzkjZiCWVpG3EXaWkb
cc8Y0oaHtKEQkDZQB9ilOoAj0MQq1pLxcFDdgyQgcuDgSMh84BZKtEvaEJD5BXBIDEQHOBQWQheH
xkHmDYfBQ3nB4iG6x+HhEF7wUNsA8AuHCZa0IZAQ/hYS4aVtxAcxLW1Do6FtGAyEPzwWC23D4aA8
4/FL20BEgC/VKQKOAKBtSIhsCDgKYvdg7gmxSQScWN5f2ga1PwQcB5k3BByPW6orBADHQ9sQ8KXz
iwDBDtqGQiydcwSAhuABqAEkRFcA8cFTS9twUNnASYLIASofurawELrgOoLMJRyFwEDoIqC4hkAA
kLWFAFNUiBygSULb0HDotRgA2oYFoNcSdxaXtuEhuIZAQjEWgQSgc4lEQMYDQFiD6AqFgNg4HI2D
Q2kg0FAaSMjaQoDQDu2HwUBsHInFQuYcSTy7srQNj4fYHwqAYBjYhoPgGhrAQewAjUMspQHHIqC8
oP6wflFIyLUIFAqCTQgUGoJNCBQGDbEDFBYDbcNBsAlsg+IpGgWxNVAOPMTX4v6w3lB4iG8ETRdq
42gAei0aiYDMBxoNh8iLxuAgc75QZV3aBl3T4JKBri0MEkoDg4JD7A+DhtoLhnjf+NI2PHS9YeFY
CM9YBBQPsAgMxA+iMVAfD4YlkHmDoyGxBTgedP1iUVAsxqKhdo/FQvEFi4P4cwQODr0WXAoQ/eFQ
UDvFYSDxGgKHg+IBDg/RCwJ0+5Dx8AAkjgAjJKgfBP05hGc8NEZC/MGfg214iN8HbQ0SW8AxAGSO
QGCD6AWPhdoBHveHfnj8Ut0j4Qt3nSxpQ0DWPhKOgsRDSDgagjlIOLFgurQNC8EcsA0aw2EQkGtB
eaH2jMRAYhXQ9cChvOABCC8AHLK2wCgCuZQGEkCgIDoAEJC4GMCgoLEtGLJCYjMUHAOlC8UNJICC
xDRIAA2J78E2iD8C8w/o/IKm+9u1QQFOnt6EAAbiY2XNPMMJxIRLWM7Uzy9ImLytpOfr5idMejSs
nJ6msJ0iHoFSU8fANdTRaA2QYbiGGgKnhYVramiDqZKmupry33s4MCy8RcIpIGghzQM5ggMMYmJa
27QZVvz9j5RxBjp5+gY5+boGEGRDffz9F+5XgiNg/q5uyxjir39E/WBQKOIngEXDf/8k2iDoNOEr
ADCugmOwoOfBrCDOOxy+Qhj+bxD/218wUXX/H3VvHg/l9/6PV/YtWsgeITtzzz62oqhsZcmubGPf
971kJ0sKiUhEKUr2rRJZQqJkTUJpsSQtouV7j5mhV5rJp9f79Xs8fv1juufMuc51nXOe13Ku+1x8
fOuwjj5+zlak2/3p+/+f/hM6tFdFEpCC0ws1TyZcpP/pGJ8QqF860PxT7ZIyXEFC9FJBQn87hsYY
BcmqCrhG7Do7FFdNHxVbwAWh+9YC0WIHELPAlxeye1pjXlQqx/qfvuNt5YYOnOlI79J/Z7JdbmHq
Wcl9TN0Bs0s821/pF2b0qT11TVFi95npkqB/ui7p9cnhrT70zSrH05m/0Zh86Jmt6fxmrFc/SBWR
+ZwK9cmaX4I+f7A7kvJH0h2mRxwSYhM9ws7TudXht98pPxafv2A1eKfzq0kNxOYi8nSJjP7Xj6Ox
YzTTjz9DppPn3txEmvQMqQ+L6p3Noqd1lfLcaX6rK0J/gVLqbXvQt26/j1Wtac8XmEZ2bWOYOJgv
e4A55Ecby7zi6E5AUGt04VHjXchHioR4SNgPprBvaFebA5AYZuaL657AVYPHvowxK84LwNxbWedL
ttDK7cot3XnlIP+es4zsEzxNXg88Hkaksc2mcelNqL/gZIvBVixmmAyhlDbF28RtFqIMecqnpNvQ
qNEAueFTb9OhyLb14pM4XeqiPuq5tLlrh+86jpi7IY5RaoUaelRWNnOXGqRwK7gX9sfsDTM0e/i0
8Lb4jvbIXo5m5u4W9ZR37z43v3277+K3dzEZH+BduXIqd9OH9DVgwKVM3/VF9BYoWhaRgQ+OV5hG
zRbMYsseJrZdK/R1On6ZBdNroJt27d1me/UWoz38yfKGASwRExMLCJPMrMrOItmKmizrQbsfBt3M
3X0pwRkXsyhP9bzsWPRA531vgKgglHPkTa6OmnH2u+ykULs8WsUqrej0any7n9Drl6Y7Ksan0uiP
dE3d3NxkxsQ3rWycktjKyXGNXTFQuP1cn6/mOexR41tuY5ZfVJOqv0tEoHdHZuV9GnHpvM5/IIHK
aeSgqfT+fbIGh+OQ8zxBF2zuzYYItMd7hxVu8PF+1fN836f0UzKJV4G3nGeVrBe9ywpPH9kVWMkh
ZS+BecA6XDYTKiic5/K8TlckKbIt9l6AWO3BbteT9Yz7T+aaKRce2nMPeUdVkn+brbBFP+dw6uSc
YN8tlTJJ241CRZe2doltTf7oqr+9YBenGGfFrnPcQShluRz2xcTtRrm9TXAXzYNdOuyGY5L6RSN5
rpeMzhvZ9OQHxeQ375C7SxcBr0lX2ecb5UEbNAcLGxz3TvzepHrK+Lp1y8O6ywMx73pGecUM08sU
dsuw0hdXjdcVvhR+9V2jFboQlj2u3ZZ0Ol0CVUfrXYlgN3s0h91779SAmoPSxfLzPOliAlQHBmUy
eU7IaNSz+h3bnnt30E3jgPFYgbrBt9mCZ5yXDB7d3Oa9e8+xBnm9PvnSRYvrXUHN22coF/grNLZb
1fV+nLLykkqP23y1jH82lr84v425P4dH6XgMZYD51bjwU6qFz1VPh1hsK4wTobwb0c9bOph9vvjJ
tUsXC9ANQ5O8YbEv6Sd2fJZt5tTzifgRbhPxTkZPLUPzKW1zGd+9mdEfDWV7mOM6YvfJMooorF/U
bmA9WnwT1gApdVChyOI5G9Hk1aDGbfjwGAsD14uneldpSn+4CpZaP4rP4lPhYs6vybN4xZKxi0M1
OqYAkUU72bKvAXohewf7lEuk1JGtuQz9cUd1n76i4TmDTniUFCSS7h3NMXDF5axCufaekCOpGeY8
4t813snSx/wY37UbvSf9Ip2VR3dqPbVrbfsNS9e+Fj2nHs3GnNHiZKund+zyt9Z2vzPXVVb5/AiT
imlOLThVViYQ7GJjLFGt1GofKKvbsne76mPD/tHuqsvnbl7trpjzce1xo6AeO3RrUHeKz0uwcK+C
gp6vDpyFe9E65AV9PpbB17P0U9JeA90xjaGQxRaGqYrFodMqMqgSoQpjvUZmr4zv6/krvrawTZ0R
DWS7o5jFc/EYJV/4Lka0n8lkldbWe94vHgh8mMfkHzMY9JiySdjzw6SElebHM+H7evML211Pa0St
CoMTE6RAwwjzu6ukCdgOXVO12Y5zg86DKiwRM1+2BqRS2pYPbUmt1T1dynSuOr6QkirmyMPHqtbi
vDcFT89PyaoNPKa9FZ3Br/sIwqT6dSLrW2X++l3FZxnYIse+m+h2JeinTFXvv+E6b2o1euaqBPa+
us15u3tCJQfYNIeVB0WGRPt6pD//uKORtQO4f3NRR6s46wnf+Xoq51H14o/Ic0r01s97VYu6TxZe
fYUJKP4u7F8SP7zvUd3n6tnTnhpNhRr7nlZ4zQROLaReD7o11Z+TtevY7Vqrtz69CbvMQeXm4pxh
A2UT69NJyVc9MO//IfD8s0keh/LJwxSb3twKmJVIilAT7ZnHDG3Ufxl2Kye7+6TNjgOGSUJD1F4t
qofK2GzjU4rRNoxGHaj07FdtedZfx8fYX/qMO++9f7qdu18n7KBqkr1UWEbmbplBGFRQuvUUv5vt
+7K5w4aoRWuf5u/bWhLlta307mCL2aGCB60DVCIas1uPppoCnqavLLebyleWCBjv+HycceepSPPg
9RY0XhobJy8wTQW9iMkrMKlrbajsOz/Q8cqPZ+jUaHdi3Xm/ri9sxeMqefvWmyVeuCmVO2KULuBn
+/FtthPXsxKnsfzo7xmNiQhtK9VZwQPb9kZssNVEpna0JMrBFy+5LOTZfoJILEyXFqkkMNpoRjNq
J8SZsnDQX8D0P0IK7Hn/cPL6/U9sZkzYmeqShFi0h6rVDdFuGcOlFmkfOTiSmOscK/tTqRY7nhb7
FA1/rJiYxLYYKUW1W1F/crTGWKGPv4zg5Ehhrmv/cmsoRXlY9hPwLPWR6rhcyw1wRFdO3Es9stJX
pPWPQxN7jr19E5xbTvfxxADrs9Ljufsirp3aUQIcDDPCNawS2hcx3hDT9aXzQUlsrfukUx3dyIPe
tkTEzVoKaJ9sY7EJrpWfajxja0JLXtCH5LcRBfJXHJUTGA0FlPOY9NMMlr5XAb+PrLp2xehYwtSQ
uIpj3Na0pCGpSsk9CzdOxb+OMnRm0puY7M2+7/DJ48iHuF3FHxQT3pqdPJNysuqsj9VjL7FczXL1
wMs6/FOH6q4P1F01awU6jLd12AVA/U1ofKzmdt9hNXZut/BSljhYbnAuhH92t6NXMb14Q9EQ+pi/
16lM9pv7otVtINdfeYpaGWQ6mvnujrjXzLoPmL95O2AH0t2qj1f0pq77JTYu1mK5tCkOjs3b3342
njA1zTDJNqLv31xFY3WgqdDkhmY4Re4HqkAJ5o7grnl6mV4bH5nd/la4SWpy52e7pvN8nWjQ+u1t
CTPMjln0cbwcN1XK8+laSiPa/ItDNrVeH3jSk/5e3PiUGyzJRo9XOaT8KOuPJx2pdYOTTR/HUA+s
PRvzPofcEK3W0NidR3mwpEqzjHNhsGnX2z77EjrZLuF2uvErApG5Vwa3eqtbcFYWzd2cPlpkv39h
PjwfdXRwM+eJQqOj02lndoXpZ33I+Xzxe3W7T3zr7VN1PF+/Mft9zx5bfWC3XEsU9B2XL3CCrIIq
fHmpP0FVnYGTyyCS5fv0UbeWVOfd11491X7Iuj/92tsRuN2kNxf9sQtCAy/FQEN04oXl+zafffej
z1vx3LgSG7r/VIvAl6GnHp1fxOePrFMIqnbQYt4opXLjcei6VzkpoY2dtSKdfKpDiAdjLQzmZ156
agXeYH/Yvk5q2BuFfv2W74Z1ds1WRG3mxdfc232js/ZBTBmHktaffOez1V8rpaGU9+u6XZo/uDPU
abZTOzvb9P7Q9z49xBUHdfhsallpX8nBK14OeTc+8fnRnMfZeOGDz9ZlsKo8qDrxkPni+alvzZaR
IanN0U+PPBws3ndkXLg13o15XcJ1qyqpk4lMkgh1OwO5E+Znfc3ZL8Ztrqc5W4TOMOEatgWuozNA
S1AbrmamQTcR4zC8ldsl91T4tZEU15rQzqD6zfuuoOj37PeoVvFe3Lbr9oHQhzMM2ei5Ogkm75Sz
huoWuypcIhRfXQrJcoFUYZP3UhaFGYZAOI3uxZZ1a0+FKlaWcrNdK/ClC7h9E0OlOlhf4kMjnmde
6HeAYSidR/Yyq4OneHIIUFNvuOWmWDvTkAX35jxp/xB4O4V0x5b9+9bfYkAm7jTP+ERlt1XoCNs9
WbX2W+vTlWXVLWVfAwNs1Bu3GAY+R7eZC2zKbJ3fWHrhHcN7ueYLwZJd7i7Z215kp1r50uZWx59c
iK9tUR56Qg9L14+KDxdU3SI7AghGmbQyqCuHZVfMUb+6xlhxqunKtvhp5pOQD94jkP3yu9pB9rS8
TWI2P6IaU3yCcFFVKc2d/SGkI3SK6RKrNVNL+D2hqC0OE4BUY+/F4qG45+/0TN43ab5IvVnt6b3V
htre8D19bkDVFUozq1bnzNY2444vChIsDsEdb8rvHvNvu8fE1/IgGOqebOc7yXGPJaqAs9ykTP2t
+eDN4STYvaTdgRVlLyedt4duDItoamLVQdFGqqnl3nvFsXmylpqT4UBJ45nASfkTTAaXsAmiVf0y
BYlozZnn3eK3DFwR8GTeB7Hlt+9D3p/wLC0ZmnzgUbZeft9MZtgIvaIEtlhFkPGa8d7Qt99ZaHP6
UmYFhSM0btGIm1v4K7wf/rQZdn3f+dN8T78E2zJFBr3NcBprWa9TZN/VoirlckvUQwEQGjcKnbaf
PjRLL6+/wX1PYYj5eujmly1KGq3JSO2URnj5UA5ytPOhSuu2i8+9DY56bjKT33+TNolFyN//YJfI
3bnh2oRzkZS9nzY/WGzguz95dUJwdFswhb52MucnzV2aeQGL0/QznZPf7rVGJsxIaca/Dn7f1uUb
eGxMRY5i+y2FRfS09cOnoYUom/x84ZmE85hA+gTe87zfQrZJ5NLWILy8FYJ8Pn23rZ0ILD+fzZzJ
qktz42ZSr1Zussk21fZCClnZoKpNHD2j24RbpBVr3SzZKeuqgKigtjODah/ONbolBmQ7XLp4y8O3
DZn3rvjhPSOHa6LvolEO3xOmVL9Anift7Ouue+tVm/+4MO3yfjZdJa7HbB8m0/aXFo64aAdlZ7sk
m1RoMpkU7i2+u05MTwReyursL59/2e7KBouhkcsDeg1Sx+mfHMqVFLxJe2GjX/826fFxbEGCiKCA
/mW9ptKFdyMjb97c3zIkIXclhcZz5ByCxtNsYLje6+knfSmdXgvnmdHDWcA25csGgb3Z94Jonpa7
nayONUU8mhAN3PoxzSHG4nqFyq62Orn9JTxzvvGt1WWSQlQS9y33jadxLaD9eOOUqXrfK0lQepWg
iirKqo53u/CLaY9B0nhN1Z0CxD7AroQWR6xT1T1t9UiTLfeCKB3PjQ+mjRev5rzZjBVMcks10Gxx
0c7ffKbS9tILdAGXSQs11dXs9iZGR0EsQK9oJqiGuWoe4p5Vvc+RO+N86gAEe0jkrpcpYiF/m0MP
t3YwdzmjcoVCY3Mkk+lAyofx2FD9HzoIWoFrlfU+pzzT7W/UNbZjdOF3aT2ptLlG1Z4hHd8gq6pG
fC0GbxgzG6rz/Hhp9c7OZuDdpdJPiT+iWAqBLtsGDuhwxsVYCa/gkpyTz70cIBvjxUqS3r54MyPS
98VkjzDNjbnrT/qOJ9alxhwzZZiM6TLe33yYboiKI/y0rSqjeYPs7TRW6MwnBeCk09jl7Xe9bsei
mt8Yb8qfipZRo9RuNRakeyNU/OP5qPujQucZW63iS5EeG55V8CB57O8ecmFMOLc51GNiYrz6nh1n
vJGQGG1D0MI5IPg9z/iER/k4SwfvCdfoYz826DLsX515snxFJICEw5fT+6GrFBm+/t4fi8Hqa3iA
iqxuTn+ysPXkSZaRyJahIUEn+ZzGIiHhKavA4/v3K6ltoqdV/Vj8/YXp8dxrzNUdlblyeU3rhqU+
1wWZHKPIOvRuKr/OxmGmY4o9JXlfffCH7tivYZR2GxQfDzXAGWlD3TIG0tmG75YIiw59Hwqu3/NM
7o1Zdh3WYd4t4qHo95C9wZx3HJ8j+EVPztq070/MhRgHXB/5OMk809C+2OPwoLzye6xrzpmTzdEN
dWJxDy9Bts0gjrKja4IXfT0oSlo/BFKNyMDspeCQLOp9r791NlufyTUf72ag43pTf/pMLlwzfoTu
TpyeCrbgeKcSiBPJcT6Kp63nqGJpLRlD3MfXjdw/fm13EUqV6wjnWfGSDTkXoPYUXkJtQpd3bA+R
ED/VY3SnXJmq7Phrz/fUanYUh1Qs3giUbaFpa6tVfD5QCnFIFgAEagXu07HnyRvTSbJVfvr0kXlY
oZVao6zU/Fy4QWy365j2vC/qfH3+W44zFldOjqv0nZHRNaPMPoJ4PFwtUMviMpUiGcp6HcIgedgU
0b9/bt1gtUj4Sw/D/QLKVEc3mdFuCtPaO8oXjqbdz53Ac7hiV13sazSvKpP5wIc75lEBo5XMhqMp
mlXHzA0pIv2VuvyiQ+sLIt32s4SxCL1SRlrpy2dtPCzP1izITbOPf9o8kvP5pcIEPWN9/js1zlvh
J/yc+FL9Hh21G18n9Sku0cdLNDmkYLhvY0PEQ/oA/tNcZwIOqwkU3LJXaG7/kPq2pnVxi/O1NK+h
Q6OWXQfPbbqeffkCfMfWcG4qRqFkb10I28adVjHWDw4VRvIb8QtHm2bbKCmwZRXSPFn/ffjxnJKe
+KmcgPUajz5sum2lfN7SxkPwc72RbpH3C+05kw+V7Eeshfh0sKLQWBdm+EA5dao4pYxVr6HxhAdT
z8GNnu1fPgcMvZjpdNeIhF3m22nZ9PByU5j2k1lO6oZZzp0KByz8t16EiezyUnvWIC7/PPlL8Fda
Lslyg5I30ZojTe8mO99wGPEkODFkdZ+lC9y2w7OB79Oi2pUShYET8RkWkA6qUfMP8pcEFk3q5Bcb
YVxFx3QE6xP49ovQNVSOYThvHDNkqXYbh+xtg8VRVHyYkTt4SrUj9vt7ima2MWMpBgVpyss3fY+f
h18NPsfVesOjVTBBXu5IdXaTd6BzQEdQ83PbyJz1GyECFdojqthPQyO8XBQ+5uzummOpySI1PB+b
7lZXRQn8kA28yWb9mPL+Yb2a1HZNNqp2ZZ+LH1nk8pXznlQKPXNgFc7LrHXNrDbKOK4q/J7tahvV
1fr6lrI70CLMQEaTFrPsumf+7Fn6rJn3TuoPZag4hmQWNiscPnU6pDE2B84we+nOXe8zGyN4LzE/
L46Y2RiGmtwaJGGHkvgsMn+7aULgKKdjWLn7gicqLaP/SILQZyflTQanxVmjoI+YuT6PDmWHiWFl
a3rfmtDpeT0aFuFW7zbQ8KYqed4l91UkZuiK6EJJVaWEx1CwZ9C8gwDipWtV1807rW5WP9IYOr8/
WvRvSN1wd1EYKzX7eReX8Hv4KjxbvqYQAGCYldvsVgeICYU2/4hoes880tEswRPX+56/KIJFwMy4
XhlLfRJCPYJX9Z2vStPcbsWiEpd4WXB0AfjS5kIFj+fx1xgYUb9hfix4caro1p0+ZjPHXd/kr2bs
KrLssxVet6jFZSOj+VVEg++c9+cDMtFfWUYN7V1iZMItERSVCm9vX+jeJmzboXSsTWzeIzxPJ3Dk
YLMd5dW7r02oWcaOci9oJd0tcA+ORF3tfGDx4uuYZ3Xd09mD/efzgrmFC5/eDs9WPTTWwSrKKFf1
va6y+kRPzYtHqHWpaaccCvi4aU4xScd8E4xR2trsu97qekfBuUcx9HsYTys13It8QT98tGj3wzj4
SXb63vwtLQam2pe4rC8Hz6Vv0fwGYcxxaXpX7fyRLt/F/LC3zICIasERVtWLIXcktU6e42nZAC27
Gjckop0qsSdd8VXnCbeFlpcpSVyKZXn+lFXtnFw7O0Lo5qPeM/v+UOJpQH9sbqW0bm1kPnGD4mn6
Ytm1F4U2lZ/shdTKrSOi4/Jvtjqw+kMZvnpC5V2/tlY8qRPhqbheS5M4l6o36VZ250zj7hxR29eG
NAfdHtBORF1Vu/1EmyPhkfF90wsXC1kWjsvuhA6PR61nuXUqJu1m9417XOpNBjHDG+/mKoqdfbBw
ncr2HELkVs3nrHrOoK0Yra3u9zm62UtGZV3n8owsc6uG6LdFtdDYWfY4XxlYL+RPo3KX088XxnLn
+g6ZySDmQ+LCsRv6O081fao4zqeeeYHCh7Zqnd4F2qdT64UwL83ZR7UPqN8viNuNMqRrNMphad/M
nKUEPyrBbPEVGBYeOnOz/8yTByzvlDj50swr2HyfXtv1qJ3vbCimYt1pJh5DS3VDx5gIChsqqjzF
1P3i4zozGxXru/juRRQEFVCE96qfQuRLiwy9//q+oQbzOMao/ViBteQVrTMCfoxhFLrBG08zs9yo
LremmeWTQBs9OTuy8SmTSk84i59On9bFD2p019IHyudaPrVugvZtYX7My7QQHGPabNltFh5ubvj2
deLJ6VaL1+fPH6lcLGDLtfjaHHV+stDCx0abVtA4PRp79xynZWjTNMfJsk3jNQs+uflfWlSiKeK3
7DyUt+mL5ae6bhm6dyMhamwX7/DKnfAukK45ZDbaecTBj9JtlOb1hzsdr46Zo090IX2iH329NYiu
RztP1dmOyaUfaRCfkP0qljuwOXnQWgc+KL/zbKNo+NXtOkO9HabtnU83Vc7NhQ8qj0ppTiXE+53c
6NXB//m7zAdaHyO9xzfoxxbKtzkU0Mt+WxihPtB3teYzGyX3y7y3dIE7B03D9hyngx8qy6w5U5GS
9DTl0heFK96UB+Ipw7mqH3lfRnLuO9CTqWRUkpsUd+NsSNxWd271eetYmivvuz5BIqxQZ8PvDBjz
wUyU0MnUfBhL7x8Gbew7Uh4Y7flumzLY4xCrIGOh+LYmecLEWeu7qFjz3LS/m7+fW7HvrqPtzy56
Js2bczcXfthc0+0rvGNfJq9J7HWEzuVgbfEmfsZ9n+RkQ8bejrE6bz8bPPB5lvrHD5qXTX4mq0Bs
5f5EAIAiV66dgq1GMXy53z8HGJZioUG9+ozvk6gTDdz9NvUoYFKMuKK39GoPrgsxu3Y5ufHcKHS8
u5z3tPRMv5CQTip6d8NjqIROxvnz8jYv2w9ltZRz3/x4NTjhyfksl4VSCZmNr/VvTc5721aFJprc
9v9MnekAvKGh+JYS++Bijr6M51zAN2a2oDfoJskel65zRw6O+B9nlnjGWwk39CyQ5HkzVtEpgeJ+
aPX0S/QRje+vT+48v0umZ2Dg+resrwsUV58xxz1r042WYy1AtX9R6urqjLz61uFcLc/2Z/z+20Ux
WzDAoJuXr/MzetPUeu7ZzQe6GVwit+UMps/2Tz1LPR07WNI1/8T8+dTMhH7FWCzsJc31I97c1lTx
8mgDlMyPT/cnykPuPeljqgsa23IroT3NBWgactI9lseQdhX6QlUwXepKsgSlslv5Zj+tJtWtjR6K
ymlYyBaPJLub2WhEH4atJOpBfEK1yOHow5/fbWo7M74heOzES6hY747DpfGp4uGeMeOcvXPfvrEc
DBKrnxOk3lSWpSR79xab84z2y0VtYPetgCNm2k0lteVJALcBhTDt5yGKK2/dUxo31W3i8hfvvmT0
+pu/pgHHZ+/29o7XR2OjUvks2aXZil+ZRgkazp2Zbmxa97yvPcfwmtiJvdmjiF5K0QMwxSqJ1KtW
OSj0iEqg2FhApi2nGeeA/PwFC4oduvEjpYtSzwXeIbbQH87t8OSOVk+t7KZG7DKjb6T3B2p9FRlu
xZ/ijLrWmud1xjzcRGComX19ftuAFv+2N4rbBUbtxFgLfWUOUgZF/FjYUs8wVVc9q0yjGB1y4wJW
asQ/HUa/82Cf2SLdBpM2pVOaSMGx0PYZ9IjiQM/smOO9vEMWpq/2iBsG3HcvZvm4XsM8aOqkCM21
l3NinZ9HXk1f3PyaPypqSmOM3aCdtQithC3fNl1ZaDp08sGzo6Zxw0z79hxnzz/18Aiqs/h2p9dU
s1sf3X26O0+wmEcv4s/EWtRpWpbGqmVJsSbYv72fx2RfeiMe++K87ui2UHnuqEuUvQc/Pki+Ys2D
2a056pXxPtBSyTfqdFjS/MYr7hLiURJJmKFXp+0dTp2Yot3GIvhdssdOCykne+NEcCFn8GBB17t4
bsy2qph66leXbvtu1n8lf51bu5BRf7eabmFRy15dv66HgUMMX2RvuDp1ujtlDT0MeXgYePbVmxfd
7szA2vuIs/r2vcc3XOw1GjwwgebvzL7dAqam3ufdHaPhGaZTVKhSjJrls+WuKwszkyjd4HOj4t5W
IYGZsSq0lPDupLcxneGanwtOnYPPLjZ18EtoCZRcTI6aPpSrAkkv9JfidzUKATZcuNFoogu7G/3g
Jo1Hl0VVVXymiqGpi+LgxyeeLgus0mVHxEPbMx5gzym5f0jLLKxu/aHlylhSkunGQe0+0fw4fctI
4LeXG3XEtqJyzJ5uDZ9WGJw+qtf60DLThY03zxBRyuFxrQ2Vphj2VpO2KlI7rrPJxfiMYO++Yt9G
paE5GuMouYTiJ3xvBDwWpofZHhXoKGA3brTjMDFhDBlYYEltO5OygxVzsHxOj0oqS4i1kvt1qUZd
dfEM1vrzXiYLqf33q6bLE+m2SiiKml1H1tALx79hi0Ur23ciF3csvM81KddpTjaCMn9pC75shKw4
ezFTejz0jvrDS9jABFH17ex3hiwvNF4SaR9PnlU6qiCeeuJZrMVGXdiFPqHs8+ZPJJjHL9b3O2cW
UL/e4plm14O+omb5rN4Gdmek4s7JM66wGK675acxKb25ihf1zz1V2ovdeOsoS2fiBjmjNJPq2qa4
J5We/XfeG16e0BV/XCGGDEI5amQ8veVAdfbEOWP12wZ5jtD4JtbkdbnG+uyw8siTh8MoEoY8oaeE
3C3PGZWORmfWXM3XWOAMuUfXdPxr6PFe1fFT+2xjCp9Xa5jTbNhyYTbNBeq/R5zNvivAxMbQJfP9
E5ai8JtV/Y/3d0m5zFodbvEU3598nybT0CvKi4I5ptfQwjrRH6r45L3I5jT/PANN8283Ct56mXzh
aZJLm32l6ZCedEp9QM02kA3NIvqsBLLbXkThZFEA0qH4OnU8dlHRI/aKlFNp55sDHxTf1dCPhjhJ
MPMPH8Dc6Hs9d71nT7yf84B8fnRMiUpNcqwORXpIWb7V9Z1Fis3RipfdKqZhC/2PKwCPtxT1E2eb
r7w5f8lDXTFgV04zo6Wdoo0hr/D+uaLv7h2yCy+nxhBH6enzDl4DjfKjdf4e/qv12fL1mAASjl65
wGd1vJxQsP2PiRsrAfNXqc67219/wz7rFjTdIOHEFrA75K4Ie3R5z/5cVe0DdS6t0v0Hn57S5cZ4
o8wOn+fzFpybnh966sH8kUpuNNQmeOHzxbSv7ufvqmoEQna5I6LrTob5UZtPDufI0R9YZ5eUjmrd
2RZt+LrhowsueQM7alzy8DYrU21azmtu6cS+tj1npYUfXGIW/Z63nq6E+2XHuPC833c/d2TWV8DN
IaBm+MdNrglBDZjD5xMOOzGPHukcSOX8dGS71PUis++Ljj823llUiuXayf/u68OwbXmCDA3rbsfP
bth6wkPvlaorVUZhWNFlayHPglHxCybvNARkqPJ73A2LX2Ouvo1wv/BRtUX1OheV0vev/qM0grN1
X1svGxca1GUU2N/rOlKfW5RyOKSpZ9NDlZGg7F72VDH2/JubYy6cl/QG9aNgbNQMDVtNVK4lVqjt
wLRwf7zfBojl+42o9/FIRilfO2S0K2e+zi4P8TxF9RN8ux0uUb2qfOLQVfjEjM/sEP+nDU90kYfc
DpkO0ocx8N8dRF6n2NY0zVCZdf5uw+TTewI3rp9zw37/gd58WTEpUYSJL3rz5tyigevPMgWPJJ0M
d47q3fzsmVsxWomWhYchsWmD5FltXed1DNfMqHkZPFheer/2ZDgZaph2RkLW+e0guxZ1c/dxR+OX
1pabggvvOVzAinahoy7V6c3SG2crHC/vTuqifnIy5ezmApap8jxWH+/mu7Id0anKiZQKs6OPTwAe
QQsoPXj3tqYvXVZ3mGvvGYhGJW6v4xucVfU+eezo0Sa/k+NbPgalxT1N3TNXLp08FeKQV533rTOz
1mBAT+ebWJUplj5f5+wwjYreeIsVh+EjCOeQAM2AO/DC84KedZGelGi++BNI0bG9DqProKE7mkQn
/G49/RZZcvXKxEQOPzd1dr19c/PoLC19zCQ2Sj2UzTWU54ALBypL7bkMbOPk3boHW/sy1PRcorKl
bUXfm3b16PIaoiNH5i4lanQ6X3OHNbx4xcKaWdB1/GMxw0WRCDR8nQtGeuPFLnTnQYvNlunMphKu
uc5XWbSqsAOTdrlSjHVRYUduVohK8zipR2iVRw6ObmpNTy6Q3jJgzltV7n/BMzwpz7urTSm7lrKJ
ocouTqK+p9DKJ+8Up5aMormZUiN7nWXBmYtOHSN7rfMj34Taa2zSisZ+zreI2JuVyFvifkKi/ByL
lpBbZ46Avib7uKBKAW+1AXtetYKs3zE/v0/THya3Buyz49ap7LjFAauxvs5xTLf4i1+MUivqbvq4
1nuBGMmowM2NsryH4Gi/d+5Hk4Jeiwlee4DNrHZL9G+6o6YueLW4dDoxezeitOh5CkfP7LYS1gOR
n2c46sIv2p9K09V/vYd+6vm846dW5psHhV00FToeJISi/fZezOH0S8I4PbqqsLu8Jv9m4whDa0xH
VAE6Zkft19yYueL8mYdy5b3RtkZf2h89467Ri/q44HwPfZoWuePp00CVKkvO4bJrJ7jsrSF5W/I/
lOZx7WReZyoXEMTZa51ZK1N1q1IuoGfQP1AsUXWX35N0tipKeYGhacqxPuopBE+FXPhdZtgR9m+R
jCWsMRWsTxpGHNh3qH4cbv8SGBz+oNrCKWz0qlLUYMwV/bFNGlbVuyIgsBx7NfiBxMYchMH0acFn
XsV3vmbGBghaZPSirl3Iy3HcYVe4UL/d17uft7cSqm+mecrJ+DPj9Obq0wodMYhtIOw1CeSKfNg/
ns+yk0PsntWF5Ltdpdpn/ATVvvJsjxVgUB1/8emJ2qGCvMJCub3UIXlQ9ze3tN8GD0luYmeYZuHR
scrb8r2ORsUq4SGKWSuzr+Fz0wnxg9w8jFPp79+0e0RUlD5UKgj2r5Kefu39zX3S0MIrqof1YgGL
spt+MuP0axWOCOUD5plu7JXbEzuZj887NmRyvFjPVer47oytwfo9gZP9G7ZceVr/GLij/bisssLG
r8C557qvH9ftOcF1mm5xey1b9qNTFi7nG6mfdxGm7civL5ugQVV++7YPMu+fouFtxSS07XXO4KxT
X/vk45RUWUZDztIA+a26Lo1iUS4qKFev+sMOB3h4mHhps2ESbp5WyoMsH1wiMGfLjQumKxyU5Me/
xrVmlOZ/eHGE8t6596xvH9GLZ7wNZFFK2XQm/0q4d4RwkLz8S6E3Ued7+3vZysJPjOnpISjrT/mN
sk3Jxy/6hgsr7t/WGVd19/aPdbsh+8VXazHYSqwctqLFfr5Na/mWAMj/JVr+Vn9yvttaRYnuXQ1q
0G2LsGaBqr3wI/WN8KqLBjphjMfjg04e89t2QUKnfFTTWJv3FFsI1bvh6YYGhO/JUJtdgwG3eL/B
Y7MfC2z8lHNf65VQ+8Et7xqmeXNDOikbtexd6Pe1nZpqNf9kvbj7fNG+ofDwKcmjDa0nlPI/UDDU
PY685/6YqZU/77YBZNcB82Leb7TX2Y7FPWDLeaZi+szJZGbXPSYdtubo2IBhdl2mc60OyZJMcjUK
QWc1zd2AY9+pR3qHWtR0+eSmZzRmjkkZu6ZQZ6cfQffdtHwZYF65LWN9xnUUoqgYSLtiRbH9kqJT
ZMbecj+Whr1h6rSKxfQ71ptJ9dJequV/6Ihi6pO4dH+TvYS4qY85UrWooO2+rgaddfjxCq4rjC1C
tjlWOgObKs02fY4aYtiG0vfhElBLdtI7vJF67rCAg6HeZbsUeGFy3GHE1qLuQy21ZTmhjm3J6wWe
bz76bWT07CQ9Vwvc6p6G8qOLPqjkXD/+V8ij8poayHNaWSHo2MAsZa1U7a6HGR9DjR/E7+JtEO24
LXYIc+donmMxTdrdt2yITb37W9x7Bzdb2t0M6T8ezd3E6yYxVDuWrfiaRvjQy7MVBVCfH5zsd3O1
56MOar2u7eFEvHJqUeSftWCLKE73gqIF60YoWxlTL99orYnhtV2vqHRukubpBvbt9nQH7mtrig4z
z9AfLYxu4Qq8eZbuYPWng6Lf5BZf6LpmBq9Haxl2XeBsyIh7/kp+uF7/Cj2ToP5D+1ILpbiyw1Fz
eZfdk6Ioqh/XWOtizohJqUm9o3YIgkeECO7NzVC2o1VkeSg7/eSYuwwVL2P4DWltthgrlzCAMZkj
mI/986O6V2FSBlLUxopiBmfnD+q949cRfCunYamfvyULiR58c8g6Ua04DTi6Kc7H8mx/oy9kXQL9
+7wUI5sYzq8hqoPf1LnjjmrGhdw8fhrYZKW+QXqA7pZy14MAka3h+17ui6oDmlyHUgqRH7oH77Z8
a0TIUgq8Vnc0b7f/0jM6H+/61UNoEKi9lA8beF7M0XAmsyTvwjOz7LlkEwud5B/Hx7qUsHHe1s93
1Ag4lAm84PK7EbCgL6tkfXnwY5Nf3PXk7OwO78UZUw/dce2dHgOMZprfqWmuPRH0bHrMLLBBuG/W
KoRDYvBbolBu2DeA9s01O1GEpNaBfWeiNvRO82ntiIq63MtaIC4fQeURlgHEHpU6fF7ru7Tt2A/e
N9Kne7Sgh7tbTJ7UWDxXZ4z8EFo0P5QJ4/W6V+RoYEr3qemV/t7ubSkNu09vmjVR1o1L40aF35X6
kfDAmSlpe9W1TQqHpq0vlRWnhF1RcqooSeUfDlnsyNwzfWynTw51u2WWMTN2rn+Qgya2yPSB2SuV
DD/zUlRTqP2j+miXEvRHk6szx7kUaHqz5+PrjQ3P7G8NgjfENXgGnMnulbZU+2IkOVXuYnyaIliy
F353XPCRwZ1Za51dtSVKFgmbJ8I/xuiyduY22bP0Rz/VgzpJX0EZdLoNSxxWyc9EoiT725+VaRw/
yHZpwvyWxrOsY9WROrp56Rxph3zGFd/aMw1XCzw+bSEvGBjUwX3o48UoqmK+J/vd/Mtsv3BIGPvu
bZIa5hrbXU6Z7eCFNra46her59SRpbY16daVa9dFNPLqSq7sifGmSTvKfz5KRu7ok9ovX0e/d22D
uMxrhO8DkpW6Q1G8mm/K01WPnaR4p+AoekDJWzCep7bu/WDk+KT3Hm9VndbLBdT8TUjtdQevdz66
tnf/rQ8p2t2fn2l4qZ9fjcHL1wmCaIz87W1lRAwmXDn2R0/C1GMUuTVoQn+oP9Xb5ob9ge/tXHT9
yKeJ2maLZadp7tG6Wjpel3g1bfm+LQDLBXkuIFu4DQqECpm+zfDorBvd0hd2wmn4I8LIO5j9C0Ra
Zmu7cYdsEQ8LL/Wdp2/ehG0UZgyUhm8Tki2JTztg/sHy23rhoDcP3Q0vS3dtlhKu9Iw6ytK7EaNu
fV5MkGr7j0AVX5a7Vv1feIc1v0+bHJS57V1Q9bH60zGjXqboGZoX1agrKWLJA2/EgUeu7xYsIdx3
x70DfWlGUvfbMGuvLxF9FlD7o8pJ5cCryhdjVGFlZbN8gvwfT9S9oLujIdP2WPuVr6S5oI12Kzwp
nM6+68I5cyAV0uRaJrp5/bvZpjenDd6kffRLm3gCZ/1sLYdtzEF2exnH29c27dAs61HLV/U23787
V4edhb3xwI7D24Y/lAjFH5ctPvNQPEYiZtbvZqnv4tO25MwFnzqbO8X+/M8XSlLsNu0S3Ex9U6RR
TnPixcAeIYYSpq+JryXuJwkwcFhkPfNc71JWz5XDW2y4jnfnXsn+K1pnyiJPY+fKX40X7Qms4GDO
/N76OGe9sH4/N79IZo1QgsSI9eUyIVv/3YntZSbOpert1yQnKmQfzEl0PknRpGcQkBiNNBAYTYnJ
CNg7C/+2B1bIIH9Cl9lni7nnizuHM6Qhk76sDoa1r3k392zetdUj0/xBTbbahmkkrUyVaFte4akX
HqN+3498OO3plp4c2vmuxzPztCMrA6YhUKriE8uLCQynfmjNu3xzO8Ecx6ozr0vv79kduztur7jQ
8z38/OnJKVFXvFv0t8+UntVDCm9UHkELlFnqX6vrM0k3ORzdEzU/tUVNPMRVODpZLTl2w6WzsXOB
Gm84TCvhYRoPN0Zqd1jlmkcxsKNmNHq1WZWCqo7zqrOp0gft7+VLv587XuH5uGy/ntBExFhcANsN
1fxKKsYbbNavG7BN4mUpthMbTCuUP5lqbkg4MbYQpp2v+AO4IzHorEax8XNUAjeCwuXwIaErEykC
D1xvb2nrbTH7MB0DNNc0M8Zc8peohlyhf8EawvuktdS6X3A4gn2eiQ5ppWWROuxnJC05eNkygFLy
/sgJ5o0vWwfvZvb3nQeeMHaFZylXKwlRMDUk6nbQMd83p+mgU2BmTgs69tDb87m/vfuLnvLngbAS
qtv2/FIjYjqS9pljPrz3rkaGnw8wjurINCpBM1ON+QcA1XEXLWRZmyRK29yaId7zQPGRLY47YkV0
ovteHY4ubYFdeq4XeMqLI/pj6hzfruz2rITXGeVRpQ20L/hd4237AmNL+w0d9keerAwp2UYhm21y
L7q+/6rry76kdK19bt7sezJooAfGmgvixE4FHxyR9jRJe8DUPeablpMZIO45q9us9eJ53u4sl3YH
qL1zZlPdrFOsxqxKG+PBcM8JNms1J7WqTRueWiTfp66dsJp8f6dl3ueaabHBxcSZ8ubTWtySYefY
0oqH1a7MXrDVYNtRNg2t2905L2NbPJ/3jp9V1nq89Fp13t1hRgaOssiK0EhXD1rzIjX0s/XOyH4j
u70XeLJm7l2u5rcqq/XIExzGvtXgKA3VwT4skd/TWibiuYO3q3oRG+lxd5/91csaPOk9sSVerrIb
F9zZ8t36nwVT3MsJp37+QKc90yg1UKCpSMkiVPFoqvzFPZvGfFSb8l6j9pV8VhIasH2qe/8m92bf
LOXY92HOGbUy62ovLkj4n6nuW6AbaM2O9XhUWJrn55wqTPnmS+WgayTaaWb/CKV3fyTS8vG5Zut7
Q5icL8P2t8Q+xKdaxthkxjqa0F/a9hHzJb/VitYyznk9xamYqsZHZ5vEjqecabp3U6OTFkjgucAo
K1v+FtUOK5vg6GF27mDn6qS9L5sSKyHzUl+08XpXRZ36sFwTr5POLsPeC2/utPU2849SPQ8am52Y
/3F0d29X5WrAX74aEoBDEctPf67CRwR8/K2BfzS6dTU8BiAsdYv6k+NJ1va6xk1mE7qcSS9z1G1d
hdNax/kc19OXj7ecEPxxS9yVljLpQWlyCDa3Z7CixuXbOt7Z+pKDTo/ufnHviXB7MW+2Xd5bSXqH
Ircii5QTzJk6TKmG1TinCuY+qbG96FbvsXfdoWPSZtlIu/XPNofFu4WGHeHeDXVP4Q+yHcvXOMBy
L3HrA2H0/unzY41fXkvMPKkcPvo8ArCryKGaToObqDlzmnaoUJc/0bj+LHK82WyRcgSKsG9BHOpk
lqi7oHGR78Kr+ECUXv7jHRXBCpg+H9v9IpfqY59NdbjdDmHp4sn8cqY0UHo4xE3s/UlmxOk0hgnK
h0pZd47T2XHypNlN3x2+Y/uAHq2tfMXvMJ3QZxPKoFBPGHr9STpkHoP8p5PttfNB1rPbz5pCro2c
1U9JrWm9nMCV3miK1jISg1vRlAlI3gx83q98MN0y4Q5iQ+3OXsukOL/6S/0eTmKy743H2SydJ2Ct
u6RkLw03t37cm+nxTdPea4tmmnp+7IKH/IR/upb+jcCW7tdJs0l8Kip7j3AeqY1quWli9/WZtXAu
uq7wUpMsthW7M/PC3O2IFuZzjQwNcSKU2EzNS/7tfuWTB7ENCKMQL6bs4oJj5SIHoebuRiFaZju5
VcQ6e3ISLVn2e0nd5GgTH+r5pGs7JGnzkkU6epFe5suZbRJjRUzv8rxMkRMO0DcH90rdd++5qDa5
M0P8pOlhVQsKxn0/GAattm1GbL1WMNhr6W8EEZ0KYy/pDnH6wrrPUOhcgorJYGYhc7CN9U7VGYFW
iRJYpWStQrP+g+qU8o8+ggW69SNVSm4jBudbzzy+9lUk/vmCoWayWL0mJepsozr7RsnOq+erTR5I
9uaoHW/J4S38fIxJRvaV+pnxyHf9LpRHjj+7vOlhlLOHjNTZFubsaxJuO2/npQgcOGzOH8oe9C38
rZFF+h7Xr7r011ra2hKr9eY0fEucF9FPL1fV9Bqyj824tBok26/ePmiiZYSCLe+eX+8qP2Rug7v2
zsrOXMnFF3+/LAKDwF2Eakovre3iCe4jPgjYyh3r7MkHw78Gqo31cPFyt8R64K8sstTBehpLH9qr
wieti/X1BH+n7Ou5T2fpp/grVOmX7oTlw19viHv3E3/9rYfxUpkubfqlkljgH/xrpgCeDP50k36p
hBH4B4n/s3RXran0HrA/3BVbfAhil8Tk7F+v9PuPGVy6SpfIIBL9K4NQfI9QPC9Q/GiheF6g+J9C
8T+C4oUDw0sEHwqnh+ElAsP3AsP3AsP3AsP3AsP3AsP3AsP3gr+1kR6O7wWO7wWO7wWO7wWO7wWO
7wWO7wWO7wWO7wUfyaBH4HtB4HvB375Ij8D3gsD3gsD3gsD3gsD3gsD3gsT3gr+mlh5/LSM9Et8L
Et8LEt/L0iXJP08uFPhldlfdFfwfzy4a89PsYiC/zi4KzwwK3zEKzwwKzwz+Wl16FF4kKLxIUPj+
0Pie0Hj20Phe0Phe0Phe0Phe0Phe0Phe8FruJwGhIL8IaFUN2v96f0OgP29wCOxXEWHw7GDw7GDw
7GDw7GDwQsHf/EoPQAhgAAF+4RID/YXL1XU8/2s2CUBFYBMAfmUTXz5Sm1CtUZtQGvFnJvB5aP/g
YlV5vv+aC+jPYAVAV6EVQARbItoCBK4IME64oBYEasJUQYnATUBuAtwBBLwDCICHr2z1D2kAsF+l
sapm0X8tDQL0EaRBQMCfpQEj6iMCVwT8BQgADBAQGCBAMEDAYIAAwoS7c8G/BCkRcBiAExUcoT88
FP8sHdiv+3p1kYj/WjoETCZIBw/N/5AOQS0ABL1AuJaXHkAQ9TZBSgTdABCUA0DQDgBBPQAE/QAQ
FATh4l5cnJ3wF/6rdOCYX6Xz84X2/9+YNfCfpYNGrJIOAZkBFIErgqoACLoCICgLgKAtABTRviFI
iaAwAILGAAgqAyDoDICgNAC81vhZOitGyLId+Gvxgf9aOhjgZ+mswPeydAh6FcCr1J9Hj0b9MvqV
vDe+pcHzLY3eg09azc7Kg8+YnmBZEYwMfL8E+ng1oU0AWm0CxGgTNpM2YdloEwSkTW/KhytksKTH
fhbfP4UHtjH3NHd0sSEOhCAfXAEIDz6CuUu8RxpkHv4LP7+u1GWx0UsfPKTBB/xUXfeXlr9UrEHi
iuui4HApXCkdXAE0kEsUAin11+UxkSCsr6E8JrlRQdEwKQy4PYklqWEwlBTuvrJ/U5N6zSMjX+wW
hZRCgZBErDsNBf/Cwa2Crzv9dzKzsHRFraEWMdlaVFA4OGOgul0eF6HI/L8d1xqqN5OvhY6CSOFu
qCSW1oODCw0nL3xpvTWUrcItf0933O237iujW7q6x0Pa0ssdBy1rqFSypvpV+GpvfDAIQgp3gRy+
2Nt/OqVrKr22XKGYUFZrqULxb8tq/Toudy8PTyx2ZWSOdpZYZw+spJ2ztcufB0e2uBCu+BYM1OZQ
CBQcDGK55i90qVIeyYo/JEs8kS/TRrZKG/nqtX9XKpfEMMlXo0WjpeC4W/fwJdoQfBgUbr7gZEq0
4av9kCJGdtHiNjqukjyRGKGM6x9okSosRL5k7DJjuEoroMlCZAyJgYGbmORkk6p0R76+6zJjBGIE
xv5AiyRjZKtWLTOGq1wCmlTLjIF6B066SBapqmjky6UuM0YgRmSMPC1SjJGvaLrMGKEy8jJjJCsj
k92e5KuOLjNGIEZkjDwtkoyR178QQAqCRvMhccVIQJcBdBmXqv8iEQgpKEByQ5Oq9ka+6OgyYwRi
RMbI0yLJGHlFSWQMBv4FFfgyY3CoFPK3Chxf+ZJUvTbyVUSXOSNQI3JGnhipQnTkS4gucwaAixK2
whhomWBIV/QkVRqOfP3QZb7wtIhskSVFkiuy0LHMFQi4aFBBLbMFjgCGIs0XKbSHrQ07CNSIjP2B
GKmlCCfvExBYw9cuR6+wRrJ2OZ4aKbyHrwk9iNSIrP2BGEnW1gQfRMeCyBppx4J8fVnyBWKXWSNQ
I5Za/wMxkqytCUAQIOwulUUksoYCLaDfWtp4aqSgkXzN12XWCNSIrP2BGCkF84eKr0TWlmpZIlZY
W6plSdImAEjtbPJFXJdZI1AjsvYHYiRZWxOMIEDkRSHhK6yB/hJo8JM0UEnBPvm6rMusEagRWSNP
jCRr5OuyLrOGK+aGK0eOc0VB6IIDUijS1cihpIAfsTYUIRAjckaeGGnOyKII0brCO9vQZesK72yT
9ipIbWzE2lCEQI3I2h+IkfJhEGvyYRAg/GJAs2+ZNdDf+70zTL7OOmJtKEKgRmTtD8RIsrYmLwYO
wi/sp0mDgB4rmjQxUlqNfPFdImcEYkTG/kCLJGNr8mKI9beJnC3V3yapZqCkdBr52rvLjBGIETj7
Ay1SjCHXhCBwXBltzIohAgfdeCTpavBQUrsauSYIIVIjcvYHYiRZW5Mhgo+L/cTaUlyMpNlDsiA3
ck0QQqRGZO0PxEgtfeSaIARfDBq1HFTGF4MmuUYQpNCRfIFlBABZChUTqRFZI08MTso0IF9geZkY
iL242ipEYnAI6OmSDvCQJEa2fjL58skossvr7wqNkxgmai0BNgAjBQNQK6RAPYxGkVxapNQFiuzK
gsNAxxsNXY55wdEguEIAMkGv/92xAIp8CBkD+UdsB39gASMT3FnTyBBQOPLPIyO7ZGEgMONOionB
GTgMLYU7EyUdnfkfyoysiiQeDRCjK8SjFNLhlTWNDIZZy8jIKlQoAJdCrEQsluoag8uMfBgBTsok
R5HVpzAkQgoDBZY9exCe8TXbybv2MFKYgiarUaEwmBQCsuJsLxUCh8LIeNv/u9WAJqt98TCC97ng
yzDyB6eLlIJCk9e9SPjSllg5wwO3CBJKxqJekxDgoGb4sxDIYinxyId4WrZUvRpceXhF/dfnniCD
axgZWejFTw/u1AdXE5A4PXAoGtyqJN0rUsYKmiyWAhgQzVEAuO1AxAItTDgSJgUDfwJDocA1+qdz
Lw9CPeJlGTiZ2zk6mTtLO+JKRjpbu+BK0Lr+WRpkQRUvDRjIPQyFXJYGDAbiA4ykGUDKKkWTRUkC
KdBxwGXEgGAOQ4BmAwxEKBRA0mMnFdNBk4W95QNHKApvkxJWHxTk6/dm4v8QHH4+4ltlCmF+ArXV
phBmDSv3/2gKkUJXDNmV+09TiDhXfzCFSEbwMWSXIA4iAAyGEMEHPUvQ/wLQ+Aj+388U6s/mBobs
coVCQWYxMELIE8EHxcUHQeMfH/P8FyODAH8eGflIGwCaGaDA8BEigA9AQsAthCaEiP462wW6FhMN
Q9YEIJq1eNRfMWvxqP875bc2fQRbw8jw2bKkhYbGLB3zw8B9gwaFBYUhQSyG88FAe/f31sn/zq7F
J/D+YbNBQdcLglnZbFAEAGoo0rF1UtFFfAIySQDCZySTRCB82u7/FoIAUoEFfG4w6R0IqkkkzuAn
nJ8T1eefDtBJ6Qx8CjKZQAZop+KyZgAEPoCNwkghYeAKAZUIuZgyKdsA+Dlf7TcT8XPi2G8mgnym
z99NBCm/GCCfv4Mnhrfr0csL9G/PBwHy+TgE+ww04yG4gDSBGBycFCTpGDHJEzsAILvEYBCoFJqI
ClA+GByzFLtaAoX/1kwAAPKLEQ2uceSy5QgFoR4Cul9rsxzJjQyxhrRBskBKMOOWNglixYxb2iSk
z5RIbhIo+fRJFNg/DERrcEIQOAcW9GNhCJAcOG8gkv23MwQl63vBYPAluMDn2oFrB4dSAIyQbPf3
vhccCl3D0Mg6X4TFg9coK4sHr1H+68VD1oTFORq4YDE+2Q637xBSOJWDT7b7a6MKAUOvQQuTT0PD
+Qo4MxQA5xMChy9n6gJLYQzSWU0kEwHJZ6LBIKCLDvqGoAEnhXNVYEioFK5wPbCk5Eg6ogiSuhRK
NgQLQMnGYAHyuUp/p21ISoZ8rhJB2xAz9IjahrzSJ3n4D5BPViJmzOJDd6CrDkClIOBffOju7zPH
Icg1LEjymU3L5g8udgfFLCcckwzerRn6BDxAAnYuzpKgmyy1BrQhnxVFiHctxeFWzFd8HI60+UrK
LwXIp0URFQIxvEZMJcaH10juUgRJa/kPuVGgEwjBOaVLrhYU3J0gOIDgi3e1/hrk1+Y1kE+kIpou
xKHhbRfEvx4aBIVaQ6Y8+dgs8aWHpcNwEEkhUhjcmwVLh+H/rczIZ2gRA3JLZ9mgAQbFxRgw+MPs
f+EDrk1ka0BY/NHfilWFP/sjCXokc2cA8tlcxFcsCFYvFNy6OJj8l1YvCKVrkAL5YzHQPMCgUCsB
U0L8gLTZi9/dpOWwBieK6O/hkw2gfzJlSab1AD+nfv1GA/+cq/UbDUw+K+jvkv9JGgvks4L+6iCU
ZE4QQD4piKDu8cE/Ii1SwT/yKToA+YwggqJayvNDrBzMLCX6kZ5ukp4l+YQgAjEcAoK6e5kYKQgk
n8gCkM8HIoDHUh7LigZeSmQhrYFJ5pYA5POBiAfEeKyCL6M7Hqv+7oDYwtIVgK/h3Sfyvjzo7uDC
ossDw52tg7r63wxsrUdOAPlUI1CkUmjQ0sBHNVbO6fBRjb+2Mtd0TgeQz0wi6moYKCUEBrns9uBO
c//FC4pr04nk05iIE4oHaBhhQskF5P6HhgT5pCei90Z80Y7gvOF9//82KkE+P2r5DcAlBxu+HDDB
O9h/LbO1+f7ks6mIKw13aA2HASsO9tILd//iJd01HPUAP6de/UY3/5ws9RvdjCK7hf4uRYmkXkGt
xRD4v53MkUy2A8gnXy2njxBSbmC4t6kx/yrjZumFV0ncI0nc8bWklbO5JAS2hnc4yUe8CABL9EKJ
caV/kw2CH6mri6uLt6Sno4ekq7uLrZ2Fnaeds42kuyVccg3neAD5LDAoBFgyd5ddOLx4Sad6r3XQ
HrZYa2us+9KwQd26tqGSD0YgQISDAitvPxOSr/5NPgd+rJ7u5k5OWEdHSVesu6u5ByhnV3BFrAEI
yWeL/VPlQn9RuX/tHq/pkBQgny5GVB5EL4eoPf5lcH9N6WIA+XyxZZVLSAhZVrkkE0L+hwe4f0gv
I6pc4lEAUWr/7ihgbfF28rloOIsTB5PE99tBu0wKgzsKwL3f/vcm1JqC2uRz0ZaFRni5fdlQ+Xfx
9rWFN8nnrhF9fbw5AF329fHmwF9v0DXlVwDkk9fgcBA7MLhXmJCgTYxZTkkBcKD3Lw5Q1hQh+Tl7
7TeWys8ZZ7+xVNBk99BfWSokk74BzBrMImJqIgBDLK080td4kM+dB36+yO13FytAycnlJ6komXtg
cdfw4G62cbfDuuNHjntCL63sbOliBep3PoBQ4Zc4FFwb4Gdqv64f4i+l99rhNC/W2RLrYYy7X0fa
FXdpkCPW2hP/yd3OxtYT55RJe7iaW2JNVzr9CZgh4BrE0eeTNjA04pOE4y4i4nP2cnQExQSQ+Q6K
syn+8SUKDfoDxK9huEkh/TV89dcw0P4DJ5HQALGqAQIF6gsABoGhiG2Qq9qAtj64m0B9DBDboFa1
geGOXwAQipf7Qa9ug3NlMMu8YviM8bca/Z4ZALL6+39yAwCrWkBxpwqgJ7wyDACKSwyBk6EDwyVk
Qck0gK9ugIQCUhAEEnTIllshVreCg0Y+FA1BrjRCrm4EwwXOQI8Ps8IXCnduQWaeQSRb1QCJQUqh
oKCLhlluhflNKwhaCg6agCvEwOW2qhUcNL0AAFT5ywMHDcdVrfADh4I7idgIJ2r8RVS/HzcU9psG
/5xTKHx1EyQcNLNQaCR6eVKhiNWtEKB3CoXCoJCVvpC/aQUFLXUkCgX2QGyFWt1qSf//U0zo37TC
wfA/KWJ+02pp9yzvYMjqFks22j8WEwz4TaulHQZFQZZ3Iew38l66MQiFAZ8SG/1G5kuZkHAk9Kdh
/UbsICLjVi/u3RFiK5zY8TeMkcAn5G8a/HOCYajfNAGNHBgMdxpIbIRe3QgJA/n/x8zBMKtb4fEM
ilzBKjjkN60goE5DoJDA8oqCA6tbrcY9OHR1K/zsoeHASivYb1rhHHAoAhdmJLaC/6bVPxES/ht5
L70mgUCjUCtD/43QcRkjAABHriwp+G/kjp9hAA5bnmH4bwS/lHsNQ0GXlxQcJ3f8BXO/XwYIyG8a
/DrHCGB1IyQCLYVGY5AryxcBXd0KgUGAA4LjcnqJrWC/aQWD/rwTfrJDfnXpiVfbrRguBhrqK4U3
kBAFBcI11HK7fF1x93958llgbeyc5YVnam4L89lZyQvrIzQgGq57sLZ2+/3dsTr+mrqW/g6WGCvh
XQrgr8xBylhJX3NXSeul69w9+LAelvI79mirq+zANfCV8XVydQKHwefr5OjsIeMrL7z0ExnwM+6x
tDDfUhNPB3lhA41DfDjz1MHOkw8qBdpikgBMgs8adMKxPi7uDnyAFFIY7NLdylpGe68KoUPwf/LC
BNsW90qCD2zJrgUwGIw0BAoityTYQtLDz9nT3FfS2UNAmPA7O4Plnzl7SC2NScrSxUnazkAaBH9p
IiHQ8rN0t3PFpSTw4f5vbuHi5SkvbIFFIKFYc6gkCkBaSAIAFisJAf9JWmDgcNCtR0AwgDmRkutP
I/wHKZztDZq3IC058KPMIXcXKy9LrLvCvkPqfPtsXTw88aT5MKCfKyf9jyb0S79Qw/qBgrHyUBAR
xX+//IBeTvqX0f/v+AFn6/f8gKuAIDs5sI2MBmh1WvvtNffEKkAhAEwSgEhCIboQtAyAlIEjxCFQ
GQhETvqXlvRLP90DrklP7Fp++lPLn37q4q4LriMFW08nR6irB583uC5xDIODA5e3pznqp98Smv6X
8jJ31dAgLzEnJ9w+wLWT2eti6eWEdfY8sHeNVKT/dyO1slwepquXuyP+FkBLaawjFjciD3CoADhO
K0sZaxd3J3Owc3NXV0c7S3McTdz6Ayce/NLTztMRq7A0JkVHT/wHRzscCRlHc2cbeWFfSSustbmX
o6ewAiEmaG4Hbk9nK3csPvCKiw1CoHySfIc9sHwu1ny67ubOHq4u7p586uZ+oF+mg7UE/SNPP76d
AqDpJqurrgN+gEFk+eyc+TxtsXzKvp5YZw87C0csnwbWw8PcBuc3gf3zHXLHeuD8H/CDi6eLpYsj
oQcQeQ7hu8CvA0c7woJYYkB6hSnwkyV+1eD50sG6ERlc2oT/+PHSl9I//wT8bPXTEvs/dPGPn/1m
rUoTUBH3cRlzFej5/kf//ncdrSgaUGvJC/vg1Aj212oIPznMRMgT+R0qitJLL21iUAY4CBDZK4OD
CwAChUDQAHIJKYQhEGGwGQgxf2hBQAMRkqABtlH08rQFm4CfiEiL+wzqVnuspSfuoy5umYj8y1Vt
Ag4RXNPgH+hfrGjcr3HrGfdz0WXbwNcda00PAe0iBD1k+R8ulRC0fK358M8AFAT3isXSN86EZzDQ
ZkH+8gwA/RX0r8/gS/lN/3iGe4z49RkAx1kp//wtCoL+lQYMAcWdbP3yDICsGgtqKbv0l2dQ1Opn
uHO9X58hcMG2X56hYL+OGUChce8W/fMZGoL4dXwAGrpKfgAaBqwaM2jirXoGhyFXywoB/CorCBSJ
XiV7NC4e/usz+Gre0AhcKOqXZyjIaj7QkP/H3pvHU/V98cNNyBShEBlCKJd7zp2FMs8KmSniGjLP
Q2kgylySWYOpkpDMUhnKXEIJSYoohCYNqudc91Ifx5Xfd3qe3+v1+CPad9+99lp7rfdaa+91zobz
SwBgvBGQIIwuYbaqdUEbiIbNhYDCwNYDytxgcyFgsDB+CVi4/hFwMB0CCHiYroGz/1vYNvs8zII2
EFgoA5C0lwFrQ6MWzgVEYtDwNixmofwgbcHC2/CwtQSRBBhvIEB6N8PCNhAJb0PBdAgE0ODC9QAB
DGqhboAQQMLbcLB1A6EEBd5GgNkvCJJK/Re2zb5FfEEbactoYRsaCeMDhNsHCGLhvEGJPrwND+cN
JGBgbSgknDcUAOcNBcLtCI2H6T0SxMFsC4lGg7B1Q4EoOA0UCiYrFBoNkwEKQ4DpHwq3CG8EGJ5C
YobZIIgGYDYIokGYDYJoNFyH0BgUbM3RWAJsPSBZwXhDEzAw3jAADIdADAjC+6FgeA9iSA9+LmzD
wHwUBLswPqA1gmE2ErOITWMwaDgNLFz2GBxczhgCAJszFgnzC5CKw7EJi8LBZAqRha0RFgvXISwW
jrEYFBYmAwwcd5GLxALQeDB/CbktJLwfAc4HDgnXexzcBgEMBiY/JJYAs0EosgBhsodMEN4GImGy
x6HgfgGHXmTOGBx8PBzMN0IWA4stQByBAKOBB+A6hAfhMsWj4faBx8D1BY+F+xQ8Dh6rQOHQIvKD
4QsARWKLjAf3g/hFbBpPgH+XAMD1ngDCfQUBBYt9QAIaLhcCFi4XAjymgSQK03EUEoDFayiSp4G1
oWB6j0Ki8QtpoJBwLIZcCiyOALBwusAiNCD0g9kqNB7MFlBQbAGfC9xWUVBssVBWkNbD8BkFwO0D
BcDtA4o2sPDvYgEYXVKgDWsjwPAKcquwOBYFgijYGkHODDY/CPDh/TDw3ACLRsLiYgAHs0vIK8DX
FwJo+JxxMB8FfRWGB1A0CYvhUCgANj/I7cPiSRSUIMG/i8XD1gMFxxwUCo45KDQcc1BoOOag0HDM
gbIZmG2h0KTnFmBtMH4B7CL5DCQEGN6jZ5/9XTDeIjJFE+D8YpAwDIPacPB+ACw+QJFOHn+3eXlY
OTgRPRhIF9zoOwSQrs/BCEjpubp6CVCOa9VdbF0FKPesqSsJmMkoKhJwoLw8gFcAlXCAAqiAxqng
McqKigo4Ak6RoCT39x4WDLMXo1p5eM2m8SgChDQMIiLKu1UYVvx//Ida0Z+km43tf4oGaXEgL0X6
DWUnyD9/kxQHSifAFQCUaEBWSYpqVkCODg19LID8T01gqR9v0roJCKwgOvn6u9hQ7/e3z/8v/RHZ
o6SCACQhda0fi0ln+KNCiHIKNXu09dfL3420PXuxrFWjRmODbcKojYgjJnou6mNFSe6mXYbr0nRY
WOk1TqkHrdzV+xbxdSiQUa9QeIdz35VY1Uz1A75Tn8d7h+w20QhGfenlv3nQ7TAhO2Tzibr9N7ky
M9RZd4tyXO4Dkra6sz76YtNEJ0R3767ZxWb+7+wS32TWVn74edrgoy1th7752vZH6GwTYMQ8FH2/
H8/wsjHO9vGLkO2IH9MPXVdaIIi6ah88PjuwqlSr44P6PlRHTBefzY538TuoNHDe5asCz2XQeZ/c
hNPj8pZG6QHT7+HPb1X5xd5oPnakfeiC0+hYnq5KzX06q0IR5cb1yhlIf1O3mzH8T590bLy+06jQ
vTBZc3X9c38msyl8Yp374KVeZgvbipyCwIG4PMSGnrsKTzap818XtrBs3BAmfVk/9W67D9vtDQoP
CNw9kp6KeyzxD5MHxOreizGni4X/eN/lORrZYH6na78L600zjW0h3nsbzEzVrST2K6A13YUcJIna
hi/ldV/ax7kg6IeVfJzVu1hqFVtUM9/mOnkaSJXwiQxJGGyK9vtVIWnUabpHQJ/5mcmdVxrDbA83
Bh6uOG6mIn6sL6swbjSXxmtdDMet+2NWVwmGoe08J389Z51w5zE4GOkj3ZElmx5SUb1xKK0wejWt
kNWDQbmLR8pzkvUK+x9oF5x8e04UsHvgfprfJut7iNxIVU31ht4H24d4sfkHt/UUrhHG+O0Jkz7r
de1ZrNCRU4j027olvQ7yZUexPDPSI3svJsRMNr5fHy0qj9cW3xwVjN58iHnAg3e38Uos323Fi+mT
wlzKZzezyG3Yse62NaNuTSh/d81HS7PEzH2WpbJrnA5zhYTdQT1Dbpku72mVfnoivOLx62RCSbb7
Q+5y/8QHb0NyRJqYOvs69mefLej6qMNzerD5+83uyvwrEReKzxYI7mE3LylCVjjvsT+gnF6U7DHZ
c8V/1OZh40n5U4HRpvtdT9PkDrHq6oZec/mw1zWnP/mAMp53c63lKpmzwtVVDUJVXnn+3ocjt3FK
7O9qX6NRsaXN1n3s3EO+aUE+/m0D9BVoT58dkZIDQACi/yuOfrraWTBQSOPcoXucDW1pOT3hU8Vv
17UbVWYFCr/Zx3mmtTyzZOUacGfQO0xWwxem7I/P3uoVJrcYydKXeIxaWhbHyxuoZ36u4hQ0iKAN
aucSSZRPfvxlYKuxtWAxW00nz9VJ/JO4sU3XwKGvoteeY64Yfyi0a0E9wX0xvriz90X3eacjivyu
Gz7u+Zb9IOB272OTgP23Hrc2XbnXDnx9vLXge/P+wvzbzOyc9K1ajmknz2gyI+4VHsvh/XJFYSXW
ij+hV7t0/XWzg7UGU5tu+PNHMvYMRLVMV64cn87RmdzZ2ALso9t2dmRQWO3++uhXlskz/DmbYwSc
Mrzqa2nvHbK8YCadwKjrc4Cr/kirW7CNEQ/ndNSoXnwNztRy4HpqXvm3tdN3eNdef6OecEEsLMg9
ziUi/JW2mr+UmAiXgRlh70gDXS0YTji2+df+crzfvtVSdz1Vzl1LuczPQtz0VeT7Huw47/pv8jYo
99yrtEH74vQuRkfd0uUatuT4NXg02I026SW9jXdnQnU4Mog4whVrWIFxLPF8We1XFJvLUzwTF7Q9
6lnk2YaRI3hXoG3g8kGv8SG151+/sisbcVmMy+lsAG+cL5tZIf4mXDU/T6PfPK3dP4HHo6B2Kk/x
U3Dn8bLYE4nPVEU5dM4cUx/xDPn6bPV53tyqyEeG7Rai1VunG8U++057TtQb59veHixpDv9Qu7k+
5tSM7b2vjxCDe7mEDp50uHt552YaewcHXKlPPuPH4KMJPQEpI/uv/nwT9Xaa8cZpjp/uLDOr7hxd
mXHqiyns4GWubh1A4ZCLXQxFAW1yJd/fULs1eRa1QydmNhw6GJu0SWTX5OryR4Wxfvc/l6W7pPHZ
s8UaR2Qq6Lmnmn1vZtQAiw/GchNMjM/JZJ/kux1QTVdpnPtlvfn96vH+SmtD6TvaComl607+7GvZ
3B+VeHnL5My47rY3wEqri98UM9KSOvY3Wr0/Mn2yfCSjFldYsMNGJHV3VBEomjixjSUbZff9DK/C
B3aG18oM2VkfNj3X+uVxX3/Y1+7QuE7XD0GL/TeQkdiKBIPLKRq+dpza0qMr7mQb0Wt5GSZk5b0v
2v42594vnY85HUNpLrvKno2O+wtGyOxOZIzaf8y81ET/2RvecIaKkNBMMaPmA4aJqOFGGvMNSXmm
rc9veezb3VGZFRpAm9HDlVPxJJVDjl3Bb7fH6xbkzwtl+WcOhNOtXxNqXlRZnvr2dY6lI3fEzR8I
FK7y6gfvJ/2alqp3WLp/1T0N5Lux6yvdZ5masA1qqJ9uOKs3TiwNp2XsbNrKwoYaztK9X41G8e9M
+lqWNDP62UGSEzHoXYI9bqXwmnha0DOzQSaGRt6GmTuWc1A3tE437p5Fgu00IpFrVP/pm3SmbiHl
rXjPH22bQGEpCSXuWP6LaTGvbL6NqwWY2DSkZirZ0koRLUlfjpR4QGujdmSXT/GDd/xWFWLJOqOv
jFABNg28IuD+r7aTtxE2xs/3+nc2FMh8VzmQGjn45rQVRHyL/mFGh9nvt3w5xtSY8T7DHFPh/D3I
/eQEInJrQpe12nZ9ld33p0Zqu8LO8nGDquESXiZ3ZR0h/kwiZc/xG/Oe4w/b99Y5ZOdBhpvl29rZ
lbkLVcNbnPjMjYwVQwcbSZLAK3x+LDm9N2x99wfxM+oX/MPNoE9EAu+dGqKzb6yQ6Hg9VY4RkgVt
ojmSRI3tnc1CO0UCq051TjOa3DAduW+JEl/v8vHWu3DtguqQd+0Hum9z5VeVHmNLcONmyfWWK7hV
tAex5evxp8o/9rSmoLsU+/zS1yq+VjtTLoii7yKJDbE3Qu3I/hdS323zwq7t/nZo5Sew4TRBw0ZP
PTuz+AFdvGjz0O4suo31iAGP4s5AfvcUZnZPc/71DoMNBVWn2UxsfErPz3ZLcVgNCh/Z88LOUb97
5+eqgZIGb0/zx2oxTN0RYmdowkNqTIdXN9N9fLwlvl/0vrvH5yNege8Prk8RUn59MtLTMY1Fgr+t
K8IYWqFrKUndqrWVFf5qKbdiKlTsYianxysHL0wEZ6qGtpzZcrY9teQkUyPdxw1C8f0TjT5ROWEu
XUNvR6QIb84IeoazJdWbZOZirhXIdLPJ5BLVeBP4p7RnWrxb1oE2MRzcRlpKT5INjM9LEJggyf8M
QFXmvz2Z9WA4pWLqqcIFvtnVYTZmNXU0tPIHe0kcte1PfaNi1H3Th4g93c1V+ehDy+vqYsNXQt7K
+6W2fDr+VLsvLsXi44eGMx9qhC7XbXDfmlVsuyHeiMQo/ykLw5v8Vip0Tt8z+T7ft9Cwkd/p59i6
TYI/37CiKeIh69kzH2j0L+G/cNDuvvBho0pEUbJjWc6w6hpuAmgTflb7CV9SvxQDab5yJac3nplh
JdpJHv2pKL3xtKBrUUNm/SoXV0HF9zdC6k4Nrgenjx5n8s9QtsWuy9uBvja5fZ9vRIXDfvnU4R8o
DlXD/YOKquvUT/KpSETWYT1FGGVR1/hmVvG/HeL0Yr9/wSiEW8b8snbJCsGj4xeexE/2d/GXXm28
+3K3javLkV+Mvq/NhOFn3HMV6gBIwMy/cBwPw1rypbJ/w9rrRtr6vWqsVd+NvNyNsQYlT75NdjlE
rFC/EnSaS/8qIrzWeFMvu3BUBne3+5HAfQ8b7tN+LnS8eFo+GdeXv/8O34+LLqx6CXdSHE2Lfm5i
sXcxFZzyxbh+qqgV4GMWf/fVEdR4KZAuf7QuQaPEFrGPu/2L9YeVEUeKFOg0W0UQIz/WtAnNCI14
qwLatog7RLXVM0zpAnzR9npFPzN9z05cb1YfdWzOd3ar/EVfimOgDb5UW7Xteq6Gww7Oc4kmPb+S
zfsfGWdXiNkk0V/zcvjs2t+Yde7eXkMO79ovArd+Jflw0GZkDtcwxsR/FjhVWfV8pd+uEx+3pz0W
t6s38/42Ywxe1OlkTBdbpUL7PszFSK1TUnioxji5EeOceYXp17XYItbt6vrimiAbS3gqw5SFkXDu
hjdnBS3AlFvyXDQ/CiKS9+14etL3suol587pR59PqrOGntF0nRm4xSnywxrg2ton8O4knZlMifo5
h312OakTotdyLykEixnGSH5gfqxiG5cjMgIKN7WclT1Qlyi9w1CmO+SBsJttZoLAWcdgPQu17Xuj
7704lGf4wvScl0T3vSphro9Xdq513+5V3qd+mSE8WtmSbdWMZQRW21Ez+3zr3m3yyUIitA+rjOKM
tVWcBHBWDjnjQQ8kJ6SHJx4maW66IOpsKrW34q6nZ2PyiRUXhB9rJsuHmofj6hKeGIhoRvScKnfi
P1WmV4EVS8kX16DLM/lxNXT/TJE5z1rpYwG+gS+BnRVNL3SDT0RezXLAyaYznWNT4217PDS4utXx
XBhbWPBgyL4dd9SVw1hXfN+yV5RfaP2NFhxrbWDS9sFh9Ou7YNqTSfHRklrDL90D1qoCoNbWhPLn
u4Kc2UKfgA+/Nq2/eiBJk/au9jAjmv2qN8HoJN/TXdrE6ET9lWv3PWTZorbV9jq4pvxk4pmG4Qo9
H91E57SLL2mvdJ4+FvdM/la7xHZx8CTReyvW1U1mY15N2yoNouAKXeJbztVxk1kK2WWXtKzK7AWK
tSvy7PMGNCzvve0aewcKD+RqD/LWZlvHgwaokDWfd5m43T5zyZxYfvfZw8tmSU3gvSN74l4pnTNx
dioe2CF5OUQCL2lBTA2yTd5W9Z7FcTjNP3io6fpY9nozuocmH4XTq2+Zjr4Nk7DdaEr36VvJsbfx
2wIPbEz9tun08N3qWx35ukmlHgbjJfa4o6uP6uZ0fi39lLJzONuY98GZ7G2+EZ/Rg10ZPtvPaG5M
m3x5I2cyfQXXgUMZyezxo5fuq0kklMeaS/SPPdvU8p0Gl3ahxYr1ZvxT2vHR8FXvTbgldkm41N0Z
JXJgH/bYbKx4gFKy9HreeQkI3TphkJbQm0kQW4tPqDPQfzAdlZywh960S+GzvoM8e+vb9u7LbloY
Nd57pseRnf6Kz6qNL15+atwTnOY7PkO7v5T1g/7VrvKWiwDwuNhu07azQ7w2x8fPudGWdPm6TCRx
qGh/SLtzYkfb+NiBX1bVK76qMhOGeC67xO7U9R1iYLz95D7PjYtFPRK6mdPD+3d9xWqaHrTPymiK
vibHYJW2/m7etje9hpXr7oPYFCC5NUr52YZujerR8730TyaVUjPEcMLbIxWPv74kbbbKm4du8KV0
i0m/nK+qdOw9dy6vyhs7Y2lUd8Qxq1aLjbGwvKiuL5cElGaOd3DfYR/bZ+uiE6p458uQ+vjAAJNM
epemxaUIIOYnbWbXBmPT5g4N6Y6hCmnjDq1vCq2cG1W+3r/C4YifevXKrG/7G/VVG0NtRwZf/3Tx
aP9s9O3wqFyM1J3n+6OkpL586Lt8c3S0j+5X3ei7e32930dtVx4NCJW+U1VePnN44JHLg5+EqW8y
5T/A8oofh30CC0Ucd0xtakote6qTOQ3gz/FoCRgkF+np7/5w40HGlBhDQO2JdGEGWt2jh/iiaty8
il7tfUbndbjgnrVb3fTpKylras8YDT1ad7x3+nSgm9rPsccRNXduh2l9FknZbt032U1IRJ1QUJwO
YrzlOpxP/PHSnh09cnivYnDBnqZI+VQXSzP8N3WmPZH0+kbbGzPKH3Gny2Eq/b+FOh/11K/lpzGJ
aBV3wMUxMCX4f4hvpNuW8ePFs2bmi1Uup4VnvtG2VYaktr5IP9ommvar5xCqaqZ8L5edl9C21KIt
qVFTocltzfknpQ6rhfFfENlZP9GvKe92GOad5h94BLBIYLE3RFO8E/kplb95pypjTVImcHvUaOyq
s61w3O4zY9qGY3jUZ3QxelwwY7WWAtvBWMsVTSUeN4/6+8prpNuIJjkkGvMdF4qtvFvaL7fzeK25
20hHngPw5cfWoHPcZbv4qzad0GmZEabd6fREgP7wa3m0jv2jAwW8bSmSz245Sk1m7V7dFR7io86I
T8kYWXPU8tLZL8j96zadk1T6wu/fEsOeyBnc/6J1pr/66+HJrov+pedGZ6TKrWrSxUo8+hOK27Ku
qLpi9j9p+5Gyv/WFSmaOmFLSlGlOu5frQyWDiJeG9pO8XZfHv66PCOyv5XS/s6IcXdzwwnDwrdVa
lqC8zDLOPfn+UfsVDrZpPD79Pmo9rcYZBmubVseVvAxZ91L20+XV3887O2aTjGiSsGFQGeLpYau1
+1xwmP/ZK7xl3qiJsczrzzR+qQV1m+tVX3Lf7f5qgxXdLIRz4ePyF/wgw7L/wZjJsOMjGZpbef4B
dPwxJR83n/zEe4HGZY21jeszNqc7F+QejH1dqRk0qVa9KvdcFsBjzmdTtXWdcXx5y0qTveW7sh/H
OzAjrfs1uMfV21ZkxCNlU2rODp1BK14parAx/dBrfvf7nQuXDE+H7XW9tmlbnqOiq9strQkl2TX7
bIV/xpmcUxvSy5Z5WGr55G31iiMDG7Pkg+LV9vUcfXIukHDh6LG9V3eo05lGsJWrpX/MXuMdE33c
bvTMBSu29KM0iJ1Vt792b4iZudWT6Ws2eLGzmHXIKExanlVDSM5ZKYmhJnksQDYp2g2h+iVDeTu7
Sp7GaRGButMuRSrWq2tsxApvHVjPoTS4a0b9vF+mW/u2K37xjR40Gh84nJ9/OSlP94Zu7K63yVrB
2C53c8aGkyoDI7uvFUiNBGfS11loM9reWHfr6XPpoZ9rzmpq3G0EhyqKHrQruKzbVZS4ubeg6jtD
e+BAfCTPvhO3T6a4PuOT9UZ3b3+3GsPZkaB6xbtIou36pXiaMzUNWpHtGCnNMxMKl5k3NOzwcFTI
/mpiH+HNm3FLLOC4d/3j8tvnil8HMF7NfbJq6nCuyf4B/Jate+7ylt4enx7vtZga6T0bv1UtLcVh
slX4xEMBn+1ZgC1noK2gzZ1heWR2Mb3MuE9Ao/yIvPVOAtudYxgcV9MjbidkqcmpoBb2rTQaQtN6
zlq3N9c4+Xx6toJdxbBFnBCvoVjdjHCi6cpe/TbZOqzWM2OTrG9WgNh4B69HyEel+HDBtSUHdlaz
BwvcPfR8Xe8TdlXOrpvPb61vTp5UexiUk6Jdxbi3MvFjJ4/7zIpmVOHYtZOjCPwOQc+zZzOYEaKH
JVxHnoiLBuwYeH74dvPLOllMv/Cdke7Dm2UjhkNrWIL6w2K38W07vu5nzIbDDtc8VWSP2afWfep+
eKz2XkP/Z0RGaa7euQr+x+XcBqbXRVTsNR5Jj0udUKL3fHnxmu8jvBwfv6diK9Hlm9ZqufsOopG9
6LZego/Dxe1813EGNKEyip+6JAN+rOxIme4a3itU29361Sbga+tY2+3JYFOOo5GbT/TbSF67OrEx
65rlje3rC54POyAmWEIULnN9Oega6+I7tFLG2yx8IE/XryStJq9Q1kYw0+263rmYfY0MhG+88S10
nrpGN3D3Hl8yK9q442n6BfPC5o7bmjejt6rxlj2KQASdCrHyy7Q63v1p3fdtwcoWDzCCyt7vhoSb
WcGxWyobz93nevT09q8aLrq60LWVWl0n/G9UPw5Aihw+rx9b861gTG5d64mglo8ih5gqP12qNrCM
qXV8i2I22cCzOdYyRSnOVDfiI02llZr46QPX+3pcbt51K3npE1QYorVpzOVqhchL3rSIlARrtiqe
3rHXUiPjvwSSplqyauJmdhmdsr1WG+3Twz7h9/RzIfOnyUwvqfrN76YdeBzugieNDKKFRcWjtKPv
9QDrwraFXPwhwy0Y8Cqbp9zn7ouv6zz7Xqi63SQeNap9yT11666MAB8hChEq2sG4w60gtDSQTq/0
0lV+M93L6LQHLpKsB1pK0JzVrxNPb2nBbMll+JqkYpveegsbcBr4OGX/7hNtMt+z4p4kDVzI9Ya2
LzL6Gzyu1U+d2BGNLEePG7sya3EA/fIP3zGUeqtK6vV+07khtt7Ug3EykW9dOqfD27RbrvKvSg/y
d0Zt1vDgoSuIRQ5aPNmXdMWjeMOm1lN5zprT+UyRPdGsLbS+7YmXObYbaO4r/dmDv4DISV7fnmy+
xYsrPv7SBpxZxBAbcWZVwrZfz7gLz+80ZJPdnFd+/+IQjeKmElq3b9NTq/fTr91I55g3+X3n91fp
DjA/N//oLoDFYX6/4BqEOToAQC0rDzPWdu1VIZ1UMHnY8+w68FUbwO3wObBaPcWU1mMtk5WyZJaz
muRNzW5dlympiV4RxKPCjhWIIYG4xr6kbtxEK9OPEPN6oa6Zj125yTNHzrWZ7pYBdx6UDXtWzp7p
yZD+blO21YsvcXVXy8XkxLfaXlY1cv0u9fQj8aXJzc79heE6+VbS95hFPTqO5UWoD7dnrPnF1k//
WtzC6Gz/yNCn/rMfRhv3n3Vxde36sdsno1M9trz4kEmp+eNbaWnihkXoGfM7Zm0bHtoYTEnbXT9d
zCe3bzJ76HH49vcWUsgBmjAUyyp+nvVSuoLNes/DArST2Ca3cPU5+2mHHDhXvr2UQU228NfboXz2
nR6H+1n4ctXWFA7EhdmuNgpg1Nzr7K25XSfZzuyeemfchyDn5viS5N1hjwlvop7FEx4Xhqg/9D3w
UJtf62XGl4Trdw0NJ04NlSOfm3Rzc4xHb3uA1nL061ZPdMTpeb5S7pQ5qcg1jiheq1Pq1rj33cfS
X4jXO8588FBNP6gRHVwqcyHWrUxxLD4s9rrGIT4ftz1g8etOt3NWmFojkz1CKYh3q59adDQVH2hV
sdkbfu6AhtuPDjx2LL6j5EG5afMmsdMbR005tlh7a+bGmpnbuJ86vjI1bWNF7RPepHOO9JnYc1X6
jc/ui6zPbrU5at7t4vY6OI3uYh3uYlmPILPIHYxclulN08Ojxsi1v4R08vyOj5w82bb2eLHfFtfj
W4lZK9Ao59s4jWeFTnbp0mXKe2kemiL1+qor1VGnSkePT3g4IoLk6gYu1wAa0uzKgl/GLIeDEoj3
DtafvsD+boLm684T77LCXvnzKYcxxtManmNUctwTufmoRN9397ET6pMNUSvXlOuHdiOe0g0OOL/O
OmMh3Tu69WhDfdhWMaWVLm7GOJnVDqc1ao+rRtLuSXeoVs+lffxEw4VHW8v91YurvJW8Zu+bzVwO
NCHuPJT8dj2f6Y3P/RXySas0cxuSrFS2s3CD9LdWIwQF4/IFz2gNHWfO8Cfu3VOyaqrdzvjxxQy5
EVcN31v6araJVqWbZT7Wn1Tz3GM+/jn1fOzwQwcRU+e4Y6q39pXyuA09DAI7pWWRsR+y43bkSQiL
nbLU336JT1NXqN6wMSCwLsBOuObS6hNnBszt1Vmjn5iwibpljJxx5/11JcQ49J4tMbHNaf/YjtCq
7lKm4GZdz4KnaPPkovFG264ghs3pX8a5g7w/XbJmottsYLQtIChyjcPp0Gge71Zpr1s3dqVd1nl7
74Pqa+0f3YYb9Ct18j64NAKJl7UUk9vfT7cFdTMw3OTor2V8bMxVfX9fGAPPjreyq+26VCMfBZ78
Jd9/pNT4/B25Svz+fQideH6pfKl40eEIEZvCw9+//fBwd3+pCgRuEqeT55BWV5J/QcjrvTHxtnXU
/t1l66FVwedR9TJYL3drfdYvYYEeqUGanfTOoaznfZnvl+icPV6vzR3BlfxzY4z8m0irH6i7H3o+
H+rgun0h9UJqH0vFpLHYt0RCq9OI9elPsbLh5zljQtM5g/Mb22pbj+St+J5pcHvzw6J7jJi+oLGT
Z/q+ZCI2+Oz9xNtfki/Ed+Swhlc/8zCK4+3tTXvuGzie5NfaqN8rJ7CmgL078oJODNdK3STArtN5
59rI0KqI8mfTjSxnVu8sabslR0jjFkzgklHloXl9JjCf61v512qJF4cuWRxqGdttqcyV/ZMZf2rT
xe9brtEZGKacN/xQ7ERzWkSf/ooV10/CtjNHQvv7xwsuTqRl5JoMydjd4Wee2vxGcfT5p82GVmdy
K7oVO6aP6DSyvonW2cDuLURU59c6crkooOzRC6OhT1vvNzls8i3wV39bZ8/+Oc3R57VlzYz5exOz
t91yxx6959mqc6JJ+qO/Z79D7oq1RQe67c7y9nKtKMxd2fLEK2KnJGeXhb76AcdXxk4b0buabq7L
OySAYTq05tsh95dlU4pvAGEe5kQxt9c3cB/dVhdaPPnue/fNebsfjJnYNTbe/faBlT+42M8jeMI8
Ck6c2BZaNePY7Oj81mu/llZ3dWdNZRJRQ6oE40YXiNl1dKqjMGTvjffR4+ghhV5xbhrXUCPRfe3B
m3s33D/gzFVnsW2GQ3dzzzH+6Ce0NeW9QwderApc4SpnMUBfTcvoMyhtxaWycexeKKfK1J22EIk7
zD+53H8W3/jxUla/m3ZVYvJOjRNeM18/Vt/apYoLVsyd+rXzR3hVJcxxkf0R5X1w2N/v0sbBPdfs
+7WXsYPY69KLZw2cNmJiGPNhxOd4Tyk/Pan8NlP7WHZvFPNHwbVMKpvMnET0RK7in5d+bvZV041O
Kwt8Kr1OIrjd3O/BQMvIdqYgVtrPr/JNHh8KlA099y7EcufBxzzrtsqn6gjwlXQJa78UCJoSK+YM
qSI+NA11+/Hgl0BGflVbOc3Rxm1+KNEuccSaWvlNtYe7HRVDkdm/3DnqznK8Nphg8cP8erbjwvTP
N8UlzydeHP26ObvaT8b9iFSIvEhbaqp4CbrgO+7ozmDHFhuDSw1JA3ojfb2oXGZD3ysCm07c0Jbi
ozuLj244/Z6Gi0aXNZBlX9WYcq1AeHpZ5VQ8o2F8ilzumYvvV97laNll6MGhovgAU7l9ffzHF5ub
bx87g0ypuhMzkKIinGDFEVkj31OeeQ6Bv7PimzBzuxv6+CNh+hqkx9pW5M1DJ4VPxdyTV1uj9OoH
ck1n3vR+/QenbAhTTepBI8b+rgPd7vwrtPwtTjPZMuPW8ruJMPt6HEehIxN6QnfSi14fbzRkKrd+
18GCuatsiCW0b1lVeXZ6rQmPWuUurcodmnlFN9afF0s3LIxPPmdI0HLalVGh+vikStyVtDe0DCo6
jveygqQU8jRbjJ6+3lWqrvdktyMdN7vCJg2DrvatGjp9K+nflJXSSzFIaNJv8LfbLiPwfXiHc6Cj
xsoEjloO84mJKR7i/V0fwhO0qi2sz2/fzyNyL1wi8+5EgeSei60JPC96go/589vrrtj/zbvynOrk
vncrfQQ+4No5zEy5iP0ieYzdcV/59KVstS00iciTHwoHiwe6P2ReZu4e5TzGQhtSoldOaKePpt3b
m742dL3BhK7Zq7x+nbPCsj3ip0LdkdwhhwRdVku9b+gL2Pbe4WSawmnNBpsM9KV81uuxg+2Fd0Q8
jFYmJzIaVq8MxCVHbEg9/1Dsychu1cPb35p/3rx+X9n59Ot1bjwNH26LltV3yCf1OG0AnRl/4VJo
O6/E6xlo2WRimmS2Czc274h9crD1k+D40dP3L0hMx23ojdUXi1DxjZw87tgh18kqTSgtYHWSq13d
7rtWd2WAZv0afmODhKc7z8e+FFY7KygsuGH0+mmVRns3tGBUhyVS3UfomUK0puRaridWRcp1j17a
bHz00Yp5d8mxIlBImHO442aE53fZHRaHK1L3S6htiUAmSzzXzt94M0JfL0K2ho7jk6Ij+CbXOrzi
8sPV5g+duZuJT/bGy+x3Tlxh2CXysOdB27g2T1OI+LY95n6PGZwfNniWXGWhO21azRsxkMdcr7jJ
IN1KdQqpoaKa4cdKp45/zuiuGS5bvEYf5aDRsdPYZLy7IzSBaGb0sqHcX6OsJp/ZaOTbGZfRPMVH
fFebtjhm9oytf/Jr5VTX7iEwEFV8gk61Jjk01g/JNNPpX2eSk6Luc4v9tp0HwjBcd7c0JvR1/YWH
AiiTS3Yry65vMSw/8tKgJC25/uvZgBEdb4MvSfcVZbxSGW4XXjHDpgmxSfr7aVvS/Yx0Omm2SfJF
9Lfje7nd/UsFnc0tHuQftiC60F1pGNPYFucSWT6zNrkF/exZWVP03thfFVXFQ0f6DJkS3oVxDNm6
xgo6GBSud1FFG2BoX/Y7ufjom2SYV39KuUbsi1tHm288caVj/MNUmt7lb/c+7x3nYa1MkPE1y749
tHlc+7PqXtPE9pR64Y96mtGIYovpjUnttxXW66DbZ/ba9skM1vMn5mg7CzcWSWIt0pzWlAp3TwsF
FUoOhXLI1wjo2Kedozvx2syrP8bKR+LFiR3rFTWOvLB9dQTcv3VbEs4n0SY8JV0hJdqZDiEowkyb
J2wmmsCf3xjrlXXCufBoKU3FeD+NbEc/N3uLqR6f8MYxc/frPD3W1crRTRWKB4eTaBq9ffXMExq5
MQHRopxoOf3WgLHPtfKnhTuPjWPtaCoE3/iWnR66s8P10jALZsMuZiMtIo2Sev/tqK2THydeC7UO
IisCO5+G3/61mu+TUiHcI8zfowCgMfjf73aGb9qRX0W+DI9gdrYHy3Fk2Cj1cklSUISrZfvJFknB
7jT1ZJ9WL36Q+z7XSg2n5jODxDeDIl+HfgjzbJTqbXZh5WwufHA5Y+LZ4MNOX/O3Kbs9tT88kDJS
NL0arflayCitgJ/wU2zLztz8arHJzTGhwWfK1Z6Y+ERmahrlp6w7IedrzqjZKtL65jDDyHra1IKd
7x0qxjo1K9B1viOEI+h0h+dfw85r7/TZ2vGAP820pHp8Jz2Ol1BrZeMuxdhqU+01kaUVn7yu96O2
lpHEBv8H4crp5WKdA68SzyUPeW5tHK28rfuQX/rMxCHWE7eVcl4mi78MkQ/4OVYfzSl9fvhr5TAU
8ibZxL0wWrstq23LBu4hCQtRGqPyLYgrltsv+adzv8FkJHAWxaZv20BPr9blSetytChYaTt70iBT
Snrkhu1Vhm0ZEiGdTvIfEFncdiHZmcanD7wPVacTU+1x+hJENDMtANnN1mL1ZKRQtFiv2tB9opvu
/2zQ67t4UT0ePLJa8EqFkYp3mFQrbcnGnez3GDYp3D4WdevYa/Ptw4npjoqRfYSNPW5VtCN123Zy
p+xr0hx5huwrXsN9bSgMXHP4QK91uJKuKxOW5qSy9rb9koQMxngiAV3R0SNJw+zDfi4+vtO21LZh
Ju8lSiOp83CjPtdbo6YQm1WDPhM+Xdm1BW3Hco2rbWLlr3GkBvnRv/O7tG0k7sn9duOQYJfzN+nU
pO0c9MRVati0Gnm3+zrURoocHM7SmDqgvH8gPGtQwaMq5LtllutDHhHzk/axxFudMlnuNPUFWmZN
0+vK7LtRuhd1s2IfXr/NIi1k5cVf1H+GyRznZX5U6dKEoMdoJGvt6IsQDvy7qx7BPDQ6T03rgDbZ
rk/A894JV6vpYQJWtWVXJxMfsvJ26r6WB1unWj6ld49O9Zocdn8dsjqgX29ih/FkcAP9KrERQRTL
2xnvTwd5A3S9ttHOnBk+odtm+lKx9PPqfH4l2bLCrLpp8x1TcuLZjwc6d6wTbX4tKzW1OcVPzUpn
+/kUA+0VSQZmyPqwGq3We+lNbOpMAuVh4l/cfBPqWD0PInKYGplulOZq3b2RInztxdP6283aJqwi
u17LoAY8MniFW4oKb9xk7NzK7PIkF2mtebvGc82mmtPNWwu15BTWxq86bfhB329VuHEbPz5Yfjxr
oDH8VdvUd6unq04GSpr5Xzhgvp3YZ2n5mk7x7fi4bqV8S0TcYxNHwfamhvTgg/ax4gwW4qcL2DLj
Wy262Qu5r1a9WLm/+yvN6ifr3tCGHksFRqq+nXBy/liUxBDvNDb1U2krF/Nb5u+X3pyotOSN3DJh
80ZsZMfPu86IqZWvy1h5Ql8qrGWYjOiMaU05q3D/3FYRVtULDDfET/UdWPHT2OygTcFMxrGq/R0p
2wrzN2d/41caMvrUqjJV9eV7eakrXR+dyy/ix+FXyBkF6xPDGg2IisltNzp5PI8IHNK0C3+OeLO7
rgSYdomzdzJw1fHcv6n2gsY9U6mA2mHQ4WO6L16nbiplB7OWMqZ+OHtclaUnYUfuk6IuZaLH/Z1q
susiRkrxLppfo0ffbfjOkuspjsWL9DhUBnsIeRPCWi6NJHMytlwayPiY/GyLiOaKCwdi8vHt5WXO
sknn7xxme+KH0P7y1Mx6DacU6vXaUznPFZWPCk/TlY6V1Lnf44vziZDhduya+Xn2M5dos9L7ks6M
LxW2Hyymc7XaMZWin17e+3Uvp3+X1vT2g9NOBnul9fv53rCv7pdvZHBuOtXlVL7mJUvDme79dOwD
7m7syq7sSS+F2b1aNc3cTkz/nLa5Z/9lIE8ld/IXbmJPQQQcmeevfgBQqN/IjFkEmTHLQ2ZjKFZX
YQ3sMmrR7xBga44QCwuk1xPVCRK+7kg/osjKwVHOhssua/FwMFHeFys1kSTifUmCR1moiVXcg5CA
QtnZzm4zJewcJ5h8OlLO11H41r+Ov2os5F0dfTo9jZUnn0rt3SkHmfAvmcquj17hZCuO9O17kSUl
+zA863Nc7kgpt5Jq2cAJF442p0eOewPQ9/uf+gapK900mLALkP7+7BBm9Ee343PnoYpfmi5chFdT
dU2BZlyXGK1opbxvIb38Wp7vfmMqfLCYTXkTz9Xwt5NTe+NUcl8rnJ0IWJnCGZmmzvrFb/1ntsC+
/OIEqSZ84xrvCzJHn1t4eR0O/JY5/PVBg2cGXd0Rs6sfJ3Ka7lzYOFnwVH9r+4SmybPxowHRo0qB
qTJ2RVXfE9Dc9065b2H4kJirinj6vGpDxarCzI0xPZ8u2DzizxLL7pi24L/A7FNfPRR2IeZZIK1J
5eD3G5l8X1dgeHsHedIQV+t1XoRaqZbViid3miYzWwj4Erd5nb23+frO19pcIQ1fC6buTz0Yeijs
scUV/ebUyZ1S+7Tp8qXkCuKP4xzimWbapgL58y9jnxmVn9p+/KP5RTAqPWb4/ZOI+9HD1UM3IgKY
crW7Ejgv7ZQx4/pxafiLlWrtZTnVR4Ji+8S0NXUFwgkGzjY8YgV8+cw+So8EzngF6Yxqcew1KjQ2
tQ3OlrunHGAYGbR+uP+UQhFN16dpLu2twzX2I6HRnCGbN5idVok8EyK8NtTnMbDV7Fl0NWDiJCbZ
fFjRQJyt/LR66iu6uw5nXSIuqJlUrxfNT2I/nuMpd35t3w12F/+aqYf7TOhe6poYKUgpHRjRe+Od
qx/KvubOJVejhI6JmK7eoTibkNDT6S8Z9u67FUnUXdkadMD65SCtd9kDDhxTVke40pkRZtNhcd71
G1zWfo98vOrS+rVmxMq6qKe7NrjkrKruVj84WV8T/77crotGwR7f22zMI54jGnftAGFX5X4TQktM
Us6HzoNPk6TrP8n0ayjMPH52V3DfmuGKLZMbDQ6KXNnLVoWMmTqRXFx0Rfu68gUflevE865ZN5/t
NR7d/aVeOenxucAgvu2fnufLyiB/OWfQ+0aVoZ4plBd8/ZRQNqJvIMptrXuwOBa5D2FKUN0ncDgE
vL7txTYjIl+wuKWYIxAnEM+do8gRaGYVxeHOaS1oruXoM2L07PmQCrsOTVO2cIKM2LFb2y65Imp4
z22cjHudQqtIs9/rEI+1/IG4kjXeR1e9LLs7oddsJvBATqA8Mv6lYaaOY6pB35TnndCNK+psx65r
Kel/NzGvRu71yzq9fge/CVtvse2M3g4mDZ4c7Ju9zk/X4UvjRZ4FKMnq0733yce5XNua52ltdFiG
/RDT6i7uAGsGGb4HPOGHhRgSRdG2j2+6q49E8/qCYyNfB41LuGgvBXq13NnI+bnYwSY77KgWysJo
xjpeveDhhm0+iuW3Vqp5TaW/0S+p0HGjjc5o0BgsLOpe032FKStqM/BJHhh7dUiyU5YlSvxUw4UX
Jk/HTLMPJolzc+764XTzDGf5g7rN3h+LrhzaZ8OfptRXGGX6tqzFRsET8TLleGNRToLJhRsDsTkI
TQEU7unHFR2ZgmsffOxoCH4zSpOchZgy59CcnCxf4XxZcCdTmoC9j+OEh1v9cIXxqj3T5sdoj9zN
fazbuertyduBXjlvLnUff7H99fdQe8CnJLhOVoPuOFj7IEkxkdXGvfCHYAijGYvq9ZsO8tqK+Jcu
mmkqLxl7jW5kXS9BeCXTSHvsEy84Bwp0va2WQ3RnGepczbnOrxbx/e13NN3KgzcKX58D4p/XqEYa
W36pPXLYsukH9lE067hTBO2JQA/9Bx+0d9wofJvAlrSV1lXpfL6lV0gr+nveO9zaFm+nequ1x+6O
yXPHz1R/6NW9hEmpKqw62uuw7Xy4Vsel7celcmOMeB+Fc5RisTdZba9/ZA5fe0ABOeXGZVqbnWQ8
mT0oGpDx/ug6n/z8dxqNSR8FnzQIHX06/EuMacLZY+e+e5ryZ3d/f2/68vv+upjQFLjrmL97BUAT
CL9fCo+Gu47Z98gvw3WYefbguQKHjQ6fPVnVcuwu7m6gplq7V4pt4d2Smx1vbDiEdkU466qHFrqO
S/ULJWWeLgp8mmxz4G77I1/ZYU85vRiaTs+d3x0NiyperURobReYzuC8nomz0ZXOFLua775JVSJT
fqc3J8L0Q3wvd9uXoZ/M2EAnGr74zwm5F2+KX9Q/XB27b9Mjr+c5MUz2x/rlG9KtNDrSP/H8kPtx
2Rtw/tGdM/3O/dAvRpx6tyXyY1m+xnYvcadh8w/lWbVdHwMUrM9cTWcdijS7quHpd2jLE0OOaQX9
p4xb7PahLWvFGG5AXmPDQcMh8w5T5xBsJtY4md65XEK8l1jeYn/JoBjLZIeguV5s+qqEw3iHaIRr
5NuZn47b15rsHMliKeB+6AlkeDqAiNyLjsUvTHuI8qWmfcPpFx8Od5XuX9vcGZ+bntTmIXRwlxXT
zIoriqZhaZcQJTlNbFLqk1FIlPFK1Mi+Bg953mN8itWJPToItU1N264rO3zo47u2t2jb4xJhF8RD
wzpOtw7jIHHhYZucr+a27RMCa4grfctf0/Dusi/beCjR6WqkGLdcCD1jLTJg8lu+R17RdQ0X5duO
+tXNaZp7pp8Rxc86Pg1RzFSeLHlQl5TYzGZVqOmS9imr8KGiuMZE//hQpnYQIvHh1z4/j4Dpd48/
vn338YAH59YflY+6R1w8vMNLjaceKBcGtd6MarJsfe5mXdwiYaBSNrjyRoZGmalZyUPku2r9pqwb
BUwGyPVJP5LXmfMxzohuskssRI+wXI3ZGPXqdv77H/IcNy9elWNoUxp48YXLZ81Pz9YLTNXCVmPu
3yUONo2dHOGtQXW13AbaJrK3PZETxxewM40+Tqs/mPp1r/bDB72dcTfluQSC6EVetO+T+rgVcd0i
hbPvnU8lsXDXTo3zrplNIUQNqYpo94qqIzher4lzrfH2jz89K8hCvM9etYGFTmKEJTr3IPqO4GDW
/rOTFwEP/oIrCcKqLxreXetI0d90/I5IWYGtx4Xnt802s5zPmv4RVXj+8/0EoYpE9WsfGU2HgzKC
i8Xi7PRPX+wufVy1gnD8Uc6h0xX1dvzPVu7GO7393LLXUH6PxDE5Q73g/F1pz3e9q2ZyPEXH+grP
8BTJfJgrVLv+CysvINfK+0sxaWNN+fSrFcFKpTlNdi9qzrGg7SvMH9UxtBHVE3hfxg47JzesGvix
OhmJUznn/M1sirlPrc9ncvfTmWIxQYbSZ+rhZhG+LwY39K3S2GXozbMFl3GjJR498PXOiUyCQdym
8qdqN4iHtpyXto5EjTIF0iVLXjxT5N2uJDpt6hyl/16xlXA8GXFL0sO+4oVPzImPORp2q6bK40Q4
uNs/bdh8Qd3kMsu61LfqteqrD/scHM9k3jhxY0ZDiu/+94HMNTkqLixvaXtvYfsnrpzIO6Ko0Bc5
ZRxo5oJ0W3sKiTW871C1A+wPZPgkE+zNMPAwdXsZSwtP0tXhVd90XpcPKp/F8Kyb8tYrdenxauUL
EhK1BlQbmrQSacMQWmwblYsFslvfjAe7ba6pDeHJYkSu43rzNGlCo+uQmynXmjd0Ct4fTN70HKjp
8XpvOtYWF2B7eH+ZPC07w8bveoEGDzIv+Jwv7at2NNdPlipwvLG+nOCAwzw54XD3m7geF5Ob1Puf
F6JcxE+lhLtxZEvQn1QVRV9+r8tbKKAR05Z2q8wc/Vp+E8iE3S3jV4vhklLrON41oXPCv/b6N0Ni
nfumiqaGrxpebX3n1Sz8U68erv+Uq437MlloavY8u9Tv0L3Sa9go49brdmP1NO9VCJIq99LMj+GR
dkR0DjrcN9PX8drG5PyEHd8OA5sCL+lqF7DvLji0TsavfEvawX3JmPOMI8kTz0yP17M5HF/xdqbd
fPyxexT9B9ZRkTfW78yLNqWUTq7oU/y0+fyAR2ntK2L+nYe8fKf6kl2JkvSv5EDfdWlm3FeYPtCX
W7pktsY9OJPPfnlFf0R3DPvw6rd8yOtNe3VcL5m4TNIbP7WMm97MdpGlFukfWfght3tdWMwD+w6H
4iuTueG7WFjMhLN12mvto7uf0QQUcnjukfihYMTQUdvVde9yMf/gWxXGVyXfY3Zp7d4/4doXefoI
fpJ4/M6vlUeqdg/Cnc78lSQABoP7/QJvAO50Zl+k/vf6LyML114sR+B0fllDbcWqjQjd/uo9d3Wf
1Tk/I5bcsBJ7f7GhKEuZzUBD4/Xt4juHE+JexuDdIwyusCvdEN4XO5x66N2QaFvYyooZh3zdJzxa
FsbnZFcPxhh/cuoTyp447oAzai7VUqj2Puy/Prd0rPEMrZZUz1G3tsvnL9UoHAoD8SnW9vyurGbT
2olSh1rjaMu+jOodCJBrufk8fzLg525X9MSPR473S9w//drQ9TlsNGDbO3x+YoNJVlqEm0n1O7sj
mGDxCL/4G4fXG9I/bO6rRxnulagkrrrikujhn60p05GJZ+1inHT/hi24Otz3otKqif9pBcuEGn9Q
YldE2cYv3qf21x5eObxm66MQS5ZAPHe0rdvxCdGhUSPZYLb6th/1p3dcONbl8QY5wEi7XzKo0Wht
7Jb7O25KXzWm15Qc3Kjz7Zg7tuHHCqH4q+zNbtWPAw8kxwexlK71iLG4Ye0vPcVr7Rp9mynPxE9V
7hH2tMR5BTDXyNtEcLOYDiG054TewXdTA7r8X/HsM4KuL1j04omBZfZJfqqnP4DhE1x67ucGfb9g
DAZrD1sUvEpVa7BTN8xk+mmTHhcsd2K6MYf7aHMO3X2PLxF9TQQ/xBbD8x+Bl2eRm6eIF1vEm57d
4L31zew2a3Del/SGcM03z3lPOQrG7s0OyfNrY+rQd3XgUdn0Ti662DMWcE8Ar2tojhueUN/ndv55
g5XUKxldRRus+IOta/L8OKyxAnYZArsCevGsnS9vN4YoJg5vaWkOimDIqylu4dn4eMvVJ5M0Ha9H
dwvc/9wm4SD0PqSIf5wgge57G47oSK9D/qgKG2hezel7enDP2ttsuRJ3sPSqFopVh4UHnj9+Y1rO
3202EFN+27nbWI+pGF939VrVIbkp5vpext0r7hMOCtWuqbJLjNPcahxt0n3liaOKzLWeIM6ZfetD
Cu41OuuJfNVgP/OJ+c2+ZveoD6nmrqo16ILPP76LjrBEYKcQdqpHpd5pdHx6oDSSXOf+rKp7P8el
q/qf3k+XHdleO2zej+T1+lHPdkiymv/1xYO/wMhEjzNWFS8Tf7o/iXtgZXFPIj9WLPfpyyujMe/V
chkdpvoemx7kPtFjabJRLt1s9H6Ul23fbXneo0fXFXUi8xVvPN+oG6VnUeV7mrZMoCiwysE17qvO
pp3n2coGvZOaQoeVrnI/WHHvtlYBMqdk8JF/zHDTh5JnG+qyXdbr1/8YXafhZMY3dF66o8J5ve/R
cItT7qPMdSP17xjXfuc7t7beqTyO9VffLhnhSSxHUNapSXxtZnnCVvDw2kd3kIeOSVmZDhOey6xz
P9b3SrzFmta6u8TyshmmtYkp31u8esLw6cbiU1YCYPTJ1sKbypunu03Y36SnO9u5Rtdvbd+7+3Zl
tizm7AuJtlCDDSq+OFVZq8QtshGsh1pYmK0m6M0zzp6KHS68kZtRiak5f4phR42+k7Gxn2ijdMFh
tKA3q+7lE/XsYcYNXjl+dfq57Ei+KBWkmR2N1Fnp1ef5Q7uFz0R6ImK/I00V7/QNXwt2Ph8VevNr
FC9eW+7o6xQdR50Xt15/ZSgVMBth6/D86Hrc7hxD6PYxo7aTdjevHZf24b1HJ4r9Nmlm5BJW1HSW
vvhGSUreFpm8nJdeSLHT2wzPbdj4tfDesRdnXASqrvByVTh//Xmx9qbIvY3NWc4GvVLPNxerxTw+
5Jsdz3RdRNGxse00E3OjgPu5rDT/5GHell/ZU0BHweOM1UKM2a8aR8rOZ9Jd7brYKNX5aeTHhLJY
zid3xl61HS/8e++IO46X0n6PrLicYeUmnuCJqKFxrbihWdSRGfe1h3fNI3spPa0OH4fWxNae2yIu
Nw+580RrevX2b5hG9KhwnDyorfF4c9f1PvH+wxl7aZ5oN6tyDEucKX6r9clE+cxWp5XHx84UlDJG
+AVWFOf/dPco1TapbdJKSzboju07cEz4Vd+joIvmTP2+wn0lOgWXbxgUlbjUSD09k3nBd5V1tvBT
uxphDt1IU8ODN140Dr/yLjuwtq01vnnDzx8sKdu95OCOY/5eDShb+e04CPCnWkjXWS/LcTjH9Kiw
/nyQz6V71Vn41pfNp3I07m4mxFbuQjaKX39v9XBfJPudvnfSvF+f/Hz/IC+QY1WVGnO4PNchX7vh
oaQku4lq4Y2Jbzue1eY+tvgosBHB2HmyHvFwjN2uja7+2sS7u96nmGWPXnRJLTZEFLcH3Yt4zSJZ
4WpiKoEuRQY/YlNmmaSZajm+utng2vP2IL4jh7Du31Yb217fP9D93nrUozugI6cL69H6S6SL5/S+
/PwhHc9GvweZ7tVvNGp+Ft9aZ1lds6XZmE83iaP8Kf86Y3ETn3r80+whsU+pfG92REcx6u4/tpPT
uotLQ7129/3BrV8mxxLiiez9IF0M6nOeuul1wqvNa9XoXOwlz95arT+z+8Pa0DVBmFY2Xpd+8Ju4
nQJypfo6j9Y9Y0aF+24g1gwkKxskDwJMHWUvwszt9uSu8D74aqsE8ZKNWBIqZ81mRu4PzuIRiR0e
VSHreuxN19h1891w7iVYver4rB3cPVK4WrPI3gcTCDDlZX/qGHcjHJbdaz3B4+i69lnLRn1e1905
aFlD5/Pta2o/C3j7yaFuh5jSiHlwTQWpCG4oBIrXFazjlxUcLXlxoa5C7HF7mOkGju3ll1KriXzb
OF9IO98eknG+DWiJ7q5cIbqHTzdy1LHI64QpfePeRKlJdx1dbd0XHds/7UWGPeSSTVWTrj+4fWeV
8LYmg03qHzu1rFeu5jHkGnVmP0iz/gRQMXDd0v+9m4R9qcBTW6Jg7LaOEp/k/n63e5Kjt4VSNvdv
yR4OPvmpBu2cFuAorjl1q7fPCZvZ/vZMUH0famvFcIBxWm7FMV5zupTDJy02xrPxaDb+1LE6k89l
599QUWySPnVjyIv/1yYZL+akcE/uUWm5N92fj/PdYRfpczu8m4V7x5gKxmcYHc5qdT+yA0nk7xz8
RTuxw1RZ4nJvxa5i34KkTC8hZGP6tjoPj9KQKXumqEHrIuZmULsmO75pVdCLTSgvPvPoG6wCe+gF
Tz1uLo3o9ps6cnuvQb3c8SM/vjk9LdI+WWbI8kyuhKe+3+rmcVsFxbzjV5vl1/d5i7N0Ndo9MTiY
yp6XFxPY+PnICvNp3x7/SsdpWf1fp0HTtGbJeq8w6wA6M2xD0WZVls2CnjK83ELbuEryXQcKf+BZ
DlUHnnMLbTVlMN5g3lV7lXXDPa1cHsZWh1xRS3+ZR4Y5O9bYVWDib7HlEKK5Exo1BjakjO+QeJjD
aVy35Ujl1Zh6hQc0Gow3n4zueJEsN3VI9ROY6Wt/4JyDpYqyscPNRlPbN90a4cT1rkd/1Qe8fPns
VaLV5036Y4P94V2xHeZxNAlu2qVq533ODUrFTeLi1+mgsgMEuZKPR531aP0Sdt9ARI9GVufEYO9n
7uaVhTr31m1+qMr4Q6hL9NSWcZ9tSmzDPVPDuavWgQ7939YbWB4VHVNWKf8QOD15RkbM8ofXl3a3
h6FFR2KM1xYGBm4qKI/PPxn9wickChPDXY8uurOyvP4qZqLiCtL5tGnI5i+Kj3Zree9zKniDHvsg
Qrjfs0Fb6D5Kua8HFxZLOxERXms+IuJa51m268KJZIktHyq0t2zVyHzyiL4mbMYC8NLu348ql18V
fm2nqCD7jvMlzeHsZf3DDiV5ip/Fbb9tU3b5eqPJOtVSTlvLV99R5fn5tj0vwwYYA4tOvqzOc41k
G+ysZnVhkDHee2UsTDH4rRAq8saTZpksoz11o6s819Zfv/w4ILX7OPDoyLrTkxrJxCsH9JNvqF2m
/971g4sr1S/XqM4w8u2AcRqnV3uQtOLk6cccFw6yxUxFTjldil5ZjSEQB1I5BauZYh29CwWQKoWq
lrGDT4lsyXx8KXHtnHvbRe1LfeLkTL6uA20edkSvfeIUwst2JPTalh+Fpe/eX6rjEy04J0i3svdx
s8WXtwoHOVFXfvQK20fe+bVCcF/HAzjSE+YfEEED80caIABPEUBgWSnCdQOLmBQ8R+Cw0bNAh1K9
V+/Xr2rR79Dq4XawxfC0n3x8kJ+37Filpb41qH00MJ8+SVD/umEPsxJQGPhQdvqZ9RcGyQ93i6fx
tlEfXNjluwl8T80SdEbuS6gdWFvzCr/79coPgqbCPm0jHNFRHy0/OBy+eDE/Gne3Bm/DfPgpm5cC
u4TX2RUlIZ5ab+SV7jTYyafeLXE/EoLrlXoQMDrzjtda1Xx650AofUS6392qc7TFSqjKJ7eQyKoS
X3EnpL52MDisItatnaDvxIzd0fmicp+bysTR+PFDEkknV1cRe/U8ppjjE3L6GV+3MNfelGB6ETfC
YLghQaQmbZtzU/eWgl7FxK+CHwIvFHi8pb3r2iTARZMSs914uEYskMY56pbiwaMZn4uMw9ZJt+R6
FNQqOJwo6X+8hafOhjPOab2/E0ekf4LeNh3jl4iX9Pg3aE+6mSROfs79TekrDDFd6ayJwW8x6KZT
P/Yg16onCzCrXLv18LzS5OGSSfP3X/voDyQNczy40Pm93VeFg06weaX8luux5ycnAaLrvguqbzjj
i79j37CVtQx8ozXN8w+2CbiiG5/99sqVQweN5F62Gdg/bntS7DwRoMziOqCbGP5lML35W97NuJFp
Y8Ebjybs42qPPJINnix5nPM4iCd1j8zO3diV/dvl701WPJ8ac91xNtv3uyWb5/aQ9be29l2Je83V
4JuDK+h4eyNDo+K28zksUqi40SbTwIJli9XPZtSDKotmJ8+W6nbRrdfvX0pWLzFA7NnUgD9nzLEx
tUKZTkFxa89Bta1MPmdPjYaJ3WvjjyLu9g/FqdU639Dgf/DS+UvILf6K9Yy19l53jjpM7x6g+1X5
6/Uv/Tufr1SevRd86p78C5aN+z9n61Uccv5x8JPqaLJo4ivuL8FnR04b2pvtapaKbljtbWajEaM9
yV42gLMZywvqTDX1zPBI1rm2kuG1YFVWn6V55Ti6/tvwrdHQiG8M67DZlqu0p24X6Ue2KFReJra9
Y87vDX/f2X80u+xebuwgU2GtnTgtgkl19bSsRnKc0BmWHGx/o1Cs0/0XShPsXSbE3TvqrNAxu2+q
fU44edTGYv2Z6Y8IawWwAyehqrn9ozErb2l0QM214x8GzUp+PmE4SPOs99aLh/09rj28+8yPyrl9
Q/r93P/wNeLNL7o1p3lk4A8fz1e447GoucaFt0fssbIjXSFh42Cl4OpHvgyLdDMFHk26j0vP1Quy
YwEk1MuD6OIlgCK/8kqP6Onq7WFN9CS/uttan+hlJrVHSUVAai/Rzwv6nrKfl6r+7FcBLPkrpPut
BIDZmzlI77ki39TlaQbMvmOCYRZRoF/kV2qRi/AZADT51+yOt4WUIjQC6QX1Api5Qebj0f8tSzjM
HyzhsAtZAsm8gGReQPL4IJkXkPxVkPwlkCwOcuUmA/l6IgYUWSIo8igo8igo8igo8igo8igo8igo
8igo8igo8iho8ijkEiAGNHkUNHkUNHkUNHkUNHkUNHkU8h06DGjyKBjyKOTjagYMeRQMeRQMeRQM
eRQMeRQMeRQMeRQMeRQseRQseRQseRQseRQseRTyqQYDljwK+QIXBix5FPItXAw48ig48ig48ig4
8iizt5z+qSIAYYGOwC7E/C/rCB73h47g8Qt1BE9mBk9mhry9xoAnk8GTRYIni4R8K8wfrOHwC1iD
3bj337ZoJOFPk6ZY8B/MEcjskG+wYyCQ2SGQ2SGQV5hAFg+BzAs5S2QAkBQwQFLQAEmBAyQFD5AU
QEBiKL+xlN84ym/8AlkRkAtkBfwZuvxPhEUxfIqwQMxCYQFzKAdQmKIAJkDBSgDAU35ThARShATO
QSZFSGSg+dMGKGj6B/fgwhtr/9vco/40AwAFswPKnWwQ4lO4osAegJrzBJSlpyAfQIE+ALXQLAAQ
t5Bb1P/aMND/4BYN55aCwwB6zsFRuKJAMYCGcYWGaTD6f80VBbcpXGFBGFcUvwBQHAOAmfPbFK4o
vgGgOAeA4h0AinsAyP7hT64xMK5hl87/t7mmwOxc3EKAcU3xVZTbxhgAircCKO4KoPgrgOKwAIrH
Aigui3wztx7l2ms9ym3SepSrm/8hDYqP/DPgWXjv6X9bGoQ/Qx6AAIt5AIrvAijOC6B4L8qlZgwA
xR8CFFdIviZWj3KDqx7lclU9yi2qepT7TfUol539QxoUn/nnXaj/Y98OIv/UDRAJ0w2Q4shAiiMD
KY4MpDgykOLIQIojAymODETC1p6w0NuDwP947UHgT1QDARiqgZRwHaR4MpDiyUBgIZqBwMK1+23V
ArPMCMxy4ykgpelg4ylgxjCnTbO/yJbBMKc68zkDRcUokS+AnoOVOZWcUzFKtE0JWCwESBfwzjrl
P5Xpn8KF+lh5WTm52s1NjCI/0lXBngIUNZi7f08ABBfi1kLNnBcrg9TuPdoCwO9b/Za8yRgCB0kc
BKcYJFoSsgxoSSTREN5gAKwk+l+7DfqAtRsO//e7oJe82xtEYyVJ4crcrPBYSTzkz//NWRH+Pqsl
r/WGgFcSDekA6U50PASuaDR6VlhoDEoSjcL8fV6kpfTyIN1e5fF7drNvOPaUsvb2IJmR1N/nuOT9
3iAWI4mEQhzSb+jX7KWnkO8HoWXG4/+b67kw+f/HrAhoSRweCidBNFISCQEPCkRLYiF/D2IASSxm
OfPy8Pb0IhJ/z8zJwZro4klEOLjYuv59cpilJoeGtAoF+VzIc0iSXvyPnr2lHZLZ7NXoaGrXeQNo
atT+CIUXuc37D8OFX+YNLmkW/9Id5yCVaYJL6joeL4km3S6EJd3OChEj4EgLhhbAYnGQKVK/UJ0a
sSWVlnSROgiB0BwxDAjZ+V9pUbtOHVxSFecZI10ajAFIWaYk6SJfLAYDrTb1y9upEVtSteYZoxCb
Y2xpWlQZW5hjLc4Y6fJp9O8FQ4OSWGqUsNQoLfQui3NFpjTH1FKEqLK0cINtcZYA6A8I/+fXCiRA
FkqNFp4arYXpzeJMUWjNcbUkKRwVUqglfe48WxA446EIZJ4taAooHFViBGrElsSMeb4oxOb4WpoW
VcaWBRoYAkqSFHHOMwa5cRx2MZgnIymSGrVlocYctTnOliZGlbNloQaGdMc04TdnGAIoCWWfVDkD
qFFbFmzMUaNw9hdiVDlbFmxgSDefQznVHG5gcJCzQVM1aICaW0EtCzrmqM1xtjQxqpwtCz0wENqi
oHBtnjMsFgoqFwvXlvbrsE2fxTmjUJvj7C/EqAEjelkIgoEwl3RPyrw6YtBQKEA9ZKHmxdDLgpA5
anOs/YUYVdaWhyGke9oxqN+sQUE3DkBRpUYN9dHLwxAKtTnW/kKMmkKilwciEFFIlr9Zg3wMgKQa
5wDUgB+9PBChUJtj7S/EqLK2PBSZTdh+R1XkjI1qpANSQ3708lCEQm2OtaWJUWdtWTCChtAX9TsQ
xiBRi2dUZMaowSNsj3VRxii05vhamhQ1H4NZFoSgIeglXSk5xxckQCgGpxoYgNTQEbMsCJmjRuHs
b8SoQQhmWRCChpwMKducU0Y0lDEtnm2SqVFDR8yyIGSO2hxrfyFGlbVlQQgawl40/nccgobcDBJN
NTQAqQX6mGVByBy1Odb+Qowqa8uCEPLuCvY3a7O7K1RjA5Aa8GOWBSFz1OZY+wsxahCCWR6EQNgL
Yn9HImg0EkpwqQYHIDXgxywPRCjU5lj7CzFqrGGXByMQ9pI2T+ZZA/FQikuVGooa8GOXByMUanOs
LU2MOmvLgxHIyyChMGKeNQAjCSUZVFmjhsewg6bFWaNQm2NtaWLUWVsWjKAg/CXduTtva0gQynap
xj0oal4NuywYmaM2x9rSxKiztiwYQUH4S9pynGMNRUBKovDUN5Oo2Rr2LzCClCRAPn2OGpk14K/U
qLka7LJwBAUBMOnEAyDhMgBC1HGSOBzVwAdL1dj+giMU3ijUKMv2F2IYaoLELQtHUBAA/8Z+FBYj
CVDfvaJmabi/gAiFr1lS8yu2JCnqXC0LQlAQ9hLwvzewUBgQismpxj1YanaG+wuEUBijUJtnbWlq
1HlbEkPmqUHgS7pndk49UAQoJqca91An9geEwHfNcX/uqcN2zWGH1v/+rjm1GAa/nA16gCCJAnC/
SUHJJR5HVSTUImr8kqo1d6SChfhA49Gkd3JJ4pGAAJaAgvzHMg6jFjnq8bC1xoBo7F/PU/BLqiHJ
rqCkDIuFIJHkUwAI5tHQPJEQ+FN1ZNQCVPySOkiWN1kDsQKQe0FhSNY2q4LUbZkaqSWdGMl5kapr
5o6w0Ci8JOkgmHyE9a8dSkLyhoD178eS+CU9HlkIIORNSdHenNKBAJQ0gv/HO/943FJmiMcvZYaE
JRX2XzJDajEAYUkNJJOas4w5taBuGUseGxCW1EDSISEB9/ucDERhIceP+es5GTUlJCyphGTG5ja8
5xmb3fGmmo9RQ1zCklqFhuAdiaVsZ5L2IEiHoXjKfiZVM8ZQw01YJc2iYEbehoOCNixSEkeiNrsP
R12K1KCTsGQYRZbi7B4LQJiX4uwuC/UTEaqHFIQlgygQCaUmEJKTdwdwkH5AYsURKNsDVNcMTU0b
yZWsfxXkXIkCgMeQwJd6hQJ51ajxRq6XpY6JEBZiCX8URCChtAyF+Ss5anEbuSz378zNJrboeeZm
E1vqKkktmCIX//6d2myuSSpCQUpiQBQl2aSatqCpy3I5rmw2RQLmlZKcI1Hf0qQuySVxZA61ZkN7
JH4etWZje+pnZ2hqXoNcL/1XI0BBySzpAAFE42crLFAgbqkTBDQ19CeXZVMlN1enA0LDk7atIB8r
CcxiM2GpfaslyC0DTgAseja5nXNswGwVCfV9dupa+QeeLFI+8mc5F9wFA0vX4fxLPpjqQQ6wdF0N
QMBIYqFUbO6sDyT9hrLVvxz2Ud2rBIBlhEFzW5VzvP1lr5J6EQ+wpIr9aa3gAmulLkhqTh+APWe0
WEA9F+aikUhouQhLhLnLi/Tx4DIK4oClvRsO4hwF4QcBwkYoOEYB0BQxEK5AgoDg9V+eGrTUy6jV
W9ITzmEOOV4nzNcQUo/Xyd6CqkIsXZo15y0ACEGR6N8QB+DxS24WUvXzS5dnzXFHRh1SFgKFaZCz
JqPOvyx4CDXBZQh+Sb8JOX7y1EDIbwqg8SB5YrPp0n81KwX+LPxaBDn/LNVaBDmXLg/615CTqkdZ
ZoHQXG5PCYf/ksFQPSgGli4RoqRLc5V+c1nF0hkM1QN3YOkaoTnNJR9LA/OaSz6XXizS+Q9q7tIF
RSAKJYlBzp0ugMuI+JY1NSwai1zG1JZ03AAGWgwIaEmugFQRBEIpH54EtKRdy2UV0P4bdrV0sRLF
FULZE6mAYn4PBkAvWUFBXVWX4eTnKnXniP2lUpdqlQGAWnK3A0Atud0BLF3I8q8V61IN6JeuYwEA
1GwmNp9Ak1Ojv+TP1AOSpQtZUGjIySEx8zaMgrwfEkT9uzaMAfHLKTRfhjaSD9F+S518ikZd6lSD
8aWrXuacPtkq8fN7sP+mVWIJ+GVgGXpp3UUvrbtLV1D8a7pLNU9YuoCC4n5IdbeoeVpL191SrUIB
li6fWGr/7P+8LgRYunrin/kPBgoJQchGKenPf3eDHli61AKFgfAT+L25N7dvQ31z7z9ov0vXZVBW
iPzcz/zWHLXnfv6SMC5dlUFy67ObILO7EqRqMtysuyfvSlDfvaJObskIcg6iQShDIJDO3AmgJEh6
NAdyZmjqSSOGapy1dGEGabMDTwqvQMgD/H7gBsoXQKrZMIZqvPpnWcYiYPNnIcUiYLP0if2/BjbU
p7qkfv2z9p7wO7Reuh6euqdc+sSeos6UOu55fV66kJtqSROw9IE9lBFDbhn926xnc0/cMs3aE7Jr
X19fSQdnN6KHg5WTj4OrE9Fr1r6h+AolhcRCQpc64Oplbe/gYudm6ylp7+Xs9Hd7X/rcnyIgSiAx
t/jUA4mlC6OApU/+KcHB7Pbxb1fzl/1jqqVKwNJn/5RjuVlr/80Z2dqpP/pDNf5b+uifQoxk7Mjf
Rxqz1k69vJJqOQ+w9Mk/abeHVM8Dhdyz2/4oKOgkQHYAkioA/sUNqQPWbgB6Gcq09Bkt5TxifmKU
uPTfmdhyz2gB3NIul3J8TN6wAeafHaW+TfwfTHthr6hZVGqkDRtSFEuWGpq8ZfPfzi1x+CUdC46w
pGNZuhDhXyv8oIr0S5cizEUTOCiWwkGgO7fxBTkXyAYXw/r/YEy1dOnC3OYB+SlEcP48hPwY4r+s
e8vbQF66dmFuanMeEgVNEQqQl/CQf5/a7APVCGeih6MTEeHl5Ik44GHl4OIGdUQglwEx+OXEp7NP
wvwRoM4+CkO9bpKqv8IvGT3MSWfuqBoFgQXp7Iv6UfVypePm6ubqMyscNw9Xe4cDDl6QT0d4WKMR
yGXsVcHeC7VY5Dl3KAxC2RZpd2vZT8n/O2cChCWDDdKxBB77e3sAWjtJSKzUdwf+g/t7hCUjEzQI
zuaK5ANZwvwz6OQD2X+5umh5OwlL1+3MnRXPBRdzwEY1lVgwMzfS+w68PL1cPZw9idbeHg5e/pLW
rs5Stg5ORE8pAIlBEwhSCh6uvp5ED4Syn5uTq4MXQt4OMllPL4S+vhZir5b+MkPNpauC5qxp/iUE
eNxs6L/sCq7/JSfLKjqaO3Om6PGyY4kDHkQra3srLy+IoVkOljGhJcszAcKS9Zng0kUr/5KfRlPD
VPAvNSv/2PuYy/qXelBzsSTJ25Po4uA3a2rWri62RA+iizVRitw6pxtQzjT35yyyQmj7VzmDS1fA
zLtLypOY5CJEcIlHMf+3k1/6eIWitXPPgKGhBYcSWurPgC3Q2tnk1MragzxxD383L1ebA1JWHlA+
6kOEclQkKKVsoLdbUc9kz14oh8YgZ/+RhKBwGTNf1unL3CNec29Vof6M1/9y6kvHfhBEkPKOucdK
KNW4ZJf3tyOtOYWxtjpg6+rh7Ux+X42rtbcz6aVLy4My8C+lQZQKgrkt9DnvQt5C/5tWzO9ZWLlY
zU7OytPTwc5ldnpSs9GNlYeVM9GL6LHwv5J+pNkL/bMR8ffwEPxL6dHcOd1sCT5+fguGXIL/N035
f4OdJfMvELlk/gUu/S6ifwnXqT4gAC6rtIlSeg+gMJJowl9L76k+GQMuXdpEObKgVLjPnyPMlrhT
zQKoPq4CLqew6f9oS5zqAyQgsOSpEQgsXeD9+0MFK08i6bVtpDedeTgQPcjzJrUwSCm7WLvaQPkE
lGiSL+mYmwqpD/AntYV5xNw3pZQcbCl+ydOMVJoBxV7Q/5yItl7kvzwc7Oy9LP4oTP89EBKKpklU
BaSMTUwFEGjS6+oEXLydnCDhAEt8BkLWi//Hhzg8RhI59zFKwIz8lrjFP0bDP0ahJTHQwlE6YGAd
SLkuFoAif9xcHyysD+l9bFC2hwNRc31wAmbk19QtPg887GMsASuJA0E8ijDXhwDvg8RLotEYksXM
SQoJ6zQbKWGgoeb7ALA+sydJWDwBjZnvBMI6AVAAgMUh0VC+M9cJRTofAaizBdk+rAMpfsCBGAz+
96Qxi/QizQiHROLQ872wJLeI+qecSfUUBADKAud74Ugb6tglpoSHd4BSOGi5SInAfC8CvNdsldw/
iIFIeC/ylKBkel6UICRvyrsIF58SCMI7oCFEBPFIED2vQSBJ2OilhkHDO2BRKNLCks6N53phFulF
1iM89ncvLLwXBkRCUSuetM8z1wsHX5J/TgkP74AhYCBfC+nsvBqBhEV6oaBQGUdA4+cNGQnvRNqN
xSCB3zqCAhbREdJGBpaAAuaZQ4GL9CKd9qJxSHB+VijUIr1IATwIRcK/x0LDe80+34nGoX+rE4ok
dPJrJ6nAFHaRDv9EIhQO3gWLh8JEAMDj5rEIhV+k16wS4CCjm+9FgPeCLFISiQR+D4VGLtJp4bKg
AXgnsoWjUb9hCQ0u0gsFkGyXFAjP9ULBe83uamN+k0Mv0mUWkFF41PzSoRcR92xVGAaS1G/+FpE5
6TkPAECTnhef67WI2GfPgPEAqYJzrtciYierAR787avQJLETlnBHGOQiHRY4JADehYxf8+xjwEW6
wEwcg4L3oiwvHv2bHBreCw1FywAk8N8WjMHAe1FWDo+cFzgGu0gv0svokCjIPud74eC9ZqsNUVDq
/Hte+EV6zUIvCoOZ1ygMJHDK610XFzgWuUiHfwoc4hLWhWJ3GGBeApBcYb0WAubvcA5WAz33xtjf
8Z+xttb8pWmQFOXkKDd5yOz0I29oCRwg2jm4yIpOVN4RFXCwkRU1wmgjtd0UifYOagEeRP0Anb3W
AY7WBBvRnXLQt6wgykSEn5Ubwnb2Rh5PAaKntewWRT0tlS2kDn7Sfs5uUAJiJeDn7OTiKe0nKzr7
FWnob1KzlKjAbBcvR1lRY+09AqSdS0cHLwEoL5UEEABKQsCWlMD4uno4CgCSWFFoSA8bW2k9JRXK
gND/ZEX/SKx9UbO5EkAgEKSgRBoEEVAPhKe/i5eVH8LFU0iU8j0H4/mvuXhKzs5pdvPLwVgKUh2p
OUJQAG3t4eDm5eDqIkD6v9UBV28vWVEcHiQCtlYAAmOFs0YAAJGIQEI/CDwWhUfbEIlIGyv0HCW3
P2b4D1KkbVkogIdoyUB/Su/xcLXxtiZ6yKnu0RJQtXf19CKTFiBIIkEZqX90YZj9hibRHxKMjaec
mDj58/kGBhmpBbP/z/EDrdbi/EBaQJGdDNRHWhsK3m39lay8iHKkkgEEkoAAgb1IlDQaL40CtyNB
aSRSRmpBT4bZrypCOulFXM5X/+j5x1ddPfZCeiRHyoJBN08BH0gvSQxDk4PU28sK98d3KV3/m/Ky
ctPWXlpizs4kOyD1k1aibKioKy2TitR/bqY21vPTdPP2cCJv8FhLEZ2I5E0HQBKA5mljLW3r6uFs
BQ1u5ebm5GBtRaJJ0j9o4aEPvRy8nIhys3OSd/Ii/+HkQCIh7WTlYicr6oewIdpaeTt5icqRz588
7YmkBI98PGfthoB8DkIASnddnSG6NrPDewpANAX0SZuQRAEDT6KAq63AXi19ASsXGwEl6A/y+jk5
UBZylrDU78lAf1mTV5s8H32i+9zEZo3nH1+e/VDqz69Af9v8oRr/B0P842uL6JgUBc1If85jpRyD
wH/o5z830G8HAS2JrKgvCf6JsIugfvufOagSWwzNxBmkZo0PkgHJdMWUpElmjiRArg6Fxs9auCgS
KQp1g6DhLz0oVixG1dihPvLeXvZQF+ivOYQk/Q35xINEay/Sn3tJaiL2H9NG8Xmf7OdBtGVACoAg
wICc/yGdtUOxu60AuQ1K60nborOfuFDaoPSbVFD0jzYQwJAq7/7RBkA5D35BG6kZs7ANQGMWtkF0
8Qvb0LPRx8I20lNcC7+LBxfOGYQiJ1gbCMD7gSDpZHZBGxoNbyMVASxsI5VTwNpQC9sAPAYDkwuA
xsHkApI2fWDjYeE08KQyqAVtBFLJyT/bIB1dKD8QNXvktaANhVw4PxCFBmA0UBjSvtiCNiwImx8K
h4J/F4+Gz4+Agc0PjYTpFYieLS9c0Abi4G0oPGwuUIoKb8MiYfqHxsH0FCRlNrA2Apw3DBLOG2a2
tnxBG+kppoVtKLhtYdB4mAwwGPhaYnDwtcTg4WsJfRXGGxYJwtsAOG9QnghvQ8F5gxIXeBsGzhsW
i4e34eC8YQlIWBsOCcD4xc0+bbmgDQRhuoFDoeBtaBhegTi4rUImCLdBHCnNXtiGh+sfjgDXPzwA
w1gQP3tksaANBecNMiN4GwaOV3gsGsYvHguzGYAAnwup48K5QE4ABZ8z6bB0YRsegPcjgDDeCEi4
/AizlWwL2kC4bhDQaJjuEjAYmF4RMDBdAwgomN5DvMF8ChKLQsLnggXgNHBwTCQs4o8IBJj8UEg4
bqCQAIwPFBKOGygkCrdwzaEZ4+FtGJh/QyFxMNuCPADM15JCHBhdKOaB9QMAmN9CASAMI1AACrtQ
pijID8L7YWCyBwhY+LphF1lLPBzXoPFQ8DYsDNdQAA4Wl6AA/CJzJsDnDAIwP4gCQZj+oSCnB/8u
nF8UBJ4L9QoFLrJGi8QMAAEPs3NILmiYjhMwsH7QeIvwRoDzASkHrB9qtkhkQRs8XoOaYHaEQsEx
FoXCwWI4FAoPixNRpCOLhfaGnH1PwgJ+sTC9BwAkDHeh8WCyQqGRGNhc0LPPjyxoQ4GwNULDMRuF
xsD5QGMX4QMFszdozjB9hiJbmN+HxluED9wifMDxHgWFTbA1wsDjZxQGhMUqUHSAh82FVIIGa8PC
/DmkLQD8uzi4L0NiYP4Dmh1MzhAyweJJaDw4TmLweNj8sEhYfIXCAjCfB4XAi3wXRYDxgcXA8gVI
7WFrjsLi4BiGxeNg4+GQKNi64QC47KFwHN4PBc8hkHiYvkDyg+UVAKS6MLzCoWExNQqHgeUQKCiW
gskKB4+zUXgk3EfhAbi+4EECTE/xaDRMpngsfC3xi+A9ngC3DwIAiwkhFEfCZEpAweNnAI5D0Ggw
XANwKOwiNLCw+UHQBJMVAQu3XwIeFkegSezB2kCYrqGRKHguDsUR8PFwMJtGI/Hw+BTK2WF4hUPB
4hIAincXygoaD2a/aCQBFvugASTMl6EBuC2gAZAA32dAwXANyn5h8RqUXv4ZK3t5WDk4ET0YSPf4
6TsEEEkbKwJSeq6uXgKUg351F1tXAfI1iFLqSgJmMjgVlDJeBakIoBVQSiissjzk4UAVJWihcfI4
DBoj9/ceFqSb9jy9rDy8Zrdz0BA2YhlERJR3qzCs+P9//oc/5A06SAmcnYlOTgg3ooeblacnws3N
CoGcLZD8D9AgqRoUp66YNRgM8s/fpE8gI0KuAEjbWuQ8fQUSwGJAcIUA8j9A+68/3iQtFBBYQXTy
9Xexod7vb5//X/ojskdJBQFIohlE6sdi0hn+qMqjnGnOFs1IqcweRQpIqTiRzoaI1q42xFkDnt2q
9kstNup16VVhDewyYnofu+aU/T5Eo6vOy0zalwraazjsH53cQIjDCpa3vNMr4RuXmmh5f0DD4xit
O6I2cxpMQNk9jL4dPEHz4sPlQ9lDg2MfmLC2bCuOfrSN/eIpZdoiqNFjd+uUkNSJ7q9B/JtEv9aZ
HHvIX8nZ8zGQrWiiTwgxMB6uJWV/V3NGec21w+0VTJYqd262RbxmND531gjz1pRr9bmc7KNHTlz4
7j9arRFRWJfuV/VNml5hQmay8d3lxmujTel5bTr9jmd6LxQxGl3rf5Gv0uz1/RvR8VoTcrV1iHML
jblReXtWgZ5B+pczUVLGZhJdV6pj+neN0K3vrai4lqVS6C7kVUFz9F32geRw2+cy4QqcsncPRhQo
pVkftFJf0bi5hlii6Hzi+f67Iog2MYlnV5gYL7rdbY++lia2iZPzSqpT9HoCvdvVcwZXtzGh49Js
fXcM8AY6fFxH1D21TXndt7AxMNT74I6Ply24L3sjsm9PdO/Q/F5Tx1iL9Hgu1RW68XIJqrRHY3WS
RgrbdkbjU8XtNekr5f3L6pqC66Iv4rWd79K+S2huPsnIuuGU1ZhhDyJGzZZmk6bUsQMnt3bk5BGL
BUXTYxBZId6jl58Gm/LU0Bwv87r2EXdR4r159i7BLUn9ioKf1zyfdL3eoG4Xdstt8scTjOz6XmBL
nJmDzDHH8Pqyp7zNuUFMmgaAZUn9BdrRvH1ox8Hs9E6xLCYbE84G5LZNlh3OdQcQjA7Tt2xObVXt
Y7mW+mvCZIzpnP09v8hnRtmGPXpa4R6jQt3pncI02dlBSLNvZS080bHHHVf6OETTNwqlrX8Z4am0
ZnRrS8Npxnrnhx+eqIdkrh9X6KarafaPd0pIdFEW0e72LOcre2bA1nKq4/l6wp0yz9bPm6Vc1/4A
dscUnVDRuimZRbQUe3hLnEHNACM8+PTJ64A6PQZ/UWblsdRHM48Pvq/P3HBfRzf4gmGnJXY6SHmV
O/ghSMCn8NvnPjZbz433qmul7H24Ug8dwe+cfHHQ68ULTr21r5IShHdnFviVcLwOq/S8zyeDlWMO
ftqqRadik2d40kBU52COxGZrw4h95QE66yIGcnoaGHQ7cl5tD3sj3IL7chF9ZvDnt4OfBo7r/Jqo
OyC682JDbGiUobbzRQ4vH0ZF01316s3eKLVqB9aXiRm52w4HcxzmEK8repQc4mP8OOmtnpDK2e92
GdYvWukf2q8/dAT0VXO9fl3qwQNQni7K5bjrFdkw7HTc89TylLpUb8HzskbV1gfNE2++QvYEqXYe
mWw5Kl7G6HIC3ZjU8uy68BUF30InjftdDTsqCrZVYnZz9DlsN/CMautcs9LWVU1uVCFzRiVbrcDg
eO7W0UDVIF1nBPfT6Z7tmrwWXOlb5a8Wc7QI0ERVdwgzfd3SV19/LXUw7Yt6FGP/dQa9N19OEoeT
rxhPlXC+e7AlUIifJ/bQqyp8bCv/yCvEVYmLo57Hir4WPLJ6E/hJ5/EhBM6seTBB0TKmdvpN8Gji
MRb6T35RN2rTdrW7GO8iqnxpMGdzqpFBlCoGC26qzBo9c7Ey82kqy/17fWPdU85u7eeLgn6d+85S
M5oUre535N29m6eLzmU+jPlJ9zj6MBt2J2ESefHL2jHN1RfchMINmTIaxpPWqZXYWX/1cw/Mdmmt
iFcvNnw+bR4Y9H364YknL29d312wtsqNL1L5ngfbqZggPdaMbcH674jnmZuRL1esm9lZJtnuLdbi
qXJuN873+bomYS+z6Eu5KRhl/Nswlb1CQZKMHF7RmHfCz32idLEq+KkqfDT7Sbdf48MfGbW+Y16N
TKZJfD8kjl1bvTPGoKet/+hK57pxOdjh31zZMhR5gr+fyYVBNKUK+C8Y3WrS6tGLZb09Ku7joY6y
Rs1cxssO5Se14K87jsY3rtxixMYWe3HlnvBv6MBOSbXwIJtSblEb9kahALWXte+ORPTRfF5nXr+6
6/B3R8MH5/uFCwxRLC1GeXZndvgGea2T77SoRTPx8sfiMZxhNx+3RH588dr5FwtzRYo/QuJjQu6J
BMYgnTeh7OUOKyIe56a0B5/4ydZP/1pcoqlbatJpyuGzLfDd80nUuHufa02Unqj6a8S7So2M3D37
b8c7ZVl9Mc8wt8oeSBa/V7pW6j1C497gEb9XGx2jhthEvuRxck0F1SXRHWeJ2B7LKWDNZqStOyZ1
TLyN55li9Lazh8MKOKPWNHbxXD9mQDDRcmhEtSpnWdZ/uv/sqvoxu9125yfqzqfwWRYLSOQJcJro
H8jafMxoi+o3cUfdR8w0X5Q14x1arESU/b9Jx0WBV2jDjUwetbWZ7XtCs9990+T7zxjzKabtIRfp
608dOS19eeUuRbpNt4OftwlZlwN1DmPCR9o83COurxTgjRhF0qeJSafVybNuR1UTR2jHO5qr7/rb
vWCuUYg994KhK/eYo3iJeXELV84pgyut11OZDlxhiwrdfDbWIGD3a/CpXVwaV9vdnU5uJ51GVaMn
eHQdBoMQjEIIXc19GnWfi6KUqmW89aTOK44diuYRue5964bW7o2unwqqG/V/XbkR5KuBuXLX/yOn
TsZd3xE+f09RnQz2qZn1ilpaUwDTK0mvKNHPu5JodiY/XU3ciO9O3ZLJ4d+BaL1wvFDcS7QpHZ0+
uVlbOYmZP1I7iVkHu/+ihL8Iw43nvziuObH1MRM9c7AzbmCTxJdHHu3QKC5iGbmTE5h6lostbK57
m9gS9KyR3MSNh9HSxI1+mklKKjR698KrXsa02rHvsQ3DJVduarpy39fi165uv6BDeRNKP2dsghq4
r6+ZEis9aeW1qv/1zXOnRRw7kg7GX2gJz0iWHm6fEY1nGCo59G3nHltHua1EK6Ve0FWhKZf+yoHN
aSDj+bGffJhXG52jQJ7tF3n27snfc+DcQG1W45q47uQYdZMXO36c9wov81OKUWWJUHUCv/SGYlVo
8q/cxc206ahHaHEcMzNEjzkqD645vDmL55xkv/ctfFqkFKMcdxqSMVXr55bv5mEWx79WOO1mOeLH
d7OOp9WEmeii8P3Hm/hEmp380ARSnY4EB3bqx/Sf0VZIEnmeGBfiMJJpBVrw3RRNjNkf8HTSZrq/
kkkl64c1Pe8F0KxIVzzluw5rHbuerTaS/87HgoHxg1OPMrV3JYn0XIm7d/Xsl9rG+ggV1xOHc+x/
JWnu7Wc9sHVPHxvwTse1NjPQg5Ca+FqIb//WMPay9a08oR+dnr43qU+4znrDP2LjozDWzNuqE/vo
m7IOEHX6rxUHMQAnIx2fpE2NMjtv9tSVfVxgNWgWECwyprvj/2HvzMOp3N7/n0xRZlLGLZTZnu1t
qISizBlC5imzzKQUUSGiDJlnMmWeQpEQipAxIiUyKzKkvpuNHPvszTnncz7f3++6vn90udrPetZ9
v9eznvte63n2vl9EnccJjkJ/3XiVgrzDYp7BRKernnM8VGfCsiBD40P8jQEy2+H7d/IEFA2v4T0h
a4bnDEnhUU8x9BA5VhckipsddfTjjAp6Hf1yyLP+Y+Glj5DyGAjjj/Efsydknlh9PPjyQNP4Udk6
AnWjxuxRULDIci63FfW+vYHzV6O1rpYsTqhGHa2q2z/CCPBoO+pSfpHWLYYmuqlrPjGG8mUW0vNe
7TsLz65lPZ6hc0qX+Tlc8y6bqQUp2VV+cn1OSkr7Uc74/Ezmdys21pEbQGWrRtiZuRqzXgutDha7
tyv6YcL5lWb321P8XuQXGbYVHpfvT5jLYQ9Uh/Hf/SH5QdM23UjQZ/5AxrzYSW67yi+csHSVNOdT
14j4u30ndQv2NzKcnpWhjucOd5cm0GS2aK+VOptX30lnKMXmZH7ySNAUQ9sDEY3OOjGrYiINbfpy
reZanoIP+y2fXEG2ZdYlmPL12pYLsQneuUfaJd5OHtykNpqNpwq8O1t9z0kS3PrDO6eWlJP39WLW
Q7hcm1rX549M55Ioa71VzjxnhmaCxkwOH3C0ZRxSteCOWCofMwYrOkKlGcXvtqbbhAjIpNFNGVhc
tZ5Ynmi1f1otaCTr+/wFi38SQQJYyZD1kQzhrI+uvmkUher5D3Hn+GWk+gknIV5pFa3STmpJ7kGM
kYy883KnJGJpoRHj7jd78iwV8CIfZrMpP5ss+dQaZSX9tlRfJMScS5jC7fhHrz6DIGlvUjmic6HO
yFQR1clJ3RbKEP2sxWD6i1NmlV58XiQKJynSLaV6Pyddr/KBst8Wm12QWGKLq0/uueObWmTBraFx
xPj+1+ZIQRgnPeHUQ46Qd4veZlG3vuss277q2PezzrBIo23qRHWRtwxG/tv8/QpICAjc+HBrsbP1
BLhWlGzHBJilJmczBKesGFNvytJ+pjSnr9FhoAS1un/kJL0jzXtPsRbqTzlBkvzcvZdtUJsUxrOh
E+MCOSM95AkU921YbtkMz7ATXpPG87hloXPlxLvUgiId6R8wC0GS4WtRr7jll8agkbXXJEf5hvyC
dEZnmu5NejBaA0cT6YUvMAi4yp0QxIse9I4l0JBtbB2T8HnwQfDuD5eYN3nzlalCjU/LI5O/p3Y2
M9t6/fKONLoW8Zp5UrtNpq1+8os6e0NAbfOpCOVhZv6bhea8o2VdZw29uwPZWYx6X7pxkkmJH4JU
IOY+X2Z6M+s8zcmTpDpWe6wMVpYyKaMpc7K33SrVwdDs2COa5mAPtutTMoAYgUchJryIkcipcuCs
qf49ZsBErWVyOs+bj+GpZoQ1N8Kp6bLm92mmn768h7UtsSYwgeu4rO5x7nPer4UKLSnN21TTg0IJ
uA5xC6c7svHyFLK9ofRJs262nE5Qe7V0Xpj9vPktaDR1FKWyVmM1/7TfIgGPxEr+hYu/RMTfeX48
p2WGr6PgVudHa6U1gbd3Uky83FC6lO7t6WnloEK8FFhZW2k2X+s1q76cjrSI71YXDDP4ubLmj31s
zksf3wMzMd5HHJVV/71cYlIpXP4GB00STI+hwVHbhiFERJ6mzuUZg30ATFQmV/VCy1kg1T2Pmjil
7veKIKWIxSr3s/lc37w4HGcrn64YhybPJPseC1Dsb2kzu03x8/BScYh7MGdafA2err9jxNLlexym
Ay11ynmZjsmdVwIcYENKbQ+ya9O5fdKD5F+GZjP2jVuovPjo4ne8hZllrvZD0ZjkT75XN8V16Zru
dp3VOtR3yp2mTEpJBl8b1teNP3nUQd0WL9SXeP77PpH60WzudjU6RqVBoWynN2YsHd8IUwHfSVZy
8xQRCroXSrnD3+v/XKjmN3a3+zZlnK3J+ZCafojaKlcFeZArvcLb3Tuo4IYdMdfbbyFInotdlcRz
Uk7cZs00nwlkCBQi5gKmrztVF3ogLyuwn/Bv9pKVVwUP9niUP+hJzW9pTnmpUbI/zIK66eIZBNmb
sLG3UPl3CuqJp/zENW0fnGIW6bpsumw1EWn+KOPsFKC9EtwPHubNH5377DaoRdwEby22gI6QPiG+
Q9swQNSXYxQoahF3cGmx3a4E9DxS/sttPXW3FuFIfpZPfmm9vmT7VGIZKzKMck0S6foAWu79d85+
mk3VzwzsOhHsSJqiqcnb8Vr/fda3L+5NaiRuLk8vMgV1vYi8RshESVZ5vTj3wknHOLUSJPusvE16
dbezfc2bOv+rteVBJ804+L44wj+dM73ZmJIIIA/xXfiCGL/XADwu80ndpsY0+GfE904jj4KG6ItV
4kiqapYbkjHsJ65+RviXa+UALjOdtKm2AHp9FR7E60t/ylkMuAtzmHc58Cw1dG8lOR/TpFOP6HmS
qg9GERbnEZ0CgWRhWgffrdwTH3bP42eqMaZJTTb1x6OvACGfWjDt15GNxdsP1tIGtZo6X2Ceb3mq
aHjTuLrghwNL2YcYnR6wQtVKP+lT92ARoTdcjmKERMqdeekjc5+Hk1XdG64Iyv6UrHKv/jwyeuw5
Cz3fanpv6Fj4xXo0ySsTI/5tFltc/eXI5qYAivmMBrar+KcuZ98Lpy0fUy/Xijj8MGiOSmOCO9oI
/FAm1TpdniKaBTCrdEpu74E9mvo2o4JTxymTuHvbJLREDIWP5LiwPvH73FxQn23G9n70YWe+emyR
w7d8i2Ab5yirg0Ld5s4SGXK/Lk51ZFjK9HaKuCJiQiDdrnKx/am6OaNfx4Wrld0+wq4+Jf5GzmoU
+cJaatmug9VVTutHr0D+21cB83PjjG6lvwznrU8sm3VMyZX4eXg/6TbunZCrWdHbK/J88EvWeeO4
mbFQ7ZeucVqfKipN3c6/y//a4DjkG1tKcpG1643d5YrgabXecZNCzdaf7B84e2LDIwjaOA7Bqt0r
Kq5+pTdTaKDMuDLvnU8Weh7x6GQpWFC3KTuse2zshfUeS0s9moL09IDxqnx8AP5jfPdrdTcsZVxk
SrPGOkYuElqRke9D4IswURKmvLfLIzOT8L33o7tMRO8mDfM0q4kXINyS8XUDnXpyQyGSfIz6dmjZ
IFljfF6Z8nFF2yyKi4pZs/fhfMT1IlbQavKOimmzJzzm7iNeEv71CTmFwXqyVJ0irx0Tg8aiyK34
iAgd64z4NMqdk+xk+PWjYXudxxm5HXI8BxaVqMAJgWWnaaUl5V1GJHJIhp/NUvdG+OKr93Xlazq2
R3j2hQwRfQZk36aSD1B12eOiMl87eiUEv9ZNhcOns3iy5c3DDNJL/UUCnw0yZVjvm7z/LMbyecjH
5VJW5UhZltL908wOyRL0T+RZqtRFHQ7xVfl9JTlz36aKRlu1IU5jIDKJWpHHMQ3RQX41ZbjdVVJg
0PW1FnHBTc5bpDFD+1Pi4p4m+IcU3wQXwr6Xh7wFwBkaWCZIHfYW0ihb8Jjh+YKMAkQda7vL32fg
V4tH8JxUl7P8xHXgSy6NslUVTOBc9H6Z4IMG3UpWwPvtFa2qspQABii1idT0O7WQaUkyWUkS/A6k
Y8opQm/6epp4Trs4dznDaEliztEe067id0aNn+xgI9TeA4Jy3pf2fhEKHXp49tu7c1fxS3JedWte
uZY+L36u8nliANiEuduDjXuEYYKVjqZ7montTQ7FiCh9muuiNL6elDV/0xmpG5LiGuytMfcGqCq6
aXM7dMrqBJT3L4kWld2WlXA6o9TMRcHBwNegQHjlKhRRZrPcXaQqrkkaRArlOhPRkZ9ruoiPV8D9
rUJAU5XTgEP3kOeS022Eqrrn82OnfXmGu30a37kHjBMfeyJNe6868ZRKb12H6YwoWUPH3M9vCkz3
vj27zn6ykDsrQxWcf4bgOsOEK5CvLlcjhODlUWdt9sjhmm5QJIdmC7MzkCQ8P/SF1+f3h6+cPlgX
/vHh22i851Qq4JFKzlOc/PPqXtJX5w1DPtyZH1Gxb0WeEtF0+NTeNusZ+PXRlUSvx7WHPoQo2ccn
vrhzI8rhxcvs6HlnFm/PYFv+A5er9Hgpa1RfuLeuGJUX8pcEv3Yj0QzTJOXpDuoaviTDM9ty0QQ4
yFH35GZDWmJQkoGDThMgnUPaLNas9OJMVU+DrvDrFudPJfTEz5SMXC5dG1VLa26r9KLt2ksWL2kT
O/lmuF8tR6qU2puZhjyZPV0gWd2Ttm0wwYXvQ0Z9LHJldpS9RPF2c5i2B1kEZZ8RE4OtuISl1CD1
5aN+rO0jy+yq7NaHmkvSVerw6+/QZSuxZnF9Qtx6I0sgejTVP73sBOFVhl/1SbceKFnr+bYdOq5b
fid+ZFq74U2+HTiEKfnt85BlyrR7v55RphWRJ/Hm3mNO4ikW7Aof5m86Fk5zeUY0allW9guAnCaf
oUiOibfWO2xOlFzvgv7snU5ysXKG7ymNdtPHHpvHsBwrZzo29At+WZB+bNyk+M79mWGPyJLibvPc
7ovXTROi0z50XXpcEeU0p6mWXewA+5J5G7b4hsPr0QAFaWLilz4bSk2PW3GRI7kOw3v67jQ2nGR/
FkinZsj1VfhR4QD1d6JH7KcVWW9GfdrnTk1cb8x0e0g6KopCO7xg7OWea49yXT2mHmQdgNMUwdIz
MnmC8b8VOwoixUA0BF+v2cUfd/auVajiu9aRdozoVpetZPd+9RckSc4aE6f1FHQTL1wv1DAam3Oj
OVfknJ5tvPfqj7nJc/hFbkviSVJ+kaU/+Auu5Y0Xa3lHmq4s4ysFLiwKLT1IVcR8ErXxYgAEQ4A2
oYEgjEy0VrJx50x0AZWJig72janrhTmdNlhg+5Ko4RBFX9cMcUyo1XQ4OkQo6UltHqy3RzG9zOKa
azMhQCNvZfhVQZ5YAocn/fehKHvBH3dfKFUbLJF1JhwuXwEbW0CkD618mQMEmirBY3P5vnfOuEdJ
cUfKDzu8MVAkG3l582opic10S7H4h6Y8W26G+WskbfbuVJ9mRA0bzQeKZbtoPdqgDSb2RZZEJ3JY
w55SZId56RL/7NYT+nnG6asrNPp1VF9vB2kfqchSnKtx94wpmwMnaePBd4dK6cbT35FalfSzqr/z
e+1rwgk9N8TB/j3PDNqY94Df48ZT/+67aituXhl6FVSyqiX2zZU/F4a573kExTlESZq9TjGjflVX
un+4se7Xx1EXu0cqyfnvPv1y8COuzfKrN++PkDdrNK88Q+2ilbdc7Fzs3FmwwiVXO9mtFHz6Psdp
qnNhDx6bvl7xm/58n0uuzV9uyPWB8ZDEj24+BQE6D3BAomVwlNXMM0mtgEyGwdnolylt5rwHwEfI
IK3z786+BScy5Pbaihhl9OedvqBj16htcNQ+72GFtP+oH9kQMMFNe1/Ya+VDvFo2M05VLhrm+gec
EiMfuJW3eeorad+fSJQKPFH5KW84g6FQ2b+zsCf3lBm/uU2Q/5536fd+QgY00lJGtTRKBGUJ4oKj
vdXU6NJTuJTcr/eQ1hgd0H0eRieUYOSi43fKSbkg9CX147zgk96tVdKmkrrpTu8PBAb1v+enpzd6
Dm34GiUHkBYHX/dxCNU5QDYqeufo13xmlovUHk+0+ARujVmCHeNEKIyCk2aS9x4+JuPAUttiuI/z
R8c5fiZ5yPUTHjeUZey6b1OH403PE5Fe2qfDyOF5vYjqtKR/n5qsrYpronA1XeU1wljTS4YDChl8
kISRQq5b/e0kDw5YLMRk1RzOxC9x8Zs4+Vw5I5sm4nrksA5LtY567be7lp0s1Um6fi/eMnrdFnsv
er/+RmWWMTs/cILLENBHO+BLHwhcjjIQWVAxe+uC18VtNZ62hz2cW7KxUEW6tkI1oijbLanEixnP
tyCk9a6faM31Zv8nsGWlLBcSYsUmxtJhXrNu2MUU+Avz7uN5zHQZCfRvSeE6lWd+Oh4+ENIqmveU
qybCAtheJpmh3FOhNUwvakwl68B55FfhzYHMp8Tn8oxhl+SR7KUnYVdWyBVnBp8x1izX81AfDC6W
OEIpanPzKyrB37nE/OZ0sV9g8dPcQGoTwbofUMcvUaZmtBHCc1UyMbr+i/dloDEmqSLXwTf4fAoC
PdXKOKoyLszC7wwt7FlSAjf3tQkSsLre9Mx7asSRwMb4vvzExwWRk1+pNJhdrWAV/aS0kcXt9MIO
TIrnwgd5H/RYcVw4EzqooDUVy72US0PG/I7kfEJCIVlFuKeIZNQeaqMeO6FfUcJ4pYoH4r7dLmYc
Z4iQbRxbif2wL5a91suQcC+B12WJOIoQFqBWAom00zMaIr/0YCmg8vTrU5TuxUe+Ej3RVLLUXMxK
/XiekiU+9QdpYEUCQXGlpib0YlG8AfkP4jGJIvZpT6HACwP1M0eCw85SnuK9cbv6yIy58T0RZSqE
tRBpsG2oVwzPOW6nl5T15vsWgDDhBhVARAvzwulyAr5Q22j3G+8tMseiuBjYIobqqZrS3obmfSGm
5Cmy9CsTfJ5yXUp9P69mi0gZJQXogmk+B0OgmMTsiEG0Mzxw+KWRk0lMRJOMquzTpehax+stYQDa
Z7yZiYNNjIeZZyiJWscoihubdfvf5SvEhnWeWGy4ZXQ4TOwL6a2YPcufH7gVPo6XKQpfefZWOJNx
kW0xKZqM4jqr622mWrOnsyfj2+aafQopYicPc8Vxvnsn8ySe6dAlajk9sVcmF76R0iTXnXDqrTL/
Zlv6JRWxzFmy9CU1LPvnI1eVX+TKTgz0+wjxXE4/8jvY/+q4uG5mktmHPt63FPv9f5wPd65E+jxO
a0rPSZJPt+GfdLrE+vFYyHlHnQSKpQ9B7Z2cbkDnZY9KjxRigS5l9zLN1lQ2mqKSS2I0/u25J+a1
x2WRLxwYDeVPwALM+79dFz5KZNQ/F237Uc+gceznnRoaNxfRlaeFPwTzAvzfnhVrdQ05cTjpCEHi
B4+mZHGkWl5K0MvAx59p8xQcYCdOlI+DmvtKb7SY6+TDEpKIltpeslHb7K+YOmVDNdHY0cptyLEE
bnUglOp+QlV4lYAr8BZPbKHtUftjUE9iPl8nXvO3JPbhDy43Tyy6X7mwv+wT4EGdoqbw7HPv5GE5
9hat2F8Xf70pxRsJsIAWucCTft301+VbLgOkztIYZc8sCbmKMf7CyIObJYlBQsDNHRkC8605Ylev
zdE7stUnUuMLwSY+pxb4W8Ve5kaXFFKrthY8NLG7Li19SpKadE+Pks284NTeJKOXTqJtPg/qktJe
7HVZ7p/8wFhSg9/p3nNFbb5flihHRYyi6YzAlaDIewA5wO2IK+E+eDP6lKnDRzVs3kDYxcLLLVht
W4pjTPtOXWk8i4iMH6PVvVcvhx/O7/bqAcuBaZuB+wAZfbX5azc68x9X+GlMBepAiubGfgo+VTpL
5FWzVJEOvU/XtmIvQ88w3xn+krAR6v9I+YdPFfCpvrJSaZ+WbPfpfLvXHAvZ9OGfCPGDCW5Q5Ftc
FHz22e9rRnfdywxu9wXEE4S3c6ZB8MGcTFf5DP/oas7HobLWHI+hx8VP897M7vJM05PIh7U91p0T
ja2JiZyMauW5JcVmLT7jcWjanM1IBkb/9nGc+rCUWjvpU88LJ1XpX8STHE+UGEqeyWaipA5VbmeE
rOQmH1QkfdnP18VvncvcIgB6DOlwa+XNPmlXSJQ+Qdr1nSyDFvK10/f1fiL7i1/5m+ca+JTaG1Uh
tzM6CAWFCHk1kiMfOU8jcoJO+cnSktIG8NpxjTIUp+mzA7lqHQVO+nXIBciT+HiHlcfldQnnLIDK
392seD9OCiV/FPrkrWicra9u5RGSpoEoOofeZ3mMnGbJZ7P5eihKul4VVl67fk4clpHHv+hpcuXs
rygVg3bDQ7WhrV6vk8CAG4xSZ15TDeoXZddYVc0mk0SA8+cMDQ+Tx02dqfl+1eG+FoEJr2YWHRHJ
a9cqIWACHdFwlFoUne3Rj2VJqp8uqCnAeuNg7npzvh31r3pDgJWsJACakFB3HYtQxuL2mmCLgDLw
XquHNiROfpMyzpRn9G8+ep3PxaEt4T7CxBaTQ3i/niol4OjSS7KF8JahoxOcNWPm+2XOKg/Nt4hZ
D0okHpGNroscvSJj+CucJ/ZYmM2QA6U7ngtvjY8MsU/NjYcNagZVPJUOA2LXWF+/iBK29Qk09Dmi
tnfxK+PlmPiGKhg19YtLZINiX0IH46jMbguxAflLdZC24NAfPia9apXEnVpK3DGGS3BXcbyUfV2q
5IemWtvv4DO/4f8mSi1+yDB6VsKPyxOfKDo74WAti8zzISRlTFlXD4DwkYXH5BTbK1YJg3SW0Xsx
+gNBRqmCH5zlmiW+SzdnaEf8siGYo3kv4flTR0/gM9nMgJE576FhuM6zJhVCh2JTbzapMwBv/bOe
gJstd2WYUq/ohEs51voVjN4l/5zT8+XWNQMP1xvUEpmFhNTP5/hA8wvaUzP7g+sHhOKTq301ocLH
H+Zl1qoZqtBH2Jjf+RQtVt/4bKmAQrhEoNKChiyx8clo5Ju3Ix9YflpaiF/nH7/NLRV2IIUxdIaw
OdNHISr1yJR0OUtR2PG9dHrnmK5QzMKuTPHIVloYjbG+elPf+Yw12Kde3OBuDLvdx1sgog9RkNLa
cgQ7nE6Hktar4SYf8EVMU45Vrnv/vkeDEdZBHXCViza68sXO+WOjKzp7ly+51EwJnCGKVygHEGbG
JlkNkzWYGGrHMyUdvxM8bUvKd3IuT63nWRQUSFxpmhXjjQw4cvOwEl+j2Ptmgg7oJKDnws20iyK2
dxU8eOHvI6ShqmbSOj4LgmWZsndFkQmObT/i3GptzeRJ1InFVl4409SlFjx9wqCrc7Wsrm3f0dxz
Fv3aD9xFmZao4ELiPyiPECTnU3qnCN0NGLYdMEyRsgdLRHcBFrvMDj8xfULe7AySPu87cdXjwifq
ZhbD+2E9TQbyDHLUoGN4NFG5Rg20/mESBZ9/9aW+cXH38NW+acRMuuf9C5ZT42TTxQPxcs8mHIgE
i0isaVlf6ctEZsniDxQOGBTrZQY8Y+5w6bn/mJYlmkrJ2CLjFr+EUVAP914W3XrlgOEJJusP4a7V
x0xi644m1xGfSeP8+YuerYq6DiPYb5ZWBkHB0M13EkDMXQ+aq7pjuI9WapRnAlGWL/N+CY0jqAt8
WPiKW7wbkCSpqSd/x87W5AoLkGL6EPWCm+iTfGmS4gL+4reT6dnW78VtSUCPX4SJLduaKSrIGujE
m5TmXBTZHz11dRj8iq6p4ZUAZUaX/4MSUS0BEoe6jwEH/XivRB2805O8p9m7jYunSJBbvxXuazGm
+G2cP8DXokigi7DXkF5nRre8dKi2i3lqkZL7AG3gCWJdqfIun1NSxjW1CueXTy4UXI0DLk4vBF+W
Kg5a0qWNu9meL2pV8lYzfiHi297U+Dl834HlmLLJEbL7vo+TbG99z3g/AR3cb8W9QP75OW2vCyuJ
obdng8mhJ7nXar4vt4TKnWq+l28tm3T+gAxd8qCgPm/Ukgjoct0x0mjWIu4Eu+wHrbeqI02YRgim
wHf4nvNww83AS4XVjlO9kwSXzQYNLW0QVKldojPaj0SbSwqXf0gkLnR2eFj3nqSpXFSEU86viOaM
q/YE3n1MMmyaoP2zVP4zJNEjBon5TmmzAihEaPOibq98p6hvulrqw8hM/5SNC7r2GwwJW61mpk0q
qGzjgLq8ACCqlZ2xtQMAgv5qrLKxvY2jnaGxPfqn2obnjR20BBUlTwMEVYxdHFDnSbk4nDm/dupa
8TvUKavl3ABrxemUV78Piy5LZ6+Frk5Cii60RQpCf/UWhDazVqRPWVtQAnXqagUBAGzj7M2S7v9d
LTDgFi0w0HYtYPRhMPoAGK0FjDazxhNE/UFLQJfnIgULof8g0H/WvtpCCkH3AkH3AkH3AkH3AkH3
AkH3AkH3AkH3AkH3gi7ZRQpF9wJF9wJF9wJF9wJF9wJF9wJF9wJF9wJF94KusrVl6NHl7LaMPQb0
6V8eezhoy9jDwdvHHoYWA0OLgaHFwNBOw9BDssa4+cN0gmzTBN9egvLf1oTYqgm5XRMcLWYNQrPV
bzh0m98YWJR/2W8EeIvfCMh2v4XQnwih3RRCXxkhtBh0TUJSIbRyIbRmdI0qUgRom1Ah0DahGNiE
f1kocusFQmJcIARaDALdCl2ZkBSJFoNE+45EDxUSbRuJHhIkekiQ6CFBbr++CIw4B/wvX2A0X3wz
agNh25Wjeed/CBDA7Rfr980EWHMasOa1PUDwnJmRPUCLFG0CtH6roscJvj511ifEehMg+r/agNUK
oSiHhLaOzR9HBtVE30Hf0sZ0w9q6+NVSpqiRRf9no7AVAA3//sOttG2gN8eEVFBBUQ4A2sLW3tZy
GzYcLrD6UyU0Qhq+VntzFdGCHSG9K6yN0C74HTgrloOhcIFV9vWmX+sk43/q1y7gHbiLka9j1jeY
9RtIG+zM+m1+rV5OB7vVEjN2v71b+8GHvaCho93qfbCLyvS4a47DYQJACHidCATfrNz9D1FFu7mm
OKsVb+Ki10mmm3w2rCTT7X7ZOdo7GBv/9szSzNDY2t6Y38zaxGYXEL7fzv0Zzm3L0T8p5o9L2N+D
uWGtVozL1CqmF4LKt/DV+oBI+CYzQwh1jeEwrHx5bOA43MDtTW7cKqYSdfMhhVavF3QHTiU2IiZu
gvYqDW2Vr7VhC7Y6WXcyhXUMcc7DP+LwEL9l4cbhYcNvbkVs49C1bmxDF25bWIXhLJq9IWyT9bkh
DDfrExvbEYyz6vuGsA1jG8Jw28IGmgLjZAJtCttgCq4L24EpiHXW40T5bApbN7YubAdb2ITtDnqO
xqXCfwtb46VivZ2xlYvHjTzfFLZubEMYblvYuIy4ieeoVZYAELXe3CCOgMBgAQQCF3EEjZzEVi4e
N8R8U9kG32Rd2Q7GsBXC3wFLviFtnUeyKQ0rjwRtDds9jZs0vilt3dqGtB2MYZW2uwCyRtSG/J6O
a0ht7GBzbCEfsrsIsm5tQ9oOxrBK210IWaNugn9LW6Nu/nVaOGR3MWTd2oa0HYxhSzHQ3QWRNVoC
6Le0NVwCVuwmCFvch+4uiqxb25C2gzGs0nYVRtZgcODft9oqCw5rjgFhi/u4cfIbwtZtbejCbQqr
rF2FkA0q0IYu7FggtDVscR83Hn5T2Lq1dWU7GcMqDWcI2TS2jg3aMIaVGrSDsV2ACdHQPfhvtu0a
dA9rQsMWrKA44wfa1AaxZ8MUdug9ziUjFDdLEIbqHbX4goARa9lsHV8EgaCWwn8f6ApHCkHY7VEG
zGys+VFeC4B23DHBtoQdzB0TbCseG2PHhBsT//coOdjc3AG2hAqHqDt/bWMBWd90QrBvLHY9mDsP
326gmuur540h+JtLddzQdzACgppAyE3i9CZwFHc6wmoM5+yFwlHLZiBs09gGYR67sf/ciOOmw6/f
wqiADoJBf9/CINSI/+nTB5x7CNxweNxs+H8BDY9tlY4bDL9O0AaCUYngd1ADg1ApD4x1DmJLQluh
8H8yIjihWrsBff/FEcG6TtyB840GuaKZWojN547YmVr/OS40bs73xtOzDdYyaDXr/XPWMgQB2zkR
4MZ8bzyrhcPga4z5DfgtHLUEQPwpIHh3BHIEeBee4aZ8o9IzEgza9Gw9k/5Dx+Ag8M7sWyHcERkM
XIVtbG591gA6IDCOvc/uphkcBtvZM5zhez1Iom4y1PBvktcgSKAABIF9dY9t247YRUAGo/qGoZaI
m7ZQ4QgE/Ov7aATObcu6rbVH4r/TLfqROPZlKba1IgKMK9ZtJbRjxrrdsLb/aqzDttDEjdpeJ/qt
PZlE/l6C4H40iXVHjBuQ/UeG+IatHRjiWLeouJHX67bWFyCb9MC1BQj2OYwt0+8AsQYBBYDw9e2O
EOovBHWjbOx3/nZU3tVqBzfCen1vhBINhv++uaBQVODB8dwIW3LHTZmGQlEBdZWwugZcXV3zrb7R
QfxTyPiuMgBuavQf2aSrAQC0Bg9Gs0n/3ayJxJnPVz2CI5Hr61EImvgEhq6vR/9+CtjNSgOJO58j
4Wuxcp19DoEi1x5OrLHP/z6WfVe5CYk7nQNRd7AQ6PeLTTh4DXj6T15s7jafI3GubpE4V7cg3Izo
v/f6EFsYBm3FOv/Je86t6OR/TjtdK/GOnXYKwgAh/zXaKSkIDhS0t9U3NP7Pc09xkOQgGIfR1DYo
eAtMD6MNZBWNC0HNpt9kN4AW+vsiWPhpGIcxQXNCGG3QJM2tjEwEag7h4EgiMQ6jCatw4JbBQo0k
+sssWMCfIIzjaEQdEvabMQrGbLP61QNUFN/CWIVgNEJjA2FCiN89oQYXAcXhDQzjOBwMQnmzWjF/
C/F0WxsMSOMq73R7m+2MxlXk6fY2GFBYJEYbNF0TtZXeVL7KO93eaJVTKoTcQqBcxZ1ua4Rad6Pm
BBz+G8y3ijzd3miNBAiGQf5APN3WCBPmCcYcaDSlEwb+I/MUiHVubAk824M3bi4fHAb5Py7f3+Py
GRgjYUATmBE/1BgE20o7g4GBcGMEDIY0Af3/xOX7K3r+AZcPCFMBIoWBYGEY4q9y+bCc+r/E5ftL
4/W3uXy7srIDl++vePq/xeXDUmgZwA9QuWQMUDS2M1ldpimijpg5GQPEjVavp76dqzBAHNVg9SIC
UDPI2HINluaAOkPKSd/Scc2rVWAa6qZxsDFErTsBjtaryzhUf076az2dd7RzMjazRHllaPx/YL8/
5/H9xzr6r4D9gDDUP/BaiMAC9sNs8R8H+/2/MJ0xyIAgIGKdlLJW4/6PZEAQSAiDNrEKz8Oo7A+C
YxBLgKhMC9z+2Z+TATHpeSAEJnVplYeG8Rkm7Q51LgaFCLWPxPQZDMKg1IDAmCQXEBiTVvSn1BEw
HI7x2Sp7ClMvJnnqf9h7E3iouv+Bv5UiWcpSpBHZh7mzjzX7XsiaJdtgCsPM2ElaKCWylLIVaUWb
vayVskZEJZFShGyVaPvfYXh6XOT5fZ/v9//6v17/eT2vp3Hm3Hs+53PP+SznnnvfKCi9DKDj0CBl
OAhZDMzQIDQvcEBDKBwACoD2DYWE9gOFghAjABQaSgmZJFLPLsNCyEkAnWYAKcNDCDIAigAhqgBo
BIQ2AeZ6EOoNOIQgBBkAjYaQJUDVQ8caGgshhwBzEHMANB5C5gDQBAjREcAgIEQzAANASBoABgnt
GwYNIc0AGAy0bxgogREczRASCYDBoyF6xiKg+sNCKSEAmLRBxi4dWzW7DI2ByoxFQMgmABaA6goL
pX8AWDS0H1gMhGYDYLHQuYDFQyliWDz0fAgoeZROu4P0DQtASThYKB0MzN1wED3jEBB6D4ADoLpH
ECB0HAQWCekHAgelfYLng143HBI6nnEo6FjDYaB2EgelmwI4PNSu4eewL6DJhoxx/Bz2BT+HfcFD
STgAACWLIfAIqF7AOHaONiAkJtAtQO0kHjtHP3Bz9ANKuAHwc1wPwhz+iICEkAtBrwC9HoQ5rgcB
SuYFCHNcD9B0QsoANISgBeoK4gNACwsZf2CWDKVQ0oGG0DKILEj6yIfQgIDfCUYQig59VixM0cHi
AVUNJFoFpY5UAXCqgIYKnqCJQmrgcOoIggZCVenPNWZRdEBXj0b/Q4oOI46jOrqSnYkeJJeZSI76
W4j1H6Jg6Eqal/8CINDYKf4LCvTJCCwWswRUOOis/n/+y//i8y/xX8yqKG2aHMWjUkVBJ222HlhR
9vR0nFvNzav96if99LoRKzaWWZStUUB1UnJKFdqXc3BJFCbdj7i8ZZt08d19P4pKy/Cr7GtTPyaY
HGysE6DIrwpVFt2s//AYzFYGlpL3sIrCxcxZ66KnxCfgtJy81GPfwPaeDNmDNxQH1+qsJJs5Bejw
Huj123BPkj9HRi2h6ZcCS9cDLrOnnd2fu+s+PxiAfw8vZV+a6Wbcsya+dneWEnuFeMJhx1vfvIZG
dAlolvahZM4zgd4ttkYSF+2SPSOD2cwlmy5ybd+ztXrwzriiV0AkU9qQQJoX3+2sGhs4W0zksReP
uNKOlmLOWw0rWNz3eut47rT5lkKpjOrXG+s0LQpVCtxrmYiWLPEw1+WbP/EkMVk+1Rx1198o3C5I
Y8rehhxHZG3eRnk0wbt25KtZNX6NDfuzG5o7WfeGf1FRuDeM95QPkzrLZLT+waveBy/khLlaNyjq
btt1guvTC8qB41vfm5C2JmOT8BlC67XjqyP1+Y1Snj+U2Fp0dePWdb9KiMvfRqb4crkPPTtv9sgZ
7tFg2H15Bf/J/js9ml+WnJNaw+Ky1FSGO+28dl3KeZ+uE/3icut00vi7e5hdhAxchDWkqA+yzeMS
y3fx3xJuKfIyHDussH1kiSKB01I0tt5ECOu39vAryo332+x2FpyysFidyyxF2MrUIJqm/oyFVVee
xV846xGguKLZD/fdjp8/8BNPQP59wUvrbATTeDA2nDrlq9/7Xd609XjLSC5LMt/FitWwVCtpPaUn
n9N3Nch+3KhFsmBP/NDv+d6z+/Byew5de4r0WElti9HlyJzDFjs1zzRyc6PjdTm+VhD2rOJP4jjO
n3Gu4qIcSdIn/E7ReuPclx9su7aMe/pk90W2ZPUCfvrS+p8aPmbd+9DcncW7FPtWMaRC1/fKeMfD
kfILt+uKYuqNusVPZArdFeeThVlXZNEeNA1U28Dda/rW9Pzs3jP08NzTiu3q90Lgaa+DOA/VSOh3
ISyk1a5fIL+yvRdULvcs8OvqMycqLBEneLQEL5/ciacMrZNQj/VHJCudrBh5bmyh/yPBv0fI7s09
8aSv8vdSOK9cf+r1NOvSF7NE+Y/Fy3EDoUHB7218JlR3fN4pflcs74bvkC3/lqrWazVPv5GbU0tJ
4e6jrrecYLiiK3AM2lubhPFct6HQQ8AnKUjgEL675/ygXsBpNRFO9EvdHzuTr8hgHNCFIVg5ropD
LgpWDZ8S/S+wvv/Qms4ptYY9Sh4dqn565Yu3wsrH+i+zen2yXpnakF2RFMynaTWUgF1bMrqD5ePB
wP2fNOOQxPLlKtwvqq5e+f7ppHzKkuwbl64x12TqBmNaVxkYcNgF1DteWL869aTE2dNF6maxn0uE
yw++iLl89Z4C9Zaq5EA8r5Cx0SnvjUIHNlw4f/MrfrVeCVLENXZ5iGuN0L4nmSKtmcNPRtmv1WOM
jIb3yia4ZJLfCl/6UckkW5LeLDZRkNFbm2agx2nwPjbrSMZYt5XNYGQt68O3p4Ptxk6XinZ8D1j5
UuQGMtJbUNMDc7bw1EqTi4eiakXKRfubKG1RHI0FqvwfI1gj6r7ZWfsZlH8KX36Z+/vjBHxl35kX
ImfrDlQpHPDcsLKx65fhgJ9+BTZF0L/H6C7zl9oKrVqN5xH2At98wxRj3MnWHezZ/NKHR1mPeGTd
lfeMh+s/LHdCngmADfKOxNbltCXsuDzsGvpj9Gye4KpfRVoKlwZLl3IvP3F5fnQLEo+a69Uc03cm
8Isxrw8sDaLo7wn7Zl6bxRZtmilbU+3eJKIRes7g9scrPaEXxRNtjppoV/OPnfo+Uh8dA7+09IkI
0kHW7bq4klJ9olB4ev6N4w4WTwK/vhvoqkpc5uPDuby4zuOkbKvRrmyhunu+Zs6kuG03JXtrjmgU
n0sB7o77fw1NfiXjwM56j5f8+jnTeb27HN01yMMGxavUKg07d59U7y06ZHDnK6eg+0/bu8+k9+0+
VLL848g1z1GkZETuwx8aBPs4T9xjtmubDrWGDX/TvLrpLs+7skyFVQV9dSqPLtpHHHst8zVSvpib
KYaYxFWcc6SFdLbsHffISr9fPeGoN+Qb6oURMSI657W7LtdSdgQOWo99qlrnEtB36MgFT+8LdR91
hAsNzV5qm/YVSp8SleAs4Pu1XHtlWvZK33PcBcX7IwhLiy4akWMUhm08ukR2PdCLuzEi2jsBRzpt
d9hs44gjnX9yl3yYwlnWp4mQaghea6zAIf4ThbVaplS+kpXqrN6OqxsGEHpjm89zneIv5PZsLl4q
7BvoEnqFRSULFdPUwCN4oa0pfu14uu6h7k8hPd8vSIVudr/EzblkuH5DZfLlc9ii4rubdpk47I+J
wCn6FMe6tz7a5RDu4vv4tWkDk0AXR8fJPRp5SVXmt/iCPQsPmHI6WvXnFq3b1xJd181heVLDfx9B
m/ZEyepiyWfHgSot7NvrQ7r9FsuvRypp93XDgg11e3qMDzMJBdMGO0M33IuTTytUEvp1eOnqn01M
UQ15OoIORwI8nuUJ5YnDmZT9zaLdRVe3EE0qr2HeEk/UqKw67SfTFLW3fL2AIrc5kH5NqWdNI2/J
a4rXj7DC98Nyu+LHVxY7VcbL724yjju8yV7phViV6NDtRiUd7FKtxA658DtrBqQw6fDuO3rY86fr
JSxv3j9noFX1TlhQNlZ8RwvvcpFGt5M8bzxOv/bAHb6kWC4gf8k3zDuwyostNouWsPnZY1a/lVWi
zc7xa2KLupGFaU6xSxFGCTa3VisQuTXl67zXfTljdW/syetTzxIfa7ZziyQaJrori1bdEhgd+hoR
Y8BUlhnkAwqUk/paSUY8y0Fo97ds1jeHdildciJxsYVH94n7VO5Iex40IPJsw6bIn9a0SKUJha/f
yE4uzrer4zu9/Ext4Z8Tyh7z2Fxqdlx2QvThchWyiPPThCVWtfl1vBrPudcnNljVSTy/VRb7aGJP
jEGny7HrsU7rPHdxkEOKf8gVZos8P/QqKYZI5Im39IJXXRy6DV+b7rTTU3dovPgJe+Rln5Kg4fbW
BxLFllutHJWis7NFn6/Yh6XrsNN1dHcuaUPG6JBmc8WqB792OIRoVGUDvjFuppoaMVEx7V88rtex
83hcq171beXOkq5msfWt57PjuEu635nUXHGWzlyvESdDFcDV3BigvUzkMVM4xt0eZkQrX1apaDoQ
tGmPtOTB+yjmzoBiXqaCi13rXUyUabWvDsab6F381v5q1Tslo9d7hu47EPpW9J9ZWeKyJ7w466WE
pXAcpY7z09Ly1Rn2LSq3DqXbVW4ZO/1iW02zlzh5PECK27yw8uMvjvoEZoVVPtcN/T75XEtUcpMN
DPO6wa2qsnVtWmPyZSYROU3L8NRakxWHHH+c3+Nufd3TxyQyI/S+PGnTYY5I/XizHQQ7spbxE8vG
ZiexjE2rMr61/+w9Y+ErVySh4tykveqtH75MStth29Uglg9VL/3vPWl+qCNfoYFK3t8YZyDccBb/
pqTSYmxru9e+y9x5lFKuG4YmaqJWAtyrD8r74E8yGQw+U1z2NfRu43nz7djl1cs9nuap2V8LTdwR
paNFNnHrDEwq/4ZK4iQH6mxHwzhQVVu91+kmtDdaKfGtlhN9ypzUL+oqeUDWLQvBrD5Qycy73ORa
PO2FvLhBDyxZ/Z0mTFnv6xq27555upfDUjf5b1Ph9QjU+MLK7Z0mdS6f9s0wh53N5Jl3jx68aCkq
cv3bo/F4HQ3B47sVmkOUZRqerONjK7kRxfPg0EN5qyHbTbr5KS+P1dUYjmuMvTapCX6vvfn79fxP
1kvslSPE3j53DWavXZmP93FdecixhE8riuPGYcnGs+GeF7eWLa2P7cClP/YADuzqf8ifZNXDtazG
J+6ce6Kd9ZojAOVRv/WYU60Zou1N1nKen1tww6+uc9e3Kp/B13noYYaGde/VrmXz32UdXVnXI6G1
Jhc7ss5Ww0sgXDW/O9CGdauv53jAcLbaa8/iweNusCrBJuHMNUr7foyfPS8lEpLM+kb++3feNtu4
dOh7tKa3xtBXrWbeowX1cOhFebhccwMqP46reNSc1t11QdoAf2+wuOpE8bWrbi17b2PD49g71+AP
rlp+fOka7otBN0PGS5jC4rQlTL+VG0oarQhtjfzYej1QqRFfQ6pVvhf4/ERJSOm5F1GUrs3mUc5v
iFhLOAmpN9j0lBbDnZNw/WtdVaPPfTFqwK/W15sFJtDVwtJsZKLe9Zb9tvZCUhGWKn0D4mdqSaEd
GifhojkeWh1PfPt2a5Fb0kNOPGlc6vNdubz+4XNaXkRBvqi2i1PBz/Kj7uc+7To2sl1qZ5N8r0/F
teQL7MVtOhm5iAwBn0blajvcEyOgXkzs44/UfBnR50FFxz9y8975sqVGzCJgTQpn+6H9d0YG8tLi
3PoD6vlHCTa8TW7YTY9JNkLfV+kK61wYUHIX676yXqWl5UoHUaN6hZ5VmzzXdpYQjYpYcn9xOe6T
2dPiYzwjW6R4HC98fngk8V6k1fLayNOpAaRl/pZMxMhLLXI68WtUSY8Tmgl3dnLrr9558rtBTvKp
4cRBW3XprKBo07Adsf55tQ+vHTx5uvX99dM7WlKyk2SLVwydGUvt/f55vOpFU/xoxuODv1J7Lzq/
stS6nlQcK+rx3TLiTlN6ftAwz00ugcs5ThxY9a8rBnLbfMtbttMiJcNvDyax5eWcjbwQbx484Kju
7rrNxXZCxefFx+cVwjm+23Mlz238flAMl+1msq0iQIxmPW5+PZLmkI7+opuqz+KU85bK7vr48Nus
AYP4j592Pxig9Cq+qRu9fp9Y/Ytipqx/l/VomduaXivRAalb342RN6yJTcNuPsuiJuS7q9RS0mFv
a2jvrDnWPtE56SfZL/Rt4wYxp8fULVcUQgdO3DC//OVWqIKCMHPkEJt7YKxIZ4TAEZIVMrjG2Erv
ndmNtR3bPJw2DWhiEI0b17IlcZz1lkDD86oNnXXKsdGjXGe7TN1XeZD63Fv7LatVhZf91B4p19kZ
HtbvU1YUG8iTLNyVnjiyNPhZyomaJ0KS+HvVPHwTtnuCg8uQmUeYHW1/2sf18BvVkC3UhQLFBR9X
NzwP7GUSeSbl3vY5tNT10LWPlsLcy5Z+jld6xVdpJVHrKX9Hbc3BPTeP/djombfs6lFv1taVHzYE
Jg/0ib5i4jq3P6ItetDi0yBnKG3HUoHGLU2vhYytiA1buHPsmswxsenLl1n7y64roAmWpKWzDMBz
0w7IwvsCmlHsY+zjKNXBN8nPn100L+pi53evkVe+/6LmoY79Rj5/ZdqVpUwvmvkOV3b11pTJjfQI
mWAr+K6Et//sE7KGwbgkJU+E823TPSaeIChw+e32PW0axEPsbh+jRh7u8ZQ+szlK8dOXugl39BMS
p6VGFrLBwQUjJvvqy6siedHW1Z+a3o0+4jktfEv8qtR2+L10fYs6HJeN+hBbUEfXKOAZfmStuUBX
NfC2KcjMo/CX5lXzfgM3dqVhdbURQn7Gi6tIyTzld/AwD9enJmNXu84fDWcL02qTIWbu3LaFNa+V
e0jESoCjaF86s6HPGDmk1N+g1Fp7F+tlSyDZ8GbtbdMS7YkAwB8u+sbt1I4dDcoXx5l+CFk/eHvx
gm06re3VjSChtqKiEq2cmFf1ZpxvJxIGLuR/SNjZwZLleO6kkIivWFLMEtUbBZ/cpX11lB9wpK0/
s1Hy0+vCYVYXpRXbVJSMv7RaI8zaAnbs3lf048bPjeP7TVhb9+8+pypV+/NRupBL1IcKl6gj+/rZ
2Fsj3yrERBjslw1vTr0ZluOZ2xzYULBe0WJvPyKjOfqyRzSXnd7alZ+uB5TdaoN/ObrnkrGL0rUH
qUI/kcMK5+/rhi7nP26mVPVSUVR2eXd8pt4vf8wT3jNPn3MXhygWC3gx7+mu0cnbhnPeYxOdT1Xg
ztxepmxbPsaq+HT9qELN6UtfeQNzJN4dczOu/anw3tw/Lym1a4fMO4WU5B0Cv1h0dykbPnnmyeHJ
mXtenGcHLTQ1ybA8NDF7pERLAq+vf+C7YeuHsQsZyaZX9g6sf8HDtIz6cM/P4+J3+dC6zXxdY7In
1m3h8cvcXLkV3WEwsUq/PCNWUPoEt7hk40oPJorL5xN3xkjXFfrao9492qEYdkJEtOxs9q1hpGya
797dWB+pyKuPw0Zwpd74N71M3pevJNgOU8c/VfX/rJHXN0WPfzU8hfn5k39DSoY8xBvNPFALYPCY
medCCdDVLMSivJGFTWxbHndw6/UCssfFXWbfY+5riT0XabsZm5VBkot9znzkkIiTzgGmRzbX6C9m
LlxyJeOt+6WmG7uiRHaWrfRUrifwbiZxHsrpLP2Juu4cMn4j7WDy4fsh7xB6vH2w+pb1l36iqmLw
R1xza7/ee/R8XyVKbWLI8dfKWKV6VZdTE1F308j5iOTXKtEytxLyvp3ZjbzA/TMrDWbrkpPlHJJG
zit97JF/u7Tu+8tXH7tCbiU6l+/J9fEZ/GB2dlceroP/JrmqNG9LiLRp8LlAUsoh0x0x2GT/mKvS
Gsk1+9b/iMkPEGPTOIZ4N/Dgmt2mh5zuHfalNygmpyS9tpi+J5pr74mK2ZieGmdaJFosphIvU2TM
d9Vp3/rcW9y5Z9UtP7wnv6qtELcIO+Z243TizqYPBznrjLr5aA2auQ+rR+KSL2RLqEuxBlSqtec6
3Ul212iXNDI+n9l7lqemQrqtIk4Vm6Fkf+DqWWOzWx4r2W8sDVMncWgYKWQGkT+tVRuSb8FQtmv9
kE69cGZnulXv6WflLodbKrsKRGqMMQpyLvk/HqYnaVsEVK6YYHtTz/lz+Zl1Gn12G1xy1D2+PI81
iFc0SlphGXPCXXmFeqmgae8bKZ+rJgNH062OTqj75rdtxvdk1XuT/Plxr5E+WI/67RJhCc0j517X
mdmu/OZW9j7s8/DBVsKzoRQ/p5pfNiVD2EiRtxfdTzY4eW+177e78NbGV9uzicU0/5KS+f0TTb3j
4i+8ngix90RyB46H4ZosN+ivV1rvejbj8oXmQhxL2pUD+fUHpK2zZWuZZe4wv29ZWYwZN8pFkuWF
gwta9rXUFYoHFTC95WNmHqXamNpkUcz1h54cwxyThGMMV/7sMqnK3f1a0m1k58El4n1p5W+sWW6S
VDI8xntvY6No690MW0x6dlEac4/jNAUPSRxQorXZF8VfVq+v2Rf41SdFdum6O8bPhW8s4Vu1jV9z
zIxy7oDkheGvZaUTsvJnWN+e6NRn/uJKTdPky1ezzUl15z9zLXiQQ94yPvz5FgtZY13hhuYnpx3Q
llfVj+G1K7oPf2bmXXHiCNOX8xxGUkMsB93KnUIdU9szJ4yjhF3eFTWPqZ4ZUd/2c/m9sMubbXRq
0vpGNT+Ovcjx+XhK3kqj7qg58qIhk1DjEfZz/s8cm56nLye+4Lf5fDRnnNP7eHRIPwctU1i3M2Dz
JdX3m24vOZ23tPs8EruGY1QQUdC58qnNg7jw2wduVBu3MJOAEWb3ANRIrJ3Smd33drQ5yJ7S/Sze
29aWnzjgdIZD9p7dSRkJywMtwrtbek2OcsiaL+UpQPxEXBpUellc+mB15bXvocIiw8v8bxVZEAlP
OWP8Vqc3fubEG73yHn9TRdxzV7/9XJ/+4SMAPP2+kwtbk/gjs2fbi1gqEF5tOhfl9q4i8aq8iIxU
Nqzxrnxx5JrdXnV3fhPe4nViF0acL2c/bvNNlHVBsydZtexNsMoqodQE2uE+eLBb91V/iTlRaGir
y2PrYbh9i3KkZCVbENu38xnWVyItHOuXHcXZal9bux2nGiHRnHE1ueygX46ZwBKV0RKm1JxqRd3G
dsXgn3dK7vxCXhoMedU5cGnwY3A/5vTnI3dZLJemWmmeDFXCCvaS6o5tZ3p5zZvDWWLrMeINa/+X
tvo8v1K4NSs3330XNubp9nXNioedzGV5NqarqRv9Wr61vvFJIKB266CFWa6MBa5d9bbBaH2KqpTC
l/XS5WVpd0mmW2UzyqQaBcPPHFzDuTJQrMuvkCOYu7Ns5wRhmCmMaXgvwtcAs2LZl5NU1D2t9en6
bu1fdFeNPcFt5hGuHwpRaco52KUm6hmGkH16Kr+n/iUOkCF1Ivma2JqY9NcG3BQc+dqx9/zpBIEc
GZnqjHzkejYmOcX7r6ldItbfz2w35utbdbqK94DWj6brr58N6PBlyMsPbUw6HN3an5CmdiCVQ9OS
95RSm4zyrTejxr7bCzGbAgf004oPl0aI3axikzubmNzJ90PSd7dtgo+2RL4QzzZJ80jPj76/Yr9k
pjfwcOtn+uYOrqUk9OmUXP+4zOjGdnECX6+Pu8Tu9+YpIsrdQ66D+16dkl+xUYcUaLpd2T1/zO/q
5vHnJpikTCNnuwerUiWUbDgfxnKaMQ2vDOOzCv86EiN5dMvYG28Sy3rbnREvA5d/6N21n+bJ9+TW
jkqXQz+O3A9NtL1WW8Se1i9VL5XLOzwqvqM/SBynoIQb9ImLomg7vYq41qO76cTxDTus+T6/Mr3z
OFUJfolH3YgrtOmHolbBWX3OrC671W6brMKTEvQ339+wa++nFt47u3ecsrLnu/Arv5jduM9hsGl1
oQhrF77kZXGrBKAdH1LkYRxib+apG8ppxiUSqsWrtcRFwNcCpdt+PnZlwzZssTEs8HAJ88v8Vs2S
T+Iu3/S1FXGPKu61XgZ62qpC/Zj636va55xtereW/MsvJMp3/JXOpufv0vee+mkbWVUfH8uHucpV
zNbRaL8ucgk1es+V0sZtDzP2nyBEB1wfF+y+uDebXFovYPaJ1yl7a0D39v5syvpKZBcm62G4v32K
3pagwrUTHxz6X8YtHw9hNqUksRBH6yfk7010ay5x2Xuo+wTLyYQ1z2witq7XbGg8ORh4r6rZcpld
V+L1m94lSt8s839mbw0Lopo7SkycX7EbH5mPVf5QnPk0VGZ3furGB62S5NefuEyB94nPDmXvLm1n
3U8bQcg9WDr4a1lHjhI3dIF2+rE++kaqmWfDofkrblH5a5aFQWwblqu4z/wcpeqiblfEBfGYQGqL
T7Xpq+O49KsC1kr7RcSF1DjRSiJSuG+nB/dGN5+Orwk7e6Wxdn+PB610349zj902HHLT2X0vsDD1
x2h+nHudtNOnjPzbTmdWeqXcxPd2mI9Lrt1yKpsa0ORg9tjV5dG+b8SvKxOVHquST7GRu1N+3A3t
Ffi1KoYoeNtAsc8mTPqB78aVXqdu1+37wv6l6V3U88S6/tLb+wbtfMdDnhuMwAxQ5DGbvYc9Dtvc
bbmblxni7jf+5JFPjdKq4E5NwRWBPhMwp6ahvPX3dvZfybnKcVajBnFxqAv9qAvvkDh25DRw582p
Dbm8mTEXaZXaTzfmmWZyiD01qy0YMOPT2+dH+uGQhc5b/eVj3Tu4VNKP3oeWfCv7PM9EaWIeFoUd
1bTfrBgI1DvV3HiTlFF68oc4+0HvlBu0M8xed0euBPAo6Yal6Zse99vEVOMU/CbM6+27yvIOvFaS
lkpM1s8ugWtX6m9WEEaeuhctq7TdQLlxZDRjt03SXsvxXSNm4w4RskEdmANXzp6/HLHEy2TisM49
/DWT3i9puRaqTyOJGU0bQ2K75d1oZz1NIgS1+OusmiTcnwfuO8Ar0EYi7eh/o8531NyIo5Jg5XIN
tkY4pAeRumZjlaR2LP+b1Hf9BbHdJ9yD1/GJZK/bxZJz4TE17kFOt1JdrlmgobGODtqRqyDXlfKm
PAyTq3VC6t7xbjNpk+L9B1e2Rt2yrj6RJE86rBKJcy3X/LgVO8GjyXlFSt4cfctJtutQdiYGZ3bn
iRxcAX5umdOeh1JDoblpGuf5iSTUJWVFpUKztY2hNhUhN1spUiGmp/oIgsEDboX8bnGqVpY1XF6o
j/3bG4ffvUKXCuQ3HBD2ou2KXrHSFX+kV6TAOejGJ3KuebzD3WyicNXLk/xhtbRHqei0CvsQJjvL
KjZYyyq/GyzPu7MpbEK3cMKRXoI15icjj45sf2gyFLbJuomljhWvHi3/VeqQK7PaZY90p62SZklB
j0qVStN6xu7aPGoxd5W9xhKJ4qFKOl2vQGhbxIh1jnpH9Tkhrx5Z1fA68vOOcpOg8N5TF/Q6MV/C
xC58kGYf8UxuT9Ay7eCkcip/HhoL5nP+kX5MfHWaeMRDzaC050fX7pXKlhq/1OHlLLdsl7D01YHG
50dvPTxBvrrp4SqmZ3ldRlrVAFNU46WzE6sj7fZ3JjvE4+0sfKJqKTnCeL8yK9YIRFhfU4aynOH+
Fc9+iCvf6W01dY9CNAgHIrxcUi109x97ML7kavbRIavuPFeRw9GlFh3xh5ewDUfw1rmy7hhdPhRC
ckBvOTUWtknExVVH50VGU9pjxbrEysvj3T2OailvRLVaj6qEJAdx4bHGovWE6DpTnuN8Ow9lfzx0
gIAPvFYfu1fpUZJS0/1arRVruHoMV6cnyRwVZmW7U7HmYhJn7t7vF7r6j2DDc0j5il77I22kJEbt
5O9d2LrfEK+u6PfsxNuxFcyPHw9uOP79SVHdt/dLWF2aP/cUqIn3vLlfu33T6zzvwCdkT//6YaOh
0zwSsNZKTuLZQQ2L5XmFz01Zt788oZi6acwae3yp//vv11bllX8vQdzbsmnNChcBvmc7pJK2W7SP
HR3I6MovZD/prVmgC2fS07Y5LIRLcpE6YpL1pAlwiLuvkldpUl9hl/shgyrHnau+9yW6pTfSq3Yi
audJh7itPwW93JXXiB1LyVbJP8lqlaaSsnXY5jF3yUpdU86SwCyujIOGqx9/P1LuM7F2/TYljKiy
53MOeQ5Z69XHlxlmro8/62lzhPmTBf65hX5tVRmHqFH0JU6RFxuTW6JuuF2lhRUkaZB8HO+mRh2T
vqd7dh/O/OeoONm1rEOj3K8VI7xZjfuKMF53597ALV+e3Chjux4Unb/XS1Wts6+M2bVROUxqhd+l
5uqEw0JFqIxTNiGpfSur8m82+e/YbebN+vbcS/vMpPgtXgnsn59ubT5m8escN4G/Pyh44sfT0XAy
Hzfz0nG0pYqXStWp1ecEmIVEDpGjq+LUco4fNC0oufnz6MRy1L1qRWTg/i8fhb6r7rz/yP1YvvGE
HlxU/bpk16PEwtNjj843o/mlLlcP2nWKjV02fRwUbP5i/OCH1tPDYSQJ8XMHS60a76Lln3tHS6bc
lDKihq/tKwAMUQUadn1Po7ngn90Pv2d5+XW14D7P1qRMA80GkqC0V2Mkl6eNgudLp7G24Tf79/bF
RrSIV65a1XrQNVn6o1GObSLziG1g9+3NHo0hV8w7qk/h6kg/PWPSA9kbUNUbKlJMM/YEuNHWLjNS
uaL6XbGMm3TDqA9JRZ5asWmgrzvh9I3EwEhstdae6KWm6aM3dzBd3q1k+6HnFiGMiekAemXv+iP1
1xSR/kZno9OYNuqn1nVtzn1ZpBJ0uX5zUWuR83HvkMJPNmlD50dOjWSgc0rIOrYTj2W/v3zyoVPW
O/kUs22KuFB6QAlXUfJQNb9gxycD7RwrbPaBZxfOiPUsR59XeXf60+7E0OVPVe9PrP1xvi25bNiu
tvEBe/+1NeqIsT4WgsTnK2pP0YM+fEzK9TFbmSYkh03bEiiX9jRWw+8EF48/0bmshMCtQB0zoxZl
Xn/2o+8N81r7xKCinAke5V/MNO83TlBq08zqAAE14+t/f5ib4esJi+LoFpt3kLs0Ofa9v87XnaG4
mufX/a8mphQuiha10PBc5NUeQeyXZYHPbDs+bqwozg3xd3G/d3JFxp7HV1WeVcrflu8I6uj/ympx
n6km6Cw1yXuiacmpq44Hxx8RH+aH3WcL75z4/JxV8TSeY40qNSbzdg+fHv/FwbOs6IknN6XyG5K6
1tS/75G7r3yEfFimljc5QJd/2XemtV7hQrW366OGnH8Wos767htozovc3ac8/lmNa8W96kF8q/47
/TGZrTaul6MIka0Sj08j7Clq3B2IhHjKPb+zTxSc68QLInP97LgEanzqRl7uX2PTGjrObC2738FL
ovCVitBh55vvtvy6xiqdrvDAhXLP8aJdzWfduI3uzlpvijhO6x7rr2Pf1Ca0vI1lN94goavGujw1
4qaM9KEVX7Rvb3mQeIf7qaQkS4HWt+XOHSdZcat0+OwCsqILss2Xusi7E++zbepibxd7pbzhAk1/
yUcOWIOUs3Nf4QkbtoFNhjqSJkrCoquvn0M5jg0tM2dqZtthsUwhPEHHYFj6jKR69le1asxDEVhA
5Q/U5XVXJdY+lb6+U3V0hXGRTZzEhGrL/cyGbVvNj+ccQlGo+w/sER/M0xzfX3BqcPM3TTuXQFEb
PnEu0Surd5ri2Y+H8m57PHz0Df6j4PtxFk6MnzbT0SM1a65zKopILXtpl+p5eKz6gqo0zMXKIs4/
fmOE5+D2Je6PrEY3bvWtIoUl6B3Zlyr+XR4T8ewGjZldn7yhRojXX9YlqDCAI15DxpAVfrGMPbjZ
q07t+oCAgPxDkePpUY2l28uWjqvD/KnnT2bs1o1dt+t1Zqe9ub/oDrNfyZf9lMwm9rTv6zsXNBqZ
oD4sx9sWt1Vv3ds+v5fAswikhv0IZjk8OhS921xBQOu9t2Wto5FuEdqk6gOQUSvUFqrL+Xlnhcvw
C23rJYp27VtK756nXqYezDuv4HPCYt96ZLqmMoLIKsrJ+kXu3NiXSz+++MSfkqpy4nW+wIpbbxql
4an/QZWPMyHLtXJ4+Pmm9L4kicNOb8dLzJTvfeopcJZPeCB1Ku6pIH+GXvNNW+JFa33Zu6ikG8aK
p+K0kXuStnx9nGT9yOb8A+MnDrkHZTzKT7kb045cTPn8iqCOSmlPiSpCPPzcUbK59Jjz4MPP7TZo
rSsJLiHom+0cBYXJJ4bHn5ueuSiLe53uGGN8e4PCnhV4Hn5RXw5S5I+DEuHvjRtELurivJ7WMWXt
fV2T8PGQ9bV48eO98TfPHj38yrj5s3iUwd2LF32u+bwxyfwo1CJenIY8n5AdxfeEUH8FjXp+537b
6gca4rfP2yTKl6NfOW7xhPWWbLxW/o7XgRIe0XSk3t1mmF1eJ3mb2jI3F8SrjvU1429qtrEz3bYx
W/WgJpPlatv3n81mbcgbR7vZy7yH3Qjxoma7eD+4l5a2e+hYwqNWFfbnP7MpyiMdHSjaG0zJMY10
79+9qX93lEuExqueO7vDc8nr3fNLS/urnvX1muRyZ75fq92J39EyjLrCnxu6WzHAyPZurEjWZW+D
EwX+X84fb5W/3aETmfjTqpnLbMOF3r7cBw2NOU8qOzIKEVfjVuvfyOW5qR1v9NoVLeeQgjeyWbsC
s080hux6N1DD/6fQZYlfE6a0SN3j3UllRInjOfU31rvdlDrc6HiSJVtol0M7gis1uMfcwd/UH3+z
PUVGoGZryqb9b7r4UwY20UJvid+gAJHXBZFtt8Pub+mT9as26aiEC69pW3/Mkflr/jflI91+F0U3
FE/+p6ivyR6rYianZxV4Z8Na29pS3qMD5lG2R5yGHgedFW6Uvfgm0eh2O+y6Vmv+yngx+f6dzSV4
kzVqspcc8h2fuVvxbFi7t60wwtwh9LPTePOx1wA2iSVNtasv843pO0EF5Y9itCq7oV5+6umv33B5
61avg1j3mXdf0J+t+OttANDFXwBY1OrvAwt3cpM2x8+U3UAXa3icTWmpULKheLfGHiE0QSiU44Vc
4rPm4aI7iWEvcV+7cXd8nsS9O0Djq7/SdeGmr8s7/3dnNuw+qKfoWXdN/n1NKPVkmSqbAkK2kE/d
Q/eg9GHYnsf2PEzN4SL1tToj5UF2Hz91dmmMLSUXCfr5WPZsH+dK2e7Vu+aXijCO1U5uc45VQHTn
7q4mWJ1dkcD3pVEXU5kvNZW3qQSS87O/pbZEIs+KXLEZM80qzCwUfSySuNc1SqLm+tVbtmUJNfwX
q/nXxsbffU00vSn3vt10SLS1K0ZvyEYW8W7laoODZeG9G16wDgmNFxRTRLj1/W2bifVhQ3ZpGsul
iD5+ihtO3koxlzrB+hjGi1pLZHPYullRwE8pUhHXJlPgizauNSs0UytIOL5t9Kpx9PU4Hj2ZpweF
vnt7feHzPGxzf9+yo7BRUlxYdMEGtgMNYVkNRf79eMUDXC6AwfdzK7/Ve7nEpg7dU3sWfCg4REw0
/qPn+UILuYj3UpYfIh0R3i9ry6Ox91U19jzwOL8luCglrHn0+/JsfrnOlBW92+QeHVVHSXc6MReg
Dq0mS7NfuVkTdXmQn11+y0X5LUrcYbQvm/zxV711LqpWxJjuFSWIeghf0BS0dWDaz3OO1UN8ws4v
LjL4Vl2N9dkizvv2x12J39zuoJ3bcBEb2lTi5DzeIt4c4YmhnfgUsZ2jAb89hBkY83mxRWUNV05D
zVXZ00EmT9/eaQ9D7IJ7jKsNxRaH9Seg956JG0igbcFF8rBWnXVYvs79K2Viq6xFcafma5abV51v
vDu39VZOd+O1quZlo4PqMQKxnlV9G4yHPr1dsVH0eUy66jWx4GO7Yhqlh4Wqt6wf6OE9uivOgfDp
XkdZ8o9kCiubKdP6V/YOTwcCHsTLaGQJPP78psyIZ+utd/fTml1a1I8eg22OoV5YdkXvpTu7W8Vo
0ssDP5YTRl/CWXfftqzq3HrdaF2B+qvIHbKV6VUr6i1JrF83eDSjqKr9NOvNwoKazyb8SiMIS517
BzmSiyNb+jDwwpSdQrz1XMLaCbWs/fuSMKW0jTL8F+MOrjQe2TX2ITMqyzlp01CLhZFQmNnS8Itv
5FRZyXrHzC81vdcOaw2KjEgrGO4C9FllxtVW5u4/m15i572Xj2cfB+67322My7MeHR9Lr4Iufg0l
fg2rU5/XYC0S7DP3v36ff6ek5obK64gO+MEVZ/ReWkrfNOG0aTG3fpFzN/N+xRW2eNZL7/beyj3j
6nhry9jpqysBJY6+JcDaaCvhqnpth+Mi/G2K4gc0BS0+vKCx53sF+yln/sRmjt7qenQg48AlV4Dp
q015zkYMWxyLTEZB12eO5fVX9zQFD2yhoIuCP7NtSlXDXfS6lRovfxt+vbXSuQV9weQCJiZH1Lcj
4I13Qu7OyhQVNStrNWX3Y9cij+ZLZQdqiYX8tE9httr26i6/QeWRe4lhrUMndi9zMLKX2osWbHW1
suTTGz4jXLZ7oLsDsU6duv6kRHZLe/NtHwc1LRuBrQdWJcr/yvsgeajqcpQF6qlFQnTBd1b3iIs7
klcbFjkOGhKU7M/KHnqpkAdMHOKcOGT0tVnjtVbFOo+l/ua6Sqjqg2rPN1jBWeKY2N6sy3R1rHpv
8aJzKw9x5xmZ+9VxcsKbtMoTMvWSee8Onq+PinwrylHAWf0rWdJ5vwW/Via+d1mTmvn3MPM75y9r
aX+XPmdLWcKJctfhFzbOEVJL3ogZWbWmkSds7O5E0IPO4ugQX7s4PZMlW/c4hyXyqkpLyjunnp4Q
4ERGxkxsdhZQruDZov0xI9Rf8Gayuju283Ru9NNakfuxlC+XeDV0WnhZOFniEpl8M3vjJI/0yzrx
ngrU9RY46Xea75kfxTJrT+0J6p6+7tWYKHMOCyJ37ZcMxEP7HG6Z2C1Nw8PNnbpn7iAwE9Usce/w
jxrSoy9athXX1x4UcpjYUuFBk/Esiit6/lpNfa+cV5NgU0VN0IdL4YKrgzS2WG/4iOW6JHu8LP91
MrNReKi2B3e1/s/HPRwpNTGJ2/mVt5vaHiH4NH5t0vvu0em/3Us0yStYQUrQeqiPe8/KvOEi94Oa
mGtYFv5lQDjV48WojZCcC8bqmd5gvtDlnF1v0z6sq4VdsOQL5Q3Ad+XCPz4YXef28lvNJuXIfuHq
H4qZ+vHcaa+d2/EDh79Icr3p4dA4WZfedq4jcsWJRjZNE3fz1eFMrRwlykrHgYTooJdUYujgryXd
7ZKq0L01MyAdAIuZwa0DyDlcGmpRLi3LvIP6As+xb2z3zdjTti5uD2JC3veu0pEhRZ1aLncmcfvm
Q5ydx24ekQ5/kt+3e59UG4f2LsHsvA1O0iTziRKy7wPhgkMH9n7MMzBvGRc/oEEyQuTvsgjlXyd7
tJz1bMuOoCjEkYr7aF0Lak3tBcREenCZThRPVp1q2wWpgqRzvSt2R5cZKCTUZlVuPbxKmVPYNqnM
ifiDiSz2y6J1XZ/stTNtL7x/nW6HCRmtb/UZZIGbCOVQM75aq1EN/CaiXR4sC1NVHEYGciGym2Mf
jSTxXnHVKn9oUnPFsMz6w5luf86jilHlb3dYy5a5bAwhaaUlh2eKu/es63ywhmnFR42jKaNXE557
YnlIGcfVitcjzq6xv3zh1JXajpKb4sJC3rHJTw/2aQ7HP9P+7Ll0rMZdcVA3gktJm2057V7ukrWO
OYmsfEcsKxtfsvJHuhQfvlkrlVzVVcskkKs1wcvn5GXYxCsqdDTB/J4iSlz+TAM1XJl0ySRgYL2x
/LWAQmP3TR98H9H4vh0ybhHv6Zlo7WSyXLp3K69uXLfvtyM7HMzKl1UkWI6faHDS6vGTeEc97/b1
jhBNvdPsXUd09Unt7j1ba3046rjeGWNgrF9NImKDqgklAq1fsofOq4kioo93qimLSOuuTRBPDMbL
ySaTinysX3BPKKEamoRTA5sj1z1kvRtw6LaW0xeuk8splQ5ZDz6IKNa2Nzadprg/6+XkFyUWxVGN
nFj5PYZ9yZKXXobpBQmwrCk35sHeFf6is4fJ+Epm5sNyuKxuKJXp60uKsi0x4OhbdtMv95sG+hB9
6etvnTFkTntGTAnOPN3O+XGn7rJVDvqVtdfPb27/BHAIX0cFqOly/XrGXLGzuy2s7X7WnR2e36gb
e09UjkWQn5DbwsMK9EJ7zY8Kd34T4GzeoBoi3/NZtrP4WcQZaky1la2MwVWMwBpDqyChc+b2XXDa
qRGPnedOI7juK60QZLK7K3bAKP+29HvH196WQT0VYfyAKbc5nJfvh/P91TKuMerK7w4M6CXcD4jH
cXr6mMftMiUJO8PL3artxE1Pb/li3dX0KAluqPdaUHHj1/YqvI+OwBPhzT6RZwdFvR+vbvb5vKzx
29GY4k0BsrENFyoaHq7AeGQcZ14Wa6YvKdfHncAveE3ffccHvBSHH9X2a1nuFZnK4+PP35seDV8i
LTrmEHGqOq/CV7t2LbrjoZKP4XY56fYSLZ2khs1xH4XFSm+wRTzcFiZE7dEZ9KfseXnoYLQcP+Bd
dMziMWstYdgvXKxeOFfAsqc1druYyRfdMAOTEonzuMQNt91Jqje5xWNcLPMGr5sr1Mi+8Bh5+eOb
w+d4u6vBWY92pN9hVdPFPUlL2fEStu24uFf7u9qC5oBgr30lz90eoRSdIjNOebZ3dxzgW3eZv1kp
1XffccA6xMbliPCnhpC1tfls/Up37yqxG1geLRWQJod2/Fr69M2Ge1CbNEMXARA47P9b4My/Idjm
ILBNlswFzlyImDn7vWH/5U6gf+8EGtqJKWTe/0fAmb/T7mZz4yBv7/9vo0ixvykWg5ut2Cl+JwsD
WMpAlTIYewzsJWZKJVPgzN+6hp7dNchL0P/LXcP9PmZwkDHDAIFi/wYMZCAxsVO1/wbOZGFQNhl8
TQZakIGWxE2dBQeZN4RZSoC8qvm/TZ78HXdKgOBO5wJnsjCwnAwgJwOeyIBJ4qdUsgCx8nfu5uwh
AHlN6X+dP/n78P6N0jjd/7+hM1kYmE4GoHMaFzlNpGQQqxmvizRmmYZbMrCWv/WbMBusOvm8//+0
48i/dRwJ6TgwbfCnLf40K5nhLgCGpwAYqGWAYakABsAXYJhcgGFzAeS0A2Gcj2F2AYbdBZCzlTS1
2vQ3LUEoY/9114j4XUtoCIkZYDgBADXtFxm9YvgBgOEIAIYnABiuAGD4AgAF4R8jZ/d6kXhTBl2Z
wSVmYG8Zo3d6PDIaZbizGcwp/l/DnKJnk47/bcwp43XIM5jTeV+H/D/GnE7LNY05/Q/l+tcwp1is
DBJBmMGconA4Gdxi3gH8P8SczuBEpzGni8aJ/huY0znesLvgC3aBRbwl/d8iiS44JWZ4EgzSxTSN
dfGki/+IxrpIzCn9lbo49AzmFIsHxyVq/teXz8voXBTn9B9yM/8z0Ok/42b+Z6TTf8jNnBfSuThS
4T/iZs57xRZ8RfkMg5GBspwBwy3MsvwPSaf/iJs5b8cWRDL8H7mZ8+F/Fkk6/UfYzPk4CQuTTv+v
1Mx5aY+LgxT+I2rmvFjVxaFOGSyXmZ79gWP5H6JO/xE0c96eLc58/ENm5rw40MXZj3/GzJwXq7o4
0uk/ZGbON6sXSTr9Z8zMebu2KNIpg2M507OFQZb/Gef0HzEz5+vW4iin0xTL6X79CWP5n1FO/yEz
c96uLWhB/m/MTNR8l2xhzOm/y8xcMBJGLxgJLwzBZETCYB4C4CZ5QRgcBpiMhNHIeWfMfLMTs+DI
YjRFBwgQkH81hQKH9LyuYl4W5SIgVBgEQgYJhhwEMNBGY+hmAOwUbt6m5sUwLjimkKBtwSNQMCQ4
gFFYAIZEATJ0VgOdtoVFzDuCUfN5CszCuRhopBFgnA6A1wcARzAShQd9IgEGgHYBPX+MNC9zCbMw
ow8DTkpw+My0BmYJOCzmj63NFyUtzCqlawwNhr4zrREI9Nn5p8bmVSR2oSnzOzN0DnDkIkbXP0we
5+VbLjy6kDhQF4S/kH8oMF/DYxYg601lMfONZewiTNZMdsZAWf0hY5qXiLkwLwpPmEw8p+FhSLAR
PAb3pygEPV+Yil2YAQUOZCyAnTH8kwQZBPAny4+cL3RcGCyKRuJlCDjcTGtocJLSWVh/am0+p7Yw
WxTAADIYMCYALZwMGo+DAVgEGKGCrYLZBWJO8tZUa/NqcuG8aXqBb5JAhpqcnfQX1E4RyOYdkKh5
R8nCjFvQqIJuCEZnCxPAeB1NQE/iG5Hg6EET5m0NPd91wy3on6ZHCRINOkMYmKjJ0G80IEH9YrHz
ukLUfL4Qt6ANQYFhFX3hb6otBi/zT03NN6txC9oQNAojg8Qjp5vCgMMD9PR/amu+SGRhguw0oA4A
IyssfYJNYvpAmz45BeZtDTmfdcQtGPfgFox7FsPf/IdGfD5fszB+k+7Y6GHnNFF2Gqc2P1F24ZR8
YQAnCrTbAOg3p1ubvgR/am1etOiCg2uaroelB4xgK6DHAB0WDAv6EAR63qUN1HzXG7/w6JpiQE45
KNDCITEyGDAQ/NPy4bwg0wU9FMMZMtaiZuCWCy9GzX/NFg59MMhJOzeNg0ViwcmJ+CMOFjkvjnRh
7iADUz7T2lSg9afG5jPhC3NWp90TCkx8MOBAmXZPdGQwgJk3Pp4Xu7cwaXU6rJhm3U6HFX9g3aLm
vWwL2pBp5P0kwREAGEBmzBTBETe/bZ1vqi2GtkqPCNGgWNMDks7RRqDnz5TnbWtBrvrvyNM54IX/
Pld93oz+D6RKehaJ+gvWPQX3RP3J2CHnxa8uhuPLiMVnOL4Lx+LzrtIRFuGfpmPxmbYmTd38Rnw+
gzC1BeJPjf1DaPD8ZMxFpE9TCz5/9WxqxWf+ns0X+0xt5vhjTIcCY/LJpXc6UpBOfwWnzdxr77/f
faMyaHPeVKIHyW/y5psj2YOB05SdKqUSHb0pJJo/gJKd/gqnOKLhNDfqn29wLgwsnYHqgsE1fXV9
OpFAgTZg7uX1/63wCy8eIIDJLGjKYIEXGI+UQSEAhsFaBBF4CiNFpZEp7tOyTdLUnEluRCroaTFo
AkFWlUL2pRIpcA0/TzcyiQZXcbEneVBp8J079eEm+jtl6LSnRfRkQe88fRmmcLhgjIPHTbqwReNw
/5c9WXDV42/oyDnumS+8ieL/dtN8PvMHLLwzYiqMRf0Vxk6O/YUs+yyl21OoNKKjqwfJ0X5S2dOa
l6UDwmQRBFnwenjCvakkDxe4B9WefjfdzZs+NeCL2GuyqGmLpTsjwsx9TBwCTJExixgu/1XJF7Uq
AwY1oKhIhrVE0TFiMkhgEXxxBzIo1OT/ZDyINIbAeFkERtbeg0aCgzMA7m7v5mtPIcIpRE8yhUZ0
gjuAs2ORoxtY1DzF0hmt9DUlHHqSjo4F/Rp2TiD9/1j6BcOm6VBm2uX/ObuZJb0jxd+TRpah0ujW
xs/R1d7DZQo/6eUNTkQS2YNuasDARZbqSvZ2c4L7EuGTW0sWM2r+EOJP6f2vDQmIyTB4/h0J/0PJ
Fwzo6HdnMDM3y1Ggj8JP5l3zRz6zJKf715l9Oe72JDe4PcXRleRDlPUlOsgycDL/YCPWwruWZhQ9
eU8aObOWM/9N6f+yuAvvfJoWd2qtkG5NgMn5OLVWuAhrQvePoFDu1El5fV3taVR7T084iQp3oJD3
Ej3AWWjv5ubP+Gsx8i68SZCRzk2lqviZiGUqVf3TDJwOt8i+9lTPSYFJHk5EPxlPV8/FSLbwbQAM
6GyR9DQWTDDpd7IYMwwFRiS4xWzBm0QmkyhEp8lpRZvET7oRfYhuMz5lESIu7PSmM296Lky/kctw
HVO58CJ1B1pd+EyERFch+IcvmeLmRNeiMslJEcBgFrXncuHIlHFTBYlAgqEEhrGqDIoKoMBEbhEO
eo4NjVMoKXoR3N6H5kimuwia50xn4ORJkCsVjljErseFt38hUeDoRNCXVAky9MUbxk5WYNIW/J9k
pzg7YtCLUuvCwSVy4eBy4Z1E/6fgct5b88DCW4mmV8BmIrTJK09YfIj2xxEAp9IvP9gkGDF4ONHB
s/5wAL2InbgL3/7FgeqgRziM+GwmRlhsfDav3FRXojOYGtITP7iDoyccASxC1gVn2fRiLSMomFqG
Xmib4qIGKpaAQy1CsoXvBjJSixk3yth0vWg3OrdoSDAhXoRoi7t1SN/nAwYD0y5ocqcPbhH7wecW
DfQZi9HaglHe9L24qR0tmBkfNLWj5U8rKQuNvd8AfJP2EozuXIlgkOcAX5RCF14Qno5BGBv/USgc
6I5Q/9HG/39F6oUDPRTyb6tWKDDpRdGXsSdXrRZhn+jO9C8BZTwpJB8Z+8VEdL/vDZvDxP++mWuO
deG/flS1pxLpD+PQn1yhkIiUqU7SS1hkNTwcyU5gkgUDpp6mnBGFXgf4vbXZRnz6SFl1kjNjIYtq
RX83gKwn/dEhN6IzbeobheTiSrP561S/jREEOJTprcJkLSx3weBo+kNIMA9vNzdQi8ACvyHBy4L9
2484PEYGMf0zCvIzGhx6YL4Nxm7TddDg6Rc4BQb6MwoDRiZ4HGgBGHWwkDoYMJpGYFDAX3VwMKup
54rmbgYP+RmLwMug0Rg8dqazBJgVbgFJAQTkdwzoUpFINBqMEaYrAZBKSHqeBTox4C+Ng2qdeuxp
npZQkN+xoBPE/NVbAA2tMdUf+j3W6UoYSCUMGFMjfjsNFlJjMi78+2lw0Er0iAWJQiL+qoSHVgJA
64MjIPComUoESKXJTSkoNGGmDphdQerQn73BEfCgi5iuBEAqIenbzEFzASYK05WgWp68M0YAwDxs
phJ9CCMWGDhgVA2tgEKDEchM38HQFVJl1vUCBwi0Cn1PIAYLGuSZWjhoLcYV+63v+Dkq0fMODA4L
/FWLAK2FRgH03mNwM2KhENBaKPpNbTQYFM7oCIxhobXoy00I5F/XDYWEVkLSwyAMeN1mxELNoW4k
PSIB0Ni/9ICaQ+cA6ImxOAT6N+HpakcucOlQ2Dkq/P3SoXDQKrMuHQo/RxXIpUMRoLUglw6NmKMS
5NKhAWitqQmHRk3Pyt981+zYefp5x7+cnYWB/szbY7AolJIS4z0PCsp+U4v0MAeiC8lDUWzwTqkY
DEw4xcwxBggDTzWiK0k7gELcGbDdxDFgryPBSUxZCTzKHmyZCPez94Q7T76EhgojUh0Vt6gZ62tu
oVfwk/Nz93QHxYD5ubt5UOX8FMUmD5EDv9OLZcVgk1VoexXFLAwMYfRoYy+JBkPKEGQAOICShjlT
7N2JYA68FwbIYMXAU1KcnOWM1TUZJwT/UhT7PclHTYYpYHpLkEUgwYkPB2vAqf4eNHs/uAdVWIxx
HMli5jAPqsykTJNLAyQLWfB6yk43BGZZjhTSZO4Ko/9t70D2pimK4dBOCKQDHg3HIR3t4QBApFOS
EQi4k4M90ZFgj3XEIAnTLXn+JuHfmqKHUmA6A7alAH6VM6SQnbwdiRQlLUN9mJYrmUqbahpGkEEg
FWT/VoVl8gg9oj+oGCeqkrjE1O8zBSwKsrOk//f6A16tufsDjgKG7hTAOnIGYKTi7K9uTyMq0ddY
4AACjkSaIJByCJwcgJGif0EoyM6qyTJ5qBp9eYa4mEN/q/nboWSKCTiOlOir0khPKswHHJf0DoPC
gcObZo/77VhG1f+mvuw9DQwW1pi7O30e0OvJqZMdvd2JHjQd9UW2IvvvSerkOCOmpzfFbepRWkdZ
ohuRLhEVFBUA5XRylHMmU9ztwZPbe3q6kRzt6W3Sxx944cEfaSSaG1FpUiYVN9rUFzcSvQk5N3sP
F0UxP7gT0dne240mprRYADkMDjMBzZMbPWg2JFJ87KkkHyJs52+VYGQKTJvsCxoQGMndk0Km/8xY
e4KRnWFgagLT8QANlAeRpjx1sd1IjKs+KaXsX5KD3xynhsaU8DuJXtO9mJxpfzt48kfZ3w8Bvzv9
No7+wSn+dtgcA1KWYfroX2cMqxIL7F/6/Hsn+subgK5JUcyX7iuIs98p9FtuM23XxOcyfWDONjlT
QR3Q57m4uhzdJgAIJJKOip80B2IIhBhYDbQjf6jBmPLi81oGsI6KN80VrAJ+mzan9O+gA90Dpqb0
ryb0YSL+/87QlZjx9n4UojMLAkwh0SyImQ99IQyMhZxhU2UABkNnY03+4sEoA1Np+p7jv5XRl0dm
1wNQ9MT772WTVWeXASgs5FgMlr4W+rcyJB5LfzpmVhk9t4AcO8f58MjZxwIYAn3b79/LsJPLS7PK
kHjI+bD0B9Fn95ceDEP6BjkWVCASoj8sCqJnAIvGzNYVgMUCUJlxSGgZHjVbFgBLQEHaBYNgSLvg
gIfoAEdf5p9dhqJvZZ5VhsZDZMFhCBDd43AIaBkeAZWFANUzHoGEyIef47qBETVEZjwKqlM8mv6k
xawyDHRs4LE4iP7wODy0DE+AyExAIGaPZ4AwuZdgdhkaUoYiALP7Bo4hyFwAr+RcbeCgbSDxkLFB
QOGhx6IJ0GOxCGgZbo5+0NOZ2WX0BxAgZVhIGXpy9Xl235CQeYQlICDXEozaZ58PNOWQsQbadQBa
hgIgNgeBhtohBAYFLcOioWU4DLQMj4WW0derZ5WBGevsviEBgDB7TCIBFLRvoALnKEND5ttkBgjR
KWRuIfDQ6waeDwdtAzNHP7CQcYUEJzW0jICY3S7ofCG+AomcvIk6qwwJlQ+JQkN0BZoDaBkGCy3D
QuY+EonDQ/oLTiOoTqE+CtQfBjIXEGjIGAfPB7lGSCQBYp+RKAQGWgZgIfpDISFzH9QUHqIrFBo6
rkCXPNtGIEETAZEPjYDqCj1Hu2gUdK6i57CTCDTU9yABqCxoFMTeI9FoiL1HorEoqHx4iE9BYhAQ
34PEABD5kBj6HbjZZRioXjA4qCwYAiQGQWIRkDmIxCKhcQ4WDUCuGxYDlQWLg+oenNOQ+YYlQMYQ
gIHaFwCchBD7jEJhoLIQIH4QiUNA9YdDQuIDcLRA5gcSh4VeDxwO4iuQc8QH9GkJjRPnaBePRkHa
BWMByHUDY4HZZSh6RPlXGY1iT3IjUiZfXLaTFEB/nRoaJmtMJtNgwNTSm46HMxk29eY0WR11mJUC
AauB0AQQangVHACo4TVUVFTxoHNFYcAShAYKo/TnGjYsky9ptqfQJkN5FDhP8Cxbt2rs0GRZ8j/6
zKQsRCo9DaLK0Pxo/3YbdCVj0Wj6v2Aoifj938kPDotdAtB9AI7O4sMuAQ0L6KCXwBD/tiBzfbzp
+ofBlhDdfP09nOav96ff/z/6YdHRMNGEgynO9ACA+ZJorjDGsIBRiPQXijvBnEhUR+/JCizenk70
IjkYI8MmsLAYgPkzAgyQwUTX3tOTag+m2OBp3NymD4M5k8lwMKml0Hdxw1TVDKksJt7E6UO0TUwM
VXV2/v0IekVnMCumL0bBTI11qDB7DycYGcyEKbDpHUVguuxJcpw6F4BG0s8l7m7v70CUgOkYm2jC
yJ5ED5g7kUijJ96eFCKV6EGbXESAgf9N59Mw+ovEyBSqK8lz6kRYYDJh158lkAvRg0ghOdKlZzEH
NcIQnr5LGebpRvSwp/hPlk/Gc/AZBaqSNadVy2Li6j3980wXJnX1N0Hh4J/0jbXeHiQqDWyQ6DG5
N3TmBDgU/QQuRDL9jjbM1R7UDAxAuMOobqCxAjv2++LDpNLcyFPrc2CjFB+SI5HK8pt1Ycj535j2
M5+F5z8A+igcY/5PZsfg/EdiQZPw/8///8GHRQUGKoDmTYU5uhId99IHEGNIsCjO92Fh0ben0mBT
huB3OzA96N3AkQvToRHdwZlPIbvDGDtsYVaADX2FEfwH9vuWx8Vvx53ctelEndxszgJOB3BKw3yJ
FCIMnME0+koZdXJHOowETvHJzSFgkTt9I6IjGZxFRBoR7kyiUGkyLBr2FDd/mJO9PxVGcyV7u7jK
wLYTiU5U+gqcAxE0e/CpM8mwsBh5kxwc3IhUaZiXN2gBGF+m9mTLgcojeroSPWSc7UEJ3dy2OYJT
ydEJ7BILC5z+YWGZNFJyMAsDQ0MxKswblBgUimEHWci+oFWRgxkS6fSGnTSYiocThcji6zJVn2Wq
v3L/R225U10mk7UpdVH9PcieVBIos+FOFZgTfecrKBlocOzpkkwa29+EAzVIl0Ca/gU80nHKLUyL
Pbny+ZdYszYI0Zub3lNnTwJtLr1TcD93T0/63roZjZiDBpBuocCBRFc7fTDNSEJvyJEEapZC9QZr
UacVZWlPAUfozqmdepN6Amv+G2oCEITZalIBLasD6LWkYVR7/0kJyTBDzZ3/oPN/31A40/HpGzz0
mcZYDHYne/w/7Vxdc+I2FH3vr1DfyMx6zUKa6bQPlJDZQiekTJLp9G1H2DJWsS1qybD8+54r2cKm
tCVbOn1BbwEi33M/zj3XFkijSgqHO5mMV2KRNbDvSwk/vZY8z5FkFvdoxHrjB6Y3itoXct51vkv4
oj8cHvuCDp4jewuxY/apEiokIgTIebG13UWPLJHAENuROijO9pipEfo76ZsND/p97zmkEXI0tL2Y
g2Vsus4WH2e/sh+VioPF8+xlHj5/nNwNMJ2LTIsdUkg0boTPup4M70WhpGGTjGMz69fH+Xgxukzh
DY692BhGTbtQReAs1xsRyQSdfmfpSDG1TCodUTnQjxnTT5w2HixC7n3xKCgipcjpacEqN58gGD5/
MjIXjnSpMDzui5bK3bfHwLCnVgUHTTL31ZV3wMeW4EQpyndshdi4slblKSjjOAZzw3D6cqaMcSWJ
6FqBxx5nL4sjHPaltwFBrmw6KDAl/qngtRBNxRcK3jep1C3lS72RLm3b2ykYzU6UlGTKD409bfnc
qegJLyH9TE1ltFcDa8tLqSp9fulEzVYBdKHOUZNRgKEyE5GtTm8kqUYe7dvdZwxAmrOJgg71lrCe
Pcddf/wAxfZ2iGkQG1jnrXzT3rObVcO+yyr2BsjW4KC9JyD/XsnSPa32mBcp9DCKZUGewUeVSsC0
vvnSu3LDphyiOQ/u+fpEPP5FvQxvazq1Vvf0zTnYUmvMkmxxAbVWe0Q0Mw1C6pKdYaGBNOflmj0p
QwNFyvOvduHKXXQpdQcSbKCA6ubQzNiB0eGiWmYycvGiDwa7lf2ezM+ReRBRSMK9Beo79tdICm+G
3WgQtAaaNhyLpsfpCFGB7N2KwKiwlElCdUdPQG1pjm582HiVsalKkpwX/wHAD/3bDsDTZ6HbEXOm
oIftSeUwX3DQMODGjEjS1iLLYJ3t9Arqx420VqQaUGeQG8k2SkvTIotXdNUpL2OoSgv0KRwfg/yC
vLyrK+58hNYE35uNqqJUG1UIH8coU1W8Z8/jWWP6pMowHLOfRFEAsnb2x1WB9rAX5hIoBnenUHR2
knGN4LfajMOTendsveQysLZDbLzfxKBv0jA0AgTgcvu/oc7QmYKYhqSeiuPvgxsPu9YjfnKqsU95
UQjNXv0BAYf+mFa+EPftG6P3z+cUsFXCW8xb8t37FWR/tbRHlVIL57BN2NpRxhp2Yxgqw/am5176
A91/8O58gjSCRDL7r9nLvCYGGgwC+yejG0luQEAHxbAW85yvaOhLMAtCfygFXbjkcbY/NDjxWezZ
XGSFXKst6y25xj+gFDnVmnGC6Re5hgRnD9U6VdtC3lw0Wt902aSjfmoOAMNDQOUW31aKnS+htCRy
B9gpzUI5v6Rht4PhqTRK3ZXsd8A3nCis4QD3xoEE8Cq0KwfB7SF9qH4olP/3bY3ruq7ruq7ruq7r
+pv1B9CcldYAyA8A


--=-R59e+cga56IpbuvkwhK+--


From richard@shockey.us  Tue Oct 29 14:44:30 2013
Return-Path: <richard@shockey.us>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8390511E829E for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 14:44:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.419
X-Spam-Level: 
X-Spam-Status: No, score=-101.419 tagged_above=-999 required=5 tests=[AWL=-0.309, BAYES_05=-1.11, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EyxB+OCxVVgV for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 14:44:23 -0700 (PDT)
Received: from outbound-ss-1429.hostmonster.com (outbound-ss-1429.hostmonster.com [74.220.221.129]) by ietfa.amsl.com (Postfix) with SMTP id BAB0021E80A8 for <perpass@ietf.org>; Tue, 29 Oct 2013 14:44:17 -0700 (PDT)
Received: (qmail 21175 invoked by uid 0); 29 Oct 2013 21:43:48 -0000
Received: from unknown (HELO box462.bluehost.com) (74.220.219.62) by oproxy9.mail.unifiedlayer.com with SMTP; 29 Oct 2013 21:43:48 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default;  h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:Cc:To:From; bh=banp90yfaDwCZ+SUeDfO1j0DSmf/Vdi0ChHXVY9jxXI=;  b=QADgDYXylPHod9Tv5JbIjHu/WGyMeLA5FX2IGGebUFHUciz2WdWy8UwXmIRxieGD1keN0opqv1k2+R7E+QdoYflzfMbWLXngr9fcGR0FRxJDXtEd+xXENpVEKTco3+Y3;
Received: from [71.114.100.16] (port=58313 helo=RSHOCKEYPC) by box462.bluehost.com with esmtpa (Exim 4.80) (envelope-from <richard@shockey.us>) id 1VbH4m-0007Se-8x; Tue, 29 Oct 2013 15:43:48 -0600
From: "Richard Shockey" <richard@shockey.us>
To: <ned+perpass@mrochek.com>, "'Joe St Sauver'" <joe@oregon.uoregon.edu>
References: <13102810494583_8A24@oregon.uoregon.edu> <01P04ABSOR0E00004R@mauve.mrochek.com>
In-Reply-To: <01P04ABSOR0E00004R@mauve.mrochek.com>
Date: Tue, 29 Oct 2013 17:43:47 -0400
Message-ID: <01e901ced4ef$f3615e80$da241b80$@shockey.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJbINlGk4dbslrbCasP2HTDqkp5+gE2ialimOnkLJA=
Content-Language: en-us
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 71.114.100.16 authed with richard@shockey.us}
Cc: perpass@ietf.org, huitema@huitema.net, stephen.farrell@cs.tcd.ie
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 21:44:30 -0000

Ned makes a number of excellent points here and the real elephant in the
room is under what terms and conditions is the ongoing collection of
metadata about IP communications in any form actually needed and in fact
absolutely necessary. 

There are perfectly good reasons to collect this stuff.   Though the ongoing
concern of this list is clearly the Snowden revelations some of us actually
want that data to prevent and investigate real and legitimate fraud and
abuse within the communications systems, optimize network transport etc. 

First if you take a little stroll over to the IETF STIR problem statement
you will see that fraudulent voice communications is becoming a huge problem
for National Regulators and Law Enforcement.   In the US the failure of
Rural Calls to certain areas now requires the US carriers to maintain ever
larger CDR records in order to preserve the integrity of the PSTN itself.   

http://www.fcc.gov/document/fcc-acts-combat-call-completion-problems-rural-a
merica

Consumers are totally outraged by the violations of THEIR PRIVACY... the
right to be left alone... by malicious Robo Callers who ignore the various
Laws about Do Not Call lists etc.   E-Mail spam has not gone away by any
account but the need for logs and records to attempt to track criminal
activity is still required.  We want to hunt these people down and shut down
their operations.  

The issue is appropriate safeguards on those records and there is
essentially nothing the IETF can do about that.  

It is useful to talk about strengthening key length and understanding to
underlying archectural reasons no one really wants to deploy secure
communications. 

I totally agree with this statement. " I think there are small technical
changes around the edges that can help, but I really see the solutions for
the metadata problem as more political and social than technical.
Concentrating on making encryption really, really easy to use would go a lot
further at this time than messing with deep changes, because people are not
even using what is already available."

Though I would not have used Tony's precise language on a public mail.  I'm
afraid I agree with the underlying sentiment.   

There are more than one joke running around Washington DC about actually
wanting the NSA to keep the CDR records if they would actually use them to
stop robo calls and call spoofing.  



-----Original Message-----
From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf
Of ned+perpass@mrochek.com
Sent: Monday, October 28, 2013 2:30 PM
To: Joe St Sauver
Cc: perpass@ietf.org; huitema@huitema.net; stephen.farrell@cs.tcd.ie
Subject: Re: [perpass] Traffic analysis

> Hi,

> Stephen Farrell <stephen.farrell@cs.tcd.ie>:

> #Not quite sure, but I think we might get some benefit at the #moment 
> from considering how specific fields in real protocols #undermine 
> privacy (e.g. as Christian's draft does with the #Received header 
> fields in mail messages) even if/when TLS or #other existing security 
> mechanisms are properly used.

> My concern is that many traffic analytic approaches tend to be 
> exceedingly robust to "protocol improvements." Protocol tweaks may 
> accomplish little when it comes to practically improving privacy if 
> the underlying protocol's architecture and operational practice goes 
> unchanged.

> For example, when it comes to email, shouldn't section 6 of 
> http://huitema.net/papers/draft-huitema-perpass-analthreat-00.txt
> basically say, "if you want to avoid traffic analytic approaches in 
> the case of email, deploy and use Mixmaster anonymous remailers"?
> ( 
> https://en.wikipedia.org/wiki/Anonymous_remailers#Untraceable_remailer
> s )

And good luck with that, at least on any kind of scale.

But your underlying point is very well taken: The section on email in this
draft focuses on irrelevancies and fails to take note of the real issues.

I hate to sound like a broken record, but folks really need to have some
familiarity with present-day email as it is actually deployed before making
these sorts of asssessments.

Again, present day email usage is increasingly concentrated to a fairly
small number of large ISPs and MSPs. (Small ISPs and enterprise setups are
shifting to using cloud services, and while the Snowden revelations may have
slowed this trend, they haven't stopped it.)

In regards to traffic analysis, this is in some ways a good thing. If the
connections from user clients to the ISP/MSP servers are secured at the
transport layer - and I have demonstrated that a lot of them are - then we
gain a lot by securing the streams between the large providers at the
transport level.

But the elephant in the corner is logging. Service providers maintain very
extensive logs of email traffic, if for no other reason than as a support
tool. These logs provide every possible detail needed for traffic analysis.

Of course one of the earliest Snowden revelations was that the NSA is
collecting these logs from US providers on a massive scale. And hopefully
everyone is aware of Smith v. Maryland, which essentialls says that metadata
is not constitutionally protected.

But before Eupopeans and others get all smug about this, speaking as someone
who has seen quite a few RFPs for mail systems, the only substantive
difference I see between the US and elsewhere is the US approaches this in a
less organized and systematic way and generally has fewer auditing and data
protection requirements. The data is still being collected, and most likely
shareed.

And as for practical and deployable measures that can be undertaken to
address this, I'm at something of a loss to suggest anything. Shifting back
to a more decentralized model sounds nice, but seems a bit outside the
purview of a standards process to try and make that happen.

And even if it a completely decentralized model was practical, in a
peer-to-peer world the metadata that would accrue from watching the
connections themselves would be a fair substitute.

As for mixed models, look at what happened to Lavabit.

> And if we *are* talking about that sort of approach, then I think 
> inevitably we also need to talk about how we simultaneously manage to 
> allow *wanted* private traffic while simultaneously preventing or 
> managing *unwanted traffic* (e.g., spam).

Yep. It's a daunting problem. And it is far from the only one.

> An awful lot of current anti-spam technology depends upon either 
> reputation (which is obviously not present in the case of 
> anonymous/non-attributable traffic), or content analysis (which is 
> also obviously problematic, at least if we presume use of end-to-end 
> encryption (at least until the content is decrypted on the end-user's 
> device)).

You basically have to push the content checks to the client. This has not
proven to be a terrific solution in practice.

> I also think that if you're serious about email privacy, you really 
> can't keep the discussion just at the level of sanitizing headers. You 
> need to get into the format of the content that's allowed as well. For 
> example, it's well known that non-plain text email content (e.g., 
> HTML-formatted email) is potentially a serious threat to privacy due 
> to potential use of things like tracking gifs included in 
> HTML-formatted email.

I think we can do a lot to make it harder to snoop on email content,
although ironically what we're likely to be able to accomplish under the
"prism-proof"
rubric is unlikely to much of anything about the data collection the actual
Prism program performs.

But traffic analysis... unless the fact that those logs are likely to only
be accessible to state entities offers some consolation, I don't think
there's going to be much happiness here.

				Ned
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass


From stephen.farrell@cs.tcd.ie  Tue Oct 29 15:49:36 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC00B11E829E for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 15:49:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.585
X-Spam-Level: 
X-Spam-Status: No, score=-102.585 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vVcK4Oym9XwU for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 15:49:32 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 793C811E81CC for <perpass@ietf.org>; Tue, 29 Oct 2013 15:49:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5DC04BE58; Tue, 29 Oct 2013 22:49:29 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0GS5RM4IvWyj; Tue, 29 Oct 2013 22:49:25 +0000 (GMT)
Received: from [10.87.48.5] (unknown [86.42.24.239]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 5260CBE25; Tue, 29 Oct 2013 22:49:25 +0000 (GMT)
Message-ID: <52703B74.4090409@cs.tcd.ie>
Date: Tue, 29 Oct 2013 22:49:24 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Richard Shockey <richard@shockey.us>
References: <13102810494583_8A24@oregon.uoregon.edu> <01P04ABSOR0E00004R@mauve.mrochek.com> <01e901ced4ef$f3615e80$da241b80$@shockey.us>
In-Reply-To: <01e901ced4ef$f3615e80$da241b80$@shockey.us>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 22:49:37 -0000

Hi Rich,

On 10/29/2013 09:43 PM, Richard Shockey wrote:
> 
> Ned makes a number of excellent points here and the real elephant in the
> room is under what terms and conditions is the ongoing collection of
> metadata about IP communications in any form actually needed and in fact
> absolutely necessary. 

To the extent I can parse that, it seems like blatant assertion.

> There are perfectly good reasons to collect this stuff.   Though the ongoing
> concern of this list is clearly the Snowden revelations some of us actually
> want that data to prevent and investigate real and legitimate fraud and
> abuse within the communications systems, optimize network transport etc. 

Countering fraud is a real requirement, agreed. I don't accept
that that implies a requirement that pervasive monitoring be
possible. But there are trade-offs and we do need to consider
those carefully.

Optimising transport seems bogus though - can you provide a
reference or argument as to why you'd need to pervasively monitor
in a privacy unfriendly way to do that?

> First if you take a little stroll over to the IETF STIR problem statement
> you will see that fraudulent voice communications is becoming a huge problem
> for National Regulators and Law Enforcement.   In the US the failure of
> Rural Calls to certain areas now requires the US carriers to maintain ever
> larger CDR records in order to preserve the integrity of the PSTN itself.   

I think STIR is a red herring here. Adding STIR doesn't really affect
pervasive monitoring since the overwhelming majority of calls already
use valid phone numbers so STIR doesn't really add to the ability to
pervasively monitor.

Now if we had a mechanism that added a useful signature whilst
disguising the caller identity, that might be interesting. Or one
that used a public key previously used to verify a signature to
encrypt call setup. And STIR does offer longer term possibilities
for both of those.

So I don't see STIR as being "for" or "against" pervasive monitoring.
Same as for any authentication mechanism.

But yes, there are privacy issues related to STIR that do need to
be considered.

> http://www.fcc.gov/document/fcc-acts-combat-call-completion-problems-rural-a
> merica
> 
> Consumers are totally outraged by the violations of THEIR PRIVACY... the
> right to be left alone... by malicious Robo Callers who ignore the various
> Laws about Do Not Call lists etc.   E-Mail spam has not gone away by any
> account but the need for logs and records to attempt to track criminal
> activity is still required.  We want to hunt these people down and shut down
> their operations.  

Yes, helping folks block robo-calls is a good. I don't think STIR
is meant to actually define how to hunt anyone down though:-)

I'm also not at all sure that logging all the ham is required to
help track spammers.

> The issue is appropriate safeguards on those records and there is
> essentially nothing the IETF can do about that.  
> 
> It is useful to talk about strengthening key length and understanding to
> underlying archectural reasons no one really wants to deploy secure
> communications. 
> 
> I totally agree with this statement. " I think there are small technical
> changes around the edges that can help, but I really see the solutions for
> the metadata problem as more political and social than technical.

There is a political angle sure. And that's not an IETF concern
since the politics seem to be very different in different places.
Basically, the same logic as is set out in RFC 2804 applies to
that I think.

However, I very much disagree that this is *only* political. If
whoever is your favorite authority can pervasively monitor everyone
then so can others that you don't like so much. And that's true for
all values of "authority", at least in principle and quite likely
in practice, at least at some scale. And if we can have such bad
actors, there's no reason why they need to be nation states at all.
Plain old criminals can play this game and will. I believe we do
have good technical reasons for wanting to counter pervasive
monitoring.

Having said all that, yes, I do agree that doing more than making
the crypto stuff easier/better is hard. Doesn't mean we shouldn't
try though, if we really want to do better on privacy.

Regards,
S.

> Concentrating on making encryption really, really easy to use would go a lot
> further at this time than messing with deep changes, because people are not
> even using what is already available."
> 
> Though I would not have used Tony's precise language on a public mail.  I'm
> afraid I agree with the underlying sentiment.   
> 
> There are more than one joke running around Washington DC about actually
> wanting the NSA to keep the CDR records if they would actually use them to
> stop robo calls and call spoofing.  
> 
> 
> 
> -----Original Message-----
> From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On Behalf
> Of ned+perpass@mrochek.com
> Sent: Monday, October 28, 2013 2:30 PM
> To: Joe St Sauver
> Cc: perpass@ietf.org; huitema@huitema.net; stephen.farrell@cs.tcd.ie
> Subject: Re: [perpass] Traffic analysis
> 
>> Hi,
> 
>> Stephen Farrell <stephen.farrell@cs.tcd.ie>:
> 
>> #Not quite sure, but I think we might get some benefit at the #moment 
>> from considering how specific fields in real protocols #undermine 
>> privacy (e.g. as Christian's draft does with the #Received header 
>> fields in mail messages) even if/when TLS or #other existing security 
>> mechanisms are properly used.
> 
>> My concern is that many traffic analytic approaches tend to be 
>> exceedingly robust to "protocol improvements." Protocol tweaks may 
>> accomplish little when it comes to practically improving privacy if 
>> the underlying protocol's architecture and operational practice goes 
>> unchanged.
> 
>> For example, when it comes to email, shouldn't section 6 of 
>> http://huitema.net/papers/draft-huitema-perpass-analthreat-00.txt
>> basically say, "if you want to avoid traffic analytic approaches in 
>> the case of email, deploy and use Mixmaster anonymous remailers"?
>> ( 
>> https://en.wikipedia.org/wiki/Anonymous_remailers#Untraceable_remailer
>> s )
> 
> And good luck with that, at least on any kind of scale.
> 
> But your underlying point is very well taken: The section on email in this
> draft focuses on irrelevancies and fails to take note of the real issues.
> 
> I hate to sound like a broken record, but folks really need to have some
> familiarity with present-day email as it is actually deployed before making
> these sorts of asssessments.
> 
> Again, present day email usage is increasingly concentrated to a fairly
> small number of large ISPs and MSPs. (Small ISPs and enterprise setups are
> shifting to using cloud services, and while the Snowden revelations may have
> slowed this trend, they haven't stopped it.)
> 
> In regards to traffic analysis, this is in some ways a good thing. If the
> connections from user clients to the ISP/MSP servers are secured at the
> transport layer - and I have demonstrated that a lot of them are - then we
> gain a lot by securing the streams between the large providers at the
> transport level.
> 
> But the elephant in the corner is logging. Service providers maintain very
> extensive logs of email traffic, if for no other reason than as a support
> tool. These logs provide every possible detail needed for traffic analysis.
> 
> Of course one of the earliest Snowden revelations was that the NSA is
> collecting these logs from US providers on a massive scale. And hopefully
> everyone is aware of Smith v. Maryland, which essentialls says that metadata
> is not constitutionally protected.
> 
> But before Eupopeans and others get all smug about this, speaking as someone
> who has seen quite a few RFPs for mail systems, the only substantive
> difference I see between the US and elsewhere is the US approaches this in a
> less organized and systematic way and generally has fewer auditing and data
> protection requirements. The data is still being collected, and most likely
> shareed.
> 
> And as for practical and deployable measures that can be undertaken to
> address this, I'm at something of a loss to suggest anything. Shifting back
> to a more decentralized model sounds nice, but seems a bit outside the
> purview of a standards process to try and make that happen.
> 
> And even if it a completely decentralized model was practical, in a
> peer-to-peer world the metadata that would accrue from watching the
> connections themselves would be a fair substitute.
> 
> As for mixed models, look at what happened to Lavabit.
> 
>> And if we *are* talking about that sort of approach, then I think 
>> inevitably we also need to talk about how we simultaneously manage to 
>> allow *wanted* private traffic while simultaneously preventing or 
>> managing *unwanted traffic* (e.g., spam).
> 
> Yep. It's a daunting problem. And it is far from the only one.
> 
>> An awful lot of current anti-spam technology depends upon either 
>> reputation (which is obviously not present in the case of 
>> anonymous/non-attributable traffic), or content analysis (which is 
>> also obviously problematic, at least if we presume use of end-to-end 
>> encryption (at least until the content is decrypted on the end-user's 
>> device)).
> 
> You basically have to push the content checks to the client. This has not
> proven to be a terrific solution in practice.
> 
>> I also think that if you're serious about email privacy, you really 
>> can't keep the discussion just at the level of sanitizing headers. You 
>> need to get into the format of the content that's allowed as well. For 
>> example, it's well known that non-plain text email content (e.g., 
>> HTML-formatted email) is potentially a serious threat to privacy due 
>> to potential use of things like tracking gifs included in 
>> HTML-formatted email.
> 
> I think we can do a lot to make it harder to snoop on email content,
> although ironically what we're likely to be able to accomplish under the
> "prism-proof"
> rubric is unlikely to much of anything about the data collection the actual
> Prism program performs.
> 
> But traffic analysis... unless the fact that those logs are likely to only
> be accessible to state entities offers some consolation, I don't think
> there's going to be much happiness here.
> 
> 				Ned
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> 
> 

From doug.mtview@gmail.com  Tue Oct 29 18:25:54 2013
Return-Path: <doug.mtview@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4212F21E80C6 for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 18:25:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LjrDYrNFV6io for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 18:25:53 -0700 (PDT)
Received: from mail-ie0-x232.google.com (mail-ie0-x232.google.com [IPv6:2607:f8b0:4001:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id A523D21E80C5 for <perpass@ietf.org>; Tue, 29 Oct 2013 18:25:42 -0700 (PDT)
Received: by mail-ie0-f178.google.com with SMTP id x13so1188541ief.9 for <perpass@ietf.org>; Tue, 29 Oct 2013 18:25:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=BgmZU1bxVglhXvj/e8jTMlVkGVNchm82tvO4uarBGyo=; b=UNMHZeEeNfcW1zw05kl/+SaEcRMuLPObKnfjiL4IBmPWZwVUCCg59d2HyR7B1/ML3E nHUIMOUYmUQzOjXMOcZpePKFxVquo//uarT/eee6TpSfA6uc/e/Ei+mkSOyGZ3H+IeOK qytSRjv5OmS8ecXwLl23ymFYL6MM97Fa7umfOU/gYWJvBK6oM4Ns7hm5Go0fg25SUpxC RB/7zOsJsR2HBW9FhHSAkOu6COOO/qNA9R5E0B/ZVtm8HXnEJfpvgW5804rAJnfGTDEN Hi0ngjhG0cixsEYsY/MXvJyAql5/UrVZV2Lv75IYeLdpHaeY4SLZH4etl1vXNNhrey1W Edzg==
X-Received: by 10.50.147.4 with SMTP id tg4mr426332igb.31.1383096341065; Tue, 29 Oct 2013 18:25:41 -0700 (PDT)
Received: from [192.168.0.54] (107-0-5-6-ip-static.hfc.comcastbusiness.net. [107.0.5.6]) by mx.google.com with ESMTPSA id o15sm4599134igx.6.2013.10.29.18.25.39 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 29 Oct 2013 18:25:40 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <52703B74.4090409@cs.tcd.ie>
Date: Tue, 29 Oct 2013 18:25:38 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <2A453B21-89C4-490F-AF12-C775710D0172@gmail.com>
References: <13102810494583_8A24@oregon.uoregon.edu> <01P04ABSOR0E00004R@mauve.mrochek.com> <01e901ced4ef$f3615e80$da241b80$@shockey.us> <52703B74.4090409@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1510)
Cc: perpass@ietf.org, Richard Shockey <richard@shockey.us>
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 01:25:54 -0000

Dear Stephen,

See comments inline.=20
On Oct 29, 2013, at 3:49 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> =
wrote:

>> (elided) ...some of us actually
>> want that data to prevent and investigate real and legitimate fraud =
and
>> abuse within the communications systems, optimize network transport =
etc.=20
>=20
> Countering fraud is a real requirement, agreed. I don't accept
> that that implies a requirement that pervasive monitoring be
> possible. But there are trade-offs and we do need to consider
> those carefully.
>=20
> Optimising transport seems bogus though - can you provide a
> reference or argument as to why you'd need to pervasively monitor
> in a privacy unfriendly way to do that?

A few distinctions might be useful.

Packet routing itself (assuming BCP38 is used) clarifies where a message =
originated based on the source IP address.  In the case of IPv4, this =
alone can defend a service from abuse. When dealing with encrypted =
traffic over IPv6, there is a much greater need to obtain validated =
identifiers of exchange initiators.  =46rom a transport perspective, =
this might be a certificate (PKI or DANE) associated with that of the =
client.=20

Reverse DNS will be ineffective at dealing with abuse emitted from =
compromised systems.  Most of these will employ privacy extensions which =
means caching offers little benefit.  There will also be high levels of =
DNS server timeouts with delays consuming port resources.  In addition, =
port exhaustion may not be noted in system logs.  All of this offers =
users a poor and unfriendly Internet experience.

Would having an ability to monitor source domains in conjunction with =
opaque content represent an unfriendly privacy exposure?

For example, say the domain "telco.com" is validated, but none of the =
phone numbers exchanged can be determined.  By knowing it is "telco.com" =
and not "abusive-telco.com", the receiving server can defend services =
without expending excessive port services or enduring delays waiting for =
DNS responses.

Being able to validate a domain as the source of the exchange can be =
mitigated by allowing indirection to occur as an immediate next hop.  =
While pervasive monitoring of all traffic to and from a service end =
point may give clues about intended recipients, underlying conversations =
are not exposed.  It is even conceivable next hops could represent a =
type of domain randomizer resulting from some type of domain decoding.  =
Something akin to BATV like proxy comes to mind.

Regards,
Douglas Otis







From hallam@gmail.com  Tue Oct 29 20:16:06 2013
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6525B11E81FA for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 20:16:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.536
X-Spam-Level: 
X-Spam-Status: No, score=-1.536 tagged_above=-999 required=5 tests=[AWL=-0.796, BAYES_20=-0.74, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0TbCtqBV+D56 for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 20:16:05 -0700 (PDT)
Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 1172B21E80FD for <perpass@ietf.org>; Tue, 29 Oct 2013 20:16:04 -0700 (PDT)
Received: by mail-lb0-f171.google.com with SMTP id x18so746500lbi.16 for <perpass@ietf.org>; Tue, 29 Oct 2013 20:16:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ZMRqL78kTAAP4pKW7hbvg2N6dzPjskTJzZTYc6V0Y44=; b=h9Sm5Gyqb9B2olsoyajsIBtBKl7KFqcqC1Nh8BSzak2gcsL03JReXFqqXU/gTIH6lm Xoj3FxqQauEDKK/qsrW2pXaz33O6GZ2DDkeHS2Z7KSLhKMO4a1s4VqhVBIWEfeP0qerQ vOkf2/psDifcZe1+ieTYdhlRcLXzavSHcka4fnHT2ijt34n/P1PmwYrs7niaKGR5Zt/+ SnTxJ57iWqalE19PVsTQWyz5vjxn8OSBu+7qQJ+qH/0KJTR5zIYvDGVwJZZNQ8+/oa1c 8J0Yri/ZEtUtTdHBAVAkrDtMdFvY6dlExvnsQ8/sevovQ6flCch9WT8FEM0MQavOT/le onOQ==
MIME-Version: 1.0
X-Received: by 10.152.116.7 with SMTP id js7mr1617444lab.11.1383102963947; Tue, 29 Oct 2013 20:16:03 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Tue, 29 Oct 2013 20:16:03 -0700 (PDT)
In-Reply-To: <C35B9AE9-A3CF-4C45-A1BC-5A817B166B78@checkpoint.com>
References: <CAMm+LwjqdYJr=J2gZcaX=M8iYrh6Xg_zYfZtKF2ie4UK0FT_fA@mail.gmail.com> <C35B9AE9-A3CF-4C45-A1BC-5A817B166B78@checkpoint.com>
Date: Tue, 29 Oct 2013 23:16:03 -0400
Message-ID: <CAMm+LwhOH9tndnh=38K=2CBqxtcMoe-7OZ+JCLq0RJQnjMz-mQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: multipart/alternative; boundary=001a11c2672ada9ef804e9ecc00a
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Metrics and Work Factor
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 03:16:06 -0000

--001a11c2672ada9ef804e9ecc00a
Content-Type: text/plain; charset=ISO-8859-1

On Tue, Oct 29, 2013 at 2:42 AM, Yoav Nir <ynir@checkpoint.com> wrote:

>
> On Oct 29, 2013, at 4:43 AM, Phillip Hallam-Baker <hallam@gmail.com>
>  wrote:
>
> > I am at a workshop on Cyber Metrics at MIT.
> >
> > When we are talking about protection against targeted surveillance then
> we look for the cost of a single attack to be prohibitive and we accept a
> certain set of costs to the user.
> >
> > But for stopping pervasive surveillance we can't always bear those
> costs. Significantly increasing the per message work factor is still a
> benefit even if the work factor is not prohibitive for single messages.
>
> Absolutely. If we can get the cost of surveillance to be such that the NSA
> can only afford to spy on 10,000 people, it's likely that most of us will
> not be under surveillance. I believe that I don't rank anywhere on the list
> of 10,000 most dangerous terrorists or criminals.


Security researchers will always be targets because people tell us about
exploits. I avoid any contact with dissident groups precisely because there
is a risk that I am being watched for other reasons.



> That doesn't necessarily have to be measured in bits. If reading my email
> required breaking into my home and stealing the private key off of my
> computer, that would severely limit the scale.
>

Please don't limit the threat model to the NSA. Yes they have goofed and
they understand that. And every public and private piece of information I
have on the matter points to a massive editing session taking place on the
senior ranks of the entire intel apparatus of the US right now.

But the new threat model includes all the governments aspiring to copy the
Snowden era NSA.

And pretty soon quite a few governments besides the US govt. are going to
realize that they are now in a decidedly negative sum game.


Cryptography is not about defending secrets, it is about enabling. Think of
all the Internet commerce happening today because of cryptography. That is
what, a trillion dollars of global activity a year?

So far we have only secured the Web to create the Internet equivalent of
shops. We still don't have secure mail to compliment that.

I don't know how much economic value we can generate with the next
generation of Internet crypto but I will bet it is in the tens or the
hundreds of billions.

-- 
Website: http://hallambaker.com/

--001a11c2672ada9ef804e9ecc00a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Tue, Oct 29, 2013 at 2:42 AM, Yoav Nir <span dir=3D"ltr=
">&lt;<a href=3D"mailto:ynir@checkpoint.com" target=3D"_blank">ynir@checkpo=
int.com</a>&gt;</span> wrote:<br><div class=3D"gmail_extra"><div class=3D"g=
mail_quote">

<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><br>
On Oct 29, 2013, at 4:43 AM, Phillip Hallam-Baker &lt;<a href=3D"mailto:hal=
lam@gmail.com" target=3D"_blank">hallam@gmail.com</a>&gt;<br>
<div><div>=A0wrote:<br>
<br>
&gt; I am at a workshop on Cyber Metrics at MIT.<br>
&gt;<br>
&gt; When we are talking about protection against targeted surveillance the=
n we look for the cost of a single attack to be prohibitive and we accept a=
 certain set of costs to the user.<br>
&gt;<br>
&gt; But for stopping pervasive surveillance we can&#39;t always bear those=
 costs. Significantly increasing the per message work factor is still a ben=
efit even if the work factor is not prohibitive for single messages.<br>


<br>
</div></div>Absolutely. If we can get the cost of surveillance to be such t=
hat the NSA can only afford to spy on 10,000 people, it&#39;s likely that m=
ost of us will not be under surveillance. I believe that I don&#39;t rank a=
nywhere on the list of 10,000 most dangerous terrorists or criminals. </blo=
ckquote>

<div><br></div><div>Security researchers will always be targets because peo=
ple tell us about exploits. I avoid any contact with dissident groups preci=
sely because there is a risk that I am being watched for other reasons.<br>

</div><div><br></div><div>=A0</div><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(20=
4,204,204);border-left-style:solid;padding-left:1ex">That doesn&#39;t neces=
sarily have to be measured in bits. If reading my email required breaking i=
nto my home and stealing the private key off of my computer, that would sev=
erely limit the scale.<span><font color=3D"#888888"><br>


</font></span></blockquote></div><br>Please don&#39;t limit the threat mode=
l to the NSA. Yes they have goofed and they understand that. And every publ=
ic and private piece of information I have on the matter points to a massiv=
e editing session taking place on the senior ranks of the entire intel appa=
ratus of the US right now.<br clear=3D"all">

<div><br></div><div>But the new threat model includes all the governments a=
spiring to copy the Snowden era NSA.</div><div><br></div><div>And pretty so=
on quite a few governments besides the US govt. are going to realize that t=
hey are now in a decidedly negative sum game.</div>

<div><br></div><div><br></div><div>Cryptography is not about defending secr=
ets, it is about enabling. Think of all the Internet commerce happening tod=
ay because of cryptography. That is what, a trillion dollars of global acti=
vity a year?</div>
<div><br></div><div>So far we have only secured the Web to create the Inter=
net equivalent of shops. We still don&#39;t have secure mail to compliment =
that.</div><div><br></div><div>I don&#39;t know how much economic value we =
can generate with the next generation of Internet crypto but I will bet it =
is in the tens or the hundreds of billions.</div>
<div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/" target=
=3D"_blank">http://hallambaker.com/</a><br>

</div></div>

--001a11c2672ada9ef804e9ecc00a--

From ned+perpass@mrochek.com  Tue Oct 29 22:52:15 2013
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FC3D11E80E6 for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 22:52:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.236
X-Spam-Level: 
X-Spam-Status: No, score=-2.236 tagged_above=-999 required=5 tests=[AWL=0.363,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LdbHnXTqnF8j for <perpass@ietfa.amsl.com>; Tue, 29 Oct 2013 22:52:10 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id E8EF811E80F2 for <perpass@ietf.org>; Tue, 29 Oct 2013 22:52:09 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P068B4Y2K0007XUW@mauve.mrochek.com> for perpass@ietf.org; Tue, 29 Oct 2013 22:47:08 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=iso-8859-1
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P05YY14WFK006QQB@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Tue, 29 Oct 2013 22:47:03 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01P068B3E8O6006QQB@mauve.mrochek.com>
Date: Tue, 29 Oct 2013 22:44:10 -0700 (PDT)
In-reply-to: "Your message dated Sat, 26 Oct 2013 18:32:26 +0200" <526BEE9A.10505@cisco.com>
References: <CA+9kkMAq5ERGVniR8VwHc1dv3=mD38ZfoCriOPtFK+=2PD_2Fg@mail.gmail.com> <52644423.1090800@cs.tcd.ie> <076e01ceceef$93ad3230$bb079690$@huitema.net> <01P016UZ4CJS00004R@mauve.mrochek.com> <526BEE9A.10505@cisco.com>
To: Eliot Lear <lear@cisco.com>
Cc: ned+perpass@mrochek.com, 'Ted Hardie' <ted.ietf@gmail.com>, Christian Huitema <huitema@huitema.net>, perpass@ietf.org, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] Some personal thoughts on the impact	of	pervasive	monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 05:52:15 -0000

> Hi Ned,

> On 10/26/13 4:48 PM, ned+perpass@mrochek.com wrote:
> >> Networking standards are promoted by consensus and by network effects. In
> >> the absence of some forcing function, "fallback to clear text" gets promoted
> >> by network effects, because it is de facto forced by the sites that don't
> >> bother deploying the more secure options. The best way to break that is to
> >> provide "air cover" for security, e.g. a text in the protocol description
> >> RFC that says "nodes requiring a modicum of security SHOULD refuse to use
> >> clear text connections."  That would effectively turn the tables.
> > Exactly! The only thing I would add is that "cover" should include a
> > clear presentation of the tradeoffs and consequences.
> >
> > Unfortunately this is surprisingly hard to do well. It's much easier to start
> > throwing MUSTs around.
> >
> > This also is effectively what happened in the IMAP case: Large sites like gmail
> > and Apple only deployed imaps, with the result that a fully standards-compliant
> > client actually won't work with their service!

> And maybe that's a good thing, by the way.

Getting the right outcome is definitely a good thing. But let's not pretend
that luck wasn't a big factor.

> But my main point is that
> the IAB is reviewing this exact topic at a workshop that will take place
> in December on Internet Tecnology Adoption and Transition.

Question: Has anyone been invited that has designed or directly overseen large
server deployments of any sort? It might be instructive to hear from someone
like that.

>  It's not the
> first time it's been considered, mind you.  See RFC 5218 by Dave Thaler
> and Bernard Aboba.

Yep.

				Ned

From rutkowski.tony@gmail.com  Wed Oct 30 04:48:09 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9869011E8115 for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 04:48:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.577
X-Spam-Level: 
X-Spam-Status: No, score=-2.577 tagged_above=-999 required=5 tests=[AWL=0.022,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id evWSMjYilz7X for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 04:48:09 -0700 (PDT)
Received: from mail-qe0-x229.google.com (mail-qe0-x229.google.com [IPv6:2607:f8b0:400d:c02::229]) by ietfa.amsl.com (Postfix) with ESMTP id 0A93B21F9A45 for <perpass@ietf.org>; Wed, 30 Oct 2013 04:48:08 -0700 (PDT)
Received: by mail-qe0-f41.google.com with SMTP id x7so733378qeu.28 for <perpass@ietf.org>; Wed, 30 Oct 2013 04:48:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=mERgKgxVupNkVB0W5EgmWE1Q0yDs+8VSbHYuSfk+AIA=; b=RAdw1I3sPIKPR5JBdF97oxVxvG+MN1BF9wZYQ8yufrzP4vXOodqroJBHa2SQjfuDfO igAz2Qio5FAiBjRSZ1CRxuPJTU0tg62BtIlUhq5leyqJf1NIfYIqUZStdjI8bbbOPx2S Q9rhjTm8RRmL+PzBQnAvqLyZ6nWTfzoGPMU0z2ZEw1XroAP3tfuoQ8NIgrhYNV0RAGzR kEeQNvkNsP0zlhKNBAsWA83nLM8RvVGCh38Az1IO0MC5RUFZRVCxyCRVBctUPWaok7k9 DbTSs5nGDURtEvqzQ6msQscUsr4Z7qPG1XuzA7X0kNSNqHojqm6d3xJ+LTOuLIs1eb2r hCpw==
X-Received: by 10.49.4.199 with SMTP id m7mr5791993qem.19.1383133688537; Wed, 30 Oct 2013 04:48:08 -0700 (PDT)
Received: from [192.168.0.4] (pool-71-171-119-184.clppva.fios.verizon.net. [71.171.119.184]) by mx.google.com with ESMTPSA id d7sm76173561qas.10.2013.10.30.04.48.07 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 30 Oct 2013 04:48:07 -0700 (PDT)
Message-ID: <5270F1F6.4050106@gmail.com>
Date: Wed, 30 Oct 2013 07:48:06 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Richard Shockey <richard@shockey.us>
References: <13102810494583_8A24@oregon.uoregon.edu>	<01P04ABSOR0E00004R@mauve.mrochek.com> <01e901ced4ef$f3615e80$da241b80$@shockey.us>
In-Reply-To: <01e901ced4ef$f3615e80$da241b80$@shockey.us>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 11:48:09 -0000

Hi Rich,

One gets the feeling that there are a fair number
of people here who are basically humorless and
probably don't watch VEEP! C'est la vie.

One saving grace is that the folks here who are
attempting to make life more difficult for those
doing commercial and government analysis are
basically cataloging techniques for which counter
measures can be taken.  So in that sense, this
other wise offensive list that serves the IETF
poorly, does have value.

--tony

On 10/29/2013 5:43 PM, Richard Shockey wrote:
> I totally agree with this statement. " I think there are small technical
> changes around the edges that can help, but I really see the solutions for
> the metadata problem as more political and social than technical.
> Concentrating on making encryption really, really easy to use would go a lot
> further at this time than messing with deep changes, because people are not
> even using what is already available."
>
> Though I would not have used Tony's precise language on a public mail.  I'm
> afraid I agree with the underlying sentiment.
>


From richard@shockey.us  Wed Oct 30 08:36:16 2013
Return-Path: <richard@shockey.us>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ABEA21E8114 for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 08:36:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.265
X-Spam-Level: 
X-Spam-Status: No, score=-102.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Er8xRycqVb9m for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 08:36:12 -0700 (PDT)
Received: from outbound-ss-808.bluehost.com (outbound-ss-808.bluehost.com [69.89.23.162]) by ietfa.amsl.com (Postfix) with SMTP id 2460221E80FC for <perpass@ietf.org>; Wed, 30 Oct 2013 08:36:12 -0700 (PDT)
Received: (qmail 25377 invoked by uid 0); 30 Oct 2013 15:36:03 -0000
Received: from unknown (HELO box462.bluehost.com) (74.220.219.62) by oproxy18-pub.mail.unifiedlayer.com with SMTP; 30 Oct 2013 15:36:03 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default;  h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:Cc:To:From; bh=v98Ucd0cj8pJfdgUxJ4k0jgGxc4XsEZFFVBDqYhzflc=;  b=BqHWLYbkxyG4y59xHoFTwMLyPDodoQC5qaftZH7curxSnvV4hwk6DsDID3ZDhuykOFpWr41JcEyk4PEt5BScU3KXIiXkMWy4LfgZVeeR2Ed7CrosUE59hB83urrSe4PE;
Received: from [173.79.179.104] (port=50520 helo=RSHOCKEYPC) by box462.bluehost.com with esmtpa (Exim 4.80) (envelope-from <richard@shockey.us>) id 1VbXoQ-00073D-FO; Wed, 30 Oct 2013 09:36:02 -0600
From: "Richard Shockey" <richard@shockey.us>
To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>
References: <13102810494583_8A24@oregon.uoregon.edu> <01P04ABSOR0E00004R@mauve.mrochek.com> <01e901ced4ef$f3615e80$da241b80$@shockey.us> <52703B74.4090409@cs.tcd.ie>
In-Reply-To: <52703B74.4090409@cs.tcd.ie>
Date: Wed, 30 Oct 2013 11:36:00 -0400
Message-ID: <00f801ced585$bd7d3870$3877a950$@shockey.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJbINlGk4dbslrbCasP2HTDqkp5+gE2ialiAjmwDX8BtGlG1JjKnMWw
Content-Language: en-us
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 173.79.179.104 authed with richard@shockey.us}
Cc: perpass@ietf.org
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 15:36:16 -0000

-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] 
Sent: Tuesday, October 29, 2013 6:49 PM
To: Richard Shockey
Cc: perpass@ietf.org
Subject: Re: [perpass] Traffic analysis


Hi Rich,

On 10/29/2013 09:43 PM, Richard Shockey wrote:
> 
> Ned makes a number of excellent points here and the real elephant in 
> the room is under what terms and conditions is the ongoing collection 
> of metadata about IP communications in any form actually needed and in 
> fact absolutely necessary.

To the extent I can parse that, it seems like blatant assertion.

> There are perfectly good reasons to collect this stuff.   Though the
ongoing
> concern of this list is clearly the Snowden revelations some of us 
> actually want that data to prevent and investigate real and legitimate 
> fraud and abuse within the communications systems, optimize network
transport etc.

Countering fraud is a real requirement, agreed. I don't accept that that
implies a requirement that pervasive monitoring be possible. But there are
trade-offs and we do need to consider those carefully.

[RS> ] Of course, then please define what you mean by pervasive monitoring.
Is it just monitoring by nation state actors or are you including British
Telecom, ATT, Google, Yahoo and Amazon etal  into the mix. 

Optimising transport seems bogus though - can you provide a reference or
argument as to why you'd need to pervasively monitor in a privacy unfriendly
way to do that?
[RS> ] 
[RS> ] That is simple traffic engineering. This is friendly pervasive
monitoring. Any reasonable network operator wants to know where its IP
traffic is coming from and where it is going. That provides the essential
data to optimize Layer 1 links and all sorts of other stuff not to mention
the negotiation of transit peering agreements.  If I can see from the IP
packets an asynchronous volume of traffic coming from one particular AS then
my peering coordinator will have a friendly chat with their counterpart.
This has reared its ugly head is several well-known incidents specifically
involving CDN. The well-known one is the US Comcast vs Level 3 dispute
instantly comes to mind. 

The difference between pervasive surveillance and traffic management is ONE
Octet.   Deep Packet Inspection is a fact of life. How you plan or ridding
the planet of that petulance is beyond my feeble brain.  

> First if you take a little stroll over to the IETF STIR problem 
> statement you will see that fraudulent voice communications is becoming a
huge problem
> for National Regulators and Law Enforcement.   In the US the failure of
> Rural Calls to certain areas now requires the US carriers to maintain ever
> larger CDR records in order to preserve the integrity of the PSTN itself.


I think STIR is a red herring here. Adding STIR doesn't really affect
pervasive monitoring since the overwhelming majority of calls already use
valid phone numbers so STIR doesn't really add to the ability to pervasively
monitor.

[RS> ] So long as the majority of traffic is still TDM/SS7 based but we are
rapidly moving down a path that will no longer be the case which is why the
STIR problem statement is actually very important and very relevant to this
discussion.   I want to know who is trying to contact me and from where. 

Now if we had a mechanism that added a useful signature whilst disguising
the caller identity, that might be interesting. 

[RS> ]  I still want to track and trace the traffic.  I'd want to see what
your suggestion looks like but annominity can be used as a shield for
something more nefarious.  My running assumption here is the "The needs of
many ( to be left alone) outweigh the needs of the few."  There are actually
moral dilemmas here that have to be considered in the larger context.  

Or one that used a public key previously used to verify a signature to
encrypt call setup. And STIR does offer longer term possibilities for both
of those.
[RS> ] 
[RS> ] Agreed. 

So I don't see STIR as being "for" or "against" pervasive monitoring.
Same as for any authentication mechanism.

But yes, there are privacy issues related to STIR that do need to be
considered.

[RS> ] Who's privacy? The calling party or the called party.   This is my
point. Enabling privacy for one may violate the privacy of the other. Now we
are really blasting past Layer 8-10 Economic Political and Religious into
Layer 11 Philosophy.   I'm totally incompetent to make judgments on that
Layer.  

> http://www.fcc.gov/document/fcc-acts-combat-call-completion-problems-r
> ural-a
> merica
> 
> Consumers are totally outraged by the violations of THEIR PRIVACY... 
> the right to be left alone... by malicious Robo Callers who ignore the
various
> Laws about Do Not Call lists etc.   E-Mail spam has not gone away by any
> account but the need for logs and records to attempt to track criminal 
> activity is still required.  We want to hunt these people down and 
> shut down their operations.

Yes, helping folks block robo-calls is a good. I don't think STIR is meant
to actually define how to hunt anyone down though:-)

[RS> ] You might think that.. I couldn't possibly comment.  But it is a
valuable tool to validate trusted traffic from SIP UA to UA. So how do I
hunt down robo callers? I have the drones fueled and ready. My point is we
still need track and trace for perfectly valid reasons any consumer or
enterprise can understand.  STIR as you well know is no "silver bullet" it's
a tool. One of many. The problem is well understood.  I'll post to STIR
later further comments on other ideas such as Enhanced CNAM etc.  People who
really want to communicate to someone they have no prior relationship with
should have the tools available to fully identify themselves.   That is a
good thing.  We can do productive work there. 

I'm also not at all sure that logging all the ham is required to help track
spammers.

[RS> ] Ask the people who have been defrauded.  There are really two sides
to this which is my larger point.  


> The issue is appropriate safeguards on those records and there is 
> essentially nothing the IETF can do about that.
> 
> It is useful to talk about strengthening key length and understanding 
> to underlying archectural reasons no one really wants to deploy secure 
> communications.
> 
> I totally agree with this statement. " I think there are small 
> technical changes around the edges that can help, but I really see the 
> solutions for the metadata problem as more political and social than
technical.

There is a political angle sure. And that's not an IETF concern since the
politics seem to be very different in different places.
Basically, the same logic as is set out in RFC 2804 applies to that I think.

RS>  2804 was a very appropriate statement but there is a underlying thread
here that is running counter to those principals.  

However, I very much disagree that this is *only* political. If whoever is
your favorite authority can pervasively monitor everyone then so can others
that you don't like so much. And that's true for all values of "authority",
at least in principle and quite likely in practice, at least at some scale.
And if we can have such bad actors, there's no reason why they need to be
nation states at all.
Plain old criminals can play this game and will. I believe we do have good
technical reasons for wanting to counter pervasive monitoring.

Having said all that, yes, I do agree that doing more than making the crypto
stuff easier/better is hard. Doesn't mean we shouldn't try though, if we
really want to do better on privacy.

RS> Then you need to define who's privacy you want to defend. 

Regards,
S.

> Concentrating on making encryption really, really easy to use would go 
> a lot further at this time than messing with deep changes, because 
> people are not even using what is already available."
> 
> Though I would not have used Tony's precise language on a public mail.
I'm
> afraid I agree with the underlying sentiment.   
> 
> There are more than one joke running around Washington DC about 
> actually wanting the NSA to keep the CDR records if they would 
> actually use them to stop robo calls and call spoofing.
> 
> 
> 
> -----Original Message-----
> From: perpass-bounces@ietf.org [mailto:perpass-bounces@ietf.org] On 
> Behalf Of ned+perpass@mrochek.com
> Sent: Monday, October 28, 2013 2:30 PM
> To: Joe St Sauver
> Cc: perpass@ietf.org; huitema@huitema.net; stephen.farrell@cs.tcd.ie
> Subject: Re: [perpass] Traffic analysis
> 
>> Hi,
> 
>> Stephen Farrell <stephen.farrell@cs.tcd.ie>:
> 
>> #Not quite sure, but I think we might get some benefit at the #moment 
>> from considering how specific fields in real protocols #undermine 
>> privacy (e.g. as Christian's draft does with the #Received header 
>> fields in mail messages) even if/when TLS or #other existing security 
>> mechanisms are properly used.
> 
>> My concern is that many traffic analytic approaches tend to be 
>> exceedingly robust to "protocol improvements." Protocol tweaks may 
>> accomplish little when it comes to practically improving privacy if 
>> the underlying protocol's architecture and operational practice goes 
>> unchanged.
> 
>> For example, when it comes to email, shouldn't section 6 of 
>> http://huitema.net/papers/draft-huitema-perpass-analthreat-00.txt
>> basically say, "if you want to avoid traffic analytic approaches in 
>> the case of email, deploy and use Mixmaster anonymous remailers"?
>> (
>> https://en.wikipedia.org/wiki/Anonymous_remailers#Untraceable_remaile
>> r
>> s )
> 
> And good luck with that, at least on any kind of scale.
> 
> But your underlying point is very well taken: The section on email in 
> this draft focuses on irrelevancies and fails to take note of the real
issues.
> 
> I hate to sound like a broken record, but folks really need to have 
> some familiarity with present-day email as it is actually deployed 
> before making these sorts of asssessments.
> 
> Again, present day email usage is increasingly concentrated to a 
> fairly small number of large ISPs and MSPs. (Small ISPs and enterprise 
> setups are shifting to using cloud services, and while the Snowden 
> revelations may have slowed this trend, they haven't stopped it.)
> 
> In regards to traffic analysis, this is in some ways a good thing. If 
> the connections from user clients to the ISP/MSP servers are secured 
> at the transport layer - and I have demonstrated that a lot of them 
> are - then we gain a lot by securing the streams between the large 
> providers at the transport level.
> 
> But the elephant in the corner is logging. Service providers maintain 
> very extensive logs of email traffic, if for no other reason than as a 
> support tool. These logs provide every possible detail needed for traffic
analysis.
> 
> Of course one of the earliest Snowden revelations was that the NSA is 
> collecting these logs from US providers on a massive scale. And 
> hopefully everyone is aware of Smith v. Maryland, which essentialls 
> says that metadata is not constitutionally protected.
> 
> But before Eupopeans and others get all smug about this, speaking as 
> someone who has seen quite a few RFPs for mail systems, the only 
> substantive difference I see between the US and elsewhere is the US 
> approaches this in a less organized and systematic way and generally 
> has fewer auditing and data protection requirements. The data is still 
> being collected, and most likely shareed.
> 
> And as for practical and deployable measures that can be undertaken to 
> address this, I'm at something of a loss to suggest anything. Shifting 
> back to a more decentralized model sounds nice, but seems a bit 
> outside the purview of a standards process to try and make that happen.
> 
> And even if it a completely decentralized model was practical, in a 
> peer-to-peer world the metadata that would accrue from watching the 
> connections themselves would be a fair substitute.
> 
> As for mixed models, look at what happened to Lavabit.
> 
>> And if we *are* talking about that sort of approach, then I think 
>> inevitably we also need to talk about how we simultaneously manage to 
>> allow *wanted* private traffic while simultaneously preventing or 
>> managing *unwanted traffic* (e.g., spam).
> 
> Yep. It's a daunting problem. And it is far from the only one.
> 
>> An awful lot of current anti-spam technology depends upon either 
>> reputation (which is obviously not present in the case of 
>> anonymous/non-attributable traffic), or content analysis (which is 
>> also obviously problematic, at least if we presume use of end-to-end 
>> encryption (at least until the content is decrypted on the end-user's 
>> device)).
> 
> You basically have to push the content checks to the client. This has 
> not proven to be a terrific solution in practice.
> 
>> I also think that if you're serious about email privacy, you really 
>> can't keep the discussion just at the level of sanitizing headers. 
>> You need to get into the format of the content that's allowed as 
>> well. For example, it's well known that non-plain text email content 
>> (e.g., HTML-formatted email) is potentially a serious threat to 
>> privacy due to potential use of things like tracking gifs included in 
>> HTML-formatted email.
> 
> I think we can do a lot to make it harder to snoop on email content, 
> although ironically what we're likely to be able to accomplish under 
> the "prism-proof"
> rubric is unlikely to much of anything about the data collection the 
> actual Prism program performs.
> 
> But traffic analysis... unless the fact that those logs are likely to 
> only be accessible to state entities offers some consolation, I don't 
> think there's going to be much happiness here.
> 
> 				Ned
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
> 
> 


From lear@cisco.com  Wed Oct 30 09:16:14 2013
Return-Path: <lear@cisco.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA78921E80B6 for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 09:16:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.466
X-Spam-Level: 
X-Spam-Status: No, score=-110.466 tagged_above=-999 required=5 tests=[AWL=0.132, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8vWqoErqGGo for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 09:16:00 -0700 (PDT)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id 7B3AC11E8269 for <perpass@ietf.org>; Wed, 30 Oct 2013 09:15:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5732; q=dns/txt; s=iport; t=1383149719; x=1384359319; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=uaFnB0ctp9tm/cE+l0FpGON5M1cXMcWknywj9InI9yw=; b=Q4aI8TKsTpSYksZkFobPMGOFm5k13eNgL6V+PhcZFFODibHQ0SF9zSWt y7RrjNvsb5tUuqwY+aR1UqTVLAGVTWlH9GtRpc9iRmkHcsB8uvuBBKR9K HC+mJc/qAdvg9Fw97gcV5aVw7B+t8IY6hmiaOvB/q+cef3FF2RqpbwzEi Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgYFAKYvcVKQ/khL/2dsb2JhbABZDoJ5OINnhV22FEuBJxZ0giUBAQEEI1UBEAsYCRYLAgIJAwIBAgErGgYBDAEFAgEBBRGHbQ2oH5JZjhaBOQeCaoFCA4VTkjeBL5BagmdAO4E1
X-IronPort-AV: E=Sophos;i="4.93,602,1378857600"; d="scan'208,217";a="87780101"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-2.cisco.com with ESMTP; 30 Oct 2013 16:15:16 +0000
Received: from mctiny.local ([10.61.171.124]) by ams-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r9UGFA2O013602 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 30 Oct 2013 16:15:12 GMT
Message-ID: <5271308E.7040701@cisco.com>
Date: Wed, 30 Oct 2013 17:15:10 +0100
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: ned+perpass@mrochek.com, Joe St Sauver <joe@oregon.uoregon.edu>
References: <13102810494583_8A24@oregon.uoregon.edu> <01P04ABSOR0E00004R@mauve.mrochek.com>
In-Reply-To: <01P04ABSOR0E00004R@mauve.mrochek.com>
X-Enigmail-Version: 1.6
Content-Type: multipart/alternative; boundary="------------040202070208070303080408"
Cc: perpass@ietf.org, huitema@huitema.net, stephen.farrell@cs.tcd.ie
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 16:16:14 -0000

This is a multi-part message in MIME format.
--------------040202070208070303080408
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On this point, it's my turn to sound like a broken record:

On 10/28/13 7:30 PM, ned+perpass@mrochek.com wrote:
> And even if it a completely decentralized model was practical, in a
> peer-to-peer world the metadata that would accrue from watching the
> connections themselves would be a fair substitute.

This is another really important point.  I'm sure many of us had the
first reaction that all this stuff should be decentralized, which of
course leads to "let's all get to IPv6".  To the extent that consumers
are able to have a choice about this, it's quite possible that a
decentralized model using our existing protocol suite could *harm*
privacy as Ned mentioned above.  Beyond that, one has to ponder what
externalities are introduced by having yet more consumer code accessible
to the great wild world.  Ironically, this Saturday, November 2nd, will
be the 25th anniversary of the Morris Worm.[1] <#1>  The world has
improved since that time.  A few things to highlight along these lines. 
One of my favorite studies to cite is that of Stephan Frei who looked at
update rates and compared business models.[2] <#2>  It seems that now
even WordPress is doing this[3] <#3>, but we are certainly not there yet
with certain systems.  I'm thinking of code used in SCADA systems and
automobiles in particular.  There are sometimes tradeoffs between
privacy and cybersecurity.  Many are specifically*not* protocol
tradeoffs, but operational tradeoffs.  Aggregation of services probably
is a good thing for cybersecurity – that's probably a worthy research
topic, by the way.

There is plenty of room for investigation and review of all of this, but
coming back to Paul's earlier warning[4] <#4> that he forwarded, let's
be thorough before jumping to recommendations for broad IETF changes. 
And let's please understand what tradeoffs there are.

Eliot

[1] http://en.wikipedia.org/wiki/Morris_worm
[2] http://www.techzoom.net/publications/silent-updates/index.en
[3] http://wordpress.org/news/2013/10/basie/
[4] http://www.ietf.org/mail-archive/web/perpass/current/msg00654.html

--------------040202070208070303080408
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    On this point, it's my turn to sound like a broken record:<br>
    <br>
    <div class="moz-cite-prefix">On 10/28/13 7:30 PM,
      <a class="moz-txt-link-abbreviated" href="mailto:ned+perpass@mrochek.com">ned+perpass@mrochek.com</a> wrote:<br>
    </div>
    <blockquote cite="mid:01P04ABSOR0E00004R@mauve.mrochek.com"
      type="cite">
      And even if it a completely decentralized model was practical, in
      a
      peer-to-peer world the metadata that would accrue from watching
      the connections
      themselves would be a fair substitute.<br>
    </blockquote>
    <br>
    This is another really important point.  I'm sure many of us had the
    first reaction that all this stuff should be decentralized, which of
    course leads to "let's all get to IPv6".  To the extent that
    consumers are able to have a choice about this, it's quite possible
    that a decentralized model using our existing protocol suite could <b>harm</b>
    privacy as Ned mentioned above.  Beyond that, one has to ponder what
    externalities are introduced by having yet more consumer code
    accessible to the great wild world.  Ironically, this Saturday,
    November 2nd, will be the 25th anniversary of the Morris Worm.<a
      href="#1">[1]</a>  The world has improved since that time.  A few
    things to highlight along these lines.  One of my favorite studies
    to cite is that of Stephan Frei who looked at update rates and
    compared business models.<a href="#2">[2]</a>  It seems that now
    even WordPress is doing this<a href="#3">[3]</a>, but we are
    certainly not there yet with certain systems.  I'm thinking of code
    used in SCADA systems and automobiles in particular.  There are
    sometimes tradeoffs between privacy and cybersecurity.  Many are
    specifically<b> not</b> protocol tradeoffs, but operational
    tradeoffs.  Aggregation of services probably is a good thing for
    cybersecurity – that's probably a worthy research topic, by the way.<br>
    <br>
    There is plenty of room for investigation and review of all of this,
    but coming back to Paul's earlier warning<a href="#4">[4]</a> that
    he forwarded, let's be thorough before jumping to recommendations
    for broad IETF changes.  And let's please understand what tradeoffs
    there are.<br>
    <br>
    Eliot<br>
    <br>
    <a name="1"></a>[1] <a class="moz-txt-link-freetext" href="http://en.wikipedia.org/wiki/Morris_worm">http://en.wikipedia.org/wiki/Morris_worm</a><br>
    <a name="2"></a>[2]
    <a class="moz-txt-link-freetext" href="http://www.techzoom.net/publications/silent-updates/index.en">http://www.techzoom.net/publications/silent-updates/index.en</a><br>
    <a name="3"></a>[3] <a class="moz-txt-link-freetext" href="http://wordpress.org/news/2013/10/basie/">http://wordpress.org/news/2013/10/basie/</a><br>
    <a name="4"></a>[4]
    <a class="moz-txt-link-freetext" href="http://www.ietf.org/mail-archive/web/perpass/current/msg00654.html">http://www.ietf.org/mail-archive/web/perpass/current/msg00654.html</a><br>
  </body>
</html>

--------------040202070208070303080408--

From joe@oregon.uoregon.edu  Wed Oct 30 10:29:31 2013
Return-Path: <joe@oregon.uoregon.edu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA04621E8141 for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 10:29:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.227
X-Spam-Level: 
X-Spam-Status: No, score=-5.227 tagged_above=-999 required=5 tests=[AWL=1.372,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vmJol9zHBN2D for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 10:29:21 -0700 (PDT)
Received: from grey.uoregon.edu (grey.uoregon.edu [128.223.214.89]) by ietfa.amsl.com (Postfix) with SMTP id 27BE121E814C for <perpass@ietf.org>; Wed, 30 Oct 2013 10:29:08 -0700 (PDT)
Date: Wed, 30 Oct 2013 09:52:35 -0700 (PDT)
Message-Id: <13103009523547_8A24@oregon.uoregon.edu>
From: "Joe St Sauver" <joe@oregon.uoregon.edu>
To: lear@cisco.com
X-VMS-To: SMTP%"lear@cisco.com"
X-VMS-Cc: SMTP%"perpass@ietf.org"
Cc: perpass@ietf.org
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 17:29:31 -0000

Hi,

Eliot Lear commented:

#I'm sure many of us had the first reaction that all this stuff should 
#be decentralized, which of course leads to "let's all get to IPv6".  
#To the extent that consumers are able to have a choice about this, 
#it's quite possible that a decentralized model using our existing 
#protocol suite could *harm* privacy as Ned mentioned above.  Beyond 
#that, one has to ponder what externalities are introduced by having 
#yet more consumer code accessible to the great wild world.  

I. From my POV, IPv6 has the potential to either help OR harm privacy,
depending on the addressing model employed.

On the one hand, IPv6 privacy addresses, at least if used in a 
relatively densely populated and actively used IPv6 /64, has the
potential to make it harder to persistently track individual users.
(If you're one of just a handful of IPv6 users in a given /64, or 
the *only* IPv6 user in a given /64, privacy addresses are less 
helpful when it comes to making tracking difficult). 

Many sites deploying IPv6 may routinely deprecate or discourage use 
of IPv6 privacy addresses, however. 

-- If SLAAC is being used, instead, and a modified EUI-64 address is 
embedded in the IPv6 address, I would assert that privacy is *worse*
than the IPv4 case, since that embedded MAC address allows persistent 
per-device (and in the case of dedicated end-points, per-user) tracking.

-- If DHCPv6 is being used, I would assert that it has privacy 
properties essentially *equivalent* to IPv4 addresses assigned via 
DHCP (e.g., the address assigning entity can typically map the user's 
assigned address to a given entity, whether that's an ethernet jack
in an assigned office or an authenticated wireless identity, etc.)

So depending on the addressing model, you may see equivalent privacy,
better privacy, or worse privacy from using IPv6.

II. I'd also note, addressing aside, that IPv6 application traffic may 
be more likely than IPv4 traffic to end up getting forced through 
intentionally introduced control points. 

That is, coming back to mail, I wouldn't expect most ISP mail servers,
even if they were enabled to accept IPv6 traffic (and make no mistake,
most aren't), to accept mail traffic from random IPv6 end points. 

In most cases, if you want SMTP traffic over IPv6 to be accepted by 
major providers, it will need to be relayed via a mail server that has 
been specially configured for that role. (Terry Zink has done some nice 
work in this area, see for example
http://blogs.msdn.com/b/tzink/archive/2013/09/11/supporting-email-over-ipv6-part-1-an-introduction.aspx )

Of course, any time you have a control point, that control point exists in
part to "process" traffic -- hopefully handling things like filtering 
unwanted spam and malware, but we cannot discount the possibility that 
national authorities may also leverage that choke point for monitoring 
purposes.

Eliot also commented:

#One of my favorite studies to cite is that of Stephan Frei who looked at
#update rates and compared business models. [snip] I'm thinking of code 
#used in SCADA systems and automobiles in particular. 

Almost ten years ago now, I was invited to do a talk about SCADA security
and critical infrastructure for the local Infragard chapter. While that's
an old talk, sadly all too little has changed since then. If you want to
eyeball it, see http://pages.uoregon.edu/joe/scadaig/infraguard-scada.pdf

On slide 41, I noted that plants and the instrumentation they use tend
to have long life cycles -- ten, fifteen or even twenty year projects in
many cases. What gets installed at the birth of that project may still
be in use a decade or more later. (And of course, that can be the
equivalent of having a "Model T" on I-95)

On slide 43, I noted that many remote devices tend to be hard or impossible
to upgrade. Code may be burned in a ROM, and upgrading code may involve
replacing ROMs. Devices may be physically sealed and non-upgradeable. Or
devices may be located in hard-to-reach locations (top of a smokestack,
perhaps) or the vendor that produced the device may no longer be in business.
Upgrades may simply be rare or non-existent.

You get the idea. My point is that patching cycles that are routinely 
expected and accepted in the enterprise space may be completely impractical
in the control system space.

Of course, the historical excuse for tolerating this was, "Oh, but these 
devices will be run over a dedicated network airgapped from the Internet," 
but naturally, over time, things like Bob Radvanovsky's "Project SHINE" have
empirically illustrated that theory and practice diverged somewhere along
the line. (For a recent article on Project SHINE, see for example
http://www.darkreading.com/vulnerability/project-shine-illuminates-sad-state-of-s/240162739 )

Regards,

Joe

From lear@cisco.com  Wed Oct 30 10:57:30 2013
Return-Path: <lear@cisco.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05ACF11E8291 for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 10:57:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.493
X-Spam-Level: 
X-Spam-Status: No, score=-110.493 tagged_above=-999 required=5 tests=[AWL=0.106, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iUym5u4fdr0J for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 10:57:24 -0700 (PDT)
Received: from ams-iport-3.cisco.com (ams-iport-3.cisco.com [144.254.224.146]) by ietfa.amsl.com (Postfix) with ESMTP id C231121E8131 for <perpass@ietf.org>; Wed, 30 Oct 2013 10:56:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=516; q=dns/txt; s=iport; t=1383155774; x=1384365374; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=svinMVOuPNu7zuv8MQKG8oAV6LLiFn+86Ww1NsXThoY=; b=O55X6Gc6CzgKk6URPV3OKr7HdLuQm6XDnagsVn+rmH9AMP0V98dO31tp iw9No2663LdWHDrk3zEAzFsYivJLYRj3p32TAuJ8B3SbPzwphZ48tFfLR wqXn3lNg1OKVnT6JvItvgdM62VMHxeUd4RBsA0cwpQfLIH5YIinMbNHyD Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgMFAIlHcVKQ/khL/2dsb2JhbABZDoJ5hB+8QIEnFnSCJQEBAQQjVQEQCxgCAgUWCwICCQMCAQIBKxoGDQEHAQGIA6gVklmBKY4mB4JqgUIDmAqSCYJnQDs
X-IronPort-AV: E=Sophos;i="4.93,602,1378857600"; d="scan'208";a="18658000"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-3.cisco.com with ESMTP; 30 Oct 2013 17:55:56 +0000
Received: from mctiny.local ([10.61.171.124]) by ams-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r9UHtpt0009936 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 30 Oct 2013 17:55:53 GMT
Message-ID: <52714827.9050805@cisco.com>
Date: Wed, 30 Oct 2013 18:55:51 +0100
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Joe St Sauver <joe@oregon.uoregon.edu>
References: <13103009523547_8A24@oregon.uoregon.edu>
In-Reply-To: <13103009523547_8A24@oregon.uoregon.edu>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 17:57:30 -0000

Hi Joe,

On 10/30/13 5:52 PM, Joe St Sauver wrote:
> Of course, any time you have a control point, that control point exists in
> part to "process" traffic -- hopefully handling things like filtering 
> unwanted spam and malware, but we cannot discount the possibility that 
> national authorities may also leverage that choke point for monitoring 
> purposes.

That's an important point.  And so when a service offers a
spamfree/malware-free environment with few bugs, it still comes at a cost.

Eliot

From nvidya@google.com  Wed Oct 30 11:09:42 2013
Return-Path: <nvidya@google.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E9CA11E828A for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 11:09:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level: 
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eRjUQPmAjAdN for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 11:09:41 -0700 (PDT)
Received: from mail-qa0-x229.google.com (mail-qa0-x229.google.com [IPv6:2607:f8b0:400d:c00::229]) by ietfa.amsl.com (Postfix) with ESMTP id 2BF1E21F9CED for <perpass@ietf.org>; Wed, 30 Oct 2013 11:09:17 -0700 (PDT)
Received: by mail-qa0-f41.google.com with SMTP id f11so3904361qae.7 for <perpass@ietf.org>; Wed, 30 Oct 2013 11:09:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Zwu2yYFJjezUK6FOnKYyfuggOoqi7kkJmCh7UpJ8/OA=; b=ZGwS7gs3FlYRKsvyP0/CkeC1Z5JGWsrXaq0xnHu2ZPPMlcOLkLQEqEkZJZ27hEd6Hp B7gZKK7fReIjospwuXneumsDPav2OaCJX+W20TQac2gfuIn2abqurtci/i+ZaD17fBxl ZbECSObOF0RW8E82yVSlS02LoODOneIIrJtdAYurjZsFf0N6G7Cns18uyAMhZbrJN6DN Vw4eK6vkKCqPqX2oqQO+Lq8AwAmviz9uwEH3qIqFXkPl/MlxgQwhsejQOMsnWaWZD4YE j7rVkLSlnGpTlHNcMx61dUnq2romJicxnl1+NgV6fbuWOzjrIkUD5okMcKASPgnm3BpW dFGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Zwu2yYFJjezUK6FOnKYyfuggOoqi7kkJmCh7UpJ8/OA=; b=VadynrM7jQrD+rdZ96f/X8/8iKdZ3M1mF+mm9EAnVVFfJtaX3XduLV2hmyOvMExwJA yJqowphPddv+xwOQyYesAOUyATI7ysn9cisHhGeSMvdjWbjOwL46j3Aii1p1mrnVegnn SZxUoHo4/RnZhvhT/I4U09N5i9QjrhMYOv1ZZfUunTF5kOgZXsrxpPmzXOpDmokangK1 Cjj6cBjj9spWk+M9iK5GT1Y6ctjNHBc5tb3Xlb3f+jAfaV/w3KqhT+hmFEZZbcJBcubW Tq+9Tl5iwgc0pSPTatkBrTkT2BoM3KZEXojrg8u3nnqWalDXXdynIJ7/Va3+eOfCsCG5 Zqog==
X-Gm-Message-State: ALoCoQnXhk/+i/DSdGIehYyglYCtkvCtD3kJN/KyM/+fzbqKCMMDX3TKnNMhu6fNU225mdGZlvk1eo5mlTc6LVVPYciISNF0duM65XI716iscUWHRy/b+sdkhUcBjWOHdcZWgLa6DvPaYLxsNRAlEW/gi+OWKrTGKBY7ZwrcSLKphbjqzo2zvom5HFMJtrMA3nCwmcSnpAmg
MIME-Version: 1.0
X-Received: by 10.49.25.170 with SMTP id d10mr2363715qeg.96.1383156556429; Wed, 30 Oct 2013 11:09:16 -0700 (PDT)
Received: by 10.224.44.70 with HTTP; Wed, 30 Oct 2013 11:09:16 -0700 (PDT)
In-Reply-To: <p6cv69lod3c3kdlh0v3mfjo0ic7ta2mrnc@hive.bjoern.hoehrmann.de>
References: <CAO+OM=qyRVgy6qHrmC5uv3BRCGn+f4B9setcKcm+=nhgkVd9wg@mail.gmail.com> <p6cv69lod3c3kdlh0v3mfjo0ic7ta2mrnc@hive.bjoern.hoehrmann.de>
Date: Wed, 30 Oct 2013 11:09:16 -0700
Message-ID: <CAO+OM=qEQWrJd=GS1-UUZiDGKzXCdpiqtnZVw5=SEw9oxsJK9Q@mail.gmail.com>
From: Vidya Narayanan <vn@google.com>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
Content-Type: multipart/alternative; boundary=047d7b6da1f6370c7304e9f93b15
Cc: perpass@ietf.org
Subject: Re: [perpass] Explicit proxying in HTTP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 18:09:42 -0000

--047d7b6da1f6370c7304e9f93b15
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi,
I may be missing something here, but your wording seems to suggest that the
user may not trust the server?  If so, that is definitely not the targeted
case under discussion.  The assumption here is that the client (and hence
the user) and the server trust each other, but they don't necessarily trust
all middleboxes.

If I have not understood you correctly, please let me know.

Regards,
Vidya


On Tue, Oct 29, 2013 at 6:51 AM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote=
:

> * Vidya Narayanan wrote:
> >All,
> >http://tools.ietf.org/id/draft-vidya-httpbis-explicit-proxy-ps-00.txt is
> a
> >problem statement on the need for explicit proxying in HTTP.
>
> I have a suggestion. From the document:
>
>    The use of proxies leads to a number of privacy issues.  To
>    summarize:
>
>    ...
>
>    o  The server has no knowledge of the presence of the proxy and
>       hence, cannot refuse to serve sensitive content over a proxied
>       connection.
>
>    o  The weakened security model, when certificate pinning is disabled
>       at a general level, allows inspection of content ...
>
>    ...
>
>    With privacy becoming more and more important, it is important for us
>    to support solutions that allow awareness of a privacy breach to both
>    users and the servers, when that happens.  To this effect, it is
>    important that proxies be explicitly supported and detected.
>
>    ...
>
>    o  Content providers may not wish to serve certain content in
>       anything less than an end-to-end secure fashion.
>
> How about including in the Goals section that users must be able to
> verify the behavior of untrusted user agents without interference on
> part of the server, which requires the user being able to inspect any
> content without the server knowing, possibly by use of a proxy?
>
> I also note that allowing servers to be aware when my "privacy" has
> been "breached" in all likelyhood makes that breach worse, not better.
> --
> Bj=F6rn H=F6hrmann =B7 mailto:bjoern@hoehrmann.de =B7 http://bjoern.hoehr=
mann.de
> Am Badedeich 7 =B7 Telefon: +49(0)160/4415681 =B7 http://www.bjoernsworld=
.de
> 25899 Dageb=FCll =B7 PGP Pub. KeyID: 0xA4357E78 =B7 http://www.websitedev=
.de/
>

--047d7b6da1f6370c7304e9f93b15
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi,<div>I may be missing something here, but your wording =
seems to suggest that the user may not trust the server? =A0If so, that is =
definitely not the targeted case under discussion. =A0The assumption here i=
s that the client (and hence the user) and the server trust each other, but=
 they don&#39;t necessarily trust all middleboxes.=A0</div>
<div><br></div><div>If I have not understood you correctly, please let me k=
now.=A0</div><div><br></div><div>Regards,<br>Vidya=A0</div></div><div class=
=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Tue, Oct 29, 2013 at=
 6:51 AM, Bjoern Hoehrmann <span dir=3D"ltr">&lt;<a href=3D"mailto:derhoerm=
i@gmx.net" target=3D"_blank">derhoermi@gmx.net</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">* Vidya Narayanan wrote:<b=
r>
&gt;All,<br>
&gt;<a href=3D"http://tools.ietf.org/id/draft-vidya-httpbis-explicit-proxy-=
ps-00.txt" target=3D"_blank">http://tools.ietf.org/id/draft-vidya-httpbis-e=
xplicit-proxy-ps-00.txt</a> is a<br>
&gt;problem statement on the need for explicit proxying in HTTP.<br>
<br>
</div>I have a suggestion. From the document:<br>
<br>
=A0 =A0The use of proxies leads to a number of privacy issues. =A0To<br>
=A0 =A0summarize:<br>
<br>
=A0 =A0...<br>
<br>
=A0 =A0o =A0The server has no knowledge of the presence of the proxy and<br=
>
=A0 =A0 =A0 hence, cannot refuse to serve sensitive content over a proxied<=
br>
=A0 =A0 =A0 connection.<br>
<br>
=A0 =A0o =A0The weakened security model, when certificate pinning is disabl=
ed<br>
=A0 =A0 =A0 at a general level, allows inspection of content ...<br>
<br>
=A0 =A0...<br>
<br>
=A0 =A0With privacy becoming more and more important, it is important for u=
s<br>
=A0 =A0to support solutions that allow awareness of a privacy breach to bot=
h<br>
=A0 =A0users and the servers, when that happens. =A0To this effect, it is<b=
r>
=A0 =A0important that proxies be explicitly supported and detected.<br>
<br>
=A0 =A0...<br>
<br>
=A0 =A0o =A0Content providers may not wish to serve certain content in<br>
=A0 =A0 =A0 anything less than an end-to-end secure fashion.<br>
<br>
How about including in the Goals section that users must be able to<br>
verify the behavior of untrusted user agents without interference on<br>
part of the server, which requires the user being able to inspect any<br>
content without the server knowing, possibly by use of a proxy?<br>
<br>
I also note that allowing servers to be aware when my &quot;privacy&quot; h=
as<br>
been &quot;breached&quot; in all likelyhood makes that breach worse, not be=
tter.<br>
<span class=3D"HOEnZb"><font color=3D"#888888">--<br>
Bj=F6rn H=F6hrmann =B7 mailto:<a href=3D"mailto:bjoern@hoehrmann.de">bjoern=
@hoehrmann.de</a> =B7 <a href=3D"http://bjoern.hoehrmann.de" target=3D"_bla=
nk">http://bjoern.hoehrmann.de</a><br>
Am Badedeich 7 =B7 Telefon: <a href=3D"tel:%2B49%280%29160%2F4415681" value=
=3D"+491604415681">+49(0)160/4415681</a> =B7 <a href=3D"http://www.bjoernsw=
orld.de" target=3D"_blank">http://www.bjoernsworld.de</a><br>
25899 Dageb=FCll =B7 PGP Pub. KeyID: 0xA4357E78 =B7 <a href=3D"http://www.w=
ebsitedev.de/" target=3D"_blank">http://www.websitedev.de/</a><br>
</font></span></blockquote></div><br></div>

--047d7b6da1f6370c7304e9f93b15--

From derhoermi@gmx.net  Wed Oct 30 12:40:52 2013
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5618521E813A for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 12:40:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.723
X-Spam-Level: 
X-Spam-Status: No, score=-2.723 tagged_above=-999 required=5 tests=[AWL=-0.124, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b7t09kqV0i4S for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 12:40:45 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by ietfa.amsl.com (Postfix) with ESMTP id D6A3711E8254 for <perpass@ietf.org>; Wed, 30 Oct 2013 12:40:08 -0700 (PDT)
Received: from netb.Speedport_W_700V ([91.35.15.221]) by mail.gmx.com (mrgmx101) with ESMTPA (Nemesis) id 0LuKHz-1Vlp1L0Ucx-011jQJ for <perpass@ietf.org>; Wed, 30 Oct 2013 20:40:00 +0100
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Vidya Narayanan <vn@google.com>
Date: Wed, 30 Oct 2013 20:40:02 +0100
Message-ID: <gml279d6rnvn7v2sma2r3vf17fm2g5nkm9@hive.bjoern.hoehrmann.de>
References: <CAO+OM=qyRVgy6qHrmC5uv3BRCGn+f4B9setcKcm+=nhgkVd9wg@mail.gmail.com> <p6cv69lod3c3kdlh0v3mfjo0ic7ta2mrnc@hive.bjoern.hoehrmann.de> <CAO+OM=qEQWrJd=GS1-UUZiDGKzXCdpiqtnZVw5=SEw9oxsJK9Q@mail.gmail.com>
In-Reply-To: <CAO+OM=qEQWrJd=GS1-UUZiDGKzXCdpiqtnZVw5=SEw9oxsJK9Q@mail.gmail.com>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:1x5PdpDmo0aj2n7FZXxZ9EggPkQ9B9+3fltn8/cfFyc7shwvJTo uV3/PnTpHv4gHwKcH+xHTrUnJaGXwLtdFbKdf13unG91TUut1wXvdbC7McpUq0cDPel2wE5 4ltJOYly/SVWMIvr4YQedgpzLio+Czie73o3YH6tyP6XSbMm5C0CQwQRLX7Ik0cm7gXQKBq YRNcTNDznpiwqCQo77xuw==
Cc: perpass@ietf.org
Subject: Re: [perpass] Explicit proxying in HTTP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 19:40:52 -0000

* Vidya Narayanan wrote:
>I may be missing something here, but your wording seems to suggest that the
>user may not trust the server?  If so, that is definitely not the targeted
>case under discussion.  The assumption here is that the client (and hence
>the user) and the server trust each other, but they don't necessarily trust
>all middleboxes.

You buy a smartphone. You come to suspect it may have a bug that makes
it send encrypted data over the wire it should not be sending. You con-
figure a MITM proxy and try to trigger the bug. You detect the phone
starts sending data to a server, but the server cuts the connection as
it detects the proxy.

So you cannot verify what the smartphone actually sends, you are not in
control. "Privacy" and end-to-end security require the user to be in
control, so that a server "cannot refuse to serve sensitive content over
a proxied connection" is a good thing, while you list it as a problem.
My suggestion was to include a Goal to ensure that users are in control.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

From hannes.tschofenig@gmx.net  Wed Oct 30 13:03:52 2013
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B278021F9EE0 for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 13:03:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 85knVF0l-rU8 for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 13:03:46 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ietfa.amsl.com (Postfix) with ESMTP id 667E411E8110 for <perpass@ietf.org>; Wed, 30 Oct 2013 13:03:42 -0700 (PDT)
Received: from masham-mac.home ([81.164.176.169]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0LkfdE-1WC2jh1e7w-00aYcz for <perpass@ietf.org>; Wed, 30 Oct 2013 21:03:41 +0100
Message-ID: <5271661C.6020808@gmx.net>
Date: Wed, 30 Oct 2013 21:03:40 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: Bjoern Hoehrmann <derhoermi@gmx.net>
References: <CAO+OM=qyRVgy6qHrmC5uv3BRCGn+f4B9setcKcm+=nhgkVd9wg@mail.gmail.com> <p6cv69lod3c3kdlh0v3mfjo0ic7ta2mrnc@hive.bjoern.hoehrmann.de> <CAO+OM=qEQWrJd=GS1-UUZiDGKzXCdpiqtnZVw5=SEw9oxsJK9Q@mail.gmail.com> <gml279d6rnvn7v2sma2r3vf17fm2g5nkm9@hive.bjoern.hoehrmann.de>
In-Reply-To: <gml279d6rnvn7v2sma2r3vf17fm2g5nkm9@hive.bjoern.hoehrmann.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:o2d1npNF8mzhBtY2U6RBLFAnAFMS3aJ8OHRPw4ExukQqJqjSWsK L7U6B/52bA00SpFJgJ8sgUgGuBZINs9uSHJkCtEa1kZqRbh/wmXGLfiDDySmyjn4lunQjYD onjTvBBvYAHhaUSQ8xOC9Cv42ToQ42b5npvpilnhijn5v7g5XksQqsGS61HF+EP4DSdFl7M ZuK4+J4A8TOaV5oNn+dqg==
Cc: Vidya Narayanan <vn@google.com>, perpass@ietf.org, hannes.tschofenig@gmx.net
Subject: Re: [perpass] Explicit proxying in HTTP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 20:03:52 -0000

Hi Vidya, Hi Bjoern,

the term "trust" is quite tricky. You may trust someone to do X but not 
Y. Hence, you have to say what you believe the "client" (user, I guess) 
trusts the server for.

Just think about the concept of 'secondary use'.

Ciao
Hannes


Am 30.10.13 20:40, schrieb Bjoern Hoehrmann:
> * Vidya Narayanan wrote:
>> I may be missing something here, but your wording seems to suggest that the
>> user may not trust the server?  If so, that is definitely not the targeted
>> case under discussion.  The assumption here is that the client (and hence
>> the user) and the server trust each other, but they don't necessarily trust
>> all middleboxes.
>
> You buy a smartphone. You come to suspect it may have a bug that makes
> it send encrypted data over the wire it should not be sending. You con-
> figure a MITM proxy and try to trigger the bug. You detect the phone
> starts sending data to a server, but the server cuts the connection as
> it detects the proxy.
>
> So you cannot verify what the smartphone actually sends, you are not in
> control. "Privacy" and end-to-end security require the user to be in
> control, so that a server "cannot refuse to serve sensitive content over
> a proxied connection" is a good thing, while you list it as a problem.
> My suggestion was to include a Goal to ensure that users are in control.
>


From erik.josefsson@europarl.europa.eu  Wed Oct 30 14:39:48 2013
Return-Path: <erik.josefsson@europarl.europa.eu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB6CF21F9A37 for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 14:39:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level: 
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zOiqOW5O6Zsj for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 14:39:41 -0700 (PDT)
Received: from SMTP35.europarl.europa.eu (smtp35.europarl.europa.eu [136.173.162.228]) by ietfa.amsl.com (Postfix) with ESMTP id 68FB911E827A for <perpass@ietf.org>; Wed, 30 Oct 2013 14:39:30 -0700 (PDT)
Received: from EMAILBRUSV23.ep.parl.union.eu (unverified) by SMTP35.europarl.europa.eu (European Parliament) with ESMTP id <Taf17ee4a7488ada2e41da0@SMTP35.europarl.europa.eu>;  Wed, 30 Oct 2013 22:39:29 +0100
Received: from eicibwp080.ep.parl.union.eu ([136.173.96.210]) by EMAILBRUSV23.ep.parl.union.eu with Microsoft SMTPSVC(6.0.3790.4675);  Wed, 30 Oct 2013 22:39:29 +0100
Received: from UCEXBWP021.ep.parl.union.eu ([10.127.249.55]) by eicibwp080.ep.parl.union.eu with Microsoft SMTPSVC(6.0.3790.4675);  Wed, 30 Oct 2013 22:39:28 +0100
Received: from UCEXBWP009.ep.parl.union.eu ([169.254.7.106]) by UCEXBWP021.ep.parl.union.eu ([169.254.4.231]) with mapi id 14.03.0158.001; Wed, 30 Oct 2013 22:39:27 +0100
From: JOSEFSSON Erik <erik.josefsson@europarl.europa.eu>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Bjoern Hoehrmann <derhoermi@gmx.net>
Thread-Topic: [perpass] Explicit proxying in HTTP
Thread-Index: Ac7UrhqNmyrI+Tl1S9CpnTeLXtROrwA5KjQAAAMrhAAAANNNAAAFZZVA
Date: Wed, 30 Oct 2013 21:39:26 +0000
Message-ID: <4B654B63C9A4614EA1F088B2490E8F3A027007@UCEXBWP009.ep.parl.union.eu>
References: <CAO+OM=qyRVgy6qHrmC5uv3BRCGn+f4B9setcKcm+=nhgkVd9wg@mail.gmail.com> <p6cv69lod3c3kdlh0v3mfjo0ic7ta2mrnc@hive.bjoern.hoehrmann.de> <CAO+OM=qEQWrJd=GS1-UUZiDGKzXCdpiqtnZVw5=SEw9oxsJK9Q@mail.gmail.com> <gml279d6rnvn7v2sma2r3vf17fm2g5nkm9@hive.bjoern.hoehrmann.de>, <5271661C.6020808@gmx.net>
In-Reply-To: <5271661C.6020808@gmx.net>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.127.249.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 30 Oct 2013 21:39:28.0540 (UTC) FILETIME=[82CB8DC0:01CED5B8]
Cc: Vidya Narayanan <vn@google.com>, "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] Explicit proxying in HTTP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 21:39:48 -0000

Here's a woman I trust on trust:=0A=
=0A=
http://www.ted.com/talks/onora_o_neill_what_we_don_t_understand_about_trust=
.html=0A=
=0A=
//Erik=0A=
________________________________________=0A=
From: perpass-bounces@ietf.org [perpass-bounces@ietf.org] on behalf of Hann=
es Tschofenig [hannes.tschofenig@gmx.net]=0A=
Sent: Wednesday, October 30, 2013 9:03 PM=0A=
To: Bjoern Hoehrmann=0A=
Cc: Vidya Narayanan; perpass@ietf.org; hannes.tschofenig@gmx.net=0A=
Subject: Re: [perpass] Explicit proxying in HTTP=0A=
=0A=
Hi Vidya, Hi Bjoern,=0A=
=0A=
the term "trust" is quite tricky. You may trust someone to do X but not=0A=
Y. Hence, you have to say what you believe the "client" (user, I guess)=0A=
trusts the server for.=0A=
=0A=
Just think about the concept of 'secondary use'.=0A=
=0A=
Ciao=0A=
Hannes=0A=
=0A=
=0A=
Am 30.10.13 20:40, schrieb Bjoern Hoehrmann:=0A=
> * Vidya Narayanan wrote:=0A=
>> I may be missing something here, but your wording seems to suggest that =
the=0A=
>> user may not trust the server?  If so, that is definitely not the target=
ed=0A=
>> case under discussion.  The assumption here is that the client (and henc=
e=0A=
>> the user) and the server trust each other, but they don't necessarily tr=
ust=0A=
>> all middleboxes.=0A=
>=0A=
> You buy a smartphone. You come to suspect it may have a bug that makes=0A=
> it send encrypted data over the wire it should not be sending. You con-=
=0A=
> figure a MITM proxy and try to trigger the bug. You detect the phone=0A=
> starts sending data to a server, but the server cuts the connection as=0A=
> it detects the proxy.=0A=
>=0A=
> So you cannot verify what the smartphone actually sends, you are not in=
=0A=
> control. "Privacy" and end-to-end security require the user to be in=0A=
> control, so that a server "cannot refuse to serve sensitive content over=
=0A=
> a proxied connection" is a good thing, while you list it as a problem.=0A=
> My suggestion was to include a Goal to ensure that users are in control.=
=0A=
>=0A=
=0A=
_______________________________________________=0A=
perpass mailing list=0A=
perpass@ietf.org=0A=
https://www.ietf.org/mailman/listinfo/perpass=0A=

From nvidya@google.com  Wed Oct 30 14:47:33 2013
Return-Path: <nvidya@google.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D65C11E8255 for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 14:47:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level: 
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OJ-Coy+EZ1Wf for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 14:47:32 -0700 (PDT)
Received: from mail-qc0-x232.google.com (mail-qc0-x232.google.com [IPv6:2607:f8b0:400d:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id 7643711E80F1 for <perpass@ietf.org>; Wed, 30 Oct 2013 14:47:32 -0700 (PDT)
Received: by mail-qc0-f178.google.com with SMTP id x19so1186702qcw.9 for <perpass@ietf.org>; Wed, 30 Oct 2013 14:47:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=o6uW3JNjNX3aBI7B6KkazYrgpVIxW2xytNCc/DDDv+c=; b=bvFz7qeNSvngUz9quB1lHTwCDjaw7YaMuYgxy52HssNalicFPMfGq22FyvSqWcxHse IdV/eqFui1saLVyFNWlwxXgTTFqIMKyXiynChimQprfo75gbHLS/JwfDoU9DZkwKr18E /i0Q42k+oEOc/WUZoetZlFCuEmZBaBpD3w12FAilSMvGAwgztC2fCNr2RT6hgl6DYiLZ vVHOSBB3kqAshXz8pRBXMee2Ttepq/fE89YGoQ+jBMAZMcDFpCXP4R4TxQpVRSgzhw5k DvXu8tWKsDAYmvinmreF4s+hyMkfsIwMy8lpMHDXJhg0WiWdFKuId9ixNkiqfhRyTO6j YmkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=o6uW3JNjNX3aBI7B6KkazYrgpVIxW2xytNCc/DDDv+c=; b=Ci/Xdde9XPSe9LwtseJ5y7MpFY/OHN6BrStXyknFXNvhL9Q1oUJ0v0QGQitoQlZzph mJjGV/mPnDlA0iEUHQneak7DWD3ozu4dWe/gxHRUJhh6d1TW0V+UWPDtC7tdCv2Woq62 lJ2EtZXrANBR4zLsAwuB7yhGtm5IgnmaSFnx8igv89OKpMkdcDz4ih8y0a3w8a64znK3 4kcq6cHknTHluevwiSAVNDiMKBcpeX/dZmvsG8Ea1NecCgMYMTQDET3w6VHMGeZt+ZHg 5TLGPliwH3hm+vGtmps0F8xvaSUAgM78zS7N+M7h9Ea4+k0+iJKaWMMBLFZw39eAZWhN dLrw==
X-Gm-Message-State: ALoCoQmdaNByCQAmVuLQ+Fsj9Sb08AIGHkJO2auQ3YcsqxENVlXDc4SymVc97LtwksbM4c/gJM95yH+V84OB69hOP4ihgH1MaeJPfXuVEco5DJ9cpSjENLyIaBASmvpiypsmXd9fMbZVEh++a86CeBfW4WR277iDwZqi1oPooN/3ru4elue9DlFRO//TqP2sbwG/lQc3d94+
MIME-Version: 1.0
X-Received: by 10.49.25.47 with SMTP id z15mr9586472qef.27.1383169651977; Wed, 30 Oct 2013 14:47:31 -0700 (PDT)
Received: by 10.224.44.70 with HTTP; Wed, 30 Oct 2013 14:47:31 -0700 (PDT)
In-Reply-To: <4B654B63C9A4614EA1F088B2490E8F3A027007@UCEXBWP009.ep.parl.union.eu>
References: <CAO+OM=qyRVgy6qHrmC5uv3BRCGn+f4B9setcKcm+=nhgkVd9wg@mail.gmail.com> <p6cv69lod3c3kdlh0v3mfjo0ic7ta2mrnc@hive.bjoern.hoehrmann.de> <CAO+OM=qEQWrJd=GS1-UUZiDGKzXCdpiqtnZVw5=SEw9oxsJK9Q@mail.gmail.com> <gml279d6rnvn7v2sma2r3vf17fm2g5nkm9@hive.bjoern.hoehrmann.de> <5271661C.6020808@gmx.net> <4B654B63C9A4614EA1F088B2490E8F3A027007@UCEXBWP009.ep.parl.union.eu>
Date: Wed, 30 Oct 2013 14:47:31 -0700
Message-ID: <CAO+OM=obewgwQbR=aJSgQ38LD2SPYZojWcU=AKc5HUO3yywacQ@mail.gmail.com>
From: Vidya Narayanan <vn@google.com>
To: JOSEFSSON Erik <erik.josefsson@europarl.europa.eu>
Content-Type: multipart/alternative; boundary=047d7b621b1cc53a3904e9fc4786
Cc: "perpass@ietf.org" <perpass@ietf.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Bjoern Hoehrmann <derhoermi@gmx.net>
Subject: Re: [perpass] Explicit proxying in HTTP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 21:47:33 -0000

--047d7b621b1cc53a3904e9fc4786
Content-Type: text/plain; charset=ISO-8859-1

Before we get into the broader definition of trust and all kinds of
possible threats, I'd like to make sure the scope of this document is
understood.  I apologize if that was not clear from my first email or the
draft itself.

This document covers the case where a client and server wish to exchange
traffic over a channel that is either end-to-end secure or is
point-to-point secured to an authorized middle box. The threats it
addresses are those due to unauthorized middle boxes and provides
guidelines and goals to make those detectable by the endpoints, including
the user.

It is not intended to tackle the general case of rogue servers or the
generic case of placing all privacy controls with the user.  It is not to
say that such goals aren't necessary for the Internet - just that this
document is written to explicitly handle only a subset as mentioned above.

Hope this helps.

Thanks,
Vidya


On Wed, Oct 30, 2013 at 2:39 PM, JOSEFSSON Erik <
erik.josefsson@europarl.europa.eu> wrote:

> Here's a woman I trust on trust:
>
>
> http://www.ted.com/talks/onora_o_neill_what_we_don_t_understand_about_trust.html
>
> //Erik
> ________________________________________
> From: perpass-bounces@ietf.org [perpass-bounces@ietf.org] on behalf of
> Hannes Tschofenig [hannes.tschofenig@gmx.net]
> Sent: Wednesday, October 30, 2013 9:03 PM
> To: Bjoern Hoehrmann
> Cc: Vidya Narayanan; perpass@ietf.org; hannes.tschofenig@gmx.net
> Subject: Re: [perpass] Explicit proxying in HTTP
>
> Hi Vidya, Hi Bjoern,
>
> the term "trust" is quite tricky. You may trust someone to do X but not
> Y. Hence, you have to say what you believe the "client" (user, I guess)
> trusts the server for.
>
> Just think about the concept of 'secondary use'.
>
> Ciao
> Hannes
>
>
> Am 30.10.13 20:40, schrieb Bjoern Hoehrmann:
> > * Vidya Narayanan wrote:
> >> I may be missing something here, but your wording seems to suggest that
> the
> >> user may not trust the server?  If so, that is definitely not the
> targeted
> >> case under discussion.  The assumption here is that the client (and
> hence
> >> the user) and the server trust each other, but they don't necessarily
> trust
> >> all middleboxes.
> >
> > You buy a smartphone. You come to suspect it may have a bug that makes
> > it send encrypted data over the wire it should not be sending. You con-
> > figure a MITM proxy and try to trigger the bug. You detect the phone
> > starts sending data to a server, but the server cuts the connection as
> > it detects the proxy.
> >
> > So you cannot verify what the smartphone actually sends, you are not in
> > control. "Privacy" and end-to-end security require the user to be in
> > control, so that a server "cannot refuse to serve sensitive content over
> > a proxied connection" is a good thing, while you list it as a problem.
> > My suggestion was to include a Goal to ensure that users are in control.
> >
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>

--047d7b621b1cc53a3904e9fc4786
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Before we get into the broader definition of trust and all=
 kinds of possible threats, I&#39;d like to make sure the scope of this doc=
ument is understood. =A0I apologize if that was not clear from my first ema=
il or the draft itself. =A0<div>
<br></div><div>This document covers the case where a client and server wish=
 to exchange traffic over a channel that is either end-to-end secure or is =
point-to-point secured to an authorized middle box. The threats it addresse=
s are those due to unauthorized middle boxes and provides guidelines and go=
als to make those detectable by the endpoints, including the user.=A0</div>
<div><br></div><div>It is not intended to tackle the general case of rogue =
servers or the generic case of placing all privacy controls with the user. =
=A0It is not to say that such goals aren&#39;t necessary for the Internet -=
 just that this document is written to explicitly handle only a subset as m=
entioned above.=A0</div>
<div><br></div><div>Hope this helps.=A0</div><div><br></div><div>Thanks,<br=
>Vidya=A0</div></div><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Wed, Oct 30, 2013 at 2:39 PM, JOSEFSSON Erik <span dir=3D"ltr">&=
lt;<a href=3D"mailto:erik.josefsson@europarl.europa.eu" target=3D"_blank">e=
rik.josefsson@europarl.europa.eu</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Here&#39;s a woman I trust on trust:<br>
<br>
<a href=3D"http://www.ted.com/talks/onora_o_neill_what_we_don_t_understand_=
about_trust.html" target=3D"_blank">http://www.ted.com/talks/onora_o_neill_=
what_we_don_t_understand_about_trust.html</a><br>
<br>
//Erik<br>
________________________________________<br>
From: <a href=3D"mailto:perpass-bounces@ietf.org">perpass-bounces@ietf.org<=
/a> [<a href=3D"mailto:perpass-bounces@ietf.org">perpass-bounces@ietf.org</=
a>] on behalf of Hannes Tschofenig [<a href=3D"mailto:hannes.tschofenig@gmx=
.net">hannes.tschofenig@gmx.net</a>]<br>

Sent: Wednesday, October 30, 2013 9:03 PM<br>
To: Bjoern Hoehrmann<br>
Cc: Vidya Narayanan; <a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</=
a>; <a href=3D"mailto:hannes.tschofenig@gmx.net">hannes.tschofenig@gmx.net<=
/a><br>
<div class=3D"im">Subject: Re: [perpass] Explicit proxying in HTTP<br>
<br>
</div><div><div class=3D"h5">Hi Vidya, Hi Bjoern,<br>
<br>
the term &quot;trust&quot; is quite tricky. You may trust someone to do X b=
ut not<br>
Y. Hence, you have to say what you believe the &quot;client&quot; (user, I =
guess)<br>
trusts the server for.<br>
<br>
Just think about the concept of &#39;secondary use&#39;.<br>
<br>
Ciao<br>
Hannes<br>
<br>
<br>
Am 30.10.13 20:40, schrieb Bjoern Hoehrmann:<br>
&gt; * Vidya Narayanan wrote:<br>
&gt;&gt; I may be missing something here, but your wording seems to suggest=
 that the<br>
&gt;&gt; user may not trust the server? =A0If so, that is definitely not th=
e targeted<br>
&gt;&gt; case under discussion. =A0The assumption here is that the client (=
and hence<br>
&gt;&gt; the user) and the server trust each other, but they don&#39;t nece=
ssarily trust<br>
&gt;&gt; all middleboxes.<br>
&gt;<br>
&gt; You buy a smartphone. You come to suspect it may have a bug that makes=
<br>
&gt; it send encrypted data over the wire it should not be sending. You con=
-<br>
&gt; figure a MITM proxy and try to trigger the bug. You detect the phone<b=
r>
&gt; starts sending data to a server, but the server cuts the connection as=
<br>
&gt; it detects the proxy.<br>
&gt;<br>
&gt; So you cannot verify what the smartphone actually sends, you are not i=
n<br>
&gt; control. &quot;Privacy&quot; and end-to-end security require the user =
to be in<br>
&gt; control, so that a server &quot;cannot refuse to serve sensitive conte=
nt over<br>
&gt; a proxied connection&quot; is a good thing, while you list it as a pro=
blem.<br>
&gt; My suggestion was to include a Goal to ensure that users are in contro=
l.<br>
&gt;<br>
<br>
</div></div>_______________________________________________<br>
perpass mailing list<br>
<a href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/perpass" target=3D"_blank"=
>https://www.ietf.org/mailman/listinfo/perpass</a><br>
</blockquote></div><br></div>

--047d7b621b1cc53a3904e9fc4786--

From doug.mtview@gmail.com  Wed Oct 30 18:20:08 2013
Return-Path: <doug.mtview@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB90611E82AF for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 18:20:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level: 
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kVlmHedJyBzr for <perpass@ietfa.amsl.com>; Wed, 30 Oct 2013 18:20:06 -0700 (PDT)
Received: from mail-ie0-x236.google.com (mail-ie0-x236.google.com [IPv6:2607:f8b0:4001:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id 785DA11E8259 for <perpass@ietf.org>; Wed, 30 Oct 2013 18:20:06 -0700 (PDT)
Received: by mail-ie0-f182.google.com with SMTP id as1so3716334iec.41 for <perpass@ietf.org>; Wed, 30 Oct 2013 18:20:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to; bh=byF6892GYZ/d6mEgYEMxkpdkkUyuClEEiYdmdjUeHY8=; b=yRcCHu1usbJsz2rrrzS1hdegOMrt86rx+V2BwaN4wzQkVSdCQ/d3UcbYqIB49xDE3c 2eFPCItf0pOA5F37wT9/rU4Scd/+xrbEuA3PRtIjukkS3Gh3NUpo1FfOyipSXKzvuYOY /nL7lj6s9Y0itZAdfYNKYPJ/7NinYSno4G7VD/lUIY/mLwe+2Yw70gei3kU2wdfGy/gS 1JtJqg6rKeHh4KWglfbDCzMWK2BvvHIT1c6iWIY9O9rdZfaeHZVubPb6eu+GTbSLl+X1 LK8G9Ir48+L5X7MhZjaqb6iCjI4beW1dZ+LxG+0iBuIS5n+3nqeXqJm6+wdpY8nyF2LT PpQw==
X-Received: by 10.50.39.84 with SMTP id n20mr422355igk.14.1383182405790; Wed, 30 Oct 2013 18:20:05 -0700 (PDT)
Received: from [192.168.0.54] (107-0-5-6-ip-static.hfc.comcastbusiness.net. [107.0.5.6]) by mx.google.com with ESMTPSA id f5sm776032igc.4.2013.10.30.18.20.04 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 30 Oct 2013 18:20:04 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
Content-Type: multipart/alternative; boundary="Apple-Mail=_9A6F98FF-FC77-4334-98B2-649DED3D9CC1"
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <CAO+OM=qEQWrJd=GS1-UUZiDGKzXCdpiqtnZVw5=SEw9oxsJK9Q@mail.gmail.com>
Date: Wed, 30 Oct 2013 18:20:02 -0700
Message-Id: <A34FBFA6-AC6C-4B5E-A715-CB0A91390890@gmail.com>
References: <CAO+OM=qyRVgy6qHrmC5uv3BRCGn+f4B9setcKcm+=nhgkVd9wg@mail.gmail.com> <p6cv69lod3c3kdlh0v3mfjo0ic7ta2mrnc@hive.bjoern.hoehrmann.de> <CAO+OM=qEQWrJd=GS1-UUZiDGKzXCdpiqtnZVw5=SEw9oxsJK9Q@mail.gmail.com>
To: Vidya Narayanan <vn@google.com>
X-Mailer: Apple Mail (2.1510)
Cc: perpass@ietf.org, Bjoern Hoehrmann <derhoermi@gmx.net>
Subject: Re: [perpass] Explicit proxying in HTTP and making security related decisions from untrustworthy input
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 01:20:08 -0000

--Apple-Mail=_9A6F98FF-FC77-4334-98B2-649DED3D9CC1
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-8859-1

Dear Vidya,

IMHO, the basic problem is making security related decisions using =
untrustworthy input.  Users subjugated to other's DNS and a public CA =
hierarchy are exposed to non-trivial levels of risk.  Joe St Sauver =
offered a pointer to Terry Zink's transitional theory for IPv6 where =
email needs to make rejection decisions at the beginning of an exchange. =
 See:
=
http://blogs.msdn.com/b/tzink/archive/2013/09/11/supporting-email-over-ipv=
6-part-1-an-introduction.aspx

While agreeing fully with Terry's basic assertion about this basic need, =
SMTP lacks expedient methods to confirm source identities such as a =
domain.  He suggests whitelists can be compiled based upon confirmations =
related to DKIM or SPF.  Ironically, DKIM does not validate domains =
initiating an exchange, and SPF depends upon a macro language able to =
cause hundreds of DNS transactions based on highly variable message =
elements with potentially nefarious aim.  Decisions based on =
untrustworthy input while using dangerous protocols makes it absurd to =
suggest other approaches come any where close to offering the same level =
of risk!

Generating a whitelist using untrustworthy input is doomed to confront =
the age old problem of garbage-in garbage-out.  If you configure your =
browser to require valid certificates and find you are able to access =
your bank, one might hope a proxy modified transaction could not be =
completed.  Unfortunately, that is not always the case.  L2TP/IPsec =
http://tools.ietf.org/html/rfc3193 connecting to a known safe =
environment seems like a better solution.  When this type of VPN is =
blocked, the user should not have an expectation of privacy.  It would =
have been nice to find this protocol not borked by an OS update. :^(

Regards,
Douglas Otis


On Oct 30, 2013, at 11:09 AM, Vidya Narayanan <vn@google.com> wrote:

> Hi,
> I may be missing something here, but your wording seems to suggest =
that the user may not trust the server?  If so, that is definitely not =
the targeted case under discussion.  The assumption here is that the =
client (and hence the user) and the server trust each other, but they =
don't necessarily trust all middleboxes.=20
>=20
> If I have not understood you correctly, please let me know.=20
>=20
> Regards,
> Vidya=20
>=20
>=20
> On Tue, Oct 29, 2013 at 6:51 AM, Bjoern Hoehrmann <derhoermi@gmx.net> =
wrote:
> * Vidya Narayanan wrote:
> >All,
> >http://tools.ietf.org/id/draft-vidya-httpbis-explicit-proxy-ps-00.txt =
is a
> >problem statement on the need for explicit proxying in HTTP.
>=20
> I have a suggestion. =46rom the document:
>=20
>    The use of proxies leads to a number of privacy issues.  To
>    summarize:
>=20
>    ...
>=20
>    o  The server has no knowledge of the presence of the proxy and
>       hence, cannot refuse to serve sensitive content over a proxied
>       connection.
>=20
>    o  The weakened security model, when certificate pinning is =
disabled
>       at a general level, allows inspection of content ...
>=20
>    ...
>=20
>    With privacy becoming more and more important, it is important for =
us
>    to support solutions that allow awareness of a privacy breach to =
both
>    users and the servers, when that happens.  To this effect, it is
>    important that proxies be explicitly supported and detected.
>=20
>    ...
>=20
>    o  Content providers may not wish to serve certain content in
>       anything less than an end-to-end secure fashion.
>=20
> How about including in the Goals section that users must be able to
> verify the behavior of untrusted user agents without interference on
> part of the server, which requires the user being able to inspect any
> content without the server knowing, possibly by use of a proxy?
>=20
> I also note that allowing servers to be aware when my "privacy" has
> been "breached" in all likelyhood makes that breach worse, not better.
> --
> Bj=F6rn H=F6hrmann =B7 mailto:bjoern@hoehrmann.de =B7 =
http://bjoern.hoehrmann.de
> Am Badedeich 7 =B7 Telefon: +49(0)160/4415681 =B7 =
http://www.bjoernsworld.de
> 25899 Dageb=FCll =B7 PGP Pub. KeyID: 0xA4357E78 =B7 =
http://www.websitedev.de/
>=20
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass


--Apple-Mail=_9A6F98FF-FC77-4334-98B2-649DED3D9CC1
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=iso-8859-1

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Diso-8859-1"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Dear =
Vidya,<div><br></div><div>IMHO, the basic problem is&nbsp;making =
security related decisions using untrustworthy input. &nbsp;Users =
subjugated to other's DNS and a public CA hierarchy are exposed to =
non-trivial levels of risk. &nbsp;Joe St Sauver offered a pointer to =
Terry Zink's transitional theory for IPv6 where email needs to make =
rejection decisions at the beginning of an exchange. =
&nbsp;See:</div><div><a =
href=3D"http://blogs.msdn.com/b/tzink/archive/2013/09/11/supporting-email-=
over-ipv6-part-1-an-introduction.aspx">http://blogs.msdn.com/b/tzink/archi=
ve/2013/09/11/supporting-email-over-ipv6-part-1-an-introduction.aspx</a></=
div><div><br></div><div>While agreeing fully with Terry's basic =
assertion about this basic need, SMTP lacks expedient methods to confirm =
source identities such as a domain. &nbsp;He suggests whitelists can be =
compiled based upon confirmations related to DKIM or SPF. =
&nbsp;Ironically, DKIM does not validate domains initiating an exchange, =
and SPF depends upon a macro language able to cause hundreds of DNS =
transactions based on highly variable message elements with potentially =
nefarious aim. &nbsp;Decisions based on untrustworthy input while using =
dangerous protocols makes it absurd to suggest other approaches come any =
where close to offering the same level of =
risk!</div><div><br></div><div>Generating a whitelist using =
untrustworthy input is doomed to confront the age old problem of =
garbage-in garbage-out. &nbsp;If you configure your browser to require =
valid certificates and find you are able to access your bank, one might =
hope a proxy modified transaction could not be completed. =
&nbsp;Unfortunately, that is not always the case. =
&nbsp;L2TP/IPsec&nbsp;<a =
href=3D"http://tools.ietf.org/html/rfc3193">http://tools.ietf.org/html/rfc=
3193</a>&nbsp;connecting to a known safe environment seems like a better =
solution. &nbsp;When this type of VPN is blocked, the user should not =
have an expectation of privacy. &nbsp;It would have been nice to find =
this protocol not borked by an OS update. =
:^(</div><div><br></div><div>Regards,</div><div>Douglas =
Otis</div><div><br></div><div><br><div><div>On Oct 30, 2013, at 11:09 =
AM, Vidya Narayanan &lt;<a =
href=3D"mailto:vn@google.com">vn@google.com</a>&gt; wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><div =
dir=3D"ltr">Hi,<div>I may be missing something here, but your wording =
seems to suggest that the user may not trust the server? &nbsp;If so, =
that is definitely not the targeted case under discussion. &nbsp;The =
assumption here is that the client (and hence the user) and the server =
trust each other, but they don't necessarily trust all =
middleboxes.&nbsp;</div>
<div><br></div><div>If I have not understood you correctly, please let =
me =
know.&nbsp;</div><div><br></div><div>Regards,<br>Vidya&nbsp;</div></div><d=
iv class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Tue, Oct =
29, 2013 at 6:51 AM, Bjoern Hoehrmann <span dir=3D"ltr">&lt;<a =
href=3D"mailto:derhoermi@gmx.net" =
target=3D"_blank">derhoermi@gmx.net</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 =
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=3D"im">* =
Vidya Narayanan wrote:<br>
&gt;All,<br>
&gt;<a =
href=3D"http://tools.ietf.org/id/draft-vidya-httpbis-explicit-proxy-ps-00.=
txt" =
target=3D"_blank">http://tools.ietf.org/id/draft-vidya-httpbis-explicit-pr=
oxy-ps-00.txt</a> is a<br>
&gt;problem statement on the need for explicit proxying in HTTP.<br>
<br>
</div>I have a suggestion. =46rom the document:<br>
<br>
&nbsp; &nbsp;The use of proxies leads to a number of privacy issues. =
&nbsp;To<br>
&nbsp; &nbsp;summarize:<br>
<br>
&nbsp; &nbsp;...<br>
<br>
&nbsp; &nbsp;o &nbsp;The server has no knowledge of the presence of the =
proxy and<br>
&nbsp; &nbsp; &nbsp; hence, cannot refuse to serve sensitive content =
over a proxied<br>
&nbsp; &nbsp; &nbsp; connection.<br>
<br>
&nbsp; &nbsp;o &nbsp;The weakened security model, when certificate =
pinning is disabled<br>
&nbsp; &nbsp; &nbsp; at a general level, allows inspection of content =
...<br>
<br>
&nbsp; &nbsp;...<br>
<br>
&nbsp; &nbsp;With privacy becoming more and more important, it is =
important for us<br>
&nbsp; &nbsp;to support solutions that allow awareness of a privacy =
breach to both<br>
&nbsp; &nbsp;users and the servers, when that happens. &nbsp;To this =
effect, it is<br>
&nbsp; &nbsp;important that proxies be explicitly supported and =
detected.<br>
<br>
&nbsp; &nbsp;...<br>
<br>
&nbsp; &nbsp;o &nbsp;Content providers may not wish to serve certain =
content in<br>
&nbsp; &nbsp; &nbsp; anything less than an end-to-end secure =
fashion.<br>
<br>
How about including in the Goals section that users must be able to<br>
verify the behavior of untrusted user agents without interference on<br>
part of the server, which requires the user being able to inspect =
any<br>
content without the server knowing, possibly by use of a proxy?<br>
<br>
I also note that allowing servers to be aware when my "privacy" has<br>
been "breached" in all likelyhood makes that breach worse, not =
better.<br>
<span class=3D"HOEnZb"><font color=3D"#888888">--<br>
Bj=F6rn H=F6hrmann =B7 mailto:<a =
href=3D"mailto:bjoern@hoehrmann.de">bjoern@hoehrmann.de</a> =B7 <a =
href=3D"http://bjoern.hoehrmann.de/" =
target=3D"_blank">http://bjoern.hoehrmann.de</a><br>
Am Badedeich 7 =B7 Telefon: <a href=3D"tel:%2B49%280%29160%2F4415681" =
value=3D"+491604415681">+49(0)160/4415681</a> =B7 <a =
href=3D"http://www.bjoernsworld.de/" =
target=3D"_blank">http://www.bjoernsworld.de</a><br>
25899 Dageb=FCll =B7 PGP Pub. KeyID: 0xA4357E78 =B7 <a =
href=3D"http://www.websitedev.de/" =
target=3D"_blank">http://www.websitedev.de/</a><br>
</font></span></blockquote></div><br></div>
_______________________________________________<br>perpass mailing =
list<br><a =
href=3D"mailto:perpass@ietf.org">perpass@ietf.org</a><br>https://www.ietf.=
org/mailman/listinfo/perpass<br></blockquote></div><br></div></body></html=
>=

--Apple-Mail=_9A6F98FF-FC77-4334-98B2-649DED3D9CC1--

From lars@netapp.com  Thu Oct 31 02:58:38 2013
Return-Path: <lars@netapp.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72DC421E80D3 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 02:58:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.263
X-Spam-Level: 
X-Spam-Status: No, score=-8.263 tagged_above=-999 required=5 tests=[AWL=1.537,  BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XvEjbrEPdEIg for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 02:58:33 -0700 (PDT)
Received: from mx12.netapp.com (mx12.netapp.com [216.240.18.77]) by ietfa.amsl.com (Postfix) with ESMTP id B8B9921E8095 for <perpass@ietf.org>; Thu, 31 Oct 2013 02:58:33 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.93,607,1378882800";  d="asc'?scan'208";a="107683874"
Received: from vmwexceht02-prd.hq.netapp.com ([10.106.76.240]) by mx12-out.netapp.com with ESMTP; 31 Oct 2013 02:58:33 -0700
Received: from SACEXCMBX01-PRD.hq.netapp.com ([169.254.2.51]) by vmwexceht02-prd.hq.netapp.com ([10.106.76.240]) with mapi id 14.03.0123.003; Thu, 31 Oct 2013 02:58:33 -0700
From: "Eggert, Lars" <lars@netapp.com>
To: perpass <perpass@ietf.org>
Thread-Topic: perpass-related talk at IRTF Open Meeting at	IETF-88
Thread-Index: AQHO1h/C5QvVDZb+CES4GMZXT2809g==
Date: Thu, 31 Oct 2013 09:58:32 +0000
Message-ID: <4137C654-D06C-4892-B02A-EDCE662EFAB8@netapp.com>
References: <E0B2C0DB-E3CA-4D30-B417-48BB7F6DC9C1@netapp.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-originating-ip: [10.104.60.118]
Content-Type: multipart/signed; boundary="Apple-Mail=_EB89A15C-2675-44E0-A345-7822F7657AE4"; protocol="application/pgp-signature"; micalg=pgp-sha1
MIME-Version: 1.0
Subject: [perpass] perpass-related talk at IRTF Open Meeting at	IETF-88
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 09:58:38 -0000

--Apple-Mail=_EB89A15C-2675-44E0-A345-7822F7657AE4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Potentially of interest: Nick Feamster's talk

Begin forwarded message:

> From: "Eggert, Lars" <lars@netapp.com>
> Subject: [IRTF-Announce] Preliminary agenda for the IRTF Open Meeting =
at IETF-88
> Date: October 31, 2013 17:53:15 GMT+08:00
> To: "irtf-discuss@irtf.org" <irtf-discuss@irtf.org>, =
"irtf-announce@irtf.org" <irtf-announce@irtf.org>
> Reply-To: "irtf-discuss@irtf.org" <irtf-discuss@irtf.org>
>=20
> A preliminary agenda for the IRTF Open Meeting at IETF-88 is now =
online: https://www.ietf.org/proceedings/88/agenda/agenda-88-irtfopen
>=20
> Lars
>=20
> --
>=20
> Agenda
> IRTF Open Meeting @ IETF-88
> Vancouver, Canada
> 1420-1550 PST
> Tuesday Afternoon Session II
>=20
> [Slot lengths below indicate presentation+discussion time.]
>=20
>=20
> State of the IRTF
>    Lars Eggert
>    5+5 min
>=20
>=20
> Measuring and Circumventing Internet Censorship and Control
>    Nick Feamster
>    25+5 min
> =09
> =09
> Applied Networking Prize (ANRP) Award Talk
>    30+10 min
>=20
>    *** IDILIO DRAGO *** for characterizing traffic and workloads of =
the
>    Dropbox cloud storage system:
>=20
>    Idilio Drago, Marco Mellia, Maurizio M. Munafo, Anna Sperotto,
>    Ramin Sadre and Aiko Pras. Inside Dropbox: Understanding Personal
>    Cloud Storage Services. Proc. ACM Internet Measurement Conference
>    (IMC), November 2012, Boston, MA, USA.
>=20
>=20
> Internet Research Grand Challenges
>    Eliot Lear
>    10 min
>=20


--Apple-Mail=_EB89A15C-2675-44E0-A345-7822F7657AE4
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="signature.asc"
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----

iQCVAwUBUnIpytZcnpRveo1xAQJlAAP/T1KG5reyIVeGxwNMKvETLDf1r8njFOu7
U7dDjmt5Zq/wv7XoRiv4Wtzw8qsgTQdBrXgE0T+mbs307RguHR31hglGfiuGkeZm
O6oED+zMbAJ+O3sEYqgfNCPTiM8QaqHwRNNE6AUb0WcWHSulReUdAC1TW7+krOpI
KZEg1SYD0PA=
=8KTi
-----END PGP SIGNATURE-----

--Apple-Mail=_EB89A15C-2675-44E0-A345-7822F7657AE4--

From lear@cisco.com  Thu Oct 31 04:07:44 2013
Return-Path: <lear@cisco.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09DCF11E8327 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 04:07:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.502
X-Spam-Level: 
X-Spam-Status: No, score=-110.502 tagged_above=-999 required=5 tests=[AWL=0.097, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id osLfTyTuT4mX for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 04:07:32 -0700 (PDT)
Received: from ams-iport-4.cisco.com (ams-iport-4.cisco.com [144.254.224.147]) by ietfa.amsl.com (Postfix) with ESMTP id 4EF4111E828B for <perpass@ietf.org>; Thu, 31 Oct 2013 04:07:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=646; q=dns/txt; s=iport; t=1383217638; x=1384427238; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=DqMFuYjSK17159zr2ubcDl0udWksW0FPNh82cFDctP4=; b=grLxO5/HT9IApzF0ohw40NVWCtU66Lt18qn5N2RY66VCNhiJNltrg8oZ /4N75S9FCVSg9kkqhwXlM34EJw5A4g1iysQzMCS9vOAb4XF/iHbTbVvXZ zm7L/yWLosY77SPej+BDDkLYpoH1mGWeiM2tmEQXxohrVwP0DKiBw8Fnn s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgcFAGs5clKQ/khL/2dsb2JhbABZgwc4g2e5W4J8gScWdIIlAQEBAwEjVQEQCw4MAgUWCwICCQMCAQIBKxoGAQwBBwEBh30GqSKSY4EpjiYHgmuBQwOYC5IJgyc7
X-IronPort-AV: E=Sophos;i="4.93,608,1378857600"; d="scan'208";a="19153340"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-4.cisco.com with ESMTP; 31 Oct 2013 11:07:09 +0000
Received: from mctiny.local ([10.61.171.124]) by ams-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r9VB72oR008983 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 31 Oct 2013 11:07:04 GMT
Message-ID: <527239D6.5010704@cisco.com>
Date: Thu, 31 Oct 2013 12:07:02 +0100
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Vidya Narayanan <vn@google.com>, JOSEFSSON Erik <erik.josefsson@europarl.europa.eu>
References: <CAO+OM=qyRVgy6qHrmC5uv3BRCGn+f4B9setcKcm+=nhgkVd9wg@mail.gmail.com>	<p6cv69lod3c3kdlh0v3mfjo0ic7ta2mrnc@hive.bjoern.hoehrmann.de>	<CAO+OM=qEQWrJd=GS1-UUZiDGKzXCdpiqtnZVw5=SEw9oxsJK9Q@mail.gmail.com>	<gml279d6rnvn7v2sma2r3vf17fm2g5nkm9@hive.bjoern.hoehrmann.de>	<5271661C.6020808@gmx.net>	<4B654B63C9A4614EA1F088B2490E8F3A027007@UCEXBWP009.ep.parl.union.eu> <CAO+OM=obewgwQbR=aJSgQ38LD2SPYZojWcU=AKc5HUO3yywacQ@mail.gmail.com>
In-Reply-To: <CAO+OM=obewgwQbR=aJSgQ38LD2SPYZojWcU=AKc5HUO3yywacQ@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: "perpass@ietf.org" <perpass@ietf.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Bjoern Hoehrmann <derhoermi@gmx.net>
Subject: Re: [perpass] Explicit proxying in HTTP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 11:07:48 -0000

Vidya,

On 10/30/13 10:47 PM, Vidya Narayanan wrote:

>
> This document covers the case where a client and server wish to
> exchange traffic over a channel that is either end-to-end secure or is
> point-to-point secured to an authorized middle box. The threats it
> addresses are those due to unauthorized middle boxes and provides
> guidelines and goals to make those detectable by the endpoints,
> including the user.

Who gets to do the authorizing?  Does the infrastructure owner get a say
how her infrastructure is used?  But before we go too far, where should
this discussion really take place?  Here or in httpbis?

Eliot

From stephen.farrell@cs.tcd.ie  Thu Oct 31 04:27:45 2013
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1FCD11E8135 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 04:27:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.333
X-Spam-Level: 
X-Spam-Status: No, score=-102.333 tagged_above=-999 required=5 tests=[AWL=0.266, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rCbCRxUcLkpI for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 04:27:40 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 6D87021E80E9 for <perpass@ietf.org>; Thu, 31 Oct 2013 04:27:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7A8C0BE57; Thu, 31 Oct 2013 11:27:28 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GY25oQpPvHrV; Thu, 31 Oct 2013 11:27:28 +0000 (GMT)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 587C9BE50; Thu, 31 Oct 2013 11:27:28 +0000 (GMT)
Message-ID: <52723E96.4080605@cs.tcd.ie>
Date: Thu, 31 Oct 2013 11:27:18 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Eliot Lear <lear@cisco.com>, Vidya Narayanan <vn@google.com>,  JOSEFSSON Erik <erik.josefsson@europarl.europa.eu>
References: <CAO+OM=qyRVgy6qHrmC5uv3BRCGn+f4B9setcKcm+=nhgkVd9wg@mail.gmail.com>	<p6cv69lod3c3kdlh0v3mfjo0ic7ta2mrnc@hive.bjoern.hoehrmann.de>	<CAO+OM=qEQWrJd=GS1-UUZiDGKzXCdpiqtnZVw5=SEw9oxsJK9Q@mail.gmail.com>	<gml279d6rnvn7v2sma2r3vf17fm2g5nkm9@hive.bjoern.hoehrmann.de>	<5271661C.6020808@gmx.net>	<4B654B63C9A4614EA1F088B2490E8F3A027007@UCEXBWP009.ep.parl.union.eu>	<CAO+OM=obewgwQbR=aJSgQ38LD2SPYZojWcU=AKc5HUO3yywacQ@mail.gmail.com> <527239D6.5010704@cisco.com>
In-Reply-To: <527239D6.5010704@cisco.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "perpass@ietf.org" <perpass@ietf.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Bjoern Hoehrmann <derhoermi@gmx.net>
Subject: Re: [perpass] Explicit proxying in HTTP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 11:27:46 -0000

On 10/31/2013 11:07 AM, Eliot Lear wrote:
> But before we go too far, where should
> this discussion really take place?  Here or in httpbis?

Good question.

My take: in httpbis - its on their agenda for next week I
think, and its their problem and afaik people are actively
interested in addressing it there.

It is a hard-ish problem and it could be the case that there's
stuff that'll be relevant for this list, but I think that
only makes sense after something has taken shape in httpbis
and maybe not then if they do a good enough job, which I
hope they will.

So yeah, better for this discussion to happen on the httpbis
list please.

Thanks,
S.

From rutkowski.tony@gmail.com  Thu Oct 31 08:06:22 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8CB821E8103 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 08:06:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XCYPPJYXXUtp for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 08:06:18 -0700 (PDT)
Received: from mail-qe0-x234.google.com (mail-qe0-x234.google.com [IPv6:2607:f8b0:400d:c02::234]) by ietfa.amsl.com (Postfix) with ESMTP id 3B24C21E80DA for <perpass@ietf.org>; Thu, 31 Oct 2013 08:05:54 -0700 (PDT)
Received: by mail-qe0-f52.google.com with SMTP id w7so1802507qeb.11 for <perpass@ietf.org>; Thu, 31 Oct 2013 08:05:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=jwhXgKITPoyDBtqLdq9MdHwT3qyhvfx8Hbytx98OA6Y=; b=jpzmoodS5Oq6zfzfJT0Z1xIwAE/WtJPbiFNo6Pmjk//c8JdHNw4TPuwQDOPzXL7QMK X9nIlK8klR5vKEHfXrRpFJSTgRXpAoWk5Ni/Ve1O5Sbmip4Dh/VXDLbh53yk8mx3WbW+ mz6NR57Nl/SMqIyCUgpKuPfYemQTsV1/jC5azmETaMtMSaACi9CvnKWd1FF3zBaehfm3 9Zla7+vsrzL2tcwWYNBSncm6B85QxuGDh3EJnzCFkY8qxmVc/lgcQ2nDUQ/6AeWiwqbJ 3zaOm4tmWoN2WxmCNqQ/Ec1mnMEdMX8fJCWH4TwK/G3RzWcsXpf8aQiS6dy1sadL+HyQ aJFA==
X-Received: by 10.229.172.3 with SMTP id j3mr4838872qcz.10.1383231951147; Thu, 31 Oct 2013 08:05:51 -0700 (PDT)
Received: from [192.168.1.2] (pool-173-72-191-218.clppva.fios.verizon.net. [173.72.191.218]) by mx.google.com with ESMTPSA id 4sm9940809qak.11.2013.10.31.08.05.49 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 31 Oct 2013 08:05:50 -0700 (PDT)
Message-ID: <527271CD.8000005@gmail.com>
Date: Thu, 31 Oct 2013 11:05:49 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Richard Shockey <richard@shockey.us>,  'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
References: <13102810494583_8A24@oregon.uoregon.edu>	<01P04ABSOR0E00004R@mauve.mrochek.com>	<01e901ced4ef$f3615e80$da241b80$@shockey.us>	<52703B74.4090409@cs.tcd.ie> <00f801ced585$bd7d3870$3877a950$@shockey.us>
In-Reply-To: <00f801ced585$bd7d3870$3877a950$@shockey.us>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 15:06:23 -0000

Hi Rich,

You've hit several nails on the head here as to
why the premises for the list are so flawed.

Privacy (as opposed to PPII) is a legal,
societal, and religious matter, yet it is never
defined, and assumed by the proponents of
the list as accepted as an absolute tenet.  So
what if one is not of that religious persuasion?
What if you don't want to pay the broad array
of significant real costs and elevated threats
to finance those religious beliefs?  for example,
there are no use cases of where any form of
pervasive monitoring has brought down a plane.

Similarly neither "pervasive" nor "monitoring"
nor the concatenation of the two are defined
or even explained.

All of this is highly context dependent - as you
and others have repeatedly pointed out, and even
Stephen admits - raising the specter of bad actors.
Gee, not much new there.  However, the group
seemed to have been spun up over good actors
doing serious jobs, not bad ones.  That's ironic.
In fact, the proffered use cases seem directed
at impeding good actors and potentially seriously
damaging good actor requirements.

This is one of the worst examples of IETF upper
layer excesses witnessed over many decades.
While it can be written off as a canard to keep
some religious persuasions happy, it does real
harm to the IETF's stature.  This stuff belongs on
K-street and other lobbying venues, not in a
serious technical body that needs to accommodate
a broad spectrum of perspectives and needs.

--tony



On 10/30/2013 11:36 AM, Richard Shockey wrote:
> [RS> ] Who's privacy? The calling party or the called party.   This is my
> point. Enabling privacy for one may violate the privacy of the other. Now we
> are really blasting past Layer 8-10 Economic Political and Religious into
> Layer 11 Philosophy.   I'm totally incompetent to make judgments on that
> Layer.


From hannes.tschofenig@gmx.net  Thu Oct 31 08:17:32 2013
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E85511E822F for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 08:17:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id szucLdkMxP7L for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 08:17:27 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id 615AB11E822B for <perpass@ietf.org>; Thu, 31 Oct 2013 08:17:27 -0700 (PDT)
Received: from Masham-MAC.local ([91.179.235.179]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MSY2q-1VCUra0Yei-00RXkw for <perpass@ietf.org>; Thu, 31 Oct 2013 16:17:26 +0100
Message-ID: <52727480.4000202@gmx.net>
Date: Thu, 31 Oct 2013 16:17:20 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: rutkowski.tony@gmail.com
References: <13102810494583_8A24@oregon.uoregon.edu>	<01P04ABSOR0E00004R@mauve.mrochek.com>	<01e901ced4ef$f3615e80$da241b80$@shockey.us>	<52703B74.4090409@cs.tcd.ie> <00f801ced585$bd7d3870$3877a950$@shockey.us> <527271CD.8000005@gmail.com>
In-Reply-To: <527271CD.8000005@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:xvyfww9mFik9eeqRYNmSlfLrl5MAg8cJ5QABAU8y0Sj4idHgUER 8wfyN39Ma1JA07fO47t9kqaGO3fbnKpj82GWgFA/9xPjPHtL8MK/q5j/6+Rr1kz1Oj95qjT 8vs/A3Spi5UZWotKToI4yeuDvHovVlk1Bpkk5+93StwJvQLjy+02dymGtAXcl+UPMSETWs+ /J0Ye9D/xu1E42awAUDkQ==
Cc: hannes.tschofenig@gmx.net, perpass@ietf.org, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, Richard Shockey <richard@shockey.us>
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 15:17:32 -0000

Guys, have a look at the lovely privacy consideration document the IAB 
published not too long ago. It explains you how we see privacy (which is 
different to what other people consider under privacy). It turns out 
that is exactly the approach we have taken with security many years ago.

Just compare it with security and you will for sure understand that the 
decision making process about how to design a system isn't entirely 
without judgement about what threats you care about and what security 
solutions you are willing to put in place. Most of the decisions are 
about tradeoffs.

The same is true for privacy.

I don't like this "we cannot define it precisely and so we shouldn't do 
anything about it" attitude.

Just pushing responsibilities to other communities does not help make 
progress. For this reason I have written https://goo.gl/a35BY2, which 
explains in what areas challenges exist.

Ciao
Hannes

Am 31.10.13 16:05, schrieb Tony Rutkowski:
> Hi Rich,
>
> You've hit several nails on the head here as to
> why the premises for the list are so flawed.
>
> Privacy (as opposed to PPII) is a legal,
> societal, and religious matter, yet it is never
> defined, and assumed by the proponents of
> the list as accepted as an absolute tenet.  So
> what if one is not of that religious persuasion?
> What if you don't want to pay the broad array
> of significant real costs and elevated threats
> to finance those religious beliefs?  for example,
> there are no use cases of where any form of
> pervasive monitoring has brought down a plane.
>
> Similarly neither "pervasive" nor "monitoring"
> nor the concatenation of the two are defined
> or even explained.
>
> All of this is highly context dependent - as you
> and others have repeatedly pointed out, and even
> Stephen admits - raising the specter of bad actors.
> Gee, not much new there.  However, the group
> seemed to have been spun up over good actors
> doing serious jobs, not bad ones.  That's ironic.
> In fact, the proffered use cases seem directed
> at impeding good actors and potentially seriously
> damaging good actor requirements.
>
> This is one of the worst examples of IETF upper
> layer excesses witnessed over many decades.
> While it can be written off as a canard to keep
> some religious persuasions happy, it does real
> harm to the IETF's stature.  This stuff belongs on
> K-street and other lobbying venues, not in a
> serious technical body that needs to accommodate
> a broad spectrum of perspectives and needs.
>
> --tony
>
>
>
> On 10/30/2013 11:36 AM, Richard Shockey wrote:
>> [RS> ] Who's privacy? The calling party or the called party.   This is my
>> point. Enabling privacy for one may violate the privacy of the other.
>> Now we
>> are really blasting past Layer 8-10 Economic Political and Religious into
>> Layer 11 Philosophy.   I'm totally incompetent to make judgments on that
>> Layer.
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass


From rutkowski.tony@gmail.com  Thu Oct 31 08:45:29 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C186811E8229 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 08:45:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t6oI+V35TuUV for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 08:45:29 -0700 (PDT)
Received: from mail-qe0-x22e.google.com (mail-qe0-x22e.google.com [IPv6:2607:f8b0:400d:c02::22e]) by ietfa.amsl.com (Postfix) with ESMTP id BD5B811E822C for <perpass@ietf.org>; Thu, 31 Oct 2013 08:45:23 -0700 (PDT)
Received: by mail-qe0-f46.google.com with SMTP id s14so1859081qeb.33 for <perpass@ietf.org>; Thu, 31 Oct 2013 08:45:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=eIZ1Ym76NhudcwHxnol4nHS91LWxxmb4OVXPN6ujauA=; b=fPTmzrE9QlGUFS0ojS/+hzaZtbNv4b2aBoYZ/D230LYIhQ9lOGoZvLIjn9PkWvREAL Nm5IrWDBswNKx6wzSZ4Uyaq0/eiJZkkWHvhnUXcKPSv/CXe6F5EaQwMofcBKbrEbLTZn h8uCbMEc/C5ZaHNQ0rdpp2jvkuGrQxAYmp1oWkZsM8lwVRm5UJtMznhNpIdzAyNNiZ5Y 5D/snw6KS+NBsR2oXl91WNSSajWui82c2QA/7hO+X9mUedi1X+/3xLPEiVZS7XXOBsId brYEQoVhVFD8Q4wuEnDwIDRMBJHQkGNYgKfu2eBrBrIcFSVl3Ym388su2JTlFRBIDprB Gk+Q==
X-Received: by 10.49.95.135 with SMTP id dk7mr5026241qeb.3.1383234320578; Thu, 31 Oct 2013 08:45:20 -0700 (PDT)
Received: from [192.168.1.2] (pool-173-72-191-218.clppva.fios.verizon.net. [173.72.191.218]) by mx.google.com with ESMTPSA id a5sm10384798qae.2.2013.10.31.08.45.18 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 31 Oct 2013 08:45:19 -0700 (PDT)
Message-ID: <52727B0D.6030801@gmail.com>
Date: Thu, 31 Oct 2013 11:45:17 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <13102810494583_8A24@oregon.uoregon.edu>	<01P04ABSOR0E00004R@mauve.mrochek.com>	<01e901ced4ef$f3615e80$da241b80$@shockey.us>	<52703B74.4090409@cs.tcd.ie> <00f801ced585$bd7d3870$3877a950$@shockey.us> <527271CD.8000005@gmail.com> <52727480.4000202@gmx.net>
In-Reply-To: <52727480.4000202@gmx.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Cc: perpass@ietf.org, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, Richard Shockey <richard@shockey.us>
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 15:45:29 -0000

Hi Hannes,

The issue is not that privacy cannot be defined
It is that the concept of privacy and its import
varies widely in different societies, legal systems,
and people.   So why would a broad-based technical
technical body even deal with the topic.

As to your ID and its premises, it isn't exactly
accurate.  What is today regarded as the Internet
was run on DOD infrastructure.  The DARPA
Director who signed off on its pursuit in the 70s
recently testified that he had sufficient concerns
about its security that he directed the NSA to
become involved.  Until the mid-90s, most of
the traffic was pervasively monitored by the USG
and contractors.  Nothing new there, early commercial
Internet providers in the 1990s mined the data for
network management and commercial sales purposes.
In a best-effort, connectionless infrastructure, pervasive
monitoring is not unimportant.

That same DARPA director in the 1990s lead teams
to deal with what was expected to be significant misuse
of the infrastructure and protocols as the technology
replaced traditional - much more tightly controlled
and "surveilled" telecommunication infrastructure.
The Cybercrime Convention and other legal instruments
and requirements were developed because pervasive
monitoring was essential.  The likelihood of terrorists
pulling off something like a 9/11 via the Internet
was the subject of serious concern in the late 90s.
All the European bombings after that, made pervasive
monitoring so important, the EU adopted its directive
for the capture and storage of all meta data.

I could go on, but if you're serious about network
security, might I suggest engagement with any of the
numerous NIST and other governmental efforts
occurring around the world.  It's not just the IETF,
and if religious security and K-street lobbying
become the IETF's forté, the organization is only
harming itself.

--tony



On 10/31/2013 11:17 AM, Hannes Tschofenig wrote:
> The same is true for privacy.
>
> I don't like this "we cannot define it precisely and so we shouldn't 
> do anything about it" attitude.
>
> Just pushing responsibilities to other communities does not help make 
> progress. For this reason I have written https://goo.gl/a35BY2, which 
> explains in what areas challenges exist.


From scott.brim@gmail.com  Thu Oct 31 09:15:30 2013
Return-Path: <scott.brim@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50AF521E8103 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 09:15:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.593
X-Spam-Level: 
X-Spam-Status: No, score=-102.593 tagged_above=-999 required=5 tests=[AWL=0.006, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 47yF30MpaEHs for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 09:15:29 -0700 (PDT)
Received: from mail-oa0-x234.google.com (mail-oa0-x234.google.com [IPv6:2607:f8b0:4003:c02::234]) by ietfa.amsl.com (Postfix) with ESMTP id C8EAB11E8172 for <perpass@ietf.org>; Thu, 31 Oct 2013 09:15:29 -0700 (PDT)
Received: by mail-oa0-f52.google.com with SMTP id j1so3322407oag.11 for <perpass@ietf.org>; Thu, 31 Oct 2013 09:15:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=ppa62gJ6BujenbLIfLT1u5YVEFtIcyXQaERFg/yKVXY=; b=dmxGhE2gk6tHtmKej+/HxG0x9NBvA/TZu8SdiDfbmeC+9TB8b2/X5fLe6l2toN+76i WuxPTix18NfWKB/OY+dcvl3qCk4LoF1P2davRM1rYQPuC3p609YwcBuBg4zZQB6sHR+X zS9/9Jb+8dLVcrAQX2IEMgZCnBk4BRg3LgXNjps6729wkzrkenUqjGkvrXaVggxV3kS9 lXc8JaQSbnGLDAEHMJYi2hgI58s4zjZSejNxvXTewDEtItmOKsVWHcVM1YA8LBIJDnV7 8yJpd3nHi0MC3MV5EDgfIuCnXyp9MRE3Zn4F2f2oQ+njYsj//K1jiUE5l9dqTVvmAIRx 5lJg==
X-Received: by 10.60.42.203 with SMTP id q11mr3259446oel.54.1383236129291; Thu, 31 Oct 2013 09:15:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.2.134 with HTTP; Thu, 31 Oct 2013 09:15:09 -0700 (PDT)
In-Reply-To: <52727B0D.6030801@gmail.com>
References: <13102810494583_8A24@oregon.uoregon.edu> <01P04ABSOR0E00004R@mauve.mrochek.com> <01e901ced4ef$f3615e80$da241b80$@shockey.us> <52703B74.4090409@cs.tcd.ie> <00f801ced585$bd7d3870$3877a950$@shockey.us> <527271CD.8000005@gmail.com> <52727480.4000202@gmx.net> <52727B0D.6030801@gmail.com>
From: Scott Brim <scott.brim@gmail.com>
Date: Thu, 31 Oct 2013 12:15:09 -0400
Message-ID: <CAPv4CP9V7-=kmv0KwuM0RR1b67Ng0uBMddf+MxLLf1dXJSThzA@mail.gmail.com>
To: Tony Rutkowski <rutkowski.tony@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c207f020905004ea0bc2d3
Cc: perpass <perpass@ietf.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Richard Shockey <richard@shockey.us>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 16:15:30 -0000

--001a11c207f020905004ea0bc2d3
Content-Type: text/plain; charset=ISO-8859-1

On Thu, Oct 31, 2013 at 11:45 AM, Tony Rutkowski
<rutkowski.tony@gmail.com>wrote:

> The issue is not that privacy cannot be defined
> It is that the concept of privacy and its import
> varies widely in different societies, legal systems,
> and people.   So why would a broad-based technical
> technical body even deal with the topic.
>

IMHO you're at the wrong level, and the concept of privacy as used here is
abstract enough to be universal. What varies among cultures is what's kept
private, and how it is kept private - the instantiation of the concept.

--001a11c207f020905004ea0bc2d3
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">=
On Thu, Oct 31, 2013 at 11:45 AM, Tony Rutkowski <span dir=3D"ltr">&lt;<a h=
ref=3D"mailto:rutkowski.tony@gmail.com" target=3D"_blank">rutkowski.tony@gm=
ail.com</a>&gt;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div id=3D":1n0" style=3D"overflow:hidden">T=
he issue is not that privacy cannot be defined<br>
It is that the concept of privacy and its import<br>
varies widely in different societies, legal systems,<br>
and people. =A0 So why would a broad-based technical<br>
technical body even deal with the topic.</div></blockquote></div><br>IMHO y=
ou&#39;re at the wrong level, and the concept of privacy as used here is ab=
stract enough to be universal. What varies among cultures is what&#39;s kep=
t private, and how it is kept private - the instantiation of the concept.</=
div>

</div>

--001a11c207f020905004ea0bc2d3--

From rutkowski.tony@gmail.com  Thu Oct 31 09:37:00 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58E3321E8102 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 09:36:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qD8OkPj4BbV9 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 09:36:27 -0700 (PDT)
Received: from mail-qa0-x22b.google.com (mail-qa0-x22b.google.com [IPv6:2607:f8b0:400d:c00::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 777F921E8114 for <perpass@ietf.org>; Thu, 31 Oct 2013 09:36:07 -0700 (PDT)
Received: by mail-qa0-f43.google.com with SMTP id i13so4704570qae.9 for <perpass@ietf.org>; Thu, 31 Oct 2013 09:35:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=ON4uKkGyEFg9Egix7Kj0023pylp5CW+IVhDgA5CzUXI=; b=SRo/4GkIZQ49c6B9exV6yqO01/R7c9qrO5ynwf+t2NY7rU1vUtGQgoKc3LRkxnxMi8 yVLmzcABs8Rwda+PS0d9QMpdCpfr7UByJ28civ9WJ9nzAsPin9LK4eH6v59N8f12fRLF GnKnScPJjTb6cbhk3p5HpQ9WTiEXDkJCel+hPp4Fq2F2l5O5LoBgX2mZnHe/AjA/nBwp E9uTIyrjm2zshizMVFVKH5j1cc+MWmyx+HaspQJngwlw6lYLNjbpjeIL3mjHpvUr0w2K BkHVe0+44Ug30iW61tcayycIazzIPKFm+CbWaZSTcAMEUIHXMkQvAw891VDA2uj6wM+V O+Mw==
X-Received: by 10.49.25.1 with SMTP id y1mr5602641qef.22.1383237358160; Thu, 31 Oct 2013 09:35:58 -0700 (PDT)
Received: from [192.168.1.2] (pool-173-72-191-218.clppva.fios.verizon.net. [173.72.191.218]) by mx.google.com with ESMTPSA id a9sm8415660qed.6.2013.10.31.09.35.56 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 31 Oct 2013 09:35:57 -0700 (PDT)
Message-ID: <527286EC.7000504@gmail.com>
Date: Thu, 31 Oct 2013 12:35:56 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Scott Brim <scott.brim@gmail.com>
References: <13102810494583_8A24@oregon.uoregon.edu> <01P04ABSOR0E00004R@mauve.mrochek.com> <01e901ced4ef$f3615e80$da241b80$@shockey.us> <52703B74.4090409@cs.tcd.ie> <00f801ced585$bd7d3870$3877a950$@shockey.us> <527271CD.8000005@gmail.com> <52727480.4000202@gmx.net> <52727B0D.6030801@gmail.com> <CAPv4CP9V7-=kmv0KwuM0RR1b67Ng0uBMddf+MxLLf1dXJSThzA@mail.gmail.com>
In-Reply-To: <CAPv4CP9V7-=kmv0KwuM0RR1b67Ng0uBMddf+MxLLf1dXJSThzA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Richard Shockey <richard@shockey.us>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 16:37:00 -0000

Abstract enough to be universal?
That sure encompasses a universe
of things.  Seems like a perfect
definition of religious beliefs.

You also ignore other very significant
components like how much it costs,
the impact on performance and innovation,
and how individuals feel (or not) about
the matter.  If someone wants to opt for
zero or diminished privacy - even if that
turkey can be stuffed with some technical
capability - in exchange for other benefits,
they should have the choice.

Most global technical bodies eschew
this subject.

--tony


On 10/31/2013 12:15 PM, Scott Brim wrote:
> IMHO you're at the wrong level, and the concept of privacy as used 
> here is abstract enough to be universal. What varies among cultures is 
> what's kept private, and how it is kept private - the instantiation of 
> the concept.


From tbray@textuality.com  Thu Oct 31 09:44:04 2013
Return-Path: <tbray@textuality.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4C5E21F9E88 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 09:44:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.91
X-Spam-Level: 
X-Spam-Status: No, score=-2.91 tagged_above=-999 required=5 tests=[AWL=0.066,  BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oY3ur5ke9w+1 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 09:43:59 -0700 (PDT)
Received: from mail-ve0-f177.google.com (mail-ve0-f177.google.com [209.85.128.177]) by ietfa.amsl.com (Postfix) with ESMTP id 417CB21F9E7C for <perpass@ietf.org>; Thu, 31 Oct 2013 09:43:53 -0700 (PDT)
Received: by mail-ve0-f177.google.com with SMTP id oz11so2261509veb.36 for <perpass@ietf.org>; Thu, 31 Oct 2013 09:43:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=K09OElJBOV5Y29B2BpWDSi3YzMP7ZZ6oFNC2KjJjFt8=; b=KWM36Z9wuyAzAKgMhfXWbMRvMFQdGt1UqIaVqjTva9XMcHSWHgxIN3RQObzx49kzJH /Ex3h+ggrltJEwoMb6oAUM/E8gKXiZK+czYn902us0Xz4HpDKmMvhZuwxfaU06XrWx3r Jh/yaIADSEJgorvVPtq1/onaBOhdD51XW7s0vXEUknVdtoSgHzhU7SkFOzcCXor4SZu2 fYZ2wbdkhmyenWddJjKrYzGYr3GnS8NudFP73stosyLdYbHIbxJhIF1PnbWNqpiXOQAB Sazzi/UffHb5jS3xzEVhvpq3cG35SAzuNlVyQLtcn9fiYFS+7kEnpq4mdBrIgscVgGBH 4tBA==
X-Gm-Message-State: ALoCoQneMa7YEmzqkb/L0A0Y547FOcyF3YiHIrKIyc6TggYPP+E4SzdnpnY8xUWL1uUzdDxMDlpp
MIME-Version: 1.0
X-Received: by 10.58.50.35 with SMTP id z3mr113904ven.61.1383237832482; Thu, 31 Oct 2013 09:43:52 -0700 (PDT)
Received: by 10.220.110.134 with HTTP; Thu, 31 Oct 2013 09:43:52 -0700 (PDT)
X-Originating-IP: [24.84.235.32]
Date: Thu, 31 Oct 2013 09:43:52 -0700
Message-ID: <CAHBU6iv2TiOv63XJ3V865rbwuP34E5piGhes2tzo7JPmHhHbiw@mail.gmail.com>
From: Tim Bray <tbray@textuality.com>
To: perpass <perpass@ietf.org>
Content-Type: multipart/alternative; boundary=089e013cbc10a53dc604ea0c276a
Subject: [perpass] A little levity
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 16:44:05 -0000

--089e013cbc10a53dc604ea0c276a
Content-Type: text/plain; charset=UTF-8

Pardon the interruption, but this conversation could use a smile:
http://teespring.com/nsassl

--089e013cbc10a53dc604ea0c276a
Content-Type: text/html; charset=UTF-8

<div dir="ltr">Pardon the interruption, but this conversation could use a smile: <a href="http://teespring.com/nsassl">http://teespring.com/nsassl</a><br></div>

--089e013cbc10a53dc604ea0c276a--

From fergdawgster@mykolab.com  Thu Oct 31 09:49:34 2013
Return-Path: <fergdawgster@mykolab.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0A6311E817F for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 09:49:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u1OovcUlFsgX for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 09:49:29 -0700 (PDT)
Received: from mx01.mykolab.com (mx01.mykolab.com [95.128.36.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0740A11E811D for <perpass@ietf.org>; Thu, 31 Oct 2013 09:49:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at kolabsys.net
Sender: fergdawgster@mykolab.com
Message-ID: <527289F7.205@mykolab.com>
Date: Thu, 31 Oct 2013 09:48:55 -0700
From: Paul Ferguson <fergdawgster@mykolab.com>
Organization: Clowns R. Mofos
To: Tim Bray <tbray@textuality.com>
References: <CAHBU6iv2TiOv63XJ3V865rbwuP34E5piGhes2tzo7JPmHhHbiw@mail.gmail.com>
In-Reply-To: <CAHBU6iv2TiOv63XJ3V865rbwuP34E5piGhes2tzo7JPmHhHbiw@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>
Subject: [perpass] [OT] Re:  A little levity
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: fergdawgster@mykolab.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 16:49:34 -0000

On 10/31/2013 9:43 AM, Tim Bray wrote:

> Pardon the interruption, but this conversation could use a smile:
> http://teespring.com/nsassl
>

I know it's off-topic, but I love it. Just the right amount of snark. ;-)

- ferg


-- 
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington  USA
IID --> "Connect and Collaborate" --> www.internetidentity.com

From dhc@dcrocker.net  Thu Oct 31 09:54:05 2013
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FA1C21F9D9C for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 09:54:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level: 
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j4YvuNnhg8Fi for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 09:54:00 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 5534D21F9D15 for <perpass@ietf.org>; Thu, 31 Oct 2013 09:53:57 -0700 (PDT)
Received: from [10.1.10.136] ([63.225.91.78]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r9VGrq4K011266 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 31 Oct 2013 09:53:55 -0700
Message-ID: <52728B11.8080505@dcrocker.net>
Date: Thu, 31 Oct 2013 09:53:37 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Scott Brim <scott.brim@gmail.com>
References: <13102810494583_8A24@oregon.uoregon.edu>	<01P04ABSOR0E00004R@mauve.mrochek.com>	<01e901ced4ef$f3615e80$da241b80$@shockey.us>	<52703B74.4090409@cs.tcd.ie>	<00f801ced585$bd7d3870$3877a950$@shockey.us>	<527271CD.8000005@gmail.com>	<52727480.4000202@gmx.net> <52727B0D.6030801@gmail.com> <CAPv4CP9V7-=kmv0KwuM0RR1b67Ng0uBMddf+MxLLf1dXJSThzA@mail.gmail.com>
In-Reply-To: <CAPv4CP9V7-=kmv0KwuM0RR1b67Ng0uBMddf+MxLLf1dXJSThzA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Thu, 31 Oct 2013 09:53:55 -0700 (PDT)
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 16:54:05 -0000

On 10/31/2013 9:15 AM, Scott Brim wrote:
>
> IMHO you're at the wrong level, and the concept of privacy as used here
> is abstract enough to be universal. What varies among cultures is what's
> kept private, and how it is kept private - the instantiation of the concept.



Hmmm.  That sounds suspiciously like the difference between mechanism 
and policy, with the requirement in the IETF to be one of defining 
mechanisms, while leaving policies for their application to others, 
outside of the IETF.

No wonder this limitation of scope is being criticized so vigorously -- 
one might even say religiously.  After all, it's not as if we've used 
that distinction much in the past, or with any real success...

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

From d.nix@comcast.net  Thu Oct 31 09:55:42 2013
Return-Path: <d.nix@comcast.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FD2011E813D for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 09:55:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.437
X-Spam-Level: 
X-Spam-Status: No, score=-0.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611,  RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8rSyBdFQw0-8 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 09:55:35 -0700 (PDT)
Received: from qmta15.emeryville.ca.mail.comcast.net (qmta15.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:44:76:96:27:228]) by ietfa.amsl.com (Postfix) with ESMTP id 95FFA21F9DCF for <perpass@ietf.org>; Thu, 31 Oct 2013 09:55:35 -0700 (PDT)
Received: from omta05.emeryville.ca.mail.comcast.net ([76.96.30.43]) by qmta15.emeryville.ca.mail.comcast.net with comcast id jpnK1m0090vp7WLAFsvRlo; Thu, 31 Oct 2013 16:55:25 +0000
Received: from [192.168.0.103] ([24.4.240.47]) by omta05.emeryville.ca.mail.comcast.net with comcast id jsvV1m00B123RE08RsvVXF; Thu, 31 Oct 2013 16:55:29 +0000
Message-ID: <52728B7F.3080008@comcast.net>
Date: Thu, 31 Oct 2013 09:55:27 -0700
From: "d.nix" <d.nix@comcast.net>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: perpass@ietf.org
References: <13102810494583_8A24@oregon.uoregon.edu>	<01P04ABSOR0E00004R@mauve.mrochek.com>	<01e901ced4ef$f3615e80$da241b80$@shockey.us>	<52703B74.4090409@cs.tcd.ie>	<00f801ced585$bd7d3870$3877a950$@shockey.us>	<527271CD.8000005@gmail.com> <52727480.4000202@gmx.net>	<52727B0D.6030801@gmail.com>	<CAPv4CP9V7-=kmv0KwuM0RR1b67Ng0uBMddf+MxLLf1dXJSThzA@mail.gmail.com> <527286EC.7000504@gmail.com>
In-Reply-To: <527286EC.7000504@gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1383238525; bh=559hBdSO3sCw4Fc/TFSlIi+QWqarhcwmboqJFtCkMCA=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=j9Izq3HxOqG8iPSNAgVBZgw1JZRVZByaK8IRHlC805mbWoVa5C6gPqXRAkMOQH0by drzhT2KZ3/yXXaHYCIfoG+tKWy6YtXQFO5f83Yaqm6IJBC8QV96EWjVqggBlgg/p8T EcQse0MNja5VEc6874rn/vfnGIxefAVJLildLhrFWzBjnYL6dHQ/1qCNfUv5nOXgs7 VfpPF9KK7FnMBUheNimDJnhXDZYEmmDONPs+tb7QqNJNWaN0EKVnmXioIuBbe8QeyD vzWs4hucS+5sTxsj+jYym2I/NvoUKrKTc/GlC9lba0DgqhHG3Zf/wWOoOIr3jzarPw +gqjpF3Jf2sOQ==
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 16:55:44 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



> the matter.  If someone wants to opt for zero or diminished privacy
> - even if that turkey can be stuffed with some technical capability
> - in exchange for other benefits, they should have the choice.

Conversely, if someone desires the maximum possible privacy, they
should also have that choice. If the system by it's design prevents
that choice, then those users that desire that measure of privacy are
pushed out.

- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)

iQEcBAEBAgAGBQJScot/AAoJEDMbeBxcUNAeSRoH/18chNqlOzSvHnc8diCQSohk
b+1SUGpNjq0zzheh0VnzEmVu5ONFa37NFlaKCM3b697FcZeSHjNxNYK4o8Ff054f
5R1k7xQQkcoID5W4aubPA3aHo5YUiTPYF33DTzF8XarEKdvNx8ShTPKmDj0Eaa5b
NAwV0dAMWRtL1piHPsCftU600KB/dRkxI62RNWYYsTZeVhZiV5xZ+ONfbzIuvNqt
fNJABqDs93+pKpRRkYvQMEc4KEnagHHt/eknNiR9a+xNQLg0Sq5TIqBUUxt31NqK
Cosx08GzIpV1wRcUSnNGG/eon0Mqw2StDNf9Fn6N5ws8SUSmDh1IoGrdMTWTPJg=
=JstU
-----END PGP SIGNATURE-----

From rutkowski.tony@gmail.com  Thu Oct 31 10:35:58 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF76911E8169 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 10:35:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level: 
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TdXQzs2wn1vs for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 10:35:58 -0700 (PDT)
Received: from mail-qe0-x22d.google.com (mail-qe0-x22d.google.com [IPv6:2607:f8b0:400d:c02::22d]) by ietfa.amsl.com (Postfix) with ESMTP id E320911E81D5 for <perpass@ietf.org>; Thu, 31 Oct 2013 10:35:54 -0700 (PDT)
Received: by mail-qe0-f45.google.com with SMTP id 8so1964087qea.32 for <perpass@ietf.org>; Thu, 31 Oct 2013 10:35:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=4B+2nviOSfGsWgI33a+XcFRrfMfDYC6/tUUwf3psp+U=; b=z7XRTZMu7mjlkE0ubadVe3nayV1lfIQKPvbN6+2g2uBrG7or8ykRbJOcQ1sT//xsVB 0P4uVITvgu0S8NP66YcljlL8oqmBj/505KNkVt87EmdIlSVqndoEPX5GkHe4qjnJyCOw cH7LHCuXffeUA1lFsR1nd4JNpKVVNu+YYUfyDEU/SdVJ47kE3E5HZpXuecuJ0QnIWdRB HtbknwzFKn5R3fvNErN9M+rstq2PUf+Q9a1smMOGevRi0/hUaPXPy+Ey+JMCFk8BZ8ng 1cVMLCD408zhdA/UjdRf9OVaZR0yLcJBeS3UX4s7IhEQlphLr4SdAt3xttmii3VaOtMJ 0Hzg==
X-Received: by 10.49.110.36 with SMTP id hx4mr4255951qeb.93.1383240942948; Thu, 31 Oct 2013 10:35:42 -0700 (PDT)
Received: from [192.168.1.2] (pool-173-72-191-218.clppva.fios.verizon.net. [173.72.191.218]) by mx.google.com with ESMTPSA id r5sm11292686qaj.13.2013.10.31.10.35.41 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 31 Oct 2013 10:35:42 -0700 (PDT)
Message-ID: <527294ED.2040207@gmail.com>
Date: Thu, 31 Oct 2013 13:35:41 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: "d.nix" <d.nix@comcast.net>, perpass@ietf.org
References: <13102810494583_8A24@oregon.uoregon.edu>	<01P04ABSOR0E00004R@mauve.mrochek.com>	<01e901ced4ef$f3615e80$da241b80$@shockey.us>	<52703B74.4090409@cs.tcd.ie>	<00f801ced585$bd7d3870$3877a950$@shockey.us>	<527271CD.8000005@gmail.com>	<52727480.4000202@gmx.net>	<52727B0D.6030801@gmail.com>	<CAPv4CP9V7-=kmv0KwuM0RR1b67Ng0uBMddf+MxLLf1dXJSThzA@mail.gmail.com>	<527286EC.7000504@gmail.com> <52728B7F.3080008@comcast.net>
In-Reply-To: <52728B7F.3080008@comcast.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 17:35:58 -0000

Not sure where the "someone demands the maximum"
paradigm gets us.

It generally comes down to three factors:

1. what is mandated by governments
2. what providers implement
3. what the marketplace chooses

By the way, the same emeritus DARPA
Director recently opined, if you are really
concerned about surveillance or security,
don't connect to a network.  It is why NIST
and new security ecosystem has largely
shifted to a risk management approach.

If the IETF wants to do something meaningful
here, generate some templates under SP800-53 R4,

--tony


On 10/31/2013 12:55 PM, d.nix wrote:
> Conversely, if someone desires the maximum possible privacy, they
> should also have that choice. If the system by it's design prevents
> that choice, then those users that desire that measure of privacy are
> pushed out.


From dhc@dcrocker.net  Thu Oct 31 10:44:55 2013
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8335711E81D2 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 10:44:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level: 
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ho2LmqMU-eX for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 10:44:50 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 6A75921F9B21 for <perpass@ietf.org>; Thu, 31 Oct 2013 10:43:54 -0700 (PDT)
Received: from [10.1.10.136] ([63.225.91.78]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r9VHhdm1012451 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 31 Oct 2013 10:43:43 -0700
Message-ID: <527296BD.5030402@dcrocker.net>
Date: Thu, 31 Oct 2013 10:43:25 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Tim Bray <tbray@textuality.com>, perpass <perpass@ietf.org>
References: <CAHBU6iv2TiOv63XJ3V865rbwuP34E5piGhes2tzo7JPmHhHbiw@mail.gmail.com>
In-Reply-To: <CAHBU6iv2TiOv63XJ3V865rbwuP34E5piGhes2tzo7JPmHhHbiw@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Thu, 31 Oct 2013 10:43:43 -0700 (PDT)
Subject: Re: [perpass] A little levity
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 17:44:55 -0000

On 10/31/2013 9:43 AM, Tim Bray wrote:
> Pardon the interruption, but this conversation could use a smile:
> http://teespring.com/nsassl


So, whoever is wearing the t-shirt represents a single point of failure 
for end-to-end encryption?

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

From scott.brim@gmail.com  Thu Oct 31 11:18:35 2013
Return-Path: <scott.brim@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 498B111E81D2 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 11:18:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.593
X-Spam-Level: 
X-Spam-Status: No, score=-102.593 tagged_above=-999 required=5 tests=[AWL=0.006, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uzNzgCLtBcpm for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 11:18:34 -0700 (PDT)
Received: from mail-oa0-x229.google.com (mail-oa0-x229.google.com [IPv6:2607:f8b0:4003:c02::229]) by ietfa.amsl.com (Postfix) with ESMTP id 8EB5321E8100 for <perpass@ietf.org>; Thu, 31 Oct 2013 11:18:34 -0700 (PDT)
Received: by mail-oa0-f41.google.com with SMTP id o9so3523554oag.28 for <perpass@ietf.org>; Thu, 31 Oct 2013 11:18:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=VTlq12uzY7UTQMMHR46WiFgFKEJ6udXgAbr85Nl7sfs=; b=b92ZaAButeiqrVf80DMYexapaQq1VlpPcNrBcbwaN0K48c1/UbxE29WxgeWDmiH169 Jmw4kdq7PzgHGWT5UlN/0ewvvYVuqTYLRDDkLXj6L1SgtoJ79m1xJrXx2LUOOfjTtBxN 6gDaQRgyH+j1y433EvyRm3e+cfF/CFFNlfVWdnJe64BkyKOwxOYcZluW5h7rdVanQeOH wVUfn1aviZKWp2aBw6CwGKRAObjne52xoWygdaS3eN4YllbnHnDcD0Krfz+ZsYoDBTZc r60LmANEYU/WmzcW40ttGKYpDS5A74Fn/bIJCZmhRD1L0QT75QibPOJmkQnieyYHKDdD /qyA==
X-Received: by 10.60.43.169 with SMTP id x9mr891680oel.88.1383243504610; Thu, 31 Oct 2013 11:18:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.2.134 with HTTP; Thu, 31 Oct 2013 11:18:04 -0700 (PDT)
In-Reply-To: <527294ED.2040207@gmail.com>
References: <13102810494583_8A24@oregon.uoregon.edu> <01P04ABSOR0E00004R@mauve.mrochek.com> <01e901ced4ef$f3615e80$da241b80$@shockey.us> <52703B74.4090409@cs.tcd.ie> <00f801ced585$bd7d3870$3877a950$@shockey.us> <527271CD.8000005@gmail.com> <52727480.4000202@gmx.net> <52727B0D.6030801@gmail.com> <CAPv4CP9V7-=kmv0KwuM0RR1b67Ng0uBMddf+MxLLf1dXJSThzA@mail.gmail.com> <527286EC.7000504@gmail.com> <52728B7F.3080008@comcast.net> <527294ED.2040207@gmail.com>
From: Scott Brim <scott.brim@gmail.com>
Date: Thu, 31 Oct 2013 14:18:04 -0400
Message-ID: <CAPv4CP86ro158RLMn02yLh0yrOVxwdZM4SVOonBjZZY80nXWcQ@mail.gmail.com>
To: Tony Rutkowski <rutkowski.tony@gmail.com>
Content-Type: multipart/alternative; boundary=001a11330a00baf68004ea0d7939
Cc: perpass <perpass@ietf.org>, "d.nix" <d.nix@comcast.net>
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 18:18:35 -0000

--001a11330a00baf68004ea0d7939
Content-Type: text/plain; charset=ISO-8859-1

On Thu, Oct 31, 2013 at 1:35 PM, Tony Rutkowski <rutkowski.tony@gmail.com>wrote:

> Not sure where the "someone demands the maximum"
> paradigm gets us.
>

It gets us to protocol and system design principles.


>
> It generally comes down to three factors:
>
> 1. what is mandated by governments
> 2. what providers implement
> 3. what the marketplace chooses
>

You left out: what is possible in the protocol system provided to the
implementors.  There are issues with protocols, new and old, that are being
looked at right now in order to improve the _possibility_ of privacy.  This
is something the IETF can be very good at: creating/guiding the scope over
which the three rather generalized "factors" you mention can range.

--001a11330a00baf68004ea0d7939
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On T=
hu, Oct 31, 2013 at 1:35 PM, Tony Rutkowski <span dir=3D"ltr">&lt;<a href=
=3D"mailto:rutkowski.tony@gmail.com" target=3D"_blank">rutkowski.tony@gmail=
.com</a>&gt;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Not sure where the &quot;someone demands the=
 maximum&quot;<br>
paradigm gets us.<br></blockquote><div><br></div><div>It gets us to protoco=
l and system design principles.</div><div>=A0</div><blockquote class=3D"gma=
il_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-lef=
t:1ex">


<br>
It generally comes down to three factors:<br>
<br>
1. what is mandated by governments<br>
2. what providers implement<br>
3. what the marketplace chooses<br></blockquote><div><br></div><div>You lef=
t out: what is possible in the protocol system provided to the implementors=
. =A0There are issues with protocols, new and old, that are being looked at=
 right now in order to improve the _possibility_ of privacy. =A0This is som=
ething the IETF can be very good at: creating/guiding the scope over which =
the three rather generalized &quot;factors&quot; you mention can range.</di=
v>

<div>=A0</div></div></div></div>

--001a11330a00baf68004ea0d7939--

From rutkowski.tony@gmail.com  Thu Oct 31 11:47:03 2013
Return-Path: <rutkowski.tony@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38E2721E80F7 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 11:47:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.524
X-Spam-Level: 
X-Spam-Status: No, score=-2.524 tagged_above=-999 required=5 tests=[AWL=0.075,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cry2hkis8FtH for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 11:47:00 -0700 (PDT)
Received: from mail-qa0-x234.google.com (mail-qa0-x234.google.com [IPv6:2607:f8b0:400d:c00::234]) by ietfa.amsl.com (Postfix) with ESMTP id 6132E21E808D for <perpass@ietf.org>; Thu, 31 Oct 2013 11:46:36 -0700 (PDT)
Received: by mail-qa0-f52.google.com with SMTP id w8so82735qac.11 for <perpass@ietf.org>; Thu, 31 Oct 2013 11:46:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=J4amUCrTG9B7FJgH3J62IX+wsdTpPR38c//eNi1JfgM=; b=W+cDN8QO279cM82MAXQpNBK13nyK6Zm/B9JiZxRw+mU4MP7oYKOikwcFU7V2ItYVMc fxoZofkPg4cnLHixnq5LypX06PYAqeJymLu+OWMWNhHJhxbRWnSkWbutUqqDS7ZIl/a+ XcUdx23TLdI+7hZYBTGp2J8tnnnxEcWraHqQSJdEC9UfppvFRMYbnnDXWybnCeWTiYzY zhQ505+PHBM4LtjwSCLUpxbmc5R1r+cf3u8qPSei24fhX+CdbGZEJRpMbZzuud4rT9Bt WbSKV1Ti6kdeQ+J9IJYXcwi+CRMZRvm2SBwiXkbcUsw8XrhmaOIcFSuZJwpafNsDNCSO 8d3g==
X-Received: by 10.224.88.193 with SMTP id b1mr7122685qam.81.1383245183190; Thu, 31 Oct 2013 11:46:23 -0700 (PDT)
Received: from [192.168.1.2] (pool-173-72-191-218.clppva.fios.verizon.net. [173.72.191.218]) by mx.google.com with ESMTPSA id kz8sm9533763qeb.0.2013.10.31.11.46.22 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 31 Oct 2013 11:46:22 -0700 (PDT)
Message-ID: <5272A57D.1000800@gmail.com>
Date: Thu, 31 Oct 2013 14:46:21 -0400
From: Tony Rutkowski <rutkowski.tony@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Scott Brim <scott.brim@gmail.com>
References: <13102810494583_8A24@oregon.uoregon.edu> <01P04ABSOR0E00004R@mauve.mrochek.com> <01e901ced4ef$f3615e80$da241b80$@shockey.us> <52703B74.4090409@cs.tcd.ie> <00f801ced585$bd7d3870$3877a950$@shockey.us> <527271CD.8000005@gmail.com> <52727480.4000202@gmx.net> <52727B0D.6030801@gmail.com> <CAPv4CP9V7-=kmv0KwuM0RR1b67Ng0uBMddf+MxLLf1dXJSThzA@mail.gmail.com> <527286EC.7000504@gmail.com> <52728B7F.3080008@comcast.net> <527294ED.2040207@gmail.com> <CAPv4CP86ro158RLMn02yLh0yrOVxwdZM4SVOonBjZZY80nXWcQ@mail.gmail.com>
In-Reply-To: <CAPv4CP86ro158RLMn02yLh0yrOVxwdZM4SVOonBjZZY80nXWcQ@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: perpass <perpass@ietf.org>, "d.nix" <d.nix@comcast.net>
Subject: Re: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: rutkowski.tony@gmail.com
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 18:47:04 -0000

Good.  This is not unlike the NIST SP800-53r4 approach
which is the foundational U.S. (and probably CCRA)
network security approach.

--tony

On 10/31/2013 2:18 PM, Scott Brim wrote:
> You left out: what is possible in the protocol system provided to the 
> implementors.  There are issues with protocols, new and old, that are 
> being looked at right now in order to improve the _possibility_ of 
> privacy.  This is something the IETF can be very good at: 
> creating/guiding the scope over which the three rather generalized 
> "factors" you mention can range.


From acooper@cdt.org  Thu Oct 31 14:04:23 2013
Return-Path: <acooper@cdt.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7610611E8243 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 14:04:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.597
X-Spam-Level: 
X-Spam-Status: No, score=-102.597 tagged_above=-999 required=5 tests=[AWL=0.002, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n+OWqtEnblOO for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 14:04:19 -0700 (PDT)
Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id 5261511E8231 for <perpass@ietf.org>; Thu, 31 Oct 2013 14:04:17 -0700 (PDT)
X-Footer: Y2R0Lm9yZw==
Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)) for perpass@ietf.org; Thu, 31 Oct 2013 17:04:14 -0400
From: Alissa Cooper <acooper@cdt.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_E1516640-B38E-4122-877C-BB2DDF87D3B1"; protocol="application/pgp-signature"; micalg=pgp-sha1
Message-Id: <A41763A7-D261-4CBA-BDA8-F739C2915DBF@cdt.org>
Date: Thu, 31 Oct 2013 14:04:14 -0700
To: "perpass@ietf.org" <perpass@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
X-Mailer: Apple Mail (2.1499)
Subject: [perpass] Talk about location services and surveillance
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 21:04:23 -0000

--Apple-Mail=_E1516640-B38E-4122-877C-BB2DDF87D3B1
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Martin Thomson will be giving a short talk about location services and =
surveillance at the end of the GEOPRIV session on Thursday, November 7, =
17:30-18:30: <https://datatracker.ietf.org/meeting/88/agenda/geopriv/>.

--Apple-Mail=_E1516640-B38E-4122-877C-BB2DDF87D3B1
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJScsXOAAoJEIXyHQftqgBQL4AH/i8fnfJj/q2lgSdZNDSufn0T
Bu+35Qv1u6ltL/4mDg6ry0tsJPSK+4euY6cOuabCRCHmybcw+dnlqrkbUIhUJqrT
NT1UQNsgFtH7lq6Qk4QABzRdVhZR/KF7IQTbbpxAN5JEA4GU+ZYRENWebhTI9sQ2
tPdzJz7Lo10BgD5bu3QJaLESwHJltM51zSQMQUeFDLx1Lv5tTb7TaBFNEoJH8Ttk
RMsLN1kkQlddb3DWAmR8aGRUB3dKUNHCxX+hX4A+kwilllPDdzQlrNEz4e8qSxmK
4ZWfhnYkgYYCA1FfHiUgjzYkjb2vuJ9/zov3Y+3Es4ADZxxZXVgO7CjP2CDk9YY=
=Buvj
-----END PGP SIGNATURE-----

--Apple-Mail=_E1516640-B38E-4122-877C-BB2DDF87D3B1--


From scott.brim@gmail.com  Thu Oct 31 15:19:30 2013
Return-Path: <scott.brim@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20EE121F9F80 for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 15:19:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.594
X-Spam-Level: 
X-Spam-Status: No, score=-102.594 tagged_above=-999 required=5 tests=[AWL=0.005, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BJlekBPlwKVf for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 15:19:29 -0700 (PDT)
Received: from mail-oa0-x231.google.com (mail-oa0-x231.google.com [IPv6:2607:f8b0:4003:c02::231]) by ietfa.amsl.com (Postfix) with ESMTP id AFD3211E81C9 for <perpass@ietf.org>; Thu, 31 Oct 2013 15:19:26 -0700 (PDT)
Received: by mail-oa0-f49.google.com with SMTP id j10so3755486oah.22 for <perpass@ietf.org>; Thu, 31 Oct 2013 15:19:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=J0/FMX7B1ovOH6WZ8+4hmrO3JpE4OFBc3yajzr2D3VM=; b=gNcXtJv6SDU1uraIGN7CGwO905MUfidXYDKT/pObskGUiirIaCIQCm9VuxIccv04Is omz7SF13Fx/0im+MpLfhOTwH13POWXeRvmHOxbn3nUBCFWyt+llktLzBR4GERvwxHiVl QfkkuD2Lm2Fw8nayFcO2O6AWnGbLuBiTxx1+XgAQT0bdnhVz+iuuOz3dQPycdf5jfd3v 96EwA5AFNk+jiOZWk0t2oLZFuQbTCQgJ+HS/kChE4o8YosiLEn0v67zRJ+kjh4Bc32uv nVsvBNmWTZMtbfDd8FEnDvwxzE9416W6MM/5F8jN+VAGY1QoPrRbChJ9XGFMsRBEO0VD EvUQ==
MIME-Version: 1.0
X-Received: by 10.60.44.36 with SMTP id b4mr4357273oem.53.1383257966130; Thu, 31 Oct 2013 15:19:26 -0700 (PDT)
Received: by 10.182.2.134 with HTTP; Thu, 31 Oct 2013 15:19:26 -0700 (PDT)
Received: by 10.182.2.134 with HTTP; Thu, 31 Oct 2013 15:19:26 -0700 (PDT)
In-Reply-To: <A41763A7-D261-4CBA-BDA8-F739C2915DBF@cdt.org>
References: <A41763A7-D261-4CBA-BDA8-F739C2915DBF@cdt.org>
Date: Thu, 31 Oct 2013 18:19:26 -0400
Message-ID: <CAPv4CP8hdKy=6qGcnas2bUWp2LbE0UjTA617CZboDgtByPHd8Q@mail.gmail.com>
From: Scott Brim <scott.brim@gmail.com>
To: Alissa Cooper <acooper@cdt.org>
Content-Type: multipart/alternative; boundary=001a11c30186b441c304ea10d7b9
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Talk about location services and surveillance
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 22:19:30 -0000

--001a11c30186b441c304ea10d7b9
Content-Type: text/plain; charset=ISO-8859-1

On Oct 31, 2013 5:04 PM, "Alissa Cooper" <acooper@cdt.org> wrote:
>
> Martin Thomson will be giving a short talk about location services and
surveillance at the end of the GEOPRIV session on Thursday, November 7,
17:30-18:30: <https://datatracker.ietf.org/meeting/88/agenda/geopriv/>.

They've been trying for years to refine trade offs between location and
privacy.  This should be interesting.  I hope he can distill out some
principles that can be used in other WGs.

Scott

--001a11c30186b441c304ea10d7b9
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr"><br>
On Oct 31, 2013 5:04 PM, &quot;Alissa Cooper&quot; &lt;<a href=3D"mailto:ac=
ooper@cdt.org">acooper@cdt.org</a>&gt; wrote:<br>
&gt;<br>
&gt; Martin Thomson will be giving a short talk about location services and=
 surveillance at the end of the GEOPRIV session on Thursday, November 7, 17=
:30-18:30: &lt;<a href=3D"https://datatracker.ietf.org/meeting/88/agenda/ge=
opriv/">https://datatracker.ietf.org/meeting/88/agenda/geopriv/</a>&gt;.</p=
>

<p dir=3D"ltr">They&#39;ve been trying for years to refine trade offs betwe=
en location and privacy.=A0 This should be interesting.=A0 I hope he can di=
still out some principles that can be used in other WGs.=A0 </p>
<p dir=3D"ltr">Scott </p>

--001a11c30186b441c304ea10d7b9--

From nvidya@google.com  Thu Oct 31 22:43:25 2013
Return-Path: <nvidya@google.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0C8E11E819C for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 22:43:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level: 
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dNHovSZXIwZf for <perpass@ietfa.amsl.com>; Thu, 31 Oct 2013 22:43:25 -0700 (PDT)
Received: from mail-qc0-x22b.google.com (mail-qc0-x22b.google.com [IPv6:2607:f8b0:400d:c01::22b]) by ietfa.amsl.com (Postfix) with ESMTP id A400311E8246 for <perpass@ietf.org>; Thu, 31 Oct 2013 22:43:15 -0700 (PDT)
Received: by mail-qc0-f171.google.com with SMTP id i7so2208169qcq.16 for <perpass@ietf.org>; Thu, 31 Oct 2013 22:43:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=sVF2Nk5bUI8vOeoBu6+hy5Rxl7maf3881MXminuqzq8=; b=fI8qHM0o2l0T7pcx0FK38aj9WsJCbT9/75dkz0lPTGhOlB6ItA3W2z0hrnR3WXc/u+ gq/TEJttz/sj8b6BZYpGyo2/Ah/5w6tbVzNXerXtwwyLzR35mGbAmXCqZBfkFR7sZy24 Ui9lOXFHwafpCcVwb5P0fPPC0+TCBdl+yd/qBCcPg5gpNsNy273XZXux8UjtAgOeDLFo BCPW55qtNEwM8PAwKc1ze3Dij4X8jGSUNnAvUW1bmwwBvLjmdETU3sfS1iKTv53IWdOd G8VmS3bbfKzJJV+k5tGbn8u+nQMAQExZ1UM/JuDjQRIVm0TG2q+WHo41lOeHU2lXIIGd 2XiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=sVF2Nk5bUI8vOeoBu6+hy5Rxl7maf3881MXminuqzq8=; b=hVFst7SEi1xavlY1e1lBeTwNsSO6Mc89PB6rNWFjoH6WKWbB0+ZKWgIMEyDd+esv0I jwea2bY9eka6l81pz1FzW4HONLIFD5rciOqDgqBzWLEBw8HgD7ngV7SpIvhz8S7jjgh8 Tqei/lECCGlySUYa7HirPh6inrrQS+m9ExbzK6KWdiSJ6sjvTnejCTTXvAsOsvAaXuKN HeVsL25Uv5th+vuCX++gk5JS9G0yQdw4Wi54DEd8viLGkZtkXcCm/O46OCFr+BlN547E ewqURM/LmwGvzREbD71KYsn7UVVWKxaTCT1ywmKOu91iFaa8p8jehdwASEQ5+zVRl/ZN 51qg==
X-Gm-Message-State: ALoCoQn0JKajl4wQAX9oFM/esAbSdaaaltXM9m0YKrz9SEqWk/cCifRVtZUPMAxWqqWrIQ5PGZqsWI0h4R37ilK8haud1kszM3tQVHsjy3Yh+g5WhqhuL4KKv4xcjHh/yvMgN05pLUUef1B9SMMziYxt9t7cLng+i64fakLlQORttit72kc2AUr9Gs5vooAUvwp//ZpQAFXW
MIME-Version: 1.0
X-Received: by 10.224.129.202 with SMTP id p10mr1651382qas.84.1383284595030; Thu, 31 Oct 2013 22:43:15 -0700 (PDT)
Received: by 10.224.44.70 with HTTP; Thu, 31 Oct 2013 22:43:14 -0700 (PDT)
In-Reply-To: <52723E96.4080605@cs.tcd.ie>
References: <CAO+OM=qyRVgy6qHrmC5uv3BRCGn+f4B9setcKcm+=nhgkVd9wg@mail.gmail.com> <p6cv69lod3c3kdlh0v3mfjo0ic7ta2mrnc@hive.bjoern.hoehrmann.de> <CAO+OM=qEQWrJd=GS1-UUZiDGKzXCdpiqtnZVw5=SEw9oxsJK9Q@mail.gmail.com> <gml279d6rnvn7v2sma2r3vf17fm2g5nkm9@hive.bjoern.hoehrmann.de> <5271661C.6020808@gmx.net> <4B654B63C9A4614EA1F088B2490E8F3A027007@UCEXBWP009.ep.parl.union.eu> <CAO+OM=obewgwQbR=aJSgQ38LD2SPYZojWcU=AKc5HUO3yywacQ@mail.gmail.com> <527239D6.5010704@cisco.com> <52723E96.4080605@cs.tcd.ie>
Date: Thu, 31 Oct 2013 22:43:14 -0700
Message-ID: <CAO+OM=phbsmBF6x6d0KLEHmfPsmkjcQJHaMpuDR5osnm6ag4vA@mail.gmail.com>
From: Vidya Narayanan <vn@google.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary=001a11c2c124e919a904ea170a62
Cc: JOSEFSSON Erik <erik.josefsson@europarl.europa.eu>, "perpass@ietf.org" <perpass@ietf.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Bjoern Hoehrmann <derhoermi@gmx.net>, Eliot Lear <lear@cisco.com>
Subject: Re: [perpass] Explicit proxying in HTTP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2013 05:43:26 -0000

--001a11c2c124e919a904ea170a62
Content-Type: text/plain; charset=ISO-8859-1

All,
Thanks - I should have mentioned that the draft was submitted to httpbis (I
thought that was obvious from the naming convention).  It has been sent to
httpbis and as Stephen notes, it is on their agenda.  At this point, this
draft is only an FYI to this list - as there is an intersection in impact,
I had sent it out.

Cheers,
Vidya


On Thu, Oct 31, 2013 at 4:27 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie>wrote:

>
>
> On 10/31/2013 11:07 AM, Eliot Lear wrote:
> > But before we go too far, where should
> > this discussion really take place?  Here or in httpbis?
>
> Good question.
>
> My take: in httpbis - its on their agenda for next week I
> think, and its their problem and afaik people are actively
> interested in addressing it there.
>
> It is a hard-ish problem and it could be the case that there's
> stuff that'll be relevant for this list, but I think that
> only makes sense after something has taken shape in httpbis
> and maybe not then if they do a good enough job, which I
> hope they will.
>
> So yeah, better for this discussion to happen on the httpbis
> list please.
>
> Thanks,
> S.
>

--001a11c2c124e919a904ea170a62
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">All,<div>Thanks - I should have mentioned that the draft w=
as submitted to httpbis (I thought that was obvious from the naming convent=
ion). =A0It has been sent to httpbis and as Stephen notes, it is on their a=
genda. =A0At this point, this draft is only an FYI to this list - as there =
is an intersection in impact, I had sent it out.=A0</div>
<div><br></div><div>Cheers,</div><div>Vidya=A0</div></div><div class=3D"gma=
il_extra"><br><br><div class=3D"gmail_quote">On Thu, Oct 31, 2013 at 4:27 A=
M, Stephen Farrell <span dir=3D"ltr">&lt;<a href=3D"mailto:stephen.farrell@=
cs.tcd.ie" target=3D"_blank">stephen.farrell@cs.tcd.ie</a>&gt;</span> wrote=
:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im"><br>
<br>
On 10/31/2013 11:07 AM, Eliot Lear wrote:<br>
&gt; But before we go too far, where should<br>
&gt; this discussion really take place? =A0Here or in httpbis?<br>
<br>
</div>Good question.<br>
<br>
My take: in httpbis - its on their agenda for next week I<br>
think, and its their problem and afaik people are actively<br>
interested in addressing it there.<br>
<br>
It is a hard-ish problem and it could be the case that there&#39;s<br>
stuff that&#39;ll be relevant for this list, but I think that<br>
only makes sense after something has taken shape in httpbis<br>
and maybe not then if they do a good enough job, which I<br>
hope they will.<br>
<br>
So yeah, better for this discussion to happen on the httpbis<br>
list please.<br>
<br>
Thanks,<br>
S.<br>
</blockquote></div><br></div>

--001a11c2c124e919a904ea170a62--